add cofactor ECDH support from fips branch

author Dr. Stephen Henson <steve@openssl.org>

Sat, 10 Dec 2011 13:35:11 +0000 (13:35 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 1 Oct 2013 13:01:18 +0000 (14:01 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Sat, 10 Dec 2011 13:35:11 +0000 (13:35 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 1 Oct 2013 13:01:18 +0000 (14:01 +0100)
diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h

index 98c6cdf9be75cdf2f97a6d874ac1040ecfd039f0..6d792180d6e212238337d364916480d586bd86d1 100644 (file)
--- a/crypto/ecdh/ecdh.h
+++ b/crypto/ecdh/ecdh.h
@@ -85,6 +85,8 @@
  extern "C" {
  #endif
  
+#define EC_FLAG_COFACTOR_ECDH  0x1000
+
  const ECDH_METHOD *ECDH_OpenSSL(void);
  
  void     ECDH_set_default_method(const ECDH_METHOD *);
diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c

index 4a30628fbcc98b8c9ef9f1aa71acb8b5cd687bd6..fa98eb11cefc0e10420cee5fa4e1297359c5ee06 100644 (file)
--- a/crypto/ecdh/ech_ossl.c
+++ b/crypto/ecdh/ech_ossl.c
@@ -137,6 +137,18 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
                 }
  
         group = EC_KEY_get0_group(ecdh);
+
+       if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH)
+               {
+               if (!EC_GROUP_get_cofactor(group, x, ctx) ||
+                       !BN_mul(x, x, priv_key, ctx))
+                       {
+                       ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+                       goto err;
+                       }
+               priv_key = x;
+               }
+
         if ((tmp=EC_POINT_new(group)) == NULL)
                 {
                 ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
author	Dr. Stephen Henson <steve@openssl.org>
	Sat, 10 Dec 2011 13:35:11 +0000 (13:35 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 1 Oct 2013 13:01:18 +0000 (14:01 +0100)
crypto/ecdh/ecdh.h		patch \| blob \| history
crypto/ecdh/ech_ossl.c		patch \| blob \| history