diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-10-19 01:11:59 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-12-08 13:25:38 +0000 |
commit | dbfbe10a1ffe6bf0ce53caf9814f624d1dd36276 (patch) | |
tree | ea0275866c6cd4a2ae9f71afe263fd974d866916 /crypto/ec | |
parent | 1bfffe9bd013e73436fcaed0a8bf91f4e7f09560 (diff) |
remove FIPS module code from crypto/ecdsa
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'crypto/ec')
-rw-r--r-- | crypto/ec/ec_key.c | 87 |
1 files changed, 0 insertions, 87 deletions
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index b88094c19d..b276f9d23b 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -233,71 +233,6 @@ int EC_KEY_up_ref(EC_KEY *r) return ((i > 1) ? 1 : 0); } -#ifdef OPENSSL_FIPS - -#include <openssl/evp.h> -#include <openssl/fips.h> -#include <openssl/fips_rand.h> - -static int fips_check_ec(EC_KEY *key) - { - EVP_PKEY pk; - unsigned char tbs[] = "ECDSA Pairwise Check Data"; - pk.type = EVP_PKEY_EC; - pk.pkey.ec = key; - - if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE, - &pk, tbs, 0, NULL, 0, NULL, 0, NULL)) - { - FIPSerr(FIPS_F_FIPS_CHECK_EC,FIPS_R_PAIRWISE_TEST_FAILED); - fips_set_selftest_fail(); - return 0; - } - return 1; - } - -int fips_check_ec_prng(EC_KEY *ec) - { - int bits, strength; - if (!FIPS_module_mode()) - return 1; - - if (ec->flags & (EC_FLAG_NON_FIPS_ALLOW|EC_FLAG_FIPS_CHECKED)) - return 1; - - if (!ec->group) - return 1; - - bits = BN_num_bits(&ec->group->order); - - if (bits < 160) - { - FIPSerr(FIPS_F_FIPS_CHECK_EC_PRNG,FIPS_R_KEY_TOO_SHORT); - return 0; - } - /* Comparable algorithm strengths: from SP800-57 table 2 */ - if (bits >= 512) - strength = 256; - else if (bits >= 384) - strength = 192; - else if (bits >= 256) - strength = 128; - else if (bits >= 224) - strength = 112; - else - strength = 80; - - - if (FIPS_rand_strength() >= strength) - return 1; - - FIPSerr(FIPS_F_FIPS_CHECK_EC_PRNG,FIPS_R_PRNG_STRENGTH_TOO_LOW); - return 0; - - } - -#endif - int EC_KEY_generate_key(EC_KEY *eckey) { int ok = 0; @@ -305,14 +240,6 @@ int EC_KEY_generate_key(EC_KEY *eckey) BIGNUM *priv_key = NULL, *order = NULL; EC_POINT *pub_key = NULL; -#ifdef OPENSSL_FIPS - if(FIPS_selftest_failed()) - { - FIPSerr(FIPS_F_EC_KEY_GENERATE_KEY,FIPS_R_FIPS_SELFTEST_FAILED); - return 0; - } -#endif - if (!eckey || !eckey->group) { ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); @@ -334,11 +261,6 @@ int EC_KEY_generate_key(EC_KEY *eckey) if (!EC_GROUP_get_order(eckey->group, order, ctx)) goto err; -#ifdef OPENSSL_FIPS - if (!fips_check_ec_prng(eckey)) - goto err; -#endif - do if (!BN_rand_range(priv_key, order)) goto err; @@ -359,15 +281,6 @@ int EC_KEY_generate_key(EC_KEY *eckey) eckey->priv_key = priv_key; eckey->pub_key = pub_key; -#ifdef OPENSSL_FIPS - if(!fips_check_ec(eckey)) - { - eckey->priv_key = NULL; - eckey->pub_key = NULL; - goto err; - } -#endif - ok=1; err: |