Remove DSA digest length checks when no digest is passed

FIPS 186-4 does not specify a hard requirement on DSA digest lengths, and in any case the current check rejects the FIPS recommended digest lengths for key sizes != 1024 bits. Fixes: #6748 Reviewed-by: N Rich Salz <rsalz@openssl.org> Reviewed-by: N Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6749)

Remove DSA digest length checks when no digest is passed
FIPS 186-4 does not specify a hard requirement on DSA digest lengths, and in any case the current check rejects the FIPS recommended digest lengths for key sizes != 1024 bits. Fixes: #6748 Reviewed-by: N Rich Salz <rsalz@openssl.org> Reviewed-by: N Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6749)
665d9d1c · Bryan Donlan · Andy Polyakov · bd93f1ac · 665d9d1c
隐藏空白更改
内联并排

Showing with 4 addition and 14 deletion

crypto/dsa/dsa_pmeth.c crypto/dsa/dsa_pmeth.c +4 -14

未找到文件。
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -77,13 +77,8 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
    DSA_PKEY_CTX *dctx = ctx->data;
    DSA *dsa = ctx->pkey->pkey.dsa;
-    if (dctx->md) {
+    if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md))
-        if (tbslen != (size_t)EVP_MD_size(dctx->md))
+        return 0;
-            return 0;
-    } else {
-        if (tbslen != SHA_DIGEST_LENGTH)
-            return 0;
-    }
    ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa);
@@ -101,13 +96,8 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
    DSA_PKEY_CTX *dctx = ctx->data;
    DSA *dsa = ctx->pkey->pkey.dsa;
-    if (dctx->md) {
+    if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md))
-        if (tbslen != (size_t)EVP_MD_size(dctx->md))
+        return 0;
-            return 0;
-    } else {
-        if (tbslen != SHA_DIGEST_LENGTH)
-            return 0;
-    }
    ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa);