1 files changed, 1 insertions, 92 deletions
diff --git a/src/lib/libssl/src/fips/rsa/fips_rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
index 90aaa2f095..767f7ab682 100644
--- a/src/lib/libssl/src/fips/rsa/fips_rsa_gen.c
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -64,81 +64,9 @@
 #include <stdio.h>
 #include <time.h>
-#include <string.h>
+#include "cryptlib.h"
-#include <openssl/crypto.h>
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/fips.h>
-#include "fips_locl.h"
-#ifdef OPENSSL_FIPS
-static int fips_rsa_pairwise_fail = 0;
-void FIPS_corrupt_rsa_keygen(void)
-        {
-        fips_rsa_pairwise_fail = 1;
-        }
-int fips_check_rsa(RSA *rsa)
-        {
-        const unsigned char tbs[] = "RSA Pairwise Check Data";
-        unsigned char *ctbuf = NULL, *ptbuf = NULL;
-        int len, ret = 0;
-        EVP_PKEY pk;
-        pk.type = EVP_PKEY_RSA;
-        pk.pkey.rsa = rsa;
-        /* Perform pairwise consistency signature test */
-        if (!fips_pkey_signature_test(&pk, tbs, -1,
-                        NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
-                || !fips_pkey_signature_test(&pk, tbs, -1,
-                        NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, NULL)
-                || !fips_pkey_signature_test(&pk, tbs, -1,
-                        NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, NULL))
-                goto err;
-        /* Now perform pairwise consistency encrypt/decrypt test */
-        ctbuf = OPENSSL_malloc(RSA_size(rsa));
-        if (!ctbuf)
-                goto err;
-        len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING);
-        if (len <= 0)
-                goto err;
-        /* Check ciphertext doesn't match plaintext */
-        if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
-                goto err;
-        ptbuf = OPENSSL_malloc(RSA_size(rsa));
-        if (!ptbuf)
-                goto err;
-        len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
-        if (len != (sizeof(tbs) - 1))
-                goto err;
-        if (memcmp(ptbuf, tbs, len))
-                goto err;
-        ret = 1;
-        if (!ptbuf)
-                goto err;
-        
-        err:
-        if (ret == 0)
-                {
-                fips_set_selftest_fail();
-                FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
-                }
-        if (ctbuf)
-                OPENSSL_free(ctbuf);
-        if (ptbuf)
-                OPENSSL_free(ptbuf);
-        return ret;
-        }
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
@@ -162,18 +90,6 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
        int bitsp,bitsq,ok= -1,n=0;
        BN_CTX *ctx=NULL;
-        if(FIPS_selftest_failed())
-            {
-            FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED);
-            return 0;
-            }
-        if (FIPS_mode() && (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
-            {
-            FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
-            return 0;
-            }
        ctx=BN_CTX_new();
        if (ctx == NULL) goto err;
        BN_CTX_start(ctx);
@@ -285,12 +201,6 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
                p = rsa->p;
        if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
-        if (fips_rsa_pairwise_fail)
-                BN_add_word(rsa->n, 1);
-        if(!fips_check_rsa(rsa))
-            goto err;
        ok=1;
 err:
        if (ok == -1)
@@ -307,4 +217,3 @@ err:
        return ok;
        }
-#endif

diff --git a/src/lib/libssl/src/fips/rsa/fips_rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c index 90aaa2f095..767f7ab682 100644 --- a/src/lib/libssl/src/fips/rsa/fips_rsa_gen.c +++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -64,81 +64,9 @@
64		64
65	#include <stdio.h>	65	#include <stdio.h>
66	#include <time.h>	66	#include <time.h>
67	#include <string.h>	67	#include "cryptlib.h"
68	#include <openssl/crypto.h>
69	#include <openssl/bn.h>	68	#include <openssl/bn.h>
70	#include <openssl/rsa.h>	69	#include <openssl/rsa.h>
71	#include <openssl/err.h>
72	#include <openssl/evp.h>
73	#include <openssl/fips.h>
74	#include "fips_locl.h"
75
76	#ifdef OPENSSL_FIPS
77
78	static int fips_rsa_pairwise_fail = 0;
79
80	void FIPS_corrupt_rsa_keygen(void)
81	{
82	fips_rsa_pairwise_fail = 1;
83	}
84
85	int fips_check_rsa(RSA *rsa)
86	{
87	const unsigned char tbs[] = "RSA Pairwise Check Data";
88	unsigned char ctbuf = NULL, ptbuf = NULL;
89	int len, ret = 0;
90	EVP_PKEY pk;
91	pk.type = EVP_PKEY_RSA;
92	pk.pkey.rsa = rsa;
93
94	/* Perform pairwise consistency signature test */
95	if (!fips_pkey_signature_test(&pk, tbs, -1,
96	NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
97	\|\| !fips_pkey_signature_test(&pk, tbs, -1,
98	NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, NULL)
99	\|\| !fips_pkey_signature_test(&pk, tbs, -1,
100	NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, NULL))
101	goto err;
102	/* Now perform pairwise consistency encrypt/decrypt test */
103	ctbuf = OPENSSL_malloc(RSA_size(rsa));
104	if (!ctbuf)
105	goto err;
106
107	len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING);
108	if (len <= 0)
109	goto err;
110	/* Check ciphertext doesn't match plaintext */
111	if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
112	goto err;
113	ptbuf = OPENSSL_malloc(RSA_size(rsa));
114
115	if (!ptbuf)
116	goto err;
117	len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
118	if (len != (sizeof(tbs) - 1))
119	goto err;
120	if (memcmp(ptbuf, tbs, len))
121	goto err;
122
123	ret = 1;
124
125	if (!ptbuf)
126	goto err;
127
128	err:
129	if (ret == 0)
130	{
131	fips_set_selftest_fail();
132	FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
133	}
134
135	if (ctbuf)
136	OPENSSL_free(ctbuf);
137	if (ptbuf)
138	OPENSSL_free(ptbuf);
139
140	return ret;
141	}
142		70
143	static int rsa_builtin_keygen(RSA rsa, int bits, BIGNUM e_value, BN_GENCB *cb);	71	static int rsa_builtin_keygen(RSA rsa, int bits, BIGNUM e_value, BN_GENCB *cb);
144		72
@@ -162,18 +90,6 @@ static int rsa_builtin_keygen(RSA rsa, int bits, BIGNUM e_value, BN_GENCB *cb)
162	int bitsp,bitsq,ok= -1,n=0;	90	int bitsp,bitsq,ok= -1,n=0;
163	BN_CTX *ctx=NULL;	91	BN_CTX *ctx=NULL;
164		92
165	if(FIPS_selftest_failed())
166	{
167	FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED);
168	return 0;
169	}
170
171	if (FIPS_mode() && (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
172	{
173	FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
174	return 0;
175	}
176
177	ctx=BN_CTX_new();	93	ctx=BN_CTX_new();
178	if (ctx == NULL) goto err;	94	if (ctx == NULL) goto err;
179	BN_CTX_start(ctx);	95	BN_CTX_start(ctx);
@@ -285,12 +201,6 @@ static int rsa_builtin_keygen(RSA rsa, int bits, BIGNUM e_value, BN_GENCB *cb)
285	p = rsa->p;	201	p = rsa->p;
286	if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;	202	if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
287		203
288	if (fips_rsa_pairwise_fail)
289	BN_add_word(rsa->n, 1);
290
291	if(!fips_check_rsa(rsa))
292	goto err;
293
294	ok=1;	204	ok=1;
295	err:	205	err:
296	if (ok == -1)	206	if (ok == -1)
@@ -307,4 +217,3 @@ err:
307	return ok;	217	return ok;
308	}	218	}
309		219
310	#endif