Implement FIPS_mode and FIPS_mode_set
authorDr. Stephen Henson <steve@openssl.org>
Thu, 19 May 2011 18:09:02 +0000 (18:09 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 19 May 2011 18:09:02 +0000 (18:09 +0000)
15 files changed:
CHANGES
apps/openssl.c
crypto/Makefile
crypto/cpt_err.c
crypto/crypto.h
crypto/o_fips.c [new file with mode: 0644]
ssl/s23_clnt.c
ssl/s23_srvr.c
ssl/s3_clnt.c
ssl/s3_enc.c
ssl/s3_srvr.c
ssl/ssl_ciph.c
ssl/ssl_lib.c
ssl/ssltest.c
ssl/t1_enc.c

diff --git a/CHANGES b/CHANGES
index 03a626f..ff8201a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Functions FIPS_mode_set() and FIPS_mode() which call the underlying
+     FIPS modules versions.
+     [Steve Henson]
+
   *) Add TLS v1.2 client side support for client authentication. Keep cache
      of handshake records longer as we don't know the hash algorithm to use
      until after the certificate request message is received.
index b0e64a8..1c880d9 100644 (file)
@@ -315,10 +315,7 @@ int main(int Argc, char *ARGV[])
 
        if(getenv("OPENSSL_FIPS")) {
 #ifdef OPENSSL_FIPS
-               /* For now call FIPS_module_mode_set(): will call
-                * FIPS_mode_set() later.
-                */
-               if (!FIPS_module_mode_set(1)) {
+               if (!FIPS_mode_set(1)) {
                        ERR_load_crypto_strings();
                        ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
                        EXIT(1);
index 33503a4..f2e3583 100644 (file)
@@ -36,10 +36,10 @@ LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
 LIBSRC=        cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
        ebcdic.c uid.c o_time.c o_str.c o_dir.c thr_id.c lock.c fips_ers.c \
-       o_init.c
+       o_init.c o_fips.c
 LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o \
        ebcdic.o uid.o o_time.o o_str.o o_dir.o thr_id.o lock.o fips_ers.o \
-       o_init.o $(CPUID_OBJ)
+       o_init.o o_fips.o $(CPUID_OBJ)
 
 SRC= $(LIBSRC)
 
index 139b928..289005f 100644 (file)
@@ -1,6 +1,6 @@
 /* crypto/cpt_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -76,6 +76,7 @@ static ERR_STRING_DATA CRYPTO_str_functs[]=
 {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA),        "CRYPTO_set_ex_data"},
 {ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX),     "DEF_ADD_INDEX"},
 {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS),     "DEF_GET_CLASS"},
+{ERR_FUNC(CRYPTO_F_FIPS_MODE_SET),     "FIPS_mode_set"},
 {ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA),   "INT_DUP_EX_DATA"},
 {ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA),  "INT_FREE_EX_DATA"},
 {ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA),   "INT_NEW_EX_DATA"},
@@ -84,6 +85,7 @@ static ERR_STRING_DATA CRYPTO_str_functs[]=
 
 static ERR_STRING_DATA CRYPTO_str_reasons[]=
        {
+{ERR_REASON(CRYPTO_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
 {ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),"no dynlock create callback"},
 {0,NULL}
        };
index 443486d..8fd2fe2 100644 (file)
@@ -560,6 +560,9 @@ unsigned int *OPENSSL_ia32cap_loc(void);
 #define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0])
 int OPENSSL_isservice(void);
 
+int FIPS_mode(void);
+int FIPS_mode_set(int r);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -575,11 +578,13 @@ void ERR_load_CRYPTO_strings(void);
 #define CRYPTO_F_CRYPTO_SET_EX_DATA                     102
 #define CRYPTO_F_DEF_ADD_INDEX                          104
 #define CRYPTO_F_DEF_GET_CLASS                          105
+#define CRYPTO_F_FIPS_MODE_SET                          109
 #define CRYPTO_F_INT_DUP_EX_DATA                        106
 #define CRYPTO_F_INT_FREE_EX_DATA                       107
 #define CRYPTO_F_INT_NEW_EX_DATA                        108
 
 /* Reason codes. */
+#define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                101
 #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK             100
 
 #ifdef  __cplusplus
diff --git a/crypto/o_fips.c b/crypto/o_fips.c
new file mode 100644 (file)
index 0000000..a57a02b
--- /dev/null
@@ -0,0 +1,83 @@
+/* Written by Stephen henson (steve@openssl.org) for the OpenSSL
+ * project 2011.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
+int FIPS_mode(void)
+       {
+#ifdef OPENSSL_FIPS
+       return FIPS_module_mode();
+#else
+       return 0;
+#endif
+       }
+
+int FIPS_mode_set(int r)
+       {
+#ifdef OPENSSL_FIPS
+       return FIPS_module_mode_set(r);
+#else
+       if (r == 0)
+               return 1;
+       CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
+       return 0;
+#endif
+       }
+
index f49a95b..b3c4823 100644 (file)
@@ -356,6 +356,14 @@ static int ssl23_client_hello(SSL *s)
                        version_major = TLS1_VERSION_MAJOR;
                        version_minor = TLS1_VERSION_MINOR;
                        }
+#ifdef OPENSSL_FIPS
+               else if(FIPS_mode())
+                       {
+                       SSLerr(SSL_F_SSL23_CLIENT_HELLO,
+                                       SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+                       return -1;
+                       }
+#endif
                else if (version == SSL3_VERSION)
                        {
                        version_major = SSL3_VERSION_MAJOR;
@@ -639,6 +647,14 @@ static int ssl23_get_server_hello(SSL *s)
                if ((p[2] == SSL3_VERSION_MINOR) &&
                        !(s->options & SSL_OP_NO_SSLv3))
                        {
+#ifdef OPENSSL_FIPS
+                       if(FIPS_mode())
+                               {
+                               SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
+                                       SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+                               goto err;
+                               }
+#endif
                        s->version=SSL3_VERSION;
                        s->method=SSLv3_client_method();
                        }
index b21c57a..4877849 100644 (file)
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 static const SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
@@ -422,6 +425,15 @@ int ssl23_get_client_hello(SSL *s)
                        }
                }
 
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && (s->version < TLS1_VERSION))
+               {
+               SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
+                                       SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+               goto err;
+               }
+#endif
+
        if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
                {
                /* we have SSLv3/TLSv1 in an SSLv2 header
index 64fd5ec..0633c09 100644 (file)
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
@@ -1709,6 +1712,8 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
                        q=md_buf;
                        for (num=2; num > 0; num--)
                                {
+                               EVP_MD_CTX_set_flags(&md_ctx,
+                                       EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
                                EVP_DigestInit_ex(&md_ctx,(num == 2)
                                        ?s->ctx->md5:s->ctx->sha1, NULL);
                                EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
index ac5ae40..9f5574a 100644 (file)
@@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 #endif
        k=0;
        EVP_MD_CTX_init(&m5);
+       EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
        EVP_MD_CTX_init(&s1);
        for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH)
                {
@@ -614,6 +615,13 @@ int ssl3_digest_cached_records(SSL *s)
                        {
                        s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
                        EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
+#ifdef OPENSSL_FIPS
+                       if (EVP_MD_nid(md) == NID_md5)
+                               {
+                               EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i],
+                                               EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+                               }
+#endif
                        EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
                        } 
                else 
@@ -669,6 +677,7 @@ static int ssl3_handshake_mac(SSL *s, int md_nid,
                return 0;
        }       
        EVP_MD_CTX_init(&ctx);
+       EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
        EVP_MD_CTX_copy_ex(&ctx,d);
        n=EVP_MD_CTX_size(&ctx);
        if (n < 0)
index 286af3a..940c951 100644 (file)
@@ -1899,6 +1899,8 @@ int ssl3_send_server_key_exchange(SSL *s)
                                        {
                                        EVP_DigestInit_ex(&md_ctx,(num == 2)
                                                ?s->ctx->md5:s->ctx->sha1, NULL);
+                                       EVP_MD_CTX_set_flags(&md_ctx,
+                                               EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
                                        EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
                                        EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
                                        EVP_DigestUpdate(&md_ctx,&(d[4]),n);
index 38d5977..87a9f68 100644 (file)
@@ -740,6 +740,9 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                c = ssl_method->get_cipher(i);
                /* drop those that use any of that is not available */
                if ((c != NULL) && c->valid &&
+#ifdef OPENSSL_FIPS
+                   (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
+#endif
                    !(c->algorithm_mkey & disabled_mkey) &&
                    !(c->algorithm_auth & disabled_auth) &&
                    !(c->algorithm_enc & disabled_enc) &&
@@ -1439,7 +1442,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         */
        for (curr = head; curr != NULL; curr = curr->next)
                {
+#ifdef OPENSSL_FIPS
+               if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
+#else
                if (curr->active)
+#endif
                        {
                        sk_SSL_CIPHER_push(cipherstack, curr->cipher);
 #ifdef CIPHER_DEBUG
index 3f60ab1..77b5b5e 100644 (file)
@@ -1660,6 +1660,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
                return(NULL);
                }
 
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && (meth->version < TLS1_VERSION))      
+               {
+               SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+               return NULL;
+               }
+#endif
+
        if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
                {
                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
index 977e12b..cebd4e7 100644 (file)
@@ -395,6 +395,9 @@ static void sv_usage(void)
        {
        fprintf(stderr,"usage: ssltest [args ...]\n");
        fprintf(stderr,"\n");
+#ifdef OPENSSL_FIPS
+       fprintf(stderr,"-F             - run test in FIPS mode\n");
+#endif
        fprintf(stderr," -server_auth  - check server certificate\n");
        fprintf(stderr," -client_auth  - do client authentication\n");
        fprintf(stderr," -proxy        - allow proxy certificates\n");
@@ -630,6 +633,9 @@ int main(int argc, char *argv[])
        STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
 #endif
        int test_cipherlist = 0;
+#ifdef OPENSSL_FIPS
+       int fips_mode=0;
+#endif
 
        verbose = 0;
        debug = 0;
@@ -661,7 +667,16 @@ int main(int argc, char *argv[])
 
        while (argc >= 1)
                {
-               if      (strcmp(*argv,"-server_auth") == 0)
+               if(!strcmp(*argv,"-F"))
+                       {
+#ifdef OPENSSL_FIPS
+                       fips_mode=1;
+#else
+                       fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
+                       EXIT(0);
+#endif
+                       }
+               else if (strcmp(*argv,"-server_auth") == 0)
                        server_auth=1;
                else if (strcmp(*argv,"-client_auth") == 0)
                        client_auth=1;
@@ -885,6 +900,20 @@ bad:
                EXIT(1);
                }
 
+#ifdef OPENSSL_FIPS
+       if(fips_mode)
+               {
+               if(!FIPS_mode_set(1))
+                       {
+                       ERR_load_crypto_strings();
+                       ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+                       EXIT(1);
+                       }
+               else
+                       fprintf(stderr,"*** IN FIPS MODE ***\n");
+               }
+#endif
+
        if (print_time)
                {
                if (!bio_pair)
index c60bccd..36128dc 100644 (file)
@@ -171,6 +171,8 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 
        EVP_MD_CTX_init(&ctx);
        EVP_MD_CTX_init(&ctx_tmp);
+       EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+       EVP_MD_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
        mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
        if (!mac_key)
                goto err;