ring-native 0.0.0

data/vendor/ring/crypto/ec/ec_montgomery.c

@@ -0,0 +1,114 @@
+/* Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
+ * ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
+ * Laboratories. */
+
+#include <openssl/ec.h>
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/mem.h>
+
+#include "internal.h"
+
+
+const EC_METHOD EC_GFp_mont_method = {
+  ec_GFp_simple_point_get_affine_coordinates,
+  ec_wNAF_mul_private /* XXX: Not constant time. */,
+  ec_wNAF_mul_public,
+  ec_GFp_mont_field_mul,
+  ec_GFp_mont_field_sqr,
+  ec_GFp_mont_field_encode,
+  ec_GFp_mont_field_decode,
+  ec_GFp_mont_field_set_to_one
+};
+
+int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                          const BIGNUM *b, BN_CTX *ctx) {
+  return BN_mod_mul_montgomery(r, a, b, &group->mont, ctx);
+}
+
+int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *ctx) {
+  return BN_mod_mul_montgomery(r, a, a, &group->mont, ctx);
+}
+
+int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                             BN_CTX *ctx) {
+  return BN_to_montgomery(r, a, &group->mont, ctx);
+}
+
+int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                             BN_CTX *ctx) {
+  return BN_from_montgomery(r, a, &group->mont, ctx);
+}
+
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r,
+                                 BN_CTX *ctx) {
+  if (BN_copy(r, &group->one) == NULL) {
+    return 0;
+  }
+  return 1;
+}

data/vendor/ring/crypto/ec/example_mul.Windows.vcxproj

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{6216DD4F-2055-4D4E-9672-AF9154AC7B7B}</ProjectGuid>
+    <TargetName>example_mul</TargetName>
+  </PropertyGroup>
+  <ImportGroup Label="PropertySheets">
+    <Import Project="..\..\mk\WindowsTest.props" />
+  </ImportGroup>
+  <PropertyGroup Label="Configuration">
+    <OutDir>$(OutRootDir)test\ring\crypto\ec\</OutDir>
+  </PropertyGroup>
+  <ItemGroup>
+    <ClCompile Include="example_mul.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\libring.Windows.vcxproj">
+      <Project>{f4c0a1b6-5e09-41c8-8242-3e1f6762fb18}</Project>
+    </ProjectReference>
+    <ProjectReference Include="..\test\test.Windows.vcxproj">
+      <Project>{1dace503-6498-492d-b1ff-f9ee18624443}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+</Project>

data/vendor/ring/crypto/ec/internal.h

@@ -0,0 +1,243 @@
+/* Originally written by Bodo Moeller for the OpenSSL project.
+ * ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
+ * Laboratories. */
+
+#ifndef OPENSSL_HEADER_EC_INTERNAL_H
+#define OPENSSL_HEADER_EC_INTERNAL_H
+
+#include <openssl/base.h>
+
+#include <openssl/bn.h>
+#include <openssl/thread.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+typedef struct ec_method_st {
+  /* used by EC_POINT_get_affine_coordinates_GFp: */
+  int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_POINT *,
+                                      BIGNUM *x, BIGNUM *y, BN_CTX *);
+
+  /* Point multiplication for the case where any secret scalars are involved.
+   *
+   * Computes |r = g_scalar*generator + p_scalar*p| if |g_scalar| and |p_scalar|
+   * are both non-null. Computes |r = g_scalar*generator| if |p_scalar| is null.
+   * Computes |r = p_scalar*p| if g_scalar is null. At least one of |g_scalar|
+   * and |p_scalar| must be non-null, and |p| must be non-null if |p_scalar| is
+   * non-null. The scalars must be in the range [0, group->order-1]. */
+  int (*mul_private)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
+                     const EC_POINT *p, const BIGNUM *p_scalar, BN_CTX *ctx);
+
+  /* Point multiplication for the case where no private scalars are involved.
+   *
+   * Computes |r = g_scalar*generator + p_scalar*p| if |g_scalar| and |p_scalar|
+   * are both non-null. Computes |r = g_scalar*generator| if |p_scalar| is null.
+   * Computes |r = p_scalar*p| if g_scalar is null. At least one of |g_scalar|
+   * and |p_scalar| must be non-null, and |p| must be non-null if |p_scalar| is
+   * non-null. The scalars must be in the range [0, group->order-1]. */
+  int (*mul_public)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
+                    const EC_POINT *p, const BIGNUM *p_scalar, BN_CTX *ctx);
+
+  /* internal functions */
+
+  /* 'field_mul' and 'field_sqr' can be used by 'add' and 'dbl' so that the
+   * same implementations of point operations can be used with different
+   * optimized implementations of expensive field operations: */
+  int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                   const BIGNUM *b, BN_CTX *);
+  int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+
+  int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                      BN_CTX *); /* e.g. to Montgomery */
+  int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                      BN_CTX *); /* e.g. from Montgomery */
+  int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *);
+} EC_METHOD;
+
+extern const EC_METHOD EC_GFp_mont_method;
+
+struct ec_point_st {
+  const EC_METHOD *meth;
+
+  /* All members except 'meth' are handled by the method functions,
+   * even if they appear generic. */
+
+  BIGNUM X;
+  BIGNUM Y;
+  BIGNUM Z; /* Jacobian projective coordinates:
+             * (X, Y, Z)  represents  (X/Z^2, Y/Z^3)  if  Z != 0 */
+} /* EC_POINT */;
+
+struct ec_group_st {
+  const EC_METHOD *meth;
+
+  const EC_POINT generator;
+  const BIGNUM order;
+  const BN_MONT_CTX order_mont;
+  const BIGNUM order_minus_2;
+
+  int curve_name; /* optional NID for named curve */
+
+  /* The following members are handled by the method functions,
+   * even if they appear generic */
+
+  BIGNUM field; /* For curves over GF(p), this is the modulus. */
+
+  BIGNUM a, b; /* Curve coefficients. */
+
+  BN_MONT_CTX mont; /* Montgomery structure. */
+  BIGNUM one; /* The value one */
+} /* EC_GROUP */;
+
+EC_GROUP *ec_group_new(const EC_METHOD *meth);
+
+int ec_wNAF_mul_private(const EC_GROUP *group, EC_POINT *r,
+                        const BIGNUM *g_scalar, const EC_POINT *p,
+                        const BIGNUM *p_scalar, BN_CTX *ctx);
+int ec_wNAF_mul_public(const EC_GROUP *group, EC_POINT *r,
+                       const BIGNUM *g_scalar, const EC_POINT *p,
+                       const BIGNUM *p_scalar, BN_CTX *ctx);
+
+/* method functions in simple.c */
+unsigned ec_GFp_simple_group_get_degree(const EC_GROUP *);
+int ec_GFp_simple_point_init(EC_POINT *);
+void ec_GFp_simple_point_finish(EC_POINT *);
+void ec_GFp_simple_point_clear_finish(EC_POINT *);
+int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+                                                  const BIGNUM *x,
+                                                  const BIGNUM *y,
+                                                  const BIGNUM *z, BN_CTX *);
+int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
+                                               const BIGNUM *x, const BIGNUM *y,
+                                               BN_CTX *);
+int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *,
+                                               const EC_POINT *, BIGNUM *x,
+                                               BIGNUM *y, BN_CTX *);
+int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                      const EC_POINT *b, BN_CTX *);
+int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                      BN_CTX *);
+int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
+                      BN_CTX *);
+int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num,
+                                     EC_POINT * [], BN_CTX *);
+int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                            const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *);
+
+/* method functions in montgomery.c */
+int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          const BIGNUM *b, BN_CTX *);
+int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *);
+int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             BN_CTX *);
+int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             BN_CTX *);
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
+
+int ec_point_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             EC_POINT *point, const BIGNUM *x,
+                                             const BIGNUM *y, const BIGNUM *z,
+                                             BN_CTX *ctx);
+
+void ec_GFp_nistp_points_make_affine_internal(
+    size_t num, void *point_array, size_t felem_size, void *tmp_felems,
+    void (*felem_one)(void *out), int (*felem_is_zero)(const void *in),
+    void (*felem_assign)(void *out, const void *in),
+    void (*felem_square)(void *out, const void *in),
+    void (*felem_mul)(void *out, const void *in1, const void *in2),
+    void (*felem_inv)(void *out, const void *in),
+    void (*felem_contract)(void *out, const void *in));
+
+void ec_GFp_nistp_recode_scalar_bits(uint8_t *sign, uint8_t *digit, uint8_t in);
+
+extern const EC_METHOD EC_GFp_nistp256_method;
+extern const EC_METHOD EC_GFp_nistz256_method;
+
+struct ec_key_st {
+  const EC_GROUP *group;
+
+  EC_POINT *pub_key;
+  BIGNUM *priv_key;
+
+  CRYPTO_refcount_t references;
+} /* EC_KEY */;
+
+
+#if defined(__cplusplus)
+}  /* extern C */
+#endif
+
+#endif  /* OPENSSL_HEADER_EC_INTERNAL_H */

data/vendor/ring/crypto/ec/oct.c

@@ -0,0 +1,253 @@
+/* Originally written by Bodo Moeller for the OpenSSL project.
+ * ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
+ * Laboratories. */
+
+#include <openssl/ec.h>
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+
+#include "internal.h"
+
+
+static size_t ec_GFp_simple_point2oct(const EC_GROUP *group,
+                                      const EC_POINT *point,
+                                      point_conversion_form_t form,
+                                      uint8_t *buf, size_t len, BN_CTX *ctx) {
+  size_t ret;
+  BN_CTX *new_ctx = NULL;
+  int used_ctx = 0;
+  BIGNUM *x, *y;
+  size_t field_len, i;
+
+  if (form != POINT_CONVERSION_UNCOMPRESSED) {
+    OPENSSL_PUT_ERROR(EC, EC_R_INVALID_FORM);
+    goto err;
+  }
+
+  if (EC_POINT_is_at_infinity(group, point)) {
+    OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
+    goto err;
+  }
+
+  /* ret := required output buffer length */
+  field_len = BN_num_bytes(&group->field);
+  ret = 1 + 2 * field_len;
+
+  /* if 'buf' is NULL, just return required length */
+  if (buf != NULL) {
+    if (len < ret) {
+      OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL);
+      goto err;
+    }
+
+    if (ctx == NULL) {
+      ctx = new_ctx = BN_CTX_new();
+      if (ctx == NULL) {
+        goto err;
+      }
+    }
+
+    BN_CTX_start(ctx);
+    used_ctx = 1;
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL) {
+      goto err;
+    }
+
+    if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) {
+      goto err;
+    }
+
+    buf[0] = form;
+    i = 1;
+
+    if (!BN_bn2bin_padded(buf + i, field_len, x)) {
+      OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
+      goto err;
+    }
+    i += field_len;
+
+    if (form == POINT_CONVERSION_UNCOMPRESSED) {
+      if (!BN_bn2bin_padded(buf + i, field_len, y)) {
+        OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
+        goto err;
+      }
+      i += field_len;
+    }
+
+    if (i != ret) {
+      OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
+      goto err;
+    }
+  }
+
+  if (used_ctx) {
+    BN_CTX_end(ctx);
+  }
+  BN_CTX_free(new_ctx);
+  return ret;
+
+err:
+  if (used_ctx) {
+    BN_CTX_end(ctx);
+  }
+  BN_CTX_free(new_ctx);
+  return 0;
+}
+
+
+static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+                                   const uint8_t *buf, size_t len,
+                                   BN_CTX *ctx) {
+  if (group->meth != point->meth) {
+    OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
+    return 0;
+  }
+
+  BN_CTX *new_ctx = NULL;
+  BIGNUM *x, *y;
+  size_t field_len, enc_len;
+  int ret = 0;
+
+  if (len == 0) {
+    OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL);
+    return 0;
+  }
+  if (buf[0] != POINT_CONVERSION_UNCOMPRESSED) {
+    OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING);
+    return 0;
+  }
+
+  field_len = BN_num_bytes(&group->field);
+  enc_len = 1 + 2 * field_len;
+
+  if (len != enc_len) {
+    OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING);
+    return 0;
+  }
+
+  if (ctx == NULL) {
+    ctx = new_ctx = BN_CTX_new();
+    if (ctx == NULL) {
+      return 0;
+    }
+  }
+
+  BN_CTX_start(ctx);
+  x = BN_CTX_get(ctx);
+  y = BN_CTX_get(ctx);
+  if (x == NULL || y == NULL) {
+    goto err;
+  }
+
+  if (!BN_bin2bn(buf + 1, field_len, x)) {
+    goto err;
+  }
+  if (BN_ucmp(x, &group->field) >= 0) {
+    OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING);
+    goto err;
+  }
+
+  if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) {
+    goto err;
+  }
+  if (BN_ucmp(y, &group->field) >= 0) {
+    OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING);
+    goto err;
+  }
+
+  if (!ec_GFp_simple_point_set_affine_coordinates(group, point, x, y, ctx)) {
+    goto err;
+  }
+
+  ret = 1;
+
+err:
+  BN_CTX_end(ctx);
+  BN_CTX_free(new_ctx);
+  return ret;
+}
+
+int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
+                       const uint8_t *buf, size_t len, BN_CTX *ctx) {
+  if (group->meth != point->meth) {
+    OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
+    return 0;
+  }
+  return ec_GFp_simple_oct2point(group, point, buf, len, ctx);
+}
+
+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
+                          point_conversion_form_t form, uint8_t *buf,
+                          size_t len, BN_CTX *ctx) {
+  if (group->meth != point->meth) {
+    OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
+    return 0;
+  }
+  return ec_GFp_simple_point2oct(group, point, form, buf, len, ctx);
+}