Update pairwise consistency checks to use SHA-256.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 15 Feb 2011 16:18:18 +0000 (16:18 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 15 Feb 2011 16:18:18 +0000 (16:18 +0000)
crypto/dsa/dsa_key.c
crypto/rsa/rsa_gen.c
fips/fips.c

index acc34a5..fa4fb09 100644 (file)
@@ -85,8 +85,7 @@ static int fips_check_dsa(DSA *dsa)
        pk.type = EVP_PKEY_DSA;
        pk.pkey.dsa = dsa;
 
-       if (!fips_pkey_signature_test(&pk, tbs, -1,
-                                       NULL, 0, EVP_sha1(), 0, NULL))
+       if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, NULL, 0, NULL))
                {
                FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
                fips_set_selftest_fail();
index 90d6b3c..7bef5dd 100644 (file)
@@ -94,11 +94,11 @@ int fips_check_rsa(RSA *rsa)
 
        /* Perform pairwise consistency signature test */
        if (!fips_pkey_signature_test(&pk, tbs, -1,
-                       NULL, 0, EVP_sha1(), RSA_PKCS1_PADDING, NULL)
+                       NULL, 0, NULL, RSA_PKCS1_PADDING, NULL)
                || !fips_pkey_signature_test(&pk, tbs, -1,
-                       NULL, 0, EVP_sha1(), RSA_X931_PADDING, NULL)
+                       NULL, 0, NULL, RSA_X931_PADDING, NULL)
                || !fips_pkey_signature_test(&pk, tbs, -1,
-                       NULL, 0, EVP_sha1(), RSA_PKCS1_PSS_PADDING, NULL))
+                       NULL, 0, NULL, RSA_PKCS1_PSS_PADDING, NULL))
                goto err;
        /* Now perform pairwise consistency encrypt/decrypt test */
        ctbuf = OPENSSL_malloc(RSA_size(rsa));
index 51696b5..6a90328 100644 (file)
@@ -454,6 +454,9 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
        if (tbslen == -1)
                tbslen = strlen((char *)tbs);
 
+       if (digest == NULL)
+               digest = EVP_sha256();
+
        if (!FIPS_digestinit(&mctx, digest))
                goto error;
        if (!FIPS_digestupdate(&mctx, tbs, tbslen))