generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix crypto/ec/ec_mult.c to work properly with scalars of value 0

Browse Source
This commit is contained in:
Bodo Möller 2007-05-22 09:47:43 +00:00
parent 8dbdf6314c
commit 19f6c524bf
5 changed files with 49 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -501,6 +501,10 @@
Changes between 0.9.8e and 0.9.8f [xx XXX xxxx] Changes between 0.9.8e and 0.9.8f [xx XXX xxxx]
*) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
(which previously caused an internal error).
[Bodo Moeller]
*) Squeeze another 10% out of IGE mode when in != out. *) Squeeze another 10% out of IGE mode when in != out.
[Ben Laurie] [Ben Laurie]

3
crypto/ec/ec.h
View File

@ -931,7 +931,7 @@ void ERR_load_EC_strings(void);
#define EC_F_D2I_ECPKPARAMETERS 145 #define EC_F_D2I_ECPKPARAMETERS 145
#define EC_F_D2I_ECPRIVATEKEY 146 #define EC_F_D2I_ECPRIVATEKEY 146
#define EC_F_DO_EC_KEY_PRINT 221 #define EC_F_DO_EC_KEY_PRINT 221
#define EC_F_ECKEY_PARAM2TYPE 196 #define EC_F_ECKEY_PARAM2TYPE 223
#define EC_F_ECKEY_PARAM_DECODE 212 #define EC_F_ECKEY_PARAM_DECODE 212
#define EC_F_ECKEY_PRIV_DECODE 213 #define EC_F_ECKEY_PRIV_DECODE 213
#define EC_F_ECKEY_PRIV_ENCODE 214 #define EC_F_ECKEY_PRIV_ENCODE 214
@ -1033,6 +1033,7 @@ void ERR_load_EC_strings(void);
#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 #define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126
#define EC_F_EC_POINT_SET_TO_INFINITY 127 #define EC_F_EC_POINT_SET_TO_INFINITY 127
#define EC_F_EC_PRE_COMP_DUP 207 #define EC_F_EC_PRE_COMP_DUP 207
#define EC_F_EC_PRE_COMP_NEW 196
#define EC_F_EC_WNAF_MUL 187 #define EC_F_EC_WNAF_MUL 187
#define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 #define EC_F_EC_WNAF_PRECOMPUTE_MULT 188
#define EC_F_I2D_ECPARAMETERS 190 #define EC_F_I2D_ECPARAMETERS 190

1
crypto/ec/ec_err.c
View File

@ -177,6 +177,7 @@ static ERR_STRING_DATA EC_str_functs[]=
{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"}, {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"},
{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"}, {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
{ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"}, {ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"},
{ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"},
{ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"}, {ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"},
{ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"}, {ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"},
{ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"}, {ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"},

34
crypto/ec/ec_mult.c
View File

@ -3,7 +3,7 @@
* Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -104,7 +104,10 @@ static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group)
ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP)); ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP));
if (!ret) if (!ret)
{
ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
return ret; return ret;
}
ret->group = group; ret->group = group;
ret->blocksize = 8; /* default */ ret->blocksize = 8; /* default */
ret->numblocks = 0; ret->numblocks = 0;
@ -194,6 +197,19 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
int bit, next_bit, mask; int bit, next_bit, mask;
size_t len = 0, j; size_t len = 0, j;
if (BN_is_zero(scalar))
{
r = OPENSSL_malloc(1);
if (!r)
{
ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
goto err;
}
r[0] = 0;
*ret_len = 1;
return r;
}
if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */ if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */
{ {
ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
@ -212,7 +228,11 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation
* (*ret_len will be set to the actual length, i.e. at most * (*ret_len will be set to the actual length, i.e. at most
* BN_num_bits(scalar) + 1) */ * BN_num_bits(scalar) + 1) */
if (r == NULL) goto err; if (r == NULL)
{
ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
goto err;
}
if (scalar->d == NULL || scalar->top == 0) if (scalar->d == NULL || scalar->top == 0)
{ {
@ -425,7 +445,10 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
if (!wsize || !wNAF_len || !wNAF || !val_sub) if (!wsize || !wNAF_len || !wNAF || !val_sub)
{
ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
goto err; goto err;
}
wNAF[0] = NULL; /* preliminary pivot */ wNAF[0] = NULL; /* preliminary pivot */
@ -538,6 +561,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
wNAF[i] = OPENSSL_malloc(wNAF_len[i]); wNAF[i] = OPENSSL_malloc(wNAF_len[i]);
if (wNAF[i] == NULL) if (wNAF[i] == NULL)
{ {
ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
OPENSSL_free(tmp_wNAF); OPENSSL_free(tmp_wNAF);
goto err; goto err;
} }
@ -564,7 +588,11 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
* 'val_sub[i]' is a pointer to the subarray for the i-th point, * 'val_sub[i]' is a pointer to the subarray for the i-th point,
* or to a subarray of 'pre_comp->points' if we already have precomputation. */ * or to a subarray of 'pre_comp->points' if we already have precomputation. */
val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); val = OPENSSL_malloc((num_val + 1) * sizeof val[0]);
if (val == NULL) goto err; if (val == NULL)
{
ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
goto err;
}
val[num_val] = NULL; /* pivot element */ val[num_val] = NULL; /* pivot element */
/* allocate points for precomputation */ /* allocate points for precomputation */

14
crypto/ec/ectest.c
View File

@ -649,13 +649,15 @@ void prime_field_tests()
if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */ if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
{ {
const EC_POINT *points[3]; const EC_POINT *points[4];
const BIGNUM *scalars[3]; const BIGNUM *scalars[4];
BIGNUM scalar3;
if (EC_POINT_is_at_infinity(group, Q)) ABORT; if (EC_POINT_is_at_infinity(group, Q)) ABORT;
points[0] = Q; points[0] = Q;
points[1] = Q; points[1] = Q;
points[2] = Q; points[2] = Q;
points[3] = Q;
if (!BN_add(y, z, BN_value_one())) ABORT; if (!BN_add(y, z, BN_value_one())) ABORT;
if (BN_is_odd(y)) ABORT; if (BN_is_odd(y)) ABORT;
@ -694,10 +696,16 @@ void prime_field_tests()
scalars[1] = y; scalars[1] = y;
scalars[2] = z; /* z = -(x+y) */ scalars[2] = z; /* z = -(x+y) */
if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT; BN_init(&scalar3);
BN_zero(&scalar3);
scalars[3] = &scalar3;
if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) ABORT;
if (!EC_POINT_is_at_infinity(group, P)) ABORT; if (!EC_POINT_is_at_infinity(group, P)) ABORT;
fprintf(stdout, " ok\n\n"); fprintf(stdout, " ok\n\n");
BN_free(&scalar3);
} }