Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
f4324e51
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
f4324e51
编写于
11月 05, 2011
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add single call public key sign and verify functions.
上级
69569dd1
变更
13
隐藏空白更改
内联
并排
Showing
13 changed file
with
117 addition
and
85 deletion
+117
-85
CHANGES
CHANGES
+5
-0
crypto/dsa/dsa.h
crypto/dsa/dsa.h
+5
-0
crypto/ecdsa/ecdsa.h
crypto/ecdsa/ecdsa.h
+5
-0
fips/dsa/fips_dsa_sign.c
fips/dsa/fips_dsa_sign.c
+24
-0
fips/dsa/fips_dsatest.c
fips/dsa/fips_dsatest.c
+2
-13
fips/dsa/fips_dssvs.c
fips/dsa/fips_dssvs.c
+2
-12
fips/ecdsa/fips_ecdsa_sign.c
fips/ecdsa/fips_ecdsa_sign.c
+25
-0
fips/ecdsa/fips_ecdsavs.c
fips/ecdsa/fips_ecdsavs.c
+2
-12
fips/fips.h
fips/fips.h
+10
-0
fips/fips_test_suite.c
fips/fips_test_suite.c
+6
-26
fips/rsa/fips_rsa_sign.c
fips/rsa/fips_rsa_sign.c
+29
-0
fips/rsa/fips_rsastest.c
fips/rsa/fips_rsastest.c
+1
-10
fips/rsa/fips_rsavtest.c
fips/rsa/fips_rsavtest.c
+1
-12
未找到文件。
CHANGES
浏览文件 @
f4324e51
...
@@ -4,9 +4,14 @@
...
@@ -4,9 +4,14 @@
Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
*) Add FIPS_{rsa,dsa,ecdsa}_{sign,verify} functions which digest and
sign or verify all in one operation.
[Steve Henson]
*) Add fips_algvs: a multicall fips utility incorporaing all the algorithm
*) Add fips_algvs: a multicall fips utility incorporaing all the algorithm
test programs and fips_test_suite. Includes functionality to parse
test programs and fips_test_suite. Includes functionality to parse
the minimal script output of fipsalgest.pl directly.
the minimal script output of fipsalgest.pl directly.
[Steve Henson]
*) Add authorisation parameter to FIPS_module_mode_set().
*) Add authorisation parameter to FIPS_module_mode_set().
[Steve Henson]
[Steve Henson]
...
...
crypto/dsa/dsa.h
浏览文件 @
f4324e51
...
@@ -215,6 +215,11 @@ DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx);
...
@@ -215,6 +215,11 @@ DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx);
int
FIPS_dsa_verify_digest
(
DSA
*
dsa
,
int
FIPS_dsa_verify_digest
(
DSA
*
dsa
,
const
unsigned
char
*
dig
,
int
dlen
,
DSA_SIG
*
s
);
const
unsigned
char
*
dig
,
int
dlen
,
DSA_SIG
*
s
);
int
FIPS_dsa_verify_ctx
(
DSA
*
dsa
,
EVP_MD_CTX
*
ctx
,
DSA_SIG
*
s
);
int
FIPS_dsa_verify_ctx
(
DSA
*
dsa
,
EVP_MD_CTX
*
ctx
,
DSA_SIG
*
s
);
int
FIPS_dsa_verify
(
DSA
*
dsa
,
const
unsigned
char
*
msg
,
size_t
msglen
,
const
EVP_MD
*
mhash
,
DSA_SIG
*
s
);
DSA_SIG
*
FIPS_dsa_sign
(
DSA
*
dsa
,
const
unsigned
char
*
msg
,
size_t
msglen
,
const
EVP_MD
*
mhash
);
#endif
#endif
DSA
*
DSA_new
(
void
);
DSA
*
DSA_new
(
void
);
...
...
crypto/ecdsa/ecdsa.h
浏览文件 @
f4324e51
...
@@ -236,6 +236,11 @@ ECDSA_SIG * FIPS_ecdsa_sign_ctx(EC_KEY *key, EVP_MD_CTX *ctx);
...
@@ -236,6 +236,11 @@ ECDSA_SIG * FIPS_ecdsa_sign_ctx(EC_KEY *key, EVP_MD_CTX *ctx);
int
FIPS_ecdsa_verify_digest
(
EC_KEY
*
key
,
int
FIPS_ecdsa_verify_digest
(
EC_KEY
*
key
,
const
unsigned
char
*
dig
,
int
dlen
,
ECDSA_SIG
*
s
);
const
unsigned
char
*
dig
,
int
dlen
,
ECDSA_SIG
*
s
);
int
FIPS_ecdsa_verify_ctx
(
EC_KEY
*
key
,
EVP_MD_CTX
*
ctx
,
ECDSA_SIG
*
s
);
int
FIPS_ecdsa_verify_ctx
(
EC_KEY
*
key
,
EVP_MD_CTX
*
ctx
,
ECDSA_SIG
*
s
);
int
FIPS_ecdsa_verify
(
EC_KEY
*
key
,
const
unsigned
char
*
msg
,
size_t
msglen
,
const
EVP_MD
*
mhash
,
ECDSA_SIG
*
s
);
ECDSA_SIG
*
FIPS_ecdsa_sign
(
EC_KEY
*
key
,
const
unsigned
char
*
msg
,
size_t
msglen
,
const
EVP_MD
*
mhash
);
#endif
#endif
...
...
fips/dsa/fips_dsa_sign.c
浏览文件 @
f4324e51
...
@@ -114,4 +114,28 @@ int FIPS_dsa_verify_digest(DSA *dsa,
...
@@ -114,4 +114,28 @@ int FIPS_dsa_verify_digest(DSA *dsa,
return
dsa
->
meth
->
dsa_do_verify
(
dig
,
dlen
,
s
,
dsa
);
return
dsa
->
meth
->
dsa_do_verify
(
dig
,
dlen
,
s
,
dsa
);
}
}
int
FIPS_dsa_verify
(
DSA
*
dsa
,
const
unsigned
char
*
msg
,
size_t
msglen
,
const
EVP_MD
*
mhash
,
DSA_SIG
*
s
)
{
int
ret
=-
1
;
unsigned
char
dig
[
EVP_MAX_MD_SIZE
];
unsigned
int
dlen
;
FIPS_digest
(
msg
,
msglen
,
dig
,
&
dlen
,
mhash
);
ret
=
FIPS_dsa_verify_digest
(
dsa
,
dig
,
dlen
,
s
);
OPENSSL_cleanse
(
dig
,
dlen
);
return
ret
;
}
DSA_SIG
*
FIPS_dsa_sign
(
DSA
*
dsa
,
const
unsigned
char
*
msg
,
size_t
msglen
,
const
EVP_MD
*
mhash
)
{
DSA_SIG
*
s
;
unsigned
char
dig
[
EVP_MAX_MD_SIZE
];
unsigned
int
dlen
;
FIPS_digest
(
msg
,
msglen
,
dig
,
&
dlen
,
mhash
);
s
=
FIPS_dsa_sign_digest
(
dsa
,
dig
,
dlen
);
OPENSSL_cleanse
(
dig
,
dlen
);
return
s
;
}
#endif
#endif
fips/dsa/fips_dsatest.c
浏览文件 @
f4324e51
...
@@ -154,9 +154,7 @@ int main(int argc, char **argv)
...
@@ -154,9 +154,7 @@ int main(int argc, char **argv)
unsigned
char
buf
[
256
];
unsigned
char
buf
[
256
];
unsigned
long
h
;
unsigned
long
h
;
BN_GENCB
cb
;
BN_GENCB
cb
;
EVP_MD_CTX
mctx
;
BN_GENCB_set
(
&
cb
,
dsa_cb
,
stderr
);
BN_GENCB_set
(
&
cb
,
dsa_cb
,
stderr
);
FIPS_md_ctx_init
(
&
mctx
);
fips_algtest_init
();
fips_algtest_init
();
...
@@ -210,19 +208,11 @@ int main(int argc, char **argv)
...
@@ -210,19 +208,11 @@ int main(int argc, char **argv)
}
}
DSA_generate_key
(
dsa
);
DSA_generate_key
(
dsa
);
if
(
!
FIPS_digestinit
(
&
mctx
,
EVP_sha1
()))
sig
=
FIPS_dsa_sign
(
dsa
,
str1
,
20
,
EVP_sha1
());
goto
end
;
if
(
!
FIPS_digestupdate
(
&
mctx
,
str1
,
20
))
goto
end
;
sig
=
FIPS_dsa_sign_ctx
(
dsa
,
&
mctx
);
if
(
!
sig
)
if
(
!
sig
)
goto
end
;
goto
end
;
if
(
!
FIPS_digestinit
(
&
mctx
,
EVP_sha1
()))
if
(
FIPS_dsa_verify
(
dsa
,
str1
,
20
,
EVP_sha1
(),
sig
)
!=
1
)
goto
end
;
if
(
!
FIPS_digestupdate
(
&
mctx
,
str1
,
20
))
goto
end
;
if
(
FIPS_dsa_verify_ctx
(
dsa
,
&
mctx
,
sig
)
!=
1
)
goto
end
;
goto
end
;
ret
=
1
;
ret
=
1
;
...
@@ -231,7 +221,6 @@ end:
...
@@ -231,7 +221,6 @@ end:
if
(
sig
)
if
(
sig
)
FIPS_dsa_sig_free
(
sig
);
FIPS_dsa_sig_free
(
sig
);
if
(
dsa
!=
NULL
)
FIPS_dsa_free
(
dsa
);
if
(
dsa
!=
NULL
)
FIPS_dsa_free
(
dsa
);
FIPS_md_ctx_cleanup
(
&
mctx
);
#if 0
#if 0
CRYPTO_mem_leaks(bio_err);
CRYPTO_mem_leaks(bio_err);
#endif
#endif
...
...
fips/dsa/fips_dssvs.c
浏览文件 @
f4324e51
...
@@ -632,9 +632,7 @@ static void siggen(FILE *in, FILE *out)
...
@@ -632,9 +632,7 @@ static void siggen(FILE *in, FILE *out)
{
{
unsigned
char
msg
[
1024
];
unsigned
char
msg
[
1024
];
int
n
;
int
n
;
EVP_MD_CTX
mctx
;
DSA_SIG
*
sig
;
DSA_SIG
*
sig
;
FIPS_md_ctx_init
(
&
mctx
);
n
=
hex2bin
(
value
,
msg
);
n
=
hex2bin
(
value
,
msg
);
...
@@ -642,15 +640,12 @@ static void siggen(FILE *in, FILE *out)
...
@@ -642,15 +640,12 @@ static void siggen(FILE *in, FILE *out)
exit
(
1
);
exit
(
1
);
do_bn_print_name
(
out
,
"Y"
,
dsa
->
pub_key
);
do_bn_print_name
(
out
,
"Y"
,
dsa
->
pub_key
);
FIPS_digestinit
(
&
mctx
,
md
);
sig
=
FIPS_dsa_sign
(
dsa
,
msg
,
n
,
md
);
FIPS_digestupdate
(
&
mctx
,
msg
,
n
);
sig
=
FIPS_dsa_sign_ctx
(
dsa
,
&
mctx
);
do_bn_print_name
(
out
,
"R"
,
sig
->
r
);
do_bn_print_name
(
out
,
"R"
,
sig
->
r
);
do_bn_print_name
(
out
,
"S"
,
sig
->
s
);
do_bn_print_name
(
out
,
"S"
,
sig
->
s
);
fputs
(
RESP_EOL
,
out
);
fputs
(
RESP_EOL
,
out
);
FIPS_dsa_sig_free
(
sig
);
FIPS_dsa_sig_free
(
sig
);
FIPS_md_ctx_cleanup
(
&
mctx
);
}
}
}
}
if
(
dsa
)
if
(
dsa
)
...
@@ -705,17 +700,12 @@ static void sigver(FILE *in, FILE *out)
...
@@ -705,17 +700,12 @@ static void sigver(FILE *in, FILE *out)
sig
->
r
=
hex2bn
(
value
);
sig
->
r
=
hex2bn
(
value
);
else
if
(
!
strcmp
(
keyword
,
"S"
))
else
if
(
!
strcmp
(
keyword
,
"S"
))
{
{
EVP_MD_CTX
mctx
;
int
r
;
int
r
;
FIPS_md_ctx_init
(
&
mctx
);
sig
->
s
=
hex2bn
(
value
);
sig
->
s
=
hex2bn
(
value
);
FIPS_digestinit
(
&
mctx
,
md
);
FIPS_digestupdate
(
&
mctx
,
msg
,
n
);
no_err
=
1
;
no_err
=
1
;
r
=
FIPS_dsa_verify
_ctx
(
dsa
,
&
mctx
,
sig
);
r
=
FIPS_dsa_verify
(
dsa
,
msg
,
n
,
md
,
sig
);
no_err
=
0
;
no_err
=
0
;
FIPS_md_ctx_cleanup
(
&
mctx
);
if
(
sig
->
s
)
if
(
sig
->
s
)
{
{
BN_free
(
sig
->
s
);
BN_free
(
sig
->
s
);
...
...
fips/ecdsa/fips_ecdsa_sign.c
浏览文件 @
f4324e51
...
@@ -87,3 +87,28 @@ int FIPS_ecdsa_verify_ctx(EC_KEY *key, EVP_MD_CTX *ctx, ECDSA_SIG *s)
...
@@ -87,3 +87,28 @@ int FIPS_ecdsa_verify_ctx(EC_KEY *key, EVP_MD_CTX *ctx, ECDSA_SIG *s)
return
ret
;
return
ret
;
}
}
int
FIPS_ecdsa_verify
(
EC_KEY
*
key
,
const
unsigned
char
*
msg
,
size_t
msglen
,
const
EVP_MD
*
mhash
,
ECDSA_SIG
*
s
)
{
int
ret
=-
1
;
unsigned
char
dig
[
EVP_MAX_MD_SIZE
];
unsigned
int
dlen
;
FIPS_digest
(
msg
,
msglen
,
dig
,
&
dlen
,
mhash
);
ret
=
FIPS_ecdsa_verify_digest
(
key
,
dig
,
dlen
,
s
);
OPENSSL_cleanse
(
dig
,
dlen
);
return
ret
;
}
ECDSA_SIG
*
FIPS_ecdsa_sign
(
EC_KEY
*
key
,
const
unsigned
char
*
msg
,
size_t
msglen
,
const
EVP_MD
*
mhash
)
{
ECDSA_SIG
*
s
;
unsigned
char
dig
[
EVP_MAX_MD_SIZE
];
unsigned
int
dlen
;
FIPS_digest
(
msg
,
msglen
,
dig
,
&
dlen
,
mhash
);
s
=
FIPS_dsa_sign_digest
(
key
,
dig
,
dlen
);
OPENSSL_cleanse
(
dig
,
dlen
);
return
s
;
}
fips/ecdsa/fips_ecdsavs.c
浏览文件 @
f4324e51
...
@@ -308,8 +308,6 @@ static int SigGen(FILE *in, FILE *out)
...
@@ -308,8 +308,6 @@ static int SigGen(FILE *in, FILE *out)
EC_KEY
*
key
=
NULL
;
EC_KEY
*
key
=
NULL
;
ECDSA_SIG
*
sig
=
NULL
;
ECDSA_SIG
*
sig
=
NULL
;
const
EVP_MD
*
digest
=
NULL
;
const
EVP_MD
*
digest
=
NULL
;
EVP_MD_CTX
mctx
;
EVP_MD_CTX_init
(
&
mctx
);
Qx
=
BN_new
();
Qx
=
BN_new
();
Qy
=
BN_new
();
Qy
=
BN_new
();
while
(
fgets
(
buf
,
sizeof
buf
,
in
)
!=
NULL
)
while
(
fgets
(
buf
,
sizeof
buf
,
in
)
!=
NULL
)
...
@@ -345,9 +343,7 @@ static int SigGen(FILE *in, FILE *out)
...
@@ -345,9 +343,7 @@ static int SigGen(FILE *in, FILE *out)
return
0
;
return
0
;
}
}
FIPS_digestinit
(
&
mctx
,
digest
);
sig
=
FIPS_ecdsa_sign
(
key
,
msg
,
mlen
,
digest
);
FIPS_digestupdate
(
&
mctx
,
msg
,
mlen
);
sig
=
FIPS_ecdsa_sign_ctx
(
key
,
&
mctx
);
if
(
!
sig
)
if
(
!
sig
)
{
{
...
@@ -369,7 +365,6 @@ static int SigGen(FILE *in, FILE *out)
...
@@ -369,7 +365,6 @@ static int SigGen(FILE *in, FILE *out)
}
}
BN_free
(
Qx
);
BN_free
(
Qx
);
BN_free
(
Qy
);
BN_free
(
Qy
);
FIPS_md_ctx_cleanup
(
&
mctx
);
return
1
;
return
1
;
}
}
...
@@ -384,8 +379,6 @@ static int SigVer(FILE *in, FILE *out)
...
@@ -384,8 +379,6 @@ static int SigVer(FILE *in, FILE *out)
EC_KEY
*
key
=
NULL
;
EC_KEY
*
key
=
NULL
;
ECDSA_SIG
sg
,
*
sig
=
&
sg
;
ECDSA_SIG
sg
,
*
sig
=
&
sg
;
const
EVP_MD
*
digest
=
NULL
;
const
EVP_MD
*
digest
=
NULL
;
EVP_MD_CTX
mctx
;
EVP_MD_CTX_init
(
&
mctx
);
sig
->
r
=
NULL
;
sig
->
r
=
NULL
;
sig
->
s
=
NULL
;
sig
->
s
=
NULL
;
while
(
fgets
(
buf
,
sizeof
buf
,
in
)
!=
NULL
)
while
(
fgets
(
buf
,
sizeof
buf
,
in
)
!=
NULL
)
...
@@ -450,10 +443,8 @@ static int SigVer(FILE *in, FILE *out)
...
@@ -450,10 +443,8 @@ static int SigVer(FILE *in, FILE *out)
return
0
;
return
0
;
}
}
FIPS_digestinit
(
&
mctx
,
digest
);
FIPS_digestupdate
(
&
mctx
,
msg
,
mlen
);
no_err
=
1
;
no_err
=
1
;
rv
=
FIPS_ecdsa_verify
_ctx
(
key
,
&
mctx
,
sig
);
rv
=
FIPS_ecdsa_verify
(
key
,
msg
,
mlen
,
digest
,
sig
);
EC_KEY_free
(
key
);
EC_KEY_free
(
key
);
if
(
msg
)
if
(
msg
)
OPENSSL_free
(
msg
);
OPENSSL_free
(
msg
);
...
@@ -471,7 +462,6 @@ static int SigVer(FILE *in, FILE *out)
...
@@ -471,7 +462,6 @@ static int SigVer(FILE *in, FILE *out)
BN_free
(
Qx
);
BN_free
(
Qx
);
if
(
Qy
)
if
(
Qy
)
BN_free
(
Qy
);
BN_free
(
Qy
);
EVP_MD_CTX_cleanup
(
&
mctx
);
return
1
;
return
1
;
}
}
#ifdef FIPS_ALGVS
#ifdef FIPS_ALGVS
...
...
fips/fips.h
浏览文件 @
f4324e51
...
@@ -224,6 +224,16 @@ int FIPS_rsa_verify_digest(struct rsa_st *rsa,
...
@@ -224,6 +224,16 @@ int FIPS_rsa_verify_digest(struct rsa_st *rsa,
const
struct
env_md_st
*
mgf1Hash
,
const
struct
env_md_st
*
mgf1Hash
,
const
unsigned
char
*
sigbuf
,
unsigned
int
siglen
);
const
unsigned
char
*
sigbuf
,
unsigned
int
siglen
);
int
FIPS_rsa_sign
(
struct
rsa_st
*
rsa
,
const
unsigned
char
*
msg
,
int
msglen
,
const
struct
env_md_st
*
mhash
,
int
rsa_pad_mode
,
int
saltlen
,
const
struct
env_md_st
*
mgf1Hash
,
unsigned
char
*
sigret
,
unsigned
int
*
siglen
);
int
FIPS_rsa_verify
(
struct
rsa_st
*
rsa
,
const
unsigned
char
*
msg
,
int
msglen
,
const
struct
env_md_st
*
mhash
,
int
rsa_pad_mode
,
int
saltlen
,
const
struct
env_md_st
*
mgf1Hash
,
const
unsigned
char
*
sigbuf
,
unsigned
int
siglen
);
#ifdef OPENSSL_FIPSCAPABLE
#ifdef OPENSSL_FIPSCAPABLE
int
FIPS_digestinit
(
EVP_MD_CTX
*
ctx
,
const
EVP_MD
*
type
);
int
FIPS_digestinit
(
EVP_MD_CTX
*
ctx
,
const
EVP_MD
*
type
);
...
...
fips/fips_test_suite.c
浏览文件 @
f4324e51
...
@@ -144,11 +144,9 @@ static int FIPS_dsa_test(int bad)
...
@@ -144,11 +144,9 @@ static int FIPS_dsa_test(int bad)
DSA
*
dsa
=
NULL
;
DSA
*
dsa
=
NULL
;
unsigned
char
dgst
[]
=
"etaonrishdlc"
;
unsigned
char
dgst
[]
=
"etaonrishdlc"
;
int
r
=
0
;
int
r
=
0
;
EVP_MD_CTX
mctx
;
DSA_SIG
*
sig
=
NULL
;
DSA_SIG
*
sig
=
NULL
;
ERR_clear_error
();
ERR_clear_error
();
FIPS_md_ctx_init
(
&
mctx
);
dsa
=
FIPS_dsa_new
();
dsa
=
FIPS_dsa_new
();
if
(
!
dsa
)
if
(
!
dsa
)
goto
end
;
goto
end
;
...
@@ -159,23 +157,14 @@ static int FIPS_dsa_test(int bad)
...
@@ -159,23 +157,14 @@ static int FIPS_dsa_test(int bad)
if
(
bad
)
if
(
bad
)
BN_add_word
(
dsa
->
pub_key
,
1
);
BN_add_word
(
dsa
->
pub_key
,
1
);
if
(
!
FIPS_digestinit
(
&
mctx
,
EVP_sha256
()))
sig
=
FIPS_dsa_sign
(
dsa
,
dgst
,
sizeof
(
dgst
)
-
1
,
EVP_sha256
());
goto
end
;
if
(
!
FIPS_digestupdate
(
&
mctx
,
dgst
,
sizeof
(
dgst
)
-
1
))
goto
end
;
sig
=
FIPS_dsa_sign_ctx
(
dsa
,
&
mctx
);
if
(
!
sig
)
if
(
!
sig
)
goto
end
;
goto
end
;
if
(
!
FIPS_digestinit
(
&
mctx
,
EVP_sha256
()))
r
=
FIPS_dsa_verify
(
dsa
,
dgst
,
sizeof
(
dgst
)
-
1
,
EVP_sha256
(),
sig
);
goto
end
;
if
(
!
FIPS_digestupdate
(
&
mctx
,
dgst
,
sizeof
(
dgst
)
-
1
))
goto
end
;
r
=
FIPS_dsa_verify_ctx
(
dsa
,
&
mctx
,
sig
);
end:
end:
if
(
sig
)
if
(
sig
)
FIPS_dsa_sig_free
(
sig
);
FIPS_dsa_sig_free
(
sig
);
FIPS_md_ctx_cleanup
(
&
mctx
);
if
(
dsa
)
if
(
dsa
)
FIPS_dsa_free
(
dsa
);
FIPS_dsa_free
(
dsa
);
if
(
r
!=
1
)
if
(
r
!=
1
)
...
@@ -193,11 +182,9 @@ static int FIPS_rsa_test(int bad)
...
@@ -193,11 +182,9 @@ static int FIPS_rsa_test(int bad)
unsigned
char
buf
[
256
];
unsigned
char
buf
[
256
];
unsigned
int
slen
;
unsigned
int
slen
;
BIGNUM
*
bn
;
BIGNUM
*
bn
;
EVP_MD_CTX
mctx
;
int
r
=
0
;
int
r
=
0
;
ERR_clear_error
();
ERR_clear_error
();
FIPS_md_ctx_init
(
&
mctx
);
key
=
FIPS_rsa_new
();
key
=
FIPS_rsa_new
();
bn
=
BN_new
();
bn
=
BN_new
();
if
(
!
key
||
!
bn
)
if
(
!
key
||
!
bn
)
...
@@ -209,20 +196,13 @@ static int FIPS_rsa_test(int bad)
...
@@ -209,20 +196,13 @@ static int FIPS_rsa_test(int bad)
if
(
bad
)
if
(
bad
)
BN_add_word
(
key
->
n
,
1
);
BN_add_word
(
key
->
n
,
1
);
if
(
!
FIPS_digestinit
(
&
mctx
,
EVP_sha256
()))
if
(
!
FIPS_rsa_sign
(
key
,
input_ptext
,
sizeof
(
input_ptext
)
-
1
,
EVP_sha256
(),
goto
end
;
RSA_PKCS1_PADDING
,
0
,
NULL
,
buf
,
&
slen
))
if
(
!
FIPS_digestupdate
(
&
mctx
,
input_ptext
,
sizeof
(
input_ptext
)
-
1
))
goto
end
;
if
(
!
FIPS_rsa_sign_ctx
(
key
,
&
mctx
,
RSA_PKCS1_PADDING
,
0
,
NULL
,
buf
,
&
slen
))
goto
end
;
goto
end
;
if
(
!
FIPS_digestinit
(
&
mctx
,
EVP_sha256
()))
r
=
FIPS_rsa_verify
(
key
,
input_ptext
,
sizeof
(
input_ptext
)
-
1
,
EVP_sha256
(),
goto
end
;
RSA_PKCS1_PADDING
,
0
,
NULL
,
buf
,
slen
);
if
(
!
FIPS_digestupdate
(
&
mctx
,
input_ptext
,
sizeof
(
input_ptext
)
-
1
))
goto
end
;
r
=
FIPS_rsa_verify_ctx
(
key
,
&
mctx
,
RSA_PKCS1_PADDING
,
0
,
NULL
,
buf
,
slen
);
end:
end:
FIPS_md_ctx_cleanup
(
&
mctx
);
if
(
key
)
if
(
key
)
FIPS_rsa_free
(
key
);
FIPS_rsa_free
(
key
);
if
(
r
!=
1
)
if
(
r
!=
1
)
...
...
fips/rsa/fips_rsa_sign.c
浏览文件 @
f4324e51
...
@@ -442,4 +442,33 @@ err:
...
@@ -442,4 +442,33 @@ err:
return
(
ret
);
return
(
ret
);
}
}
int
FIPS_rsa_sign
(
RSA
*
rsa
,
const
unsigned
char
*
msg
,
int
msglen
,
const
EVP_MD
*
mhash
,
int
rsa_pad_mode
,
int
saltlen
,
const
EVP_MD
*
mgf1Hash
,
unsigned
char
*
sigret
,
unsigned
int
*
siglen
)
{
unsigned
int
md_len
,
rv
;
unsigned
char
md
[
EVP_MAX_MD_SIZE
];
FIPS_digest
(
msg
,
msglen
,
md
,
&
md_len
,
mhash
);
rv
=
FIPS_rsa_sign_digest
(
rsa
,
md
,
md_len
,
mhash
,
rsa_pad_mode
,
saltlen
,
mgf1Hash
,
sigret
,
siglen
);
OPENSSL_cleanse
(
md
,
md_len
);
return
rv
;
}
int
FIPS_rsa_verify
(
RSA
*
rsa
,
const
unsigned
char
*
msg
,
int
msglen
,
const
EVP_MD
*
mhash
,
int
rsa_pad_mode
,
int
saltlen
,
const
EVP_MD
*
mgf1Hash
,
const
unsigned
char
*
sigbuf
,
unsigned
int
siglen
)
{
unsigned
int
md_len
,
rv
;
unsigned
char
md
[
EVP_MAX_MD_SIZE
];
FIPS_digest
(
msg
,
msglen
,
md
,
&
md_len
,
mhash
);
rv
=
FIPS_rsa_verify_digest
(
rsa
,
md
,
md_len
,
mhash
,
rsa_pad_mode
,
saltlen
,
mgf1Hash
,
sigbuf
,
siglen
);
OPENSSL_cleanse
(
md
,
md_len
);
return
rv
;
}
#endif
#endif
fips/rsa/fips_rsastest.c
浏览文件 @
f4324e51
...
@@ -325,15 +325,12 @@ static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
...
@@ -325,15 +325,12 @@ static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
unsigned
char
*
sigbuf
=
NULL
;
unsigned
char
*
sigbuf
=
NULL
;
int
i
,
siglen
,
pad_mode
;
int
i
,
siglen
,
pad_mode
;
/* EVP_PKEY structure */
/* EVP_PKEY structure */
EVP_MD_CTX
ctx
;
siglen
=
RSA_size
(
rsa
);
siglen
=
RSA_size
(
rsa
);
sigbuf
=
OPENSSL_malloc
(
siglen
);
sigbuf
=
OPENSSL_malloc
(
siglen
);
if
(
!
sigbuf
)
if
(
!
sigbuf
)
goto
error
;
goto
error
;
FIPS_md_ctx_init
(
&
ctx
);
if
(
Saltlen
>=
0
)
if
(
Saltlen
>=
0
)
pad_mode
=
RSA_PKCS1_PSS_PADDING
;
pad_mode
=
RSA_PKCS1_PSS_PADDING
;
else
if
(
Saltlen
==
-
2
)
else
if
(
Saltlen
==
-
2
)
...
@@ -341,16 +338,10 @@ static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
...
@@ -341,16 +338,10 @@ static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
else
else
pad_mode
=
RSA_PKCS1_PADDING
;
pad_mode
=
RSA_PKCS1_PADDING
;
if
(
!
FIPS_digestinit
(
&
ctx
,
dgst
))
if
(
!
FIPS_rsa_sign
(
rsa
,
Msg
,
Msglen
,
dgst
,
pad_mode
,
Saltlen
,
NULL
,
goto
error
;
if
(
!
FIPS_digestupdate
(
&
ctx
,
Msg
,
Msglen
))
goto
error
;
if
(
!
FIPS_rsa_sign_ctx
(
rsa
,
&
ctx
,
pad_mode
,
Saltlen
,
NULL
,
sigbuf
,
(
unsigned
int
*
)
&
siglen
))
sigbuf
,
(
unsigned
int
*
)
&
siglen
))
goto
error
;
goto
error
;
FIPS_md_ctx_cleanup
(
&
ctx
);
fputs
(
"S = "
,
out
);
fputs
(
"S = "
,
out
);
for
(
i
=
0
;
i
<
siglen
;
i
++
)
for
(
i
=
0
;
i
<
siglen
;
i
++
)
...
...
fips/rsa/fips_rsavtest.c
浏览文件 @
f4324e51
...
@@ -323,7 +323,6 @@ static int rsa_printver(FILE *out,
...
@@ -323,7 +323,6 @@ static int rsa_printver(FILE *out,
int
ret
=
0
,
r
,
pad_mode
;
int
ret
=
0
,
r
,
pad_mode
;
/* Setup RSA and EVP_PKEY structures */
/* Setup RSA and EVP_PKEY structures */
RSA
*
rsa_pubkey
=
NULL
;
RSA
*
rsa_pubkey
=
NULL
;
EVP_MD_CTX
ctx
;
unsigned
char
*
buf
=
NULL
;
unsigned
char
*
buf
=
NULL
;
rsa_pubkey
=
FIPS_rsa_new
();
rsa_pubkey
=
FIPS_rsa_new
();
if
(
!
rsa_pubkey
)
if
(
!
rsa_pubkey
)
...
@@ -333,8 +332,6 @@ static int rsa_printver(FILE *out,
...
@@ -333,8 +332,6 @@ static int rsa_printver(FILE *out,
if
(
!
rsa_pubkey
->
n
||
!
rsa_pubkey
->
e
)
if
(
!
rsa_pubkey
->
n
||
!
rsa_pubkey
->
e
)
goto
error
;
goto
error
;
FIPS_md_ctx_init
(
&
ctx
);
if
(
Saltlen
>=
0
)
if
(
Saltlen
>=
0
)
pad_mode
=
RSA_PKCS1_PSS_PADDING
;
pad_mode
=
RSA_PKCS1_PSS_PADDING
;
else
if
(
Saltlen
==
-
2
)
else
if
(
Saltlen
==
-
2
)
...
@@ -342,19 +339,11 @@ static int rsa_printver(FILE *out,
...
@@ -342,19 +339,11 @@ static int rsa_printver(FILE *out,
else
else
pad_mode
=
RSA_PKCS1_PADDING
;
pad_mode
=
RSA_PKCS1_PADDING
;
if
(
!
FIPS_digestinit
(
&
ctx
,
dgst
))
goto
error
;
if
(
!
FIPS_digestupdate
(
&
ctx
,
Msg
,
Msglen
))
goto
error
;
no_err
=
1
;
no_err
=
1
;
r
=
FIPS_rsa_verify
_ctx
(
rsa_pubkey
,
&
ctx
,
r
=
FIPS_rsa_verify
(
rsa_pubkey
,
Msg
,
Msglen
,
dgst
,
pad_mode
,
Saltlen
,
NULL
,
S
,
Slen
);
pad_mode
,
Saltlen
,
NULL
,
S
,
Slen
);
no_err
=
0
;
no_err
=
0
;
FIPS_md_ctx_cleanup
(
&
ctx
);
if
(
r
<
0
)
if
(
r
<
0
)
goto
error
;
goto
error
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录