return ((i > 1) ? 1 : 0);
}
+#ifdef OPENSSL_FIPS
+
+#include <openssl/evp.h>
+
+static int fips_ec_pairwise_fail = 0;
+
+void FIPS_corrupt_ec_keygen(void)
+ {
+ fips_ec_pairwise_fail = 1;
+ }
+
+static int fips_check_ec(EC_KEY *key)
+ {
+ EVP_PKEY pk;
+ unsigned char tbs[] = "ECDSA Pairwise Check Data";
+ pk.type = EVP_PKEY_EC;
+ pk.pkey.ec = key;
+
+ if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, NULL, 0, NULL))
+ {
+ FIPSerr(FIPS_F_FIPS_CHECK_EC,FIPS_R_PAIRWISE_TEST_FAILED);
+ fips_set_selftest_fail();
+ return 0;
+ }
+ return 1;
+ }
+
+#endif
+
int EC_KEY_generate_key(EC_KEY *eckey)
{
int ok = 0;
eckey->priv_key = priv_key;
eckey->pub_key = pub_key;
+#ifdef OPENSSL_FIPS
+ if (fips_ec_pairwise_fail)
+ BN_add_word(eckey->priv_key, 1);
+ if(!fips_check_ec(eckey))
+ {
+ eckey->priv_key = NULL;
+ eckey->pub_key = NULL;
+ goto err;
+ }
+#endif
+
ok=1;
err:
{ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
{ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
{ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "FIPS_CHECK_DSA"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_EC), "FIPS_CHECK_EC"},
{ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT), "FIPS_check_incore_fingerprint"},
{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "fips_check_rsa"},
{ERR_FUNC(FIPS_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"},
#include <openssl/hmac.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
+#include <openssl/ecdsa.h>
#include <string.h>
#include <limits.h>
#include "fips_locl.h"
unsigned char sigtmp[256], *sig = sigtmp;
unsigned int siglen;
DSA_SIG *dsig = NULL;
+ ECDSA_SIG *esig = NULL;
EVP_MD_CTX mctx;
FIPS_md_ctx_init(&mctx);
if (!dsig)
goto error;
}
+ else if (pkey->type == EVP_PKEY_EC)
+ {
+ esig = FIPS_ecdsa_sign_ctx(pkey->pkey.ec, &mctx);
+ if (!esig)
+ goto error;
+ }
#if 0
else if (!EVP_SignFinal(&mctx, sig, &siglen, pkey))
goto error;
{
ret = FIPS_dsa_verify_ctx(pkey->pkey.dsa, &mctx, dsig);
}
+ else if (pkey->type == EVP_PKEY_EC)
+ {
+ ret = FIPS_ecdsa_verify_ctx(pkey->pkey.ec, &mctx, esig);
+ }
#if 0
else
ret = EVP_VerifyFinal(&mctx, sig, siglen, pkey);
error:
if (dsig != NULL)
FIPS_dsa_sig_free(dsig);
+ if (esig != NULL)
+ FIPS_ecdsa_sig_free(esig);
if (sig != sigtmp)
OPENSSL_free(sig);
FIPS_md_ctx_cleanup(&mctx);
void FIPS_corrupt_dsa(void);
void FIPS_corrupt_dsa_keygen(void);
int FIPS_selftest_dsa(void);
+void FIPS_corrupt_ec_keygen(void);
void FIPS_corrupt_rng(void);
void FIPS_rng_stick(void);
int FIPS_selftest_rng(void);
#define FIPS_F_EVP_CIPHERINIT_EX 124
#define FIPS_F_EVP_DIGESTINIT_EX 125
#define FIPS_F_FIPS_CHECK_DSA 104
+#define FIPS_F_FIPS_CHECK_EC 129
#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105
#define FIPS_F_FIPS_CHECK_RSA 106
#define FIPS_F_FIPS_CIPHERINIT 128
projects / oweals / openssl.git / commitdiff