From 83c3410b94ae3c845142fdfb55e245273846ecf0 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 26 Jan 2011 15:47:19 +0000 Subject: [PATCH] FIPS DH changes: selftest checks and key range checks. --- crypto/dh/Makefile | 2 +- crypto/dh/dh.h | 8 ++++++++ crypto/dh/dh_err.c | 3 ++- crypto/dh/dh_gen.c | 17 +++++++++++++++++ crypto/dh/dh_key.c | 22 ++++++++++++++++++++++ 5 files changed, 50 insertions(+), 2 deletions(-) diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile index f23b4f7fde..173bf0912b 100644 --- a/crypto/dh/Makefile +++ b/crypto/dh/Makefile @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 849309a489..084dc08c78 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif +#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + #define DH_FLAG_CACHE_MONT_P 0x01 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH * implementation now uses constant time @@ -168,6 +170,11 @@ DH *DHparams_dup(DH *); const DH_METHOD *DH_OpenSSL(void); +#ifdef OPENSSL_FIPS +DH * FIPS_dh_new(void); +void FIPS_dh_free(DH *dh); +#endif + void DH_set_default_method(const DH_METHOD *meth); const DH_METHOD *DH_get_default_method(void); int DH_set_method(DH *dh, const DH_METHOD *meth); @@ -249,6 +256,7 @@ void ERR_load_DH_strings(void); #define DH_R_DECODE_ERROR 104 #define DH_R_INVALID_PUBKEY 102 #define DH_R_KEYS_NOT_SET 108 +#define DH_R_KEY_SIZE_TOO_SMALL 110 #define DH_R_MODULUS_TOO_LARGE 103 #define DH_R_NO_PARAMETERS_SET 107 #define DH_R_NO_PRIVATE_VALUE 100 diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index d5cf0c22a3..a4c30b7ace 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -1,6 +1,6 @@ /* crypto/dh/dh_err.c */ /* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -95,6 +95,7 @@ static ERR_STRING_DATA DH_str_reasons[]= {ERR_REASON(DH_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, {ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"}, +{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index cfd5b11868..82e560068f 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -65,6 +65,9 @@ #include "cryptlib.h" #include #include +#ifdef OPENSSL_FIPS +#include +#endif static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); @@ -106,6 +109,20 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB int g,ok= -1; BN_CTX *ctx=NULL; +#ifdef OPENSSL_FIPS + if(FIPS_selftest_failed()) + { + FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS,FIPS_R_FIPS_SELFTEST_FAILED); + return 0; + } + + if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) + { + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); + goto err; + } +#endif + ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index e7db440342..99c722bf03 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -61,6 +61,9 @@ #include #include #include +#ifdef OPENSSL_FIPS +#include +#endif static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); @@ -107,6 +110,14 @@ static int generate_key(DH *dh) BN_MONT_CTX *mont=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; +#ifdef OPENSSL_FIPS + if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) + { + DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL); + return 0; + } +#endif + ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -185,6 +196,14 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; } +#ifdef OPENSSL_FIPS + if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) + { + DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL); + goto err; + } +#endif + ctx = BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); @@ -251,6 +270,9 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, static int dh_init(DH *dh) { +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } -- 2.25.1