fix the fips build

aws · May 3, 2024 · 4b5b472 · 4b5b472
1 parent ef5e5ff
commit 4b5b472
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 36 deletions.
diff --git a/crypto/fipsmodule/ec/ec_nistp.c b/crypto/fipsmodule/ec/ec_nistp.c
@@ -5,7 +5,6 @@
 ------------------------------------------------------------------------------------
 */
 
-#if !defined(OPENSSL_SMALL)
 // In this file we will implement elliptic curve point operations for
 // NIST curves P-256, P-384, and P-521. The idea is to implement the operations
 // in a generic way such that the code can be reused instead of having
@@ -58,7 +57,7 @@ typedef ec_nistp_felem_limb ec_nistp_felem[NISTP_FELEM_MAX_NUM_OF_LIMBS];
 // <https://github.com/mit-plv/fiat-crypto/blob/79f8b5f39ed609339f0233098dee1a3c4e6b3080/src/Curves/Weierstrass/Jacobian.v#L201>
 // Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed;
 // while x_out == y_in is not (maybe this works, but it's not tested).
-void ec_nistp_point_double(ec_nistp_felem_meth *ctx,
+void ec_nistp_point_double(const ec_nistp_felem_meth *ctx,
                            ec_nistp_felem_limb *x_out,
                            ec_nistp_felem_limb *y_out,
                            ec_nistp_felem_limb *z_out,
@@ -110,5 +109,3 @@ void ec_nistp_point_double(ec_nistp_felem_meth *ctx,
   ctx->add(gamma, gamma, gamma);
   ctx->sub(y_out, y_out, gamma);
 }
-
-#endif // OPENSSL_SMALL
diff --git a/crypto/fipsmodule/ec/ec_nistp.h b/crypto/fipsmodule/ec/ec_nistp.h
@@ -4,8 +4,8 @@
  SPDX-License-Identifier: Apache-2.0 OR ISC
 ------------------------------------------------------------------------------------
 */
-#ifndef NISTP_H
-#define NISTP_H
+#ifndef EC_NISTP_H
+#define EC_NISTP_H
 
 #include <openssl/target.h>
 
@@ -55,12 +55,12 @@ typedef struct {
 } ec_nistp_felem_meth;
 
 
-void ec_nistp_point_double(ec_nistp_felem_meth *ctx,
+void ec_nistp_point_double(const ec_nistp_felem_meth *ctx,
                            ec_nistp_felem_limb *x_out,
                            ec_nistp_felem_limb *y_out,
                            ec_nistp_felem_limb *z_out,
                            const ec_nistp_felem_limb *x_in,
                            const ec_nistp_felem_limb *y_in,
                            const ec_nistp_felem_limb *z_in);
-#endif // NISTP_H
+#endif // EC_NISTP_H
 
diff --git a/crypto/fipsmodule/ec/p256.c b/crypto/fipsmodule/ec/p256.c
@@ -167,19 +167,20 @@ static void fiat_p256_inv_square(fiat_p256_felem out,
   fiat_p256_square(out, ret);  // 2^256 - 2^224 + 2^192 + 2^96 - 2^2
 }
 
-static ec_nistp_felem_meth p256_felem_methods = {
-                                fiat_p256_add,
-                                fiat_p256_sub,
-                                fiat_p256_mul,
-                                fiat_p256_square };
+DEFINE_LOCAL_DATA(ec_nistp_felem_meth, p256_felem_methods) {
+    out->add = fiat_p256_add;
+    out->sub = fiat_p256_sub;
+    out->mul = fiat_p256_mul;
+    out->sqr = fiat_p256_square;
+}
 
 static void fiat_p256_point_double(fiat_p256_felem x_out,
                                    fiat_p256_felem y_out,
                                    fiat_p256_felem z_out,
                                    const fiat_p256_felem x_in,
                                    const fiat_p256_felem y_in,
                                    const fiat_p256_felem z_in) {
-  ec_nistp_point_double(&p256_felem_methods, x_out, y_out, z_out, x_in, y_in, z_in);
+  ec_nistp_point_double(p256_felem_methods(), x_out, y_out, z_out, x_in, y_in, z_in);
 }
 
 // fiat_p256_point_add calculates (x1, y1, z1) + (x2, y2, z2)

diff --git a/crypto/fipsmodule/ec/p384.c b/crypto/fipsmodule/ec/p384.c
@@ -242,17 +242,19 @@ static void p384_inv_square(p384_felem out,
 }
 
 #if defined(EC_NISTP_USE_S2N_BIGNUM)
-static ec_nistp_felem_meth p384_felem_methods = {
-                                bignum_add_p384,
-                                bignum_sub_p384,
-                                bignum_montmul_p384_selector,
-                                bignum_montsqr_p384_selector };
+DEFINE_LOCAL_DATA(ec_nistp_felem_meth, p384_felem_methods) {
+    out->add = bignum_add_p384;
+    out->sub = bignum_sub_p384;
+    out->mul = bignum_montmul_p384_selector;
+    out->sqr = bignum_montsqr_p384_selector;
+}
 #else
-static ec_nistp_felem_meth p384_felem_methods = {
-                                fiat_p384_add,
-                                fiat_p384_sub,
-                                fiat_p384_mul,
-                                fiat_p384_square };
+DEFINE_LOCAL_DATA(ec_nistp_felem_meth, p384_felem_methods) {
+    out->add = fiat_p384_add;
+    out->sub = fiat_p384_sub;
+    out->mul = fiat_p384_mul;
+    out->sqr = fiat_p384_square;
+}
 #endif
 
 static void p384_point_double(p384_felem x_out,
@@ -261,7 +263,7 @@ static void p384_point_double(p384_felem x_out,
                               const p384_felem x_in,
                               const p384_felem y_in,
                               const p384_felem z_in) {
-  ec_nistp_point_double(&p384_felem_methods, x_out, y_out, z_out, x_in, y_in, z_in);
+  ec_nistp_point_double(p384_felem_methods(), x_out, y_out, z_out, x_in, y_in, z_in);
 }
 
 // p384_point_add calculates (x1, y1, z1) + (x2, y2, z2)

diff --git a/crypto/fipsmodule/ec/p521.c b/crypto/fipsmodule/ec/p521.c
@@ -260,17 +260,19 @@ static void p521_felem_inv(p521_felem output, const p521_felem t1) {
 }
 
 #if defined(EC_NISTP_USE_S2N_BIGNUM)
-static ec_nistp_felem_meth p521_felem_methods = {
-                                bignum_add_p521,
-                                bignum_sub_p521,
-                                bignum_mul_p521_selector,
-                                bignum_sqr_p521_selector };
+DEFINE_LOCAL_DATA(ec_nistp_felem_meth, p521_felem_methods) {
+    out->add = bignum_add_p521;
+    out->sub = bignum_sub_p521;
+    out->mul = bignum_mul_p521_selector;
+    out->sqr = bignum_sqr_p521_selector;
+}
 #else
-static ec_nistp_felem_meth p521_felem_methods = {
-                                fiat_secp521r1_carry_add,
-                                fiat_secp521r1_carry_sub,
-                                fiat_secp521r1_carry_mul,
-                                fiat_secp521r1_carry_square };
+DEFINE_LOCAL_DATA(ec_nistp_felem_meth, p521_felem_methods) {
+    out->add = fiat_secp521r1_carry_add;
+    out->sub = fiat_secp521r1_carry_sub;
+    out->mul = fiat_secp521r1_carry_mul;
+    out->sqr = fiat_secp521r1_carry_square;
+}
 #endif
 
 static void p521_point_double(p521_felem x_out,
@@ -279,7 +281,7 @@ static void p521_point_double(p521_felem x_out,
                               const p521_felem x_in,
                               const p521_felem y_in,
                               const p521_felem z_in) {
-  ec_nistp_point_double(&p521_felem_methods, x_out, y_out, z_out, x_in, y_in, z_in);
+  ec_nistp_point_double(p521_felem_methods(), x_out, y_out, z_out, x_in, y_in, z_in);
 }
 
 // p521_point_add calculates (x1, y1, z1) + (x2, y2, z2)