Reflect latest FIPS updates, including 186-5.
Change-Id: Iaa166136b4b7700e59c3a7643ec1b4aacf43c647
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66747
Auto-Submit: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/fipsmodule/ec/ec_key.c b/crypto/fipsmodule/ec/ec_key.c
index 3b650d7..8cdb5c3 100644
--- a/crypto/fipsmodule/ec/ec_key.c
+++ b/crypto/fipsmodule/ec/ec_key.c
@@ -521,6 +521,11 @@
}
int EC_KEY_generate_key_fips(EC_KEY *eckey) {
+ if (eckey == NULL || eckey->group == NULL) {
+ OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
boringssl_ensure_ecc_self_test();
if (EC_KEY_generate_key(eckey) && EC_KEY_check_fips(eckey)) {
diff --git a/crypto/fipsmodule/rsa/rsa_impl.c b/crypto/fipsmodule/rsa/rsa_impl.c
index 099bc02..b8fbbdc 100644
--- a/crypto/fipsmodule/rsa/rsa_impl.c
+++ b/crypto/fipsmodule/rsa/rsa_impl.c
@@ -1250,6 +1250,11 @@
int check_fips) {
boringssl_ensure_rsa_self_test();
+ if (rsa == NULL) {
+ OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
RSA *tmp = NULL;
uint32_t err;
int ret = 0;
diff --git a/crypto/fipsmodule/service_indicator/service_indicator.c b/crypto/fipsmodule/service_indicator/service_indicator.c
index 64325be..cad355d 100644
--- a/crypto/fipsmodule/service_indicator/service_indicator.c
+++ b/crypto/fipsmodule/service_indicator/service_indicator.c
@@ -171,7 +171,6 @@
// type is FIPS approved for verifying, and zero otherwise.
static int is_md_fips_approved_for_verifying(int md_type) {
switch (md_type) {
- case NID_sha1:
case NID_sha224:
case NID_sha256:
case NID_sha384:
@@ -184,7 +183,6 @@
}
static void evp_md_ctx_verify_service_indicator(const EVP_MD_CTX *ctx,
- int rsa_1024_ok,
int (*md_ok)(int md_type)) {
if (EVP_MD_CTX_md(ctx) == NULL) {
// Signature schemes without a prehash are currently never FIPS approved.
@@ -232,8 +230,7 @@
// Check if the MD type and the RSA key size are approved.
if (md_ok(md_type) &&
- ((rsa_1024_ok && pkey_size == 128) || pkey_size == 256 ||
- pkey_size == 384 || pkey_size == 512)) {
+ (pkey_size == 256 || pkey_size == 384 || pkey_size == 512)) {
FIPS_service_indicator_update_state();
}
} else if (pkey_type == EVP_PKEY_EC) {
@@ -280,12 +277,12 @@
}
void EVP_DigestVerify_verify_service_indicator(const EVP_MD_CTX *ctx) {
- return evp_md_ctx_verify_service_indicator(ctx, /*rsa_1024_ok=*/1,
+ return evp_md_ctx_verify_service_indicator(ctx,
is_md_fips_approved_for_verifying);
}
void EVP_DigestSign_verify_service_indicator(const EVP_MD_CTX *ctx) {
- return evp_md_ctx_verify_service_indicator(ctx, /*rsa_1024_ok=*/0,
+ return evp_md_ctx_verify_service_indicator(ctx,
is_md_fips_approved_for_signing);
}
diff --git a/crypto/fipsmodule/service_indicator/service_indicator_test.cc b/crypto/fipsmodule/service_indicator/service_indicator_test.cc
index 9eac62e..a3f06eb 100644
--- a/crypto/fipsmodule/service_indicator/service_indicator_test.cc
+++ b/crypto/fipsmodule/service_indicator/service_indicator_test.cc
@@ -1127,43 +1127,43 @@
FIPSStatus::NOT_APPROVED},
{4096, &EVP_md5, false, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
- // RSA test cases that are approved.
- {1024, &EVP_sha1, false, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
- {1024, &EVP_sha256, false, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
- {1024, &EVP_sha512, false, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
- {1024, &EVP_sha1, true, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
- {1024, &EVP_sha256, true, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
+ // RSA 1024 is not approved under FIPS 186-5.
+ {1024, &EVP_sha1, false, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
+ {1024, &EVP_sha256, false, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
+ {1024, &EVP_sha512, false, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
+ {1024, &EVP_sha1, true, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
+ {1024, &EVP_sha256, true, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
// PSS with hashLen == saltLen is not possible for 1024-bit modulus and
// SHA-512.
- {2048, &EVP_sha1, false, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
+ {2048, &EVP_sha1, false, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
{2048, &EVP_sha224, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{2048, &EVP_sha256, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{2048, &EVP_sha384, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{2048, &EVP_sha512, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
- {2048, &EVP_sha1, true, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
+ {2048, &EVP_sha1, true, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
{2048, &EVP_sha224, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{2048, &EVP_sha256, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{2048, &EVP_sha384, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{2048, &EVP_sha512, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
- {3072, &EVP_sha1, false, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
+ {3072, &EVP_sha1, false, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
{3072, &EVP_sha224, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{3072, &EVP_sha256, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{3072, &EVP_sha384, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{3072, &EVP_sha512, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
- {3072, &EVP_sha1, true, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
+ {3072, &EVP_sha1, true, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
{3072, &EVP_sha224, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{3072, &EVP_sha256, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{3072, &EVP_sha384, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{3072, &EVP_sha512, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
- {4096, &EVP_sha1, false, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
+ {4096, &EVP_sha1, false, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
{4096, &EVP_sha224, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{4096, &EVP_sha256, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{4096, &EVP_sha384, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{4096, &EVP_sha512, false, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
- {4096, &EVP_sha1, true, FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
+ {4096, &EVP_sha1, true, FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
{4096, &EVP_sha224, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{4096, &EVP_sha256, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{4096, &EVP_sha384, true, FIPSStatus::APPROVED, FIPSStatus::APPROVED},
@@ -1359,7 +1359,7 @@
int nid;
// md_func is the digest to test.
const EVP_MD *(*func)();
- // expected to be approved or not for signature generation.
+ // expected to be approved or not for key generation.
FIPSStatus key_check_expect_approved;
// expected to be approved or not for signature generation.
FIPSStatus sig_gen_expect_approved;
@@ -1372,7 +1372,7 @@
// |EC_GROUP_new_by_curve_name|, and |NID_secp256k1| will only work if
// |kCurveSecp256k1Supported| is true.
{NID_secp224r1, &EVP_sha1, FIPSStatus::APPROVED, FIPSStatus::NOT_APPROVED,
- FIPSStatus::APPROVED},
+ FIPSStatus::NOT_APPROVED},
{NID_secp224r1, &EVP_sha224, FIPSStatus::APPROVED, FIPSStatus::APPROVED,
FIPSStatus::APPROVED},
{NID_secp224r1, &EVP_sha256, FIPSStatus::APPROVED, FIPSStatus::APPROVED,
@@ -1383,7 +1383,7 @@
FIPSStatus::APPROVED},
{NID_X9_62_prime256v1, &EVP_sha1, FIPSStatus::APPROVED,
- FIPSStatus::NOT_APPROVED, FIPSStatus::APPROVED},
+ FIPSStatus::NOT_APPROVED, FIPSStatus::NOT_APPROVED},
{NID_X9_62_prime256v1, &EVP_sha224, FIPSStatus::APPROVED,
FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{NID_X9_62_prime256v1, &EVP_sha256, FIPSStatus::APPROVED,
@@ -1394,7 +1394,7 @@
FIPSStatus::APPROVED, FIPSStatus::APPROVED},
{NID_secp384r1, &EVP_sha1, FIPSStatus::APPROVED, FIPSStatus::NOT_APPROVED,
- FIPSStatus::APPROVED},
+ FIPSStatus::NOT_APPROVED},
{NID_secp384r1, &EVP_sha224, FIPSStatus::APPROVED, FIPSStatus::APPROVED,
FIPSStatus::APPROVED},
{NID_secp384r1, &EVP_sha256, FIPSStatus::APPROVED, FIPSStatus::APPROVED,
@@ -1405,7 +1405,7 @@
FIPSStatus::APPROVED},
{NID_secp521r1, &EVP_sha1, FIPSStatus::APPROVED, FIPSStatus::NOT_APPROVED,
- FIPSStatus::APPROVED},
+ FIPSStatus::NOT_APPROVED},
{NID_secp521r1, &EVP_sha224, FIPSStatus::APPROVED, FIPSStatus::APPROVED,
FIPSStatus::APPROVED},
{NID_secp521r1, &EVP_sha256, FIPSStatus::APPROVED, FIPSStatus::APPROVED,
diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
index b66f2ac..dd17f56 100644
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -550,7 +550,6 @@
"P-521"
],
"hashAlg": [
- "SHA-1",
"SHA2-224",
"SHA2-256",
"SHA2-384",
@@ -562,7 +561,7 @@
{
"algorithm": "RSA",
"mode": "keyGen",
- "revision": "FIPS186-4",
+ "revision": "FIPS186-5",
"infoGeneratedByServer": true,
"pubExpMode": "fixed",
"fixedPubExp": "010001",
@@ -590,7 +589,7 @@
{
"algorithm": "RSA",
"mode": "sigGen",
- "revision": "FIPS186-4",
+ "revision": "FIPS186-5",
"capabilities": [{
"sigType": "pkcs1v1.5",
"properties": [{
@@ -701,28 +700,12 @@
{
"algorithm": "RSA",
"mode": "sigVer",
- "revision": "FIPS186-4",
+ "revision": "FIPS186-5",
"pubExpMode": "fixed",
"fixedPubExp": "010001",
"capabilities": [{
"sigType": "pkcs1v1.5",
"properties": [{
- "modulo": 1024,
- "hashPair": [{
- "hashAlg": "SHA2-224"
- }, {
- "hashAlg": "SHA2-256"
- }, {
- "hashAlg": "SHA2-384"
- }, {
- "hashAlg": "SHA2-512"
- }, {
- "hashAlg": "SHA-1"
- }]
- }]
- },{
- "sigType": "pkcs1v1.5",
- "properties": [{
"modulo": 2048,
"hashPair": [{
"hashAlg": "SHA2-224"
@@ -732,8 +715,6 @@
"hashAlg": "SHA2-384"
}, {
"hashAlg": "SHA2-512"
- }, {
- "hashAlg": "SHA-1"
}]
}]
},{
@@ -748,8 +729,6 @@
"hashAlg": "SHA2-384"
}, {
"hashAlg": "SHA2-512"
- }, {
- "hashAlg": "SHA-1"
}]
}]
},{
@@ -764,29 +743,6 @@
"hashAlg": "SHA2-384"
}, {
"hashAlg": "SHA2-512"
- }, {
- "hashAlg": "SHA-1"
- }]
- }]
- },{
- "sigType": "pss",
- "properties": [{
- "modulo": 1024,
- "hashPair": [{
- "hashAlg": "SHA2-224",
- "saltLen": 28
- }, {
- "hashAlg": "SHA2-256",
- "saltLen": 32
- }, {
- "hashAlg": "SHA2-384",
- "saltLen": 48
- }, {
- "hashAlg": "SHA2-512/256",
- "saltLen": 32
- }, {
- "hashAlg": "SHA-1",
- "saltLen": 20
}]
}]
},{
@@ -808,9 +764,6 @@
}, {
"hashAlg": "SHA2-512/256",
"saltLen": 32
- }, {
- "hashAlg": "SHA-1",
- "saltLen": 20
}]
}]
},{
@@ -832,9 +785,6 @@
}, {
"hashAlg": "SHA2-512/256",
"saltLen": 32
- }, {
- "hashAlg": "SHA-1",
- "saltLen": 20
}]
}]
},{
@@ -856,9 +806,6 @@
}, {
"hashAlg": "SHA2-512/256",
"saltLen": 32
- }, {
- "hashAlg": "SHA-1",
- "saltLen": 20
}]
}]
}]
diff --git a/util/fipstools/test_fips.c b/util/fipstools/test_fips.c
index 13b8d7d..bd0ec46 100644
--- a/util/fipstools/test_fips.c
+++ b/util/fipstools/test_fips.c
@@ -26,6 +26,7 @@
#include <openssl/dh.h>
#include <openssl/ec_key.h>
#include <openssl/ecdsa.h>
+#include <openssl/err.h>
#include <openssl/hkdf.h>
#include <openssl/hmac.h>
#include <openssl/nid.h>
@@ -54,7 +55,8 @@
printf("No module version set\n");
goto err;
}
- printf("Module version: %" PRIu32 "\n", module_version);
+ printf("Module: '%s', version: %" PRIu32 "\n", FIPS_module_name(),
+ module_version);
static const uint8_t kAESKey[16] = "BoringCrypto Key";
static const uint8_t kPlaintext[64] =
@@ -216,6 +218,18 @@
RSA_free(rsa_key);
+ /* Generating a key with a null output parameter. */
+ printf("About to generate RSA key with null output\n");
+ if (!RSA_generate_key_fips(NULL, 2048, NULL)) {
+ printf("RSA_generate_key_fips failed with null output parameter\n");
+ ERR_clear_error();
+ } else {
+ printf(
+ "RSA_generate_key_fips unexpectedly succeeded with null output "
+ "parameter\n");
+ goto err;
+ }
+
EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if (ec_key == NULL) {
printf("invalid ECDSA key\n");
@@ -261,6 +275,30 @@
ECDSA_SIG_free(sig);
EC_KEY_free(ec_key);
+ /* Generating a key with a null output pointer. */
+ printf("About to generate P-256 key with NULL output\n");
+ if (!EC_KEY_generate_key_fips(NULL)) {
+ printf("EC_KEY_generate_key_fips failed with a NULL output pointer.\n");
+ ERR_clear_error();
+ } else {
+ printf(
+ "EC_KEY_generate_key_fips unexpectedly succeeded with a NULL output "
+ "pointer.\n");
+ goto err;
+ }
+
+ /* ECDSA with an invalid public key. */
+ ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ static const uint8_t kNotValidX926[] = {1,2,3,4,5,6};
+ if (!EC_KEY_oct2key(ec_key, kNotValidX926, sizeof(kNotValidX926),
+ /*ctx=*/NULL)) {
+ printf("Error while parsing invalid ECDSA public key");
+ } else {
+ printf("Unexpected success while parsing invalid ECDSA public key");
+ goto err;
+ }
+ EC_KEY_free(ec_key);
+
/* DBRG */
CTR_DRBG_STATE drbg;
printf("About to seed CTR-DRBG with ");