Commit 5fd72260 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Check for selftest failure in various places.

parent 5b198d5e

crypto/ec/ec_key.c

+8 −0
Original line number Diff line number Diff line
@@ -306,6 +306,14 @@ int EC_KEY_generate_key(EC_KEY *eckey) 
	BIGNUM	*priv_key = NULL, *order = NULL;

	EC_POINT *pub_key = NULL;



#ifdef OPENSSL_FIPS

	if(FIPS_selftest_failed())

		{

		FIPSerr(FIPS_F_EC_KEY_GENERATE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);

		return 0;

		}

#endif



	if (!eckey || !eckey->group)

		{

		ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);

crypto/ecdh/ech_ossl.c

+8 −0
Original line number Diff line number Diff line
@@ -119,6 +119,14 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, 
	size_t buflen, len;

	unsigned char *buf=NULL;



#ifdef OPENSSL_FIPS

	if(FIPS_selftest_failed())

		{

		FIPSerr(FIPS_F_ECDH_COMPUTE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);

		return -1;

		}

#endif



	if (outlen > INT_MAX)

		{

		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */

crypto/ecdsa/ecs_ossl.c

+16 −0
Original line number Diff line number Diff line
@@ -238,6 +238,14 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, 
	ECDSA_DATA *ecdsa;

	const BIGNUM *priv_key;



#ifdef OPENSSL_FIPS

	if(FIPS_selftest_failed())

		{

		FIPSerr(FIPS_F_ECDSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);

		return NULL;

		}

#endif



	ecdsa    = ecdsa_check(eckey);

	group    = EC_KEY_get0_group(eckey);

	priv_key = EC_KEY_get0_private_key(eckey);
@@ -373,6 +381,14 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, 
	const EC_GROUP *group;

	const EC_POINT *pub_key;



#ifdef OPENSSL_FIPS

	if(FIPS_selftest_failed())

		{

		FIPSerr(FIPS_F_ECDSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);

		return -1;

		}

#endif



	/* check input values */

	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||

	    (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)

crypto/fips_err.h

+4 −0
Original line number Diff line number Diff line
@@ -77,6 +77,10 @@ static ERR_STRING_DATA FIPS_str_functs[]= 
{ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2),	"DSA_BUILTIN_PARAMGEN2"},

{ERR_FUNC(FIPS_F_DSA_DO_SIGN),	"DSA_do_sign"},

{ERR_FUNC(FIPS_F_DSA_DO_VERIFY),	"DSA_do_verify"},

{ERR_FUNC(FIPS_F_ECDH_COMPUTE_KEY),	"ECDH_compute_key"},

{ERR_FUNC(FIPS_F_ECDSA_DO_SIGN),	"ECDSA_do_sign"},

{ERR_FUNC(FIPS_F_ECDSA_DO_VERIFY),	"ECDSA_do_verify"},

{ERR_FUNC(FIPS_F_EC_KEY_GENERATE_KEY),	"EC_KEY_generate_key"},

{ERR_FUNC(FIPS_F_FIPS_CHECK_DSA),	"FIPS_CHECK_DSA"},

{ERR_FUNC(FIPS_F_FIPS_CHECK_DSA_PRNG),	"fips_check_dsa_prng"},

{ERR_FUNC(FIPS_F_FIPS_CHECK_EC),	"FIPS_CHECK_EC"},

fips/fips.h

+4 −0
Original line number Diff line number Diff line
@@ -349,6 +349,10 @@ void ERR_load_FIPS_strings(void); 
#define FIPS_F_DSA_BUILTIN_PARAMGEN2			 102

#define FIPS_F_DSA_DO_SIGN				 103

#define FIPS_F_DSA_DO_VERIFY				 104

#define FIPS_F_ECDH_COMPUTE_KEY				 163

#define FIPS_F_ECDSA_DO_SIGN				 164

#define FIPS_F_ECDSA_DO_VERIFY				 165

#define FIPS_F_EC_KEY_GENERATE_KEY			 166

#define FIPS_F_FIPS_CHECK_DSA				 105

#define FIPS_F_FIPS_CHECK_DSA_PRNG			 151

#define FIPS_F_FIPS_CHECK_EC				 106