diff options
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/ec')
| -rwxr-xr-x | Cryptlib/OpenSSL/crypto/ec/ec2_mult.c | 26 | ||||
| -rwxr-xr-x | Cryptlib/OpenSSL/crypto/ec/ec_key.c | 13 | ||||
| -rwxr-xr-x | Cryptlib/OpenSSL/crypto/ec/ec_lib.c | 10 |
3 files changed, 18 insertions, 31 deletions
diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c index 6b570a3f..7dca5e4b 100755 --- a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c +++ b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c @@ -208,12 +208,9 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG /* Computes scalar*point and stores the result in r. * point can not equal r. - * Uses a modified algorithm 2P of + * Uses algorithm 2P of * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation". - * - * To protect against side-channel attack the function uses constant time - * swap avoiding conditional branches. */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) @@ -247,11 +244,6 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, x2 = &r->X; z2 = &r->Y; - bn_wexpand(x1, group->field.top); - bn_wexpand(z1, group->field.top); - bn_wexpand(x2, group->field.top); - bn_wexpand(z2, group->field.top); - if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ if (!BN_one(z1)) goto err; /* z1 = 1 */ if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ @@ -274,12 +266,16 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, { for (; j >= 0; j--) { - BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); - BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); - if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; - if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; - BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); - BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); + if (scalar->d[i] & mask) + { + if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; + if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; + } + else + { + if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; + if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; + } mask >>= 1; } j = BN_BITS2 - 1; diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/Cryptlib/OpenSSL/crypto/ec/ec_key.c index 6c933d22..522802c0 100755 --- a/Cryptlib/OpenSSL/crypto/ec/ec_key.c +++ b/Cryptlib/OpenSSL/crypto/ec/ec_key.c @@ -435,27 +435,18 @@ void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) void *EC_KEY_get_key_method_data(EC_KEY *key, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { - void *ret; - - CRYPTO_r_lock(CRYPTO_LOCK_EC); - ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); - CRYPTO_r_unlock(CRYPTO_LOCK_EC); - - return ret; + return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); } -void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, +void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { EC_EXTRA_DATA *ex_data; - CRYPTO_w_lock(CRYPTO_LOCK_EC); ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); if (ex_data == NULL) EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); CRYPTO_w_unlock(CRYPTO_LOCK_EC); - - return ex_data; } void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c index bbf2799b..5af84376 100755 --- a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c +++ b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c @@ -480,10 +480,10 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != EC_METHOD_get_field_type(EC_GROUP_method_of(b))) return 1; - /* compare the curve name (if present in both) */ + /* compare the curve name (if present) */ if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && - EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) - return 1; + EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b)) + return 0; if (!ctx) ctx_new = ctx = BN_CTX_new(); @@ -1061,12 +1061,12 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN if (group->meth->point_cmp == 0) { ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; + return 0; } if ((group->meth != a->meth) || (a->meth != b->meth)) { ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); - return -1; + return 0; } return group->meth->point_cmp(group, a, b, ctx); } |