Redirect RSA keygen, sign, verify to FIPS module.

diff --git a/CHANGES b/CHANGES
index 466d9528f19140e34f0e4d23ed0aa06a0ab6206c..eb5a06b1aabc686cd8d28480017d2accdf0526f6 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,8 +4,8 @@
 
  Changes between 1.0.0d and 1.0.1  [xx XXX xxxx]
 
-  *) Redirect low level RSA operations to FIPS module including blocking of
-     non FIPS RSA methods.
+  *) Redirect RSA operations to FIPS module including keygen,
+     encrypt, decrypt, sign and verify. Block use of non FIPS RSA methods.
      [Steve Henson]
 
   *) Add similar low level API blocking to ciphers.

diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index 68ae2e799d5e06d470b1990852c2c072b7f9d4be..71da4b64222369c75eb368a91d285d3874759a05 100644 (file)
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -455,6 +455,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_PKEY_RSA_CTRL                             143
 #define RSA_F_PKEY_RSA_CTRL_STR                                 144
 #define RSA_F_PKEY_RSA_SIGN                             142
+#define RSA_F_PKEY_RSA_VERIFY                           154
 #define RSA_F_PKEY_RSA_VERIFYRECOVER                    141
 #define RSA_F_RSA_BUILTIN_KEYGEN                        129
 #define RSA_F_RSA_CHECK_KEY                             123
@@ -463,6 +464,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_EAY_PUBLIC_DECRYPT                    103
 #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT                    104
 #define RSA_F_RSA_GENERATE_KEY                          105
+#define RSA_F_RSA_GENERATE_KEY_EX                       155
 #define RSA_F_RSA_MEMORY_LOCK                           130
 #define RSA_F_RSA_NEW_METHOD                            106
 #define RSA_F_RSA_NULL                                  124
@@ -541,6 +543,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING                         113
 #define RSA_R_N_DOES_NOT_EQUAL_P_Q                      127
 #define RSA_R_OAEP_DECODING_ERROR                       121
+#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE        151
 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE  148
 #define RSA_R_PADDING_CHECK_FAILED                      114
 #define RSA_R_P_NOT_PRIME                               128

diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index e1bacbeee6a4e041969fc27bb793fdb71e44d2a9..d0c9659cb53681e00d12cb3cb57563c3b1772be5 100644 (file)
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -78,6 +78,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_FUNC(RSA_F_PKEY_RSA_CTRL),        "PKEY_RSA_CTRL"},
 {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR),    "PKEY_RSA_CTRL_STR"},
 {ERR_FUNC(RSA_F_PKEY_RSA_SIGN),        "PKEY_RSA_SIGN"},
+{ERR_FUNC(RSA_F_PKEY_RSA_VERIFY),      "PKEY_RSA_VERIFY"},
 {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER),       "PKEY_RSA_VERIFYRECOVER"},
 {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN),   "RSA_BUILTIN_KEYGEN"},
 {ERR_FUNC(RSA_F_RSA_CHECK_KEY),        "RSA_check_key"},
@@ -86,6 +87,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT),       "RSA_EAY_PUBLIC_DECRYPT"},
 {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT),       "RSA_EAY_PUBLIC_ENCRYPT"},
 {ERR_FUNC(RSA_F_RSA_GENERATE_KEY),     "RSA_generate_key"},
+{ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX),  "RSA_generate_key_ex"},
 {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK),      "RSA_memory_lock"},
 {ERR_FUNC(RSA_F_RSA_NEW_METHOD),       "RSA_new_method"},
 {ERR_FUNC(RSA_F_RSA_NULL),     "RSA_NULL"},
@@ -167,6 +169,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
 {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},
 {ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
+{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
 {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
 {ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
 {ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},

diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 767f7ab682ad8beff40c7234931e5dc4d39b9aa3..c37d54430c0b78377eb29547742c5edf1d616eaf 100644 (file)
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -67,6 +67,9 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
 
@@ -77,6 +80,18 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
  * now just because key-generation is part of RSA_METHOD. */
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
        {
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               {
+               if (rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+                       return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
+               if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+                       {
+                       RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
+                       return 0;
+                       }
+               }
+#endif
        if(rsa->meth->rsa_keygen)
                return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
        return rsa_builtin_keygen(rsa, bits, e_value, cb);

diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 60bf6145abe651703d188dd8bf0b694199122ee1..7d19f66709e53ea8f621dd1da36e6cf0110dbc55 100644 (file)
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -63,6 +63,9 @@
 #include <openssl/rsa.h>
 #include <openssl/bn.h>
 #include <openssl/evp.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 #include "evp_locl.h"
 #include "rsa_locl.h"
 
@@ -151,6 +154,30 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
                }
        }
 
+/* FIP checker. Return value indicates status of context parameters:
+ * 1  : redirect to FIPS.
+ * 0  : don't redirect to FIPS.
+ * -1 : illegal operation in FIPS mode.
+ */
+
+static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx)
+       {
+       RSA_PKEY_CTX *rctx = ctx->data;
+       RSA *rsa = ctx->pkey->pkey.rsa;
+       int rv = -1;
+       if (!FIPS_mode())
+               return 0;
+       if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
+               rv = 0;
+       if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
+               return -1;
+       if (rctx->md && !(rctx->md->flags & EVP_MD_FLAG_FIPS))
+               return rv;
+       if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS))
+               return rv;
+       return 1;
+       }
+
 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                                        const unsigned char *tbs, size_t tbslen)
        {
@@ -158,6 +185,15 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
        RSA_PKEY_CTX *rctx = ctx->data;
        RSA *rsa = ctx->pkey->pkey.rsa;
 
+#ifdef OPENSSL_FIPS
+       ret = pkey_fips_check_ctx(ctx);
+       if (ret < 0)
+               {
+               RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+               return -1;
+               }
+#endif
+
        if (rctx->md)
                {
                if (tbslen != (size_t)EVP_MD_size(rctx->md))
@@ -166,6 +202,22 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                                        RSA_R_INVALID_DIGEST_LENGTH);
                        return -1;
                        }
+#ifdef OPENSSL_FIPS
+               if (ret > 0)
+                       {
+                       unsigned int slen;
+                       ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
+                                                       rctx->pad_mode,
+                                                       rctx->saltlen,
+                                                       rctx->mgf1md,
+                                                       sig, &slen);
+                       if (ret > 0)
+                               *siglen = slen;
+                       else
+                               *siglen = 0;
+                       return ret;
+                       }
+#endif
                if (rctx->pad_mode == RSA_X931_PADDING)
                        {
                        if (!setup_tbuf(rctx, ctx))
@@ -274,8 +326,30 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
        RSA_PKEY_CTX *rctx = ctx->data;
        RSA *rsa = ctx->pkey->pkey.rsa;
        size_t rslen;
+#ifdef OPENSSL_FIPS
+       int rv;
+       rv = pkey_fips_check_ctx(ctx);
+       if (rv < 0)
+               {
+               RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+               return -1;
+               }
+#endif
        if (rctx->md)
                {
+#ifdef OPENSSL_FIPS
+               if (rv > 0)
+                       {
+                       return FIPS_rsa_verify_digest(rsa,
+                                                       tbs, tbslen,
+                                                       rctx->md,
+                                                       rctx->pad_mode,
+                                                       rctx->saltlen,
+                                                       rctx->mgf1md,
+                                                       sig, siglen);
+                                                       
+                       }
+#endif
                if (rctx->pad_mode == RSA_PKCS1_PADDING)
                        return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
                                        sig, siglen, rsa);