generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

To reduce FIPS dependencies don't load error strings and avoid use of ASN1

Browse Source 
versions of DSA signature functions.
This commit is contained in:
Dr. Stephen Henson
2007-01-23 17:51:08 +00:00
parent ab8c8aa404
commit 1f1790d15b
14 changed files with 62 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
fips-1.0/dsa/fips_dsa_gen.c
View File

@@ -93,11 +93,18 @@
static int fips_check_dsa(DSA *dsa) static int fips_check_dsa(DSA *dsa)
{ {
static const unsigned char str1[]="12345678901234567890"; static const unsigned char str1[]="12345678901234567890";
unsigned char sig[256]; int r = 0;
unsigned int siglen; DSA_SIG *sig;
DSA_sign(0, str1, 20, sig, &siglen, dsa); sig = DSA_do_sign(str1, 20, dsa);
if(DSA_verify(0, str1, 20, sig, siglen, dsa) != 1)
if (sig)
{
r = DSA_do_verify(str1, 20, sig, dsa);
DSA_SIG_free(sig);
}
if(r != 1)
{ {
FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED); FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
return 0; return 0;

2
fips-1.0/dsa/fips_dsa_ossl.c
View File

@@ -164,7 +164,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA
BN_sub(s,s,dsa->q); BN_sub(s,s,dsa->q);
if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
ret=DSA_SIG_new(); ret= DSA_SIG_new();
if (ret == NULL) goto err; if (ret == NULL) goto err;
ret->r = r; ret->r = r;
ret->s = s; ret->s = s;

18
fips-1.0/dsa/fips_dsa_selftest.c
View File

@@ -112,8 +112,8 @@ int FIPS_selftest_dsa()
int counter,i,j; int counter,i,j;
unsigned char buf[256]; unsigned char buf[256];
unsigned long h; unsigned long h;
unsigned char sig[256];
unsigned int siglen; DSA_SIG *sig = NULL;
dsa=DSA_generate_parameters(512,seed,20,&counter,&h,NULL,NULL); dsa=DSA_generate_parameters(512,seed,20,&counter,&h,NULL,NULL);
@@ -156,8 +156,18 @@ int FIPS_selftest_dsa()
return 0; return 0;
} }
DSA_generate_key(dsa); DSA_generate_key(dsa);
DSA_sign(0, str1, 20, sig, &siglen, dsa); sig = DSA_do_sign(str1, 20, dsa);
if(DSA_verify(0, str1, 20, sig, siglen, dsa) != 1)
if (sig)
{
i = DSA_do_verify(str1, 20, sig, dsa);
DSA_SIG_free(sig);
OPENSSL_free(sig);
}
else
i = 0;
if (i != 1)
{ {
FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED); FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
return 0; return 0;

19
fips-1.0/dsa/fips_dsatest.c
View File

@@ -140,8 +140,7 @@ int main(int argc, char **argv)
int counter,ret=0,i,j; int counter,ret=0,i,j;
unsigned char buf[256]; unsigned char buf[256];
unsigned long h; unsigned long h;
unsigned char sig[256]; DSA_SIG *sig = NULL;
unsigned int siglen;
if (bio_err == NULL) if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
@@ -157,7 +156,6 @@ int main(int argc, char **argv)
CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
ERR_load_crypto_strings();
FIPS_set_prng_key(rnd_key1,rnd_key2); FIPS_set_prng_key(rnd_key1,rnd_key2);
RAND_seed(rnd_seed, sizeof rnd_seed); RAND_seed(rnd_seed, sizeof rnd_seed);
@@ -174,7 +172,7 @@ int main(int argc, char **argv)
BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h); BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h);
if (dsa == NULL) goto end; if (dsa == NULL) goto end;
DSA_print(bio_err,dsa,0); /*DSA_print(bio_err,dsa,0);*/
if (counter != 105) if (counter != 105)
{ {
BIO_printf(bio_err,"counter should be 105\n"); BIO_printf(bio_err,"counter should be 105\n");
@@ -210,8 +208,17 @@ int main(int argc, char **argv)
goto end; goto end;
} }
DSA_generate_key(dsa); DSA_generate_key(dsa);
DSA_sign(0, str1, 20, sig, &siglen, dsa);
if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) sig = DSA_do_sign(str1, 20, dsa);
if (sig)
{
i = DSA_do_verify(str1, 20, sig, dsa);
DSA_SIG_free(sig);
}
else
i = 0;
if (i == 1)
ret=1; ret=1;
end: end:
if (!ret) if (!ret)

6
fips-1.0/dsa/fips_dssvs.c
View File

@@ -301,7 +301,10 @@ void sigver()
char *keyword, *value; char *keyword, *value;
int nmod=0; int nmod=0;
unsigned char hash[20]; unsigned char hash[20];
DSA_SIG *sig=DSA_SIG_new(); DSA_SIG sg, *sig = &sg;
sig->r = NULL;
sig->s = NULL;
while(fgets(buf,sizeof buf,stdin) != NULL) while(fgets(buf,sizeof buf,stdin) != NULL)
{ {
@@ -367,7 +370,6 @@ int main(int argc,char **argv)
} }
if(!FIPS_mode_set(1)) if(!FIPS_mode_set(1))
{ {
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
exit(1); exit(1);
} }

1
fips-1.0/fips.c
View File

@@ -135,7 +135,6 @@ int FIPS_selftest_failed(void)
int FIPS_selftest() int FIPS_selftest()
{ {
ERR_load_crypto_strings();
return FIPS_selftest_sha1() return FIPS_selftest_sha1()
&& FIPS_selftest_hmac() && FIPS_selftest_hmac()

16
fips-1.0/fips_test_suite.c
View File

@@ -85,8 +85,8 @@ static int FIPS_dsa_test()
{ {
DSA *dsa = NULL; DSA *dsa = NULL;
unsigned char dgst[] = "etaonrishdlc"; unsigned char dgst[] = "etaonrishdlc";
unsigned char sig[256]; DSA_SIG *sig = NULL;
unsigned int siglen; int r = 0;
ERR_clear_error(); ERR_clear_error();
dsa = DSA_generate_parameters(512,NULL,0,NULL,NULL,NULL,NULL); dsa = DSA_generate_parameters(512,NULL,0,NULL,NULL,NULL,NULL);
@@ -94,9 +94,13 @@ static int FIPS_dsa_test()
return 0; return 0;
if (!DSA_generate_key(dsa)) if (!DSA_generate_key(dsa))
return 0; return 0;
if ( DSA_sign(0,dgst,sizeof(dgst) - 1,sig,&siglen,dsa) != 1 ) sig = DSA_do_sign(dgst,sizeof(dgst) - 1,dsa);
return 0; if (sig)
if ( DSA_verify(0,dgst,sizeof(dgst) - 1,sig,siglen,dsa) != 1 ) {
r = DSA_do_verify(dgst,sizeof(dgst) - 1,sig,dsa);
DSA_SIG_free(sig);
}
if (r != 1)
return 0; return 0;
DSA_free(dsa); DSA_free(dsa);
return 1; return 1;
@@ -380,7 +384,6 @@ int main(int argc,char **argv)
} }
if (!FIPS_mode_set(1)) if (!FIPS_mode_set(1))
{ {
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
printf("Power-up self test failed\n"); printf("Power-up self test failed\n");
exit(1); exit(1);
@@ -401,7 +404,6 @@ int main(int argc,char **argv)
printf("2. Automatic power-up self test..."); printf("2. Automatic power-up self test...");
if (!FIPS_mode_set(1)) if (!FIPS_mode_set(1))
{ {
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
printf(Fail("FAILED!\n")); printf(Fail("FAILED!\n"));
exit(1); exit(1);

2
fips-1.0/hmac/fips_hmactest.c
View File

@@ -86,8 +86,6 @@ int main(int argc, char **argv)
int ret = 1; int ret = 1;
ERR_load_crypto_strings();
err = BIO_new_fp(stderr, BIO_NOCLOSE); err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!err) if (!err)

1
fips-1.0/rand/fips_randtest.c
View File

@@ -217,7 +217,6 @@ int main()
/*double d; */ /*double d; */
long d; long d;
ERR_load_crypto_strings();
RAND_set_rand_method(FIPS_rand_method()); RAND_set_rand_method(FIPS_rand_method());
run_test(&t1); run_test(&t1);

1
fips-1.0/rand/fips_rngvs.c
View File

@@ -254,7 +254,6 @@ int main(int argc,char **argv)
} }
if(!FIPS_mode_set(1)) if(!FIPS_mode_set(1))
{ {
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
exit(1); exit(1);
} }

1
fips-1.0/rsa/fips_rsagtest.c
View File

@@ -93,7 +93,6 @@ int main(int argc, char **argv)
BIO *in = NULL, *out = NULL, *err = NULL; BIO *in = NULL, *out = NULL, *err = NULL;
int ret = 1; int ret = 1;
ERR_load_crypto_strings();
err = BIO_new_fp(stderr, BIO_NOCLOSE); err = BIO_new_fp(stderr, BIO_NOCLOSE);

16
fips-1.0/rsa/fips_rsastest.c
View File

@@ -84,7 +84,6 @@ int main(int argc, char **argv)
BIO *in = NULL, *out = NULL, *err = NULL; BIO *in = NULL, *out = NULL, *err = NULL;
int ret = 1, Saltlen = -1; int ret = 1, Saltlen = -1;
ERR_load_crypto_strings();
err = BIO_new_fp(stderr, BIO_NOCLOSE); err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -326,15 +325,12 @@ static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,
unsigned char *sigbuf = NULL; unsigned char *sigbuf = NULL;
int i, siglen; int i, siglen;
/* EVP_PKEY structure */ /* EVP_PKEY structure */
EVP_PKEY *key = NULL; EVP_PKEY pk;
EVP_MD_CTX ctx; EVP_MD_CTX ctx;
key = EVP_PKEY_new(); pk.type = EVP_PKEY_RSA;
if (!key) pk.pkey.rsa = rsa;
goto error;
if (!EVP_PKEY_set1_RSA(key, rsa))
goto error;
siglen = EVP_PKEY_size(key); siglen = RSA_size(rsa);
sigbuf = OPENSSL_malloc(siglen); sigbuf = OPENSSL_malloc(siglen);
if (!sigbuf) if (!sigbuf)
goto error; goto error;
@@ -378,7 +374,7 @@ static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,
goto error; goto error;
if (!EVP_SignUpdate(&ctx, Msg, Msglen)) if (!EVP_SignUpdate(&ctx, Msg, Msglen))
goto error; goto error;
if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, key)) if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, &pk))
goto error; goto error;
} }
@@ -394,8 +390,6 @@ static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,
ret = 1; ret = 1;
error: error:
if (key)
EVP_PKEY_free(key);
return ret; return ret;
} }

14
fips-1.0/rsa/fips_rsavtest.c
View File

@@ -88,7 +88,6 @@ int main(int argc, char **argv)
int ret = 1; int ret = 1;
int Saltlen = -1; int Saltlen = -1;
ERR_load_crypto_strings();
err = BIO_new_fp(stderr, BIO_NOCLOSE); err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -330,19 +329,18 @@ static int rsa_printver(BIO *err, BIO *out,
int ret = 0, r; int ret = 0, r;
/* Setup RSA and EVP_PKEY structures */ /* Setup RSA and EVP_PKEY structures */
RSA *rsa_pubkey = NULL; RSA *rsa_pubkey = NULL;
EVP_PKEY *pubkey = NULL; EVP_PKEY pk;
EVP_MD_CTX ctx; EVP_MD_CTX ctx;
unsigned char *buf = NULL; unsigned char *buf = NULL;
rsa_pubkey = RSA_new(); rsa_pubkey = RSA_new();
pubkey = EVP_PKEY_new(); if (!rsa_pubkey)
if (!rsa_pubkey || !pubkey)
goto error; goto error;
rsa_pubkey->n = BN_dup(n); rsa_pubkey->n = BN_dup(n);
rsa_pubkey->e = BN_dup(e); rsa_pubkey->e = BN_dup(e);
if (!rsa_pubkey->n || !rsa_pubkey->e) if (!rsa_pubkey->n || !rsa_pubkey->e)
goto error; goto error;
if (!EVP_PKEY_set1_RSA(pubkey, rsa_pubkey)) pk.type = EVP_PKEY_RSA;
goto error; pk.pkey.rsa = rsa_pubkey;
EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&ctx);
@@ -395,7 +393,7 @@ static int rsa_printver(BIO *err, BIO *out,
if (!EVP_VerifyUpdate(&ctx, Msg, Msglen)) if (!EVP_VerifyUpdate(&ctx, Msg, Msglen))
goto error; goto error;
r = EVP_VerifyFinal(&ctx, S, Slen, pubkey); r = EVP_VerifyFinal(&ctx, S, Slen, &pk);
} }
@@ -415,8 +413,6 @@ static int rsa_printver(BIO *err, BIO *out,
error: error:
if (rsa_pubkey) if (rsa_pubkey)
RSA_free(rsa_pubkey); RSA_free(rsa_pubkey);
if (pubkey)
EVP_PKEY_free(pubkey);
if (buf) if (buf)
OPENSSL_free(buf); OPENSSL_free(buf);

2
fips-1.0/sha/fips_shatest.c
View File

@@ -86,8 +86,6 @@ int main(int argc, char **argv)
int ret = 1; int ret = 1;
ERR_load_crypto_strings();
err = BIO_new_fp(stderr, BIO_NOCLOSE); err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!err) if (!err)