summaryrefslogtreecommitdiffstats
path: root/crypto/dsa/dsa_ossl.c
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2011-02-01 12:52:01 +0000
committerDr. Stephen Henson <steve@openssl.org>2011-02-01 12:52:01 +0000
commit7f64c26588cabfa17bac0093284054445b44cddb (patch)
tree5b47eab3f180d59a3756954440e5cb96bf883474 /crypto/dsa/dsa_ossl.c
parent3dd9b31dc4fc935543d4142dfdd9a88e3ef6dcd8 (diff)
Since FIPS 186-3 specifies we use the leftmost bits of the digest
we shouldn't reject digest lengths larger than SHA256: the FIPS algorithm tests include SHA384 and SHA512 tests.
Diffstat (limited to 'crypto/dsa/dsa_ossl.c')
-rw-r--r--crypto/dsa/dsa_ossl.c18
1 files changed, 0 insertions, 18 deletions
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 33ac3e130e..fd757082f9 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -166,15 +166,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
s=BN_new();
if (s == NULL) goto err;
-
- /* reject a excessive digest length (currently at most
- * dsa-with-SHA256 is supported) */
- if (dlen > SHA256_DIGEST_LENGTH)
- {
- reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
- goto err;
- }
-
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
redo:
@@ -370,15 +361,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
return -1;
}
-
- /* reject a excessive digest length (currently at most
- * dsa-with-SHA256 is supported) */
- if (dgst_len > SHA256_DIGEST_LENGTH)
- {
- DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- return -1;
- }
-
BN_init(&u1);
BN_init(&u2);
BN_init(&t1);