diff options
| author | Juergen Christ <jchrist@linux.ibm.com> | 2022-09-26 14:26:28 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-09-27 16:52:22 +0200 |
| commit | d12b824ddaee502400c19bf8c32e1ada3111fc50 (patch) | |
| tree | 23027d9bb7a3d676f913abcb3c171bdc07c1e90f /providers | |
| parent | 8bc703c2886c2104f1d472ab681bc7a8c081427a (diff) | |
| download | openssl-new-d12b824ddaee502400c19bf8c32e1ada3111fc50.tar.gz | |
Fix HPKE and DHKEM for X25519 and X448 on s390x
The IKM was not respected by the s390x specific implementations of X25519 and
X448 keygen. This caused test failures and wrong results if the PCC
instruction was actually available and supported X25519 and/or X448.
Fixes: 78c44b05945b ("Add HPKE DHKEM provider support for EC, X25519 and X448.")
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19278)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/implementations/keymgmt/ecx_kmgmt.c | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index 70fad0150e..32dcc53c0b 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -881,8 +881,19 @@ static void *s390x_ecx_keygen25519(struct ecx_gen_ctx *gctx) goto err; } - if (RAND_priv_bytes_ex(gctx->libctx, privkey, X25519_KEYLEN, 0) <= 0) - goto err; +#ifndef FIPS_MODULE + if (gctx->dhkem_ikm != NULL && gctx->dhkem_ikmlen != 0) { + if (gctx->type != ECX_KEY_TYPE_X25519) + goto err; + if (!ossl_ecx_dhkem_derive_private(key, privkey, + gctx->dhkem_ikm, gctx->dhkem_ikmlen)) + goto err; + } else +#endif + { + if (RAND_priv_bytes_ex(gctx->libctx, privkey, X25519_KEYLEN, 0) <= 0) + goto err; + } privkey[0] &= 248; privkey[31] &= 127; @@ -927,8 +938,19 @@ static void *s390x_ecx_keygen448(struct ecx_gen_ctx *gctx) goto err; } - if (RAND_priv_bytes_ex(gctx->libctx, privkey, X448_KEYLEN, 0) <= 0) - goto err; +#ifndef FIPS_MODULE + if (gctx->dhkem_ikm != NULL && gctx->dhkem_ikmlen != 0) { + if (gctx->type != ECX_KEY_TYPE_X448) + goto err; + if (!ossl_ecx_dhkem_derive_private(key, privkey, + gctx->dhkem_ikm, gctx->dhkem_ikmlen)) + goto err; + } else +#endif + { + if (RAND_priv_bytes_ex(gctx->libctx, privkey, X448_KEYLEN, 0) <= 0) + goto err; + } privkey[0] &= 252; privkey[55] |= 128; |