Add ECDH to fips provider

Note: This PR has not attempted to move the curves into the provider dispatch table. Mappings between the curve name / nid have been added to the inbuilt curve table. Reviewed-by: N Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11133)

Add ECDH to fips provider
Note: This PR has not attempted to move the curves into the provider dispatch table. Mappings between the curve name / nid have been added to the inbuilt curve table. Reviewed-by: N Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11133)
1c725f46 · Shane Lontis · a173cc9c · 1c725f46 · 1c725f46 · 1c725f46
9 changed file
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -627,6 +627,11 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,

 }

+OPENSSL_CTX *ec_key_get_libctx(const EC_KEY *key)
+{
+    return key->libctx;
+}
+
 const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key)
 {
    return key->group;

--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1261,8 +1261,3 @@ int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)

    return group->meth->blind_coordinates(group, p, ctx);
 }
-
-OPENSSL_CTX *ec_key_get_libctx(const EC_KEY *eckey)
-{
-    return eckey->libctx;
-}
--- a/include/crypto/ec.h
+++ b/include/crypto/ec.h
@@ -54,5 +54,7 @@ int ec_key_public_check(const EC_KEY *eckey, BN_CTX *ctx);
 int ec_key_private_check(const EC_KEY *eckey);
 int ec_key_pairwise_check(const EC_KEY *eckey, BN_CTX *ctx);
 OPENSSL_CTX *ec_key_get_libctx(const EC_KEY *eckey);
+const char *ec_curve_nid2name(int nid);
+int ec_curve_name2nid(const char *name);
 # endif /* OPENSSL_NO_EC */
 #endif
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -794,6 +794,9 @@ static const OSSL_ALGORITHM fips_kdfs[] = {
 static const OSSL_ALGORITHM fips_keyexch[] = {
 #ifndef OPENSSL_NO_DH
    { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keyexch_functions },
+#endif
+#ifndef OPENSSL_NO_EC
+    { "ECDH:id-ecPublicKey", "provider=fips,fips=yes", ecdh_keyexch_functions },
 #endif
    { NULL, NULL, NULL }
 };
@@ -818,6 +821,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
    { "DSA", "provider=fips,fips=yes", dsa_keymgmt_functions },
 #endif
    { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_keymgmt_functions },
+#ifndef OPENSSL_NO_EC
+    { "EC:id-ecPublicKey", "provider=fips,fips=yes", ec_keymgmt_functions },
+#endif
    { NULL, NULL, NULL }
 };


--- a/providers/implementations/exchange/build.info
+++ b/providers/implementations/exchange/build.info
@@ -22,5 +22,6 @@ ENDIF
 IF[{- !$disabled{ec} -}]
  SOURCE[$ECX_GOAL]=ecx_exch.c
  DEFINE[$ECX_GOAL]=$ECDEF
-  SOURCE[$ECDH_GOAL]=ecdh_exch.c
+  SOURCE[../../libfips.a]=ecdh_exch.c
+  SOURCE[../../libnonfips.a]=ecdh_exch.c
 ENDIF
--- a/providers/implementations/exchange/ecdh_exch.c
+++ b/providers/implementations/exchange/ecdh_exch.c
@@ -458,6 +458,7 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret,
    return ret;
 }

+#ifndef FIPS_MODE
 static ossl_inline
 int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret,
                          size_t *psecretlen, size_t outlen)
@@ -497,6 +498,7 @@ int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret,
    OPENSSL_secure_clear_free(stmp, stmplen);
    return ret;
 }
+#endif /* FIPS_MODE */

 static
 int ecdh_derive(void *vpecdhctx, unsigned char *secret,
@@ -507,8 +509,13 @@ int ecdh_derive(void *vpecdhctx, unsigned char *secret,
    switch (pecdhctx->kdf_type) {
        case PROV_ECDH_KDF_NONE:
            return ecdh_plain_derive(vpecdhctx, secret, psecretlen, outlen);
+#ifndef FIPS_MODE
        case PROV_ECDH_KDF_X9_63:
            return ecdh_X9_63_kdf_derive(vpecdhctx, secret, psecretlen, outlen);
+
+#endif /* FIPS_MODE */
+        default:
+            break;
    }

    return 0;

--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -23,6 +23,7 @@
 #include "internal/param_build.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
+#include "prov/provider_ctx.h"

 static OSSL_OP_keymgmt_new_fn ec_newdata;
 static OSSL_OP_keymgmt_free_fn ec_freedata;
@@ -81,10 +82,11 @@ int params_to_domparams(EC_KEY *ec, const OSSL_PARAM params[])

        if (!OSSL_PARAM_get_utf8_string(param_ec_name, &curve_name, 0)
                || curve_name == NULL
-                || (curve_nid = OBJ_sn2nid(curve_name)) == NID_undef)
+                || (curve_nid = ec_curve_name2nid(curve_name)) == NID_undef)
            goto err;

-        if ((ecg = EC_GROUP_new_by_curve_name(curve_nid)) == NULL)
+        if ((ecg = EC_GROUP_new_by_curve_name_ex(ec_key_get_libctx(ec),
+                                                 curve_nid)) == NULL)
            goto err;
    }

@@ -130,7 +132,7 @@ int domparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl)
        /* named curve */
        const char *curve_name = NULL;

-        if ((curve_name = OBJ_nid2sn(curve_nid)) == NULL)
+        if ((curve_name = ec_curve_nid2name(curve_nid)) == NULL)
            return 0;

        if (!ossl_param_bld_push_utf8_string(tmpl, OSSL_PKEY_PARAM_EC_NAME, curve_name, 0))
@@ -152,6 +154,7 @@ static ossl_inline
 int params_to_key(EC_KEY *ec, const OSSL_PARAM params[], int include_private)
 {
    const OSSL_PARAM *param_priv_key, *param_pub_key;
+    BN_CTX *ctx = NULL;
    BIGNUM *priv_key = NULL;
    unsigned char *pub_key = NULL;
    size_t pub_key_len;
@@ -168,6 +171,9 @@ int params_to_key(EC_KEY *ec, const OSSL_PARAM params[], int include_private)
    param_pub_key =
        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);

+    ctx = BN_CTX_new_ex(ec_key_get_libctx(ec));
+    if (ctx == NULL)
+        goto err;
    /*
     * We want to have at least a public key either way, so we end up
     * requiring it unconditionally.
@@ -177,7 +183,7 @@ int params_to_key(EC_KEY *ec, const OSSL_PARAM params[], int include_private)
                                            (void **)&pub_key, 0, &pub_key_len)
            || (pub_point = EC_POINT_new(ecg)) == NULL
            || !EC_POINT_oct2point(ecg, pub_point,
-                                   pub_key, pub_key_len, NULL))
+                                   pub_key, pub_key_len, ctx))
        goto err;

    if (param_priv_key != NULL && include_private) {
@@ -223,7 +229,7 @@ int params_to_key(EC_KEY *ec, const OSSL_PARAM params[], int include_private)

        fixed_top = bn_get_top(order) + 2;

-        if ((priv_key = BN_new()) == NULL)
+        if ((priv_key = BN_secure_new()) == NULL)
            goto err;
        if (bn_wexpand(priv_key, fixed_top) == NULL)
            goto err;
@@ -243,6 +249,7 @@ int params_to_key(EC_KEY *ec, const OSSL_PARAM params[], int include_private)
    ok = 1;

 err:
+    BN_CTX_free(ctx);
    BN_clear_free(priv_key);
    OPENSSL_free(pub_key);
    EC_POINT_free(pub_point);
@@ -411,7 +418,7 @@ int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl)
 static
 void *ec_newdata(void *provctx)
 {
-    return EC_KEY_new();
+    return EC_KEY_new_ex(PROV_LIBRARY_CONTEXT_OF(provctx));
 }

 static

--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -31,9 +31,9 @@ my @configs = ( $defaultcnf );
 # Only add the FIPS config if the FIPS module has been built
 push @configs, 'fips.cnf' unless $no_fips;

-my @files = qw( evpciph.txt evpdigest.txt evppkey.txt);
+my @files = qw( evpciph.txt evpdigest.txt evppkey.txt evppkey_ecc.txt);
 my @defltfiles = qw( evpencod.txt evpkdf.txt evppkey_kdf.txt evpmac.txt
-    evppbe.txt evppkey_ecc.txt evpcase.txt evpccmcavs.txt );
+    evppbe.txt evpcase.txt evpccmcavs.txt );
 my @ideafiles = qw( evpciph_idea.txt );
 push @defltfiles, @ideafiles unless disabled("idea");