[openssl] master update
Matt Caswell
matt at openssl.org
Wed Jun 12 08:22:02 UTC 2019
The branch master has been updated
via a8140a42f5ee9e4e1423b5b6b319dc4657659f6f (commit)
via 444ab3abb1ff4b28189e7b15dadcebb2e3564fdf (commit)
via 636b087e3e3eb3401ac4d1a55bd2da0c15a728d5 (commit)
via 4ac6227621255ecde99aff3b11737c912f7a499b (commit)
via 9632bd0e1d80ac4d38a3add1de192386fe1a0fd4 (commit)
via 7bc081dda349a3473154d31f6094ee34545c4980 (commit)
from f35819d1b7e195af9a41d991db00655f6f2c0af3 (commit)
- Log -----------------------------------------------------------------
commit a8140a42f5ee9e4e1423b5b6b319dc4657659f6f
Author: Matt Caswell <matt at openssl.org>
Date: Tue Jun 11 13:49:43 2019 +0100
Ensure code is compiled with correct BIGNUM assembler defines
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9130)
commit 444ab3abb1ff4b28189e7b15dadcebb2e3564fdf
Author: Matt Caswell <matt at openssl.org>
Date: Tue Jun 11 12:06:27 2019 +0100
Add some dummy BIGNUM calls from inside the FIPS provider
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9130)
commit 636b087e3e3eb3401ac4d1a55bd2da0c15a728d5
Author: Matt Caswell <matt at openssl.org>
Date: Wed May 29 17:31:22 2019 +0100
Make BIGNUM code available from within the FIPS module
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9130)
commit 4ac6227621255ecde99aff3b11737c912f7a499b
Author: Matt Caswell <matt at openssl.org>
Date: Thu May 30 15:42:32 2019 +0100
Temporarily disable RAND call in FIPS_MODE until RAND is available
Other commits will enable the RAND code in FIPS_MODE. Until those commits
are in place we temporarily disable making RAND calls while in FIPS_MODE.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9130)
commit 9632bd0e1d80ac4d38a3add1de192386fe1a0fd4
Author: Matt Caswell <matt at openssl.org>
Date: Wed May 29 17:29:34 2019 +0100
Convert bn_rand.c to use EVP
Replace the low level SHA512_* function calls with EVP calls.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9130)
commit 7bc081dda349a3473154d31f6094ee34545c4980
Author: Matt Caswell <matt at openssl.org>
Date: Wed May 29 17:03:53 2019 +0100
Create BN_CTX_new_ex() and BN_CTX_secure_new_ex()
These variants of BN_CTX_new() and BN_CTX_secure_new() enable passing
an OPENSSL_CTX so that we can access this where needed throughout the
BIGNUM sub library.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9130)
-----------------------------------------------------------------------
Summary of changes:
Configure | 30 +++-
crypto/bn/{bn_print.c => bn_conv.c} | 66 +--------
crypto/bn/bn_ctx.c | 34 ++++-
crypto/bn/bn_err.c | 4 +-
crypto/bn/bn_lcl.h | 2 +
crypto/bn/bn_print.c | 279 +-----------------------------------
crypto/bn/bn_rand.c | 65 +++++++--
crypto/bn/build.info | 21 +--
crypto/build.info | 2 +-
crypto/err/openssl.txt | 2 +
crypto/ppccap.c | 16 +--
doc/man3/BN_CTX_new.pod | 18 ++-
include/openssl/bn.h | 2 +
include/openssl/bnerr.h | 2 +
providers/fips/fipsprov.c | 19 +++
util/libcrypto.num | 2 +
16 files changed, 183 insertions(+), 381 deletions(-)
copy crypto/bn/{bn_print.c => bn_conv.c} (82%)
diff --git a/Configure b/Configure
index 17de50e..e3c28f9 100755
--- a/Configure
+++ b/Configure
@@ -1407,13 +1407,31 @@ unless ($disabled{asm}) {
$target{bn_asm_src} =~ s/\w+-gf2m.c// if (defined($disabled{ec2m}));
# bn-586 is the only one implementing bn_*_part_words
- push @{$config{lib_defines}}, "OPENSSL_BN_ASM_PART_WORDS" if ($target{bn_asm_src} =~ /bn-586/);
- push @{$config{lib_defines}}, "OPENSSL_IA32_SSE2" if (!$disabled{sse2} && $target{bn_asm_src} =~ /86/);
+ if ($target{bn_asm_src} =~ /bn-586/) {
+ push @{$config{lib_defines}}, "OPENSSL_BN_ASM_PART_WORDS";
+ push @{$config{module_defines}}, "OPENSSL_BN_ASM_PART_WORDS";
+ }
+ if (!$disabled{sse2} && $target{bn_asm_src} =~ /86/) {
+ push @{$config{lib_defines}}, "OPENSSL_IA32_SSE2";
+ push @{$config{module_defines}}, "OPENSSL_IA32_SSE2";
+ }
- push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/);
- push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/);
- push @{$config{lib_defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/);
- push @{$config{lib_defines}}, "BN_DIV3W" if ($target{bn_asm_src} =~ /-div3w/);
+ if ($target{bn_asm_src} =~ /-mont/) {
+ push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT";
+ push @{$config{module_defines}}, "OPENSSL_BN_ASM_MONT";
+ }
+ if ($target{bn_asm_src} =~ /-mont5/) {
+ push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT5";
+ push @{$config{module_defines}}, "OPENSSL_BN_ASM_MONT5";
+ }
+ if ($target{bn_asm_src} =~ /-gf2m/) {
+ push @{$config{lib_defines}}, "OPENSSL_BN_ASM_GF2m";
+ push @{$config{module_defines}}, "OPENSSL_BN_ASM_GF2m";
+ }
+ if ($target{bn_asm_src} =~ /-div3w/) {
+ push @{$config{lib_defines}}, "BN_DIV3W";
+ push @{$config{module_defines}}, "BN_DIV3W";
+ }
if ($target{sha1_asm_src}) {
push @{$config{lib_defines}}, "SHA1_ASM" if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/);
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_conv.c
similarity index 82%
copy from crypto/bn/bn_print.c
copy to crypto/bn/bn_conv.c
index 6c1e3f6..9219fa4 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_conv.c
@@ -7,11 +7,8 @@
* https://www.openssl.org/source/license.html
*/
-#include <stdio.h>
+#include <openssl/err.h>
#include "internal/ctype.h"
-#include <limits.h>
-#include "internal/cryptlib.h"
-#include <openssl/buffer.h>
#include "bn_lcl.h"
static const char Hex[] = "0123456789ABCDEF";
@@ -49,6 +46,8 @@ char *BN_bn2hex(const BIGNUM *a)
return buf;
}
+#ifndef FIPS_MODE
+/* No BIO_snprintf in FIPS_MODE */
/* Must 'OPENSSL_free' the returned data */
char *BN_bn2dec(const BIGNUM *a)
{
@@ -122,6 +121,7 @@ char *BN_bn2dec(const BIGNUM *a)
OPENSSL_free(buf);
return NULL;
}
+#endif
int BN_hex2bn(BIGNUM **bn, const char *a)
{
@@ -285,61 +285,3 @@ int BN_asc2bn(BIGNUM **bn, const char *a)
(*bn)->neg = 1;
return 1;
}
-
-# ifndef OPENSSL_NO_STDIO
-int BN_print_fp(FILE *fp, const BIGNUM *a)
-{
- BIO *b;
- int ret;
-
- if ((b = BIO_new(BIO_s_file())) == NULL)
- return 0;
- BIO_set_fp(b, fp, BIO_NOCLOSE);
- ret = BN_print(b, a);
- BIO_free(b);
- return ret;
-}
-# endif
-
-int BN_print(BIO *bp, const BIGNUM *a)
-{
- int i, j, v, z = 0;
- int ret = 0;
-
- if ((a->neg) && BIO_write(bp, "-", 1) != 1)
- goto end;
- if (BN_is_zero(a) && BIO_write(bp, "0", 1) != 1)
- goto end;
- for (i = a->top - 1; i >= 0; i--) {
- for (j = BN_BITS2 - 4; j >= 0; j -= 4) {
- /* strip leading zeros */
- v = (int)((a->d[i] >> j) & 0x0f);
- if (z || v != 0) {
- if (BIO_write(bp, &Hex[v], 1) != 1)
- goto end;
- z = 1;
- }
- }
- }
- ret = 1;
- end:
- return ret;
-}
-
-char *BN_options(void)
-{
- static int init = 0;
- static char data[16];
-
- if (!init) {
- init++;
-#ifdef BN_LLONG
- BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)",
- sizeof(BN_ULLONG) * 8, sizeof(BN_ULONG) * 8);
-#else
- BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)",
- sizeof(BN_ULONG) * 8, sizeof(BN_ULONG) * 8);
-#endif
- }
- return data;
-}
diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index 62e29b5..882f3bc 100644
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -86,8 +86,11 @@ struct bignum_ctx {
int too_many;
/* Flags. */
int flags;
+ /* The library context */
+ OPENSSL_CTX *libctx;
};
+#ifndef FIPS_MODE
/* Debugging functionality */
static void ctxdbg(BIO *channel, const char *text, BN_CTX *ctx)
{
@@ -116,35 +119,49 @@ static void ctxdbg(BIO *channel, const char *text, BN_CTX *ctx)
BIO_printf(channel, "\n");
}
-#define CTXDBG(str, ctx) \
+# define CTXDBG(str, ctx) \
OSSL_TRACE_BEGIN(BN_CTX) { \
ctxdbg(trc_out, str, ctx); \
} OSSL_TRACE_END(BN_CTX)
+#else
+/* TODO(3.0): Consider if we want to do this in FIPS mode */
+# define CTXDBG(str, ctx) do {} while(0)
+#endif /* FIPS_MODE */
-
-BN_CTX *BN_CTX_new(void)
+BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx)
{
BN_CTX *ret;
if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
- BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ BNerr(BN_F_BN_CTX_NEW_EX, ERR_R_MALLOC_FAILURE);
return NULL;
}
/* Initialise the structure */
BN_POOL_init(&ret->pool);
BN_STACK_init(&ret->stack);
+ ret->libctx = ctx;
return ret;
}
-BN_CTX *BN_CTX_secure_new(void)
+BN_CTX *BN_CTX_new(void)
+{
+ return BN_CTX_new_ex(NULL);
+}
+
+BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx)
{
- BN_CTX *ret = BN_CTX_new();
+ BN_CTX *ret = BN_CTX_new_ex(ctx);
if (ret != NULL)
ret->flags = BN_FLG_SECURE;
return ret;
}
+BN_CTX *BN_CTX_secure_new(void)
+{
+ return BN_CTX_secure_new_ex(NULL);
+}
+
void BN_CTX_free(BN_CTX *ctx)
{
if (ctx == NULL)
@@ -226,6 +243,11 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx)
return ret;
}
+OPENSSL_CTX *bn_get_lib_ctx(BN_CTX *ctx)
+{
+ return ctx->libctx;
+}
+
/************/
/* BN_STACK */
/************/
diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c
index b988646..a28443c 100644
--- a/crypto/bn/bn_err.c
+++ b/crypto/bn/bn_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -29,6 +29,7 @@ static const ERR_STRING_DATA BN_str_functs[] = {
{ERR_PACK(ERR_LIB_BN, BN_F_BN_COMPUTE_WNAF, 0), "bn_compute_wNAF"},
{ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_GET, 0), "BN_CTX_get"},
{ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_NEW, 0), "BN_CTX_new"},
+ {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_NEW_EX, 0), "BN_CTX_new_ex"},
{ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_START, 0), "BN_CTX_start"},
{ERR_PACK(ERR_LIB_BN, BN_F_BN_DIV, 0), "BN_div"},
{ERR_PACK(ERR_LIB_BN, BN_F_BN_DIV_RECP, 0), "BN_div_recp"},
@@ -95,6 +96,7 @@ static const ERR_STRING_DATA BN_str_reasons[] = {
{ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_INITIALIZED), "not initialized"},
{ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_INVERSE), "no inverse"},
{ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SOLUTION), "no solution"},
+ {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SUITABLE_DIGEST), "no suitable digest"},
{ERR_PACK(ERR_LIB_BN, 0, BN_R_PRIVATE_KEY_TOO_LARGE),
"private key too large"},
{ERR_PACK(ERR_LIB_BN, 0, BN_R_P_IS_NOT_PRIME), "p is not prime"},
diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
index 5c0413c..bc52749 100644
--- a/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
@@ -668,4 +668,6 @@ static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits)
return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2);
}
+OPENSSL_CTX *bn_get_lib_ctx(BN_CTX *ctx);
+
#endif
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index 6c1e3f6..2274b85 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -8,285 +8,12 @@
*/
#include <stdio.h>
-#include "internal/ctype.h"
-#include <limits.h>
-#include "internal/cryptlib.h"
-#include <openssl/buffer.h>
+#include <openssl/bio.h>
#include "bn_lcl.h"
static const char Hex[] = "0123456789ABCDEF";
-/* Must 'OPENSSL_free' the returned data */
-char *BN_bn2hex(const BIGNUM *a)
-{
- int i, j, v, z = 0;
- char *buf;
- char *p;
-
- if (BN_is_zero(a))
- return OPENSSL_strdup("0");
- buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
- if (buf == NULL) {
- BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- p = buf;
- if (a->neg)
- *p++ = '-';
- for (i = a->top - 1; i >= 0; i--) {
- for (j = BN_BITS2 - 8; j >= 0; j -= 8) {
- /* strip leading zeros */
- v = (int)((a->d[i] >> j) & 0xff);
- if (z || v != 0) {
- *p++ = Hex[v >> 4];
- *p++ = Hex[v & 0x0f];
- z = 1;
- }
- }
- }
- *p = '\0';
- err:
- return buf;
-}
-
-/* Must 'OPENSSL_free' the returned data */
-char *BN_bn2dec(const BIGNUM *a)
-{
- int i = 0, num, ok = 0, n, tbytes;
- char *buf = NULL;
- char *p;
- BIGNUM *t = NULL;
- BN_ULONG *bn_data = NULL, *lp;
- int bn_data_num;
-
- /*-
- * get an upper bound for the length of the decimal integer
- * num <= (BN_num_bits(a) + 1) * log(2)
- * <= 3 * BN_num_bits(a) * 0.101 + log(2) + 1 (rounding error)
- * <= 3 * BN_num_bits(a) / 10 + 3 * BN_num_bits / 1000 + 1 + 1
- */
- i = BN_num_bits(a) * 3;
- num = (i / 10 + i / 1000 + 1) + 1;
- tbytes = num + 3; /* negative and terminator and one spare? */
- bn_data_num = num / BN_DEC_NUM + 1;
- bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG));
- buf = OPENSSL_malloc(tbytes);
- if (buf == NULL || bn_data == NULL) {
- BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if ((t = BN_dup(a)) == NULL)
- goto err;
-
- p = buf;
- lp = bn_data;
- if (BN_is_zero(t)) {
- *p++ = '0';
- *p++ = '\0';
- } else {
- if (BN_is_negative(t))
- *p++ = '-';
-
- while (!BN_is_zero(t)) {
- if (lp - bn_data >= bn_data_num)
- goto err;
- *lp = BN_div_word(t, BN_DEC_CONV);
- if (*lp == (BN_ULONG)-1)
- goto err;
- lp++;
- }
- lp--;
- /*
- * We now have a series of blocks, BN_DEC_NUM chars in length, where
- * the last one needs truncation. The blocks need to be reversed in
- * order.
- */
- n = BIO_snprintf(p, tbytes - (size_t)(p - buf), BN_DEC_FMT1, *lp);
- if (n < 0)
- goto err;
- p += n;
- while (lp != bn_data) {
- lp--;
- n = BIO_snprintf(p, tbytes - (size_t)(p - buf), BN_DEC_FMT2, *lp);
- if (n < 0)
- goto err;
- p += n;
- }
- }
- ok = 1;
- err:
- OPENSSL_free(bn_data);
- BN_free(t);
- if (ok)
- return buf;
- OPENSSL_free(buf);
- return NULL;
-}
-
-int BN_hex2bn(BIGNUM **bn, const char *a)
-{
- BIGNUM *ret = NULL;
- BN_ULONG l = 0;
- int neg = 0, h, m, i, j, k, c;
- int num;
-
- if (a == NULL || *a == '\0')
- return 0;
-
- if (*a == '-') {
- neg = 1;
- a++;
- }
-
- for (i = 0; i <= INT_MAX / 4 && ossl_isxdigit(a[i]); i++)
- continue;
-
- if (i == 0 || i > INT_MAX / 4)
- goto err;
-
- num = i + neg;
- if (bn == NULL)
- return num;
-
- /* a is the start of the hex digits, and it is 'i' long */
- if (*bn == NULL) {
- if ((ret = BN_new()) == NULL)
- return 0;
- } else {
- ret = *bn;
- BN_zero(ret);
- }
-
- /* i is the number of hex digits */
- if (bn_expand(ret, i * 4) == NULL)
- goto err;
-
- j = i; /* least significant 'hex' */
- m = 0;
- h = 0;
- while (j > 0) {
- m = (BN_BYTES * 2 <= j) ? BN_BYTES * 2 : j;
- l = 0;
- for (;;) {
- c = a[j - m];
- k = OPENSSL_hexchar2int(c);
- if (k < 0)
- k = 0; /* paranoia */
- l = (l << 4) | k;
-
- if (--m <= 0) {
- ret->d[h++] = l;
- break;
- }
- }
- j -= BN_BYTES * 2;
- }
- ret->top = h;
- bn_correct_top(ret);
-
- *bn = ret;
- bn_check_top(ret);
- /* Don't set the negative flag if it's zero. */
- if (ret->top != 0)
- ret->neg = neg;
- return num;
- err:
- if (*bn == NULL)
- BN_free(ret);
- return 0;
-}
-
-int BN_dec2bn(BIGNUM **bn, const char *a)
-{
- BIGNUM *ret = NULL;
- BN_ULONG l = 0;
- int neg = 0, i, j;
- int num;
-
- if (a == NULL || *a == '\0')
- return 0;
- if (*a == '-') {
- neg = 1;
- a++;
- }
-
- for (i = 0; i <= INT_MAX / 4 && ossl_isdigit(a[i]); i++)
- continue;
-
- if (i == 0 || i > INT_MAX / 4)
- goto err;
-
- num = i + neg;
- if (bn == NULL)
- return num;
-
- /*
- * a is the start of the digits, and it is 'i' long. We chop it into
- * BN_DEC_NUM digits at a time
- */
- if (*bn == NULL) {
- if ((ret = BN_new()) == NULL)
- return 0;
- } else {
- ret = *bn;
- BN_zero(ret);
- }
-
- /* i is the number of digits, a bit of an over expand */
- if (bn_expand(ret, i * 4) == NULL)
- goto err;
-
- j = BN_DEC_NUM - i % BN_DEC_NUM;
- if (j == BN_DEC_NUM)
- j = 0;
- l = 0;
- while (--i >= 0) {
- l *= 10;
- l += *a - '0';
- a++;
- if (++j == BN_DEC_NUM) {
- if (!BN_mul_word(ret, BN_DEC_CONV)
- || !BN_add_word(ret, l))
- goto err;
- l = 0;
- j = 0;
- }
- }
-
- bn_correct_top(ret);
- *bn = ret;
- bn_check_top(ret);
- /* Don't set the negative flag if it's zero. */
- if (ret->top != 0)
- ret->neg = neg;
- return num;
- err:
- if (*bn == NULL)
- BN_free(ret);
- return 0;
-}
-
-int BN_asc2bn(BIGNUM **bn, const char *a)
-{
- const char *p = a;
-
- if (*p == '-')
- p++;
-
- if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x')) {
- if (!BN_hex2bn(bn, p + 2))
- return 0;
- } else {
- if (!BN_dec2bn(bn, p))
- return 0;
- }
- /* Don't set the negative flag if it's zero. */
- if (*a == '-' && (*bn)->top != 0)
- (*bn)->neg = 1;
- return 1;
-}
-
-# ifndef OPENSSL_NO_STDIO
+#ifndef OPENSSL_NO_STDIO
int BN_print_fp(FILE *fp, const BIGNUM *a)
{
BIO *b;
@@ -299,7 +26,7 @@ int BN_print_fp(FILE *fp, const BIGNUM *a)
BIO_free(b);
return ret;
}
-# endif
+#endif
int BN_print(BIO *bp, const BIGNUM *a)
{
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 727c695..6967627 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -12,7 +12,9 @@
#include "internal/cryptlib.h"
#include "bn_lcl.h"
#include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
#include <openssl/sha.h>
+#include <openssl/evp.h>
typedef enum bnrand_flag_e {
NORMAL, TESTING, PRIVATE
@@ -43,7 +45,16 @@ static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom)
}
/* make a random number and set the top and bottom bits */
+ /*
+ * TODO(3.0): Temporarily disable RAND code in the FIPS module until we
+ * have made it available there.
+ */
+#if defined(FIPS_MODE)
+ BNerr(BN_F_BNRAND, ERR_R_INTERNAL_ERROR);
+ goto err;
+#else
b = flag == NORMAL ? RAND_bytes(buf, bytes) : RAND_priv_bytes(buf, bytes);
+#endif
if (b <= 0)
goto err;
@@ -55,8 +66,14 @@ static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom)
unsigned char c;
for (i = 0; i < bytes; i++) {
+ /*
+ * TODO(3.0): Temporarily disable RAND code in the FIPS module until we
+ * have made it available there.
+ */
+#if !defined(FIPS_MODE)
if (RAND_bytes(&c, 1) <= 0)
goto err;
+#endif
if (c >= 128 && i > 0)
buf[i] = buf[i - 1];
else if (c < 42)
@@ -206,7 +223,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
const BIGNUM *priv, const unsigned char *message,
size_t message_len, BN_CTX *ctx)
{
- SHA512_CTX sha;
+ EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
/*
* We use 512 bits of random data per iteration to ensure that we have at
* least |range| bits of randomness.
@@ -217,8 +234,22 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
/* We generate |range|+8 bytes of random output. */
const unsigned num_k_bytes = BN_num_bytes(range) + 8;
unsigned char private_bytes[96];
- unsigned char *k_bytes;
+ unsigned char *k_bytes = NULL;
int ret = 0;
+ EVP_MD *md = NULL;
+ OPENSSL_CTX *libctx = (ctx != NULL) ? bn_get_lib_ctx(ctx) : NULL;
+ /*
+ * TODO(3.0): Temporarily disable RAND code in the FIPS module until we
+ * have made it available there.
+ */
+#ifdef FIPS_MODE
+ RAND_DRBG *privdrbg = NULL;
+#else
+ RAND_DRBG *privdrbg = OPENSSL_CTX_get0_private_drbg(libctx);
+#endif
+
+ if (mdctx == NULL || privdrbg == NULL)
+ goto err;
k_bytes = OPENSSL_malloc(num_k_bytes);
if (k_bytes == NULL)
@@ -238,15 +269,29 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
memcpy(private_bytes, priv->d, todo);
memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
+ md = EVP_MD_fetch(libctx, "SHA512", NULL);
+ if (md == NULL) {
+ BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_NO_SUITABLE_DIGEST);
+ goto err;
+ }
for (done = 0; done < num_k_bytes;) {
- if (RAND_priv_bytes(random_bytes, sizeof(random_bytes)) != 1)
+ /*
+ * TODO(3.0): Temporarily disable RAND code in the FIPS module until we
+ * have made it available there.
+ */
+#if !defined(FIPS_MODE)
+ if (!RAND_DRBG_bytes(privdrbg, random_bytes, sizeof(random_bytes)))
+ goto err;
+#endif
+
+ if (!EVP_DigestInit_ex(mdctx, md, NULL)
+ || !EVP_DigestUpdate(mdctx, &done, sizeof(done))
+ || !EVP_DigestUpdate(mdctx, private_bytes,
+ sizeof(private_bytes))
+ || !EVP_DigestUpdate(mdctx, message, message_len)
+ || !EVP_DigestUpdate(mdctx, random_bytes, sizeof(random_bytes))
+ || !EVP_DigestFinal_ex(mdctx, digest, NULL))
goto err;
- SHA512_Init(&sha);
- SHA512_Update(&sha, &done, sizeof(done));
- SHA512_Update(&sha, private_bytes, sizeof(private_bytes));
- SHA512_Update(&sha, message, message_len);
- SHA512_Update(&sha, random_bytes, sizeof(random_bytes));
- SHA512_Final(digest, &sha);
todo = num_k_bytes - done;
if (todo > SHA512_DIGEST_LENGTH)
@@ -262,6 +307,8 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
ret = 1;
err:
+ EVP_MD_CTX_free(mdctx);
+ EVP_MD_meth_free(md);
OPENSSL_free(k_bytes);
OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
return ret;
diff --git a/crypto/bn/build.info b/crypto/bn/build.info
index 7e34ce4..280fa3d 100644
--- a/crypto/bn/build.info
+++ b/crypto/bn/build.info
@@ -1,12 +1,17 @@
LIBS=../../libcrypto
-SOURCE[../../libcrypto]=\
- bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
- bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
- bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c \
- {- $target{bn_asm_src} -} \
- bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
- bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c \
- bn_rsa_fips186_4.c
+
+{- our @src = ( qw( bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c
+ bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c
+ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c
+ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c
+ bn_const.c bn_x931p.c bn_intern.c bn_dh.c
+ bn_rsa_fips186_4.c ), $target{bn_asm_src} ); "" -}
+
+SOURCE[../../libcrypto]={- join(' ', @src) -} bn_print.c bn_err.c bn_depr.c bn_srp.c
+
+SOURCE[../../providers/fips]={- join(' ', @src) -}
+
+
INCLUDE[../../libcrypto]=../../crypto/include
INCLUDE[bn_exp.o]=..
diff --git a/crypto/build.info b/crypto/build.info
index fb8f14e..114a315 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -26,7 +26,7 @@ SOURCE[../libcrypto]=\
# FIPS module
SOURCE[../providers/fips]=\
- cryptlib.c mem.c params.c bsearch.c ex_data.c o_str.c \
+ cryptlib.c mem.c mem_sec.c params.c bsearch.c ex_data.c o_str.c \
ctype.c threads_pthread.c threads_win.c threads_none.c context.c \
sparse_array.c {- $target{cpuid_asm_src} -}
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 58e1b94..1457bc0 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -196,6 +196,7 @@ BN_F_BN_BN2HEX:105:BN_bn2hex
BN_F_BN_COMPUTE_WNAF:142:bn_compute_wNAF
BN_F_BN_CTX_GET:116:BN_CTX_get
BN_F_BN_CTX_NEW:106:BN_CTX_new
+BN_F_BN_CTX_NEW_EX:151:BN_CTX_new_ex
BN_F_BN_CTX_START:129:BN_CTX_start
BN_F_BN_DIV:107:BN_div
BN_F_BN_DIV_RECP:130:BN_div_recp
@@ -2060,6 +2061,7 @@ BN_R_NOT_A_SQUARE:111:not a square
BN_R_NOT_INITIALIZED:107:not initialized
BN_R_NO_INVERSE:108:no inverse
BN_R_NO_SOLUTION:116:no solution
+BN_R_NO_SUITABLE_DIGEST:120:no suitable digest
BN_R_PRIVATE_KEY_TOO_LARGE:117:private key too large
BN_R_P_IS_NOT_PRIME:112:p is not prime
BN_R_TOO_MANY_ITERATIONS:113:too many iterations
diff --git a/crypto/ppccap.c b/crypto/ppccap.c
index 3465864..801a2be 100644
--- a/crypto/ppccap.c
+++ b/crypto/ppccap.c
@@ -38,12 +38,8 @@ unsigned int OPENSSL_ppccap_P = 0;
static sigset_t all_masked;
-/*
- * TODO(3.0): Temporarily disabled some assembler that hasn't been brought into
- * the FIPS module yet.
- */
-#ifndef FIPS_MODE
-# ifdef OPENSSL_BN_ASM_MONT
+
+#ifdef OPENSSL_BN_ASM_MONT
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num)
{
@@ -68,8 +64,12 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
return bn_mul_mont_int(rp, ap, bp, np, n0, num);
}
-# endif
-
+#endif
+/*
+ * TODO(3.0): Temporarily disabled some assembler that hasn't been brought into
+ * the FIPS module yet.
+ */
+#ifndef FIPS_MODE
void sha256_block_p8(void *ctx, const void *inp, size_t len);
void sha256_block_ppc(void *ctx, const void *inp, size_t len);
void sha256_block_data_order(void *ctx, const void *inp, size_t len);
diff --git a/doc/man3/BN_CTX_new.pod b/doc/man3/BN_CTX_new.pod
index eb8899b..17c53ec 100644
--- a/doc/man3/BN_CTX_new.pod
+++ b/doc/man3/BN_CTX_new.pod
@@ -2,14 +2,17 @@
=head1 NAME
-BN_CTX_new, BN_CTX_secure_new, BN_CTX_free - allocate and free BN_CTX structures
+BN_CTX_new_ex, BN_CTX_new, BN_CTX_secure_new_ex, BN_CTX_secure_new, BN_CTX_free
+- allocate and free BN_CTX structures
=head1 SYNOPSIS
#include <openssl/bn.h>
+ BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx);
BN_CTX *BN_CTX_new(void);
+ BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx);
BN_CTX *BN_CTX_secure_new(void);
void BN_CTX_free(BN_CTX *c);
@@ -21,10 +24,17 @@ library functions. Since dynamic memory allocation to create B<BIGNUM>s
is rather expensive when used in conjunction with repeated subroutine
calls, the B<BN_CTX> structure is used.
-BN_CTX_new() allocates and initializes a B<BN_CTX> structure.
-BN_CTX_secure_new() allocates and initializes a B<BN_CTX> structure
+BN_CTX_new_ex() allocates and initializes a B<BN_CTX> structure for the given
+library context B<ctx>. The <ctx> value may be NULL in which case the default
+library context will be used. BN_CTX_new() is the same as BN_CTX_new_ex() except
+that the default library context is always used.
+
+BN_CTX_secure_new_ex() allocates and initializes a B<BN_CTX> structure
but uses the secure heap (see L<CRYPTO_secure_malloc(3)>) to hold the
-B<BIGNUM>s.
+B<BIGNUM>s for the given library context B<ctx>. The <ctx> value may be NULL in
+which case the default library context will be used. BN_CTX_secure_new() is the
+same as BN_CTX_secure_new_ex() except that the default library context is always
+used.
BN_CTX_free() frees the components of the B<BN_CTX> and the structure itself.
Since BN_CTX_start() is required in order to obtain B<BIGNUM>s from the
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 57d2ddd..3770160 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -198,7 +198,9 @@ void BN_zero_ex(BIGNUM *a);
const BIGNUM *BN_value_one(void);
char *BN_options(void);
+BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx);
BN_CTX *BN_CTX_new(void);
+BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx);
BN_CTX *BN_CTX_secure_new(void);
void BN_CTX_free(BN_CTX *c);
void BN_CTX_start(BN_CTX *ctx);
diff --git a/include/openssl/bnerr.h b/include/openssl/bnerr.h
index bcf4f8f..ebbcd9a 100644
--- a/include/openssl/bnerr.h
+++ b/include/openssl/bnerr.h
@@ -35,6 +35,7 @@ int ERR_load_BN_strings(void);
# define BN_F_BN_COMPUTE_WNAF 142
# define BN_F_BN_CTX_GET 116
# define BN_F_BN_CTX_NEW 106
+# define BN_F_BN_CTX_NEW_EX 151
# define BN_F_BN_CTX_START 129
# define BN_F_BN_DIV 107
# define BN_F_BN_DIV_RECP 130
@@ -92,6 +93,7 @@ int ERR_load_BN_strings(void);
# define BN_R_NOT_INITIALIZED 107
# define BN_R_NO_INVERSE 108
# define BN_R_NO_SOLUTION 116
+# define BN_R_NO_SUITABLE_DIGEST 120
# define BN_R_PRIVATE_KEY_TOO_LARGE 117
# define BN_R_P_IS_NOT_PRIME 112
# define BN_R_TOO_MANY_ITERATIONS 113
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index ab37d98..bec305b 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -50,6 +50,8 @@ static int dummy_evp_call(OPENSSL_CTX *libctx)
unsigned int dgstlen = 0;
unsigned char dgst[SHA256_DIGEST_LENGTH];
int ret = 0;
+ BN_CTX *bnctx = NULL;
+ BIGNUM *a = NULL, *b = NULL;
if (ctx == NULL || sha256 == NULL)
goto err;
@@ -63,8 +65,25 @@ static int dummy_evp_call(OPENSSL_CTX *libctx)
if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
goto err;
+ bnctx = BN_CTX_new_ex(libctx);
+ if (bnctx == NULL)
+ goto err;
+ BN_CTX_start(bnctx);
+ a = BN_CTX_get(bnctx);
+ b = BN_CTX_get(bnctx);
+ if (b == NULL)
+ goto err;
+ BN_zero(a);
+ if (!BN_one(b)
+ || !BN_add(a, a, b)
+ || BN_cmp(a, b) != 0)
+ goto err;
+
ret = 1;
err:
+ BN_CTX_end(bnctx);
+ BN_CTX_free(bnctx);
+
EVP_MD_CTX_free(ctx);
EVP_MD_meth_free(sha256);
return ret;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 0c2a8f5..7280649 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4829,3 +4829,5 @@ RAND_DRBG_secure_new_ex 4773 3_0_0 EXIST::FUNCTION:
OPENSSL_CTX_get0_master_drbg 4774 3_0_0 EXIST::FUNCTION:
OPENSSL_CTX_get0_public_drbg 4775 3_0_0 EXIST::FUNCTION:
OPENSSL_CTX_get0_private_drbg 4776 3_0_0 EXIST::FUNCTION:
+BN_CTX_new_ex 4777 3_0_0 EXIST::FUNCTION:
+BN_CTX_secure_new_ex 4778 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list