diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-02-14 17:14:55 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-02-14 17:14:55 +0000 |
| commit | fe26d066ff6d34a01a2d05cba383e099960182c0 (patch) | |
| tree | 353911c7b542155091761d1f2f72e9cc791b439b /crypto/ecdsa | |
| parent | c876a4b7b119faa80add62d7a04b46eda8b7bf99 (diff) | |
Add ECDSA functionality to fips module. Initial very incomplete version
of algorithm test program.
Diffstat (limited to 'crypto/ecdsa')
| -rw-r--r-- | crypto/ecdsa/ecdsa.h | 10 | ||||
| -rw-r--r-- | crypto/ecdsa/ecs_ossl.c | 34 |
2 files changed, 43 insertions, 1 deletions
diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h index e61c539812..c3275b0839 100644 --- a/crypto/ecdsa/ecdsa.h +++ b/crypto/ecdsa/ecdsa.h @@ -228,6 +228,16 @@ int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); void *ECDSA_get_ex_data(EC_KEY *d, int idx); +#ifdef OPENSSL_FIPS +/* Standalone FIPS signature operations */ +ECDSA_SIG * FIPS_ecdsa_sign_digest(EC_KEY *key, + const unsigned char *dig, int dlen); +ECDSA_SIG * FIPS_ecdsa_sign_ctx(EC_KEY *key, EVP_MD_CTX *ctx); +int FIPS_ecdsa_verify_digest(EC_KEY *key, + const unsigned char *dig, int dlen, ECDSA_SIG *s); +int FIPS_ecdsa_verify_ctx(EC_KEY *key, EVP_MD_CTX *ctx, ECDSA_SIG *s); +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 59127d350d..4ed29d1889 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -56,6 +56,8 @@ * */ +#define OPENSSL_FIPSAPI + #include "ecs_locl.h" #include <openssl/err.h> #include <openssl/obj_mac.h> @@ -274,7 +276,8 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, { if (in_kinv == NULL || in_r == NULL) { - if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) + if (!ecdsa->meth->ecdsa_sign_setup(eckey, ctx, + &kinv, &ret->r)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB); goto err; @@ -473,3 +476,32 @@ err: EC_POINT_free(point); return ret; } + +#ifdef OPENSSL_FIPSCANISTER +/* FIPS stanadlone version of ecdsa_check: just return FIPS method */ +ECDSA_DATA *fips_ecdsa_check(EC_KEY *key) + { + static ECDSA_DATA rv = { + 0,0,0, + &openssl_ecdsa_meth + }; + return &rv; + } +/* Standalone digest sign and verify */ +int FIPS_ecdsa_verify_digest(EC_KEY *key, + const unsigned char *dig, int dlen, ECDSA_SIG *s) + { + ECDSA_DATA *ecdsa = ecdsa_check(key); + if (ecdsa == NULL) + return 0; + return ecdsa->meth->ecdsa_do_verify(dig, dlen, s, key); + } +ECDSA_SIG * FIPS_ecdsa_sign_digest(EC_KEY *key, + const unsigned char *dig, int dlen) + { + ECDSA_DATA *ecdsa = ecdsa_check(key); + if (ecdsa == NULL) + return NULL; + return ecdsa->meth->ecdsa_do_sign(dig, dlen, NULL, NULL, key); + } +#endif |