kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare r and s sizes to the order, not the degree.

Browse Source 
r and s are scalars, not EC coordinates.

Change-Id: I46a20215d3c602559c18c74a1da9a91543ea73ca
Reviewed-on: https://boringssl-review.googlesource.com/2240
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2014-11-10 17:06:33 -05:00 committed by Adam Langley
parent 1f10d9c8e1
commit b145c8140b
2 changed files with 27 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
crypto/ecdsa/ecdsa_test.c
View File

@ -66,13 +66,14 @@ int test_builtin(BIO *out) {
size_t n = 0; size_t n = 0;
EC_KEY *eckey = NULL, *wrong_eckey = NULL; EC_KEY *eckey = NULL, *wrong_eckey = NULL;
EC_GROUP *group; EC_GROUP *group;
BIGNUM *order = NULL;
ECDSA_SIG *ecdsa_sig = NULL; ECDSA_SIG *ecdsa_sig = NULL;
unsigned char digest[20], wrong_digest[20]; unsigned char digest[20], wrong_digest[20];
unsigned char *signature = NULL; unsigned char *signature = NULL;
const unsigned char *sig_ptr; const unsigned char *sig_ptr;
unsigned char *sig_ptr2; unsigned char *sig_ptr2;
unsigned char *raw_buf = NULL; unsigned char *raw_buf = NULL;
unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len; unsigned int sig_len, r_len, s_len, bn_len, buf_len;
int nid, ret = 0; int nid, ret = 0;
/* fill digest values with some random data */ /* fill digest values with some random data */
@ -81,6 +82,11 @@ int test_builtin(BIO *out) {
goto builtin_err; goto builtin_err;
} }
order = BN_new();
if (order == NULL) {
goto builtin_err;
}
/* create and verify a ecdsa signature with every availble curve /* create and verify a ecdsa signature with every availble curve
* (with ) */ * (with ) */
BIO_printf(out, BIO_printf(out,
@ -108,8 +114,10 @@ int test_builtin(BIO *out) {
goto builtin_err; goto builtin_err;
} }
EC_GROUP_free(group); EC_GROUP_free(group);
degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey)); if (!EC_GROUP_get_order(EC_KEY_get0_group(eckey), order, NULL)) {
if (degree < 160) { goto builtin_err;
}
if (BN_num_bits(order) < 160) {
/* Too small to test. */ /* Too small to test. */
EC_KEY_free(eckey); EC_KEY_free(eckey);
eckey = NULL; eckey = NULL;
@ -203,7 +211,7 @@ int test_builtin(BIO *out) {
/* Store the two BIGNUMs in raw_buf. */ /* Store the two BIGNUMs in raw_buf. */
r_len = BN_num_bytes(ecdsa_sig->r); r_len = BN_num_bytes(ecdsa_sig->r);
s_len = BN_num_bytes(ecdsa_sig->s); s_len = BN_num_bytes(ecdsa_sig->s);
bn_len = (degree + 7) / 8; bn_len = BN_num_bytes(order);
if (r_len > bn_len || s_len > bn_len) { if (r_len > bn_len || s_len > bn_len) {
BIO_printf(out, " failed\n"); BIO_printf(out, " failed\n");
goto builtin_err; goto builtin_err;
@ -268,16 +276,24 @@ int test_builtin(BIO *out) {
ret = 1; ret = 1;
builtin_err: builtin_err:
if (eckey) if (eckey) {
EC_KEY_free(eckey); EC_KEY_free(eckey);
if (wrong_eckey) }
if (order) {
BN_free(order);
}
if (wrong_eckey) {
EC_KEY_free(wrong_eckey); EC_KEY_free(wrong_eckey);
if (ecdsa_sig) }
if (ecdsa_sig) {
ECDSA_SIG_free(ecdsa_sig); ECDSA_SIG_free(ecdsa_sig);
if (signature) }
if (signature) {
OPENSSL_free(signature); OPENSSL_free(signature);
if (raw_buf) }
if (raw_buf) {
OPENSSL_free(raw_buf); OPENSSL_free(raw_buf);
}
return ret; return ret;
} }

4
include/openssl/ec.h
View File

@ -123,8 +123,8 @@ OPENSSL_EXPORT int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b);
* in |group| that specifies the generator for the group. */ * in |group| that specifies the generator for the group. */
OPENSSL_EXPORT const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); OPENSSL_EXPORT const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
/* EC_GROUP_get_order sets |*order| to the order of |group| using |ctx|, if /* EC_GROUP_get_order sets |*order| to the order of |group|, if it's not
* it's not NULL. It returns one on success and zero otherwise. */ * NULL. It returns one on success and zero otherwise. |ctx| is ignored. */
OPENSSL_EXPORT int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, OPENSSL_EXPORT int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order,
BN_CTX *ctx); BN_CTX *ctx);