From: Juliusz Sosinowicz Date: Wed, 8 Mar 2023 17:18:48 +0000 (+0100) Subject: wolfSSL: Add crypto_ecdh_init2() X-Git-Tag: hostap_2_11~842 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=732ed5abe162be5f4da2dd208dfc5b989c731694;p=thirdparty%2Fhostap.git wolfSSL: Add crypto_ecdh_init2() Signed-off-by: Juliusz Sosinowicz --- diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c index 8af9339bf..95c5208a2 100644 --- a/src/crypto/crypto_wolfssl.c +++ b/src/crypto/crypto_wolfssl.c @@ -2012,6 +2012,12 @@ int crypto_ec_point_cmp(const struct crypto_ec *e, return wc_ecc_cmp_point((ecc_point *) a, (ecc_point *) b); } +struct crypto_ec_key { + ecc_key *eckey; + WC_RNG *rng; /* Needs to be initialized before use. + * *NOT* initialized in crypto_ec_key_init */ +}; + struct crypto_ecdh { struct crypto_ec *ec; @@ -2082,6 +2088,36 @@ struct crypto_ecdh * crypto_ecdh_init(int group) } +struct crypto_ecdh * crypto_ecdh_init2(int group, struct crypto_ec_key *own_key) +{ + struct crypto_ecdh *ret = NULL; + + if (!own_key || crypto_ec_key_group(own_key) != group) { + LOG_INVALID_PARAMETERS(); + return NULL; + } + + ret = _crypto_ecdh_init(group); + if (ret) { + /* Already init'ed to the right group. Enough to substitute the + * key. */ + ecc_key_deinit(ret->ec->key); + ret->ec->key = own_key->eckey; + ret->ec->own_key = false; +#if defined(ECC_TIMING_RESISTANT) && !defined(WOLFSSL_OLD_FIPS) + if (!ret->ec->key->rng) { + int err = wc_ecc_set_rng(ret->ec->key, ret->rng); + + if (err != 0) + LOG_WOLF_ERROR_FUNC(wc_ecc_set_rng, err); + } +#endif /* ECC_TIMING_RESISTANT && !CONFIG_FIPS */ + } + + return ret; +} + + void crypto_ecdh_deinit(struct crypto_ecdh *ecdh) { if (ecdh) { @@ -2194,14 +2230,6 @@ size_t crypto_ecdh_prime_len(struct crypto_ecdh *ecdh) return crypto_ec_prime_len(ecdh->ec); } - -struct crypto_ec_key { - ecc_key *eckey; - WC_RNG *rng; /* Needs to be initialized before use. - * *NOT* initialized in crypto_ec_key_init */ -}; - - static struct crypto_ec_key * crypto_ec_key_init(void) { struct crypto_ec_key *key;