X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fecdh%2Fech_ossl.c;h=ceaa2f06b6389cd81dd4d09404d852407242b4ba;hp=b3cff5ad90f103294906fa6a3567980988e64a9a;hb=8857b380e21b7140508cbcdd57abbcafdc658463;hpb=8b5bcef7981ed9c561619fed3a6000b5c6ee6b95 diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index b3cff5ad90..ceaa2f06b6 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -67,19 +67,22 @@ * */ +#define OPENSSL_FIPSAPI #include #include #include "cryptlib.h" -#include +#include "ech_locl.h" #include #include #include +#include -static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, EC_KEY *ecdh, - void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)); +static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, + EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); static ECDH_METHOD openssl_ecdh_meth = { "OpenSSL ECDH method", @@ -103,13 +106,17 @@ const ECDH_METHOD *ECDH_OpenSSL(void) * - ECSVDP-DH * Finally an optional KDF is applied. */ -static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, - void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)) +static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) { BN_CTX *ctx; EC_POINT *tmp=NULL; BIGNUM *x=NULL, *y=NULL; - int ret= -1, buflen, len; + const BIGNUM *priv_key; + const EC_GROUP* group; + int ret= -1; + size_t buflen, len; unsigned char *buf=NULL; if (outlen > INT_MAX) @@ -123,42 +130,46 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, E x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); - if (ecdh->priv_key == NULL) + priv_key = EC_KEY_get0_private_key(ecdh); + if (priv_key == NULL) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE); goto err; } - if ((tmp=EC_POINT_new(ecdh->group)) == NULL) + group = EC_KEY_get0_group(ecdh); + if ((tmp=EC_POINT_new(group)) == NULL) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); goto err; } - if (!EC_POINT_mul(ecdh->group, tmp, NULL, pub_key, ecdh->priv_key, ctx)) + if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); goto err; } - if (EC_METHOD_get_field_type(EC_GROUP_method_of(ecdh->group)) == NID_X9_62_prime_field) + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp(ecdh->group, tmp, x, y, ctx)) + if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); goto err; } } +#ifndef OPENSSL_NO_EC2M else { - if (!EC_POINT_get_affine_coordinates_GF2m(ecdh->group, tmp, x, y, ctx)) + if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); goto err; } } +#endif - buflen = (EC_GROUP_get_degree(ecdh->group) + 7)/8; + buflen = (EC_GROUP_get_degree(group) + 7)/8; len = BN_num_bytes(x); if (len > buflen) { @@ -172,7 +183,7 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, E } memset(buf, 0, buflen - len); - if (len != BN_bn2bin(x, buf + buflen - len)) + if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); goto err; @@ -180,7 +191,7 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, E if (KDF != 0) { - if (KDF(buf, buflen, out, outlen) == NULL) + if (KDF(buf, buflen, out, &outlen) == NULL) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED); goto err; @@ -203,3 +214,15 @@ err: if (buf) OPENSSL_free(buf); return(ret); } + +#ifdef OPENSSL_FIPSCANISTER +/* FIPS stanadlone version of ecdh_check: just return FIPS method */ +ECDH_DATA *fips_ecdh_check(EC_KEY *key) + { + static ECDH_DATA rv = { + 0,0,0, + &openssl_ecdh_meth + }; + return &rv; + } +#endif