OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
06-Apr-2007 02:30:25
Branch: OpenSSL-fips-0_9_8-stable Handle:
2007040601301212
Modified files: (Branch:
OpenSSL-fips-0_9_8-stable)
openssl CHANGES
openssl/apps dgst.c
openssl/crypto fips_err.h
openssl/crypto/dsa dsa.h dsa_asn1.c dsa_err.c
dsa_lib.c dsa_sign.c
dsa_vrf.c
openssl/crypto/rsa rsa.h rsa_eng.c rsa_err.c
rsa_lib.c rsa_sign.c
openssl/fips-1.0 fips.c fips.h fips_locl.h
fips_test_suite.c
openssl/fips-1.0/dsa fips_dsa_key.c fips_dsa_ossl.c
openssl/fips-1.0/rsa fips_rsa_eay.c fips_rsa_gen.c
fips_rsa_selftest.c
fips_rsa_sign.c
Log:
Block low level public key signature operations in FIPS
mode.
Update self tests for all modes and use EVP.
Update pairwise consistency checks.
Summary:
Revision Changes Path
1.1238.2.65.2.9+9 -0 openssl/CHANGES
1.35.2.3.2.2+28 -0 openssl/apps/dgst.c
1.39.2.1.2.3+16 -4 openssl/crypto/dsa/dsa.h
1.9.14.3 +15 -0 openssl/crypto/dsa/dsa_asn1.c
1.13.2.2.2.1+5 -1 openssl/crypto/dsa/dsa_err.c
1.33.2.2.2.2+27 -0 openssl/crypto/dsa/dsa_lib.c
1.12.4.2 +8 -4 openssl/crypto/dsa/dsa_sign.c
1.12.4.2 +5 -3 openssl/crypto/dsa/dsa_vrf.c
1.1.4.3 +3 -0 openssl/crypto/fips_err.h
1.55.2.7.2.4+20 -0 openssl/crypto/rsa/rsa.h
1.1.2.2 +26 -0 openssl/crypto/rsa/rsa_eng.c
1.17.2.7.2.1+6 -1 openssl/crypto/rsa/rsa_err.c
1.39.2.3.2.3+14 -0 openssl/crypto/rsa/rsa_lib.c
1.21.2.1.2.1+22 -2 openssl/crypto/rsa/rsa_sign.c
1.1.2.3 +13 -18
openssl/fips-1.0/dsa/fips_dsa_key.c
1.1.4.4 +4 -3
openssl/fips-1.0/dsa/fips_dsa_ossl.c
1.1.4.3 +68 -0 openssl/fips-1.0/fips.c
1.1.4.3 +11 -0 openssl/fips-1.0/fips.h
1.1.4.3 +0 -1 openssl/fips-1.0/fips_locl.h
1.1.4.3 +61 -29
openssl/fips-1.0/fips_test_suite.c
1.1.4.4 +1 -1
openssl/fips-1.0/rsa/fips_rsa_eay.c
1.1.4.4 +16 -57
openssl/fips-1.0/rsa/fips_rsa_gen.c
1.1.4.3 +295 -116
openssl/fips-1.0/rsa/fips_rsa_selftest.c
1.1.4.6 +17 -3
openssl/fips-1.0/rsa/fips_rsa_sign.c
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/CHANGES
============================================================
================
$ cvs diff -u -r1.1238.2.65.2.8 -r1.1238.2.65.2.9 CHANGES
--- openssl/CHANGES 3 Apr 2007 21:01:24
-0000 1.1238.2.65.2.8
+++ openssl/CHANGES 6 Apr 2007 00:30:12
-0000 1.1238.2.65.2.9
-4,6 +4,15
Changes between 0.9.8e and 0.9.8f-fips [xx XXX xxxx]
+ *) Rewrite self tests and pairwise tests to use EVP.
Add more extensive
+ self tests for RSA in all digests and modes.
+ [Steve Henson]
+
+ *) New flags RSA_FIPS_METHOD and DSA_FIPS_METHOD to
indicate a method is
+ allowed in FIPS mode. Disable direct low level RSA
and DSA signature
+ operations in FIPS mode so all operations have to be
made via EVP.
+ [Steve Henson]
+
*) New flag EVP_MD_FLAG_SVCTX which passes EVP_MD_CTX
and key to underlying
sign/verify method. This permits the method to
perform finalization
and signing itself and have access to the EVP_MD_CTX
structure in case
.
patch -p0 <<' .'
Index: openssl/apps/dgst.c
============================================================
================
$ cvs diff -u -r1.35.2.3.2.1 -r1.35.2.3.2.2 dgst.c
--- openssl/apps/dgst.c 22 Mar 2007 00:37:43
-0000 1.35.2.3.2.1
+++ openssl/apps/dgst.c 6 Apr 2007 00:30:14
-0000 1.35.2.3.2.2
-101,6 +101,7
EVP_PKEY *sigkey = NULL;
unsigned char *sigbuf = NULL;
int siglen = 0;
+ unsigned int sig_flags = 0;
char *passargin = NULL, *passin = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
-168,6 +169,27
keyfile=*(++argv);
do_verify = 1;
}
+ else if (strcmp(*argv,"-x931") == 0)
+ sig_flags = EVP_MD_CTX_FLAG_PAD_X931;
+ else if (strcmp(*argv,"-pss_saltlen") == 0)
+ {
+ int saltlen;
+ if (--argc < 1) break;
+ saltlen=atoi(*(++argv));
+ if (saltlen == -1)
+ sig_flags = EVP_MD_CTX_FLAG_PSS_MREC;
+ else if (saltlen == -2)
+ sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN;
+ else if (saltlen < -2 || saltlen >= 0xFFFE)
+ {
+ BIO_printf(bio_err, "Invalid PSS salt length
%dn", saltlen);
+ goto end;
+ }
+ else
+ sig_flags = saltlen;
+ sig_flags <<= 16;
+ sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS;
+ }
else if (strcmp(*argv,"-signature") == 0)
{
if (--argc < 1) break;
-360,6 +382,12
EVP_MD_CTX_set_flags(md_ctx,
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
}
+ if (sig_flags)
+ {
+ EVP_MD_CTX *md_ctx;
+ BIO_get_md_ctx(bmd,&md_ctx);
+ EVP_MD_CTX_set_flags(md_ctx, sig_flags);
+ }
/* we use md as a filter, reading from 'in' */
if (!BIO_set_md(bmd,md))
.
patch -p0 <<' .'
Index: openssl/crypto/dsa/dsa.h
============================================================
================
$ cvs diff -u -r1.39.2.1.2.2 -r1.39.2.1.2.3 dsa.h
--- openssl/crypto/dsa/dsa.h 2 Apr 2007 23:59:36
-0000 1.39.2.1.2.2
+++ openssl/crypto/dsa/dsa.h 6 Apr 2007 00:30:15
-0000 1.39.2.1.2.3
-97,12 +97,20
* be used
for all exponents.
*/
-/* If this flag is set external DSA_METHOD callbacks are
allowed in FIPS mode
- * it is then the applications responsibility to ensure
the external method
- * is compliant.
+/* If this flag is set the DSA method is FIPS compliant
and can be used
+ * in FIPS mode. This is set in the validated module
method. If an
+ * application sets this flag in its own methods it is
its reposibility
+ * to ensure the result is compliant.
*/
-#define DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW 0x04
+#define DSA_FLAG_FIPS_METHOD 0x0400
+
+/* If this flag is set the operations normally disabled
in FIPS mode are
+ * permitted it is then the applications responsibility
to ensure that the
+ * usage is compliant.
+ */
+
+#define DSA_FLAG_NON_FIPS_ALLOW 0x0400
#ifdef OPENSSL_FIPS
#define FIPS_DSA_SIZE_T int
-287,6 +295,8
#define DSA_F_DSA_NEW_METHOD 103
#define DSA_F_DSA_PRINT 104
#define DSA_F_DSA_PRINT_FP 105
+#define DSA_F_DSA_SET_DEFAULT_METHOD 115
+#define DSA_F_DSA_SET_METHOD 116
#define DSA_F_DSA_SIGN 106
#define DSA_F_DSA_SIGN_SETUP 107
#define DSA_F_DSA_SIG_NEW 109
-299,6 +309,8
#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
#define DSA_R_MISSING_PARAMETERS 101
#define DSA_R_MODULUS_TOO_LARGE 103
+#define DSA_R_NON_FIPS_METHOD 104
+#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105
#ifdef __cplusplus
}
.
patch -p0 <<' .'
Index: openssl/crypto/dsa/dsa_asn1.c
============================================================
================
$ cvs diff -u -r1.9.14.2 -r1.9.14.3 dsa_asn1.c
--- openssl/crypto/dsa/dsa_asn1.c 2 Apr 2007 23:59:37
-0000 1.9.14.2
+++ openssl/crypto/dsa/dsa_asn1.c 6 Apr 2007 00:30:16
-0000 1.9.14.3
-61,6 +61,7
#include <openssl/dsa.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
+#include <openssl/fips.h>
/* Override the default new methods */
static int sig_cb(int operation, ASN1_VALUE **pval, const
ASN1_ITEM *it)
-143,6 +144,13
unsigned int *siglen, DSA *dsa)
{
DSA_SIG *s;
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode() && !(dsa->flags &
DSA_FLAG_NON_FIPS_ALLOW))
+ {
+ DSAerr(DSA_F_DSA_SIGN,
DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
s=DSA_do_sign(dgst,dlen,dsa);
if (s == NULL)
{
-187,6 +195,13
{
DSA_SIG *s;
int ret=-1;
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode() && !(dsa->flags &
DSA_FLAG_NON_FIPS_ALLOW))
+ {
+ DSAerr(DSA_F_DSA_VERIFY,
DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
s = DSA_SIG_new();
if (s == NULL) return(ret);
.
patch -p0 <<' .'
Index: openssl/crypto/dsa/dsa_err.c
============================================================
================
$ cvs diff -u -r1.13.2.2 -r1.13.2.2.2.1 dsa_err.c
--- openssl/crypto/dsa/dsa_err.c 21 Nov 2006 20:14:40
-0000 1.13.2.2
+++ openssl/crypto/dsa/dsa_err.c 6 Apr 2007 00:30:16
-0000 1.13.2.2.2.1
-1,6 +1,6
/* crypto/dsa/dsa_err.c */
/*
============================================================
========
- * Copyright (c) 1999-2005 The OpenSSL Project. All
rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project. All
rights reserved.
*
* Redistribution and use in source and binary forms,
with or without
* modification, are permitted provided that the
following conditions
-78,6 +78,8
{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"}
,
{ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"},
{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
+{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_defa
ult_method"},
+{ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"
},
{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"}
,
{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
-93,6 +95,8
{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data
too large for key size"},
{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing
parameters"},
{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus
too large"},
+{ERR_REASON(DSA_R_NON_FIPS_METHOD) ,"non fips
method"},
+{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"
;operation not allowed in fips mode"},
{0,NULL}
};
.
patch -p0 <<' .'
Index: openssl/crypto/dsa/dsa_lib.c
============================================================
================
$ cvs diff -u -r1.33.2.2.2.1 -r1.33.2.2.2.2 dsa_lib.c
--- openssl/crypto/dsa/dsa_lib.c 22 Mar 2007 00:38:02
-0000 1.33.2.2.2.1
+++ openssl/crypto/dsa/dsa_lib.c 6 Apr 2007 00:30:16
-0000 1.33.2.2.2.2
-76,6 +76,14
void DSA_set_default_method(const DSA_METHOD *meth)
{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(meth->flags &
DSA_FLAG_FIPS_METHOD))
+ {
+ DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD,
DSA_R_NON_FIPS_METHOD);
+ return;
+ }
+#endif
+
default_DSA_method = meth;
}
-96,6 +104,13
/* NB: The caller is specifically setting a method, so
it's not up to us
* to deal with which ENGINE it comes from. */
const DSA_METHOD *mtmp;
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(meth->flags &
DSA_FLAG_FIPS_METHOD))
+ {
+ DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD);
+ return 0;
+ }
+#endif
mtmp = dsa->meth;
if (mtmp->finish) mtmp->finish(dsa);
#ifndef OPENSSL_NO_ENGINE
-147,6 +162,18
}
}
#endif
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(ret->meth->flags
& DSA_FLAG_FIPS_METHOD))
+ {
+ DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD);
+#ifndef OPENSSL_NO_ENGINE
+ if (ret->engine)
+ ENGINE_finish(ret->engine);
+#endif
+ OPENSSL_free(ret);
+ return NULL;
+ }
+#endif
ret->pad=0;
ret->version=0;
.
patch -p0 <<' .'
Index: openssl/crypto/dsa/dsa_sign.c
============================================================
================
$ cvs diff -u -r1.12.4.1 -r1.12.4.2 dsa_sign.c
--- openssl/crypto/dsa/dsa_sign.c 22 Mar 2007 00:38:02
-0000 1.12.4.1
+++ openssl/crypto/dsa/dsa_sign.c 6 Apr 2007 00:30:16
-0000 1.12.4.2
-69,9 +69,11
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int
dlen, DSA *dsa)
{
#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !(dsa->flags &
DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
- && !FIPS_dsa_check(dsa))
+ if(FIPS_mode() && !(dsa->flags &
DSA_FLAG_NON_FIPS_ALLOW))
+ {
+ DSAerr(DSA_F_DSA_DO_SIGN,
DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return NULL;
+ }
#endif
return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
}
-79,9 +81,11
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM
**kinvp, BIGNUM **rp)
{
#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !(dsa->flags &
DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
- && !FIPS_dsa_check(dsa))
+ if(FIPS_mode() && !(dsa->flags &
DSA_FLAG_NON_FIPS_ALLOW))
+ {
+ DSAerr(DSA_F_DSA_SIGN_SETUP,
DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return 0;
+ }
#endif
return dsa->meth->dsa_sign_setup(dsa, ctx_in,
kinvp, rp);
}
.
patch -p0 <<' .'
Index: openssl/crypto/dsa/dsa_vrf.c
============================================================
================
$ cvs diff -u -r1.12.4.1 -r1.12.4.2 dsa_vrf.c
--- openssl/crypto/dsa/dsa_vrf.c 22 Mar 2007 00:38:02
-0000 1.12.4.1
+++ openssl/crypto/dsa/dsa_vrf.c 6 Apr 2007 00:30:16
-0000 1.12.4.2
-71,9 +71,11
DSA *dsa)
{
#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !(dsa->flags &
DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
- && !FIPS_dsa_check(dsa))
- return -1;
+ if(FIPS_mode() && !(dsa->flags &
DSA_FLAG_NON_FIPS_ALLOW))
+ {
+ DSAerr(DSA_F_DSA_DO_VERIFY,
DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
#endif
return dsa->meth->dsa_do_verify(dgst, dgst_len,
sig, dsa);
}
.
patch -p0 <<' .'
Index: openssl/crypto/fips_err.h
============================================================
================
$ cvs diff -u -r1.1.4.2 -r1.1.4.3 fips_err.h
--- openssl/crypto/fips_err.h 22 Mar 2007 00:37:46
-0000 1.1.4.2
+++ openssl/crypto/fips_err.h 6 Apr 2007 00:30:15
-0000 1.1.4.3
-78,9 +78,11
{ERR_FUNC(FIPS_F_FIPS_CHECK_DSO), "FIPS_CHECK_DSO"
},
{ERR_FUNC(FIPS_F_FIPS_CHECK_EXE), "FIPS_CHECK_EXE"
},
{ERR_FUNC(FIPS_F_FIPS_CHECK_FINGERPRINT), "FIPS_CHECK_F
INGERPRINT"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_PK_SIG), "FIPS_CHECK_PK_SI
G"},
{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "FIPS_CHECK_RSA"
},
{ERR_FUNC(FIPS_F_FIPS_DSA_CHECK), "FIPS_dsa_check"
},
{ERR_FUNC(FIPS_F_FIPS_MODE_SET), "FIPS_mode_set"},
+{ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey
_signature_test"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES), "FIPS_selftest_aes
"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des
"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa
"},
-113,6 +115,7
{ERR_REASON(FIPS_R_RSA_DECRYPT_ERROR) ,"rsa
decrypt error"},
{ERR_REASON(FIPS_R_RSA_ENCRYPT_ERROR) ,"rsa
encrypt error"},
{ERR_REASON(FIPS_R_SELFTEST_FAILED) ,"selftest
failed"},
+{ERR_REASON(FIPS_R_TEST_FAILURE) ,"test
failure"},
{ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM)
,"unsupported platform"},
{0,NULL}
};
.
patch -p0 <<' .'
Index: openssl/crypto/rsa/rsa.h
============================================================
================
$ cvs diff -u -r1.55.2.7.2.3 -r1.55.2.7.2.4 rsa.h
--- openssl/crypto/rsa/rsa.h 2 Apr 2007 23:59:41
-0000 1.55.2.7.2.3
+++ openssl/crypto/rsa/rsa.h 6 Apr 2007 00:30:17
-0000 1.55.2.7.2.4
-74,6 +74,21
#error RSA is disabled.
#endif
+/* If this flag is set the RSA method is FIPS compliant
and can be used
+ * in FIPS mode. This is set in the validated module
method. If an
+ * application sets this flag in its own methods it is
its reposibility
+ * to ensure the result is compliant.
+ */
+
+#define RSA_FLAG_FIPS_METHOD 0x0400
+
+/* If this flag is set the operations normally disabled
in FIPS mode are
+ * permitted it is then the applications responsibility
to ensure that the
+ * usage is compliant.
+ */
+
+#define RSA_FLAG_NON_FIPS_ALLOW 0x0400
+
#ifdef OPENSSL_FIPS
#define FIPS_RSA_SIZE_T int
#endif
-420,7 +435,10
#define RSA_F_RSA_PADDING_CHECK_X931 128
#define RSA_F_RSA_PRINT 115
#define RSA_F_RSA_PRINT_FP 116
+#define RSA_F_RSA_PRIVATE_ENCRYPT 137
+#define RSA_F_RSA_PUBLIC_DECRYPT 138
#define RSA_F_RSA_SETUP_BLINDING 136
+#define RSA_F_RSA_SET_DEFAULT_METHOD 139
#define RSA_F_RSA_SIGN 117
#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
#define RSA_F_RSA_VERIFY 119
-454,10 +472,12
#define RSA_R_KEY_SIZE_TOO_SMALL 120
#define RSA_R_LAST_OCTET_INVALID 134
#define RSA_R_MODULUS_TOO_LARGE 105
+#define RSA_R_NON_FIPS_METHOD 141
#define RSA_R_NO_PUBLIC_EXPONENT 140
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
#define RSA_R_OAEP_DECODING_ERROR 121
+#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142
#define RSA_R_PADDING_CHECK_FAILED 114
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_Q_NOT_PRIME 129
.
patch -p0 <<' .'
Index: openssl/crypto/rsa/rsa_eng.c
============================================================
================
$ cvs diff -u -r1.1.2.1 -r1.1.2.2 rsa_eng.c
--- openssl/crypto/rsa/rsa_eng.c 22 Mar 2007 00:38:34
-0000 1.1.2.1
+++ openssl/crypto/rsa/rsa_eng.c 6 Apr 2007 00:30:18
-0000 1.1.2.2
-80,6 +80,13
void RSA_set_default_method(const RSA_METHOD *meth)
{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(meth->flags &
RSA_FLAG_FIPS_METHOD))
+ {
+ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD,
RSA_R_NON_FIPS_METHOD);
+ return;
+ }
+#endif
default_RSA_meth = meth;
}
-111,6 +118,13
/* NB: The caller is specifically setting a method, so
it's not up to us
* to deal with which ENGINE it comes from. */
const RSA_METHOD *mtmp;
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(meth->flags &
RSA_FLAG_FIPS_METHOD))
+ {
+ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD,
RSA_R_NON_FIPS_METHOD);
+ return 0;
+ }
+#endif
mtmp = rsa->meth;
if (mtmp->finish) mtmp->finish(rsa);
#ifndef OPENSSL_NO_ENGINE
-163,6 +177,18
}
}
#endif
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(ret->meth->flags
& RSA_FLAG_FIPS_METHOD))
+ {
+ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD,
RSA_R_NON_FIPS_METHOD);
+#ifndef OPENSSL_NO_ENGINE
+ if (ret->engine)
+ ENGINE_finish(ret->engine);
+#endif
+ OPENSSL_free(ret);
+ return NULL;
+ }
+#endif
ret->pad=0;
ret->version=0;
.
patch -p0 <<' .'
Index: openssl/crypto/rsa/rsa_err.c
============================================================
================
$ cvs diff -u -r1.17.2.7 -r1.17.2.7.2.1 rsa_err.c
--- openssl/crypto/rsa/rsa_err.c 21 Nov 2006 20:14:44
-0000 1.17.2.7
+++ openssl/crypto/rsa/rsa_err.c 6 Apr 2007 00:30:18
-0000 1.17.2.7.2.1
-1,6 +1,6
/* crypto/rsa/rsa_err.c */
/*
============================================================
========
- * Copyright (c) 1999-2005 The OpenSSL Project. All
rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project. All
rights reserved.
*
* Redistribution and use in source and binary forms,
with or without
* modification, are permitted provided that the
following conditions
-101,7 +101,10
{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_c
heck_X931"},
{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
+{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_enc
rypt"},
+{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decry
pt"},
{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blindin
g"},
+{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_defa
ult_method"},
{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_
ASN1_OCTET_STRING"},
{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
-138,10 +141,12
{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size
too small"},
{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last
octet invalid"},
{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus
too large"},
+{ERR_REASON(RSA_R_NON_FIPS_METHOD) ,"non fips
method"},
{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public
exponent"},
{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null
before block missing"},
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does
not equal p q"},
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep
decoding error"},
+{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"
;operation not allowed in fips mode"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding
check failed"},
{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not
prime"},
{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not
prime"},
.
patch -p0 <<' .'
Index: openssl/crypto/rsa/rsa_lib.c
============================================================
================
$ cvs diff -u -r1.39.2.3.2.2 -r1.39.2.3.2.3 rsa_lib.c
--- openssl/crypto/rsa/rsa_lib.c 28 Mar 2007 12:38:53
-0000 1.39.2.3.2.2
+++ openssl/crypto/rsa/rsa_lib.c 6 Apr 2007 00:30:18
-0000 1.39.2.3.2.3
-76,6 +76,13
int RSA_private_encrypt(int flen, const unsigned char
*from, unsigned char *to,
RSA *rsa, int padding)
{
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode() && !(rsa->flags &
RSA_FLAG_NON_FIPS_ALLOW))
+ {
+ RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT,
RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
return(rsa->meth->rsa_priv_enc(flen, from, to,
rsa, padding));
}
-88,6 +95,13
int RSA_public_decrypt(int flen, const unsigned char
*from, unsigned char *to,
RSA *rsa, int padding)
{
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode() && !(rsa->flags &
RSA_FLAG_NON_FIPS_ALLOW))
+ {
+ RSAerr(RSA_F_RSA_PUBLIC_DECRYPT,
RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
return(rsa->meth->rsa_pub_dec(flen, from, to, rsa,
padding));
}
.
patch -p0 <<' .'
Index: openssl/crypto/rsa/rsa_sign.c
============================================================
================
$ cvs diff -u -r1.21.2.1 -r1.21.2.1.2.1 rsa_sign.c
--- openssl/crypto/rsa/rsa_sign.c 5 Sep 2006 08:25:42
-0000 1.21.2.1
+++ openssl/crypto/rsa/rsa_sign.c 6 Apr 2007 00:30:18
-0000 1.21.2.1.2.1
-90,6 +90,14
i = SSL_SIG_LENGTH;
s = m;
} else {
+ /* NB: in FIPS mode block anything that isn't a TLS
signature */
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode() && !(rsa->flags &
RSA_FLAG_NON_FIPS_ALLOW))
+ {
+ RSAerr(RSA_F_RSA_SIGN,
RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
sig.algor= &algor;
sig.algor->algorithm=OBJ_nid2obj(type);
if (sig.algor->algorithm == NULL)
-167,10 +175,22
RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
goto err;
}
- if((dtype == NID_md5_sha1) && (m_len !=
SSL_SIG_LENGTH) ) {
+ if(dtype == NID_md5_sha1)
+ {
+ if (m_len != SSL_SIG_LENGTH)
+ {
RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
goto err;
- }
+ }
+ }
+ /* NB: in FIPS mode block anything that isn't a TLS
signature */
+#ifdef OPENSSL_FIPS
+ else if(FIPS_mode() && !(rsa->flags &
RSA_FLAG_NON_FIPS_ALLOW))
+ {
+ RSAerr(RSA_F_RSA_VERIFY,
RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PAD
DING);
if (i <= 0) goto err;
.
patch -p0 <<' .'
Index: openssl/fips-1.0/dsa/fips_dsa_key.c
============================================================
================
$ cvs diff -u -r1.1.2.2 -r1.1.2.3 fips_dsa_key.c
--- openssl/fips-1.0/dsa/fips_dsa_key.c 28 Mar 2007
12:38:54 -0000 1.1.2.2
+++ openssl/fips-1.0/dsa/fips_dsa_key.c 6 Apr 2007
00:30:22 -0000 1.1.2.3
-63,33 +63,28
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/err.h>
+#include <openssl/evp.h>
#include <openssl/fips.h>
#ifdef OPENSSL_FIPS
static int dsa_builtin_keygen(DSA *dsa);
-static int fips_check_dsa(DSA *dsa)
- {
- static const unsigned char
str1[]="12345678901234567890";
- int r = 0;
- DSA_SIG *sig;
-
- sig = DSA_do_sign(str1, 20, dsa);
-
- if (sig)
+int fips_check_dsa(DSA *dsa)
{
- r = DSA_do_verify(str1, 20, sig, dsa);
- DSA_SIG_free(sig);
- }
+ EVP_PKEY pk;
+ unsigned char tbs[] = "DSA Pairwise Check
Data";
+ pk.type = EVP_PKEY_DSA;
+ pk.pkey.dsa = dsa;
- if(r != 1)
- {
- FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED)
;
- return 0;
+ if (!fips_pkey_signature_test(&pk, tbs, -1,
+ NULL, 0, EVP_dss1(), 0, NULL))
+ {
+ FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED
);
+ return 0;
+ }
+ return 1;
}
- return 1;
- }
int DSA_generate_key(DSA *dsa)
{
.
patch -p0 <<' .'
Index: openssl/fips-1.0/dsa/fips_dsa_ossl.c
============================================================
================
$ cvs diff -u -r1.1.4.3 -r1.1.4.4 fips_dsa_ossl.c
--- openssl/fips-1.0/dsa/fips_dsa_ossl.c 28 Mar 2007
12:38:54 -0000 1.1.4.3
+++ openssl/fips-1.0/dsa/fips_dsa_ossl.c 6 Apr 2007
00:30:22 -0000 1.1.4.4
-92,10 +92,10
dsa_bn_mod_exp,
dsa_init,
dsa_finish,
-0,
+DSA_FLAG_FIPS_METHOD,
NULL
};
-
+#if 0
int FIPS_dsa_check(struct dsa_st *dsa)
{
if(dsa->meth != &openssl_dsa_meth ||
dsa->meth->dsa_do_sign != dsa_do_sign
-110,6 +110,7
}
return 1;
}
+#endif
const DSA_METHOD *DSA_OpenSSL(void)
{
-153,7 +154,7
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
- if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto
err;
+ if
(!dsa->meth->dsa_sign_setup(dsa,ctx,&kinv,&r))
goto err;
if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
.
patch -p0 <<' .'
Index: openssl/fips-1.0/fips.c
============================================================
================
$ cvs diff -u -r1.1.4.2 -r1.1.4.3 fips.c
--- openssl/fips-1.0/fips.c 22 Mar 2007 00:38:45
-0000 1.1.4.2
+++ openssl/fips-1.0/fips.c 6 Apr 2007 00:30:19
-0000 1.1.4.3
-53,6 +53,7
#include <openssl/err.h>
#include <openssl/bio.h>
#include <openssl/hmac.h>
+#include <openssl/rsa.h>
#include <string.h>
#include <limits.h>
#include "fips_locl.h"
-381,4 +382,71
return FIPS_signature;
}
+/* Generalized public key test routine. Signs and
verifies the data
+ * supplied in tbs using mesage digest md and setting
option digest
+ * flags md_flags. If the 'kat' parameter is not NULL it
will
+ * additionally check the signature matches it: a known
answer test
+ * The string "fail_str" is used for
identification purposes in case
+ * of failure.
+ */
+
+int fips_pkey_signature_test(EVP_PKEY *pkey,
+ const unsigned char *tbs, int tbslen,
+ const unsigned char *kat, unsigned int katlen,
+ const EVP_MD *digest, unsigned int md_flags,
+ const char *fail_str)
+ {
+ int ret = 0;
+ unsigned char sigtmp[256], *sig = sigtmp;
+ unsigned int siglen;
+ EVP_MD_CTX mctx;
+ EVP_MD_CTX_init(&mctx);
+
+ if ((pkey->type == EVP_PKEY_RSA)
+ && (RSA_size(pkey->pkey.rsa) >
sizeof(sigtmp)))
+ {
+ sig = OPENSSL_malloc(RSA_size(pkey->pkey.rsa));
+ if (!sig)
+ {
+ FIPSerr(FIPS_F_FIPS_CHECK_PK_SIG,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+
+ if (tbslen == -1)
+ tbslen = strlen((char *)tbs);
+
+ if (md_flags)
+ M_EVP_MD_CTX_set_flags(&mctx, md_flags);
+
+ if (!EVP_SignInit_ex(&mctx, digest, NULL))
+ goto error;
+ if (!EVP_SignUpdate(&mctx, tbs, tbslen))
+ goto error;
+ if (!EVP_SignFinal(&mctx, sig, &siglen, pkey))
+ goto error;
+
+ if (kat && ((siglen != katlen) || memcmp(kat,
sig, katlen)))
+ goto error;
+
+ if (!EVP_VerifyInit_ex(&mctx, digest, NULL))
+ goto error;
+ if (!EVP_VerifyUpdate(&mctx, tbs, tbslen))
+ goto error;
+ ret = EVP_VerifyFinal(&mctx, sig, siglen, pkey);
+
+ error:
+ if (sig != sigtmp)
+ OPENSSL_free(sig);
+ EVP_MD_CTX_cleanup(&mctx);
+ if (ret != 1)
+ {
+ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,FIPS_R_TEST_FAILU
RE);
+ if (fail_str)
+ ERR_add_error_data(2, "Type=", fail_str);
+ return 0;
+ }
+ return 1;
+ }
+
#endif
.
patch -p0 <<' .'
Index: openssl/fips-1.0/fips.h
============================================================
================
$ cvs diff -u -r1.1.4.2 -r1.1.4.3 fips.h
--- openssl/fips-1.0/fips.h 22 Mar 2007 00:38:45
-0000 1.1.4.2
+++ openssl/fips-1.0/fips.h 6 Apr 2007 00:30:19
-0000 1.1.4.3
-56,6 +56,8
#endif
struct dsa_st;
+struct evp_pkey_st;
+struct env_md_st;
int FIPS_mode_set(int onoff);
int FIPS_mode(void);
-76,6 +78,12
int FIPS_selftest_rng(void);
int FIPS_selftest_hmac(void);
+int fips_pkey_signature_test(struct evp_pkey_st *pkey,
+ const unsigned char *tbs, int tbslen,
+ const unsigned char *kat, unsigned int katlen,
+ const struct env_md_st *digest, unsigned int
md_flags,
+ const char *fail_str);
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script
mkerr.pl. Any changes
* made after this point may be overwritten when the
script is next run.
-93,9 +101,11
#define FIPS_F_FIPS_CHECK_DSO 120
#define FIPS_F_FIPS_CHECK_EXE 106
#define FIPS_F_FIPS_CHECK_FINGERPRINT 121
+#define FIPS_F_FIPS_CHECK_PK_SIG 122
#define FIPS_F_FIPS_CHECK_RSA 115
#define FIPS_F_FIPS_DSA_CHECK 102
#define FIPS_F_FIPS_MODE_SET 105
+#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 123
#define FIPS_F_FIPS_SELFTEST_AES 104
#define FIPS_F_FIPS_SELFTEST_DES 107
#define FIPS_F_FIPS_SELFTEST_DSA 109
-125,6 +135,7
#define FIPS_R_RSA_DECRYPT_ERROR 115
#define FIPS_R_RSA_ENCRYPT_ERROR 116
#define FIPS_R_SELFTEST_FAILED 101
+#define FIPS_R_TEST_FAILURE 117
#define FIPS_R_UNSUPPORTED_PLATFORM 113
#ifdef __cplusplus
.
patch -p0 <<' .'
Index: openssl/fips-1.0/fips_locl.h
============================================================
================
$ cvs diff -u -r1.1.4.2 -r1.1.4.3 fips_locl.h
--- openssl/fips-1.0/fips_locl.h 22 Mar 2007 00:38:45
-0000 1.1.4.2
+++ openssl/fips-1.0/fips_locl.h 6 Apr 2007 00:30:20
-0000 1.1.4.3
-53,7 +53,6
extern "C" {
#endif
-/* These are trampolines implemented in crypto/cryptlib.c
*/
void fips_w_lock(void);
void fips_w_unlock(void);
void fips_r_lock(void);
.
patch -p0 <<' .'
Index: openssl/fips-1.0/fips_test_suite.c
============================================================
================
$ cvs diff -u -r1.1.4.2 -r1.1.4.3 fips_test_suite.c
--- openssl/fips-1.0/fips_test_suite.c 22 Mar 2007
00:38:46 -0000 1.1.4.2
+++ openssl/fips-1.0/fips_test_suite.c 6 Apr 2007 00:30:20
-0000 1.1.4.3
-82,49 +82,69
return 1;
}
-/* DSA: generate key and sign a known digest, then verify
the signature
- * against the digest
-*/
+/*
+ * DSA: generate keys and sign, verify input plaintext.
+ */
static int FIPS_dsa_test()
{
DSA *dsa = NULL;
+ EVP_PKEY pk;
unsigned char dgst[] = "etaonrishdlc";
- DSA_SIG *sig = NULL;
+ unsigned char buf[60];
+ unsigned int slen;
int r = 0;
+ EVP_MD_CTX mctx;
ERR_clear_error();
+ EVP_MD_CTX_init(&mctx);
dsa = FIPS_dsa_new();
if (!dsa)
- return 0;
+ goto end;
if (!DSA_generate_parameters_ex(dsa,
512,NULL,0,NULL,NULL,NULL))
- return 0;
+ goto end;
if (!DSA_generate_key(dsa))
- return 0;
- sig = DSA_do_sign(dgst,sizeof(dgst) - 1,dsa);
- if (sig)
- {
- r = DSA_do_verify(dgst,sizeof(dgst) - 1,sig,dsa);
- DSA_SIG_free(sig);
- }
+ goto end;
+
+ pk.type = EVP_PKEY_DSA;
+ pk.pkey.dsa = dsa;
+
+ if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
+ goto end;
+ if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) -
1))
+ goto end;
+ if (!EVP_SignFinal(&mctx, buf, &slen,
&pk))
+ goto end;
+
+ if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
+ goto end;
+ if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) -
1))
+ goto end;
+ r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
+ end:
+ EVP_MD_CTX_cleanup(&mctx);
+ if (dsa)
+ FIPS_dsa_free(dsa);
if (r != 1)
return 0;
- FIPS_dsa_free(dsa);
return 1;
}
-/* RSA: generate keys and encrypt and decrypt known
plaintext, verify result
- * matches the original plaintext
-*/
+/*
+ * RSA: generate keys and sign, verify input plaintext.
+ */
static int FIPS_rsa_test()
{
RSA *key;
unsigned char input_ptext[] =
"etaonrishdlc";
- unsigned char ctext[256];
- unsigned char ptext[256];
+ unsigned char buf[256];
+ unsigned int slen;
BIGNUM *bn;
- int n;
+ EVP_MD_CTX mctx;
+ EVP_PKEY pk;
+ int r;
ERR_clear_error();
+ EVP_MD_CTX_init(&mctx);
key = FIPS_rsa_new();
bn = BN_new();
if (!key || !bn)
-133,16 +153,28
if (!RSA_generate_key_ex(key, 1024,bn,NULL))
return 0;
BN_free(bn);
- n = RSA_size(key);
- n = RSA_public_encrypt(sizeof(input_ptext) -
1,input_ptext,ctext,key,RSA_PKCS1_PADDING);
- if (n < 0)
- return 0;
- n =
RSA_private_decrypt(n,ctext,ptext,key,RSA_PKCS1_PADDING);
- if (n < 0)
+
+ pk.type = EVP_PKEY_RSA;
+ pk.pkey.rsa = key;
+
+ if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))
+ goto end;
+ if (!EVP_SignUpdate(&mctx, input_ptext,
sizeof(input_ptext) - 1))
+ goto end;
+ if (!EVP_SignFinal(&mctx, buf, &slen,
&pk))
+ goto end;
+
+ if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))
+ goto end;
+ if (!EVP_VerifyUpdate(&mctx, input_ptext,
sizeof(input_ptext) - 1))
+ goto end;
+ r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
+ end:
+ EVP_MD_CTX_cleanup(&mctx);
+ if (key)
+ FIPS_rsa_free(key);
+ if (r != 1)
return 0;
- FIPS_rsa_free(key);
- if (memcmp(input_ptext,ptext,sizeof(input_ptext) -
1))
- return 0;
return 1;
}
.
patch -p0 <<' .'
Index: openssl/fips-1.0/rsa/fips_rsa_eay.c
============================================================
================
$ cvs diff -u -r1.1.4.3 -r1.1.4.4 fips_rsa_eay.c
--- openssl/fips-1.0/rsa/fips_rsa_eay.c 28 Mar 2007
12:38:55 -0000 1.1.4.3
+++ openssl/fips-1.0/rsa/fips_rsa_eay.c 6 Apr 2007
00:30:23 -0000 1.1.4.4
-139,7 +139,7
BN_mod_exp_mont, /* XXX probably we should not use
Montgomery if e == 3 */
RSA_eay_init,
RSA_eay_finish,
- 0, /* flags */
+ RSA_FLAG_FIPS_METHOD, /* flags */
NULL,
0, /* rsa_sign */
0, /* rsa_verify */
.
patch -p0 <<' .'
Index: openssl/fips-1.0/rsa/fips_rsa_gen.c
============================================================
================
$ cvs diff -u -r1.1.4.3 -r1.1.4.4 fips_rsa_gen.c
--- openssl/fips-1.0/rsa/fips_rsa_gen.c 28 Mar 2007
12:38:55 -0000 1.1.4.3
+++ openssl/fips-1.0/rsa/fips_rsa_gen.c 6 Apr 2007
00:30:24 -0000 1.1.4.4
-65,75 +65,34
#include <stdio.h>
#include <time.h>
#include <string.h>
+#include <openssl/crypto.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/err.h>
+#include <openssl/evp.h>
#include <openssl/fips.h>
#ifdef OPENSSL_FIPS
int fips_check_rsa(RSA *rsa)
- {
- int n, ret = 0;
- unsigned char tctext[256], *ctext = tctext;
- unsigned char tptext[256], *ptext = tptext;
- /* The longest we can have with PKCS#1 v1.5 padding
and a 512 bit key,
- * namely 512/8-11-1 = 52 bytes */
- static const unsigned char original_ptext[] =
- "x01x23x45x67x89xabxcdxefx01x23x45x67x89
xabxcdxef"
- "x01x23x45x67x89xabxcdxefx01x23x45x67x89
xabxcdxef"
- "x01x23x45x67x89xabxcdxefx01x23x45x67x89
xabxcdxef"
- "x01x23x45x67";
-
- if (RSA_size(rsa) > sizeof(tctext))
{
- ctext = OPENSSL_malloc(RSA_size(rsa));
- ptext = OPENSSL_malloc(RSA_size(rsa));
- if (!ctext || !ptext)
+ const unsigned char tbs[] = "RSA Pairwise Check
Data";
+ EVP_PKEY pk;
+ pk.type = EVP_PKEY_RSA;
+ pk.pkey.rsa = rsa;
+
+ if (!fips_pkey_signature_test(&pk, tbs, -1,
+ NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
+ || !fips_pkey_signature_test(&pk, tbs, -1,
+ NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, NULL)
+ || !fips_pkey_signature_test(&pk, tbs, -1,
+ NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, NULL))
{
- FIPSerr(FIPS_F_FIPS_CHECK_RSA,ERR_R_MALLOC_FAILURE);
- goto error;
+ FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED
);
+ return 0;
}
+ return 1;
}
-
-
- /* this will fail for keys shorter than 512 bits */
-
n=RSA_private_encrypt(sizeof(original_ptext)-1,original_ptex
t,ctext,rsa,
- RSA_PKCS1_PADDING);
- if(n < 0)
- {
- FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_RSA_ENCRYPT_ERROR);
- goto error;
- }
- if(!memcmp(ctext,original_ptext,n))
- {
-
FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
- goto error;
- }
-
n=RSA_public_decrypt(n,ctext,ptext,rsa,RSA_PKCS1_PADDING);
- if(n < 0)
- {
- FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_RSA_DECRYPT_ERROR);
- goto error;
- }
- if(n != sizeof(original_ptext)-1 ||
memcmp(ptext,original_ptext,n))
- {
- FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED)
;
- goto error;
- }
-
- ret = 1;
-
- error:
-
- if (RSA_size(rsa) > sizeof(tctext))
- {
- OPENSSL_free(ctext);
- OPENSSL_free(ptext);
- }
-
- return ret;
- }
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM
*e_value, BN_GENCB *cb);
.
patch -p0 <<' .'
Index: openssl/fips-1.0/rsa/fips_rsa_selftest.c
============================================================
================
$ cvs diff -u -r1.1.4.2 -r1.1.4.3 fips_rsa_selftest.c
--- openssl/fips-1.0/rsa/fips_rsa_selftest.c 22 Mar 2007
00:39:05 -0000 1.1.4.2
+++ openssl/fips-1.0/rsa/fips_rsa_selftest.c 6 Apr 2007
00:30:24 -0000 1.1.4.3
-1,5 +1,5
/*
============================================================
========
- * Copyright (c) 2003 The OpenSSL Project. All rights
reserved.
+ * Copyright (c) 2003-2007 The OpenSSL Project. All
rights reserved.
*
* Redistribution and use in source and binary forms,
with or without
* modification, are permitted provided that the
following conditions
-51,6 +51,7
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/rsa.h>
+#include <openssl/evp.h>
#include <openssl/fips_sha.h>
#include <openssl/opensslconf.h>
-68,7 +69,7
"xCB";
-static int setrsakey(RSA *key, unsigned char *c)
+static int setrsakey(RSA *key)
{
static const unsigned char e[] = "x11";
-116,16 +117,6
"x9Ex2Ex0Fx96x56xE6x98xEAx36x66xEDxFBx25x
79x80x39"
"xF7";
- static const unsigned char ctext_ex[] =
-"x42x4bxc9x51x61xd4xcaxa0x18x6cx4dxcax61
x8fx2dx07"
-"x8cx63xc5x6bxa2x4cx32xb1xdaxb7xddx32xb6
x51x68xc3"
-"x6ex98x46xd6xbbx1axd5x99x05x92x7cxd7xbc
x08x9exe4"
-"xc3x70x4dxe6x99x7ex61x31x07x7ax19xdbx3e
x11xfax3d"
-"x7cx61xd7x78x14x3fx05x16xa0xc4xbfxcdxee
xcax67x4c"
-"x80x4excax43x2fx35x43x58xa7x50x7ex3ex52
x82xabxac"
-"xa6x50xe8x39x9fxe0x7fx58x1dx1bx90x93x04
xecxb3xf9"
-"x24xd3x75x3ex39xd1x14xc6x33xcexd6xeex20
x47xecxe4";
-
key->n = BN_bin2bn(n, sizeof(n)-1, key->n);
key->e = BN_bin2bn(e, sizeof(e)-1, key->e);
key->d = BN_bin2bn(d, sizeof(d)-1, key->d);
-134,9 +125,7
key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1,
key->dmp1);
key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1,
key->dmq1);
key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1,
key->iqmp);
- memcpy(c, ctext_ex, sizeof(ctext_ex) - 1);
- return (sizeof(ctext_ex) - 1);
-
+ return 1;
}
void FIPS_corrupt_rsa()
-144,110 +133,300
n[0]++;
}
-int FIPS_selftest_rsa()
- {
- int clen, ret = 0;
- RSA *key;
- unsigned char expected_ctext[256];
- unsigned char ctext[256];
- unsigned char ptext[256];
- static const unsigned char original_ptext[] =
- "x01x23x45x67x89xabxcdxefx12x34x56x78x9a
xbcxdexf0"
- "x23x45x67x89xabxcdxefx12x34x56x78x9axbc
xdexf0x12"
- "x45x67x89xabxcdxefx12x34x56x78x9axbcxde
xf0x12x34"
- "x67x89xabxcdxefx12x34x56x78x9axbcxdexf0
x12x34x56"
- "x89xabxcdxefx12x34x56x78x9axbcxdexf0x12
x34x56x78"
- "xabxcdxefx12x34x56x78x9axbcxdexf0x12x34
x56x78x9a"
- "xcdxefx12x34x56x78x9axbcxdexf0x12x34x56
x78x9axbc"
- "xefx12x34x56x78x9axbcxdexf0x12x34x56x78
x9axbcxde"
- "xf0x12x34x56x78x9axbcxdexf0x12x34x56x78
x9axbcxde";
- unsigned char md[SHA_DIGEST_LENGTH];
- static const unsigned char mdkat[SHA_DIGEST_LENGTH]
=
- "x2dx57x1dx6fx5cx37xf9xf0x3bxb4x3cxe8x2c
x4cxb3x04"
- "x75xa2x0exfb";
- static const unsigned char ctextkat[] =
- "x3exc5x0axbex29xa2xcax9ax35x14x17x26xa4
x0fxa3x03"
- "x65xb5x37xf5x6axaaxbxfx2cx0dx8xc0x73x8
x3cx88x85"
- "x36x68x16xfex2fx59x77x7ex2ax76x9axc7x27
x19x9bx54"
- "x14x87xf3xe0xcex1ex68x10x40x14xacxbcxe6
x6fx26x1f"
- "x55xd1x15x81x48x10xf4x89xe5x67x52x42x87
x04x74x4e"
- "x96x14x7cx53xc9x1ex84x11x7dx7dx23xbdxff
x6cxcbx00"
- "x96x2ex7dxfbx47xeax78xcdxd8x04x3ax98x06
x13x68x39"
- "xa1xe2xbcx9fx64xc7x62xf0x74x4dx42xe0x0b
xcfx24x48";
- int i;
-
- /* Perform pairwise consistency test by: ... */
-
- key=FIPS_rsa_new();
- clen=setrsakey(key,expected_ctext);
- /* ...1) apply public key to plaintext, resulting
ciphertext must be
- * different
- */
- i=RSA_public_encrypt(128,original_ptext,ctext,key,
- RSA_NO_PADDING);
- if(i != clen || memcmp(ctext,expected_ctext,i))
- {
-
FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
- goto err;
- }
- if(!memcmp(ctext,original_ptext,i))
- {
-
FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
- goto err;
- }
- /* ...2) apply private key to ciphertext and compare
result to
- * original plaintext; results must be equal
- */
-
i=RSA_private_decrypt(i,ctext,ptext,key,RSA_NO_PADDING);
- if(i != 128 || memcmp(ptext,original_ptext,i))
- {
- FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
- goto err;
- }
+/* Known Answer Test (KAT) data for the above RSA private
key signing
+ * kat_tbs.
+ */
- /* Perform sign and verify Known Answer Test by...
*/
+static const unsigned char kat_tbs[] = "OpenSSL FIPS
140-2 Public Key RSA KAT";
- /* ...1) using the same RSA key to encrypt the SHA-1
hash of a
- * plaintext value larger than the RSA key size
- */
- if (RSA_size(key) >= sizeof(original_ptext) - 1)
- {
- FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
- goto err;
- }
- /* ...2) then generate the SHA-1 digest of plaintext,
and compare the
- * digest to the Known Answer (note here we duplicate
the SHA-1 KAT)
- */
- SHA1(original_ptext,sizeof(original_ptext) - 1,md);
- if(memcmp(md,mdkat,SHA_DIGEST_LENGTH))
- {
- FIPSerr(FIPS_F_FIPS_SELFTEST_SHA,FIPS_R_SELFTEST_FAILED);
- goto err;
- }
- /* ...3) then encrypt the digest, and compare the
ciphertext
- * to the Known Answer
- */
-
i=RSA_private_encrypt(sizeof(md),md,ctext,key,RSA_PKCS1_PADD
ING);
- if(i != clen || memcmp(ctextkat,ctext,i))
- {
- FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
- goto err;
- }
- /* ...4) and finally decrypt the signed digest and
compare with
- * the original Known Answer
- */
-
i=RSA_public_decrypt(i,ctext,md,key,RSA_PKCS1_PADDING);
- if(i != sizeof(md) || memcmp(mdkat,md,i))
- {
- FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
- goto err;
- }
+static const unsigned char kat_RSA_PSS_SHA1[] = {
+ 0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9,
0x46, 0xDA, 0x0F,
+ 0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D,
0xD2, 0x90, 0xBB,
+ 0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C,
0xB7, 0xF8, 0xD3,
+ 0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7,
0x83, 0xD5, 0x4C,
+ 0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51,
0x60, 0xD0, 0xA7,
+ 0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E,
0x3F, 0x9B, 0xF5,
+ 0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47,
0xF0, 0xC5, 0x45,
+ 0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F,
0xF8, 0xB7, 0x31,
+ 0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB,
0x9F, 0xBA, 0xE8,
+ 0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E,
0x20, 0x25, 0x84,
+ 0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9
+};
+
+static const unsigned char kat_RSA_PSS_SHA224[] = {
+ 0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF,
0xC5, 0x58, 0xA7,
+ 0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98,
0x08, 0x95, 0xFA,
+ 0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87,
0x7B, 0x1F, 0x57,
+ 0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55,
0x54, 0x1C, 0x89,
+ 0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC,
0x86, 0x05, 0xEE,
+ 0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64,
0x0B, 0xAB, 0x22,
+ 0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64,
0x62, 0xD1, 0xB5,
+ 0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA,
0x38, 0x24, 0x49,
+ 0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5,
0x03, 0xEA, 0x2D,
+ 0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF,
0x95, 0xC0, 0x00,
+ 0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0
+};
+
+static const unsigned char kat_RSA_PSS_SHA256[] = {
+ 0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0,
0x31, 0xE3, 0x89,
+ 0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25,
0x9A, 0xF3, 0x8F,
+ 0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D,
0x7D, 0x73, 0x28,
+ 0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3,
0x96, 0x73, 0x4E,
+ 0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D,
0x49, 0x47, 0x05,
+ 0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D,
0x6D, 0x26, 0xBA,
+ 0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A,
0xF3, 0xDA, 0xB6,
+ 0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F,
0x56, 0xCD, 0x9F,
+ 0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47,
0x12, 0xE4, 0x6D,
+ 0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E,
0x49, 0xB9, 0xF6,
+ 0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C
+};
+
+static const unsigned char kat_RSA_PSS_SHA384[] = {
+ 0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4,
0x31, 0xA8, 0xF2,
+ 0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57,
0x45, 0xCD, 0x5E,
+ 0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71,
0x44, 0x9A, 0xCD,
+ 0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F,
0x78, 0x23, 0x7F,
+ 0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31,
0xDC, 0x42, 0x6C,
+ 0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3,
0xAC, 0x4F, 0xFB,
+ 0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF,
0xD9, 0x3D, 0x2F,
+ 0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32,
0xAD, 0x42, 0x89,
+ 0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87,
0x1F, 0xCA, 0x6F,
+ 0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E,
0x60, 0xF4, 0x55,
+ 0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1
+};
+
+static const unsigned char kat_RSA_PSS_SHA512[] = {
+ 0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57,
0xAE, 0x63, 0x8C,
+ 0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F,
0x12, 0x53, 0x9A,
+ 0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51,
0xED, 0x9E, 0xDD,
+ 0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60,
0x79, 0x23, 0x39,
+ 0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67,
0x5F, 0xFE, 0xD7,
+ 0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D,
0x78, 0x55, 0x61,
+ 0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20,
0xB0, 0x85, 0x13,
+ 0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A,
0x6A, 0x39, 0x63,
+ 0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF,
0xF4, 0xA8, 0xFE,
+ 0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F,
0x80, 0xC2, 0x88,
+ 0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B
+};
+
+static const unsigned char kat_RSA_SHA1[] = {
+ 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79,
0x5C, 0xF2, 0x4C,
+ 0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61,
0x33, 0x8D, 0x9B,
+ 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55,
0x77, 0x90, 0xCF,
+ 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3,
0x3D, 0x1E, 0xF8,
+ 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88,
0x8B, 0x8B, 0xA1,
+ 0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1,
0x49, 0x30, 0xBA,
+ 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E,
0xCA, 0x2E, 0x4E,
+ 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04,
0x44, 0xE5, 0x5F,
+ 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF,
0x23, 0x48, 0x1F,
+ 0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76,
0x4B, 0x2F, 0x95,
+ 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4
+};
+
+static const unsigned char kat_RSA_SHA224[] = {
+ 0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB,
0xB7, 0x15, 0xF9,
+ 0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0,
0xA9, 0x18, 0x8D,
+ 0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5,
0x1A, 0xC5, 0x89,
+ 0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30,
0x2C, 0x9E, 0xCD,
+ 0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6,
0x45, 0x41, 0xE5,
+ 0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E,
0x0B, 0xA9, 0xCC,
+ 0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84,
0x02, 0xC6, 0x3B,
+ 0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91,
0x28, 0x3E, 0xB2,
+ 0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0,
0x66, 0xE6, 0x35,
+ 0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77,
0x82, 0xE6, 0xDC,
+ 0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D
+};
+
+static const unsigned char kat_RSA_SHA256[] = {
+ 0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05,
0x17, 0xA5, 0x23,
+ 0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20,
0x7B, 0xAA, 0x23,
+ 0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE,
0xAD, 0x6F, 0x35,
+ 0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17,
0x58, 0xB2, 0x6E,
+ 0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A,
0x90, 0x2D, 0x18,
+ 0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58,
0x7A, 0x91, 0x30,
+ 0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF,
0xE2, 0x80, 0x3A,
+ 0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE,
0x81, 0xA6, 0x38,
+ 0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C,
0xEE, 0xD1, 0xDA,
+ 0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1,
0x90, 0x27, 0x90,
+ 0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A
+};
+
+static const unsigned char kat_RSA_SHA384[] = {
+ 0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27,
0xEF, 0xE6, 0x1F,
+ 0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63,
0x56, 0x47, 0xC7,
+ 0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA,
0xFA, 0x5D, 0x5C,
+ 0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D,
0xA9, 0xA6, 0x55,
+ 0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28,
0x7F, 0xB6, 0xCF,
+ 0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19,
0x2B, 0x30, 0xC2,
+ 0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2,
0x7D, 0xEB, 0x8C,
+ 0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F,
0x8B, 0x9C, 0xCD,
+ 0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0,
0x8F, 0x99, 0xF1,
+ 0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E,
0x37, 0xDC, 0x04,
+ 0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF
+};
+
+static const unsigned char kat_RSA_SHA512[] = {
+ 0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16,
0x51, 0x5D, 0xCF,
+ 0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40,
0xF8, 0xB2, 0x9A,
+ 0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82,
0x6B, 0x32, 0xF1,
+ 0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C,
0x54, 0x9F, 0xD8,
+ 0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6,
0x53, 0x62, 0xB5,
+ 0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4,
0x75, 0x92, 0x6B,
+ 0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B,
0x1D, 0x47, 0xE6,
+ 0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16,
0x63, 0x84, 0x05,
+ 0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64,
0x71, 0xE0, 0x2D,
+ 0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB,
0x98, 0x65, 0x91,
+ 0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84
+};
+
+static const unsigned char kat_RSA_X931_SHA1[] = {
+ 0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42,
0x45, 0x4D, 0xDF,
+ 0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD,
0xC4, 0xB2, 0x75,
+ 0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E,
0x14, 0xB8, 0xAC,
+ 0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04,
0xEE, 0xA9, 0x97,
+ 0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B,
0x38, 0xBE, 0xD6,
+ 0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1,
0x1A, 0x11, 0x19,
+ 0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63,
0x0C, 0x59, 0xD7,
+ 0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D,
0x24, 0x1C, 0x99,
+ 0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB,
0xEA, 0xED, 0x76,
+ 0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84,
0x1C, 0xB3, 0x67,
+ 0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49
+};
+
+static const unsigned char kat_RSA_X931_SHA256[] = {
+ 0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F,
0x64, 0x54, 0x89,
+ 0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58,
0x92, 0x1C, 0xDD,
+ 0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05,
0x95, 0x73, 0xCF,
+ 0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8,
0x7B, 0xC8, 0x9B,
+ 0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13,
0xB8, 0xF0, 0x4B,
+ 0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4,
0x38, 0x0E, 0x98,
+ 0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E,
0x59, 0x01, 0xEC,
+ 0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46,
0x8D, 0xA0, 0x8C,
+ 0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35,
0xA1, 0x42, 0xBD,
+ 0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86,
0xF0, 0x5B, 0xDC,
+ 0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80
+};
+
+static const unsigned char kat_RSA_X931_SHA384[] = {
+ 0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB,
0x7B, 0xEC, 0x7B,
+ 0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7,
0x39, 0x37, 0xCB,
+ 0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9,
0xBE, 0x2E, 0xE3,
+ 0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7,
0x4A, 0x63, 0xF6,
+ 0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99,
0x66, 0xEE, 0x31,
+ 0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E,
0x6D, 0x8D, 0xF1,
+ 0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0,
0x60, 0x41, 0x79,
+ 0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34,
0xD5, 0x7C, 0xFF,
+ 0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5,
0x12, 0x44, 0x35,
+ 0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5,
0xDC, 0xC6, 0x6D,
+ 0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28
+};
+
+static const unsigned char kat_RSA_X931_SHA512[] = {
+ 0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64,
0x3A, 0xC1, 0x63,
+ 0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1,
0xD9, 0xDA, 0xAC,
+ 0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05,
0x9E, 0x77, 0xD7,
+ 0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E,
0xF9, 0x14, 0x28,
+ 0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA,
0xC7, 0xF8, 0xC5,
+ 0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34,
0x53, 0xD2, 0xAF,
+ 0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10,
0xE0, 0xF6, 0xD0,
+ 0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F,
0x46, 0x5F, 0x09,
+ 0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04,
0x2D, 0xFB, 0x7C,
+ 0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11,
0x30, 0x71, 0x1B,
+ 0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
+};
- ret = 1;
- err:
- FIPS_rsa_free(key);
- return ret;
- }
+int FIPS_selftest_rsa()
+ {
+ int ret = 0;
+ RSA *key = NULL;
+ EVP_PKEY pk;
+ key=FIPS_rsa_new();
+ setrsakey(key);
+ pk.type = EVP_PKEY_RSA;
+ pk.pkey.rsa = key;
+
+ if (!fips_pkey_signature_test(&pk, kat_tbs,
sizeof(kat_tbs) - 1,
+ kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
+ EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+ "RSA SHA1 PKCS#1"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs,
sizeof(kat_tbs) - 1,
+ kat_RSA_SHA224, sizeof(kat_RSA_SHA224),
+ EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+ "RSA SHA224 PKCS#1"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs,
sizeof(kat_tbs) - 1,
+ kat_RSA_SHA256, sizeof(kat_RSA_SHA256),
+ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+ "RSA SHA256 PKCS#1"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs,
sizeof(kat_tbs) - 1,
+ kat_RSA_SHA384, sizeof(kat_RSA_SHA384),
+ EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+ "RSA SHA384 PKCS#1"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs,
sizeof(kat_tbs) - 1,
+ kat_RSA_SHA512, sizeof(kat_RSA_SHA512),
+ EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+ "RSA SHA512 PKCS#1"))
+ goto err;
+
+ if (!fips_pkey_signature_test(&pk, kat_tbs,
sizeof(kat_tbs) - 1,
+ kat_RSA_PSS_SHA1, sizeof(kat_RSA_PSS_SHA1),
+ EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS,
+ "RSA SHA1 PSS"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs,
sizeof(kat_tbs) - 1,
+ kat_RSA_PSS_SHA224, sizeof(kat_RSA_PSS_SHA224),
+ EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PSS,
+ "RSA SHA224 PSS"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs,
sizeof(kat_tbs) - 1,
+ kat_RSA_PSS_SHA256, sizeof(kat_RSA_PSS_SHA256),
+ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PSS,
+ "RSA SHA256 PSS"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs,
sizeof(kat_tbs) - 1,
+ kat_RSA_PSS_SHA384, sizeof(kat_RSA_PSS_SHA384),
+ EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PSS,
+ "RSA SHA384 PSS"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs,
sizeof(kat_tbs) - 1,
+ kat_RSA_PSS_SHA512, sizeof(kat_RSA_PSS_SHA512),
+ EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PSS,
+ "RSA SHA512 PSS"))
+ goto err;
+
+
+ if (!fips_pkey_signature_test(&pk, kat_tbs,
sizeof(kat_tbs) - 1,
+ kat_RSA_X931_SHA1, sizeof(kat_RSA_X931_SHA1),
+ EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931,
+ "RSA SHA1 X931"))
+ goto err;
+ /* NB: SHA224 not supported in X9.31 */
+ if (!fips_pkey_signature_test(&pk, kat_tbs,
sizeof(kat_tbs) - 1,
+ kat_RSA_X931_SHA256, sizeof(kat_RSA_X931_SHA256),
+ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_X931,
+ "RSA SHA256 X931"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs,
sizeof(kat_tbs) - 1,
+ kat_RSA_X931_SHA384, sizeof(kat_RSA_X931_SHA384),
+ EVP_sha384(), EVP_MD_CTX_FLAG_PAD_X931,
+ "RSA SHA384 X931"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs,
sizeof(kat_tbs) - 1,
+ kat_RSA_X931_SHA512, sizeof(kat_RSA_X931_SHA512),
+ EVP_sha512(), EVP_MD_CTX_FLAG_PAD_X931,
+ "RSA SHA512 X931"))
+ goto err;
+
+
+ ret = 1;
+
+ err:
+ FIPS_rsa_free(key);
+ return ret;
+ }
#endif /* def OPENSSL_FIPS */
.
patch -p0 <<' .'
Index: openssl/fips-1.0/rsa/fips_rsa_sign.c
============================================================
================
$ cvs diff -u -r1.1.4.5 -r1.1.4.6 fips_rsa_sign.c
--- openssl/fips-1.0/rsa/fips_rsa_sign.c 4 Apr 2007
00:33:22 -0000 1.1.4.5
+++ openssl/fips-1.0/rsa/fips_rsa_sign.c 6 Apr 2007
00:30:24 -0000 1.1.4.6
-151,8 +151,15
if (pad_mode == EVP_MD_CTX_FLAG_PAD_X931)
{
+ int hash_id;
memcpy(tmpdinfo, md, m_len);
- tmpdinfo[m_len] =
RSA_X931_hash_id(M_EVP_MD_CTX_type(sv->mctx));
+ hash_id =
RSA_X931_hash_id(M_EVP_MD_CTX_type(sv->mctx));
+ if (hash_id == -1)
+ {
+ RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+ return 0;
+ }
+ tmpdinfo[m_len] = (unsigned char)hash_id;
i = m_len + 1;
rsa_pad_mode = RSA_X931_PADDING;
}
-164,7 +171,7
if (!der)
{
RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
- return(0);
+ return 0;
}
memcpy(tmpdinfo, der, dlen);
memcpy(tmpdinfo + dlen, md, m_len);
-273,12 +280,19
if (pad_mode == EVP_MD_CTX_FLAG_PAD_X931)
{
+ int hash_id;
if (i != (int)(diglen + 1))
{
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
goto err;
}
- if (s[diglen] !=
RSA_X931_hash_id(M_EVP_MD_CTX_type(sv->mctx)))
+ hash_id =
RSA_X931_hash_id(M_EVP_MD_CTX_type(sv->mctx));
+ if (hash_id == -1)
+ {
+ RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+ goto err;
+ }
+ if (s[diglen] != (unsigned char)hash_id)
{
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
goto err;
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|
