[openssl.org #1612] Bug in EC_POINT_cmp function (with possible fix)
Hi I believe I've found a bug in the EC_POINT_cmp function. In particular, if P is a valid point on the curve (other than the point at infinity) and Q is the point at infinity, then EC_POINT_cmp(group, P, Q, ctx) returns zero (equal). But revering the order of the points in the call EC_POINT_cmp(group, Q, P, ctx) correctly returns 1 (not equal). I think the problem is in ec_GFp_simple_cmp (ecp_smpl.c) which contains the following check at the start of the routine: if (EC_POINT_is_at_infinity(group, a)) { return EC_POINT_is_at_infinity(group, b) ? 0 : 1; } Note that if a is not at infinity, then b is never checked. The program then proceeds assuming neither point are at infinity, and returns the default condition 0. I've verified this still exists in the latest stable snapshot openssl-0.9.8-stable-SNAP-20071123. I also tried openssl-SNAP-20071123 but got error messages when linking my program. However the file ecp_smpl.c is unchanged, so I expect the same behaviour. The problem is fixed by adding the following immediately after the previous check (note that the case when both are at infinity has already been tested for): if (EC_POINT_is_at_infinity(group, b)) { return 1; } Attached are the following files: testlog : make report output EC_POINT_cmp_bug.c : My test case build: A simple compile script for test case EC_POINT_cmp_bug.patch : Patch to fix the bug Regards Robert #!/bin/sh g++ -Iopenssl-0.9.8-stable-SNAP-20071123/include EC_POINT_cmp_bug.c openssl-0.9.8-stable-SNAP-20071123/libcrypto.a -o EC_POINT_cmp_bug #include openssl/engine.h int main() { BIGNUM *a, *b, *p; BIGNUM *x, *y; EC_GROUP *group; EC_POINT *P, *Q; int cmpPQ, cmpQP; const char rnd_seed[] = string to make the random number generator think it has entropy; // Initialise CRYPTO_malloc_debug_init(); CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ERR_load_crypto_strings(); RAND_seed(rnd_seed, sizeof rnd_seed); // or BN_generate_prime may fail BN_CTX *ctx = BN_CTX_new(); // Curve parameters p = BN_new(); BN_dec2bn(p, 2003); a = BN_new(); BN_dec2bn(a, 1132); b = BN_new(); BN_dec2bn(b, 278); // Generate curve group = EC_GROUP_new_curve_GFp(p, a, b, ctx); // Point coordinates x = BN_new(); BN_dec2bn(x, 1120); y = BN_new(); BN_dec2bn(y, 1391); // Generate point P = EC_POINT_new(group); EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx); // Generate point at infinity Q = EC_POINT_new(group); EC_POINT_set_to_infinity(group, Q); // Check points are on curve if (!EC_POINT_is_on_curve(group, P, ctx) || !EC_POINT_is_on_curve(group, Q, ctx)) { printf(Error. Points not on curve.\n); exit(1); } // Compare points cmpPQ = EC_POINT_cmp(group, P, Q, ctx); cmpQP = EC_POINT_cmp(group, Q, P, ctx); // Display results (0: equal, 1: not equal) printf(EC_POINT_cmp(group, P, Q, ctx) = %d (%s)\n, cmpPQ, cmpPQ ? P != Q : P == Q); printf(EC_POINT_cmp(group, Q, P, ctx) = %d (%s)\n, cmpQP, cmpQP ? Q != P : Q == P); // Tidy up BN_free(p); BN_free(a); BN_free(b); BN_free(x); BN_free(y); EC_POINT_free(P); EC_POINT_free(Q); EC_GROUP_free(group); // Clean up if (ctx) BN_CTX_free(ctx); ENGINE_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); CRYPTO_mem_leaks_fp(stderr); return 0; } --- openssl-0.9.8-stable-SNAP-20071123/crypto/ec/ecp_smpl.c 2006-03-14 00:04:06.0 + +++ openssl-0.9.8-stable-SNAP-20071123-fixed/crypto/ec/ecp_smpl.c 2007-11-23 16:40:37.0 + @@ -1406,6 +1406,11 @@ { return EC_POINT_is_at_infinity(group, b) ? 0 : 1; } + + if (EC_POINT_is_at_infinity(group, b)) + { + return 1; + } if (a-Z_is_one b-Z_is_one) { OpenSSL self-test report: OpenSSL version: 0.9.8h-dev Last change: Implement certificate status request TLS extension defi... Options: no-camellia no-gmp no-krb5 no-mdc2 no-rc5 no-rfc3779 no-seed no-shared no-tlsext no-zlib no-zlib-dynamic OS (uname): Linux ronnie 2.6.17-1.2142_FC4 #1 Tue Jul 11 22:41:06 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux OS (config): x86_64-whatever-linux2 Target (default): linux-x86_64 Target: linux-x86_64 Compiler: Using built-in specs. Target: x86_64-redhat-linux Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-libgcj-multifile --enable-languages=c,c++,objc,java,f95,ada --enable-java-awt=gtk --with-java-home=/usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/jre --host=x86_64-redhat-linux Thread model: posix gcc version 4.0.2 20051125 (Red Hat 4.0.2-8) Test passed.
Re: [PATCH] NetWare platform
Hi Peter, Comment out the align directive. All that's doing is making sure the code is aligned with the machine cache boundaries for performance. Unfortunately the COFF object format used on Netware doesn't support that or at least that's what the assembler says. It should still run fine without that, just maybe a bit slower. thanks very much! That solved the COFF issue; and I was now able to create a patch which solves this so far; also I found while being on the asm stuff that the Metrowerks Assembler build is also already broken for 0.9.8; this patch below tries to fix both the Metrowerks and NASM issue... - well, almost: --- x86nasm.pl.orig Wed Jul 25 14:01:40 2007 +++ x86nasm.pl Mon Nov 26 18:59:45 2007 @@ -92,6 +92,8 @@ { my $tmp=___; %ifdef __omf__ sectioncodeuse32 class=code align=64 +%elifdef __coff__ +section.text code %else section.text code align=64 %endif @@ -102,9 +104,11 @@ sub ::function_begin_B { my $func=$under.shift; + my $global=(($::mwerks)?.:).global; + my $align=(($::mwerks)?.:).align; my $tmp=___; -global $func -align 16 +$global$func +$align 16 $func: ___ push(@out,$tmp); @@ -213,7 +217,7 @@ sub ::public_label { $label{$_[0]}=${under}${_[0]} if (!defined($label{$_[0]})); -push(@out,global\t$label{$_[0]}\n); +push(@out,(($::mwerks)?.:).global\t$label{$_[0]}\n); } sub ::label @@ -235,7 +239,7 @@ { push(@out,(($::mwerks)?.long\t:dd\t).join(',',@_).\n); } sub ::align -{ push(@out,.) if ($::mwerks); push(@out,align\t$_[0]\n);} +{ push(@out,(($::mwerks)?.:).align\t$_[0]\n); } sub ::picmeup { my($dst,$sym)[EMAIL PROTECTED]; with that I'm now able to produce NASM ELF obj for gcc and COFF obj for CodeWarrior compiler; but when using the CodeWarrior assembler then there's still one file broken: mwasmnlm -maxerrors 20 -o crypto/rc4/asm/r4-nw.o crypto/rc4/asm/r4-nw.asm ### mwasmnlm Assembler: #File: crypto\rc4\asm\r4-nw.asm # - # 112: lea esi,BYTE PTR [1+esi] # Error: # Invalid operand size ### mwasmnlm Driver Error: # The tool did not produce any output while compiling the file # 'crypto\rc4\asm\r4-nw.asm' Errors caused tool to abort. when I replace the BYTE with DWORD it works, but the crazy thing is that in the same file there's few lines up exactly the same line with DWORD: @L002loop1: add bl,cl mov edx,DWORD PTR [ebx*4+edi] mov DWORD PTR [ebx*4+edi],ecx mov DWORD PTR [eax*4+edi],edx add edx,ecx inc al and edx,255 mov edx,DWORD PTR [edx*4+edi] xor dl,BYTE PTR [esi] lea esi,DWORD PTR [1+esi] ; here's correct usage of DWORD mov ecx,DWORD PTR [eax*4+edi] cmp esi,DWORD PTR [24+esp] mov BYTE PTR [esi*1+ebp-1],dl jb @L002loop1 jmp @L004done .align 16 @L001RC4_CHAR: movzx ecx,BYTE PTR [eax*1+edi] @L005cloop1: add bl,cl movzx edx,BYTE PTR [ebx*1+edi] mov BYTE PTR [ebx*1+edi],cl mov BYTE PTR [eax*1+edi],dl add dl,cl movzx edx,BYTE PTR [edx*1+edi] add al,1 xor dl,BYTE PTR [esi] lea esi,BYTE PTR [1+esi]; here's the line 112 which uses BYTE with lea movzx ecx,BYTE PTR [eax*1+edi] cmp esi,DWORD PTR [24+esp] mov BYTE PTR [esi*1+ebp-1],dl jb @L005cloop1 I think that this is also a problem within x86nasm.pl, however not yet found where to fix -- somebody who has a hint for me? please let me know if the above patch is acceptable so far. thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
tar warning when extracting SNAP-20071123 and later
Hi, since openssl-SNAP-20071123.tar.gz and later I get at the end of extraction: openssl-SNAP-20071126/util/x86asm.sh tar: A lone zero block at 36520 is this 'normal'? This doesnt happen with openssl-SNAP-20071122.tar.gz though... thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
looking for information on generating RSA key
Hello, I am a novice OpenSSL library user. Currently I am implementing code to generate a RSA key pair. Here is a part of my code: _time_get(tim); RAND_add(tim,sizeof(tim),0); pMiSslCtx = MiSslInitEx( TLSv1_method(), true ); rsa=RSA_generate_key(key_len,RSA_F4,NULLcb,NULL); my key_len is 2048. The code crashes in RSA_generate_key() function call, more particularly in probable_prime(). I am not sure what I am doign wrong here. Any help would be highly apprecaited. Thanks kavita
Re: [PATCH] NetWare platform
Hi all, but when using the CodeWarrior assembler then there's still one file broken: mwasmnlm -maxerrors 20 -o crypto/rc4/asm/r4-nw.o crypto/rc4/asm/r4-nw.asm ### mwasmnlm Assembler: #File: crypto\rc4\asm\r4-nw.asm # - # 112: lea esi,BYTE PTR [1+esi] # Error: # Invalid operand size ### mwasmnlm Driver Error: # The tool did not produce any output while compiling the file # 'crypto\rc4\asm\r4-nw.asm' Errors caused tool to abort. ok, I think I found the place were to fix this: --- rc4-586.pl.orig Thu Apr 26 22:00:56 2007 +++ rc4-586.pl Mon Nov 26 21:56:37 2007 @@ -143,7 +143,7 @@ movz ($ty,BP(0,$dat,$ty)); add(LB($xx),1); xor(LB($ty),BP(0,$inp)); - lea($inp,BP(1,$inp)); + lea($inp,DWP(1,$inp)); movz ($tx,BP(0,$dat,$xx)); cmp($inp,wparam(1)); mov(BP(-1,$out,$inp),LB($ty)); can someone with ASM insight please comment on the correctness of this patch? thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #1565] [PATCH] New port for the iSeries (AS/400) for version 0.9.8
Third attempt: Applied AS400.patch to openssl 0.9.8e Need to know location of script files in the tree: cvtascii.sh cvtcnfebcdic.sh cvtpemascii.sh cvtcnfascii.sh cvtebcdic.sh cvtpemebcdic.sh Can you point me to a complete OS400 0.9.8e openssl source tree? Thanks Ronald Ojakian Ingrian __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] NetWare platform - next trial
Hi, Comment out the align directive. All that's doing is making sure the code is aligned with the machine cache boundaries for performance. Unfortunately the COFF object format used on Netware doesn't support that or at least that's what the assembler says. It should still run fine without that, just maybe a bit slower. ok, just tested with SNAP-20071126, and few of my old issues are already fixed now; so here's what remains: --- openssl-SNAP-20071126.orig/crypto/perlasm/x86nasm.pl2007-11-24 18:00:16.0 +0100 +++ openssl-SNAP-20071126/crypto/perlasm/x86nasm.pl 2007-11-26 23:09:17.0 +0100 @@ -94,6 +94,8 @@ { my $tmp=___; %ifdef __omf__ sectioncodeuse32 class=code align=64 +%elifdef __coff__ +section.text code %else section.text code align=64 %endif diff -ur openssl-SNAP-20071126.orig/crypto/rc4/asm/rc4-586.pl openssl-SNAP-20071126/crypto/rc4/asm/rc4-586.pl --- openssl-SNAP-20071126.orig/crypto/rc4/asm/rc4-586.pl2007-04-26 23:00:56.0 +0200 +++ openssl-SNAP-20071126/crypto/rc4/asm/rc4-586.pl 2007-11-26 23:09:17.0 +0100 @@ -143,7 +143,7 @@ movz ($ty,BP(0,$dat,$ty)); add(LB($xx),1); xor(LB($ty),BP(0,$inp)); - lea($inp,BP(1,$inp)); + lea($inp,DWP(1,$inp)); movz ($tx,BP(0,$dat,$xx)); cmp($inp,wparam(1)); mov(BP(-1,$out,$inp),LB($ty)); but now I get a new issue: mwasmnlm -maxerrors 20 -o crypto\des\asm\d-nw.o .\crypto\des\asm\d-nw.asm ### mwasmnlm Assembler: #File: crypto\des\asm\d-nw.asm # #1147: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1151: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1155: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1266: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1270: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1274: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1366: call @L_DES_encrypt1_begin # Error: ^ # Unknown identifier, @L_DES_encrypt1_begin ### mwasmnlm Assembler: #1410: call @L_DES_encrypt1_begin # Error: ^ # Unknown identifier, @L_DES_encrypt1_begin ### mwasmnlm Assembler: #1426: call @L_DES_encrypt1_begin # Error: ^ # Unknown identifier, @L_DES_encrypt1_begin ### mwasmnlm Assembler: #1451: call @L_DES_encrypt1_begin # Error: ^ # Unknown identifier, @L_DES_encrypt1_begin ### mwasmnlm Assembler: #1548: call @L_DES_encrypt3_begin # Error: ^ # Unknown identifier, @L_DES_encrypt3_begin ### mwasmnlm Assembler: #1592: call @L_DES_encrypt3_begin # Error: ^ # Unknown identifier, @L_DES_encrypt3_begin ### mwasmnlm Assembler: #1608: call @L_DES_decrypt3_begin # Error: ^ # Unknown identifier, @L_DES_decrypt3_begin ### mwasmnlm Assembler: #1633: call @L_DES_decrypt3_begin # Error: ^ # Unknown identifier, @L_DES_decrypt3_begin ### mwasmnlm Driver Error: # The tool did not produce any output while compiling the file # 'crypto\des\asm\d-nw.asm' Errors caused tool to abort. make: *** [crypto\des\asm\d-nw.o] Error 1 with SNAP-20071122 all files were previously compilable with my fix. thanks, Guenter. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [PATCH] NetWare platform - next trial
Hi, due to the changes from SNAP-20071122 to SNAP-20071126 I get now compiled: mwasmnlm -maxerrors 20 -o crypto/md5/asm/m5-nw.o crypto/md5/asm/m5-nw.asm mwasmnlm -maxerrors 20 -o crypto/sha/asm/s1-nw.o crypto/sha/asm/s1-nw.asm mwasmnlm -maxerrors 20 -o crypto/ripemd/asm/rm-nw.o crypto/ripemd/asm/rm-nw.asm mwasmnlm -maxerrors 20 -o crypto/des/asm/y-nw.o crypto/des/asm/y-nw.asm mwasmnlm -maxerrors 20 -o crypto/bn/asm/bn-nw.o crypto/bn/asm/bn-nw.asm mwasmnlm -maxerrors 20 -o crypto/rc4/asm/r4-nw.o crypto/rc4/asm/r4-nw.asm and here it starts breaking: mwasmnlm -maxerrors 20 -o crypto/bf/asm/b-nw.o crypto/bf/asm/b-nw.asm ### mwasmnlm Assembler: #File: crypto\bf\asm\b-nw.asm # --- # 740: call @L_BF_encrypt_begin # Error: ^^^ # Unknown identifier, @L_BF_encrypt_begin ### mwasmnlm Assembler: # 788: call @L_BF_encrypt_begin # Error: ^^^ # Unknown identifier, @L_BF_encrypt_begin ### mwasmnlm Assembler: # 808: call @L_BF_decrypt_begin # Error: ^^^ # Unknown identifier, @L_BF_decrypt_begin ### mwasmnlm Assembler: # 837: call @L_BF_decrypt_begin # Error: ^^^ # Unknown identifier, @L_BF_decrypt_begin ### mwasmnlm Driver Error: # The tool did not produce any output while compiling the file # 'crypto\bf\asm\b-nw.asm' Errors caused tool to abort. make: *** [crypto/bf/asm/b-nw.o] Error 1 mwasmnlm -maxerrors 20 -o crypto/cast/asm/c-nw.o crypto/cast/asm/c-nw.asm ### mwasmnlm Assembler: #File: crypto\cast\asm\c-nw.asm # - # 785: call @L_CAST_encrypt_begin # Error: ^ # Unknown identifier, @L_CAST_encrypt_begin ### mwasmnlm Assembler: # 835: call @L_CAST_encrypt_begin # Error: ^ # Unknown identifier, @L_CAST_encrypt_begin ### mwasmnlm Assembler: # 855: call @L_CAST_decrypt_begin # Error: ^ # Unknown identifier, @L_CAST_decrypt_begin ### mwasmnlm Assembler: # 884: call @L_CAST_decrypt_begin # Error: ^ # Unknown identifier, @L_CAST_decrypt_begin ### mwasmnlm Driver Error: # The tool did not produce any output while compiling the file # 'crypto\cast\asm\c-nw.asm' Errors caused tool to abort. make: *** [crypto/cast/asm/c-nw.o] Error 1 mwasmnlm -maxerrors 20 -o crypto\des\asm\d-nw.o .\crypto\des\asm\d-nw.asm ### mwasmnlm Assembler: #File: crypto\des\asm\d-nw.asm # #1147: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1151: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1155: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1266: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1270: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1274: call @L_DES_encrypt2_begin # Error: ^ # Unknown identifier, @L_DES_encrypt2_begin ### mwasmnlm Assembler: #1366: call @L_DES_encrypt1_begin # Error: ^ # Unknown identifier, @L_DES_encrypt1_begin ### mwasmnlm Assembler: #1410: call @L_DES_encrypt1_begin # Error: ^ # Unknown identifier, @L_DES_encrypt1_begin ### mwasmnlm Assembler: #1426: call @L_DES_encrypt1_begin # Error: ^ # Unknown identifier, @L_DES_encrypt1_begin ### mwasmnlm Assembler: #1451: call @L_DES_encrypt1_begin # Error: ^ # Unknown identifier, @L_DES_encrypt1_begin ### mwasmnlm Assembler: #1548: call @L_DES_encrypt3_begin # Error: ^ # Unknown identifier, @L_DES_encrypt3_begin ### mwasmnlm Assembler: #1592: call @L_DES_encrypt3_begin # Error: ^ # Unknown identifier, @L_DES_encrypt3_begin ### mwasmnlm Assembler: #1608: call @L_DES_decrypt3_begin # Error: ^ # Unknown identifier, @L_DES_decrypt3_begin ### mwasmnlm Assembler: #1633: call @L_DES_decrypt3_begin # Error: ^ # Unknown identifier, @L_DES_decrypt3_begin ### mwasmnlm Driver Error: # The tool did not produce any output while compiling the file # 'crypto\des\asm\d-nw.asm' Errors caused tool to abort. make: *** [crypto\des\asm\d-nw.o] Error 1 mwasmnlm -maxerrors 20 -o crypto/rc5/asm/r5-nw.o crypto/rc5/asm/r5-nw.asm ### mwasmnlm Assembler: #File: crypto\rc5\asm\r5-nw.asm # - # 422: call