Google Git
Sign in
pigweed / third_party / boringssl / boringssl / b145c8140b4335d523f79b52929e05e047a05c06^! / .
commitb145c8140b4335d523f79b52929e05e047a05c06[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Mon Nov 10 17:06:33 2014 -0500
committerAdam Langley <agl@google.com>Mon Nov 10 23:02:41 2014 +0000
treed2169916cdfd876358ec87c0bdd91cfc4de41622
parent1f10d9c8e12965f7bfbe3f2054135b0788be608d [diff]
Compare r and s sizes to the order, not the degree.

r and s are scalars, not EC coordinates.

Change-Id: I46a20215d3c602559c18c74a1da9a91543ea73ca
Reviewed-on: https://boringssl-review.googlesource.com/2240
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/ecdsa/ecdsa_test.c b/crypto/ecdsa/ecdsa_test.c
index e3b1142..523cbdf 100644
--- a/crypto/ecdsa/ecdsa_test.c
+++ b/crypto/ecdsa/ecdsa_test.c

@@ -66,13 +66,14 @@
   size_t n = 0;
   EC_KEY *eckey = NULL, *wrong_eckey = NULL;
   EC_GROUP *group;
+  BIGNUM *order = NULL;
   ECDSA_SIG *ecdsa_sig = NULL;
   unsigned char digest[20], wrong_digest[20];
   unsigned char *signature = NULL;
   const unsigned char *sig_ptr;
   unsigned char *sig_ptr2;
   unsigned char *raw_buf = NULL;
-  unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
+  unsigned int sig_len, r_len, s_len, bn_len, buf_len;
   int nid, ret = 0;
 
   /* fill digest values with some random data */
@@ -81,6 +82,11 @@
     goto builtin_err;
   }
 
+  order = BN_new();
+  if (order == NULL) {
+    goto builtin_err;
+  }
+
   /* create and verify a ecdsa signature with every availble curve
    * (with ) */
   BIO_printf(out,
@@ -108,8 +114,10 @@
       goto builtin_err;
     }
     EC_GROUP_free(group);
-    degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
-    if (degree < 160) {
+    if (!EC_GROUP_get_order(EC_KEY_get0_group(eckey), order, NULL)) {
+      goto builtin_err;
+    }
+    if (BN_num_bits(order) < 160) {
       /* Too small to test. */
       EC_KEY_free(eckey);
       eckey = NULL;
@@ -203,7 +211,7 @@
     /* Store the two BIGNUMs in raw_buf. */
     r_len = BN_num_bytes(ecdsa_sig->r);
     s_len = BN_num_bytes(ecdsa_sig->s);
-    bn_len = (degree + 7) / 8;
+    bn_len = BN_num_bytes(order);
     if (r_len > bn_len || s_len > bn_len) {
       BIO_printf(out, " failed\n");
       goto builtin_err;
@@ -268,16 +276,24 @@
 
   ret = 1;
 builtin_err:
-  if (eckey)
+  if (eckey) {
     EC_KEY_free(eckey);
-  if (wrong_eckey)
+  }
+  if (order) {
+    BN_free(order);
+  }
+  if (wrong_eckey) {
     EC_KEY_free(wrong_eckey);
-  if (ecdsa_sig)
+  }
+  if (ecdsa_sig) {
     ECDSA_SIG_free(ecdsa_sig);
-  if (signature)
+  }
+  if (signature) {
     OPENSSL_free(signature);
-  if (raw_buf)
+  }
+  if (raw_buf) {
     OPENSSL_free(raw_buf);
+  }
 
   return ret;
 }

diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 47ecfca..3dca026 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h

@@ -123,8 +123,8 @@
  * in |group| that specifies the generator for the group. */
 OPENSSL_EXPORT const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
 
-/* EC_GROUP_get_order sets |*order| to the order of |group| using |ctx|, if
- * it's not NULL. It returns one on success and zero otherwise. */
+/* EC_GROUP_get_order sets |*order| to the order of |group|, if it's not
+ * NULL. It returns one on success and zero otherwise. |ctx| is ignored. */
 OPENSSL_EXPORT int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order,
                                       BN_CTX *ctx);