diff options
author | miod <> | 2014-04-13 15:16:40 +0000 |
---|---|---|
committer | miod <> | 2014-04-13 15:16:40 +0000 |
commit | 92349eb53934e1b3e9b807e603d45417a6320d21 (patch) | |
tree | 0de23bccc2c4fc24d466d6a4291987efc8e44770 /src/lib/libcrypto/ec | |
parent | bdcc75be513421611e357921c457c3c5f631a14c (diff) | |
parent | 52628ee3f51f011b463aaedb1a28aa0524b43cb3 (diff) | |
download | openbsd-92349eb53934e1b3e9b807e603d45417a6320d21.tar.gz openbsd-92349eb53934e1b3e9b807e603d45417a6320d21.tar.bz2 openbsd-92349eb53934e1b3e9b807e603d45417a6320d21.zip |
This commit was generated by cvs2git to track changes on a CVS vendor
branch.
Diffstat (limited to 'src/lib/libcrypto/ec')
-rw-r--r-- | src/lib/libcrypto/ec/ec2_mult.c | 27 | ||||
-rw-r--r-- | src/lib/libcrypto/ec/ec_ameth.c | 2 | ||||
-rw-r--r-- | src/lib/libcrypto/ec/ec_asn1.c | 6 | ||||
-rw-r--r-- | src/lib/libcrypto/ec/ec_key.c | 13 | ||||
-rw-r--r-- | src/lib/libcrypto/ec/ec_pmeth.c | 2 |
5 files changed, 33 insertions, 17 deletions
diff --git a/src/lib/libcrypto/ec/ec2_mult.c b/src/lib/libcrypto/ec/ec2_mult.c index 26f4a783fc..1c575dc47a 100644 --- a/src/lib/libcrypto/ec/ec2_mult.c +++ b/src/lib/libcrypto/ec/ec2_mult.c | |||
@@ -208,11 +208,15 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG | |||
208 | return ret; | 208 | return ret; |
209 | } | 209 | } |
210 | 210 | ||
211 | |||
211 | /* Computes scalar*point and stores the result in r. | 212 | /* Computes scalar*point and stores the result in r. |
212 | * point can not equal r. | 213 | * point can not equal r. |
213 | * Uses algorithm 2P of | 214 | * Uses a modified algorithm 2P of |
214 | * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over | 215 | * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over |
215 | * GF(2^m) without precomputation" (CHES '99, LNCS 1717). | 216 | * GF(2^m) without precomputation" (CHES '99, LNCS 1717). |
217 | * | ||
218 | * To protect against side-channel attack the function uses constant time swap, | ||
219 | * avoiding conditional branches. | ||
216 | */ | 220 | */ |
217 | static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | 221 | static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, |
218 | const EC_POINT *point, BN_CTX *ctx) | 222 | const EC_POINT *point, BN_CTX *ctx) |
@@ -246,6 +250,11 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, | |||
246 | x2 = &r->X; | 250 | x2 = &r->X; |
247 | z2 = &r->Y; | 251 | z2 = &r->Y; |
248 | 252 | ||
253 | bn_wexpand(x1, group->field.top); | ||
254 | bn_wexpand(z1, group->field.top); | ||
255 | bn_wexpand(x2, group->field.top); | ||
256 | bn_wexpand(z2, group->field.top); | ||
257 | |||
249 | if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ | 258 | if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ |
250 | if (!BN_one(z1)) goto err; /* z1 = 1 */ | 259 | if (!BN_one(z1)) goto err; /* z1 = 1 */ |
251 | if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ | 260 | if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ |
@@ -270,16 +279,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, | |||
270 | word = scalar->d[i]; | 279 | word = scalar->d[i]; |
271 | while (mask) | 280 | while (mask) |
272 | { | 281 | { |
273 | if (word & mask) | 282 | BN_consttime_swap(word & mask, x1, x2, group->field.top); |
274 | { | 283 | BN_consttime_swap(word & mask, z1, z2, group->field.top); |
275 | if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; | 284 | if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; |
276 | if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; | 285 | if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; |
277 | } | 286 | BN_consttime_swap(word & mask, x1, x2, group->field.top); |
278 | else | 287 | BN_consttime_swap(word & mask, z1, z2, group->field.top); |
279 | { | ||
280 | if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; | ||
281 | if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; | ||
282 | } | ||
283 | mask >>= 1; | 288 | mask >>= 1; |
284 | } | 289 | } |
285 | mask = BN_TBIT; | 290 | mask = BN_TBIT; |
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c index 83909c1853..0ce4524076 100644 --- a/src/lib/libcrypto/ec/ec_ameth.c +++ b/src/lib/libcrypto/ec/ec_ameth.c | |||
@@ -88,7 +88,7 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) | |||
88 | if (!pstr) | 88 | if (!pstr) |
89 | return 0; | 89 | return 0; |
90 | pstr->length = i2d_ECParameters(ec_key, &pstr->data); | 90 | pstr->length = i2d_ECParameters(ec_key, &pstr->data); |
91 | if (pstr->length < 0) | 91 | if (pstr->length <= 0) |
92 | { | 92 | { |
93 | ASN1_STRING_free(pstr); | 93 | ASN1_STRING_free(pstr); |
94 | ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB); | 94 | ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB); |
diff --git a/src/lib/libcrypto/ec/ec_asn1.c b/src/lib/libcrypto/ec/ec_asn1.c index 175eec5342..145807b611 100644 --- a/src/lib/libcrypto/ec/ec_asn1.c +++ b/src/lib/libcrypto/ec/ec_asn1.c | |||
@@ -89,7 +89,8 @@ int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k) | |||
89 | if (group == NULL) | 89 | if (group == NULL) |
90 | return 0; | 90 | return 0; |
91 | 91 | ||
92 | if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve | 92 | if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != |
93 | NID_X9_62_characteristic_two_field | ||
93 | || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) | 94 | || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) |
94 | { | 95 | { |
95 | ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 96 | ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
@@ -107,7 +108,8 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, | |||
107 | if (group == NULL) | 108 | if (group == NULL) |
108 | return 0; | 109 | return 0; |
109 | 110 | ||
110 | if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve | 111 | if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != |
112 | NID_X9_62_characteristic_two_field | ||
111 | || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) | 113 | || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) |
112 | { | 114 | { |
113 | ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 115 | ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c index bf9fd2dc2c..7fa247593d 100644 --- a/src/lib/libcrypto/ec/ec_key.c +++ b/src/lib/libcrypto/ec/ec_key.c | |||
@@ -520,18 +520,27 @@ void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) | |||
520 | void *EC_KEY_get_key_method_data(EC_KEY *key, | 520 | void *EC_KEY_get_key_method_data(EC_KEY *key, |
521 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) | 521 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) |
522 | { | 522 | { |
523 | return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); | 523 | void *ret; |
524 | |||
525 | CRYPTO_r_lock(CRYPTO_LOCK_EC); | ||
526 | ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); | ||
527 | CRYPTO_r_unlock(CRYPTO_LOCK_EC); | ||
528 | |||
529 | return ret; | ||
524 | } | 530 | } |
525 | 531 | ||
526 | void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, | 532 | void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, |
527 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) | 533 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) |
528 | { | 534 | { |
529 | EC_EXTRA_DATA *ex_data; | 535 | EC_EXTRA_DATA *ex_data; |
536 | |||
530 | CRYPTO_w_lock(CRYPTO_LOCK_EC); | 537 | CRYPTO_w_lock(CRYPTO_LOCK_EC); |
531 | ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); | 538 | ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); |
532 | if (ex_data == NULL) | 539 | if (ex_data == NULL) |
533 | EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); | 540 | EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); |
534 | CRYPTO_w_unlock(CRYPTO_LOCK_EC); | 541 | CRYPTO_w_unlock(CRYPTO_LOCK_EC); |
542 | |||
543 | return ex_data; | ||
535 | } | 544 | } |
536 | 545 | ||
537 | void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) | 546 | void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) |
diff --git a/src/lib/libcrypto/ec/ec_pmeth.c b/src/lib/libcrypto/ec/ec_pmeth.c index d1ed66c37e..66ee397d86 100644 --- a/src/lib/libcrypto/ec/ec_pmeth.c +++ b/src/lib/libcrypto/ec/ec_pmeth.c | |||
@@ -188,7 +188,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) | |||
188 | 188 | ||
189 | pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec); | 189 | pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec); |
190 | 190 | ||
191 | /* NB: unlike PKS#3 DH, if *outlen is less than maximum size this is | 191 | /* NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is |
192 | * not an error, the result is truncated. | 192 | * not an error, the result is truncated. |
193 | */ | 193 | */ |
194 | 194 | ||