Add single call public key sign and verify functions.

2011-11-05 01:32:52 +00:00
parent b7de76b74d
commit 485ef852ac
13 changed files with 117 additions and 85 deletions
--- a/fips/dsa/fips_dsa_sign.c
+++ b/fips/dsa/fips_dsa_sign.c
@@ -114,4 +114,28 @@ int FIPS_dsa_verify_digest(DSA *dsa,
 	return dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
 	}

+int FIPS_dsa_verify(DSA *dsa, const unsigned char *msg, size_t msglen,
+			const EVP_MD *mhash, DSA_SIG *s)
+	{
+	int ret=-1;
+	unsigned char dig[EVP_MAX_MD_SIZE];
+	unsigned int dlen;
+        FIPS_digest(msg, msglen, dig, &dlen, mhash);
+	ret=FIPS_dsa_verify_digest(dsa, dig, dlen, s);
+	OPENSSL_cleanse(dig, dlen);
+	return ret;
+	}
+
+DSA_SIG * FIPS_dsa_sign(DSA *dsa, const unsigned char *msg, size_t msglen,
+			const EVP_MD *mhash)
+	{
+	DSA_SIG *s;
+	unsigned char dig[EVP_MAX_MD_SIZE];
+	unsigned int dlen;
+        FIPS_digest(msg, msglen, dig, &dlen, mhash);
+	s = FIPS_dsa_sign_digest(dsa, dig, dlen);
+	OPENSSL_cleanse(dig, dlen);
+	return s;
+	}
+
 #endif
--- a/fips/dsa/fips_dsatest.c
+++ b/fips/dsa/fips_dsatest.c
@@ -154,9 +154,7 @@ int main(int argc, char **argv)
 	unsigned char buf[256];
 	unsigned long h;
 	BN_GENCB cb;
-	EVP_MD_CTX mctx;
 	BN_GENCB_set(&cb, dsa_cb, stderr);
-	FIPS_md_ctx_init(&mctx);

    	fips_algtest_init();

@@ -210,19 +208,11 @@ int main(int argc, char **argv)
 		}
 	DSA_generate_key(dsa);

-	if (!FIPS_digestinit(&mctx, EVP_sha1()))
-		goto end;
-	if (!FIPS_digestupdate(&mctx, str1, 20))
-		goto end;
-	sig = FIPS_dsa_sign_ctx(dsa, &mctx);
+	sig = FIPS_dsa_sign(dsa, str1, 20, EVP_sha1());
 	if (!sig)
 		goto end;

-	if (!FIPS_digestinit(&mctx, EVP_sha1()))
-		goto end;
-	if (!FIPS_digestupdate(&mctx, str1, 20))
-		goto end;
-	if (FIPS_dsa_verify_ctx(dsa, &mctx, sig) != 1)
+	if (FIPS_dsa_verify(dsa, str1, 20, EVP_sha1(), sig) != 1)
 		goto end;

 	ret = 1;
@@ -231,7 +221,6 @@ end:
 	if (sig)
 		FIPS_dsa_sig_free(sig);
 	if (dsa != NULL) FIPS_dsa_free(dsa);
-	FIPS_md_ctx_cleanup(&mctx);
 #if 0
 	CRYPTO_mem_leaks(bio_err);
 #endif
--- a/fips/dsa/fips_dssvs.c
+++ b/fips/dsa/fips_dssvs.c
@@ -632,9 +632,7 @@ static void siggen(FILE *in, FILE *out)
 	    {
 	    unsigned char msg[1024];
 	    int n;
-	    EVP_MD_CTX mctx;
 	    DSA_SIG *sig;
-	    FIPS_md_ctx_init(&mctx);

 	    n=hex2bin(value,msg);

@@ -642,15 +640,12 @@ static void siggen(FILE *in, FILE *out)
 		exit(1);
 	    do_bn_print_name(out, "Y",dsa->pub_key);

-	    FIPS_digestinit(&mctx, md);
-	    FIPS_digestupdate(&mctx, msg, n);
-	    sig = FIPS_dsa_sign_ctx(dsa, &mctx);
+	    sig = FIPS_dsa_sign(dsa, msg, n, md);

 	    do_bn_print_name(out, "R",sig->r);
 	    do_bn_print_name(out, "S",sig->s);
 	    fputs(RESP_EOL, out);
 	    FIPS_dsa_sig_free(sig);
-	    FIPS_md_ctx_cleanup(&mctx);
 	    }
 	}
    if (dsa)
@@ -705,17 +700,12 @@ static void sigver(FILE *in, FILE *out)
 	    sig->r=hex2bn(value);
 	else if(!strcmp(keyword,"S"))
 	    {
-	    EVP_MD_CTX mctx;
 	    int r;
-	    FIPS_md_ctx_init(&mctx);
 	    sig->s=hex2bn(value);

-	    FIPS_digestinit(&mctx, md);
-	    FIPS_digestupdate(&mctx, msg, n);
 	    no_err = 1;
-	    r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
+	    r = FIPS_dsa_verify(dsa, msg, n, md, sig);
 	    no_err = 0;
-	    FIPS_md_ctx_cleanup(&mctx);
 	    if (sig->s)
 		{
 		BN_free(sig->s);