wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make the EC code available from inside the FIPS provider

Browse source 
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9380)
This commit is contained in:
Matt Caswell 2019-07-03 17:30:03 +01:00
parent c1a3f16f73
commit a9612d6c03
38 changed files with 570 additions and 239 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apps/ecparam.c
View file

@ -273,7 +273,7 @@ int ecparam_main(int argc, char **argv)
if (check_named) {
BIO_printf(bio_err, "validating named elliptic curve parameters: ");
if (EC_GROUP_check_named_curve(group, 0) <= 0) {
if (EC_GROUP_check_named_curve(group, 0, NULL) <= 0) {
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
goto end;

2
crypto/bn/bn_lcl.h
View file

@ -668,6 +668,4 @@ static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits)
return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2);
}
OPENSSL_CTX *bn_get_lib_ctx(BN_CTX *ctx);
#endif

1
crypto/buffer/build.info
View file

@ -1,2 +1,3 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=buffer.c buf_err.c
SOURCE[../../providers/fips]=buffer.c

4
crypto/build.info
View file

@ -69,14 +69,14 @@ SOURCE[../providers/fips]=$CORE_COMMON
$UTIL_COMMON=\
cryptlib.c params.c bsearch.c ex_data.c o_str.c \
ctype.c threads_pthread.c threads_win.c threads_none.c initthread.c \
context.c sparse_array.c param_build.c $CPUIDASM
context.c sparse_array.c asn1_dsa.c packet.c param_build.c $CPUIDASM
$UTIL_DEFINE=$CPUIDDEF
SOURCE[../libcrypto]=$UTIL_COMMON \
mem.c mem_sec.c mem_dbg.c \
cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \
o_fopen.c getenv.c o_init.c o_fips.c init.c trace.c provider.c \
asn1_dsa.c packet.c $UPLINKSRC
$UPLINKSRC
DEFINE[../libcrypto]=$UTIL_DEFINE $UPLINKDEF
SOURCE[../providers/fips]=$UTIL_COMMON
DEFINE[../providers/fips]=$UTIL_DEFINE

16
crypto/ec/build.info
View file

@ -43,17 +43,21 @@ IF[{- !$disabled{asm} -}]
ENDIF
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c \
ec2_smpl.c ec_ameth.c ec_pmeth.c eck_prn.c \
$COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
ec_curve.c ec_check.c ec_print.c ec_key.c ec_asn1.c \
ec2_smpl.c \
ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c \
ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c ecdh_kdf.c \
ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c ecx_meth.c \
ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c \
ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \
curve448/arch_32/f_impl.c curve448/f_generic.c curve448/scalar.c \
curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
$ECASM
SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c ec_err.c \
ecdh_kdf.c eck_prn.c
DEFINE[../../libcrypto]=$ECDEF
SOURCE[../../providers/fips]=$COMMON
DEFINE[../../providers/fips]=$ECDEF
GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl \
$(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)

19
crypto/ec/curve448/curve448_lcl.h
View file

@ -16,23 +16,24 @@ int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
void X448_public_from_private(uint8_t out_public_value[56],
const uint8_t private_key[56]);
int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
const uint8_t public_key[57], const uint8_t private_key[57],
const uint8_t *context, size_t context_len);
int ED448_sign(OPENSSL_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
size_t message_len, const uint8_t public_key[57],
const uint8_t private_key[57], const uint8_t *context,
size_t context_len);
int ED448_verify(const uint8_t *message, size_t message_len,
int ED448_verify(OPENSSL_CTX *ctx, const uint8_t *message, size_t message_len,
const uint8_t signature[114], const uint8_t public_key[57],
const uint8_t *context, size_t context_len);
int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64],
int ED448ph_sign(OPENSSL_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
const uint8_t public_key[57], const uint8_t private_key[57],
const uint8_t *context, size_t context_len);
int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114],
const uint8_t public_key[57], const uint8_t *context,
size_t context_len);
int ED448ph_verify(OPENSSL_CTX *ctx, const uint8_t hash[64],
const uint8_t signature[114], const uint8_t public_key[57],
const uint8_t *context, size_t context_len);
int ED448_public_from_private(uint8_t out_public_key[57],
int ED448_public_from_private(OPENSSL_CTX *ctx, uint8_t out_public_key[57],
const uint8_t private_key[57]);
#endif /* HEADER_CURVE448_LCL_H */

20
crypto/ec/curve448/ed448.h
View file

@ -38,6 +38,7 @@
* privkey (in): The private key.
*/
c448_error_t c448_ed448_derive_public_key(
OPENSSL_CTX *ctx,
uint8_t pubkey [EDDSA_448_PUBLIC_BYTES],
const uint8_t privkey [EDDSA_448_PRIVATE_BYTES]);
@ -59,6 +60,7 @@ c448_error_t c448_ed448_derive_public_key(
* disambiguation. For Ed448 it is safe.
*/
c448_error_t c448_ed448_sign(
OPENSSL_CTX *ctx,
uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
@ -83,6 +85,7 @@ c448_error_t c448_ed448_sign(
* disambiguation. For Ed448 it is safe.
*/
c448_error_t c448_ed448_sign_prehash(
OPENSSL_CTX *ctx,
uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
@ -108,13 +111,14 @@ c448_error_t c448_ed448_sign_prehash(
* non-prehashed messages, at least without some very careful protocol-level
* disambiguation. For Ed448 it is safe.
*/
c448_error_t c448_ed448_verify(const uint8_t
signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t
pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t *message, size_t message_len,
uint8_t prehashed, const uint8_t *context,
uint8_t context_len);
c448_error_t c448_ed448_verify(OPENSSL_CTX *ctx,
const uint8_t
signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t
pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t *message, size_t message_len,
uint8_t prehashed, const uint8_t *context,
uint8_t context_len);
/*
* EdDSA signature verification.
@ -134,6 +138,7 @@ c448_error_t c448_ed448_verify(const uint8_t
* disambiguation. For Ed448 it is safe.
*/
c448_error_t c448_ed448_verify_prehash(
OPENSSL_CTX *ctx,
const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t hash[64],
@ -189,6 +194,7 @@ c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
* ed (in): The EdDSA private key
*/
c448_error_t c448_ed448_convert_private_key_to_x448(
OPENSSL_CTX *ctx,
uint8_t x[X448_PRIVATE_BYTES],
const uint8_t ed[EDDSA_448_PRIVATE_BYTES]);

99
crypto/ec/curve448/eddsa.c
View file

@ -19,23 +19,30 @@
#define COFACTOR 4
static c448_error_t oneshot_hash(uint8_t *out, size_t outlen,
static c448_error_t oneshot_hash(OPENSSL_CTX *ctx, uint8_t *out, size_t outlen,
const uint8_t *in, size_t inlen)
{
EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
EVP_MD *shake256 = NULL;
c448_error_t ret = C448_FAILURE;
if (hashctx == NULL)
return C448_FAILURE;
if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
|| !EVP_DigestUpdate(hashctx, in, inlen)
|| !EVP_DigestFinalXOF(hashctx, out, outlen)) {
EVP_MD_CTX_free(hashctx);
return C448_FAILURE;
}
shake256 = EVP_MD_fetch(ctx, "SHAKE256", NULL);
if (shake256 == NULL)
goto err;
if (!EVP_DigestInit_ex(hashctx, shake256, NULL)
|| !EVP_DigestUpdate(hashctx, in, inlen)
|| !EVP_DigestFinalXOF(hashctx, out, outlen))
goto err;
ret = C448_SUCCESS;
err:
EVP_MD_CTX_free(hashctx);
return C448_SUCCESS;
EVP_MD_meth_free(shake256);
return ret;
}
static void clamp(uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES])
@ -45,13 +52,15 @@ static void clamp(uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES])
secret_scalar_ser[EDDSA_448_PRIVATE_BYTES - 2] |= 0x80;
}
static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed,
static c448_error_t hash_init_with_dom(OPENSSL_CTX *ctx, EVP_MD_CTX *hashctx,
uint8_t prehashed,
uint8_t for_prehash,
const uint8_t *context,
size_t context_len)
{
const char *dom_s = "SigEd448";
uint8_t dom[2];
EVP_MD *shake256 = NULL;
if (context_len > UINT8_MAX)
return C448_FAILURE;
@ -60,27 +69,36 @@ static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed,
- (for_prehash == 0 ? 1 : 0));
dom[1] = (uint8_t)context_len;
if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
|| !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s))
|| !EVP_DigestUpdate(hashctx, dom, sizeof(dom))
|| !EVP_DigestUpdate(hashctx, context, context_len))
shake256 = EVP_MD_fetch(ctx, "SHAKE256", NULL);
if (shake256 == NULL)
return C448_FAILURE;
if (!EVP_DigestInit_ex(hashctx, shake256, NULL)
|| !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s))
|| !EVP_DigestUpdate(hashctx, dom, sizeof(dom))
|| !EVP_DigestUpdate(hashctx, context, context_len)) {
EVP_MD_meth_free(shake256);
return C448_FAILURE;
}
EVP_MD_meth_free(shake256);
return C448_SUCCESS;
}
/* In this file because it uses the hash */
c448_error_t c448_ed448_convert_private_key_to_x448(
OPENSSL_CTX *ctx,
uint8_t x[X448_PRIVATE_BYTES],
const uint8_t ed [EDDSA_448_PRIVATE_BYTES])
{
/* pass the private key through oneshot_hash function */
/* and keep the first X448_PRIVATE_BYTES bytes */
return oneshot_hash(x, X448_PRIVATE_BYTES, ed,
return oneshot_hash(ctx, x, X448_PRIVATE_BYTES, ed,
EDDSA_448_PRIVATE_BYTES);
}
c448_error_t c448_ed448_derive_public_key(
OPENSSL_CTX *ctx,
uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES])
{
@ -90,7 +108,8 @@ c448_error_t c448_ed448_derive_public_key(
unsigned int c;
curve448_point_t p;
if (!oneshot_hash(secret_scalar_ser, sizeof(secret_scalar_ser), privkey,
if (!oneshot_hash(ctx, secret_scalar_ser, sizeof(secret_scalar_ser),
privkey,
EDDSA_448_PRIVATE_BYTES))
return C448_FAILURE;
@ -123,6 +142,7 @@ c448_error_t c448_ed448_derive_public_key(
}
c448_error_t c448_ed448_sign(
OPENSSL_CTX *ctx,
uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
@ -148,7 +168,7 @@ c448_error_t c448_ed448_sign(
*/
uint8_t expanded[EDDSA_448_PRIVATE_BYTES * 2];
if (!oneshot_hash(expanded, sizeof(expanded), privkey,
if (!oneshot_hash(ctx, expanded, sizeof(expanded), privkey,
EDDSA_448_PRIVATE_BYTES))
goto err;
clamp(expanded);
@ -156,7 +176,8 @@ c448_error_t c448_ed448_sign(
EDDSA_448_PRIVATE_BYTES);
/* Hash to create the nonce */
if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context,
context_len)
|| !EVP_DigestUpdate(hashctx,
expanded + EDDSA_448_PRIVATE_BYTES,
EDDSA_448_PRIVATE_BYTES)
@ -197,7 +218,7 @@ c448_error_t c448_ed448_sign(
uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES];
/* Compute the challenge */
if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context, context_len)
|| !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point))
|| !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
|| !EVP_DigestUpdate(hashctx, message, message_len)
@ -228,17 +249,19 @@ c448_error_t c448_ed448_sign(
}
c448_error_t c448_ed448_sign_prehash(
OPENSSL_CTX *ctx,
uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t hash[64], const uint8_t *context,
size_t context_len)
{
return c448_ed448_sign(signature, privkey, pubkey, hash, 64, 1, context,
context_len);
return c448_ed448_sign(ctx, signature, privkey, pubkey, hash, 64, 1,
context, context_len);
}
c448_error_t c448_ed448_verify(
OPENSSL_CTX *ctx,
const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t *message, size_t message_len,
@ -291,7 +314,7 @@ c448_error_t c448_ed448_verify(
uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES];
if (hashctx == NULL
|| !hash_init_with_dom(hashctx, prehashed, 0, context,
|| !hash_init_with_dom(ctx, hashctx, prehashed, 0, context,
context_len)
|| !EVP_DigestUpdate(hashctx, signature, EDDSA_448_PUBLIC_BYTES)
|| !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
@ -321,52 +344,54 @@ c448_error_t c448_ed448_verify(
}
c448_error_t c448_ed448_verify_prehash(
OPENSSL_CTX *ctx,
const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t hash[64], const uint8_t *context,
uint8_t context_len)
{
return c448_ed448_verify(signature, pubkey, hash, 64, 1, context,
return c448_ed448_verify(ctx, signature, pubkey, hash, 64, 1, context,
context_len);
}
int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
const uint8_t public_key[57], const uint8_t private_key[57],
const uint8_t *context, size_t context_len)
int ED448_sign(OPENSSL_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
size_t message_len, const uint8_t public_key[57],
const uint8_t private_key[57], const uint8_t *context,
size_t context_len)
{
return c448_ed448_sign(out_sig, private_key, public_key, message,
return c448_ed448_sign(ctx, out_sig, private_key, public_key, message,
message_len, 0, context, context_len)
== C448_SUCCESS;
}
int ED448_verify(const uint8_t *message, size_t message_len,
int ED448_verify(OPENSSL_CTX *ctx, const uint8_t *message, size_t message_len,
const uint8_t signature[114], const uint8_t public_key[57],
const uint8_t *context, size_t context_len)
{
return c448_ed448_verify(signature, public_key, message, message_len, 0,
context, (uint8_t)context_len) == C448_SUCCESS;
return c448_ed448_verify(ctx, signature, public_key, message, message_len,
0, context, (uint8_t)context_len) == C448_SUCCESS;
}
int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64],
int ED448ph_sign(OPENSSL_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
const uint8_t public_key[57], const uint8_t private_key[57],
const uint8_t *context, size_t context_len)
{
return c448_ed448_sign_prehash(out_sig, private_key, public_key, hash,
return c448_ed448_sign_prehash(ctx, out_sig, private_key, public_key, hash,
context, context_len) == C448_SUCCESS;
}
int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114],
const uint8_t public_key[57], const uint8_t *context,
size_t context_len)
int ED448ph_verify(OPENSSL_CTX *ctx, const uint8_t hash[64],
const uint8_t signature[114], const uint8_t public_key[57],
const uint8_t *context, size_t context_len)
{
return c448_ed448_verify_prehash(signature, public_key, hash, context,
return c448_ed448_verify_prehash(ctx, signature, public_key, hash, context,
(uint8_t)context_len) == C448_SUCCESS;
}
int ED448_public_from_private(uint8_t out_public_key[57],
int ED448_public_from_private(OPENSSL_CTX *ctx, uint8_t out_public_key[57],
const uint8_t private_key[57])
{
return c448_ed448_derive_public_key(out_public_key, private_key)
return c448_ed448_derive_public_key(ctx, out_public_key, private_key)
== C448_SUCCESS;
}

28
crypto/ec/ec2_oct.c
View file

@ -35,9 +35,10 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
const BIGNUM *x_, int y_bit,
BN_CTX *ctx)
{
BN_CTX *new_ctx = NULL;
BIGNUM *tmp, *x, *y, *z;
int ret = 0, z0;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
/* clear error queue */
ERR_clear_error();
@ -47,6 +48,7 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
if (ctx == NULL)
return 0;
}
#endif
y_bit = (y_bit != 0) ? 1 : 0;
@ -73,6 +75,7 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
if (!BN_GF2m_add(tmp, x, tmp))
goto err;
if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) {
#ifndef FIPS_MODE
unsigned long err = ERR_peek_last_error();
if (ERR_GET_LIB(err) == ERR_LIB_BN
@ -81,8 +84,11 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES,
EC_R_INVALID_COMPRESSED_POINT);
} else
#endif
{
ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES,
ERR_R_BN_LIB);
}
goto err;
}
z0 = (BN_is_odd(z)) ? 1 : 0;
@ -101,7 +107,9 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
return ret;
}
@ -115,10 +123,12 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
unsigned char *buf, size_t len, BN_CTX *ctx)
{
size_t ret;
BN_CTX *new_ctx = NULL;
int used_ctx = 0;
BIGNUM *x, *y, *yxi;
size_t field_len, i, skip;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
#endif
if ((form != POINT_CONVERSION_COMPRESSED)
&& (form != POINT_CONVERSION_UNCOMPRESSED)
@ -152,11 +162,13 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
goto err;
}
#ifndef FIPS_MODE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
return 0;
}
#endif
BN_CTX_start(ctx);
used_ctx = 1;
@ -218,13 +230,17 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
if (used_ctx)
BN_CTX_end(ctx);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
return ret;
err:
if (used_ctx)
BN_CTX_end(ctx);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
return 0;
}
@ -238,10 +254,12 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
{
point_conversion_form_t form;
int y_bit, m;
BN_CTX *new_ctx = NULL;
BIGNUM *x, *y, *yxi;
size_t field_len, enc_len;
int ret = 0;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
#endif
if (len == 0) {
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
@ -281,11 +299,13 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
return 0;
}
#ifndef FIPS_MODE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
return 0;
}
#endif
BN_CTX_start(ctx);
x = BN_CTX_get(ctx);
@ -332,7 +352,9 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
return ret;
}
#endif

44
crypto/ec/ec2_smpl.c
View file

@ -176,6 +176,7 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
{
int ret = 0;
BIGNUM *b;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
if (ctx == NULL) {
@ -186,6 +187,7 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
goto err;
}
}
#endif
BN_CTX_start(ctx);
b = BN_CTX_get(ctx);
if (b == NULL)
@ -205,7 +207,9 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
return ret;
}
@ -349,9 +353,11 @@ int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group,
int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
const EC_POINT *b, BN_CTX *ctx)
{
BN_CTX *new_ctx = NULL;
BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;
int ret = 0;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
#endif
if (EC_POINT_is_at_infinity(group, a)) {
if (!EC_POINT_copy(r, b))
@ -365,11 +371,13 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
return 1;
}
#ifndef FIPS_MODE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
return 0;
}
#endif
BN_CTX_start(ctx);
x0 = BN_CTX_get(ctx);
@ -453,7 +461,9 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
return ret;
}
@ -494,11 +504,13 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
BN_CTX *ctx)
{
int ret = -1;
BN_CTX *new_ctx = NULL;
BIGNUM *lh, *y2;
int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
const BIGNUM *, BN_CTX *);
int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
#endif
if (EC_POINT_is_at_infinity(group, point))
return 1;
@ -510,11 +522,13 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
if (!point->Z_is_one)
return -1;
#ifndef FIPS_MODE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
return -1;
}
#endif
BN_CTX_start(ctx);
y2 = BN_CTX_get(ctx);
@ -546,7 +560,9 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
return ret;
}
@ -561,8 +577,10 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
const EC_POINT *b, BN_CTX *ctx)
{
BIGNUM *aX, *aY, *bX, *bY;
BN_CTX *new_ctx = NULL;
int ret = -1;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
#endif
if (EC_POINT_is_at_infinity(group, a)) {
return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
@ -575,11 +593,13 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
return ((BN_cmp(a->X, b->X) == 0) && BN_cmp(a->Y, b->Y) == 0) ? 0 : 1;
}
#ifndef FIPS_MODE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
return -1;
}
#endif
BN_CTX_start(ctx);
aX = BN_CTX_get(ctx);
@ -597,7 +617,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
return ret;
}
@ -605,18 +627,22 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
BN_CTX *ctx)
{
BN_CTX *new_ctx = NULL;
BIGNUM *x, *y;
int ret = 0;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
#endif
if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
return 1;
#ifndef FIPS_MODE
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
return 0;
}
#endif
BN_CTX_start(ctx);
x = BN_CTX_get(ctx);
@ -638,7 +664,9 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
return ret;
}
@ -696,8 +724,8 @@ int ec_GF2m_simple_ladder_pre(const EC_GROUP *group,
/* s blinding: make sure lambda (s->Z here) is not zero */
do {
if (!BN_priv_rand(s->Z, BN_num_bits(group->field) - 1,
BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {
if (!BN_priv_rand_ex(s->Z, BN_num_bits(group->field) - 1,
BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx)) {
ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB);
return 0;
}
@ -711,8 +739,8 @@ int ec_GF2m_simple_ladder_pre(const EC_GROUP *group,
/* r blinding: make sure lambda (r->Y here for storage) is not zero */
do {
if (!BN_priv_rand(r->Y, BN_num_bits(group->field) - 1,
BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {
if (!BN_priv_rand_ex(r->Y, BN_num_bits(group->field) - 1,
BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx)) {
ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB);
return 0;
}

6
crypto/ec/ec_asn1.c
View file

@ -15,6 +15,8 @@
#include "internal/nelem.h"
#include "internal/asn1_dsa.h"
#ifndef FIPS_MODE
int EC_GROUP_get_basis_type(const EC_GROUP *group)
{
int i;
@ -1141,6 +1143,8 @@ int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out)
DECLARE_ASN1_FUNCTIONS(ECDSA_SIG)
DECLARE_ASN1_ENCODE_FUNCTIONS_name(ECDSA_SIG, ECDSA_SIG)
#endif /* FIPS_MODE */
ECDSA_SIG *ECDSA_SIG_new(void)
{
ECDSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
@ -1255,6 +1259,7 @@ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
return 1;
}
#ifndef FIPS_MODE
int ECDSA_size(const EC_KEY *r)
{
int ret, i;
@ -1282,3 +1287,4 @@ int ECDSA_size(const EC_KEY *r)
ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
return ret;
}
#endif

25
crypto/ec/ec_check.c
View file

@ -10,13 +10,30 @@
#include "ec_lcl.h"
#include <openssl/err.h>
int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only)
int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only,
BN_CTX *ctx)
{
int nid;
int nid = NID_undef;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
nid = ec_curve_nid_from_params(group);
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL) {
ECerr(EC_F_EC_GROUP_CHECK_NAMED_CURVE, ERR_R_MALLOC_FAILURE);
goto err;
}
}
#endif
nid = ec_curve_nid_from_params(group, ctx);
if (nid > 0 && nist_only && EC_curve_nid2nist(nid) == NULL)
nid = NID_undef;
#ifndef FIPS_MODE
err:
BN_CTX_free(ctx);
#endif
return nid;
}
@ -27,7 +44,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
* ECC domain parameter validation.
* See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b.
*/
return EC_GROUP_check_named_curve(group, 1) >= 0 ? 1 : 0;
return EC_GROUP_check_named_curve(group, 1, ctx) >= 0 ? 1 : 0;
#else
int ret = 0;
const BIGNUM *order;

52
crypto/ec/ec_curve.c
View file

@ -193,6 +193,7 @@ static const struct {
}
};
# ifndef FIPS_MODE
/* the x9.62 prime curves (minus the nist prime curves) */
static const struct {
EC_CURVE_DATA h;
@ -371,6 +372,7 @@ static const struct {
0x43, 0x21, 0x46, 0x52, 0x65, 0x51
}
};
#endif /* FIPS_MODE */
static const struct {
EC_CURVE_DATA h;
@ -410,6 +412,7 @@ static const struct {
}
};
#ifndef FIPS_MODE
/* the secg prime curves (minus the nist and x9.62 prime curves) */
static const struct {
EC_CURVE_DATA h;
@ -831,10 +834,13 @@ static const struct {
0x5C, 0x5C, 0x2A, 0x3D
}
};
#endif /* FIPS_MODE */
#ifndef OPENSSL_NO_EC2M
/* characteristic two curves */
# ifndef FIPS_MODE
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 15 * 6];
@ -962,6 +968,7 @@ static const struct {
0x33, 0x04, 0x9B, 0xA9, 0x8F
}
};
# endif /* FIPS_MODE */
static const struct {
EC_CURVE_DATA h;
@ -993,6 +1000,7 @@ static const struct {
}
};
# ifndef FIPS_MODE
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 21 * 6];
@ -1021,6 +1029,7 @@ static const struct {
0xAA, 0xB6, 0x89, 0xC2, 0x9C, 0xA7, 0x10, 0x27, 0x9B
}
};
# endif /* FIPS_MODE */
static const struct {
EC_CURVE_DATA h;
@ -1051,6 +1060,7 @@ static const struct {
}
};
# ifndef FIPS_MODE
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 25 * 6];
@ -1126,6 +1136,7 @@ static const struct {
0xD5
}
};
# endif /* FIPS_MODE */
static const struct {
EC_CURVE_DATA h;
@ -1201,6 +1212,7 @@ static const struct {
}
};
#ifndef FIPS_MODE
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 30 * 6];
@ -1236,6 +1248,7 @@ static const struct {
0x1D, 0xA8, 0x00, 0xE4, 0x78, 0xA5
}
};
# endif /* FIPS_MODE */
static const struct {
EC_CURVE_DATA h;
@ -1519,6 +1532,7 @@ static const struct {
}
};
# ifndef FIPS_MODE
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 21 * 6];
@ -2203,8 +2217,8 @@ static const struct {
0xED, 0xF9, 0x7C, 0x44, 0xDB, 0x9F, 0x24, 0x20, 0xBA, 0xFC, 0xA7, 0x5E
}
};
#endif
# endif /* FIPS_MODE */
#endif /* OPENSSL_NO_EC2M */
/*
* These curves were added by Annie Yousar.
@ -2214,6 +2228,7 @@ static const struct {
* generation mechanism is different from those defined in ANSI X9.62.
*/
#ifndef FIPS_MODE
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 20 * 6];
@ -2753,8 +2768,9 @@ static const struct {
0x9C, 0xA9, 0x00, 0x69
}
};
#endif /* FIPS_MODE */
#ifndef OPENSSL_NO_SM2
#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 32 * 6];
@ -3075,7 +3091,8 @@ static const ec_list_element curve_list[] = {
#define curve_list_length OSSL_NELEM(curve_list)
static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
static EC_GROUP *ec_group_new_from_data(OPENSSL_CTX *libctx,
const ec_list_element curve)
{
EC_GROUP *group = NULL;
EC_POINT *P = NULL;
@ -3090,9 +3107,10 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
/* If no curve data curve method must handle everything */
if (curve.data == NULL)
return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL);
return EC_GROUP_new_ex(libctx,
curve.meth != NULL ? curve.meth() : NULL);
if ((ctx = BN_CTX_new()) == NULL) {
if ((ctx = BN_CTX_new_ex(libctx)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
goto err;
}
@ -3112,7 +3130,7 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
if (curve.meth != 0) {
meth = curve.meth();
if (((group = EC_GROUP_new(meth)) == NULL) ||
if (((group = EC_GROUP_new_ex(libctx, meth)) == NULL) ||
(!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
@ -3182,7 +3200,7 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
return group;
}
EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, int nid)
{
size_t i;
EC_GROUP *ret = NULL;
@ -3201,18 +3219,25 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
#endif /* FIPS_MODE */
for (i = 0; i < curve_list_length; i++)
if (curve_list[i].nid == nid) {
ret = ec_group_new_from_data(curve_list[i]);
ret = ec_group_new_from_data(libctx, curve_list[i]);
break;
}
if (ret == NULL) {
ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME_EX, EC_R_UNKNOWN_GROUP);
return NULL;
}
return ret;
}
#ifndef FIPS_MODE
EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
{
return EC_GROUP_new_by_curve_name_ex(NULL, nid);
}
#endif
size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
{
size_t i, min;
@ -3284,7 +3309,7 @@ int EC_curve_nist2nid(const char *name)
* Returns: The nid associated with the found named curve, or NID_undef
* if not found. If there was an error it returns -1.
*/
int ec_curve_nid_from_params(const EC_GROUP *group)
int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
{
int ret = -1, nid, len, field_type, param_len;
size_t i, seed_len;
@ -3296,7 +3321,6 @@ int ec_curve_nid_from_params(const EC_GROUP *group)
const BIGNUM *cofactor = NULL;
/* An array of BIGNUMs for (p, a, b, x, y, order) */
BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL};
BN_CTX *ctx = NULL;
meth = EC_GROUP_method_of(group);
if (meth == NULL)
@ -3308,9 +3332,6 @@ int ec_curve_nid_from_params(const EC_GROUP *group)
seed = EC_GROUP_get0_seed(group);
cofactor = EC_GROUP_get0_cofactor(group);
ctx = BN_CTX_new();
if (ctx == NULL)
return -1;
BN_CTX_start(ctx);
/*
@ -3388,6 +3409,5 @@ int ec_curve_nid_from_params(const EC_GROUP *group)
end:
OPENSSL_free(param_bytes);
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ret;
}

5
crypto/ec/ec_cvt.c
View file

@ -9,6 +9,7 @@
*/
#include <openssl/err.h>
#include "internal/bn_int.h"
#include "ec_lcl.h"
EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
@ -47,7 +48,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
meth = EC_GFp_mont_method();
#endif
ret = EC_GROUP_new(meth);
ret = EC_GROUP_new_ex(bn_get_lib_ctx(ctx), meth);
if (ret == NULL)
return NULL;
@ -68,7 +69,7 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
meth = EC_GF2m_simple_method();
ret = EC_GROUP_new(meth);
ret = EC_GROUP_new_ex(bn_get_lib_ctx(ctx), meth);
if (ret == NULL)
return NULL;

50
crypto/ec/ec_key.c
View file

@ -15,17 +15,24 @@
#include <openssl/err.h>
#include <openssl/engine.h>
#ifndef FIPS_MODE
EC_KEY *EC_KEY_new(void)
{
return EC_KEY_new_method(NULL);
return ec_key_new_method_int(NULL, NULL);
}
#endif
EC_KEY *EC_KEY_new_ex(OPENSSL_CTX *ctx)
{
return ec_key_new_method_int(ctx, NULL);
}
EC_KEY *EC_KEY_new_by_curve_name(int nid)
EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, int nid)
{
EC_KEY *ret = EC_KEY_new();
EC_KEY *ret = EC_KEY_new_ex(ctx);
if (ret == NULL)
return NULL;
ret->group = EC_GROUP_new_by_curve_name(nid);
ret->group = EC_GROUP_new_by_curve_name_ex(ctx, nid);
if (ret->group == NULL) {
EC_KEY_free(ret);
return NULL;
@ -38,6 +45,13 @@ EC_KEY *EC_KEY_new_by_curve_name(int nid)
return ret;
}
#ifndef FIPS_MODE
EC_KEY *EC_KEY_new_by_curve_name(int nid)
{
return EC_KEY_new_by_curve_name_ex(NULL, nid);
}
#endif
void EC_KEY_free(EC_KEY *r)
{
int i;
@ -54,14 +68,16 @@ void EC_KEY_free(EC_KEY *r)
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
ENGINE_finish(r->engine);
#endif
if (r->group && r->group->meth->keyfinish)
r->group->meth->keyfinish(r);
#ifndef FIPS_MODE
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data);
#endif
CRYPTO_THREAD_lock_free(r->lock);
EC_GROUP_free(r->group);
EC_POINT_free(r->pub_key);
@ -81,18 +97,19 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
dest->meth->finish(dest);
if (dest->group && dest->group->meth->keyfinish)
dest->group->meth->keyfinish(dest);
#ifndef OPENSSL_NO_ENGINE
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
if (ENGINE_finish(dest->engine) == 0)
return 0;
dest->engine = NULL;
#endif
}
dest->libctx = src->libctx;
/* copy the parameters */
if (src->group != NULL) {
const EC_METHOD *meth = EC_GROUP_method_of(src->group);
/* clear the old group */
EC_GROUP_free(dest->group);
dest->group = EC_GROUP_new(meth);
dest->group = EC_GROUP_new_ex(src->libctx, meth);
if (dest->group == NULL)
return NULL;
if (!EC_GROUP_copy(dest->group, src->group))
@ -128,12 +145,14 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
dest->conv_form = src->conv_form;
dest->version = src->version;
dest->flags = src->flags;
#ifndef FIPS_MODE
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY,
&dest->ex_data, &src->ex_data))
return NULL;
#endif
if (src->meth != dest->meth) {
#ifndef OPENSSL_NO_ENGINE
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
if (src->engine != NULL && ENGINE_init(src->engine) == 0)
return NULL;
dest->engine = src->engine;
@ -149,7 +168,7 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)
{
EC_KEY *ret = EC_KEY_new_method(ec_key->engine);
EC_KEY *ret = ec_key_new_method_int(ec_key->libctx, ec_key->engine);
if (ret == NULL)
return NULL;
@ -211,6 +230,10 @@ int ec_key_simple_generate_key(EC_KEY *eckey)
const BIGNUM *order = NULL;
EC_POINT *pub_key = NULL;
const EC_GROUP *group = eckey->group;
BN_CTX *ctx = BN_CTX_secure_new_ex(eckey->libctx);
if (ctx == NULL)
goto err;
if (eckey->priv_key == NULL) {
priv_key = BN_secure_new();
@ -238,7 +261,7 @@ int ec_key_simple_generate_key(EC_KEY *eckey)
* rand so the simpler backward compatible method has been used here.
*/
do
if (!BN_priv_rand_range(priv_key, order))
if (!BN_priv_rand_range_ex(priv_key, order, ctx))
goto err;
while (BN_is_zero(priv_key)) ;
@ -250,7 +273,7 @@ int ec_key_simple_generate_key(EC_KEY *eckey)
pub_key = eckey->pub_key;
/* Step (8) : pub_key = priv_key * G (where G is a point on the curve) */
if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL))
if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
goto err;
eckey->priv_key = priv_key;
@ -270,6 +293,7 @@ err:
EC_POINT_free(pub_key);
BN_clear_free(priv_key);
BN_CTX_free(ctx);
return ok;
}
@ -368,7 +392,7 @@ int ec_key_simple_check_key(const EC_KEY *eckey)
goto err;
}
if ((ctx = BN_CTX_new()) == NULL)
if ((ctx = BN_CTX_new_ex(eckey->libctx)) == NULL)
goto err;
if ((point = EC_POINT_new(eckey->group)) == NULL)
@ -445,7 +469,7 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
ctx = BN_CTX_new();
ctx = BN_CTX_new_ex(key->libctx);
if (ctx == NULL)
return 0;

28
crypto/ec/ec_kmeth.c
View file

@ -59,7 +59,7 @@ int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth)
if (finish != NULL)
finish(key);
#ifndef OPENSSL_NO_ENGINE
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
ENGINE_finish(key->engine);
key->engine = NULL;
#endif
@ -70,28 +70,30 @@ int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth)
return 1;
}
EC_KEY *EC_KEY_new_method(ENGINE *engine)
EC_KEY *ec_key_new_method_int(OPENSSL_CTX *libctx, ENGINE *engine)
{
EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret));
if (ret == NULL) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
ECerr(EC_F_EC_KEY_NEW_METHOD_INT, ERR_R_MALLOC_FAILURE);
return NULL;
}
ret->libctx = libctx;
ret->references = 1;
ret->lock = CRYPTO_THREAD_lock_new();
if (ret->lock == NULL) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
ECerr(EC_F_EC_KEY_NEW_METHOD_INT, ERR_R_MALLOC_FAILURE);
OPENSSL_free(ret);
return NULL;
}
ret->meth = EC_KEY_get_default_method();
#ifndef OPENSSL_NO_ENGINE
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
if (engine != NULL) {
if (!ENGINE_init(engine)) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
ECerr(EC_F_EC_KEY_NEW_METHOD_INT, ERR_R_ENGINE_LIB);
goto err;
}
ret->engine = engine;
@ -100,7 +102,7 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
if (ret->engine != NULL) {
ret->meth = ENGINE_get_EC(ret->engine);
if (ret->meth == NULL) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
ECerr(EC_F_EC_KEY_NEW_METHOD_INT, ERR_R_ENGINE_LIB);
goto err;
}
}
@ -109,12 +111,15 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
ret->version = 1;
ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
/* No ex_data inside the FIPS provider */
#ifndef FIPS_MODE
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) {
goto err;
}
#endif
if (ret->meth->init != NULL && ret->meth->init(ret) == 0) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_INIT_FAIL);
ECerr(EC_F_EC_KEY_NEW_METHOD_INT, ERR_R_INIT_FAIL);
goto err;
}
return ret;
@ -124,6 +129,13 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
return NULL;
}
#ifndef FIPS_MODE
EC_KEY *EC_KEY_new_method(ENGINE *engine)
{
return ec_key_new_method_int(NULL, engine);
}
#endif
int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
const EC_KEY *eckey,
void *(*KDF) (const void *in, size_t inlen, void *out,

9
crypto/ec/ec_lcl.h
View file

@ -268,6 +268,8 @@ struct ec_group_st {
NISTZ256_PRE_COMP *nistz256;
EC_PRE_COMP *ec;
} pre_comp;
OPENSSL_CTX *libctx;
};
#define SETPRECOMP(g, type, pre) \
@ -286,8 +288,11 @@ struct ec_key_st {
point_conversion_form_t conv_form;
CRYPTO_REF_COUNT references;
int flags;
#ifndef FIPS_MODE
CRYPTO_EX_DATA ex_data;
#endif
CRYPTO_RWLOCK *lock;
OPENSSL_CTX *libctx;
};
struct ec_point_st {
@ -592,7 +597,7 @@ int ec_key_simple_generate_key(EC_KEY *eckey);
int ec_key_simple_generate_public_key(EC_KEY *eckey);
int ec_key_simple_check_key(const EC_KEY *eckey);
int ec_curve_nid_from_params(const EC_GROUP *group);
int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx);
/* EC_METHOD definitions */
@ -625,6 +630,8 @@ struct ec_key_method_st {
#define EC_KEY_METHOD_DYNAMIC 1
EC_KEY *ec_key_new_method_int(OPENSSL_CTX *libctx, ENGINE *engine);
int ossl_ec_key_gen(EC_KEY *eckey);
int ossl_ecdh_compute_key(unsigned char **pout, size_t *poutlen,
const EC_POINT *pub_key, const EC_KEY *ecdh);

72
crypto/ec/ec_lib.c
View file

@ -17,25 +17,26 @@
/* functions for EC_GROUP objects */
EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
EC_GROUP *EC_GROUP_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth)
{
EC_GROUP *ret;
if (meth == NULL) {
ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL);
ECerr(EC_F_EC_GROUP_NEW_EX, EC_R_SLOT_FULL);
return NULL;
}
if (meth->group_init == 0) {
ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
ECerr(EC_F_EC_GROUP_NEW_EX, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return NULL;
}
ret = OPENSSL_zalloc(sizeof(*ret));
if (ret == NULL) {
ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
ECerr(EC_F_EC_GROUP_NEW_EX, ERR_R_MALLOC_FAILURE);
return NULL;
}
ret->libctx = libctx;
ret->meth = meth;
if ((ret->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) {
ret->order = BN_new();
@ -58,6 +59,13 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
return NULL;
}
#ifndef FIPS_MODE
EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
{
return EC_GROUP_new_ex(NULL, meth);
}
#endif
void EC_pre_comp_free(EC_GROUP *group)
{
switch (group->pre_comp_type) {
@ -140,6 +148,7 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
if (dest == src)
return 1;
dest->libctx = src->libctx;
dest->curve_name = src->curve_name;
/* Copy precomputed */
@ -238,7 +247,7 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
if (a == NULL)
return NULL;
if ((t = EC_GROUP_new(a->meth)) == NULL)
if ((t = EC_GROUP_new_ex(a->libctx, a->meth)) == NULL)
return NULL;
if (!EC_GROUP_copy(t, a))
goto err;
@ -493,8 +502,15 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
{
int r = 0;
BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
#ifndef FIPS_MODE
BN_CTX *ctx_new = NULL;
if (ctx == NULL)
ctx_new = ctx = BN_CTX_new();
#endif
if (ctx == NULL)
return -1;
/* compare the field types */
if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
@ -506,11 +522,6 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
if (a->meth->flags & EC_FLAGS_CUSTOM_CURVE)
return 0;
if (ctx == NULL)
ctx_new = ctx = BN_CTX_new();
if (ctx == NULL)
return -1;
BN_CTX_start(ctx);
a1 = BN_CTX_get(ctx);
a2 = BN_CTX_get(ctx);
@ -520,7 +531,9 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
b3 = BN_CTX_get(ctx);
if (b3 == NULL) {
BN_CTX_end(ctx);
#ifndef FIPS_MODE
BN_CTX_free(ctx_new);
#endif
return -1;
}
@ -570,8 +583,9 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
}
end:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
BN_CTX_free(ctx_new);
#endif
return r;
}
@ -936,8 +950,17 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
{
int ret = 0;
size_t i = 0;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
if (ctx == NULL)
ctx = new_ctx = BN_CTX_secure_new();
#endif
if (ctx == NULL) {
ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR);
return 0;
}
if ((scalar == NULL) && (num == 0)) {
return EC_POINT_set_to_infinity(group, r);
}
@ -953,18 +976,15 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
}
}
if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) {
ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR);
return 0;
}
if (group->meth->mul != NULL)
ret = group->meth->mul(group, r, scalar, num, points, scalars, ctx);
else
/* use default */
ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
return ret;
}
@ -1015,7 +1035,7 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
*/
static int ec_precompute_mont_data(EC_GROUP *group)
{
BN_CTX *ctx = BN_CTX_new();
BN_CTX *ctx = BN_CTX_new_ex(group->libctx);
int ret = 0;
BN_MONT_CTX_free(group->mont_data);
@ -1042,6 +1062,7 @@ static int ec_precompute_mont_data(EC_GROUP *group)
return ret;
}
#ifndef FIPS_MODE
int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg)
{
return CRYPTO_set_ex_data(&key->ex_data, idx, arg);
@ -1051,6 +1072,7 @@ void *EC_KEY_get_ex_data(const EC_KEY *key, int idx)
{
return CRYPTO_get_ex_data(&key->ex_data, idx);
}
#endif
int ec_group_simple_order_bits(const EC_GROUP *group)
{
@ -1063,14 +1085,18 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
const BIGNUM *x, BN_CTX *ctx)
{
BIGNUM *e = NULL;
BN_CTX *new_ctx = NULL;
int ret = 0;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
if (ctx == NULL)
ctx = new_ctx = BN_CTX_secure_new();
#endif
if (ctx == NULL)
return 0;
if (group->mont_data == NULL)
return 0;
if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
return 0;
goto err;
BN_CTX_start(ctx);
if ((e = BN_CTX_get(ctx)) == NULL)
@ -1095,7 +1121,9 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
return ret;
}

15
crypto/ec/ec_mult.c
View file

@ -815,12 +815,14 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
{
const EC_POINT *generator;
EC_POINT *tmp_point = NULL, *base = NULL, **var;
BN_CTX *new_ctx = NULL;
const BIGNUM *order;
size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num;
EC_POINT **points = NULL;
EC_PRE_COMP *pre_comp;
int ret = 0;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
#endif
/* if there is an old EC_PRE_COMP object, throw it away */
EC_pre_comp_free(group);
@ -833,11 +835,12 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
goto err;
}
if (ctx == NULL) {
#ifndef FIPS_MODE
if (ctx == NULL)
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
}
#endif
if (ctx == NULL)
goto err;
BN_CTX_start(ctx);
@ -949,7 +952,9 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
EC_ec_pre_comp_free(pre_comp);
if (points) {
EC_POINT **p;

2
crypto/ec/ecdh_ossl.c
View file

@ -47,7 +47,7 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
size_t buflen, len;
unsigned char *buf = NULL;
if ((ctx = BN_CTX_new()) == NULL)
if ((ctx = BN_CTX_new_ex(ecdh->libctx)) == NULL)
goto err;
BN_CTX_start(ctx);
x = BN_CTX_get(ctx);

8
crypto/ec/ecdsa_ossl.c
View file

@ -58,7 +58,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
}
if ((ctx = ctx_in) == NULL) {
if ((ctx = BN_CTX_new()) == NULL) {
if ((ctx = BN_CTX_new_ex(eckey->libctx)) == NULL) {
ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
return 0;
}
@ -95,7 +95,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
goto err;
}
} else {
if (!BN_priv_rand_range(k, order)) {
if (!BN_priv_rand_range_ex(k, order, ctx)) {
ECerr(EC_F_ECDSA_SIGN_SETUP,
EC_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
@ -193,7 +193,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
}
s = ret->s;
if ((ctx = BN_CTX_new()) == NULL
if ((ctx = BN_CTX_new_ex(eckey->libctx)) == NULL
|| (m = BN_new()) == NULL) {
ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
goto err;
@ -337,7 +337,7 @@ int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
return -1;
}
ctx = BN_CTX_new();
ctx = BN_CTX_new_ex(eckey->libctx);
if (ctx == NULL) {
ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
return -1;

5
crypto/ec/ecp_mont.c
View file

@ -146,7 +146,7 @@ int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p,
group->field_data2 = NULL;
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL)
return 0;
}
@ -222,7 +222,8 @@ int ec_GFp_mont_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
if (group->field_data1 == NULL)
return 0;
if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
if (ctx == NULL
&& (ctx = new_ctx = BN_CTX_secure_new_ex(group->libctx)) == NULL)
return 0;
BN_CTX_start(ctx);

6
crypto/ec/ecp_nist.c
View file

@ -89,7 +89,7 @@ int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
BN_CTX *new_ctx = NULL;
if (ctx == NULL)
if ((ctx = new_ctx = BN_CTX_new()) == NULL)
if ((ctx = new_ctx = BN_CTX_new_ex(group->libctx)) == NULL)
return 0;
BN_CTX_start(ctx);
@ -128,7 +128,7 @@ int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
goto err;
}
if (!ctx)
if ((ctx_new = ctx = BN_CTX_new()) == NULL)
if ((ctx_new = ctx = BN_CTX_new_ex(group->libctx)) == NULL)
goto err;
if (!BN_mul(r, a, b, ctx))
@ -153,7 +153,7 @@ int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
goto err;
}
if (!ctx)
if ((ctx_new = ctx = BN_CTX_new()) == NULL)
if ((ctx_new = ctx = BN_CTX_new_ex(group->libctx)) == NULL)
goto err;
if (!BN_sqr(r, a, ctx))

27
crypto/ec/ecp_nistp224.c
View file

@ -1281,12 +1281,16 @@ int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p,
BN_CTX *ctx)
{
int ret = 0;
BN_CTX *new_ctx = NULL;
BIGNUM *curve_p, *curve_a, *curve_b;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
if (ctx == NULL)
if ((ctx = new_ctx = BN_CTX_new()) == NULL)
return 0;
new_ctx = BN_CTX_new();
#endif
if (ctx == NULL)
return 0;
BN_CTX_start(ctx);
curve_p = BN_CTX_get(ctx);
curve_a = BN_CTX_get(ctx);
@ -1305,7 +1309,9 @@ int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p,
ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
return ret;
}
@ -1588,16 +1594,23 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
int ret = 0;
NISTP224_PRE_COMP *pre = NULL;
int i, j;
BN_CTX *new_ctx = NULL;
BIGNUM *x, *y;
EC_POINT *generator = NULL;
felem tmp_felems[32];
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
#endif
/* throw away old precomputation */
EC_pre_comp_free(group);
#ifndef FIPS_MODE
if (ctx == NULL)
if ((ctx = new_ctx = BN_CTX_new()) == NULL)
return 0;
new_ctx = BN_CTX_new();
#endif
if (ctx == NULL)
return 0;
BN_CTX_start(ctx);
x = BN_CTX_get(ctx);
y = BN_CTX_get(ctx);
@ -1705,7 +1718,9 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
err:
BN_CTX_end(ctx);
EC_POINT_free(generator);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
EC_nistp224_pre_comp_free(pre);
return ret;
}

27
crypto/ec/ecp_nistp256.c
View file

@ -1901,12 +1901,16 @@ int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p,
BN_CTX *ctx)
{
int ret = 0;
BN_CTX *new_ctx = NULL;
BIGNUM *curve_p, *curve_a, *curve_b;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
if (ctx == NULL)
if ((ctx = new_ctx = BN_CTX_new()) == NULL)
return 0;
new_ctx = BN_CTX_new();
#endif
if (ctx == NULL)
return 0;
BN_CTX_start(ctx);
curve_p = BN_CTX_get(ctx);
curve_a = BN_CTX_get(ctx);
@ -1925,7 +1929,9 @@ int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p,
ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
return ret;
}
@ -2215,17 +2221,24 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
int ret = 0;
NISTP256_PRE_COMP *pre = NULL;
int i, j;
BN_CTX *new_ctx = NULL;
BIGNUM *x, *y;
EC_POINT *generator = NULL;
smallfelem tmp_smallfelems[32];
felem x_tmp, y_tmp, z_tmp;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
#endif
/* throw away old precomputation */
EC_pre_comp_free(group);
#ifndef FIPS_MODE
if (ctx == NULL)
if ((ctx = new_ctx = BN_CTX_new()) == NULL)
return 0;
new_ctx = BN_CTX_new();
#endif
if (ctx == NULL)
return 0;
BN_CTX_start(ctx);
x = BN_CTX_get(ctx);
y = BN_CTX_get(ctx);
@ -2343,7 +2356,9 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
err:
BN_CTX_end(ctx);
EC_POINT_free(generator);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
EC_nistp256_pre_comp_free(pre);
return ret;
}

27
crypto/ec/ecp_nistp521.c
View file

@ -1743,12 +1743,16 @@ int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p,
BN_CTX *ctx)
{
int ret = 0;
BN_CTX *new_ctx = NULL;
BIGNUM *curve_p, *curve_a, *curve_b;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
if (ctx == NULL)
if ((ctx = new_ctx = BN_CTX_new()) == NULL)
return 0;
new_ctx = BN_CTX_new();
#endif
if (ctx == NULL)
return 0;
BN_CTX_start(ctx);
curve_p = BN_CTX_get(ctx);
curve_a = BN_CTX_get(ctx);
@ -1767,7 +1771,9 @@ int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p,
ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
err:
BN_CTX_end(ctx);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
return ret;
}
@ -2054,16 +2060,23 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
int ret = 0;
NISTP521_PRE_COMP *pre = NULL;
int i, j;
BN_CTX *new_ctx = NULL;
BIGNUM *x, *y;
EC_POINT *generator = NULL;
felem tmp_felems[16];
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
#endif
/* throw away old precomputation */
EC_pre_comp_free(group);
#ifndef FIPS_MODE
if (ctx == NULL)
if ((ctx = new_ctx = BN_CTX_new()) == NULL)
return 0;
new_ctx = BN_CTX_new();
#endif
if (ctx == NULL)
return 0;
BN_CTX_start(ctx);
x = BN_CTX_get(ctx);
y = BN_CTX_get(ctx);
@ -2151,7 +2164,9 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
err:
BN_CTX_end(ctx);
EC_POINT_free(generator);
#ifndef FIPS_MODE
BN_CTX_free(new_ctx);
#endif
EC_nistp521_pre_comp_free(pre);
return ret;
}

2
crypto/ec/ecp_nistz256.c
View file

@ -813,7 +813,7 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
return 0;
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL)
goto err;
}

12
crypto/ec/ecp_oct.c
View file

@ -22,11 +22,13 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
BIGNUM *tmp1, *tmp2, *x, *y;
int ret = 0;
#ifndef FIPS_MODE
/* clear error queue */
ERR_clear_error();
#endif
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL)
return 0;
}
@ -99,6 +101,7 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
}
if (!BN_mod_sqrt(y, tmp1, group->field, ctx)) {
#ifndef FIPS_MODE
unsigned long err = ERR_peek_last_error();
if (ERR_GET_LIB(err) == ERR_LIB_BN
@ -107,8 +110,11 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
EC_R_INVALID_COMPRESSED_POINT);
} else
#endif
{
ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
ERR_R_BN_LIB);
}
goto err;
}
@ -194,7 +200,7 @@ size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
}
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL)
return 0;
}
@ -314,7 +320,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
}
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL)
return 0;
}

31
crypto/ec/ecp_smpl.c
View file

@ -146,7 +146,7 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group,
}
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL)
return 0;
}
@ -204,7 +204,7 @@ int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
if (a != NULL || b != NULL) {
if (group->meth->field_decode) {
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL)
return 0;
}
@ -248,7 +248,7 @@ int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
BN_CTX *new_ctx = NULL;
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL) {
ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT,
ERR_R_MALLOC_FAILURE);
@ -376,7 +376,7 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
int ret = 0;
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL)
return 0;
}
@ -435,7 +435,7 @@ int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
if (group->meth->field_decode != 0) {
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL)
return 0;
}
@ -509,7 +509,7 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,
}
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL)
return 0;
}
@ -629,7 +629,7 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
p = group->field;
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL)
return 0;
}
@ -813,7 +813,7 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
p = group->field;
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL)
return 0;
}
@ -966,7 +966,7 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
p = group->field;
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL)
return -1;
}
@ -1083,7 +1083,7 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
field_sqr = group->meth->field_sqr;
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL)
return -1;
}
@ -1169,7 +1169,7 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
return 1;
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL)
return 0;
}
@ -1210,7 +1210,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
return 1;
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
ctx = new_ctx = BN_CTX_new_ex(group->libctx);
if (ctx == NULL)
return 0;
}
@ -1380,7 +1380,8 @@ int ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
BN_CTX *new_ctx = NULL;
int ret = 0;
if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
if (ctx == NULL
&& (ctx = new_ctx = BN_CTX_secure_new_ex(group->libctx)) == NULL)
return 0;
BN_CTX_start(ctx);
@ -1388,7 +1389,7 @@ int ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
goto err;
do {
if (!BN_priv_rand_range(e, group->field))
if (!BN_priv_rand_range_ex(e, group->field, ctx))
goto err;
} while (BN_is_zero(e));
@ -1436,7 +1437,7 @@ int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
/* make sure lambda is not zero */
do {
if (!BN_priv_rand_range(lambda, group->field)) {
if (!BN_priv_rand_range_ex(lambda, group->field, ctx)) {
ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_BN_LIB);
goto err;
}

20
crypto/ec/ecx_meth.c
View file

@ -110,7 +110,11 @@ static int ecx_key_op(EVP_PKEY *pkey, int id, const X509_ALGOR *palg,
X448_public_from_private(pubkey, privkey);
break;
case EVP_PKEY_ED448:
ED448_public_from_private(pubkey, privkey);
/*
* TODO(3.0): We set the library context to NULL for now. This will
* need to change.
*/
ED448_public_from_private(NULL, pubkey, privkey);
break;
}
}
@ -771,8 +775,12 @@ static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig,
return 0;
}
if (ED448_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL,
0) == 0)
/*
* TODO(3.0): We use NULL for the library context for now. Will need to
* change later.
*/
if (ED448_sign(NULL, sig, tbs, tbslen, edkey->pubkey, edkey->privkey,
NULL, 0) == 0)
return 0;
*siglen = ED448_SIGSIZE;
return 1;
@ -799,7 +807,11 @@ static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,
if (siglen != ED448_SIGSIZE)
return 0;
return ED448_verify(tbs, tbslen, sig, edkey->pubkey, NULL, 0);
/*
* TODO(3.0): We send NULL for the OPENSSL_CTX for now. This will need to
* change.
*/
return ED448_verify(NULL, tbs, tbslen, sig, edkey->pubkey, NULL, 0);
}
static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)

4
crypto/err/openssl.txt
View file

@ -627,6 +627,7 @@ EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES:169:\
ec_GFp_simple_set_compressed_coordinates
EC_F_EC_GROUP_CHECK:170:EC_GROUP_check
EC_F_EC_GROUP_CHECK_DISCRIMINANT:171:EC_GROUP_check_discriminant
EC_F_EC_GROUP_CHECK_NAMED_CURVE:299:EC_GROUP_check_named_curve
EC_F_EC_GROUP_COPY:106:EC_GROUP_copy
EC_F_EC_GROUP_GET_CURVE:291:EC_GROUP_get_curve
EC_F_EC_GROUP_GET_CURVE_GF2M:172:EC_GROUP_get_curve_GF2m
@ -638,6 +639,8 @@ EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS:193:EC_GROUP_get_pentanomial_basis
EC_F_EC_GROUP_GET_TRINOMIAL_BASIS:194:EC_GROUP_get_trinomial_basis
EC_F_EC_GROUP_NEW:108:EC_GROUP_new
EC_F_EC_GROUP_NEW_BY_CURVE_NAME:174:EC_GROUP_new_by_curve_name
EC_F_EC_GROUP_NEW_BY_CURVE_NAME_EX:301:EC_GROUP_new_by_curve_name_ex
EC_F_EC_GROUP_NEW_EX:302:EC_GROUP_new_ex
EC_F_EC_GROUP_NEW_FROM_DATA:175:ec_group_new_from_data
EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS:263:EC_GROUP_new_from_ecparameters
EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS:264:EC_GROUP_new_from_ecpkparameters
@ -651,6 +654,7 @@ EC_F_EC_KEY_COPY:178:EC_KEY_copy
EC_F_EC_KEY_GENERATE_KEY:179:EC_KEY_generate_key
EC_F_EC_KEY_NEW:182:EC_KEY_new
EC_F_EC_KEY_NEW_METHOD:245:EC_KEY_new_method
EC_F_EC_KEY_NEW_METHOD_INT:300:ec_key_new_method_int
EC_F_EC_KEY_OCT2PRIV:255:EC_KEY_oct2priv
EC_F_EC_KEY_PRINT:180:EC_KEY_print
EC_F_EC_KEY_PRINT_FP:181:EC_KEY_print_fp

1
crypto/include/internal/bn_int.h
View file

@ -110,4 +110,5 @@ int bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
const BIGNUM *r1, const BIGNUM *r2, int nlen,
const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
OPENSSL_CTX *bn_get_lib_ctx(BN_CTX *ctx);
#endif

6
crypto/ppccap.c
View file

@ -145,8 +145,9 @@ int poly1305_init(void *ctx, const unsigned char key[16], void *func[2])
return 1;
}
# endif
#endif /* FIPS_MODE */
# ifdef ECP_NISTZ256_ASM
#ifdef ECP_NISTZ256_ASM
void ecp_nistz256_mul_mont(unsigned long res[4], const unsigned long a[4],
const unsigned long b[4]);
@ -168,8 +169,7 @@ void ecp_nistz256_from_mont(unsigned long res[4], const unsigned long in[4])
ecp_nistz256_mul_mont(res, in, one);
}
# endif
#endif /* FIPS_MODE */
#endif
static sigjmp_buf ill_jmp;
static void ill_handler(int sig)

5
doc/man3/EC_GROUP_copy.pod
View file

@ -51,7 +51,8 @@ EC_GROUP_get_pentanomial_basis, EC_GROUP_get0_field
int EC_GROUP_get_degree(const EC_GROUP *group);
int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only);
int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only,
BN_CTX *ctx);
int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
@ -152,6 +153,8 @@ then this method can be used to lookup the name of the curve that matches the gr
aliases, so that multiple NID's can map to the same domain parameters. For such curves it is unspecified which of the aliases will be
returned if the curve name of the given group is NID_undef.
If B<nist_only> is 1 it will only look for NIST approved curves, otherwise it searches all built-in curves.
This function may be passed a BN_CTX object in the B<ctx> parameter.
The B<ctx> parameter may be NULL.
EC_GROUP_cmp compares B<a> and B<b> to determine whether they represent the same curve or not.

63
include/openssl/ec.h
View file

@ -100,8 +100,21 @@ const EC_METHOD *EC_GF2m_simple_method(void);
/* EC_GROUP functions */
/********************************************************************/
/** Creates a new EC_GROUP object
* \param meth EC_METHOD to use
/**
* Creates a new EC_GROUP object
* \param libctx The associated library context or NULL for the default
* library context
* \param meth EC_METHOD to use
* \return newly created EC_GROUP object or NULL in case of an error.
*/
EC_GROUP *EC_GROUP_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth);
/**
* Creates a new EC_GROUP object. Same as EC_GROUP_new_ex with NULL for the
* library context.
* \param libctx The associated library context or NULL for the default
* library context
* \param meth EC_METHOD to use
* \return newly created EC_GROUP object or NULL in case of an error.
*/
EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
@ -364,8 +377,20 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx);
# endif
/** Creates a EC_GROUP object with a curve specified by a NID
* \param nid NID of the OID of the curve name
/**
* Creates a EC_GROUP object with a curve specified by a NID
* \param libctx The associated library context or NULL for the default
* context
* \param nid NID of the OID of the curve name
* \return newly created EC_GROUP object with specified curve or NULL
* if an error occurred
*/
EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, int nid);
/**
* Creates a EC_GROUP object with a curve specified by a NID. Same as
* EC_GROUP_new_by_curve_name_ex but the libctx is always NULL.
* \param nid NID of the OID of the curve name
* \return newly created EC_GROUP object with specified curve or NULL
* if an error occurred
*/
@ -422,7 +447,8 @@ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
const char *EC_curve_nid2nist(int nid);
int EC_curve_nist2nid(const char *name);
int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only);
int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only,
BN_CTX *ctx);
/********************************************************************/
/* EC_POINT functions */
@ -825,7 +851,17 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
# define EC_FLAG_FIPS_CHECKED 0x2
# define EC_FLAG_COFACTOR_ECDH 0x1000
/** Creates a new EC_KEY object.
/**
* Creates a new EC_KEY object.
* \param ctx The library context for to use for this EC_KEY. May be NULL in
* which case the default library context is used.
* \return EC_KEY object or NULL if an error occurred.
*/
EC_KEY *EC_KEY_new_ex(OPENSSL_CTX *ctx);
/**
* Creates a new EC_KEY object. Same as calling EC_KEY_new_ex with a NULL
* library context
* \return EC_KEY object or NULL if an error occurred.
*/
EC_KEY *EC_KEY_new(void);
@ -836,13 +872,26 @@ void EC_KEY_set_flags(EC_KEY *key, int flags);
void EC_KEY_clear_flags(EC_KEY *key, int flags);
/** Creates a new EC_KEY object using a named curve as underlying
/**
* Creates a new EC_KEY object using a named curve as underlying
* EC_GROUP object.
* \param ctx The library context for to use for this EC_KEY. May be NULL in
* which case the default library context is used.
* \param nid NID of the named curve.
* \return EC_KEY object or NULL if an error occurred.
*/
EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, int nid);
/**
* Creates a new EC_KEY object using a named curve as underlying
* EC_GROUP object. Same as calling EC_KEY_new_by_curve_name_ex with a NULL
* library context.
* \param nid NID of the named curve.
* \return EC_KEY object or NULL if an error occurred.
*/
EC_KEY *EC_KEY_new_by_curve_name(int nid);
/** Frees a EC_KEY object.
* \param key EC_KEY object to be freed.
*/

24
test/curve448_internal_test.c
View file

@ -600,38 +600,38 @@ static int test_ed448(void)
EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
if (!TEST_ptr(hashctx)
|| !TEST_true(ED448_sign(outsig, NULL, 0, pubkey1, privkey1, NULL,
0))
|| !TEST_true(ED448_sign(NULL, outsig, NULL, 0, pubkey1, privkey1,
NULL, 0))
|| !TEST_int_eq(memcmp(sig1, outsig, sizeof(sig1)), 0)
|| !TEST_true(ED448_sign(outsig, msg2, sizeof(msg2), pubkey2,
|| !TEST_true(ED448_sign(NULL, outsig, msg2, sizeof(msg2), pubkey2,
privkey2, NULL, 0))
|| !TEST_int_eq(memcmp(sig2, outsig, sizeof(sig2)), 0)
|| !TEST_true(ED448_sign(outsig, msg3, sizeof(msg3), pubkey3,
|| !TEST_true(ED448_sign(NULL, outsig, msg3, sizeof(msg3), pubkey3,
privkey3, context3, sizeof(context3)))
|| !TEST_int_eq(memcmp(sig3, outsig, sizeof(sig3)), 0)
|| !TEST_true(ED448_sign(outsig, msg4, sizeof(msg4), pubkey4,
|| !TEST_true(ED448_sign(NULL, outsig, msg4, sizeof(msg4), pubkey4,
privkey4, NULL, 0))
|| !TEST_int_eq(memcmp(sig4, outsig, sizeof(sig4)), 0)
|| !TEST_true(ED448_sign(outsig, msg5, sizeof(msg5), pubkey5,
|| !TEST_true(ED448_sign(NULL, outsig, msg5, sizeof(msg5), pubkey5,
privkey5, NULL, 0))
|| !TEST_int_eq(memcmp(sig5, outsig, sizeof(sig5)), 0)
|| !TEST_true(ED448_sign(outsig, msg6, sizeof(msg6), pubkey6,
|| !TEST_true(ED448_sign(NULL, outsig, msg6, sizeof(msg6), pubkey6,
privkey6, NULL, 0))
|| !TEST_int_eq(memcmp(sig6, outsig, sizeof(sig6)), 0)
|| !TEST_true(ED448_sign(outsig, msg7, sizeof(msg7), pubkey7,
|| !TEST_true(ED448_sign(NULL, outsig, msg7, sizeof(msg7), pubkey7,
privkey7, NULL, 0))
|| !TEST_int_eq(memcmp(sig7, outsig, sizeof(sig7)), 0)
|| !TEST_true(ED448_sign(outsig, msg8, sizeof(msg8), pubkey8,
|| !TEST_true(ED448_sign(NULL, outsig, msg8, sizeof(msg8), pubkey8,
privkey8, NULL, 0))
|| !TEST_int_eq(memcmp(sig8, outsig, sizeof(sig8)), 0)
|| !TEST_true(ED448_sign(outsig, msg9, sizeof(msg9), pubkey9,
|| !TEST_true(ED448_sign(NULL, outsig, msg9, sizeof(msg9), pubkey9,
privkey9, NULL, 0))
|| !TEST_int_eq(memcmp(sig9, outsig, sizeof(sig9)), 0)
|| !TEST_true(ED448ph_sign(outsig, dohash(hashctx, phmsg1,
|| !TEST_true(ED448ph_sign(NULL, outsig, dohash(hashctx, phmsg1,
sizeof(phmsg1)), phpubkey1, phprivkey1,
NULL, 0))
|| !TEST_int_eq(memcmp(phsig1, outsig, sizeof(phsig1)), 0)
|| !TEST_true(ED448ph_sign(outsig, dohash(hashctx, phmsg2,
|| !TEST_true(ED448ph_sign(NULL, outsig, dohash(hashctx, phmsg2,
sizeof(phmsg2)), phpubkey2, phprivkey2,
phcontext2, sizeof(phcontext2)))
|| !TEST_int_eq(memcmp(phsig2, outsig, sizeof(phsig2)), 0)) {

38
test/ectest.c
View file

@ -1625,22 +1625,22 @@ static int check_named_curve_test(int id)
}
/* Passes because this is a valid curve */
if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0), nid)
if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid)
/* Only NIST curves pass */
|| !TEST_int_eq(EC_GROUP_check_named_curve(group, 1),
|| !TEST_int_eq(EC_GROUP_check_named_curve(group, 1, NULL),
EC_curve_nid2nist(nid) != NULL ? nid : NID_undef))
goto err;
/* Fail if the curve name doesn't match the parameters */
EC_GROUP_set_curve_name(group, nid + 1);
ERR_set_mark();
if (!TEST_int_le(EC_GROUP_check_named_curve(group, 0), 0))
if (!TEST_int_le(EC_GROUP_check_named_curve(group, 0, NULL), 0))
goto err;
ERR_pop_to_mark();
/* Restore curve name and ensure it's passing */
EC_GROUP_set_curve_name(group, nid);
if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0), nid))
if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid))
goto err;
if (!TEST_int_eq(EC_GROUP_set_seed(group, invalid_seed, invalid_seed_len),
@ -1652,47 +1652,47 @@ static int check_named_curve_test(int id)
* If the built-in curve has a seed and we set the seed to another value
* then it will fail the check.
*/
if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0), 0))
if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), 0))
goto err;
} else {
/*
* If the built-in curve does not have a seed then setting the seed will
* pass the check (as the seed is optional).
*/
if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0), nid))
if (!TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid))
goto err;
}
/* Pass if the seed is unknown (as it is optional) */
if (!TEST_int_eq(EC_GROUP_set_seed(group, NULL, 0), 1)
|| !TEST_int_eq(EC_GROUP_check_named_curve(group, 0), nid))
|| !TEST_int_eq(EC_GROUP_check_named_curve(group, 0, NULL), nid))
goto err;
/* Check that a duped group passes */
if (!TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0), nid))
if (!TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid))
goto err;
/* check that changing any generator parameter fails */
if (!TEST_true(EC_GROUP_set_generator(gtest, other_gen, group_order,
group_cofactor))
|| !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0), 0)
|| !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)
|| !TEST_true(EC_GROUP_set_generator(gtest, group_gen, other_order,
group_cofactor))
|| !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0), 0)
|| !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)
/* The order is not an optional field, so this should fail */
|| !TEST_true(EC_GROUP_set_generator(gtest, group_gen, NULL,
group_cofactor))
|| !TEST_int_le(EC_GROUP_check_named_curve(gtest, 0), 0)
|| !TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)
|| !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order,
other_cofactor))
|| !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0), 0)
|| !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0)
/* Check that if the cofactor is not set then it still passes */
|| !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order,
NULL))
|| !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0), nid)
|| !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid)
/* check that restoring the generator passes */
|| !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order,
group_cofactor))
|| !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0), nid))
|| !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid))
goto err;
/*
@ -1704,7 +1704,7 @@ static int check_named_curve_test(int id)
*/
ERR_set_mark();
if (EC_GROUP_set_curve(gtest, other_p, group_a, group_b, NULL)) {
if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0), 0))
if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0))
goto err;
} else {
/* clear the error stack if EC_GROUP_set_curve() failed */
@ -1712,7 +1712,7 @@ static int check_named_curve_test(int id)
ERR_set_mark();
}
if (EC_GROUP_set_curve(gtest, group_p, other_a, group_b, NULL)) {
if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0), 0))
if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0))
goto err;
} else {
/* clear the error stack if EC_GROUP_set_curve() failed */
@ -1720,7 +1720,7 @@ static int check_named_curve_test(int id)
ERR_set_mark();
}
if (EC_GROUP_set_curve(gtest, group_p, group_a, other_b, NULL)) {
if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0), 0))
if (!TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0))
goto err;
} else {
/* clear the error stack if EC_GROUP_set_curve() failed */
@ -1731,7 +1731,7 @@ static int check_named_curve_test(int id)
/* Check that restoring the curve parameters passes */
if (!TEST_true(EC_GROUP_set_curve(gtest, group_p, group_a, group_b, NULL))
|| !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0), nid))
|| !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), nid))
goto err;
ret = 1;
@ -1778,7 +1778,7 @@ static int check_named_curve_lookup_test(int id)
if (!TEST_ptr(g = EC_GROUP_new_from_ecparameters(p)))
goto err;
if (!TEST_int_gt(rv = EC_GROUP_check_named_curve(g, 0), 0))
if (!TEST_int_gt(rv = EC_GROUP_check_named_curve(g, 0, NULL), 0))
goto err;
if (rv != nid) {
/*

4
util/libcrypto.num
View file

@ -4702,3 +4702,7 @@ ERR_set_error 4811 3_0_0 EXIST::FUNCTION:
ERR_vset_error 4812 3_0_0 EXIST::FUNCTION:
X509_get0_authority_issuer 4813 3_0_0 EXIST::FUNCTION:
X509_get0_authority_serial 4814 3_0_0 EXIST::FUNCTION:
EC_GROUP_new_ex 4815 3_0_0 EXIST::FUNCTION:EC
EC_GROUP_new_by_curve_name_ex 4816 3_0_0 EXIST::FUNCTION:EC
EC_KEY_new_ex 4817 3_0_0 EXIST::FUNCTION:EC
EC_KEY_new_by_curve_name_ex 4818 3_0_0 EXIST::FUNCTION:EC