1 files changed, 56 insertions, 1 deletions
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index 0e5897da9d..e17c4396f7 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.70 2024/10/18 10:57:26 tb Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.71 2024/10/19 08:26:03 tb Exp $ */
 /*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
@@ -602,6 +602,61 @@ EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx_in)
 LCRYPTO_ALIAS(EC_GROUP_check_discriminant);
 int
+EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx_in)
+{
+        BN_CTX *ctx;
+        EC_POINT *point = NULL;
+        const BIGNUM *order;
+        int ret = 0;
+        if ((ctx = ctx_in) == NULL)
+                ctx = BN_CTX_new();
+        if (ctx == NULL)
+                goto err;
+        /* check the discriminant */
+        if (!EC_GROUP_check_discriminant(group, ctx)) {
+                ECerror(EC_R_DISCRIMINANT_IS_ZERO);
+                goto err;
+        }
+        /* check the generator */
+        if (group->generator == NULL) {
+                ECerror(EC_R_UNDEFINED_GENERATOR);
+                goto err;
+        }
+        if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
+                ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
+                goto err;
+        }
+        /* check the order of the generator */
+        if ((point = EC_POINT_new(group)) == NULL)
+                goto err;
+        if ((order = EC_GROUP_get0_order(group)) == NULL)
+                goto err;
+        if (BN_is_zero(order)) {
+                ECerror(EC_R_UNDEFINED_ORDER);
+                goto err;
+        }
+        if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx))
+                goto err;
+        if (EC_POINT_is_at_infinity(group, point) <= 0) {
+                ECerror(EC_R_INVALID_GROUP_ORDER);
+                goto err;
+        }
+        ret = 1;
+ err:
+        if (ctx != ctx_in)
+                BN_CTX_free(ctx);
+        EC_POINT_free(point);
+        return ret;
+}
+LCRYPTO_ALIAS(EC_GROUP_check);
+int
 EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
 {
        int r = 0;

diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c index 0e5897da9d..e17c4396f7 100644 --- a/src/lib/libcrypto/ec/ec_lib.c +++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_lib.c,v 1.70 2024/10/18 10:57:26 tb Exp $ */	1	/* $OpenBSD: ec_lib.c,v 1.71 2024/10/19 08:26:03 tb Exp $ */
2	/*	2	/*
3	* Originally written by Bodo Moeller for the OpenSSL project.	3	* Originally written by Bodo Moeller for the OpenSSL project.
4	*/	4	*/
@@ -602,6 +602,61 @@ EC_GROUP_check_discriminant(const EC_GROUP group, BN_CTX ctx_in)
602	LCRYPTO_ALIAS(EC_GROUP_check_discriminant);	602	LCRYPTO_ALIAS(EC_GROUP_check_discriminant);
603		603
604	int	604	int
		605	EC_GROUP_check(const EC_GROUP group, BN_CTX ctx_in)
		606	{
		607	BN_CTX *ctx;
		608	EC_POINT *point = NULL;
		609	const BIGNUM *order;
		610	int ret = 0;
		611
		612	if ((ctx = ctx_in) == NULL)
		613	ctx = BN_CTX_new();
		614	if (ctx == NULL)
		615	goto err;
		616
		617	/* check the discriminant */
		618	if (!EC_GROUP_check_discriminant(group, ctx)) {
		619	ECerror(EC_R_DISCRIMINANT_IS_ZERO);
		620	goto err;
		621	}
		622	/* check the generator */
		623	if (group->generator == NULL) {
		624	ECerror(EC_R_UNDEFINED_GENERATOR);
		625	goto err;
		626	}
		627	if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
		628	ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
		629	goto err;
		630	}
		631	/* check the order of the generator */
		632	if ((point = EC_POINT_new(group)) == NULL)
		633	goto err;
		634	if ((order = EC_GROUP_get0_order(group)) == NULL)
		635	goto err;
		636	if (BN_is_zero(order)) {
		637	ECerror(EC_R_UNDEFINED_ORDER);
		638	goto err;
		639	}
		640	if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx))
		641	goto err;
		642	if (EC_POINT_is_at_infinity(group, point) <= 0) {
		643	ECerror(EC_R_INVALID_GROUP_ORDER);
		644	goto err;
		645	}
		646
		647	ret = 1;
		648
		649	err:
		650	if (ctx != ctx_in)
		651	BN_CTX_free(ctx);
		652
		653	EC_POINT_free(point);
		654
		655	return ret;
		656	}
		657	LCRYPTO_ALIAS(EC_GROUP_check);
		658
		659	int
605	EC_GROUP_cmp(const EC_GROUP a, const EC_GROUP b, BN_CTX *ctx)	660	EC_GROUP_cmp(const EC_GROUP a, const EC_GROUP b, BN_CTX *ctx)
606	{	661	{
607	int r = 0;	662	int r = 0;