summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ec
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/ec')
-rw-r--r--src/lib/libcrypto/ec/ec2_mult.c4
-rw-r--r--src/lib/libcrypto/ec/ec2_oct.c38
-rw-r--r--src/lib/libcrypto/ec/ec2_smpl.c12
-rw-r--r--src/lib/libcrypto/ec/ec_ameth.c44
-rw-r--r--src/lib/libcrypto/ec/ec_asn1.c220
-rw-r--r--src/lib/libcrypto/ec/ec_check.c14
-rw-r--r--src/lib/libcrypto/ec/ec_curve.c26
-rw-r--r--src/lib/libcrypto/ec/ec_err.c142
-rw-r--r--src/lib/libcrypto/ec/ec_key.c32
-rw-r--r--src/lib/libcrypto/ec/ec_lib.c98
-rw-r--r--src/lib/libcrypto/ec/ec_mult.c60
-rw-r--r--src/lib/libcrypto/ec/ec_oct.c24
-rw-r--r--src/lib/libcrypto/ec/ec_pmeth.c16
-rw-r--r--src/lib/libcrypto/ec/eck_prn.c10
-rw-r--r--src/lib/libcrypto/ec/ecp_mont.c14
-rw-r--r--src/lib/libcrypto/ec/ecp_nist.c8
-rw-r--r--src/lib/libcrypto/ec/ecp_nistp224.c30
-rw-r--r--src/lib/libcrypto/ec/ecp_nistp256.c30
-rw-r--r--src/lib/libcrypto/ec/ecp_nistp521.c28
-rw-r--r--src/lib/libcrypto/ec/ecp_nistz256.c43
-rw-r--r--src/lib/libcrypto/ec/ecp_oct.c44
-rw-r--r--src/lib/libcrypto/ec/ecp_smpl.c16
22 files changed, 391 insertions, 562 deletions
diff --git a/src/lib/libcrypto/ec/ec2_mult.c b/src/lib/libcrypto/ec/ec2_mult.c
index 3812611702..1c8bb18076 100644
--- a/src/lib/libcrypto/ec/ec2_mult.c
+++ b/src/lib/libcrypto/ec/ec2_mult.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec2_mult.c,v 1.8 2016/03/12 21:44:11 bcook Exp $ */ 1/* $OpenBSD: ec2_mult.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
4 * 4 *
@@ -267,7 +267,7 @@ ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
267 BN_ULONG mask, word; 267 BN_ULONG mask, word;
268 268
269 if (r == point) { 269 if (r == point) {
270 ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT); 270 ECerror(EC_R_INVALID_ARGUMENT);
271 return 0; 271 return 0;
272 } 272 }
273 /* if result should be point at infinity */ 273 /* if result should be point at infinity */
diff --git a/src/lib/libcrypto/ec/ec2_oct.c b/src/lib/libcrypto/ec/ec2_oct.c
index 72690b1bc7..f434d726d2 100644
--- a/src/lib/libcrypto/ec/ec2_oct.c
+++ b/src/lib/libcrypto/ec/ec2_oct.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec2_oct.c,v 1.7 2015/02/09 15:49:22 jsing Exp $ */ 1/* $OpenBSD: ec2_oct.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
4 * 4 *
@@ -138,9 +138,9 @@ ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point
138 if (ERR_GET_LIB(err) == ERR_LIB_BN && 138 if (ERR_GET_LIB(err) == ERR_LIB_BN &&
139 ERR_GET_REASON(err) == BN_R_NO_SOLUTION) { 139 ERR_GET_REASON(err) == BN_R_NO_SOLUTION) {
140 ERR_clear_error(); 140 ERR_clear_error();
141 ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); 141 ECerror(EC_R_INVALID_COMPRESSED_POINT);
142 } else 142 } else
143 ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB); 143 ECerror(ERR_R_BN_LIB);
144 goto err; 144 goto err;
145 } 145 }
146 z0 = (BN_is_odd(z)) ? 1 : 0; 146 z0 = (BN_is_odd(z)) ? 1 : 0;
@@ -182,14 +182,14 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
182 if ((form != POINT_CONVERSION_COMPRESSED) 182 if ((form != POINT_CONVERSION_COMPRESSED)
183 && (form != POINT_CONVERSION_UNCOMPRESSED) 183 && (form != POINT_CONVERSION_UNCOMPRESSED)
184 && (form != POINT_CONVERSION_HYBRID)) { 184 && (form != POINT_CONVERSION_HYBRID)) {
185 ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM); 185 ECerror(EC_R_INVALID_FORM);
186 goto err; 186 goto err;
187 } 187 }
188 if (EC_POINT_is_at_infinity(group, point) > 0) { 188 if (EC_POINT_is_at_infinity(group, point) > 0) {
189 /* encodes to a single 0 octet */ 189 /* encodes to a single 0 octet */
190 if (buf != NULL) { 190 if (buf != NULL) {
191 if (len < 1) { 191 if (len < 1) {
192 ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); 192 ECerror(EC_R_BUFFER_TOO_SMALL);
193 return 0; 193 return 0;
194 } 194 }
195 buf[0] = 0; 195 buf[0] = 0;
@@ -204,7 +204,7 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
204 /* if 'buf' is NULL, just return required length */ 204 /* if 'buf' is NULL, just return required length */
205 if (buf != NULL) { 205 if (buf != NULL) {
206 if (len < ret) { 206 if (len < ret) {
207 ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); 207 ECerror(EC_R_BUFFER_TOO_SMALL);
208 goto err; 208 goto err;
209 } 209 }
210 if (ctx == NULL) { 210 if (ctx == NULL) {
@@ -235,7 +235,7 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
235 235
236 skip = field_len - BN_num_bytes(x); 236 skip = field_len - BN_num_bytes(x);
237 if (skip > field_len) { 237 if (skip > field_len) {
238 ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); 238 ECerror(ERR_R_INTERNAL_ERROR);
239 goto err; 239 goto err;
240 } 240 }
241 while (skip > 0) { 241 while (skip > 0) {
@@ -245,14 +245,14 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
245 skip = BN_bn2bin(x, buf + i); 245 skip = BN_bn2bin(x, buf + i);
246 i += skip; 246 i += skip;
247 if (i != 1 + field_len) { 247 if (i != 1 + field_len) {
248 ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); 248 ECerror(ERR_R_INTERNAL_ERROR);
249 goto err; 249 goto err;
250 } 250 }
251 if (form == POINT_CONVERSION_UNCOMPRESSED || 251 if (form == POINT_CONVERSION_UNCOMPRESSED ||
252 form == POINT_CONVERSION_HYBRID) { 252 form == POINT_CONVERSION_HYBRID) {
253 skip = field_len - BN_num_bytes(y); 253 skip = field_len - BN_num_bytes(y);
254 if (skip > field_len) { 254 if (skip > field_len) {
255 ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); 255 ECerror(ERR_R_INTERNAL_ERROR);
256 goto err; 256 goto err;
257 } 257 }
258 while (skip > 0) { 258 while (skip > 0) {
@@ -263,7 +263,7 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
263 i += skip; 263 i += skip;
264 } 264 }
265 if (i != ret) { 265 if (i != ret) {
266 ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); 266 ECerror(ERR_R_INTERNAL_ERROR);
267 goto err; 267 goto err;
268 } 268 }
269 } 269 }
@@ -295,7 +295,7 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
295 int ret = 0; 295 int ret = 0;
296 296
297 if (len == 0) { 297 if (len == 0) {
298 ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); 298 ECerror(EC_R_BUFFER_TOO_SMALL);
299 return 0; 299 return 0;
300 } 300 }
301 form = buf[0]; 301 form = buf[0];
@@ -304,16 +304,16 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
304 if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) && 304 if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) &&
305 (form != POINT_CONVERSION_UNCOMPRESSED) && 305 (form != POINT_CONVERSION_UNCOMPRESSED) &&
306 (form != POINT_CONVERSION_HYBRID)) { 306 (form != POINT_CONVERSION_HYBRID)) {
307 ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); 307 ECerror(EC_R_INVALID_ENCODING);
308 return 0; 308 return 0;
309 } 309 }
310 if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) { 310 if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
311 ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); 311 ECerror(EC_R_INVALID_ENCODING);
312 return 0; 312 return 0;
313 } 313 }
314 if (form == 0) { 314 if (form == 0) {
315 if (len != 1) { 315 if (len != 1) {
316 ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); 316 ECerror(EC_R_INVALID_ENCODING);
317 return 0; 317 return 0;
318 } 318 }
319 return EC_POINT_set_to_infinity(group, point); 319 return EC_POINT_set_to_infinity(group, point);
@@ -323,7 +323,7 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
323 1 + 2 * field_len; 323 1 + 2 * field_len;
324 324
325 if (len != enc_len) { 325 if (len != enc_len) {
326 ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); 326 ECerror(EC_R_INVALID_ENCODING);
327 return 0; 327 return 0;
328 } 328 }
329 if (ctx == NULL) { 329 if (ctx == NULL) {
@@ -342,7 +342,7 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
342 if (!BN_bin2bn(buf + 1, field_len, x)) 342 if (!BN_bin2bn(buf + 1, field_len, x))
343 goto err; 343 goto err;
344 if (BN_ucmp(x, &group->field) >= 0) { 344 if (BN_ucmp(x, &group->field) >= 0) {
345 ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); 345 ECerror(EC_R_INVALID_ENCODING);
346 goto err; 346 goto err;
347 } 347 }
348 if (form == POINT_CONVERSION_COMPRESSED) { 348 if (form == POINT_CONVERSION_COMPRESSED) {
@@ -352,14 +352,14 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
352 if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) 352 if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
353 goto err; 353 goto err;
354 if (BN_ucmp(y, &group->field) >= 0) { 354 if (BN_ucmp(y, &group->field) >= 0) {
355 ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); 355 ECerror(EC_R_INVALID_ENCODING);
356 goto err; 356 goto err;
357 } 357 }
358 if (form == POINT_CONVERSION_HYBRID) { 358 if (form == POINT_CONVERSION_HYBRID) {
359 if (!group->meth->field_div(group, yxi, y, x, ctx)) 359 if (!group->meth->field_div(group, yxi, y, x, ctx))
360 goto err; 360 goto err;
361 if (y_bit != BN_is_odd(yxi)) { 361 if (y_bit != BN_is_odd(yxi)) {
362 ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); 362 ECerror(EC_R_INVALID_ENCODING);
363 goto err; 363 goto err;
364 } 364 }
365 } 365 }
@@ -369,7 +369,7 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
369 369
370 /* test required by X9.62 */ 370 /* test required by X9.62 */
371 if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { 371 if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
372 ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); 372 ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
373 goto err; 373 goto err;
374 } 374 }
375 ret = 1; 375 ret = 1;
diff --git a/src/lib/libcrypto/ec/ec2_smpl.c b/src/lib/libcrypto/ec/ec2_smpl.c
index 43f0afd5ae..6157599990 100644
--- a/src/lib/libcrypto/ec/ec2_smpl.c
+++ b/src/lib/libcrypto/ec/ec2_smpl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec2_smpl.c,v 1.14 2015/02/09 15:49:22 jsing Exp $ */ 1/* $OpenBSD: ec2_smpl.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
4 * 4 *
@@ -212,7 +212,7 @@ ec_GF2m_simple_group_set_curve(EC_GROUP * group,
212 goto err; 212 goto err;
213 i = BN_GF2m_poly2arr(&group->field, group->poly, 6) - 1; 213 i = BN_GF2m_poly2arr(&group->field, group->poly, 6) - 1;
214 if ((i != 5) && (i != 3)) { 214 if ((i != 5) && (i != 3)) {
215 ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); 215 ECerror(EC_R_UNSUPPORTED_FIELD);
216 goto err; 216 goto err;
217 } 217 }
218 /* group->a */ 218 /* group->a */
@@ -286,7 +286,7 @@ ec_GF2m_simple_group_check_discriminant(const EC_GROUP * group, BN_CTX * ctx)
286 if (ctx == NULL) { 286 if (ctx == NULL) {
287 ctx = new_ctx = BN_CTX_new(); 287 ctx = new_ctx = BN_CTX_new();
288 if (ctx == NULL) { 288 if (ctx == NULL) {
289 ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE); 289 ECerror(ERR_R_MALLOC_FAILURE);
290 goto err; 290 goto err;
291 } 291 }
292 } 292 }
@@ -383,7 +383,7 @@ ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP * group, EC_POINT * p
383{ 383{
384 int ret = 0; 384 int ret = 0;
385 if (x == NULL || y == NULL) { 385 if (x == NULL || y == NULL) {
386 ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER); 386 ECerror(ERR_R_PASSED_NULL_PARAMETER);
387 return 0; 387 return 0;
388 } 388 }
389 if (!BN_copy(&point->X, x)) 389 if (!BN_copy(&point->X, x))
@@ -413,11 +413,11 @@ ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group,
413 int ret = 0; 413 int ret = 0;
414 414
415 if (EC_POINT_is_at_infinity(group, point) > 0) { 415 if (EC_POINT_is_at_infinity(group, point) > 0) {
416 ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY); 416 ECerror(EC_R_POINT_AT_INFINITY);
417 return 0; 417 return 0;
418 } 418 }
419 if (BN_cmp(&point->Z, BN_value_one())) { 419 if (BN_cmp(&point->Z, BN_value_one())) {
420 ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 420 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
421 return 0; 421 return 0;
422 } 422 }
423 if (x != NULL) { 423 if (x != NULL) {
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index 0dab68d5fe..8d0cdb733b 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec_ameth.c,v 1.17 2016/10/19 16:49:11 jsing Exp $ */ 1/* $OpenBSD: ec_ameth.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -74,7 +74,7 @@ eckey_param2type(int *pptype, void **ppval, EC_KEY * ec_key)
74 const EC_GROUP *group; 74 const EC_GROUP *group;
75 int nid; 75 int nid;
76 if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) { 76 if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) {
77 ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_PARAMETERS); 77 ECerror(EC_R_MISSING_PARAMETERS);
78 return 0; 78 return 0;
79 } 79 }
80 if (EC_GROUP_get_asn1_flag(group) && 80 if (EC_GROUP_get_asn1_flag(group) &&
@@ -91,7 +91,7 @@ eckey_param2type(int *pptype, void **ppval, EC_KEY * ec_key)
91 pstr->length = i2d_ECParameters(ec_key, &pstr->data); 91 pstr->length = i2d_ECParameters(ec_key, &pstr->data);
92 if (pstr->length <= 0) { 92 if (pstr->length <= 0) {
93 ASN1_STRING_free(pstr); 93 ASN1_STRING_free(pstr);
94 ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB); 94 ECerror(ERR_R_EC_LIB);
95 return 0; 95 return 0;
96 } 96 }
97 *ppval = pstr; 97 *ppval = pstr;
@@ -110,7 +110,7 @@ eckey_pub_encode(X509_PUBKEY * pk, const EVP_PKEY * pkey)
110 int penclen; 110 int penclen;
111 111
112 if (!eckey_param2type(&ptype, &pval, ec_key)) { 112 if (!eckey_param2type(&ptype, &pval, ec_key)) {
113 ECerr(EC_F_ECKEY_PUB_ENCODE, ERR_R_EC_LIB); 113 ECerror(ERR_R_EC_LIB);
114 return 0; 114 return 0;
115 } 115 }
116 penclen = i2o_ECPublicKey(ec_key, NULL); 116 penclen = i2o_ECPublicKey(ec_key, NULL);
@@ -148,7 +148,7 @@ eckey_type2param(int ptype, void *pval)
148 pm = pstr->data; 148 pm = pstr->data;
149 pmlen = pstr->length; 149 pmlen = pstr->length;
150 if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) { 150 if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) {
151 ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); 151 ECerror(EC_R_DECODE_ERROR);
152 goto ecerr; 152 goto ecerr;
153 } 153 }
154 } else if (ptype == V_ASN1_OBJECT) { 154 } else if (ptype == V_ASN1_OBJECT) {
@@ -160,7 +160,7 @@ eckey_type2param(int ptype, void *pval)
160 * asn1 OID 160 * asn1 OID
161 */ 161 */
162 if ((eckey = EC_KEY_new()) == NULL) { 162 if ((eckey = EC_KEY_new()) == NULL) {
163 ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE); 163 ECerror(ERR_R_MALLOC_FAILURE);
164 goto ecerr; 164 goto ecerr;
165 } 165 }
166 group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid)); 166 group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid));
@@ -171,7 +171,7 @@ eckey_type2param(int ptype, void *pval)
171 goto ecerr; 171 goto ecerr;
172 EC_GROUP_free(group); 172 EC_GROUP_free(group);
173 } else { 173 } else {
174 ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); 174 ECerror(EC_R_DECODE_ERROR);
175 goto ecerr; 175 goto ecerr;
176 } 176 }
177 177
@@ -199,12 +199,12 @@ eckey_pub_decode(EVP_PKEY * pkey, X509_PUBKEY * pubkey)
199 eckey = eckey_type2param(ptype, pval); 199 eckey = eckey_type2param(ptype, pval);
200 200
201 if (!eckey) { 201 if (!eckey) {
202 ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB); 202 ECerror(ERR_R_EC_LIB);
203 return 0; 203 return 0;
204 } 204 }
205 /* We have parameters now set public key */ 205 /* We have parameters now set public key */
206 if (!o2i_ECPublicKey(&eckey, &p, pklen)) { 206 if (!o2i_ECPublicKey(&eckey, &p, pklen)) {
207 ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR); 207 ECerror(EC_R_DECODE_ERROR);
208 goto ecerr; 208 goto ecerr;
209 } 209 }
210 EVP_PKEY_assign_EC_KEY(pkey, eckey); 210 EVP_PKEY_assign_EC_KEY(pkey, eckey);
@@ -251,7 +251,7 @@ eckey_priv_decode(EVP_PKEY * pkey, PKCS8_PRIV_KEY_INFO * p8)
251 251
252 /* We have parameters now set private key */ 252 /* We have parameters now set private key */
253 if (!d2i_ECPrivateKey(&eckey, &p, pklen)) { 253 if (!d2i_ECPrivateKey(&eckey, &p, pklen)) {
254 ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR); 254 ECerror(EC_R_DECODE_ERROR);
255 goto ecerr; 255 goto ecerr;
256 } 256 }
257 /* calculate public key (if necessary) */ 257 /* calculate public key (if necessary) */
@@ -266,23 +266,23 @@ eckey_priv_decode(EVP_PKEY * pkey, PKCS8_PRIV_KEY_INFO * p8)
266 group = EC_KEY_get0_group(eckey); 266 group = EC_KEY_get0_group(eckey);
267 pub_key = EC_POINT_new(group); 267 pub_key = EC_POINT_new(group);
268 if (pub_key == NULL) { 268 if (pub_key == NULL) {
269 ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); 269 ECerror(ERR_R_EC_LIB);
270 goto ecliberr; 270 goto ecliberr;
271 } 271 }
272 if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) { 272 if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
273 EC_POINT_free(pub_key); 273 EC_POINT_free(pub_key);
274 ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); 274 ECerror(ERR_R_EC_LIB);
275 goto ecliberr; 275 goto ecliberr;
276 } 276 }
277 priv_key = EC_KEY_get0_private_key(eckey); 277 priv_key = EC_KEY_get0_private_key(eckey);
278 if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) { 278 if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) {
279 EC_POINT_free(pub_key); 279 EC_POINT_free(pub_key);
280 ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); 280 ECerror(ERR_R_EC_LIB);
281 goto ecliberr; 281 goto ecliberr;
282 } 282 }
283 if (EC_KEY_set_public_key(eckey, pub_key) == 0) { 283 if (EC_KEY_set_public_key(eckey, pub_key) == 0) {
284 EC_POINT_free(pub_key); 284 EC_POINT_free(pub_key);
285 ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); 285 ECerror(ERR_R_EC_LIB);
286 goto ecliberr; 286 goto ecliberr;
287 } 287 }
288 EC_POINT_free(pub_key); 288 EC_POINT_free(pub_key);
@@ -291,7 +291,7 @@ eckey_priv_decode(EVP_PKEY * pkey, PKCS8_PRIV_KEY_INFO * p8)
291 return 1; 291 return 1;
292 292
293ecliberr: 293ecliberr:
294 ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); 294 ECerror(ERR_R_EC_LIB);
295ecerr: 295ecerr:
296 if (eckey) 296 if (eckey)
297 EC_KEY_free(eckey); 297 EC_KEY_free(eckey);
@@ -310,7 +310,7 @@ eckey_priv_encode(PKCS8_PRIV_KEY_INFO * p8, const EVP_PKEY * pkey)
310 ec_key = pkey->pkey.ec; 310 ec_key = pkey->pkey.ec;
311 311
312 if (!eckey_param2type(&ptype, &pval, ec_key)) { 312 if (!eckey_param2type(&ptype, &pval, ec_key)) {
313 ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR); 313 ECerror(EC_R_DECODE_ERROR);
314 return 0; 314 return 0;
315 } 315 }
316 /* set the private key */ 316 /* set the private key */
@@ -325,20 +325,20 @@ eckey_priv_encode(PKCS8_PRIV_KEY_INFO * p8, const EVP_PKEY * pkey)
325 eplen = i2d_ECPrivateKey(ec_key, NULL); 325 eplen = i2d_ECPrivateKey(ec_key, NULL);
326 if (!eplen) { 326 if (!eplen) {
327 EC_KEY_set_enc_flags(ec_key, old_flags); 327 EC_KEY_set_enc_flags(ec_key, old_flags);
328 ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); 328 ECerror(ERR_R_EC_LIB);
329 return 0; 329 return 0;
330 } 330 }
331 ep = malloc(eplen); 331 ep = malloc(eplen);
332 if (!ep) { 332 if (!ep) {
333 EC_KEY_set_enc_flags(ec_key, old_flags); 333 EC_KEY_set_enc_flags(ec_key, old_flags);
334 ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); 334 ECerror(ERR_R_MALLOC_FAILURE);
335 return 0; 335 return 0;
336 } 336 }
337 p = ep; 337 p = ep;
338 if (!i2d_ECPrivateKey(ec_key, &p)) { 338 if (!i2d_ECPrivateKey(ec_key, &p)) {
339 EC_KEY_set_enc_flags(ec_key, old_flags); 339 EC_KEY_set_enc_flags(ec_key, old_flags);
340 free(ep); 340 free(ep);
341 ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); 341 ECerror(ERR_R_EC_LIB);
342 return 0; 342 return 0;
343 } 343 }
344 /* restore old encoding flags */ 344 /* restore old encoding flags */
@@ -483,7 +483,7 @@ do_EC_KEY_print(BIO * bp, const EC_KEY * x, int off, int ktype)
483 ret = 1; 483 ret = 1;
484err: 484err:
485 if (!ret) 485 if (!ret)
486 ECerr(EC_F_DO_EC_KEY_PRINT, reason); 486 ECerror(reason);
487 BN_free(pub_key); 487 BN_free(pub_key);
488 BN_free(order); 488 BN_free(order);
489 BN_CTX_free(ctx); 489 BN_CTX_free(ctx);
@@ -497,7 +497,7 @@ eckey_param_decode(EVP_PKEY * pkey,
497{ 497{
498 EC_KEY *eckey; 498 EC_KEY *eckey;
499 if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) { 499 if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) {
500 ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB); 500 ECerror(ERR_R_EC_LIB);
501 return 0; 501 return 0;
502 } 502 }
503 EVP_PKEY_assign_EC_KEY(pkey, eckey); 503 EVP_PKEY_assign_EC_KEY(pkey, eckey);
@@ -538,7 +538,7 @@ old_ec_priv_decode(EVP_PKEY * pkey,
538{ 538{
539 EC_KEY *ec; 539 EC_KEY *ec;
540 if (!(ec = d2i_ECPrivateKey(NULL, pder, derlen))) { 540 if (!(ec = d2i_ECPrivateKey(NULL, pder, derlen))) {
541 ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR); 541 ECerror(EC_R_DECODE_ERROR);
542 return 0; 542 return 0;
543 } 543 }
544 EVP_PKEY_assign_EC_KEY(pkey, ec); 544 EVP_PKEY_assign_EC_KEY(pkey, ec);
diff --git a/src/lib/libcrypto/ec/ec_asn1.c b/src/lib/libcrypto/ec/ec_asn1.c
index 3234e7a6f2..dddf71c6e5 100644
--- a/src/lib/libcrypto/ec/ec_asn1.c
+++ b/src/lib/libcrypto/ec/ec_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec_asn1.c,v 1.22 2016/03/20 16:50:29 krw Exp $ */ 1/* $OpenBSD: ec_asn1.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -96,7 +96,7 @@ EC_GROUP_get_trinomial_basis(const EC_GROUP * group, unsigned int *k)
96 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 96 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
97 NID_X9_62_characteristic_two_field 97 NID_X9_62_characteristic_two_field
98 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) { 98 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) {
99 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 99 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
100 return 0; 100 return 0;
101 } 101 }
102 if (k) 102 if (k)
@@ -114,7 +114,7 @@ EC_GROUP_get_pentanomial_basis(const EC_GROUP * group, unsigned int *k1,
114 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 114 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
115 NID_X9_62_characteristic_two_field 115 NID_X9_62_characteristic_two_field
116 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) { 116 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) {
117 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 117 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
118 return 0; 118 return 0;
119 } 119 }
120 if (k1) 120 if (k1)
@@ -696,29 +696,29 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
696 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); 696 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
697 /* set OID for the field */ 697 /* set OID for the field */
698 if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { 698 if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) {
699 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); 699 ECerror(ERR_R_OBJ_LIB);
700 goto err; 700 goto err;
701 } 701 }
702 if (nid == NID_X9_62_prime_field) { 702 if (nid == NID_X9_62_prime_field) {
703 if ((tmp = BN_new()) == NULL) { 703 if ((tmp = BN_new()) == NULL) {
704 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 704 ECerror(ERR_R_MALLOC_FAILURE);
705 goto err; 705 goto err;
706 } 706 }
707 /* the parameters are specified by the prime number p */ 707 /* the parameters are specified by the prime number p */
708 if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) { 708 if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) {
709 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); 709 ECerror(ERR_R_EC_LIB);
710 goto err; 710 goto err;
711 } 711 }
712 /* set the prime number */ 712 /* set the prime number */
713 field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL); 713 field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL);
714 if (field->p.prime == NULL) { 714 if (field->p.prime == NULL) {
715 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); 715 ECerror(ERR_R_ASN1_LIB);
716 goto err; 716 goto err;
717 } 717 }
718 } else /* nid == NID_X9_62_characteristic_two_field */ 718 } else /* nid == NID_X9_62_characteristic_two_field */
719#ifdef OPENSSL_NO_EC2M 719#ifdef OPENSSL_NO_EC2M
720 { 720 {
721 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED); 721 ECerror(EC_R_GF2M_NOT_SUPPORTED);
722 goto err; 722 goto err;
723 } 723 }
724#else 724#else
@@ -730,7 +730,7 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
730 char_two = field->p.char_two; 730 char_two = field->p.char_two;
731 731
732 if (char_two == NULL) { 732 if (char_two == NULL) {
733 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 733 ECerror(ERR_R_MALLOC_FAILURE);
734 goto err; 734 goto err;
735 } 735 }
736 char_two->m = (long) EC_GROUP_get_degree(group); 736 char_two->m = (long) EC_GROUP_get_degree(group);
@@ -738,12 +738,12 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
738 field_type = EC_GROUP_get_basis_type(group); 738 field_type = EC_GROUP_get_basis_type(group);
739 739
740 if (field_type == 0) { 740 if (field_type == 0) {
741 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); 741 ECerror(ERR_R_EC_LIB);
742 goto err; 742 goto err;
743 } 743 }
744 /* set base type OID */ 744 /* set base type OID */
745 if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) { 745 if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) {
746 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); 746 ECerror(ERR_R_OBJ_LIB);
747 goto err; 747 goto err;
748 } 748 }
749 if (field_type == NID_X9_62_tpBasis) { 749 if (field_type == NID_X9_62_tpBasis) {
@@ -754,12 +754,11 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
754 754
755 char_two->p.tpBasis = ASN1_INTEGER_new(); 755 char_two->p.tpBasis = ASN1_INTEGER_new();
756 if (!char_two->p.tpBasis) { 756 if (!char_two->p.tpBasis) {
757 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 757 ECerror(ERR_R_MALLOC_FAILURE);
758 goto err; 758 goto err;
759 } 759 }
760 if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long) k)) { 760 if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long) k)) {
761 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, 761 ECerror(ERR_R_ASN1_LIB);
762 ERR_R_ASN1_LIB);
763 goto err; 762 goto err;
764 } 763 }
765 } else if (field_type == NID_X9_62_ppBasis) { 764 } else if (field_type == NID_X9_62_ppBasis) {
@@ -770,7 +769,7 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
770 769
771 char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); 770 char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
772 if (!char_two->p.ppBasis) { 771 if (!char_two->p.ppBasis) {
773 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 772 ECerror(ERR_R_MALLOC_FAILURE);
774 goto err; 773 goto err;
775 } 774 }
776 /* set k? values */ 775 /* set k? values */
@@ -781,7 +780,7 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
781 /* for ONB the parameters are (asn1) NULL */ 780 /* for ONB the parameters are (asn1) NULL */
782 char_two->p.onBasis = ASN1_NULL_new(); 781 char_two->p.onBasis = ASN1_NULL_new();
783 if (!char_two->p.onBasis) { 782 if (!char_two->p.onBasis) {
784 ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); 783 ECerror(ERR_R_MALLOC_FAILURE);
785 goto err; 784 goto err;
786 } 785 }
787 } 786 }
@@ -809,7 +808,7 @@ ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
809 return 0; 808 return 0;
810 809
811 if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) { 810 if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) {
812 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); 811 ECerror(ERR_R_MALLOC_FAILURE);
813 goto err; 812 goto err;
814 } 813 }
815 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); 814 nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
@@ -817,14 +816,14 @@ ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
817 /* get a and b */ 816 /* get a and b */
818 if (nid == NID_X9_62_prime_field) { 817 if (nid == NID_X9_62_prime_field) {
819 if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) { 818 if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) {
820 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); 819 ECerror(ERR_R_EC_LIB);
821 goto err; 820 goto err;
822 } 821 }
823 } 822 }
824#ifndef OPENSSL_NO_EC2M 823#ifndef OPENSSL_NO_EC2M
825 else { /* nid == NID_X9_62_characteristic_two_field */ 824 else { /* nid == NID_X9_62_characteristic_two_field */
826 if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) { 825 if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) {
827 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); 826 ECerror(ERR_R_EC_LIB);
828 goto err; 827 goto err;
829 } 828 }
830 } 829 }
@@ -838,12 +837,11 @@ ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
838 len_1 = 1; 837 len_1 = 1;
839 } else { 838 } else {
840 if ((buffer_1 = malloc(len_1)) == NULL) { 839 if ((buffer_1 = malloc(len_1)) == NULL) {
841 ECerr(EC_F_EC_ASN1_GROUP2CURVE, 840 ECerror(ERR_R_MALLOC_FAILURE);
842 ERR_R_MALLOC_FAILURE);
843 goto err; 841 goto err;
844 } 842 }
845 if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) { 843 if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) {
846 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); 844 ECerror(ERR_R_BN_LIB);
847 goto err; 845 goto err;
848 } 846 }
849 a_buf = buffer_1; 847 a_buf = buffer_1;
@@ -855,12 +853,11 @@ ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
855 len_2 = 1; 853 len_2 = 1;
856 } else { 854 } else {
857 if ((buffer_2 = malloc(len_2)) == NULL) { 855 if ((buffer_2 = malloc(len_2)) == NULL) {
858 ECerr(EC_F_EC_ASN1_GROUP2CURVE, 856 ECerror(ERR_R_MALLOC_FAILURE);
859 ERR_R_MALLOC_FAILURE);
860 goto err; 857 goto err;
861 } 858 }
862 if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) { 859 if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) {
863 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); 860 ECerror(ERR_R_BN_LIB);
864 goto err; 861 goto err;
865 } 862 }
866 b_buf = buffer_2; 863 b_buf = buffer_2;
@@ -869,21 +866,21 @@ ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
869 /* set a and b */ 866 /* set a and b */
870 if (!ASN1_STRING_set(curve->a, a_buf, len_1) || 867 if (!ASN1_STRING_set(curve->a, a_buf, len_1) ||
871 !ASN1_STRING_set(curve->b, b_buf, len_2)) { 868 !ASN1_STRING_set(curve->b, b_buf, len_2)) {
872 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); 869 ECerror(ERR_R_ASN1_LIB);
873 goto err; 870 goto err;
874 } 871 }
875 /* set the seed (optional) */ 872 /* set the seed (optional) */
876 if (group->seed) { 873 if (group->seed) {
877 if (!curve->seed) 874 if (!curve->seed)
878 if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) { 875 if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) {
879 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); 876 ECerror(ERR_R_MALLOC_FAILURE);
880 goto err; 877 goto err;
881 } 878 }
882 curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 879 curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
883 curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT; 880 curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
884 if (!ASN1_BIT_STRING_set(curve->seed, group->seed, 881 if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
885 (int) group->seed_len)) { 882 (int) group->seed_len)) {
886 ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); 883 ECerror(ERR_R_ASN1_LIB);
887 goto err; 884 goto err;
888 } 885 }
889 } else { 886 } else {
@@ -915,13 +912,12 @@ ec_asn1_group2parameters(const EC_GROUP * group, ECPARAMETERS * param)
915 point_conversion_form_t form; 912 point_conversion_form_t form;
916 913
917 if ((tmp = BN_new()) == NULL) { 914 if ((tmp = BN_new()) == NULL) {
918 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); 915 ECerror(ERR_R_MALLOC_FAILURE);
919 goto err; 916 goto err;
920 } 917 }
921 if (param == NULL) { 918 if (param == NULL) {
922 if ((ret = ECPARAMETERS_new()) == NULL) { 919 if ((ret = ECPARAMETERS_new()) == NULL) {
923 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, 920 ECerror(ERR_R_MALLOC_FAILURE);
924 ERR_R_MALLOC_FAILURE);
925 goto err; 921 goto err;
926 } 922 }
927 } else 923 } else
@@ -932,57 +928,57 @@ ec_asn1_group2parameters(const EC_GROUP * group, ECPARAMETERS * param)
932 928
933 /* set the fieldID */ 929 /* set the fieldID */
934 if (!ec_asn1_group2fieldid(group, ret->fieldID)) { 930 if (!ec_asn1_group2fieldid(group, ret->fieldID)) {
935 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 931 ECerror(ERR_R_EC_LIB);
936 goto err; 932 goto err;
937 } 933 }
938 /* set the curve */ 934 /* set the curve */
939 if (!ec_asn1_group2curve(group, ret->curve)) { 935 if (!ec_asn1_group2curve(group, ret->curve)) {
940 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 936 ECerror(ERR_R_EC_LIB);
941 goto err; 937 goto err;
942 } 938 }
943 /* set the base point */ 939 /* set the base point */
944 if ((point = EC_GROUP_get0_generator(group)) == NULL) { 940 if ((point = EC_GROUP_get0_generator(group)) == NULL) {
945 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR); 941 ECerror(EC_R_UNDEFINED_GENERATOR);
946 goto err; 942 goto err;
947 } 943 }
948 form = EC_GROUP_get_point_conversion_form(group); 944 form = EC_GROUP_get_point_conversion_form(group);
949 945
950 len = EC_POINT_point2oct(group, point, form, NULL, len, NULL); 946 len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);
951 if (len == 0) { 947 if (len == 0) {
952 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 948 ECerror(ERR_R_EC_LIB);
953 goto err; 949 goto err;
954 } 950 }
955 if ((buffer = malloc(len)) == NULL) { 951 if ((buffer = malloc(len)) == NULL) {
956 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); 952 ECerror(ERR_R_MALLOC_FAILURE);
957 goto err; 953 goto err;
958 } 954 }
959 if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) { 955 if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) {
960 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 956 ECerror(ERR_R_EC_LIB);
961 goto err; 957 goto err;
962 } 958 }
963 if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) { 959 if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) {
964 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); 960 ECerror(ERR_R_MALLOC_FAILURE);
965 goto err; 961 goto err;
966 } 962 }
967 if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) { 963 if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) {
968 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); 964 ECerror(ERR_R_ASN1_LIB);
969 goto err; 965 goto err;
970 } 966 }
971 /* set the order */ 967 /* set the order */
972 if (!EC_GROUP_get_order(group, tmp, NULL)) { 968 if (!EC_GROUP_get_order(group, tmp, NULL)) {
973 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); 969 ECerror(ERR_R_EC_LIB);
974 goto err; 970 goto err;
975 } 971 }
976 ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); 972 ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
977 if (ret->order == NULL) { 973 if (ret->order == NULL) {
978 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); 974 ECerror(ERR_R_ASN1_LIB);
979 goto err; 975 goto err;
980 } 976 }
981 /* set the cofactor (optional) */ 977 /* set the cofactor (optional) */
982 if (EC_GROUP_get_cofactor(group, tmp, NULL)) { 978 if (EC_GROUP_get_cofactor(group, tmp, NULL)) {
983 ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); 979 ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
984 if (ret->cofactor == NULL) { 980 if (ret->cofactor == NULL) {
985 ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); 981 ECerror(ERR_R_ASN1_LIB);
986 goto err; 982 goto err;
987 } 983 }
988 } 984 }
@@ -1006,8 +1002,7 @@ ec_asn1_group2pkparameters(const EC_GROUP * group, ECPKPARAMETERS * params)
1006 1002
1007 if (ret == NULL) { 1003 if (ret == NULL) {
1008 if ((ret = ECPKPARAMETERS_new()) == NULL) { 1004 if ((ret = ECPKPARAMETERS_new()) == NULL) {
1009 ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, 1005 ECerror(ERR_R_MALLOC_FAILURE);
1010 ERR_R_MALLOC_FAILURE);
1011 return NULL; 1006 return NULL;
1012 } 1007 }
1013 } else { 1008 } else {
@@ -1056,24 +1051,24 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
1056 1051
1057 if (!params->fieldID || !params->fieldID->fieldType || 1052 if (!params->fieldID || !params->fieldID->fieldType ||
1058 !params->fieldID->p.ptr) { 1053 !params->fieldID->p.ptr) {
1059 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 1054 ECerror(EC_R_ASN1_ERROR);
1060 goto err; 1055 goto err;
1061 } 1056 }
1062 /* now extract the curve parameters a and b */ 1057 /* now extract the curve parameters a and b */
1063 if (!params->curve || !params->curve->a || 1058 if (!params->curve || !params->curve->a ||
1064 !params->curve->a->data || !params->curve->b || 1059 !params->curve->a->data || !params->curve->b ||
1065 !params->curve->b->data) { 1060 !params->curve->b->data) {
1066 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 1061 ECerror(EC_R_ASN1_ERROR);
1067 goto err; 1062 goto err;
1068 } 1063 }
1069 a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); 1064 a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
1070 if (a == NULL) { 1065 if (a == NULL) {
1071 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); 1066 ECerror(ERR_R_BN_LIB);
1072 goto err; 1067 goto err;
1073 } 1068 }
1074 b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); 1069 b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
1075 if (b == NULL) { 1070 if (b == NULL) {
1076 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); 1071 ECerror(ERR_R_BN_LIB);
1077 goto err; 1072 goto err;
1078 } 1073 }
1079 /* get the field parameters */ 1074 /* get the field parameters */
@@ -1081,7 +1076,7 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
1081 if (tmp == NID_X9_62_characteristic_two_field) 1076 if (tmp == NID_X9_62_characteristic_two_field)
1082#ifdef OPENSSL_NO_EC2M 1077#ifdef OPENSSL_NO_EC2M
1083 { 1078 {
1084 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_GF2M_NOT_SUPPORTED); 1079 ECerror(EC_R_GF2M_NOT_SUPPORTED);
1085 goto err; 1080 goto err;
1086 } 1081 }
1087#else 1082#else
@@ -1092,11 +1087,11 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
1092 1087
1093 field_bits = char_two->m; 1088 field_bits = char_two->m;
1094 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 1089 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
1095 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); 1090 ECerror(EC_R_FIELD_TOO_LARGE);
1096 goto err; 1091 goto err;
1097 } 1092 }
1098 if ((p = BN_new()) == NULL) { 1093 if ((p = BN_new()) == NULL) {
1099 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); 1094 ECerror(ERR_R_MALLOC_FAILURE);
1100 goto err; 1095 goto err;
1101 } 1096 }
1102 /* get the base type */ 1097 /* get the base type */
@@ -1106,13 +1101,13 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
1106 long tmp_long; 1101 long tmp_long;
1107 1102
1108 if (!char_two->p.tpBasis) { 1103 if (!char_two->p.tpBasis) {
1109 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 1104 ECerror(EC_R_ASN1_ERROR);
1110 goto err; 1105 goto err;
1111 } 1106 }
1112 tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); 1107 tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
1113 1108
1114 if (!(char_two->m > tmp_long && tmp_long > 0)) { 1109 if (!(char_two->m > tmp_long && tmp_long > 0)) {
1115 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_TRINOMIAL_BASIS); 1110 ECerror(EC_R_INVALID_TRINOMIAL_BASIS);
1116 goto err; 1111 goto err;
1117 } 1112 }
1118 /* create the polynomial */ 1113 /* create the polynomial */
@@ -1127,11 +1122,11 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
1127 1122
1128 penta = char_two->p.ppBasis; 1123 penta = char_two->p.ppBasis;
1129 if (!penta) { 1124 if (!penta) {
1130 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 1125 ECerror(EC_R_ASN1_ERROR);
1131 goto err; 1126 goto err;
1132 } 1127 }
1133 if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0)) { 1128 if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0)) {
1134 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_PENTANOMIAL_BASIS); 1129 ECerror(EC_R_INVALID_PENTANOMIAL_BASIS);
1135 goto err; 1130 goto err;
1136 } 1131 }
1137 /* create the polynomial */ 1132 /* create the polynomial */
@@ -1146,10 +1141,10 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
1146 if (!BN_set_bit(p, 0)) 1141 if (!BN_set_bit(p, 0))
1147 goto err; 1142 goto err;
1148 } else if (tmp == NID_X9_62_onBasis) { 1143 } else if (tmp == NID_X9_62_onBasis) {
1149 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED); 1144 ECerror(EC_R_NOT_IMPLEMENTED);
1150 goto err; 1145 goto err;
1151 } else { /* error */ 1146 } else { /* error */
1152 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 1147 ECerror(EC_R_ASN1_ERROR);
1153 goto err; 1148 goto err;
1154 } 1149 }
1155 1150
@@ -1161,40 +1156,39 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
1161 /* we have a curve over a prime field */ 1156 /* we have a curve over a prime field */
1162 /* extract the prime number */ 1157 /* extract the prime number */
1163 if (!params->fieldID->p.prime) { 1158 if (!params->fieldID->p.prime) {
1164 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 1159 ECerror(EC_R_ASN1_ERROR);
1165 goto err; 1160 goto err;
1166 } 1161 }
1167 p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); 1162 p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
1168 if (p == NULL) { 1163 if (p == NULL) {
1169 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); 1164 ECerror(ERR_R_ASN1_LIB);
1170 goto err; 1165 goto err;
1171 } 1166 }
1172 if (BN_is_negative(p) || BN_is_zero(p)) { 1167 if (BN_is_negative(p) || BN_is_zero(p)) {
1173 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); 1168 ECerror(EC_R_INVALID_FIELD);
1174 goto err; 1169 goto err;
1175 } 1170 }
1176 field_bits = BN_num_bits(p); 1171 field_bits = BN_num_bits(p);
1177 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 1172 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
1178 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); 1173 ECerror(EC_R_FIELD_TOO_LARGE);
1179 goto err; 1174 goto err;
1180 } 1175 }
1181 /* create the EC_GROUP structure */ 1176 /* create the EC_GROUP structure */
1182 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); 1177 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
1183 } else { 1178 } else {
1184 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); 1179 ECerror(EC_R_INVALID_FIELD);
1185 goto err; 1180 goto err;
1186 } 1181 }
1187 1182
1188 if (ret == NULL) { 1183 if (ret == NULL) {
1189 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 1184 ECerror(ERR_R_EC_LIB);
1190 goto err; 1185 goto err;
1191 } 1186 }
1192 /* extract seed (optional) */ 1187 /* extract seed (optional) */
1193 if (params->curve->seed != NULL) { 1188 if (params->curve->seed != NULL) {
1194 free(ret->seed); 1189 free(ret->seed);
1195 if (!(ret->seed = malloc(params->curve->seed->length))) { 1190 if (!(ret->seed = malloc(params->curve->seed->length))) {
1196 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, 1191 ECerror(ERR_R_MALLOC_FAILURE);
1197 ERR_R_MALLOC_FAILURE);
1198 goto err; 1192 goto err;
1199 } 1193 }
1200 memcpy(ret->seed, params->curve->seed->data, 1194 memcpy(ret->seed, params->curve->seed->data,
@@ -1202,7 +1196,7 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
1202 ret->seed_len = params->curve->seed->length; 1196 ret->seed_len = params->curve->seed->length;
1203 } 1197 }
1204 if (!params->order || !params->base || !params->base->data) { 1198 if (!params->order || !params->base || !params->base->data) {
1205 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); 1199 ECerror(EC_R_ASN1_ERROR);
1206 goto err; 1200 goto err;
1207 } 1201 }
1208 if ((point = EC_POINT_new(ret)) == NULL) 1202 if ((point = EC_POINT_new(ret)) == NULL)
@@ -1215,20 +1209,20 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
1215 /* extract the ec point */ 1209 /* extract the ec point */
1216 if (!EC_POINT_oct2point(ret, point, params->base->data, 1210 if (!EC_POINT_oct2point(ret, point, params->base->data,
1217 params->base->length, NULL)) { 1211 params->base->length, NULL)) {
1218 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 1212 ECerror(ERR_R_EC_LIB);
1219 goto err; 1213 goto err;
1220 } 1214 }
1221 /* extract the order */ 1215 /* extract the order */
1222 if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) { 1216 if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
1223 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); 1217 ECerror(ERR_R_ASN1_LIB);
1224 goto err; 1218 goto err;
1225 } 1219 }
1226 if (BN_is_negative(a) || BN_is_zero(a)) { 1220 if (BN_is_negative(a) || BN_is_zero(a)) {
1227 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); 1221 ECerror(EC_R_INVALID_GROUP_ORDER);
1228 goto err; 1222 goto err;
1229 } 1223 }
1230 if (BN_num_bits(a) > (int) field_bits + 1) { /* Hasse bound */ 1224 if (BN_num_bits(a) > (int) field_bits + 1) { /* Hasse bound */
1231 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); 1225 ECerror(EC_R_INVALID_GROUP_ORDER);
1232 goto err; 1226 goto err;
1233 } 1227 }
1234 /* extract the cofactor (optional) */ 1228 /* extract the cofactor (optional) */
@@ -1236,12 +1230,12 @@ ec_asn1_parameters2group(const ECPARAMETERS * params)
1236 BN_free(b); 1230 BN_free(b);
1237 b = NULL; 1231 b = NULL;
1238 } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) { 1232 } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
1239 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); 1233 ECerror(ERR_R_ASN1_LIB);
1240 goto err; 1234 goto err;
1241 } 1235 }
1242 /* set the generator, order and cofactor (if present) */ 1236 /* set the generator, order and cofactor (if present) */
1243 if (!EC_GROUP_set_generator(ret, point, a, b)) { 1237 if (!EC_GROUP_set_generator(ret, point, a, b)) {
1244 ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); 1238 ECerror(ERR_R_EC_LIB);
1245 goto err; 1239 goto err;
1246 } 1240 }
1247 ok = 1; 1241 ok = 1;
@@ -1264,15 +1258,13 @@ ec_asn1_pkparameters2group(const ECPKPARAMETERS * params)
1264 int tmp = 0; 1258 int tmp = 0;
1265 1259
1266 if (params == NULL) { 1260 if (params == NULL) {
1267 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, 1261 ECerror(EC_R_MISSING_PARAMETERS);
1268 EC_R_MISSING_PARAMETERS);
1269 return NULL; 1262 return NULL;
1270 } 1263 }
1271 if (params->type == 0) {/* the curve is given by an OID */ 1264 if (params->type == 0) {/* the curve is given by an OID */
1272 tmp = OBJ_obj2nid(params->value.named_curve); 1265 tmp = OBJ_obj2nid(params->value.named_curve);
1273 if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { 1266 if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) {
1274 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, 1267 ECerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
1275 EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
1276 return NULL; 1268 return NULL;
1277 } 1269 }
1278 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); 1270 EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
@@ -1280,14 +1272,14 @@ ec_asn1_pkparameters2group(const ECPKPARAMETERS * params)
1280 * ECPARAMETERS structure */ 1272 * ECPARAMETERS structure */
1281 ret = ec_asn1_parameters2group(params->value.parameters); 1273 ret = ec_asn1_parameters2group(params->value.parameters);
1282 if (!ret) { 1274 if (!ret) {
1283 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB); 1275 ECerror(ERR_R_EC_LIB);
1284 return NULL; 1276 return NULL;
1285 } 1277 }
1286 EC_GROUP_set_asn1_flag(ret, 0x0); 1278 EC_GROUP_set_asn1_flag(ret, 0x0);
1287 } else if (params->type == 2) { /* implicitlyCA */ 1279 } else if (params->type == 2) { /* implicitlyCA */
1288 return NULL; 1280 return NULL;
1289 } else { 1281 } else {
1290 ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR); 1282 ECerror(EC_R_ASN1_ERROR);
1291 return NULL; 1283 return NULL;
1292 } 1284 }
1293 1285
@@ -1303,11 +1295,11 @@ d2i_ECPKParameters(EC_GROUP ** a, const unsigned char **in, long len)
1303 ECPKPARAMETERS *params = NULL; 1295 ECPKPARAMETERS *params = NULL;
1304 1296
1305 if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { 1297 if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) {
1306 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); 1298 ECerror(EC_R_D2I_ECPKPARAMETERS_FAILURE);
1307 goto err; 1299 goto err;
1308 } 1300 }
1309 if ((group = ec_asn1_pkparameters2group(params)) == NULL) { 1301 if ((group = ec_asn1_pkparameters2group(params)) == NULL) {
1310 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); 1302 ECerror(EC_R_PKPARAMETERS2GROUP_FAILURE);
1311 goto err; 1303 goto err;
1312 } 1304 }
1313 1305
@@ -1327,11 +1319,11 @@ i2d_ECPKParameters(const EC_GROUP * a, unsigned char **out)
1327 int ret = 0; 1319 int ret = 0;
1328 ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL); 1320 ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL);
1329 if (tmp == NULL) { 1321 if (tmp == NULL) {
1330 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE); 1322 ECerror(EC_R_GROUP2PKPARAMETERS_FAILURE);
1331 return 0; 1323 return 0;
1332 } 1324 }
1333 if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) { 1325 if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) {
1334 ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE); 1326 ECerror(EC_R_I2D_ECPKPARAMETERS_FAILURE);
1335 ECPKPARAMETERS_free(tmp); 1327 ECPKPARAMETERS_free(tmp);
1336 return 0; 1328 return 0;
1337 } 1329 }
@@ -1348,17 +1340,17 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
1348 EC_PRIVATEKEY *priv_key = NULL; 1340 EC_PRIVATEKEY *priv_key = NULL;
1349 1341
1350 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { 1342 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
1351 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); 1343 ECerror(ERR_R_MALLOC_FAILURE);
1352 return NULL; 1344 return NULL;
1353 } 1345 }
1354 if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) { 1346 if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) {
1355 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1347 ECerror(ERR_R_EC_LIB);
1356 EC_PRIVATEKEY_free(priv_key); 1348 EC_PRIVATEKEY_free(priv_key);
1357 return NULL; 1349 return NULL;
1358 } 1350 }
1359 if (a == NULL || *a == NULL) { 1351 if (a == NULL || *a == NULL) {
1360 if ((ret = EC_KEY_new()) == NULL) { 1352 if ((ret = EC_KEY_new()) == NULL) {
1361 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); 1353 ECerror(ERR_R_MALLOC_FAILURE);
1362 goto err; 1354 goto err;
1363 } 1355 }
1364 } else 1356 } else
@@ -1369,7 +1361,7 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
1369 ret->group = ec_asn1_pkparameters2group(priv_key->parameters); 1361 ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
1370 } 1362 }
1371 if (ret->group == NULL) { 1363 if (ret->group == NULL) {
1372 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1364 ECerror(ERR_R_EC_LIB);
1373 goto err; 1365 goto err;
1374 } 1366 }
1375 ret->version = priv_key->version; 1367 ret->version = priv_key->version;
@@ -1380,13 +1372,11 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
1380 ASN1_STRING_length(priv_key->privateKey), 1372 ASN1_STRING_length(priv_key->privateKey),
1381 ret->priv_key); 1373 ret->priv_key);
1382 if (ret->priv_key == NULL) { 1374 if (ret->priv_key == NULL) {
1383 ECerr(EC_F_D2I_ECPRIVATEKEY, 1375 ECerror(ERR_R_BN_LIB);
1384 ERR_R_BN_LIB);
1385 goto err; 1376 goto err;
1386 } 1377 }
1387 } else { 1378 } else {
1388 ECerr(EC_F_D2I_ECPRIVATEKEY, 1379 ECerror(EC_R_MISSING_PRIVATE_KEY);
1389 EC_R_MISSING_PRIVATE_KEY);
1390 goto err; 1380 goto err;
1391 } 1381 }
1392 1382
@@ -1397,7 +1387,7 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
1397 EC_POINT_clear_free(ret->pub_key); 1387 EC_POINT_clear_free(ret->pub_key);
1398 ret->pub_key = EC_POINT_new(ret->group); 1388 ret->pub_key = EC_POINT_new(ret->group);
1399 if (ret->pub_key == NULL) { 1389 if (ret->pub_key == NULL) {
1400 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1390 ECerror(ERR_R_EC_LIB);
1401 goto err; 1391 goto err;
1402 } 1392 }
1403 pub_oct = ASN1_STRING_data(priv_key->publicKey); 1393 pub_oct = ASN1_STRING_data(priv_key->publicKey);
@@ -1406,7 +1396,7 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
1406 ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01); 1396 ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01);
1407 if (!EC_POINT_oct2point(ret->group, ret->pub_key, 1397 if (!EC_POINT_oct2point(ret->group, ret->pub_key,
1408 pub_oct, pub_oct_len, NULL)) { 1398 pub_oct, pub_oct_len, NULL)) {
1409 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 1399 ECerror(ERR_R_EC_LIB);
1410 goto err; 1400 goto err;
1411 } 1401 }
1412 } 1402 }
@@ -1434,13 +1424,11 @@ i2d_ECPrivateKey(EC_KEY * a, unsigned char **out)
1434 EC_PRIVATEKEY *priv_key = NULL; 1424 EC_PRIVATEKEY *priv_key = NULL;
1435 1425
1436 if (a == NULL || a->group == NULL || a->priv_key == NULL) { 1426 if (a == NULL || a->group == NULL || a->priv_key == NULL) {
1437 ECerr(EC_F_I2D_ECPRIVATEKEY, 1427 ECerror(ERR_R_PASSED_NULL_PARAMETER);
1438 ERR_R_PASSED_NULL_PARAMETER);
1439 goto err; 1428 goto err;
1440 } 1429 }
1441 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { 1430 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
1442 ECerr(EC_F_I2D_ECPRIVATEKEY, 1431 ECerror(ERR_R_MALLOC_FAILURE);
1443 ERR_R_MALLOC_FAILURE);
1444 goto err; 1432 goto err;
1445 } 1433 }
1446 priv_key->version = a->version; 1434 priv_key->version = a->version;
@@ -1448,30 +1436,28 @@ i2d_ECPrivateKey(EC_KEY * a, unsigned char **out)
1448 buf_len = (size_t) BN_num_bytes(a->priv_key); 1436 buf_len = (size_t) BN_num_bytes(a->priv_key);
1449 buffer = malloc(buf_len); 1437 buffer = malloc(buf_len);
1450 if (buffer == NULL) { 1438 if (buffer == NULL) {
1451 ECerr(EC_F_I2D_ECPRIVATEKEY, 1439 ECerror(ERR_R_MALLOC_FAILURE);
1452 ERR_R_MALLOC_FAILURE);
1453 goto err; 1440 goto err;
1454 } 1441 }
1455 if (!BN_bn2bin(a->priv_key, buffer)) { 1442 if (!BN_bn2bin(a->priv_key, buffer)) {
1456 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB); 1443 ECerror(ERR_R_BN_LIB);
1457 goto err; 1444 goto err;
1458 } 1445 }
1459 if (!ASN1_STRING_set(priv_key->privateKey, buffer, buf_len)) { 1446 if (!ASN1_STRING_set(priv_key->privateKey, buffer, buf_len)) {
1460 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); 1447 ECerror(ERR_R_ASN1_LIB);
1461 goto err; 1448 goto err;
1462 } 1449 }
1463 if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) { 1450 if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) {
1464 if ((priv_key->parameters = ec_asn1_group2pkparameters( 1451 if ((priv_key->parameters = ec_asn1_group2pkparameters(
1465 a->group, priv_key->parameters)) == NULL) { 1452 a->group, priv_key->parameters)) == NULL) {
1466 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); 1453 ECerror(ERR_R_EC_LIB);
1467 goto err; 1454 goto err;
1468 } 1455 }
1469 } 1456 }
1470 if (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key != NULL) { 1457 if (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key != NULL) {
1471 priv_key->publicKey = ASN1_BIT_STRING_new(); 1458 priv_key->publicKey = ASN1_BIT_STRING_new();
1472 if (priv_key->publicKey == NULL) { 1459 if (priv_key->publicKey == NULL) {
1473 ECerr(EC_F_I2D_ECPRIVATEKEY, 1460 ECerror(ERR_R_MALLOC_FAILURE);
1474 ERR_R_MALLOC_FAILURE);
1475 goto err; 1461 goto err;
1476 } 1462 }
1477 tmp_len = EC_POINT_point2oct(a->group, a->pub_key, 1463 tmp_len = EC_POINT_point2oct(a->group, a->pub_key,
@@ -1480,7 +1466,7 @@ i2d_ECPrivateKey(EC_KEY * a, unsigned char **out)
1480 if (tmp_len > buf_len) { 1466 if (tmp_len > buf_len) {
1481 unsigned char *tmp_buffer = realloc(buffer, tmp_len); 1467 unsigned char *tmp_buffer = realloc(buffer, tmp_len);
1482 if (!tmp_buffer) { 1468 if (!tmp_buffer) {
1483 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); 1469 ECerror(ERR_R_MALLOC_FAILURE);
1484 goto err; 1470 goto err;
1485 } 1471 }
1486 buffer = tmp_buffer; 1472 buffer = tmp_buffer;
@@ -1488,19 +1474,19 @@ i2d_ECPrivateKey(EC_KEY * a, unsigned char **out)
1488 } 1474 }
1489 if (!EC_POINT_point2oct(a->group, a->pub_key, 1475 if (!EC_POINT_point2oct(a->group, a->pub_key,
1490 a->conv_form, buffer, buf_len, NULL)) { 1476 a->conv_form, buffer, buf_len, NULL)) {
1491 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); 1477 ECerror(ERR_R_EC_LIB);
1492 goto err; 1478 goto err;
1493 } 1479 }
1494 priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 1480 priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
1495 priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT; 1481 priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
1496 if (!ASN1_STRING_set(priv_key->publicKey, buffer, 1482 if (!ASN1_STRING_set(priv_key->publicKey, buffer,
1497 buf_len)) { 1483 buf_len)) {
1498 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); 1484 ECerror(ERR_R_ASN1_LIB);
1499 goto err; 1485 goto err;
1500 } 1486 }
1501 } 1487 }
1502 if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) { 1488 if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) {
1503 ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); 1489 ECerror(ERR_R_EC_LIB);
1504 goto err; 1490 goto err;
1505 } 1491 }
1506 ok = 1; 1492 ok = 1;
@@ -1515,7 +1501,7 @@ int
1515i2d_ECParameters(EC_KEY * a, unsigned char **out) 1501i2d_ECParameters(EC_KEY * a, unsigned char **out)
1516{ 1502{
1517 if (a == NULL) { 1503 if (a == NULL) {
1518 ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); 1504 ECerror(ERR_R_PASSED_NULL_PARAMETER);
1519 return 0; 1505 return 0;
1520 } 1506 }
1521 return i2d_ECPKParameters(a->group, out); 1507 return i2d_ECPKParameters(a->group, out);
@@ -1527,19 +1513,19 @@ d2i_ECParameters(EC_KEY ** a, const unsigned char **in, long len)
1527 EC_KEY *ret; 1513 EC_KEY *ret;
1528 1514
1529 if (in == NULL || *in == NULL) { 1515 if (in == NULL || *in == NULL) {
1530 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); 1516 ECerror(ERR_R_PASSED_NULL_PARAMETER);
1531 return NULL; 1517 return NULL;
1532 } 1518 }
1533 if (a == NULL || *a == NULL) { 1519 if (a == NULL || *a == NULL) {
1534 if ((ret = EC_KEY_new()) == NULL) { 1520 if ((ret = EC_KEY_new()) == NULL) {
1535 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); 1521 ECerror(ERR_R_MALLOC_FAILURE);
1536 return NULL; 1522 return NULL;
1537 } 1523 }
1538 } else 1524 } else
1539 ret = *a; 1525 ret = *a;
1540 1526
1541 if (!d2i_ECPKParameters(&ret->group, in, len)) { 1527 if (!d2i_ECPKParameters(&ret->group, in, len)) {
1542 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); 1528 ECerror(ERR_R_EC_LIB);
1543 if (a == NULL || *a != ret) 1529 if (a == NULL || *a != ret)
1544 EC_KEY_free(ret); 1530 EC_KEY_free(ret);
1545 return NULL; 1531 return NULL;
@@ -1560,17 +1546,17 @@ o2i_ECPublicKey(EC_KEY ** a, const unsigned char **in, long len)
1560 * sorry, but a EC_GROUP-structur is necessary to set the 1546 * sorry, but a EC_GROUP-structur is necessary to set the
1561 * public key 1547 * public key
1562 */ 1548 */
1563 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); 1549 ECerror(ERR_R_PASSED_NULL_PARAMETER);
1564 return 0; 1550 return 0;
1565 } 1551 }
1566 ret = *a; 1552 ret = *a;
1567 if (ret->pub_key == NULL && 1553 if (ret->pub_key == NULL &&
1568 (ret->pub_key = EC_POINT_new(ret->group)) == NULL) { 1554 (ret->pub_key = EC_POINT_new(ret->group)) == NULL) {
1569 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); 1555 ECerror(ERR_R_MALLOC_FAILURE);
1570 return 0; 1556 return 0;
1571 } 1557 }
1572 if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) { 1558 if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) {
1573 ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB); 1559 ECerror(ERR_R_EC_LIB);
1574 return 0; 1560 return 0;
1575 } 1561 }
1576 /* save the point conversion form */ 1562 /* save the point conversion form */
@@ -1586,7 +1572,7 @@ i2o_ECPublicKey(EC_KEY * a, unsigned char **out)
1586 int new_buffer = 0; 1572 int new_buffer = 0;
1587 1573
1588 if (a == NULL) { 1574 if (a == NULL) {
1589 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); 1575 ECerror(ERR_R_PASSED_NULL_PARAMETER);
1590 return 0; 1576 return 0;
1591 } 1577 }
1592 buf_len = EC_POINT_point2oct(a->group, a->pub_key, 1578 buf_len = EC_POINT_point2oct(a->group, a->pub_key,
@@ -1598,14 +1584,14 @@ i2o_ECPublicKey(EC_KEY * a, unsigned char **out)
1598 1584
1599 if (*out == NULL) { 1585 if (*out == NULL) {
1600 if ((*out = malloc(buf_len)) == NULL) { 1586 if ((*out = malloc(buf_len)) == NULL) {
1601 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); 1587 ECerror(ERR_R_MALLOC_FAILURE);
1602 return 0; 1588 return 0;
1603 } 1589 }
1604 new_buffer = 1; 1590 new_buffer = 1;
1605 } 1591 }
1606 if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, 1592 if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
1607 *out, buf_len, NULL)) { 1593 *out, buf_len, NULL)) {
1608 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB); 1594 ECerror(ERR_R_EC_LIB);
1609 if (new_buffer) { 1595 if (new_buffer) {
1610 free(*out); 1596 free(*out);
1611 *out = NULL; 1597 *out = NULL;
diff --git a/src/lib/libcrypto/ec/ec_check.c b/src/lib/libcrypto/ec/ec_check.c
index 21072305d5..bbb03498ac 100644
--- a/src/lib/libcrypto/ec/ec_check.c
+++ b/src/lib/libcrypto/ec/ec_check.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec_check.c,v 1.5 2015/02/08 22:25:03 miod Exp $ */ 1/* $OpenBSD: ec_check.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -67,7 +67,7 @@ EC_GROUP_check(const EC_GROUP * group, BN_CTX * ctx)
67 if (ctx == NULL) { 67 if (ctx == NULL) {
68 ctx = new_ctx = BN_CTX_new(); 68 ctx = new_ctx = BN_CTX_new();
69 if (ctx == NULL) { 69 if (ctx == NULL) {
70 ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE); 70 ECerror(ERR_R_MALLOC_FAILURE);
71 goto err; 71 goto err;
72 } 72 }
73 } 73 }
@@ -77,16 +77,16 @@ EC_GROUP_check(const EC_GROUP * group, BN_CTX * ctx)
77 77
78 /* check the discriminant */ 78 /* check the discriminant */
79 if (!EC_GROUP_check_discriminant(group, ctx)) { 79 if (!EC_GROUP_check_discriminant(group, ctx)) {
80 ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO); 80 ECerror(EC_R_DISCRIMINANT_IS_ZERO);
81 goto err; 81 goto err;
82 } 82 }
83 /* check the generator */ 83 /* check the generator */
84 if (group->generator == NULL) { 84 if (group->generator == NULL) {
85 ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); 85 ECerror(EC_R_UNDEFINED_GENERATOR);
86 goto err; 86 goto err;
87 } 87 }
88 if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) { 88 if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
89 ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); 89 ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
90 goto err; 90 goto err;
91 } 91 }
92 /* check the order of the generator */ 92 /* check the order of the generator */
@@ -95,13 +95,13 @@ EC_GROUP_check(const EC_GROUP * group, BN_CTX * ctx)
95 if (!EC_GROUP_get_order(group, order, ctx)) 95 if (!EC_GROUP_get_order(group, order, ctx))
96 goto err; 96 goto err;
97 if (BN_is_zero(order)) { 97 if (BN_is_zero(order)) {
98 ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER); 98 ECerror(EC_R_UNDEFINED_ORDER);
99 goto err; 99 goto err;
100 } 100 }
101 if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) 101 if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx))
102 goto err; 102 goto err;
103 if (EC_POINT_is_at_infinity(group, point) <= 0) { 103 if (EC_POINT_is_at_infinity(group, point) <= 0) {
104 ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER); 104 ECerror(EC_R_INVALID_GROUP_ORDER);
105 goto err; 105 goto err;
106 } 106 }
107 ret = 1; 107 ret = 1;
diff --git a/src/lib/libcrypto/ec/ec_curve.c b/src/lib/libcrypto/ec/ec_curve.c
index c8eee285b6..1ee2a7c8e8 100644
--- a/src/lib/libcrypto/ec/ec_curve.c
+++ b/src/lib/libcrypto/ec/ec_curve.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec_curve.c,v 1.14 2016/11/04 17:33:19 miod Exp $ */ 1/* $OpenBSD: ec_curve.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -3168,7 +3168,7 @@ ec_group_new_from_data(const ec_list_element curve)
3168 const unsigned char *params; 3168 const unsigned char *params;
3169 3169
3170 if ((ctx = BN_CTX_new()) == NULL) { 3170 if ((ctx = BN_CTX_new()) == NULL) {
3171 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); 3171 ECerror(ERR_R_MALLOC_FAILURE);
3172 goto err; 3172 goto err;
3173 } 3173 }
3174 data = curve.data; 3174 data = curve.data;
@@ -3180,19 +3180,19 @@ ec_group_new_from_data(const ec_list_element curve)
3180 if (!(p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) || 3180 if (!(p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) ||
3181 !(a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) || 3181 !(a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) ||
3182 !(b = BN_bin2bn(params + 2 * param_len, param_len, NULL))) { 3182 !(b = BN_bin2bn(params + 2 * param_len, param_len, NULL))) {
3183 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); 3183 ECerror(ERR_R_BN_LIB);
3184 goto err; 3184 goto err;
3185 } 3185 }
3186 if (curve.meth != 0) { 3186 if (curve.meth != 0) {
3187 meth = curve.meth(); 3187 meth = curve.meth();
3188 if (((group = EC_GROUP_new(meth)) == NULL) || 3188 if (((group = EC_GROUP_new(meth)) == NULL) ||
3189 (!(group->meth->group_set_curve(group, p, a, b, ctx)))) { 3189 (!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
3190 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); 3190 ECerror(ERR_R_EC_LIB);
3191 goto err; 3191 goto err;
3192 } 3192 }
3193 } else if (data->field_type == NID_X9_62_prime_field) { 3193 } else if (data->field_type == NID_X9_62_prime_field) {
3194 if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { 3194 if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
3195 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); 3195 ECerror(ERR_R_EC_LIB);
3196 goto err; 3196 goto err;
3197 } 3197 }
3198 } 3198 }
@@ -3200,37 +3200,37 @@ ec_group_new_from_data(const ec_list_element curve)
3200 else { /* field_type == 3200 else { /* field_type ==
3201 * NID_X9_62_characteristic_two_field */ 3201 * NID_X9_62_characteristic_two_field */
3202 if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { 3202 if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
3203 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); 3203 ECerror(ERR_R_EC_LIB);
3204 goto err; 3204 goto err;
3205 } 3205 }
3206 } 3206 }
3207#endif 3207#endif
3208 3208
3209 if ((P = EC_POINT_new(group)) == NULL) { 3209 if ((P = EC_POINT_new(group)) == NULL) {
3210 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); 3210 ECerror(ERR_R_EC_LIB);
3211 goto err; 3211 goto err;
3212 } 3212 }
3213 if (!(x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) 3213 if (!(x = BN_bin2bn(params + 3 * param_len, param_len, NULL))
3214 || !(y = BN_bin2bn(params + 4 * param_len, param_len, NULL))) { 3214 || !(y = BN_bin2bn(params + 4 * param_len, param_len, NULL))) {
3215 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); 3215 ECerror(ERR_R_BN_LIB);
3216 goto err; 3216 goto err;
3217 } 3217 }
3218 if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) { 3218 if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) {
3219 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); 3219 ECerror(ERR_R_EC_LIB);
3220 goto err; 3220 goto err;
3221 } 3221 }
3222 if (!(order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) 3222 if (!(order = BN_bin2bn(params + 5 * param_len, param_len, NULL))
3223 || !BN_set_word(x, (BN_ULONG) data->cofactor)) { 3223 || !BN_set_word(x, (BN_ULONG) data->cofactor)) {
3224 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); 3224 ECerror(ERR_R_BN_LIB);
3225 goto err; 3225 goto err;
3226 } 3226 }
3227 if (!EC_GROUP_set_generator(group, P, order, x)) { 3227 if (!EC_GROUP_set_generator(group, P, order, x)) {
3228 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); 3228 ECerror(ERR_R_EC_LIB);
3229 goto err; 3229 goto err;
3230 } 3230 }
3231 if (seed_len) { 3231 if (seed_len) {
3232 if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) { 3232 if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
3233 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); 3233 ECerror(ERR_R_EC_LIB);
3234 goto err; 3234 goto err;
3235 } 3235 }
3236 } 3236 }
@@ -3266,7 +3266,7 @@ EC_GROUP_new_by_curve_name(int nid)
3266 break; 3266 break;
3267 } 3267 }
3268 if (ret == NULL) { 3268 if (ret == NULL) {
3269 ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP); 3269 ECerror(EC_R_UNKNOWN_GROUP);
3270 return NULL; 3270 return NULL;
3271 } 3271 }
3272 EC_GROUP_set_curve_name(ret, nid); 3272 EC_GROUP_set_curve_name(ret, nid);
diff --git a/src/lib/libcrypto/ec/ec_err.c b/src/lib/libcrypto/ec/ec_err.c
index 0ba510adae..fa5deceda5 100644
--- a/src/lib/libcrypto/ec/ec_err.c
+++ b/src/lib/libcrypto/ec/ec_err.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec_err.c,v 1.9 2014/07/10 22:45:57 jsing Exp $ */ 1/* $OpenBSD: ec_err.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -71,144 +71,8 @@
71#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0) 71#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
72#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason) 72#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)
73 73
74static ERR_STRING_DATA EC_str_functs[] = 74static ERR_STRING_DATA EC_str_functs[] = {
75{ 75 {ERR_FUNC(0xfff), "CRYPTO_internal"},
76 {ERR_FUNC(EC_F_BN_TO_FELEM), "BN_TO_FELEM"},
77 {ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"},
78 {ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"},
79 {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"},
80 {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"},
81 {ERR_FUNC(EC_F_DO_EC_KEY_PRINT), "DO_EC_KEY_PRINT"},
82 {ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "ECKEY_PARAM2TYPE"},
83 {ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "ECKEY_PARAM_DECODE"},
84 {ERR_FUNC(EC_F_ECKEY_PRIV_DECODE), "ECKEY_PRIV_DECODE"},
85 {ERR_FUNC(EC_F_ECKEY_PRIV_ENCODE), "ECKEY_PRIV_ENCODE"},
86 {ERR_FUNC(EC_F_ECKEY_PUB_DECODE), "ECKEY_PUB_DECODE"},
87 {ERR_FUNC(EC_F_ECKEY_PUB_ENCODE), "ECKEY_PUB_ENCODE"},
88 {ERR_FUNC(EC_F_ECKEY_TYPE2PARAM), "ECKEY_TYPE2PARAM"},
89 {ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"},
90 {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"},
91 {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"},
92 {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"},
93 {ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"},
94 {ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"},
95 {ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"},
96 {ERR_FUNC(EC_F_ECP_NIST_MOD_521), "ECP_NIST_MOD_521"},
97 {ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "EC_ASN1_GROUP2CURVE"},
98 {ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "EC_ASN1_GROUP2FIELDID"},
99 {ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS), "EC_ASN1_GROUP2PARAMETERS"},
100 {ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "EC_ASN1_GROUP2PKPARAMETERS"},
101 {ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "EC_ASN1_PARAMETERS2GROUP"},
102 {ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "EC_ASN1_PKPARAMETERS2GROUP"},
103 {ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"},
104 {ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY), "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"},
105 {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GF2m_simple_group_check_discriminant"},
106 {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE), "ec_GF2m_simple_group_set_curve"},
107 {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"},
108 {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"},
109 {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES), "ec_GF2m_simple_point_get_affine_coordinates"},
110 {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES), "ec_GF2m_simple_point_set_affine_coordinates"},
111 {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES), "ec_GF2m_simple_set_compressed_coordinates"},
112 {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"},
113 {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"},
114 {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"},
115 {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE), "ec_GFp_mont_field_set_to_one"},
116 {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
117 {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE), "ec_GFp_mont_group_set_curve"},
118 {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP), "EC_GFP_MONT_GROUP_SET_CURVE_GFP"},
119 {ERR_FUNC(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE), "ec_GFp_nistp224_group_set_curve"},
120 {ERR_FUNC(EC_F_EC_GFP_NISTP224_POINTS_MUL), "ec_GFp_nistp224_points_mul"},
121 {ERR_FUNC(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES), "ec_GFp_nistp224_point_get_affine_coordinates"},
122 {ERR_FUNC(EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE), "ec_GFp_nistp256_group_set_curve"},
123 {ERR_FUNC(EC_F_EC_GFP_NISTP256_POINTS_MUL), "ec_GFp_nistp256_points_mul"},
124 {ERR_FUNC(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES), "ec_GFp_nistp256_point_get_affine_coordinates"},
125 {ERR_FUNC(EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE), "ec_GFp_nistp521_group_set_curve"},
126 {ERR_FUNC(EC_F_EC_GFP_NISTP521_POINTS_MUL), "ec_GFp_nistp521_points_mul"},
127 {ERR_FUNC(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES), "ec_GFp_nistp521_point_get_affine_coordinates"},
128 {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"},
129 {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"},
130 {ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE), "ec_GFp_nist_group_set_curve"},
131 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GFp_simple_group_check_discriminant"},
132 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE), "ec_GFp_simple_group_set_curve"},
133 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"},
134 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), "EC_GFP_SIMPLE_GROUP_SET_GENERATOR"},
135 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"},
136 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"},
137 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"},
138 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), "ec_GFp_simple_points_make_affine"},
139 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES), "ec_GFp_simple_point_get_affine_coordinates"},
140 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"},
141 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES), "ec_GFp_simple_point_set_affine_coordinates"},
142 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"},
143 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES), "ec_GFp_simple_set_compressed_coordinates"},
144 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), "EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"},
145 {ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"},
146 {ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT), "EC_GROUP_check_discriminant"},
147 {ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"},
148 {ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"},
149 {ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"},
150 {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"},
151 {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
152 {ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"},
153 {ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"},
154 {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS), "EC_GROUP_get_pentanomial_basis"},
155 {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS), "EC_GROUP_get_trinomial_basis"},
156 {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"},
157 {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"},
158 {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"},
159 {ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"},
160 {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"},
161 {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
162 {ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_SET_EXTRA_DATA"},
163 {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
164 {ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"},
165 {ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"},
166 {ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"},
167 {ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"},
168 {ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"},
169 {ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"},
170 {ERR_FUNC(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES), "EC_KEY_set_public_key_affine_coordinates"},
171 {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"},
172 {ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"},
173 {ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"},
174 {ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"},
175 {ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"},
176 {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M), "EC_POINT_get_affine_coordinates_GF2m"},
177 {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), "EC_POINT_get_affine_coordinates_GFp"},
178 {ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_get_Jprojective_coordinates_GFp"},
179 {ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"},
180 {ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"},
181 {ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"},
182 {ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"},
183 {ERR_FUNC(EC_F_EC_POINT_MUL), "EC_POINT_mul"},
184 {ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"},
185 {ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"},
186 {ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"},
187 {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M), "EC_POINT_set_affine_coordinates_GF2m"},
188 {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), "EC_POINT_set_affine_coordinates_GFp"},
189 {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M), "EC_POINT_set_compressed_coordinates_GF2m"},
190 {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), "EC_POINT_set_compressed_coordinates_GFp"},
191 {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"},
192 {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
193 {ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"},
194 {ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"},
195 {ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"},
196 {ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"},
197 {ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"},
198 {ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"},
199 {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"},
200 {ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"},
201 {ERR_FUNC(EC_F_NISTP224_PRE_COMP_NEW), "NISTP224_PRE_COMP_NEW"},
202 {ERR_FUNC(EC_F_NISTP256_PRE_COMP_NEW), "NISTP256_PRE_COMP_NEW"},
203 {ERR_FUNC(EC_F_NISTP521_PRE_COMP_NEW), "NISTP521_PRE_COMP_NEW"},
204 {ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"},
205 {ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE), "OLD_EC_PRIV_DECODE"},
206 {ERR_FUNC(EC_F_PKEY_EC_CTRL), "PKEY_EC_CTRL"},
207 {ERR_FUNC(EC_F_PKEY_EC_CTRL_STR), "PKEY_EC_CTRL_STR"},
208 {ERR_FUNC(EC_F_PKEY_EC_DERIVE), "PKEY_EC_DERIVE"},
209 {ERR_FUNC(EC_F_PKEY_EC_KEYGEN), "PKEY_EC_KEYGEN"},
210 {ERR_FUNC(EC_F_PKEY_EC_PARAMGEN), "PKEY_EC_PARAMGEN"},
211 {ERR_FUNC(EC_F_PKEY_EC_SIGN), "PKEY_EC_SIGN"},
212 {0, NULL} 76 {0, NULL}
213}; 77};
214 78
diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c
index fa962e4d0f..5a23a9823d 100644
--- a/src/lib/libcrypto/ec/ec_key.c
+++ b/src/lib/libcrypto/ec/ec_key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec_key.c,v 1.12 2015/09/10 15:56:25 jsing Exp $ */ 1/* $OpenBSD: ec_key.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -75,7 +75,7 @@ EC_KEY_new(void)
75 75
76 ret = malloc(sizeof(EC_KEY)); 76 ret = malloc(sizeof(EC_KEY));
77 if (ret == NULL) { 77 if (ret == NULL) {
78 ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE); 78 ECerror(ERR_R_MALLOC_FAILURE);
79 return (NULL); 79 return (NULL);
80 } 80 }
81 ret->version = 1; 81 ret->version = 1;
@@ -133,7 +133,7 @@ EC_KEY_copy(EC_KEY * dest, const EC_KEY * src)
133 EC_EXTRA_DATA *d; 133 EC_EXTRA_DATA *d;
134 134
135 if (dest == NULL || src == NULL) { 135 if (dest == NULL || src == NULL) {
136 ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER); 136 ECerror(ERR_R_PASSED_NULL_PARAMETER);
137 return NULL; 137 return NULL;
138 } 138 }
139 /* copy the parameters */ 139 /* copy the parameters */
@@ -217,7 +217,7 @@ EC_KEY_generate_key(EC_KEY * eckey)
217 EC_POINT *pub_key = NULL; 217 EC_POINT *pub_key = NULL;
218 218
219 if (!eckey || !eckey->group) { 219 if (!eckey || !eckey->group) {
220 ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); 220 ECerror(ERR_R_PASSED_NULL_PARAMETER);
221 return 0; 221 return 0;
222 } 222 }
223 if ((order = BN_new()) == NULL) 223 if ((order = BN_new()) == NULL)
@@ -274,11 +274,11 @@ EC_KEY_check_key(const EC_KEY * eckey)
274 EC_POINT *point = NULL; 274 EC_POINT *point = NULL;
275 275
276 if (!eckey || !eckey->group || !eckey->pub_key) { 276 if (!eckey || !eckey->group || !eckey->pub_key) {
277 ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); 277 ECerror(ERR_R_PASSED_NULL_PARAMETER);
278 return 0; 278 return 0;
279 } 279 }
280 if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key) > 0) { 280 if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key) > 0) {
281 ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY); 281 ECerror(EC_R_POINT_AT_INFINITY);
282 goto err; 282 goto err;
283 } 283 }
284 if ((ctx = BN_CTX_new()) == NULL) 284 if ((ctx = BN_CTX_new()) == NULL)
@@ -288,21 +288,21 @@ EC_KEY_check_key(const EC_KEY * eckey)
288 288
289 /* testing whether the pub_key is on the elliptic curve */ 289 /* testing whether the pub_key is on the elliptic curve */
290 if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { 290 if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
291 ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); 291 ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
292 goto err; 292 goto err;
293 } 293 }
294 /* testing whether pub_key * order is the point at infinity */ 294 /* testing whether pub_key * order is the point at infinity */
295 order = &eckey->group->order; 295 order = &eckey->group->order;
296 if (BN_is_zero(order)) { 296 if (BN_is_zero(order)) {
297 ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER); 297 ECerror(EC_R_INVALID_GROUP_ORDER);
298 goto err; 298 goto err;
299 } 299 }
300 if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) { 300 if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {
301 ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); 301 ECerror(ERR_R_EC_LIB);
302 goto err; 302 goto err;
303 } 303 }
304 if (EC_POINT_is_at_infinity(eckey->group, point) <= 0) { 304 if (EC_POINT_is_at_infinity(eckey->group, point) <= 0) {
305 ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); 305 ECerror(EC_R_WRONG_ORDER);
306 goto err; 306 goto err;
307 } 307 }
308 /* 308 /*
@@ -311,17 +311,17 @@ EC_KEY_check_key(const EC_KEY * eckey)
311 */ 311 */
312 if (eckey->priv_key) { 312 if (eckey->priv_key) {
313 if (BN_cmp(eckey->priv_key, order) >= 0) { 313 if (BN_cmp(eckey->priv_key, order) >= 0) {
314 ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); 314 ECerror(EC_R_WRONG_ORDER);
315 goto err; 315 goto err;
316 } 316 }
317 if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, 317 if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
318 NULL, NULL, ctx)) { 318 NULL, NULL, ctx)) {
319 ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); 319 ECerror(ERR_R_EC_LIB);
320 goto err; 320 goto err;
321 } 321 }
322 if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, 322 if (EC_POINT_cmp(eckey->group, point, eckey->pub_key,
323 ctx) != 0) { 323 ctx) != 0) {
324 ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY); 324 ECerror(EC_R_INVALID_PRIVATE_KEY);
325 goto err; 325 goto err;
326 } 326 }
327 } 327 }
@@ -341,8 +341,7 @@ EC_KEY_set_public_key_affine_coordinates(EC_KEY * key, BIGNUM * x, BIGNUM * y)
341 int ok = 0, tmp_nid, is_char_two = 0; 341 int ok = 0, tmp_nid, is_char_two = 0;
342 342
343 if (!key || !key->group || !x || !y) { 343 if (!key || !key->group || !x || !y) {
344 ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, 344 ECerror(ERR_R_PASSED_NULL_PARAMETER);
345 ERR_R_PASSED_NULL_PARAMETER);
346 return 0; 345 return 0;
347 } 346 }
348 ctx = BN_CTX_new(); 347 ctx = BN_CTX_new();
@@ -387,8 +386,7 @@ EC_KEY_set_public_key_affine_coordinates(EC_KEY * key, BIGNUM * x, BIGNUM * y)
387 * out of range. 386 * out of range.
388 */ 387 */
389 if (BN_cmp(x, tx) || BN_cmp(y, ty)) { 388 if (BN_cmp(x, tx) || BN_cmp(y, ty)) {
390 ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, 389 ECerror(EC_R_COORDINATES_OUT_OF_RANGE);
391 EC_R_COORDINATES_OUT_OF_RANGE);
392 goto err; 390 goto err;
393 } 391 }
394 if (!EC_KEY_set_public_key(key, point)) 392 if (!EC_KEY_set_public_key(key, point))
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index 976091f4c9..baddbf6dc8 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec_lib.c,v 1.22 2016/09/03 12:10:40 beck Exp $ */ 1/* $OpenBSD: ec_lib.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
2/* 2/*
3 * Originally written by Bodo Moeller for the OpenSSL project. 3 * Originally written by Bodo Moeller for the OpenSSL project.
4 */ 4 */
@@ -78,16 +78,16 @@ EC_GROUP_new(const EC_METHOD * meth)
78 EC_GROUP *ret; 78 EC_GROUP *ret;
79 79
80 if (meth == NULL) { 80 if (meth == NULL) {
81 ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL); 81 ECerror(EC_R_SLOT_FULL);
82 return NULL; 82 return NULL;
83 } 83 }
84 if (meth->group_init == 0) { 84 if (meth->group_init == 0) {
85 ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 85 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
86 return NULL; 86 return NULL;
87 } 87 }
88 ret = malloc(sizeof *ret); 88 ret = malloc(sizeof *ret);
89 if (ret == NULL) { 89 if (ret == NULL) {
90 ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); 90 ECerror(ERR_R_MALLOC_FAILURE);
91 return NULL; 91 return NULL;
92 } 92 }
93 ret->meth = meth; 93 ret->meth = meth;
@@ -166,11 +166,11 @@ EC_GROUP_copy(EC_GROUP * dest, const EC_GROUP * src)
166 EC_EXTRA_DATA *d; 166 EC_EXTRA_DATA *d;
167 167
168 if (dest->meth->group_copy == 0) { 168 if (dest->meth->group_copy == 0) {
169 ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 169 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
170 return 0; 170 return 0;
171 } 171 }
172 if (dest->meth != src->meth) { 172 if (dest->meth != src->meth) {
173 ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS); 173 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
174 return 0; 174 return 0;
175 } 175 }
176 if (dest == src) 176 if (dest == src)
@@ -262,7 +262,7 @@ EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
262 const BIGNUM *order, const BIGNUM *cofactor) 262 const BIGNUM *order, const BIGNUM *cofactor)
263{ 263{
264 if (generator == NULL) { 264 if (generator == NULL) {
265 ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER); 265 ECerror(ERR_R_PASSED_NULL_PARAMETER);
266 return 0; 266 return 0;
267 } 267 }
268 if (group->generator == NULL) { 268 if (group->generator == NULL) {
@@ -398,7 +398,7 @@ EC_GROUP_set_curve_GFp(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a,
398 const BIGNUM * b, BN_CTX * ctx) 398 const BIGNUM * b, BN_CTX * ctx)
399{ 399{
400 if (group->meth->group_set_curve == 0) { 400 if (group->meth->group_set_curve == 0) {
401 ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 401 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
402 return 0; 402 return 0;
403 } 403 }
404 return group->meth->group_set_curve(group, p, a, b, ctx); 404 return group->meth->group_set_curve(group, p, a, b, ctx);
@@ -410,7 +410,7 @@ EC_GROUP_get_curve_GFp(const EC_GROUP * group, BIGNUM * p, BIGNUM * a,
410 BIGNUM * b, BN_CTX * ctx) 410 BIGNUM * b, BN_CTX * ctx)
411{ 411{
412 if (group->meth->group_get_curve == 0) { 412 if (group->meth->group_get_curve == 0) {
413 ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 413 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
414 return 0; 414 return 0;
415 } 415 }
416 return group->meth->group_get_curve(group, p, a, b, ctx); 416 return group->meth->group_get_curve(group, p, a, b, ctx);
@@ -422,7 +422,7 @@ EC_GROUP_set_curve_GF2m(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a,
422 const BIGNUM * b, BN_CTX * ctx) 422 const BIGNUM * b, BN_CTX * ctx)
423{ 423{
424 if (group->meth->group_set_curve == 0) { 424 if (group->meth->group_set_curve == 0) {
425 ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 425 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
426 return 0; 426 return 0;
427 } 427 }
428 return group->meth->group_set_curve(group, p, a, b, ctx); 428 return group->meth->group_set_curve(group, p, a, b, ctx);
@@ -434,7 +434,7 @@ EC_GROUP_get_curve_GF2m(const EC_GROUP * group, BIGNUM * p, BIGNUM * a,
434 BIGNUM * b, BN_CTX * ctx) 434 BIGNUM * b, BN_CTX * ctx)
435{ 435{
436 if (group->meth->group_get_curve == 0) { 436 if (group->meth->group_get_curve == 0) {
437 ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 437 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
438 return 0; 438 return 0;
439 } 439 }
440 return group->meth->group_get_curve(group, p, a, b, ctx); 440 return group->meth->group_get_curve(group, p, a, b, ctx);
@@ -445,7 +445,7 @@ int
445EC_GROUP_get_degree(const EC_GROUP * group) 445EC_GROUP_get_degree(const EC_GROUP * group)
446{ 446{
447 if (group->meth->group_get_degree == 0) { 447 if (group->meth->group_get_degree == 0) {
448 ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 448 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
449 return 0; 449 return 0;
450 } 450 }
451 return group->meth->group_get_degree(group); 451 return group->meth->group_get_degree(group);
@@ -456,7 +456,7 @@ int
456EC_GROUP_check_discriminant(const EC_GROUP * group, BN_CTX * ctx) 456EC_GROUP_check_discriminant(const EC_GROUP * group, BN_CTX * ctx)
457{ 457{
458 if (group->meth->group_check_discriminant == 0) { 458 if (group->meth->group_check_discriminant == 0) {
459 ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 459 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
460 return 0; 460 return 0;
461 } 461 }
462 return group->meth->group_check_discriminant(group, ctx); 462 return group->meth->group_check_discriminant(group, ctx);
@@ -553,7 +553,7 @@ EC_EX_DATA_set_data(EC_EXTRA_DATA ** ex_data, void *data,
553 for (d = *ex_data; d != NULL; d = d->next) { 553 for (d = *ex_data; d != NULL; d = d->next) {
554 if (d->dup_func == dup_func && d->free_func == free_func && 554 if (d->dup_func == dup_func && d->free_func == free_func &&
555 d->clear_free_func == clear_free_func) { 555 d->clear_free_func == clear_free_func) {
556 ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL); 556 ECerror(EC_R_SLOT_FULL);
557 return 0; 557 return 0;
558 } 558 }
559 } 559 }
@@ -699,16 +699,16 @@ EC_POINT_new(const EC_GROUP * group)
699 EC_POINT *ret; 699 EC_POINT *ret;
700 700
701 if (group == NULL) { 701 if (group == NULL) {
702 ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER); 702 ECerror(ERR_R_PASSED_NULL_PARAMETER);
703 return NULL; 703 return NULL;
704 } 704 }
705 if (group->meth->point_init == 0) { 705 if (group->meth->point_init == 0) {
706 ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 706 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
707 return NULL; 707 return NULL;
708 } 708 }
709 ret = malloc(sizeof *ret); 709 ret = malloc(sizeof *ret);
710 if (ret == NULL) { 710 if (ret == NULL) {
711 ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE); 711 ECerror(ERR_R_MALLOC_FAILURE);
712 return NULL; 712 return NULL;
713 } 713 }
714 ret->meth = group->meth; 714 ret->meth = group->meth;
@@ -752,11 +752,11 @@ int
752EC_POINT_copy(EC_POINT * dest, const EC_POINT * src) 752EC_POINT_copy(EC_POINT * dest, const EC_POINT * src)
753{ 753{
754 if (dest->meth->point_copy == 0) { 754 if (dest->meth->point_copy == 0) {
755 ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 755 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
756 return 0; 756 return 0;
757 } 757 }
758 if (dest->meth != src->meth) { 758 if (dest->meth != src->meth) {
759 ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS); 759 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
760 return 0; 760 return 0;
761 } 761 }
762 if (dest == src) 762 if (dest == src)
@@ -797,11 +797,11 @@ int
797EC_POINT_set_to_infinity(const EC_GROUP * group, EC_POINT * point) 797EC_POINT_set_to_infinity(const EC_GROUP * group, EC_POINT * point)
798{ 798{
799 if (group->meth->point_set_to_infinity == 0) { 799 if (group->meth->point_set_to_infinity == 0) {
800 ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 800 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
801 return 0; 801 return 0;
802 } 802 }
803 if (group->meth != point->meth) { 803 if (group->meth != point->meth) {
804 ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); 804 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
805 return 0; 805 return 0;
806 } 806 }
807 return group->meth->point_set_to_infinity(group, point); 807 return group->meth->point_set_to_infinity(group, point);
@@ -813,11 +813,11 @@ EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
813 const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx) 813 const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
814{ 814{
815 if (group->meth->point_set_Jprojective_coordinates_GFp == 0) { 815 if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
816 ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 816 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
817 return 0; 817 return 0;
818 } 818 }
819 if (group->meth != point->meth) { 819 if (group->meth != point->meth) {
820 ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); 820 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
821 return 0; 821 return 0;
822 } 822 }
823 return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); 823 return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
@@ -829,11 +829,11 @@ EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
829 const EC_POINT *point, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx) 829 const EC_POINT *point, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
830{ 830{
831 if (group->meth->point_get_Jprojective_coordinates_GFp == 0) { 831 if (group->meth->point_get_Jprojective_coordinates_GFp == 0) {
832 ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 832 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
833 return 0; 833 return 0;
834 } 834 }
835 if (group->meth != point->meth) { 835 if (group->meth != point->meth) {
836 ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); 836 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
837 return 0; 837 return 0;
838 } 838 }
839 return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); 839 return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
@@ -845,11 +845,11 @@ EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
845 const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) 845 const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
846{ 846{
847 if (group->meth->point_set_affine_coordinates == 0) { 847 if (group->meth->point_set_affine_coordinates == 0) {
848 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 848 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
849 return 0; 849 return 0;
850 } 850 }
851 if (group->meth != point->meth) { 851 if (group->meth != point->meth) {
852 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); 852 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
853 return 0; 853 return 0;
854 } 854 }
855 return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); 855 return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
@@ -861,11 +861,11 @@ EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
861 const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) 861 const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
862{ 862{
863 if (group->meth->point_set_affine_coordinates == 0) { 863 if (group->meth->point_set_affine_coordinates == 0) {
864 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 864 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
865 return 0; 865 return 0;
866 } 866 }
867 if (group->meth != point->meth) { 867 if (group->meth != point->meth) {
868 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); 868 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
869 return 0; 869 return 0;
870 } 870 }
871 return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); 871 return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
@@ -877,11 +877,11 @@ EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point
877 BIGNUM *x, BIGNUM *y, BN_CTX *ctx) 877 BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
878{ 878{
879 if (group->meth->point_get_affine_coordinates == 0) { 879 if (group->meth->point_get_affine_coordinates == 0) {
880 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 880 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
881 return 0; 881 return 0;
882 } 882 }
883 if (group->meth != point->meth) { 883 if (group->meth != point->meth) {
884 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); 884 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
885 return 0; 885 return 0;
886 } 886 }
887 return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); 887 return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
@@ -893,11 +893,11 @@ EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *poin
893 BIGNUM *x, BIGNUM *y, BN_CTX *ctx) 893 BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
894{ 894{
895 if (group->meth->point_get_affine_coordinates == 0) { 895 if (group->meth->point_get_affine_coordinates == 0) {
896 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 896 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
897 return 0; 897 return 0;
898 } 898 }
899 if (group->meth != point->meth) { 899 if (group->meth != point->meth) {
900 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); 900 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
901 return 0; 901 return 0;
902 } 902 }
903 return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); 903 return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
@@ -909,11 +909,11 @@ EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
909 const EC_POINT *b, BN_CTX *ctx) 909 const EC_POINT *b, BN_CTX *ctx)
910{ 910{
911 if (group->meth->add == 0) { 911 if (group->meth->add == 0) {
912 ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 912 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
913 return 0; 913 return 0;
914 } 914 }
915 if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth)) { 915 if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth)) {
916 ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS); 916 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
917 return 0; 917 return 0;
918 } 918 }
919 return group->meth->add(group, r, a, b, ctx); 919 return group->meth->add(group, r, a, b, ctx);
@@ -924,11 +924,11 @@ int
924EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) 924EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
925{ 925{
926 if (group->meth->dbl == 0) { 926 if (group->meth->dbl == 0) {
927 ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 927 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
928 return 0; 928 return 0;
929 } 929 }
930 if ((group->meth != r->meth) || (r->meth != a->meth)) { 930 if ((group->meth != r->meth) || (r->meth != a->meth)) {
931 ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); 931 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
932 return 0; 932 return 0;
933 } 933 }
934 return group->meth->dbl(group, r, a, ctx); 934 return group->meth->dbl(group, r, a, ctx);
@@ -939,11 +939,11 @@ int
939EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) 939EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
940{ 940{
941 if (group->meth->invert == 0) { 941 if (group->meth->invert == 0) {
942 ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 942 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
943 return 0; 943 return 0;
944 } 944 }
945 if (group->meth != a->meth) { 945 if (group->meth != a->meth) {
946 ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS); 946 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
947 return 0; 947 return 0;
948 } 948 }
949 return group->meth->invert(group, a, ctx); 949 return group->meth->invert(group, a, ctx);
@@ -954,11 +954,11 @@ int
954EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) 954EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
955{ 955{
956 if (group->meth->is_at_infinity == 0) { 956 if (group->meth->is_at_infinity == 0) {
957 ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 957 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
958 return 0; 958 return 0;
959 } 959 }
960 if (group->meth != point->meth) { 960 if (group->meth != point->meth) {
961 ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); 961 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
962 return 0; 962 return 0;
963 } 963 }
964 return group->meth->is_at_infinity(group, point); 964 return group->meth->is_at_infinity(group, point);
@@ -969,11 +969,11 @@ int
969EC_POINT_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX * ctx) 969EC_POINT_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX * ctx)
970{ 970{
971 if (group->meth->is_on_curve == 0) { 971 if (group->meth->is_on_curve == 0) {
972 ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 972 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
973 return 0; 973 return 0;
974 } 974 }
975 if (group->meth != point->meth) { 975 if (group->meth != point->meth) {
976 ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS); 976 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
977 return 0; 977 return 0;
978 } 978 }
979 return group->meth->is_on_curve(group, point, ctx); 979 return group->meth->is_on_curve(group, point, ctx);
@@ -985,11 +985,11 @@ EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
985 BN_CTX * ctx) 985 BN_CTX * ctx)
986{ 986{
987 if (group->meth->point_cmp == 0) { 987 if (group->meth->point_cmp == 0) {
988 ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 988 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
989 return -1; 989 return -1;
990 } 990 }
991 if ((group->meth != a->meth) || (a->meth != b->meth)) { 991 if ((group->meth != a->meth) || (a->meth != b->meth)) {
992 ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); 992 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
993 return -1; 993 return -1;
994 } 994 }
995 return group->meth->point_cmp(group, a, b, ctx); 995 return group->meth->point_cmp(group, a, b, ctx);
@@ -1000,11 +1000,11 @@ int
1000EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) 1000EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
1001{ 1001{
1002 if (group->meth->make_affine == 0) { 1002 if (group->meth->make_affine == 0) {
1003 ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1003 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1004 return 0; 1004 return 0;
1005 } 1005 }
1006 if (group->meth != point->meth) { 1006 if (group->meth != point->meth) {
1007 ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); 1007 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
1008 return 0; 1008 return 0;
1009 } 1009 }
1010 return group->meth->make_affine(group, point, ctx); 1010 return group->meth->make_affine(group, point, ctx);
@@ -1018,12 +1018,12 @@ EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
1018 size_t i; 1018 size_t i;
1019 1019
1020 if (group->meth->points_make_affine == 0) { 1020 if (group->meth->points_make_affine == 0) {
1021 ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1021 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1022 return 0; 1022 return 0;
1023 } 1023 }
1024 for (i = 0; i < num; i++) { 1024 for (i = 0; i < num; i++) {
1025 if (group->meth != points[i]->meth) { 1025 if (group->meth != points[i]->meth) {
1026 ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); 1026 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
1027 return 0; 1027 return 0;
1028 } 1028 }
1029 } 1029 }
diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c
index e428ac586b..e44104d21c 100644
--- a/src/lib/libcrypto/ec/ec_mult.c
+++ b/src/lib/libcrypto/ec/ec_mult.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec_mult.c,v 1.19 2015/09/10 15:56:25 jsing Exp $ */ 1/* $OpenBSD: ec_mult.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */
2/* 2/*
3 * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. 3 * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -107,7 +107,7 @@ ec_pre_comp_new(const EC_GROUP * group)
107 107
108 ret = malloc(sizeof(EC_PRE_COMP)); 108 ret = malloc(sizeof(EC_PRE_COMP));
109 if (!ret) { 109 if (!ret) {
110 ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); 110 ECerror(ERR_R_MALLOC_FAILURE);
111 return ret; 111 return ret;
112 } 112 }
113 ret->group = group; 113 ret->group = group;
@@ -205,7 +205,7 @@ compute_wNAF(const BIGNUM * scalar, int w, size_t * ret_len)
205 if (BN_is_zero(scalar)) { 205 if (BN_is_zero(scalar)) {
206 r = malloc(1); 206 r = malloc(1);
207 if (!r) { 207 if (!r) {
208 ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); 208 ECerror(ERR_R_MALLOC_FAILURE);
209 goto err; 209 goto err;
210 } 210 }
211 r[0] = 0; 211 r[0] = 0;
@@ -215,7 +215,7 @@ compute_wNAF(const BIGNUM * scalar, int w, size_t * ret_len)
215 if (w <= 0 || w > 7) { 215 if (w <= 0 || w > 7) {
216 /* 'signed char' can represent integers with 216 /* 'signed char' can represent integers with
217 * absolute values less than 2^7 */ 217 * absolute values less than 2^7 */
218 ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); 218 ECerror(ERR_R_INTERNAL_ERROR);
219 goto err; 219 goto err;
220 } 220 }
221 bit = 1 << w; /* at most 128 */ 221 bit = 1 << w; /* at most 128 */
@@ -226,7 +226,7 @@ compute_wNAF(const BIGNUM * scalar, int w, size_t * ret_len)
226 sign = -1; 226 sign = -1;
227 } 227 }
228 if (scalar->d == NULL || scalar->top == 0) { 228 if (scalar->d == NULL || scalar->top == 0) {
229 ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); 229 ECerror(ERR_R_INTERNAL_ERROR);
230 goto err; 230 goto err;
231 } 231 }
232 len = BN_num_bits(scalar); 232 len = BN_num_bits(scalar);
@@ -235,7 +235,7 @@ compute_wNAF(const BIGNUM * scalar, int w, size_t * ret_len)
235 * set to the actual length, i.e. at most 235 * set to the actual length, i.e. at most
236 * BN_num_bits(scalar) + 1) */ 236 * BN_num_bits(scalar) + 1) */
237 if (r == NULL) { 237 if (r == NULL) {
238 ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); 238 ECerror(ERR_R_MALLOC_FAILURE);
239 goto err; 239 goto err;
240 } 240 }
241 window_val = scalar->d[0] & mask; 241 window_val = scalar->d[0] & mask;
@@ -269,7 +269,7 @@ compute_wNAF(const BIGNUM * scalar, int w, size_t * ret_len)
269 } 269 }
270 270
271 if (digit <= -bit || digit >= bit || !(digit & 1)) { 271 if (digit <= -bit || digit >= bit || !(digit & 1)) {
272 ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); 272 ECerror(ERR_R_INTERNAL_ERROR);
273 goto err; 273 goto err;
274 } 274 }
275 window_val -= digit; 275 window_val -= digit;
@@ -280,7 +280,7 @@ compute_wNAF(const BIGNUM * scalar, int w, size_t * ret_len)
280 * be 2^w 280 * be 2^w
281 */ 281 */
282 if (window_val != 0 && window_val != next_bit && window_val != bit) { 282 if (window_val != 0 && window_val != next_bit && window_val != bit) {
283 ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); 283 ECerror(ERR_R_INTERNAL_ERROR);
284 goto err; 284 goto err;
285 } 285 }
286 } 286 }
@@ -290,13 +290,13 @@ compute_wNAF(const BIGNUM * scalar, int w, size_t * ret_len)
290 window_val += bit * BN_is_bit_set(scalar, j + w); 290 window_val += bit * BN_is_bit_set(scalar, j + w);
291 291
292 if (window_val > next_bit) { 292 if (window_val > next_bit) {
293 ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); 293 ECerror(ERR_R_INTERNAL_ERROR);
294 goto err; 294 goto err;
295 } 295 }
296 } 296 }
297 297
298 if (j > len + 1) { 298 if (j > len + 1) {
299 ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); 299 ECerror(ERR_R_INTERNAL_ERROR);
300 goto err; 300 goto err;
301 } 301 }
302 len = j; 302 len = j;
@@ -363,7 +363,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
363 int ret = 0; 363 int ret = 0;
364 364
365 if (group->meth != r->meth) { 365 if (group->meth != r->meth) {
366 ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); 366 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
367 return 0; 367 return 0;
368 } 368 }
369 if ((scalar == NULL) && (num == 0)) { 369 if ((scalar == NULL) && (num == 0)) {
@@ -371,7 +371,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
371 } 371 }
372 for (i = 0; i < num; i++) { 372 for (i = 0; i < num; i++) {
373 if (group->meth != points[i]->meth) { 373 if (group->meth != points[i]->meth) {
374 ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); 374 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
375 return 0; 375 return 0;
376 } 376 }
377 } 377 }
@@ -384,7 +384,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
384 if (scalar != NULL) { 384 if (scalar != NULL) {
385 generator = EC_GROUP_get0_generator(group); 385 generator = EC_GROUP_get0_generator(group);
386 if (generator == NULL) { 386 if (generator == NULL) {
387 ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR); 387 ECerror(EC_R_UNDEFINED_GENERATOR);
388 goto err; 388 goto err;
389 } 389 }
390 /* look if we can use precomputed multiples of generator */ 390 /* look if we can use precomputed multiples of generator */
@@ -413,7 +413,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
413 413
414 /* check that pre_comp looks sane */ 414 /* check that pre_comp looks sane */
415 if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) { 415 if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) {
416 ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); 416 ECerror(ERR_R_INTERNAL_ERROR);
417 goto err; 417 goto err;
418 } 418 }
419 } else { 419 } else {
@@ -429,7 +429,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
429 /* includes space for pivot */ 429 /* includes space for pivot */
430 wNAF = reallocarray(NULL, (totalnum + 1), sizeof wNAF[0]); 430 wNAF = reallocarray(NULL, (totalnum + 1), sizeof wNAF[0]);
431 if (wNAF == NULL) { 431 if (wNAF == NULL) {
432 ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); 432 ECerror(ERR_R_MALLOC_FAILURE);
433 goto err; 433 goto err;
434 } 434 }
435 435
@@ -440,7 +440,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
440 val_sub = reallocarray(NULL, totalnum, sizeof val_sub[0]); 440 val_sub = reallocarray(NULL, totalnum, sizeof val_sub[0]);
441 441
442 if (wsize == NULL || wNAF_len == NULL || val_sub == NULL) { 442 if (wsize == NULL || wNAF_len == NULL || val_sub == NULL) {
443 ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); 443 ECerror(ERR_R_MALLOC_FAILURE);
444 goto err; 444 goto err;
445 } 445 }
446 446
@@ -466,7 +466,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
466 466
467 if (pre_comp == NULL) { 467 if (pre_comp == NULL) {
468 if (num_scalar != 1) { 468 if (num_scalar != 1) {
469 ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); 469 ECerror(ERR_R_INTERNAL_ERROR);
470 goto err; 470 goto err;
471 } 471 }
472 /* we have already generated a wNAF for 'scalar' */ 472 /* we have already generated a wNAF for 'scalar' */
@@ -474,7 +474,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
474 size_t tmp_len = 0; 474 size_t tmp_len = 0;
475 475
476 if (num_scalar != 0) { 476 if (num_scalar != 0) {
477 ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); 477 ECerror(ERR_R_INTERNAL_ERROR);
478 goto err; 478 goto err;
479 } 479 }
480 /* 480 /*
@@ -524,7 +524,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
524 */ 524 */
525 numblocks = (tmp_len + blocksize - 1) / blocksize; 525 numblocks = (tmp_len + blocksize - 1) / blocksize;
526 if (numblocks > pre_comp->numblocks) { 526 if (numblocks > pre_comp->numblocks) {
527 ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); 527 ECerror(ERR_R_INTERNAL_ERROR);
528 goto err; 528 goto err;
529 } 529 }
530 totalnum = num + numblocks; 530 totalnum = num + numblocks;
@@ -537,7 +537,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
537 if (i < totalnum - 1) { 537 if (i < totalnum - 1) {
538 wNAF_len[i] = blocksize; 538 wNAF_len[i] = blocksize;
539 if (tmp_len < blocksize) { 539 if (tmp_len < blocksize) {
540 ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); 540 ECerror(ERR_R_INTERNAL_ERROR);
541 goto err; 541 goto err;
542 } 542 }
543 tmp_len -= blocksize; 543 tmp_len -= blocksize;
@@ -553,7 +553,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
553 wNAF[i + 1] = NULL; 553 wNAF[i + 1] = NULL;
554 wNAF[i] = malloc(wNAF_len[i]); 554 wNAF[i] = malloc(wNAF_len[i]);
555 if (wNAF[i] == NULL) { 555 if (wNAF[i] == NULL) {
556 ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); 556 ECerror(ERR_R_MALLOC_FAILURE);
557 goto err; 557 goto err;
558 } 558 }
559 memcpy(wNAF[i], pp, wNAF_len[i]); 559 memcpy(wNAF[i], pp, wNAF_len[i]);
@@ -561,7 +561,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
561 max_len = wNAF_len[i]; 561 max_len = wNAF_len[i];
562 562
563 if (*tmp_points == NULL) { 563 if (*tmp_points == NULL) {
564 ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); 564 ECerror(ERR_R_INTERNAL_ERROR);
565 goto err; 565 goto err;
566 } 566 }
567 val_sub[i] = tmp_points; 567 val_sub[i] = tmp_points;
@@ -579,7 +579,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
579 */ 579 */
580 val = reallocarray(NULL, (num_val + 1), sizeof val[0]); 580 val = reallocarray(NULL, (num_val + 1), sizeof val[0]);
581 if (val == NULL) { 581 if (val == NULL) {
582 ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); 582 ECerror(ERR_R_MALLOC_FAILURE);
583 goto err; 583 goto err;
584 } 584 }
585 val[num_val] = NULL; /* pivot element */ 585 val[num_val] = NULL; /* pivot element */
@@ -596,7 +596,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
596 } 596 }
597 } 597 }
598 if (!(v == val + num_val)) { 598 if (!(v == val + num_val)) {
599 ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); 599 ECerror(ERR_R_INTERNAL_ERROR);
600 goto err; 600 goto err;
601 } 601 }
602 if (!(tmp = EC_POINT_new(group))) 602 if (!(tmp = EC_POINT_new(group)))
@@ -743,7 +743,7 @@ ec_wNAF_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
743 743
744 generator = EC_GROUP_get0_generator(group); 744 generator = EC_GROUP_get0_generator(group);
745 if (generator == NULL) { 745 if (generator == NULL) {
746 ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR); 746 ECerror(EC_R_UNDEFINED_GENERATOR);
747 goto err; 747 goto err;
748 } 748 }
749 if (ctx == NULL) { 749 if (ctx == NULL) {
@@ -758,7 +758,7 @@ ec_wNAF_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
758 if (!EC_GROUP_get_order(group, order, ctx)) 758 if (!EC_GROUP_get_order(group, order, ctx))
759 goto err; 759 goto err;
760 if (BN_is_zero(order)) { 760 if (BN_is_zero(order)) {
761 ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER); 761 ECerror(EC_R_UNKNOWN_ORDER);
762 goto err; 762 goto err;
763 } 763 }
764 bits = BN_num_bits(order); 764 bits = BN_num_bits(order);
@@ -786,20 +786,20 @@ ec_wNAF_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
786 786
787 points = reallocarray(NULL, (num + 1), sizeof(EC_POINT *)); 787 points = reallocarray(NULL, (num + 1), sizeof(EC_POINT *));
788 if (!points) { 788 if (!points) {
789 ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); 789 ECerror(ERR_R_MALLOC_FAILURE);
790 goto err; 790 goto err;
791 } 791 }
792 var = points; 792 var = points;
793 var[num] = NULL; /* pivot */ 793 var[num] = NULL; /* pivot */
794 for (i = 0; i < num; i++) { 794 for (i = 0; i < num; i++) {
795 if ((var[i] = EC_POINT_new(group)) == NULL) { 795 if ((var[i] = EC_POINT_new(group)) == NULL) {
796 ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); 796 ECerror(ERR_R_MALLOC_FAILURE);
797 goto err; 797 goto err;
798 } 798 }
799 } 799 }
800 800
801 if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) { 801 if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) {
802 ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); 802 ECerror(ERR_R_MALLOC_FAILURE);
803 goto err; 803 goto err;
804 } 804 }
805 if (!EC_POINT_copy(base, generator)) 805 if (!EC_POINT_copy(base, generator))
@@ -829,7 +829,7 @@ ec_wNAF_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
829 size_t k; 829 size_t k;
830 830
831 if (blocksize <= 2) { 831 if (blocksize <= 2) {
832 ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR); 832 ECerror(ERR_R_INTERNAL_ERROR);
833 goto err; 833 goto err;
834 } 834 }
835 if (!EC_POINT_dbl(group, base, tmp_point, ctx)) 835 if (!EC_POINT_dbl(group, base, tmp_point, ctx))
diff --git a/src/lib/libcrypto/ec/ec_oct.c b/src/lib/libcrypto/ec/ec_oct.c
index 82124a8f80..f44b174fd7 100644
--- a/src/lib/libcrypto/ec/ec_oct.c
+++ b/src/lib/libcrypto/ec/ec_oct.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec_oct.c,v 1.4 2014/07/10 22:45:57 jsing Exp $ */ 1/* $OpenBSD: ec_oct.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */
2/* 2/*
3 * Originally written by Bodo Moeller for the OpenSSL project. 3 * Originally written by Bodo Moeller for the OpenSSL project.
4 */ 4 */
@@ -76,11 +76,11 @@ EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP * group, EC_POINT * point
76{ 76{
77 if (group->meth->point_set_compressed_coordinates == 0 77 if (group->meth->point_set_compressed_coordinates == 0
78 && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { 78 && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
79 ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 79 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
80 return 0; 80 return 0;
81 } 81 }
82 if (group->meth != point->meth) { 82 if (group->meth != point->meth) {
83 ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); 83 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
84 return 0; 84 return 0;
85 } 85 }
86 if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { 86 if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
@@ -90,7 +90,7 @@ EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP * group, EC_POINT * point
90 else 90 else
91#ifdef OPENSSL_NO_EC2M 91#ifdef OPENSSL_NO_EC2M
92 { 92 {
93 ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_GF2M_NOT_SUPPORTED); 93 ECerror(EC_R_GF2M_NOT_SUPPORTED);
94 return 0; 94 return 0;
95 } 95 }
96#else 96#else
@@ -108,11 +108,11 @@ EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP * group, EC_POINT * poin
108{ 108{
109 if (group->meth->point_set_compressed_coordinates == 0 109 if (group->meth->point_set_compressed_coordinates == 0
110 && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { 110 && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
111 ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 111 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
112 return 0; 112 return 0;
113 } 113 }
114 if (group->meth != point->meth) { 114 if (group->meth != point->meth) {
115 ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); 115 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
116 return 0; 116 return 0;
117 } 117 }
118 if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { 118 if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
@@ -134,11 +134,11 @@ EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
134{ 134{
135 if (group->meth->point2oct == 0 135 if (group->meth->point2oct == 0
136 && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { 136 && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
137 ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 137 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
138 return 0; 138 return 0;
139 } 139 }
140 if (group->meth != point->meth) { 140 if (group->meth != point->meth) {
141 ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS); 141 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
142 return 0; 142 return 0;
143 } 143 }
144 if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { 144 if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
@@ -148,7 +148,7 @@ EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
148 else 148 else
149#ifdef OPENSSL_NO_EC2M 149#ifdef OPENSSL_NO_EC2M
150 { 150 {
151 ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_GF2M_NOT_SUPPORTED); 151 ECerror(EC_R_GF2M_NOT_SUPPORTED);
152 return 0; 152 return 0;
153 } 153 }
154#else 154#else
@@ -166,11 +166,11 @@ EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
166{ 166{
167 if (group->meth->oct2point == 0 && 167 if (group->meth->oct2point == 0 &&
168 !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { 168 !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
169 ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 169 ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
170 return 0; 170 return 0;
171 } 171 }
172 if (group->meth != point->meth) { 172 if (group->meth != point->meth) {
173 ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS); 173 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
174 return 0; 174 return 0;
175 } 175 }
176 if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { 176 if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
@@ -180,7 +180,7 @@ EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
180 else 180 else
181#ifdef OPENSSL_NO_EC2M 181#ifdef OPENSSL_NO_EC2M
182 { 182 {
183 ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_GF2M_NOT_SUPPORTED); 183 ECerror(EC_R_GF2M_NOT_SUPPORTED);
184 return 0; 184 return 0;
185 } 185 }
186#else 186#else
diff --git a/src/lib/libcrypto/ec/ec_pmeth.c b/src/lib/libcrypto/ec/ec_pmeth.c
index a52bff1f2f..08172fe0c6 100644
--- a/src/lib/libcrypto/ec/ec_pmeth.c
+++ b/src/lib/libcrypto/ec/ec_pmeth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec_pmeth.c,v 1.9 2015/06/20 14:19:39 jsing Exp $ */ 1/* $OpenBSD: ec_pmeth.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -132,7 +132,7 @@ pkey_ec_sign(EVP_PKEY_CTX * ctx, unsigned char *sig, size_t * siglen,
132 *siglen = ECDSA_size(ec); 132 *siglen = ECDSA_size(ec);
133 return 1; 133 return 1;
134 } else if (*siglen < (size_t) ECDSA_size(ec)) { 134 } else if (*siglen < (size_t) ECDSA_size(ec)) {
135 ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL); 135 ECerror(EC_R_BUFFER_TOO_SMALL);
136 return 0; 136 return 0;
137 } 137 }
138 if (dctx->md) 138 if (dctx->md)
@@ -175,7 +175,7 @@ pkey_ec_derive(EVP_PKEY_CTX * ctx, unsigned char *key, size_t * keylen)
175 size_t outlen; 175 size_t outlen;
176 const EC_POINT *pubkey = NULL; 176 const EC_POINT *pubkey = NULL;
177 if (!ctx->pkey || !ctx->peerkey) { 177 if (!ctx->pkey || !ctx->peerkey) {
178 ECerr(EC_F_PKEY_EC_DERIVE, EC_R_KEYS_NOT_SET); 178 ECerror(EC_R_KEYS_NOT_SET);
179 return 0; 179 return 0;
180 } 180 }
181 if (!key) { 181 if (!key) {
@@ -209,7 +209,7 @@ pkey_ec_ctrl(EVP_PKEY_CTX * ctx, int type, int p1, void *p2)
209 case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: 209 case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
210 group = EC_GROUP_new_by_curve_name(p1); 210 group = EC_GROUP_new_by_curve_name(p1);
211 if (group == NULL) { 211 if (group == NULL) {
212 ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE); 212 ECerror(EC_R_INVALID_CURVE);
213 return 0; 213 return 0;
214 } 214 }
215 EC_GROUP_free(dctx->gen_group); 215 EC_GROUP_free(dctx->gen_group);
@@ -223,7 +223,7 @@ pkey_ec_ctrl(EVP_PKEY_CTX * ctx, int type, int p1, void *p2)
223 EVP_MD_type((const EVP_MD *) p2) != NID_sha256 && 223 EVP_MD_type((const EVP_MD *) p2) != NID_sha256 &&
224 EVP_MD_type((const EVP_MD *) p2) != NID_sha384 && 224 EVP_MD_type((const EVP_MD *) p2) != NID_sha384 &&
225 EVP_MD_type((const EVP_MD *) p2) != NID_sha512) { 225 EVP_MD_type((const EVP_MD *) p2) != NID_sha512) {
226 ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE); 226 ECerror(EC_R_INVALID_DIGEST_TYPE);
227 return 0; 227 return 0;
228 } 228 }
229 dctx->md = p2; 229 dctx->md = p2;
@@ -254,7 +254,7 @@ pkey_ec_ctrl_str(EVP_PKEY_CTX * ctx,
254 if (nid == NID_undef) 254 if (nid == NID_undef)
255 nid = OBJ_ln2nid(value); 255 nid = OBJ_ln2nid(value);
256 if (nid == NID_undef) { 256 if (nid == NID_undef) {
257 ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE); 257 ECerror(EC_R_INVALID_CURVE);
258 return 0; 258 return 0;
259 } 259 }
260 return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); 260 return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
@@ -269,7 +269,7 @@ pkey_ec_paramgen(EVP_PKEY_CTX * ctx, EVP_PKEY * pkey)
269 EC_PKEY_CTX *dctx = ctx->data; 269 EC_PKEY_CTX *dctx = ctx->data;
270 int ret = 0; 270 int ret = 0;
271 if (dctx->gen_group == NULL) { 271 if (dctx->gen_group == NULL) {
272 ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET); 272 ECerror(EC_R_NO_PARAMETERS_SET);
273 return 0; 273 return 0;
274 } 274 }
275 ec = EC_KEY_new(); 275 ec = EC_KEY_new();
@@ -288,7 +288,7 @@ pkey_ec_keygen(EVP_PKEY_CTX * ctx, EVP_PKEY * pkey)
288{ 288{
289 EC_KEY *ec = NULL; 289 EC_KEY *ec = NULL;
290 if (ctx->pkey == NULL) { 290 if (ctx->pkey == NULL) {
291 ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET); 291 ECerror(EC_R_NO_PARAMETERS_SET);
292 return 0; 292 return 0;
293 } 293 }
294 ec = EC_KEY_new(); 294 ec = EC_KEY_new();
diff --git a/src/lib/libcrypto/ec/eck_prn.c b/src/lib/libcrypto/ec/eck_prn.c
index 06cdd69591..653d78e5cd 100644
--- a/src/lib/libcrypto/ec/eck_prn.c
+++ b/src/lib/libcrypto/ec/eck_prn.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: eck_prn.c,v 1.11 2015/06/20 14:17:07 jsing Exp $ */ 1/* $OpenBSD: eck_prn.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -78,7 +78,7 @@ ECPKParameters_print_fp(FILE * fp, const EC_GROUP * x, int off)
78 int ret; 78 int ret;
79 79
80 if ((b = BIO_new(BIO_s_file())) == NULL) { 80 if ((b = BIO_new(BIO_s_file())) == NULL) {
81 ECerr(EC_F_ECPKPARAMETERS_PRINT_FP, ERR_R_BUF_LIB); 81 ECerror(ERR_R_BUF_LIB);
82 return (0); 82 return (0);
83 } 83 }
84 BIO_set_fp(b, fp, BIO_NOCLOSE); 84 BIO_set_fp(b, fp, BIO_NOCLOSE);
@@ -94,7 +94,7 @@ EC_KEY_print_fp(FILE * fp, const EC_KEY * x, int off)
94 int ret; 94 int ret;
95 95
96 if ((b = BIO_new(BIO_s_file())) == NULL) { 96 if ((b = BIO_new(BIO_s_file())) == NULL) {
97 ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB); 97 ECerror(ERR_R_BIO_LIB);
98 return (0); 98 return (0);
99 } 99 }
100 BIO_set_fp(b, fp, BIO_NOCLOSE); 100 BIO_set_fp(b, fp, BIO_NOCLOSE);
@@ -110,7 +110,7 @@ ECParameters_print_fp(FILE * fp, const EC_KEY * x)
110 int ret; 110 int ret;
111 111
112 if ((b = BIO_new(BIO_s_file())) == NULL) { 112 if ((b = BIO_new(BIO_s_file())) == NULL) {
113 ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB); 113 ECerror(ERR_R_BIO_LIB);
114 return (0); 114 return (0);
115 } 115 }
116 BIO_set_fp(b, fp, BIO_NOCLOSE); 116 BIO_set_fp(b, fp, BIO_NOCLOSE);
@@ -323,7 +323,7 @@ ECPKParameters_print(BIO * bp, const EC_GROUP * x, int off)
323 ret = 1; 323 ret = 1;
324err: 324err:
325 if (!ret) 325 if (!ret)
326 ECerr(EC_F_ECPKPARAMETERS_PRINT, reason); 326 ECerror(reason);
327 BN_free(p); 327 BN_free(p);
328 BN_free(a); 328 BN_free(a);
329 BN_free(b); 329 BN_free(b);
diff --git a/src/lib/libcrypto/ec/ecp_mont.c b/src/lib/libcrypto/ec/ecp_mont.c
index a3ad4e1ce9..68fc26de1e 100644
--- a/src/lib/libcrypto/ec/ecp_mont.c
+++ b/src/lib/libcrypto/ec/ecp_mont.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_mont.c,v 1.10 2015/02/13 00:46:03 beck Exp $ */ 1/* $OpenBSD: ecp_mont.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
2/* 2/*
3 * Originally written by Bodo Moeller for the OpenSSL project. 3 * Originally written by Bodo Moeller for the OpenSSL project.
4 */ 4 */
@@ -203,7 +203,7 @@ ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
203 if (mont == NULL) 203 if (mont == NULL)
204 goto err; 204 goto err;
205 if (!BN_MONT_CTX_set(mont, p, ctx)) { 205 if (!BN_MONT_CTX_set(mont, p, ctx)) {
206 ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB); 206 ECerror(ERR_R_BN_LIB);
207 goto err; 207 goto err;
208 } 208 }
209 one = BN_new(); 209 one = BN_new();
@@ -238,7 +238,7 @@ ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
238 const BIGNUM *b, BN_CTX *ctx) 238 const BIGNUM *b, BN_CTX *ctx)
239{ 239{
240 if (group->field_data1 == NULL) { 240 if (group->field_data1 == NULL) {
241 ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED); 241 ECerror(EC_R_NOT_INITIALIZED);
242 return 0; 242 return 0;
243 } 243 }
244 return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx); 244 return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
@@ -250,7 +250,7 @@ ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
250 BN_CTX *ctx) 250 BN_CTX *ctx)
251{ 251{
252 if (group->field_data1 == NULL) { 252 if (group->field_data1 == NULL) {
253 ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED); 253 ECerror(EC_R_NOT_INITIALIZED);
254 return 0; 254 return 0;
255 } 255 }
256 return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx); 256 return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
@@ -262,7 +262,7 @@ ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
262 BN_CTX *ctx) 262 BN_CTX *ctx)
263{ 263{
264 if (group->field_data1 == NULL) { 264 if (group->field_data1 == NULL) {
265 ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED); 265 ECerror(EC_R_NOT_INITIALIZED);
266 return 0; 266 return 0;
267 } 267 }
268 return BN_to_montgomery(r, a, (BN_MONT_CTX *) group->field_data1, ctx); 268 return BN_to_montgomery(r, a, (BN_MONT_CTX *) group->field_data1, ctx);
@@ -274,7 +274,7 @@ ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
274 BN_CTX *ctx) 274 BN_CTX *ctx)
275{ 275{
276 if (group->field_data1 == NULL) { 276 if (group->field_data1 == NULL) {
277 ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED); 277 ECerror(EC_R_NOT_INITIALIZED);
278 return 0; 278 return 0;
279 } 279 }
280 return BN_from_montgomery(r, a, group->field_data1, ctx); 280 return BN_from_montgomery(r, a, group->field_data1, ctx);
@@ -285,7 +285,7 @@ int
285ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx) 285ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
286{ 286{
287 if (group->field_data2 == NULL) { 287 if (group->field_data2 == NULL) {
288 ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED); 288 ECerror(EC_R_NOT_INITIALIZED);
289 return 0; 289 return 0;
290 } 290 }
291 if (!BN_copy(r, group->field_data2)) 291 if (!BN_copy(r, group->field_data2))
diff --git a/src/lib/libcrypto/ec/ecp_nist.c b/src/lib/libcrypto/ec/ecp_nist.c
index a33f9d9e39..24cba64d2e 100644
--- a/src/lib/libcrypto/ec/ecp_nist.c
+++ b/src/lib/libcrypto/ec/ecp_nist.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_nist.c,v 1.9 2014/07/12 16:03:37 miod Exp $ */ 1/* $OpenBSD: ecp_nist.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -145,7 +145,7 @@ ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
145 else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0) 145 else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
146 group->field_mod_func = BN_nist_mod_521; 146 group->field_mod_func = BN_nist_mod_521;
147 else { 147 else {
148 ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME); 148 ECerror(EC_R_NOT_A_NIST_PRIME);
149 goto err; 149 goto err;
150 } 150 }
151 151
@@ -166,7 +166,7 @@ ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
166 BN_CTX *ctx_new = NULL; 166 BN_CTX *ctx_new = NULL;
167 167
168 if (!group || !r || !a || !b) { 168 if (!group || !r || !a || !b) {
169 ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER); 169 ECerror(ERR_R_PASSED_NULL_PARAMETER);
170 goto err; 170 goto err;
171 } 171 }
172 if (!ctx) 172 if (!ctx)
@@ -193,7 +193,7 @@ ec_GFp_nist_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a,
193 BN_CTX *ctx_new = NULL; 193 BN_CTX *ctx_new = NULL;
194 194
195 if (!group || !r || !a) { 195 if (!group || !r || !a) {
196 ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER); 196 ECerror(EC_R_PASSED_NULL_PARAMETER);
197 goto err; 197 goto err;
198 } 198 }
199 if (!ctx) 199 if (!ctx)
diff --git a/src/lib/libcrypto/ec/ecp_nistp224.c b/src/lib/libcrypto/ec/ecp_nistp224.c
index 0976f24a9f..38dd83b6d9 100644
--- a/src/lib/libcrypto/ec/ecp_nistp224.c
+++ b/src/lib/libcrypto/ec/ecp_nistp224.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_nistp224.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */ 1/* $OpenBSD: ecp_nistp224.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
2/* 2/*
3 * Written by Emilia Kasper (Google) for the OpenSSL project. 3 * Written by Emilia Kasper (Google) for the OpenSSL project.
4 */ 4 */
@@ -319,11 +319,11 @@ BN_to_felem(felem out, const BIGNUM * bn)
319 memset(b_out, 0, sizeof b_out); 319 memset(b_out, 0, sizeof b_out);
320 num_bytes = BN_num_bytes(bn); 320 num_bytes = BN_num_bytes(bn);
321 if (num_bytes > sizeof b_out) { 321 if (num_bytes > sizeof b_out) {
322 ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); 322 ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
323 return 0; 323 return 0;
324 } 324 }
325 if (BN_is_negative(bn)) { 325 if (BN_is_negative(bn)) {
326 ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); 326 ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
327 return 0; 327 return 0;
328 } 328 }
329 num_bytes = BN_bn2bin(bn, b_in); 329 num_bytes = BN_bn2bin(bn, b_in);
@@ -1191,7 +1191,7 @@ nistp224_pre_comp_new()
1191 NISTP224_PRE_COMP *ret = NULL; 1191 NISTP224_PRE_COMP *ret = NULL;
1192 ret = malloc(sizeof *ret); 1192 ret = malloc(sizeof *ret);
1193 if (!ret) { 1193 if (!ret) {
1194 ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); 1194 ECerror(ERR_R_MALLOC_FAILURE);
1195 return ret; 1195 return ret;
1196 } 1196 }
1197 memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp)); 1197 memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp));
@@ -1277,8 +1277,7 @@ ec_GFp_nistp224_group_set_curve(EC_GROUP * group, const BIGNUM * p,
1277 BN_bin2bn(nistp224_curve_params[2], sizeof(felem_bytearray), curve_b); 1277 BN_bin2bn(nistp224_curve_params[2], sizeof(felem_bytearray), curve_b);
1278 if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || 1278 if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) ||
1279 (BN_cmp(curve_b, b))) { 1279 (BN_cmp(curve_b, b))) {
1280 ECerr(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE, 1280 ECerror(EC_R_WRONG_CURVE_PARAMETERS);
1281 EC_R_WRONG_CURVE_PARAMETERS);
1282 goto err; 1281 goto err;
1283 } 1282 }
1284 group->field_mod_func = BN_nist_mod_224; 1283 group->field_mod_func = BN_nist_mod_224;
@@ -1299,8 +1298,7 @@ ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP * group,
1299 widefelem tmp; 1298 widefelem tmp;
1300 1299
1301 if (EC_POINT_is_at_infinity(group, point) > 0) { 1300 if (EC_POINT_is_at_infinity(group, point) > 0) {
1302 ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES, 1301 ECerror(EC_R_POINT_AT_INFINITY);
1303 EC_R_POINT_AT_INFINITY);
1304 return 0; 1302 return 0;
1305 } 1303 }
1306 if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) || 1304 if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
@@ -1314,8 +1312,7 @@ ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP * group,
1314 felem_contract(x_out, x_in); 1312 felem_contract(x_out, x_in);
1315 if (x != NULL) { 1313 if (x != NULL) {
1316 if (!felem_to_BN(x, x_out)) { 1314 if (!felem_to_BN(x, x_out)) {
1317 ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES, 1315 ECerror(ERR_R_BN_LIB);
1318 ERR_R_BN_LIB);
1319 return 0; 1316 return 0;
1320 } 1317 }
1321 } 1318 }
@@ -1326,8 +1323,7 @@ ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP * group,
1326 felem_contract(y_out, y_in); 1323 felem_contract(y_out, y_in);
1327 if (y != NULL) { 1324 if (y != NULL) {
1328 if (!felem_to_BN(y, y_out)) { 1325 if (!felem_to_BN(y, y_out)) {
1329 ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES, 1326 ECerror(ERR_R_BN_LIB);
1330 ERR_R_BN_LIB);
1331 return 0; 1327 return 0;
1332 } 1328 }
1333 } 1329 }
@@ -1410,7 +1406,7 @@ ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
1410 if (!felem_to_BN(x, g_pre_comp[0][1][0]) || 1406 if (!felem_to_BN(x, g_pre_comp[0][1][0]) ||
1411 !felem_to_BN(y, g_pre_comp[0][1][1]) || 1407 !felem_to_BN(y, g_pre_comp[0][1][1]) ||
1412 !felem_to_BN(z, g_pre_comp[0][1][2])) { 1408 !felem_to_BN(z, g_pre_comp[0][1][2])) {
1413 ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); 1409 ECerror(ERR_R_BN_LIB);
1414 goto err; 1410 goto err;
1415 } 1411 }
1416 if (!EC_POINT_set_Jprojective_coordinates_GFp(group, 1412 if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
@@ -1443,7 +1439,7 @@ ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
1443 (num_points * 17 + 1), sizeof(felem)); 1439 (num_points * 17 + 1), sizeof(felem));
1444 } 1440 }
1445 if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) { 1441 if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) {
1446 ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_MALLOC_FAILURE); 1442 ECerror(ERR_R_MALLOC_FAILURE);
1447 goto err; 1443 goto err;
1448 } 1444 }
1449 /* 1445 /*
@@ -1471,7 +1467,7 @@ ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
1471 * don't guarantee constant-timeness 1467 * don't guarantee constant-timeness
1472 */ 1468 */
1473 if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { 1469 if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
1474 ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); 1470 ECerror(ERR_R_BN_LIB);
1475 goto err; 1471 goto err;
1476 } 1472 }
1477 num_bytes = BN_bn2bin(tmp_scalar, tmp); 1473 num_bytes = BN_bn2bin(tmp_scalar, tmp);
@@ -1513,7 +1509,7 @@ ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
1513 * constant-timeness 1509 * constant-timeness
1514 */ 1510 */
1515 if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { 1511 if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
1516 ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); 1512 ECerror(ERR_R_BN_LIB);
1517 goto err; 1513 goto err;
1518 } 1514 }
1519 num_bytes = BN_bn2bin(tmp_scalar, tmp); 1515 num_bytes = BN_bn2bin(tmp_scalar, tmp);
@@ -1537,7 +1533,7 @@ ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
1537 felem_contract(z_in, z_out); 1533 felem_contract(z_in, z_out);
1538 if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) || 1534 if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) ||
1539 (!felem_to_BN(z, z_in))) { 1535 (!felem_to_BN(z, z_in))) {
1540 ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); 1536 ECerror(ERR_R_BN_LIB);
1541 goto err; 1537 goto err;
1542 } 1538 }
1543 ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx); 1539 ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);
diff --git a/src/lib/libcrypto/ec/ecp_nistp256.c b/src/lib/libcrypto/ec/ecp_nistp256.c
index be1d2a5402..4771a92efd 100644
--- a/src/lib/libcrypto/ec/ecp_nistp256.c
+++ b/src/lib/libcrypto/ec/ecp_nistp256.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_nistp256.c,v 1.16 2015/09/10 15:56:25 jsing Exp $ */ 1/* $OpenBSD: ecp_nistp256.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
2/* 2/*
3 * Written by Adam Langley (Google) for the OpenSSL project 3 * Written by Adam Langley (Google) for the OpenSSL project
4 */ 4 */
@@ -156,11 +156,11 @@ BN_to_felem(felem out, const BIGNUM * bn)
156 memset(b_out, 0, sizeof b_out); 156 memset(b_out, 0, sizeof b_out);
157 num_bytes = BN_num_bytes(bn); 157 num_bytes = BN_num_bytes(bn);
158 if (num_bytes > sizeof b_out) { 158 if (num_bytes > sizeof b_out) {
159 ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); 159 ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
160 return 0; 160 return 0;
161 } 161 }
162 if (BN_is_negative(bn)) { 162 if (BN_is_negative(bn)) {
163 ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); 163 ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
164 return 0; 164 return 0;
165 } 165 }
166 num_bytes = BN_bn2bin(bn, b_in); 166 num_bytes = BN_bn2bin(bn, b_in);
@@ -1740,7 +1740,7 @@ nistp256_pre_comp_new()
1740 NISTP256_PRE_COMP *ret = NULL; 1740 NISTP256_PRE_COMP *ret = NULL;
1741 ret = malloc(sizeof *ret); 1741 ret = malloc(sizeof *ret);
1742 if (!ret) { 1742 if (!ret) {
1743 ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); 1743 ECerror(ERR_R_MALLOC_FAILURE);
1744 return ret; 1744 return ret;
1745 } 1745 }
1746 memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp)); 1746 memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp));
@@ -1826,8 +1826,7 @@ ec_GFp_nistp256_group_set_curve(EC_GROUP * group, const BIGNUM * p,
1826 BN_bin2bn(nistp256_curve_params[2], sizeof(felem_bytearray), curve_b); 1826 BN_bin2bn(nistp256_curve_params[2], sizeof(felem_bytearray), curve_b);
1827 if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || 1827 if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) ||
1828 (BN_cmp(curve_b, b))) { 1828 (BN_cmp(curve_b, b))) {
1829 ECerr(EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE, 1829 ECerror(EC_R_WRONG_CURVE_PARAMETERS);
1830 EC_R_WRONG_CURVE_PARAMETERS);
1831 goto err; 1830 goto err;
1832 } 1831 }
1833 group->field_mod_func = BN_nist_mod_256; 1832 group->field_mod_func = BN_nist_mod_256;
@@ -1849,8 +1848,7 @@ ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP * group,
1849 longfelem tmp; 1848 longfelem tmp;
1850 1849
1851 if (EC_POINT_is_at_infinity(group, point) > 0) { 1850 if (EC_POINT_is_at_infinity(group, point) > 0) {
1852 ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES, 1851 ECerror(EC_R_POINT_AT_INFINITY);
1853 EC_R_POINT_AT_INFINITY);
1854 return 0; 1852 return 0;
1855 } 1853 }
1856 if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) || 1854 if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
@@ -1864,8 +1862,7 @@ ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP * group,
1864 felem_contract(x_out, x_in); 1862 felem_contract(x_out, x_in);
1865 if (x != NULL) { 1863 if (x != NULL) {
1866 if (!smallfelem_to_BN(x, x_out)) { 1864 if (!smallfelem_to_BN(x, x_out)) {
1867 ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES, 1865 ECerror(ERR_R_BN_LIB);
1868 ERR_R_BN_LIB);
1869 return 0; 1866 return 0;
1870 } 1867 }
1871 } 1868 }
@@ -1876,8 +1873,7 @@ ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP * group,
1876 felem_contract(y_out, y_in); 1873 felem_contract(y_out, y_in);
1877 if (y != NULL) { 1874 if (y != NULL) {
1878 if (!smallfelem_to_BN(y, y_out)) { 1875 if (!smallfelem_to_BN(y, y_out)) {
1879 ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES, 1876 ECerror(ERR_R_BN_LIB);
1880 ERR_R_BN_LIB);
1881 return 0; 1877 return 0;
1882 } 1878 }
1883 } 1879 }
@@ -1960,7 +1956,7 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r,
1960 if (!smallfelem_to_BN(x, g_pre_comp[0][1][0]) || 1956 if (!smallfelem_to_BN(x, g_pre_comp[0][1][0]) ||
1961 !smallfelem_to_BN(y, g_pre_comp[0][1][1]) || 1957 !smallfelem_to_BN(y, g_pre_comp[0][1][1]) ||
1962 !smallfelem_to_BN(z, g_pre_comp[0][1][2])) { 1958 !smallfelem_to_BN(z, g_pre_comp[0][1][2])) {
1963 ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); 1959 ECerror(ERR_R_BN_LIB);
1964 goto err; 1960 goto err;
1965 } 1961 }
1966 if (!EC_POINT_set_Jprojective_coordinates_GFp(group, 1962 if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
@@ -1993,7 +1989,7 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r,
1993 (num_points * 17 + 1), sizeof(smallfelem)); 1989 (num_points * 17 + 1), sizeof(smallfelem));
1994 } 1990 }
1995 if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_smallfelems == NULL))) { 1991 if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_smallfelems == NULL))) {
1996 ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_MALLOC_FAILURE); 1992 ECerror(ERR_R_MALLOC_FAILURE);
1997 goto err; 1993 goto err;
1998 } 1994 }
1999 /* 1995 /*
@@ -2024,7 +2020,7 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r,
2024 * don't guarantee constant-timeness 2020 * don't guarantee constant-timeness
2025 */ 2021 */
2026 if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { 2022 if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
2027 ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); 2023 ECerror(ERR_R_BN_LIB);
2028 goto err; 2024 goto err;
2029 } 2025 }
2030 num_bytes = BN_bn2bin(tmp_scalar, tmp); 2026 num_bytes = BN_bn2bin(tmp_scalar, tmp);
@@ -2066,7 +2062,7 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r,
2066 * constant-timeness 2062 * constant-timeness
2067 */ 2063 */
2068 if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { 2064 if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
2069 ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); 2065 ECerror(ERR_R_BN_LIB);
2070 goto err; 2066 goto err;
2071 } 2067 }
2072 num_bytes = BN_bn2bin(tmp_scalar, tmp); 2068 num_bytes = BN_bn2bin(tmp_scalar, tmp);
@@ -2090,7 +2086,7 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r,
2090 felem_contract(z_in, z_out); 2086 felem_contract(z_in, z_out);
2091 if ((!smallfelem_to_BN(x, x_in)) || (!smallfelem_to_BN(y, y_in)) || 2087 if ((!smallfelem_to_BN(x, x_in)) || (!smallfelem_to_BN(y, y_in)) ||
2092 (!smallfelem_to_BN(z, z_in))) { 2088 (!smallfelem_to_BN(z, z_in))) {
2093 ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); 2089 ECerror(ERR_R_BN_LIB);
2094 goto err; 2090 goto err;
2095 } 2091 }
2096 ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx); 2092 ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);
diff --git a/src/lib/libcrypto/ec/ecp_nistp521.c b/src/lib/libcrypto/ec/ecp_nistp521.c
index cfa13b41f8..22bafe392f 100644
--- a/src/lib/libcrypto/ec/ecp_nistp521.c
+++ b/src/lib/libcrypto/ec/ecp_nistp521.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_nistp521.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */ 1/* $OpenBSD: ecp_nistp521.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
2/* 2/*
3 * Written by Adam Langley (Google) for the OpenSSL project 3 * Written by Adam Langley (Google) for the OpenSSL project
4 */ 4 */
@@ -182,11 +182,11 @@ BN_to_felem(felem out, const BIGNUM * bn)
182 memset(b_out, 0, sizeof b_out); 182 memset(b_out, 0, sizeof b_out);
183 num_bytes = BN_num_bytes(bn); 183 num_bytes = BN_num_bytes(bn);
184 if (num_bytes > sizeof b_out) { 184 if (num_bytes > sizeof b_out) {
185 ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); 185 ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
186 return 0; 186 return 0;
187 } 187 }
188 if (BN_is_negative(bn)) { 188 if (BN_is_negative(bn)) {
189 ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); 189 ECerror(EC_R_BIGNUM_OUT_OF_RANGE);
190 return 0; 190 return 0;
191 } 191 }
192 num_bytes = BN_bn2bin(bn, b_in); 192 num_bytes = BN_bn2bin(bn, b_in);
@@ -1631,7 +1631,7 @@ nistp521_pre_comp_new()
1631 NISTP521_PRE_COMP *ret = NULL; 1631 NISTP521_PRE_COMP *ret = NULL;
1632 ret = malloc(sizeof(NISTP521_PRE_COMP)); 1632 ret = malloc(sizeof(NISTP521_PRE_COMP));
1633 if (!ret) { 1633 if (!ret) {
1634 ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); 1634 ECerror(ERR_R_MALLOC_FAILURE);
1635 return ret; 1635 return ret;
1636 } 1636 }
1637 memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp)); 1637 memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp));
@@ -1717,8 +1717,7 @@ ec_GFp_nistp521_group_set_curve(EC_GROUP * group, const BIGNUM * p,
1717 BN_bin2bn(nistp521_curve_params[2], sizeof(felem_bytearray), curve_b); 1717 BN_bin2bn(nistp521_curve_params[2], sizeof(felem_bytearray), curve_b);
1718 if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || 1718 if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) ||
1719 (BN_cmp(curve_b, b))) { 1719 (BN_cmp(curve_b, b))) {
1720 ECerr(EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE, 1720 ECerror(EC_R_WRONG_CURVE_PARAMETERS);
1721 EC_R_WRONG_CURVE_PARAMETERS);
1722 goto err; 1721 goto err;
1723 } 1722 }
1724 group->field_mod_func = BN_nist_mod_521; 1723 group->field_mod_func = BN_nist_mod_521;
@@ -1739,8 +1738,7 @@ ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP * group,
1739 largefelem tmp; 1738 largefelem tmp;
1740 1739
1741 if (EC_POINT_is_at_infinity(group, point) > 0) { 1740 if (EC_POINT_is_at_infinity(group, point) > 0) {
1742 ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, 1741 ECerror(EC_R_POINT_AT_INFINITY);
1743 EC_R_POINT_AT_INFINITY);
1744 return 0; 1742 return 0;
1745 } 1743 }
1746 if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) || 1744 if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
@@ -1754,7 +1752,7 @@ ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP * group,
1754 felem_contract(x_out, x_in); 1752 felem_contract(x_out, x_in);
1755 if (x != NULL) { 1753 if (x != NULL) {
1756 if (!felem_to_BN(x, x_out)) { 1754 if (!felem_to_BN(x, x_out)) {
1757 ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB); 1755 ECerror(ERR_R_BN_LIB);
1758 return 0; 1756 return 0;
1759 } 1757 }
1760 } 1758 }
@@ -1765,7 +1763,7 @@ ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP * group,
1765 felem_contract(y_out, y_in); 1763 felem_contract(y_out, y_in);
1766 if (y != NULL) { 1764 if (y != NULL) {
1767 if (!felem_to_BN(y, y_out)) { 1765 if (!felem_to_BN(y, y_out)) {
1768 ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB); 1766 ECerror(ERR_R_BN_LIB);
1769 return 0; 1767 return 0;
1770 } 1768 }
1771 } 1769 }
@@ -1847,7 +1845,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
1847 if (!felem_to_BN(x, g_pre_comp[1][0]) || 1845 if (!felem_to_BN(x, g_pre_comp[1][0]) ||
1848 !felem_to_BN(y, g_pre_comp[1][1]) || 1846 !felem_to_BN(y, g_pre_comp[1][1]) ||
1849 !felem_to_BN(z, g_pre_comp[1][2])) { 1847 !felem_to_BN(z, g_pre_comp[1][2])) {
1850 ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); 1848 ECerror(ERR_R_BN_LIB);
1851 goto err; 1849 goto err;
1852 } 1850 }
1853 if (!EC_POINT_set_Jprojective_coordinates_GFp(group, 1851 if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
@@ -1880,7 +1878,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
1880 (num_points * 17 + 1), sizeof(felem)); 1878 (num_points * 17 + 1), sizeof(felem));
1881 } 1879 }
1882 if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) { 1880 if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) {
1883 ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_MALLOC_FAILURE); 1881 ECerror(ERR_R_MALLOC_FAILURE);
1884 goto err; 1882 goto err;
1885 } 1883 }
1886 /* 1884 /*
@@ -1911,7 +1909,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
1911 * don't guarantee constant-timeness 1909 * don't guarantee constant-timeness
1912 */ 1910 */
1913 if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { 1911 if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
1914 ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); 1912 ECerror(ERR_R_BN_LIB);
1915 goto err; 1913 goto err;
1916 } 1914 }
1917 num_bytes = BN_bn2bin(tmp_scalar, tmp); 1915 num_bytes = BN_bn2bin(tmp_scalar, tmp);
@@ -1953,7 +1951,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
1953 * constant-timeness 1951 * constant-timeness
1954 */ 1952 */
1955 if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { 1953 if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
1956 ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); 1954 ECerror(ERR_R_BN_LIB);
1957 goto err; 1955 goto err;
1958 } 1956 }
1959 num_bytes = BN_bn2bin(tmp_scalar, tmp); 1957 num_bytes = BN_bn2bin(tmp_scalar, tmp);
@@ -1977,7 +1975,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
1977 felem_contract(z_in, z_out); 1975 felem_contract(z_in, z_out);
1978 if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) || 1976 if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) ||
1979 (!felem_to_BN(z, z_in))) { 1977 (!felem_to_BN(z, z_in))) {
1980 ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); 1978 ECerror(ERR_R_BN_LIB);
1981 goto err; 1979 goto err;
1982 } 1980 }
1983 ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx); 1981 ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);
diff --git a/src/lib/libcrypto/ec/ecp_nistz256.c b/src/lib/libcrypto/ec/ecp_nistz256.c
index b9ad89c1d3..848f15cb17 100644
--- a/src/lib/libcrypto/ec/ecp_nistz256.c
+++ b/src/lib/libcrypto/ec/ecp_nistz256.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_nistz256.c,v 1.1 2016/11/04 17:33:19 miod Exp $ */ 1/* $OpenBSD: ecp_nistz256.c,v 1.2 2017/01/29 17:49:23 beck Exp $ */
2/* Copyright (c) 2014, Intel Corporation. 2/* Copyright (c) 2014, Intel Corporation.
3 * 3 *
4 * Permission to use, copy, modify, and/or distribute this software for any 4 * Permission to use, copy, modify, and/or distribute this software for any
@@ -311,7 +311,7 @@ static int
311ecp_nistz256_set_words(BIGNUM *a, BN_ULONG words[P256_LIMBS]) 311ecp_nistz256_set_words(BIGNUM *a, BN_ULONG words[P256_LIMBS])
312{ 312{
313 if (bn_wexpand(a, P256_LIMBS) == NULL) { 313 if (bn_wexpand(a, P256_LIMBS) == NULL) {
314 ECerr(EC_F_ECP_NISTZ256_SET_WORDS, ERR_R_MALLOC_FAILURE); 314 ECerror(ERR_R_MALLOC_FAILURE);
315 return 0; 315 return 0;
316 } 316 }
317 memcpy(a->d, words, sizeof(BN_ULONG) * P256_LIMBS); 317 memcpy(a->d, words, sizeof(BN_ULONG) * P256_LIMBS);
@@ -441,7 +441,7 @@ ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r,
441 if (posix_memalign((void **)&table, 64, num * sizeof(*table)) != 0 || 441 if (posix_memalign((void **)&table, 64, num * sizeof(*table)) != 0 ||
442 (p_str = reallocarray(NULL, num, sizeof(*p_str))) == NULL || 442 (p_str = reallocarray(NULL, num, sizeof(*p_str))) == NULL ||
443 (scalars = reallocarray(NULL, num, sizeof(*scalars))) == NULL) { 443 (scalars = reallocarray(NULL, num, sizeof(*scalars))) == NULL) {
444 ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, ERR_R_MALLOC_FAILURE); 444 ECerror(ERR_R_MALLOC_FAILURE);
445 goto err; 445 goto err;
446 } 446 }
447 447
@@ -458,8 +458,7 @@ ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r,
458 if ((mod = BN_CTX_get(ctx)) == NULL) 458 if ((mod = BN_CTX_get(ctx)) == NULL)
459 goto err; 459 goto err;
460 if (!BN_nnmod(mod, scalar[i], &group->order, ctx)) { 460 if (!BN_nnmod(mod, scalar[i], &group->order, ctx)) {
461 ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, 461 ECerror(ERR_R_BN_LIB);
462 ERR_R_BN_LIB);
463 goto err; 462 goto err;
464 } 463 }
465 scalars[i] = mod; 464 scalars[i] = mod;
@@ -496,8 +495,7 @@ ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r,
496 &point[i]->Y) || 495 &point[i]->Y) ||
497 !ecp_nistz256_bignum_to_field_elem(row[1 - 1].Z, 496 !ecp_nistz256_bignum_to_field_elem(row[1 - 1].Z,
498 &point[i]->Z)) { 497 &point[i]->Z)) {
499 ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, 498 ECerror(EC_R_COORDINATES_OUT_OF_RANGE);
500 EC_R_COORDINATES_OUT_OF_RANGE);
501 goto err; 499 goto err;
502 } 500 }
503 501
@@ -623,8 +621,7 @@ ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
623 621
624 generator = EC_GROUP_get0_generator(group); 622 generator = EC_GROUP_get0_generator(group);
625 if (generator == NULL) { 623 if (generator == NULL) {
626 ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, 624 ECerror(EC_R_UNDEFINED_GENERATOR);
627 EC_R_UNDEFINED_GENERATOR);
628 return 0; 625 return 0;
629 } 626 }
630 627
@@ -655,12 +652,12 @@ ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
655 goto err; 652 goto err;
656 653
657 if (BN_is_zero(order)) { 654 if (BN_is_zero(order)) {
658 ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, EC_R_UNKNOWN_ORDER); 655 ECerror(EC_R_UNKNOWN_ORDER);
659 goto err; 656 goto err;
660 } 657 }
661 658
662 if (posix_memalign((void **)&precomp, 64, 37 * sizeof(*precomp)) != 0) { 659 if (posix_memalign((void **)&precomp, 64, 37 * sizeof(*precomp)) != 0) {
663 ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, ERR_R_MALLOC_FAILURE); 660 ECerror(ERR_R_MALLOC_FAILURE);
664 goto err; 661 goto err;
665 } 662 }
666 663
@@ -690,8 +687,7 @@ ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
690 precomp[j][k].X, &P->X) || 687 precomp[j][k].X, &P->X) ||
691 !ecp_nistz256_bignum_to_field_elem( 688 !ecp_nistz256_bignum_to_field_elem(
692 precomp[j][k].Y, &P->Y)) { 689 precomp[j][k].Y, &P->Y)) {
693 ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, 690 ECerror(EC_R_COORDINATES_OUT_OF_RANGE);
694 EC_R_COORDINATES_OUT_OF_RANGE);
695 goto err; 691 goto err;
696 } 692 }
697 for (i = 0; i < 7; i++) { 693 for (i = 0; i < 7; i++) {
@@ -783,7 +779,7 @@ ecp_nistz256_points_mul(const EC_GROUP *group, EC_POINT *r,
783 BIGNUM *tmp_scalar; 779 BIGNUM *tmp_scalar;
784 780
785 if (group->meth != r->meth) { 781 if (group->meth != r->meth) {
786 ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); 782 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
787 return 0; 783 return 0;
788 } 784 }
789 785
@@ -792,8 +788,7 @@ ecp_nistz256_points_mul(const EC_GROUP *group, EC_POINT *r,
792 788
793 for (j = 0; j < num; j++) { 789 for (j = 0; j < num; j++) {
794 if (group->meth != points[j]->meth) { 790 if (group->meth != points[j]->meth) {
795 ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, 791 ECerror(EC_R_INCOMPATIBLE_OBJECTS);
796 EC_R_INCOMPATIBLE_OBJECTS);
797 return 0; 792 return 0;
798 } 793 }
799 } 794 }
@@ -809,8 +804,7 @@ ecp_nistz256_points_mul(const EC_GROUP *group, EC_POINT *r,
809 if (scalar) { 804 if (scalar) {
810 generator = EC_GROUP_get0_generator(group); 805 generator = EC_GROUP_get0_generator(group);
811 if (generator == NULL) { 806 if (generator == NULL) {
812 ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, 807 ECerror(EC_R_UNDEFINED_GENERATOR);
813 EC_R_UNDEFINED_GENERATOR);
814 goto err; 808 goto err;
815 } 809 }
816 810
@@ -860,8 +854,7 @@ ecp_nistz256_points_mul(const EC_GROUP *group, EC_POINT *r,
860 854
861 if (!BN_nnmod(tmp_scalar, scalar, &group->order, 855 if (!BN_nnmod(tmp_scalar, scalar, &group->order,
862 ctx)) { 856 ctx)) {
863 ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, 857 ECerror(ERR_R_BN_LIB);
864 ERR_R_BN_LIB);
865 goto err; 858 goto err;
866 } 859 }
867 scalar = tmp_scalar; 860 scalar = tmp_scalar;
@@ -955,8 +948,7 @@ ecp_nistz256_points_mul(const EC_GROUP *group, EC_POINT *r,
955 new_scalars = reallocarray(NULL, num + 1, sizeof(BIGNUM *)); 948 new_scalars = reallocarray(NULL, num + 1, sizeof(BIGNUM *));
956 new_points = reallocarray(NULL, num + 1, sizeof(EC_POINT *)); 949 new_points = reallocarray(NULL, num + 1, sizeof(EC_POINT *));
957 if (new_scalars == NULL || new_points == NULL) { 950 if (new_scalars == NULL || new_points == NULL) {
958 ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, 951 ECerror(ERR_R_MALLOC_FAILURE);
959 ERR_R_MALLOC_FAILURE);
960 goto err; 952 goto err;
961 } 953 }
962 954
@@ -1011,15 +1003,14 @@ ecp_nistz256_get_affine(const EC_GROUP *group, const EC_POINT *point,
1011 BN_ULONG point_x[P256_LIMBS], point_y[P256_LIMBS], point_z[P256_LIMBS]; 1003 BN_ULONG point_x[P256_LIMBS], point_y[P256_LIMBS], point_z[P256_LIMBS];
1012 1004
1013 if (EC_POINT_is_at_infinity(group, point)) { 1005 if (EC_POINT_is_at_infinity(group, point)) {
1014 ECerr(EC_F_ECP_NISTZ256_GET_AFFINE, EC_R_POINT_AT_INFINITY); 1006 ECerror(EC_R_POINT_AT_INFINITY);
1015 return 0; 1007 return 0;
1016 } 1008 }
1017 1009
1018 if (!ecp_nistz256_bignum_to_field_elem(point_x, &point->X) || 1010 if (!ecp_nistz256_bignum_to_field_elem(point_x, &point->X) ||
1019 !ecp_nistz256_bignum_to_field_elem(point_y, &point->Y) || 1011 !ecp_nistz256_bignum_to_field_elem(point_y, &point->Y) ||
1020 !ecp_nistz256_bignum_to_field_elem(point_z, &point->Z)) { 1012 !ecp_nistz256_bignum_to_field_elem(point_z, &point->Z)) {
1021 ECerr(EC_F_ECP_NISTZ256_GET_AFFINE, 1013 ECerror(EC_R_COORDINATES_OUT_OF_RANGE);
1022 EC_R_COORDINATES_OUT_OF_RANGE);
1023 return 0; 1014 return 0;
1024 } 1015 }
1025 1016
@@ -1066,7 +1057,7 @@ ecp_nistz256_pre_comp_new(const EC_GROUP *group)
1066 1057
1067 ret = (EC_PRE_COMP *)malloc(sizeof(EC_PRE_COMP)); 1058 ret = (EC_PRE_COMP *)malloc(sizeof(EC_PRE_COMP));
1068 if (ret == NULL) { 1059 if (ret == NULL) {
1069 ECerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); 1060 ECerror(ERR_R_MALLOC_FAILURE);
1070 return ret; 1061 return ret;
1071 } 1062 }
1072 1063
diff --git a/src/lib/libcrypto/ec/ecp_oct.c b/src/lib/libcrypto/ec/ecp_oct.c
index 994f0b08b1..b93b516907 100644
--- a/src/lib/libcrypto/ec/ecp_oct.c
+++ b/src/lib/libcrypto/ec/ecp_oct.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_oct.c,v 1.7 2015/02/09 15:49:22 jsing Exp $ */ 1/* $OpenBSD: ecp_oct.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
2/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> 2/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
3 * for the OpenSSL project. 3 * for the OpenSSL project.
4 * Includes code written by Bodo Moeller for the OpenSSL project. 4 * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -155,9 +155,9 @@ ec_GFp_simple_set_compressed_coordinates(const EC_GROUP * group,
155 155
156 if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) { 156 if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) {
157 ERR_clear_error(); 157 ERR_clear_error();
158 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); 158 ECerror(EC_R_INVALID_COMPRESSED_POINT);
159 } else 159 } else
160 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB); 160 ECerror(ERR_R_BN_LIB);
161 goto err; 161 goto err;
162 } 162 }
163 if (y_bit != BN_is_odd(y)) { 163 if (y_bit != BN_is_odd(y)) {
@@ -169,20 +169,20 @@ ec_GFp_simple_set_compressed_coordinates(const EC_GROUP * group,
169 goto err; 169 goto err;
170 170
171 if (kron == 1) 171 if (kron == 1)
172 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSION_BIT); 172 ECerror(EC_R_INVALID_COMPRESSION_BIT);
173 else 173 else
174 /* 174 /*
175 * BN_mod_sqrt() should have cought this 175 * BN_mod_sqrt() should have cought this
176 * error (not a square) 176 * error (not a square)
177 */ 177 */
178 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); 178 ECerror(EC_R_INVALID_COMPRESSED_POINT);
179 goto err; 179 goto err;
180 } 180 }
181 if (!BN_usub(y, &group->field, y)) 181 if (!BN_usub(y, &group->field, y))
182 goto err; 182 goto err;
183 } 183 }
184 if (y_bit != BN_is_odd(y)) { 184 if (y_bit != BN_is_odd(y)) {
185 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_INTERNAL_ERROR); 185 ECerror(ERR_R_INTERNAL_ERROR);
186 goto err; 186 goto err;
187 } 187 }
188 if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) 188 if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
@@ -210,14 +210,14 @@ ec_GFp_simple_point2oct(const EC_GROUP * group, const EC_POINT * point, point_co
210 if ((form != POINT_CONVERSION_COMPRESSED) 210 if ((form != POINT_CONVERSION_COMPRESSED)
211 && (form != POINT_CONVERSION_UNCOMPRESSED) 211 && (form != POINT_CONVERSION_UNCOMPRESSED)
212 && (form != POINT_CONVERSION_HYBRID)) { 212 && (form != POINT_CONVERSION_HYBRID)) {
213 ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM); 213 ECerror(EC_R_INVALID_FORM);
214 goto err; 214 goto err;
215 } 215 }
216 if (EC_POINT_is_at_infinity(group, point) > 0) { 216 if (EC_POINT_is_at_infinity(group, point) > 0) {
217 /* encodes to a single 0 octet */ 217 /* encodes to a single 0 octet */
218 if (buf != NULL) { 218 if (buf != NULL) {
219 if (len < 1) { 219 if (len < 1) {
220 ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); 220 ECerror(EC_R_BUFFER_TOO_SMALL);
221 return 0; 221 return 0;
222 } 222 }
223 buf[0] = 0; 223 buf[0] = 0;
@@ -231,7 +231,7 @@ ec_GFp_simple_point2oct(const EC_GROUP * group, const EC_POINT * point, point_co
231 /* if 'buf' is NULL, just return required length */ 231 /* if 'buf' is NULL, just return required length */
232 if (buf != NULL) { 232 if (buf != NULL) {
233 if (len < ret) { 233 if (len < ret) {
234 ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); 234 ECerror(EC_R_BUFFER_TOO_SMALL);
235 goto err; 235 goto err;
236 } 236 }
237 if (ctx == NULL) { 237 if (ctx == NULL) {
@@ -258,7 +258,7 @@ ec_GFp_simple_point2oct(const EC_GROUP * group, const EC_POINT * point, point_co
258 258
259 skip = field_len - BN_num_bytes(x); 259 skip = field_len - BN_num_bytes(x);
260 if (skip > field_len) { 260 if (skip > field_len) {
261 ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); 261 ECerror(ERR_R_INTERNAL_ERROR);
262 goto err; 262 goto err;
263 } 263 }
264 while (skip > 0) { 264 while (skip > 0) {
@@ -268,13 +268,13 @@ ec_GFp_simple_point2oct(const EC_GROUP * group, const EC_POINT * point, point_co
268 skip = BN_bn2bin(x, buf + i); 268 skip = BN_bn2bin(x, buf + i);
269 i += skip; 269 i += skip;
270 if (i != 1 + field_len) { 270 if (i != 1 + field_len) {
271 ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); 271 ECerror(ERR_R_INTERNAL_ERROR);
272 goto err; 272 goto err;
273 } 273 }
274 if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID) { 274 if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID) {
275 skip = field_len - BN_num_bytes(y); 275 skip = field_len - BN_num_bytes(y);
276 if (skip > field_len) { 276 if (skip > field_len) {
277 ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); 277 ECerror(ERR_R_INTERNAL_ERROR);
278 goto err; 278 goto err;
279 } 279 }
280 while (skip > 0) { 280 while (skip > 0) {
@@ -285,7 +285,7 @@ ec_GFp_simple_point2oct(const EC_GROUP * group, const EC_POINT * point, point_co
285 i += skip; 285 i += skip;
286 } 286 }
287 if (i != ret) { 287 if (i != ret) {
288 ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); 288 ECerror(ERR_R_INTERNAL_ERROR);
289 goto err; 289 goto err;
290 } 290 }
291 } 291 }
@@ -314,7 +314,7 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
314 int ret = 0; 314 int ret = 0;
315 315
316 if (len == 0) { 316 if (len == 0) {
317 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); 317 ECerror(EC_R_BUFFER_TOO_SMALL);
318 return 0; 318 return 0;
319 } 319 }
320 form = buf[0]; 320 form = buf[0];
@@ -323,16 +323,16 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
323 if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) 323 if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
324 && (form != POINT_CONVERSION_UNCOMPRESSED) 324 && (form != POINT_CONVERSION_UNCOMPRESSED)
325 && (form != POINT_CONVERSION_HYBRID)) { 325 && (form != POINT_CONVERSION_HYBRID)) {
326 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); 326 ECerror(EC_R_INVALID_ENCODING);
327 return 0; 327 return 0;
328 } 328 }
329 if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) { 329 if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
330 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); 330 ECerror(EC_R_INVALID_ENCODING);
331 return 0; 331 return 0;
332 } 332 }
333 if (form == 0) { 333 if (form == 0) {
334 if (len != 1) { 334 if (len != 1) {
335 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); 335 ECerror(EC_R_INVALID_ENCODING);
336 return 0; 336 return 0;
337 } 337 }
338 return EC_POINT_set_to_infinity(group, point); 338 return EC_POINT_set_to_infinity(group, point);
@@ -341,7 +341,7 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
341 enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; 341 enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
342 342
343 if (len != enc_len) { 343 if (len != enc_len) {
344 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); 344 ECerror(EC_R_INVALID_ENCODING);
345 return 0; 345 return 0;
346 } 346 }
347 if (ctx == NULL) { 347 if (ctx == NULL) {
@@ -358,7 +358,7 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
358 if (!BN_bin2bn(buf + 1, field_len, x)) 358 if (!BN_bin2bn(buf + 1, field_len, x))
359 goto err; 359 goto err;
360 if (BN_ucmp(x, &group->field) >= 0) { 360 if (BN_ucmp(x, &group->field) >= 0) {
361 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); 361 ECerror(EC_R_INVALID_ENCODING);
362 goto err; 362 goto err;
363 } 363 }
364 if (form == POINT_CONVERSION_COMPRESSED) { 364 if (form == POINT_CONVERSION_COMPRESSED) {
@@ -368,12 +368,12 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
368 if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) 368 if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
369 goto err; 369 goto err;
370 if (BN_ucmp(y, &group->field) >= 0) { 370 if (BN_ucmp(y, &group->field) >= 0) {
371 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); 371 ECerror(EC_R_INVALID_ENCODING);
372 goto err; 372 goto err;
373 } 373 }
374 if (form == POINT_CONVERSION_HYBRID) { 374 if (form == POINT_CONVERSION_HYBRID) {
375 if (y_bit != BN_is_odd(y)) { 375 if (y_bit != BN_is_odd(y)) {
376 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); 376 ECerror(EC_R_INVALID_ENCODING);
377 goto err; 377 goto err;
378 } 378 }
379 } 379 }
@@ -383,7 +383,7 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
383 383
384 /* test required by X9.62 */ 384 /* test required by X9.62 */
385 if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { 385 if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
386 ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); 386 ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
387 goto err; 387 goto err;
388 } 388 }
389 ret = 1; 389 ret = 1;
diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c
index f497657463..ddba49c693 100644
--- a/src/lib/libcrypto/ec/ecp_smpl.c
+++ b/src/lib/libcrypto/ec/ecp_smpl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_smpl.c,v 1.16 2017/01/21 11:00:47 beck Exp $ */ 1/* $OpenBSD: ecp_smpl.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
2/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> 2/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
3 * for the OpenSSL project. 3 * for the OpenSSL project.
4 * Includes code written by Bodo Moeller for the OpenSSL project. 4 * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -180,7 +180,7 @@ ec_GFp_simple_group_set_curve(EC_GROUP * group,
180 180
181 /* p must be a prime > 3 */ 181 /* p must be a prime > 3 */
182 if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) { 182 if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) {
183 ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD); 183 ECerror(EC_R_INVALID_FIELD);
184 return 0; 184 return 0;
185 } 185 }
186 if (ctx == NULL) { 186 if (ctx == NULL) {
@@ -289,7 +289,7 @@ ec_GFp_simple_group_check_discriminant(const EC_GROUP * group, BN_CTX * ctx)
289 if (ctx == NULL) { 289 if (ctx == NULL) {
290 ctx = new_ctx = BN_CTX_new(); 290 ctx = new_ctx = BN_CTX_new();
291 if (ctx == NULL) { 291 if (ctx == NULL) {
292 ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE); 292 ECerror(ERR_R_MALLOC_FAILURE);
293 goto err; 293 goto err;
294 } 294 }
295 } 295 }
@@ -516,7 +516,7 @@ ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP * group, EC_POINT * po
516{ 516{
517 if (x == NULL || y == NULL) { 517 if (x == NULL || y == NULL) {
518 /* unlike for projective coordinates, we do not tolerate this */ 518 /* unlike for projective coordinates, we do not tolerate this */
519 ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER); 519 ECerror(ERR_R_PASSED_NULL_PARAMETER);
520 return 0; 520 return 0;
521 } 521 }
522 return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx); 522 return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx);
@@ -533,7 +533,7 @@ ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POIN
533 int ret = 0; 533 int ret = 0;
534 534
535 if (EC_POINT_is_at_infinity(group, point) > 0) { 535 if (EC_POINT_is_at_infinity(group, point) > 0) {
536 ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY); 536 ECerror(EC_R_POINT_AT_INFINITY);
537 return 0; 537 return 0;
538 } 538 }
539 if (ctx == NULL) { 539 if (ctx == NULL) {
@@ -583,7 +583,7 @@ ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POIN
583 } 583 }
584 } else { 584 } else {
585 if (!BN_mod_inverse_ct(Z_1, Z_, &group->field, ctx)) { 585 if (!BN_mod_inverse_ct(Z_1, Z_, &group->field, ctx)) {
586 ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB); 586 ECerror(ERR_R_BN_LIB);
587 goto err; 587 goto err;
588 } 588 }
589 if (group->meth->field_encode == 0) { 589 if (group->meth->field_encode == 0) {
@@ -1210,7 +1210,7 @@ ec_GFp_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx
1210 if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) 1210 if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
1211 goto err; 1211 goto err;
1212 if (!point->Z_is_one) { 1212 if (!point->Z_is_one) {
1213 ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR); 1213 ECerror(ERR_R_INTERNAL_ERROR);
1214 goto err; 1214 goto err;
1215 } 1215 }
1216 ret = 1; 1216 ret = 1;
@@ -1313,7 +1313,7 @@ ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT *
1313 /* invert heap[1] */ 1313 /* invert heap[1] */
1314 if (!BN_is_zero(heap[1])) { 1314 if (!BN_is_zero(heap[1])) {
1315 if (!BN_mod_inverse_ct(heap[1], heap[1], &group->field, ctx)) { 1315 if (!BN_mod_inverse_ct(heap[1], heap[1], &group->field, ctx)) {
1316 ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); 1316 ECerror(ERR_R_BN_LIB);
1317 goto err; 1317 goto err;
1318 } 1318 }
1319 } 1319 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 13:48:08 +0000