Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
dbfbe10a
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
dbfbe10a
编写于
10月 19, 2014
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
remove FIPS module code from crypto/ecdsa
Reviewed-by:
N
Tim Hudson
<
tjh@openssl.org
>
上级
1bfffe9b
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
0 addition
and
129 deletion
+0
-129
crypto/ec/ec_key.c
crypto/ec/ec_key.c
+0
-87
crypto/ecdsa/ecdsa.h
crypto/ecdsa/ecdsa.h
+0
-16
crypto/ecdsa/ecs_ossl.c
crypto/ecdsa/ecs_ossl.c
+0
-26
未找到文件。
crypto/ec/ec_key.c
浏览文件 @
dbfbe10a
...
...
@@ -233,71 +233,6 @@ int EC_KEY_up_ref(EC_KEY *r)
return
((
i
>
1
)
?
1
:
0
);
}
#ifdef OPENSSL_FIPS
#include <openssl/evp.h>
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
static
int
fips_check_ec
(
EC_KEY
*
key
)
{
EVP_PKEY
pk
;
unsigned
char
tbs
[]
=
"ECDSA Pairwise Check Data"
;
pk
.
type
=
EVP_PKEY_EC
;
pk
.
pkey
.
ec
=
key
;
if
(
!
fips_pkey_signature_test
(
FIPS_TEST_PAIRWISE
,
&
pk
,
tbs
,
0
,
NULL
,
0
,
NULL
,
0
,
NULL
))
{
FIPSerr
(
FIPS_F_FIPS_CHECK_EC
,
FIPS_R_PAIRWISE_TEST_FAILED
);
fips_set_selftest_fail
();
return
0
;
}
return
1
;
}
int
fips_check_ec_prng
(
EC_KEY
*
ec
)
{
int
bits
,
strength
;
if
(
!
FIPS_module_mode
())
return
1
;
if
(
ec
->
flags
&
(
EC_FLAG_NON_FIPS_ALLOW
|
EC_FLAG_FIPS_CHECKED
))
return
1
;
if
(
!
ec
->
group
)
return
1
;
bits
=
BN_num_bits
(
&
ec
->
group
->
order
);
if
(
bits
<
160
)
{
FIPSerr
(
FIPS_F_FIPS_CHECK_EC_PRNG
,
FIPS_R_KEY_TOO_SHORT
);
return
0
;
}
/* Comparable algorithm strengths: from SP800-57 table 2 */
if
(
bits
>=
512
)
strength
=
256
;
else
if
(
bits
>=
384
)
strength
=
192
;
else
if
(
bits
>=
256
)
strength
=
128
;
else
if
(
bits
>=
224
)
strength
=
112
;
else
strength
=
80
;
if
(
FIPS_rand_strength
()
>=
strength
)
return
1
;
FIPSerr
(
FIPS_F_FIPS_CHECK_EC_PRNG
,
FIPS_R_PRNG_STRENGTH_TOO_LOW
);
return
0
;
}
#endif
int
EC_KEY_generate_key
(
EC_KEY
*
eckey
)
{
int
ok
=
0
;
...
...
@@ -305,14 +240,6 @@ int EC_KEY_generate_key(EC_KEY *eckey)
BIGNUM
*
priv_key
=
NULL
,
*
order
=
NULL
;
EC_POINT
*
pub_key
=
NULL
;
#ifdef OPENSSL_FIPS
if
(
FIPS_selftest_failed
())
{
FIPSerr
(
FIPS_F_EC_KEY_GENERATE_KEY
,
FIPS_R_FIPS_SELFTEST_FAILED
);
return
0
;
}
#endif
if
(
!
eckey
||
!
eckey
->
group
)
{
ECerr
(
EC_F_EC_KEY_GENERATE_KEY
,
ERR_R_PASSED_NULL_PARAMETER
);
...
...
@@ -334,11 +261,6 @@ int EC_KEY_generate_key(EC_KEY *eckey)
if
(
!
EC_GROUP_get_order
(
eckey
->
group
,
order
,
ctx
))
goto
err
;
#ifdef OPENSSL_FIPS
if
(
!
fips_check_ec_prng
(
eckey
))
goto
err
;
#endif
do
if
(
!
BN_rand_range
(
priv_key
,
order
))
goto
err
;
...
...
@@ -359,15 +281,6 @@ int EC_KEY_generate_key(EC_KEY *eckey)
eckey
->
priv_key
=
priv_key
;
eckey
->
pub_key
=
pub_key
;
#ifdef OPENSSL_FIPS
if
(
!
fips_check_ec
(
eckey
))
{
eckey
->
priv_key
=
NULL
;
eckey
->
pub_key
=
NULL
;
goto
err
;
}
#endif
ok
=
1
;
err:
...
...
crypto/ecdsa/ecdsa.h
浏览文件 @
dbfbe10a
...
...
@@ -228,22 +228,6 @@ int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
int
ECDSA_set_ex_data
(
EC_KEY
*
d
,
int
idx
,
void
*
arg
);
void
*
ECDSA_get_ex_data
(
EC_KEY
*
d
,
int
idx
);
#ifdef OPENSSL_FIPS
/* Standalone FIPS signature operations */
ECDSA_SIG
*
FIPS_ecdsa_sign_digest
(
EC_KEY
*
key
,
const
unsigned
char
*
dig
,
int
dlen
);
ECDSA_SIG
*
FIPS_ecdsa_sign_ctx
(
EC_KEY
*
key
,
EVP_MD_CTX
*
ctx
);
int
FIPS_ecdsa_verify_digest
(
EC_KEY
*
key
,
const
unsigned
char
*
dig
,
int
dlen
,
ECDSA_SIG
*
s
);
int
FIPS_ecdsa_verify_ctx
(
EC_KEY
*
key
,
EVP_MD_CTX
*
ctx
,
ECDSA_SIG
*
s
);
int
FIPS_ecdsa_verify
(
EC_KEY
*
key
,
const
unsigned
char
*
msg
,
size_t
msglen
,
const
EVP_MD
*
mhash
,
ECDSA_SIG
*
s
);
ECDSA_SIG
*
FIPS_ecdsa_sign
(
EC_KEY
*
key
,
const
unsigned
char
*
msg
,
size_t
msglen
,
const
EVP_MD
*
mhash
);
#endif
/** Allocates and initialize a ECDSA_METHOD structure
* \param ecdsa_method pointer to ECDSA_METHOD to copy. (May be NULL)
* \return pointer to a ECDSA_METHOD structure or NULL if an error occurred
...
...
crypto/ecdsa/ecs_ossl.c
浏览文件 @
dbfbe10a
...
...
@@ -144,11 +144,6 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
goto
err
;
}
#ifdef OPENSSL_FIPS
if
(
!
fips_check_ec_prng
(
eckey
))
goto
err
;
#endif
do
{
/* get random k */
...
...
@@ -289,14 +284,6 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
ECDSA_DATA
*
ecdsa
;
const
BIGNUM
*
priv_key
;
#ifdef OPENSSL_FIPS
if
(
FIPS_selftest_failed
())
{
FIPSerr
(
FIPS_F_ECDSA_DO_SIGN
,
FIPS_R_FIPS_SELFTEST_FAILED
);
return
NULL
;
}
#endif
ecdsa
=
ecdsa_check
(
eckey
);
group
=
EC_KEY_get0_group
(
eckey
);
priv_key
=
EC_KEY_get0_private_key
(
eckey
);
...
...
@@ -307,11 +294,6 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
return
NULL
;
}
#ifdef OPENSSL_FIPS
if
(
!
fips_check_ec_prng
(
eckey
))
return
NULL
;
#endif
ret
=
ECDSA_SIG_new
();
if
(
!
ret
)
{
...
...
@@ -432,14 +414,6 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
const
EC_GROUP
*
group
;
const
EC_POINT
*
pub_key
;
#ifdef OPENSSL_FIPS
if
(
FIPS_selftest_failed
())
{
FIPSerr
(
FIPS_F_ECDSA_DO_VERIFY
,
FIPS_R_FIPS_SELFTEST_FAILED
);
return
-
1
;
}
#endif
/* check input values */
if
(
eckey
==
NULL
||
(
group
=
EC_KEY_get0_group
(
eckey
))
==
NULL
||
(
pub_key
=
EC_KEY_get0_public_key
(
eckey
))
==
NULL
||
sig
==
NULL
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录