* - Geoff
*/
-#define OPENSSL_FIPSAPI
+
#include <stdio.h>
#include <time.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
-#ifdef OPENSSL_FIPS
-
-
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include <openssl/evp.h>
-
-/* Check PRNG has sufficient security level to handle an RSA operation */
-
-int fips_check_rsa_prng(RSA *rsa, int bits)
- {
- int strength;
- if (!FIPS_module_mode())
- return 1;
-
- if (rsa->flags & (RSA_FLAG_NON_FIPS_ALLOW|RSA_FLAG_CHECKED))
- return 1;
-
- if (bits == 0)
- bits = BN_num_bits(rsa->n);
-
- /* Should never happen */
- if (bits < 1024)
- {
- FIPSerr(FIPS_F_FIPS_CHECK_RSA_PRNG,FIPS_R_KEY_TOO_SHORT);
- return 0;
- }
- /* From SP800-57 */
- if (bits < 2048)
- strength = 80;
- else if (bits < 3072)
- strength = 112;
- else if (bits < 7680)
- strength = 128;
- else if (bits < 15360)
- strength = 192;
- else
- strength = 256;
-
- if (FIPS_rand_strength() >= strength)
- return 1;
-
- FIPSerr(FIPS_F_FIPS_CHECK_RSA_PRNG,FIPS_R_PRNG_STRENGTH_TOO_LOW);
- return 0;
- }
-
-
-int fips_check_rsa(RSA *rsa)
- {
- const unsigned char tbs[] = "RSA Pairwise Check Data";
- unsigned char *ctbuf = NULL, *ptbuf = NULL;
- int len, ret = 0;
- EVP_PKEY pk;
- pk.type = EVP_PKEY_RSA;
- pk.pkey.rsa = rsa;
-
- /* Perform pairwise consistency signature test */
- if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0,
- NULL, 0, NULL, RSA_PKCS1_PADDING, NULL)
- || !fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0,
- NULL, 0, NULL, RSA_X931_PADDING, NULL)
- || !fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0,
- NULL, 0, NULL, RSA_PKCS1_PSS_PADDING, NULL))
- goto err;
- /* Now perform pairwise consistency encrypt/decrypt test */
- ctbuf = OPENSSL_malloc(RSA_size(rsa));
- if (!ctbuf)
- goto err;
-
- len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING);
- if (len <= 0)
- goto err;
- /* Check ciphertext doesn't match plaintext */
- if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
- goto err;
- ptbuf = OPENSSL_malloc(RSA_size(rsa));
-
- if (!ptbuf)
- goto err;
- len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
- if (len != (sizeof(tbs) - 1))
- goto err;
- if (memcmp(ptbuf, tbs, len))
- goto err;
-
- ret = 1;
-
- if (!ptbuf)
- goto err;
-
- err:
- if (ret == 0)
- {
- fips_set_selftest_fail();
- FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
- }
-
- if (ctbuf)
- OPENSSL_free(ctbuf);
- if (ptbuf)
- OPENSSL_free(ptbuf);
-
- return ret;
- }
-#endif
-
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
/* NB: this wrapper would normally be placed in rsa_lib.c and the static
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
{
BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
- BIGNUM local_r0,local_d,local_p;
+ BIGNUM *local_r0, *local_d, *local_p;
BIGNUM *pr0,*d,*p;
int bitsp,bitsq,ok= -1,n=0;
BN_CTX *ctx=NULL;
-#ifdef OPENSSL_FIPS
- if(FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED);
- return 0;
- }
-
- if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
- && (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
- {
- FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
- return 0;
- }
- if (!fips_check_rsa_prng(rsa, bits))
- return 0;
-#endif
+ local_r0 = BN_new();
+ local_d = BN_new();
+ local_p = BN_new();
+ if(!local_r0 || !local_d || !local_p)
+ goto err;
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
- pr0 = &local_r0;
+ pr0 = local_r0;
BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
}
else
/* set up d for correct BN_FLG_CONSTTIME flag */
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
- d = &local_d;
+ d = local_d;
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
}
else
/* calculate inverse of q mod p */
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
- p = &local_p;
+ p = local_p;
BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
}
else
p = rsa->p;
if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
-#ifdef OPENSSL_FIPS
- if(!fips_check_rsa(rsa))
- goto err;
-#endif
-
ok=1;
err:
+ if(local_r0) BN_free(local_r0);
+ if(local_d) BN_free(local_d);
+ if(local_p) BN_free(local_p);
if (ok == -1)
{
RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN);
projects / oweals / openssl.git / blobdiff