From 65300dcfb04bae643ea7b8f42ff8c8f1b1210a9e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 1 Jun 2011 13:39:45 +0000 Subject: [PATCH] Prohibit use of low level digest APIs in FIPS mode. --- CHANGES | 5 +++++ crypto/crypto.h | 16 ++++++++++++++++ crypto/evp/evp_locl.h | 15 +++++++++++++++ crypto/evp/m_md4.c | 2 ++ crypto/evp/m_md5.c | 1 + crypto/evp/m_mdc2.c | 2 ++ crypto/evp/m_ripemd.c | 1 + crypto/evp/m_sha.c | 1 + crypto/evp/m_wp.c | 1 + crypto/md2/md2.h | 3 +++ crypto/md2/md2_dgst.c | 2 +- crypto/md4/md4.h | 3 +++ crypto/md4/md4_dgst.c | 5 +++-- crypto/md5/md5.h | 3 +++ crypto/md5/md5_dgst.c | 3 ++- crypto/mdc2/mdc2.h | 3 +++ crypto/mdc2/mdc2dgst.c | 3 ++- crypto/ripemd/ripemd.h | 3 +++ crypto/ripemd/rmd_dgst.c | 3 ++- crypto/sha/sha.h | 14 ++++++++++++++ crypto/sha/sha1dgst.c | 1 + crypto/sha/sha256.c | 4 ++-- crypto/sha/sha512.c | 4 ++-- crypto/sha/sha_dgst.c | 1 + crypto/sha/sha_locl.h | 6 +++++- crypto/whrlpool/whrlpool.h | 3 +++ crypto/whrlpool/wp_dgst.c | 3 ++- 27 files changed, 99 insertions(+), 12 deletions(-) diff --git a/CHANGES b/CHANGES index e45caddc0..4702d74f1 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 1.0.0d and 1.0.1 [xx XXX xxxx] + *) Low level digest APIs are not approved in FIPS mode: any attempt + to use these will cause a fatal error. Applications that *really* want + to use them can use the private_* version instead. + [Steve Henson] + *) Redirect cipher operations to FIPS module for FIPS builds. [Steve Henson] diff --git a/crypto/crypto.h b/crypto/crypto.h index 0a34ef2ac..da3e27bc2 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -552,6 +552,22 @@ int FIPS_mode_set(int r); void OPENSSL_init(void); +#define fips_md_init(alg) fips_md_init_ctx(alg, alg) + +#ifdef OPENSSL_FIPS +#define fips_md_init_ctx(alg, cx) \ + int alg##_Init(cx##_CTX *c) \ + { \ + if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ + "Low level API call to digest " #alg " forbidden in FIPS mode!"); \ + return private_##alg##_Init(c); \ + } \ + int private_##alg##_Init(cx##_CTX *c) +#else +#define fips_md_init_ctx(alg, cx) \ + int alg##_Init(cx##_CTX *c) +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 292d74c18..1620eb714 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -343,3 +343,18 @@ struct evp_pkey_method_st } /* EVP_PKEY_METHOD */; void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); + +#ifdef OPENSSL_FIPS +#define RIPEMD160_Init private_RIPEMD160_Init +#define WHIRLPOOL_Init private_WHIRLPOOL_Init +#define MD5_Init private_MD5_Init +#define MD4_Init private_MD4_Init +#define MD2_Init private_MD2_Init +#define MDC2_Init private_MDC2_Init +#define SHA_Init private_SHA_Init +#define SHA1_Init private_SHA1_Init +#define SHA224_Init private_SHA224_Init +#define SHA256_Init private_SHA256_Init +#define SHA384_Init private_SHA384_Init +#define SHA512_Init private_SHA512_Init +#endif diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index 1e0b7c5b4..6d47f61b2 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -69,6 +69,8 @@ #include #endif +#include "evp_locl.h" + static int init(EVP_MD_CTX *ctx) { return MD4_Init(ctx->md_data); } diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index 63c142119..9a8bae025 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include #endif +#include "evp_locl.h" static int init(EVP_MD_CTX *ctx) { return MD5_Init(ctx->md_data); } diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c index b08d55980..3602bed31 100644 --- a/crypto/evp/m_mdc2.c +++ b/crypto/evp/m_mdc2.c @@ -69,6 +69,8 @@ #include #endif +#include "evp_locl.h" + static int init(EVP_MD_CTX *ctx) { return MDC2_Init(ctx->md_data); } diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c index a1d60ee78..7bf4804cf 100644 --- a/crypto/evp/m_ripemd.c +++ b/crypto/evp/m_ripemd.c @@ -68,6 +68,7 @@ #ifndef OPENSSL_NO_RSA #include #endif +#include "evp_locl.h" static int init(EVP_MD_CTX *ctx) { return RIPEMD160_Init(ctx->md_data); } diff --git a/crypto/evp/m_sha.c b/crypto/evp/m_sha.c index acccc8f92..8769cdd42 100644 --- a/crypto/evp/m_sha.c +++ b/crypto/evp/m_sha.c @@ -67,6 +67,7 @@ #ifndef OPENSSL_NO_RSA #include #endif +#include "evp_locl.h" static int init(EVP_MD_CTX *ctx) { return SHA_Init(ctx->md_data); } diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c index 1ce47c040..c51bc2d5d 100644 --- a/crypto/evp/m_wp.c +++ b/crypto/evp/m_wp.c @@ -9,6 +9,7 @@ #include #include #include +#include "evp_locl.h" static int init(EVP_MD_CTX *ctx) { return WHIRLPOOL_Init(ctx->md_data); } diff --git a/crypto/md2/md2.h b/crypto/md2/md2.h index a46120e7d..d59c9f259 100644 --- a/crypto/md2/md2.h +++ b/crypto/md2/md2.h @@ -81,6 +81,9 @@ typedef struct MD2state_st } MD2_CTX; const char *MD2_options(void); +#ifdef OPENSSL_FIPS +int private_MD2_Init(MD2_CTX *c); +#endif int MD2_Init(MD2_CTX *c); int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); int MD2_Final(unsigned char *md, MD2_CTX *c); diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c index c57b3da28..bf89def73 100644 --- a/crypto/md2/md2_dgst.c +++ b/crypto/md2/md2_dgst.c @@ -116,7 +116,7 @@ const char *MD2_options(void) return("md2(int)"); } -int MD2_Init(MD2_CTX *c) +fips_md_init(MD2) { c->num=0; memset(c->state,0,sizeof c->state); diff --git a/crypto/md4/md4.h b/crypto/md4/md4.h index c3ed9b3f7..a55368a79 100644 --- a/crypto/md4/md4.h +++ b/crypto/md4/md4.h @@ -105,6 +105,9 @@ typedef struct MD4state_st unsigned int num; } MD4_CTX; +#ifdef OPENSSL_FIPS +int private_MD4_Init(MD4_CTX *c); +#endif int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, size_t len); int MD4_Final(unsigned char *md, MD4_CTX *c); diff --git a/crypto/md4/md4_dgst.c b/crypto/md4/md4_dgst.c index e0c42e859..82c2cb2d9 100644 --- a/crypto/md4/md4_dgst.c +++ b/crypto/md4/md4_dgst.c @@ -57,8 +57,9 @@ */ #include -#include "md4_locl.h" #include +#include +#include "md4_locl.h" const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; @@ -70,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L -int MD4_Init(MD4_CTX *c) +fips_md_init(MD4) { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; diff --git a/crypto/md5/md5.h b/crypto/md5/md5.h index 4cbf84386..541cc925f 100644 --- a/crypto/md5/md5.h +++ b/crypto/md5/md5.h @@ -105,6 +105,9 @@ typedef struct MD5state_st unsigned int num; } MD5_CTX; +#ifdef OPENSSL_FIPS +int private_MD5_Init(MD5_CTX *c); +#endif int MD5_Init(MD5_CTX *c); int MD5_Update(MD5_CTX *c, const void *data, size_t len); int MD5_Final(unsigned char *md, MD5_CTX *c); diff --git a/crypto/md5/md5_dgst.c b/crypto/md5/md5_dgst.c index beace632e..265890de5 100644 --- a/crypto/md5/md5_dgst.c +++ b/crypto/md5/md5_dgst.c @@ -59,6 +59,7 @@ #include #include "md5_locl.h" #include +#include const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; @@ -70,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L -int MD5_Init(MD5_CTX *c) +fips_md_init(MD5) { memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; diff --git a/crypto/mdc2/mdc2.h b/crypto/mdc2/mdc2.h index 72778a521..f3e8e579d 100644 --- a/crypto/mdc2/mdc2.h +++ b/crypto/mdc2/mdc2.h @@ -81,6 +81,9 @@ typedef struct mdc2_ctx_st } MDC2_CTX; +#ifdef OPENSSL_FIPS +int private_MDC2_Init(MDC2_CTX *c); +#endif int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c index 4aa406edc..b74bb1a75 100644 --- a/crypto/mdc2/mdc2dgst.c +++ b/crypto/mdc2/mdc2dgst.c @@ -61,6 +61,7 @@ #include #include #include +#include #undef c2l #define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ @@ -75,7 +76,7 @@ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len); -int MDC2_Init(MDC2_CTX *c) +fips_md_init(MDC2) { c->num=0; c->pad_type=1; diff --git a/crypto/ripemd/ripemd.h b/crypto/ripemd/ripemd.h index 5942eb618..189bd8c90 100644 --- a/crypto/ripemd/ripemd.h +++ b/crypto/ripemd/ripemd.h @@ -91,6 +91,9 @@ typedef struct RIPEMD160state_st unsigned int num; } RIPEMD160_CTX; +#ifdef OPENSSL_FIPS +int private_RIPEMD160_Init(RIPEMD160_CTX *c); +#endif int RIPEMD160_Init(RIPEMD160_CTX *c); int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); diff --git a/crypto/ripemd/rmd_dgst.c b/crypto/ripemd/rmd_dgst.c index 59b017f8c..63f0d983f 100644 --- a/crypto/ripemd/rmd_dgst.c +++ b/crypto/ripemd/rmd_dgst.c @@ -59,6 +59,7 @@ #include #include "rmd_locl.h" #include +#include const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT; @@ -69,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT; void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); # endif -int RIPEMD160_Init(RIPEMD160_CTX *c) +fips_md_init(RIPEMD160) { memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h index 16cacf9fc..8a6bf4bbb 100644 --- a/crypto/sha/sha.h +++ b/crypto/sha/sha.h @@ -106,6 +106,9 @@ typedef struct SHAstate_st } SHA_CTX; #ifndef OPENSSL_NO_SHA0 +#ifdef OPENSSL_FIPS +int private_SHA_Init(SHA_CTX *c); +#endif int SHA_Init(SHA_CTX *c); int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); @@ -113,6 +116,9 @@ unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md); void SHA_Transform(SHA_CTX *c, const unsigned char *data); #endif #ifndef OPENSSL_NO_SHA1 +#ifdef OPENSSL_FIPS +int private_SHA1_Init(SHA_CTX *c); +#endif int SHA1_Init(SHA_CTX *c); int SHA1_Update(SHA_CTX *c, const void *data, size_t len); int SHA1_Final(unsigned char *md, SHA_CTX *c); @@ -135,6 +141,10 @@ typedef struct SHA256state_st } SHA256_CTX; #ifndef OPENSSL_NO_SHA256 +#ifdef OPENSSL_FIPS +int private_SHA224_Init(SHA256_CTX *c); +int private_SHA256_Init(SHA256_CTX *c); +#endif int SHA224_Init(SHA256_CTX *c); int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); int SHA224_Final(unsigned char *md, SHA256_CTX *c); @@ -182,6 +192,10 @@ typedef struct SHA512state_st #endif #ifndef OPENSSL_NO_SHA512 +#ifdef OPENSSL_FIPS +int private_SHA384_Init(SHA512_CTX *c); +int private_SHA512_Init(SHA512_CTX *c); +#endif int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c index 50d1925cd..81219af08 100644 --- a/crypto/sha/sha1dgst.c +++ b/crypto/sha/sha1dgst.c @@ -57,6 +57,7 @@ */ #include +#include #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) #undef SHA_0 diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c index 8952d8767..f88d3d6da 100644 --- a/crypto/sha/sha256.c +++ b/crypto/sha/sha256.c @@ -16,7 +16,7 @@ const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT; -int SHA224_Init (SHA256_CTX *c) +fips_md_init_ctx(SHA224, SHA256) { memset (c,0,sizeof(*c)); c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; @@ -27,7 +27,7 @@ int SHA224_Init (SHA256_CTX *c) return 1; } -int SHA256_Init (SHA256_CTX *c) +fips_md_init(SHA256) { memset (c,0,sizeof(*c)); c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index cbc0e58c4..8b13e6ca1 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -59,7 +59,7 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA #endif -int SHA384_Init (SHA512_CTX *c) +fips_md_init_ctx(SHA384, SHA512) { #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) /* maintain dword order required by assembler module */ @@ -88,7 +88,7 @@ int SHA384_Init (SHA512_CTX *c) return 1; } -int SHA512_Init (SHA512_CTX *c) +fips_md_init(SHA512) { #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) /* maintain dword order required by assembler module */ diff --git a/crypto/sha/sha_dgst.c b/crypto/sha/sha_dgst.c index 70eb56032..c946ad827 100644 --- a/crypto/sha/sha_dgst.c +++ b/crypto/sha/sha_dgst.c @@ -57,6 +57,7 @@ */ #include +#include #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h index 672c26eee..7a0c3ca8d 100644 --- a/crypto/sha/sha_locl.h +++ b/crypto/sha/sha_locl.h @@ -122,7 +122,11 @@ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL -int HASH_INIT (SHA_CTX *c) +#ifdef SHA_0 +fips_md_init(SHA) +#else +fips_md_init_ctx(SHA1, SHA) +#endif { memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; diff --git a/crypto/whrlpool/whrlpool.h b/crypto/whrlpool/whrlpool.h index 03c91da11..9e01f5b07 100644 --- a/crypto/whrlpool/whrlpool.h +++ b/crypto/whrlpool/whrlpool.h @@ -24,6 +24,9 @@ typedef struct { } WHIRLPOOL_CTX; #ifndef OPENSSL_NO_WHIRLPOOL +#ifdef OPENSSL_FIPS +int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c); +#endif int WHIRLPOOL_Init (WHIRLPOOL_CTX *c); int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *inp,size_t bytes); void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits); diff --git a/crypto/whrlpool/wp_dgst.c b/crypto/whrlpool/wp_dgst.c index ee5c5c1bf..7e28bef51 100644 --- a/crypto/whrlpool/wp_dgst.c +++ b/crypto/whrlpool/wp_dgst.c @@ -52,9 +52,10 @@ */ #include "wp_locl.h" +#include #include -int WHIRLPOOL_Init (WHIRLPOOL_CTX *c) +fips_md_init(WHIRLPOOL) { memset (c,0,sizeof(*c)); return(1);