From 19b8d06a7911d41ce8b3e347b4f58878e12d92ff Mon Sep 17 00:00:00 2001 From: Bodo Möller Date: Mon, 28 Oct 2002 14:02:19 +0000 Subject: clean up new code for NIST primes create new lock CRYPTO_LOCK_BN to avoid race condition --- crypto/ec/ec.h | 3 ++- crypto/ec/ec_cvt.c | 23 ++++++++++++++++++++--- crypto/ec/ec_err.c | 3 ++- crypto/ec/ec_lcl.h | 1 + crypto/ec/ecp_nist.c | 34 +++++++++++++++++----------------- 5 files changed, 42 insertions(+), 22 deletions(-) (limited to 'crypto/ec') diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 5abef25f09..1cd6d34b5a 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -486,6 +486,8 @@ void ERR_load_EC_strings(void); #define EC_R_INVALID_PRIVATE_KEY 123 #define EC_R_MISSING_PARAMETERS 124 #define EC_R_MISSING_PRIVATE_KEY 125 +#define EC_R_NOT_A_NIST_PRIME 135 +#define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 #define EC_R_NOT_IMPLEMENTED 126 #define EC_R_NOT_INITIALIZED 111 #define EC_R_NO_FIELD_MOD 133 @@ -494,7 +496,6 @@ void ERR_load_EC_strings(void); #define EC_R_PKPARAMETERS2GROUP_FAILURE 127 #define EC_R_POINT_AT_INFINITY 106 #define EC_R_POINT_IS_NOT_ON_CURVE 107 -#define EC_R_PRIME_IS_NOT_A_NIST_PRIME 135 #define EC_R_SLOT_FULL 108 #define EC_R_UNDEFINED_GENERATOR 113 #define EC_R_UNDEFINED_ORDER 128 diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c index 20782569a9..7571a3c368 100644 --- a/crypto/ec/ec_cvt.c +++ b/crypto/ec/ec_cvt.c @@ -99,9 +99,25 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) { - /* remove the last error code form the error queue */ - ERR_get_error(); - /* try the normal mont method */ + unsigned long err; + + err = ERR_peek_last_error(); + + if (!(ERR_GET_LIB(err) == ERR_LIB_EC && + ((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) || + (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME)))) + { + /* real error */ + + EC_GROUP_clear_free(ret); + return NULL; + } + + + /* not an actual error, we just cannot use EC_GFp_nist_method */ + + ERR_clear_error(); + EC_GROUP_clear_free(ret); meth = EC_GFp_mont_method(); @@ -119,6 +135,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM return ret; } + EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { const EC_METHOD *meth; diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 71b1dcff22..58ae9d682d 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -195,6 +195,8 @@ static ERR_STRING_DATA EC_str_reasons[]= {EC_R_INVALID_PRIVATE_KEY ,"invalid private key"}, {EC_R_MISSING_PARAMETERS ,"missing parameters"}, {EC_R_MISSING_PRIVATE_KEY ,"missing private key"}, +{EC_R_NOT_A_NIST_PRIME ,"not a NIST prime"}, +{EC_R_NOT_A_SUPPORTED_NIST_PRIME ,"not a supported NIST prime"}, {EC_R_NOT_IMPLEMENTED ,"not implemented"}, {EC_R_NOT_INITIALIZED ,"not initialized"}, {EC_R_NO_FIELD_MOD ,"no field mod"}, @@ -203,7 +205,6 @@ static ERR_STRING_DATA EC_str_reasons[]= {EC_R_PKPARAMETERS2GROUP_FAILURE ,"pkparameters2group failure"}, {EC_R_POINT_AT_INFINITY ,"point at infinity"}, {EC_R_POINT_IS_NOT_ON_CURVE ,"point is not on curve"}, -{EC_R_PRIME_IS_NOT_A_NIST_PRIME ,"prime is not a nist prime"}, {EC_R_SLOT_FULL ,"slot full"}, {EC_R_UNDEFINED_GENERATOR ,"undefined generator"}, {EC_R_UNDEFINED_ORDER ,"undefined order"}, diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 247c985a23..639d1743ec 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -227,6 +227,7 @@ struct ec_group_st { void *field_data1; /* method-specific (e.g., Montgomery structure) */ void *field_data2; /* method-specific */ + int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); /* method-specific */ } /* EC_GROUP */; diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index 3c2b4fa978..fb43510d52 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -109,9 +109,6 @@ const EC_METHOD *EC_GFp_nist_method(void) return &ret; } -#define ECP_MOD_CAST \ - (int (*)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *)) - #if BN_BITS2 == 64 && UINT_MAX != 4294967295UL && ULONG_MAX != 4294967295UL #define NO_32_BIT_TYPE #endif @@ -155,31 +152,34 @@ int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, if ((tmp_bn = BN_CTX_get(ctx)) == NULL) goto err; if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0) - group->field_data1 = (void *)BN_nist_mod_192; + group->field_mod_func = BN_nist_mod_192; else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0) -#if !defined(ECP_NO_32_BIT_TYPE) || defined(OPENSSL_NO_ASM) - group->field_data1 = (void *)BN_nist_mod_224; +#if !defined(NO_32_BIT_TYPE) || defined(OPENSSL_NO_ASM) + group->field_mod_func = BN_nist_mod_224; #else + ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP, EC_R_NOT_A_SUPPORTED_NIST_PRIME); goto err; #endif else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0) -#if !defined(ECP_NO_32_BIT_TYPE) || defined(OPENSSL_NO_ASM) - group->field_data1 = (void *)BN_nist_mod_256; +#if !defined(NO_32_BIT_TYPE) || defined(OPENSSL_NO_ASM) + group->field_mod_func = BN_nist_mod_256; #else + ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP, EC_R_NOT_A_SUPPORTED_NIST_PRIME); goto err; #endif else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0) -#if !defined(ECP_NO_32_BIT_TYPE) || defined(OPENSSL_NO_ASM) - group->field_data1 = (void *)BN_nist_mod_384; +#if !defined(NO_32_BIT_TYPE) || defined(OPENSSL_NO_ASM) + group->field_mod_func = BN_nist_mod_384; #else + ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP, EC_R_NOT_A_SUPPORTED_NIST_PRIME); goto err; #endif else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0) - group->field_data1 = (void *)BN_nist_mod_521; + /* this one works in the NO_32_BIT_TYPE case */ + group->field_mod_func = BN_nist_mod_521; else { - ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP, - EC_R_PRIME_IS_NOT_A_NIST_PRIME); + ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP, EC_R_NOT_A_NIST_PRIME); goto err; } @@ -188,10 +188,10 @@ int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, group->field.neg = 0; /* group->a */ - (ECP_MOD_CAST group->field_data1)(&group->a, a, p, ctx); + if (!group->field_mod_func(&group->a, a, p, ctx)) goto err; /* group->b */ - (ECP_MOD_CAST group->field_data1)(&group->b, b, p, ctx); + if (!group->field_mod_func(&group->b, b, p, ctx)) goto err; /* group->a_is_minus3 */ if (!BN_add_word(tmp_bn, 3)) goto err; @@ -242,7 +242,7 @@ int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err; if (!BN_mul(r, a, b, ctx)) goto err; - if (!(ECP_MOD_CAST group->field_data1)(r, r, &group->field, ctx)) + if (!group->field_mod_func(r, r, &group->field, ctx)) goto err; ret=1; @@ -267,7 +267,7 @@ int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err; if (!BN_sqr(r, a, ctx)) goto err; - if (!(ECP_MOD_CAST group->field_data1)(r, r, &group->field, ctx)) + if (!group->field_mod_func(r, r, &group->field, ctx)) goto err; ret=1; -- cgit v1.2.3