X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fdsa%2Fdsa_key.c;h=a3adb2fdde552495e9c05de75e4a8858663ed4b5;hb=c0d439019460def565bb115ecef749833eb4c299;hp=39cf6b790db2d875b7d8873a4b9c1deb6a39a8ff;hpb=ac892b7aa6532e0345e430208335403ead5d2de1;p=oweals%2Fopenssl.git

diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index 39cf6b790d..a3adb2fdde 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#define OPENSSL_FIPSAPI
+
 
 #include <stdio.h>
 #include <time.h>
@@ -66,37 +66,6 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 
-#ifdef OPENSSL_FIPS
-
-#include <openssl/fips.h>
-#include <openssl/evp.h>
-
-static int fips_dsa_pairwise_fail = 0;
-
-void FIPS_corrupt_dsa_keygen(void)
-	{
-	fips_dsa_pairwise_fail = 1;
-	}
-
-static int fips_check_dsa(DSA *dsa)
-	{
-	EVP_PKEY pk;
-	unsigned char tbs[] = "DSA Pairwise Check Data";
-    	pk.type = EVP_PKEY_DSA;
-    	pk.pkey.dsa = dsa;
-
-	if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE,
-					&pk, tbs, -1, NULL, 0, NULL, 0, NULL))
-		{
-		FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
-		fips_set_selftest_fail();
-		return 0;
-		}
-	return 1;
-	}
-
-#endif
-
 static int dsa_builtin_keygen(DSA *dsa);
 
 int DSA_generate_key(DSA *dsa)
@@ -112,14 +81,6 @@ static int dsa_builtin_keygen(DSA *dsa)
 	BN_CTX *ctx=NULL;
 	BIGNUM *pub_key=NULL,*priv_key=NULL;
 
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
-		{
-		DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
-		goto err;
-		}
-#endif
-
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
 
 	if (dsa->priv_key == NULL)
@@ -141,33 +102,28 @@ static int dsa_builtin_keygen(DSA *dsa)
 		pub_key=dsa->pub_key;
 	
 	{
-		BIGNUM local_prk;
+		BIGNUM *local_prk = NULL;
 		BIGNUM *prk;
 
 		if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
 			{
-			BN_init(&local_prk);
-			prk = &local_prk;
+			local_prk = prk = BN_new();
+			if(!local_prk) goto err;
 			BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
 			}
 		else
 			prk = priv_key;
 
-		if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
+		if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx))
+			{
+			if (local_prk != NULL) BN_free(local_prk);
+			goto err;
+			}
+		if (local_prk != NULL) BN_free(local_prk);
 	}
 
 	dsa->priv_key=priv_key;
 	dsa->pub_key=pub_key;
-#ifdef OPENSSL_FIPS
-	if (fips_dsa_pairwise_fail)
-		BN_add_word(dsa->pub_key, 1);
-	if(!fips_check_dsa(dsa))
-		{
-		dsa->pub_key = NULL;
-		dsa->priv_key = NULL;
-	    	goto err;
-		}
-#endif
 	ok=1;
 
 err: