Fix bug in nistp224/256/521 where have_precompute_mult always returns 0

During precomputation if the group given is well known then we memcpy a well known precomputation. However we go the wrong label in the code and don't store the data properly. Consequently if we call have_precompute_mult the data isn't there and we return 0. RT#3600 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 615614c886)
2015-11-04 17:30:22 +00:00 · 2015-11-04 17:30:22 +00:00 · e94f52e0c7
commit e94f52e0c7
parent 83ab6e55a1
3 changed files with 6 additions and 6 deletions
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
@ -1657,8 +1657,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     */
    if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
        memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
-        ret = 1;
-        goto err;
+        goto done;
    }
    if ((!BN_to_felem(pre->g_pre_comp[0][1][0], &group->generator->X)) ||
        (!BN_to_felem(pre->g_pre_comp[0][1][1], &group->generator->Y)) ||
@ -1736,6 +1735,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
    }
    make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_felems);

+ done:
    if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp224_pre_comp_dup,
                             nistp224_pre_comp_free,
                             nistp224_pre_comp_clear_free))
--- a/crypto/ec/ecp_nistp256.c
+++ b/crypto/ec/ecp_nistp256.c
@ -2249,8 +2249,7 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     */
    if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
        memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
-        ret = 1;
-        goto err;
+        goto done;
    }
    if ((!BN_to_felem(x_tmp, &group->generator->X)) ||
        (!BN_to_felem(y_tmp, &group->generator->Y)) ||
@ -2337,6 +2336,7 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
    }
    make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_smallfelems);

+ done:
    if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp256_pre_comp_dup,
                             nistp256_pre_comp_free,
                             nistp256_pre_comp_clear_free))
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@ -2056,8 +2056,7 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     */
    if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
        memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
-        ret = 1;
-        goto err;
+        goto done;
    }
    if ((!BN_to_felem(pre->g_pre_comp[1][0], &group->generator->X)) ||
        (!BN_to_felem(pre->g_pre_comp[1][1], &group->generator->Y)) ||
@ -2115,6 +2114,7 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
    }
    make_points_affine(15, &(pre->g_pre_comp[1]), tmp_felems);

+ done:
    if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp521_pre_comp_dup,
                             nistp521_pre_comp_free,
                             nistp521_pre_comp_clear_free))