WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit e94f52e0 authored Nov 04, 2015 by Matt Caswell

Fix bug in nistp224/256/521 where have_precompute_mult always returns 0



During precomputation if the group given is well known then we memcpy a
well known precomputation. However we go the wrong label in the code and
don't store the data properly. Consequently if we call have_precompute_mult
the data isn't there and we return 0.

RT#3600

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 615614c8)

parent 83ab6e55

crypto/ec/ecp_nistp224.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1657,8 +1657,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP group, BN_CTX ctx)
		*/
		if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
		memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
		ret = 1;
		goto err;
		goto done;
		}
		if ((!BN_to_felem(pre->g_pre_comp[0][1][0], &group->generator->X)) \|\|
		(!BN_to_felem(pre->g_pre_comp[0][1][1], &group->generator->Y)) \|\|
		@@ -1736,6 +1735,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP group, BN_CTX ctx)
		}
		make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_felems);

		done:
		if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp224_pre_comp_dup,
		nistp224_pre_comp_free,
		nistp224_pre_comp_clear_free))

crypto/ec/ecp_nistp256.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -2249,8 +2249,7 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP group, BN_CTX ctx)
		*/
		if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
		memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
		ret = 1;
		goto err;
		goto done;
		}
		if ((!BN_to_felem(x_tmp, &group->generator->X)) \|\|
		(!BN_to_felem(y_tmp, &group->generator->Y)) \|\|
		@@ -2337,6 +2336,7 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP group, BN_CTX ctx)
		}
		make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_smallfelems);

		done:
		if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp256_pre_comp_dup,
		nistp256_pre_comp_free,
		nistp256_pre_comp_clear_free))

crypto/ec/ecp_nistp521.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -2056,8 +2056,7 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP group, BN_CTX ctx)
		*/
		if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
		memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
		ret = 1;
		goto err;
		goto done;
		}
		if ((!BN_to_felem(pre->g_pre_comp[1][0], &group->generator->X)) \|\|
		(!BN_to_felem(pre->g_pre_comp[1][1], &group->generator->Y)) \|\|
		@@ -2115,6 +2114,7 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP group, BN_CTX ctx)
		}
		make_points_affine(15, &(pre->g_pre_comp[1]), tmp_felems);

		done:
		if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp521_pre_comp_dup,
		nistp521_pre_comp_free,
		nistp521_pre_comp_clear_free))