From 567b1c8ea731fe42650d43ede50a105b772dc7aa Mon Sep 17 00:00:00 2001
From: Alistair Francis <alistair.francis@wdc.com>
Date: Fri, 11 Aug 2023 16:24:23 -0400
Subject: [PATCH] cryptlib_openssl: ec: Remove internal OpenSSL crypto include

The OpenSSL source code describes the crypto include as:
"Internal EC functions for other submodules: not for application use"
 - https://github.com/openssl/openssl/blob/master/include/crypto/ec.h

Using the internal APIS makes it difficult to use libspdm as a library
with other packages. So let's remove the uses of the internal API and
instead use the public API.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Upstream: https://github.com/DMTF/libspdm/commit/567b1c8ea731fe42650d43ede50a105b772dc7aa
---
 os_stub/cryptlib_openssl/pk/ec.c | 26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/os_stub/cryptlib_openssl/pk/ec.c b/os_stub/cryptlib_openssl/pk/ec.c
index 7dd9a8b0f8..09df0b9a25 100644
--- a/os_stub/cryptlib_openssl/pk/ec.c
+++ b/os_stub/cryptlib_openssl/pk/ec.c
@@ -15,7 +15,6 @@
 #include <openssl/bn.h>
 #include <openssl/ec.h>
 #include <openssl/objects.h>
-#include <crypto/ec.h>
 
 /**
  * Allocates and Initializes one Elliptic Curve context for subsequent use
@@ -854,7 +853,7 @@ static int libspdm_ecdsa_sign_setup_random(EC_KEY *eckey, BIGNUM **kinvp, BIGNUM
                                            uint8_t* random, size_t random_len)
 {
     BN_CTX *ctx = NULL;
-    BIGNUM *k = NULL, *r = NULL, *X = NULL;
+    BIGNUM *k = NULL, *r = NULL, *X = NULL, *e = NULL;
     const BIGNUM *order;
     EC_POINT *tmp_point = NULL;
     const EC_GROUP *group;
@@ -901,6 +900,11 @@ static int libspdm_ecdsa_sign_setup_random(EC_KEY *eckey, BIGNUM **kinvp, BIGNUM
         goto err;
     }
 
+    e = BN_CTX_get(ctx);
+    if (e == NULL) {
+        return 0;
+    }
+
     /*random number*/
     k = BN_bin2bn(random, random_len, NULL);
 
@@ -915,10 +919,24 @@ static int libspdm_ecdsa_sign_setup_random(EC_KEY *eckey, BIGNUM **kinvp, BIGNUM
         goto err;
     }
 
-    /* compute the inverse of k */
-    if (!ossl_ec_group_do_inverse_ord(group, k, k, ctx)) {
+    /*
+     * compute the inverse of k
+     * Based on ossl_ec_group_do_inverse_ord() from OpenSSL
+     */
+    BN_CTX_start(ctx);
+    if (!BN_set_word(e, 2)) {
+        BN_CTX_end(ctx);
+        goto err;
+    }
+    if (!BN_sub(e, order, e)) {
+        BN_CTX_end(ctx);
+        goto err;
+    }
+    if (!BN_mod_exp_mont(k, k, e, order, ctx, EC_GROUP_get_mont_data(group))) {
+        BN_CTX_end(ctx);
         goto err;
     }
+    BN_CTX_end(ctx);
 
     /* clear old values if necessary */
     BN_clear_free(*rp);
-- 
2.40.1