From d16d0b71a9a31bf61289518a8ae523131f293faf Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Sun, 15 Mar 2020 17:38:00 +1000 Subject: [PATCH] Add RSA sign to the fips provider Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11199) --- crypto/provider_core.c | 6 +- crypto/rsa/rsa_lib.c | 3 - crypto/rsa/rsa_local.h | 7 +-- crypto/rsa/rsa_sign.c | 55 ++++++++++++++++--- include/openssl/core_numbers.h | 5 +- providers/fips/fipsprov.c | 16 ++++++ .../implementations/signature/build.info | 6 +- providers/implementations/signature/rsa.c | 1 - 8 files changed, 76 insertions(+), 23 deletions(-) diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 026e784bae..2a463550d6 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -911,7 +911,7 @@ static int core_pop_error_to_mark(const OSSL_PROVIDER *prov) { return ERR_pop_to_mark(); } -#endif +#endif /* FIPS_MODE */ /* * Functions provided by the core. Blank line separates "families" of related @@ -929,13 +929,13 @@ static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_CORE_SET_ERROR_MARK, (void (*)(void))core_set_error_mark }, { OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK, (void (*)(void))core_clear_last_error_mark }, - { OSSL_FUNC_CORE_POP_ERROR_TO_MARK, - (void (*)(void))core_pop_error_to_mark }, + { OSSL_FUNC_CORE_POP_ERROR_TO_MARK, (void (*)(void))core_pop_error_to_mark }, { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))BIO_new_file }, { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))BIO_new_mem_buf }, { OSSL_FUNC_BIO_READ_EX, (void (*)(void))BIO_read_ex }, { OSSL_FUNC_BIO_FREE, (void (*)(void))BIO_free }, { OSSL_FUNC_BIO_VPRINTF, (void (*)(void))BIO_vprintf }, + { OSSL_FUNC_BIO_VSNPRINTF, (void (*)(void))BIO_vsnprintf }, { OSSL_FUNC_SELF_TEST_CB, (void (*)(void))OSSL_SELF_TEST_get_callback }, #endif { OSSL_FUNC_CRYPTO_MALLOC, (void (*)(void))CRYPTO_malloc }, diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 0a0d3e84db..08365708a6 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -635,13 +635,10 @@ const BIGNUM *RSA_get0_iqmp(const RSA *r) return r->iqmp; } -/* TODO(3.0): Temporary until we move PSS support into the FIPS module */ -#ifndef FIPS_MODE const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r) { return r->pss; } -#endif void RSA_clear_flags(RSA *r, int flags) { diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index a5c7b0a811..06a7daddbd 100644 --- a/crypto/rsa/rsa_local.h +++ b/crypto/rsa/rsa_local.h @@ -50,13 +50,12 @@ struct rsa_st { BIGNUM *dmp1; BIGNUM *dmq1; BIGNUM *iqmp; - /* TODO(3.0): Support PSS in FIPS_MODE */ + /* If a PSS only key this contains the parameter restrictions */ + RSA_PSS_PARAMS *pss; #ifndef FIPS_MODE /* for multi-prime RSA, defined in RFC 8017 */ STACK_OF(RSA_PRIME_INFO) *prime_infos; - /* If a PSS only key this contains the parameter restrictions */ - RSA_PSS_PARAMS *pss; - /* be careful using this if the RSA structure is shared */ + /* Be careful using this if the RSA structure is shared */ CRYPTO_EX_DATA ex_data; #endif CRYPTO_REF_COUNT references; diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index e9c4c55398..544cca446e 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -186,6 +186,47 @@ const unsigned char *rsa_digestinfo_encoding(int md_nid, size_t *len) } } +#define MD_NID_CASE(name, sz) \ + case NID_##name: \ + return sz; + +static int digest_sz_from_nid(int nid) +{ + switch (nid) { +#ifndef FIPS_MODE +# ifndef OPENSSL_NO_MDC2 + MD_NID_CASE(mdc2, MDC2_DIGEST_LENGTH) +# endif +# ifndef OPENSSL_NO_MD2 + MD_NID_CASE(md2, MD2_DIGEST_LENGTH) +# endif +# ifndef OPENSSL_NO_MD4 + MD_NID_CASE(md4, MD4_DIGEST_LENGTH) +# endif +# ifndef OPENSSL_NO_MD5 + MD_NID_CASE(md5, MD5_DIGEST_LENGTH) +# endif +# ifndef OPENSSL_NO_RMD160 + MD_NID_CASE(ripemd160, RIPEMD160_DIGEST_LENGTH) +# endif +#endif /* FIPS_MODE */ + MD_NID_CASE(sha1, SHA_DIGEST_LENGTH) + MD_NID_CASE(sha224, SHA224_DIGEST_LENGTH) + MD_NID_CASE(sha256, SHA256_DIGEST_LENGTH) + MD_NID_CASE(sha384, SHA384_DIGEST_LENGTH) + MD_NID_CASE(sha512, SHA512_DIGEST_LENGTH) + MD_NID_CASE(sha512_224, SHA224_DIGEST_LENGTH) + MD_NID_CASE(sha512_256, SHA256_DIGEST_LENGTH) + MD_NID_CASE(sha3_224, SHA224_DIGEST_LENGTH) + MD_NID_CASE(sha3_256, SHA256_DIGEST_LENGTH) + MD_NID_CASE(sha3_384, SHA384_DIGEST_LENGTH) + MD_NID_CASE(sha3_512, SHA512_DIGEST_LENGTH) + default: + return 0; + } +} + + /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 @@ -237,8 +278,10 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *tmps = NULL; const unsigned char *encoded = NULL; +#ifndef FIPS_MODE if (rsa->meth->rsa_sign != NULL) return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); +#endif /* FIPS_MODE */ /* Compute the encoded digest. */ if (type == NID_md5_sha1) { @@ -311,6 +354,7 @@ int int_rsa_verify(int type, const unsigned char *m, unsigned int m_len, goto err; decrypt_len = len; +#ifndef FIPS_MODE if (type == NID_md5_sha1) { /* * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and @@ -356,20 +400,17 @@ int int_rsa_verify(int type, const unsigned char *m, unsigned int m_len, goto err; } } - } else { + } else +#endif /* FIPS_MODE */ + { /* * If recovering the digest, extract a digest-sized output from the end * of |decrypt_buf| for |encode_pkcs1|, then compare the decryption * output as in a standard verification. */ if (rm != NULL) { - const EVP_MD *md = EVP_get_digestbynid(type); - if (md == NULL) { - RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_UNKNOWN_ALGORITHM_TYPE); - goto err; - } + len = digest_sz_from_nid(type); - len = EVP_MD_size(md); if (len <= 0) goto err; m_len = (unsigned int)len; diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index dfca646c73..925dfeaa3e 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -85,7 +85,7 @@ OSSL_CORE_MAKE_FUNC(int, core_set_error_mark, (const OSSL_PROVIDER *prov)) # define OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK 9 OSSL_CORE_MAKE_FUNC(int, core_clear_last_error_mark, (const OSSL_PROVIDER *prov)) -# define OSSL_FUNC_CORE_POP_ERROR_TO_MARK 10 +# define OSSL_FUNC_CORE_POP_ERROR_TO_MARK 10 OSSL_CORE_MAKE_FUNC(int, core_pop_error_to_mark, (const OSSL_PROVIDER *prov)) /* Memory allocation, freeing, clearing. */ @@ -134,6 +134,7 @@ OSSL_CORE_MAKE_FUNC(void, #define OSSL_FUNC_BIO_READ_EX 42 #define OSSL_FUNC_BIO_FREE 43 #define OSSL_FUNC_BIO_VPRINTF 44 +#define OSSL_FUNC_BIO_VSNPRINTF 45 OSSL_CORE_MAKE_FUNC(BIO *, BIO_new_file, (const char *filename, const char *mode)) OSSL_CORE_MAKE_FUNC(BIO *, BIO_new_membuf, (const void *buf, int len)) @@ -142,6 +143,8 @@ OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (BIO *bio, void *data, size_t data_len, OSSL_CORE_MAKE_FUNC(int, BIO_free, (BIO *bio)) OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (BIO *bio, const char *format, va_list args)) +OSSL_CORE_MAKE_FUNC(int, BIO_vsnprintf, + (char *buf, size_t n, const char *fmt, va_list args)) #define OSSL_FUNC_SELF_TEST_CB 100 OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CTX *ctx, OSSL_CALLBACK **cb, diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 48394b27d5..61573f0337 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -69,6 +69,7 @@ static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc; static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free; static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free; static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; +static OSSL_BIO_vsnprintf_fn *c_BIO_vsnprintf; typedef struct fips_global_st { const OSSL_PROVIDER *prov; @@ -805,6 +806,7 @@ static const OSSL_ALGORITHM fips_signature[] = { #ifndef OPENSSL_NO_DSA { "DSA:dsaEncryption", "provider=fips,fips=yes", dsa_signature_functions }, #endif + { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_signature_functions }, { NULL, NULL, NULL } }; @@ -961,6 +963,9 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, case OSSL_FUNC_BIO_FREE: selftest_params.bio_free_cb = OSSL_get_BIO_free(in); break; + case OSSL_FUNC_BIO_VSNPRINTF: + c_BIO_vsnprintf = OSSL_get_BIO_vsnprintf(in); + break; case OSSL_FUNC_SELF_TEST_CB: { stcbfn = OSSL_get_self_test_cb(in); break; @@ -1161,3 +1166,14 @@ int CRYPTO_secure_allocated(const void *ptr) { return c_CRYPTO_secure_allocated(ptr); } + +int BIO_snprintf(char *buf, size_t n, const char *format, ...) +{ + va_list args; + int ret; + + va_start(args, format); + ret = c_BIO_vsnprintf(buf, n, format, args); + va_end(args); + return ret; +} diff --git a/providers/implementations/signature/build.info b/providers/implementations/signature/build.info index c5d0645a8a..bb229be90d 100644 --- a/providers/implementations/signature/build.info +++ b/providers/implementations/signature/build.info @@ -2,7 +2,6 @@ # switch each to the Legacy provider when needed. $DSA_GOAL=../../libimplementations.a -$RSA_GOAL=../../libimplementations.a $EC_GOAL=../../libimplementations.a IF[{- !$disabled{dsa} -}] @@ -13,6 +12,5 @@ IF[{- !$disabled{ec} -}] SOURCE[$EC_GOAL]=eddsa.c ENDIF -SOURCE[$RSA_GOAL]=rsa.c - - +SOURCE[../../libfips.a]=rsa.c +SOURCE[../../libnonfips.a]=rsa.c diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index 6b0f55a19a..848cbd7249 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -328,7 +328,6 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen, goto end; } #endif - switch (prsactx->pad_mode) { case RSA_X931_PADDING: if ((size_t)RSA_size(prsactx->rsa) < tbslen + 1) { -- 2.25.1