hdkv/yuzu
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

early-access version 2698

Browse Source
This commit is contained in:
pineappleEA
2022-04-24 22:29:35 +02:00
parent c96f949832
commit caa0c2911b
486 changed files with 37806 additions and 14362 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
externals/libressl/crypto/ec/ec2_oct.c vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ec2_oct.c,v 1.11 2018/07/15 16:27:39 tb Exp $ */
/* $OpenBSD: ec2_oct.c,v 1.16 2021/05/03 14:42:45 tb Exp $ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
@@ -121,6 +121,10 @@ ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point
if (!BN_GF2m_mod_arr(x, x_, group->poly))
goto err;
if (BN_is_zero(x)) {
if (y_bit != 0) {
ECerror(EC_R_INVALID_COMPRESSED_POINT);
goto err;
}
if (!BN_GF2m_mod_sqrt_arr(y, &group->b, group->poly, ctx))
goto err;
} else {
@@ -152,7 +156,7 @@ ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point
}
}
if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
goto err;
ret = 1;
@@ -221,7 +225,7 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
if ((yxi = BN_CTX_get(ctx)) == NULL)
goto err;
if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx))
if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
goto err;
buf[0] = form;
@@ -280,10 +284,11 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
}
/* Converts an octet string representation to an EC_POINT.
/*
* Converts an octet string representation to an EC_POINT.
* Note that the simple implementation only uses affine coordinates.
*/
int
int
ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
const unsigned char *buf, size_t len, BN_CTX *ctx)
{
@@ -298,19 +303,35 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
ECerror(EC_R_BUFFER_TOO_SMALL);
return 0;
}
form = buf[0];
y_bit = form & 1;
form = form & ~1U;
if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) &&
(form != POINT_CONVERSION_UNCOMPRESSED) &&
(form != POINT_CONVERSION_HYBRID)) {
/*
* The first octet is the point conversion octet PC, see X9.62, page 4
* and section 4.4.2. It must be:
* 0x00 for the point at infinity
* 0x02 or 0x03 for compressed form
* 0x04 for uncompressed form
* 0x06 or 0x07 for hybrid form.
* For compressed or hybrid forms, we store the last bit of buf[0] as
* y_bit and clear it from buf[0] so as to obtain a POINT_CONVERSION_*.
* We error if buf[0] contains any but the above values.
*/
y_bit = buf[0] & 1;
form = buf[0] & ~1U;
if (form != 0 && form != POINT_CONVERSION_COMPRESSED &&
form != POINT_CONVERSION_UNCOMPRESSED &&
form != POINT_CONVERSION_HYBRID) {
ECerror(EC_R_INVALID_ENCODING);
return 0;
}
if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
ECerror(EC_R_INVALID_ENCODING);
return 0;
if (form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) {
if (y_bit != 0) {
ECerror(EC_R_INVALID_ENCODING);
return 0;
}
}
/* The point at infinity is represented by a single zero octet. */
if (form == 0) {
if (len != 1) {
ECerror(EC_R_INVALID_ENCODING);
@@ -318,6 +339,7 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
}
return EC_POINT_set_to_infinity(group, point);
}
field_len = (EC_GROUP_get_degree(group) + 7) / 8;
enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len :
1 + 2 * field_len;
@@ -326,6 +348,7 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
ECerror(EC_R_INVALID_ENCODING);
return 0;
}
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
@@ -346,7 +369,11 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
goto err;
}
if (form == POINT_CONVERSION_COMPRESSED) {
if (!EC_POINT_set_compressed_coordinates_GF2m(group, point, x, y_bit, ctx))
/*
* EC_POINT_set_compressed_coordinates checks that the
* point is on the curve as required by X9.62.
*/
if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx))
goto err;
} else {
if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
@@ -356,22 +383,34 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
goto err;
}
if (form == POINT_CONVERSION_HYBRID) {
if (!group->meth->field_div(group, yxi, y, x, ctx))
goto err;
if (y_bit != BN_is_odd(yxi)) {
ECerror(EC_R_INVALID_ENCODING);
goto err;
/*
* Check that the form in the encoding was set
* correctly according to X9.62 4.4.2.a, 4(c),
* see also first paragraph of X9.62 4.4.1.b.
*/
if (BN_is_zero(x)) {
if (y_bit != 0) {
ECerror(EC_R_INVALID_ENCODING);
goto err;
}
} else {
if (!group->meth->field_div(group, yxi, y, x,
ctx))
goto err;
if (y_bit != BN_is_odd(yxi)) {
ECerror(EC_R_INVALID_ENCODING);
goto err;
}
}
}
if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
/*
* EC_POINT_set_affine_coordinates checks that the
* point is on the curve as required by X9.62.
*/
if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
goto err;
}
/* test required by X9.62 */
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}
ret = 1;
err:

21
externals/libressl/crypto/ec/ec2_smpl.c vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ec2_smpl.c,v 1.21 2018/11/05 20:18:21 tb Exp $ */
/* $OpenBSD: ec2_smpl.c,v 1.23 2021/09/08 17:29:21 tb Exp $ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
@@ -88,17 +88,18 @@ EC_GF2m_simple_method(void)
.group_set_curve = ec_GF2m_simple_group_set_curve,
.group_get_curve = ec_GF2m_simple_group_get_curve,
.group_get_degree = ec_GF2m_simple_group_get_degree,
.group_order_bits = ec_group_simple_order_bits,
.group_check_discriminant =
ec_GF2m_simple_group_check_discriminant,
ec_GF2m_simple_group_check_discriminant,
.point_init = ec_GF2m_simple_point_init,
.point_finish = ec_GF2m_simple_point_finish,
.point_clear_finish = ec_GF2m_simple_point_clear_finish,
.point_copy = ec_GF2m_simple_point_copy,
.point_set_to_infinity = ec_GF2m_simple_point_set_to_infinity,
.point_set_affine_coordinates =
ec_GF2m_simple_point_set_affine_coordinates,
ec_GF2m_simple_point_set_affine_coordinates,
.point_get_affine_coordinates =
ec_GF2m_simple_point_get_affine_coordinates,
ec_GF2m_simple_point_get_affine_coordinates,
.add = ec_GF2m_simple_add,
.dbl = ec_GF2m_simple_dbl,
.invert = ec_GF2m_simple_invert,
@@ -483,7 +484,7 @@ ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
if (!BN_copy(y0, &a->Y))
goto err;
} else {
if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx))
if (!EC_POINT_get_affine_coordinates(group, a, x0, y0, ctx))
goto err;
}
if (b->Z_is_one) {
@@ -492,7 +493,7 @@ ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
if (!BN_copy(y1, &b->Y))
goto err;
} else {
if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx))
if (!EC_POINT_get_affine_coordinates(group, b, x1, y1, ctx))
goto err;
}
@@ -541,7 +542,7 @@ ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
if (!BN_GF2m_add(y2, y2, y1))
goto err;
if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx))
if (!EC_POINT_set_affine_coordinates(group, r, x2, y2, ctx))
goto err;
ret = 1;
@@ -684,9 +685,9 @@ ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
if ((bY = BN_CTX_get(ctx)) == NULL)
goto err;
if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx))
if (!EC_POINT_get_affine_coordinates(group, a, aX, aY, ctx))
goto err;
if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx))
if (!EC_POINT_get_affine_coordinates(group, b, bX, bY, ctx))
goto err;
ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1;
@@ -720,7 +721,7 @@ ec_GF2m_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ct
if ((y = BN_CTX_get(ctx)) == NULL)
goto err;
if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx))
if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
goto err;
if (!BN_copy(&point->X, x))
goto err;

45
externals/libressl/crypto/ec/ec_ameth.c vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ec_ameth.c,v 1.28 2019/09/09 20:26:16 tb Exp $ */
/* $OpenBSD: ec_ameth.c,v 1.31 2022/01/10 12:10:26 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
@@ -67,6 +67,8 @@
#include <openssl/x509.h>
#include "asn1_locl.h"
#include "ec_lcl.h"
#include "evp_locl.h"
#ifndef OPENSSL_NO_CMS
static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
@@ -619,6 +621,41 @@ ec_pkey_ctrl(EVP_PKEY * pkey, int op, long arg1, void *arg2)
}
static int
ec_pkey_check(const EVP_PKEY *pkey)
{
EC_KEY *eckey = pkey->pkey.ec;
if (eckey->priv_key == NULL) {
ECerror(EC_R_MISSING_PRIVATE_KEY);
return 0;
}
return EC_KEY_check_key(eckey);
}
static int
ec_pkey_public_check(const EVP_PKEY *pkey)
{
EC_KEY *eckey = pkey->pkey.ec;
/* This also checks the private key, but oh, well... */
return EC_KEY_check_key(eckey);
}
static int
ec_pkey_param_check(const EVP_PKEY *pkey)
{
EC_KEY *eckey = pkey->pkey.ec;
if (eckey->group == NULL) {
ECerror(EC_R_MISSING_PARAMETERS);
return 0;
}
return EC_GROUP_check(eckey->group, NULL);
}
#ifndef OPENSSL_NO_CMS
static int
@@ -980,5 +1017,9 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
.pkey_free = int_ec_free,
.pkey_ctrl = ec_pkey_ctrl,
.old_priv_decode = old_ec_priv_decode,
.old_priv_encode = old_ec_priv_encode
.old_priv_encode = old_ec_priv_encode,
.pkey_check = ec_pkey_check,
.pkey_public_check = ec_pkey_public_check,
.pkey_param_check = ec_pkey_param_check,
};

36
externals/libressl/crypto/ec/ec_asn1.c vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ec_asn1.c,v 1.31 2018/09/01 16:23:15 tb Exp $ */
/* $OpenBSD: ec_asn1.c,v 1.36 2022/03/31 13:00:58 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
@@ -295,7 +295,6 @@ static const ASN1_ADB_TABLE X9_62_CHARACTERISTIC_TWO_adbtbl[] = {
static const ASN1_ADB X9_62_CHARACTERISTIC_TWO_adb = {
.flags = 0,
.offset = offsetof(X9_62_CHARACTERISTIC_TWO, type),
.app_items = 0,
.tbl = X9_62_CHARACTERISTIC_TWO_adbtbl,
.tblcount = sizeof(X9_62_CHARACTERISTIC_TWO_adbtbl) / sizeof(ASN1_ADB_TABLE),
.default_tt = &char_two_def_tt,
@@ -387,7 +386,6 @@ static const ASN1_ADB_TABLE X9_62_FIELDID_adbtbl[] = {
static const ASN1_ADB X9_62_FIELDID_adb = {
.flags = 0,
.offset = offsetof(X9_62_FIELDID, fieldType),
.app_items = 0,
.tbl = X9_62_FIELDID_adbtbl,
.tblcount = sizeof(X9_62_FIELDID_adbtbl) / sizeof(ASN1_ADB_TABLE),
.default_tt = &fieldID_def_tt,
@@ -709,7 +707,7 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
goto err;
}
/* the parameters are specified by the prime number p */
if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) {
if (!EC_GROUP_get_curve(group, tmp, NULL, NULL, NULL)) {
ECerror(ERR_R_EC_LIB);
goto err;
}
@@ -801,12 +799,12 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
static int
ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
{
int ok = 0, nid;
BIGNUM *tmp_1 = NULL, *tmp_2 = NULL;
unsigned char *buffer_1 = NULL, *buffer_2 = NULL, *a_buf = NULL,
*b_buf = NULL;
size_t len_1, len_2;
unsigned char char_zero = 0;
int ok = 0;
if (!group || !curve || !curve->a || !curve->b)
return 0;
@@ -815,23 +813,12 @@ ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
ECerror(ERR_R_MALLOC_FAILURE);
goto err;
}
nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
/* get a and b */
if (nid == NID_X9_62_prime_field) {
if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) {
ECerror(ERR_R_EC_LIB);
goto err;
}
if (!EC_GROUP_get_curve(group, NULL, tmp_1, tmp_2, NULL)) {
ECerror(ERR_R_EC_LIB);
goto err;
}
#ifndef OPENSSL_NO_EC2M
else { /* nid == NID_X9_62_characteristic_two_field */
if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) {
ECerror(ERR_R_EC_LIB);
goto err;
}
}
#endif
len_1 = (size_t) BN_num_bytes(tmp_1);
len_2 = (size_t) BN_num_bytes(tmp_2);
@@ -1028,7 +1015,7 @@ ec_asn1_group2pkparameters(const EC_GROUP * group, ECPKPARAMETERS * params)
if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
ok = 0;
} else
/* we don't kmow the nid => ERROR */
/* we don't know the group => ERROR */
ok = 0;
} else {
/* use the ECPARAMETERS structure */
@@ -1298,7 +1285,7 @@ EC_GROUP *
d2i_ECPKParameters(EC_GROUP ** a, const unsigned char **in, long len)
{
EC_GROUP *group = NULL;
ECPKPARAMETERS *params = NULL;
ECPKPARAMETERS *params;
if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) {
ECerror(EC_R_D2I_ECPKPARAMETERS_FAILURE);
@@ -1345,13 +1332,8 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len)
EC_KEY *ret = NULL;
EC_PRIVATEKEY *priv_key = NULL;
if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
ECerror(ERR_R_MALLOC_FAILURE);
return NULL;
}
if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) {
if ((priv_key = d2i_EC_PRIVATEKEY(NULL, in, len)) == NULL) {
ECerror(ERR_R_EC_LIB);
EC_PRIVATEKEY_free(priv_key);
return NULL;
}
if (a == NULL || *a == NULL) {

4
externals/libressl/crypto/ec/ec_curve.c vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ec_curve.c,v 1.20 2020/06/05 17:12:09 jsing Exp $ */
/* $OpenBSD: ec_curve.c,v 1.21 2021/04/20 17:16:37 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
@@ -3373,7 +3373,7 @@ ec_group_new_from_data(const ec_list_element curve)
ECerror(ERR_R_BN_LIB);
goto err;
}
if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) {
if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
ECerror(ERR_R_EC_LIB);
goto err;
}

8
externals/libressl/crypto/ec/ec_cvt.c vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ec_cvt.c,v 1.6 2014/07/10 22:45:57 jsing Exp $ */
/* $OpenBSD: ec_cvt.c,v 1.7 2021/04/20 17:04:13 tb Exp $ */
/*
* Originally written by Bodo Moeller for the OpenSSL project.
*/
@@ -112,7 +112,7 @@ EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b,
if (ret == NULL)
return NULL;
if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) {
if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) {
unsigned long err;
err = ERR_peek_last_error();
@@ -136,7 +136,7 @@ EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b,
if (ret == NULL)
return NULL;
if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) {
if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) {
EC_GROUP_clear_free(ret);
return NULL;
}
@@ -158,7 +158,7 @@ EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b,
if (ret == NULL)
return NULL;
if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) {
if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) {
EC_GROUP_clear_free(ret);
return NULL;
}

31
externals/libressl/crypto/ec/ec_key.c vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ec_key.c,v 1.24 2019/01/19 01:12:48 tb Exp $ */
/* $OpenBSD: ec_key.c,v 1.26 2021/04/20 17:23:37 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
@@ -381,7 +381,7 @@ EC_KEY_set_public_key_affine_coordinates(EC_KEY * key, BIGNUM * x, BIGNUM * y)
BN_CTX *ctx = NULL;
BIGNUM *tx, *ty;
EC_POINT *point = NULL;
int ok = 0, tmp_nid, is_char_two = 0;
int ok = 0;
if (!key || !key->group || !x || !y) {
ECerror(ERR_R_PASSED_NULL_PARAMETER);
@@ -396,34 +396,15 @@ EC_KEY_set_public_key_affine_coordinates(EC_KEY * key, BIGNUM * x, BIGNUM * y)
if (!point)
goto err;
tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group));
if (tmp_nid == NID_X9_62_characteristic_two_field)
is_char_two = 1;
if ((tx = BN_CTX_get(ctx)) == NULL)
goto err;
if ((ty = BN_CTX_get(ctx)) == NULL)
goto err;
#ifndef OPENSSL_NO_EC2M
if (is_char_two) {
if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point,
x, y, ctx))
goto err;
if (!EC_POINT_get_affine_coordinates_GF2m(key->group, point,
tx, ty, ctx))
goto err;
} else
#endif
{
if (!EC_POINT_set_affine_coordinates_GFp(key->group, point,
x, y, ctx))
goto err;
if (!EC_POINT_get_affine_coordinates_GFp(key->group, point,
tx, ty, ctx))
goto err;
}
if (!EC_POINT_set_affine_coordinates(key->group, point, x, y, ctx))
goto err;
if (!EC_POINT_get_affine_coordinates(key->group, point, tx, ty, ctx))
goto err;
/*
* Check if retrieved coordinates match originals: if not values are
* out of range.

3
externals/libressl/crypto/ec/ec_kmeth.c vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ec_kmeth.c,v 1.5 2019/05/10 19:15:06 bcook Exp $ */
/* $OpenBSD: ec_kmeth.c,v 1.6 2021/12/04 16:08:32 tb Exp $ */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
@@ -58,6 +58,7 @@
#endif
#include <openssl/err.h>
#include "bn_lcl.h"
#include "ec_lcl.h"
#include "ecs_locl.h"

39
externals/libressl/crypto/ec/ec_lcl.h vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ec_lcl.h,v 1.13 2019/01/19 01:12:48 tb Exp $ */
/* $OpenBSD: ec_lcl.h,v 1.19 2021/12/04 16:08:32 tb Exp $ */
/*
* Originally written by Bodo Moeller for the OpenSSL project.
*/
@@ -76,6 +76,8 @@
#include <openssl/ecdsa.h>
#include <openssl/bn.h>
#include "bn_lcl.h"
__BEGIN_HIDDEN_DECLS
#if defined(__SUNPRO_C)
@@ -105,14 +107,14 @@ struct ec_method_st {
void (*group_clear_finish)(EC_GROUP *);
int (*group_copy)(EC_GROUP *, const EC_GROUP *);
/* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */
/* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */
/* used by EC_GROUP_{get,set}_curve */
int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
/* used by EC_GROUP_get_degree: */
int (*group_get_degree)(const EC_GROUP *);
/* used by EC_GROUP_order_bits: */
int (*group_order_bits)(const EC_GROUP *);
/* used by EC_GROUP_check: */
int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *);
@@ -122,17 +124,18 @@ struct ec_method_st {
void (*point_clear_finish)(EC_POINT *);
int (*point_copy)(EC_POINT *, const EC_POINT *);
/* used by EC_POINT_set_to_infinity,
* EC_POINT_set_Jprojective_coordinates_GFp,
* EC_POINT_get_Jprojective_coordinates_GFp,
* EC_POINT_set_affine_coordinates_GFp, ..._GF2m,
* EC_POINT_get_affine_coordinates_GFp, ..._GF2m,
* EC_POINT_set_compressed_coordinates_GFp, ..._GF2m:
/*
* used by EC_POINT_set_to_infinity,
* EC_POINT_set_Jprojective_coordinates,
* EC_POINT_get_Jprojective_coordinates,
* EC_POINT_set_affine_coordinates,
* EC_POINT_get_affine_coordinates,
* EC_POINT_set_compressed_coordinates:
*/
int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *);
int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
int (*point_set_Jprojective_coordinates)(const EC_GROUP *, EC_POINT *,
const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
int (*point_get_Jprojective_coordinates)(const EC_GROUP *, const EC_POINT *,
BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *,
const BIGNUM *x, const BIGNUM *y, BN_CTX *);
@@ -282,7 +285,7 @@ void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **,
void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **);
void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **);
int ec_group_simple_order_bits(const EC_GROUP *group);
struct ec_point_st {
const EC_METHOD *meth;
@@ -297,8 +300,6 @@ struct ec_point_st {
int Z_is_one; /* enable optimized point arithmetics for special case */
} /* EC_POINT */;
/* method functions in ec_mult.c
* (ec_lib.c uses these as defaults if group->method->mul is 0) */
int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
@@ -321,10 +322,10 @@ void ec_GFp_simple_point_finish(EC_POINT *);
void ec_GFp_simple_point_clear_finish(EC_POINT *);
int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
int ec_GFp_simple_set_Jprojective_coordinates(const EC_GROUP *, EC_POINT *,
const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
int ec_GFp_simple_get_Jprojective_coordinates(const EC_GROUP *,
const EC_POINT *, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
const BIGNUM *x, const BIGNUM *y, BN_CTX *);
int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *,

298
externals/libressl/crypto/ec/ec_lib.c vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ec_lib.c,v 1.32 2019/09/29 10:09:09 tb Exp $ */
/* $OpenBSD: ec_lib.c,v 1.45 2022/04/07 17:37:25 tb Exp $ */
/*
* Originally written by Bodo Moeller for the OpenSSL project.
*/
@@ -100,7 +100,7 @@ EC_GROUP_new(const EC_METHOD * meth)
BN_init(&ret->cofactor);
ret->curve_name = 0;
ret->asn1_flag = 0;
ret->asn1_flag = OPENSSL_EC_NAMED_CURVE;
ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED;
ret->seed = NULL;
@@ -114,7 +114,7 @@ EC_GROUP_new(const EC_METHOD * meth)
}
void
void
EC_GROUP_free(EC_GROUP * group)
{
if (!group)
@@ -135,7 +135,7 @@ EC_GROUP_free(EC_GROUP * group)
}
void
void
EC_GROUP_clear_free(EC_GROUP * group)
{
if (!group)
@@ -157,7 +157,7 @@ EC_GROUP_clear_free(EC_GROUP * group)
}
int
int
EC_GROUP_copy(EC_GROUP * dest, const EC_GROUP * src)
{
EC_EXTRA_DATA *d;
@@ -247,7 +247,7 @@ EC_GROUP_method_of(const EC_GROUP *group)
}
int
int
EC_METHOD_get_field_type(const EC_METHOD *meth)
{
return meth->field_type;
@@ -300,7 +300,7 @@ ec_guess_cofactor(EC_GROUP *group)
if (!BN_copy(q, &group->field))
goto err;
}
/*
* Compute
* h = \lfloor (q + 1)/n \rceil = \lfloor (q + 1 + n/2) / n \rfloor.
@@ -321,14 +321,18 @@ ec_guess_cofactor(EC_GROUP *group)
goto err;
ret = 1;
err:
BN_CTX_end(ctx);
BN_CTX_free(ctx);
BN_zero(&group->cofactor);
if (ret != 1)
BN_zero(&group->cofactor);
return ret;
}
int
int
EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
const BIGNUM *order, const BIGNUM *cofactor)
{
@@ -344,10 +348,10 @@ EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
}
/*
* Require order >= 1 and enforce an upper bound of at most one bit more
* Require order > 1 and enforce an upper bound of at most one bit more
* than the field cardinality due to Hasse's theorem.
*/
if (order == NULL || BN_is_zero(order) || BN_is_negative(order) ||
if (order == NULL || BN_cmp(order, BN_value_one()) <= 0 ||
BN_num_bits(order) > BN_num_bits(&group->field) + 1) {
ECerror(EC_R_INVALID_GROUP_ORDER);
return 0;
@@ -381,6 +385,12 @@ EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
} else if (!ec_guess_cofactor(group))
return 0;
/* Use Hasse's theorem to bound the cofactor. */
if (BN_num_bits(&group->cofactor) > BN_num_bits(&group->field) + 1) {
ECerror(EC_R_INVALID_GROUP_ORDER);
return 0;
}
return 1;
}
@@ -392,7 +402,7 @@ EC_GROUP_get0_generator(const EC_GROUP *group)
}
int
int
EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
{
if (!BN_copy(order, &group->order))
@@ -401,8 +411,13 @@ EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
return !BN_is_zero(order);
}
int
EC_GROUP_order_bits(const EC_GROUP *group)
{
return group->meth->group_order_bits(group);
}
int
int
EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
{
if (!BN_copy(cofactor, &group->cofactor))
@@ -412,35 +427,35 @@ EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
}
void
void
EC_GROUP_set_curve_name(EC_GROUP * group, int nid)
{
group->curve_name = nid;
}
int
int
EC_GROUP_get_curve_name(const EC_GROUP * group)
{
return group->curve_name;
}
void
void
EC_GROUP_set_asn1_flag(EC_GROUP * group, int flag)
{
group->asn1_flag = flag;
}
int
int
EC_GROUP_get_asn1_flag(const EC_GROUP * group)
{
return group->asn1_flag;
}
void
void
EC_GROUP_set_point_conversion_form(EC_GROUP * group,
point_conversion_form_t form)
{
@@ -448,14 +463,14 @@ EC_GROUP_set_point_conversion_form(EC_GROUP * group,
}
point_conversion_form_t
point_conversion_form_t
EC_GROUP_get_point_conversion_form(const EC_GROUP * group)
{
return group->asn1_form;
}
size_t
size_t
EC_GROUP_set_seed(EC_GROUP * group, const unsigned char *p, size_t len)
{
if (group->seed) {
@@ -482,62 +497,65 @@ EC_GROUP_get0_seed(const EC_GROUP * group)
}
size_t
size_t
EC_GROUP_get_seed_len(const EC_GROUP * group)
{
return group->seed_len;
}
int
EC_GROUP_set_curve_GFp(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a,
const BIGNUM * b, BN_CTX * ctx)
int
EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx)
{
if (group->meth->group_set_curve == 0) {
if (group->meth->group_set_curve == NULL) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
return group->meth->group_set_curve(group, p, a, b, ctx);
}
int
EC_GROUP_get_curve_GFp(const EC_GROUP * group, BIGNUM * p, BIGNUM * a,
BIGNUM * b, BN_CTX * ctx)
int
EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
BN_CTX *ctx)
{
if (group->meth->group_get_curve == 0) {
if (group->meth->group_get_curve == NULL) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
return group->meth->group_get_curve(group, p, a, b, ctx);
}
int
EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx)
{
return EC_GROUP_set_curve(group, p, a, b, ctx);
}
int
EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
BN_CTX *ctx)
{
return EC_GROUP_get_curve(group, p, a, b, ctx);
}
#ifndef OPENSSL_NO_EC2M
int
EC_GROUP_set_curve_GF2m(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a,
const BIGNUM * b, BN_CTX * ctx)
int
EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx)
{
if (group->meth->group_set_curve == 0) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
return group->meth->group_set_curve(group, p, a, b, ctx);
return EC_GROUP_set_curve(group, p, a, b, ctx);
}
int
EC_GROUP_get_curve_GF2m(const EC_GROUP * group, BIGNUM * p, BIGNUM * a,
BIGNUM * b, BN_CTX * ctx)
int
EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
BIGNUM *b, BN_CTX *ctx)
{
if (group->meth->group_get_curve == 0) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
return group->meth->group_get_curve(group, p, a, b, ctx);
return EC_GROUP_get_curve(group, p, a, b, ctx);
}
#endif
int
int
EC_GROUP_get_degree(const EC_GROUP * group)
{
if (group->meth->group_get_degree == 0) {
@@ -548,7 +566,7 @@ EC_GROUP_get_degree(const EC_GROUP * group)
}
int
int
EC_GROUP_check_discriminant(const EC_GROUP * group, BN_CTX * ctx)
{
if (group->meth->group_check_discriminant == 0) {
@@ -559,7 +577,7 @@ EC_GROUP_check_discriminant(const EC_GROUP * group, BN_CTX * ctx)
}
int
int
EC_GROUP_cmp(const EC_GROUP * a, const EC_GROUP * b, BN_CTX * ctx)
{
int r = 0;
@@ -652,7 +670,7 @@ ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
}
/* this has 'package' visibility */
int
int
EC_EX_DATA_set_data(EC_EXTRA_DATA ** ex_data, void *data,
void *(*dup_func) (void *),
void (*free_func) (void *),
@@ -708,7 +726,7 @@ EC_EX_DATA_get_data(const EC_EXTRA_DATA * ex_data,
}
/* this has 'package' visibility */
void
void
EC_EX_DATA_free_data(EC_EXTRA_DATA ** ex_data,
void *(*dup_func) (void *),
void (*free_func) (void *),
@@ -735,7 +753,7 @@ EC_EX_DATA_free_data(EC_EXTRA_DATA ** ex_data,
}
/* this has 'package' visibility */
void
void
EC_EX_DATA_clear_free_data(EC_EXTRA_DATA ** ex_data,
void *(*dup_func) (void *),
void (*free_func) (void *),
@@ -762,7 +780,7 @@ EC_EX_DATA_clear_free_data(EC_EXTRA_DATA ** ex_data,
}
/* this has 'package' visibility */
void
void
EC_EX_DATA_free_all_data(EC_EXTRA_DATA ** ex_data)
{
EC_EXTRA_DATA *d;
@@ -783,7 +801,7 @@ EC_EX_DATA_free_all_data(EC_EXTRA_DATA ** ex_data)
}
/* this has 'package' visibility */
void
void
EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA ** ex_data)
{
EC_EXTRA_DATA *d;
@@ -834,7 +852,7 @@ EC_POINT_new(const EC_GROUP * group)
}
void
void
EC_POINT_free(EC_POINT * point)
{
if (!point)
@@ -846,7 +864,7 @@ EC_POINT_free(EC_POINT * point)
}
void
void
EC_POINT_clear_free(EC_POINT * point)
{
if (!point)
@@ -860,7 +878,7 @@ EC_POINT_clear_free(EC_POINT * point)
}
int
int
EC_POINT_copy(EC_POINT * dest, const EC_POINT * src)
{
if (dest->meth->point_copy == 0) {
@@ -905,7 +923,7 @@ EC_POINT_method_of(const EC_POINT * point)
}
int
int
EC_POINT_set_to_infinity(const EC_GROUP * group, EC_POINT * point)
{
if (group->meth->point_set_to_infinity == 0) {
@@ -919,28 +937,57 @@ EC_POINT_set_to_infinity(const EC_GROUP * group, EC_POINT * point)
return group->meth->point_set_to_infinity(group, point);
}
int
EC_POINT_set_Jprojective_coordinates(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
{
if (group->meth->point_set_Jprojective_coordinates == NULL) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_set_Jprojective_coordinates(group, point,
x, y, z, ctx);
}
int
int
EC_POINT_get_Jprojective_coordinates(const EC_GROUP *group,
const EC_POINT *point, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
{
if (group->meth->point_get_Jprojective_coordinates == NULL) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_get_Jprojective_coordinates(group, point,
x, y, z, ctx);
}
int
EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
{
if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
return EC_POINT_set_Jprojective_coordinates(group, point, x, y, z, ctx);
}
int
int
EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
const EC_POINT *point, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
{
if (group->meth->point_get_Jprojective_coordinates_GFp == 0) {
return EC_POINT_get_Jprojective_coordinates(group, point, x, y, z, ctx);
}
int
EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
{
if (group->meth->point_set_affine_coordinates == NULL) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
@@ -948,31 +995,36 @@ EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
return 0;
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
return 0;
}
return 1;
}
int
int
EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
{
if (group->meth->point_set_affine_coordinates == 0) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
return EC_POINT_set_affine_coordinates(group, point, x, y, ctx);
}
#ifndef OPENSSL_NO_EC2M
int
int
EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
{
if (group->meth->point_set_affine_coordinates == 0) {
return EC_POINT_set_affine_coordinates(group, point, x, y, ctx);
}
#endif
int
EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
{
if (group->meth->point_get_affine_coordinates == NULL) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
@@ -980,43 +1032,26 @@ EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
}
#endif
int
int
EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
{
if (group->meth->point_get_affine_coordinates == 0) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
return EC_POINT_get_affine_coordinates(group, point, x, y, ctx);
}
#ifndef OPENSSL_NO_EC2M
int
int
EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point,
BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
{
if (group->meth->point_get_affine_coordinates == 0) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
return EC_POINT_get_affine_coordinates(group, point, x, y, ctx);
}
#endif
int
int
EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
const EC_POINT *b, BN_CTX *ctx)
{
@@ -1032,7 +1067,7 @@ EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
}
int
int
EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
{
if (group->meth->dbl == 0) {
@@ -1047,7 +1082,7 @@ EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
}
int
int
EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
{
if (group->meth->invert == 0) {
@@ -1062,7 +1097,7 @@ EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
}
int
int
EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
{
if (group->meth->is_at_infinity == 0) {
@@ -1077,7 +1112,7 @@ EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
}
int
int
EC_POINT_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX * ctx)
{
if (group->meth->is_on_curve == 0) {
@@ -1092,7 +1127,7 @@ EC_POINT_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX * ct
}
int
int
EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
BN_CTX * ctx)
{
@@ -1108,7 +1143,7 @@ EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
}
int
int
EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
{
if (group->meth->make_affine == 0) {
@@ -1123,7 +1158,7 @@ EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
}
int
int
EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
BN_CTX *ctx)
{
@@ -1144,7 +1179,7 @@ EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
/* Functions for point multiplication */
int
int
EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
{
@@ -1159,22 +1194,22 @@ EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
/* Either bP or aG + bP, this is sane. */
if (num == 1 && points != NULL && scalars != NULL)
return EC_POINT_mul(group, r, scalar, points[0], scalars[0],
ctx);
/* aG, this is sane */
if (scalar != NULL && points == NULL && scalars == NULL)
return EC_POINT_mul(group, r, scalar, NULL, NULL, ctx);
/* anything else is an error */
ECerror(ERR_R_EC_LIB);
return 0;
}
int
int
EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
{
@@ -1216,13 +1251,13 @@ EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
return group->meth->mul_double_nonct(group, r, g_scalar,
p_scalar, point, ctx);
}
/* Anything else is an error. */
ECerror(ERR_R_EC_LIB);
return 0;
}
int
int
EC_GROUP_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
{
if (group->meth->precompute_mult != 0)
@@ -1231,7 +1266,7 @@ EC_GROUP_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
return 1; /* nothing to do, so report success */
}
int
int
EC_GROUP_have_precompute_mult(const EC_GROUP * group)
{
if (group->meth->have_precompute_mult != 0)
@@ -1241,6 +1276,17 @@ EC_GROUP_have_precompute_mult(const EC_GROUP * group)
* been performed */
}
int
ec_group_simple_order_bits(const EC_GROUP *group)
{
/* XXX change group->order to a pointer? */
#if 0
if (group->order == NULL)
return 0;
#endif
return BN_num_bits(&group->order);
}
EC_KEY *
ECParameters_dup(EC_KEY *key)
{
@@ -1254,5 +1300,5 @@ ECParameters_dup(EC_KEY *key)
if ((len = i2d_ECParameters(key, &p)) > 0)
k = d2i_ECParameters(NULL, (const unsigned char **)&p, len);
return (k);
return (k);
}

58
externals/libressl/crypto/ec/ec_oct.c vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ec_oct.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */
/* $OpenBSD: ec_oct.c,v 1.8 2021/04/20 17:34:33 tb Exp $ */
/*
* Originally written by Bodo Moeller for the OpenSSL project.
*/
@@ -70,12 +70,12 @@
#include "ec_lcl.h"
int
EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP * group, EC_POINT * point,
const BIGNUM * x, int y_bit, BN_CTX * ctx)
int
EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, int y_bit, BN_CTX *ctx)
{
if (group->meth->point_set_compressed_coordinates == 0
&& !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
if (group->meth->point_set_compressed_coordinates == NULL &&
!(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
@@ -98,36 +98,33 @@ EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP * group, EC_POINT * point
group, point, x, y_bit, ctx);
#endif
}
return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
if (!group->meth->point_set_compressed_coordinates(group, point, x,
y_bit, ctx))
return 0;
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
return 0;
}
return 1;
}
int
EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, int y_bit, BN_CTX *ctx)
{
return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
}
#ifndef OPENSSL_NO_EC2M
int
EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP * group, EC_POINT * point,
const BIGNUM * x, int y_bit, BN_CTX * ctx)
int
EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, int y_bit, BN_CTX *ctx)
{
if (group->meth->point_set_compressed_coordinates == 0
&& !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
if (group->meth->field_type == NID_X9_62_prime_field)
return ec_GFp_simple_set_compressed_coordinates(
group, point, x, y_bit, ctx);
else
return ec_GF2m_simple_set_compressed_coordinates(
group, point, x, y_bit, ctx);
}
return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
}
#endif
size_t
size_t
EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
point_conversion_form_t form,
unsigned char *buf, size_t len, BN_CTX *ctx)
@@ -159,8 +156,7 @@ EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
return group->meth->point2oct(group, point, form, buf, len, ctx);
}
int
int
EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
const unsigned char *buf, size_t len, BN_CTX *ctx)
{

3
externals/libressl/crypto/ec/ec_pmeth.c vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ec_pmeth.c,v 1.12 2019/09/09 18:06:25 jsing Exp $ */
/* $OpenBSD: ec_pmeth.c,v 1.13 2021/12/04 16:08:32 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
@@ -66,6 +66,7 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include "bn_lcl.h"
#include "ec_lcl.h"
#include "ech_locl.h"
#include "evp_locl.h"

20
externals/libressl/crypto/ec/eck_prn.c vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: eck_prn.c,v 1.15 2018/07/15 16:27:39 tb Exp $ */
/* $OpenBSD: eck_prn.c,v 1.17 2021/04/20 17:12:43 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
@@ -64,8 +64,6 @@
#include <stdio.h>
#include <string.h>
#include <openssl/opensslconf.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/err.h>
@@ -214,19 +212,9 @@ ECPKParameters_print(BIO * bp, const EC_GROUP * x, int off)
reason = ERR_R_MALLOC_FAILURE;
goto err;
}
#ifndef OPENSSL_NO_EC2M
if (is_char_two) {
if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) {
reason = ERR_R_EC_LIB;
goto err;
}
} else /* prime field */
#endif
{
if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) {
reason = ERR_R_EC_LIB;
goto err;
}
if (!EC_GROUP_get_curve(x, p, a, b, ctx)) {
reason = ERR_R_EC_LIB;
goto err;
}
if ((point = EC_GROUP_get0_generator(x)) == NULL) {

37
externals/libressl/crypto/ec/ecp_mont.c vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ecp_mont.c,v 1.17 2018/11/05 20:18:21 tb Exp $ */
/* $OpenBSD: ecp_mont.c,v 1.20 2021/09/08 17:29:21 tb Exp $ */
/*
* Originally written by Bodo Moeller for the OpenSSL project.
*/
@@ -79,21 +79,22 @@ EC_GFp_mont_method(void)
.group_set_curve = ec_GFp_mont_group_set_curve,
.group_get_curve = ec_GFp_simple_group_get_curve,
.group_get_degree = ec_GFp_simple_group_get_degree,
.group_order_bits = ec_group_simple_order_bits,
.group_check_discriminant =
ec_GFp_simple_group_check_discriminant,
ec_GFp_simple_group_check_discriminant,
.point_init = ec_GFp_simple_point_init,
.point_finish = ec_GFp_simple_point_finish,
.point_clear_finish = ec_GFp_simple_point_clear_finish,
.point_copy = ec_GFp_simple_point_copy,
.point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,
.point_set_Jprojective_coordinates_GFp =
ec_GFp_simple_set_Jprojective_coordinates_GFp,
.point_get_Jprojective_coordinates_GFp =
ec_GFp_simple_get_Jprojective_coordinates_GFp,
.point_set_Jprojective_coordinates =
ec_GFp_simple_set_Jprojective_coordinates,
.point_get_Jprojective_coordinates =
ec_GFp_simple_get_Jprojective_coordinates,
.point_set_affine_coordinates =
ec_GFp_simple_point_set_affine_coordinates,
ec_GFp_simple_point_set_affine_coordinates,
.point_get_affine_coordinates =
ec_GFp_simple_point_get_affine_coordinates,
ec_GFp_simple_point_get_affine_coordinates,
.add = ec_GFp_simple_add,
.dbl = ec_GFp_simple_dbl,
.invert = ec_GFp_simple_invert,
@@ -117,7 +118,7 @@ EC_GFp_mont_method(void)
}
int
int
ec_GFp_mont_group_init(EC_GROUP * group)
{
int ok;
@@ -129,7 +130,7 @@ ec_GFp_mont_group_init(EC_GROUP * group)
}
void
void
ec_GFp_mont_group_finish(EC_GROUP * group)
{
BN_MONT_CTX_free(group->field_data1);
@@ -140,7 +141,7 @@ ec_GFp_mont_group_finish(EC_GROUP * group)
}
void
void
ec_GFp_mont_group_clear_finish(EC_GROUP * group)
{
BN_MONT_CTX_free(group->field_data1);
@@ -151,7 +152,7 @@ ec_GFp_mont_group_clear_finish(EC_GROUP * group)
}
int
int
ec_GFp_mont_group_copy(EC_GROUP * dest, const EC_GROUP * src)
{
BN_MONT_CTX_free(dest->field_data1);
@@ -185,7 +186,7 @@ ec_GFp_mont_group_copy(EC_GROUP * dest, const EC_GROUP * src)
}
int
int
ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx)
{
@@ -237,7 +238,7 @@ ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
}
int
int
ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx)
{
@@ -249,7 +250,7 @@ ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
}
int
int
ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
BN_CTX *ctx)
{
@@ -261,7 +262,7 @@ ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
}
int
int
ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
BN_CTX *ctx)
{
@@ -273,7 +274,7 @@ ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
}
int
int
ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
BN_CTX *ctx)
{
@@ -285,7 +286,7 @@ ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
}
int
int
ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
{
if (group->field_data2 == NULL) {

25
externals/libressl/crypto/ec/ecp_nist.c vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ecp_nist.c,v 1.15 2018/11/05 20:18:21 tb Exp $ */
/* $OpenBSD: ecp_nist.c,v 1.18 2021/09/08 17:29:21 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
@@ -80,21 +80,22 @@ EC_GFp_nist_method(void)
.group_set_curve = ec_GFp_nist_group_set_curve,
.group_get_curve = ec_GFp_simple_group_get_curve,
.group_get_degree = ec_GFp_simple_group_get_degree,
.group_order_bits = ec_group_simple_order_bits,
.group_check_discriminant =
ec_GFp_simple_group_check_discriminant,
ec_GFp_simple_group_check_discriminant,
.point_init = ec_GFp_simple_point_init,
.point_finish = ec_GFp_simple_point_finish,
.point_clear_finish = ec_GFp_simple_point_clear_finish,
.point_copy = ec_GFp_simple_point_copy,
.point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,
.point_set_Jprojective_coordinates_GFp =
ec_GFp_simple_set_Jprojective_coordinates_GFp,
.point_get_Jprojective_coordinates_GFp =
ec_GFp_simple_get_Jprojective_coordinates_GFp,
.point_set_Jprojective_coordinates =
ec_GFp_simple_set_Jprojective_coordinates,
.point_get_Jprojective_coordinates =
ec_GFp_simple_get_Jprojective_coordinates,
.point_set_affine_coordinates =
ec_GFp_simple_point_set_affine_coordinates,
ec_GFp_simple_point_set_affine_coordinates,
.point_get_affine_coordinates =
ec_GFp_simple_point_get_affine_coordinates,
ec_GFp_simple_point_get_affine_coordinates,
.add = ec_GFp_simple_add,
.dbl = ec_GFp_simple_dbl,
.invert = ec_GFp_simple_invert,
@@ -114,7 +115,7 @@ EC_GFp_nist_method(void)
return &ret;
}
int
int
ec_GFp_nist_group_copy(EC_GROUP * dest, const EC_GROUP * src)
{
dest->field_mod_func = src->field_mod_func;
@@ -122,7 +123,7 @@ ec_GFp_nist_group_copy(EC_GROUP * dest, const EC_GROUP * src)
return ec_GFp_simple_group_copy(dest, src);
}
int
int
ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
{
@@ -162,7 +163,7 @@ ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
}
int
int
ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx)
{
@@ -189,7 +190,7 @@ ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
}
int
int
ec_GFp_nist_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a,
BN_CTX * ctx)
{

23
externals/libressl/crypto/ec/ecp_oct.c vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ecp_oct.c,v 1.11 2018/07/15 16:27:39 tb Exp $ */
/* $OpenBSD: ecp_oct.c,v 1.14 2021/04/20 17:32:57 tb Exp $ */
/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
* for the OpenSSL project.
* Includes code written by Bodo Moeller for the OpenSSL project.
@@ -185,7 +185,7 @@ ec_GFp_simple_set_compressed_coordinates(const EC_GROUP * group,
ECerror(ERR_R_INTERNAL_ERROR);
goto err;
}
if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
goto err;
ret = 1;
@@ -246,7 +246,7 @@ ec_GFp_simple_point2oct(const EC_GROUP * group, const EC_POINT * point, point_co
if ((y = BN_CTX_get(ctx)) == NULL)
goto err;
if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
goto err;
if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))
@@ -362,7 +362,11 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
goto err;
}
if (form == POINT_CONVERSION_COMPRESSED) {
if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx))
/*
* EC_POINT_set_compressed_coordinates checks that the point
* is on the curve as required by X9.62.
*/
if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx))
goto err;
} else {
if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
@@ -377,15 +381,14 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
goto err;
}
}
if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
/*
* EC_POINT_set_affine_coordinates checks that the point is
* on the curve as required by X9.62.
*/
if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
goto err;
}
/* test required by X9.62 */
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}
ret = 1;
err:

102
externals/libressl/crypto/ec/ecp_smpl.c vendored
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ecp_smpl.c,v 1.29 2018/11/15 05:53:31 tb Exp $ */
/* $OpenBSD: ecp_smpl.c,v 1.34 2022/01/20 11:02:44 inoguchi Exp $ */
/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
* for the OpenSSL project.
* Includes code written by Bodo Moeller for the OpenSSL project.
@@ -80,21 +80,22 @@ EC_GFp_simple_method(void)
.group_set_curve = ec_GFp_simple_group_set_curve,
.group_get_curve = ec_GFp_simple_group_get_curve,
.group_get_degree = ec_GFp_simple_group_get_degree,
.group_order_bits = ec_group_simple_order_bits,
.group_check_discriminant =
ec_GFp_simple_group_check_discriminant,
ec_GFp_simple_group_check_discriminant,
.point_init = ec_GFp_simple_point_init,
.point_finish = ec_GFp_simple_point_finish,
.point_clear_finish = ec_GFp_simple_point_clear_finish,
.point_copy = ec_GFp_simple_point_copy,
.point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,
.point_set_Jprojective_coordinates_GFp =
ec_GFp_simple_set_Jprojective_coordinates_GFp,
.point_get_Jprojective_coordinates_GFp =
ec_GFp_simple_get_Jprojective_coordinates_GFp,
.point_set_Jprojective_coordinates =
ec_GFp_simple_set_Jprojective_coordinates,
.point_get_Jprojective_coordinates =
ec_GFp_simple_get_Jprojective_coordinates,
.point_set_affine_coordinates =
ec_GFp_simple_point_set_affine_coordinates,
ec_GFp_simple_point_set_affine_coordinates,
.point_get_affine_coordinates =
ec_GFp_simple_point_get_affine_coordinates,
ec_GFp_simple_point_get_affine_coordinates,
.add = ec_GFp_simple_add,
.dbl = ec_GFp_simple_dbl,
.invert = ec_GFp_simple_invert,
@@ -129,7 +130,7 @@ EC_GFp_simple_method(void)
*/
int
int
ec_GFp_simple_group_init(EC_GROUP * group)
{
BN_init(&group->field);
@@ -140,7 +141,7 @@ ec_GFp_simple_group_init(EC_GROUP * group)
}
void
void
ec_GFp_simple_group_finish(EC_GROUP * group)
{
BN_free(&group->field);
@@ -149,7 +150,7 @@ ec_GFp_simple_group_finish(EC_GROUP * group)
}
void
void
ec_GFp_simple_group_clear_finish(EC_GROUP * group)
{
BN_clear_free(&group->field);
@@ -158,7 +159,7 @@ ec_GFp_simple_group_clear_finish(EC_GROUP * group)
}
int
int
ec_GFp_simple_group_copy(EC_GROUP * dest, const EC_GROUP * src)
{
if (!BN_copy(&dest->field, &src->field))
@@ -174,7 +175,7 @@ ec_GFp_simple_group_copy(EC_GROUP * dest, const EC_GROUP * src)
}
int
int
ec_GFp_simple_group_set_curve(EC_GROUP * group,
const BIGNUM * p, const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx)
{
@@ -231,7 +232,7 @@ ec_GFp_simple_group_set_curve(EC_GROUP * group,
}
int
int
ec_GFp_simple_group_get_curve(const EC_GROUP * group, BIGNUM * p, BIGNUM * a, BIGNUM * b, BN_CTX * ctx)
{
int ret = 0;
@@ -275,14 +276,14 @@ ec_GFp_simple_group_get_curve(const EC_GROUP * group, BIGNUM * p, BIGNUM * a, BI
}
int
int
ec_GFp_simple_group_get_degree(const EC_GROUP * group)
{
return BN_num_bits(&group->field);
}
int
int
ec_GFp_simple_group_check_discriminant(const EC_GROUP * group, BN_CTX * ctx)
{
int ret = 0;
@@ -358,7 +359,7 @@ ec_GFp_simple_group_check_discriminant(const EC_GROUP * group, BN_CTX * ctx)
}
int
int
ec_GFp_simple_point_init(EC_POINT * point)
{
BN_init(&point->X);
@@ -370,7 +371,7 @@ ec_GFp_simple_point_init(EC_POINT * point)
}
void
void
ec_GFp_simple_point_finish(EC_POINT * point)
{
BN_free(&point->X);
@@ -379,7 +380,7 @@ ec_GFp_simple_point_finish(EC_POINT * point)
}
void
void
ec_GFp_simple_point_clear_finish(EC_POINT * point)
{
BN_clear_free(&point->X);
@@ -389,7 +390,7 @@ ec_GFp_simple_point_clear_finish(EC_POINT * point)
}
int
int
ec_GFp_simple_point_copy(EC_POINT * dest, const EC_POINT * src)
{
if (!BN_copy(&dest->X, &src->X))
@@ -404,7 +405,7 @@ ec_GFp_simple_point_copy(EC_POINT * dest, const EC_POINT * src)
}
int
int
ec_GFp_simple_point_set_to_infinity(const EC_GROUP * group, EC_POINT * point)
{
point->Z_is_one = 0;
@@ -413,9 +414,10 @@ ec_GFp_simple_point_set_to_infinity(const EC_GROUP * group, EC_POINT * point)
}
int
ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP * group, EC_POINT * point,
const BIGNUM * x, const BIGNUM * y, const BIGNUM * z, BN_CTX * ctx)
int
ec_GFp_simple_set_Jprojective_coordinates(const EC_GROUP *group,
EC_POINT *point, const BIGNUM *x, const BIGNUM *y, const BIGNUM *z,
BN_CTX *ctx)
{
BN_CTX *new_ctx = NULL;
int ret = 0;
@@ -465,10 +467,9 @@ ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP * group, EC_POINT *
return ret;
}
int
ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP * group, const EC_POINT * point,
BIGNUM * x, BIGNUM * y, BIGNUM * z, BN_CTX * ctx)
int
ec_GFp_simple_get_Jprojective_coordinates(const EC_GROUP *group,
const EC_POINT *point, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
{
BN_CTX *new_ctx = NULL;
int ret = 0;
@@ -513,8 +514,7 @@ ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP * group, const EC_P
return ret;
}
int
int
ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP * group, EC_POINT * point,
const BIGNUM * x, const BIGNUM * y, BN_CTX * ctx)
{
@@ -523,11 +523,11 @@ ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP * group, EC_POINT * po
ECerror(ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx);
return EC_POINT_set_Jprojective_coordinates(group, point, x, y,
BN_value_one(), ctx);
}
int
int
ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POINT * point,
BIGNUM * x, BIGNUM * y, BN_CTX * ctx)
{
@@ -586,7 +586,7 @@ ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POIN
}
}
} else {
if (!BN_mod_inverse_ct(Z_1, Z_, &group->field, ctx)) {
if (BN_mod_inverse_ct(Z_1, Z_, &group->field, ctx) == NULL) {
ECerror(ERR_R_BN_LIB);
goto err;
}
@@ -634,7 +634,7 @@ ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POIN
return ret;
}
int
int
ec_GFp_simple_add(const EC_GROUP * group, EC_POINT * r, const EC_POINT * a, const EC_POINT * b, BN_CTX * ctx)
{
int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
@@ -823,7 +823,7 @@ ec_GFp_simple_add(const EC_GROUP * group, EC_POINT * r, const EC_POINT * a, cons
}
int
int
ec_GFp_simple_dbl(const EC_GROUP * group, EC_POINT * r, const EC_POINT * a, BN_CTX * ctx)
{
int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
@@ -965,7 +965,7 @@ ec_GFp_simple_dbl(const EC_GROUP * group, EC_POINT * r, const EC_POINT * a, BN_C
}
int
int
ec_GFp_simple_invert(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx)
{
if (EC_POINT_is_at_infinity(group, point) > 0 || BN_is_zero(&point->Y))
@@ -976,14 +976,14 @@ ec_GFp_simple_invert(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx)
}
int
int
ec_GFp_simple_is_at_infinity(const EC_GROUP * group, const EC_POINT * point)
{
return BN_is_zero(&point->Z);
}
int
int
ec_GFp_simple_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX * ctx)
{
int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
@@ -1086,7 +1086,7 @@ ec_GFp_simple_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX
}
int
int
ec_GFp_simple_cmp(const EC_GROUP * group, const EC_POINT * a, const EC_POINT * b, BN_CTX * ctx)
{
/*
@@ -1188,7 +1188,7 @@ ec_GFp_simple_cmp(const EC_GROUP * group, const EC_POINT * a, const EC_POINT * b
}
int
int
ec_GFp_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx)
{
BN_CTX *new_ctx = NULL;
@@ -1209,9 +1209,9 @@ ec_GFp_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx
if ((y = BN_CTX_get(ctx)) == NULL)
goto err;
if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
goto err;
if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
goto err;
if (!point->Z_is_one) {
ECerror(ERR_R_INTERNAL_ERROR);
@@ -1226,7 +1226,7 @@ ec_GFp_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx
}
int
int
ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT * points[], BN_CTX * ctx)
{
BN_CTX *new_ctx = NULL;
@@ -1272,11 +1272,11 @@ ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT *
/*
* The array is used as a binary tree, exactly as in heapsort:
*
*
* heap[1] heap[2] heap[3] heap[4] heap[5]
* heap[6] heap[7] heap[8]heap[9] heap[10]heap[11]
* heap[12]heap[13] heap[14] heap[15]
*
*
* We put the Z's in the last line; then we set each other node to the
* product of its two child-nodes (where empty or 0 entries are
* treated as ones); then we invert heap[1]; then we invert each
@@ -1316,7 +1316,7 @@ ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT *
/* invert heap[1] */
if (!BN_is_zero(heap[1])) {
if (!BN_mod_inverse_ct(heap[1], heap[1], &group->field, ctx)) {
if (BN_mod_inverse_ct(heap[1], heap[1], &group->field, ctx) == NULL) {
ECerror(ERR_R_BN_LIB);
goto err;
}
@@ -1401,13 +1401,13 @@ ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT *
}
int
int
ec_GFp_simple_field_mul(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx)
{
return BN_mod_mul(r, a, b, &group->field, ctx);
}
int
int
ec_GFp_simple_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a, BN_CTX * ctx)
{
return BN_mod_sqr(r, a, &group->field, ctx);
@@ -1417,7 +1417,7 @@ ec_GFp_simple_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a, BN
* Apply randomization of EC point projective coordinates:
*
* (X, Y, Z) = (lambda^2 * X, lambda^3 * Y, lambda * Z)
*
*
* where lambda is in the interval [1, group->field).
*/
int
@@ -1687,7 +1687,7 @@ ec_GFp_simple_mul_ct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
}
/* one final cswap to move the right value into r */
EC_POINT_CSWAP(pbit, r, s, group_top, Z_is_one);
ret = 1;
err: