To reduce FIPS dependencies don't load error strings and avoid use of ASN1

versions of DSA signature functions.

diff --git a/fips-1.0/dsa/fips_dsa_gen.c b/fips-1.0/dsa/fips_dsa_gen.c
index 8ed1de01959138012f4d1aab1f3190585fd5d21b..cb5eae2ced510363de2bec20775dfb4af29441a6 100644 (file)
--- a/fips-1.0/dsa/fips_dsa_gen.c
+++ b/fips-1.0/dsa/fips_dsa_gen.c
@@ -93,11 +93,18 @@
 static int fips_check_dsa(DSA *dsa)
     {
     static const unsigned char str1[]="12345678901234567890";
-    unsigned char sig[256];
-    unsigned int siglen;
+    int r = 0;
+    DSA_SIG *sig;
 
-    DSA_sign(0, str1, 20, sig, &siglen, dsa);
-    if(DSA_verify(0, str1, 20, sig, siglen, dsa) != 1)
+    sig = DSA_do_sign(str1, 20, dsa);
+
+    if (sig)
+       {
+       r = DSA_do_verify(str1, 20, sig, dsa);
+       DSA_SIG_free(sig);
+       }
+
+    if(r != 1)
        {
        FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
        return 0;

diff --git a/fips-1.0/dsa/fips_dsa_ossl.c b/fips-1.0/dsa/fips_dsa_ossl.c
index f8f3a39343cb1e915fc54435ce5be6f064ed1762..ea1cba2902ea3eaf7341859599995beca32e4b17 100644 (file)
--- a/fips-1.0/dsa/fips_dsa_ossl.c
+++ b/fips-1.0/dsa/fips_dsa_ossl.c
@@ -164,7 +164,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA
                BN_sub(s,s,dsa->q);
        if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
 
-       ret=DSA_SIG_new();
+       ret= DSA_SIG_new();
        if (ret == NULL) goto err;
        ret->r = r;
        ret->s = s;

diff --git a/fips-1.0/dsa/fips_dsa_selftest.c b/fips-1.0/dsa/fips_dsa_selftest.c
index 795fda9587d55f2f4c9b86187840e2b8d0c61efa..91dcfc7326f81fb2bb2c8f8194a732e4e35633cf 100644 (file)
--- a/fips-1.0/dsa/fips_dsa_selftest.c
+++ b/fips-1.0/dsa/fips_dsa_selftest.c
@@ -112,8 +112,8 @@ int FIPS_selftest_dsa()
     int counter,i,j;
     unsigned char buf[256];
     unsigned long h;
-    unsigned char sig[256];
-    unsigned int siglen;
+
+    DSA_SIG *sig = NULL;
 
     dsa=DSA_generate_parameters(512,seed,20,&counter,&h,NULL,NULL);
 
@@ -156,8 +156,18 @@ int FIPS_selftest_dsa()
        return 0;
        }
     DSA_generate_key(dsa);
-    DSA_sign(0, str1, 20, sig, &siglen, dsa);
-    if(DSA_verify(0, str1, 20, sig, siglen, dsa) != 1)
+    sig = DSA_do_sign(str1, 20, dsa);
+
+    if (sig)
+       {
+       i = DSA_do_verify(str1, 20, sig, dsa);
+       DSA_SIG_free(sig);
+       OPENSSL_free(sig);
+       }
+    else
+       i = 0;
+
+    if (i != 1)
        {
        FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
        return 0;

diff --git a/fips-1.0/dsa/fips_dsatest.c b/fips-1.0/dsa/fips_dsatest.c
index 5970b201e9e79bb46dab3f6a22f01ef8f8dd2219..f4cc37b19aaa6944ad378e0333545b1016e41d37 100644 (file)
--- a/fips-1.0/dsa/fips_dsatest.c
+++ b/fips-1.0/dsa/fips_dsatest.c
@@ -140,8 +140,7 @@ int main(int argc, char **argv)
        int counter,ret=0,i,j;
        unsigned char buf[256];
        unsigned long h;
-       unsigned char sig[256];
-       unsigned int siglen;
+       DSA_SIG *sig = NULL;
 
        if (bio_err == NULL)
                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
@@ -157,7 +156,6 @@ int main(int argc, char **argv)
        CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
-       ERR_load_crypto_strings();
        FIPS_set_prng_key(rnd_key1,rnd_key2);
        RAND_seed(rnd_seed, sizeof rnd_seed);
 
@@ -174,7 +172,7 @@ int main(int argc, char **argv)
        BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h);
                
        if (dsa == NULL) goto end;
-       DSA_print(bio_err,dsa,0);
+       /*DSA_print(bio_err,dsa,0);*/
        if (counter != 105) 
                {
                BIO_printf(bio_err,"counter should be 105\n");
@@ -210,8 +208,17 @@ int main(int argc, char **argv)
                goto end;
                }
        DSA_generate_key(dsa);
-       DSA_sign(0, str1, 20, sig, &siglen, dsa);
-       if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+
+       sig = DSA_do_sign(str1, 20, dsa);
+
+       if (sig)
+               {       
+               i = DSA_do_verify(str1, 20, sig, dsa);
+               DSA_SIG_free(sig);
+               }
+       else
+               i = 0;
+       if (i == 1)
                ret=1;
 end:
        if (!ret)

diff --git a/fips-1.0/dsa/fips_dssvs.c b/fips-1.0/dsa/fips_dssvs.c
index fe4e54f28700cb343993e7a3655073b1a10a5dca..f234906ebd2d8a91aa873d2d996267227b3db466 100644 (file)
--- a/fips-1.0/dsa/fips_dssvs.c
+++ b/fips-1.0/dsa/fips_dssvs.c
@@ -301,7 +301,10 @@ void sigver()
     char *keyword, *value;
     int nmod=0;
     unsigned char hash[20];
-    DSA_SIG *sig=DSA_SIG_new();
+    DSA_SIG sg, *sig = &sg;
+
+    sig->r = NULL;
+    sig->s = NULL;
 
     while(fgets(buf,sizeof buf,stdin) != NULL)
        {
@@ -367,7 +370,6 @@ int main(int argc,char **argv)
        }
     if(!FIPS_mode_set(1))
        {
-       ERR_load_crypto_strings();
        ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
        exit(1);
        }

diff --git a/fips-1.0/fips.c b/fips-1.0/fips.c
index bb833bfa2ce23d691ec2042769351035dd2e74c4..d2d35be52821effa2e706b0007d83208ced66c1e 100644 (file)
--- a/fips-1.0/fips.c
+++ b/fips-1.0/fips.c
@@ -135,7 +135,6 @@ int FIPS_selftest_failed(void)
 
 int FIPS_selftest()
     {
-    ERR_load_crypto_strings();
 
     return FIPS_selftest_sha1()
        && FIPS_selftest_hmac()

diff --git a/fips-1.0/fips_test_suite.c b/fips-1.0/fips_test_suite.c
index 53bf1ab5b6602bda5c5bfc5bca3233e64f142fcd..bd02133b6e494b9a358bd4a0e5f4733bea0ae7c3 100644 (file)
--- a/fips-1.0/fips_test_suite.c
+++ b/fips-1.0/fips_test_suite.c
@@ -85,8 +85,8 @@ static int FIPS_dsa_test()
     {
     DSA *dsa = NULL;
     unsigned char dgst[] = "etaonrishdlc";
-    unsigned char sig[256];
-    unsigned int siglen;
+    DSA_SIG *sig = NULL;
+    int r = 0;
 
     ERR_clear_error();
     dsa = DSA_generate_parameters(512,NULL,0,NULL,NULL,NULL,NULL);
@@ -94,9 +94,13 @@ static int FIPS_dsa_test()
        return 0;
     if (!DSA_generate_key(dsa))
        return 0;
-    if ( DSA_sign(0,dgst,sizeof(dgst) - 1,sig,&siglen,dsa) != 1 )
-       return 0;
-    if ( DSA_verify(0,dgst,sizeof(dgst) - 1,sig,siglen,dsa) != 1 )
+    sig = DSA_do_sign(dgst,sizeof(dgst) - 1,dsa);
+    if (sig)
+       {
+       r = DSA_do_verify(dgst,sizeof(dgst) - 1,sig,dsa);
+       DSA_SIG_free(sig);
+       }
+    if (r != 1)
        return 0;
     DSA_free(dsa);
     return 1;
@@ -380,7 +384,6 @@ int main(int argc,char **argv)
         }
         if (!FIPS_mode_set(1))
            {
-           ERR_load_crypto_strings();
            ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
             printf("Power-up self test failed\n");
            exit(1);
@@ -401,7 +404,6 @@ int main(int argc,char **argv)
     printf("2. Automatic power-up self test...");
     if (!FIPS_mode_set(1))
        {
-       ERR_load_crypto_strings();
        ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
         printf(Fail("FAILED!\n"));
        exit(1);

diff --git a/fips-1.0/hmac/fips_hmactest.c b/fips-1.0/hmac/fips_hmactest.c
index e26e33ee3f34ed80041bf4b7058762dc9a52b6b9..267db73b6aa33fa1b9bee5a36569d97bd262cebd 100644 (file)
--- a/fips-1.0/hmac/fips_hmactest.c
+++ b/fips-1.0/hmac/fips_hmactest.c
@@ -86,8 +86,6 @@ int main(int argc, char **argv)
 
        int ret = 1;
 
-       ERR_load_crypto_strings();
-
        err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
        if (!err)

diff --git a/fips-1.0/rand/fips_randtest.c b/fips-1.0/rand/fips_randtest.c
index 6165944e56f39711d8ac5ed01a50aaab3caafd83..f7e4d836346a6e4086a76d0a841ecaffb22373e5 100644 (file)
--- a/fips-1.0/rand/fips_randtest.c
+++ b/fips-1.0/rand/fips_randtest.c
@@ -217,7 +217,6 @@ int main()
        /*double d; */
        long d;
 
-       ERR_load_crypto_strings();
        RAND_set_rand_method(FIPS_rand_method());
 
        run_test(&t1);

diff --git a/fips-1.0/rand/fips_rngvs.c b/fips-1.0/rand/fips_rngvs.c
index fdb38a5c82d6e1cf7d7e3caa04f6cfb325499296..0a56b828f20e2307e3299777ff11591b202686e9 100644 (file)
--- a/fips-1.0/rand/fips_rngvs.c
+++ b/fips-1.0/rand/fips_rngvs.c
@@ -254,7 +254,6 @@ int main(int argc,char **argv)
        }
     if(!FIPS_mode_set(1))
        {
-       ERR_load_crypto_strings();
        ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
        exit(1);
        }

diff --git a/fips-1.0/rsa/fips_rsagtest.c b/fips-1.0/rsa/fips_rsagtest.c
index fdeb05c98ba79f0e9ddf6b6604bca75b0fe02d1d..3567b8c30fa3306b531f36eb9dd53a5eef444163 100644 (file)
--- a/fips-1.0/rsa/fips_rsagtest.c
+++ b/fips-1.0/rsa/fips_rsagtest.c
@@ -93,7 +93,6 @@ int main(int argc, char **argv)
        BIO *in = NULL, *out = NULL, *err = NULL;
 
        int ret = 1;
-       ERR_load_crypto_strings();
 
        err = BIO_new_fp(stderr, BIO_NOCLOSE);
 

diff --git a/fips-1.0/rsa/fips_rsastest.c b/fips-1.0/rsa/fips_rsastest.c
index c002065b11584399739e9035abf0400a19f3bc3e..9152311bda169741bb7b95d76b65c5f78789acca 100644 (file)
--- a/fips-1.0/rsa/fips_rsastest.c
+++ b/fips-1.0/rsa/fips_rsastest.c
@@ -84,7 +84,6 @@ int main(int argc, char **argv)
        BIO *in = NULL, *out = NULL, *err = NULL;
 
        int ret = 1, Saltlen = -1;
-       ERR_load_crypto_strings();
 
        err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
@@ -326,15 +325,12 @@ static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,
        unsigned char *sigbuf = NULL;
        int i, siglen;
        /* EVP_PKEY structure */
-       EVP_PKEY *key = NULL;
+       EVP_PKEY pk;
        EVP_MD_CTX ctx;
-       key = EVP_PKEY_new();
-       if (!key)
-               goto error;
-       if (!EVP_PKEY_set1_RSA(key, rsa))
-               goto error;
+       pk.type = EVP_PKEY_RSA;
+       pk.pkey.rsa = rsa;
 
-       siglen = EVP_PKEY_size(key);
+       siglen = RSA_size(rsa);
        sigbuf = OPENSSL_malloc(siglen);
        if (!sigbuf)
                goto error;
@@ -378,7 +374,7 @@ static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,
                        goto error;
                if (!EVP_SignUpdate(&ctx, Msg, Msglen))
                        goto error;
-               if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, key))
+               if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, &pk))
                        goto error;
                }
 
@@ -394,8 +390,6 @@ static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,
        ret = 1;
 
        error:
-       if (key)
-               EVP_PKEY_free(key);
 
        return ret;
        }

diff --git a/fips-1.0/rsa/fips_rsavtest.c b/fips-1.0/rsa/fips_rsavtest.c
index 8be7e989d7ae89380bcfe63f16ded3a7936b33f3..f75aaabf03a46f018591eaf5b3d421002abcee48 100644 (file)
--- a/fips-1.0/rsa/fips_rsavtest.c
+++ b/fips-1.0/rsa/fips_rsavtest.c
@@ -88,7 +88,6 @@ int main(int argc, char **argv)
 
        int ret = 1;
        int Saltlen = -1;
-       ERR_load_crypto_strings();
 
        err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
@@ -330,19 +329,18 @@ static int rsa_printver(BIO *err, BIO *out,
        int ret = 0, r;
        /* Setup RSA and EVP_PKEY structures */
        RSA *rsa_pubkey = NULL;
-       EVP_PKEY *pubkey = NULL;
+       EVP_PKEY pk;
        EVP_MD_CTX ctx;
        unsigned char *buf = NULL;
        rsa_pubkey = RSA_new();
-       pubkey = EVP_PKEY_new();
-       if (!rsa_pubkey || !pubkey)
+       if (!rsa_pubkey)
                goto error;
        rsa_pubkey->n = BN_dup(n);
        rsa_pubkey->e = BN_dup(e);
        if (!rsa_pubkey->n || !rsa_pubkey->e)
                goto error;
-       if (!EVP_PKEY_set1_RSA(pubkey, rsa_pubkey))
-               goto error;
+       pk.type = EVP_PKEY_RSA;
+       pk.pkey.rsa = rsa_pubkey;
 
        EVP_MD_CTX_init(&ctx);
 
@@ -395,7 +393,7 @@ static int rsa_printver(BIO *err, BIO *out,
                if (!EVP_VerifyUpdate(&ctx, Msg, Msglen))
                        goto error;
 
-               r = EVP_VerifyFinal(&ctx, S, Slen, pubkey);
+               r = EVP_VerifyFinal(&ctx, S, Slen, &pk);
 
                }
 
@@ -415,8 +413,6 @@ static int rsa_printver(BIO *err, BIO *out,
        error:
        if (rsa_pubkey)
                RSA_free(rsa_pubkey);
-       if (pubkey)
-               EVP_PKEY_free(pubkey);
        if (buf)
                OPENSSL_free(buf);
 

diff --git a/fips-1.0/sha/fips_shatest.c b/fips-1.0/sha/fips_shatest.c
index 314a4b0da736da37555f518a4f765c3c94a8853d..9ef0fa9e436d40d70dd246109583bb8b75015523 100644 (file)
--- a/fips-1.0/sha/fips_shatest.c
+++ b/fips-1.0/sha/fips_shatest.c
@@ -86,8 +86,6 @@ int main(int argc, char **argv)
 
        int ret = 1;
 
-       ERR_load_crypto_strings();
-
        err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
        if (!err)