]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/ec/ec_asn1.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright year
[thirdparty/openssl.git] / crypto / ec / ec_asn1.c
1 /*
2 * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * ECDSA low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <string.h>
17 #include "ec_local.h"
18 #include <openssl/err.h>
19 #include <openssl/asn1t.h>
20 #include <openssl/objects.h>
21 #include "internal/nelem.h"
22 #include "crypto/asn1_dsa.h"
23
24 #ifndef FIPS_MODE
25
26 int EC_GROUP_get_basis_type(const EC_GROUP *group)
27 {
28 int i;
29
30 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
31 NID_X9_62_characteristic_two_field)
32 /* everything else is currently not supported */
33 return 0;
34
35 /* Find the last non-zero element of group->poly[] */
36 for (i = 0;
37 i < (int)OSSL_NELEM(group->poly) && group->poly[i] != 0;
38 i++)
39 continue;
40
41 if (i == 4)
42 return NID_X9_62_ppBasis;
43 else if (i == 2)
44 return NID_X9_62_tpBasis;
45 else
46 /* everything else is currently not supported */
47 return 0;
48 }
49
50 #ifndef OPENSSL_NO_EC2M
51 int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
52 {
53 if (group == NULL)
54 return 0;
55
56 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
57 NID_X9_62_characteristic_two_field
58 || !((group->poly[0] != 0) && (group->poly[1] != 0)
59 && (group->poly[2] == 0))) {
60 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS,
61 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
62 return 0;
63 }
64
65 if (k)
66 *k = group->poly[1];
67
68 return 1;
69 }
70
71 int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
72 unsigned int *k2, unsigned int *k3)
73 {
74 if (group == NULL)
75 return 0;
76
77 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
78 NID_X9_62_characteristic_two_field
79 || !((group->poly[0] != 0) && (group->poly[1] != 0)
80 && (group->poly[2] != 0) && (group->poly[3] != 0)
81 && (group->poly[4] == 0))) {
82 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS,
83 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
84 return 0;
85 }
86
87 if (k1)
88 *k1 = group->poly[3];
89 if (k2)
90 *k2 = group->poly[2];
91 if (k3)
92 *k3 = group->poly[1];
93
94 return 1;
95 }
96 #endif
97
98 /* some structures needed for the asn1 encoding */
99 typedef struct x9_62_pentanomial_st {
100 int32_t k1;
101 int32_t k2;
102 int32_t k3;
103 } X9_62_PENTANOMIAL;
104
105 typedef struct x9_62_characteristic_two_st {
106 int32_t m;
107 ASN1_OBJECT *type;
108 union {
109 char *ptr;
110 /* NID_X9_62_onBasis */
111 ASN1_NULL *onBasis;
112 /* NID_X9_62_tpBasis */
113 ASN1_INTEGER *tpBasis;
114 /* NID_X9_62_ppBasis */
115 X9_62_PENTANOMIAL *ppBasis;
116 /* anything else */
117 ASN1_TYPE *other;
118 } p;
119 } X9_62_CHARACTERISTIC_TWO;
120
121 typedef struct x9_62_fieldid_st {
122 ASN1_OBJECT *fieldType;
123 union {
124 char *ptr;
125 /* NID_X9_62_prime_field */
126 ASN1_INTEGER *prime;
127 /* NID_X9_62_characteristic_two_field */
128 X9_62_CHARACTERISTIC_TWO *char_two;
129 /* anything else */
130 ASN1_TYPE *other;
131 } p;
132 } X9_62_FIELDID;
133
134 typedef struct x9_62_curve_st {
135 ASN1_OCTET_STRING *a;
136 ASN1_OCTET_STRING *b;
137 ASN1_BIT_STRING *seed;
138 } X9_62_CURVE;
139
140 struct ec_parameters_st {
141 int32_t version;
142 X9_62_FIELDID *fieldID;
143 X9_62_CURVE *curve;
144 ASN1_OCTET_STRING *base;
145 ASN1_INTEGER *order;
146 ASN1_INTEGER *cofactor;
147 } /* ECPARAMETERS */ ;
148
149 struct ecpk_parameters_st {
150 int type;
151 union {
152 ASN1_OBJECT *named_curve;
153 ECPARAMETERS *parameters;
154 ASN1_NULL *implicitlyCA;
155 } value;
156 } /* ECPKPARAMETERS */ ;
157
158 /* SEC1 ECPrivateKey */
159 typedef struct ec_privatekey_st {
160 int32_t version;
161 ASN1_OCTET_STRING *privateKey;
162 ECPKPARAMETERS *parameters;
163 ASN1_BIT_STRING *publicKey;
164 } EC_PRIVATEKEY;
165
166 /* the OpenSSL ASN.1 definitions */
167 ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
168 ASN1_EMBED(X9_62_PENTANOMIAL, k1, INT32),
169 ASN1_EMBED(X9_62_PENTANOMIAL, k2, INT32),
170 ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32)
171 } static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
172
173 DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
174 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
175
176 ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);
177
178 ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = {
179 ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)),
180 ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)),
181 ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL))
182 } ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL);
183
184 ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
185 ASN1_EMBED(X9_62_CHARACTERISTIC_TWO, m, INT32),
186 ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT),
187 ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
188 } static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
189
190 DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
191 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
192
193 ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
194
195 ASN1_ADB(X9_62_FIELDID) = {
196 ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)),
197 ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO))
198 } ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL);
199
200 ASN1_SEQUENCE(X9_62_FIELDID) = {
201 ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
202 ASN1_ADB_OBJECT(X9_62_FIELDID)
203 } static_ASN1_SEQUENCE_END(X9_62_FIELDID)
204
205 ASN1_SEQUENCE(X9_62_CURVE) = {
206 ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
207 ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
208 ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
209 } static_ASN1_SEQUENCE_END(X9_62_CURVE)
210
211 ASN1_SEQUENCE(ECPARAMETERS) = {
212 ASN1_EMBED(ECPARAMETERS, version, INT32),
213 ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
214 ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
215 ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
216 ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER),
217 ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER)
218 } ASN1_SEQUENCE_END(ECPARAMETERS)
219
220 DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
221 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
222
223 ASN1_CHOICE(ECPKPARAMETERS) = {
224 ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT),
225 ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS),
226 ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL)
227 } ASN1_CHOICE_END(ECPKPARAMETERS)
228
229 DECLARE_ASN1_FUNCTIONS(ECPKPARAMETERS)
230 DECLARE_ASN1_ENCODE_FUNCTIONS_name(ECPKPARAMETERS, ECPKPARAMETERS)
231 IMPLEMENT_ASN1_FUNCTIONS(ECPKPARAMETERS)
232
233 ASN1_SEQUENCE(EC_PRIVATEKEY) = {
234 ASN1_EMBED(EC_PRIVATEKEY, version, INT32),
235 ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
236 ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
237 ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
238 } static_ASN1_SEQUENCE_END(EC_PRIVATEKEY)
239
240 DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY)
241 DECLARE_ASN1_ENCODE_FUNCTIONS_name(EC_PRIVATEKEY, EC_PRIVATEKEY)
242 IMPLEMENT_ASN1_FUNCTIONS(EC_PRIVATEKEY)
243
244 /* some declarations of internal function */
245
246 /* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */
247 static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *);
248 /* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */
249 static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
250
251 /* the function definitions */
252
253 static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
254 {
255 int ok = 0, nid;
256 BIGNUM *tmp = NULL;
257
258 if (group == NULL || field == NULL)
259 return 0;
260
261 /* clear the old values (if necessary) */
262 ASN1_OBJECT_free(field->fieldType);
263 ASN1_TYPE_free(field->p.other);
264
265 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
266 /* set OID for the field */
267 if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) {
268 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
269 goto err;
270 }
271
272 if (nid == NID_X9_62_prime_field) {
273 if ((tmp = BN_new()) == NULL) {
274 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
275 goto err;
276 }
277 /* the parameters are specified by the prime number p */
278 if (!EC_GROUP_get_curve(group, tmp, NULL, NULL, NULL)) {
279 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
280 goto err;
281 }
282 /* set the prime number */
283 field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL);
284 if (field->p.prime == NULL) {
285 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
286 goto err;
287 }
288 } else if (nid == NID_X9_62_characteristic_two_field)
289 #ifdef OPENSSL_NO_EC2M
290 {
291 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED);
292 goto err;
293 }
294 #else
295 {
296 int field_type;
297 X9_62_CHARACTERISTIC_TWO *char_two;
298
299 field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
300 char_two = field->p.char_two;
301
302 if (char_two == NULL) {
303 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
304 goto err;
305 }
306
307 char_two->m = (long)EC_GROUP_get_degree(group);
308
309 field_type = EC_GROUP_get_basis_type(group);
310
311 if (field_type == 0) {
312 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
313 goto err;
314 }
315 /* set base type OID */
316 if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) {
317 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
318 goto err;
319 }
320
321 if (field_type == NID_X9_62_tpBasis) {
322 unsigned int k;
323
324 if (!EC_GROUP_get_trinomial_basis(group, &k))
325 goto err;
326
327 char_two->p.tpBasis = ASN1_INTEGER_new();
328 if (char_two->p.tpBasis == NULL) {
329 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
330 goto err;
331 }
332 if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) {
333 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
334 goto err;
335 }
336 } else if (field_type == NID_X9_62_ppBasis) {
337 unsigned int k1, k2, k3;
338
339 if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
340 goto err;
341
342 char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
343 if (char_two->p.ppBasis == NULL) {
344 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
345 goto err;
346 }
347
348 /* set k? values */
349 char_two->p.ppBasis->k1 = (long)k1;
350 char_two->p.ppBasis->k2 = (long)k2;
351 char_two->p.ppBasis->k3 = (long)k3;
352 } else { /* field_type == NID_X9_62_onBasis */
353
354 /* for ONB the parameters are (asn1) NULL */
355 char_two->p.onBasis = ASN1_NULL_new();
356 if (char_two->p.onBasis == NULL) {
357 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
358 goto err;
359 }
360 }
361 }
362 #endif
363 else {
364 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_UNSUPPORTED_FIELD);
365 goto err;
366 }
367
368 ok = 1;
369
370 err:
371 BN_free(tmp);
372 return ok;
373 }
374
375 static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
376 {
377 int ok = 0;
378 BIGNUM *tmp_1 = NULL, *tmp_2 = NULL;
379 unsigned char *a_buf = NULL, *b_buf = NULL;
380 size_t len;
381
382 if (!group || !curve || !curve->a || !curve->b)
383 return 0;
384
385 if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) {
386 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
387 goto err;
388 }
389
390 /* get a and b */
391 if (!EC_GROUP_get_curve(group, NULL, tmp_1, tmp_2, NULL)) {
392 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
393 goto err;
394 }
395
396 /*
397 * Per SEC 1, the curve coefficients must be padded up to size. See C.2's
398 * definition of Curve, C.1's definition of FieldElement, and 2.3.5's
399 * definition of how to encode the field elements.
400 */
401 len = ((size_t)EC_GROUP_get_degree(group) + 7) / 8;
402 if ((a_buf = OPENSSL_malloc(len)) == NULL
403 || (b_buf = OPENSSL_malloc(len)) == NULL) {
404 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
405 goto err;
406 }
407 if (BN_bn2binpad(tmp_1, a_buf, len) < 0
408 || BN_bn2binpad(tmp_2, b_buf, len) < 0) {
409 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
410 goto err;
411 }
412
413 /* set a and b */
414 if (!ASN1_OCTET_STRING_set(curve->a, a_buf, len)
415 || !ASN1_OCTET_STRING_set(curve->b, b_buf, len)) {
416 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
417 goto err;
418 }
419
420 /* set the seed (optional) */
421 if (group->seed) {
422 if (!curve->seed)
423 if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) {
424 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
425 goto err;
426 }
427 curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
428 curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
429 if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
430 (int)group->seed_len)) {
431 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
432 goto err;
433 }
434 } else {
435 ASN1_BIT_STRING_free(curve->seed);
436 curve->seed = NULL;
437 }
438
439 ok = 1;
440
441 err:
442 OPENSSL_free(a_buf);
443 OPENSSL_free(b_buf);
444 BN_free(tmp_1);
445 BN_free(tmp_2);
446 return ok;
447 }
448
449 ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
450 ECPARAMETERS *params)
451 {
452 size_t len = 0;
453 ECPARAMETERS *ret = NULL;
454 const BIGNUM *tmp;
455 unsigned char *buffer = NULL;
456 const EC_POINT *point = NULL;
457 point_conversion_form_t form;
458 ASN1_INTEGER *orig;
459
460 if (params == NULL) {
461 if ((ret = ECPARAMETERS_new()) == NULL) {
462 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
463 goto err;
464 }
465 } else
466 ret = params;
467
468 /* set the version (always one) */
469 ret->version = (long)0x1;
470
471 /* set the fieldID */
472 if (!ec_asn1_group2fieldid(group, ret->fieldID)) {
473 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
474 goto err;
475 }
476
477 /* set the curve */
478 if (!ec_asn1_group2curve(group, ret->curve)) {
479 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
480 goto err;
481 }
482
483 /* set the base point */
484 if ((point = EC_GROUP_get0_generator(group)) == NULL) {
485 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, EC_R_UNDEFINED_GENERATOR);
486 goto err;
487 }
488
489 form = EC_GROUP_get_point_conversion_form(group);
490
491 len = EC_POINT_point2buf(group, point, form, &buffer, NULL);
492 if (len == 0) {
493 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
494 goto err;
495 }
496 if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) {
497 OPENSSL_free(buffer);
498 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
499 goto err;
500 }
501 ASN1_STRING_set0(ret->base, buffer, len);
502
503 /* set the order */
504 tmp = EC_GROUP_get0_order(group);
505 if (tmp == NULL) {
506 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
507 goto err;
508 }
509 ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order);
510 if (ret->order == NULL) {
511 ret->order = orig;
512 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
513 goto err;
514 }
515
516 /* set the cofactor (optional) */
517 tmp = EC_GROUP_get0_cofactor(group);
518 if (tmp != NULL) {
519 ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor);
520 if (ret->cofactor == NULL) {
521 ret->cofactor = orig;
522 ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
523 goto err;
524 }
525 }
526
527 return ret;
528
529 err:
530 if (params == NULL)
531 ECPARAMETERS_free(ret);
532 return NULL;
533 }
534
535 ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
536 ECPKPARAMETERS *params)
537 {
538 int ok = 1, tmp;
539 ECPKPARAMETERS *ret = params;
540
541 if (ret == NULL) {
542 if ((ret = ECPKPARAMETERS_new()) == NULL) {
543 ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, ERR_R_MALLOC_FAILURE);
544 return NULL;
545 }
546 } else {
547 if (ret->type == 0)
548 ASN1_OBJECT_free(ret->value.named_curve);
549 else if (ret->type == 1 && ret->value.parameters)
550 ECPARAMETERS_free(ret->value.parameters);
551 }
552
553 if (EC_GROUP_get_asn1_flag(group)) {
554 /*
555 * use the asn1 OID to describe the elliptic curve parameters
556 */
557 tmp = EC_GROUP_get_curve_name(group);
558 if (tmp) {
559 ret->type = 0;
560 if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
561 ok = 0;
562 } else
563 /* we don't know the nid => ERROR */
564 ok = 0;
565 } else {
566 /* use the ECPARAMETERS structure */
567 ret->type = 1;
568 if ((ret->value.parameters =
569 EC_GROUP_get_ecparameters(group, NULL)) == NULL)
570 ok = 0;
571 }
572
573 if (!ok) {
574 ECPKPARAMETERS_free(ret);
575 return NULL;
576 }
577 return ret;
578 }
579
580 EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
581 {
582 int ok = 0, tmp;
583 EC_GROUP *ret = NULL, *dup = NULL;
584 BIGNUM *p = NULL, *a = NULL, *b = NULL;
585 EC_POINT *point = NULL;
586 long field_bits;
587 int curve_name = NID_undef;
588 BN_CTX *ctx = NULL;
589
590 if (params->fieldID == NULL
591 || params->fieldID->fieldType == NULL
592 || params->fieldID->p.ptr == NULL) {
593 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
594 goto err;
595 }
596
597 /*
598 * Now extract the curve parameters a and b. Note that, although SEC 1
599 * specifies the length of their encodings, historical versions of OpenSSL
600 * encoded them incorrectly, so we must accept any length for backwards
601 * compatibility.
602 */
603 if (params->curve == NULL
604 || params->curve->a == NULL || params->curve->a->data == NULL
605 || params->curve->b == NULL || params->curve->b->data == NULL) {
606 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
607 goto err;
608 }
609 a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
610 if (a == NULL) {
611 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);
612 goto err;
613 }
614 b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
615 if (b == NULL) {
616 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);
617 goto err;
618 }
619
620 /* get the field parameters */
621 tmp = OBJ_obj2nid(params->fieldID->fieldType);
622 if (tmp == NID_X9_62_characteristic_two_field)
623 #ifdef OPENSSL_NO_EC2M
624 {
625 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_GF2M_NOT_SUPPORTED);
626 goto err;
627 }
628 #else
629 {
630 X9_62_CHARACTERISTIC_TWO *char_two;
631
632 char_two = params->fieldID->p.char_two;
633
634 field_bits = char_two->m;
635 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
636 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_FIELD_TOO_LARGE);
637 goto err;
638 }
639
640 if ((p = BN_new()) == NULL) {
641 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
642 goto err;
643 }
644
645 /* get the base type */
646 tmp = OBJ_obj2nid(char_two->type);
647
648 if (tmp == NID_X9_62_tpBasis) {
649 long tmp_long;
650
651 if (!char_two->p.tpBasis) {
652 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
653 goto err;
654 }
655
656 tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
657
658 if (!(char_two->m > tmp_long && tmp_long > 0)) {
659 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS,
660 EC_R_INVALID_TRINOMIAL_BASIS);
661 goto err;
662 }
663
664 /* create the polynomial */
665 if (!BN_set_bit(p, (int)char_two->m))
666 goto err;
667 if (!BN_set_bit(p, (int)tmp_long))
668 goto err;
669 if (!BN_set_bit(p, 0))
670 goto err;
671 } else if (tmp == NID_X9_62_ppBasis) {
672 X9_62_PENTANOMIAL *penta;
673
674 penta = char_two->p.ppBasis;
675 if (penta == NULL) {
676 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
677 goto err;
678 }
679
680 if (!
681 (char_two->m > penta->k3 && penta->k3 > penta->k2
682 && penta->k2 > penta->k1 && penta->k1 > 0)) {
683 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS,
684 EC_R_INVALID_PENTANOMIAL_BASIS);
685 goto err;
686 }
687
688 /* create the polynomial */
689 if (!BN_set_bit(p, (int)char_two->m))
690 goto err;
691 if (!BN_set_bit(p, (int)penta->k1))
692 goto err;
693 if (!BN_set_bit(p, (int)penta->k2))
694 goto err;
695 if (!BN_set_bit(p, (int)penta->k3))
696 goto err;
697 if (!BN_set_bit(p, 0))
698 goto err;
699 } else if (tmp == NID_X9_62_onBasis) {
700 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_NOT_IMPLEMENTED);
701 goto err;
702 } else { /* error */
703
704 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
705 goto err;
706 }
707
708 /* create the EC_GROUP structure */
709 ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
710 }
711 #endif
712 else if (tmp == NID_X9_62_prime_field) {
713 /* we have a curve over a prime field */
714 /* extract the prime number */
715 if (params->fieldID->p.prime == NULL) {
716 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
717 goto err;
718 }
719 p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
720 if (p == NULL) {
721 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
722 goto err;
723 }
724
725 if (BN_is_negative(p) || BN_is_zero(p)) {
726 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_FIELD);
727 goto err;
728 }
729
730 field_bits = BN_num_bits(p);
731 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
732 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_FIELD_TOO_LARGE);
733 goto err;
734 }
735
736 /* create the EC_GROUP structure */
737 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
738 } else {
739 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_FIELD);
740 goto err;
741 }
742
743 if (ret == NULL) {
744 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
745 goto err;
746 }
747
748 /* extract seed (optional) */
749 if (params->curve->seed != NULL) {
750 OPENSSL_free(ret->seed);
751 if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) {
752 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
753 goto err;
754 }
755 memcpy(ret->seed, params->curve->seed->data,
756 params->curve->seed->length);
757 ret->seed_len = params->curve->seed->length;
758 }
759
760 if (params->order == NULL
761 || params->base == NULL
762 || params->base->data == NULL) {
763 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
764 goto err;
765 }
766
767 if ((point = EC_POINT_new(ret)) == NULL)
768 goto err;
769
770 /* set the point conversion form */
771 EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
772 (params->base->data[0] & ~0x01));
773
774 /* extract the ec point */
775 if (!EC_POINT_oct2point(ret, point, params->base->data,
776 params->base->length, NULL)) {
777 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
778 goto err;
779 }
780
781 /* extract the order */
782 if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
783 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
784 goto err;
785 }
786 if (BN_is_negative(a) || BN_is_zero(a)) {
787 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_GROUP_ORDER);
788 goto err;
789 }
790 if (BN_num_bits(a) > (int)field_bits + 1) { /* Hasse bound */
791 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_GROUP_ORDER);
792 goto err;
793 }
794
795 /* extract the cofactor (optional) */
796 if (params->cofactor == NULL) {
797 BN_free(b);
798 b = NULL;
799 } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
800 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
801 goto err;
802 }
803 /* set the generator, order and cofactor (if present) */
804 if (!EC_GROUP_set_generator(ret, point, a, b)) {
805 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
806 goto err;
807 }
808
809 /*
810 * Check if the explicit parameters group just created matches one of the
811 * built-in curves.
812 *
813 * We create a copy of the group just built, so that we can remove optional
814 * fields for the lookup: we do this to avoid the possibility that one of
815 * the optional parameters is used to force the library into using a less
816 * performant and less secure EC_METHOD instead of the specialized one.
817 * In any case, `seed` is not really used in any computation, while a
818 * cofactor different from the one in the built-in table is just
819 * mathematically wrong anyway and should not be used.
820 */
821 if ((ctx = BN_CTX_new()) == NULL) {
822 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);
823 goto err;
824 }
825 if ((dup = EC_GROUP_dup(ret)) == NULL
826 || EC_GROUP_set_seed(dup, NULL, 0) != 1
827 || !EC_GROUP_set_generator(dup, point, a, NULL)) {
828 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
829 goto err;
830 }
831 if ((curve_name = ec_curve_nid_from_params(dup, ctx)) != NID_undef) {
832 /*
833 * The input explicit parameters successfully matched one of the
834 * built-in curves: often for built-in curves we have specialized
835 * methods with better performance and hardening.
836 *
837 * In this case we replace the `EC_GROUP` created through explicit
838 * parameters with one created from a named group.
839 */
840 EC_GROUP *named_group = NULL;
841
842 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
843 /*
844 * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for
845 * the same curve, we prefer the SECP nid when matching explicit
846 * parameters as that is associated with a specialized EC_METHOD.
847 */
848 if (curve_name == NID_wap_wsg_idm_ecid_wtls12)
849 curve_name = NID_secp224r1;
850 #endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
851
852 if ((named_group = EC_GROUP_new_by_curve_name(curve_name)) == NULL) {
853 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
854 goto err;
855 }
856 EC_GROUP_free(ret);
857 ret = named_group;
858
859 /*
860 * Set the flag so that EC_GROUPs created from explicit parameters are
861 * serialized using explicit parameters by default.
862 */
863 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE);
864
865 /*
866 * If the input params do not contain the optional seed field we make
867 * sure it is not added to the returned group.
868 *
869 * The seed field is not really used inside libcrypto anyway, and
870 * adding it to parsed explicit parameter keys would alter their DER
871 * encoding output (because of the extra field) which could impact
872 * applications fingerprinting keys by their DER encoding.
873 */
874 if (params->curve->seed == NULL) {
875 if (EC_GROUP_set_seed(ret, NULL, 0) != 1)
876 goto err;
877 }
878 }
879
880 ok = 1;
881
882 err:
883 if (!ok) {
884 EC_GROUP_free(ret);
885 ret = NULL;
886 }
887 EC_GROUP_free(dup);
888
889 BN_free(p);
890 BN_free(a);
891 BN_free(b);
892 EC_POINT_free(point);
893
894 BN_CTX_free(ctx);
895
896 return ret;
897 }
898
899 EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
900 {
901 EC_GROUP *ret = NULL;
902 int tmp = 0;
903
904 if (params == NULL) {
905 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_MISSING_PARAMETERS);
906 return NULL;
907 }
908
909 if (params->type == 0) { /* the curve is given by an OID */
910 tmp = OBJ_obj2nid(params->value.named_curve);
911 if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) {
912 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS,
913 EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
914 return NULL;
915 }
916 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
917 } else if (params->type == 1) { /* the parameters are given by a
918 * ECPARAMETERS structure */
919 ret = EC_GROUP_new_from_ecparameters(params->value.parameters);
920 if (!ret) {
921 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, ERR_R_EC_LIB);
922 return NULL;
923 }
924 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE);
925 } else if (params->type == 2) { /* implicitlyCA */
926 return NULL;
927 } else {
928 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_ASN1_ERROR);
929 return NULL;
930 }
931
932 return ret;
933 }
934
935 /* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
936
937 EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
938 {
939 EC_GROUP *group = NULL;
940 ECPKPARAMETERS *params = NULL;
941 const unsigned char *p = *in;
942
943 if ((params = d2i_ECPKPARAMETERS(NULL, &p, len)) == NULL) {
944 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
945 ECPKPARAMETERS_free(params);
946 return NULL;
947 }
948
949 if ((group = EC_GROUP_new_from_ecpkparameters(params)) == NULL) {
950 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
951 ECPKPARAMETERS_free(params);
952 return NULL;
953 }
954
955 if (a) {
956 EC_GROUP_free(*a);
957 *a = group;
958 }
959
960 ECPKPARAMETERS_free(params);
961 *in = p;
962 return group;
963 }
964
965 int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
966 {
967 int ret = 0;
968 ECPKPARAMETERS *tmp = EC_GROUP_get_ecpkparameters(a, NULL);
969 if (tmp == NULL) {
970 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
971 return 0;
972 }
973 if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) {
974 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);
975 ECPKPARAMETERS_free(tmp);
976 return 0;
977 }
978 ECPKPARAMETERS_free(tmp);
979 return ret;
980 }
981
982 /* some EC_KEY functions */
983
984 EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
985 {
986 EC_KEY *ret = NULL;
987 EC_PRIVATEKEY *priv_key = NULL;
988 const unsigned char *p = *in;
989
990 if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) {
991 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
992 return NULL;
993 }
994
995 if (a == NULL || *a == NULL) {
996 if ((ret = EC_KEY_new()) == NULL) {
997 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
998 goto err;
999 }
1000 } else
1001 ret = *a;
1002
1003 if (priv_key->parameters) {
1004 EC_GROUP_free(ret->group);
1005 ret->group = EC_GROUP_new_from_ecpkparameters(priv_key->parameters);
1006 }
1007
1008 if (ret->group == NULL) {
1009 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1010 goto err;
1011 }
1012
1013 ret->version = priv_key->version;
1014
1015 if (priv_key->privateKey) {
1016 ASN1_OCTET_STRING *pkey = priv_key->privateKey;
1017 if (EC_KEY_oct2priv(ret, ASN1_STRING_get0_data(pkey),
1018 ASN1_STRING_length(pkey)) == 0)
1019 goto err;
1020 } else {
1021 ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_MISSING_PRIVATE_KEY);
1022 goto err;
1023 }
1024
1025 EC_POINT_clear_free(ret->pub_key);
1026 ret->pub_key = EC_POINT_new(ret->group);
1027 if (ret->pub_key == NULL) {
1028 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1029 goto err;
1030 }
1031
1032 if (priv_key->publicKey) {
1033 const unsigned char *pub_oct;
1034 int pub_oct_len;
1035
1036 pub_oct = ASN1_STRING_get0_data(priv_key->publicKey);
1037 pub_oct_len = ASN1_STRING_length(priv_key->publicKey);
1038 if (!EC_KEY_oct2key(ret, pub_oct, pub_oct_len, NULL)) {
1039 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
1040 goto err;
1041 }
1042 } else {
1043 if (ret->group->meth->keygenpub == NULL
1044 || ret->group->meth->keygenpub(ret) == 0)
1045 goto err;
1046 /* Remember the original private-key-only encoding. */
1047 ret->enc_flag |= EC_PKEY_NO_PUBKEY;
1048 }
1049
1050 if (a)
1051 *a = ret;
1052 EC_PRIVATEKEY_free(priv_key);
1053 *in = p;
1054 ret->dirty_cnt++;
1055 return ret;
1056
1057 err:
1058 if (a == NULL || *a != ret)
1059 EC_KEY_free(ret);
1060 EC_PRIVATEKEY_free(priv_key);
1061 return NULL;
1062 }
1063
1064 int i2d_ECPrivateKey(const EC_KEY *a, unsigned char **out)
1065 {
1066 int ret = 0, ok = 0;
1067 unsigned char *priv= NULL, *pub= NULL;
1068 size_t privlen = 0, publen = 0;
1069
1070 EC_PRIVATEKEY *priv_key = NULL;
1071
1072 if (a == NULL || a->group == NULL ||
1073 (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) {
1074 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
1075 goto err;
1076 }
1077
1078 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
1079 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
1080 goto err;
1081 }
1082
1083 priv_key->version = a->version;
1084
1085 privlen = EC_KEY_priv2buf(a, &priv);
1086
1087 if (privlen == 0) {
1088 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1089 goto err;
1090 }
1091
1092 ASN1_STRING_set0(priv_key->privateKey, priv, privlen);
1093 priv = NULL;
1094
1095 if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) {
1096 if ((priv_key->parameters =
1097 EC_GROUP_get_ecpkparameters(a->group,
1098 priv_key->parameters)) == NULL) {
1099 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1100 goto err;
1101 }
1102 }
1103
1104 if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) {
1105 priv_key->publicKey = ASN1_BIT_STRING_new();
1106 if (priv_key->publicKey == NULL) {
1107 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
1108 goto err;
1109 }
1110
1111 publen = EC_KEY_key2buf(a, a->conv_form, &pub, NULL);
1112
1113 if (publen == 0) {
1114 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1115 goto err;
1116 }
1117
1118 priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
1119 priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
1120 ASN1_STRING_set0(priv_key->publicKey, pub, publen);
1121 pub = NULL;
1122 }
1123
1124 if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) {
1125 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
1126 goto err;
1127 }
1128 ok = 1;
1129 err:
1130 OPENSSL_clear_free(priv, privlen);
1131 OPENSSL_free(pub);
1132 EC_PRIVATEKEY_free(priv_key);
1133 return (ok ? ret : 0);
1134 }
1135
1136 int i2d_ECParameters(const EC_KEY *a, unsigned char **out)
1137 {
1138 if (a == NULL) {
1139 ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
1140 return 0;
1141 }
1142 return i2d_ECPKParameters(a->group, out);
1143 }
1144
1145 EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
1146 {
1147 EC_KEY *ret;
1148
1149 if (in == NULL || *in == NULL) {
1150 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
1151 return NULL;
1152 }
1153
1154 if (a == NULL || *a == NULL) {
1155 if ((ret = EC_KEY_new()) == NULL) {
1156 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
1157 return NULL;
1158 }
1159 } else
1160 ret = *a;
1161
1162 if (!d2i_ECPKParameters(&ret->group, in, len)) {
1163 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
1164 if (a == NULL || *a != ret)
1165 EC_KEY_free(ret);
1166 else
1167 ret->dirty_cnt++;
1168 return NULL;
1169 }
1170 ret->dirty_cnt++;
1171
1172 if (a)
1173 *a = ret;
1174
1175 return ret;
1176 }
1177
1178 EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len)
1179 {
1180 EC_KEY *ret = NULL;
1181
1182 if (a == NULL || (*a) == NULL || (*a)->group == NULL) {
1183 /*
1184 * sorry, but a EC_GROUP-structure is necessary to set the public key
1185 */
1186 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
1187 return 0;
1188 }
1189 ret = *a;
1190 /* EC_KEY_opt2key updates dirty_cnt */
1191 if (!EC_KEY_oct2key(ret, *in, len, NULL)) {
1192 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
1193 return 0;
1194 }
1195 *in += len;
1196 return ret;
1197 }
1198
1199 int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out)
1200 {
1201 size_t buf_len = 0;
1202 int new_buffer = 0;
1203
1204 if (a == NULL) {
1205 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
1206 return 0;
1207 }
1208
1209 buf_len = EC_POINT_point2oct(a->group, a->pub_key,
1210 a->conv_form, NULL, 0, NULL);
1211
1212 if (out == NULL || buf_len == 0)
1213 /* out == NULL => just return the length of the octet string */
1214 return buf_len;
1215
1216 if (*out == NULL) {
1217 if ((*out = OPENSSL_malloc(buf_len)) == NULL) {
1218 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
1219 return 0;
1220 }
1221 new_buffer = 1;
1222 }
1223 if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
1224 *out, buf_len, NULL)) {
1225 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
1226 if (new_buffer) {
1227 OPENSSL_free(*out);
1228 *out = NULL;
1229 }
1230 return 0;
1231 }
1232 if (!new_buffer)
1233 *out += buf_len;
1234 return buf_len;
1235 }
1236
1237 DECLARE_ASN1_FUNCTIONS(ECDSA_SIG)
1238 DECLARE_ASN1_ENCODE_FUNCTIONS_name(ECDSA_SIG, ECDSA_SIG)
1239
1240 #endif /* FIPS_MODE */
1241
1242 ECDSA_SIG *ECDSA_SIG_new(void)
1243 {
1244 ECDSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
1245 if (sig == NULL)
1246 ECerr(EC_F_ECDSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
1247 return sig;
1248 }
1249
1250 void ECDSA_SIG_free(ECDSA_SIG *sig)
1251 {
1252 if (sig == NULL)
1253 return;
1254 BN_clear_free(sig->r);
1255 BN_clear_free(sig->s);
1256 OPENSSL_free(sig);
1257 }
1258
1259 ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **psig, const unsigned char **ppin, long len)
1260 {
1261 ECDSA_SIG *sig;
1262
1263 if (len < 0)
1264 return NULL;
1265 if (psig != NULL && *psig != NULL) {
1266 sig = *psig;
1267 } else {
1268 sig = ECDSA_SIG_new();
1269 if (sig == NULL)
1270 return NULL;
1271 }
1272 if (sig->r == NULL)
1273 sig->r = BN_new();
1274 if (sig->s == NULL)
1275 sig->s = BN_new();
1276 if (decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) {
1277 if (psig == NULL || *psig == NULL)
1278 ECDSA_SIG_free(sig);
1279 return NULL;
1280 }
1281 if (psig != NULL && *psig == NULL)
1282 *psig = sig;
1283 return sig;
1284 }
1285
1286 int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **ppout)
1287 {
1288 BUF_MEM *buf = NULL;
1289 size_t encoded_len;
1290 WPACKET pkt;
1291
1292 if (ppout == NULL) {
1293 if (!WPACKET_init_null(&pkt, 0))
1294 return -1;
1295 } else if (*ppout == NULL) {
1296 if ((buf = BUF_MEM_new()) == NULL
1297 || !WPACKET_init_len(&pkt, buf, 0)) {
1298 BUF_MEM_free(buf);
1299 return -1;
1300 }
1301 } else {
1302 if (!WPACKET_init_static_len(&pkt, *ppout, SIZE_MAX, 0))
1303 return -1;
1304 }
1305
1306 if (!encode_der_dsa_sig(&pkt, sig->r, sig->s)
1307 || !WPACKET_get_total_written(&pkt, &encoded_len)
1308 || !WPACKET_finish(&pkt)) {
1309 BUF_MEM_free(buf);
1310 WPACKET_cleanup(&pkt);
1311 return -1;
1312 }
1313
1314 if (ppout != NULL) {
1315 if (*ppout == NULL) {
1316 *ppout = (unsigned char *)buf->data;
1317 buf->data = NULL;
1318 BUF_MEM_free(buf);
1319 } else {
1320 *ppout += encoded_len;
1321 }
1322 }
1323
1324 return (int)encoded_len;
1325 }
1326
1327 void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
1328 {
1329 if (pr != NULL)
1330 *pr = sig->r;
1331 if (ps != NULL)
1332 *ps = sig->s;
1333 }
1334
1335 const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig)
1336 {
1337 return sig->r;
1338 }
1339
1340 const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig)
1341 {
1342 return sig->s;
1343 }
1344
1345 int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
1346 {
1347 if (r == NULL || s == NULL)
1348 return 0;
1349 BN_clear_free(sig->r);
1350 BN_clear_free(sig->s);
1351 sig->r = r;
1352 sig->s = s;
1353 return 1;
1354 }
1355
1356 int ECDSA_size(const EC_KEY *ec)
1357 {
1358 int ret;
1359 ECDSA_SIG sig;
1360 const EC_GROUP *group;
1361 const BIGNUM *bn;
1362
1363 if (ec == NULL)
1364 return 0;
1365 group = EC_KEY_get0_group(ec);
1366 if (group == NULL)
1367 return 0;
1368
1369 bn = EC_GROUP_get0_order(group);
1370 if (bn == NULL)
1371 return 0;
1372
1373 sig.r = sig.s = (BIGNUM *)bn;
1374 ret = i2d_ECDSA_SIG(&sig, NULL);
1375
1376 if (ret < 0)
1377 ret = 0;
1378 return ret;
1379 }
A mirror of the official openssl repository