Fix DSA to skip EOL test when parsing mod line.

[openssl.git] / crypto / ec / ec_key.c

diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 1615ec8a5a7204b760e2a8beb039bd6e67169635..ef22737b0ed0ef67aac817bd8f281f0a9f4ca9ef 100644 (file)
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -80,6 +80,7 @@ EC_KEY *EC_KEY_new(void)
                }
 
        ret->version = 1;       
+       ret->flags = 0;
        ret->group   = NULL;
        ret->pub_key = NULL;
        ret->priv_key= NULL;
@@ -199,6 +200,7 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
        dest->enc_flag  = src->enc_flag;
        dest->conv_form = src->conv_form;
        dest->version   = src->version;
+       dest->flags = src->flags;
 
        return dest;
        }
@@ -235,13 +237,8 @@ int EC_KEY_up_ref(EC_KEY *r)
 #ifdef OPENSSL_FIPS
 
 #include <openssl/evp.h>
-
-static int fips_ec_pairwise_fail = 0;
-
-void FIPS_corrupt_ec_keygen(void)
-       {
-       fips_ec_pairwise_fail = 1;
-       }
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
 
 static int fips_check_ec(EC_KEY *key)
        {
@@ -250,7 +247,8 @@ static int fips_check_ec(EC_KEY *key)
        pk.type = EVP_PKEY_EC;
        pk.pkey.ec = key;
 
-       if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, NULL, 0, NULL))
+       if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE,
+                                       &pk, tbs, 0, NULL, 0, NULL, 0, NULL))
                {
                FIPSerr(FIPS_F_FIPS_CHECK_EC,FIPS_R_PAIRWISE_TEST_FAILED);
                fips_set_selftest_fail();
@@ -259,6 +257,46 @@ static int fips_check_ec(EC_KEY *key)
        return 1;
        }
 
+int fips_check_ec_prng(EC_KEY *ec)
+       {
+       int bits, strength;
+       if (!FIPS_module_mode())
+               return 1;
+
+       if (ec->flags & (EC_FLAG_NON_FIPS_ALLOW|EC_FLAG_FIPS_CHECKED))
+               return 1;
+
+       if (!ec->group)
+               return 1;
+
+       bits = BN_num_bits(&ec->group->order);
+
+       if (bits < 160)
+               {
+               FIPSerr(FIPS_F_FIPS_CHECK_EC_PRNG,FIPS_R_KEY_TOO_SHORT);
+               return 0;
+               }
+       /* Comparable algorithm strengths: from SP800-57 table 2 */
+       if (bits >= 512)
+               strength = 256;
+       else if (bits >= 384)
+               strength = 192;
+       else if (bits >= 256)
+               strength = 128;
+       else if (bits >= 224)
+               strength = 112;
+       else
+               strength = 80;
+
+
+       if (FIPS_rand_strength() >= strength)
+               return 1;
+
+       FIPSerr(FIPS_F_FIPS_CHECK_EC_PRNG,FIPS_R_PRNG_STRENGTH_TOO_LOW);
+       return 0;
+
+       }
+
 #endif
 
 int EC_KEY_generate_key(EC_KEY *eckey)
@@ -289,6 +327,11 @@ int EC_KEY_generate_key(EC_KEY *eckey)
        if (!EC_GROUP_get_order(eckey->group, order, ctx))
                goto err;
 
+#ifdef OPENSSL_FIPS
+       if (!fips_check_ec_prng(eckey))
+               goto err;
+#endif
+
        do
                if (!BN_rand_range(priv_key, order))
                        goto err;
@@ -310,8 +353,6 @@ int EC_KEY_generate_key(EC_KEY *eckey)
        eckey->pub_key  = pub_key;
 
 #ifdef OPENSSL_FIPS
-       if (fips_ec_pairwise_fail)
-               BN_add_word(eckey->priv_key, 1);
        if(!fips_check_ec(eckey))
                {
                eckey->priv_key = NULL;
@@ -579,3 +620,18 @@ int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)
                return 0;
        return EC_GROUP_precompute_mult(key->group, ctx);
        }
+
+int EC_KEY_get_flags(const EC_KEY *key)
+       {
+       return key->flags;
+       }
+
+void EC_KEY_set_flags(EC_KEY *key, int flags)
+       {
+       key->flags |= flags;
+       }
+
+void EC_KEY_clear_flags(EC_KEY *key, int flags)
+       {
+       key->flags &= ~flags;
+       }