Update pairwise consistency checks to use SHA-256.

author Dr. Stephen Henson <steve@openssl.org>

Tue, 15 Feb 2011 16:18:18 +0000 (16:18 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 15 Feb 2011 16:18:18 +0000 (16:18 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 15 Feb 2011 16:18:18 +0000 (16:18 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 15 Feb 2011 16:18:18 +0000 (16:18 +0000)
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c

index acc34a586513473aa847503c8497edad40f81ef0..fa4fb09c3196bf223baa532a3116c8f7eee69e89 100644 (file)
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -85,8 +85,7 @@ static int fips_check_dsa(DSA *dsa)
         pk.type = EVP_PKEY_DSA;
         pk.pkey.dsa = dsa;
  
-       if (!fips_pkey_signature_test(&pk, tbs, -1,
-                                       NULL, 0, EVP_sha1(), 0, NULL))
+       if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, NULL, 0, NULL))
                 {
                 FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
                 fips_set_selftest_fail();
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c

index 90d6b3cd7cf1e5a7f2fad84b110a45e3e3cfd780..7bef5dd6bf207feb38e422b9cdeeb602056dd68f 100644 (file)
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -94,11 +94,11 @@ int fips_check_rsa(RSA *rsa)
  
         /* Perform pairwise consistency signature test */
         if (!fips_pkey_signature_test(&pk, tbs, -1,
-                       NULL, 0, EVP_sha1(), RSA_PKCS1_PADDING, NULL)
+                       NULL, 0, NULL, RSA_PKCS1_PADDING, NULL)
                 || !fips_pkey_signature_test(&pk, tbs, -1,
-                       NULL, 0, EVP_sha1(), RSA_X931_PADDING, NULL)
+                       NULL, 0, NULL, RSA_X931_PADDING, NULL)
                 || !fips_pkey_signature_test(&pk, tbs, -1,
-                       NULL, 0, EVP_sha1(), RSA_PKCS1_PSS_PADDING, NULL))
+                       NULL, 0, NULL, RSA_PKCS1_PSS_PADDING, NULL))
                 goto err;
         /* Now perform pairwise consistency encrypt/decrypt test */
         ctbuf = OPENSSL_malloc(RSA_size(rsa));
diff --git a/fips/fips.c b/fips/fips.c

index 51696b5e7cf4fc733d7cb234288510cb93545083..6a90328d7e38f5c9f31947c2c2a5291b434fdcbf 100644 (file)
--- a/fips/fips.c
+++ b/fips/fips.c
@@ -454,6 +454,9 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
         if (tbslen == -1)
                 tbslen = strlen((char *)tbs);
  
+       if (digest == NULL)
+               digest = EVP_sha256();
+
         if (!FIPS_digestinit(&mctx, digest))
                 goto error;
         if (!FIPS_digestupdate(&mctx, tbs, tbslen))
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 15 Feb 2011 16:18:18 +0000 (16:18 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 15 Feb 2011 16:18:18 +0000 (16:18 +0000)
crypto/dsa/dsa_key.c		patch \| blob \| history
crypto/rsa/rsa_gen.c		patch \| blob \| history
fips/fips.c		patch \| blob \| history