Use new partial chain flag instead of modifying input parameters.

[openssl.git] / crypto / ecdsa / ecs_ossl.c
diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c

index 4ed29d188902ab076fbd455bc4359c626db98ca9..8336bceb673b6fcd96552a8fa7ed2a9e2e50d83a 100644 (file)
--- a/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/ecdsa/ecs_ossl.c
@@ -79,7 +79,7 @@ static ECDSA_METHOD openssl_ecdsa_meth = {
         NULL, /* init     */
         NULL, /* finish   */
  #endif
-       0,    /* flags    */
+       ECDSA_FLAG_FIPS_METHOD,    /* flags    */
         NULL  /* app_data */
  };
  
@@ -133,6 +133,11 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
                 ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
                 goto err;
         }
+
+#ifdef OPENSSL_FIPS
+       if (!fips_check_ec_prng(eckey))
+               goto err;
+#endif
         
         do
         {
@@ -146,6 +151,14 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
                         }
                 while (BN_is_zero(k));
  
+               /* We do not want timing information to leak the length of k,
+                * so we compute G*k using an equivalent scalar of fixed
+                * bit-length. */
+
+               if (!BN_add(k, k, order)) goto err;
+               if (BN_num_bits(k) <= BN_num_bits(order))
+                       if (!BN_add(k, k, order)) goto err;
+
                 /* compute r the x-coordinate of generator * k */
                 if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
                 {
@@ -225,6 +238,14 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
         ECDSA_DATA *ecdsa;
         const BIGNUM *priv_key;
  
+#ifdef OPENSSL_FIPS
+       if(FIPS_selftest_failed())
+               {
+               FIPSerr(FIPS_F_ECDSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
+               return NULL;
+               }
+#endif
+
         ecdsa    = ecdsa_check(eckey);
         group    = EC_KEY_get0_group(eckey);
         priv_key = EC_KEY_get0_private_key(eckey);
@@ -235,6 +256,11 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
                 return NULL;
         }
  
+#ifdef OPENSSL_FIPS
+       if (!fips_check_ec_prng(eckey))
+               return NULL;
+#endif
+
         ret = ECDSA_SIG_new();
         if (!ret)
         {
@@ -355,6 +381,14 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
         const EC_GROUP *group;
         const EC_POINT *pub_key;
  
+#ifdef OPENSSL_FIPS
+       if(FIPS_selftest_failed())
+               {
+               FIPSerr(FIPS_F_ECDSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
+               return -1;
+               }
+#endif
+
         /* check input values */
         if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
             (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)