Re: nist_cp_bn issue

Fri, 03 Dec 2010 13:04:28 -0800 

openssl ecdhtest
openssl s_server

Must use the -no_ecdhe flag.
openssl.exe s_server -no_ecdhe



ecdhetest.exe has the same access violation
Unhandled exception at 0x004222f6 in ecdhtest.exe: 0xC0000005: Access
violation reading location 0x00000001





openssl.exe!nist_cp_bn(unsigned int * buf=0x00acea80, unsigned int *
a=0x00000001, int top=8)  Line 308 + 0x6 C

 openssl.exe!BN_nist_mod_256(bignum_st * r=0x00acf2a0, const bignum_st *
a=0x00acf2a0, const bignum_st * field=0x005bd0b4, bignum_ctx *
ctx=0x00acd718)  Line 641 + 0xf C
 openssl.exe!ec_GFp_nist_field_mul(const ec_group_st * group=0x00acfc98,
bignum_st * r=0x00acf2a0, const bignum_st * a=0x00ad0848, const bignum_st *
b=0x00acff7c, bignum_ctx * ctx=0x00acd718)  Line 176 + 0x1c C
 openssl.exe!ec_GFp_simple_points_make_affine(const ec_group_st *
group=0x00acfc98, unsigned int num=4, ec_point_st * * points=0x00acf028,
bignum_ctx * ctx=0x00acd718)  Line 1649 + 0x2e C
 openssl.exe!EC_POINTs_make_affine(const ec_group_st * group=0x00acfc98,
unsigned int num=4, ec_point_st * * points=0x00acf028, bignum_ctx *
ctx=0x00acd718)  Line 1108 + 0x18 C
 openssl.exe!ec_wNAF_mul(const ec_group_st * group=0x00acfc98, ec_point_st
* r=0x00acfda0, const bignum_st * scalar=0x00acf008, unsigned int num=0,
const ec_point_st * * points=0x0012f8dc, const bignum_st * *
scalars=0x0012f8e0, bignum_ctx * ctx=0x00acd718)  Line 649 + 0x15 C
 openssl.exe!EC_POINTs_mul(const ec_group_st * group=0x00acfc98,
ec_point_st * r=0x00acfda0, const bignum_st * scalar=0x00acf008, unsigned
int num=0, const ec_point_st * * points=0x0012f8dc, const bignum_st * *
scalars=0x0012f8e0, bignum_ctx * ctx=0x00acd718)  Line 1123 + 0x21 C
 openssl.exe!EC_POINT_mul(const ec_group_st * group=0x00acfc98, ec_point_st
* r=0x00acfda0, const bignum_st * g_scalar=0x00acf008, const ec_point_st *
point=0x00000000, const bignum_st * p_scalar=0x00000000, bignum_ctx *
ctx=0x00acd718)  Line 1139 + 0x3d C
 openssl.exe!EC_KEY_generate_key(ec_key_st * eckey=0x00acf978)  Line 275 +
0x1c C
 openssl.exe!ssl3_ctx_ctrl(ssl_ctx_st * ctx=0x00acdbf8, int cmd=4, long
larg=0, void * parg=0x00ace568)  Line 2648 + 0x9 C
 openssl.exe!SSL_CTX_ctrl(ssl_ctx_st * ctx=0x00acdbf8, int cmd=4, long
larg=0, void * parg=0x00ace568)  Line 1171 + 0x18 C
 openssl.exe!s_server_main(int argc=0, char * * argv=0x003c2b64)  Line 1565
+ 0x17 C
 openssl.exe!do_cmd(lhash_st_FUNCTION * prog=0x00ac9a50, int argc=2, char *
* argv=0x003c2b5c)  Line 413 + 0xe C
 openssl.exe!main(int Argc=2, char * * Argv=0x003c2b5c)  Line 312 + 0x14 C
 openssl.exe!mainCRTStartup()  Line 259 + 0x12 C
 kernel32.dll!7c817077()



static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
{
int i;
BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
for (i = (top); i != 0; i--)
*_tmp1++ = *_tmp2++;  //There is a problem here
}


int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
BN_CTX *ctx)
{
/*
.
.
.
*/
mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
mask &= 0-(size_t)carry;
res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
nist_cp_bn(r_d, res, BN_NIST_256_TOP); // There is a problem here
r->top = BN_NIST_256_TOP;
bn_correct_top(r);
return 1;
}
----- Original Message ----- From: "Victor Duchovni" <victor.ducho...@morganstanley.com> 
To: <openssl-users@openssl.org>
Sent: Friday, December 03, 2010 10:43 AM
Subject: nist_cp_bn issue



On Fri, Dec 03, 2010 at 09:10:41AM -0800, Marcus Carey wrote:


I am still have issues with the default ECDH parameters in 1.0.0c.


kEECDH handshakes appear to work.


The key generation with NIST Prime-Curve P-192 crashes.


How do you reproduce this?


static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
{
   int i;
   BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
   for (i = (top); i != 0; i--)
   *_tmp1++ = *_tmp2++;  //There is a problem here
}


The above looks fine, in what context is this called?

The code in crypto/bn/bn_nist.c has not changed since 0.9.8j, it is
different in 0.9.8i.

   http://cvs.openssl.org/chngview?cn=17756

I don't understand the code in BN_nist_mod_192(), which calls
nist_cp_bn(), it has rather obscure pointer manipulation:

       /*
        * we need 'if (carry==0 || result>=modulus) result-=modulus;'
        * as comparison implies subtraction, we can write
        * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
        * this is what happens below, but without explicit if:-) a.
        */
mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); 
       mask &= 0-(size_t)carry;
--->    res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
       nist_cp_bn(r_d, res, BN_NIST_192_TOP);

--
Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager majord...@openssl.org 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to