FIPS mode DSA changes:

Check for selftest failures.

Pairwise consistency test for RSA key generation.

Use some EVP macros instead of EVP functions.

Use minimal FIPS EVP where needed.

Key size restrictions.

1 files changed, 21 insertions, 0 deletions

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index e6a5452..8096a15 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -73,12 +73,18 @@
 
 #ifndef OPENSSL_NO_SHA
 
+#define OPENSSL_FIPSEVP
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 #include <openssl/sha.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 #include "dsa_locl.h"
 
 int DSA_generate_parameters_ex(DSA *ret, int bits,
@@ -127,6 +133,21 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
 	BN_CTX *ctx=NULL;
 	unsigned int h=2;
 
+#ifdef OPENSSL_FIPS
+	if(FIPS_selftest_failed())
+	    {
+	    FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN,
+		    FIPS_R_FIPS_SELFTEST_FAILED);
+	    goto err;
+	    }
+
+	if (FIPS_mode() && (bits < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
+		{
+		DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_TOO_SMALL);
+		goto err;
+		}
+#endif
+
 	if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
 	    qsize != SHA256_DIGEST_LENGTH)
 		/* invalid q size */