1 files changed, 33 insertions, 0 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 0be4ec7fb0..b6f6037ae0 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -77,6 +77,14 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
        const unsigned char *s = NULL;
        X509_ALGOR algor;
        ASN1_OCTET_STRING digest;
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+                {
+                RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD);
+                return 0;
+                }
+#endif
        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
                {
                return rsa->meth->rsa_sign(type, m, m_len,
@@ -153,6 +161,15 @@ int int_rsa_verify(int dtype, const unsigned char *m,
        unsigned char *s;
        X509_SIG *sig=NULL;
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+                {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD);
+                return 0;
+                }
+#endif
        if (siglen != (unsigned int)RSA_size(rsa))
                {
                RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
@@ -182,6 +199,22 @@ int int_rsa_verify(int dtype, const unsigned char *m,
        i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
        if (i <= 0) goto err;
+        /* Oddball MDC2 case: signature can be OCTET STRING.
+         * check for correct tag and length octets.
+         */
+        if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10)
+                {
+                if (rm)
+                        {
+                        memcpy(rm, s + 2, 16);
+                        *prm_len = 16;
+                        ret = 1;
+                        }
+                else if(memcmp(m, s + 2, 16))
+                        RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                else
+                        ret = 1;
+                }
        /* Special case: SSL signature */
        if(dtype == NID_md5_sha1) {

diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c index 0be4ec7fb0..b6f6037ae0 100644 --- a/src/lib/libcrypto/rsa/rsa_sign.c +++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -77,6 +77,14 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
77	const unsigned char *s = NULL;	77	const unsigned char *s = NULL;
78	X509_ALGOR algor;	78	X509_ALGOR algor;
79	ASN1_OCTET_STRING digest;	79	ASN1_OCTET_STRING digest;
		80	#ifdef OPENSSL_FIPS
		81	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
		82	&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
		83	{
		84	RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD);
		85	return 0;
		86	}
		87	#endif
80	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)	88	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
81	{	89	{
82	return rsa->meth->rsa_sign(type, m, m_len,	90	return rsa->meth->rsa_sign(type, m, m_len,
@@ -153,6 +161,15 @@ int int_rsa_verify(int dtype, const unsigned char *m,
153	unsigned char *s;	161	unsigned char *s;
154	X509_SIG *sig=NULL;	162	X509_SIG *sig=NULL;
155		163
		164	#ifdef OPENSSL_FIPS
		165	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
		166	&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
		167	{
		168	RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD);
		169	return 0;
		170	}
		171	#endif
		172
156	if (siglen != (unsigned int)RSA_size(rsa))	173	if (siglen != (unsigned int)RSA_size(rsa))
157	{	174	{
158	RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);	175	RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
@@ -182,6 +199,22 @@ int int_rsa_verify(int dtype, const unsigned char *m,
182	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);	199	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
183		200
184	if (i <= 0) goto err;	201	if (i <= 0) goto err;
		202	/* Oddball MDC2 case: signature can be OCTET STRING.
		203	* check for correct tag and length octets.
		204	*/
		205	if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10)
		206	{
		207	if (rm)
		208	{
		209	memcpy(rm, s + 2, 16);
		210	*prm_len = 16;
		211	ret = 1;
		212	}
		213	else if(memcmp(m, s + 2, 16))
		214	RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
		215	else
		216	ret = 1;
		217	}
185		218
186	/* Special case: SSL signature */	219	/* Special case: SSL signature */
187	if(dtype == NID_md5_sha1) {	220	if(dtype == NID_md5_sha1) {