* deviations to DER with regards to minimality of encoding of
* lengths and integer values. These deviations are still
* unambiguous.
+ *
+ * Signature format is a SEQUENCE of two INTEGER values. We
+ * support only integers of less than 127 bytes each (signed
+ * encoding) so the resulting raw signature will have length
+ * at most 254 bytes.
*/
unsigned char *buf, *r, *s;
if (sig_len < 8) {
return 0;
}
+
+ /*
+ * First byte is SEQUENCE tag.
+ */
if (buf[0] != 0x30) {
return 0;
}
+
+ /*
+ * The SEQUENCE length will be encoded over one or two bytes. We
+ * limit the total SEQUENCE contents to 255 bytes, because it
+ * makes things simpler; this is enough for subgroup orders up
+ * to 999 bits.
+ */
zlen = buf[1];
if (zlen > 0x80) {
if (zlen != 0x81) {
}
off = 2;
}
+
+ /*
+ * First INTEGER (r).
+ */
if (buf[off ++] != 0x02) {
return 0;
}
}
r = buf + off;
off += rlen;
+
+ /*
+ * Second INTEGER (s).
+ */
if (off + 2 > sig_len) {
return 0;
}
}
s = buf + off;
+ /*
+ * Removing leading zeros from r and s.
+ */
while (rlen > 0 && *r == 0) {
rlen --;
r ++;
s ++;
}
+ /*
+ * Compute common length for the two integers, then copy integers
+ * into the temporary buffer, and finally copy it back over the
+ * signature buffer.
+ */
zlen = rlen > slen ? rlen : slen;
sig_len = zlen << 1;
memset(tmp, 0, sig_len);
projects / BearSSL / blobdiff