factor ECDSA signature extraction into its own function

1 files changed, 35 insertions, 24 deletions

diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index 1a5aac87f1..c7ea768939 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
-/* $OpenBSD: wycheproof.go,v 1.71 2018/10/06 04:35:54 tb Exp $ */
+/* $OpenBSD: wycheproof.go,v 1.72 2018/10/06 05:02:21 tb Exp $ */
 /*
  * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -1357,31 +1357,17 @@ func runECDSATestGroup(algorithm string, wtg *wycheproofTestGroupECDSA) bool {
         return success
 }
 
-func runECDSAWebCryptoTest(ecKey *C.EC_KEY, nid int, h hash.Hash, wt *wycheproofTestECDSA) bool {
-        msg, err := hex.DecodeString(wt.Msg)
-        if err != nil {
-                log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
-        }
-
-        h.Reset()
-        h.Write(msg)
-        msg = h.Sum(nil)
-
-        msgLen := len(msg)
-        if msgLen == 0 {
-                msg = append(msg, 0)
-        }
-
-        // DER encode the signature (so that ECDSA_verify() can decode and encode it again...)
+// DER encode the signature (so that ECDSA_verify() can decode and encode it again...)
+func encodeECDSAWebCryptoSig(wtSig string) (*C.uchar, C.int) {
         cSig := C.ECDSA_SIG_new()
         if cSig == nil {
                 log.Fatal("ECDSA_SIG_new() failed")
         }
         defer C.ECDSA_SIG_free(cSig)
 
-        sigLen := len(wt.Sig)
-        r := C.CString(wt.Sig[:sigLen/2])
-        s := C.CString(wt.Sig[sigLen/2:])
+        sigLen := len(wtSig)
+        r := C.CString(wtSig[:sigLen/2])
+        s := C.CString(wtSig[sigLen/2:])
         if C.BN_hex2bn(&cSig.r, r) == 0 {
                 log.Fatal("Failed to set ECDSA r")
         }
@@ -1393,21 +1379,46 @@ func runECDSAWebCryptoTest(ecKey *C.EC_KEY, nid int, h hash.Hash, wt *wycheproof
 
         derLen := C.i2d_ECDSA_SIG(cSig, nil)
         if derLen == 0 {
-                log.Fatal("i2d_ECDSA_SIG(cSig, nil) failed")
+                return nil, 0
         }
         cDer := (*C.uchar)(C.malloc(C.ulong(derLen)))
         if cDer == nil {
                 log.Fatal("malloc failed")
         }
-        defer C.free(unsafe.Pointer(cDer))
 
         p := cDer
         ret := C.i2d_ECDSA_SIG(cSig, (**C.uchar)(&p))
         if ret == 0 || ret != derLen {
-                log.Fatalf("i2d_ECDSA_SIG(cSig, nil) failed, got %d, want %d", ret, derLen)
+                C.free(unsafe.Pointer(cDer))
+                return nil, 0
         }
 
-        ret = C.ECDSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen),
+        return cDer, derLen
+}
+
+func runECDSAWebCryptoTest(ecKey *C.EC_KEY, nid int, h hash.Hash, wt *wycheproofTestECDSA) bool {
+        msg, err := hex.DecodeString(wt.Msg)
+        if err != nil {
+                log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
+        }
+
+        h.Reset()
+        h.Write(msg)
+        msg = h.Sum(nil)
+
+        msgLen := len(msg)
+        if msgLen == 0 {
+                msg = append(msg, 0)
+        }
+
+        cDer, derLen := encodeECDSAWebCryptoSig(wt.Sig)
+        if cDer == nil {
+                fmt.Print("FAIL: unable to decode signature")
+                return false
+        }
+        defer C.free(unsafe.Pointer(cDer))
+
+        ret := C.ECDSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen),
                 (*C.uchar)(unsafe.Pointer(cDer)), C.int(derLen), ecKey)
 
         // XXX audit acceptable cases...