Commit 53dd05d8 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Redirect RSA keygen, sign, verify to FIPS module.

parent fbe70553
Loading
Loading
Loading
Loading
+2 −2
Original line number Diff line number Diff line
@@ -4,8 +4,8 @@

 Changes between 1.0.0d and 1.0.1  [xx XXX xxxx]

  *) Redirect low level RSA operations to FIPS module including blocking of
     non FIPS RSA methods.
  *) Redirect RSA operations to FIPS module including keygen,
     encrypt, decrypt, sign and verify. Block use of non FIPS RSA methods.
     [Steve Henson]

  *) Add similar low level API blocking to ciphers.
+3 −0
Original line number Diff line number Diff line
@@ -455,6 +455,7 @@ void ERR_load_RSA_strings(void);
#define RSA_F_PKEY_RSA_CTRL				 143
#define RSA_F_PKEY_RSA_CTRL_STR				 144
#define RSA_F_PKEY_RSA_SIGN				 142
#define RSA_F_PKEY_RSA_VERIFY				 154
#define RSA_F_PKEY_RSA_VERIFYRECOVER			 141
#define RSA_F_RSA_BUILTIN_KEYGEN			 129
#define RSA_F_RSA_CHECK_KEY				 123
@@ -463,6 +464,7 @@ void ERR_load_RSA_strings(void);
#define RSA_F_RSA_EAY_PUBLIC_DECRYPT			 103
#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT			 104
#define RSA_F_RSA_GENERATE_KEY				 105
#define RSA_F_RSA_GENERATE_KEY_EX			 155
#define RSA_F_RSA_MEMORY_LOCK				 130
#define RSA_F_RSA_NEW_METHOD				 106
#define RSA_F_RSA_NULL					 124
@@ -541,6 +543,7 @@ void ERR_load_RSA_strings(void);
#define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
#define RSA_R_N_DOES_NOT_EQUAL_P_Q			 127
#define RSA_R_OAEP_DECODING_ERROR			 121
#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE	 151
#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE	 148
#define RSA_R_PADDING_CHECK_FAILED			 114
#define RSA_R_P_NOT_PRIME				 128
+3 −0
Original line number Diff line number Diff line
@@ -78,6 +78,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
{ERR_FUNC(RSA_F_PKEY_RSA_CTRL),	"PKEY_RSA_CTRL"},
{ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR),	"PKEY_RSA_CTRL_STR"},
{ERR_FUNC(RSA_F_PKEY_RSA_SIGN),	"PKEY_RSA_SIGN"},
{ERR_FUNC(RSA_F_PKEY_RSA_VERIFY),	"PKEY_RSA_VERIFY"},
{ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER),	"PKEY_RSA_VERIFYRECOVER"},
{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN),	"RSA_BUILTIN_KEYGEN"},
{ERR_FUNC(RSA_F_RSA_CHECK_KEY),	"RSA_check_key"},
@@ -86,6 +87,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT),	"RSA_EAY_PUBLIC_DECRYPT"},
{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT),	"RSA_EAY_PUBLIC_ENCRYPT"},
{ERR_FUNC(RSA_F_RSA_GENERATE_KEY),	"RSA_generate_key"},
{ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX),	"RSA_generate_key_ex"},
{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK),	"RSA_memory_lock"},
{ERR_FUNC(RSA_F_RSA_NEW_METHOD),	"RSA_new_method"},
{ERR_FUNC(RSA_F_RSA_NULL),	"RSA_NULL"},
@@ -167,6 +169,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
{ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
+15 −0
Original line number Diff line number Diff line
@@ -67,6 +67,9 @@
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif

static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);

@@ -77,6 +80,18 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
 * now just because key-generation is part of RSA_METHOD. */
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
	{
#ifdef OPENSSL_FIPS
	if (FIPS_mode())
		{
		if (rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
			return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
		if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
			{
			RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
			return 0;
			}
		}
#endif
	if(rsa->meth->rsa_keygen)
		return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
	return rsa_builtin_keygen(rsa, bits, e_value, cb);
+74 −0
Original line number Diff line number Diff line
@@ -63,6 +63,9 @@
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#include "evp_locl.h"
#include "rsa_locl.h"

@@ -151,6 +154,30 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
		}
	}

/* FIP checker. Return value indicates status of context parameters:
 * 1  : redirect to FIPS.
 * 0  : don't redirect to FIPS.
 * -1 : illegal operation in FIPS mode.
 */

static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx)
	{
	RSA_PKEY_CTX *rctx = ctx->data;
	RSA *rsa = ctx->pkey->pkey.rsa;
	int rv = -1;
	if (!FIPS_mode())
		return 0;
	if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
		rv = 0;
	if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
		return -1;
	if (rctx->md && !(rctx->md->flags & EVP_MD_FLAG_FIPS))
		return rv;
	if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS))
		return rv;
	return 1;
	}

static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
					const unsigned char *tbs, size_t tbslen)
	{
@@ -158,6 +185,15 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
	RSA_PKEY_CTX *rctx = ctx->data;
	RSA *rsa = ctx->pkey->pkey.rsa;

#ifdef OPENSSL_FIPS
	ret = pkey_fips_check_ctx(ctx);
	if (ret < 0)
		{
		RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
		return -1;
		}
#endif

	if (rctx->md)
		{
		if (tbslen != (size_t)EVP_MD_size(rctx->md))
@@ -166,6 +202,22 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
					RSA_R_INVALID_DIGEST_LENGTH);
			return -1;
			}
#ifdef OPENSSL_FIPS
		if (ret > 0)
			{
			unsigned int slen;
			ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
							rctx->pad_mode,
							rctx->saltlen,
							rctx->mgf1md,
							sig, &slen);
			if (ret > 0)
				*siglen = slen;
			else
				*siglen = 0;
			return ret;
			}
#endif
		if (rctx->pad_mode == RSA_X931_PADDING)
			{
			if (!setup_tbuf(rctx, ctx))
@@ -274,8 +326,30 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
	RSA_PKEY_CTX *rctx = ctx->data;
	RSA *rsa = ctx->pkey->pkey.rsa;
	size_t rslen;
#ifdef OPENSSL_FIPS
	int rv;
	rv = pkey_fips_check_ctx(ctx);
	if (rv < 0)
		{
		RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
		return -1;
		}
#endif
	if (rctx->md)
		{
#ifdef OPENSSL_FIPS
		if (rv > 0)
			{
			return FIPS_rsa_verify_digest(rsa,
							tbs, tbslen,
							rctx->md,
							rctx->pad_mode,
							rctx->saltlen,
							rctx->mgf1md,
							sig, siglen);
							
			}
#endif
		if (rctx->pad_mode == RSA_PKCS1_PADDING)
			return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
					sig, siglen, rsa);