X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fecdsa%2Fecs_ossl.c;h=8336bceb673b6fcd96552a8fa7ed2a9e2e50d83a;hb=244ed51a0dad5f52233b46be716defcfe7bc77ff;hp=59127d350d1301e4c57d7d721fa8e4366978641a;hpb=b3310161249a848a5243952467a1f3927ad78bfa;p=oweals%2Fopenssl.git

diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c
index 59127d350d..8336bceb67 100644
--- a/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/ecdsa/ecs_ossl.c
@@ -56,6 +56,8 @@
  *
  */
 
+#define OPENSSL_FIPSAPI
+
 #include "ecs_locl.h"
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
@@ -77,7 +79,7 @@ static ECDSA_METHOD openssl_ecdsa_meth = {
 	NULL, /* init     */
 	NULL, /* finish   */
 #endif
-	0,    /* flags    */
+	ECDSA_FLAG_FIPS_METHOD,    /* flags    */
 	NULL  /* app_data */
 };
 
@@ -131,6 +133,11 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
 		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
 		goto err;
 	}
+
+#ifdef OPENSSL_FIPS
+	if (!fips_check_ec_prng(eckey))
+		goto err;
+#endif
 	
 	do
 	{
@@ -144,6 +151,14 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
 			}
 		while (BN_is_zero(k));
 
+		/* We do not want timing information to leak the length of k,
+		 * so we compute G*k using an equivalent scalar of fixed
+		 * bit-length. */
+
+		if (!BN_add(k, k, order)) goto err;
+		if (BN_num_bits(k) <= BN_num_bits(order))
+			if (!BN_add(k, k, order)) goto err;
+
 		/* compute r the x-coordinate of generator * k */
 		if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
 		{
@@ -223,6 +238,14 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
 	ECDSA_DATA *ecdsa;
 	const BIGNUM *priv_key;
 
+#ifdef OPENSSL_FIPS
+	if(FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_ECDSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
+		return NULL;
+		}
+#endif
+
 	ecdsa    = ecdsa_check(eckey);
 	group    = EC_KEY_get0_group(eckey);
 	priv_key = EC_KEY_get0_private_key(eckey);
@@ -233,6 +256,11 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
 		return NULL;
 	}
 
+#ifdef OPENSSL_FIPS
+	if (!fips_check_ec_prng(eckey))
+		return NULL;
+#endif
+
 	ret = ECDSA_SIG_new();
 	if (!ret)
 	{
@@ -274,7 +302,8 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
 	{
 		if (in_kinv == NULL || in_r == NULL)
 		{
-			if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r))
+			if (!ecdsa->meth->ecdsa_sign_setup(eckey, ctx,
+								&kinv, &ret->r))
 			{
 				ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB);
 				goto err;
@@ -352,6 +381,14 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
 	const EC_GROUP *group;
 	const EC_POINT *pub_key;
 
+#ifdef OPENSSL_FIPS
+	if(FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_ECDSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
+		return -1;
+		}
+#endif
+
 	/* check input values */
 	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
 	    (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
@@ -473,3 +510,32 @@ err:
 		EC_POINT_free(point);
 	return ret;
 }
+
+#ifdef OPENSSL_FIPSCANISTER
+/* FIPS stanadlone version of ecdsa_check: just return FIPS method */
+ECDSA_DATA *fips_ecdsa_check(EC_KEY *key)
+	{
+	static ECDSA_DATA rv = {
+		0,0,0,
+		&openssl_ecdsa_meth
+		};
+	return &rv;
+	}
+/* Standalone digest sign and verify */
+int FIPS_ecdsa_verify_digest(EC_KEY *key,
+			const unsigned char *dig, int dlen, ECDSA_SIG *s)
+	{
+	ECDSA_DATA *ecdsa = ecdsa_check(key);
+	if (ecdsa == NULL)
+		return 0;
+	return ecdsa->meth->ecdsa_do_verify(dig, dlen, s, key);
+	}
+ECDSA_SIG * FIPS_ecdsa_sign_digest(EC_KEY *key,
+					const unsigned char *dig, int dlen)
+	{
+	ECDSA_DATA *ecdsa = ecdsa_check(key);
+	if (ecdsa == NULL)
+		return NULL;
+	return ecdsa->meth->ecdsa_do_sign(dig, dlen, NULL, NULL, key);
+	}
+#endif