[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Fri Jan 29 13:11:58 UTC 2016 

The branch master has been updated
       via  8ce4e7e605577cb5818de068e2c6da60901cddba (commit)
       via  615614c8862fb89dcf1551a4e113be0789dddf5f (commit)
      from  f5a12207eccfd814bde68b880a96910dfa25f164 (commit)


- Log -----------------------------------------------------------------
commit 8ce4e7e605577cb5818de068e2c6da60901cddba
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Nov 4 22:54:29 2015 +0000

    Add have_precompute_mult tests
    
    Add tests for have_precompute_mult for the optimised curves (nistp224,
    nistp256 and nistp521) if present
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit 615614c8862fb89dcf1551a4e113be0789dddf5f
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Nov 4 17:30:22 2015 +0000

    Fix bug in nistp224/256/521 where have_precompute_mult always returns 0
    
    During precomputation if the group given is well known then we memcpy a
    well known precomputation. However we go the wrong label in the code and
    don't store the data properly. Consequently if we call have_precompute_mult
    the data isn't there and we return 0.
    
    RT#3600
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/ecp_nistp224.c | 4 ++--
 crypto/ec/ecp_nistp256.c | 4 ++--
 crypto/ec/ecp_nistp521.c | 4 ++--
 test/ectest.c            | 9 +++++++++
 4 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c
index 42cf535..173ef5f 100644
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
@@ -1582,8 +1582,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
      */
     if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
         memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
-        ret = 1;
-        goto err;
+        goto done;
     }
     if ((!BN_to_felem(pre->g_pre_comp[0][1][0], group->generator->X)) ||
         (!BN_to_felem(pre->g_pre_comp[0][1][1], group->generator->Y)) ||
@@ -1661,6 +1660,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     }
     make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_felems);
 
+ done:
     SETPRECOMP(group, nistp224, pre);
     pre = NULL;
     ret = 1;
diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c
index 4e2f237..2bd792c 100644
--- a/crypto/ec/ecp_nistp256.c
+++ b/crypto/ec/ecp_nistp256.c
@@ -2207,8 +2207,7 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
      */
     if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
         memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
-        ret = 1;
-        goto err;
+        goto done;
     }
     if ((!BN_to_felem(x_tmp, group->generator->X)) ||
         (!BN_to_felem(y_tmp, group->generator->Y)) ||
@@ -2295,6 +2294,7 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     }
     make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_smallfelems);
 
+ done:
     SETPRECOMP(group, nistp256, pre);
     pre = NULL;
     ret = 1;
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
index 3122f3f..04c3f08 100644
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -2031,8 +2031,7 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
      */
     if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
         memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
-        ret = 1;
-        goto err;
+        goto done;
     }
     if ((!BN_to_felem(pre->g_pre_comp[1][0], group->generator->X)) ||
         (!BN_to_felem(pre->g_pre_comp[1][1], group->generator->Y)) ||
@@ -2090,6 +2089,7 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     }
     make_points_affine(15, &(pre->g_pre_comp[1]), tmp_felems);
 
+ done:
     SETPRECOMP(group, nistp521, pre);
     ret = 1;
     pre = NULL;
diff --git a/test/ectest.c b/test/ectest.c
index f17b8b0..674e593 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -1592,9 +1592,18 @@ static void nistp_single_test(const struct nistp_test_params *test)
     if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
         ABORT;
 
+    /*
+     * We have not performed precomputation so have_precompute mult should be
+     * false
+     */
+    if (EC_GROUP_have_precompute_mult(NISTP))
+        ABORT;
+
     /* now repeat all tests with precomputation */
     if (!EC_GROUP_precompute_mult(NISTP, ctx))
         ABORT;
+    if (!EC_GROUP_have_precompute_mult(NISTP))
+        ABORT;
 
     /* fixed point multiplication */
     EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);

More information about the openssl-commits mailing list