subject:"nist_cp

Re: nist_cp_bn issue

2010-12-03 Thread Victor Duchovni

On Fri, Dec 03, 2010 at 01:43:17PM -0500, Victor Duchovni wrote:

> I don't understand the code in BN_nist_mod_192(), which calls
> nist_cp_bn(), it has rather obscure pointer manipulation:
> 
> /*
>  * we need 'if (carry==0 || result>=modulus) result-=modulus;'
>  * as comparison implies subtraction, we can write
>  * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
>  * this is what happens below, but without explicit if:-) a.
>  */
> mask  = 
> 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
> mask &= 0-(size_t)carry;
> --->res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
> nist_cp_bn(r_d, res, BN_NIST_192_TOP);

On closer inspection, the mask is expected to always be all zeros or
all ones, so this should select the value of one of the two pointers,
assuming this is twos-complement arithmentic and (0-1) is 0x...fff
then res should be either "c_d" or "r_d". Somehow this did not work
for you compiler. You may need to report what assembly code this
produced and see where things went wrong...

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: nist_cp_bn issue

2010-12-03 Thread Mounir IDRASSI



Hi,

What compiler are you using under Windows?
From my side, I have compiled and tested binaries produced by VC++ 2008 
SP1 (cl version 15.00.30729.01) and the latest standalone native MinGW 
(gcc 4.5.0), and in both cases everything is OK (no crash and all tests 
succeed)


--
Mounir IDRASSI
IDRIX
http://www.idrix.fr




On 12/4/2010 1:59 AM, Marcus Carey wrote:
I used openssl to create a server certificate and key.  The s_server 
application never

loads because the error occurs using the default ECDH parameters.  Then I
ran the ecdhtest application to see if there was a problem.

ecdhtest.exe is the test application in the crypto/ecdh directory for
testing elliptic curve Diffe-Hellman routines.  All of the PRIME test
failed.  However, the BINARY test passed.  As long as no other 
applications use these routines it should be okay. I guess.


- Original Message - From: "Victor Duchovni" 


To: 
Sent: Friday, December 03, 2010 1:18 PM
Subject: Re: nist_cp_bn issue



On Fri, Dec 03, 2010 at 12:06:22PM -0800, Marcus Carey wrote:


openssl ecdhtest


What is "openssl ecdhtest"?


Must use the -no_ecdhe flag.
openssl.exe s_server -no_ecdhe


With what cert/key? Any other options? What client invocation? ...


openssl.exe!nist_cp_bn(unsigned int * buf=0x00acea80, unsigned int *
a=0x0001, int top=8)  Line 308 + 0x6 C


Sure looks like "res" is not quite right...


int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
BN_CTX *ctx)
{
/*
.
.
.
*/
mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
mask &= 0-(size_t)carry;
res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
nist_cp_bn(r_d, res, BN_NIST_256_TOP); // There is a problem here
r->top = BN_NIST_256_TOP;
bn_correct_top(r);
return 1;
}


I don't understand the "res = ..." code, perhaps it is not portable
to your Windows compiler, or perhaps it is not right. Please
report a more detailed description of how you reproduce this.

--
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org 


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: nist_cp_bn issue

2010-12-03 Thread Marcus Carey

I used openssl to create a server certificate and key.  The s_server 
application never

loads because the error occurs using the default ECDH parameters.  Then I
ran the ecdhtest application to see if there was a problem.

ecdhtest.exe is the test application in the crypto/ecdh directory for
testing elliptic curve Diffe-Hellman routines.  All of the PRIME test
failed.  However, the BINARY test passed.  As long as no other applications 
use these routines it should be okay. I guess.


- Original Message - 
From: "Victor Duchovni" 

To: 
Sent: Friday, December 03, 2010 1:18 PM
Subject: Re: nist_cp_bn issue



On Fri, Dec 03, 2010 at 12:06:22PM -0800, Marcus Carey wrote:


openssl ecdhtest


What is "openssl ecdhtest"?


Must use the -no_ecdhe flag.
openssl.exe s_server -no_ecdhe


With what cert/key? Any other options? What client invocation? ...


openssl.exe!nist_cp_bn(unsigned int * buf=0x00acea80, unsigned int *
a=0x0001, int top=8)  Line 308 + 0x6 C


Sure looks like "res" is not quite right...


int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
BN_CTX *ctx)
{
/*
.
.
.
*/
mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
mask &= 0-(size_t)carry;
res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
nist_cp_bn(r_d, res, BN_NIST_256_TOP); // There is a problem here
r->top = BN_NIST_256_TOP;
bn_correct_top(r);
return 1;
}


I don't understand the "res = ..." code, perhaps it is not portable
to your Windows compiler, or perhaps it is not right. Please
report a more detailed description of how you reproduce this.

--
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org 


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: nist_cp_bn issue

2010-12-03 Thread Victor Duchovni

On Fri, Dec 03, 2010 at 12:06:22PM -0800, Marcus Carey wrote:

> openssl ecdhtest

What is "openssl ecdhtest"?

> Must use the -no_ecdhe flag.
> openssl.exe s_server -no_ecdhe

With what cert/key? Any other options? What client invocation? ...

>> openssl.exe!nist_cp_bn(unsigned int * buf=0x00acea80, unsigned int *
>> a=0x0001, int top=8)  Line 308 + 0x6 C

Sure looks like "res" is not quite right...

> int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
> BN_CTX *ctx)
> {
> /*
> .
> .
> .
> */
> mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
> mask &= 0-(size_t)carry;
> res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
> nist_cp_bn(r_d, res, BN_NIST_256_TOP); // There is a problem here
> r->top = BN_NIST_256_TOP;
> bn_correct_top(r);
> return 1;
> }

I don't understand the "res = ..." code, perhaps it is not portable
to your Windows compiler, or perhaps it is not right. Please
report a more detailed description of how you reproduce this.

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: nist_cp_bn issue

2010-12-03 Thread Marcus Carey


openssl ecdhtest
openssl s_server

Must use the -no_ecdhe flag.
openssl.exe s_server -no_ecdhe



ecdhetest.exe has the same access violation
Unhandled exception at 0x004222f6 in ecdhtest.exe: 0xC005: Access
violation reading location 0x0001





openssl.exe!nist_cp_bn(unsigned int * buf=0x00acea80, unsigned int *
a=0x0001, int top=8)  Line 308 + 0x6 C

 openssl.exe!BN_nist_mod_256(bignum_st * r=0x00acf2a0, const bignum_st *
a=0x00acf2a0, const bignum_st * field=0x005bd0b4, bignum_ctx *
ctx=0x00acd718)  Line 641 + 0xf C
 openssl.exe!ec_GFp_nist_field_mul(const ec_group_st * group=0x00acfc98,
bignum_st * r=0x00acf2a0, const bignum_st * a=0x00ad0848, const bignum_st *
b=0x00acff7c, bignum_ctx * ctx=0x00acd718)  Line 176 + 0x1c C
 openssl.exe!ec_GFp_simple_points_make_affine(const ec_group_st *
group=0x00acfc98, unsigned int num=4, ec_point_st * * points=0x00acf028,
bignum_ctx * ctx=0x00acd718)  Line 1649 + 0x2e C
 openssl.exe!EC_POINTs_make_affine(const ec_group_st * group=0x00acfc98,
unsigned int num=4, ec_point_st * * points=0x00acf028, bignum_ctx *
ctx=0x00acd718)  Line 1108 + 0x18 C
 openssl.exe!ec_wNAF_mul(const ec_group_st * group=0x00acfc98, ec_point_st
* r=0x00acfda0, const bignum_st * scalar=0x00acf008, unsigned int num=0,
const ec_point_st * * points=0x0012f8dc, const bignum_st * *
scalars=0x0012f8e0, bignum_ctx * ctx=0x00acd718)  Line 649 + 0x15 C
 openssl.exe!EC_POINTs_mul(const ec_group_st * group=0x00acfc98,
ec_point_st * r=0x00acfda0, const bignum_st * scalar=0x00acf008, unsigned
int num=0, const ec_point_st * * points=0x0012f8dc, const bignum_st * *
scalars=0x0012f8e0, bignum_ctx * ctx=0x00acd718)  Line 1123 + 0x21 C
 openssl.exe!EC_POINT_mul(const ec_group_st * group=0x00acfc98, ec_point_st
* r=0x00acfda0, const bignum_st * g_scalar=0x00acf008, const ec_point_st *
point=0x, const bignum_st * p_scalar=0x, bignum_ctx *
ctx=0x00acd718)  Line 1139 + 0x3d C
 openssl.exe!EC_KEY_generate_key(ec_key_st * eckey=0x00acf978)  Line 275 +
0x1c C
 openssl.exe!ssl3_ctx_ctrl(ssl_ctx_st * ctx=0x00acdbf8, int cmd=4, long
larg=0, void * parg=0x00ace568)  Line 2648 + 0x9 C
 openssl.exe!SSL_CTX_ctrl(ssl_ctx_st * ctx=0x00acdbf8, int cmd=4, long
larg=0, void * parg=0x00ace568)  Line 1171 + 0x18 C
 openssl.exe!s_server_main(int argc=0, char * * argv=0x003c2b64)  Line 1565
+ 0x17 C
 openssl.exe!do_cmd(lhash_st_FUNCTION * prog=0x00ac9a50, int argc=2, char *
* argv=0x003c2b5c)  Line 413 + 0xe C
 openssl.exe!main(int Argc=2, char * * Argv=0x003c2b5c)  Line 312 + 0x14 C
 openssl.exe!mainCRTStartup()  Line 259 + 0x12 C
 kernel32.dll!7c817077()



static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
{
int i;
BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
for (i = (top); i != 0; i--)
*_tmp1++ = *_tmp2++;  //There is a problem here
}


int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
BN_CTX *ctx)
{
/*
.
.
.
*/
mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
mask &= 0-(size_t)carry;
res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
nist_cp_bn(r_d, res, BN_NIST_256_TOP); // There is a problem here
r->top = BN_NIST_256_TOP;
bn_correct_top(r);
return 1;
}

- Original Message - 
From: "Victor Duchovni" 

To: 
Sent: Friday, December 03, 2010 10:43 AM
Subject: nist_cp_bn issue



On Fri, Dec 03, 2010 at 09:10:41AM -0800, Marcus Carey wrote:


I am still have issues with the default ECDH parameters in 1.0.0c.


kEECDH handshakes appear to work.


The key generation with NIST Prime-Curve P-192 crashes.


How do you reproduce this?


static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
{
   int i;
   BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
   for (i = (top); i != 0; i--)
   *_tmp1++ = *_tmp2++;  //There is a problem here
}


The above looks fine, in what context is this called?

The code in crypto/bn/bn_nist.c has not changed since 0.9.8j, it is
different in 0.9.8i.

   http://cvs.openssl.org/chngview?cn=17756

I don't understand the code in BN_nist_mod_192(), which calls
nist_cp_bn(), it has rather obscure pointer manipulation:

   /*
* we need 'if (carry==0 || result>=modulus) result-=modulus;'
* as comparison implies subtraction, we can write
* 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
* this is what happens below, but without explicit if:-) a.
*/
   mask  = 
0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);

   mask &= 0-(size_t)carry;
--->res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
   nist_cp_bn(r_d, res, BN_NIST_192_TOP);

--
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org 


__

nist_cp_bn issue

2010-12-03 Thread Victor Duchovni

On Fri, Dec 03, 2010 at 09:10:41AM -0800, Marcus Carey wrote:

> I am still have issues with the default ECDH parameters in 1.0.0c.

kEECDH handshakes appear to work.

> The key generation with NIST Prime-Curve P-192 crashes.  

How do you reproduce this?

> static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
> {
>int i;
>BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
>for (i = (top); i != 0; i--)
>*_tmp1++ = *_tmp2++;  //There is a problem here
> }

The above looks fine, in what context is this called?

The code in crypto/bn/bn_nist.c has not changed since 0.9.8j, it is
different in 0.9.8i.

http://cvs.openssl.org/chngview?cn=17756

I don't understand the code in BN_nist_mod_192(), which calls
nist_cp_bn(), it has rather obscure pointer manipulation:

/*
 * we need 'if (carry==0 || result>=modulus) result-=modulus;'
 * as comparison implies subtraction, we can write
 * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
 * this is what happens below, but without explicit if:-) a.
 */
mask  = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
mask &= 0-(size_t)carry;
--->res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
nist_cp_bn(r_d, res, BN_NIST_192_TOP);

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: nist_cp_bn issue

Re: nist_cp_bn issue

Re: nist_cp_bn issue

Re: nist_cp_bn issue

Re: nist_cp_bn issue

nist_cp_bn issue

6 matches

Site Navigation

Mail list logo

Footer information