NAME

EC_GROUP_check_discriminant, EC_GROUP_check — partially check validity of EC_GROUP objects

SYNOPSIS

library “libcrypto”
#include <openssl/bn.h>
#include <openssl/ec.h>

Deprecated:

int
EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);

int
EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);

DESCRIPTION

These functions are deprecated. Only standardized curves built into the library should be used, see EC_GROUP_new_by_curve_name(3). Builtin curves went through far more thorough checking than the minimal, incomplete tests performed by these functions.

These functions have an optional ctx argument which is used to avoid the cost of repeated allocation of auxiliary BIGNUM objects.

EC_GROUP_check_discriminant() can be called after EC_GROUP_new_curve_GFp(3) to verify that group's parameters have non-zero discriminant 4a^3 + 27b^2 modulo p. Assuming that p is a prime number larger than three this implies that the Weierstrass equation defines an elliptic curve.

EC_GROUP_check() partially verifies that group represents an elliptic curve and that generator is a point on the curve whose order divides order. It checks with EC_GROUP_check_discriminant() that the discriminant is non-zero and then verifies that that order is non-zero and that the product generator * order is the point at infinity. This implies that the order set on group is an integer multiple of the generator's order. The verification that p is a prime and that order is equal to the generator's order are skipped because they are too expensive.

RETURN VALUES

EC_GROUP_check_discriminant() returns 1 on success and 0 on failure. Failure modes include that the discriminant is zero modulo p and memory allocation failure.

EC_GROUP_check() returns 1 on success and 0 on failure.

ERRORS

Diagnostics for EC_GROUP_check() that can be retrieved with ERR_get_error(3), ERR_GET_REASON(3), and ERR_reason_error_string(3) include:

EC_R_DISCRIMINANT_IS_ZERO "discriminant is zero"

EC_GROUP_check_discriminant() failed because the discriminant is zero or for some other reason.

EC_R_UNDEFINED_GENERATOR "undefined generator"

no generator is set on group, for example because a call to EC_GROUP_set_generator(3) is missing.

EC_R_POINT_IS_NOT_ON_CURVE "point is not on curve"

a generator is set, but it is not a point on the curve represented by group.

EC_R_UNDEFINED_ORDER "undefined order"

the order set on group is zero.

EC_R_INVALID_GROUP_ORDER "invalid group order"

generator * order is not the point at infinity.

SEE ALSO

BN_CTX_new(3), BN_is_zero(3), crypto(3), d2i_ECPKParameters(3), EC_GROUP_get_curve_name(3), EC_GROUP_new_by_curve_name(3), EC_GROUP_new_curve_GFp(3), EC_KEY_METHOD_new(3), EC_KEY_new(3), EC_POINT_add(3), EC_POINT_get_affine_coordinates(3), EC_POINT_new(3), EC_POINT_point2oct(3), ECDH_compute_key(3), ECDSA_SIG_new(3)

HISTORY

EC_GROUP_check() and EC_GROUP_check_discriminant() first appeared in OpenSSL 0.9.8 and have been available since OpenBSD 4.5.