From: Filippo Valsorda Date: Mon, 21 Nov 2022 22:24:58 +0000 (+0100) Subject: crypto/internal/boring: tolerate empty ECDSA signatures X-Git-Tag: go1.20rc1~115 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=6a72514076f6e2be54af267959e3098693e02980;p=gostls13.git crypto/internal/boring: tolerate empty ECDSA signatures VerifyASN1 became directly reachable without encoding/decoding in CL 353849, so it's now possible for the signature to be empty. Change-Id: I37d6400945ab541120180bf73335e0ec93322947 Reviewed-on: https://go-review.googlesource.com/c/go/+/452635 Reviewed-by: Roland Shoemaker Reviewed-by: Bryan Mills Auto-Submit: Filippo Valsorda Run-TryBot: Filippo Valsorda TryBot-Result: Gopher Robot --- diff --git a/src/crypto/internal/boring/ecdsa.go b/src/crypto/internal/boring/ecdsa.go index 284e7e9b69..e15f3682c7 100644 --- a/src/crypto/internal/boring/ecdsa.go +++ b/src/crypto/internal/boring/ecdsa.go @@ -11,7 +11,6 @@ import "C" import ( "errors" "runtime" - "unsafe" ) type ecdsaSignature struct { @@ -124,7 +123,7 @@ func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) { size := C._goboringcrypto_ECDSA_size(priv.key) sig := make([]byte, size) var sigLen C.uint - if C._goboringcrypto_ECDSA_sign(0, base(hash), C.size_t(len(hash)), (*C.uint8_t)(unsafe.Pointer(&sig[0])), &sigLen, priv.key) == 0 { + if C._goboringcrypto_ECDSA_sign(0, base(hash), C.size_t(len(hash)), base(sig), &sigLen, priv.key) == 0 { return nil, fail("ECDSA_sign") } runtime.KeepAlive(priv) @@ -132,7 +131,7 @@ func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) { } func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, sig []byte) bool { - ok := C._goboringcrypto_ECDSA_verify(0, base(hash), C.size_t(len(hash)), (*C.uint8_t)(unsafe.Pointer(&sig[0])), C.size_t(len(sig)), pub.key) != 0 + ok := C._goboringcrypto_ECDSA_verify(0, base(hash), C.size_t(len(hash)), base(sig), C.size_t(len(sig)), pub.key) != 0 runtime.KeepAlive(pub) return ok }