]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e2f8374) | patch
s390x: EC: use OpenSSL's RNG for ECDSA nonce 'k' for FIPS module
authorIngo Franzki <ifranzki@linux.ibm.com>
Fri, 23 Jan 2026 07:43:54 +0000 (08:43 +0100)
committerPauli <paul.dale@oracle.com>
Wed, 28 Jan 2026 22:21:22 +0000 (09:21 +1100)
commit66ead9927dc7aba0dcfb9068f9288ce1e4feda53
tree9bc92e10ac73bc9697249fb08e831028f6701c3etree | snapshot
parente2f837410e97147c7fc4e572f7d728eb1d5ece3fcommit | diff
s390x: EC: use OpenSSL's RNG for ECDSA nonce 'k' for FIPS module

The KDSA instruction can operate in 2 different modes:
- Deterministic mode - nonce 'k' is supplied by user.
- Non-deterministic mode - nonce 'k' is randomly generated by the instruction
  itself.

When running in the FIPS-Module, do not use KDSA's non-deterministic mode,
but generate the nonce 'k' using OpenSSL's random number generator. This
ensures that the nonce is generated using a FIPS-approved random number
generator.

It also makes the FIPS KAT tests work, because those use a pre-setup
deterministic random number generator to produce deterministic ECDSA
signatures even for non-deterministic mode.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29754)
crypto/ec/ecp_s390x_nistp.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git