int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP * group, EC_POINT * point, const BIGNUM * x_, int y_bit, BN_CTX * ctx) { BN_CTX *new_ctx = NULL; BIGNUM *tmp1, *tmp2, *x, *y; int ret = 0; /* clear error queue */ ERR_clear_error(); if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return 0; } y_bit = (y_bit != 0); BN_CTX_start(ctx); tmp1 = BN_CTX_get(ctx); tmp2 = BN_CTX_get(ctx); x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); if (y == NULL) goto err; /* * Recover y. We have a Weierstrass equation y^2 = x^3 + a*x + b, so * y is one of the square roots of x^3 + a*x + b. */ /* tmp1 := x^3 */ if (!BN_nnmod(x, x_, &group->field, ctx)) goto err; if (group->meth->field_decode == 0) { /* field_{sqr,mul} work on standard representation */ if (!group->meth->field_sqr(group, tmp2, x_, ctx)) goto err; if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) goto err; } else { if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) goto err; if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) goto err; } /* tmp1 := tmp1 + a*x */ if (group->a_is_minus3) { if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) goto err; if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) goto err; if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) goto err; } else { if (group->meth->field_decode) { if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) goto err; if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) goto err; } else { /* field_mul works on standard representation */ if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) goto err; } if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err; } /* tmp1 := tmp1 + b */ if (group->meth->field_decode) { if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) goto err; if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err; } else { if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) goto err; } if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) { unsigned long err = ERR_peek_last_error(); if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) { ERR_clear_error(); ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); } else ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB); goto err; } if (y_bit != BN_is_odd(y)) { if (BN_is_zero(y)) { int kron; kron = BN_kronecker(x, &group->field, ctx); if (kron == -2) goto err; if (kron == 1) ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSION_BIT); else /* * BN_mod_sqrt() should have cought this * error (not a square) */ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); goto err; } if (!BN_usub(y, &group->field, y)) goto err; } if (y_bit != BN_is_odd(y)) { ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_INTERNAL_ERROR); goto err; } if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; ret = 1; err: BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); return ret; }
static int test_bad_asn1() { BIO *bio = NULL; ASN1_VALUE *value = NULL; int ret = 0; unsigned char buf[2048]; const unsigned char *buf_ptr = buf; unsigned char *der = NULL; int derlen; int len; bio = BIO_new_file(test_file, "r"); if (!TEST_ptr(bio)) return 0; if (expected_error == ASN1_BIO) { if (TEST_ptr_null(ASN1_item_d2i_bio(item_type, bio, NULL))) ret = 1; goto err; } /* * Unless we are testing it we don't use ASN1_item_d2i_bio because it * performs sanity checks on the input and can reject it before the * decoder is called. */ len = BIO_read(bio, buf, sizeof buf); if (!TEST_int_ge(len, 0)) goto err; value = ASN1_item_d2i(NULL, &buf_ptr, len, item_type); if (value == NULL) { if (TEST_int_eq(expected_error, ASN1_DECODE)) ret = 1; goto err; } derlen = ASN1_item_i2d(value, &der, item_type); if (der == NULL || derlen < 0) { if (TEST_int_eq(expected_error, ASN1_ENCODE)) ret = 1; goto err; } if (derlen != len || memcmp(der, buf, derlen) != 0) { if (TEST_int_eq(expected_error, ASN1_COMPARE)) ret = 1; goto err; } if (TEST_int_eq(expected_error, ASN1_OK)) ret = 1; err: /* Don't indicate success for memory allocation errors */ if (ret == 1 && !TEST_false(ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE)) ret = 0; BIO_free(bio); OPENSSL_free(der); ASN1_item_free(value, item_type); return ret; }