Add 'fips-securitychecks' option and plumb this into the actual fips checks

[openssl.git] / providers / implementations / asymciphers / rsa_enc.c

diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index 2cce8474cd63e99b93a6e8be16786355dc7f269f..199edbbaedb5ed5a1dad17c8d80fad7bfeaac0e9 100644 (file)
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,9 +7,15 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * RSA low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/crypto.h>
 #include <openssl/evp.h>
-#include <openssl/core_numbers.h>
+#include <openssl/core_dispatch.h>
 #include <openssl/core_names.h>
 #include <openssl/rsa.h>
 #include <openssl/params.h>
@@ -22,29 +28,30 @@
 #include "prov/providercommonerr.h"
 #include "prov/provider_ctx.h"
 #include "prov/implementations.h"
+#include "prov/providercommon.h"
+#include "prov/securitycheck.h"
 
 #include <stdlib.h>
 
-static OSSL_OP_asym_cipher_newctx_fn rsa_newctx;
-static OSSL_OP_asym_cipher_encrypt_init_fn rsa_init;
-static OSSL_OP_asym_cipher_encrypt_fn rsa_encrypt;
-static OSSL_OP_asym_cipher_decrypt_init_fn rsa_init;
-static OSSL_OP_asym_cipher_decrypt_fn rsa_decrypt;
-static OSSL_OP_asym_cipher_freectx_fn rsa_freectx;
-static OSSL_OP_asym_cipher_dupctx_fn rsa_dupctx;
-static OSSL_OP_asym_cipher_get_ctx_params_fn rsa_get_ctx_params;
-static OSSL_OP_asym_cipher_gettable_ctx_params_fn rsa_gettable_ctx_params;
-static OSSL_OP_asym_cipher_set_ctx_params_fn rsa_set_ctx_params;
-static OSSL_OP_asym_cipher_settable_ctx_params_fn rsa_settable_ctx_params;
+static OSSL_FUNC_asym_cipher_newctx_fn rsa_newctx;
+static OSSL_FUNC_asym_cipher_encrypt_init_fn rsa_encrypt_init;
+static OSSL_FUNC_asym_cipher_encrypt_fn rsa_encrypt;
+static OSSL_FUNC_asym_cipher_decrypt_init_fn rsa_decrypt_init;
+static OSSL_FUNC_asym_cipher_decrypt_fn rsa_decrypt;
+static OSSL_FUNC_asym_cipher_freectx_fn rsa_freectx;
+static OSSL_FUNC_asym_cipher_dupctx_fn rsa_dupctx;
+static OSSL_FUNC_asym_cipher_get_ctx_params_fn rsa_get_ctx_params;
+static OSSL_FUNC_asym_cipher_gettable_ctx_params_fn rsa_gettable_ctx_params;
+static OSSL_FUNC_asym_cipher_set_ctx_params_fn rsa_set_ctx_params;
+static OSSL_FUNC_asym_cipher_settable_ctx_params_fn rsa_settable_ctx_params;
 
 static OSSL_ITEM padding_item[] = {
-    { RSA_PKCS1_PADDING,        "pkcs1"  },
-    { RSA_SSLV23_PADDING,       "sslv23" },
-    { RSA_NO_PADDING,           "none"   },
-    { RSA_PKCS1_OAEP_PADDING,   "oaep"   }, /* Correct spelling first */
+    { RSA_PKCS1_PADDING,        OSSL_PKEY_RSA_PAD_MODE_PKCSV15 },
+    { RSA_SSLV23_PADDING,       OSSL_PKEY_RSA_PAD_MODE_SSLV23 },
+    { RSA_NO_PADDING,           OSSL_PKEY_RSA_PAD_MODE_NONE },
+    { RSA_PKCS1_OAEP_PADDING,   OSSL_PKEY_RSA_PAD_MODE_OAEP }, /* Correct spelling first */
     { RSA_PKCS1_OAEP_PADDING,   "oeap"   },
-    { RSA_X931_PADDING,         "x931"   },
-    { RSA_PKCS1_PSS_PADDING,    "pss"    },
+    { RSA_X931_PADDING,         OSSL_PKEY_RSA_PAD_MODE_X931 },
     { 0,                        NULL     }
 };
 
@@ -58,6 +65,7 @@ typedef struct {
     OPENSSL_CTX *libctx;
     RSA *rsa;
     int pad_mode;
+    int operation;
     /* OAEP message digest */
     EVP_MD *oaep_md;
     /* message digest for MGF1 */
@@ -72,8 +80,11 @@ typedef struct {
 
 static void *rsa_newctx(void *provctx)
 {
-    PROV_RSA_CTX *prsactx =  OPENSSL_zalloc(sizeof(PROV_RSA_CTX));
+    PROV_RSA_CTX *prsactx;
 
+    if (!ossl_prov_is_running())
+        return NULL;
+    prsactx = OPENSSL_zalloc(sizeof(PROV_RSA_CTX));
     if (prsactx == NULL)
         return NULL;
     prsactx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
@@ -81,24 +92,53 @@ static void *rsa_newctx(void *provctx)
     return prsactx;
 }
 
-static int rsa_init(void *vprsactx, void *vrsa)
+static int rsa_init(void *vprsactx, void *vrsa, int operation)
 {
     PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
 
-    if (prsactx == NULL || vrsa == NULL || !RSA_up_ref(vrsa))
+    if (!ossl_prov_is_running()
+            || prsactx == NULL
+            || vrsa == NULL
+            || !RSA_up_ref(vrsa))
         return 0;
     RSA_free(prsactx->rsa);
     prsactx->rsa = vrsa;
-    prsactx->pad_mode = RSA_PKCS1_PADDING;
+    prsactx->operation = operation;
+
+    switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) {
+    case RSA_FLAG_TYPE_RSA:
+        prsactx->pad_mode = RSA_PKCS1_PADDING;
+        break;
+    default:
+        ERR_raise(ERR_LIB_PROV, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return 0;
+    }
+    if (!rsa_check_key(vrsa, operation == EVP_PKEY_OP_ENCRYPT)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+        return 0;
+    }
     return 1;
 }
 
+static int rsa_encrypt_init(void *vprsactx, void *vrsa)
+{
+    return rsa_init(vprsactx, vrsa, EVP_PKEY_OP_ENCRYPT);
+}
+
+static int rsa_decrypt_init(void *vprsactx, void *vrsa)
+{
+    return rsa_init(vprsactx, vrsa, EVP_PKEY_OP_DECRYPT);
+}
+
 static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
                        size_t outsize, const unsigned char *in, size_t inlen)
 {
     PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
     int ret;
 
+    if (!ossl_prov_is_running())
+        return 0;
+
     if (out == NULL) {
         size_t len = RSA_size(prsactx->rsa);
 
@@ -119,15 +159,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
             return 0;
         }
         if (prsactx->oaep_md == NULL) {
+            OPENSSL_free(tbuf);
             prsactx->oaep_md = EVP_MD_fetch(prsactx->libctx, "SHA-1", NULL);
             PROVerr(0, ERR_R_INTERNAL_ERROR);
             return 0;
         }
-        ret = RSA_padding_add_PKCS1_OAEP_mgf1(tbuf, rsasize, in, inlen,
-                                              prsactx->oaep_label,
-                                              prsactx->oaep_labellen,
-                                              prsactx->oaep_md,
-                                              prsactx->mgf1_md);
+        ret =
+            rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(prsactx->libctx, tbuf,
+                                                        rsasize, in, inlen,
+                                                        prsactx->oaep_label,
+                                                        prsactx->oaep_labellen,
+                                                        prsactx->oaep_md,
+                                                        prsactx->mgf1_md);
 
         if (!ret) {
             OPENSSL_free(tbuf);
@@ -154,6 +197,9 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
     int ret;
     size_t len = RSA_size(prsactx->rsa);
 
+    if (!ossl_prov_is_running())
+        return 0;
+
     if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) {
         if (out == NULL) {
             *outlen = SSL_MAX_MASTER_KEY_LENGTH;
@@ -218,7 +264,8 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
                 ERR_raise(ERR_LIB_PROV, PROV_R_BAD_TLS_CLIENT_VERSION);
                 return 0;
             }
-            ret = rsa_padding_check_PKCS1_type_2_TLS(out, outsize,
+            ret = rsa_padding_check_PKCS1_type_2_TLS(prsactx->libctx, out,
+                                                     outsize,
                                                      tbuf, len,
                                                      prsactx->client_version,
                                                      prsactx->alt_version);
@@ -241,6 +288,7 @@ static void rsa_freectx(void *vprsactx)
 
     EVP_MD_free(prsactx->oaep_md);
     EVP_MD_free(prsactx->mgf1_md);
+    OPENSSL_free(prsactx->oaep_label);
 
     OPENSSL_free(prsactx);
 }
@@ -250,6 +298,9 @@ static void *rsa_dupctx(void *vprsactx)
     PROV_RSA_CTX *srcctx = (PROV_RSA_CTX *)vprsactx;
     PROV_RSA_CTX *dstctx;
 
+    if (!ossl_prov_is_running())
+        return NULL;
+
     dstctx = OPENSSL_zalloc(sizeof(*srcctx));
     if (dstctx == NULL)
         return NULL;
@@ -363,7 +414,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
     OSSL_PARAM_END
 };
 
-static const OSSL_PARAM *rsa_gettable_ctx_params(void)
+static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *provctx)
 {
     return known_gettable_ctx_params;
 }
@@ -507,16 +558,16 @@ static const OSSL_PARAM known_settable_ctx_params[] = {
     OSSL_PARAM_END
 };
 
-static const OSSL_PARAM *rsa_settable_ctx_params(void)
+static const OSSL_PARAM *rsa_settable_ctx_params(ossl_unused void *provctx)
 {
     return known_settable_ctx_params;
 }
 
 const OSSL_DISPATCH rsa_asym_cipher_functions[] = {
     { OSSL_FUNC_ASYM_CIPHER_NEWCTX, (void (*)(void))rsa_newctx },
-    { OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT, (void (*)(void))rsa_init },
+    { OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT, (void (*)(void))rsa_encrypt_init },
     { OSSL_FUNC_ASYM_CIPHER_ENCRYPT, (void (*)(void))rsa_encrypt },
-    { OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT, (void (*)(void))rsa_init },
+    { OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT, (void (*)(void))rsa_decrypt_init },
     { OSSL_FUNC_ASYM_CIPHER_DECRYPT, (void (*)(void))rsa_decrypt },
     { OSSL_FUNC_ASYM_CIPHER_FREECTX, (void (*)(void))rsa_freectx },
     { OSSL_FUNC_ASYM_CIPHER_DUPCTX, (void (*)(void))rsa_dupctx },