generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Change array representation of binary polynomials to make GF2m part of

Browse Source 
the BN library more generally useful.

Submitted by: Douglas Stebila
This commit is contained in:
Bodo Möller 2006-06-18 22:00:57 +00:00
parent 4584eccea0
commit c4e7870ac1
6 changed files with 84 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGES
View File

@ -4,6 +4,14 @@
Changes between 0.9.8b and 0.9.9 [xx XXX xxxx] Changes between 0.9.8b and 0.9.9 [xx XXX xxxx]
*) Change the array representation of binary polynomials: the list
of degrees of non-zero coefficients is now terminated with -1.
Previously it was terminated with 0, which was also part of the
value; thus, the array representation was not applicable to
polynomials where t^0 has coefficient zero. This change makes
the array representation useful in a more general context.
[Douglas Stebila]
*) Various modifications and fixes to SSL/TLS cipher string *) Various modifications and fixes to SSL/TLS cipher string
handling. For ECC, the code now distinguishes between fixed ECDH handling. For ECC, the code now distinguishes between fixed ECDH
with RSA certificates on the one hand and with ECDSA certificates with RSA certificates on the one hand and with ECDSA certificates

20
crypto/bn/bn.h
View File

@ -558,24 +558,24 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
* t^p[0] + t^p[1] + ... + t^p[k] * t^p[0] + t^p[1] + ... + t^p[k]
* where m = p[0] > p[1] > ... > p[k] = 0. * where m = p[0] > p[1] > ... > p[k] = 0.
*/ */
int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]); int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
/* r = a mod p */ /* r = a mod p */
int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */ const int p[], BN_CTX *ctx); /* r = (a * b) mod p */
int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
BN_CTX *ctx); /* r = (a * a) mod p */ BN_CTX *ctx); /* r = (a * a) mod p */
int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[], int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
BN_CTX *ctx); /* r = (1 / b) mod p */ BN_CTX *ctx); /* r = (1 / b) mod p */
int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */ const int p[], BN_CTX *ctx); /* r = (a / b) mod p */
int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */ const int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */
int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */ const int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */
int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */ const int p[], BN_CTX *ctx); /* r^2 + r = a mod p */
int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max); int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a); int BN_GF2m_arr2poly(const int p[], BIGNUM *a);
/* faster mod functions for the 'NIST primes' /* faster mod functions for the 'NIST primes'
* 0 <= a < p^2 */ * 0 <= a < p^2 */

77
crypto/bn/bn_gf2m.c
View File

@ -258,7 +258,7 @@ int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
/* Performs modular reduction of a and store result in r. r could be a. */ /* Performs modular reduction of a and store result in r. r could be a. */
int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
{ {
int j, k; int j, k;
int n, dN, d0, d1; int n, dN, d0, d1;
@ -355,11 +355,11 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[])
int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
{ {
int ret = 0; int ret = 0;
const int max = BN_num_bits(p); const int max = BN_num_bits(p) + 1;
unsigned int *arr=NULL; int *arr=NULL;
bn_check_top(a); bn_check_top(a);
bn_check_top(p); bn_check_top(p);
if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err;
ret = BN_GF2m_poly2arr(p, arr, max); ret = BN_GF2m_poly2arr(p, arr, max);
if (!ret || ret > max) if (!ret || ret > max)
{ {
@ -377,7 +377,7 @@ err:
/* Compute the product of two polynomials a and b, reduce modulo p, and store /* Compute the product of two polynomials a and b, reduce modulo p, and store
* the result in r. r could be a or b; a could be b. * the result in r. r could be a or b; a could be b.
*/ */
int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx) int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[], BN_CTX *ctx)
{ {
int zlen, i, j, k, ret = 0; int zlen, i, j, k, ret = 0;
BIGNUM *s; BIGNUM *s;
@ -433,12 +433,12 @@ err:
int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx) int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
{ {
int ret = 0; int ret = 0;
const int max = BN_num_bits(p); const int max = BN_num_bits(p) + 1;
unsigned int *arr=NULL; int *arr=NULL;
bn_check_top(a); bn_check_top(a);
bn_check_top(b); bn_check_top(b);
bn_check_top(p); bn_check_top(p);
if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err;
ret = BN_GF2m_poly2arr(p, arr, max); ret = BN_GF2m_poly2arr(p, arr, max);
if (!ret || ret > max) if (!ret || ret > max)
{ {
@ -454,7 +454,7 @@ err:
/* Square a, reduce the result mod p, and store it in a. r could be a. */ /* Square a, reduce the result mod p, and store it in a. r could be a. */
int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx) int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
{ {
int i, ret = 0; int i, ret = 0;
BIGNUM *s; BIGNUM *s;
@ -489,12 +489,12 @@ err:
int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
{ {
int ret = 0; int ret = 0;
const int max = BN_num_bits(p); const int max = BN_num_bits(p) + 1;
unsigned int *arr=NULL; int *arr=NULL;
bn_check_top(a); bn_check_top(a);
bn_check_top(p); bn_check_top(p);
if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err;
ret = BN_GF2m_poly2arr(p, arr, max); ret = BN_GF2m_poly2arr(p, arr, max);
if (!ret || ret > max) if (!ret || ret > max)
{ {
@ -576,7 +576,7 @@ err:
* function is only provided for convenience; for best performance, use the * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_inv function. * BN_GF2m_mod_inv function.
*/ */
int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx) int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], BN_CTX *ctx)
{ {
BIGNUM *field; BIGNUM *field;
int ret = 0; int ret = 0;
@ -702,7 +702,7 @@ err:
* function is only provided for convenience; for best performance, use the * function is only provided for convenience; for best performance, use the
* BN_GF2m_mod_div function. * BN_GF2m_mod_div function.
*/ */
int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx) int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const int p[], BN_CTX *ctx)
{ {
BIGNUM *field; BIGNUM *field;
int ret = 0; int ret = 0;
@ -727,7 +727,7 @@ err:
* the result in r. r could be a. * the result in r. r could be a.
* Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363. * Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363.
*/ */
int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx) int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[], BN_CTX *ctx)
{ {
int ret = 0, i, n; int ret = 0, i, n;
BIGNUM *u; BIGNUM *u;
@ -773,12 +773,12 @@ err:
int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx) int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
{ {
int ret = 0; int ret = 0;
const int max = BN_num_bits(p); const int max = BN_num_bits(p) + 1;
unsigned int *arr=NULL; int *arr=NULL;
bn_check_top(a); bn_check_top(a);
bn_check_top(b); bn_check_top(b);
bn_check_top(p); bn_check_top(p);
if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err;
ret = BN_GF2m_poly2arr(p, arr, max); ret = BN_GF2m_poly2arr(p, arr, max);
if (!ret || ret > max) if (!ret || ret > max)
{ {
@ -796,7 +796,7 @@ err:
* the result in r. r could be a. * the result in r. r could be a.
* Uses exponentiation as in algorithm A.4.1 from IEEE P1363. * Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
*/ */
int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx) int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
{ {
int ret = 0; int ret = 0;
BIGNUM *u; BIGNUM *u;
@ -832,11 +832,11 @@ err:
int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
{ {
int ret = 0; int ret = 0;
const int max = BN_num_bits(p); const int max = BN_num_bits(p) + 1;
unsigned int *arr=NULL; int *arr=NULL;
bn_check_top(a); bn_check_top(a);
bn_check_top(p); bn_check_top(p);
if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err;
ret = BN_GF2m_poly2arr(p, arr, max); ret = BN_GF2m_poly2arr(p, arr, max);
if (!ret || ret > max) if (!ret || ret > max)
{ {
@ -853,7 +853,7 @@ err:
/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0. /* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0.
* Uses algorithms A.4.7 and A.4.6 from IEEE P1363. * Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
*/ */
int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p[], BN_CTX *ctx) int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], BN_CTX *ctx)
{ {
int ret = 0, count = 0; int ret = 0, count = 0;
unsigned int j; unsigned int j;
@ -951,11 +951,11 @@ err:
int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
{ {
int ret = 0; int ret = 0;
const int max = BN_num_bits(p); const int max = BN_num_bits(p) + 1;
unsigned int *arr=NULL; int *arr=NULL;
bn_check_top(a); bn_check_top(a);
bn_check_top(p); bn_check_top(p);
if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * if ((arr = (int *)OPENSSL_malloc(sizeof(int) *
max)) == NULL) goto err; max)) == NULL) goto err;
ret = BN_GF2m_poly2arr(p, arr, max); ret = BN_GF2m_poly2arr(p, arr, max);
if (!ret || ret > max) if (!ret || ret > max)
@ -971,20 +971,17 @@ err:
} }
/* Convert the bit-string representation of a polynomial /* Convert the bit-string representation of a polynomial
* ( \sum_{i=0}^n a_i * x^i , where a_0 is *not* zero) into an array * ( \sum_{i=0}^n a_i * x^i) into an array of integers corresponding
* of integers corresponding to the bits with non-zero coefficient. * to the bits with non-zero coefficient. Array is terminated with -1.
* Up to max elements of the array will be filled. Return value is total * Up to max elements of the array will be filled. Return value is total
* number of coefficients that would be extracted if array was large enough. * number of array elements that would be filled if array was large enough.
*/ */
int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max) int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
{ {
int i, j, k = 0; int i, j, k = 0;
BN_ULONG mask; BN_ULONG mask;
if (BN_is_zero(a) || !BN_is_bit_set(a, 0)) if (BN_is_zero(a))
/* a_0 == 0 => return error (the unsigned int array
* must be terminated by 0)
*/
return 0; return 0;
for (i = a->top - 1; i >= 0; i--) for (i = a->top - 1; i >= 0; i--)
@ -1004,24 +1001,28 @@ int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max)
} }
} }
if (k < max) {
p[k] = -1;
k++;
}
return k; return k;
} }
/* Convert the coefficient array representation of a polynomial to a /* Convert the coefficient array representation of a polynomial to a
* bit-string. The array must be terminated by 0. * bit-string. The array must be terminated by -1.
*/ */
int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) int BN_GF2m_arr2poly(const int p[], BIGNUM *a)
{ {
int i; int i;
bn_check_top(a); bn_check_top(a);
BN_zero(a); BN_zero(a);
for (i = 0; p[i] != 0; i++) for (i = 0; p[i] != -1; i++)
{ {
if (BN_set_bit(a, p[i]) == 0) if (BN_set_bit(a, p[i]) == 0)
return 0; return 0;
} }
BN_set_bit(a, 0);
bn_check_top(a); bn_check_top(a);
return 1; return 1;

32
crypto/bn/bntest.c
View File

@ -1118,8 +1118,8 @@ int test_gf2m_mod(BIO *bp)
{ {
BIGNUM *a,*b[2],*c,*d,*e; BIGNUM *a,*b[2],*c,*d,*e;
int i, j, ret = 0; int i, j, ret = 0;
unsigned int p0[] = {163,7,6,3,0}; int p0[] = {163,7,6,3,0,-1};
unsigned int p1[] = {193,15,0}; int p1[] = {193,15,0,-1};
a=BN_new(); a=BN_new();
b[0]=BN_new(); b[0]=BN_new();
@ -1176,8 +1176,8 @@ int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx)
{ {
BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h; BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h;
int i, j, ret = 0; int i, j, ret = 0;
unsigned int p0[] = {163,7,6,3,0}; int p0[] = {163,7,6,3,0,-1};
unsigned int p1[] = {193,15,0}; int p1[] = {193,15,0,-1};
a=BN_new(); a=BN_new();
b[0]=BN_new(); b[0]=BN_new();
@ -1247,8 +1247,8 @@ int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx)
{ {
BIGNUM *a,*b[2],*c,*d; BIGNUM *a,*b[2],*c,*d;
int i, j, ret = 0; int i, j, ret = 0;
unsigned int p0[] = {163,7,6,3,0}; int p0[] = {163,7,6,3,0,-1};
unsigned int p1[] = {193,15,0}; int p1[] = {193,15,0,-1};
a=BN_new(); a=BN_new();
b[0]=BN_new(); b[0]=BN_new();
@ -1306,8 +1306,8 @@ int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx)
{ {
BIGNUM *a,*b[2],*c,*d; BIGNUM *a,*b[2],*c,*d;
int i, j, ret = 0; int i, j, ret = 0;
unsigned int p0[] = {163,7,6,3,0}; int p0[] = {163,7,6,3,0,-1};
unsigned int p1[] = {193,15,0}; int p1[] = {193,15,0,-1};
a=BN_new(); a=BN_new();
b[0]=BN_new(); b[0]=BN_new();
@ -1361,8 +1361,8 @@ int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx)
{ {
BIGNUM *a,*b[2],*c,*d,*e,*f; BIGNUM *a,*b[2],*c,*d,*e,*f;
int i, j, ret = 0; int i, j, ret = 0;
unsigned int p0[] = {163,7,6,3,0}; int p0[] = {163,7,6,3,0,-1};
unsigned int p1[] = {193,15,0}; int p1[] = {193,15,0,-1};
a=BN_new(); a=BN_new();
b[0]=BN_new(); b[0]=BN_new();
@ -1424,8 +1424,8 @@ int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx)
{ {
BIGNUM *a,*b[2],*c,*d,*e,*f; BIGNUM *a,*b[2],*c,*d,*e,*f;
int i, j, ret = 0; int i, j, ret = 0;
unsigned int p0[] = {163,7,6,3,0}; int p0[] = {163,7,6,3,0,-1};
unsigned int p1[] = {193,15,0}; int p1[] = {193,15,0,-1};
a=BN_new(); a=BN_new();
b[0]=BN_new(); b[0]=BN_new();
@ -1495,8 +1495,8 @@ int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx)
{ {
BIGNUM *a,*b[2],*c,*d,*e,*f; BIGNUM *a,*b[2],*c,*d,*e,*f;
int i, j, ret = 0; int i, j, ret = 0;
unsigned int p0[] = {163,7,6,3,0}; int p0[] = {163,7,6,3,0,-1};
unsigned int p1[] = {193,15,0}; int p1[] = {193,15,0,-1};
a=BN_new(); a=BN_new();
b[0]=BN_new(); b[0]=BN_new();
@ -1554,8 +1554,8 @@ int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)
{ {
BIGNUM *a,*b[2],*c,*d,*e; BIGNUM *a,*b[2],*c,*d,*e;
int i, j, s = 0, t, ret = 0; int i, j, s = 0, t, ret = 0;
unsigned int p0[] = {163,7,6,3,0}; int p0[] = {163,7,6,3,0,-1};
unsigned int p1[] = {193,15,0}; int p1[] = {193,15,0,-1};
a=BN_new(); a=BN_new();
b[0]=BN_new(); b[0]=BN_new();

4
crypto/ec/ec2_smpl.c
View File

@ -157,6 +157,7 @@ void ec_GF2m_simple_group_clear_finish(EC_GROUP *group)
group->poly[2] = 0; group->poly[2] = 0;
group->poly[3] = 0; group->poly[3] = 0;
group->poly[4] = 0; group->poly[4] = 0;
group->poly[5] = -1;
} }
@ -174,6 +175,7 @@ int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
dest->poly[2] = src->poly[2]; dest->poly[2] = src->poly[2];
dest->poly[3] = src->poly[3]; dest->poly[3] = src->poly[3];
dest->poly[4] = src->poly[4]; dest->poly[4] = src->poly[4];
dest->poly[5] = src->poly[5];
bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0; for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0;
@ -190,7 +192,7 @@ int ec_GF2m_simple_group_set_curve(EC_GROUP *group,
/* group->field */ /* group->field */
if (!BN_copy(&group->field, p)) goto err; if (!BN_copy(&group->field, p)) goto err;
i = BN_GF2m_poly2arr(&group->field, group->poly, 5); i = BN_GF2m_poly2arr(&group->field, group->poly, 6) - 1;
if ((i != 5) && (i != 3)) if ((i != 5) && (i != 3))
{ {
ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);

5
crypto/ec/ec_lcl.h
View File

@ -205,10 +205,13 @@ struct ec_group_st {
* irreducible polynomial defining the field. * irreducible polynomial defining the field.
*/ */
unsigned int poly[5]; /* Field specification for curves over GF(2^m). int poly[6]; /* Field specification for curves over GF(2^m).
* The irreducible f(t) is then of the form: * The irreducible f(t) is then of the form:
* t^poly[0] + t^poly[1] + ... + t^poly[k] * t^poly[0] + t^poly[1] + ... + t^poly[k]
* where m = poly[0] > poly[1] > ... > poly[k] = 0. * where m = poly[0] > poly[1] > ... > poly[k] = 0.
* The array is terminated with poly[k+1]=-1.
* All elliptic curve irreducibles have at most 5
* non-zero terms.
*/ */
BIGNUM a, b; /* Curve coefficients. BIGNUM a, b; /* Curve coefficients.