9 files changed, 193 insertions, 60 deletions
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
index 3a8fe5b56b..702c50d6dc 100644
--- a/src/lib/libcrypto/dsa/dsa.h
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -88,6 +88,8 @@
 # define OPENSSL_DSA_MAX_MODULUS_BITS   10000
 #endif
+#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
 #define DSA_FLAG_CACHE_MONT_P   0x01
 #define DSA_FLAG_NO_EXP_CONSTTIME       0x02 /* new with 0.9.7h; the built-in DSA
                                              * implementation now uses constant time
@@ -97,6 +99,25 @@
                                              * be used for all exponents.
                                              */
+/* If this flag is set the DSA method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its reposibility
+ * to ensure the result is compliant.
+ */
+#define DSA_FLAG_FIPS_METHOD                    0x0400
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+#define DSA_FLAG_NON_FIPS_ALLOW                 0x0400
+#ifdef OPENSSL_FIPS
+#define FIPS_DSA_SIZE_T int
+#endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -189,6 +210,11 @@ void	DSA_set_default_method(const DSA_METHOD *);
 const DSA_METHOD *DSA_get_default_method(void);
 int     DSA_set_method(DSA *dsa, const DSA_METHOD *);
+#ifdef OPENSSL_FIPS
+DSA *   FIPS_dsa_new(void);
+void    FIPS_dsa_free (DSA *r);
+#endif
 DSA *   DSA_new(void);
 DSA *   DSA_new_method(ENGINE *engine);
 void    DSA_free (DSA *r);
@@ -249,6 +275,11 @@ int	DSA_print_fp(FILE *bp, const DSA *x, int off);
 DH *DSA_dup_DH(const DSA *r);
 #endif
+#ifdef OPENSSL_FIPS
+int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig);
+int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen);
+#endif
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@@ -261,11 +292,16 @@ void ERR_load_DSA_strings(void);
 #define DSA_F_D2I_DSA_SIG                                110
 #define DSA_F_DSAPARAMS_PRINT                            100
 #define DSA_F_DSAPARAMS_PRINT_FP                         101
+#define DSA_F_DSA_BUILTIN_KEYGEN                         119
+#define DSA_F_DSA_BUILTIN_PARAMGEN                       118
 #define DSA_F_DSA_DO_SIGN                                112
 #define DSA_F_DSA_DO_VERIFY                              113
+#define DSA_F_DSA_GENERATE_PARAMETERS                    117
 #define DSA_F_DSA_NEW_METHOD                             103
 #define DSA_F_DSA_PRINT                                  104
 #define DSA_F_DSA_PRINT_FP                               105
+#define DSA_F_DSA_SET_DEFAULT_METHOD                     115
+#define DSA_F_DSA_SET_METHOD                             116
 #define DSA_F_DSA_SIGN                                   106
 #define DSA_F_DSA_SIGN_SETUP                             107
 #define DSA_F_DSA_SIG_NEW                                109
@@ -276,8 +312,11 @@ void ERR_load_DSA_strings(void);
 /* Reason codes. */
 #define DSA_R_BAD_Q_VALUE                                102
 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                100
+#define DSA_R_KEY_SIZE_TOO_SMALL                         106
 #define DSA_R_MISSING_PARAMETERS                         101
 #define DSA_R_MODULUS_TOO_LARGE                          103
+#define DSA_R_NON_FIPS_METHOD                            104
+#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE         105
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c
index 23fce555aa..0645facb4b 100644
--- a/src/lib/libcrypto/dsa/dsa_asn1.c
+++ b/src/lib/libcrypto/dsa/dsa_asn1.c
@@ -1,5 +1,5 @@
 /* dsa_asn1.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
 /* ====================================================================
@@ -61,6 +61,11 @@
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
+#include <openssl/bn.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 /* Override the default new methods */
 static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
@@ -83,7 +88,7 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
        ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
 } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
-IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG)
 /* Override the default free and new methods */
 static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
@@ -138,3 +143,76 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
 } ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
+int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
+             unsigned int *siglen, DSA *dsa)
+        {
+        DSA_SIG *s;
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+                {
+                DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                return 0;
+                }
+#endif
+        s=DSA_do_sign(dgst,dlen,dsa);
+        if (s == NULL)
+                {
+                *siglen=0;
+                return(0);
+                }
+        *siglen=i2d_DSA_SIG(s,&sig);
+        DSA_SIG_free(s);
+        return(1);
+        }
+int DSA_size(const DSA *r)
+        {
+        int ret,i;
+        ASN1_INTEGER bs;
+        unsigned char buf[4];   /* 4 bytes looks really small.
+                                   However, i2d_ASN1_INTEGER() will not look
+                                   beyond the first byte, as long as the second
+                                   parameter is NULL. */
+        i=BN_num_bits(r->q);
+        bs.length=(i+7)/8;
+        bs.data=buf;
+        bs.type=V_ASN1_INTEGER;
+        /* If the top bit is set the asn1 encoding is 1 larger. */
+        buf[0]=0xff;    
+        i=i2d_ASN1_INTEGER(&bs,NULL);
+        i+=i; /* r and s */
+        ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+        return(ret);
+        }
+/* data has already been hashed (probably with SHA or SHA-1). */
+/* returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+             const unsigned char *sigbuf, int siglen, DSA *dsa)
+        {
+        DSA_SIG *s;
+        int ret=-1;
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+                {
+                DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                return 0;
+                }
+#endif
+        s = DSA_SIG_new();
+        if (s == NULL) return(ret);
+        if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+        ret=DSA_do_verify(dgst,dgst_len,s,dsa);
+err:
+        DSA_SIG_free(s);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
index 768711994b..872839af94 100644
--- a/src/lib/libcrypto/dsa/dsa_err.c
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -1,6 +1,6 @@
 /* crypto/dsa/dsa_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -73,11 +73,16 @@ static ERR_STRING_DATA DSA_str_functs[]=
 {ERR_FUNC(DSA_F_D2I_DSA_SIG),   "d2i_DSA_SIG"},
 {ERR_FUNC(DSA_F_DSAPARAMS_PRINT),       "DSAparams_print"},
 {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP),    "DSAparams_print_fp"},
+{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN),    "DSA_BUILTIN_KEYGEN"},
+{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN),  "DSA_BUILTIN_PARAMGEN"},
 {ERR_FUNC(DSA_F_DSA_DO_SIGN),   "DSA_do_sign"},
 {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
+{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS),       "DSA_generate_parameters"},
 {ERR_FUNC(DSA_F_DSA_NEW_METHOD),        "DSA_new_method"},
 {ERR_FUNC(DSA_F_DSA_PRINT),     "DSA_print"},
 {ERR_FUNC(DSA_F_DSA_PRINT_FP),  "DSA_print_fp"},
+{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD),        "DSA_set_default_method"},
+{ERR_FUNC(DSA_F_DSA_SET_METHOD),        "DSA_set_method"},
 {ERR_FUNC(DSA_F_DSA_SIGN),      "DSA_sign"},
 {ERR_FUNC(DSA_F_DSA_SIGN_SETUP),        "DSA_sign_setup"},
 {ERR_FUNC(DSA_F_DSA_SIG_NEW),   "DSA_SIG_new"},
@@ -91,8 +96,11 @@ static ERR_STRING_DATA DSA_str_reasons[]=
        {
 {ERR_REASON(DSA_R_BAD_Q_VALUE)           ,"bad q value"},
 {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
+{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
 {ERR_REASON(DSA_R_MISSING_PARAMETERS)    ,"missing parameters"},
 {ERR_REASON(DSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
+{ERR_REASON(DSA_R_NON_FIPS_METHOD)       ,"non fips method"},
+{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
 {0,NULL}
        };
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index ca0b86a6cf..6f1728e3cf 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -82,6 +82,8 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
+#ifndef OPENSSL_FIPS
 static int dsa_builtin_paramgen(DSA *ret, int bits,
                unsigned char *seed_in, int seed_len,
                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
@@ -320,3 +322,4 @@ err:
        return ok;
        }
 #endif
+#endif
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index c4aa86bc6d..5e39124230 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -64,6 +64,8 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
+#ifndef OPENSSL_FIPS
 static int dsa_builtin_keygen(DSA *dsa);
 int DSA_generate_key(DSA *dsa)
@@ -126,3 +128,5 @@ err:
        return(ok);
        }
 #endif
+#endif
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index e9b75902db..7ac9dc8c89 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -76,6 +76,14 @@ static const DSA_METHOD *default_DSA_method = NULL;
 void DSA_set_default_method(const DSA_METHOD *meth)
        {
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
+                {
+                DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD);
+                return;
+                }
+#endif
+                
        default_DSA_method = meth;
        }
@@ -96,6 +104,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
        /* NB: The caller is specifically setting a method, so it's not up to us
         * to deal with which ENGINE it comes from. */
        const DSA_METHOD *mtmp;
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
+                {
+                DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD);
+                return 0;
+                }
+#endif
        mtmp = dsa->meth;
        if (mtmp->finish) mtmp->finish(dsa);
 #ifndef OPENSSL_NO_ENGINE
@@ -147,6 +162,18 @@ DSA *DSA_new_method(ENGINE *engine)
                        }
                }
 #endif
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD))
+                {
+                DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD);
+#ifndef OPENSSL_NO_ENGINE
+                if (ret->engine)
+                        ENGINE_finish(ret->engine);
+#endif
+                OPENSSL_free(ret);
+                return NULL;
+                }
+#endif
        ret->pad=0;
        ret->version=0;
@@ -233,28 +260,6 @@ int DSA_up_ref(DSA *r)
        return ((i > 1) ? 1 : 0);
        }
-int DSA_size(const DSA *r)
-        {
-        int ret,i;
-        ASN1_INTEGER bs;
-        unsigned char buf[4];   /* 4 bytes looks really small.
-                                   However, i2d_ASN1_INTEGER() will not look
-                                   beyond the first byte, as long as the second
-                                   parameter is NULL. */
-        i=BN_num_bits(r->q);
-        bs.length=(i+7)/8;
-        bs.data=buf;
-        bs.type=V_ASN1_INTEGER;
-        /* If the top bit is set the asn1 encoding is 1 larger. */
-        buf[0]=0xff;    
-        i=i2d_ASN1_INTEGER(&bs,NULL);
-        i+=i; /* r and s */
-        ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
-        return(ret);
-        }
 int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
        {
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 75ff7cc4af..412cf1d88b 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -65,6 +65,8 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_FIPS
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
@@ -391,3 +393,4 @@ static int dsa_finish(DSA *dsa)
        return(1);
 }
+#endif
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index 89205026f0..4cfbbe57a8 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -64,29 +64,32 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
-DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-        {
-        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
-        }
-int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
+DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-             unsigned int *siglen, DSA *dsa)
        {
-        DSA_SIG *s;
+#ifdef OPENSSL_FIPS
-        s=DSA_do_sign(dgst,dlen,dsa);
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-        if (s == NULL)
                {
-                *siglen=0;
+                DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return(0);
+                return NULL;
                }
-        *siglen=i2d_DSA_SIG(s,&sig);
+#endif
-        DSA_SIG_free(s);
+        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
-        return(1);
        }
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        {
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+                {
+                DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                return 0;
+                }
+#endif
        return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
        }
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index c4aeddd056..c75e423048 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -64,31 +64,21 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 #include <openssl/asn1_mac.h>
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa)
        {
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+                {
+                DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                return 0;
+                }
+#endif
        return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
        }
-/* data has already been hashed (probably with SHA or SHA-1). */
-/* returns
- *      1: correct signature
- *      0: incorrect signature
- *     -1: error
- */
-int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
-             const unsigned char *sigbuf, int siglen, DSA *dsa)
-        {
-        DSA_SIG *s;
-        int ret=-1;
-        s = DSA_SIG_new();
-        if (s == NULL) return(ret);
-        if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
-        ret=DSA_do_verify(dgst,dgst_len,s,dsa);
-err:
-        DSA_SIG_free(s);
-        return(ret);
-        }