Changeset 94082 in vbox for trunk/src/libs/openssl-3.0.1/crypto/ec
- Timestamp:
- Mar 3, 2022 7:17:34 PM (3 years ago)
- svn:sync-xref-src-repo-rev:
- 150325
- Location:
- trunk/src/libs/openssl-3.0.1
- Files:
-
- 1 deleted
- 57 edited
-
. (modified) (1 prop)
-
crypto/ec/asm/ecp_nistz256-armv4.pl (modified) (6 diffs)
-
crypto/ec/asm/ecp_nistz256-armv8.pl (modified) (7 diffs)
-
crypto/ec/asm/ecp_nistz256-ppc64.pl (modified) (4 diffs)
-
crypto/ec/asm/ecp_nistz256-sparcv9.pl (modified) (2 diffs)
-
crypto/ec/asm/ecp_nistz256-x86.pl (modified) (2 diffs)
-
crypto/ec/asm/ecp_nistz256-x86_64.pl (modified) (4 diffs)
-
crypto/ec/asm/x25519-ppc64.pl (modified) (3 diffs)
-
crypto/ec/asm/x25519-x86_64.pl (modified) (3 diffs)
-
crypto/ec/build.info (modified) (1 diff)
-
crypto/ec/curve25519.c (modified) (12 diffs)
-
crypto/ec/curve448/arch_32/arch_intrinsics.h (modified) (1 diff)
-
crypto/ec/curve448/arch_32/f_impl.c (deleted)
-
crypto/ec/curve448/arch_32/f_impl.h (modified) (1 diff)
-
crypto/ec/curve448/curve448.c (modified) (22 diffs)
-
crypto/ec/curve448/curve448_local.h (modified) (2 diffs)
-
crypto/ec/curve448/curve448_tables.c (modified) (3 diffs)
-
crypto/ec/curve448/curve448utils.h (modified) (3 diffs)
-
crypto/ec/curve448/ed448.h (modified) (9 diffs)
-
crypto/ec/curve448/eddsa.c (modified) (19 diffs)
-
crypto/ec/curve448/f_generic.c (modified) (2 diffs)
-
crypto/ec/curve448/field.h (modified) (2 diffs)
-
crypto/ec/curve448/point_448.h (modified) (17 diffs)
-
crypto/ec/curve448/scalar.c (modified) (11 diffs)
-
crypto/ec/curve448/word.h (modified) (2 diffs)
-
crypto/ec/ec2_oct.c (modified) (25 diffs)
-
crypto/ec/ec2_smpl.c (modified) (48 diffs)
-
crypto/ec/ec_ameth.c (modified) (26 diffs)
-
crypto/ec/ec_asn1.c (modified) (83 diffs)
-
crypto/ec/ec_check.c (modified) (8 diffs)
-
crypto/ec/ec_curve.c (modified) (38 diffs)
-
crypto/ec/ec_cvt.c (modified) (4 diffs)
-
crypto/ec/ec_err.c (modified) (8 diffs)
-
crypto/ec/ec_key.c (modified) (34 diffs)
-
crypto/ec/ec_kmeth.c (modified) (9 diffs)
-
crypto/ec/ec_lib.c (modified) (66 diffs)
-
crypto/ec/ec_local.h (modified) (12 diffs)
-
crypto/ec/ec_mult.c (modified) (44 diffs)
-
crypto/ec/ec_oct.c (modified) (6 diffs)
-
crypto/ec/ec_pmeth.c (modified) (20 diffs)
-
crypto/ec/ec_print.c (modified) (3 diffs)
-
crypto/ec/ecdh_kdf.c (modified) (4 diffs)
-
crypto/ec/ecdh_ossl.c (modified) (9 diffs)
-
crypto/ec/ecdsa_ossl.c (modified) (22 diffs)
-
crypto/ec/ecdsa_sign.c (modified) (4 diffs)
-
crypto/ec/ecdsa_vrf.c (modified) (3 diffs)
-
crypto/ec/eck_prn.c (modified) (12 diffs)
-
crypto/ec/ecp_mont.c (modified) (20 diffs)
-
crypto/ec/ecp_nist.c (modified) (9 diffs)
-
crypto/ec/ecp_nistp224.c (modified) (26 diffs)
-
crypto/ec/ecp_nistp256.c (modified) (32 diffs)
-
crypto/ec/ecp_nistp521.c (modified) (32 diffs)
-
crypto/ec/ecp_nistputil.c (modified) (7 diffs)
-
crypto/ec/ecp_nistz256.c (modified) (25 diffs)
-
crypto/ec/ecp_nistz256_table.c (modified) (1 diff)
-
crypto/ec/ecp_oct.c (modified) (22 diffs)
-
crypto/ec/ecp_smpl.c (modified) (55 diffs)
-
crypto/ec/ecx_meth.c (modified) (41 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/libs/openssl-3.0.1
- Property svn:mergeinfo
-
old new 12 12 /vendor/openssl/1.1.1c:131722-131725 13 13 /vendor/openssl/1.1.1k:145841-145843 14 /vendor/openssl/3.0.1:150323-150324 15 /vendor/openssl/current:147554-150322
-
- Property svn:mergeinfo
-
trunk/src/libs/openssl-3.0.1/crypto/ec/asm/ecp_nistz256-armv4.pl
r91772 r94082 2 2 # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 # Licensed under the OpenSSL license(the "License"). You may not use4 # Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 # this file except in compliance with the License. You can obtain a copy 6 6 # in the file LICENSE in the source distribution or at … … 34 34 # operation. Keep in mind that +200% means 3x improvement. 35 35 36 $flavour = shift; 37 if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } 38 else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} } 36 # $output is the last argument if it looks like a file (it has an extension) 37 # $flavour is the first argument if it doesn't look like a file 38 $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; 39 $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; 39 40 40 41 if ($flavour && $flavour ne "void") { … … 44 45 die "can't locate arm-xlate.pl"; 45 46 46 open STDOUT,"| \"$^X\" $xlate $flavour $output"; 47 open STDOUT,"| \"$^X\" $xlate $flavour \"$output\"" 48 or die "can't call $xlate: $!"; 47 49 } else { 48 open STDOUT,">$output";50 $output and open STDOUT,">$output"; 49 51 } 50 52 … … 52 54 #include "arm_arch.h" 53 55 54 .text55 56 #if defined(__thumb2__) 56 57 .syntax unified … … 81 82 82 83 $code.=<<___; 84 .rodata 83 85 .globl ecp_nistz256_precomputed 84 86 .type ecp_nistz256_precomputed,%object … … 105 107 $code.=<<___; 106 108 .size ecp_nistz256_precomputed,.-ecp_nistz256_precomputed 109 110 .text 107 111 .align 5 108 112 .LRR: @ 2^512 mod P precomputed for NIST P256 polynomial -
trunk/src/libs/openssl-3.0.1/crypto/ec/asm/ecp_nistz256-armv8.pl
r91772 r94082 2 2 # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 # Licensed under the OpenSSL license(the "License"). You may not use4 # Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 # this file except in compliance with the License. You can obtain a copy 6 6 # in the file LICENSE in the source distribution or at … … 32 32 # operation. Keep in mind that +400% means 5x improvement. 33 33 34 $flavour = shift; 35 while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} 34 # $output is the last argument if it looks like a file (it has an extension) 35 # $flavour is the first argument if it doesn't look like a file 36 $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; 37 $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; 36 38 37 39 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; … … 40 42 die "can't locate arm-xlate.pl"; 41 43 42 open OUT,"| \"$^X\" $xlate $flavour $output"; 44 open OUT,"| \"$^X\" $xlate $flavour \"$output\"" 45 or die "can't call $xlate: $!"; 43 46 *STDOUT=*OUT; 44 47 … … 1480 1483 //////////////////////////////////////////////////////////////////////// 1481 1484 // void ecp_nistz256_ord_sqr_mont(uint64_t res[4], uint64_t a[4], 1482 // int rep);1485 // uint64_t rep); 1483 1486 .globl ecp_nistz256_ord_sqr_mont 1484 1487 .type ecp_nistz256_ord_sqr_mont,%function … … 1646 1649 ldp x4,x5,[$inp] // X 1647 1650 ldp x6,x7,[$inp,#16] 1648 st r w4,[$out,#64*0-4]1651 stur w4,[$out,#64*0-4] 1649 1652 lsr x4,x4,#32 1650 1653 str w5,[$out,#64*1-4] … … 1662 1665 ldp x4,x5,[$inp,#32] // Y 1663 1666 ldp x6,x7,[$inp,#48] 1664 st r w4,[$out,#64*0-4]1667 stur w4,[$out,#64*0-4] 1665 1668 lsr x4,x4,#32 1666 1669 str w5,[$out,#64*1-4] … … 1678 1681 ldp x4,x5,[$inp,#64] // Z 1679 1682 ldp x6,x7,[$inp,#80] 1680 st r w4,[$out,#64*0-4]1683 stur w4,[$out,#64*0-4] 1681 1684 lsr x4,x4,#32 1682 1685 str w5,[$out,#64*1-4] -
trunk/src/libs/openssl-3.0.1/crypto/ec/asm/ecp_nistz256-ppc64.pl
r91772 r94082 2 2 # Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 # Licensed under the OpenSSL license(the "License"). You may not use4 # Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 # this file except in compliance with the License. You can obtain a copy 6 6 # in the file LICENSE in the source distribution or at … … 26 26 # POWER8 +220-340% 27 27 28 $flavour = shift; 29 while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} 28 # $output is the last argument if it looks like a file (it has an extension) 29 # $flavour is the first argument if it doesn't look like a file 30 $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; 31 $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; 30 32 31 33 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; … … 34 36 die "can't locate ppc-xlate.pl"; 35 37 36 open OUT,"| \"$^X\" $xlate $flavour $output"; 38 open OUT,"| \"$^X\" $xlate $flavour \"$output\"" 39 or die "can't call $xlate: $!"; 37 40 *STDOUT=*OUT; 38 41 … … 1920 1923 ################################################################################ 1921 1924 # void ecp_nistz256_ord_sqr_mont(uint64_t res[4], uint64_t a[4], 1922 # int rep);1925 # uint64_t rep); 1923 1926 .globl ecp_nistz256_ord_sqr_mont 1924 1927 .align 5 -
trunk/src/libs/openssl-3.0.1/crypto/ec/asm/ecp_nistz256-sparcv9.pl
r91772 r94082 1 1 #! /usr/bin/env perl 2 # Copyright 2015-202 0The OpenSSL Project Authors. All Rights Reserved.2 # Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 # Licensed under the OpenSSL license(the "License"). You may not use4 # Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 # this file except in compliance with the License. You can obtain a copy 6 6 # in the file LICENSE in the source distribution or at … … 32 32 # operation. Keep in mind that +200% means 3x improvement. 33 33 34 $output = pop; 35 open STDOUT,">$output"; 36 37 $code.=<<___; 38 #include "sparc_arch.h" 34 $output = pop and open STDOUT,">$output"; 35 36 $code.=<<___; 37 #ifndef __ASSEMBLER__ 38 # define __ASSEMBLER__ 1 39 #endif 40 #include "crypto/sparc_arch.h" 39 41 40 42 #define LOCALS (STACK_BIAS+STACK_FRAME) -
trunk/src/libs/openssl-3.0.1/crypto/ec/asm/ecp_nistz256-x86.pl
r91772 r94082 2 2 # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 # Licensed under the OpenSSL license(the "License"). You may not use4 # Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 # this file except in compliance with the License. You can obtain a copy 6 6 # in the file LICENSE in the source distribution or at … … 43 43 require "x86asm.pl"; 44 44 45 $output=pop; 46 open STDOUT,">$output"; 45 $output=pop and open STDOUT,">$output"; 47 46 48 47 &asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); -
trunk/src/libs/openssl-3.0.1/crypto/ec/asm/ecp_nistz256-x86_64.pl
r91772 r94082 4 4 # Copyright (c) 2015 CloudFlare, Inc. 5 5 # 6 # Licensed under the OpenSSL license(the "License"). You may not use6 # Licensed under the Apache License 2.0 (the "License"). You may not use 7 7 # this file except in compliance with the License. You can obtain a copy 8 8 # in the file LICENSE in the source distribution or at … … 41 41 # Keep in mind that +100% means 2x improvement. 42 42 43 $flavour = shift; 44 $output = shift; 45 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } 43 # $output is the last argument if it looks like a file (it has an extension) 44 # $flavour is the first argument if it doesn't look like a file 45 $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; 46 $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; 46 47 47 48 $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); … … 52 53 die "can't locate x86_64-xlate.pl"; 53 54 54 open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; 55 open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" 56 or die "can't call $xlate: $!"; 55 57 *STDOUT=*OUT; 56 58 … … 827 829 # uint64_t res[4], 828 830 # uint64_t a[4], 829 # int rep);831 # uint64_t rep); 830 832 831 833 .globl ecp_nistz256_ord_sqr_mont -
trunk/src/libs/openssl-3.0.1/crypto/ec/asm/x25519-ppc64.pl
r91772 r94082 2 2 # Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 # Licensed under the OpenSSL license(the "License"). You may not use4 # Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 # this file except in compliance with the License. You can obtain a copy 6 6 # in the file LICENSE in the source distribution or at … … 28 28 # from 12% to 30% improvement was measured... 29 29 30 $flavour = shift; 31 while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} 30 # $output is the last argument if it looks like a file (it has an extension) 31 # $flavour is the first argument if it doesn't look like a file 32 $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; 33 $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; 32 34 33 35 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; … … 36 38 die "can't locate ppc-xlate.pl"; 37 39 38 open OUT,"| \"$^X\" $xlate $flavour $output"; 40 open OUT,"| \"$^X\" $xlate $flavour \"$output\"" 41 or die "can't call $xlate: $!"; 39 42 *STDOUT=*OUT; 40 43 -
trunk/src/libs/openssl-3.0.1/crypto/ec/asm/x25519-x86_64.pl
r91772 r94082 2 2 # Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 # Licensed under the OpenSSL license(the "License"). You may not use4 # Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 # this file except in compliance with the License. You can obtain a copy 6 6 # in the file LICENSE in the source distribution or at … … 62 62 # 2^51 radix; 63 63 64 $flavour = shift; 65 $output = shift; 66 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } 64 # $output is the last argument if it looks like a file (it has an extension) 65 # $flavour is the first argument if it doesn't look like a file 66 $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; 67 $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; 67 68 68 69 $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); … … 73 74 die "can't locate x86_64-xlate.pl"; 74 75 75 open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; 76 open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" 77 or die "can't call $xlate: $!"; 76 78 *STDOUT=*OUT; 77 79 -
trunk/src/libs/openssl-3.0.1/crypto/ec/build.info
r91772 r94082 1 LIBS=../../libcrypto 2 SOURCE[../../libcrypto]=\ 3 ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \ 4 ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c \ 5 ec2_smpl.c ec_ameth.c ec_pmeth.c eck_prn.c \ 6 ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c \ 7 ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c ecdh_kdf.c \ 8 ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c ecx_meth.c \ 9 curve448/arch_32/f_impl.c curve448/f_generic.c curve448/scalar.c \ 1 $ECASM= 2 IF[{- !$disabled{asm} -}] 3 $ECASM_x86=ecp_nistz256.c ecp_nistz256-x86.s 4 $ECDEF_x86=ECP_NISTZ256_ASM 5 6 $ECASM_x86_64=ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s 7 $ECDEF_x86_64=ECP_NISTZ256_ASM X25519_ASM 8 9 $ECASM_ia64= 10 11 $ECASM_sparcv9=ecp_nistz256.c ecp_nistz256-sparcv9.S 12 $ECDEF_sparcv9=ECP_NISTZ256_ASM 13 14 $ECASM_sparcv8= 15 16 $ECASM_alpha= 17 18 $ECASM_mips32= 19 $ECASM_mips64= 20 21 $ECASM_s390x=ecp_s390x_nistp.c ecx_s390x.c 22 $ECDEF_s390x=S390X_EC_ASM 23 24 $ECASM_armv4=ecp_nistz256.c ecp_nistz256-armv4.S 25 $ECDEF_armv4=ECP_NISTZ256_ASM 26 $ECASM_aarch64=ecp_nistz256.c ecp_nistz256-armv8.S 27 $ECDEF_aarch64=ECP_NISTZ256_ASM 28 29 $ECASM_parisc11= 30 $ECASM_parisc20_64= 31 32 $ECASM_ppc32= 33 $ECASM_ppc64=ecp_nistz256.c ecp_ppc.c ecp_nistz256-ppc64.s x25519-ppc64.s 34 $ECDEF_ppc64=ECP_NISTZ256_ASM X25519_ASM 35 IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}] 36 $ECASM_ppc64=$ECASM_ppc64 ecp_nistp521-ppc64.s 37 $ECDEF_ppc64=$ECDEF_ppc64 ECP_NISTP521_ASM 38 INCLUDE[ecp_nistp521.o]=.. 39 ENDIF 40 41 $ECASM_c64xplus= 42 43 # Now that we have defined all the arch specific variables, use the 44 # appropriate one, and define the appropriate macros 45 IF[$ECASM_{- $target{asm_arch} -}] 46 $ECASM=$ECASM_{- $target{asm_arch} -} 47 $ECDEF=$ECDEF_{- $target{asm_arch} -} 48 ENDIF 49 ENDIF 50 51 $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \ 52 ec_curve.c ec_check.c ec_key.c ec_kmeth.c ecx_key.c ec_asn1.c \ 53 ec2_smpl.c \ 54 ecp_oct.c ec2_oct.c ec_oct.c ecdh_ossl.c \ 55 ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \ 56 curve448/f_generic.c curve448/scalar.c \ 10 57 curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \ 11 {- $target{ec_asm_src} -} 58 $ECASM ec_backend.c ecx_backend.c ecdh_kdf.c curve448/arch_64/f_impl64.c \ 59 curve448/arch_32/f_impl32.c 12 60 13 GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl \ 14 $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) 61 IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}] 62 $COMMON=$COMMON ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c 63 ENDIF 15 64 16 GENERATE[ecp_nistz256-x86_64.s]=asm/ecp_nistz256-x86_64.pl $(PERLASM_SCHEME) 65 SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c \ 66 ec_err.c eck_prn.c \ 67 ec_deprecated.c ec_print.c 68 SOURCE[../../providers/libfips.a]=$COMMON 17 69 18 GENERATE[ecp_nistz256-avx2.s]=asm/ecp_nistz256-avx2.pl $(PERLASM_SCHEME) 70 # Implementations are now spread across several libraries, so the defines 71 # need to be applied to all affected libraries and modules. 72 DEFINE[../../libcrypto]=$ECDEF 73 DEFINE[../../providers/libfips.a]=$ECDEF 19 74 20 GENERATE[ecp_nistz256-sparcv9.S]=asm/ecp_nistz256-sparcv9.pl $(PERLASM_SCHEME) 75 GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl 76 77 GENERATE[ecp_nistz256-x86_64.s]=asm/ecp_nistz256-x86_64.pl 78 79 GENERATE[ecp_nistz256-avx2.s]=asm/ecp_nistz256-avx2.pl 80 81 GENERATE[ecp_nistz256-sparcv9.S]=asm/ecp_nistz256-sparcv9.pl 21 82 INCLUDE[ecp_nistz256-sparcv9.o]=.. 22 83 23 GENERATE[ecp_nistz256-armv4.S]=asm/ecp_nistz256-armv4.pl $(PERLASM_SCHEME) 84 INCLUDE[ecp_s390x_nistp.o]=.. 85 INCLUDE[ecx_s390x.o]=.. 86 INCLUDE[ecx_meth.o]=.. 87 88 GENERATE[ecp_nistz256-armv4.S]=asm/ecp_nistz256-armv4.pl 24 89 INCLUDE[ecp_nistz256-armv4.o]=.. 25 GENERATE[ecp_nistz256-armv8.S]=asm/ecp_nistz256-armv8.pl $(PERLASM_SCHEME)90 GENERATE[ecp_nistz256-armv8.S]=asm/ecp_nistz256-armv8.pl 26 91 INCLUDE[ecp_nistz256-armv8.o]=.. 27 GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl $(PERLASM_SCHEME)92 GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl 28 93 29 GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl $(PERLASM_SCHEME) 30 GENERATE[x25519-ppc64.s]=asm/x25519-ppc64.pl $(PERLASM_SCHEME) 94 GENERATE[ecp_nistp521-ppc64.s]=asm/ecp_nistp521-ppc64.pl 31 95 32 BEGINRAW[Makefile] 33 {- $builddir -}/ecp_nistz256-%.S: {- $sourcedir -}/asm/ecp_nistz256-%.pl 34 CC="$(CC)" $(PERL) $< $(PERLASM_SCHEME) $@ 35 ENDRAW[Makefile] 36 37 INCLUDE[curve448/arch_32/f_impl.o]=curve448/arch_32 curve448 38 INCLUDE[curve448/f_generic.o]=curve448/arch_32 curve448 39 INCLUDE[curve448/scalar.o]=curve448/arch_32 curve448 40 INCLUDE[curve448/curve448_tables.o]=curve448/arch_32 curve448 41 INCLUDE[curve448/eddsa.o]=curve448/arch_32 curve448 42 INCLUDE[curve448/curve448.o]=curve448/arch_32 curve448 96 GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl 97 GENERATE[x25519-ppc64.s]=asm/x25519-ppc64.pl -
trunk/src/libs/openssl-3.0.1/crypto/ec/curve25519.c
r91772 r94082 1 1 /* 2 * Copyright 2016-20 19The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at … … 8 8 */ 9 9 10 /* 11 * ECDSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 15 10 16 #include <string.h> 17 #include "crypto/ecx.h" 11 18 #include "ec_local.h" 19 #include <openssl/evp.h> 12 20 #include <openssl/sha.h> 21 22 #include "internal/numbers.h" 13 23 14 24 #if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || \ … … 253 263 254 264 #if defined(X25519_ASM) \ 255 || ( (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16) \265 || ( defined(INT128_MAX) \ 256 266 && !defined(__sparc__) \ 257 267 && (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8)) \ … … 386 396 # else 387 397 388 typedef __uint128_t u128;398 typedef uint128_t u128; 389 399 390 400 static void fe51_mul(fe51 h, const fe51 f, const fe51 g) … … 5430 5440 } 5431 5441 5432 int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, 5433 const uint8_t public_key[32], const uint8_t private_key[32]) 5442 int 5443 ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, 5444 const uint8_t public_key[32], const uint8_t private_key[32], 5445 OSSL_LIB_CTX *libctx, const char *propq) 5434 5446 { 5435 5447 uint8_t az[SHA512_DIGEST_LENGTH]; … … 5437 5449 ge_p3 R; 5438 5450 uint8_t hram[SHA512_DIGEST_LENGTH]; 5439 SHA512_CTX hash_ctx; 5440 5441 SHA512_Init(&hash_ctx); 5442 SHA512_Update(&hash_ctx, private_key, 32); 5443 SHA512_Final(az, &hash_ctx); 5451 EVP_MD *sha512 = EVP_MD_fetch(libctx, SN_sha512, propq); 5452 EVP_MD_CTX *hash_ctx = EVP_MD_CTX_new(); 5453 unsigned int sz; 5454 int res = 0; 5455 5456 if (sha512 == NULL || hash_ctx == NULL) 5457 goto err; 5458 5459 if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL) 5460 || !EVP_DigestUpdate(hash_ctx, private_key, 32) 5461 || !EVP_DigestFinal_ex(hash_ctx, az, &sz)) 5462 goto err; 5444 5463 5445 5464 az[0] &= 248; … … 5447 5466 az[31] |= 64; 5448 5467 5449 SHA512_Init(&hash_ctx); 5450 SHA512_Update(&hash_ctx, az + 32, 32); 5451 SHA512_Update(&hash_ctx, message, message_len); 5452 SHA512_Final(nonce, &hash_ctx); 5468 if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL) 5469 || !EVP_DigestUpdate(hash_ctx, az + 32, 32) 5470 || !EVP_DigestUpdate(hash_ctx, message, message_len) 5471 || !EVP_DigestFinal_ex(hash_ctx, nonce, &sz)) 5472 goto err; 5453 5473 5454 5474 x25519_sc_reduce(nonce); … … 5456 5476 ge_p3_tobytes(out_sig, &R); 5457 5477 5458 SHA512_Init(&hash_ctx); 5459 SHA512_Update(&hash_ctx, out_sig, 32); 5460 SHA512_Update(&hash_ctx, public_key, 32); 5461 SHA512_Update(&hash_ctx, message, message_len); 5462 SHA512_Final(hram, &hash_ctx); 5478 if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL) 5479 || !EVP_DigestUpdate(hash_ctx, out_sig, 32) 5480 || !EVP_DigestUpdate(hash_ctx, public_key, 32) 5481 || !EVP_DigestUpdate(hash_ctx, message, message_len) 5482 || !EVP_DigestFinal_ex(hash_ctx, hram, &sz)) 5483 goto err; 5463 5484 5464 5485 x25519_sc_reduce(hram); 5465 5486 sc_muladd(out_sig + 32, hram, az, nonce); 5466 5487 5467 OPENSSL_cleanse(&hash_ctx, sizeof(hash_ctx)); 5488 res = 1; 5489 err: 5468 5490 OPENSSL_cleanse(nonce, sizeof(nonce)); 5469 5491 OPENSSL_cleanse(az, sizeof(az)); 5470 5471 return 1; 5492 EVP_MD_free(sha512); 5493 EVP_MD_CTX_free(hash_ctx); 5494 return res; 5472 5495 } 5473 5496 5474 5497 static const char allzeroes[15]; 5475 5498 5476 int ED25519_verify(const uint8_t *message, size_t message_len, 5477 const uint8_t signature[64], const uint8_t public_key[32]) 5499 int 5500 ossl_ed25519_verify(const uint8_t *message, size_t message_len, 5501 const uint8_t signature[64], const uint8_t public_key[32], 5502 OSSL_LIB_CTX *libctx, const char *propq) 5478 5503 { 5479 5504 int i; 5480 5505 ge_p3 A; 5481 5506 const uint8_t *r, *s; 5482 SHA512_CTX hash_ctx; 5507 EVP_MD *sha512; 5508 EVP_MD_CTX *hash_ctx = NULL; 5509 unsigned int sz; 5510 int res = 0; 5483 5511 ge_p2 R; 5484 5512 uint8_t rcheck[32]; … … 5527 5555 fe_neg(A.T, A.T); 5528 5556 5529 SHA512_Init(&hash_ctx); 5530 SHA512_Update(&hash_ctx, r, 32); 5531 SHA512_Update(&hash_ctx, public_key, 32); 5532 SHA512_Update(&hash_ctx, message, message_len); 5533 SHA512_Final(h, &hash_ctx); 5557 sha512 = EVP_MD_fetch(libctx, SN_sha512, propq); 5558 if (sha512 == NULL) 5559 return 0; 5560 hash_ctx = EVP_MD_CTX_new(); 5561 if (hash_ctx == NULL) 5562 goto err; 5563 5564 if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL) 5565 || !EVP_DigestUpdate(hash_ctx, r, 32) 5566 || !EVP_DigestUpdate(hash_ctx, public_key, 32) 5567 || !EVP_DigestUpdate(hash_ctx, message, message_len) 5568 || !EVP_DigestFinal_ex(hash_ctx, h, &sz)) 5569 goto err; 5534 5570 5535 5571 x25519_sc_reduce(h); … … 5539 5575 ge_tobytes(rcheck, &R); 5540 5576 5541 return CRYPTO_memcmp(rcheck, r, sizeof(rcheck)) == 0; 5542 } 5543 5544 void ED25519_public_from_private(uint8_t out_public_key[32], 5545 const uint8_t private_key[32]) 5577 res = CRYPTO_memcmp(rcheck, r, sizeof(rcheck)) == 0; 5578 err: 5579 EVP_MD_free(sha512); 5580 EVP_MD_CTX_free(hash_ctx); 5581 return res; 5582 } 5583 5584 int 5585 ossl_ed25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32], 5586 const uint8_t private_key[32], 5587 const char *propq) 5546 5588 { 5547 5589 uint8_t az[SHA512_DIGEST_LENGTH]; 5548 5590 ge_p3 A; 5549 5550 SHA512(private_key, 32, az); 5591 int r; 5592 EVP_MD *sha512 = NULL; 5593 5594 sha512 = EVP_MD_fetch(ctx, SN_sha512, propq); 5595 if (sha512 == NULL) 5596 return 0; 5597 r = EVP_Digest(private_key, 32, az, NULL, sha512, NULL); 5598 EVP_MD_free(sha512); 5599 if (!r) { 5600 OPENSSL_cleanse(az, sizeof(az)); 5601 return 0; 5602 } 5551 5603 5552 5604 az[0] &= 248; … … 5558 5610 5559 5611 OPENSSL_cleanse(az, sizeof(az)); 5560 } 5561 5562 int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], 5563 const uint8_t peer_public_value[32]) 5612 return 1; 5613 } 5614 5615 int 5616 ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32], 5617 const uint8_t peer_public_value[32]) 5564 5618 { 5565 5619 static const uint8_t kZeros[32] = {0}; … … 5569 5623 } 5570 5624 5571 void X25519_public_from_private(uint8_t out_public_value[32], 5625 void 5626 ossl_x25519_public_from_private(uint8_t out_public_value[32], 5572 5627 const uint8_t private_key[32]) 5573 5628 { -
trunk/src/libs/openssl-3.0.1/crypto/ec/curve448/arch_32/arch_intrinsics.h
r91772 r94082 3 3 * Copyright 2016 Cryptography Research, Inc. 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at -
trunk/src/libs/openssl-3.0.1/crypto/ec/curve448/arch_32/f_impl.h
r91772 r94082 3 3 * Copyright 2014-2016 Cryptography Research, Inc. 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at -
trunk/src/libs/openssl-3.0.1/crypto/ec/curve448/curve448.c
r91772 r94082 1 1 /* 2 * Copyright 2017-20 19The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright 2015-2016 Cryptography Research, Inc. 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 16 16 #include "point_448.h" 17 17 #include "ed448.h" 18 #include "crypto/ecx.h" 18 19 #include "curve448_local.h" 19 20 … … 55 56 56 57 /** identity = (0,1) */ 57 const curve448_point_t curve448_point_identity =58 const curve448_point_t ossl_curve448_point_identity = 58 59 { {{{{0}}}, {{{1}}}, {{{1}}}, {{{0}}}} }; 59 60 … … 82 83 } 83 84 84 void curve448_point_double(curve448_point_t p, const curve448_point_t q)85 void ossl_curve448_point_double(curve448_point_t p, const curve448_point_t q) 85 86 { 86 87 point_double_internal(p, q, 0); … … 184 185 } 185 186 186 c448_bool_t curve448_point_eq(const curve448_point_t p, 187 const curve448_point_t q) 187 c448_bool_t 188 ossl_curve448_point_eq(const curve448_point_t p, 189 const curve448_point_t q) 188 190 { 189 191 mask_t succ; … … 198 200 } 199 201 200 c448_bool_t curve448_point_valid(const curve448_point_t p) 202 c448_bool_t 203 ossl_curve448_point_valid(const curve448_point_t p) 201 204 { 202 205 mask_t out; … … 225 228 } 226 229 227 void curve448_precomputed_scalarmul(curve448_point_t out, 230 void 231 ossl_curve448_precomputed_scalarmul(curve448_point_t out, 228 232 const curve448_precomputed_s * table, 229 233 const curve448_scalar_t scalar) … … 234 238 curve448_scalar_t scalar1x; 235 239 236 curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment);237 curve448_scalar_halve(scalar1x, scalar1x);240 ossl_curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment); 241 ossl_curve448_scalar_halve(scalar1x, scalar1x); 238 242 239 243 for (i = s; i > 0; i--) { … … 272 276 } 273 277 274 void curve448_point_mul_by_ratio_and_encode_like_eddsa( 278 void 279 ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa( 275 280 uint8_t enc[EDDSA_448_PUBLIC_BYTES], 276 281 const curve448_point_t p) … … 316 321 OPENSSL_cleanse(z, sizeof(z)); 317 322 OPENSSL_cleanse(t, sizeof(t)); 318 curve448_point_destroy(q); 319 } 320 321 c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio( 323 ossl_curve448_point_destroy(q); 324 } 325 326 c448_error_t 327 ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio( 322 328 curve448_point_t p, 323 329 const uint8_t enc[EDDSA_448_PUBLIC_BYTES]) … … 372 378 373 379 OPENSSL_cleanse(enc2, sizeof(enc2)); 374 assert( curve448_point_valid(p) || ~succ);380 assert(ossl_curve448_point_valid(p) || ~succ); 375 381 376 382 return c448_succeed_if(mask_to_bool(succ)); 377 383 } 378 384 379 c448_error_t x448_int(uint8_t out[X_PUBLIC_BYTES], 380 const uint8_t base[X_PUBLIC_BYTES], 381 const uint8_t scalar[X_PRIVATE_BYTES]) 385 c448_error_t 386 ossl_x448_int(uint8_t out[X_PUBLIC_BYTES], 387 const uint8_t base[X_PUBLIC_BYTES], 388 const uint8_t scalar[X_PRIVATE_BYTES]) 382 389 { 383 390 gf x1, x2, z2, x3, z3, t1, t2; … … 456 463 } 457 464 458 void curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t 465 void 466 ossl_curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t 459 467 out[X_PUBLIC_BYTES], 460 468 const curve448_point_t p) … … 467 475 gf_sqr(q->y, q->z); /* (y/x)^2 */ 468 476 gf_serialize(out, q->y, 1); 469 curve448_point_destroy(q);470 } 471 472 void x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES],473 const uint8_t scalar[X_PRIVATE_BYTES])477 ossl_curve448_point_destroy(q); 478 } 479 480 void ossl_x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES], 481 const uint8_t scalar[X_PRIVATE_BYTES]) 474 482 { 475 483 /* Scalar conditioning */ … … 485 493 scalar2[X_PRIVATE_BYTES - 1] |= 1 << ((X_PRIVATE_BITS + 7) % 8); 486 494 487 curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2));495 ossl_curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2)); 488 496 489 497 /* Compensate for the encoding ratio */ 490 498 for (i = 1; i < X448_ENCODE_RATIO; i <<= 1) 491 curve448_scalar_halve(the_scalar, the_scalar); 492 493 curve448_precomputed_scalarmul(p, curve448_precomputed_base, the_scalar); 494 curve448_point_mul_by_ratio_and_encode_like_x448(out, p); 495 curve448_point_destroy(p); 499 ossl_curve448_scalar_halve(the_scalar, the_scalar); 500 501 ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base, 502 the_scalar); 503 ossl_curve448_point_mul_by_ratio_and_encode_like_x448(out, p); 504 ossl_curve448_point_destroy(p); 496 505 } 497 506 … … 502 511 503 512 #if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 3)) 504 # define NUMTRAILINGZEROS 513 # define NUMTRAILINGZEROS __builtin_ctz 505 514 #else 506 # define NUMTRAILINGZEROS 515 # define NUMTRAILINGZEROS numtrailingzeros 507 516 static uint32_t numtrailingzeros(uint32_t i) 508 517 { … … 610 619 return; 611 620 612 curve448_point_double(tmp, working);621 ossl_curve448_point_double(tmp, working); 613 622 pt_to_pniels(twop, tmp); 614 623 … … 621 630 } 622 631 623 curve448_point_destroy(tmp);632 ossl_curve448_point_destroy(tmp); 624 633 OPENSSL_cleanse(twop, sizeof(twop)); 625 634 } 626 635 627 void curve448_base_double_scalarmul_non_secret(curve448_point_t combo, 636 void 637 ossl_curve448_base_double_scalarmul_non_secret(curve448_point_t combo, 628 638 const curve448_scalar_t scalar1, 629 639 const curve448_point_t base2, … … 645 655 646 656 if (i < 0) { 647 curve448_point_copy(combo, curve448_point_identity);657 curve448_point_copy(combo, ossl_curve448_point_identity); 648 658 return; 649 659 } … … 653 663 } else if (i == control_pre[0].power && i >= 0) { 654 664 pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]); 655 add_niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1], 665 add_niels_to_pt(combo, 666 ossl_curve448_wnaf_base[control_pre[0].addend >> 1], 656 667 i); 657 668 contv++; … … 659 670 } else { 660 671 i = control_pre[0].power; 661 niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1]);672 niels_to_pt(combo, ossl_curve448_wnaf_base[control_pre[0].addend >> 1]); 662 673 contp++; 663 674 } … … 688 699 if (control_pre[contp].addend > 0) 689 700 add_niels_to_pt(combo, 690 curve448_wnaf_base[control_pre[contp].addend701 ossl_curve448_wnaf_base[control_pre[contp].addend 691 702 >> 1], i); 692 703 else 693 704 sub_niels_from_pt(combo, 694 curve448_wnaf_base[(-control_pre705 ossl_curve448_wnaf_base[(-control_pre 695 706 [contp].addend) >> 1], i); 696 707 contp++; … … 709 720 } 710 721 711 void curve448_point_destroy(curve448_point_t point)722 void ossl_curve448_point_destroy(curve448_point_t point) 712 723 { 713 724 OPENSSL_cleanse(point, sizeof(curve448_point_t)); 714 725 } 715 726 716 int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],717 const uint8_t peer_public_value[56])718 { 719 return x448_int(out_shared_key, peer_public_value, private_key)727 int ossl_x448(uint8_t out_shared_key[56], const uint8_t private_key[56], 728 const uint8_t peer_public_value[56]) 729 { 730 return ossl_x448_int(out_shared_key, peer_public_value, private_key) 720 731 == C448_SUCCESS; 721 732 } 722 733 723 void X448_public_from_private(uint8_t out_public_value[56],724 const uint8_t private_key[56])725 { 726 x448_derive_public_key(out_public_value, private_key);727 } 734 void ossl_x448_public_from_private(uint8_t out_public_value[56], 735 const uint8_t private_key[56]) 736 { 737 ossl_x448_derive_public_key(out_public_value, private_key); 738 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/curve448/curve448_local.h
r91772 r94082 1 1 /* 2 * Copyright 2017-20 18The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at … … 11 11 # include "curve448utils.h" 12 12 13 int X448(uint8_t out_shared_key[56], const uint8_t private_key[56], 14 const uint8_t peer_public_value[56]); 13 int 14 ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64], 15 const uint8_t public_key[57], const uint8_t private_key[57], 16 const uint8_t *context, size_t context_len, const char *propq); 15 17 16 void X448_public_from_private(uint8_t out_public_value[56], 17 const uint8_t private_key[56]); 18 19 int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, 20 const uint8_t public_key[57], const uint8_t private_key[57], 21 const uint8_t *context, size_t context_len); 22 23 int ED448_verify(const uint8_t *message, size_t message_len, 24 const uint8_t signature[114], const uint8_t public_key[57], 25 const uint8_t *context, size_t context_len); 26 27 int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64], 28 const uint8_t public_key[57], const uint8_t private_key[57], 29 const uint8_t *context, size_t context_len); 30 31 int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114], 32 const uint8_t public_key[57], const uint8_t *context, 33 size_t context_len); 34 35 int ED448_public_from_private(uint8_t out_public_key[57], 36 const uint8_t private_key[57]); 18 int 19 ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64], 20 const uint8_t signature[114], const uint8_t public_key[57], 21 const uint8_t *context, size_t context_len, 22 const char *propq); 37 23 38 24 #endif /* OSSL_CRYPTO_EC_CURVE448_LOCAL_H */ -
trunk/src/libs/openssl-3.0.1/crypto/ec/curve448/curve448_tables.c
r91772 r94082 1 1 /* 2 * Copyright 2017-20 19The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright 2015-2016 Cryptography Research, Inc. 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 1059 1059 } 1060 1060 }; 1061 const struct curve448_precomputed_s * curve448_precomputed_base1061 const struct curve448_precomputed_s *ossl_curve448_precomputed_base 1062 1062 = &curve448_precomputed_base_table; 1063 1063 … … 1481 1481 }} 1482 1482 }; 1483 const niels_t * curve448_wnaf_base = curve448_wnaf_base_table;1483 const niels_t *ossl_curve448_wnaf_base = curve448_wnaf_base_table; -
trunk/src/libs/openssl-3.0.1/crypto/ec/curve448/curve448utils.h
r91772 r94082 1 1 /* 2 * Copyright 2017-20 19The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright 2015 Cryptography Research, Inc. 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 15 15 16 16 # include <openssl/e_os2.h> 17 18 # include "internal/numbers.h" 17 19 18 20 /* … … 42 44 typedef uint64_t c448_bool_t; 43 45 /* Double-word size for internal computations */ 44 typedef __uint128_t c448_dword_t;46 typedef uint128_t c448_dword_t; 45 47 /* Signed double-word size for internal computations */ 46 typedef __int128_t c448_dsword_t;48 typedef int128_t c448_dsword_t; 47 49 # elif C448_WORD_BITS == 32 48 50 /* Word size for internal computations */ -
trunk/src/libs/openssl-3.0.1/crypto/ec/curve448/ed448.h
r91772 r94082 1 1 /* 2 * Copyright 2017-20 18The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright 2015-2016 Cryptography Research, Inc. 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 38 38 * privkey (in): The private key. 39 39 */ 40 c448_error_t c448_ed448_derive_public_key( 41 uint8_t pubkey [EDDSA_448_PUBLIC_BYTES], 42 const uint8_t privkey [EDDSA_448_PRIVATE_BYTES]); 40 c448_error_t 41 ossl_c448_ed448_derive_public_key( 42 OSSL_LIB_CTX *ctx, 43 uint8_t pubkey [EDDSA_448_PUBLIC_BYTES], 44 const uint8_t privkey [EDDSA_448_PRIVATE_BYTES], 45 const char *propq); 43 46 44 47 /* … … 59 62 * disambiguation. For Ed448 it is safe. 60 63 */ 61 c448_error_t c448_ed448_sign( 62 uint8_t signature[EDDSA_448_SIGNATURE_BYTES], 63 const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], 64 const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], 65 const uint8_t *message, size_t message_len, 66 uint8_t prehashed, const uint8_t *context, 67 size_t context_len); 64 c448_error_t 65 ossl_c448_ed448_sign(OSSL_LIB_CTX *ctx, 66 uint8_t signature[EDDSA_448_SIGNATURE_BYTES], 67 const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], 68 const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], 69 const uint8_t *message, size_t message_len, 70 uint8_t prehashed, const uint8_t *context, 71 size_t context_len, 72 const char *propq); 68 73 69 74 /* … … 83 88 * disambiguation. For Ed448 it is safe. 84 89 */ 85 c448_error_t c448_ed448_sign_prehash( 86 uint8_t signature[EDDSA_448_SIGNATURE_BYTES], 87 const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], 88 const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], 89 const uint8_t hash[64], 90 const uint8_t *context, 91 size_t context_len); 90 c448_error_t 91 ossl_c448_ed448_sign_prehash(OSSL_LIB_CTX *ctx, 92 uint8_t signature[EDDSA_448_SIGNATURE_BYTES], 93 const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], 94 const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], 95 const uint8_t hash[64], 96 const uint8_t *context, 97 size_t context_len, 98 const char *propq); 92 99 93 100 /* … … 109 116 * disambiguation. For Ed448 it is safe. 110 117 */ 111 c448_error_t c448_ed448_verify(const uint8_t 112 signature[EDDSA_448_SIGNATURE_BYTES], 113 const uint8_t 114 pubkey[EDDSA_448_PUBLIC_BYTES], 115 const uint8_t *message, size_t message_len, 116 uint8_t prehashed, const uint8_t *context, 117 uint8_t context_len); 118 c448_error_t 119 ossl_c448_ed448_verify(OSSL_LIB_CTX *ctx, 120 const uint8_t 121 signature[EDDSA_448_SIGNATURE_BYTES], 122 const uint8_t 123 pubkey[EDDSA_448_PUBLIC_BYTES], 124 const uint8_t *message, size_t message_len, 125 uint8_t prehashed, const uint8_t *context, 126 uint8_t context_len, 127 const char *propq); 118 128 119 129 /* … … 134 144 * disambiguation. For Ed448 it is safe. 135 145 */ 136 c448_error_t c448_ed448_verify_prehash( 137 const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], 138 const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], 139 const uint8_t hash[64], 140 const uint8_t *context, 141 uint8_t context_len); 146 c448_error_t 147 ossl_c448_ed448_verify_prehash( 148 OSSL_LIB_CTX *ctx, 149 const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], 150 const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], 151 const uint8_t hash[64], 152 const uint8_t *context, 153 uint8_t context_len, 154 const char *propq); 142 155 143 156 /* … … 164 177 * p (in): The point. 165 178 */ 166 void curve448_point_mul_by_ratio_and_encode_like_eddsa( 179 void 180 ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa( 167 181 uint8_t enc [EDDSA_448_PUBLIC_BYTES], 168 182 const curve448_point_t p); … … 177 191 * p (in): The point. 178 192 */ 179 c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio( 193 c448_error_t 194 ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio( 180 195 curve448_point_t p, 181 196 const uint8_t enc[EDDSA_448_PUBLIC_BYTES]); … … 189 204 * ed (in): The EdDSA private key 190 205 */ 191 c448_error_t c448_ed448_convert_private_key_to_x448( 192 uint8_t x[X448_PRIVATE_BYTES], 193 const uint8_t ed[EDDSA_448_PRIVATE_BYTES]); 206 c448_error_t 207 ossl_c448_ed448_convert_private_key_to_x448( 208 OSSL_LIB_CTX *ctx, 209 uint8_t x[X448_PRIVATE_BYTES], 210 const uint8_t ed[EDDSA_448_PRIVATE_BYTES], 211 const char *propq); 194 212 195 213 #endif /* OSSL_CRYPTO_EC_CURVE448_ED448_H */ -
trunk/src/libs/openssl-3.0.1/crypto/ec/curve448/eddsa.c
r91772 r94082 1 1 /* 2 * Copyright 2017-202 0The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright 2015-2016 Cryptography Research, Inc. 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 13 13 #include <openssl/crypto.h> 14 14 #include <openssl/evp.h> 15 #include "crypto/ecx.h" 15 16 #include "curve448_local.h" 16 17 #include "word.h" … … 20 21 #define COFACTOR 4 21 22 22 static c448_error_t oneshot_hash(uint8_t *out, size_t outlen, 23 const uint8_t *in, size_t inlen) 23 static c448_error_t oneshot_hash(OSSL_LIB_CTX *ctx, uint8_t *out, size_t outlen, 24 const uint8_t *in, size_t inlen, 25 const char *propq) 24 26 { 25 27 EVP_MD_CTX *hashctx = EVP_MD_CTX_new(); 28 EVP_MD *shake256 = NULL; 29 c448_error_t ret = C448_FAILURE; 26 30 27 31 if (hashctx == NULL) 28 32 return C448_FAILURE; 29 33 30 if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL) 34 shake256 = EVP_MD_fetch(ctx, "SHAKE256", propq); 35 if (shake256 == NULL) 36 goto err; 37 38 if (!EVP_DigestInit_ex(hashctx, shake256, NULL) 31 39 || !EVP_DigestUpdate(hashctx, in, inlen) 32 || !EVP_DigestFinalXOF(hashctx, out, outlen)) {33 EVP_MD_CTX_free(hashctx);34 return C448_FAILURE; 35 }36 40 || !EVP_DigestFinalXOF(hashctx, out, outlen)) 41 goto err; 42 43 ret = C448_SUCCESS; 44 err: 37 45 EVP_MD_CTX_free(hashctx); 38 return C448_SUCCESS; 46 EVP_MD_free(shake256); 47 return ret; 39 48 } 40 49 … … 46 55 } 47 56 48 static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed, 57 static c448_error_t hash_init_with_dom(OSSL_LIB_CTX *ctx, EVP_MD_CTX *hashctx, 58 uint8_t prehashed, 49 59 uint8_t for_prehash, 50 60 const uint8_t *context, 51 size_t context_len) 61 size_t context_len, 62 const char *propq) 52 63 { 53 64 #ifdef CHARSET_EBCDIC … … 58 69 #endif 59 70 uint8_t dom[2]; 71 EVP_MD *shake256 = NULL; 60 72 61 73 if (context_len > UINT8_MAX) … … 66 78 dom[1] = (uint8_t)context_len; 67 79 68 if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL) 80 shake256 = EVP_MD_fetch(ctx, "SHAKE256", propq); 81 if (shake256 == NULL) 82 return C448_FAILURE; 83 84 if (!EVP_DigestInit_ex(hashctx, shake256, NULL) 69 85 || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s)) 70 86 || !EVP_DigestUpdate(hashctx, dom, sizeof(dom)) 71 || !EVP_DigestUpdate(hashctx, context, context_len)) 72 return C448_FAILURE; 73 87 || !EVP_DigestUpdate(hashctx, context, context_len)) { 88 EVP_MD_free(shake256); 89 return C448_FAILURE; 90 } 91 92 EVP_MD_free(shake256); 74 93 return C448_SUCCESS; 75 94 } 76 95 77 96 /* In this file because it uses the hash */ 78 c448_error_t c448_ed448_convert_private_key_to_x448( 97 c448_error_t 98 ossl_c448_ed448_convert_private_key_to_x448( 99 OSSL_LIB_CTX *ctx, 79 100 uint8_t x[X448_PRIVATE_BYTES], 80 const uint8_t ed [EDDSA_448_PRIVATE_BYTES]) 101 const uint8_t ed [EDDSA_448_PRIVATE_BYTES], 102 const char *propq) 81 103 { 82 104 /* pass the private key through oneshot_hash function */ 83 105 /* and keep the first X448_PRIVATE_BYTES bytes */ 84 return oneshot_hash(x, X448_PRIVATE_BYTES, ed, 85 EDDSA_448_PRIVATE_BYTES); 86 } 87 88 c448_error_t c448_ed448_derive_public_key( 106 return oneshot_hash(ctx, x, X448_PRIVATE_BYTES, ed, 107 EDDSA_448_PRIVATE_BYTES, propq); 108 } 109 110 c448_error_t 111 ossl_c448_ed448_derive_public_key( 112 OSSL_LIB_CTX *ctx, 89 113 uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], 90 const uint8_t privkey[EDDSA_448_PRIVATE_BYTES]) 114 const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], 115 const char *propq) 91 116 { 92 117 /* only this much used for keygen */ … … 96 121 curve448_point_t p; 97 122 98 if (!oneshot_hash(secret_scalar_ser, sizeof(secret_scalar_ser), privkey, 99 EDDSA_448_PRIVATE_BYTES)) 123 if (!oneshot_hash(ctx, secret_scalar_ser, sizeof(secret_scalar_ser), 124 privkey, 125 EDDSA_448_PRIVATE_BYTES, 126 propq)) 100 127 return C448_FAILURE; 101 128 102 129 clamp(secret_scalar_ser); 103 130 104 curve448_scalar_decode_long(secret_scalar, secret_scalar_ser,105 sizeof(secret_scalar_ser));131 ossl_curve448_scalar_decode_long(secret_scalar, secret_scalar_ser, 132 sizeof(secret_scalar_ser)); 106 133 107 134 /* … … 114 141 */ 115 142 for (c = 1; c < C448_EDDSA_ENCODE_RATIO; c <<= 1) 116 curve448_scalar_halve(secret_scalar, secret_scalar); 117 118 curve448_precomputed_scalarmul(p, curve448_precomputed_base, secret_scalar); 119 120 curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p); 143 ossl_curve448_scalar_halve(secret_scalar, secret_scalar); 144 145 ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base, 146 secret_scalar); 147 148 ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p); 121 149 122 150 /* Cleanup */ 123 curve448_scalar_destroy(secret_scalar);124 curve448_point_destroy(p);151 ossl_curve448_scalar_destroy(secret_scalar); 152 ossl_curve448_point_destroy(p); 125 153 OPENSSL_cleanse(secret_scalar_ser, sizeof(secret_scalar_ser)); 126 154 … … 128 156 } 129 157 130 c448_error_t c448_ed448_sign( 131 uint8_t signature[EDDSA_448_SIGNATURE_BYTES], 132 const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], 133 const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], 134 const uint8_t *message, size_t message_len, 135 uint8_t prehashed, const uint8_t *context, 136 size_t context_len) 158 c448_error_t 159 ossl_c448_ed448_sign(OSSL_LIB_CTX *ctx, 160 uint8_t signature[EDDSA_448_SIGNATURE_BYTES], 161 const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], 162 const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], 163 const uint8_t *message, size_t message_len, 164 uint8_t prehashed, const uint8_t *context, 165 size_t context_len, const char *propq) 137 166 { 138 167 curve448_scalar_t secret_scalar; … … 149 178 { 150 179 /* 151 * Schedule the secret key, First EDDSA_448_PRIVATE_BYTES is seriali sed180 * Schedule the secret key, First EDDSA_448_PRIVATE_BYTES is serialized 152 181 * secret scalar,next EDDSA_448_PRIVATE_BYTES bytes is the seed. 153 182 */ 154 183 uint8_t expanded[EDDSA_448_PRIVATE_BYTES * 2]; 155 184 156 if (!oneshot_hash( expanded, sizeof(expanded), privkey,157 EDDSA_448_PRIVATE_BYTES ))185 if (!oneshot_hash(ctx, expanded, sizeof(expanded), privkey, 186 EDDSA_448_PRIVATE_BYTES, propq)) 158 187 goto err; 159 188 clamp(expanded); 160 curve448_scalar_decode_long(secret_scalar, expanded,161 EDDSA_448_PRIVATE_BYTES);189 ossl_curve448_scalar_decode_long(secret_scalar, expanded, 190 EDDSA_448_PRIVATE_BYTES); 162 191 163 192 /* Hash to create the nonce */ 164 if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len) 193 if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context, 194 context_len, propq) 165 195 || !EVP_DigestUpdate(hashctx, 166 196 expanded + EDDSA_448_PRIVATE_BYTES, … … 179 209 if (!EVP_DigestFinalXOF(hashctx, nonce, sizeof(nonce))) 180 210 goto err; 181 curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce));211 ossl_curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce)); 182 212 OPENSSL_cleanse(nonce, sizeof(nonce)); 183 213 } … … 188 218 curve448_point_t p; 189 219 190 curve448_scalar_halve(nonce_scalar_2, nonce_scalar);220 ossl_curve448_scalar_halve(nonce_scalar_2, nonce_scalar); 191 221 for (c = 2; c < C448_EDDSA_ENCODE_RATIO; c <<= 1) 192 curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2);193 194 curve448_precomputed_scalarmul(p,curve448_precomputed_base,195 nonce_scalar_2);196 curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p);197 curve448_point_destroy(p);198 curve448_scalar_destroy(nonce_scalar_2);222 ossl_curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2); 223 224 ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base, 225 nonce_scalar_2); 226 ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p); 227 ossl_curve448_point_destroy(p); 228 ossl_curve448_scalar_destroy(nonce_scalar_2); 199 229 } 200 230 … … 203 233 204 234 /* Compute the challenge */ 205 if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len) 235 if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context, context_len, 236 propq) 206 237 || !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point)) 207 238 || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES) … … 210 241 goto err; 211 242 212 curve448_scalar_decode_long(challenge_scalar, challenge,213 sizeof(challenge));243 ossl_curve448_scalar_decode_long(challenge_scalar, challenge, 244 sizeof(challenge)); 214 245 OPENSSL_cleanse(challenge, sizeof(challenge)); 215 246 } 216 247 217 curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar);218 curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar);248 ossl_curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar); 249 ossl_curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar); 219 250 220 251 OPENSSL_cleanse(signature, EDDSA_448_SIGNATURE_BYTES); 221 252 memcpy(signature, nonce_point, sizeof(nonce_point)); 222 curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES],223 challenge_scalar);224 225 curve448_scalar_destroy(secret_scalar);226 curve448_scalar_destroy(nonce_scalar);227 curve448_scalar_destroy(challenge_scalar);253 ossl_curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES], 254 challenge_scalar); 255 256 ossl_curve448_scalar_destroy(secret_scalar); 257 ossl_curve448_scalar_destroy(nonce_scalar); 258 ossl_curve448_scalar_destroy(challenge_scalar); 228 259 229 260 ret = C448_SUCCESS; … … 233 264 } 234 265 235 c448_error_t c448_ed448_sign_prehash( 266 c448_error_t 267 ossl_c448_ed448_sign_prehash( 268 OSSL_LIB_CTX *ctx, 236 269 uint8_t signature[EDDSA_448_SIGNATURE_BYTES], 237 270 const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], 238 271 const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], 239 272 const uint8_t hash[64], const uint8_t *context, 240 size_t context_len) 241 { 242 return c448_ed448_sign(signature, privkey, pubkey, hash, 64, 1, context, 243 context_len); 244 } 245 246 c448_error_t c448_ed448_verify( 273 size_t context_len, const char *propq) 274 { 275 return ossl_c448_ed448_sign(ctx, signature, privkey, pubkey, hash, 64, 1, 276 context, context_len, propq); 277 } 278 279 c448_error_t 280 ossl_c448_ed448_verify( 281 OSSL_LIB_CTX *ctx, 247 282 const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], 248 283 const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], 249 284 const uint8_t *message, size_t message_len, 250 285 uint8_t prehashed, const uint8_t *context, 251 uint8_t context_len )286 uint8_t context_len, const char *propq) 252 287 { 253 288 curve448_point_t pk_point, r_point; … … 281 316 282 317 error = 283 curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey);318 ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey); 284 319 285 320 if (C448_SUCCESS != error) … … 287 322 288 323 error = 289 curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature);324 ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature); 290 325 if (C448_SUCCESS != error) 291 326 return error; … … 297 332 298 333 if (hashctx == NULL 299 || !hash_init_with_dom( hashctx, prehashed, 0, context,300 context_len )334 || !hash_init_with_dom(ctx, hashctx, prehashed, 0, context, 335 context_len, propq) 301 336 || !EVP_DigestUpdate(hashctx, signature, EDDSA_448_PUBLIC_BYTES) 302 337 || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES) … … 308 343 309 344 EVP_MD_CTX_free(hashctx); 310 curve448_scalar_decode_long(challenge_scalar, challenge,311 sizeof(challenge));345 ossl_curve448_scalar_decode_long(challenge_scalar, challenge, 346 sizeof(challenge)); 312 347 OPENSSL_cleanse(challenge, sizeof(challenge)); 313 348 } 314 curve448_scalar_sub(challenge_scalar,curve448_scalar_zero,315 challenge_scalar);316 317 curve448_scalar_decode_long(response_scalar,318 &signature[EDDSA_448_PUBLIC_BYTES],319 EDDSA_448_PRIVATE_BYTES);349 ossl_curve448_scalar_sub(challenge_scalar, ossl_curve448_scalar_zero, 350 challenge_scalar); 351 352 ossl_curve448_scalar_decode_long(response_scalar, 353 &signature[EDDSA_448_PUBLIC_BYTES], 354 EDDSA_448_PRIVATE_BYTES); 320 355 321 356 /* pk_point = -c(x(P)) + (cx + k)G = kG */ 322 curve448_base_double_scalarmul_non_secret(pk_point, 323 response_scalar, 324 pk_point, challenge_scalar); 325 return c448_succeed_if(curve448_point_eq(pk_point, r_point)); 326 } 327 328 c448_error_t c448_ed448_verify_prehash( 357 ossl_curve448_base_double_scalarmul_non_secret(pk_point, 358 response_scalar, 359 pk_point, challenge_scalar); 360 return c448_succeed_if(ossl_curve448_point_eq(pk_point, r_point)); 361 } 362 363 c448_error_t 364 ossl_c448_ed448_verify_prehash( 365 OSSL_LIB_CTX *ctx, 329 366 const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], 330 367 const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], 331 368 const uint8_t hash[64], const uint8_t *context, 332 uint8_t context_len) 333 { 334 return c448_ed448_verify(signature, pubkey, hash, 64, 1, context, 335 context_len); 336 } 337 338 int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, 339 const uint8_t public_key[57], const uint8_t private_key[57], 340 const uint8_t *context, size_t context_len) 341 { 342 return c448_ed448_sign(out_sig, private_key, public_key, message, 343 message_len, 0, context, context_len) 344 == C448_SUCCESS; 345 } 346 347 int ED448_verify(const uint8_t *message, size_t message_len, 348 const uint8_t signature[114], const uint8_t public_key[57], 349 const uint8_t *context, size_t context_len) 350 { 351 return c448_ed448_verify(signature, public_key, message, message_len, 0, 352 context, (uint8_t)context_len) == C448_SUCCESS; 353 } 354 355 int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64], 356 const uint8_t public_key[57], const uint8_t private_key[57], 357 const uint8_t *context, size_t context_len) 358 { 359 return c448_ed448_sign_prehash(out_sig, private_key, public_key, hash, 360 context, context_len) == C448_SUCCESS; 361 362 } 363 364 int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114], 365 const uint8_t public_key[57], const uint8_t *context, 366 size_t context_len) 367 { 368 return c448_ed448_verify_prehash(signature, public_key, hash, context, 369 (uint8_t)context_len) == C448_SUCCESS; 370 } 371 372 int ED448_public_from_private(uint8_t out_public_key[57], 373 const uint8_t private_key[57]) 374 { 375 return c448_ed448_derive_public_key(out_public_key, private_key) 376 == C448_SUCCESS; 377 } 369 uint8_t context_len, const char *propq) 370 { 371 return ossl_c448_ed448_verify(ctx, signature, pubkey, hash, 64, 1, context, 372 context_len, propq); 373 } 374 375 int 376 ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message, 377 size_t message_len, const uint8_t public_key[57], 378 const uint8_t private_key[57], const uint8_t *context, 379 size_t context_len, const char *propq) 380 { 381 return ossl_c448_ed448_sign(ctx, out_sig, private_key, public_key, message, 382 message_len, 0, context, context_len, 383 propq) == C448_SUCCESS; 384 } 385 386 int 387 ossl_ed448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len, 388 const uint8_t signature[114], const uint8_t public_key[57], 389 const uint8_t *context, size_t context_len, const char *propq) 390 { 391 return ossl_c448_ed448_verify(ctx, signature, public_key, message, 392 message_len, 0, context, (uint8_t)context_len, 393 propq) == C448_SUCCESS; 394 } 395 396 int 397 ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64], 398 const uint8_t public_key[57], const uint8_t private_key[57], 399 const uint8_t *context, size_t context_len, const char *propq) 400 { 401 return ossl_c448_ed448_sign_prehash(ctx, out_sig, private_key, public_key, 402 hash, context, context_len, 403 propq) == C448_SUCCESS; 404 } 405 406 int 407 ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64], 408 const uint8_t signature[114], const uint8_t public_key[57], 409 const uint8_t *context, size_t context_len, 410 const char *propq) 411 { 412 return ossl_c448_ed448_verify_prehash(ctx, signature, public_key, hash, 413 context, (uint8_t)context_len, 414 propq) == C448_SUCCESS; 415 } 416 417 int 418 ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57], 419 const uint8_t private_key[57], const char *propq) 420 { 421 return ossl_c448_ed448_derive_public_key(ctx, out_public_key, private_key, 422 propq) == C448_SUCCESS; 423 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/curve448/f_generic.c
r91772 r94082 1 1 /* 2 * Copyright 2017-20 19The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright 2015-2016 Cryptography Research, Inc. 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 19 19 20 20 /* Serialize to wire format. */ 21 void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_hibit)21 void gf_serialize(uint8_t *serial, const gf x, int with_hibit) 22 22 { 23 23 unsigned int j = 0, fill = 0; -
trunk/src/libs/openssl-3.0.1/crypto/ec/curve448/field.h
r91772 r94082 1 1 /* 2 * Copyright 2017-20 18The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright 2014 Cryptography Research, Inc. 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 67 67 uint8_t hi_nmask); 68 68 69 # include "f_impl.h" /* Bring in the inline implementations */70 69 71 70 # define LIMBPERM(i) (i) 72 # define LIMB_MASK(i) (((1)<<LIMB_PLACE_VALUE(i))-1) 71 # if (ARCH_WORD_BITS == 32) 72 # include "arch_32/f_impl.h" /* Bring in the inline implementations */ 73 # define LIMB_MASK(i) (((1)<<LIMB_PLACE_VALUE(i))-1) 74 # elif (ARCH_WORD_BITS == 64) 75 # include "arch_64/f_impl.h" /* Bring in the inline implementations */ 76 # define LIMB_MASK(i) (((1ULL)<<LIMB_PLACE_VALUE(i))-1) 77 # endif 73 78 74 79 static const gf ZERO = {{{0}}}, ONE = {{{1}}}; -
trunk/src/libs/openssl-3.0.1/crypto/ec/curve448/point_448.h
r91772 r94082 1 1 /* 2 * Copyright 2017-20 19The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright 2015-2016 Cryptography Research, Inc. 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 70 70 71 71 /* A scalar equal to 1. */ 72 extern const curve448_scalar_t curve448_scalar_one;72 extern const curve448_scalar_t ossl_curve448_scalar_one; 73 73 74 74 /* A scalar equal to 0. */ 75 extern const curve448_scalar_t curve448_scalar_zero;75 extern const curve448_scalar_t ossl_curve448_scalar_zero; 76 76 77 77 /* The identity point on the curve. */ 78 extern const curve448_point_t curve448_point_identity;78 extern const curve448_point_t ossl_curve448_point_identity; 79 79 80 80 /* Precomputed table for the base point on the curve. */ 81 extern const struct curve448_precomputed_s * curve448_precomputed_base;82 extern const niels_t * curve448_wnaf_base;81 extern const struct curve448_precomputed_s *ossl_curve448_precomputed_base; 82 extern const niels_t *ossl_curve448_wnaf_base; 83 83 84 84 /* … … 93 93 * modulo that modulus. 94 94 */ 95 c448_error_t curve448_scalar_decode(curve448_scalar_t out, 96 const unsigned char ser[C448_SCALAR_BYTES]); 95 c448_error_t 96 ossl_curve448_scalar_decode(curve448_scalar_t out, 97 const unsigned char ser[C448_SCALAR_BYTES]); 97 98 98 99 /* … … 103 104 * out (out): Deserialized form. 104 105 */ 105 void curve448_scalar_decode_long(curve448_scalar_t out, 106 void 107 ossl_curve448_scalar_decode_long(curve448_scalar_t out, 106 108 const unsigned char *ser, size_t ser_len); 107 109 … … 112 114 * s (in): Deserialized scalar. 113 115 */ 114 void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], 116 void 117 ossl_curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], 115 118 const curve448_scalar_t s); 116 119 … … 122 125 * out (out): a+b. 123 126 */ 124 void curve448_scalar_add(curve448_scalar_t out, 127 void 128 ossl_curve448_scalar_add(curve448_scalar_t out, 125 129 const curve448_scalar_t a, const curve448_scalar_t b); 126 130 … … 131 135 * out (out): a-b. 132 136 */ 133 void curve448_scalar_sub(curve448_scalar_t out, 137 void 138 ossl_curve448_scalar_sub(curve448_scalar_t out, 134 139 const curve448_scalar_t a, const curve448_scalar_t b); 135 140 … … 141 146 * out (out): a*b. 142 147 */ 143 void curve448_scalar_mul(curve448_scalar_t out, 148 void 149 ossl_curve448_scalar_mul(curve448_scalar_t out, 144 150 const curve448_scalar_t a, const curve448_scalar_t b); 145 151 … … 150 156 * out (out): a/2. 151 157 */ 152 void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a); 158 void 159 ossl_curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a); 153 160 154 161 /* … … 189 196 * C448_FALSE: The points are not equal. 190 197 */ 191 __owur c448_bool_t curve448_point_eq(const curve448_point_t a, 192 const curve448_point_t b); 198 __owur c448_bool_t 199 ossl_curve448_point_eq(const curve448_point_t a, 200 const curve448_point_t b); 193 201 194 202 /* … … 199 207 * a (in): A point. 200 208 */ 201 void curve448_point_double(curve448_point_t two_a, const curve448_point_t a); 209 void 210 ossl_curve448_point_double(curve448_point_t two_a, const curve448_point_t a); 202 211 203 212 /* … … 214 223 * small subgroup. 215 224 */ 216 __owur c448_error_t x448_int(uint8_t out[X448_PUBLIC_BYTES], 217 const uint8_t base[X448_PUBLIC_BYTES], 218 const uint8_t scalar[X448_PRIVATE_BYTES]); 225 __owur c448_error_t 226 ossl_x448_int(uint8_t out[X448_PUBLIC_BYTES], 227 const uint8_t base[X448_PUBLIC_BYTES], 228 const uint8_t scalar[X448_PRIVATE_BYTES]); 219 229 220 230 /* … … 237 247 * p (in): The point to be scaled and encoded. 238 248 */ 239 void curve448_point_mul_by_ratio_and_encode_like_x448( 249 void 250 ossl_curve448_point_mul_by_ratio_and_encode_like_x448( 240 251 uint8_t out[X448_PUBLIC_BYTES], 241 252 const curve448_point_t p); … … 248 259 * scalar (in): The scalar to multiply by. 249 260 */ 250 void x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES], 261 void 262 ossl_x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES], 251 263 const uint8_t scalar[X448_PRIVATE_BYTES]); 252 264 … … 258 270 * scalar (in): The scalar to multiply by. 259 271 */ 260 void curve448_precomputed_scalarmul(curve448_point_t scaled, 272 void 273 ossl_curve448_precomputed_scalarmul(curve448_point_t scaled, 261 274 const curve448_precomputed_s * base, 262 275 const curve448_scalar_t scalar); … … 277 290 * It is designed for signature verification. 278 291 */ 279 void curve448_base_double_scalarmul_non_secret(curve448_point_t combo, 292 void 293 ossl_curve448_base_double_scalarmul_non_secret(curve448_point_t combo, 280 294 const curve448_scalar_t scalar1, 281 295 const curve448_point_t base2, … … 291 305 * C448_FALSE The point is invalid. 292 306 */ 293 __owur c448_bool_t curve448_point_valid(const curve448_point_t to_test); 307 __owur c448_bool_t 308 ossl_curve448_point_valid(const curve448_point_t to_test); 294 309 295 310 /* Overwrite scalar with zeros. */ 296 void curve448_scalar_destroy(curve448_scalar_t scalar);311 void ossl_curve448_scalar_destroy(curve448_scalar_t scalar); 297 312 298 313 /* Overwrite point with zeros. */ 299 void curve448_point_destroy(curve448_point_t point);314 void ossl_curve448_point_destroy(curve448_point_t point); 300 315 301 316 #endif /* OSSL_CRYPTO_EC_CURVE448_POINT_448_H */ -
trunk/src/libs/openssl-3.0.1/crypto/ec/curve448/scalar.c
r91772 r94082 1 1 /* 2 * Copyright 2017-20 19The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright 2015-2016 Cryptography Research, Inc. 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 39 39 #define WBITS C448_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */ 40 40 41 const curve448_scalar_t curve448_scalar_one = {{{1}}};42 const curve448_scalar_t curve448_scalar_zero = {{{0}}};41 const curve448_scalar_t ossl_curve448_scalar_one = {{{1}}}; 42 const curve448_scalar_t ossl_curve448_scalar_zero = {{{0}}}; 43 43 44 44 /* … … 107 107 } 108 108 109 void curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a,110 const curve448_scalar_t b)109 void ossl_curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a, 110 const curve448_scalar_t b) 111 111 { 112 112 sc_montmul(out, a, b); … … 114 114 } 115 115 116 void curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a, 116 void 117 ossl_curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a, 117 118 const curve448_scalar_t b) 118 119 { … … 120 121 } 121 122 122 void curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a, 123 void 124 ossl_curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a, 123 125 const curve448_scalar_t b) 124 126 { … … 149 151 } 150 152 151 c448_error_t curve448_scalar_decode(152 153 153 c448_error_t 154 ossl_curve448_scalar_decode(curve448_scalar_t s, 155 const unsigned char ser[C448_SCALAR_BYTES]) 154 156 { 155 157 unsigned int i; … … 161 163 /* Here accum == 0 or -1 */ 162 164 163 curve448_scalar_mul(s, s,curve448_scalar_one); /* ham-handed reduce */165 ossl_curve448_scalar_mul(s, s, ossl_curve448_scalar_one); /* ham-handed reduce */ 164 166 165 167 return c448_succeed_if(~word_is_zero((uint32_t)accum)); 166 168 } 167 169 168 void curve448_scalar_destroy(curve448_scalar_t scalar)170 void ossl_curve448_scalar_destroy(curve448_scalar_t scalar) 169 171 { 170 172 OPENSSL_cleanse(scalar, sizeof(curve448_scalar_t)); 171 173 } 172 174 173 void curve448_scalar_decode_long(curve448_scalar_t s, 175 void 176 ossl_curve448_scalar_decode_long(curve448_scalar_t s, 174 177 const unsigned char *ser, size_t ser_len) 175 178 { … … 178 181 179 182 if (ser_len == 0) { 180 curve448_scalar_copy(s, curve448_scalar_zero);183 curve448_scalar_copy(s, ossl_curve448_scalar_zero); 181 184 return; 182 185 } … … 191 194 assert(i == 0); 192 195 /* ham-handed reduce */ 193 curve448_scalar_mul(s, t1,curve448_scalar_one);194 curve448_scalar_destroy(t1);196 ossl_curve448_scalar_mul(s, t1, ossl_curve448_scalar_one); 197 ossl_curve448_scalar_destroy(t1); 195 198 return; 196 199 } … … 199 202 i -= C448_SCALAR_BYTES; 200 203 sc_montmul(t1, t1, sc_r2); 201 (void) curve448_scalar_decode(t2, ser + i);202 curve448_scalar_add(t1, t1, t2);204 (void)ossl_curve448_scalar_decode(t2, ser + i); 205 ossl_curve448_scalar_add(t1, t1, t2); 203 206 } 204 207 205 208 curve448_scalar_copy(s, t1); 206 curve448_scalar_destroy(t1); 207 curve448_scalar_destroy(t2); 208 } 209 210 void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], 209 ossl_curve448_scalar_destroy(t1); 210 ossl_curve448_scalar_destroy(t2); 211 } 212 213 void 214 ossl_curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], 211 215 const curve448_scalar_t s) 212 216 { … … 219 223 } 220 224 221 void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a) 225 void 226 ossl_curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a) 222 227 { 223 228 c448_word_t mask = 0 - (a->limb[0] & 1); -
trunk/src/libs/openssl-3.0.1/crypto/ec/curve448/word.h
r91772 r94082 1 1 /* 2 * Copyright 2017-20 18The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright 2014 Cryptography Research, Inc. 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 18 18 # include <stdlib.h> 19 19 # include <openssl/e_os2.h> 20 # include "arch_intrinsics.h"21 20 # include "curve448utils.h" 21 22 # ifdef INT128_MAX 23 # include "arch_64/arch_intrinsics.h" 24 # else 25 # include "arch_32/arch_intrinsics.h" 26 # endif 22 27 23 28 # if (ARCH_WORD_BITS == 64) 24 29 typedef uint64_t word_t, mask_t; 25 typedef __uint128_t dword_t;30 typedef uint128_t dword_t; 26 31 typedef int32_t hsword_t; 27 32 typedef int64_t sword_t; 28 typedef __int128_t dsword_t;33 typedef int128_t dsword_t; 29 34 # elif (ARCH_WORD_BITS == 32) 30 35 typedef uint32_t word_t, mask_t; -
trunk/src/libs/openssl-3.0.1/crypto/ec/ec2_oct.c
r91772 r94082 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at 8 8 * https://www.openssl.org/source/license.html 9 9 */ 10 11 /* 12 * ECDSA low level APIs are deprecated for public use, but still ok for 13 * internal use. 14 */ 15 #include "internal/deprecated.h" 10 16 11 17 #include <openssl/err.h> … … 31 37 * (and additionally fail to cite the EUROCRYPT '92 publication as prior art). 32 38 */ 33 int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,34 EC_POINT *point,35 const BIGNUM *x_, int y_bit,36 BN_CTX *ctx)39 int ossl_ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, 40 EC_POINT *point, 41 const BIGNUM *x_, int y_bit, 42 BN_CTX *ctx) 37 43 { 38 BN_CTX *new_ctx = NULL;39 44 BIGNUM *tmp, *x, *y, *z; 40 45 int ret = 0, z0; 41 42 /* clear error queue */ 43 ERR_clear_error(); 46 #ifndef FIPS_MODULE 47 BN_CTX *new_ctx = NULL; 44 48 45 49 if (ctx == NULL) { … … 48 52 return 0; 49 53 } 54 #endif 50 55 51 56 y_bit = (y_bit != 0) ? 1 : 0; … … 73 78 if (!BN_GF2m_add(tmp, x, tmp)) 74 79 goto err; 80 ERR_set_mark(); 75 81 if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) { 82 #ifndef FIPS_MODULE 76 83 unsigned long err = ERR_peek_last_error(); 77 84 78 85 if (ERR_GET_LIB(err) == ERR_LIB_BN 79 86 && ERR_GET_REASON(err) == BN_R_NO_SOLUTION) { 80 ERR_clear_error(); 81 ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, 82 EC_R_INVALID_COMPRESSED_POINT); 87 ERR_pop_to_mark(); 88 ERR_raise(ERR_LIB_EC, EC_R_INVALID_COMPRESSED_POINT); 83 89 } else 84 ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, 85 ERR_R_BN_LIB); 86 goto err; 87 } 90 #endif 91 { 92 ERR_clear_last_mark(); 93 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 94 } 95 goto err; 96 } 97 ERR_clear_last_mark(); 88 98 z0 = (BN_is_odd(z)) ? 1 : 0; 89 99 if (!group->meth->field_mul(group, y, x, z, ctx)) … … 102 112 err: 103 113 BN_CTX_end(ctx); 114 #ifndef FIPS_MODULE 104 115 BN_CTX_free(new_ctx); 116 #endif 105 117 return ret; 106 118 } … … 111 123 * an error will be returned. 112 124 */ 113 size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, 114 point_conversion_form_t form, 115 unsigned char *buf, size_t len, BN_CTX *ctx) 125 size_t ossl_ec_GF2m_simple_point2oct(const EC_GROUP *group, 126 const EC_POINT *point, 127 point_conversion_form_t form, 128 unsigned char *buf, size_t len, BN_CTX *ctx) 116 129 { 117 130 size_t ret; 118 BN_CTX *new_ctx = NULL;119 131 int used_ctx = 0; 120 132 BIGNUM *x, *y, *yxi; 121 133 size_t field_len, i, skip; 134 #ifndef FIPS_MODULE 135 BN_CTX *new_ctx = NULL; 136 #endif 122 137 123 138 if ((form != POINT_CONVERSION_COMPRESSED) 124 139 && (form != POINT_CONVERSION_UNCOMPRESSED) 125 140 && (form != POINT_CONVERSION_HYBRID)) { 126 E Cerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);141 ERR_raise(ERR_LIB_EC, EC_R_INVALID_FORM); 127 142 goto err; 128 143 } … … 132 147 if (buf != NULL) { 133 148 if (len < 1) { 134 E Cerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);149 ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); 135 150 return 0; 136 151 } … … 149 164 if (buf != NULL) { 150 165 if (len < ret) { 151 ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); 152 goto err; 153 } 154 166 ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); 167 goto err; 168 } 169 170 #ifndef FIPS_MODULE 155 171 if (ctx == NULL) { 156 172 ctx = new_ctx = BN_CTX_new(); … … 158 174 return 0; 159 175 } 176 #endif 160 177 161 178 BN_CTX_start(ctx); … … 182 199 skip = field_len - BN_num_bytes(x); 183 200 if (skip > field_len) { 184 E Cerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);201 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 185 202 goto err; 186 203 } … … 192 209 i += skip; 193 210 if (i != 1 + field_len) { 194 E Cerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);211 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 195 212 goto err; 196 213 } … … 200 217 skip = field_len - BN_num_bytes(y); 201 218 if (skip > field_len) { 202 E Cerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);219 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 203 220 goto err; 204 221 } … … 212 229 213 230 if (i != ret) { 214 E Cerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);231 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 215 232 goto err; 216 233 } … … 219 236 if (used_ctx) 220 237 BN_CTX_end(ctx); 238 #ifndef FIPS_MODULE 221 239 BN_CTX_free(new_ctx); 240 #endif 222 241 return ret; 223 242 … … 225 244 if (used_ctx) 226 245 BN_CTX_end(ctx); 246 #ifndef FIPS_MODULE 227 247 BN_CTX_free(new_ctx); 248 #endif 228 249 return 0; 229 250 } … … 233 254 * simple implementation only uses affine coordinates. 234 255 */ 235 int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,236 const unsigned char *buf, size_t len,237 BN_CTX *ctx)256 int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, 257 const unsigned char *buf, size_t len, 258 BN_CTX *ctx) 238 259 { 239 260 point_conversion_form_t form; 240 261 int y_bit, m; 241 BN_CTX *new_ctx = NULL;242 262 BIGNUM *x, *y, *yxi; 243 263 size_t field_len, enc_len; 244 264 int ret = 0; 265 #ifndef FIPS_MODULE 266 BN_CTX *new_ctx = NULL; 267 #endif 245 268 246 269 if (len == 0) { 247 E Cerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);270 ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); 248 271 return 0; 249 272 } … … 266 289 && (form != POINT_CONVERSION_UNCOMPRESSED) 267 290 && (form != POINT_CONVERSION_HYBRID)) { 268 E Cerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);291 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 269 292 return 0; 270 293 } 271 294 if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) { 272 E Cerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);295 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 273 296 return 0; 274 297 } … … 277 300 if (form == 0) { 278 301 if (len != 1) { 279 E Cerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);302 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 280 303 return 0; 281 304 } … … 291 314 292 315 if (len != enc_len) { 293 E Cerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);316 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 294 317 return 0; 295 318 } 296 319 320 #ifndef FIPS_MODULE 297 321 if (ctx == NULL) { 298 322 ctx = new_ctx = BN_CTX_new(); … … 300 324 return 0; 301 325 } 326 #endif 302 327 303 328 BN_CTX_start(ctx); … … 311 336 goto err; 312 337 if (BN_num_bits(x) > m) { 313 E Cerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);338 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 314 339 goto err; 315 340 } … … 322 347 goto err; 323 348 if (BN_num_bits(y) > m) { 324 E Cerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);349 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 325 350 goto err; 326 351 } … … 333 358 if (BN_is_zero(x)) { 334 359 if (y_bit != 0) { 335 E Cerr(ERR_LIB_EC, EC_R_INVALID_ENCODING);360 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 336 361 goto err; 337 362 } … … 340 365 goto err; 341 366 if (y_bit != BN_is_odd(yxi)) { 342 E Cerr(ERR_LIB_EC, EC_R_INVALID_ENCODING);367 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 343 368 goto err; 344 369 } … … 358 383 err: 359 384 BN_CTX_end(ctx); 385 #ifndef FIPS_MODULE 360 386 BN_CTX_free(new_ctx); 387 #endif 361 388 return ret; 362 389 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/ec2_smpl.c
r91772 r94082 1 1 /* 2 * Copyright 2002-20 19The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 9 9 */ 10 10 11 /* 12 * ECDSA low level APIs are deprecated for public use, but still ok for 13 * internal use. 14 */ 15 #include "internal/deprecated.h" 16 11 17 #include <openssl/err.h> 12 18 … … 20 26 * are handled by EC_GROUP_new. 21 27 */ 22 int ec_GF2m_simple_group_init(EC_GROUP *group)28 int ossl_ec_GF2m_simple_group_init(EC_GROUP *group) 23 29 { 24 30 group->field = BN_new(); … … 39 45 * handled by EC_GROUP_free. 40 46 */ 41 void ec_GF2m_simple_group_finish(EC_GROUP *group)47 void ossl_ec_GF2m_simple_group_finish(EC_GROUP *group) 42 48 { 43 49 BN_free(group->field); … … 50 56 * members are handled by EC_GROUP_clear_free. 51 57 */ 52 void ec_GF2m_simple_group_clear_finish(EC_GROUP *group)58 void ossl_ec_GF2m_simple_group_clear_finish(EC_GROUP *group) 53 59 { 54 60 BN_clear_free(group->field); … … 67 73 * handled by EC_GROUP_copy. 68 74 */ 69 int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)75 int ossl_ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) 70 76 { 71 77 if (!BN_copy(dest->field, src->field)) … … 93 99 94 100 /* Set the curve parameters of an EC_GROUP structure. */ 95 int ec_GF2m_simple_group_set_curve(EC_GROUP *group,96 const BIGNUM *p, const BIGNUM *a,97 const BIGNUM *b, BN_CTX *ctx)101 int ossl_ec_GF2m_simple_group_set_curve(EC_GROUP *group, 102 const BIGNUM *p, const BIGNUM *a, 103 const BIGNUM *b, BN_CTX *ctx) 98 104 { 99 105 int ret = 0, i; … … 104 110 i = BN_GF2m_poly2arr(group->field, group->poly, 6) - 1; 105 111 if ((i != 5) && (i != 3)) { 106 E Cerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);112 ERR_raise(ERR_LIB_EC, EC_R_UNSUPPORTED_FIELD); 107 113 goto err; 108 114 } … … 133 139 * then there values will not be set but the method will return with success. 134 140 */ 135 int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p,136 BIGNUM *a, BIGNUM *b, BN_CTX *ctx)141 int ossl_ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, 142 BIGNUM *a, BIGNUM *b, BN_CTX *ctx) 137 143 { 138 144 int ret = 0; … … 163 169 * m. 164 170 */ 165 int ec_GF2m_simple_group_get_degree(const EC_GROUP *group)171 int ossl_ec_GF2m_simple_group_get_degree(const EC_GROUP *group) 166 172 { 167 173 return BN_num_bits(group->field) - 1; … … 172 178 * elliptic curve <=> b != 0 (mod p) 173 179 */ 174 int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,175 BN_CTX *ctx)180 int ossl_ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, 181 BN_CTX *ctx) 176 182 { 177 183 int ret = 0; 178 184 BIGNUM *b; 185 #ifndef FIPS_MODULE 179 186 BN_CTX *new_ctx = NULL; 180 187 … … 182 189 ctx = new_ctx = BN_CTX_new(); 183 190 if (ctx == NULL) { 184 ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, 185 ERR_R_MALLOC_FAILURE); 191 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 186 192 goto err; 187 193 } 188 194 } 195 #endif 189 196 BN_CTX_start(ctx); 190 197 b = BN_CTX_get(ctx); … … 206 213 err: 207 214 BN_CTX_end(ctx); 215 #ifndef FIPS_MODULE 208 216 BN_CTX_free(new_ctx); 217 #endif 209 218 return ret; 210 219 } 211 220 212 221 /* Initializes an EC_POINT. */ 213 int ec_GF2m_simple_point_init(EC_POINT *point)222 int ossl_ec_GF2m_simple_point_init(EC_POINT *point) 214 223 { 215 224 point->X = BN_new(); … … 227 236 228 237 /* Frees an EC_POINT. */ 229 void ec_GF2m_simple_point_finish(EC_POINT *point)238 void ossl_ec_GF2m_simple_point_finish(EC_POINT *point) 230 239 { 231 240 BN_free(point->X); … … 235 244 236 245 /* Clears and frees an EC_POINT. */ 237 void ec_GF2m_simple_point_clear_finish(EC_POINT *point)246 void ossl_ec_GF2m_simple_point_clear_finish(EC_POINT *point) 238 247 { 239 248 BN_clear_free(point->X); … … 247 256 * initialized. 248 257 */ 249 int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src)258 int ossl_ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src) 250 259 { 251 260 if (!BN_copy(dest->X, src->X)) … … 265 274 * represented by having Z=0. 266 275 */ 267 int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group,268 EC_POINT *point)276 int ossl_ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, 277 EC_POINT *point) 269 278 { 270 279 point->Z_is_one = 0; … … 277 286 * the simple implementation only uses affine coordinates. 278 287 */ 279 int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, 280 EC_POINT *point, 281 const BIGNUM *x, 282 const BIGNUM *y, BN_CTX *ctx) 288 int ossl_ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, 289 EC_POINT *point, 290 const BIGNUM *x, 291 const BIGNUM *y, 292 BN_CTX *ctx) 283 293 { 284 294 int ret = 0; 285 295 if (x == NULL || y == NULL) { 286 ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, 287 ERR_R_PASSED_NULL_PARAMETER); 296 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 288 297 return 0; 289 298 } … … 309 318 * implementation only uses affine coordinates. 310 319 */ 311 int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group,312 const EC_POINT *point,313 BIGNUM *x, BIGNUM *y,314 BN_CTX *ctx)320 int ossl_ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, 321 const EC_POINT *point, 322 BIGNUM *x, BIGNUM *y, 323 BN_CTX *ctx) 315 324 { 316 325 int ret = 0; 317 326 318 327 if (EC_POINT_is_at_infinity(group, point)) { 319 ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, 320 EC_R_POINT_AT_INFINITY); 328 ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); 321 329 return 0; 322 330 } 323 331 324 332 if (BN_cmp(point->Z, BN_value_one())) { 325 ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, 326 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 333 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 327 334 return 0; 328 335 } … … 347 354 * b. Uses algorithm A.10.2 of IEEE P1363. 348 355 */ 349 int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, 350 const EC_POINT *b, BN_CTX *ctx) 351 { 352 BN_CTX *new_ctx = NULL; 356 int ossl_ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, 357 const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) 358 { 353 359 BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t; 354 360 int ret = 0; 361 #ifndef FIPS_MODULE 362 BN_CTX *new_ctx = NULL; 363 #endif 355 364 356 365 if (EC_POINT_is_at_infinity(group, a)) { … … 366 375 } 367 376 377 #ifndef FIPS_MODULE 368 378 if (ctx == NULL) { 369 379 ctx = new_ctx = BN_CTX_new(); … … 371 381 return 0; 372 382 } 383 #endif 373 384 374 385 BN_CTX_start(ctx); … … 454 465 err: 455 466 BN_CTX_end(ctx); 467 #ifndef FIPS_MODULE 456 468 BN_CTX_free(new_ctx); 469 #endif 457 470 return ret; 458 471 } … … 462 475 * A.10.2 of IEEE P1363. 463 476 */ 464 int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, 465 BN_CTX *ctx) 466 { 467 return ec_GF2m_simple_add(group, r, a, a, ctx); 468 } 469 470 int ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) 477 int ossl_ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, 478 const EC_POINT *a, BN_CTX *ctx) 479 { 480 return ossl_ec_GF2m_simple_add(group, r, a, a, ctx); 481 } 482 483 int ossl_ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, 484 BN_CTX *ctx) 471 485 { 472 486 if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(point->Y)) … … 474 488 return 1; 475 489 476 if (!EC_POINT_make_affine(group, point, ctx)) 490 if (group->meth->make_affine == NULL 491 || !group->meth->make_affine(group, point, ctx)) 477 492 return 0; 478 493 return BN_GF2m_add(point->Y, point->X, point->Y); … … 480 495 481 496 /* Indicates whether the given point is the point at infinity. */ 482 int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group,483 const EC_POINT *point)497 int ossl_ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, 498 const EC_POINT *point) 484 499 { 485 500 return BN_is_zero(point->Z); … … 491 506 * y^2 + x*y = x^3 + a*x^2 + b. 492 507 */ 493 int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,494 BN_CTX *ctx)508 int ossl_ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, 509 BN_CTX *ctx) 495 510 { 496 511 int ret = -1; 497 BN_CTX *new_ctx = NULL;498 512 BIGNUM *lh, *y2; 499 513 int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, 500 514 const BIGNUM *, BN_CTX *); 501 515 int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); 516 #ifndef FIPS_MODULE 517 BN_CTX *new_ctx = NULL; 518 #endif 502 519 503 520 if (EC_POINT_is_at_infinity(group, point)) … … 511 528 return -1; 512 529 530 #ifndef FIPS_MODULE 513 531 if (ctx == NULL) { 514 532 ctx = new_ctx = BN_CTX_new(); … … 516 534 return -1; 517 535 } 536 #endif 518 537 519 538 BN_CTX_start(ctx); … … 547 566 err: 548 567 BN_CTX_end(ctx); 568 #ifndef FIPS_MODULE 549 569 BN_CTX_free(new_ctx); 570 #endif 550 571 return ret; 551 572 } … … 558 579 * 1 not equal 559 580 */ 560 int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,561 const EC_POINT *b, BN_CTX *ctx)581 int ossl_ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, 582 const EC_POINT *b, BN_CTX *ctx) 562 583 { 563 584 BIGNUM *aX, *aY, *bX, *bY; 585 int ret = -1; 586 #ifndef FIPS_MODULE 564 587 BN_CTX *new_ctx = NULL; 565 int ret = -1; 588 #endif 566 589 567 590 if (EC_POINT_is_at_infinity(group, a)) { … … 576 599 } 577 600 601 #ifndef FIPS_MODULE 578 602 if (ctx == NULL) { 579 603 ctx = new_ctx = BN_CTX_new(); … … 581 605 return -1; 582 606 } 607 #endif 583 608 584 609 BN_CTX_start(ctx); … … 598 623 err: 599 624 BN_CTX_end(ctx); 625 #ifndef FIPS_MODULE 600 626 BN_CTX_free(new_ctx); 627 #endif 601 628 return ret; 602 629 } 603 630 604 631 /* Forces the given EC_POINT to internally use affine coordinates. */ 605 int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, 606 BN_CTX *ctx) 607 { 608 BN_CTX *new_ctx = NULL; 632 int ossl_ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, 633 BN_CTX *ctx) 634 { 609 635 BIGNUM *x, *y; 610 636 int ret = 0; 637 #ifndef FIPS_MODULE 638 BN_CTX *new_ctx = NULL; 639 #endif 611 640 612 641 if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) 613 642 return 1; 614 643 644 #ifndef FIPS_MODULE 615 645 if (ctx == NULL) { 616 646 ctx = new_ctx = BN_CTX_new(); … … 618 648 return 0; 619 649 } 650 #endif 620 651 621 652 BN_CTX_start(ctx); … … 639 670 err: 640 671 BN_CTX_end(ctx); 672 #ifndef FIPS_MODULE 641 673 BN_CTX_free(new_ctx); 674 #endif 642 675 return ret; 643 676 } … … 646 679 * Forces each of the EC_POINTs in the given array to use affine coordinates. 647 680 */ 648 int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num,649 EC_POINT *points[], BN_CTX *ctx)681 int ossl_ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num, 682 EC_POINT *points[], BN_CTX *ctx) 650 683 { 651 684 size_t i; … … 660 693 661 694 /* Wrapper to simple binary polynomial field multiplication implementation. */ 662 int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r,663 const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)695 int ossl_ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r, 696 const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) 664 697 { 665 698 return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx); … … 667 700 668 701 /* Wrapper to simple binary polynomial field squaring implementation. */ 669 int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r,670 const BIGNUM *a, BN_CTX *ctx)702 int ossl_ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, 703 const BIGNUM *a, BN_CTX *ctx) 671 704 { 672 705 return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx); … … 674 707 675 708 /* Wrapper to simple binary polynomial field division implementation. */ 676 int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r,677 const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)709 int ossl_ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, 710 const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) 678 711 { 679 712 return BN_GF2m_mod_div(r, a, b, group->field, ctx); … … 697 730 /* s blinding: make sure lambda (s->Z here) is not zero */ 698 731 do { 699 if (!BN_priv_rand (s->Z, BN_num_bits(group->field) - 1,700 BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {701 E Cerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB);732 if (!BN_priv_rand_ex(s->Z, BN_num_bits(group->field) - 1, 733 BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) { 734 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 702 735 return 0; 703 736 } … … 712 745 /* r blinding: make sure lambda (r->Y here for storage) is not zero */ 713 746 do { 714 if (!BN_priv_rand (r->Y, BN_num_bits(group->field) - 1,715 BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {716 E Cerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB);747 if (!BN_priv_rand_ex(r->Y, BN_num_bits(group->field) - 1, 748 BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) { 749 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 717 750 return 0; 718 751 } … … 783 816 if (!EC_POINT_copy(r, p) 784 817 || !EC_POINT_invert(group, r, ctx)) { 785 E Cerr(EC_F_EC_GF2M_SIMPLE_LADDER_POST, ERR_R_EC_LIB);818 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 786 819 return 0; 787 820 } … … 794 827 t2 = BN_CTX_get(ctx); 795 828 if (t2 == NULL) { 796 E Cerr(EC_F_EC_GF2M_SIMPLE_LADDER_POST, ERR_R_MALLOC_FAILURE);829 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 797 830 goto err; 798 831 } … … 857 890 */ 858 891 if (num > 1 || BN_is_zero(group->order) || BN_is_zero(group->cofactor)) 859 return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);892 return ossl_ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); 860 893 861 894 if (scalar != NULL && num == 0) 862 895 /* Fixed point multiplication */ 863 return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx);896 return ossl_ec_scalar_mul_ladder(group, r, scalar, NULL, ctx); 864 897 865 898 if (scalar == NULL && num == 1) 866 899 /* Variable point multiplication */ 867 return ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx);900 return ossl_ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx); 868 901 869 902 /*- … … 873 906 874 907 if ((t = EC_POINT_new(group)) == NULL) { 875 E Cerr(EC_F_EC_GF2M_SIMPLE_POINTS_MUL, ERR_R_MALLOC_FAILURE);876 return 0; 877 } 878 879 if (! ec_scalar_mul_ladder(group, t, scalar, NULL, ctx)880 || ! ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx)908 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 909 return 0; 910 } 911 912 if (!ossl_ec_scalar_mul_ladder(group, t, scalar, NULL, ctx) 913 || !ossl_ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx) 881 914 || !EC_POINT_add(group, r, t, r, ctx)) 882 915 goto err; … … 900 933 901 934 if (!(ret = BN_GF2m_mod_inv(r, a, group->field, ctx))) 902 E Cerr(EC_F_EC_GF2M_SIMPLE_FIELD_INV, EC_R_CANNOT_INVERT);935 ERR_raise(ERR_LIB_EC, EC_R_CANNOT_INVERT); 903 936 return ret; 904 937 } … … 909 942 EC_FLAGS_DEFAULT_OCT, 910 943 NID_X9_62_characteristic_two_field, 911 ec_GF2m_simple_group_init, 912 ec_GF2m_simple_group_finish, 913 ec_GF2m_simple_group_clear_finish, 914 ec_GF2m_simple_group_copy, 915 ec_GF2m_simple_group_set_curve, 916 ec_GF2m_simple_group_get_curve, 917 ec_GF2m_simple_group_get_degree, 918 ec_group_simple_order_bits, 919 ec_GF2m_simple_group_check_discriminant, 920 ec_GF2m_simple_point_init, 921 ec_GF2m_simple_point_finish, 922 ec_GF2m_simple_point_clear_finish, 923 ec_GF2m_simple_point_copy, 924 ec_GF2m_simple_point_set_to_infinity, 925 0, /* set_Jprojective_coordinates_GFp */ 926 0, /* get_Jprojective_coordinates_GFp */ 927 ec_GF2m_simple_point_set_affine_coordinates, 928 ec_GF2m_simple_point_get_affine_coordinates, 944 ossl_ec_GF2m_simple_group_init, 945 ossl_ec_GF2m_simple_group_finish, 946 ossl_ec_GF2m_simple_group_clear_finish, 947 ossl_ec_GF2m_simple_group_copy, 948 ossl_ec_GF2m_simple_group_set_curve, 949 ossl_ec_GF2m_simple_group_get_curve, 950 ossl_ec_GF2m_simple_group_get_degree, 951 ossl_ec_group_simple_order_bits, 952 ossl_ec_GF2m_simple_group_check_discriminant, 953 ossl_ec_GF2m_simple_point_init, 954 ossl_ec_GF2m_simple_point_finish, 955 ossl_ec_GF2m_simple_point_clear_finish, 956 ossl_ec_GF2m_simple_point_copy, 957 ossl_ec_GF2m_simple_point_set_to_infinity, 958 ossl_ec_GF2m_simple_point_set_affine_coordinates, 959 ossl_ec_GF2m_simple_point_get_affine_coordinates, 929 960 0, /* point_set_compressed_coordinates */ 930 961 0, /* point2oct */ 931 962 0, /* oct2point */ 932 ec_GF2m_simple_add,933 ec_GF2m_simple_dbl,934 ec_GF2m_simple_invert,935 ec_GF2m_simple_is_at_infinity,936 ec_GF2m_simple_is_on_curve,937 ec_GF2m_simple_cmp,938 ec_GF2m_simple_make_affine,939 ec_GF2m_simple_points_make_affine,963 ossl_ec_GF2m_simple_add, 964 ossl_ec_GF2m_simple_dbl, 965 ossl_ec_GF2m_simple_invert, 966 ossl_ec_GF2m_simple_is_at_infinity, 967 ossl_ec_GF2m_simple_is_on_curve, 968 ossl_ec_GF2m_simple_cmp, 969 ossl_ec_GF2m_simple_make_affine, 970 ossl_ec_GF2m_simple_points_make_affine, 940 971 ec_GF2m_simple_points_mul, 941 972 0, /* precompute_mult */ 942 973 0, /* have_precompute_mult */ 943 ec_GF2m_simple_field_mul,944 ec_GF2m_simple_field_sqr,945 ec_GF2m_simple_field_div,974 ossl_ec_GF2m_simple_field_mul, 975 ossl_ec_GF2m_simple_field_sqr, 976 ossl_ec_GF2m_simple_field_div, 946 977 ec_GF2m_simple_field_inv, 947 978 0, /* field_encode */ 948 979 0, /* field_decode */ 949 980 0, /* field_set_to_one */ 950 ec_key_simple_priv2oct,951 ec_key_simple_oct2priv,981 ossl_ec_key_simple_priv2oct, 982 ossl_ec_key_simple_oct2priv, 952 983 0, /* set private */ 953 ec_key_simple_generate_key,954 ec_key_simple_check_key,955 ec_key_simple_generate_public_key,984 ossl_ec_key_simple_generate_key, 985 ossl_ec_key_simple_check_key, 986 ossl_ec_key_simple_generate_public_key, 956 987 0, /* keycopy */ 957 988 0, /* keyfinish */ 958 ecdh_simple_compute_key, 989 ossl_ecdh_simple_compute_key, 990 ossl_ecdsa_simple_sign_setup, 991 ossl_ecdsa_simple_sign_sig, 992 ossl_ecdsa_simple_verify_sig, 959 993 0, /* field_inverse_mod_ord */ 960 994 0, /* blind_coordinates */ -
trunk/src/libs/openssl-3.0.1/crypto/ec/ec_ameth.c
r91772 r94082 1 1 /* 2 * Copyright 2006-202 0The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at 7 7 * https://www.openssl.org/source/license.html 8 8 */ 9 10 /* 11 * ECDH and ECDSA low level APIs are deprecated for public use, but still ok 12 * for internal use. 13 */ 14 #include "internal/deprecated.h" 9 15 10 16 #include <stdio.h> … … 13 19 #include <openssl/ec.h> 14 20 #include <openssl/bn.h> 15 #include <openssl/cms.h>16 21 #include <openssl/asn1t.h> 17 22 #include "crypto/asn1.h" 18 23 #include "crypto/evp.h" 24 #include "crypto/x509.h" 25 #include <openssl/core_names.h> 26 #include <openssl/param_build.h> 19 27 #include "ec_local.h" 20 21 #ifndef OPENSSL_NO_CMS22 static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);23 static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);24 #endif25 28 26 29 static int eckey_param2type(int *pptype, void **ppval, const EC_KEY *ec_key) … … 28 31 const EC_GROUP *group; 29 32 int nid; 33 30 34 if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) { 31 E Cerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_PARAMETERS);35 ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS); 32 36 return 0; 33 37 } … … 40 44 if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { 41 45 ASN1_OBJECT_free(asn1obj); 42 E Cerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_OID);46 ERR_raise(ERR_LIB_EC, EC_R_MISSING_OID); 43 47 return 0; 44 48 } … … 51 55 if (pstr == NULL) 52 56 return 0; 53 54 /* 55 * The cast in the following line is intentional as the 56 * `i2d_ECParameters` signature can't be constified (see discussion at 57 * https://github.com/openssl/openssl/pull/9347 where related and 58 * required constification backports were rejected). 59 * 60 * This cast should be safe anyway, because we can expect 61 * `i2d_ECParameters()` to treat the first argument as if it was const. 62 */ 63 pstr->length = i2d_ECParameters((EC_KEY *)ec_key, &pstr->data); 57 pstr->length = i2d_ECParameters(ec_key, &pstr->data); 64 58 if (pstr->length <= 0) { 65 59 ASN1_STRING_free(pstr); 66 E Cerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);60 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 67 61 return 0; 68 62 } … … 82 76 83 77 if (!eckey_param2type(&ptype, &pval, ec_key)) { 84 E Cerr(EC_F_ECKEY_PUB_ENCODE, ERR_R_EC_LIB);78 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 85 79 return 0; 86 80 } … … 107 101 } 108 102 109 static EC_KEY *eckey_type2param(int ptype, const void *pval) 110 { 111 EC_KEY *eckey = NULL; 112 EC_GROUP *group = NULL; 113 114 if (ptype == V_ASN1_SEQUENCE) { 115 const ASN1_STRING *pstr = pval; 116 const unsigned char *pm = pstr->data; 117 int pmlen = pstr->length; 118 119 if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) { 120 ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); 121 goto ecerr; 122 } 123 } else if (ptype == V_ASN1_OBJECT) { 124 const ASN1_OBJECT *poid = pval; 125 126 /* 127 * type == V_ASN1_OBJECT => the parameters are given by an asn1 OID 128 */ 129 if ((eckey = EC_KEY_new()) == NULL) { 130 ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE); 131 goto ecerr; 132 } 133 group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid)); 134 if (group == NULL) 135 goto ecerr; 136 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); 137 if (EC_KEY_set_group(eckey, group) == 0) 138 goto ecerr; 139 EC_GROUP_free(group); 140 } else { 141 ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); 142 goto ecerr; 143 } 144 145 return eckey; 146 147 ecerr: 148 EC_KEY_free(eckey); 149 EC_GROUP_free(group); 150 return NULL; 151 } 152 153 static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) 103 static int eckey_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey) 154 104 { 155 105 const unsigned char *p = NULL; 156 const void *pval; 157 int ptype, pklen; 106 int pklen; 158 107 EC_KEY *eckey = NULL; 159 108 X509_ALGOR *palg; 160 161 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) 162 return 0; 163 X509_ALGOR_get0(NULL, &ptype, &pval, palg); 164 165 eckey = eckey_type2param(ptype, pval); 166 167 if (!eckey) { 168 ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB); 169 return 0; 170 } 109 OSSL_LIB_CTX *libctx = NULL; 110 const char *propq = NULL; 111 112 if (!ossl_x509_PUBKEY_get0_libctx(&libctx, &propq, pubkey) 113 || !X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) 114 return 0; 115 eckey = ossl_ec_key_param_from_x509_algor(palg, libctx, propq); 116 117 if (!eckey) 118 return 0; 171 119 172 120 /* We have parameters now set public key */ 173 121 if (!o2i_ECPublicKey(&eckey, &p, pklen)) { 174 E Cerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR);122 ERR_raise(ERR_LIB_EC, EC_R_DECODE_ERROR); 175 123 goto ecerr; 176 124 } … … 190 138 const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), 191 139 *pb = EC_KEY_get0_public_key(b->pkey.ec); 140 192 141 if (group == NULL || pa == NULL || pb == NULL) 193 142 return -2; … … 200 149 } 201 150 202 static int eckey_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) 203 { 204 const unsigned char *p = NULL; 205 const void *pval; 206 int ptype, pklen; 207 EC_KEY *eckey = NULL; 208 const X509_ALGOR *palg; 209 210 if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) 211 return 0; 212 X509_ALGOR_get0(NULL, &ptype, &pval, palg); 213 214 eckey = eckey_type2param(ptype, pval); 215 216 if (!eckey) 217 goto ecliberr; 218 219 /* We have parameters now set private key */ 220 if (!d2i_ECPrivateKey(&eckey, &p, pklen)) { 221 ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR); 222 goto ecerr; 223 } 224 225 EVP_PKEY_assign_EC_KEY(pkey, eckey); 226 return 1; 227 228 ecliberr: 229 ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); 230 ecerr: 231 EC_KEY_free(eckey); 232 return 0; 151 static int eckey_priv_decode_ex(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8, 152 OSSL_LIB_CTX *libctx, const char *propq) 153 { 154 int ret = 0; 155 EC_KEY *eckey = ossl_ec_key_from_pkcs8(p8, libctx, propq); 156 157 if (eckey != NULL) { 158 ret = 1; 159 EVP_PKEY_assign_EC_KEY(pkey, eckey); 160 } 161 162 return ret; 233 163 } 234 164 … … 242 172 243 173 if (!eckey_param2type(&ptype, &pval, &ec_key)) { 244 E Cerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR);174 ERR_raise(ERR_LIB_EC, EC_R_DECODE_ERROR); 245 175 return 0; 246 176 } … … 257 187 eplen = i2d_ECPrivateKey(&ec_key, NULL); 258 188 if (!eplen) { 259 E Cerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);189 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 260 190 return 0; 261 191 } 262 192 ep = OPENSSL_malloc(eplen); 263 193 if (ep == NULL) { 264 E Cerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);194 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 265 195 return 0; 266 196 } … … 268 198 if (!i2d_ECPrivateKey(&ec_key, &p)) { 269 199 OPENSSL_free(ep); 270 E Cerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);200 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 271 201 return 0; 272 202 } … … 294 224 { 295 225 int ecbits = ec_bits(pkey); 226 296 227 if (ecbits >= 512) 297 228 return 256; … … 338 269 const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), 339 270 *group_b = EC_KEY_get0_group(b->pkey.ec); 271 340 272 if (group_a == NULL || group_b == NULL) 341 273 return -2; … … 366 298 367 299 if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) { 368 E Cerr(EC_F_DO_EC_KEY_PRINT, ERR_R_PASSED_NULL_PARAMETER);300 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 369 301 return 0; 370 302 } … … 414 346 err: 415 347 if (!ret) 416 E Cerr(EC_F_DO_EC_KEY_PRINT, ERR_R_EC_LIB);348 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 417 349 OPENSSL_clear_free(priv, privlen); 418 350 OPENSSL_free(pub); … … 425 357 EC_KEY *eckey; 426 358 427 if ((eckey = d2i_ECParameters(NULL, pder, derlen)) == NULL) { 428 ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB); 429 return 0; 430 } 359 if ((eckey = d2i_ECParameters(NULL, pder, derlen)) == NULL) 360 return 0; 431 361 EVP_PKEY_assign_EC_KEY(pkey, eckey); 432 362 return 1; … … 461 391 EC_KEY *ec; 462 392 463 if ((ec = d2i_ECPrivateKey(NULL, pder, derlen)) == NULL) { 464 ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR); 465 return 0; 466 } 393 if ((ec = d2i_ECPrivateKey(NULL, pder, derlen)) == NULL) 394 return 0; 467 395 EVP_PKEY_assign_EC_KEY(pkey, ec); 468 396 return 1; … … 477 405 { 478 406 switch (op) { 479 case ASN1_PKEY_CTRL_PKCS7_SIGN:480 if (arg1 == 0) {481 int snid, hnid;482 X509_ALGOR *alg1, *alg2;483 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);484 if (alg1 == NULL || alg1->algorithm == NULL)485 return -1;486 hnid = OBJ_obj2nid(alg1->algorithm);487 if (hnid == NID_undef)488 return -1;489 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))490 return -1;491 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);492 }493 return 1;494 #ifndef OPENSSL_NO_CMS495 case ASN1_PKEY_CTRL_CMS_SIGN:496 if (arg1 == 0) {497 int snid, hnid;498 X509_ALGOR *alg1, *alg2;499 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);500 if (alg1 == NULL || alg1->algorithm == NULL)501 return -1;502 hnid = OBJ_obj2nid(alg1->algorithm);503 if (hnid == NID_undef)504 return -1;505 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))506 return -1;507 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);508 }509 return 1;510 511 case ASN1_PKEY_CTRL_CMS_ENVELOPE:512 if (arg1 == 1)513 return ecdh_cms_decrypt(arg2);514 else if (arg1 == 0)515 return ecdh_cms_encrypt(arg2);516 return -2;517 518 case ASN1_PKEY_CTRL_CMS_RI_TYPE:519 *(int *)arg2 = CMS_RECIPINFO_AGREE;520 return 1;521 #endif522 523 407 case ASN1_PKEY_CTRL_DEFAULT_MD_NID: 524 if (EVP_PKEY_ id(pkey) == EVP_PKEY_SM2) {408 if (EVP_PKEY_get_id(pkey) == EVP_PKEY_SM2) { 525 409 /* For SM2, the only valid digest-alg is SM3 */ 526 410 *(int *)arg2 = NID_sm3; 527 } else { 528 *(int *)arg2 = NID_sha256; 411 return 2; /* Make it mandatory */ 529 412 } 413 *(int *)arg2 = NID_sha256; 530 414 return 1; 531 415 532 416 case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: 533 return EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(pkey), arg2, arg1, NULL); 417 /* We should only be here if we have a legacy key */ 418 if (!ossl_assert(evp_pkey_is_legacy(pkey))) 419 return 0; 420 return EC_KEY_oct2key(evp_pkey_get0_EC_KEY_int(pkey), arg2, arg1, NULL); 534 421 535 422 case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: … … 539 426 default: 540 427 return -2; 541 542 } 543 428 } 544 429 } 545 430 … … 550 435 /* stay consistent to what EVP_PKEY_check demands */ 551 436 if (eckey->priv_key == NULL) { 552 E Cerr(EC_F_EC_PKEY_CHECK, EC_R_MISSING_PRIVATE_KEY);437 ERR_raise(ERR_LIB_EC, EC_R_MISSING_PRIVATE_KEY); 553 438 return 0; 554 439 } … … 579 464 /* stay consistent to what EVP_PKEY_check demands */ 580 465 if (eckey->group == NULL) { 581 E Cerr(EC_F_EC_PKEY_PARAM_CHECK, EC_R_MISSING_PARAMETERS);466 ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS); 582 467 return 0; 583 468 } … … 586 471 } 587 472 588 const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { 473 static 474 size_t ec_pkey_dirty_cnt(const EVP_PKEY *pkey) 475 { 476 return pkey->pkey.ec->dirty_cnt; 477 } 478 479 static 480 int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata, 481 OSSL_FUNC_keymgmt_import_fn *importer, 482 OSSL_LIB_CTX *libctx, const char *propq) 483 { 484 const EC_KEY *eckey = NULL; 485 const EC_GROUP *ecg = NULL; 486 unsigned char *pub_key_buf = NULL, *gen_buf = NULL; 487 size_t pub_key_buflen; 488 OSSL_PARAM_BLD *tmpl; 489 OSSL_PARAM *params = NULL; 490 const BIGNUM *priv_key = NULL; 491 const EC_POINT *pub_point = NULL; 492 int selection = 0; 493 int rv = 0; 494 BN_CTX *bnctx = NULL; 495 496 if (from == NULL 497 || (eckey = from->pkey.ec) == NULL 498 || (ecg = EC_KEY_get0_group(eckey)) == NULL) 499 return 0; 500 501 tmpl = OSSL_PARAM_BLD_new(); 502 if (tmpl == NULL) 503 return 0; 504 505 /* 506 * EC_POINT_point2buf() can generate random numbers in some 507 * implementations so we need to ensure we use the correct libctx. 508 */ 509 bnctx = BN_CTX_new_ex(libctx); 510 if (bnctx == NULL) 511 goto err; 512 BN_CTX_start(bnctx); 513 514 /* export the domain parameters */ 515 if (!ossl_ec_group_todata(ecg, tmpl, NULL, libctx, propq, bnctx, &gen_buf)) 516 goto err; 517 selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS; 518 519 priv_key = EC_KEY_get0_private_key(eckey); 520 pub_point = EC_KEY_get0_public_key(eckey); 521 522 if (pub_point != NULL) { 523 /* convert pub_point to a octet string according to the SECG standard */ 524 if ((pub_key_buflen = EC_POINT_point2buf(ecg, pub_point, 525 POINT_CONVERSION_COMPRESSED, 526 &pub_key_buf, bnctx)) == 0 527 || !OSSL_PARAM_BLD_push_octet_string(tmpl, 528 OSSL_PKEY_PARAM_PUB_KEY, 529 pub_key_buf, 530 pub_key_buflen)) 531 goto err; 532 selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; 533 } 534 535 if (priv_key != NULL) { 536 size_t sz; 537 int ecbits; 538 int ecdh_cofactor_mode; 539 540 /* 541 * Key import/export should never leak the bit length of the secret 542 * scalar in the key. 543 * 544 * For this reason, on export we use padded BIGNUMs with fixed length. 545 * 546 * When importing we also should make sure that, even if short lived, 547 * the newly created BIGNUM is marked with the BN_FLG_CONSTTIME flag as 548 * soon as possible, so that any processing of this BIGNUM might opt for 549 * constant time implementations in the backend. 550 * 551 * Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have 552 * to preallocate the BIGNUM internal buffer to a fixed public size big 553 * enough that operations performed during the processing never trigger 554 * a realloc which would leak the size of the scalar through memory 555 * accesses. 556 * 557 * Fixed Length 558 * ------------ 559 * 560 * The order of the large prime subgroup of the curve is our choice for 561 * a fixed public size, as that is generally the upper bound for 562 * generating a private key in EC cryptosystems and should fit all valid 563 * secret scalars. 564 * 565 * For padding on export we just use the bit length of the order 566 * converted to bytes (rounding up). 567 * 568 * For preallocating the BIGNUM storage we look at the number of "words" 569 * required for the internal representation of the order, and we 570 * preallocate 2 extra "words" in case any of the subsequent processing 571 * might temporarily overflow the order length. 572 */ 573 ecbits = EC_GROUP_order_bits(ecg); 574 if (ecbits <= 0) 575 goto err; 576 577 sz = (ecbits + 7 ) / 8; 578 if (!OSSL_PARAM_BLD_push_BN_pad(tmpl, 579 OSSL_PKEY_PARAM_PRIV_KEY, 580 priv_key, sz)) 581 goto err; 582 selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY; 583 584 /* 585 * The ECDH Cofactor Mode is defined only if the EC_KEY actually 586 * contains a private key, so we check for the flag and export it only 587 * in this case. 588 */ 589 ecdh_cofactor_mode = 590 (EC_KEY_get_flags(eckey) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; 591 592 /* Export the ECDH_COFACTOR_MODE parameter */ 593 if (!OSSL_PARAM_BLD_push_int(tmpl, 594 OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, 595 ecdh_cofactor_mode)) 596 goto err; 597 selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS; 598 } 599 600 params = OSSL_PARAM_BLD_to_param(tmpl); 601 602 /* We export, the provider imports */ 603 rv = importer(to_keydata, selection, params); 604 605 err: 606 OSSL_PARAM_BLD_free(tmpl); 607 OSSL_PARAM_free(params); 608 OPENSSL_free(pub_key_buf); 609 OPENSSL_free(gen_buf); 610 BN_CTX_end(bnctx); 611 BN_CTX_free(bnctx); 612 return rv; 613 } 614 615 static int ec_pkey_import_from(const OSSL_PARAM params[], void *vpctx) 616 { 617 EVP_PKEY_CTX *pctx = vpctx; 618 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); 619 EC_KEY *ec = EC_KEY_new_ex(pctx->libctx, pctx->propquery); 620 621 if (ec == NULL) { 622 ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); 623 return 0; 624 } 625 626 if (!ossl_ec_group_fromdata(ec, params) 627 || !ossl_ec_key_otherparams_fromdata(ec, params) 628 || !ossl_ec_key_fromdata(ec, params, 1) 629 || !EVP_PKEY_assign_EC_KEY(pkey, ec)) { 630 EC_KEY_free(ec); 631 return 0; 632 } 633 return 1; 634 } 635 636 static int ec_pkey_copy(EVP_PKEY *to, EVP_PKEY *from) 637 { 638 EC_KEY *eckey = from->pkey.ec; 639 EC_KEY *dupkey = NULL; 640 int ret; 641 642 if (eckey != NULL) { 643 dupkey = EC_KEY_dup(eckey); 644 if (dupkey == NULL) 645 return 0; 646 } else { 647 /* necessary to properly copy empty SM2 keys */ 648 return EVP_PKEY_set_type(to, from->type); 649 } 650 651 ret = EVP_PKEY_assign_EC_KEY(to, dupkey); 652 if (!ret) 653 EC_KEY_free(dupkey); 654 return ret; 655 } 656 657 const EVP_PKEY_ASN1_METHOD ossl_eckey_asn1_meth = { 589 658 EVP_PKEY_EC, 590 659 EVP_PKEY_EC, … … 598 667 eckey_pub_print, 599 668 600 eckey_priv_decode,669 NULL, 601 670 eckey_priv_encode, 602 671 eckey_priv_print, … … 623 692 ec_pkey_check, 624 693 ec_pkey_public_check, 625 ec_pkey_param_check 694 ec_pkey_param_check, 695 696 0, /* set_priv_key */ 697 0, /* set_pub_key */ 698 0, /* get_priv_key */ 699 0, /* get_pub_key */ 700 701 ec_pkey_dirty_cnt, 702 ec_pkey_export_to, 703 ec_pkey_import_from, 704 ec_pkey_copy, 705 eckey_priv_decode_ex 626 706 }; 627 707 628 708 #if !defined(OPENSSL_NO_SM2) 629 const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = {709 const EVP_PKEY_ASN1_METHOD ossl_sm2_asn1_meth = { 630 710 EVP_PKEY_SM2, 631 711 EVP_PKEY_EC, … … 646 726 return do_EC_KEY_print(bp, x, 4, EC_KEY_PRINT_PARAM); 647 727 } 648 649 #ifndef OPENSSL_NO_CMS650 651 static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx,652 X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)653 {654 const ASN1_OBJECT *aoid;655 int atype;656 const void *aval;657 int rv = 0;658 EVP_PKEY *pkpeer = NULL;659 EC_KEY *ecpeer = NULL;660 const unsigned char *p;661 int plen;662 X509_ALGOR_get0(&aoid, &atype, &aval, alg);663 if (OBJ_obj2nid(aoid) != NID_X9_62_id_ecPublicKey)664 goto err;665 /* If absent parameters get group from main key */666 if (atype == V_ASN1_UNDEF || atype == V_ASN1_NULL) {667 const EC_GROUP *grp;668 EVP_PKEY *pk;669 pk = EVP_PKEY_CTX_get0_pkey(pctx);670 if (!pk)671 goto err;672 grp = EC_KEY_get0_group(pk->pkey.ec);673 ecpeer = EC_KEY_new();674 if (ecpeer == NULL)675 goto err;676 if (!EC_KEY_set_group(ecpeer, grp))677 goto err;678 } else {679 ecpeer = eckey_type2param(atype, aval);680 if (!ecpeer)681 goto err;682 }683 /* We have parameters now set public key */684 plen = ASN1_STRING_length(pubkey);685 p = ASN1_STRING_get0_data(pubkey);686 if (!p || !plen)687 goto err;688 if (!o2i_ECPublicKey(&ecpeer, &p, plen))689 goto err;690 pkpeer = EVP_PKEY_new();691 if (pkpeer == NULL)692 goto err;693 EVP_PKEY_set1_EC_KEY(pkpeer, ecpeer);694 if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)695 rv = 1;696 err:697 EC_KEY_free(ecpeer);698 EVP_PKEY_free(pkpeer);699 return rv;700 }701 702 /* Set KDF parameters based on KDF NID */703 static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid)704 {705 int kdf_nid, kdfmd_nid, cofactor;706 const EVP_MD *kdf_md;707 if (eckdf_nid == NID_undef)708 return 0;709 710 /* Lookup KDF type, cofactor mode and digest */711 if (!OBJ_find_sigid_algs(eckdf_nid, &kdfmd_nid, &kdf_nid))712 return 0;713 714 if (kdf_nid == NID_dh_std_kdf)715 cofactor = 0;716 else if (kdf_nid == NID_dh_cofactor_kdf)717 cofactor = 1;718 else719 return 0;720 721 if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)722 return 0;723 724 if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)725 return 0;726 727 kdf_md = EVP_get_digestbynid(kdfmd_nid);728 if (!kdf_md)729 return 0;730 731 if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0)732 return 0;733 return 1;734 }735 736 static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)737 {738 int rv = 0;739 740 X509_ALGOR *alg, *kekalg = NULL;741 ASN1_OCTET_STRING *ukm;742 const unsigned char *p;743 unsigned char *der = NULL;744 int plen, keylen;745 const EVP_CIPHER *kekcipher;746 EVP_CIPHER_CTX *kekctx;747 748 if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))749 return 0;750 751 if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {752 ECerr(EC_F_ECDH_CMS_SET_SHARED_INFO, EC_R_KDF_PARAMETER_ERROR);753 return 0;754 }755 756 if (alg->parameter->type != V_ASN1_SEQUENCE)757 return 0;758 759 p = alg->parameter->value.sequence->data;760 plen = alg->parameter->value.sequence->length;761 kekalg = d2i_X509_ALGOR(NULL, &p, plen);762 if (!kekalg)763 goto err;764 kekctx = CMS_RecipientInfo_kari_get0_ctx(ri);765 if (!kekctx)766 goto err;767 kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);768 if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)769 goto err;770 if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))771 goto err;772 if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0)773 goto err;774 775 keylen = EVP_CIPHER_CTX_key_length(kekctx);776 if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0)777 goto err;778 779 plen = CMS_SharedInfo_encode(&der, kekalg, ukm, keylen);780 781 if (!plen)782 goto err;783 784 if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, der, plen) <= 0)785 goto err;786 der = NULL;787 788 rv = 1;789 err:790 X509_ALGOR_free(kekalg);791 OPENSSL_free(der);792 return rv;793 }794 795 static int ecdh_cms_decrypt(CMS_RecipientInfo *ri)796 {797 EVP_PKEY_CTX *pctx;798 pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);799 if (!pctx)800 return 0;801 /* See if we need to set peer key */802 if (!EVP_PKEY_CTX_get0_peerkey(pctx)) {803 X509_ALGOR *alg;804 ASN1_BIT_STRING *pubkey;805 if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey,806 NULL, NULL, NULL))807 return 0;808 if (!alg || !pubkey)809 return 0;810 if (!ecdh_cms_set_peerkey(pctx, alg, pubkey)) {811 ECerr(EC_F_ECDH_CMS_DECRYPT, EC_R_PEER_KEY_ERROR);812 return 0;813 }814 }815 /* Set ECDH derivation parameters and initialise unwrap context */816 if (!ecdh_cms_set_shared_info(pctx, ri)) {817 ECerr(EC_F_ECDH_CMS_DECRYPT, EC_R_SHARED_INFO_ERROR);818 return 0;819 }820 return 1;821 }822 823 static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)824 {825 EVP_PKEY_CTX *pctx;826 EVP_PKEY *pkey;827 EVP_CIPHER_CTX *ctx;828 int keylen;829 X509_ALGOR *talg, *wrap_alg = NULL;830 const ASN1_OBJECT *aoid;831 ASN1_BIT_STRING *pubkey;832 ASN1_STRING *wrap_str;833 ASN1_OCTET_STRING *ukm;834 unsigned char *penc = NULL;835 int penclen;836 int rv = 0;837 int ecdh_nid, kdf_type, kdf_nid, wrap_nid;838 const EVP_MD *kdf_md;839 pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);840 if (!pctx)841 return 0;842 /* Get ephemeral key */843 pkey = EVP_PKEY_CTX_get0_pkey(pctx);844 if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey,845 NULL, NULL, NULL))846 goto err;847 X509_ALGOR_get0(&aoid, NULL, NULL, talg);848 /* Is everything uninitialised? */849 if (aoid == OBJ_nid2obj(NID_undef)) {850 851 EC_KEY *eckey = pkey->pkey.ec;852 /* Set the key */853 unsigned char *p;854 855 penclen = i2o_ECPublicKey(eckey, NULL);856 if (penclen <= 0)857 goto err;858 penc = OPENSSL_malloc(penclen);859 if (penc == NULL)860 goto err;861 p = penc;862 penclen = i2o_ECPublicKey(eckey, &p);863 if (penclen <= 0)864 goto err;865 ASN1_STRING_set0(pubkey, penc, penclen);866 pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);867 pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;868 869 penc = NULL;870 X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey),871 V_ASN1_UNDEF, NULL);872 }873 874 /* See if custom parameters set */875 kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx);876 if (kdf_type <= 0)877 goto err;878 if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md))879 goto err;880 ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx);881 if (ecdh_nid < 0)882 goto err;883 else if (ecdh_nid == 0)884 ecdh_nid = NID_dh_std_kdf;885 else if (ecdh_nid == 1)886 ecdh_nid = NID_dh_cofactor_kdf;887 888 if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {889 kdf_type = EVP_PKEY_ECDH_KDF_X9_63;890 if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)891 goto err;892 } else893 /* Unknown KDF */894 goto err;895 if (kdf_md == NULL) {896 /* Fixme later for better MD */897 kdf_md = EVP_sha1();898 if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0)899 goto err;900 }901 902 if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm))903 goto err;904 905 /* Lookup NID for KDF+cofactor+digest */906 907 if (!OBJ_find_sigid_by_algs(&kdf_nid, EVP_MD_type(kdf_md), ecdh_nid))908 goto err;909 /* Get wrap NID */910 ctx = CMS_RecipientInfo_kari_get0_ctx(ri);911 wrap_nid = EVP_CIPHER_CTX_type(ctx);912 keylen = EVP_CIPHER_CTX_key_length(ctx);913 914 /* Package wrap algorithm in an AlgorithmIdentifier */915 916 wrap_alg = X509_ALGOR_new();917 if (wrap_alg == NULL)918 goto err;919 wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);920 wrap_alg->parameter = ASN1_TYPE_new();921 if (wrap_alg->parameter == NULL)922 goto err;923 if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)924 goto err;925 if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) {926 ASN1_TYPE_free(wrap_alg->parameter);927 wrap_alg->parameter = NULL;928 }929 930 if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0)931 goto err;932 933 penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen);934 935 if (!penclen)936 goto err;937 938 if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0)939 goto err;940 penc = NULL;941 942 /*943 * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter944 * of another AlgorithmIdentifier.945 */946 penclen = i2d_X509_ALGOR(wrap_alg, &penc);947 if (!penc || !penclen)948 goto err;949 wrap_str = ASN1_STRING_new();950 if (wrap_str == NULL)951 goto err;952 ASN1_STRING_set0(wrap_str, penc, penclen);953 penc = NULL;954 X509_ALGOR_set0(talg, OBJ_nid2obj(kdf_nid), V_ASN1_SEQUENCE, wrap_str);955 956 rv = 1;957 958 err:959 OPENSSL_free(penc);960 X509_ALGOR_free(wrap_alg);961 return rv;962 }963 964 #endif -
trunk/src/libs/openssl-3.0.1/crypto/ec/ec_asn1.c
r91772 r94082 2 2 * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at 7 7 * https://www.openssl.org/source/license.html 8 8 */ 9 10 /* 11 * ECDSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 9 15 10 16 #include <string.h> … … 14 20 #include <openssl/objects.h> 15 21 #include "internal/nelem.h" 16 17 int EC_GROUP_get_basis_type(const EC_GROUP *group) 18 { 19 int i; 20 21 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 22 NID_X9_62_characteristic_two_field) 23 /* everything else is currently not supported */ 24 return 0; 25 26 /* Find the last non-zero element of group->poly[] */ 27 for (i = 0; 28 i < (int)OSSL_NELEM(group->poly) && group->poly[i] != 0; 29 i++) 30 continue; 31 32 if (i == 4) 33 return NID_X9_62_ppBasis; 34 else if (i == 2) 35 return NID_X9_62_tpBasis; 36 else 37 /* everything else is currently not supported */ 38 return 0; 39 } 40 41 #ifndef OPENSSL_NO_EC2M 42 int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k) 43 { 44 if (group == NULL) 45 return 0; 46 47 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 48 NID_X9_62_characteristic_two_field 49 || !((group->poly[0] != 0) && (group->poly[1] != 0) 50 && (group->poly[2] == 0))) { 51 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, 52 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 53 return 0; 54 } 55 56 if (k) 57 *k = group->poly[1]; 58 59 return 1; 60 } 61 62 int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, 63 unsigned int *k2, unsigned int *k3) 64 { 65 if (group == NULL) 66 return 0; 67 68 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != 69 NID_X9_62_characteristic_two_field 70 || !((group->poly[0] != 0) && (group->poly[1] != 0) 71 && (group->poly[2] != 0) && (group->poly[3] != 0) 72 && (group->poly[4] == 0))) { 73 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, 74 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 75 return 0; 76 } 77 78 if (k1) 79 *k1 = group->poly[3]; 80 if (k2) 81 *k2 = group->poly[2]; 82 if (k3) 83 *k3 = group->poly[1]; 84 85 return 1; 86 } 87 #endif 22 #include "crypto/asn1_dsa.h" 23 24 #ifndef FIPS_MODULE 88 25 89 26 /* some structures needed for the asn1 encoding */ … … 224 161 } ASN1_CHOICE_END(ECPKPARAMETERS) 225 162 226 DECLARE_ASN1_FUNCTIONS _const(ECPKPARAMETERS)227 DECLARE_ASN1_ENCODE_FUNCTIONS_ const(ECPKPARAMETERS, ECPKPARAMETERS)228 IMPLEMENT_ASN1_FUNCTIONS _const(ECPKPARAMETERS)163 DECLARE_ASN1_FUNCTIONS(ECPKPARAMETERS) 164 DECLARE_ASN1_ENCODE_FUNCTIONS_name(ECPKPARAMETERS, ECPKPARAMETERS) 165 IMPLEMENT_ASN1_FUNCTIONS(ECPKPARAMETERS) 229 166 230 167 ASN1_SEQUENCE(EC_PRIVATEKEY) = { … … 235 172 } static_ASN1_SEQUENCE_END(EC_PRIVATEKEY) 236 173 237 DECLARE_ASN1_FUNCTIONS _const(EC_PRIVATEKEY)238 DECLARE_ASN1_ENCODE_FUNCTIONS_ const(EC_PRIVATEKEY, EC_PRIVATEKEY)239 IMPLEMENT_ASN1_FUNCTIONS _const(EC_PRIVATEKEY)174 DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY) 175 DECLARE_ASN1_ENCODE_FUNCTIONS_name(EC_PRIVATEKEY, EC_PRIVATEKEY) 176 IMPLEMENT_ASN1_FUNCTIONS(EC_PRIVATEKEY) 240 177 241 178 /* some declarations of internal function */ … … 260 197 ASN1_TYPE_free(field->p.other); 261 198 262 nid = EC_ METHOD_get_field_type(EC_GROUP_method_of(group));199 nid = EC_GROUP_get_field_type(group); 263 200 /* set OID for the field */ 264 201 if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { 265 E Cerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);202 ERR_raise(ERR_LIB_EC, ERR_R_OBJ_LIB); 266 203 goto err; 267 204 } … … 269 206 if (nid == NID_X9_62_prime_field) { 270 207 if ((tmp = BN_new()) == NULL) { 271 E Cerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);208 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 272 209 goto err; 273 210 } 274 211 /* the parameters are specified by the prime number p */ 275 212 if (!EC_GROUP_get_curve(group, tmp, NULL, NULL, NULL)) { 276 E Cerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);213 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 277 214 goto err; 278 215 } … … 280 217 field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL); 281 218 if (field->p.prime == NULL) { 282 E Cerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);219 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 283 220 goto err; 284 221 } … … 286 223 #ifdef OPENSSL_NO_EC2M 287 224 { 288 E Cerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED);225 ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); 289 226 goto err; 290 227 } … … 298 235 299 236 if (char_two == NULL) { 300 E Cerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);237 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 301 238 goto err; 302 239 } … … 307 244 308 245 if (field_type == 0) { 309 E Cerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);246 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 310 247 goto err; 311 248 } 312 249 /* set base type OID */ 313 250 if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) { 314 E Cerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);251 ERR_raise(ERR_LIB_EC, ERR_R_OBJ_LIB); 315 252 goto err; 316 253 } … … 324 261 char_two->p.tpBasis = ASN1_INTEGER_new(); 325 262 if (char_two->p.tpBasis == NULL) { 326 E Cerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);263 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 327 264 goto err; 328 265 } 329 266 if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) { 330 E Cerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);267 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 331 268 goto err; 332 269 } … … 339 276 char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); 340 277 if (char_two->p.ppBasis == NULL) { 341 E Cerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);278 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 342 279 goto err; 343 280 } … … 352 289 char_two->p.onBasis = ASN1_NULL_new(); 353 290 if (char_two->p.onBasis == NULL) { 354 E Cerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);291 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 355 292 goto err; 356 293 } … … 359 296 #endif 360 297 else { 361 E Cerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_UNSUPPORTED_FIELD);298 ERR_raise(ERR_LIB_EC, EC_R_UNSUPPORTED_FIELD); 362 299 goto err; 363 300 } … … 381 318 382 319 if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) { 383 E Cerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);320 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 384 321 goto err; 385 322 } … … 387 324 /* get a and b */ 388 325 if (!EC_GROUP_get_curve(group, NULL, tmp_1, tmp_2, NULL)) { 389 E Cerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);326 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 390 327 goto err; 391 328 } … … 399 336 if ((a_buf = OPENSSL_malloc(len)) == NULL 400 337 || (b_buf = OPENSSL_malloc(len)) == NULL) { 401 E Cerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);338 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 402 339 goto err; 403 340 } 404 341 if (BN_bn2binpad(tmp_1, a_buf, len) < 0 405 342 || BN_bn2binpad(tmp_2, b_buf, len) < 0) { 406 E Cerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);343 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 407 344 goto err; 408 345 } … … 411 348 if (!ASN1_OCTET_STRING_set(curve->a, a_buf, len) 412 349 || !ASN1_OCTET_STRING_set(curve->b, b_buf, len)) { 413 E Cerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);350 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 414 351 goto err; 415 352 } … … 419 356 if (!curve->seed) 420 357 if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) { 421 E Cerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);358 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 422 359 goto err; 423 360 } … … 426 363 if (!ASN1_BIT_STRING_set(curve->seed, group->seed, 427 364 (int)group->seed_len)) { 428 E Cerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);365 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 429 366 goto err; 430 367 } … … 445 382 446 383 ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, 447 384 ECPARAMETERS *params) 448 385 { 449 386 size_t len = 0; … … 457 394 if (params == NULL) { 458 395 if ((ret = ECPARAMETERS_new()) == NULL) { 459 E Cerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_MALLOC_FAILURE);396 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 460 397 goto err; 461 398 } … … 468 405 /* set the fieldID */ 469 406 if (!ec_asn1_group2fieldid(group, ret->fieldID)) { 470 E Cerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);407 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 471 408 goto err; 472 409 } … … 474 411 /* set the curve */ 475 412 if (!ec_asn1_group2curve(group, ret->curve)) { 476 E Cerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);413 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 477 414 goto err; 478 415 } … … 480 417 /* set the base point */ 481 418 if ((point = EC_GROUP_get0_generator(group)) == NULL) { 482 E Cerr(EC_F_EC_GROUP_GET_ECPARAMETERS, EC_R_UNDEFINED_GENERATOR);419 ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR); 483 420 goto err; 484 421 } … … 488 425 len = EC_POINT_point2buf(group, point, form, &buffer, NULL); 489 426 if (len == 0) { 490 E Cerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);427 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 491 428 goto err; 492 429 } 493 430 if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) { 494 431 OPENSSL_free(buffer); 495 E Cerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_MALLOC_FAILURE);432 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 496 433 goto err; 497 434 } … … 501 438 tmp = EC_GROUP_get0_order(group); 502 439 if (tmp == NULL) { 503 E Cerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);440 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 504 441 goto err; 505 442 } … … 507 444 if (ret->order == NULL) { 508 445 ret->order = orig; 509 E Cerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);446 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 510 447 goto err; 511 448 } … … 517 454 if (ret->cofactor == NULL) { 518 455 ret->cofactor = orig; 519 E Cerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);456 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 520 457 goto err; 521 458 } … … 538 475 if (ret == NULL) { 539 476 if ((ret = ECPKPARAMETERS_new()) == NULL) { 540 E Cerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, ERR_R_MALLOC_FAILURE);477 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 541 478 return NULL; 542 479 } … … 549 486 } 550 487 551 if (EC_GROUP_get_asn1_flag(group) ) {488 if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) { 552 489 /* 553 490 * use the asn1 OID to describe the elliptic curve parameters … … 559 496 if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { 560 497 ASN1_OBJECT_free(asn1obj); 561 E Cerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, EC_R_MISSING_OID);498 ERR_raise(ERR_LIB_EC, EC_R_MISSING_OID); 562 499 ok = 0; 563 500 } else { … … 593 530 BN_CTX *ctx = NULL; 594 531 595 if (!params->fieldID || !params->fieldID->fieldType || 596 !params->fieldID->p.ptr) { 597 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR); 532 if (params->fieldID == NULL 533 || params->fieldID->fieldType == NULL 534 || params->fieldID->p.ptr == NULL) { 535 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 598 536 goto err; 599 537 } … … 605 543 * compatibility. 606 544 */ 607 if ( !params->curve || !params->curve->a ||608 !params->curve->a->data || !params->curve->b ||609 !params->curve->b->data) {610 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);545 if (params->curve == NULL 546 || params->curve->a == NULL || params->curve->a->data == NULL 547 || params->curve->b == NULL || params->curve->b->data == NULL) { 548 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 611 549 goto err; 612 550 } 613 551 a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); 614 552 if (a == NULL) { 615 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);553 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 616 554 goto err; 617 555 } 618 556 b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); 619 557 if (b == NULL) { 620 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);558 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 621 559 goto err; 622 560 } … … 627 565 #ifdef OPENSSL_NO_EC2M 628 566 { 629 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_GF2M_NOT_SUPPORTED);567 ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); 630 568 goto err; 631 569 } … … 638 576 field_bits = char_two->m; 639 577 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 640 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_FIELD_TOO_LARGE);578 ERR_raise(ERR_LIB_EC, EC_R_FIELD_TOO_LARGE); 641 579 goto err; 642 580 } 643 581 644 582 if ((p = BN_new()) == NULL) { 645 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);583 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 646 584 goto err; 647 585 } … … 654 592 655 593 if (!char_two->p.tpBasis) { 656 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);594 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 657 595 goto err; 658 596 } … … 661 599 662 600 if (!(char_two->m > tmp_long && tmp_long > 0)) { 663 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, 664 EC_R_INVALID_TRINOMIAL_BASIS); 601 ERR_raise(ERR_LIB_EC, EC_R_INVALID_TRINOMIAL_BASIS); 665 602 goto err; 666 603 } … … 677 614 678 615 penta = char_two->p.ppBasis; 679 if ( !penta) {680 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);616 if (penta == NULL) { 617 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 681 618 goto err; 682 619 } … … 685 622 (char_two->m > penta->k3 && penta->k3 > penta->k2 686 623 && penta->k2 > penta->k1 && penta->k1 > 0)) { 687 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, 688 EC_R_INVALID_PENTANOMIAL_BASIS); 624 ERR_raise(ERR_LIB_EC, EC_R_INVALID_PENTANOMIAL_BASIS); 689 625 goto err; 690 626 } … … 702 638 goto err; 703 639 } else if (tmp == NID_X9_62_onBasis) { 704 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_NOT_IMPLEMENTED);640 ERR_raise(ERR_LIB_EC, EC_R_NOT_IMPLEMENTED); 705 641 goto err; 706 642 } else { /* error */ 707 643 708 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);644 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 709 645 goto err; 710 646 } … … 717 653 /* we have a curve over a prime field */ 718 654 /* extract the prime number */ 719 if ( !params->fieldID->p.prime) {720 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);655 if (params->fieldID->p.prime == NULL) { 656 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 721 657 goto err; 722 658 } 723 659 p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); 724 660 if (p == NULL) { 725 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);661 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 726 662 goto err; 727 663 } 728 664 729 665 if (BN_is_negative(p) || BN_is_zero(p)) { 730 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_FIELD);666 ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); 731 667 goto err; 732 668 } … … 734 670 field_bits = BN_num_bits(p); 735 671 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 736 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_FIELD_TOO_LARGE);672 ERR_raise(ERR_LIB_EC, EC_R_FIELD_TOO_LARGE); 737 673 goto err; 738 674 } … … 741 677 ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); 742 678 } else { 743 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_FIELD);679 ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); 744 680 goto err; 745 681 } 746 682 747 683 if (ret == NULL) { 748 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);684 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 749 685 goto err; 750 686 } … … 754 690 OPENSSL_free(ret->seed); 755 691 if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) { 756 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);692 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 757 693 goto err; 758 694 } … … 766 702 || params->base->data == NULL 767 703 || params->base->length == 0) { 768 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);704 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 769 705 goto err; 770 706 } … … 780 716 if (!EC_POINT_oct2point(ret, point, params->base->data, 781 717 params->base->length, NULL)) { 782 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);718 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 783 719 goto err; 784 720 } … … 786 722 /* extract the order */ 787 723 if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) { 788 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);724 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 789 725 goto err; 790 726 } 791 727 if (BN_is_negative(a) || BN_is_zero(a)) { 792 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_GROUP_ORDER);728 ERR_raise(ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER); 793 729 goto err; 794 730 } 795 731 if (BN_num_bits(a) > (int)field_bits + 1) { /* Hasse bound */ 796 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_GROUP_ORDER);732 ERR_raise(ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER); 797 733 goto err; 798 734 } … … 803 739 b = NULL; 804 740 } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) { 805 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);741 ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); 806 742 goto err; 807 743 } 808 744 /* set the generator, order and cofactor (if present) */ 809 745 if (!EC_GROUP_set_generator(ret, point, a, b)) { 810 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);746 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 811 747 goto err; 812 748 } … … 825 761 */ 826 762 if ((ctx = BN_CTX_new()) == NULL) { 827 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);763 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 828 764 goto err; 829 765 } … … 831 767 || EC_GROUP_set_seed(dup, NULL, 0) != 1 832 768 || !EC_GROUP_set_generator(dup, point, a, NULL)) { 833 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);834 goto err; 835 } 836 if ((curve_name = ec_curve_nid_from_params(dup, ctx)) != NID_undef) {769 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 770 goto err; 771 } 772 if ((curve_name = ossl_ec_curve_nid_from_params(dup, ctx)) != NID_undef) { 837 773 /* 838 774 * The input explicit parameters successfully matched one of the … … 856 792 857 793 if ((named_group = EC_GROUP_new_by_curve_name(curve_name)) == NULL) { 858 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);794 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 859 795 goto err; 860 796 } … … 908 844 909 845 if (params == NULL) { 910 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_MISSING_PARAMETERS);846 ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS); 911 847 return NULL; 912 848 } … … 916 852 tmp = OBJ_obj2nid(params->value.named_curve); 917 853 if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { 918 ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, 919 EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); 854 ERR_raise(ERR_LIB_EC, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); 920 855 return NULL; 921 856 } … … 925 860 ret = EC_GROUP_new_from_ecparameters(params->value.parameters); 926 861 if (!ret) { 927 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, ERR_R_EC_LIB);862 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 928 863 return NULL; 929 864 } … … 933 868 return NULL; 934 869 } else { 935 E Cerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_ASN1_ERROR);870 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); 936 871 return NULL; 937 872 } … … 949 884 950 885 if ((params = d2i_ECPKPARAMETERS(NULL, &p, len)) == NULL) { 951 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);952 886 ECPKPARAMETERS_free(params); 953 887 return NULL; … … 955 889 956 890 if ((group = EC_GROUP_new_from_ecpkparameters(params)) == NULL) { 957 ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);958 891 ECPKPARAMETERS_free(params); 959 892 return NULL; … … 978 911 ECPKPARAMETERS *tmp = EC_GROUP_get_ecpkparameters(a, NULL); 979 912 if (tmp == NULL) { 980 E Cerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);913 ERR_raise(ERR_LIB_EC, EC_R_GROUP2PKPARAMETERS_FAILURE); 981 914 return 0; 982 915 } 983 916 if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) { 984 E Cerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);917 ERR_raise(ERR_LIB_EC, EC_R_I2D_ECPKPARAMETERS_FAILURE); 985 918 ECPKPARAMETERS_free(tmp); 986 919 return 0; … … 998 931 const unsigned char *p = *in; 999 932 1000 if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) { 1001 ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); 933 if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) 1002 934 return NULL; 1003 }1004 935 1005 936 if (a == NULL || *a == NULL) { 1006 937 if ((ret = EC_KEY_new()) == NULL) { 1007 E Cerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);938 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1008 939 goto err; 1009 940 } … … 1020 951 1021 952 if (ret->group == NULL) { 1022 E Cerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);953 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 1023 954 goto err; 1024 955 } … … 1032 963 goto err; 1033 964 } else { 1034 ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_MISSING_PRIVATE_KEY); 1035 goto err; 1036 } 965 ERR_raise(ERR_LIB_EC, EC_R_MISSING_PRIVATE_KEY); 966 goto err; 967 } 968 969 if (EC_GROUP_get_curve_name(ret->group) == NID_sm2) 970 EC_KEY_set_flags(ret, EC_FLAG_SM2_RANGE); 1037 971 1038 972 EC_POINT_clear_free(ret->pub_key); 1039 973 ret->pub_key = EC_POINT_new(ret->group); 1040 974 if (ret->pub_key == NULL) { 1041 E Cerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);975 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 1042 976 goto err; 1043 977 } … … 1050 984 pub_oct_len = ASN1_STRING_length(priv_key->publicKey); 1051 985 if (!EC_KEY_oct2key(ret, pub_oct, pub_oct_len, NULL)) { 1052 E Cerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);986 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 1053 987 goto err; 1054 988 } … … 1065 999 EC_PRIVATEKEY_free(priv_key); 1066 1000 *in = p; 1001 ret->dirty_cnt++; 1067 1002 return ret; 1068 1003 … … 1074 1009 } 1075 1010 1076 int i2d_ECPrivateKey( EC_KEY *a, unsigned char **out)1011 int i2d_ECPrivateKey(const EC_KEY *a, unsigned char **out) 1077 1012 { 1078 1013 int ret = 0, ok = 0; … … 1084 1019 if (a == NULL || a->group == NULL || 1085 1020 (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) { 1086 E Cerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);1021 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 1087 1022 goto err; 1088 1023 } 1089 1024 1090 1025 if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { 1091 E Cerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);1026 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1092 1027 goto err; 1093 1028 } … … 1098 1033 1099 1034 if (privlen == 0) { 1100 E Cerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);1035 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 1101 1036 goto err; 1102 1037 } … … 1109 1044 EC_GROUP_get_ecpkparameters(a->group, 1110 1045 priv_key->parameters)) == NULL) { 1111 E Cerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);1046 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 1112 1047 goto err; 1113 1048 } … … 1117 1052 priv_key->publicKey = ASN1_BIT_STRING_new(); 1118 1053 if (priv_key->publicKey == NULL) { 1119 E Cerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);1054 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1120 1055 goto err; 1121 1056 } … … 1124 1059 1125 1060 if (publen == 0) { 1126 E Cerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);1061 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 1127 1062 goto err; 1128 1063 } … … 1135 1070 1136 1071 if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) { 1137 E Cerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);1072 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 1138 1073 goto err; 1139 1074 } … … 1146 1081 } 1147 1082 1148 int i2d_ECParameters( EC_KEY *a, unsigned char **out)1083 int i2d_ECParameters(const EC_KEY *a, unsigned char **out) 1149 1084 { 1150 1085 if (a == NULL) { 1151 E Cerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);1086 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 1152 1087 return 0; 1153 1088 } … … 1160 1095 1161 1096 if (in == NULL || *in == NULL) { 1162 E Cerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);1097 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 1163 1098 return NULL; 1164 1099 } … … 1166 1101 if (a == NULL || *a == NULL) { 1167 1102 if ((ret = EC_KEY_new()) == NULL) { 1168 E Cerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);1103 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1169 1104 return NULL; 1170 1105 } … … 1173 1108 1174 1109 if (!d2i_ECPKParameters(&ret->group, in, len)) { 1175 ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);1176 1110 if (a == NULL || *a != ret) 1177 1111 EC_KEY_free(ret); 1112 else 1113 ret->dirty_cnt++; 1178 1114 return NULL; 1179 1115 } 1116 1117 if (EC_GROUP_get_curve_name(ret->group) == NID_sm2) 1118 EC_KEY_set_flags(ret, EC_FLAG_SM2_RANGE); 1119 1120 ret->dirty_cnt++; 1180 1121 1181 1122 if (a) … … 1193 1134 * sorry, but a EC_GROUP-structure is necessary to set the public key 1194 1135 */ 1195 E Cerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);1136 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 1196 1137 return 0; 1197 1138 } 1198 1139 ret = *a; 1140 /* EC_KEY_opt2key updates dirty_cnt */ 1199 1141 if (!EC_KEY_oct2key(ret, *in, len, NULL)) { 1200 E Cerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);1142 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 1201 1143 return 0; 1202 1144 } … … 1211 1153 1212 1154 if (a == NULL) { 1213 E Cerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);1155 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 1214 1156 return 0; 1215 1157 } … … 1224 1166 if (*out == NULL) { 1225 1167 if ((*out = OPENSSL_malloc(buf_len)) == NULL) { 1226 E Cerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);1168 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1227 1169 return 0; 1228 1170 } … … 1231 1173 if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, 1232 1174 *out, buf_len, NULL)) { 1233 E Cerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);1175 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 1234 1176 if (new_buffer) { 1235 1177 OPENSSL_free(*out); … … 1243 1185 } 1244 1186 1245 ASN1_SEQUENCE(ECDSA_SIG) = { 1246 ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM), 1247 ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM) 1248 } static_ASN1_SEQUENCE_END(ECDSA_SIG) 1249 1250 DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG) 1251 DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG) 1252 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSA_SIG, ECDSA_SIG, ECDSA_SIG) 1187 DECLARE_ASN1_FUNCTIONS(ECDSA_SIG) 1188 DECLARE_ASN1_ENCODE_FUNCTIONS_name(ECDSA_SIG, ECDSA_SIG) 1189 1190 #endif /* FIPS_MODULE */ 1253 1191 1254 1192 ECDSA_SIG *ECDSA_SIG_new(void) … … 1256 1194 ECDSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig)); 1257 1195 if (sig == NULL) 1258 E Cerr(EC_F_ECDSA_SIG_NEW, ERR_R_MALLOC_FAILURE);1196 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1259 1197 return sig; 1260 1198 } … … 1267 1205 BN_clear_free(sig->s); 1268 1206 OPENSSL_free(sig); 1207 } 1208 1209 ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **psig, const unsigned char **ppin, long len) 1210 { 1211 ECDSA_SIG *sig; 1212 1213 if (len < 0) 1214 return NULL; 1215 if (psig != NULL && *psig != NULL) { 1216 sig = *psig; 1217 } else { 1218 sig = ECDSA_SIG_new(); 1219 if (sig == NULL) 1220 return NULL; 1221 } 1222 if (sig->r == NULL) 1223 sig->r = BN_new(); 1224 if (sig->s == NULL) 1225 sig->s = BN_new(); 1226 if (sig->r == NULL || sig->s == NULL 1227 || ossl_decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) { 1228 if (psig == NULL || *psig == NULL) 1229 ECDSA_SIG_free(sig); 1230 return NULL; 1231 } 1232 if (psig != NULL && *psig == NULL) 1233 *psig = sig; 1234 return sig; 1235 } 1236 1237 int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **ppout) 1238 { 1239 BUF_MEM *buf = NULL; 1240 size_t encoded_len; 1241 WPACKET pkt; 1242 1243 if (ppout == NULL) { 1244 if (!WPACKET_init_null(&pkt, 0)) 1245 return -1; 1246 } else if (*ppout == NULL) { 1247 if ((buf = BUF_MEM_new()) == NULL 1248 || !WPACKET_init_len(&pkt, buf, 0)) { 1249 BUF_MEM_free(buf); 1250 return -1; 1251 } 1252 } else { 1253 if (!WPACKET_init_static_len(&pkt, *ppout, SIZE_MAX, 0)) 1254 return -1; 1255 } 1256 1257 if (!ossl_encode_der_dsa_sig(&pkt, sig->r, sig->s) 1258 || !WPACKET_get_total_written(&pkt, &encoded_len) 1259 || !WPACKET_finish(&pkt)) { 1260 BUF_MEM_free(buf); 1261 WPACKET_cleanup(&pkt); 1262 return -1; 1263 } 1264 1265 if (ppout != NULL) { 1266 if (*ppout == NULL) { 1267 *ppout = (unsigned char *)buf->data; 1268 buf->data = NULL; 1269 BUF_MEM_free(buf); 1270 } else { 1271 *ppout += encoded_len; 1272 } 1273 } 1274 1275 return (int)encoded_len; 1269 1276 } 1270 1277 … … 1298 1305 } 1299 1306 1300 int ECDSA_size(const EC_KEY *r) 1301 { 1302 int ret, i; 1303 ASN1_INTEGER bs; 1304 unsigned char buf[4]; 1307 int ECDSA_size(const EC_KEY *ec) 1308 { 1309 int ret; 1310 ECDSA_SIG sig; 1305 1311 const EC_GROUP *group; 1306 1307 if (r == NULL) 1312 const BIGNUM *bn; 1313 1314 if (ec == NULL) 1308 1315 return 0; 1309 group = EC_KEY_get0_group( r);1316 group = EC_KEY_get0_group(ec); 1310 1317 if (group == NULL) 1311 1318 return 0; 1312 1319 1313 i = EC_GROUP_order_bits(group);1314 if ( i == 0)1320 bn = EC_GROUP_get0_order(group); 1321 if (bn == NULL) 1315 1322 return 0; 1316 bs.length = (i + 7) / 8; 1317 bs.data = buf; 1318 bs.type = V_ASN1_INTEGER; 1319 /* If the top bit is set the asn1 encoding is 1 larger. */ 1320 buf[0] = 0xff; 1321 1322 i = i2d_ASN1_INTEGER(&bs, NULL); 1323 i += i; /* r and s */ 1324 ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); 1323 1324 sig.r = sig.s = (BIGNUM *)bn; 1325 ret = i2d_ECDSA_SIG(&sig, NULL); 1326 1325 1327 if (ret < 0) 1326 ret urn0;1328 ret = 0; 1327 1329 return ret; 1328 1330 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/ec_check.c
r91772 r94082 1 1 /* 2 * Copyright 2002-20 16The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at … … 8 8 */ 9 9 10 /* 11 * ECDSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 15 10 16 #include "ec_local.h" 11 17 #include <openssl/err.h> 12 18 19 int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only, 20 BN_CTX *ctx) 21 { 22 int nid; 23 BN_CTX *new_ctx = NULL; 24 25 if (group == NULL) { 26 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 27 return NID_undef; 28 } 29 30 if (ctx == NULL) { 31 ctx = new_ctx = BN_CTX_new_ex(NULL); 32 if (ctx == NULL) { 33 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 34 return NID_undef; 35 } 36 } 37 38 nid = ossl_ec_curve_nid_from_params(group, ctx); 39 if (nid > 0 && nist_only && EC_curve_nid2nist(nid) == NULL) 40 nid = NID_undef; 41 42 BN_CTX_free(new_ctx); 43 return nid; 44 } 45 13 46 int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) 14 47 { 48 #ifdef FIPS_MODULE 49 /* 50 * ECC domain parameter validation. 51 * See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b. 52 */ 53 return EC_GROUP_check_named_curve(group, 1, ctx) >= 0 ? 1 : 0; 54 #else 15 55 int ret = 0; 16 56 const BIGNUM *order; 17 57 BN_CTX *new_ctx = NULL; 18 58 EC_POINT *point = NULL; 59 60 if (group == NULL || group->meth == NULL) { 61 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 62 return 0; 63 } 19 64 20 65 /* Custom curves assumed to be correct */ … … 25 70 ctx = new_ctx = BN_CTX_new(); 26 71 if (ctx == NULL) { 27 E Cerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE);72 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 28 73 goto err; 29 74 } … … 32 77 /* check the discriminant */ 33 78 if (!EC_GROUP_check_discriminant(group, ctx)) { 34 E Cerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO);79 ERR_raise(ERR_LIB_EC, EC_R_DISCRIMINANT_IS_ZERO); 35 80 goto err; 36 81 } … … 38 83 /* check the generator */ 39 84 if (group->generator == NULL) { 40 E Cerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);85 ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR); 41 86 goto err; 42 87 } 43 88 if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) { 44 E Cerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);89 ERR_raise(ERR_LIB_EC, EC_R_POINT_IS_NOT_ON_CURVE); 45 90 goto err; 46 91 } … … 53 98 goto err; 54 99 if (BN_is_zero(order)) { 55 E Cerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER);100 ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_ORDER); 56 101 goto err; 57 102 } … … 60 105 goto err; 61 106 if (!EC_POINT_is_at_infinity(group, point)) { 62 E Cerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER);107 ERR_raise(ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER); 63 108 goto err; 64 109 } … … 70 115 EC_POINT_free(point); 71 116 return ret; 117 #endif /* FIPS_MODULE */ 72 118 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/ec_curve.c
r91772 r94082 1 1 /* 2 * Copyright 2002-20 19The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 9 9 */ 10 10 11 /* 12 * ECDSA low level APIs are deprecated for public use, but still ok for 13 * internal use. 14 */ 15 #include "internal/deprecated.h" 16 11 17 #include <string.h> 12 18 #include "ec_local.h" 13 19 #include <openssl/err.h> 14 20 #include <openssl/obj_mac.h> 21 #include <openssl/objects.h> 15 22 #include <openssl/opensslconf.h> 16 23 #include "internal/nelem.h" … … 194 201 }; 195 202 203 # ifndef FIPS_MODULE 196 204 /* the x9.62 prime curves (minus the nist prime curves) */ 197 205 static const struct { … … 372 380 } 373 381 }; 382 #endif /* FIPS_MODULE */ 374 383 375 384 static const struct { … … 411 420 }; 412 421 422 #ifndef FIPS_MODULE 413 423 /* the secg prime curves (minus the nist and x9.62 prime curves) */ 414 424 static const struct { … … 832 842 } 833 843 }; 844 #endif /* FIPS_MODULE */ 834 845 835 846 #ifndef OPENSSL_NO_EC2M 836 847 837 848 /* characteristic two curves */ 849 850 # ifndef FIPS_MODULE 838 851 static const struct { 839 852 EC_CURVE_DATA h; … … 963 976 } 964 977 }; 978 # endif /* FIPS_MODULE */ 965 979 966 980 static const struct { … … 994 1008 }; 995 1009 1010 # ifndef FIPS_MODULE 996 1011 static const struct { 997 1012 EC_CURVE_DATA h; … … 1022 1037 } 1023 1038 }; 1039 # endif /* FIPS_MODULE */ 1024 1040 1025 1041 static const struct { … … 1052 1068 }; 1053 1069 1070 # ifndef FIPS_MODULE 1054 1071 static const struct { 1055 1072 EC_CURVE_DATA h; … … 1127 1144 } 1128 1145 }; 1146 # endif /* FIPS_MODULE */ 1129 1147 1130 1148 static const struct { … … 1137 1155 { 1138 1156 /* no seed */ 1157 /* p */ 1139 1158 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1140 1159 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, … … 1201 1220 }; 1202 1221 1222 #ifndef FIPS_MODULE 1203 1223 static const struct { 1204 1224 EC_CURVE_DATA h; … … 1210 1230 { 1211 1231 /* no seed */ 1232 /* p */ 1212 1233 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 1213 1234 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, … … 1235 1256 } 1236 1257 }; 1258 # endif /* FIPS_MODULE */ 1237 1259 1238 1260 static const struct { … … 1245 1267 { 1246 1268 /* no seed */ 1269 /* p */ 1247 1270 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1248 1271 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, … … 1279 1302 }, 1280 1303 { 1281 /* noseed */1304 /* seed */ 1282 1305 0x77, 0xE2, 0xB0, 0x73, 0x70, 0xEB, 0x0F, 0x83, 0x2A, 0x6D, 0xD5, 0xB6, 1283 1306 0x2D, 0xFC, 0x88, 0xCD, 0x06, 0xBB, 0x84, 0xBE, … … 1517 1540 }; 1518 1541 1542 # ifndef FIPS_MODULE 1519 1543 static const struct { 1520 1544 EC_CURVE_DATA h; … … 2201 2225 } 2202 2226 }; 2203 2204 #endif 2227 # endif /* FIPS_MODULE */ 2228 #endif /* OPENSSL_NO_EC2M */ 2205 2229 2206 2230 /* … … 2212 2236 */ 2213 2237 2238 #ifndef FIPS_MODULE 2214 2239 static const struct { 2215 2240 EC_CURVE_DATA h; … … 2751 2776 } 2752 2777 }; 2753 2754 #ifndef OPENSSL_NO_SM2 2778 #endif /* FIPS_MODULE */ 2779 2780 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE) 2755 2781 static const struct { 2756 2782 EC_CURVE_DATA h; … … 2797 2823 const char *comment; 2798 2824 } ec_list_element; 2825 2826 #ifdef FIPS_MODULE 2827 static const ec_list_element curve_list[] = { 2828 /* prime field curves */ 2829 /* secg curves */ 2830 {NID_secp224r1, &_EC_NIST_PRIME_224.h, 2831 # if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) 2832 EC_GFp_nistp224_method, 2833 # else 2834 0, 2835 # endif 2836 "NIST/SECG curve over a 224 bit prime field"}, 2837 /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ 2838 {NID_secp384r1, &_EC_NIST_PRIME_384.h, 2839 # if defined(S390X_EC_ASM) 2840 EC_GFp_s390x_nistp384_method, 2841 # else 2842 0, 2843 # endif 2844 "NIST/SECG curve over a 384 bit prime field"}, 2845 2846 {NID_secp521r1, &_EC_NIST_PRIME_521.h, 2847 # if defined(S390X_EC_ASM) 2848 EC_GFp_s390x_nistp521_method, 2849 # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) 2850 EC_GFp_nistp521_method, 2851 # else 2852 0, 2853 # endif 2854 "NIST/SECG curve over a 521 bit prime field"}, 2855 2856 /* X9.62 curves */ 2857 {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, 2858 "NIST/X9.62/SECG curve over a 192 bit prime field"}, 2859 {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, 2860 # if defined(ECP_NISTZ256_ASM) 2861 EC_GFp_nistz256_method, 2862 # elif defined(S390X_EC_ASM) 2863 EC_GFp_s390x_nistp256_method, 2864 # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) 2865 EC_GFp_nistp256_method, 2866 # else 2867 0, 2868 # endif 2869 "X9.62/SECG curve over a 256 bit prime field"}, 2870 2871 # ifndef OPENSSL_NO_EC2M 2872 /* characteristic two field curves */ 2873 /* NIST/SECG curves */ 2874 {NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0, 2875 "NIST/SECG/WTLS curve over a 163 bit binary field"}, 2876 {NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0, 2877 "NIST/SECG curve over a 163 bit binary field"}, 2878 {NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0, 2879 "NIST/SECG/WTLS curve over a 233 bit binary field"}, 2880 {NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0, 2881 "NIST/SECG/WTLS curve over a 233 bit binary field"}, 2882 {NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0, 2883 "NIST/SECG curve over a 283 bit binary field"}, 2884 {NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0, 2885 "NIST/SECG curve over a 283 bit binary field"}, 2886 {NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0, 2887 "NIST/SECG curve over a 409 bit binary field"}, 2888 {NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0, 2889 "NIST/SECG curve over a 409 bit binary field"}, 2890 {NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0, 2891 "NIST/SECG curve over a 571 bit binary field"}, 2892 {NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0, 2893 "NIST/SECG curve over a 571 bit binary field"}, 2894 # endif 2895 }; 2896 2897 #else 2799 2898 2800 2899 static const ec_list_element curve_list[] = { … … 2820 2919 {NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0, 2821 2920 "SECG curve over a 224 bit prime field"}, 2822 # ifndef OPENSSL_NO_EC_NISTP_64_GCC_1282921 # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 2823 2922 {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, 2824 2923 "NIST/SECG curve over a 224 bit prime field"}, 2825 # else2924 # else 2826 2925 {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, 2827 2926 "NIST/SECG curve over a 224 bit prime field"}, 2828 # endif2927 # endif 2829 2928 {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, 2830 2929 "SECG curve over a 256 bit prime field"}, 2831 2930 /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ 2832 {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, 2931 {NID_secp384r1, &_EC_NIST_PRIME_384.h, 2932 # if defined(S390X_EC_ASM) 2933 EC_GFp_s390x_nistp384_method, 2934 # else 2935 0, 2936 # endif 2833 2937 "NIST/SECG curve over a 384 bit prime field"}, 2834 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 2835 {NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, 2938 {NID_secp521r1, &_EC_NIST_PRIME_521.h, 2939 # if defined(S390X_EC_ASM) 2940 EC_GFp_s390x_nistp521_method, 2941 # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) 2942 EC_GFp_nistp521_method, 2943 # else 2944 0, 2945 # endif 2836 2946 "NIST/SECG curve over a 521 bit prime field"}, 2837 #else2838 {NID_secp521r1, &_EC_NIST_PRIME_521.h, 0,2839 "NIST/SECG curve over a 521 bit prime field"},2840 #endif2841 2947 /* X9.62 curves */ 2842 2948 {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, … … 2853 2959 "X9.62 curve over a 239 bit prime field"}, 2854 2960 {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, 2855 # if defined(ECP_NISTZ256_ASM)2961 # if defined(ECP_NISTZ256_ASM) 2856 2962 EC_GFp_nistz256_method, 2857 #elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) 2963 # elif defined(S390X_EC_ASM) 2964 EC_GFp_s390x_nistp256_method, 2965 # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) 2858 2966 EC_GFp_nistp256_method, 2859 # else2967 # else 2860 2968 0, 2861 # endif2969 # endif 2862 2970 "X9.62/SECG curve over a 256 bit prime field"}, 2863 # ifndef OPENSSL_NO_EC2M2971 # ifndef OPENSSL_NO_EC2M 2864 2972 /* characteristic two field curves */ 2865 2973 /* NIST/SECG curves */ … … 2945 3053 {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, 2946 3054 "X9.62 curve over a 163 bit binary field"}, 2947 # endif3055 # endif 2948 3056 {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0, 2949 3057 "SECG/WTLS curve over a 112 bit prime field"}, … … 2954 3062 {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0, 2955 3063 "WTLS curve over a 160 bit prime field"}, 2956 # ifndef OPENSSL_NO_EC2M3064 # ifndef OPENSSL_NO_EC2M 2957 3065 {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0, 2958 3066 "NIST/SECG/WTLS curve over a 233 bit binary field"}, 2959 3067 {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0, 2960 3068 "NIST/SECG/WTLS curve over a 233 bit binary field"}, 2961 # endif3069 # endif 2962 3070 {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0, 2963 3071 "WTLS curve over a 224 bit prime field"}, 2964 # ifndef OPENSSL_NO_EC2M3072 # ifndef OPENSSL_NO_EC2M 2965 3073 /* IPSec curves */ 2966 3074 {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, … … 2970 3078 "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n" 2971 3079 "\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, 2972 # endif3080 # endif 2973 3081 /* brainpool curves */ 2974 3082 {NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0, … … 3000 3108 {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0, 3001 3109 "RFC 5639 curve over a 512 bit prime field"}, 3002 # ifndef OPENSSL_NO_SM23110 # ifndef OPENSSL_NO_SM2 3003 3111 {NID_sm2, &_EC_sm2p256v1.h, 0, 3004 3112 "SM2 curve over a 256 bit prime field"}, 3005 #endif 3006 }; 3113 # endif 3114 }; 3115 #endif /* FIPS_MODULE */ 3007 3116 3008 3117 #define curve_list_length OSSL_NELEM(curve_list) 3009 3118 3010 static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) 3119 static const ec_list_element *ec_curve_nid2curve(int nid) 3120 { 3121 size_t i; 3122 3123 if (nid <= 0) 3124 return NULL; 3125 3126 for (i = 0; i < curve_list_length; i++) { 3127 if (curve_list[i].nid == nid) 3128 return &curve_list[i]; 3129 } 3130 return NULL; 3131 } 3132 3133 static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx, 3134 const char *propq, 3135 const ec_list_element curve) 3011 3136 { 3012 3137 EC_GROUP *group = NULL; … … 3023 3148 /* If no curve data curve method must handle everything */ 3024 3149 if (curve.data == NULL) 3025 return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL); 3026 3027 if ((ctx = BN_CTX_new()) == NULL) { 3028 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); 3150 return ossl_ec_group_new_ex(libctx, propq, 3151 curve.meth != NULL ? curve.meth() : NULL); 3152 3153 if ((ctx = BN_CTX_new_ex(libctx)) == NULL) { 3154 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 3029 3155 goto err; 3030 3156 } … … 3039 3165 || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL 3040 3166 || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) { 3041 E Cerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);3167 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 3042 3168 goto err; 3043 3169 } … … 3045 3171 if (curve.meth != 0) { 3046 3172 meth = curve.meth(); 3047 if (((group = EC_GROUP_new(meth)) == NULL) ||3173 if (((group = ossl_ec_group_new_ex(libctx, propq, meth)) == NULL) || 3048 3174 (!(group->meth->group_set_curve(group, p, a, b, ctx)))) { 3049 E Cerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);3175 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 3050 3176 goto err; 3051 3177 } 3052 3178 } else if (data->field_type == NID_X9_62_prime_field) { 3053 3179 if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { 3054 E Cerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);3180 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 3055 3181 goto err; 3056 3182 } … … 3061 3187 3062 3188 if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { 3063 E Cerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);3189 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 3064 3190 goto err; 3065 3191 } … … 3070 3196 3071 3197 if ((P = EC_POINT_new(group)) == NULL) { 3072 E Cerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);3198 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 3073 3199 goto err; 3074 3200 } … … 3076 3202 if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL 3077 3203 || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) { 3078 E Cerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);3204 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 3079 3205 goto err; 3080 3206 } 3081 3207 if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) { 3082 E Cerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);3208 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 3083 3209 goto err; 3084 3210 } 3085 3211 if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL 3086 3212 || !BN_set_word(x, (BN_ULONG)data->cofactor)) { 3087 E Cerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);3213 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 3088 3214 goto err; 3089 3215 } 3090 3216 if (!EC_GROUP_set_generator(group, P, order, x)) { 3091 E Cerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);3217 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 3092 3218 goto err; 3093 3219 } 3094 3220 if (seed_len) { 3095 3221 if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) { 3096 E Cerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);3222 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 3097 3223 goto err; 3098 3224 } 3099 3225 } 3226 3227 #ifndef FIPS_MODULE 3228 if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) { 3229 /* 3230 * Some curves don't have an associated OID: for those we should not 3231 * default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and 3232 * instead set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`. 3233 * 3234 * Note that `OPENSSL_EC_NAMED_CURVE` is set as the default ASN1 flag on 3235 * `EC_GROUP_new()`, when we don't have enough elements to determine if 3236 * an OID for the curve name actually exists. 3237 * We could implement this check on `EC_GROUP_set_curve_name()` but 3238 * overloading the simple setter with this lookup could have a negative 3239 * performance impact and unexpected consequences. 3240 */ 3241 ASN1_OBJECT *asn1obj = OBJ_nid2obj(curve.nid); 3242 3243 if (asn1obj == NULL) { 3244 ERR_raise(ERR_LIB_EC, ERR_R_OBJ_LIB); 3245 goto err; 3246 } 3247 if (OBJ_length(asn1obj) == 0) 3248 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); 3249 3250 ASN1_OBJECT_free(asn1obj); 3251 } 3252 #else 3253 /* 3254 * Inside the FIPS module we do not support explicit curves anyway 3255 * so the above check is not necessary. 3256 * 3257 * Skipping it is also necessary because `OBJ_length()` and 3258 * `ASN1_OBJECT_free()` are not available within the FIPS module 3259 * boundaries. 3260 */ 3261 #endif 3262 3100 3263 ok = 1; 3101 3264 err: … … 3115 3278 } 3116 3279 3280 EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq, 3281 int nid) 3282 { 3283 EC_GROUP *ret = NULL; 3284 const ec_list_element *curve; 3285 3286 if ((curve = ec_curve_nid2curve(nid)) == NULL 3287 || (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) { 3288 #ifndef FIPS_MODULE 3289 ERR_raise_data(ERR_LIB_EC, EC_R_UNKNOWN_GROUP, 3290 "name=%s", OBJ_nid2sn(nid)); 3291 #else 3292 ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP); 3293 #endif 3294 return NULL; 3295 } 3296 3297 return ret; 3298 } 3299 3300 #ifndef FIPS_MODULE 3117 3301 EC_GROUP *EC_GROUP_new_by_curve_name(int nid) 3118 3302 { 3119 size_t i; 3120 EC_GROUP *ret = NULL; 3121 3122 if (nid <= 0) 3123 return NULL; 3124 3125 for (i = 0; i < curve_list_length; i++) 3126 if (curve_list[i].nid == nid) { 3127 ret = ec_group_new_from_data(curve_list[i]); 3128 break; 3129 } 3130 3131 if (ret == NULL) { 3132 ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP); 3133 return NULL; 3134 } 3135 3136 return ret; 3303 return EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid); 3137 3304 } 3305 #endif 3138 3306 3139 3307 size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) … … 3154 3322 } 3155 3323 3156 /* Functions to translate between common NIST curve names and NIDs */3157 3158 typedef struct {3159 const char *name; /* NIST Name of curve */3160 int nid; /* Curve NID */3161 } EC_NIST_NAME;3162 3163 static EC_NIST_NAME nist_curves[] = {3164 {"B-163", NID_sect163r2},3165 {"B-233", NID_sect233r1},3166 {"B-283", NID_sect283r1},3167 {"B-409", NID_sect409r1},3168 {"B-571", NID_sect571r1},3169 {"K-163", NID_sect163k1},3170 {"K-233", NID_sect233k1},3171 {"K-283", NID_sect283k1},3172 {"K-409", NID_sect409k1},3173 {"K-571", NID_sect571k1},3174 {"P-192", NID_X9_62_prime192v1},3175 {"P-224", NID_secp224r1},3176 {"P-256", NID_X9_62_prime256v1},3177 {"P-384", NID_secp384r1},3178 {"P-521", NID_secp521r1}3179 };3180 3181 3324 const char *EC_curve_nid2nist(int nid) 3182 3325 { 3183 size_t i; 3184 for (i = 0; i < OSSL_NELEM(nist_curves); i++) { 3185 if (nist_curves[i].nid == nid) 3186 return nist_curves[i].name; 3187 } 3188 return NULL; 3326 return ossl_ec_curve_nid2nist_int(nid); 3189 3327 } 3190 3328 3191 3329 int EC_curve_nist2nid(const char *name) 3192 3330 { 3193 size_t i; 3194 for (i = 0; i < OSSL_NELEM(nist_curves); i++) { 3195 if (strcmp(nist_curves[i].name, name) == 0) 3196 return nist_curves[i].nid; 3197 } 3198 return NID_undef; 3331 return ossl_ec_curve_nist2nid_int(name); 3199 3332 } 3200 3333 … … 3208 3341 * if not found. If there was an error it returns -1. 3209 3342 */ 3210 int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)3343 int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx) 3211 3344 { 3212 3345 int ret = -1, nid, len, field_type, param_len; … … 3216 3349 const EC_CURVE_DATA *data; 3217 3350 const EC_POINT *generator = NULL; 3218 const EC_METHOD *meth;3219 3351 const BIGNUM *cofactor = NULL; 3220 3352 /* An array of BIGNUMs for (p, a, b, x, y, order) */ 3221 3353 BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL}; 3222 3354 3223 meth = EC_GROUP_method_of(group);3224 if (meth == NULL)3225 return -1;3226 3355 /* Use the optional named curve nid as a search field */ 3227 3356 nid = EC_GROUP_get_curve_name(group); 3228 field_type = EC_ METHOD_get_field_type(meth);3357 field_type = EC_GROUP_get_field_type(group); 3229 3358 seed_len = EC_GROUP_get_seed_len(group); 3230 3359 seed = EC_GROUP_get0_seed(group); -
trunk/src/libs/openssl-3.0.1/crypto/ec/ec_cvt.c
r91772 r94082 1 1 /* 2 * Copyright 2001-20 18The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 9 9 */ 10 10 11 /* 12 * ECDSA low level APIs are deprecated for public use, but still ok for 13 * internal use. 14 */ 15 #include "internal/deprecated.h" 16 11 17 #include <openssl/err.h> 18 #include "crypto/bn.h" 12 19 #include "ec_local.h" 13 20 … … 48 55 #endif 49 56 50 ret = EC_GROUP_new(meth);57 ret = ossl_ec_group_new_ex(ossl_bn_get_libctx(ctx), NULL, meth); 51 58 if (ret == NULL) 52 59 return NULL; 53 60 54 61 if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) { 55 EC_GROUP_ clear_free(ret);62 EC_GROUP_free(ret); 56 63 return NULL; 57 64 } … … 69 76 meth = EC_GF2m_simple_method(); 70 77 71 ret = EC_GROUP_new(meth);78 ret = ossl_ec_group_new_ex(ossl_bn_get_libctx(ctx), NULL, meth); 72 79 if (ret == NULL) 73 80 return NULL; 74 81 75 82 if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) { 76 EC_GROUP_ clear_free(ret);83 EC_GROUP_free(ret); 77 84 return NULL; 78 85 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/ec_err.c
r91772 r94082 1 1 /* 2 2 * Generated by util/mkerr.pl DO NOT EDIT 3 * Copyright 1995-202 0The OpenSSL Project Authors. All Rights Reserved.3 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 11 11 #include <openssl/err.h> 12 12 #include <openssl/ecerr.h> 13 #include "crypto/ecerr.h" 13 14 14 #ifndef OPENSSL_NO_E RR15 #ifndef OPENSSL_NO_EC 15 16 16 static const ERR_STRING_DATA EC_str_functs[] = { 17 {ERR_PACK(ERR_LIB_EC, EC_F_BN_TO_FELEM, 0), "BN_to_felem"}, 18 {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPARAMETERS, 0), "d2i_ECParameters"}, 19 {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPKPARAMETERS, 0), "d2i_ECPKParameters"}, 20 {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPRIVATEKEY, 0), "d2i_ECPrivateKey"}, 21 {ERR_PACK(ERR_LIB_EC, EC_F_DO_EC_KEY_PRINT, 0), "do_EC_KEY_print"}, 22 {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_CMS_DECRYPT, 0), "ecdh_cms_decrypt"}, 23 {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_CMS_SET_SHARED_INFO, 0), 24 "ecdh_cms_set_shared_info"}, 25 {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_COMPUTE_KEY, 0), "ECDH_compute_key"}, 26 {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_SIMPLE_COMPUTE_KEY, 0), 27 "ecdh_simple_compute_key"}, 28 {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_SIGN_EX, 0), "ECDSA_do_sign_ex"}, 29 {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_VERIFY, 0), "ECDSA_do_verify"}, 30 {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_EX, 0), "ECDSA_sign_ex"}, 31 {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_SETUP, 0), "ECDSA_sign_setup"}, 32 {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIG_NEW, 0), "ECDSA_SIG_new"}, 33 {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_VERIFY, 0), "ECDSA_verify"}, 34 {ERR_PACK(ERR_LIB_EC, EC_F_ECD_ITEM_VERIFY, 0), "ecd_item_verify"}, 35 {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM2TYPE, 0), "eckey_param2type"}, 36 {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM_DECODE, 0), "eckey_param_decode"}, 37 {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PRIV_DECODE, 0), "eckey_priv_decode"}, 38 {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PRIV_ENCODE, 0), "eckey_priv_encode"}, 39 {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PUB_DECODE, 0), "eckey_pub_decode"}, 40 {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PUB_ENCODE, 0), "eckey_pub_encode"}, 41 {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_TYPE2PARAM, 0), "eckey_type2param"}, 42 {ERR_PACK(ERR_LIB_EC, EC_F_ECPARAMETERS_PRINT, 0), "ECParameters_print"}, 43 {ERR_PACK(ERR_LIB_EC, EC_F_ECPARAMETERS_PRINT_FP, 0), 44 "ECParameters_print_fp"}, 45 {ERR_PACK(ERR_LIB_EC, EC_F_ECPKPARAMETERS_PRINT, 0), 46 "ECPKParameters_print"}, 47 {ERR_PACK(ERR_LIB_EC, EC_F_ECPKPARAMETERS_PRINT_FP, 0), 48 "ECPKParameters_print_fp"}, 49 {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_GET_AFFINE, 0), 50 "ecp_nistz256_get_affine"}, 51 {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_INV_MOD_ORD, 0), 52 "ecp_nistz256_inv_mod_ord"}, 53 {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, 0), 54 "ecp_nistz256_mult_precompute"}, 55 {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_POINTS_MUL, 0), 56 "ecp_nistz256_points_mul"}, 57 {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_PRE_COMP_NEW, 0), 58 "ecp_nistz256_pre_comp_new"}, 59 {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_WINDOWED_MUL, 0), 60 "ecp_nistz256_windowed_mul"}, 61 {ERR_PACK(ERR_LIB_EC, EC_F_ECX_KEY_OP, 0), "ecx_key_op"}, 62 {ERR_PACK(ERR_LIB_EC, EC_F_ECX_PRIV_ENCODE, 0), "ecx_priv_encode"}, 63 {ERR_PACK(ERR_LIB_EC, EC_F_ECX_PUB_ENCODE, 0), "ecx_pub_encode"}, 64 {ERR_PACK(ERR_LIB_EC, EC_F_EC_ASN1_GROUP2CURVE, 0), "ec_asn1_group2curve"}, 65 {ERR_PACK(ERR_LIB_EC, EC_F_EC_ASN1_GROUP2FIELDID, 0), 66 "ec_asn1_group2fieldid"}, 67 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, 0), 68 "ec_GF2m_montgomery_point_multiply"}, 69 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_FIELD_INV, 0), 70 "ec_GF2m_simple_field_inv"}, 71 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0), 72 "ec_GF2m_simple_group_check_discriminant"}, 73 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, 0), 74 "ec_GF2m_simple_group_set_curve"}, 75 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_LADDER_POST, 0), 76 "ec_GF2m_simple_ladder_post"}, 77 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_LADDER_PRE, 0), 78 "ec_GF2m_simple_ladder_pre"}, 79 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_OCT2POINT, 0), 80 "ec_GF2m_simple_oct2point"}, 81 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT2OCT, 0), 82 "ec_GF2m_simple_point2oct"}, 83 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINTS_MUL, 0), 84 "ec_GF2m_simple_points_mul"}, 85 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, 0), 86 "ec_GF2m_simple_point_get_affine_coordinates"}, 87 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, 0), 88 "ec_GF2m_simple_point_set_affine_coordinates"}, 89 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, 0), 90 "ec_GF2m_simple_set_compressed_coordinates"}, 91 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_DECODE, 0), 92 "ec_GFp_mont_field_decode"}, 93 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_ENCODE, 0), 94 "ec_GFp_mont_field_encode"}, 95 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_INV, 0), 96 "ec_GFp_mont_field_inv"}, 97 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_MUL, 0), 98 "ec_GFp_mont_field_mul"}, 99 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, 0), 100 "ec_GFp_mont_field_set_to_one"}, 101 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_SQR, 0), 102 "ec_GFp_mont_field_sqr"}, 103 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_GROUP_SET_CURVE, 0), 104 "ec_GFp_mont_group_set_curve"}, 105 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE, 0), 106 "ec_GFp_nistp224_group_set_curve"}, 107 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_POINTS_MUL, 0), 108 "ec_GFp_nistp224_points_mul"}, 109 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES, 0), 110 "ec_GFp_nistp224_point_get_affine_coordinates"}, 111 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE, 0), 112 "ec_GFp_nistp256_group_set_curve"}, 113 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_POINTS_MUL, 0), 114 "ec_GFp_nistp256_points_mul"}, 115 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES, 0), 116 "ec_GFp_nistp256_point_get_affine_coordinates"}, 117 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE, 0), 118 "ec_GFp_nistp521_group_set_curve"}, 119 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_POINTS_MUL, 0), 120 "ec_GFp_nistp521_points_mul"}, 121 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, 0), 122 "ec_GFp_nistp521_point_get_affine_coordinates"}, 123 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_FIELD_MUL, 0), 124 "ec_GFp_nist_field_mul"}, 125 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_FIELD_SQR, 0), 126 "ec_GFp_nist_field_sqr"}, 127 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_GROUP_SET_CURVE, 0), 128 "ec_GFp_nist_group_set_curve"}, 129 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, 0), 130 "ec_GFp_simple_blind_coordinates"}, 131 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_FIELD_INV, 0), 132 "ec_GFp_simple_field_inv"}, 133 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0), 134 "ec_GFp_simple_group_check_discriminant"}, 135 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, 0), 136 "ec_GFp_simple_group_set_curve"}, 137 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, 0), 138 "ec_GFp_simple_make_affine"}, 139 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_OCT2POINT, 0), 140 "ec_GFp_simple_oct2point"}, 141 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT2OCT, 0), 142 "ec_GFp_simple_point2oct"}, 143 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, 0), 144 "ec_GFp_simple_points_make_affine"}, 145 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, 0), 146 "ec_GFp_simple_point_get_affine_coordinates"}, 147 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, 0), 148 "ec_GFp_simple_point_set_affine_coordinates"}, 149 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, 0), 150 "ec_GFp_simple_set_compressed_coordinates"}, 151 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_CHECK, 0), "EC_GROUP_check"}, 152 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_CHECK_DISCRIMINANT, 0), 153 "EC_GROUP_check_discriminant"}, 154 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_COPY, 0), "EC_GROUP_copy"}, 155 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE, 0), "EC_GROUP_get_curve"}, 156 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE_GF2M, 0), 157 "EC_GROUP_get_curve_GF2m"}, 158 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE_GFP, 0), 159 "EC_GROUP_get_curve_GFp"}, 160 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_DEGREE, 0), "EC_GROUP_get_degree"}, 161 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_ECPARAMETERS, 0), 162 "EC_GROUP_get_ecparameters"}, 163 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_ECPKPARAMETERS, 0), 164 "EC_GROUP_get_ecpkparameters"}, 165 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, 0), 166 "EC_GROUP_get_pentanomial_basis"}, 167 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, 0), 168 "EC_GROUP_get_trinomial_basis"}, 169 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW, 0), "EC_GROUP_new"}, 170 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_BY_CURVE_NAME, 0), 171 "EC_GROUP_new_by_curve_name"}, 172 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_DATA, 0), 173 "ec_group_new_from_data"}, 174 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, 0), 175 "EC_GROUP_new_from_ecparameters"}, 176 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, 0), 177 "EC_GROUP_new_from_ecpkparameters"}, 178 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE, 0), "EC_GROUP_set_curve"}, 179 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE_GF2M, 0), 180 "EC_GROUP_set_curve_GF2m"}, 181 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE_GFP, 0), 182 "EC_GROUP_set_curve_GFp"}, 183 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_GENERATOR, 0), 184 "EC_GROUP_set_generator"}, 185 {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_SEED, 0), "EC_GROUP_set_seed"}, 186 {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_CHECK_KEY, 0), "EC_KEY_check_key"}, 187 {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_COPY, 0), "EC_KEY_copy"}, 188 {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_GENERATE_KEY, 0), "EC_KEY_generate_key"}, 189 {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_NEW, 0), "EC_KEY_new"}, 190 {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_NEW_METHOD, 0), "EC_KEY_new_method"}, 191 {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_OCT2PRIV, 0), "EC_KEY_oct2priv"}, 192 {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT, 0), "EC_KEY_print"}, 193 {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT_FP, 0), "EC_KEY_print_fp"}, 194 {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2BUF, 0), "EC_KEY_priv2buf"}, 195 {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2OCT, 0), "EC_KEY_priv2oct"}, 196 {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, 0), 197 "EC_KEY_set_public_key_affine_coordinates"}, 198 {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_CHECK_KEY, 0), 199 "ec_key_simple_check_key"}, 200 {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_OCT2PRIV, 0), 201 "ec_key_simple_oct2priv"}, 202 {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_PRIV2OCT, 0), 203 "ec_key_simple_priv2oct"}, 204 {ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_CHECK, 0), "ec_pkey_check"}, 205 {ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_PARAM_CHECK, 0), "ec_pkey_param_check"}, 206 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MAKE_AFFINE, 0), 207 "EC_POINTs_make_affine"}, 208 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MUL, 0), "EC_POINTs_mul"}, 209 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_ADD, 0), "EC_POINT_add"}, 210 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_BN2POINT, 0), "EC_POINT_bn2point"}, 211 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_CMP, 0), "EC_POINT_cmp"}, 212 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_COPY, 0), "EC_POINT_copy"}, 213 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_DBL, 0), "EC_POINT_dbl"}, 214 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES, 0), 215 "EC_POINT_get_affine_coordinates"}, 216 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, 0), 217 "EC_POINT_get_affine_coordinates_GF2m"}, 218 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, 0), 219 "EC_POINT_get_affine_coordinates_GFp"}, 220 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, 0), 221 "EC_POINT_get_Jprojective_coordinates_GFp"}, 222 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_INVERT, 0), "EC_POINT_invert"}, 223 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_IS_AT_INFINITY, 0), 224 "EC_POINT_is_at_infinity"}, 225 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_IS_ON_CURVE, 0), 226 "EC_POINT_is_on_curve"}, 227 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_MAKE_AFFINE, 0), 228 "EC_POINT_make_affine"}, 229 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_NEW, 0), "EC_POINT_new"}, 230 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_OCT2POINT, 0), "EC_POINT_oct2point"}, 231 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2BUF, 0), "EC_POINT_point2buf"}, 232 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2OCT, 0), "EC_POINT_point2oct"}, 233 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES, 0), 234 "EC_POINT_set_affine_coordinates"}, 235 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, 0), 236 "EC_POINT_set_affine_coordinates_GF2m"}, 237 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, 0), 238 "EC_POINT_set_affine_coordinates_GFp"}, 239 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, 0), 240 "EC_POINT_set_compressed_coordinates"}, 241 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, 0), 242 "EC_POINT_set_compressed_coordinates_GF2m"}, 243 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, 0), 244 "EC_POINT_set_compressed_coordinates_GFp"}, 245 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, 0), 246 "EC_POINT_set_Jprojective_coordinates_GFp"}, 247 {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_TO_INFINITY, 0), 248 "EC_POINT_set_to_infinity"}, 249 {ERR_PACK(ERR_LIB_EC, EC_F_EC_PRE_COMP_NEW, 0), "ec_pre_comp_new"}, 250 {ERR_PACK(ERR_LIB_EC, EC_F_EC_SCALAR_MUL_LADDER, 0), 251 "ec_scalar_mul_ladder"}, 252 {ERR_PACK(ERR_LIB_EC, EC_F_EC_WNAF_MUL, 0), "ec_wNAF_mul"}, 253 {ERR_PACK(ERR_LIB_EC, EC_F_EC_WNAF_PRECOMPUTE_MULT, 0), 254 "ec_wNAF_precompute_mult"}, 255 {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPARAMETERS, 0), "i2d_ECParameters"}, 256 {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPKPARAMETERS, 0), "i2d_ECPKParameters"}, 257 {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPRIVATEKEY, 0), "i2d_ECPrivateKey"}, 258 {ERR_PACK(ERR_LIB_EC, EC_F_I2O_ECPUBLICKEY, 0), "i2o_ECPublicKey"}, 259 {ERR_PACK(ERR_LIB_EC, EC_F_NISTP224_PRE_COMP_NEW, 0), 260 "nistp224_pre_comp_new"}, 261 {ERR_PACK(ERR_LIB_EC, EC_F_NISTP256_PRE_COMP_NEW, 0), 262 "nistp256_pre_comp_new"}, 263 {ERR_PACK(ERR_LIB_EC, EC_F_NISTP521_PRE_COMP_NEW, 0), 264 "nistp521_pre_comp_new"}, 265 {ERR_PACK(ERR_LIB_EC, EC_F_O2I_ECPUBLICKEY, 0), "o2i_ECPublicKey"}, 266 {ERR_PACK(ERR_LIB_EC, EC_F_OLD_EC_PRIV_DECODE, 0), "old_ec_priv_decode"}, 267 {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDH_COMPUTE_KEY, 0), 268 "ossl_ecdh_compute_key"}, 269 {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SIG, 0), "ossl_ecdsa_sign_sig"}, 270 {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_VERIFY_SIG, 0), 271 "ossl_ecdsa_verify_sig"}, 272 {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_CTRL, 0), "pkey_ecd_ctrl"}, 273 {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN, 0), "pkey_ecd_digestsign"}, 274 {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN25519, 0), 275 "pkey_ecd_digestsign25519"}, 276 {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN448, 0), 277 "pkey_ecd_digestsign448"}, 278 {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECX_DERIVE, 0), "pkey_ecx_derive"}, 279 {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL, 0), "pkey_ec_ctrl"}, 280 {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL_STR, 0), "pkey_ec_ctrl_str"}, 281 {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_DERIVE, 0), "pkey_ec_derive"}, 282 {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_INIT, 0), "pkey_ec_init"}, 283 {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KDF_DERIVE, 0), "pkey_ec_kdf_derive"}, 284 {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"}, 285 {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"}, 286 {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"}, 287 {ERR_PACK(ERR_LIB_EC, EC_F_VALIDATE_ECX_DERIVE, 0), "validate_ecx_derive"}, 288 {0, NULL} 289 }; 17 # ifndef OPENSSL_NO_ERR 290 18 291 19 static const ERR_STRING_DATA EC_str_reasons[] = { … … 299 27 {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH), 300 28 "curve does not support ecdh"}, 29 {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA), 30 "curve does not support ecdsa"}, 301 31 {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING), 302 32 "curve does not support signing"}, 303 {ERR_PACK(ERR_LIB_EC, 0, EC_R_D2I_ECPKPARAMETERS_FAILURE),304 "d2i ecpkparameters failure"},305 33 {ERR_PACK(ERR_LIB_EC, 0, EC_R_DECODE_ERROR), "decode error"}, 306 34 {ERR_PACK(ERR_LIB_EC, 0, EC_R_DISCRIMINANT_IS_ZERO), … … 308 36 {ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE), 309 37 "ec group new by name failure"}, 38 {ERR_PACK(ERR_LIB_EC, 0, EC_R_FAILED_MAKING_PUBLIC_KEY), 39 "failed making public key"}, 310 40 {ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"}, 311 41 {ERR_PACK(ERR_LIB_EC, 0, EC_R_GF2M_NOT_SUPPORTED), "gf2m not supported"}, … … 316 46 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INCOMPATIBLE_OBJECTS), 317 47 "incompatible objects"}, 48 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_A), "invalid a"}, 318 49 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ARGUMENT), "invalid argument"}, 50 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_B), "invalid b"}, 51 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COFACTOR), "invalid cofactor"}, 319 52 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSED_POINT), 320 53 "invalid compressed point"}, … … 327 60 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FIELD), "invalid field"}, 328 61 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FORM), "invalid form"}, 62 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GENERATOR), "invalid generator"}, 329 63 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GROUP_ORDER), "invalid group order"}, 330 64 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_KEY), "invalid key"}, 65 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_LENGTH), "invalid length"}, 66 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_NAMED_GROUP_CONVERSION), 67 "invalid named group conversion"}, 331 68 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_OUTPUT_LENGTH), 332 69 "invalid output length"}, 70 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_P), "invalid p"}, 333 71 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PEER_KEY), "invalid peer key"}, 334 72 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PENTANOMIAL_BASIS), 335 73 "invalid pentanomial basis"}, 336 74 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PRIVATE_KEY), "invalid private key"}, 75 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_SEED), "invalid seed"}, 337 76 {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_TRINOMIAL_BASIS), 338 77 "invalid trinomial basis"}, … … 357 96 "passed null parameter"}, 358 97 {ERR_PACK(ERR_LIB_EC, 0, EC_R_PEER_KEY_ERROR), "peer key error"}, 359 {ERR_PACK(ERR_LIB_EC, 0, EC_R_PKPARAMETERS2GROUP_FAILURE),360 "pkparameters2group failure"},361 98 {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_ARITHMETIC_FAILURE), 362 99 "point arithmetic failure"}, … … 382 119 }; 383 120 384 # endif121 # endif 385 122 386 int ERR_load_EC_strings(void)123 int ossl_err_load_EC_strings(void) 387 124 { 388 #ifndef OPENSSL_NO_ERR 389 if (ERR_func_error_string(EC_str_functs[0].error) == NULL) { 390 ERR_load_strings_const(EC_str_functs); 125 # ifndef OPENSSL_NO_ERR 126 if (ERR_reason_error_string(EC_str_reasons[0].error) == NULL) 391 127 ERR_load_strings_const(EC_str_reasons); 392 } 393 #endif 128 # endif 394 129 return 1; 395 130 } 131 #else 132 NON_EMPTY_TRANSLATION_UNIT 133 #endif -
trunk/src/libs/openssl-3.0.1/crypto/ec/ec_key.c
r91772 r94082 1 1 /* 2 * Copyright 2002-202 0The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at 8 8 * https://www.openssl.org/source/license.html 9 9 */ 10 11 /* 12 * EC_KEY low level APIs are deprecated for public use, but still ok for 13 * internal use. 14 */ 15 #include "internal/deprecated.h" 10 16 11 17 #include "internal/cryptlib.h" … … 14 20 #include "internal/refcount.h" 15 21 #include <openssl/err.h> 16 #include <openssl/engine.h> 22 #ifndef FIPS_MODULE 23 # include <openssl/engine.h> 24 #endif 25 #include <openssl/self_test.h> 26 #include "prov/providercommon.h" 17 27 #include "crypto/bn.h" 18 28 29 static int ecdsa_keygen_pairwise_test(EC_KEY *eckey, OSSL_CALLBACK *cb, 30 void *cbarg); 31 32 #ifndef FIPS_MODULE 19 33 EC_KEY *EC_KEY_new(void) 20 34 { 21 return EC_KEY_new_method(NULL); 22 } 23 24 EC_KEY *EC_KEY_new_by_curve_name(int nid) 25 { 26 EC_KEY *ret = EC_KEY_new(); 35 return ossl_ec_key_new_method_int(NULL, NULL, NULL); 36 } 37 #endif 38 39 EC_KEY *EC_KEY_new_ex(OSSL_LIB_CTX *ctx, const char *propq) 40 { 41 return ossl_ec_key_new_method_int(ctx, propq, NULL); 42 } 43 44 EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx, const char *propq, 45 int nid) 46 { 47 EC_KEY *ret = EC_KEY_new_ex(ctx, propq); 27 48 if (ret == NULL) 28 49 return NULL; 29 ret->group = EC_GROUP_new_by_curve_name (nid);50 ret->group = EC_GROUP_new_by_curve_name_ex(ctx, propq, nid); 30 51 if (ret->group == NULL) { 31 52 EC_KEY_free(ret); … … 39 60 return ret; 40 61 } 62 63 #ifndef FIPS_MODULE 64 EC_KEY *EC_KEY_new_by_curve_name(int nid) 65 { 66 return EC_KEY_new_by_curve_name_ex(NULL, NULL, nid); 67 } 68 #endif 41 69 42 70 void EC_KEY_free(EC_KEY *r) … … 56 84 r->meth->finish(r); 57 85 58 #if ndef OPENSSL_NO_ENGINE86 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) 59 87 ENGINE_finish(r->engine); 60 88 #endif … … 63 91 r->group->meth->keyfinish(r); 64 92 93 #ifndef FIPS_MODULE 65 94 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data); 95 #endif 66 96 CRYPTO_THREAD_lock_free(r->lock); 67 97 EC_GROUP_free(r->group); 68 98 EC_POINT_free(r->pub_key); 69 99 BN_clear_free(r->priv_key); 100 OPENSSL_free(r->propq); 70 101 71 102 OPENSSL_clear_free((void *)r, sizeof(EC_KEY)); … … 75 106 { 76 107 if (dest == NULL || src == NULL) { 77 E Cerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);108 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 78 109 return NULL; 79 110 } … … 83 114 if (dest->group && dest->group->meth->keyfinish) 84 115 dest->group->meth->keyfinish(dest); 85 #if ndef OPENSSL_NO_ENGINE116 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) 86 117 if (ENGINE_finish(dest->engine) == 0) 87 118 return 0; … … 89 120 #endif 90 121 } 122 dest->libctx = src->libctx; 91 123 /* copy the parameters */ 92 124 if (src->group != NULL) { 93 const EC_METHOD *meth = EC_GROUP_method_of(src->group);94 125 /* clear the old group */ 95 126 EC_GROUP_free(dest->group); 96 dest->group = EC_GROUP_new(meth); 127 dest->group = ossl_ec_group_new_ex(src->libctx, src->propq, 128 src->group->meth); 97 129 if (dest->group == NULL) 98 130 return NULL; … … 130 162 dest->version = src->version; 131 163 dest->flags = src->flags; 164 #ifndef FIPS_MODULE 132 165 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY, 133 166 &dest->ex_data, &src->ex_data)) 134 167 return NULL; 168 #endif 135 169 136 170 if (src->meth != dest->meth) { 137 #if ndef OPENSSL_NO_ENGINE171 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) 138 172 if (src->engine != NULL && ENGINE_init(src->engine) == 0) 139 173 return NULL; … … 146 180 return NULL; 147 181 182 dest->dirty_cnt++; 183 148 184 return dest; 149 185 } … … 151 187 EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) 152 188 { 153 EC_KEY *ret = EC_KEY_new_method(ec_key->engine); 154 155 if (ret == NULL) 156 return NULL; 157 158 if (EC_KEY_copy(ret, ec_key) == NULL) { 159 EC_KEY_free(ret); 160 return NULL; 161 } 162 return ret; 189 return ossl_ec_key_dup(ec_key, OSSL_KEYMGMT_SELECT_ALL); 163 190 } 164 191 … … 183 210 { 184 211 if (eckey == NULL || eckey->group == NULL) { 185 ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); 186 return 0; 187 } 188 if (eckey->meth->keygen != NULL) 189 return eckey->meth->keygen(eckey); 190 ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); 212 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 213 return 0; 214 } 215 if (eckey->meth->keygen != NULL) { 216 int ret; 217 218 ret = eckey->meth->keygen(eckey); 219 if (ret == 1) 220 eckey->dirty_cnt++; 221 222 return ret; 223 } 224 ERR_raise(ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED); 191 225 return 0; 192 226 } … … 194 228 int ossl_ec_key_gen(EC_KEY *eckey) 195 229 { 196 return eckey->group->meth->keygen(eckey); 197 } 198 199 int ec_key_simple_generate_key(EC_KEY *eckey) 230 int ret; 231 232 ret = eckey->group->meth->keygen(eckey); 233 234 if (ret == 1) 235 eckey->dirty_cnt++; 236 return ret; 237 } 238 239 /* 240 * ECC Key generation. 241 * See SP800-56AR3 5.6.1.2.2 "Key Pair Generation by Testing Candidates" 242 * 243 * Params: 244 * libctx A context containing an optional self test callback. 245 * eckey An EC key object that contains domain params. The generated keypair 246 * is stored in this object. 247 * pairwise_test Set to non zero to perform a pairwise test. If the test 248 * fails then the keypair is not generated, 249 * Returns 1 if the keypair was generated or 0 otherwise. 250 */ 251 static int ec_generate_key(EC_KEY *eckey, int pairwise_test) 200 252 { 201 253 int ok = 0; 202 BN_CTX *ctx = NULL;203 254 BIGNUM *priv_key = NULL; 204 const BIGNUM *order = NULL; 255 const BIGNUM *tmp = NULL; 256 BIGNUM *order = NULL; 205 257 EC_POINT *pub_key = NULL; 206 207 if ((ctx = BN_CTX_new()) == NULL) 258 const EC_GROUP *group = eckey->group; 259 BN_CTX *ctx = BN_CTX_secure_new_ex(eckey->libctx); 260 int sm2 = EC_KEY_get_flags(eckey) & EC_FLAG_SM2_RANGE ? 1 : 0; 261 262 if (ctx == NULL) 208 263 goto err; 209 264 210 265 if (eckey->priv_key == NULL) { 211 priv_key = BN_ new();266 priv_key = BN_secure_new(); 212 267 if (priv_key == NULL) 213 268 goto err; … … 215 270 priv_key = eckey->priv_key; 216 271 217 order = EC_GROUP_get0_order(eckey->group); 218 if (order == NULL) 219 goto err; 272 /* 273 * Steps (1-2): Check domain parameters and security strength. 274 * These steps must be done by the user. This would need to be 275 * stated in the security policy. 276 */ 277 278 tmp = EC_GROUP_get0_order(group); 279 if (tmp == NULL) 280 goto err; 281 282 /* 283 * Steps (3-7): priv_key = DRBG_RAND(order_n_bits) (range [1, n-1]). 284 * Although this is slightly different from the standard, it is effectively 285 * equivalent as it gives an unbiased result ranging from 1..n-1. It is also 286 * faster as the standard needs to retry more often. Also doing 287 * 1 + rand[0..n-2] would effect the way that tests feed dummy entropy into 288 * rand so the simpler backward compatible method has been used here. 289 */ 290 291 /* range of SM2 private key is [1, n-1) */ 292 if (sm2) { 293 order = BN_new(); 294 if (order == NULL || !BN_sub(order, tmp, BN_value_one())) 295 goto err; 296 } else { 297 order = BN_dup(tmp); 298 if (order == NULL) 299 goto err; 300 } 220 301 221 302 do 222 if (!BN_priv_rand_range (priv_key, order))303 if (!BN_priv_rand_range_ex(priv_key, order, 0, ctx)) 223 304 goto err; 224 305 while (BN_is_zero(priv_key)) ; 225 306 226 307 if (eckey->pub_key == NULL) { 227 pub_key = EC_POINT_new( eckey->group);308 pub_key = EC_POINT_new(group); 228 309 if (pub_key == NULL) 229 310 goto err; … … 231 312 pub_key = eckey->pub_key; 232 313 233 if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) 314 /* Step (8) : pub_key = priv_key * G (where G is a point on the curve) */ 315 if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) 234 316 goto err; 235 317 236 318 eckey->priv_key = priv_key; 237 319 eckey->pub_key = pub_key; 320 priv_key = NULL; 321 pub_key = NULL; 322 323 eckey->dirty_cnt++; 324 325 #ifdef FIPS_MODULE 326 pairwise_test = 1; 327 #endif /* FIPS_MODULE */ 238 328 239 329 ok = 1; 240 241 err: 242 if (eckey->pub_key == NULL) 243 EC_POINT_free(pub_key); 244 if (eckey->priv_key != priv_key) 245 BN_free(priv_key); 330 if (pairwise_test) { 331 OSSL_CALLBACK *cb = NULL; 332 void *cbarg = NULL; 333 334 OSSL_SELF_TEST_get_callback(eckey->libctx, &cb, &cbarg); 335 ok = ecdsa_keygen_pairwise_test(eckey, cb, cbarg); 336 } 337 err: 338 /* Step (9): If there is an error return an invalid keypair. */ 339 if (!ok) { 340 ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); 341 BN_clear(eckey->priv_key); 342 if (eckey->pub_key != NULL) 343 EC_POINT_set_to_infinity(group, eckey->pub_key); 344 } 345 346 EC_POINT_free(pub_key); 347 BN_clear_free(priv_key); 246 348 BN_CTX_free(ctx); 349 BN_free(order); 247 350 return ok; 248 351 } 249 352 250 int ec_key_simple_generate_public_key(EC_KEY *eckey) 251 { 252 return EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL, 253 NULL, NULL); 353 int ossl_ec_key_simple_generate_key(EC_KEY *eckey) 354 { 355 return ec_generate_key(eckey, 0); 356 } 357 358 int ossl_ec_key_simple_generate_public_key(EC_KEY *eckey) 359 { 360 int ret; 361 BN_CTX *ctx = BN_CTX_new_ex(eckey->libctx); 362 363 if (ctx == NULL) 364 return 0; 365 366 /* 367 * See SP800-56AR3 5.6.1.2.2: Step (8) 368 * pub_key = priv_key * G (where G is a point on the curve) 369 */ 370 ret = EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL, 371 NULL, ctx); 372 373 BN_CTX_free(ctx); 374 if (ret == 1) 375 eckey->dirty_cnt++; 376 377 return ret; 254 378 } 255 379 … … 257 381 { 258 382 if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) { 259 E Cerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);383 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 260 384 return 0; 261 385 } 262 386 263 387 if (eckey->group->meth->keycheck == NULL) { 264 E Cerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);388 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 265 389 return 0; 266 390 } … … 269 393 } 270 394 271 int ec_key_simple_check_key(const EC_KEY *eckey) 395 /* 396 * Check the range of the EC public key. 397 * See SP800-56A R3 Section 5.6.2.3.3 (Part 2) 398 * i.e. 399 * - If q = odd prime p: Verify that xQ and yQ are integers in the 400 * interval[0, p - 1], OR 401 * - If q = 2m: Verify that xQ and yQ are bit strings of length m bits. 402 * Returns 1 if the public key has a valid range, otherwise it returns 0. 403 */ 404 static int ec_key_public_range_check(BN_CTX *ctx, const EC_KEY *key) 405 { 406 int ret = 0; 407 BIGNUM *x, *y; 408 409 BN_CTX_start(ctx); 410 x = BN_CTX_get(ctx); 411 y = BN_CTX_get(ctx); 412 if (y == NULL) 413 goto err; 414 415 if (!EC_POINT_get_affine_coordinates(key->group, key->pub_key, x, y, ctx)) 416 goto err; 417 418 if (EC_GROUP_get_field_type(key->group) == NID_X9_62_prime_field) { 419 if (BN_is_negative(x) 420 || BN_cmp(x, key->group->field) >= 0 421 || BN_is_negative(y) 422 || BN_cmp(y, key->group->field) >= 0) { 423 goto err; 424 } 425 } else { 426 int m = EC_GROUP_get_degree(key->group); 427 if (BN_num_bits(x) > m || BN_num_bits(y) > m) { 428 goto err; 429 } 430 } 431 ret = 1; 432 err: 433 BN_CTX_end(ctx); 434 return ret; 435 } 436 437 /* 438 * ECC Partial Public-Key Validation as specified in SP800-56A R3 439 * Section 5.6.2.3.4 ECC Partial Public-Key Validation Routine. 440 */ 441 int ossl_ec_key_public_check_quick(const EC_KEY *eckey, BN_CTX *ctx) 442 { 443 if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) { 444 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 445 return 0; 446 } 447 448 /* 5.6.2.3.3 (Step 1): Q != infinity */ 449 if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) { 450 ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); 451 return 0; 452 } 453 454 /* 5.6.2.3.3 (Step 2) Test if the public key is in range */ 455 if (!ec_key_public_range_check(ctx, eckey)) { 456 ERR_raise(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); 457 return 0; 458 } 459 460 /* 5.6.2.3.3 (Step 3) is the pub_key on the elliptic curve */ 461 if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { 462 ERR_raise(ERR_LIB_EC, EC_R_POINT_IS_NOT_ON_CURVE); 463 return 0; 464 } 465 return 1; 466 } 467 468 /* 469 * ECC Key validation as specified in SP800-56A R3. 470 * Section 5.6.2.3.3 ECC Full Public-Key Validation Routine. 471 */ 472 int ossl_ec_key_public_check(const EC_KEY *eckey, BN_CTX *ctx) 473 { 474 int ret = 0; 475 EC_POINT *point = NULL; 476 const BIGNUM *order = NULL; 477 478 if (!ossl_ec_key_public_check_quick(eckey, ctx)) 479 return 0; 480 481 point = EC_POINT_new(eckey->group); 482 if (point == NULL) 483 return 0; 484 485 order = eckey->group->order; 486 if (BN_is_zero(order)) { 487 ERR_raise(ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER); 488 goto err; 489 } 490 /* 5.6.2.3.3 (Step 4) : pub_key * order is the point at infinity. */ 491 if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) { 492 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 493 goto err; 494 } 495 if (!EC_POINT_is_at_infinity(eckey->group, point)) { 496 ERR_raise(ERR_LIB_EC, EC_R_WRONG_ORDER); 497 goto err; 498 } 499 ret = 1; 500 err: 501 EC_POINT_free(point); 502 return ret; 503 } 504 505 /* 506 * ECC Key validation as specified in SP800-56A R3. 507 * Section 5.6.2.1.2 Owner Assurance of Private-Key Validity 508 * The private key is in the range [1, order-1] 509 */ 510 int ossl_ec_key_private_check(const EC_KEY *eckey) 511 { 512 if (eckey == NULL || eckey->group == NULL || eckey->priv_key == NULL) { 513 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 514 return 0; 515 } 516 if (BN_cmp(eckey->priv_key, BN_value_one()) < 0 517 || BN_cmp(eckey->priv_key, eckey->group->order) >= 0) { 518 ERR_raise(ERR_LIB_EC, EC_R_INVALID_PRIVATE_KEY); 519 return 0; 520 } 521 return 1; 522 } 523 524 /* 525 * ECC Key validation as specified in SP800-56A R3. 526 * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency (b) 527 * Check if generator * priv_key = pub_key 528 */ 529 int ossl_ec_key_pairwise_check(const EC_KEY *eckey, BN_CTX *ctx) 530 { 531 int ret = 0; 532 EC_POINT *point = NULL; 533 534 if (eckey == NULL 535 || eckey->group == NULL 536 || eckey->pub_key == NULL 537 || eckey->priv_key == NULL) { 538 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 539 return 0; 540 } 541 542 point = EC_POINT_new(eckey->group); 543 if (point == NULL) 544 goto err; 545 546 547 if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, NULL, NULL, ctx)) { 548 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 549 goto err; 550 } 551 if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) { 552 ERR_raise(ERR_LIB_EC, EC_R_INVALID_PRIVATE_KEY); 553 goto err; 554 } 555 ret = 1; 556 err: 557 EC_POINT_free(point); 558 return ret; 559 } 560 561 562 /* 563 * ECC Key validation as specified in SP800-56A R3. 564 * Section 5.6.2.3.3 ECC Full Public-Key Validation 565 * Section 5.6.2.1.2 Owner Assurance of Private-Key Validity 566 * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency 567 * NOTES: 568 * Before calling this method in fips mode, there should be an assurance that 569 * an approved elliptic-curve group is used. 570 * Returns 1 if the key is valid, otherwise it returns 0. 571 */ 572 int ossl_ec_key_simple_check_key(const EC_KEY *eckey) 272 573 { 273 574 int ok = 0; 274 575 BN_CTX *ctx = NULL; 275 const BIGNUM *order = NULL; 276 EC_POINT *point = NULL; 277 278 if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) { 279 ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); 280 return 0; 281 } 282 283 if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) { 284 ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_AT_INFINITY); 285 goto err; 286 } 287 288 if ((ctx = BN_CTX_new()) == NULL) 289 goto err; 290 if ((point = EC_POINT_new(eckey->group)) == NULL) 291 goto err; 292 293 /* testing whether the pub_key is on the elliptic curve */ 294 if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { 295 ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); 296 goto err; 297 } 298 /* testing whether pub_key * order is the point at infinity */ 299 order = eckey->group->order; 300 if (BN_is_zero(order)) { 301 ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_GROUP_ORDER); 302 goto err; 303 } 304 if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) { 305 ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB); 306 goto err; 307 } 308 if (!EC_POINT_is_at_infinity(eckey->group, point)) { 309 ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER); 310 goto err; 311 } 312 /* 313 * in case the priv_key is present : check if generator * priv_key == 314 * pub_key 315 */ 576 577 if (eckey == NULL) { 578 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 579 return 0; 580 } 581 if ((ctx = BN_CTX_new_ex(eckey->libctx)) == NULL) 582 return 0; 583 584 if (!ossl_ec_key_public_check(eckey, ctx)) 585 goto err; 586 316 587 if (eckey->priv_key != NULL) { 317 if ( BN_cmp(eckey->priv_key, order) >= 0) {318 ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER);588 if (!ossl_ec_key_private_check(eckey) 589 || !ossl_ec_key_pairwise_check(eckey, ctx)) 319 590 goto err; 320 }321 if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,322 NULL, NULL, ctx)) {323 ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB);324 goto err;325 }326 if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {327 ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);328 goto err;329 }330 591 } 331 592 ok = 1; 332 593 err: 333 594 BN_CTX_free(ctx); 334 EC_POINT_free(point);335 595 return ok; 336 596 } … … 345 605 346 606 if (key == NULL || key->group == NULL || x == NULL || y == NULL) { 347 ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, 348 ERR_R_PASSED_NULL_PARAMETER); 349 return 0; 350 } 351 ctx = BN_CTX_new(); 607 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 608 return 0; 609 } 610 ctx = BN_CTX_new_ex(key->libctx); 352 611 if (ctx == NULL) 353 612 return 0; … … 370 629 371 630 /* 372 * Check if retrieved coordinates match originals and are less than field373 * order: if not values are out of range.631 * Check if retrieved coordinates match originals. The range check is done 632 * inside EC_KEY_check_key(). 374 633 */ 375 if (BN_cmp(x, tx) || BN_cmp(y, ty) 376 || (BN_cmp(x, key->group->field) >= 0) 377 || (BN_cmp(y, key->group->field) >= 0)) { 378 ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, 379 EC_R_COORDINATES_OUT_OF_RANGE); 380 goto err; 381 } 382 634 if (BN_cmp(x, tx) || BN_cmp(y, ty)) { 635 ERR_raise(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); 636 goto err; 637 } 638 639 /* EC_KEY_set_public_key updates dirty_cnt */ 383 640 if (!EC_KEY_set_public_key(key, point)) 384 641 goto err; … … 397 654 } 398 655 656 OSSL_LIB_CTX *ossl_ec_key_get_libctx(const EC_KEY *key) 657 { 658 return key->libctx; 659 } 660 661 const char *ossl_ec_key_get0_propq(const EC_KEY *key) 662 { 663 return key->propq; 664 } 665 666 void ossl_ec_key_set0_libctx(EC_KEY *key, OSSL_LIB_CTX *libctx) 667 { 668 key->libctx = libctx; 669 /* Do we need to propagate this to the group? */ 670 } 671 399 672 const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) 400 673 { … … 408 681 EC_GROUP_free(key->group); 409 682 key->group = EC_GROUP_dup(group); 683 if (key->group != NULL && EC_GROUP_get_curve_name(key->group) == NID_sm2) 684 EC_KEY_set_flags(key, EC_FLAG_SM2_RANGE); 685 686 key->dirty_cnt++; 410 687 return (key->group == NULL) ? 0 : 1; 411 688 } … … 496 773 BN_clear_free(key->priv_key); 497 774 key->priv_key = tmp_key; 775 key->dirty_cnt++; 498 776 499 777 return 1; … … 512 790 EC_POINT_free(key->pub_key); 513 791 key->pub_key = EC_POINT_dup(pub_key, key->group); 792 key->dirty_cnt++; 514 793 return (key->pub_key == NULL) ? 0 : 1; 515 794 } … … 543 822 } 544 823 824 #ifndef OPENSSL_NO_DEPRECATED_3_0 545 825 int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx) 546 826 { … … 549 829 return EC_GROUP_precompute_mult(key->group, ctx); 550 830 } 831 #endif 551 832 552 833 int EC_KEY_get_flags(const EC_KEY *key) … … 558 839 { 559 840 key->flags |= flags; 841 key->dirty_cnt++; 560 842 } 561 843 … … 563 845 { 564 846 key->flags &= ~flags; 847 key->dirty_cnt++; 565 848 } 566 849 … … 591 874 if (EC_POINT_oct2point(key->group, key->pub_key, buf, len, ctx) == 0) 592 875 return 0; 876 key->dirty_cnt++; 593 877 /* 594 878 * Save the point conversion form. … … 609 893 return 0; 610 894 if (eckey->group->meth->priv2oct == NULL) { 611 E Cerr(EC_F_EC_KEY_PRIV2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);895 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 612 896 return 0; 613 897 } … … 616 900 } 617 901 618 size_t ec_key_simple_priv2oct(const EC_KEY *eckey,619 unsigned char *buf, size_t len)902 size_t ossl_ec_key_simple_priv2oct(const EC_KEY *eckey, 903 unsigned char *buf, size_t len) 620 904 { 621 905 size_t buf_len; … … 632 916 633 917 if (BN_bn2binpad(eckey->priv_key, buf, buf_len) == -1) { 634 E Cerr(EC_F_EC_KEY_SIMPLE_PRIV2OCT, EC_R_BUFFER_TOO_SMALL);918 ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); 635 919 return 0; 636 920 } … … 641 925 int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len) 642 926 { 927 int ret; 928 643 929 if (eckey->group == NULL || eckey->group->meth == NULL) 644 930 return 0; 645 931 if (eckey->group->meth->oct2priv == NULL) { 646 ECerr(EC_F_EC_KEY_OCT2PRIV, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 647 return 0; 648 } 649 return eckey->group->meth->oct2priv(eckey, buf, len); 650 } 651 652 int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len) 932 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 933 return 0; 934 } 935 ret = eckey->group->meth->oct2priv(eckey, buf, len); 936 if (ret == 1) 937 eckey->dirty_cnt++; 938 return ret; 939 } 940 941 int ossl_ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, 942 size_t len) 653 943 { 654 944 if (eckey->priv_key == NULL) 655 945 eckey->priv_key = BN_secure_new(); 656 946 if (eckey->priv_key == NULL) { 657 E Cerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_MALLOC_FAILURE);947 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 658 948 return 0; 659 949 } 660 950 eckey->priv_key = BN_bin2bn(buf, len, eckey->priv_key); 661 951 if (eckey->priv_key == NULL) { 662 ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB); 663 return 0; 664 } 952 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 953 return 0; 954 } 955 eckey->dirty_cnt++; 665 956 return 1; 666 957 } … … 675 966 return 0; 676 967 if ((buf = OPENSSL_malloc(len)) == NULL) { 677 E Cerr(EC_F_EC_KEY_PRIV2BUF, ERR_R_MALLOC_FAILURE);968 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 678 969 return 0; 679 970 } … … 694 985 return 1; 695 986 } 987 988 /* 989 * FIPS 140-2 IG 9.9 AS09.33 990 * Perform a sign/verify operation. 991 * 992 * NOTE: When generating keys for key-agreement schemes - FIPS 140-2 IG 9.9 993 * states that no additional pairwise tests are required (apart from the tests 994 * specified in SP800-56A) when generating keys. Hence pairwise ECDH tests are 995 * omitted here. 996 */ 997 static int ecdsa_keygen_pairwise_test(EC_KEY *eckey, OSSL_CALLBACK *cb, 998 void *cbarg) 999 { 1000 int ret = 0; 1001 unsigned char dgst[16] = {0}; 1002 int dgst_len = (int)sizeof(dgst); 1003 ECDSA_SIG *sig = NULL; 1004 OSSL_SELF_TEST *st = NULL; 1005 1006 st = OSSL_SELF_TEST_new(cb, cbarg); 1007 if (st == NULL) 1008 return 0; 1009 1010 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, 1011 OSSL_SELF_TEST_DESC_PCT_ECDSA); 1012 1013 sig = ECDSA_do_sign(dgst, dgst_len, eckey); 1014 if (sig == NULL) 1015 goto err; 1016 1017 OSSL_SELF_TEST_oncorrupt_byte(st, dgst); 1018 1019 if (ECDSA_do_verify(dgst, dgst_len, sig, eckey) != 1) 1020 goto err; 1021 1022 ret = 1; 1023 err: 1024 OSSL_SELF_TEST_onend(st, ret); 1025 OSSL_SELF_TEST_free(st); 1026 ECDSA_SIG_free(sig); 1027 return ret; 1028 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/ec_kmeth.c
r91772 r94082 1 1 /* 2 * Copyright 2015-20 18The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at … … 8 8 */ 9 9 10 /* 11 * ECDH and ECDSA low level APIs are deprecated for public use, but still ok 12 * for internal use. 13 */ 14 #include "internal/deprecated.h" 15 10 16 #include <string.h> 11 17 #include <openssl/ec.h> 12 #include <openssl/engine.h> 18 #ifndef FIPS_MODULE 19 # include <openssl/engine.h> 20 #endif 13 21 #include <openssl/err.h> 14 22 #include "ec_local.h" … … 60 68 finish(key); 61 69 62 #if ndef OPENSSL_NO_ENGINE70 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) 63 71 ENGINE_finish(key->engine); 64 72 key->engine = NULL; … … 71 79 } 72 80 73 EC_KEY *EC_KEY_new_method(ENGINE *engine) 81 EC_KEY *ossl_ec_key_new_method_int(OSSL_LIB_CTX *libctx, const char *propq, 82 ENGINE *engine) 74 83 { 75 84 EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); 76 85 77 86 if (ret == NULL) { 78 E Cerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);87 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 79 88 return NULL; 89 } 90 91 ret->libctx = libctx; 92 if (propq != NULL) { 93 ret->propq = OPENSSL_strdup(propq); 94 if (ret->propq == NULL) { 95 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 96 goto err; 97 } 80 98 } 81 99 … … 83 101 ret->lock = CRYPTO_THREAD_lock_new(); 84 102 if (ret->lock == NULL) { 85 ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE); 86 OPENSSL_free(ret); 87 return NULL; 103 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 104 goto err; 88 105 } 89 106 90 107 ret->meth = EC_KEY_get_default_method(); 91 #if ndef OPENSSL_NO_ENGINE108 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) 92 109 if (engine != NULL) { 93 110 if (!ENGINE_init(engine)) { 94 E Cerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);111 ERR_raise(ERR_LIB_EC, ERR_R_ENGINE_LIB); 95 112 goto err; 96 113 } … … 101 118 ret->meth = ENGINE_get_EC(ret->engine); 102 119 if (ret->meth == NULL) { 103 E Cerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);120 ERR_raise(ERR_LIB_EC, ERR_R_ENGINE_LIB); 104 121 goto err; 105 122 } … … 110 127 ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; 111 128 129 /* No ex_data inside the FIPS provider */ 130 #ifndef FIPS_MODULE 112 131 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) { 113 132 goto err; 114 133 } 134 #endif 115 135 116 136 if (ret->meth->init != NULL && ret->meth->init(ret) == 0) { 117 E Cerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_INIT_FAIL);137 ERR_raise(ERR_LIB_EC, ERR_R_INIT_FAIL); 118 138 goto err; 119 139 } … … 124 144 return NULL; 125 145 } 146 147 #ifndef FIPS_MODULE 148 EC_KEY *EC_KEY_new_method(ENGINE *engine) 149 { 150 return ossl_ec_key_new_method_int(NULL, NULL, engine); 151 } 152 #endif 126 153 127 154 int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, … … 133 160 size_t seclen; 134 161 if (eckey->meth->compute_key == NULL) { 135 E Cerr(EC_F_ECDH_COMPUTE_KEY, EC_R_OPERATION_NOT_SUPPORTED);162 ERR_raise(ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED); 136 163 return 0; 137 164 } 138 165 if (outlen > INT_MAX) { 139 E Cerr(EC_F_ECDH_COMPUTE_KEY, EC_R_INVALID_OUTPUT_LENGTH);166 ERR_raise(ERR_LIB_EC, EC_R_INVALID_OUTPUT_LENGTH); 140 167 return 0; 141 168 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/ec_lib.c
r91772 r94082 1 1 /* 2 * Copyright 2001-202 0The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 9 9 */ 10 10 11 /* 12 * EC_GROUP low level APIs are deprecated for public use, but still ok for 13 * internal use. 14 */ 15 #include "internal/deprecated.h" 16 11 17 #include <string.h> 12 18 #include <openssl/params.h> 19 #include <openssl/core_names.h> 13 20 #include <openssl/err.h> 14 21 #include <openssl/opensslv.h> 15 22 #include "crypto/ec.h" 23 #include "internal/nelem.h" 16 24 #include "ec_local.h" 25 #include "e_os.h" /* strcasecmp */ 17 26 18 27 /* functions for EC_GROUP objects */ 19 28 20 EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) 29 EC_GROUP *ossl_ec_group_new_ex(OSSL_LIB_CTX *libctx, const char *propq, 30 const EC_METHOD *meth) 21 31 { 22 32 EC_GROUP *ret; 23 33 24 34 if (meth == NULL) { 25 E Cerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL);35 ERR_raise(ERR_LIB_EC, EC_R_SLOT_FULL); 26 36 return NULL; 27 37 } 28 38 if (meth->group_init == 0) { 29 E Cerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);39 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 30 40 return NULL; 31 41 } … … 33 43 ret = OPENSSL_zalloc(sizeof(*ret)); 34 44 if (ret == NULL) { 35 E Cerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);45 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 36 46 return NULL; 37 47 } 38 48 49 ret->libctx = libctx; 50 if (propq != NULL) { 51 ret->propq = OPENSSL_strdup(propq); 52 if (ret->propq == NULL) { 53 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 54 goto err; 55 } 56 } 39 57 ret->meth = meth; 40 58 if ((ret->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) { … … 46 64 goto err; 47 65 } 48 ret->asn1_flag = OPENSSL_EC_ NAMED_CURVE;66 ret->asn1_flag = OPENSSL_EC_EXPLICIT_CURVE; 49 67 ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; 50 68 if (!meth->group_init(ret)) … … 55 73 BN_free(ret->order); 56 74 BN_free(ret->cofactor); 75 OPENSSL_free(ret->propq); 57 76 OPENSSL_free(ret); 58 77 return NULL; 59 78 } 79 80 #ifndef OPENSSL_NO_DEPRECATED_3_0 81 # ifndef FIPS_MODULE 82 EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) 83 { 84 return ossl_ec_group_new_ex(NULL, NULL, meth); 85 } 86 # endif 87 #endif 60 88 61 89 void EC_pre_comp_free(EC_GROUP *group) … … 106 134 BN_free(group->cofactor); 107 135 OPENSSL_free(group->seed); 136 OPENSSL_free(group->propq); 108 137 OPENSSL_free(group); 109 138 } 110 139 140 #ifndef OPENSSL_NO_DEPRECATED_3_0 111 141 void EC_GROUP_clear_free(EC_GROUP *group) 112 142 { … … 127 157 OPENSSL_clear_free(group, sizeof(*group)); 128 158 } 159 #endif 129 160 130 161 int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) 131 162 { 132 163 if (dest->meth->group_copy == 0) { 133 E Cerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);164 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 134 165 return 0; 135 166 } 136 167 if (dest->meth != src->meth) { 137 E Cerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);168 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 138 169 return 0; 139 170 } … … 141 172 return 1; 142 173 174 dest->libctx = src->libctx; 143 175 dest->curve_name = src->curve_name; 144 176 … … 217 249 OPENSSL_free(dest->seed); 218 250 if ((dest->seed = OPENSSL_malloc(src->seed_len)) == NULL) { 219 E Cerr(EC_F_EC_GROUP_COPY, ERR_R_MALLOC_FAILURE);251 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 220 252 return 0; 221 253 } … … 240 272 return NULL; 241 273 242 if ((t = EC_GROUP_new(a->meth)) == NULL)274 if ((t = ossl_ec_group_new_ex(a->libctx, a->propq, a->meth)) == NULL) 243 275 return NULL; 244 276 if (!EC_GROUP_copy(t, a)) … … 255 287 } 256 288 289 #ifndef OPENSSL_NO_DEPRECATED_3_0 257 290 const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) 258 291 { … … 264 297 return meth->field_type; 265 298 } 299 #endif 266 300 267 301 static int ec_precompute_mont_data(EC_GROUP *); … … 296 330 } 297 331 298 if ((ctx = BN_CTX_new ()) == NULL)332 if ((ctx = BN_CTX_new_ex(group->libctx)) == NULL) 299 333 return 0; 300 334 … … 332 366 { 333 367 if (generator == NULL) { 334 E Cerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);368 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 335 369 return 0; 336 370 } … … 339 373 if (group->field == NULL || BN_is_zero(group->field) 340 374 || BN_is_negative(group->field)) { 341 E Cerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_FIELD);375 ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); 342 376 return 0; 343 377 } … … 350 384 if (order == NULL || BN_is_zero(order) || BN_is_negative(order) 351 385 || BN_num_bits(order) > BN_num_bits(group->field) + 1) { 352 E Cerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_GROUP_ORDER);386 ERR_raise(ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER); 353 387 return 0; 354 388 } … … 360 394 */ 361 395 if (cofactor != NULL && BN_is_negative(cofactor)) { 362 E Cerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_UNKNOWN_COFACTOR);396 ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_COFACTOR); 363 397 return 0; 364 398 } … … 448 482 { 449 483 group->curve_name = nid; 484 group->asn1_flag = 485 (nid != NID_undef) 486 ? OPENSSL_EC_NAMED_CURVE 487 : OPENSSL_EC_EXPLICIT_CURVE; 450 488 } 451 489 … … 453 491 { 454 492 return group->curve_name; 493 } 494 495 const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group) 496 { 497 return group->field; 498 } 499 500 int EC_GROUP_get_field_type(const EC_GROUP *group) 501 { 502 return group->meth->field_type; 455 503 } 456 504 … … 487 535 488 536 if ((group->seed = OPENSSL_malloc(len)) == NULL) { 489 E Cerr(EC_F_EC_GROUP_SET_SEED, ERR_R_MALLOC_FAILURE);537 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 490 538 return 0; 491 539 } … … 510 558 { 511 559 if (group->meth->group_set_curve == 0) { 512 E Cerr(EC_F_EC_GROUP_SET_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);560 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 513 561 return 0; 514 562 } … … 520 568 { 521 569 if (group->meth->group_get_curve == NULL) { 522 E Cerr(EC_F_EC_GROUP_GET_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);570 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 523 571 return 0; 524 572 } … … 526 574 } 527 575 528 #if OPENSSL_API_COMPAT < 0x10200000L576 #ifndef OPENSSL_NO_DEPRECATED_3_0 529 577 int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, 530 578 const BIGNUM *b, BN_CTX *ctx) … … 557 605 { 558 606 if (group->meth->group_get_degree == 0) { 559 E Cerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);607 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 560 608 return 0; 561 609 } … … 566 614 { 567 615 if (group->meth->group_check_discriminant == 0) { 568 ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, 569 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 616 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 570 617 return 0; 571 618 } … … 577 624 int r = 0; 578 625 BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; 626 #ifndef FIPS_MODULE 579 627 BN_CTX *ctx_new = NULL; 628 #endif 580 629 581 630 /* compare the field types */ 582 if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != 583 EC_METHOD_get_field_type(EC_GROUP_method_of(b))) 631 if (EC_GROUP_get_field_type(a) != EC_GROUP_get_field_type(b)) 584 632 return 1; 585 633 /* compare the curve name (if present in both) */ … … 590 638 return 0; 591 639 640 #ifndef FIPS_MODULE 592 641 if (ctx == NULL) 593 642 ctx_new = ctx = BN_CTX_new(); 643 #endif 594 644 if (ctx == NULL) 595 645 return -1; … … 604 654 if (b3 == NULL) { 605 655 BN_CTX_end(ctx); 656 #ifndef FIPS_MODULE 606 657 BN_CTX_free(ctx_new); 658 #endif 607 659 return -1; 608 660 } … … 616 668 r = 1; 617 669 618 if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3)) 670 /* return 1 if the curve parameters are different */ 671 if (r || BN_cmp(a1, b1) != 0 || BN_cmp(a2, b2) != 0 || BN_cmp(a3, b3) != 0) 619 672 r = 1; 620 673 621 674 /* XXX EC_POINT_cmp() assumes that the methods are equal */ 675 /* return 1 if the generators are different */ 622 676 if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), 623 EC_GROUP_get0_generator(b), ctx) )677 EC_GROUP_get0_generator(b), ctx) != 0) 624 678 r = 1; 625 679 626 680 if (!r) { 627 681 const BIGNUM *ao, *bo, *ac, *bc; 628 /* compare the order and cofactor*/682 /* compare the orders */ 629 683 ao = EC_GROUP_get0_order(a); 630 684 bo = EC_GROUP_get0_order(b); 685 if (ao == NULL || bo == NULL) { 686 /* return an error if either order is NULL */ 687 r = -1; 688 goto end; 689 } 690 if (BN_cmp(ao, bo) != 0) { 691 /* return 1 if orders are different */ 692 r = 1; 693 goto end; 694 } 695 /* 696 * It gets here if the curve parameters and generator matched. 697 * Now check the optional cofactors (if both are present). 698 */ 631 699 ac = EC_GROUP_get0_cofactor(a); 632 700 bc = EC_GROUP_get0_cofactor(b); 633 if (ao == NULL || bo == NULL) { 634 BN_CTX_end(ctx); 635 BN_CTX_free(ctx_new); 636 return -1; 637 } 638 if (BN_cmp(ao, bo) || BN_cmp(ac, bc)) 701 /* Returns 1 (mismatch) if both cofactors are specified and different */ 702 if (!BN_is_zero(ac) && !BN_is_zero(bc) && BN_cmp(ac, bc) != 0) 639 703 r = 1; 640 } 641 704 /* Returns 0 if the parameters matched */ 705 } 706 end: 642 707 BN_CTX_end(ctx); 708 #ifndef FIPS_MODULE 643 709 BN_CTX_free(ctx_new); 644 710 #endif 645 711 return r; 646 712 } … … 653 719 654 720 if (group == NULL) { 655 E Cerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);721 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 656 722 return NULL; 657 723 } 658 724 if (group->meth->point_init == NULL) { 659 E Cerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);725 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 660 726 return NULL; 661 727 } … … 663 729 ret = OPENSSL_zalloc(sizeof(*ret)); 664 730 if (ret == NULL) { 665 E Cerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);731 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 666 732 return NULL; 667 733 } … … 680 746 void EC_POINT_free(EC_POINT *point) 681 747 { 682 if ( !point)748 if (point == NULL) 683 749 return; 684 750 … … 690 756 void EC_POINT_clear_free(EC_POINT *point) 691 757 { 692 if ( !point)758 if (point == NULL) 693 759 return; 694 760 … … 703 769 { 704 770 if (dest->meth->point_copy == 0) { 705 E Cerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);771 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 706 772 return 0; 707 773 } 708 774 if (dest->meth != src->meth 709 775 || (dest->curve_name != src->curve_name 710 && dest->curve_name != 0711 && src->curve_name != 0)) {712 E Cerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);776 && dest->curve_name != 0 777 && src->curve_name != 0)) { 778 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 713 779 return 0; 714 780 } … … 737 803 } 738 804 805 #ifndef OPENSSL_NO_DEPRECATED_3_0 739 806 const EC_METHOD *EC_POINT_method_of(const EC_POINT *point) 740 807 { 741 808 return point->meth; 742 809 } 810 #endif 743 811 744 812 int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point) 745 813 { 746 814 if (group->meth->point_set_to_infinity == 0) { 747 ECerr(EC_F_EC_POINT_SET_TO_INFINITY, 748 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 815 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 749 816 return 0; 750 817 } 751 818 if (group->meth != point->meth) { 752 E Cerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);819 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 753 820 return 0; 754 821 } … … 756 823 } 757 824 825 #ifndef OPENSSL_NO_DEPRECATED_3_0 758 826 int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, 759 827 EC_POINT *point, const BIGNUM *x, … … 761 829 BN_CTX *ctx) 762 830 { 763 if (group->meth->point_set_Jprojective_coordinates_GFp == 0) { 764 ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, 765 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 831 if (group->meth->field_type != NID_X9_62_prime_field) { 832 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 766 833 return 0; 767 834 } 768 835 if (!ec_point_is_compat(point, group)) { 769 ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, 770 EC_R_INCOMPATIBLE_OBJECTS); 771 return 0; 772 } 773 return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, 774 y, z, ctx); 836 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 837 return 0; 838 } 839 return ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, point, 840 x, y, z, ctx); 775 841 } 776 842 … … 780 846 BN_CTX *ctx) 781 847 { 782 if (group->meth->point_get_Jprojective_coordinates_GFp == 0) { 783 ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, 784 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 848 if (group->meth->field_type != NID_X9_62_prime_field) { 849 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 785 850 return 0; 786 851 } 787 852 if (!ec_point_is_compat(point, group)) { 788 E Cerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,789 EC_R_INCOMPATIBLE_OBJECTS);790 return 0;791 }792 return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x,793 y, z, ctx); 794 } 853 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 854 return 0; 855 } 856 return ossl_ec_GFp_simple_get_Jprojective_coordinates_GFp(group, point, 857 x, y, z, ctx); 858 } 859 #endif 795 860 796 861 int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, … … 799 864 { 800 865 if (group->meth->point_set_affine_coordinates == NULL) { 801 ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, 802 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 866 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 803 867 return 0; 804 868 } 805 869 if (!ec_point_is_compat(point, group)) { 806 E Cerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, EC_R_INCOMPATIBLE_OBJECTS);870 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 807 871 return 0; 808 872 } … … 811 875 812 876 if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { 813 E Cerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, EC_R_POINT_IS_NOT_ON_CURVE);877 ERR_raise(ERR_LIB_EC, EC_R_POINT_IS_NOT_ON_CURVE); 814 878 return 0; 815 879 } … … 817 881 } 818 882 819 #if OPENSSL_API_COMPAT < 0x10200000L883 #ifndef OPENSSL_NO_DEPRECATED_3_0 820 884 int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, 821 885 EC_POINT *point, const BIGNUM *x, … … 840 904 { 841 905 if (group->meth->point_get_affine_coordinates == NULL) { 842 ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES, 843 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 906 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 844 907 return 0; 845 908 } 846 909 if (!ec_point_is_compat(point, group)) { 847 E Cerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES, EC_R_INCOMPATIBLE_OBJECTS);910 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 848 911 return 0; 849 912 } 850 913 if (EC_POINT_is_at_infinity(group, point)) { 851 E Cerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);914 ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); 852 915 return 0; 853 916 } … … 855 918 } 856 919 857 #if OPENSSL_API_COMPAT < 0x10200000L920 #ifndef OPENSSL_NO_DEPRECATED_3_0 858 921 int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, 859 922 const EC_POINT *point, BIGNUM *x, … … 877 940 { 878 941 if (group->meth->add == 0) { 879 E Cerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);942 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 880 943 return 0; 881 944 } 882 945 if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group) 883 946 || !ec_point_is_compat(b, group)) { 884 E Cerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);947 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 885 948 return 0; 886 949 } … … 892 955 { 893 956 if (group->meth->dbl == 0) { 894 E Cerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);957 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 895 958 return 0; 896 959 } 897 960 if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group)) { 898 E Cerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);961 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 899 962 return 0; 900 963 } … … 905 968 { 906 969 if (group->meth->invert == 0) { 907 E Cerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);970 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 908 971 return 0; 909 972 } 910 973 if (!ec_point_is_compat(a, group)) { 911 E Cerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);974 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 912 975 return 0; 913 976 } … … 918 981 { 919 982 if (group->meth->is_at_infinity == 0) { 920 ECerr(EC_F_EC_POINT_IS_AT_INFINITY, 921 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 983 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 922 984 return 0; 923 985 } 924 986 if (!ec_point_is_compat(point, group)) { 925 E Cerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);987 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 926 988 return 0; 927 989 } … … 940 1002 { 941 1003 if (group->meth->is_on_curve == 0) { 942 E Cerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);1004 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 943 1005 return 0; 944 1006 } 945 1007 if (!ec_point_is_compat(point, group)) { 946 E Cerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);1008 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 947 1009 return 0; 948 1010 } … … 954 1016 { 955 1017 if (group->meth->point_cmp == 0) { 956 E Cerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);1018 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 957 1019 return -1; 958 1020 } 959 1021 if (!ec_point_is_compat(a, group) || !ec_point_is_compat(b, group)) { 960 E Cerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);1022 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 961 1023 return -1; 962 1024 } … … 964 1026 } 965 1027 1028 #ifndef OPENSSL_NO_DEPRECATED_3_0 966 1029 int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) 967 1030 { 968 1031 if (group->meth->make_affine == 0) { 969 E Cerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);1032 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 970 1033 return 0; 971 1034 } 972 1035 if (!ec_point_is_compat(point, group)) { 973 E Cerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);1036 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 974 1037 return 0; 975 1038 } … … 983 1046 984 1047 if (group->meth->points_make_affine == 0) { 985 E Cerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);1048 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 986 1049 return 0; 987 1050 } 988 1051 for (i = 0; i < num; i++) { 989 1052 if (!ec_point_is_compat(points[i], group)) { 990 E Cerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);1053 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 991 1054 return 0; 992 1055 } … … 994 1057 return group->meth->points_make_affine(group, num, points, ctx); 995 1058 } 1059 #endif 996 1060 997 1061 /* … … 1001 1065 */ 1002 1066 1067 #ifndef OPENSSL_NO_DEPRECATED_3_0 1003 1068 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, 1004 1069 size_t num, const EC_POINT *points[], … … 1007 1072 int ret = 0; 1008 1073 size_t i = 0; 1074 #ifndef FIPS_MODULE 1009 1075 BN_CTX *new_ctx = NULL; 1076 #endif 1010 1077 1011 1078 if (!ec_point_is_compat(r, group)) { 1012 E Cerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);1079 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 1013 1080 return 0; 1014 1081 } … … 1019 1086 for (i = 0; i < num; i++) { 1020 1087 if (!ec_point_is_compat(points[i], group)) { 1021 E Cerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);1088 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 1022 1089 return 0; 1023 1090 } 1024 1091 } 1025 1092 1026 if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) { 1027 ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR); 1093 #ifndef FIPS_MODULE 1094 if (ctx == NULL) 1095 ctx = new_ctx = BN_CTX_secure_new(); 1096 #endif 1097 if (ctx == NULL) { 1098 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 1028 1099 return 0; 1029 1100 } … … 1033 1104 else 1034 1105 /* use default */ 1035 ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); 1036 1106 ret = ossl_ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); 1107 1108 #ifndef FIPS_MODULE 1037 1109 BN_CTX_free(new_ctx); 1110 #endif 1038 1111 return ret; 1039 1112 } 1113 #endif 1040 1114 1041 1115 int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, 1042 1116 const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) 1043 1117 { 1044 /* just a convenient interface to EC_POINTs_mul() */ 1045 1046 const EC_POINT *points[1]; 1047 const BIGNUM *scalars[1]; 1048 1049 points[0] = point; 1050 scalars[0] = p_scalar; 1051 1052 return EC_POINTs_mul(group, r, g_scalar, 1053 (point != NULL 1054 && p_scalar != NULL), points, scalars, ctx); 1055 } 1056 1118 int ret = 0; 1119 size_t num; 1120 #ifndef FIPS_MODULE 1121 BN_CTX *new_ctx = NULL; 1122 #endif 1123 1124 if (!ec_point_is_compat(r, group) 1125 || (point != NULL && !ec_point_is_compat(point, group))) { 1126 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 1127 return 0; 1128 } 1129 1130 if (g_scalar == NULL && p_scalar == NULL) 1131 return EC_POINT_set_to_infinity(group, r); 1132 1133 #ifndef FIPS_MODULE 1134 if (ctx == NULL) 1135 ctx = new_ctx = BN_CTX_secure_new(); 1136 #endif 1137 if (ctx == NULL) { 1138 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 1139 return 0; 1140 } 1141 1142 num = (point != NULL && p_scalar != NULL) ? 1 : 0; 1143 if (group->meth->mul != NULL) 1144 ret = group->meth->mul(group, r, g_scalar, num, &point, &p_scalar, ctx); 1145 else 1146 /* use default */ 1147 ret = ossl_ec_wNAF_mul(group, r, g_scalar, num, &point, &p_scalar, ctx); 1148 1149 #ifndef FIPS_MODULE 1150 BN_CTX_free(new_ctx); 1151 #endif 1152 return ret; 1153 } 1154 1155 #ifndef OPENSSL_NO_DEPRECATED_3_0 1057 1156 int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) 1058 1157 { 1059 1158 if (group->meth->mul == 0) 1060 1159 /* use default */ 1061 return ec_wNAF_precompute_mult(group, ctx);1160 return ossl_ec_wNAF_precompute_mult(group, ctx); 1062 1161 1063 1162 if (group->meth->precompute_mult != 0) … … 1071 1170 if (group->meth->mul == 0) 1072 1171 /* use default */ 1073 return ec_wNAF_have_precompute_mult(group);1172 return ossl_ec_wNAF_have_precompute_mult(group); 1074 1173 1075 1174 if (group->meth->have_precompute_mult != 0) … … 1079 1178 * been performed */ 1080 1179 } 1180 #endif 1081 1181 1082 1182 /* … … 1086 1186 static int ec_precompute_mont_data(EC_GROUP *group) 1087 1187 { 1088 BN_CTX *ctx = BN_CTX_new ();1188 BN_CTX *ctx = BN_CTX_new_ex(group->libctx); 1089 1189 int ret = 0; 1090 1190 … … 1113 1213 } 1114 1214 1215 #ifndef FIPS_MODULE 1115 1216 int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg) 1116 1217 { … … 1122 1223 return CRYPTO_get_ex_data(&key->ex_data, idx); 1123 1224 } 1124 1125 int ec_group_simple_order_bits(const EC_GROUP *group) 1225 #endif 1226 1227 int ossl_ec_group_simple_order_bits(const EC_GROUP *group) 1126 1228 { 1127 1229 if (group->order == NULL) … … 1134 1236 { 1135 1237 BIGNUM *e = NULL; 1238 int ret = 0; 1239 #ifndef FIPS_MODULE 1136 1240 BN_CTX *new_ctx = NULL; 1137 int ret = 0; 1241 #endif 1138 1242 1139 1243 if (group->mont_data == NULL) 1140 1244 return 0; 1141 1245 1142 if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) 1246 #ifndef FIPS_MODULE 1247 if (ctx == NULL) 1248 ctx = new_ctx = BN_CTX_secure_new(); 1249 #endif 1250 if (ctx == NULL) 1143 1251 return 0; 1144 1252 … … 1166 1274 err: 1167 1275 BN_CTX_end(ctx); 1276 #ifndef FIPS_MODULE 1168 1277 BN_CTX_free(new_ctx); 1278 #endif 1169 1279 return ret; 1170 1280 } … … 1183 1293 * other functionality. 1184 1294 */ 1185 int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,1186 const BIGNUM *x, BN_CTX *ctx)1295 int ossl_ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, 1296 const BIGNUM *x, BN_CTX *ctx) 1187 1297 { 1188 1298 if (group->meth->field_inverse_mod_ord != NULL) … … 1202 1312 * support coordinate blinding. 1203 1313 */ 1204 int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) 1314 int ossl_ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, 1315 BN_CTX *ctx) 1205 1316 { 1206 1317 if (group->meth->blind_coordinates == NULL) … … 1209 1320 return group->meth->blind_coordinates(group, p, ctx); 1210 1321 } 1322 1323 int EC_GROUP_get_basis_type(const EC_GROUP *group) 1324 { 1325 int i; 1326 1327 if (EC_GROUP_get_field_type(group) != NID_X9_62_characteristic_two_field) 1328 /* everything else is currently not supported */ 1329 return 0; 1330 1331 /* Find the last non-zero element of group->poly[] */ 1332 for (i = 0; 1333 i < (int)OSSL_NELEM(group->poly) && group->poly[i] != 0; 1334 i++) 1335 continue; 1336 1337 if (i == 4) 1338 return NID_X9_62_ppBasis; 1339 else if (i == 2) 1340 return NID_X9_62_tpBasis; 1341 else 1342 /* everything else is currently not supported */ 1343 return 0; 1344 } 1345 1346 #ifndef OPENSSL_NO_EC2M 1347 int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k) 1348 { 1349 if (group == NULL) 1350 return 0; 1351 1352 if (EC_GROUP_get_field_type(group) != NID_X9_62_characteristic_two_field 1353 || !((group->poly[0] != 0) && (group->poly[1] != 0) 1354 && (group->poly[2] == 0))) { 1355 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1356 return 0; 1357 } 1358 1359 if (k) 1360 *k = group->poly[1]; 1361 1362 return 1; 1363 } 1364 1365 int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, 1366 unsigned int *k2, unsigned int *k3) 1367 { 1368 if (group == NULL) 1369 return 0; 1370 1371 if (EC_GROUP_get_field_type(group) != NID_X9_62_characteristic_two_field 1372 || !((group->poly[0] != 0) && (group->poly[1] != 0) 1373 && (group->poly[2] != 0) && (group->poly[3] != 0) 1374 && (group->poly[4] == 0))) { 1375 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1376 return 0; 1377 } 1378 1379 if (k1) 1380 *k1 = group->poly[3]; 1381 if (k2) 1382 *k2 = group->poly[2]; 1383 if (k3) 1384 *k3 = group->poly[1]; 1385 1386 return 1; 1387 } 1388 #endif 1389 1390 /* 1391 * Check if the explicit parameters group matches any built-in curves. 1392 * 1393 * We create a copy of the group just built, so that we can remove optional 1394 * fields for the lookup: we do this to avoid the possibility that one of 1395 * the optional parameters is used to force the library into using a less 1396 * performant and less secure EC_METHOD instead of the specialized one. 1397 * In any case, `seed` is not really used in any computation, while a 1398 * cofactor different from the one in the built-in table is just 1399 * mathematically wrong anyway and should not be used. 1400 */ 1401 static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group, 1402 OSSL_LIB_CTX *libctx, 1403 const char *propq, 1404 BN_CTX *ctx) 1405 { 1406 EC_GROUP *ret_group = NULL, *dup = NULL; 1407 int curve_name_nid; 1408 1409 const EC_POINT *point = EC_GROUP_get0_generator(group); 1410 const BIGNUM *order = EC_GROUP_get0_order(group); 1411 int no_seed = (EC_GROUP_get0_seed(group) == NULL); 1412 1413 if ((dup = EC_GROUP_dup(group)) == NULL 1414 || EC_GROUP_set_seed(dup, NULL, 0) != 1 1415 || !EC_GROUP_set_generator(dup, point, order, NULL)) 1416 goto err; 1417 if ((curve_name_nid = ossl_ec_curve_nid_from_params(dup, ctx)) != NID_undef) { 1418 /* 1419 * The input explicit parameters successfully matched one of the 1420 * built-in curves: often for built-in curves we have specialized 1421 * methods with better performance and hardening. 1422 * 1423 * In this case we replace the `EC_GROUP` created through explicit 1424 * parameters with one created from a named group. 1425 */ 1426 1427 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 1428 /* 1429 * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for 1430 * the same curve, we prefer the SECP nid when matching explicit 1431 * parameters as that is associated with a specialized EC_METHOD. 1432 */ 1433 if (curve_name_nid == NID_wap_wsg_idm_ecid_wtls12) 1434 curve_name_nid = NID_secp224r1; 1435 #endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ 1436 1437 ret_group = EC_GROUP_new_by_curve_name_ex(libctx, propq, curve_name_nid); 1438 if (ret_group == NULL) 1439 goto err; 1440 1441 /* 1442 * Set the flag so that EC_GROUPs created from explicit parameters are 1443 * serialized using explicit parameters by default. 1444 */ 1445 EC_GROUP_set_asn1_flag(ret_group, OPENSSL_EC_EXPLICIT_CURVE); 1446 1447 /* 1448 * If the input params do not contain the optional seed field we make 1449 * sure it is not added to the returned group. 1450 * 1451 * The seed field is not really used inside libcrypto anyway, and 1452 * adding it to parsed explicit parameter keys would alter their DER 1453 * encoding output (because of the extra field) which could impact 1454 * applications fingerprinting keys by their DER encoding. 1455 */ 1456 if (no_seed) { 1457 if (EC_GROUP_set_seed(ret_group, NULL, 0) != 1) 1458 goto err; 1459 } 1460 } else { 1461 ret_group = (EC_GROUP *)group; 1462 } 1463 EC_GROUP_free(dup); 1464 return ret_group; 1465 err: 1466 EC_GROUP_free(dup); 1467 EC_GROUP_free(ret_group); 1468 return NULL; 1469 } 1470 1471 static EC_GROUP *group_new_from_name(const OSSL_PARAM *p, 1472 OSSL_LIB_CTX *libctx, const char *propq) 1473 { 1474 int ok = 0, nid; 1475 const char *curve_name = NULL; 1476 1477 switch (p->data_type) { 1478 case OSSL_PARAM_UTF8_STRING: 1479 /* The OSSL_PARAM functions have no support for this */ 1480 curve_name = p->data; 1481 ok = (curve_name != NULL); 1482 break; 1483 case OSSL_PARAM_UTF8_PTR: 1484 ok = OSSL_PARAM_get_utf8_ptr(p, &curve_name); 1485 break; 1486 } 1487 1488 if (ok) { 1489 nid = ossl_ec_curve_name2nid(curve_name); 1490 if (nid == NID_undef) { 1491 ERR_raise(ERR_LIB_EC, EC_R_INVALID_CURVE); 1492 return NULL; 1493 } else { 1494 return EC_GROUP_new_by_curve_name_ex(libctx, propq, nid); 1495 } 1496 } 1497 return NULL; 1498 } 1499 1500 /* These parameters can be set directly into an EC_GROUP */ 1501 int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[]) 1502 { 1503 int encoding_flag = -1, format = -1; 1504 const OSSL_PARAM *p; 1505 1506 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT); 1507 if (p != NULL) { 1508 if (!ossl_ec_pt_format_param2id(p, &format)) { 1509 ECerr(0, EC_R_INVALID_FORM); 1510 return 0; 1511 } 1512 EC_GROUP_set_point_conversion_form(group, format); 1513 } 1514 1515 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING); 1516 if (p != NULL) { 1517 if (!ossl_ec_encoding_param2id(p, &encoding_flag)) { 1518 ECerr(0, EC_R_INVALID_FORM); 1519 return 0; 1520 } 1521 EC_GROUP_set_asn1_flag(group, encoding_flag); 1522 } 1523 /* Optional seed */ 1524 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_SEED); 1525 if (p != NULL) { 1526 /* The seed is allowed to be NULL */ 1527 if (p->data_type != OSSL_PARAM_OCTET_STRING 1528 || !EC_GROUP_set_seed(group, p->data, p->data_size)) { 1529 ECerr(0, EC_R_INVALID_SEED); 1530 return 0; 1531 } 1532 } 1533 return 1; 1534 } 1535 1536 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], 1537 OSSL_LIB_CTX *libctx, const char *propq) 1538 { 1539 const OSSL_PARAM *ptmp, *pa, *pb; 1540 int ok = 0; 1541 EC_GROUP *group = NULL, *named_group = NULL; 1542 BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL, *cofactor = NULL; 1543 EC_POINT *point = NULL; 1544 int field_bits = 0; 1545 int is_prime_field = 1; 1546 BN_CTX *bnctx = NULL; 1547 const unsigned char *buf = NULL; 1548 int encoding_flag = -1; 1549 1550 /* This is the simple named group case */ 1551 ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); 1552 if (ptmp != NULL) { 1553 group = group_new_from_name(ptmp, libctx, propq); 1554 if (group != NULL) { 1555 if (!ossl_ec_group_set_params(group, params)) { 1556 EC_GROUP_free(group); 1557 group = NULL; 1558 } 1559 } 1560 return group; 1561 } 1562 /* If it gets here then we are trying explicit parameters */ 1563 bnctx = BN_CTX_new_ex(libctx); 1564 if (bnctx == NULL) { 1565 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1566 return 0; 1567 } 1568 BN_CTX_start(bnctx); 1569 1570 p = BN_CTX_get(bnctx); 1571 a = BN_CTX_get(bnctx); 1572 b = BN_CTX_get(bnctx); 1573 order = BN_CTX_get(bnctx); 1574 if (order == NULL) { 1575 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1576 goto err; 1577 } 1578 1579 ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_FIELD_TYPE); 1580 if (ptmp == NULL || ptmp->data_type != OSSL_PARAM_UTF8_STRING) { 1581 ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); 1582 goto err; 1583 } 1584 if (strcasecmp(ptmp->data, SN_X9_62_prime_field) == 0) { 1585 is_prime_field = 1; 1586 } else if (strcasecmp(ptmp->data, SN_X9_62_characteristic_two_field) == 0) { 1587 is_prime_field = 0; 1588 } else { 1589 /* Invalid field */ 1590 ERR_raise(ERR_LIB_EC, EC_R_UNSUPPORTED_FIELD); 1591 goto err; 1592 } 1593 1594 pa = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_A); 1595 if (!OSSL_PARAM_get_BN(pa, &a)) { 1596 ERR_raise(ERR_LIB_EC, EC_R_INVALID_A); 1597 goto err; 1598 } 1599 pb = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_B); 1600 if (!OSSL_PARAM_get_BN(pb, &b)) { 1601 ERR_raise(ERR_LIB_EC, EC_R_INVALID_B); 1602 goto err; 1603 } 1604 1605 /* extract the prime number or irreducible polynomial */ 1606 ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_P); 1607 if (!OSSL_PARAM_get_BN(ptmp, &p)) { 1608 ERR_raise(ERR_LIB_EC, EC_R_INVALID_P); 1609 goto err; 1610 } 1611 1612 if (is_prime_field) { 1613 if (BN_is_negative(p) || BN_is_zero(p)) { 1614 ERR_raise(ERR_LIB_EC, EC_R_INVALID_P); 1615 goto err; 1616 } 1617 field_bits = BN_num_bits(p); 1618 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 1619 ERR_raise(ERR_LIB_EC, EC_R_FIELD_TOO_LARGE); 1620 goto err; 1621 } 1622 1623 /* create the EC_GROUP structure */ 1624 group = EC_GROUP_new_curve_GFp(p, a, b, bnctx); 1625 } else { 1626 #ifdef OPENSSL_NO_EC2M 1627 ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); 1628 goto err; 1629 #else 1630 /* create the EC_GROUP structure */ 1631 group = EC_GROUP_new_curve_GF2m(p, a, b, NULL); 1632 if (group != NULL) { 1633 field_bits = EC_GROUP_get_degree(group); 1634 if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { 1635 ERR_raise(ERR_LIB_EC, EC_R_FIELD_TOO_LARGE); 1636 goto err; 1637 } 1638 } 1639 #endif /* OPENSSL_NO_EC2M */ 1640 } 1641 1642 if (group == NULL) { 1643 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 1644 goto err; 1645 } 1646 1647 /* Optional seed */ 1648 ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_SEED); 1649 if (ptmp != NULL) { 1650 if (ptmp->data_type != OSSL_PARAM_OCTET_STRING) { 1651 ERR_raise(ERR_LIB_EC, EC_R_INVALID_SEED); 1652 goto err; 1653 } 1654 if (!EC_GROUP_set_seed(group, ptmp->data, ptmp->data_size)) 1655 goto err; 1656 } 1657 1658 /* generator base point */ 1659 ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_GENERATOR); 1660 if (ptmp == NULL 1661 || ptmp->data_type != OSSL_PARAM_OCTET_STRING) { 1662 ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR); 1663 goto err; 1664 } 1665 buf = (const unsigned char *)(ptmp->data); 1666 if ((point = EC_POINT_new(group)) == NULL) 1667 goto err; 1668 EC_GROUP_set_point_conversion_form(group, 1669 (point_conversion_form_t)buf[0] & ~0x01); 1670 if (!EC_POINT_oct2point(group, point, buf, ptmp->data_size, bnctx)) { 1671 ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR); 1672 goto err; 1673 } 1674 1675 /* order */ 1676 ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ORDER); 1677 if (!OSSL_PARAM_get_BN(ptmp, &order) 1678 || (BN_is_negative(order) || BN_is_zero(order)) 1679 || (BN_num_bits(order) > (int)field_bits + 1)) { /* Hasse bound */ 1680 ERR_raise(ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER); 1681 goto err; 1682 } 1683 1684 /* Optional cofactor */ 1685 ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_COFACTOR); 1686 if (ptmp != NULL) { 1687 cofactor = BN_CTX_get(bnctx); 1688 if (cofactor == NULL || !OSSL_PARAM_get_BN(ptmp, &cofactor)) { 1689 ERR_raise(ERR_LIB_EC, EC_R_INVALID_COFACTOR); 1690 goto err; 1691 } 1692 } 1693 1694 /* set the generator, order and cofactor (if present) */ 1695 if (!EC_GROUP_set_generator(group, point, order, cofactor)) { 1696 ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR); 1697 goto err; 1698 } 1699 1700 named_group = ec_group_explicit_to_named(group, libctx, propq, bnctx); 1701 if (named_group == NULL) { 1702 ERR_raise(ERR_LIB_EC, EC_R_INVALID_NAMED_GROUP_CONVERSION); 1703 goto err; 1704 } 1705 if (named_group == group) { 1706 /* 1707 * If we did not find a named group then the encoding should be explicit 1708 * if it was specified 1709 */ 1710 ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING); 1711 if (ptmp != NULL 1712 && !ossl_ec_encoding_param2id(ptmp, &encoding_flag)) { 1713 ECerr(0, EC_R_INVALID_ENCODING); 1714 return 0; 1715 } 1716 if (encoding_flag == OPENSSL_EC_NAMED_CURVE) { 1717 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 1718 goto err; 1719 } 1720 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); 1721 } else { 1722 EC_GROUP_free(group); 1723 group = named_group; 1724 } 1725 ok = 1; 1726 err: 1727 if (!ok) { 1728 EC_GROUP_free(group); 1729 group = NULL; 1730 } 1731 EC_POINT_free(point); 1732 BN_CTX_end(bnctx); 1733 BN_CTX_free(bnctx); 1734 1735 return group; 1736 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/ec_local.h
r91772 r94082 1 1 /* 2 * Copyright 2001-202 0The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 31 31 /* Curve does not support signing operations */ 32 32 #define EC_FLAGS_NO_SIGN 0x4 33 34 #ifdef OPENSSL_NO_DEPRECATED_3_0 35 typedef struct ec_method_st EC_METHOD; 36 #endif 33 37 34 38 /* … … 77 81 */ 78 82 int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *); 79 int (*point_set_Jprojective_coordinates_GFp) (const EC_GROUP *,80 EC_POINT *, const BIGNUM *x,81 const BIGNUM *y,82 const BIGNUM *z, BN_CTX *);83 int (*point_get_Jprojective_coordinates_GFp) (const EC_GROUP *,84 const EC_POINT *, BIGNUM *x,85 BIGNUM *y, BIGNUM *z,86 BN_CTX *);87 83 int (*point_set_affine_coordinates) (const EC_GROUP *, EC_POINT *, 88 84 const BIGNUM *x, const BIGNUM *y, … … 180 176 int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen, 181 177 const EC_POINT *pub_key, const EC_KEY *ecdh); 178 /* custom ECDSA */ 179 int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinvp, 180 BIGNUM **rp); 181 ECDSA_SIG *(*ecdsa_sign_sig)(const unsigned char *dgst, int dgstlen, 182 const BIGNUM *kinv, const BIGNUM *r, 183 EC_KEY *eckey); 184 int (*ecdsa_verify_sig)(const unsigned char *dgst, int dgstlen, 185 const ECDSA_SIG *sig, EC_KEY *eckey); 182 186 /* Inverse modulo order */ 183 187 int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r, … … 271 275 EC_PRE_COMP *ec; 272 276 } pre_comp; 277 278 OSSL_LIB_CTX *libctx; 279 char *propq; 273 280 }; 274 281 … … 289 296 CRYPTO_REF_COUNT references; 290 297 int flags; 298 #ifndef FIPS_MODULE 291 299 CRYPTO_EX_DATA ex_data; 300 #endif 292 301 CRYPTO_RWLOCK *lock; 302 OSSL_LIB_CTX *libctx; 303 char *propq; 304 305 /* Provider data */ 306 size_t dirty_cnt; /* If any key material changes, increment this */ 293 307 }; 294 308 … … 312 326 const EC_GROUP *group) 313 327 { 314 if (group->meth != point->meth 315 || (group->curve_name != 0 316 && point->curve_name != 0 317 && group->curve_name != point->curve_name)) 318 return 0; 319 320 return 1; 328 return group->meth == point->meth 329 && (group->curve_name == 0 330 || point->curve_name == 0 331 || group->curve_name == point->curve_name); 321 332 } 322 333 … … 339 350 * group->method->mul is 0) 340 351 */ 341 int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,342 size_t num, const EC_POINT *points[], const BIGNUM *scalars[],343 BN_CTX *);344 int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *);345 int ec_wNAF_have_precompute_mult(const EC_GROUP *group);352 int ossl_ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, 353 size_t num, const EC_POINT *points[], 354 const BIGNUM *scalars[], BN_CTX *); 355 int ossl_ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); 356 int ossl_ec_wNAF_have_precompute_mult(const EC_GROUP *group); 346 357 347 358 /* method functions in ecp_smpl.c */ 348 int ec_GFp_simple_group_init(EC_GROUP *); 349 void ec_GFp_simple_group_finish(EC_GROUP *); 350 void ec_GFp_simple_group_clear_finish(EC_GROUP *); 351 int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *); 352 int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, 353 const BIGNUM *a, const BIGNUM *b, BN_CTX *); 354 int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, 355 BIGNUM *b, BN_CTX *); 356 int ec_GFp_simple_group_get_degree(const EC_GROUP *); 357 int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); 358 int ec_GFp_simple_point_init(EC_POINT *); 359 void ec_GFp_simple_point_finish(EC_POINT *); 360 void ec_GFp_simple_point_clear_finish(EC_POINT *); 361 int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *); 362 int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); 363 int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, 364 EC_POINT *, const BIGNUM *x, 365 const BIGNUM *y, 366 const BIGNUM *z, BN_CTX *); 367 int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, 368 const EC_POINT *, BIGNUM *x, 369 BIGNUM *y, BIGNUM *z, 359 int ossl_ec_GFp_simple_group_init(EC_GROUP *); 360 void ossl_ec_GFp_simple_group_finish(EC_GROUP *); 361 void ossl_ec_GFp_simple_group_clear_finish(EC_GROUP *); 362 int ossl_ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *); 363 int ossl_ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, 364 const BIGNUM *a, const BIGNUM *b, 365 BN_CTX *); 366 int ossl_ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, 367 BIGNUM *b, BN_CTX *); 368 int ossl_ec_GFp_simple_group_get_degree(const EC_GROUP *); 369 int ossl_ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); 370 int ossl_ec_GFp_simple_point_init(EC_POINT *); 371 void ossl_ec_GFp_simple_point_finish(EC_POINT *); 372 void ossl_ec_GFp_simple_point_clear_finish(EC_POINT *); 373 int ossl_ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *); 374 int ossl_ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); 375 int ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, 376 EC_POINT *, 377 const BIGNUM *x, 378 const BIGNUM *y, 379 const BIGNUM *z, 380 BN_CTX *); 381 int ossl_ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, 382 const EC_POINT *, 383 BIGNUM *x, 384 BIGNUM *y, BIGNUM *z, 385 BN_CTX *); 386 int ossl_ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, 387 const BIGNUM *x, 388 const BIGNUM *y, BN_CTX *); 389 int ossl_ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, 390 const EC_POINT *, BIGNUM *x, 391 BIGNUM *y, BN_CTX *); 392 int ossl_ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, 393 const BIGNUM *x, int y_bit, 370 394 BN_CTX *); 371 int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, 372 const BIGNUM *x, 373 const BIGNUM *y, BN_CTX *); 374 int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, 375 const EC_POINT *, BIGNUM *x, 376 BIGNUM *y, BN_CTX *); 377 int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, 378 const BIGNUM *x, int y_bit, 379 BN_CTX *); 380 size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, 381 point_conversion_form_t form, 382 unsigned char *buf, size_t len, BN_CTX *); 383 int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *, 384 const unsigned char *buf, size_t len, BN_CTX *); 385 int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, 386 const EC_POINT *b, BN_CTX *); 387 int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, 388 BN_CTX *); 389 int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); 390 int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); 391 int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); 392 int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, 393 BN_CTX *); 394 int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); 395 int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, 396 EC_POINT *[], BN_CTX *); 397 int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 398 const BIGNUM *b, BN_CTX *); 399 int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 395 size_t ossl_ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, 396 point_conversion_form_t form, 397 unsigned char *buf, size_t len, BN_CTX *); 398 int ossl_ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *, 399 const unsigned char *buf, size_t len, BN_CTX *); 400 int ossl_ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, 401 const EC_POINT *b, BN_CTX *); 402 int ossl_ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, 403 BN_CTX *); 404 int ossl_ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); 405 int ossl_ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); 406 int ossl_ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); 407 int ossl_ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, 408 const EC_POINT *b, BN_CTX *); 409 int ossl_ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); 410 int ossl_ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, 411 EC_POINT *[], BN_CTX *); 412 int ossl_ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 413 const BIGNUM *b, BN_CTX *); 414 int ossl_ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 415 BN_CTX *); 416 int ossl_ec_GFp_simple_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 417 BN_CTX *); 418 int ossl_ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, 419 BN_CTX *ctx); 420 int ossl_ec_GFp_simple_ladder_pre(const EC_GROUP *group, 421 EC_POINT *r, EC_POINT *s, 422 EC_POINT *p, BN_CTX *ctx); 423 int ossl_ec_GFp_simple_ladder_step(const EC_GROUP *group, 424 EC_POINT *r, EC_POINT *s, 425 EC_POINT *p, BN_CTX *ctx); 426 int ossl_ec_GFp_simple_ladder_post(const EC_GROUP *group, 427 EC_POINT *r, EC_POINT *s, 428 EC_POINT *p, BN_CTX *ctx); 429 430 /* method functions in ecp_mont.c */ 431 int ossl_ec_GFp_mont_group_init(EC_GROUP *); 432 int ossl_ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, 433 const BIGNUM *a, 434 const BIGNUM *b, BN_CTX *); 435 void ossl_ec_GFp_mont_group_finish(EC_GROUP *); 436 void ossl_ec_GFp_mont_group_clear_finish(EC_GROUP *); 437 int ossl_ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *); 438 int ossl_ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 439 const BIGNUM *b, BN_CTX *); 440 int ossl_ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 441 BN_CTX *); 442 int ossl_ec_GFp_mont_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 443 BN_CTX *); 444 int ossl_ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 445 BN_CTX *); 446 int ossl_ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 447 BN_CTX *); 448 int ossl_ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *); 449 450 /* method functions in ecp_nist.c */ 451 int ossl_ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); 452 int ossl_ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, 453 const BIGNUM *a, const BIGNUM *b, BN_CTX *); 454 int ossl_ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 455 const BIGNUM *b, BN_CTX *); 456 int ossl_ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 457 BN_CTX *); 458 459 /* method functions in ec2_smpl.c */ 460 int ossl_ec_GF2m_simple_group_init(EC_GROUP *); 461 void ossl_ec_GF2m_simple_group_finish(EC_GROUP *); 462 void ossl_ec_GF2m_simple_group_clear_finish(EC_GROUP *); 463 int ossl_ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *); 464 int ossl_ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, 465 const BIGNUM *a, const BIGNUM *b, 466 BN_CTX *); 467 int ossl_ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, 468 BIGNUM *b, BN_CTX *); 469 int ossl_ec_GF2m_simple_group_get_degree(const EC_GROUP *); 470 int ossl_ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); 471 int ossl_ec_GF2m_simple_point_init(EC_POINT *); 472 void ossl_ec_GF2m_simple_point_finish(EC_POINT *); 473 void ossl_ec_GF2m_simple_point_clear_finish(EC_POINT *); 474 int ossl_ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *); 475 int ossl_ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); 476 int ossl_ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, 477 EC_POINT *, 478 const BIGNUM *x, 479 const BIGNUM *y, BN_CTX *); 480 int ossl_ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, 481 const EC_POINT *, BIGNUM *x, 482 BIGNUM *y, BN_CTX *); 483 int ossl_ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, 484 const BIGNUM *x, int y_bit, 485 BN_CTX *); 486 size_t ossl_ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, 487 point_conversion_form_t form, 488 unsigned char *buf, size_t len, BN_CTX *); 489 int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *, 490 const unsigned char *buf, size_t len, BN_CTX *); 491 int ossl_ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, 492 const EC_POINT *b, BN_CTX *); 493 int ossl_ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, 400 494 BN_CTX *); 401 int ec_GFp_simple_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 402 BN_CTX *); 403 int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, 404 BN_CTX *ctx); 405 int ec_GFp_simple_ladder_pre(const EC_GROUP *group, 406 EC_POINT *r, EC_POINT *s, 407 EC_POINT *p, BN_CTX *ctx); 408 int ec_GFp_simple_ladder_step(const EC_GROUP *group, 409 EC_POINT *r, EC_POINT *s, 410 EC_POINT *p, BN_CTX *ctx); 411 int ec_GFp_simple_ladder_post(const EC_GROUP *group, 412 EC_POINT *r, EC_POINT *s, 413 EC_POINT *p, BN_CTX *ctx); 414 415 /* method functions in ecp_mont.c */ 416 int ec_GFp_mont_group_init(EC_GROUP *); 417 int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, 418 const BIGNUM *b, BN_CTX *); 419 void ec_GFp_mont_group_finish(EC_GROUP *); 420 void ec_GFp_mont_group_clear_finish(EC_GROUP *); 421 int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *); 422 int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 423 const BIGNUM *b, BN_CTX *); 424 int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 425 BN_CTX *); 426 int ec_GFp_mont_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 427 BN_CTX *); 428 int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 495 int ossl_ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); 496 int ossl_ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); 497 int ossl_ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); 498 int ossl_ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, 499 const EC_POINT *b, BN_CTX *); 500 int ossl_ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); 501 int ossl_ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, 502 EC_POINT *[], BN_CTX *); 503 int ossl_ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 504 const BIGNUM *b, BN_CTX *); 505 int ossl_ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 506 BN_CTX *); 507 int ossl_ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 508 const BIGNUM *b, BN_CTX *); 509 510 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 511 # ifdef B_ENDIAN 512 # error "Can not enable ec_nistp_64_gcc_128 on big-endian systems" 513 # endif 514 515 /* method functions in ecp_nistp224.c */ 516 int ossl_ec_GFp_nistp224_group_init(EC_GROUP *group); 517 int ossl_ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, 518 const BIGNUM *a, const BIGNUM *n, 519 BN_CTX *); 520 int ossl_ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, 521 const EC_POINT *point, 522 BIGNUM *x, BIGNUM *y, 523 BN_CTX *ctx); 524 int ossl_ec_GFp_nistp224_mul(const EC_GROUP *group, EC_POINT *r, 525 const BIGNUM *scalar, size_t num, 526 const EC_POINT *points[], const BIGNUM *scalars[], 429 527 BN_CTX *); 430 int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 528 int ossl_ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, 529 const BIGNUM *scalar, size_t num, 530 const EC_POINT *points[], 531 const BIGNUM *scalars[], BN_CTX *ctx); 532 int ossl_ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx); 533 int ossl_ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group); 534 535 /* method functions in ecp_nistp256.c */ 536 int ossl_ec_GFp_nistp256_group_init(EC_GROUP *group); 537 int ossl_ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, 538 const BIGNUM *a, const BIGNUM *n, 539 BN_CTX *); 540 int ossl_ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, 541 const EC_POINT *point, 542 BIGNUM *x, BIGNUM *y, 543 BN_CTX *ctx); 544 int ossl_ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r, 545 const BIGNUM *scalar, size_t num, 546 const EC_POINT *points[], const BIGNUM *scalars[], 431 547 BN_CTX *); 432 int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *); 433 434 /* method functions in ecp_nist.c */ 435 int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); 436 int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, 437 const BIGNUM *b, BN_CTX *); 438 int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 439 const BIGNUM *b, BN_CTX *); 440 int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 441 BN_CTX *); 442 443 /* method functions in ec2_smpl.c */ 444 int ec_GF2m_simple_group_init(EC_GROUP *); 445 void ec_GF2m_simple_group_finish(EC_GROUP *); 446 void ec_GF2m_simple_group_clear_finish(EC_GROUP *); 447 int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *); 448 int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, 449 const BIGNUM *a, const BIGNUM *b, 450 BN_CTX *); 451 int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, 452 BIGNUM *b, BN_CTX *); 453 int ec_GF2m_simple_group_get_degree(const EC_GROUP *); 454 int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); 455 int ec_GF2m_simple_point_init(EC_POINT *); 456 void ec_GF2m_simple_point_finish(EC_POINT *); 457 void ec_GF2m_simple_point_clear_finish(EC_POINT *); 458 int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *); 459 int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); 460 int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, 461 const BIGNUM *x, 462 const BIGNUM *y, BN_CTX *); 463 int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, 464 const EC_POINT *, BIGNUM *x, 465 BIGNUM *y, BN_CTX *); 466 int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, 467 const BIGNUM *x, int y_bit, 468 BN_CTX *); 469 size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, 470 point_conversion_form_t form, 471 unsigned char *buf, size_t len, BN_CTX *); 472 int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *, 473 const unsigned char *buf, size_t len, BN_CTX *); 474 int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, 475 const EC_POINT *b, BN_CTX *); 476 int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, 477 BN_CTX *); 478 int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); 479 int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); 480 int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); 481 int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, 482 BN_CTX *); 483 int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); 484 int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, 485 EC_POINT *[], BN_CTX *); 486 int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 487 const BIGNUM *b, BN_CTX *); 488 int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 548 int ossl_ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, 549 const BIGNUM *scalar, size_t num, 550 const EC_POINT *points[], 551 const BIGNUM *scalars[], BN_CTX *ctx); 552 int ossl_ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx); 553 int ossl_ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group); 554 555 /* method functions in ecp_nistp521.c */ 556 int ossl_ec_GFp_nistp521_group_init(EC_GROUP *group); 557 int ossl_ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, 558 const BIGNUM *a, const BIGNUM *n, 559 BN_CTX *); 560 int ossl_ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, 561 const EC_POINT *point, 562 BIGNUM *x, BIGNUM *y, 563 BN_CTX *ctx); 564 int ossl_ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r, 565 const BIGNUM *scalar, size_t num, 566 const EC_POINT *points[], const BIGNUM *scalars[], 489 567 BN_CTX *); 490 int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, 491 const BIGNUM *b, BN_CTX *); 492 493 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 494 /* method functions in ecp_nistp224.c */ 495 int ec_GFp_nistp224_group_init(EC_GROUP *group); 496 int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, 497 const BIGNUM *a, const BIGNUM *n, 498 BN_CTX *); 499 int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, 500 const EC_POINT *point, 501 BIGNUM *x, BIGNUM *y, 502 BN_CTX *ctx); 503 int ec_GFp_nistp224_mul(const EC_GROUP *group, EC_POINT *r, 504 const BIGNUM *scalar, size_t num, 505 const EC_POINT *points[], const BIGNUM *scalars[], 506 BN_CTX *); 507 int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, 508 const BIGNUM *scalar, size_t num, 509 const EC_POINT *points[], 510 const BIGNUM *scalars[], BN_CTX *ctx); 511 int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx); 512 int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group); 513 514 /* method functions in ecp_nistp256.c */ 515 int ec_GFp_nistp256_group_init(EC_GROUP *group); 516 int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, 517 const BIGNUM *a, const BIGNUM *n, 518 BN_CTX *); 519 int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, 520 const EC_POINT *point, 521 BIGNUM *x, BIGNUM *y, 522 BN_CTX *ctx); 523 int ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r, 524 const BIGNUM *scalar, size_t num, 525 const EC_POINT *points[], const BIGNUM *scalars[], 526 BN_CTX *); 527 int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, 528 const BIGNUM *scalar, size_t num, 529 const EC_POINT *points[], 530 const BIGNUM *scalars[], BN_CTX *ctx); 531 int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx); 532 int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group); 533 534 /* method functions in ecp_nistp521.c */ 535 int ec_GFp_nistp521_group_init(EC_GROUP *group); 536 int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, 537 const BIGNUM *a, const BIGNUM *n, 538 BN_CTX *); 539 int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, 540 const EC_POINT *point, 541 BIGNUM *x, BIGNUM *y, 542 BN_CTX *ctx); 543 int ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r, 544 const BIGNUM *scalar, size_t num, 545 const EC_POINT *points[], const BIGNUM *scalars[], 546 BN_CTX *); 547 int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, 548 const BIGNUM *scalar, size_t num, 549 const EC_POINT *points[], 550 const BIGNUM *scalars[], BN_CTX *ctx); 551 int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx); 552 int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group); 568 int ossl_ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, 569 const BIGNUM *scalar, size_t num, 570 const EC_POINT *points[], 571 const BIGNUM *scalars[], BN_CTX *ctx); 572 int ossl_ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx); 573 int ossl_ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group); 553 574 554 575 /* utility functions in ecp_nistputil.c */ 555 void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, 556 size_t felem_size, 557 void *tmp_felems, 558 void (*felem_one) (void *out), 559 int (*felem_is_zero) (const void 560 *in), 561 void (*felem_assign) (void *out, 562 const void 563 *in), 564 void (*felem_square) (void *out, 565 const void 566 *in), 567 void (*felem_mul) (void *out, 568 const void 569 *in1, 570 const void 571 *in2), 572 void (*felem_inv) (void *out, 573 const void 574 *in), 575 void (*felem_contract) (void 576 *out, 577 const 578 void 579 *in)); 580 void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, 581 unsigned char *digit, unsigned char in); 576 void ossl_ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, 577 size_t felem_size, 578 void *tmp_felems, 579 void (*felem_one) (void *out), 580 int (*felem_is_zero) 581 (const void *in), 582 void (*felem_assign) 583 (void *out, const void *in), 584 void (*felem_square) 585 (void *out, const void *in), 586 void (*felem_mul) 587 (void *out, 588 const void *in1, 589 const void *in2), 590 void (*felem_inv) 591 (void *out, const void *in), 592 void (*felem_contract) 593 (void *out, const void *in)); 594 void ossl_ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, 595 unsigned char *digit, 596 unsigned char in); 582 597 #endif 583 int ec_group_simple_order_bits(const EC_GROUP *group); 598 int ossl_ec_group_simple_order_bits(const EC_GROUP *group); 599 600 /** 601 * Creates a new EC_GROUP object 602 * \param libctx The associated library context or NULL for the default 603 * library context 604 * \param propq Any property query string 605 * \param meth EC_METHOD to use 606 * \return newly created EC_GROUP object or NULL in case of an error. 607 */ 608 EC_GROUP *ossl_ec_group_new_ex(OSSL_LIB_CTX *libctx, const char *propq, 609 const EC_METHOD *meth); 584 610 585 611 #ifdef ECP_NISTZ256_ASM … … 590 616 const EC_METHOD *EC_GFp_nistz256_method(void); 591 617 #endif 592 593 size_t ec_key_simple_priv2oct(const EC_KEY *eckey, 594 unsigned char *buf, size_t len); 595 int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len); 596 int ec_key_simple_generate_key(EC_KEY *eckey); 597 int ec_key_simple_generate_public_key(EC_KEY *eckey); 598 int ec_key_simple_check_key(const EC_KEY *eckey); 599 600 int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx); 618 #ifdef S390X_EC_ASM 619 const EC_METHOD *EC_GFp_s390x_nistp256_method(void); 620 const EC_METHOD *EC_GFp_s390x_nistp384_method(void); 621 const EC_METHOD *EC_GFp_s390x_nistp521_method(void); 622 #endif 623 624 size_t ossl_ec_key_simple_priv2oct(const EC_KEY *eckey, 625 unsigned char *buf, size_t len); 626 int ossl_ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, 627 size_t len); 628 int ossl_ec_key_simple_generate_key(EC_KEY *eckey); 629 int ossl_ec_key_simple_generate_public_key(EC_KEY *eckey); 630 int ossl_ec_key_simple_check_key(const EC_KEY *eckey); 631 632 int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx); 601 633 602 634 /* EC_METHOD definitions */ … … 631 663 #define EC_KEY_METHOD_DYNAMIC 1 632 664 665 EC_KEY *ossl_ec_key_new_method_int(OSSL_LIB_CTX *libctx, const char *propq, 666 ENGINE *engine); 667 633 668 int ossl_ec_key_gen(EC_KEY *eckey); 634 669 int ossl_ecdh_compute_key(unsigned char **pout, size_t *poutlen, 635 670 const EC_POINT *pub_key, const EC_KEY *ecdh); 636 int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,637 const EC_POINT *pub_key, const EC_KEY *ecdh);671 int ossl_ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, 672 const EC_POINT *pub_key, const EC_KEY *ecdh); 638 673 639 674 struct ECDSA_SIG_st { … … 654 689 int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, 655 690 const ECDSA_SIG *sig, EC_KEY *eckey); 656 657 int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, 658 const uint8_t public_key[32], const uint8_t private_key[32]); 659 int ED25519_verify(const uint8_t *message, size_t message_len, 660 const uint8_t signature[64], const uint8_t public_key[32]); 661 void ED25519_public_from_private(uint8_t out_public_key[32], 662 const uint8_t private_key[32]); 663 664 int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], 665 const uint8_t peer_public_value[32]); 666 void X25519_public_from_private(uint8_t out_public_value[32], 667 const uint8_t private_key[32]); 691 int ossl_ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 692 BIGNUM **rp); 693 ECDSA_SIG *ossl_ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len, 694 const BIGNUM *in_kinv, const BIGNUM *in_r, 695 EC_KEY *eckey); 696 int ossl_ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len, 697 const ECDSA_SIG *sig, EC_KEY *eckey); 698 668 699 669 700 /*- … … 696 727 * Returns 1 on success, 0 otherwise. 697 728 */ 698 int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, 699 const BIGNUM *scalar, const EC_POINT *point, 700 BN_CTX *ctx); 701 702 int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); 729 int ossl_ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, 730 const BIGNUM *scalar, const EC_POINT *point, 731 BN_CTX *ctx); 732 733 int ossl_ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, 734 BN_CTX *ctx); 703 735 704 736 static ossl_inline int ec_point_ladder_pre(const EC_GROUP *group, -
trunk/src/libs/openssl-3.0.1/crypto/ec/ec_mult.c
r91772 r94082 1 1 /* 2 * Copyright 2001-202 0The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at 8 8 * https://www.openssl.org/source/license.html 9 9 */ 10 11 /* 12 * ECDSA low level APIs are deprecated for public use, but still ok for 13 * internal use. 14 */ 15 #include "internal/deprecated.h" 10 16 11 17 #include <string.h> … … 52 58 ret = OPENSSL_zalloc(sizeof(*ret)); 53 59 if (ret == NULL) { 54 E Cerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);60 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 55 61 return ret; 56 62 } … … 63 69 ret->lock = CRYPTO_THREAD_lock_new(); 64 70 if (ret->lock == NULL) { 65 E Cerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);71 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 66 72 OPENSSL_free(ret); 67 73 return NULL; … … 137 143 * Returns 1 on success, 0 otherwise. 138 144 */ 139 int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,140 const BIGNUM *scalar, const EC_POINT *point,141 BN_CTX *ctx)145 int ossl_ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, 146 const BIGNUM *scalar, const EC_POINT *point, 147 BN_CTX *ctx) 142 148 { 143 149 int i, cardinality_bits, group_top, kbit, pbit, Z_is_one; … … 154 160 155 161 if (BN_is_zero(group->order)) { 156 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_ORDER);162 ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_ORDER); 157 163 return 0; 158 164 } 159 165 if (BN_is_zero(group->cofactor)) { 160 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_COFACTOR);166 ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_COFACTOR); 161 167 return 0; 162 168 } … … 166 172 if (((p = EC_POINT_new(group)) == NULL) 167 173 || ((s = EC_POINT_new(group)) == NULL)) { 168 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_MALLOC_FAILURE);174 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 169 175 goto err; 170 176 } … … 172 178 if (point == NULL) { 173 179 if (!EC_POINT_copy(p, group->generator)) { 174 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);180 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 175 181 goto err; 176 182 } 177 183 } else { 178 184 if (!EC_POINT_copy(p, point)) { 179 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);185 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 180 186 goto err; 181 187 } … … 190 196 k = BN_CTX_get(ctx); 191 197 if (k == NULL) { 192 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_MALLOC_FAILURE);198 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 193 199 goto err; 194 200 } 195 201 196 202 if (!BN_mul(cardinality, group->order, group->cofactor, ctx)) { 197 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);203 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 198 204 goto err; 199 205 } … … 209 215 if ((bn_wexpand(k, group_top + 2) == NULL) 210 216 || (bn_wexpand(lambda, group_top + 2) == NULL)) { 211 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);217 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 212 218 goto err; 213 219 } 214 220 215 221 if (!BN_copy(k, scalar)) { 216 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);222 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 217 223 goto err; 218 224 } … … 226 232 */ 227 233 if (!BN_nnmod(k, k, cardinality, ctx)) { 228 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);234 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 229 235 goto err; 230 236 } … … 232 238 233 239 if (!BN_add(lambda, k, cardinality)) { 234 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);240 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 235 241 goto err; 236 242 } 237 243 BN_set_flags(lambda, BN_FLG_CONSTTIME); 238 244 if (!BN_add(k, lambda, cardinality)) { 239 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);245 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 240 246 goto err; 241 247 } … … 257 263 || (bn_wexpand(p->Y, group_top) == NULL) 258 264 || (bn_wexpand(p->Z, group_top) == NULL)) { 259 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);265 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 260 266 goto err; 261 267 } 262 268 263 269 /* ensure input point is in affine coords for ladder step efficiency */ 264 if (!p->Z_is_one && !EC_POINT_make_affine(group, p, ctx)) { 265 ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB); 270 if (!p->Z_is_one && (group->meth->make_affine == NULL 271 || !group->meth->make_affine(group, p, ctx))) { 272 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 266 273 goto err; 267 274 } … … 269 276 /* Initialize the Montgomery ladder */ 270 277 if (!ec_point_ladder_pre(group, r, s, p, ctx)) { 271 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_PRE_FAILURE);278 ERR_raise(ERR_LIB_EC, EC_R_LADDER_PRE_FAILURE); 272 279 goto err; 273 280 } … … 349 356 /* Perform a single step of the Montgomery ladder */ 350 357 if (!ec_point_ladder_step(group, r, s, p, ctx)) { 351 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_STEP_FAILURE);358 ERR_raise(ERR_LIB_EC, EC_R_LADDER_STEP_FAILURE); 352 359 goto err; 353 360 } … … 364 371 /* Finalize ladder (and recover full point coordinates) */ 365 372 if (!ec_point_ladder_post(group, r, s, p, ctx)) { 366 E Cerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_POST_FAILURE);373 ERR_raise(ERR_LIB_EC, EC_R_LADDER_POST_FAILURE); 367 374 goto err; 368 375 } … … 381 388 382 389 /* 383 * T ODO: table should be optimised for the wNAF-based implementation,390 * Table could be optimised for the wNAF-based implementation, 384 391 * sometimes smaller windows will give better performance (thus the 385 392 * boundaries should be increased) … … 401 408 * in the addition if scalar != NULL 402 409 */ 403 int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,404 size_t num, const EC_POINT *points[], const BIGNUM *scalars[],405 BN_CTX *ctx)410 int ossl_ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, 411 size_t num, const EC_POINT *points[], 412 const BIGNUM *scalars[], BN_CTX *ctx) 406 413 { 407 414 const EC_POINT *generator = NULL; … … 444 451 * always call the ladder version. 445 452 */ 446 return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx);453 return ossl_ec_scalar_mul_ladder(group, r, scalar, NULL, ctx); 447 454 } 448 455 if ((scalar == NULL) && (num == 1) && (scalars[0] != group->order)) { … … 454 461 * actually set and we always call the ladder version. 455 462 */ 456 return ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx); 463 return ossl_ec_scalar_mul_ladder(group, r, scalars[0], points[0], 464 ctx); 457 465 } 458 466 } … … 461 469 generator = EC_GROUP_get0_generator(group); 462 470 if (generator == NULL) { 463 E Cerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR);471 ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR); 464 472 goto err; 465 473 } … … 489 497 /* check that pre_comp looks sane */ 490 498 if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) { 491 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);499 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 492 500 goto err; 493 501 } … … 514 522 515 523 if (wsize == NULL || wNAF_len == NULL || wNAF == NULL || val_sub == NULL) { 516 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);524 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 517 525 goto err; 518 526 } … … 544 552 if (pre_comp == NULL) { 545 553 if (num_scalar != 1) { 546 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);554 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 547 555 goto err; 548 556 } … … 553 561 554 562 if (num_scalar != 0) { 555 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);563 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 556 564 goto err; 557 565 } … … 596 604 numblocks = (tmp_len + blocksize - 1) / blocksize; 597 605 if (numblocks > pre_comp->numblocks) { 598 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);606 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 599 607 OPENSSL_free(tmp_wNAF); 600 608 goto err; … … 611 619 wNAF_len[i] = blocksize; 612 620 if (tmp_len < blocksize) { 613 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);621 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 614 622 OPENSSL_free(tmp_wNAF); 615 623 goto err; … … 626 634 wNAF[i] = OPENSSL_malloc(wNAF_len[i]); 627 635 if (wNAF[i] == NULL) { 628 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);636 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 629 637 OPENSSL_free(tmp_wNAF); 630 638 goto err; … … 635 643 636 644 if (*tmp_points == NULL) { 637 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);645 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 638 646 OPENSSL_free(tmp_wNAF); 639 647 goto err; … … 655 663 val = OPENSSL_malloc((num_val + 1) * sizeof(val[0])); 656 664 if (val == NULL) { 657 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);665 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 658 666 goto err; 659 667 } … … 672 680 } 673 681 if (!(v == val + num_val)) { 674 E Cerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);682 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 675 683 goto err; 676 684 } … … 706 714 } 707 715 708 if (!EC_POINTs_make_affine(group, num_val, val, ctx)) 716 if (group->meth->points_make_affine == NULL 717 || !group->meth->points_make_affine(group, num_val, val, ctx)) 709 718 goto err; 710 719 … … 746 755 * 747 756 * The underlying EC_METHOD can optionally implement this function: 748 * ec_point_blind_coordinates() returns 0 in case of errors or 1 on757 * ossl_ec_point_blind_coordinates() returns 0 in case of errors or 1 on 749 758 * success or if coordinate blinding is not implemented for this 750 759 * group. 751 760 */ 752 if (! ec_point_blind_coordinates(group, r, ctx)) {753 E Cerr(EC_F_EC_WNAF_MUL, EC_R_POINT_COORDINATES_BLIND_FAILURE);761 if (!ossl_ec_point_blind_coordinates(group, r, ctx)) { 762 ERR_raise(ERR_LIB_EC, EC_R_POINT_COORDINATES_BLIND_FAILURE); 754 763 goto err; 755 764 } … … 800 809 801 810 /*- 802 * ec_wNAF_precompute_mult()811 * ossl_ec_wNAF_precompute_mult() 803 812 * creates an EC_PRE_COMP object with preprecomputed multiples of the generator 804 * for use with wNAF splitting as implemented in ec_wNAF_mul().813 * for use with wNAF splitting as implemented in ossl_ec_wNAF_mul(). 805 814 * 806 815 * 'pre_comp->points' is an array of multiples of the generator … … 819 828 * points[2^(w-1)*numblocks] = NULL 820 829 */ 821 int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)830 int ossl_ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) 822 831 { 823 832 const EC_POINT *generator; 824 833 EC_POINT *tmp_point = NULL, *base = NULL, **var; 825 BN_CTX *new_ctx = NULL;826 834 const BIGNUM *order; 827 835 size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num; … … 829 837 EC_PRE_COMP *pre_comp; 830 838 int ret = 0; 839 int used_ctx = 0; 840 #ifndef FIPS_MODULE 841 BN_CTX *new_ctx = NULL; 842 #endif 831 843 832 844 /* if there is an old EC_PRE_COMP object, throw it away */ … … 837 849 generator = EC_GROUP_get0_generator(group); 838 850 if (generator == NULL) { 839 ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR); 840 goto err; 841 } 842 843 if (ctx == NULL) { 851 ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR); 852 goto err; 853 } 854 855 #ifndef FIPS_MODULE 856 if (ctx == NULL) 844 857 ctx = new_ctx = BN_CTX_new(); 845 if (ctx == NULL) 846 goto err;847 }858 #endif 859 if (ctx == NULL) 860 goto err; 848 861 849 862 BN_CTX_start(ctx); 863 used_ctx = 1; 850 864 851 865 order = EC_GROUP_get0_order(group); … … 853 867 goto err; 854 868 if (BN_is_zero(order)) { 855 E Cerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);869 ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_ORDER); 856 870 goto err; 857 871 } … … 881 895 points = OPENSSL_malloc(sizeof(*points) * (num + 1)); 882 896 if (points == NULL) { 883 E Cerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);897 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 884 898 goto err; 885 899 } … … 889 903 for (i = 0; i < num; i++) { 890 904 if ((var[i] = EC_POINT_new(group)) == NULL) { 891 E Cerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);905 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 892 906 goto err; 893 907 } … … 896 910 if ((tmp_point = EC_POINT_new(group)) == NULL 897 911 || (base = EC_POINT_new(group)) == NULL) { 898 E Cerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);912 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 899 913 goto err; 900 914 } … … 928 942 929 943 if (blocksize <= 2) { 930 E Cerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR);944 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 931 945 goto err; 932 946 } … … 941 955 } 942 956 943 if (!EC_POINTs_make_affine(group, num, points, ctx)) 957 if (group->meth->points_make_affine == NULL 958 || !group->meth->points_make_affine(group, num, points, ctx)) 944 959 goto err; 945 960 … … 956 971 957 972 err: 958 BN_CTX_end(ctx); 973 if (used_ctx) 974 BN_CTX_end(ctx); 975 #ifndef FIPS_MODULE 959 976 BN_CTX_free(new_ctx); 977 #endif 960 978 EC_ec_pre_comp_free(pre_comp); 961 979 if (points) { … … 971 989 } 972 990 973 int ec_wNAF_have_precompute_mult(const EC_GROUP *group)991 int ossl_ec_wNAF_have_precompute_mult(const EC_GROUP *group) 974 992 { 975 993 return HAVEPRECOMP(group, ec); -
trunk/src/libs/openssl-3.0.1/crypto/ec/ec_oct.c
r91772 r94082 1 1 /* 2 * Copyright 2011-20 18The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at 8 8 * https://www.openssl.org/source/license.html 9 9 */ 10 11 /* 12 * ECDSA low level APIs are deprecated for public use, but still ok for 13 * internal use. 14 */ 15 #include "internal/deprecated.h" 10 16 11 17 #include <string.h> … … 21 27 if (group->meth->point_set_compressed_coordinates == NULL 22 28 && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { 23 ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, 24 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 29 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 25 30 return 0; 26 31 } 27 32 if (!ec_point_is_compat(point, group)) { 28 ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, 29 EC_R_INCOMPATIBLE_OBJECTS); 33 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 30 34 return 0; 31 35 } 32 36 if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { 33 37 if (group->meth->field_type == NID_X9_62_prime_field) 34 return ec_GFp_simple_set_compressed_coordinates(group, point, x,35 y_bit, ctx);38 return ossl_ec_GFp_simple_set_compressed_coordinates(group, point, x, 39 y_bit, ctx); 36 40 else 37 41 #ifdef OPENSSL_NO_EC2M 38 42 { 39 ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, 40 EC_R_GF2M_NOT_SUPPORTED); 43 ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); 41 44 return 0; 42 45 } 43 46 #else 44 return ec_GF2m_simple_set_compressed_coordinates(group, point, x,45 y_bit, ctx);47 return ossl_ec_GF2m_simple_set_compressed_coordinates(group, point, 48 x, y_bit, ctx); 46 49 #endif 47 50 } … … 50 53 } 51 54 52 #if OPENSSL_API_COMPAT < 0x10200000L55 #ifndef OPENSSL_NO_DEPRECATED_3_0 53 56 int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, 54 57 EC_POINT *point, const BIGNUM *x, … … 74 77 if (group->meth->point2oct == 0 75 78 && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { 76 E Cerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);79 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 77 80 return 0; 78 81 } 79 82 if (!ec_point_is_compat(point, group)) { 80 E Cerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);83 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 81 84 return 0; 82 85 } 83 86 if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { 84 87 if (group->meth->field_type == NID_X9_62_prime_field) 85 return ec_GFp_simple_point2oct(group, point, form, buf, len, ctx); 88 return ossl_ec_GFp_simple_point2oct(group, point, form, buf, len, 89 ctx); 86 90 else 87 91 #ifdef OPENSSL_NO_EC2M 88 92 { 89 E Cerr(EC_F_EC_POINT_POINT2OCT, EC_R_GF2M_NOT_SUPPORTED);93 ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); 90 94 return 0; 91 95 } 92 96 #else 93 return ec_GF2m_simple_point2oct(group, point,94 form, buf, len, ctx);97 return ossl_ec_GF2m_simple_point2oct(group, point, 98 form, buf, len, ctx); 95 99 #endif 96 100 } … … 104 108 if (group->meth->oct2point == 0 105 109 && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { 106 E Cerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);110 ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 107 111 return 0; 108 112 } 109 113 if (!ec_point_is_compat(point, group)) { 110 E Cerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);114 ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); 111 115 return 0; 112 116 } 113 117 if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { 114 118 if (group->meth->field_type == NID_X9_62_prime_field) 115 return ec_GFp_simple_oct2point(group, point, buf, len, ctx);119 return ossl_ec_GFp_simple_oct2point(group, point, buf, len, ctx); 116 120 else 117 121 #ifdef OPENSSL_NO_EC2M 118 122 { 119 E Cerr(EC_F_EC_POINT_OCT2POINT, EC_R_GF2M_NOT_SUPPORTED);123 ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); 120 124 return 0; 121 125 } 122 126 #else 123 return ec_GF2m_simple_oct2point(group, point, buf, len, ctx);127 return ossl_ec_GF2m_simple_oct2point(group, point, buf, len, ctx); 124 128 #endif 125 129 } … … 138 142 return 0; 139 143 if ((buf = OPENSSL_malloc(len)) == NULL) { 140 E Cerr(EC_F_EC_POINT_POINT2BUF, ERR_R_MALLOC_FAILURE);144 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 141 145 return 0; 142 146 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/ec_pmeth.c
r91772 r94082 1 1 /* 2 * Copyright 2006-20 19The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at 7 7 * https://www.openssl.org/source/license.html 8 8 */ 9 10 /* 11 * ECDH and ECDSA low level APIs are deprecated for public use, but still ok 12 * for internal use. 13 */ 14 #include "internal/deprecated.h" 9 15 10 16 #include <stdio.h> … … 44 50 45 51 if ((dctx = OPENSSL_zalloc(sizeof(*dctx))) == NULL) { 46 E Cerr(EC_F_PKEY_EC_INIT, ERR_R_MALLOC_FAILURE);52 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 47 53 return 0; 48 54 } … … 54 60 } 55 61 56 static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)62 static int pkey_ec_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) 57 63 { 58 64 EC_PKEY_CTX *dctx, *sctx; … … 104 110 unsigned int sltmp; 105 111 EC_PKEY_CTX *dctx = ctx->data; 106 EC_KEY *ec = ctx->pkey->pkey.ec; 112 /* 113 * Discard const. Its marked as const because this may be a cached copy of 114 * the "real" key. These calls don't make any modifications that need to 115 * be reflected back in the "original" key. 116 */ 117 EC_KEY *ec = (EC_KEY *)EVP_PKEY_get0_EC_KEY(ctx->pkey); 107 118 const int sig_sz = ECDSA_size(ec); 108 119 … … 117 128 118 129 if (*siglen < (size_t)sig_sz) { 119 E Cerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL);120 return 0; 121 } 122 123 type = (dctx->md != NULL) ? EVP_MD_ type(dctx->md) : NID_sha1;130 ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); 131 return 0; 132 } 133 134 type = (dctx->md != NULL) ? EVP_MD_get_type(dctx->md) : NID_sha1; 124 135 125 136 ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); … … 137 148 int ret, type; 138 149 EC_PKEY_CTX *dctx = ctx->data; 139 EC_KEY *ec = ctx->pkey->pkey.ec; 150 /* 151 * Discard const. Its marked as const because this may be a cached copy of 152 * the "real" key. These calls don't make any modifications that need to 153 * be reflected back in the "original" key. 154 */ 155 EC_KEY *ec = (EC_KEY *)EVP_PKEY_get0_EC_KEY(ctx->pkey); 140 156 141 157 if (dctx->md) 142 type = EVP_MD_ type(dctx->md);158 type = EVP_MD_get_type(dctx->md); 143 159 else 144 160 type = NID_sha1; … … 156 172 const EC_POINT *pubkey = NULL; 157 173 EC_KEY *eckey; 158 EC_PKEY_CTX *dctx = ctx->data; 159 if (!ctx->pkey || !ctx->peerkey) { 160 ECerr(EC_F_PKEY_EC_DERIVE, EC_R_KEYS_NOT_SET); 161 return 0; 162 } 163 164 eckey = dctx->co_key ? dctx->co_key : ctx->pkey->pkey.ec; 174 const EC_KEY *eckeypub; 175 EC_PKEY_CTX *dctx = ctx->data; 176 177 if (ctx->pkey == NULL || ctx->peerkey == NULL) { 178 ERR_raise(ERR_LIB_EC, EC_R_KEYS_NOT_SET); 179 return 0; 180 } 181 eckeypub = EVP_PKEY_get0_EC_KEY(ctx->peerkey); 182 if (eckeypub == NULL) { 183 ERR_raise(ERR_LIB_EC, EC_R_KEYS_NOT_SET); 184 return 0; 185 } 186 187 eckey = dctx->co_key ? dctx->co_key 188 : (EC_KEY *)EVP_PKEY_get0_EC_KEY(ctx->pkey); 165 189 166 190 if (!key) { 167 191 const EC_GROUP *group; 168 192 group = EC_KEY_get0_group(eckey); 193 194 if (group == NULL) 195 return 0; 169 196 *keylen = (EC_GROUP_get_degree(group) + 7) / 8; 170 197 return 1; 171 198 } 172 pubkey = EC_KEY_get0_public_key( ctx->peerkey->pkey.ec);199 pubkey = EC_KEY_get0_public_key(eckeypub); 173 200 174 201 /* … … 204 231 return 0; 205 232 if ((ktmp = OPENSSL_malloc(ktmplen)) == NULL) { 206 E Cerr(EC_F_PKEY_EC_KDF_DERIVE, ERR_R_MALLOC_FAILURE);233 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 207 234 return 0; 208 235 } … … 210 237 goto err; 211 238 /* Do KDF stuff */ 212 if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen, 213 dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md)) 239 if (!ossl_ecdh_kdf_X9_63(key, *keylen, ktmp, ktmplen, 240 dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md, 241 ctx->libctx, ctx->propquery)) 214 242 goto err; 215 243 rv = 1; … … 229 257 group = EC_GROUP_new_by_curve_name(p1); 230 258 if (group == NULL) { 231 E Cerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE);259 ERR_raise(ERR_LIB_EC, EC_R_INVALID_CURVE); 232 260 return 0; 233 261 } … … 238 266 case EVP_PKEY_CTRL_EC_PARAM_ENC: 239 267 if (!dctx->gen_group) { 240 E Cerr(EC_F_PKEY_EC_CTRL, EC_R_NO_PARAMETERS_SET);268 ERR_raise(ERR_LIB_EC, EC_R_NO_PARAMETERS_SET); 241 269 return 0; 242 270 } … … 250 278 return dctx->cofactor_mode; 251 279 else { 252 EC_KEY *ec_key = ctx->pkey->pkey.ec;280 const EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(ctx->pkey); 253 281 return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 : 0; 254 282 } … … 257 285 dctx->cofactor_mode = p1; 258 286 if (p1 != -1) { 259 EC_KEY *ec_key = ctx->pkey->pkey.ec; 287 EC_KEY *ec_key = (EC_KEY *)EVP_PKEY_get0_EC_KEY(ctx->pkey); 288 289 /* 290 * We discarded the "const" above. This will only work if the key is 291 * a "real" legacy key, and not a cached copy of a provided key 292 */ 293 if (evp_pkey_is_provided(ctx->pkey)) { 294 ERR_raise(ERR_LIB_EC, ERR_R_UNSUPPORTED); 295 return 0; 296 } 260 297 if (!ec_key->group) 261 298 return -2; … … 319 356 320 357 case EVP_PKEY_CTRL_MD: 321 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && 322 EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 && 323 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && 324 EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && 325 EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && 326 EVP_MD_type((const EVP_MD *)p2) != NID_sha512 && 327 EVP_MD_type((const EVP_MD *)p2) != NID_sha3_224 && 328 EVP_MD_type((const EVP_MD *)p2) != NID_sha3_256 && 329 EVP_MD_type((const EVP_MD *)p2) != NID_sha3_384 && 330 EVP_MD_type((const EVP_MD *)p2) != NID_sha3_512) { 331 ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE); 358 if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 && 359 EVP_MD_get_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 && 360 EVP_MD_get_type((const EVP_MD *)p2) != NID_sha224 && 361 EVP_MD_get_type((const EVP_MD *)p2) != NID_sha256 && 362 EVP_MD_get_type((const EVP_MD *)p2) != NID_sha384 && 363 EVP_MD_get_type((const EVP_MD *)p2) != NID_sha512 && 364 EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_224 && 365 EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_256 && 366 EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_384 && 367 EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_512 && 368 EVP_MD_get_type((const EVP_MD *)p2) != NID_sm3) { 369 ERR_raise(ERR_LIB_EC, EC_R_INVALID_DIGEST_TYPE); 332 370 return 0; 333 371 } … … 363 401 nid = OBJ_ln2nid(value); 364 402 if (nid == NID_undef) { 365 E Cerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE);403 ERR_raise(ERR_LIB_EC, EC_R_INVALID_CURVE); 366 404 return 0; 367 405 } … … 379 417 const EVP_MD *md; 380 418 if ((md = EVP_get_digestbyname(value)) == NULL) { 381 E Cerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_DIGEST);419 ERR_raise(ERR_LIB_EC, EC_R_INVALID_DIGEST); 382 420 return 0; 383 421 } … … 399 437 400 438 if (dctx->gen_group == NULL) { 401 E Cerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET);439 ERR_raise(ERR_LIB_EC, EC_R_NO_PARAMETERS_SET); 402 440 return 0; 403 441 } … … 418 456 419 457 if (ctx->pkey == NULL && dctx->gen_group == NULL) { 420 E Cerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);458 ERR_raise(ERR_LIB_EC, EC_R_NO_PARAMETERS_SET); 421 459 return 0; 422 460 } … … 437 475 } 438 476 439 const EVP_PKEY_METHOD ec_pkey_meth = {477 static const EVP_PKEY_METHOD ec_pkey_meth = { 440 478 EVP_PKEY_EC, 441 479 0, … … 475 513 pkey_ec_ctrl_str 476 514 }; 515 516 const EVP_PKEY_METHOD *ossl_ec_pkey_method(void) 517 { 518 return &ec_pkey_meth; 519 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/ec_print.c
r91772 r94082 1 1 /* 2 * Copyright 2002-20 18The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at … … 8 8 */ 9 9 10 #include <string.h> /* strlen */ 10 11 #include <openssl/crypto.h> 11 #include <openssl/err.h>12 12 #include "ec_local.h" 13 14 BIGNUM *EC_POINT_point2bn(const EC_GROUP *group,15 const EC_POINT *point,16 point_conversion_form_t form,17 BIGNUM *ret, BN_CTX *ctx)18 {19 size_t buf_len = 0;20 unsigned char *buf;21 22 buf_len = EC_POINT_point2buf(group, point, form, &buf, ctx);23 24 if (buf_len == 0)25 return NULL;26 27 ret = BN_bin2bn(buf, buf_len, ret);28 29 OPENSSL_free(buf);30 31 return ret;32 }33 34 EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,35 const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx)36 {37 size_t buf_len = 0;38 unsigned char *buf;39 EC_POINT *ret;40 41 if ((buf_len = BN_num_bytes(bn)) == 0)42 buf_len = 1;43 if ((buf = OPENSSL_malloc(buf_len)) == NULL) {44 ECerr(EC_F_EC_POINT_BN2POINT, ERR_R_MALLOC_FAILURE);45 return NULL;46 }47 48 if (!BN_bn2binpad(bn, buf, buf_len)) {49 OPENSSL_free(buf);50 return NULL;51 }52 53 if (point == NULL) {54 if ((ret = EC_POINT_new(group)) == NULL) {55 OPENSSL_free(buf);56 return NULL;57 }58 } else59 ret = point;60 61 if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) {62 if (ret != point)63 EC_POINT_clear_free(ret);64 OPENSSL_free(buf);65 return NULL;66 }67 68 OPENSSL_free(buf);69 return ret;70 }71 13 72 14 static const char *HEX_DIGITS = "0123456789ABCDEF"; … … 106 48 107 49 EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, 108 const char * buf, EC_POINT *point, BN_CTX *ctx)50 const char *hex, EC_POINT *point, BN_CTX *ctx) 109 51 { 110 EC_POINT *ret = NULL; 111 BIGNUM *tmp_bn = NULL; 52 int ok = 0; 53 unsigned char *oct_buf = NULL; 54 size_t len, oct_buf_len = 0; 55 EC_POINT *pt = NULL; 112 56 113 if ( !BN_hex2bn(&tmp_bn, buf))57 if (group == NULL || hex == NULL) 114 58 return NULL; 115 59 116 ret = EC_POINT_bn2point(group, tmp_bn, point, ctx); 60 if (point == NULL) { 61 pt = EC_POINT_new(group); 62 if (pt == NULL) 63 goto err; 64 } else { 65 pt = point; 66 } 117 67 118 BN_clear_free(tmp_bn); 68 len = strlen(hex) / 2; 69 oct_buf = OPENSSL_malloc(len); 70 if (oct_buf == NULL) 71 return NULL; 119 72 120 return ret; 73 if (!OPENSSL_hexstr2buf_ex(oct_buf, len, &oct_buf_len, hex, '\0') 74 || !EC_POINT_oct2point(group, pt, oct_buf, oct_buf_len, ctx)) 75 goto err; 76 ok = 1; 77 err: 78 OPENSSL_clear_free(oct_buf, oct_buf_len); 79 if (!ok) { 80 if (pt != point) 81 EC_POINT_clear_free(pt); 82 pt = NULL; 83 } 84 return pt; 121 85 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/ecdh_kdf.c
r91772 r94082 1 1 /* 2 * Copyright 2015-20 18The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at … … 8 8 */ 9 9 10 /* 11 * ECDH low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 15 10 16 #include <string.h> 17 #include <openssl/core_names.h> 11 18 #include <openssl/ec.h> 12 19 #include <openssl/evp.h> 20 #include <openssl/kdf.h> 13 21 #include "ec_local.h" 14 22 15 23 /* Key derivation function from X9.63/SECG */ 16 /* Way more than we will ever need */ 17 #define ECDH_KDF_MAX (1 << 30) 24 int ossl_ecdh_kdf_X9_63(unsigned char *out, size_t outlen, 25 const unsigned char *Z, size_t Zlen, 26 const unsigned char *sinfo, size_t sinfolen, 27 const EVP_MD *md, 28 OSSL_LIB_CTX *libctx, const char *propq) 29 { 30 int ret = 0; 31 EVP_KDF_CTX *kctx = NULL; 32 OSSL_PARAM params[4], *p = params; 33 const char *mdname = EVP_MD_get0_name(md); 34 EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_X963KDF, propq); 18 35 19 int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, 20 const unsigned char *Z, size_t Zlen, 21 const unsigned char *sinfo, size_t sinfolen, 22 const EVP_MD *md) 23 { 24 EVP_MD_CTX *mctx = NULL; 25 int rv = 0; 26 unsigned int i; 27 size_t mdlen; 28 unsigned char ctr[4]; 29 if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX 30 || Zlen > ECDH_KDF_MAX) 31 return 0; 32 mctx = EVP_MD_CTX_new(); 33 if (mctx == NULL) 34 return 0; 35 mdlen = EVP_MD_size(md); 36 for (i = 1;; i++) { 37 unsigned char mtmp[EVP_MAX_MD_SIZE]; 38 if (!EVP_DigestInit_ex(mctx, md, NULL)) 39 goto err; 40 ctr[3] = i & 0xFF; 41 ctr[2] = (i >> 8) & 0xFF; 42 ctr[1] = (i >> 16) & 0xFF; 43 ctr[0] = (i >> 24) & 0xFF; 44 if (!EVP_DigestUpdate(mctx, Z, Zlen)) 45 goto err; 46 if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr))) 47 goto err; 48 if (!EVP_DigestUpdate(mctx, sinfo, sinfolen)) 49 goto err; 50 if (outlen >= mdlen) { 51 if (!EVP_DigestFinal(mctx, out, NULL)) 52 goto err; 53 outlen -= mdlen; 54 if (outlen == 0) 55 break; 56 out += mdlen; 57 } else { 58 if (!EVP_DigestFinal(mctx, mtmp, NULL)) 59 goto err; 60 memcpy(out, mtmp, outlen); 61 OPENSSL_cleanse(mtmp, mdlen); 62 break; 63 } 36 if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) { 37 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, 38 (char *)mdname, 0); 39 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, 40 (void *)Z, Zlen); 41 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, 42 (void *)sinfo, sinfolen); 43 *p = OSSL_PARAM_construct_end(); 44 45 ret = EVP_KDF_derive(kctx, out, outlen, params) > 0; 46 EVP_KDF_CTX_free(kctx); 64 47 } 65 rv = 1; 66 err: 67 EVP_MD_CTX_free(mctx); 68 return rv; 48 EVP_KDF_free(kdf); 49 return ret; 69 50 } 70 51 … … 73 54 * Retained for ABI compatibility 74 55 */ 56 #ifndef OPENSSL_NO_DEPRECATED_3_0 75 57 int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, 76 58 const unsigned char *Z, size_t Zlen, … … 78 60 const EVP_MD *md) 79 61 { 80 return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md); 62 return ossl_ecdh_kdf_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md, NULL, 63 NULL); 81 64 } 65 #endif -
trunk/src/libs/openssl-3.0.1/crypto/ec/ecdh_ossl.c
r91772 r94082 1 1 /* 2 * Copyright 2002-20 19The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at 8 8 * https://www.openssl.org/source/license.html 9 9 */ 10 11 /* 12 * ECDH low level APIs are deprecated for public use, but still ok for 13 * internal use. 14 */ 15 #include "internal/deprecated.h" 10 16 11 17 #include <string.h> … … 24 30 { 25 31 if (ecdh->group->meth->ecdh_compute_key == NULL) { 26 E Cerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);32 ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); 27 33 return 0; 28 34 } … … 32 38 33 39 /*- 34 * This implementation is based on the following primitives in the IEEE 1363 standard: 40 * This implementation is based on the following primitives in the 41 * IEEE 1363 standard: 35 42 * - ECKAS-DH1 36 43 * - ECSVDP-DH 44 * 45 * It also conforms to SP800-56A r3 46 * See Section 5.7.1.2 "Elliptic Curve Cryptography Cofactor Diffie-Hellman 47 * (ECC CDH) Primitive:". The steps listed below refer to SP800-56A. 37 48 */ 38 int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,39 const EC_POINT *pub_key, const EC_KEY *ecdh)49 int ossl_ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, 50 const EC_POINT *pub_key, const EC_KEY *ecdh) 40 51 { 41 52 BN_CTX *ctx; … … 48 59 unsigned char *buf = NULL; 49 60 50 if ((ctx = BN_CTX_new ()) == NULL)61 if ((ctx = BN_CTX_new_ex(ecdh->libctx)) == NULL) 51 62 goto err; 52 63 BN_CTX_start(ctx); 53 64 x = BN_CTX_get(ctx); 54 65 if (x == NULL) { 55 E Cerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);66 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 56 67 goto err; 57 68 } … … 59 70 priv_key = EC_KEY_get0_private_key(ecdh); 60 71 if (priv_key == NULL) { 61 E Cerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_MISSING_PRIVATE_KEY);72 ERR_raise(ERR_LIB_EC, EC_R_MISSING_PRIVATE_KEY); 62 73 goto err; 63 74 } … … 65 76 group = EC_KEY_get0_group(ecdh); 66 77 78 /* 79 * Step(1) - Compute the point tmp = cofactor * owners_private_key 80 * * peer_public_key. 81 */ 67 82 if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) { 68 83 if (!EC_GROUP_get_cofactor(group, x, NULL) || 69 84 !BN_mul(x, x, priv_key, ctx)) { 70 E Cerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);85 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 71 86 goto err; 72 87 } … … 75 90 76 91 if ((tmp = EC_POINT_new(group)) == NULL) { 77 E Cerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);92 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 78 93 goto err; 79 94 } 80 95 81 96 if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) { 82 E Cerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE);97 ERR_raise(ERR_LIB_EC, EC_R_POINT_ARITHMETIC_FAILURE); 83 98 goto err; 84 99 } 85 100 101 /* 102 * Step(2) : If point tmp is at infinity then clear intermediate values and 103 * exit. Note: getting affine coordinates returns 0 if point is at infinity. 104 * Step(3a) : Get x-coordinate of point x = tmp.x 105 */ 86 106 if (!EC_POINT_get_affine_coordinates(group, tmp, x, NULL, ctx)) { 87 E Cerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE);107 ERR_raise(ERR_LIB_EC, EC_R_POINT_ARITHMETIC_FAILURE); 88 108 goto err; 89 109 } 90 110 111 /* 112 * Step(3b) : convert x to a byte string, using the field-element-to-byte 113 * string conversion routine defined in Appendix C.2 114 */ 91 115 buflen = (EC_GROUP_get_degree(group) + 7) / 8; 92 116 len = BN_num_bytes(x); 93 117 if (len > buflen) { 94 E Cerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);118 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 95 119 goto err; 96 120 } 97 121 if ((buf = OPENSSL_malloc(buflen)) == NULL) { 98 E Cerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);122 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 99 123 goto err; 100 124 } … … 102 126 memset(buf, 0, buflen - len); 103 127 if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) { 104 E Cerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_BN_LIB);128 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 105 129 goto err; 106 130 } … … 113 137 114 138 err: 139 /* Step(4) : Destroy all intermediate calculations */ 140 BN_clear(x); 115 141 EC_POINT_clear_free(tmp); 116 142 BN_CTX_end(ctx); -
trunk/src/libs/openssl-3.0.1/crypto/ec/ecdsa_ossl.c
r91772 r94082 1 1 /* 2 * Copyright 2002-20 19The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at 7 7 * https://www.openssl.org/source/license.html 8 8 */ 9 10 /* 11 * ECDSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 9 15 10 16 #include <string.h> … … 14 20 #include "crypto/bn.h" 15 21 #include "ec_local.h" 22 23 int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 24 BIGNUM **rp) 25 { 26 if (eckey->group->meth->ecdsa_sign_setup == NULL) { 27 ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA); 28 return 0; 29 } 30 31 return eckey->group->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); 32 } 33 34 ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, 35 const BIGNUM *in_kinv, const BIGNUM *in_r, 36 EC_KEY *eckey) 37 { 38 if (eckey->group->meth->ecdsa_sign_sig == NULL) { 39 ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA); 40 return NULL; 41 } 42 43 return eckey->group->meth->ecdsa_sign_sig(dgst, dgst_len, 44 in_kinv, in_r, eckey); 45 } 46 47 int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, 48 const ECDSA_SIG *sig, EC_KEY *eckey) 49 { 50 if (eckey->group->meth->ecdsa_verify_sig == NULL) { 51 ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA); 52 return 0; 53 } 54 55 return eckey->group->meth->ecdsa_verify_sig(dgst, dgst_len, sig, eckey); 56 } 16 57 17 58 int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, … … 45 86 46 87 if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { 47 E Cerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);88 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 48 89 return 0; 49 90 } 50 91 if ((priv_key = EC_KEY_get0_private_key(eckey)) == NULL) { 51 E Cerr(EC_F_ECDSA_SIGN_SETUP, EC_R_MISSING_PRIVATE_KEY);92 ERR_raise(ERR_LIB_EC, EC_R_MISSING_PRIVATE_KEY); 52 93 return 0; 53 94 } 54 95 55 96 if (!EC_KEY_can_sign(eckey)) { 56 E Cerr(EC_F_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);97 ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); 57 98 return 0; 58 99 } 59 100 60 101 if ((ctx = ctx_in) == NULL) { 61 if ((ctx = BN_CTX_new ()) == NULL) {62 E Cerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);102 if ((ctx = BN_CTX_new_ex(eckey->libctx)) == NULL) { 103 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 63 104 return 0; 64 105 } 65 106 } 66 107 67 k = BN_ new();/* this value is later returned in *kinvp */108 k = BN_secure_new(); /* this value is later returned in *kinvp */ 68 109 r = BN_new(); /* this value is later returned in *rp */ 69 110 X = BN_new(); 70 111 if (k == NULL || r == NULL || X == NULL) { 71 E Cerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);112 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 72 113 goto err; 73 114 } 74 115 if ((tmp_point = EC_POINT_new(group)) == NULL) { 75 E Cerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);116 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 76 117 goto err; 77 118 } … … 91 132 if (!BN_generate_dsa_nonce(k, order, priv_key, 92 133 dgst, dlen, ctx)) { 93 ECerr(EC_F_ECDSA_SIGN_SETUP, 94 EC_R_RANDOM_NUMBER_GENERATION_FAILED); 134 ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); 95 135 goto err; 96 136 } 97 137 } else { 98 if (!BN_priv_rand_range(k, order)) { 99 ECerr(EC_F_ECDSA_SIGN_SETUP, 100 EC_R_RANDOM_NUMBER_GENERATION_FAILED); 138 if (!BN_priv_rand_range_ex(k, order, 0, ctx)) { 139 ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); 101 140 goto err; 102 141 } … … 106 145 /* compute r the x-coordinate of generator * k */ 107 146 if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { 108 E Cerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);147 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 109 148 goto err; 110 149 } 111 150 112 151 if (!EC_POINT_get_affine_coordinates(group, tmp_point, X, NULL, ctx)) { 113 E Cerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);152 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 114 153 goto err; 115 154 } 116 155 117 156 if (!BN_nnmod(r, X, order, ctx)) { 118 E Cerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);157 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 119 158 goto err; 120 159 } … … 122 161 123 162 /* compute the inverse of k */ 124 if (! ec_group_do_inverse_ord(group, k, k, ctx)) {125 E Cerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);163 if (!ossl_ec_group_do_inverse_ord(group, k, k, ctx)) { 164 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 126 165 goto err; 127 166 } … … 146 185 } 147 186 148 int ossl_ecdsa_si gn_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,149 BIGNUM **rp)187 int ossl_ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 188 BIGNUM **rp) 150 189 { 151 190 return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0); 152 191 } 153 192 154 ECDSA_SIG *ossl_ecdsa_si gn_sig(const unsigned char *dgst, int dgst_len,155 const BIGNUM *in_kinv, const BIGNUM *in_r,156 EC_KEY *eckey)193 ECDSA_SIG *ossl_ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len, 194 const BIGNUM *in_kinv, const BIGNUM *in_r, 195 EC_KEY *eckey) 157 196 { 158 197 int ok = 0, i; … … 168 207 169 208 if (group == NULL) { 170 E Cerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);209 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 171 210 return NULL; 172 211 } 173 212 if (priv_key == NULL) { 174 E Cerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY);213 ERR_raise(ERR_LIB_EC, EC_R_MISSING_PRIVATE_KEY); 175 214 return NULL; 176 215 } 177 216 178 217 if (!EC_KEY_can_sign(eckey)) { 179 E Cerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);218 ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); 180 219 return NULL; 181 220 } … … 183 222 ret = ECDSA_SIG_new(); 184 223 if (ret == NULL) { 185 E Cerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);224 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 186 225 return NULL; 187 226 } … … 189 228 ret->s = BN_new(); 190 229 if (ret->r == NULL || ret->s == NULL) { 191 E Cerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);230 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 192 231 goto err; 193 232 } 194 233 s = ret->s; 195 234 196 if ((ctx = BN_CTX_new ()) == NULL235 if ((ctx = BN_CTX_new_ex(eckey->libctx)) == NULL 197 236 || (m = BN_new()) == NULL) { 198 E Cerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);237 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 199 238 goto err; 200 239 } … … 208 247 dgst_len = (i + 7) / 8; 209 248 if (!BN_bin2bn(dgst, dgst_len, m)) { 210 E Cerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);249 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 211 250 goto err; 212 251 } 213 252 /* If still too long, truncate remaining bits with a shift */ 214 253 if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { 215 E Cerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);254 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 216 255 goto err; 217 256 } … … 219 258 if (in_kinv == NULL || in_r == NULL) { 220 259 if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) { 221 E Cerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_ECDSA_LIB);260 ERR_raise(ERR_LIB_EC, ERR_R_ECDSA_LIB); 222 261 goto err; 223 262 } … … 226 265 ckinv = in_kinv; 227 266 if (BN_copy(ret->r, in_r) == NULL) { 228 E Cerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);267 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 229 268 goto err; 230 269 } … … 240 279 if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx) 241 280 || !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) { 242 E Cerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);281 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 243 282 goto err; 244 283 } 245 284 if (!bn_mod_add_fixed_top(s, s, m, order)) { 246 E Cerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);285 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 247 286 goto err; 248 287 } … … 253 292 if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx) 254 293 || !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) { 255 E Cerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);294 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 256 295 goto err; 257 296 } … … 263 302 */ 264 303 if (in_kinv != NULL && in_r != NULL) { 265 E Cerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);304 ERR_raise(ERR_LIB_EC, EC_R_NEED_NEW_SETUP_VALUES); 266 305 goto err; 267 306 } … … 315 354 } 316 355 317 int ossl_ecdsa_ verify_sig(const unsigned char *dgst, int dgst_len,318 const ECDSA_SIG *sig, EC_KEY *eckey)356 int ossl_ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len, 357 const ECDSA_SIG *sig, EC_KEY *eckey) 319 358 { 320 359 int ret = -1, i; … … 329 368 if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || 330 369 (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { 331 E Cerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_MISSING_PARAMETERS);370 ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS); 332 371 return -1; 333 372 } 334 373 335 374 if (!EC_KEY_can_sign(eckey)) { 336 E Cerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);375 ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); 337 376 return -1; 338 377 } 339 378 340 ctx = BN_CTX_new ();379 ctx = BN_CTX_new_ex(eckey->libctx); 341 380 if (ctx == NULL) { 342 E Cerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);381 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 343 382 return -1; 344 383 } … … 349 388 X = BN_CTX_get(ctx); 350 389 if (X == NULL) { 351 E Cerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);390 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 352 391 goto err; 353 392 } … … 355 394 order = EC_GROUP_get0_order(group); 356 395 if (order == NULL) { 357 E Cerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);396 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 358 397 goto err; 359 398 } … … 362 401 BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || 363 402 BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { 364 E Cerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_BAD_SIGNATURE);403 ERR_raise(ERR_LIB_EC, EC_R_BAD_SIGNATURE); 365 404 ret = 0; /* signature is invalid */ 366 405 goto err; 367 406 } 368 407 /* calculate tmp1 = inv(S) mod order */ 369 if (! ec_group_do_inverse_ord(group, u2, sig->s, ctx)) {370 E Cerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);408 if (!ossl_ec_group_do_inverse_ord(group, u2, sig->s, ctx)) { 409 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 371 410 goto err; 372 411 } … … 379 418 dgst_len = (i + 7) / 8; 380 419 if (!BN_bin2bn(dgst, dgst_len, m)) { 381 E Cerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);420 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 382 421 goto err; 383 422 } 384 423 /* If still too long truncate remaining bits with a shift */ 385 424 if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { 386 E Cerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);425 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 387 426 goto err; 388 427 } 389 428 /* u1 = m * tmp mod order */ 390 429 if (!BN_mod_mul(u1, m, u2, order, ctx)) { 391 E Cerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);430 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 392 431 goto err; 393 432 } 394 433 /* u2 = r * w mod q */ 395 434 if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { 396 E Cerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);435 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 397 436 goto err; 398 437 } 399 438 400 439 if ((point = EC_POINT_new(group)) == NULL) { 401 E Cerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);440 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 402 441 goto err; 403 442 } 404 443 if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) { 405 E Cerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);444 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 406 445 goto err; 407 446 } 408 447 409 448 if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) { 410 E Cerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);449 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 411 450 goto err; 412 451 } 413 452 414 453 if (!BN_nnmod(u1, X, order, ctx)) { 415 E Cerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);454 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 416 455 goto err; 417 456 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/ecdsa_sign.c
r91772 r94082 1 1 /* 2 * Copyright 2015-20 16The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at 7 7 * https://www.openssl.org/source/license.html 8 8 */ 9 10 /* 11 * ECDSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 9 15 10 16 #include <openssl/ec.h> … … 23 29 if (eckey->meth->sign_sig != NULL) 24 30 return eckey->meth->sign_sig(dgst, dlen, kinv, rp, eckey); 25 E Cerr(EC_F_ECDSA_DO_SIGN_EX, EC_R_OPERATION_NOT_SUPPORTED);31 ERR_raise(ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED); 26 32 return NULL; 27 33 } … … 39 45 if (eckey->meth->sign != NULL) 40 46 return eckey->meth->sign(type, dgst, dlen, sig, siglen, kinv, r, eckey); 41 E Cerr(EC_F_ECDSA_SIGN_EX, EC_R_OPERATION_NOT_SUPPORTED);47 ERR_raise(ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED); 42 48 return 0; 43 49 } … … 48 54 if (eckey->meth->sign_setup != NULL) 49 55 return eckey->meth->sign_setup(eckey, ctx_in, kinvp, rp); 50 E Cerr(EC_F_ECDSA_SIGN_SETUP, EC_R_OPERATION_NOT_SUPPORTED);56 ERR_raise(ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED); 51 57 return 0; 52 58 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/ecdsa_vrf.c
r91772 r94082 2 2 * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at 7 7 * https://www.openssl.org/source/license.html 8 8 */ 9 10 /* 11 * ECDSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 9 15 10 16 #include <openssl/ec.h> … … 23 29 if (eckey->meth->verify_sig != NULL) 24 30 return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey); 25 E Cerr(EC_F_ECDSA_DO_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);31 ERR_raise(ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED); 26 32 return -1; 27 33 } … … 39 45 return eckey->meth->verify(type, dgst, dgst_len, sigbuf, sig_len, 40 46 eckey); 41 E Cerr(EC_F_ECDSA_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);47 ERR_raise(ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED); 42 48 return -1; 43 49 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/eck_prn.c
r91772 r94082 1 1 /* 2 * Copyright 2006-20 18The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at 8 8 * https://www.openssl.org/source/license.html 9 9 */ 10 11 #include "internal/deprecated.h" 10 12 11 13 #include <stdio.h> … … 15 17 #include <openssl/bn.h> 16 18 17 #ifndef OPENSSL_NO_STDIO 19 #ifndef OPENSSL_NO_DEPRECATED_3_0 20 # ifndef OPENSSL_NO_STDIO 18 21 int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off) 19 22 { … … 22 25 23 26 if ((b = BIO_new(BIO_s_file())) == NULL) { 24 E Cerr(EC_F_ECPKPARAMETERS_PRINT_FP, ERR_R_BUF_LIB);27 ERR_raise(ERR_LIB_EC, ERR_R_BUF_LIB); 25 28 return 0; 26 29 } … … 37 40 38 41 if ((b = BIO_new(BIO_s_file())) == NULL) { 39 E Cerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);42 ERR_raise(ERR_LIB_EC, ERR_R_BIO_LIB); 40 43 return 0; 41 44 } … … 52 55 53 56 if ((b = BIO_new(BIO_s_file())) == NULL) { 54 E Cerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);57 ERR_raise(ERR_LIB_EC, ERR_R_BIO_LIB); 55 58 return 0; 56 59 } … … 60 63 return ret; 61 64 } 62 #endif 65 #endif /* OPENSSL_NO_STDIO */ 63 66 64 67 static int print_bin(BIO *fp, const char *str, const unsigned char *num, … … 70 73 BN_CTX *ctx = NULL; 71 74 const EC_POINT *point = NULL; 72 BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL; 75 BIGNUM *p = NULL, *a = NULL, *b = NULL; 76 unsigned char *gen_buf = NULL; 73 77 const BIGNUM *order = NULL, *cofactor = NULL; 74 78 const unsigned char *seed; 75 size_t seed_len = 0 ;79 size_t seed_len = 0, gen_buf_len = 0; 76 80 77 81 static const char *gen_compressed = "Generator (compressed):"; … … 113 117 } 114 118 } else { 119 const char *form_str; 115 120 /* explicit parameters */ 116 121 int is_char_two = 0; 117 122 point_conversion_form_t form; 118 int tmp_nid = EC_ METHOD_get_field_type(EC_GROUP_method_of(x));123 int tmp_nid = EC_GROUP_get_field_type(x); 119 124 120 125 if (tmp_nid == NID_X9_62_characteristic_two_field) … … 145 150 form = EC_GROUP_get_point_conversion_form(x); 146 151 147 if ((gen = EC_POINT_point2bn(x, point, form, NULL, ctx)) == NULL) { 152 gen_buf_len = EC_POINT_point2buf(x, point, form, &gen_buf, ctx); 153 if (gen_buf_len == 0) { 148 154 reason = ERR_R_EC_LIB; 149 155 goto err; … … 186 192 if ((b != NULL) && !ASN1_bn_print(bp, "B: ", b, NULL, off)) 187 193 goto err; 188 if (form == POINT_CONVERSION_COMPRESSED) { 189 if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen, 190 NULL, off)) 191 goto err; 192 } else if (form == POINT_CONVERSION_UNCOMPRESSED) { 193 if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen, 194 NULL, off)) 195 goto err; 196 } else { /* form == POINT_CONVERSION_HYBRID */ 197 198 if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen, 199 NULL, off)) 200 goto err; 201 } 202 if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order, 203 NULL, off)) 194 195 if (form == POINT_CONVERSION_COMPRESSED) 196 form_str = gen_compressed; 197 else if (form == POINT_CONVERSION_UNCOMPRESSED) 198 form_str = gen_uncompressed; 199 else 200 form_str = gen_hybrid; 201 if (gen_buf != NULL 202 && !print_bin(bp, form_str, gen_buf, gen_buf_len, off)) 203 goto err; 204 205 if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order, NULL, off)) 204 206 goto err; 205 207 if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor, … … 212 214 err: 213 215 if (!ret) 214 E Cerr(EC_F_ECPKPARAMETERS_PRINT, reason);216 ERR_raise(ERR_LIB_EC, reason); 215 217 BN_free(p); 216 218 BN_free(a); 217 219 BN_free(b); 218 BN_free(gen);220 OPENSSL_clear_free(gen_buf, gen_buf_len); 219 221 BN_CTX_free(ctx); 220 222 return ret; … … 258 260 return 1; 259 261 } 262 #endif /* OPENSSL_NO_DEPRECATED_3_0 */ -
trunk/src/libs/openssl-3.0.1/crypto/ec/ecp_mont.c
r91772 r94082 1 1 /* 2 * Copyright 2001-20 19The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 9 9 */ 10 10 11 /* 12 * ECDSA low level APIs are deprecated for public use, but still ok for 13 * internal use. 14 */ 15 #include "internal/deprecated.h" 16 11 17 #include <openssl/err.h> 12 18 … … 18 24 EC_FLAGS_DEFAULT_OCT, 19 25 NID_X9_62_prime_field, 20 ec_GFp_mont_group_init, 21 ec_GFp_mont_group_finish, 22 ec_GFp_mont_group_clear_finish, 23 ec_GFp_mont_group_copy, 24 ec_GFp_mont_group_set_curve, 25 ec_GFp_simple_group_get_curve, 26 ec_GFp_simple_group_get_degree, 27 ec_group_simple_order_bits, 28 ec_GFp_simple_group_check_discriminant, 29 ec_GFp_simple_point_init, 30 ec_GFp_simple_point_finish, 31 ec_GFp_simple_point_clear_finish, 32 ec_GFp_simple_point_copy, 33 ec_GFp_simple_point_set_to_infinity, 34 ec_GFp_simple_set_Jprojective_coordinates_GFp, 35 ec_GFp_simple_get_Jprojective_coordinates_GFp, 36 ec_GFp_simple_point_set_affine_coordinates, 37 ec_GFp_simple_point_get_affine_coordinates, 26 ossl_ec_GFp_mont_group_init, 27 ossl_ec_GFp_mont_group_finish, 28 ossl_ec_GFp_mont_group_clear_finish, 29 ossl_ec_GFp_mont_group_copy, 30 ossl_ec_GFp_mont_group_set_curve, 31 ossl_ec_GFp_simple_group_get_curve, 32 ossl_ec_GFp_simple_group_get_degree, 33 ossl_ec_group_simple_order_bits, 34 ossl_ec_GFp_simple_group_check_discriminant, 35 ossl_ec_GFp_simple_point_init, 36 ossl_ec_GFp_simple_point_finish, 37 ossl_ec_GFp_simple_point_clear_finish, 38 ossl_ec_GFp_simple_point_copy, 39 ossl_ec_GFp_simple_point_set_to_infinity, 40 ossl_ec_GFp_simple_point_set_affine_coordinates, 41 ossl_ec_GFp_simple_point_get_affine_coordinates, 38 42 0, 0, 0, 39 ec_GFp_simple_add,40 ec_GFp_simple_dbl,41 ec_GFp_simple_invert,42 ec_GFp_simple_is_at_infinity,43 ec_GFp_simple_is_on_curve,44 ec_GFp_simple_cmp,45 ec_GFp_simple_make_affine,46 ec_GFp_simple_points_make_affine,43 ossl_ec_GFp_simple_add, 44 ossl_ec_GFp_simple_dbl, 45 ossl_ec_GFp_simple_invert, 46 ossl_ec_GFp_simple_is_at_infinity, 47 ossl_ec_GFp_simple_is_on_curve, 48 ossl_ec_GFp_simple_cmp, 49 ossl_ec_GFp_simple_make_affine, 50 ossl_ec_GFp_simple_points_make_affine, 47 51 0 /* mul */ , 48 52 0 /* precompute_mult */ , 49 53 0 /* have_precompute_mult */ , 50 ec_GFp_mont_field_mul,51 ec_GFp_mont_field_sqr,54 ossl_ec_GFp_mont_field_mul, 55 ossl_ec_GFp_mont_field_sqr, 52 56 0 /* field_div */ , 53 ec_GFp_mont_field_inv,54 ec_GFp_mont_field_encode,55 ec_GFp_mont_field_decode,56 ec_GFp_mont_field_set_to_one,57 ec_key_simple_priv2oct,58 ec_key_simple_oct2priv,57 ossl_ec_GFp_mont_field_inv, 58 ossl_ec_GFp_mont_field_encode, 59 ossl_ec_GFp_mont_field_decode, 60 ossl_ec_GFp_mont_field_set_to_one, 61 ossl_ec_key_simple_priv2oct, 62 ossl_ec_key_simple_oct2priv, 59 63 0, /* set private */ 60 ec_key_simple_generate_key,61 ec_key_simple_check_key,62 ec_key_simple_generate_public_key,64 ossl_ec_key_simple_generate_key, 65 ossl_ec_key_simple_check_key, 66 ossl_ec_key_simple_generate_public_key, 63 67 0, /* keycopy */ 64 68 0, /* keyfinish */ 65 ecdh_simple_compute_key, 69 ossl_ecdh_simple_compute_key, 70 ossl_ecdsa_simple_sign_setup, 71 ossl_ecdsa_simple_sign_sig, 72 ossl_ecdsa_simple_verify_sig, 66 73 0, /* field_inverse_mod_ord */ 67 ec_GFp_simple_blind_coordinates,68 ec_GFp_simple_ladder_pre,69 ec_GFp_simple_ladder_step,70 ec_GFp_simple_ladder_post74 ossl_ec_GFp_simple_blind_coordinates, 75 ossl_ec_GFp_simple_ladder_pre, 76 ossl_ec_GFp_simple_ladder_step, 77 ossl_ec_GFp_simple_ladder_post 71 78 }; 72 79 … … 74 81 } 75 82 76 int ec_GFp_mont_group_init(EC_GROUP *group)83 int ossl_ec_GFp_mont_group_init(EC_GROUP *group) 77 84 { 78 85 int ok; 79 86 80 ok = ec_GFp_simple_group_init(group);87 ok = ossl_ec_GFp_simple_group_init(group); 81 88 group->field_data1 = NULL; 82 89 group->field_data2 = NULL; … … 84 91 } 85 92 86 void ec_GFp_mont_group_finish(EC_GROUP *group)93 void ossl_ec_GFp_mont_group_finish(EC_GROUP *group) 87 94 { 88 95 BN_MONT_CTX_free(group->field_data1); … … 90 97 BN_free(group->field_data2); 91 98 group->field_data2 = NULL; 92 ec_GFp_simple_group_finish(group);93 } 94 95 void ec_GFp_mont_group_clear_finish(EC_GROUP *group)99 ossl_ec_GFp_simple_group_finish(group); 100 } 101 102 void ossl_ec_GFp_mont_group_clear_finish(EC_GROUP *group) 96 103 { 97 104 BN_MONT_CTX_free(group->field_data1); … … 99 106 BN_clear_free(group->field_data2); 100 107 group->field_data2 = NULL; 101 ec_GFp_simple_group_clear_finish(group);102 } 103 104 int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)108 ossl_ec_GFp_simple_group_clear_finish(group); 109 } 110 111 int ossl_ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src) 105 112 { 106 113 BN_MONT_CTX_free(dest->field_data1); … … 109 116 dest->field_data2 = NULL; 110 117 111 if (! ec_GFp_simple_group_copy(dest, src))118 if (!ossl_ec_GFp_simple_group_copy(dest, src)) 112 119 return 0; 113 120 … … 133 140 } 134 141 135 int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, 136 const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) 142 int ossl_ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, 143 const BIGNUM *a, const BIGNUM *b, 144 BN_CTX *ctx) 137 145 { 138 146 BN_CTX *new_ctx = NULL; … … 147 155 148 156 if (ctx == NULL) { 149 ctx = new_ctx = BN_CTX_new ();157 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 150 158 if (ctx == NULL) 151 159 return 0; … … 156 164 goto err; 157 165 if (!BN_MONT_CTX_set(mont, p, ctx)) { 158 E Cerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB);166 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 159 167 goto err; 160 168 } … … 170 178 one = NULL; 171 179 172 ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);180 ret = ossl_ec_GFp_simple_group_set_curve(group, p, a, b, ctx); 173 181 174 182 if (!ret) { … … 186 194 } 187 195 188 int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,189 const BIGNUM *b, BN_CTX *ctx)196 int ossl_ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, 197 const BIGNUM *b, BN_CTX *ctx) 190 198 { 191 199 if (group->field_data1 == NULL) { 192 E Cerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);200 ERR_raise(ERR_LIB_EC, EC_R_NOT_INITIALIZED); 193 201 return 0; 194 202 } … … 197 205 } 198 206 199 int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,200 BN_CTX *ctx)207 int ossl_ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, 208 BN_CTX *ctx) 201 209 { 202 210 if (group->field_data1 == NULL) { 203 E Cerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);211 ERR_raise(ERR_LIB_EC, EC_R_NOT_INITIALIZED); 204 212 return 0; 205 213 } … … 213 221 * We have a Mont structure, so SCA hardening is FLT inversion. 214 222 */ 215 int ec_GFp_mont_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,216 BN_CTX *ctx)223 int ossl_ec_GFp_mont_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, 224 BN_CTX *ctx) 217 225 { 218 226 BIGNUM *e = NULL; … … 223 231 return 0; 224 232 225 if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) 233 if (ctx == NULL 234 && (ctx = new_ctx = BN_CTX_secure_new_ex(group->libctx)) == NULL) 226 235 return 0; 227 236 … … 244 253 /* throw an error on zero */ 245 254 if (BN_is_zero(r)) { 246 E Cerr(EC_F_EC_GFP_MONT_FIELD_INV, EC_R_CANNOT_INVERT);255 ERR_raise(ERR_LIB_EC, EC_R_CANNOT_INVERT); 247 256 goto err; 248 257 } … … 256 265 } 257 266 258 int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r,259 const BIGNUM *a, BN_CTX *ctx)267 int ossl_ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, 268 const BIGNUM *a, BN_CTX *ctx) 260 269 { 261 270 if (group->field_data1 == NULL) { 262 E Cerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);271 ERR_raise(ERR_LIB_EC, EC_R_NOT_INITIALIZED); 263 272 return 0; 264 273 } … … 267 276 } 268 277 269 int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r,270 const BIGNUM *a, BN_CTX *ctx)278 int ossl_ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, 279 const BIGNUM *a, BN_CTX *ctx) 271 280 { 272 281 if (group->field_data1 == NULL) { 273 E Cerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);282 ERR_raise(ERR_LIB_EC, EC_R_NOT_INITIALIZED); 274 283 return 0; 275 284 } … … 278 287 } 279 288 280 int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r,281 BN_CTX *ctx)289 int ossl_ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, 290 BN_CTX *ctx) 282 291 { 283 292 if (group->field_data2 == NULL) { 284 E Cerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED);293 ERR_raise(ERR_LIB_EC, EC_R_NOT_INITIALIZED); 285 294 return 0; 286 295 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/ecp_nist.c
r91772 r94082 1 1 /* 2 * Copyright 2001-20 19The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at 8 8 * https://www.openssl.org/source/license.html 9 9 */ 10 11 /* 12 * ECDSA low level APIs are deprecated for public use, but still ok for 13 * internal use. 14 */ 15 #include "internal/deprecated.h" 10 16 11 17 #include <limits.h> … … 20 26 EC_FLAGS_DEFAULT_OCT, 21 27 NID_X9_62_prime_field, 22 ec_GFp_simple_group_init, 23 ec_GFp_simple_group_finish, 24 ec_GFp_simple_group_clear_finish, 25 ec_GFp_nist_group_copy, 26 ec_GFp_nist_group_set_curve, 27 ec_GFp_simple_group_get_curve, 28 ec_GFp_simple_group_get_degree, 29 ec_group_simple_order_bits, 30 ec_GFp_simple_group_check_discriminant, 31 ec_GFp_simple_point_init, 32 ec_GFp_simple_point_finish, 33 ec_GFp_simple_point_clear_finish, 34 ec_GFp_simple_point_copy, 35 ec_GFp_simple_point_set_to_infinity, 36 ec_GFp_simple_set_Jprojective_coordinates_GFp, 37 ec_GFp_simple_get_Jprojective_coordinates_GFp, 38 ec_GFp_simple_point_set_affine_coordinates, 39 ec_GFp_simple_point_get_affine_coordinates, 28 ossl_ec_GFp_simple_group_init, 29 ossl_ec_GFp_simple_group_finish, 30 ossl_ec_GFp_simple_group_clear_finish, 31 ossl_ec_GFp_nist_group_copy, 32 ossl_ec_GFp_nist_group_set_curve, 33 ossl_ec_GFp_simple_group_get_curve, 34 ossl_ec_GFp_simple_group_get_degree, 35 ossl_ec_group_simple_order_bits, 36 ossl_ec_GFp_simple_group_check_discriminant, 37 ossl_ec_GFp_simple_point_init, 38 ossl_ec_GFp_simple_point_finish, 39 ossl_ec_GFp_simple_point_clear_finish, 40 ossl_ec_GFp_simple_point_copy, 41 ossl_ec_GFp_simple_point_set_to_infinity, 42 ossl_ec_GFp_simple_point_set_affine_coordinates, 43 ossl_ec_GFp_simple_point_get_affine_coordinates, 40 44 0, 0, 0, 41 ec_GFp_simple_add,42 ec_GFp_simple_dbl,43 ec_GFp_simple_invert,44 ec_GFp_simple_is_at_infinity,45 ec_GFp_simple_is_on_curve,46 ec_GFp_simple_cmp,47 ec_GFp_simple_make_affine,48 ec_GFp_simple_points_make_affine,45 ossl_ec_GFp_simple_add, 46 ossl_ec_GFp_simple_dbl, 47 ossl_ec_GFp_simple_invert, 48 ossl_ec_GFp_simple_is_at_infinity, 49 ossl_ec_GFp_simple_is_on_curve, 50 ossl_ec_GFp_simple_cmp, 51 ossl_ec_GFp_simple_make_affine, 52 ossl_ec_GFp_simple_points_make_affine, 49 53 0 /* mul */ , 50 54 0 /* precompute_mult */ , 51 55 0 /* have_precompute_mult */ , 52 ec_GFp_nist_field_mul,53 ec_GFp_nist_field_sqr,56 ossl_ec_GFp_nist_field_mul, 57 ossl_ec_GFp_nist_field_sqr, 54 58 0 /* field_div */ , 55 ec_GFp_simple_field_inv,59 ossl_ec_GFp_simple_field_inv, 56 60 0 /* field_encode */ , 57 61 0 /* field_decode */ , 58 62 0, /* field_set_to_one */ 59 ec_key_simple_priv2oct,60 ec_key_simple_oct2priv,63 ossl_ec_key_simple_priv2oct, 64 ossl_ec_key_simple_oct2priv, 61 65 0, /* set private */ 62 ec_key_simple_generate_key,63 ec_key_simple_check_key,64 ec_key_simple_generate_public_key,66 ossl_ec_key_simple_generate_key, 67 ossl_ec_key_simple_check_key, 68 ossl_ec_key_simple_generate_public_key, 65 69 0, /* keycopy */ 66 70 0, /* keyfinish */ 67 ecdh_simple_compute_key, 71 ossl_ecdh_simple_compute_key, 72 ossl_ecdsa_simple_sign_setup, 73 ossl_ecdsa_simple_sign_sig, 74 ossl_ecdsa_simple_verify_sig, 68 75 0, /* field_inverse_mod_ord */ 69 ec_GFp_simple_blind_coordinates,70 ec_GFp_simple_ladder_pre,71 ec_GFp_simple_ladder_step,72 ec_GFp_simple_ladder_post76 ossl_ec_GFp_simple_blind_coordinates, 77 ossl_ec_GFp_simple_ladder_pre, 78 ossl_ec_GFp_simple_ladder_step, 79 ossl_ec_GFp_simple_ladder_post 73 80 }; 74 81 … … 76 83 } 77 84 78 int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)85 int ossl_ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) 79 86 { 80 87 dest->field_mod_func = src->field_mod_func; 81 88 82 return ec_GFp_simple_group_copy(dest, src);89 return ossl_ec_GFp_simple_group_copy(dest, src); 83 90 } 84 91 85 int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, 86 const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) 92 int ossl_ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, 93 const BIGNUM *a, const BIGNUM *b, 94 BN_CTX *ctx) 87 95 { 88 96 int ret = 0; … … 90 98 91 99 if (ctx == NULL) 92 if ((ctx = new_ctx = BN_CTX_new ()) == NULL)100 if ((ctx = new_ctx = BN_CTX_new_ex(group->libctx)) == NULL) 93 101 return 0; 94 102 … … 106 114 group->field_mod_func = BN_nist_mod_521; 107 115 else { 108 E Cerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME);116 ERR_raise(ERR_LIB_EC, EC_R_NOT_A_NIST_PRIME); 109 117 goto err; 110 118 } 111 119 112 ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);120 ret = ossl_ec_GFp_simple_group_set_curve(group, p, a, b, ctx); 113 121 114 122 err: … … 118 126 } 119 127 120 int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,121 const BIGNUM *b, BN_CTX *ctx)128 int ossl_ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, 129 const BIGNUM *b, BN_CTX *ctx) 122 130 { 123 131 int ret = 0; … … 125 133 126 134 if (!group || !r || !a || !b) { 127 E Cerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER);135 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 128 136 goto err; 129 137 } 130 138 if (!ctx) 131 if ((ctx_new = ctx = BN_CTX_new ()) == NULL)139 if ((ctx_new = ctx = BN_CTX_new_ex(group->libctx)) == NULL) 132 140 goto err; 133 141 … … 143 151 } 144 152 145 int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,146 BN_CTX *ctx)153 int ossl_ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, 154 BN_CTX *ctx) 147 155 { 148 156 int ret = 0; … … 150 158 151 159 if (!group || !r || !a) { 152 E Cerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER);160 ERR_raise(ERR_LIB_EC, EC_R_PASSED_NULL_PARAMETER); 153 161 goto err; 154 162 } 155 163 if (!ctx) 156 if ((ctx_new = ctx = BN_CTX_new ()) == NULL)164 if ((ctx_new = ctx = BN_CTX_new_ex(group->libctx)) == NULL) 157 165 goto err; 158 166 -
trunk/src/libs/openssl-3.0.1/crypto/ec/ecp_nistp224.c
r91772 r94082 1 1 /* 2 * Copyright 2010-202 0The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at … … 25 25 26 26 /* 27 * ECDSA low level APIs are deprecated for public use, but still ok for 28 * internal use. 29 */ 30 #include "internal/deprecated.h" 31 32 /* 27 33 * A 64-bit implementation of the NIST P-224 elliptic curve point multiplication 28 34 * … … 32 38 33 39 #include <openssl/opensslconf.h> 34 #ifdef OPENSSL_NO_EC_NISTP_64_GCC_128 35 NON_EMPTY_TRANSLATION_UNIT 36 #else 37 38 # include <stdint.h> 39 # include <string.h> 40 # include <openssl/err.h> 41 # include "ec_local.h" 42 43 # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 44 /* even with gcc, the typedef won't work for 32-bit platforms */ 45 typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit 46 * platforms */ 47 # else 48 # error "Your compiler doesn't appear to support 128-bit integer types" 49 # endif 40 41 #include <stdint.h> 42 #include <string.h> 43 #include <openssl/err.h> 44 #include "ec_local.h" 45 46 #include "internal/numbers.h" 47 48 #ifndef INT128_MAX 49 # error "Your compiler doesn't appear to support 128-bit integer types" 50 #endif 50 51 51 52 typedef uint8_t u8; … … 246 247 EC_FLAGS_DEFAULT_OCT, 247 248 NID_X9_62_prime_field, 248 ec_GFp_nistp224_group_init, 249 ec_GFp_simple_group_finish, 250 ec_GFp_simple_group_clear_finish, 251 ec_GFp_nist_group_copy, 252 ec_GFp_nistp224_group_set_curve, 253 ec_GFp_simple_group_get_curve, 254 ec_GFp_simple_group_get_degree, 255 ec_group_simple_order_bits, 256 ec_GFp_simple_group_check_discriminant, 257 ec_GFp_simple_point_init, 258 ec_GFp_simple_point_finish, 259 ec_GFp_simple_point_clear_finish, 260 ec_GFp_simple_point_copy, 261 ec_GFp_simple_point_set_to_infinity, 262 ec_GFp_simple_set_Jprojective_coordinates_GFp, 263 ec_GFp_simple_get_Jprojective_coordinates_GFp, 264 ec_GFp_simple_point_set_affine_coordinates, 265 ec_GFp_nistp224_point_get_affine_coordinates, 249 ossl_ec_GFp_nistp224_group_init, 250 ossl_ec_GFp_simple_group_finish, 251 ossl_ec_GFp_simple_group_clear_finish, 252 ossl_ec_GFp_nist_group_copy, 253 ossl_ec_GFp_nistp224_group_set_curve, 254 ossl_ec_GFp_simple_group_get_curve, 255 ossl_ec_GFp_simple_group_get_degree, 256 ossl_ec_group_simple_order_bits, 257 ossl_ec_GFp_simple_group_check_discriminant, 258 ossl_ec_GFp_simple_point_init, 259 ossl_ec_GFp_simple_point_finish, 260 ossl_ec_GFp_simple_point_clear_finish, 261 ossl_ec_GFp_simple_point_copy, 262 ossl_ec_GFp_simple_point_set_to_infinity, 263 ossl_ec_GFp_simple_point_set_affine_coordinates, 264 ossl_ec_GFp_nistp224_point_get_affine_coordinates, 266 265 0 /* point_set_compressed_coordinates */ , 267 266 0 /* point2oct */ , 268 267 0 /* oct2point */ , 269 ec_GFp_simple_add,270 ec_GFp_simple_dbl,271 ec_GFp_simple_invert,272 ec_GFp_simple_is_at_infinity,273 ec_GFp_simple_is_on_curve,274 ec_GFp_simple_cmp,275 ec_GFp_simple_make_affine,276 ec_GFp_simple_points_make_affine,277 ec_GFp_nistp224_points_mul,278 ec_GFp_nistp224_precompute_mult,279 ec_GFp_nistp224_have_precompute_mult,280 ec_GFp_nist_field_mul,281 ec_GFp_nist_field_sqr,268 ossl_ec_GFp_simple_add, 269 ossl_ec_GFp_simple_dbl, 270 ossl_ec_GFp_simple_invert, 271 ossl_ec_GFp_simple_is_at_infinity, 272 ossl_ec_GFp_simple_is_on_curve, 273 ossl_ec_GFp_simple_cmp, 274 ossl_ec_GFp_simple_make_affine, 275 ossl_ec_GFp_simple_points_make_affine, 276 ossl_ec_GFp_nistp224_points_mul, 277 ossl_ec_GFp_nistp224_precompute_mult, 278 ossl_ec_GFp_nistp224_have_precompute_mult, 279 ossl_ec_GFp_nist_field_mul, 280 ossl_ec_GFp_nist_field_sqr, 282 281 0 /* field_div */ , 283 ec_GFp_simple_field_inv,282 ossl_ec_GFp_simple_field_inv, 284 283 0 /* field_encode */ , 285 284 0 /* field_decode */ , 286 285 0, /* field_set_to_one */ 287 ec_key_simple_priv2oct,288 ec_key_simple_oct2priv,286 ossl_ec_key_simple_priv2oct, 287 ossl_ec_key_simple_oct2priv, 289 288 0, /* set private */ 290 ec_key_simple_generate_key,291 ec_key_simple_check_key,292 ec_key_simple_generate_public_key,289 ossl_ec_key_simple_generate_key, 290 ossl_ec_key_simple_check_key, 291 ossl_ec_key_simple_generate_public_key, 293 292 0, /* keycopy */ 294 293 0, /* keyfinish */ 295 ecdh_simple_compute_key, 294 ossl_ecdh_simple_compute_key, 295 ossl_ecdsa_simple_sign_setup, 296 ossl_ecdsa_simple_sign_sig, 297 ossl_ecdsa_simple_verify_sig, 296 298 0, /* field_inverse_mod_ord */ 297 299 0, /* blind_coordinates */ … … 333 335 334 336 if (BN_is_negative(bn)) { 335 E Cerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);337 ERR_raise(ERR_LIB_EC, EC_R_BIGNUM_OUT_OF_RANGE); 336 338 return 0; 337 339 } 338 340 num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); 339 341 if (num_bytes < 0) { 340 E Cerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);342 ERR_raise(ERR_LIB_EC, EC_R_BIGNUM_OUT_OF_RANGE); 341 343 return 0; 342 344 } … … 664 666 static void felem_neg(felem out, const felem in) 665 667 { 666 widefelem tmp = {0}; 668 widefelem tmp; 669 670 memset(tmp, 0, sizeof(tmp)); 667 671 felem_diff_128_64(tmp, in); 668 672 felem_reduce(out, tmp); … … 1202 1206 bits |= get_bit(scalars[num], i) << 1; 1203 1207 bits |= get_bit(scalars[num], i - 1); 1204 ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);1208 ossl_ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); 1205 1209 1206 1210 /* select the point to add or subtract */ … … 1236 1240 1237 1241 if (!ret) { 1238 E Cerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);1242 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1239 1243 return ret; 1240 1244 } … … 1244 1248 ret->lock = CRYPTO_THREAD_lock_new(); 1245 1249 if (ret->lock == NULL) { 1246 E Cerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);1250 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1247 1251 OPENSSL_free(ret); 1248 1252 return NULL; … … 1267 1271 1268 1272 CRYPTO_DOWN_REF(&p->references, &i, p->lock); 1269 REF_PRINT_COUNT("EC_nistp224", x);1273 REF_PRINT_COUNT("EC_nistp224", p); 1270 1274 if (i > 0) 1271 1275 return; … … 1281 1285 */ 1282 1286 1283 int ec_GFp_nistp224_group_init(EC_GROUP *group)1287 int ossl_ec_GFp_nistp224_group_init(EC_GROUP *group) 1284 1288 { 1285 1289 int ret; 1286 ret = ec_GFp_simple_group_init(group);1290 ret = ossl_ec_GFp_simple_group_init(group); 1287 1291 group->a_is_minus3 = 1; 1288 1292 return ret; 1289 1293 } 1290 1294 1291 int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p,1292 const BIGNUM *a, const BIGNUM *b,1293 BN_CTX *ctx)1295 int ossl_ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, 1296 const BIGNUM *a, const BIGNUM *b, 1297 BN_CTX *ctx) 1294 1298 { 1295 1299 int ret = 0; 1300 BIGNUM *curve_p, *curve_a, *curve_b; 1301 #ifndef FIPS_MODULE 1296 1302 BN_CTX *new_ctx = NULL; 1297 BIGNUM *curve_p, *curve_a, *curve_b;1298 1303 1299 1304 if (ctx == NULL) 1300 if ((ctx = new_ctx = BN_CTX_new()) == NULL) 1301 return 0; 1305 ctx = new_ctx = BN_CTX_new(); 1306 #endif 1307 if (ctx == NULL) 1308 return 0; 1309 1302 1310 BN_CTX_start(ctx); 1303 1311 curve_p = BN_CTX_get(ctx); … … 1310 1318 BN_bin2bn(nistp224_curve_params[2], sizeof(felem_bytearray), curve_b); 1311 1319 if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || (BN_cmp(curve_b, b))) { 1312 ECerr(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE, 1313 EC_R_WRONG_CURVE_PARAMETERS); 1320 ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS); 1314 1321 goto err; 1315 1322 } 1316 1323 group->field_mod_func = BN_nist_mod_224; 1317 ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);1324 ret = ossl_ec_GFp_simple_group_set_curve(group, p, a, b, ctx); 1318 1325 err: 1319 1326 BN_CTX_end(ctx); 1327 #ifndef FIPS_MODULE 1320 1328 BN_CTX_free(new_ctx); 1329 #endif 1321 1330 return ret; 1322 1331 } … … 1326 1335 * (X/Z^2, Y/Z^3) 1327 1336 */ 1328 int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group,1329 const EC_POINT *point,1330 BIGNUM *x, BIGNUM *y,1331 BN_CTX *ctx)1337 int ossl_ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, 1338 const EC_POINT *point, 1339 BIGNUM *x, BIGNUM *y, 1340 BN_CTX *ctx) 1332 1341 { 1333 1342 felem z1, z2, x_in, y_in, x_out, y_out; … … 1335 1344 1336 1345 if (EC_POINT_is_at_infinity(group, point)) { 1337 ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES, 1338 EC_R_POINT_AT_INFINITY); 1346 ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); 1339 1347 return 0; 1340 1348 } … … 1350 1358 if (x != NULL) { 1351 1359 if (!felem_to_BN(x, x_out)) { 1352 ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES, 1353 ERR_R_BN_LIB); 1360 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1354 1361 return 0; 1355 1362 } … … 1362 1369 if (y != NULL) { 1363 1370 if (!felem_to_BN(y, y_out)) { 1364 ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES, 1365 ERR_R_BN_LIB); 1371 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1366 1372 return 0; 1367 1373 } … … 1377 1383 * normally shouldn't happen). 1378 1384 */ 1379 ec_GFp_nistp_points_make_affine_internal(num,1380 points,1381 sizeof(felem),1382 tmp_felems,1383 (void (*)(void *))felem_one,1384 felem_is_zero_int,1385 (void (*)(void *, const void *))1386 felem_assign,1387 (void (*)(void *, const void *))1388 felem_square_reduce, (void (*)1389 (void *,1390 const void1391 *,1392 const void1393 *))1394 felem_mul_reduce,1395 (void (*)(void *, const void *))1396 felem_inv,1397 (void (*)(void *, const void *))1398 felem_contract);1385 ossl_ec_GFp_nistp_points_make_affine_internal(num, 1386 points, 1387 sizeof(felem), 1388 tmp_felems, 1389 (void (*)(void *))felem_one, 1390 felem_is_zero_int, 1391 (void (*)(void *, const void *)) 1392 felem_assign, 1393 (void (*)(void *, const void *)) 1394 felem_square_reduce, (void (*) 1395 (void *, 1396 const void 1397 *, 1398 const void 1399 *)) 1400 felem_mul_reduce, 1401 (void (*)(void *, const void *)) 1402 felem_inv, 1403 (void (*)(void *, const void *)) 1404 felem_contract); 1399 1405 } 1400 1406 … … 1403 1409 * values Result is stored in r (r can equal one of the inputs). 1404 1410 */ 1405 int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,1406 const BIGNUM *scalar, size_t num,1407 const EC_POINT *points[],1408 const BIGNUM *scalars[], BN_CTX *ctx)1411 int ossl_ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, 1412 const BIGNUM *scalar, size_t num, 1413 const EC_POINT *points[], 1414 const BIGNUM *scalars[], BN_CTX *ctx) 1409 1415 { 1410 1416 int ret = 0; … … 1450 1456 !felem_to_BN(y, g_pre_comp[0][1][1]) || 1451 1457 !felem_to_BN(z, g_pre_comp[0][1][2])) { 1452 E Cerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);1458 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1453 1459 goto err; 1454 1460 } 1455 if (! EC_POINT_set_Jprojective_coordinates_GFp(group,1456 generator, x, y, z,1457 ctx))1461 if (!ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, 1462 generator, 1463 x, y, z, ctx)) 1458 1464 goto err; 1459 1465 if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) … … 1483 1489 if ((secrets == NULL) || (pre_comp == NULL) 1484 1490 || (mixed && (tmp_felems == NULL))) { 1485 E Cerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_MALLOC_FAILURE);1491 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1486 1492 goto err; 1487 1493 } … … 1510 1516 */ 1511 1517 if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) { 1512 E Cerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);1518 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1513 1519 goto err; 1514 1520 } … … 1520 1526 } 1521 1527 if (num_bytes < 0) { 1522 E Cerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);1528 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1523 1529 goto err; 1524 1530 } … … 1562 1568 */ 1563 1569 if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) { 1564 E Cerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);1570 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1565 1571 goto err; 1566 1572 } … … 1586 1592 if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) || 1587 1593 (!felem_to_BN(z, z_in))) { 1588 E Cerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);1594 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1589 1595 goto err; 1590 1596 } 1591 ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx); 1597 ret = ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, r, x, y, z, 1598 ctx); 1592 1599 1593 1600 err: … … 1600 1607 } 1601 1608 1602 int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)1609 int ossl_ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx) 1603 1610 { 1604 1611 int ret = 0; 1605 1612 NISTP224_PRE_COMP *pre = NULL; 1606 1613 int i, j; 1607 BN_CTX *new_ctx = NULL;1608 1614 BIGNUM *x, *y; 1609 1615 EC_POINT *generator = NULL; 1610 1616 felem tmp_felems[32]; 1617 #ifndef FIPS_MODULE 1618 BN_CTX *new_ctx = NULL; 1619 #endif 1611 1620 1612 1621 /* throw away old precomputation */ 1613 1622 EC_pre_comp_free(group); 1623 1624 #ifndef FIPS_MODULE 1614 1625 if (ctx == NULL) 1615 if ((ctx = new_ctx = BN_CTX_new()) == NULL) 1616 return 0; 1626 ctx = new_ctx = BN_CTX_new(); 1627 #endif 1628 if (ctx == NULL) 1629 return 0; 1630 1617 1631 BN_CTX_start(ctx); 1618 1632 x = BN_CTX_get(ctx); … … 1722 1736 BN_CTX_end(ctx); 1723 1737 EC_POINT_free(generator); 1738 #ifndef FIPS_MODULE 1724 1739 BN_CTX_free(new_ctx); 1740 #endif 1725 1741 EC_nistp224_pre_comp_free(pre); 1726 1742 return ret; 1727 1743 } 1728 1744 1729 int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group)1745 int ossl_ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group) 1730 1746 { 1731 1747 return HAVEPRECOMP(group, nistp224); 1732 1748 } 1733 1734 #endif -
trunk/src/libs/openssl-3.0.1/crypto/ec/ecp_nistp256.c
r91772 r94082 1 1 /* 2 * Copyright 2011-202 0The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at … … 25 25 26 26 /* 27 * ECDSA low level APIs are deprecated for public use, but still ok for 28 * internal use. 29 */ 30 #include "internal/deprecated.h" 31 32 /* 27 33 * A 64-bit implementation of the NIST P-256 elliptic curve point multiplication 28 34 * … … 33 39 34 40 #include <openssl/opensslconf.h> 35 #ifdef OPENSSL_NO_EC_NISTP_64_GCC_128 36 NON_EMPTY_TRANSLATION_UNIT 37 #else 38 39 # include <stdint.h> 40 # include <string.h> 41 # include <openssl/err.h> 42 # include "ec_local.h" 43 44 # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 45 /* even with gcc, the typedef won't work for 32-bit platforms */ 46 typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit 47 * platforms */ 48 typedef __int128_t int128_t; 49 # else 50 # error "Your compiler doesn't appear to support 128-bit integer types" 51 # endif 41 42 #include <stdint.h> 43 #include <string.h> 44 #include <openssl/err.h> 45 #include "ec_local.h" 46 47 #include "internal/numbers.h" 48 49 #ifndef INT128_MAX 50 # error "Your compiler doesn't appear to support 128-bit integer types" 51 #endif 52 52 53 53 typedef uint8_t u8; … … 57 57 /* 58 58 * The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We 59 * can seriali se an element of this field into 32 bytes. We call this an59 * can serialize an element of this field into 32 bytes. We call this an 60 60 * felem_bytearray. 61 61 */ … … 111 111 */ 112 112 113 # 113 #define NLIMBS 4 114 114 115 115 typedef uint128_t limb; … … 136 136 137 137 /* 138 * smallfelem_to_bin32 takes a smallfelem and seriali ses into a little138 * smallfelem_to_bin32 takes a smallfelem and serializes into a little 139 139 * endian, 32 byte array. This assumes that the CPU is little-endian. 140 140 */ … … 154 154 155 155 if (BN_is_negative(bn)) { 156 E Cerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);156 ERR_raise(ERR_LIB_EC, EC_R_BIGNUM_OUT_OF_RANGE); 157 157 return 0; 158 158 } 159 159 num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); 160 160 if (num_bytes < 0) { 161 E Cerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);161 ERR_raise(ERR_LIB_EC, EC_R_BIGNUM_OUT_OF_RANGE); 162 162 return 0; 163 163 } … … 243 243 } 244 244 245 # 246 # 247 # 245 #define two105m41m9 (((limb)1) << 105) - (((limb)1) << 41) - (((limb)1) << 9) 246 #define two105 (((limb)1) << 105) 247 #define two105m41p9 (((limb)1) << 105) - (((limb)1) << 41) + (((limb)1) << 9) 248 248 249 249 /* zero105 is 0 mod p */ … … 288 288 } 289 289 290 # 291 # 292 # 290 #define two107m43m11 (((limb)1) << 107) - (((limb)1) << 43) - (((limb)1) << 11) 291 #define two107 (((limb)1) << 107) 292 #define two107m43p11 (((limb)1) << 107) - (((limb)1) << 43) + (((limb)1) << 11) 293 293 294 294 /* zero107 is 0 mod p */ … … 359 359 } 360 360 361 # 362 # 363 # 364 # 361 #define two64m0 (((limb)1) << 64) - 1 362 #define two110p32m0 (((limb)1) << 110) + (((limb)1) << 32) - 1 363 #define two64m46 (((limb)1) << 64) - (((limb)1) << 46) 364 #define two64m32 (((limb)1) << 64) - (((limb)1) << 32) 365 365 366 366 /* zero110 is 0 mod p */ … … 712 712 } 713 713 714 # 715 # 716 # 714 #define two100m36m4 (((limb)1) << 100) - (((limb)1) << 36) - (((limb)1) << 4) 715 #define two100 (((limb)1) << 100) 716 #define two100m36p4 (((limb)1) << 100) - (((limb)1) << 36) + (((limb)1) << 4) 717 717 /* zero100 is 0 mod p */ 718 718 static const felem zero100 = … … 1741 1741 bits |= get_bit(scalars[num], i) << 1; 1742 1742 bits |= get_bit(scalars[num], i - 1); 1743 ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);1743 ossl_ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); 1744 1744 1745 1745 /* … … 1782 1782 EC_FLAGS_DEFAULT_OCT, 1783 1783 NID_X9_62_prime_field, 1784 ec_GFp_nistp256_group_init, 1785 ec_GFp_simple_group_finish, 1786 ec_GFp_simple_group_clear_finish, 1787 ec_GFp_nist_group_copy, 1788 ec_GFp_nistp256_group_set_curve, 1789 ec_GFp_simple_group_get_curve, 1790 ec_GFp_simple_group_get_degree, 1791 ec_group_simple_order_bits, 1792 ec_GFp_simple_group_check_discriminant, 1793 ec_GFp_simple_point_init, 1794 ec_GFp_simple_point_finish, 1795 ec_GFp_simple_point_clear_finish, 1796 ec_GFp_simple_point_copy, 1797 ec_GFp_simple_point_set_to_infinity, 1798 ec_GFp_simple_set_Jprojective_coordinates_GFp, 1799 ec_GFp_simple_get_Jprojective_coordinates_GFp, 1800 ec_GFp_simple_point_set_affine_coordinates, 1801 ec_GFp_nistp256_point_get_affine_coordinates, 1784 ossl_ec_GFp_nistp256_group_init, 1785 ossl_ec_GFp_simple_group_finish, 1786 ossl_ec_GFp_simple_group_clear_finish, 1787 ossl_ec_GFp_nist_group_copy, 1788 ossl_ec_GFp_nistp256_group_set_curve, 1789 ossl_ec_GFp_simple_group_get_curve, 1790 ossl_ec_GFp_simple_group_get_degree, 1791 ossl_ec_group_simple_order_bits, 1792 ossl_ec_GFp_simple_group_check_discriminant, 1793 ossl_ec_GFp_simple_point_init, 1794 ossl_ec_GFp_simple_point_finish, 1795 ossl_ec_GFp_simple_point_clear_finish, 1796 ossl_ec_GFp_simple_point_copy, 1797 ossl_ec_GFp_simple_point_set_to_infinity, 1798 ossl_ec_GFp_simple_point_set_affine_coordinates, 1799 ossl_ec_GFp_nistp256_point_get_affine_coordinates, 1802 1800 0 /* point_set_compressed_coordinates */ , 1803 1801 0 /* point2oct */ , 1804 1802 0 /* oct2point */ , 1805 ec_GFp_simple_add,1806 ec_GFp_simple_dbl,1807 ec_GFp_simple_invert,1808 ec_GFp_simple_is_at_infinity,1809 ec_GFp_simple_is_on_curve,1810 ec_GFp_simple_cmp,1811 ec_GFp_simple_make_affine,1812 ec_GFp_simple_points_make_affine,1813 ec_GFp_nistp256_points_mul,1814 ec_GFp_nistp256_precompute_mult,1815 ec_GFp_nistp256_have_precompute_mult,1816 ec_GFp_nist_field_mul,1817 ec_GFp_nist_field_sqr,1803 ossl_ec_GFp_simple_add, 1804 ossl_ec_GFp_simple_dbl, 1805 ossl_ec_GFp_simple_invert, 1806 ossl_ec_GFp_simple_is_at_infinity, 1807 ossl_ec_GFp_simple_is_on_curve, 1808 ossl_ec_GFp_simple_cmp, 1809 ossl_ec_GFp_simple_make_affine, 1810 ossl_ec_GFp_simple_points_make_affine, 1811 ossl_ec_GFp_nistp256_points_mul, 1812 ossl_ec_GFp_nistp256_precompute_mult, 1813 ossl_ec_GFp_nistp256_have_precompute_mult, 1814 ossl_ec_GFp_nist_field_mul, 1815 ossl_ec_GFp_nist_field_sqr, 1818 1816 0 /* field_div */ , 1819 ec_GFp_simple_field_inv,1817 ossl_ec_GFp_simple_field_inv, 1820 1818 0 /* field_encode */ , 1821 1819 0 /* field_decode */ , 1822 1820 0, /* field_set_to_one */ 1823 ec_key_simple_priv2oct,1824 ec_key_simple_oct2priv,1821 ossl_ec_key_simple_priv2oct, 1822 ossl_ec_key_simple_oct2priv, 1825 1823 0, /* set private */ 1826 ec_key_simple_generate_key,1827 ec_key_simple_check_key,1828 ec_key_simple_generate_public_key,1824 ossl_ec_key_simple_generate_key, 1825 ossl_ec_key_simple_check_key, 1826 ossl_ec_key_simple_generate_public_key, 1829 1827 0, /* keycopy */ 1830 1828 0, /* keyfinish */ 1831 ecdh_simple_compute_key, 1829 ossl_ecdh_simple_compute_key, 1830 ossl_ecdsa_simple_sign_setup, 1831 ossl_ecdsa_simple_sign_sig, 1832 ossl_ecdsa_simple_verify_sig, 1832 1833 0, /* field_inverse_mod_ord */ 1833 1834 0, /* blind_coordinates */ … … 1850 1851 1851 1852 if (ret == NULL) { 1852 E Cerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);1853 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1853 1854 return ret; 1854 1855 } … … 1858 1859 ret->lock = CRYPTO_THREAD_lock_new(); 1859 1860 if (ret->lock == NULL) { 1860 E Cerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);1861 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1861 1862 OPENSSL_free(ret); 1862 1863 return NULL; … … 1881 1882 1882 1883 CRYPTO_DOWN_REF(&pre->references, &i, pre->lock); 1883 REF_PRINT_COUNT("EC_nistp256", x);1884 REF_PRINT_COUNT("EC_nistp256", pre); 1884 1885 if (i > 0) 1885 1886 return; … … 1895 1896 */ 1896 1897 1897 int ec_GFp_nistp256_group_init(EC_GROUP *group)1898 int ossl_ec_GFp_nistp256_group_init(EC_GROUP *group) 1898 1899 { 1899 1900 int ret; 1900 ret = ec_GFp_simple_group_init(group);1901 ret = ossl_ec_GFp_simple_group_init(group); 1901 1902 group->a_is_minus3 = 1; 1902 1903 return ret; 1903 1904 } 1904 1905 1905 int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p,1906 const BIGNUM *a, const BIGNUM *b,1907 BN_CTX *ctx)1906 int ossl_ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, 1907 const BIGNUM *a, const BIGNUM *b, 1908 BN_CTX *ctx) 1908 1909 { 1909 1910 int ret = 0; 1911 BIGNUM *curve_p, *curve_a, *curve_b; 1912 #ifndef FIPS_MODULE 1910 1913 BN_CTX *new_ctx = NULL; 1911 BIGNUM *curve_p, *curve_a, *curve_b;1912 1914 1913 1915 if (ctx == NULL) 1914 if ((ctx = new_ctx = BN_CTX_new()) == NULL) 1915 return 0; 1916 ctx = new_ctx = BN_CTX_new(); 1917 #endif 1918 if (ctx == NULL) 1919 return 0; 1920 1916 1921 BN_CTX_start(ctx); 1917 1922 curve_p = BN_CTX_get(ctx); … … 1924 1929 BN_bin2bn(nistp256_curve_params[2], sizeof(felem_bytearray), curve_b); 1925 1930 if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || (BN_cmp(curve_b, b))) { 1926 ECerr(EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE, 1927 EC_R_WRONG_CURVE_PARAMETERS); 1931 ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS); 1928 1932 goto err; 1929 1933 } 1930 1934 group->field_mod_func = BN_nist_mod_256; 1931 ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);1935 ret = ossl_ec_GFp_simple_group_set_curve(group, p, a, b, ctx); 1932 1936 err: 1933 1937 BN_CTX_end(ctx); 1938 #ifndef FIPS_MODULE 1934 1939 BN_CTX_free(new_ctx); 1940 #endif 1935 1941 return ret; 1936 1942 } … … 1940 1946 * (X/Z^2, Y/Z^3) 1941 1947 */ 1942 int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group,1943 const EC_POINT *point,1944 BIGNUM *x, BIGNUM *y,1945 BN_CTX *ctx)1948 int ossl_ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, 1949 const EC_POINT *point, 1950 BIGNUM *x, BIGNUM *y, 1951 BN_CTX *ctx) 1946 1952 { 1947 1953 felem z1, z2, x_in, y_in; … … 1950 1956 1951 1957 if (EC_POINT_is_at_infinity(group, point)) { 1952 ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES, 1953 EC_R_POINT_AT_INFINITY); 1958 ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); 1954 1959 return 0; 1955 1960 } … … 1965 1970 if (x != NULL) { 1966 1971 if (!smallfelem_to_BN(x, x_out)) { 1967 ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES, 1968 ERR_R_BN_LIB); 1972 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1969 1973 return 0; 1970 1974 } … … 1977 1981 if (y != NULL) { 1978 1982 if (!smallfelem_to_BN(y, y_out)) { 1979 ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES, 1980 ERR_R_BN_LIB); 1983 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1981 1984 return 0; 1982 1985 } … … 1993 1996 * normally shouldn't happen). 1994 1997 */ 1995 ec_GFp_nistp_points_make_affine_internal(num,1996 points,1997 sizeof(smallfelem),1998 tmp_smallfelems,1999 (void (*)(void *))smallfelem_one,2000 smallfelem_is_zero_int,2001 (void (*)(void *, const void *))2002 smallfelem_assign,2003 (void (*)(void *, const void *))2004 smallfelem_square_contract,2005 (void (*)2006 (void *, const void *,2007 const void *))2008 smallfelem_mul_contract,2009 (void (*)(void *, const void *))2010 smallfelem_inv_contract,2011 /* nothing to contract */2012 (void (*)(void *, const void *))2013 smallfelem_assign);1998 ossl_ec_GFp_nistp_points_make_affine_internal(num, 1999 points, 2000 sizeof(smallfelem), 2001 tmp_smallfelems, 2002 (void (*)(void *))smallfelem_one, 2003 smallfelem_is_zero_int, 2004 (void (*)(void *, const void *)) 2005 smallfelem_assign, 2006 (void (*)(void *, const void *)) 2007 smallfelem_square_contract, 2008 (void (*) 2009 (void *, const void *, 2010 const void *)) 2011 smallfelem_mul_contract, 2012 (void (*)(void *, const void *)) 2013 smallfelem_inv_contract, 2014 /* nothing to contract */ 2015 (void (*)(void *, const void *)) 2016 smallfelem_assign); 2014 2017 } 2015 2018 … … 2018 2021 * values Result is stored in r (r can equal one of the inputs). 2019 2022 */ 2020 int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,2021 const BIGNUM *scalar, size_t num,2022 const EC_POINT *points[],2023 const BIGNUM *scalars[], BN_CTX *ctx)2023 int ossl_ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, 2024 const BIGNUM *scalar, size_t num, 2025 const EC_POINT *points[], 2026 const BIGNUM *scalars[], BN_CTX *ctx) 2024 2027 { 2025 2028 int ret = 0; … … 2066 2069 !smallfelem_to_BN(y, g_pre_comp[0][1][1]) || 2067 2070 !smallfelem_to_BN(z, g_pre_comp[0][1][2])) { 2068 E Cerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);2071 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 2069 2072 goto err; 2070 2073 } 2071 if (! EC_POINT_set_Jprojective_coordinates_GFp(group,2072 generator, x, y, z,2073 ctx))2074 if (!ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, 2075 generator, 2076 x, y, z, ctx)) 2074 2077 goto err; 2075 2078 if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) … … 2098 2101 if ((secrets == NULL) || (pre_comp == NULL) 2099 2102 || (mixed && (tmp_smallfelems == NULL))) { 2100 E Cerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_MALLOC_FAILURE);2103 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 2101 2104 goto err; 2102 2105 } … … 2130 2133 */ 2131 2134 if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) { 2132 E Cerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);2135 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 2133 2136 goto err; 2134 2137 } … … 2140 2143 } 2141 2144 if (num_bytes < 0) { 2142 E Cerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);2145 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 2143 2146 goto err; 2144 2147 } … … 2184 2187 */ 2185 2188 if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) { 2186 E Cerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);2189 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 2187 2190 goto err; 2188 2191 } … … 2208 2211 if ((!smallfelem_to_BN(x, x_in)) || (!smallfelem_to_BN(y, y_in)) || 2209 2212 (!smallfelem_to_BN(z, z_in))) { 2210 E Cerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);2213 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 2211 2214 goto err; 2212 2215 } 2213 ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx); 2216 ret = ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, r, x, y, z, 2217 ctx); 2214 2218 2215 2219 err: … … 2222 2226 } 2223 2227 2224 int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)2228 int ossl_ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx) 2225 2229 { 2226 2230 int ret = 0; 2227 2231 NISTP256_PRE_COMP *pre = NULL; 2228 2232 int i, j; 2229 BN_CTX *new_ctx = NULL;2230 2233 BIGNUM *x, *y; 2231 2234 EC_POINT *generator = NULL; 2232 2235 smallfelem tmp_smallfelems[32]; 2233 2236 felem x_tmp, y_tmp, z_tmp; 2237 #ifndef FIPS_MODULE 2238 BN_CTX *new_ctx = NULL; 2239 #endif 2234 2240 2235 2241 /* throw away old precomputation */ 2236 2242 EC_pre_comp_free(group); 2243 2244 #ifndef FIPS_MODULE 2237 2245 if (ctx == NULL) 2238 if ((ctx = new_ctx = BN_CTX_new()) == NULL) 2239 return 0; 2246 ctx = new_ctx = BN_CTX_new(); 2247 #endif 2248 if (ctx == NULL) 2249 return 0; 2250 2240 2251 BN_CTX_start(ctx); 2241 2252 x = BN_CTX_get(ctx); … … 2355 2366 BN_CTX_end(ctx); 2356 2367 EC_POINT_free(generator); 2368 #ifndef FIPS_MODULE 2357 2369 BN_CTX_free(new_ctx); 2370 #endif 2358 2371 EC_nistp256_pre_comp_free(pre); 2359 2372 return ret; 2360 2373 } 2361 2374 2362 int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group)2375 int ossl_ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group) 2363 2376 { 2364 2377 return HAVEPRECOMP(group, nistp256); 2365 2378 } 2366 #endif -
trunk/src/libs/openssl-3.0.1/crypto/ec/ecp_nistp521.c
r91772 r94082 1 1 /* 2 * Copyright 2011-202 0The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at … … 25 25 26 26 /* 27 * ECDSA low level APIs are deprecated for public use, but still ok for 28 * internal use. 29 */ 30 #include "internal/deprecated.h" 31 32 /* 27 33 * A 64-bit implementation of the NIST P-521 elliptic curve point multiplication 28 34 * … … 33 39 34 40 #include <openssl/e_os2.h> 35 #ifdef OPENSSL_NO_EC_NISTP_64_GCC_128 36 NON_EMPTY_TRANSLATION_UNIT 37 #else 38 39 # include <string.h> 40 # include <openssl/err.h> 41 # include "ec_local.h" 42 43 # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 44 /* even with gcc, the typedef won't work for 32-bit platforms */ 45 typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit 46 * platforms */ 47 # else 48 # error "Your compiler doesn't appear to support 128-bit integer types" 49 # endif 41 42 #include <string.h> 43 #include <openssl/err.h> 44 #include "ec_local.h" 45 46 #include "internal/numbers.h" 47 48 #ifndef INT128_MAX 49 # error "Your compiler doesn't appear to support 128-bit integer types" 50 #endif 50 51 51 52 typedef uint8_t u8; … … 53 54 54 55 /* 55 * The underlying field. P521 operates over GF(2^521-1). We can seriali se an56 * The underlying field. P521 operates over GF(2^521-1). We can serialize an 56 57 * element of this field into 66 bytes where the most significant byte 57 58 * contains only a single bit. We call this an felem_bytearray. … … 126 127 * 'largefelem' */ 127 128 128 # 129 #define NLIMBS 9 129 130 130 131 typedef uint64_t limb; … … 154 155 155 156 /* 156 * felem_to_bin66 takes an felem and seriali ses into a little endian, 66 byte157 * felem_to_bin66 takes an felem and serializes into a little endian, 66 byte 157 158 * array. This assumes that the CPU is little-endian. 158 159 */ … … 178 179 179 180 if (BN_is_negative(bn)) { 180 E Cerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);181 ERR_raise(ERR_LIB_EC, EC_R_BIGNUM_OUT_OF_RANGE); 181 182 return 0; 182 183 } 183 184 num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); 184 185 if (num_bytes < 0) { 185 E Cerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);186 ERR_raise(ERR_LIB_EC, EC_R_BIGNUM_OUT_OF_RANGE); 186 187 return 0; 187 188 } … … 401 402 * out[i] < 17 * max(in[i]) * max(in[i]) 402 403 */ 403 static void felem_square (largefelem out, const felem in)404 static void felem_square_ref(largefelem out, const felem in) 404 405 { 405 406 felem inx2, inx4; … … 485 486 * out[i] < 17 * max(in1[i]) * max(in2[i]) 486 487 */ 487 static void felem_mul (largefelem out, const felem in1, const felem in2)488 static void felem_mul_ref(largefelem out, const felem in1, const felem in2) 488 489 { 489 490 felem in2x2; … … 674 675 */ 675 676 } 677 678 #if defined(ECP_NISTP521_ASM) 679 void felem_square_wrapper(largefelem out, const felem in); 680 void felem_mul_wrapper(largefelem out, const felem in1, const felem in2); 681 682 static void (*felem_square_p)(largefelem out, const felem in) = 683 felem_square_wrapper; 684 static void (*felem_mul_p)(largefelem out, const felem in1, const felem in2) = 685 felem_mul_wrapper; 686 687 void p521_felem_square(largefelem out, const felem in); 688 void p521_felem_mul(largefelem out, const felem in1, const felem in2); 689 690 # if defined(_ARCH_PPC64) 691 # include "crypto/ppc_arch.h" 692 # endif 693 694 void felem_select(void) 695 { 696 # if defined(_ARCH_PPC64) 697 if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) { 698 felem_square_p = p521_felem_square; 699 felem_mul_p = p521_felem_mul; 700 701 return; 702 } 703 # endif 704 705 /* Default */ 706 felem_square_p = felem_square_ref; 707 felem_mul_p = felem_mul_ref; 708 } 709 710 void felem_square_wrapper(largefelem out, const felem in) 711 { 712 felem_select(); 713 felem_square_p(out, in); 714 } 715 716 void felem_mul_wrapper(largefelem out, const felem in1, const felem in2) 717 { 718 felem_select(); 719 felem_mul_p(out, in1, in2); 720 } 721 722 # define felem_square felem_square_p 723 # define felem_mul felem_mul_p 724 #else 725 # define felem_square felem_square_ref 726 # define felem_mul felem_mul_ref 727 #endif 676 728 677 729 static void felem_square_reduce(felem out, const felem in) … … 1267 1319 * for ECDH / ECDSA. The case where it can happen is during scalar-mult 1268 1320 * where the intermediate value gets very close to the group order. 1269 * Since | ec_GFp_nistp_recode_scalar_bits| produces signed digits for1270 * the scalar, it's possible for the intermediate value to be a small1321 * Since |ossl_ec_GFp_nistp_recode_scalar_bits| produces signed digits 1322 * for the scalar, it's possible for the intermediate value to be a small 1271 1323 * negative multiple of the base point, and for the final signed digit 1272 1324 * to be the same value. We believe that this only occurs for the scalar … … 1585 1637 bits |= get_bit(scalars[num], i) << 1; 1586 1638 bits |= get_bit(scalars[num], i - 1); 1587 ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);1639 ossl_ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); 1588 1640 1589 1641 /* … … 1623 1675 EC_FLAGS_DEFAULT_OCT, 1624 1676 NID_X9_62_prime_field, 1625 ec_GFp_nistp521_group_init, 1626 ec_GFp_simple_group_finish, 1627 ec_GFp_simple_group_clear_finish, 1628 ec_GFp_nist_group_copy, 1629 ec_GFp_nistp521_group_set_curve, 1630 ec_GFp_simple_group_get_curve, 1631 ec_GFp_simple_group_get_degree, 1632 ec_group_simple_order_bits, 1633 ec_GFp_simple_group_check_discriminant, 1634 ec_GFp_simple_point_init, 1635 ec_GFp_simple_point_finish, 1636 ec_GFp_simple_point_clear_finish, 1637 ec_GFp_simple_point_copy, 1638 ec_GFp_simple_point_set_to_infinity, 1639 ec_GFp_simple_set_Jprojective_coordinates_GFp, 1640 ec_GFp_simple_get_Jprojective_coordinates_GFp, 1641 ec_GFp_simple_point_set_affine_coordinates, 1642 ec_GFp_nistp521_point_get_affine_coordinates, 1677 ossl_ec_GFp_nistp521_group_init, 1678 ossl_ec_GFp_simple_group_finish, 1679 ossl_ec_GFp_simple_group_clear_finish, 1680 ossl_ec_GFp_nist_group_copy, 1681 ossl_ec_GFp_nistp521_group_set_curve, 1682 ossl_ec_GFp_simple_group_get_curve, 1683 ossl_ec_GFp_simple_group_get_degree, 1684 ossl_ec_group_simple_order_bits, 1685 ossl_ec_GFp_simple_group_check_discriminant, 1686 ossl_ec_GFp_simple_point_init, 1687 ossl_ec_GFp_simple_point_finish, 1688 ossl_ec_GFp_simple_point_clear_finish, 1689 ossl_ec_GFp_simple_point_copy, 1690 ossl_ec_GFp_simple_point_set_to_infinity, 1691 ossl_ec_GFp_simple_point_set_affine_coordinates, 1692 ossl_ec_GFp_nistp521_point_get_affine_coordinates, 1643 1693 0 /* point_set_compressed_coordinates */ , 1644 1694 0 /* point2oct */ , 1645 1695 0 /* oct2point */ , 1646 ec_GFp_simple_add,1647 ec_GFp_simple_dbl,1648 ec_GFp_simple_invert,1649 ec_GFp_simple_is_at_infinity,1650 ec_GFp_simple_is_on_curve,1651 ec_GFp_simple_cmp,1652 ec_GFp_simple_make_affine,1653 ec_GFp_simple_points_make_affine,1654 ec_GFp_nistp521_points_mul,1655 ec_GFp_nistp521_precompute_mult,1656 ec_GFp_nistp521_have_precompute_mult,1657 ec_GFp_nist_field_mul,1658 ec_GFp_nist_field_sqr,1696 ossl_ec_GFp_simple_add, 1697 ossl_ec_GFp_simple_dbl, 1698 ossl_ec_GFp_simple_invert, 1699 ossl_ec_GFp_simple_is_at_infinity, 1700 ossl_ec_GFp_simple_is_on_curve, 1701 ossl_ec_GFp_simple_cmp, 1702 ossl_ec_GFp_simple_make_affine, 1703 ossl_ec_GFp_simple_points_make_affine, 1704 ossl_ec_GFp_nistp521_points_mul, 1705 ossl_ec_GFp_nistp521_precompute_mult, 1706 ossl_ec_GFp_nistp521_have_precompute_mult, 1707 ossl_ec_GFp_nist_field_mul, 1708 ossl_ec_GFp_nist_field_sqr, 1659 1709 0 /* field_div */ , 1660 ec_GFp_simple_field_inv,1710 ossl_ec_GFp_simple_field_inv, 1661 1711 0 /* field_encode */ , 1662 1712 0 /* field_decode */ , 1663 1713 0, /* field_set_to_one */ 1664 ec_key_simple_priv2oct,1665 ec_key_simple_oct2priv,1714 ossl_ec_key_simple_priv2oct, 1715 ossl_ec_key_simple_oct2priv, 1666 1716 0, /* set private */ 1667 ec_key_simple_generate_key,1668 ec_key_simple_check_key,1669 ec_key_simple_generate_public_key,1717 ossl_ec_key_simple_generate_key, 1718 ossl_ec_key_simple_check_key, 1719 ossl_ec_key_simple_generate_public_key, 1670 1720 0, /* keycopy */ 1671 1721 0, /* keyfinish */ 1672 ecdh_simple_compute_key, 1722 ossl_ecdh_simple_compute_key, 1723 ossl_ecdsa_simple_sign_setup, 1724 ossl_ecdsa_simple_sign_sig, 1725 ossl_ecdsa_simple_verify_sig, 1673 1726 0, /* field_inverse_mod_ord */ 1674 1727 0, /* blind_coordinates */ … … 1691 1744 1692 1745 if (ret == NULL) { 1693 E Cerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);1746 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1694 1747 return ret; 1695 1748 } … … 1699 1752 ret->lock = CRYPTO_THREAD_lock_new(); 1700 1753 if (ret->lock == NULL) { 1701 E Cerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);1754 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1702 1755 OPENSSL_free(ret); 1703 1756 return NULL; … … 1722 1775 1723 1776 CRYPTO_DOWN_REF(&p->references, &i, p->lock); 1724 REF_PRINT_COUNT("EC_nistp521", x);1777 REF_PRINT_COUNT("EC_nistp521", p); 1725 1778 if (i > 0) 1726 1779 return; … … 1736 1789 */ 1737 1790 1738 int ec_GFp_nistp521_group_init(EC_GROUP *group)1791 int ossl_ec_GFp_nistp521_group_init(EC_GROUP *group) 1739 1792 { 1740 1793 int ret; 1741 ret = ec_GFp_simple_group_init(group);1794 ret = ossl_ec_GFp_simple_group_init(group); 1742 1795 group->a_is_minus3 = 1; 1743 1796 return ret; 1744 1797 } 1745 1798 1746 int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p,1747 const BIGNUM *a, const BIGNUM *b,1748 BN_CTX *ctx)1799 int ossl_ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, 1800 const BIGNUM *a, const BIGNUM *b, 1801 BN_CTX *ctx) 1749 1802 { 1750 1803 int ret = 0; 1804 BIGNUM *curve_p, *curve_a, *curve_b; 1805 #ifndef FIPS_MODULE 1751 1806 BN_CTX *new_ctx = NULL; 1752 BIGNUM *curve_p, *curve_a, *curve_b;1753 1807 1754 1808 if (ctx == NULL) 1755 if ((ctx = new_ctx = BN_CTX_new()) == NULL) 1756 return 0; 1809 ctx = new_ctx = BN_CTX_new(); 1810 #endif 1811 if (ctx == NULL) 1812 return 0; 1813 1757 1814 BN_CTX_start(ctx); 1758 1815 curve_p = BN_CTX_get(ctx); … … 1765 1822 BN_bin2bn(nistp521_curve_params[2], sizeof(felem_bytearray), curve_b); 1766 1823 if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || (BN_cmp(curve_b, b))) { 1767 ECerr(EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE, 1768 EC_R_WRONG_CURVE_PARAMETERS); 1824 ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS); 1769 1825 goto err; 1770 1826 } 1771 1827 group->field_mod_func = BN_nist_mod_521; 1772 ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);1828 ret = ossl_ec_GFp_simple_group_set_curve(group, p, a, b, ctx); 1773 1829 err: 1774 1830 BN_CTX_end(ctx); 1831 #ifndef FIPS_MODULE 1775 1832 BN_CTX_free(new_ctx); 1833 #endif 1776 1834 return ret; 1777 1835 } … … 1781 1839 * (X/Z^2, Y/Z^3) 1782 1840 */ 1783 int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group,1784 const EC_POINT *point,1785 BIGNUM *x, BIGNUM *y,1786 BN_CTX *ctx)1841 int ossl_ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, 1842 const EC_POINT *point, 1843 BIGNUM *x, BIGNUM *y, 1844 BN_CTX *ctx) 1787 1845 { 1788 1846 felem z1, z2, x_in, y_in, x_out, y_out; … … 1790 1848 1791 1849 if (EC_POINT_is_at_infinity(group, point)) { 1792 ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, 1793 EC_R_POINT_AT_INFINITY); 1850 ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); 1794 1851 return 0; 1795 1852 } … … 1805 1862 if (x != NULL) { 1806 1863 if (!felem_to_BN(x, x_out)) { 1807 ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, 1808 ERR_R_BN_LIB); 1864 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1809 1865 return 0; 1810 1866 } … … 1817 1873 if (y != NULL) { 1818 1874 if (!felem_to_BN(y, y_out)) { 1819 ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, 1820 ERR_R_BN_LIB); 1875 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1821 1876 return 0; 1822 1877 } … … 1833 1888 * normally shouldn't happen). 1834 1889 */ 1835 ec_GFp_nistp_points_make_affine_internal(num,1836 points,1837 sizeof(felem),1838 tmp_felems,1839 (void (*)(void *))felem_one,1840 felem_is_zero_int,1841 (void (*)(void *, const void *))1842 felem_assign,1843 (void (*)(void *, const void *))1844 felem_square_reduce, (void (*)1845 (void *,1846 const void1847 *,1848 const void1849 *))1850 felem_mul_reduce,1851 (void (*)(void *, const void *))1852 felem_inv,1853 (void (*)(void *, const void *))1854 felem_contract);1890 ossl_ec_GFp_nistp_points_make_affine_internal(num, 1891 points, 1892 sizeof(felem), 1893 tmp_felems, 1894 (void (*)(void *))felem_one, 1895 felem_is_zero_int, 1896 (void (*)(void *, const void *)) 1897 felem_assign, 1898 (void (*)(void *, const void *)) 1899 felem_square_reduce, (void (*) 1900 (void *, 1901 const void 1902 *, 1903 const void 1904 *)) 1905 felem_mul_reduce, 1906 (void (*)(void *, const void *)) 1907 felem_inv, 1908 (void (*)(void *, const void *)) 1909 felem_contract); 1855 1910 } 1856 1911 … … 1859 1914 * values Result is stored in r (r can equal one of the inputs). 1860 1915 */ 1861 int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,1862 const BIGNUM *scalar, size_t num,1863 const EC_POINT *points[],1864 const BIGNUM *scalars[], BN_CTX *ctx)1916 int ossl_ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, 1917 const BIGNUM *scalar, size_t num, 1918 const EC_POINT *points[], 1919 const BIGNUM *scalars[], BN_CTX *ctx) 1865 1920 { 1866 1921 int ret = 0; … … 1906 1961 !felem_to_BN(y, g_pre_comp[1][1]) || 1907 1962 !felem_to_BN(z, g_pre_comp[1][2])) { 1908 E Cerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);1963 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1909 1964 goto err; 1910 1965 } 1911 if (! EC_POINT_set_Jprojective_coordinates_GFp(group,1912 generator, x, y, z,1913 ctx))1966 if (!ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, 1967 generator, 1968 x, y, z, ctx)) 1914 1969 goto err; 1915 1970 if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) … … 1939 1994 if ((secrets == NULL) || (pre_comp == NULL) 1940 1995 || (mixed && (tmp_felems == NULL))) { 1941 E Cerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_MALLOC_FAILURE);1996 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1942 1997 goto err; 1943 1998 } … … 1969 2024 */ 1970 2025 if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) { 1971 E Cerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);2026 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1972 2027 goto err; 1973 2028 } … … 1979 2034 } 1980 2035 if (num_bytes < 0) { 1981 E Cerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);2036 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1982 2037 goto err; 1983 2038 } … … 2021 2076 */ 2022 2077 if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) { 2023 E Cerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);2078 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 2024 2079 goto err; 2025 2080 } … … 2046 2101 if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) || 2047 2102 (!felem_to_BN(z, z_in))) { 2048 E Cerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);2103 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 2049 2104 goto err; 2050 2105 } 2051 ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx); 2106 ret = ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, r, x, y, z, 2107 ctx); 2052 2108 2053 2109 err: … … 2060 2116 } 2061 2117 2062 int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)2118 int ossl_ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx) 2063 2119 { 2064 2120 int ret = 0; 2065 2121 NISTP521_PRE_COMP *pre = NULL; 2066 2122 int i, j; 2067 BN_CTX *new_ctx = NULL;2068 2123 BIGNUM *x, *y; 2069 2124 EC_POINT *generator = NULL; 2070 2125 felem tmp_felems[16]; 2126 #ifndef FIPS_MODULE 2127 BN_CTX *new_ctx = NULL; 2128 #endif 2071 2129 2072 2130 /* throw away old precomputation */ 2073 2131 EC_pre_comp_free(group); 2132 2133 #ifndef FIPS_MODULE 2074 2134 if (ctx == NULL) 2075 if ((ctx = new_ctx = BN_CTX_new()) == NULL) 2076 return 0; 2135 ctx = new_ctx = BN_CTX_new(); 2136 #endif 2137 if (ctx == NULL) 2138 return 0; 2139 2077 2140 BN_CTX_start(ctx); 2078 2141 x = BN_CTX_get(ctx); … … 2162 2225 BN_CTX_end(ctx); 2163 2226 EC_POINT_free(generator); 2227 #ifndef FIPS_MODULE 2164 2228 BN_CTX_free(new_ctx); 2229 #endif 2165 2230 EC_nistp521_pre_comp_free(pre); 2166 2231 return ret; 2167 2232 } 2168 2233 2169 int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group)2234 int ossl_ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group) 2170 2235 { 2171 2236 return HAVEPRECOMP(group, nistp521); 2172 2237 } 2173 2174 #endif -
trunk/src/libs/openssl-3.0.1/crypto/ec/ecp_nistputil.c
r91772 r94082 1 1 /* 2 * Copyright 2011-20 19The OpenSSL Project Authors. All Rights Reserved.3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use2 * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at … … 24 24 */ 25 25 26 /* 27 * ECDSA low level APIs are deprecated for public use, but still ok for 28 * internal use. 29 */ 30 #include "internal/deprecated.h" 31 26 32 #include <openssl/opensslconf.h> 27 #ifdef OPENSSL_NO_EC_NISTP_64_GCC_12828 NON_EMPTY_TRANSLATION_UNIT29 #else30 33 31 34 /* … … 33 36 */ 34 37 35 # 36 # 38 #include <stddef.h> 39 #include "ec_local.h" 37 40 38 41 /* … … 47 50 * 'num'+1 field elements for storage of intermediate values. 48 51 */ 49 void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, 52 void 53 ossl_ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, 50 54 size_t felem_size, 51 55 void *tmp_felems, … … 75 79 int i = 0; 76 80 77 # 78 # 79 # 80 # 81 #define tmp_felem(I) (&((char *)tmp_felems)[(I) * felem_size]) 82 #define X(I) (&((char *)point_array)[3*(I) * felem_size]) 83 #define Y(I) (&((char *)point_array)[(3*(I) + 1) * felem_size]) 84 #define Z(I) (&((char *)point_array)[(3*(I) + 2) * felem_size]) 81 85 82 86 if (!felem_is_zero(Z(0))) … … 207 211 * 208 212 */ 209 void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign,210 unsigned char *digit, unsigned char in)213 void ossl_ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, 214 unsigned char *digit, unsigned char in) 211 215 { 212 216 unsigned char s, d; … … 221 225 *digit = d; 222 226 } 223 #endif -
trunk/src/libs/openssl-3.0.1/crypto/ec/ecp_nistz256.c
r91772 r94082 1 1 /* 2 * Copyright 2014-202 0The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2014, Intel Corporation. All Rights Reserved. 4 4 * Copyright (c) 2015, CloudFlare, Inc. 5 5 * 6 * Licensed under the OpenSSL license(the "License"). You may not use6 * Licensed under the Apache License 2.0 (the "License"). You may not use 7 7 * this file except in compliance with the License. You can obtain a copy 8 8 * in the file LICENSE in the source distribution or at … … 18 18 * 256 Bit Primes" 19 19 */ 20 21 /* 22 * ECDSA low level APIs are deprecated for public use, but still ok for 23 * internal use. 24 */ 25 #include "internal/deprecated.h" 20 26 21 27 #include <string.h> … … 632 638 OPENSSL_malloc(num * 33 * sizeof(unsigned char))) == NULL 633 639 || (scalars = OPENSSL_malloc(num * sizeof(BIGNUM *))) == NULL) { 634 E Cerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, ERR_R_MALLOC_FAILURE);640 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 635 641 goto err; 636 642 } … … 649 655 goto err; 650 656 if (!BN_nnmod(mod, scalar[i], group->order, ctx)) { 651 E Cerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, ERR_R_BN_LIB);657 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 652 658 goto err; 653 659 } … … 677 683 || !ecp_nistz256_bignum_to_field_elem(temp[0].Y, point[i]->Y) 678 684 || !ecp_nistz256_bignum_to_field_elem(temp[0].Z, point[i]->Z)) { 679 ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, 680 EC_R_COORDINATES_OUT_OF_RANGE); 685 ERR_raise(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); 681 686 goto err; 682 687 } … … 829 834 generator = EC_GROUP_get0_generator(group); 830 835 if (generator == NULL) { 831 E Cerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, EC_R_UNDEFINED_GENERATOR);836 ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR); 832 837 return 0; 833 838 } … … 845 850 846 851 if (ctx == NULL) { 847 ctx = new_ctx = BN_CTX_new ();852 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 848 853 if (ctx == NULL) 849 854 goto err; … … 857 862 858 863 if (BN_is_zero(order)) { 859 E Cerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, EC_R_UNKNOWN_ORDER);864 ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_ORDER); 860 865 goto err; 861 866 } … … 865 870 if ((precomp_storage = 866 871 OPENSSL_malloc(37 * 64 * sizeof(P256_POINT_AFFINE) + 64)) == NULL) { 867 E Cerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, ERR_R_MALLOC_FAILURE);872 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 868 873 goto err; 869 874 } … … 892 897 * make multiple points affine at the same time. 893 898 */ 894 if (!EC_POINT_make_affine(group, P, ctx)) 899 if (group->meth->make_affine == NULL 900 || !group->meth->make_affine(group, P, ctx)) 895 901 goto err; 896 902 if (!ecp_nistz256_bignum_to_field_elem(temp.X, P->X) || 897 903 !ecp_nistz256_bignum_to_field_elem(temp.Y, P->Y)) { 898 ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, 899 EC_R_COORDINATES_OUT_OF_RANGE); 904 ERR_raise(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); 900 905 goto err; 901 906 } … … 970 975 971 976 if ((num + 1) == 0 || (num + 1) > OPENSSL_MALLOC_MAX_NELEMS(void *)) { 972 E Cerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);977 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 973 978 return 0; 974 979 } … … 979 984 generator = EC_GROUP_get0_generator(group); 980 985 if (generator == NULL) { 981 E Cerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_UNDEFINED_GENERATOR);986 ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR); 982 987 goto err; 983 988 } … … 1027 1032 1028 1033 if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) { 1029 E Cerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_BN_LIB);1034 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1030 1035 goto err; 1031 1036 } … … 1123 1128 new_scalars = OPENSSL_malloc((num + 1) * sizeof(BIGNUM *)); 1124 1129 if (new_scalars == NULL) { 1125 E Cerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);1130 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1126 1131 goto err; 1127 1132 } … … 1129 1134 new_points = OPENSSL_malloc((num + 1) * sizeof(EC_POINT *)); 1130 1135 if (new_points == NULL) { 1131 E Cerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);1136 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1132 1137 goto err; 1133 1138 } … … 1184 1189 1185 1190 if (EC_POINT_is_at_infinity(group, point)) { 1186 E Cerr(EC_F_ECP_NISTZ256_GET_AFFINE, EC_R_POINT_AT_INFINITY);1191 ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); 1187 1192 return 0; 1188 1193 } … … 1191 1196 !ecp_nistz256_bignum_to_field_elem(point_y, point->Y) || 1192 1197 !ecp_nistz256_bignum_to_field_elem(point_z, point->Z)) { 1193 E Cerr(EC_F_ECP_NISTZ256_GET_AFFINE, EC_R_COORDINATES_OUT_OF_RANGE);1198 ERR_raise(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); 1194 1199 return 0; 1195 1200 } … … 1226 1231 1227 1232 if (ret == NULL) { 1228 E Cerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);1233 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1229 1234 return ret; 1230 1235 } … … 1236 1241 ret->lock = CRYPTO_THREAD_lock_new(); 1237 1242 if (ret->lock == NULL) { 1238 E Cerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);1243 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1239 1244 OPENSSL_free(ret); 1240 1245 return NULL; … … 1259 1264 1260 1265 CRYPTO_DOWN_REF(&pre->references, &i, pre->lock); 1261 REF_PRINT_COUNT("EC_nistz256", x);1266 REF_PRINT_COUNT("EC_nistz256", pre); 1262 1267 if (i > 0) 1263 1268 return; … … 1295 1300 void ecp_nistz256_ord_sqr_mont(BN_ULONG res[P256_LIMBS], 1296 1301 const BN_ULONG a[P256_LIMBS], 1297 intrep);1302 BN_ULONG rep); 1298 1303 1299 1304 static int ecp_nistz256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r, … … 1325 1330 */ 1326 1331 if (bn_wexpand(r, P256_LIMBS) == NULL) { 1327 E Cerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, ERR_R_BN_LIB);1332 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1328 1333 goto err; 1329 1334 } … … 1334 1339 if ((tmp = BN_CTX_get(ctx)) == NULL 1335 1340 || !BN_nnmod(tmp, x, group->order, ctx)) { 1336 E Cerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, ERR_R_BN_LIB);1341 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1337 1342 goto err; 1338 1343 } … … 1341 1346 1342 1347 if (!ecp_nistz256_bignum_to_field_elem(t, x)) { 1343 E Cerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, EC_R_COORDINATES_OUT_OF_RANGE);1348 ERR_raise(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); 1344 1349 goto err; 1345 1350 } … … 1471 1476 EC_FLAGS_DEFAULT_OCT, 1472 1477 NID_X9_62_prime_field, 1473 ec_GFp_mont_group_init, 1474 ec_GFp_mont_group_finish, 1475 ec_GFp_mont_group_clear_finish, 1476 ec_GFp_mont_group_copy, 1477 ec_GFp_mont_group_set_curve, 1478 ec_GFp_simple_group_get_curve, 1479 ec_GFp_simple_group_get_degree, 1480 ec_group_simple_order_bits, 1481 ec_GFp_simple_group_check_discriminant, 1482 ec_GFp_simple_point_init, 1483 ec_GFp_simple_point_finish, 1484 ec_GFp_simple_point_clear_finish, 1485 ec_GFp_simple_point_copy, 1486 ec_GFp_simple_point_set_to_infinity, 1487 ec_GFp_simple_set_Jprojective_coordinates_GFp, 1488 ec_GFp_simple_get_Jprojective_coordinates_GFp, 1489 ec_GFp_simple_point_set_affine_coordinates, 1478 ossl_ec_GFp_mont_group_init, 1479 ossl_ec_GFp_mont_group_finish, 1480 ossl_ec_GFp_mont_group_clear_finish, 1481 ossl_ec_GFp_mont_group_copy, 1482 ossl_ec_GFp_mont_group_set_curve, 1483 ossl_ec_GFp_simple_group_get_curve, 1484 ossl_ec_GFp_simple_group_get_degree, 1485 ossl_ec_group_simple_order_bits, 1486 ossl_ec_GFp_simple_group_check_discriminant, 1487 ossl_ec_GFp_simple_point_init, 1488 ossl_ec_GFp_simple_point_finish, 1489 ossl_ec_GFp_simple_point_clear_finish, 1490 ossl_ec_GFp_simple_point_copy, 1491 ossl_ec_GFp_simple_point_set_to_infinity, 1492 ossl_ec_GFp_simple_point_set_affine_coordinates, 1490 1493 ecp_nistz256_get_affine, 1491 1494 0, 0, 0, 1492 ec_GFp_simple_add,1493 ec_GFp_simple_dbl,1494 ec_GFp_simple_invert,1495 ec_GFp_simple_is_at_infinity,1496 ec_GFp_simple_is_on_curve,1497 ec_GFp_simple_cmp,1498 ec_GFp_simple_make_affine,1499 ec_GFp_simple_points_make_affine,1495 ossl_ec_GFp_simple_add, 1496 ossl_ec_GFp_simple_dbl, 1497 ossl_ec_GFp_simple_invert, 1498 ossl_ec_GFp_simple_is_at_infinity, 1499 ossl_ec_GFp_simple_is_on_curve, 1500 ossl_ec_GFp_simple_cmp, 1501 ossl_ec_GFp_simple_make_affine, 1502 ossl_ec_GFp_simple_points_make_affine, 1500 1503 ecp_nistz256_points_mul, /* mul */ 1501 1504 ecp_nistz256_mult_precompute, /* precompute_mult */ 1502 1505 ecp_nistz256_window_have_precompute_mult, /* have_precompute_mult */ 1503 ec_GFp_mont_field_mul,1504 ec_GFp_mont_field_sqr,1506 ossl_ec_GFp_mont_field_mul, 1507 ossl_ec_GFp_mont_field_sqr, 1505 1508 0, /* field_div */ 1506 ec_GFp_mont_field_inv,1507 ec_GFp_mont_field_encode,1508 ec_GFp_mont_field_decode,1509 ec_GFp_mont_field_set_to_one,1510 ec_key_simple_priv2oct,1511 ec_key_simple_oct2priv,1509 ossl_ec_GFp_mont_field_inv, 1510 ossl_ec_GFp_mont_field_encode, 1511 ossl_ec_GFp_mont_field_decode, 1512 ossl_ec_GFp_mont_field_set_to_one, 1513 ossl_ec_key_simple_priv2oct, 1514 ossl_ec_key_simple_oct2priv, 1512 1515 0, /* set private */ 1513 ec_key_simple_generate_key,1514 ec_key_simple_check_key,1515 ec_key_simple_generate_public_key,1516 ossl_ec_key_simple_generate_key, 1517 ossl_ec_key_simple_check_key, 1518 ossl_ec_key_simple_generate_public_key, 1516 1519 0, /* keycopy */ 1517 1520 0, /* keyfinish */ 1518 ecdh_simple_compute_key, 1521 ossl_ecdh_simple_compute_key, 1522 ossl_ecdsa_simple_sign_setup, 1523 ossl_ecdsa_simple_sign_sig, 1524 ossl_ecdsa_simple_verify_sig, 1519 1525 ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */ 1520 1526 0, /* blind_coordinates */ -
trunk/src/libs/openssl-3.0.1/crypto/ec/ecp_nistz256_table.c
r91772 r94082 2 2 * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at -
trunk/src/libs/openssl-3.0.1/crypto/ec/ecp_oct.c
r91772 r94082 1 1 /* 2 * Copyright 2011-20 18The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 9 9 */ 10 10 11 /* 12 * ECDSA low level APIs are deprecated for public use, but still ok for 13 * internal use. 14 */ 15 #include "internal/deprecated.h" 16 11 17 #include <openssl/err.h> 12 18 #include <openssl/symhacks.h> … … 14 20 #include "ec_local.h" 15 21 16 int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,17 EC_POINT *point,18 const BIGNUM *x_, int y_bit,19 BN_CTX *ctx)22 int ossl_ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, 23 EC_POINT *point, 24 const BIGNUM *x_, int y_bit, 25 BN_CTX *ctx) 20 26 { 21 27 BN_CTX *new_ctx = NULL; … … 23 29 int ret = 0; 24 30 25 /* clear error queue */26 ERR_clear_error();27 28 31 if (ctx == NULL) { 29 ctx = new_ctx = BN_CTX_new ();32 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 30 33 if (ctx == NULL) 31 34 return 0; … … 99 102 } 100 103 104 ERR_set_mark(); 101 105 if (!BN_mod_sqrt(y, tmp1, group->field, ctx)) { 106 #ifndef FIPS_MODULE 102 107 unsigned long err = ERR_peek_last_error(); 103 108 104 109 if (ERR_GET_LIB(err) == ERR_LIB_BN 105 110 && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) { 106 ERR_clear_error(); 107 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, 108 EC_R_INVALID_COMPRESSED_POINT); 111 ERR_pop_to_mark(); 112 ERR_raise(ERR_LIB_EC, EC_R_INVALID_COMPRESSED_POINT); 109 113 } else 110 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, 111 ERR_R_BN_LIB); 112 goto err; 113 } 114 #endif 115 { 116 ERR_clear_last_mark(); 117 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 118 } 119 goto err; 120 } 121 ERR_clear_last_mark(); 114 122 115 123 if (y_bit != BN_is_odd(y)) { … … 122 130 123 131 if (kron == 1) 124 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, 125 EC_R_INVALID_COMPRESSION_BIT); 132 ERR_raise(ERR_LIB_EC, EC_R_INVALID_COMPRESSION_BIT); 126 133 else 127 134 /* 128 135 * BN_mod_sqrt() should have caught this error (not a square) 129 136 */ 130 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, 131 EC_R_INVALID_COMPRESSED_POINT); 137 ERR_raise(ERR_LIB_EC, EC_R_INVALID_COMPRESSED_POINT); 132 138 goto err; 133 139 } … … 136 142 } 137 143 if (y_bit != BN_is_odd(y)) { 138 ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, 139 ERR_R_INTERNAL_ERROR); 144 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 140 145 goto err; 141 146 } … … 152 157 } 153 158 154 size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,155 point_conversion_form_t form,156 unsigned char *buf, size_t len, BN_CTX *ctx)159 size_t ossl_ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, 160 point_conversion_form_t form, 161 unsigned char *buf, size_t len, BN_CTX *ctx) 157 162 { 158 163 size_t ret; … … 165 170 && (form != POINT_CONVERSION_UNCOMPRESSED) 166 171 && (form != POINT_CONVERSION_HYBRID)) { 167 E Cerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);172 ERR_raise(ERR_LIB_EC, EC_R_INVALID_FORM); 168 173 goto err; 169 174 } … … 173 178 if (buf != NULL) { 174 179 if (len < 1) { 175 E Cerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);180 ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); 176 181 return 0; 177 182 } … … 190 195 if (buf != NULL) { 191 196 if (len < ret) { 192 E Cerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);197 ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); 193 198 goto err; 194 199 } 195 200 196 201 if (ctx == NULL) { 197 ctx = new_ctx = BN_CTX_new ();202 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 198 203 if (ctx == NULL) 199 204 return 0; … … 220 225 skip = field_len - BN_num_bytes(x); 221 226 if (skip > field_len) { 222 E Cerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);227 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 223 228 goto err; 224 229 } … … 230 235 i += skip; 231 236 if (i != 1 + field_len) { 232 E Cerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);237 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 233 238 goto err; 234 239 } … … 238 243 skip = field_len - BN_num_bytes(y); 239 244 if (skip > field_len) { 240 E Cerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);245 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 241 246 goto err; 242 247 } … … 250 255 251 256 if (i != ret) { 252 E Cerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);257 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 253 258 goto err; 254 259 } … … 267 272 } 268 273 269 int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, 270 const unsigned char *buf, size_t len, BN_CTX *ctx) 274 int ossl_ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, 275 const unsigned char *buf, size_t len, 276 BN_CTX *ctx) 271 277 { 272 278 point_conversion_form_t form; … … 278 284 279 285 if (len == 0) { 280 E Cerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);286 ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); 281 287 return 0; 282 288 } … … 287 293 && (form != POINT_CONVERSION_UNCOMPRESSED) 288 294 && (form != POINT_CONVERSION_HYBRID)) { 289 E Cerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);295 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 290 296 return 0; 291 297 } 292 298 if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) { 293 E Cerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);299 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 294 300 return 0; 295 301 } … … 297 303 if (form == 0) { 298 304 if (len != 1) { 299 E Cerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);305 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 300 306 return 0; 301 307 } … … 310 316 311 317 if (len != enc_len) { 312 E Cerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);318 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 313 319 return 0; 314 320 } 315 321 316 322 if (ctx == NULL) { 317 ctx = new_ctx = BN_CTX_new ();323 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 318 324 if (ctx == NULL) 319 325 return 0; … … 329 335 goto err; 330 336 if (BN_ucmp(x, group->field) >= 0) { 331 E Cerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);337 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 332 338 goto err; 333 339 } … … 340 346 goto err; 341 347 if (BN_ucmp(y, group->field) >= 0) { 342 E Cerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);348 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 343 349 goto err; 344 350 } 345 351 if (form == POINT_CONVERSION_HYBRID) { 346 352 if (y_bit != BN_is_odd(y)) { 347 E Cerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);353 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 348 354 goto err; 349 355 } -
trunk/src/libs/openssl-3.0.1/crypto/ec/ecp_smpl.c
r91772 r94082 1 1 /* 2 * Copyright 2001-202 0The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * 5 * Licensed under the OpenSSL license(the "License"). You may not use5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 6 * this file except in compliance with the License. You can obtain a copy 7 7 * in the file LICENSE in the source distribution or at … … 9 9 */ 10 10 11 /* 12 * ECDSA low level APIs are deprecated for public use, but still ok for 13 * internal use. 14 */ 15 #include "internal/deprecated.h" 16 11 17 #include <openssl/err.h> 12 18 #include <openssl/symhacks.h> … … 19 25 EC_FLAGS_DEFAULT_OCT, 20 26 NID_X9_62_prime_field, 21 ec_GFp_simple_group_init, 22 ec_GFp_simple_group_finish, 23 ec_GFp_simple_group_clear_finish, 24 ec_GFp_simple_group_copy, 25 ec_GFp_simple_group_set_curve, 26 ec_GFp_simple_group_get_curve, 27 ec_GFp_simple_group_get_degree, 28 ec_group_simple_order_bits, 29 ec_GFp_simple_group_check_discriminant, 30 ec_GFp_simple_point_init, 31 ec_GFp_simple_point_finish, 32 ec_GFp_simple_point_clear_finish, 33 ec_GFp_simple_point_copy, 34 ec_GFp_simple_point_set_to_infinity, 35 ec_GFp_simple_set_Jprojective_coordinates_GFp, 36 ec_GFp_simple_get_Jprojective_coordinates_GFp, 37 ec_GFp_simple_point_set_affine_coordinates, 38 ec_GFp_simple_point_get_affine_coordinates, 27 ossl_ec_GFp_simple_group_init, 28 ossl_ec_GFp_simple_group_finish, 29 ossl_ec_GFp_simple_group_clear_finish, 30 ossl_ec_GFp_simple_group_copy, 31 ossl_ec_GFp_simple_group_set_curve, 32 ossl_ec_GFp_simple_group_get_curve, 33 ossl_ec_GFp_simple_group_get_degree, 34 ossl_ec_group_simple_order_bits, 35 ossl_ec_GFp_simple_group_check_discriminant, 36 ossl_ec_GFp_simple_point_init, 37 ossl_ec_GFp_simple_point_finish, 38 ossl_ec_GFp_simple_point_clear_finish, 39 ossl_ec_GFp_simple_point_copy, 40 ossl_ec_GFp_simple_point_set_to_infinity, 41 ossl_ec_GFp_simple_point_set_affine_coordinates, 42 ossl_ec_GFp_simple_point_get_affine_coordinates, 39 43 0, 0, 0, 40 ec_GFp_simple_add,41 ec_GFp_simple_dbl,42 ec_GFp_simple_invert,43 ec_GFp_simple_is_at_infinity,44 ec_GFp_simple_is_on_curve,45 ec_GFp_simple_cmp,46 ec_GFp_simple_make_affine,47 ec_GFp_simple_points_make_affine,44 ossl_ec_GFp_simple_add, 45 ossl_ec_GFp_simple_dbl, 46 ossl_ec_GFp_simple_invert, 47 ossl_ec_GFp_simple_is_at_infinity, 48 ossl_ec_GFp_simple_is_on_curve, 49 ossl_ec_GFp_simple_cmp, 50 ossl_ec_GFp_simple_make_affine, 51 ossl_ec_GFp_simple_points_make_affine, 48 52 0 /* mul */ , 49 53 0 /* precompute_mult */ , 50 54 0 /* have_precompute_mult */ , 51 ec_GFp_simple_field_mul,52 ec_GFp_simple_field_sqr,55 ossl_ec_GFp_simple_field_mul, 56 ossl_ec_GFp_simple_field_sqr, 53 57 0 /* field_div */ , 54 ec_GFp_simple_field_inv,58 ossl_ec_GFp_simple_field_inv, 55 59 0 /* field_encode */ , 56 60 0 /* field_decode */ , 57 61 0, /* field_set_to_one */ 58 ec_key_simple_priv2oct,59 ec_key_simple_oct2priv,62 ossl_ec_key_simple_priv2oct, 63 ossl_ec_key_simple_oct2priv, 60 64 0, /* set private */ 61 ec_key_simple_generate_key,62 ec_key_simple_check_key,63 ec_key_simple_generate_public_key,65 ossl_ec_key_simple_generate_key, 66 ossl_ec_key_simple_check_key, 67 ossl_ec_key_simple_generate_public_key, 64 68 0, /* keycopy */ 65 69 0, /* keyfinish */ 66 ecdh_simple_compute_key, 70 ossl_ecdh_simple_compute_key, 71 ossl_ecdsa_simple_sign_setup, 72 ossl_ecdsa_simple_sign_sig, 73 ossl_ecdsa_simple_verify_sig, 67 74 0, /* field_inverse_mod_ord */ 68 ec_GFp_simple_blind_coordinates,69 ec_GFp_simple_ladder_pre,70 ec_GFp_simple_ladder_step,71 ec_GFp_simple_ladder_post75 ossl_ec_GFp_simple_blind_coordinates, 76 ossl_ec_GFp_simple_ladder_pre, 77 ossl_ec_GFp_simple_ladder_step, 78 ossl_ec_GFp_simple_ladder_post 72 79 }; 73 80 … … 89 96 */ 90 97 91 int ec_GFp_simple_group_init(EC_GROUP *group)98 int ossl_ec_GFp_simple_group_init(EC_GROUP *group) 92 99 { 93 100 group->field = BN_new(); … … 104 111 } 105 112 106 void ec_GFp_simple_group_finish(EC_GROUP *group)113 void ossl_ec_GFp_simple_group_finish(EC_GROUP *group) 107 114 { 108 115 BN_free(group->field); … … 111 118 } 112 119 113 void ec_GFp_simple_group_clear_finish(EC_GROUP *group)120 void ossl_ec_GFp_simple_group_clear_finish(EC_GROUP *group) 114 121 { 115 122 BN_clear_free(group->field); … … 118 125 } 119 126 120 int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)127 int ossl_ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) 121 128 { 122 129 if (!BN_copy(dest->field, src->field)) … … 132 139 } 133 140 134 int ec_GFp_simple_group_set_curve(EC_GROUP *group,135 const BIGNUM *p, const BIGNUM *a,136 const BIGNUM *b, BN_CTX *ctx)141 int ossl_ec_GFp_simple_group_set_curve(EC_GROUP *group, 142 const BIGNUM *p, const BIGNUM *a, 143 const BIGNUM *b, BN_CTX *ctx) 137 144 { 138 145 int ret = 0; … … 142 149 /* p must be a prime > 3 */ 143 150 if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) { 144 E Cerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD);151 ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); 145 152 return 0; 146 153 } 147 154 148 155 if (ctx == NULL) { 149 ctx = new_ctx = BN_CTX_new ();156 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 150 157 if (ctx == NULL) 151 158 return 0; … … 191 198 } 192 199 193 int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,194 BIGNUM *b, BN_CTX *ctx)200 int ossl_ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, 201 BIGNUM *a, BIGNUM *b, BN_CTX *ctx) 195 202 { 196 203 int ret = 0; … … 205 212 if (group->meth->field_decode) { 206 213 if (ctx == NULL) { 207 ctx = new_ctx = BN_CTX_new ();214 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 208 215 if (ctx == NULL) 209 216 return 0; … … 236 243 } 237 244 238 int ec_GFp_simple_group_get_degree(const EC_GROUP *group)245 int ossl_ec_GFp_simple_group_get_degree(const EC_GROUP *group) 239 246 { 240 247 return BN_num_bits(group->field); 241 248 } 242 249 243 int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) 250 int ossl_ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, 251 BN_CTX *ctx) 244 252 { 245 253 int ret = 0; … … 249 257 250 258 if (ctx == NULL) { 251 ctx = new_ctx = BN_CTX_new ();259 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 252 260 if (ctx == NULL) { 253 ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, 254 ERR_R_MALLOC_FAILURE); 261 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 255 262 goto err; 256 263 } … … 313 320 } 314 321 315 int ec_GFp_simple_point_init(EC_POINT *point)322 int ossl_ec_GFp_simple_point_init(EC_POINT *point) 316 323 { 317 324 point->X = BN_new(); … … 329 336 } 330 337 331 void ec_GFp_simple_point_finish(EC_POINT *point)338 void ossl_ec_GFp_simple_point_finish(EC_POINT *point) 332 339 { 333 340 BN_free(point->X); … … 336 343 } 337 344 338 void ec_GFp_simple_point_clear_finish(EC_POINT *point)345 void ossl_ec_GFp_simple_point_clear_finish(EC_POINT *point) 339 346 { 340 347 BN_clear_free(point->X); … … 344 351 } 345 352 346 int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src)353 int ossl_ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src) 347 354 { 348 355 if (!BN_copy(dest->X, src->X)) … … 358 365 } 359 366 360 int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group,361 EC_POINT *point)367 int ossl_ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, 368 EC_POINT *point) 362 369 { 363 370 point->Z_is_one = 0; … … 366 373 } 367 374 368 int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group,369 EC_POINT *point,370 const BIGNUM *x,371 const BIGNUM *y,372 const BIGNUM *z,373 BN_CTX *ctx)375 int ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, 376 EC_POINT *point, 377 const BIGNUM *x, 378 const BIGNUM *y, 379 const BIGNUM *z, 380 BN_CTX *ctx) 374 381 { 375 382 BN_CTX *new_ctx = NULL; … … 377 384 378 385 if (ctx == NULL) { 379 ctx = new_ctx = BN_CTX_new ();386 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 380 387 if (ctx == NULL) 381 388 return 0; … … 426 433 } 427 434 428 int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group,429 const EC_POINT *point,430 BIGNUM *x, BIGNUM *y,431 BIGNUM *z, BN_CTX *ctx)435 int ossl_ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, 436 const EC_POINT *point, 437 BIGNUM *x, BIGNUM *y, 438 BIGNUM *z, BN_CTX *ctx) 432 439 { 433 440 BN_CTX *new_ctx = NULL; … … 436 443 if (group->meth->field_decode != 0) { 437 444 if (ctx == NULL) { 438 ctx = new_ctx = BN_CTX_new ();445 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 439 446 if (ctx == NULL) 440 447 return 0; … … 475 482 } 476 483 477 int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group,478 EC_POINT *point,479 const BIGNUM *x,480 const BIGNUM *y, BN_CTX *ctx)484 int ossl_ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, 485 EC_POINT *point, 486 const BIGNUM *x, 487 const BIGNUM *y, BN_CTX *ctx) 481 488 { 482 489 if (x == NULL || y == NULL) { … … 484 491 * unlike for projective coordinates, we do not tolerate this 485 492 */ 486 ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, 487 ERR_R_PASSED_NULL_PARAMETER); 493 ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); 488 494 return 0; 489 495 } … … 493 499 } 494 500 495 int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,496 const EC_POINT *point,497 BIGNUM *x, BIGNUM *y,498 BN_CTX *ctx)501 int ossl_ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, 502 const EC_POINT *point, 503 BIGNUM *x, BIGNUM *y, 504 BN_CTX *ctx) 499 505 { 500 506 BN_CTX *new_ctx = NULL; … … 504 510 505 511 if (EC_POINT_is_at_infinity(group, point)) { 506 ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, 507 EC_R_POINT_AT_INFINITY); 512 ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); 508 513 return 0; 509 514 } 510 515 511 516 if (ctx == NULL) { 512 ctx = new_ctx = BN_CTX_new ();517 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 513 518 if (ctx == NULL) 514 519 return 0; … … 555 560 } else { 556 561 if (!group->meth->field_inv(group, Z_1, Z_, ctx)) { 557 ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, 558 ERR_R_BN_LIB); 562 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 559 563 goto err; 560 564 } … … 607 611 } 608 612 609 int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,610 const EC_POINT *b, BN_CTX *ctx)613 int ossl_ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, 614 const EC_POINT *b, BN_CTX *ctx) 611 615 { 612 616 int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, … … 630 634 631 635 if (ctx == NULL) { 632 ctx = new_ctx = BN_CTX_new ();636 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 633 637 if (ctx == NULL) 634 638 return 0; … … 792 796 } 793 797 794 int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,795 BN_CTX *ctx)798 int ossl_ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, 799 BN_CTX *ctx) 796 800 { 797 801 int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, … … 814 818 815 819 if (ctx == NULL) { 816 ctx = new_ctx = BN_CTX_new ();820 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 817 821 if (ctx == NULL) 818 822 return 0; … … 934 938 } 935 939 936 int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) 940 int ossl_ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, 941 BN_CTX *ctx) 937 942 { 938 943 if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(point->Y)) … … 943 948 } 944 949 945 int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) 950 int ossl_ec_GFp_simple_is_at_infinity(const EC_GROUP *group, 951 const EC_POINT *point) 946 952 { 947 953 return BN_is_zero(point->Z); 948 954 } 949 955 950 int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,951 BN_CTX *ctx)956 int ossl_ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, 957 BN_CTX *ctx) 952 958 { 953 959 int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, … … 967 973 968 974 if (ctx == NULL) { 969 ctx = new_ctx = BN_CTX_new ();975 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 970 976 if (ctx == NULL) 971 977 return -1; … … 1051 1057 } 1052 1058 1053 int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a,1054 const EC_POINT *b, BN_CTX *ctx)1059 int ossl_ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, 1060 const EC_POINT *b, BN_CTX *ctx) 1055 1061 { 1056 1062 /*- … … 1084 1090 1085 1091 if (ctx == NULL) { 1086 ctx = new_ctx = BN_CTX_new ();1092 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 1087 1093 if (ctx == NULL) 1088 1094 return -1; … … 1159 1165 } 1160 1166 1161 int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point,1162 BN_CTX *ctx)1167 int ossl_ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, 1168 BN_CTX *ctx) 1163 1169 { 1164 1170 BN_CTX *new_ctx = NULL; … … 1170 1176 1171 1177 if (ctx == NULL) { 1172 ctx = new_ctx = BN_CTX_new ();1178 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 1173 1179 if (ctx == NULL) 1174 1180 return 0; … … 1186 1192 goto err; 1187 1193 if (!point->Z_is_one) { 1188 E Cerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);1194 ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); 1189 1195 goto err; 1190 1196 } … … 1198 1204 } 1199 1205 1200 int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,1201 EC_POINT *points[], BN_CTX *ctx)1206 int ossl_ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, 1207 EC_POINT *points[], BN_CTX *ctx) 1202 1208 { 1203 1209 BN_CTX *new_ctx = NULL; … … 1211 1217 1212 1218 if (ctx == NULL) { 1213 ctx = new_ctx = BN_CTX_new ();1219 ctx = new_ctx = BN_CTX_new_ex(group->libctx); 1214 1220 if (ctx == NULL) 1215 1221 return 0; … … 1267 1273 1268 1274 if (!group->meth->field_inv(group, tmp, prod_Z[num - 1], ctx)) { 1269 E Cerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);1275 ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); 1270 1276 goto err; 1271 1277 } … … 1357 1363 } 1358 1364 1359 int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,1360 const BIGNUM *b, BN_CTX *ctx)1365 int ossl_ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, 1366 const BIGNUM *b, BN_CTX *ctx) 1361 1367 { 1362 1368 return BN_mod_mul(r, a, b, group->field, ctx); 1363 1369 } 1364 1370 1365 int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,1366 BN_CTX *ctx)1371 int ossl_ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, 1372 BN_CTX *ctx) 1367 1373 { 1368 1374 return BN_mod_sqr(r, a, group->field, ctx); … … 1375 1381 * NB: "a" must be in _decoded_ form. (i.e. field_decode must precede.) 1376 1382 */ 1377 int ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,1378 BN_CTX *ctx)1383 int ossl_ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, 1384 const BIGNUM *a, BN_CTX *ctx) 1379 1385 { 1380 1386 BIGNUM *e = NULL; … … 1382 1388 int ret = 0; 1383 1389 1384 if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) 1390 if (ctx == NULL 1391 && (ctx = new_ctx = BN_CTX_secure_new_ex(group->libctx)) == NULL) 1385 1392 return 0; 1386 1393 … … 1390 1397 1391 1398 do { 1392 if (!BN_priv_rand_range (e, group->field))1399 if (!BN_priv_rand_range_ex(e, group->field, 0, ctx)) 1393 1400 goto err; 1394 1401 } while (BN_is_zero(e)); … … 1399 1406 /* r := 1/(a * e) */ 1400 1407 if (!BN_mod_inverse(r, r, group->field, ctx)) { 1401 E Cerr(EC_F_EC_GFP_SIMPLE_FIELD_INV, EC_R_CANNOT_INVERT);1408 ERR_raise(ERR_LIB_EC, EC_R_CANNOT_INVERT); 1402 1409 goto err; 1403 1410 } … … 1421 1428 * 1422 1429 */ 1423 int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,1424 BN_CTX *ctx)1430 int ossl_ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, 1431 BN_CTX *ctx) 1425 1432 { 1426 1433 int ret = 0; … … 1432 1439 temp = BN_CTX_get(ctx); 1433 1440 if (temp == NULL) { 1434 E Cerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_MALLOC_FAILURE);1441 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1435 1442 goto end; 1436 1443 } … … 1443 1450 do { 1444 1451 ERR_set_mark(); 1445 ret = BN_priv_rand_range (lambda, group->field);1452 ret = BN_priv_rand_range_ex(lambda, group->field, 0, ctx); 1446 1453 ERR_pop_to_mark(); 1447 1454 if (ret == 0) { … … 1484 1491 * for any non-zero \lambda that holds for projective (homogeneous) coords. 1485 1492 */ 1486 int ec_GFp_simple_ladder_pre(const EC_GROUP *group,1487 EC_POINT *r, EC_POINT *s,1488 EC_POINT *p, BN_CTX *ctx)1493 int ossl_ec_GFp_simple_ladder_pre(const EC_GROUP *group, 1494 EC_POINT *r, EC_POINT *s, 1495 EC_POINT *p, BN_CTX *ctx) 1489 1496 { 1490 1497 BIGNUM *t1, *t2, *t3, *t4, *t5 = NULL; … … 1513 1520 /* make sure lambda (r->Y here for storage) is not zero */ 1514 1521 do { 1515 if (!BN_priv_rand_range (r->Y, group->field))1522 if (!BN_priv_rand_range_ex(r->Y, group->field, 0, ctx)) 1516 1523 return 0; 1517 1524 } while (BN_is_zero(r->Y)); … … 1519 1526 /* make sure lambda (s->Z here for storage) is not zero */ 1520 1527 do { 1521 if (!BN_priv_rand_range (s->Z, group->field))1528 if (!BN_priv_rand_range_ex(s->Z, group->field, 0, ctx)) 1522 1529 return 0; 1523 1530 } while (BN_is_zero(s->Z)); … … 1554 1561 * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-mladd-2002-it-4 1555 1562 */ 1556 int ec_GFp_simple_ladder_step(const EC_GROUP *group,1557 EC_POINT *r, EC_POINT *s,1558 EC_POINT *p, BN_CTX *ctx)1563 int ossl_ec_GFp_simple_ladder_step(const EC_GROUP *group, 1564 EC_POINT *r, EC_POINT *s, 1565 EC_POINT *p, BN_CTX *ctx) 1559 1566 { 1560 1567 int ret = 0; … … 1642 1649 * one of the BN_is_zero(...) branches. 1643 1650 */ 1644 int ec_GFp_simple_ladder_post(const EC_GROUP *group,1645 EC_POINT *r, EC_POINT *s,1646 EC_POINT *p, BN_CTX *ctx)1651 int ossl_ec_GFp_simple_ladder_post(const EC_GROUP *group, 1652 EC_POINT *r, EC_POINT *s, 1653 EC_POINT *p, BN_CTX *ctx) 1647 1654 { 1648 1655 int ret = 0; -
trunk/src/libs/openssl-3.0.1/crypto/ec/ecx_meth.c
r91772 r94082 1 1 /* 2 * Copyright 2006-20 19The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 * Licensed under the OpenSSL license(the "License"). You may not use4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 5 * this file except in compliance with the License. You can obtain a copy 6 6 * in the file LICENSE in the source distribution or at … … 8 8 */ 9 9 10 /* 11 * ECDSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 15 10 16 #include <stdio.h> 11 #include "internal/cryptlib.h"12 17 #include <openssl/x509.h> 13 18 #include <openssl/ec.h> 19 #include <openssl/core_names.h> 20 #include <openssl/param_build.h> 14 21 #include <openssl/rand.h> 22 #include "internal/cryptlib.h" 23 #include "internal/provider.h" 15 24 #include "crypto/asn1.h" 16 25 #include "crypto/evp.h" 26 #include "crypto/ecx.h" 17 27 #include "ec_local.h" 18 28 #include "curve448/curve448_local.h" 19 20 #define X25519_BITS 253 21 #define X25519_SECURITY_BITS 128 22 23 #define ED25519_SIGSIZE 64 24 25 #define X448_BITS 448 26 #define ED448_BITS 456 27 #define X448_SECURITY_BITS 224 28 29 #define ED448_SIGSIZE 114 30 31 #define ISX448(id) ((id) == EVP_PKEY_X448) 32 #define IS25519(id) ((id) == EVP_PKEY_X25519 || (id) == EVP_PKEY_ED25519) 33 #define KEYLENID(id) (IS25519(id) ? X25519_KEYLEN \ 34 : ((id) == EVP_PKEY_X448 ? X448_KEYLEN \ 35 : ED448_KEYLEN)) 36 #define KEYLEN(p) KEYLENID((p)->ameth->pkey_id) 37 38 39 typedef enum { 40 KEY_OP_PUBLIC, 41 KEY_OP_PRIVATE, 42 KEY_OP_KEYGEN 43 } ecx_key_op_t; 44 45 /* Setup EVP_PKEY using public, private or generation */ 46 static int ecx_key_op(EVP_PKEY *pkey, int id, const X509_ALGOR *palg, 47 const unsigned char *p, int plen, ecx_key_op_t op) 48 { 49 ECX_KEY *key = NULL; 50 unsigned char *privkey, *pubkey; 51 52 if (op != KEY_OP_KEYGEN) { 53 if (palg != NULL) { 54 int ptype; 55 56 /* Algorithm parameters must be absent */ 57 X509_ALGOR_get0(NULL, &ptype, NULL, palg); 58 if (ptype != V_ASN1_UNDEF) { 59 ECerr(EC_F_ECX_KEY_OP, EC_R_INVALID_ENCODING); 60 return 0; 61 } 62 } 63 64 if (p == NULL || plen != KEYLENID(id)) { 65 ECerr(EC_F_ECX_KEY_OP, EC_R_INVALID_ENCODING); 66 return 0; 67 } 68 } 69 70 key = OPENSSL_zalloc(sizeof(*key)); 71 if (key == NULL) { 72 ECerr(EC_F_ECX_KEY_OP, ERR_R_MALLOC_FAILURE); 73 return 0; 74 } 75 pubkey = key->pubkey; 76 77 if (op == KEY_OP_PUBLIC) { 78 memcpy(pubkey, p, plen); 79 } else { 80 privkey = key->privkey = OPENSSL_secure_malloc(KEYLENID(id)); 81 if (privkey == NULL) { 82 ECerr(EC_F_ECX_KEY_OP, ERR_R_MALLOC_FAILURE); 83 goto err; 84 } 85 if (op == KEY_OP_KEYGEN) { 86 if (RAND_priv_bytes(privkey, KEYLENID(id)) <= 0) { 87 OPENSSL_secure_free(privkey); 88 key->privkey = NULL; 89 goto err; 90 } 91 if (id == EVP_PKEY_X25519) { 92 privkey[0] &= 248; 93 privkey[X25519_KEYLEN - 1] &= 127; 94 privkey[X25519_KEYLEN - 1] |= 64; 95 } else if (id == EVP_PKEY_X448) { 96 privkey[0] &= 252; 97 privkey[X448_KEYLEN - 1] |= 128; 98 } 99 } else { 100 memcpy(privkey, p, KEYLENID(id)); 101 } 102 switch (id) { 103 case EVP_PKEY_X25519: 104 X25519_public_from_private(pubkey, privkey); 105 break; 106 case EVP_PKEY_ED25519: 107 ED25519_public_from_private(pubkey, privkey); 108 break; 109 case EVP_PKEY_X448: 110 X448_public_from_private(pubkey, privkey); 111 break; 112 case EVP_PKEY_ED448: 113 ED448_public_from_private(pubkey, privkey); 114 break; 115 } 116 } 117 118 EVP_PKEY_assign(pkey, id, key); 119 return 1; 120 err: 121 OPENSSL_free(key); 122 return 0; 123 } 29 #include "ecx_backend.h" 124 30 125 31 static int ecx_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) … … 129 35 130 36 if (ecxkey == NULL) { 131 E Cerr(EC_F_ECX_PUB_ENCODE, EC_R_INVALID_KEY);37 ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); 132 38 return 0; 133 39 } … … 135 41 penc = OPENSSL_memdup(ecxkey->pubkey, KEYLEN(pkey)); 136 42 if (penc == NULL) { 137 E Cerr(EC_F_ECX_PUB_ENCODE, ERR_R_MALLOC_FAILURE);43 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 138 44 return 0; 139 45 } … … 142 48 V_ASN1_UNDEF, NULL, penc, KEYLEN(pkey))) { 143 49 OPENSSL_free(penc); 144 E Cerr(EC_F_ECX_PUB_ENCODE, ERR_R_MALLOC_FAILURE);145 return 0; 146 } 147 return 1; 148 } 149 150 static int ecx_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)50 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 51 return 0; 52 } 53 return 1; 54 } 55 56 static int ecx_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey) 151 57 { 152 58 const unsigned char *p; 153 59 int pklen; 154 60 X509_ALGOR *palg; 61 ECX_KEY *ecx; 62 int ret = 0; 155 63 156 64 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) 157 65 return 0; 158 return ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, pklen, 159 KEY_OP_PUBLIC); 66 ecx = ossl_ecx_key_op(palg, p, pklen, pkey->ameth->pkey_id, 67 KEY_OP_PUBLIC, NULL, NULL); 68 if (ecx != NULL) { 69 ret = 1; 70 EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, ecx); 71 } 72 return ret; 160 73 } 161 74 … … 171 84 } 172 85 173 static int ecx_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) 174 { 175 const unsigned char *p; 176 int plen; 177 ASN1_OCTET_STRING *oct = NULL; 178 const X509_ALGOR *palg; 179 int rv; 180 181 if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8)) 182 return 0; 183 184 oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen); 185 if (oct == NULL) { 186 p = NULL; 187 plen = 0; 188 } else { 189 p = ASN1_STRING_get0_data(oct); 190 plen = ASN1_STRING_length(oct); 191 } 192 193 rv = ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, plen, KEY_OP_PRIVATE); 194 ASN1_STRING_clear_free(oct); 195 return rv; 86 static int ecx_priv_decode_ex(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8, 87 OSSL_LIB_CTX *libctx, const char *propq) 88 { 89 int ret = 0; 90 ECX_KEY *ecx = ossl_ecx_key_from_pkcs8(p8, libctx, propq); 91 92 if (ecx != NULL) { 93 ret = 1; 94 EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, ecx); 95 } 96 97 return ret; 196 98 } 197 99 … … 204 106 205 107 if (ecxkey == NULL || ecxkey->privkey == NULL) { 206 E Cerr(EC_F_ECX_PRIV_ENCODE, EC_R_INVALID_PRIVATE_KEY);108 ERR_raise(ERR_LIB_EC, EC_R_INVALID_PRIVATE_KEY); 207 109 return 0; 208 110 } … … 214 116 penclen = i2d_ASN1_OCTET_STRING(&oct, &penc); 215 117 if (penclen < 0) { 216 E Cerr(EC_F_ECX_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);118 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 217 119 return 0; 218 120 } … … 221 123 V_ASN1_UNDEF, NULL, penc, penclen)) { 222 124 OPENSSL_clear_free(penc, penclen); 223 E Cerr(EC_F_ECX_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);125 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 224 126 return 0; 225 127 } … … 255 157 static void ecx_free(EVP_PKEY *pkey) 256 158 { 257 if (pkey->pkey.ecx != NULL) 258 OPENSSL_secure_clear_free(pkey->pkey.ecx->privkey, KEYLEN(pkey)); 259 OPENSSL_free(pkey->pkey.ecx); 159 ossl_ecx_key_free(pkey->pkey.ecx); 260 160 } 261 161 … … 319 219 switch (op) { 320 220 321 case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: 322 return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, arg2, arg1, 323 KEY_OP_PUBLIC); 324 221 case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: { 222 ECX_KEY *ecx = ossl_ecx_key_op(NULL, arg2, arg1, pkey->ameth->pkey_id, 223 KEY_OP_PUBLIC, NULL, NULL); 224 225 if (ecx != NULL) { 226 EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, ecx); 227 return 1; 228 } 229 return 0; 230 } 325 231 case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: 326 232 if (pkey->pkey.ecx != NULL) { … … 356 262 size_t len) 357 263 { 358 return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, priv, len, 359 KEY_OP_PRIVATE); 264 OSSL_LIB_CTX *libctx = NULL; 265 ECX_KEY *ecx = NULL; 266 267 if (pkey->keymgmt != NULL) 268 libctx = ossl_provider_libctx(EVP_KEYMGMT_get0_provider(pkey->keymgmt)); 269 270 ecx = ossl_ecx_key_op(NULL, priv, len, pkey->ameth->pkey_id, 271 KEY_OP_PRIVATE, libctx, NULL); 272 273 if (ecx != NULL) { 274 EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, ecx); 275 return 1; 276 } 277 return 0; 360 278 } 361 279 362 280 static int ecx_set_pub_key(EVP_PKEY *pkey, const unsigned char *pub, size_t len) 363 281 { 364 return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, pub, len, 365 KEY_OP_PUBLIC); 282 OSSL_LIB_CTX *libctx = NULL; 283 ECX_KEY *ecx = NULL; 284 285 if (pkey->keymgmt != NULL) 286 libctx = ossl_provider_libctx(EVP_KEYMGMT_get0_provider(pkey->keymgmt)); 287 288 ecx = ossl_ecx_key_op(NULL, pub, len, pkey->ameth->pkey_id, 289 KEY_OP_PUBLIC, libctx, NULL); 290 291 if (ecx != NULL) { 292 EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, ecx); 293 return 1; 294 } 295 return 0; 366 296 } 367 297 … … 407 337 } 408 338 409 const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = { 339 static size_t ecx_pkey_dirty_cnt(const EVP_PKEY *pkey) 340 { 341 /* 342 * We provide no mechanism to "update" an ECX key once it has been set, 343 * therefore we do not have to maintain a dirty count. 344 */ 345 return 1; 346 } 347 348 static int ecx_pkey_export_to(const EVP_PKEY *from, void *to_keydata, 349 OSSL_FUNC_keymgmt_import_fn *importer, 350 OSSL_LIB_CTX *libctx, const char *propq) 351 { 352 const ECX_KEY *key = from->pkey.ecx; 353 OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new(); 354 OSSL_PARAM *params = NULL; 355 int selection = 0; 356 int rv = 0; 357 358 if (tmpl == NULL) 359 return 0; 360 361 /* A key must at least have a public part */ 362 if (!OSSL_PARAM_BLD_push_octet_string(tmpl, OSSL_PKEY_PARAM_PUB_KEY, 363 key->pubkey, key->keylen)) 364 goto err; 365 selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; 366 367 if (key->privkey != NULL) { 368 if (!OSSL_PARAM_BLD_push_octet_string(tmpl, 369 OSSL_PKEY_PARAM_PRIV_KEY, 370 key->privkey, key->keylen)) 371 goto err; 372 selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY; 373 } 374 375 params = OSSL_PARAM_BLD_to_param(tmpl); 376 377 /* We export, the provider imports */ 378 rv = importer(to_keydata, selection, params); 379 380 err: 381 OSSL_PARAM_BLD_free(tmpl); 382 OSSL_PARAM_free(params); 383 return rv; 384 } 385 386 static int ecx_generic_import_from(const OSSL_PARAM params[], void *vpctx, 387 int keytype) 388 { 389 EVP_PKEY_CTX *pctx = vpctx; 390 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); 391 ECX_KEY *ecx = ossl_ecx_key_new(pctx->libctx, KEYNID2TYPE(keytype), 0, 392 pctx->propquery); 393 394 if (ecx == NULL) { 395 ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); 396 return 0; 397 } 398 399 if (!ossl_ecx_key_fromdata(ecx, params, 1) 400 || !EVP_PKEY_assign(pkey, keytype, ecx)) { 401 ossl_ecx_key_free(ecx); 402 return 0; 403 } 404 return 1; 405 } 406 407 static int ecx_pkey_copy(EVP_PKEY *to, EVP_PKEY *from) 408 { 409 ECX_KEY *ecx = from->pkey.ecx, *dupkey = NULL; 410 int ret; 411 412 if (ecx != NULL) { 413 dupkey = ossl_ecx_key_dup(ecx, OSSL_KEYMGMT_SELECT_ALL); 414 if (dupkey == NULL) 415 return 0; 416 } 417 418 ret = EVP_PKEY_assign(to, from->type, dupkey); 419 if (!ret) 420 ossl_ecx_key_free(dupkey); 421 return ret; 422 } 423 424 static int x25519_import_from(const OSSL_PARAM params[], void *vpctx) 425 { 426 return ecx_generic_import_from(params, vpctx, EVP_PKEY_X25519); 427 } 428 429 const EVP_PKEY_ASN1_METHOD ossl_ecx25519_asn1_meth = { 410 430 EVP_PKEY_X25519, 411 431 EVP_PKEY_X25519, … … 419 439 ecx_pub_print, 420 440 421 ecx_priv_decode,441 NULL, 422 442 ecx_priv_encode, 423 443 ecx_priv_print, … … 448 468 ecx_get_priv_key, 449 469 ecx_get_pub_key, 470 ecx_pkey_dirty_cnt, 471 ecx_pkey_export_to, 472 x25519_import_from, 473 ecx_pkey_copy, 474 475 ecx_priv_decode_ex 450 476 }; 451 477 452 const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth = { 478 static int x448_import_from(const OSSL_PARAM params[], void *vpctx) 479 { 480 return ecx_generic_import_from(params, vpctx, EVP_PKEY_X448); 481 } 482 483 const EVP_PKEY_ASN1_METHOD ossl_ecx448_asn1_meth = { 453 484 EVP_PKEY_X448, 454 485 EVP_PKEY_X448, … … 462 493 ecx_pub_print, 463 494 464 ecx_priv_decode,495 NULL, 465 496 ecx_priv_encode, 466 497 ecx_priv_print, … … 491 522 ecx_get_priv_key, 492 523 ecx_get_pub_key, 524 ecx_pkey_dirty_cnt, 525 ecx_pkey_export_to, 526 x448_import_from, 527 ecx_pkey_copy, 528 529 ecx_priv_decode_ex 493 530 }; 494 531 … … 503 540 } 504 541 505 static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,506 X509_ALGOR *sigalg, ASN1_BIT_STRING *str,507 EVP_PKEY *pkey)542 static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, 543 const void *asn, const X509_ALGOR *sigalg, 544 const ASN1_BIT_STRING *str, EVP_PKEY *pkey) 508 545 { 509 546 const ASN1_OBJECT *obj; … … 515 552 nid = OBJ_obj2nid(obj); 516 553 if ((nid != NID_ED25519 && nid != NID_ED448) || ptype != V_ASN1_UNDEF) { 517 E Cerr(EC_F_ECD_ITEM_VERIFY, EC_R_INVALID_ENCODING);554 ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); 518 555 return 0; 519 556 } … … 525 562 } 526 563 527 static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, 564 static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it, 565 const void *asn, 528 566 X509_ALGOR *alg1, X509_ALGOR *alg2, 529 567 ASN1_BIT_STRING *str) … … 545 583 } 546 584 547 static int ecd_item_sign448(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, 585 static int ecd_item_sign448(EVP_MD_CTX *ctx, const ASN1_ITEM *it, 586 const void *asn, 548 587 X509_ALGOR *alg1, X509_ALGOR *alg2, 549 588 ASN1_BIT_STRING *str) … … 565 604 } 566 605 567 568 const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = { 606 static int ed25519_import_from(const OSSL_PARAM params[], void *vpctx) 607 { 608 return ecx_generic_import_from(params, vpctx, EVP_PKEY_ED25519); 609 } 610 611 const EVP_PKEY_ASN1_METHOD ossl_ed25519_asn1_meth = { 569 612 EVP_PKEY_ED25519, 570 613 EVP_PKEY_ED25519, … … 578 621 ecx_pub_print, 579 622 580 ecx_priv_decode,623 NULL, 581 624 ecx_priv_encode, 582 625 ecx_priv_print, … … 606 649 ecx_get_priv_key, 607 650 ecx_get_pub_key, 651 ecx_pkey_dirty_cnt, 652 ecx_pkey_export_to, 653 ed25519_import_from, 654 ecx_pkey_copy, 655 656 ecx_priv_decode_ex 608 657 }; 609 658 610 const EVP_PKEY_ASN1_METHOD ed448_asn1_meth = { 659 static int ed448_import_from(const OSSL_PARAM params[], void *vpctx) 660 { 661 return ecx_generic_import_from(params, vpctx, EVP_PKEY_ED448); 662 } 663 664 const EVP_PKEY_ASN1_METHOD ossl_ed448_asn1_meth = { 611 665 EVP_PKEY_ED448, 612 666 EVP_PKEY_ED448, … … 620 674 ecx_pub_print, 621 675 622 ecx_priv_decode,676 NULL, 623 677 ecx_priv_encode, 624 678 ecx_priv_print, … … 648 702 ecx_get_priv_key, 649 703 ecx_get_pub_key, 704 ecx_pkey_dirty_cnt, 705 ecx_pkey_export_to, 706 ed448_import_from, 707 ecx_pkey_copy, 708 709 ecx_priv_decode_ex 650 710 }; 651 711 652 712 static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 653 713 { 654 return ecx_key_op(pkey, ctx->pmeth->pkey_id, NULL, NULL, 0, KEY_OP_KEYGEN); 714 ECX_KEY *ecx = ossl_ecx_key_op(NULL, NULL, 0, ctx->pmeth->pkey_id, 715 KEY_OP_PUBLIC, NULL, NULL); 716 717 if (ecx != NULL) { 718 EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, ecx); 719 return 1; 720 } 721 return 0; 655 722 } 656 723 … … 663 730 664 731 if (ctx->pkey == NULL || ctx->peerkey == NULL) { 665 E Cerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_KEYS_NOT_SET);666 return 0; 667 } 668 ecxkey = ctx->pkey->pkey.ecx;669 peerkey = ctx->peerkey->pkey.ecx;732 ERR_raise(ERR_LIB_EC, EC_R_KEYS_NOT_SET); 733 return 0; 734 } 735 ecxkey = evp_pkey_get_legacy(ctx->pkey); 736 peerkey = evp_pkey_get_legacy(ctx->peerkey); 670 737 if (ecxkey == NULL || ecxkey->privkey == NULL) { 671 E Cerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_INVALID_PRIVATE_KEY);738 ERR_raise(ERR_LIB_EC, EC_R_INVALID_PRIVATE_KEY); 672 739 return 0; 673 740 } 674 741 if (peerkey == NULL) { 675 E Cerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_INVALID_PEER_KEY);742 ERR_raise(ERR_LIB_EC, EC_R_INVALID_PEER_KEY); 676 743 return 0; 677 744 } … … 689 756 if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey) 690 757 || (key != NULL 691 && X25519(key, privkey, pubkey) == 0))758 && ossl_x25519(key, privkey, pubkey) == 0)) 692 759 return 0; 693 760 *keylen = X25519_KEYLEN; … … 702 769 if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey) 703 770 || (key != NULL 704 && X448(key, privkey, pubkey) == 0))771 && ossl_x448(key, privkey, pubkey) == 0)) 705 772 return 0; 706 773 *keylen = X448_KEYLEN; … … 716 783 } 717 784 718 const EVP_PKEY_METHOD ecx25519_pkey_meth = {785 static const EVP_PKEY_METHOD ecx25519_pkey_meth = { 719 786 EVP_PKEY_X25519, 720 787 0, 0, 0, 0, 0, 0, 0, … … 726 793 }; 727 794 728 const EVP_PKEY_METHOD ecx448_pkey_meth = {795 static const EVP_PKEY_METHOD ecx448_pkey_meth = { 729 796 EVP_PKEY_X448, 730 797 0, 0, 0, 0, 0, 0, 0, … … 740 807 size_t tbslen) 741 808 { 742 const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;809 const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); 743 810 744 811 if (sig == NULL) { … … 747 814 } 748 815 if (*siglen < ED25519_SIGSIZE) { 749 ECerr(EC_F_PKEY_ECD_DIGESTSIGN25519, EC_R_BUFFER_TOO_SMALL); 750 return 0; 751 } 752 753 if (ED25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey) == 0) 816 ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); 817 return 0; 818 } 819 820 if (ossl_ed25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL, 821 NULL) == 0) 754 822 return 0; 755 823 *siglen = ED25519_SIGSIZE; … … 761 829 size_t tbslen) 762 830 { 763 const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;831 const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); 764 832 765 833 if (sig == NULL) { … … 768 836 } 769 837 if (*siglen < ED448_SIGSIZE) { 770 E Cerr(EC_F_PKEY_ECD_DIGESTSIGN448, EC_R_BUFFER_TOO_SMALL);771 return 0; 772 } 773 774 if ( ED448_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL,775 0) == 0)838 ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); 839 return 0; 840 } 841 842 if (ossl_ed448_sign(edkey->libctx, sig, tbs, tbslen, edkey->pubkey, 843 edkey->privkey, NULL, 0, edkey->propq) == 0) 776 844 return 0; 777 845 *siglen = ED448_SIGSIZE; … … 783 851 size_t tbslen) 784 852 { 785 const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;853 const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); 786 854 787 855 if (siglen != ED25519_SIGSIZE) 788 856 return 0; 789 857 790 return ED25519_verify(tbs, tbslen, sig, edkey->pubkey); 858 return ossl_ed25519_verify(tbs, tbslen, sig, edkey->pubkey, 859 edkey->libctx, edkey->propq); 791 860 } 792 861 … … 795 864 size_t tbslen) 796 865 { 797 const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;866 const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); 798 867 799 868 if (siglen != ED448_SIGSIZE) 800 869 return 0; 801 870 802 return ED448_verify(tbs, tbslen, sig, edkey->pubkey, NULL, 0); 871 return ossl_ed448_verify(edkey->libctx, tbs, tbslen, sig, edkey->pubkey, 872 NULL, 0, edkey->propq); 803 873 } 804 874 … … 810 880 if (p2 == NULL || (const EVP_MD *)p2 == EVP_md_null()) 811 881 return 1; 812 E Cerr(EC_F_PKEY_ECD_CTRL, EC_R_INVALID_DIGEST_TYPE);882 ERR_raise(ERR_LIB_EC, EC_R_INVALID_DIGEST_TYPE); 813 883 return 0; 814 884 … … 819 889 } 820 890 821 const EVP_PKEY_METHOD ed25519_pkey_meth = {891 static const EVP_PKEY_METHOD ed25519_pkey_meth = { 822 892 EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM, 823 893 0, 0, 0, 0, 0, 0, … … 830 900 }; 831 901 832 const EVP_PKEY_METHOD ed448_pkey_meth = {902 static const EVP_PKEY_METHOD ed448_pkey_meth = { 833 903 EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM, 834 904 0, 0, 0, 0, 0, 0, … … 840 910 pkey_ecd_digestverify448 841 911 }; 912 913 #ifdef S390X_EC_ASM 914 # include "s390x_arch.h" 915 916 static int s390x_pkey_ecx_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 917 { 918 static const unsigned char generator[] = { 919 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 920 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 921 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 922 }; 923 ECX_KEY *key = ossl_ecx_key_new(ctx->libctx, ECX_KEY_TYPE_X25519, 1, 924 ctx->propquery); 925 unsigned char *privkey = NULL, *pubkey; 926 927 if (key == NULL) { 928 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 929 goto err; 930 } 931 932 pubkey = key->pubkey; 933 934 privkey = ossl_ecx_key_allocate_privkey(key); 935 if (privkey == NULL) { 936 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 937 goto err; 938 } 939 940 if (RAND_priv_bytes_ex(ctx->libctx, privkey, X25519_KEYLEN, 0) <= 0) 941 goto err; 942 943 privkey[0] &= 248; 944 privkey[31] &= 127; 945 privkey[31] |= 64; 946 947 if (s390x_x25519_mul(pubkey, generator, privkey) != 1) 948 goto err; 949 950 EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); 951 return 1; 952 err: 953 ossl_ecx_key_free(key); 954 return 0; 955 } 956 957 static int s390x_pkey_ecx_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 958 { 959 static const unsigned char generator[] = { 960 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 961 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 962 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 963 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 964 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 965 }; 966 ECX_KEY *key = ossl_ecx_key_new(ctx->libctx, ECX_KEY_TYPE_X448, 1, 967 ctx->propquery); 968 unsigned char *privkey = NULL, *pubkey; 969 970 if (key == NULL) { 971 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 972 goto err; 973 } 974 975 pubkey = key->pubkey; 976 977 privkey = ossl_ecx_key_allocate_privkey(key); 978 if (privkey == NULL) { 979 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 980 goto err; 981 } 982 983 if (RAND_priv_bytes_ex(ctx->libctx, privkey, X448_KEYLEN, 0) <= 0) 984 goto err; 985 986 privkey[0] &= 252; 987 privkey[55] |= 128; 988 989 if (s390x_x448_mul(pubkey, generator, privkey) != 1) 990 goto err; 991 992 EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); 993 return 1; 994 err: 995 ossl_ecx_key_free(key); 996 return 0; 997 } 998 999 static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 1000 { 1001 static const unsigned char generator_x[] = { 1002 0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, 1003 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, 1004 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21 1005 }; 1006 static const unsigned char generator_y[] = { 1007 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 1008 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 1009 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 1010 }; 1011 unsigned char x_dst[32], buff[SHA512_DIGEST_LENGTH]; 1012 ECX_KEY *key = ossl_ecx_key_new(ctx->libctx, ECX_KEY_TYPE_ED25519, 1, 1013 ctx->propquery); 1014 unsigned char *privkey = NULL, *pubkey; 1015 unsigned int sz; 1016 EVP_MD *md = NULL; 1017 int rv; 1018 1019 if (key == NULL) { 1020 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1021 goto err; 1022 } 1023 1024 pubkey = key->pubkey; 1025 1026 privkey = ossl_ecx_key_allocate_privkey(key); 1027 if (privkey == NULL) { 1028 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1029 goto err; 1030 } 1031 1032 if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED25519_KEYLEN, 0) <= 0) 1033 goto err; 1034 1035 md = EVP_MD_fetch(ctx->libctx, "SHA512", ctx->propquery); 1036 if (md == NULL) 1037 goto err; 1038 1039 rv = EVP_Digest(privkey, 32, buff, &sz, md, NULL); 1040 EVP_MD_free(md); 1041 if (!rv) 1042 goto err; 1043 1044 buff[0] &= 248; 1045 buff[31] &= 63; 1046 buff[31] |= 64; 1047 1048 if (s390x_ed25519_mul(x_dst, pubkey, 1049 generator_x, generator_y, buff) != 1) 1050 goto err; 1051 1052 pubkey[31] |= ((x_dst[0] & 0x01) << 7); 1053 1054 EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); 1055 return 1; 1056 err: 1057 ossl_ecx_key_free(key); 1058 return 0; 1059 } 1060 1061 static int s390x_pkey_ecd_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 1062 { 1063 static const unsigned char generator_x[] = { 1064 0x5e, 0xc0, 0x0c, 0xc7, 0x2b, 0xa8, 0x26, 0x26, 0x8e, 0x93, 0x00, 0x8b, 1065 0xe1, 0x80, 0x3b, 0x43, 0x11, 0x65, 0xb6, 0x2a, 0xf7, 0x1a, 0xae, 0x12, 1066 0x64, 0xa4, 0xd3, 0xa3, 0x24, 0xe3, 0x6d, 0xea, 0x67, 0x17, 0x0f, 0x47, 1067 0x70, 0x65, 0x14, 0x9e, 0xda, 0x36, 0xbf, 0x22, 0xa6, 0x15, 0x1d, 0x22, 1068 0xed, 0x0d, 0xed, 0x6b, 0xc6, 0x70, 0x19, 0x4f, 0x00 1069 }; 1070 static const unsigned char generator_y[] = { 1071 0x14, 0xfa, 0x30, 0xf2, 0x5b, 0x79, 0x08, 0x98, 0xad, 0xc8, 0xd7, 0x4e, 1072 0x2c, 0x13, 0xbd, 0xfd, 0xc4, 0x39, 0x7c, 0xe6, 0x1c, 0xff, 0xd3, 0x3a, 1073 0xd7, 0xc2, 0xa0, 0x05, 0x1e, 0x9c, 0x78, 0x87, 0x40, 0x98, 0xa3, 0x6c, 1074 0x73, 0x73, 0xea, 0x4b, 0x62, 0xc7, 0xc9, 0x56, 0x37, 0x20, 0x76, 0x88, 1075 0x24, 0xbc, 0xb6, 0x6e, 0x71, 0x46, 0x3f, 0x69, 0x00 1076 }; 1077 unsigned char x_dst[57], buff[114]; 1078 ECX_KEY *key = ossl_ecx_key_new(ctx->libctx, ECX_KEY_TYPE_ED448, 1, 1079 ctx->propquery); 1080 unsigned char *privkey = NULL, *pubkey; 1081 EVP_MD_CTX *hashctx = NULL; 1082 EVP_MD *md = NULL; 1083 int rv; 1084 1085 if (key == NULL) { 1086 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1087 goto err; 1088 } 1089 1090 pubkey = key->pubkey; 1091 1092 privkey = ossl_ecx_key_allocate_privkey(key); 1093 if (privkey == NULL) { 1094 ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); 1095 goto err; 1096 } 1097 1098 if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED448_KEYLEN, 0) <= 0) 1099 goto err; 1100 1101 hashctx = EVP_MD_CTX_new(); 1102 if (hashctx == NULL) 1103 goto err; 1104 1105 md = EVP_MD_fetch(ctx->libctx, "SHAKE256", ctx->propquery); 1106 if (md == NULL) 1107 goto err; 1108 1109 rv = EVP_DigestInit_ex(hashctx, md, NULL); 1110 EVP_MD_free(md); 1111 if (rv != 1) 1112 goto err; 1113 1114 if (EVP_DigestUpdate(hashctx, privkey, 57) != 1) 1115 goto err; 1116 if (EVP_DigestFinalXOF(hashctx, buff, sizeof(buff)) != 1) 1117 goto err; 1118 1119 buff[0] &= -4; 1120 buff[55] |= 0x80; 1121 buff[56] = 0; 1122 1123 if (s390x_ed448_mul(x_dst, pubkey, 1124 generator_x, generator_y, buff) != 1) 1125 goto err; 1126 1127 pubkey[56] |= ((x_dst[0] & 0x01) << 7); 1128 1129 EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); 1130 EVP_MD_CTX_free(hashctx); 1131 return 1; 1132 err: 1133 ossl_ecx_key_free(key); 1134 EVP_MD_CTX_free(hashctx); 1135 return 0; 1136 } 1137 1138 static int s390x_pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key, 1139 size_t *keylen) 1140 { 1141 const unsigned char *privkey, *pubkey; 1142 1143 if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)) 1144 return 0; 1145 1146 if (key != NULL) 1147 return s390x_x25519_mul(key, pubkey, privkey); 1148 1149 *keylen = X25519_KEYLEN; 1150 return 1; 1151 } 1152 1153 static int s390x_pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key, 1154 size_t *keylen) 1155 { 1156 const unsigned char *privkey, *pubkey; 1157 1158 if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)) 1159 return 0; 1160 1161 if (key != NULL) 1162 return s390x_x448_mul(key, pubkey, privkey); 1163 1164 *keylen = X448_KEYLEN; 1165 return 1; 1166 } 1167 1168 static int s390x_pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, 1169 unsigned char *sig, size_t *siglen, 1170 const unsigned char *tbs, 1171 size_t tbslen) 1172 { 1173 union { 1174 struct { 1175 unsigned char sig[64]; 1176 unsigned char priv[32]; 1177 } ed25519; 1178 unsigned long long buff[512]; 1179 } param; 1180 const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); 1181 int rc; 1182 1183 if (sig == NULL) { 1184 *siglen = ED25519_SIGSIZE; 1185 return 1; 1186 } 1187 1188 if (*siglen < ED25519_SIGSIZE) { 1189 ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); 1190 return 0; 1191 } 1192 1193 memset(¶m, 0, sizeof(param)); 1194 memcpy(param.ed25519.priv, edkey->privkey, sizeof(param.ed25519.priv)); 1195 1196 rc = s390x_kdsa(S390X_EDDSA_SIGN_ED25519, ¶m.ed25519, tbs, tbslen); 1197 OPENSSL_cleanse(param.ed25519.priv, sizeof(param.ed25519.priv)); 1198 if (rc != 0) 1199 return 0; 1200 1201 s390x_flip_endian32(sig, param.ed25519.sig); 1202 s390x_flip_endian32(sig + 32, param.ed25519.sig + 32); 1203 1204 *siglen = ED25519_SIGSIZE; 1205 return 1; 1206 } 1207 1208 static int s390x_pkey_ecd_digestsign448(EVP_MD_CTX *ctx, 1209 unsigned char *sig, size_t *siglen, 1210 const unsigned char *tbs, 1211 size_t tbslen) 1212 { 1213 union { 1214 struct { 1215 unsigned char sig[128]; 1216 unsigned char priv[64]; 1217 } ed448; 1218 unsigned long long buff[512]; 1219 } param; 1220 const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); 1221 int rc; 1222 1223 if (sig == NULL) { 1224 *siglen = ED448_SIGSIZE; 1225 return 1; 1226 } 1227 1228 if (*siglen < ED448_SIGSIZE) { 1229 ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); 1230 return 0; 1231 } 1232 1233 memset(¶m, 0, sizeof(param)); 1234 memcpy(param.ed448.priv + 64 - 57, edkey->privkey, 57); 1235 1236 rc = s390x_kdsa(S390X_EDDSA_SIGN_ED448, ¶m.ed448, tbs, tbslen); 1237 OPENSSL_cleanse(param.ed448.priv, sizeof(param.ed448.priv)); 1238 if (rc != 0) 1239 return 0; 1240 1241 s390x_flip_endian64(param.ed448.sig, param.ed448.sig); 1242 s390x_flip_endian64(param.ed448.sig + 64, param.ed448.sig + 64); 1243 memcpy(sig, param.ed448.sig, 57); 1244 memcpy(sig + 57, param.ed448.sig + 64, 57); 1245 1246 *siglen = ED448_SIGSIZE; 1247 return 1; 1248 } 1249 1250 static int s390x_pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, 1251 const unsigned char *sig, 1252 size_t siglen, 1253 const unsigned char *tbs, 1254 size_t tbslen) 1255 { 1256 union { 1257 struct { 1258 unsigned char sig[64]; 1259 unsigned char pub[32]; 1260 } ed25519; 1261 unsigned long long buff[512]; 1262 } param; 1263 const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); 1264 1265 if (siglen != ED25519_SIGSIZE) 1266 return 0; 1267 1268 memset(¶m, 0, sizeof(param)); 1269 s390x_flip_endian32(param.ed25519.sig, sig); 1270 s390x_flip_endian32(param.ed25519.sig + 32, sig + 32); 1271 s390x_flip_endian32(param.ed25519.pub, edkey->pubkey); 1272 1273 return s390x_kdsa(S390X_EDDSA_VERIFY_ED25519, 1274 ¶m.ed25519, tbs, tbslen) == 0 ? 1 : 0; 1275 } 1276 1277 static int s390x_pkey_ecd_digestverify448(EVP_MD_CTX *ctx, 1278 const unsigned char *sig, 1279 size_t siglen, 1280 const unsigned char *tbs, 1281 size_t tbslen) 1282 { 1283 union { 1284 struct { 1285 unsigned char sig[128]; 1286 unsigned char pub[64]; 1287 } ed448; 1288 unsigned long long buff[512]; 1289 } param; 1290 const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); 1291 1292 if (siglen != ED448_SIGSIZE) 1293 return 0; 1294 1295 memset(¶m, 0, sizeof(param)); 1296 memcpy(param.ed448.sig, sig, 57); 1297 s390x_flip_endian64(param.ed448.sig, param.ed448.sig); 1298 memcpy(param.ed448.sig + 64, sig + 57, 57); 1299 s390x_flip_endian64(param.ed448.sig + 64, param.ed448.sig + 64); 1300 memcpy(param.ed448.pub, edkey->pubkey, 57); 1301 s390x_flip_endian64(param.ed448.pub, param.ed448.pub); 1302 1303 return s390x_kdsa(S390X_EDDSA_VERIFY_ED448, 1304 ¶m.ed448, tbs, tbslen) == 0 ? 1 : 0; 1305 } 1306 1307 static const EVP_PKEY_METHOD ecx25519_s390x_pkey_meth = { 1308 EVP_PKEY_X25519, 1309 0, 0, 0, 0, 0, 0, 0, 1310 s390x_pkey_ecx_keygen25519, 1311 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1312 s390x_pkey_ecx_derive25519, 1313 pkey_ecx_ctrl, 1314 0 1315 }; 1316 1317 static const EVP_PKEY_METHOD ecx448_s390x_pkey_meth = { 1318 EVP_PKEY_X448, 1319 0, 0, 0, 0, 0, 0, 0, 1320 s390x_pkey_ecx_keygen448, 1321 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1322 s390x_pkey_ecx_derive448, 1323 pkey_ecx_ctrl, 1324 0 1325 }; 1326 static const EVP_PKEY_METHOD ed25519_s390x_pkey_meth = { 1327 EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM, 1328 0, 0, 0, 0, 0, 0, 1329 s390x_pkey_ecd_keygen25519, 1330 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1331 pkey_ecd_ctrl, 1332 0, 1333 s390x_pkey_ecd_digestsign25519, 1334 s390x_pkey_ecd_digestverify25519 1335 }; 1336 1337 static const EVP_PKEY_METHOD ed448_s390x_pkey_meth = { 1338 EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM, 1339 0, 0, 0, 0, 0, 0, 1340 s390x_pkey_ecd_keygen448, 1341 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1342 pkey_ecd_ctrl, 1343 0, 1344 s390x_pkey_ecd_digestsign448, 1345 s390x_pkey_ecd_digestverify448 1346 }; 1347 #endif 1348 1349 const EVP_PKEY_METHOD *ossl_ecx25519_pkey_method(void) 1350 { 1351 #ifdef S390X_EC_ASM 1352 if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519)) 1353 return &ecx25519_s390x_pkey_meth; 1354 #endif 1355 return &ecx25519_pkey_meth; 1356 } 1357 1358 const EVP_PKEY_METHOD *ossl_ecx448_pkey_method(void) 1359 { 1360 #ifdef S390X_EC_ASM 1361 if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448)) 1362 return &ecx448_s390x_pkey_meth; 1363 #endif 1364 return &ecx448_pkey_meth; 1365 } 1366 1367 const EVP_PKEY_METHOD *ossl_ed25519_pkey_method(void) 1368 { 1369 #ifdef S390X_EC_ASM 1370 if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519) 1371 && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519) 1372 && OPENSSL_s390xcap_P.kdsa[0] 1373 & S390X_CAPBIT(S390X_EDDSA_VERIFY_ED25519)) 1374 return &ed25519_s390x_pkey_meth; 1375 #endif 1376 return &ed25519_pkey_meth; 1377 } 1378 1379 const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void) 1380 { 1381 #ifdef S390X_EC_ASM 1382 if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448) 1383 && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED448) 1384 && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_VERIFY_ED448)) 1385 return &ed448_s390x_pkey_meth; 1386 #endif 1387 return &ed448_pkey_meth; 1388 }
Note:
See TracChangeset
for help on using the changeset viewer.
