diff --git a/CHANGES b/CHANGES index 1ee3a478d..872ab107f 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] + *) Rename FIPS_mode_set and FIPS_mode to FIPS_module_mode_set and + FIPS_module_mode. FIPS_mode and FIPS_mode_set will be implmeneted + outside the validated module in the FIPS capable OpenSSL. + [Steve Henson] + *) Initial TLS v1.2 client support. Add a default signature algorithms extension including all the algorithms we support. Parse new signature format in client key exchange. Relax some ECC signing restrictions for diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 30cc929ff..8d74895de 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -252,7 +252,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) * generated. So we just use the second case which is equivalent to * "Generation by Testing Candidates" mentioned in B.1.2 et al. */ - else if (!FIPS_mode() && !BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) + else if (!FIPS_module_mode() && !BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) #else else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) #endif diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 9749b7215..d0cecda8d 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -118,7 +118,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB return 0; } - if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) + if (FIPS_module_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) { DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); goto err; diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 6c0c745c8..ca2435e75 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -128,7 +128,7 @@ static int generate_key(DH *dh) BIGNUM *pub_key=NULL,*priv_key=NULL; #ifdef OPENSSL_FIPS - if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) + if (FIPS_module_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) { DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL); return 0; @@ -227,7 +227,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) } #ifdef OPENSSL_FIPS - if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) + if (FIPS_module_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) { DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL); goto err; diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 4ff8a472c..a4a0421be 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -141,7 +141,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, goto err; } - if (FIPS_mode() && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW) + if (FIPS_module_mode() && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW) && (bits < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) { DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_TOO_SMALL); @@ -412,7 +412,7 @@ static int dsa2_valid_parameters(size_t L, size_t N) int fips_check_dsa_prng(DSA *dsa, size_t L, size_t N) { int strength; - if (!FIPS_mode()) + if (!FIPS_module_mode()) return 1; if (dsa->flags & (DSA_FLAG_NON_FIPS_ALLOW|DSA_FLAG_FIPS_CHECKED)) diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 3df9a6c6a..0c47ac45b 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -106,7 +106,7 @@ static int dsa_builtin_keygen(DSA *dsa) BIGNUM *pub_key=NULL,*priv_key=NULL; #ifdef OPENSSL_FIPS - if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) + if (FIPS_module_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) { DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL); diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 38f667f4e..38b4f0601 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -150,7 +150,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) return NULL; } - if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) + if (FIPS_module_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) { DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL); @@ -353,7 +353,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, return -1; } - if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) + if (FIPS_module_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) { DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL); diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 87ef77f07..ef22737b0 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -260,7 +260,7 @@ static int fips_check_ec(EC_KEY *key) int fips_check_ec_prng(EC_KEY *ec) { int bits, strength; - if (!FIPS_mode()) + if (!FIPS_module_mode()) return 1; if (ec->flags & (EC_FLAG_NON_FIPS_ALLOW|EC_FLAG_FIPS_CHECKED)) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index b0cb33e73..361abf2fd 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -247,7 +247,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) if (arg <= 0) return 0; #ifdef OPENSSL_FIPS - if (FIPS_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) + if (FIPS_module_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && arg < 12) return 0; #endif @@ -519,7 +519,7 @@ static int aes_xts(EVP_CIPHER_CTX *ctx, unsigned char *out, return -1; #ifdef OPENSSL_FIPS /* Requirement of SP800-38E */ - if (FIPS_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && + if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && (len > (1L<<20)*16)) { EVPerr(EVP_F_AES_XTS, EVP_R_TOO_LARGE); diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index bb434d732..325efb95c 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -170,7 +170,7 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, goto err; } - if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) + if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); @@ -382,7 +382,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, goto err; } - if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) + if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); @@ -530,7 +530,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, goto err; } - if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) + if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); @@ -674,7 +674,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, goto err; } - if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) + if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 24f9eaf4d..d28f8725c 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -82,7 +82,7 @@ int fips_check_rsa_prng(RSA *rsa, int bits) { int strength; - if (!FIPS_mode()) + if (!FIPS_module_mode()) return 1; if (rsa->flags & (RSA_FLAG_NON_FIPS_ALLOW|RSA_FLAG_CHECKED)) @@ -205,7 +205,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) return 0; } - if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) + if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT); diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c index 819a72895..e6e62c4ad 100644 --- a/crypto/rsa/rsa_x931g.c +++ b/crypto/rsa/rsa_x931g.c @@ -210,7 +210,7 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb) BN_CTX *ctx = NULL; #ifdef OPENSSL_FIPS - if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && + if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT); diff --git a/fips/fips.c b/fips/fips.c index a18fd58f2..6498595ec 100644 --- a/fips/fips.c +++ b/fips/fips.c @@ -96,7 +96,7 @@ static void fips_set_mode(int onoff) } } -int FIPS_mode(void) +int FIPS_module_mode(void) { int ret = 0; int owning_thread = fips_is_owning_thread(); @@ -237,7 +237,7 @@ int FIPS_check_incore_fingerprint(void) return rv; } -int FIPS_mode_set(int onoff) +int FIPS_module_mode_set(int onoff) { int fips_set_owning_thread(); int fips_clear_owning_thread(); @@ -254,7 +254,7 @@ int FIPS_mode_set(int onoff) /* Don't go into FIPS mode twice, just so we can do automagic seeding */ - if(FIPS_mode()) + if(FIPS_module_mode()) { FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET); fips_selftest_fail = 1; diff --git a/fips/fips.h b/fips/fips.h index c37c32b2f..d07d19040 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -67,8 +67,8 @@ struct env_md_st; struct evp_cipher_st; struct evp_cipher_ctx_st; -int FIPS_mode_set(int onoff); -int FIPS_mode(void); +int FIPS_module_mode_set(int onoff); +int FIPS_module_mode(void); const void *FIPS_rand_check(void); int FIPS_selftest(void); int FIPS_selftest_failed(void); diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index 2f9333c35..5290cb258 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -945,7 +945,7 @@ int main(int argc,char **argv) } if (!no_exit) { fips_algtest_init_nofips(); - if (!FIPS_mode_set(1)) { + if (!FIPS_module_mode_set(1)) { printf("Power-up self test failed\n"); exit(1); } @@ -964,8 +964,8 @@ int main(int argc,char **argv) /* Power-up self test */ ERR_clear_error(); - test_msg("2. Automatic power-up self test", FIPS_mode_set(1)); - if (!FIPS_mode()) + test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1)); + if (!FIPS_module_mode()) exit(1); if (do_drbg_stick) FIPS_drbg_stick(); diff --git a/fips/fips_utl.h b/fips/fips_utl.h index dc29c20ce..6cb58094b 100644 --- a/fips/fips_utl.h +++ b/fips/fips_utl.h @@ -136,7 +136,7 @@ void do_entropy_stick(void) void fips_algtest_init(void) { fips_algtest_init_nofips(); - if (!FIPS_mode_set(1)) + if (!FIPS_module_mode_set(1)) { fprintf(stderr, "Error entering FIPS mode\n"); exit(1); diff --git a/fips/rand/fips_rand_lib.c b/fips/rand/fips_rand_lib.c index 9ea6655ed..cc8d7179b 100644 --- a/fips/rand/fips_rand_lib.c +++ b/fips/rand/fips_rand_lib.c @@ -72,7 +72,7 @@ int FIPS_rand_set_method(const RAND_METHOD *meth) else fips_approved_rand_meth = 0; - if (!fips_approved_rand_meth && FIPS_mode()) + if (!fips_approved_rand_meth && FIPS_module_mode()) { FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD, FIPS_R_NON_FIPS_METHOD); return 0; @@ -83,7 +83,7 @@ int FIPS_rand_set_method(const RAND_METHOD *meth) void FIPS_rand_seed(const void *buf, int num) { - if (!fips_approved_rand_meth && FIPS_mode()) + if (!fips_approved_rand_meth && FIPS_module_mode()) { FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD); return; @@ -94,7 +94,7 @@ void FIPS_rand_seed(const void *buf, int num) void FIPS_rand_add(const void *buf, int num, double entropy) { - if (!fips_approved_rand_meth && FIPS_mode()) + if (!fips_approved_rand_meth && FIPS_module_mode()) { FIPSerr(FIPS_F_FIPS_RAND_ADD, FIPS_R_NON_FIPS_METHOD); return; @@ -105,7 +105,7 @@ void FIPS_rand_add(const void *buf, int num, double entropy) int FIPS_rand_bytes(unsigned char *buf, int num) { - if (!fips_approved_rand_meth && FIPS_mode()) + if (!fips_approved_rand_meth && FIPS_module_mode()) { FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD); return 0; @@ -117,7 +117,7 @@ int FIPS_rand_bytes(unsigned char *buf, int num) int FIPS_rand_pseudo_bytes(unsigned char *buf, int num) { - if (!fips_approved_rand_meth && FIPS_mode()) + if (!fips_approved_rand_meth && FIPS_module_mode()) { FIPSerr(FIPS_F_FIPS_RAND_PSEUDO_BYTES, FIPS_R_NON_FIPS_METHOD); return 0; @@ -129,7 +129,7 @@ int FIPS_rand_pseudo_bytes(unsigned char *buf, int num) int FIPS_rand_status(void) { - if (!fips_approved_rand_meth && FIPS_mode()) + if (!fips_approved_rand_meth && FIPS_module_mode()) { FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD); return 0; @@ -153,7 +153,7 @@ int FIPS_rand_strength(void) return 80; else if (fips_approved_rand_meth == 0) { - if (FIPS_mode()) + if (FIPS_module_mode()) return 0; else return 256; diff --git a/fips/utl/fips_enc.c b/fips/utl/fips_enc.c index 55a880d06..fcff5ece8 100644 --- a/fips/utl/fips_enc.c +++ b/fips/utl/fips_enc.c @@ -136,7 +136,7 @@ int FIPS_cipherinit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, if (cipher) { /* Only FIPS ciphers allowed */ - if (FIPS_mode() && !(cipher->flags & EVP_CIPH_FLAG_FIPS) && + if (FIPS_module_mode() && !(cipher->flags & EVP_CIPH_FLAG_FIPS) && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) { EVPerr(EVP_F_FIPS_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS); @@ -288,7 +288,7 @@ int FIPS_cipher_ctx_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) } /* Only FIPS ciphers allowed */ - if (FIPS_mode() && !(in->cipher->flags & EVP_CIPH_FLAG_FIPS) && + if (FIPS_module_mode() && !(in->cipher->flags & EVP_CIPH_FLAG_FIPS) && !(out->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) { EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY, EVP_R_DISABLED_FOR_FIPS); diff --git a/fips/utl/fips_md.c b/fips/utl/fips_md.c index 556267994..8bc028ab3 100644 --- a/fips/utl/fips_md.c +++ b/fips/utl/fips_md.c @@ -173,7 +173,7 @@ int FIPS_digestinit(EVP_MD_CTX *ctx, const EVP_MD *type) ctx->digest = &bad_md; return 0; } - if(FIPS_mode() && !(type->flags & EVP_MD_FLAG_FIPS) && + if(FIPS_module_mode() && !(type->flags & EVP_MD_FLAG_FIPS) && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) { EVPerr(EVP_F_FIPS_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS);