[openssl] OpenSSL_1_1_1-stable update
nic.tuv at gmail.com
nic.tuv at gmail.com
Wed Apr 1 16:03:28 UTC 2020
The branch OpenSSL_1_1_1-stable has been updated
via d0771a9fdb93bdff992a079f596829139b8b12c0 (commit)
via 3c61ea367179ebaca8b448367b08c460c9d07120 (commit)
from ce843e36d65e22e5681e8b81301f1ebd045c3109 (commit)
- Log -----------------------------------------------------------------
commit d0771a9fdb93bdff992a079f596829139b8b12c0
Author: Billy Brumley <bbrumley at gmail.com>
Date: Sat Mar 28 20:35:43 2020 +0200
[crypto/ec] Ladder tweaks
- Convert to affine coords on ladder entry. This lets us use more efficient
ladder step formulae.
- Convert to affine coords on ladder exit. This prevents the current code
awkwardness where conversion happens twice during serialization: first to
fetch the buffer size, then again to fetch the coords.
- Instead of projectively blinding the input point, blind both accumulators
independently.
(cherry picked from commit a4a93bbfb0e679eaa249f77c7c4e7e823ca870ef)
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11435)
commit 3c61ea367179ebaca8b448367b08c460c9d07120
Author: Billy Brumley <bbrumley at gmail.com>
Date: Sun Mar 29 10:38:37 2020 +0300
[test] Make sm2_internal_test less fragile to changes in the ec module
Since these are KATs, the trailing randomness consumed by the ec module
does not really matter. So make the fake random buffer circular.
(cherry picked from commit 09736245b174a37abb87fb7ceb55462d940ff2bb)
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11435)
-----------------------------------------------------------------------
Summary of changes:
crypto/ec/ec_mult.c | 15 +--
crypto/ec/ecp_smpl.c | 265 ++++++++++++++++++++++++++---------------------
test/sm2_internal_test.c | 19 ++--
3 files changed, 159 insertions(+), 140 deletions(-)
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index 7980a67282..d9b18b82de 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -260,17 +260,10 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
goto err;
}
- /*-
- * Apply coordinate blinding for EC_POINT.
- *
- * The underlying EC_METHOD can optionally implement this function:
- * ec_point_blind_coordinates() returns 0 in case of errors or 1 on
- * success or if coordinate blinding is not implemented for this
- * group.
- */
- if (!ec_point_blind_coordinates(group, p, ctx)) {
- ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_POINT_COORDINATES_BLIND_FAILURE);
- goto err;
+ /* ensure input point is in affine coords for ladder step efficiency */
+ if (!p->Z_is_one && !EC_POINT_make_affine(group, p, ctx)) {
+ ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);
+ goto err;
}
/* Initialize the Montgomery ladder */
diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
index b354bfe9ce..cb9be38fc1 100644
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
@@ -1372,6 +1372,7 @@ int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
* Computes the multiplicative inverse of a in GF(p), storing the result in r.
* If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error.
* Since we don't have a Mont structure here, SCA hardening is with blinding.
+ * NB: "a" must be in _decoded_ form. (i.e. field_decode must precede.)
*/
int ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
BN_CTX *ctx)
@@ -1466,77 +1467,96 @@ int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
}
/*-
- * Set s := p, r := 2p.
+ * Input:
+ * - p: affine coordinates
+ *
+ * Output:
+ * - s := p, r := 2p: blinded projective (homogeneous) coordinates
*
* For doubling we use Formula 3 from Izu-Takagi "A fast parallel elliptic curve
- * multiplication resistant against side channel attacks" appendix, as described
- * at
+ * multiplication resistant against side channel attacks" appendix, described at
* https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#doubling-dbl-2002-it-2
+ * simplified for Z1=1.
*
- * The input point p will be in randomized Jacobian projective coords:
- * x = X/Z**2, y=Y/Z**3
- *
- * The output points p, s, and r are converted to standard (homogeneous)
- * projective coords:
- * x = X/Z, y=Y/Z
+ * Blinding uses the equivalence relation (\lambda X, \lambda Y, \lambda Z)
+ * for any non-zero \lambda that holds for projective (homogeneous) coords.
*/
int ec_GFp_simple_ladder_pre(const EC_GROUP *group,
EC_POINT *r, EC_POINT *s,
EC_POINT *p, BN_CTX *ctx)
{
- BIGNUM *t1, *t2, *t3, *t4, *t5, *t6 = NULL;
+ BIGNUM *t1, *t2, *t3, *t4, *t5 = NULL;
- t1 = r->Z;
- t2 = r->Y;
+ t1 = s->Z;
+ t2 = r->Z;
t3 = s->X;
t4 = r->X;
t5 = s->Y;
- t6 = s->Z;
-
- /* convert p: (X,Y,Z) -> (XZ,Y,Z**3) */
- if (!group->meth->field_mul(group, p->X, p->X, p->Z, ctx)
- || !group->meth->field_sqr(group, t1, p->Z, ctx)
- || !group->meth->field_mul(group, p->Z, p->Z, t1, ctx)
- /* r := 2p */
- || !group->meth->field_sqr(group, t2, p->X, ctx)
- || !group->meth->field_sqr(group, t3, p->Z, ctx)
- || !group->meth->field_mul(group, t4, t3, group->a, ctx)
- || !BN_mod_sub_quick(t5, t2, t4, group->field)
- || !BN_mod_add_quick(t2, t2, t4, group->field)
- || !group->meth->field_sqr(group, t5, t5, ctx)
- || !group->meth->field_mul(group, t6, t3, group->b, ctx)
- || !group->meth->field_mul(group, t1, p->X, p->Z, ctx)
- || !group->meth->field_mul(group, t4, t1, t6, ctx)
- || !BN_mod_lshift_quick(t4, t4, 3, group->field)
+
+ if (!p->Z_is_one /* r := 2p */
+ || !group->meth->field_sqr(group, t3, p->X, ctx)
+ || !BN_mod_sub_quick(t4, t3, group->a, group->field)
+ || !group->meth->field_sqr(group, t4, t4, ctx)
+ || !group->meth->field_mul(group, t5, p->X, group->b, ctx)
+ || !BN_mod_lshift_quick(t5, t5, 3, group->field)
/* r->X coord output */
- || !BN_mod_sub_quick(r->X, t5, t4, group->field)
- || !group->meth->field_mul(group, t1, t1, t2, ctx)
- || !group->meth->field_mul(group, t2, t3, t6, ctx)
- || !BN_mod_add_quick(t1, t1, t2, group->field)
+ || !BN_mod_sub_quick(r->X, t4, t5, group->field)
+ || !BN_mod_add_quick(t1, t3, group->a, group->field)
+ || !group->meth->field_mul(group, t2, p->X, t1, ctx)
+ || !BN_mod_add_quick(t2, group->b, t2, group->field)
/* r->Z coord output */
- || !BN_mod_lshift_quick(r->Z, t1, 2, group->field)
- || !EC_POINT_copy(s, p))
+ || !BN_mod_lshift_quick(r->Z, t2, 2, group->field))
+ return 0;
+
+ /* make sure lambda (r->Y here for storage) is not zero */
+ do {
+ if (!BN_priv_rand_range(r->Y, group->field))
+ return 0;
+ } while (BN_is_zero(r->Y));
+
+ /* make sure lambda (s->Z here for storage) is not zero */
+ do {
+ if (!BN_priv_rand_range(s->Z, group->field))
+ return 0;
+ } while (BN_is_zero(s->Z));
+
+ /* if field_encode defined convert between representations */
+ if (group->meth->field_encode != NULL
+ && (!group->meth->field_encode(group, r->Y, r->Y, ctx)
+ || !group->meth->field_encode(group, s->Z, s->Z, ctx)))
+ return 0;
+
+ /* blind r and s independently */
+ if (!group->meth->field_mul(group, r->Z, r->Z, r->Y, ctx)
+ || !group->meth->field_mul(group, r->X, r->X, r->Y, ctx)
+ || !group->meth->field_mul(group, s->X, p->X, s->Z, ctx)) /* s := p */
return 0;
r->Z_is_one = 0;
s->Z_is_one = 0;
- p->Z_is_one = 0;
return 1;
}
/*-
- * Differential addition-and-doubling using Eq. (9) and (10) from Izu-Takagi
+ * Input:
+ * - s, r: projective (homogeneous) coordinates
+ * - p: affine coordinates
+ *
+ * Output:
+ * - s := r + s, r := 2r: projective (homogeneous) coordinates
+ *
+ * Differential addition-and-doubling using Eq. (9) and (10) from Izu-Takagi
* "A fast parallel elliptic curve multiplication resistant against side channel
* attacks", as described at
- * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-ladd-2002-it-4
+ * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-mladd-2002-it-4
*/
int ec_GFp_simple_ladder_step(const EC_GROUP *group,
EC_POINT *r, EC_POINT *s,
EC_POINT *p, BN_CTX *ctx)
{
int ret = 0;
- BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6, *t7 = NULL;
+ BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL;
BN_CTX_start(ctx);
t0 = BN_CTX_get(ctx);
@@ -1546,50 +1566,47 @@ int ec_GFp_simple_ladder_step(const EC_GROUP *group,
t4 = BN_CTX_get(ctx);
t5 = BN_CTX_get(ctx);
t6 = BN_CTX_get(ctx);
- t7 = BN_CTX_get(ctx);
- if (t7 == NULL
- || !group->meth->field_mul(group, t0, r->X, s->X, ctx)
- || !group->meth->field_mul(group, t1, r->Z, s->Z, ctx)
- || !group->meth->field_mul(group, t2, r->X, s->Z, ctx)
+ if (t6 == NULL
+ || !group->meth->field_mul(group, t6, r->X, s->X, ctx)
+ || !group->meth->field_mul(group, t0, r->Z, s->Z, ctx)
+ || !group->meth->field_mul(group, t4, r->X, s->Z, ctx)
|| !group->meth->field_mul(group, t3, r->Z, s->X, ctx)
- || !group->meth->field_mul(group, t4, group->a, t1, ctx)
- || !BN_mod_add_quick(t0, t0, t4, group->field)
- || !BN_mod_add_quick(t4, t3, t2, group->field)
- || !group->meth->field_mul(group, t0, t4, t0, ctx)
- || !group->meth->field_sqr(group, t1, t1, ctx)
- || !BN_mod_lshift_quick(t7, group->b, 2, group->field)
- || !group->meth->field_mul(group, t1, t7, t1, ctx)
- || !BN_mod_lshift1_quick(t0, t0, group->field)
- || !BN_mod_add_quick(t0, t1, t0, group->field)
- || !BN_mod_sub_quick(t1, t2, t3, group->field)
- || !group->meth->field_sqr(group, t1, t1, ctx)
- || !group->meth->field_mul(group, t3, t1, p->X, ctx)
- || !group->meth->field_mul(group, t0, p->Z, t0, ctx)
- /* s->X coord output */
- || !BN_mod_sub_quick(s->X, t0, t3, group->field)
- /* s->Z coord output */
- || !group->meth->field_mul(group, s->Z, p->Z, t1, ctx)
- || !group->meth->field_sqr(group, t3, r->X, ctx)
- || !group->meth->field_sqr(group, t2, r->Z, ctx)
- || !group->meth->field_mul(group, t4, t2, group->a, ctx)
- || !BN_mod_add_quick(t5, r->X, r->Z, group->field)
- || !group->meth->field_sqr(group, t5, t5, ctx)
- || !BN_mod_sub_quick(t5, t5, t3, group->field)
- || !BN_mod_sub_quick(t5, t5, t2, group->field)
- || !BN_mod_sub_quick(t6, t3, t4, group->field)
- || !group->meth->field_sqr(group, t6, t6, ctx)
- || !group->meth->field_mul(group, t0, t2, t5, ctx)
- || !group->meth->field_mul(group, t0, t7, t0, ctx)
- /* r->X coord output */
- || !BN_mod_sub_quick(r->X, t6, t0, group->field)
+ || !group->meth->field_mul(group, t5, group->a, t0, ctx)
+ || !BN_mod_add_quick(t5, t6, t5, group->field)
|| !BN_mod_add_quick(t6, t3, t4, group->field)
- || !group->meth->field_sqr(group, t3, t2, ctx)
- || !group->meth->field_mul(group, t7, t3, t7, ctx)
- || !group->meth->field_mul(group, t5, t5, t6, ctx)
+ || !group->meth->field_mul(group, t5, t6, t5, ctx)
+ || !group->meth->field_sqr(group, t0, t0, ctx)
+ || !BN_mod_lshift_quick(t2, group->b, 2, group->field)
+ || !group->meth->field_mul(group, t0, t2, t0, ctx)
|| !BN_mod_lshift1_quick(t5, t5, group->field)
+ || !BN_mod_sub_quick(t3, t4, t3, group->field)
+ /* s->Z coord output */
+ || !group->meth->field_sqr(group, s->Z, t3, ctx)
+ || !group->meth->field_mul(group, t4, s->Z, p->X, ctx)
+ || !BN_mod_add_quick(t0, t0, t5, group->field)
+ /* s->X coord output */
+ || !BN_mod_sub_quick(s->X, t0, t4, group->field)
+ || !group->meth->field_sqr(group, t4, r->X, ctx)
+ || !group->meth->field_sqr(group, t5, r->Z, ctx)
+ || !group->meth->field_mul(group, t6, t5, group->a, ctx)
+ || !BN_mod_add_quick(t1, r->X, r->Z, group->field)
+ || !group->meth->field_sqr(group, t1, t1, ctx)
+ || !BN_mod_sub_quick(t1, t1, t4, group->field)
+ || !BN_mod_sub_quick(t1, t1, t5, group->field)
+ || !BN_mod_sub_quick(t3, t4, t6, group->field)
+ || !group->meth->field_sqr(group, t3, t3, ctx)
+ || !group->meth->field_mul(group, t0, t5, t1, ctx)
+ || !group->meth->field_mul(group, t0, t2, t0, ctx)
+ /* r->X coord output */
+ || !BN_mod_sub_quick(r->X, t3, t0, group->field)
+ || !BN_mod_add_quick(t3, t4, t6, group->field)
+ || !group->meth->field_sqr(group, t4, t5, ctx)
+ || !group->meth->field_mul(group, t4, t4, t2, ctx)
+ || !group->meth->field_mul(group, t1, t1, t3, ctx)
+ || !BN_mod_lshift1_quick(t1, t1, group->field)
/* r->Z coord output */
- || !BN_mod_add_quick(r->Z, t7, t5, group->field))
+ || !BN_mod_add_quick(r->Z, t4, t1, group->field))
goto err;
ret = 1;
@@ -1600,17 +1617,23 @@ int ec_GFp_simple_ladder_step(const EC_GROUP *group,
}
/*-
+ * Input:
+ * - s, r: projective (homogeneous) coordinates
+ * - p: affine coordinates
+ *
+ * Output:
+ * - r := (x,y): affine coordinates
+ *
* Recovers the y-coordinate of r using Eq. (8) from Brier-Joye, "Weierstrass
- * Elliptic Curves and Side-Channel Attacks", modified to work in projective
- * coordinates and return r in Jacobian projective coordinates.
+ * Elliptic Curves and Side-Channel Attacks", modified to work in mixed
+ * projective coords, i.e. p is affine and (r,s) in projective (homogeneous)
+ * coords, and return r in affine coordinates.
*
- * X4 = two*Y1*X2*Z3*Z2*Z1;
- * Y4 = two*b*Z3*SQR(Z2*Z1) + Z3*(a*Z2*Z1+X1*X2)*(X1*Z2+X2*Z1) - X3*SQR(X1*Z2-X2*Z1);
- * Z4 = two*Y1*Z3*SQR(Z2)*Z1;
+ * X4 = two*Y1*X2*Z3*Z2;
+ * Y4 = two*b*Z3*SQR(Z2) + Z3*(a*Z2+X1*X2)*(X1*Z2+X2) - X3*SQR(X1*Z2-X2);
+ * Z4 = two*Y1*Z3*SQR(Z2);
*
* Z4 != 0 because:
- * - Z1==0 implies p is at infinity, which would have caused an early exit in
- * the caller;
* - Z2==0 implies r is at infinity (handled by the BN_is_zero(r->Z) branch);
* - Z3==0 implies s is at infinity (handled by the BN_is_zero(s->Z) branch);
* - Y1==0 implies p has order 2, so either r or s are infinity and handled by
@@ -1627,11 +1650,7 @@ int ec_GFp_simple_ladder_post(const EC_GROUP *group,
return EC_POINT_set_to_infinity(group, r);
if (BN_is_zero(s->Z)) {
- /* (X,Y,Z) -> (XZ,YZ**2,Z) */
- if (!group->meth->field_mul(group, r->X, p->X, p->Z, ctx)
- || !group->meth->field_sqr(group, r->Z, p->Z, ctx)
- || !group->meth->field_mul(group, r->Y, p->Y, r->Z, ctx)
- || !BN_copy(r->Z, p->Z)
+ if (!EC_POINT_copy(r, p)
|| !EC_POINT_invert(group, r, ctx))
return 0;
return 1;
@@ -1647,38 +1666,46 @@ int ec_GFp_simple_ladder_post(const EC_GROUP *group,
t6 = BN_CTX_get(ctx);
if (t6 == NULL
- || !BN_mod_lshift1_quick(t0, p->Y, group->field)
- || !group->meth->field_mul(group, t1, r->X, p->Z, ctx)
- || !group->meth->field_mul(group, t2, r->Z, s->Z, ctx)
- || !group->meth->field_mul(group, t2, t1, t2, ctx)
- || !group->meth->field_mul(group, t3, t2, t0, ctx)
- || !group->meth->field_mul(group, t2, r->Z, p->Z, ctx)
- || !group->meth->field_sqr(group, t4, t2, ctx)
- || !BN_mod_lshift1_quick(t5, group->b, group->field)
- || !group->meth->field_mul(group, t4, t4, t5, ctx)
- || !group->meth->field_mul(group, t6, t2, group->a, ctx)
- || !group->meth->field_mul(group, t5, r->X, p->X, ctx)
- || !BN_mod_add_quick(t5, t6, t5, group->field)
- || !group->meth->field_mul(group, t6, r->Z, p->X, ctx)
- || !BN_mod_add_quick(t2, t6, t1, group->field)
- || !group->meth->field_mul(group, t5, t5, t2, ctx)
- || !BN_mod_sub_quick(t6, t6, t1, group->field)
- || !group->meth->field_sqr(group, t6, t6, ctx)
- || !group->meth->field_mul(group, t6, t6, s->X, ctx)
- || !BN_mod_add_quick(t4, t5, t4, group->field)
- || !group->meth->field_mul(group, t4, t4, s->Z, ctx)
- || !BN_mod_sub_quick(t4, t4, t6, group->field)
- || !group->meth->field_sqr(group, t5, r->Z, ctx)
- || !group->meth->field_mul(group, r->Z, p->Z, s->Z, ctx)
- || !group->meth->field_mul(group, r->Z, t5, r->Z, ctx)
- || !group->meth->field_mul(group, r->Z, r->Z, t0, ctx)
- /* t3 := X, t4 := Y */
- /* (X,Y,Z) -> (XZ,YZ**2,Z) */
- || !group->meth->field_mul(group, r->X, t3, r->Z, ctx)
+ || !BN_mod_lshift1_quick(t4, p->Y, group->field)
+ || !group->meth->field_mul(group, t6, r->X, t4, ctx)
+ || !group->meth->field_mul(group, t6, s->Z, t6, ctx)
+ || !group->meth->field_mul(group, t5, r->Z, t6, ctx)
+ || !BN_mod_lshift1_quick(t1, group->b, group->field)
+ || !group->meth->field_mul(group, t1, s->Z, t1, ctx)
|| !group->meth->field_sqr(group, t3, r->Z, ctx)
- || !group->meth->field_mul(group, r->Y, t4, t3, ctx))
+ || !group->meth->field_mul(group, t2, t3, t1, ctx)
+ || !group->meth->field_mul(group, t6, r->Z, group->a, ctx)
+ || !group->meth->field_mul(group, t1, p->X, r->X, ctx)
+ || !BN_mod_add_quick(t1, t1, t6, group->field)
+ || !group->meth->field_mul(group, t1, s->Z, t1, ctx)
+ || !group->meth->field_mul(group, t0, p->X, r->Z, ctx)
+ || !BN_mod_add_quick(t6, r->X, t0, group->field)
+ || !group->meth->field_mul(group, t6, t6, t1, ctx)
+ || !BN_mod_add_quick(t6, t6, t2, group->field)
+ || !BN_mod_sub_quick(t0, t0, r->X, group->field)
+ || !group->meth->field_sqr(group, t0, t0, ctx)
+ || !group->meth->field_mul(group, t0, t0, s->X, ctx)
+ || !BN_mod_sub_quick(t0, t6, t0, group->field)
+ || !group->meth->field_mul(group, t1, s->Z, t4, ctx)
+ || !group->meth->field_mul(group, t1, t3, t1, ctx)
+ || (group->meth->field_decode != NULL
+ && !group->meth->field_decode(group, t1, t1, ctx))
+ || !group->meth->field_inv(group, t1, t1, ctx)
+ || (group->meth->field_encode != NULL
+ && !group->meth->field_encode(group, t1, t1, ctx))
+ || !group->meth->field_mul(group, r->X, t5, t1, ctx)
+ || !group->meth->field_mul(group, r->Y, t0, t1, ctx))
goto err;
+ if (group->meth->field_set_to_one != NULL) {
+ if (!group->meth->field_set_to_one(group, r->Z, ctx))
+ goto err;
+ } else {
+ if (!BN_one(r->Z))
+ goto err;
+ }
+
+ r->Z_is_one = 1;
ret = 1;
err:
diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c
index 952f688e8b..f7e4e38d03 100644
--- a/test/sm2_internal_test.c
+++ b/test/sm2_internal_test.c
@@ -32,17 +32,18 @@ static size_t fake_rand_size = 0;
static int get_faked_bytes(unsigned char *buf, int num)
{
- int i;
-
if (fake_rand_bytes == NULL)
return saved_rand->bytes(buf, num);
- if (!TEST_size_t_le(fake_rand_bytes_offset + num, fake_rand_size))
+ if (!TEST_size_t_gt(fake_rand_size, 0))
return 0;
- for (i = 0; i != num; ++i)
- buf[i] = fake_rand_bytes[fake_rand_bytes_offset + i];
- fake_rand_bytes_offset += num;
+ while (num-- > 0) {
+ if (fake_rand_bytes_offset >= fake_rand_size)
+ fake_rand_bytes_offset = 0;
+ *buf++ = fake_rand_bytes[fake_rand_bytes_offset++];
+ }
+
return 1;
}
@@ -175,8 +176,7 @@ static int test_sm2_crypt(const EC_GROUP *group,
start_fake_rand(k_hex);
if (!TEST_true(sm2_encrypt(key, digest, (const uint8_t *)message, msg_len,
- ctext, &ctext_len))
- || !TEST_size_t_eq(fake_rand_bytes_offset, fake_rand_size)) {
+ ctext, &ctext_len))) {
restore_rand();
goto done;
}
@@ -296,8 +296,7 @@ static int test_sm2_sign(const EC_GROUP *group,
start_fake_rand(k_hex);
sig = sm2_do_sign(key, EVP_sm3(), (const uint8_t *)userid, strlen(userid),
(const uint8_t *)message, msg_len);
- if (!TEST_ptr(sig)
- || !TEST_size_t_eq(fake_rand_bytes_offset, fake_rand_size)) {
+ if (!TEST_ptr(sig)) {
restore_rand();
goto done;
}
More information about the openssl-commits
mailing list