diff options
author | Matt Caswell <matt@openssl.org> | 2019-07-03 17:30:03 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-08-06 11:19:07 +0100 |
commit | a9612d6c034f47c4788c67d85651d0cd58c3faf7 (patch) | |
tree | b3af6481b8c7a2a50b8834c3cec70841ae739f95 /crypto/ec/ec_kmeth.c | |
parent | c1a3f16f735057b45df1803d58f40e4e17b233e5 (diff) | |
download | openssl-new-a9612d6c034f47c4788c67d85651d0cd58c3faf7.tar.gz |
Make the EC code available from inside the FIPS provider
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9380)
Diffstat (limited to 'crypto/ec/ec_kmeth.c')
-rw-r--r-- | crypto/ec/ec_kmeth.c | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index c3209bc5cc..036fec8726 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -59,7 +59,7 @@ int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth) if (finish != NULL) finish(key); -#ifndef OPENSSL_NO_ENGINE +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) ENGINE_finish(key->engine); key->engine = NULL; #endif @@ -70,28 +70,30 @@ int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth) return 1; } -EC_KEY *EC_KEY_new_method(ENGINE *engine) +EC_KEY *ec_key_new_method_int(OPENSSL_CTX *libctx, ENGINE *engine) { EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { - ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE); + ECerr(EC_F_EC_KEY_NEW_METHOD_INT, ERR_R_MALLOC_FAILURE); return NULL; } + ret->libctx = libctx; + ret->references = 1; ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { - ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE); + ECerr(EC_F_EC_KEY_NEW_METHOD_INT, ERR_R_MALLOC_FAILURE); OPENSSL_free(ret); return NULL; } ret->meth = EC_KEY_get_default_method(); -#ifndef OPENSSL_NO_ENGINE +#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE) if (engine != NULL) { if (!ENGINE_init(engine)) { - ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB); + ECerr(EC_F_EC_KEY_NEW_METHOD_INT, ERR_R_ENGINE_LIB); goto err; } ret->engine = engine; @@ -100,7 +102,7 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine) if (ret->engine != NULL) { ret->meth = ENGINE_get_EC(ret->engine); if (ret->meth == NULL) { - ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB); + ECerr(EC_F_EC_KEY_NEW_METHOD_INT, ERR_R_ENGINE_LIB); goto err; } } @@ -109,12 +111,15 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine) ret->version = 1; ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; +/* No ex_data inside the FIPS provider */ +#ifndef FIPS_MODE if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) { goto err; } +#endif if (ret->meth->init != NULL && ret->meth->init(ret) == 0) { - ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_INIT_FAIL); + ECerr(EC_F_EC_KEY_NEW_METHOD_INT, ERR_R_INIT_FAIL); goto err; } return ret; @@ -124,6 +129,13 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine) return NULL; } +#ifndef FIPS_MODE +EC_KEY *EC_KEY_new_method(ENGINE *engine) +{ + return ec_key_new_method_int(NULL, engine); +} +#endif + int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, const EC_KEY *eckey, void *(*KDF) (const void *in, size_t inlen, void *out, |