Remove ASN1 library (and other) dependencies from fipscanister.o

CHANGES

@@ -4,7 +4,11 @@
 
  Changes between 0.9.7l and 0.9.7m-fips2 [xx XXX xxxx]
 
-  *) 
+  *) New version of RSA_{sign,verify} for FIPS code. This uses pregenerated
+     DigestInfo encodings and thus avoids all ASN1 library dependencies. Update
+     FIPS digests to use new functions. Remove large numbers of obsolete 
+     dependencies from fipscanister.o
+     [Steve Henson]
 
  Changes between 0.9.7l and 0.9.7m  [xx XXX xxxx]
 

crypto/evp/m_sha1.c

@@ -63,6 +63,9 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
+#define EVP_PKEY_RSA_fips_method	FIPS_rsa_sign,FIPS_rsa_verify, \
+				{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
+
 static int init(EVP_MD_CTX *ctx)
 	{ return SHA1_Init(ctx->md_data); }
 
@@ -90,7 +93,11 @@ static const EVP_MD sha1_md=
 	final,
 	NULL,
 	NULL,
+#ifdef OPENSSL_FIPS
+	EVP_PKEY_RSA_fips_method,
+#else
 	EVP_PKEY_RSA_method,
+#endif
 	SHA_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
@@ -131,7 +138,7 @@ static const EVP_MD sha224_md=
 	final256,
 	NULL,
 	NULL,
-	EVP_PKEY_RSA_method,
+	EVP_PKEY_RSA_fips_method,
 	SHA256_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(SHA256_CTX),
 	};
@@ -150,7 +157,7 @@ static const EVP_MD sha256_md=
 	final256,
 	NULL,
 	NULL,
-	EVP_PKEY_RSA_method,
+	EVP_PKEY_RSA_fips_method,
 	SHA256_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(SHA256_CTX),
 	};
@@ -184,7 +191,7 @@ static const EVP_MD sha384_md=
 	final512,
 	NULL,
 	NULL,
-	EVP_PKEY_RSA_method,
+	EVP_PKEY_RSA_fips_method,
 	SHA512_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(SHA512_CTX),
 	};
@@ -203,7 +210,7 @@ static const EVP_MD sha512_md=
 	final512,
 	NULL,
 	NULL,
-	EVP_PKEY_RSA_method,
+	EVP_PKEY_RSA_fips_method,
 	SHA512_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(SHA512_CTX),
 	};

crypto/rsa/rsa.h

@@ -276,6 +276,13 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
 int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
 	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 
+#ifdef OPENSSL_FIPS
+int FIPS_rsa_sign(int type, const unsigned char *m, unsigned int m_length,
+	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+int FIPS_rsa_verify(int type, const unsigned char *m, unsigned int m_length,
+	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+#endif
+
 /* The following 2 function sign and verify a ASN1_OCTET_STRING
  * object inside PKCS#1 padded RSA encryption */
 int RSA_sign_ASN1_OCTET_STRING(int type,

fips-1.0/Makefile

@@ -226,27 +226,6 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \
 	../crypto/aes/aes_cfb.o \
 	../crypto/aes/aes_ecb.o \
 	../crypto/aes/aes_ofb.o \
-	../crypto/asn1/a_bitstr.o \
-	../crypto/asn1/a_bytes.o \
-	../crypto/asn1/a_dup.o \
-	../crypto/asn1/a_int.o \
-	../crypto/asn1/a_object.o \
-	../crypto/asn1/asn1_err.o \
-	../crypto/asn1/asn1_lib.o \
-	../crypto/asn1/a_type.o \
-	../crypto/asn1/evp_asn1.o \
-	../crypto/asn1/tasn_dec.o \
-	../crypto/asn1/tasn_enc.o \
-	../crypto/asn1/tasn_fre.o \
-	../crypto/asn1/tasn_new.o \
-	../crypto/asn1/tasn_typ.o \
-	../crypto/asn1/tasn_utl.o \
-	../crypto/asn1/t_pkey.o \
-	../crypto/asn1/x_algor.o \
-	../crypto/asn1/x_bignum.o \
-	../crypto/asn1/x_long.o \
-	../crypto/asn1/x_sig.o \
-	../crypto/bio/bio_err.o \
 	../crypto/bio/bio_lib.o \
 	../crypto/bio/b_print.o \
 	../crypto/bio/bss_file.o \
@@ -254,7 +233,6 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \
 	../crypto/bn/bn_blind.o \
 	../crypto/bn/bn_ctx.o \
 	../crypto/bn/bn_div.o \
-	../crypto/bn/bn_err.o \
 	../crypto/bn/bn_exp2.o \
 	../crypto/bn/bn_exp.o \
 	../crypto/bn/bn_gcd.o \
@@ -270,10 +248,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \
 	../crypto/bn/bn_sqr.o \
 	../crypto/bn/bn_word.o \
 	../crypto/bn/bn_x931p.o \
-	../crypto/buffer/buf_err.o \
 	../crypto/buffer/buffer.o \
-	../crypto/conf/conf_err.o \
-	../crypto/cpt_err.o \
 	../crypto/cryptlib.o \
 	../crypto/des/cfb64ede.o \
 	../crypto/des/cfb64enc.o \
@@ -283,38 +258,23 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \
 	../crypto/des/ecb_enc.o \
 	../crypto/des/ofb64ede.o \
 	../crypto/des/ofb64enc.o \
-	../crypto/dh/dh_err.o \
 	../crypto/dh/dh_lib.o \
-	../crypto/dsa/dsa_asn1.o \
-	../crypto/dsa/dsa_err.o \
 	../crypto/dsa/dsa_lib.o \
 	../crypto/dsa/dsa_sign.o \
 	../crypto/dsa/dsa_vrf.o \
-	../crypto/dso/dso_err.o \
-	../crypto/ec/ec_err.o \
-	../crypto/engine/eng_err.o \
 	../crypto/engine/eng_init.o \
 	../crypto/engine/eng_lib.o \
 	../crypto/engine/eng_list.o \
 	../crypto/engine/eng_table.o \
-	../crypto/engine/tb_cipher.o \
 	../crypto/engine/tb_dh.o \
 	../crypto/engine/tb_digest.o \
 	../crypto/engine/tb_dsa.o \
 	../crypto/engine/tb_rand.o \
 	../crypto/engine/tb_rsa.o \
-	../crypto/err/err_all.o \
 	../crypto/err/err.o \
 	../crypto/err/err_prn.o \
 	../crypto/evp/digest.o \
-	../crypto/evp/e_aes.o \
-	../crypto/evp/e_des3.o \
-	../crypto/evp/e_des.o \
-	../crypto/evp/evp_enc.o \
-	../crypto/evp/evp_err.o \
-	../crypto/evp/evp_lib.o \
 	../crypto/evp/m_sha1.o \
-	../crypto/evp/p_lib.o \
 	../crypto/evp/p_sign.o \
 	../crypto/evp/p_verify.o \
 	../crypto/ex_data.o \
@@ -322,36 +282,23 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \
 	../crypto/mem_clr.o \
 	../crypto/mem_dbg.o \
 	../crypto/mem.o \
-	../crypto/objects/obj_dat.o \
-	../crypto/objects/obj_err.o \
-	../crypto/objects/obj_lib.o \
-	../crypto/ocsp/ocsp_err.o \
-	../crypto/pem/pem_err.o \
-	../crypto/pkcs12/pk12err.o \
-	../crypto/pkcs7/pkcs7err.o \
 	../crypto/rand/md_rand.o \
 	../crypto/rand/rand_egd.o \
-	../crypto/rand/rand_err.o \
 	../crypto/rand/randfile.o \
 	../crypto/rand/rand_lib.o \
 	../crypto/rand/rand_os2.o \
 	../crypto/rand/rand_unix.o \
 	../crypto/rand/rand_win.o \
-	../crypto/rsa/rsa_err.o \
 	../crypto/rsa/rsa_lib.o \
 	../crypto/rsa/rsa_none.o \
 	../crypto/rsa/rsa_oaep.o \
 	../crypto/rsa/rsa_pk1.o \
 	../crypto/rsa/rsa_pss.o \
-	../crypto/rsa/rsa_sign.o \
 	../crypto/rsa/rsa_ssl.o \
 	../crypto/rsa/rsa_x931.o \
 	../crypto/stack/stack.o \
 	../crypto/uid.o \
-	../crypto/ui/ui_err.o \
-	../crypto/x509v3/v3err.o \
-	../crypto/x509v3/v3_hex.o \
-	../crypto/x509/x509_err.o 
+	../crypto/x509v3/v3_hex.o
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 

fips-1.0/rsa/Makefile

@@ -22,8 +22,10 @@ TEST= fips_rsavtest.c fips_rsastest.c fips_rsagtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_rsa_eay.c fips_rsa_gen.c fips_rsa_selftest.c fips_rsa_x931g.c
-LIBOBJ=fips_rsa_eay.o fips_rsa_gen.o fips_rsa_selftest.o fips_rsa_x931g.o
+LIBSRC=fips_rsa_eay.c fips_rsa_gen.c fips_rsa_selftest.c fips_rsa_x931g.c \
+	fips_rsa_sign.c
+LIBOBJ=fips_rsa_eay.o fips_rsa_gen.o fips_rsa_selftest.o fips_rsa_x931g.o \
+	fips_rsa_sign.o
 
 SRC= $(LIBSRC)
 

fips-1.0/rsa/fips_rsa_sign.c

@@ -0,0 +1,231 @@
+/* fips_rsa_sign.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+#include <openssl/err.h>
+
+/* FIPS versions of RSA_sign() and RSA_verify().
+ * These will only have to deal with SHA* signatures and by including
+ * pregenerated encodings all ASN1 dependencies can be avoided
+ */
+
+static const unsigned char sha1_bin[] = {
+  0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
+  0x00, 0x04, 0x14
+};
+
+static const unsigned char sha224_bin[] = {
+  0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c
+};
+
+static const unsigned char sha256_bin[] = {
+  0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
+};
+
+static const unsigned char sha384_bin[] = {
+  0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30
+};
+
+static const unsigned char sha512_bin[] = {
+  0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
+};
+
+
+static const unsigned char *fips_digestinfo_encoding(int nid, unsigned int *len)
+	{
+	switch (nid)
+		{
+
+		case NID_sha1:
+		*len = sizeof(sha1_bin);
+		return sha1_bin;
+
+		case NID_sha224:
+		*len = sizeof(sha224_bin);
+		return sha224_bin;
+
+		case NID_sha256:
+		*len = sizeof(sha256_bin);
+		return sha256_bin;
+
+		case NID_sha384:
+		*len = sizeof(sha384_bin);
+		return sha384_bin;
+
+		case NID_sha512:
+		*len = sizeof(sha512_bin);
+		return sha512_bin;
+
+		default:
+		return NULL;
+
+		}
+	}
+
+int FIPS_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
+	     unsigned char *sigret, unsigned int *siglen, RSA *rsa)
+	{
+	int i,j,ret=1;
+	unsigned int dlen;
+	const unsigned char *der;
+	/* Largest DigestInfo: 19 (max encoding) + max MD */
+	unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
+	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
+		{
+		return rsa->meth->rsa_sign(type, m, m_len,
+			sigret, siglen, rsa);
+		}
+
+	if(m_len > EVP_MAX_MD_SIZE)
+		{
+		RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH);
+		return 0;
+		}
+
+	der = fips_digestinfo_encoding(type, &dlen);
+	
+	if (!der)
+		{
+		RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+		return(0);
+		}
+	memcpy(tmpdinfo, der, dlen);
+	memcpy(tmpdinfo + dlen, m, m_len);
+
+	i = dlen + m_len;
+
+	j=RSA_size(rsa);
+	if (i > (j-RSA_PKCS1_PADDING_SIZE))
+		{
+		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+		return(0);
+		}
+	j=RSA_private_encrypt(i,tmpdinfo,sigret,rsa,RSA_PKCS1_PADDING);
+	if (j <= 0)
+		ret=0;
+	else
+		*siglen=j;
+
+	OPENSSL_cleanse(tmpdinfo,i);
+	return(ret);
+	}
+
+int FIPS_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
+	     unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
+	{
+	int i,ret=0;
+	unsigned int dlen;
+	unsigned char *s;
+	const unsigned char *der;
+
+	if (siglen != (unsigned int)RSA_size(rsa))
+		{
+		RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
+		return(0);
+		}
+
+	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
+		{
+		return rsa->meth->rsa_verify(dtype, m, m_len,
+			sigbuf, siglen, rsa);
+		}
+
+	s= OPENSSL_malloc((unsigned int)siglen);
+	if (s == NULL)
+		{
+		RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
+
+	if (i <= 0) goto err;
+
+	der = fips_digestinfo_encoding(dtype, &dlen);
+	
+	if (!der)
+		{
+		RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+		return(0);
+		}
+
+	/* Compare, DigestInfo length, DigestInfo header and finally
+	 * digest value itself
+	 */
+	if ((i != (dlen + m_len)) || memcmp(der, s, dlen)
+		|| memcmp(s + dlen, m, m_len))
+		{
+		RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+		goto err;
+		}
+	else
+		ret = 1;
+err:
+	if (s != NULL)
+		{
+		OPENSSL_cleanse(s, siglen);
+		OPENSSL_free(s);
+		}
+	return(ret);
+	}