Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make ECDSA_size() use consistent asn1 encoder. #10577

Closed
wants to merge 1 commit into from
Closed

Make ECDSA_size() use consistent asn1 encoder. #10577

wants to merge 1 commit into from

Conversation

slontis
Copy link
Member

@slontis slontis commented Dec 5, 2019
edited

ECDSA signature lengths are calculated using i2d_ECDSA_SIG().
i2d_ECDSA_SIG() was changed in a previous PR to use a custom ASN1 encoder (using WPACKET)
so that the normal ASN1 encoder does not need to be pulled into the provider boundary.
For consistency ECDSA_size() has been changed to also use i2d_ECDSA_SIG() - this can now
be used directly inside the FIPS provider.

Checklist
  • documentation is added or updated
  • tests are added or updated

slontis
slontis commented Dec 5, 2019
View reviewed changes
crypto/ec/ec_asn1.c
if (group == NULL)
return 0;

i = EC_GROUP_order_bits(group);
if (i == 0)
bn = EC_GROUP_get0_order(group);
Copy link
Member Author

@slontis slontis Dec 5, 2019
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was concerned there might be a off by 1 problem here if the order does not have the top bit set..
There are some curves that have 1FFFFF at the top but those ones should be ok..

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r & s are modulus of the order.. so should be less than this upper value

@slontis slontis added this to In progress in 3.0 New Core + FIPS via automation Dec 18, 2019
@slontis slontis added approval: otc review pending This pull request needs review by an OTC member branch: master Merge to master branch labels Dec 18, 2019
@slontis slontis requested a review from romen December 18, 2019 03:02
@kaduk
Copy link
Contributor

kaduk commented Dec 18, 2019

(There's a typo "ECDA_size()" in the commit message)

romen
romen approved these changes Dec 18, 2019
View reviewed changes
Copy link
Member

@romen romen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM as long as the typo @kaduk spotted is fixed.

Sorry for the delay in the review, I should have finally managed to set up proper notifications when I receive an explicit review request!

3.0 New Core + FIPS automation moved this from In progress to Reviewer approved Dec 18, 2019
@slontis
Copy link
Member Author

slontis commented Dec 19, 2019

Updated the commit to remove the typo..

@slontis
Copy link
Member Author

slontis commented Dec 19, 2019

ping

romen
romen approved these changes Dec 19, 2019
View reviewed changes
Copy link
Member

@romen romen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reapproved

@slontis
Make ECDSA_size() use consistent asn1 encoder.
1cfc318 
ECDSA signature lengths are calculated using i2d_ECDSA_SIG().
i2d_ECDSA_SIG() was changed in a previous PR to use a custom ASN1 encoder (using WPACKET)
so that the normal ASN1 encoder does not need to be pulled into the provider boundary.
For consistency ECDSA_size() has been changed to also use i2d_ECDSA_SIG() - this can now
be used directly inside the FIPS provider.
@slontis
Copy link
Member Author

slontis commented Jan 6, 2020

rebased with no new changes to the code.

@romen romen added approval: done This pull request has the required number of approvals and removed approval: otc review pending This pull request needs review by an OTC member labels Jan 6, 2020
@slontis slontis added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Jan 7, 2020
openssl-machine pushed a commit that referenced this pull request Jan 7, 2020
@slontis
Make ECDSA_size() use consistent asn1 encoder.
88b4c61 
ECDSA signature lengths are calculated using i2d_ECDSA_SIG().
i2d_ECDSA_SIG() was changed in a previous PR to use a custom ASN1 encoder (using WPACKET)
so that the normal ASN1 encoder does not need to be pulled into the provider boundary.
For consistency ECDSA_size() has been changed to also use i2d_ECDSA_SIG() - this can now
be used directly inside the FIPS provider.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from #10577)
@slontis
Copy link
Member Author

slontis commented Jan 7, 2020

Thanks romen. Merged to master.

@slontis slontis closed this Jan 7, 2020
3.0 New Core + FIPS automation moved this from Reviewer approved to Done Jan 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@romen romen romen approved these changes

Assignees
No one assigned
Labels
approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Merge to master branch
Projects
No open projects
3.0 New Core + FIPS
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@slontis @kaduk @romen