Home | History | Annotate | Download | only in ec
      1 /* Written by Nils Larsch for the OpenSSL project. */
      2 /* ====================================================================
      3  * Copyright (c) 2000-2003 The OpenSSL Project.  All rights reserved.
      4  *
      5  * Redistribution and use in source and binary forms, with or without
      6  * modification, are permitted provided that the following conditions
      7  * are met:
      8  *
      9  * 1. Redistributions of source code must retain the above copyright
     10  *    notice, this list of conditions and the following disclaimer.
     11  *
     12  * 2. Redistributions in binary form must reproduce the above copyright
     13  *    notice, this list of conditions and the following disclaimer in
     14  *    the documentation and/or other materials provided with the
     15  *    distribution.
     16  *
     17  * 3. All advertising materials mentioning features or use of this
     18  *    software must display the following acknowledgment:
     19  *    "This product includes software developed by the OpenSSL Project
     20  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
     21  *
     22  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     23  *    endorse or promote products derived from this software without
     24  *    prior written permission. For written permission, please contact
     25  *    licensing (at) OpenSSL.org.
     26  *
     27  * 5. Products derived from this software may not be called "OpenSSL"
     28  *    nor may "OpenSSL" appear in their names without prior written
     29  *    permission of the OpenSSL Project.
     30  *
     31  * 6. Redistributions of any form whatsoever must retain the following
     32  *    acknowledgment:
     33  *    "This product includes software developed by the OpenSSL Project
     34  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
     35  *
     36  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     37  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     38  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     39  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     40  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     41  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     42  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     43  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     44  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
     45  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
     46  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
     47  * OF THE POSSIBILITY OF SUCH DAMAGE.
     48  * ====================================================================
     49  *
     50  * This product includes cryptographic software written by Eric Young
     51  * (eay (at) cryptsoft.com).  This product includes software written by Tim
     52  * Hudson (tjh (at) cryptsoft.com). */
     53 
     54 #include <openssl/ec.h>
     55 
     56 #include <string.h>
     57 
     58 #include <openssl/asn1.h>
     59 #include <openssl/asn1t.h>
     60 #include <openssl/bn.h>
     61 #include <openssl/err.h>
     62 #include <openssl/mem.h>
     63 #include <openssl/obj.h>
     64 
     65 #include "internal.h"
     66 
     67 
     68 typedef struct x9_62_fieldid_st {
     69   ASN1_OBJECT *fieldType;
     70   union {
     71     char *ptr;
     72     /* NID_X9_62_prime_field */
     73     ASN1_INTEGER *prime;
     74     /* anything else */
     75     ASN1_TYPE *other;
     76   } p;
     77 } X9_62_FIELDID;
     78 
     79 ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
     80 
     81 ASN1_ADB(X9_62_FIELDID) = {
     82   ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)),
     83 } ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL);
     84 
     85 ASN1_SEQUENCE(X9_62_FIELDID) = {
     86   ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
     87   ASN1_ADB_OBJECT(X9_62_FIELDID)
     88 } ASN1_SEQUENCE_END(X9_62_FIELDID);
     89 
     90 typedef struct x9_62_curve_st {
     91   ASN1_OCTET_STRING *a;
     92   ASN1_OCTET_STRING *b;
     93   ASN1_BIT_STRING *seed;
     94 } X9_62_CURVE;
     95 
     96 ASN1_SEQUENCE(X9_62_CURVE) = {
     97   ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
     98   ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
     99   ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
    100 } ASN1_SEQUENCE_END(X9_62_CURVE);
    101 
    102 typedef struct ec_parameters_st {
    103   long version;
    104   X9_62_FIELDID *fieldID;
    105   X9_62_CURVE *curve;
    106   ASN1_OCTET_STRING *base;
    107   ASN1_INTEGER *order;
    108   ASN1_INTEGER *cofactor;
    109 } ECPARAMETERS;
    110 
    111 DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS);
    112 
    113 ASN1_SEQUENCE(ECPARAMETERS) = {
    114     ASN1_SIMPLE(ECPARAMETERS, version, LONG),
    115     ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
    116     ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
    117     ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
    118     ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER),
    119     ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER)
    120 } ASN1_SEQUENCE_END(ECPARAMETERS);
    121 
    122 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS);
    123 
    124 typedef struct ecpk_parameters_st {
    125   int type;
    126   union {
    127     ASN1_OBJECT *named_curve;
    128     ECPARAMETERS *parameters;
    129   } value;
    130 } ECPKPARAMETERS;
    131 
    132 /* SEC1 ECPrivateKey */
    133 typedef struct ec_privatekey_st {
    134   long version;
    135   ASN1_OCTET_STRING *privateKey;
    136   ECPKPARAMETERS *parameters;
    137   ASN1_BIT_STRING *publicKey;
    138 } EC_PRIVATEKEY;
    139 
    140 DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS);
    141 DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS);
    142 
    143 ASN1_CHOICE(ECPKPARAMETERS) = {
    144     ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT),
    145     ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS),
    146 } ASN1_CHOICE_END(ECPKPARAMETERS);
    147 
    148 IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS);
    149 
    150 DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY);
    151 DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY);
    152 
    153 ASN1_SEQUENCE(EC_PRIVATEKEY) = {
    154     ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),
    155     ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
    156     ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
    157     ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1),
    158 } ASN1_SEQUENCE_END(EC_PRIVATEKEY);
    159 
    160 IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY);
    161 
    162 
    163 ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group,
    164                                            ECPKPARAMETERS *params) {
    165   int ok = 0, nid;
    166   ECPKPARAMETERS *ret = params;
    167 
    168   if (ret == NULL) {
    169     ret = ECPKPARAMETERS_new();
    170     if (ret == NULL) {
    171       OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
    172       return NULL;
    173     }
    174   } else {
    175     ASN1_OBJECT_free(ret->value.named_curve);
    176   }
    177 
    178   /* use the ASN.1 OID to describe the the elliptic curve parameters. */
    179   nid = EC_GROUP_get_curve_name(group);
    180   if (nid) {
    181     ret->type = 0;
    182     ret->value.named_curve = (ASN1_OBJECT*) OBJ_nid2obj(nid);
    183     ok = ret->value.named_curve != NULL;
    184   }
    185 
    186   if (!ok) {
    187     ECPKPARAMETERS_free(ret);
    188     return NULL;
    189   }
    190 
    191   return ret;
    192 }
    193 
    194 EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params) {
    195   EC_GROUP *ret = NULL;
    196   int nid = NID_undef;
    197 
    198   if (params == NULL) {
    199     OPENSSL_PUT_ERROR(EC, EC_R_MISSING_PARAMETERS);
    200     return NULL;
    201   }
    202 
    203   if (params->type == 0) {
    204     nid = OBJ_obj2nid(params->value.named_curve);
    205   } else if (params->type == 1) {
    206     /* We don't support arbitary curves so we attempt to recognise it from the
    207      * group order. */
    208     const ECPARAMETERS *ecparams = params->value.parameters;
    209     unsigned i;
    210     const struct built_in_curve *curve;
    211 
    212     for (i = 0; OPENSSL_built_in_curves[i].nid != NID_undef; i++) {
    213       curve = &OPENSSL_built_in_curves[i];
    214       const unsigned param_len = curve->data->param_len;
    215       if ((unsigned) ecparams->order->length == param_len &&
    216           memcmp(ecparams->order->data, &curve->data->data[param_len * 5],
    217                  param_len) == 0) {
    218         nid = curve->nid;
    219         break;
    220       }
    221     }
    222   }
    223 
    224   if (nid == NID_undef) {
    225     OPENSSL_PUT_ERROR(EC, EC_R_NON_NAMED_CURVE);
    226     return NULL;
    227   }
    228 
    229   ret = EC_GROUP_new_by_curve_name(nid);
    230   if (ret == NULL) {
    231     OPENSSL_PUT_ERROR(EC, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
    232     return NULL;
    233   }
    234 
    235   return ret;
    236 }
    237 
    238 static EC_GROUP *d2i_ECPKParameters(EC_GROUP **groupp, const uint8_t **inp,
    239                                     long len) {
    240   EC_GROUP *group = NULL;
    241   ECPKPARAMETERS *params = NULL;
    242   const uint8_t *in = *inp;
    243 
    244   params = d2i_ECPKPARAMETERS(NULL, &in, len);
    245   if (params == NULL) {
    246     OPENSSL_PUT_ERROR(EC, EC_R_D2I_ECPKPARAMETERS_FAILURE);
    247     ECPKPARAMETERS_free(params);
    248     return NULL;
    249   }
    250 
    251   group = ec_asn1_pkparameters2group(params);
    252   if (group == NULL) {
    253     OPENSSL_PUT_ERROR(EC, EC_R_PKPARAMETERS2GROUP_FAILURE);
    254     ECPKPARAMETERS_free(params);
    255     return NULL;
    256   }
    257 
    258   if (groupp) {
    259     EC_GROUP_free(*groupp);
    260     *groupp = group;
    261   }
    262 
    263   ECPKPARAMETERS_free(params);
    264   *inp = in;
    265   return group;
    266 }
    267 
    268 static int i2d_ECPKParameters(const EC_GROUP *group, uint8_t **outp) {
    269   int ret = 0;
    270   ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(group, NULL);
    271   if (tmp == NULL) {
    272     OPENSSL_PUT_ERROR(EC, EC_R_GROUP2PKPARAMETERS_FAILURE);
    273     return 0;
    274   }
    275   ret = i2d_ECPKPARAMETERS(tmp, outp);
    276   if (ret == 0) {
    277     OPENSSL_PUT_ERROR(EC, EC_R_I2D_ECPKPARAMETERS_FAILURE);
    278     ECPKPARAMETERS_free(tmp);
    279     return 0;
    280   }
    281   ECPKPARAMETERS_free(tmp);
    282   return ret;
    283 }
    284 
    285 EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const uint8_t **inp, long len) {
    286   int ok = 0;
    287   EC_KEY *ret = NULL;
    288   EC_PRIVATEKEY *priv_key = NULL;
    289 
    290   const uint8_t *in = *inp;
    291   priv_key = d2i_EC_PRIVATEKEY(NULL, &in, len);
    292   if (priv_key == NULL) {
    293     OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
    294     return NULL;
    295   }
    296 
    297   if (a == NULL || *a == NULL) {
    298     ret = EC_KEY_new();
    299     if (ret == NULL) {
    300       OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
    301       goto err;
    302     }
    303   } else {
    304     ret = *a;
    305   }
    306 
    307   if (priv_key->parameters) {
    308     EC_GROUP_free(ret->group);
    309     ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
    310   }
    311 
    312   if (ret->group == NULL) {
    313     OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
    314     goto err;
    315   }
    316 
    317   ret->version = priv_key->version;
    318 
    319   if (priv_key->privateKey) {
    320     ret->priv_key =
    321         BN_bin2bn(M_ASN1_STRING_data(priv_key->privateKey),
    322                   M_ASN1_STRING_length(priv_key->privateKey), ret->priv_key);
    323     if (ret->priv_key == NULL) {
    324       OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB);
    325       goto err;
    326     }
    327   } else {
    328     OPENSSL_PUT_ERROR(EC, EC_R_MISSING_PRIVATE_KEY);
    329     goto err;
    330   }
    331 
    332   if (BN_cmp(ret->priv_key, EC_GROUP_get0_order(ret->group)) >= 0) {
    333     OPENSSL_PUT_ERROR(EC, EC_R_WRONG_ORDER);
    334     goto err;
    335   }
    336 
    337   EC_POINT_free(ret->pub_key);
    338   ret->pub_key = EC_POINT_new(ret->group);
    339   if (ret->pub_key == NULL) {
    340     OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
    341     goto err;
    342   }
    343 
    344   if (priv_key->publicKey) {
    345     const uint8_t *pub_oct;
    346     int pub_oct_len;
    347 
    348     pub_oct = M_ASN1_STRING_data(priv_key->publicKey);
    349     pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
    350     /* The first byte (the point conversion form) must be present. */
    351     if (pub_oct_len <= 0) {
    352       OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL);
    353       goto err;
    354     }
    355     /* Save the point conversion form. */
    356     ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01);
    357     if (!EC_POINT_oct2point(ret->group, ret->pub_key, pub_oct, pub_oct_len,
    358                             NULL)) {
    359       OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
    360       goto err;
    361     }
    362   } else {
    363     if (!EC_POINT_mul(ret->group, ret->pub_key, ret->priv_key, NULL, NULL,
    364                       NULL)) {
    365       OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
    366       goto err;
    367     }
    368     /* Remember the original private-key-only encoding. */
    369     ret->enc_flag |= EC_PKEY_NO_PUBKEY;
    370   }
    371 
    372   if (a) {
    373     *a = ret;
    374   }
    375   *inp = in;
    376   ok = 1;
    377 
    378 err:
    379   if (!ok) {
    380     if (a == NULL || *a != ret) {
    381       EC_KEY_free(ret);
    382     }
    383     ret = NULL;
    384   }
    385 
    386   EC_PRIVATEKEY_free(priv_key);
    387 
    388   return ret;
    389 }
    390 
    391 int i2d_ECPrivateKey(const EC_KEY *key, uint8_t **outp) {
    392   int ret = 0, ok = 0;
    393   uint8_t *buffer = NULL;
    394   size_t buf_len = 0, tmp_len;
    395   EC_PRIVATEKEY *priv_key = NULL;
    396 
    397   if (key == NULL || key->group == NULL || key->priv_key == NULL) {
    398     OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
    399     goto err;
    400   }
    401 
    402   priv_key = EC_PRIVATEKEY_new();
    403   if (priv_key == NULL) {
    404     OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
    405     goto err;
    406   }
    407 
    408   priv_key->version = key->version;
    409 
    410   buf_len = BN_num_bytes(&key->group->order);
    411   buffer = OPENSSL_malloc(buf_len);
    412   if (buffer == NULL) {
    413     OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
    414     goto err;
    415   }
    416 
    417   if (!BN_bn2bin_padded(buffer, buf_len, key->priv_key)) {
    418     OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB);
    419     goto err;
    420   }
    421 
    422   if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) {
    423     OPENSSL_PUT_ERROR(EC, ERR_R_ASN1_LIB);
    424     goto err;
    425   }
    426 
    427   /* TODO(fork): replace this flexibility with key sensible default? */
    428   if (!(key->enc_flag & EC_PKEY_NO_PARAMETERS)) {
    429     if ((priv_key->parameters = ec_asn1_group2pkparameters(
    430              key->group, priv_key->parameters)) == NULL) {
    431       OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
    432       goto err;
    433     }
    434   }
    435 
    436   /* TODO(fork): replace this flexibility with key sensible default? */
    437   if (!(key->enc_flag & EC_PKEY_NO_PUBKEY) && key->pub_key != NULL) {
    438     priv_key->publicKey = M_ASN1_BIT_STRING_new();
    439     if (priv_key->publicKey == NULL) {
    440       OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
    441       goto err;
    442     }
    443 
    444     tmp_len = EC_POINT_point2oct(key->group, key->pub_key, key->conv_form, NULL,
    445                                  0, NULL);
    446 
    447     if (tmp_len > buf_len) {
    448       uint8_t *tmp_buffer = OPENSSL_realloc(buffer, tmp_len);
    449       if (!tmp_buffer) {
    450         OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
    451         goto err;
    452       }
    453       buffer = tmp_buffer;
    454       buf_len = tmp_len;
    455     }
    456 
    457     if (!EC_POINT_point2oct(key->group, key->pub_key, key->conv_form, buffer,
    458                             buf_len, NULL)) {
    459       OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
    460       goto err;
    461     }
    462 
    463     priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
    464     priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
    465     if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, buf_len)) {
    466       OPENSSL_PUT_ERROR(EC, ERR_R_ASN1_LIB);
    467       goto err;
    468     }
    469   }
    470 
    471   ret = i2d_EC_PRIVATEKEY(priv_key, outp);
    472   if (ret == 0) {
    473     OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
    474     goto err;
    475   }
    476   ok = 1;
    477 
    478 err:
    479   OPENSSL_free(buffer);
    480   EC_PRIVATEKEY_free(priv_key);
    481   return (ok ? ret : 0);
    482 }
    483 
    484 int i2d_ECParameters(const EC_KEY *key, uint8_t **outp) {
    485   if (key == NULL) {
    486     OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
    487     return 0;
    488   }
    489   return i2d_ECPKParameters(key->group, outp);
    490 }
    491 
    492 EC_KEY *d2i_ECParameters(EC_KEY **key, const uint8_t **inp, long len) {
    493   EC_KEY *ret;
    494 
    495   if (inp == NULL || *inp == NULL) {
    496     OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
    497     return NULL;
    498   }
    499 
    500   if (key == NULL || *key == NULL) {
    501     ret = EC_KEY_new();
    502     if (ret == NULL) {
    503       OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
    504       return NULL;
    505     }
    506   } else {
    507     ret = *key;
    508   }
    509 
    510   if (!d2i_ECPKParameters(&ret->group, inp, len)) {
    511     OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
    512     if (key == NULL || *key == NULL) {
    513       EC_KEY_free(ret);
    514     }
    515     return NULL;
    516   }
    517 
    518   if (key) {
    519     *key = ret;
    520   }
    521   return ret;
    522 }
    523 
    524 EC_KEY *o2i_ECPublicKey(EC_KEY **keyp, const uint8_t **inp, long len) {
    525   EC_KEY *ret = NULL;
    526 
    527   if (keyp == NULL || *keyp == NULL || (*keyp)->group == NULL) {
    528     OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
    529     return 0;
    530   }
    531   ret = *keyp;
    532   if (ret->pub_key == NULL &&
    533       (ret->pub_key = EC_POINT_new(ret->group)) == NULL) {
    534     OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
    535     return 0;
    536   }
    537   if (!EC_POINT_oct2point(ret->group, ret->pub_key, *inp, len, NULL)) {
    538     OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
    539     return 0;
    540   }
    541   /* save the point conversion form */
    542   ret->conv_form = (point_conversion_form_t)(*inp[0] & ~0x01);
    543   *inp += len;
    544   return ret;
    545 }
    546 
    547 int i2o_ECPublicKey(const EC_KEY *key, uint8_t **outp) {
    548   size_t buf_len = 0;
    549   int new_buffer = 0;
    550 
    551   if (key == NULL) {
    552     OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
    553     return 0;
    554   }
    555 
    556   buf_len = EC_POINT_point2oct(key->group, key->pub_key, key->conv_form, NULL,
    557                                0, NULL);
    558 
    559   if (outp == NULL || buf_len == 0) {
    560     /* out == NULL => just return the length of the octet string */
    561     return buf_len;
    562   }
    563 
    564   if (*outp == NULL) {
    565     *outp = OPENSSL_malloc(buf_len);
    566     if (*outp == NULL) {
    567       OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
    568       return 0;
    569     }
    570     new_buffer = 1;
    571   }
    572   if (!EC_POINT_point2oct(key->group, key->pub_key, key->conv_form, *outp,
    573                           buf_len, NULL)) {
    574     OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
    575     if (new_buffer) {
    576       OPENSSL_free(*outp);
    577       *outp = NULL;
    578     }
    579     return 0;
    580   }
    581 
    582   if (!new_buffer) {
    583     *outp += buf_len;
    584   }
    585   return buf_len;
    586 }
    587