Compare r and s sizes to the order, not the degree.
r and s are scalars, not EC coordinates.
Change-Id: I46a20215d3c602559c18c74a1da9a91543ea73ca
Reviewed-on: https://boringssl-review.googlesource.com/2240
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/ecdsa/ecdsa_test.c b/crypto/ecdsa/ecdsa_test.c
index e3b1142..523cbdf 100644
--- a/crypto/ecdsa/ecdsa_test.c
+++ b/crypto/ecdsa/ecdsa_test.c
@@ -66,13 +66,14 @@
size_t n = 0;
EC_KEY *eckey = NULL, *wrong_eckey = NULL;
EC_GROUP *group;
+ BIGNUM *order = NULL;
ECDSA_SIG *ecdsa_sig = NULL;
unsigned char digest[20], wrong_digest[20];
unsigned char *signature = NULL;
const unsigned char *sig_ptr;
unsigned char *sig_ptr2;
unsigned char *raw_buf = NULL;
- unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
+ unsigned int sig_len, r_len, s_len, bn_len, buf_len;
int nid, ret = 0;
/* fill digest values with some random data */
@@ -81,6 +82,11 @@
goto builtin_err;
}
+ order = BN_new();
+ if (order == NULL) {
+ goto builtin_err;
+ }
+
/* create and verify a ecdsa signature with every availble curve
* (with ) */
BIO_printf(out,
@@ -108,8 +114,10 @@
goto builtin_err;
}
EC_GROUP_free(group);
- degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
- if (degree < 160) {
+ if (!EC_GROUP_get_order(EC_KEY_get0_group(eckey), order, NULL)) {
+ goto builtin_err;
+ }
+ if (BN_num_bits(order) < 160) {
/* Too small to test. */
EC_KEY_free(eckey);
eckey = NULL;
@@ -203,7 +211,7 @@
/* Store the two BIGNUMs in raw_buf. */
r_len = BN_num_bytes(ecdsa_sig->r);
s_len = BN_num_bytes(ecdsa_sig->s);
- bn_len = (degree + 7) / 8;
+ bn_len = BN_num_bytes(order);
if (r_len > bn_len || s_len > bn_len) {
BIO_printf(out, " failed\n");
goto builtin_err;
@@ -268,16 +276,24 @@
ret = 1;
builtin_err:
- if (eckey)
+ if (eckey) {
EC_KEY_free(eckey);
- if (wrong_eckey)
+ }
+ if (order) {
+ BN_free(order);
+ }
+ if (wrong_eckey) {
EC_KEY_free(wrong_eckey);
- if (ecdsa_sig)
+ }
+ if (ecdsa_sig) {
ECDSA_SIG_free(ecdsa_sig);
- if (signature)
+ }
+ if (signature) {
OPENSSL_free(signature);
- if (raw_buf)
+ }
+ if (raw_buf) {
OPENSSL_free(raw_buf);
+ }
return ret;
}
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 47ecfca..3dca026 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -123,8 +123,8 @@
* in |group| that specifies the generator for the group. */
OPENSSL_EXPORT const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
-/* EC_GROUP_get_order sets |*order| to the order of |group| using |ctx|, if
- * it's not NULL. It returns one on success and zero otherwise. */
+/* EC_GROUP_get_order sets |*order| to the order of |group|, if it's not
+ * NULL. It returns one on success and zero otherwise. |ctx| is ignored. */
OPENSSL_EXPORT int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order,
BN_CTX *ctx);