X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=fips%2Frand%2Ffips_drbg_ec.c;h=fb5f77c8975f22ef999a5292c7dc80c82218d852;hb=4420b3b17acf19f78f4fdea1a69d5f0a644c8154;hp=ee6fe074ec1433cd48eec5d2c62eadb34facbbb0;hpb=7fdcb45745c01b90b256fe97e87eae31453e11e6;p=oweals%2Fopenssl.git diff --git a/fips/rand/fips_drbg_ec.c b/fips/rand/fips_drbg_ec.c index ee6fe074ec..fb5f77c897 100644 --- a/fips/rand/fips_drbg_ec.c +++ b/fips/rand/fips_drbg_ec.c @@ -287,17 +287,19 @@ static int drbg_ec_generate(DRBG_CTX *dctx, } BN_CTX_start(ectx->bctx); - t = BN_CTX_get(ectx->bctx); r = BN_CTX_get(ectx->bctx); if (!r) goto err; if (adin && adin_len) { size_t i; + t = BN_CTX_get(ectx->bctx); + if (!t) + goto err; /* Convert s to buffer */ if (ectx->exbits) - BN_lshift(ectx->s, ectx->s, ectx->exbits); - bn2binpad(ectx->sbuf, dctx->seedlen, ectx->s); + BN_lshift(s, s, ectx->exbits); + bn2binpad(ectx->sbuf, dctx->seedlen, s); /* Step 2 */ if (!hash_df(dctx, ectx->tbuf, adin, adin_len, NULL, 0, NULL, 0)) @@ -309,11 +311,13 @@ static int drbg_ec_generate(DRBG_CTX *dctx, return 0; } else - if (!BN_copy(t, ectx->s)) - goto err; + /* Note if no additional input the algorithm never + * needs separate values for t and s. + */ + t = s; #ifdef EC_DRBG_TRACE - bnprint(stderr, "s at start of generate: ", ectx->s); + bnprint(stderr, "s at start of generate: ", s); #endif for (;;) @@ -333,7 +337,7 @@ static int drbg_ec_generate(DRBG_CTX *dctx, dctx->reseed_counter++; /* Get rightmost bits of r to output buffer */ - if (!(dctx->flags & DRBG_FLAG_TEST) && !dctx->lb_valid) + if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid) { if (!bn2binpad(dctx->lb, dctx->blocklength, r)) goto err; @@ -360,6 +364,8 @@ static int drbg_ec_generate(DRBG_CTX *dctx, if (!outlen) break; out += dctx->blocklength; + /* Step #5 after first pass */ + t = s; #ifdef EC_DRBG_TRACE fprintf(stderr, "Random bits written:\n"); hexprint(stderr, out, dctx->blocklength); @@ -392,23 +398,27 @@ static int drbg_ec_uninstantiate(DRBG_CTX *dctx) /* Q points from SP 800-90 A.1, P is generator */ +__fips_constseg static const unsigned char p_256_qx[] = { 0xc9,0x74,0x45,0xf4,0x5c,0xde,0xf9,0xf0,0xd3,0xe0,0x5e,0x1e, 0x58,0x5f,0xc2,0x97,0x23,0x5b,0x82,0xb5,0xbe,0x8f,0xf3,0xef, 0xca,0x67,0xc5,0x98,0x52,0x01,0x81,0x92 }; +__fips_constseg static const unsigned char p_256_qy[] = { 0xb2,0x8e,0xf5,0x57,0xba,0x31,0xdf,0xcb,0xdd,0x21,0xac,0x46, 0xe2,0xa9,0x1e,0x3c,0x30,0x4f,0x44,0xcb,0x87,0x05,0x8a,0xda, 0x2c,0xb8,0x15,0x15,0x1e,0x61,0x00,0x46 }; +__fips_constseg static const unsigned char p_384_qx[] = { 0x8e,0x72,0x2d,0xe3,0x12,0x5b,0xdd,0xb0,0x55,0x80,0x16,0x4b, 0xfe,0x20,0xb8,0xb4,0x32,0x21,0x6a,0x62,0x92,0x6c,0x57,0x50, 0x2c,0xee,0xde,0x31,0xc4,0x78,0x16,0xed,0xd1,0xe8,0x97,0x69, 0x12,0x41,0x79,0xd0,0xb6,0x95,0x10,0x64,0x28,0x81,0x50,0x65 }; +__fips_constseg static const unsigned char p_384_qy[] = { 0x02,0x3b,0x16,0x60,0xdd,0x70,0x1d,0x08,0x39,0xfd,0x45,0xee, 0xc3,0x6f,0x9e,0xe7,0xb3,0x2e,0x13,0xb3,0x15,0xdc,0x02,0x61, @@ -416,6 +426,7 @@ static const unsigned char p_384_qy[] = { 0xc5,0xe0,0x9b,0x05,0x67,0x4d,0xbb,0x7e,0x45,0xc8,0x03,0xdd }; +__fips_constseg static const unsigned char p_521_qx[] = { 0x01,0xb9,0xfa,0x3e,0x51,0x8d,0x68,0x3c,0x6b,0x65,0x76,0x36, 0x94,0xac,0x8e,0xfb,0xae,0xc6,0xfa,0xb4,0x4f,0x22,0x76,0x17, @@ -424,6 +435,7 @@ static const unsigned char p_521_qx[] = { 0x3b,0x24,0xc3,0xed,0xfa,0x0f,0x85,0xfe,0x24,0xd0,0xc8,0xc0, 0x15,0x91,0xf0,0xbe,0x6f,0x63 }; +__fips_constseg static const unsigned char p_521_qy[] = { 0x01,0xf3,0xbd,0xba,0x58,0x52,0x95,0xd9,0xa1,0x11,0x0d,0x1d, 0xf1,0xf9,0x43,0x0e,0xf8,0x44,0x2c,0x50,0x18,0x97,0x6f,0xf3, @@ -487,7 +499,7 @@ int fips_drbg_ec_init(DRBG_CTX *dctx) return -2; } - dctx->flags |= DRBG_CUSTOM_RESEED; + dctx->iflags |= DRBG_CUSTOM_RESEED; dctx->reseed_counter = 0; dctx->instantiate = drbg_ec_instantiate; dctx->reseed = drbg_ec_reseed;