From: Geoff Thorpe Date: Tue, 6 Jul 2004 15:50:04 +0000 (+0000) Subject: Improve error handling if decompression of an ec point fails, and cleanup X-Git-Tag: BEN_FIPS_TEST_6~42^2~150 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ace3ebd661d01270133a0fbed7c861c0ef9aae28;p=openssl Improve error handling if decompression of an ec point fails, and cleanup ec_curve.c (unify comments, etc). Submitted by: Nils Larsch Reviewed by: Bodo Moeller, Geoff Thorpe --- diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index cbe3153e9e..acf48b9784 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -783,6 +783,7 @@ void ERR_load_BN_strings(void); #define BN_R_NOT_IMPLEMENTED 116 #define BN_R_NOT_INITIALIZED 107 #define BN_R_NO_INVERSE 108 +#define BN_R_NO_SOLUTION 117 #define BN_R_P_IS_NOT_PRIME 112 #define BN_R_TOO_MANY_ITERATIONS 113 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index 747591f9cb..b42208ae0b 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -116,6 +116,7 @@ static ERR_STRING_DATA BN_str_reasons[]= {BN_R_NOT_IMPLEMENTED ,"not implemented"}, {BN_R_NOT_INITIALIZED ,"not initialized"}, {BN_R_NO_INVERSE ,"no inverse"}, +{BN_R_NO_SOLUTION ,"no solution"}, {BN_R_P_IS_NOT_PRIME ,"p is not prime"}, {BN_R_TOO_MANY_ITERATIONS ,"too many iterations"}, {BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"}, diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 17513b1166..8a945f043f 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -988,7 +988,11 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) goto err; if (!BN_GF2m_add(w, z, w)) goto err; - if (BN_GF2m_cmp(w, a)) goto err; + if (BN_GF2m_cmp(w, a)) + { + BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION); + goto err; + } if (!BN_copy(r, z)) goto err; bn_check_top(r); diff --git a/crypto/ec/ec2_smpt.c b/crypto/ec/ec2_smpt.c index f7e3d38150..72a8d57051 100644 --- a/crypto/ec/ec2_smpt.c +++ b/crypto/ec/ec2_smpt.c @@ -77,6 +77,9 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p BIGNUM *tmp, *x, *y, *z; int ret = 0, z0; + /* clear error queue */ + ERR_clear_error(); + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); @@ -104,7 +107,19 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p if (!group->meth->field_div(group, tmp, &group->b, tmp, ctx)) goto err; if (!BN_GF2m_add(tmp, &group->a, tmp)) goto err; if (!BN_GF2m_add(tmp, x, tmp)) goto err; - if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) goto err; + if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) + { + unsigned long err = ERR_peek_last_error(); + + if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NO_SOLUTION) + { + ERR_clear_error(); + ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); + } + else + ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB); + goto err; + } z0 = (BN_is_odd(z)) ? 1 : 0; if (!group->meth->field_mul(group, y, x, z, ctx)) goto err; if (z0 != y_bit) diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index c5b54c733e..a523b206c7 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -102,7 +102,7 @@ static const EC_CURVE_DATA _EC_NIST_PRIME_192 = { "07192b95ffc8da78631011ed6b24cdd573f977a11e794811", "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1, _EC_NIST_PRIME_192_SEED, 20, - "192 bit prime curve from X9.62 and SECG" + "NIST/X9.62/SECG curve over a 192 bit prime field" }; static const unsigned char _EC_NIST_PRIME_224_SEED[] = { @@ -117,7 +117,7 @@ static const EC_CURVE_DATA _EC_NIST_PRIME_224 = { "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",1, _EC_NIST_PRIME_224_SEED, 20, - "SECG/NIST recommended curve over a 224 bit prime field" + "NIST/SECG curve over a 224 bit prime field" }; static const unsigned char _EC_NIST_PRIME_384_SEED[] = { @@ -138,7 +138,7 @@ static const EC_CURVE_DATA _EC_NIST_PRIME_384 = { "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0" "DB248B0A77AECEC196ACCC52973",1, _EC_NIST_PRIME_384_SEED, 20, - "SECG/NIST recommended curve over a 384 bit prime field" + "NIST/SECG curve over a 384 bit prime field" }; static const unsigned char _EC_NIST_PRIME_521_SEED[] = { @@ -159,7 +159,7 @@ static const EC_CURVE_DATA _EC_NIST_PRIME_521 = { "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51" "868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",1, _EC_NIST_PRIME_521_SEED, 20, - "SECG/NIST recommended curve over a 521 bit prime field" + "NIST/SECG curve over a 521 bit prime field" }; /* the x9.62 prime curves (minus the nist prime curves) */ static const unsigned char _EC_X9_62_PRIME_192V2_SEED[] = { @@ -174,7 +174,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = { "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15", "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1, _EC_X9_62_PRIME_192V2_SEED, 20, - "192 bit prime curve from X9.62" + "X9.62 curve over a 192 bit prime field" }; static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = { @@ -189,7 +189,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = { "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0", "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1, _EC_X9_62_PRIME_192V3_SEED, 20, - "192 bit prime curve from X9.62" + "X9.62 curve over a 192 bit prime field" }; static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = { @@ -204,7 +204,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = { "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae", "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1, _EC_X9_62_PRIME_239V1_SEED, 20, - "239 bit prime curve from X9.62" + "X9.62 curve over a 239 bit prime field" }; static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = { @@ -219,7 +219,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = { "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba", "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1, _EC_X9_62_PRIME_239V2_SEED, 20, - "239 bit prime curve from X9.62" + "X9.62 curve over a 239 bit prime field" }; static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = { @@ -234,7 +234,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = { "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3", "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1, _EC_X9_62_PRIME_239V3_SEED, 20, - "239 bit prime curve from X9.62" + "X9.62 curve over a 239 bit prime field" }; static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = { @@ -249,7 +249,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = { "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1, _EC_X9_62_PRIME_256V1_SEED, 20, - "256 bit prime curve from X9.62 and SECG" + "X9.62/SECG curve over a 256 bit prime field" }; /* the secg prime curves (minus the nist and x9.62 prime curves) */ static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = { @@ -264,7 +264,7 @@ static const EC_CURVE_DATA _EC_SECG_PRIME_112R1 = { "a89ce5af8724c0a23e0e0ff77500", "DB7C2ABF62E35E7628DFAC6561C5",1, _EC_SECG_PRIME_112R1_SEED, 20, - "SECG/WTLS recommended curve over a 112 bit prime field" + "SECG/WTLS curve over a 112 bit prime field" }; static const unsigned char _EC_SECG_PRIME_112R2_SEED[] = { @@ -279,7 +279,7 @@ static const EC_CURVE_DATA _EC_SECG_PRIME_112R2 = { "adcd46f5882e3747def36e956e97", "36DF0AAFD8B8D7597CA10520D04B",4, _EC_SECG_PRIME_112R2_SEED, 20, - "SECG recommended curve over a 112 bit prime field" + "SECG curve over a 112 bit prime field" }; static const unsigned char _EC_SECG_PRIME_128R1_SEED[] = { @@ -294,7 +294,7 @@ static const EC_CURVE_DATA _EC_SECG_PRIME_128R1 = { "cf5ac8395bafeb13c02da292dded7a83", "FFFFFFFE0000000075A30D1B9038A115",1, _EC_SECG_PRIME_128R1_SEED, 20, - "SECG recommended curve over a 128 bit prime field" + "SECG curve over a 128 bit prime field" }; static const unsigned char _EC_SECG_PRIME_128R2_SEED[] = { @@ -309,7 +309,7 @@ static const EC_CURVE_DATA _EC_SECG_PRIME_128R2 = { "27b6916a894d3aee7106fe805fc34b44", "3FFFFFFF7FFFFFFFBE0024720613B5A3",4, _EC_SECG_PRIME_128R2_SEED, 20, - "SECG recommended curve over a 128 bit prime field" + "SECG curve over a 128 bit prime field" }; static const EC_CURVE_DATA _EC_SECG_PRIME_160K1 = { @@ -321,7 +321,7 @@ static const EC_CURVE_DATA _EC_SECG_PRIME_160K1 = { "938cf935318fdced6bc28286531733c3f03c4fee", "0100000000000000000001B8FA16DFAB9ACA16B6B3",1, NULL, 0, - "SECG recommended curve over a 160 bit prime field" + "SECG curve over a 160 bit prime field" }; static const unsigned char _EC_SECG_PRIME_160R1_SEED[] = { @@ -336,7 +336,7 @@ static const EC_CURVE_DATA _EC_SECG_PRIME_160R1 = { "23a628553168947d59dcc912042351377ac5fb32", "0100000000000000000001F4C8F927AED3CA752257",1, _EC_SECG_PRIME_160R1_SEED, 20, - "SECG recommended curve over a 160 bit prime field" + "SECG curve over a 160 bit prime field" }; static const unsigned char _EC_SECG_PRIME_160R2_SEED[] = { @@ -351,7 +351,7 @@ static const EC_CURVE_DATA _EC_SECG_PRIME_160R2 = { "feaffef2e331f296e071fa0df9982cfea7d43f2e", "0100000000000000000000351EE786A818F3A1A16B",1, _EC_SECG_PRIME_160R2_SEED, 20, - "SECG/WTLS recommended curve over a 160 bit prime field" + "SECG/WTLS curve over a 160 bit prime field" }; static const EC_CURVE_DATA _EC_SECG_PRIME_192K1 = { @@ -363,7 +363,7 @@ static const EC_CURVE_DATA _EC_SECG_PRIME_192K1 = { "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d", "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",1, NULL, 20, - "SECG recommended curve over a 192 bit prime field" + "SECG curve over a 192 bit prime field" }; static const EC_CURVE_DATA _EC_SECG_PRIME_224K1 = { @@ -375,7 +375,7 @@ static const EC_CURVE_DATA _EC_SECG_PRIME_224K1 = { "7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5", "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",1, NULL, 20, - "SECG recommended curve over a 224 bit prime field" + "SECG curve over a 224 bit prime field" }; static const EC_CURVE_DATA _EC_SECG_PRIME_256K1 = { @@ -387,7 +387,7 @@ static const EC_CURVE_DATA _EC_SECG_PRIME_256K1 = { "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",1, NULL, 20, - "SECG recommended curve over a 256 bit prime field" + "SECG curve over a 256 bit prime field" }; /* some wap/wtls curves */ @@ -400,7 +400,7 @@ static const EC_CURVE_DATA _EC_WTLS_8 = { "2", "0100000000000001ECEA551AD837E9",1, NULL, 20, - "112 bit prime curve from the WTLS standard" + "WTLS curve over a 112 bit prime field" }; static const EC_CURVE_DATA _EC_WTLS_9 = { @@ -412,7 +412,7 @@ static const EC_CURVE_DATA _EC_WTLS_9 = { "2", "0100000000000000000001CDC98AE0E2DE574ABF33",1, NULL, 20, - "160 bit prime curve from the WTLS standard" + "WTLS curve over a 160 bit prime field" }; static const EC_CURVE_DATA _EC_WTLS_12 = { @@ -424,7 +424,7 @@ static const EC_CURVE_DATA _EC_WTLS_12 = { "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1, NULL, 0, - "224 bit prime curve from the WTLS standard" + "WTLS curvs over a 224 bit prime field" }; /* characteristic two curves */ @@ -440,7 +440,7 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_113R1 = { "00A52830277958EE84D1315ED31886", "0100000000000000D9CCEC8A39E56F", 2, _EC_SECG_CHAR2_113R1_SEED, 20, - "SECG recommended curve over a 113 bit binary field" + "SECG curve over a 113 bit binary field" }; static const unsigned char _EC_SECG_CHAR2_113R2_SEED[] = { @@ -455,7 +455,7 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_113R2 = { "00B3ADC94ED1FE674C06E695BABA1D", "010000000000000108789B2496AF93", 2, _EC_SECG_CHAR2_113R2_SEED, 20, - "SECG recommended curve over a 113 bit binary field" + "SECG curve over a 113 bit binary field" }; static const unsigned char _EC_SECG_CHAR2_131R1_SEED[] = { @@ -470,7 +470,7 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_131R1 = { "078C6E7EA38C001F73C8134B1B4EF9E150", "0400000000000000023123953A9464B54D", 2, _EC_SECG_CHAR2_131R1_SEED, 20, - "SECG/WTLS recommended curve over a 131 bit binary field" + "SECG/WTLS curve over a 131 bit binary field" }; static const unsigned char _EC_SECG_CHAR2_131R2_SEED[] = { @@ -485,10 +485,10 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_131R2 = { "0648F06D867940A5366D9E265DE9EB240F", "0400000000000000016954A233049BA98F", 2, _EC_SECG_CHAR2_131R2_SEED, 20, - "SECG recommended curve over a 131 bit binary field" + "SECG curve over a 131 bit binary field" }; -static const EC_CURVE_DATA _EC_SECG_CHAR2_163K1 = { +static const EC_CURVE_DATA _EC_NIST_CHAR2_163K = { NID_X9_62_characteristic_two_field, "0800000000000000000000000000000000000000C9", "1", @@ -497,7 +497,7 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_163K1 = { "0289070FB05D38FF58321F2E800536D538CCDAA3D9", "04000000000000000000020108A2E0CC0D99F8A5EF", 2, NULL, 0, - "\n\tSECG/NIST/WTLS recommended curve over a 163 bit binary field" + "NIST/SECG/WTLS curve over a 163 bit binary field" }; static const unsigned char _EC_SECG_CHAR2_163R1_SEED[] = { @@ -520,13 +520,13 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_163R1 = { #else NULL, 0, #endif - "SECG recommended curve over a 163 bit binary field" + "SECG curve over a 163 bit binary field" }; -static const unsigned char _EC_SECG_CHAR2_163R2_SEED[] = { +static const unsigned char _EC_NIST_CHAR2_163B_SEED[] = { 0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12, 0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_163R2 ={ +static const EC_CURVE_DATA _EC_NIST_CHAR2_163B ={ NID_X9_62_characteristic_two_field, "0800000000000000000000000000000000000000C9", "1", @@ -538,11 +538,11 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_163R2 ={ * basis representation (and not the polynomial representation used here) */ #if 0 - _EC_SECG_CHAR2_163R2_SEED, 20, + _EC_NIST_CHAR2_163B_SEED, 20, #else NULL, 0, #endif - "SECG/NIST recommended curve over a 163 bit binary field" + "NIST/SECG curve over a 163 bit binary field" }; static const unsigned char _EC_SECG_CHAR2_193R1_SEED[] = { @@ -557,7 +557,7 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_193R1 = { "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", "01000000000000000000000000C7F34A778F443ACC920EBA49", 2, _EC_SECG_CHAR2_193R1_SEED, 20, - "SECG recommended curve over a 193 bit binary field" + "SECG curve over a 193 bit binary field" }; static const unsigned char _EC_SECG_CHAR2_193R2_SEED[] = { @@ -572,10 +572,10 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_193R2 = { "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", "010000000000000000000000015AAB561B005413CCD4EE99D5", 2, _EC_SECG_CHAR2_193R2_SEED, 20, - "SECG recommended curve over a 193 bit binary field" + "SECG curve over a 193 bit binary field" }; -static const EC_CURVE_DATA _EC_SECG_CHAR2_233K1 = { +static const EC_CURVE_DATA _EC_NIST_CHAR2_233K = { NID_X9_62_characteristic_two_field, "020000000000000000000000000000000000000004000000000000000001", "0", @@ -584,13 +584,13 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_233K1 = { "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4, NULL, 0, - "\n\tSECG/NIST/WTLS recommended curve over a 233 bit binary field" + "NIST/SECG/WTLS curve over a 233 bit binary field" }; -static const unsigned char _EC_SECG_CHAR2_233R1_SEED[] = { +static const unsigned char _EC_NIST_CHAR2_233B_SEED[] = { 0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1, 0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_233R1 = { +static const EC_CURVE_DATA _EC_NIST_CHAR2_233B = { NID_X9_62_characteristic_two_field, "020000000000000000000000000000000000000004000000000000000001", "000000000000000000000000000000000000000000000000000000000001", @@ -598,8 +598,8 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_233R1 = { "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2, - _EC_SECG_CHAR2_233R1_SEED, 20, - "\n\tSECG/NIST/WTLS recommended curve over a 233 bit binary field" + _EC_NIST_CHAR2_233B_SEED, 20, + "NIST/SECG/WTLS curve over a 233 bit binary field" }; static const EC_CURVE_DATA _EC_SECG_CHAR2_239K1 = { @@ -611,10 +611,10 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_239K1 = { "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4, NULL, 0, - "SECG recommended curve over a 239 bit binary field" + "SECG curve over a 239 bit binary field" }; -static const EC_CURVE_DATA _EC_SECG_CHAR2_283K1 = { +static const EC_CURVE_DATA _EC_NIST_CHAR2_283K = { NID_X9_62_characteristic_two_field, "080000000000000000000000000000000000000000000000000000000000000000001" "0A1", @@ -627,13 +627,13 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_283K1 = { "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163" "C61", 4, NULL, 20, - "SECG/NIST recommended curve over a 283 bit binary field" + "NIST/SECG curve over a 283 bit binary field" }; -static const unsigned char _EC_SECG_CHAR2_283R1_SEED[] = { +static const unsigned char _EC_NIST_CHAR2_283B_SEED[] = { 0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D, 0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_283R1 = { +static const EC_CURVE_DATA _EC_NIST_CHAR2_283B = { NID_X9_62_characteristic_two_field, "080000000000000000000000000000000000000000000000000000000000000000001" "0A1", @@ -647,11 +647,11 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_283R1 = { "2F4", "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB" "307", 2, - _EC_SECG_CHAR2_283R1_SEED, 20, - "SECG/NIST recommended curve over a 283 bit binary field" + _EC_NIST_CHAR2_283B_SEED, 20, + "NIST/SECG curve over a 283 bit binary field" }; -static const EC_CURVE_DATA _EC_SECG_CHAR2_409K1 = { +static const EC_CURVE_DATA _EC_NIST_CHAR2_409K = { NID_X9_62_characteristic_two_field, "020000000000000000000000000000000000000000000000000000000000000000000" "00000000000008000000000000000000001", @@ -664,13 +664,13 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_409K1 = { "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400" "EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4, NULL, 0, - "SECG/NIST recommended curve over a 409 bit binary field" + "NIST/SECG curve over a 409 bit binary field" }; -static const unsigned char _EC_SECG_CHAR2_409R1_SEED[] = { +static const unsigned char _EC_NIST_CHAR2_409B_SEED[] = { 0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21, 0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_409R1 = { +static const EC_CURVE_DATA _EC_NIST_CHAR2_409B = { NID_X9_62_characteristic_two_field, "020000000000000000000000000000000000000000000000000000000000000000000" "00000000000008000000000000000000001", @@ -684,11 +684,11 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_409R1 = { "F1FDF4B4F40D2181B3681C364BA0273C706", "010000000000000000000000000000000000000000000000000001E2AAD6A612F3330" "7BE5FA47C3C9E052F838164CD37D9A21173", 2, - _EC_SECG_CHAR2_409R1_SEED, 20, - "SECG/NIST recommended curve over a 409 bit binary field" + _EC_NIST_CHAR2_409B_SEED, 20, + "NIST/SECG curve over a 409 bit binary field" }; -static const EC_CURVE_DATA _EC_SECG_CHAR2_571K1 = { +static const EC_CURVE_DATA _EC_NIST_CHAR2_571K = { NID_X9_62_characteristic_two_field, "800000000000000000000000000000000000000000000000000000000000000000000" "000000000000000000000000000000000000000000000000000000000000000000000" @@ -705,13 +705,13 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_571K1 = { "000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63" "7C1001", 4, NULL, 0, - "SECG/NIST recommended curve over a 571 bit binary field" + "NIST/SECG curve over a 571 bit binary field" }; -static const unsigned char _EC_SECG_CHAR2_571R1_SEED[] = { +static const unsigned char _EC_NIST_CHAR2_571B_SEED[] = { 0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B, 0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10}; -static const EC_CURVE_DATA _EC_SECG_CHAR2_571R1 = { +static const EC_CURVE_DATA _EC_NIST_CHAR2_571B = { NID_X9_62_characteristic_two_field, "800000000000000000000000000000000000000000000000000000000000000000000" "000000000000000000000000000000000000000000000000000000000000000000000" @@ -731,8 +731,8 @@ static const EC_CURVE_DATA _EC_SECG_CHAR2_571R1 = { "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F" "E84E47", 2, - _EC_SECG_CHAR2_571R1_SEED, 20, - "SECG/NIST recommended curve over a 571 bit binary field" + _EC_NIST_CHAR2_571B_SEED, 20, + "NIST/SECG curve over a 571 bit binary field" }; static const unsigned char _EC_X9_62_CHAR2_163V1_SEED[] = { @@ -747,7 +747,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V1 = { "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", "0400000000000000000001E60FC8821CC74DAEAFC1", 2, _EC_X9_62_CHAR2_163V1_SEED, 20, - "163 bit binary curve from X9.62" + "X9.62 curve over a 163 bit binary field" }; static const unsigned char _EC_X9_62_CHAR2_163V2_SEED[] = { @@ -762,7 +762,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V2 = { "079F684DDF6684C5CD258B3890021B2386DFD19FC5", "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2, _EC_X9_62_CHAR2_163V2_SEED, 20, - "163 bit binary curve from X9.62" + "X9.62 curve over a 163 bit binary field" }; static const unsigned char _EC_X9_62_CHAR2_163V3_SEED[] = { @@ -777,7 +777,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V3 = { "05B935590C155E17EA48EB3FF3718B893DF59A05D0", "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2, _EC_X9_62_CHAR2_163V3_SEED, 20, - "163 bit binary curve from X9.62" + "X9.62 curve over a 163 bit binary field" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = { @@ -789,7 +789,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = { "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E, NULL, 0, - "176 bit binary curve from X9.62" + "X9.62 curve over a 176 bit binary field" }; static const unsigned char _EC_X9_62_CHAR2_191V1_SEED[] = { @@ -804,7 +804,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V1 = { "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", "40000000000000000000000004A20E90C39067C893BBB9A5", 2, _EC_X9_62_CHAR2_191V1_SEED, 20, - "191 bit binary curve from X9.62" + "X9.62 curve over a 191 bit binary field" }; static const unsigned char _EC_X9_62_CHAR2_191V2_SEED[] = { @@ -819,7 +819,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V2 = { "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", "20000000000000000000000050508CB89F652824E06B8173", 4, _EC_X9_62_CHAR2_191V2_SEED, 20, - "191 bit binary curve from X9.62" + "X9.62 curve over a 191 bit binary field" }; static const unsigned char _EC_X9_62_CHAR2_191V3_SEED[] = { @@ -834,7 +834,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V3 = { "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", "155555555555555555555555610C0B196812BFB6288A3EA3", 6, _EC_X9_62_CHAR2_191V3_SEED, 20, - "191 bit binary curve from X9.62" + "X9.62 curve over a 191 bit binary field" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = { @@ -846,7 +846,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = { "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48, NULL, 0, - "208 bit binary curve from X9.62" + "X9.62 curve over a 208 bit binary field" }; static const unsigned char _EC_X9_62_CHAR2_239V1_SEED[] = { @@ -861,7 +861,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V1 = { "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4, _EC_X9_62_CHAR2_239V1_SEED, 20, - "239 bit binary curve from X9.62" + "X9.62 curve over a 239 bit binary field" }; static const unsigned char _EC_X9_62_CHAR2_239V2_SEED[] = { @@ -876,7 +876,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V2 = { "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6, _EC_X9_62_CHAR2_239V2_SEED, 20, - "239 bit binary curve from X9.62" + "X9.62 curve over a 239 bit binary field" }; static const unsigned char _EC_X9_62_CHAR2_239V3_SEED[] = { @@ -891,7 +891,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V3 = { "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA, _EC_X9_62_CHAR2_239V3_SEED, 20, - "239 bit binary curve from X9.62" + "X9.62 curve over a 239 bit binary field" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = { @@ -905,7 +905,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = { "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", 0xFF06, NULL, 0, - "272 bit binary curve from X9.62" + "X9.62 curve over a 272 bit binary field" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = { @@ -923,7 +923,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = { "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164" "443051D", 0xFE2E, NULL, 0, - "304 bit binary curve from X9.62" + "X9.62 curve over a 304 bit binary field" }; static const unsigned char _EC_X9_62_CHAR2_359V1_SEED[] = { @@ -944,7 +944,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_359V1 = { "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9" "64FE7719E74F490758D3B", 0x4C, _EC_X9_62_CHAR2_359V1_SEED, 20, - "359 bit binary curve from X9.62" + "X9.62 curve over a 359 bit binary field" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = { @@ -962,7 +962,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = { "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90" "9AE40A6F131E9CFCE5BD967", 0xFF70, NULL, 0, - "368 bit binary curve from X9.62" + "X9.62 curve over a 368 bit binary field" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = { @@ -980,7 +980,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = { "0340340340340340340340340340340340340340340340340340340323C313FAB5058" "9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760, NULL, 0, - "431 bit binary curve from X9.62" + "X9.62 curve over a 431 bit binary field" }; static const EC_CURVE_DATA _EC_WTLS_1 = { @@ -992,7 +992,7 @@ static const EC_CURVE_DATA _EC_WTLS_1 = { "00F44B4AF1ECC2630E08785CEBCC15", "00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2, NULL, 0, - "113 bit binary curve from the WTLS standard" + "WTLS curve over a 113 bit binary field" }; /* IPSec curves */ @@ -1064,25 +1064,25 @@ static const ec_list_element curve_list[] = { { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3}, { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1}, /* characteristic two field curves */ - /* secg curves */ + /* NIST/SECG curves */ { NID_sect113r1, &_EC_SECG_CHAR2_113R1}, { NID_sect113r2, &_EC_SECG_CHAR2_113R2}, { NID_sect131r1, &_EC_SECG_CHAR2_131R1}, { NID_sect131r2, &_EC_SECG_CHAR2_131R2}, - { NID_sect163k1, &_EC_SECG_CHAR2_163K1}, + { NID_sect163k1, &_EC_NIST_CHAR2_163K }, { NID_sect163r1, &_EC_SECG_CHAR2_163R1}, - { NID_sect163r2, &_EC_SECG_CHAR2_163R2}, + { NID_sect163r2, &_EC_NIST_CHAR2_163B }, { NID_sect193r1, &_EC_SECG_CHAR2_193R1}, { NID_sect193r2, &_EC_SECG_CHAR2_193R2}, - { NID_sect233k1, &_EC_SECG_CHAR2_233K1}, - { NID_sect233r1, &_EC_SECG_CHAR2_233R1}, + { NID_sect233k1, &_EC_NIST_CHAR2_233K }, + { NID_sect233r1, &_EC_NIST_CHAR2_233B }, { NID_sect239k1, &_EC_SECG_CHAR2_239K1}, - { NID_sect283k1, &_EC_SECG_CHAR2_283K1}, - { NID_sect283r1, &_EC_SECG_CHAR2_283R1}, - { NID_sect409k1, &_EC_SECG_CHAR2_409K1}, - { NID_sect409r1, &_EC_SECG_CHAR2_409R1}, - { NID_sect571k1, &_EC_SECG_CHAR2_571K1}, - { NID_sect571r1, &_EC_SECG_CHAR2_571R1}, + { NID_sect283k1, &_EC_NIST_CHAR2_283K }, + { NID_sect283r1, &_EC_NIST_CHAR2_283B }, + { NID_sect409k1, &_EC_NIST_CHAR2_409K }, + { NID_sect409r1, &_EC_NIST_CHAR2_409B }, + { NID_sect571k1, &_EC_NIST_CHAR2_571K }, + { NID_sect571r1, &_EC_NIST_CHAR2_571B }, /* X9.62 curves */ { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1}, { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2}, @@ -1102,15 +1102,15 @@ static const ec_list_element curve_list[] = { { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1}, /* the WAP/WTLS curves */ { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1}, - { NID_wap_wsg_idm_ecid_wtls3, &_EC_SECG_CHAR2_163K1}, + { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K}, { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1}, { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1}, { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1}, { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2}, { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8}, { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9 }, - { NID_wap_wsg_idm_ecid_wtls10, &_EC_SECG_CHAR2_233K1}, - { NID_wap_wsg_idm_ecid_wtls11, &_EC_SECG_CHAR2_233R1}, + { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K}, + { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B}, { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12}, /* IPSec curves */ { NID_ipsec3, &_EC_IPSEC_155_ID3}, diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 9937719520..87ebf7b89e 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -640,6 +640,9 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *po BIGNUM *tmp1, *tmp2, *x, *y; int ret = 0; + /* clear error queue*/ + ERR_clear_error(); + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); @@ -711,11 +714,11 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *po if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) { - unsigned long err = ERR_peek_error(); + unsigned long err = ERR_peek_last_error(); if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) { - (void)ERR_get_error(); + ERR_clear_error(); ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); } else