Add RSA sign to the fips provider

Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11199)
2024-11-27 05:21:51 +08:00 · 2020-03-15 17:38:00 +10:00 · 2020-03-15 17:38:00 +10:00 · d16d0b71a9
commit d16d0b71a9
parent 629b507eae
8 changed files with 76 additions and 23 deletions
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@ -911,7 +911,7 @@ static int core_pop_error_to_mark(const OSSL_PROVIDER *prov)
 {
    return ERR_pop_to_mark();
 }
-#endif
+#endif /* FIPS_MODE */

 /*
 * Functions provided by the core.  Blank line separates "families" of related
@ -929,13 +929,13 @@ static const OSSL_DISPATCH core_dispatch_[] = {
    { OSSL_FUNC_CORE_SET_ERROR_MARK, (void (*)(void))core_set_error_mark },
    { OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK,
      (void (*)(void))core_clear_last_error_mark },
-    { OSSL_FUNC_CORE_POP_ERROR_TO_MARK,
-      (void (*)(void))core_pop_error_to_mark },
+    { OSSL_FUNC_CORE_POP_ERROR_TO_MARK, (void (*)(void))core_pop_error_to_mark },
    { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))BIO_new_file },
    { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))BIO_new_mem_buf },
    { OSSL_FUNC_BIO_READ_EX, (void (*)(void))BIO_read_ex },
    { OSSL_FUNC_BIO_FREE, (void (*)(void))BIO_free },
    { OSSL_FUNC_BIO_VPRINTF, (void (*)(void))BIO_vprintf },
+    { OSSL_FUNC_BIO_VSNPRINTF, (void (*)(void))BIO_vsnprintf },
    { OSSL_FUNC_SELF_TEST_CB, (void (*)(void))OSSL_SELF_TEST_get_callback },
 #endif
    { OSSL_FUNC_CRYPTO_MALLOC, (void (*)(void))CRYPTO_malloc },
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@ -635,13 +635,10 @@ const BIGNUM *RSA_get0_iqmp(const RSA *r)
    return r->iqmp;
 }

-/* TODO(3.0): Temporary until we move PSS support into the FIPS module */
-#ifndef FIPS_MODE
 const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r)
 {
    return r->pss;
 }
-#endif

 void RSA_clear_flags(RSA *r, int flags)
 {
--- a/crypto/rsa/rsa_local.h
+++ b/crypto/rsa/rsa_local.h
@ -50,13 +50,12 @@ struct rsa_st {
    BIGNUM *dmp1;
    BIGNUM *dmq1;
    BIGNUM *iqmp;
-    /* TODO(3.0): Support PSS in FIPS_MODE */
+    /* If a PSS only key this contains the parameter restrictions */
+    RSA_PSS_PARAMS *pss;
 #ifndef FIPS_MODE
    /* for multi-prime RSA, defined in RFC 8017 */
    STACK_OF(RSA_PRIME_INFO) *prime_infos;
-    /* If a PSS only key this contains the parameter restrictions */
-    RSA_PSS_PARAMS *pss;
-    /* be careful using this if the RSA structure is shared */
+    /* Be careful using this if the RSA structure is shared */
    CRYPTO_EX_DATA ex_data;
 #endif
    CRYPTO_REF_COUNT references;
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@ -186,6 +186,47 @@ const unsigned char *rsa_digestinfo_encoding(int md_nid, size_t *len)
    }
 }

+#define MD_NID_CASE(name, sz)                                                  \
+    case NID_##name:                                                           \
+        return sz;
+
+static int digest_sz_from_nid(int nid)
+{
+    switch (nid) {
+#ifndef FIPS_MODE
+# ifndef OPENSSL_NO_MDC2
+    MD_NID_CASE(mdc2, MDC2_DIGEST_LENGTH)
+# endif
+# ifndef OPENSSL_NO_MD2
+    MD_NID_CASE(md2, MD2_DIGEST_LENGTH)
+# endif
+# ifndef OPENSSL_NO_MD4
+    MD_NID_CASE(md4, MD4_DIGEST_LENGTH)
+# endif
+# ifndef OPENSSL_NO_MD5
+    MD_NID_CASE(md5, MD5_DIGEST_LENGTH)
+# endif
+# ifndef OPENSSL_NO_RMD160
+    MD_NID_CASE(ripemd160, RIPEMD160_DIGEST_LENGTH)
+# endif
+#endif /* FIPS_MODE */
+    MD_NID_CASE(sha1, SHA_DIGEST_LENGTH)
+    MD_NID_CASE(sha224, SHA224_DIGEST_LENGTH)
+    MD_NID_CASE(sha256, SHA256_DIGEST_LENGTH)
+    MD_NID_CASE(sha384, SHA384_DIGEST_LENGTH)
+    MD_NID_CASE(sha512, SHA512_DIGEST_LENGTH)
+    MD_NID_CASE(sha512_224, SHA224_DIGEST_LENGTH)
+    MD_NID_CASE(sha512_256, SHA256_DIGEST_LENGTH)
+    MD_NID_CASE(sha3_224, SHA224_DIGEST_LENGTH)
+    MD_NID_CASE(sha3_256, SHA256_DIGEST_LENGTH)
+    MD_NID_CASE(sha3_384, SHA384_DIGEST_LENGTH)
+    MD_NID_CASE(sha3_512, SHA512_DIGEST_LENGTH)
+    default:
+        return 0;
+    }
+}
+
+
 /* Size of an SSL signature: MD5+SHA1 */
 #define SSL_SIG_LENGTH  36

@ -237,8 +278,10 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
    unsigned char *tmps = NULL;
    const unsigned char *encoded = NULL;

+#ifndef FIPS_MODE
    if (rsa->meth->rsa_sign != NULL)
        return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
+#endif /* FIPS_MODE */

    /* Compute the encoded digest. */
    if (type == NID_md5_sha1) {
@ -311,6 +354,7 @@ int int_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
        goto err;
    decrypt_len = len;

+#ifndef FIPS_MODE
    if (type == NID_md5_sha1) {
        /*
         * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and
@ -356,20 +400,17 @@ int int_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
                goto err;
            }
        }
-    } else {
+    } else
+#endif /* FIPS_MODE */
+    {
        /*
         * If recovering the digest, extract a digest-sized output from the end
         * of |decrypt_buf| for |encode_pkcs1|, then compare the decryption
         * output as in a standard verification.
         */
        if (rm != NULL) {
-            const EVP_MD *md = EVP_get_digestbynid(type);
-            if (md == NULL) {
-                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_UNKNOWN_ALGORITHM_TYPE);
-                goto err;
-            }
+            len = digest_sz_from_nid(type);

-            len = EVP_MD_size(md);
            if (len <= 0)
                goto err;
            m_len = (unsigned int)len;
--- a/include/openssl/core_numbers.h
+++ b/include/openssl/core_numbers.h
@ -85,7 +85,7 @@ OSSL_CORE_MAKE_FUNC(int, core_set_error_mark, (const OSSL_PROVIDER *prov))
 # define OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK  9
 OSSL_CORE_MAKE_FUNC(int, core_clear_last_error_mark,
                    (const OSSL_PROVIDER *prov))
-# define OSSL_FUNC_CORE_POP_ERROR_TO_MARK 10
+# define OSSL_FUNC_CORE_POP_ERROR_TO_MARK     10
 OSSL_CORE_MAKE_FUNC(int, core_pop_error_to_mark, (const OSSL_PROVIDER *prov))

 /* Memory allocation, freeing, clearing. */
@ -134,6 +134,7 @@ OSSL_CORE_MAKE_FUNC(void,
 #define OSSL_FUNC_BIO_READ_EX                 42
 #define OSSL_FUNC_BIO_FREE                    43
 #define OSSL_FUNC_BIO_VPRINTF                 44
+#define OSSL_FUNC_BIO_VSNPRINTF               45

 OSSL_CORE_MAKE_FUNC(BIO *, BIO_new_file, (const char *filename, const char *mode))
 OSSL_CORE_MAKE_FUNC(BIO *, BIO_new_membuf, (const void *buf, int len))
@ -142,6 +143,8 @@ OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (BIO *bio, void *data, size_t data_len,
 OSSL_CORE_MAKE_FUNC(int, BIO_free, (BIO *bio))
 OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (BIO *bio, const char *format,
                                       va_list args))
+OSSL_CORE_MAKE_FUNC(int, BIO_vsnprintf,
+                   (char *buf, size_t n, const char *fmt, va_list args))

 #define OSSL_FUNC_SELF_TEST_CB               100
 OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CTX *ctx, OSSL_CALLBACK **cb,
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@ -69,6 +69,7 @@ static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
 static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
 static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
 static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
+static OSSL_BIO_vsnprintf_fn *c_BIO_vsnprintf;

 typedef struct fips_global_st {
    const OSSL_PROVIDER *prov;
@ -805,6 +806,7 @@ static const OSSL_ALGORITHM fips_signature[] = {
 #ifndef OPENSSL_NO_DSA
    { "DSA:dsaEncryption", "provider=fips,fips=yes", dsa_signature_functions },
 #endif
+    { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_signature_functions },
    { NULL, NULL, NULL }
 };

@ -961,6 +963,9 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
        case OSSL_FUNC_BIO_FREE:
            selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
            break;
+        case OSSL_FUNC_BIO_VSNPRINTF:
+            c_BIO_vsnprintf = OSSL_get_BIO_vsnprintf(in);
+            break;
        case OSSL_FUNC_SELF_TEST_CB: {
            stcbfn = OSSL_get_self_test_cb(in);
            break;
@ -1161,3 +1166,14 @@ int CRYPTO_secure_allocated(const void *ptr)
 {
    return c_CRYPTO_secure_allocated(ptr);
 }
+
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, format);
+    ret = c_BIO_vsnprintf(buf, n, format, args);
+    va_end(args);
+    return ret;
+}
--- a/providers/implementations/signature/build.info
+++ b/providers/implementations/signature/build.info
@ -2,7 +2,6 @@
 # switch each to the Legacy provider when needed.

 $DSA_GOAL=../../libimplementations.a
-$RSA_GOAL=../../libimplementations.a
 $EC_GOAL=../../libimplementations.a

 IF[{- !$disabled{dsa} -}]
@ -13,6 +12,5 @@ IF[{- !$disabled{ec} -}]
  SOURCE[$EC_GOAL]=eddsa.c
 ENDIF

-SOURCE[$RSA_GOAL]=rsa.c
-
-
+SOURCE[../../libfips.a]=rsa.c
+SOURCE[../../libnonfips.a]=rsa.c
--- a/providers/implementations/signature/rsa.c
+++ b/providers/implementations/signature/rsa.c
@ -328,7 +328,6 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen,
            goto end;
        }
 #endif
-
        switch (prsactx->pad_mode) {
        case RSA_X931_PADDING:
            if ((size_t)RSA_size(prsactx->rsa) < tbslen + 1) {