diff options
author | Patrick Steuer <patrick.steuer@de.ibm.com> | 2019-11-02 23:50:26 +0100 |
---|---|---|
committer | Patrick Steuer <patrick.steuer@de.ibm.com> | 2019-11-05 13:51:41 +0100 |
commit | 58738b1cad8777230226009a6bb4efa3def22216 (patch) | |
tree | 3acebab14b51ceabf74cfdfea014b020066e5a6b /crypto | |
parent | 826112295ae94e5b15fe5073cfdf4cff6d79503b (diff) |
s390x assembly pack: fix x448 handling of non-canonical values
The s390x x448 implementation does not correctly reduce non-canonical
values i.e., u-coordinates >= p = 2^448 - 2^224 - 1.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10339)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/ec/ecx_meth.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index eace1a88cd..776e88de36 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -907,10 +907,8 @@ static void s390x_x448_mod_p(unsigned char u[56]) c >>= 8; } - if (u_red[0] & 0x80) { - u_red[0] &= 0x7f; + if (c) memcpy(u, u_red, sizeof(u_red)); - } } static int s390x_x25519_mul(unsigned char u_dst[32], @@ -966,7 +964,7 @@ static int s390x_x448_mul(unsigned char u_dst[56], memcpy(param.x448.d_src, d_src, 56); s390x_flip_endian64(param.x448.u_src, param.x448.u_src); - s390x_x448_mod_p(param.x448.u_src); + s390x_x448_mod_p(param.x448.u_src + 8); s390x_flip_endian64(param.x448.d_src, param.x448.d_src); param.x448.d_src[63] &= 252; |