Loading crypto/rsa/rsa_eay.c +0 −70 Original line number Diff line number Diff line Loading @@ -115,9 +115,6 @@ #include <openssl/bn.h> #include <openssl/rsa.h> #include <openssl/rand.h> #ifdef OPENSSL_FIPS #include <openssl/fips.h> #endif #ifndef RSA_NULL Loading Loading @@ -162,21 +159,6 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *buf=NULL; BN_CTX *ctx=NULL; #ifdef OPENSSL_FIPS if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED); goto err; } if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; } #endif if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); Loading Loading @@ -380,21 +362,6 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; #ifdef OPENSSL_FIPS if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED); goto err; } if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; } #endif if ((ctx=BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); f = BN_CTX_get(ctx); Loading Loading @@ -538,21 +505,6 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; #ifdef OPENSSL_FIPS if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED); goto err; } if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; } #endif if((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); f = BN_CTX_get(ctx); Loading Loading @@ -688,21 +640,6 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *buf=NULL; BN_CTX *ctx=NULL; #ifdef OPENSSL_FIPS if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_RSA_EAY_PUBLIC_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED); goto err; } if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; } #endif if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); Loading Loading @@ -961,13 +898,6 @@ err: static int RSA_eay_init(RSA *rsa) { #ifdef OPENSSL_FIPS if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_RSA_EAY_INIT,FIPS_R_FIPS_SELFTEST_FAILED); return 0; } #endif rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } Loading crypto/rsa/rsa_gen.c +0 −128 Original line number Diff line number Diff line Loading @@ -70,112 +70,6 @@ #include <openssl/bn.h> #include <openssl/rsa.h> #ifdef OPENSSL_FIPS #include <openssl/fips.h> #include <openssl/fips_rand.h> #include <openssl/evp.h> /* Check PRNG has sufficient security level to handle an RSA operation */ int fips_check_rsa_prng(RSA *rsa, int bits) { int strength; if (!FIPS_module_mode()) return 1; if (rsa->flags & (RSA_FLAG_NON_FIPS_ALLOW|RSA_FLAG_CHECKED)) return 1; if (bits == 0) bits = BN_num_bits(rsa->n); /* Should never happen */ if (bits < 1024) { FIPSerr(FIPS_F_FIPS_CHECK_RSA_PRNG,FIPS_R_KEY_TOO_SHORT); return 0; } /* From SP800-57 */ if (bits < 2048) strength = 80; else if (bits < 3072) strength = 112; else if (bits < 7680) strength = 128; else if (bits < 15360) strength = 192; else strength = 256; if (FIPS_rand_strength() >= strength) return 1; FIPSerr(FIPS_F_FIPS_CHECK_RSA_PRNG,FIPS_R_PRNG_STRENGTH_TOO_LOW); return 0; } int fips_check_rsa(RSA *rsa) { const unsigned char tbs[] = "RSA Pairwise Check Data"; unsigned char *ctbuf = NULL, *ptbuf = NULL; int len, ret = 0; EVP_PKEY pk; pk.type = EVP_PKEY_RSA; pk.pkey.rsa = rsa; /* Perform pairwise consistency signature test */ if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0, NULL, 0, NULL, RSA_PKCS1_PADDING, NULL) || !fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0, NULL, 0, NULL, RSA_X931_PADDING, NULL) || !fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0, NULL, 0, NULL, RSA_PKCS1_PSS_PADDING, NULL)) goto err; /* Now perform pairwise consistency encrypt/decrypt test */ ctbuf = OPENSSL_malloc(RSA_size(rsa)); if (!ctbuf) goto err; len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING); if (len <= 0) goto err; /* Check ciphertext doesn't match plaintext */ if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len)) goto err; ptbuf = OPENSSL_malloc(RSA_size(rsa)); if (!ptbuf) goto err; len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING); if (len != (sizeof(tbs) - 1)) goto err; if (memcmp(ptbuf, tbs, len)) goto err; ret = 1; if (!ptbuf) goto err; err: if (ret == 0) { fips_set_selftest_fail(); FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED); } if (ctbuf) OPENSSL_free(ctbuf); if (ptbuf) OPENSSL_free(ptbuf); return ret; } #endif static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); /* NB: this wrapper would normally be placed in rsa_lib.c and the static Loading @@ -198,23 +92,6 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) int bitsp,bitsq,ok= -1,n=0; BN_CTX *ctx=NULL; #ifdef OPENSSL_FIPS if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED); return 0; } if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT); return 0; } if (!fips_check_rsa_prng(rsa, bits)) return 0; #endif ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); Loading Loading @@ -326,11 +203,6 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) p = rsa->p; if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err; #ifdef OPENSSL_FIPS if(!fips_check_rsa(rsa)) goto err; #endif ok=1; err: if (ok == -1) Loading crypto/rsa/rsa_pss.c +0 −4 Original line number Diff line number Diff line Loading @@ -67,10 +67,6 @@ #include <openssl/sha.h> #include "rsa_locl.h" #ifdef OPENSSL_FIPS #include <openssl/fips.h> #endif static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0}; #if defined(_MSC_VER) && defined(_ARM_) Loading crypto/rsa/rsa_x931g.c +0 −34 Original line number Diff line number Diff line Loading @@ -65,12 +65,6 @@ #include <openssl/bn.h> #include <openssl/rsa.h> #ifdef OPENSSL_FIPS #include <openssl/fips.h> extern int fips_check_rsa(RSA *rsa); #endif /* X9.31 RSA key derivation and generation */ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, Loading Loading @@ -209,29 +203,6 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb) BIGNUM *Xp = NULL, *Xq = NULL; BN_CTX *ctx = NULL; #ifdef OPENSSL_FIPS if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT); return 0; } if (bits & 0xff) { FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_INVALID_KEY_LENGTH); return 0; } if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST_FAILED); return 0; } if (!fips_check_rsa_prng(rsa, bits)) return 0; #endif ctx = BN_CTX_new(); if (!ctx) goto error; Loading Loading @@ -265,11 +236,6 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb) NULL, NULL, NULL, NULL, NULL, NULL, e, cb)) goto error; #ifdef OPENSSL_FIPS if(!fips_check_rsa(rsa)) goto error; #endif ok = 1; error: Loading Loading
crypto/rsa/rsa_eay.c +0 −70 Original line number Diff line number Diff line Loading @@ -115,9 +115,6 @@ #include <openssl/bn.h> #include <openssl/rsa.h> #include <openssl/rand.h> #ifdef OPENSSL_FIPS #include <openssl/fips.h> #endif #ifndef RSA_NULL Loading Loading @@ -162,21 +159,6 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *buf=NULL; BN_CTX *ctx=NULL; #ifdef OPENSSL_FIPS if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED); goto err; } if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; } #endif if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); Loading Loading @@ -380,21 +362,6 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; #ifdef OPENSSL_FIPS if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED); goto err; } if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; } #endif if ((ctx=BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); f = BN_CTX_get(ctx); Loading Loading @@ -538,21 +505,6 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; #ifdef OPENSSL_FIPS if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED); goto err; } if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; } #endif if((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); f = BN_CTX_get(ctx); Loading Loading @@ -688,21 +640,6 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *buf=NULL; BN_CTX *ctx=NULL; #ifdef OPENSSL_FIPS if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_RSA_EAY_PUBLIC_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED); goto err; } if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; } #endif if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); Loading Loading @@ -961,13 +898,6 @@ err: static int RSA_eay_init(RSA *rsa) { #ifdef OPENSSL_FIPS if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_RSA_EAY_INIT,FIPS_R_FIPS_SELFTEST_FAILED); return 0; } #endif rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } Loading
crypto/rsa/rsa_gen.c +0 −128 Original line number Diff line number Diff line Loading @@ -70,112 +70,6 @@ #include <openssl/bn.h> #include <openssl/rsa.h> #ifdef OPENSSL_FIPS #include <openssl/fips.h> #include <openssl/fips_rand.h> #include <openssl/evp.h> /* Check PRNG has sufficient security level to handle an RSA operation */ int fips_check_rsa_prng(RSA *rsa, int bits) { int strength; if (!FIPS_module_mode()) return 1; if (rsa->flags & (RSA_FLAG_NON_FIPS_ALLOW|RSA_FLAG_CHECKED)) return 1; if (bits == 0) bits = BN_num_bits(rsa->n); /* Should never happen */ if (bits < 1024) { FIPSerr(FIPS_F_FIPS_CHECK_RSA_PRNG,FIPS_R_KEY_TOO_SHORT); return 0; } /* From SP800-57 */ if (bits < 2048) strength = 80; else if (bits < 3072) strength = 112; else if (bits < 7680) strength = 128; else if (bits < 15360) strength = 192; else strength = 256; if (FIPS_rand_strength() >= strength) return 1; FIPSerr(FIPS_F_FIPS_CHECK_RSA_PRNG,FIPS_R_PRNG_STRENGTH_TOO_LOW); return 0; } int fips_check_rsa(RSA *rsa) { const unsigned char tbs[] = "RSA Pairwise Check Data"; unsigned char *ctbuf = NULL, *ptbuf = NULL; int len, ret = 0; EVP_PKEY pk; pk.type = EVP_PKEY_RSA; pk.pkey.rsa = rsa; /* Perform pairwise consistency signature test */ if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0, NULL, 0, NULL, RSA_PKCS1_PADDING, NULL) || !fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0, NULL, 0, NULL, RSA_X931_PADDING, NULL) || !fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0, NULL, 0, NULL, RSA_PKCS1_PSS_PADDING, NULL)) goto err; /* Now perform pairwise consistency encrypt/decrypt test */ ctbuf = OPENSSL_malloc(RSA_size(rsa)); if (!ctbuf) goto err; len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING); if (len <= 0) goto err; /* Check ciphertext doesn't match plaintext */ if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len)) goto err; ptbuf = OPENSSL_malloc(RSA_size(rsa)); if (!ptbuf) goto err; len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING); if (len != (sizeof(tbs) - 1)) goto err; if (memcmp(ptbuf, tbs, len)) goto err; ret = 1; if (!ptbuf) goto err; err: if (ret == 0) { fips_set_selftest_fail(); FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED); } if (ctbuf) OPENSSL_free(ctbuf); if (ptbuf) OPENSSL_free(ptbuf); return ret; } #endif static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); /* NB: this wrapper would normally be placed in rsa_lib.c and the static Loading @@ -198,23 +92,6 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) int bitsp,bitsq,ok= -1,n=0; BN_CTX *ctx=NULL; #ifdef OPENSSL_FIPS if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED); return 0; } if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT); return 0; } if (!fips_check_rsa_prng(rsa, bits)) return 0; #endif ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); Loading Loading @@ -326,11 +203,6 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) p = rsa->p; if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err; #ifdef OPENSSL_FIPS if(!fips_check_rsa(rsa)) goto err; #endif ok=1; err: if (ok == -1) Loading
crypto/rsa/rsa_pss.c +0 −4 Original line number Diff line number Diff line Loading @@ -67,10 +67,6 @@ #include <openssl/sha.h> #include "rsa_locl.h" #ifdef OPENSSL_FIPS #include <openssl/fips.h> #endif static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0}; #if defined(_MSC_VER) && defined(_ARM_) Loading
crypto/rsa/rsa_x931g.c +0 −34 Original line number Diff line number Diff line Loading @@ -65,12 +65,6 @@ #include <openssl/bn.h> #include <openssl/rsa.h> #ifdef OPENSSL_FIPS #include <openssl/fips.h> extern int fips_check_rsa(RSA *rsa); #endif /* X9.31 RSA key derivation and generation */ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, Loading Loading @@ -209,29 +203,6 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb) BIGNUM *Xp = NULL, *Xq = NULL; BN_CTX *ctx = NULL; #ifdef OPENSSL_FIPS if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT); return 0; } if (bits & 0xff) { FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_INVALID_KEY_LENGTH); return 0; } if(FIPS_selftest_failed()) { FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST_FAILED); return 0; } if (!fips_check_rsa_prng(rsa, bits)) return 0; #endif ctx = BN_CTX_new(); if (!ctx) goto error; Loading Loading @@ -265,11 +236,6 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb) NULL, NULL, NULL, NULL, NULL, NULL, e, cb)) goto error; #ifdef OPENSSL_FIPS if(!fips_check_rsa(rsa)) goto error; #endif ok = 1; error: Loading
Tim Hudson <tjh@openssl.org>Tim Hudson <tjh@openssl.org>