diff options
| author | Tomas Mraz <tomas@openssl.org> | 2022-03-28 18:14:47 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-04-14 08:50:55 +0200 |
| commit | 638c3a28af45bd81a1c90b81efd8e10449eace1b (patch) | |
| tree | a474621f352faf26409965185de39f93f46715f1 | |
| parent | Check the return of EVP_KDF_fetch() (diff) | |
| download | openssl-638c3a28af45bd81a1c90b81efd8e10449eace1b.tar.xz openssl-638c3a28af45bd81a1c90b81efd8e10449eace1b.zip | |
Import only named params into FIPS module
Fixes #17978
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17998)
| -rw-r--r-- | crypto/ec/ec_lib.c | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 2aeab7e3b6..f00b222aeb 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1387,6 +1387,7 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, } #endif +#ifndef FIPS_MODULE /* * Check if the explicit parameters group matches any built-in curves. * @@ -1424,7 +1425,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group, * parameters with one created from a named group. */ -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 /* * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for * the same curve, we prefer the SECP nid when matching explicit @@ -1432,7 +1433,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group, */ if (curve_name_nid == NID_wap_wsg_idm_ecid_wtls12) curve_name_nid = NID_secp224r1; -#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ +# endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ ret_group = EC_GROUP_new_by_curve_name_ex(libctx, propq, curve_name_nid); if (ret_group == NULL) @@ -1467,6 +1468,7 @@ err: EC_GROUP_free(ret_group); return NULL; } +#endif /* FIPS_MODULE */ static EC_GROUP *group_new_from_name(const OSSL_PARAM *p, OSSL_LIB_CTX *libctx, const char *propq) @@ -1536,9 +1538,13 @@ int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[]) EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], OSSL_LIB_CTX *libctx, const char *propq) { - const OSSL_PARAM *ptmp, *pa, *pb; + const OSSL_PARAM *ptmp; + EC_GROUP *group = NULL; + +#ifndef FIPS_MODULE + const OSSL_PARAM *pa, *pb; int ok = 0; - EC_GROUP *group = NULL, *named_group = NULL; + EC_GROUP *named_group = NULL; BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL, *cofactor = NULL; EC_POINT *point = NULL; int field_bits = 0; @@ -1546,6 +1552,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], BN_CTX *bnctx = NULL; const unsigned char *buf = NULL; int encoding_flag = -1; +#endif /* This is the simple named group case */ ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); @@ -1559,6 +1566,9 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], } return group; } +#ifdef FIPS_MODULE + return NULL; +#else /* If it gets here then we are trying explicit parameters */ bnctx = BN_CTX_new_ex(libctx); if (bnctx == NULL) { @@ -1623,10 +1633,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], /* create the EC_GROUP structure */ group = EC_GROUP_new_curve_GFp(p, a, b, bnctx); } else { -#ifdef OPENSSL_NO_EC2M +# ifdef OPENSSL_NO_EC2M ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); goto err; -#else +# else /* create the EC_GROUP structure */ group = EC_GROUP_new_curve_GF2m(p, a, b, NULL); if (group != NULL) { @@ -1636,7 +1646,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], goto err; } } -#endif /* OPENSSL_NO_EC2M */ +# endif /* OPENSSL_NO_EC2M */ } if (group == NULL) { @@ -1733,4 +1743,5 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], BN_CTX_free(bnctx); return group; +#endif /* FIPS_MODULE */ } |