Reflect latest FIPS updates, including 186-5.

Change-Id: Iaa166136b4b7700e59c3a7643ec1b4aacf43c647
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66747
Auto-Submit: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/fipsmodule/ec/ec_key.c b/crypto/fipsmodule/ec/ec_key.c
index 3b650d7..8cdb5c3 100644
--- a/crypto/fipsmodule/ec/ec_key.c
+++ b/crypto/fipsmodule/ec/ec_key.c
@@ -521,6 +521,11 @@
 }
 
 int EC_KEY_generate_key_fips(EC_KEY *eckey) {
+  if (eckey == NULL || eckey->group == NULL) {
+    OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
+    return 0;
+  }
+
   boringssl_ensure_ecc_self_test();
 
   if (EC_KEY_generate_key(eckey) && EC_KEY_check_fips(eckey)) {
diff --git a/crypto/fipsmodule/rsa/rsa_impl.c b/crypto/fipsmodule/rsa/rsa_impl.c
index 099bc02..b8fbbdc 100644
--- a/crypto/fipsmodule/rsa/rsa_impl.c
+++ b/crypto/fipsmodule/rsa/rsa_impl.c
@@ -1250,6 +1250,11 @@
                                           int check_fips) {
   boringssl_ensure_rsa_self_test();
 
+  if (rsa == NULL) {
+    OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
+    return 0;
+  }
+
   RSA *tmp = NULL;
   uint32_t err;
   int ret = 0;
diff --git a/crypto/fipsmodule/service_indicator/service_indicator.c b/crypto/fipsmodule/service_indicator/service_indicator.c
index 64325be..cad355d 100644
--- a/crypto/fipsmodule/service_indicator/service_indicator.c
+++ b/crypto/fipsmodule/service_indicator/service_indicator.c
@@ -171,7 +171,6 @@
 // type is FIPS approved for verifying, and zero otherwise.
 static int is_md_fips_approved_for_verifying(int md_type) {
   switch (md_type) {
-    case NID_sha1:
     case NID_sha224:
     case NID_sha256:
     case NID_sha384:
@@ -184,7 +183,6 @@
 }
 
 static void evp_md_ctx_verify_service_indicator(const EVP_MD_CTX *ctx,
-                                                int rsa_1024_ok,
                                                 int (*md_ok)(int md_type)) {
   if (EVP_MD_CTX_md(ctx) == NULL) {
     // Signature schemes without a prehash are currently never FIPS approved.
@@ -232,8 +230,7 @@
 
     // Check if the MD type and the RSA key size are approved.
     if (md_ok(md_type) &&
-        ((rsa_1024_ok && pkey_size == 128) || pkey_size == 256 ||
-         pkey_size == 384 || pkey_size == 512)) {
+        (pkey_size == 256 || pkey_size == 384 || pkey_size == 512)) {
       FIPS_service_indicator_update_state();
     }
   } else if (pkey_type == EVP_PKEY_EC) {
@@ -280,12 +277,12 @@
 }
 
 void EVP_DigestVerify_verify_service_indicator(const EVP_MD_CTX *ctx) {
-  return evp_md_ctx_verify_service_indicator(ctx, /*rsa_1024_ok=*/1,
+  return evp_md_ctx_verify_service_indicator(ctx,
                                              is_md_fips_approved_for_verifying);
 }
 
 void EVP_DigestSign_verify_service_indicator(const EVP_MD_CTX *ctx) {
-  return evp_md_ctx_verify_service_indicator(ctx, /*rsa_1024_ok=*/0,
+  return evp_md_ctx_verify_service_indicator(ctx,
                                              is_md_fips_approved_for_signing);
 }
 
diff --git a/crypto/fipsmodule/service_indicator/service_indicator_test.cc b/crypto/fipsmodule/service_indicator/service_indicator_test.cc
index 9eac62e..a3f06eb 100644
--- a/crypto/fipsmodule/service_indicator/service_indicator_test.cc
+++ b/crypto/fipsmodule/service_indicator/service_indicator_test.cc
@@ -1127,43 +1127,43 @@
      FIPSStatus::NOT_APPROVED},
     {4096, &EVP_md5, false, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
 
-    // RSA test cases that are approved.
-    {1024, &EVP_sha1, false, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
-    {1024, &EVP_sha256, false, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
-    {1024, &EVP_sha512, false, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
-    {1024, &EVP_sha1, true, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
-    {1024, &EVP_sha256, true, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
+    // RSA 1024 is not approved under FIPS 186-5.
+    {1024, &EVP_sha1, false, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
+    {1024, &EVP_sha256, false, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
+    {1024, &EVP_sha512, false, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
+    {1024, &EVP_sha1, true, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
+    {1024, &EVP_sha256, true, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
     // PSS with hashLen == saltLen is not possible for 1024-bit modulus and
     // SHA-512.
 
-    {2048, &EVP_sha1, false, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
+    {2048, &EVP_sha1, false, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
     {2048, &EVP_sha224, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {2048, &EVP_sha256, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {2048, &EVP_sha384, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {2048, &EVP_sha512, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
-    {2048, &EVP_sha1, true, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
+    {2048, &EVP_sha1, true, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
     {2048, &EVP_sha224, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {2048, &EVP_sha256, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {2048, &EVP_sha384, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {2048, &EVP_sha512, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
 
-    {3072, &EVP_sha1, false, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
+    {3072, &EVP_sha1, false, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
     {3072, &EVP_sha224, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {3072, &EVP_sha256, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {3072, &EVP_sha384, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {3072, &EVP_sha512, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
-    {3072, &EVP_sha1, true, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
+    {3072, &EVP_sha1, true, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
     {3072, &EVP_sha224, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {3072, &EVP_sha256, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {3072, &EVP_sha384, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {3072, &EVP_sha512, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
 
-    {4096, &EVP_sha1, false, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
+    {4096, &EVP_sha1, false, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
     {4096, &EVP_sha224, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {4096, &EVP_sha256, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {4096, &EVP_sha384, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {4096, &EVP_sha512, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
-    {4096, &EVP_sha1, true, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
+    {4096, &EVP_sha1, true, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
     {4096, &EVP_sha224, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {4096, &EVP_sha256, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {4096, &EVP_sha384, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
@@ -1359,7 +1359,7 @@
   int nid;
   // md_func is the digest to test.
   const EVP_MD *(*func)();
-  // expected to be approved or not for signature generation.
+  // expected to be approved or not for key generation.
   FIPSStatus key_check_expect_approved;
   // expected to be approved or not for signature generation.
   FIPSStatus sig_gen_expect_approved;
@@ -1372,7 +1372,7 @@
     // |EC_GROUP_new_by_curve_name|, and |NID_secp256k1| will only work if
     // |kCurveSecp256k1Supported| is true.
     {NID_secp224r1, &EVP_sha1, FIPSStatus::APPROVED, FIPSStatus::NOT_APPROVED,
-     FIPSStatus::APPROVED},
+     FIPSStatus::NOT_APPROVED},
     {NID_secp224r1, &EVP_sha224, FIPSStatus::APPROVED, FIPSStatus::APPROVED,
      FIPSStatus::APPROVED},
     {NID_secp224r1, &EVP_sha256, FIPSStatus::APPROVED, FIPSStatus::APPROVED,
@@ -1383,7 +1383,7 @@
      FIPSStatus::APPROVED},
 
     {NID_X9_62_prime256v1, &EVP_sha1, FIPSStatus::APPROVED,
-     FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
+     FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
     {NID_X9_62_prime256v1, &EVP_sha224, FIPSStatus::APPROVED,
      FIPSStatus::APPROVED, FIPSStatus::APPROVED},
     {NID_X9_62_prime256v1, &EVP_sha256, FIPSStatus::APPROVED,
@@ -1394,7 +1394,7 @@
      FIPSStatus::APPROVED, FIPSStatus::APPROVED},
 
     {NID_secp384r1, &EVP_sha1, FIPSStatus::APPROVED, FIPSStatus::NOT_APPROVED,
-     FIPSStatus::APPROVED},
+     FIPSStatus::NOT_APPROVED},
     {NID_secp384r1, &EVP_sha224, FIPSStatus::APPROVED, FIPSStatus::APPROVED,
      FIPSStatus::APPROVED},
     {NID_secp384r1, &EVP_sha256, FIPSStatus::APPROVED, FIPSStatus::APPROVED,
@@ -1405,7 +1405,7 @@
      FIPSStatus::APPROVED},
 
     {NID_secp521r1, &EVP_sha1, FIPSStatus::APPROVED, FIPSStatus::NOT_APPROVED,
-     FIPSStatus::APPROVED},
+     FIPSStatus::NOT_APPROVED},
     {NID_secp521r1, &EVP_sha224, FIPSStatus::APPROVED, FIPSStatus::APPROVED,
      FIPSStatus::APPROVED},
     {NID_secp521r1, &EVP_sha256, FIPSStatus::APPROVED, FIPSStatus::APPROVED,
diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
index b66f2ac..dd17f56 100644
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -550,7 +550,6 @@
             "P-521"
           ],
           "hashAlg": [
-            "SHA-1",
             "SHA2-224",
             "SHA2-256",
             "SHA2-384",
@@ -562,7 +561,7 @@
       {
         "algorithm": "RSA",
         "mode": "keyGen",
-        "revision": "FIPS186-4",
+        "revision": "FIPS186-5",
         "infoGeneratedByServer": true,
         "pubExpMode": "fixed",
         "fixedPubExp": "010001",
@@ -590,7 +589,7 @@
       {
         "algorithm": "RSA",
         "mode": "sigGen",
-        "revision": "FIPS186-4",
+        "revision": "FIPS186-5",
         "capabilities": [{
           "sigType": "pkcs1v1.5",
           "properties": [{
@@ -701,28 +700,12 @@
       {
         "algorithm": "RSA",
         "mode": "sigVer",
-        "revision": "FIPS186-4",
+        "revision": "FIPS186-5",
         "pubExpMode": "fixed",
         "fixedPubExp": "010001",
         "capabilities": [{
           "sigType": "pkcs1v1.5",
           "properties": [{
-            "modulo": 1024,
-            "hashPair": [{
-              "hashAlg": "SHA2-224"
-            }, {
-              "hashAlg": "SHA2-256"
-            }, {
-              "hashAlg": "SHA2-384"
-            }, {
-              "hashAlg": "SHA2-512"
-            }, {
-              "hashAlg": "SHA-1"
-            }]
-          }]
-        },{
-          "sigType": "pkcs1v1.5",
-          "properties": [{
             "modulo": 2048,
             "hashPair": [{
               "hashAlg": "SHA2-224"
@@ -732,8 +715,6 @@
               "hashAlg": "SHA2-384"
             }, {
               "hashAlg": "SHA2-512"
-            }, {
-              "hashAlg": "SHA-1"
             }]
           }]
         },{
@@ -748,8 +729,6 @@
               "hashAlg": "SHA2-384"
             }, {
               "hashAlg": "SHA2-512"
-            }, {
-              "hashAlg": "SHA-1"
             }]
           }]
         },{
@@ -764,29 +743,6 @@
               "hashAlg": "SHA2-384"
             }, {
               "hashAlg": "SHA2-512"
-            }, {
-              "hashAlg": "SHA-1"
-            }]
-          }]
-        },{
-          "sigType": "pss",
-          "properties": [{
-            "modulo": 1024,
-            "hashPair": [{
-              "hashAlg": "SHA2-224",
-              "saltLen": 28
-            }, {
-              "hashAlg": "SHA2-256",
-              "saltLen": 32
-            }, {
-              "hashAlg": "SHA2-384",
-              "saltLen": 48
-            }, {
-              "hashAlg": "SHA2-512/256",
-              "saltLen": 32
-            }, {
-              "hashAlg": "SHA-1",
-              "saltLen": 20
             }]
           }]
         },{
@@ -808,9 +764,6 @@
             }, {
               "hashAlg": "SHA2-512/256",
               "saltLen": 32
-            }, {
-              "hashAlg": "SHA-1",
-              "saltLen": 20
             }]
           }]
         },{
@@ -832,9 +785,6 @@
             }, {
               "hashAlg": "SHA2-512/256",
               "saltLen": 32
-            }, {
-              "hashAlg": "SHA-1",
-              "saltLen": 20
             }]
           }]
         },{
@@ -856,9 +806,6 @@
             }, {
               "hashAlg": "SHA2-512/256",
               "saltLen": 32
-            }, {
-              "hashAlg": "SHA-1",
-              "saltLen": 20
             }]
           }]
         }]
diff --git a/util/fipstools/test_fips.c b/util/fipstools/test_fips.c
index 13b8d7d..bd0ec46 100644
--- a/util/fipstools/test_fips.c
+++ b/util/fipstools/test_fips.c
@@ -26,6 +26,7 @@
 #include <openssl/dh.h>
 #include <openssl/ec_key.h>
 #include <openssl/ecdsa.h>
+#include <openssl/err.h>
 #include <openssl/hkdf.h>
 #include <openssl/hmac.h>
 #include <openssl/nid.h>
@@ -54,7 +55,8 @@
     printf("No module version set\n");
     goto err;
   }
-  printf("Module version: %" PRIu32 "\n", module_version);
+  printf("Module: '%s', version: %" PRIu32 "\n", FIPS_module_name(),
+         module_version);
 
   static const uint8_t kAESKey[16] = "BoringCrypto Key";
   static const uint8_t kPlaintext[64] =
@@ -216,6 +218,18 @@
 
   RSA_free(rsa_key);
 
+  /* Generating a key with a null output parameter. */
+  printf("About to generate RSA key with null output\n");
+  if (!RSA_generate_key_fips(NULL, 2048, NULL)) {
+    printf("RSA_generate_key_fips failed with null output parameter\n");
+    ERR_clear_error();
+  } else {
+    printf(
+        "RSA_generate_key_fips unexpectedly succeeded with null output "
+        "parameter\n");
+    goto err;
+  }
+
   EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
   if (ec_key == NULL) {
     printf("invalid ECDSA key\n");
@@ -261,6 +275,30 @@
   ECDSA_SIG_free(sig);
   EC_KEY_free(ec_key);
 
+  /* Generating a key with a null output pointer. */
+  printf("About to generate P-256 key with NULL output\n");
+  if (!EC_KEY_generate_key_fips(NULL)) {
+    printf("EC_KEY_generate_key_fips failed with a NULL output pointer.\n");
+    ERR_clear_error();
+  } else {
+    printf(
+        "EC_KEY_generate_key_fips unexpectedly succeeded with a NULL output "
+        "pointer.\n");
+    goto err;
+  }
+
+  /* ECDSA with an invalid public key. */
+  ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+  static const uint8_t kNotValidX926[] = {1,2,3,4,5,6};
+  if (!EC_KEY_oct2key(ec_key, kNotValidX926, sizeof(kNotValidX926),
+                      /*ctx=*/NULL)) {
+    printf("Error while parsing invalid ECDSA public key");
+  } else {
+    printf("Unexpected success while parsing invalid ECDSA public key");
+    goto err;
+  }
+  EC_KEY_free(ec_key);
+
   /* DBRG */
   CTR_DRBG_STATE drbg;
   printf("About to seed CTR-DRBG with ");