diff options
Diffstat (limited to 'src/lib/libcrypto/ec/ecp_nistp521.c')
| -rw-r--r-- | src/lib/libcrypto/ec/ecp_nistp521.c | 28 |
1 files changed, 13 insertions, 15 deletions
diff --git a/src/lib/libcrypto/ec/ecp_nistp521.c b/src/lib/libcrypto/ec/ecp_nistp521.c index cfa13b41f8..22bafe392f 100644 --- a/src/lib/libcrypto/ec/ecp_nistp521.c +++ b/src/lib/libcrypto/ec/ecp_nistp521.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ecp_nistp521.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */ | 1 | /* $OpenBSD: ecp_nistp521.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Written by Adam Langley (Google) for the OpenSSL project | 3 | * Written by Adam Langley (Google) for the OpenSSL project |
| 4 | */ | 4 | */ |
| @@ -182,11 +182,11 @@ BN_to_felem(felem out, const BIGNUM * bn) | |||
| 182 | memset(b_out, 0, sizeof b_out); | 182 | memset(b_out, 0, sizeof b_out); |
| 183 | num_bytes = BN_num_bytes(bn); | 183 | num_bytes = BN_num_bytes(bn); |
| 184 | if (num_bytes > sizeof b_out) { | 184 | if (num_bytes > sizeof b_out) { |
| 185 | ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); | 185 | ECerror(EC_R_BIGNUM_OUT_OF_RANGE); |
| 186 | return 0; | 186 | return 0; |
| 187 | } | 187 | } |
| 188 | if (BN_is_negative(bn)) { | 188 | if (BN_is_negative(bn)) { |
| 189 | ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); | 189 | ECerror(EC_R_BIGNUM_OUT_OF_RANGE); |
| 190 | return 0; | 190 | return 0; |
| 191 | } | 191 | } |
| 192 | num_bytes = BN_bn2bin(bn, b_in); | 192 | num_bytes = BN_bn2bin(bn, b_in); |
| @@ -1631,7 +1631,7 @@ nistp521_pre_comp_new() | |||
| 1631 | NISTP521_PRE_COMP *ret = NULL; | 1631 | NISTP521_PRE_COMP *ret = NULL; |
| 1632 | ret = malloc(sizeof(NISTP521_PRE_COMP)); | 1632 | ret = malloc(sizeof(NISTP521_PRE_COMP)); |
| 1633 | if (!ret) { | 1633 | if (!ret) { |
| 1634 | ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); | 1634 | ECerror(ERR_R_MALLOC_FAILURE); |
| 1635 | return ret; | 1635 | return ret; |
| 1636 | } | 1636 | } |
| 1637 | memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp)); | 1637 | memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp)); |
| @@ -1717,8 +1717,7 @@ ec_GFp_nistp521_group_set_curve(EC_GROUP * group, const BIGNUM * p, | |||
| 1717 | BN_bin2bn(nistp521_curve_params[2], sizeof(felem_bytearray), curve_b); | 1717 | BN_bin2bn(nistp521_curve_params[2], sizeof(felem_bytearray), curve_b); |
| 1718 | if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || | 1718 | if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || |
| 1719 | (BN_cmp(curve_b, b))) { | 1719 | (BN_cmp(curve_b, b))) { |
| 1720 | ECerr(EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE, | 1720 | ECerror(EC_R_WRONG_CURVE_PARAMETERS); |
| 1721 | EC_R_WRONG_CURVE_PARAMETERS); | ||
| 1722 | goto err; | 1721 | goto err; |
| 1723 | } | 1722 | } |
| 1724 | group->field_mod_func = BN_nist_mod_521; | 1723 | group->field_mod_func = BN_nist_mod_521; |
| @@ -1739,8 +1738,7 @@ ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP * group, | |||
| 1739 | largefelem tmp; | 1738 | largefelem tmp; |
| 1740 | 1739 | ||
| 1741 | if (EC_POINT_is_at_infinity(group, point) > 0) { | 1740 | if (EC_POINT_is_at_infinity(group, point) > 0) { |
| 1742 | ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, | 1741 | ECerror(EC_R_POINT_AT_INFINITY); |
| 1743 | EC_R_POINT_AT_INFINITY); | ||
| 1744 | return 0; | 1742 | return 0; |
| 1745 | } | 1743 | } |
| 1746 | if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) || | 1744 | if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) || |
| @@ -1754,7 +1752,7 @@ ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP * group, | |||
| 1754 | felem_contract(x_out, x_in); | 1752 | felem_contract(x_out, x_in); |
| 1755 | if (x != NULL) { | 1753 | if (x != NULL) { |
| 1756 | if (!felem_to_BN(x, x_out)) { | 1754 | if (!felem_to_BN(x, x_out)) { |
| 1757 | ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB); | 1755 | ECerror(ERR_R_BN_LIB); |
| 1758 | return 0; | 1756 | return 0; |
| 1759 | } | 1757 | } |
| 1760 | } | 1758 | } |
| @@ -1765,7 +1763,7 @@ ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP * group, | |||
| 1765 | felem_contract(y_out, y_in); | 1763 | felem_contract(y_out, y_in); |
| 1766 | if (y != NULL) { | 1764 | if (y != NULL) { |
| 1767 | if (!felem_to_BN(y, y_out)) { | 1765 | if (!felem_to_BN(y, y_out)) { |
| 1768 | ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB); | 1766 | ECerror(ERR_R_BN_LIB); |
| 1769 | return 0; | 1767 | return 0; |
| 1770 | } | 1768 | } |
| 1771 | } | 1769 | } |
| @@ -1847,7 +1845,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r, | |||
| 1847 | if (!felem_to_BN(x, g_pre_comp[1][0]) || | 1845 | if (!felem_to_BN(x, g_pre_comp[1][0]) || |
| 1848 | !felem_to_BN(y, g_pre_comp[1][1]) || | 1846 | !felem_to_BN(y, g_pre_comp[1][1]) || |
| 1849 | !felem_to_BN(z, g_pre_comp[1][2])) { | 1847 | !felem_to_BN(z, g_pre_comp[1][2])) { |
| 1850 | ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); | 1848 | ECerror(ERR_R_BN_LIB); |
| 1851 | goto err; | 1849 | goto err; |
| 1852 | } | 1850 | } |
| 1853 | if (!EC_POINT_set_Jprojective_coordinates_GFp(group, | 1851 | if (!EC_POINT_set_Jprojective_coordinates_GFp(group, |
| @@ -1880,7 +1878,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r, | |||
| 1880 | (num_points * 17 + 1), sizeof(felem)); | 1878 | (num_points * 17 + 1), sizeof(felem)); |
| 1881 | } | 1879 | } |
| 1882 | if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) { | 1880 | if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) { |
| 1883 | ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_MALLOC_FAILURE); | 1881 | ECerror(ERR_R_MALLOC_FAILURE); |
| 1884 | goto err; | 1882 | goto err; |
| 1885 | } | 1883 | } |
| 1886 | /* | 1884 | /* |
| @@ -1911,7 +1909,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r, | |||
| 1911 | * don't guarantee constant-timeness | 1909 | * don't guarantee constant-timeness |
| 1912 | */ | 1910 | */ |
| 1913 | if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { | 1911 | if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { |
| 1914 | ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); | 1912 | ECerror(ERR_R_BN_LIB); |
| 1915 | goto err; | 1913 | goto err; |
| 1916 | } | 1914 | } |
| 1917 | num_bytes = BN_bn2bin(tmp_scalar, tmp); | 1915 | num_bytes = BN_bn2bin(tmp_scalar, tmp); |
| @@ -1953,7 +1951,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r, | |||
| 1953 | * constant-timeness | 1951 | * constant-timeness |
| 1954 | */ | 1952 | */ |
| 1955 | if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { | 1953 | if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { |
| 1956 | ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); | 1954 | ECerror(ERR_R_BN_LIB); |
| 1957 | goto err; | 1955 | goto err; |
| 1958 | } | 1956 | } |
| 1959 | num_bytes = BN_bn2bin(tmp_scalar, tmp); | 1957 | num_bytes = BN_bn2bin(tmp_scalar, tmp); |
| @@ -1977,7 +1975,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r, | |||
| 1977 | felem_contract(z_in, z_out); | 1975 | felem_contract(z_in, z_out); |
| 1978 | if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) || | 1976 | if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) || |
| 1979 | (!felem_to_BN(z, z_in))) { | 1977 | (!felem_to_BN(z, z_in))) { |
| 1980 | ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); | 1978 | ECerror(ERR_R_BN_LIB); |
| 1981 | goto err; | 1979 | goto err; |
| 1982 | } | 1980 | } |
| 1983 | ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx); | 1981 | ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx); |