Use KAT for ECDSA signature tests, s390 arch
Resolves: rhbz#2069235
This commit is contained in:
parent
96926ffe00
commit
a8a3a389ee
@ -382,3 +382,39 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.kat openssl-3.0.1/provi
|
||||
},
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
{
|
||||
diff -up openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c
|
||||
--- openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat 2022-05-30 14:48:53.180999124 +0200
|
||||
+++ openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c 2022-05-30 14:58:52.841286228 +0200
|
||||
@@ -44,6 +44,10 @@
|
||||
#define S390X_OFF_RN(n) (4 * n)
|
||||
#define S390X_OFF_Y(n) (4 * n)
|
||||
|
||||
+#ifdef FIPS_MODULE
|
||||
+extern int REDHAT_FIPS_signature_st;
|
||||
+#endif
|
||||
+
|
||||
static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
|
||||
const BIGNUM *scalar,
|
||||
size_t num, const EC_POINT *points[],
|
||||
@@ -183,11 +187,21 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign
|
||||
* because kdsa instruction constructs an in-range, invertible nonce
|
||||
* internally implementing counter-measures for RNG weakness.
|
||||
*/
|
||||
+#ifdef FIPS_MODULE
|
||||
+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) {
|
||||
+ BN_bn2binpad(eckey->sign_kat_k, param + S390X_OFF_RN(len), len);
|
||||
+ /* Turns KDSA internal nonce-generation off. */
|
||||
+ fc |= S390X_KDSA_D;
|
||||
+ } else {
|
||||
+#endif
|
||||
if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len),
|
||||
(size_t)len, 0) != 1) {
|
||||
ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
|
||||
goto ret;
|
||||
}
|
||||
+#ifdef FIPS_MODULE
|
||||
+ }
|
||||
+#endif
|
||||
} else {
|
||||
/* Reconstruct k = (k^-1)^-1. */
|
||||
if (ossl_ec_group_do_inverse_ord(group, k, kinv, NULL) == 0
|
||||
|
@ -466,6 +466,8 @@ install -m644 %{SOURCE9} \
|
||||
- Resolves: rhbz#2090362
|
||||
- Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode"
|
||||
Related: rhbz#2087147
|
||||
- Use KAT for ECDSA signature tests, s390 arch
|
||||
- Resolves: rhbz#2069235
|
||||
|
||||
* Thu May 19 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-32
|
||||
- `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
|
||||
|
Loading…
Reference in New Issue
Block a user