ec/ecp_nistp*.c: fix SEGVs.

author Andy Polyakov <appro@openssl.org>

Fri, 13 Mar 2015 10:28:16 +0000 (11:28 +0100)

committer Andy Polyakov <appro@openssl.org>

Mon, 20 Apr 2015 12:45:21 +0000 (14:45 +0200)
author Andy Polyakov <appro@openssl.org>
Fri, 13 Mar 2015 10:28:16 +0000 (11:28 +0100)
committer Andy Polyakov <appro@openssl.org>
Mon, 20 Apr 2015 12:45:21 +0000 (14:45 +0200)
diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c

index 76adc8a6d1f3f984117906ba7e7b903943d35663..dbc151cf7cd7acc51cfc37fbed791610f2444705 100644 (file)
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
@@ -1343,8 +1343,8 @@ int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group,
                EC_R_POINT_AT_INFINITY);
          return 0;
      }
-    if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
-        (!BN_to_felem(z1, &point->Z)))
+    if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+        (!BN_to_felem(z1, point->Z)))
          return 0;
      felem_inv(z2, z1);
      felem_square(tmp, z2);
@@ -1525,7 +1525,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
                       * this is an unusual input, and we don't guarantee
                       * constant-timeness
                       */
-                    if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
+                    if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
                          ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
                          goto err;
                      }
@@ -1534,9 +1534,9 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
                      num_bytes = BN_bn2bin(p_scalar, tmp);
                  flip_endian(secrets[i], tmp, num_bytes);
                  /* precompute multiples */
-                if ((!BN_to_felem(x_out, &p->X)) ||
-                    (!BN_to_felem(y_out, &p->Y)) ||
-                    (!BN_to_felem(z_out, &p->Z)))
+                if ((!BN_to_felem(x_out, p->X)) ||
+                    (!BN_to_felem(y_out, p->Y)) ||
+                    (!BN_to_felem(z_out, p->Z)))
                      goto err;
                  felem_assign(pre_comp[i][1][0], x_out);
                  felem_assign(pre_comp[i][1][1], y_out);
@@ -1571,7 +1571,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
               * this is an unusual input, and we don't guarantee
               * constant-timeness
               */
-            if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
+            if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
                  ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
                  goto err;
              }
@@ -1654,9 +1654,9 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
          ret = 1;
          goto err;
      }
-    if ((!BN_to_felem(pre->g_pre_comp[0][1][0], &group->generator->X)) ||
-        (!BN_to_felem(pre->g_pre_comp[0][1][1], &group->generator->Y)) ||
-        (!BN_to_felem(pre->g_pre_comp[0][1][2], &group->generator->Z)))
+    if ((!BN_to_felem(pre->g_pre_comp[0][1][0], group->generator->X)) ||
+        (!BN_to_felem(pre->g_pre_comp[0][1][1], group->generator->Y)) ||
+        (!BN_to_felem(pre->g_pre_comp[0][1][2], group->generator->Z)))
          goto err;
      /*
       * compute 2^56*G, 2^112*G, 2^168*G for the first table, 2^28*G, 2^84*G,
diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c

index 794520e99abaff67a25cc0e2fe3e73219d28d836..b42e96a8149c5f374153c6a66ea9679a47221c61 100644 (file)
--- a/crypto/ec/ecp_nistp256.c
+++ b/crypto/ec/ecp_nistp256.c
@@ -1930,8 +1930,8 @@ int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group,
                EC_R_POINT_AT_INFINITY);
          return 0;
      }
-    if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
-        (!BN_to_felem(z1, &point->Z)))
+    if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+        (!BN_to_felem(z1, point->Z)))
          return 0;
      felem_inv(z2, z1);
      felem_square(tmp, z2);
@@ -2114,7 +2114,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
                       * this is an unusual input, and we don't guarantee
                       * constant-timeness
                       */
-                    if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
+                    if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
                          ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
                          goto err;
                      }
@@ -2123,9 +2123,9 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
                      num_bytes = BN_bn2bin(p_scalar, tmp);
                  flip_endian(secrets[i], tmp, num_bytes);
                  /* precompute multiples */
-                if ((!BN_to_felem(x_out, &p->X)) ||
-                    (!BN_to_felem(y_out, &p->Y)) ||
-                    (!BN_to_felem(z_out, &p->Z)))
+                if ((!BN_to_felem(x_out, p->X)) ||
+                    (!BN_to_felem(y_out, p->Y)) ||
+                    (!BN_to_felem(z_out, p->Z)))
                      goto err;
                  felem_shrink(pre_comp[i][1][0], x_out);
                  felem_shrink(pre_comp[i][1][1], y_out);
@@ -2162,7 +2162,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
               * this is an unusual input, and we don't guarantee
               * constant-timeness
               */
-            if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
+            if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
                  ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
                  goto err;
              }
@@ -2246,9 +2246,9 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
          ret = 1;
          goto err;
      }
-    if ((!BN_to_felem(x_tmp, &group->generator->X)) ||
-        (!BN_to_felem(y_tmp, &group->generator->Y)) ||
-        (!BN_to_felem(z_tmp, &group->generator->Z)))
+    if ((!BN_to_felem(x_tmp, group->generator->X)) ||
+        (!BN_to_felem(y_tmp, group->generator->Y)) ||
+        (!BN_to_felem(z_tmp, group->generator->Z)))
          goto err;
      felem_shrink(pre->g_pre_comp[0][1][0], x_tmp);
      felem_shrink(pre->g_pre_comp[0][1][1], y_tmp);
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c

index 7ceb1bcbfa40a2d1536fdb5aa5e516c91bfd53c9..8d2c74adeeff9b03dee9f6d214ba02b3d2867e1b 100644 (file)
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -1743,8 +1743,8 @@ int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group,
                EC_R_POINT_AT_INFINITY);
          return 0;
      }
-    if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) ||
-        (!BN_to_felem(z1, &point->Z)))
+    if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+        (!BN_to_felem(z1, point->Z)))
          return 0;
      felem_inv(z2, z1);
      felem_square(tmp, z2);
@@ -1928,7 +1928,7 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
                       * this is an unusual input, and we don't guarantee
                       * constant-timeness
                       */
-                    if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) {
+                    if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
                          ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
                          goto err;
                      }
@@ -1937,9 +1937,9 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
                      num_bytes = BN_bn2bin(p_scalar, tmp);
                  flip_endian(secrets[i], tmp, num_bytes);
                  /* precompute multiples */
-                if ((!BN_to_felem(x_out, &p->X)) ||
-                    (!BN_to_felem(y_out, &p->Y)) ||
-                    (!BN_to_felem(z_out, &p->Z)))
+                if ((!BN_to_felem(x_out, p->X)) ||
+                    (!BN_to_felem(y_out, p->Y)) ||
+                    (!BN_to_felem(z_out, p->Z)))
                      goto err;
                  memcpy(pre_comp[i][1][0], x_out, sizeof(felem));
                  memcpy(pre_comp[i][1][1], y_out, sizeof(felem));
@@ -1974,7 +1974,7 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
               * this is an unusual input, and we don't guarantee
               * constant-timeness
               */
-            if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) {
+            if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
                  ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
                  goto err;
              }
@@ -2058,9 +2058,9 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
          ret = 1;
          goto err;
      }
-    if ((!BN_to_felem(pre->g_pre_comp[1][0], &group->generator->X)) ||
-        (!BN_to_felem(pre->g_pre_comp[1][1], &group->generator->Y)) ||
-        (!BN_to_felem(pre->g_pre_comp[1][2], &group->generator->Z)))
+    if ((!BN_to_felem(pre->g_pre_comp[1][0], group->generator->X)) ||
+        (!BN_to_felem(pre->g_pre_comp[1][1], group->generator->Y)) ||
+        (!BN_to_felem(pre->g_pre_comp[1][2], group->generator->Z)))
          goto err;
      /* compute 2^130*G, 2^260*G, 2^390*G */
      for (i = 1; i <= 4; i <<= 1) {
author	Andy Polyakov <appro@openssl.org>
	Fri, 13 Mar 2015 10:28:16 +0000 (11:28 +0100)
committer	Andy Polyakov <appro@openssl.org>
	Mon, 20 Apr 2015 12:45:21 +0000 (14:45 +0200)
crypto/ec/ecp_nistp224.c		patch \| blob \| history
crypto/ec/ecp_nistp256.c		patch \| blob \| history
crypto/ec/ecp_nistp521.c		patch \| blob \| history