diff options
| author | David Benjamin <davidben@chromium.org> | 2015-06-10 23:52:59 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2015-06-19 01:23:12 +0300 |
| commit | 7244fa46f72985b3abc0354e075e883c15ac57a3 (patch) | |
| tree | 579579e59311021c0c086385e5703369a83c5b81 /crypto/ecdsa/ecdsa_asn1.c | |
| parent | b4d65fda70db407a560e12cdba60a87c0ef32937 (diff) | |
Expose ECDSA_SIG_max_len to size a DER ECDSA-Sig-Value.
Also implement it without reference to crypto/asn1 or fake ASN1_INTEGERs and
add a test. Some platform crypto APIs only give back the key size, and not the
encoded signature length. No sense in implementing it twice.
BUG=347404,499653
Change-Id: I9aa27d52674375f8b036e57bb5850f091c9b25dd
Reviewed-on: https://boringssl-review.googlesource.com/5080
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto/ecdsa/ecdsa_asn1.c')
| -rw-r--r-- | crypto/ecdsa/ecdsa_asn1.c | 68 |
1 files changed, 43 insertions, 25 deletions
diff --git a/crypto/ecdsa/ecdsa_asn1.c b/crypto/ecdsa/ecdsa_asn1.c index f557ca77..93be405d 100644 --- a/crypto/ecdsa/ecdsa_asn1.c +++ b/crypto/ecdsa/ecdsa_asn1.c @@ -71,26 +71,20 @@ ASN1_SEQUENCE(ECDSA_SIG) = { IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSA_SIG, ECDSA_SIG, ECDSA_SIG); size_t ECDSA_size(const EC_KEY *key) { - size_t ret, i, group_order_size; - ASN1_INTEGER bs; - BIGNUM *order = NULL; - unsigned char buf[4]; - const EC_GROUP *group; + if (key == NULL) { + return 0; + } + size_t group_order_size; if (key->ecdsa_meth && key->ecdsa_meth->group_order_size) { group_order_size = key->ecdsa_meth->group_order_size(key); } else { - size_t num_bits; - - if (key == NULL) { - return 0; - } - group = EC_KEY_get0_group(key); + const EC_GROUP *group = EC_KEY_get0_group(key); if (group == NULL) { return 0; } - order = BN_new(); + BIGNUM *order = BN_new(); if (order == NULL) { return 0; } @@ -99,21 +93,11 @@ size_t ECDSA_size(const EC_KEY *key) { return 0; } - num_bits = BN_num_bits(order); - group_order_size = (num_bits + 7) / 8; + group_order_size = BN_num_bytes(order); + BN_clear_free(order); } - bs.length = group_order_size; - bs.data = buf; - bs.type = V_ASN1_INTEGER; - /* If the top bit is set the ASN.1 encoding is 1 larger. */ - buf[0] = 0xff; - - i = i2d_ASN1_INTEGER(&bs, NULL); - i += i; /* r and s */ - ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); - BN_clear_free(order); - return ret; + return ECDSA_SIG_max_len(group_order_size); } ECDSA_SIG *ECDSA_SIG_new(void) { @@ -139,3 +123,37 @@ void ECDSA_SIG_free(ECDSA_SIG *sig) { BN_free(sig->s); OPENSSL_free(sig); } + +/* der_len_len returns the number of bytes needed to represent a length of |len| + * in DER. */ +static size_t der_len_len(size_t len) { + if (len < 0x80) { + return 1; + } + size_t ret = 1; + while (len > 0) { + ret++; + len >>= 8; + } + return ret; +} + +size_t ECDSA_SIG_max_len(size_t order_len) { + /* Compute the maximum length of an |order_len| byte integer. Defensively + * assume that the leading 0x00 is included. */ + size_t integer_len = 1 /* tag */ + der_len_len(order_len + 1) + 1 + order_len; + if (integer_len < order_len) { + return 0; + } + /* An ECDSA signature is two INTEGERs. */ + size_t value_len = 2 * integer_len; + if (value_len < integer_len) { + return 0; + } + /* Add the header. */ + size_t ret = 1 /* tag */ + der_len_len(value_len) + value_len; + if (ret < value_len) { + return 0; + } + return ret; +} |