OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
31-Mar-2006 19:09:47
Branch: OpenSSL_0_9_7-stable Handle:
2006033118094501
Modified files: (Branch: OpenSSL_0_9_7-stable)
openssl/crypto/dsa dsa.h dsa_sign.c dsa_vrf.c
Log:
Flag to allow use of DSA_METHOD in FIPS mode.
Summary:
Revision Changes Path
1.26.2.7 +7 -0 openssl/crypto/dsa/dsa.h
1.10.2.7 +4 -2 openssl/crypto/dsa/dsa_sign.c
1.10.2.7 +2 -1 openssl/crypto/dsa/dsa_vrf.c
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/crypto/dsa/dsa.h
============================================================
================
$ cvs diff -u -r1.26.2.6 -r1.26.2.7 dsa.h
--- openssl/crypto/dsa/dsa.h 16 May 2005 01:26:04
-0000 1.26.2.6
+++ openssl/crypto/dsa/dsa.h 31 Mar 2006 17:09:45
-0000 1.26.2.7
-88,6 +88,13
* be used
for all exponents.
*/
+/* If this flag is set external DSA_METHOD callbacks are
allowed in FIPS mode
+ * it is then the applications responsibility to ensure
the external method
+ * is compliant.
+ */
+
+#define DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW 0x04
+
#if defined(OPENSSL_FIPS)
#define FIPS_DSA_SIZE_T int
#endif
.
patch -p0 <<' .'
Index: openssl/crypto/dsa/dsa_sign.c
============================================================
================
$ cvs diff -u -r1.10.2.6 -r1.10.2.7 dsa_sign.c
--- openssl/crypto/dsa/dsa_sign.c 30 Jul 2004 14:38:01
-0000 1.10.2.6
+++ openssl/crypto/dsa/dsa_sign.c 31 Mar 2006 17:09:46
-0000 1.10.2.7
-72,7 +72,8
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int
dlen, DSA *dsa)
{
#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !FIPS_dsa_check(dsa))
+ if(FIPS_mode() && !FIPS_dsa_check(dsa)
+ && !(dsa->flags &
DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW))
return NULL;
#endif
return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
-96,7 +97,8
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM
**kinvp, BIGNUM **rp)
{
#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !FIPS_dsa_check(dsa))
+ if(FIPS_mode() && !FIPS_dsa_check(dsa)
+ && !(dsa->flags &
DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW))
return 0;
#endif
return dsa->meth->dsa_sign_setup(dsa, ctx_in,
kinvp, rp);
.
patch -p0 <<' .'
Index: openssl/crypto/dsa/dsa_vrf.c
============================================================
================
$ cvs diff -u -r1.10.2.6 -r1.10.2.7 dsa_vrf.c
--- openssl/crypto/dsa/dsa_vrf.c 30 Jul 2004 14:38:01
-0000 1.10.2.6
+++ openssl/crypto/dsa/dsa_vrf.c 31 Mar 2006 17:09:46
-0000 1.10.2.7
-74,7 +74,8
DSA *dsa)
{
#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !FIPS_dsa_check(dsa))
+ if(FIPS_mode() && !FIPS_dsa_check(dsa)
+ && !(dsa->flags &
DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW))
return -1;
#endif
return dsa->meth->dsa_do_verify(dgst, dgst_len,
sig, dsa);
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|