diff options
| author | miod <> | 2014-04-13 15:16:40 +0000 |
|---|---|---|
| committer | miod <> | 2014-04-13 15:16:40 +0000 |
| commit | dbf195d7fd4efbe4ee578f1dc5c72e7f3deadf18 (patch) | |
| tree | 0de23bccc2c4fc24d466d6a4291987efc8e44770 /src/lib/libcrypto/ec | |
| parent | 210506dd94a697493eb809fb31df7283912ded73 (diff) | |
| parent | 52628ee3f51f011b463aaedb1a28aa0524b43cb3 (diff) | |
| download | openbsd-dbf195d7fd4efbe4ee578f1dc5c72e7f3deadf18.tar.gz openbsd-dbf195d7fd4efbe4ee578f1dc5c72e7f3deadf18.tar.bz2 openbsd-dbf195d7fd4efbe4ee578f1dc5c72e7f3deadf18.zip | |
This commit was generated by cvs2git to track changes on a CVS vendor
branch.
Diffstat (limited to 'src/lib/libcrypto/ec')
| -rw-r--r-- | src/lib/libcrypto/ec/ec2_mult.c | 27 | ||||
| -rw-r--r-- | src/lib/libcrypto/ec/ec_ameth.c | 2 | ||||
| -rw-r--r-- | src/lib/libcrypto/ec/ec_asn1.c | 6 | ||||
| -rw-r--r-- | src/lib/libcrypto/ec/ec_key.c | 13 | ||||
| -rw-r--r-- | src/lib/libcrypto/ec/ec_pmeth.c | 2 |
5 files changed, 33 insertions, 17 deletions
diff --git a/src/lib/libcrypto/ec/ec2_mult.c b/src/lib/libcrypto/ec/ec2_mult.c index 26f4a783fc..1c575dc47a 100644 --- a/src/lib/libcrypto/ec/ec2_mult.c +++ b/src/lib/libcrypto/ec/ec2_mult.c | |||
| @@ -208,11 +208,15 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG | |||
| 208 | return ret; | 208 | return ret; |
| 209 | } | 209 | } |
| 210 | 210 | ||
| 211 | |||
| 211 | /* Computes scalar*point and stores the result in r. | 212 | /* Computes scalar*point and stores the result in r. |
| 212 | * point can not equal r. | 213 | * point can not equal r. |
| 213 | * Uses algorithm 2P of | 214 | * Uses a modified algorithm 2P of |
| 214 | * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over | 215 | * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over |
| 215 | * GF(2^m) without precomputation" (CHES '99, LNCS 1717). | 216 | * GF(2^m) without precomputation" (CHES '99, LNCS 1717). |
| 217 | * | ||
| 218 | * To protect against side-channel attack the function uses constant time swap, | ||
| 219 | * avoiding conditional branches. | ||
| 216 | */ | 220 | */ |
| 217 | static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | 221 | static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, |
| 218 | const EC_POINT *point, BN_CTX *ctx) | 222 | const EC_POINT *point, BN_CTX *ctx) |
| @@ -246,6 +250,11 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, | |||
| 246 | x2 = &r->X; | 250 | x2 = &r->X; |
| 247 | z2 = &r->Y; | 251 | z2 = &r->Y; |
| 248 | 252 | ||
| 253 | bn_wexpand(x1, group->field.top); | ||
| 254 | bn_wexpand(z1, group->field.top); | ||
| 255 | bn_wexpand(x2, group->field.top); | ||
| 256 | bn_wexpand(z2, group->field.top); | ||
| 257 | |||
| 249 | if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ | 258 | if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ |
| 250 | if (!BN_one(z1)) goto err; /* z1 = 1 */ | 259 | if (!BN_one(z1)) goto err; /* z1 = 1 */ |
| 251 | if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ | 260 | if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ |
| @@ -270,16 +279,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, | |||
| 270 | word = scalar->d[i]; | 279 | word = scalar->d[i]; |
| 271 | while (mask) | 280 | while (mask) |
| 272 | { | 281 | { |
| 273 | if (word & mask) | 282 | BN_consttime_swap(word & mask, x1, x2, group->field.top); |
| 274 | { | 283 | BN_consttime_swap(word & mask, z1, z2, group->field.top); |
| 275 | if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; | 284 | if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; |
| 276 | if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; | 285 | if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; |
| 277 | } | 286 | BN_consttime_swap(word & mask, x1, x2, group->field.top); |
| 278 | else | 287 | BN_consttime_swap(word & mask, z1, z2, group->field.top); |
| 279 | { | ||
| 280 | if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; | ||
| 281 | if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; | ||
| 282 | } | ||
| 283 | mask >>= 1; | 288 | mask >>= 1; |
| 284 | } | 289 | } |
| 285 | mask = BN_TBIT; | 290 | mask = BN_TBIT; |
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c index 83909c1853..0ce4524076 100644 --- a/src/lib/libcrypto/ec/ec_ameth.c +++ b/src/lib/libcrypto/ec/ec_ameth.c | |||
| @@ -88,7 +88,7 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) | |||
| 88 | if (!pstr) | 88 | if (!pstr) |
| 89 | return 0; | 89 | return 0; |
| 90 | pstr->length = i2d_ECParameters(ec_key, &pstr->data); | 90 | pstr->length = i2d_ECParameters(ec_key, &pstr->data); |
| 91 | if (pstr->length < 0) | 91 | if (pstr->length <= 0) |
| 92 | { | 92 | { |
| 93 | ASN1_STRING_free(pstr); | 93 | ASN1_STRING_free(pstr); |
| 94 | ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB); | 94 | ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB); |
diff --git a/src/lib/libcrypto/ec/ec_asn1.c b/src/lib/libcrypto/ec/ec_asn1.c index 175eec5342..145807b611 100644 --- a/src/lib/libcrypto/ec/ec_asn1.c +++ b/src/lib/libcrypto/ec/ec_asn1.c | |||
| @@ -89,7 +89,8 @@ int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k) | |||
| 89 | if (group == NULL) | 89 | if (group == NULL) |
| 90 | return 0; | 90 | return 0; |
| 91 | 91 | ||
| 92 | if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve | 92 | if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != |
| 93 | NID_X9_62_characteristic_two_field | ||
| 93 | || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) | 94 | || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) |
| 94 | { | 95 | { |
| 95 | ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 96 | ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| @@ -107,7 +108,8 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, | |||
| 107 | if (group == NULL) | 108 | if (group == NULL) |
| 108 | return 0; | 109 | return 0; |
| 109 | 110 | ||
| 110 | if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve | 111 | if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != |
| 112 | NID_X9_62_characteristic_two_field | ||
| 111 | || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) | 113 | || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) |
| 112 | { | 114 | { |
| 113 | ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 115 | ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c index bf9fd2dc2c..7fa247593d 100644 --- a/src/lib/libcrypto/ec/ec_key.c +++ b/src/lib/libcrypto/ec/ec_key.c | |||
| @@ -520,18 +520,27 @@ void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) | |||
| 520 | void *EC_KEY_get_key_method_data(EC_KEY *key, | 520 | void *EC_KEY_get_key_method_data(EC_KEY *key, |
| 521 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) | 521 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) |
| 522 | { | 522 | { |
| 523 | return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); | 523 | void *ret; |
| 524 | |||
| 525 | CRYPTO_r_lock(CRYPTO_LOCK_EC); | ||
| 526 | ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); | ||
| 527 | CRYPTO_r_unlock(CRYPTO_LOCK_EC); | ||
| 528 | |||
| 529 | return ret; | ||
| 524 | } | 530 | } |
| 525 | 531 | ||
| 526 | void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, | 532 | void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, |
| 527 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) | 533 | void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) |
| 528 | { | 534 | { |
| 529 | EC_EXTRA_DATA *ex_data; | 535 | EC_EXTRA_DATA *ex_data; |
| 536 | |||
| 530 | CRYPTO_w_lock(CRYPTO_LOCK_EC); | 537 | CRYPTO_w_lock(CRYPTO_LOCK_EC); |
| 531 | ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); | 538 | ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); |
| 532 | if (ex_data == NULL) | 539 | if (ex_data == NULL) |
| 533 | EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); | 540 | EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); |
| 534 | CRYPTO_w_unlock(CRYPTO_LOCK_EC); | 541 | CRYPTO_w_unlock(CRYPTO_LOCK_EC); |
| 542 | |||
| 543 | return ex_data; | ||
| 535 | } | 544 | } |
| 536 | 545 | ||
| 537 | void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) | 546 | void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) |
diff --git a/src/lib/libcrypto/ec/ec_pmeth.c b/src/lib/libcrypto/ec/ec_pmeth.c index d1ed66c37e..66ee397d86 100644 --- a/src/lib/libcrypto/ec/ec_pmeth.c +++ b/src/lib/libcrypto/ec/ec_pmeth.c | |||
| @@ -188,7 +188,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) | |||
| 188 | 188 | ||
| 189 | pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec); | 189 | pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec); |
| 190 | 190 | ||
| 191 | /* NB: unlike PKS#3 DH, if *outlen is less than maximum size this is | 191 | /* NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is |
| 192 | * not an error, the result is truncated. | 192 | * not an error, the result is truncated. |
| 193 | */ | 193 | */ |
| 194 | 194 | ||