diff options
Diffstat (limited to 'providers/common')
| -rw-r--r-- | providers/common/include/prov/fipsindicator.h | 144 | ||||
| -rw-r--r-- | providers/common/include/prov/securitycheck.h | 24 | ||||
| -rw-r--r-- | providers/common/securitycheck.c | 250 | ||||
| -rw-r--r-- | providers/common/securitycheck_default.c | 5 | ||||
| -rw-r--r-- | providers/common/securitycheck_fips.c | 91 |
5 files changed, 342 insertions, 172 deletions
diff --git a/providers/common/include/prov/fipsindicator.h b/providers/common/include/prov/fipsindicator.h new file mode 100644 index 0000000000..a1f4f55e6e --- /dev/null +++ b/providers/common/include/prov/fipsindicator.h @@ -0,0 +1,144 @@ +/* + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifdef FIPS_MODULE + +# include <openssl/core.h> /* OSSL_CALLBACK, OSSL_LIB_CTX */ +# include <openssl/indicator.h> +# include "crypto/types.h" +# include <openssl/ec.h> + +/* + * There may be multiple settables associated with an algorithm that allow + * overriding the default status. + * We associate an id with each of these. + */ +# define OSSL_FIPS_IND_SETTABLE0 0 +# define OSSL_FIPS_IND_SETTABLE1 1 +# define OSSL_FIPS_IND_SETTABLE2 2 +# define OSSL_FIPS_IND_SETTABLE3 2 +# define OSSL_FIPS_IND_SETTABLE4 2 +# define OSSL_FIPS_IND_SETTABLE5 2 +# define OSSL_FIPS_IND_SETTABLE6 2 +# define OSSL_FIPS_IND_SETTABLE7 2 +# define OSSL_FIPS_IND_SETTABLE_MAX (1 + OSSL_FIPS_IND_SETTABLE7) + +/* Each settable is in one of 3 states */ +#define OSSL_FIPS_IND_STATE_UNKNOWN -1 /* Initial unknown state */ +#define OSSL_FIPS_IND_STATE_STRICT 1 /* Strict enforcement */ +#define OSSL_FIPS_IND_STATE_TOLERANT 0 /* Relaxation of rules */ + +/* + * For each algorithm context there may be multiple checks that determine if + * the algorithm is approved or not. These checks may be in different stages. + * To keep it simple it is assumed that the algorithm is initially approved, + * and may be unapproved when each check happens. Once unapproved the operation + * will remain unapproved (otherwise we need to maintain state for each check). + * The approved state should only be queried after the operation has completed + * e.g. A digest final, or a KDF derive. + * + * If a FIPS approved check fails then we must decide what to do in this case. + * In strict mode we would just return an error. + * To override strict mode we either need to have a settable variable or have a + * fips config flag that overrides strict mode. + * If there are multiple checks, each one could possible have a different + * configurable item. Each configurable item can be overriden by a different + * settable. + */ +typedef struct ossl_fips_ind_st { + unsigned char approved; + signed char settable[OSSL_FIPS_IND_SETTABLE_MAX]; /* See OSSL_FIPS_IND_STATE */ +} OSSL_FIPS_IND; + +typedef int (OSSL_FIPS_IND_CHECK_CB)(OSSL_LIB_CTX *libctx); + +int ossl_FIPS_IND_callback(OSSL_LIB_CTX *libctx, const char *type, + const char *desc); + +void ossl_FIPS_IND_init(OSSL_FIPS_IND *ind); +void ossl_FIPS_IND_set_approved(OSSL_FIPS_IND *ind); +void ossl_FIPS_IND_set_settable(OSSL_FIPS_IND *ind, int id, int enable); +int ossl_FIPS_IND_get_settable(const OSSL_FIPS_IND *ind, int id); +int ossl_FIPS_IND_on_unapproved(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, + const char *algname, const char *opname, + OSSL_FIPS_IND_CHECK_CB *config_check_fn); +int ossl_FIPS_IND_set_ctx_param(OSSL_FIPS_IND *ind, int id, + const OSSL_PARAM params[], const char *name); +int ossl_FIPS_IND_get_ctx_param(const OSSL_FIPS_IND *ind, + OSSL_PARAM params[]); +void ossl_FIPS_IND_copy(OSSL_FIPS_IND *dst, const OSSL_FIPS_IND *src); + +/* Place this in the algorithm ctx structure */ +# define OSSL_FIPS_IND_DECLARE OSSL_FIPS_IND indicator; +/* Call this to initialize the indicator */ +# define OSSL_FIPS_IND_INIT(ctx) ossl_FIPS_IND_init(&ctx->indicator); +/* + * Use the copy if an algorithm has a dup function that does not copy the src to + * the dst. + */ +# define OSSL_FIPS_IND_COPY(dst, src) ossl_FIPS_IND_copy(&dst->indicator, &src->indicator); + +/* + * Required for reset - since once something becomes unapproved it will remain + * unapproved unless this is used. This should be used in the init before + * params are set into the ctx & before any FIPS checks are done. + */ +# define OSSL_FIPS_IND_SET_APPROVED(ctx) ossl_FIPS_IND_set_approved(&ctx->indicator); +/* + * This should be called if a FIPS check fails, to indicate the operation is not approved + * If there is more than 1 strict check flag per algorithm ctx, the id represents + * the index. + */ +# define OSSL_FIPS_IND_ON_UNAPPROVED(ctx, id, libctx, algname, opname, config_check_fn) \ + ossl_FIPS_IND_on_unapproved(&ctx->indicator, id, libctx, algname, opname, config_check_fn) + +# define OSSL_FIPS_IND_SETTABLE_CTX_PARAM(name) \ + OSSL_PARAM_int(name, NULL), + +/* + * The id here must match the one used by OSSL_FIPS_IND_ON_UNAPPROVED + * The name must match the param used by OSSL_FIPS_IND_SETTABLE_CTX_PARAM + */ +# define OSSL_FIPS_IND_SET_CTX_PARAM(ctx, id, params, name) \ + ossl_FIPS_IND_set_ctx_param(&((ctx)->indicator), id, params, name) + +# define OSSL_FIPS_IND_GETTABLE_CTX_PARAM() \ + OSSL_PARAM_int(OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR, NULL), + +# define OSSL_FIPS_IND_GET_CTX_PARAM(ctx, prms) \ + ossl_FIPS_IND_get_ctx_param(&((ctx)->indicator), prms) + +#define OSSL_FIPS_IND_GET(ctx) &((ctx)->indicator) + +int ossl_fips_ind_rsa_key_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, + const RSA *rsa, const char *desc, int protect); +# ifndef OPENSSL_NO_EC +int ossl_fips_ind_ec_key_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, + const EC_GROUP *group, const char *desc, + int protect); +# endif +int ossl_fips_ind_digest_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, + const EVP_MD *md, const char *desc); +int ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND *ind, int id, + OSSL_LIB_CTX *libctx, + int nid, int sha1_allowed, + const char *desc); + +#else +# define OSSL_FIPS_IND_DECLARE +# define OSSL_FIPS_IND_INIT(ctx) +# define OSSL_FIPS_IND_SET_APPROVED(ctx) +# define OSSL_FIPS_IND_ON_UNAPPROVED(ctx, id, libctx, algname, opname, configopt_fn) +# define OSSL_FIPS_IND_SETTABLE_CTX_PARAM(name) +# define OSSL_FIPS_IND_SET_CTX_PARAM(ctx, id, params, name) 1 +# define OSSL_FIPS_IND_GETTABLE_CTX_PARAM() +# define OSSL_FIPS_IND_GET_CTX_PARAM(ctx, params) 1 +# define OSSL_FIPS_IND_COPY(dst, src) + +#endif diff --git a/providers/common/include/prov/securitycheck.h b/providers/common/include/prov/securitycheck.h index 611c6d531b..4db5202c59 100644 --- a/providers/common/include/prov/securitycheck.h +++ b/providers/common/include/prov/securitycheck.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,24 +8,24 @@ */ #include "crypto/types.h" +#include <openssl/ec.h> /* Functions that are common */ -int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation); -int ossl_ec_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect); -int ossl_dsa_check_key(OSSL_LIB_CTX *ctx, const DSA *dsa, int sign); -int ossl_dh_check_key(OSSL_LIB_CTX *ctx, const DH *dh); +int ossl_rsa_key_op_get_protect(const RSA *rsa, int operation, int *outprotect); +int ossl_rsa_check_key_size(const RSA *rsa, int protect); -int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md); -/* With security check enabled it can return -1 to indicate disallowed md */ -int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, - int sha1_allowed); +#ifndef OPENSSL_NO_EC +int ossl_ec_check_curve_allowed(const EC_GROUP *group); +int ossl_ec_check_security_strength(const EC_GROUP *group, int protect); +#endif + +int ossl_dsa_check_key(const DSA *dsa, int sign); +int ossl_dh_check_key(const DH *dh); -/* Functions that are common */ int ossl_digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len); int ossl_digest_get_approved_nid(const EVP_MD *md); /* Functions that have different implementations for the FIPS_MODULE */ -int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, - int sha1_allowed); +int ossl_digest_rsa_sign_get_md_nid(const EVP_MD *md); int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx); int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx); diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c index 0d3acdbe56..e8e1c2400a 100644 --- a/providers/common/securitycheck.c +++ b/providers/common/securitycheck.c @@ -19,14 +19,9 @@ #include <openssl/core_names.h> #include <openssl/obj_mac.h> #include "prov/securitycheck.h" +#include "prov/fipsindicator.h" -/* - * FIPS requires a minimum security strength of 112 bits (for encryption or - * signing), and for legacy purposes 80 bits (for decryption or verifying). - * Set protect = 1 for encryption or signing operations, or 0 otherwise. See - * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf. - */ -int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation) +int ossl_rsa_key_op_get_protect(const RSA *rsa, int operation, int *outprotect) { int protect = 0; @@ -56,25 +51,42 @@ int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation) "invalid operation: %d", operation); return 0; } + *outprotect = protect; + return 1; +} -#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) - if (ossl_securitycheck_enabled(ctx)) { - int sz = RSA_bits(rsa); +/* + * FIPS requires a minimum security strength of 112 bits (for encryption or + * signing), and for legacy purposes 80 bits (for decryption or verifying). + * Set protect = 1 for encryption or signing operations, or 0 otherwise. See + * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf. + */ +int ossl_rsa_check_key_size(const RSA *rsa, int protect) +{ + int sz = RSA_bits(rsa); - if (protect ? (sz < 2048) : (sz < 1024)) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH, - "operation: %d", operation); - return 0; - } - } -#else - /* make protect used */ - (void)protect; -#endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ + if (protect ? (sz < 2048) : (sz < 1024)) + return 0; return 1; } #ifndef OPENSSL_NO_EC + +int ossl_ec_check_curve_allowed(const EC_GROUP *group) +{ + const char *curve_name; + int nid = EC_GROUP_get_curve_name(group); + + /* Explict curves are not FIPS approved */ + if (nid == NID_undef) + return 0; + /* Only NIST curves are FIPS approved */ + curve_name = EC_curve_nid2nist(nid); + if (curve_name == NULL) + return 0; + return 1; +} + /* * In FIPS mode: * protect should be 1 for any operations that need 112 bits of security @@ -89,56 +101,25 @@ int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation) * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf * "Table 2" */ -int ossl_ec_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect) +int ossl_ec_check_security_strength(const EC_GROUP *group, int protect) { -# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) - if (ossl_securitycheck_enabled(ctx)) { - int nid, strength; - const char *curve_name; - const EC_GROUP *group = EC_KEY_get0_group(ec); - - if (group == NULL) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, "No group"); - return 0; - } - nid = EC_GROUP_get_curve_name(group); - if (nid == NID_undef) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, - "Explicit curves are not allowed in fips mode"); - return 0; - } - - curve_name = EC_curve_nid2nist(nid); - if (curve_name == NULL) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, - "Curve %s is not approved in FIPS mode", curve_name); - return 0; - } - - /* - * For EC the security strength is the (order_bits / 2) - * e.g. P-224 is 112 bits. - */ - strength = EC_GROUP_order_bits(group) / 2; - /* The min security strength allowed for legacy verification is 80 bits */ - if (strength < 80) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE); - return 0; - } - - /* - * For signing or key agreement only allow curves with at least 112 bits of - * security strength - */ - if (protect && strength < 112) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, - "Curve %s cannot be used for signing", curve_name); - return 0; - } - } -# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ + /* + * For EC the security strength is the (order_bits / 2) + * e.g. P-224 is 112 bits. + */ + int strength = EC_GROUP_order_bits(group) / 2; + /* The min security strength allowed for legacy verification is 80 bits */ + if (strength < 80) + return 0; + /* + * For signing or key agreement only allow curves with at least 112 bits of + * security strength + */ + if (protect && strength < 112) + return 0; return 1; } + #endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_DSA @@ -147,48 +128,43 @@ int ossl_ec_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect) * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf * "Table 2" */ -int ossl_dsa_check_key(OSSL_LIB_CTX *ctx, const DSA *dsa, int sign) +int ossl_dsa_check_key(const DSA *dsa, int sign) { -# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) - if (ossl_securitycheck_enabled(ctx)) { - size_t L, N; - const BIGNUM *p, *q; - - if (dsa == NULL) - return 0; - - p = DSA_get0_p(dsa); - q = DSA_get0_q(dsa); - if (p == NULL || q == NULL) + size_t L, N; + const BIGNUM *p, *q; + + if (dsa == NULL) + return 0; + + p = DSA_get0_p(dsa); + q = DSA_get0_q(dsa); + if (p == NULL || q == NULL) + return 0; + + L = BN_num_bits(p); + N = BN_num_bits(q); + + /* + * For Digital signature verification DSA keys with < 112 bits of + * security strength, are still allowed for legacy + * use. The bounds given in SP 800-131Ar2 - Table 2 are + * (512 <= L < 2048 or 160 <= N < 224). + * + * We are a little stricter and insist that both minimums are met. + * For example a L = 256, N = 160 key *would* be allowed by SP 800-131Ar2 + * but we don't. + */ + if (!sign) { + if (L < 512 || N < 160) return 0; - - L = BN_num_bits(p); - N = BN_num_bits(q); - - /* - * For Digital signature verification DSA keys with < 112 bits of - * security strength, are still allowed for legacy - * use. The bounds given in SP 800-131Ar2 - Table 2 are - * (512 <= L < 2048 or 160 <= N < 224). - * - * We are a little stricter and insist that both minimums are met. - * For example a L = 256, N = 160 key *would* be allowed by SP 800-131Ar2 - * but we don't. - */ - if (!sign) { - if (L < 512 || N < 160) - return 0; - if (L < 2048 || N < 224) - return 1; - } - - /* Valid sizes for both sign and verify */ - if (L == 2048 && (N == 224 || N == 256)) /* 112 bits */ + if (L < 2048 || N < 224) return 1; - return (L == 3072 && N == 256); /* 128 bits */ } -# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ - return 1; + + /* Valid sizes for both sign and verify */ + if (L == 2048 && (N == 224 || N == 256)) /* 112 bits */ + return 1; + return (L == 3072 && N == 256); /* 128 bits */ } #endif /* OPENSSL_NO_DSA */ @@ -199,58 +175,30 @@ int ossl_dsa_check_key(OSSL_LIB_CTX *ctx, const DSA *dsa, int sign) * "Section 5.5.1.1FFC Domain Parameter Selection/Generation" and * "Appendix D" FFC Safe-prime Groups */ -int ossl_dh_check_key(OSSL_LIB_CTX *ctx, const DH *dh) +int ossl_dh_check_key(const DH *dh) { -# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) - if (ossl_securitycheck_enabled(ctx)) { - size_t L, N; - const BIGNUM *p, *q; + size_t L, N; + const BIGNUM *p, *q; - if (dh == NULL) - return 0; + if (dh == NULL) + return 0; - p = DH_get0_p(dh); - q = DH_get0_q(dh); - if (p == NULL || q == NULL) - return 0; + p = DH_get0_p(dh); + q = DH_get0_q(dh); + if (p == NULL || q == NULL) + return 0; - L = BN_num_bits(p); - if (L < 2048) - return 0; + L = BN_num_bits(p); + if (L < 2048) + return 0; - /* If it is a safe prime group then it is ok */ - if (DH_get_nid(dh)) - return 1; + /* If it is a safe prime group then it is ok */ + if (DH_get_nid(dh)) + return 1; - /* If not then it must be FFC, which only allows certain sizes. */ - N = BN_num_bits(q); + /* If not then it must be FFC, which only allows certain sizes. */ + N = BN_num_bits(q); - return (L == 2048 && (N == 224 || N == 256)); - } -# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ - return 1; + return (L == 2048 && (N == 224 || N == 256)); } #endif /* OPENSSL_NO_DH */ - -int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, - int sha1_allowed) -{ - int mdnid = ossl_digest_get_approved_nid(md); - -# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) - if (ossl_securitycheck_enabled(ctx)) { - if (mdnid == NID_undef || (mdnid == NID_sha1 && !sha1_allowed)) - mdnid = -1; /* disallowed by security checks */ - } -# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ - return mdnid; -} - -int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md) -{ -# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) - if (ossl_securitycheck_enabled(ctx)) - return ossl_digest_get_approved_nid(md) != NID_undef; -# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ - return 1; -} diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c index 246323493e..85e5fddd5a 100644 --- a/providers/common/securitycheck_default.c +++ b/providers/common/securitycheck_default.c @@ -28,8 +28,7 @@ int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx) return 0; } -int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, - ossl_unused int sha1_allowed) +int ossl_digest_rsa_sign_get_md_nid(const EVP_MD *md) { int mdnid; @@ -42,7 +41,7 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 }, }; - mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1); + mdnid = ossl_digest_get_approved_nid(md); if (mdnid == NID_undef) mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); return mdnid; diff --git a/providers/common/securitycheck_fips.c b/providers/common/securitycheck_fips.c index d1262d8795..84579dc7b3 100644 --- a/providers/common/securitycheck_fips.c +++ b/providers/common/securitycheck_fips.c @@ -18,6 +18,7 @@ #include <openssl/core_names.h> #include <openssl/obj_mac.h> #include "prov/securitycheck.h" +#include "prov/fipsindicator.h" #include "prov/fipscommon.h" int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) @@ -34,12 +35,90 @@ int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx) return FIPS_tls_prf_ems_check(libctx); } -int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, - int sha1_allowed) +int ossl_digest_rsa_sign_get_md_nid(const EVP_MD *md) { -#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) - if (ossl_securitycheck_enabled(ctx)) - return ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed); -#endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ return ossl_digest_get_approved_nid(md); } + +int ossl_fips_ind_rsa_key_check(OSSL_FIPS_IND *ind, int id, + OSSL_LIB_CTX *libctx, + const RSA *rsa, const char *desc, int protect) +{ + int key_approved = ossl_rsa_check_key_size(rsa, protect); + + if (!key_approved) { + if (!ossl_FIPS_IND_on_unapproved(ind, id, libctx, desc, "Key size", + ossl_securitycheck_enabled)) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH, + "operation: %s", desc); + return 0; + } + } + return 1; +} + +# ifndef OPENSSL_NO_EC +int ossl_fips_ind_ec_key_check(OSSL_FIPS_IND *ind, int id, + OSSL_LIB_CTX *libctx, + const EC_GROUP *group, const char *desc, + int protect) +{ + int curve_allowed, strength_allowed; + + if (group == NULL) + return 0; + + curve_allowed = ossl_ec_check_curve_allowed(group); + strength_allowed = ossl_ec_check_security_strength(group, protect); + + if (!strength_allowed || !curve_allowed) { + if (!ossl_FIPS_IND_on_unapproved(ind, id, libctx, desc, "EC Key", + ossl_securitycheck_enabled)) { + if (!curve_allowed) + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE); + if (!strength_allowed) + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + return 0; + } + } + return 1; +} +#endif + +int ossl_fips_ind_digest_check(OSSL_FIPS_IND *ind, int id, + OSSL_LIB_CTX *libctx, + const EVP_MD *md, const char *desc) +{ + int approved = (ossl_digest_get_approved_nid(md) != NID_undef); + + if (!approved) { + if (!ossl_FIPS_IND_on_unapproved(ind, id, libctx, desc, "Digest", + ossl_securitycheck_enabled)) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); + return 0; + } + } + return 1; +} + +int ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND *ind, int id, + OSSL_LIB_CTX *libctx, + int nid, int sha1_allowed, + const char *desc) +{ + int approved; + + if (nid == NID_undef) + approved = 0; + else + approved = sha1_allowed || nid != NID_sha1; + + if (!approved) { + if (!ossl_FIPS_IND_on_unapproved(ind, id, libctx, desc, "Digest SHA1", + ossl_securitycheck_enabled)) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); + return 0; + } + } + return 1; +} |