diff options
Diffstat (limited to 'providers/implementations/kem/rsa_kem.c')
| -rw-r--r-- | providers/implementations/kem/rsa_kem.c | 43 |
1 files changed, 32 insertions, 11 deletions
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c index ff22ddffcf..6dfc992096 100644 --- a/providers/implementations/kem/rsa_kem.c +++ b/providers/implementations/kem/rsa_kem.c @@ -13,7 +13,6 @@ */ #include "internal/deprecated.h" #include "internal/nelem.h" - #include <openssl/crypto.h> #include <openssl/evp.h> #include <openssl/core_dispatch.h> @@ -21,9 +20,8 @@ #include <openssl/rsa.h> #include <openssl/params.h> #include <openssl/err.h> -#include "crypto/rsa.h" #include <openssl/proverr.h> -#include "internal/nelem.h" +#include "crypto/rsa.h" #include "prov/provider_ctx.h" #include "prov/implementations.h" #include "prov/securitycheck.h" @@ -56,6 +54,7 @@ typedef struct { OSSL_LIB_CTX *libctx; RSA *rsa; int op; + OSSL_FIPS_IND_DECLARE } PROV_RSA_CTX; static const OSSL_ITEM rsakem_opname_id_map[] = { @@ -89,6 +88,7 @@ static void *rsakem_newctx(void *provctx) return NULL; prsactx->libctx = PROV_LIBCTX_OF(provctx); prsactx->op = KEM_OP_UNDEFINED; + OSSL_FIPS_IND_INIT(prsactx) return prsactx; } @@ -119,44 +119,62 @@ static void *rsakem_dupctx(void *vprsactx) } static int rsakem_init(void *vprsactx, void *vrsa, - const OSSL_PARAM params[], int operation) + const OSSL_PARAM params[], int operation, + const char *desc) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + int protect = 0; if (prsactx == NULL || vrsa == NULL) return 0; - if (!ossl_rsa_check_key(prsactx->libctx, vrsa, operation)) + if (!ossl_rsa_key_op_get_protect(vrsa, operation, &protect)) return 0; - if (!RSA_up_ref(vrsa)) return 0; RSA_free(prsactx->rsa); prsactx->rsa = vrsa; - return rsakem_set_ctx_params(prsactx, params); + OSSL_FIPS_IND_SET_APPROVED(prsactx) + if (!rsakem_set_ctx_params(prsactx, params)) + return 0; +#ifdef FIPS_MODULE + if (!ossl_fips_ind_rsa_key_check(OSSL_FIPS_IND_GET(prsactx), + OSSL_FIPS_IND_SETTABLE0, prsactx->libctx, + prsactx->rsa, desc, protect)) + return 0; +#endif + return 1; } static int rsakem_encapsulate_init(void *vprsactx, void *vrsa, const OSSL_PARAM params[]) { - return rsakem_init(vprsactx, vrsa, params, EVP_PKEY_OP_ENCAPSULATE); + return rsakem_init(vprsactx, vrsa, params, EVP_PKEY_OP_ENCAPSULATE, + "RSA Encapsulate Init"); } static int rsakem_decapsulate_init(void *vprsactx, void *vrsa, const OSSL_PARAM params[]) { - return rsakem_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECAPSULATE); + return rsakem_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECAPSULATE, + "RSA Decapsulate Init"); } static int rsakem_get_ctx_params(void *vprsactx, OSSL_PARAM *params) { PROV_RSA_CTX *ctx = (PROV_RSA_CTX *)vprsactx; - return ctx != NULL; + if (ctx == NULL) + return 0; + + if (!OSSL_FIPS_IND_GET_CTX_PARAM(ctx, params)) + return 0; + return 1; } static const OSSL_PARAM known_gettable_rsakem_ctx_params[] = { + OSSL_FIPS_IND_GETTABLE_CTX_PARAM() OSSL_PARAM_END }; @@ -177,7 +195,9 @@ static int rsakem_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) if (params == NULL) return 1; - + if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE0, params, + OSSL_KEM_PARAM_FIPS_KEY_CHECK)) + return 0; p = OSSL_PARAM_locate_const(params, OSSL_KEM_PARAM_OPERATION); if (p != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING) @@ -192,6 +212,7 @@ static int rsakem_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) static const OSSL_PARAM known_settable_rsakem_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_KEM_PARAM_OPERATION, NULL, 0), + OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_KEM_PARAM_FIPS_KEY_CHECK) OSSL_PARAM_END }; |