Re: nist_cp_bn issue
On Fri, Dec 03, 2010 at 01:43:17PM -0500, Victor Duchovni wrote: > I don't understand the code in BN_nist_mod_192(), which calls > nist_cp_bn(), it has rather obscure pointer manipulation: > > /* > * we need 'if (carry==0 || result>=modulus) result-=modulus;' > * as comparison implies subtraction, we can write > * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' > * this is what happens below, but without explicit if:-) a. > */ > mask = > 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); > mask &= 0-(size_t)carry; > --->res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); > nist_cp_bn(r_d, res, BN_NIST_192_TOP); On closer inspection, the mask is expected to always be all zeros or all ones, so this should select the value of one of the two pointers, assuming this is twos-complement arithmentic and (0-1) is 0x...fff then res should be either "c_d" or "r_d". Somehow this did not work for you compiler. You may need to report what assembly code this produced and see where things went wrong... -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: nist_cp_bn issue
Hi, What compiler are you using under Windows? From my side, I have compiled and tested binaries produced by VC++ 2008 SP1 (cl version 15.00.30729.01) and the latest standalone native MinGW (gcc 4.5.0), and in both cases everything is OK (no crash and all tests succeed) -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/4/2010 1:59 AM, Marcus Carey wrote: I used openssl to create a server certificate and key. The s_server application never loads because the error occurs using the default ECDH parameters. Then I ran the ecdhtest application to see if there was a problem. ecdhtest.exe is the test application in the crypto/ecdh directory for testing elliptic curve Diffe-Hellman routines. All of the PRIME test failed. However, the BINARY test passed. As long as no other applications use these routines it should be okay. I guess. - Original Message - From: "Victor Duchovni" To: Sent: Friday, December 03, 2010 1:18 PM Subject: Re: nist_cp_bn issue On Fri, Dec 03, 2010 at 12:06:22PM -0800, Marcus Carey wrote: openssl ecdhtest What is "openssl ecdhtest"? Must use the -no_ecdhe flag. openssl.exe s_server -no_ecdhe With what cert/key? Any other options? What client invocation? ... openssl.exe!nist_cp_bn(unsigned int * buf=0x00acea80, unsigned int * a=0x0001, int top=8) Line 308 + 0x6 C Sure looks like "res" is not quite right... int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { /* . . . */ mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); mask &= 0-(size_t)carry; res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_256_TOP); // There is a problem here r->top = BN_NIST_256_TOP; bn_correct_top(r); return 1; } I don't understand the "res = ..." code, perhaps it is not portable to your Windows compiler, or perhaps it is not right. Please report a more detailed description of how you reproduce this. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: nist_cp_bn issue
I used openssl to create a server certificate and key. The s_server application never loads because the error occurs using the default ECDH parameters. Then I ran the ecdhtest application to see if there was a problem. ecdhtest.exe is the test application in the crypto/ecdh directory for testing elliptic curve Diffe-Hellman routines. All of the PRIME test failed. However, the BINARY test passed. As long as no other applications use these routines it should be okay. I guess. - Original Message - From: "Victor Duchovni" To: Sent: Friday, December 03, 2010 1:18 PM Subject: Re: nist_cp_bn issue On Fri, Dec 03, 2010 at 12:06:22PM -0800, Marcus Carey wrote: openssl ecdhtest What is "openssl ecdhtest"? Must use the -no_ecdhe flag. openssl.exe s_server -no_ecdhe With what cert/key? Any other options? What client invocation? ... openssl.exe!nist_cp_bn(unsigned int * buf=0x00acea80, unsigned int * a=0x0001, int top=8) Line 308 + 0x6 C Sure looks like "res" is not quite right... int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { /* . . . */ mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); mask &= 0-(size_t)carry; res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_256_TOP); // There is a problem here r->top = BN_NIST_256_TOP; bn_correct_top(r); return 1; } I don't understand the "res = ..." code, perhaps it is not portable to your Windows compiler, or perhaps it is not right. Please report a more detailed description of how you reproduce this. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: nist_cp_bn issue
On Fri, Dec 03, 2010 at 12:06:22PM -0800, Marcus Carey wrote: > openssl ecdhtest What is "openssl ecdhtest"? > Must use the -no_ecdhe flag. > openssl.exe s_server -no_ecdhe With what cert/key? Any other options? What client invocation? ... >> openssl.exe!nist_cp_bn(unsigned int * buf=0x00acea80, unsigned int * >> a=0x0001, int top=8) Line 308 + 0x6 C Sure looks like "res" is not quite right... > int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, > BN_CTX *ctx) > { > /* > . > . > . > */ > mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); > mask &= 0-(size_t)carry; > res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); > nist_cp_bn(r_d, res, BN_NIST_256_TOP); // There is a problem here > r->top = BN_NIST_256_TOP; > bn_correct_top(r); > return 1; > } I don't understand the "res = ..." code, perhaps it is not portable to your Windows compiler, or perhaps it is not right. Please report a more detailed description of how you reproduce this. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: nist_cp_bn issue
openssl ecdhtest openssl s_server Must use the -no_ecdhe flag. openssl.exe s_server -no_ecdhe ecdhetest.exe has the same access violation Unhandled exception at 0x004222f6 in ecdhtest.exe: 0xC005: Access violation reading location 0x0001 openssl.exe!nist_cp_bn(unsigned int * buf=0x00acea80, unsigned int * a=0x0001, int top=8) Line 308 + 0x6 C openssl.exe!BN_nist_mod_256(bignum_st * r=0x00acf2a0, const bignum_st * a=0x00acf2a0, const bignum_st * field=0x005bd0b4, bignum_ctx * ctx=0x00acd718) Line 641 + 0xf C openssl.exe!ec_GFp_nist_field_mul(const ec_group_st * group=0x00acfc98, bignum_st * r=0x00acf2a0, const bignum_st * a=0x00ad0848, const bignum_st * b=0x00acff7c, bignum_ctx * ctx=0x00acd718) Line 176 + 0x1c C openssl.exe!ec_GFp_simple_points_make_affine(const ec_group_st * group=0x00acfc98, unsigned int num=4, ec_point_st * * points=0x00acf028, bignum_ctx * ctx=0x00acd718) Line 1649 + 0x2e C openssl.exe!EC_POINTs_make_affine(const ec_group_st * group=0x00acfc98, unsigned int num=4, ec_point_st * * points=0x00acf028, bignum_ctx * ctx=0x00acd718) Line 1108 + 0x18 C openssl.exe!ec_wNAF_mul(const ec_group_st * group=0x00acfc98, ec_point_st * r=0x00acfda0, const bignum_st * scalar=0x00acf008, unsigned int num=0, const ec_point_st * * points=0x0012f8dc, const bignum_st * * scalars=0x0012f8e0, bignum_ctx * ctx=0x00acd718) Line 649 + 0x15 C openssl.exe!EC_POINTs_mul(const ec_group_st * group=0x00acfc98, ec_point_st * r=0x00acfda0, const bignum_st * scalar=0x00acf008, unsigned int num=0, const ec_point_st * * points=0x0012f8dc, const bignum_st * * scalars=0x0012f8e0, bignum_ctx * ctx=0x00acd718) Line 1123 + 0x21 C openssl.exe!EC_POINT_mul(const ec_group_st * group=0x00acfc98, ec_point_st * r=0x00acfda0, const bignum_st * g_scalar=0x00acf008, const ec_point_st * point=0x, const bignum_st * p_scalar=0x, bignum_ctx * ctx=0x00acd718) Line 1139 + 0x3d C openssl.exe!EC_KEY_generate_key(ec_key_st * eckey=0x00acf978) Line 275 + 0x1c C openssl.exe!ssl3_ctx_ctrl(ssl_ctx_st * ctx=0x00acdbf8, int cmd=4, long larg=0, void * parg=0x00ace568) Line 2648 + 0x9 C openssl.exe!SSL_CTX_ctrl(ssl_ctx_st * ctx=0x00acdbf8, int cmd=4, long larg=0, void * parg=0x00ace568) Line 1171 + 0x18 C openssl.exe!s_server_main(int argc=0, char * * argv=0x003c2b64) Line 1565 + 0x17 C openssl.exe!do_cmd(lhash_st_FUNCTION * prog=0x00ac9a50, int argc=2, char * * argv=0x003c2b5c) Line 413 + 0xe C openssl.exe!main(int Argc=2, char * * Argv=0x003c2b5c) Line 312 + 0x14 C openssl.exe!mainCRTStartup() Line 259 + 0x12 C kernel32.dll!7c817077() static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) { int i; BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); for (i = (top); i != 0; i--) *_tmp1++ = *_tmp2++; //There is a problem here } int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { /* . . . */ mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); mask &= 0-(size_t)carry; res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_256_TOP); // There is a problem here r->top = BN_NIST_256_TOP; bn_correct_top(r); return 1; } - Original Message - From: "Victor Duchovni" To: Sent: Friday, December 03, 2010 10:43 AM Subject: nist_cp_bn issue On Fri, Dec 03, 2010 at 09:10:41AM -0800, Marcus Carey wrote: I am still have issues with the default ECDH parameters in 1.0.0c. kEECDH handshakes appear to work. The key generation with NIST Prime-Curve P-192 crashes. How do you reproduce this? static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) { int i; BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); for (i = (top); i != 0; i--) *_tmp1++ = *_tmp2++; //There is a problem here } The above looks fine, in what context is this called? The code in crypto/bn/bn_nist.c has not changed since 0.9.8j, it is different in 0.9.8i. http://cvs.openssl.org/chngview?cn=17756 I don't understand the code in BN_nist_mod_192(), which calls nist_cp_bn(), it has rather obscure pointer manipulation: /* * we need 'if (carry==0 || result>=modulus) result-=modulus;' * as comparison implies subtraction, we can write * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' * this is what happens below, but without explicit if:-) a. */ mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); mask &= 0-(size_t)carry; --->res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_192_TOP); -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __
nist_cp_bn issue
On Fri, Dec 03, 2010 at 09:10:41AM -0800, Marcus Carey wrote: > I am still have issues with the default ECDH parameters in 1.0.0c. kEECDH handshakes appear to work. > The key generation with NIST Prime-Curve P-192 crashes. How do you reproduce this? > static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) > { >int i; >BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); >for (i = (top); i != 0; i--) >*_tmp1++ = *_tmp2++; //There is a problem here > } The above looks fine, in what context is this called? The code in crypto/bn/bn_nist.c has not changed since 0.9.8j, it is different in 0.9.8i. http://cvs.openssl.org/chngview?cn=17756 I don't understand the code in BN_nist_mod_192(), which calls nist_cp_bn(), it has rather obscure pointer manipulation: /* * we need 'if (carry==0 || result>=modulus) result-=modulus;' * as comparison implies subtraction, we can write * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' * this is what happens below, but without explicit if:-) a. */ mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); mask &= 0-(size_t)carry; --->res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_192_TOP); -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org