Add pairwise consistency test to EC.

crypto/ec/ec_key.c

@@ -232,6 +232,35 @@ int EC_KEY_up_ref(EC_KEY *r)
 	return ((i > 1) ? 1 : 0);
 	}
 
+#ifdef OPENSSL_FIPS
+
+#include <openssl/evp.h>
+
+static int fips_ec_pairwise_fail = 0;
+
+void FIPS_corrupt_ec_keygen(void)
+	{
+	fips_ec_pairwise_fail = 1;
+	}
+
+static int fips_check_ec(EC_KEY *key)
+	{
+	EVP_PKEY pk;
+	unsigned char tbs[] = "ECDSA Pairwise Check Data";
+    	pk.type = EVP_PKEY_EC;
+    	pk.pkey.ec = key;
+
+	if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, NULL, 0, NULL))
+		{
+		FIPSerr(FIPS_F_FIPS_CHECK_EC,FIPS_R_PAIRWISE_TEST_FAILED);
+		fips_set_selftest_fail();
+		return 0;
+		}
+	return 1;
+	}
+
+#endif
+
 int EC_KEY_generate_key(EC_KEY *eckey)
 	{	
 	int	ok = 0;
@@ -280,6 +309,17 @@ int EC_KEY_generate_key(EC_KEY *eckey)
 	eckey->priv_key = priv_key;
 	eckey->pub_key  = pub_key;
 
+#ifdef OPENSSL_FIPS
+	if (fips_ec_pairwise_fail)
+		BN_add_word(eckey->priv_key, 1);
+	if(!fips_check_ec(eckey))
+		{
+		eckey->priv_key = NULL;
+		eckey->pub_key  = NULL;
+	    	goto err;
+		}
+#endif
+
 	ok=1;
 
 err:	

crypto/fips_err.h

@@ -78,6 +78,7 @@ static ERR_STRING_DATA FIPS_str_functs[]=
 {ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX),	"EVP_CipherInit_ex"},
 {ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX),	"EVP_DigestInit_ex"},
 {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA),	"FIPS_CHECK_DSA"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_EC),	"FIPS_CHECK_EC"},
 {ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),	"FIPS_check_incore_fingerprint"},
 {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA),	"fips_check_rsa"},
 {ERR_FUNC(FIPS_F_FIPS_CIPHERINIT),	"FIPS_CIPHERINIT"},

fips/fips.c

@@ -56,6 +56,7 @@
 #include <openssl/hmac.h>
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
+#include <openssl/ecdsa.h>
 #include <string.h>
 #include <limits.h>
 #include "fips_locl.h"
@@ -437,6 +438,7 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
 	unsigned char sigtmp[256], *sig = sigtmp;
 	unsigned int siglen;
 	DSA_SIG *dsig = NULL;
+	ECDSA_SIG *esig = NULL;
 	EVP_MD_CTX mctx;
 	FIPS_md_ctx_init(&mctx);
 
@@ -473,6 +475,12 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
 		if (!dsig)
 			goto error;
 		}
+	else if (pkey->type == EVP_PKEY_EC)
+		{
+		esig = FIPS_ecdsa_sign_ctx(pkey->pkey.ec, &mctx);
+		if (!esig)
+			goto error;
+		}
 #if 0
 	else if (!EVP_SignFinal(&mctx, sig, &siglen, pkey))
 		goto error;
@@ -494,6 +502,10 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
 		{
 		ret = FIPS_dsa_verify_ctx(pkey->pkey.dsa, &mctx, dsig);
 		}
+	else if (pkey->type == EVP_PKEY_EC)
+		{
+		ret = FIPS_ecdsa_verify_ctx(pkey->pkey.ec, &mctx, esig);
+		}
 #if 0
 	else
 		ret = EVP_VerifyFinal(&mctx, sig, siglen, pkey);
@@ -502,6 +514,8 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
 	error:
 	if (dsig != NULL)
 		FIPS_dsa_sig_free(dsig);
+	if (esig != NULL)
+		FIPS_ecdsa_sig_free(esig);
 	if (sig != sigtmp)
 		OPENSSL_free(sig);
 	FIPS_md_ctx_cleanup(&mctx);

fips/fips.h

@@ -84,6 +84,7 @@ int FIPS_selftest_rsa(void);
 void FIPS_corrupt_dsa(void);
 void FIPS_corrupt_dsa_keygen(void);
 int FIPS_selftest_dsa(void);
+void FIPS_corrupt_ec_keygen(void);
 void FIPS_corrupt_rng(void);
 void FIPS_rng_stick(void);
 int FIPS_selftest_rng(void);
@@ -180,6 +181,7 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_F_EVP_CIPHERINIT_EX			 124
 #define FIPS_F_EVP_DIGESTINIT_EX			 125
 #define FIPS_F_FIPS_CHECK_DSA				 104
+#define FIPS_F_FIPS_CHECK_EC				 129
 #define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT		 105
 #define FIPS_F_FIPS_CHECK_RSA				 106
 #define FIPS_F_FIPS_CIPHERINIT				 128