diff options
author | Robert Sloan <varomodt@google.com> | 2018-11-26 12:19:07 -0800 |
---|---|---|
committer | Rob Sloan <varomodt@google.com> | 2018-11-26 23:57:37 +0000 |
commit | c9abfe422b3e387555f922dfcc280299b6e92975 (patch) | |
tree | d14d7f9ab8183be8607f208257356c192b4773a0 /src/crypto/fipsmodule/ecdh | |
parent | a51059f202525842fc0d628a408ad5a5e33a54e7 (diff) | |
download | boringssl-c9abfe422b3e387555f922dfcc280299b6e92975.tar.gz |
external/boringssl: Sync to 9113e0996fd445ce187ae9dfeabfc95805b947a2.android-n-iot-release-ihome-igv1nougat-iot-release
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/fa3aadcd40ec4fd27a6e9492ef099b3dcc6eb2af..9113e0996fd445ce187ae9dfeabfc95805b947a2
Test: atest CtsLibcoreTestCases
Change-Id: I31ed8a7c9481e7b42f0454f0ee64c26e17a85d52
Diffstat (limited to 'src/crypto/fipsmodule/ecdh')
-rw-r--r-- | src/crypto/fipsmodule/ecdh/ecdh.c | 63 |
1 files changed, 12 insertions, 51 deletions
diff --git a/src/crypto/fipsmodule/ecdh/ecdh.c b/src/crypto/fipsmodule/ecdh/ecdh.c index cd9d7eaf..b9dc2374 100644 --- a/src/crypto/fipsmodule/ecdh/ecdh.c +++ b/src/crypto/fipsmodule/ecdh/ecdh.c @@ -66,10 +66,8 @@ #include <openssl/ecdh.h> -#include <limits.h> #include <string.h> -#include <openssl/bn.h> #include <openssl/ec.h> #include <openssl/ec_key.h> #include <openssl/err.h> @@ -86,50 +84,20 @@ int ECDH_compute_key_fips(uint8_t *out, size_t out_len, const EC_POINT *pub_key, return 0; } const EC_SCALAR *const priv = &priv_key->priv_key->scalar; - - BN_CTX *ctx = BN_CTX_new(); - if (ctx == NULL) { - return 0; - } - BN_CTX_start(ctx); - - int ret = 0; - size_t buflen = 0; - uint8_t *buf = NULL; - const EC_GROUP *const group = EC_KEY_get0_group(priv_key); - EC_POINT *shared_point = EC_POINT_new(group); - if (shared_point == NULL) { - OPENSSL_PUT_ERROR(ECDH, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!ec_point_mul_scalar(group, shared_point, NULL, pub_key, priv, ctx)) { - OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE); - goto err; - } - - BIGNUM *x = BN_CTX_get(ctx); - if (!x) { - OPENSSL_PUT_ERROR(ECDH, ERR_R_MALLOC_FAILURE); - goto err; + if (EC_GROUP_cmp(group, pub_key->group, NULL) != 0) { + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); + return 0; } - if (!EC_POINT_get_affine_coordinates_GFp(group, shared_point, x, NULL, ctx)) { + EC_RAW_POINT shared_point; + uint8_t buf[EC_MAX_BYTES]; + size_t buflen; + if (!ec_point_mul_scalar(group, &shared_point, NULL, &pub_key->raw, priv) || + !ec_point_get_affine_coordinate_bytes(group, buf, NULL, &buflen, + sizeof(buf), &shared_point)) { OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE); - goto err; - } - - buflen = (EC_GROUP_get_degree(group) + 7) / 8; - buf = OPENSSL_malloc(buflen); - if (buf == NULL) { - OPENSSL_PUT_ERROR(ECDH, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!BN_bn2bin_padded(buf, buflen, x)) { - OPENSSL_PUT_ERROR(ECDH, ERR_R_INTERNAL_ERROR); - goto err; + return 0; } switch (out_len) { @@ -147,15 +115,8 @@ int ECDH_compute_key_fips(uint8_t *out, size_t out_len, const EC_POINT *pub_key, break; default: OPENSSL_PUT_ERROR(ECDH, ECDH_R_UNKNOWN_DIGEST_LENGTH); - goto err; + return 0; } - ret = 1; - -err: - OPENSSL_free(buf); - EC_POINT_free(shared_point); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return ret; + return 1; } |