summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ec
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/ec')
-rw-r--r--src/lib/libcrypto/ec/Makefile.ssl128
-rw-r--r--src/lib/libcrypto/ec/ec.h814
-rw-r--r--src/lib/libcrypto/ec/ec2_smpl.c112
-rw-r--r--src/lib/libcrypto/ec/ec2_smpt.c74
-rw-r--r--src/lib/libcrypto/ec/ec_err.c21
-rw-r--r--src/lib/libcrypto/ec/ec_lcl.h13
-rw-r--r--src/lib/libcrypto/ec/ec_lib.c4
-rw-r--r--src/lib/libcrypto/ec/ec_mult.c22
-rw-r--r--src/lib/libcrypto/ec/ecp_nist.c26
-rw-r--r--src/lib/libcrypto/ec/ecp_recp.c133
-rw-r--r--src/lib/libcrypto/ec/ectest.c14
11 files changed, 826 insertions, 535 deletions
diff --git a/src/lib/libcrypto/ec/Makefile.ssl b/src/lib/libcrypto/ec/Makefile.ssl
deleted file mode 100644
index a2805c47a2..0000000000
--- a/src/lib/libcrypto/ec/Makefile.ssl
+++ /dev/null
@@ -1,128 +0,0 @@
1#
2# crypto/ec/Makefile
3#
4
5DIR= ec
6TOP= ../..
7CC= cc
8INCLUDES= -I.. -I$(TOP) -I../../include
9CFLAG=-g
10INSTALL_PREFIX=
11OPENSSLDIR= /usr/local/ssl
12INSTALLTOP=/usr/local/ssl
13MAKE= make -f Makefile.ssl
14MAKEDEPPROG= makedepend
15MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
16MAKEFILE= Makefile.ssl
17AR= ar r
18
19CFLAGS= $(INCLUDES) $(CFLAG)
20
21GENERAL=Makefile
22TEST=ectest.c
23APPS=
24
25LIB=$(TOP)/libcrypto.a
26LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_recp.c ecp_nist.c ec_cvt.c ec_mult.c \
27 ec_err.c
28
29LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_recp.o ecp_nist.o ec_cvt.o ec_mult.o \
30 ec_err.o
31
32SRC= $(LIBSRC)
33
34EXHEADER= ec.h
35HEADER= ec_lcl.h $(EXHEADER)
36
37ALL= $(GENERAL) $(SRC) $(HEADER)
38
39top:
40 (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
41
42all: lib
43
44lib: $(LIBOBJ)
45 $(AR) $(LIB) $(LIBOBJ)
46 $(RANLIB) $(LIB) || echo Never mind.
47 @touch lib
48
49files:
50 $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
51
52links:
53 @sh $(TOP)/util/point.sh Makefile.ssl Makefile
54 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
55 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
56 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
57
58install:
59 @for i in $(EXHEADER) ; \
60 do \
61 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
62 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
63 done;
64
65tags:
66 ctags $(SRC)
67
68tests:
69
70lint:
71 lint -DLINT $(INCLUDES) $(SRC)>fluff
72
73depend:
74 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
75
76dclean:
77 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
78 mv -f Makefile.new $(MAKEFILE)
79
80clean:
81 rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
82
83# DO NOT DELETE THIS LINE -- make depend depends on it.
84
85ec_cvt.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
86ec_cvt.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h
87ec_cvt.o: ../../include/openssl/symhacks.h ec_cvt.c ec_lcl.h
88ec_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
89ec_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
90ec_err.o: ../../include/openssl/ec.h ../../include/openssl/err.h
91ec_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
92ec_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
93ec_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
94ec_err.o: ec_err.c
95ec_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
96ec_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
97ec_lib.o: ../../include/openssl/ec.h ../../include/openssl/err.h
98ec_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
99ec_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
100ec_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
101ec_lib.o: ec_lcl.h ec_lib.c
102ec_mult.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
103ec_mult.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
104ec_mult.o: ../../include/openssl/ec.h ../../include/openssl/err.h
105ec_mult.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
106ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
107ec_mult.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
108ec_mult.o: ec_lcl.h ec_mult.c
109ecp_mont.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
110ecp_mont.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
111ecp_mont.o: ../../include/openssl/ec.h ../../include/openssl/err.h
112ecp_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
113ecp_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
114ecp_mont.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
115ecp_mont.o: ec_lcl.h ecp_mont.c
116ecp_nist.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
117ecp_nist.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h
118ecp_nist.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_nist.c
119ecp_recp.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
120ecp_recp.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h
121ecp_recp.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_recp.c
122ecp_smpl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
123ecp_smpl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
124ecp_smpl.o: ../../include/openssl/ec.h ../../include/openssl/err.h
125ecp_smpl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
126ecp_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
127ecp_smpl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
128ecp_smpl.o: ec_lcl.h ecp_smpl.c
diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h
index 8bc2a235b1..ee7078130c 100644
--- a/src/lib/libcrypto/ec/ec.h
+++ b/src/lib/libcrypto/ec/ec.h
@@ -2,8 +2,12 @@
2/* 2/*
3 * Originally written by Bodo Moeller for the OpenSSL project. 3 * Originally written by Bodo Moeller for the OpenSSL project.
4 */ 4 */
5/**
6 * \file crypto/ec/ec.h Include file for the OpenSSL EC functions
7 * \author Originally written by Bodo Moeller for the OpenSSL project
8 */
5/* ==================================================================== 9/* ====================================================================
6 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. 10 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
7 * 11 *
8 * Redistribution and use in source and binary forms, with or without 12 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 13 * modification, are permitted provided that the following conditions
@@ -92,15 +96,21 @@ extern "C" {
92# endif 96# endif
93#endif 97#endif
94 98
95 99
96#ifndef OPENSSL_ECC_MAX_FIELD_BITS 100#ifndef OPENSSL_ECC_MAX_FIELD_BITS
97# define OPENSSL_ECC_MAX_FIELD_BITS 661 101# define OPENSSL_ECC_MAX_FIELD_BITS 661
98#endif 102#endif
99 103
104/** Enum for the point conversion form as defined in X9.62 (ECDSA)
105 * for the encoding of a elliptic curve point (x,y) */
100typedef enum { 106typedef enum {
101 /* values as defined in X9.62 (ECDSA) and elsewhere */ 107 /** the point is encoded as z||x, where the octet z specifies
108 * which solution of the quadratic equation y is */
102 POINT_CONVERSION_COMPRESSED = 2, 109 POINT_CONVERSION_COMPRESSED = 2,
110 /** the point is encoded as z||x||y, where z is the octet 0x02 */
103 POINT_CONVERSION_UNCOMPRESSED = 4, 111 POINT_CONVERSION_UNCOMPRESSED = 4,
112 /** the point is encoded as z||x||y, where the octet z specifies
113 * which solution of the quadratic equation y is */
104 POINT_CONVERSION_HYBRID = 6 114 POINT_CONVERSION_HYBRID = 6
105} point_conversion_form_t; 115} point_conversion_form_t;
106 116
@@ -121,37 +131,129 @@ typedef struct ec_group_st
121typedef struct ec_point_st EC_POINT; 131typedef struct ec_point_st EC_POINT;
122 132
123 133
124/* EC_METHODs for curves over GF(p). 134/********************************************************************/
125 * EC_GFp_simple_method provides the basis for the optimized methods. 135/* EC_METHODs for curves over GF(p) */
136/********************************************************************/
137
138/** Returns the basic GFp ec methods which provides the basis for the
139 * optimized methods.
140 * \return EC_METHOD object
126 */ 141 */
127const EC_METHOD *EC_GFp_simple_method(void); 142const EC_METHOD *EC_GFp_simple_method(void);
143
144/** Returns GFp methods using montgomery multiplication.
145 * \return EC_METHOD object
146 */
128const EC_METHOD *EC_GFp_mont_method(void); 147const EC_METHOD *EC_GFp_mont_method(void);
148
149/** Returns GFp methods using optimized methods for NIST recommended curves
150 * \return EC_METHOD object
151 */
129const EC_METHOD *EC_GFp_nist_method(void); 152const EC_METHOD *EC_GFp_nist_method(void);
130 153
131/* EC_METHOD for curves over GF(2^m). 154
155/********************************************************************/
156/* EC_METHOD for curves over GF(2^m) */
157/********************************************************************/
158
159/** Returns the basic GF2m ec method
160 * \return EC_METHOD object
132 */ 161 */
133const EC_METHOD *EC_GF2m_simple_method(void); 162const EC_METHOD *EC_GF2m_simple_method(void);
134 163
135 164
136EC_GROUP *EC_GROUP_new(const EC_METHOD *); 165/********************************************************************/
137void EC_GROUP_free(EC_GROUP *); 166/* EC_GROUP functions */
138void EC_GROUP_clear_free(EC_GROUP *); 167/********************************************************************/
139int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *);
140EC_GROUP *EC_GROUP_dup(const EC_GROUP *);
141 168
142const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *); 169/** Creates a new EC_GROUP object
143int EC_METHOD_get_field_type(const EC_METHOD *); 170 * \param meth EC_METHOD to use
171 * \return newly created EC_GROUP object or NULL in case of an error.
172 */
173EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
144 174
145int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); 175/** Frees a EC_GROUP object
146const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *); 176 * \param group EC_GROUP object to be freed.
147int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); 177 */
148int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); 178void EC_GROUP_free(EC_GROUP *group);
149 179
150void EC_GROUP_set_curve_name(EC_GROUP *, int nid); 180/** Clears and frees a EC_GROUP object
151int EC_GROUP_get_curve_name(const EC_GROUP *); 181 * \param group EC_GROUP object to be cleared and freed.
182 */
183void EC_GROUP_clear_free(EC_GROUP *group);
152 184
153void EC_GROUP_set_asn1_flag(EC_GROUP *, int flag); 185/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD.
154int EC_GROUP_get_asn1_flag(const EC_GROUP *); 186 * \param dst destination EC_GROUP object
187 * \param src source EC_GROUP object
188 * \return 1 on success and 0 if an error occurred.
189 */
190int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
191
192/** Creates a new EC_GROUP object and copies the copies the content
193 * form src to the newly created EC_KEY object
194 * \param src source EC_GROUP object
195 * \return newly created EC_GROUP object or NULL in case of an error.
196 */
197EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
198
199/** Returns the EC_METHOD of the EC_GROUP object.
200 * \param group EC_GROUP object
201 * \return EC_METHOD used in this EC_GROUP object.
202 */
203const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
204
205/** Returns the field type of the EC_METHOD.
206 * \param meth EC_METHOD object
207 * \return NID of the underlying field type OID.
208 */
209int EC_METHOD_get_field_type(const EC_METHOD *meth);
210
211/** Sets the generator and it's order/cofactor of a EC_GROUP object.
212 * \param group EC_GROUP object
213 * \param generator EC_POINT object with the generator.
214 * \param order the order of the group generated by the generator.
215 * \param cofactor the index of the sub-group generated by the generator
216 * in the group of all points on the elliptic curve.
217 * \return 1 on success and 0 if an error occured
218 */
219int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
220
221/** Returns the generator of a EC_GROUP object.
222 * \param group EC_GROUP object
223 * \return the currently used generator (possibly NULL).
224 */
225const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
226
227/** Gets the order of a EC_GROUP
228 * \param group EC_GROUP object
229 * \param order BIGNUM to which the order is copied
230 * \param ctx BN_CTX object (optional)
231 * \return 1 on success and 0 if an error occured
232 */
233int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
234
235/** Gets the cofactor of a EC_GROUP
236 * \param group EC_GROUP object
237 * \param cofactor BIGNUM to which the cofactor is copied
238 * \param ctx BN_CTX object (optional)
239 * \return 1 on success and 0 if an error occured
240 */
241int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
242
243/** Sets the name of a EC_GROUP object
244 * \param group EC_GROUP object
245 * \param nid NID of the curve name OID
246 */
247void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
248
249/** Returns the curve name of a EC_GROUP object
250 * \param group EC_GROUP object
251 * \return NID of the curve name OID or 0 if not set.
252 */
253int EC_GROUP_get_curve_name(const EC_GROUP *group);
254
255void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
256int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
155 257
156void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t); 258void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
157point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); 259point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
@@ -160,36 +262,114 @@ unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
160size_t EC_GROUP_get_seed_len(const EC_GROUP *); 262size_t EC_GROUP_get_seed_len(const EC_GROUP *);
161size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); 263size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
162 264
163int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); 265/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b
164int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); 266 * \param group EC_GROUP object
165int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); 267 * \param p BIGNUM with the prime number
166int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); 268 * \param a BIGNUM with parameter a of the equation
269 * \param b BIGNUM with parameter b of the equation
270 * \param ctx BN_CTX object (optional)
271 * \return 1 on success and 0 if an error occured
272 */
273int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
274
275/** Gets the parameter of the ec over GFp defined by y^2 = x^3 + a*x + b
276 * \param group EC_GROUP object
277 * \param p BIGNUM for the prime number
278 * \param a BIGNUM for parameter a of the equation
279 * \param b BIGNUM for parameter b of the equation
280 * \param ctx BN_CTX object (optional)
281 * \return 1 on success and 0 if an error occured
282 */
283int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
284
285/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
286 * \param group EC_GROUP object
287 * \param p BIGNUM with the polynomial defining the underlying field
288 * \param a BIGNUM with parameter a of the equation
289 * \param b BIGNUM with parameter b of the equation
290 * \param ctx BN_CTX object (optional)
291 * \return 1 on success and 0 if an error occured
292 */
293int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
294
295/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
296 * \param group EC_GROUP object
297 * \param p BIGNUM for the polynomial defining the underlying field
298 * \param a BIGNUM for parameter a of the equation
299 * \param b BIGNUM for parameter b of the equation
300 * \param ctx BN_CTX object (optional)
301 * \return 1 on success and 0 if an error occured
302 */
303int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
167 304
168/* returns the number of bits needed to represent a field element */ 305/** Returns the number of bits needed to represent a field element
169int EC_GROUP_get_degree(const EC_GROUP *); 306 * \param group EC_GROUP object
307 * \return number of bits needed to represent a field element
308 */
309int EC_GROUP_get_degree(const EC_GROUP *group);
170 310
171/* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */ 311/** Checks whether the parameter in the EC_GROUP define a valid ec group
312 * \param group EC_GROUP object
313 * \param ctx BN_CTX object (optional)
314 * \return 1 if group is a valid ec group and 0 otherwise
315 */
172int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); 316int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
173/* EC_GROUP_check_discriminant() returns 1 if the discriminant of the
174 * elliptic curve is not zero, 0 otherwise */
175int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *);
176 317
177/* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */ 318/** Checks whether the discriminant of the elliptic curve is zero or not
178int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *); 319 * \param group EC_GROUP object
320 * \param ctx BN_CTX object (optional)
321 * \return 1 if the discriminant is not zero and 0 otherwise
322 */
323int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
324
325/** Compares two EC_GROUP objects
326 * \param a first EC_GROUP object
327 * \param b second EC_GROUP object
328 * \param ctx BN_CTX object (optional)
329 * \return 0 if both groups are equal and 1 otherwise
330 */
331int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
179 332
180/* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() 333/* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*()
181 * after choosing an appropriate EC_METHOD */ 334 * after choosing an appropriate EC_METHOD */
182EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
183EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
184 335
185/* EC_GROUP_new_by_curve_name() creates a EC_GROUP structure 336/** Creates a new EC_GROUP object with the specified parameters defined
186 * specified by a curve name (in form of a NID) */ 337 * over GFp (defined by the equation y^2 = x^3 + a*x + b)
338 * \param p BIGNUM with the prime number
339 * \param a BIGNUM with the parameter a of the equation
340 * \param b BIGNUM with the parameter b of the equation
341 * \param ctx BN_CTX object (optional)
342 * \return newly created EC_GROUP object with the specified parameters
343 */
344EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
345
346/** Creates a new EC_GROUP object with the specified parameters defined
347 * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b)
348 * \param p BIGNUM with the polynomial defining the underlying field
349 * \param a BIGNUM with the parameter a of the equation
350 * \param b BIGNUM with the parameter b of the equation
351 * \param ctx BN_CTX object (optional)
352 * \return newly created EC_GROUP object with the specified parameters
353 */
354EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
355
356/** Creates a EC_GROUP object with a curve specified by a NID
357 * \param nid NID of the OID of the curve name
358 * \return newly created EC_GROUP object with specified curve or NULL
359 * if an error occurred
360 */
187EC_GROUP *EC_GROUP_new_by_curve_name(int nid); 361EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
188/* handling of internal curves */ 362
363
364/********************************************************************/
365/* handling of internal curves */
366/********************************************************************/
367
189typedef struct { 368typedef struct {
190 int nid; 369 int nid;
191 const char *comment; 370 const char *comment;
192 } EC_builtin_curve; 371 } EC_builtin_curve;
372
193/* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number 373/* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number
194 * of all available curves or zero if a error occurred. 374 * of all available curves or zero if a error occurred.
195 * In case r ist not zero nitems EC_builtin_curve structures 375 * In case r ist not zero nitems EC_builtin_curve structures
@@ -197,39 +377,168 @@ typedef struct {
197size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); 377size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
198 378
199 379
200/* EC_POINT functions */ 380/********************************************************************/
381/* EC_POINT functions */
382/********************************************************************/
383
384/** Creates a new EC_POINT object for the specified EC_GROUP
385 * \param group EC_GROUP the underlying EC_GROUP object
386 * \return newly created EC_POINT object or NULL if an error occurred
387 */
388EC_POINT *EC_POINT_new(const EC_GROUP *group);
389
390/** Frees a EC_POINT object
391 * \param point EC_POINT object to be freed
392 */
393void EC_POINT_free(EC_POINT *point);
394
395/** Clears and frees a EC_POINT object
396 * \param point EC_POINT object to be cleared and freed
397 */
398void EC_POINT_clear_free(EC_POINT *point);
399
400/** Copies EC_POINT object
401 * \param dst destination EC_POINT object
402 * \param src source EC_POINT object
403 * \return 1 on success and 0 if an error occured
404 */
405int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
201 406
202EC_POINT *EC_POINT_new(const EC_GROUP *); 407/** Creates a new EC_POINT object and copies the content of the supplied
203void EC_POINT_free(EC_POINT *); 408 * EC_POINT
204void EC_POINT_clear_free(EC_POINT *); 409 * \param src source EC_POINT object
205int EC_POINT_copy(EC_POINT *, const EC_POINT *); 410 * \param group underlying the EC_GROUP object
206EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *); 411 * \return newly created EC_POINT object or NULL if an error occurred
412 */
413EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
207 414
208const EC_METHOD *EC_POINT_method_of(const EC_POINT *); 415/** Returns the EC_METHOD used in EC_POINT object
209 416 * \param point EC_POINT object
210int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *); 417 * \return the EC_METHOD used
211int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *, 418 */
212 const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); 419const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
213int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *, 420
214 BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); 421/** Sets a point to infinity (neutral element)
215int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *, 422 * \param group underlying EC_GROUP object
216 const BIGNUM *x, const BIGNUM *y, BN_CTX *); 423 * \param point EC_POINT to set to infinity
217int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *, 424 * \return 1 on success and 0 if an error occured
218 BIGNUM *x, BIGNUM *y, BN_CTX *); 425 */
219int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *, 426int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
220 const BIGNUM *x, int y_bit, BN_CTX *); 427
221 428/** Sets the jacobian projective coordinates of a EC_POINT over GFp
222int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *, 429 * \param group underlying EC_GROUP object
223 const BIGNUM *x, const BIGNUM *y, BN_CTX *); 430 * \param p EC_POINT object
224int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *, 431 * \param x BIGNUM with the x-coordinate
225 BIGNUM *x, BIGNUM *y, BN_CTX *); 432 * \param y BIGNUM with the y-coordinate
226int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *, 433 * \param z BIGNUM with the z-coordinate
227 const BIGNUM *x, int y_bit, BN_CTX *); 434 * \param ctx BN_CTX object (optional)
228 435 * \return 1 on success and 0 if an error occured
229size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, 436 */
230 unsigned char *buf, size_t len, BN_CTX *); 437int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
231int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *, 438 const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx);
232 const unsigned char *buf, size_t len, BN_CTX *); 439
440/** Gets the jacobian projective coordinates of a EC_POINT over GFp
441 * \param group underlying EC_GROUP object
442 * \param p EC_POINT object
443 * \param x BIGNUM for the x-coordinate
444 * \param y BIGNUM for the y-coordinate
445 * \param z BIGNUM for the z-coordinate
446 * \param ctx BN_CTX object (optional)
447 * \return 1 on success and 0 if an error occured
448 */
449int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
450 const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
451
452/** Sets the affine coordinates of a EC_POINT over GFp
453 * \param group underlying EC_GROUP object
454 * \param p EC_POINT object
455 * \param x BIGNUM with the x-coordinate
456 * \param y BIGNUM with the y-coordinate
457 * \param ctx BN_CTX object (optional)
458 * \return 1 on success and 0 if an error occured
459 */
460int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
461 const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
462
463/** Gets the affine coordinates of a EC_POINT over GFp
464 * \param group underlying EC_GROUP object
465 * \param p EC_POINT object
466 * \param x BIGNUM for the x-coordinate
467 * \param y BIGNUM for the y-coordinate
468 * \param ctx BN_CTX object (optional)
469 * \return 1 on success and 0 if an error occured
470 */
471int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
472 const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
473
474/** Sets the x9.62 compressed coordinates of a EC_POINT over GFp
475 * \param group underlying EC_GROUP object
476 * \param p EC_POINT object
477 * \param x BIGNUM with x-coordinate
478 * \param y_bit integer with the y-Bit (either 0 or 1)
479 * \param ctx BN_CTX object (optional)
480 * \return 1 on success and 0 if an error occured
481 */
482int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
483 const BIGNUM *x, int y_bit, BN_CTX *ctx);
484
485/** Sets the affine coordinates of a EC_POINT over GF2m
486 * \param group underlying EC_GROUP object
487 * \param p EC_POINT object
488 * \param x BIGNUM with the x-coordinate
489 * \param y BIGNUM with the y-coordinate
490 * \param ctx BN_CTX object (optional)
491 * \return 1 on success and 0 if an error occured
492 */
493int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
494 const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
495
496/** Gets the affine coordinates of a EC_POINT over GF2m
497 * \param group underlying EC_GROUP object
498 * \param p EC_POINT object
499 * \param x BIGNUM for the x-coordinate
500 * \param y BIGNUM for the y-coordinate
501 * \param ctx BN_CTX object (optional)
502 * \return 1 on success and 0 if an error occured
503 */
504int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
505 const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
506
507/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m
508 * \param group underlying EC_GROUP object
509 * \param p EC_POINT object
510 * \param x BIGNUM with x-coordinate
511 * \param y_bit integer with the y-Bit (either 0 or 1)
512 * \param ctx BN_CTX object (optional)
513 * \return 1 on success and 0 if an error occured
514 */
515int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
516 const BIGNUM *x, int y_bit, BN_CTX *ctx);
517
518/** Encodes a EC_POINT object to a octet string
519 * \param group underlying EC_GROUP object
520 * \param p EC_POINT object
521 * \param form point conversion form
522 * \param buf memory buffer for the result. If NULL the function returns
523 * required buffer size.
524 * \param len length of the memory buffer
525 * \param ctx BN_CTX object (optional)
526 * \return the length of the encoded octet string or 0 if an error occurred
527 */
528size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
529 point_conversion_form_t form,
530 unsigned char *buf, size_t len, BN_CTX *ctx);
531
532/** Decodes a EC_POINT from a octet string
533 * \param group underlying EC_GROUP object
534 * \param p EC_POINT object
535 * \param buf memory buffer with the encoded ec point
536 * \param len length of the encoded ec point
537 * \param ctx BN_CTX object (optional)
538 * \return 1 on success and 0 if an error occured
539 */
540int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
541 const unsigned char *buf, size_t len, BN_CTX *ctx);
233 542
234/* other interfaces to point2oct/oct2point: */ 543/* other interfaces to point2oct/oct2point: */
235BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, 544BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
@@ -241,29 +550,105 @@ char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
241EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, 550EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
242 EC_POINT *, BN_CTX *); 551 EC_POINT *, BN_CTX *);
243 552
244int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
245int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
246int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
247 553
248int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *); 554/********************************************************************/
249int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); 555/* functions for doing EC_POINT arithmetic */
250int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); 556/********************************************************************/
557
558/** Computes the sum of two EC_POINT
559 * \param group underlying EC_GROUP object
560 * \param r EC_POINT object for the result (r = a + b)
561 * \param a EC_POINT object with the first summand
562 * \param b EC_POINT object with the second summand
563 * \param ctx BN_CTX object (optional)
564 * \return 1 on success and 0 if an error occured
565 */
566int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
567
568/** Computes the double of a EC_POINT
569 * \param group underlying EC_GROUP object
570 * \param r EC_POINT object for the result (r = 2 * a)
571 * \param a EC_POINT object
572 * \param ctx BN_CTX object (optional)
573 * \return 1 on success and 0 if an error occured
574 */
575int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
576
577/** Computes the inverse of a EC_POINT
578 * \param group underlying EC_GROUP object
579 * \param a EC_POINT object to be inverted (it's used for the result as well)
580 * \param ctx BN_CTX object (optional)
581 * \return 1 on success and 0 if an error occured
582 */
583int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
584
585/** Checks whether the point is the neutral element of the group
586 * \param group the underlying EC_GROUP object
587 * \param p EC_POINT object
588 * \return 1 if the point is the neutral element and 0 otherwise
589 */
590int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
591
592/** Checks whether the point is on the curve
593 * \param group underlying EC_GROUP object
594 * \param point EC_POINT object to check
595 * \param ctx BN_CTX object (optional)
596 * \return 1 if point if on the curve and 0 otherwise
597 */
598int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx);
599
600/** Compares two EC_POINTs
601 * \param group underlying EC_GROUP object
602 * \param a first EC_POINT object
603 * \param b second EC_POINT object
604 * \param ctx BN_CTX object (optional)
605 * \return 0 if both points are equal and a value != 0 otherwise
606 */
607int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
251 608
252int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); 609int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
253int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); 610int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
254 611
612/** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
613 * \param group underlying EC_GROUP object
614 * \param r EC_POINT object for the result
615 * \param n BIGNUM with the multiplier for the group generator (optional)
616 * \param num number futher summands
617 * \param p array of size num of EC_POINT objects
618 * \param m array of size num of BIGNUM objects
619 * \param ctx BN_CTX object (optional)
620 * \return 1 on success and 0 if an error occured
621 */
622int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
623
624/** Computes r = generator * n + q * m
625 * \param group underlying EC_GROUP object
626 * \param r EC_POINT object for the result
627 * \param n BIGNUM with the multiplier for the group generator (optional)
628 * \param q EC_POINT object with the first factor of the second summand
629 * \param m BIGNUM with the second factor of the second summand
630 * \param ctx BN_CTX object (optional)
631 * \return 1 on success and 0 if an error occured
632 */
633int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
255 634
256int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *); 635/** Stores multiples of generator for faster point multiplication
257int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *); 636 * \param group EC_GROUP object
258 637 * \param ctx BN_CTX object (optional)
259/* EC_GROUP_precompute_mult() stores multiples of generator for faster point multiplication */ 638 * \return 1 on success and 0 if an error occured
260int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *); 639 */
261/* EC_GROUP_have_precompute_mult() reports whether such precomputation has been done */ 640int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
262int EC_GROUP_have_precompute_mult(const EC_GROUP *);
263 641
642/** Reports whether a precomputation has been done
643 * \param group EC_GROUP object
644 * \return 1 if a pre-computation has been done and 0 otherwise
645 */
646int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
264 647
265 648
266/* ASN1 stuff */ 649/********************************************************************/
650/* ASN1 stuff */
651/********************************************************************/
267 652
268/* EC_GROUP_get_basis_type() returns the NID of the basis type 653/* EC_GROUP_get_basis_type() returns the NID of the basis type
269 * used to represent the field elements */ 654 * used to represent the field elements */
@@ -293,28 +678,96 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
293int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); 678int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
294#endif 679#endif
295 680
296/* the EC_KEY stuff */ 681
682/********************************************************************/
683/* EC_KEY functions */
684/********************************************************************/
685
297typedef struct ec_key_st EC_KEY; 686typedef struct ec_key_st EC_KEY;
298 687
299/* some values for the encoding_flag */ 688/* some values for the encoding_flag */
300#define EC_PKEY_NO_PARAMETERS 0x001 689#define EC_PKEY_NO_PARAMETERS 0x001
301#define EC_PKEY_NO_PUBKEY 0x002 690#define EC_PKEY_NO_PUBKEY 0x002
302 691
692/** Creates a new EC_KEY object.
693 * \return EC_KEY object or NULL if an error occurred.
694 */
303EC_KEY *EC_KEY_new(void); 695EC_KEY *EC_KEY_new(void);
696
697/** Creates a new EC_KEY object using a named curve as underlying
698 * EC_GROUP object.
699 * \param nid NID of the named curve.
700 * \return EC_KEY object or NULL if an error occurred.
701 */
304EC_KEY *EC_KEY_new_by_curve_name(int nid); 702EC_KEY *EC_KEY_new_by_curve_name(int nid);
305void EC_KEY_free(EC_KEY *); 703
306EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *); 704/** Frees a EC_KEY object.
307EC_KEY *EC_KEY_dup(const EC_KEY *); 705 * \param key EC_KEY object to be freed.
308 706 */
309int EC_KEY_up_ref(EC_KEY *); 707void EC_KEY_free(EC_KEY *key);
310 708
311const EC_GROUP *EC_KEY_get0_group(const EC_KEY *); 709/** Copies a EC_KEY object.
312int EC_KEY_set_group(EC_KEY *, const EC_GROUP *); 710 * \param dst destination EC_KEY object
313const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *); 711 * \param src src EC_KEY object
314int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *); 712 * \return dst or NULL if an error occurred.
315const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *); 713 */
316int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *); 714EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
317unsigned EC_KEY_get_enc_flags(const EC_KEY *); 715
716/** Creates a new EC_KEY object and copies the content from src to it.
717 * \param src the source EC_KEY object
718 * \return newly created EC_KEY object or NULL if an error occurred.
719 */
720EC_KEY *EC_KEY_dup(const EC_KEY *src);
721
722/** Increases the internal reference count of a EC_KEY object.
723 * \param key EC_KEY object
724 * \return 1 on success and 0 if an error occurred.
725 */
726int EC_KEY_up_ref(EC_KEY *key);
727
728/** Returns the EC_GROUP object of a EC_KEY object
729 * \param key EC_KEY object
730 * \return the EC_GROUP object (possibly NULL).
731 */
732const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
733
734/** Sets the EC_GROUP of a EC_KEY object.
735 * \param key EC_KEY object
736 * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY
737 * object will use an own copy of the EC_GROUP).
738 * \return 1 on success and 0 if an error occurred.
739 */
740int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
741
742/** Returns the private key of a EC_KEY object.
743 * \param key EC_KEY object
744 * \return a BIGNUM with the private key (possibly NULL).
745 */
746const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
747
748/** Sets the private key of a EC_KEY object.
749 * \param key EC_KEY object
750 * \param prv BIGNUM with the private key (note: the EC_KEY object
751 * will use an own copy of the BIGNUM).
752 * \return 1 on success and 0 if an error occurred.
753 */
754int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
755
756/** Returns the public key of a EC_KEY object.
757 * \param key the EC_KEY object
758 * \return a EC_POINT object with the public key (possibly NULL)
759 */
760const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
761
762/** Sets the public key of a EC_KEY object.
763 * \param key EC_KEY object
764 * \param pub EC_POINT object with the public key (note: the EC_KEY object
765 * will use an own copy of the EC_POINT object).
766 * \return 1 on success and 0 if an error occurred.
767 */
768int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
769
770unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
318void EC_KEY_set_enc_flags(EC_KEY *, unsigned int); 771void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
319point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *); 772point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
320void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t); 773void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
@@ -325,31 +778,126 @@ void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
325 void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); 778 void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
326/* wrapper functions for the underlying EC_GROUP object */ 779/* wrapper functions for the underlying EC_GROUP object */
327void EC_KEY_set_asn1_flag(EC_KEY *, int); 780void EC_KEY_set_asn1_flag(EC_KEY *, int);
328int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx); 781
329 782/** Creates a table of pre-computed multiples of the generator to
330/* EC_KEY_generate_key() creates a ec private (public) key */ 783 * accelerate further EC_KEY operations.
331int EC_KEY_generate_key(EC_KEY *); 784 * \param key EC_KEY object
332/* EC_KEY_check_key() */ 785 * \param ctx BN_CTX object (optional)
333int EC_KEY_check_key(const EC_KEY *); 786 * \return 1 on success and 0 if an error occurred.
334 787 */
335/* de- and encoding functions for SEC1 ECPrivateKey */ 788int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
336EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len); 789
337int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out); 790/** Creates a new ec private (and optional a new public) key.
338/* de- and encoding functions for EC parameters */ 791 * \param key EC_KEY object
339EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len); 792 * \return 1 on success and 0 if an error occurred.
340int i2d_ECParameters(EC_KEY *a, unsigned char **out); 793 */
341/* de- and encoding functions for EC public key 794int EC_KEY_generate_key(EC_KEY *key);
342 * (octet string, not DER -- hence 'o2i' and 'i2o') */ 795
343EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len); 796/** Verifies that a private and/or public key is valid.
344int i2o_ECPublicKey(EC_KEY *a, unsigned char **out); 797 * \param key the EC_KEY object
798 * \return 1 on success and 0 otherwise.
799 */
800int EC_KEY_check_key(const EC_KEY *key);
801
802
803/********************************************************************/
804/* de- and encoding functions for SEC1 ECPrivateKey */
805/********************************************************************/
806
807/** Decodes a private key from a memory buffer.
808 * \param key a pointer to a EC_KEY object which should be used (or NULL)
809 * \param in pointer to memory with the DER encoded private key
810 * \param len length of the DER encoded private key
811 * \return the decoded private key or NULL if an error occurred.
812 */
813EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
814
815/** Encodes a private key object and stores the result in a buffer.
816 * \param key the EC_KEY object to encode
817 * \param out the buffer for the result (if NULL the function returns number
818 * of bytes needed).
819 * \return 1 on success and 0 if an error occurred.
820 */
821int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out);
822
823
824/********************************************************************/
825/* de- and encoding functions for EC parameters */
826/********************************************************************/
827
828/** Decodes ec parameter from a memory buffer.
829 * \param key a pointer to a EC_KEY object which should be used (or NULL)
830 * \param in pointer to memory with the DER encoded ec parameters
831 * \param len length of the DER encoded ec parameters
832 * \return a EC_KEY object with the decoded parameters or NULL if an error
833 * occurred.
834 */
835EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
836
837/** Encodes ec parameter and stores the result in a buffer.
838 * \param key the EC_KEY object with ec paramters to encode
839 * \param out the buffer for the result (if NULL the function returns number
840 * of bytes needed).
841 * \return 1 on success and 0 if an error occurred.
842 */
843int i2d_ECParameters(EC_KEY *key, unsigned char **out);
844
845
846/********************************************************************/
847/* de- and encoding functions for EC public key */
848/* (octet string, not DER -- hence 'o2i' and 'i2o') */
849/********************************************************************/
850
851/** Decodes a ec public key from a octet string.
852 * \param key a pointer to a EC_KEY object which should be used
853 * \param in memory buffer with the encoded public key
854 * \param len length of the encoded public key
855 * \return EC_KEY object with decoded public key or NULL if an error
856 * occurred.
857 */
858EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
859
860/** Encodes a ec public key in an octet string.
861 * \param key the EC_KEY object with the public key
862 * \param out the buffer for the result (if NULL the function returns number
863 * of bytes needed).
864 * \return 1 on success and 0 if an error occurred
865 */
866int i2o_ECPublicKey(EC_KEY *key, unsigned char **out);
345 867
346#ifndef OPENSSL_NO_BIO 868#ifndef OPENSSL_NO_BIO
347int ECParameters_print(BIO *bp, const EC_KEY *x); 869/** Prints out the ec parameters on human readable form.
348int EC_KEY_print(BIO *bp, const EC_KEY *x, int off); 870 * \param bp BIO object to which the information is printed
871 * \param key EC_KEY object
872 * \return 1 on success and 0 if an error occurred
873 */
874int ECParameters_print(BIO *bp, const EC_KEY *key);
875
876/** Prints out the contents of a EC_KEY object
877 * \param bp BIO object to which the information is printed
878 * \param key EC_KEY object
879 * \param off line offset
880 * \return 1 on success and 0 if an error occurred
881 */
882int EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
883
349#endif 884#endif
350#ifndef OPENSSL_NO_FP_API 885#ifndef OPENSSL_NO_FP_API
351int ECParameters_print_fp(FILE *fp, const EC_KEY *x); 886/** Prints out the ec parameters on human readable form.
352int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off); 887 * \param fp file descriptor to which the information is printed
888 * \param key EC_KEY object
889 * \return 1 on success and 0 if an error occurred
890 */
891int ECParameters_print_fp(FILE *fp, const EC_KEY *key);
892
893/** Prints out the contents of a EC_KEY object
894 * \param fp file descriptor to which the information is printed
895 * \param key EC_KEY object
896 * \param off line offset
897 * \return 1 on success and 0 if an error occurred
898 */
899int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
900
353#endif 901#endif
354 902
355#define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) 903#define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
@@ -362,6 +910,13 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off);
362# endif 910# endif
363#endif 911#endif
364 912
913#define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \
914 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \
915 EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)
916
917
918#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1)
919
365/* BEGIN ERROR CODES */ 920/* BEGIN ERROR CODES */
366/* The following lines are auto generated by the script mkerr.pl. Any changes 921/* The following lines are auto generated by the script mkerr.pl. Any changes
367 * made after this point may be overwritten when the script is next run. 922 * made after this point may be overwritten when the script is next run.
@@ -375,6 +930,14 @@ void ERR_load_EC_strings(void);
375#define EC_F_D2I_ECPARAMETERS 144 930#define EC_F_D2I_ECPARAMETERS 144
376#define EC_F_D2I_ECPKPARAMETERS 145 931#define EC_F_D2I_ECPKPARAMETERS 145
377#define EC_F_D2I_ECPRIVATEKEY 146 932#define EC_F_D2I_ECPRIVATEKEY 146
933#define EC_F_DO_EC_KEY_PRINT 221
934#define EC_F_ECKEY_PARAM2TYPE 223
935#define EC_F_ECKEY_PARAM_DECODE 212
936#define EC_F_ECKEY_PRIV_DECODE 213
937#define EC_F_ECKEY_PRIV_ENCODE 214
938#define EC_F_ECKEY_PUB_DECODE 215
939#define EC_F_ECKEY_PUB_ENCODE 216
940#define EC_F_ECKEY_TYPE2PARAM 220
378#define EC_F_ECPARAMETERS_PRINT 147 941#define EC_F_ECPARAMETERS_PRINT 147
379#define EC_F_ECPARAMETERS_PRINT_FP 148 942#define EC_F_ECPARAMETERS_PRINT_FP 148
380#define EC_F_ECPKPARAMETERS_PRINT 149 943#define EC_F_ECPKPARAMETERS_PRINT 149
@@ -448,7 +1011,6 @@ void ERR_load_EC_strings(void);
448#define EC_F_EC_KEY_PRINT 180 1011#define EC_F_EC_KEY_PRINT 180
449#define EC_F_EC_KEY_PRINT_FP 181 1012#define EC_F_EC_KEY_PRINT_FP 181
450#define EC_F_EC_POINTS_MAKE_AFFINE 136 1013#define EC_F_EC_POINTS_MAKE_AFFINE 136
451#define EC_F_EC_POINTS_MUL 138
452#define EC_F_EC_POINT_ADD 112 1014#define EC_F_EC_POINT_ADD 112
453#define EC_F_EC_POINT_CMP 113 1015#define EC_F_EC_POINT_CMP 113
454#define EC_F_EC_POINT_COPY 114 1016#define EC_F_EC_POINT_COPY 114
@@ -479,21 +1041,31 @@ void ERR_load_EC_strings(void);
479#define EC_F_I2D_ECPRIVATEKEY 192 1041#define EC_F_I2D_ECPRIVATEKEY 192
480#define EC_F_I2O_ECPUBLICKEY 151 1042#define EC_F_I2O_ECPUBLICKEY 151
481#define EC_F_O2I_ECPUBLICKEY 152 1043#define EC_F_O2I_ECPUBLICKEY 152
1044#define EC_F_OLD_EC_PRIV_DECODE 222
1045#define EC_F_PKEY_EC_CTRL 197
1046#define EC_F_PKEY_EC_CTRL_STR 198
1047#define EC_F_PKEY_EC_DERIVE 217
1048#define EC_F_PKEY_EC_KEYGEN 199
1049#define EC_F_PKEY_EC_PARAMGEN 219
1050#define EC_F_PKEY_EC_SIGN 218
482 1051
483/* Reason codes. */ 1052/* Reason codes. */
484#define EC_R_ASN1_ERROR 115 1053#define EC_R_ASN1_ERROR 115
485#define EC_R_ASN1_UNKNOWN_FIELD 116 1054#define EC_R_ASN1_UNKNOWN_FIELD 116
486#define EC_R_BUFFER_TOO_SMALL 100 1055#define EC_R_BUFFER_TOO_SMALL 100
487#define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 1056#define EC_R_D2I_ECPKPARAMETERS_FAILURE 117
1057#define EC_R_DECODE_ERROR 142
488#define EC_R_DISCRIMINANT_IS_ZERO 118 1058#define EC_R_DISCRIMINANT_IS_ZERO 118
489#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 1059#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119
490#define EC_R_FIELD_TOO_LARGE 138 1060#define EC_R_FIELD_TOO_LARGE 143
491#define EC_R_GROUP2PKPARAMETERS_FAILURE 120 1061#define EC_R_GROUP2PKPARAMETERS_FAILURE 120
492#define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 1062#define EC_R_I2D_ECPKPARAMETERS_FAILURE 121
493#define EC_R_INCOMPATIBLE_OBJECTS 101 1063#define EC_R_INCOMPATIBLE_OBJECTS 101
494#define EC_R_INVALID_ARGUMENT 112 1064#define EC_R_INVALID_ARGUMENT 112
495#define EC_R_INVALID_COMPRESSED_POINT 110 1065#define EC_R_INVALID_COMPRESSED_POINT 110
496#define EC_R_INVALID_COMPRESSION_BIT 109 1066#define EC_R_INVALID_COMPRESSION_BIT 109
1067#define EC_R_INVALID_CURVE 141
1068#define EC_R_INVALID_DIGEST_TYPE 138
497#define EC_R_INVALID_ENCODING 102 1069#define EC_R_INVALID_ENCODING 102
498#define EC_R_INVALID_FIELD 103 1070#define EC_R_INVALID_FIELD 103
499#define EC_R_INVALID_FORM 104 1071#define EC_R_INVALID_FORM 104
@@ -501,6 +1073,7 @@ void ERR_load_EC_strings(void);
501#define EC_R_INVALID_PENTANOMIAL_BASIS 132 1073#define EC_R_INVALID_PENTANOMIAL_BASIS 132
502#define EC_R_INVALID_PRIVATE_KEY 123 1074#define EC_R_INVALID_PRIVATE_KEY 123
503#define EC_R_INVALID_TRINOMIAL_BASIS 137 1075#define EC_R_INVALID_TRINOMIAL_BASIS 137
1076#define EC_R_KEYS_NOT_SET 140
504#define EC_R_MISSING_PARAMETERS 124 1077#define EC_R_MISSING_PARAMETERS 124
505#define EC_R_MISSING_PRIVATE_KEY 125 1078#define EC_R_MISSING_PRIVATE_KEY 125
506#define EC_R_NOT_A_NIST_PRIME 135 1079#define EC_R_NOT_A_NIST_PRIME 135
@@ -508,6 +1081,7 @@ void ERR_load_EC_strings(void);
508#define EC_R_NOT_IMPLEMENTED 126 1081#define EC_R_NOT_IMPLEMENTED 126
509#define EC_R_NOT_INITIALIZED 111 1082#define EC_R_NOT_INITIALIZED 111
510#define EC_R_NO_FIELD_MOD 133 1083#define EC_R_NO_FIELD_MOD 133
1084#define EC_R_NO_PARAMETERS_SET 139
511#define EC_R_PASSED_NULL_PARAMETER 134 1085#define EC_R_PASSED_NULL_PARAMETER 134
512#define EC_R_PKPARAMETERS2GROUP_FAILURE 127 1086#define EC_R_PKPARAMETERS2GROUP_FAILURE 127
513#define EC_R_POINT_AT_INFINITY 106 1087#define EC_R_POINT_AT_INFINITY 106
diff --git a/src/lib/libcrypto/ec/ec2_smpl.c b/src/lib/libcrypto/ec/ec2_smpl.c
index 522d036ca1..cf357b462a 100644
--- a/src/lib/libcrypto/ec/ec2_smpl.c
+++ b/src/lib/libcrypto/ec/ec2_smpl.c
@@ -14,7 +14,7 @@
14 * 14 *
15 */ 15 */
16/* ==================================================================== 16/* ====================================================================
17 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. 17 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
18 * 18 *
19 * Redistribution and use in source and binary forms, with or without 19 * Redistribution and use in source and binary forms, with or without
20 * modification, are permitted provided that the following conditions 20 * modification, are permitted provided that the following conditions
@@ -157,6 +157,7 @@ void ec_GF2m_simple_group_clear_finish(EC_GROUP *group)
157 group->poly[2] = 0; 157 group->poly[2] = 0;
158 group->poly[3] = 0; 158 group->poly[3] = 0;
159 group->poly[4] = 0; 159 group->poly[4] = 0;
160 group->poly[5] = -1;
160 } 161 }
161 162
162 163
@@ -174,10 +175,9 @@ int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
174 dest->poly[2] = src->poly[2]; 175 dest->poly[2] = src->poly[2];
175 dest->poly[3] = src->poly[3]; 176 dest->poly[3] = src->poly[3];
176 dest->poly[4] = src->poly[4]; 177 dest->poly[4] = src->poly[4];
177 if(bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) 178 dest->poly[5] = src->poly[5];
178 return 0; 179 if (bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) return 0;
179 if(bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) 180 if (bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) return 0;
180 return 0;
181 for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0; 181 for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0;
182 for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0; 182 for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0;
183 return 1; 183 return 1;
@@ -192,7 +192,7 @@ int ec_GF2m_simple_group_set_curve(EC_GROUP *group,
192 192
193 /* group->field */ 193 /* group->field */
194 if (!BN_copy(&group->field, p)) goto err; 194 if (!BN_copy(&group->field, p)) goto err;
195 i = BN_GF2m_poly2arr(&group->field, group->poly, 5); 195 i = BN_GF2m_poly2arr(&group->field, group->poly, 6) - 1;
196 if ((i != 5) && (i != 3)) 196 if ((i != 5) && (i != 3))
197 { 197 {
198 ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); 198 ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
@@ -406,18 +406,94 @@ int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_
406 } 406 }
407 407
408 408
409/* Include patented algorithms. */ 409/* Calculates and sets the affine coordinates of an EC_POINT from the given
410#include "ec2_smpt.c" 410 * compressed coordinates. Uses algorithm 2.3.4 of SEC 1.
411 * Note that the simple implementation only uses affine coordinates.
412 *
413 * The method is from the following publication:
414 *
415 * Harper, Menezes, Vanstone:
416 * "Public-Key Cryptosystems with Very Small Key Lengths",
417 * EUROCRYPT '92, Springer-Verlag LNCS 658,
418 * published February 1993
419 *
420 * US Patents 6,141,420 and 6,618,483 (Vanstone, Mullin, Agnew) describe
421 * the same method, but claim no priority date earlier than July 29, 1994
422 * (and additionally fail to cite the EUROCRYPT '92 publication as prior art).
423 */
424int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
425 const BIGNUM *x_, int y_bit, BN_CTX *ctx)
426 {
427 BN_CTX *new_ctx = NULL;
428 BIGNUM *tmp, *x, *y, *z;
429 int ret = 0, z0;
430
431 /* clear error queue */
432 ERR_clear_error();
433
434 if (ctx == NULL)
435 {
436 ctx = new_ctx = BN_CTX_new();
437 if (ctx == NULL)
438 return 0;
439 }
440
441 y_bit = (y_bit != 0) ? 1 : 0;
442
443 BN_CTX_start(ctx);
444 tmp = BN_CTX_get(ctx);
445 x = BN_CTX_get(ctx);
446 y = BN_CTX_get(ctx);
447 z = BN_CTX_get(ctx);
448 if (z == NULL) goto err;
449
450 if (!BN_GF2m_mod_arr(x, x_, group->poly)) goto err;
451 if (BN_is_zero(x))
452 {
453 if (!BN_GF2m_mod_sqrt_arr(y, &group->b, group->poly, ctx)) goto err;
454 }
455 else
456 {
457 if (!group->meth->field_sqr(group, tmp, x, ctx)) goto err;
458 if (!group->meth->field_div(group, tmp, &group->b, tmp, ctx)) goto err;
459 if (!BN_GF2m_add(tmp, &group->a, tmp)) goto err;
460 if (!BN_GF2m_add(tmp, x, tmp)) goto err;
461 if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx))
462 {
463 unsigned long err = ERR_peek_last_error();
464
465 if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NO_SOLUTION)
466 {
467 ERR_clear_error();
468 ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
469 }
470 else
471 ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);
472 goto err;
473 }
474 z0 = (BN_is_odd(z)) ? 1 : 0;
475 if (!group->meth->field_mul(group, y, x, z, ctx)) goto err;
476 if (z0 != y_bit)
477 {
478 if (!BN_GF2m_add(y, y, x)) goto err;
479 }
480 }
481
482 if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
483
484 ret = 1;
485
486 err:
487 BN_CTX_end(ctx);
488 if (new_ctx != NULL)
489 BN_CTX_free(new_ctx);
490 return ret;
491 }
411 492
412 493
413/* Converts an EC_POINT to an octet string. 494/* Converts an EC_POINT to an octet string.
414 * If buf is NULL, the encoded length will be returned. 495 * If buf is NULL, the encoded length will be returned.
415 * If the length len of buf is smaller than required an error will be returned. 496 * If the length len of buf is smaller than required an error will be returned.
416 *
417 * The point compression section of this function is patented by Certicom Corp.
418 * under US Patent 6,141,420. Point compression is disabled by default and can
419 * be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at
420 * Configure-time.
421 */ 497 */
422size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form, 498size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
423 unsigned char *buf, size_t len, BN_CTX *ctx) 499 unsigned char *buf, size_t len, BN_CTX *ctx)
@@ -428,14 +504,6 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, po
428 BIGNUM *x, *y, *yxi; 504 BIGNUM *x, *y, *yxi;
429 size_t field_len, i, skip; 505 size_t field_len, i, skip;
430 506
431#ifndef OPENSSL_EC_BIN_PT_COMP
432 if ((form == POINT_CONVERSION_COMPRESSED) || (form == POINT_CONVERSION_HYBRID))
433 {
434 ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_DISABLED);
435 goto err;
436 }
437#endif
438
439 if ((form != POINT_CONVERSION_COMPRESSED) 507 if ((form != POINT_CONVERSION_COMPRESSED)
440 && (form != POINT_CONVERSION_UNCOMPRESSED) 508 && (form != POINT_CONVERSION_UNCOMPRESSED)
441 && (form != POINT_CONVERSION_HYBRID)) 509 && (form != POINT_CONVERSION_HYBRID))
@@ -490,13 +558,11 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, po
490 if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err; 558 if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
491 559
492 buf[0] = form; 560 buf[0] = form;
493#ifdef OPENSSL_EC_BIN_PT_COMP
494 if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x)) 561 if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x))
495 { 562 {
496 if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err; 563 if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err;
497 if (BN_is_odd(yxi)) buf[0]++; 564 if (BN_is_odd(yxi)) buf[0]++;
498 } 565 }
499#endif
500 566
501 i = 1; 567 i = 1;
502 568
diff --git a/src/lib/libcrypto/ec/ec2_smpt.c b/src/lib/libcrypto/ec/ec2_smpt.c
deleted file mode 100644
index 59d52bf663..0000000000
--- a/src/lib/libcrypto/ec/ec2_smpt.c
+++ /dev/null
@@ -1,74 +0,0 @@
1/* crypto/ec/ec2_smpt.c */
2/* This code was originally written by Douglas Stebila
3 * <dstebila@student.math.uwaterloo.ca> for the OpenSSL project.
4 */
5/* ====================================================================
6 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * openssl-core@openssl.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60/* Calaculates and sets the affine coordinates of an EC_POINT from the given
61 * compressed coordinates. Uses algorithm 2.3.4 of SEC 1.
62 * Note that the simple implementation only uses affine coordinates.
63 *
64 * This algorithm is patented by Certicom Corp. under US Patent 6,141,420
65 * (for licensing information, contact licensing@certicom.com).
66 * This function is disabled by default and can be enabled by defining the
67 * preprocessor macro OPENSSL_EC_BIN_PT_COMP at Configure-time.
68 */
69int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
70 const BIGNUM *x_, int y_bit, BN_CTX *ctx)
71 {
72 ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_DISABLED);
73 return 0;
74 }
diff --git a/src/lib/libcrypto/ec/ec_err.c b/src/lib/libcrypto/ec/ec_err.c
index d04c895560..84b4833371 100644
--- a/src/lib/libcrypto/ec/ec_err.c
+++ b/src/lib/libcrypto/ec/ec_err.c
@@ -74,6 +74,14 @@ static ERR_STRING_DATA EC_str_functs[]=
74{ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"}, 74{ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"},
75{ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"}, 75{ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"},
76{ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"}, 76{ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"},
77{ERR_FUNC(EC_F_DO_EC_KEY_PRINT), "DO_EC_KEY_PRINT"},
78{ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "ECKEY_PARAM2TYPE"},
79{ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "ECKEY_PARAM_DECODE"},
80{ERR_FUNC(EC_F_ECKEY_PRIV_DECODE), "ECKEY_PRIV_DECODE"},
81{ERR_FUNC(EC_F_ECKEY_PRIV_ENCODE), "ECKEY_PRIV_ENCODE"},
82{ERR_FUNC(EC_F_ECKEY_PUB_DECODE), "ECKEY_PUB_DECODE"},
83{ERR_FUNC(EC_F_ECKEY_PUB_ENCODE), "ECKEY_PUB_ENCODE"},
84{ERR_FUNC(EC_F_ECKEY_TYPE2PARAM), "ECKEY_TYPE2PARAM"},
77{ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"}, 85{ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"},
78{ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"}, 86{ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"},
79{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"}, 87{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"},
@@ -147,7 +155,6 @@ static ERR_STRING_DATA EC_str_functs[]=
147{ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"}, 155{ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"},
148{ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"}, 156{ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"},
149{ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"}, 157{ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"},
150{ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"},
151{ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"}, 158{ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"},
152{ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"}, 159{ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"},
153{ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"}, 160{ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"},
@@ -178,6 +185,13 @@ static ERR_STRING_DATA EC_str_functs[]=
178{ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"}, 185{ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"},
179{ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"}, 186{ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"},
180{ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"}, 187{ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"},
188{ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE), "OLD_EC_PRIV_DECODE"},
189{ERR_FUNC(EC_F_PKEY_EC_CTRL), "PKEY_EC_CTRL"},
190{ERR_FUNC(EC_F_PKEY_EC_CTRL_STR), "PKEY_EC_CTRL_STR"},
191{ERR_FUNC(EC_F_PKEY_EC_DERIVE), "PKEY_EC_DERIVE"},
192{ERR_FUNC(EC_F_PKEY_EC_KEYGEN), "PKEY_EC_KEYGEN"},
193{ERR_FUNC(EC_F_PKEY_EC_PARAMGEN), "PKEY_EC_PARAMGEN"},
194{ERR_FUNC(EC_F_PKEY_EC_SIGN), "PKEY_EC_SIGN"},
181{0,NULL} 195{0,NULL}
182 }; 196 };
183 197
@@ -187,6 +201,7 @@ static ERR_STRING_DATA EC_str_reasons[]=
187{ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD) ,"asn1 unknown field"}, 201{ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD) ,"asn1 unknown field"},
188{ERR_REASON(EC_R_BUFFER_TOO_SMALL) ,"buffer too small"}, 202{ERR_REASON(EC_R_BUFFER_TOO_SMALL) ,"buffer too small"},
189{ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"}, 203{ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"},
204{ERR_REASON(EC_R_DECODE_ERROR) ,"decode error"},
190{ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO) ,"discriminant is zero"}, 205{ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO) ,"discriminant is zero"},
191{ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"}, 206{ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"},
192{ERR_REASON(EC_R_FIELD_TOO_LARGE) ,"field too large"}, 207{ERR_REASON(EC_R_FIELD_TOO_LARGE) ,"field too large"},
@@ -196,6 +211,8 @@ static ERR_STRING_DATA EC_str_reasons[]=
196{ERR_REASON(EC_R_INVALID_ARGUMENT) ,"invalid argument"}, 211{ERR_REASON(EC_R_INVALID_ARGUMENT) ,"invalid argument"},
197{ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"}, 212{ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"},
198{ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"}, 213{ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"},
214{ERR_REASON(EC_R_INVALID_CURVE) ,"invalid curve"},
215{ERR_REASON(EC_R_INVALID_DIGEST_TYPE) ,"invalid digest type"},
199{ERR_REASON(EC_R_INVALID_ENCODING) ,"invalid encoding"}, 216{ERR_REASON(EC_R_INVALID_ENCODING) ,"invalid encoding"},
200{ERR_REASON(EC_R_INVALID_FIELD) ,"invalid field"}, 217{ERR_REASON(EC_R_INVALID_FIELD) ,"invalid field"},
201{ERR_REASON(EC_R_INVALID_FORM) ,"invalid form"}, 218{ERR_REASON(EC_R_INVALID_FORM) ,"invalid form"},
@@ -203,6 +220,7 @@ static ERR_STRING_DATA EC_str_reasons[]=
203{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS),"invalid pentanomial basis"}, 220{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS),"invalid pentanomial basis"},
204{ERR_REASON(EC_R_INVALID_PRIVATE_KEY) ,"invalid private key"}, 221{ERR_REASON(EC_R_INVALID_PRIVATE_KEY) ,"invalid private key"},
205{ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS),"invalid trinomial basis"}, 222{ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS),"invalid trinomial basis"},
223{ERR_REASON(EC_R_KEYS_NOT_SET) ,"keys not set"},
206{ERR_REASON(EC_R_MISSING_PARAMETERS) ,"missing parameters"}, 224{ERR_REASON(EC_R_MISSING_PARAMETERS) ,"missing parameters"},
207{ERR_REASON(EC_R_MISSING_PRIVATE_KEY) ,"missing private key"}, 225{ERR_REASON(EC_R_MISSING_PRIVATE_KEY) ,"missing private key"},
208{ERR_REASON(EC_R_NOT_A_NIST_PRIME) ,"not a NIST prime"}, 226{ERR_REASON(EC_R_NOT_A_NIST_PRIME) ,"not a NIST prime"},
@@ -210,6 +228,7 @@ static ERR_STRING_DATA EC_str_reasons[]=
210{ERR_REASON(EC_R_NOT_IMPLEMENTED) ,"not implemented"}, 228{ERR_REASON(EC_R_NOT_IMPLEMENTED) ,"not implemented"},
211{ERR_REASON(EC_R_NOT_INITIALIZED) ,"not initialized"}, 229{ERR_REASON(EC_R_NOT_INITIALIZED) ,"not initialized"},
212{ERR_REASON(EC_R_NO_FIELD_MOD) ,"no field mod"}, 230{ERR_REASON(EC_R_NO_FIELD_MOD) ,"no field mod"},
231{ERR_REASON(EC_R_NO_PARAMETERS_SET) ,"no parameters set"},
213{ERR_REASON(EC_R_PASSED_NULL_PARAMETER) ,"passed null parameter"}, 232{ERR_REASON(EC_R_PASSED_NULL_PARAMETER) ,"passed null parameter"},
214{ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),"pkparameters2group failure"}, 233{ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),"pkparameters2group failure"},
215{ERR_REASON(EC_R_POINT_AT_INFINITY) ,"point at infinity"}, 234{ERR_REASON(EC_R_POINT_AT_INFINITY) ,"point at infinity"},
diff --git a/src/lib/libcrypto/ec/ec_lcl.h b/src/lib/libcrypto/ec/ec_lcl.h
index fdd7aa2755..3e2c34b0bc 100644
--- a/src/lib/libcrypto/ec/ec_lcl.h
+++ b/src/lib/libcrypto/ec/ec_lcl.h
@@ -205,11 +205,14 @@ struct ec_group_st {
205 * irreducible polynomial defining the field. 205 * irreducible polynomial defining the field.
206 */ 206 */
207 207
208 unsigned int poly[5]; /* Field specification for curves over GF(2^m). 208 int poly[6]; /* Field specification for curves over GF(2^m).
209 * The irreducible f(t) is then of the form: 209 * The irreducible f(t) is then of the form:
210 * t^poly[0] + t^poly[1] + ... + t^poly[k] 210 * t^poly[0] + t^poly[1] + ... + t^poly[k]
211 * where m = poly[0] > poly[1] > ... > poly[k] = 0. 211 * where m = poly[0] > poly[1] > ... > poly[k] = 0.
212 */ 212 * The array is terminated with poly[k+1]=-1.
213 * All elliptic curve irreducibles have at most 5
214 * non-zero terms.
215 */
213 216
214 BIGNUM a, b; /* Curve coefficients. 217 BIGNUM a, b; /* Curve coefficients.
215 * (Here the assumption is that BIGNUMs can be used 218 * (Here the assumption is that BIGNUMs can be used
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index 5af84376c6..dd7da0fcf9 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -79,7 +79,7 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
79 79
80 if (meth == NULL) 80 if (meth == NULL)
81 { 81 {
82 ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER); 82 ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL);
83 return NULL; 83 return NULL;
84 } 84 }
85 if (meth->group_init == 0) 85 if (meth->group_init == 0)
@@ -740,7 +740,7 @@ void EC_POINT_clear_free(EC_POINT *point)
740 740
741 if (point->meth->point_clear_finish != 0) 741 if (point->meth->point_clear_finish != 0)
742 point->meth->point_clear_finish(point); 742 point->meth->point_clear_finish(point);
743 else if (point->meth != NULL && point->meth->point_finish != 0) 743 else if (point->meth->point_finish != 0)
744 point->meth->point_finish(point); 744 point->meth->point_finish(point);
745 OPENSSL_cleanse(point, sizeof *point); 745 OPENSSL_cleanse(point, sizeof *point);
746 OPENSSL_free(point); 746 OPENSSL_free(point);
diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c
index 2ba173ef36..f05df5332e 100644
--- a/src/lib/libcrypto/ec/ec_mult.c
+++ b/src/lib/libcrypto/ec/ec_mult.c
@@ -224,6 +224,12 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
224 sign = -1; 224 sign = -1;
225 } 225 }
226 226
227 if (scalar->d == NULL || scalar->top == 0)
228 {
229 ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
230 goto err;
231 }
232
227 len = BN_num_bits(scalar); 233 len = BN_num_bits(scalar);
228 r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation 234 r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation
229 * (*ret_len will be set to the actual length, i.e. at most 235 * (*ret_len will be set to the actual length, i.e. at most
@@ -233,12 +239,6 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
233 ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); 239 ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
234 goto err; 240 goto err;
235 } 241 }
236
237 if (scalar->d == NULL || scalar->top == 0)
238 {
239 ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
240 goto err;
241 }
242 window_val = scalar->d[0] & mask; 242 window_val = scalar->d[0] & mask;
243 j = 0; 243 j = 0;
244 while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */ 244 while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */
@@ -419,7 +419,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
419 if (numblocks > pre_comp->numblocks) 419 if (numblocks > pre_comp->numblocks)
420 numblocks = pre_comp->numblocks; 420 numblocks = pre_comp->numblocks;
421 421
422 pre_points_per_block = 1u << (pre_comp->w - 1); 422 pre_points_per_block = (size_t)1 << (pre_comp->w - 1);
423 423
424 /* check that pre_comp looks sane */ 424 /* check that pre_comp looks sane */
425 if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) 425 if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block))
@@ -461,7 +461,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
461 461
462 bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); 462 bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
463 wsize[i] = EC_window_bits_for_scalar_size(bits); 463 wsize[i] = EC_window_bits_for_scalar_size(bits);
464 num_val += 1u << (wsize[i] - 1); 464 num_val += (size_t)1 << (wsize[i] - 1);
465 wNAF[i + 1] = NULL; /* make sure we always have a pivot */ 465 wNAF[i + 1] = NULL; /* make sure we always have a pivot */
466 wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); 466 wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]);
467 if (wNAF[i] == NULL) 467 if (wNAF[i] == NULL)
@@ -600,7 +600,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
600 for (i = 0; i < num + num_scalar; i++) 600 for (i = 0; i < num + num_scalar; i++)
601 { 601 {
602 val_sub[i] = v; 602 val_sub[i] = v;
603 for (j = 0; j < (1u << (wsize[i] - 1)); j++) 603 for (j = 0; j < ((size_t)1 << (wsize[i] - 1)); j++)
604 { 604 {
605 *v = EC_POINT_new(group); 605 *v = EC_POINT_new(group);
606 if (*v == NULL) goto err; 606 if (*v == NULL) goto err;
@@ -636,7 +636,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
636 if (wsize[i] > 1) 636 if (wsize[i] > 1)
637 { 637 {
638 if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err; 638 if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err;
639 for (j = 1; j < (1u << (wsize[i] - 1)); j++) 639 for (j = 1; j < ((size_t)1 << (wsize[i] - 1)); j++)
640 { 640 {
641 if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err; 641 if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err;
642 } 642 }
@@ -820,7 +820,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
820 820
821 numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */ 821 numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */
822 822
823 pre_points_per_block = 1u << (w - 1); 823 pre_points_per_block = (size_t)1 << (w - 1);
824 num = pre_points_per_block * numblocks; /* number of points to compute and store */ 824 num = pre_points_per_block * numblocks; /* number of points to compute and store */
825 825
826 points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1)); 826 points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1));
diff --git a/src/lib/libcrypto/ec/ecp_nist.c b/src/lib/libcrypto/ec/ecp_nist.c
index 71893d5eab..2a5682ea41 100644
--- a/src/lib/libcrypto/ec/ecp_nist.c
+++ b/src/lib/libcrypto/ec/ecp_nist.c
@@ -112,10 +112,6 @@ const EC_METHOD *EC_GFp_nist_method(void)
112 return &ret; 112 return &ret;
113 } 113 }
114 114
115#if BN_BITS2 == 64
116#define NO_32_BIT_TYPE
117#endif
118
119int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) 115int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
120 { 116 {
121 dest->field_mod_func = src->field_mod_func; 117 dest->field_mod_func = src->field_mod_func;
@@ -139,34 +135,12 @@ int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
139 if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0) 135 if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0)
140 group->field_mod_func = BN_nist_mod_192; 136 group->field_mod_func = BN_nist_mod_192;
141 else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0) 137 else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0)
142 {
143#ifndef NO_32_BIT_TYPE
144 group->field_mod_func = BN_nist_mod_224; 138 group->field_mod_func = BN_nist_mod_224;
145#else
146 ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
147 goto err;
148#endif
149 }
150 else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0) 139 else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0)
151 {
152#ifndef NO_32_BIT_TYPE
153 group->field_mod_func = BN_nist_mod_256; 140 group->field_mod_func = BN_nist_mod_256;
154#else
155 ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
156 goto err;
157#endif
158 }
159 else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0) 141 else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0)
160 {
161#ifndef NO_32_BIT_TYPE
162 group->field_mod_func = BN_nist_mod_384; 142 group->field_mod_func = BN_nist_mod_384;
163#else
164 ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
165 goto err;
166#endif
167 }
168 else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0) 143 else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
169 /* this one works in the NO_32_BIT_TYPE case */
170 group->field_mod_func = BN_nist_mod_521; 144 group->field_mod_func = BN_nist_mod_521;
171 else 145 else
172 { 146 {
diff --git a/src/lib/libcrypto/ec/ecp_recp.c b/src/lib/libcrypto/ec/ecp_recp.c
deleted file mode 100644
index fec843b5c8..0000000000
--- a/src/lib/libcrypto/ec/ecp_recp.c
+++ /dev/null
@@ -1,133 +0,0 @@
1/* crypto/ec/ecp_recp.c */
2/* ====================================================================
3 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "ec_lcl.h"
57
58#if 0
59const EC_METHOD *EC_GFp_recp_method(void)
60 {
61 static const EC_METHOD ret = {
62 ec_GFp_recp_group_init,
63 ec_GFp_recp_group_finish,
64 ec_GFp_recp_group_clear_finish,
65 ec_GFp_recp_group_copy,
66 ec_GFp_recp_group_set_curve_GFp,
67 ec_GFp_simple_group_get_curve_GFp,
68 ec_GFp_simple_group_set_generator,
69 ec_GFp_simple_group_get0_generator,
70 ec_GFp_simple_group_get_order,
71 ec_GFp_simple_group_get_cofactor,
72 ec_GFp_simple_point_init,
73 ec_GFp_simple_point_finish,
74 ec_GFp_simple_point_clear_finish,
75 ec_GFp_simple_point_copy,
76 ec_GFp_simple_point_set_to_infinity,
77 ec_GFp_simple_set_Jprojective_coordinates_GFp,
78 ec_GFp_simple_get_Jprojective_coordinates_GFp,
79 ec_GFp_simple_point_set_affine_coordinates_GFp,
80 ec_GFp_simple_point_get_affine_coordinates_GFp,
81 ec_GFp_simple_set_compressed_coordinates_GFp,
82 ec_GFp_simple_point2oct,
83 ec_GFp_simple_oct2point,
84 ec_GFp_simple_add,
85 ec_GFp_simple_dbl,
86 ec_GFp_simple_invert,
87 ec_GFp_simple_is_at_infinity,
88 ec_GFp_simple_is_on_curve,
89 ec_GFp_simple_cmp,
90 ec_GFp_simple_make_affine,
91 ec_GFp_simple_points_make_affine,
92 ec_GFp_recp_field_mul,
93 ec_GFp_recp_field_sqr,
94 0 /* field_encode */,
95 0 /* field_decode */,
96 0 /* field_set_to_one */ };
97
98 return &ret;
99 }
100#endif
101
102int ec_GFp_recp_group_init(EC_GROUP *group)
103 {
104 int ok;
105
106 ok = ec_GFp_simple_group_init(group);
107 group->field_data1 = NULL;
108 return ok;
109 }
110
111
112int ec_GFp_recp_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
113/* TODO */
114
115
116void ec_GFp_recp_group_finish(EC_GROUP *group);
117/* TODO */
118
119
120void ec_GFp_recp_group_clear_finish(EC_GROUP *group);
121/* TODO */
122
123
124int ec_GFp_recp_group_copy(EC_GROUP *dest, const EC_GROUP *src);
125/* TODO */
126
127
128int ec_GFp_recp_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
129/* TODO */
130
131
132int ec_GFp_recp_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
133/* TODO */
diff --git a/src/lib/libcrypto/ec/ectest.c b/src/lib/libcrypto/ec/ectest.c
index 6148d553f9..7509cb9c7c 100644
--- a/src/lib/libcrypto/ec/ectest.c
+++ b/src/lib/libcrypto/ec/ectest.c
@@ -432,9 +432,7 @@ void prime_field_tests()
432 if (!EC_POINT_is_at_infinity(group, Q)) ABORT; 432 if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
433 fprintf(stdout, "."); 433 fprintf(stdout, ".");
434 fflush(stdout); 434 fflush(stdout);
435#if 0
436 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; 435 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
437#endif
438 if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; 436 if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
439 if (!EC_POINT_is_at_infinity(group, Q)) ABORT; 437 if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
440 fprintf(stdout, " ok\n"); 438 fprintf(stdout, " ok\n");
@@ -478,9 +476,7 @@ void prime_field_tests()
478 if (!EC_POINT_is_at_infinity(group, Q)) ABORT; 476 if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
479 fprintf(stdout, "."); 477 fprintf(stdout, ".");
480 fflush(stdout); 478 fflush(stdout);
481#if 0
482 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; 479 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
483#endif
484 if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; 480 if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
485 if (!EC_POINT_is_at_infinity(group, Q)) ABORT; 481 if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
486 fprintf(stdout, " ok\n"); 482 fprintf(stdout, " ok\n");
@@ -525,9 +521,7 @@ void prime_field_tests()
525 if (!EC_POINT_is_at_infinity(group, Q)) ABORT; 521 if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
526 fprintf(stdout, "."); 522 fprintf(stdout, ".");
527 fflush(stdout); 523 fflush(stdout);
528#if 0
529 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; 524 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
530#endif
531 if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; 525 if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
532 if (!EC_POINT_is_at_infinity(group, Q)) ABORT; 526 if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
533 fprintf(stdout, " ok\n"); 527 fprintf(stdout, " ok\n");
@@ -577,9 +571,7 @@ void prime_field_tests()
577 if (!EC_POINT_is_at_infinity(group, Q)) ABORT; 571 if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
578 fprintf(stdout, "."); 572 fprintf(stdout, ".");
579 fflush(stdout); 573 fflush(stdout);
580#if 0
581 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; 574 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
582#endif
583 if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; 575 if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
584 if (!EC_POINT_is_at_infinity(group, Q)) ABORT; 576 if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
585 fprintf(stdout, " ok\n"); 577 fprintf(stdout, " ok\n");
@@ -635,9 +627,7 @@ void prime_field_tests()
635 if (!EC_POINT_is_at_infinity(group, Q)) ABORT; 627 if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
636 fprintf(stdout, "."); 628 fprintf(stdout, ".");
637 fflush(stdout); 629 fflush(stdout);
638#if 0
639 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; 630 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
640#endif
641 if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; 631 if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
642 if (!EC_POINT_is_at_infinity(group, Q)) ABORT; 632 if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
643 fprintf(stdout, " ok\n"); 633 fprintf(stdout, " ok\n");
@@ -809,7 +799,7 @@ void prime_field_tests()
809 if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \ 799 if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \
810 fprintf(stdout, "."); \ 800 fprintf(stdout, "."); \
811 fflush(stdout); \ 801 fflush(stdout); \
812 /* if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; */ \ 802 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; \
813 if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \ 803 if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \
814 if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \ 804 if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \
815 fprintf(stdout, " ok\n"); \ 805 fprintf(stdout, " ok\n"); \
@@ -1336,7 +1326,7 @@ int main(int argc, char *argv[])
1336#endif 1326#endif
1337 CRYPTO_cleanup_all_ex_data(); 1327 CRYPTO_cleanup_all_ex_data();
1338 ERR_free_strings(); 1328 ERR_free_strings();
1339 ERR_remove_state(0); 1329 ERR_remove_thread_state(NULL);
1340 CRYPTO_mem_leaks_fp(stderr); 1330 CRYPTO_mem_leaks_fp(stderr);
1341 1331
1342 return 0; 1332 return 0;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 15:02:47 +0000