crypto/internal/boring: tolerate empty ECDSA signatures

VerifyASN1 became directly reachable without encoding/decoding in CL 353849, so it's now possible for the signature to be empty. Change-Id: I37d6400945ab541120180bf73335e0ec93322947 Reviewed-on: https://go-review.googlesource.com/c/go/+/452635 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Bryan Mills <bcmills@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
2024-11-16 22:04:50 -07:00 · 2022-11-21 23:24:58 +01:00 · 2022-11-21 23:24:58 +01:00 · 6a72514076
commit 6a72514076
parent f41fdc1267
1 changed files with 2 additions and 3 deletions
--- a/src/crypto/internal/boring/ecdsa.go
+++ b/src/crypto/internal/boring/ecdsa.go
@ -11,7 +11,6 @@ import "C"
 import (
 	"errors"
 	"runtime"
-	"unsafe"
 )

 type ecdsaSignature struct {
@ -124,7 +123,7 @@ func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) {
 	size := C._goboringcrypto_ECDSA_size(priv.key)
 	sig := make([]byte, size)
 	var sigLen C.uint
-	if C._goboringcrypto_ECDSA_sign(0, base(hash), C.size_t(len(hash)), (*C.uint8_t)(unsafe.Pointer(&sig[0])), &sigLen, priv.key) == 0 {
+	if C._goboringcrypto_ECDSA_sign(0, base(hash), C.size_t(len(hash)), base(sig), &sigLen, priv.key) == 0 {
 		return nil, fail("ECDSA_sign")
 	}
 	runtime.KeepAlive(priv)
@ -132,7 +131,7 @@ func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) {
 }

 func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, sig []byte) bool {
-	ok := C._goboringcrypto_ECDSA_verify(0, base(hash), C.size_t(len(hash)), (*C.uint8_t)(unsafe.Pointer(&sig[0])), C.size_t(len(sig)), pub.key) != 0
+	ok := C._goboringcrypto_ECDSA_verify(0, base(hash), C.size_t(len(hash)), base(sig), C.size_t(len(sig)), pub.key) != 0
 	runtime.KeepAlive(pub)
 	return ok
 }