← Back to branch summary

~ubuntu-branches/ubuntu/lucid/openssl/lucid-proposed

« back to all changes in this revision

Viewing changes to crypto/rsa/rsa_sign.c

  • Committer: Bazaar Package Importer
  • Author(s): Kurt Roeckx
  • Date: 2009-06-13 18:15:46 UTC
  • mto: (11.1.5 squeeze)
  • mto: This revision was merged to the branch mainline in revision 34.
  • Revision ID: james.westby@ubuntu.com-20090613181546-vbfntai3b009dl1u
Tags: upstream-0.9.8k
ImportĀ upstreamĀ versionĀ 0.9.8k

Show diffs side-by-side

added added

removed removed

Lines of Context:
crypto/rsa/rsa_sign.c
90
90
                i = SSL_SIG_LENGTH;
91
91
                s = m;
92
92
        } else {
 
93
        /* NB: in FIPS mode block anything that isn't a TLS signature */
 
94
#ifdef OPENSSL_FIPS
 
95
                if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
 
96
                        {
 
97
                        RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
 
98
                        return 0;
 
99
                        }
 
100
#endif
93
101
                sig.algor= &algor;
94
102
                sig.algor->algorithm=OBJ_nid2obj(type);
95
103
                if (sig.algor->algorithm == NULL)
167
175
                RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
168
176
                goto err;
169
177
                }
170
 
        if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
 
178
        if(dtype == NID_md5_sha1)
 
179
                {
 
180
                if (m_len != SSL_SIG_LENGTH)
 
181
                        {
171
182
                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
172
183
                        goto err;
173
 
        }
 
184
                        }
 
185
                }
 
186
        /* NB: in FIPS mode block anything that isn't a TLS signature */
 
187
#ifdef OPENSSL_FIPS
 
188
        else if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
 
189
                {
 
190
                RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
 
191
                return 0;
 
192
                }
 
193
#endif
174
194
        i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
175
195
 
176
196
        if (i <= 0) goto err;