Update RSA selftest code to use a 2048 bit RSA and only a single KAT

[openssl.git] / fips / rsa / fips_rsa_sign.c

diff --git a/fips/rsa/fips_rsa_sign.c b/fips/rsa/fips_rsa_sign.c
index fc5c28d8a0fc5f2b29c06a69a4bec09bc5c5414c..46d0d4061a0c911d3b7fae8d10104c84e871b1bd 100644 (file)
--- a/fips/rsa/fips_rsa_sign.c
+++ b/fips/rsa/fips_rsa_sign.c
@@ -197,7 +197,7 @@ int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx,
        {
        unsigned int md_len, rv;
        unsigned char md[EVP_MAX_MD_SIZE];
-        EVP_DigestFinal_ex(ctx, md, &md_len);
+        FIPS_digestfinal(ctx, md, &md_len);
        rv = FIPS_rsa_sign_digest(rsa, md, md_len,
                                        M_EVP_MD_CTX_md(ctx),
                                        rsa_pad_mode, saltlen,
@@ -219,6 +219,8 @@ int FIPS_rsa_sign_digest(RSA *rsa, const unsigned char *md, int md_len,
        /* Largest DigestInfo: 19 (max encoding) + max MD */
        unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
 
+       FIPS_selftest_check();
+
        md_type = M_EVP_MD_type(mhash);
 
        if (rsa_pad_mode == RSA_X931_PADDING)
@@ -300,7 +302,7 @@ int FIPS_rsa_verify_ctx(RSA *rsa, EVP_MD_CTX *ctx,
        {
        unsigned int md_len, rv;
        unsigned char md[EVP_MAX_MD_SIZE];
-        EVP_DigestFinal_ex(ctx, md, &md_len);
+        FIPS_digestfinal(ctx, md, &md_len);
        rv = FIPS_rsa_verify_digest(rsa, md, md_len, M_EVP_MD_CTX_md(ctx),
                                        rsa_pad_mode, saltlen, mgf1Hash,
                                        sigbuf, siglen);
@@ -326,6 +328,8 @@ int FIPS_rsa_verify_digest(RSA *rsa, const unsigned char *dig, int diglen,
                return(0);
                }
 
+       FIPS_selftest_check();
+
        md_type = M_EVP_MD_type(mhash);
 
        s= OPENSSL_malloc((unsigned int)siglen);