From: Dr. Stephen Henson Date: Wed, 24 Jan 2007 13:00:15 +0000 (+0000) Subject: Remove ASN1 library (and other) dependencies from fipscanister.o X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8e664b2055465d8cf63648a78810db6217a7abfc;p=oweals%2Fopenssl.git Remove ASN1 library (and other) dependencies from fipscanister.o --- diff --git a/CHANGES b/CHANGES index 8bc58cf98d..8f20c5a3fa 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,11 @@ Changes between 0.9.7l and 0.9.7m-fips2 [xx XXX xxxx] - *) + *) New version of RSA_{sign,verify} for FIPS code. This uses pregenerated + DigestInfo encodings and thus avoids all ASN1 library dependencies. Update + FIPS digests to use new functions. Remove large numbers of obsolete + dependencies from fipscanister.o + [Steve Henson] Changes between 0.9.7l and 0.9.7m [xx XXX xxxx] diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index 60da93873c..a18bab114f 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -63,6 +63,9 @@ #include #include +#define EVP_PKEY_RSA_fips_method FIPS_rsa_sign,FIPS_rsa_verify, \ + {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} + static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } @@ -90,7 +93,11 @@ static const EVP_MD sha1_md= final, NULL, NULL, +#ifdef OPENSSL_FIPS + EVP_PKEY_RSA_fips_method, +#else EVP_PKEY_RSA_method, +#endif SHA_CBLOCK, sizeof(EVP_MD *)+sizeof(SHA_CTX), }; @@ -131,7 +138,7 @@ static const EVP_MD sha224_md= final256, NULL, NULL, - EVP_PKEY_RSA_method, + EVP_PKEY_RSA_fips_method, SHA256_CBLOCK, sizeof(EVP_MD *)+sizeof(SHA256_CTX), }; @@ -150,7 +157,7 @@ static const EVP_MD sha256_md= final256, NULL, NULL, - EVP_PKEY_RSA_method, + EVP_PKEY_RSA_fips_method, SHA256_CBLOCK, sizeof(EVP_MD *)+sizeof(SHA256_CTX), }; @@ -184,7 +191,7 @@ static const EVP_MD sha384_md= final512, NULL, NULL, - EVP_PKEY_RSA_method, + EVP_PKEY_RSA_fips_method, SHA512_CBLOCK, sizeof(EVP_MD *)+sizeof(SHA512_CTX), }; @@ -203,7 +210,7 @@ static const EVP_MD sha512_md= final512, NULL, NULL, - EVP_PKEY_RSA_method, + EVP_PKEY_RSA_fips_method, SHA512_CBLOCK, sizeof(EVP_MD *)+sizeof(SHA512_CTX), }; diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 9eda269586..764cea35f8 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -276,6 +276,13 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_length, int RSA_verify(int type, const unsigned char *m, unsigned int m_length, unsigned char *sigbuf, unsigned int siglen, RSA *rsa); +#ifdef OPENSSL_FIPS +int FIPS_rsa_sign(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); +int FIPS_rsa_verify(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigbuf, unsigned int siglen, RSA *rsa); +#endif + /* The following 2 function sign and verify a ASN1_OCTET_STRING * object inside PKCS#1 padded RSA encryption */ int RSA_sign_ASN1_OCTET_STRING(int type, diff --git a/fips-1.0/Makefile b/fips-1.0/Makefile index 917da8b5da..c6812e6455 100644 --- a/fips-1.0/Makefile +++ b/fips-1.0/Makefile @@ -226,27 +226,6 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ ../crypto/aes/aes_cfb.o \ ../crypto/aes/aes_ecb.o \ ../crypto/aes/aes_ofb.o \ - ../crypto/asn1/a_bitstr.o \ - ../crypto/asn1/a_bytes.o \ - ../crypto/asn1/a_dup.o \ - ../crypto/asn1/a_int.o \ - ../crypto/asn1/a_object.o \ - ../crypto/asn1/asn1_err.o \ - ../crypto/asn1/asn1_lib.o \ - ../crypto/asn1/a_type.o \ - ../crypto/asn1/evp_asn1.o \ - ../crypto/asn1/tasn_dec.o \ - ../crypto/asn1/tasn_enc.o \ - ../crypto/asn1/tasn_fre.o \ - ../crypto/asn1/tasn_new.o \ - ../crypto/asn1/tasn_typ.o \ - ../crypto/asn1/tasn_utl.o \ - ../crypto/asn1/t_pkey.o \ - ../crypto/asn1/x_algor.o \ - ../crypto/asn1/x_bignum.o \ - ../crypto/asn1/x_long.o \ - ../crypto/asn1/x_sig.o \ - ../crypto/bio/bio_err.o \ ../crypto/bio/bio_lib.o \ ../crypto/bio/b_print.o \ ../crypto/bio/bss_file.o \ @@ -254,7 +233,6 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ ../crypto/bn/bn_blind.o \ ../crypto/bn/bn_ctx.o \ ../crypto/bn/bn_div.o \ - ../crypto/bn/bn_err.o \ ../crypto/bn/bn_exp2.o \ ../crypto/bn/bn_exp.o \ ../crypto/bn/bn_gcd.o \ @@ -270,10 +248,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ ../crypto/bn/bn_sqr.o \ ../crypto/bn/bn_word.o \ ../crypto/bn/bn_x931p.o \ - ../crypto/buffer/buf_err.o \ ../crypto/buffer/buffer.o \ - ../crypto/conf/conf_err.o \ - ../crypto/cpt_err.o \ ../crypto/cryptlib.o \ ../crypto/des/cfb64ede.o \ ../crypto/des/cfb64enc.o \ @@ -283,38 +258,23 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ ../crypto/des/ecb_enc.o \ ../crypto/des/ofb64ede.o \ ../crypto/des/ofb64enc.o \ - ../crypto/dh/dh_err.o \ ../crypto/dh/dh_lib.o \ - ../crypto/dsa/dsa_asn1.o \ - ../crypto/dsa/dsa_err.o \ ../crypto/dsa/dsa_lib.o \ ../crypto/dsa/dsa_sign.o \ ../crypto/dsa/dsa_vrf.o \ - ../crypto/dso/dso_err.o \ - ../crypto/ec/ec_err.o \ - ../crypto/engine/eng_err.o \ ../crypto/engine/eng_init.o \ ../crypto/engine/eng_lib.o \ ../crypto/engine/eng_list.o \ ../crypto/engine/eng_table.o \ - ../crypto/engine/tb_cipher.o \ ../crypto/engine/tb_dh.o \ ../crypto/engine/tb_digest.o \ ../crypto/engine/tb_dsa.o \ ../crypto/engine/tb_rand.o \ ../crypto/engine/tb_rsa.o \ - ../crypto/err/err_all.o \ ../crypto/err/err.o \ ../crypto/err/err_prn.o \ ../crypto/evp/digest.o \ - ../crypto/evp/e_aes.o \ - ../crypto/evp/e_des3.o \ - ../crypto/evp/e_des.o \ - ../crypto/evp/evp_enc.o \ - ../crypto/evp/evp_err.o \ - ../crypto/evp/evp_lib.o \ ../crypto/evp/m_sha1.o \ - ../crypto/evp/p_lib.o \ ../crypto/evp/p_sign.o \ ../crypto/evp/p_verify.o \ ../crypto/ex_data.o \ @@ -322,36 +282,23 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ ../crypto/mem_clr.o \ ../crypto/mem_dbg.o \ ../crypto/mem.o \ - ../crypto/objects/obj_dat.o \ - ../crypto/objects/obj_err.o \ - ../crypto/objects/obj_lib.o \ - ../crypto/ocsp/ocsp_err.o \ - ../crypto/pem/pem_err.o \ - ../crypto/pkcs12/pk12err.o \ - ../crypto/pkcs7/pkcs7err.o \ ../crypto/rand/md_rand.o \ ../crypto/rand/rand_egd.o \ - ../crypto/rand/rand_err.o \ ../crypto/rand/randfile.o \ ../crypto/rand/rand_lib.o \ ../crypto/rand/rand_os2.o \ ../crypto/rand/rand_unix.o \ ../crypto/rand/rand_win.o \ - ../crypto/rsa/rsa_err.o \ ../crypto/rsa/rsa_lib.o \ ../crypto/rsa/rsa_none.o \ ../crypto/rsa/rsa_oaep.o \ ../crypto/rsa/rsa_pk1.o \ ../crypto/rsa/rsa_pss.o \ - ../crypto/rsa/rsa_sign.o \ ../crypto/rsa/rsa_ssl.o \ ../crypto/rsa/rsa_x931.o \ ../crypto/stack/stack.o \ ../crypto/uid.o \ - ../crypto/ui/ui_err.o \ - ../crypto/x509v3/v3err.o \ - ../crypto/x509v3/v3_hex.o \ - ../crypto/x509/x509_err.o + ../crypto/x509v3/v3_hex.o # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/fips-1.0/rsa/Makefile b/fips-1.0/rsa/Makefile index 179df4758a..0fdeb63fbd 100644 --- a/fips-1.0/rsa/Makefile +++ b/fips-1.0/rsa/Makefile @@ -22,8 +22,10 @@ TEST= fips_rsavtest.c fips_rsastest.c fips_rsagtest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=fips_rsa_eay.c fips_rsa_gen.c fips_rsa_selftest.c fips_rsa_x931g.c -LIBOBJ=fips_rsa_eay.o fips_rsa_gen.o fips_rsa_selftest.o fips_rsa_x931g.o +LIBSRC=fips_rsa_eay.c fips_rsa_gen.c fips_rsa_selftest.c fips_rsa_x931g.c \ + fips_rsa_sign.c +LIBOBJ=fips_rsa_eay.o fips_rsa_gen.o fips_rsa_selftest.o fips_rsa_x931g.o \ + fips_rsa_sign.o SRC= $(LIBSRC) diff --git a/fips-1.0/rsa/fips_rsa_sign.c b/fips-1.0/rsa/fips_rsa_sign.c new file mode 100644 index 0000000000..df1ca2de5d --- /dev/null +++ b/fips-1.0/rsa/fips_rsa_sign.c @@ -0,0 +1,231 @@ +/* fips_rsa_sign.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2007. + */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include + +/* FIPS versions of RSA_sign() and RSA_verify(). + * These will only have to deal with SHA* signatures and by including + * pregenerated encodings all ASN1 dependencies can be avoided + */ + +static const unsigned char sha1_bin[] = { + 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, + 0x00, 0x04, 0x14 +}; + +static const unsigned char sha224_bin[] = { + 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c +}; + +static const unsigned char sha256_bin[] = { + 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 +}; + +static const unsigned char sha384_bin[] = { + 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30 +}; + +static const unsigned char sha512_bin[] = { + 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 +}; + + +static const unsigned char *fips_digestinfo_encoding(int nid, unsigned int *len) + { + switch (nid) + { + + case NID_sha1: + *len = sizeof(sha1_bin); + return sha1_bin; + + case NID_sha224: + *len = sizeof(sha224_bin); + return sha224_bin; + + case NID_sha256: + *len = sizeof(sha256_bin); + return sha256_bin; + + case NID_sha384: + *len = sizeof(sha384_bin); + return sha384_bin; + + case NID_sha512: + *len = sizeof(sha512_bin); + return sha512_bin; + + default: + return NULL; + + } + } + +int FIPS_rsa_sign(int type, const unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa) + { + int i,j,ret=1; + unsigned int dlen; + const unsigned char *der; + /* Largest DigestInfo: 19 (max encoding) + max MD */ + unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE]; + if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) + { + return rsa->meth->rsa_sign(type, m, m_len, + sigret, siglen, rsa); + } + + if(m_len > EVP_MAX_MD_SIZE) + { + RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH); + return 0; + } + + der = fips_digestinfo_encoding(type, &dlen); + + if (!der) + { + RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); + return(0); + } + memcpy(tmpdinfo, der, dlen); + memcpy(tmpdinfo + dlen, m, m_len); + + i = dlen + m_len; + + j=RSA_size(rsa); + if (i > (j-RSA_PKCS1_PADDING_SIZE)) + { + RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); + return(0); + } + j=RSA_private_encrypt(i,tmpdinfo,sigret,rsa,RSA_PKCS1_PADDING); + if (j <= 0) + ret=0; + else + *siglen=j; + + OPENSSL_cleanse(tmpdinfo,i); + return(ret); + } + +int FIPS_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, RSA *rsa) + { + int i,ret=0; + unsigned int dlen; + unsigned char *s; + const unsigned char *der; + + if (siglen != (unsigned int)RSA_size(rsa)) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); + return(0); + } + + if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) + { + return rsa->meth->rsa_verify(dtype, m, m_len, + sigbuf, siglen, rsa); + } + + s= OPENSSL_malloc((unsigned int)siglen); + if (s == NULL) + { + RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); + goto err; + } + + i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); + + if (i <= 0) goto err; + + der = fips_digestinfo_encoding(dtype, &dlen); + + if (!der) + { + RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); + return(0); + } + + /* Compare, DigestInfo length, DigestInfo header and finally + * digest value itself + */ + if ((i != (dlen + m_len)) || memcmp(der, s, dlen) + || memcmp(s + dlen, m, m_len)) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + goto err; + } + else + ret = 1; +err: + if (s != NULL) + { + OPENSSL_cleanse(s, siglen); + OPENSSL_free(s); + } + return(ret); + }