checking ECC point at infinity

List overview All Threads
Download

newer

older

[PowerPC64] Add AIX to cpu...

Handling of ORIGIN-based rpaths...

Daiki Ueno

19 Jul 2020 19 Jul '20

3:13 a.m.

Hello,

SP800-56A (revision 3) section 5.6.2.3.3 now mandates a check that the generated public key (Q) multiplied by the curve order (n) results in an identity element (= an infinity point).

It seem that it is not possible to implement this check with the Nettle's public API. The attached patch naively multiplies Q by n but it causes the valgrind errors below.

As it works with the curve order minus 1, I added the following check instead in my library, though I'm not sure if this satisfies the original requirement:

P = (n - 1) * Q

where P's x-coordinate is the same as Q's, and P also lies on the same curve so that indicates P + Q (= n * Q) is an infinity point, according to the group law.

Is there a better (direct) way to implement the check? Suggestions appreciated.

Conditional jump or move depends on uninitialised value(s) at 0x4880DFB: _nettle_ecc_mul_a (ecc-mul-a.c:145) by 0x48815F8: nettle_ecc_point_mul (ecc-point-mul.c:55) by 0x4012EB: main (ecc-test.c:36)

Conditional jump or move depends on uninitialised value(s) at 0x487D1D9: _nettle_sec_tabselect (sec-tabselect.c:54) by 0x4880E1B: _nettle_ecc_mul_a (ecc-mul-a.c:147) by 0x48815F8: nettle_ecc_point_mul (ecc-point-mul.c:55) by 0x4012EB: main (ecc-test.c:36)

Conditional jump or move depends on uninitialised value(s) at 0x487E0F3: _nettle_ecc_mod_add (ecc-mod-arith.c:53) by 0x487F51B: _nettle_ecc_dup_jj (ecc-dup-jj.c:81) by 0x4880E66: _nettle_ecc_mul_a (ecc-mul-a.c:171) by 0x48815F8: nettle_ecc_point_mul (ecc-point-mul.c:55) by 0x4012EB: main (ecc-test.c:36)

Regards,

-- Daiki Ueno #include <nettle/ecdsa.h> #include <nettle/ecc-curve.h> #include <assert.h> #include <string.h> static void myrandom (void *ctx, size_t length, uint8_t *dst) { memset (dst, 0, length); *dst = 0xff; } int main (void) { const struct ecc_curve *curve = nettle_get_secp_256r1 (); struct ecc_point pub; struct ecc_scalar key; mpz_t nz, x, y; struct ecc_scalar n; struct ecc_point r; ecc_point_init (&pub, curve); ecc_scalar_init (&key, curve); ecc_scalar_init (&n, curve); ecc_point_init (&r, curve); ecdsa_generate_keypair (&pub, &key, NULL, myrandom); /* Calculate P = nQ and check if it is an infinity point. */ mpz_init_set_str (nz, "ffffffff00000000ffffffffffffffff" "bce6faada7179e84f3b9cac2fc632551", 16); ecc_scalar_set (&n, nz); mpz_clear (nz); ecc_point_mul (&r, &n, &pub); mpz_init (x); mpz_init (y); ecc_point_get (&r, x, y); assert (mpz_cmp_ui (x, 0) == 0); assert (mpz_cmp_ui (y, 0) == 0); mpz_clear (x); mpz_clear (y); ecc_point_clear (&pub); ecc_scalar_clear (&key); ecc_scalar_clear (&n); ecc_point_clear (&r); return 0; } /** * Local variables: * compile-command: "gcc -o ecc-test ecc-test.c `pkg-config hogweed --cflags --libs` -lgmp" * End: */

Show replies by date

nisse＠lysator.liu.se

20 Jul 20 Jul

8:34 a.m.

Daiki Ueno ueno@gnu.org writes:

...

It seem that it is not possible to implement this check with the Nettle's public API. The attached patch naively multiplies Q by n but it causes the valgrind errors below.

I think the point multiplication functions were written under the assumption that the scalar should be less than the group order. Docs could perhaps be improved on that.

But I don't known now exactly how it fails. It's good you get the valgrind failures, but line numbers don't quite match my version.

If ecc_mul_a can be made to support this, I take it the output will be a point with z = 0 (mod p) in homogenenous coordinates.

And then the special case z = 0 has to be detected in some way in the conversion to affine coordinates. That's done by ecc_j_to_a, but that assumes a finite input point, since it inverts z without checking for zero.

...

As it works with the curve order minus 1, I added the following check instead in my library, though I'm not sure if this satisfies the original requirement:

P = (n - 1) * Q

Checking that (n-1) * Q = -Q should be mathematically equivalent. There's a similar test in testsuite/ecc-mul-a-test.c and testsuite/ecc-mul-g-test.c (but testing with the generator rather than with an arbitrary public key).

If the point of the requirements of "SP800-56A (revision 3)" is to check the mathematical properties of the point, rather than testing a particular implementation of the ecc arithmetics, then (n-1) Q = -Q sounds good enough to me. You should first check that Q really lies on the curve (otherwise both left-hand side and right-hand side operations suffer garbage-in-garbage-out), but you probably do that already.

Regards, /Niels

-- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to wholesale government surveillance.

Daiki Ueno

11:56 a.m.

nisse@lysator.liu.se (Niels Möller) writes:

...

I think the point multiplication functions were written under the assumption that the scalar should be less than the group order. Docs could perhaps be improved on that.

But I don't known now exactly how it fails. It's good you get the valgrind failures, but line numbers don't quite match my version.

I was using the Nettle version installed on the system, sorry. I'm attaching the complete log taken with the git master (d1e45e07f).

...

If ecc_mul_a can be made to support this, I take it the output will be a point with z = 0 (mod p) in homogenenous coordinates.

And then the special case z = 0 has to be detected in some way in the conversion to affine coordinates. That's done by ecc_j_to_a, but that assumes a finite input point, since it inverts z without checking for zero.

I think it would be nice if it hits an assertion failure.

...

...
As it works with the curve order minus 1, I added the following check instead in my library, though I'm not sure if this satisfies the original requirement:

P = (n - 1) * Q

Checking that (n-1) * Q = -Q should be mathematically equivalent. There's a similar test in testsuite/ecc-mul-a-test.c and testsuite/ecc-mul-g-test.c (but testing with the generator rather than with an arbitrary public key).

Thanks for the pointer and the confirmation; I've tightened the check based on testsuite/ecc-mul-a-test.c. For the record, the patch is: https://gitlab.com/gnutls/gnutls/-/merge_requests/1299/diffs?commit_id=23756...

Regards,

-- Daiki Ueno ==42307== Memcheck, a memory error detector ==42307== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==42307== Using Valgrind-3.16.0 and LibVEX; rerun with -h for copyright info ==42307== Command: ./ecc-test ==42307== Parent PID: 3156 ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x48670AA: _nettle_ecc_mul_a (ecc-mul-a.c:145) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485E278: _nettle_sec_tabselect (sec-tabselect.c:54) ==42307== by 0x486711A: _nettle_ecc_mul_a (ecc-mul-a.c:147) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F77F: _nettle_ecc_mod_add (ecc-mod-arith.c:53) ==42307== by 0x4862069: _nettle_ecc_dup_jj (ecc-dup-jj.c:81) ==42307== by 0x48671E6: _nettle_ecc_mul_a (ecc-mul-a.c:171) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F83F: _nettle_ecc_mod_sub (ecc-mod-arith.c:64) ==42307== by 0x4862117: _nettle_ecc_dup_jj (ecc-dup-jj.c:83) ==42307== by 0x48671E6: _nettle_ecc_mul_a (ecc-mul-a.c:171) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F83F: _nettle_ecc_mod_sub (ecc-mod-arith.c:64) ==42307== by 0x486216B: _nettle_ecc_dup_jj (ecc-dup-jj.c:84) ==42307== by 0x48671E6: _nettle_ecc_mul_a (ecc-mul-a.c:171) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F77F: _nettle_ecc_mod_add (ecc-mod-arith.c:53) ==42307== by 0x486219F: _nettle_ecc_dup_jj (ecc-dup-jj.c:87) ==42307== by 0x48671E6: _nettle_ecc_mul_a (ecc-mul-a.c:171) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F83F: _nettle_ecc_mod_sub (ecc-mod-arith.c:64) ==42307== by 0x48621B7: _nettle_ecc_dup_jj (ecc-dup-jj.c:88) ==42307== by 0x48671E6: _nettle_ecc_mul_a (ecc-mul-a.c:171) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F8F4: _nettle_ecc_mod_mul_1 (ecc-mod-arith.c:76) ==42307== by 0x486223F: _nettle_ecc_dup_jj (ecc-dup-jj.c:90) ==42307== by 0x48671E6: _nettle_ecc_mul_a (ecc-mul-a.c:171) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F948: _nettle_ecc_mod_mul_1 (ecc-mod-arith.c:79) ==42307== by 0x486223F: _nettle_ecc_dup_jj (ecc-dup-jj.c:90) ==42307== by 0x48671E6: _nettle_ecc_mul_a (ecc-mul-a.c:171) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F8F4: _nettle_ecc_mod_mul_1 (ecc-mod-arith.c:76) ==42307== by 0x4862323: _nettle_ecc_dup_jj (ecc-dup-jj.c:98) ==42307== by 0x48671E6: _nettle_ecc_mul_a (ecc-mul-a.c:171) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F948: _nettle_ecc_mod_mul_1 (ecc-mod-arith.c:79) ==42307== by 0x4862323: _nettle_ecc_dup_jj (ecc-dup-jj.c:98) ==42307== by 0x48671E6: _nettle_ecc_mul_a (ecc-mul-a.c:171) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485FB06: _nettle_ecc_mod_submul_1 (ecc-mod-arith.c:106) ==42307== by 0x486239C: _nettle_ecc_dup_jj (ecc-dup-jj.c:102) ==42307== by 0x48671E6: _nettle_ecc_mul_a (ecc-mul-a.c:171) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485FB5A: _nettle_ecc_mod_submul_1 (ecc-mod-arith.c:109) ==42307== by 0x486239C: _nettle_ecc_dup_jj (ecc-dup-jj.c:102) ==42307== by 0x48671E6: _nettle_ecc_mul_a (ecc-mul-a.c:171) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F83F: _nettle_ecc_mod_sub (ecc-mod-arith.c:64) ==42307== by 0x4862426: _nettle_ecc_dup_jj (ecc-dup-jj.c:106) ==42307== by 0x48671E6: _nettle_ecc_mul_a (ecc-mul-a.c:171) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485FB06: _nettle_ecc_mod_submul_1 (ecc-mod-arith.c:106) ==42307== by 0x48624C5: _nettle_ecc_dup_jj (ecc-dup-jj.c:108) ==42307== by 0x48671E6: _nettle_ecc_mul_a (ecc-mul-a.c:171) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485FB5A: _nettle_ecc_mod_submul_1 (ecc-mod-arith.c:109) ==42307== by 0x48624C5: _nettle_ecc_dup_jj (ecc-dup-jj.c:108) ==42307== by 0x48671E6: _nettle_ecc_mul_a (ecc-mul-a.c:171) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485E278: _nettle_sec_tabselect (sec-tabselect.c:54) ==42307== by 0x4867245: _nettle_ecc_mul_a (ecc-mul-a.c:174) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F83F: _nettle_ecc_mod_sub (ecc-mod-arith.c:64) ==42307== by 0x4862DFC: _nettle_ecc_add_jjj (ecc-add-jjj.c:81) ==42307== by 0x486728A: _nettle_ecc_mul_a (ecc-mul-a.c:176) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F77F: _nettle_ecc_mod_add (ecc-mod-arith.c:53) ==42307== by 0x4862E49: _nettle_ecc_add_jjj (ecc-add-jjj.c:84) ==42307== by 0x486728A: _nettle_ecc_mul_a (ecc-mul-a.c:176) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F83F: _nettle_ecc_mod_sub (ecc-mod-arith.c:64) ==42307== by 0x4862E78: _nettle_ecc_add_jjj (ecc-add-jjj.c:86) ==42307== by 0x486728A: _nettle_ecc_mul_a (ecc-mul-a.c:176) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F83F: _nettle_ecc_mod_sub (ecc-mod-arith.c:64) ==42307== by 0x4862E90: _nettle_ecc_add_jjj (ecc-add-jjj.c:87) ==42307== by 0x486728A: _nettle_ecc_mul_a (ecc-mul-a.c:176) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F83F: _nettle_ecc_mod_sub (ecc-mod-arith.c:64) ==42307== by 0x4862F8A: _nettle_ecc_add_jjj (ecc-add-jjj.c:96) ==42307== by 0x486728A: _nettle_ecc_mul_a (ecc-mul-a.c:176) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F8F4: _nettle_ecc_mod_mul_1 (ecc-mod-arith.c:76) ==42307== by 0x4862FA3: _nettle_ecc_add_jjj (ecc-add-jjj.c:97) ==42307== by 0x486728A: _nettle_ecc_mul_a (ecc-mul-a.c:176) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F948: _nettle_ecc_mod_mul_1 (ecc-mod-arith.c:79) ==42307== by 0x4862FA3: _nettle_ecc_add_jjj (ecc-add-jjj.c:97) ==42307== by 0x486728A: _nettle_ecc_mul_a (ecc-mul-a.c:176) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F8F4: _nettle_ecc_mod_mul_1 (ecc-mod-arith.c:76) ==42307== by 0x486300B: _nettle_ecc_add_jjj (ecc-add-jjj.c:104) ==42307== by 0x486728A: _nettle_ecc_mul_a (ecc-mul-a.c:176) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F948: _nettle_ecc_mod_mul_1 (ecc-mod-arith.c:79) ==42307== by 0x486300B: _nettle_ecc_add_jjj (ecc-add-jjj.c:104) ==42307== by 0x486728A: _nettle_ecc_mul_a (ecc-mul-a.c:176) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F83F: _nettle_ecc_mod_sub (ecc-mod-arith.c:64) ==42307== by 0x486306A: _nettle_ecc_add_jjj (ecc-add-jjj.c:111) ==42307== by 0x486728A: _nettle_ecc_mul_a (ecc-mul-a.c:176) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485FB06: _nettle_ecc_mod_submul_1 (ecc-mod-arith.c:106) ==42307== by 0x4863083: _nettle_ecc_add_jjj (ecc-add-jjj.c:112) ==42307== by 0x486728A: _nettle_ecc_mul_a (ecc-mul-a.c:176) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485FB5A: _nettle_ecc_mod_submul_1 (ecc-mod-arith.c:109) ==42307== by 0x4863083: _nettle_ecc_add_jjj (ecc-add-jjj.c:112) ==42307== by 0x486728A: _nettle_ecc_mul_a (ecc-mul-a.c:176) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F83F: _nettle_ecc_mod_sub (ecc-mod-arith.c:64) ==42307== by 0x48630B3: _nettle_ecc_add_jjj (ecc-add-jjj.c:116) ==42307== by 0x486728A: _nettle_ecc_mul_a (ecc-mul-a.c:176) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485FB06: _nettle_ecc_mod_submul_1 (ecc-mod-arith.c:106) ==42307== by 0x48630E4: _nettle_ecc_add_jjj (ecc-add-jjj.c:118) ==42307== by 0x486728A: _nettle_ecc_mul_a (ecc-mul-a.c:176) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485FB5A: _nettle_ecc_mod_submul_1 (ecc-mod-arith.c:109) ==42307== by 0x48630E4: _nettle_ecc_add_jjj (ecc-add-jjj.c:118) ==42307== by 0x486728A: _nettle_ecc_mul_a (ecc-mul-a.c:176) ==42307== by 0x4867D0F: nettle_ecc_point_mul (ecc-point-mul.c:56) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F577: _nettle_ecc_mod_inv (ecc-mod-inv.c:148) ==42307== by 0x48619DB: _nettle_ecc_j_to_a (ecc-j-to-a.c:70) ==42307== by 0x4867D54: nettle_ecc_point_mul (ecc-point-mul.c:57) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F5BA: _nettle_ecc_mod_inv (ecc-mod-inv.c:151) ==42307== by 0x48619DB: _nettle_ecc_j_to_a (ecc-j-to-a.c:70) ==42307== by 0x4867D54: nettle_ecc_point_mul (ecc-point-mul.c:57) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F66A: _nettle_ecc_mod_inv (ecc-mod-inv.c:154) ==42307== by 0x48619DB: _nettle_ecc_j_to_a (ecc-j-to-a.c:70) ==42307== by 0x4867D54: nettle_ecc_point_mul (ecc-point-mul.c:57) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F3F3: _nettle_ecc_mod_inv (ecc-mod-inv.c:138) ==42307== by 0x48619DB: _nettle_ecc_j_to_a (ecc-j-to-a.c:70) ==42307== by 0x4867D54: nettle_ecc_point_mul (ecc-point-mul.c:57) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x485F6BF: _nettle_ecc_mod_inv (ecc-mod-inv.c:156) ==42307== by 0x48619DB: _nettle_ecc_j_to_a (ecc-j-to-a.c:70) ==42307== by 0x4867D54: nettle_ecc_point_mul (ecc-point-mul.c:57) ==42307== by 0x4012EB: main (ecc-test.c:36) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x492EE5C: __gmpz_limbs_finish (in /usr/lib64/libgmp.so.10.3.2) ==42307== by 0x485E66A: _nettle_mpz_set_n (gmp-glue.c:111) ==42307== by 0x4867A80: nettle_ecc_point_get (ecc-point.c:131) ==42307== by 0x40131A: main (ecc-test.c:41) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x492EE54: __gmpz_limbs_finish (in /usr/lib64/libgmp.so.10.3.2) ==42307== by 0x485E66A: _nettle_mpz_set_n (gmp-glue.c:111) ==42307== by 0x4867A80: nettle_ecc_point_get (ecc-point.c:131) ==42307== by 0x40131A: main (ecc-test.c:41) ==42307== ==42307== Use of uninitialised value of size 8 ==42307== at 0x492EE54: __gmpz_limbs_finish (in /usr/lib64/libgmp.so.10.3.2) ==42307== by 0x485E66A: _nettle_mpz_set_n (gmp-glue.c:111) ==42307== by 0x4867A80: nettle_ecc_point_get (ecc-point.c:131) ==42307== by 0x40131A: main (ecc-test.c:41) ==42307== ==42307== Use of uninitialised value of size 8 ==42307== at 0x492EE56: __gmpz_limbs_finish (in /usr/lib64/libgmp.so.10.3.2) ==42307== by 0x485E66A: _nettle_mpz_set_n (gmp-glue.c:111) ==42307== by 0x4867A80: nettle_ecc_point_get (ecc-point.c:131) ==42307== by 0x40131A: main (ecc-test.c:41) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x492EE5C: __gmpz_limbs_finish (in /usr/lib64/libgmp.so.10.3.2) ==42307== by 0x485E66A: _nettle_mpz_set_n (gmp-glue.c:111) ==42307== by 0x4867AAE: nettle_ecc_point_get (ecc-point.c:133) ==42307== by 0x40131A: main (ecc-test.c:41) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x492EE54: __gmpz_limbs_finish (in /usr/lib64/libgmp.so.10.3.2) ==42307== by 0x485E66A: _nettle_mpz_set_n (gmp-glue.c:111) ==42307== by 0x4867AAE: nettle_ecc_point_get (ecc-point.c:133) ==42307== by 0x40131A: main (ecc-test.c:41) ==42307== ==42307== Use of uninitialised value of size 8 ==42307== at 0x492EE54: __gmpz_limbs_finish (in /usr/lib64/libgmp.so.10.3.2) ==42307== by 0x485E66A: _nettle_mpz_set_n (gmp-glue.c:111) ==42307== by 0x4867AAE: nettle_ecc_point_get (ecc-point.c:133) ==42307== by 0x40131A: main (ecc-test.c:41) ==42307== ==42307== Use of uninitialised value of size 8 ==42307== at 0x492EE56: __gmpz_limbs_finish (in /usr/lib64/libgmp.so.10.3.2) ==42307== by 0x485E66A: _nettle_mpz_set_n (gmp-glue.c:111) ==42307== by 0x4867AAE: nettle_ecc_point_get (ecc-point.c:133) ==42307== by 0x40131A: main (ecc-test.c:41) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x401320: main (ecc-test.c:42) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x401327: main (ecc-test.c:42) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x401347: main (ecc-test.c:43) ==42307== ==42307== Conditional jump or move depends on uninitialised value(s) ==42307== at 0x40134E: main (ecc-test.c:43) ==42307== ==42307== ==42307== HEAP SUMMARY: ==42307== in use at exit: 0 bytes in 0 blocks ==42307== total heap usage: 11 allocs, 11 frees, 2,304 bytes allocated ==42307== ==42307== All heap blocks were freed -- no leaks are possible ==42307== ==42307== Use --track-origins=yes to see where uninitialised values come from ==42307== For lists of detected and suppressed errors, rerun with: -s ==42307== ERROR SUMMARY: 6602 errors from 49 contexts (suppressed: 0 from 0)

1640

Age (days ago)

1641

Last active (days ago)

nettle-bugs@lists.lysator.liu.se

2 comments

2 participants

tags (0)

participants (2)

Daiki Ueno
nisse＠lysator.liu.se