[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Andy Polyakov]

The branch OpenSSL_1_0_2-stable has been updated
       via  a8a9745257a5071b03d06b82d4b05cabb38d9718 (commit)
      from  7ccc506b56c3f20f08565b5aff268cb2f3bd046d (commit)


- Log -----------------------------------------------------------------
commit a8a9745257a5071b03d06b82d4b05cabb38d9718
Author: Andy Polyakov <appro at openssl.org>
Date:   Sun Jul 22 16:28:20 2018 +0200

    ec/ecp_nistz256.c: fix ecp_nistz256_set_from_affine.
    
    ecp_nistz256_set_from_affine is called when application attempts to use
    custom generator, i.e. rarely. Even though it was wrong, it didn't
    affect point operations, they were just not as fast as expected.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6761)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/ecp_nistz256.c | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c
index 9a53a39..0579cac 100644
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -1118,23 +1118,32 @@ static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group,
                                         const P256_POINT_AFFINE *in,
                                         BN_CTX *ctx)
 {
-    BIGNUM x, y;
-    BN_ULONG d_x[P256_LIMBS], d_y[P256_LIMBS];
+    BIGNUM x, y, z;
     int ret = 0;
 
-    memcpy(d_x, in->X, sizeof(d_x));
-    x.d = d_x;
+    /*
+     * |const| qualifier omission is compensated by BN_FLG_STATIC_DATA
+     * flag, which effectively means "read-only data".
+     */
+    x.d = (BN_ULONG *)in->X;
     x.dmax = x.top = P256_LIMBS;
     x.neg = 0;
     x.flags = BN_FLG_STATIC_DATA;
 
-    memcpy(d_y, in->Y, sizeof(d_y));
-    y.d = d_y;
+    y.d = (BN_ULONG *)in->Y;
     y.dmax = y.top = P256_LIMBS;
     y.neg = 0;
     y.flags = BN_FLG_STATIC_DATA;
 
-    ret = EC_POINT_set_affine_coordinates_GFp(group, out, &x, &y, ctx);
+    z.d = (BN_ULONG *)ONE;
+    z.dmax = z.top = P256_LIMBS;
+    z.neg = 0;
+    z.flags = BN_FLG_STATIC_DATA;
+
+    if ((ret = (BN_copy(&out->X, &x) != NULL))
+        && (ret = (BN_copy(&out->Y, &y) != NULL))
+        && (ret = (BN_copy(&out->Z, &z) != NULL)))
+        out->Z_is_one = 1;
 
     return ret;
 }