diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2023-06-24 17:49:45 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2023-06-24 17:49:45 +0000 |
| commit | 6ab8500e66c1daa5a60d8b15a707a46ebe1f8972 (patch) | |
| tree | c622ceafe1112d903ef7e7bd7b7b98508c4d8358 /lib | |
| parent | 7164fac7152c7dd42598f4f39ee812820f2afbed (diff) | |
Mop up EC_GROUP precomp machinery.
Since there are now no EC implementations that perform pre-computation at
the EC_GROUP level, remove all of the precomp machinery, including the
extra_data EC_GROUP member.
The ec_wNAF_mul() code is horrific - simply cut out the precomp code,
rather than trying to rewrite it (that's a project for another day).
ok tb@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libcrypto/ec/ec_lib.c | 20 | ||||
| -rw-r--r-- | lib/libcrypto/ec/ec_local.h | 4 | ||||
| -rw-r--r-- | lib/libcrypto/ec/ec_mult.c | 238 |
3 files changed, 10 insertions, 252 deletions
diff --git a/lib/libcrypto/ec/ec_lib.c b/lib/libcrypto/ec/ec_lib.c index 817b0239be5..93a90651290 100644 --- a/lib/libcrypto/ec/ec_lib.c +++ b/lib/libcrypto/ec/ec_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_lib.c,v 1.58 2023/06/20 14:37:15 tb Exp $ */ +/* $OpenBSD: ec_lib.c,v 1.59 2023/06/24 17:49:44 jsing Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -93,8 +93,6 @@ EC_GROUP_new(const EC_METHOD *meth) } ret->meth = meth; - ret->extra_data = NULL; - ret->generator = NULL; BN_init(&ret->order); BN_init(&ret->cofactor); @@ -123,8 +121,6 @@ EC_GROUP_free(EC_GROUP *group) if (group->meth->group_finish != NULL) group->meth->group_finish(group); - EC_EX_DATA_clear_free_all_data(&group->extra_data); - EC_POINT_free(group->generator); BN_free(&group->order); BN_free(&group->cofactor); @@ -142,8 +138,6 @@ EC_GROUP_clear_free(EC_GROUP *group) int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) { - EC_EXTRA_DATA *d; - if (dest->meth->group_copy == NULL) { ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -155,18 +149,6 @@ EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) if (dest == src) return 1; - EC_EX_DATA_free_all_data(&dest->extra_data); - - for (d = src->extra_data; d != NULL; d = d->next) { - void *t = d->dup_func(d->data); - - if (t == NULL) - return 0; - if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, - d->free_func, d->clear_free_func)) - return 0; - } - if (src->generator != NULL) { if (dest->generator == NULL) { dest->generator = EC_POINT_new(dest); diff --git a/lib/libcrypto/ec/ec_local.h b/lib/libcrypto/ec/ec_local.h index d178665c1fe..c0689a3c3e6 100644 --- a/lib/libcrypto/ec/ec_local.h +++ b/lib/libcrypto/ec/ec_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_local.h,v 1.15 2023/06/24 17:18:15 jsing Exp $ */ +/* $OpenBSD: ec_local.h,v 1.16 2023/06/24 17:49:44 jsing Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -209,8 +209,6 @@ struct ec_group_st { * if they appear to be generic. */ - EC_EXTRA_DATA *extra_data; - /* * Field specification. For GF(p) this is the modulus; for GF(2^m), * this is the irreducible polynomial defining the field. diff --git a/lib/libcrypto/ec/ec_mult.c b/lib/libcrypto/ec/ec_mult.c index 61428eb142c..a0e97437bb6 100644 --- a/lib/libcrypto/ec/ec_mult.c +++ b/lib/libcrypto/ec/ec_mult.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_mult.c,v 1.30 2023/06/24 17:18:15 jsing Exp $ */ +/* $OpenBSD: ec_mult.c,v 1.31 2023/06/24 17:49:44 jsing Exp $ */ /* * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. */ @@ -67,7 +67,6 @@ #include "ec_local.h" - /* * This file implements the wNAF-based interleaving multi-exponentation method * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>); @@ -75,91 +74,6 @@ * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp>). */ - - - -/* structure for precomputed multiples of the generator */ -typedef struct ec_pre_comp_st { - const EC_GROUP *group; /* parent EC_GROUP object */ - size_t blocksize; /* block size for wNAF splitting */ - size_t numblocks; /* max. number of blocks for which we have - * precomputation */ - size_t w; /* window size */ - EC_POINT **points; /* array with pre-calculated multiples of - * generator: 'num' pointers to EC_POINT - * objects followed by a NULL */ - size_t num; /* numblocks * 2^(w-1) */ - int references; -} EC_PRE_COMP; - -/* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */ -static void *ec_pre_comp_dup(void *); -static void ec_pre_comp_free(void *); -static void ec_pre_comp_clear_free(void *); - -static void * -ec_pre_comp_dup(void *src_) -{ - EC_PRE_COMP *src = src_; - - /* no need to actually copy, these objects never change! */ - - CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); - - return src_; -} - -static void -ec_pre_comp_free(void *pre_) -{ - int i; - EC_PRE_COMP *pre = pre_; - - if (!pre) - return; - - i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); - if (i > 0) - return; - - if (pre->points) { - EC_POINT **p; - - for (p = pre->points; *p != NULL; p++) - EC_POINT_free(*p); - free(pre->points); - } - free(pre); -} - -static void -ec_pre_comp_clear_free(void *pre_) -{ - int i; - EC_PRE_COMP *pre = pre_; - - if (!pre) - return; - - i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); - if (i > 0) - return; - - if (pre->points) { - EC_POINT **p; - - for (p = pre->points; *p != NULL; p++) { - EC_POINT_free(*p); - explicit_bzero(p, sizeof *p); - } - free(pre->points); - } - freezero(pre, sizeof *pre); -} - - - - /* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. * This is an array r[] of values that are either zero or odd with an * absolute value less than 2^w satisfying @@ -315,8 +229,7 @@ ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *generator = NULL; EC_POINT *tmp = NULL; size_t totalnum; - size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */ - size_t pre_points_per_block = 0; + size_t numblocks = 0; /* for wNAF splitting */ size_t i, j; int k; int r_is_inverted = 0; @@ -331,7 +244,6 @@ ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, EC_POINT **v; EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or * 'pre_comp->points' */ - const EC_PRE_COMP *pre_comp = NULL; int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be * treated like other scalars, i.e. * precomputation is not available */ @@ -357,42 +269,10 @@ ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, ECerror(EC_R_UNDEFINED_GENERATOR); goto err; } - /* look if we can use precomputed multiples of generator */ - - pre_comp = EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); - - if (pre_comp && pre_comp->numblocks && - (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0)) { - blocksize = pre_comp->blocksize; - - /* - * determine maximum number of blocks that wNAF - * splitting may yield (NB: maximum wNAF length is - * bit length plus one) - */ - numblocks = (BN_num_bits(scalar) / blocksize) + 1; - /* - * we cannot use more blocks than we have - * precomputation for - */ - if (numblocks > pre_comp->numblocks) - numblocks = pre_comp->numblocks; - - pre_points_per_block = (size_t) 1 << (pre_comp->w - 1); - - /* check that pre_comp looks sane */ - if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) { - ECerror(ERR_R_INTERNAL_ERROR); - goto err; - } - } else { - /* can't use precomputation */ - pre_comp = NULL; - numblocks = 1; - num_scalar = 1; /* treat 'scalar' like 'num'-th - * element of 'scalars' */ - } + numblocks = 1; + num_scalar = 1; /* treat 'scalar' like 'num'-th + * element of 'scalars' */ } totalnum = num + numblocks; @@ -434,111 +314,9 @@ ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (numblocks) { /* we go here iff scalar != NULL */ - if (pre_comp == NULL) { - if (num_scalar != 1) { - ECerror(ERR_R_INTERNAL_ERROR); - goto err; - } - /* we have already generated a wNAF for 'scalar' */ - } else { - size_t tmp_len = 0; - - if (num_scalar != 0) { - ECerror(ERR_R_INTERNAL_ERROR); - goto err; - } - /* - * use the window size for which we have - * precomputation - */ - wsize[num] = pre_comp->w; - tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len); - if (tmp_wNAF == NULL) - goto err; - - if (tmp_len <= max_len) { - /* - * One of the other wNAFs is at least as long - * as the wNAF belonging to the generator, so - * wNAF splitting will not buy us anything. - */ - - numblocks = 1; - totalnum = num + 1; /* don't use wNAF - * splitting */ - wNAF[num] = tmp_wNAF; - tmp_wNAF = NULL; - wNAF[num + 1] = NULL; - wNAF_len[num] = tmp_len; - if (tmp_len > max_len) - max_len = tmp_len; - /* - * pre_comp->points starts with the points - * that we need here: - */ - val_sub[num] = pre_comp->points; - } else { - /* - * don't include tmp_wNAF directly into wNAF - * array - use wNAF splitting and include the - * blocks - */ - - signed char *pp; - EC_POINT **tmp_points; - - if (tmp_len < numblocks * blocksize) { - /* - * possibly we can do with fewer - * blocks than estimated - */ - numblocks = (tmp_len + blocksize - 1) / blocksize; - if (numblocks > pre_comp->numblocks) { - ECerror(ERR_R_INTERNAL_ERROR); - goto err; - } - totalnum = num + numblocks; - } - /* split wNAF in 'numblocks' parts */ - pp = tmp_wNAF; - tmp_points = pre_comp->points; - - for (i = num; i < totalnum; i++) { - if (i < totalnum - 1) { - wNAF_len[i] = blocksize; - if (tmp_len < blocksize) { - ECerror(ERR_R_INTERNAL_ERROR); - goto err; - } - tmp_len -= blocksize; - } else - /* - * last block gets whatever - * is left (this could be - * more or less than - * 'blocksize'!) - */ - wNAF_len[i] = tmp_len; - - wNAF[i + 1] = NULL; - wNAF[i] = malloc(wNAF_len[i]); - if (wNAF[i] == NULL) { - ECerror(ERR_R_MALLOC_FAILURE); - goto err; - } - memcpy(wNAF[i], pp, wNAF_len[i]); - if (wNAF_len[i] > max_len) - max_len = wNAF_len[i]; - - if (*tmp_points == NULL) { - ECerror(ERR_R_INTERNAL_ERROR); - goto err; - } - val_sub[i] = tmp_points; - tmp_points += pre_points_per_block; - pp += blocksize; - } - } + if (num_scalar != 1) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; } } /* |