return 80;
if (L == 2048 && (N == 224 || N == 256))
return 112;
- if (L == 2048 && N == 256)
- return 112;
if (L == 3072 && N == 256)
return 128;
}
EVP_MD_CTX *mctx = NULL;
int mdsize;
+ mdsize = EVP_MD_size(evpmd);
+ if (mdsize <= 0)
+ return 0;
+
mctx = EVP_MD_CTX_new();
if (mctx == NULL)
- goto err;
+ return 0;
- mdsize = EVP_MD_size(evpmd);
- if (mdsize <= 0)
- goto err;
/*
* A.2.3 Step (4) & (5)
* A.2.4 Step (6) & (7)
|| !EVP_DigestFinal_ex(mctx, md, NULL)
|| (BN_bin2bn(md, mdsize, tmp) == NULL)
|| !BN_mod_exp_mont(g, tmp, e, p, ctx, mont))
- return 0;
+ break; /* exit on failure */
/*
* A.2.3 Step (10)
* A.2.4 Step (12)
break; /* found g */
}
}
-err:
EVP_MD_CTX_free(mctx);
return ret;
}
* - FFC_PARAMS_RET_STATUS_UNVERIFIABLE_G if the validation of G succeeded,
* but G is unverifiable.
*/
-int ffc_param_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
- int type, size_t L, size_t N,
- const EVP_MD *evpmd, int validate_flags,
- int *res, BN_GENCB *cb)
+int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
+ int type, size_t L, size_t N,
+ const EVP_MD *evpmd, int validate_flags,
+ int *res, BN_GENCB *cb)
{
int ok = FFC_PARAMS_RET_STATUS_FAILED;
unsigned char *seed = NULL, *seed_tmp = NULL;
BIGNUM *g = NULL, *q = NULL, *p = NULL;
BN_MONT_CTX *mont = NULL;
int n = 0, m = 0, qsize = N >> 3;
- int canonical_g = 0, hret = -1;
+ int canonical_g = 0, hret = 0;
BN_CTX *ctx = NULL;
EVP_MD_CTX *mctx = NULL;
int generate = (validate_flags == 0);
if (seed != params->seed)
OPENSSL_free(seed);
OPENSSL_free(seed_tmp);
- if (ctx)
+ if (ctx != NULL)
BN_CTX_end(ctx);
BN_CTX_free(ctx);
BN_MONT_CTX_free(mont);
return ok;
}
-int ffc_param_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
- int type, size_t L, size_t N,
- const EVP_MD *evpmd, int validate_flags,
- int *res, BN_GENCB *cb)
+int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
+ int type, size_t L, size_t N,
+ const EVP_MD *evpmd, int validate_flags,
+ int *res, BN_GENCB *cb)
{
int ok = FFC_PARAMS_RET_STATUS_FAILED;
unsigned char seed[SHA256_DIGEST_LENGTH];
EVP_MD *evpmd_fetch = NULL;
*res = 0;
-#ifdef FIPS_MODE
+#ifdef FIPS_MODULE
/*
* FIPS 186-4 states that validation can only be done for this pair.
* (Even though the original spec allowed L = 512 + 64*j (j = 0.. 8))
int type, size_t L, size_t N,
const EVP_MD *evpmd, int *res, BN_GENCB *cb)
{
- return ffc_param_FIPS186_4_gen_verify(libctx, params, type, L, N, evpmd, 0,
- res, cb);
+ return ffc_params_FIPS186_4_gen_verify(libctx, params, type, L, N, evpmd, 0,
+ res, cb);
}
/* This should no longer be used in FIPS mode */
int type, size_t L, size_t N,
const EVP_MD *evpmd, int *res, BN_GENCB *cb)
{
- return ffc_param_FIPS186_2_gen_verify(libctx, params, type, L, N, evpmd,
- 0, res, cb);
-}
-
-/* TODO(3.0) - Add this in another PR - just add a stub for now */
-int ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont,
- const BIGNUM *p, const BIGNUM *q,
- const BIGNUM *g, BIGNUM *tmp, int *ret)
-{
- return 1;
+ return ffc_params_FIPS186_2_gen_verify(libctx, params, type, L, N, evpmd,
+ 0, res, cb);
}