Add EC key validation to default provider

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10861)

3 files changed, 120 insertions, 56 deletions

diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
index bb39177d64..1283d8404f 100644
--- a/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
@@ -20,26 +20,27 @@ int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only,
                                BN_CTX *ctx)
 {
     int nid = NID_undef;
-#ifndef FIPS_MODE
     BN_CTX *new_ctx = NULL;
 
+    if (group == NULL) {
+        ECerr(0, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
     if (ctx == NULL) {
-        ctx = new_ctx = BN_CTX_new();
+        ctx = new_ctx = BN_CTX_new_ex(NULL);
         if (ctx == NULL) {
-            ECerr(EC_F_EC_GROUP_CHECK_NAMED_CURVE, ERR_R_MALLOC_FAILURE);
-            goto err;
+            ECerr(0, ERR_R_MALLOC_FAILURE);
+            return NID_undef;
         }
     }
-#endif
 
     nid = ec_curve_nid_from_params(group, ctx);
     if (nid > 0 && nist_only && EC_curve_nid2nist(nid) == NULL)
         nid = NID_undef;
 
-#ifndef FIPS_MODE
- err:
-    BN_CTX_free(ctx);
-#endif
+err:
+    BN_CTX_free(new_ctx);
     return nid;
 }
 
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 18b544b9d3..ae3e974231 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -419,93 +419,151 @@ err:
 
 /*
  * ECC Key validation as specified in SP800-56A R3.
- *    Section 5.6.2.3.3 ECC Full Public-Key Validation
- *    Section 5.6.2.1.2 Owner Assurance of Private-Key Validity
- *    Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency
- * NOTES:
- *    Before calling this method in fips mode, there should be an assurance that
- *    an approved elliptic-curve group is used.
- * Returns 1 if the key is valid, otherwise it returns 0.
+ * Section 5.6.2.3.3 ECC Full Public-Key Validation.
  */
-int ec_key_simple_check_key(const EC_KEY *eckey)
+int ec_key_public_check(const EC_KEY *eckey, BN_CTX *ctx)
 {
-    int ok = 0;
-    BN_CTX *ctx = NULL;
-    const BIGNUM *order = NULL;
+    int ret = 0;
     EC_POINT *point = NULL;
+    const BIGNUM *order = NULL;
 
     if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) {
-        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        ECerr(0, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
 
     /* 5.6.2.3.3 (Step 1): Q != infinity */
     if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) {
-        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_AT_INFINITY);
-        goto err;
+        ECerr(0, EC_R_POINT_AT_INFINITY);
+        return 0;
     }
 
-    if ((ctx = BN_CTX_new_ex(eckey->libctx)) == NULL)
-        goto err;
-
-    if ((point = EC_POINT_new(eckey->group)) == NULL)
-        goto err;
+    point = EC_POINT_new(eckey->group);
+    if (point == NULL)
+        return 0;
 
     /* 5.6.2.3.3 (Step 2) Test if the public key is in range */
     if (!ec_key_public_range_check(ctx, eckey)) {
-        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_COORDINATES_OUT_OF_RANGE);
+        ECerr(0, EC_R_COORDINATES_OUT_OF_RANGE);
         goto err;
     }
 
     /* 5.6.2.3.3 (Step 3) is the pub_key on the elliptic curve */
     if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
-        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
+        ECerr(0, EC_R_POINT_IS_NOT_ON_CURVE);
         goto err;
     }
 
     order = eckey->group->order;
     if (BN_is_zero(order)) {
-        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
+        ECerr(0, EC_R_INVALID_GROUP_ORDER);
         goto err;
     }
     /* 5.6.2.3.3 (Step 4) : pub_key * order is the point at infinity. */
     if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {
-        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB);
+        ECerr(0, ERR_R_EC_LIB);
         goto err;
     }
     if (!EC_POINT_is_at_infinity(eckey->group, point)) {
-        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER);
+        ECerr(0, EC_R_WRONG_ORDER);
+        goto err;
+    }
+    ret = 1;
+err:
+    EC_POINT_free(point);
+    return ret;
+}
+
+/*
+ * ECC Key validation as specified in SP800-56A R3.
+ * Section 5.6.2.1.2 Owner Assurance of Private-Key Validity
+ * The private key is in the range [1, order-1]
+ */
+int ec_key_private_check(const EC_KEY *eckey)
+{
+    if (eckey == NULL || eckey->group == NULL || eckey->priv_key == NULL) {
+        ECerr(0, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (BN_cmp(eckey->priv_key, BN_value_one()) < 0
+        || BN_cmp(eckey->priv_key, eckey->group->order) >= 0) {
+        ECerr(0, EC_R_INVALID_PRIVATE_KEY);
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * ECC Key validation as specified in SP800-56A R3.
+ * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency (b)
+ * Check if generator * priv_key = pub_key
+ */
+int ec_key_pairwise_check(const EC_KEY *eckey, BN_CTX *ctx)
+{
+    int ret = 0;
+    EC_POINT *point = NULL;
+
+    if (eckey == NULL
+       || eckey->group == NULL
+       || eckey->pub_key == NULL
+       || eckey->priv_key == NULL) {
+        ECerr(0, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    point = EC_POINT_new(eckey->group);
+    if (point == NULL)
+        goto err;
+
+
+    if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, NULL, NULL, ctx)) {
+        ECerr(0, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {
+        ECerr(0, EC_R_INVALID_PRIVATE_KEY);
         goto err;
     }
+    ret = 1;
+err:
+    EC_POINT_free(point);
+    return ret;
+}
+
+
+/*
+ * ECC Key validation as specified in SP800-56A R3.
+ *    Section 5.6.2.3.3 ECC Full Public-Key Validation
+ *    Section 5.6.2.1.2 Owner Assurance of Private-Key Validity
+ *    Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency
+ * NOTES:
+ *    Before calling this method in fips mode, there should be an assurance that
+ *    an approved elliptic-curve group is used.
+ * Returns 1 if the key is valid, otherwise it returns 0.
+ */
+int ec_key_simple_check_key(const EC_KEY *eckey)
+{
+    int ok = 0;
+    BN_CTX *ctx = NULL;
+
+    if (eckey == NULL) {
+        ECerr(0, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((ctx = BN_CTX_new_ex(eckey->libctx)) == NULL)
+        return 0;
+
+    if (!ec_key_public_check(eckey, ctx))
+        goto err;
 
     if (eckey->priv_key != NULL) {
-        /*
-         * 5.6.2.1.2 Owner Assurance of Private-Key Validity
-         * The private key is in the range [1, order-1]
-         */
-        if (BN_cmp(eckey->priv_key, BN_value_one()) < 0
-                || BN_cmp(eckey->priv_key, order) >= 0) {
-            ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER);
+        if (!ec_key_private_check(eckey)
+            || !ec_key_pairwise_check(eckey, ctx))
             goto err;
-        }
-        /*
-         * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency (b)
-         * Check if generator * priv_key = pub_key
-         */
-        if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
-                          NULL, NULL, ctx)) {
-            ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB);
-            goto err;
-        }
-        if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {
-            ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
-            goto err;
-        }
     }
     ok = 1;
- err:
+err:
     BN_CTX_free(ctx);
-    EC_POINT_free(point);
     return ok;
 }
 
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 078d8b35fa..e66a501a0e 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1261,3 +1261,8 @@ int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
 
     return group->meth->blind_coordinates(group, p, ctx);
 }
+
+OPENSSL_CTX *ec_key_get_libctx(const EC_KEY *eckey)
+{
+    return eckey->libctx;
+}