generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Since FIPS 186-3 specifies we use the leftmost bits of the digest

Browse Source 
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
This commit is contained in:
Dr. Stephen Henson 2011-02-01 12:53:47 +00:00
parent b5b724348d
commit 5080fbbef0
1 changed files with 0 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
crypto/dsa/dsa_ossl.c
View File

@ -149,15 +149,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
s=BN_new();
if (s == NULL) goto err;
/* reject a excessive digest length (currently at most
* dsa-with-SHA256 is supported) */
if (dlen > SHA256_DIGEST_LENGTH)
{
reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
goto err;
}
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
redo:
@ -339,15 +330,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
return -1;
}
/* reject a excessive digest length (currently at most
* dsa-with-SHA256 is supported) */
if (dgst_len > SHA256_DIGEST_LENGTH)
{
DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return -1;
}
BN_init(&u1);
BN_init(&u2);
BN_init(&t1);