From 8d73db288f9dfb2922820d66e5f33f611d4fa182 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 19 Oct 2014 01:04:07 +0100
Subject: [PATCH] remove FIPS module code from crypto/rsa

Reviewed-by: Tim Hudson <tjh@openssl.org>
---
 crypto/rsa/rsa_eay.c   |  70 ----------------------
 crypto/rsa/rsa_gen.c   | 128 -----------------------------------------
 crypto/rsa/rsa_pss.c   |   4 --
 crypto/rsa/rsa_x931g.c |  34 -----------
 4 files changed, 236 deletions(-)

diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index 683181f3eb..6c2843116f 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -115,9 +115,6 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 #ifndef RSA_NULL
 
@@ -162,21 +159,6 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
 	unsigned char *buf=NULL;
 	BN_CTX *ctx=NULL;
 
-#ifdef OPENSSL_FIPS
-	if(FIPS_selftest_failed())
-		{
-		FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
-		goto err;
-		}
-
-	if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-		&& (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
-		return -1;
-		}
-#endif
-
 	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
 		{
 		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
@@ -380,21 +362,6 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 	BIGNUM *unblind = NULL;
 	BN_BLINDING *blinding = NULL;
 
-#ifdef OPENSSL_FIPS
-	if(FIPS_selftest_failed())
-		{
-		FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
-		goto err;
-		}
-
-	if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-		&& (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
-		return -1;
-		}
-#endif
-
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
 	BN_CTX_start(ctx);
 	f   = BN_CTX_get(ctx);
@@ -538,21 +505,6 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
 	BIGNUM *unblind = NULL;
 	BN_BLINDING *blinding = NULL;
 
-#ifdef OPENSSL_FIPS
-	if(FIPS_selftest_failed())
-		{
-		FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
-		goto err;
-		}
-
-	if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-		&& (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
-		return -1;
-		}
-#endif
-
 	if((ctx = BN_CTX_new()) == NULL) goto err;
 	BN_CTX_start(ctx);
 	f   = BN_CTX_get(ctx);
@@ -688,21 +640,6 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
 	unsigned char *buf=NULL;
 	BN_CTX *ctx=NULL;
 
-#ifdef OPENSSL_FIPS
-	if(FIPS_selftest_failed())
-		{
-		FIPSerr(FIPS_F_RSA_EAY_PUBLIC_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
-		goto err;
-		}
-
-	if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-		&& (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
-		return -1;
-		}
-#endif
-
 	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
 		{
 		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
@@ -961,13 +898,6 @@ err:
 
 static int RSA_eay_init(RSA *rsa)
 	{
-#ifdef OPENSSL_FIPS
-	if(FIPS_selftest_failed())
-		{
-		FIPSerr(FIPS_F_RSA_EAY_INIT,FIPS_R_FIPS_SELFTEST_FAILED);
-		return 0;
-		}
-#endif
 	rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
 	return(1);
 	}
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index d28f8725cd..a4eb675d9e 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -70,112 +70,6 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 
-#ifdef OPENSSL_FIPS
-
-
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include <openssl/evp.h>
-
-/* Check PRNG has sufficient security level to handle an RSA operation */
-
-int fips_check_rsa_prng(RSA *rsa, int bits)
-	{
-	int strength;
-	if (!FIPS_module_mode())
-		return 1;
-
-	if (rsa->flags & (RSA_FLAG_NON_FIPS_ALLOW|RSA_FLAG_CHECKED))
-		return 1;
-
-	if (bits == 0)
-		bits = BN_num_bits(rsa->n);
-
-	/* Should never happen */
-	if (bits < 1024)
-		{
-	    	FIPSerr(FIPS_F_FIPS_CHECK_RSA_PRNG,FIPS_R_KEY_TOO_SHORT);
-		return 0;
-		}
-	/* From SP800-57 */
-	if (bits < 2048)
-		strength = 80;
-	else if (bits < 3072)
-		strength = 112;
-	else if (bits < 7680)
-		strength = 128;
-	else if (bits < 15360)
-		strength = 192;
-	else 
-		strength = 256;
-
-	if (FIPS_rand_strength() >= strength)
-		return 1;
-
-	FIPSerr(FIPS_F_FIPS_CHECK_RSA_PRNG,FIPS_R_PRNG_STRENGTH_TOO_LOW);
-	return 0;
-	}
-	
-
-int fips_check_rsa(RSA *rsa)
-	{
-	const unsigned char tbs[] = "RSA Pairwise Check Data";
-	unsigned char *ctbuf = NULL, *ptbuf = NULL;
-	int len, ret = 0;
-	EVP_PKEY pk;
-    	pk.type = EVP_PKEY_RSA;
-    	pk.pkey.rsa = rsa;
-
-	/* Perform pairwise consistency signature test */
-	if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0,
-			NULL, 0, NULL, RSA_PKCS1_PADDING, NULL)
-		|| !fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0,
-			NULL, 0, NULL, RSA_X931_PADDING, NULL)
-		|| !fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0,
-			NULL, 0, NULL, RSA_PKCS1_PSS_PADDING, NULL))
-		goto err;
-	/* Now perform pairwise consistency encrypt/decrypt test */
-	ctbuf = OPENSSL_malloc(RSA_size(rsa));
-	if (!ctbuf)
-		goto err;
-
-	len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING);
-	if (len <= 0)
-		goto err;
-	/* Check ciphertext doesn't match plaintext */
-	if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
-		goto err;
-	ptbuf = OPENSSL_malloc(RSA_size(rsa));
-
-	if (!ptbuf)
-		goto err;
-	len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
-	if (len != (sizeof(tbs) - 1))
-		goto err;
-	if (memcmp(ptbuf, tbs, len))
-		goto err;
-
-	ret = 1;
-
-	if (!ptbuf)
-		goto err;
-	
-	err:
-	if (ret == 0)
-		{
-		fips_set_selftest_fail();
-		FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
-		}
-
-	if (ctbuf)
-		OPENSSL_free(ctbuf);
-	if (ptbuf)
-		OPENSSL_free(ptbuf);
-
-	return ret;
-	}
-#endif
-
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
 
 /* NB: this wrapper would normally be placed in rsa_lib.c and the static
@@ -198,23 +92,6 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
 	int bitsp,bitsq,ok= -1,n=0;
 	BN_CTX *ctx=NULL;
 
-#ifdef OPENSSL_FIPS
-	if(FIPS_selftest_failed())
-	    {
-	    FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED);
-	    return 0;
-	    }
-
-	if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) 
-		&& (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
-	    {
-	    FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
-	    return 0;
-	    }
-	if (!fips_check_rsa_prng(rsa, bits))
-	    return 0;
-#endif
-
 	ctx=BN_CTX_new();
 	if (ctx == NULL) goto err;
 	BN_CTX_start(ctx);
@@ -326,11 +203,6 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
 		p = rsa->p;
 	if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
 
-#ifdef OPENSSL_FIPS
-	if(!fips_check_rsa(rsa))
-	    goto err;
-#endif
-
 	ok=1;
 err:
 	if (ok == -1)
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index e90dbea983..c776b78810 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -67,10 +67,6 @@
 #include <openssl/sha.h>
 #include "rsa_locl.h"
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
 
 #if defined(_MSC_VER) && defined(_ARM_)
diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c
index e6e62c4ad3..2f37cf4699 100644
--- a/crypto/rsa/rsa_x931g.c
+++ b/crypto/rsa/rsa_x931g.c
@@ -65,12 +65,6 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-
-extern int fips_check_rsa(RSA *rsa);
-#endif
-
 /* X9.31 RSA key derivation and generation */
 
 int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
@@ -209,29 +203,6 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
 	BIGNUM *Xp = NULL, *Xq = NULL;
 	BN_CTX *ctx = NULL;
 
-#ifdef OPENSSL_FIPS
-	if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && 
-		(bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
-	    {
-	    FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT);
-	    return 0;
-	    }
-
-	if (bits & 0xff)
-	    {
-	    FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_INVALID_KEY_LENGTH);
-	    return 0;
-	    }
-
-	if(FIPS_selftest_failed())
-	    {
-	    FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST_FAILED);
-	    return 0;
-	    }
-	if (!fips_check_rsa_prng(rsa, bits))
-	    return 0;
-#endif
-
 	ctx = BN_CTX_new();
 	if (!ctx)
 		goto error;
@@ -265,11 +236,6 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
 				NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
 		goto error;
 
-#ifdef OPENSSL_FIPS
-	if(!fips_check_rsa(rsa))
-	    goto error;
-#endif
-
 	ok = 1;
 
 	error:
-- 
2.34.1