aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto/ecdh
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/crypto/ecdh')
-rw-r--r--openssl/crypto/ecdh/Makefile12
-rw-r--r--openssl/crypto/ecdh/ecdh.h63
-rw-r--r--openssl/crypto/ecdh/ecdhtest.c744
-rw-r--r--openssl/crypto/ecdh/ech_err.c50
-rwxr-xr-xopenssl/crypto/ecdh/ech_kdf.c111
-rw-r--r--openssl/crypto/ecdh/ech_key.c15
-rw-r--r--openssl/crypto/ecdh/ech_lib.c268
-rw-r--r--openssl/crypto/ecdh/ech_locl.h58
-rw-r--r--openssl/crypto/ecdh/ech_ossl.c241
9 files changed, 946 insertions, 616 deletions
diff --git a/openssl/crypto/ecdh/Makefile b/openssl/crypto/ecdh/Makefile
index ba05fea05..df1b03adb 100644
--- a/openssl/crypto/ecdh/Makefile
+++ b/openssl/crypto/ecdh/Makefile
@@ -17,9 +17,9 @@ TEST=ecdhtest.c
APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC= ech_lib.c ech_ossl.c ech_key.c ech_err.c
+LIBSRC= ech_lib.c ech_ossl.c ech_key.c ech_err.c ech_kdf.c
-LIBOBJ= ech_lib.o ech_ossl.o ech_key.o ech_err.o
+LIBOBJ= ech_lib.o ech_ossl.o ech_key.o ech_err.o ech_kdf.o
SRC= $(LIBSRC)
@@ -83,6 +83,14 @@ ech_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ech_err.o: ech_err.c
+ech_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ech_kdf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ech_kdf.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h
+ech_kdf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ech_kdf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_kdf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ech_kdf.o: ../../include/openssl/symhacks.h ech_kdf.c
ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
diff --git a/openssl/crypto/ecdh/ecdh.h b/openssl/crypto/ecdh/ecdh.h
index 8887102c0..25348b30f 100644
--- a/openssl/crypto/ecdh/ecdh.h
+++ b/openssl/crypto/ecdh/ecdh.h
@@ -21,7 +21,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -67,41 +67,50 @@
*
*/
#ifndef HEADER_ECDH_H
-#define HEADER_ECDH_H
+# define HEADER_ECDH_H
-#include <openssl/opensslconf.h>
+# include <openssl/opensslconf.h>
-#ifdef OPENSSL_NO_ECDH
-#error ECDH is disabled.
-#endif
+# ifdef OPENSSL_NO_ECDH
+# error ECDH is disabled.
+# endif
-#include <openssl/ec.h>
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
+# include <openssl/ec.h>
+# include <openssl/ossl_typ.h>
+# ifndef OPENSSL_NO_DEPRECATED
+# include <openssl/bn.h>
+# endif
#ifdef __cplusplus
extern "C" {
#endif
+# define EC_FLAG_COFACTOR_ECDH 0x1000
+
const ECDH_METHOD *ECDH_OpenSSL(void);
-void ECDH_set_default_method(const ECDH_METHOD *);
+void ECDH_set_default_method(const ECDH_METHOD *);
const ECDH_METHOD *ECDH_get_default_method(void);
-int ECDH_set_method(EC_KEY *, const ECDH_METHOD *);
+int ECDH_set_method(EC_KEY *, const ECDH_METHOD *);
-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+ EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen,
+ void *out, size_t *outlen));
-int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
- *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
-void *ECDH_get_ex_data(EC_KEY *d, int idx);
+int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
+ *new_func, CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
+void *ECDH_get_ex_data(EC_KEY *d, int idx);
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ const unsigned char *sinfo, size_t sinfolen,
+ const EVP_MD *md);
/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_ECDH_strings(void);
@@ -109,15 +118,15 @@ void ERR_load_ECDH_strings(void);
/* Error codes for the ECDH functions. */
/* Function codes. */
-#define ECDH_F_ECDH_CHECK 102
-#define ECDH_F_ECDH_COMPUTE_KEY 100
-#define ECDH_F_ECDH_DATA_NEW_METHOD 101
+# define ECDH_F_ECDH_CHECK 102
+# define ECDH_F_ECDH_COMPUTE_KEY 100
+# define ECDH_F_ECDH_DATA_NEW_METHOD 101
/* Reason codes. */
-#define ECDH_R_KDF_FAILED 102
-#define ECDH_R_NON_FIPS_METHOD 103
-#define ECDH_R_NO_PRIVATE_VALUE 100
-#define ECDH_R_POINT_ARITHMETIC_FAILURE 101
+# define ECDH_R_KDF_FAILED 102
+# define ECDH_R_NON_FIPS_METHOD 103
+# define ECDH_R_NO_PRIVATE_VALUE 100
+# define ECDH_R_POINT_ARITHMETIC_FAILURE 101
#ifdef __cplusplus
}
diff --git a/openssl/crypto/ecdh/ecdhtest.c b/openssl/crypto/ecdh/ecdhtest.c
index 823d7baa6..2fe2c6644 100644
--- a/openssl/crypto/ecdh/ecdhtest.c
+++ b/openssl/crypto/ecdh/ecdhtest.c
@@ -21,7 +21,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -73,7 +73,7 @@
#include "../e_os.h"
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_ECDH */
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_ECDH */
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
@@ -86,289 +86,495 @@
int main(int argc, char *argv[])
{
printf("No ECDH support\n");
- return(0);
+ return (0);
}
#else
-#include <openssl/ec.h>
-#include <openssl/ecdh.h>
+# include <openssl/ec.h>
+# include <openssl/ecdh.h>
-#ifdef OPENSSL_SYS_WIN16
-#define MS_CALLBACK _far _loadds
-#else
-#define MS_CALLBACK
-#endif
+# ifdef OPENSSL_SYS_WIN16
+# define MS_CALLBACK _far _loadds
+# else
+# define MS_CALLBACK
+# endif
-#if 0
+# if 0
static void MS_CALLBACK cb(int p, int n, void *arg);
-#endif
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+# endif
+static const char rnd_seed[] =
+ "string to make the random number generator think it has entropy";
static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
- {
-#ifndef OPENSSL_NO_SHA
- if (*outlen < SHA_DIGEST_LENGTH)
- return NULL;
- else
- *outlen = SHA_DIGEST_LENGTH;
- return SHA1(in, inlen, out);
-#else
- return NULL;
-#endif
- }
-
+static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
+ size_t *outlen)
+{
+# ifndef OPENSSL_NO_SHA
+ if (*outlen < SHA_DIGEST_LENGTH)
+ return NULL;
+ else
+ *outlen = SHA_DIGEST_LENGTH;
+ return SHA1(in, inlen, out);
+# else
+ return NULL;
+# endif
+}
static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
- {
- EC_KEY *a=NULL;
- EC_KEY *b=NULL;
- BIGNUM *x_a=NULL, *y_a=NULL,
- *x_b=NULL, *y_b=NULL;
- char buf[12];
- unsigned char *abuf=NULL,*bbuf=NULL;
- int i,alen,blen,aout,bout,ret=0;
- const EC_GROUP *group;
-
- a = EC_KEY_new_by_curve_name(nid);
- b = EC_KEY_new_by_curve_name(nid);
- if (a == NULL || b == NULL)
- goto err;
-
- group = EC_KEY_get0_group(a);
-
- if ((x_a=BN_new()) == NULL) goto err;
- if ((y_a=BN_new()) == NULL) goto err;
- if ((x_b=BN_new()) == NULL) goto err;
- if ((y_b=BN_new()) == NULL) goto err;
-
- BIO_puts(out,"Testing key generation with ");
- BIO_puts(out,text);
-#ifdef NOISY
- BIO_puts(out,"\n");
-#else
- (void)BIO_flush(out);
-#endif
-
- if (!EC_KEY_generate_key(a)) goto err;
-
- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
- {
- if (!EC_POINT_get_affine_coordinates_GFp(group,
- EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
- }
-#ifndef OPENSSL_NO_EC2M
- else
- {
- if (!EC_POINT_get_affine_coordinates_GF2m(group,
- EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
- }
-#endif
-#ifdef NOISY
- BIO_puts(out," pri 1=");
- BN_print(out,a->priv_key);
- BIO_puts(out,"\n pub 1=");
- BN_print(out,x_a);
- BIO_puts(out,",");
- BN_print(out,y_a);
- BIO_puts(out,"\n");
-#else
- BIO_printf(out," .");
- (void)BIO_flush(out);
-#endif
-
- if (!EC_KEY_generate_key(b)) goto err;
-
- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
- {
- if (!EC_POINT_get_affine_coordinates_GFp(group,
- EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
- }
-#ifndef OPENSSL_NO_EC2M
- else
- {
- if (!EC_POINT_get_affine_coordinates_GF2m(group,
- EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
- }
-#endif
+{
+ EC_KEY *a = NULL;
+ EC_KEY *b = NULL;
+ BIGNUM *x_a = NULL, *y_a = NULL, *x_b = NULL, *y_b = NULL;
+ char buf[12];
+ unsigned char *abuf = NULL, *bbuf = NULL;
+ int i, alen, blen, aout, bout, ret = 0;
+ const EC_GROUP *group;
+
+ a = EC_KEY_new_by_curve_name(nid);
+ b = EC_KEY_new_by_curve_name(nid);
+ if (a == NULL || b == NULL)
+ goto err;
+
+ group = EC_KEY_get0_group(a);
+
+ if ((x_a = BN_new()) == NULL)
+ goto err;
+ if ((y_a = BN_new()) == NULL)
+ goto err;
+ if ((x_b = BN_new()) == NULL)
+ goto err;
+ if ((y_b = BN_new()) == NULL)
+ goto err;
+
+ BIO_puts(out, "Testing key generation with ");
+ BIO_puts(out, text);
+# ifdef NOISY
+ BIO_puts(out, "\n");
+# else
+ (void)BIO_flush(out);
+# endif
+
+ if (!EC_KEY_generate_key(a))
+ goto err;
+
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+ NID_X9_62_prime_field) {
+ if (!EC_POINT_get_affine_coordinates_GFp
+ (group, EC_KEY_get0_public_key(a), x_a, y_a, ctx))
+ goto err;
+ }
+# ifndef OPENSSL_NO_EC2M
+ else {
+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
+ EC_KEY_get0_public_key(a),
+ x_a, y_a, ctx))
+ goto err;
+ }
+# endif
+# ifdef NOISY
+ BIO_puts(out, " pri 1=");
+ BN_print(out, a->priv_key);
+ BIO_puts(out, "\n pub 1=");
+ BN_print(out, x_a);
+ BIO_puts(out, ",");
+ BN_print(out, y_a);
+ BIO_puts(out, "\n");
+# else
+ BIO_printf(out, " .");
+ (void)BIO_flush(out);
+# endif
+
+ if (!EC_KEY_generate_key(b))
+ goto err;
+
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+ NID_X9_62_prime_field) {
+ if (!EC_POINT_get_affine_coordinates_GFp
+ (group, EC_KEY_get0_public_key(b), x_b, y_b, ctx))
+ goto err;
+ }
+# ifndef OPENSSL_NO_EC2M
+ else {
+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
+ EC_KEY_get0_public_key(b),
+ x_b, y_b, ctx))
+ goto err;
+ }
+# endif
+
+# ifdef NOISY
+ BIO_puts(out, " pri 2=");
+ BN_print(out, b->priv_key);
+ BIO_puts(out, "\n pub 2=");
+ BN_print(out, x_b);
+ BIO_puts(out, ",");
+ BN_print(out, y_b);
+ BIO_puts(out, "\n");
+# else
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+# endif
+
+ alen = KDF1_SHA1_len;
+ abuf = (unsigned char *)OPENSSL_malloc(alen);
+ aout =
+ ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(b), a, KDF1_SHA1);
+
+# ifdef NOISY
+ BIO_puts(out, " key1 =");
+ for (i = 0; i < aout; i++) {
+ sprintf(buf, "%02X", abuf[i]);
+ BIO_puts(out, buf);
+ }
+ BIO_puts(out, "\n");
+# else
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+# endif
+
+ blen = KDF1_SHA1_len;
+ bbuf = (unsigned char *)OPENSSL_malloc(blen);
+ bout =
+ ECDH_compute_key(bbuf, blen, EC_KEY_get0_public_key(a), b, KDF1_SHA1);
+
+# ifdef NOISY
+ BIO_puts(out, " key2 =");
+ for (i = 0; i < bout; i++) {
+ sprintf(buf, "%02X", bbuf[i]);
+ BIO_puts(out, buf);
+ }
+ BIO_puts(out, "\n");
+# else
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+# endif
+
+ if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) {
+# ifndef NOISY
+ BIO_printf(out, " failed\n\n");
+ BIO_printf(out, "key a:\n");
+ BIO_printf(out, "private key: ");
+ BN_print(out, EC_KEY_get0_private_key(a));
+ BIO_printf(out, "\n");
+ BIO_printf(out, "public key (x,y): ");
+ BN_print(out, x_a);
+ BIO_printf(out, ",");
+ BN_print(out, y_a);
+ BIO_printf(out, "\nkey b:\n");
+ BIO_printf(out, "private key: ");
+ BN_print(out, EC_KEY_get0_private_key(b));
+ BIO_printf(out, "\n");
+ BIO_printf(out, "public key (x,y): ");
+ BN_print(out, x_b);
+ BIO_printf(out, ",");
+ BN_print(out, y_b);
+ BIO_printf(out, "\n");
+ BIO_printf(out, "generated key a: ");
+ for (i = 0; i < bout; i++) {
+ sprintf(buf, "%02X", bbuf[i]);
+ BIO_puts(out, buf);
+ }
+ BIO_printf(out, "\n");
+ BIO_printf(out, "generated key b: ");
+ for (i = 0; i < aout; i++) {
+ sprintf(buf, "%02X", abuf[i]);
+ BIO_puts(out, buf);
+ }
+ BIO_printf(out, "\n");
+# endif
+ fprintf(stderr, "Error in ECDH routines\n");
+ ret = 0;
+ } else {
+# ifndef NOISY
+ BIO_printf(out, " ok\n");
+# endif
+ ret = 1;
+ }
+ err:
+ ERR_print_errors_fp(stderr);
+
+ if (abuf != NULL)
+ OPENSSL_free(abuf);
+ if (bbuf != NULL)
+ OPENSSL_free(bbuf);
+ if (x_a)
+ BN_free(x_a);
+ if (y_a)
+ BN_free(y_a);
+ if (x_b)
+ BN_free(x_b);
+ if (y_b)
+ BN_free(y_b);
+ if (b)
+ EC_KEY_free(b);
+ if (a)
+ EC_KEY_free(a);
+ return (ret);
+}
-#ifdef NOISY
- BIO_puts(out," pri 2=");
- BN_print(out,b->priv_key);
- BIO_puts(out,"\n pub 2=");
- BN_print(out,x_b);
- BIO_puts(out,",");
- BN_print(out,y_b);
- BIO_puts(out,"\n");
-#else
- BIO_printf(out,".");
- (void)BIO_flush(out);
-#endif
+/* Keys and shared secrets from RFC 7027 */
+
+static const unsigned char bp256_da[] = {
+ 0x81, 0xDB, 0x1E, 0xE1, 0x00, 0x15, 0x0F, 0xF2, 0xEA, 0x33, 0x8D, 0x70,
+ 0x82, 0x71, 0xBE, 0x38, 0x30, 0x0C, 0xB5, 0x42, 0x41, 0xD7, 0x99, 0x50,
+ 0xF7, 0x7B, 0x06, 0x30, 0x39, 0x80, 0x4F, 0x1D
+};
+
+static const unsigned char bp256_db[] = {
+ 0x55, 0xE4, 0x0B, 0xC4, 0x1E, 0x37, 0xE3, 0xE2, 0xAD, 0x25, 0xC3, 0xC6,
+ 0x65, 0x45, 0x11, 0xFF, 0xA8, 0x47, 0x4A, 0x91, 0xA0, 0x03, 0x20, 0x87,
+ 0x59, 0x38, 0x52, 0xD3, 0xE7, 0xD7, 0x6B, 0xD3
+};
+
+static const unsigned char bp256_Z[] = {
+ 0x89, 0xAF, 0xC3, 0x9D, 0x41, 0xD3, 0xB3, 0x27, 0x81, 0x4B, 0x80, 0x94,
+ 0x0B, 0x04, 0x25, 0x90, 0xF9, 0x65, 0x56, 0xEC, 0x91, 0xE6, 0xAE, 0x79,
+ 0x39, 0xBC, 0xE3, 0x1F, 0x3A, 0x18, 0xBF, 0x2B
+};
+
+static const unsigned char bp384_da[] = {
+ 0x1E, 0x20, 0xF5, 0xE0, 0x48, 0xA5, 0x88, 0x6F, 0x1F, 0x15, 0x7C, 0x74,
+ 0xE9, 0x1B, 0xDE, 0x2B, 0x98, 0xC8, 0xB5, 0x2D, 0x58, 0xE5, 0x00, 0x3D,
+ 0x57, 0x05, 0x3F, 0xC4, 0xB0, 0xBD, 0x65, 0xD6, 0xF1, 0x5E, 0xB5, 0xD1,
+ 0xEE, 0x16, 0x10, 0xDF, 0x87, 0x07, 0x95, 0x14, 0x36, 0x27, 0xD0, 0x42
+};
+
+static const unsigned char bp384_db[] = {
+ 0x03, 0x26, 0x40, 0xBC, 0x60, 0x03, 0xC5, 0x92, 0x60, 0xF7, 0x25, 0x0C,
+ 0x3D, 0xB5, 0x8C, 0xE6, 0x47, 0xF9, 0x8E, 0x12, 0x60, 0xAC, 0xCE, 0x4A,
+ 0xCD, 0xA3, 0xDD, 0x86, 0x9F, 0x74, 0xE0, 0x1F, 0x8B, 0xA5, 0xE0, 0x32,
+ 0x43, 0x09, 0xDB, 0x6A, 0x98, 0x31, 0x49, 0x7A, 0xBA, 0xC9, 0x66, 0x70
+};
+
+static const unsigned char bp384_Z[] = {
+ 0x0B, 0xD9, 0xD3, 0xA7, 0xEA, 0x0B, 0x3D, 0x51, 0x9D, 0x09, 0xD8, 0xE4,
+ 0x8D, 0x07, 0x85, 0xFB, 0x74, 0x4A, 0x6B, 0x35, 0x5E, 0x63, 0x04, 0xBC,
+ 0x51, 0xC2, 0x29, 0xFB, 0xBC, 0xE2, 0x39, 0xBB, 0xAD, 0xF6, 0x40, 0x37,
+ 0x15, 0xC3, 0x5D, 0x4F, 0xB2, 0xA5, 0x44, 0x4F, 0x57, 0x5D, 0x4F, 0x42
+};
+
+static const unsigned char bp512_da[] = {
+ 0x16, 0x30, 0x2F, 0xF0, 0xDB, 0xBB, 0x5A, 0x8D, 0x73, 0x3D, 0xAB, 0x71,
+ 0x41, 0xC1, 0xB4, 0x5A, 0xCB, 0xC8, 0x71, 0x59, 0x39, 0x67, 0x7F, 0x6A,
+ 0x56, 0x85, 0x0A, 0x38, 0xBD, 0x87, 0xBD, 0x59, 0xB0, 0x9E, 0x80, 0x27,
+ 0x96, 0x09, 0xFF, 0x33, 0x3E, 0xB9, 0xD4, 0xC0, 0x61, 0x23, 0x1F, 0xB2,
+ 0x6F, 0x92, 0xEE, 0xB0, 0x49, 0x82, 0xA5, 0xF1, 0xD1, 0x76, 0x4C, 0xAD,
+ 0x57, 0x66, 0x54, 0x22
+};
+
+static const unsigned char bp512_db[] = {
+ 0x23, 0x0E, 0x18, 0xE1, 0xBC, 0xC8, 0x8A, 0x36, 0x2F, 0xA5, 0x4E, 0x4E,
+ 0xA3, 0x90, 0x20, 0x09, 0x29, 0x2F, 0x7F, 0x80, 0x33, 0x62, 0x4F, 0xD4,
+ 0x71, 0xB5, 0xD8, 0xAC, 0xE4, 0x9D, 0x12, 0xCF, 0xAB, 0xBC, 0x19, 0x96,
+ 0x3D, 0xAB, 0x8E, 0x2F, 0x1E, 0xBA, 0x00, 0xBF, 0xFB, 0x29, 0xE4, 0xD7,
+ 0x2D, 0x13, 0xF2, 0x22, 0x45, 0x62, 0xF4, 0x05, 0xCB, 0x80, 0x50, 0x36,
+ 0x66, 0xB2, 0x54, 0x29
+};
+
+static const unsigned char bp512_Z[] = {
+ 0xA7, 0x92, 0x70, 0x98, 0x65, 0x5F, 0x1F, 0x99, 0x76, 0xFA, 0x50, 0xA9,
+ 0xD5, 0x66, 0x86, 0x5D, 0xC5, 0x30, 0x33, 0x18, 0x46, 0x38, 0x1C, 0x87,
+ 0x25, 0x6B, 0xAF, 0x32, 0x26, 0x24, 0x4B, 0x76, 0xD3, 0x64, 0x03, 0xC0,
+ 0x24, 0xD7, 0xBB, 0xF0, 0xAA, 0x08, 0x03, 0xEA, 0xFF, 0x40, 0x5D, 0x3D,
+ 0x24, 0xF1, 0x1A, 0x9B, 0x5C, 0x0B, 0xEF, 0x67, 0x9F, 0xE1, 0x45, 0x4B,
+ 0x21, 0xC4, 0xCD, 0x1F
+};
+
+/* Given private value and NID, create EC_KEY structure */
+
+static EC_KEY *mk_eckey(int nid, const unsigned char *p, size_t plen)
+{
+ int ok = 0;
+ EC_KEY *k = NULL;
+ BIGNUM *priv = NULL;
+ EC_POINT *pub = NULL;
+ const EC_GROUP *grp;
+ k = EC_KEY_new_by_curve_name(nid);
+ if (!k)
+ goto err;
+ priv = BN_bin2bn(p, plen, NULL);
+ if (!priv)
+ goto err;
+ if (!EC_KEY_set_private_key(k, priv))
+ goto err;
+ grp = EC_KEY_get0_group(k);
+ pub = EC_POINT_new(grp);
+ if (!pub)
+ goto err;
+ if (!EC_POINT_mul(grp, pub, priv, NULL, NULL, NULL))
+ goto err;
+ if (!EC_KEY_set_public_key(k, pub))
+ goto err;
+ ok = 1;
+ err:
+ if (priv)
+ BN_clear_free(priv);
+ if (pub)
+ EC_POINT_free(pub);
+ if (ok)
+ return k;
+ else if (k)
+ EC_KEY_free(k);
+ return NULL;
+}
- alen=KDF1_SHA1_len;
- abuf=(unsigned char *)OPENSSL_malloc(alen);
- aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1);
-
-#ifdef NOISY
- BIO_puts(out," key1 =");
- for (i=0; i<aout; i++)
- {
- sprintf(buf,"%02X",abuf[i]);
- BIO_puts(out,buf);
- }
- BIO_puts(out,"\n");
-#else
- BIO_printf(out,".");
- (void)BIO_flush(out);
-#endif
+/*
+ * Known answer test: compute shared secret and check it matches expected
+ * value.
+ */
- blen=KDF1_SHA1_len;
- bbuf=(unsigned char *)OPENSSL_malloc(blen);
- bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1);
-
-#ifdef NOISY
- BIO_puts(out," key2 =");
- for (i=0; i<bout; i++)
- {
- sprintf(buf,"%02X",bbuf[i]);
- BIO_puts(out,buf);
- }
- BIO_puts(out,"\n");
-#else
- BIO_printf(out,".");
- (void)BIO_flush(out);
-#endif
+static int ecdh_kat(BIO *out, const char *cname, int nid,
+ const unsigned char *k1, size_t k1_len,
+ const unsigned char *k2, size_t k2_len,
+ const unsigned char *Z, size_t Zlen)
+{
+ int rv = 0;
+ EC_KEY *key1 = NULL, *key2 = NULL;
+ unsigned char *Ztmp = NULL;
+ size_t Ztmplen;
+ BIO_puts(out, "Testing ECDH shared secret with ");
+ BIO_puts(out, cname);
+ key1 = mk_eckey(nid, k1, k1_len);
+ key2 = mk_eckey(nid, k2, k2_len);
+ if (!key1 || !key2)
+ goto err;
+ Ztmplen = (EC_GROUP_get_degree(EC_KEY_get0_group(key1)) + 7) / 8;
+ if (Ztmplen != Zlen)
+ goto err;
+ Ztmp = OPENSSL_malloc(Ztmplen);
+ if (!ECDH_compute_key(Ztmp, Ztmplen,
+ EC_KEY_get0_public_key(key2), key1, 0))
+ goto err;
+ if (memcmp(Ztmp, Z, Zlen))
+ goto err;
+ memset(Ztmp, 0, Zlen);
+ if (!ECDH_compute_key(Ztmp, Ztmplen,
+ EC_KEY_get0_public_key(key1), key2, 0))
+ goto err;
+ if (memcmp(Ztmp, Z, Zlen))
+ goto err;
+ rv = 1;
+ err:
+ if (key1)
+ EC_KEY_free(key1);
+ if (key2)
+ EC_KEY_free(key2);
+ if (Ztmp)
+ OPENSSL_free(Ztmp);
+ if (rv)
+ BIO_puts(out, " ok\n");
+ else {
+ fprintf(stderr, "Error in ECDH routines\n");
+ ERR_print_errors_fp(stderr);
+ }
+ return rv;
+}
- if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
- {
-#ifndef NOISY
- BIO_printf(out, " failed\n\n");
- BIO_printf(out, "key a:\n");
- BIO_printf(out, "private key: ");
- BN_print(out, EC_KEY_get0_private_key(a));
- BIO_printf(out, "\n");
- BIO_printf(out, "public key (x,y): ");
- BN_print(out, x_a);
- BIO_printf(out, ",");
- BN_print(out, y_a);
- BIO_printf(out, "\nkey b:\n");
- BIO_printf(out, "private key: ");
- BN_print(out, EC_KEY_get0_private_key(b));
- BIO_printf(out, "\n");
- BIO_printf(out, "public key (x,y): ");
- BN_print(out, x_b);
- BIO_printf(out, ",");
- BN_print(out, y_b);
- BIO_printf(out, "\n");
- BIO_printf(out, "generated key a: ");
- for (i=0; i<bout; i++)
- {
- sprintf(buf, "%02X", bbuf[i]);
- BIO_puts(out, buf);
- }
- BIO_printf(out, "\n");
- BIO_printf(out, "generated key b: ");
- for (i=0; i<aout; i++)
- {
- sprintf(buf, "%02X", abuf[i]);
- BIO_puts(out,buf);
- }
- BIO_printf(out, "\n");
-#endif
- fprintf(stderr,"Error in ECDH routines\n");
- ret=0;
- }
- else
- {
-#ifndef NOISY
- BIO_printf(out, " ok\n");
-#endif
- ret=1;
- }
-err:
- ERR_print_errors_fp(stderr);
-
- if (abuf != NULL) OPENSSL_free(abuf);
- if (bbuf != NULL) OPENSSL_free(bbuf);
- if (x_a) BN_free(x_a);
- if (y_a) BN_free(y_a);
- if (x_b) BN_free(x_b);
- if (y_b) BN_free(y_b);
- if (b) EC_KEY_free(b);
- if (a) EC_KEY_free(a);
- return(ret);
- }
+# define test_ecdh_kat(bio, curve, bits) \
+ ecdh_kat(bio, curve, NID_brainpoolP##bits##r1, \
+ bp##bits##_da, sizeof(bp##bits##_da), \
+ bp##bits##_db, sizeof(bp##bits##_db), \
+ bp##bits##_Z, sizeof(bp##bits##_Z))
int main(int argc, char *argv[])
- {
- BN_CTX *ctx=NULL;
- int ret=1;
- BIO *out;
-
- CRYPTO_malloc_debug_init();
- CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-#ifdef OPENSSL_SYS_WIN32
- CRYPTO_malloc_init();
-#endif
-
- RAND_seed(rnd_seed, sizeof rnd_seed);
-
- out=BIO_new(BIO_s_file());
- if (out == NULL) EXIT(1);
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-
- if ((ctx=BN_CTX_new()) == NULL) goto err;
-
- /* NIST PRIME CURVES TESTS */
- if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
-#ifndef OPENSSL_NO_EC2M
- /* NIST BINARY CURVES TESTS */
- if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;
-#endif
-
- ret = 0;
-
-err:
- ERR_print_errors_fp(stderr);
- if (ctx) BN_CTX_free(ctx);
- BIO_free(out);
- CRYPTO_cleanup_all_ex_data();
- ERR_remove_thread_state(NULL);
- CRYPTO_mem_leaks_fp(stderr);
- EXIT(ret);
- return(ret);
- }
+{
+ BN_CTX *ctx = NULL;
+ int ret = 1;
+ BIO *out;
+
+ CRYPTO_malloc_debug_init();
+ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+# ifdef OPENSSL_SYS_WIN32
+ CRYPTO_malloc_init();
+# endif
+
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+
+ out = BIO_new(BIO_s_file());
+ if (out == NULL)
+ EXIT(1);
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+
+ /* NIST PRIME CURVES TESTS */
+ if (!test_ecdh_curve
+ (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out))
+ goto err;
+ if (!test_ecdh_curve
+ (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out))
+ goto err;
+# ifndef OPENSSL_NO_EC2M
+ /* NIST BINARY CURVES TESTS */
+ if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out))
+ goto err;
+# endif
+ if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
+ goto err;
+ if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
+ goto err;
+ if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
+ goto err;
+
+ ret = 0;
+
+ err:
+ ERR_print_errors_fp(stderr);
+ if (ctx)
+ BN_CTX_free(ctx);
+ BIO_free(out);
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_thread_state(NULL);
+ CRYPTO_mem_leaks_fp(stderr);
+ EXIT(ret);
+ return (ret);
+}
-#if 0
+# if 0
static void MS_CALLBACK cb(int p, int n, void *arg)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- BIO_write((BIO *)arg,&c,1);
- (void)BIO_flush((BIO *)arg);
-#ifdef LINT
- p=n;
-#endif
- }
-#endif
+{
+ char c = '*';
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ BIO_write((BIO *)arg, &c, 1);
+ (void)BIO_flush((BIO *)arg);
+# ifdef LINT
+ p = n;
+# endif
+}
+# endif
#endif
diff --git a/openssl/crypto/ecdh/ech_err.c b/openssl/crypto/ecdh/ech_err.c
index 3bd247398..af9f625b4 100644
--- a/openssl/crypto/ecdh/ech_err.c
+++ b/openssl/crypto/ecdh/ech_err.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -65,36 +66,33 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason)
-static ERR_STRING_DATA ECDH_str_functs[]=
- {
-{ERR_FUNC(ECDH_F_ECDH_CHECK), "ECDH_CHECK"},
-{ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"},
-{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_new_method"},
-{0,NULL}
- };
+static ERR_STRING_DATA ECDH_str_functs[] = {
+ {ERR_FUNC(ECDH_F_ECDH_CHECK), "ECDH_CHECK"},
+ {ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"},
+ {ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_new_method"},
+ {0, NULL}
+};
-static ERR_STRING_DATA ECDH_str_reasons[]=
- {
-{ERR_REASON(ECDH_R_KDF_FAILED) ,"KDF failed"},
-{ERR_REASON(ECDH_R_NON_FIPS_METHOD) ,"non fips method"},
-{ERR_REASON(ECDH_R_NO_PRIVATE_VALUE) ,"no private value"},
-{ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE),"point arithmetic failure"},
-{0,NULL}
- };
+static ERR_STRING_DATA ECDH_str_reasons[] = {
+ {ERR_REASON(ECDH_R_KDF_FAILED), "KDF failed"},
+ {ERR_REASON(ECDH_R_NON_FIPS_METHOD), "non fips method"},
+ {ERR_REASON(ECDH_R_NO_PRIVATE_VALUE), "no private value"},
+ {ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"},
+ {0, NULL}
+};
#endif
void ERR_load_ECDH_strings(void)
- {
+{
#ifndef OPENSSL_NO_ERR
- if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,ECDH_str_functs);
- ERR_load_strings(0,ECDH_str_reasons);
- }
+ if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, ECDH_str_functs);
+ ERR_load_strings(0, ECDH_str_reasons);
+ }
#endif
- }
+}
diff --git a/openssl/crypto/ecdh/ech_kdf.c b/openssl/crypto/ecdh/ech_kdf.c
new file mode 100755
index 000000000..ac722ac9e
--- /dev/null
+++ b/openssl/crypto/ecdh/ech_kdf.c
@@ -0,0 +1,111 @@
+/* crypto/ecdh/ec_kdf.c */
+/*
+ * Written by Stephen Henson for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 2013 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <string.h>
+#include <openssl/ecdh.h>
+#include <openssl/evp.h>
+
+/* Key derivation function from X9.62/SECG */
+/* Way more than we will ever need */
+#define ECDH_KDF_MAX (1 << 30)
+
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ const unsigned char *sinfo, size_t sinfolen,
+ const EVP_MD *md)
+{
+ EVP_MD_CTX mctx;
+ int rv = 0;
+ unsigned int i;
+ size_t mdlen;
+ unsigned char ctr[4];
+ if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX
+ || Zlen > ECDH_KDF_MAX)
+ return 0;
+ mdlen = EVP_MD_size(md);
+ EVP_MD_CTX_init(&mctx);
+ for (i = 1;; i++) {
+ unsigned char mtmp[EVP_MAX_MD_SIZE];
+ EVP_DigestInit_ex(&mctx, md, NULL);
+ ctr[3] = i & 0xFF;
+ ctr[2] = (i >> 8) & 0xFF;
+ ctr[1] = (i >> 16) & 0xFF;
+ ctr[0] = (i >> 24) & 0xFF;
+ if (!EVP_DigestUpdate(&mctx, Z, Zlen))
+ goto err;
+ if (!EVP_DigestUpdate(&mctx, ctr, sizeof(ctr)))
+ goto err;
+ if (!EVP_DigestUpdate(&mctx, sinfo, sinfolen))
+ goto err;
+ if (outlen >= mdlen) {
+ if (!EVP_DigestFinal(&mctx, out, NULL))
+ goto err;
+ outlen -= mdlen;
+ if (outlen == 0)
+ break;
+ out += mdlen;
+ } else {
+ if (!EVP_DigestFinal(&mctx, mtmp, NULL))
+ goto err;
+ memcpy(out, mtmp, outlen);
+ OPENSSL_cleanse(mtmp, mdlen);
+ break;
+ }
+ }
+ rv = 1;
+ err:
+ EVP_MD_CTX_cleanup(&mctx);
+ return rv;
+}
diff --git a/openssl/crypto/ecdh/ech_key.c b/openssl/crypto/ecdh/ech_key.c
index 2988899ea..4f1449896 100644
--- a/openssl/crypto/ecdh/ech_key.c
+++ b/openssl/crypto/ecdh/ech_key.c
@@ -21,7 +21,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -70,11 +70,12 @@
#include "ech_locl.h"
int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
- EC_KEY *eckey,
- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
+ EC_KEY *eckey,
+ void *(*KDF) (const void *in, size_t inlen, void *out,
+ size_t *outlen))
{
- ECDH_DATA *ecdh = ecdh_check(eckey);
- if (ecdh == NULL)
- return 0;
- return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF);
+ ECDH_DATA *ecdh = ecdh_check(eckey);
+ if (ecdh == NULL)
+ return 0;
+ return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF);
}
diff --git a/openssl/crypto/ecdh/ech_lib.c b/openssl/crypto/ecdh/ech_lib.c
index 0644431b7..cbc21d1a2 100644
--- a/openssl/crypto/ecdh/ech_lib.c
+++ b/openssl/crypto/ecdh/ech_lib.c
@@ -21,7 +21,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -70,204 +70,196 @@
#include "ech_locl.h"
#include <string.h>
#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
#endif
#include <openssl/err.h>
#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
#endif
-const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
+const char ECDH_version[] = "ECDH" OPENSSL_VERSION_PTEXT;
static const ECDH_METHOD *default_ECDH_method = NULL;
static void *ecdh_data_new(void);
static void *ecdh_data_dup(void *);
-static void ecdh_data_free(void *);
+static void ecdh_data_free(void *);
void ECDH_set_default_method(const ECDH_METHOD *meth)
- {
- default_ECDH_method = meth;
- }
+{
+ default_ECDH_method = meth;
+}
const ECDH_METHOD *ECDH_get_default_method(void)
- {
- if(!default_ECDH_method)
- {
+{
+ if (!default_ECDH_method) {
#ifdef OPENSSL_FIPS
- if (FIPS_mode())
- return FIPS_ecdh_openssl();
- else
- return ECDH_OpenSSL();
+ if (FIPS_mode())
+ return FIPS_ecdh_openssl();
+ else
+ return ECDH_OpenSSL();
#else
- default_ECDH_method = ECDH_OpenSSL();
+ default_ECDH_method = ECDH_OpenSSL();
#endif
- }
- return default_ECDH_method;
- }
+ }
+ return default_ECDH_method;
+}
int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
- {
- ECDH_DATA *ecdh;
+{
+ ECDH_DATA *ecdh;
- ecdh = ecdh_check(eckey);
+ ecdh = ecdh_check(eckey);
- if (ecdh == NULL)
- return 0;
+ if (ecdh == NULL)
+ return 0;
#if 0
- mtmp = ecdh->meth;
- if (mtmp->finish)
- mtmp->finish(eckey);
+ mtmp = ecdh->meth;
+ if (mtmp->finish)
+ mtmp->finish(eckey);
#endif
#ifndef OPENSSL_NO_ENGINE
- if (ecdh->engine)
- {
- ENGINE_finish(ecdh->engine);
- ecdh->engine = NULL;
- }
+ if (ecdh->engine) {
+ ENGINE_finish(ecdh->engine);
+ ecdh->engine = NULL;
+ }
#endif
- ecdh->meth = meth;
+ ecdh->meth = meth;
#if 0
- if (meth->init)
- meth->init(eckey);
+ if (meth->init)
+ meth->init(eckey);
#endif
- return 1;
- }
+ return 1;
+}
static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)
- {
- ECDH_DATA *ret;
+{
+ ECDH_DATA *ret;
- ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA));
- if (ret == NULL)
- {
- ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
+ ret = (ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA));
+ if (ret == NULL) {
+ ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
- ret->init = NULL;
+ ret->init = NULL;
- ret->meth = ECDH_get_default_method();
- ret->engine = engine;
+ ret->meth = ECDH_get_default_method();
+ ret->engine = engine;
#ifndef OPENSSL_NO_ENGINE
- if (!ret->engine)
- ret->engine = ENGINE_get_default_ECDH();
- if (ret->engine)
- {
- ret->meth = ENGINE_get_ECDH(ret->engine);
- if (!ret->meth)
- {
- ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
- ENGINE_finish(ret->engine);
- OPENSSL_free(ret);
- return NULL;
- }
- }
+ if (!ret->engine)
+ ret->engine = ENGINE_get_default_ECDH();
+ if (ret->engine) {
+ ret->meth = ENGINE_get_ECDH(ret->engine);
+ if (!ret->meth) {
+ ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
+ ENGINE_finish(ret->engine);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ }
#endif
- ret->flags = ret->meth->flags;
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
+ ret->flags = ret->meth->flags;
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
#if 0
- if ((ret->meth->init != NULL) && !ret->meth->init(ret))
- {
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
- OPENSSL_free(ret);
- ret=NULL;
- }
-#endif
- return(ret);
- }
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
+ OPENSSL_free(ret);
+ ret = NULL;
+ }
+#endif
+ return (ret);
+}
static void *ecdh_data_new(void)
- {
- return (void *)ECDH_DATA_new_method(NULL);
- }
+{
+ return (void *)ECDH_DATA_new_method(NULL);
+}
static void *ecdh_data_dup(void *data)
{
- ECDH_DATA *r = (ECDH_DATA *)data;
+ ECDH_DATA *r = (ECDH_DATA *)data;
- /* XXX: dummy operation */
- if (r == NULL)
- return NULL;
+ /* XXX: dummy operation */
+ if (r == NULL)
+ return NULL;
- return (void *)ecdh_data_new();
+ return (void *)ecdh_data_new();
}
void ecdh_data_free(void *data)
- {
- ECDH_DATA *r = (ECDH_DATA *)data;
+{
+ ECDH_DATA *r = (ECDH_DATA *)data;
#ifndef OPENSSL_NO_ENGINE
- if (r->engine)
- ENGINE_finish(r->engine);
+ if (r->engine)
+ ENGINE_finish(r->engine);
#endif
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
- OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA));
+ OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA));
- OPENSSL_free(r);
- }
+ OPENSSL_free(r);
+}
ECDH_DATA *ecdh_check(EC_KEY *key)
- {
- ECDH_DATA *ecdh_data;
-
- void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup,
- ecdh_data_free, ecdh_data_free);
- if (data == NULL)
- {
- ecdh_data = (ECDH_DATA *)ecdh_data_new();
- if (ecdh_data == NULL)
- return NULL;
- data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
- ecdh_data_dup, ecdh_data_free, ecdh_data_free);
- if (data != NULL)
- {
- /* Another thread raced us to install the key_method
- * data and won. */
- ecdh_data_free(ecdh_data);
- ecdh_data = (ECDH_DATA *)data;
- }
- }
- else
- ecdh_data = (ECDH_DATA *)data;
+{
+ ECDH_DATA *ecdh_data;
+
+ void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup,
+ ecdh_data_free, ecdh_data_free);
+ if (data == NULL) {
+ ecdh_data = (ECDH_DATA *)ecdh_data_new();
+ if (ecdh_data == NULL)
+ return NULL;
+ data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
+ ecdh_data_dup, ecdh_data_free,
+ ecdh_data_free);
+ if (data != NULL) {
+ /*
+ * Another thread raced us to install the key_method data and
+ * won.
+ */
+ ecdh_data_free(ecdh_data);
+ ecdh_data = (ECDH_DATA *)data;
+ }
+ } else
+ ecdh_data = (ECDH_DATA *)data;
#ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
- && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
- {
- ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD);
- return NULL;
- }
+ if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
+ && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) {
+ ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD);
+ return NULL;
+ }
#endif
-
- return ecdh_data;
- }
+ return ecdh_data;
+}
int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp,
- new_func, dup_func, free_func);
- }
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp,
+ new_func, dup_func, free_func);
+}
int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg)
- {
- ECDH_DATA *ecdh;
- ecdh = ecdh_check(d);
- if (ecdh == NULL)
- return 0;
- return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg));
- }
+{
+ ECDH_DATA *ecdh;
+ ecdh = ecdh_check(d);
+ if (ecdh == NULL)
+ return 0;
+ return (CRYPTO_set_ex_data(&ecdh->ex_data, idx, arg));
+}
void *ECDH_get_ex_data(EC_KEY *d, int idx)
- {
- ECDH_DATA *ecdh;
- ecdh = ecdh_check(d);
- if (ecdh == NULL)
- return NULL;
- return(CRYPTO_get_ex_data(&ecdh->ex_data,idx));
- }
+{
+ ECDH_DATA *ecdh;
+ ecdh = ecdh_check(d);
+ if (ecdh == NULL)
+ return NULL;
+ return (CRYPTO_get_ex_data(&ecdh->ex_data, idx));
+}
diff --git a/openssl/crypto/ecdh/ech_locl.h b/openssl/crypto/ecdh/ech_locl.h
index f6cad6a89..4e66024c7 100644
--- a/openssl/crypto/ecdh/ech_locl.h
+++ b/openssl/crypto/ecdh/ech_locl.h
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -54,43 +54,45 @@
*/
#ifndef HEADER_ECH_LOCL_H
-#define HEADER_ECH_LOCL_H
+# define HEADER_ECH_LOCL_H
-#include <openssl/ecdh.h>
+# include <openssl/ecdh.h>
#ifdef __cplusplus
extern "C" {
#endif
-struct ecdh_method
- {
- const char *name;
- int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
-#if 0
- int (*init)(EC_KEY *eckey);
- int (*finish)(EC_KEY *eckey);
-#endif
- int flags;
- char *app_data;
- };
+struct ecdh_method {
+ const char *name;
+ int (*compute_key) (void *key, size_t outlen, const EC_POINT *pub_key,
+ EC_KEY *ecdh, void *(*KDF) (const void *in,
+ size_t inlen, void *out,
+ size_t *outlen));
+# if 0
+ int (*init) (EC_KEY *eckey);
+ int (*finish) (EC_KEY *eckey);
+# endif
+ int flags;
+ char *app_data;
+};
-/* If this flag is set the ECDH method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its responsibility
- * to ensure the result is compliant.
+/*
+ * If this flag is set the ECDH method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its responsibility to ensure the
+ * result is compliant.
*/
-#define ECDH_FLAG_FIPS_METHOD 0x1
+# define ECDH_FLAG_FIPS_METHOD 0x1
typedef struct ecdh_data_st {
- /* EC_KEY_METH_DATA part */
- int (*init)(EC_KEY *);
- /* method specific part */
- ENGINE *engine;
- int flags;
- const ECDH_METHOD *meth;
- CRYPTO_EX_DATA ex_data;
+ /* EC_KEY_METH_DATA part */
+ int (*init) (EC_KEY *);
+ /* method specific part */
+ ENGINE *engine;
+ int flags;
+ const ECDH_METHOD *meth;
+ CRYPTO_EX_DATA ex_data;
} ECDH_DATA;
ECDH_DATA *ecdh_check(EC_KEY *);
@@ -99,4 +101,4 @@ ECDH_DATA *ecdh_check(EC_KEY *);
}
#endif
-#endif /* HEADER_ECH_LOCL_H */
+#endif /* HEADER_ECH_LOCL_H */
diff --git a/openssl/crypto/ecdh/ech_ossl.c b/openssl/crypto/ecdh/ech_ossl.c
index 4a30628fb..df115cc26 100644
--- a/openssl/crypto/ecdh/ech_ossl.c
+++ b/openssl/crypto/ecdh/ech_ossl.c
@@ -21,7 +21,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -67,7 +67,6 @@
*
*/
-
#include <string.h>
#include <limits.h>
@@ -80,136 +79,140 @@
#include <openssl/bn.h>
static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
- EC_KEY *ecdh,
- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
+ EC_KEY *ecdh,
+ void *(*KDF) (const void *in, size_t inlen,
+ void *out, size_t *outlen));
static ECDH_METHOD openssl_ecdh_meth = {
- "OpenSSL ECDH method",
- ecdh_compute_key,
+ "OpenSSL ECDH method",
+ ecdh_compute_key,
#if 0
- NULL, /* init */
- NULL, /* finish */
+ NULL, /* init */
+ NULL, /* finish */
#endif
- 0, /* flags */
- NULL /* app_data */
+ 0, /* flags */
+ NULL /* app_data */
};
const ECDH_METHOD *ECDH_OpenSSL(void)
- {
- return &openssl_ecdh_meth;
- }
-
+{
+ return &openssl_ecdh_meth;
+}
-/* This implementation is based on the following primitives in the IEEE 1363 standard:
+/*-
+ * This implementation is based on the following primitives in the IEEE 1363 standard:
* - ECKAS-DH1
* - ECSVDP-DH
* Finally an optional KDF is applied.
*/
static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
- EC_KEY *ecdh,
- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
- {
- BN_CTX *ctx;
- EC_POINT *tmp=NULL;
- BIGNUM *x=NULL, *y=NULL;
- const BIGNUM *priv_key;
- const EC_GROUP* group;
- int ret= -1;
- size_t buflen, len;
- unsigned char *buf=NULL;
-
- if (outlen > INT_MAX)
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */
- return -1;
- }
-
- if ((ctx = BN_CTX_new()) == NULL) goto err;
- BN_CTX_start(ctx);
- x = BN_CTX_get(ctx);
- y = BN_CTX_get(ctx);
-
- priv_key = EC_KEY_get0_private_key(ecdh);
- if (priv_key == NULL)
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
- goto err;
- }
-
- group = EC_KEY_get0_group(ecdh);
- if ((tmp=EC_POINT_new(group)) == NULL)
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx))
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
- goto err;
- }
-
- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
- {
- if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx))
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
- goto err;
- }
- }
+ EC_KEY *ecdh,
+ void *(*KDF) (const void *in, size_t inlen,
+ void *out, size_t *outlen))
+{
+ BN_CTX *ctx;
+ EC_POINT *tmp = NULL;
+ BIGNUM *x = NULL, *y = NULL;
+ const BIGNUM *priv_key;
+ const EC_GROUP *group;
+ int ret = -1;
+ size_t buflen, len;
+ unsigned char *buf = NULL;
+
+ if (outlen > INT_MAX) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); /* sort of,
+ * anyway */
+ return -1;
+ }
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ x = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+
+ priv_key = EC_KEY_get0_private_key(ecdh);
+ if (priv_key == NULL) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
+ goto err;
+ }
+
+ group = EC_KEY_get0_group(ecdh);
+
+ if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) {
+ if (!EC_GROUP_get_cofactor(group, x, ctx) ||
+ !BN_mul(x, x, priv_key, ctx)) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ priv_key = x;
+ }
+
+ if ((tmp = EC_POINT_new(group)) == NULL) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
+ goto err;
+ }
+
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+ NID_X9_62_prime_field) {
+ if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
+ goto err;
+ }
+ }
#ifndef OPENSSL_NO_EC2M
- else
- {
- if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx))
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
- goto err;
- }
- }
+ else {
+ if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
+ goto err;
+ }
+ }
#endif
- buflen = (EC_GROUP_get_degree(group) + 7)/8;
- len = BN_num_bytes(x);
- if (len > buflen)
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR);
- goto err;
- }
- if ((buf = OPENSSL_malloc(buflen)) == NULL)
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- memset(buf, 0, buflen - len);
- if (len != (size_t)BN_bn2bin(x, buf + buflen - len))
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
- goto err;
- }
-
- if (KDF != 0)
- {
- if (KDF(buf, buflen, out, &outlen) == NULL)
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED);
- goto err;
- }
- ret = outlen;
- }
- else
- {
- /* no KDF, just copy as much as we can */
- if (outlen > buflen)
- outlen = buflen;
- memcpy(out, buf, outlen);
- ret = outlen;
- }
-
-err:
- if (tmp) EC_POINT_free(tmp);
- if (ctx) BN_CTX_end(ctx);
- if (ctx) BN_CTX_free(ctx);
- if (buf) OPENSSL_free(buf);
- return(ret);
- }
+ buflen = (EC_GROUP_get_degree(group) + 7) / 8;
+ len = BN_num_bytes(x);
+ if (len > buflen) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ if ((buf = OPENSSL_malloc(buflen)) == NULL) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ memset(buf, 0, buflen - len);
+ if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
+ goto err;
+ }
+
+ if (KDF != 0) {
+ if (KDF(buf, buflen, out, &outlen) == NULL) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_KDF_FAILED);
+ goto err;
+ }
+ ret = outlen;
+ } else {
+ /* no KDF, just copy as much as we can */
+ if (outlen > buflen)
+ outlen = buflen;
+ memcpy(out, buf, outlen);
+ ret = outlen;
+ }
+
+ err:
+ if (tmp)
+ EC_POINT_free(tmp);
+ if (ctx)
+ BN_CTX_end(ctx);
+ if (ctx)
+ BN_CTX_free(ctx);
+ if (buf)
+ OPENSSL_free(buf);
+ return (ret);
+}