kris
/
boringssl
1
0
Форк 0
Код Проблеми 0 Запити на злиття 0 Релізи 0 Вікі Активність
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
1913 Коміти
12 Гілки
38 MiB
Дерево: 1269ddd377
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з '1269ddd377'
${ noResults }
boringssl/crypto/ecdsa/ecdsa_asn1.c

ecdsa_asn1.c 6.8 KiB
Неформатований Звичайний вигляд Історія

Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
Implement ECDSA_SIG_{parse,marshal} with crypto/bytestring. This is the first structure to be implemented with the new BIGNUM ASN.1 routines. Object reuse in the legacy d2i/i2d functions is implemented by releasing whatever was in *out before and setting it to the newly-allocated object. As with the new d2i_SSL_SESSION, this is a weaker form of object reuse, but should suffice for reasonable callers. As ECDSA_SIG is more likely to be parsed alone than as part of another structure (and using CBB is slightly tedious), add convenient functions which take byte arrays. For consistency with SSL_SESSION, they are named to/from_bytes. from_bytes, unlike the CBS variant, rejects trailing data. Note this changes some test expectations: BER signatures now push an error code. That they didn't do this was probably a mistake. BUG=499653 Change-Id: I9ec74db53e70d9a989412cc9e2b599be0454caec Reviewed-on: https://boringssl-review.googlesource.com/5269 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
Implement ECDSA_SIG_new and ECDSA_SIG_free manually. Implement ECDSA_SIG_new and ECDSA_SIG_free manually in preparation for removing all crypto/asn1 dependencies from ECDSA signature verification. Change-Id: I0e84d74fa8e757af0cfb09daef03d59f428143cc Reviewed-on: https://boringssl-review.googlesource.com/4153 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
Expose ECDSA_SIG_max_len to size a DER ECDSA-Sig-Value. Also implement it without reference to crypto/asn1 or fake ASN1_INTEGERs and add a test. Some platform crypto APIs only give back the key size, and not the encoded signature length. No sense in implementing it twice. BUG=347404,499653 Change-Id: I9aa27d52674375f8b036e57bb5850f091c9b25dd Reviewed-on: https://boringssl-review.googlesource.com/5080 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
Expose ECDSA_SIG_max_len to size a DER ECDSA-Sig-Value. Also implement it without reference to crypto/asn1 or fake ASN1_INTEGERs and add a test. Some platform crypto APIs only give back the key size, and not the encoded signature length. No sense in implementing it twice. BUG=347404,499653 Change-Id: I9aa27d52674375f8b036e57bb5850f091c9b25dd Reviewed-on: https://boringssl-review.googlesource.com/5080 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Change ECDSA_METHOD's size() to group_order_size() The |size| method was documented to return the same as |ECDSA_size| - the max size of an ECDSA signature. However, this involves some ASN.1 calculations which is best done once. What custom implementations want to give is the size of the group order on which the ASN.1 computations are based. This change switches the |size| method to allow that. Change-Id: I95b6e0c2b52bfcd0d74850c2c4e9bc01269255e2 Reviewed-on: https://boringssl-review.googlesource.com/1200 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10 роки тому
Expose ECDSA_SIG_max_len to size a DER ECDSA-Sig-Value. Also implement it without reference to crypto/asn1 or fake ASN1_INTEGERs and add a test. Some platform crypto APIs only give back the key size, and not the encoded signature length. No sense in implementing it twice. BUG=347404,499653 Change-Id: I9aa27d52674375f8b036e57bb5850f091c9b25dd Reviewed-on: https://boringssl-review.googlesource.com/5080 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Change ECDSA_METHOD's size() to group_order_size() The |size| method was documented to return the same as |ECDSA_size| - the max size of an ECDSA signature. However, this involves some ASN.1 calculations which is best done once. What custom implementations want to give is the size of the group order on which the ASN.1 computations are based. This change switches the |size| method to allow that. Change-Id: I95b6e0c2b52bfcd0d74850c2c4e9bc01269255e2 Reviewed-on: https://boringssl-review.googlesource.com/1200 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
Expose ECDSA_SIG_max_len to size a DER ECDSA-Sig-Value. Also implement it without reference to crypto/asn1 or fake ASN1_INTEGERs and add a test. Some platform crypto APIs only give back the key size, and not the encoded signature length. No sense in implementing it twice. BUG=347404,499653 Change-Id: I9aa27d52674375f8b036e57bb5850f091c9b25dd Reviewed-on: https://boringssl-review.googlesource.com/5080 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Change ECDSA_METHOD's size() to group_order_size() The |size| method was documented to return the same as |ECDSA_size| - the max size of an ECDSA signature. However, this involves some ASN.1 calculations which is best done once. What custom implementations want to give is the size of the group order on which the ASN.1 computations are based. This change switches the |size| method to allow that. Change-Id: I95b6e0c2b52bfcd0d74850c2c4e9bc01269255e2 Reviewed-on: https://boringssl-review.googlesource.com/1200 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10 роки тому
Expose ECDSA_SIG_max_len to size a DER ECDSA-Sig-Value. Also implement it without reference to crypto/asn1 or fake ASN1_INTEGERs and add a test. Some platform crypto APIs only give back the key size, and not the encoded signature length. No sense in implementing it twice. BUG=347404,499653 Change-Id: I9aa27d52674375f8b036e57bb5850f091c9b25dd Reviewed-on: https://boringssl-review.googlesource.com/5080 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
Expose ECDSA_SIG_max_len to size a DER ECDSA-Sig-Value. Also implement it without reference to crypto/asn1 or fake ASN1_INTEGERs and add a test. Some platform crypto APIs only give back the key size, and not the encoded signature length. No sense in implementing it twice. BUG=347404,499653 Change-Id: I9aa27d52674375f8b036e57bb5850f091c9b25dd Reviewed-on: https://boringssl-review.googlesource.com/5080 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
Implement ECDSA_SIG_new and ECDSA_SIG_free manually. Implement ECDSA_SIG_new and ECDSA_SIG_free manually in preparation for removing all crypto/asn1 dependencies from ECDSA signature verification. Change-Id: I0e84d74fa8e757af0cfb09daef03d59f428143cc Reviewed-on: https://boringssl-review.googlesource.com/4153 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Expose ECDSA_SIG_max_len to size a DER ECDSA-Sig-Value. Also implement it without reference to crypto/asn1 or fake ASN1_INTEGERs and add a test. Some platform crypto APIs only give back the key size, and not the encoded signature length. No sense in implementing it twice. BUG=347404,499653 Change-Id: I9aa27d52674375f8b036e57bb5850f091c9b25dd Reviewed-on: https://boringssl-review.googlesource.com/5080 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Implement ECDSA_SIG_{parse,marshal} with crypto/bytestring. This is the first structure to be implemented with the new BIGNUM ASN.1 routines. Object reuse in the legacy d2i/i2d functions is implemented by releasing whatever was in *out before and setting it to the newly-allocated object. As with the new d2i_SSL_SESSION, this is a weaker form of object reuse, but should suffice for reasonable callers. As ECDSA_SIG is more likely to be parsed alone than as part of another structure (and using CBB is slightly tedious), add convenient functions which take byte arrays. For consistency with SSL_SESSION, they are named to/from_bytes. from_bytes, unlike the CBS variant, rejects trailing data. Note this changes some test expectations: BER signatures now push an error code. That they didn't do this was probably a mistake. BUG=499653 Change-Id: I9ec74db53e70d9a989412cc9e2b599be0454caec Reviewed-on: https://boringssl-review.googlesource.com/5269 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Implement ECDSA_SIG_{parse,marshal} with crypto/bytestring. This is the first structure to be implemented with the new BIGNUM ASN.1 routines. Object reuse in the legacy d2i/i2d functions is implemented by releasing whatever was in *out before and setting it to the newly-allocated object. As with the new d2i_SSL_SESSION, this is a weaker form of object reuse, but should suffice for reasonable callers. As ECDSA_SIG is more likely to be parsed alone than as part of another structure (and using CBB is slightly tedious), add convenient functions which take byte arrays. For consistency with SSL_SESSION, they are named to/from_bytes. from_bytes, unlike the CBS variant, rejects trailing data. Note this changes some test expectations: BER signatures now push an error code. That they didn't do this was probably a mistake. BUG=499653 Change-Id: I9ec74db53e70d9a989412cc9e2b599be0454caec Reviewed-on: https://boringssl-review.googlesource.com/5269 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Implement ECDSA_SIG_{parse,marshal} with crypto/bytestring. This is the first structure to be implemented with the new BIGNUM ASN.1 routines. Object reuse in the legacy d2i/i2d functions is implemented by releasing whatever was in *out before and setting it to the newly-allocated object. As with the new d2i_SSL_SESSION, this is a weaker form of object reuse, but should suffice for reasonable callers. As ECDSA_SIG is more likely to be parsed alone than as part of another structure (and using CBB is slightly tedious), add convenient functions which take byte arrays. For consistency with SSL_SESSION, they are named to/from_bytes. from_bytes, unlike the CBS variant, rejects trailing data. Note this changes some test expectations: BER signatures now push an error code. That they didn't do this was probably a mistake. BUG=499653 Change-Id: I9ec74db53e70d9a989412cc9e2b599be0454caec Reviewed-on: https://boringssl-review.googlesource.com/5269 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Implement ECDSA_SIG_{parse,marshal} with crypto/bytestring. This is the first structure to be implemented with the new BIGNUM ASN.1 routines. Object reuse in the legacy d2i/i2d functions is implemented by releasing whatever was in *out before and setting it to the newly-allocated object. As with the new d2i_SSL_SESSION, this is a weaker form of object reuse, but should suffice for reasonable callers. As ECDSA_SIG is more likely to be parsed alone than as part of another structure (and using CBB is slightly tedious), add convenient functions which take byte arrays. For consistency with SSL_SESSION, they are named to/from_bytes. from_bytes, unlike the CBS variant, rejects trailing data. Note this changes some test expectations: BER signatures now push an error code. That they didn't do this was probably a mistake. BUG=499653 Change-Id: I9ec74db53e70d9a989412cc9e2b599be0454caec Reviewed-on: https://boringssl-review.googlesource.com/5269 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Implement ECDSA_SIG_{parse,marshal} with crypto/bytestring. This is the first structure to be implemented with the new BIGNUM ASN.1 routines. Object reuse in the legacy d2i/i2d functions is implemented by releasing whatever was in *out before and setting it to the newly-allocated object. As with the new d2i_SSL_SESSION, this is a weaker form of object reuse, but should suffice for reasonable callers. As ECDSA_SIG is more likely to be parsed alone than as part of another structure (and using CBB is slightly tedious), add convenient functions which take byte arrays. For consistency with SSL_SESSION, they are named to/from_bytes. from_bytes, unlike the CBS variant, rejects trailing data. Note this changes some test expectations: BER signatures now push an error code. That they didn't do this was probably a mistake. BUG=499653 Change-Id: I9ec74db53e70d9a989412cc9e2b599be0454caec Reviewed-on: https://boringssl-review.googlesource.com/5269 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Expose ECDSA_SIG_max_len to size a DER ECDSA-Sig-Value. Also implement it without reference to crypto/asn1 or fake ASN1_INTEGERs and add a test. Some platform crypto APIs only give back the key size, and not the encoded signature length. No sense in implementing it twice. BUG=347404,499653 Change-Id: I9aa27d52674375f8b036e57bb5850f091c9b25dd Reviewed-on: https://boringssl-review.googlesource.com/5080 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Implement ECDSA_SIG_{parse,marshal} with crypto/bytestring. This is the first structure to be implemented with the new BIGNUM ASN.1 routines. Object reuse in the legacy d2i/i2d functions is implemented by releasing whatever was in *out before and setting it to the newly-allocated object. As with the new d2i_SSL_SESSION, this is a weaker form of object reuse, but should suffice for reasonable callers. As ECDSA_SIG is more likely to be parsed alone than as part of another structure (and using CBB is slightly tedious), add convenient functions which take byte arrays. For consistency with SSL_SESSION, they are named to/from_bytes. from_bytes, unlike the CBS variant, rejects trailing data. Note this changes some test expectations: BER signatures now push an error code. That they didn't do this was probably a mistake. BUG=499653 Change-Id: I9ec74db53e70d9a989412cc9e2b599be0454caec Reviewed-on: https://boringssl-review.googlesource.com/5269 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Implement ECDSA_SIG_{parse,marshal} with crypto/bytestring. This is the first structure to be implemented with the new BIGNUM ASN.1 routines. Object reuse in the legacy d2i/i2d functions is implemented by releasing whatever was in *out before and setting it to the newly-allocated object. As with the new d2i_SSL_SESSION, this is a weaker form of object reuse, but should suffice for reasonable callers. As ECDSA_SIG is more likely to be parsed alone than as part of another structure (and using CBB is slightly tedious), add convenient functions which take byte arrays. For consistency with SSL_SESSION, they are named to/from_bytes. from_bytes, unlike the CBS variant, rejects trailing data. Note this changes some test expectations: BER signatures now push an error code. That they didn't do this was probably a mistake. BUG=499653 Change-Id: I9ec74db53e70d9a989412cc9e2b599be0454caec Reviewed-on: https://boringssl-review.googlesource.com/5269 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250 
  1. /* ====================================================================

  2.  * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

  3.  *

  4.  * Redistribution and use in source and binary forms, with or without

  5.  * modification, are permitted provided that the following conditions

  6.  * are met:

  7.  *

  8.  * 1. Redistributions of source code must retain the above copyright

  9.  *    notice, this list of conditions and the following disclaimer.

  10.  *

  11.  * 2. Redistributions in binary form must reproduce the above copyright

  12.  *    notice, this list of conditions and the following disclaimer in

  13.  *    the documentation and/or other materials provided with the

  14.  *    distribution.

  15.  *

  16.  * 3. All advertising materials mentioning features or use of this

  17.  *    software must display the following acknowledgment:

  18.  *    "This product includes software developed by the OpenSSL Project

  19.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  20.  *

  21.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  22.  *    endorse or promote products derived from this software without

  23.  *    prior written permission. For written permission, please contact

  24.  *    openssl-core@OpenSSL.org.

  25.  *

  26.  * 5. Products derived from this software may not be called "OpenSSL"

  27.  *    nor may "OpenSSL" appear in their names without prior written

  28.  *    permission of the OpenSSL Project.

  29.  *

  30.  * 6. Redistributions of any form whatsoever must retain the following

  31.  *    acknowledgment:

  32.  *    "This product includes software developed by the OpenSSL Project

  33.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  34.  *

  35.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  36.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  37.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  38.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  39.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  40.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  41.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  42.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  43.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  44.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  45.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  46.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  47.  * ====================================================================

  48.  *

  49.  * This product includes cryptographic software written by Eric Young

  50.  * (eay@cryptsoft.com).  This product includes software written by Tim

  51.  * Hudson (tjh@cryptsoft.com). */

  52. 

  53. #include <openssl/ecdsa.h>

  54. 

  55. #include <limits.h>

  56. #include <string.h>

  57. 

  58. #include <openssl/bn.h>

  59. #include <openssl/bytestring.h>

  60. #include <openssl/err.h>

  61. #include <openssl/ec_key.h>

  62. #include <openssl/mem.h>

  63. 

  64. #include "../ec/internal.h"

  65. 

  66. 

  67. size_t ECDSA_size(const EC_KEY *key) {

  68.   if (key == NULL) {

  69.     return 0;

  70.   }

  71. 

  72.   size_t group_order_size;

  73.   if (key->ecdsa_meth && key->ecdsa_meth->group_order_size) {

  74.     group_order_size = key->ecdsa_meth->group_order_size(key);

  75.   } else {

  76.     const EC_GROUP *group = EC_KEY_get0_group(key);

  77.     if (group == NULL) {

  78.       return 0;

  79.     }

  80. 

  81.     BIGNUM *order = BN_new();

  82.     if (order == NULL) {

  83.       return 0;

  84.     }

  85.     if (!EC_GROUP_get_order(group, order, NULL)) {

  86.       BN_clear_free(order);

  87.       return 0;

  88.     }

  89. 

  90.     group_order_size = BN_num_bytes(order);

  91.     BN_clear_free(order);

  92.   }

  93. 

  94.   return ECDSA_SIG_max_len(group_order_size);

  95. }

  96. 

  97. ECDSA_SIG *ECDSA_SIG_new(void) {

  98.   ECDSA_SIG *sig = OPENSSL_malloc(sizeof(ECDSA_SIG));

  99.   if (sig == NULL) {

  100.     return NULL;

  101.   }

  102.   sig->r = BN_new();

  103.   sig->s = BN_new();

  104.   if (sig->r == NULL || sig->s == NULL) {

  105.     ECDSA_SIG_free(sig);

  106.     return NULL;

  107.   }

  108.   return sig;

  109. }

  110. 

  111. void ECDSA_SIG_free(ECDSA_SIG *sig) {

  112.   if (sig == NULL) {

  113.     return;

  114.   }

  115. 

  116.   BN_free(sig->r);

  117.   BN_free(sig->s);

  118.   OPENSSL_free(sig);

  119. }

  120. 

  121. ECDSA_SIG *ECDSA_SIG_parse(CBS *cbs) {

  122.   ECDSA_SIG *ret = ECDSA_SIG_new();

  123.   if (ret == NULL) {

  124.     return NULL;

  125.   }

  126.   CBS child;

  127.   if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||

  128.       !BN_cbs2unsigned(&child, ret->r) ||

  129.       !BN_cbs2unsigned(&child, ret->s) ||

  130.       CBS_len(&child) != 0) {

  131.     OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);

  132.     ECDSA_SIG_free(ret);

  133.     return NULL;

  134.   }

  135.   return ret;

  136. }

  137. 

  138. ECDSA_SIG *ECDSA_SIG_from_bytes(const uint8_t *in, size_t in_len) {

  139.   CBS cbs;

  140.   CBS_init(&cbs, in, in_len);

  141.   ECDSA_SIG *ret = ECDSA_SIG_parse(&cbs);

  142.   if (ret == NULL || CBS_len(&cbs) != 0) {

  143.     OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);

  144.     ECDSA_SIG_free(ret);

  145.     return NULL;

  146.   }

  147.   return ret;

  148. }

  149. 

  150. int ECDSA_SIG_marshal(CBB *cbb, const ECDSA_SIG *sig) {

  151.   CBB child;

  152.   if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) ||

  153.       !BN_bn2cbb(&child, sig->r) ||

  154.       !BN_bn2cbb(&child, sig->s) ||

  155.       !CBB_flush(cbb)) {

  156.     OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR);

  157.     return 0;

  158.   }

  159.   return 1;

  160. }

  161. 

  162. int ECDSA_SIG_to_bytes(uint8_t **out_bytes, size_t *out_len,

  163.                        const ECDSA_SIG *sig) {

  164.   CBB cbb;

  165.   CBB_zero(&cbb);

  166.   if (!CBB_init(&cbb, 0) ||

  167.       !ECDSA_SIG_marshal(&cbb, sig) ||

  168.       !CBB_finish(&cbb, out_bytes, out_len)) {

  169.     OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR);

  170.     CBB_cleanup(&cbb);

  171.     return 0;

  172.   }

  173.   return 1;

  174. }

  175. 

  176. /* der_len_len returns the number of bytes needed to represent a length of |len|

  177.  * in DER. */

  178. static size_t der_len_len(size_t len) {

  179.   if (len < 0x80) {

  180.     return 1;

  181.   }

  182.   size_t ret = 1;

  183.   while (len > 0) {

  184.     ret++;

  185.     len >>= 8;

  186.   }

  187.   return ret;

  188. }

  189. 

  190. size_t ECDSA_SIG_max_len(size_t order_len) {

  191.   /* Compute the maximum length of an |order_len| byte integer. Defensively

  192.    * assume that the leading 0x00 is included. */

  193.   size_t integer_len = 1 /* tag */ + der_len_len(order_len + 1) + 1 + order_len;

  194.   if (integer_len < order_len) {

  195.     return 0;

  196.   }

  197.   /* An ECDSA signature is two INTEGERs. */

  198.   size_t value_len = 2 * integer_len;

  199.   if (value_len < integer_len) {

  200.     return 0;

  201.   }

  202.   /* Add the header. */

  203.   size_t ret = 1 /* tag */ + der_len_len(value_len) + value_len;

  204.   if (ret < value_len) {

  205.     return 0;

  206.   }

  207.   return ret;

  208. }

  209. 

  210. ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **out, const uint8_t **inp, long len) {

  211.   if (len < 0) {

  212.     return NULL;

  213.   }

  214.   CBS cbs;

  215.   CBS_init(&cbs, *inp, (size_t)len);

  216.   ECDSA_SIG *ret = ECDSA_SIG_parse(&cbs);

  217.   if (ret == NULL) {

  218.     return NULL;

  219.   }

  220.   if (out != NULL) {

  221.     ECDSA_SIG_free(*out);

  222.     *out = ret;

  223.   }

  224.   *inp += (size_t)len - CBS_len(&cbs);

  225.   return ret;

  226. }

  227. 

  228. int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp) {

  229.   uint8_t *der;

  230.   size_t der_len;

  231.   if (!ECDSA_SIG_to_bytes(&der, &der_len, sig)) {

  232.     return -1;

  233.   }

  234.   if (der_len > INT_MAX) {

  235.     OPENSSL_PUT_ERROR(ECDSA, ERR_R_OVERFLOW);

  236.     OPENSSL_free(der);

  237.     return -1;

  238.   }

  239.   if (outp != NULL) {

  240.     if (*outp == NULL) {

  241.       *outp = der;

  242.       der = NULL;

  243.     } else {

  244.       memcpy(*outp, der, der_len);

  245.       *outp += der_len;

  246.     }

  247.   }

  248.   OPENSSL_free(der);

  249.   return (int)der_len;

  250. }