147 lines
4.3 KiB
Diff
147 lines
4.3 KiB
Diff
diff -up openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c
|
|
--- openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips-reqs 2013-11-15 16:38:18.378484894 +0100
|
|
+++ openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c 2013-11-15 16:54:19.584570380 +0100
|
|
@@ -340,6 +340,42 @@ static const unsigned char kat_RSA_X931_
|
|
0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
|
|
};
|
|
|
|
+static int fips_rsa_encrypt_test(RSA *rsa, const unsigned char *plaintext, int ptlen)
|
|
+ {
|
|
+ unsigned char *ctbuf = NULL, *ptbuf = NULL;
|
|
+ int ret = 0;
|
|
+ int len;
|
|
+
|
|
+ ctbuf = OPENSSL_malloc(RSA_size(rsa));
|
|
+ if (!ctbuf)
|
|
+ goto err;
|
|
+
|
|
+ len = RSA_public_encrypt(ptlen, plaintext, ctbuf, rsa, RSA_PKCS1_PADDING);
|
|
+ if (len <= 0)
|
|
+ goto err;
|
|
+ /* Check ciphertext doesn't match plaintext */
|
|
+ if (len >= ptlen && !memcmp(plaintext, ctbuf, ptlen))
|
|
+ goto err;
|
|
+
|
|
+ ptbuf = OPENSSL_malloc(RSA_size(rsa));
|
|
+ if (!ptbuf)
|
|
+ goto err;
|
|
+
|
|
+ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
|
|
+ if (len != ptlen)
|
|
+ goto err;
|
|
+ if (memcmp(ptbuf, plaintext, len))
|
|
+ goto err;
|
|
+
|
|
+ ret = 1;
|
|
+
|
|
+ err:
|
|
+ if (ctbuf)
|
|
+ OPENSSL_free(ctbuf);
|
|
+ if (ptbuf)
|
|
+ OPENSSL_free(ptbuf);
|
|
+ return ret;
|
|
+ }
|
|
|
|
int FIPS_selftest_rsa()
|
|
{
|
|
@@ -353,7 +389,7 @@ int FIPS_selftest_rsa()
|
|
if ((pk=EVP_PKEY_new()) == NULL)
|
|
goto err;
|
|
|
|
- EVP_PKEY_assign_RSA(pk, key);
|
|
+ EVP_PKEY_set1_RSA(pk, key);
|
|
|
|
if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
|
|
kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
|
|
@@ -430,13 +466,15 @@ int FIPS_selftest_rsa()
|
|
"RSA SHA512 X931"))
|
|
goto err;
|
|
|
|
+ if (!fips_rsa_encrypt_test(key, kat_tbs, sizeof(kat_tbs) - 1))
|
|
+ goto err;
|
|
|
|
ret = 1;
|
|
|
|
err:
|
|
if (pk)
|
|
EVP_PKEY_free(pk);
|
|
- else if (key)
|
|
+ if (key)
|
|
RSA_free(key);
|
|
return ret;
|
|
}
|
|
diff -up openssl-1.0.1e/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1e/crypto/modes/gcm128.c
|
|
--- openssl-1.0.1e/crypto/modes/gcm128.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100
|
|
+++ openssl-1.0.1e/crypto/modes/gcm128.c 2013-11-15 16:38:18.417485749 +0100
|
|
@@ -898,6 +898,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
|
|
# endif
|
|
#endif
|
|
|
|
+ ctx->totlen += len;
|
|
+ if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
|
|
+ return -1;
|
|
+
|
|
#if 0
|
|
n = (unsigned int)mlen%16; /* alternative to ctx->mres */
|
|
#endif
|
|
@@ -1200,6 +1204,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
|
|
# endif
|
|
#endif
|
|
|
|
+ ctx->totlen += len;
|
|
+ if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
|
|
+ return -1;
|
|
+
|
|
mlen += len;
|
|
if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
|
|
return -1;
|
|
diff -up openssl-1.0.1e/crypto/modes/modes_lcl.h.fips-reqs openssl-1.0.1e/crypto/modes/modes_lcl.h
|
|
--- openssl-1.0.1e/crypto/modes/modes_lcl.h.fips-reqs 2013-11-15 16:38:17.984476250 +0100
|
|
+++ openssl-1.0.1e/crypto/modes/modes_lcl.h 2013-11-15 16:38:18.417485749 +0100
|
|
@@ -115,6 +115,7 @@ struct gcm128_context {
|
|
unsigned int mres, ares;
|
|
block128_f block;
|
|
void *key;
|
|
+ u64 totlen;
|
|
};
|
|
|
|
struct xts128_context {
|
|
diff -up openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1e/crypto/rand/rand_lcl.h
|
|
--- openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs 2013-11-15 16:38:18.110479014 +0100
|
|
+++ openssl-1.0.1e/crypto/rand/rand_lcl.h 2013-11-15 16:38:18.417485749 +0100
|
|
@@ -112,7 +112,7 @@
|
|
#ifndef HEADER_RAND_LCL_H
|
|
#define HEADER_RAND_LCL_H
|
|
|
|
-#define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */
|
|
+#define ENTROPY_NEEDED 48 /* require 384 bits = 48 bytes of randomness */
|
|
|
|
|
|
#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
|
|
diff -up openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1e/crypto/rand/rand_lib.c
|
|
--- openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100
|
|
+++ openssl-1.0.1e/crypto/rand/rand_lib.c 2013-11-15 16:38:18.417485749 +0100
|
|
@@ -68,6 +68,7 @@
|
|
#ifdef OPENSSL_FIPS
|
|
#include <openssl/fips.h>
|
|
#include <openssl/fips_rand.h>
|
|
+#include "../fips/fips_rand_lcl.h"
|
|
#endif
|
|
|
|
#ifndef OPENSSL_NO_ENGINE
|
|
@@ -239,12 +240,14 @@ static int drbg_rand_add(DRBG_CTX *ctx,
|
|
double entropy)
|
|
{
|
|
RAND_SSLeay()->add(in, inlen, entropy);
|
|
+ ctx->status = DRBG_STATUS_RESEED;
|
|
return 1;
|
|
}
|
|
|
|
static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
|
|
{
|
|
RAND_SSLeay()->seed(in, inlen);
|
|
+ ctx->status = DRBG_STATUS_RESEED;
|
|
return 1;
|
|
}
|
|
|