|
|
|
@ -382,3 +382,39 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.kat openssl-3.0.1/provi
|
|
|
|
|
},
|
|
|
|
|
# ifndef OPENSSL_NO_EC2M
|
|
|
|
|
{
|
|
|
|
|
diff -up openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c
|
|
|
|
|
--- openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat 2022-05-30 14:48:53.180999124 +0200
|
|
|
|
|
+++ openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c 2022-05-30 14:58:52.841286228 +0200
|
|
|
|
|
@@ -44,6 +44,10 @@
|
|
|
|
|
#define S390X_OFF_RN(n) (4 * n)
|
|
|
|
|
#define S390X_OFF_Y(n) (4 * n)
|
|
|
|
|
|
|
|
|
|
+#ifdef FIPS_MODULE
|
|
|
|
|
+extern int REDHAT_FIPS_signature_st;
|
|
|
|
|
+#endif
|
|
|
|
|
+
|
|
|
|
|
static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
|
|
|
|
|
const BIGNUM *scalar,
|
|
|
|
|
size_t num, const EC_POINT *points[],
|
|
|
|
|
@@ -183,11 +187,21 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign
|
|
|
|
|
* because kdsa instruction constructs an in-range, invertible nonce
|
|
|
|
|
* internally implementing counter-measures for RNG weakness.
|
|
|
|
|
*/
|
|
|
|
|
+#ifdef FIPS_MODULE
|
|
|
|
|
+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) {
|
|
|
|
|
+ BN_bn2binpad(eckey->sign_kat_k, param + S390X_OFF_RN(len), len);
|
|
|
|
|
+ /* Turns KDSA internal nonce-generation off. */
|
|
|
|
|
+ fc |= S390X_KDSA_D;
|
|
|
|
|
+ } else {
|
|
|
|
|
+#endif
|
|
|
|
|
if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len),
|
|
|
|
|
(size_t)len, 0) != 1) {
|
|
|
|
|
ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
|
|
|
|
|
goto ret;
|
|
|
|
|
}
|
|
|
|
|
+#ifdef FIPS_MODULE
|
|
|
|
|
+ }
|
|
|
|
|
+#endif
|
|
|
|
|
} else {
|
|
|
|
|
/* Reconstruct k = (k^-1)^-1. */
|
|
|
|
|
if (ossl_ec_group_do_inverse_ord(group, k, kinv, NULL) == 0
|
|
|
|
|