$ECASM_mips32=
$ECASM_mips64=
- $ECASM_s390x=ecp_s390x_nistp.c
+ $ECASM_s390x=ecp_s390x_nistp.c ecx_s390x.c
$ECDEF_s390x=S390X_EC_ASM
$ECASM_armv4=ecp_nistz256.c ecp_nistz256-armv4.S
INCLUDE[ecp_nistz256-sparcv9.o]=..
INCLUDE[ecp_s390x_nistp.o]=..
+INCLUDE[ecx_s390x.o]=..
INCLUDE[ecx_meth.o]=..
GENERATE[ecp_nistz256-armv4.S]=asm/ecp_nistz256-armv4.pl
#ifdef S390X_EC_ASM
# include "s390x_arch.h"
-# include "internal/constant_time.h"
-
-static void s390x_x25519_mod_p(unsigned char u[32])
-{
- unsigned char u_red[32];
- unsigned int c = 0;
- int i;
-
- memcpy(u_red, u, sizeof(u_red));
-
- c += (unsigned int)u_red[31] + 19;
- u_red[31] = (unsigned char)c;
- c >>= 8;
-
- for (i = 30; i >= 0; i--) {
- c += (unsigned int)u_red[i];
- u_red[i] = (unsigned char)c;
- c >>= 8;
- }
-
- c = (u_red[0] & 0x80) >> 7;
- u_red[0] &= 0x7f;
- constant_time_cond_swap_buff(0 - (unsigned char)c,
- u, u_red, sizeof(u_red));
-}
-
-static void s390x_x448_mod_p(unsigned char u[56])
-{
- unsigned char u_red[56];
- unsigned int c = 0;
- int i;
-
- memcpy(u_red, u, sizeof(u_red));
-
- c += (unsigned int)u_red[55] + 1;
- u_red[55] = (unsigned char)c;
- c >>= 8;
-
- for (i = 54; i >= 28; i--) {
- c += (unsigned int)u_red[i];
- u_red[i] = (unsigned char)c;
- c >>= 8;
- }
-
- c += (unsigned int)u_red[27] + 1;
- u_red[27] = (unsigned char)c;
- c >>= 8;
-
- for (i = 26; i >= 0; i--) {
- c += (unsigned int)u_red[i];
- u_red[i] = (unsigned char)c;
- c >>= 8;
- }
-
- constant_time_cond_swap_buff(0 - (unsigned char)c,
- u, u_red, sizeof(u_red));
-}
-
-int s390x_x25519_mul(unsigned char u_dst[32],
- const unsigned char u_src[32],
- const unsigned char d_src[32])
-{
- union {
- struct {
- unsigned char u_dst[32];
- unsigned char u_src[32];
- unsigned char d_src[32];
- } x25519;
- unsigned long long buff[512];
- } param;
- int rc;
-
- memset(¶m, 0, sizeof(param));
-
- s390x_flip_endian32(param.x25519.u_src, u_src);
- param.x25519.u_src[0] &= 0x7f;
- s390x_x25519_mod_p(param.x25519.u_src);
-
- s390x_flip_endian32(param.x25519.d_src, d_src);
- param.x25519.d_src[31] &= 248;
- param.x25519.d_src[0] &= 127;
- param.x25519.d_src[0] |= 64;
-
- rc = s390x_pcc(S390X_SCALAR_MULTIPLY_X25519, ¶m.x25519) ? 0 : 1;
- if (rc == 1)
- s390x_flip_endian32(u_dst, param.x25519.u_dst);
-
- OPENSSL_cleanse(param.x25519.d_src, sizeof(param.x25519.d_src));
- return rc;
-}
-
-int s390x_x448_mul(unsigned char u_dst[56],
- const unsigned char u_src[56],
- const unsigned char d_src[56])
-{
- union {
- struct {
- unsigned char u_dst[64];
- unsigned char u_src[64];
- unsigned char d_src[64];
- } x448;
- unsigned long long buff[512];
- } param;
- int rc;
-
- memset(¶m, 0, sizeof(param));
-
- memcpy(param.x448.u_src, u_src, 56);
- memcpy(param.x448.d_src, d_src, 56);
-
- s390x_flip_endian64(param.x448.u_src, param.x448.u_src);
- s390x_x448_mod_p(param.x448.u_src + 8);
-
- s390x_flip_endian64(param.x448.d_src, param.x448.d_src);
- param.x448.d_src[63] &= 252;
- param.x448.d_src[8] |= 128;
-
- rc = s390x_pcc(S390X_SCALAR_MULTIPLY_X448, ¶m.x448) ? 0 : 1;
- if (rc == 1) {
- s390x_flip_endian64(param.x448.u_dst, param.x448.u_dst);
- memcpy(u_dst, param.x448.u_dst, 56);
- }
-
- OPENSSL_cleanse(param.x448.d_src, sizeof(param.x448.d_src));
- return rc;
-}
-
-static int s390x_ed25519_mul(unsigned char x_dst[32],
- unsigned char y_dst[32],
- const unsigned char x_src[32],
- const unsigned char y_src[32],
- const unsigned char d_src[32])
-{
- union {
- struct {
- unsigned char x_dst[32];
- unsigned char y_dst[32];
- unsigned char x_src[32];
- unsigned char y_src[32];
- unsigned char d_src[32];
- } ed25519;
- unsigned long long buff[512];
- } param;
- int rc;
-
- memset(¶m, 0, sizeof(param));
-
- s390x_flip_endian32(param.ed25519.x_src, x_src);
- s390x_flip_endian32(param.ed25519.y_src, y_src);
- s390x_flip_endian32(param.ed25519.d_src, d_src);
-
- rc = s390x_pcc(S390X_SCALAR_MULTIPLY_ED25519, ¶m.ed25519) ? 0 : 1;
- if (rc == 1) {
- s390x_flip_endian32(x_dst, param.ed25519.x_dst);
- s390x_flip_endian32(y_dst, param.ed25519.y_dst);
- }
-
- OPENSSL_cleanse(param.ed25519.d_src, sizeof(param.ed25519.d_src));
- return rc;
-}
-
-static int s390x_ed448_mul(unsigned char x_dst[57],
- unsigned char y_dst[57],
- const unsigned char x_src[57],
- const unsigned char y_src[57],
- const unsigned char d_src[57])
-{
- union {
- struct {
- unsigned char x_dst[64];
- unsigned char y_dst[64];
- unsigned char x_src[64];
- unsigned char y_src[64];
- unsigned char d_src[64];
- } ed448;
- unsigned long long buff[512];
- } param;
- int rc;
-
- memset(¶m, 0, sizeof(param));
-
- memcpy(param.ed448.x_src, x_src, 57);
- memcpy(param.ed448.y_src, y_src, 57);
- memcpy(param.ed448.d_src, d_src, 57);
- s390x_flip_endian64(param.ed448.x_src, param.ed448.x_src);
- s390x_flip_endian64(param.ed448.y_src, param.ed448.y_src);
- s390x_flip_endian64(param.ed448.d_src, param.ed448.d_src);
-
- rc = s390x_pcc(S390X_SCALAR_MULTIPLY_ED448, ¶m.ed448) ? 0 : 1;
- if (rc == 1) {
- s390x_flip_endian64(param.ed448.x_dst, param.ed448.x_dst);
- s390x_flip_endian64(param.ed448.y_dst, param.ed448.y_dst);
- memcpy(x_dst, param.ed448.x_dst, 57);
- memcpy(y_dst, param.ed448.y_dst, 57);
- }
-
- OPENSSL_cleanse(param.ed448.d_src, sizeof(param.ed448.d_src));
- return rc;
-}
static int s390x_pkey_ecx_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
--- /dev/null
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/ec.h>
+#include <openssl/rand.h>
+#include "crypto/ecx.h"
+#include "ec_local.h"
+#include "curve448/curve448_local.h"
+#include "ecx_backend.h"
+#include "s390x_arch.h"
+#include "internal/constant_time.h"
+
+static void s390x_x25519_mod_p(unsigned char u[32])
+{
+ unsigned char u_red[32];
+ unsigned int c = 0;
+ int i;
+
+ memcpy(u_red, u, sizeof(u_red));
+
+ c += (unsigned int)u_red[31] + 19;
+ u_red[31] = (unsigned char)c;
+ c >>= 8;
+
+ for (i = 30; i >= 0; i--) {
+ c += (unsigned int)u_red[i];
+ u_red[i] = (unsigned char)c;
+ c >>= 8;
+ }
+
+ c = (u_red[0] & 0x80) >> 7;
+ u_red[0] &= 0x7f;
+ constant_time_cond_swap_buff(0 - (unsigned char)c,
+ u, u_red, sizeof(u_red));
+}
+
+static void s390x_x448_mod_p(unsigned char u[56])
+{
+ unsigned char u_red[56];
+ unsigned int c = 0;
+ int i;
+
+ memcpy(u_red, u, sizeof(u_red));
+
+ c += (unsigned int)u_red[55] + 1;
+ u_red[55] = (unsigned char)c;
+ c >>= 8;
+
+ for (i = 54; i >= 28; i--) {
+ c += (unsigned int)u_red[i];
+ u_red[i] = (unsigned char)c;
+ c >>= 8;
+ }
+
+ c += (unsigned int)u_red[27] + 1;
+ u_red[27] = (unsigned char)c;
+ c >>= 8;
+
+ for (i = 26; i >= 0; i--) {
+ c += (unsigned int)u_red[i];
+ u_red[i] = (unsigned char)c;
+ c >>= 8;
+ }
+
+ constant_time_cond_swap_buff(0 - (unsigned char)c,
+ u, u_red, sizeof(u_red));
+}
+
+int s390x_x25519_mul(unsigned char u_dst[32],
+ const unsigned char u_src[32],
+ const unsigned char d_src[32])
+{
+ union {
+ struct {
+ unsigned char u_dst[32];
+ unsigned char u_src[32];
+ unsigned char d_src[32];
+ } x25519;
+ unsigned long long buff[512];
+ } param;
+ int rc;
+
+ memset(¶m, 0, sizeof(param));
+
+ s390x_flip_endian32(param.x25519.u_src, u_src);
+ param.x25519.u_src[0] &= 0x7f;
+ s390x_x25519_mod_p(param.x25519.u_src);
+
+ s390x_flip_endian32(param.x25519.d_src, d_src);
+ param.x25519.d_src[31] &= 248;
+ param.x25519.d_src[0] &= 127;
+ param.x25519.d_src[0] |= 64;
+
+ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_X25519, ¶m.x25519) ? 0 : 1;
+ if (rc == 1)
+ s390x_flip_endian32(u_dst, param.x25519.u_dst);
+
+ OPENSSL_cleanse(param.x25519.d_src, sizeof(param.x25519.d_src));
+ return rc;
+}
+
+int s390x_x448_mul(unsigned char u_dst[56],
+ const unsigned char u_src[56],
+ const unsigned char d_src[56])
+{
+ union {
+ struct {
+ unsigned char u_dst[64];
+ unsigned char u_src[64];
+ unsigned char d_src[64];
+ } x448;
+ unsigned long long buff[512];
+ } param;
+ int rc;
+
+ memset(¶m, 0, sizeof(param));
+
+ memcpy(param.x448.u_src, u_src, 56);
+ memcpy(param.x448.d_src, d_src, 56);
+
+ s390x_flip_endian64(param.x448.u_src, param.x448.u_src);
+ s390x_x448_mod_p(param.x448.u_src + 8);
+
+ s390x_flip_endian64(param.x448.d_src, param.x448.d_src);
+ param.x448.d_src[63] &= 252;
+ param.x448.d_src[8] |= 128;
+
+ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_X448, ¶m.x448) ? 0 : 1;
+ if (rc == 1) {
+ s390x_flip_endian64(param.x448.u_dst, param.x448.u_dst);
+ memcpy(u_dst, param.x448.u_dst, 56);
+ }
+
+ OPENSSL_cleanse(param.x448.d_src, sizeof(param.x448.d_src));
+ return rc;
+}
+
+int s390x_ed25519_mul(unsigned char x_dst[32],
+ unsigned char y_dst[32],
+ const unsigned char x_src[32],
+ const unsigned char y_src[32],
+ const unsigned char d_src[32])
+{
+ union {
+ struct {
+ unsigned char x_dst[32];
+ unsigned char y_dst[32];
+ unsigned char x_src[32];
+ unsigned char y_src[32];
+ unsigned char d_src[32];
+ } ed25519;
+ unsigned long long buff[512];
+ } param;
+ int rc;
+
+ memset(¶m, 0, sizeof(param));
+
+ s390x_flip_endian32(param.ed25519.x_src, x_src);
+ s390x_flip_endian32(param.ed25519.y_src, y_src);
+ s390x_flip_endian32(param.ed25519.d_src, d_src);
+
+ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_ED25519, ¶m.ed25519) ? 0 : 1;
+ if (rc == 1) {
+ s390x_flip_endian32(x_dst, param.ed25519.x_dst);
+ s390x_flip_endian32(y_dst, param.ed25519.y_dst);
+ }
+
+ OPENSSL_cleanse(param.ed25519.d_src, sizeof(param.ed25519.d_src));
+ return rc;
+}
+
+int s390x_ed448_mul(unsigned char x_dst[57],
+ unsigned char y_dst[57],
+ const unsigned char x_src[57],
+ const unsigned char y_src[57],
+ const unsigned char d_src[57])
+{
+ union {
+ struct {
+ unsigned char x_dst[64];
+ unsigned char y_dst[64];
+ unsigned char x_src[64];
+ unsigned char y_src[64];
+ unsigned char d_src[64];
+ } ed448;
+ unsigned long long buff[512];
+ } param;
+ int rc;
+
+ memset(¶m, 0, sizeof(param));
+
+ memcpy(param.ed448.x_src, x_src, 57);
+ memcpy(param.ed448.y_src, y_src, 57);
+ memcpy(param.ed448.d_src, d_src, 57);
+ s390x_flip_endian64(param.ed448.x_src, param.ed448.x_src);
+ s390x_flip_endian64(param.ed448.y_src, param.ed448.y_src);
+ s390x_flip_endian64(param.ed448.d_src, param.ed448.d_src);
+
+ rc = s390x_pcc(S390X_SCALAR_MULTIPLY_ED448, ¶m.ed448) ? 0 : 1;
+ if (rc == 1) {
+ s390x_flip_endian64(param.ed448.x_dst, param.ed448.x_dst);
+ s390x_flip_endian64(param.ed448.y_dst, param.ed448.y_dst);
+ memcpy(x_dst, param.ed448.x_dst, 57);
+ memcpy(y_dst, param.ed448.y_dst, 57);
+ }
+
+ OPENSSL_cleanse(param.ed448.d_src, sizeof(param.ed448.d_src));
+ return rc;
+}
void s390x_flip_endian32(unsigned char dst[32], const unsigned char src[32]);
void s390x_flip_endian64(unsigned char dst[64], const unsigned char src[64]);
+int s390x_x25519_mul(unsigned char u_dst[32],
+ const unsigned char u_src[32],
+ const unsigned char d_src[32]);
+int s390x_x448_mul(unsigned char u_dst[56],
+ const unsigned char u_src[56],
+ const unsigned char d_src[56]);
+int s390x_ed25519_mul(unsigned char x_dst[32],
+ unsigned char y_dst[32],
+ const unsigned char x_src[32],
+ const unsigned char y_src[32],
+ const unsigned char d_src[32]);
+int s390x_ed448_mul(unsigned char x_dst[57],
+ unsigned char y_dst[57],
+ const unsigned char x_src[57],
+ const unsigned char y_src[57],
+ const unsigned char d_src[57]);
+
/*
* The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by
* the STFLE instruction followed by the 64-bit word pairs returned by
void X448_public_from_private(uint8_t out_public_value[56],
const uint8_t private_key[56]);
-int s390x_x25519_mul(unsigned char u_dst[32],
- const unsigned char u_src[32],
- const unsigned char d_src[32]);
-int s390x_x448_mul(unsigned char u_dst[56],
- const unsigned char u_src[56],
- const unsigned char d_src[56]);
-
/* Backend support */
int ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[],
int include_private);
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/params.h>
+#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include "internal/param_build_set.h"
#include "prov/provider_ctx.h"
#ifdef S390X_EC_ASM
# include "s390x_arch.h"
-
-static void *s390x_ecx_keygen25519(struct ecx_gen_ctx *gctx);
-static void *s390x_ecx_keygen448(struct ecx_gen_ctx *gctx);
-static void *s390x_ecd_keygen25519(struct ecx_gen_ctx *gctx);
-static void *s390x_ecd_keygen448(struct ecx_gen_ctx *gctx);
+# include <openssl/sha.h> /* For SHA512_DIGEST_LENGTH */
#endif
static OSSL_OP_keymgmt_new_fn x25519_new_key;
ECX_KEY_TYPE type;
};
+#ifdef S390X_EC_ASM
+static void *s390x_ecx_keygen25519(struct ecx_gen_ctx *gctx);
+static void *s390x_ecx_keygen448(struct ecx_gen_ctx *gctx);
+static void *s390x_ecd_keygen25519(struct ecx_gen_ctx *gctx);
+static void *s390x_ecd_keygen448(struct ecx_gen_ctx *gctx);
+#endif
static void *x25519_new_key(void *provctx)
{
ECX_KEY *key;
unsigned char *privkey;
- if (gctx == NULL
- || (key = ecx_key_new(gctx->type, 0)) == NULL)
+ if (gctx == NULL)
+ return NULL;
+ if ((key = ecx_key_new(gctx->type, 0)) == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
return NULL;
- if ((privkey = ecx_key_allocate_privkey(key)) == NULL
- || RAND_priv_bytes_ex(gctx->libctx, privkey, key->keylen) <= 0)
+ }
+ if ((privkey = ecx_key_allocate_privkey(key)) == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (RAND_priv_bytes_ex(gctx->libctx, privkey, key->keylen) <= 0)
goto err;
switch (gctx->type) {
case ECX_KEY_TYPE_X25519:
#ifdef S390X_EC_ASM
# include "s390x_arch.h"
-# include "internal/constant_time.h"
-
-static void s390x_x25519_mod_p(unsigned char u[32])
-{
- unsigned char u_red[32];
- unsigned int c = 0;
- int i;
-
- memcpy(u_red, u, sizeof(u_red));
-
- c += (unsigned int)u_red[31] + 19;
- u_red[31] = (unsigned char)c;
- c >>= 8;
-
- for (i = 30; i >= 0; i--) {
- c += (unsigned int)u_red[i];
- u_red[i] = (unsigned char)c;
- c >>= 8;
- }
-
- c = (u_red[0] & 0x80) >> 7;
- u_red[0] &= 0x7f;
- constant_time_cond_swap_buff(0 - (unsigned char)c,
- u, u_red, sizeof(u_red));
-}
-
-static void s390x_x448_mod_p(unsigned char u[56])
-{
- unsigned char u_red[56];
- unsigned int c = 0;
- int i;
-
- memcpy(u_red, u, sizeof(u_red));
-
- c += (unsigned int)u_red[55] + 1;
- u_red[55] = (unsigned char)c;
- c >>= 8;
-
- for (i = 54; i >= 28; i--) {
- c += (unsigned int)u_red[i];
- u_red[i] = (unsigned char)c;
- c >>= 8;
- }
-
- c += (unsigned int)u_red[27] + 1;
- u_red[27] = (unsigned char)c;
- c >>= 8;
-
- for (i = 26; i >= 0; i--) {
- c += (unsigned int)u_red[i];
- u_red[i] = (unsigned char)c;
- c >>= 8;
- }
-
- constant_time_cond_swap_buff(0 - (unsigned char)c,
- u, u_red, sizeof(u_red));
-}
-
-int s390x_x25519_mul(unsigned char u_dst[32],
- const unsigned char u_src[32],
- const unsigned char d_src[32])
-{
- union {
- struct {
- unsigned char u_dst[32];
- unsigned char u_src[32];
- unsigned char d_src[32];
- } x25519;
- unsigned long long buff[512];
- } param;
- int rc;
-
- memset(¶m, 0, sizeof(param));
-
- s390x_flip_endian32(param.x25519.u_src, u_src);
- param.x25519.u_src[0] &= 0x7f;
- s390x_x25519_mod_p(param.x25519.u_src);
-
- s390x_flip_endian32(param.x25519.d_src, d_src);
- param.x25519.d_src[31] &= 248;
- param.x25519.d_src[0] &= 127;
- param.x25519.d_src[0] |= 64;
-
- rc = s390x_pcc(S390X_SCALAR_MULTIPLY_X25519, ¶m.x25519) ? 0 : 1;
- if (rc == 1)
- s390x_flip_endian32(u_dst, param.x25519.u_dst);
-
- OPENSSL_cleanse(param.x25519.d_src, sizeof(param.x25519.d_src));
- return rc;
-}
-
-int s390x_x448_mul(unsigned char u_dst[56],
- const unsigned char u_src[56],
- const unsigned char d_src[56])
-{
- union {
- struct {
- unsigned char u_dst[64];
- unsigned char u_src[64];
- unsigned char d_src[64];
- } x448;
- unsigned long long buff[512];
- } param;
- int rc;
-
- memset(¶m, 0, sizeof(param));
-
- memcpy(param.x448.u_src, u_src, 56);
- memcpy(param.x448.d_src, d_src, 56);
-
- s390x_flip_endian64(param.x448.u_src, param.x448.u_src);
- s390x_x448_mod_p(param.x448.u_src + 8);
-
- s390x_flip_endian64(param.x448.d_src, param.x448.d_src);
- param.x448.d_src[63] &= 252;
- param.x448.d_src[8] |= 128;
-
- rc = s390x_pcc(S390X_SCALAR_MULTIPLY_X448, ¶m.x448) ? 0 : 1;
- if (rc == 1) {
- s390x_flip_endian64(param.x448.u_dst, param.x448.u_dst);
- memcpy(u_dst, param.x448.u_dst, 56);
- }
-
- OPENSSL_cleanse(param.x448.d_src, sizeof(param.x448.d_src));
- return rc;
-}
-
-static int s390x_ed25519_mul(unsigned char x_dst[32],
- unsigned char y_dst[32],
- const unsigned char x_src[32],
- const unsigned char y_src[32],
- const unsigned char d_src[32])
-{
- union {
- struct {
- unsigned char x_dst[32];
- unsigned char y_dst[32];
- unsigned char x_src[32];
- unsigned char y_src[32];
- unsigned char d_src[32];
- } ed25519;
- unsigned long long buff[512];
- } param;
- int rc;
-
- memset(¶m, 0, sizeof(param));
-
- s390x_flip_endian32(param.ed25519.x_src, x_src);
- s390x_flip_endian32(param.ed25519.y_src, y_src);
- s390x_flip_endian32(param.ed25519.d_src, d_src);
-
- rc = s390x_pcc(S390X_SCALAR_MULTIPLY_ED25519, ¶m.ed25519) ? 0 : 1;
- if (rc == 1) {
- s390x_flip_endian32(x_dst, param.ed25519.x_dst);
- s390x_flip_endian32(y_dst, param.ed25519.y_dst);
- }
-
- OPENSSL_cleanse(param.ed25519.d_src, sizeof(param.ed25519.d_src));
- return rc;
-}
-
-static int s390x_ed448_mul(unsigned char x_dst[57],
- unsigned char y_dst[57],
- const unsigned char x_src[57],
- const unsigned char y_src[57],
- const unsigned char d_src[57])
-{
- union {
- struct {
- unsigned char x_dst[64];
- unsigned char y_dst[64];
- unsigned char x_src[64];
- unsigned char y_src[64];
- unsigned char d_src[64];
- } ed448;
- unsigned long long buff[512];
- } param;
- int rc;
-
- memset(¶m, 0, sizeof(param));
-
- memcpy(param.ed448.x_src, x_src, 57);
- memcpy(param.ed448.y_src, y_src, 57);
- memcpy(param.ed448.d_src, d_src, 57);
- s390x_flip_endian64(param.ed448.x_src, param.ed448.x_src);
- s390x_flip_endian64(param.ed448.y_src, param.ed448.y_src);
- s390x_flip_endian64(param.ed448.d_src, param.ed448.d_src);
-
- rc = s390x_pcc(S390X_SCALAR_MULTIPLY_ED448, ¶m.ed448) ? 0 : 1;
- if (rc == 1) {
- s390x_flip_endian64(param.ed448.x_dst, param.ed448.x_dst);
- s390x_flip_endian64(param.ed448.y_dst, param.ed448.y_dst);
- memcpy(x_dst, param.ed448.x_dst, 57);
- memcpy(y_dst, param.ed448.y_dst, 57);
- }
-
- OPENSSL_cleanse(param.ed448.d_src, sizeof(param.ed448.d_src));
- return rc;
-}
static void *s390x_ecx_keygen25519(struct ecx_gen_ctx *gctx)
{
unsigned char *privkey = NULL, *pubkey;
if (key == NULL) {
- PROVerr(0, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
goto err;
}
privkey = ecx_key_allocate_privkey(key);
if (privkey == NULL) {
- PROVerr(0, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (RAND_priv_bytes(privkey, X25519_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(gctx->libctx, privkey, X25519_KEYLEN) <= 0)
goto err;
privkey[0] &= 248;
if (s390x_x25519_mul(pubkey, generator, privkey) != 1)
goto err;
-
return key;
err:
ecx_key_free(key);
unsigned char *privkey = NULL, *pubkey;
if (key == NULL) {
- PROVerr(0, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
goto err;
}
privkey = ecx_key_allocate_privkey(key);
if (privkey == NULL) {
- PROVerr(0, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (RAND_priv_bytes(privkey, X448_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(gctx->libctx, privkey, X448_KEYLEN) <= 0)
goto err;
privkey[0] &= 252;
if (s390x_x448_mul(pubkey, generator, privkey) != 1)
goto err;
-
return key;
err:
ecx_key_free(key);
ECX_KEY *key = ecx_key_new(ECX_KEY_TYPE_ED25519, 1);
unsigned char *privkey = NULL, *pubkey;
unsigned int sz;
+ EVP_MD *sha = NULL;
+ int j;
if (key == NULL) {
- PROVerr(0, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
goto err;
}
privkey = ecx_key_allocate_privkey(key);
if (privkey == NULL) {
- PROVerr(0, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (RAND_priv_bytes(privkey, ED25519_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(gctx->libctx, privkey, ED25519_KEYLEN) <= 0)
goto err;
- if (!EVP_Digest(privkey, 32, buff, &sz, EVP_sha512(), NULL))
+ sha = EVP_MD_fetch(gctx->libctx, "SHA512", NULL);
+ if (sha == NULL)
+ goto err;
+ j = EVP_Digest(privkey, 32, buff, &sz, sha, NULL);
+ EVP_MD_free(sha);
+ if (!j)
goto err;
buff[0] &= 248;
ECX_KEY *key = ecx_key_new(ECX_KEY_TYPE_ED448, 1);
unsigned char *privkey = NULL, *pubkey;
EVP_MD_CTX *hashctx = NULL;
+ EVP_MD *shake = NULL;
if (key == NULL) {
- PROVerr(0, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
goto err;
}
privkey = ecx_key_allocate_privkey(key);
if (privkey == NULL) {
- PROVerr(0, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (RAND_priv_bytes(privkey, ED448_KEYLEN) <= 0)
+ shake = EVP_MD_fetch(gctx->libctx, "SHAKE256", NULL);
+ if (shake == NULL)
+ goto err;
+ if (RAND_priv_bytes_ex(gctx->libctx, privkey, ED448_KEYLEN) <= 0)
goto err;
hashctx = EVP_MD_CTX_new();
if (hashctx == NULL)
goto err;
- if (EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL) != 1)
+ if (EVP_DigestInit_ex(hashctx, shake, NULL) != 1)
goto err;
if (EVP_DigestUpdate(hashctx, privkey, 57) != 1)
goto err;
goto err;
pubkey[56] |= ((x_dst[0] & 0x01) << 7);
-
EVP_MD_CTX_free(hashctx);
+ EVP_MD_free(shake);
return key;
err:
ecx_key_free(key);
EVP_MD_CTX_free(hashctx);
+ EVP_MD_free(shake);
return NULL;
}
#endif
projects / oweals / openssl.git / commitdiff