[openssl] master update

beldmit at gmail.com beldmit at gmail.com
Tue May 19 13:30:42 UTC 2020


The branch master has been updated
       via  6b4eb933623ed1d1997732b7e6e081b788cfdd22 (commit)
      from  5a5530a29abcf5d7ab7194d73b3807d568b06cbd (commit)


- Log -----------------------------------------------------------------
commit 6b4eb933623ed1d1997732b7e6e081b788cfdd22
Author: Billy Brumley <bbrumley at gmail.com>
Date:   Sun May 17 16:09:00 2020 +0300

    deprecate EC precomputation functionality
    
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/11851)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                |  7 +++++++
 apps/speed.c              |  1 -
 crypto/ec/ec_key.c        |  2 ++
 crypto/ec/ec_lib.c        |  2 ++
 doc/man3/EC_KEY_new.pod   | 12 +++++++++++-
 doc/man3/EC_POINT_add.pod | 14 ++++++++------
 include/openssl/ec.h      |  6 +++---
 test/ectest.c             | 19 ++++++++++---------
 util/libcrypto.num        |  6 +++---
 9 files changed, 46 insertions(+), 23 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index bc4f524186..e5731d0e61 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,13 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+* Deprecated EC_GROUP_precompute_mult(), EC_GROUP_have_precompute_mult(), and
+  EC_KEY_precompute_mult() These functions are not widely used and applications
+  should instead switch to named curves which OpenSSL has hardcoded lookup
+  tables for.
+
+  *Billy Bob Brumley*
+
  * Deprecated EC_POINTs_mul(). This function is not widely used and applications
    should instead use the L<EC_POINT_mul(3)> function.
 
diff --git a/apps/speed.c b/apps/speed.c
index 89251fd2b5..bd05631f30 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -3049,7 +3049,6 @@ int speed_main(int argc, char **argv)
             rsa_count = 1;
         } else {
             for (i = 0; i < loopargs_len; i++) {
-                EC_KEY_precompute_mult(loopargs[i].ecdsa[testnum], NULL);
                 /* Perform ECDSA signature test */
                 EC_KEY_generate_key(loopargs[i].ecdsa[testnum]);
                 st = ECDSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 421e87d9ee..aae3171907 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -781,12 +781,14 @@ void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
         EC_GROUP_set_asn1_flag(key->group, flag);
 }
 
+#ifndef OPENSSL_NO_DEPRECATED_3_0
 int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)
 {
     if (key->group == NULL)
         return 0;
     return EC_GROUP_precompute_mult(key->group, ctx);
 }
+#endif
 
 int EC_KEY_get_flags(const EC_KEY *key)
 {
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index cdeffb4207..40cd9a43ee 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1129,6 +1129,7 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
     return ret;
 }
 
+#ifndef OPENSSL_NO_DEPRECATED_3_0
 int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
 {
     if (group->meth->mul == 0)
@@ -1153,6 +1154,7 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
         return 0;               /* cannot tell whether precomputation has
                                  * been performed */
 }
+#endif
 
 /*
  * ec_precompute_mont_data sets |group->mont_data| from |group->order| and
diff --git a/doc/man3/EC_KEY_new.pod b/doc/man3/EC_KEY_new.pod
index ff4373ea35..e18a3023de 100644
--- a/doc/man3/EC_KEY_new.pod
+++ b/doc/man3/EC_KEY_new.pod
@@ -40,7 +40,6 @@ EC_KEY objects
  point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
  void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
  void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
- int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
  int EC_KEY_generate_key(EC_KEY *key);
  int EC_KEY_check_key(const EC_KEY *key);
  int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y);
@@ -56,6 +55,10 @@ EC_KEY objects
 
  size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
 
+Deprecated since OpenSSL 3.0:
+
+ int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
+
 =head1 DESCRIPTION
 
 An EC_KEY represents a public key and, optionally, the associated private
@@ -136,8 +139,11 @@ EC_KEY_set_asn1_flag() sets the asn1_flag on the underlying EC_GROUP object
 (if set). Refer to L<EC_GROUP_copy(3)> for further information on the
 asn1_flag.
 
+Although deprecated in OpenSSL 3.0 and should no longer be used,
 EC_KEY_precompute_mult() stores multiples of the underlying EC_GROUP generator
 for faster point multiplication. See also L<EC_POINT_add(3)>.
+Modern versions should instead switch to named curves which OpenSSL has
+hardcoded lookup tables for.
 
 EC_KEY_oct2key() and EC_KEY_key2buf() are identical to the functions
 EC_POINT_oct2point() and EC_KEY_point2buf() except they use the public key
@@ -195,6 +201,10 @@ L<EC_GFp_simple_method(3)>,
 L<d2i_ECPKParameters(3)>,
 L<OPENSSL_CTX(3)>
 
+=head1 HISTORY
+
+EC_KEY_precompute_mult() was deprecated in OpenSSL 3.0.
+
 =head1 COPYRIGHT
 
 Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/EC_POINT_add.pod b/doc/man3/EC_POINT_add.pod
index 3ac567f815..2423671bab 100644
--- a/doc/man3/EC_POINT_add.pod
+++ b/doc/man3/EC_POINT_add.pod
@@ -20,13 +20,13 @@ EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_i
                            EC_POINT *points[], BN_CTX *ctx);
  int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
                   const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
- int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
- int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
 
- Deprecated since OpenSSL 3.0:
+Deprecated since OpenSSL 3.0:
 
  int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num,
                    const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
+ int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+ int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
 
 =head1 DESCRIPTION
 
@@ -56,8 +56,9 @@ Modern versions should instead use EC_POINT_mul(), combined (if needed) with EC_
 
 The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst
 EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See L<EC_GROUP_copy(3)> for information
-about the generator.
-
+about the generator. Precomputation functionality was deprecated in OpenSSL 3.0.
+Users of EC_GROUP_precompute_mult() and EC_GROUP_have_precompute_mult() should
+switch to named curves which OpenSSL has hardcoded lookup tables for.
 
 =head1 RETURN VALUES
 
@@ -80,7 +81,8 @@ L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
 
 =head1 HISTORY
 
-EC_POINTs_mul() was deprecated in OpenSSL 3.0.
+EC_POINTs_mul(), EC_GROUP_precompute_mult(), and EC_GROUP_have_precompute_mult()
+were deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 703fc1cd40..f05122b374 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -797,13 +797,13 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
  *  \param  ctx    BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred
  */
-int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+DEPRECATEDIN_3_0(int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx))
 
 /** Reports whether a precomputation has been done
  *  \param  group  EC_GROUP object
  *  \return 1 if a pre-computation has been done and 0 otherwise
  */
-int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
+DEPRECATEDIN_3_0(int EC_GROUP_have_precompute_mult(const EC_GROUP *group))
 
 /********************************************************************/
 /*                       ASN1 stuff                                 */
@@ -991,7 +991,7 @@ void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
  *  \param  ctx  BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred.
  */
-int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
+DEPRECATEDIN_3_0(int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx))
 
 /** Creates a new ec private (and optional a new public) key.
  *  \param  key  EC_KEY object
diff --git a/test/ectest.c b/test/ectest.c
index bbcd9677d5..f4ccdfb4c1 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -9,7 +9,8 @@
  */
 
 /*
- * We need access to the deprecated EC_POINTs_mul for testing purposes
+ * We need access to the deprecated EC_POINTs_mul, EC_GROUP_precompute_mult,
+ * and EC_GROUP_have_precompute_mult for testing purposes
  * when the deprecated calls are not hidden
  */
 #ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -58,7 +59,9 @@ static int group_order_tests(EC_GROUP *group)
     if (!TEST_true(EC_GROUP_get_order(group, order, ctx))
         || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
         || !TEST_true(EC_POINT_is_at_infinity(group, Q))
+# ifndef OPENSSL_NO_DEPRECATED_3_0
         || !TEST_true(EC_GROUP_precompute_mult(group, ctx))
+# endif
         || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
         || !TEST_true(EC_POINT_is_at_infinity(group, Q))
         || !TEST_true(EC_POINT_copy(P, G))
@@ -1388,16 +1391,14 @@ static int nistp_single_test(int idx)
     /* random point multiplication */
     EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
     if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-
-    /*
-     * We have not performed precomputation so have_precompute mult should be
-     * false
-     */
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+        /* We have not performed precomp so this should be false */
         || !TEST_false(EC_GROUP_have_precompute_mult(NISTP))
-
-    /* now repeat all tests with precomputation */
+        /* now repeat all tests with precomputation */
         || !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx))
-        || !TEST_true(EC_GROUP_have_precompute_mult(NISTP)))
+        || !TEST_true(EC_GROUP_have_precompute_mult(NISTP))
+# endif
+        )
         goto err;
 
     /* fixed point multiplication */
diff --git a/util/libcrypto.num b/util/libcrypto.num
index ef0b76b1a9..8882f0480d 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1106,7 +1106,7 @@ EXTENDED_KEY_USAGE_it                   1132	3_0_0	EXIST::FUNCTION:
 EVP_CipherInit                          1133	3_0_0	EXIST::FUNCTION:
 PKCS12_add_safe                         1134	3_0_0	EXIST::FUNCTION:
 ENGINE_get_digest                       1135	3_0_0	EXIST::FUNCTION:ENGINE
-EC_GROUP_have_precompute_mult           1136	3_0_0	EXIST::FUNCTION:EC
+EC_GROUP_have_precompute_mult           1136	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 OPENSSL_gmtime                          1137	3_0_0	EXIST::FUNCTION:
 X509_set_issuer_name                    1138	3_0_0	EXIST::FUNCTION:
 RSA_new                                 1139	3_0_0	EXIST::FUNCTION:RSA
@@ -1232,7 +1232,7 @@ OPENSSL_sk_shift                        1259	3_0_0	EXIST::FUNCTION:
 i2d_X509_REVOKED                        1260	3_0_0	EXIST::FUNCTION:
 CMS_sign                                1261	3_0_0	EXIST::FUNCTION:CMS
 X509_STORE_add_cert                     1262	3_0_0	EXIST::FUNCTION:
-EC_GROUP_precompute_mult                1263	3_0_0	EXIST::FUNCTION:EC
+EC_GROUP_precompute_mult                1263	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 d2i_DISPLAYTEXT                         1265	3_0_0	EXIST::FUNCTION:
 HMAC_CTX_copy                           1266	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 CRYPTO_gcm128_init                      1267	3_0_0	EXIST::FUNCTION:
@@ -2786,7 +2786,7 @@ ASN1_TYPE_set1                          2846	3_0_0	EXIST::FUNCTION:
 d2i_X509_CRL_bio                        2847	3_0_0	EXIST::FUNCTION:
 PKCS12_SAFEBAG_get1_cert                2848	3_0_0	EXIST::FUNCTION:
 ASN1_UNIVERSALSTRING_free               2849	3_0_0	EXIST::FUNCTION:
-EC_KEY_precompute_mult                  2850	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_precompute_mult                  2850	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 CRYPTO_mem_debug_realloc                2851	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
 PKCS7_new                               2852	3_0_0	EXIST::FUNCTION:
 BASIC_CONSTRAINTS_it                    2853	3_0_0	EXIST::FUNCTION:


More information about the openssl-commits mailing list