diff options
author | Matt Caswell <matt@openssl.org> | 2019-07-03 17:30:03 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-08-06 11:19:07 +0100 |
commit | a9612d6c034f47c4788c67d85651d0cd58c3faf7 (patch) | |
tree | b3af6481b8c7a2a50b8834c3cec70841ae739f95 /crypto/ec | |
parent | c1a3f16f735057b45df1803d58f40e4e17b233e5 (diff) |
Make the EC code available from inside the FIPS provider
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9380)
Diffstat (limited to 'crypto/ec')
-rw-r--r-- | crypto/ec/build.info | 16 | ||||
-rw-r--r-- | crypto/ec/curve448/curve448_lcl.h | 19 | ||||
-rw-r--r-- | crypto/ec/curve448/ed448.h | 20 | ||||
-rw-r--r-- | crypto/ec/curve448/eddsa.c | 93 | ||||
-rw-r--r-- | crypto/ec/ec2_oct.c | 28 | ||||
-rw-r--r-- | crypto/ec/ec2_smpl.c | 44 | ||||
-rw-r--r-- | crypto/ec/ec_asn1.c | 6 | ||||
-rw-r--r-- | crypto/ec/ec_check.c | 25 | ||||
-rw-r--r-- | crypto/ec/ec_curve.c | 52 | ||||
-rw-r--r-- | crypto/ec/ec_cvt.c | 5 | ||||
-rw-r--r-- | crypto/ec/ec_key.c | 50 | ||||
-rw-r--r-- | crypto/ec/ec_kmeth.c | 28 | ||||
-rw-r--r-- | crypto/ec/ec_lcl.h | 9 | ||||
-rw-r--r-- | crypto/ec/ec_lib.c | 70 | ||||
-rw-r--r-- | crypto/ec/ec_mult.c | 15 | ||||
-rw-r--r-- | crypto/ec/ecdh_ossl.c | 2 | ||||
-rw-r--r-- | crypto/ec/ecdsa_ossl.c | 8 | ||||
-rw-r--r-- | crypto/ec/ecp_mont.c | 5 | ||||
-rw-r--r-- | crypto/ec/ecp_nist.c | 6 | ||||
-rw-r--r-- | crypto/ec/ecp_nistp224.c | 27 | ||||
-rw-r--r-- | crypto/ec/ecp_nistp256.c | 27 | ||||
-rw-r--r-- | crypto/ec/ecp_nistp521.c | 27 | ||||
-rw-r--r-- | crypto/ec/ecp_nistz256.c | 2 | ||||
-rw-r--r-- | crypto/ec/ecp_oct.c | 12 | ||||
-rw-r--r-- | crypto/ec/ecp_smpl.c | 31 | ||||
-rw-r--r-- | crypto/ec/ecx_meth.c | 20 |
26 files changed, 459 insertions, 188 deletions
diff --git a/crypto/ec/build.info b/crypto/ec/build.info index 5e9778d333..6bc04588e2 100644 --- a/crypto/ec/build.info +++ b/crypto/ec/build.info @@ -43,17 +43,21 @@ IF[{- !$disabled{asm} -}] ENDIF LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \ - ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c \ - ec2_smpl.c ec_ameth.c ec_pmeth.c eck_prn.c \ + +$COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \ + ec_curve.c ec_check.c ec_print.c ec_key.c ec_asn1.c \ + ec2_smpl.c \ ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c \ - ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c ecdh_kdf.c \ - ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c ecx_meth.c \ + ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c \ + ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \ curve448/arch_32/f_impl.c curve448/f_generic.c curve448/scalar.c \ curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \ $ECASM +SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c ec_err.c \ + ecdh_kdf.c eck_prn.c DEFINE[../../libcrypto]=$ECDEF +SOURCE[../../providers/fips]=$COMMON +DEFINE[../../providers/fips]=$ECDEF GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl \ $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) diff --git a/crypto/ec/curve448/curve448_lcl.h b/crypto/ec/curve448/curve448_lcl.h index 3625e12a82..9459f002cb 100644 --- a/crypto/ec/curve448/curve448_lcl.h +++ b/crypto/ec/curve448/curve448_lcl.h @@ -16,23 +16,24 @@ int X448(uint8_t out_shared_key[56], const uint8_t private_key[56], void X448_public_from_private(uint8_t out_public_value[56], const uint8_t private_key[56]); -int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, - const uint8_t public_key[57], const uint8_t private_key[57], - const uint8_t *context, size_t context_len); +int ED448_sign(OPENSSL_CTX *ctx, uint8_t *out_sig, const uint8_t *message, + size_t message_len, const uint8_t public_key[57], + const uint8_t private_key[57], const uint8_t *context, + size_t context_len); -int ED448_verify(const uint8_t *message, size_t message_len, +int ED448_verify(OPENSSL_CTX *ctx, const uint8_t *message, size_t message_len, const uint8_t signature[114], const uint8_t public_key[57], const uint8_t *context, size_t context_len); -int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64], +int ED448ph_sign(OPENSSL_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64], const uint8_t public_key[57], const uint8_t private_key[57], const uint8_t *context, size_t context_len); -int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114], - const uint8_t public_key[57], const uint8_t *context, - size_t context_len); +int ED448ph_verify(OPENSSL_CTX *ctx, const uint8_t hash[64], + const uint8_t signature[114], const uint8_t public_key[57], + const uint8_t *context, size_t context_len); -int ED448_public_from_private(uint8_t out_public_key[57], +int ED448_public_from_private(OPENSSL_CTX *ctx, uint8_t out_public_key[57], const uint8_t private_key[57]); #endif /* HEADER_CURVE448_LCL_H */ diff --git a/crypto/ec/curve448/ed448.h b/crypto/ec/curve448/ed448.h index e66d3e38bb..b198f36e3a 100644 --- a/crypto/ec/curve448/ed448.h +++ b/crypto/ec/curve448/ed448.h @@ -38,6 +38,7 @@ * privkey (in): The private key. */ c448_error_t c448_ed448_derive_public_key( + OPENSSL_CTX *ctx, uint8_t pubkey [EDDSA_448_PUBLIC_BYTES], const uint8_t privkey [EDDSA_448_PRIVATE_BYTES]); @@ -59,6 +60,7 @@ c448_error_t c448_ed448_derive_public_key( * disambiguation. For Ed448 it is safe. */ c448_error_t c448_ed448_sign( + OPENSSL_CTX *ctx, uint8_t signature[EDDSA_448_SIGNATURE_BYTES], const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], @@ -83,6 +85,7 @@ c448_error_t c448_ed448_sign( * disambiguation. For Ed448 it is safe. */ c448_error_t c448_ed448_sign_prehash( + OPENSSL_CTX *ctx, uint8_t signature[EDDSA_448_SIGNATURE_BYTES], const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], @@ -108,13 +111,14 @@ c448_error_t c448_ed448_sign_prehash( * non-prehashed messages, at least without some very careful protocol-level * disambiguation. For Ed448 it is safe. */ -c448_error_t c448_ed448_verify(const uint8_t - signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t - pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t *message, size_t message_len, - uint8_t prehashed, const uint8_t *context, - uint8_t context_len); +c448_error_t c448_ed448_verify(OPENSSL_CTX *ctx, + const uint8_t + signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t + pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t *message, size_t message_len, + uint8_t prehashed, const uint8_t *context, + uint8_t context_len); /* * EdDSA signature verification. @@ -134,6 +138,7 @@ c448_error_t c448_ed448_verify(const uint8_t * disambiguation. For Ed448 it is safe. */ c448_error_t c448_ed448_verify_prehash( + OPENSSL_CTX *ctx, const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], const uint8_t hash[64], @@ -189,6 +194,7 @@ c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio( * ed (in): The EdDSA private key */ c448_error_t c448_ed448_convert_private_key_to_x448( + OPENSSL_CTX *ctx, uint8_t x[X448_PRIVATE_BYTES], const uint8_t ed[EDDSA_448_PRIVATE_BYTES]); diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c index ba3623928c..58e9e92d4c 100644 --- a/crypto/ec/curve448/eddsa.c +++ b/crypto/ec/curve448/eddsa.c @@ -19,23 +19,30 @@ #define COFACTOR 4 -static c448_error_t oneshot_hash(uint8_t *out, size_t outlen, +static c448_error_t oneshot_hash(OPENSSL_CTX *ctx, uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { EVP_MD_CTX *hashctx = EVP_MD_CTX_new(); + EVP_MD *shake256 = NULL; + c448_error_t ret = C448_FAILURE; if (hashctx == NULL) return C448_FAILURE; - if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL) + shake256 = EVP_MD_fetch(ctx, "SHAKE256", NULL); + if (shake256 == NULL) + goto err; + + if (!EVP_DigestInit_ex(hashctx, shake256, NULL) || !EVP_DigestUpdate(hashctx, in, inlen) - || !EVP_DigestFinalXOF(hashctx, out, outlen)) { - EVP_MD_CTX_free(hashctx); - return C448_FAILURE; - } + || !EVP_DigestFinalXOF(hashctx, out, outlen)) + goto err; + ret = C448_SUCCESS; + err: EVP_MD_CTX_free(hashctx); - return C448_SUCCESS; + EVP_MD_meth_free(shake256); + return ret; } static void clamp(uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES]) @@ -45,13 +52,15 @@ static void clamp(uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES]) secret_scalar_ser[EDDSA_448_PRIVATE_BYTES - 2] |= 0x80; } -static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed, +static c448_error_t hash_init_with_dom(OPENSSL_CTX *ctx, EVP_MD_CTX *hashctx, + uint8_t prehashed, uint8_t for_prehash, const uint8_t *context, size_t context_len) { const char *dom_s = "SigEd448"; uint8_t dom[2]; + EVP_MD *shake256 = NULL; if (context_len > UINT8_MAX) return C448_FAILURE; @@ -60,27 +69,36 @@ static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed, - (for_prehash == 0 ? 1 : 0)); dom[1] = (uint8_t)context_len; - if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL) + shake256 = EVP_MD_fetch(ctx, "SHAKE256", NULL); + if (shake256 == NULL) + return C448_FAILURE; + + if (!EVP_DigestInit_ex(hashctx, shake256, NULL) || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s)) || !EVP_DigestUpdate(hashctx, dom, sizeof(dom)) - || !EVP_DigestUpdate(hashctx, context, context_len)) + || !EVP_DigestUpdate(hashctx, context, context_len)) { + EVP_MD_meth_free(shake256); return C448_FAILURE; + } + EVP_MD_meth_free(shake256); return C448_SUCCESS; } /* In this file because it uses the hash */ c448_error_t c448_ed448_convert_private_key_to_x448( + OPENSSL_CTX *ctx, uint8_t x[X448_PRIVATE_BYTES], const uint8_t ed [EDDSA_448_PRIVATE_BYTES]) { /* pass the private key through oneshot_hash function */ /* and keep the first X448_PRIVATE_BYTES bytes */ - return oneshot_hash(x, X448_PRIVATE_BYTES, ed, + return oneshot_hash(ctx, x, X448_PRIVATE_BYTES, ed, EDDSA_448_PRIVATE_BYTES); } c448_error_t c448_ed448_derive_public_key( + OPENSSL_CTX *ctx, uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], const uint8_t privkey[EDDSA_448_PRIVATE_BYTES]) { @@ -90,7 +108,8 @@ c448_error_t c448_ed448_derive_public_key( unsigned int c; curve448_point_t p; - if (!oneshot_hash(secret_scalar_ser, sizeof(secret_scalar_ser), privkey, + if (!oneshot_hash(ctx, secret_scalar_ser, sizeof(secret_scalar_ser), + privkey, EDDSA_448_PRIVATE_BYTES)) return C448_FAILURE; @@ -123,6 +142,7 @@ c448_error_t c448_ed448_derive_public_key( } c448_error_t c448_ed448_sign( + OPENSSL_CTX *ctx, uint8_t signature[EDDSA_448_SIGNATURE_BYTES], const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], @@ -148,7 +168,7 @@ c448_error_t c448_ed448_sign( */ uint8_t expanded[EDDSA_448_PRIVATE_BYTES * 2]; - if (!oneshot_hash(expanded, sizeof(expanded), privkey, + if (!oneshot_hash(ctx, expanded, sizeof(expanded), privkey, EDDSA_448_PRIVATE_BYTES)) goto err; clamp(expanded); @@ -156,7 +176,8 @@ c448_error_t c448_ed448_sign( EDDSA_448_PRIVATE_BYTES); /* Hash to create the nonce */ - if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len) + if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context, + context_len) || !EVP_DigestUpdate(hashctx, expanded + EDDSA_448_PRIVATE_BYTES, EDDSA_448_PRIVATE_BYTES) @@ -197,7 +218,7 @@ c448_error_t c448_ed448_sign( uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES]; /* Compute the challenge */ - if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len) + if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context, context_len) || !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point)) || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES) || !EVP_DigestUpdate(hashctx, message, message_len) @@ -228,17 +249,19 @@ c448_error_t c448_ed448_sign( } c448_error_t c448_ed448_sign_prehash( + OPENSSL_CTX *ctx, uint8_t signature[EDDSA_448_SIGNATURE_BYTES], const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], const uint8_t hash[64], const uint8_t *context, size_t context_len) { - return c448_ed448_sign(signature, privkey, pubkey, hash, 64, 1, context, - context_len); + return c448_ed448_sign(ctx, signature, privkey, pubkey, hash, 64, 1, + context, context_len); } c448_error_t c448_ed448_verify( + OPENSSL_CTX *ctx, const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], const uint8_t *message, size_t message_len, @@ -291,7 +314,7 @@ c448_error_t c448_ed448_verify( uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES]; if (hashctx == NULL - || !hash_init_with_dom(hashctx, prehashed, 0, context, + || !hash_init_with_dom(ctx, hashctx, prehashed, 0, context, context_len) || !EVP_DigestUpdate(hashctx, signature, EDDSA_448_PUBLIC_BYTES) || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES) @@ -321,52 +344,54 @@ c448_error_t c448_ed448_verify( } c448_error_t c448_ed448_verify_prehash( + OPENSSL_CTX *ctx, const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], const uint8_t hash[64], const uint8_t *context, uint8_t context_len) { - return c448_ed448_verify(signature, pubkey, hash, 64, 1, context, + return c448_ed448_verify(ctx, signature, pubkey, hash, 64, 1, context, context_len); } -int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, - const uint8_t public_key[57], const uint8_t private_key[57], - const uint8_t *context, size_t context_len) +int ED448_sign(OPENSSL_CTX *ctx, uint8_t *out_sig, const uint8_t *message, + size_t message_len, const uint8_t public_key[57], + const uint8_t private_key[57], const uint8_t *context, + size_t context_len) { - return c448_ed448_sign(out_sig, private_key, public_key, message, + return c448_ed448_sign(ctx, out_sig, private_key, public_key, message, message_len, 0, context, context_len) == C448_SUCCESS; } -int ED448_verify(const uint8_t *message, size_t message_len, +int ED448_verify(OPENSSL_CTX *ctx, const uint8_t *message, size_t message_len, const uint8_t signature[114], const uint8_t public_key[57], const uint8_t *context, size_t context_len) { - return c448_ed448_verify(signature, public_key, message, message_len, 0, - context, (uint8_t)context_len) == C448_SUCCESS; + return c448_ed448_verify(ctx, signature, public_key, message, message_len, + 0, context, (uint8_t)context_len) == C448_SUCCESS; } -int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64], +int ED448ph_sign(OPENSSL_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64], const uint8_t public_key[57], const uint8_t private_key[57], const uint8_t *context, size_t context_len) { - return c448_ed448_sign_prehash(out_sig, private_key, public_key, hash, + return c448_ed448_sign_prehash(ctx, out_sig, private_key, public_key, hash, context, context_len) == C448_SUCCESS; } -int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114], - const uint8_t public_key[57], const uint8_t *context, - size_t context_len) +int ED448ph_verify(OPENSSL_CTX *ctx, const uint8_t hash[64], + const uint8_t signature[114], const uint8_t public_key[57], + const uint8_t *context, size_t context_len) { - return c448_ed448_verify_prehash(signature, public_key, hash, context, + return c448_ed448_verify_prehash(ctx, signature, public_key, hash, context, (uint8_t)context_len) == C448_SUCCESS; } -int ED448_public_from_private(uint8_t out_public_key[57], +int ED448_public_from_private(OPENSSL_CTX *ctx, uint8_t out_public_key[57], const uint8_t private_key[57]) { - return c448_ed448_derive_public_key(out_public_key, private_key) + return c448_ed448_derive_public_key(ctx, out_public_key, private_key) == C448_SUCCESS; } diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c index ca36bb1673..f9ee3be931 100644 --- a/crypto/ec/ec2_oct.c +++ b/crypto/ec/ec2_oct.c @@ -35,9 +35,10 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, const BIGNUM *x_, int y_bit, BN_CTX *ctx) { - BN_CTX *new_ctx = NULL; BIGNUM *tmp, *x, *y, *z; int ret = 0, z0; +#ifndef FIPS_MODE + BN_CTX *new_ctx = NULL; /* clear error queue */ ERR_clear_error(); @@ -47,6 +48,7 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, if (ctx == NULL) return 0; } +#endif y_bit = (y_bit != 0) ? 1 : 0; @@ -73,6 +75,7 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, if (!BN_GF2m_add(tmp, x, tmp)) goto err; if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) { +#ifndef FIPS_MODE unsigned long err = ERR_peek_last_error(); if (ERR_GET_LIB(err) == ERR_LIB_BN @@ -81,8 +84,11 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); } else +#endif + { ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB); + } goto err; } z0 = (BN_is_odd(z)) ? 1 : 0; @@ -101,7 +107,9 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, err: BN_CTX_end(ctx); +#ifndef FIPS_MODE BN_CTX_free(new_ctx); +#endif return ret; } @@ -115,10 +123,12 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, unsigned char *buf, size_t len, BN_CTX *ctx) { size_t ret; - BN_CTX *new_ctx = NULL; int used_ctx = 0; BIGNUM *x, *y, *yxi; size_t field_len, i, skip; +#ifndef FIPS_MODE + BN_CTX *new_ctx = NULL; +#endif if ((form != POINT_CONVERSION_COMPRESSED) && (form != POINT_CONVERSION_UNCOMPRESSED) @@ -152,11 +162,13 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, goto err; } +#ifndef FIPS_MODE if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return 0; } +#endif BN_CTX_start(ctx); used_ctx = 1; @@ -218,13 +230,17 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, if (used_ctx) BN_CTX_end(ctx); +#ifndef FIPS_MODE BN_CTX_free(new_ctx); +#endif return ret; err: if (used_ctx) BN_CTX_end(ctx); +#ifndef FIPS_MODE BN_CTX_free(new_ctx); +#endif return 0; } @@ -238,10 +254,12 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, { point_conversion_form_t form; int y_bit, m; - BN_CTX *new_ctx = NULL; BIGNUM *x, *y, *yxi; size_t field_len, enc_len; int ret = 0; +#ifndef FIPS_MODE + BN_CTX *new_ctx = NULL; +#endif if (len == 0) { ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); @@ -281,11 +299,13 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, return 0; } +#ifndef FIPS_MODE if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return 0; } +#endif BN_CTX_start(ctx); x = BN_CTX_get(ctx); @@ -332,7 +352,9 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, err: BN_CTX_end(ctx); +#ifndef FIPS_MODE BN_CTX_free(new_ctx); +#endif return ret; } #endif diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index ebd6f21eec..0cc9c893f8 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -176,6 +176,7 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, { int ret = 0; BIGNUM *b; +#ifndef FIPS_MODE BN_CTX *new_ctx = NULL; if (ctx == NULL) { @@ -186,6 +187,7 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, goto err; } } +#endif BN_CTX_start(ctx); b = BN_CTX_get(ctx); if (b == NULL) @@ -205,7 +207,9 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, err: BN_CTX_end(ctx); +#ifndef FIPS_MODE BN_CTX_free(new_ctx); +#endif return ret; } @@ -349,9 +353,11 @@ int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) { - BN_CTX *new_ctx = NULL; BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t; int ret = 0; +#ifndef FIPS_MODE + BN_CTX *new_ctx = NULL; +#endif if (EC_POINT_is_at_infinity(group, a)) { if (!EC_POINT_copy(r, b)) @@ -365,11 +371,13 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, return 1; } +#ifndef FIPS_MODE if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return 0; } +#endif BN_CTX_start(ctx); x0 = BN_CTX_get(ctx); @@ -453,7 +461,9 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, err: BN_CTX_end(ctx); +#ifndef FIPS_MODE BN_CTX_free(new_ctx); +#endif return ret; } @@ -494,11 +504,13 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) { int ret = -1; - BN_CTX *new_ctx = NULL; BIGNUM *lh, *y2; int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); +#ifndef FIPS_MODE + BN_CTX *new_ctx = NULL; +#endif if (EC_POINT_is_at_infinity(group, point)) return 1; @@ -510,11 +522,13 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, if (!point->Z_is_one) return -1; +#ifndef FIPS_MODE if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return -1; } +#endif BN_CTX_start(ctx); y2 = BN_CTX_get(ctx); @@ -546,7 +560,9 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, err: BN_CTX_end(ctx); +#ifndef FIPS_MODE BN_CTX_free(new_ctx); +#endif return ret; } @@ -561,8 +577,10 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) { BIGNUM *aX, *aY, *bX, *bY; - BN_CTX *new_ctx = NULL; int ret = -1; +#ifndef FIPS_MODE + BN_CTX *new_ctx = NULL; +#endif if (EC_POINT_is_at_infinity(group, a)) { return EC_POINT_is_at_infinity(group, b) ? 0 : 1; @@ -575,11 +593,13 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, return ((BN_cmp(a->X, b->X) == 0) && BN_cmp(a->Y, b->Y) == 0) ? 0 : 1; } +#ifndef FIPS_MODE if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return -1; } +#endif BN_CTX_start(ctx); aX = BN_CTX_get(ctx); @@ -597,7 +617,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, err: BN_CTX_end(ctx); +#ifndef FIPS_MODE BN_CTX_free(new_ctx); +#endif return ret; } @@ -605,18 +627,22 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) { - BN_CTX *new_ctx = NULL; BIGNUM *x, *y; int ret = 0; +#ifndef FIPS_MODE + BN_CTX *new_ctx = NULL; +#endif if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) return 1; +#ifndef FIPS_MODE if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return 0; } +#endif BN_CTX_start(ctx); x = BN_CTX_get(ctx); @@ -638,7 +664,9 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, err: BN_CTX_end(ctx); +#ifndef FIPS_MODE BN_CTX_free(new_ctx); +#endif return ret; } @@ -696,8 +724,8 @@ int ec_GF2m_simple_ladder_pre(const EC_GROUP *group, /* s blinding: make sure lambda (s->Z here) is not zero */ do { - if (!BN_priv_rand(s->Z, BN_num_bits(group->field) - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) { + if (!BN_priv_rand_ex(s->Z, BN_num_bits(group->field) - 1, + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx)) { ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB); return 0; } @@ -711,8 +739,8 @@ int ec_GF2m_simple_ladder_pre(const EC_GROUP *group, /* r blinding: make sure lambda (r->Y here for storage) is not zero */ do { - if (!BN_priv_rand(r->Y, BN_num_bits(group->field) - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) { + if (!BN_priv_rand_ex(r->Y, BN_num_bits(group->field) - 1, + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx)) { ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB); return 0; } diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index c2f9679c0c..3a8128b755 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -15,6 +15,8 @@ #include "internal/nelem.h" #include "internal/asn1_dsa.h" +#ifndef FIPS_MODE + int EC_GROUP_get_basis_type(const EC_GROUP *group) { int i; @@ -1141,6 +1143,8 @@ int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out) DECLARE_ASN1_FUNCTIONS(ECDSA_SIG) DECLARE_ASN1_ENCODE_FUNCTIONS_name(ECDSA_SIG, ECDSA_SIG) +#endif /* FIPS_MODE */ + ECDSA_SIG *ECDSA_SIG_new(void) { ECDSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig)); @@ -1255,6 +1259,7 @@ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) return 1; } +#ifndef FIPS_MODE int ECDSA_size(const EC_KEY *r) { int ret, i; @@ -1282,3 +1287,4 @@ int ECDSA_size(const EC_KEY *r) ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); return ret; } +#endif diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c index 315b9fd4df..974fcb2446 100644 --- a/crypto/ec/ec_check.c +++ b/crypto/ec/ec_check.c @@ -10,13 +10,30 @@ #include "ec_lcl.h" #include <openssl/err.h> |