Merge pull request #222 from jinjiu/8.3-stable

Fix some bugs of ec_elgamal

CHANGES

@@ -9,6 +9,8 @@
 
   *)
 
+  *) 修改EC-ElGamal的bug
+
   *) 修复2处SM2签名算法的实现bug [0x9527-zhou]
 
   *) 修复CVE-2022-0778

CHANGES.en

@@ -5,13 +5,13 @@
  This is a high-level summary of the most important changes.
  For a full list of changes, see the git commit log.
 
- Changes between 8.3.0 and 8.4.0 [xx XXX xxxx]
+ Changes between 8.3.0 and 8.3.1 [xx XXX xxxx]
 
   *)
 
-  *) Fix bugs in SM2 implementation [0x9527-zhou]
+  *) Fix a bug in EC-ElGamal
 
-  *) Remove Camellia
+  *) Fix bugs in SM2 implementation [0x9527-zhou]
 
   *) Fix CVE-2022-0778
 

crypto/ec/ec_elgamal.c

@@ -151,7 +151,8 @@ static int EC_ELGAMAL_discrete_log_bsgs(EC_ELGAMAL_CTX *ctx, int32_t *r,
         if (entry_res != NULL) {
             ret = 1;
             if (table->decrypt_negative == 1)
-                *r = (int32_t)((entry_res->value << EC_ELGAMAL_ECDLP_BABY_BITS) + i + 1);
+                *r = (int32_t)(((entry_res->value & 0xffffffff) <<
+                                            EC_ELGAMAL_ECDLP_BABY_BITS) + i + 1);
             else
                 *r = (int32_t)(i * table->size + entry_res->value);
             break;
@@ -372,6 +373,7 @@ void EC_ELGAMAL_DECRYPT_TABLE_free(EC_ELGAMAL_DECRYPT_TABLE *table)
 
     lh_EC_ELGAMAL_dec_tbl_entry_free(table->entries);
     EC_POINT_free(table->mG_inv);
+    CRYPTO_THREAD_lock_free(table->lock);
     OPENSSL_free(table);
 }
 
@@ -652,7 +654,7 @@ int EC_ELGAMAL_encrypt(EC_ELGAMAL_CTX *ctx, EC_ELGAMAL_CIPHERTEXT *r, int32_t pl
 int EC_ELGAMAL_decrypt(EC_ELGAMAL_CTX *ctx, int32_t *r, EC_ELGAMAL_CIPHERTEXT *ciphertext)
 {
     int ret = 0;
-    int32_t plaintext;
+    int32_t plaintext = 0;
     EC_POINT *M = NULL;
     BN_CTX *bn_ctx = NULL;
 

test/ec_elgamal_internal_test.c

@@ -9,6 +9,9 @@
 
 #include "internal/nelem.h"
 #include "testutil.h"
+#include <openssl/conf.h>
+#include <openssl/opensslconf.h>
+#include <openssl/bio.h>
 #include <openssl/ec.h>
 #include <openssl/pem.h>
 #include <openssl/objects.h>
@@ -193,10 +196,8 @@ static size_t ec_elgamal_mul(EC_ELGAMAL_CTX *ctx, unsigned char **out,
 
 static int ec_elgamal_test(int curve_id)
 {
-    TEST_info("Testing encrypt/descrypt of EC-ElGamal for curve_id: %d\n", curve_id);
-
     int ret = 0;
-    FILE *f;
+    BIO *bio = NULL;
     EC_KEY *eckey = NULL, *ec_pub_key = NULL, *ec_pri_key = NULL;
     //uint32_t p1 = 2000000021, p2 = 500, m = 800, r;
     int32_t p1 = 111111, p2 = 555555, m = 3, r;
@@ -205,6 +206,8 @@ static int ec_elgamal_test(int curve_id)
     EC_ELGAMAL_CTX *ectx = NULL, *dctx = NULL;
     EC_ELGAMAL_DECRYPT_TABLE *dtable = NULL;
 
+    TEST_info("Testing encrypt/descrypt of EC-ElGamal for curve_id: %d\n", curve_id);
+
     if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name(curve_id)))
         goto err;
 
@@ -214,31 +217,38 @@ static int ec_elgamal_test(int curve_id)
     /*
      * saving ec public key to pem file for this test
      */
-    f = fopen(EC_PUB_FILE_PATH, "w");
-    PEM_write_EC_PUBKEY(f, eckey);
-    fclose(f);
-
-    f = fopen(EC_PUB_FILE_PATH, "r");
-    if (!TEST_ptr(ec_pub_key = PEM_read_EC_PUBKEY(f, NULL, NULL, NULL)))
+    if (!TEST_ptr(bio = BIO_new(BIO_s_file()))
+        || !TEST_true(BIO_write_filename(bio, EC_PUB_FILE_PATH))
+        || !TEST_true(PEM_write_bio_EC_PUBKEY(bio, eckey)))
         goto err;
+    BIO_free(bio);
 
-    fclose(f);
+    if (!TEST_ptr(bio = BIO_new(BIO_s_file()))
+        || !TEST_true(BIO_read_filename(bio, EC_PUB_FILE_PATH))
+        || !TEST_ptr(ec_pub_key = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL,
+                                                         NULL)))
+        goto err;
+    BIO_free(bio);
 
     if (!TEST_ptr(ectx = EC_ELGAMAL_CTX_new(ec_pub_key)))
         goto err;
 
     /*
      * saving ec secret key to pem file for this test
      */
-    f = fopen(EC_KEY_FILE_PATH, "w");
-    PEM_write_ECPrivateKey(f, eckey, NULL, NULL, 0, NULL, NULL);
-    fclose(f);
-
-    f = fopen(EC_KEY_FILE_PATH, "r");
-    if (!TEST_ptr(ec_pri_key = PEM_read_ECPrivateKey(f, NULL, NULL, NULL)))
+    if (!TEST_ptr(bio = BIO_new(BIO_s_file()))
+        || !TEST_true(BIO_write_filename(bio, EC_KEY_FILE_PATH))
+        || !TEST_true(PEM_write_bio_ECPrivateKey(bio, eckey, NULL, NULL, 0,
+                                                 NULL, NULL)))
         goto err;
+    BIO_free(bio);
 
-    fclose(f);
+    if (!TEST_ptr(bio = BIO_new(BIO_s_file()))
+        || !TEST_true(BIO_read_filename(bio, EC_KEY_FILE_PATH))
+        || !TEST_true(ec_pri_key = PEM_read_bio_ECPrivateKey(bio, NULL, NULL,
+                                                             NULL)))
+        goto err;
+    BIO_free(bio);
 
     if (!TEST_ptr(dctx = EC_ELGAMAL_CTX_new(ec_pri_key)))
         goto err;
@@ -289,6 +299,8 @@ static int ec_elgamal_test(int curve_id)
     ret = 1;
 
 err:
+    EC_ELGAMAL_DECRYPT_TABLE_free(dtable);
+
     OPENSSL_free(buf1);
     OPENSSL_free(buf2);
     OPENSSL_free(buf);
@@ -307,8 +319,10 @@ static int ec_elgamal_tests(void)
     if (!TEST_true(ec_elgamal_test(NID_X9_62_prime256v1)))
         return 0;
 
+#ifndef OPENSSL_NO_SM2
     if (!TEST_true(ec_elgamal_test(NID_sm2)))
         return 0;
+#endif
 
     return 1;
 }

test/recipes/03-test_internal_ec_elgamal.t

@@ -0,0 +1,19 @@
+#! /usr/bin/env perl
+# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use OpenSSL::Test;              # get 'plan'
+use OpenSSL::Test::Simple;
+use OpenSSL::Test::Utils;
+
+setup("test_internal_ec_elgamal");
+
+plan skip_all => "This test is unsupported in a no-ec build"
+    if disabled("ec") or disabled("ec_elgamal");
+
+simple_test("test_internal_ec_elgamal", "ec_elgamal_internal_test");