OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
14-Aug-2007 15:20:42
Branch: OpenSSL-fips-0_9_8-stable Handle:
2007081414203408
Modified files: (Branch:
OpenSSL-fips-0_9_8-stable)
openssl/fips-1.0 fips.c fips.h
openssl/fips-1.0/dh fips_dh_gen.c fips_dh_key.c
openssl/fips-1.0/dsa fips_dsa_gen.c fips_dsa_key.c
fips_dsa_ossl.c
openssl/fips-1.0/hmac fips_hmac_selftest.c
openssl/fips-1.0/rsa fips_rsa_eay.c fips_rsa_gen.c
fips_rsa_sign.c
fips_rsa_x931g.c
openssl/fips-1.0/sha fips_sha1_selftest.c
Log:
More function code correction.
Summary:
Revision Changes Path
1.1.4.4 +2 -2
openssl/fips-1.0/dh/fips_dh_gen.c
1.1.4.7 +3 -3
openssl/fips-1.0/dh/fips_dh_key.c
1.1.4.5 +2 -2
openssl/fips-1.0/dsa/fips_dsa_gen.c
1.1.2.4 +1 -1
openssl/fips-1.0/dsa/fips_dsa_key.c
1.1.4.8 +1 -1
openssl/fips-1.0/dsa/fips_dsa_ossl.c
1.1.4.7 +5 -14 openssl/fips-1.0/fips.c
1.1.4.7 +23 -24 openssl/fips-1.0/fips.h
1.1.4.3 +1 -1
openssl/fips-1.0/hmac/fips_hmac_selftest.c
1.1.4.7 +6 -6
openssl/fips-1.0/rsa/fips_rsa_eay.c
1.1.4.6 +2 -2
openssl/fips-1.0/rsa/fips_rsa_gen.c
1.1.4.8 +12 -12
openssl/fips-1.0/rsa/fips_rsa_sign.c
1.1.4.3 +4 -4
openssl/fips-1.0/rsa/fips_rsa_x931g.c
1.1.4.4 +1 -1
openssl/fips-1.0/sha/fips_sha1_selftest.c
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/fips-1.0/dh/fips_dh_gen.c
============================================================
================
$ cvs diff -u -r1.1.4.3 -r1.1.4.4 fips_dh_gen.c
--- openssl/fips-1.0/dh/fips_dh_gen.c 13 Aug 2007 18:02:50
-0000 1.1.4.3
+++ openssl/fips-1.0/dh/fips_dh_gen.c 14 Aug 2007 13:20:34
-0000 1.1.4.4
-111,13 +111,13
if(FIPS_selftest_failed())
{
- FIPSerr(FIPS_F_DH_GENERATE_PARAMETERS,FIPS_R_FIPS_SELFTES
T_FAILED);
+ FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS,FIPS_R_FIPS_SELFTEST_
FAILED);
return 0;
}
if (FIPS_mode() && (prime_len <
OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
{
- DHerr(DH_F_GENERATE_PARAMETERS,
DH_R_KEY_SIZE_TOO_SMALL);
+ DHerr(DH_F_DH_BUILTIN_GENPARAMS,
DH_R_KEY_SIZE_TOO_SMALL);
goto err;
}
.
patch -p0 <<' .'
Index: openssl/fips-1.0/dh/fips_dh_key.c
============================================================
================
$ cvs diff -u -r1.1.4.6 -r1.1.4.7 fips_dh_key.c
--- openssl/fips-1.0/dh/fips_dh_key.c 13 Aug 2007 18:02:50
-0000 1.1.4.6
+++ openssl/fips-1.0/dh/fips_dh_key.c 14 Aug 2007 13:20:34
-0000 1.1.4.7
-169,7 +169,7
ok=1;
err:
if (ok != 1)
- DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB);
+ DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB);
if ((pub_key != NULL) && (dh->pub_key ==
NULL)) BN_free(pub_key);
if ((priv_key != NULL) && (dh->priv_key ==
NULL)) BN_free(priv_key);
-203,7 +203,7
if (dh->priv_key == NULL)
{
- DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
+ DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
goto err;
}
-223,7 +223,7
if (!dh->meth->bn_mod_exp(dh, tmp, pub_key,
dh->priv_key,dh->p,ctx,mont))
{
- DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
+ DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
goto err;
}
.
patch -p0 <<' .'
Index: openssl/fips-1.0/dsa/fips_dsa_gen.c
============================================================
================
$ cvs diff -u -r1.1.4.4 -r1.1.4.5 fips_dsa_gen.c
--- openssl/fips-1.0/dsa/fips_dsa_gen.c 13 Aug 2007
18:02:50 -0000 1.1.4.4
+++ openssl/fips-1.0/dsa/fips_dsa_gen.c 14 Aug 2007
13:20:35 -0000 1.1.4.5
-119,14 +119,14
if(FIPS_selftest_failed())
{
- FIPSerr(FIPS_F_DSA_GENERATE_PARAMETERS,
+ FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN,
FIPS_R_FIPS_SELFTEST_FAILED);
goto err;
}
if (FIPS_mode() && (bits <
OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
{
- DSAerr(DSA_F_DSA_GENERATE_PARAMETERS,
DSA_R_KEY_SIZE_TOO_SMALL);
+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN,
DSA_R_KEY_SIZE_TOO_SMALL);
goto err;
}
.
patch -p0 <<' .'
Index: openssl/fips-1.0/dsa/fips_dsa_key.c
============================================================
================
$ cvs diff -u -r1.1.2.3 -r1.1.2.4 fips_dsa_key.c
--- openssl/fips-1.0/dsa/fips_dsa_key.c 6 Apr 2007
00:30:22 -0000 1.1.2.3
+++ openssl/fips-1.0/dsa/fips_dsa_key.c 14 Aug 2007
13:20:35 -0000 1.1.2.4
-80,7 +80,7
if (!fips_pkey_signature_test(&pk, tbs, -1,
NULL, 0, EVP_dss1(), 0, NULL))
{
- FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED
);
+ FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED
);
return 0;
}
return 1;
.
patch -p0 <<' .'
Index: openssl/fips-1.0/dsa/fips_dsa_ossl.c
============================================================
================
$ cvs diff -u -r1.1.4.7 -r1.1.4.8 fips_dsa_ossl.c
--- openssl/fips-1.0/dsa/fips_dsa_ossl.c 13 Aug 2007
18:02:51 -0000 1.1.4.7
+++ openssl/fips-1.0/dsa/fips_dsa_ossl.c 14 Aug 2007
13:20:35 -0000 1.1.4.8
-134,7 +134,7
if (FIPS_mode() && (BN_num_bits(dsa->p) <
OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
{
- DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);
+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
return NULL;
}
.
patch -p0 <<' .'
Index: openssl/fips-1.0/fips.c
============================================================
================
$ cvs diff -u -r1.1.4.6 -r1.1.4.7 fips.c
--- openssl/fips-1.0/fips.c 2 Aug 2007 20:42:33
-0000 1.1.4.6
+++ openssl/fips-1.0/fips.c 14 Aug 2007 13:20:34
-0000 1.1.4.7
-208,7 +208,7
if (FIPS_text_start()==NULL)
{
- FIPSerr(FIPS_F_FIPS_CHECK_FINGERPRINT,FIPS_R_UNSUPPORTED_P
LATFORM);
+ FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_UNSUPP
ORTED_PLATFORM);
return 0;
}
-218,11 +218,11
memcmp(FIPS_signature,sig,sizeof(FIPS_signature)))
{
if (FIPS_signature>=FIPS_rodata_start &&
FIPS_signature<FIPS_rodata_end)
-
FIPSerr(FIPS_F_FIPS_CHECK_FINGERPRINT,FIPS_R_FINGERPRINT_DOE
S_NOT_MATCH_SEGMENT_ALIASING);
+
FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPR
INT_DOES_NOT_MATCH_SEGMENT_ALIASING);
else if (OPENSSL_NONPIC_relocated)
-
FIPSerr(FIPS_F_FIPS_CHECK_FINGERPRINT,FIPS_R_FINGERPRINT_DOE
S_NOT_MATCH_NONPIC_RELOCATED);
+
FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPR
INT_DOES_NOT_MATCH_NONPIC_RELOCATED);
else
-
FIPSerr(FIPS_F_FIPS_CHECK_FINGERPRINT,FIPS_R_FINGERPRINT_DOE
S_NOT_MATCH);
+
FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPR
INT_DOES_NOT_MATCH);
return 0;
}
-324,15 +324,6
return ret;
}
-#if 0
-/* here just to cause error codes to exist */
-static void dummy()
- {
- FIPSerr(FIPS_F_HASH_FINAL,FIPS_F_NON_FIPS_METHOD);
-
FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_FIPS_SELFTEST_FAILED);
- }
-#endif
-
void fips_w_lock(void) {
CRYPTO_w_lock(CRYPTO_LOCK_FIPS); }
void fips_w_unlock(void) {
CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); }
void fips_r_lock(void) {
CRYPTO_r_lock(CRYPTO_LOCK_FIPS); }
-431,7 +422,7
sig = OPENSSL_malloc(RSA_size(pkey->pkey.rsa));
if (!sig)
{
- FIPSerr(FIPS_F_FIPS_CHECK_PK_SIG,ERR_R_MALLOC_FAILURE);
+ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,ERR_R_MALLOC_FAI
LURE);
return 0;
}
}
.
patch -p0 <<' .'
Index: openssl/fips-1.0/fips.h
============================================================
================
$ cvs diff -u -r1.1.4.6 -r1.1.4.7 fips.h
--- openssl/fips-1.0/fips.h 1 Jul 2007 23:19:14
-0000 1.1.4.6
+++ openssl/fips-1.0/fips.h 14 Aug 2007 13:20:34
-0000 1.1.4.7
-103,30 +103,29
/* Error codes for the FIPS functions. */
/* Function codes. */
-#define FIPS_F_DH_GENERATE_PARAMETERS 117
-#define FIPS_F_DSA_DO_SIGN 111
-#define FIPS_F_DSA_DO_VERIFY 112
-#define FIPS_F_DSA_GENERATE_PARAMETERS 110
-#define FIPS_F_FIPS_CHECK_DSA 116
-#define FIPS_F_FIPS_CHECK_DSO 120
-#define FIPS_F_FIPS_CHECK_EXE 106
-#define FIPS_F_FIPS_CHECK_FINGERPRINT 121
-#define FIPS_F_FIPS_CHECK_PK_SIG 122
-#define FIPS_F_FIPS_CHECK_RSA 115
-#define FIPS_F_FIPS_DSA_CHECK 102
-#define FIPS_F_FIPS_MODE_SET 105
-#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 123
-#define FIPS_F_FIPS_SELFTEST_AES 104
-#define FIPS_F_FIPS_SELFTEST_DES 107
-#define FIPS_F_FIPS_SELFTEST_DSA 109
-#define FIPS_F_FIPS_SELFTEST_RNG 118
-#define FIPS_F_FIPS_SELFTEST_RSA 108
-#define FIPS_F_FIPS_SELFTEST_SHA 103
-#define FIPS_F_HASH_FINAL 100
-#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 114
-#define FIPS_F_RSA_GENERATE_KEY 113
-#define FIPS_F_RSA_X931_GENERATE_KEY 119
-#define FIPS_F_SSLEAY_RAND_BYTES 101
+#define FIPS_F_DH_BUILTIN_GENPARAMS 100
+#define FIPS_F_DSA_BUILTIN_PARAMGEN 101
+#define FIPS_F_DSA_DO_SIGN 102
+#define FIPS_F_DSA_DO_VERIFY 103
+#define FIPS_F_FIPS_CHECK_DSA 104
+#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105
+#define FIPS_F_FIPS_CHECK_RSA 106
+#define FIPS_F_FIPS_DSA_CHECK 107
+#define FIPS_F_FIPS_MODE_SET 108
+#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109
+#define FIPS_F_FIPS_SELFTEST_AES 110
+#define FIPS_F_FIPS_SELFTEST_DES 111
+#define FIPS_F_FIPS_SELFTEST_DSA 112
+#define FIPS_F_FIPS_SELFTEST_HMAC 113
+#define FIPS_F_FIPS_SELFTEST_RNG 114
+#define FIPS_F_FIPS_SELFTEST_SHA1 115
+#define FIPS_F_RSA_BUILTIN_KEYGEN 116
+#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 117
+#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 118
+#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 119
+#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 120
+#define FIPS_F_RSA_X931_GENERATE_KEY_EX 121
+#define FIPS_F_SSLEAY_RAND_BYTES 122
/* Reason codes. */
#define FIPS_R_CANNOT_READ_EXE 103
.
patch -p0 <<' .'
Index: openssl/fips-1.0/hmac/fips_hmac_selftest.c
============================================================
================
$ cvs diff -u -r1.1.4.2 -r1.1.4.3 fips_hmac_selftest.c
--- openssl/fips-1.0/hmac/fips_hmac_selftest.c 22 Mar 2007
00:39:00 -0000 1.1.4.2
+++ openssl/fips-1.0/hmac/fips_hmac_selftest.c 14 Aug 2007
13:20:36 -0000 1.1.4.3
-126,7 +126,7
if(memcmp(out,t->kaval,outlen))
{
-
FIPSerr(FIPS_F_FIPS_SELFTEST_SHA,FIPS_R_SELFTEST_FAILED);
+
FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
return 0;
}
}
.
patch -p0 <<' .'
Index: openssl/fips-1.0/rsa/fips_rsa_eay.c
============================================================
================
$ cvs diff -u -r1.1.4.6 -r1.1.4.7 fips_rsa_eay.c
--- openssl/fips-1.0/rsa/fips_rsa_eay.c 13 Aug 2007
18:02:52 -0000 1.1.4.6
+++ openssl/fips-1.0/rsa/fips_rsa_eay.c 14 Aug 2007
13:20:41 -0000 1.1.4.7
-376,13 +376,13
if(FIPS_selftest_failed())
{
- FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTES
T_FAILED);
+ FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT,FIPS_R_FIPS_SELFTE
ST_FAILED);
goto err;
}
if (FIPS_mode() && (BN_num_bits(rsa->n) <
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
{
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
RSA_R_KEY_SIZE_TOO_SMALL);
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
RSA_R_KEY_SIZE_TOO_SMALL);
return -1;
}
-519,13 +519,13
if(FIPS_selftest_failed())
{
- FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTES
T_FAILED);
+ FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT,FIPS_R_FIPS_SELFTE
ST_FAILED);
goto err;
}
if (FIPS_mode() && (BN_num_bits(rsa->n) <
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
{
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
RSA_R_KEY_SIZE_TOO_SMALL);
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
RSA_R_KEY_SIZE_TOO_SMALL);
return -1;
}
-658,13 +658,13
if(FIPS_selftest_failed())
{
- FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTES
T_FAILED);
+ FIPSerr(FIPS_F_RSA_EAY_PUBLIC_DECRYPT,FIPS_R_FIPS_SELFTES
T_FAILED);
goto err;
}
if (FIPS_mode() && (BN_num_bits(rsa->n) <
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
{
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
RSA_R_KEY_SIZE_TOO_SMALL);
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
RSA_R_KEY_SIZE_TOO_SMALL);
return -1;
}
.
patch -p0 <<' .'
Index: openssl/fips-1.0/rsa/fips_rsa_gen.c
============================================================
================
$ cvs diff -u -r1.1.4.5 -r1.1.4.6 fips_rsa_gen.c
--- openssl/fips-1.0/rsa/fips_rsa_gen.c 13 Aug 2007
18:02:52 -0000 1.1.4.5
+++ openssl/fips-1.0/rsa/fips_rsa_gen.c 14 Aug 2007
13:20:41 -0000 1.1.4.6
-118,13 +118,13
if(FIPS_selftest_failed())
{
-
FIPSerr(FIPS_F_RSA_GENERATE_KEY,FIPS_R_FIPS_SELFTEST_FAILED)
;
+
FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILE
D);
return 0;
}
if (FIPS_mode() && (bits <
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
{
-
FIPSerr(FIPS_F_RSA_GENERATE_KEY,FIPS_R_KEY_TOO_SHORT);
+
FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
return 0;
}
.
patch -p0 <<' .'
Index: openssl/fips-1.0/rsa/fips_rsa_sign.c
============================================================
================
$ cvs diff -u -r1.1.4.7 -r1.1.4.8 fips_rsa_sign.c
--- openssl/fips-1.0/rsa/fips_rsa_sign.c 15 Jul 2007
16:10:46 -0000 1.1.4.7
+++ openssl/fips-1.0/rsa/fips_rsa_sign.c 14 Aug 2007
13:20:41 -0000 1.1.4.8
-218,7 +218,7
hash_id =
RSA_X931_hash_id(M_EVP_MD_CTX_type(sv->mctx));
if (hash_id == -1)
{
- RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+ RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE)
;
return 0;
}
tmpdinfo[m_len] = (unsigned char)hash_id;
-232,7 +232,7
if (!der)
{
- RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+ RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE)
;
return 0;
}
memcpy(tmpdinfo, der, dlen);
-255,7 +255,7
saltlen = -2;
if (!sbuf)
{
- RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
+ RSAerr(RSA_F_FIPS_RSA_SIGN,ERR_R_MALLOC_FAILURE);
goto psserr;
}
if (!RSA_padding_add_PKCS1_PSS(rsa, sbuf, md,
-277,7 +277,7
j=RSA_size(rsa);
if (i > (j-RSA_PKCS1_PADDING_SIZE))
{
- RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+ RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_K
EY);
goto done;
}
/* NB: call underlying method directly to avoid FIPS
blocking */
-309,7 +309,7
if (siglen != (unsigned int)RSA_size(sv->key))
{
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
+ RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH
);
return(0);
}
-325,7 +325,7
s= OPENSSL_malloc((unsigned int)siglen);
if (s == NULL)
{
- RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
+ RSAerr(RSA_F_FIPS_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
goto err;
}
if (pad_mode == EVP_MD_CTX_FLAG_PAD_X931)
-345,23 +345,23
int hash_id;
if (i != (int)(diglen + 1))
{
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+ RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
goto err;
}
hash_id =
RSA_X931_hash_id(M_EVP_MD_CTX_type(sv->mctx));
if (hash_id == -1)
{
- RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+ RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_UNKNOWN_ALGORITHM_TYP
E);
goto err;
}
if (s[diglen] != (unsigned char)hash_id)
{
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+ RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
goto err;
}
if (memcmp(s, dig, diglen))
{
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+ RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
goto err;
}
ret = 1;
-373,7 +373,7
if (!der)
{
- RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+ RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_UNKNOWN_ALGORITHM_TYP
E);
return(0);
}
-388,7 +388,7
if ((i != (int)(dlen + diglen)) || memcmp(der, s,
dlen)
|| memcmp(s + dlen, dig, diglen))
{
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+ RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
goto err;
}
ret = 1;
.
patch -p0 <<' .'
Index: openssl/fips-1.0/rsa/fips_rsa_x931g.c
============================================================
================
$ cvs diff -u -r1.1.4.2 -r1.1.4.3 fips_rsa_x931g.c
--- openssl/fips-1.0/rsa/fips_rsa_x931g.c 22 Mar 2007
00:39:05 -0000 1.1.4.2
+++ openssl/fips-1.0/rsa/fips_rsa_x931g.c 14 Aug 2007
13:20:41 -0000 1.1.4.3
-207,21 +207,21
BIGNUM *Xp = NULL, *Xq = NULL;
BN_CTX *ctx = NULL;
- if (bits < 1024)
+ if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
{
-
FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY,FIPS_R_KEY_TOO_SHORT);
+
FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT
);
return 0;
}
if (bits & 0xff)
{
-
FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY,FIPS_R_INVALID_KEY_LENG
TH);
+
FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_INVALID_KEY_L
ENGTH);
return 0;
}
if(FIPS_selftest_failed())
{
-
FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY,FIPS_R_FIPS_SELFTEST_FA
ILED);
+
FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST
_FAILED);
return 0;
}
.
patch -p0 <<' .'
Index: openssl/fips-1.0/sha/fips_sha1_selftest.c
============================================================
================
$ cvs diff -u -r1.1.4.3 -r1.1.4.4 fips_sha1_selftest.c
--- openssl/fips-1.0/sha/fips_sha1_selftest.c 10 Jul 2007
21:24:32 -0000 1.1.4.3
+++ openssl/fips-1.0/sha/fips_sha1_selftest.c 14 Aug 2007
13:20:42 -0000 1.1.4.4
-87,7 +87,7
EVP_Digest(test[n],strlen(test[n]),md, NULL, EVP_sha1(),
NULL);
if(memcmp(md,ret[n],sizeof md))
{
-
FIPSerr(FIPS_F_FIPS_SELFTEST_SHA,FIPS_R_SELFTEST_FAILED);
+
FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED);
return 0;
}
}
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|
