diff options
Diffstat (limited to '')
-rw-r--r-- | src/lib/libcrypto/dsa/dsa_key.c (renamed from src/lib/libssl/src/fips/dsa/fips_dsa_key.c) | 43 |
1 files changed, 1 insertions, 42 deletions
diff --git a/src/lib/libssl/src/fips/dsa/fips_dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c index b5f8cfa1d0..c4aa86bc6d 100644 --- a/src/lib/libssl/src/fips/dsa/fips_dsa_key.c +++ b/src/lib/libcrypto/dsa/dsa_key.c | |||
@@ -58,43 +58,14 @@ | |||
58 | 58 | ||
59 | #include <stdio.h> | 59 | #include <stdio.h> |
60 | #include <time.h> | 60 | #include <time.h> |
61 | #include "cryptlib.h" | ||
61 | #ifndef OPENSSL_NO_SHA | 62 | #ifndef OPENSSL_NO_SHA |
62 | #include <openssl/bn.h> | 63 | #include <openssl/bn.h> |
63 | #include <openssl/dsa.h> | 64 | #include <openssl/dsa.h> |
64 | #include <openssl/rand.h> | 65 | #include <openssl/rand.h> |
65 | #include <openssl/err.h> | ||
66 | #include <openssl/evp.h> | ||
67 | #include <openssl/fips.h> | ||
68 | #include "fips_locl.h" | ||
69 | |||
70 | #ifdef OPENSSL_FIPS | ||
71 | |||
72 | static int fips_dsa_pairwise_fail = 0; | ||
73 | |||
74 | void FIPS_corrupt_dsa_keygen(void) | ||
75 | { | ||
76 | fips_dsa_pairwise_fail = 1; | ||
77 | } | ||
78 | 66 | ||
79 | static int dsa_builtin_keygen(DSA *dsa); | 67 | static int dsa_builtin_keygen(DSA *dsa); |
80 | 68 | ||
81 | int fips_check_dsa(DSA *dsa) | ||
82 | { | ||
83 | EVP_PKEY pk; | ||
84 | unsigned char tbs[] = "DSA Pairwise Check Data"; | ||
85 | pk.type = EVP_PKEY_DSA; | ||
86 | pk.pkey.dsa = dsa; | ||
87 | |||
88 | if (!fips_pkey_signature_test(&pk, tbs, -1, | ||
89 | NULL, 0, EVP_dss1(), 0, NULL)) | ||
90 | { | ||
91 | FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED); | ||
92 | fips_set_selftest_fail(); | ||
93 | return 0; | ||
94 | } | ||
95 | return 1; | ||
96 | } | ||
97 | |||
98 | int DSA_generate_key(DSA *dsa) | 69 | int DSA_generate_key(DSA *dsa) |
99 | { | 70 | { |
100 | if(dsa->meth->dsa_keygen) | 71 | if(dsa->meth->dsa_keygen) |
@@ -108,12 +79,6 @@ static int dsa_builtin_keygen(DSA *dsa) | |||
108 | BN_CTX *ctx=NULL; | 79 | BN_CTX *ctx=NULL; |
109 | BIGNUM *pub_key=NULL,*priv_key=NULL; | 80 | BIGNUM *pub_key=NULL,*priv_key=NULL; |
110 | 81 | ||
111 | if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) | ||
112 | { | ||
113 | DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL); | ||
114 | goto err; | ||
115 | } | ||
116 | |||
117 | if ((ctx=BN_CTX_new()) == NULL) goto err; | 82 | if ((ctx=BN_CTX_new()) == NULL) goto err; |
118 | 83 | ||
119 | if (dsa->priv_key == NULL) | 84 | if (dsa->priv_key == NULL) |
@@ -152,10 +117,6 @@ static int dsa_builtin_keygen(DSA *dsa) | |||
152 | 117 | ||
153 | dsa->priv_key=priv_key; | 118 | dsa->priv_key=priv_key; |
154 | dsa->pub_key=pub_key; | 119 | dsa->pub_key=pub_key; |
155 | if (fips_dsa_pairwise_fail) | ||
156 | BN_add_word(dsa->pub_key, 1); | ||
157 | if(!fips_check_dsa(dsa)) | ||
158 | goto err; | ||
159 | ok=1; | 120 | ok=1; |
160 | 121 | ||
161 | err: | 122 | err: |
@@ -165,5 +126,3 @@ err: | |||
165 | return(ok); | 126 | return(ok); |
166 | } | 127 | } |
167 | #endif | 128 | #endif |
168 | |||
169 | #endif | ||