/* crypto/ecdsa/ecs_ossl.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project
+ */
/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
*
*/
-#include "ecdsa.h"
-#include <openssl/err.h>
+#define OPENSSL_FIPSAPI
-/* TODO : general case */
-#define EC_POINT_get_affine_coordinates EC_POINT_get_affine_coordinates_GFp
+#include "ecs_locl.h"
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/bn.h>
-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, ECDSA *ecdsa);
-static int ecdsa_sign_setup(ECDSA *ecdsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
-static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, ECDSA_SIG *sig,
- ECDSA *ecdsa);
+static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
+ const BIGNUM *, const BIGNUM *, EC_KEY *eckey);
+static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp);
+static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey);
static ECDSA_METHOD openssl_ecdsa_meth = {
-"OpenSSL ECDSA method",
-ecdsa_do_sign,
-ecdsa_sign_setup,
-ecdsa_do_verify,
-0,
-NULL
+ "OpenSSL ECDSA method",
+ ecdsa_do_sign,
+ ecdsa_sign_setup,
+ ecdsa_do_verify,
+#if 0
+ NULL, /* init */
+ NULL, /* finish */
+#endif
+ ECDSA_FLAG_FIPS_METHOD, /* flags */
+ NULL /* app_data */
};
const ECDSA_METHOD *ECDSA_OpenSSL(void)
return &openssl_ecdsa_meth;
}
-static int ecdsa_sign_setup(ECDSA *ecdsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp)
{
BN_CTX *ctx = NULL;
- BIGNUM k,*kinv=NULL,*r=NULL,*order=NULL,*X=NULL;
+ BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL;
EC_POINT *tmp_point=NULL;
- int ret = 0,reason = ERR_R_BN_LIB;
- if (!ecdsa || !ecdsa->group || !ecdsa->pub_key || !ecdsa->priv_key)
+ const EC_GROUP *group;
+ int ret = 0;
+
+ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL)
{
- reason = ECDSA_R_MISSING_PARAMETERS;
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
+
if (ctx_in == NULL)
{
- if ((ctx=BN_CTX_new()) == NULL) goto err;
+ if ((ctx = BN_CTX_new()) == NULL)
+ {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
}
else
- ctx=ctx_in;
+ ctx = ctx_in;
- if ((r = BN_new()) == NULL) goto err;
- if ((order = BN_new()) == NULL) goto err;
- if ((X = BN_new()) == NULL) goto err;
- if ((tmp_point = EC_POINT_new(ecdsa->group)) == NULL)
+ k = BN_new(); /* this value is later returned in *kinvp */
+ r = BN_new(); /* this value is later returned in *rp */
+ order = BN_new();
+ X = BN_new();
+ if (!k || !r || !order || !X)
+ {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if ((tmp_point = EC_POINT_new(group)) == NULL)
{
- reason = ERR_R_EC_LIB;
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
- if (!EC_GROUP_get_order(ecdsa->group,order,ctx))
+ if (!EC_GROUP_get_order(group, order, ctx))
{
- reason = ERR_R_EC_LIB;
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
goto err;
}
+
+#ifdef OPENSSL_FIPS
+ if (!fips_check_ec_prng(eckey))
+ goto err;
+#endif
do
{
/* get random k */
- BN_init(&k);
do
- if (!BN_rand_range(&k,order))
+ if (!BN_rand_range(k, order))
{
- reason = ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED;
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
+ ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
- while (BN_is_zero(&k));
+ while (BN_is_zero(k));
+
+ /* We do not want timing information to leak the length of k,
+ * so we compute G*k using an equivalent scalar of fixed
+ * bit-length. */
+
+ if (!BN_add(k, k, order)) goto err;
+ if (BN_num_bits(k) <= BN_num_bits(order))
+ if (!BN_add(k, k, order)) goto err;
/* compute r the x-coordinate of generator * k */
- if (!EC_POINT_mul(ecdsa->group,tmp_point,&k,NULL,NULL,ctx)
- || !EC_POINT_get_affine_coordinates(ecdsa->group,tmp_point,X,NULL,ctx))
+ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
+ {
+ if (!EC_POINT_get_affine_coordinates_GFp(group,
+ tmp_point, X, NULL, ctx))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+#ifndef OPENSSL_NO_EC2M
+ else /* NID_X9_62_characteristic_two_field */
+ {
+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
+ tmp_point, X, NULL, ctx))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+#endif
+ if (!BN_nnmod(r, X, order, ctx))
{
- reason = ERR_R_EC_LIB;
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
goto err;
}
- if (!BN_nnmod(r,X,order,ctx)) goto err;
}
while (BN_is_zero(r));
/* compute the inverse of k */
- if ((kinv = BN_mod_inverse(NULL,&k,order,ctx)) == NULL) goto err;
-
- if (*rp == NULL)
+ if (!BN_mod_inverse(k, k, order, ctx))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+ goto err;
+ }
+ /* clear old values if necessary */
+ if (*rp != NULL)
BN_clear_free(*rp);
- *rp = r;
- if (*kinvp == NULL)
+ if (*kinvp != NULL)
BN_clear_free(*kinvp);
- *kinvp = kinv;
- kinv = NULL;
+ /* save the pre-computed values */
+ *rp = r;
+ *kinvp = k;
ret = 1;
err:
if (!ret)
{
- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,reason);
- if (kinv != NULL) BN_clear_free(kinv);
+ if (k != NULL) BN_clear_free(k);
if (r != NULL) BN_clear_free(r);
}
if (ctx_in == NULL)
BN_CTX_free(ctx);
- if (kinv != NULL)
- BN_clear_free(kinv);
if (order != NULL)
- BN_clear_free(order);
+ BN_free(order);
if (tmp_point != NULL)
EC_POINT_free(tmp_point);
- if (X) BN_clear_free(X);
- BN_clear_free(&k);
+ if (X)
+ BN_clear_free(X);
return(ret);
}
-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSA *ecdsa)
+static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
+ const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
{
- BIGNUM *kinv=NULL,*r=NULL,*s=NULL,*m=NULL,*tmp=NULL,*order=NULL;
- BIGNUM xr;
- BN_CTX *ctx=NULL;
- int reason=ERR_R_BN_LIB;
- ECDSA_SIG *ret=NULL;
+ int ok = 0, i;
+ BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL;
+ const BIGNUM *ckinv;
+ BN_CTX *ctx = NULL;
+ const EC_GROUP *group;
+ ECDSA_SIG *ret;
+ ECDSA_DATA *ecdsa;
+ const BIGNUM *priv_key;
+
+ ecdsa = ecdsa_check(eckey);
+ group = EC_KEY_get0_group(eckey);
+ priv_key = EC_KEY_get0_private_key(eckey);
+
+ if (group == NULL || priv_key == NULL || ecdsa == NULL)
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+
+#ifdef OPENSSL_FIPS
+ if (!fips_check_ec_prng(eckey))
+ return NULL;
+#endif
- if (!ecdsa || !ecdsa->group || !ecdsa->pub_key || !ecdsa->priv_key)
+ ret = ECDSA_SIG_new();
+ if (!ret)
{
- reason = ECDSA_R_MISSING_PARAMETERS;
- goto err;
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ return NULL;
}
- BN_init(&xr);
+ s = ret->s;
- if ((ctx = BN_CTX_new()) == NULL) goto err;
- if ((order = BN_new()) == NULL) goto err;
- if ((tmp = BN_new()) == NULL) goto err;
- if ((m = BN_new()) == NULL) goto err;
- if ((s = BN_new()) == NULL) goto err;
+ if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
+ (tmp = BN_new()) == NULL || (m = BN_new()) == NULL)
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
- if (!EC_GROUP_get_order(ecdsa->group,order,ctx))
+ if (!EC_GROUP_get_order(group, order, ctx))
{
- reason = ECDSA_R_ERR_EC_LIB;
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
goto err;
}
- if (dgst_len > BN_num_bytes(order))
+ i = BN_num_bits(order);
+ /* Need to truncate digest if it is too long: first truncate whole
+ * bytes.
+ */
+ if (8 * dgst_len > i)
+ dgst_len = (i + 7)/8;
+ if (!BN_bin2bn(dgst, dgst_len, m))
{
- reason = ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+ goto err;
+ }
+ /* If still too long truncate remaining bits with a shift */
+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
-
- if (BN_bin2bn(dgst,dgst_len,m) == NULL) goto err;
do
{
- if ((ecdsa->kinv == NULL) || (ecdsa->r == NULL))
+ if (in_kinv == NULL || in_r == NULL)
{
- if (!ECDSA_sign_setup(ecdsa,ctx,&kinv,&r)) goto err;
+ if (!ecdsa->meth->ecdsa_sign_setup(eckey, ctx,
+ &kinv, &ret->r))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB);
+ goto err;
+ }
+ ckinv = kinv;
}
else
{
- kinv = ecdsa->kinv;
- ecdsa->kinv = NULL;
- r = ecdsa->r;
- ecdsa->r = NULL;
+ ckinv = in_kinv;
+ if (BN_copy(ret->r, in_r) == NULL)
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
}
- if (!BN_mod_mul(tmp,ecdsa->priv_key,r,order,ctx)) goto err;
- if (!BN_add(s,tmp,m)) goto err;
- if (BN_cmp(s,order) > 0)
- BN_sub(s,s,order);
- if (!BN_mod_mul(s,s,kinv,order,ctx)) goto err;
+ if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+ goto err;
+ }
+ if (!BN_mod_add_quick(s, tmp, m, order))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+ goto err;
+ }
+ if (!BN_mod_mul(s, s, ckinv, order, ctx))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+ goto err;
+ }
+ if (BN_is_zero(s))
+ {
+ /* if kinv and r have been supplied by the caller
+ * don't to generate new kinv and r values */
+ if (in_kinv != NULL && in_r != NULL)
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_NEED_NEW_SETUP_VALUES);
+ goto err;
+ }
+ }
+ else
+ /* s != 0 => we have a valid signature */
+ break;
}
- while (BN_is_zero(s));
+ while (1);
- if ((ret = ECDSA_SIG_new()) == NULL)
- {
- reason = ECDSA_R_SIGNATURE_MALLOC_FAILED;
- goto err;
- }
- if (BN_copy(ret->r, r) == NULL || BN_copy(ret->s, s) == NULL)
+ ok = 1;
+err:
+ if (!ok)
{
ECDSA_SIG_free(ret);
ret = NULL;
- reason = ERR_R_BN_LIB;
}
-
-err:
- if (!ret)
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,reason);
- }
- if (r != NULL) BN_clear_free(r);
- if (s != NULL) BN_clear_free(s);
- if (ctx != NULL) BN_CTX_free(ctx);
- if (m != NULL) BN_clear_free(m);
- if (tmp != NULL) BN_clear_free(tmp);
- if (order != NULL) BN_clear_free(order);
- if (kinv != NULL) BN_clear_free(kinv);
- return(ret);
+ if (ctx)
+ BN_CTX_free(ctx);
+ if (m)
+ BN_clear_free(m);
+ if (tmp)
+ BN_clear_free(tmp);
+ if (order)
+ BN_free(order);
+ if (kinv)
+ BN_clear_free(kinv);
+ return ret;
}
-static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, ECDSA_SIG *sig,
- ECDSA *ecdsa)
+static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey)
{
- BN_CTX *ctx;
- BIGNUM *order=NULL,*u1=NULL,*u2=NULL,*m=NULL,*X=NULL;
- EC_POINT *point=NULL;
- int ret = -1,reason = ERR_R_BN_LIB;
- if (!ecdsa || !ecdsa->group || !ecdsa->pub_key || !sig)
+ int ret = -1, i;
+ BN_CTX *ctx;
+ BIGNUM *order, *u1, *u2, *m, *X;
+ EC_POINT *point = NULL;
+ const EC_GROUP *group;
+ const EC_POINT *pub_key;
+
+ /* check input values */
+ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
+ (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
{
- reason = ECDSA_R_MISSING_PARAMETERS;
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
return -1;
}
- if ((ctx = BN_CTX_new()) == NULL) goto err;
- if ((order = BN_new()) == NULL) goto err;
- if ((u1 = BN_new()) == NULL) goto err;
- if ((u2 = BN_new()) == NULL) goto err;
- if ((m = BN_new()) == NULL) goto err;
- if ((X = BN_new()) == NULL) goto err;
- if (!EC_GROUP_get_order(ecdsa->group,order,ctx)) goto err;
-
- if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, order) >= 0)
+ ctx = BN_CTX_new();
+ if (!ctx)
{
- reason = ECDSA_R_BAD_SIGNATURE;
- ret = 0;
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ BN_CTX_start(ctx);
+ order = BN_CTX_get(ctx);
+ u1 = BN_CTX_get(ctx);
+ u2 = BN_CTX_get(ctx);
+ m = BN_CTX_get(ctx);
+ X = BN_CTX_get(ctx);
+ if (!X)
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
goto err;
}
- if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, order) >= 0)
+
+ if (!EC_GROUP_get_order(group, order, ctx))
{
- reason = ECDSA_R_BAD_SIGNATURE;
- ret = 0;
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
goto err;
}
+ if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
+ BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
+ BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0)
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);
+ ret = 0; /* signature is invalid */
+ goto err;
+ }
/* calculate tmp1 = inv(S) mod order */
- if ((BN_mod_inverse(u2,sig->s,order,ctx)) == NULL) goto err;
+ if (!BN_mod_inverse(u2, sig->s, order, ctx))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+ goto err;
+ }
/* digest -> m */
- if (BN_bin2bn(dgst,dgst_len,m) == NULL) goto err;
+ i = BN_num_bits(order);
+ /* Need to truncate digest if it is too long: first truncate whole
+ * bytes.
+ */
+ if (8 * dgst_len > i)
+ dgst_len = (i + 7)/8;
+ if (!BN_bin2bn(dgst, dgst_len, m))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+ goto err;
+ }
+ /* If still too long truncate remaining bits with a shift */
+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+ goto err;
+ }
/* u1 = m * tmp mod order */
- if (!BN_mod_mul(u1,m,u2,order,ctx)) goto err;
+ if (!BN_mod_mul(u1, m, u2, order, ctx))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+ goto err;
+ }
/* u2 = r * w mod q */
- if (!BN_mod_mul(u2,sig->r,u2,order,ctx)) goto err;
+ if (!BN_mod_mul(u2, sig->r, u2, order, ctx))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+ goto err;
+ }
- if ((point = EC_POINT_new(ecdsa->group)) == NULL)
+ if ((point = EC_POINT_new(group)) == NULL)
{
- reason = ERR_R_EC_LIB;
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (!EC_POINT_mul(ecdsa->group,point,u1,ecdsa->pub_key,u2,ctx)
- || !EC_POINT_get_affine_coordinates(ecdsa->group,point,X,NULL,ctx))
+ if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx))
{
- reason = ERR_R_EC_LIB;
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
goto err;
}
- if (!BN_nnmod(u1,X,order,ctx)) goto err;
-
- /* is now in u1. If the signature is correct, it will be
- * equal to R. */
- ret = (BN_ucmp(u1,sig->r) == 0);
-
- err:
- if (ret != 1) ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY,reason);
- if (ctx != NULL) BN_CTX_free(ctx);
- if (u1 != NULL) BN_clear_free(u1);
- if (u2 != NULL) BN_clear_free(u2);
- if (m != NULL) BN_clear_free(m);
- if (X != NULL) BN_clear_free(X);
- if (order != NULL) BN_clear_free(order);
- if (point != NULL) EC_POINT_free(point);
- return(ret);
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
+ {
+ if (!EC_POINT_get_affine_coordinates_GFp(group,
+ point, X, NULL, ctx))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+#ifndef OPENSSL_NO_EC2M
+ else /* NID_X9_62_characteristic_two_field */
+ {
+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
+ point, X, NULL, ctx))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+#endif
+ if (!BN_nnmod(u1, X, order, ctx))
+ {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+ goto err;
+ }
+ /* if the signature is correct u1 is equal to sig->r */
+ ret = (BN_ucmp(u1, sig->r) == 0);
+err:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ if (point)
+ EC_POINT_free(point);
+ return ret;
}
+
+#ifdef OPENSSL_FIPSCANISTER
+/* FIPS stanadlone version of ecdsa_check: just return FIPS method */
+ECDSA_DATA *fips_ecdsa_check(EC_KEY *key)
+ {
+ static ECDSA_DATA rv = {
+ 0,0,0,
+ &openssl_ecdsa_meth
+ };
+ return &rv;
+ }
+/* Standalone digest sign and verify */
+int FIPS_ecdsa_verify_digest(EC_KEY *key,
+ const unsigned char *dig, int dlen, ECDSA_SIG *s)
+ {
+ ECDSA_DATA *ecdsa = ecdsa_check(key);
+ if (ecdsa == NULL)
+ return 0;
+ return ecdsa->meth->ecdsa_do_verify(dig, dlen, s, key);
+ }
+ECDSA_SIG * FIPS_ecdsa_sign_digest(EC_KEY *key,
+ const unsigned char *dig, int dlen)
+ {
+ ECDSA_DATA *ecdsa = ecdsa_check(key);
+ if (ecdsa == NULL)
+ return NULL;
+ return ecdsa->meth->ecdsa_do_sign(dig, dlen, NULL, NULL, key);
+ }
+#endif
projects / openssl.git / blobdiff