X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=crypto%2Fec%2Fec_lib.c;h=67e322fbb3ddbe9f3519db2a0ab8b4a3418dd467;hb=9ff9bccc41c385ec2aa8ee2123f083b52b56b7b4;hp=b2a5d79710222cf1f40161adad08b0a8ab8ac375;hpb=4b45c6e52b208deff7da333d1c7f84bcd3986609;p=openssl.git diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index b2a5d79710..67e322fbb3 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1,4 +1,3 @@ -/* crypto/ec/ec_lib.c */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -68,8 +67,6 @@ #include "ec_lcl.h" -const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT; - /* functions for EC_GROUP objects */ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) @@ -85,46 +82,62 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) return NULL; } - ret = OPENSSL_malloc(sizeof *ret); + ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); return NULL; } ret->meth = meth; - - ret->extra_data = NULL; - ret->mont_data = NULL; - - ret->generator = NULL; - ret->order = BN_new(); - ret->cofactor = NULL; - if (!ret->order) - goto err; - ret->cofactor = BN_new(); - if (!ret->cofactor) - goto err; - - ret->curve_name = 0; + if ((ret->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) { + ret->order = BN_new(); + if (ret->order == NULL) + goto err; + ret->cofactor = BN_new(); + if (ret->cofactor == NULL) + goto err; + } ret->asn1_flag = OPENSSL_EC_NAMED_CURVE; ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; - - ret->seed = NULL; - ret->seed_len = 0; - if (!meth->group_init(ret)) goto err; - return ret; + err: - if (ret->order) - BN_free(ret->order); - if (ret->cofactor) - BN_free(ret->cofactor); + BN_free(ret->order); + BN_free(ret->cofactor); OPENSSL_free(ret); return NULL; } +void EC_pre_comp_free(EC_GROUP *group) +{ + switch (group->pre_comp_type) { + default: + break; +#ifdef ECP_NISTZ256_REFERENCE_IMPLEMENTATION + case pct_nistz256: + EC_nistz256_pre_comp_free(group->pre_comp.nistz256); + break; +#endif +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + case pct_nistp224: + EC_nistp224_pre_comp_free(group->pre_comp.nistp224); + break; + case pct_nistp256: + EC_nistp256_pre_comp_free(group->pre_comp.nistp256); + break; + case pct_nistp521: + EC_nistp521_pre_comp_free(group->pre_comp.nistp521); + break; +#endif + case pct_ec: + EC_ec_pre_comp_free(group->pre_comp.ec); + break; + } + group->pre_comp.ec = NULL; +} + void EC_GROUP_free(EC_GROUP *group) { if (!group) @@ -133,18 +146,12 @@ void EC_GROUP_free(EC_GROUP *group) if (group->meth->group_finish != 0) group->meth->group_finish(group); - EC_EX_DATA_free_all_data(&group->extra_data); - - if (group->mont_data) - BN_MONT_CTX_free(group->mont_data); - + EC_pre_comp_free(group); + BN_MONT_CTX_free(group->mont_data); EC_POINT_free(group->generator); BN_free(group->order); BN_free(group->cofactor); - - if (group->seed) - OPENSSL_free(group->seed); - + OPENSSL_free(group->seed); OPENSSL_free(group); } @@ -158,22 +165,17 @@ void EC_GROUP_clear_free(EC_GROUP *group) else if (group->meth->group_finish != 0) group->meth->group_finish(group); - EC_EX_DATA_clear_free_all_data(&group->extra_data); - - if (group->mont_data) - BN_MONT_CTX_free(group->mont_data); - + EC_pre_comp_free(group); + BN_MONT_CTX_free(group->mont_data); EC_POINT_clear_free(group->generator); BN_clear_free(group->order); BN_clear_free(group->cofactor); OPENSSL_clear_free(group->seed, group->seed_len); - OPENSSL_clear_free(group, sizeof *group); + OPENSSL_clear_free(group, sizeof(*group)); } int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) { - EC_EXTRA_DATA *d; - if (dest->meth->group_copy == 0) { ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -185,17 +187,31 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) if (dest == src) return 1; - EC_EX_DATA_free_all_data(&dest->extra_data); - - for (d = src->extra_data; d != NULL; d = d->next) { - void *t = d->dup_func(d->data); - - if (t == NULL) - return 0; - if (!EC_EX_DATA_set_data - (&dest->extra_data, t, d->dup_func, d->free_func, - d->clear_free_func)) - return 0; + /* Copy precomputed */ + dest->pre_comp_type = src->pre_comp_type; + switch (src->pre_comp_type) { + default: + dest->pre_comp.ec = NULL; + break; +#ifdef ECP_NISTZ256_REFERENCE_IMPLEMENTATION + case pct_nistz256: + dest->pre_comp.nistz256 = EC_nistz256_pre_comp_dup(src->pre_comp.nistz256); + break; +#endif +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + case pct_nistp224: + dest->pre_comp.nistp224 = EC_nistp224_pre_comp_dup(src->pre_comp.nistp224); + break; + case pct_nistp256: + dest->pre_comp.nistp256 = EC_nistp256_pre_comp_dup(src->pre_comp.nistp256); + break; + case pct_nistp521: + dest->pre_comp.nistp521 = EC_nistp521_pre_comp_dup(src->pre_comp.nistp521); + break; +#endif + case pct_ec: + dest->pre_comp.ec = EC_ec_pre_comp_dup(src->pre_comp.ec); + break; } if (src->mont_data != NULL) { @@ -208,10 +224,8 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) return 0; } else { /* src->generator == NULL */ - if (dest->mont_data != NULL) { - BN_MONT_CTX_free(dest->mont_data); - dest->mont_data = NULL; - } + BN_MONT_CTX_free(dest->mont_data); + dest->mont_data = NULL; } if (src->generator != NULL) { @@ -228,18 +242,19 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) dest->generator = NULL; } - if (!BN_copy(dest->order, src->order)) - return 0; - if (!BN_copy(dest->cofactor, src->cofactor)) - return 0; + if ((src->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) { + if (!BN_copy(dest->order, src->order)) + return 0; + if (!BN_copy(dest->cofactor, src->cofactor)) + return 0; + } dest->curve_name = src->curve_name; dest->asn1_flag = src->asn1_flag; dest->asn1_form = src->asn1_form; if (src->seed) { - if (dest->seed) - OPENSSL_free(dest->seed); + OPENSSL_free(dest->seed); dest->seed = OPENSSL_malloc(src->seed_len); if (dest->seed == NULL) return 0; @@ -247,8 +262,7 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) return 0; dest->seed_len = src->seed_len; } else { - if (dest->seed) - OPENSSL_free(dest->seed); + OPENSSL_free(dest->seed); dest->seed = NULL; dest->seed_len = 0; } @@ -317,13 +331,18 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, } else BN_zero(group->cofactor); + /* - * We ignore the return value because some groups have an order with + * Some groups have an order with * factors of two, which makes the Montgomery setup fail. * |group->mont_data| will be NULL in this case. */ - ec_precompute_mont_data(group); + if (BN_is_odd(group->order)) { + return ec_precompute_mont_data(group); + } + BN_MONT_CTX_free(group->mont_data); + group->mont_data = NULL; return 1; } @@ -339,21 +358,42 @@ BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group) int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) { + if (group->order == NULL) + return 0; if (!BN_copy(order, group->order)) return 0; return !BN_is_zero(order); } +const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group) +{ + return group->order; +} + +int EC_GROUP_order_bits(const EC_GROUP *group) +{ + OPENSSL_assert(group->meth->group_order_bits != NULL); + return group->meth->group_order_bits(group); +} + int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) { + + if (group->cofactor == NULL) + return 0; if (!BN_copy(cofactor, group->cofactor)) return 0; return !BN_is_zero(group->cofactor); } +const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group) +{ + return group->cofactor; +} + void EC_GROUP_set_curve_name(EC_GROUP *group, int nid) { group->curve_name = nid; @@ -388,11 +428,9 @@ point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len) { - if (group->seed) { - OPENSSL_free(group->seed); - group->seed = NULL; - group->seed_len = 0; - } + OPENSSL_free(group->seed); + group->seed = NULL; + group->seed_len = 0; if (!len || !p) return 1; @@ -492,10 +530,12 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) return 1; + if (a->meth->flags & EC_FLAGS_CUSTOM_CURVE) + return 0; - if (!ctx) + if (ctx == NULL) ctx_new = ctx = BN_CTX_new(); - if (!ctx) + if (ctx == NULL) return -1; BN_CTX_start(ctx); @@ -505,10 +545,9 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) b1 = BN_CTX_get(ctx); b2 = BN_CTX_get(ctx); b3 = BN_CTX_get(ctx); - if (!b3) { + if (b3 == NULL) { BN_CTX_end(ctx); - if (ctx_new) - BN_CTX_free(ctx); + BN_CTX_free(ctx_new); return -1; } @@ -529,172 +568,27 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) r = 1; if (!r) { + const BIGNUM *ao, *bo, *ac, *bc; /* compare the order and cofactor */ - if (!EC_GROUP_get_order(a, a1, ctx) || - !EC_GROUP_get_order(b, b1, ctx) || - !EC_GROUP_get_cofactor(a, a2, ctx) || - !EC_GROUP_get_cofactor(b, b2, ctx)) { + ao = EC_GROUP_get0_order(a); + bo = EC_GROUP_get0_order(b); + ac = EC_GROUP_get0_cofactor(a); + bc = EC_GROUP_get0_cofactor(b); + if (ao == NULL || bo == NULL) { BN_CTX_end(ctx); - if (ctx_new) - BN_CTX_free(ctx); + BN_CTX_free(ctx_new); return -1; } - if (BN_cmp(a1, b1) || BN_cmp(a2, b2)) + if (BN_cmp(ao, bo) || BN_cmp(ac, bc)) r = 1; } BN_CTX_end(ctx); - if (ctx_new) - BN_CTX_free(ctx); + BN_CTX_free(ctx_new); return r; } -/* this has 'package' visibility */ -int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data, - void *(*dup_func) (void *), - void (*free_func) (void *), - void (*clear_free_func) (void *)) -{ - EC_EXTRA_DATA *d; - - if (ex_data == NULL) - return 0; - - for (d = *ex_data; d != NULL; d = d->next) { - if (d->dup_func == dup_func && d->free_func == free_func - && d->clear_free_func == clear_free_func) { - ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL); - return 0; - } - } - - if (data == NULL) - /* no explicit entry needed */ - return 1; - - d = OPENSSL_malloc(sizeof *d); - if (d == NULL) - return 0; - - d->data = data; - d->dup_func = dup_func; - d->free_func = free_func; - d->clear_free_func = clear_free_func; - - d->next = *ex_data; - *ex_data = d; - - return 1; -} - -/* this has 'package' visibility */ -void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data, - void *(*dup_func) (void *), - void (*free_func) (void *), - void (*clear_free_func) (void *)) -{ - const EC_EXTRA_DATA *d; - - for (d = ex_data; d != NULL; d = d->next) { - if (d->dup_func == dup_func && d->free_func == free_func - && d->clear_free_func == clear_free_func) - return d->data; - } - - return NULL; -} - -/* this has 'package' visibility */ -void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data, - void *(*dup_func) (void *), - void (*free_func) (void *), - void (*clear_free_func) (void *)) -{ - EC_EXTRA_DATA **p; - - if (ex_data == NULL) - return; - - for (p = ex_data; *p != NULL; p = &((*p)->next)) { - if ((*p)->dup_func == dup_func && (*p)->free_func == free_func - && (*p)->clear_free_func == clear_free_func) { - EC_EXTRA_DATA *next = (*p)->next; - - (*p)->free_func((*p)->data); - OPENSSL_free(*p); - - *p = next; - return; - } - } -} - -/* this has 'package' visibility */ -void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data, - void *(*dup_func) (void *), - void (*free_func) (void *), - void (*clear_free_func) (void *)) -{ - EC_EXTRA_DATA **p; - - if (ex_data == NULL) - return; - - for (p = ex_data; *p != NULL; p = &((*p)->next)) { - if ((*p)->dup_func == dup_func && (*p)->free_func == free_func - && (*p)->clear_free_func == clear_free_func) { - EC_EXTRA_DATA *next = (*p)->next; - - (*p)->clear_free_func((*p)->data); - OPENSSL_free(*p); - - *p = next; - return; - } - } -} - -/* this has 'package' visibility */ -void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data) -{ - EC_EXTRA_DATA *d; - - if (ex_data == NULL) - return; - - d = *ex_data; - while (d) { - EC_EXTRA_DATA *next = d->next; - - d->free_func(d->data); - OPENSSL_free(d); - - d = next; - } - *ex_data = NULL; -} - -/* this has 'package' visibility */ -void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data) -{ - EC_EXTRA_DATA *d; - - if (ex_data == NULL) - return; - - d = *ex_data; - while (d) { - EC_EXTRA_DATA *next = d->next; - - d->clear_free_func(d->data); - OPENSSL_free(d); - - d = next; - } - *ex_data = NULL; -} - /* functions for EC_POINT objects */ EC_POINT *EC_POINT_new(const EC_GROUP *group) @@ -710,7 +604,7 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) return NULL; } - ret = OPENSSL_malloc(sizeof *ret); + ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE); return NULL; @@ -745,7 +639,7 @@ void EC_POINT_clear_free(EC_POINT *point) point->meth->point_clear_finish(point); else if (point->meth->point_finish != 0) point->meth->point_finish(point); - OPENSSL_clear_free(point, sizeof *point); + OPENSSL_clear_free(point, sizeof(*point)); } int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) @@ -967,6 +861,13 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) return group->meth->is_at_infinity(group, point); } +/* + * Check whether an EC_POINT is on the curve or not. Note that the return + * value for this function should NOT be treated as a boolean. Return values: + * 1: The point is on the curve + * 0: The point is not on the curve + * -1: An error occurred + */ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) { @@ -1093,16 +994,14 @@ int ec_precompute_mont_data(EC_GROUP *group) BN_CTX *ctx = BN_CTX_new(); int ret = 0; - if (group->mont_data) { - BN_MONT_CTX_free(group->mont_data); - group->mont_data = NULL; - } + BN_MONT_CTX_free(group->mont_data); + group->mont_data = NULL; if (ctx == NULL) goto err; group->mont_data = BN_MONT_CTX_new(); - if (!group->mont_data) + if (group->mont_data == NULL) goto err; if (!BN_MONT_CTX_set(group->mont_data, group->order, ctx)) { @@ -1115,7 +1014,23 @@ int ec_precompute_mont_data(EC_GROUP *group) err: - if (ctx) - BN_CTX_free(ctx); + BN_CTX_free(ctx); return ret; } + +int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg) +{ + return CRYPTO_set_ex_data(&key->ex_data, idx, arg); +} + +void *EC_KEY_get_ex_data(const EC_KEY *key, int idx) +{ + return CRYPTO_get_ex_data(&key->ex_data, idx); +} + +int ec_group_simple_order_bits(const EC_GROUP *group) +{ + if (group->order == NULL) + return 0; + return BN_num_bits(group->order); +}