Merge #494: Support OpenSSL versions >= 1.1 for ENABLE_OPENSSL_TESTS

31abd3a Support OpenSSL versions >= 1.1 for ENABLE_OPENSSL_TESTS (Alexander Block)

Pull request description:

  The only reason OpenSSL 1.1 was not supported was the removal of direct
  access to r and s in ECDSA_SIG. This commit adds a simplified version of
  ECDSA_SIG_get0 for < 1.1 that can be used like ECDSA_SIG_get0 in >= 1.1

Tree-SHA512: 7ee49cd8424086bb96968c632b5babce50af98e13c414c4d5028a30fb86896956f829415a92c66387cde57941ab6999b0db823752cb36dd8932d15dd32980763
This commit is contained in:
Gregory Maxwell 2018-02-06 22:43:19 +00:00
commit d333521516
No known key found for this signature in database
GPG Key ID: EAB5AF94D9E9ABE7
2 changed files with 8 additions and 4 deletions

View File

@ -48,7 +48,6 @@ if test x"$has_libcrypto" = x"yes" && test x"$has_openssl_ec" = x; then
EC_KEY_free(eckey); EC_KEY_free(eckey);
ECDSA_SIG *sig_openssl; ECDSA_SIG *sig_openssl;
sig_openssl = ECDSA_SIG_new(); sig_openssl = ECDSA_SIG_new();
(void)sig_openssl->r;
ECDSA_SIG_free(sig_openssl); ECDSA_SIG_free(sig_openssl);
]])],[has_openssl_ec=yes],[has_openssl_ec=no]) ]])],[has_openssl_ec=yes],[has_openssl_ec=no])
AC_MSG_RESULT([$has_openssl_ec]) AC_MSG_RESULT([$has_openssl_ec])

View File

@ -23,6 +23,9 @@
#include "openssl/ec.h" #include "openssl/ec.h"
#include "openssl/ecdsa.h" #include "openssl/ecdsa.h"
#include "openssl/obj_mac.h" #include "openssl/obj_mac.h"
# if OPENSSL_VERSION_NUMBER < 0x10100000L
void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {*pr = sig->r; *ps = sig->s;}
# endif
#endif #endif
#include "contrib/lax_der_parsing.c" #include "contrib/lax_der_parsing.c"
@ -4150,6 +4153,7 @@ int test_ecdsa_der_parse(const unsigned char *sig, size_t siglen, int certainly_
#ifdef ENABLE_OPENSSL_TESTS #ifdef ENABLE_OPENSSL_TESTS
ECDSA_SIG *sig_openssl; ECDSA_SIG *sig_openssl;
const BIGNUM *r = NULL, *s = NULL;
const unsigned char *sigptr; const unsigned char *sigptr;
unsigned char roundtrip_openssl[2048]; unsigned char roundtrip_openssl[2048];
int len_openssl = 2048; int len_openssl = 2048;
@ -4201,15 +4205,16 @@ int test_ecdsa_der_parse(const unsigned char *sig, size_t siglen, int certainly_
sigptr = sig; sigptr = sig;
parsed_openssl = (d2i_ECDSA_SIG(&sig_openssl, &sigptr, siglen) != NULL); parsed_openssl = (d2i_ECDSA_SIG(&sig_openssl, &sigptr, siglen) != NULL);
if (parsed_openssl) { if (parsed_openssl) {
valid_openssl = !BN_is_negative(sig_openssl->r) && !BN_is_negative(sig_openssl->s) && BN_num_bits(sig_openssl->r) > 0 && BN_num_bits(sig_openssl->r) <= 256 && BN_num_bits(sig_openssl->s) > 0 && BN_num_bits(sig_openssl->s) <= 256; ECDSA_SIG_get0(sig_openssl, &r, &s);
valid_openssl = !BN_is_negative(r) && !BN_is_negative(s) && BN_num_bits(r) > 0 && BN_num_bits(r) <= 256 && BN_num_bits(s) > 0 && BN_num_bits(s) <= 256;
if (valid_openssl) { if (valid_openssl) {
unsigned char tmp[32] = {0}; unsigned char tmp[32] = {0};
BN_bn2bin(sig_openssl->r, tmp + 32 - BN_num_bytes(sig_openssl->r)); BN_bn2bin(r, tmp + 32 - BN_num_bytes(r));
valid_openssl = memcmp(tmp, max_scalar, 32) < 0; valid_openssl = memcmp(tmp, max_scalar, 32) < 0;
} }
if (valid_openssl) { if (valid_openssl) {
unsigned char tmp[32] = {0}; unsigned char tmp[32] = {0};
BN_bn2bin(sig_openssl->s, tmp + 32 - BN_num_bytes(sig_openssl->s)); BN_bn2bin(s, tmp + 32 - BN_num_bytes(s));
valid_openssl = memcmp(tmp, max_scalar, 32) < 0; valid_openssl = memcmp(tmp, max_scalar, 32) < 0;
} }
} }