diff options
| author | Jeffrey Walton <noloader@gmail.com> | 2019-08-05 03:51:58 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-08-05 03:51:58 -0400 |
| commit | c9ef9420e762b91cc06463d349cf06e04c749b9d (patch) | |
| tree | 69a074fcf855a9f8b04d12b359904217e9ea618f /ec2n.cpp | |
| parent | b3eb4c6a690d6dfb342856f2a66a71dcec8c429b (diff) | |
| download | cryptopp-git-c9ef9420e762b91cc06463d349cf06e04c749b9d.tar.gz | |
Fix ECP leakage in Add() and Double() (GH #869, PR #871)
This check-in provides the fix for leaks in ECP's Add() and Double(). The fixes were taken from Joost Renes, Craig Costello, and Lejla Batina's [Complete addition formulas for prime order elliptic curves](https://eprint.iacr.org/2015/1060.pdf).
The Pull Request includes two additional changes that were related to testing the primary fix. First, an `AuthenticatedKeyAgreementWithRolesValidate` interface was added. It allows us to test key agreement when roles are involved. Roles are "client", "server", "initiator", "recipient", etc.
Second, `SetGlobalSeed` was added to `test.cpp` to help with reproducible results. We had code in two different places that set the seed value for the random number generator. But it was sloppy and doing a poor job since results could not be reproduced under some circumstances.
Diffstat (limited to 'ec2n.cpp')
| -rw-r--r-- | ec2n.cpp | 11 |
1 files changed, 6 insertions, 5 deletions
@@ -16,7 +16,8 @@ ANONYMOUS_NAMESPACE_BEGIN using CryptoPP::EC2N;
#if defined(HAVE_GCC_INIT_PRIORITY)
- const EC2N::Point g_identity __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 50))) = EC2N::Point();
+ #define INIT_ATTRIBUTE __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 51)))
+ const EC2N::Point g_identity INIT_ATTRIBUTE = EC2N::Point();
#elif defined(HAVE_MSC_INIT_PRIORITY)
#pragma warning(disable: 4075)
#pragma init_seg(".CRT$XCU")
@@ -51,8 +52,8 @@ void EC2N::DEREncode(BufferedTransformation &bt) const {
m_field->DEREncode(bt);
DERSequenceEncoder seq(bt);
- m_field->DEREncodeElement(seq, m_a);
- m_field->DEREncodeElement(seq, m_b);
+ m_field->DEREncodeElement(seq, m_a);
+ m_field->DEREncodeElement(seq, m_b);
seq.MessageEnd();
}
@@ -260,7 +261,7 @@ const EC2N::Point& EC2N::Double(const Point &P) const // ********************************************************
-/*
+#if 0
EcPrecomputation<EC2N>& EcPrecomputation<EC2N>::operator=(const EcPrecomputation<EC2N> &rhs)
{
m_ec = rhs.m_ec;
@@ -312,7 +313,7 @@ EC2N::Point EcPrecomputation<EC2N>::CascadeExponentiate(const Integer &exponent, {
return m_ep.CascadeExponentiate(exponent, static_cast<const EcPrecomputation<EC2N> &>(pc2).m_ep, exponent2);
}
-*/
+#endif
NAMESPACE_END
|