diff options
| author | jsing <> | 2015-09-13 10:46:20 +0000 |
|---|---|---|
| committer | jsing <> | 2015-09-13 10:46:20 +0000 |
| commit | 4a2f3c6e5634eea769a3a879763f470b1f98a8a8 (patch) | |
| tree | 817bacc9b22fc4c0e55887238cb20046856e27ec /src/lib/libcrypto/ecdh/ech_ossl.c | |
| parent | 7a65c6ffc6590358cebf11dc50935d94aa5bca27 (diff) | |
| download | openbsd-4a2f3c6e5634eea769a3a879763f470b1f98a8a8.tar.gz openbsd-4a2f3c6e5634eea769a3a879763f470b1f98a8a8.tar.bz2 openbsd-4a2f3c6e5634eea769a3a879763f470b1f98a8a8.zip | |
Lob a style(9) grenade in here.
Diffstat (limited to 'src/lib/libcrypto/ecdh/ech_ossl.c')
| -rw-r--r-- | src/lib/libcrypto/ecdh/ech_ossl.c | 136 |
1 files changed, 65 insertions, 71 deletions
diff --git a/src/lib/libcrypto/ecdh/ech_ossl.c b/src/lib/libcrypto/ecdh/ech_ossl.c index 4fae7cacfd..f05db87f78 100644 --- a/src/lib/libcrypto/ecdh/ech_ossl.c +++ b/src/lib/libcrypto/ecdh/ech_ossl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ech_ossl.c,v 1.9 2015/02/09 15:49:22 jsing Exp $ */ | 1 | /* $OpenBSD: ech_ossl.c,v 1.10 2015/09/13 10:46:20 jsing Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | 3 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. |
| 4 | * | 4 | * |
| @@ -21,7 +21,7 @@ | |||
| 21 | * are met: | 21 | * are met: |
| 22 | * | 22 | * |
| 23 | * 1. Redistributions of source code must retain the above copyright | 23 | * 1. Redistributions of source code must retain the above copyright |
| 24 | * notice, this list of conditions and the following disclaimer. | 24 | * notice, this list of conditions and the following disclaimer. |
| 25 | * | 25 | * |
| 26 | * 2. Redistributions in binary form must reproduce the above copyright | 26 | * 2. Redistributions in binary form must reproduce the above copyright |
| 27 | * notice, this list of conditions and the following disclaimer in | 27 | * notice, this list of conditions and the following disclaimer in |
| @@ -80,18 +80,19 @@ | |||
| 80 | #include "ech_locl.h" | 80 | #include "ech_locl.h" |
| 81 | 81 | ||
| 82 | static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, | 82 | static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, |
| 83 | EC_KEY *ecdh, | 83 | EC_KEY *ecdh, |
| 84 | void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); | 84 | void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); |
| 85 | 85 | ||
| 86 | static ECDH_METHOD openssl_ecdh_meth = { | 86 | static ECDH_METHOD openssl_ecdh_meth = { |
| 87 | .name = "OpenSSL ECDH method", | 87 | .name = "OpenSSL ECDH method", |
| 88 | .compute_key = ecdh_compute_key | 88 | .compute_key = ecdh_compute_key |
| 89 | }; | 89 | }; |
| 90 | 90 | ||
| 91 | const ECDH_METHOD *ECDH_OpenSSL(void) | 91 | const ECDH_METHOD * |
| 92 | { | 92 | ECDH_OpenSSL(void) |
| 93 | { | ||
| 93 | return &openssl_ecdh_meth; | 94 | return &openssl_ecdh_meth; |
| 94 | } | 95 | } |
| 95 | 96 | ||
| 96 | 97 | ||
| 97 | /* This implementation is based on the following primitives in the IEEE 1363 standard: | 98 | /* This implementation is based on the following primitives in the IEEE 1363 standard: |
| @@ -99,114 +100,107 @@ const ECDH_METHOD *ECDH_OpenSSL(void) | |||
| 99 | * - ECSVDP-DH | 100 | * - ECSVDP-DH |
| 100 | * Finally an optional KDF is applied. | 101 | * Finally an optional KDF is applied. |
| 101 | */ | 102 | */ |
| 102 | static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, | 103 | static int |
| 103 | EC_KEY *ecdh, | 104 | ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, |
| 104 | void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) | 105 | EC_KEY *ecdh, |
| 105 | { | 106 | void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) |
| 107 | { | ||
| 106 | BN_CTX *ctx; | 108 | BN_CTX *ctx; |
| 107 | EC_POINT *tmp=NULL; | 109 | EC_POINT *tmp = NULL; |
| 108 | BIGNUM *x=NULL, *y=NULL; | 110 | BIGNUM *x = NULL, *y = NULL; |
| 109 | const BIGNUM *priv_key; | 111 | const BIGNUM *priv_key; |
| 110 | const EC_GROUP* group; | 112 | const EC_GROUP* group; |
| 111 | int ret= -1; | 113 | int ret = -1; |
| 112 | size_t buflen, len; | 114 | size_t buflen, len; |
| 113 | unsigned char *buf=NULL; | 115 | unsigned char *buf = NULL; |
| 114 | 116 | ||
| 115 | if (outlen > INT_MAX) | 117 | if (outlen > INT_MAX) { |
| 116 | { | ||
| 117 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */ | 118 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */ |
| 118 | return -1; | 119 | return -1; |
| 119 | } | 120 | } |
| 120 | 121 | ||
| 121 | if ((ctx = BN_CTX_new()) == NULL) goto err; | 122 | if ((ctx = BN_CTX_new()) == NULL) |
| 123 | goto err; | ||
| 122 | BN_CTX_start(ctx); | 124 | BN_CTX_start(ctx); |
| 123 | if ((x = BN_CTX_get(ctx)) == NULL) | 125 | if ((x = BN_CTX_get(ctx)) == NULL) |
| 124 | goto err; | 126 | goto err; |
| 125 | if ((y = BN_CTX_get(ctx)) == NULL) | 127 | if ((y = BN_CTX_get(ctx)) == NULL) |
| 126 | goto err; | 128 | goto err; |
| 127 | 129 | ||
| 128 | priv_key = EC_KEY_get0_private_key(ecdh); | 130 | priv_key = EC_KEY_get0_private_key(ecdh); |
| 129 | if (priv_key == NULL) | 131 | if (priv_key == NULL) { |
| 130 | { | 132 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE); |
| 131 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE); | ||
| 132 | goto err; | 133 | goto err; |
| 133 | } | 134 | } |
| 134 | 135 | ||
| 135 | group = EC_KEY_get0_group(ecdh); | 136 | group = EC_KEY_get0_group(ecdh); |
| 136 | if ((tmp=EC_POINT_new(group)) == NULL) | 137 | if ((tmp = EC_POINT_new(group)) == NULL) { |
| 137 | { | 138 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); |
| 138 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); | ||
| 139 | goto err; | 139 | goto err; |
| 140 | } | 140 | } |
| 141 | 141 | ||
| 142 | if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) | 142 | if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) { |
| 143 | { | 143 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, |
| 144 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); | 144 | ECDH_R_POINT_ARITHMETIC_FAILURE); |
| 145 | goto err; | 145 | goto err; |
| 146 | } | 146 | } |
| 147 | 147 | ||
| 148 | if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) | 148 | if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == |
| 149 | { | 149 | NID_X9_62_prime_field) { |
| 150 | if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) | 150 | if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, |
| 151 | { | 151 | ctx)) { |
| 152 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); | 152 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, |
| 153 | ECDH_R_POINT_ARITHMETIC_FAILURE); | ||
| 153 | goto err; | 154 | goto err; |
| 154 | } | ||
| 155 | } | 155 | } |
| 156 | } | ||
| 156 | #ifndef OPENSSL_NO_EC2M | 157 | #ifndef OPENSSL_NO_EC2M |
| 157 | else | 158 | else { |
| 158 | { | 159 | if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, |
| 159 | if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) | 160 | ctx)) { |
| 160 | { | 161 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, |
| 161 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); | 162 | ECDH_R_POINT_ARITHMETIC_FAILURE); |
| 162 | goto err; | 163 | goto err; |
| 163 | } | ||
| 164 | } | 164 | } |
| 165 | } | ||
| 165 | #endif | 166 | #endif |
| 166 | 167 | ||
| 167 | buflen = (EC_GROUP_get_degree(group) + 7)/8; | 168 | buflen = (EC_GROUP_get_degree(group) + 7)/8; |
| 168 | len = BN_num_bytes(x); | 169 | len = BN_num_bytes(x); |
| 169 | if (len > buflen) | 170 | if (len > buflen) { |
| 170 | { | 171 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); |
| 171 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR); | ||
| 172 | goto err; | 172 | goto err; |
| 173 | } | 173 | } |
| 174 | if ((buf = malloc(buflen)) == NULL) | 174 | if ((buf = malloc(buflen)) == NULL) { |
| 175 | { | 175 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); |
| 176 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); | ||
| 177 | goto err; | 176 | goto err; |
| 178 | } | 177 | } |
| 179 | 178 | ||
| 180 | memset(buf, 0, buflen - len); | 179 | memset(buf, 0, buflen - len); |
| 181 | if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) | 180 | if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) { |
| 182 | { | 181 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); |
| 183 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); | ||
| 184 | goto err; | 182 | goto err; |
| 185 | } | 183 | } |
| 186 | 184 | ||
| 187 | if (KDF != 0) | 185 | if (KDF != 0) { |
| 188 | { | 186 | if (KDF(buf, buflen, out, &outlen) == NULL) { |
| 189 | if (KDF(buf, buflen, out, &outlen) == NULL) | 187 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_KDF_FAILED); |
| 190 | { | ||
| 191 | ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED); | ||
| 192 | goto err; | 188 | goto err; |
| 193 | } | ||
| 194 | ret = outlen; | ||
| 195 | } | 189 | } |
| 196 | else | 190 | ret = outlen; |
| 197 | { | 191 | } else { |
| 198 | /* no KDF, just copy as much as we can */ | 192 | /* no KDF, just copy as much as we can */ |
| 199 | if (outlen > buflen) | 193 | if (outlen > buflen) |
| 200 | outlen = buflen; | 194 | outlen = buflen; |
| 201 | memcpy(out, buf, outlen); | 195 | memcpy(out, buf, outlen); |
| 202 | ret = outlen; | 196 | ret = outlen; |
| 203 | } | 197 | } |
| 204 | 198 | ||
| 205 | err: | 199 | err: |
| 206 | EC_POINT_free(tmp); | 200 | EC_POINT_free(tmp); |
| 207 | if (ctx) | 201 | if (ctx) |
| 208 | BN_CTX_end(ctx); | 202 | BN_CTX_end(ctx); |
| 209 | BN_CTX_free(ctx); | 203 | BN_CTX_free(ctx); |
| 210 | free(buf); | 204 | free(buf); |
| 211 | return(ret); | 205 | return (ret); |
| 212 | } | 206 | } |