projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Return error codes for selftest failure instead of hard assertion errors.
[openssl.git]
/
fips
/
rsa
/
fips_rsa_sign.c
diff --git
a/fips/rsa/fips_rsa_sign.c
b/fips/rsa/fips_rsa_sign.c
index 46d0d4061a0c911d3b7fae8d10104c84e871b1bd..c68c00787d0ffb1275062f7ab7a61856ac03d662 100644
(file)
--- a/
fips/rsa/fips_rsa_sign.c
+++ b/
fips/rsa/fips_rsa_sign.c
@@
-219,7
+219,11
@@
int FIPS_rsa_sign_digest(RSA *rsa, const unsigned char *md, int md_len,
/* Largest DigestInfo: 19 (max encoding) + max MD */
unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
/* Largest DigestInfo: 19 (max encoding) + max MD */
unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
- FIPS_selftest_check();
+ if (FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_FIPS_RSA_SIGN_DIGEST, FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
md_type = M_EVP_MD_type(mhash);
md_type = M_EVP_MD_type(mhash);
@@
-322,14
+326,18
@@
int FIPS_rsa_verify_digest(RSA *rsa, const unsigned char *dig, int diglen,
int md_type;
int rsa_dec_pad_mode;
int md_type;
int rsa_dec_pad_mode;
+ if (FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_FIPS_RSA_VERIFY_DIGEST, FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+
if (siglen != (unsigned int)RSA_size(rsa))
{
RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_WRONG_SIGNATURE_LENGTH);
return(0);
}
if (siglen != (unsigned int)RSA_size(rsa))
{
RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_WRONG_SIGNATURE_LENGTH);
return(0);
}
- FIPS_selftest_check();
-
md_type = M_EVP_MD_type(mhash);
s= OPENSSL_malloc((unsigned int)siglen);
md_type = M_EVP_MD_type(mhash);
s= OPENSSL_malloc((unsigned int)siglen);