* - Geoff
*/
+#define OPENSSL_FIPSAPI
+
#include <stdio.h>
#include <time.h>
#include "cryptlib.h"
#ifdef OPENSSL_FIPS
-#define OPENSSL_FIPSAPI
#include <openssl/fips.h>
#include <openssl/evp.h>
-static int fips_rsa_pairwise_fail = 0;
-
-void FIPS_corrupt_rsa_keygen(void)
- {
- fips_rsa_pairwise_fail = 1;
- }
-
int fips_check_rsa(RSA *rsa)
{
const unsigned char tbs[] = "RSA Pairwise Check Data";
pk.pkey.rsa = rsa;
/* Perform pairwise consistency signature test */
- if (!fips_pkey_signature_test(&pk, tbs, -1,
- NULL, 0, EVP_sha1(), RSA_PKCS1_PADDING, NULL)
- || !fips_pkey_signature_test(&pk, tbs, -1,
- NULL, 0, EVP_sha1(), RSA_X931_PADDING, NULL)
- || !fips_pkey_signature_test(&pk, tbs, -1,
- NULL, 0, EVP_sha1(), RSA_PKCS1_PSS_PADDING, NULL))
+ if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0,
+ NULL, 0, NULL, RSA_PKCS1_PADDING, NULL)
+ || !fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0,
+ NULL, 0, NULL, RSA_X931_PADDING, NULL)
+ || !fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0,
+ NULL, 0, NULL, RSA_PKCS1_PSS_PADDING, NULL))
goto err;
/* Now perform pairwise consistency encrypt/decrypt test */
ctbuf = OPENSSL_malloc(RSA_size(rsa));
if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
#ifdef OPENSSL_FIPS
- if (fips_rsa_pairwise_fail)
- BN_add_word(rsa->n, 1);
-
if(!fips_check_rsa(rsa))
goto err;
#endif