Changeset 94082 in vbox for trunk/src/libs/openssl-3.0.1/crypto/ec/ec_mult.c
- Timestamp:
- Mar 3, 2022 7:17:34 PM (3 years ago)
- svn:sync-xref-src-repo-rev:
- 150325
- Location:
- trunk/src/libs/openssl-3.0.1
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
crypto/ec/ec_mult.c (modified) (44 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/libs/openssl-3.0.1
- Property svn:mergeinfo
-
old new 12 12 /vendor/openssl/1.1.1c:131722-131725 13 13 /vendor/openssl/1.1.1k:145841-145843 14 /vendor/openssl/3.0.1:150323-150324 15 /vendor/openssl/current:147554-150322
-
- Property svn:mergeinfo
-
trunk/src/libs/openssl-3.0.1/crypto/ec/ec_mult.c
r91772 r94082 1 1 /* 2 * Copyright 2001-202 0The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at 8 8 * https://www.openssl.org/source/license.html 9 9 */ 10 11 /* 12 * ECDSA low level APIs are deprecated for public use, but still ok for 13 * internal use. 14 */ 15 #include "internal/deprecated.h" 10 16 11 17 #include <string.h> … … 52 58 ret = OPENSSL_zalloc(sizeof(*ret)); 53 59 if (ret == NULL) { 54 E Cerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);60 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 55 61 return ret; 56 62 } … … 63 69 ret->lock = CRYPTO_THREAD_lock_new(); 64 70 if (ret->lock == NULL) { 65 E Cerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);71 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 66 72 OPENSSL_free(ret); 67 73 return NULL; … … 137 143 * Returns 1 on success, 0 otherwise. 138 144 */ 139 int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,140 const BIGNUM *scalar, const EC_POINT *point,141 BN_CTX *ctx)145 int ossl_ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, 146 const BIGNUM *scalar, const EC_POINT *point, 147 BN_CTX *ctx) 142 148 { 143 149 int i, cardinality_bits, group_top, kbit, pbit, Z_is_one; … … 154 160 155 161 if (BN_is_zero(group->order)) { 156 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_ORDER);162 ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_ORDER); 157 163 return 0; 158 164 } 159 165 if (BN_is_zero(group->cofactor)) { 160 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_COFACTOR);166 ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_COFACTOR); 161 167 return 0; 162 168 } … … 166 172 if (((p = EC_POINT_new(group)) == NULL) 167 173 || ((s = EC_POINT_new(group)) == NULL)) { 168 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_MALLOC_FAILURE);174 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 169 175 goto err; 170 176 } … … 172 178 if (point == NULL) { 173 179 if (!EC_POINT_copy(p, group->generator)) { 174 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);180 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 175 181 goto err; 176 182 } 177 183 } else { 178 184 if (!EC_POINT_copy(p, point)) { 179 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);185 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 180 186 goto err; 181 187 } … … 190 196 k = BN_CTX_get(ctx); 191 197 if (k == NULL) { 192 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_MALLOC_FAILURE);198 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 193 199 goto err; 194 200 } 195 201 196 202 if (!BN_mul(cardinality, group->order, group->cofactor, ctx)) { 197 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);203 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 198 204 goto err; 199 205 } … … 209 215 if ((bn_wexpand(k, group_top + 2) == NULL) 210 216 || (bn_wexpand(lambda, group_top + 2) == NULL)) { 211 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);217 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 212 218 goto err; 213 219 } 214 220 215 221 if (!BN_copy(k, scalar)) { 216 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);222 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 217 223 goto err; 218 224 } … … 226 232 */ 227 233 if (!BN_nnmod(k, k, cardinality, ctx)) { 228 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);234 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 229 235 goto err; 230 236 } … … 232 238 233 239 if (!BN_add(lambda, k, cardinality)) { 234 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);240 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 235 241 goto err; 236 242 } 237 243 BN_set_flags(lambda, BN_FLG_CONSTTIME); 238 244 if (!BN_add(k, lambda, cardinality)) { 239 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);245 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 240 246 goto err; 241 247 } … … 257 263 || (bn_wexpand(p->Y, group_top) == NULL) 258 264 || (bn_wexpand(p->Z, group_top) == NULL)) { 259 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);265 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 260 266 goto err; 261 267 } 262 268 263 269 /* ensure input point is in affine coords for ladder step efficiency */ 264 if (!p->Z_is_one && !EC_POINT_make_affine(group, p, ctx)) { 265 ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB); 270 if (!p->Z_is_one && (group->meth->make_affine == NULL 271 || !group->meth->make_affine(group, p, ctx))) { 272 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 266 273 goto err; 267 274 } … … 269 276 /* Initialize the Montgomery ladder */ 270 277 if (!ec_point_ladder_pre(group, r, s, p, ctx)) { 271 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_PRE_FAILURE);278 ERR_raise(ERR_LIB_EC, EC_R_LADDER_PRE_FAILURE); 272 279 goto err; 273 280 } … … 349 356 /* Perform a single step of the Montgomery ladder */ 350 357 if (!ec_point_ladder_step(group, r, s, p, ctx)) { 351 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_STEP_FAILURE);358 ERR_raise(ERR_LIB_EC, EC_R_LADDER_STEP_FAILURE); 352 359 goto err; 353 360 } … … 364 371 /* Finalize ladder (and recover full point coordinates) */ 365 372 if (!ec_point_ladder_post(group, r, s, p, ctx)) { 366 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_POST_FAILURE);373 ERR_raise(ERR_LIB_EC, EC_R_LADDER_POST_FAILURE); 367 374 goto err; 368 375 } … … 381 388 382 389 /* 383 * T ODO: table should be optimised for the wNAF-based implementation,390 * Table could be optimised for the wNAF-based implementation, 384 391 * sometimes smaller windows will give better performance (thus the 385 392 * boundaries should be increased) … … 401 408 * in the addition if scalar != NULL 402 409 */ 403 int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,404 size_t num, const EC_POINT *points[], const BIGNUM *scalars[],405 BN_CTX *ctx)410 int ossl_ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, 411 size_t num, const EC_POINT *points[], 412 const BIGNUM *scalars[], BN_CTX *ctx) 406 413 { 407 414 const EC_POINT *generator = NULL; … … 444 451 * always call the ladder version. 445 452 */ 446 return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx);453 return ossl_ec_scalar_mul_ladder(group, r, scalar, NULL, ctx); 447 454 } 448 455 if ((scalar == NULL) && (num == 1) && (scalars[0] != group->order)) { … … 454 461 * actually set and we always call the ladder version. 455 462 */ 456 return ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx); 463 return ossl_ec_scalar_mul_ladder(group, r, scalars[0], points[0], 464 ctx); 457 465 } 458 466 } … … 461 469 generator = EC_GROUP_get0_generator(group); 462 470 if (generator == NULL) { 463 E Cerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR);471 ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR); 464 472 goto err; 465 473 } … … 489 497 /* check that pre_comp looks sane */ 490 498 if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) { 491 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);499 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 492 500 goto err; 493 501 } … … 514 522 515 523 if (wsize == NULL || wNAF_len == NULL || wNAF == NULL || val_sub == NULL) { 516 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);524 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 517 525 goto err; 518 526 } … … 544 552 if (pre_comp == NULL) { 545 553 if (num_scalar != 1) { 546 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);554 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 547 555 goto err; 548 556 } … … 553 561 554 562 if (num_scalar != 0) { 555 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);563 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 556 564 goto err; 557 565 } … … 596 604 numblocks = (tmp_len + blocksize - 1) / blocksize; 597 605 if (numblocks > pre_comp->numblocks) { 598 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);606 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 599 607 OPENSSL_free(tmp_wNAF); 600 608 goto err; … … 611 619 wNAF_len[i] = blocksize; 612 620 if (tmp_len < blocksize) { 613 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);621 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 614 622 OPENSSL_free(tmp_wNAF); 615 623 goto err; … … 626 634 wNAF[i] = OPENSSL_malloc(wNAF_len[i]); 627 635 if (wNAF[i] == NULL) { 628 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);636 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 629 637 OPENSSL_free(tmp_wNAF); 630 638 goto err; … … 635 643 636 644 if (*tmp_points == NULL) { 637 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);645 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 638 646 OPENSSL_free(tmp_wNAF); 639 647 goto err; … … 655 663 val = OPENSSL_malloc((num_val + 1) * sizeof(val[0])); 656 664 if (val == NULL) { 657 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);665 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 658 666 goto err; 659 667 } … … 672 680 } 673 681 if (!(v == val + num_val)) { 674 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);682 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 675 683 goto err; 676 684 } … … 706 714 } 707 715 708 if (!EC_POINTs_make_affine(group, num_val, val, ctx)) 716 if (group->meth->points_make_affine == NULL 717 || !group->meth->points_make_affine(group, num_val, val, ctx)) 709 718 goto err; 710 719 … … 746 755 * 747 756 * The underlying EC_METHOD can optionally implement this function: 748 * ec_point_blind_coordinates() returns 0 in case of errors or 1 on757 * ossl_ec_point_blind_coordinates() returns 0 in case of errors or 1 on 749 758 * success or if coordinate blinding is not implemented for this 750 759 * group. 751 760 */ 752 if (! ec_point_blind_coordinates(group, r, ctx)) {753 E Cerr(EC_F_EC_WNAF_MUL, EC_R_POINT_COORDINATES_BLIND_FAILURE);761 if (!ossl_ec_point_blind_coordinates(group, r, ctx)) { 762 ERR_raise(ERR_LIB_EC, EC_R_POINT_COORDINATES_BLIND_FAILURE); 754 763 goto err; 755 764 } … … 800 809 801 810 /*- 802 * ec_wNAF_precompute_mult()811 * ossl_ec_wNAF_precompute_mult() 803 812 * creates an EC_PRE_COMP object with preprecomputed multiples of the generator 804 * for use with wNAF splitting as implemented in ec_wNAF_mul().813 * for use with wNAF splitting as implemented in ossl_ec_wNAF_mul(). 805 814 * 806 815 * 'pre_comp->points' is an array of multiples of the generator … … 819 828 * points[2^(w-1)*numblocks] = NULL 820 829 */ 821 int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)830 int ossl_ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) 822 831 { 823 832 const EC_POINT *generator; 824 833 EC_POINT *tmp_point = NULL, *base = NULL, **var; 825 BN_CTX *new_ctx = NULL;826 834 const BIGNUM *order; 827 835 size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num; … … 829 837 EC_PRE_COMP *pre_comp; 830 838 int ret = 0; 839 int used_ctx = 0; 840 #ifndef FIPS_MODULE 841 BN_CTX *new_ctx = NULL; 842 #endif 831 843 832 844 /* if there is an old EC_PRE_COMP object, throw it away */ … … 837 849 generator = EC_GROUP_get0_generator(group); 838 850 if (generator == NULL) { 839 ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR); 840 goto err; 841 } 842 843 if (ctx == NULL) { 851 ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR); 852 goto err; 853 } 854 855 #ifndef FIPS_MODULE 856 if (ctx == NULL) 844 857 ctx = new_ctx = BN_CTX_new(); 845 if (ctx == NULL) 846 goto err;847 }858 #endif 859 if (ctx == NULL) 860 goto err; 848 861 849 862 BN_CTX_start(ctx); 863 used_ctx = 1; 850 864 851 865 order = EC_GROUP_get0_order(group); … … 853 867 goto err; 854 868 if (BN_is_zero(order)) { 855 E Cerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);869 ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_ORDER); 856 870 goto err; 857 871 } … … 881 895 points = OPENSSL_malloc(sizeof(*points) * (num + 1)); 882 896 if (points == NULL) { 883 E Cerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);897 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 884 898 goto err; 885 899 } … … 889 903 for (i = 0; i < num; i++) { 890 904 if ((var[i] = EC_POINT_new(group)) == NULL) { 891 E Cerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);905 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 892 906 goto err; 893 907 } … … 896 910 if ((tmp_point = EC_POINT_new(group)) == NULL 897 911 || (base = EC_POINT_new(group)) == NULL) { 898 E Cerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);912 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 899 913 goto err; 900 914 } … … 928 942 929 943 if (blocksize <= 2) { 930 E Cerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR);944 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 931 945 goto err; 932 946 } … … 941 955 } 942 956 943 if (!EC_POINTs_make_affine(group, num, points, ctx)) 957 if (group->meth->points_make_affine == NULL 958 || !group->meth->points_make_affine(group, num, points, ctx)) 944 959 goto err; 945 960 … … 956 971 957 972 err: 958 BN_CTX_end(ctx); 973 if (used_ctx) 974 BN_CTX_end(ctx); 975 #ifndef FIPS_MODULE 959 976 BN_CTX_free(new_ctx); 977 #endif 960 978 EC_ec_pre_comp_free(pre_comp); 961 979 if (points) { … … 971 989 } 972 990 973 int ec_wNAF_have_precompute_mult(const EC_GROUP *group)991 int ossl_ec_wNAF_have_precompute_mult(const EC_GROUP *group) 974 992 { 975 993 return HAVEPRECOMP(group, ec);
Note:
See TracChangeset
for help on using the changeset viewer.
