To reduce FIPS dependencies don't load error strings and avoid use of ASN1

versions of DSA signature functions.
author: Dr. Stephen Henson <steve@openssl.org> 2007-01-23 17:51:08 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2007-01-23 17:51:08 +0000
commit: 1f1790d15b40f0a9300c81f5f16e8707054cc1d7 (patch)
tree: 6c333a39d62c338357010cd1faf6492babc8f1c8
parent: ab8c8aa40478f54504d9d4e821249d3764e82dcd (diff)
14 files changed, 62 insertions, 52 deletions
diff --git a/fips-1.0/dsa/fips_dsa_gen.c b/fips-1.0/dsa/fips_dsa_gen.c
index 8ed1de0195..cb5eae2ced 100644
--- a/fips-1.0/dsa/fips_dsa_gen.c
+++ b/fips-1.0/dsa/fips_dsa_gen.c
@@ -93,11 +93,18 @@
 static int fips_check_dsa(DSA *dsa)
     {
     static const unsigned char str1[]="12345678901234567890";
-    unsigned char sig[256];
-    unsigned int siglen;
+    int r = 0;
+    DSA_SIG *sig;
 
-    DSA_sign(0, str1, 20, sig, &siglen, dsa);
-    if(DSA_verify(0, str1, 20, sig, siglen, dsa) != 1)
+    sig = DSA_do_sign(str1, 20, dsa);
+
+    if (sig)
+	{
+    	r = DSA_do_verify(str1, 20, sig, dsa);
+	DSA_SIG_free(sig);
+	}
+
+    if(r != 1)
 	{
 	FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
 	return 0;
diff --git a/fips-1.0/dsa/fips_dsa_ossl.c b/fips-1.0/dsa/fips_dsa_ossl.c
index f8f3a39343..ea1cba2902 100644
--- a/fips-1.0/dsa/fips_dsa_ossl.c
+++ b/fips-1.0/dsa/fips_dsa_ossl.c
@@ -164,7 +164,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA
 		BN_sub(s,s,dsa->q);
 	if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
 
-	ret=DSA_SIG_new();
+	ret= DSA_SIG_new();
 	if (ret == NULL) goto err;
 	ret->r = r;
 	ret->s = s;
diff --git a/fips-1.0/dsa/fips_dsa_selftest.c b/fips-1.0/dsa/fips_dsa_selftest.c
index 795fda9587..91dcfc7326 100644
--- a/fips-1.0/dsa/fips_dsa_selftest.c
+++ b/fips-1.0/dsa/fips_dsa_selftest.c
@@ -112,8 +112,8 @@ int FIPS_selftest_dsa()
     int counter,i,j;
     unsigned char buf[256];
     unsigned long h;
-    unsigned char sig[256];
-    unsigned int siglen;
+
+    DSA_SIG *sig = NULL;
 
     dsa=DSA_generate_parameters(512,seed,20,&counter,&h,NULL,NULL);
 
@@ -156,8 +156,18 @@ int FIPS_selftest_dsa()
 	return 0;
 	}
     DSA_generate_key(dsa);
-    DSA_sign(0, str1, 20, sig, &siglen, dsa);
-    if(DSA_verify(0, str1, 20, sig, siglen, dsa) != 1)
+    sig = DSA_do_sign(str1, 20, dsa);
+
+    if (sig)
+	{
+    	i = DSA_do_verify(str1, 20, sig, dsa);
+	DSA_SIG_free(sig);
+	OPENSSL_free(sig);
+	}
+    else
+	i = 0;
+
+    if (i != 1)
 	{
 	FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
 	return 0;
diff --git a/fips-1.0/dsa/fips_dsatest.c b/fips-1.0/dsa/fips_dsatest.c
index 5970b201e9..f4cc37b19a 100644
--- a/fips-1.0/dsa/fips_dsatest.c
+++ b/fips-1.0/dsa/fips_dsatest.c
@@ -140,8 +140,7 @@ int main(int argc, char **argv)
 	int counter,ret=0,i,j;
 	unsigned char buf[256];
 	unsigned long h;
-	unsigned char sig[256];
-	unsigned int siglen;
+	DSA_SIG *sig = NULL;
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
@@ -157,7 +156,6 @@ int main(int argc, char **argv)
 	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
-	ERR_load_crypto_strings();
 	FIPS_set_prng_key(rnd_key1,rnd_key2);
 	RAND_seed(rnd_seed, sizeof rnd_seed);
 
@@ -174,7 +172,7 @@ int main(int argc, char **argv)
 	BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h);
 		
 	if (dsa == NULL) goto end;
-	DSA_print(bio_err,dsa,0);
+	/*DSA_print(bio_err,dsa,0);*/
 	if (counter != 105) 
 		{
 		BIO_printf(bio_err,"counter should be 105\n");
@@ -210,8 +208,17 @@ int main(int argc, char **argv)
 		goto end;
 		}
 	DSA_generate_key(dsa);
-	DSA_sign(0, str1, 20, sig, &siglen, dsa);
-	if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+
+	sig = DSA_do_sign(str1, 20, dsa);
+
+	if (sig)
+		{	
+		i = DSA_do_verify(str1, 20, sig, dsa);
+		DSA_SIG_free(sig);
+		}
+	else
+		i = 0;
+	if (i == 1)
 		ret=1;
 end:
 	if (!ret)
diff --git a/fips-1.0/dsa/fips_dssvs.c b/fips-1.0/dsa/fips_dssvs.c
index fe4e54f287..f234906ebd 100644
--- a/fips-1.0/dsa/fips_dssvs.c
+++ b/fips-1.0/dsa/fips_dssvs.c
@@ -301,7 +301,10 @@ void sigver()
     char *keyword, *value;
     int nmod=0;
     unsigned char hash[20];
-    DSA_SIG *sig=DSA_SIG_new();
+    DSA_SIG sg, *sig = &sg;
+
+    sig->r = NULL;
+    sig->s = NULL;
 
     while(fgets(buf,sizeof buf,stdin) != NULL)
 	{
@@ -367,7 +370,6 @@ int main(int argc,char **argv)
 	}
     if(!FIPS_mode_set(1))
 	{
-	ERR_load_crypto_strings();
 	ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
 	exit(1);
 	}
diff --git a/fips-1.0/fips.c b/fips-1.0/fips.c
index bb833bfa2c..d2d35be528 100644
--- a/fips-1.0/fips.c
+++ b/fips-1.0/fips.c
@@ -135,7 +135,6 @@ int FIPS_selftest_failed(void)
 
 int FIPS_selftest()
     {
-    ERR_load_crypto_strings();
 
     return FIPS_selftest_sha1()
 	&& FIPS_selftest_hmac()
diff --git a/fips-1.0/fips_test_suite.c b/fips-1.0/fips_test_suite.c
index 53bf1ab5b6..bd02133b6e 100644
--- a/fips-1.0/fips_test_suite.c
+++ b/fips-1.0/fips_test_suite.c
@@ -85,8 +85,8 @@ static int FIPS_dsa_test()
     {
     DSA *dsa = NULL;
     unsigned char dgst[] = "etaonrishdlc";
-    unsigned char sig[256];
-    unsigned int siglen;
+    DSA_SIG *sig = NULL;
+    int r = 0;
 
     ERR_clear_error();
     dsa = DSA_generate_parameters(512,NULL,0,NULL,NULL,NULL,NULL);
@@ -94,9 +94,13 @@ static int FIPS_dsa_test()
 	return 0;
     if (!DSA_generate_key(dsa))
 	return 0;
-    if ( DSA_sign(0,dgst,sizeof(dgst) - 1,sig,&siglen,dsa) != 1 )
-	return 0;
-    if ( DSA_verify(0,dgst,sizeof(dgst) - 1,sig,siglen,dsa) != 1 )
+    sig = DSA_do_sign(dgst,sizeof(dgst) - 1,dsa);
+    if (sig)
+	{
+    	r = DSA_do_verify(dgst,sizeof(dgst) - 1,sig,dsa);
+	DSA_SIG_free(sig);
+	}
+    if (r != 1)
 	return 0;
     DSA_free(dsa);
     return 1;
@@ -380,7 +384,6 @@ int main(int argc,char **argv)
         }
         if (!FIPS_mode_set(1))
    	    {
-	    ERR_load_crypto_strings();
 	    ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
             printf("Power-up self test failed\n");
 	    exit(1);
@@ -401,7 +404,6 @@ int main(int argc,char **argv)
     printf("2. Automatic power-up self test...");
     if (!FIPS_mode_set(1))
 	{
-	ERR_load_crypto_strings();
 	ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
         printf(Fail("FAILED!\n"));
 	exit(1);
diff --git a/fips-1.0/hmac/fips_hmactest.c b/fips-1.0/hmac/fips_hmactest.c
index e26e33ee3f..267db73b6a 100644
--- a/fips-1.0/hmac/fips_hmactest.c
+++ b/fips-1.0/hmac/fips_hmactest.c
@@ -86,8 +86,6 @@ int main(int argc, char **argv)
 
 	int ret = 1;
 
-	ERR_load_crypto_strings();
-
 	err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
 	if (!err)
diff --git a/fips-1.0/rand/fips_randtest.c b/fips-1.0/rand/fips_randtest.c
index 6165944e56..f7e4d83634 100644
--- a/fips-1.0/rand/fips_randtest.c
+++ b/fips-1.0/rand/fips_randtest.c
@@ -217,7 +217,6 @@ int main()
 	/*double d; */
 	long d;
 
-	ERR_load_crypto_strings();
 	RAND_set_rand_method(FIPS_rand_method());
 
 	run_test(&t1);
diff --git a/fips-1.0/rand/fips_rngvs.c b/fips-1.0/rand/fips_rngvs.c
index fdb38a5c82..0a56b828f2 100644
--- a/fips-1.0/rand/fips_rngvs.c
+++ b/fips-1.0/rand/fips_rngvs.c
@@ -254,7 +254,6 @@ int main(int argc,char **argv)
 	}
     if(!FIPS_mode_set(1))
 	{
-	ERR_load_crypto_strings();
 	ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
 	exit(1);
 	}
diff --git a/fips-1.0/rsa/fips_rsagtest.c b/fips-1.0/rsa/fips_rsagtest.c
index fdeb05c98b..3567b8c30f 100644
--- a/fips-1.0/rsa/fips_rsagtest.c
+++ b/fips-1.0/rsa/fips_rsagtest.c
@@ -93,7 +93,6 @@ int main(int argc, char **argv)
 	BIO *in = NULL, *out = NULL, *err = NULL;
 
 	int ret = 1;
-	ERR_load_crypto_strings();
 
 	err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
diff --git a/fips-1.0/rsa/fips_rsastest.c b/fips-1.0/rsa/fips_rsastest.c
index c002065b11..9152311bda 100644
--- a/fips-1.0/rsa/fips_rsastest.c
+++ b/fips-1.0/rsa/fips_rsastest.c
@@ -84,7 +84,6 @@ int main(int argc, char **argv)
 	BIO *in = NULL, *out = NULL, *err = NULL;
 
 	int ret = 1, Saltlen = -1;
-	ERR_load_crypto_strings();
 
 	err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
@@ -326,15 +325,12 @@ static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,
 	unsigned char *sigbuf = NULL;
 	int i, siglen;
 	/* EVP_PKEY structure */
-	EVP_PKEY *key = NULL;
+	EVP_PKEY pk;
 	EVP_MD_CTX ctx;
-	key = EVP_PKEY_new();
-	if (!key)
-		goto error;
-	if (!EVP_PKEY_set1_RSA(key, rsa))
-		goto error;
+	pk.type = EVP_PKEY_RSA;
+	pk.pkey.rsa = rsa;
 
-	siglen = EVP_PKEY_size(key);
+	siglen = RSA_size(rsa);
 	sigbuf = OPENSSL_malloc(siglen);
 	if (!sigbuf)
 		goto error;
@@ -378,7 +374,7 @@ static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,
 			goto error;
 		if (!EVP_SignUpdate(&ctx, Msg, Msglen))
 			goto error;
-		if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, key))
+		if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, &pk))
 			goto error;
 		}
 
@@ -394,8 +390,6 @@ static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,
 	ret = 1;
 
 	error:
-	if (key)
-		EVP_PKEY_free(key);
 
 	return ret;
 	}
diff --git a/fips-1.0/rsa/fips_rsavtest.c b/fips-1.0/rsa/fips_rsavtest.c
index 8be7e989d7..f75aaabf03 100644
--- a/fips-1.0/rsa/fips_rsavtest.c
+++ b/fips-1.0/rsa/fips_rsavtest.c
@@ -88,7 +88,6 @@ int main(int argc, char **argv)
 
 	int ret = 1;
 	int Saltlen = -1;
-	ERR_load_crypto_strings();
 
 	err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
@@ -330,19 +329,18 @@ static int rsa_printver(BIO *err, BIO *out,
 	int ret = 0, r;
 	/* Setup RSA and EVP_PKEY structures */
 	RSA *rsa_pubkey = NULL;
-	EVP_PKEY *pubkey = NULL;
+	EVP_PKEY pk;
 	EVP_MD_CTX ctx;
 	unsigned char *buf = NULL;
 	rsa_pubkey = RSA_new();
-	pubkey = EVP_PKEY_new();
-	if (!rsa_pubkey || !pubkey)
+	if (!rsa_pubkey)
 		goto error;
 	rsa_pubkey->n = BN_dup(n);
 	rsa_pubkey->e = BN_dup(e);
 	if (!rsa_pubkey->n || !rsa_pubkey->e)
 		goto error;
-	if (!EVP_PKEY_set1_RSA(pubkey, rsa_pubkey))
-		goto error;
+	pk.type = EVP_PKEY_RSA;
+	pk.pkey.rsa = rsa_pubkey;
 
 	EVP_MD_CTX_init(&ctx);
 
@@ -395,7 +393,7 @@ static int rsa_printver(BIO *err, BIO *out,
 		if (!EVP_VerifyUpdate(&ctx, Msg, Msglen))
 			goto error;
 
-		r = EVP_VerifyFinal(&ctx, S, Slen, pubkey);
+		r = EVP_VerifyFinal(&ctx, S, Slen, &pk);
 
 		}
 
@@ -415,8 +413,6 @@ static int rsa_printver(BIO *err, BIO *out,
 	error:
 	if (rsa_pubkey)
 		RSA_free(rsa_pubkey);
-	if (pubkey)
-		EVP_PKEY_free(pubkey);
 	if (buf)
 		OPENSSL_free(buf);
 
diff --git a/fips-1.0/sha/fips_shatest.c b/fips-1.0/sha/fips_shatest.c
index 314a4b0da7..9ef0fa9e43 100644
--- a/fips-1.0/sha/fips_shatest.c
+++ b/fips-1.0/sha/fips_shatest.c
@@ -86,8 +86,6 @@ int main(int argc, char **argv)
 
 	int ret = 1;
 
-	ERR_load_crypto_strings();
-
 	err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
 	if (!err)
author	Dr. Stephen Henson <steve@openssl.org>	2007-01-23 17:51:08 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2007-01-23 17:51:08 +0000
commit	1f1790d15b40f0a9300c81f5f16e8707054cc1d7 (patch)
tree	6c333a39d62c338357010cd1faf6492babc8f1c8
parent	ab8c8aa40478f54504d9d4e821249d3764e82dcd (diff)