1 files changed, 434 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/EC_POINT_point2oct.3 b/src/lib/libcrypto/man/EC_POINT_point2oct.3
new file mode 100644
index 0000000000..ac89c9b1d4
--- /dev/null
+++ b/src/lib/libcrypto/man/EC_POINT_point2oct.3
@@ -0,0 +1,434 @@
+.\" $OpenBSD: EC_POINT_point2oct.3,v 1.6 2025/06/13 18:34:00 schwarze Exp $
+.\"
+.\" Copyright (c) 2025 Theo Buehler <tb@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: June 13 2025 $
+.Dt EC_POINT_POINT2OCT 3
+.Os
+.Sh NAME
+.Nm EC_POINT_point2oct ,
+.Nm EC_POINT_oct2point ,
+.Nm EC_POINT_point2bn ,
+.Nm EC_POINT_bn2point ,
+.Nm EC_POINT_point2hex ,
+.Nm EC_POINT_hex2point
+.Nd encode and decode elliptic curve points
+.Sh SYNOPSIS
+.Lb libcrypto
+.In openssl/bn.h
+.In openssl/ec.h
+.Bd -literal
+typedef enum {
+        POINT_CONVERSION_COMPRESSED = 2,
+        POINT_CONVERSION_UNCOMPRESSED = 4,
+        POINT_CONVERSION_HYBRID = 6
+} point_conversion_form_t;
+.Ed
+.Ft size_t
+.Fo EC_POINT_point2oct
+.Fa "const EC_GROUP *group"
+.Fa "const EC_POINT *point"
+.Fa "point_conversion_form_t form"
+.Fa "unsigned char *buf"
+.Fa "size_t len"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo EC_POINT_oct2point
+.Fa "const EC_GROUP *group"
+.Fa "EC_POINT *point"
+.Fa "const unsigned char *buf"
+.Fa "size_t len"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft BIGNUM *
+.Fo EC_POINT_point2bn
+.Fa "const EC_GROUP *group"
+.Fa "const EC_POINT *point"
+.Fa "point_conversion_form_t form"
+.Fa "BIGNUM *bn"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft EC_POINT *
+.Fo EC_POINT_bn2point
+.Fa "const EC_GROUP *group"
+.Fa "const BIGNUM *bn"
+.Fa "EC_POINT *point"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft char *
+.Fo EC_POINT_point2hex
+.Fa "const EC_GROUP *group"
+.Fa "const EC_POINT *point"
+.Fa "point_conversion_form_t form"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft EC_POINT *
+.Fo EC_POINT_hex2point
+.Fa "const EC_GROUP *group"
+.Fa "const char *hex"
+.Fa "EC_POINT *point"
+.Fa "BN_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+The
+.Fa ctx
+argument of all functions in this manual is optional.
+.Pp
+An
+.Vt EC_POINT
+object represents a point on the elliptic curve given by an
+.Vt EC_GROUP
+object.
+It is either the point at infinity or it has a representation
+(x, y) in standard affine coordinates,
+in which case it satisfies the curve's Weierstrass equation
+.Pp
+.Dl y^2 = x^3 + ax + b
+.Pp
+in the prime field of size p.
+Thus, y is a square root of x^3 + ax + b.
+Since p > 3 is odd, p - y is another square root
+with different parity, unless y is zero.
+Point compression uses that x and the parity of y are enough
+to compute y using
+.Xr BN_mod_sqrt 3 .
+.Pp
+Field elements are represented as non-negative integers < p
+in big-endian 2-complement form, zero-padded on the left to the byte
+length l of p.
+If X and Y are the representations of x and y, respectively, and P is
+the parity bit of y, the three encodings of the point (x, y) are
+the byte strings:
+.Bl -column "EncodingX" "CompressedX" "UncompressedX" "Hybrid" -offset indent -compact
+.It Ta Em Compressed Ta Em Uncompressed Ta Em Hybrid
+.It Encoding Ta 2+P || X Ta 4 || X || Y Ta 6+P || X || Y
+.It Length Ta 1 + l Ta 1 + 2l Ta 1 + 2l
+.El
+where the first octet is the point conversion form
+combined with the parity bit in the compressed and hybrid encodings.
+The point at infinity is encoded as a single zero byte.
+.Pp
+.Fn EC_POINT_point2oct
+converts
+.Fa point
+into the octet string encoding of type
+.Fa form .
+It assumes without checking that
+.Fa point
+is a point on the elliptic curve represented by
+.Fa group
+and operates in two modes depending on the
+.Fa buf
+argument.
+If
+.Fa buf
+is
+.Dv NULL ,
+.Fn EC_POINT_point2oct
+returns the length of
+.Fa point Ns 's
+encoding of type
+.Fa form
+and ignores the
+.Fa len
+and
+.Fa ctx
+arguments.
+If
+.Fa buf
+is not
+.Dv NULL
+and its length
+.Fa len
+is sufficiently big,
+.Fn EC_POINT_point2oct
+writes the
+.Fa point Ns 's
+encoding of type
+.Fa form
+to
+.Fa buf
+and returns the number of bytes written.
+Unless
+.Fa point
+is the point at infinity, the coordinates to be encoded are calculated using
+.Xr EC_POINT_get_affine_coordinates 3 .
+.Pp
+.Fn EC_POINT_oct2point
+decodes the octet string representation of a point on
+.Fa group
+in
+.Fa buf
+of size
+.Fa len
+and, if it represents a point on
+.Fa group ,
+sets it on the caller-provided
+.Fa point
+using
+.Xr EC_POINT_set_to_infinity 3
+.Xr EC_POINT_set_compressed_coordinates 3 ,
+or
+.Xr EC_POINT_set_affine_coordinates 3 .
+For hybrid encoding the consistency of
+the parity bit in the leading octet is verified.
+.Pp
+.Fn EC_POINT_point2bn
+returns a
+.Vt BIGNUM
+containing the encoding of type
+.Fa form
+of the
+.Fa point
+on
+.Fa group .
+If
+.Fa bn
+is
+.Dv NULL ,
+this
+.Vt BIGNUM
+is newly allocated, otherwise the result is copied into
+.Fa bn
+and returned.
+.Fn EC_POINT_point2bn
+is equivalent to
+.Fn EC_POINT_point2oct
+followed by
+.Xr BN_bin2bn 3 .
+.Pp
+.Fn EC_POINT_bn2point
+assumes that
+.Fa bn
+contains the encoding of a point on
+.Fa group .
+If
+.Fa point
+is
+.Dv NULL ,
+the result is placed in a newly allocated
+.Vt EC_POINT ,
+otherwise the result is placed in
+.Fa point
+which is then returned.
+.Fn EC_POINT_bn2point
+is equivalent to
+.Xr BN_bn2bin 3
+followed by
+.Fn EC_POINT_oct2point .
+.Pp
+.Fn EC_POINT_point2hex
+returns a printable string containing the hexadecimal encoding of
+the point encoding of type
+.Fa form
+of the
+.Fa point
+on
+.Fa group .
+The string must be freed by the caller using
+.Xr free 3 .
+.Fn EC_POINT_point2hex
+is equivalent to
+.Fn EC_POINT_point2bn
+followed by
+.Xr BN_bn2hex 3 .
+.Pp
+.Fn EC_POINT_hex2point
+interprets
+.Fa hex
+as a hexadecimal encoding of the point encoding of a point on
+.Fa group .
+If
+.Fa point
+is
+.Dv NULL ,
+the result is returned in a newly allocated
+.Vt EC_POINT ,
+otherwise the result is copied into
+.Fa point ,
+which is then returned.
+.Fn EC_POINT_hex2point
+is equivalent to
+.Xr BN_hex2bn 3
+followed by
+.Fn EC_POINT_bn2point .
+.Sh RETURN VALUES
+If
+.Fa buf
+is
+.Dv NULL ,
+.Fn EC_POINT_point2oct
+returns the length needed to encode the
+.Fa point
+on
+.Fa group ,
+or 0 on error.
+If
+.Fa buf
+is not
+.Dv NULL ,
+.Fn EC_POINT_point2oct
+returns the number of bytes written to
+.Fa buf
+or 0 on error.
+Error conditions include that
+.Fa form
+is invalid,
+.Fa len
+is too small, and memory allocation failure.
+.Pp
+.Fn EC_POINT_oct2point
+returns 1 on success and 0 on error.
+Error conditions include invalid encoding,
+.Fa buf
+does not represent a point on
+.Fa group ,
+or memory allocation failure.
+.Pp
+.Fn EC_POINT_point2bn
+returns a
+.Vt BIGNUM
+containing the encoding of
+.Fa point
+or
+.Dv NULL
+on error.
+The returned
+.Vt BIGNUM
+is either
+.Fa bn
+or a newly allocated one which must be freed by the caller.
+Error conditions include those of
+.Fn EC_POINT_point2oct ,
+.Xr BN_bn2bin 3 ,
+or memory allocation failure.
+.Pp
+.Fn EC_POINT_bn2point
+returns an
+.Vt EC_POINT
+corresponding to the encoding in
+.Fa bn
+or
+.Dv NULL
+on error.
+The returned
+.Vt EC_POINT
+is either
+.Fa point
+or a newly allocated one which must be freed by the caller.
+Error conditions include those of
+.Xr BN_bn2bin 3 ,
+.Fn EC_POINT_oct2point ,
+or memory allocation failure.
+.Pp
+.Fn EC_POINT_point2hex
+returns a newly allocated string or
+.Dv NULL
+on error.
+Error conditions include those of
+.Fn EC_POINT_point2bn
+or
+.Xr BN_bn2hex 3 .
+.Pp
+.Fn EC_POINT_hex2point
+returns an
+.Vt EC_POINT
+containing the decoded point on
+.Fa group
+or
+.Dv NULL
+on error.
+The returned
+.Vt EC_POINT
+is either
+.Fa point
+or a newly allocated one which must be freed by the caller.
+Error conditions are those of
+.Xr BN_hex2bn 3 ,
+or
+.Fn EC_POINT_bn2point .
+.Sh SEE ALSO
+.Xr BN_mod_sqrt 3 ,
+.Xr BN_new 3 ,
+.Xr BN_num_bits 3 ,
+.Xr crypto 3 ,
+.Xr d2i_ECPKParameters 3 ,
+.Xr EC_GROUP_check 3 ,
+.Xr EC_GROUP_get_curve_name 3 ,
+.Xr EC_GROUP_new_by_curve_name 3 ,
+.Xr EC_GROUP_new_curve_GFp 3 ,
+.Xr EC_KEY_METHOD_new 3 ,
+.Xr EC_KEY_new 3 ,
+.Xr EC_POINT_add 3 ,
+.Xr EC_POINT_get_affine_coordinates 3 ,
+.Xr EC_POINT_new 3 ,
+.Xr ECDH_compute_key 3 ,
+.Xr ECDSA_SIG_new 3
+.Sh STANDARDS
+.Rs
+.%T SEC 1: Elliptic Curve Cryptography, Version 2.0
+.%U https://www.secg.org/sec1-v2.pdf
+.%D May 21, 2009
+.Re
+.Sh HISTORY
+.Fn EC_POINT_point2oct
+and
+.Fn EC_POINT_oct2point
+first appeared in OpenSSL 0.9.7 and have been available since
+.Ox 3.2 .
+.Pp
+.Fn EC_POINT_point2bn ,
+.Fn EC_POINT_bn2point ,
+.Fn EC_POINT_point2hex ,
+and
+.Fn EC_POINT_hex2point
+first appeared in OpenSSL 0.9.8 and have been available since
+.Ox 4.5 .
+.Sh BUGS
+The
+.Vt point_conversion_form_t
+is not properly exposed in the API.
+There is no representation for the point at infinity nor is there
+an API interface for the parity bit,
+forcing applications to invent their own and do bit twiddling in buffers.
+.Pp
+The poorly chosen signatures of the functions in this manual result
+in an unergonomic API, particularly so for
+.Fn EC_POINT_point2oct
+and
+.Fn EC_POINT_oct2point .
+Due to fundamental misdesign in the EC library,
+points are not directly linked to the curve they live on.
+Adding checks that
+.Fa point
+lives on
+.Fa group
+is too expensive and intrusive, so it is and will continue to be easy
+to make the EC_POINT_point2* API output nonsense.
+.Pp
+.Fn EC_POINT_point2bn
+and
+.Fn EC_POINT_bn2point
+make no sense.
+They abuse
+.Vt BIGNUM
+as a vector type, which is in poor taste.
+.Pp
+.Fn EC_POINT_point2hex
+and
+.Fn EC_POINT_hex2point
+use a non-standard encoding format.

diff --git a/src/lib/libcrypto/man/EC_POINT_point2oct.3 b/src/lib/libcrypto/man/EC_POINT_point2oct.3 new file mode 100644 index 0000000000..ac89c9b1d4 --- /dev/null +++ b/src/lib/libcrypto/man/EC_POINT_point2oct.3
@@ -0,0 +1,434 @@
	1	.\" $OpenBSD: EC_POINT_point2oct.3,v 1.6 2025/06/13 18:34:00 schwarze Exp $
	2	.\"
	3	.\" Copyright (c) 2025 Theo Buehler <tb@openbsd.org>
	4	.\"
	5	.\" Permission to use, copy, modify, and distribute this software for any
	6	.\" purpose with or without fee is hereby granted, provided that the above
	7	.\" copyright notice and this permission notice appear in all copies.
	8	.\"
	9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	.\"
	17	.Dd $Mdocdate: June 13 2025 $
	18	.Dt EC_POINT_POINT2OCT 3
	19	.Os
	20	.Sh NAME
	21	.Nm EC_POINT_point2oct ,
	22	.Nm EC_POINT_oct2point ,
	23	.Nm EC_POINT_point2bn ,
	24	.Nm EC_POINT_bn2point ,
	25	.Nm EC_POINT_point2hex ,
	26	.Nm EC_POINT_hex2point
	27	.Nd encode and decode elliptic curve points
	28	.Sh SYNOPSIS
	29	.Lb libcrypto
	30	.In openssl/bn.h
	31	.In openssl/ec.h
	32	.Bd -literal
	33	typedef enum {
	34	POINT_CONVERSION_COMPRESSED = 2,
	35	POINT_CONVERSION_UNCOMPRESSED = 4,
	36	POINT_CONVERSION_HYBRID = 6
	37	} point_conversion_form_t;
	38
	39	.Ed
	40	.Ft size_t
	41	.Fo EC_POINT_point2oct
	42	.Fa "const EC_GROUP *group"
	43	.Fa "const EC_POINT *point"
	44	.Fa "point_conversion_form_t form"
	45	.Fa "unsigned char *buf"
	46	.Fa "size_t len"
	47	.Fa "BN_CTX *ctx"
	48	.Fc
	49	.Ft int
	50	.Fo EC_POINT_oct2point
	51	.Fa "const EC_GROUP *group"
	52	.Fa "EC_POINT *point"
	53	.Fa "const unsigned char *buf"
	54	.Fa "size_t len"
	55	.Fa "BN_CTX *ctx"
	56	.Fc
	57	.Ft BIGNUM *
	58	.Fo EC_POINT_point2bn
	59	.Fa "const EC_GROUP *group"
	60	.Fa "const EC_POINT *point"
	61	.Fa "point_conversion_form_t form"
	62	.Fa "BIGNUM *bn"
	63	.Fa "BN_CTX *ctx"
	64	.Fc
	65	.Ft EC_POINT *
	66	.Fo EC_POINT_bn2point
	67	.Fa "const EC_GROUP *group"
	68	.Fa "const BIGNUM *bn"
	69	.Fa "EC_POINT *point"
	70	.Fa "BN_CTX *ctx"
	71	.Fc
	72	.Ft char *
	73	.Fo EC_POINT_point2hex
	74	.Fa "const EC_GROUP *group"
	75	.Fa "const EC_POINT *point"
	76	.Fa "point_conversion_form_t form"
	77	.Fa "BN_CTX *ctx"
	78	.Fc
	79	.Ft EC_POINT *
	80	.Fo EC_POINT_hex2point
	81	.Fa "const EC_GROUP *group"
	82	.Fa "const char *hex"
	83	.Fa "EC_POINT *point"
	84	.Fa "BN_CTX *ctx"
	85	.Fc
	86	.Sh DESCRIPTION
	87	The
	88	.Fa ctx
	89	argument of all functions in this manual is optional.
	90	.Pp
	91	An
	92	.Vt EC_POINT
	93	object represents a point on the elliptic curve given by an
	94	.Vt EC_GROUP
	95	object.
	96	It is either the point at infinity or it has a representation
	97	(x, y) in standard affine coordinates,
	98	in which case it satisfies the curve's Weierstrass equation
	99	.Pp
	100	.Dl y^2 = x^3 + ax + b
	101	.Pp
	102	in the prime field of size p.
	103	Thus, y is a square root of x^3 + ax + b.
	104	Since p > 3 is odd, p - y is another square root
	105	with different parity, unless y is zero.
	106	Point compression uses that x and the parity of y are enough
	107	to compute y using
	108	.Xr BN_mod_sqrt 3 .
	109	.Pp
	110	Field elements are represented as non-negative integers < p
	111	in big-endian 2-complement form, zero-padded on the left to the byte
	112	length l of p.
	113	If X and Y are the representations of x and y, respectively, and P is
	114	the parity bit of y, the three encodings of the point (x, y) are
	115	the byte strings:
	116	.Bl -column "EncodingX" "CompressedX" "UncompressedX" "Hybrid" -offset indent -compact
	117	.It Ta Em Compressed Ta Em Uncompressed Ta Em Hybrid
	118	.It Encoding Ta 2+P \|\| X Ta 4 \|\| X \|\| Y Ta 6+P \|\| X \|\| Y
	119	.It Length Ta 1 + l Ta 1 + 2l Ta 1 + 2l
	120	.El
	121	where the first octet is the point conversion form
	122	combined with the parity bit in the compressed and hybrid encodings.
	123	The point at infinity is encoded as a single zero byte.
	124	.Pp
	125	.Fn EC_POINT_point2oct
	126	converts
	127	.Fa point
	128	into the octet string encoding of type
	129	.Fa form .
	130	It assumes without checking that
	131	.Fa point
	132	is a point on the elliptic curve represented by
	133	.Fa group
	134	and operates in two modes depending on the
	135	.Fa buf
	136	argument.
	137	If
	138	.Fa buf
	139	is
	140	.Dv NULL ,
	141	.Fn EC_POINT_point2oct
	142	returns the length of
	143	.Fa point Ns 's
	144	encoding of type
	145	.Fa form
	146	and ignores the
	147	.Fa len
	148	and
	149	.Fa ctx
	150	arguments.
	151	If
	152	.Fa buf
	153	is not
	154	.Dv NULL
	155	and its length
	156	.Fa len
	157	is sufficiently big,
	158	.Fn EC_POINT_point2oct
	159	writes the
	160	.Fa point Ns 's
	161	encoding of type
	162	.Fa form
	163	to
	164	.Fa buf
	165	and returns the number of bytes written.
	166	Unless
	167	.Fa point
	168	is the point at infinity, the coordinates to be encoded are calculated using
	169	.Xr EC_POINT_get_affine_coordinates 3 .
	170	.Pp
	171	.Fn EC_POINT_oct2point
	172	decodes the octet string representation of a point on
	173	.Fa group
	174	in
	175	.Fa buf
	176	of size
	177	.Fa len
	178	and, if it represents a point on
	179	.Fa group ,
	180	sets it on the caller-provided
	181	.Fa point
	182	using
	183	.Xr EC_POINT_set_to_infinity 3
	184	.Xr EC_POINT_set_compressed_coordinates 3 ,
	185	or
	186	.Xr EC_POINT_set_affine_coordinates 3 .
	187	For hybrid encoding the consistency of
	188	the parity bit in the leading octet is verified.
	189	.Pp
	190	.Fn EC_POINT_point2bn
	191	returns a
	192	.Vt BIGNUM
	193	containing the encoding of type
	194	.Fa form
	195	of the
	196	.Fa point
	197	on
	198	.Fa group .
	199	If
	200	.Fa bn
	201	is
	202	.Dv NULL ,
	203	this
	204	.Vt BIGNUM
	205	is newly allocated, otherwise the result is copied into
	206	.Fa bn
	207	and returned.
	208	.Fn EC_POINT_point2bn
	209	is equivalent to
	210	.Fn EC_POINT_point2oct
	211	followed by
	212	.Xr BN_bin2bn 3 .
	213	.Pp
	214	.Fn EC_POINT_bn2point
	215	assumes that
	216	.Fa bn
	217	contains the encoding of a point on
	218	.Fa group .
	219	If
	220	.Fa point
	221	is
	222	.Dv NULL ,
	223	the result is placed in a newly allocated
	224	.Vt EC_POINT ,
	225	otherwise the result is placed in
	226	.Fa point
	227	which is then returned.
	228	.Fn EC_POINT_bn2point
	229	is equivalent to
	230	.Xr BN_bn2bin 3
	231	followed by
	232	.Fn EC_POINT_oct2point .
	233	.Pp
	234	.Fn EC_POINT_point2hex
	235	returns a printable string containing the hexadecimal encoding of
	236	the point encoding of type
	237	.Fa form
	238	of the
	239	.Fa point
	240	on
	241	.Fa group .
	242	The string must be freed by the caller using
	243	.Xr free 3 .
	244	.Fn EC_POINT_point2hex
	245	is equivalent to
	246	.Fn EC_POINT_point2bn
	247	followed by
	248	.Xr BN_bn2hex 3 .
	249	.Pp
	250	.Fn EC_POINT_hex2point
	251	interprets
	252	.Fa hex
	253	as a hexadecimal encoding of the point encoding of a point on
	254	.Fa group .
	255	If
	256	.Fa point
	257	is
	258	.Dv NULL ,
	259	the result is returned in a newly allocated
	260	.Vt EC_POINT ,
	261	otherwise the result is copied into
	262	.Fa point ,
	263	which is then returned.
	264	.Fn EC_POINT_hex2point
	265	is equivalent to
	266	.Xr BN_hex2bn 3
	267	followed by
	268	.Fn EC_POINT_bn2point .
	269	.Sh RETURN VALUES
	270	If
	271	.Fa buf
	272	is
	273	.Dv NULL ,
	274	.Fn EC_POINT_point2oct
	275	returns the length needed to encode the
	276	.Fa point
	277	on
	278	.Fa group ,
	279	or 0 on error.
	280	If
	281	.Fa buf
	282	is not
	283	.Dv NULL ,
	284	.Fn EC_POINT_point2oct
	285	returns the number of bytes written to
	286	.Fa buf
	287	or 0 on error.
	288	Error conditions include that
	289	.Fa form
	290	is invalid,
	291	.Fa len
	292	is too small, and memory allocation failure.
	293	.Pp
	294	.Fn EC_POINT_oct2point
	295	returns 1 on success and 0 on error.
	296	Error conditions include invalid encoding,
	297	.Fa buf
	298	does not represent a point on
	299	.Fa group ,
	300	or memory allocation failure.
	301	.Pp
	302	.Fn EC_POINT_point2bn
	303	returns a
	304	.Vt BIGNUM
	305	containing the encoding of
	306	.Fa point
	307	or
	308	.Dv NULL
	309	on error.
	310	The returned
	311	.Vt BIGNUM
	312	is either
	313	.Fa bn
	314	or a newly allocated one which must be freed by the caller.
	315	Error conditions include those of
	316	.Fn EC_POINT_point2oct ,
	317	.Xr BN_bn2bin 3 ,
	318	or memory allocation failure.
	319	.Pp
	320	.Fn EC_POINT_bn2point
	321	returns an
	322	.Vt EC_POINT
	323	corresponding to the encoding in
	324	.Fa bn
	325	or
	326	.Dv NULL
	327	on error.
	328	The returned
	329	.Vt EC_POINT
	330	is either
	331	.Fa point
	332	or a newly allocated one which must be freed by the caller.
	333	Error conditions include those of
	334	.Xr BN_bn2bin 3 ,
	335	.Fn EC_POINT_oct2point ,
	336	or memory allocation failure.
	337	.Pp
	338	.Fn EC_POINT_point2hex
	339	returns a newly allocated string or
	340	.Dv NULL
	341	on error.
	342	Error conditions include those of
	343	.Fn EC_POINT_point2bn
	344	or
	345	.Xr BN_bn2hex 3 .
	346	.Pp
	347	.Fn EC_POINT_hex2point
	348	returns an
	349	.Vt EC_POINT
	350	containing the decoded point on
	351	.Fa group
	352	or
	353	.Dv NULL
	354	on error.
	355	The returned
	356	.Vt EC_POINT
	357	is either
	358	.Fa point
	359	or a newly allocated one which must be freed by the caller.
	360	Error conditions are those of
	361	.Xr BN_hex2bn 3 ,
	362	or
	363	.Fn EC_POINT_bn2point .
	364	.Sh SEE ALSO
	365	.Xr BN_mod_sqrt 3 ,
	366	.Xr BN_new 3 ,
	367	.Xr BN_num_bits 3 ,
	368	.Xr crypto 3 ,
	369	.Xr d2i_ECPKParameters 3 ,
	370	.Xr EC_GROUP_check 3 ,
	371	.Xr EC_GROUP_get_curve_name 3 ,
	372	.Xr EC_GROUP_new_by_curve_name 3 ,
	373	.Xr EC_GROUP_new_curve_GFp 3 ,
	374	.Xr EC_KEY_METHOD_new 3 ,
	375	.Xr EC_KEY_new 3 ,
	376	.Xr EC_POINT_add 3 ,
	377	.Xr EC_POINT_get_affine_coordinates 3 ,
	378	.Xr EC_POINT_new 3 ,
	379	.Xr ECDH_compute_key 3 ,
	380	.Xr ECDSA_SIG_new 3
	381	.Sh STANDARDS
	382	.Rs
	383	.%T SEC 1: Elliptic Curve Cryptography, Version 2.0
	384	.%U https://www.secg.org/sec1-v2.pdf
	385	.%D May 21, 2009
	386	.Re
	387	.Sh HISTORY
	388	.Fn EC_POINT_point2oct
	389	and
	390	.Fn EC_POINT_oct2point
	391	first appeared in OpenSSL 0.9.7 and have been available since
	392	.Ox 3.2 .
	393	.Pp
	394	.Fn EC_POINT_point2bn ,
	395	.Fn EC_POINT_bn2point ,
	396	.Fn EC_POINT_point2hex ,
	397	and
	398	.Fn EC_POINT_hex2point
	399	first appeared in OpenSSL 0.9.8 and have been available since
	400	.Ox 4.5 .
	401	.Sh BUGS
	402	The
	403	.Vt point_conversion_form_t
	404	is not properly exposed in the API.
	405	There is no representation for the point at infinity nor is there
	406	an API interface for the parity bit,
	407	forcing applications to invent their own and do bit twiddling in buffers.
	408	.Pp
	409	The poorly chosen signatures of the functions in this manual result
	410	in an unergonomic API, particularly so for
	411	.Fn EC_POINT_point2oct
	412	and
	413	.Fn EC_POINT_oct2point .
	414	Due to fundamental misdesign in the EC library,
	415	points are not directly linked to the curve they live on.
	416	Adding checks that
	417	.Fa point
	418	lives on
	419	.Fa group
	420	is too expensive and intrusive, so it is and will continue to be easy
	421	to make the EC_POINT_point2* API output nonsense.
	422	.Pp
	423	.Fn EC_POINT_point2bn
	424	and
	425	.Fn EC_POINT_bn2point
	426	make no sense.
	427	They abuse
	428	.Vt BIGNUM
	429	as a vector type, which is in poor taste.
	430	.Pp
	431	.Fn EC_POINT_point2hex
	432	and
	433	.Fn EC_POINT_hex2point
	434	use a non-standard encoding format.