From 2ac869590f27131dad6e393d314946a0ee1b0dab Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 15 Aug 2007 00:36:05 +0000 Subject: [PATCH] Indicate failure if any selftest fails. Increase keysizes in fips_test_suite --- fips-1.0/dsa/fips_dsa_key.c | 2 ++ fips-1.0/fips.c | 5 +++++ fips-1.0/fips_locl.h | 1 + fips-1.0/fips_test_suite.c | 4 ++-- fips-1.0/rand/fips_rand.c | 3 +++ fips-1.0/rsa/fips_rsa_gen.c | 43 ++++++++++++++++++++++++++++++++++-- fips-1.0/rsa/fips_rsa_sign.c | 6 ++--- 7 files changed, 57 insertions(+), 7 deletions(-) diff --git a/fips-1.0/dsa/fips_dsa_key.c b/fips-1.0/dsa/fips_dsa_key.c index 3798f488fb..b43b0c181e 100644 --- a/fips-1.0/dsa/fips_dsa_key.c +++ b/fips-1.0/dsa/fips_dsa_key.c @@ -65,6 +65,7 @@ #include #include #include +#include "fips_locl.h" #ifdef OPENSSL_FIPS @@ -81,6 +82,7 @@ int fips_check_dsa(DSA *dsa) NULL, 0, EVP_dss1(), 0, NULL)) { FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED); + fips_set_selftest_fail(); return 0; } return 1; diff --git a/fips-1.0/fips.c b/fips-1.0/fips.c index 469e847f66..0518a2e97e 100644 --- a/fips-1.0/fips.c +++ b/fips-1.0/fips.c @@ -147,6 +147,11 @@ void FIPS_selftest_check(void) } } +void fips_set_selftest_fail(void) + { + fips_selftest_fail = 1; + } + int FIPS_selftest() { diff --git a/fips-1.0/fips_locl.h b/fips-1.0/fips_locl.h index 06cb64d832..03fed36e3c 100644 --- a/fips-1.0/fips_locl.h +++ b/fips-1.0/fips_locl.h @@ -61,6 +61,7 @@ int fips_is_started(void); void fips_set_started(void); int fips_is_owning_thread(void); int fips_set_owning_thread(void); +void fips_set_selftest_fail(void); int fips_clear_owning_thread(void); unsigned char *fips_signature_witness(void); diff --git a/fips-1.0/fips_test_suite.c b/fips-1.0/fips_test_suite.c index 7da954654e..3410f3449f 100644 --- a/fips-1.0/fips_test_suite.c +++ b/fips-1.0/fips_test_suite.c @@ -100,7 +100,7 @@ static int FIPS_dsa_test() dsa = FIPS_dsa_new(); if (!dsa) goto end; - if (!DSA_generate_parameters_ex(dsa, 512,NULL,0,NULL,NULL,NULL)) + if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL)) goto end; if (!DSA_generate_key(dsa)) goto end; @@ -354,7 +354,7 @@ static int dh_test() dh = FIPS_dh_new(); if (!dh) return 0; - if (!DH_generate_parameters_ex(dh, 256, 2, NULL)) + if (!DH_generate_parameters_ex(dh, 1024, 2, NULL)) return 0; FIPS_dh_free(dh); return 1; diff --git a/fips-1.0/rand/fips_rand.c b/fips-1.0/rand/fips_rand.c index b4e83bca9e..478e836e6c 100644 --- a/fips-1.0/rand/fips_rand.c +++ b/fips-1.0/rand/fips_rand.c @@ -77,6 +77,7 @@ #endif #include #include +#include "fips_locl.h" #ifdef OPENSSL_FIPS @@ -294,12 +295,14 @@ static int fips_rand(FIPS_PRNG_CTX *ctx, for (i = 0; i < AES_BLOCK_LENGTH; i++) tmp[i] = R[i] ^ I[i]; AES_encrypt(tmp, ctx->V, &ctx->ks); + /* Continuouse PRNG test */ if (ctx->second) { if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH)) { RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_STUCK); ctx->error = 1; + fips_set_selftest_fail(); return 0; } } diff --git a/fips-1.0/rsa/fips_rsa_gen.c b/fips-1.0/rsa/fips_rsa_gen.c index 7ea6873419..e384dcaba0 100644 --- a/fips-1.0/rsa/fips_rsa_gen.c +++ b/fips-1.0/rsa/fips_rsa_gen.c @@ -71,27 +71,66 @@ #include #include #include +#include "fips_locl.h" #ifdef OPENSSL_FIPS int fips_check_rsa(RSA *rsa) { const unsigned char tbs[] = "RSA Pairwise Check Data"; + unsigned char *ctbuf = NULL, *ptbuf = NULL; + int len, ret = 0; EVP_PKEY pk; pk.type = EVP_PKEY_RSA; pk.pkey.rsa = rsa; + /* Perform pairwise consistency signature test */ if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, NULL) || !fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, NULL) || !fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, NULL)) + goto err; + /* Now perform pairwise consistency encrypt/decrypt test */ + ctbuf = OPENSSL_malloc(RSA_size(rsa)); + if (!ctbuf) + goto err; + + len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING); + if (len <= 0) + goto err; + /* Check ciphertext doesn't match plaintext */ + if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len)) + goto err; + ptbuf = OPENSSL_malloc(RSA_size(rsa)); + + if (!ptbuf) + goto err; + len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING); + if (len != (sizeof(tbs) - 1)) + goto err; + if (memcmp(ptbuf, tbs, len)) + goto err; + + ret = 1; + + if (!ptbuf) + goto err; + + err: + if (ret == 0) { + fips_set_selftest_fail(); FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED); - return 0; } - return 1; + + if (ctbuf) + OPENSSL_free(ctbuf); + if (ptbuf) + OPENSSL_free(ptbuf); + + return ret; } static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); diff --git a/fips-1.0/rsa/fips_rsa_sign.c b/fips-1.0/rsa/fips_rsa_sign.c index 2236699c00..fd2d7309eb 100644 --- a/fips-1.0/rsa/fips_rsa_sign.c +++ b/fips-1.0/rsa/fips_rsa_sign.c @@ -191,12 +191,12 @@ static const unsigned char *fips_digestinfo_nn_encoding(int nid, unsigned int *l static int fips_rsa_sign(int type, const unsigned char *x, unsigned int y, unsigned char *sigret, unsigned int *siglen, EVP_MD_SVCTX *sv) { - int i,j,ret=0; + int i=0,j,ret=0; unsigned int dlen; const unsigned char *der; unsigned int m_len; int pad_mode = sv->mctx->flags & EVP_MD_CTX_FLAG_PAD_MASK; - int rsa_pad_mode; + int rsa_pad_mode = 0; RSA *rsa = sv->key; /* Largest DigestInfo: 19 (max encoding) + max MD */ unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE]; @@ -301,7 +301,7 @@ static int fips_rsa_verify(int dtype, int i,ret=0; unsigned int dlen, diglen; int pad_mode = sv->mctx->flags & EVP_MD_CTX_FLAG_PAD_MASK; - int rsa_pad_mode; + int rsa_pad_mode = 0; unsigned char *s; const unsigned char *der; unsigned char dig[EVP_MAX_MD_SIZE]; -- 2.25.1