summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa/dsa_key.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/dsa/dsa_key.c (renamed from src/lib/libssl/src/fips/dsa/fips_dsa_key.c)43
1 files changed, 1 insertions, 42 deletions
diff --git a/src/lib/libssl/src/fips/dsa/fips_dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index b5f8cfa1d0..c4aa86bc6d 100644
--- a/src/lib/libssl/src/fips/dsa/fips_dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -58,43 +58,14 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include <time.h> 60#include <time.h>
61#include "cryptlib.h"
61#ifndef OPENSSL_NO_SHA 62#ifndef OPENSSL_NO_SHA
62#include <openssl/bn.h> 63#include <openssl/bn.h>
63#include <openssl/dsa.h> 64#include <openssl/dsa.h>
64#include <openssl/rand.h> 65#include <openssl/rand.h>
65#include <openssl/err.h>
66#include <openssl/evp.h>
67#include <openssl/fips.h>
68#include "fips_locl.h"
69
70#ifdef OPENSSL_FIPS
71
72static int fips_dsa_pairwise_fail = 0;
73
74void FIPS_corrupt_dsa_keygen(void)
75 {
76 fips_dsa_pairwise_fail = 1;
77 }
78 66
79static int dsa_builtin_keygen(DSA *dsa); 67static int dsa_builtin_keygen(DSA *dsa);
80 68
81int fips_check_dsa(DSA *dsa)
82 {
83 EVP_PKEY pk;
84 unsigned char tbs[] = "DSA Pairwise Check Data";
85 pk.type = EVP_PKEY_DSA;
86 pk.pkey.dsa = dsa;
87
88 if (!fips_pkey_signature_test(&pk, tbs, -1,
89 NULL, 0, EVP_dss1(), 0, NULL))
90 {
91 FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
92 fips_set_selftest_fail();
93 return 0;
94 }
95 return 1;
96 }
97
98int DSA_generate_key(DSA *dsa) 69int DSA_generate_key(DSA *dsa)
99 { 70 {
100 if(dsa->meth->dsa_keygen) 71 if(dsa->meth->dsa_keygen)
@@ -108,12 +79,6 @@ static int dsa_builtin_keygen(DSA *dsa)
108 BN_CTX *ctx=NULL; 79 BN_CTX *ctx=NULL;
109 BIGNUM *pub_key=NULL,*priv_key=NULL; 80 BIGNUM *pub_key=NULL,*priv_key=NULL;
110 81
111 if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
112 {
113 DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
114 goto err;
115 }
116
117 if ((ctx=BN_CTX_new()) == NULL) goto err; 82 if ((ctx=BN_CTX_new()) == NULL) goto err;
118 83
119 if (dsa->priv_key == NULL) 84 if (dsa->priv_key == NULL)
@@ -152,10 +117,6 @@ static int dsa_builtin_keygen(DSA *dsa)
152 117
153 dsa->priv_key=priv_key; 118 dsa->priv_key=priv_key;
154 dsa->pub_key=pub_key; 119 dsa->pub_key=pub_key;
155 if (fips_dsa_pairwise_fail)
156 BN_add_word(dsa->pub_key, 1);
157 if(!fips_check_dsa(dsa))
158 goto err;
159 ok=1; 120 ok=1;
160 121
161err: 122err:
@@ -165,5 +126,3 @@ err:
165 return(ok); 126 return(ok);
166 } 127 }
167#endif 128#endif
168
169#endif