Loading CHANGES +5 −0 Original line number Diff line number Diff line Loading @@ -4,9 +4,14 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] *) Add FIPS_{rsa,dsa,ecdsa}_{sign,verify} functions which digest and sign or verify all in one operation. [Steve Henson] *) Add fips_algvs: a multicall fips utility incorporaing all the algorithm test programs and fips_test_suite. Includes functionality to parse the minimal script output of fipsalgest.pl directly. [Steve Henson] *) Add authorisation parameter to FIPS_module_mode_set(). [Steve Henson] Loading crypto/dsa/dsa.h +5 −0 Original line number Diff line number Diff line Loading @@ -215,6 +215,11 @@ DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx); int FIPS_dsa_verify_digest(DSA *dsa, const unsigned char *dig, int dlen, DSA_SIG *s); int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s); int FIPS_dsa_verify(DSA *dsa, const unsigned char *msg, size_t msglen, const EVP_MD *mhash, DSA_SIG *s); DSA_SIG * FIPS_dsa_sign(DSA *dsa, const unsigned char *msg, size_t msglen, const EVP_MD *mhash); #endif DSA * DSA_new(void); Loading crypto/ecdsa/ecdsa.h +5 −0 Original line number Diff line number Diff line Loading @@ -236,6 +236,11 @@ ECDSA_SIG * FIPS_ecdsa_sign_ctx(EC_KEY *key, EVP_MD_CTX *ctx); int FIPS_ecdsa_verify_digest(EC_KEY *key, const unsigned char *dig, int dlen, ECDSA_SIG *s); int FIPS_ecdsa_verify_ctx(EC_KEY *key, EVP_MD_CTX *ctx, ECDSA_SIG *s); int FIPS_ecdsa_verify(EC_KEY *key, const unsigned char *msg, size_t msglen, const EVP_MD *mhash, ECDSA_SIG *s); ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key, const unsigned char *msg, size_t msglen, const EVP_MD *mhash); #endif Loading fips/dsa/fips_dsa_sign.c +24 −0 Original line number Diff line number Diff line Loading @@ -114,4 +114,28 @@ int FIPS_dsa_verify_digest(DSA *dsa, return dsa->meth->dsa_do_verify(dig,dlen,s,dsa); } int FIPS_dsa_verify(DSA *dsa, const unsigned char *msg, size_t msglen, const EVP_MD *mhash, DSA_SIG *s) { int ret=-1; unsigned char dig[EVP_MAX_MD_SIZE]; unsigned int dlen; FIPS_digest(msg, msglen, dig, &dlen, mhash); ret=FIPS_dsa_verify_digest(dsa, dig, dlen, s); OPENSSL_cleanse(dig, dlen); return ret; } DSA_SIG * FIPS_dsa_sign(DSA *dsa, const unsigned char *msg, size_t msglen, const EVP_MD *mhash) { DSA_SIG *s; unsigned char dig[EVP_MAX_MD_SIZE]; unsigned int dlen; FIPS_digest(msg, msglen, dig, &dlen, mhash); s = FIPS_dsa_sign_digest(dsa, dig, dlen); OPENSSL_cleanse(dig, dlen); return s; } #endif fips/dsa/fips_dsatest.c +2 −13 Original line number Diff line number Diff line Loading @@ -154,9 +154,7 @@ int main(int argc, char **argv) unsigned char buf[256]; unsigned long h; BN_GENCB cb; EVP_MD_CTX mctx; BN_GENCB_set(&cb, dsa_cb, stderr); FIPS_md_ctx_init(&mctx); fips_algtest_init(); Loading Loading @@ -210,19 +208,11 @@ int main(int argc, char **argv) } DSA_generate_key(dsa); if (!FIPS_digestinit(&mctx, EVP_sha1())) goto end; if (!FIPS_digestupdate(&mctx, str1, 20)) goto end; sig = FIPS_dsa_sign_ctx(dsa, &mctx); sig = FIPS_dsa_sign(dsa, str1, 20, EVP_sha1()); if (!sig) goto end; if (!FIPS_digestinit(&mctx, EVP_sha1())) goto end; if (!FIPS_digestupdate(&mctx, str1, 20)) goto end; if (FIPS_dsa_verify_ctx(dsa, &mctx, sig) != 1) if (FIPS_dsa_verify(dsa, str1, 20, EVP_sha1(), sig) != 1) goto end; ret = 1; Loading @@ -231,7 +221,6 @@ end: if (sig) FIPS_dsa_sig_free(sig); if (dsa != NULL) FIPS_dsa_free(dsa); FIPS_md_ctx_cleanup(&mctx); #if 0 CRYPTO_mem_leaks(bio_err); #endif Loading Loading
CHANGES +5 −0 Original line number Diff line number Diff line Loading @@ -4,9 +4,14 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] *) Add FIPS_{rsa,dsa,ecdsa}_{sign,verify} functions which digest and sign or verify all in one operation. [Steve Henson] *) Add fips_algvs: a multicall fips utility incorporaing all the algorithm test programs and fips_test_suite. Includes functionality to parse the minimal script output of fipsalgest.pl directly. [Steve Henson] *) Add authorisation parameter to FIPS_module_mode_set(). [Steve Henson] Loading
crypto/dsa/dsa.h +5 −0 Original line number Diff line number Diff line Loading @@ -215,6 +215,11 @@ DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx); int FIPS_dsa_verify_digest(DSA *dsa, const unsigned char *dig, int dlen, DSA_SIG *s); int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s); int FIPS_dsa_verify(DSA *dsa, const unsigned char *msg, size_t msglen, const EVP_MD *mhash, DSA_SIG *s); DSA_SIG * FIPS_dsa_sign(DSA *dsa, const unsigned char *msg, size_t msglen, const EVP_MD *mhash); #endif DSA * DSA_new(void); Loading
crypto/ecdsa/ecdsa.h +5 −0 Original line number Diff line number Diff line Loading @@ -236,6 +236,11 @@ ECDSA_SIG * FIPS_ecdsa_sign_ctx(EC_KEY *key, EVP_MD_CTX *ctx); int FIPS_ecdsa_verify_digest(EC_KEY *key, const unsigned char *dig, int dlen, ECDSA_SIG *s); int FIPS_ecdsa_verify_ctx(EC_KEY *key, EVP_MD_CTX *ctx, ECDSA_SIG *s); int FIPS_ecdsa_verify(EC_KEY *key, const unsigned char *msg, size_t msglen, const EVP_MD *mhash, ECDSA_SIG *s); ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key, const unsigned char *msg, size_t msglen, const EVP_MD *mhash); #endif Loading
fips/dsa/fips_dsa_sign.c +24 −0 Original line number Diff line number Diff line Loading @@ -114,4 +114,28 @@ int FIPS_dsa_verify_digest(DSA *dsa, return dsa->meth->dsa_do_verify(dig,dlen,s,dsa); } int FIPS_dsa_verify(DSA *dsa, const unsigned char *msg, size_t msglen, const EVP_MD *mhash, DSA_SIG *s) { int ret=-1; unsigned char dig[EVP_MAX_MD_SIZE]; unsigned int dlen; FIPS_digest(msg, msglen, dig, &dlen, mhash); ret=FIPS_dsa_verify_digest(dsa, dig, dlen, s); OPENSSL_cleanse(dig, dlen); return ret; } DSA_SIG * FIPS_dsa_sign(DSA *dsa, const unsigned char *msg, size_t msglen, const EVP_MD *mhash) { DSA_SIG *s; unsigned char dig[EVP_MAX_MD_SIZE]; unsigned int dlen; FIPS_digest(msg, msglen, dig, &dlen, mhash); s = FIPS_dsa_sign_digest(dsa, dig, dlen); OPENSSL_cleanse(dig, dlen); return s; } #endif
fips/dsa/fips_dsatest.c +2 −13 Original line number Diff line number Diff line Loading @@ -154,9 +154,7 @@ int main(int argc, char **argv) unsigned char buf[256]; unsigned long h; BN_GENCB cb; EVP_MD_CTX mctx; BN_GENCB_set(&cb, dsa_cb, stderr); FIPS_md_ctx_init(&mctx); fips_algtest_init(); Loading Loading @@ -210,19 +208,11 @@ int main(int argc, char **argv) } DSA_generate_key(dsa); if (!FIPS_digestinit(&mctx, EVP_sha1())) goto end; if (!FIPS_digestupdate(&mctx, str1, 20)) goto end; sig = FIPS_dsa_sign_ctx(dsa, &mctx); sig = FIPS_dsa_sign(dsa, str1, 20, EVP_sha1()); if (!sig) goto end; if (!FIPS_digestinit(&mctx, EVP_sha1())) goto end; if (!FIPS_digestupdate(&mctx, str1, 20)) goto end; if (FIPS_dsa_verify_ctx(dsa, &mctx, sig) != 1) if (FIPS_dsa_verify(dsa, str1, 20, EVP_sha1(), sig) != 1) goto end; ret = 1; Loading @@ -231,7 +221,6 @@ end: if (sig) FIPS_dsa_sig_free(sig); if (dsa != NULL) FIPS_dsa_free(dsa); FIPS_md_ctx_cleanup(&mctx); #if 0 CRYPTO_mem_leaks(bio_err); #endif Loading
