diff options
Diffstat (limited to 'crypto/ec')
-rw-r--r-- | crypto/ec/ec.h | 34 | ||||
-rw-r--r-- | crypto/ec/ec2_mult.c | 22 | ||||
-rw-r--r-- | crypto/ec/ec2_smpl.c | 18 | ||||
-rw-r--r-- | crypto/ec/ec2_smpt.c | 3 | ||||
-rw-r--r-- | crypto/ec/ec_asn1.c | 91 | ||||
-rw-r--r-- | crypto/ec/ec_err.c | 10 | ||||
-rw-r--r-- | crypto/ec/ec_key.c | 2 | ||||
-rw-r--r-- | crypto/ec/ec_lcl.h | 52 | ||||
-rw-r--r-- | crypto/ec/ec_lib.c | 242 | ||||
-rw-r--r-- | crypto/ec/ec_mult.c | 555 | ||||
-rw-r--r-- | crypto/ec/ecp_mont.c | 5 | ||||
-rw-r--r-- | crypto/ec/ecp_nist.c | 31 | ||||
-rw-r--r-- | crypto/ec/ecp_recp.c | 5 | ||||
-rw-r--r-- | crypto/ec/ecp_smpl.c | 5 | ||||
-rw-r--r-- | crypto/ec/ectest.c | 4 |
15 files changed, 816 insertions, 263 deletions
diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 53fb8cfc57..431a28b38f 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -72,6 +72,8 @@ #ifndef HEADER_EC_H #define HEADER_EC_H +#include <openssl/opensslconf.h> + #ifdef OPENSSL_NO_EC #error EC is disabled. #endif @@ -101,7 +103,7 @@ typedef struct ec_group_st -- field definition -- curve coefficients -- optional generator with associated information (order, cofactor) - -- optional extra data (TODO: precomputed table for fast computation of multiples of generator) + -- optional extra data (precomputed table for fast computation of multiples of generator) -- ASN1 stuff */ EC_GROUP; @@ -241,7 +243,11 @@ int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *); int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *); + +/* EC_GROUP_precompute_mult() stores multiples of generator for faster point multiplication */ int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *); +/* EC_GROUP_have_precompute_mult() reports whether such precomputation has been done */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *); @@ -315,16 +321,16 @@ int EC_KEY_generate_key(EC_KEY *); /* EC_KEY_check_key() */ int EC_KEY_check_key(const EC_KEY *); -/* de- and encode functions for the SEC1 ECPrivateKey */ +/* de- and encoding functions for SEC1 ECPrivateKey */ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len); int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out); -/* de- and encode functions for the elliptic curve parameters */ +/* de- and encoding functions for EC parameters */ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len); int i2d_ECParameters(EC_KEY *a, unsigned char **out); - -EC_KEY *ECPublicKey_set_octet_string(EC_KEY **a, const unsigned char **in, - long len); -int ECPublicKey_get_octet_string(EC_KEY *a, unsigned char **out); +/* de- and encoding functions for EC public key + * (octet string, not DER -- hence 'o2i' and 'i2o') */ +EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len); +int i2o_ECPublicKey(EC_KEY *a, unsigned char **out); #ifndef OPENSSL_NO_BIO int ECParameters_print(BIO *bp, const EC_KEY *x); @@ -355,8 +361,6 @@ void ERR_load_EC_strings(void); #define EC_F_ECPARAMETERS_PRINT_FP 148 #define EC_F_ECPKPARAMETERS_PRINT 149 #define EC_F_ECPKPARAMETERS_PRINT_FP 150 -#define EC_F_ECPUBLICKEY_GET_OCTET 151 -#define EC_F_ECPUBLICKEY_SET_OCTET 152 #define EC_F_ECP_NIST_MOD_192 203 #define EC_F_ECP_NIST_MOD_224 204 #define EC_F_ECP_NIST_MOD_256 205 @@ -403,7 +407,6 @@ void ERR_load_EC_strings(void); #define EC_F_EC_GROUP_GET_CURVE_GF2M 172 #define EC_F_EC_GROUP_GET_CURVE_GFP 130 #define EC_F_EC_GROUP_GET_DEGREE 173 -#define EC_F_EC_GROUP_GET_EXTRA_DATA 107 #define EC_F_EC_GROUP_GET_ORDER 141 #define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 #define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 @@ -444,6 +447,7 @@ void ERR_load_EC_strings(void); #define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 #define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 #define EC_F_EC_POINT_SET_TO_INFINITY 127 +#define EC_F_EC_PRE_COMP_DUP 207 #define EC_F_EC_WNAF_MUL 187 #define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 #define EC_F_GFP_MONT_GROUP_SET_CURVE 189 @@ -451,6 +455,8 @@ void ERR_load_EC_strings(void); #define EC_F_I2D_ECPARAMETERS 190 #define EC_F_I2D_ECPKPARAMETERS 191 #define EC_F_I2D_ECPRIVATEKEY 192 +#define EC_F_I2O_ECPUBLICKEY 151 +#define EC_F_O2I_ECPUBLICKEY 152 /* Reason codes. */ #define EC_R_ASN1_ERROR 115 @@ -462,7 +468,6 @@ void ERR_load_EC_strings(void); #define EC_R_GROUP2PKPARAMETERS_FAILURE 120 #define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 #define EC_R_INCOMPATIBLE_OBJECTS 101 -#define EC_R_INTERNAL_ERROR 132 #define EC_R_INVALID_ARGUMENT 112 #define EC_R_INVALID_COMPRESSED_POINT 110 #define EC_R_INVALID_COMPRESSION_BIT 109 @@ -473,12 +478,11 @@ void ERR_load_EC_strings(void); #define EC_R_INVALID_PRIVATE_KEY 123 #define EC_R_MISSING_PARAMETERS 124 #define EC_R_MISSING_PRIVATE_KEY 125 -#define EC_R_NOT_A_NIST_PRIME 135 -#define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 +#define EC_R_NOT_A_NIST_PRIME 135 +#define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 #define EC_R_NOT_IMPLEMENTED 126 #define EC_R_NOT_INITIALIZED 111 #define EC_R_NO_FIELD_MOD 133 -#define EC_R_NO_SUCH_EXTRA_DATA 105 #define EC_R_PASSED_NULL_PARAMETER 134 #define EC_R_PKPARAMETERS2GROUP_FAILURE 127 #define EC_R_POINT_AT_INFINITY 106 diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c index eefb41a157..a0effa95ad 100644 --- a/crypto/ec/ec2_mult.c +++ b/crypto/ec/ec2_mult.c @@ -14,7 +14,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -326,9 +326,10 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } /* This implementation is more efficient than the wNAF implementation for 2 - * or fewer points. Use the ec_wNAF_mul implementation for 3 or more points. + * or fewer points. Use the ec_wNAF_mul implementation for 3 or more points, + * or if we can perform a fast multiplication based on precomputation. */ - if ((scalar && (num > 1)) || (num > 2)) + if ((scalar && (num > 1)) || (num > 2) || (num == 0 && EC_GROUP_have_precompute_mult(group))) { ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); goto err; @@ -364,12 +365,15 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } -/* Precomputation for point multiplication. */ +/* Precomputation for point multiplication: fall back to wNAF methods + * because ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate */ + int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { - /* There is no precomputation to do for Montgomery scalar multiplication but - * since this implementation falls back to the wNAF multiplication for more than - * two points, call the wNAF implementation's precompute. - */ return ec_wNAF_precompute_mult(group, ctx); - } + } + +int ec_GF2m_have_precompute_mult(const EC_GROUP *group) + { + return ec_wNAF_have_precompute_mult(group); + } diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 1bc440eed1..89e8152015 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -14,7 +14,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -99,13 +99,17 @@ const EC_METHOD *EC_GF2m_simple_method(void) ec_GF2m_simple_add, ec_GF2m_simple_dbl, ec_GF2m_simple_invert, - ec_GF2m_simple_mul, - ec_GF2m_precompute_mult, ec_GF2m_simple_is_at_infinity, ec_GF2m_simple_is_on_curve, ec_GF2m_simple_cmp, ec_GF2m_simple_make_affine, ec_GF2m_simple_points_make_affine, + + /* the following three method functions are defined in ec2_mult.c */ + ec_GF2m_simple_mul, + ec_GF2m_precompute_mult, + ec_GF2m_have_precompute_mult, + ec_GF2m_simple_field_mul, ec_GF2m_simple_field_sqr, ec_GF2m_simple_field_div, @@ -170,8 +174,8 @@ int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) dest->poly[2] = src->poly[2]; dest->poly[3] = src->poly[3]; dest->poly[4] = src->poly[4]; - bn_wexpand(&dest->a, (dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); - bn_wexpand(&dest->b, (dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); + bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); + bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0; for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0; return 1; @@ -195,12 +199,12 @@ int ec_GF2m_simple_group_set_curve(EC_GROUP *group, /* group->a */ if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err; - bn_wexpand(&group->a, (group->poly[0] + BN_BITS2 - 1) / BN_BITS2); + bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2); for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0; /* group->b */ if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err; - bn_wexpand(&group->b, (group->poly[0] + BN_BITS2 - 1) / BN_BITS2); + bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2); for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0; ret = 1; diff --git a/crypto/ec/ec2_smpt.c b/crypto/ec/ec2_smpt.c index 1b014e5d96..f7e3d38150 100644 --- a/crypto/ec/ec2_smpt.c +++ b/crypto/ec/ec2_smpt.c @@ -61,7 +61,8 @@ * compressed coordinates. Uses algorithm 2.3.4 of SEC 1. * Note that the simple implementation only uses affine coordinates. * - * This algorithm is patented by Certicom Corp. under US Patent 6,141,420. + * This algorithm is patented by Certicom Corp. under US Patent 6,141,420 + * (for licensing information, contact licensing@certicom.com). * This function is disabled by default and can be enabled by defining the * preprocessor macro OPENSSL_EC_BIN_PT_COMP at Configure-time. */ diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 63d33a5f56..f31ac45d99 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -224,7 +224,7 @@ ASN1_SEQUENCE(ECPARAMETERS) = { ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), - ASN1_SIMPLE(ECPARAMETERS, cofactor, ASN1_INTEGER) + ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) } ASN1_SEQUENCE_END(ECPARAMETERS) DECLARE_ASN1_FUNCTIONS_const(ECPARAMETERS) @@ -715,17 +715,15 @@ static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, goto err; } - /* set the cofactor */ - if (!EC_GROUP_get_cofactor(group, tmp, NULL)) + /* set the cofactor (optional) */ + if (EC_GROUP_get_cofactor(group, tmp, NULL)) { - ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); - goto err; - } - ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); - if (ret->cofactor == NULL) - { - ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); - goto err; + ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); + if (ret->cofactor == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); + goto err; + } } ok = 1; @@ -978,9 +976,7 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) ret->seed_len = params->curve->seed->length; } - /* extract the order, cofactor and generator */ - if (!params->order || !params->cofactor || !params->base || - !params->base->data) + if (!params->order || !params->base || !params->base->data) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); goto err; @@ -988,14 +984,11 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) if ((point = EC_POINT_new(ret)) == NULL) goto err; - a = ASN1_INTEGER_to_BN(params->order, a); - b = ASN1_INTEGER_to_BN(params->cofactor, b); - if (!a || !b) - { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); - goto err; - } + /* set the point conversion form */ + EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) + (params->base->data[0] & ~0x01)); + /* extract the ec point */ if (!EC_POINT_oct2point(ret, point, params->base->data, params->base->length, NULL)) { @@ -1003,10 +996,29 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) goto err; } - /* set the point conversion form */ - EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) - (params->base->data[0] & ~0x01)); - + /* extract the order */ + if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); + goto err; + } + + /* extract the cofactor (optional) */ + if (params->cofactor == NULL) + { + if (b) + { + BN_free(b); + b = NULL; + } + } + else + if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); + goto err; + } + /* set the generator, order and cofactor (if present) */ if (!EC_GROUP_set_generator(ret, point, a, b)) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); @@ -1394,8 +1406,7 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) return ret; } -EC_KEY *ECPublicKey_set_octet_string(EC_KEY **a, const unsigned char **in, - long len) +EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len) { EC_KEY *ret=NULL; @@ -1403,33 +1414,35 @@ EC_KEY *ECPublicKey_set_octet_string(EC_KEY **a, const unsigned char **in, { /* sorry, but a EC_GROUP-structur is necessary * to set the public key */ - ECerr(EC_F_ECPUBLICKEY_SET_OCTET, ERR_R_PASSED_NULL_PARAMETER); + ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); return 0; } ret = *a; if (ret->pub_key == NULL && (ret->pub_key = EC_POINT_new(ret->group)) == NULL) { - ECerr(EC_F_ECPUBLICKEY_SET_OCTET, ERR_R_MALLOC_FAILURE); + ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); return 0; } if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) { - ECerr(EC_F_ECPUBLICKEY_SET_OCTET, ERR_R_EC_LIB); + ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB); return 0; } /* save the point conversion form */ ret->conv_form = (point_conversion_form_t)(*in[0] & ~0x01); + *in += len; return ret; } -int ECPublicKey_get_octet_string(EC_KEY *a, unsigned char **out) +int i2o_ECPublicKey(EC_KEY *a, unsigned char **out) { - size_t buf_len=0; + size_t buf_len=0; + int new_buffer = 0; if (a == NULL) { - ECerr(EC_F_ECPUBLICKEY_GET_OCTET, ERR_R_PASSED_NULL_PARAMETER); + ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); return 0; } @@ -1441,19 +1454,23 @@ int ECPublicKey_get_octet_string(EC_KEY *a, unsigned char **out) return buf_len; if (*out == NULL) + { if ((*out = OPENSSL_malloc(buf_len)) == NULL) { - ECerr(EC_F_ECPUBLICKEY_GET_OCTET, - ERR_R_MALLOC_FAILURE); + ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); return 0; } + new_buffer = 1; + } if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, *out, buf_len, NULL)) { - ECerr(EC_F_ECPUBLICKEY_GET_OCTET, ERR_R_EC_LIB); + ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB); OPENSSL_free(*out); *out = NULL; return 0; } + if (!new_buffer) + *out += buf_len; return buf_len; } diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 58ae9d682d..d74ddace58 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* crypto/ec/ec_err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -74,8 +74,6 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_ECPARAMETERS_PRINT_FP,0), "ECParameters_print_fp"}, {ERR_PACK(0,EC_F_ECPKPARAMETERS_PRINT,0), "ECPKParameters_print"}, {ERR_PACK(0,EC_F_ECPKPARAMETERS_PRINT_FP,0), "ECPKParameters_print_fp"}, -{ERR_PACK(0,EC_F_ECPUBLICKEY_GET_OCTET,0), "ECPUBLICKEY_GET_OCTET"}, -{ERR_PACK(0,EC_F_ECPUBLICKEY_SET_OCTET,0), "ECPUBLICKEY_SET_OCTET"}, {ERR_PACK(0,EC_F_ECP_NIST_MOD_192,0), "ECP_NIST_MOD_192"}, {ERR_PACK(0,EC_F_ECP_NIST_MOD_224,0), "ECP_NIST_MOD_224"}, {ERR_PACK(0,EC_F_ECP_NIST_MOD_256,0), "ECP_NIST_MOD_256"}, @@ -122,7 +120,6 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GF2M,0), "EC_GROUP_get_curve_GF2m"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0), "EC_GROUP_get_curve_GFp"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_DEGREE,0), "EC_GROUP_get_degree"}, -{ERR_PACK(0,EC_F_EC_GROUP_GET_EXTRA_DATA,0), "EC_GROUP_get_extra_data"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0), "EC_GROUP_get_order"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS,0), "EC_GROUP_get_pentanomial_basis"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_TRINOMIAL_BASIS,0), "EC_GROUP_get_trinomial_basis"}, @@ -163,6 +160,7 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,0), "EC_POINT_set_compressed_coordinates_GFp"}, {ERR_PACK(0,EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,0), "EC_POINT_set_Jprojective_coordinates_GFp"}, {ERR_PACK(0,EC_F_EC_POINT_SET_TO_INFINITY,0), "EC_POINT_set_to_infinity"}, +{ERR_PACK(0,EC_F_EC_PRE_COMP_DUP,0), "EC_PRE_COMP_DUP"}, {ERR_PACK(0,EC_F_EC_WNAF_MUL,0), "ec_wNAF_mul"}, {ERR_PACK(0,EC_F_EC_WNAF_PRECOMPUTE_MULT,0), "ec_wNAF_precompute_mult"}, {ERR_PACK(0,EC_F_GFP_MONT_GROUP_SET_CURVE,0), "GFP_MONT_GROUP_SET_CURVE"}, @@ -170,6 +168,8 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_I2D_ECPARAMETERS,0), "i2d_ECParameters"}, {ERR_PACK(0,EC_F_I2D_ECPKPARAMETERS,0), "i2d_ECPKParameters"}, {ERR_PACK(0,EC_F_I2D_ECPRIVATEKEY,0), "i2d_ECPrivateKey"}, +{ERR_PACK(0,EC_F_I2O_ECPUBLICKEY,0), "i2o_ECPublicKey"}, +{ERR_PACK(0,EC_F_O2I_ECPUBLICKEY,0), "o2i_ECPublicKey"}, {0,NULL} }; @@ -184,7 +184,6 @@ static ERR_STRING_DATA EC_str_reasons[]= {EC_R_GROUP2PKPARAMETERS_FAILURE ,"group2pkparameters failure"}, {EC_R_I2D_ECPKPARAMETERS_FAILURE ,"i2d ecpkparameters failure"}, {EC_R_INCOMPATIBLE_OBJECTS ,"incompatible objects"}, -{EC_R_INTERNAL_ERROR ,"internal error"}, {EC_R_INVALID_ARGUMENT ,"invalid argument"}, {EC_R_INVALID_COMPRESSED_POINT ,"invalid compressed point"}, {EC_R_INVALID_COMPRESSION_BIT ,"invalid compression bit"}, @@ -200,7 +199,6 @@ static ERR_STRING_DATA EC_str_reasons[]= {EC_R_NOT_IMPLEMENTED ,"not implemented"}, {EC_R_NOT_INITIALIZED ,"not initialized"}, {EC_R_NO_FIELD_MOD ,"no field mod"}, -{EC_R_NO_SUCH_EXTRA_DATA ,"no such extra data"}, {EC_R_PASSED_NULL_PARAMETER ,"passed null parameter"}, {EC_R_PKPARAMETERS2GROUP_FAILURE ,"pkparameters2group failure"}, {EC_R_POINT_AT_INFINITY ,"point at infinity"}, diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index d7758c91d3..aef3934c17 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -199,7 +199,7 @@ EC_KEY *EC_KEY_dup(const EC_KEY *eckey) /* copy the private key */ if (eckey->priv_key) { - ret->priv_key = BN_dup(ret->priv_key); + ret->priv_key = BN_dup(eckey->priv_key); if (ret->priv_key == NULL) ok = 0; } diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index a96d0df1a4..f59fe0e448 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -136,11 +136,6 @@ struct ec_method_st { int (*dbl)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); int (*invert)(const EC_GROUP *, EC_POINT *, BN_CTX *); - /* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult: */ - int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); - int (*precompute_mult)(EC_GROUP *group, BN_CTX *); - /* used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: */ int (*is_at_infinity)(const EC_GROUP *, const EC_POINT *); int (*is_on_curve)(const EC_GROUP *, const EC_POINT *, BN_CTX *); @@ -150,6 +145,13 @@ struct ec_method_st { int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *); int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); + /* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, EC_POINT_have_precompute_mult + * (default implementations are used if the 'mul' pointer is 0): */ + int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); + int (*precompute_mult)(EC_GROUP *group, BN_CTX *); + int (*have_precompute_mult)(const EC_GROUP *group); + /* internal functions */ @@ -165,6 +167,13 @@ struct ec_method_st { int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *); } /* EC_METHOD */; +typedef struct ec_extra_data_st { + struct ec_extra_data_st *next; + void *data; + void *(*dup_func)(void *); + void (*free_func)(void *); + void (*clear_free_func)(void *); +} EC_EXTRA_DATA; /* used in EC_GROUP */ struct ec_group_st { const EC_METHOD *meth; @@ -179,10 +188,7 @@ struct ec_group_st { unsigned char *seed; /* optional seed for parameters (appears in ASN1) */ size_t seed_len; - void *extra_data; - void *(*extra_data_dup_func)(void *); - void (*extra_data_free_func)(void *); - void (*extra_data_clear_free_func)(void *); + EC_EXTRA_DATA *extra_data; /* linked list */ /* The following members are handled by the method functions, * even if they appear generic */ @@ -222,14 +228,17 @@ struct ec_group_st { * (with visibility limited to 'package' level for now). * We use the function pointers as index for retrieval; this obviates * global ex_data-style index tables. - * (Currently, we have one slot only, but is is possible to extend this - * if necessary.) */ -int EC_GROUP_set_extra_data(EC_GROUP *, void *extra_data, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)); -void *EC_GROUP_get_extra_data(const EC_GROUP *, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)); -void EC_GROUP_free_extra_data(EC_GROUP *); -void EC_GROUP_clear_free_extra_data(EC_GROUP *); + */ +int EC_GROUP_set_extra_data(EC_GROUP *, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void *EC_GROUP_get_extra_data(const EC_GROUP *, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_GROUP_free_extra_data(EC_GROUP*, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_GROUP_clear_free_extra_data(EC_GROUP*, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_GROUP_free_all_extra_data(EC_GROUP *); +void EC_GROUP_clear_free_all_extra_data(EC_GROUP *); @@ -248,10 +257,13 @@ struct ec_point_st { -/* method functions in ec_mult.c */ +/* method functions in ec_mult.c + * (ec_lib.c uses these as defaults if group->method->mul is 0) */ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); +int ec_wNAF_have_precompute_mult(const EC_GROUP *group); + /* method functions in ecp_smpl.c */ int ec_GFp_simple_group_init(EC_GROUP *); @@ -317,6 +329,7 @@ int ec_GFp_recp_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX * /* method functions in ecp_nist.c */ +int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); @@ -363,3 +376,4 @@ int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +int ec_GF2m_have_precompute_mult(const EC_GROUP *group); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 2cc0dc0ec1..c00875cd73 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -98,9 +98,6 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) ret->meth = meth; ret->extra_data = NULL; - ret->extra_data_dup_func = 0; - ret->extra_data_free_func = 0; - ret->extra_data_clear_free_func = 0; ret->generator = NULL; BN_init(&ret->order); @@ -130,7 +127,7 @@ void EC_GROUP_free(EC_GROUP *group) if (group->meth->group_finish != 0) group->meth->group_finish(group); - EC_GROUP_free_extra_data(group); + EC_GROUP_free_all_extra_data(group); if (group->generator != NULL) EC_POINT_free(group->generator); @@ -153,7 +150,7 @@ void EC_GROUP_clear_free(EC_GROUP *group) else if (group->meth != NULL && group->meth->group_finish != 0) group->meth->group_finish(group); - EC_GROUP_clear_free_extra_data(group); + EC_GROUP_clear_free_all_extra_data(group); if (group->generator != NULL) EC_POINT_clear_free(group->generator); @@ -173,6 +170,8 @@ void EC_GROUP_clear_free(EC_GROUP *group) int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) { + EC_EXTRA_DATA *d; + if (dest->meth->group_copy == 0) { ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -186,19 +185,16 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) if (dest == src) return 1; - EC_GROUP_clear_free_extra_data(dest); - if (src->extra_data_dup_func) - { - if (src->extra_data != NULL) - { - dest->extra_data = src->extra_data_dup_func(src->extra_data); - if (dest->extra_data == NULL) - return 0; - } + EC_GROUP_free_all_extra_data(dest); - dest->extra_data_dup_func = src->extra_data_dup_func; - dest->extra_data_free_func = src->extra_data_free_func; - dest->extra_data_clear_free_func = src->extra_data_clear_free_func; + for (d = src->extra_data; d != NULL; d = d->next) + { + void *t = d->dup_func(d->data); + + if (t == NULL) + return 0; + if (!EC_GROUP_set_extra_data(dest, t, d->dup_func, d->free_func, d->clear_free_func)) + return 0; } if (src->generator != NULL) @@ -475,65 +471,148 @@ int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) /* this has 'package' visibility */ -int EC_GROUP_set_extra_data(EC_GROUP *group, void *extra_data, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)) +int EC_GROUP_set_extra_data(EC_GROUP *group, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { - if ((group->extra_data != NULL) - || (group->extra_data_dup_func != 0) - || (group->extra_data_free_func != 0) - || (group->extra_data_clear_free_func != 0)) - { - ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL); + EC_EXTRA_DATA *d; + + if (group == NULL) return 0; + + for (d = group->extra_data; d != NULL; d = d->next) + { + if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) + { + ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL); + return 0; + } } - group->extra_data = extra_data; - group->extra_data_dup_func = extra_data_dup_func; - group->extra_data_free_func = extra_data_free_func; - group->extra_data_clear_free_func = extra_data_clear_free_func; + if (data == NULL) + /* no explicit entry needed */ + return 1; + + d = OPENSSL_malloc(sizeof *d); + if (d == NULL) + return 0; + + d->data = data; + d->dup_func = dup_func; + d->free_func = free_func; + d->clear_free_func = clear_free_func; + + d->next = group->extra_data; + group->extra_data = d; + return 1; } - /* this has 'package' visibility */ -void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)) +void *EC_GROUP_get_extra_data(const EC_GROUP *group, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { - if ((group->extra_data_dup_func != extra_data_dup_func) - || (group->extra_data_free_func != extra_data_free_func) - || (group->extra_data_clear_free_func != extra_data_clear_free_func)) - { - ECerr(EC_F_EC_GROUP_GET_EXTRA_DATA, EC_R_NO_SUCH_EXTRA_DATA); + EC_EXTRA_DATA *d; + + if (group == NULL) return NULL; + + for (d = group->extra_data; d != NULL; d = d->next) + { + if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) + return d->data; } + + return NULL; + } - return group->extra_data; +/* this has 'package' visibility */ +void EC_GROUP_free_extra_data(EC_GROUP *group, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { + EC_EXTRA_DATA **p; + + if (group == NULL) + return; + + for (p = &group->extra_data; *p != NULL; p = &((*p)->next)) + { + if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) + { + EC_EXTRA_DATA *next = (*p)->next; + + (*p)->free_func((*p)->data); + OPENSSL_free(*p); + + *p = next; + return; + } + } } +/* this has 'package' visibility */ +void EC_GROUP_clear_free_extra_data(EC_GROUP *group, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { + EC_EXTRA_DATA **p; + + if (group == NULL) + return; + + for (p = &group->extra_data; *p != NULL; p = &((*p)->next)) + { + if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) + { + EC_EXTRA_DATA *next = (*p)->next; + + (*p)->clear_free_func((*p)->data); + OPENSSL_free(*p); + + *p = next; + return; + } + } + } /* this has 'package' visibility */ -void EC_GROUP_free_extra_data(EC_GROUP *group) +void EC_GROUP_free_all_extra_data(EC_GROUP *group) { - if (group->extra_data_free_func) - group->extra_data_free_func(group->extra_data); + EC_EXTRA_DATA *d; + + if (group == NULL) + return; + + d = group->extra_data; + while (d) + { + EC_EXTRA_DATA *next = d->next; + + d->free_func(d->data); + OPENSSL_free(d); + + d = next; + } group->extra_data = NULL; - group->extra_data_dup_func = 0; - group->extra_data_free_func = 0; - group->extra_data_clear_free_func = 0; } - /* this has 'package' visibility */ -void EC_GROUP_clear_free_extra_data(EC_GROUP *group) +void EC_GROUP_clear_free_all_extra_data(EC_GROUP *group) { - if (group->extra_data_clear_free_func) - group->extra_data_clear_free_func(group->extra_data); - else if (group->extra_data_free_func) - group->extra_data_free_func(group->extra_data); + EC_EXTRA_DATA *d; + + if (group == NULL) + return; + + d = group->extra_data; + while (d) + { + EC_EXTRA_DATA *next = d->next; + + d->clear_free_func(d->data); + OPENSSL_free(d); + + d = next; + } group->extra_data = NULL; - group->extra_data_dup_func = 0; - group->extra_data_free_func = 0; - group->extra_data_clear_free_func = 0; } @@ -956,3 +1035,58 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], } return group->meth->points_make_affine(group, num, points, ctx); } + + +/* Functions for point multiplication. + * + * If group->meth->mul is 0, we use the wNAF-based implementations in ec_mult.c; + * otherwise we dispatch through methods. + */ + +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) + { + if (group->meth->mul == 0) + /* use default */ + return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); + + return group->meth->mul(group, r, scalar, num, points, scalars, ctx); + } + +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, + const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) + { + /* just a convenient interface to EC_POINTs_mul() */ + + const EC_POINT *points[1]; + const BIGNUM *scalars[1]; + + points[0] = point; + scalars[0] = p_scalar; + + return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx); + } + +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) + { + if (group->meth->mul == 0) + /* use default */ + return ec_wNAF_precompute_mult(group, ctx); + + if (group->meth->precompute_mult != 0) + return group->meth->precompute_mult(group, ctx); + else + return 1; /* nothing to do, so report success */ + } + +int EC_GROUP_have_precompute_mult(const EC_GROUP *group) + { + if (group->meth->mul == 0) + /* use default */ + return ec_wNAF_have_precompute_mult(group); + + if (group->meth->have_precompute_mult != 0) + return group->meth->have_precompute_mult(group); + else + return 0; /* cannot tell whether precomputation has been performed */ + } diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index f5312aa23a..c71a69ac0d 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -1,9 +1,9 @@ /* crypto/ec/ec_mult.c */ /* - * Originally written by Bodo Moeller for the OpenSSL project. + * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -61,19 +61,120 @@ * and contributed to the OpenSSL project. */ +#include <string.h> + #include <openssl/err.h> #include "ec_lcl.h" -/* TODO: optional precomputation of multiples of the generator */ +/* + * This file implements the wNAF-based interleaving multi-exponentation method + * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>); + * for multiplication with precomputation, we use wNAF splitting + * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp>). + */ -/* - * wNAF-based interleaving multi-exponentation method - * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>) - */ + +/* structure for precomputed multiples of the generator */ +typedef struct ec_pre_comp_st { + const EC_GROUP *group; /* parent EC_GROUP object */ + size_t blocksize; /* block size for wNAF splitting */ + size_t numblocks; /* max. number of blocks for which we have precomputation */ + size_t w; /* window size */ + EC_POINT **points; /* array with pre-calculated multiples of generator: + * 'num' pointers to EC_POINT objects followed by a NULL */ + size_t num; /* numblocks * 2^(w-1) */ + int references; +} EC_PRE_COMP; + +/* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */ +static void *ec_pre_comp_dup(void *); +static void ec_pre_comp_free(void *); +static void ec_pre_comp_clear_free(void *); + +static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) + { + EC_PRE_COMP *ret = NULL; + + if (!group) + return NULL; + + ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP)); + if (!ret) + return ret; + ret->group = group; + ret->blocksize = 8; /* default */ + ret->numblocks = 0; + ret->w = 4; /* default */ + ret->points = NULL; + ret->num = 0; + ret->references = 1; + return ret; + } + +static void *ec_pre_comp_dup(void *src_) + { + EC_PRE_COMP *src = src_; + + /* no need to actually copy, these objects never change! */ + + CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); + + return src_; + } + +static void ec_pre_comp_free(void *pre_) + { + int i; + EC_PRE_COMP *pre = pre_; + + if (!pre) + return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + + if (pre->points) + { + EC_POINT **p; + + for (p = pre->points; *p != NULL; p++) + EC_POINT_free(*p); + OPENSSL_free(pre->points); + } + OPENSSL_free(pre); + } + +static void ec_pre_comp_clear_free(void *pre_) + { + int i; + EC_PRE_COMP *pre = pre_; + + if (!pre) + return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + + if (pre->points) + { + EC_POINT **p; + + for (p = pre->points; *p != NULL; p++) + EC_POINT_clear_free(*p); + OPENSSL_cleanse(pre->points, sizeof pre->points); + OPENSSL_free(pre->points); + } + OPENSSL_cleanse(pre, sizeof pre); + OPENSSL_free(pre); + } + + /* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. @@ -108,7 +209,9 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) } len = BN_num_bits(scalar); - r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation */ + r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation + * (*ret_len will be set to the actual length, i.e. at most + * BN_num_bits(scalar) + 1) */ if (r == NULL) goto err; if (scalar->d == NULL || scalar->top == 0) @@ -224,6 +327,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, EC_POINT *generator = NULL; EC_POINT *tmp = NULL; size_t totalnum; + size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */ + size_t pre_points_per_block = 0; size_t i, j; int k; int r_is_inverted = 0; @@ -235,19 +340,23 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num_val; EC_POINT **val = NULL; /* precomputation */ EC_POINT **v; - EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */ + EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or 'pre_comp->points' */ + const EC_PRE_COMP *pre_comp = NULL; + int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be treated like other scalars, + * i.e. precomputation is not available */ int ret = 0; - if (scalar != NULL) + if (group->meth != r->meth) { - generator = EC_GROUP_get0_generator(group); - if (generator == NULL) - { - ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR); - return 0; - } + ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); + return 0; } - + + if ((scalar == NULL) && (num == 0)) + { + return EC_POINT_set_to_infinity(group, r); + } + for (i = 0; i < num; i++) { if (group->meth != points[i]->meth) @@ -257,40 +366,209 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } } - totalnum = num + (scalar != NULL); + if (ctx == NULL) + { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + } - wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); - wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); - wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); - if (wNAF != NULL) + if (scalar != NULL) { - wNAF[0] = NULL; /* preliminary pivot */ + generator = EC_GROUP_get0_generator(group); + if (generator == NULL) + { + ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR); + goto err; + } + + /* look if we can use precomputed multiples of generator */ + + pre_comp = EC_GROUP_get_extra_data(group, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); + + if (pre_comp && pre_comp->numblocks && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0)) + { + blocksize = pre_comp->blocksize; + + /* determine maximum number of blocks that wNAF splitting may yield + * (NB: maximum wNAF length is bit length plus one) */ + numblocks = (BN_num_bits(scalar) / blocksize) + 1; + + /* we cannot use more blocks than we have precomputation for */ + if (numblocks > pre_comp->numblocks) + numblocks = pre_comp->numblocks; + + pre_points_per_block = 1u << (pre_comp->w - 1); + + /* check that pre_comp looks sane */ + if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + } + else + { + /* can't use precomputation */ + pre_comp = NULL; + numblocks = 1; + num_scalar = 1; /* treat 'scalar' like 'num'-th element of 'scalars' */ + } } - if (wsize == NULL || wNAF_len == NULL || wNAF == NULL) goto err; + + totalnum = num + numblocks; + + wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); + wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); + wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for pivot */ + val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); + + if (!wsize || !wNAF_len || !wNAF || !val_sub) + goto err; - /* num_val := total number of points to precompute */ + wNAF[0] = NULL; /* preliminary pivot */ + + /* num_val will be the total number of temporarily precomputed points */ num_val = 0; - for (i = 0; i < totalnum; i++) + + for (i = 0; i < num + num_scalar; i++) { size_t bits; bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); wsize[i] = EC_window_bits_for_scalar_size(bits); num_val += 1u << (wsize[i] - 1); + wNAF[i + 1] = NULL; /* make sure we always have a pivot */ + wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); + if (wNAF[i] == NULL) + goto err; + if (wNAF_len[i] > max_len) + max_len = wNAF_len[i]; + } + + if (numblocks) + { + /* we go here iff scalar != NULL */ + + if (pre_comp == NULL) + { + if (num_scalar != 1) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + /* we have already generated a wNAF for 'scalar' */ + } + else + { + signed char *tmp_wNAF = NULL; + size_t tmp_len = 0; + + if (num_scalar != 0) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + + /* use the window size for which we have precomputation */ + wsize[num] = pre_comp->w; + tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len); + if (!tmp_wNAF) + goto err; + + if (tmp_len <= max_len) + { + /* One of the other wNAFs is at least as long + * as the wNAF belonging to the generator, + * so wNAF splitting will not buy us anything. */ + + numblocks = 1; + totalnum = num + 1; /* don't use wNAF splitting */ + wNAF[num] = tmp_wNAF; + wNAF[num + 1] = NULL; + wNAF_len[num] = tmp_len; + if (tmp_len > max_len) + max_len = tmp_len; + /* pre_comp->points starts with the points that we need here: */ + val_sub[num] = pre_comp->points; + } + else + { + /* don't include tmp_wNAF directly into wNAF array + * - use wNAF splitting and include the blocks */ + + signed char *pp; + EC_POINT **tmp_points; + + if (tmp_len < numblocks * blocksize) + { + /* possibly we can do with fewer blocks than estimated */ + numblocks = (tmp_len + blocksize - 1) / blocksize; + if (numblocks > pre_comp->numblocks) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + totalnum = num + numblocks; + } + + /* split wNAF in 'numblocks' parts */ + pp = tmp_wNAF; + tmp_points = pre_comp->points; + + for (i = num; i < totalnum; i++) + { + if (i < totalnum - 1) + { + wNAF_len[i] = blocksize; + if (tmp_len < blocksize) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + tmp_len -= blocksize; + } + else + /* last block gets whatever is left + * (this could be more or less than 'blocksize'!) */ + wNAF_len[i] = tmp_len; + + wNAF[i + 1] = NULL; + wNAF[i] = OPENSSL_malloc(wNAF_len[i]); + if (wNAF[i] == NULL) + { + OPENSSL_free(tmp_wNAF); + goto err; + } + memcpy(wNAF[i], pp, wNAF_len[i]); + if (wNAF_len[i] > max_len) + max_len = wNAF_len[i]; + + if (*tmp_points == NULL) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + OPENSSL_free(tmp_wNAF); + goto err; + } + val_sub[i] = tmp_points; + tmp_points += pre_points_per_block; + pp += blocksize; + } + OPENSSL_free(tmp_wNAF); + } + } } - /* all precomputed points go into a single array 'val', - * 'val_sub[i]' is a pointer to the subarray for the i-th point */ + /* All points we precompute now go into a single array 'val'. + * 'val_sub[i]' is a pointer to the subarray for the i-th point, + * or to a subarray of 'pre_comp->points' if we already have precomputation. */ val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); if (val == NULL) goto err; val[num_val] = NULL; /* pivot element */ - val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); - if (val_sub == NULL) goto err; - /* allocate points for precomputation */ v = val; - for (i = 0; i < totalnum; i++) + for (i = 0; i < num + num_scalar; i++) { val_sub[i] = v; for (j = 0; j < (1u << (wsize[i] - 1)); j++) @@ -306,15 +584,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, goto err; } - if (ctx == NULL) - { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - } - - tmp = EC_POINT_new(group); - if (tmp == NULL) goto err; + if (!(tmp = EC_POINT_new(group))) + goto err; /* prepare precomputed values: * val_sub[i][0] := points[i] @@ -322,7 +593,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * val_sub[i][2] := 5 * points[i] * ... */ - for (i = 0; i < totalnum; i++) + for (i = 0; i < num + num_scalar; i++) { if (i < num) { @@ -341,16 +612,11 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err; } } - - wNAF[i + 1] = NULL; /* make sure we always have a pivot */ - wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); - if (wNAF[i] == NULL) goto err; - if (wNAF_len[i] > max_len) - max_len = wNAF_len[i]; } #if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */ - if (!EC_POINTs_make_affine(group, num_val, val, ctx)) goto err; + if (!EC_POINTs_make_affine(group, num_val, val, ctx)) + goto err; #endif r_is_at_infinity = 1; @@ -446,86 +712,197 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } -/* Generic multiplication method. - * If group->meth does not provide a multiplication method, default to ec_wNAF_mul; - * otherwise use the group->meth's multiplication. +/* ec_wNAF_precompute_mult() + * creates an EC_PRE_COMP object with preprecomputed multiples of the generator + * for use with wNAF splitting as implemented in ec_wNAF_mul(). + * + * 'pre_comp->points' is an array of multiples of the generator + * of the following form: + * points[0] = generator; + * points[1] = 3 * generator; + * ... + * points[2^(w-1)-1] = (2^(w-1)-1) * generator; + * points[2^(w-1)] = 2^blocksize * generator; + * points[2^(w-1)+1] = 3 * 2^blocksize * generator; + * ... + * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) * 2^(blocksize*(numblocks-2)) * generator + * points[2^(w-1)*(numblocks-1)] = 2^(blocksize*(numblocks-1)) * generator + * ... + * points[2^(w-1)*numblocks-1] = (2^(w-1)) * 2^(blocksize*(numblocks-1)) * generator + * points[2^(w-1)*numblocks] = NULL */ -int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) - { - if (group->meth->mul == 0) - return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); - else - return group->meth->mul(group, r, scalar, num, points, scalars, ctx); - } - - -int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) - { - const EC_POINT *points[1]; - const BIGNUM *scalars[1]; - - points[0] = point; - scalars[0] = p_scalar; - - return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx); - } - - int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { const EC_POINT *generator; + EC_POINT *tmp_point = NULL, *base = NULL, **var; BN_CTX *new_ctx = NULL; BIGNUM *order; + size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num; + EC_POINT **points = NULL; + EC_PRE_COMP *pre_comp; int ret = 0; + /* if there is an old EC_PRE_COMP object, throw it away */ + EC_GROUP_free_extra_data(group, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); + + if ((pre_comp = ec_pre_comp_new(group)) == NULL) + return 0; + generator = EC_GROUP_get0_generator(group); if (generator == NULL) { ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR); - return 0; + goto err; } if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) - return 0; + goto err; } BN_CTX_start(ctx); order = BN_CTX_get(ctx); if (order == NULL) goto err; - if (!EC_GROUP_get_order(group, order, ctx)) return 0; + if (!EC_GROUP_get_order(group, order, ctx)) goto err; if (BN_is_zero(order)) { ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER); goto err; } - /* TODO */ + bits = BN_num_bits(order); + /* The following parameters mean we precompute (approximately) + * one point per bit. + * + * TBD: The combination 8, 4 is perfect for 160 bits; for other + * bit lengths, other parameter combinations might provide better + * efficiency. + */ + blocksize = 8; + w = 4; + if (EC_window_bits_for_scalar_size(bits) > w) + { + /* let's not make the window too small ... */ + w = EC_window_bits_for_scalar_size(bits); + } - ret = 1; + numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */ + + pre_points_per_block = 1u << (w - 1); + num = pre_points_per_block * numblocks; /* number of points to compute and store */ + + points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1)); + if (!points) + { + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); + goto err; + } + + var = points; + var[num] = NULL; /* pivot */ + for (i = 0; i < num; i++) + { + if ((var[i] = EC_POINT_new(group)) == NULL) + { + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); + goto err; + } + } + + if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) + { + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!EC_POINT_copy(base, generator)) + goto err; + + /* do the precomputation */ + for (i = 0; i < numblocks; i++) + { + size_t j; + + if (!EC_POINT_dbl(group, tmp_point, base, ctx)) + goto err; + + if (!EC_POINT_copy(*var++, base)) + goto err; + + for (j = 1; j < pre_points_per_block; j++, var++) + { + /* calculate odd multiples of the current base point */ + if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) + goto err; + } + + if (i < numblocks - 1) + { + /* get the next base (multiply current one by 2^blocksize) */ + size_t k; + + if (blocksize <= 2) + { + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR); + goto err; + } + + if (!EC_POINT_dbl(group, base, tmp_point, ctx)) + goto err; + for (k = 2; k < blocksize; k++) + { + if (!EC_POINT_dbl(group,base,base,ctx)) + goto err; + } + } + } + + if (!EC_POINTs_make_affine(group, num, points, ctx)) + goto err; + + pre_comp->group = group; + pre_comp->blocksize = blocksize; + pre_comp->numblocks = numblocks; + pre_comp->w = w; + pre_comp->points = points; + points = NULL; + pre_comp->num = num; + + if (!EC_GROUP_set_extra_data(group, pre_comp, + ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free)) + goto err; + pre_comp = NULL; + + ret = 1; err: BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); + if (pre_comp) + ec_pre_comp_free(pre_comp); + if (points) + { + EC_POINT **p; + + for (p = points; *p != NULL; p++) + EC_POINT_free(*p); + OPENSSL_free(points); + } + if (tmp_point) + EC_POINT_free(tmp_point); + if (base) + EC_POINT_free(base); return ret; } -/* Generic multiplicaiton precomputation method. - * If group->meth does not provide a multiplication method, default to ec_wNAF_mul and do its - * precomputation; otherwise use the group->meth's precomputation if it exists. - */ -int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) +int ec_wNAF_have_precompute_mult(const EC_GROUP *group) { - if (group->meth->mul == 0) - return ec_wNAF_precompute_mult(group, ctx); - else if (group->meth->precompute_mult != 0) - return group->meth->precompute_mult(group, ctx); - else + if (EC_GROUP_get_extra_data(group, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL) return 1; + else + return 0; } diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index 36f8236864..b64fa68b56 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -93,13 +93,14 @@ const EC_METHOD *EC_GFp_mont_method(void) ec_GFp_simple_add, ec_GFp_simple_dbl, ec_GFp_simple_invert, - 0 /* mul */, - 0 /* precompute_mult */, ec_GFp_simple_is_at_infinity, ec_GFp_simple_is_on_curve, ec_GFp_simple_cmp, ec_GFp_simple_make_affine, ec_GFp_simple_points_make_affine, + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ec_GFp_mont_field_mul, ec_GFp_mont_field_sqr, 0 /* field_div */, diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index 559cb5c418..d2dbfe6743 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -72,7 +72,7 @@ const EC_METHOD *EC_GFp_nist_method(void) ec_GFp_simple_group_init, ec_GFp_simple_group_finish, ec_GFp_simple_group_clear_finish, - ec_GFp_simple_group_copy, + ec_GFp_nist_group_copy, ec_GFp_nist_group_set_curve, ec_GFp_simple_group_get_curve, ec_GFp_simple_group_get_degree, @@ -92,13 +92,14 @@ const EC_METHOD *EC_GFp_nist_method(void) ec_GFp_simple_add, ec_GFp_simple_dbl, ec_GFp_simple_invert, - 0 /* mul */, - 0 /* precompute_mult */, ec_GFp_simple_is_at_infinity, ec_GFp_simple_is_on_curve, ec_GFp_simple_cmp, ec_GFp_simple_make_affine, ec_GFp_simple_points_make_affine, + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ec_GFp_nist_field_mul, ec_GFp_nist_field_sqr, 0 /* field_div */, @@ -113,6 +114,12 @@ const EC_METHOD *EC_GFp_nist_method(void) #define NO_32_BIT_TYPE #endif +int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) + { + dest->field_mod_func = src->field_mod_func; + + return ec_GFp_simple_group_copy(dest, src); + } int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) @@ -165,21 +172,7 @@ int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, goto err; } - /* group->field */ - if (!BN_copy(&group->field, p)) goto err; - BN_set_sign(&group->field, 0); - - /* group->a */ - if (!group->field_mod_func(&group->a, a, p, ctx)) goto err; - - /* group->b */ - if (!group->field_mod_func(&group->b, b, p, ctx)) goto err; - - /* group->a_is_minus3 */ - if (!BN_add_word(tmp_bn, 3)) goto err; - group->a_is_minus3 = (0 == BN_cmp(tmp_bn, &group->field)); - - ret = 1; + ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); err: BN_CTX_end(ctx); diff --git a/crypto/ec/ecp_recp.c b/crypto/ec/ecp_recp.c index bf456dbc47..e0b28c1cfa 100644 --- a/crypto/ec/ecp_recp.c +++ b/crypto/ec/ecp_recp.c @@ -91,13 +91,14 @@ const EC_METHOD *EC_GFp_recp_method(void) ec_GFp_simple_add, ec_GFp_simple_dbl, ec_GFp_simple_invert, - 0 /* mul */, - 0 /* precompute_mult */, ec_GFp_simple_is_at_infinity, ec_GFp_simple_is_on_curve, ec_GFp_simple_cmp, ec_GFp_simple_make_affine, ec_GFp_simple_points_make_affine, + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ec_GFp_recp_field_mul, ec_GFp_recp_field_sqr, 0 /* field_div */, diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 267134af4b..1abe831a37 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -94,13 +94,14 @@ const EC_METHOD *EC_GFp_simple_method(void) ec_GFp_simple_add, ec_GFp_simple_dbl, ec_GFp_simple_invert, - 0 /* mul */, - 0 /* precompute_mult */, ec_GFp_simple_is_at_infinity, ec_GFp_simple_is_on_curve, ec_GFp_simple_cmp, ec_GFp_simple_make_affine, ec_GFp_simple_points_make_affine, + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ec_GFp_simple_field_mul, ec_GFp_simple_field_sqr, 0 /* field_div */, diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index e292da3384..e91c8fffb3 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -86,7 +86,9 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur #include <openssl/ec.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif #include <openssl/err.h> #include <openssl/obj_mac.h> #include <openssl/objects.h> @@ -1227,7 +1229,9 @@ int main(int argc, char *argv[]) /* test the internal curves */ internal_curve_test(); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); |