Update pairwise consistency checks to use SHA-256.

2011-02-15 16:18:18 +00:00 · 2011-02-15 16:18:18 +00:00 · 225a9e296b
commit 225a9e296b
parent 25c6542944
3 changed files with 7 additions and 5 deletions
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@ -85,8 +85,7 @@ static int fips_check_dsa(DSA *dsa)
    	pk.type = EVP_PKEY_DSA;
    	pk.pkey.dsa = dsa;

-	if (!fips_pkey_signature_test(&pk, tbs, -1,
-					NULL, 0, EVP_sha1(), 0, NULL))
+	if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, NULL, 0, NULL))
 		{
 		FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
 		fips_set_selftest_fail();
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@ -94,11 +94,11 @@ int fips_check_rsa(RSA *rsa)

 	/* Perform pairwise consistency signature test */
 	if (!fips_pkey_signature_test(&pk, tbs, -1,
-			NULL, 0, EVP_sha1(), RSA_PKCS1_PADDING, NULL)
+			NULL, 0, NULL, RSA_PKCS1_PADDING, NULL)
 		|| !fips_pkey_signature_test(&pk, tbs, -1,
-			NULL, 0, EVP_sha1(), RSA_X931_PADDING, NULL)
+			NULL, 0, NULL, RSA_X931_PADDING, NULL)
 		|| !fips_pkey_signature_test(&pk, tbs, -1,
-			NULL, 0, EVP_sha1(), RSA_PKCS1_PSS_PADDING, NULL))
+			NULL, 0, NULL, RSA_PKCS1_PSS_PADDING, NULL))
 		goto err;
 	/* Now perform pairwise consistency encrypt/decrypt test */
 	ctbuf = OPENSSL_malloc(RSA_size(rsa));
--- a/fips/fips.c
+++ b/fips/fips.c
@ -454,6 +454,9 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
 	if (tbslen == -1)
 		tbslen = strlen((char *)tbs);

+	if (digest == NULL)
+		digest = EVP_sha256();
+
 	if (!FIPS_digestinit(&mctx, digest))
 		goto error;
 	if (!FIPS_digestupdate(&mctx, tbs, tbslen))