Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 (b22250bb) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,10 @@

		Changes between 0.9.8e and 0.9.8f [xx XXX xxxx]

		*) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
		(which previously caused an internal error).
		[Bodo Moeller]

		*) Squeeze another 10% out of IGE mode when in != out.
		[Ben Laurie]

crypto/ec/ec.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -471,6 +471,7 @@ void ERR_load_EC_strings(void);
		#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126
		#define EC_F_EC_POINT_SET_TO_INFINITY 127
		#define EC_F_EC_PRE_COMP_DUP 207
		#define EC_F_EC_PRE_COMP_NEW 196
		#define EC_F_EC_WNAF_MUL 187
		#define EC_F_EC_WNAF_PRECOMPUTE_MULT 188
		#define EC_F_I2D_ECPARAMETERS 190

crypto/ec/ec_err.c

+2 −1

Original line number	Diff line number	Diff line
		/* crypto/ec/ec_err.c */
		/* ====================================================================
		* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
		* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
		*
		* Redistribution and use in source and binary forms, with or without
		* modification, are permitted provided that the following conditions
		@@ -170,6 +170,7 @@ static ERR_STRING_DATA EC_str_functs[]=
		{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"},
		{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
		{ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"},
		{ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"},
		{ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"},
		{ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"},
		{ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"},

crypto/ec/ec_mult.c

+31 −3

Original line number	Diff line number	Diff line
		@@ -3,7 +3,7 @@
		* Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
		*/
		/* ====================================================================
		* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
		* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
		*
		* Redistribution and use in source and binary forms, with or without
		* modification, are permitted provided that the following conditions
		@@ -104,7 +104,10 @@ static EC_PRE_COMP ec_pre_comp_new(const EC_GROUP group)

		ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP));
		if (!ret)
		{
		ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
		return ret;
		}
		ret->group = group;
		ret->blocksize = 8; /* default */
		ret->numblocks = 0;
		@@ -194,6 +197,19 @@ static signed char compute_wNAF(const BIGNUM scalar, int w, size_t *ret_len)
		int bit, next_bit, mask;
		size_t len = 0, j;

		if (BN_is_zero(scalar))
		{
		r = OPENSSL_malloc(1);
		if (!r)
		{
		ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
		goto err;
		}
		r[0] = 0;
		*ret_len = 1;
		return r;
		}

		if (w <= 0 \|\| w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */
		{
		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
		@@ -212,7 +228,11 @@ static signed char compute_wNAF(const BIGNUM scalar, int w, size_t *ret_len)
		r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation
		* (*ret_len will be set to the actual length, i.e. at most
		* BN_num_bits(scalar) + 1) */
		if (r == NULL) goto err;
		if (r == NULL)
		{
		ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
		goto err;
		}

		if (scalar->d == NULL \|\| scalar->top == 0)
		{
		@@ -425,7 +445,10 @@ int ec_wNAF_mul(const EC_GROUP group, EC_POINT r, const BIGNUM *scalar,
		val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);

		if (!wsize \|\| !wNAF_len \|\| !wNAF \|\| !val_sub)
		{
		ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
		goto err;
		}

		wNAF[0] = NULL; /* preliminary pivot */

		@@ -538,6 +561,7 @@ int ec_wNAF_mul(const EC_GROUP group, EC_POINT r, const BIGNUM *scalar,
		wNAF[i] = OPENSSL_malloc(wNAF_len[i]);
		if (wNAF[i] == NULL)
		{
		ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
		OPENSSL_free(tmp_wNAF);
		goto err;
		}
		@@ -564,7 +588,11 @@ int ec_wNAF_mul(const EC_GROUP group, EC_POINT r, const BIGNUM *scalar,
		* 'val_sub[i]' is a pointer to the subarray for the i-th point,
		* or to a subarray of 'pre_comp->points' if we already have precomputation. */
		val = OPENSSL_malloc((num_val + 1) * sizeof val[0]);
		if (val == NULL) goto err;
		if (val == NULL)
		{
		ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
		goto err;
		}
		val[num_val] = NULL; /* pivot element */

		/* allocate points for precomputation */

crypto/ec/ectest.c

+11 −3

Original line number	Diff line number	Diff line
		@@ -659,13 +659,15 @@ void prime_field_tests()
		if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */

		{
		const EC_POINT *points[3];
		const BIGNUM *scalars[3];
		const EC_POINT *points[4];
		const BIGNUM *scalars[4];
		BIGNUM scalar3;

		if (EC_POINT_is_at_infinity(group, Q)) ABORT;
		points[0] = Q;
		points[1] = Q;
		points[2] = Q;
		points[3] = Q;

		if (!BN_add(y, z, BN_value_one())) ABORT;
		if (BN_is_odd(y)) ABORT;
		@@ -704,10 +706,16 @@ void prime_field_tests()
		scalars[1] = y;
		scalars[2] = z; /* z = -(x+y) */

		if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT;
		BN_init(&scalar3);
		BN_zero(&scalar3);
		scalars[3] = &scalar3;

		if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) ABORT;
		if (!EC_POINT_is_at_infinity(group, P)) ABORT;

		fprintf(stdout, " ok\n\n");

		BN_free(&scalar3);
		}