Detect symmetric crypto errors in PKCS7_decrypt.

[oweals/openssl.git] / crypto / dsa / dsa_ossl.c

diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 1b416901b43f8d6feff6c3748b86ad2e70658b1c..38b4f06012c8dacb91d72cc0ac6a43e539492e87 100644 (file)
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -58,6 +58,8 @@
 
 /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
 
+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
@@ -65,6 +67,9 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -82,7 +87,7 @@ NULL, /* dsa_mod_exp, */
 NULL, /* dsa_bn_mod_exp, */
 dsa_init,
 dsa_finish,
-0,
+DSA_FLAG_FIPS_METHOD,
 NULL,
 NULL,
 NULL
@@ -138,6 +143,23 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        DSA_SIG *ret=NULL;
        int noredo = 0;
 
+#ifdef OPENSSL_FIPS
+       if(FIPS_selftest_failed())
+           {
+           FIPSerr(FIPS_F_DSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
+           return NULL;
+           }
+
+       if (FIPS_module_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) 
+               && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
+               {
+               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
+               return NULL;
+               }
+       if (!fips_check_dsa_prng(dsa, 0, 0))
+               goto err;
+#endif
+
        BN_init(&m);
        BN_init(&xr);
 
@@ -149,21 +171,12 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 
        s=BN_new();
        if (s == NULL) goto err;
-
-       /* reject a excessive digest length (currently at most
-        * dsa-with-SHA256 is supported) */
-       if (dlen > SHA256_DIGEST_LENGTH)
-               {
-               reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
-               goto err;
-               }
-
        ctx=BN_CTX_new();
        if (ctx == NULL) goto err;
 redo:
        if ((dsa->kinv == NULL) || (dsa->r == NULL))
                {
-               if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
+               if (!dsa->meth->dsa_sign_setup(dsa,ctx,&kinv,&r)) goto err;
                }
        else
                {
@@ -189,7 +202,6 @@ redo:
        if (BN_cmp(s,dsa->q) > 0)
                if (!BN_sub(s,s,dsa->q)) goto err;
        if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
-
        ret=DSA_SIG_new();
        if (ret == NULL) goto err;
        /* Redo if r or s is zero as required by FIPS 186-3: this is
@@ -334,20 +346,26 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                return -1;
                }
 
-       if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
+#ifdef OPENSSL_FIPS
+       if(FIPS_selftest_failed())
+           {
+           FIPSerr(FIPS_F_DSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
+           return -1;
+           }
+
+       if (FIPS_module_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) 
+               && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
                {
-               DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
+               DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);
                return -1;
                }
+#endif
 
-       /* reject a excessive digest length (currently at most
-        * dsa-with-SHA256 is supported) */
-       if (dgst_len > SHA256_DIGEST_LENGTH)
+       if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
                {
-               DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+               DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
                return -1;
                }
-
        BN_init(&u1);
        BN_init(&u2);
        BN_init(&t1);