From 17967f54cb9c18f135fe7b6979787f7ca03f2de8 Mon Sep 17 00:00:00 2001 From: Jake Massimo Date: Tue, 4 Feb 2025 12:50:32 -0800 Subject: [PATCH 1/3] Move PQDSA to FIPSMODULE --- crypto/CMakeLists.txt | 2 - crypto/evp_extra/evp_asn1.c | 2 +- crypto/evp_extra/p_methods.c | 1 - crypto/evp_extra/p_pqdsa_asn1.c | 2 +- crypto/evp_extra/p_pqdsa_test.cc | 2 +- crypto/evp_extra/print.c | 2 +- crypto/fipsmodule/bcm.c | 2 + crypto/fipsmodule/evp/digestsign.c | 2 +- crypto/fipsmodule/evp/evp_ctx.c | 1 + crypto/fipsmodule/evp/internal.h | 4 +- .../{evp_extra => fipsmodule/evp}/p_pqdsa.c | 51 +++--- crypto/{ => fipsmodule}/pqdsa/internal.h | 0 crypto/{ => fipsmodule}/pqdsa/pqdsa.c | 147 +++++++++--------- crypto/x509/algorithm.c | 2 +- crypto/x509/x509_test.cc | 2 +- 15 files changed, 112 insertions(+), 110 deletions(-) rename crypto/{evp_extra => fipsmodule/evp}/p_pqdsa.c (92%) rename crypto/{ => fipsmodule}/pqdsa/internal.h (100%) rename crypto/{ => fipsmodule}/pqdsa/pqdsa.c (62%) diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 3aed47cbe9..2ef8051e1a 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -421,7 +421,6 @@ add_library( evp_extra/p_ed25519_asn1.c evp_extra/p_hmac_asn1.c evp_extra/p_kem_asn1.c - evp_extra/p_pqdsa.c evp_extra/p_pqdsa_asn1.c evp_extra/p_rsa_asn1.c evp_extra/p_x25519.c @@ -471,7 +470,6 @@ add_library( poly1305/poly1305_arm.c poly1305/poly1305_vec.c pool/pool.c - pqdsa/pqdsa.c rand_extra/deterministic.c rand_extra/entropy_passive.c rand_extra/forkunsafe.c diff --git a/crypto/evp_extra/evp_asn1.c b/crypto/evp_extra/evp_asn1.c index 69d34a492d..254222a673 100644 --- a/crypto/evp_extra/evp_asn1.c +++ b/crypto/evp_extra/evp_asn1.c @@ -68,7 +68,7 @@ #include "../bytestring/internal.h" #include "../internal.h" #include "internal.h" -#include "../pqdsa/internal.h" +#include "../fipsmodule/pqdsa/internal.h" // parse_key_type takes the algorithm cbs sequence |cbs| and extracts the OID. // The OID is then searched against ASN.1 methods for a method with that OID. diff --git a/crypto/evp_extra/p_methods.c b/crypto/evp_extra/p_methods.c index 6dce228f19..6e8f591f03 100644 --- a/crypto/evp_extra/p_methods.c +++ b/crypto/evp_extra/p_methods.c @@ -11,7 +11,6 @@ static const EVP_PKEY_METHOD *const non_fips_pkey_evp_methods[] = { &x25519_pkey_meth, &dh_pkey_meth, &dsa_pkey_meth, - &pqdsa_pkey_meth }; const EVP_PKEY_ASN1_METHOD *const asn1_evp_pkey_methods[] = { diff --git a/crypto/evp_extra/p_pqdsa_asn1.c b/crypto/evp_extra/p_pqdsa_asn1.c index 29a6ba9e7a..263b559357 100644 --- a/crypto/evp_extra/p_pqdsa_asn1.c +++ b/crypto/evp_extra/p_pqdsa_asn1.c @@ -7,7 +7,7 @@ #include #include -#include "../crypto/pqdsa/internal.h" +#include "../crypto/fipsmodule/pqdsa/internal.h" #include "../crypto/internal.h" #include "../fipsmodule/evp/internal.h" #include "../ml_dsa/ml_dsa.h" diff --git a/crypto/evp_extra/p_pqdsa_test.cc b/crypto/evp_extra/p_pqdsa_test.cc index bc1833c9eb..11b9e152e6 100644 --- a/crypto/evp_extra/p_pqdsa_test.cc +++ b/crypto/evp_extra/p_pqdsa_test.cc @@ -15,7 +15,7 @@ #include "../fipsmodule/evp/internal.h" #include "../internal.h" #include "../ml_dsa/ml_dsa.h" -#include "../pqdsa/internal.h" +#include "../fipsmodule/pqdsa/internal.h" #include "../test/file_test.h" #include "../test/test_util.h" diff --git a/crypto/evp_extra/print.c b/crypto/evp_extra/print.c index 9163c99edf..0ec9e0c902 100644 --- a/crypto/evp_extra/print.c +++ b/crypto/evp_extra/print.c @@ -65,7 +65,7 @@ #include "../fipsmodule/evp/internal.h" #include "../fipsmodule/rsa/internal.h" #include "../ml_dsa/ml_dsa.h" -#include "../pqdsa/internal.h" +#include "../fipsmodule/pqdsa/internal.h" static int print_hex(BIO *bp, const uint8_t *data, size_t len, int off) { for (size_t i = 0; i < len; i++) { diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c index 31eabded4c..20dd505866 100644 --- a/crypto/fipsmodule/bcm.c +++ b/crypto/fipsmodule/bcm.c @@ -118,6 +118,7 @@ #include "evp/p_hkdf.c" #include "evp/p_hmac.c" #include "evp/p_kem.c" +#include "evp/p_pqdsa.c" #include "evp/p_rsa.c" #include "hkdf/hkdf.c" #include "hmac/hmac.c" @@ -136,6 +137,7 @@ #include "modes/xts.c" #include "modes/polyval.c" #include "pbkdf/pbkdf.c" +#include "pqdsa/pqdsa.c" #include "rand/ctrdrbg.c" #include "rand/fork_detect.c" #include "rand/rand.c" diff --git a/crypto/fipsmodule/evp/digestsign.c b/crypto/fipsmodule/evp/digestsign.c index 794e452301..f804f0b272 100644 --- a/crypto/fipsmodule/evp/digestsign.c +++ b/crypto/fipsmodule/evp/digestsign.c @@ -57,7 +57,7 @@ #include -#include "../../pqdsa/internal.h" +#include "../pqdsa/internal.h" #include "../delocate.h" #include "../digest/internal.h" #include "internal.h" diff --git a/crypto/fipsmodule/evp/evp_ctx.c b/crypto/fipsmodule/evp/evp_ctx.c index 6e35a5ba7f..310d7ec674 100644 --- a/crypto/fipsmodule/evp/evp_ctx.c +++ b/crypto/fipsmodule/evp/evp_ctx.c @@ -75,6 +75,7 @@ DEFINE_LOCAL_DATA(struct fips_evp_pkey_methods, AWSLC_fips_evp_pkey_methods) { out->methods[4] = EVP_PKEY_hmac_pkey_meth(); out->methods[5] = EVP_PKEY_ed25519_pkey_meth(); out->methods[6] = EVP_PKEY_kem_pkey_meth(); + out->methods[7] = EVP_PKEY_pqdsa_pkey_meth(); } static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) { diff --git a/crypto/fipsmodule/evp/internal.h b/crypto/fipsmodule/evp/internal.h index 46ff161ba1..d5186af738 100644 --- a/crypto/fipsmodule/evp/internal.h +++ b/crypto/fipsmodule/evp/internal.h @@ -381,8 +381,8 @@ typedef struct { void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); #define ED25519_PUBLIC_KEY_OFFSET 32 -#define FIPS_EVP_PKEY_METHODS 7 -#define NON_FIPS_EVP_PKEY_METHODS 4 +#define FIPS_EVP_PKEY_METHODS 8 +#define NON_FIPS_EVP_PKEY_METHODS 3 #define ASN1_EVP_PKEY_METHODS 10 struct fips_evp_pkey_methods { diff --git a/crypto/evp_extra/p_pqdsa.c b/crypto/fipsmodule/evp/p_pqdsa.c similarity index 92% rename from crypto/evp_extra/p_pqdsa.c rename to crypto/fipsmodule/evp/p_pqdsa.c index 612ea0e69d..1cb7c9c532 100644 --- a/crypto/evp_extra/p_pqdsa.c +++ b/crypto/fipsmodule/evp/p_pqdsa.c @@ -6,7 +6,8 @@ #include #include "../crypto/evp_extra/internal.h" -#include "../crypto/ml_dsa/ml_dsa.h" +#include "../delocate.h" +#include "../../ml_dsa/ml_dsa.h" #include "../crypto/internal.h" #include "../pqdsa/internal.h" @@ -336,27 +337,27 @@ EVP_PKEY *EVP_PKEY_pqdsa_new_raw_private_key(int nid, const uint8_t *in, size_t return NULL; } -const EVP_PKEY_METHOD pqdsa_pkey_meth = { - EVP_PKEY_PQDSA, - pkey_pqdsa_init, - NULL, - pkey_pqdsa_cleanup, - pkey_pqdsa_keygen, - NULL, - pkey_pqdsa_sign, - pkey_pqdsa_sign_message, - NULL, - pkey_pqdsa_verify, - pkey_pqdsa_verify_message, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, -}; +DEFINE_METHOD_FUNCTION(EVP_PKEY_METHOD, EVP_PKEY_pqdsa_pkey_meth) { + out->pkey_id = EVP_PKEY_PQDSA; + out->init = pkey_pqdsa_init; + out->copy = NULL; + out->cleanup = pkey_pqdsa_cleanup; + out->keygen = pkey_pqdsa_keygen; + out->sign_init = NULL; + out->sign = pkey_pqdsa_sign; + out->sign_message = pkey_pqdsa_sign_message; + out->verify_init = NULL; + out->verify = pkey_pqdsa_verify; + out->verify_message = pkey_pqdsa_verify_message; + out->verify_recover = NULL; + out->encrypt = NULL; + out->decrypt = NULL; + out->derive = NULL; + out->paramgen = NULL; + out->ctrl = NULL; + out->ctrl_str = NULL; + out->keygen_deterministic = NULL; + out->encapsulate_deterministic = NULL; + out->encapsulate = NULL; + out->decapsulate = NULL; +} diff --git a/crypto/pqdsa/internal.h b/crypto/fipsmodule/pqdsa/internal.h similarity index 100% rename from crypto/pqdsa/internal.h rename to crypto/fipsmodule/pqdsa/internal.h diff --git a/crypto/pqdsa/pqdsa.c b/crypto/fipsmodule/pqdsa/pqdsa.c similarity index 62% rename from crypto/pqdsa/pqdsa.c rename to crypto/fipsmodule/pqdsa/pqdsa.c index 84e3bb09f9..4b78c4e54c 100644 --- a/crypto/pqdsa/pqdsa.c +++ b/crypto/fipsmodule/pqdsa/pqdsa.c @@ -2,9 +2,10 @@ // SPDX-License-Identifier: Apache-2.0 OR ISC #include #include - #include -#include "../evp_extra/internal.h" + +#include "../delocate.h" +#include "../../evp_extra/internal.h" #include "../crypto/ml_dsa/ml_dsa.h" #include "internal.h" @@ -146,83 +147,83 @@ int PQDSA_KEY_set_raw_private_key(PQDSA_KEY *key, CBS *in) { return 1; } -static const PQDSA_METHOD sig_ml_dsa_44_method = { - ml_dsa_44_keypair, - ml_dsa_44_keypair_internal, - ml_dsa_44_sign, - ml_dsa_extmu_44_sign, - ml_dsa_44_verify, - ml_dsa_extmu_44_verify, - ml_dsa_44_pack_pk_from_sk -}; - -static const PQDSA_METHOD sig_ml_dsa_65_method = { - ml_dsa_65_keypair, - ml_dsa_65_keypair_internal, - ml_dsa_65_sign, - ml_dsa_extmu_65_sign, - ml_dsa_65_verify, - ml_dsa_extmu_65_verify, - ml_dsa_65_pack_pk_from_sk -}; - -static const PQDSA_METHOD sig_ml_dsa_87_method = { - ml_dsa_87_keypair, - ml_dsa_87_keypair_internal, - ml_dsa_87_sign, - ml_dsa_extmu_87_sign, - ml_dsa_87_verify, - ml_dsa_extmu_87_verify, - ml_dsa_87_pack_pk_from_sk -}; - -static const PQDSA sig_ml_dsa_44 = { - NID_MLDSA44, - kOIDMLDSA44, - sizeof(kOIDMLDSA44), - "MLDSA44", - MLDSA44_PUBLIC_KEY_BYTES, - MLDSA44_PRIVATE_KEY_BYTES, - MLDSA44_SIGNATURE_BYTES, - MLDSA44_KEYGEN_SEED_BYTES, - MLDSA44_SIGNATURE_SEED_BYTES, - &sig_ml_dsa_44_method, -}; - -static const PQDSA sig_ml_dsa_65 = { - NID_MLDSA65, - kOIDMLDSA65, - sizeof(kOIDMLDSA65), - "MLDSA65", - MLDSA65_PUBLIC_KEY_BYTES, - MLDSA65_PRIVATE_KEY_BYTES, - MLDSA65_SIGNATURE_BYTES, - MLDSA65_KEYGEN_SEED_BYTES, - MLDSA65_SIGNATURE_SEED_BYTES, - &sig_ml_dsa_65_method, -}; - -static const PQDSA sig_ml_dsa_87 = { - NID_MLDSA87, - kOIDMLDSA87, - sizeof(kOIDMLDSA87), - "MLDSA87", - MLDSA87_PUBLIC_KEY_BYTES, - MLDSA87_PRIVATE_KEY_BYTES, - MLDSA87_SIGNATURE_BYTES, - MLDSA87_KEYGEN_SEED_BYTES, - MLDSA87_SIGNATURE_SEED_BYTES, - &sig_ml_dsa_87_method, -}; +DEFINE_LOCAL_DATA(PQDSA_METHOD, sig_ml_dsa_44_method) { + out->pqdsa_keygen = ml_dsa_44_keypair; + out->pqdsa_keygen_internal = ml_dsa_44_keypair_internal; + out->pqdsa_sign_message = ml_dsa_44_sign; + out->pqdsa_sign = ml_dsa_extmu_44_sign; + out->pqdsa_verify_message = ml_dsa_44_verify; + out->pqdsa_verify = ml_dsa_extmu_44_verify; + out->pqdsa_pack_pk_from_sk = ml_dsa_44_pack_pk_from_sk; +} + +DEFINE_LOCAL_DATA(PQDSA_METHOD, sig_ml_dsa_65_method) { + out->pqdsa_keygen = ml_dsa_65_keypair; + out->pqdsa_keygen_internal = ml_dsa_65_keypair_internal; + out->pqdsa_sign_message = ml_dsa_65_sign; + out->pqdsa_sign = ml_dsa_extmu_65_sign; + out->pqdsa_verify_message = ml_dsa_65_verify; + out->pqdsa_verify = ml_dsa_extmu_65_verify; + out->pqdsa_pack_pk_from_sk = ml_dsa_65_pack_pk_from_sk; +} + +DEFINE_LOCAL_DATA(PQDSA_METHOD, sig_ml_dsa_87_method) { + out->pqdsa_keygen = ml_dsa_87_keypair; + out->pqdsa_keygen_internal = ml_dsa_87_keypair_internal; + out->pqdsa_sign_message = ml_dsa_87_sign; + out->pqdsa_sign = ml_dsa_extmu_87_sign; + out->pqdsa_verify_message = ml_dsa_87_verify; + out->pqdsa_verify = ml_dsa_extmu_87_verify; + out->pqdsa_pack_pk_from_sk = ml_dsa_87_pack_pk_from_sk; +} + +DEFINE_LOCAL_DATA(PQDSA, sig_ml_dsa_44) { + out->nid = NID_MLDSA44; + out->oid = kOIDMLDSA44; + out->oid_len = sizeof(kOIDMLDSA44); + out->comment = "MLDSA44"; + out->public_key_len = MLDSA44_PUBLIC_KEY_BYTES; + out->private_key_len = MLDSA44_PRIVATE_KEY_BYTES; + out->signature_len = MLDSA44_SIGNATURE_BYTES; + out->keygen_seed_len = MLDSA44_KEYGEN_SEED_BYTES; + out->sign_seed_len = MLDSA44_SIGNATURE_SEED_BYTES; + out->method = sig_ml_dsa_44_method(); +} + +DEFINE_LOCAL_DATA(PQDSA, sig_ml_dsa_65) { + out->nid = NID_MLDSA65; + out->oid = kOIDMLDSA65; + out->oid_len = sizeof(kOIDMLDSA65); + out->comment = "MLDSA65"; + out->public_key_len = MLDSA65_PUBLIC_KEY_BYTES; + out->private_key_len = MLDSA65_PRIVATE_KEY_BYTES; + out->signature_len = MLDSA65_SIGNATURE_BYTES; + out->keygen_seed_len = MLDSA65_KEYGEN_SEED_BYTES; + out->sign_seed_len = MLDSA65_SIGNATURE_SEED_BYTES; + out->method = sig_ml_dsa_65_method(); +} + +DEFINE_LOCAL_DATA(PQDSA, sig_ml_dsa_87) { + out->nid = NID_MLDSA87; + out->oid = kOIDMLDSA87; + out->oid_len = sizeof(kOIDMLDSA87); + out->comment = "MLDSA87"; + out->public_key_len = MLDSA87_PUBLIC_KEY_BYTES; + out->private_key_len = MLDSA87_PRIVATE_KEY_BYTES; + out->signature_len = MLDSA87_SIGNATURE_BYTES; + out->keygen_seed_len = MLDSA87_KEYGEN_SEED_BYTES; + out->sign_seed_len = MLDSA87_SIGNATURE_SEED_BYTES; + out->method = sig_ml_dsa_87_method(); +} const PQDSA *PQDSA_find_dsa_by_nid(int nid) { switch (nid) { case NID_MLDSA44: - return &sig_ml_dsa_44; + return sig_ml_dsa_44(); case NID_MLDSA65: - return &sig_ml_dsa_65; + return sig_ml_dsa_65(); case NID_MLDSA87: - return &sig_ml_dsa_87; + return sig_ml_dsa_87(); default: return NULL; } diff --git a/crypto/x509/algorithm.c b/crypto/x509/algorithm.c index 4b17b6276e..38b919252e 100644 --- a/crypto/x509/algorithm.c +++ b/crypto/x509/algorithm.c @@ -62,7 +62,7 @@ #include #include -#include "../pqdsa/internal.h" +#include "../fipsmodule/pqdsa/internal.h" #include "../fipsmodule/evp/internal.h" #include "internal.h" diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index 6a5b99d74c..7fda8f0c58 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -39,7 +39,7 @@ #include "../evp_extra/internal.h" #include "../internal.h" #include "../test/test_util.h" -#include "../pqdsa/internal.h" +#include "../fipsmodule/pqdsa/internal.h" #if defined(OPENSSL_THREADS) #include From 8ffe68c183446b2190cff3fd23372dd8c3fb90e0 Mon Sep 17 00:00:00 2001 From: Jake Massimo Date: Wed, 5 Feb 2025 08:52:32 -0800 Subject: [PATCH 2/3] attempt delocator fix --- crypto/fipsmodule/ec/p384.c | 26 +++++++++++++++++++++++--- crypto/fipsmodule/ec/p521.c | 27 ++++++++++++++++++++++++--- 2 files changed, 47 insertions(+), 6 deletions(-) diff --git a/crypto/fipsmodule/ec/p384.c b/crypto/fipsmodule/ec/p384.c index 707cd16c4c..ba5d780a79 100644 --- a/crypto/fipsmodule/ec/p384.c +++ b/crypto/fipsmodule/ec/p384.c @@ -83,6 +83,26 @@ static p384_limb_t p384_felem_nz(const p384_limb_t in1[P384_NLIMBS]) { #endif // EC_NISTP_USE_S2N_BIGNUM +// The wrapper functions are needed for FIPS static build. +// Otherwise, initializing ec_nistp_meth with pointers to s2n-bignum +// functions directly generates :got: references that are also thought +// to be local_target by the delocator. +static inline void p384_felem_add_wrapper(ec_nistp_felem_limb *c, + const ec_nistp_felem_limb *a, + const ec_nistp_felem_limb *b) { + p384_felem_add(c, a, b); +} + +static inline void p384_felem_sub_wrapper(ec_nistp_felem_limb *c, + const ec_nistp_felem_limb *a, + const ec_nistp_felem_limb *b) { + p384_felem_sub(c, a, b); +} + +static inline void p384_felem_neg_wrapper(ec_nistp_felem_limb *c, + const ec_nistp_felem_limb *a) { + p384_felem_opp(c, a); +} static void p384_from_generic(p384_felem out, const EC_FELEM *in) { #ifdef OPENSSL_BIG_ENDIAN @@ -273,11 +293,11 @@ static void p384_point_add(p384_felem x3, p384_felem y3, p384_felem z3, DEFINE_METHOD_FUNCTION(ec_nistp_meth, p384_methods) { out->felem_num_limbs = P384_NLIMBS; out->felem_num_bits = 384; - out->felem_add = bignum_add_p384; - out->felem_sub = bignum_sub_p384; + out->felem_add = p384_felem_add_wrapper; + out->felem_sub = p384_felem_sub_wrapper; out->felem_mul = bignum_montmul_p384_selector; out->felem_sqr = bignum_montsqr_p384_selector; - out->felem_neg = bignum_neg_p384; + out->felem_neg = p384_felem_neg_wrapper; out->felem_nz = p384_felem_nz; out->felem_one = p384_felem_one; out->point_dbl = p384_point_double; diff --git a/crypto/fipsmodule/ec/p521.c b/crypto/fipsmodule/ec/p521.c index 6364794cb5..db45e51850 100644 --- a/crypto/fipsmodule/ec/p521.c +++ b/crypto/fipsmodule/ec/p521.c @@ -126,6 +126,27 @@ static const p521_limb_t p521_felem_p[P521_NLIMBS] = { #endif // EC_NISTP_USE_S2N_BIGNUM +// The wrapper functions are needed for FIPS static build. +// Otherwise, initializing ec_nistp_meth with pointers to s2n-bignum +// functions directly generates :got: references that are also thought +// to be local_target by the delocator. +static inline void p521_felem_add_wrapper(ec_nistp_felem_limb *c, + const ec_nistp_felem_limb *a, + const ec_nistp_felem_limb *b) { + p521_felem_add(c, a, b); +} + +static inline void p521_felem_sub_wrapper(ec_nistp_felem_limb *c, + const ec_nistp_felem_limb *a, + const ec_nistp_felem_limb *b) { + p521_felem_sub(c, a, b); +} + +static inline void p521_felem_neg_wrapper(ec_nistp_felem_limb *c, + const ec_nistp_felem_limb *a) { + p521_felem_opp(c, a); +} + static p521_limb_t p521_felem_nz(const p521_limb_t in1[P521_NLIMBS]) { p521_limb_t is_not_zero = 0; for (int i = 0; i < P521_NLIMBS; i++) { @@ -289,11 +310,11 @@ static void p521_point_add(p521_felem x3, p521_felem y3, p521_felem z3, DEFINE_METHOD_FUNCTION(ec_nistp_meth, p521_methods) { out->felem_num_limbs = P521_NLIMBS; out->felem_num_bits = 521; - out->felem_add = bignum_add_p521; - out->felem_sub = bignum_sub_p521; + out->felem_add = p521_felem_add_wrapper; + out->felem_sub = p521_felem_sub_wrapper; out->felem_mul = bignum_mul_p521_selector; out->felem_sqr = bignum_sqr_p521_selector; - out->felem_neg = bignum_neg_p521; + out->felem_neg = p521_felem_neg_wrapper; out->felem_nz = p521_felem_nz; out->felem_one = p521_felem_one; out->point_dbl = p521_point_double; From 47b2c14fb586dd717ee9e608690359d621662714 Mon Sep 17 00:00:00 2001 From: Jake Massimo Date: Wed, 5 Feb 2025 10:40:33 -0800 Subject: [PATCH 3/3] Revert "attempt delocator fix" This reverts commit 3ba67cb28fa63653c388a1e49a783880e0eacf0c. --- crypto/fipsmodule/ec/p384.c | 26 +++----------------------- crypto/fipsmodule/ec/p521.c | 27 +++------------------------ 2 files changed, 6 insertions(+), 47 deletions(-) diff --git a/crypto/fipsmodule/ec/p384.c b/crypto/fipsmodule/ec/p384.c index ba5d780a79..707cd16c4c 100644 --- a/crypto/fipsmodule/ec/p384.c +++ b/crypto/fipsmodule/ec/p384.c @@ -83,26 +83,6 @@ static p384_limb_t p384_felem_nz(const p384_limb_t in1[P384_NLIMBS]) { #endif // EC_NISTP_USE_S2N_BIGNUM -// The wrapper functions are needed for FIPS static build. -// Otherwise, initializing ec_nistp_meth with pointers to s2n-bignum -// functions directly generates :got: references that are also thought -// to be local_target by the delocator. -static inline void p384_felem_add_wrapper(ec_nistp_felem_limb *c, - const ec_nistp_felem_limb *a, - const ec_nistp_felem_limb *b) { - p384_felem_add(c, a, b); -} - -static inline void p384_felem_sub_wrapper(ec_nistp_felem_limb *c, - const ec_nistp_felem_limb *a, - const ec_nistp_felem_limb *b) { - p384_felem_sub(c, a, b); -} - -static inline void p384_felem_neg_wrapper(ec_nistp_felem_limb *c, - const ec_nistp_felem_limb *a) { - p384_felem_opp(c, a); -} static void p384_from_generic(p384_felem out, const EC_FELEM *in) { #ifdef OPENSSL_BIG_ENDIAN @@ -293,11 +273,11 @@ static void p384_point_add(p384_felem x3, p384_felem y3, p384_felem z3, DEFINE_METHOD_FUNCTION(ec_nistp_meth, p384_methods) { out->felem_num_limbs = P384_NLIMBS; out->felem_num_bits = 384; - out->felem_add = p384_felem_add_wrapper; - out->felem_sub = p384_felem_sub_wrapper; + out->felem_add = bignum_add_p384; + out->felem_sub = bignum_sub_p384; out->felem_mul = bignum_montmul_p384_selector; out->felem_sqr = bignum_montsqr_p384_selector; - out->felem_neg = p384_felem_neg_wrapper; + out->felem_neg = bignum_neg_p384; out->felem_nz = p384_felem_nz; out->felem_one = p384_felem_one; out->point_dbl = p384_point_double; diff --git a/crypto/fipsmodule/ec/p521.c b/crypto/fipsmodule/ec/p521.c index db45e51850..6364794cb5 100644 --- a/crypto/fipsmodule/ec/p521.c +++ b/crypto/fipsmodule/ec/p521.c @@ -126,27 +126,6 @@ static const p521_limb_t p521_felem_p[P521_NLIMBS] = { #endif // EC_NISTP_USE_S2N_BIGNUM -// The wrapper functions are needed for FIPS static build. -// Otherwise, initializing ec_nistp_meth with pointers to s2n-bignum -// functions directly generates :got: references that are also thought -// to be local_target by the delocator. -static inline void p521_felem_add_wrapper(ec_nistp_felem_limb *c, - const ec_nistp_felem_limb *a, - const ec_nistp_felem_limb *b) { - p521_felem_add(c, a, b); -} - -static inline void p521_felem_sub_wrapper(ec_nistp_felem_limb *c, - const ec_nistp_felem_limb *a, - const ec_nistp_felem_limb *b) { - p521_felem_sub(c, a, b); -} - -static inline void p521_felem_neg_wrapper(ec_nistp_felem_limb *c, - const ec_nistp_felem_limb *a) { - p521_felem_opp(c, a); -} - static p521_limb_t p521_felem_nz(const p521_limb_t in1[P521_NLIMBS]) { p521_limb_t is_not_zero = 0; for (int i = 0; i < P521_NLIMBS; i++) { @@ -310,11 +289,11 @@ static void p521_point_add(p521_felem x3, p521_felem y3, p521_felem z3, DEFINE_METHOD_FUNCTION(ec_nistp_meth, p521_methods) { out->felem_num_limbs = P521_NLIMBS; out->felem_num_bits = 521; - out->felem_add = p521_felem_add_wrapper; - out->felem_sub = p521_felem_sub_wrapper; + out->felem_add = bignum_add_p521; + out->felem_sub = bignum_sub_p521; out->felem_mul = bignum_mul_p521_selector; out->felem_sqr = bignum_sqr_p521_selector; - out->felem_neg = p521_felem_neg_wrapper; + out->felem_neg = bignum_neg_p521; out->felem_nz = p521_felem_nz; out->felem_one = p521_felem_one; out->point_dbl = p521_point_double;