summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ec
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/ec')
-rw-r--r--src/lib/libcrypto/ec/ec.h243
-rw-r--r--src/lib/libcrypto/ec/ec_cvt.c80
-rw-r--r--src/lib/libcrypto/ec/ec_err.c153
-rw-r--r--src/lib/libcrypto/ec/ec_lcl.h277
-rw-r--r--src/lib/libcrypto/ec/ec_lib.c656
-rw-r--r--src/lib/libcrypto/ec/ec_mult.c485
-rw-r--r--src/lib/libcrypto/ec/ecp_mont.c304
-rw-r--r--src/lib/libcrypto/ec/ecp_nist.c134
-rw-r--r--src/lib/libcrypto/ec/ecp_smpl.c1717
9 files changed, 0 insertions, 4049 deletions
diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h
deleted file mode 100644
index 6d6a9b7127..0000000000
--- a/src/lib/libcrypto/ec/ec.h
+++ /dev/null
@@ -1,243 +0,0 @@
1/* crypto/ec/ec.h */
2/* ====================================================================
3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#ifndef HEADER_EC_H
57#define HEADER_EC_H
58
59#ifdef OPENSSL_NO_EC
60#error EC is disabled.
61#endif
62
63#include <openssl/bn.h>
64#include <openssl/symhacks.h>
65
66#ifdef __cplusplus
67extern "C" {
68#endif
69
70
71typedef enum {
72 /* values as defined in X9.62 (ECDSA) and elsewhere */
73 POINT_CONVERSION_COMPRESSED = 2,
74 POINT_CONVERSION_UNCOMPRESSED = 4,
75 POINT_CONVERSION_HYBRID = 6
76} point_conversion_form_t;
77
78
79typedef struct ec_method_st EC_METHOD;
80
81typedef struct ec_group_st
82 /*
83 EC_METHOD *meth;
84 -- field definition
85 -- curve coefficients
86 -- optional generator with associated information (order, cofactor)
87 -- optional extra data (TODO: precomputed table for fast computation of multiples of generator)
88 */
89 EC_GROUP;
90
91typedef struct ec_point_st EC_POINT;
92
93
94/* EC_METHODs for curves over GF(p).
95 * EC_GFp_simple_method provides the basis for the optimized methods.
96 */
97const EC_METHOD *EC_GFp_simple_method(void);
98const EC_METHOD *EC_GFp_mont_method(void);
99#if 0
100const EC_METHOD *EC_GFp_recp_method(void); /* TODO */
101const EC_METHOD *EC_GFp_nist_method(void); /* TODO */
102#endif
103
104
105EC_GROUP *EC_GROUP_new(const EC_METHOD *);
106void EC_GROUP_free(EC_GROUP *);
107void EC_GROUP_clear_free(EC_GROUP *);
108int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *);
109
110const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *);
111
112
113/* We don't have types for field specifications and field elements in general.
114 * Otherwise we could declare
115 * int EC_GROUP_set_curve(EC_GROUP *, .....);
116 */
117int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
118int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
119
120/* EC_GROUP_new_GFp() calls EC_GROUP_new() and EC_GROUP_set_GFp()
121 * after choosing an appropriate EC_METHOD */
122EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
123
124int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
125EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);
126int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
127int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
128
129EC_POINT *EC_POINT_new(const EC_GROUP *);
130void EC_POINT_free(EC_POINT *);
131void EC_POINT_clear_free(EC_POINT *);
132int EC_POINT_copy(EC_POINT *, const EC_POINT *);
133
134const EC_METHOD *EC_POINT_method_of(const EC_POINT *);
135
136int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *);
137int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
138 const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
139int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
140 BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
141int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,
142 const BIGNUM *x, const BIGNUM *y, BN_CTX *);
143int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
144 BIGNUM *x, BIGNUM *y, BN_CTX *);
145int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,
146 const BIGNUM *x, int y_bit, BN_CTX *);
147
148size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
149 unsigned char *buf, size_t len, BN_CTX *);
150int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *,
151 const unsigned char *buf, size_t len, BN_CTX *);
152
153int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
154int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
155int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
156
157int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *);
158int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
159int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
160
161int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
162int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
163
164
165int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *);
166int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *);
167int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *);
168
169
170
171/* BEGIN ERROR CODES */
172/* The following lines are auto generated by the script mkerr.pl. Any changes
173 * made after this point may be overwritten when the script is next run.
174 */
175void ERR_load_EC_strings(void);
176
177/* Error codes for the EC functions. */
178
179/* Function codes. */
180#define EC_F_COMPUTE_WNAF 143
181#define EC_F_EC_GFP_MONT_FIELD_DECODE 133
182#define EC_F_EC_GFP_MONT_FIELD_ENCODE 134
183#define EC_F_EC_GFP_MONT_FIELD_MUL 131
184#define EC_F_EC_GFP_MONT_FIELD_SQR 132
185#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100
186#define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101
187#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102
188#define EC_F_EC_GFP_SIMPLE_OCT2POINT 103
189#define EC_F_EC_GFP_SIMPLE_POINT2OCT 104
190#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137
191#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105
192#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128
193#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129
194#define EC_F_EC_GROUP_COPY 106
195#define EC_F_EC_GROUP_GET0_GENERATOR 139
196#define EC_F_EC_GROUP_GET_COFACTOR 140
197#define EC_F_EC_GROUP_GET_CURVE_GFP 130
198#define EC_F_EC_GROUP_GET_ORDER 141
199#define EC_F_EC_GROUP_NEW 108
200#define EC_F_EC_GROUP_PRECOMPUTE_MULT 142
201#define EC_F_EC_GROUP_SET_CURVE_GFP 109
202#define EC_F_EC_GROUP_SET_EXTRA_DATA 110
203#define EC_F_EC_GROUP_SET_GENERATOR 111
204#define EC_F_EC_POINTS_MAKE_AFFINE 136
205#define EC_F_EC_POINTS_MUL 138
206#define EC_F_EC_POINT_ADD 112
207#define EC_F_EC_POINT_CMP 113
208#define EC_F_EC_POINT_COPY 114
209#define EC_F_EC_POINT_DBL 115
210#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116
211#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117
212#define EC_F_EC_POINT_IS_AT_INFINITY 118
213#define EC_F_EC_POINT_IS_ON_CURVE 119
214#define EC_F_EC_POINT_MAKE_AFFINE 120
215#define EC_F_EC_POINT_NEW 121
216#define EC_F_EC_POINT_OCT2POINT 122
217#define EC_F_EC_POINT_POINT2OCT 123
218#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124
219#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125
220#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126
221#define EC_F_EC_POINT_SET_TO_INFINITY 127
222#define EC_F_GFP_MONT_GROUP_SET_CURVE_GFP 135
223
224/* Reason codes. */
225#define EC_R_BUFFER_TOO_SMALL 100
226#define EC_R_INCOMPATIBLE_OBJECTS 101
227#define EC_R_INVALID_ARGUMENT 112
228#define EC_R_INVALID_COMPRESSED_POINT 110
229#define EC_R_INVALID_COMPRESSION_BIT 109
230#define EC_R_INVALID_ENCODING 102
231#define EC_R_INVALID_FIELD 103
232#define EC_R_INVALID_FORM 104
233#define EC_R_NOT_INITIALIZED 111
234#define EC_R_POINT_AT_INFINITY 106
235#define EC_R_POINT_IS_NOT_ON_CURVE 107
236#define EC_R_SLOT_FULL 108
237#define EC_R_UNDEFINED_GENERATOR 113
238#define EC_R_UNKNOWN_ORDER 114
239
240#ifdef __cplusplus
241}
242#endif
243#endif
diff --git a/src/lib/libcrypto/ec/ec_cvt.c b/src/lib/libcrypto/ec/ec_cvt.c
deleted file mode 100644
index 45b0ec33a0..0000000000
--- a/src/lib/libcrypto/ec/ec_cvt.c
+++ /dev/null
@@ -1,80 +0,0 @@
1/* crypto/ec/ec_cvt.c */
2/* ====================================================================
3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "ec_lcl.h"
57
58
59EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
60 {
61 const EC_METHOD *meth;
62 EC_GROUP *ret;
63
64 /* Finally, this will use EC_GFp_nist_method if 'p' is a special
65 * prime with optimized modular arithmetics (for NIST curves)
66 */
67 meth = EC_GFp_mont_method();
68
69 ret = EC_GROUP_new(meth);
70 if (ret == NULL)
71 return NULL;
72
73 if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
74 {
75 EC_GROUP_clear_free(ret);
76 return NULL;
77 }
78
79 return ret;
80 }
diff --git a/src/lib/libcrypto/ec/ec_err.c b/src/lib/libcrypto/ec/ec_err.c
deleted file mode 100644
index 5b70f94382..0000000000
--- a/src/lib/libcrypto/ec/ec_err.c
+++ /dev/null
@@ -1,153 +0,0 @@
1/* crypto/ec/ec_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/ec.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)
70
71static ERR_STRING_DATA EC_str_functs[]=
72 {
73{ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"},
74{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"},
75{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"},
76{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"},
77{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
78{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), "ec_GFp_simple_group_set_curve_GFp"},
79{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), "ec_GFp_simple_group_set_generator"},
80{ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"},
81{ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"},
82{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"},
83{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), "ec_GFp_simple_points_make_affine"},
84{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "ec_GFp_simple_point_get_affine_coordinates_GFp"},
85{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "ec_GFp_simple_point_set_affine_coordinates_GFp"},
86{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), "ec_GFp_simple_set_compressed_coordinates_GFp"},
87{ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"},
88{ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"},
89{ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"},
90{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
91{ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"},
92{ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"},
93{ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"},
94{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
95{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_set_extra_data"},
96{ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
97{ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"},
98{ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"},
99{ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"},
100{ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"},
101{ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"},
102{ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"},
103{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), "EC_POINT_get_affine_coordinates_GFp"},
104{ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_get_Jprojective_coordinates_GFp"},
105{ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"},
106{ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"},
107{ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"},
108{ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"},
109{ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"},
110{ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"},
111{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), "EC_POINT_set_affine_coordinates_GFp"},
112{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), "EC_POINT_set_compressed_coordinates_GFp"},
113{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"},
114{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
115{ERR_FUNC(EC_F_GFP_MONT_GROUP_SET_CURVE_GFP), "GFP_MONT_GROUP_SET_CURVE_GFP"},
116{0,NULL}
117 };
118
119static ERR_STRING_DATA EC_str_reasons[]=
120 {
121{ERR_REASON(EC_R_BUFFER_TOO_SMALL) ,"buffer too small"},
122{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS) ,"incompatible objects"},
123{ERR_REASON(EC_R_INVALID_ARGUMENT) ,"invalid argument"},
124{ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"},
125{ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"},
126{ERR_REASON(EC_R_INVALID_ENCODING) ,"invalid encoding"},
127{ERR_REASON(EC_R_INVALID_FIELD) ,"invalid field"},
128{ERR_REASON(EC_R_INVALID_FORM) ,"invalid form"},
129{ERR_REASON(EC_R_NOT_INITIALIZED) ,"not initialized"},
130{ERR_REASON(EC_R_POINT_AT_INFINITY) ,"point at infinity"},
131{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE) ,"point is not on curve"},
132{ERR_REASON(EC_R_SLOT_FULL) ,"slot full"},
133{ERR_REASON(EC_R_UNDEFINED_GENERATOR) ,"undefined generator"},
134{ERR_REASON(EC_R_UNKNOWN_ORDER) ,"unknown order"},
135{0,NULL}
136 };
137
138#endif
139
140void ERR_load_EC_strings(void)
141 {
142 static int init=1;
143
144 if (init)
145 {
146 init=0;
147#ifndef OPENSSL_NO_ERR
148 ERR_load_strings(0,EC_str_functs);
149 ERR_load_strings(0,EC_str_reasons);
150#endif
151
152 }
153 }
diff --git a/src/lib/libcrypto/ec/ec_lcl.h b/src/lib/libcrypto/ec/ec_lcl.h
deleted file mode 100644
index cc4cf27755..0000000000
--- a/src/lib/libcrypto/ec/ec_lcl.h
+++ /dev/null
@@ -1,277 +0,0 @@
1/* crypto/ec/ec_lcl.h */
2/* ====================================================================
3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56
57#include <stdlib.h>
58
59#include <openssl/ec.h>
60
61
62/* Structure details are not part of the exported interface,
63 * so all this may change in future versions. */
64
65struct ec_method_st {
66 /* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */
67 int (*group_init)(EC_GROUP *);
68 void (*group_finish)(EC_GROUP *);
69 void (*group_clear_finish)(EC_GROUP *);
70 int (*group_copy)(EC_GROUP *, const EC_GROUP *);
71
72 /* used by EC_GROUP_set_curve_GFp and EC_GROUP_get_curve_GFp: */
73 int (*group_set_curve_GFp)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
74 int (*group_get_curve_GFp)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
75
76 /* used by EC_GROUP_set_generator, EC_GROUP_get0_generator,
77 * EC_GROUP_get_order, EC_GROUP_get_cofactor:
78 */
79 int (*group_set_generator)(EC_GROUP *, const EC_POINT *generator,
80 const BIGNUM *order, const BIGNUM *cofactor);
81 EC_POINT *(*group_get0_generator)(const EC_GROUP *);
82 int (*group_get_order)(const EC_GROUP *, BIGNUM *order, BN_CTX *);
83 int (*group_get_cofactor)(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
84
85 /* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */
86 int (*point_init)(EC_POINT *);
87 void (*point_finish)(EC_POINT *);
88 void (*point_clear_finish)(EC_POINT *);
89 int (*point_copy)(EC_POINT *, const EC_POINT *);
90
91 /* used by EC_POINT_set_to_infinity,
92 * EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_get_Jprojective_coordinates_GFp,
93 * EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp,
94 * EC_POINT_set_compressed_coordinates_GFp:
95 */
96 int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *);
97 int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
98 const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
99 int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
100 BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
101 int (*point_set_affine_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
102 const BIGNUM *x, const BIGNUM *y, BN_CTX *);
103 int (*point_get_affine_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
104 BIGNUM *x, BIGNUM *y, BN_CTX *);
105 int (*point_set_compressed_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
106 const BIGNUM *x, int y_bit, BN_CTX *);
107
108 /* used by EC_POINT_point2oct, EC_POINT_oct2point: */
109 size_t (*point2oct)(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
110 unsigned char *buf, size_t len, BN_CTX *);
111 int (*oct2point)(const EC_GROUP *, EC_POINT *,
112 const unsigned char *buf, size_t len, BN_CTX *);
113
114 /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */
115 int (*add)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
116 int (*dbl)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
117 int (*invert)(const EC_GROUP *, EC_POINT *, BN_CTX *);
118
119 /* used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: */
120 int (*is_at_infinity)(const EC_GROUP *, const EC_POINT *);
121 int (*is_on_curve)(const EC_GROUP *, const EC_POINT *, BN_CTX *);
122 int (*point_cmp)(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
123
124 /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */
125 int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *);
126 int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
127
128
129 /* internal functions */
130
131 /* 'field_mul' and 'field_sqr' can be used by 'add' and 'dbl' so that
132 * the same implementations of point operations can be used with different
133 * optimized implementations of expensive field operations: */
134 int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
135 int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
136
137 int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */
138 int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */
139 int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *);
140} /* EC_METHOD */;
141
142
143struct ec_group_st {
144 const EC_METHOD *meth;
145
146 void *extra_data;
147 void *(*extra_data_dup_func)(void *);
148 void (*extra_data_free_func)(void *);
149 void (*extra_data_clear_free_func)(void *);
150
151 /* All members except 'meth' and 'extra_data...' are handled by
152 * the method functions, even if they appear generic */
153
154 BIGNUM field; /* Field specification.
155 * For curves over GF(p), this is the modulus. */
156
157 BIGNUM a, b; /* Curve coefficients.
158 * (Here the assumption is that BIGNUMs can be used
159 * or abused for all kinds of fields, not just GF(p).)
160 * For characteristic > 3, the curve is defined
161 * by a Weierstrass equation of the form
162 * y^2 = x^3 + a*x + b.
163 */
164 int a_is_minus3; /* enable optimized point arithmetics for special case */
165
166 EC_POINT *generator; /* optional */
167 BIGNUM order, cofactor;
168
169 void *field_data1; /* method-specific (e.g., Montgomery structure) */
170 void *field_data2; /* method-specific */
171} /* EC_GROUP */;
172
173
174/* Basically a 'mixin' for extra data, but available for EC_GROUPs only
175 * (with visibility limited to 'package' level for now).
176 * We use the function pointers as index for retrieval; this obviates
177 * global ex_data-style index tables.
178 * (Currently, we have one slot only, but is is possible to extend this
179 * if necessary.) */
180int EC_GROUP_set_extra_data(EC_GROUP *, void *extra_data, void *(*extra_data_dup_func)(void *),
181 void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *));
182void *EC_GROUP_get_extra_data(const EC_GROUP *, void *(*extra_data_dup_func)(void *),
183 void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *));
184void EC_GROUP_free_extra_data(EC_GROUP *);
185void EC_GROUP_clear_free_extra_data(EC_GROUP *);
186
187
188
189struct ec_point_st {
190 const EC_METHOD *meth;
191
192 /* All members except 'meth' are handled by the method functions,
193 * even if they appear generic */
194
195 BIGNUM X;
196 BIGNUM Y;
197 BIGNUM Z; /* Jacobian projective coordinates:
198 * (X, Y, Z) represents (X/Z^2, Y/Z^3) if Z != 0 */
199 int Z_is_one; /* enable optimized point arithmetics for special case */
200} /* EC_POINT */;
201
202
203
204/* method functions in ecp_smpl.c */
205int ec_GFp_simple_group_init(EC_GROUP *);
206void ec_GFp_simple_group_finish(EC_GROUP *);
207void ec_GFp_simple_group_clear_finish(EC_GROUP *);
208int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
209int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
210int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
211int ec_GFp_simple_group_set_generator(EC_GROUP *, const EC_POINT *generator,
212 const BIGNUM *order, const BIGNUM *cofactor);
213EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *);
214int ec_GFp_simple_group_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
215int ec_GFp_simple_group_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
216int ec_GFp_simple_point_init(EC_POINT *);
217void ec_GFp_simple_point_finish(EC_POINT *);
218void ec_GFp_simple_point_clear_finish(EC_POINT *);
219int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
220int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
221int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
222 const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
223int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
224 BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
225int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,
226 const BIGNUM *x, const BIGNUM *y, BN_CTX *);
227int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
228 BIGNUM *x, BIGNUM *y, BN_CTX *);
229int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,
230 const BIGNUM *x, int y_bit, BN_CTX *);
231size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
232 unsigned char *buf, size_t len, BN_CTX *);
233int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *,
234 const unsigned char *buf, size_t len, BN_CTX *);
235int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
236int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
237int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
238int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
239int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
240int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
241int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
242int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
243int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
244int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
245
246
247/* method functions in ecp_mont.c */
248int ec_GFp_mont_group_init(EC_GROUP *);
249int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
250void ec_GFp_mont_group_finish(EC_GROUP *);
251void ec_GFp_mont_group_clear_finish(EC_GROUP *);
252int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
253int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
254int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
255int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
256int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
257int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
258
259
260/* method functions in ecp_recp.c */
261int ec_GFp_recp_group_init(EC_GROUP *);
262int ec_GFp_recp_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
263void ec_GFp_recp_group_finish(EC_GROUP *);
264void ec_GFp_recp_group_clear_finish(EC_GROUP *);
265int ec_GFp_recp_group_copy(EC_GROUP *, const EC_GROUP *);
266int ec_GFp_recp_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
267int ec_GFp_recp_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
268
269
270/* method functions in ecp_nist.c */
271int ec_GFp_nist_group_init(EC_GROUP *);
272int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
273void ec_GFp_nist_group_finish(EC_GROUP *);
274void ec_GFp_nist_group_clear_finish(EC_GROUP *);
275int ec_GFp_nist_group_copy(EC_GROUP *, const EC_GROUP *);
276int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
277int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
deleted file mode 100644
index deb522060f..0000000000
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ /dev/null
@@ -1,656 +0,0 @@
1/* crypto/ec/ec_lib.c */
2/* ====================================================================
3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <string.h>
57
58#include <openssl/err.h>
59#include <openssl/opensslv.h>
60
61#include "ec_lcl.h"
62
63static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
64
65
66/* functions for EC_GROUP objects */
67
68EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
69 {
70 EC_GROUP *ret;
71
72 if (meth == NULL)
73 {
74 ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER);
75 return NULL;
76 }
77 if (meth->group_init == 0)
78 {
79 ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
80 return NULL;
81 }
82
83 ret = OPENSSL_malloc(sizeof *ret);
84 if (ret == NULL)
85 {
86 ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
87 return NULL;
88 }
89
90 ret->meth = meth;
91
92 ret->extra_data = NULL;
93 ret->extra_data_dup_func = 0;
94 ret->extra_data_free_func = 0;
95 ret->extra_data_clear_free_func = 0;
96
97 if (!meth->group_init(ret))
98 {
99 OPENSSL_free(ret);
100 return NULL;
101 }
102
103 return ret;
104 }
105
106
107void EC_GROUP_free(EC_GROUP *group)
108 {
109 if (!group) return;
110
111 if (group->meth->group_finish != 0)
112 group->meth->group_finish(group);
113
114 EC_GROUP_free_extra_data(group);
115
116 OPENSSL_free(group);
117 }
118
119
120void EC_GROUP_clear_free(EC_GROUP *group)
121 {
122 if (!group) return;
123
124 if (group->meth->group_clear_finish != 0)
125 group->meth->group_clear_finish(group);
126 else if (group->meth != NULL && group->meth->group_finish != 0)
127 group->meth->group_finish(group);
128
129 EC_GROUP_clear_free_extra_data(group);
130
131 OPENSSL_cleanse(group, sizeof *group);
132 OPENSSL_free(group);
133 }
134
135
136int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
137 {
138 if (dest->meth->group_copy == 0)
139 {
140 ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
141 return 0;
142 }
143 if (dest->meth != src->meth)
144 {
145 ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
146 return 0;
147 }
148 if (dest == src)
149 return 1;
150
151 EC_GROUP_clear_free_extra_data(dest);
152 if (src->extra_data_dup_func)
153 {
154 if (src->extra_data != NULL)
155 {
156 dest->extra_data = src->extra_data_dup_func(src->extra_data);
157 if (dest->extra_data == NULL)
158 return 0;
159 }
160
161 dest->extra_data_dup_func = src->extra_data_dup_func;
162 dest->extra_data_free_func = src->extra_data_free_func;
163 dest->extra_data_clear_free_func = src->extra_data_clear_free_func;
164 }
165
166 return dest->meth->group_copy(dest, src);
167 }
168
169
170const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
171 {
172 return group->meth;
173 }
174
175
176int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
177 {
178 if (group->meth->group_set_curve_GFp == 0)
179 {
180 ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
181 return 0;
182 }
183 return group->meth->group_set_curve_GFp(group, p, a, b, ctx);
184 }
185
186
187int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
188 {
189 if (group->meth->group_get_curve_GFp == 0)
190 {
191 ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
192 return 0;
193 }
194 return group->meth->group_get_curve_GFp(group, p, a, b, ctx);
195 }
196
197
198int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor)
199 {
200 if (group->meth->group_set_generator == 0)
201 {
202 ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
203 return 0;
204 }
205 return group->meth->group_set_generator(group, generator, order, cofactor);
206 }
207
208
209EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
210 {
211 if (group->meth->group_get0_generator == 0)
212 {
213 ECerr(EC_F_EC_GROUP_GET0_GENERATOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
214 return 0;
215 }
216 return group->meth->group_get0_generator(group);
217 }
218
219
220int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
221 {
222 if (group->meth->group_get_order == 0)
223 {
224 ECerr(EC_F_EC_GROUP_GET_ORDER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
225 return 0;
226 }
227 return group->meth->group_get_order(group, order, ctx);
228 }
229
230
231int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
232 {
233 if (group->meth->group_get_cofactor == 0)
234 {
235 ECerr(EC_F_EC_GROUP_GET_COFACTOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
236 return 0;
237 }
238 return group->meth->group_get_cofactor(group, cofactor, ctx);
239 }
240
241
242/* this has 'package' visibility */
243int EC_GROUP_set_extra_data(EC_GROUP *group, void *extra_data, void *(*extra_data_dup_func)(void *),
244 void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *))
245 {
246 if ((group->extra_data != NULL)
247 || (group->extra_data_dup_func != 0)
248 || (group->extra_data_free_func != 0)
249 || (group->extra_data_clear_free_func != 0))
250 {
251 ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL);
252 return 0;
253 }
254
255 group->extra_data = extra_data;
256 group->extra_data_dup_func = extra_data_dup_func;
257 group->extra_data_free_func = extra_data_free_func;
258 group->extra_data_clear_free_func = extra_data_clear_free_func;
259 return 1;
260 }
261
262
263/* this has 'package' visibility */
264void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func)(void *),
265 void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *))
266 {
267 if ((group->extra_data_dup_func != extra_data_dup_func)
268 || (group->extra_data_free_func != extra_data_free_func)
269 || (group->extra_data_clear_free_func != extra_data_clear_free_func))
270 {
271#if 0 /* this was an error in 0.9.7, but that does not make a lot of sense */
272 ECerr(..._F_EC_GROUP_GET_EXTRA_DATA, ..._R_NO_SUCH_EXTRA_DATA);
273#endif
274 return NULL;
275 }
276
277 return group->extra_data;
278 }
279
280
281/* this has 'package' visibility */
282void EC_GROUP_free_extra_data(EC_GROUP *group)
283 {
284 if (group->extra_data_free_func)
285 group->extra_data_free_func(group->extra_data);
286 group->extra_data = NULL;
287 group->extra_data_dup_func = 0;
288 group->extra_data_free_func = 0;
289 group->extra_data_clear_free_func = 0;
290 }
291
292
293/* this has 'package' visibility */
294void EC_GROUP_clear_free_extra_data(EC_GROUP *group)
295 {
296 if (group->extra_data_clear_free_func)
297 group->extra_data_clear_free_func(group->extra_data);
298 else if (group->extra_data_free_func)
299 group->extra_data_free_func(group->extra_data);
300 group->extra_data = NULL;
301 group->extra_data_dup_func = 0;
302 group->extra_data_free_func = 0;
303 group->extra_data_clear_free_func = 0;
304 }
305
306
307
308/* functions for EC_POINT objects */
309
310EC_POINT *EC_POINT_new(const EC_GROUP *group)
311 {
312 EC_POINT *ret;
313
314 if (group == NULL)
315 {
316 ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
317 return NULL;
318 }
319 if (group->meth->point_init == 0)
320 {
321 ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
322 return NULL;
323 }
324
325 ret = OPENSSL_malloc(sizeof *ret);
326 if (ret == NULL)
327 {
328 ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
329 return NULL;
330 }
331
332 ret->meth = group->meth;
333
334 if (!ret->meth->point_init(ret))
335 {
336 OPENSSL_free(ret);
337 return NULL;
338 }
339
340 return ret;
341 }
342
343
344void EC_POINT_free(EC_POINT *point)
345 {
346 if (!point) return;
347
348 if (point->meth->point_finish != 0)
349 point->meth->point_finish(point);
350 OPENSSL_free(point);
351 }
352
353
354void EC_POINT_clear_free(EC_POINT *point)
355 {
356 if (!point) return;
357
358 if (point->meth->point_clear_finish != 0)
359 point->meth->point_clear_finish(point);
360 else if (point->meth != NULL && point->meth->point_finish != 0)
361 point->meth->point_finish(point);
362 OPENSSL_cleanse(point, sizeof *point);
363 OPENSSL_free(point);
364 }
365
366
367int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
368 {
369 if (dest->meth->point_copy == 0)
370 {
371 ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
372 return 0;
373 }
374 if (dest->meth != src->meth)
375 {
376 ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
377 return 0;
378 }
379 if (dest == src)
380 return 1;
381 return dest->meth->point_copy(dest, src);
382 }
383
384
385const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
386 {
387 return point->meth;
388 }
389
390
391int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
392 {
393 if (group->meth->point_set_to_infinity == 0)
394 {
395 ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
396 return 0;
397 }
398 if (group->meth != point->meth)
399 {
400 ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
401 return 0;
402 }
403 return group->meth->point_set_to_infinity(group, point);
404 }
405
406
407int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
408 const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
409 {
410 if (group->meth->point_set_Jprojective_coordinates_GFp == 0)
411 {
412 ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
413 return 0;
414 }
415 if (group->meth != point->meth)
416 {
417 ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
418 return 0;
419 }
420 return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
421 }
422
423
424int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
425 BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
426 {
427 if (group->meth->point_get_Jprojective_coordinates_GFp == 0)
428 {
429 ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
430 return 0;
431 }
432 if (group->meth != point->meth)
433 {
434 ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
435 return 0;
436 }
437 return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
438 }
439
440
441int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
442 const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
443 {
444 if (group->meth->point_set_affine_coordinates_GFp == 0)
445 {
446 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
447 return 0;
448 }
449 if (group->meth != point->meth)
450 {
451 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
452 return 0;
453 }
454 return group->meth->point_set_affine_coordinates_GFp(group, point, x, y, ctx);
455 }
456
457
458int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
459 BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
460 {
461 if (group->meth->point_get_affine_coordinates_GFp == 0)
462 {
463 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
464 return 0;
465 }
466 if (group->meth != point->meth)
467 {
468 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
469 return 0;
470 }
471 return group->meth->point_get_affine_coordinates_GFp(group, point, x, y, ctx);
472 }
473
474
475int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
476 const BIGNUM *x, int y_bit, BN_CTX *ctx)
477 {
478 if (group->meth->point_set_compressed_coordinates_GFp == 0)
479 {
480 ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
481 return 0;
482 }
483 if (group->meth != point->meth)
484 {
485 ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
486 return 0;
487 }
488 return group->meth->point_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx);
489 }
490
491
492size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
493 unsigned char *buf, size_t len, BN_CTX *ctx)
494 {
495 if (group->meth->point2oct == 0)
496 {
497 ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
498 return 0;
499 }
500 if (group->meth != point->meth)
501 {
502 ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
503 return 0;
504 }
505 return group->meth->point2oct(group, point, form, buf, len, ctx);
506 }
507
508
509int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
510 const unsigned char *buf, size_t len, BN_CTX *ctx)
511 {
512 if (group->meth->oct2point == 0)
513 {
514 ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
515 return 0;
516 }
517 if (group->meth != point->meth)
518 {
519 ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
520 return 0;
521 }
522 return group->meth->oct2point(group, point, buf, len, ctx);
523 }
524
525
526int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
527 {
528 if (group->meth->add == 0)
529 {
530 ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
531 return 0;
532 }
533 if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth))
534 {
535 ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
536 return 0;
537 }
538 return group->meth->add(group, r, a, b, ctx);
539 }
540
541
542int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
543 {
544 if (group->meth->dbl == 0)
545 {
546 ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
547 return 0;
548 }
549 if ((group->meth != r->meth) || (r->meth != a->meth))
550 {
551 ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
552 return 0;
553 }
554 return group->meth->dbl(group, r, a, ctx);
555 }
556
557
558int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
559 {
560 if (group->meth->dbl == 0)
561 {
562 ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
563 return 0;
564 }
565 if (group->meth != a->meth)
566 {
567 ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
568 return 0;
569 }
570 return group->meth->invert(group, a, ctx);
571 }
572
573
574int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
575 {
576 if (group->meth->is_at_infinity == 0)
577 {
578 ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
579 return 0;
580 }
581 if (group->meth != point->meth)
582 {
583 ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
584 return 0;
585 }
586 return group->meth->is_at_infinity(group, point);
587 }
588
589
590int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
591 {
592 if (group->meth->is_on_curve == 0)
593 {
594 ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
595 return 0;
596 }
597 if (group->meth != point->meth)
598 {
599 ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
600 return 0;
601 }
602 return group->meth->is_on_curve(group, point, ctx);
603 }
604
605
606int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
607 {
608 if (group->meth->point_cmp == 0)
609 {
610 ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
611 return 0;
612 }
613 if ((group->meth != a->meth) || (a->meth != b->meth))
614 {
615 ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
616 return 0;
617 }
618 return group->meth->point_cmp(group, a, b, ctx);
619 }
620
621
622int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
623 {
624 if (group->meth->make_affine == 0)
625 {
626 ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
627 return 0;
628 }
629 if (group->meth != point->meth)
630 {
631 ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
632 return 0;
633 }
634 return group->meth->make_affine(group, point, ctx);
635 }
636
637
638int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
639 {
640 size_t i;
641
642 if (group->meth->points_make_affine == 0)
643 {
644 ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
645 return 0;
646 }
647 for (i = 0; i < num; i++)
648 {
649 if (group->meth != points[i]->meth)
650 {
651 ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
652 return 0;
653 }
654 }
655 return group->meth->points_make_affine(group, num, points, ctx);
656 }
diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c
deleted file mode 100644
index 16822a73cf..0000000000
--- a/src/lib/libcrypto/ec/ec_mult.c
+++ /dev/null
@@ -1,485 +0,0 @@
1/* crypto/ec/ec_mult.c */
2/* ====================================================================
3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/err.h>
57
58#include "ec_lcl.h"
59
60
61/* TODO: optional precomputation of multiples of the generator */
62
63
64
65/*
66 * wNAF-based interleaving multi-exponentation method
67 * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>)
68 */
69
70
71/* Determine the width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
72 * This is an array r[] of values that are either zero or odd with an
73 * absolute value less than 2^w satisfying
74 * scalar = \sum_j r[j]*2^j
75 * where at most one of any w+1 consecutive digits is non-zero.
76 */
77static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, BN_CTX *ctx)
78 {
79 BIGNUM *c;
80 int ok = 0;
81 signed char *r = NULL;
82 int sign = 1;
83 int bit, next_bit, mask;
84 size_t len = 0, j;
85
86 BN_CTX_start(ctx);
87 c = BN_CTX_get(ctx);
88 if (c == NULL) goto err;
89
90 if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */
91 {
92 ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
93 goto err;
94 }
95 bit = 1 << w; /* at most 128 */
96 next_bit = bit << 1; /* at most 256 */
97 mask = next_bit - 1; /* at most 255 */
98
99 if (!BN_copy(c, scalar)) goto err;
100 if (c->neg)
101 {
102 sign = -1;
103 c->neg = 0;
104 }
105
106 len = BN_num_bits(c) + 1; /* wNAF may be one digit longer than binary representation */
107 r = OPENSSL_malloc(len);
108 if (r == NULL) goto err;
109
110 j = 0;
111 while (!BN_is_zero(c))
112 {
113 int u = 0;
114
115 if (BN_is_odd(c))
116 {
117 if (c->d == NULL || c->top == 0)
118 {
119 ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
120 goto err;
121 }
122 u = c->d[0] & mask;
123 if (u & bit)
124 {
125 u -= next_bit;
126 /* u < 0 */
127 if (!BN_add_word(c, -u)) goto err;
128 }
129 else
130 {
131 /* u > 0 */
132 if (!BN_sub_word(c, u)) goto err;
133 }
134
135 if (u <= -bit || u >= bit || !(u & 1) || c->neg)
136 {
137 ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
138 goto err;
139 }
140 }
141
142 r[j++] = sign * u;
143
144 if (BN_is_odd(c))
145 {
146 ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
147 goto err;
148 }
149 if (!BN_rshift1(c, c)) goto err;
150 }
151
152 if (j > len)
153 {
154 ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
155 goto err;
156 }
157 len = j;
158 ok = 1;
159
160 err:
161 BN_CTX_end(ctx);
162 if (!ok)
163 {
164 OPENSSL_free(r);
165 r = NULL;
166 }
167 if (ok)
168 *ret_len = len;
169 return r;
170 }
171
172
173/* TODO: table should be optimised for the wNAF-based implementation,
174 * sometimes smaller windows will give better performance
175 * (thus the boundaries should be increased)
176 */
177#define EC_window_bits_for_scalar_size(b) \
178 ((size_t) \
179 ((b) >= 2000 ? 6 : \
180 (b) >= 800 ? 5 : \
181 (b) >= 300 ? 4 : \
182 (b) >= 70 ? 3 : \
183 (b) >= 20 ? 2 : \
184 1))
185
186/* Compute
187 * \sum scalars[i]*points[i],
188 * also including
189 * scalar*generator
190 * in the addition if scalar != NULL
191 */
192int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
193 size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
194 {
195 BN_CTX *new_ctx = NULL;
196 EC_POINT *generator = NULL;
197 EC_POINT *tmp = NULL;
198 size_t totalnum;
199 size_t i, j;
200 int k;
201 int r_is_inverted = 0;
202 int r_is_at_infinity = 1;
203 size_t *wsize = NULL; /* individual window sizes */
204 signed char **wNAF = NULL; /* individual wNAFs */
205 size_t *wNAF_len = NULL;
206 size_t max_len = 0;
207 size_t num_val;
208 EC_POINT **val = NULL; /* precomputation */
209 EC_POINT **v;
210 EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */
211 int ret = 0;
212
213 if (group->meth != r->meth)
214 {
215 ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
216 return 0;
217 }
218
219 if ((scalar == NULL) && (num == 0))
220 {
221 return EC_POINT_set_to_infinity(group, r);
222 }
223
224 if (scalar != NULL)
225 {
226 generator = EC_GROUP_get0_generator(group);
227 if (generator == NULL)
228 {
229 ECerr(EC_F_EC_POINTS_MUL, EC_R_UNDEFINED_GENERATOR);
230 return 0;
231 }
232 }
233
234 for (i = 0; i < num; i++)
235 {
236 if (group->meth != points[i]->meth)
237 {
238 ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
239 return 0;
240 }
241 }
242
243 totalnum = num + (scalar != NULL);
244
245 wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]);
246 wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
247 wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]);
248 if (wNAF != NULL)
249 {
250 wNAF[0] = NULL; /* preliminary pivot */
251 }
252 if (wsize == NULL || wNAF_len == NULL || wNAF == NULL) goto err;
253
254 /* num_val := total number of points to precompute */
255 num_val = 0;
256 for (i = 0; i < totalnum; i++)
257 {
258 size_t bits;
259
260 bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
261 wsize[i] = EC_window_bits_for_scalar_size(bits);
262 num_val += 1u << (wsize[i] - 1);
263 }
264
265 /* all precomputed points go into a single array 'val',
266 * 'val_sub[i]' is a pointer to the subarray for the i-th point */
267 val = OPENSSL_malloc((num_val + 1) * sizeof val[0]);
268 if (val == NULL) goto err;
269 val[num_val] = NULL; /* pivot element */
270
271 val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
272 if (val_sub == NULL) goto err;
273
274 /* allocate points for precomputation */
275 v = val;
276 for (i = 0; i < totalnum; i++)
277 {
278 val_sub[i] = v;
279 for (j = 0; j < (1u << (wsize[i] - 1)); j++)
280 {
281 *v = EC_POINT_new(group);
282 if (*v == NULL) goto err;
283 v++;
284 }
285 }
286 if (!(v == val + num_val))
287 {
288 ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR);
289 goto err;
290 }
291
292 if (ctx == NULL)
293 {
294 ctx = new_ctx = BN_CTX_new();
295 if (ctx == NULL)
296 goto err;
297 }
298
299 tmp = EC_POINT_new(group);
300 if (tmp == NULL) goto err;
301
302 /* prepare precomputed values:
303 * val_sub[i][0] := points[i]
304 * val_sub[i][1] := 3 * points[i]
305 * val_sub[i][2] := 5 * points[i]
306 * ...
307 */
308 for (i = 0; i < totalnum; i++)
309 {
310 if (i < num)
311 {
312 if (!EC_POINT_copy(val_sub[i][0], points[i])) goto err;
313 }
314 else
315 {
316 if (!EC_POINT_copy(val_sub[i][0], generator)) goto err;
317 }
318
319 if (wsize[i] > 1)
320 {
321 if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err;
322 for (j = 1; j < (1u << (wsize[i] - 1)); j++)
323 {
324 if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err;
325 }
326 }
327
328 wNAF[i + 1] = NULL; /* make sure we always have a pivot */
329 wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i], ctx);
330 if (wNAF[i] == NULL) goto err;
331 if (wNAF_len[i] > max_len)
332 max_len = wNAF_len[i];
333 }
334
335#if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */
336 if (!EC_POINTs_make_affine(group, num_val, val, ctx)) goto err;
337#endif
338
339 r_is_at_infinity = 1;
340
341 for (k = max_len - 1; k >= 0; k--)
342 {
343 if (!r_is_at_infinity)
344 {
345 if (!EC_POINT_dbl(group, r, r, ctx)) goto err;
346 }
347
348 for (i = 0; i < totalnum; i++)
349 {
350 if (wNAF_len[i] > (size_t)k)
351 {
352 int digit = wNAF[i][k];
353 int is_neg;
354
355 if (digit)
356 {
357 is_neg = digit < 0;
358
359 if (is_neg)
360 digit = -digit;
361
362 if (is_neg != r_is_inverted)
363 {
364 if (!r_is_at_infinity)
365 {
366 if (!EC_POINT_invert(group, r, ctx)) goto err;
367 }
368 r_is_inverted = !r_is_inverted;
369 }
370
371 /* digit > 0 */
372
373 if (r_is_at_infinity)
374 {
375 if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) goto err;
376 r_is_at_infinity = 0;
377 }
378 else
379 {
380 if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) goto err;
381 }
382 }
383 }
384 }
385 }
386
387 if (r_is_at_infinity)
388 {
389 if (!EC_POINT_set_to_infinity(group, r)) goto err;
390 }
391 else
392 {
393 if (r_is_inverted)
394 if (!EC_POINT_invert(group, r, ctx)) goto err;
395 }
396
397 ret = 1;
398
399 err:
400 if (new_ctx != NULL)
401 BN_CTX_free(new_ctx);
402 if (tmp != NULL)
403 EC_POINT_free(tmp);
404 if (wsize != NULL)
405 OPENSSL_free(wsize);
406 if (wNAF_len != NULL)
407 OPENSSL_free(wNAF_len);
408 if (wNAF != NULL)
409 {
410 signed char **w;
411
412 for (w = wNAF; *w != NULL; w++)
413 OPENSSL_free(*w);
414
415 OPENSSL_free(wNAF);
416 }
417 if (val != NULL)
418 {
419 for (v = val; *v != NULL; v++)
420 EC_POINT_clear_free(*v);
421
422 OPENSSL_free(val);
423 }
424 if (val_sub != NULL)
425 {
426 OPENSSL_free(val_sub);
427 }
428 return ret;
429 }
430
431
432int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
433 {
434 const EC_POINT *points[1];
435 const BIGNUM *scalars[1];
436
437 points[0] = point;
438 scalars[0] = p_scalar;
439
440 return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx);
441 }
442
443
444int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
445 {
446 const EC_POINT *generator;
447 BN_CTX *new_ctx = NULL;
448 BIGNUM *order;
449 int ret = 0;
450
451 generator = EC_GROUP_get0_generator(group);
452 if (generator == NULL)
453 {
454 ECerr(EC_F_EC_GROUP_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
455 return 0;
456 }
457
458 if (ctx == NULL)
459 {
460 ctx = new_ctx = BN_CTX_new();
461 if (ctx == NULL)
462 return 0;
463 }
464
465 BN_CTX_start(ctx);
466 order = BN_CTX_get(ctx);
467 if (order == NULL) goto err;
468
469 if (!EC_GROUP_get_order(group, order, ctx)) return 0;
470 if (BN_is_zero(order))
471 {
472 ECerr(EC_F_EC_GROUP_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
473 goto err;
474 }
475
476 /* TODO */
477
478 ret = 1;
479
480 err:
481 BN_CTX_end(ctx);
482 if (new_ctx != NULL)
483 BN_CTX_free(new_ctx);
484 return ret;
485 }
diff --git a/src/lib/libcrypto/ec/ecp_mont.c b/src/lib/libcrypto/ec/ecp_mont.c
deleted file mode 100644
index 7b30d4c38a..0000000000
--- a/src/lib/libcrypto/ec/ecp_mont.c
+++ /dev/null
@@ -1,304 +0,0 @@
1/* crypto/ec/ecp_mont.c */
2/* ====================================================================
3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/err.h>
57
58#include "ec_lcl.h"
59
60
61const EC_METHOD *EC_GFp_mont_method(void)
62 {
63 static const EC_METHOD ret = {
64 ec_GFp_mont_group_init,
65 ec_GFp_mont_group_finish,
66 ec_GFp_mont_group_clear_finish,
67 ec_GFp_mont_group_copy,
68 ec_GFp_mont_group_set_curve_GFp,
69 ec_GFp_simple_group_get_curve_GFp,
70 ec_GFp_simple_group_set_generator,
71 ec_GFp_simple_group_get0_generator,
72 ec_GFp_simple_group_get_order,
73 ec_GFp_simple_group_get_cofactor,
74 ec_GFp_simple_point_init,
75 ec_GFp_simple_point_finish,
76 ec_GFp_simple_point_clear_finish,
77 ec_GFp_simple_point_copy,
78 ec_GFp_simple_point_set_to_infinity,
79 ec_GFp_simple_set_Jprojective_coordinates_GFp,
80 ec_GFp_simple_get_Jprojective_coordinates_GFp,
81 ec_GFp_simple_point_set_affine_coordinates_GFp,
82 ec_GFp_simple_point_get_affine_coordinates_GFp,
83 ec_GFp_simple_set_compressed_coordinates_GFp,
84 ec_GFp_simple_point2oct,
85 ec_GFp_simple_oct2point,
86 ec_GFp_simple_add,
87 ec_GFp_simple_dbl,
88 ec_GFp_simple_invert,
89 ec_GFp_simple_is_at_infinity,
90 ec_GFp_simple_is_on_curve,
91 ec_GFp_simple_cmp,
92 ec_GFp_simple_make_affine,
93 ec_GFp_simple_points_make_affine,
94 ec_GFp_mont_field_mul,
95 ec_GFp_mont_field_sqr,
96 ec_GFp_mont_field_encode,
97 ec_GFp_mont_field_decode,
98 ec_GFp_mont_field_set_to_one };
99
100 return &ret;
101 }
102
103
104int ec_GFp_mont_group_init(EC_GROUP *group)
105 {
106 int ok;
107
108 ok = ec_GFp_simple_group_init(group);
109 group->field_data1 = NULL;
110 group->field_data2 = NULL;
111 return ok;
112 }
113
114
115int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
116 {
117 BN_CTX *new_ctx = NULL;
118 BN_MONT_CTX *mont = NULL;
119 BIGNUM *one = NULL;
120 int ret = 0;
121
122 if (group->field_data1 != NULL)
123 {
124 BN_MONT_CTX_free(group->field_data1);
125 group->field_data1 = NULL;
126 }
127 if (group->field_data2 != NULL)
128 {
129 BN_free(group->field_data2);
130 group->field_data2 = NULL;
131 }
132
133 if (ctx == NULL)
134 {
135 ctx = new_ctx = BN_CTX_new();
136 if (ctx == NULL)
137 return 0;
138 }
139
140 mont = BN_MONT_CTX_new();
141 if (mont == NULL) goto err;
142 if (!BN_MONT_CTX_set(mont, p, ctx))
143 {
144 ECerr(EC_F_GFP_MONT_GROUP_SET_CURVE_GFP, ERR_R_BN_LIB);
145 goto err;
146 }
147 one = BN_new();
148 if (one == NULL) goto err;
149 if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err;
150
151 group->field_data1 = mont;
152 mont = NULL;
153 group->field_data2 = one;
154 one = NULL;
155
156 ret = ec_GFp_simple_group_set_curve_GFp(group, p, a, b, ctx);
157
158 if (!ret)
159 {
160 BN_MONT_CTX_free(group->field_data1);
161 group->field_data1 = NULL;
162 BN_free(group->field_data2);
163 group->field_data2 = NULL;
164 }
165
166 err:
167 if (new_ctx != NULL)
168 BN_CTX_free(new_ctx);
169 if (mont != NULL)
170 BN_MONT_CTX_free(mont);
171 return ret;
172 }
173
174
175void ec_GFp_mont_group_finish(EC_GROUP *group)
176 {
177 if (group->field_data1 != NULL)
178 {
179 BN_MONT_CTX_free(group->field_data1);
180 group->field_data1 = NULL;
181 }
182 if (group->field_data2 != NULL)
183 {
184 BN_free(group->field_data2);
185 group->field_data2 = NULL;
186 }
187 ec_GFp_simple_group_finish(group);
188 }
189
190
191void ec_GFp_mont_group_clear_finish(EC_GROUP *group)
192 {
193 if (group->field_data1 != NULL)
194 {
195 BN_MONT_CTX_free(group->field_data1);
196 group->field_data1 = NULL;
197 }
198 if (group->field_data2 != NULL)
199 {
200 BN_clear_free(group->field_data2);
201 group->field_data2 = NULL;
202 }
203 ec_GFp_simple_group_clear_finish(group);
204 }
205
206
207int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
208 {
209 if (dest->field_data1 != NULL)
210 {
211 BN_MONT_CTX_free(dest->field_data1);
212 dest->field_data1 = NULL;
213 }
214 if (dest->field_data2 != NULL)
215 {
216 BN_clear_free(dest->field_data2);
217 dest->field_data2 = NULL;
218 }
219
220 if (!ec_GFp_simple_group_copy(dest, src)) return 0;
221
222 if (src->field_data1 != NULL)
223 {
224 dest->field_data1 = BN_MONT_CTX_new();
225 if (dest->field_data1 == NULL) return 0;
226 if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) goto err;
227 }
228 if (src->field_data2 != NULL)
229 {
230 dest->field_data2 = BN_dup(src->field_data2);
231 if (dest->field_data2 == NULL) goto err;
232 }
233
234 return 1;
235
236 err:
237 if (dest->field_data1 != NULL)
238 {
239 BN_MONT_CTX_free(dest->field_data1);
240 dest->field_data1 = NULL;
241 }
242 return 0;
243 }
244
245
246int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
247 {
248 if (group->field_data1 == NULL)
249 {
250 ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);
251 return 0;
252 }
253
254 return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
255 }
256
257
258int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
259 {
260 if (group->field_data1 == NULL)
261 {
262 ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);
263 return 0;
264 }
265
266 return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
267 }
268
269
270int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
271 {
272 if (group->field_data1 == NULL)
273 {
274 ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);
275 return 0;
276 }
277
278 return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx);
279 }
280
281
282int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
283 {
284 if (group->field_data1 == NULL)
285 {
286 ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
287 return 0;
288 }
289
290 return BN_from_montgomery(r, a, group->field_data1, ctx);
291 }
292
293
294int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
295 {
296 if (group->field_data2 == NULL)
297 {
298 ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
299 return 0;
300 }
301
302 if (!BN_copy(r, group->field_data2)) return 0;
303 return 1;
304 }
diff --git a/src/lib/libcrypto/ec/ecp_nist.c b/src/lib/libcrypto/ec/ecp_nist.c
deleted file mode 100644
index ed07748675..0000000000
--- a/src/lib/libcrypto/ec/ecp_nist.c
+++ /dev/null
@@ -1,134 +0,0 @@
1/* crypto/ec/ecp_nist.c */
2/* ====================================================================
3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "ec_lcl.h"
57
58#if 0
59const EC_METHOD *EC_GFp_nist_method(void)
60 {
61 static const EC_METHOD ret = {
62 ec_GFp_nist_group_init,
63 ec_GFp_nist_group_finish,
64 ec_GFp_nist_group_clear_finish,
65 ec_GFp_nist_group_copy,
66 ec_GFp_nist_group_set_curve_GFp,
67 ec_GFp_simple_group_get_curve_GFp,
68 ec_GFp_simple_group_set_generator,
69 ec_GFp_simple_group_get0_generator,
70 ec_GFp_simple_group_get_order,
71 ec_GFp_simple_group_get_cofactor,
72 ec_GFp_simple_point_init,
73 ec_GFp_simple_point_finish,
74 ec_GFp_simple_point_clear_finish,
75 ec_GFp_simple_point_copy,
76 ec_GFp_simple_point_set_to_infinity,
77 ec_GFp_simple_set_Jprojective_coordinates_GFp,
78 ec_GFp_simple_get_Jprojective_coordinates_GFp,
79 ec_GFp_simple_point_set_affine_coordinates_GFp,
80 ec_GFp_simple_point_get_affine_coordinates_GFp,
81 ec_GFp_simple_set_compressed_coordinates_GFp,
82 ec_GFp_simple_point2oct,
83 ec_GFp_simple_oct2point,
84 ec_GFp_simple_add,
85 ec_GFp_simple_dbl,
86 ec_GFp_simple_invert,
87 ec_GFp_simple_is_at_infinity,
88 ec_GFp_simple_is_on_curve,
89 ec_GFp_simple_cmp,
90 ec_GFp_simple_make_affine,
91 ec_GFp_simple_points_make_affine,
92 ec_GFp_nist_field_mul,
93 ec_GFp_nist_field_sqr,
94 0 /* field_encode */,
95 0 /* field_decode */,
96 0 /* field_set_to_one */ };
97
98 return &ret;
99 }
100#endif
101
102
103int ec_GFp_nist_group_init(EC_GROUP *group)
104 {
105 int ok;
106
107 ok = ec_GFp_simple_group_init(group);
108 group->field_data1 = NULL;
109 return ok;
110 }
111
112
113int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
114/* TODO */
115
116
117void ec_GFp_nist_group_finish(EC_GROUP *group);
118/* TODO */
119
120
121void ec_GFp_nist_group_clear_finish(EC_GROUP *group);
122/* TODO */
123
124
125int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
126/* TODO */
127
128
129int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
130/* TODO */
131
132
133int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
134/* TODO */
diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c
deleted file mode 100644
index e9a51fb87a..0000000000
--- a/src/lib/libcrypto/ec/ecp_smpl.c
+++ /dev/null
@@ -1,1717 +0,0 @@
1/* crypto/ec/ecp_smpl.c */
2/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
3 * for the OpenSSL project. */
4/* ====================================================================
5 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * 3. All advertising materials mentioning features or use of this
20 * software must display the following acknowledgment:
21 * "This product includes software developed by the OpenSSL Project
22 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
23 *
24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25 * endorse or promote products derived from this software without
26 * prior written permission. For written permission, please contact
27 * openssl-core@openssl.org.
28 *
29 * 5. Products derived from this software may not be called "OpenSSL"
30 * nor may "OpenSSL" appear in their names without prior written
31 * permission of the OpenSSL Project.
32 *
33 * 6. Redistributions of any form whatsoever must retain the following
34 * acknowledgment:
35 * "This product includes software developed by the OpenSSL Project
36 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
37 *
38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 * OF THE POSSIBILITY OF SUCH DAMAGE.
50 * ====================================================================
51 *
52 * This product includes cryptographic software written by Eric Young
53 * (eay@cryptsoft.com). This product includes software written by Tim
54 * Hudson (tjh@cryptsoft.com).
55 *
56 */
57
58#include <openssl/err.h>
59
60#include "ec_lcl.h"
61
62
63const EC_METHOD *EC_GFp_simple_method(void)
64 {
65 static const EC_METHOD ret = {
66 ec_GFp_simple_group_init,
67 ec_GFp_simple_group_finish,
68 ec_GFp_simple_group_clear_finish,
69 ec_GFp_simple_group_copy,
70 ec_GFp_simple_group_set_curve_GFp,
71 ec_GFp_simple_group_get_curve_GFp,
72 ec_GFp_simple_group_set_generator,
73 ec_GFp_simple_group_get0_generator,
74 ec_GFp_simple_group_get_order,
75 ec_GFp_simple_group_get_cofactor,
76 ec_GFp_simple_point_init,
77 ec_GFp_simple_point_finish,
78 ec_GFp_simple_point_clear_finish,
79 ec_GFp_simple_point_copy,
80 ec_GFp_simple_point_set_to_infinity,
81 ec_GFp_simple_set_Jprojective_coordinates_GFp,
82 ec_GFp_simple_get_Jprojective_coordinates_GFp,
83 ec_GFp_simple_point_set_affine_coordinates_GFp,
84 ec_GFp_simple_point_get_affine_coordinates_GFp,
85 ec_GFp_simple_set_compressed_coordinates_GFp,
86 ec_GFp_simple_point2oct,
87 ec_GFp_simple_oct2point,
88 ec_GFp_simple_add,
89 ec_GFp_simple_dbl,
90 ec_GFp_simple_invert,
91 ec_GFp_simple_is_at_infinity,
92 ec_GFp_simple_is_on_curve,
93 ec_GFp_simple_cmp,
94 ec_GFp_simple_make_affine,
95 ec_GFp_simple_points_make_affine,
96 ec_GFp_simple_field_mul,
97 ec_GFp_simple_field_sqr,
98 0 /* field_encode */,
99 0 /* field_decode */,
100 0 /* field_set_to_one */ };
101
102 return &ret;
103 }
104
105
106int ec_GFp_simple_group_init(EC_GROUP *group)
107 {
108 BN_init(&group->field);
109 BN_init(&group->a);
110 BN_init(&group->b);
111 group->a_is_minus3 = 0;
112 group->generator = NULL;
113 BN_init(&group->order);
114 BN_init(&group->cofactor);
115 return 1;
116 }
117
118
119void ec_GFp_simple_group_finish(EC_GROUP *group)
120 {
121 BN_free(&group->field);
122 BN_free(&group->a);
123 BN_free(&group->b);
124 if (group->generator != NULL)
125 EC_POINT_free(group->generator);
126 BN_free(&group->order);
127 BN_free(&group->cofactor);
128 }
129
130
131void ec_GFp_simple_group_clear_finish(EC_GROUP *group)
132 {
133 BN_clear_free(&group->field);
134 BN_clear_free(&group->a);
135 BN_clear_free(&group->b);
136 if (group->generator != NULL)
137 {
138 EC_POINT_clear_free(group->generator);
139 group->generator = NULL;
140 }
141 BN_clear_free(&group->order);
142 BN_clear_free(&group->cofactor);
143 }
144
145
146int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
147 {
148 if (!BN_copy(&dest->field, &src->field)) return 0;
149 if (!BN_copy(&dest->a, &src->a)) return 0;
150 if (!BN_copy(&dest->b, &src->b)) return 0;
151
152 dest->a_is_minus3 = src->a_is_minus3;
153
154 if (src->generator != NULL)
155 {
156 if (dest->generator == NULL)
157 {
158 dest->generator = EC_POINT_new(dest);
159 if (dest->generator == NULL) return 0;
160 }
161 if (!EC_POINT_copy(dest->generator, src->generator)) return 0;
162 }
163 else
164 {
165 /* src->generator == NULL */
166 if (dest->generator != NULL)
167 {
168 EC_POINT_clear_free(dest->generator);
169 dest->generator = NULL;
170 }
171 }
172
173 if (!BN_copy(&dest->order, &src->order)) return 0;
174 if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0;
175
176 return 1;
177 }
178
179
180int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *group,
181 const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
182 {
183 int ret = 0;
184 BN_CTX *new_ctx = NULL;
185 BIGNUM *tmp_a;
186
187 /* p must be a prime > 3 */
188 if (BN_num_bits(p) <= 2 || !BN_is_odd(p))
189 {
190 ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP, EC_R_INVALID_FIELD);
191 return 0;
192 }
193
194 if (ctx == NULL)
195 {
196 ctx = new_ctx = BN_CTX_new();
197 if (ctx == NULL)
198 return 0;
199 }
200
201 BN_CTX_start(ctx);
202 tmp_a = BN_CTX_get(ctx);
203 if (tmp_a == NULL) goto err;
204
205 /* group->field */
206 if (!BN_copy(&group->field, p)) goto err;
207 group->field.neg = 0;
208
209 /* group->a */
210 if (!BN_nnmod(tmp_a, a, p, ctx)) goto err;
211 if (group->meth->field_encode)
212 { if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) goto err; }
213 else
214 if (!BN_copy(&group->a, tmp_a)) goto err;
215
216 /* group->b */
217 if (!BN_nnmod(&group->b, b, p, ctx)) goto err;
218 if (group->meth->field_encode)
219 if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) goto err;
220
221 /* group->a_is_minus3 */
222 if (!BN_add_word(tmp_a, 3)) goto err;
223 group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field));
224
225 ret = 1;
226
227 err:
228 BN_CTX_end(ctx);
229 if (new_ctx != NULL)
230 BN_CTX_free(new_ctx);
231 return ret;
232 }
233
234
235int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
236 {
237 int ret = 0;
238 BN_CTX *new_ctx = NULL;
239
240 if (p != NULL)
241 {
242 if (!BN_copy(p, &group->field)) return 0;
243 }
244
245 if (a != NULL || b != NULL)
246 {
247 if (group->meth->field_decode)
248 {
249 if (ctx == NULL)
250 {
251 ctx = new_ctx = BN_CTX_new();
252 if (ctx == NULL)
253 return 0;
254 }
255 if (a != NULL)
256 {
257 if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;
258 }
259 if (b != NULL)
260 {
261 if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;
262 }
263 }
264 else
265 {
266 if (a != NULL)
267 {
268 if (!BN_copy(a, &group->a)) goto err;
269 }
270 if (b != NULL)
271 {
272 if (!BN_copy(b, &group->b)) goto err;
273 }
274 }
275 }
276
277 ret = 1;
278
279 err:
280 if (new_ctx)
281 BN_CTX_free(new_ctx);
282 return ret;
283 }
284
285
286
287int ec_GFp_simple_group_set_generator(EC_GROUP *group, const EC_POINT *generator,
288 const BIGNUM *order, const BIGNUM *cofactor)
289 {
290 if (generator == NULL)
291 {
292 ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
293 return 0 ;
294 }
295
296 if (group->generator == NULL)
297 {
298 group->generator = EC_POINT_new(group);
299 if (group->generator == NULL) return 0;
300 }
301 if (!EC_POINT_copy(group->generator, generator)) return 0;
302
303 if (order != NULL)
304 { if (!BN_copy(&group->order, order)) return 0; }
305 else
306 { if (!BN_zero(&group->order)) return 0; }
307
308 if (cofactor != NULL)
309 { if (!BN_copy(&group->cofactor, cofactor)) return 0; }
310 else
311 { if (!BN_zero(&group->cofactor)) return 0; }
312
313 return 1;
314 }
315
316
317EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *group)
318 {
319 return group->generator;
320 }
321
322
323int ec_GFp_simple_group_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
324 {
325 if (!BN_copy(order, &group->order))
326 return 0;
327
328 return !BN_is_zero(&group->order);
329 }
330
331
332int ec_GFp_simple_group_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
333 {
334 if (!BN_copy(cofactor, &group->cofactor))
335 return 0;
336
337 return !BN_is_zero(&group->cofactor);
338 }
339
340
341int ec_GFp_simple_point_init(EC_POINT *point)
342 {
343 BN_init(&point->X);
344 BN_init(&point->Y);
345 BN_init(&point->Z);
346 point->Z_is_one = 0;
347
348 return 1;
349 }
350
351
352void ec_GFp_simple_point_finish(EC_POINT *point)
353 {
354 BN_free(&point->X);
355 BN_free(&point->Y);
356 BN_free(&point->Z);
357 }
358
359
360void ec_GFp_simple_point_clear_finish(EC_POINT *point)
361 {
362 BN_clear_free(&point->X);
363 BN_clear_free(&point->Y);
364 BN_clear_free(&point->Z);
365 point->Z_is_one = 0;
366 }
367
368
369int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
370 {
371 if (!BN_copy(&dest->X, &src->X)) return 0;
372 if (!BN_copy(&dest->Y, &src->Y)) return 0;
373 if (!BN_copy(&dest->Z, &src->Z)) return 0;
374 dest->Z_is_one = src->Z_is_one;
375
376 return 1;
377 }
378
379
380int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
381 {
382 point->Z_is_one = 0;
383 return (BN_zero(&point->Z));
384 }
385
386
387int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
388 const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
389 {
390 BN_CTX *new_ctx = NULL;
391 int ret = 0;
392
393 if (ctx == NULL)
394 {
395 ctx = new_ctx = BN_CTX_new();
396 if (ctx == NULL)
397 return 0;
398 }
399
400 if (x != NULL)
401 {
402 if (!BN_nnmod(&point->X, x, &group->field, ctx)) goto err;
403 if (group->meth->field_encode)
404 {
405 if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) goto err;
406 }
407 }
408
409 if (y != NULL)
410 {
411 if (!BN_nnmod(&point->Y, y, &group->field, ctx)) goto err;
412 if (group->meth->field_encode)
413 {
414 if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) goto err;
415 }
416 }
417
418 if (z != NULL)
419 {
420 int Z_is_one;
421
422 if (!BN_nnmod(&point->Z, z, &group->field, ctx)) goto err;
423 Z_is_one = BN_is_one(&point->Z);
424 if (group->meth->field_encode)
425 {
426 if (Z_is_one && (group->meth->field_set_to_one != 0))
427 {
428 if (!group->meth->field_set_to_one(group, &point->Z, ctx)) goto err;
429 }
430 else
431 {
432 if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) goto err;
433 }
434 }
435 point->Z_is_one = Z_is_one;
436 }
437
438 ret = 1;
439
440 err:
441 if (new_ctx != NULL)
442 BN_CTX_free(new_ctx);
443 return ret;
444 }
445
446
447int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
448 BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
449 {
450 BN_CTX *new_ctx = NULL;
451 int ret = 0;
452
453 if (group->meth->field_decode != 0)
454 {
455 if (ctx == NULL)
456 {
457 ctx = new_ctx = BN_CTX_new();
458 if (ctx == NULL)
459 return 0;
460 }
461
462 if (x != NULL)
463 {
464 if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;
465 }
466 if (y != NULL)
467 {
468 if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;
469 }
470 if (z != NULL)
471 {
472 if (!group->meth->field_decode(group, z, &point->Z, ctx)) goto err;
473 }
474 }
475 else
476 {
477 if (x != NULL)
478 {
479 if (!BN_copy(x, &point->X)) goto err;
480 }
481 if (y != NULL)
482 {
483 if (!BN_copy(y, &point->Y)) goto err;
484 }
485 if (z != NULL)
486 {
487 if (!BN_copy(z, &point->Z)) goto err;
488 }
489 }
490
491 ret = 1;
492
493 err:
494 if (new_ctx != NULL)
495 BN_CTX_free(new_ctx);
496 return ret;
497 }
498
499
500int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
501 const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
502 {
503 if (x == NULL || y == NULL)
504 {
505 /* unlike for projective coordinates, we do not tolerate this */
506 ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_PASSED_NULL_PARAMETER);
507 return 0;
508 }
509
510 return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx);
511 }
512
513
514int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
515 BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
516 {
517 BN_CTX *new_ctx = NULL;
518 BIGNUM *X, *Y, *Z, *Z_1, *Z_2, *Z_3;
519 const BIGNUM *X_, *Y_, *Z_;
520 int ret = 0;
521
522 if (EC_POINT_is_at_infinity(group, point))
523 {
524 ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_POINT_AT_INFINITY);
525 return 0;
526 }
527
528 if (ctx == NULL)
529 {
530 ctx = new_ctx = BN_CTX_new();
531 if (ctx == NULL)
532 return 0;
533 }
534
535 BN_CTX_start(ctx);
536 X = BN_CTX_get(ctx);
537 Y = BN_CTX_get(ctx);
538 Z = BN_CTX_get(ctx);
539 Z_1 = BN_CTX_get(ctx);
540 Z_2 = BN_CTX_get(ctx);
541 Z_3 = BN_CTX_get(ctx);
542 if (Z_3 == NULL) goto err;
543
544 /* transform (X, Y, Z) into (x, y) := (X/Z^2, Y/Z^3) */
545
546 if (group->meth->field_decode)
547 {
548 if (!group->meth->field_decode(group, X, &point->X, ctx)) goto err;
549 if (!group->meth->field_decode(group, Y, &point->Y, ctx)) goto err;
550 if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err;
551 X_ = X; Y_ = Y; Z_ = Z;
552 }
553 else
554 {
555 X_ = &point->X;
556 Y_ = &point->Y;
557 Z_ = &point->Z;
558 }
559
560 if (BN_is_one(Z_))
561 {
562 if (x != NULL)
563 {
564 if (!BN_copy(x, X_)) goto err;
565 }
566 if (y != NULL)
567 {
568 if (!BN_copy(y, Y_)) goto err;
569 }
570 }
571 else
572 {
573 if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx))
574 {
575 ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_BN_LIB);
576 goto err;
577 }
578
579 if (group->meth->field_encode == 0)
580 {
581 /* field_sqr works on standard representation */
582 if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) goto err;
583 }
584 else
585 {
586 if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) goto err;
587 }
588
589 if (x != NULL)
590 {
591 if (group->meth->field_encode == 0)
592 {
593 /* field_mul works on standard representation */
594 if (!group->meth->field_mul(group, x, X_, Z_2, ctx)) goto err;
595 }
596 else
597 {
598 if (!BN_mod_mul(x, X_, Z_2, &group->field, ctx)) goto err;
599 }
600 }
601
602 if (y != NULL)
603 {
604 if (group->meth->field_encode == 0)
605 {
606 /* field_mul works on standard representation */
607 if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err;
608 if (!group->meth->field_mul(group, y, Y_, Z_3, ctx)) goto err;
609
610 }
611 else
612 {
613 if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err;
614 if (!BN_mod_mul(y, Y_, Z_3, &group->field, ctx)) goto err;
615 }
616 }
617 }
618
619 ret = 1;
620
621 err:
622 BN_CTX_end(ctx);
623 if (new_ctx != NULL)
624 BN_CTX_free(new_ctx);
625 return ret;
626 }
627
628
629int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
630 const BIGNUM *x_, int y_bit, BN_CTX *ctx)
631 {
632 BN_CTX *new_ctx = NULL;
633 BIGNUM *tmp1, *tmp2, *x, *y;
634 int ret = 0;
635
636 if (ctx == NULL)
637 {
638 ctx = new_ctx = BN_CTX_new();
639 if (ctx == NULL)
640 return 0;
641 }
642
643 y_bit = (y_bit != 0);
644
645 BN_CTX_start(ctx);
646 tmp1 = BN_CTX_get(ctx);
647 tmp2 = BN_CTX_get(ctx);
648 x = BN_CTX_get(ctx);
649 y = BN_CTX_get(ctx);
650 if (y == NULL) goto err;
651
652 /* Recover y. We have a Weierstrass equation
653 * y^2 = x^3 + a*x + b,
654 * so y is one of the square roots of x^3 + a*x + b.
655 */
656
657 /* tmp1 := x^3 */
658 if (!BN_nnmod(x, x_, &group->field,ctx)) goto err;
659 if (group->meth->field_decode == 0)
660 {
661 /* field_{sqr,mul} work on standard representation */
662 if (!group->meth->field_sqr(group, tmp2, x_, ctx)) goto err;
663 if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) goto err;
664 }
665 else
666 {
667 if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) goto err;
668 if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) goto err;
669 }
670
671 /* tmp1 := tmp1 + a*x */
672 if (group->a_is_minus3)
673 {
674 if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) goto err;
675 if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) goto err;
676 if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
677 }
678 else
679 {
680 if (group->meth->field_decode)
681 {
682 if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) goto err;
683 if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) goto err;
684 }
685 else
686 {
687 /* field_mul works on standard representation */
688 if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) goto err;
689 }
690
691 if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
692 }
693
694 /* tmp1 := tmp1 + b */
695 if (group->meth->field_decode)
696 {
697 if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) goto err;
698 if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
699 }
700 else
701 {
702 if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) goto err;
703 }
704
705 if (!BN_mod_sqrt(y, tmp1, &group->field, ctx))
706 {
707 unsigned long err = ERR_peek_error();
708
709 if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE)
710 {
711 (void)ERR_get_error();
712 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSED_POINT);
713 }
714 else
715 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, ERR_R_BN_LIB);
716 goto err;
717 }
718 /* If tmp1 is not a square (i.e. there is no point on the curve with
719 * our x), then y now is a nonsense value too */
720
721 if (y_bit != BN_is_odd(y))
722 {
723 if (BN_is_zero(y))
724 {
725 int kron;
726
727 kron = BN_kronecker(x, &group->field, ctx);
728 if (kron == -2) goto err;
729
730 if (kron == 1)
731 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSION_BIT);
732 else
733 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSED_POINT);
734 goto err;
735 }
736 if (!BN_usub(y, &group->field, y)) goto err;
737 }
738 if (y_bit != BN_is_odd(y))
739 {
740 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, ERR_R_INTERNAL_ERROR);
741 goto err;
742 }
743
744 if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
745
746 ret = 1;
747
748 err:
749 BN_CTX_end(ctx);
750 if (new_ctx != NULL)
751 BN_CTX_free(new_ctx);
752 return ret;
753 }
754
755
756size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
757 unsigned char *buf, size_t len, BN_CTX *ctx)
758 {
759 size_t ret;
760 BN_CTX *new_ctx = NULL;
761 int used_ctx = 0;
762 BIGNUM *x, *y;
763 size_t field_len, i, skip;
764
765 if ((form != POINT_CONVERSION_COMPRESSED)
766 && (form != POINT_CONVERSION_UNCOMPRESSED)
767 && (form != POINT_CONVERSION_HYBRID))
768 {
769 ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
770 goto err;
771 }
772
773 if (EC_POINT_is_at_infinity(group, point))
774 {
775 /* encodes to a single 0 octet */
776 if (buf != NULL)
777 {
778 if (len < 1)
779 {
780 ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
781 return 0;
782 }
783 buf[0] = 0;
784 }
785 return 1;
786 }
787
788
789 /* ret := required output buffer length */
790 field_len = BN_num_bytes(&group->field);
791 ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
792
793 /* if 'buf' is NULL, just return required length */
794 if (buf != NULL)
795 {
796 if (len < ret)
797 {
798 ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
799 goto err;
800 }
801
802 if (ctx == NULL)
803 {
804 ctx = new_ctx = BN_CTX_new();
805 if (ctx == NULL)
806 return 0;
807 }
808
809 BN_CTX_start(ctx);
810 used_ctx = 1;
811 x = BN_CTX_get(ctx);
812 y = BN_CTX_get(ctx);
813 if (y == NULL) goto err;
814
815 if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
816
817 if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))
818 buf[0] = form + 1;
819 else
820 buf[0] = form;
821
822 i = 1;
823
824 skip = field_len - BN_num_bytes(x);
825 if (skip > field_len)
826 {
827 ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
828 goto err;
829 }
830 while (skip > 0)
831 {
832 buf[i++] = 0;
833 skip--;
834 }
835 skip = BN_bn2bin(x, buf + i);
836 i += skip;
837 if (i != 1 + field_len)
838 {
839 ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
840 goto err;
841 }
842
843 if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)
844 {
845 skip = field_len - BN_num_bytes(y);
846 if (skip > field_len)
847 {
848 ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
849 goto err;
850 }
851 while (skip > 0)
852 {
853 buf[i++] = 0;
854 skip--;
855 }
856 skip = BN_bn2bin(y, buf + i);
857 i += skip;
858 }
859
860 if (i != ret)
861 {
862 ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
863 goto err;
864 }
865 }
866
867 if (used_ctx)
868 BN_CTX_end(ctx);
869 if (new_ctx != NULL)
870 BN_CTX_free(new_ctx);
871 return ret;
872
873 err:
874 if (used_ctx)
875 BN_CTX_end(ctx);
876 if (new_ctx != NULL)
877 BN_CTX_free(new_ctx);
878 return 0;
879 }
880
881
882int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
883 const unsigned char *buf, size_t len, BN_CTX *ctx)
884 {
885 point_conversion_form_t form;
886 int y_bit;
887 BN_CTX *new_ctx = NULL;
888 BIGNUM *x, *y;
889 size_t field_len, enc_len;
890 int ret = 0;
891
892 if (len == 0)
893 {
894 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
895 return 0;
896 }
897 form = buf[0];
898 y_bit = form & 1;
899 form = form & ~1U;
900 if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
901 && (form != POINT_CONVERSION_UNCOMPRESSED)
902 && (form != POINT_CONVERSION_HYBRID))
903 {
904 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
905 return 0;
906 }
907 if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit)
908 {
909 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
910 return 0;
911 }
912
913 if (form == 0)
914 {
915 if (len != 1)
916 {
917 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
918 return 0;
919 }
920
921 return EC_POINT_set_to_infinity(group, point);
922 }
923
924 field_len = BN_num_bytes(&group->field);
925 enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
926
927 if (len != enc_len)
928 {
929 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
930 return 0;
931 }
932
933 if (ctx == NULL)
934 {
935 ctx = new_ctx = BN_CTX_new();
936 if (ctx == NULL)
937 return 0;
938 }
939
940 BN_CTX_start(ctx);
941 x = BN_CTX_get(ctx);
942 y = BN_CTX_get(ctx);
943 if (y == NULL) goto err;
944
945 if (!BN_bin2bn(buf + 1, field_len, x)) goto err;
946 if (BN_ucmp(x, &group->field) >= 0)
947 {
948 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
949 goto err;
950 }
951
952 if (form == POINT_CONVERSION_COMPRESSED)
953 {
954 if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) goto err;
955 }
956 else
957 {
958 if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err;
959 if (BN_ucmp(y, &group->field) >= 0)
960 {
961 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
962 goto err;
963 }
964 if (form == POINT_CONVERSION_HYBRID)
965 {
966 if (y_bit != BN_is_odd(y))
967 {
968 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
969 goto err;
970 }
971 }
972
973 if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
974 }
975
976 if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
977 {
978 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
979 goto err;
980 }
981
982 ret = 1;
983
984 err:
985 BN_CTX_end(ctx);
986 if (new_ctx != NULL)
987 BN_CTX_free(new_ctx);
988 return ret;
989 }
990
991
992int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
993 {
994 int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
995 int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
996 const BIGNUM *p;
997 BN_CTX *new_ctx = NULL;
998 BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;
999 int ret = 0;
1000
1001 if (a == b)
1002 return EC_POINT_dbl(group, r, a, ctx);
1003 if (EC_POINT_is_at_infinity(group, a))
1004 return EC_POINT_copy(r, b);
1005 if (EC_POINT_is_at_infinity(group, b))
1006 return EC_POINT_copy(r, a);
1007
1008 field_mul = group->meth->field_mul;
1009 field_sqr = group->meth->field_sqr;
1010 p = &group->field;
1011
1012 if (ctx == NULL)
1013 {
1014 ctx = new_ctx = BN_CTX_new();
1015 if (ctx == NULL)
1016 return 0;
1017 }
1018
1019 BN_CTX_start(ctx);
1020 n0 = BN_CTX_get(ctx);
1021 n1 = BN_CTX_get(ctx);
1022 n2 = BN_CTX_get(ctx);
1023 n3 = BN_CTX_get(ctx);
1024 n4 = BN_CTX_get(ctx);
1025 n5 = BN_CTX_get(ctx);
1026 n6 = BN_CTX_get(ctx);
1027 if (n6 == NULL) goto end;
1028
1029 /* Note that in this function we must not read components of 'a' or 'b'
1030 * once we have written the corresponding components of 'r'.
1031 * ('r' might be one of 'a' or 'b'.)
1032 */
1033
1034 /* n1, n2 */
1035 if (b->Z_is_one)
1036 {
1037 if (!BN_copy(n1, &a->X)) goto end;
1038 if (!BN_copy(n2, &a->Y)) goto end;
1039 /* n1 = X_a */
1040 /* n2 = Y_a */
1041 }
1042 else
1043 {
1044 if (!field_sqr(group, n0, &b->Z, ctx)) goto end;
1045 if (!field_mul(group, n1, &a->X, n0, ctx)) goto end;
1046 /* n1 = X_a * Z_b^2 */
1047
1048 if (!field_mul(group, n0, n0, &b->Z, ctx)) goto end;
1049 if (!field_mul(group, n2, &a->Y, n0, ctx)) goto end;
1050 /* n2 = Y_a * Z_b^3 */
1051 }
1052
1053 /* n3, n4 */
1054 if (a->Z_is_one)
1055 {
1056 if (!BN_copy(n3, &b->X)) goto end;
1057 if (!BN_copy(n4, &b->Y)) goto end;
1058 /* n3 = X_b */
1059 /* n4 = Y_b */
1060 }
1061 else
1062 {
1063 if (!field_sqr(group, n0, &a->Z, ctx)) goto end;
1064 if (!field_mul(group, n3, &b->X, n0, ctx)) goto end;
1065 /* n3 = X_b * Z_a^2 */
1066
1067 if (!field_mul(group, n0, n0, &a->Z, ctx)) goto end;
1068 if (!field_mul(group, n4, &b->Y, n0, ctx)) goto end;
1069 /* n4 = Y_b * Z_a^3 */
1070 }
1071
1072 /* n5, n6 */
1073 if (!BN_mod_sub_quick(n5, n1, n3, p)) goto end;
1074 if (!BN_mod_sub_quick(n6, n2, n4, p)) goto end;
1075 /* n5 = n1 - n3 */
1076 /* n6 = n2 - n4 */
1077
1078 if (BN_is_zero(n5))
1079 {
1080 if (BN_is_zero(n6))
1081 {
1082 /* a is the same point as b */
1083 BN_CTX_end(ctx);
1084 ret = EC_POINT_dbl(group, r, a, ctx);
1085 ctx = NULL;
1086 goto end;
1087 }
1088 else
1089 {
1090 /* a is the inverse of b */
1091 if (!BN_zero(&r->Z)) goto end;
1092 r->Z_is_one = 0;
1093 ret = 1;
1094 goto end;
1095 }
1096 }
1097
1098 /* 'n7', 'n8' */
1099 if (!BN_mod_add_quick(n1, n1, n3, p)) goto end;
1100 if (!BN_mod_add_quick(n2, n2, n4, p)) goto end;
1101 /* 'n7' = n1 + n3 */
1102 /* 'n8' = n2 + n4 */
1103
1104 /* Z_r */
1105 if (a->Z_is_one && b->Z_is_one)
1106 {
1107 if (!BN_copy(&r->Z, n5)) goto end;
1108 }
1109 else
1110 {
1111 if (a->Z_is_one)
1112 { if (!BN_copy(n0, &b->Z)) goto end; }
1113 else if (b->Z_is_one)
1114 { if (!BN_copy(n0, &a->Z)) goto end; }
1115 else
1116 { if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) goto end; }
1117 if (!field_mul(group, &r->Z, n0, n5, ctx)) goto end;
1118 }
1119 r->Z_is_one = 0;
1120 /* Z_r = Z_a * Z_b * n5 */
1121
1122 /* X_r */
1123 if (!field_sqr(group, n0, n6, ctx)) goto end;
1124 if (!field_sqr(group, n4, n5, ctx)) goto end;
1125 if (!field_mul(group, n3, n1, n4, ctx)) goto end;
1126 if (!BN_mod_sub_quick(&r->X, n0, n3, p)) goto end;
1127 /* X_r = n6^2 - n5^2 * 'n7' */
1128
1129 /* 'n9' */
1130 if (!BN_mod_lshift1_quick(n0, &r->X, p)) goto end;
1131 if (!BN_mod_sub_quick(n0, n3, n0, p)) goto end;
1132 /* n9 = n5^2 * 'n7' - 2 * X_r */
1133
1134 /* Y_r */
1135 if (!field_mul(group, n0, n0, n6, ctx)) goto end;
1136 if (!field_mul(group, n5, n4, n5, ctx)) goto end; /* now n5 is n5^3 */
1137 if (!field_mul(group, n1, n2, n5, ctx)) goto end;
1138 if (!BN_mod_sub_quick(n0, n0, n1, p)) goto end;
1139 if (BN_is_odd(n0))
1140 if (!BN_add(n0, n0, p)) goto end;
1141 /* now 0 <= n0 < 2*p, and n0 is even */
1142 if (!BN_rshift1(&r->Y, n0)) goto end;
1143 /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */
1144
1145 ret = 1;
1146
1147 end:
1148 if (ctx) /* otherwise we already called BN_CTX_end */
1149 BN_CTX_end(ctx);
1150 if (new_ctx != NULL)
1151 BN_CTX_free(new_ctx);
1152 return ret;
1153 }
1154
1155
1156int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
1157 {
1158 int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
1159 int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
1160 const BIGNUM *p;
1161 BN_CTX *new_ctx = NULL;
1162 BIGNUM *n0, *n1, *n2, *n3;
1163 int ret = 0;
1164
1165 if (EC_POINT_is_at_infinity(group, a))
1166 {
1167 if (!BN_zero(&r->Z)) return 0;
1168 r->Z_is_one = 0;
1169 return 1;
1170 }
1171
1172 field_mul = group->meth->field_mul;
1173 field_sqr = group->meth->field_sqr;
1174 p = &group->field;
1175
1176 if (ctx == NULL)
1177 {
1178 ctx = new_ctx = BN_CTX_new();
1179 if (ctx == NULL)
1180 return 0;
1181 }
1182
1183 BN_CTX_start(ctx);
1184 n0 = BN_CTX_get(ctx);
1185 n1 = BN_CTX_get(ctx);
1186 n2 = BN_CTX_get(ctx);
1187 n3 = BN_CTX_get(ctx);
1188 if (n3 == NULL) goto err;
1189
1190 /* Note that in this function we must not read components of 'a'
1191 * once we have written the corresponding components of 'r'.
1192 * ('r' might the same as 'a'.)
1193 */
1194
1195 /* n1 */
1196 if (a->Z_is_one)
1197 {
1198 if (!field_sqr(group, n0, &a->X, ctx)) goto err;
1199 if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;
1200 if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;
1201 if (!BN_mod_add_quick(n1, n0, &group->a, p)) goto err;
1202 /* n1 = 3 * X_a^2 + a_curve */
1203 }
1204 else if (group->a_is_minus3)
1205 {
1206 if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
1207 if (!BN_mod_add_quick(n0, &a->X, n1, p)) goto err;
1208 if (!BN_mod_sub_quick(n2, &a->X, n1, p)) goto err;
1209 if (!field_mul(group, n1, n0, n2, ctx)) goto err;
1210 if (!BN_mod_lshift1_quick(n0, n1, p)) goto err;
1211 if (!BN_mod_add_quick(n1, n0, n1, p)) goto err;
1212 /* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
1213 * = 3 * X_a^2 - 3 * Z_a^4 */
1214 }
1215 else
1216 {
1217 if (!field_sqr(group, n0, &a->X, ctx)) goto err;
1218 if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;
1219 if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;
1220 if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
1221 if (!field_sqr(group, n1, n1, ctx)) goto err;
1222 if (!field_mul(group, n1, n1, &group->a, ctx)) goto err;
1223 if (!BN_mod_add_quick(n1, n1, n0, p)) goto err;
1224 /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */
1225 }
1226
1227 /* Z_r */
1228 if (a->Z_is_one)
1229 {
1230 if (!BN_copy(n0, &a->Y)) goto err;
1231 }
1232 else
1233 {
1234 if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) goto err;
1235 }
1236 if (!BN_mod_lshift1_quick(&r->Z, n0, p)) goto err;
1237 r->Z_is_one = 0;
1238 /* Z_r = 2 * Y_a * Z_a */
1239
1240 /* n2 */
1241 if (!field_sqr(group, n3, &a->Y, ctx)) goto err;
1242 if (!field_mul(group, n2, &a->X, n3, ctx)) goto err;
1243 if (!BN_mod_lshift_quick(n2, n2, 2, p)) goto err;
1244 /* n2 = 4 * X_a * Y_a^2 */
1245
1246 /* X_r */
1247 if (!BN_mod_lshift1_quick(n0, n2, p)) goto err;
1248 if (!field_sqr(group, &r->X, n1, ctx)) goto err;
1249 if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) goto err;
1250 /* X_r = n1^2 - 2 * n2 */
1251
1252 /* n3 */
1253 if (!field_sqr(group, n0, n3, ctx)) goto err;
1254 if (!BN_mod_lshift_quick(n3, n0, 3, p)) goto err;
1255 /* n3 = 8 * Y_a^4 */
1256
1257 /* Y_r */
1258 if (!BN_mod_sub_quick(n0, n2, &r->X, p)) goto err;
1259 if (!field_mul(group, n0, n1, n0, ctx)) goto err;
1260 if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) goto err;
1261 /* Y_r = n1 * (n2 - X_r) - n3 */
1262
1263 ret = 1;
1264
1265 err:
1266 BN_CTX_end(ctx);
1267 if (new_ctx != NULL)
1268 BN_CTX_free(new_ctx);
1269 return ret;
1270 }
1271
1272
1273int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
1274 {
1275 if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
1276 /* point is its own inverse */
1277 return 1;
1278
1279 return BN_usub(&point->Y, &group->field, &point->Y);
1280 }
1281
1282
1283int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
1284 {
1285 return BN_is_zero(&point->Z);
1286 }
1287
1288
1289int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
1290 {
1291 int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
1292 int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
1293 const BIGNUM *p;
1294 BN_CTX *new_ctx = NULL;
1295 BIGNUM *rh, *tmp1, *tmp2, *Z4, *Z6;
1296 int ret = -1;
1297
1298 if (EC_POINT_is_at_infinity(group, point))
1299 return 1;
1300
1301 field_mul = group->meth->field_mul;
1302 field_sqr = group->meth->field_sqr;
1303 p = &group->field;
1304
1305 if (ctx == NULL)
1306 {
1307 ctx = new_ctx = BN_CTX_new();
1308 if (ctx == NULL)
1309 return -1;
1310 }
1311
1312 BN_CTX_start(ctx);
1313 rh = BN_CTX_get(ctx);
1314 tmp1 = BN_CTX_get(ctx);
1315 tmp2 = BN_CTX_get(ctx);
1316 Z4 = BN_CTX_get(ctx);
1317 Z6 = BN_CTX_get(ctx);
1318 if (Z6 == NULL) goto err;
1319
1320 /* We have a curve defined by a Weierstrass equation
1321 * y^2 = x^3 + a*x + b.
1322 * The point to consider is given in Jacobian projective coordinates
1323 * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3).
1324 * Substituting this and multiplying by Z^6 transforms the above equation into
1325 * Y^2 = X^3 + a*X*Z^4 + b*Z^6.
1326 * To test this, we add up the right-hand side in 'rh'.
1327 */
1328
1329 /* rh := X^3 */
1330 if (!field_sqr(group, rh, &point->X, ctx)) goto err;
1331 if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
1332
1333 if (!point->Z_is_one)
1334 {
1335 if (!field_sqr(group, tmp1, &point->Z, ctx)) goto err;
1336 if (!field_sqr(group, Z4, tmp1, ctx)) goto err;
1337 if (!field_mul(group, Z6, Z4, tmp1, ctx)) goto err;
1338
1339 /* rh := rh + a*X*Z^4 */
1340 if (!field_mul(group, tmp1, &point->X, Z4, ctx)) goto err;
1341 if (group->a_is_minus3)
1342 {
1343 if (!BN_mod_lshift1_quick(tmp2, tmp1, p)) goto err;
1344 if (!BN_mod_add_quick(tmp2, tmp2, tmp1, p)) goto err;
1345 if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err;
1346 }
1347 else
1348 {
1349 if (!field_mul(group, tmp2, tmp1, &group->a, ctx)) goto err;
1350 if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err;
1351 }
1352
1353 /* rh := rh + b*Z^6 */
1354 if (!field_mul(group, tmp1, &group->b, Z6, ctx)) goto err;
1355 if (!BN_mod_add_quick(rh, rh, tmp1, p)) goto err;
1356 }
1357 else
1358 {
1359 /* point->Z_is_one */
1360
1361 /* rh := rh + a*X */
1362 if (group->a_is_minus3)
1363 {
1364 if (!BN_mod_lshift1_quick(tmp2, &point->X, p)) goto err;
1365 if (!BN_mod_add_quick(tmp2, tmp2, &point->X, p)) goto err;
1366 if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err;
1367 }
1368 else
1369 {
1370 if (!field_mul(group, tmp2, &point->X, &group->a, ctx)) goto err;
1371 if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err;
1372 }
1373
1374 /* rh := rh + b */
1375 if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err;
1376 }
1377
1378 /* 'lh' := Y^2 */
1379 if (!field_sqr(group, tmp1, &point->Y, ctx)) goto err;
1380
1381 ret = (0 == BN_cmp(tmp1, rh));
1382
1383 err:
1384 BN_CTX_end(ctx);
1385 if (new_ctx != NULL)
1386 BN_CTX_free(new_ctx);
1387 return ret;
1388 }
1389
1390
1391int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
1392 {
1393 /* return values:
1394 * -1 error
1395 * 0 equal (in affine coordinates)
1396 * 1 not equal
1397 */
1398
1399 int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
1400 int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
1401 BN_CTX *new_ctx = NULL;
1402 BIGNUM *tmp1, *tmp2, *Za23, *Zb23;
1403 const BIGNUM *tmp1_, *tmp2_;
1404 int ret = -1;
1405
1406 if (EC_POINT_is_at_infinity(group, a))
1407 {
1408 return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
1409 }
1410
1411 if (a->Z_is_one && b->Z_is_one)
1412 {
1413 return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
1414 }
1415
1416 field_mul = group->meth->field_mul;
1417 field_sqr = group->meth->field_sqr;
1418
1419 if (ctx == NULL)
1420 {
1421 ctx = new_ctx = BN_CTX_new();
1422 if (ctx == NULL)
1423 return -1;
1424 }
1425
1426 BN_CTX_start(ctx);
1427 tmp1 = BN_CTX_get(ctx);
1428 tmp2 = BN_CTX_get(ctx);
1429 Za23 = BN_CTX_get(ctx);
1430 Zb23 = BN_CTX_get(ctx);
1431 if (Zb23 == NULL) goto end;
1432
1433 /* We have to decide whether
1434 * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
1435 * or equivalently, whether
1436 * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).
1437 */
1438
1439 if (!b->Z_is_one)
1440 {
1441 if (!field_sqr(group, Zb23, &b->Z, ctx)) goto end;
1442 if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) goto end;
1443 tmp1_ = tmp1;
1444 }
1445 else
1446 tmp1_ = &a->X;
1447 if (!a->Z_is_one)
1448 {
1449 if (!field_sqr(group, Za23, &a->Z, ctx)) goto end;
1450 if (!field_mul(group, tmp2, &b->X, Za23, ctx)) goto end;
1451 tmp2_ = tmp2;
1452 }
1453 else
1454 tmp2_ = &b->X;
1455
1456 /* compare X_a*Z_b^2 with X_b*Z_a^2 */
1457 if (BN_cmp(tmp1_, tmp2_) != 0)
1458 {
1459 ret = 1; /* points differ */
1460 goto end;
1461 }
1462
1463
1464 if (!b->Z_is_one)
1465 {
1466 if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) goto end;
1467 if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) goto end;
1468 /* tmp1_ = tmp1 */
1469 }
1470 else
1471 tmp1_ = &a->Y;
1472 if (!a->Z_is_one)
1473 {
1474 if (!field_mul(group, Za23, Za23, &a->Z, ctx)) goto end;
1475 if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) goto end;
1476 /* tmp2_ = tmp2 */
1477 }
1478 else
1479 tmp2_ = &b->Y;
1480
1481 /* compare Y_a*Z_b^3 with Y_b*Z_a^3 */
1482 if (BN_cmp(tmp1_, tmp2_) != 0)
1483 {
1484 ret = 1; /* points differ */
1485 goto end;
1486 }
1487
1488 /* points are equal */
1489 ret = 0;
1490
1491 end:
1492 BN_CTX_end(ctx);
1493 if (new_ctx != NULL)
1494 BN_CTX_free(new_ctx);
1495 return ret;
1496 }
1497
1498
1499int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
1500 {
1501 BN_CTX *new_ctx = NULL;
1502 BIGNUM *x, *y;
1503 int ret = 0;
1504
1505 if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
1506 return 1;
1507
1508 if (ctx == NULL)
1509 {
1510 ctx = new_ctx = BN_CTX_new();
1511 if (ctx == NULL)
1512 return 0;
1513 }
1514
1515 BN_CTX_start(ctx);
1516 x = BN_CTX_get(ctx);
1517 y = BN_CTX_get(ctx);
1518 if (y == NULL) goto err;
1519
1520 if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
1521 if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
1522 if (!point->Z_is_one)
1523 {
1524 ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
1525 goto err;
1526 }
1527
1528 ret = 1;
1529
1530 err:
1531 BN_CTX_end(ctx);
1532 if (new_ctx != NULL)
1533 BN_CTX_free(new_ctx);
1534 return ret;
1535 }
1536
1537
1538int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
1539 {
1540 BN_CTX *new_ctx = NULL;
1541 BIGNUM *tmp0, *tmp1;
1542 size_t pow2 = 0;
1543 BIGNUM **heap = NULL;
1544 size_t i;
1545 int ret = 0;
1546
1547 if (num == 0)
1548 return 1;
1549
1550 if (ctx == NULL)
1551 {
1552 ctx = new_ctx = BN_CTX_new();
1553 if (ctx == NULL)
1554 return 0;
1555 }
1556
1557 BN_CTX_start(ctx);
1558 tmp0 = BN_CTX_get(ctx);
1559 tmp1 = BN_CTX_get(ctx);
1560 if (tmp0 == NULL || tmp1 == NULL) goto err;
1561
1562 /* Before converting the individual points, compute inverses of all Z values.
1563 * Modular inversion is rather slow, but luckily we can do with a single
1564 * explicit inversion, plus about 3 multiplications per input value.
1565 */
1566
1567 pow2 = 1;
1568 while (num > pow2)
1569 pow2 <<= 1;
1570 /* Now pow2 is the smallest power of 2 satifsying pow2 >= num.
1571 * We need twice that. */
1572 pow2 <<= 1;
1573
1574 heap = OPENSSL_malloc(pow2 * sizeof heap[0]);
1575 if (heap == NULL) goto err;
1576
1577 /* The array is used as a binary tree, exactly as in heapsort:
1578 *
1579 * heap[1]
1580 * heap[2] heap[3]
1581 * heap[4] heap[5] heap[6] heap[7]
1582 * heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15]
1583 *
1584 * We put the Z's in the last line;
1585 * then we set each other node to the product of its two child-nodes (where
1586 * empty or 0 entries are treated as ones);
1587 * then we invert heap[1];
1588 * then we invert each other node by replacing it by the product of its
1589 * parent (after inversion) and its sibling (before inversion).
1590 */
1591 heap[0] = NULL;
1592 for (i = pow2/2 - 1; i > 0; i--)
1593 heap[i] = NULL;
1594 for (i = 0; i < num; i++)
1595 heap[pow2/2 + i] = &points[i]->Z;
1596 for (i = pow2/2 + num; i < pow2; i++)
1597 heap[i] = NULL;
1598
1599 /* set each node to the product of its children */
1600 for (i = pow2/2 - 1; i > 0; i--)
1601 {
1602 heap[i] = BN_new();
1603 if (heap[i] == NULL) goto err;
1604
1605 if (heap[2*i] != NULL)
1606 {
1607 if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1]))
1608 {
1609 if (!BN_copy(heap[i], heap[2*i])) goto err;
1610 }
1611 else
1612 {
1613 if (BN_is_zero(heap[2*i]))
1614 {
1615 if (!BN_copy(heap[i], heap[2*i + 1])) goto err;
1616 }
1617 else
1618 {
1619 if (!group->meth->field_mul(group, heap[i],
1620 heap[2*i], heap[2*i + 1], ctx)) goto err;
1621 }
1622 }
1623 }
1624 }
1625
1626 /* invert heap[1] */
1627 if (!BN_is_zero(heap[1]))
1628 {
1629 if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx))
1630 {
1631 ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
1632 goto err;
1633 }
1634 }
1635 if (group->meth->field_encode != 0)
1636 {
1637 /* in the Montgomery case, we just turned R*H (representing H)
1638 * into 1/(R*H), but we need R*(1/H) (representing 1/H);
1639 * i.e. we have need to multiply by the Montgomery factor twice */
1640 if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
1641 if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
1642 }
1643
1644 /* set other heap[i]'s to their inverses */
1645 for (i = 2; i < pow2/2 + num; i += 2)
1646 {
1647 /* i is even */
1648 if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1]))
1649 {
1650 if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err;
1651 if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err;
1652 if (!BN_copy(heap[i], tmp0)) goto err;
1653 if (!BN_copy(heap[i + 1], tmp1)) goto err;
1654 }
1655 else
1656 {
1657 if (!BN_copy(heap[i], heap[i/2])) goto err;
1658 }
1659 }
1660
1661 /* we have replaced all non-zero Z's by their inverses, now fix up all the points */
1662 for (i = 0; i < num; i++)
1663 {
1664 EC_POINT *p = points[i];
1665
1666 if (!BN_is_zero(&p->Z))
1667 {
1668 /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */
1669
1670 if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err;
1671 if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err;
1672
1673 if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err;
1674 if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err;
1675
1676 if (group->meth->field_set_to_one != 0)
1677 {
1678 if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err;
1679 }
1680 else
1681 {
1682 if (!BN_one(&p->Z)) goto err;
1683 }
1684 p->Z_is_one = 1;
1685 }
1686 }
1687
1688 ret = 1;
1689
1690 err:
1691 BN_CTX_end(ctx);
1692 if (new_ctx != NULL)
1693 BN_CTX_free(new_ctx);
1694 if (heap != NULL)
1695 {
1696 /* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */
1697 for (i = pow2/2 - 1; i > 0; i--)
1698 {
1699 if (heap[i] != NULL)
1700 BN_clear_free(heap[i]);
1701 }
1702 OPENSSL_free(heap);
1703 }
1704 return ret;
1705 }
1706
1707
1708int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
1709 {
1710 return BN_mod_mul(r, a, b, &group->field, ctx);
1711 }
1712
1713
1714int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
1715 {
1716 return BN_mod_sqr(r, a, &group->field, ctx);
1717 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 14:44:59 +0000