diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 3f3e41fe8..817d9b7c6 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -800,7 +800,11 @@ void bench_rsa(void) printf("InitRNG failed\n"); return; } - InitRsaKey(&rsaKey, 0); + ret = InitRsaKey(&rsaKey, 0); + if (ret < 0) { + printf("InitRsaKey failed\n"); + return; + } ret = RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes); start = current_time(1); diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 527645e47..db30330bf 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -2759,7 +2759,8 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, return 0; } - InitRsaKey(&pubKey, heap); + ret = InitRsaKey(&pubKey, heap); + if (ret != 0) return ret; if (RsaPublicKeyDecode(key, &idx, &pubKey, keySz) < 0) { CYASSL_MSG("ASN Key decode error RSA"); ret = 0; diff --git a/ctaocrypt/src/pkcs7.c b/ctaocrypt/src/pkcs7.c index c0c96b1c8..f12396390 100644 --- a/ctaocrypt/src/pkcs7.c +++ b/ctaocrypt/src/pkcs7.c @@ -434,7 +434,7 @@ int PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) attribSetSz = SetSet(flatSignedAttribsSz, attribSet); ret = InitSha(&esd.sha); - if (result < 0) { + if (ret < 0) { XFREE(flatSignedAttribs, 0, NULL); return ret; } @@ -458,9 +458,10 @@ int PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) XMEMCPY(digestInfo + digIdx, esd.contentAttribsDigest, SHA_DIGEST_SIZE); digIdx += SHA_DIGEST_SIZE; - InitRsaKey(&privKey, NULL); - result = RsaPrivateKeyDecode(pkcs7->privateKey, &scratch, &privKey, - pkcs7->privateKeySz); + result = InitRsaKey(&privKey, NULL); + if (result == 0) + result = RsaPrivateKeyDecode(pkcs7->privateKey, &scratch, &privKey, + pkcs7->privateKeySz); if (result < 0) { XFREE(flatSignedAttribs, 0, NULL); return PUBLIC_KEY_E; @@ -580,7 +581,7 @@ int PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) int PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) { word32 idx, contentType; - int length, version; + int length, version, ret; byte* content = NULL; byte* sig = NULL; byte* cert = NULL; @@ -781,7 +782,8 @@ int PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) pkcs7->content = content; pkcs7->contentSz = contentSz; - InitRsaKey(&key, NULL); + ret = InitRsaKey(&key, NULL); + if (ret != 0) return ret; if (RsaPublicKeyDecode(pkcs7->publicKey, &scratch, &key, pkcs7->publicKeySz) < 0) { CYASSL_MSG("ASN RSA key decode error"); @@ -859,7 +861,8 @@ CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz, return BAD_FUNC_ARG; /* EncryptedKey */ - InitRsaKey(&pubKey, 0); + ret = InitRsaKey(&pubKey, 0); + if (ret != 0) return ret; if (RsaPublicKeyDecode(decoded.publicKey, &idx, &pubKey, decoded.pubKeySize) < 0) { CYASSL_MSG("ASN RSA key decode error"); @@ -1045,7 +1048,7 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) ret = Des_SetKey(&des, contentKeyPlain, tmpIv, DES_ENCRYPTION); if (ret == 0) - ret = Des_CbcEncrypt(&des, encryptedContent, plain, desOutSz); + Des_CbcEncrypt(&des, encryptedContent, plain, desOutSz); if (ret != 0) { XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1178,7 +1181,8 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, return BAD_FUNC_ARG; /* load private key */ - InitRsaKey(&privKey, 0); + ret = InitRsaKey(&privKey, 0); + if (ret != 0) return ret; ret = RsaPrivateKeyDecode(pkcs7->privateKey, &idx, &privKey, pkcs7->privateKeySz); if (ret != 0) { @@ -1337,7 +1341,7 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, ret = Des_SetKey(&des, decryptedKey, tmpIv, DES_DECRYPTION); if (ret == 0) - ret = Des_CbcDecrypt(&des, encryptedContent, encryptedContent, + Des_CbcDecrypt(&des, encryptedContent, encryptedContent, encryptedContentSz); if (ret != 0) { diff --git a/ctaocrypt/src/rsa.c b/ctaocrypt/src/rsa.c index 1765018f1..060d1f5e2 100644 --- a/ctaocrypt/src/rsa.c +++ b/ctaocrypt/src/rsa.c @@ -28,6 +28,11 @@ #ifndef NO_RSA +#ifdef HAVE_FIPS + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS +#endif + #include #include #include @@ -42,8 +47,8 @@ #endif #ifdef HAVE_CAVIUM - static void InitCaviumRsaKey(RsaKey* key, void* heap); - static void FreeCaviumRsaKey(RsaKey* key); + static int InitCaviumRsaKey(RsaKey* key, void* heap); + static int FreeCaviumRsaKey(RsaKey* key); static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key); static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, @@ -70,7 +75,7 @@ enum { }; -void InitRsaKey(RsaKey* key, void* heap) +int InitRsaKey(RsaKey* key, void* heap) { #ifdef HAVE_CAVIUM if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) @@ -88,10 +93,12 @@ void InitRsaKey(RsaKey* key, void* heap) key->q.dp = key->dP.dp = 0; key->u.dp = key->dQ.dp = 0; #endif + + return 0; } -void FreeRsaKey(RsaKey* key) +int FreeRsaKey(RsaKey* key) { (void)key; @@ -113,6 +120,8 @@ void FreeRsaKey(RsaKey* key) mp_clear(&key->e); mp_clear(&key->n); #endif + + return 0; } static void RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, @@ -664,10 +673,10 @@ void RsaFreeCavium(RsaKey* rsa) /* Initialize cavium RSA key */ -static void InitCaviumRsaKey(RsaKey* key, void* heap) +static int InitCaviumRsaKey(RsaKey* key, void* heap) { if (key == NULL) - return; + return BAD_FUNC_ARG; key->heap = heap; key->type = -1; /* don't know yet */ @@ -689,14 +698,16 @@ static void InitCaviumRsaKey(RsaKey* key, void* heap) key->c_dP_Sz = 0; key->c_dQ_Sz = 0; key->c_uSz = 0; + + return 0; } /* Free cavium RSA key */ -static void FreeCaviumRsaKey(RsaKey* key) +static int FreeCaviumRsaKey(RsaKey* key) { if (key == NULL) - return; + return BAD_FUNC_ARG; XFREE(key->c_n, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); XFREE(key->c_e, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); @@ -707,7 +718,7 @@ static void FreeCaviumRsaKey(RsaKey* key) XFREE(key->c_dQ, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); XFREE(key->c_u, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); - InitCaviumRsaKey(key, key->heap); /* reset pointers */ + return InitCaviumRsaKey(key, key->heap); /* reset pointers */ } diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index e6757c414..e83bc14da 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -2681,7 +2681,8 @@ int rsa_test(void) #ifdef HAVE_CAVIUM RsaInitCavium(&key, CAVIUM_DEV_ID); #endif - InitRsaKey(&key, 0); + ret = InitRsaKey(&key, 0); + if (ret != 0) return -39; ret = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); if (ret != 0) return -41; @@ -2751,7 +2752,8 @@ int rsa_test(void) FILE* keyFile; FILE* pemFile; - InitRsaKey(&genKey, 0); + ret = InitRsaKey(&genKey, 0); + if (ret != 0) return -300; ret = MakeRsaKey(&genKey, 1024, 65537, &rng); if (ret != 0) return -301; @@ -2783,7 +2785,8 @@ int rsa_test(void) ret = (int)fwrite(pem, pemSz, 1, pemFile); fclose(pemFile); - InitRsaKey(&derIn, 0); + ret = InitRsaKey(&derIn, 0); + if (ret != 0) return -3060; idx = 0; ret = RsaPrivateKeyDecode(der, &idx, &derIn, derSz); if (ret != 0) @@ -2891,7 +2894,8 @@ int rsa_test(void) bytes3 = fread(tmp, 1, FOURK_BUF, file3); fclose(file3); - InitRsaKey(&caKey, 0); + ret = InitRsaKey(&caKey, 0); + if (ret != 0) return -411; ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); if (ret != 0) return -413; @@ -3092,7 +3096,8 @@ int rsa_test(void) bytes = fread(tmp, 1, FOURK_BUF, caFile); fclose(caFile); - InitRsaKey(&caKey, 0); + ret = InitRsaKey(&caKey, 0); + if (ret != 0) return -459; ret = RsaPrivateKeyDecode(tmp, &idx, &caKey, (word32)bytes); if (ret != 0) return -454; diff --git a/cyassl/ctaocrypt/rsa.h b/cyassl/ctaocrypt/rsa.h index a4339e158..03858dbed 100644 --- a/cyassl/ctaocrypt/rsa.h +++ b/cyassl/ctaocrypt/rsa.h @@ -61,8 +61,8 @@ typedef struct RsaKey { } RsaKey; -CYASSL_API void InitRsaKey(RsaKey* key, void*); -CYASSL_API void FreeRsaKey(RsaKey* key); +CYASSL_API int InitRsaKey(RsaKey* key, void*); +CYASSL_API int FreeRsaKey(RsaKey* key); CYASSL_API int RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, RNG* rng); @@ -93,6 +93,46 @@ CYASSL_API int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, #endif +#ifdef HAVE_FIPS + /* fips wrapper calls, user can call direct */ + CYASSL_API int InitRsaKey_fips(RsaKey* key, void*); + CYASSL_API int FreeRsaKey_fips(RsaKey* key); + + CYASSL_API int RsaPublicEncrypt_fips(const byte* in,word32 inLen,byte* out, + word32 outLen, RsaKey* key, RNG* rng); + CYASSL_API int RsaPrivateDecryptInline_fips(byte* in, word32 inLen, + byte** out, RsaKey* key); + CYASSL_API int RsaPrivateDecrypt_fips(const byte* in, word32 inLen, + byte* out,word32 outLen,RsaKey* key); + CYASSL_API int RsaSSL_Sign_fips(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key, RNG* rng); + CYASSL_API int RsaSSL_VerifyInline_fips(byte* in, word32 inLen, byte** out, + RsaKey* key); + CYASSL_API int RsaSSL_Verify_fips(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key); + CYASSL_API int RsaEncryptSize_fips(RsaKey* key); + + CYASSL_API int RsaPrivateKeyDecode_fips(const byte* input, word32* inOutIdx, + RsaKey*, word32); + CYASSL_API int RsaPublicKeyDecode_fips(const byte* input, word32* inOutIdx, + RsaKey*, word32); + #ifndef FIPS_NO_WRAPPERS + /* if not impl or fips.c impl wrapper force fips calls if fips build */ + #define InitRsaKey InitRsaKey_fips + #define FreeRsaKey FreeRsaKey_fips + #define RsaPublicEncrypt RsaPublicEncrypt_fips + #define RsaPrivateDecryptInline RsaPrivateDecryptInline_fips + #define RsaPrivateDecrypt RsaPrivateDecrypt_fips + #define RsaSSL_Sign RsaSSL_Sign_fips + #define RsaSSL_VerifyInline RsaSSL_VerifyInline_fips + #define RsaSSL_Verify RsaSSL_Verify_fips + #define RsaEncryptSize RsaEncryptSize_fips + /* no implicit KeyDecodes since in asn.c (not rsa.c) */ + #endif /* FIPS_NO_WRAPPERS */ + +#endif /* HAVE_FIPS */ + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/mcapi/crypto.c b/mcapi/crypto.c index 7b96f3884..5958d63d0 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -461,9 +461,7 @@ int CRYPT_RSA_Initialize(CRYPT_RSA_CTX* rsa) if (rsa->holder == NULL) return -1; - InitRsaKey((RsaKey*)rsa->holder, NULL); - - return 0; + return InitRsaKey((RsaKey*)rsa->holder, NULL); } diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index 5274e7b4b..c26c04db9 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -1219,8 +1219,9 @@ static int check_rsa(void) byte out1[256]; byte out2[256]; - InitRsaKey(&defRsa, NULL); - ret = CRYPT_RSA_Initialize(&mcRsa); + ret = InitRsaKey(&defRsa, NULL); + if (ret == 0) + ret = CRYPT_RSA_Initialize(&mcRsa); if (ret != 0) { printf("mcapi rsa init failed\n"); return -1; diff --git a/src/internal.c b/src/internal.c index 3d16570b5..19f38b296 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1696,7 +1696,8 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) CYASSL_MSG("PeerRsaKey Memory error"); return MEMORY_E; } - InitRsaKey(ssl->peerRsaKey, ctx->heap); + ret = InitRsaKey(ssl->peerRsaKey, ctx->heap); + if (ret != 0) return ret; #endif #ifndef NO_CERTS /* make sure server has cert and key unless using PSK */ @@ -8483,6 +8484,7 @@ static void PickHashSigAlgo(CYASSL* ssl, word32 sigOutSz = 0; #ifndef NO_RSA RsaKey key; + int initRsaKey = 0; #endif int usingEcc = 0; #ifdef HAVE_ECC @@ -8508,9 +8510,11 @@ static void PickHashSigAlgo(CYASSL* ssl, ecc_init(&eccKey); #endif #ifndef NO_RSA - InitRsaKey(&key, ssl->heap); - ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx, &key, - ssl->buffers.key.length); + ret = InitRsaKey(&key, ssl->heap); + if (ret == 0) initRsaKey = 1; + if (ret == 0) + ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx, &key, + ssl->buffers.key.length); if (ret == 0) sigOutSz = RsaEncryptSize(&key); else @@ -8711,7 +8715,8 @@ static void PickHashSigAlgo(CYASSL* ssl, } } #ifndef NO_RSA - FreeRsaKey(&key); + if (initRsaKey) + FreeRsaKey(&key); #endif #ifdef HAVE_ECC ecc_free(&eccKey); @@ -8960,7 +8965,8 @@ static void PickHashSigAlgo(CYASSL* ssl, preSigIdx = idx; #ifndef NO_RSA - InitRsaKey(&rsaKey, ssl->heap); + ret = InitRsaKey(&rsaKey, ssl->heap); + if (ret != 0) return ret; #endif ecc_init(&dsaKey); @@ -9293,7 +9299,10 @@ static void PickHashSigAlgo(CYASSL* ssl, &ssl->buffers.serverDH_Pub.length); FreeDhKey(&dhKey); - InitRsaKey(&rsaKey, ssl->heap); + if (ret == 0) { + ret = InitRsaKey(&rsaKey, ssl->heap); + if (ret != 0) return ret; + } if (ret == 0) { length = LENGTH_SZ * 3; /* p, g, pub */ length += ssl->buffers.serverDH_P.length + @@ -10807,7 +10816,8 @@ static void PickHashSigAlgo(CYASSL* ssl, doUserRsa = 1; #endif - InitRsaKey(&key, ssl->heap); + ret = InitRsaKey(&key, ssl->heap); + if (ret != 0) return ret; if (ssl->buffers.key.buffer) ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx, diff --git a/src/sniffer.c b/src/sniffer.c index 8333bf7a3..8b4e65cc9 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1044,9 +1044,9 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes, RsaKey key; int ret; - InitRsaKey(&key, 0); - - ret = RsaPrivateKeyDecode(session->context->ctx->privateKey.buffer, + ret = InitRsaKey(&key, 0); + if (ret == 0) + ret = RsaPrivateKeyDecode(session->context->ctx->privateKey.buffer, &idx, &key, session->context->ctx->privateKey.length); if (ret == 0) { int length = RsaEncryptSize(&key); diff --git a/src/ssl.c b/src/ssl.c index c00b5b3ec..058e997d9 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2121,7 +2121,8 @@ int CyaSSL_Init(void) RsaKey key; word32 idx = 0; - InitRsaKey(&key, 0); + ret = InitRsaKey(&key, 0); + if (ret != 0) return ret; if (RsaPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) { #ifdef HAVE_ECC /* could have DER ECC (or pkcs8 ecc), no easy way to tell */ @@ -10341,7 +10342,12 @@ static int initGlobalRNG = 0; } InitCyaSSL_Rsa(external); - InitRsaKey(key, NULL); + if (InitRsaKey(key, NULL) != 0) { + CYASSL_MSG("InitRsaKey CYASSL_RSA failure"); + XFREE(external, NULL, DYNAMIC_TYPE_RSA); + XFREE(key, NULL, DYNAMIC_TYPE_RSA); + return NULL; + } external->internal = key; return external;