OpenSSL 1.0.0f: import upstream source

author: djm <> 2012-01-05 22:59:08 +0000
committer: djm <> 2012-01-05 22:59:08 +0000
commit: 7aa3571aba92d82f8dd3caabe48fad636f05a0fd (patch)
tree: 851ee61336830430906a0fb1d3eba6718e2bffd2 /src/lib/libcrypto/ecdsa
parent: 074782d395f8a140cd5120b87574dcd928bacd24 (diff)
download: openbsd-7aa3571aba92d82f8dd3caabe48fad636f05a0fd.tar.gz
openbsd-7aa3571aba92d82f8dd3caabe48fad636f05a0fd.tar.bz2
openbsd-7aa3571aba92d82f8dd3caabe48fad636f05a0fd.zip
1 files changed, 78 insertions, 7 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecdsatest.c b/src/lib/libcrypto/ecdsa/ecdsatest.c
index 26a4a9ee7c..54cfb8c753 100644
--- a/src/lib/libcrypto/ecdsa/ecdsatest.c
+++ b/src/lib/libcrypto/ecdsa/ecdsatest.c
@@ -286,9 +286,12 @@ int test_builtin(BIO *out)
        size_t          crv_len = 0, n = 0;
        EC_KEY          *eckey = NULL, *wrong_eckey = NULL;
        EC_GROUP        *group;
+        ECDSA_SIG       *ecdsa_sig = NULL;
        unsigned char   digest[20], wrong_digest[20];
-        unsigned char   *signature = NULL; 
+        unsigned char   *signature = NULL;
-        unsigned int    sig_len;
+        unsigned char   *sig_ptr;
+        unsigned char   *raw_buf = NULL;
+        unsigned int    sig_len, degree, r_len, s_len, bn_len, buf_len;
        int             nid, ret =  0;
        
        /* fill digest values with some random data */
@@ -338,7 +341,8 @@ int test_builtin(BIO *out)
                if (EC_KEY_set_group(eckey, group) == 0)
                        goto builtin_err;
                EC_GROUP_free(group);
-                if (EC_GROUP_get_degree(EC_KEY_get0_group(eckey)) < 160)
+                degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
+                if (degree < 160)
                        /* drop the curve */ 
                        {
                        EC_KEY_free(eckey);
@@ -414,26 +418,89 @@ int test_builtin(BIO *out)
                        }
                BIO_printf(out, ".");
                (void)BIO_flush(out);
-                /* modify a single byte of the signature */
+                /* wrong length */
-                offset = signature[10] % sig_len;
+                if (ECDSA_verify(0, digest, 20, signature, sig_len - 1,
-                dirt   = signature[11];
+                        eckey) == 1)
-                signature[offset] ^= dirt ? dirt : 1; 
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* Modify a single byte of the signature: to ensure we don't
+                 * garble the ASN1 structure, we read the raw signature and
+                 * modify a byte in one of the bignums directly. */
+                sig_ptr = signature;
+                if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                /* Store the two BIGNUMs in raw_buf. */
+                r_len = BN_num_bytes(ecdsa_sig->r);
+                s_len = BN_num_bytes(ecdsa_sig->s);
+                bn_len = (degree + 7) / 8;
+                if ((r_len > bn_len) || (s_len > bn_len))
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                buf_len = 2 * bn_len;
+                if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
+                        goto builtin_err;
+                /* Pad the bignums with leading zeroes. */
+                memset(raw_buf, 0, buf_len);
+                BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
+                BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
+                /* Modify a single byte in the buffer. */
+                offset = raw_buf[10] % buf_len;
+                dirt   = raw_buf[11] ? raw_buf[11] : 1;
+                raw_buf[offset] ^= dirt;
+                /* Now read the BIGNUMs back in from raw_buf. */
+                if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
+                        (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
+                        goto builtin_err;
+                sig_ptr = signature;
+                sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr);
                if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
                        {
                        BIO_printf(out, " failed\n");
                        goto builtin_err;
                        }
+                /* Sanity check: undo the modification and verify signature. */
+                raw_buf[offset] ^= dirt;
+                if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
+                        (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
+                        goto builtin_err;
+                sig_ptr = signature;
+                sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr);
+                if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
                BIO_printf(out, ".");
                (void)BIO_flush(out);
                
                BIO_printf(out, " ok\n");
                /* cleanup */
+                /* clean bogus errors */
+                ERR_clear_error();
                OPENSSL_free(signature);
                signature = NULL;
                EC_KEY_free(eckey);
                eckey = NULL;
                EC_KEY_free(wrong_eckey);
                wrong_eckey = NULL;
+                ECDSA_SIG_free(ecdsa_sig);
+                ecdsa_sig = NULL;
+                OPENSSL_free(raw_buf);
+                raw_buf = NULL;
                }
        ret = 1;        
@@ -442,8 +509,12 @@ builtin_err:
                EC_KEY_free(eckey);
        if (wrong_eckey)
                EC_KEY_free(wrong_eckey);
+        if (ecdsa_sig)
+                ECDSA_SIG_free(ecdsa_sig);
        if (signature)
                OPENSSL_free(signature);
+        if (raw_buf)
+                OPENSSL_free(raw_buf);
        if (curves)
                OPENSSL_free(curves);
author	djm <>	2012-01-05 22:59:08 +0000
committer	djm <>	2012-01-05 22:59:08 +0000
commit	7aa3571aba92d82f8dd3caabe48fad636f05a0fd (patch)
tree	851ee61336830430906a0fb1d3eba6718e2bffd2 /src/lib/libcrypto/ecdsa
parent	074782d395f8a140cd5120b87574dcd928bacd24 (diff)
download	openbsd-7aa3571aba92d82f8dd3caabe48fad636f05a0fd.tar.gz openbsd-7aa3571aba92d82f8dd3caabe48fad636f05a0fd.tar.bz2 openbsd-7aa3571aba92d82f8dd3caabe48fad636f05a0fd.zip

diff --git a/src/lib/libcrypto/ecdsa/ecdsatest.c b/src/lib/libcrypto/ecdsa/ecdsatest.c index 26a4a9ee7c..54cfb8c753 100644 --- a/src/lib/libcrypto/ecdsa/ecdsatest.c +++ b/src/lib/libcrypto/ecdsa/ecdsatest.c
@@ -286,9 +286,12 @@ int test_builtin(BIO *out)
286	size_t crv_len = 0, n = 0;	286	size_t crv_len = 0, n = 0;
287	EC_KEY eckey = NULL, wrong_eckey = NULL;	287	EC_KEY eckey = NULL, wrong_eckey = NULL;
288	EC_GROUP *group;	288	EC_GROUP *group;
		289	ECDSA_SIG *ecdsa_sig = NULL;
289	unsigned char digest[20], wrong_digest[20];	290	unsigned char digest[20], wrong_digest[20];
290	unsigned char *signature = NULL;	291	unsigned char *signature = NULL;
291	unsigned int sig_len;	292	unsigned char *sig_ptr;
		293	unsigned char *raw_buf = NULL;
		294	unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
292	int nid, ret = 0;	295	int nid, ret = 0;
293		296
294	/* fill digest values with some random data */	297	/* fill digest values with some random data */
@@ -338,7 +341,8 @@ int test_builtin(BIO *out)
338	if (EC_KEY_set_group(eckey, group) == 0)	341	if (EC_KEY_set_group(eckey, group) == 0)
339	goto builtin_err;	342	goto builtin_err;
340	EC_GROUP_free(group);	343	EC_GROUP_free(group);
341	if (EC_GROUP_get_degree(EC_KEY_get0_group(eckey)) < 160)	344	degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
		345	if (degree < 160)
342	/* drop the curve */	346	/* drop the curve */
343	{	347	{
344	EC_KEY_free(eckey);	348	EC_KEY_free(eckey);
@@ -414,26 +418,89 @@ int test_builtin(BIO *out)
414	}	418	}
415	BIO_printf(out, ".");	419	BIO_printf(out, ".");
416	(void)BIO_flush(out);	420	(void)BIO_flush(out);
417	/* modify a single byte of the signature */	421	/* wrong length */
418	offset = signature[10] % sig_len;	422	if (ECDSA_verify(0, digest, 20, signature, sig_len - 1,
419	dirt = signature[11];	423	eckey) == 1)
420	signature[offset] ^= dirt ? dirt : 1;	424	{
		425	BIO_printf(out, " failed\n");
		426	goto builtin_err;
		427	}
		428	BIO_printf(out, ".");
		429	(void)BIO_flush(out);
		430
		431	/* Modify a single byte of the signature: to ensure we don't
		432	* garble the ASN1 structure, we read the raw signature and
		433	* modify a byte in one of the bignums directly. */
		434	sig_ptr = signature;
		435	if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL)
		436	{
		437	BIO_printf(out, " failed\n");
		438	goto builtin_err;
		439	}
		440
		441	/* Store the two BIGNUMs in raw_buf. */
		442	r_len = BN_num_bytes(ecdsa_sig->r);
		443	s_len = BN_num_bytes(ecdsa_sig->s);
		444	bn_len = (degree + 7) / 8;
		445	if ((r_len > bn_len) \|\| (s_len > bn_len))
		446	{
		447	BIO_printf(out, " failed\n");
		448	goto builtin_err;
		449	}
		450	buf_len = 2 * bn_len;
		451	if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
		452	goto builtin_err;
		453	/* Pad the bignums with leading zeroes. */
		454	memset(raw_buf, 0, buf_len);
		455	BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
		456	BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
		457
		458	/* Modify a single byte in the buffer. */
		459	offset = raw_buf[10] % buf_len;
		460	dirt = raw_buf[11] ? raw_buf[11] : 1;
		461	raw_buf[offset] ^= dirt;
		462	/* Now read the BIGNUMs back in from raw_buf. */
		463	if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) \|\|
		464	(BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
		465	goto builtin_err;
		466
		467	sig_ptr = signature;
		468	sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr);
421	if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)	469	if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
422	{	470	{
423	BIO_printf(out, " failed\n");	471	BIO_printf(out, " failed\n");
424	goto builtin_err;	472	goto builtin_err;
425	}	473	}
		474	/* Sanity check: undo the modification and verify signature. */
		475	raw_buf[offset] ^= dirt;
		476	if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) \|\|
		477	(BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
		478	goto builtin_err;
		479
		480	sig_ptr = signature;
		481	sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr);
		482	if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
		483	{
		484	BIO_printf(out, " failed\n");
		485	goto builtin_err;
		486	}
426	BIO_printf(out, ".");	487	BIO_printf(out, ".");
427	(void)BIO_flush(out);	488	(void)BIO_flush(out);
428		489
429	BIO_printf(out, " ok\n");	490	BIO_printf(out, " ok\n");
430	/* cleanup */	491	/* cleanup */
		492	/* clean bogus errors */
		493	ERR_clear_error();
431	OPENSSL_free(signature);	494	OPENSSL_free(signature);
432	signature = NULL;	495	signature = NULL;
433	EC_KEY_free(eckey);	496	EC_KEY_free(eckey);
434	eckey = NULL;	497	eckey = NULL;
435	EC_KEY_free(wrong_eckey);	498	EC_KEY_free(wrong_eckey);
436	wrong_eckey = NULL;	499	wrong_eckey = NULL;
		500	ECDSA_SIG_free(ecdsa_sig);
		501	ecdsa_sig = NULL;
		502	OPENSSL_free(raw_buf);
		503	raw_buf = NULL;
437	}	504	}
438		505
439	ret = 1;	506	ret = 1;
@@ -442,8 +509,12 @@ builtin_err:
442	EC_KEY_free(eckey);	509	EC_KEY_free(eckey);
443	if (wrong_eckey)	510	if (wrong_eckey)
444	EC_KEY_free(wrong_eckey);	511	EC_KEY_free(wrong_eckey);
		512	if (ecdsa_sig)
		513	ECDSA_SIG_free(ecdsa_sig);
445	if (signature)	514	if (signature)
446	OPENSSL_free(signature);	515	OPENSSL_free(signature);
		516	if (raw_buf)
		517	OPENSSL_free(raw_buf);
447	if (curves)	518	if (curves)
448	OPENSSL_free(curves);	519	OPENSSL_free(curves);
449		520