diff options
| author | David Benjamin <davidben@chromium.org> | 2016-01-03 01:35:47 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2016-02-17 04:02:51 +0300 |
| commit | df98a7ad3ada7044d46d1450339fb4255b8e6caa (patch) | |
| tree | 7364bc508985689f9164c49fc9737004b9c2f3a0 /crypto | |
| parent | fda22a75730d8982baf8a567201f6254d47c9572 (diff) | |
Reimplement DSA_size without crypto/asn1.
BUG=499653
Change-Id: I16963fb198609d7fc0df6c57923cda3e13350753
Reviewed-on: https://boringssl-review.googlesource.com/6875
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/dsa/dsa.c | 49 |
1 files changed, 31 insertions, 18 deletions
diff --git a/crypto/dsa/dsa.c b/crypto/dsa/dsa.c index 3b269d4f..aaa763f6 100644 --- a/crypto/dsa/dsa.c +++ b/crypto/dsa/dsa.c @@ -61,7 +61,6 @@ #include <string.h> -#include <openssl/asn1.h> #include <openssl/bn.h> #include <openssl/dh.h> #include <openssl/digest.h> @@ -754,24 +753,38 @@ err: return ret; } -int DSA_size(const DSA *dsa) { - int ret, i; - ASN1_INTEGER bs; - unsigned char buf[4]; /* 4 bytes looks really small. - However, i2d_ASN1_INTEGER() will not look - beyond the first byte, as long as the second - parameter is NULL. */ +/* der_len_len returns the number of bytes needed to represent a length of |len| + * in DER. */ +static size_t der_len_len(size_t len) { + if (len < 0x80) { + return 1; + } + size_t ret = 1; + while (len > 0) { + ret++; + len >>= 8; + } + return ret; +} - i = BN_num_bits(dsa->q); - bs.length = (i + 7) / 8; - bs.data = buf; - bs.type = V_ASN1_INTEGER; - /* If the top bit is set the asn1 encoding is 1 larger. */ - buf[0] = 0xff; - - i = i2d_ASN1_INTEGER(&bs, NULL); - i += i; /* r and s */ - ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); +int DSA_size(const DSA *dsa) { + size_t order_len = BN_num_bytes(dsa->q); + /* Compute the maximum length of an |order_len| byte integer. Defensively + * assume that the leading 0x00 is included. */ + size_t integer_len = 1 /* tag */ + der_len_len(order_len + 1) + 1 + order_len; + if (integer_len < order_len) { + return 0; + } + /* A DSA signature is two INTEGERs. */ + size_t value_len = 2 * integer_len; + if (value_len < integer_len) { + return 0; + } + /* Add the header. */ + size_t ret = 1 /* tag */ + der_len_len(value_len) + value_len; + if (ret < value_len) { + return 0; + } return ret; } |