summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ec
diff options
context:
space:
mode:
authormiod <>2014-04-13 15:16:40 +0000
committermiod <>2014-04-13 15:16:40 +0000
commit92349eb53934e1b3e9b807e603d45417a6320d21 (patch)
tree0de23bccc2c4fc24d466d6a4291987efc8e44770 /src/lib/libcrypto/ec
parentbdcc75be513421611e357921c457c3c5f631a14c (diff)
parent52628ee3f51f011b463aaedb1a28aa0524b43cb3 (diff)
downloadopenbsd-92349eb53934e1b3e9b807e603d45417a6320d21.tar.gz
openbsd-92349eb53934e1b3e9b807e603d45417a6320d21.tar.bz2
openbsd-92349eb53934e1b3e9b807e603d45417a6320d21.zip
This commit was generated by cvs2git to track changes on a CVS vendor
branch.
Diffstat (limited to 'src/lib/libcrypto/ec')
-rw-r--r--src/lib/libcrypto/ec/ec2_mult.c27
-rw-r--r--src/lib/libcrypto/ec/ec_ameth.c2
-rw-r--r--src/lib/libcrypto/ec/ec_asn1.c6
-rw-r--r--src/lib/libcrypto/ec/ec_key.c13
-rw-r--r--src/lib/libcrypto/ec/ec_pmeth.c2
5 files changed, 33 insertions, 17 deletions
diff --git a/src/lib/libcrypto/ec/ec2_mult.c b/src/lib/libcrypto/ec/ec2_mult.c
index 26f4a783fc..1c575dc47a 100644
--- a/src/lib/libcrypto/ec/ec2_mult.c
+++ b/src/lib/libcrypto/ec/ec2_mult.c
@@ -208,11 +208,15 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG
208 return ret; 208 return ret;
209 } 209 }
210 210
211
211/* Computes scalar*point and stores the result in r. 212/* Computes scalar*point and stores the result in r.
212 * point can not equal r. 213 * point can not equal r.
213 * Uses algorithm 2P of 214 * Uses a modified algorithm 2P of
214 * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over 215 * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
215 * GF(2^m) without precomputation" (CHES '99, LNCS 1717). 216 * GF(2^m) without precomputation" (CHES '99, LNCS 1717).
217 *
218 * To protect against side-channel attack the function uses constant time swap,
219 * avoiding conditional branches.
216 */ 220 */
217static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, 221static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
218 const EC_POINT *point, BN_CTX *ctx) 222 const EC_POINT *point, BN_CTX *ctx)
@@ -246,6 +250,11 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
246 x2 = &r->X; 250 x2 = &r->X;
247 z2 = &r->Y; 251 z2 = &r->Y;
248 252
253 bn_wexpand(x1, group->field.top);
254 bn_wexpand(z1, group->field.top);
255 bn_wexpand(x2, group->field.top);
256 bn_wexpand(z2, group->field.top);
257
249 if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ 258 if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
250 if (!BN_one(z1)) goto err; /* z1 = 1 */ 259 if (!BN_one(z1)) goto err; /* z1 = 1 */
251 if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ 260 if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
@@ -270,16 +279,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
270 word = scalar->d[i]; 279 word = scalar->d[i];
271 while (mask) 280 while (mask)
272 { 281 {
273 if (word & mask) 282 BN_consttime_swap(word & mask, x1, x2, group->field.top);
274 { 283 BN_consttime_swap(word & mask, z1, z2, group->field.top);
275 if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; 284 if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
276 if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; 285 if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
277 } 286 BN_consttime_swap(word & mask, x1, x2, group->field.top);
278 else 287 BN_consttime_swap(word & mask, z1, z2, group->field.top);
279 {
280 if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
281 if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
282 }
283 mask >>= 1; 288 mask >>= 1;
284 } 289 }
285 mask = BN_TBIT; 290 mask = BN_TBIT;
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index 83909c1853..0ce4524076 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -88,7 +88,7 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
88 if (!pstr) 88 if (!pstr)
89 return 0; 89 return 0;
90 pstr->length = i2d_ECParameters(ec_key, &pstr->data); 90 pstr->length = i2d_ECParameters(ec_key, &pstr->data);
91 if (pstr->length < 0) 91 if (pstr->length <= 0)
92 { 92 {
93 ASN1_STRING_free(pstr); 93 ASN1_STRING_free(pstr);
94 ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB); 94 ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);
diff --git a/src/lib/libcrypto/ec/ec_asn1.c b/src/lib/libcrypto/ec/ec_asn1.c
index 175eec5342..145807b611 100644
--- a/src/lib/libcrypto/ec/ec_asn1.c
+++ b/src/lib/libcrypto/ec/ec_asn1.c
@@ -89,7 +89,8 @@ int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
89 if (group == NULL) 89 if (group == NULL)
90 return 0; 90 return 0;
91 91
92 if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve 92 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
93 NID_X9_62_characteristic_two_field
93 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) 94 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0)))
94 { 95 {
95 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 96 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -107,7 +108,8 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
107 if (group == NULL) 108 if (group == NULL)
108 return 0; 109 return 0;
109 110
110 if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve 111 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
112 NID_X9_62_characteristic_two_field
111 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) 113 || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0)))
112 { 114 {
113 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 115 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c
index bf9fd2dc2c..7fa247593d 100644
--- a/src/lib/libcrypto/ec/ec_key.c
+++ b/src/lib/libcrypto/ec/ec_key.c
@@ -520,18 +520,27 @@ void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
520void *EC_KEY_get_key_method_data(EC_KEY *key, 520void *EC_KEY_get_key_method_data(EC_KEY *key,
521 void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) 521 void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
522 { 522 {
523 return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); 523 void *ret;
524
525 CRYPTO_r_lock(CRYPTO_LOCK_EC);
526 ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
527 CRYPTO_r_unlock(CRYPTO_LOCK_EC);
528
529 return ret;
524 } 530 }
525 531
526void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, 532void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
527 void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) 533 void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
528 { 534 {
529 EC_EXTRA_DATA *ex_data; 535 EC_EXTRA_DATA *ex_data;
536
530 CRYPTO_w_lock(CRYPTO_LOCK_EC); 537 CRYPTO_w_lock(CRYPTO_LOCK_EC);
531 ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); 538 ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
532 if (ex_data == NULL) 539 if (ex_data == NULL)
533 EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); 540 EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func);
534 CRYPTO_w_unlock(CRYPTO_LOCK_EC); 541 CRYPTO_w_unlock(CRYPTO_LOCK_EC);
542
543 return ex_data;
535 } 544 }
536 545
537void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) 546void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
diff --git a/src/lib/libcrypto/ec/ec_pmeth.c b/src/lib/libcrypto/ec/ec_pmeth.c
index d1ed66c37e..66ee397d86 100644
--- a/src/lib/libcrypto/ec/ec_pmeth.c
+++ b/src/lib/libcrypto/ec/ec_pmeth.c
@@ -188,7 +188,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
188 188
189 pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec); 189 pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
190 190
191 /* NB: unlike PKS#3 DH, if *outlen is less than maximum size this is 191 /* NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is
192 * not an error, the result is truncated. 192 * not an error, the result is truncated.
193 */ 193 */
194 194