287
287
size_t crv_len = 0, n = 0;
288
288
EC_KEY *eckey = NULL, *wrong_eckey = NULL;
290
ECDSA_SIG *ecdsa_sig = NULL;
290
291
unsigned char digest[20], wrong_digest[20];
291
unsigned char *signature = NULL;
292
unsigned int sig_len;
292
unsigned char *signature = NULL;
293
const unsigned char *sig_ptr;
294
unsigned char *sig_ptr2;
295
unsigned char *raw_buf = NULL;
296
unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
293
297
int nid, ret = 0;
295
299
/* fill digest values with some random data */
416
421
BIO_printf(out, ".");
417
422
(void)BIO_flush(out);
418
/* modify a single byte of the signature */
419
offset = signature[10] % sig_len;
420
dirt = signature[11];
421
signature[offset] ^= dirt ? dirt : 1;
424
if (ECDSA_verify(0, digest, 20, signature, sig_len - 1,
427
BIO_printf(out, " failed\n");
430
BIO_printf(out, ".");
431
(void)BIO_flush(out);
433
/* Modify a single byte of the signature: to ensure we don't
434
* garble the ASN1 structure, we read the raw signature and
435
* modify a byte in one of the bignums directly. */
437
if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL)
439
BIO_printf(out, " failed\n");
443
/* Store the two BIGNUMs in raw_buf. */
444
r_len = BN_num_bytes(ecdsa_sig->r);
445
s_len = BN_num_bytes(ecdsa_sig->s);
446
bn_len = (degree + 7) / 8;
447
if ((r_len > bn_len) || (s_len > bn_len))
449
BIO_printf(out, " failed\n");
452
buf_len = 2 * bn_len;
453
if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
455
/* Pad the bignums with leading zeroes. */
456
memset(raw_buf, 0, buf_len);
457
BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
458
BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
460
/* Modify a single byte in the buffer. */
461
offset = raw_buf[10] % buf_len;
462
dirt = raw_buf[11] ? raw_buf[11] : 1;
463
raw_buf[offset] ^= dirt;
464
/* Now read the BIGNUMs back in from raw_buf. */
465
if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
466
(BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
469
sig_ptr2 = signature;
470
sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
422
471
if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
424
473
BIO_printf(out, " failed\n");
425
474
goto builtin_err;
476
/* Sanity check: undo the modification and verify signature. */
477
raw_buf[offset] ^= dirt;
478
if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
479
(BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
482
sig_ptr2 = signature;
483
sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
484
if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
486
BIO_printf(out, " failed\n");
427
489
BIO_printf(out, ".");
428
490
(void)BIO_flush(out);
430
492
BIO_printf(out, " ok\n");
494
/* clean bogus errors */
432
496
OPENSSL_free(signature);
433
497
signature = NULL;
434
498
EC_KEY_free(eckey);
436
500
EC_KEY_free(wrong_eckey);
437
501
wrong_eckey = NULL;
502
ECDSA_SIG_free(ecdsa_sig);
504
OPENSSL_free(raw_buf);