From 9656b83a03020d1c16924eaa5f0489ca7a12407f Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 25 Feb 2021 16:03:55 -0800
Subject: [PATCH] Add ECDSA-KAT CAST.

---
 configure.ac                    | 1 +
 wolfcrypt/src/error.c           | 3 +++
 wolfssl/wolfcrypt/error-crypt.h | 3 ++-
 wolfssl/wolfcrypt/fips_test.h   | 1 +
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index fdc7a6d65..8239821c4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3372,6 +3372,7 @@ AS_CASE([$FIPS_VERSION],
             [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
         AS_IF([test "x$ENABLED_AESGCM" = "xno"],
             [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_SET_K"
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
         AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DFP_MAX_BITS=16384"
     ],
diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 4293bd941..66806356a 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -530,6 +530,9 @@ const char* wc_GetErrorString(int error)
     case BAD_LENGTH_E:
         return "Value of length parameter is invalid.";
 
+    case ECDSA_KAT_FIPS_E:
+        return "wolfcrypt FIPS ECDSA Known Answer Test Failure";
+
     default:
         return "unknown error number";
 
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index 78851d3d4..2ca1131bd 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -238,8 +238,9 @@ enum {
     MISSING_IV          = -277,  /* IV was not set */
     MISSING_KEY         = -278,  /* Key was not set */
     BAD_LENGTH_E        = -279,  /* Value of length parameter is invalid. */
+    ECDSA_KAT_FIPS_E    = -280,  /* ECDSA KAT failure */
 
-    WC_LAST_E           = -279,  /* Update this to indicate last error */
+    WC_LAST_E           = -280,  /* Update this to indicate last error */
     MIN_CODE_E          = -300   /* errors -101 - -299 */
 
     /* add new companion error id strings for any new error codes
diff --git a/wolfssl/wolfcrypt/fips_test.h b/wolfssl/wolfcrypt/fips_test.h
index 6cca35d1f..42debf9e7 100644
--- a/wolfssl/wolfcrypt/fips_test.h
+++ b/wolfssl/wolfcrypt/fips_test.h
@@ -43,6 +43,7 @@ enum FipsCastId {
     FIPS_CAST_ECC_CDH,
     FIPS_CAST_ECC_PRIMITIVE_Z,
     FIPS_CAST_DH_PRIMITIVE_Z,
+    FIPS_CAST_ECDSA,
     FIPS_CAST_ECDSA_PAIRWISE,
     FIPS_CAST_ECDSA_SHA3_PAIRWISE,
     FIPS_CAST_COUNT