1/* 2 * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10/* 11 * ECDSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14#include "internal/deprecated.h" 15 16#include <string.h> 17#include "ec_local.h" 18#include <openssl/err.h> 19#include <openssl/asn1t.h> 20#include <openssl/objects.h> 21#include "internal/nelem.h" 22#include "crypto/asn1_dsa.h" 23 24#ifndef FIPS_MODULE 25 26/* some structures needed for the asn1 encoding */ 27typedef struct x9_62_pentanomial_st { 28 int32_t k1; 29 int32_t k2; 30 int32_t k3; 31} X9_62_PENTANOMIAL; 32 33typedef struct x9_62_characteristic_two_st { 34 int32_t m; 35 ASN1_OBJECT *type; 36 union { 37 char *ptr; 38 /* NID_X9_62_onBasis */ 39 ASN1_NULL *onBasis; 40 /* NID_X9_62_tpBasis */ 41 ASN1_INTEGER *tpBasis; 42 /* NID_X9_62_ppBasis */ 43 X9_62_PENTANOMIAL *ppBasis; 44 /* anything else */ 45 ASN1_TYPE *other; 46 } p; 47} X9_62_CHARACTERISTIC_TWO; 48 49typedef struct x9_62_fieldid_st { 50 ASN1_OBJECT *fieldType; 51 union { 52 char *ptr; 53 /* NID_X9_62_prime_field */ 54 ASN1_INTEGER *prime; 55 /* NID_X9_62_characteristic_two_field */ 56 X9_62_CHARACTERISTIC_TWO *char_two; 57 /* anything else */ 58 ASN1_TYPE *other; 59 } p; 60} X9_62_FIELDID; 61 62typedef struct x9_62_curve_st { 63 ASN1_OCTET_STRING *a; 64 ASN1_OCTET_STRING *b; 65 ASN1_BIT_STRING *seed; 66} X9_62_CURVE; 67 68struct ec_parameters_st { 69 int32_t version; 70 X9_62_FIELDID *fieldID; 71 X9_62_CURVE *curve; 72 ASN1_OCTET_STRING *base; 73 ASN1_INTEGER *order; 74 ASN1_INTEGER *cofactor; 75} /* ECPARAMETERS */ ; 76 77typedef enum { 78 ECPKPARAMETERS_TYPE_NAMED = 0, 79 ECPKPARAMETERS_TYPE_EXPLICIT, 80 ECPKPARAMETERS_TYPE_IMPLICIT 81} ecpk_parameters_type_t; 82 83struct ecpk_parameters_st { 84 int type; 85 union { 86 ASN1_OBJECT *named_curve; 87 ECPARAMETERS *parameters; 88 ASN1_NULL *implicitlyCA; 89 } value; 90} /* ECPKPARAMETERS */ ; 91 92/* SEC1 ECPrivateKey */ 93typedef struct ec_privatekey_st { 94 int32_t version; 95 ASN1_OCTET_STRING *privateKey; 96 ECPKPARAMETERS *parameters; 97 ASN1_BIT_STRING *publicKey; 98} EC_PRIVATEKEY; 99 100/* the OpenSSL ASN.1 definitions */ 101ASN1_SEQUENCE(X9_62_PENTANOMIAL) = { 102 ASN1_EMBED(X9_62_PENTANOMIAL, k1, INT32), 103 ASN1_EMBED(X9_62_PENTANOMIAL, k2, INT32), 104 ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32) 105} static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL) 106 107DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) 108IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) 109 110ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY); 111 112ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = { 113 ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)), 114 ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)), 115 ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL)) 116} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL); 117 118ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = { 119 ASN1_EMBED(X9_62_CHARACTERISTIC_TWO, m, INT32), 120 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), 121 ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) 122} static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) 123 124DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) 125IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) 126 127ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY); 128 129ASN1_ADB(X9_62_FIELDID) = { 130 ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)), 131 ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO)) 132} ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL); 133 134ASN1_SEQUENCE(X9_62_FIELDID) = { 135 ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), 136 ASN1_ADB_OBJECT(X9_62_FIELDID) 137} static_ASN1_SEQUENCE_END(X9_62_FIELDID) 138 139ASN1_SEQUENCE(X9_62_CURVE) = { 140 ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), 141 ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), 142 ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) 143} static_ASN1_SEQUENCE_END(X9_62_CURVE) 144 145ASN1_SEQUENCE(ECPARAMETERS) = { 146 ASN1_EMBED(ECPARAMETERS, version, INT32), 147 ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), 148 ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), 149 ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), 150 ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), 151 ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) 152} ASN1_SEQUENCE_END(ECPARAMETERS) 153 154DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) 155IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) 156 157ASN1_CHOICE(ECPKPARAMETERS) = { 158 ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), 159 ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS), 160 ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL) 161} ASN1_CHOICE_END(ECPKPARAMETERS) 162 163DECLARE_ASN1_FUNCTIONS(ECPKPARAMETERS) 164DECLARE_ASN1_ENCODE_FUNCTIONS_name(ECPKPARAMETERS, ECPKPARAMETERS) 165IMPLEMENT_ASN1_FUNCTIONS(ECPKPARAMETERS) 166 167ASN1_SEQUENCE(EC_PRIVATEKEY) = { 168 ASN1_EMBED(EC_PRIVATEKEY, version, INT32), 169 ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING), 170 ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0), 171 ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) 172} static_ASN1_SEQUENCE_END(EC_PRIVATEKEY) 173 174DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY) 175DECLARE_ASN1_ENCODE_FUNCTIONS_name(EC_PRIVATEKEY, EC_PRIVATEKEY) 176IMPLEMENT_ASN1_FUNCTIONS(EC_PRIVATEKEY) 177 178/* some declarations of internal function */ 179 180/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ 181static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); 182/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ 183static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); 184 185/* the function definitions */ 186 187static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) 188{ 189 int ok = 0, nid; 190 BIGNUM *tmp = NULL; 191 192 if (group == NULL || field == NULL) 193 return 0; 194 195 /* clear the old values (if necessary) */ 196 ASN1_OBJECT_free(field->fieldType); 197 ASN1_TYPE_free(field->p.other); 198 199 nid = EC_GROUP_get_field_type(group); 200 /* set OID for the field */ 201 if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { 202 ERR_raise(ERR_LIB_EC, ERR_R_OBJ_LIB); 203 goto err; 204 } 205 206 if (nid == NID_X9_62_prime_field) { 207 if ((tmp = BN_new()) == NULL) { 208 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 209 goto err; 210 } 211 /* the parameters are specified by the prime number p */ 212 if (!EC_GROUP_get_curve(group, tmp, NULL, NULL, NULL)) { 213 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 214 goto err; 215 } 216 /* set the prime number */ 217 field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL); 218 if (field->p.prime == NULL) { 219 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 220 goto err; 221 } 222 } else if (nid == NID_X9_62_characteristic_two_field) 223#ifdef OPENSSL_NO_EC2M 224 { 225 ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); 226 goto err; 227 } 228#else 229 { 230 int field_type; 231 X9_62_CHARACTERISTIC_TWO *char_two; 232 233 field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); 234 char_two = field->p.char_two; 235 236 if (char_two == NULL) { 237 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 238 goto err; 239 } 240 241 char_two->m = (long)EC_GROUP_get_degree(group); 242 243 field_type = EC_GROUP_get_basis_type(group); 244 245 if (field_type == 0) { 246 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 247 goto err; 248 } 249 /* set base type OID */ 250 if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) { 251 ERR_raise(ERR_LIB_EC, ERR_R_OBJ_LIB); 252 goto err; 253 } 254 255 if (field_type == NID_X9_62_tpBasis) { 256 unsigned int k; 257 258 if (!EC_GROUP_get_trinomial_basis(group, &k)) 259 goto err; 260 261 char_two->p.tpBasis = ASN1_INTEGER_new(); 262 if (char_two->p.tpBasis == NULL) { 263 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 264 goto err; 265 } 266 if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) { 267 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 268 goto err; 269 } 270 } else if (field_type == NID_X9_62_ppBasis) { 271 unsigned int k1, k2, k3; 272 273 if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) 274 goto err; 275 276 char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); 277 if (char_two->p.ppBasis == NULL) { 278 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 279 goto err; 280 } 281 282 /* set k? values */ 283 char_two->p.ppBasis->k1 = (long)k1; 284 char_two->p.ppBasis->k2 = (long)k2; 285 char_two->p.ppBasis->k3 = (long)k3; 286 } else { /* field_type == NID_X9_62_onBasis */ 287 288 /* for ONB the parameters are (asn1) NULL */ 289 char_two->p.onBasis = ASN1_NULL_new(); 290 if (char_two->p.onBasis == NULL) { 291 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 292 goto err; 293 } 294 } 295 } 296#endif 297 else { 298 ERR_raise(ERR_LIB_EC, EC_R_UNSUPPORTED_FIELD); 299 goto err; 300 } 301 302 ok = 1; 303 304 err: 305 BN_free(tmp); 306 return ok; 307} 308 309static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) 310{ 311 int ok = 0; 312 BIGNUM *tmp_1 = NULL, *tmp_2 = NULL; 313 unsigned char *a_buf = NULL, *b_buf = NULL; 314 size_t len; 315 316 if (!group || !curve || !curve->a || !curve->b) 317 return 0; 318 319 if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) { 320 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 321 goto err; 322 } 323 324 /* get a and b */ 325 if (!EC_GROUP_get_curve(group, NULL, tmp_1, tmp_2, NULL)) { 326 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 327 goto err; 328 } 329 330 /* 331 * Per SEC 1, the curve coefficients must be padded up to size. See C.2's 332 * definition of Curve, C.1's definition of FieldElement, and 2.3.5's 333 * definition of how to encode the field elements. 334 */ 335 len = ((size_t)EC_GROUP_get_degree(group) + 7) / 8; 336 if ((a_buf = OPENSSL_malloc(len)) == NULL 337 || (b_buf = OPENSSL_malloc(len)) == NULL) { 338 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 339 goto err; 340 } 341 if (BN_bn2binpad(tmp_1, a_buf, len) < 0 342 || BN_bn2binpad(tmp_2, b_buf, len) < 0) { 343 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 344 goto err; 345 } 346 347 /* set a and b */ 348 if (!ASN1_OCTET_STRING_set(curve->a, a_buf, len) 349 || !ASN1_OCTET_STRING_set(curve->b, b_buf, len)) { 350 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 351 goto err; 352 } 353 354 /* set the seed (optional) */ 355 if (group->seed) { 356 if (!curve->seed) 357 if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) { 358 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 359 goto err; 360 } 361 curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 362 curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT; 363 if (!ASN1_BIT_STRING_set(curve->seed, group->seed, 364 (int)group->seed_len)) { 365 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 366 goto err; 367 } 368 } else { 369 ASN1_BIT_STRING_free(curve->seed); 370 curve->seed = NULL; 371 } 372 373 ok = 1; 374 375 err: 376 OPENSSL_free(a_buf); 377 OPENSSL_free(b_buf); 378 BN_free(tmp_1); 379 BN_free(tmp_2); 380 return ok; 381} 382 383ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, 384 ECPARAMETERS *params) 385{ 386 size_t len = 0; 387 ECPARAMETERS *ret = NULL; 388 const BIGNUM *tmp; 389 unsigned char *buffer = NULL; 390 const EC_POINT *point = NULL; 391 point_conversion_form_t form; 392 ASN1_INTEGER *orig; 393 394 if (params == NULL) { 395 if ((ret = ECPARAMETERS_new()) == NULL) { 396 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 397 goto err; 398 } 399 } else 400 ret = params; 401 402 /* set the version (always one) */ 403 ret->version = (long)0x1; 404 405 /* set the fieldID */ 406 if (!ec_asn1_group2fieldid(group, ret->fieldID)) { 407 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 408 goto err; 409 } 410 411 /* set the curve */ 412 if (!ec_asn1_group2curve(group, ret->curve)) { 413 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 414 goto err; 415 } 416 417 /* set the base point */ 418 if ((point = EC_GROUP_get0_generator(group)) == NULL) { 419 ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR); 420 goto err; 421 } 422 423 form = EC_GROUP_get_point_conversion_form(group); 424 425 len = EC_POINT_point2buf(group, point, form, &buffer, NULL); 426 if (len == 0) { 427 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 428 goto err; 429 } 430 if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) { 431 OPENSSL_free(buffer); 432 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 433 goto err; 434 } 435 ASN1_STRING_set0(ret->base, buffer, len); 436 437 /* set the order */ 438 tmp = EC_GROUP_get0_order(group); 439 if (tmp == NULL) { 440 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 441 goto err; 442 } 443 ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order); 444 if (ret->order == NULL) { 445 ret->order = orig; 446 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 447 goto err; 448 } 449 450 /* set the cofactor (optional) */ 451 tmp = EC_GROUP_get0_cofactor(group); 452 if (tmp != NULL) { 453 ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor); 454 if (ret->cofactor == NULL) { 455 ret->cofactor = orig; 456 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 457 goto err; 458 } 459 } 460 461 return ret; 462 463 err: 464 if (params == NULL) 465 ECPARAMETERS_free(ret); 466 return NULL; 467} 468 469ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, 470 ECPKPARAMETERS *params) 471{ 472 int ok = 1, tmp; 473 ECPKPARAMETERS *ret = params; 474 475 if (ret == NULL) { 476 if ((ret = ECPKPARAMETERS_new()) == NULL) { 477 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 478 return NULL; 479 } 480 } else { 481 if (ret->type == ECPKPARAMETERS_TYPE_NAMED) 482 ASN1_OBJECT_free(ret->value.named_curve); 483 else if (ret->type == ECPKPARAMETERS_TYPE_EXPLICIT 484 && ret->value.parameters != NULL) 485 ECPARAMETERS_free(ret->value.parameters); 486 } 487 488 if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) { 489 /* 490 * use the asn1 OID to describe the elliptic curve parameters 491 */ 492 tmp = EC_GROUP_get_curve_name(group); 493 if (tmp) { 494 ASN1_OBJECT *asn1obj = OBJ_nid2obj(tmp); 495 496 if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { 497 ASN1_OBJECT_free(asn1obj); 498 ERR_raise(ERR_LIB_EC, EC_R_MISSING_OID); 499 ok = 0; 500 } else { 501 ret->type = ECPKPARAMETERS_TYPE_NAMED; 502 ret->value.named_curve = asn1obj; 503 } 504 } else 505 /* we don't know the nid => ERROR */ 506 ok = 0; 507 } else { 508 /* use the ECPARAMETERS structure */ 509 ret->type = ECPKPARAMETERS_TYPE_EXPLICIT; 510 if ((ret->value.parameters = 511 EC_GROUP_get_ecparameters(group, NULL)) == NULL) 512 ok = 0; 513 } 514 515 if (!ok) { 516 ECPKPARAMETERS_free(ret); 517 return NULL; 518 } 519 return ret; 520} 521 522EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) 523{ 524 int ok = 0, tmp; 525 EC_GROUP *ret = NULL, *dup = NULL; 526 BIGNUM *p = NULL, *a = NULL, *b = NULL; 527 EC_POINT *point = NULL; 528 long field_bits; 529 int curve_name = NID_undef; 530 BN_CTX *ctx = NULL; 531 532 if (params->fieldID == NULL 533 || params->fieldID->fieldType == NULL 534 || params->fieldID->p.ptr == NULL) { 535 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 536 goto err; 537 } 538 539 /* 540 * Now extract the curve parameters a and b. Note that, although SEC 1 541 * specifies the length of their encodings, historical versions of OpenSSL 542 * encoded them incorrectly, so we must accept any length for backwards 543 * compatibility. 544 */ 545 if (params->curve == NULL 546 || params->curve->a == NULL || params->curve->a->data == NULL 547 || params->curve->b == NULL || params->curve->b->data == NULL) { 548 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 549 goto err; 550 } 551 a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); 552 if (a == NULL) { 553 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 554 goto err; 555 } 556 b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); 557 if (b == NULL) { 558 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 559 goto err; 560 } 561 562 /* get the field parameters */ 563 tmp = OBJ_obj2nid(params->fieldID->fieldType); 564 if (tmp == NID_X9_62_characteristic_two_field) 565#ifdef OPENSSL_NO_EC2M 566 { 567 ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); 568 goto err; 569 } 570#else 571 { 572 X9_62_CHARACTERISTIC_TWO *char_two; 573 574 char_two = params->fieldID->p.char_two; 575 576 field_bits = char_two->m; 577 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 578 ERR_raise(ERR_LIB_EC, EC_R_FIELD_TOO_LARGE); 579 goto err; 580 } 581 582 if ((p = BN_new()) == NULL) { 583 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 584 goto err; 585 } 586 587 /* get the base type */ 588 tmp = OBJ_obj2nid(char_two->type); 589 590 if (tmp == NID_X9_62_tpBasis) { 591 long tmp_long; 592 593 if (!char_two->p.tpBasis) { 594 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 595 goto err; 596 } 597 598 tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); 599 600 if (!(char_two->m > tmp_long && tmp_long > 0)) { 601 ERR_raise(ERR_LIB_EC, EC_R_INVALID_TRINOMIAL_BASIS); 602 goto err; 603 } 604 605 /* create the polynomial */ 606 if (!BN_set_bit(p, (int)char_two->m)) 607 goto err; 608 if (!BN_set_bit(p, (int)tmp_long)) 609 goto err; 610 if (!BN_set_bit(p, 0)) 611 goto err; 612 } else if (tmp == NID_X9_62_ppBasis) { 613 X9_62_PENTANOMIAL *penta; 614 615 penta = char_two->p.ppBasis; 616 if (penta == NULL) { 617 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 618 goto err; 619 } 620 621 if (! 622 (char_two->m > penta->k3 && penta->k3 > penta->k2 623 && penta->k2 > penta->k1 && penta->k1 > 0)) { 624 ERR_raise(ERR_LIB_EC, EC_R_INVALID_PENTANOMIAL_BASIS); 625 goto err; 626 } 627 628 /* create the polynomial */ 629 if (!BN_set_bit(p, (int)char_two->m)) 630 goto err; 631 if (!BN_set_bit(p, (int)penta->k1)) 632 goto err; 633 if (!BN_set_bit(p, (int)penta->k2)) 634 goto err; 635 if (!BN_set_bit(p, (int)penta->k3)) 636 goto err; 637 if (!BN_set_bit(p, 0)) 638 goto err; 639 } else if (tmp == NID_X9_62_onBasis) { 640 ERR_raise(ERR_LIB_EC, EC_R_NOT_IMPLEMENTED); 641 goto err; 642 } else { /* error */ 643 644 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 645 goto err; 646 } 647 648 /* create the EC_GROUP structure */ 649 ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL); 650 } 651#endif 652 else if (tmp == NID_X9_62_prime_field) { 653 /* we have a curve over a prime field */ 654 /* extract the prime number */ 655 if (params->fieldID->p.prime == NULL) { 656 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 657 goto err; 658 } 659 p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); 660 if (p == NULL) { 661 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 662 goto err; 663 } 664 665 if (BN_is_negative(p) || BN_is_zero(p)) { 666 ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); 667 goto err; 668 } 669 670 field_bits = BN_num_bits(p); 671 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 672 ERR_raise(ERR_LIB_EC, EC_R_FIELD_TOO_LARGE); 673 goto err; 674 } 675 676 /* create the EC_GROUP structure */ 677 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); 678 } else { 679 ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); 680 goto err; 681 } 682 683 if (ret == NULL) { 684 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 685 goto err; 686 } 687 688 /* extract seed (optional) */ 689 if (params->curve->seed != NULL) { 690 /* 691 * This happens for instance with 692 * fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a 693 * and causes the OPENSSL_malloc below to choke on the 694 * zero length allocation request. 695 */ 696 if (params->curve->seed->length == 0) { 697 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 698 goto err; 699 } 700 OPENSSL_free(ret->seed); 701 if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) { 702 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 703 goto err; 704 } 705 memcpy(ret->seed, params->curve->seed->data, 706 params->curve->seed->length); 707 ret->seed_len = params->curve->seed->length; 708 } 709 710 if (params->order == NULL 711 || params->base == NULL 712 || params->base->data == NULL 713 || params->base->length == 0) { 714 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 715 goto err; 716 } 717 718 if ((point = EC_POINT_new(ret)) == NULL) 719 goto err; 720 721 /* set the point conversion form */ 722 EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) 723 (params->base->data[0] & ~0x01)); 724 725 /* extract the ec point */ 726 if (!EC_POINT_oct2point(ret, point, params->base->data, 727 params->base->length, NULL)) { 728 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 729 goto err; 730 } 731 732 /* extract the order */ 733 if (ASN1_INTEGER_to_BN(params->order, a) == NULL) { 734 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 735 goto err; 736 } 737 if (BN_is_negative(a) || BN_is_zero(a)) { 738 ERR_raise(ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER); 739 goto err; 740 } 741 if (BN_num_bits(a) > (int)field_bits + 1) { /* Hasse bound */ 742 ERR_raise(ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER); 743 goto err; 744 } 745 746 /* extract the cofactor (optional) */ 747 if (params->cofactor == NULL) { 748 BN_free(b); 749 b = NULL; 750 } else if (ASN1_INTEGER_to_BN(params->cofactor, b) == NULL) { 751 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 752 goto err; 753 } 754 /* set the generator, order and cofactor (if present) */ 755 if (!EC_GROUP_set_generator(ret, point, a, b)) { 756 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 757 goto err; 758 } 759 760 /* 761 * Check if the explicit parameters group just created matches one of the 762 * built-in curves. 763 * 764 * We create a copy of the group just built, so that we can remove optional 765 * fields for the lookup: we do this to avoid the possibility that one of 766 * the optional parameters is used to force the library into using a less 767 * performant and less secure EC_METHOD instead of the specialized one. 768 * In any case, `seed` is not really used in any computation, while a 769 * cofactor different from the one in the built-in table is just 770 * mathematically wrong anyway and should not be used. 771 */ 772 if ((ctx = BN_CTX_new()) == NULL) { 773 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 774 goto err; 775 } 776 if ((dup = EC_GROUP_dup(ret)) == NULL 777 || EC_GROUP_set_seed(dup, NULL, 0) != 1 778 || !EC_GROUP_set_generator(dup, point, a, NULL)) { 779 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 780 goto err; 781 } 782 if ((curve_name = ossl_ec_curve_nid_from_params(dup, ctx)) != NID_undef) { 783 /* 784 * The input explicit parameters successfully matched one of the 785 * built-in curves: often for built-in curves we have specialized 786 * methods with better performance and hardening. 787 * 788 * In this case we replace the `EC_GROUP` created through explicit 789 * parameters with one created from a named group. 790 */ 791 EC_GROUP *named_group = NULL; 792 793#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 794 /* 795 * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for 796 * the same curve, we prefer the SECP nid when matching explicit 797 * parameters as that is associated with a specialized EC_METHOD. 798 */ 799 if (curve_name == NID_wap_wsg_idm_ecid_wtls12) 800 curve_name = NID_secp224r1; 801#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ 802 803 if ((named_group = EC_GROUP_new_by_curve_name(curve_name)) == NULL) { 804 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 805 goto err; 806 } 807 EC_GROUP_free(ret); 808 ret = named_group; 809 810 /* 811 * Set the flag so that EC_GROUPs created from explicit parameters are 812 * serialized using explicit parameters by default. 813 */ 814 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); 815 816 /* 817 * If the input params do not contain the optional seed field we make 818 * sure it is not added to the returned group. 819 * 820 * The seed field is not really used inside libcrypto anyway, and 821 * adding it to parsed explicit parameter keys would alter their DER 822 * encoding output (because of the extra field) which could impact 823 * applications fingerprinting keys by their DER encoding. 824 */ 825 if (params->curve->seed == NULL) { 826 if (EC_GROUP_set_seed(ret, NULL, 0) != 1) 827 goto err; 828 } 829 } 830 831 ok = 1; 832 833 err: 834 if (!ok) { 835 EC_GROUP_free(ret); 836 ret = NULL; 837 } 838 EC_GROUP_free(dup); 839 840 BN_free(p); 841 BN_free(a); 842 BN_free(b); 843 EC_POINT_free(point); 844 845 BN_CTX_free(ctx); 846 847 return ret; 848} 849 850EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) 851{ 852 EC_GROUP *ret = NULL; 853 int tmp = 0; 854 855 if (params == NULL) { 856 ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS); 857 return NULL; 858 } 859 860 if (params->type == ECPKPARAMETERS_TYPE_NAMED) { 861 /* the curve is given by an OID */ 862 tmp = OBJ_obj2nid(params->value.named_curve); 863 if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { 864 ERR_raise(ERR_LIB_EC, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); 865 return NULL; 866 } 867 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); 868 } else if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) { 869 /* the parameters are given by an ECPARAMETERS structure */ 870 ret = EC_GROUP_new_from_ecparameters(params->value.parameters); 871 if (!ret) { 872 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 873 return NULL; 874 } 875 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); 876 } else if (params->type == ECPKPARAMETERS_TYPE_IMPLICIT) { 877 /* implicit parameters inherited from CA - unsupported */ 878 return NULL; 879 } else { 880 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 881 return NULL; 882 } 883 884 return ret; 885} 886 887/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */ 888 889EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) 890{ 891 EC_GROUP *group = NULL; 892 ECPKPARAMETERS *params = NULL; 893 const unsigned char *p = *in; 894 895 if ((params = d2i_ECPKPARAMETERS(NULL, &p, len)) == NULL) { 896 ECPKPARAMETERS_free(params); 897 return NULL; 898 } 899 900 if ((group = EC_GROUP_new_from_ecpkparameters(params)) == NULL) { 901 ECPKPARAMETERS_free(params); 902 return NULL; 903 } 904 905 if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) 906 group->decoded_from_explicit_params = 1; 907 908 if (a) { 909 EC_GROUP_free(*a); 910 *a = group; 911 } 912 913 ECPKPARAMETERS_free(params); 914 *in = p; 915 return group; 916} 917 918int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out) 919{ 920 int ret = 0; 921 ECPKPARAMETERS *tmp = EC_GROUP_get_ecpkparameters(a, NULL); 922 if (tmp == NULL) { 923 ERR_raise(ERR_LIB_EC, EC_R_GROUP2PKPARAMETERS_FAILURE); 924 return 0; 925 } 926 if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) { 927 ERR_raise(ERR_LIB_EC, EC_R_I2D_ECPKPARAMETERS_FAILURE); 928 ECPKPARAMETERS_free(tmp); 929 return 0; 930 } 931 ECPKPARAMETERS_free(tmp); 932 return ret; 933} 934 935/* some EC_KEY functions */ 936 937EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) 938{ 939 EC_KEY *ret = NULL; 940 EC_PRIVATEKEY *priv_key = NULL; 941 const unsigned char *p = *in; 942 943 if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) 944 return NULL; 945 946 if (a == NULL || *a == NULL) { 947 if ((ret = EC_KEY_new()) == NULL) { 948 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 949 goto err; 950 } 951 } else 952 ret = *a; 953 954 if (priv_key->parameters) { 955 EC_GROUP_free(ret->group); 956 ret->group = EC_GROUP_new_from_ecpkparameters(priv_key->parameters); 957 if (ret->group != NULL 958 && priv_key->parameters->type == ECPKPARAMETERS_TYPE_EXPLICIT) 959 ret->group->decoded_from_explicit_params = 1; 960 } 961 962 if (ret->group == NULL) { 963 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 964 goto err; 965 } 966 967 ret->version = priv_key->version; 968 969 if (priv_key->privateKey) { 970 ASN1_OCTET_STRING *pkey = priv_key->privateKey; 971 if (EC_KEY_oct2priv(ret, ASN1_STRING_get0_data(pkey), 972 ASN1_STRING_length(pkey)) == 0) 973 goto err; 974 } else { 975 ERR_raise(ERR_LIB_EC, EC_R_MISSING_PRIVATE_KEY); 976 goto err; 977 } 978 979 if (EC_GROUP_get_curve_name(ret->group) == NID_sm2) 980 EC_KEY_set_flags(ret, EC_FLAG_SM2_RANGE); 981 982 EC_POINT_clear_free(ret->pub_key); 983 ret->pub_key = EC_POINT_new(ret->group); 984 if (ret->pub_key == NULL) { 985 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 986 goto err; 987 } 988 989 if (priv_key->publicKey) { 990 const unsigned char *pub_oct; 991 int pub_oct_len; 992 993 pub_oct = ASN1_STRING_get0_data(priv_key->publicKey); 994 pub_oct_len = ASN1_STRING_length(priv_key->publicKey); 995 if (!EC_KEY_oct2key(ret, pub_oct, pub_oct_len, NULL)) { 996 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 997 goto err; 998 } 999 } else { 1000 if (ret->group->meth->keygenpub == NULL 1001 || ret->group->meth->keygenpub(ret) == 0) 1002 goto err; 1003 /* Remember the original private-key-only encoding. */ 1004 ret->enc_flag |= EC_PKEY_NO_PUBKEY; 1005 } 1006 1007 if (a) 1008 *a = ret; 1009 EC_PRIVATEKEY_free(priv_key); 1010 *in = p; 1011 ret->dirty_cnt++; 1012 return ret; 1013 1014 err: 1015 if (a == NULL || *a != ret) 1016 EC_KEY_free(ret); 1017 EC_PRIVATEKEY_free(priv_key); 1018 return NULL; 1019} 1020 1021int i2d_ECPrivateKey(const EC_KEY *a, unsigned char **out) 1022{ 1023 int ret = 0, ok = 0; 1024 unsigned char *priv= NULL, *pub= NULL; 1025 size_t privlen = 0, publen = 0; 1026 1027 EC_PRIVATEKEY *priv_key = NULL; 1028 1029 if (a == NULL || a->group == NULL || 1030 (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) { 1031 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 1032 goto err; 1033 } 1034 1035 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { 1036 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1037 goto err; 1038 } 1039 1040 priv_key->version = a->version; 1041 1042 privlen = EC_KEY_priv2buf(a, &priv); 1043 1044 if (privlen == 0) { 1045 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 1046 goto err; 1047 } 1048 1049 ASN1_STRING_set0(priv_key->privateKey, priv, privlen); 1050 priv = NULL; 1051 1052 if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) { 1053 if ((priv_key->parameters = 1054 EC_GROUP_get_ecpkparameters(a->group, 1055 priv_key->parameters)) == NULL) { 1056 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 1057 goto err; 1058 } 1059 } 1060 1061 if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) { 1062 priv_key->publicKey = ASN1_BIT_STRING_new(); 1063 if (priv_key->publicKey == NULL) { 1064 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1065 goto err; 1066 } 1067 1068 publen = EC_KEY_key2buf(a, a->conv_form, &pub, NULL); 1069 1070 if (publen == 0) { 1071 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 1072 goto err; 1073 } 1074 1075 priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 1076 priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT; 1077 ASN1_STRING_set0(priv_key->publicKey, pub, publen); 1078 pub = NULL; 1079 } 1080 1081 if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) { 1082 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 1083 goto err; 1084 } 1085 ok = 1; 1086 err: 1087 OPENSSL_clear_free(priv, privlen); 1088 OPENSSL_free(pub); 1089 EC_PRIVATEKEY_free(priv_key); 1090 return (ok ? ret : 0); 1091} 1092 1093int i2d_ECParameters(const EC_KEY *a, unsigned char **out) 1094{ 1095 if (a == NULL) { 1096 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 1097 return 0; 1098 } 1099 return i2d_ECPKParameters(a->group, out); 1100} 1101 1102EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) 1103{ 1104 EC_KEY *ret; 1105 1106 if (in == NULL || *in == NULL) { 1107 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 1108 return NULL; 1109 } 1110 1111 if (a == NULL || *a == NULL) { 1112 if ((ret = EC_KEY_new()) == NULL) { 1113 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1114 return NULL; 1115 } 1116 } else 1117 ret = *a; 1118 1119 if (!d2i_ECPKParameters(&ret->group, in, len)) { 1120 if (a == NULL || *a != ret) 1121 EC_KEY_free(ret); 1122 else 1123 ret->dirty_cnt++; 1124 return NULL; 1125 } 1126 1127 if (EC_GROUP_get_curve_name(ret->group) == NID_sm2) 1128 EC_KEY_set_flags(ret, EC_FLAG_SM2_RANGE); 1129 1130 ret->dirty_cnt++; 1131 1132 if (a) 1133 *a = ret; 1134 1135 return ret; 1136} 1137 1138EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len) 1139{ 1140 EC_KEY *ret = NULL; 1141 1142 if (a == NULL || (*a) == NULL || (*a)->group == NULL) { 1143 /* 1144 * sorry, but a EC_GROUP-structure is necessary to set the public key 1145 */ 1146 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 1147 return 0; 1148 } 1149 ret = *a; 1150 /* EC_KEY_opt2key updates dirty_cnt */ 1151 if (!EC_KEY_oct2key(ret, *in, len, NULL)) { 1152 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 1153 return 0; 1154 } 1155 *in += len; 1156 return ret; 1157} 1158 1159int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out) 1160{ 1161 size_t buf_len = 0; 1162 int new_buffer = 0; 1163 1164 if (a == NULL) { 1165 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 1166 return 0; 1167 } 1168 1169 buf_len = EC_POINT_point2oct(a->group, a->pub_key, 1170 a->conv_form, NULL, 0, NULL); 1171 1172 if (out == NULL || buf_len == 0) 1173 /* out == NULL => just return the length of the octet string */ 1174 return buf_len; 1175 1176 if (*out == NULL) { 1177 if ((*out = OPENSSL_malloc(buf_len)) == NULL) { 1178 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1179 return 0; 1180 } 1181 new_buffer = 1; 1182 } 1183 if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, 1184 *out, buf_len, NULL)) { 1185 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 1186 if (new_buffer) { 1187 OPENSSL_free(*out); 1188 *out = NULL; 1189 } 1190 return 0; 1191 } 1192 if (!new_buffer) 1193 *out += buf_len; 1194 return buf_len; 1195} 1196 1197DECLARE_ASN1_FUNCTIONS(ECDSA_SIG) 1198DECLARE_ASN1_ENCODE_FUNCTIONS_name(ECDSA_SIG, ECDSA_SIG) 1199 1200#endif /* FIPS_MODULE */ 1201 1202ECDSA_SIG *ECDSA_SIG_new(void) 1203{ 1204 ECDSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig)); 1205 if (sig == NULL) 1206 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1207 return sig; 1208} 1209 1210void ECDSA_SIG_free(ECDSA_SIG *sig) 1211{ 1212 if (sig == NULL) 1213 return; 1214 BN_clear_free(sig->r); 1215 BN_clear_free(sig->s); 1216 OPENSSL_free(sig); 1217} 1218 1219ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **psig, const unsigned char **ppin, long len) 1220{ 1221 ECDSA_SIG *sig; 1222 1223 if (len < 0) 1224 return NULL; 1225 if (psig != NULL && *psig != NULL) { 1226 sig = *psig; 1227 } else { 1228 sig = ECDSA_SIG_new(); 1229 if (sig == NULL) 1230 return NULL; 1231 } 1232 if (sig->r == NULL) 1233 sig->r = BN_new(); 1234 if (sig->s == NULL) 1235 sig->s = BN_new(); 1236 if (sig->r == NULL || sig->s == NULL 1237 || ossl_decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) { 1238 if (psig == NULL || *psig == NULL) 1239 ECDSA_SIG_free(sig); 1240 return NULL; 1241 } 1242 if (psig != NULL && *psig == NULL) 1243 *psig = sig; 1244 return sig; 1245} 1246 1247int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **ppout) 1248{ 1249 BUF_MEM *buf = NULL; 1250 size_t encoded_len; 1251 WPACKET pkt; 1252 1253 if (ppout == NULL) { 1254 if (!WPACKET_init_null(&pkt, 0)) 1255 return -1; 1256 } else if (*ppout == NULL) { 1257 if ((buf = BUF_MEM_new()) == NULL 1258 || !WPACKET_init_len(&pkt, buf, 0)) { 1259 BUF_MEM_free(buf); 1260 return -1; 1261 } 1262 } else { 1263 if (!WPACKET_init_static_len(&pkt, *ppout, SIZE_MAX, 0)) 1264 return -1; 1265 } 1266 1267 if (!ossl_encode_der_dsa_sig(&pkt, sig->r, sig->s) 1268 || !WPACKET_get_total_written(&pkt, &encoded_len) 1269 || !WPACKET_finish(&pkt)) { 1270 BUF_MEM_free(buf); 1271 WPACKET_cleanup(&pkt); 1272 return -1; 1273 } 1274 1275 if (ppout != NULL) { 1276 if (*ppout == NULL) { 1277 *ppout = (unsigned char *)buf->data; 1278 buf->data = NULL; 1279 BUF_MEM_free(buf); 1280 } else { 1281 *ppout += encoded_len; 1282 } 1283 } 1284 1285 return (int)encoded_len; 1286} 1287 1288void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) 1289{ 1290 if (pr != NULL) 1291 *pr = sig->r; 1292 if (ps != NULL) 1293 *ps = sig->s; 1294} 1295 1296const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig) 1297{ 1298 return sig->r; 1299} 1300 1301const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig) 1302{ 1303 return sig->s; 1304} 1305 1306int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) 1307{ 1308 if (r == NULL || s == NULL) 1309 return 0; 1310 BN_clear_free(sig->r); 1311 BN_clear_free(sig->s); 1312 sig->r = r; 1313 sig->s = s; 1314 return 1; 1315} 1316 1317int ECDSA_size(const EC_KEY *ec) 1318{ 1319 int ret; 1320 ECDSA_SIG sig; 1321 const EC_GROUP *group; 1322 const BIGNUM *bn; 1323 1324 if (ec == NULL) 1325 return 0; 1326 group = EC_KEY_get0_group(ec); 1327 if (group == NULL) 1328 return 0; 1329 1330 bn = EC_GROUP_get0_order(group); 1331 if (bn == NULL) 1332 return 0; 1333 1334 sig.r = sig.s = (BIGNUM *)bn; 1335 ret = i2d_ECDSA_SIG(&sig, NULL); 1336 1337 if (ret < 0) 1338 ret = 0; 1339 return ret; 1340} 1341