From 943a0ceed0c35bd17c6c4deae087bb77308d6830 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 14 Feb 2011 19:42:49 +0000 Subject: [PATCH] Update ECDSA test program to handle ECDSA2 format files. Correctly handle hex strings with an odd number of digits. --- fips/ecdsa/fips_ecdsavs.c | 56 ++++++++++++++++++++++++++++++++------- fips/fips_utl.h | 9 +++++++ 2 files changed, 55 insertions(+), 10 deletions(-) diff --git a/fips/ecdsa/fips_ecdsavs.c b/fips/ecdsa/fips_ecdsavs.c index 1b69c84ad0..11bd5542e9 100644 --- a/fips/ecdsa/fips_ecdsavs.c +++ b/fips/ecdsa/fips_ecdsavs.c @@ -6,7 +6,7 @@ int main(int argc, char **argv) { - printf("No FIPS DSA support\n"); + printf("No FIPS ECDSA support\n"); return(0); } #else @@ -22,11 +22,47 @@ int main(int argc, char **argv) #include -static int lookup_curve(const char *curve_name) +static int lookup_curve(char *curve_name, const EVP_MD **pmd) { - char cname[6]; - strncpy(cname, curve_name, 5); - cname[5] = 0; + char *cname, *p; + cname = curve_name + 1; + p = strchr(cname, ']'); + if (!p) + { + fprintf(stderr, "Parse error: missing ]\n"); + return NID_undef; + } + *p = 0; + p = strchr(cname, ','); + if (p) + { + if (!pmd) + { + fprintf(stderr, "Parse error: unexpected digest\n"); + return NID_undef; + } + *p = 0; + p++; + + if (!strcmp(p, "SHA-1")) + *pmd = EVP_sha1(); + else if (!strcmp(p, "SHA-224")) + *pmd = EVP_sha224(); + else if (!strcmp(p, "SHA-256")) + *pmd = EVP_sha256(); + else if (!strcmp(p, "SHA-384")) + *pmd = EVP_sha384(); + else if (!strcmp(p, "SHA-512")) + *pmd = EVP_sha512(); + else + { + fprintf(stderr, "Unknown digest %s\n", p); + return NID_undef; + } + } + else if(pmd) + *pmd = EVP_sha1(); + if (!strcmp(cname, "B-163")) return NID_sect163r2; if (!strcmp(cname, "B-233")) @@ -65,7 +101,7 @@ static int lookup_curve(const char *curve_name) static int PKV(void) { - char buf[1024], lbuf[1024]; + char buf[2048], lbuf[2048]; char *keyword, *value; int curve_nid = NID_undef; BIGNUM *Qx = NULL, *Qy = NULL; @@ -75,7 +111,7 @@ static int PKV(void) fputs(buf, stdout); if (*buf == '[') { - curve_nid = lookup_curve(buf + 1); + curve_nid = lookup_curve(buf, NULL); if (curve_nid == NID_undef) return 0; @@ -109,7 +145,7 @@ static int PKV(void) static int SigVer(void) { - char buf[1024], lbuf[1024]; + char buf[2048], lbuf[2048]; char *keyword, *value; unsigned char *msg; int curve_nid = NID_undef; @@ -117,7 +153,7 @@ static int SigVer(void) BIGNUM *Qx = NULL, *Qy = NULL; EC_KEY *key = NULL; ECDSA_SIG sg, *sig = &sg; - const EVP_MD *digest = EVP_sha1(); + const EVP_MD *digest = NULL; EVP_MD_CTX mctx; EVP_MD_CTX_init(&mctx); sig->r = NULL; @@ -127,7 +163,7 @@ static int SigVer(void) fputs(buf, stdout); if (*buf == '[') { - curve_nid = lookup_curve(buf + 1); + curve_nid = lookup_curve(buf, &digest); if (curve_nid == NID_undef) return 0; } diff --git a/fips/fips_utl.h b/fips/fips_utl.h index 7ead612478..63541d996e 100644 --- a/fips/fips_utl.h +++ b/fips/fips_utl.h @@ -116,6 +116,15 @@ int hex2bin(const char *in, unsigned char *out) out[n2++]=ch; break; } + /* If input is odd length first digit is least significant: assumes + * all digits valid hex and null terminated which is true for the + * strings we pass. + */ + if (n1 == 1 && strlen(in) & 1) + { + out[n2++] = ch; + continue; + } out[n2] = ch << 4; /* second byte */ if ((in[n1] >= '0') && (in[n1] <= '9')) -- 2.34.1