Check return codes properly.
[openssl.git] / fips / rand / fips_drbg_ec.c
index ee6fe07..c4d7612 100644 (file)
@@ -218,7 +218,7 @@ static int drbg_ec_mul(DRBG_EC_CTX *ectx, BIGNUM *r, const BIGNUM *s, int use_q)
        if (!EC_POINT_get_affine_coordinates_GFp(ectx->curve, ectx->ptmp, r,
                                                        NULL, ectx->bctx))
                return 0;
-       return 0;
+       return 1;
        }
 
 static int drbg_ec_instantiate(DRBG_CTX *dctx,
@@ -244,7 +244,7 @@ static int drbg_ec_reseed(DRBG_CTX *dctx,
        /* Check if we have a deferred s = s * P */
        if (ectx->sp_defer)
                {
-               if (drbg_ec_mul(ectx, ectx->s, ectx->s, 0))
+               if (!drbg_ec_mul(ectx, ectx->s, ectx->s, 0))
                        return 0;
                ectx->sp_defer = 0;
                }
@@ -281,23 +281,25 @@ static int drbg_ec_generate(DRBG_CTX *dctx,
        /* Check if we have a deferred s = s * P */
        if (ectx->sp_defer)
                {
-               if (drbg_ec_mul(ectx, s, s, 0))
+               if (!drbg_ec_mul(ectx, s, s, 0))
                        goto err;
                ectx->sp_defer = 0;
                }
 
        BN_CTX_start(ectx->bctx);
-       t = BN_CTX_get(ectx->bctx);
        r = BN_CTX_get(ectx->bctx);
        if (!r)
                goto err;
        if (adin && adin_len)
                {
                size_t i;
+               t = BN_CTX_get(ectx->bctx);
+               if (!t)
+                       goto err;
                /* Convert s to buffer */
                if (ectx->exbits)
-                       BN_lshift(ectx->s, ectx->s, ectx->exbits);
-               bn2binpad(ectx->sbuf, dctx->seedlen, ectx->s);
+                       BN_lshift(s, s, ectx->exbits);
+               bn2binpad(ectx->sbuf, dctx->seedlen, s);
                /* Step 2 */
                if (!hash_df(dctx, ectx->tbuf, adin, adin_len,
                                NULL, 0, NULL, 0))
@@ -309,23 +311,25 @@ static int drbg_ec_generate(DRBG_CTX *dctx,
                        return 0;
                }
        else
-               if (!BN_copy(t, ectx->s))
-                       goto err;
+               /* Note if no additional input the algorithm never
+                * needs separate values for t and s.
+                */
+               t = s;
 
 #ifdef EC_DRBG_TRACE
-       bnprint(stderr, "s at start of generate: ", ectx->s);
+       bnprint(stderr, "s at start of generate: ", s);
 #endif
 
        for (;;)
                {
                /* Step #6, calculate s = t * P */
-               if (drbg_ec_mul(ectx, s, t, 0))
+               if (!drbg_ec_mul(ectx, s, t, 0))
                        goto err;
 #ifdef EC_DRBG_TRACE
                bnprint(stderr, "s in generate: ", ectx->s);
 #endif
                /* Step #7, calculate r = s * Q */
-               if (drbg_ec_mul(ectx, r, s, 1))
+               if (!drbg_ec_mul(ectx, r, s, 1))
                        goto err;
 #ifdef EC_DRBG_TRACE
        bnprint(stderr, "r in generate is: ", r);
@@ -333,7 +337,7 @@ static int drbg_ec_generate(DRBG_CTX *dctx,
                dctx->reseed_counter++;
                /* Get rightmost bits of r to output buffer */
 
-               if (!(dctx->flags & DRBG_FLAG_TEST) && !dctx->lb_valid)
+               if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
                        {
                        if (!bn2binpad(dctx->lb, dctx->blocklength, r))
                                goto err;
@@ -360,6 +364,8 @@ static int drbg_ec_generate(DRBG_CTX *dctx,
                if (!outlen)
                        break;
                out += dctx->blocklength;
+               /* Step #5 after first pass */
+               t = s;
 #ifdef EC_DRBG_TRACE
                fprintf(stderr, "Random bits written:\n");
                hexprint(stderr, out, dctx->blocklength);
@@ -392,23 +398,27 @@ static int drbg_ec_uninstantiate(DRBG_CTX *dctx)
 
 /* Q points from SP 800-90 A.1, P is generator */
 
+__fips_constseg
 static const unsigned char p_256_qx[] = {
        0xc9,0x74,0x45,0xf4,0x5c,0xde,0xf9,0xf0,0xd3,0xe0,0x5e,0x1e,
        0x58,0x5f,0xc2,0x97,0x23,0x5b,0x82,0xb5,0xbe,0x8f,0xf3,0xef,
        0xca,0x67,0xc5,0x98,0x52,0x01,0x81,0x92
 };
+__fips_constseg
 static const unsigned char p_256_qy[] = {
        0xb2,0x8e,0xf5,0x57,0xba,0x31,0xdf,0xcb,0xdd,0x21,0xac,0x46,
        0xe2,0xa9,0x1e,0x3c,0x30,0x4f,0x44,0xcb,0x87,0x05,0x8a,0xda,
        0x2c,0xb8,0x15,0x15,0x1e,0x61,0x00,0x46
 };
 
+__fips_constseg
 static const unsigned char p_384_qx[] = {
        0x8e,0x72,0x2d,0xe3,0x12,0x5b,0xdd,0xb0,0x55,0x80,0x16,0x4b,
        0xfe,0x20,0xb8,0xb4,0x32,0x21,0x6a,0x62,0x92,0x6c,0x57,0x50,
        0x2c,0xee,0xde,0x31,0xc4,0x78,0x16,0xed,0xd1,0xe8,0x97,0x69,
        0x12,0x41,0x79,0xd0,0xb6,0x95,0x10,0x64,0x28,0x81,0x50,0x65
 };
+__fips_constseg
 static const unsigned char p_384_qy[] = {
        0x02,0x3b,0x16,0x60,0xdd,0x70,0x1d,0x08,0x39,0xfd,0x45,0xee,
        0xc3,0x6f,0x9e,0xe7,0xb3,0x2e,0x13,0xb3,0x15,0xdc,0x02,0x61,
@@ -416,6 +426,7 @@ static const unsigned char p_384_qy[] = {
        0xc5,0xe0,0x9b,0x05,0x67,0x4d,0xbb,0x7e,0x45,0xc8,0x03,0xdd
 };
 
+__fips_constseg
 static const unsigned char p_521_qx[] = {
        0x01,0xb9,0xfa,0x3e,0x51,0x8d,0x68,0x3c,0x6b,0x65,0x76,0x36,
        0x94,0xac,0x8e,0xfb,0xae,0xc6,0xfa,0xb4,0x4f,0x22,0x76,0x17,
@@ -424,6 +435,7 @@ static const unsigned char p_521_qx[] = {
        0x3b,0x24,0xc3,0xed,0xfa,0x0f,0x85,0xfe,0x24,0xd0,0xc8,0xc0,
        0x15,0x91,0xf0,0xbe,0x6f,0x63
 };
+__fips_constseg
 static const unsigned char p_521_qy[] = {
        0x01,0xf3,0xbd,0xba,0x58,0x52,0x95,0xd9,0xa1,0x11,0x0d,0x1d,
        0xf1,0xf9,0x43,0x0e,0xf8,0x44,0x2c,0x50,0x18,0x97,0x6f,0xf3,
@@ -487,7 +499,7 @@ int fips_drbg_ec_init(DRBG_CTX *dctx)
                return -2;
                }
 
-       dctx->flags |= DRBG_CUSTOM_RESEED;
+       dctx->iflags |= DRBG_CUSTOM_RESEED;
        dctx->reseed_counter = 0;
        dctx->instantiate = drbg_ec_instantiate;
        dctx->reseed = drbg_ec_reseed;