add ECDSA POST (947ff113) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/fips_err.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -90,6 +90,7 @@ static ERR_STRING_DATA FIPS_str_functs[]=
		{ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_GCM), "FIPS_selftest_aes_gcm"},
		{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des"},
		{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"},
		{ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA), "FIPS_selftest_ecdsa"},
		{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
		{ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG), "FIPS_selftest_rng"},
		{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},

+2 −2

Original line number	Diff line number	Diff line
		@@ -22,8 +22,8 @@ TEST= fips_ecdsavs.c
		APPS=

		LIB=$(TOP)/libcrypto.a
		LIBSRC= fips_ecdsa_lib.c fips_ecdsa_sign.c
		LIBOBJ= fips_ecdsa_lib.o fips_ecdsa_sign.o
		LIBSRC= fips_ecdsa_lib.c fips_ecdsa_sign.c fips_ecdsa_selftest.c
		LIBOBJ= fips_ecdsa_lib.o fips_ecdsa_sign.o fips_ecdsa_selftest.o

		SRC= $(LIBSRC)

0 → 100644

+71 −0

Original line number	Diff line number	Diff line
		/* fips/ecdsa/fips_ecdsa_selftest.c */

		#define OPENSSL_FIPSAPI

		#include <string.h>
		#include <openssl/crypto.h>
		#include <openssl/ec.h>
		#include <openssl/ecdsa.h>
		#include <openssl/fips.h>
		#include <openssl/err.h>
		#include <openssl/evp.h>
		#include <openssl/bn.h>

		#ifdef OPENSSL_FIPS

		static const unsigned char str1[]="12345678901234567890";

		static int corrupt_ecdsa = 0;

		void FIPS_corrupt_ecdsa()
		{
		corrupt_ecdsa = 1;
		}

		int FIPS_selftest_ecdsa()
		{
		EC_KEY *ec=NULL;
		int ret = 0;
		EVP_MD_CTX mctx;
		ECDSA_SIG *esig = NULL;

		FIPS_md_ctx_init(&mctx);

		ec = EC_KEY_new_by_curve_name(NID_secp384r1);

		if(ec == NULL)
		goto err;

		EC_KEY_generate_key(ec);

		if (!FIPS_digestinit(&mctx, EVP_sha512()))
		goto err;
		if (!FIPS_digestupdate(&mctx, str1, 20))
		goto err;
		esig = FIPS_ecdsa_sign_ctx(ec, &mctx);
		if (!esig)
		goto err;

		if (corrupt_ecdsa)
		BN_add_word(esig->r, 1);

		if (!FIPS_digestinit(&mctx, EVP_sha512()))
		goto err;
		if (!FIPS_digestupdate(&mctx, str1, 20))
		goto err;
		if (FIPS_ecdsa_verify_ctx(ec, &mctx, esig) != 1)
		goto err;

		ret = 1;

		err:
		FIPS_md_ctx_cleanup(&mctx);
		if (ec)
		EC_KEY_free(ec);
		if (esig)
		FIPS_ecdsa_sig_free(esig);
		if (ret == 0)
		FIPSerr(FIPS_F_FIPS_SELFTEST_ECDSA,FIPS_R_SELFTEST_FAILED);
		return ret;
		}
		#endif

+1 −0

+3 −0

Original line number	Diff line number	Diff line
		@@ -86,6 +86,8 @@ int FIPS_selftest_rsa(void);
		void FIPS_corrupt_dsa(void);
		void FIPS_corrupt_dsa_keygen(void);
		int FIPS_selftest_dsa(void);
		int FIPS_selftest_ecdsa(void);
		void FIPS_corrupt_ecdsa(void);
		void FIPS_corrupt_ec_keygen(void);
		void FIPS_corrupt_rng(void);
		void FIPS_rng_stick(void);
		@@ -195,6 +197,7 @@ void ERR_load_FIPS_strings(void);
		#define FIPS_F_FIPS_SELFTEST_AES_GCM 130
		#define FIPS_F_FIPS_SELFTEST_DES 111
		#define FIPS_F_FIPS_SELFTEST_DSA 112
		#define FIPS_F_FIPS_SELFTEST_ECDSA 131
		#define FIPS_F_FIPS_SELFTEST_HMAC 113
		#define FIPS_F_FIPS_SELFTEST_RNG 114
		#define FIPS_F_FIPS_SELFTEST_SHA1 115