RSA Update

1. Fix issue with new key gen options and using old FIPS releases. 2. Modify the FIPS configure option to handle an option for the updated FIPS.
2017-11-02 16:56:49 -07:00
parent a784142edf
commit 274c6ca492
2 changed files with 27 additions and 16 deletions
--- a/configure.ac
+++ b/configure.ac
@ -1903,8 +1903,10 @@ AC_ARG_ENABLE([fips],
    [ ENABLED_FIPS=no ]
    )

-if test "x$ENABLED_FIPS" = "xyes"
+if test "x$ENABLED_FIPS" != "xno"
 then
+    FIPS_VERSION=$ENABLED_FIPS
+    ENABLED_FIPS=yes
    # requires thread local storage
    if test "$thread_ls_on" = "no"
    then
@ -1930,6 +1932,9 @@ then
        ENABLED_DES3="yes"
    fi
    AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
+    # Add the FIPS flag.
+    AS_IF([test "x$FIPS_VERSION" = "xv2"],
+          [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2"])
 else
    if test "x$ENABLED_FORTRESS" = "xyes"
    then
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@ -147,20 +147,12 @@ int  wc_RsaEncryptSize(RsaKey* key)
 }


-#ifndef WOLFSSL_KEY_GEN
+/* New FIPS functions. */
+#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+
    int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
                               word32* bSz)
    {
-
-        /* not specified as fips so not needing _fips */
-        return RsaFlattenPublicKey(key, a, aSz, b, bSz);
-    }
-#else
-    int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
-                               word32* bSz)
-    {
-
-        /* not specified as fips so not needing _fips */
        return RsaFlattenPublicKey_fips(key, a, aSz, b, bSz);
    }

@ -169,8 +161,6 @@ int  wc_RsaEncryptSize(RsaKey* key)
                        byte* d, word32* dSz, byte* p, word32* pSz,
                        byte* q, word32* qSz)
    {
-
-        /* not specified as fips so not needing _fips */
        return RsaExportKey_fips(key, e, eSz, n, nSz, d, dSz, p, pSz, q, qSz);
    }

@ -189,6 +179,24 @@ int  wc_RsaEncryptSize(RsaKey* key)
    {
        return MakeRsaKey_fips(key, size, e, rng);
    }
+
+#else /* Use old version of FIPS functions. */
+
+    int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
+                               word32* bSz)
+    {
+
+        /* not specified as fips so not needing _fips */
+        return RsaFlattenPublicKey(key, a, aSz, b, bSz);
+    }
+
+    #ifdef WOLFSSL_KEY_GEN
+        int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
+        {
+            return MakeRsaKey(key, size, e, rng);
+        }
+    #endif
+
 #endif


@ -2256,9 +2264,7 @@ static const byte lower_bound[] = {
 static INLINE int RsaSizeCheck(int size)
 {
    switch (size) {
-#ifndef HAVE_FIPS
        case 1024:
-#endif
        case 2048:
        case 3072:
        case 4096: