Store EC_KEY's private key as an EC_SCALAR.
This isn't strictly necessary now that BIGNUMs are safe, but we get to
rely on type-system annotations from EC_SCALAR. Additionally,
EC_POINT_mul depends on BN_div, while the EC_SCALAR version does not.
Change-Id: I75e6967f3d35aef17278b94862f4e506baff5c23
Reviewed-on: https://boringssl-review.googlesource.com/26424
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/crypto/ecdh/ecdh.c b/crypto/ecdh/ecdh.c
index f38de2f..7634ba5 100644
--- a/crypto/ecdh/ecdh.c
+++ b/crypto/ecdh/ecdh.c
@@ -74,6 +74,7 @@
#include <openssl/err.h>
#include <openssl/mem.h>
+#include "../fipsmodule/ec/internal.h"
#include "../internal.h"
@@ -81,11 +82,11 @@
const EC_KEY *priv_key,
void *(*kdf)(const void *in, size_t inlen, void *out,
size_t *outlen)) {
- const BIGNUM *const priv = EC_KEY_get0_private_key(priv_key);
- if (priv == NULL) {
+ if (priv_key->priv_key == NULL) {
OPENSSL_PUT_ERROR(ECDH, ECDH_R_NO_PRIVATE_VALUE);
return -1;
}
+ const EC_SCALAR *const priv = &priv_key->priv_key->scalar;
BN_CTX *ctx = BN_CTX_new();
if (ctx == NULL) {
@@ -104,7 +105,7 @@
goto err;
}
- if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv, ctx)) {
+ if (!ec_point_mul_scalar(group, tmp, NULL, pub_key, priv, ctx)) {
OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE);
goto err;
}