1 /* Originally written by Bodo Moeller for the OpenSSL project. 2 * ==================================================================== 3 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in 14 * the documentation and/or other materials provided with the 15 * distribution. 16 * 17 * 3. All advertising materials mentioning features or use of this 18 * software must display the following acknowledgment: 19 * "This product includes software developed by the OpenSSL Project 20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 21 * 22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 23 * endorse or promote products derived from this software without 24 * prior written permission. For written permission, please contact 25 * openssl-core@openssl.org. 26 * 27 * 5. Products derived from this software may not be called "OpenSSL" 28 * nor may "OpenSSL" appear in their names without prior written 29 * permission of the OpenSSL Project. 30 * 31 * 6. Redistributions of any form whatsoever must retain the following 32 * acknowledgment: 33 * "This product includes software developed by the OpenSSL Project 34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 35 * 36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 47 * OF THE POSSIBILITY OF SUCH DAMAGE. 48 * ==================================================================== 49 * 50 * This product includes cryptographic software written by Eric Young 51 * (eay@cryptsoft.com). This product includes software written by Tim 52 * Hudson (tjh@cryptsoft.com). 53 * 54 */ 55 /* ==================================================================== 56 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 57 * 58 * Portions of the attached software ("Contribution") are developed by 59 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 60 * 61 * The Contribution is licensed pursuant to the OpenSSL open source 62 * license provided above. 63 * 64 * The elliptic curve binary polynomial software is originally written by 65 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems 66 * Laboratories. */ 67 68 #ifndef OPENSSL_HEADER_EC_H 69 #define OPENSSL_HEADER_EC_H 70 71 #include <openssl/base.h> 72 73 #if defined(__cplusplus) 74 extern "C" { 75 #endif 76 77 78 // Low-level operations on elliptic curves. 79 80 81 // point_conversion_form_t enumerates forms, as defined in X9.62 (ECDSA), for 82 // the encoding of a elliptic curve point (x,y) 83 typedef enum { 84 // POINT_CONVERSION_COMPRESSED indicates that the point is encoded as z||x, 85 // where the octet z specifies which solution of the quadratic equation y 86 // is. 87 POINT_CONVERSION_COMPRESSED = 2, 88 89 // POINT_CONVERSION_UNCOMPRESSED indicates that the point is encoded as 90 // z||x||y, where z is the octet 0x04. 91 POINT_CONVERSION_UNCOMPRESSED = 4, 92 93 // POINT_CONVERSION_HYBRID indicates that the point is encoded as z||x||y, 94 // where z specifies which solution of the quadratic equation y is. This is 95 // not supported by the code and has never been observed in use. 96 // 97 // TODO(agl): remove once node.js no longer references this. 98 POINT_CONVERSION_HYBRID = 6, 99 } point_conversion_form_t; 100 101 102 // Elliptic curve groups. 103 104 // EC_group_p224 returns an |EC_GROUP| for P-224, also known as secp224r1. 105 OPENSSL_EXPORT const EC_GROUP *EC_group_p224(void); 106 107 // EC_group_p256 returns an |EC_GROUP| for P-256, also known as secp256r1 or 108 // prime256v1. 109 OPENSSL_EXPORT const EC_GROUP *EC_group_p256(void); 110 111 // EC_group_p384 returns an |EC_GROUP| for P-384, also known as secp384r1. 112 OPENSSL_EXPORT const EC_GROUP *EC_group_p384(void); 113 114 // EC_group_p521 returns an |EC_GROUP| for P-521, also known as secp521r1. 115 OPENSSL_EXPORT const EC_GROUP *EC_group_p521(void); 116 117 // EC_GROUP_new_by_curve_name returns the |EC_GROUP| object for the elliptic 118 // curve specified by |nid|, or NULL on unsupported NID. For OpenSSL 119 // compatibility, this function returns a non-const pointer which may be passed 120 // to |EC_GROUP_free|. However, the resulting object is actually static and 121 // calling |EC_GROUP_free| is optional. 122 // 123 // The supported NIDs are: 124 // NID_secp224r1 (P-224), 125 // NID_X9_62_prime256v1 (P-256), 126 // NID_secp384r1 (P-384), 127 // NID_secp521r1 (P-521) 128 // 129 // Calling this function causes all four curves to be linked into the binary. 130 // Prefer calling |EC_group_*| to allow the static linker to drop unused curves. 131 // 132 // If in doubt, use |NID_X9_62_prime256v1|, or see the curve25519.h header for 133 // more modern primitives. 134 OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_by_curve_name(int nid); 135 136 // EC_GROUP_free releases a reference to |group|. 137 OPENSSL_EXPORT void EC_GROUP_free(EC_GROUP *group); 138 139 // EC_GROUP_dup takes a reference to |a| and returns it. 140 OPENSSL_EXPORT EC_GROUP *EC_GROUP_dup(const EC_GROUP *a); 141 142 // EC_GROUP_cmp returns zero if |a| and |b| are the same group and non-zero 143 // otherwise. 144 OPENSSL_EXPORT int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, 145 BN_CTX *ignored); 146 147 // EC_GROUP_get0_generator returns a pointer to the internal |EC_POINT| object 148 // in |group| that specifies the generator for the group. 149 OPENSSL_EXPORT const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); 150 151 // EC_GROUP_get0_order returns a pointer to the internal |BIGNUM| object in 152 // |group| that specifies the order of the group. 153 OPENSSL_EXPORT const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); 154 155 // EC_GROUP_order_bits returns the number of bits of the order of |group|. 156 OPENSSL_EXPORT int EC_GROUP_order_bits(const EC_GROUP *group); 157 158 // EC_GROUP_get_cofactor sets |*cofactor| to the cofactor of |group| using 159 // |ctx|, if it's not NULL. It returns one on success and zero otherwise. 160 OPENSSL_EXPORT int EC_GROUP_get_cofactor(const EC_GROUP *group, 161 BIGNUM *cofactor, BN_CTX *ctx); 162 163 // EC_GROUP_get_curve_GFp gets various parameters about a group. It sets 164 // |*out_p| to the order of the coordinate field and |*out_a| and |*out_b| to 165 // the parameters of the curve when expressed as y² = x³ + ax + b. Any of the 166 // output parameters can be NULL. It returns one on success and zero on 167 // error. 168 OPENSSL_EXPORT int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *out_p, 169 BIGNUM *out_a, BIGNUM *out_b, 170 BN_CTX *ctx); 171 172 // EC_GROUP_get_curve_name returns a NID that identifies |group|. 173 OPENSSL_EXPORT int EC_GROUP_get_curve_name(const EC_GROUP *group); 174 175 // EC_GROUP_get_degree returns the number of bits needed to represent an 176 // element of the field underlying |group|. 177 OPENSSL_EXPORT unsigned EC_GROUP_get_degree(const EC_GROUP *group); 178 179 // EC_curve_nid2nist returns the NIST name of the elliptic curve specified by 180 // |nid|, or NULL if |nid| is not a NIST curve. For example, it returns "P-256" 181 // for |NID_X9_62_prime256v1|. 182 OPENSSL_EXPORT const char *EC_curve_nid2nist(int nid); 183 184 // EC_curve_nist2nid returns the NID of the elliptic curve specified by the NIST 185 // name |name|, or |NID_undef| if |name| is not a recognized name. For example, 186 // it returns |NID_X9_62_prime256v1| for "P-256". 187 OPENSSL_EXPORT int EC_curve_nist2nid(const char *name); 188 189 190 // Points on elliptic curves. 191 192 // EC_POINT_new returns a fresh |EC_POINT| object in the given group, or NULL 193 // on error. 194 OPENSSL_EXPORT EC_POINT *EC_POINT_new(const EC_GROUP *group); 195 196 // EC_POINT_free frees |point| and the data that it points to. 197 OPENSSL_EXPORT void EC_POINT_free(EC_POINT *point); 198 199 // EC_POINT_copy sets |*dest| equal to |*src|. It returns one on success and 200 // zero otherwise. 201 OPENSSL_EXPORT int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src); 202 203 // EC_POINT_dup returns a fresh |EC_POINT| that contains the same values as 204 // |src|, or NULL on error. 205 OPENSSL_EXPORT EC_POINT *EC_POINT_dup(const EC_POINT *src, 206 const EC_GROUP *group); 207 208 // EC_POINT_set_to_infinity sets |point| to be the "point at infinity" for the 209 // given group. 210 OPENSSL_EXPORT int EC_POINT_set_to_infinity(const EC_GROUP *group, 211 EC_POINT *point); 212 213 // EC_POINT_is_at_infinity returns one iff |point| is the point at infinity and 214 // zero otherwise. 215 OPENSSL_EXPORT int EC_POINT_is_at_infinity(const EC_GROUP *group, 216 const EC_POINT *point); 217 218 // EC_POINT_is_on_curve returns one if |point| is an element of |group| and 219 // and zero otherwise or when an error occurs. This is different from OpenSSL, 220 // which returns -1 on error. If |ctx| is non-NULL, it may be used. 221 OPENSSL_EXPORT int EC_POINT_is_on_curve(const EC_GROUP *group, 222 const EC_POINT *point, BN_CTX *ctx); 223 224 // EC_POINT_cmp returns zero if |a| is equal to |b|, greater than zero if 225 // not equal and -1 on error. If |ctx| is not NULL, it may be used. 226 OPENSSL_EXPORT int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, 227 const EC_POINT *b, BN_CTX *ctx); 228 229 230 // Point conversion. 231 232 // EC_POINT_get_affine_coordinates_GFp sets |x| and |y| to the affine value of 233 // |point| using |ctx|, if it's not NULL. It returns one on success and zero 234 // otherwise. 235 // 236 // Either |x| or |y| may be NULL to skip computing that coordinate. This is 237 // slightly faster in the common case where only the x-coordinate is needed. 238 OPENSSL_EXPORT int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, 239 const EC_POINT *point, 240 BIGNUM *x, BIGNUM *y, 241 BN_CTX *ctx); 242 243 // EC_POINT_get_affine_coordinates is an alias of 244 // |EC_POINT_get_affine_coordinates_GFp|. 245 OPENSSL_EXPORT int EC_POINT_get_affine_coordinates(const EC_GROUP *group, 246 const EC_POINT *point, 247 BIGNUM *x, BIGNUM *y, 248 BN_CTX *ctx); 249 250 // EC_POINT_set_affine_coordinates_GFp sets the value of |point| to be 251 // (|x|, |y|). The |ctx| argument may be used if not NULL. It returns one 252 // on success or zero on error. It's considered an error if the point is not on 253 // the curve. 254 // 255 // Note that the corresponding function in OpenSSL versions prior to 1.0.2s does 256 // not check if the point is on the curve. This is a security-critical check, so 257 // code additionally supporting OpenSSL should repeat the check with 258 // |EC_POINT_is_on_curve| or check for older OpenSSL versions with 259 // |OPENSSL_VERSION_NUMBER|. 260 OPENSSL_EXPORT int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, 261 EC_POINT *point, 262 const BIGNUM *x, 263 const BIGNUM *y, 264 BN_CTX *ctx); 265 266 // EC_POINT_set_affine_coordinates is an alias of 267 // |EC_POINT_set_affine_coordinates_GFp|. 268 OPENSSL_EXPORT int EC_POINT_set_affine_coordinates(const EC_GROUP *group, 269 EC_POINT *point, 270 const BIGNUM *x, 271 const BIGNUM *y, 272 BN_CTX *ctx); 273 274 // EC_POINT_point2oct serialises |point| into the X9.62 form given by |form| 275 // into, at most, |max_out| bytes at |buf|. It returns the number of bytes 276 // written or zero on error if |buf| is non-NULL, else the number of bytes 277 // needed. The |ctx| argument may be used if not NULL. 278 OPENSSL_EXPORT size_t EC_POINT_point2oct(const EC_GROUP *group, 279 const EC_POINT *point, 280 point_conversion_form_t form, 281 uint8_t *buf, size_t max_out, 282 BN_CTX *ctx); 283 284 // EC_POINT_point2buf serialises |point| into the X9.62 form given by |form| to 285 // a newly-allocated buffer and sets |*out_buf| to point to it. It returns the 286 // length of the result on success or zero on error. The caller must release 287 // |*out_buf| with |OPENSSL_free| when done. 288 OPENSSL_EXPORT size_t EC_POINT_point2buf(const EC_GROUP *group, 289 const EC_POINT *point, 290 point_conversion_form_t form, 291 uint8_t **out_buf, BN_CTX *ctx); 292 293 // EC_POINT_point2cbb behaves like |EC_POINT_point2oct| but appends the 294 // serialised point to |cbb|. It returns one on success and zero on error. 295 OPENSSL_EXPORT int EC_POINT_point2cbb(CBB *out, const EC_GROUP *group, 296 const EC_POINT *point, 297 point_conversion_form_t form, 298 BN_CTX *ctx); 299 300 // EC_POINT_oct2point sets |point| from |len| bytes of X9.62 format 301 // serialisation in |buf|. It returns one on success and zero on error. The 302 // |ctx| argument may be used if not NULL. It's considered an error if |buf| 303 // does not represent a point on the curve. 304 OPENSSL_EXPORT int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point, 305 const uint8_t *buf, size_t len, 306 BN_CTX *ctx); 307 308 // EC_POINT_set_compressed_coordinates_GFp sets |point| to equal the point with 309 // the given |x| coordinate and the y coordinate specified by |y_bit| (see 310 // X9.62). It returns one on success and zero otherwise. 311 OPENSSL_EXPORT int EC_POINT_set_compressed_coordinates_GFp( 312 const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, int y_bit, 313 BN_CTX *ctx); 314 315 316 // Group operations. 317 318 // EC_POINT_add sets |r| equal to |a| plus |b|. It returns one on success and 319 // zero otherwise. If |ctx| is not NULL, it may be used. 320 OPENSSL_EXPORT int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, 321 const EC_POINT *a, const EC_POINT *b, 322 BN_CTX *ctx); 323 324 // EC_POINT_dbl sets |r| equal to |a| plus |a|. It returns one on success and 325 // zero otherwise. If |ctx| is not NULL, it may be used. 326 OPENSSL_EXPORT int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, 327 const EC_POINT *a, BN_CTX *ctx); 328 329 // EC_POINT_invert sets |a| equal to minus |a|. It returns one on success and 330 // zero otherwise. If |ctx| is not NULL, it may be used. 331 OPENSSL_EXPORT int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, 332 BN_CTX *ctx); 333 334 // EC_POINT_mul sets r = generator*n + q*m. It returns one on success and zero 335 // otherwise. If |ctx| is not NULL, it may be used. 336 OPENSSL_EXPORT int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, 337 const BIGNUM *n, const EC_POINT *q, 338 const BIGNUM *m, BN_CTX *ctx); 339 340 341 // Hash-to-curve. 342 // 343 // The following functions implement primitives from RFC 9380. The |dst| 344 // parameter in each function is the domain separation tag and must be unique 345 // for each protocol and between the |hash_to_curve| and |hash_to_scalar| 346 // variants. See section 3.1 of the spec for additional guidance on this 347 // parameter. 348 349 // EC_hash_to_curve_p256_xmd_sha256_sswu hashes |msg| to a point on |group| and 350 // writes the result to |out|, implementing the P256_XMD:SHA-256_SSWU_RO_ suite 351 // from RFC 9380. It returns one on success and zero on error. 352 OPENSSL_EXPORT int EC_hash_to_curve_p256_xmd_sha256_sswu( 353 const EC_GROUP *group, EC_POINT *out, const uint8_t *dst, size_t dst_len, 354 const uint8_t *msg, size_t msg_len); 355 356 // EC_hash_to_curve_p384_xmd_sha384_sswu hashes |msg| to a point on |group| and 357 // writes the result to |out|, implementing the P384_XMD:SHA-384_SSWU_RO_ suite 358 // from RFC 9380. It returns one on success and zero on error. 359 OPENSSL_EXPORT int EC_hash_to_curve_p384_xmd_sha384_sswu( 360 const EC_GROUP *group, EC_POINT *out, const uint8_t *dst, size_t dst_len, 361 const uint8_t *msg, size_t msg_len); 362 363 364 // Deprecated functions. 365 366 // EC_GROUP_new_curve_GFp creates a new, arbitrary elliptic curve group based 367 // on the equation y² = x³ + a·x + b. It returns the new group or NULL on 368 // error. 369 // 370 // This new group has no generator. It is an error to use a generator-less group 371 // with any functions except for |EC_GROUP_free|, |EC_POINT_new|, 372 // |EC_POINT_set_affine_coordinates_GFp|, and |EC_GROUP_set_generator|. 373 // 374 // |EC_GROUP|s returned by this function will always compare as unequal via 375 // |EC_GROUP_cmp| (even to themselves). |EC_GROUP_get_curve_name| will always 376 // return |NID_undef|. 377 // 378 // This function is provided for compatibility with some legacy applications 379 // only. Avoid using arbitrary curves and use |EC_GROUP_new_by_curve_name| 380 // instead. This ensures the result meets preconditions necessary for 381 // elliptic curve algorithms to function correctly and securely. 382 // 383 // Given invalid parameters, this function may fail or it may return an 384 // |EC_GROUP| which breaks these preconditions. Subsequent operations may then 385 // return arbitrary, incorrect values. Callers should not pass 386 // attacker-controlled values to this function. 387 OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, 388 const BIGNUM *a, 389 const BIGNUM *b, BN_CTX *ctx); 390 391 // EC_GROUP_set_generator sets the generator for |group| to |generator|, which 392 // must have the given order and cofactor. It may only be used with |EC_GROUP| 393 // objects returned by |EC_GROUP_new_curve_GFp| and may only be used once on 394 // each group. |generator| must have been created using |group|. 395 OPENSSL_EXPORT int EC_GROUP_set_generator(EC_GROUP *group, 396 const EC_POINT *generator, 397 const BIGNUM *order, 398 const BIGNUM *cofactor); 399 400 // EC_GROUP_get_order sets |*order| to the order of |group|, if it's not 401 // NULL. It returns one on success and zero otherwise. |ctx| is ignored. Use 402 // |EC_GROUP_get0_order| instead. 403 OPENSSL_EXPORT int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, 404 BN_CTX *ctx); 405 406 #define OPENSSL_EC_EXPLICIT_CURVE 0 407 #define OPENSSL_EC_NAMED_CURVE 1 408 409 // EC_GROUP_set_asn1_flag does nothing. 410 OPENSSL_EXPORT void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); 411 412 // EC_GROUP_get_asn1_flag returns |OPENSSL_EC_NAMED_CURVE|. 413 OPENSSL_EXPORT int EC_GROUP_get_asn1_flag(const EC_GROUP *group); 414 415 typedef struct ec_method_st EC_METHOD; 416 417 // EC_GROUP_method_of returns a dummy non-NULL pointer. 418 OPENSSL_EXPORT const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); 419 420 // EC_METHOD_get_field_type returns NID_X9_62_prime_field. 421 OPENSSL_EXPORT int EC_METHOD_get_field_type(const EC_METHOD *meth); 422 423 // EC_GROUP_set_point_conversion_form aborts the process if |form| is not 424 // |POINT_CONVERSION_UNCOMPRESSED| and otherwise does nothing. 425 OPENSSL_EXPORT void EC_GROUP_set_point_conversion_form( 426 EC_GROUP *group, point_conversion_form_t form); 427 428 // EC_builtin_curve describes a supported elliptic curve. 429 typedef struct { 430 int nid; 431 const char *comment; 432 } EC_builtin_curve; 433 434 // EC_get_builtin_curves writes at most |max_num_curves| elements to 435 // |out_curves| and returns the total number that it would have written, had 436 // |max_num_curves| been large enough. 437 // 438 // The |EC_builtin_curve| items describe the supported elliptic curves. 439 OPENSSL_EXPORT size_t EC_get_builtin_curves(EC_builtin_curve *out_curves, 440 size_t max_num_curves); 441 442 // EC_POINT_clear_free calls |EC_POINT_free|. 443 OPENSSL_EXPORT void EC_POINT_clear_free(EC_POINT *point); 444 445 446 #if defined(__cplusplus) 447 } // extern C 448 #endif 449 450 // Old code expects to get EC_KEY from ec.h. 451 #include <openssl/ec_key.h> 452 453 #if defined(__cplusplus) 454 extern "C++" { 455 456 BSSL_NAMESPACE_BEGIN 457 458 BORINGSSL_MAKE_DELETER(EC_POINT, EC_POINT_free) 459 BORINGSSL_MAKE_DELETER(EC_GROUP, EC_GROUP_free) 460 461 BSSL_NAMESPACE_END 462 463 } // extern C++ 464 465 #endif 466 467 #define EC_R_BUFFER_TOO_SMALL 100 468 #define EC_R_COORDINATES_OUT_OF_RANGE 101 469 #define EC_R_D2I_ECPKPARAMETERS_FAILURE 102 470 #define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 103 471 #define EC_R_GROUP2PKPARAMETERS_FAILURE 104 472 #define EC_R_I2D_ECPKPARAMETERS_FAILURE 105 473 #define EC_R_INCOMPATIBLE_OBJECTS 106 474 #define EC_R_INVALID_COMPRESSED_POINT 107 475 #define EC_R_INVALID_COMPRESSION_BIT 108 476 #define EC_R_INVALID_ENCODING 109 477 #define EC_R_INVALID_FIELD 110 478 #define EC_R_INVALID_FORM 111 479 #define EC_R_INVALID_GROUP_ORDER 112 480 #define EC_R_INVALID_PRIVATE_KEY 113 481 #define EC_R_MISSING_PARAMETERS 114 482 #define EC_R_MISSING_PRIVATE_KEY 115 483 #define EC_R_NON_NAMED_CURVE 116 484 #define EC_R_NOT_INITIALIZED 117 485 #define EC_R_PKPARAMETERS2GROUP_FAILURE 118 486 #define EC_R_POINT_AT_INFINITY 119 487 #define EC_R_POINT_IS_NOT_ON_CURVE 120 488 #define EC_R_SLOT_FULL 121 489 #define EC_R_UNDEFINED_GENERATOR 122 490 #define EC_R_UNKNOWN_GROUP 123 491 #define EC_R_UNKNOWN_ORDER 124 492 #define EC_R_WRONG_ORDER 125 493 #define EC_R_BIGNUM_OUT_OF_RANGE 126 494 #define EC_R_WRONG_CURVE_PARAMETERS 127 495 #define EC_R_DECODE_ERROR 128 496 #define EC_R_ENCODE_ERROR 129 497 #define EC_R_GROUP_MISMATCH 130 498 #define EC_R_INVALID_COFACTOR 131 499 #define EC_R_PUBLIC_KEY_VALIDATION_FAILED 132 500 #define EC_R_INVALID_SCALAR 133 501 502 #endif // OPENSSL_HEADER_EC_H 503