generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Bypass algorithm blocking with TLS MD5+SHA1 signature in FIPS mode by

Browse Source 
calling underlying method directly.
This commit is contained in:
Dr. Stephen Henson
2010-01-27 00:51:24 +00:00
parent cc62974182
commit 93b810637b
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
crypto/rsa/rsa_sign.c
View File

@@ -137,7 +137,12 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
i2d_X509_SIG(&sig,&p);
s=tmps;
}
#ifdef OPENSSL_FIPS
/* Bypass algorithm blocking: this is allowed if we get this far */
i=rsa->meth->rsa_priv_enc(i,s,sigret,rsa,RSA_PKCS1_PADDING);
#else
i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
#endif
if (i <= 0)
ret=0;
else
@@ -190,8 +195,11 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return 0;
}
#endif
/* Bypass algorithm blocking: this is allowed */
i=rsa->meth->rsa_pub_dec((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
#else
i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
#endif
if (i <= 0) goto err;