From: Dr. Stephen Henson Date: Tue, 1 Feb 2011 12:54:04 +0000 (+0000) Subject: Since FIPS 186-3 specifies we use the leftmost bits of the digest X-Git-Tag: OpenSSL_1_0_0d~4 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a677c87b7be0e9e6099b1a84acb46245b53a9ec4;p=oweals%2Fopenssl.git Since FIPS 186-3 specifies we use the leftmost bits of the digest we shouldn't reject digest lengths larger than SHA256: the FIPS algorithm tests include SHA384 and SHA512 tests. --- diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 1fb665ec57..a3ddd7d281 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -148,15 +148,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) s=BN_new(); if (s == NULL) goto err; - - /* reject a excessive digest length (currently at most - * dsa-with-SHA256 is supported) */ - if (dlen > SHA256_DIGEST_LENGTH) - { - reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; - goto err; - } - ctx=BN_CTX_new(); if (ctx == NULL) goto err; @@ -325,15 +316,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); return -1; } - - /* reject a excessive digest length (currently at most - * dsa-with-SHA256 is supported) */ - if (dgst_len > SHA256_DIGEST_LENGTH) - { - DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return -1; - } - BN_init(&u1); BN_init(&u2); BN_init(&t1);