1 /* 2 * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "ec_local.h" 11 #include <openssl/err.h> 12 13 int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) 14 { 15 int ret = 0; 16 const BIGNUM *order; 17 BN_CTX *new_ctx = NULL; 18 EC_POINT *point = NULL; 19 20 /* Custom curves assumed to be correct */ 21 if ((group->meth->flags & EC_FLAGS_CUSTOM_CURVE) != 0) 22 return 1; 23 24 if (ctx == NULL) { 25 ctx = new_ctx = BN_CTX_new(); 26 if (ctx == NULL) { 27 ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE); 28 goto err; 29 } 30 } 31 32 /* check the discriminant */ 33 if (!EC_GROUP_check_discriminant(group, ctx)) { 34 ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO); 35 goto err; 36 } 37 38 /* check the generator */ 39 if (group->generator == NULL) { 40 ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); 41 goto err; 42 } 43 if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) { 44 ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); 45 goto err; 46 } 47 48 /* check the order of the generator */ 49 if ((point = EC_POINT_new(group)) == NULL) 50 goto err; 51 order = EC_GROUP_get0_order(group); 52 if (order == NULL) 53 goto err; 54 if (BN_is_zero(order)) { 55 ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER); 56 goto err; 57 } 58 59 if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) 60 goto err; 61 if (!EC_POINT_is_at_infinity(group, point)) { 62 ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER); 63 goto err; 64 } 65 66 ret = 1; 67 68 err: 69 BN_CTX_free(new_ctx); 70 EC_POINT_free(point); 71 return ret; 72 } 73