diff options
| author | Matt Caswell <matt@openssl.org> | 2019-07-03 18:30:03 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2019-08-06 12:19:07 +0200 |
| commit | a9612d6c034f47c4788c67d85651d0cd58c3faf7 (patch) | |
| tree | b3af6481b8c7a2a50b8834c3cec70841ae739f95 /crypto/ec/ec_lib.c | |
| parent | Correct the Extended Master Secret string for EBCDIC (diff) | |
| download | openssl-a9612d6c034f47c4788c67d85651d0cd58c3faf7.tar.xz openssl-a9612d6c034f47c4788c67d85651d0cd58c3faf7.zip | |
Make the EC code available from inside the FIPS provider
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9380)
Diffstat (limited to 'crypto/ec/ec_lib.c')
| -rw-r--r-- | crypto/ec/ec_lib.c | 70 |
1 files changed, 49 insertions, 21 deletions
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 762cac4feb..d30504de65 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -17,25 +17,26 @@ /* functions for EC_GROUP objects */ -EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) +EC_GROUP *EC_GROUP_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth) { EC_GROUP *ret; if (meth == NULL) { - ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL); + ECerr(EC_F_EC_GROUP_NEW_EX, EC_R_SLOT_FULL); return NULL; } if (meth->group_init == 0) { - ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ECerr(EC_F_EC_GROUP_NEW_EX, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return NULL; } ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { - ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); + ECerr(EC_F_EC_GROUP_NEW_EX, ERR_R_MALLOC_FAILURE); return NULL; } + ret->libctx = libctx; ret->meth = meth; if ((ret->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) { ret->order = BN_new(); @@ -58,6 +59,13 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) return NULL; } +#ifndef FIPS_MODE +EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) +{ + return EC_GROUP_new_ex(NULL, meth); +} +#endif + void EC_pre_comp_free(EC_GROUP *group) { switch (group->pre_comp_type) { @@ -140,6 +148,7 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) if (dest == src) return 1; + dest->libctx = src->libctx; dest->curve_name = src->curve_name; /* Copy precomputed */ @@ -238,7 +247,7 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) if (a == NULL) return NULL; - if ((t = EC_GROUP_new(a->meth)) == NULL) + if ((t = EC_GROUP_new_ex(a->libctx, a->meth)) == NULL) return NULL; if (!EC_GROUP_copy(t, a)) goto err; @@ -493,8 +502,15 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) { int r = 0; BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; +#ifndef FIPS_MODE BN_CTX *ctx_new = NULL; + if (ctx == NULL) + ctx_new = ctx = BN_CTX_new(); +#endif + if (ctx == NULL) + return -1; + /* compare the field types */ if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != EC_METHOD_get_field_type(EC_GROUP_method_of(b))) @@ -506,11 +522,6 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) if (a->meth->flags & EC_FLAGS_CUSTOM_CURVE) return 0; - if (ctx == NULL) - ctx_new = ctx = BN_CTX_new(); - if (ctx == NULL) - return -1; - BN_CTX_start(ctx); a1 = BN_CTX_get(ctx); a2 = BN_CTX_get(ctx); @@ -520,7 +531,9 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) b3 = BN_CTX_get(ctx); if (b3 == NULL) { BN_CTX_end(ctx); +#ifndef FIPS_MODE BN_CTX_free(ctx_new); +#endif return -1; } @@ -570,8 +583,9 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) } end: BN_CTX_end(ctx); +#ifndef FIPS_MODE BN_CTX_free(ctx_new); - +#endif return r; } @@ -936,8 +950,17 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, { int ret = 0; size_t i = 0; +#ifndef FIPS_MODE BN_CTX *new_ctx = NULL; + if (ctx == NULL) + ctx = new_ctx = BN_CTX_secure_new(); +#endif + if (ctx == NULL) { + ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR); + return 0; + } + if ((scalar == NULL) && (num == 0)) { return EC_POINT_set_to_infinity(group, r); } @@ -953,18 +976,15 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } } - if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) { - ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR); - return 0; - } - if (group->meth->mul != NULL) ret = group->meth->mul(group, r, scalar, num, points, scalars, ctx); else /* use default */ ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); +#ifndef FIPS_MODE BN_CTX_free(new_ctx); +#endif return ret; } @@ -1015,7 +1035,7 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group) */ static int ec_precompute_mont_data(EC_GROUP *group) { - BN_CTX *ctx = BN_CTX_new(); + BN_CTX *ctx = BN_CTX_new_ex(group->libctx); int ret = 0; BN_MONT_CTX_free(group->mont_data); @@ -1042,6 +1062,7 @@ static int ec_precompute_mont_data(EC_GROUP *group) return ret; } +#ifndef FIPS_MODE int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg) { return CRYPTO_set_ex_data(&key->ex_data, idx, arg); @@ -1051,6 +1072,7 @@ void *EC_KEY_get_ex_data(const EC_KEY *key, int idx) { return CRYPTO_get_ex_data(&key->ex_data, idx); } +#endif int ec_group_simple_order_bits(const EC_GROUP *group) { @@ -1063,14 +1085,18 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r, const BIGNUM *x, BN_CTX *ctx) { BIGNUM *e = NULL; - BN_CTX *new_ctx = NULL; int ret = 0; +#ifndef FIPS_MODE + BN_CTX *new_ctx = NULL; - if (group->mont_data == NULL) + if (ctx == NULL) + ctx = new_ctx = BN_CTX_secure_new(); +#endif + if (ctx == NULL) return 0; - if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) - return 0; + if (group->mont_data == NULL) + goto err; BN_CTX_start(ctx); if ((e = BN_CTX_get(ctx)) == NULL) @@ -1095,7 +1121,9 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r, err: BN_CTX_end(ctx); +#ifndef FIPS_MODE BN_CTX_free(new_ctx); +#endif return ret; } |