4 files changed, 60 insertions, 20 deletions

diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index 06a7b1431d..b68fbce169 100644
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -209,7 +209,10 @@ int	DSA_set_method(DSA *dsa, const DSA_METHOD *);
 #ifdef OPENSSL_FIPS
 DSA *	FIPS_dsa_new(void);
 void	FIPS_dsa_free (DSA *r);
+DSA_SIG * FIPS_dsa_sign_digest(DSA *dsa, const unsigned char *dig, int dlen);
 DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx);
+int FIPS_dsa_verify_digest(DSA *dsa,
+				const unsigned char *dig, int dlen, DSA_SIG *s);
 int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s);
 #endif
 
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index 47ba358eb6..4287b83f8a 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -321,9 +321,17 @@ void FIPS_rsa_free(RSA *r);
 int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx,
 			int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash,
 			unsigned char *sigret, unsigned int *siglen);
+int FIPS_rsa_sign_digest(RSA *rsa, const unsigned char *md, int md_len,
+			const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
+			const EVP_MD *mgf1Hash,
+			unsigned char *sigret, unsigned int *siglen);
 int FIPS_rsa_verify_ctx(RSA *rsa, EVP_MD_CTX *ctx,
 			int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash,
 			unsigned char *sigbuf, unsigned int siglen);
+int FIPS_rsa_verify_digest(RSA *rsa, const unsigned char *dig, int diglen,
+			const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
+			const EVP_MD *mgf1Hash,
+			unsigned char *sigbuf, unsigned int siglen);
 #endif
 
 void RSA_set_default_method(const RSA_METHOD *meth);
diff --git a/fips/dsa/fips_dsa_sign.c b/fips/dsa/fips_dsa_sign.c
index 7223589af3..2875752e01 100644
--- a/fips/dsa/fips_dsa_sign.c
+++ b/fips/dsa/fips_dsa_sign.c
@@ -82,6 +82,11 @@ DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx)
 	return s;
 	}
 
+DSA_SIG * FIPS_dsa_sign_digest(DSA *dsa, const unsigned char *dig, int dlen)
+	{
+	return dsa->meth->dsa_do_sign(dig, dlen, dsa);
+	}
+
 int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s)
 	{
 	int ret=-1;
@@ -93,4 +98,10 @@ int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s)
 	return ret;
 	}
 
+int FIPS_dsa_verify_digest(DSA *dsa,
+				const unsigned char *dig, int dlen, DSA_SIG *s)
+	{
+	return dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
+	}
+
 #endif
diff --git a/fips/rsa/fips_rsa_sign.c b/fips/rsa/fips_rsa_sign.c
index 4e5b4bf1db..e9f7a2bba7 100644
--- a/fips/rsa/fips_rsa_sign.c
+++ b/fips/rsa/fips_rsa_sign.c
@@ -191,38 +191,48 @@ static const unsigned char *fips_digestinfo_nn_encoding(int nid, unsigned int *l
 		}
 	}
 
-
 int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx,
 			int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash,
 			unsigned char *sigret, unsigned int *siglen)
 	{
+	unsigned int md_len, rv;
+	unsigned char md[EVP_MAX_MD_SIZE];
+        EVP_DigestFinal_ex(ctx, md, &md_len);
+	rv = FIPS_rsa_sign_digest(rsa, md, md_len,
+					M_EVP_MD_CTX_md(ctx),
+					rsa_pad_mode, saltlen,
+					mgf1Hash, sigret, siglen);
+	OPENSSL_cleanse(md, md_len);
+	return rv;
+	}
+
+
+int FIPS_rsa_sign_digest(RSA *rsa, const unsigned char *md, int md_len,
+			const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
+			const EVP_MD *mgf1Hash,
+			unsigned char *sigret, unsigned int *siglen)
+	{
 	int i=0,j,ret=0;
 	unsigned int dlen;
 	const unsigned char *der;
-	unsigned int m_len;
-	const EVP_MD *mhash;
 	int md_type;
 	/* Largest DigestInfo: 19 (max encoding) + max MD */
 	unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
-	unsigned char md[EVP_MAX_MD_SIZE + 1];
 
-        EVP_DigestFinal_ex(ctx, md, &m_len);
-
-	mhash = M_EVP_MD_CTX_md(ctx);
 	md_type = M_EVP_MD_type(mhash);
 
 	if (rsa_pad_mode == RSA_X931_PADDING)
 		{
 		int hash_id;
-		memcpy(tmpdinfo, md, m_len);
+		memcpy(tmpdinfo, md, md_len);
 		hash_id = RSA_X931_hash_id(md_type);
 		if (hash_id == -1)
 			{
 			RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
 			return 0;
 			}
-		tmpdinfo[m_len] = (unsigned char)hash_id;
-		i = m_len + 1;
+		tmpdinfo[md_len] = (unsigned char)hash_id;
+		i = md_len + 1;
 		}
 	else if (rsa_pad_mode == RSA_PKCS1_PADDING)
 		{
@@ -235,9 +245,9 @@ int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx,
 			return 0;
 			}
 		memcpy(tmpdinfo, der, dlen);
-		memcpy(tmpdinfo + dlen, md, m_len);
+		memcpy(tmpdinfo + dlen, md, md_len);
 
-		i = dlen + m_len;
+		i = dlen + md_len;
 
 		}
 	else if (rsa_pad_mode == RSA_PKCS1_PSS_PADDING)
@@ -260,7 +270,6 @@ int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx,
 			*siglen=j;
 			}
 		psserr:
-		OPENSSL_cleanse(md,m_len);
 		OPENSSL_cleanse(sbuf, i);
 		OPENSSL_free(sbuf);
 		return ret;
@@ -282,7 +291,6 @@ int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx,
 
 	done:
 	OPENSSL_cleanse(tmpdinfo,i);
-	OPENSSL_cleanse(md,m_len);
 	return ret;
 	}
 
@@ -290,12 +298,25 @@ int FIPS_rsa_verify_ctx(RSA *rsa, EVP_MD_CTX *ctx,
 			int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash,
 			unsigned char *sigbuf, unsigned int siglen)
 	{
+	unsigned int md_len, rv;
+	unsigned char md[EVP_MAX_MD_SIZE];
+        EVP_DigestFinal_ex(ctx, md, &md_len);
+	rv = FIPS_rsa_verify_digest(rsa, md, md_len, M_EVP_MD_CTX_md(ctx),
+					rsa_pad_mode, saltlen, mgf1Hash,
+					sigbuf, siglen);
+	OPENSSL_cleanse(md, md_len);
+	return rv;
+	}
+	
+int FIPS_rsa_verify_digest(RSA *rsa, const unsigned char *dig, int diglen,
+			const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
+			const EVP_MD *mgf1Hash,
+			unsigned char *sigbuf, unsigned int siglen)
+	{
 	int i,ret=0;
-	unsigned int dlen, diglen;
+	unsigned int dlen;
 	unsigned char *s;
 	const unsigned char *der;
-	unsigned char dig[EVP_MAX_MD_SIZE];
-	const EVP_MD *mhash;
 	int md_type;
 	int rsa_dec_pad_mode;
 
@@ -305,11 +326,8 @@ int FIPS_rsa_verify_ctx(RSA *rsa, EVP_MD_CTX *ctx,
 		return(0);
 		}
 
-	mhash = M_EVP_MD_CTX_md(ctx);
 	md_type = M_EVP_MD_type(mhash);
 
-        EVP_DigestFinal_ex(ctx, dig, &diglen);
-
 	s= OPENSSL_malloc((unsigned int)siglen);
 	if (s == NULL)
 		{