The branch OpenSSL_1_0_2-stable has been updated via 1e9446bf5c85486919fc54b15cc67e913a979eca (commit) via e94f52e0c70dc42f5de5b7982525f76cfe42fa90 (commit) from 83ab6e55a1f8de9b3e45d13dcc78eb739dc66dea (commit)
- Log ----------------------------------------------------------------- commit 1e9446bf5c85486919fc54b15cc67e913a979eca Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 4 22:54:29 2015 +0000 Add have_precompute_mult tests Add tests for have_precompute_mult for the optimised curves (nistp224, nistp256 and nistp521) if present Reviewed-by: Richard Levitte <levi...@openssl.org> (cherry picked from commit 8ce4e7e605577cb5818de068e2c6da60901cddba) commit e94f52e0c70dc42f5de5b7982525f76cfe42fa90 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 4 17:30:22 2015 +0000 Fix bug in nistp224/256/521 where have_precompute_mult always returns 0 During precomputation if the group given is well known then we memcpy a well known precomputation. However we go the wrong label in the code and don't store the data properly. Consequently if we call have_precompute_mult the data isn't there and we return 0. RT#3600 Reviewed-by: Richard Levitte <levi...@openssl.org> (cherry picked from commit 615614c8862fb89dcf1551a4e113be0789dddf5f) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ecp_nistp224.c | 4 ++-- crypto/ec/ecp_nistp256.c | 4 ++-- crypto/ec/ecp_nistp521.c | 4 ++-- crypto/ec/ectest.c | 9 +++++++++ 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index ed09f97..d81cc9c 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -1657,8 +1657,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx) */ if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) { memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp)); - ret = 1; - goto err; + goto done; } if ((!BN_to_felem(pre->g_pre_comp[0][1][0], &group->generator->X)) || (!BN_to_felem(pre->g_pre_comp[0][1][1], &group->generator->Y)) || @@ -1736,6 +1735,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx) } make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_felems); + done: if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp224_pre_comp_dup, nistp224_pre_comp_free, nistp224_pre_comp_clear_free)) diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index a588708..78d191a 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -2249,8 +2249,7 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx) */ if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) { memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp)); - ret = 1; - goto err; + goto done; } if ((!BN_to_felem(x_tmp, &group->generator->X)) || (!BN_to_felem(y_tmp, &group->generator->Y)) || @@ -2337,6 +2336,7 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx) } make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_smallfelems); + done: if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp256_pre_comp_dup, nistp256_pre_comp_free, nistp256_pre_comp_clear_free)) diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 360b9a3..c53a61b 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -2056,8 +2056,7 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx) */ if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) { memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp)); - ret = 1; - goto err; + goto done; } if ((!BN_to_felem(pre->g_pre_comp[1][0], &group->generator->X)) || (!BN_to_felem(pre->g_pre_comp[1][1], &group->generator->Y)) || @@ -2115,6 +2114,7 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx) } make_points_affine(15, &(pre->g_pre_comp[1]), tmp_felems); + done: if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp521_pre_comp_dup, nistp521_pre_comp_free, nistp521_pre_comp_clear_free)) diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index efab0b0..40a1f00 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -1758,9 +1758,18 @@ static void nistp_single_test(const struct nistp_test_params *test) if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; + /* + * We have not performed precomputation so have_precompute mult should be + * false + */ + if (EC_GROUP_have_precompute_mult(NISTP)) + ABORT; + /* now repeat all tests with precomputation */ if (!EC_GROUP_precompute_mult(NISTP, ctx)) ABORT; + if (!EC_GROUP_have_precompute_mult(NISTP)) + ABORT; /* fixed point multiplication */ EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits