const char *ERR_reason_error_string(unsigned long e)
{
ERR_STRING_DATA d,*p=NULL;
unsigned long l,r;
l=ERR_GET_LIB(e);
r=ERR_GET_REASON(e);
CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
if (error_hash != NULL)
{
d.error=ERR_PACK(l,0,r);
p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d);
if (p == NULL)
{
d.error=ERR_PACK(0,0,r);
p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d);
}
}
CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
return((p == NULL)?NULL:p->string);
}
void
iotssl_log_errors(lcbio_XSSL *xs)
{
unsigned long curerr;
while ((curerr = ERR_get_error())) {
char errbuf[4096];
ERR_error_string_n(curerr, errbuf, sizeof errbuf);
lcb_log(LOGARGS(xs->ssl, LCB_LOG_ERROR), "%s", errbuf);
if (xs->errcode != LCB_SUCCESS) {
continue; /* Already set */
}
if (ERR_GET_LIB(curerr) == ERR_LIB_SSL) {
switch (ERR_GET_REASON(curerr)) {
case SSL_R_CERTIFICATE_VERIFY_FAILED:
case SSL_R_MISSING_VERIFY_MESSAGE:
xs->errcode = LCB_SSL_CANTVERIFY;
break;
case SSL_R_BAD_PROTOCOL_VERSION_NUMBER:
case SSL_R_UNKNOWN_PROTOCOL:
case SSL_R_WRONG_VERSION_NUMBER:
case SSL_R_UNKNOWN_SSL_VERSION:
case SSL_R_UNSUPPORTED_SSL_VERSION:
xs->errcode = LCB_PROTOCOL_ERROR;
break;
default:
xs->errcode = LCB_SSL_ERROR;
}
}
}
}
static isc_result_t
toresult(isc_result_t fallback) {
isc_result_t result = fallback;
unsigned long err = ERR_get_error();
#ifdef HAVE_OPENSSL_ECDSA
int lib = ERR_GET_LIB(err);
#endif
int reason = ERR_GET_REASON(err);
switch (reason) {
/*
* ERR_* errors are globally unique; others
* are unique per sublibrary
*/
case ERR_R_MALLOC_FAILURE:
result = ISC_R_NOMEMORY;
break;
default:
#ifdef HAVE_OPENSSL_ECDSA
if (lib == ERR_R_ECDSA_LIB &&
reason == ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED) {
result = ISC_R_NOENTROPY;
break;
}
#endif
break;
}
return (result);
}
/**
* Fetch OpenSSL error code and generate a string interpretation of it.
*
* @param[out] buf buffer to put string into
* @param[in] buflen size of buffer
*
* @returns buf
**/
gchar *
z_ssl_get_error_str(gchar *buf, int buflen)
{
const char *ls, *fs, *rs;
unsigned long e, l, f, r;
unsigned long new_error = 0;
gint count = -1;
do {
e = new_error;
new_error= ERR_get_error();
++count;
} while (new_error);
l = ERR_GET_LIB(e);
f = ERR_GET_FUNC(e);
r = ERR_GET_REASON(e);
ls = ERR_lib_error_string(e);
fs = ERR_func_error_string(e);
rs = ERR_reason_error_string(e);
if (count)
g_snprintf(buf, buflen, "error:%08lX:%s:lib(%lu):%s:func(%lu):%s:reason(%lu), supressed %d messages", e, ls ? ls : "(null)", l, fs ? fs : "(null)", f, rs ? rs : "(null)", r, count);
else
g_snprintf(buf, buflen, "error:%08lX:%s:lib(%lu):%s:func(%lu):%s:reason(%lu)", e, ls ? ls : "(null)", l, fs ? fs : "(null)", f, rs ? rs : "(null)", r);
return buf;
}
/* static unsigned long err_hash(ERR_STRING_DATA *a) */
static unsigned long err_hash(const void *a_void)
{
unsigned long ret,l;
l=((const ERR_STRING_DATA *)a_void)->error;
ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
return(ret^ret%19*13);
}
static unsigned long err_string_data_hash(const ERR_STRING_DATA *a)
{
unsigned long ret, l;
l = a->error;
ret = l ^ ERR_GET_LIB(l) ^ ERR_GET_FUNC(l);
return (ret ^ ret % 19 * 13);
}
int
SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *data, int data_len)
{
pem_password_cb *psw_fn = ctx->default_passwd_callback;
void *psw_arg = ctx->default_passwd_callback_userdata;
X509 *cert;
BIO *bio = NULL;
int ok;
ERR_clear_error();
/* Read from memory */
bio = BIO_new_mem_buf(data, data_len);
if (!bio) {
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
goto failed;
}
/* Load primary cert */
cert = PEM_read_bio_X509_AUX(bio, NULL, psw_fn, psw_arg);
if (!cert) {
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
goto failed;
}
/* Increments refcount */
ok = SSL_CTX_use_certificate(ctx, cert);
X509_free(cert);
if (!ok || ERR_peek_error())
goto failed;
/* Load extra certs */
ok = SSL_CTX_clear_extra_chain_certs(ctx);
while (ok) {
cert = PEM_read_bio_X509(bio, NULL, psw_fn, psw_arg);
if (!cert) {
/* Is it EOF? */
unsigned long err = ERR_peek_last_error();
if (ERR_GET_LIB(err) != ERR_LIB_PEM)
break;
if (ERR_GET_REASON(err) != PEM_R_NO_START_LINE)
break;
/* On EOF do successful exit */
BIO_free(bio);
ERR_clear_error();
return 1;
}
/* Does not increment refcount */
ok = SSL_CTX_add_extra_chain_cert(ctx, cert);
if (!ok)
X509_free(cert);
}
failed:
if (bio)
BIO_free(bio);
return 0;
}
const char *openssl_iostream_key_load_error(void)
{
unsigned long err = ERR_peek_error();
if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
ERR_GET_REASON(err) == X509_R_KEY_VALUES_MISMATCH)
return "Key is for a different cert than ssl_cert";
else
return openssl_iostream_error();
}
const char *ERR_reason_error_string(uint32_t packed_error) {
const char *reason_str = err_component_error_string(
ERR_PACK(ERR_GET_LIB(packed_error), 0, ERR_GET_REASON(packed_error)));
if (reason_str != NULL) {
return reason_str;
}
return err_component_error_string(
ERR_PACK(0, 0, ERR_GET_REASON(packed_error)));
}
const char *ERR_lib_error_string(unsigned long e)
{
ERR_STRING_DATA d,*p;
unsigned long l;
err_fns_check();
l=ERR_GET_LIB(e);
d.error=ERR_PACK(l,0,0);
p=ERRFN(err_get_item)(&d);
return((p == NULL)?NULL:p->string);
}
static int checkX509_STORE_error(char* err, size_t err_len) {
unsigned long errCode = ERR_peek_last_error();
if (ERR_GET_LIB(errCode) != ERR_LIB_X509 ||
ERR_GET_REASON(errCode) != X509_R_CERT_ALREADY_IN_HASH_TABLE) {
snprintf(err,
err_len,
"Error adding certificate to X509 store: %s",
ERR_reason_error_string(errCode));
return 0;
}
return 1;
}
const char *ERR_lib_error_string(unsigned long e)
{
ERR_STRING_DATA d, *p;
unsigned long l;
CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
l = ERR_GET_LIB(e);
d.error = ERR_PACK(l, 0, 0);
p = int_err_get_item(&d);
return ((p == NULL) ? NULL : p->string);
}
void ERR_error_string_n(unsigned long e, char *buf, size_t len)
{
char lsbuf[64], fsbuf[64], rsbuf[64];
const char *ls, *fs, *rs;
unsigned long l, f, r;
if (len == 0)
return;
l = ERR_GET_LIB(e);
f = ERR_GET_FUNC(e);
r = ERR_GET_REASON(e);
ls = ERR_lib_error_string(e);
fs = ERR_func_error_string(e);
rs = ERR_reason_error_string(e);
if (ls == NULL)
BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
if (fs == NULL)
BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
if (rs == NULL)
BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls ? ls : lsbuf,
fs ? fs : fsbuf, rs ? rs : rsbuf);
if (strlen(buf) == len - 1) {
/*
* output may be truncated; make sure we always have 5
* colon-separated fields, i.e. 4 colons ...
*/
#define NUM_COLONS 4
if (len > NUM_COLONS) { /* ... if possible */
int i;
char *s = buf;
for (i = 0; i < NUM_COLONS; i++) {
char *colon = strchr(s, ':');
if (colon == NULL || colon > &buf[len - 1] - NUM_COLONS + i) {
/*
* set colon no. i at last possible position (buf[len-1]
* is the terminating 0)
*/
colon = &buf[len - 1] - NUM_COLONS + i;
*colon = ':';
}
s = colon + 1;
}
}
}
}
/** exit with ssl error related to a file path */
static void ssl_path_err(const char* s, const char *path)
{
unsigned long err;
err = ERR_peek_error();
if (ERR_GET_LIB(err) == ERR_LIB_SYS &&
(ERR_GET_FUNC(err) == SYS_F_FOPEN ||
ERR_GET_FUNC(err) == SYS_F_FREAD) ) {
fprintf(stderr, "error: %s\n%s: %s\n",
s, path, ERR_reason_error_string(err));
exit(1);
} else {
ssl_err(s);
}
}
const char *ERR_lib_error_string(unsigned long e)
{
ERR_STRING_DATA d, *p;
unsigned long l;
if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
return NULL;
}
l = ERR_GET_LIB(e);
d.error = ERR_PACK(l, 0, 0);
p = int_err_get_item(&d);
return ((p == NULL) ? NULL : p->string);
}
/* pseudo-random bytes that are guaranteed to be unique but not
unpredictable */
static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
{
int ret;
unsigned long err;
ret = RAND_bytes(buf, num);
if (ret == 0)
{
err = ERR_peek_error();
if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
ERR_clear_error();
}
return (ret);
}
void SafetPKCS12Private::setLastError()
{
unsigned long err = ERR_get_error();
if( ERR_GET_LIB(err) == ERR_LIB_PKCS12 )
{
switch( ERR_GET_REASON(err) )
{
case PKCS12_R_MAC_VERIFY_FAILURE: error = SafetPKCS12::InvalidPassword; break;
default: error = SafetPKCS12::Unknown; break;
}
}
else
error = SafetPKCS12::Unknown;
errorString = ERR_error_string( err, NULL );
}
EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
{
const EC_METHOD *meth;
EC_GROUP *ret;
meth = EC_GFp_nist_method();
ret = EC_GROUP_new(meth);
if (ret == NULL)
return NULL;
if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
{
unsigned long err;
err = ERR_peek_last_error();
if (!(ERR_GET_LIB(err) == ERR_LIB_EC &&
((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) ||
(ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME))))
{
/* real error */
EC_GROUP_clear_free(ret);
return NULL;
}
/* not an actual error, we just cannot use EC_GFp_nist_method */
ERR_clear_error();
EC_GROUP_clear_free(ret);
meth = EC_GFp_mont_method();
ret = EC_GROUP_new(meth);
if (ret == NULL)
return NULL;
if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
{
EC_GROUP_clear_free(ret);
return NULL;
}
}
return ret;
}
const char *ERR_reason_error_string(unsigned long e)
{
ERR_STRING_DATA d,*p=NULL;
unsigned long l,r;
err_fns_check();
l=ERR_GET_LIB(e);
r=ERR_GET_REASON(e);
d.error=ERR_PACK(l,0,r);
p=ERRFN(err_get_item)(&d);
if (!p)
{
d.error=ERR_PACK(0,0,r);
p=ERRFN(err_get_item)(&d);
}
return((p == NULL)?NULL:p->string);
}
const char *ERR_reason_error_string(unsigned long e)
{
ERR_STRING_DATA d, *p = NULL;
unsigned long l, r;
CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);
l = ERR_GET_LIB(e);
r = ERR_GET_REASON(e);
d.error = ERR_PACK(l, 0, r);
p = int_err_get_item(&d);
if (!p) {
d.error = ERR_PACK(0, 0, r);
p = int_err_get_item(&d);
}
return ((p == NULL) ? NULL : p->string);
}
/* Based on Node's SSL_CTX_use_certificate_chain, in src/node_crypto.cc */
selene_error_t *read_certificate_chain(selene_conf_t *conf, BIO *in,
selene_cert_chain_t **p_certs) {
X509 *x = NULL;
selene_cert_chain_t *chain;
selene_cert_t *tmpc;
x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
if (x == NULL) {
return selene_error_create(SELENE_ENOMEM, "Failed to parse certificate");
}
SELENE_ERR(sln_cert_chain_create(conf, &chain));
SELENE_ERR(sln_cert_create(conf, x, 0, &tmpc));
SLN_CERT_CHAIN_INSERT_TAIL(chain, tmpc);
{
/**
* If we could set up our certificate, now proceed to
* the CA certificates.
*/
X509 *ca;
unsigned long err;
while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
SELENE_ERR(sln_cert_create(conf, ca, 0, &tmpc));
SLN_CERT_CHAIN_INSERT_TAIL(chain, tmpc);
}
/* When the while loop ends, it's usually just EOF. */
err = ERR_peek_last_error();
if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
ERR_clear_error();
} else {
/* some real error */
/* TODO: handle parse errors of the ca certs */
ERR_clear_error();
}
}
*p_certs = chain;
return SELENE_SUCCESS;
}
/*
* Read a bio that contains our certificate in "PEM" format,
* possibly followed by a sequence of CA certificates that should be
* sent to the peer in the Certificate message.
*/
static int
ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
{
X509 *ca, *x = NULL;
unsigned long err;
int ret = 0;
if ((x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
ctx->default_passwd_callback_userdata)) == NULL) {
SSLerrorx(ERR_R_PEM_LIB);
goto err;
}
if (!SSL_CTX_use_certificate(ctx, x))
goto err;
if (!ssl_cert_set0_chain(ctx->internal->cert, NULL))
goto err;
/* Process any additional CA certificates. */
while ((ca = PEM_read_bio_X509(in, NULL,
ctx->default_passwd_callback,
ctx->default_passwd_callback_userdata)) != NULL) {
if (!ssl_cert_add0_chain_cert(ctx->internal->cert, ca)) {
X509_free(ca);
goto err;
}
}
/* When the while loop ends, it's usually just EOF. */
err = ERR_peek_last_error();
if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
ERR_clear_error();
ret = 1;
}
err:
X509_free(x);
return (ret);
}
const char *ERR_func_error_string(unsigned long e)
{
ERR_STRING_DATA d,*p=NULL;
unsigned long l,f;
l=ERR_GET_LIB(e);
f=ERR_GET_FUNC(e);
CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
if (error_hash != NULL)
{
d.error=ERR_PACK(l,f,0);
p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d);
}
CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
return((p == NULL)?NULL:p->string);
}
static char *
tlso_session_errmsg( tls_session *sess, int rc, char *buf, size_t len )
{
char err[256] = "";
const char *certerr=NULL;
tlso_session *s = (tlso_session *)sess;
rc = ERR_peek_error();
if ( rc ) {
ERR_error_string_n( rc, err, sizeof(err) );
if ( ( ERR_GET_LIB(rc) == ERR_LIB_SSL ) &&
( ERR_GET_REASON(rc) == SSL_R_CERTIFICATE_VERIFY_FAILED ) ) {
int certrc = SSL_get_verify_result(s);
certerr = (char *)X509_verify_cert_error_string(certrc);
}
snprintf(buf, len, "%s%s%s%s", err, certerr ? " (" :"",
certerr ? certerr : "", certerr ? ")" : "" );
return buf;
}
return NULL;
}
/* BAD for multi-threaded, uses a local buffer if ret == NULL */
char *ERR_error_string(unsigned long e, char *ret)
{
#ifdef NO_ERR
if(ret != NULL) {
strcpy(ret, "No Error String Info.");
}
return "No Error String info.";
#else
static char buf[256];
const char *ls,*fs,*rs;
unsigned long l,f,r;
int i;
l=ERR_GET_LIB(e);
f=ERR_GET_FUNC(e);
r=ERR_GET_REASON(e);
ls=ERR_lib_error_string(e);
fs=ERR_func_error_string(e);
rs=ERR_reason_error_string(e);
if (ret == NULL) ret=buf;
sprintf(&(ret[0]),"error:%08lX:",e);
i=strlen(ret);
if (ls == NULL)
sprintf(&(ret[i]),":lib(%lu) ",l);
else sprintf(&(ret[i]),"%s",ls);
i=strlen(ret);
if (fs == NULL)
sprintf(&(ret[i]),":func(%lu) ",f);
else sprintf(&(ret[i]),":%s",fs);
i=strlen(ret);
if (rs == NULL)
sprintf(&(ret[i]),":reason(%lu)",r);
else sprintf(&(ret[i]),":%s",rs);
return(ret);
#endif
}
/**
* Read from a BIO, adding to the x509 store.
*/
static int
X509_STORE_load_bio(X509_STORE *ca_store, BIO *in) {
int ret = 1;
X509 *ca;
int r;
int found = 0;
unsigned long err;
while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
r = X509_STORE_add_cert(ca_store, ca);
if (r == 0) {
X509_free(ca);
ret = 0;
break;
}
found++;
/**
* The x509 cert object is reference counted by OpenSSL, so the STORE
* keeps it alive after its been added.
*/
X509_free(ca);
}
/* When the while loop ends, it's usually just EOF. */
err = ERR_peek_last_error();
if (found != 0 &&
ERR_GET_LIB(err) == ERR_LIB_PEM &&
ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
ERR_clear_error();
} else {
/* some real error */
ret = 0;
}
return ret;
}
SISCertificateChain* makeChain(const char* certData, EVP_PKEY** publicKey) {
BIO* in = BIO_new_mem_buf((void*) certData, -1);
BIO* out = BIO_new(BIO_s_mem());
while (true) {
X509* cert = PEM_read_bio_X509(in, NULL, NULL, NULL);
if (!cert) {
unsigned long err = ERR_peek_last_error();
int lib = ERR_GET_LIB(err);
int func = ERR_GET_FUNC(err);
int reason = ERR_GET_REASON(err);
if (lib == ERR_LIB_PEM && func == PEM_F_PEM_READ_BIO && reason == PEM_R_NO_START_LINE)
break;
ERR_print_errors_fp(stderr);
throw SignBadCert;
}
if (!*publicKey)
*publicKey = X509_PUBKEY_get(X509_get_X509_PUBKEY(cert));
i2d_X509_bio(out, cert);
X509_OBJECT obj;
obj.type = X509_LU_X509;
obj.data.x509 = cert;
X509_OBJECT_free_contents(&obj);
}
BIO_free_all(in);
char* ptr;
long length = BIO_get_mem_data(out, &ptr);
if (length <= 0) {
fprintf(stderr, "Bad certificate file\n");
throw SignBadCert;
}
SISBlob* blob = new SISBlob((uint8_t*) ptr, length);
BIO_free_all(out);
return new SISCertificateChain(blob);
}
static int is_pem_password_error(struct openconnect_info *vpninfo)
{
unsigned long err = ERR_peek_error();
openconnect_report_ssl_errors(vpninfo);
#ifndef EVP_F_EVP_DECRYPTFINAL_EX
#define EVP_F_EVP_DECRYPTFINAL_EX EVP_F_EVP_DECRYPTFINAL
#endif
/* If the user fat-fingered the passphrase, try again */
if (ERR_GET_LIB(err) == ERR_LIB_EVP &&
ERR_GET_FUNC(err) == EVP_F_EVP_DECRYPTFINAL_EX &&
ERR_GET_REASON(err) == EVP_R_BAD_DECRYPT) {
vpn_progress(vpninfo, PRG_ERR,
_("Loading private key failed (wrong passphrase?)\n"));
ERR_clear_error();
return 1;
}
vpn_progress(vpninfo, PRG_ERR,
_("Loading private key failed (see above errors)\n"));
return 0;
}
void ERR_error_string_n(unsigned long e, char *buf, size_t len)
{
char lsbuf[64], fsbuf[64], rsbuf[64];
const char *ls, *fs, *rs;
unsigned long l, f, r;
if (len == 0)
return;
l = ERR_GET_LIB(e);
ls = ERR_lib_error_string(e);
if (ls == NULL) {
BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
ls = lsbuf;
}
fs = ERR_func_error_string(e);
f = ERR_GET_FUNC(e);
if (fs == NULL) {
BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
fs = fsbuf;
}
rs = ERR_reason_error_string(e);
r = ERR_GET_REASON(e);
if (rs == NULL) {
BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
rs = rsbuf;
}
BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls, fs, rs);
if (strlen(buf) == len - 1) {
/* Didn't fit; use a minimal format. */
BIO_snprintf(buf, len, "err:%lx:%lx:%lx:%lx", e, l, f, r);
}
}
int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
EC_POINT *point, const BIGNUM *x_,
int y_bit, BN_CTX *ctx) {
BN_CTX *new_ctx = NULL;
BIGNUM *tmp1, *tmp2, *x, *y;
int ret = 0;
ERR_clear_error();
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL) {
return 0;
}
}
y_bit = (y_bit != 0);
BN_CTX_start(ctx);
tmp1 = BN_CTX_get(ctx);
tmp2 = BN_CTX_get(ctx);
x = BN_CTX_get(ctx);
y = BN_CTX_get(ctx);
if (y == NULL) {
goto err;
}
/* Recover y. We have a Weierstrass equation
* y^2 = x^3 + a*x + b,
* so y is one of the square roots of x^3 + a*x + b. */
/* tmp1 := x^3 */
if (!BN_nnmod(x, x_, &group->field, ctx)) {
goto err;
}
if (group->meth->field_decode == 0) {
/* field_{sqr,mul} work on standard representation */
if (!group->meth->field_sqr(group, tmp2, x_, ctx) ||
!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) {
goto err;
}
} else {
if (!BN_mod_sqr(tmp2, x_, &group->field, ctx) ||
!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) {
goto err;
}
}
/* tmp1 := tmp1 + a*x */
if (group->a_is_minus3) {
if (!BN_mod_lshift1_quick(tmp2, x, &group->field) ||
!BN_mod_add_quick(tmp2, tmp2, x, &group->field) ||
!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) {
goto err;
}
} else {
if (group->meth->field_decode) {
if (!group->meth->field_decode(group, tmp2, &group->a, ctx) ||
!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) {
goto err;
}
} else {
/* field_mul works on standard representation */
if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) {
goto err;
}
}
if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) {
goto err;
}
}
/* tmp1 := tmp1 + b */
if (group->meth->field_decode) {
if (!group->meth->field_decode(group, tmp2, &group->b, ctx) ||
!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) {
goto err;
}
} else {
if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) {
goto err;
}
}
if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) {
unsigned long err = ERR_peek_last_error();
if (ERR_GET_LIB(err) == ERR_LIB_BN &&
ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) {
ERR_clear_error();
OPENSSL_PUT_ERROR(EC, ec_GFp_simple_set_compressed_coordinates, EC_R_INVALID_COMPRESSED_POINT);
} else {
OPENSSL_PUT_ERROR(EC, ec_GFp_simple_set_compressed_coordinates, ERR_R_BN_LIB);
}
goto err;
}
if (y_bit != BN_is_odd(y)) {
if (BN_is_zero(y)) {
int kron;
kron = BN_kronecker(x, &group->field, ctx);
if (kron == -2) {
goto err;
}
if (kron == 1) {
OPENSSL_PUT_ERROR(EC, ec_GFp_simple_set_compressed_coordinates,
EC_R_INVALID_COMPRESSION_BIT);
} else {
/* BN_mod_sqrt() should have cought this error (not a square) */
OPENSSL_PUT_ERROR(EC, ec_GFp_simple_set_compressed_coordinates,
EC_R_INVALID_COMPRESSED_POINT);
}
goto err;
}
if (!BN_usub(y, &group->field, y)) {
goto err;
}
}
if (y_bit != BN_is_odd(y)) {
OPENSSL_PUT_ERROR(EC, ec_GFp_simple_set_compressed_coordinates,
ERR_R_INTERNAL_ERROR);
goto err;
}
if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
goto err;
ret = 1;
err:
BN_CTX_end(ctx);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
return ret;
}
