Commit 1f1790d1 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

To reduce FIPS dependencies don't load error strings and avoid use of ASN1 

versions of DSA signature functions.
parent ab8c8aa4

fips-1.0/dsa/fips_dsa_gen.c

+11 −4
Original line number Diff line number Diff line
@@ -93,11 +93,18 @@ 
static int fips_check_dsa(DSA *dsa)

    {

    static const unsigned char str1[]="12345678901234567890";

    unsigned char sig[256];

    unsigned int siglen;

    int r = 0;

    DSA_SIG *sig;



    sig = DSA_do_sign(str1, 20, dsa);



    if (sig)

	{

    	r = DSA_do_verify(str1, 20, sig, dsa);

	DSA_SIG_free(sig);

	}



    DSA_sign(0, str1, 20, sig, &siglen, dsa);

    if(DSA_verify(0, str1, 20, sig, siglen, dsa) != 1)

    if(r != 1)

	{

	FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);

	return 0;

fips-1.0/dsa/fips_dsa_selftest.c

+14 −4
Original line number Diff line number Diff line
@@ -112,8 +112,8 @@ int FIPS_selftest_dsa() 
    int counter,i,j;

    unsigned char buf[256];

    unsigned long h;

    unsigned char sig[256];

    unsigned int siglen;



    DSA_SIG *sig = NULL;



    dsa=DSA_generate_parameters(512,seed,20,&counter,&h,NULL,NULL);
@@ -156,8 +156,18 @@ int FIPS_selftest_dsa() 
	return 0;

	}

    DSA_generate_key(dsa);

    DSA_sign(0, str1, 20, sig, &siglen, dsa);

    if(DSA_verify(0, str1, 20, sig, siglen, dsa) != 1)

    sig = DSA_do_sign(str1, 20, dsa);



    if (sig)

	{

    	i = DSA_do_verify(str1, 20, sig, dsa);

	DSA_SIG_free(sig);

	OPENSSL_free(sig);

	}

    else

	i = 0;



    if (i != 1)

	{

	FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);

	return 0;

fips-1.0/dsa/fips_dsatest.c

+13 −6
Original line number Diff line number Diff line
@@ -140,8 +140,7 @@ int main(int argc, char **argv) 
	int counter,ret=0,i,j;

	unsigned char buf[256];

	unsigned long h;

	unsigned char sig[256];

	unsigned int siglen;

	DSA_SIG *sig = NULL;



	if (bio_err == NULL)

		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
@@ -157,7 +156,6 @@ int main(int argc, char **argv) 
	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);

	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);



	ERR_load_crypto_strings();

	FIPS_set_prng_key(rnd_key1,rnd_key2);

	RAND_seed(rnd_seed, sizeof rnd_seed);
@@ -174,7 +172,7 @@ int main(int argc, char **argv) 
	BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h);

		

	if (dsa == NULL) goto end;

	DSA_print(bio_err,dsa,0);

	/*DSA_print(bio_err,dsa,0);*/

	if (counter != 105) 

		{

		BIO_printf(bio_err,"counter should be 105\n");
@@ -210,8 +208,17 @@ int main(int argc, char **argv) 
		goto end;

		}

	DSA_generate_key(dsa);

	DSA_sign(0, str1, 20, sig, &siglen, dsa);

	if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)



	sig = DSA_do_sign(str1, 20, dsa);



	if (sig)

		{	

		i = DSA_do_verify(str1, 20, sig, dsa);

		DSA_SIG_free(sig);

		}

	else

		i = 0;

	if (i == 1)

		ret=1;

end:

	if (!ret)

fips-1.0/dsa/fips_dssvs.c

+4 −2
Original line number Diff line number Diff line
@@ -301,7 +301,10 @@ void sigver() 
    char *keyword, *value;

    int nmod=0;

    unsigned char hash[20];

    DSA_SIG *sig=DSA_SIG_new();

    DSA_SIG sg, *sig = &sg;



    sig->r = NULL;

    sig->s = NULL;



    while(fgets(buf,sizeof buf,stdin) != NULL)

	{
@@ -367,7 +370,6 @@ int main(int argc,char **argv) 
	}

    if(!FIPS_mode_set(1))

	{

	ERR_load_crypto_strings();

	ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));

	exit(1);

	}

fips-1.0/fips.c

+0 −1
Original line number Diff line number Diff line
@@ -135,7 +135,6 @@ int FIPS_selftest_failed(void) 


int FIPS_selftest()

    {

    ERR_load_crypto_strings();



    return FIPS_selftest_sha1()

	&& FIPS_selftest_hmac()