summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ecdh
diff options
context:
space:
mode:
authordjm <>2012-10-13 21:23:50 +0000
committerdjm <>2012-10-13 21:23:50 +0000
commit228cae30b117c2493f69ad3c195341cd6ec8d430 (patch)
tree29ff00b10d52c0978077c4fd83c33b065bade73e /src/lib/libcrypto/ecdh
parent731838c66b52c0ae5888333005b74115a620aa96 (diff)
downloadopenbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.tar.gz
openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.tar.bz2
openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.zip
import OpenSSL-1.0.1c
Diffstat (limited to 'src/lib/libcrypto/ecdh')
-rw-r--r--src/lib/libcrypto/ecdh/ecdh.h2
-rw-r--r--src/lib/libcrypto/ecdh/ech_err.c4
-rw-r--r--src/lib/libcrypto/ecdh/ech_lib.c20
-rw-r--r--src/lib/libcrypto/ecdh/ech_locl.h8
4 files changed, 33 insertions, 1 deletions
diff --git a/src/lib/libcrypto/ecdh/ecdh.h b/src/lib/libcrypto/ecdh/ecdh.h
index b4b58ee65b..8887102c0b 100644
--- a/src/lib/libcrypto/ecdh/ecdh.h
+++ b/src/lib/libcrypto/ecdh/ecdh.h
@@ -109,11 +109,13 @@ void ERR_load_ECDH_strings(void);
109/* Error codes for the ECDH functions. */ 109/* Error codes for the ECDH functions. */
110 110
111/* Function codes. */ 111/* Function codes. */
112#define ECDH_F_ECDH_CHECK 102
112#define ECDH_F_ECDH_COMPUTE_KEY 100 113#define ECDH_F_ECDH_COMPUTE_KEY 100
113#define ECDH_F_ECDH_DATA_NEW_METHOD 101 114#define ECDH_F_ECDH_DATA_NEW_METHOD 101
114 115
115/* Reason codes. */ 116/* Reason codes. */
116#define ECDH_R_KDF_FAILED 102 117#define ECDH_R_KDF_FAILED 102
118#define ECDH_R_NON_FIPS_METHOD 103
117#define ECDH_R_NO_PRIVATE_VALUE 100 119#define ECDH_R_NO_PRIVATE_VALUE 100
118#define ECDH_R_POINT_ARITHMETIC_FAILURE 101 120#define ECDH_R_POINT_ARITHMETIC_FAILURE 101
119 121
diff --git a/src/lib/libcrypto/ecdh/ech_err.c b/src/lib/libcrypto/ecdh/ech_err.c
index 6f4b0c9953..3bd247398d 100644
--- a/src/lib/libcrypto/ecdh/ech_err.c
+++ b/src/lib/libcrypto/ecdh/ech_err.c
@@ -1,6 +1,6 @@
1/* crypto/ecdh/ech_err.c */ 1/* crypto/ecdh/ech_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -70,6 +70,7 @@
70 70
71static ERR_STRING_DATA ECDH_str_functs[]= 71static ERR_STRING_DATA ECDH_str_functs[]=
72 { 72 {
73{ERR_FUNC(ECDH_F_ECDH_CHECK), "ECDH_CHECK"},
73{ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"}, 74{ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"},
74{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_new_method"}, 75{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_new_method"},
75{0,NULL} 76{0,NULL}
@@ -78,6 +79,7 @@ static ERR_STRING_DATA ECDH_str_functs[]=
78static ERR_STRING_DATA ECDH_str_reasons[]= 79static ERR_STRING_DATA ECDH_str_reasons[]=
79 { 80 {
80{ERR_REASON(ECDH_R_KDF_FAILED) ,"KDF failed"}, 81{ERR_REASON(ECDH_R_KDF_FAILED) ,"KDF failed"},
82{ERR_REASON(ECDH_R_NON_FIPS_METHOD) ,"non fips method"},
81{ERR_REASON(ECDH_R_NO_PRIVATE_VALUE) ,"no private value"}, 83{ERR_REASON(ECDH_R_NO_PRIVATE_VALUE) ,"no private value"},
82{ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE),"point arithmetic failure"}, 84{ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE),"point arithmetic failure"},
83{0,NULL} 85{0,NULL}
diff --git a/src/lib/libcrypto/ecdh/ech_lib.c b/src/lib/libcrypto/ecdh/ech_lib.c
index 4d8ea03d3d..dadbfd3c49 100644
--- a/src/lib/libcrypto/ecdh/ech_lib.c
+++ b/src/lib/libcrypto/ecdh/ech_lib.c
@@ -73,6 +73,9 @@
73#include <openssl/engine.h> 73#include <openssl/engine.h>
74#endif 74#endif
75#include <openssl/err.h> 75#include <openssl/err.h>
76#ifdef OPENSSL_FIPS
77#include <openssl/fips.h>
78#endif
76 79
77const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT; 80const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
78 81
@@ -90,7 +93,16 @@ void ECDH_set_default_method(const ECDH_METHOD *meth)
90const ECDH_METHOD *ECDH_get_default_method(void) 93const ECDH_METHOD *ECDH_get_default_method(void)
91 { 94 {
92 if(!default_ECDH_method) 95 if(!default_ECDH_method)
96 {
97#ifdef OPENSSL_FIPS
98 if (FIPS_mode())
99 return FIPS_ecdh_openssl();
100 else
101 return ECDH_OpenSSL();
102#else
93 default_ECDH_method = ECDH_OpenSSL(); 103 default_ECDH_method = ECDH_OpenSSL();
104#endif
105 }
94 return default_ECDH_method; 106 return default_ECDH_method;
95 } 107 }
96 108
@@ -215,6 +227,14 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
215 } 227 }
216 else 228 else
217 ecdh_data = (ECDH_DATA *)data; 229 ecdh_data = (ECDH_DATA *)data;
230#ifdef OPENSSL_FIPS
231 if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
232 && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
233 {
234 ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD);
235 return NULL;
236 }
237#endif
218 238
219 239
220 return ecdh_data; 240 return ecdh_data;
diff --git a/src/lib/libcrypto/ecdh/ech_locl.h b/src/lib/libcrypto/ecdh/ech_locl.h
index f658526a7e..f6cad6a894 100644
--- a/src/lib/libcrypto/ecdh/ech_locl.h
+++ b/src/lib/libcrypto/ecdh/ech_locl.h
@@ -75,6 +75,14 @@ struct ecdh_method
75 char *app_data; 75 char *app_data;
76 }; 76 };
77 77
78/* If this flag is set the ECDH method is FIPS compliant and can be used
79 * in FIPS mode. This is set in the validated module method. If an
80 * application sets this flag in its own methods it is its responsibility
81 * to ensure the result is compliant.
82 */
83
84#define ECDH_FLAG_FIPS_METHOD 0x1
85
78typedef struct ecdh_data_st { 86typedef struct ecdh_data_st {
79 /* EC_KEY_METH_DATA part */ 87 /* EC_KEY_METH_DATA part */
80 int (*init)(EC_KEY *); 88 int (*init)(EC_KEY *);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 03:32:26 +0000