diff options
| author | tb <> | 2023-07-03 09:55:42 +0000 |
|---|---|---|
| committer | tb <> | 2023-07-03 09:55:42 +0000 |
| commit | b7bf542a80b8e960840d2ae7d1c844dfdb441703 (patch) | |
| tree | 257c9617c8efff15db5b617730846ff0d49e5e2a /src | |
| parent | 58ba5121ee4dbdd1a52e6e00ba1bbfb412fb8dee (diff) | |
| download | openbsd-b7bf542a80b8e960840d2ae7d1c844dfdb441703.tar.gz openbsd-b7bf542a80b8e960840d2ae7d1c844dfdb441703.tar.bz2 openbsd-b7bf542a80b8e960840d2ae7d1c844dfdb441703.zip | |
Streamline ossl_ecdsa_verify()
Make it single exit and use API more idiomatically and some other
cosmetics.
ok beck jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/ecdsa/ecs_ossl.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c index abf6b3b385..7e03c234ee 100644 --- a/src/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ecs_ossl.c,v 1.48 2023/07/03 07:28:05 tb Exp $ */ | 1 | /* $OpenBSD: ecs_ossl.c,v 1.49 2023/07/03 09:55:42 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Written by Nils Larsch for the OpenSSL project | 3 | * Written by Nils Larsch for the OpenSSL project |
| 4 | */ | 4 | */ |
| @@ -426,24 +426,30 @@ ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, | |||
| 426 | { | 426 | { |
| 427 | ECDSA_SIG *s; | 427 | ECDSA_SIG *s; |
| 428 | unsigned char *der = NULL; | 428 | unsigned char *der = NULL; |
| 429 | const unsigned char *p = sigbuf; | 429 | const unsigned char *p; |
| 430 | int derlen = -1; | 430 | int derlen = 0; |
| 431 | int ret = -1; | 431 | int ret = -1; |
| 432 | 432 | ||
| 433 | if ((s = ECDSA_SIG_new()) == NULL) | 433 | if ((s = ECDSA_SIG_new()) == NULL) |
| 434 | return (ret); | 434 | goto err; |
| 435 | |||
| 436 | p = sigbuf; | ||
| 435 | if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) | 437 | if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) |
| 436 | goto err; | 438 | goto err; |
| 439 | |||
| 437 | /* Ensure signature uses DER and doesn't have trailing garbage */ | 440 | /* Ensure signature uses DER and doesn't have trailing garbage */ |
| 438 | derlen = i2d_ECDSA_SIG(s, &der); | 441 | if ((derlen = i2d_ECDSA_SIG(s, &der)) != sig_len) |
| 439 | if (derlen != sig_len || memcmp(sigbuf, der, derlen)) | 442 | goto err; |
| 443 | if (memcmp(sigbuf, der, derlen)) | ||
| 440 | goto err; | 444 | goto err; |
| 445 | |||
| 441 | ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); | 446 | ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); |
| 442 | 447 | ||
| 443 | err: | 448 | err: |
| 444 | freezero(der, derlen); | 449 | freezero(der, derlen); |
| 445 | ECDSA_SIG_free(s); | 450 | ECDSA_SIG_free(s); |
| 446 | return (ret); | 451 | |
| 452 | return ret; | ||
| 447 | } | 453 | } |
| 448 | 454 | ||
| 449 | int | 455 | int |