summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2019-07-03 17:30:03 +0100
committerMatt Caswell <matt@openssl.org>2019-08-06 11:19:07 +0100
commita9612d6c034f47c4788c67d85651d0cd58c3faf7 (patch)
treeb3af6481b8c7a2a50b8834c3cec70841ae739f95
parentc1a3f16f735057b45df1803d58f40e4e17b233e5 (diff)
Make the EC code available from inside the FIPS provider
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9380)
Diffstat
-rw-r--r--apps/ecparam.c2
-rw-r--r--crypto/bn/bn_lcl.h2
-rw-r--r--crypto/buffer/build.info1
-rw-r--r--crypto/build.info4
-rw-r--r--crypto/ec/build.info16
-rw-r--r--crypto/ec/curve448/curve448_lcl.h19
-rw-r--r--crypto/ec/curve448/ed448.h20
-rw-r--r--crypto/ec/curve448/eddsa.c93
-rw-r--r--crypto/ec/ec2_oct.c28
-rw-r--r--crypto/ec/ec2_smpl.c44
-rw-r--r--crypto/ec/ec_asn1.c6
-rw-r--r--crypto/ec/ec_check.c25
-rw-r--r--crypto/ec/ec_curve.c52
-rw-r--r--crypto/ec/ec_cvt.c5
-rw-r--r--crypto/ec/ec_key.c50
-rw-r--r--crypto/ec/ec_kmeth.c28
-rw-r--r--crypto/ec/ec_lcl.h9
-rw-r--r--crypto/ec/ec_lib.c70
-rw-r--r--crypto/ec/ec_mult.c15
-rw-r--r--crypto/ec/ecdh_ossl.c2
-rw-r--r--crypto/ec/ecdsa_ossl.c8
-rw-r--r--crypto/ec/ecp_mont.c5
-rw-r--r--crypto/ec/ecp_nist.c6
-rw-r--r--crypto/ec/ecp_nistp224.c27
-rw-r--r--crypto/ec/ecp_nistp256.c27
-rw-r--r--crypto/ec/ecp_nistp521.c27
-rw-r--r--crypto/ec/ecp_nistz256.c2
-rw-r--r--crypto/ec/ecp_oct.c12
-rw-r--r--crypto/ec/ecp_smpl.c31
-rw-r--r--crypto/ec/ecx_meth.c20
-rw-r--r--crypto/err/openssl.txt4
-rw-r--r--crypto/include/internal/bn_int.h1
-rw-r--r--crypto/ppccap.c6
-rw-r--r--doc/man3/EC_GROUP_copy.pod5
-rw-r--r--include/openssl/ec.h63
-rw-r--r--test/curve448_internal_test.c24
-rw-r--r--test/ectest.c38
-rw-r--r--util/libcrypto.num4
38 files changed, 566 insertions, 235 deletions
diff --git a/apps/ecparam.c b/apps/ecparam.c
index 0c893a3977..6796af6578 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -273,7 +273,7 @@ int ecparam_main(int argc, char **argv)
if (check_named) {
BIO_printf(bio_err, "validating named elliptic curve parameters: ");
- if (EC_GROUP_check_named_curve(group, 0) <= 0) {
+ if (EC_GROUP_check_named_curve(group, 0, NULL) <= 0) {
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
goto end;
diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
index 160f2f5a07..5ba96f2b19 100644
--- a/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
@@ -668,6 +668,4 @@ static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits)
return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2);
}
-OPENSSL_CTX *bn_get_lib_ctx(BN_CTX *ctx);
-
#endif
diff --git a/crypto/buffer/build.info b/crypto/buffer/build.info
index 54da1f92a8..63de1a570f 100644
--- a/crypto/buffer/build.info
+++ b/crypto/buffer/build.info
@@ -1,2 +1,3 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=buffer.c buf_err.c
+SOURCE[../../providers/fips]=buffer.c
diff --git a/crypto/build.info b/crypto/build.info
index fe49fa387d..0b203a7f93 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -69,14 +69,14 @@ SOURCE[../providers/fips]=$CORE_COMMON
$UTIL_COMMON=\
cryptlib.c params.c bsearch.c ex_data.c o_str.c \
ctype.c threads_pthread.c threads_win.c threads_none.c initthread.c \
- context.c sparse_array.c param_build.c $CPUIDASM
+ context.c sparse_array.c asn1_dsa.c packet.c param_build.c $CPUIDASM
$UTIL_DEFINE=$CPUIDDEF
SOURCE[../libcrypto]=$UTIL_COMMON \
mem.c mem_sec.c mem_dbg.c \
cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \
o_fopen.c getenv.c o_init.c o_fips.c init.c trace.c provider.c \
- asn1_dsa.c packet.c $UPLINKSRC
+ $UPLINKSRC
DEFINE[../libcrypto]=$UTIL_DEFINE $UPLINKDEF
SOURCE[../providers/fips]=$UTIL_COMMON
DEFINE[../providers/fips]=$UTIL_DEFINE
diff --git a/crypto/ec/build.info b/crypto/ec/build.info
index 5e9778d333..6bc04588e2 100644
--- a/crypto/ec/build.info
+++ b/crypto/ec/build.info
@@ -43,17 +43,21 @@ IF[{- !$disabled{asm} -}]
ENDIF
LIBS=../../libcrypto
-SOURCE[../../libcrypto]=\
- ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
- ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c \
- ec2_smpl.c ec_ameth.c ec_pmeth.c eck_prn.c \
+
+$COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
+ ec_curve.c ec_check.c ec_print.c ec_key.c ec_asn1.c \
+ ec2_smpl.c \
ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c \
- ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c ecdh_kdf.c \
- ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c ecx_meth.c \
+ ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c \
+ ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \
curve448/arch_32/f_impl.c curve448/f_generic.c curve448/scalar.c \
curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
$ECASM
+SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c ec_err.c \
+ ecdh_kdf.c eck_prn.c
DEFINE[../../libcrypto]=$ECDEF
+SOURCE[../../providers/fips]=$COMMON
+DEFINE[../../providers/fips]=$ECDEF
GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl \
$(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
diff --git a/crypto/ec/curve448/curve448_lcl.h b/crypto/ec/curve448/curve448_lcl.h
index 3625e12a82..9459f002cb 100644
--- a/crypto/ec/curve448/curve448_lcl.h
+++ b/crypto/ec/curve448/curve448_lcl.h
@@ -16,23 +16,24 @@ int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
void X448_public_from_private(uint8_t out_public_value[56],
const uint8_t private_key[56]);
-int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
- const uint8_t public_key[57], const uint8_t private_key[57],
- const uint8_t *context, size_t context_len);
+int ED448_sign(OPENSSL_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
+ size_t message_len, const uint8_t public_key[57],
+ const uint8_t private_key[57], const uint8_t *context,
+ size_t context_len);
-int ED448_verify(const uint8_t *message, size_t message_len,
+int ED448_verify(OPENSSL_CTX *ctx, const uint8_t *message, size_t message_len,
const uint8_t signature[114], const uint8_t public_key[57],
const uint8_t *context, size_t context_len);
-int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64],
+int ED448ph_sign(OPENSSL_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
const uint8_t public_key[57], const uint8_t private_key[57],
const uint8_t *context, size_t context_len);
-int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114],
- const uint8_t public_key[57], const uint8_t *context,
- size_t context_len);
+int ED448ph_verify(OPENSSL_CTX *ctx, const uint8_t hash[64],
+ const uint8_t signature[114], const uint8_t public_key[57],
+ const uint8_t *context, size_t context_len);
-int ED448_public_from_private(uint8_t out_public_key[57],
+int ED448_public_from_private(OPENSSL_CTX *ctx, uint8_t out_public_key[57],
const uint8_t private_key[57]);
#endif /* HEADER_CURVE448_LCL_H */
diff --git a/crypto/ec/curve448/ed448.h b/crypto/ec/curve448/ed448.h
index e66d3e38bb..b198f36e3a 100644
--- a/crypto/ec/curve448/ed448.h
+++ b/crypto/ec/curve448/ed448.h
@@ -38,6 +38,7 @@
* privkey (in): The private key.
*/
c448_error_t c448_ed448_derive_public_key(
+ OPENSSL_CTX *ctx,
uint8_t pubkey [EDDSA_448_PUBLIC_BYTES],
const uint8_t privkey [EDDSA_448_PRIVATE_BYTES]);
@@ -59,6 +60,7 @@ c448_error_t c448_ed448_derive_public_key(
* disambiguation. For Ed448 it is safe.
*/
c448_error_t c448_ed448_sign(
+ OPENSSL_CTX *ctx,
uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
@@ -83,6 +85,7 @@ c448_error_t c448_ed448_sign(
* disambiguation. For Ed448 it is safe.
*/
c448_error_t c448_ed448_sign_prehash(
+ OPENSSL_CTX *ctx,
uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
@@ -108,13 +111,14 @@ c448_error_t c448_ed448_sign_prehash(
* non-prehashed messages, at least without some very careful protocol-level
* disambiguation. For Ed448 it is safe.
*/
-c448_error_t c448_ed448_verify(const uint8_t
- signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t
- pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t *message, size_t message_len,
- uint8_t prehashed, const uint8_t *context,
- uint8_t context_len);
+c448_error_t c448_ed448_verify(OPENSSL_CTX *ctx,
+ const uint8_t
+ signature[EDDSA_448_SIGNATURE_BYTES],
+ const uint8_t
+ pubkey[EDDSA_448_PUBLIC_BYTES],
+ const uint8_t *message, size_t message_len,
+ uint8_t prehashed, const uint8_t *context,
+ uint8_t context_len);
/*
* EdDSA signature verification.
@@ -134,6 +138,7 @@ c448_error_t c448_ed448_verify(const uint8_t
* disambiguation. For Ed448 it is safe.
*/
c448_error_t c448_ed448_verify_prehash(
+ OPENSSL_CTX *ctx,
const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t hash[64],
@@ -189,6 +194,7 @@ c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
* ed (in): The EdDSA private key
*/
c448_error_t c448_ed448_convert_private_key_to_x448(
+ OPENSSL_CTX *ctx,
uint8_t x[X448_PRIVATE_BYTES],
const uint8_t ed[EDDSA_448_PRIVATE_BYTES]);
diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c
index ba3623928c..58e9e92d4c 100644
--- a/crypto/ec/curve448/eddsa.c
+++ b/crypto/ec/curve448/eddsa.c
@@ -19,23 +19,30 @@
#define COFACTOR 4
-static c448_error_t oneshot_hash(uint8_t *out, size_t outlen,
+static c448_error_t oneshot_hash(OPENSSL_CTX *ctx, uint8_t *out, size_t outlen,
const uint8_t *in, size_t inlen)
{
EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
+ EVP_MD *shake256 = NULL;
+ c448_error_t ret = C448_FAILURE;
if (hashctx == NULL)
return C448_FAILURE;
- if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
+ shake256 = EVP_MD_fetch(ctx, "SHAKE256", NULL);
+ if (shake256 == NULL)
+ goto err;
+
+ if (!EVP_DigestInit_ex(hashctx, shake256, NULL)
|| !EVP_DigestUpdate(hashctx, in, inlen)
- || !EVP_DigestFinalXOF(hashctx, out, outlen)) {
- EVP_MD_CTX_free(hashctx);
- return C448_FAILURE;
- }
+ || !EVP_DigestFinalXOF(hashctx, out, outlen))
+ goto err;
+ ret = C448_SUCCESS;
+ err:
EVP_MD_CTX_free(hashctx);
- return C448_SUCCESS;
+ EVP_MD_meth_free(shake256);
+ return ret;
}
static void clamp(uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES])
@@ -45,13 +52,15 @@ static void clamp(uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES])
secret_scalar_ser[EDDSA_448_PRIVATE_BYTES - 2] |= 0x80;
}
-static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed,
+static c448_error_t hash_init_with_dom(OPENSSL_CTX *ctx, EVP_MD_CTX *hashctx,
+ uint8_t prehashed,
uint8_t for_prehash,
const uint8_t *context,
size_t context_len)
{
const char *dom_s = "SigEd448";
uint8_t dom[2];
+ EVP_MD *shake256 = NULL;
if (context_len > UINT8_MAX)
return C448_FAILURE;
@@ -60,27 +69,36 @@ static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed,
- (for_prehash == 0 ? 1 : 0));
dom[1] = (uint8_t)context_len;
- if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
+ shake256 = EVP_MD_fetch(ctx, "SHAKE256", NULL);
+ if (shake256 == NULL)
+ return C448_FAILURE;
+
+ if (!EVP_DigestInit_ex(hashctx, shake256, NULL)
|| !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s))
|| !EVP_DigestUpdate(hashctx, dom, sizeof(dom))
- || !EVP_DigestUpdate(hashctx, context, context_len))
+ || !EVP_DigestUpdate(hashctx, context, context_len)) {
+ EVP_MD_meth_free(shake256);
return C448_FAILURE;
+ }
+ EVP_MD_meth_free(shake256);
return C448_SUCCESS;
}
/* In this file because it uses the hash */
c448_error_t c448_ed448_convert_private_key_to_x448(
+ OPENSSL_CTX *ctx,
uint8_t x[X448_PRIVATE_BYTES],
const uint8_t ed [EDDSA_448_PRIVATE_BYTES])
{
/* pass the private key through oneshot_hash function */
/* and keep the first X448_PRIVATE_BYTES bytes */
- return oneshot_hash(x, X448_PRIVATE_BYTES, ed,
+ return oneshot_hash(ctx, x, X448_PRIVATE_BYTES, ed,
EDDSA_448_PRIVATE_BYTES);
}
c448_error_t c448_ed448_derive_public_key(
+ OPENSSL_CTX *ctx,
uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES])
{
@@ -90,7 +108,8 @@ c448_error_t c448_ed448_derive_public_key(
unsigned int c;
curve448_point_t p;
- if (!oneshot_hash(secret_scalar_ser, sizeof(secret_scalar_ser), privkey,
+ if (!oneshot_hash(ctx, secret_scalar_ser, sizeof(secret_scalar_ser),
+ privkey,
EDDSA_448_PRIVATE_BYTES))
return C448_FAILURE;
@@ -123,6 +142,7 @@ c448_error_t c448_ed448_derive_public_key(
}
c448_error_t c448_ed448_sign(
+ OPENSSL_CTX *ctx,
uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
@@ -148,7 +168,7 @@ c448_error_t c448_ed448_sign(
*/
uint8_t expanded[EDDSA_448_PRIVATE_BYTES * 2];
- if (!oneshot_hash(expanded, sizeof(expanded), privkey,
+ if (!oneshot_hash(ctx, expanded, sizeof(expanded), privkey,
EDDSA_448_PRIVATE_BYTES))
goto err;
clamp(expanded);
@@ -156,7 +176,8 @@ c448_error_t c448_ed448_sign(
EDDSA_448_PRIVATE_BYTES);
/* Hash to create the nonce */
- if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
+ if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context,
+ context_len)
|| !EVP_DigestUpdate(hashctx,
expanded + EDDSA_448_PRIVATE_BYTES,
EDDSA_448_PRIVATE_BYTES)
@@ -197,7 +218,7 @@ c448_error_t c448_ed448_sign(
uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES];
/* Compute the challenge */
- if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
+ if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context, context_len)
|| !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point))
|| !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
|| !EVP_DigestUpdate(hashctx, message, message_len)
@@ -228,17 +249,19 @@ c448_error_t c448_ed448_sign(
}
c448_error_t c448_ed448_sign_prehash(
+ OPENSSL_CTX *ctx,
uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t hash[64], const uint8_t *context,
size_t context_len)
{
- return c448_ed448_sign(signature, privkey, pubkey, hash, 64, 1, context,
- context_len);
+ return c448_ed448_sign(ctx, signature, privkey, pubkey, hash, 64, 1,
+ context, context_len);
}
c448_error_t c448_ed448_verify(
+ OPENSSL_CTX *ctx,
const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t *message, size_t message_len,
@@ -291,7 +314,7 @@ c448_error_t c448_ed448_verify(
uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES];
if (hashctx == NULL
- || !hash_init_with_dom(hashctx, prehashed, 0, context,
+ || !hash_init_with_dom(ctx, hashctx, prehashed, 0, context,
context_len)
|| !EVP_DigestUpdate(hashctx, signature, EDDSA_448_PUBLIC_BYTES)
|| !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
@@ -321,52 +344,54 @@ c448_error_t c448_ed448_verify(
}
c448_error_t c448_ed448_verify_prehash(
+ OPENSSL_CTX *ctx,
const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t hash[64], const uint8_t *context,
uint8_t context_len)
{
- return c448_ed448_verify(signature, pubkey, hash, 64, 1, context,
+ return c448_ed448_verify(ctx, signature, pubkey, hash, 64, 1, context,
context_len);
}
-int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
- const uint8_t public_key[57], const uint8_t private_key[57],
- const uint8_t *context, size_t context_len)
+int ED448_sign(OPENSSL_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
+ size_t message_len, const uint8_t public_key[57],
+ const uint8_t private_key[57], const uint8_t *context,
+ size_t context_len)
{
- return c448_ed448_sign(out_sig, private_key, public_key, message,
+ return c448_ed448_sign(ctx, out_sig, private_key, public_key, message,
message_len, 0, context, context_len)
== C448_SUCCESS;
}
-int ED448_verify(const uint8_t *message, size_t message_len,
+int ED448_verify(OPENSSL_CTX *ctx, const uint8_t *message, size_t message_len,
const uint8_t signature[114], const uint8_t public_key[57],
const uint8_t *context, size_t context_len)
{
- return c448_ed448_verify(signature, public_key, message, message_len, 0,
- context, (uint8_t)context_len) == C448_SUCCESS;
+ return c448_ed448_verify(ctx, signature, public_key, message, message_len,
+ 0, context, (uint8_t)context_len) == C448_SUCCESS;
}
-int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64],
+int ED448ph_sign(OPENSSL_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
const uint8_t public_key[57], const uint8_t private_key[57],
const uint8_t *context, size_t context_len)
{
- return c448_ed448_sign_prehash(out_sig, private_key, public_key, hash,
+ return c448_ed448_sign_prehash(ctx, out_sig, private_key, public_key, hash,
context, context_len) == C448_SUCCESS;
}
-int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114],
- const uint8_t public_key[57], const uint8_t *context,
- size_t context_len)
+int ED448ph_verify(OPENSSL_CTX *ctx, const uint8_t hash[64],
+ const uint8_t signature[114], const uint8_t public_key[57],
+ const uint8_t *context, size_t context_len)
{
- return c448_ed448_verify_prehash(signature, public_key, hash, context,
+ return c448_ed448_verify_prehash(ctx, signature, public_key, hash, context,
(uint8_t)context_len) == C448_SUCCESS;
}
-int ED448_public_from_private(uint8_t out_public_key[57],
+int ED448_public_from_private(OPENSSL_CTX *ctx, uint8_t out_public_key[57],
const uint8_t private_key[57])
{
- return c448_ed448_derive_public_key(out_public_key, private_key)
+ return c448_ed448_derive_public_key(ctx, out_public_key, private_key)
== C448_SUCCESS;
}
diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c
index ca36bb1673..f9ee3be931 100644
--- a/crypto/ec/ec2_oct.c
+++ b/crypto/ec/ec2_oct.c
@@ -35,9 +35,10 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
const BIGNUM *x_, int y_bit,
BN_CTX *ctx)
{
- BN_CTX *new_ctx = NULL;
BIGNUM *tmp, *x, *y, *z;
int ret = 0, z0;
+#ifndef FIPS_MODE
+ BN_CTX *new_ctx = NULL;
/* clear error queue */
ERR_clear_error();
@@ -47,6 +48,7 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
if (ctx == NULL)
return 0;
}
+#endif
y_bit = (y_bit != 0) ? 1 : 0;
@@ -73,6 +75,7 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
if (!BN_GF2m_add(tmp, x, tmp))
goto err;
if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) {
+#ifndef FIPS_MODE
unsigned long err = ERR_peek_last_error();
if (ERR_GET_LIB(err) == ERR_LIB_BN
@@ -81,8 +84,11 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES,
EC_R_INVALID_COMPRESSED_POINT);
} else
+#endif
+ {
ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES,
ERR_R_BN_LIB);
+ }
goto err;
}
z0 = (BN_is_odd(z)) ? 1 : 0;
@@ -101,7 +107,9 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
err:
BN_CTX_end(ctx);
+#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
+#endif
return ret;
}
@@ -115,10 +123,12 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
unsigned char *buf, size_t len, BN_CTX *ctx)
{
size_t ret;
- BN_CTX *new_ctx = NULL;
int used_ctx = 0;
BIGNUM *x, *y, *yxi;
size_t field_len, i, skip;
+#ifndef FIPS_MODE
+ BN_CTX *new_ctx = NULL;
+#endif
if ((form != POINT_CONVERSION_COMPRESSED)
&& (form != POINT_CONVERSION_UNCOMPRESSED)
@@ -152,11 +162,13 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
goto err;
}
+#ifndef FIPS_MODE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
return 0;
}
+#endif
BN_CTX_start(ctx);
used_ctx = 1;
@@ -218,13 +230,17 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
if (used_ctx)
BN_CTX_end(ctx);
+#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
+#endif
return ret;
err:
if (used_ctx)
BN_CTX_end(ctx);
+#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
+#endif
return 0;
}
@@ -238,10 +254,12 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
{
point_conversion_form_t form;
int y_bit, m;
- BN_CTX *new_ctx = NULL;
BIGNUM *x, *y, *yxi;
size_t field_len, enc_len;
int ret = 0;
+#ifndef FIPS_MODE
+ BN_CTX *new_ctx = NULL;
+#endif
if (len == 0) {
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
@@ -281,11 +299,13 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
return 0;
}
+#ifndef FIPS_MODE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
return 0;
}
+#endif
BN_CTX_start(ctx);
x = BN_CTX_get(ctx);
@@ -332,7 +352,9 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
err:
BN_CTX_end(ctx);
+#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
+#endif
return ret;
}
#endif
diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
index ebd6f21eec..0cc9c893f8 100644
--- a/crypto/ec/ec2_smpl.c
+++ b/crypto/ec/ec2_smpl.c
@@ -176,6 +176,7 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
{
int ret = 0;
BIGNUM *b;
+#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
if (ctx == NULL) {
@@ -186,6 +187,7 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
goto err;
}
}
+#endif
BN_CTX_start(ctx);
b = BN_CTX_get(ctx);
if (b == NULL)
@@ -205,7 +207,9 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
err:
BN_CTX_end(ctx);
+#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
+#endif
return ret;
}
@@ -349,9 +353,11 @@ int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group,
int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
const EC_POINT *b, BN_CTX *ctx)
{
- BN_CTX *new_ctx = NULL;
BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;
int ret = 0;
+#ifndef FIPS_MODE
+ BN_CTX *new_ctx = NULL;
+#endif
if (EC_POINT_is_at_infinity(group, a)) {
if (!EC_POINT_copy(r, b))
@@ -365,11 +371,13 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
return 1;
}
+#ifndef FIPS_MODE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
return 0;
}
+#endif
BN_CTX_start(ctx);
x0 = BN_CTX_get(ctx);
@@ -453,7 +461,9 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
err:
BN_CTX_end(ctx);
+#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
+#endif
return ret;
}
@@ -494,11 +504,13 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
BN_CTX *ctx)
{
int ret = -1;
- BN_CTX *new_ctx = NULL;
BIGNUM *lh, *y2;
int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
const BIGNUM *, BN_CTX *);