From: Dr. Stephen Henson Date: Tue, 15 Feb 2011 16:18:18 +0000 (+0000) Subject: Update pairwise consistency checks to use SHA-256. X-Git-Tag: OpenSSL-fips-2_0-rc1~740 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=225a9e296b9c0bb57208241d9bcb7be79a9b8b12;p=oweals%2Fopenssl.git Update pairwise consistency checks to use SHA-256. --- diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index acc34a5865..fa4fb09c31 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -85,8 +85,7 @@ static int fips_check_dsa(DSA *dsa) pk.type = EVP_PKEY_DSA; pk.pkey.dsa = dsa; - if (!fips_pkey_signature_test(&pk, tbs, -1, - NULL, 0, EVP_sha1(), 0, NULL)) + if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, NULL, 0, NULL)) { FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED); fips_set_selftest_fail(); diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 90d6b3cd7c..7bef5dd6bf 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -94,11 +94,11 @@ int fips_check_rsa(RSA *rsa) /* Perform pairwise consistency signature test */ if (!fips_pkey_signature_test(&pk, tbs, -1, - NULL, 0, EVP_sha1(), RSA_PKCS1_PADDING, NULL) + NULL, 0, NULL, RSA_PKCS1_PADDING, NULL) || !fips_pkey_signature_test(&pk, tbs, -1, - NULL, 0, EVP_sha1(), RSA_X931_PADDING, NULL) + NULL, 0, NULL, RSA_X931_PADDING, NULL) || !fips_pkey_signature_test(&pk, tbs, -1, - NULL, 0, EVP_sha1(), RSA_PKCS1_PSS_PADDING, NULL)) + NULL, 0, NULL, RSA_PKCS1_PSS_PADDING, NULL)) goto err; /* Now perform pairwise consistency encrypt/decrypt test */ ctbuf = OPENSSL_malloc(RSA_size(rsa)); diff --git a/fips/fips.c b/fips/fips.c index 51696b5e7c..6a90328d7e 100644 --- a/fips/fips.c +++ b/fips/fips.c @@ -454,6 +454,9 @@ int fips_pkey_signature_test(EVP_PKEY *pkey, if (tbslen == -1) tbslen = strlen((char *)tbs); + if (digest == NULL) + digest = EVP_sha256(); + if (!FIPS_digestinit(&mctx, digest)) goto error; if (!FIPS_digestupdate(&mctx, tbs, tbslen))