* Verify that the passed in L, N pair for DH or DSA is valid.
* Returns 0 if invalid, otherwise it returns the security strength.
*/
+
+#ifdef FIPS_MODULE
+static int ffc_validate_LN(size_t L, size_t N, int type, int verify)
+{
+ if (type == FFC_PARAM_TYPE_DH) {
+ /* Valid DH L,N parameters from SP800-56Ar3 5.5.1 Table 1 */
+ if (L == 2048 && (N == 224 || N == 256))
+ return 112;
+# ifndef OPENSSL_NO_DH
+ DHerr(0, DH_R_BAD_FFC_PARAMETERS);
+# endif
+ } else if (type == FFC_PARAM_TYPE_DSA) {
+ /* Valid DSA L,N parameters from FIPS 186-4 Section 4.2 */
+ /* In fips mode 1024/160 can only be used for verification */
+ if (verify && L == 1024 && N == 160)
+ return 80;
+ if (L == 2048 && (N == 224 || N == 256))
+ return 112;
+ if (L == 3072 && N == 256)
+ return 128;
+# ifndef OPENSSL_NO_DSA
+ DSAerr(0, DSA_R_BAD_FFC_PARAMETERS);
+# endif
+ }
+ return 0;
+}
+#else
static int ffc_validate_LN(size_t L, size_t N, int type, int verify)
{
if (type == FFC_PARAM_TYPE_DH) {
-#ifndef FIPS_MODULE
/* Allow legacy 1024/160 in non fips mode */
if (L == 1024 && N == 160)
return 80;
-#endif
/* Valid DH L,N parameters from SP800-56Ar3 5.5.1 Table 1 */
if (L == 2048 && (N == 224 || N == 256))
return 112;
-#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_DH
DHerr(0, DH_R_BAD_FFC_PARAMETERS);
-#endif
+# endif
} else if (type == FFC_PARAM_TYPE_DSA) {
- /* Valid DSA L,N parameters from FIPS 186-4 Section 4.2 */
-#ifdef FIPS_MODULE
- /* In fips mode 1024/160 can only be used for verification */
- if (verify)
-#endif
- if (L == 1024 && N == 160)
- return 80;
+ if (L == 1024 && N == 160)
+ return 80;
if (L == 2048 && (N == 224 || N == 256))
return 112;
if (L == 3072 && N == 256)
return 128;
-#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_DSA
DSAerr(0, DSA_R_BAD_FFC_PARAMETERS);
-#endif
+# endif
}
return 0;
}
+#endif /* FIPS_MODULE */
/* FIPS186-4 A.2.1 Unverifiable Generation of Generator g */
static int generate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont, BIGNUM *g,
/*
* FIPS requires a minimum security strength of 112 bits (for encryption or
* signing), and for legacy purposes 80 bits (for decryption or verifying).
- * Set protect = 1 for encryption or signing operations, or 0 otherwise.
+ * Set protect = 1 for encryption or signing operations, or 0 otherwise. See
+ * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
*/
int rsa_check_key(const RSA *rsa, int protect)
{
int digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len)
{
size_t i;
- int mdnid = NID_undef;
if (md == NULL)
- goto end;
+ return NID_undef;
- for (i = 0; i < it_len; i++) {
- if (EVP_MD_is_a(md, it[i].ptr)) {
- mdnid = (int)it[i].id;
- break;
- }
- }
- end:
- return mdnid;
+ for (i = 0; i < it_len; i++)
+ if (EVP_MD_is_a(md, it[i].ptr))
+ return (int)it[i].id;
+ return NID_undef;
}
/*
$EC_GOAL=../../libimplementations.a
IF[{- !$disabled{dsa} -}]
- SOURCE[../../libfips.a]=dsa.c
- SOURCE[../../libnonfips.a]=dsa.c
+ SOURCE[$DSA_GOAL]=dsa.c
ENDIF
IF[{- !$disabled{ec} -}]
- SOURCE[$EC_GOAL]=eddsa.c
- SOURCE[../../libfips.a]=ecdsa.c
- SOURCE[../../libnonfips.a]=ecdsa.c
+ SOURCE[$EC_GOAL]=eddsa.c ecdsa.c
ENDIF
SOURCE[../../libfips.a]=rsa.c
#include "prov/implementations.h"
#include "prov/providercommonerr.h"
#include "prov/provider_ctx.h"
-#include "prov/provider_util.h"
+#include "prov/check.h"
#include "crypto/dsa.h"
#include "prov/der_dsa.h"
EVP_MD_CTX *mdctx;
size_t mdsize;
int operation;
-
} PROV_DSA_CTX;
-/*
- * Check for valid key sizes if fips mode. Refer to
- * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf
- * "Table 2"
- */
-static int dsa_check_key_size(const PROV_DSA_CTX *ctx)
-{
-#ifdef FIPS_MODULE
- size_t L, N;
- const BIGNUM *p, *q;
- DSA *dsa = ctx->dsa;
-
- if (dsa == NULL)
- return 0;
-
- p = DSA_get0_p(dsa);
- q = DSA_get0_q(dsa);
- if (p == NULL || q == NULL)
- return 0;
-
- L = BN_num_bits(p);
- N = BN_num_bits(q);
-
- /*
- * Valid sizes or verification - Note this could be a fips186-2 type
- * key - so we allow 512 also. When this is no longer suppported the
- * lower bound should be increased to 1024.
- */
- if (ctx->operation != EVP_PKEY_OP_SIGN)
- return (L >= 512 && N >= 160);
-
- /* Valid sizes for both sign and verify */
- if (L == 2048 && (N == 224 || N == 256))
- return 1;
- return (L == 3072 && N == 256);
-#else
- return 1;
-#endif
-}
static size_t dsa_get_md_size(const PROV_DSA_CTX *pdsactx)
{
return 0;
}
-static int dsa_get_md_nid(const PROV_DSA_CTX *ctx, const EVP_MD *md)
-{
- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
-
- return ossl_prov_digest_get_approved_nid(md, sha1_allowed);
-}
-
static void *dsa_newctx(void *provctx, const char *propq)
{
PROV_DSA_CTX *pdsactx;
mdprops = ctx->propq;
if (mdname != NULL) {
+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
WPACKET pkt;
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
- int md_nid = dsa_get_md_nid(ctx, md);
+ int md_nid = digest_get_approved_nid_with_sha1(md, sha1_allowed);
size_t mdname_len = strlen(mdname);
if (md == NULL || md_nid == NID_undef) {
DSA_free(pdsactx->dsa);
pdsactx->dsa = vdsa;
pdsactx->operation = operation;
- if (!dsa_check_key_size(pdsactx)) {
+ if (!dsa_check_key(vdsa, operation == EVP_PKEY_OP_SIGN)) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
#include "prov/providercommonerr.h"
#include "prov/implementations.h"
#include "prov/provider_ctx.h"
-#include "prov/provider_util.h"
+#include "prov/check.h"
#include "crypto/ec.h"
#include "prov/der_ec.h"
*/
BIGNUM *kinv;
BIGNUM *r;
-#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
+#if !defined(OPENSSL_NO_ACVP_TESTS)
/*
* This indicates that KAT (CAVS) test is running. Externally an app will
* override the random callback such that the generated private key and k
EC_KEY_free(ctx->ec);
ctx->ec = ec;
ctx->operation = operation;
- return ossl_prov_ec_check(ec, operation == EVP_PKEY_OP_SIGN);
+ return ec_check_key(ec, operation == EVP_PKEY_OP_SIGN);
}
static int ecdsa_sign_init(void *vctx, void *ec)
return 1;
}
-#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
+#if !defined(OPENSSL_NO_ACVP_TESTS)
if (ctx->kattest && !ECDSA_sign_setup(ctx->ec, NULL, &ctx->kinv, &ctx->r))
return 0;
#endif
return ECDSA_verify(0, tbs, tbslen, sig, siglen, ctx->ec);
}
-static int get_md_nid(const PROV_ECDSA_CTX *ctx, const EVP_MD *md)
-{
- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
-
- return ossl_prov_digest_get_approved_nid(md, sha1_allowed);
-}
-
static void free_md(PROV_ECDSA_CTX *ctx)
{
OPENSSL_free(ctx->propq);
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
int md_nid = NID_undef;
WPACKET pkt;
+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
if (!ossl_prov_is_running())
return 0;
return 0;
ctx->md = EVP_MD_fetch(ctx->libctx, mdname, ctx->propq);
- md_nid = get_md_nid(ctx, ctx->md);
+ md_nid = digest_get_approved_nid_with_sha1(ctx->md, sha1_allowed);
if (md_nid == NID_undef)
goto error;
*/
return 1;
}
-#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
+#if !defined(OPENSSL_NO_ACVP_TESTS)
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_KAT);
if (p != NULL && !OSSL_PARAM_get_uint(p, &ctx->kattest))
return 0;
#include "prov/implementations.h"
#include "prov/provider_ctx.h"
#include "prov/der_rsa.h"
-#include "prov/provider_util.h"
+#include "prov/check.h"
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
return 0;
}
-static int rsa_get_md_nid_check(const PROV_RSA_CTX *ctx, const EVP_MD *md,
- int sha1_allowed)
-{
- int mdnid = NID_undef;
-
- #ifndef FIPS_MODULE
- static const OSSL_ITEM name_to_nid[] = {
- { NID_md5, OSSL_DIGEST_NAME_MD5 },
- { NID_md5_sha1, OSSL_DIGEST_NAME_MD5_SHA1 },
- { NID_md2, OSSL_DIGEST_NAME_MD2 },
- { NID_md4, OSSL_DIGEST_NAME_MD4 },
- { NID_mdc2, OSSL_DIGEST_NAME_MDC2 },
- { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
- };
- #endif
-
- if (md == NULL)
- goto end;
-
- mdnid = ossl_prov_digest_get_approved_nid(md, sha1_allowed);
-
- #ifndef FIPS_MODULE
- if (mdnid == NID_undef)
- mdnid = ossl_prov_digest_md_to_nid(md, name_to_nid,
- OSSL_NELEM(name_to_nid));
- #endif
- end:
- return mdnid;
-}
-
-static int rsa_get_md_nid(const PROV_RSA_CTX *ctx, const EVP_MD *md)
-{
- return rsa_get_md_nid_check(ctx, md, ctx->operation != EVP_PKEY_OP_SIGN);
-}
-
-static int rsa_get_md_mgf1_nid(const PROV_RSA_CTX *ctx, const EVP_MD *md)
-{
- /* The default for mgf1 is SHA1 - so allow this */
- return rsa_get_md_nid_check(ctx, md, 1);
-}
-
-static int rsa_check_key_size(const PROV_RSA_CTX *prsactx)
-{
-#ifdef FIPS_MODULE
- int sz = RSA_bits(prsactx->rsa);
-
- return (prsactx->operation == EVP_PKEY_OP_SIGN) ? (sz >= 2048) : (sz >= 1024);
-#else
- return 1;
-#endif
-}
-
static int rsa_check_padding(int mdnid, int padding)
{
if (padding == RSA_NO_PADDING) {
if (mdname != NULL) {
WPACKET pkt;
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
- int md_nid = rsa_get_md_nid(ctx, md);
+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
+ int md_nid = digest_rsa_sign_get_md_nid(md, sha1_allowed);
size_t mdname_len = strlen(mdname);
if (md == NULL
"%s could not be fetched", mdname);
return 0;
}
- if (rsa_get_md_mgf1_nid(ctx, md) == NID_undef) {
+ /* The default for mgf1 is SHA1 - so allow SHA1 */
+ if (digest_rsa_sign_get_md_nid(md, 1) == NID_undef) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
"digest=%s", mdname);
EVP_MD_free(md);
prsactx->rsa = vrsa;
prsactx->operation = operation;
- if (!rsa_check_key_size(prsactx)) {
+ if (!rsa_check_key(vrsa, operation == EVP_PKEY_OP_SIGN)) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}