Update pairwise consistency checks to use SHA-256.

225a9e29 · Dr. Stephen Henson · 25c65429 · 225a9e29 · 225a9e29 · 225a9e29
隐藏空白更改
内联并排

Showing with 7 addition and 5 deletion

crypto/dsa/dsa_key.c crypto/dsa/dsa_key.c +1 -2

crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c +3 -3

fips/fips.c fips/fips.c +3 -0

未找到文件。
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -85,8 +85,7 @@ static int fips_check_dsa(DSA *dsa)
    	pk.type = EVP_PKEY_DSA;
    	pk.pkey.dsa = dsa;

-	if (!fips_pkey_signature_test(&pk, tbs, -1,
-					NULL, 0, EVP_sha1(), 0, NULL))
+	if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, NULL, 0, NULL))
 		{
 		FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
 		fips_set_selftest_fail();

--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -94,11 +94,11 @@ int fips_check_rsa(RSA *rsa)

 	/* Perform pairwise consistency signature test */
 	if (!fips_pkey_signature_test(&pk, tbs, -1,
-			NULL, 0, EVP_sha1(), RSA_PKCS1_PADDING, NULL)
+			NULL, 0, NULL, RSA_PKCS1_PADDING, NULL)
 		|| !fips_pkey_signature_test(&pk, tbs, -1,
-			NULL, 0, EVP_sha1(), RSA_X931_PADDING, NULL)
+			NULL, 0, NULL, RSA_X931_PADDING, NULL)
 		|| !fips_pkey_signature_test(&pk, tbs, -1,
-			NULL, 0, EVP_sha1(), RSA_PKCS1_PSS_PADDING, NULL))
+			NULL, 0, NULL, RSA_PKCS1_PSS_PADDING, NULL))
 		goto err;
 	/* Now perform pairwise consistency encrypt/decrypt test */
 	ctbuf = OPENSSL_malloc(RSA_size(rsa));

--- a/fips/fips.c
+++ b/fips/fips.c
@@ -454,6 +454,9 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
 	if (tbslen == -1)
 		tbslen = strlen((char *)tbs);

+	if (digest == NULL)
+		digest = EVP_sha256();
+
 	if (!FIPS_digestinit(&mctx, digest))
 		goto error;
 	if (!FIPS_digestupdate(&mctx, tbs, tbslen))