Simplify y_bit handling in compressed coordinates

If y_bit is set for a zero y, something is wrong and we can error directly. No need to run the non-trivial BN_kronecker() to check if BN_mod_sqrt() lied or not, only to set a more specific error code. ok jsing
author: tb <> 2022-11-24 16:34:13 +0000
committer: tb <> 2022-11-24 16:34:13 +0000
commit: be4769d0741d6847bc2d339bb9e31e8f01498e2c (patch)
tree: e8f6a5ffd4df260c66796094b0a219ab59b4dc3a /src/lib
parent: 702a8c6becedac4bb6fda1ca729df5ab91006fa4 (diff)
download: openbsd-be4769d0741d6847bc2d339bb9e31e8f01498e2c.tar.gz
openbsd-be4769d0741d6847bc2d339bb9e31e8f01498e2c.tar.bz2
openbsd-be4769d0741d6847bc2d339bb9e31e8f01498e2c.zip
1 files changed, 2 insertions, 15 deletions
diff --git a/src/lib/libcrypto/ec/ecp_oct.c b/src/lib/libcrypto/ec/ecp_oct.c
index 7c29e7e612..5e3484e2bc 100644
--- a/src/lib/libcrypto/ec/ecp_oct.c
+++ b/src/lib/libcrypto/ec/ecp_oct.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_oct.c,v 1.16 2022/11/19 07:29:29 tb Exp $ */
+/* $OpenBSD: ecp_oct.c,v 1.17 2022/11/24 16:34:13 tb Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * for the OpenSSL project.
 * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -162,20 +162,7 @@ ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
        }
        if (y_bit != BN_is_odd(y)) {
                if (BN_is_zero(y)) {
-                        int kron;
+                        ECerror(EC_R_INVALID_COMPRESSION_BIT);
-                        kron = BN_kronecker(x, &group->field, ctx);
-                        if (kron == -2)
-                                goto err;
-                        if (kron == 1)
-                                ECerror(EC_R_INVALID_COMPRESSION_BIT);
-                        else
-                                /*
-                                 * BN_mod_sqrt() should have cought this
-                                 * error (not a square)
-                                 */
-                                ECerror(EC_R_INVALID_COMPRESSED_POINT);
                        goto err;
                }
                if (!BN_usub(y, &group->field, y))
author	tb <>	2022-11-24 16:34:13 +0000
committer	tb <>	2022-11-24 16:34:13 +0000
commit	be4769d0741d6847bc2d339bb9e31e8f01498e2c (patch)
tree	e8f6a5ffd4df260c66796094b0a219ab59b4dc3a /src/lib
parent	702a8c6becedac4bb6fda1ca729df5ab91006fa4 (diff)
download	openbsd-be4769d0741d6847bc2d339bb9e31e8f01498e2c.tar.gz openbsd-be4769d0741d6847bc2d339bb9e31e8f01498e2c.tar.bz2 openbsd-be4769d0741d6847bc2d339bb9e31e8f01498e2c.zip

diff --git a/src/lib/libcrypto/ec/ecp_oct.c b/src/lib/libcrypto/ec/ecp_oct.c index 7c29e7e612..5e3484e2bc 100644 --- a/src/lib/libcrypto/ec/ecp_oct.c +++ b/src/lib/libcrypto/ec/ecp_oct.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ecp_oct.c,v 1.16 2022/11/19 07:29:29 tb Exp $ */	1	/* $OpenBSD: ecp_oct.c,v 1.17 2022/11/24 16:34:13 tb Exp $ */
2	/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>	2	/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
3	* for the OpenSSL project.	3	* for the OpenSSL project.
4	* Includes code written by Bodo Moeller for the OpenSSL project.	4	* Includes code written by Bodo Moeller for the OpenSSL project.
@@ -162,20 +162,7 @@ ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
162	}	162	}
163	if (y_bit != BN_is_odd(y)) {	163	if (y_bit != BN_is_odd(y)) {
164	if (BN_is_zero(y)) {	164	if (BN_is_zero(y)) {
165	int kron;	165	ECerror(EC_R_INVALID_COMPRESSION_BIT);
166
167	kron = BN_kronecker(x, &group->field, ctx);
168	if (kron == -2)
169	goto err;
170
171	if (kron == 1)
172	ECerror(EC_R_INVALID_COMPRESSION_BIT);
173	else
174	/*
175	* BN_mod_sqrt() should have cought this
176	* error (not a square)
177	*/
178	ECerror(EC_R_INVALID_COMPRESSED_POINT);
179	goto err;	166	goto err;
180	}	167	}
181	if (!BN_usub(y, &group->field, y))	168	if (!BN_usub(y, &group->field, y))