diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-02-01 12:52:01 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-02-01 12:52:01 +0000 |
commit | 7f64c26588cabfa17bac0093284054445b44cddb (patch) | |
tree | 5b47eab3f180d59a3756954440e5cb96bf883474 /fips | |
parent | 3dd9b31dc4fc935543d4142dfdd9a88e3ef6dcd8 (diff) |
Since FIPS 186-3 specifies we use the leftmost bits of the digest
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
Diffstat (limited to 'fips')
-rw-r--r-- | fips/dsa/fips_dssvs.c | 28 |
1 files changed, 12 insertions, 16 deletions
diff --git a/fips/dsa/fips_dssvs.c b/fips/dsa/fips_dssvs.c index 5e9d83900c..156ad05e59 100644 --- a/fips/dsa/fips_dssvs.c +++ b/fips/dsa/fips_dssvs.c @@ -494,7 +494,9 @@ static void sigver() char lbuf[1024]; unsigned char msg[1024]; char *keyword, *value; - int nmod=0, n=0; + int n=0; + int dsa2, L, N; + const EVP_MD *md = NULL; DSA_SIG sg, *sig = &sg; sig->r = NULL; @@ -507,27 +509,24 @@ static void sigver() fputs(buf,stdout); continue; } + fputs(buf,stdout); if(!strcmp(keyword,"[mod")) { - nmod=atoi(value); - if(dsa) + if (!parse_mod(value, &dsa2, &L, &N, &md)) + { + fprintf(stderr, "Mod Parse Error\n"); + exit (1); + } + if (dsa) FIPS_dsa_free(dsa); - dsa=FIPS_dsa_new(); + dsa = FIPS_dsa_new(); } else if(!strcmp(keyword,"P")) dsa->p=hex2bn(value); else if(!strcmp(keyword,"Q")) dsa->q=hex2bn(value); else if(!strcmp(keyword,"G")) - { dsa->g=hex2bn(value); - - printf("[mod = %d]\n\n",nmod); - pbn("P",dsa->p); - pbn("Q",dsa->q); - pbn("G",dsa->g); - putc('\n',stdout); - } else if(!strcmp(keyword,"Msg")) { n=hex2bin(value,msg); @@ -544,10 +543,7 @@ static void sigver() EVP_MD_CTX_init(&mctx); sig->s=hex2bn(value); - pbn("Y",dsa->pub_key); - pbn("R",sig->r); - pbn("S",sig->s); - EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL); + EVP_DigestInit_ex(&mctx, md, NULL); EVP_DigestUpdate(&mctx, msg, n); no_err = 1; r = FIPS_dsa_verify_ctx(dsa, &mctx, sig); |