diff options
Diffstat (limited to 'src/lib/libcrypto/ec/ecp_nistp256.c')
| -rw-r--r-- | src/lib/libcrypto/ec/ecp_nistp256.c | 30 |
1 files changed, 13 insertions, 17 deletions
diff --git a/src/lib/libcrypto/ec/ecp_nistp256.c b/src/lib/libcrypto/ec/ecp_nistp256.c index be1d2a5402..4771a92efd 100644 --- a/src/lib/libcrypto/ec/ecp_nistp256.c +++ b/src/lib/libcrypto/ec/ecp_nistp256.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ecp_nistp256.c,v 1.16 2015/09/10 15:56:25 jsing Exp $ */ | 1 | /* $OpenBSD: ecp_nistp256.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Written by Adam Langley (Google) for the OpenSSL project | 3 | * Written by Adam Langley (Google) for the OpenSSL project |
| 4 | */ | 4 | */ |
| @@ -156,11 +156,11 @@ BN_to_felem(felem out, const BIGNUM * bn) | |||
| 156 | memset(b_out, 0, sizeof b_out); | 156 | memset(b_out, 0, sizeof b_out); |
| 157 | num_bytes = BN_num_bytes(bn); | 157 | num_bytes = BN_num_bytes(bn); |
| 158 | if (num_bytes > sizeof b_out) { | 158 | if (num_bytes > sizeof b_out) { |
| 159 | ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); | 159 | ECerror(EC_R_BIGNUM_OUT_OF_RANGE); |
| 160 | return 0; | 160 | return 0; |
| 161 | } | 161 | } |
| 162 | if (BN_is_negative(bn)) { | 162 | if (BN_is_negative(bn)) { |
| 163 | ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); | 163 | ECerror(EC_R_BIGNUM_OUT_OF_RANGE); |
| 164 | return 0; | 164 | return 0; |
| 165 | } | 165 | } |
| 166 | num_bytes = BN_bn2bin(bn, b_in); | 166 | num_bytes = BN_bn2bin(bn, b_in); |
| @@ -1740,7 +1740,7 @@ nistp256_pre_comp_new() | |||
| 1740 | NISTP256_PRE_COMP *ret = NULL; | 1740 | NISTP256_PRE_COMP *ret = NULL; |
| 1741 | ret = malloc(sizeof *ret); | 1741 | ret = malloc(sizeof *ret); |
| 1742 | if (!ret) { | 1742 | if (!ret) { |
| 1743 | ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); | 1743 | ECerror(ERR_R_MALLOC_FAILURE); |
| 1744 | return ret; | 1744 | return ret; |
| 1745 | } | 1745 | } |
| 1746 | memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp)); | 1746 | memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp)); |
| @@ -1826,8 +1826,7 @@ ec_GFp_nistp256_group_set_curve(EC_GROUP * group, const BIGNUM * p, | |||
| 1826 | BN_bin2bn(nistp256_curve_params[2], sizeof(felem_bytearray), curve_b); | 1826 | BN_bin2bn(nistp256_curve_params[2], sizeof(felem_bytearray), curve_b); |
| 1827 | if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || | 1827 | if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || |
| 1828 | (BN_cmp(curve_b, b))) { | 1828 | (BN_cmp(curve_b, b))) { |
| 1829 | ECerr(EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE, | 1829 | ECerror(EC_R_WRONG_CURVE_PARAMETERS); |
| 1830 | EC_R_WRONG_CURVE_PARAMETERS); | ||
| 1831 | goto err; | 1830 | goto err; |
| 1832 | } | 1831 | } |
| 1833 | group->field_mod_func = BN_nist_mod_256; | 1832 | group->field_mod_func = BN_nist_mod_256; |
| @@ -1849,8 +1848,7 @@ ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP * group, | |||
| 1849 | longfelem tmp; | 1848 | longfelem tmp; |
| 1850 | 1849 | ||
| 1851 | if (EC_POINT_is_at_infinity(group, point) > 0) { | 1850 | if (EC_POINT_is_at_infinity(group, point) > 0) { |
| 1852 | ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES, | 1851 | ECerror(EC_R_POINT_AT_INFINITY); |
| 1853 | EC_R_POINT_AT_INFINITY); | ||
| 1854 | return 0; | 1852 | return 0; |
| 1855 | } | 1853 | } |
| 1856 | if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) || | 1854 | if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) || |
| @@ -1864,8 +1862,7 @@ ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP * group, | |||
| 1864 | felem_contract(x_out, x_in); | 1862 | felem_contract(x_out, x_in); |
| 1865 | if (x != NULL) { | 1863 | if (x != NULL) { |
| 1866 | if (!smallfelem_to_BN(x, x_out)) { | 1864 | if (!smallfelem_to_BN(x, x_out)) { |
| 1867 | ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES, | 1865 | ECerror(ERR_R_BN_LIB); |
| 1868 | ERR_R_BN_LIB); | ||
| 1869 | return 0; | 1866 | return 0; |
| 1870 | } | 1867 | } |
| 1871 | } | 1868 | } |
| @@ -1876,8 +1873,7 @@ ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP * group, | |||
| 1876 | felem_contract(y_out, y_in); | 1873 | felem_contract(y_out, y_in); |
| 1877 | if (y != NULL) { | 1874 | if (y != NULL) { |
| 1878 | if (!smallfelem_to_BN(y, y_out)) { | 1875 | if (!smallfelem_to_BN(y, y_out)) { |
| 1879 | ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES, | 1876 | ECerror(ERR_R_BN_LIB); |
| 1880 | ERR_R_BN_LIB); | ||
| 1881 | return 0; | 1877 | return 0; |
| 1882 | } | 1878 | } |
| 1883 | } | 1879 | } |
| @@ -1960,7 +1956,7 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r, | |||
| 1960 | if (!smallfelem_to_BN(x, g_pre_comp[0][1][0]) || | 1956 | if (!smallfelem_to_BN(x, g_pre_comp[0][1][0]) || |
| 1961 | !smallfelem_to_BN(y, g_pre_comp[0][1][1]) || | 1957 | !smallfelem_to_BN(y, g_pre_comp[0][1][1]) || |
| 1962 | !smallfelem_to_BN(z, g_pre_comp[0][1][2])) { | 1958 | !smallfelem_to_BN(z, g_pre_comp[0][1][2])) { |
| 1963 | ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); | 1959 | ECerror(ERR_R_BN_LIB); |
| 1964 | goto err; | 1960 | goto err; |
| 1965 | } | 1961 | } |
| 1966 | if (!EC_POINT_set_Jprojective_coordinates_GFp(group, | 1962 | if (!EC_POINT_set_Jprojective_coordinates_GFp(group, |
| @@ -1993,7 +1989,7 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r, | |||
| 1993 | (num_points * 17 + 1), sizeof(smallfelem)); | 1989 | (num_points * 17 + 1), sizeof(smallfelem)); |
| 1994 | } | 1990 | } |
| 1995 | if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_smallfelems == NULL))) { | 1991 | if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_smallfelems == NULL))) { |
| 1996 | ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_MALLOC_FAILURE); | 1992 | ECerror(ERR_R_MALLOC_FAILURE); |
| 1997 | goto err; | 1993 | goto err; |
| 1998 | } | 1994 | } |
| 1999 | /* | 1995 | /* |
| @@ -2024,7 +2020,7 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r, | |||
| 2024 | * don't guarantee constant-timeness | 2020 | * don't guarantee constant-timeness |
| 2025 | */ | 2021 | */ |
| 2026 | if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { | 2022 | if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { |
| 2027 | ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); | 2023 | ECerror(ERR_R_BN_LIB); |
| 2028 | goto err; | 2024 | goto err; |
| 2029 | } | 2025 | } |
| 2030 | num_bytes = BN_bn2bin(tmp_scalar, tmp); | 2026 | num_bytes = BN_bn2bin(tmp_scalar, tmp); |
| @@ -2066,7 +2062,7 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r, | |||
| 2066 | * constant-timeness | 2062 | * constant-timeness |
| 2067 | */ | 2063 | */ |
| 2068 | if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { | 2064 | if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { |
| 2069 | ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); | 2065 | ECerror(ERR_R_BN_LIB); |
| 2070 | goto err; | 2066 | goto err; |
| 2071 | } | 2067 | } |
| 2072 | num_bytes = BN_bn2bin(tmp_scalar, tmp); | 2068 | num_bytes = BN_bn2bin(tmp_scalar, tmp); |
| @@ -2090,7 +2086,7 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r, | |||
| 2090 | felem_contract(z_in, z_out); | 2086 | felem_contract(z_in, z_out); |
| 2091 | if ((!smallfelem_to_BN(x, x_in)) || (!smallfelem_to_BN(y, y_in)) || | 2087 | if ((!smallfelem_to_BN(x, x_in)) || (!smallfelem_to_BN(y, y_in)) || |
| 2092 | (!smallfelem_to_BN(z, z_in))) { | 2088 | (!smallfelem_to_BN(z, z_in))) { |
| 2093 | ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); | 2089 | ECerror(ERR_R_BN_LIB); |
| 2094 | goto err; | 2090 | goto err; |
| 2095 | } | 2091 | } |
| 2096 | ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx); | 2092 | ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx); |