#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/fips.h>
+#include "fips_locl.h"
#ifdef OPENSSL_FIPS
NULL, 0, EVP_dss1(), 0, NULL))
{
FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
+ fips_set_selftest_fail();
return 0;
}
return 1;
}
}
+void fips_set_selftest_fail(void)
+ {
+ fips_selftest_fail = 1;
+ }
+
int FIPS_selftest()
{
void fips_set_started(void);
int fips_is_owning_thread(void);
int fips_set_owning_thread(void);
+void fips_set_selftest_fail(void);
int fips_clear_owning_thread(void);
unsigned char *fips_signature_witness(void);
dsa = FIPS_dsa_new();
if (!dsa)
goto end;
- if (!DSA_generate_parameters_ex(dsa, 512,NULL,0,NULL,NULL,NULL))
+ if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
goto end;
if (!DSA_generate_key(dsa))
goto end;
dh = FIPS_dh_new();
if (!dh)
return 0;
- if (!DH_generate_parameters_ex(dh, 256, 2, NULL))
+ if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
return 0;
FIPS_dh_free(dh);
return 1;
#endif
#include <string.h>
#include <openssl/fips.h>
+#include "fips_locl.h"
#ifdef OPENSSL_FIPS
for (i = 0; i < AES_BLOCK_LENGTH; i++)
tmp[i] = R[i] ^ I[i];
AES_encrypt(tmp, ctx->V, &ctx->ks);
+ /* Continuouse PRNG test */
if (ctx->second)
{
if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH))
{
RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_STUCK);
ctx->error = 1;
+ fips_set_selftest_fail();
return 0;
}
}
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/fips.h>
+#include "fips_locl.h"
#ifdef OPENSSL_FIPS
int fips_check_rsa(RSA *rsa)
{
const unsigned char tbs[] = "RSA Pairwise Check Data";
+ unsigned char *ctbuf = NULL, *ptbuf = NULL;
+ int len, ret = 0;
EVP_PKEY pk;
pk.type = EVP_PKEY_RSA;
pk.pkey.rsa = rsa;
+ /* Perform pairwise consistency signature test */
if (!fips_pkey_signature_test(&pk, tbs, -1,
NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
|| !fips_pkey_signature_test(&pk, tbs, -1,
NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, NULL)
|| !fips_pkey_signature_test(&pk, tbs, -1,
NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, NULL))
+ goto err;
+ /* Now perform pairwise consistency encrypt/decrypt test */
+ ctbuf = OPENSSL_malloc(RSA_size(rsa));
+ if (!ctbuf)
+ goto err;
+
+ len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING);
+ if (len <= 0)
+ goto err;
+ /* Check ciphertext doesn't match plaintext */
+ if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
+ goto err;
+ ptbuf = OPENSSL_malloc(RSA_size(rsa));
+
+ if (!ptbuf)
+ goto err;
+ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
+ if (len != (sizeof(tbs) - 1))
+ goto err;
+ if (memcmp(ptbuf, tbs, len))
+ goto err;
+
+ ret = 1;
+
+ if (!ptbuf)
+ goto err;
+
+ err:
+ if (ret == 0)
{
+ fips_set_selftest_fail();
FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
- return 0;
}
- return 1;
+
+ if (ctbuf)
+ OPENSSL_free(ctbuf);
+ if (ptbuf)
+ OPENSSL_free(ptbuf);
+
+ return ret;
}
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
static int fips_rsa_sign(int type, const unsigned char *x, unsigned int y,
unsigned char *sigret, unsigned int *siglen, EVP_MD_SVCTX *sv)
{
- int i,j,ret=0;
+ int i=0,j,ret=0;
unsigned int dlen;
const unsigned char *der;
unsigned int m_len;
int pad_mode = sv->mctx->flags & EVP_MD_CTX_FLAG_PAD_MASK;
- int rsa_pad_mode;
+ int rsa_pad_mode = 0;
RSA *rsa = sv->key;
/* Largest DigestInfo: 19 (max encoding) + max MD */
unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
int i,ret=0;
unsigned int dlen, diglen;
int pad_mode = sv->mctx->flags & EVP_MD_CTX_FLAG_PAD_MASK;
- int rsa_pad_mode;
+ int rsa_pad_mode = 0;
unsigned char *s;
const unsigned char *der;
unsigned char dig[EVP_MAX_MD_SIZE];