wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 03:07:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix for FIPS ECC integrity check with crypto callback set (#6425)

Browse Source 
Skip ECC private key check when the TPM is used to generate the key, since it doesn't release the private part. this option needs to be used with a FIPS approved TPM for the end result to be FIPS approved
This commit is contained in:
John Bland
2023-05-19 12:12:44 -04:00
committed by GitHub
parent f3b66a3e26
commit 7e3aafb60c
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configure.ac
View File

@ -434,7 +434,6 @@ AS_CASE([$FIPS_VERSION],
] ]
) )
# For reproducible build, gate out from the build anything that might # For reproducible build, gate out from the build anything that might
# introduce semantically frivolous jitter, maximizing chance of # introduce semantically frivolous jitter, maximizing chance of
# identical object files. # identical object files.

7
wolfcrypt/src/ecc.c
View File

@ -5676,7 +5676,12 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
if (err == MP_OKAY) { if (err == MP_OKAY) {
err = _ecc_validate_public_key(key, 0, 0); err = _ecc_validate_public_key(key, 0, 0);
} }
if (err == MP_OKAY) { if (err == MP_OKAY
#if defined(WOLF_CRYPTO_CB)
/* even if WOLF_CRYPTO_CB we generate the key if the devId is invalid */
&& key->devId == INVALID_DEVID
#endif
) {
err = _ecc_pairwise_consistency_test(key, rng); err = _ecc_pairwise_consistency_test(key, rng);
} }
#endif #endif