Home Verkennen Help
Inloggen
OWEALs
/
openssl
spiegel van git://git.openssl.org/openssl.git
2
0
Vork 0
Bestanden Issues 1 Wiki
Boom: fcc5e899aa
Aftakkingen Labels
openssl
/
crypto
/
ec
/
ec_lib.c

ec_lib.c 31 KB
Geschiedenis Ruwe

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111 
  1. /* crypto/ec/ec_lib.c */
    2. 

  2. /*
    3. 

  3.  * Originally written by Bodo Moeller for the OpenSSL project.
    4. 

  4.  */
    5. 

  5. /* ====================================================================
    6. 

  6.  * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
    7. 

  7.  *
    8. 

  8.  * Redistribution and use in source and binary forms, with or without
    9. 

  9.  * modification, are permitted provided that the following conditions
    10. 

  10.  * are met:
    11. 

  11.  *
    12. 

  12.  * 1. Redistributions of source code must retain the above copyright
    13. 

  13.  *    notice, this list of conditions and the following disclaimer.
    14. 

  14.  *
    15. 

  15.  * 2. Redistributions in binary form must reproduce the above copyright
    16. 

  16.  *    notice, this list of conditions and the following disclaimer in
    17. 

  17.  *    the documentation and/or other materials provided with the
    18. 

  18.  *    distribution.
    19. 

  19.  *
    20. 

  20.  * 3. All advertising materials mentioning features or use of this
    21. 

  21.  *    software must display the following acknowledgment:
    22. 

  22.  *    "This product includes software developed by the OpenSSL Project
    23. 

  23.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
    24. 

  24.  *
    25. 

  25.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
    26. 

  26.  *    endorse or promote products derived from this software without
    27. 

  27.  *    prior written permission. For written permission, please contact
    28. 

  28.  *    openssl-core@openssl.org.
    29. 

  29.  *
    30. 

  30.  * 5. Products derived from this software may not be called "OpenSSL"
    31. 

  31.  *    nor may "OpenSSL" appear in their names without prior written
    32. 

  32.  *    permission of the OpenSSL Project.
    33. 

  33.  *
    34. 

  34.  * 6. Redistributions of any form whatsoever must retain the following
    35. 

  35.  *    acknowledgment:
    36. 

  36.  *    "This product includes software developed by the OpenSSL Project
    37. 

  37.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
    38. 

  38.  *
    39. 

  39.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
    40. 

  40.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    41. 

  41.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    42. 

  42.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
    43. 

  43.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
    44. 

  44.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
    45. 

  45.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
    46. 

  46.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    47. 

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    48. 

  48.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    49. 

  49.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    50. 

  50.  * OF THE POSSIBILITY OF SUCH DAMAGE.
    51. 

  51.  * ====================================================================
    52. 

  52.  *
    53. 

  53.  * This product includes cryptographic software written by Eric Young
    54. 

  54.  * (eay@cryptsoft.com).  This product includes software written by Tim
    55. 

  55.  * Hudson (tjh@cryptsoft.com).
    56. 

  56.  *
    57. 

  57.  */
    58. 

  58. /* ====================================================================
    59. 

  59.  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
    60. 

  60.  * Binary polynomial ECC support in OpenSSL originally developed by
    61. 

  61.  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
    62. 

  62.  */
    63. 

  63. 

  64. #include <string.h>
    65. 

  65. 

  66. #include <openssl/err.h>
    67. 

  67. #include <openssl/opensslv.h>
    68. 

  68. 

  69. #include "ec_lcl.h"
    70. 

  70. 

  71. static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
    72. 

  72. 

  73. /* functions for EC_GROUP objects */
    74. 

  74. 

  75. EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
    76. 

  76. {
    77. 

  77.     EC_GROUP *ret;
    78. 

  78. 

  79.     if (meth == NULL) {
    80. 

  80.         ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER);
    81. 

  81.         return NULL;
    82. 

  82.     }
    83. 

  83.     if (meth->group_init == 0) {
    84. 

  84.         ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    85. 

  85.         return NULL;
    86. 

  86.     }
    87. 

  87. 

  88.     ret = OPENSSL_malloc(sizeof *ret);
    89. 

  89.     if (ret == NULL) {
    90. 

  90.         ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
    91. 

  91.         return NULL;
    92. 

  92.     }
    93. 

  93. 

  94.     ret->meth = meth;
    95. 

  95. 

  96.     ret->extra_data = NULL;
    97. 

  97. 

  98.     ret->generator = NULL;
    99. 

  99.     BN_init(&ret->order);
    100. 

  100.     BN_init(&ret->cofactor);
    101. 

  101. 

  102.     ret->curve_name = 0;
    103. 

  103.     ret->asn1_flag = 0;
    104. 

  104.     ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED;
    105. 

  105. 

  106.     ret->seed = NULL;
    107. 

  107.     ret->seed_len = 0;
    108. 

  108. 

  109.     if (!meth->group_init(ret)) {
    110. 

  110.         OPENSSL_free(ret);
    111. 

  111.         return NULL;
    112. 

  112.     }
    113. 

  113. 

  114.     return ret;
    115. 

  115. }
    116. 

  116. 

  117. void EC_GROUP_free(EC_GROUP *group)
    118. 

  118. {
    119. 

  119.     if (!group)
    120. 

  120.         return;
    121. 

  121. 

  122.     if (group->meth->group_finish != 0)
    123. 

  123.         group->meth->group_finish(group);
    124. 

  124. 

  125.     EC_EX_DATA_free_all_data(&group->extra_data);
    126. 

  126. 

  127.     if (group->generator != NULL)
    128. 

  128.         EC_POINT_free(group->generator);
    129. 

  129.     BN_free(&group->order);
    130. 

  130.     BN_free(&group->cofactor);
    131. 

  131. 

  132.     if (group->seed)
    133. 

  133.         OPENSSL_free(group->seed);
    134. 

  134. 

  135.     OPENSSL_free(group);
    136. 

  136. }
    137. 

  137. 

  138. void EC_GROUP_clear_free(EC_GROUP *group)
    139. 

  139. {
    140. 

  140.     if (!group)
    141. 

  141.         return;
    142. 

  142. 

  143.     if (group->meth->group_clear_finish != 0)
    144. 

  144.         group->meth->group_clear_finish(group);
    145. 

  145.     else if (group->meth->group_finish != 0)
    146. 

  146.         group->meth->group_finish(group);
    147. 

  147. 

  148.     EC_EX_DATA_clear_free_all_data(&group->extra_data);
    149. 

  149. 

  150.     if (group->generator != NULL)
    151. 

  151.         EC_POINT_clear_free(group->generator);
    152. 

  152.     BN_clear_free(&group->order);
    153. 

  153.     BN_clear_free(&group->cofactor);
    154. 

  154. 

  155.     if (group->seed) {
    156. 

  156.         OPENSSL_cleanse(group->seed, group->seed_len);
    157. 

  157.         OPENSSL_free(group->seed);
    158. 

  158.     }
    159. 

  159. 

  160.     OPENSSL_cleanse(group, sizeof *group);
    161. 

  161.     OPENSSL_free(group);
    162. 

  162. }
    163. 

  163. 

  164. int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
    165. 

  165. {
    166. 

  166.     EC_EXTRA_DATA *d;
    167. 

  167. 

  168.     if (dest->meth->group_copy == 0) {
    169. 

  169.         ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    170. 

  170.         return 0;
    171. 

  171.     }
    172. 

  172.     if (dest->meth != src->meth) {
    173. 

  173.         ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
    174. 

  174.         return 0;
    175. 

  175.     }
    176. 

  176.     if (dest == src)
    177. 

  177.         return 1;
    178. 

  178. 

  179.     EC_EX_DATA_free_all_data(&dest->extra_data);
    180. 

  180. 

  181.     for (d = src->extra_data; d != NULL; d = d->next) {
    182. 

  182.         void *t = d->dup_func(d->data);
    183. 

  183. 

  184.         if (t == NULL)
    185. 

  185.             return 0;
    186. 

  186.         if (!EC_EX_DATA_set_data
    187. 

  187.             (&dest->extra_data, t, d->dup_func, d->free_func,
    188. 

  188.              d->clear_free_func))
    189. 

  189.             return 0;
    190. 

  190.     }
    191. 

  191. 

  192.     if (src->generator != NULL) {
    193. 

  193.         if (dest->generator == NULL) {
    194. 

  194.             dest->generator = EC_POINT_new(dest);
    195. 

  195.             if (dest->generator == NULL)
    196. 

  196.                 return 0;
    197. 

  197.         }
    198. 

  198.         if (!EC_POINT_copy(dest->generator, src->generator))
    199. 

  199.             return 0;
    200. 

  200.     } else {
    201. 

  201.         /* src->generator == NULL */
    202. 

  202.         if (dest->generator != NULL) {
    203. 

  203.             EC_POINT_clear_free(dest->generator);
    204. 

  204.             dest->generator = NULL;
    205. 

  205.         }
    206. 

  206.     }
    207. 

  207. 

  208.     if (!BN_copy(&dest->order, &src->order))
    209. 

  209.         return 0;
    210. 

  210.     if (!BN_copy(&dest->cofactor, &src->cofactor))
    211. 

  211.         return 0;
    212. 

  212. 

  213.     dest->curve_name = src->curve_name;
    214. 

  214.     dest->asn1_flag = src->asn1_flag;
    215. 

  215.     dest->asn1_form = src->asn1_form;
    216. 

  216. 

  217.     if (src->seed) {
    218. 

  218.         if (dest->seed)
    219. 

  219.             OPENSSL_free(dest->seed);
    220. 

  220.         dest->seed = OPENSSL_malloc(src->seed_len);
    221. 

  221.         if (dest->seed == NULL)
    222. 

  222.             return 0;
    223. 

  223.         if (!memcpy(dest->seed, src->seed, src->seed_len))
    224. 

  224.             return 0;
    225. 

  225.         dest->seed_len = src->seed_len;
    226. 

  226.     } else {
    227. 

  227.         if (dest->seed)
    228. 

  228.             OPENSSL_free(dest->seed);
    229. 

  229.         dest->seed = NULL;
    230. 

  230.         dest->seed_len = 0;
    231. 

  231.     }
    232. 

  232. 

  233.     return dest->meth->group_copy(dest, src);
    234. 

  234. }
    235. 

  235. 

  236. EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
    237. 

  237. {
    238. 

  238.     EC_GROUP *t = NULL;
    239. 

  239.     int ok = 0;
    240. 

  240. 

  241.     if (a == NULL)
    242. 

  242.         return NULL;
    243. 

  243. 

  244.     if ((t = EC_GROUP_new(a->meth)) == NULL)
    245. 

  245.         return (NULL);
    246. 

  246.     if (!EC_GROUP_copy(t, a))
    247. 

  247.         goto err;
    248. 

  248. 

  249.     ok = 1;
    250. 

  250. 

  251.  err:
    252. 

  252.     if (!ok) {
    253. 

  253.         if (t)
    254. 

  254.             EC_GROUP_free(t);
    255. 

  255.         return NULL;
    256. 

  256.     } else
    257. 

  257.         return t;
    258. 

  258. }
    259. 

  259. 

  260. const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
    261. 

  261. {
    262. 

  262.     return group->meth;
    263. 

  263. }
    264. 

  264. 

  265. int EC_METHOD_get_field_type(const EC_METHOD *meth)
    266. 

  266. {
    267. 

  267.     return meth->field_type;
    268. 

  268. }
    269. 

  269. 

  270. int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
    271. 

  271.                            const BIGNUM *order, const BIGNUM *cofactor)
    272. 

  272. {
    273. 

  273.     if (generator == NULL) {
    274. 

  274.         ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
    275. 

  275.         return 0;
    276. 

  276.     }
    277. 

  277. 

  278.     if (group->generator == NULL) {
    279. 

  279.         group->generator = EC_POINT_new(group);
    280. 

  280.         if (group->generator == NULL)
    281. 

  281.             return 0;
    282. 

  282.     }
    283. 

  283.     if (!EC_POINT_copy(group->generator, generator))
    284. 

  284.         return 0;
    285. 

  285. 

  286.     if (order != NULL) {
    287. 

  287.         if (!BN_copy(&group->order, order))
    288. 

  288.             return 0;
    289. 

  289.     } else
    290. 

  290.         BN_zero(&group->order);
    291. 

  291. 

  292.     if (cofactor != NULL) {
    293. 

  293.         if (!BN_copy(&group->cofactor, cofactor))
    294. 

  294.             return 0;
    295. 

  295.     } else
    296. 

  296.         BN_zero(&group->cofactor);
    297. 

  297. 

  298.     return 1;
    299. 

  299. }
    300. 

  300. 

  301. const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
    302. 

  302. {
    303. 

  303.     return group->generator;
    304. 

  304. }
    305. 

  305. 

  306. int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
    307. 

  307. {
    308. 

  308.     if (!BN_copy(order, &group->order))
    309. 

  309.         return 0;
    310. 

  310. 

  311.     return !BN_is_zero(order);
    312. 

  312. }
    313. 

  313. 

  314. int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
    315. 

  315.                           BN_CTX *ctx)
    316. 

  316. {
    317. 

  317.     if (!BN_copy(cofactor, &group->cofactor))
    318. 

  318.         return 0;
    319. 

  319. 

  320.     return !BN_is_zero(&group->cofactor);
    321. 

  321. }
    322. 

  322. 

  323. void EC_GROUP_set_curve_name(EC_GROUP *group, int nid)
    324. 

  324. {
    325. 

  325.     group->curve_name = nid;
    326. 

  326. }
    327. 

  327. 

  328. int EC_GROUP_get_curve_name(const EC_GROUP *group)
    329. 

  329. {
    330. 

  330.     return group->curve_name;
    331. 

  331. }
    332. 

  332. 

  333. void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)
    334. 

  334. {
    335. 

  335.     group->asn1_flag = flag;
    336. 

  336. }
    337. 

  337. 

  338. int EC_GROUP_get_asn1_flag(const EC_GROUP *group)
    339. 

  339. {
    340. 

  340.     return group->asn1_flag;
    341. 

  341. }
    342. 

  342. 

  343. void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
    344. 

  344.                                         point_conversion_form_t form)
    345. 

  345. {
    346. 

  346.     group->asn1_form = form;
    347. 

  347. }
    348. 

  348. 

  349. point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP
    350. 

  350.                                                            *group)
    351. 

  351. {
    352. 

  352.     return group->asn1_form;
    353. 

  353. }
    354. 

  354. 

  355. size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)
    356. 

  356. {
    357. 

  357.     if (group->seed) {
    358. 

  358.         OPENSSL_free(group->seed);
    359. 

  359.         group->seed = NULL;
    360. 

  360.         group->seed_len = 0;
    361. 

  361.     }
    362. 

  362. 

  363.     if (!len || !p)
    364. 

  364.         return 1;
    365. 

  365. 

  366.     if ((group->seed = OPENSSL_malloc(len)) == NULL)
    367. 

  367.         return 0;
    368. 

  368.     memcpy(group->seed, p, len);
    369. 

  369.     group->seed_len = len;
    370. 

  370. 

  371.     return len;
    372. 

  372. }
    373. 

  373. 

  374. unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group)
    375. 

  375. {
    376. 

  376.     return group->seed;
    377. 

  377. }
    378. 

  378. 

  379. size_t EC_GROUP_get_seed_len(const EC_GROUP *group)
    380. 

  380. {
    381. 

  381.     return group->seed_len;
    382. 

  382. }
    383. 

  383. 

  384. int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
    385. 

  385.                            const BIGNUM *b, BN_CTX *ctx)
    386. 

  386. {
    387. 

  387.     if (group->meth->group_set_curve == 0) {
    388. 

  388.         ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    389. 

  389.         return 0;
    390. 

  390.     }
    391. 

  391.     return group->meth->group_set_curve(group, p, a, b, ctx);
    392. 

  392. }
    393. 

  393. 

  394. int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
    395. 

  395.                            BIGNUM *b, BN_CTX *ctx)
    396. 

  396. {
    397. 

  397.     if (group->meth->group_get_curve == 0) {
    398. 

  398.         ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    399. 

  399.         return 0;
    400. 

  400.     }
    401. 

  401.     return group->meth->group_get_curve(group, p, a, b, ctx);
    402. 

  402. }
    403. 

  403. 

  404. int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
    405. 

  405.                             const BIGNUM *b, BN_CTX *ctx)
    406. 

  406. {
    407. 

  407.     if (group->meth->group_set_curve == 0) {
    408. 

  408.         ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M,
    409. 

  409.               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    410. 

  410.         return 0;
    411. 

  411.     }
    412. 

  412.     return group->meth->group_set_curve(group, p, a, b, ctx);
    413. 

  413. }
    414. 

  414. 

  415. int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
    416. 

  416.                             BIGNUM *b, BN_CTX *ctx)
    417. 

  417. {
    418. 

  418.     if (group->meth->group_get_curve == 0) {
    419. 

  419.         ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M,
    420. 

  420.               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    421. 

  421.         return 0;
    422. 

  422.     }
    423. 

  423.     return group->meth->group_get_curve(group, p, a, b, ctx);
    424. 

  424. }
    425. 

  425. 

  426. int EC_GROUP_get_degree(const EC_GROUP *group)
    427. 

  427. {
    428. 

  428.     if (group->meth->group_get_degree == 0) {
    429. 

  429.         ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    430. 

  430.         return 0;
    431. 

  431.     }
    432. 

  432.     return group->meth->group_get_degree(group);
    433. 

  433. }
    434. 

  434. 

  435. int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
    436. 

  436. {
    437. 

  437.     if (group->meth->group_check_discriminant == 0) {
    438. 

  438.         ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT,
    439. 

  439.               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    440. 

  440.         return 0;
    441. 

  441.     }
    442. 

  442.     return group->meth->group_check_discriminant(group, ctx);
    443. 

  443. }
    444. 

  444. 

  445. int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
    446. 

  446. {
    447. 

  447.     int r = 0;
    448. 

  448.     BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
    449. 

  449.     BN_CTX *ctx_new = NULL;
    450. 

  450. 

  451.     /* compare the field types */
    452. 

  452.     if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
    453. 

  453.         EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
    454. 

  454.         return 1;
    455. 

  455.     /* compare the curve name (if present in both) */
    456. 

  456.     if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
    457. 

  457.         EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
    458. 

  458.         return 1;
    459. 

  459. 

  460.     if (!ctx)
    461. 

  461.         ctx_new = ctx = BN_CTX_new();
    462. 

  462.     if (!ctx)
    463. 

  463.         return -1;
    464. 

  464. 

  465.     BN_CTX_start(ctx);
    466. 

  466.     a1 = BN_CTX_get(ctx);
    467. 

  467.     a2 = BN_CTX_get(ctx);
    468. 

  468.     a3 = BN_CTX_get(ctx);
    469. 

  469.     b1 = BN_CTX_get(ctx);
    470. 

  470.     b2 = BN_CTX_get(ctx);
    471. 

  471.     b3 = BN_CTX_get(ctx);
    472. 

  472.     if (!b3) {
    473. 

  473.         BN_CTX_end(ctx);
    474. 

  474.         if (ctx_new)
    475. 

  475.             BN_CTX_free(ctx);
    476. 

  476.         return -1;
    477. 

  477.     }
    478. 

  478. 

  479.     /*
    480. 

  480.      * XXX This approach assumes that the external representation of curves
    481. 

  481.      * over the same field type is the same.
    482. 

  482.      */
    483. 

  483.     if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) ||
    484. 

  484.         !b->meth->group_get_curve(b, b1, b2, b3, ctx))
    485. 

  485.         r = 1;
    486. 

  486. 

  487.     if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3))
    488. 

  488.         r = 1;
    489. 

  489. 

  490.     /* XXX EC_POINT_cmp() assumes that the methods are equal */
    491. 

  491.     if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a),
    492. 

  492.                           EC_GROUP_get0_generator(b), ctx))
    493. 

  493.         r = 1;
    494. 

  494. 

  495.     if (!r) {
    496. 

  496.         /* compare the order and cofactor */
    497. 

  497.         if (!EC_GROUP_get_order(a, a1, ctx) ||
    498. 

  498.             !EC_GROUP_get_order(b, b1, ctx) ||
    499. 

  499.             !EC_GROUP_get_cofactor(a, a2, ctx) ||
    500. 

  500.             !EC_GROUP_get_cofactor(b, b2, ctx)) {
    501. 

  501.             BN_CTX_end(ctx);
    502. 

  502.             if (ctx_new)
    503. 

  503.                 BN_CTX_free(ctx);
    504. 

  504.             return -1;
    505. 

  505.         }
    506. 

  506.         if (BN_cmp(a1, b1) || BN_cmp(a2, b2))
    507. 

  507.             r = 1;
    508. 

  508.     }
    509. 

  509. 

  510.     BN_CTX_end(ctx);
    511. 

  511.     if (ctx_new)
    512. 

  512.         BN_CTX_free(ctx);
    513. 

  513. 

  514.     return r;
    515. 

  515. }
    516. 

  516. 

  517. /* this has 'package' visibility */
    518. 

  518. int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data,
    519. 

  519.                         void *(*dup_func) (void *),
    520. 

  520.                         void (*free_func) (void *),
    521. 

  521.                         void (*clear_free_func) (void *))
    522. 

  522. {
    523. 

  523.     EC_EXTRA_DATA *d;
    524. 

  524. 

  525.     if (ex_data == NULL)
    526. 

  526.         return 0;
    527. 

  527. 

  528.     for (d = *ex_data; d != NULL; d = d->next) {
    529. 

  529.         if (d->dup_func == dup_func && d->free_func == free_func
    530. 

  530.             && d->clear_free_func == clear_free_func) {
    531. 

  531.             ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL);
    532. 

  532.             return 0;
    533. 

  533.         }
    534. 

  534.     }
    535. 

  535. 

  536.     if (data == NULL)
    537. 

  537.         /* no explicit entry needed */
    538. 

  538.         return 1;
    539. 

  539. 

  540.     d = OPENSSL_malloc(sizeof *d);
    541. 

  541.     if (d == NULL)
    542. 

  542.         return 0;
    543. 

  543. 

  544.     d->data = data;
    545. 

  545.     d->dup_func = dup_func;
    546. 

  546.     d->free_func = free_func;
    547. 

  547.     d->clear_free_func = clear_free_func;
    548. 

  548. 

  549.     d->next = *ex_data;
    550. 

  550.     *ex_data = d;
    551. 

  551. 

  552.     return 1;
    553. 

  553. }
    554. 

  554. 

  555. /* this has 'package' visibility */
    556. 

  556. void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data,
    557. 

  557.                           void *(*dup_func) (void *),
    558. 

  558.                           void (*free_func) (void *),
    559. 

  559.                           void (*clear_free_func) (void *))
    560. 

  560. {
    561. 

  561.     const EC_EXTRA_DATA *d;
    562. 

  562. 

  563.     for (d = ex_data; d != NULL; d = d->next) {
    564. 

  564.         if (d->dup_func == dup_func && d->free_func == free_func
    565. 

  565.             && d->clear_free_func == clear_free_func)
    566. 

  566.             return d->data;
    567. 

  567.     }
    568. 

  568. 

  569.     return NULL;
    570. 

  570. }
    571. 

  571. 

  572. /* this has 'package' visibility */
    573. 

  573. void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data,
    574. 

  574.                           void *(*dup_func) (void *),
    575. 

  575.                           void (*free_func) (void *),
    576. 

  576.                           void (*clear_free_func) (void *))
    577. 

  577. {
    578. 

  578.     EC_EXTRA_DATA **p;
    579. 

  579. 

  580.     if (ex_data == NULL)
    581. 

  581.         return;
    582. 

  582. 

  583.     for (p = ex_data; *p != NULL; p = &((*p)->next)) {
    584. 

  584.         if ((*p)->dup_func == dup_func && (*p)->free_func == free_func
    585. 

  585.             && (*p)->clear_free_func == clear_free_func) {
    586. 

  586.             EC_EXTRA_DATA *next = (*p)->next;
    587. 

  587. 

  588.             (*p)->free_func((*p)->data);
    589. 

  589.             OPENSSL_free(*p);
    590. 

  590. 

  591.             *p = next;
    592. 

  592.             return;
    593. 

  593.         }
    594. 

  594.     }
    595. 

  595. }
    596. 

  596. 

  597. /* this has 'package' visibility */
    598. 

  598. void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data,
    599. 

  599.                                 void *(*dup_func) (void *),
    600. 

  600.                                 void (*free_func) (void *),
    601. 

  601.                                 void (*clear_free_func) (void *))
    602. 

  602. {
    603. 

  603.     EC_EXTRA_DATA **p;
    604. 

  604. 

  605.     if (ex_data == NULL)
    606. 

  606.         return;
    607. 

  607. 

  608.     for (p = ex_data; *p != NULL; p = &((*p)->next)) {
    609. 

  609.         if ((*p)->dup_func == dup_func && (*p)->free_func == free_func
    610. 

  610.             && (*p)->clear_free_func == clear_free_func) {
    611. 

  611.             EC_EXTRA_DATA *next = (*p)->next;
    612. 

  612. 

  613.             (*p)->clear_free_func((*p)->data);
    614. 

  614.             OPENSSL_free(*p);
    615. 

  615. 

  616.             *p = next;
    617. 

  617.             return;
    618. 

  618.         }
    619. 

  619.     }
    620. 

  620. }
    621. 

  621. 

  622. /* this has 'package' visibility */
    623. 

  623. void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data)
    624. 

  624. {
    625. 

  625.     EC_EXTRA_DATA *d;
    626. 

  626. 

  627.     if (ex_data == NULL)
    628. 

  628.         return;
    629. 

  629. 

  630.     d = *ex_data;
    631. 

  631.     while (d) {
    632. 

  632.         EC_EXTRA_DATA *next = d->next;
    633. 

  633. 

  634.         d->free_func(d->data);
    635. 

  635.         OPENSSL_free(d);
    636. 

  636. 

  637.         d = next;
    638. 

  638.     }
    639. 

  639.     *ex_data = NULL;
    640. 

  640. }
    641. 

  641. 

  642. /* this has 'package' visibility */
    643. 

  643. void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data)
    644. 

  644. {
    645. 

  645.     EC_EXTRA_DATA *d;
    646. 

  646. 

  647.     if (ex_data == NULL)
    648. 

  648.         return;
    649. 

  649. 

  650.     d = *ex_data;
    651. 

  651.     while (d) {
    652. 

  652.         EC_EXTRA_DATA *next = d->next;
    653. 

  653. 

  654.         d->clear_free_func(d->data);
    655. 

  655.         OPENSSL_free(d);
    656. 

  656. 

  657.         d = next;
    658. 

  658.     }
    659. 

  659.     *ex_data = NULL;
    660. 

  660. }
    661. 

  661. 

  662. /* functions for EC_POINT objects */
    663. 

  663. 

  664. EC_POINT *EC_POINT_new(const EC_GROUP *group)
    665. 

  665. {
    666. 

  666.     EC_POINT *ret;
    667. 

  667. 

  668.     if (group == NULL) {
    669. 

  669.         ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
    670. 

  670.         return NULL;
    671. 

  671.     }
    672. 

  672.     if (group->meth->point_init == 0) {
    673. 

  673.         ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    674. 

  674.         return NULL;
    675. 

  675.     }
    676. 

  676. 

  677.     ret = OPENSSL_malloc(sizeof *ret);
    678. 

  678.     if (ret == NULL) {
    679. 

  679.         ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
    680. 

  680.         return NULL;
    681. 

  681.     }
    682. 

  682. 

  683.     ret->meth = group->meth;
    684. 

  684. 

  685.     if (!ret->meth->point_init(ret)) {
    686. 

  686.         OPENSSL_free(ret);
    687. 

  687.         return NULL;
    688. 

  688.     }
    689. 

  689. 

  690.     return ret;
    691. 

  691. }
    692. 

  692. 

  693. void EC_POINT_free(EC_POINT *point)
    694. 

  694. {
    695. 

  695.     if (!point)
    696. 

  696.         return;
    697. 

  697. 

  698.     if (point->meth->point_finish != 0)
    699. 

  699.         point->meth->point_finish(point);
    700. 

  700.     OPENSSL_free(point);
    701. 

  701. }
    702. 

  702. 

  703. void EC_POINT_clear_free(EC_POINT *point)
    704. 

  704. {
    705. 

  705.     if (!point)
    706. 

  706.         return;
    707. 

  707. 

  708.     if (point->meth->point_clear_finish != 0)
    709. 

  709.         point->meth->point_clear_finish(point);
    710. 

  710.     else if (point->meth != NULL && point->meth->point_finish != 0)
    711. 

  711.         point->meth->point_finish(point);
    712. 

  712.     OPENSSL_cleanse(point, sizeof *point);
    713. 

  713.     OPENSSL_free(point);
    714. 

  714. }
    715. 

  715. 

  716. int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
    717. 

  717. {
    718. 

  718.     if (dest->meth->point_copy == 0) {
    719. 

  719.         ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    720. 

  720.         return 0;
    721. 

  721.     }
    722. 

  722.     if (dest->meth != src->meth) {
    723. 

  723.         ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
    724. 

  724.         return 0;
    725. 

  725.     }
    726. 

  726.     if (dest == src)
    727. 

  727.         return 1;
    728. 

  728.     return dest->meth->point_copy(dest, src);
    729. 

  729. }
    730. 

  730. 

  731. EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
    732. 

  732. {
    733. 

  733.     EC_POINT *t;
    734. 

  734.     int r;
    735. 

  735. 

  736.     if (a == NULL)
    737. 

  737.         return NULL;
    738. 

  738. 

  739.     t = EC_POINT_new(group);
    740. 

  740.     if (t == NULL)
    741. 

  741.         return (NULL);
    742. 

  742.     r = EC_POINT_copy(t, a);
    743. 

  743.     if (!r) {
    744. 

  744.         EC_POINT_free(t);
    745. 

  745.         return NULL;
    746. 

  746.     } else
    747. 

  747.         return t;
    748. 

  748. }
    749. 

  749. 

  750. const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
    751. 

  751. {
    752. 

  752.     return point->meth;
    753. 

  753. }
    754. 

  754. 

  755. int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
    756. 

  756. {
    757. 

  757.     if (group->meth->point_set_to_infinity == 0) {
    758. 

  758.         ECerr(EC_F_EC_POINT_SET_TO_INFINITY,
    759. 

  759.               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    760. 

  760.         return 0;
    761. 

  761.     }
    762. 

  762.     if (group->meth != point->meth) {
    763. 

  763.         ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
    764. 

  764.         return 0;
    765. 

  765.     }
    766. 

  766.     return group->meth->point_set_to_infinity(group, point);
    767. 

  767. }
    768. 

  768. 

  769. int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
    770. 

  770.                                              EC_POINT *point, const BIGNUM *x,
    771. 

  771.                                              const BIGNUM *y, const BIGNUM *z,
    772. 

  772.                                              BN_CTX *ctx)
    773. 

  773. {
    774. 

  774.     if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
    775. 

  775.         ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
    776. 

  776.               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    777. 

  777.         return 0;
    778. 

  778.     }
    779. 

  779.     if (group->meth != point->meth) {
    780. 

  780.         ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
    781. 

  781.               EC_R_INCOMPATIBLE_OBJECTS);
    782. 

  782.         return 0;
    783. 

  783.     }
    784. 

  784.     return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x,
    785. 

  785.                                                               y, z, ctx);
    786. 

  786. }
    787. 

  787. 

  788. int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
    789. 

  789.                                              const EC_POINT *point, BIGNUM *x,
    790. 

  790.                                              BIGNUM *y, BIGNUM *z,
    791. 

  791.                                              BN_CTX *ctx)
    792. 

  792. {
    793. 

  793.     if (group->meth->point_get_Jprojective_coordinates_GFp == 0) {
    794. 

  794.         ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
    795. 

  795.               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    796. 

  796.         return 0;
    797. 

  797.     }
    798. 

  798.     if (group->meth != point->meth) {
    799. 

  799.         ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
    800. 

  800.               EC_R_INCOMPATIBLE_OBJECTS);
    801. 

  801.         return 0;
    802. 

  802.     }
    803. 

  803.     return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x,
    804. 

  804.                                                               y, z, ctx);
    805. 

  805. }
    806. 

  806. 

  807. int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
    808. 

  808.                                         EC_POINT *point, const BIGNUM *x,
    809. 

  809.                                         const BIGNUM *y, BN_CTX *ctx)
    810. 

  810. {
    811. 

  811.     if (group->meth->point_set_affine_coordinates == 0) {
    812. 

  812.         ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
    813. 

  813.               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    814. 

  814.         return 0;
    815. 

  815.     }
    816. 

  816.     if (group->meth != point->meth) {
    817. 

  817.         ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
    818. 

  818.               EC_R_INCOMPATIBLE_OBJECTS);
    819. 

  819.         return 0;
    820. 

  820.     }
    821. 

  821.     return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
    822. 

  822. }
    823. 

  823. 

  824. int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
    825. 

  825.                                          EC_POINT *point, const BIGNUM *x,
    826. 

  826.                                          const BIGNUM *y, BN_CTX *ctx)
    827. 

  827. {
    828. 

  828.     if (group->meth->point_set_affine_coordinates == 0) {
    829. 

  829.         ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
    830. 

  830.               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    831. 

  831.         return 0;
    832. 

  832.     }
    833. 

  833.     if (group->meth != point->meth) {
    834. 

  834.         ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
    835. 

  835.               EC_R_INCOMPATIBLE_OBJECTS);
    836. 

  836.         return 0;
    837. 

  837.     }
    838. 

  838.     return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
    839. 

  839. }
    840. 

  840. 

  841. int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
    842. 

  842.                                         const EC_POINT *point, BIGNUM *x,
    843. 

  843.                                         BIGNUM *y, BN_CTX *ctx)
    844. 

  844. {
    845. 

  845.     if (group->meth->point_get_affine_coordinates == 0) {
    846. 

  846.         ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
    847. 

  847.               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    848. 

  848.         return 0;
    849. 

  849.     }
    850. 

  850.     if (group->meth != point->meth) {
    851. 

  851.         ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
    852. 

  852.               EC_R_INCOMPATIBLE_OBJECTS);
    853. 

  853.         return 0;
    854. 

  854.     }
    855. 

  855.     return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
    856. 

  856. }
    857. 

  857. 

  858. int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
    859. 

  859.                                          const EC_POINT *point, BIGNUM *x,
    860. 

  860.                                          BIGNUM *y, BN_CTX *ctx)
    861. 

  861. {
    862. 

  862.     if (group->meth->point_get_affine_coordinates == 0) {
    863. 

  863.         ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
    864. 

  864.               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    865. 

  865.         return 0;
    866. 

  866.     }
    867. 

  867.     if (group->meth != point->meth) {
    868. 

  868.         ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
    869. 

  869.               EC_R_INCOMPATIBLE_OBJECTS);
    870. 

  870.         return 0;
    871. 

  871.     }
    872. 

  872.     return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
    873. 

  873. }
    874. 

  874. 

  875. int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
    876. 

  876.                                             EC_POINT *point, const BIGNUM *x,
    877. 

  877.                                             int y_bit, BN_CTX *ctx)
    878. 

  878. {
    879. 

  879.     if (group->meth->point_set_compressed_coordinates == 0) {
    880. 

  880.         ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
    881. 

  881.               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    882. 

  882.         return 0;
    883. 

  883.     }
    884. 

  884.     if (group->meth != point->meth) {
    885. 

  885.         ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
    886. 

  886.               EC_R_INCOMPATIBLE_OBJECTS);
    887. 

  887.         return 0;
    888. 

  888.     }
    889. 

  889.     return group->meth->point_set_compressed_coordinates(group, point, x,
    890. 

  890.                                                          y_bit, ctx);
    891. 

  891. }
    892. 

  892. 

  893. int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
    894. 

  894.                                              EC_POINT *point, const BIGNUM *x,
    895. 

  895.                                              int y_bit, BN_CTX *ctx)
    896. 

  896. {
    897. 

  897.     if (group->meth->point_set_compressed_coordinates == 0) {
    898. 

  898.         ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M,
    899. 

  899.               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    900. 

  900.         return 0;
    901. 

  901.     }
    902. 

  902.     if (group->meth != point->meth) {
    903. 

  903.         ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M,
    904. 

  904.               EC_R_INCOMPATIBLE_OBJECTS);
    905. 

  905.         return 0;
    906. 

  906.     }
    907. 

  907.     return group->meth->point_set_compressed_coordinates(group, point, x,
    908. 

  908.                                                          y_bit, ctx);
    909. 

  909. }
    910. 

  910. 

  911. size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
    912. 

  912.                           point_conversion_form_t form, unsigned char *buf,
    913. 

  913.                           size_t len, BN_CTX *ctx)
    914. 

  914. {
    915. 

  915.     if (group->meth->point2oct == 0) {
    916. 

  916.         ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    917. 

  917.         return 0;
    918. 

  918.     }
    919. 

  919.     if (group->meth != point->meth) {
    920. 

  920.         ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
    921. 

  921.         return 0;
    922. 

  922.     }
    923. 

  923.     return group->meth->point2oct(group, point, form, buf, len, ctx);
    924. 

  924. }
    925. 

  925. 

  926. int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
    927. 

  927.                        const unsigned char *buf, size_t len, BN_CTX *ctx)
    928. 

  928. {
    929. 

  929.     if (group->meth->oct2point == 0) {
    930. 

  930.         ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    931. 

  931.         return 0;
    932. 

  932.     }
    933. 

  933.     if (group->meth != point->meth) {
    934. 

  934.         ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
    935. 

  935.         return 0;
    936. 

  936.     }
    937. 

  937.     return group->meth->oct2point(group, point, buf, len, ctx);
    938. 

  938. }
    939. 

  939. 

  940. int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
    941. 

  941.                  const EC_POINT *b, BN_CTX *ctx)
    942. 

  942. {
    943. 

  943.     if (group->meth->add == 0) {
    944. 

  944.         ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    945. 

  945.         return 0;
    946. 

  946.     }
    947. 

  947.     if ((group->meth != r->meth) || (r->meth != a->meth)
    948. 

  948.         || (a->meth != b->meth)) {
    949. 

  949.         ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
    950. 

  950.         return 0;
    951. 

  951.     }
    952. 

  952.     return group->meth->add(group, r, a, b, ctx);
    953. 

  953. }
    954. 

  954. 

  955. int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
    956. 

  956.                  BN_CTX *ctx)
    957. 

  957. {
    958. 

  958.     if (group->meth->dbl == 0) {
    959. 

  959.         ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    960. 

  960.         return 0;
    961. 

  961.     }
    962. 

  962.     if ((group->meth != r->meth) || (r->meth != a->meth)) {
    963. 

  963.         ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
    964. 

  964.         return 0;
    965. 

  965.     }
    966. 

  966.     return group->meth->dbl(group, r, a, ctx);
    967. 

  967. }
    968. 

  968. 

  969. int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
    970. 

  970. {
    971. 

  971.     if (group->meth->invert == 0) {
    972. 

  972.         ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    973. 

  973.         return 0;
    974. 

  974.     }
    975. 

  975.     if (group->meth != a->meth) {
    976. 

  976.         ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
    977. 

  977.         return 0;
    978. 

  978.     }
    979. 

  979.     return group->meth->invert(group, a, ctx);
    980. 

  980. }
    981. 

  981. 

  982. int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
    983. 

  983. {
    984. 

  984.     if (group->meth->is_at_infinity == 0) {
    985. 

  985.         ECerr(EC_F_EC_POINT_IS_AT_INFINITY,
    986. 

  986.               ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    987. 

  987.         return 0;
    988. 

  988.     }
    989. 

  989.     if (group->meth != point->meth) {
    990. 

  990.         ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
    991. 

  991.         return 0;
    992. 

  992.     }
    993. 

  993.     return group->meth->is_at_infinity(group, point);
    994. 

  994. }
    995. 

  995. 

  996. int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
    997. 

  997.                          BN_CTX *ctx)
    998. 

  998. {
    999. 

  999.     if (group->meth->is_on_curve == 0) {
    1000. 

  1000.         ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    1001. 

  1001.         return 0;
    1002. 

  1002.     }
    1003. 

  1003.     if (group->meth != point->meth) {
    1004. 

  1004.         ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
    1005. 

  1005.         return 0;
    1006. 

  1006.     }
    1007. 

  1007.     return group->meth->is_on_curve(group, point, ctx);
    1008. 

  1008. }
    1009. 

  1009. 

  1010. int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
    1011. 

  1011.                  BN_CTX *ctx)
    1012. 

  1012. {
    1013. 

  1013.     if (group->meth->point_cmp == 0) {
    1014. 

  1014.         ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    1015. 

  1015.         return -1;
    1016. 

  1016.     }
    1017. 

  1017.     if ((group->meth != a->meth) || (a->meth != b->meth)) {
    1018. 

  1018.         ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
    1019. 

  1019.         return -1;
    1020. 

  1020.     }
    1021. 

  1021.     return group->meth->point_cmp(group, a, b, ctx);
    1022. 

  1022. }
    1023. 

  1023. 

  1024. int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
    1025. 

  1025. {
    1026. 

  1026.     if (group->meth->make_affine == 0) {
    1027. 

  1027.         ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    1028. 

  1028.         return 0;
    1029. 

  1029.     }
    1030. 

  1030.     if (group->meth != point->meth) {
    1031. 

  1031.         ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
    1032. 

  1032.         return 0;
    1033. 

  1033.     }
    1034. 

  1034.     return group->meth->make_affine(group, point, ctx);
    1035. 

  1035. }
    1036. 

  1036. 

  1037. int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
    1038. 

  1038.                           EC_POINT *points[], BN_CTX *ctx)
    1039. 

  1039. {
    1040. 

  1040.     size_t i;
    1041. 

  1041. 

  1042.     if (group->meth->points_make_affine == 0) {
    1043. 

  1043.         ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    1044. 

  1044.         return 0;
    1045. 

  1045.     }
    1046. 

  1046.     for (i = 0; i < num; i++) {
    1047. 

  1047.         if (group->meth != points[i]->meth) {
    1048. 

  1048.             ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
    1049. 

  1049.             return 0;
    1050. 

  1050.         }
    1051. 

  1051.     }
    1052. 

  1052.     return group->meth->points_make_affine(group, num, points, ctx);
    1053. 

  1053. }
    1054. 

  1054. 

  1055. /*
    1056. 

  1056.  * Functions for point multiplication. If group->meth->mul is 0, we use the
    1057. 

  1057.  * wNAF-based implementations in ec_mult.c; otherwise we dispatch through
    1058. 

  1058.  * methods.
    1059. 

  1059.  */
    1060. 

  1060. 

  1061. int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
    1062. 

  1062.                   size_t num, const EC_POINT *points[],
    1063. 

  1063.                   const BIGNUM *scalars[], BN_CTX *ctx)
    1064. 

  1064. {
    1065. 

  1065.     if (group->meth->mul == 0)
    1066. 

  1066.         /* use default */
    1067. 

  1067.         return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
    1068. 

  1068. 

  1069.     return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
    1070. 

  1070. }
    1071. 

  1071. 

  1072. int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
    1073. 

  1073.                  const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
    1074. 

  1074. {
    1075. 

  1075.     /* just a convenient interface to EC_POINTs_mul() */
    1076. 

  1076. 

  1077.     const EC_POINT *points[1];
    1078. 

  1078.     const BIGNUM *scalars[1];
    1079. 

  1079. 

  1080.     points[0] = point;
    1081. 

  1081.     scalars[0] = p_scalar;
    1082. 

  1082. 

  1083.     return EC_POINTs_mul(group, r, g_scalar,
    1084. 

  1084.                          (point != NULL
    1085. 

  1085.                           && p_scalar != NULL), points, scalars, ctx);
    1086. 

  1086. }
    1087. 

  1087. 

  1088. int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
    1089. 

  1089. {
    1090. 

  1090.     if (group->meth->mul == 0)
    1091. 

  1091.         /* use default */
    1092. 

  1092.         return ec_wNAF_precompute_mult(group, ctx);
    1093. 

  1093. 

  1094.     if (group->meth->precompute_mult != 0)
    1095. 

  1095.         return group->meth->precompute_mult(group, ctx);
    1096. 

  1096.     else
    1097. 

  1097.         return 1;               /* nothing to do, so report success */
    1098. 

  1098. }
    1099. 

  1099. 

  1100. int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
    1101. 

  1101. {
    1102. 

  1102.     if (group->meth->mul == 0)
    1103. 

  1103.         /* use default */
    1104. 

  1104.         return ec_wNAF_have_precompute_mult(group);
    1105. 

  1105. 

  1106.     if (group->meth->have_precompute_mult != 0)
    1107. 

  1107.         return group->meth->have_precompute_mult(group);
    1108. 

  1108.     else
    1109. 

  1109.         return 0;               /* cannot tell whether precomputation has
    1110. 

  1110.                                  * been performed */
    1111. 

  1111. }
    1112.