Commit Graph

4240 Commits

Author SHA1 Message Date
Steven Valdez
873ebc9783 Improve TestConfig flags for initial and resumption connections.
Change-Id: I97a2920a08f995ea70425ad9126f1dced067f2a4
Reviewed-on: https://boringssl-review.googlesource.com/16084
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-09 21:14:28 +00:00
David Benjamin
93731d9dd4 Remove old SSL min/max version functions.
I think I've finally cleared this out. Everything should be using
upstream's longer 'proto' names now.

Change-Id: I6ab283dca845fdc184f3764223d027acba59ca91
Reviewed-on: https://boringssl-review.googlesource.com/16086
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-09 19:25:21 +00:00
Matthew Braithwaite
20d202bb0e unrandom: #define _GNU_SOURCE, for syscall().
This is needed when unrandom.c is compiled on its own.

Change-Id: Ia46e06d267c097e5fa0296092a7270a4cd0b2044
Reviewed-on: https://boringssl-review.googlesource.com/16085
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-09 17:41:17 +00:00
Adam Langley
e838cfb51f Add a way to break one of the KAT tests.
This is required by FIPS testing.

Change-Id: Ia399a0bf3d03182499c0565278a3713cebe771e3
Reviewed-on: https://boringssl-review.googlesource.com/16044
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-09 16:48:37 +00:00
Matthew Braithwaite
95511e9842 generate_build_files: omit tests from fips_fragments.
This enforces the invariant "fips_fragments are the C sources that
make up bcm.c."

Change-Id: I3a29c5203eb2e1547cc069617183d5fd570b3de8
Reviewed-on: https://boringssl-review.googlesource.com/16064
Reviewed-by: Adam Langley <agl@google.com>
2017-05-08 23:49:44 +00:00
David Benjamin
0d5b886ef8 Switch BN_generate_dsa_nonce's hash back to SHA-512/256.
SHA-512 is faster to calculate on 64-bit systems and that's what we were
using before. (Though, realistically, this doesn't show up at all.)

Change-Id: Id4f386ca0b5645a863b36405eef03bc62d0f29b3
Reviewed-on: https://boringssl-review.googlesource.com/16006
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-08 22:00:48 +00:00
David Benjamin
4d1f4ba08d Timeout the shim on Accept and Wait.
https://build.chromium.org/p/client.boringssl/builders/linux_fips_rel/builds/115
appears to have failed because we were hanging on Accept() forever.
Impose a timeout on that and waiting for the process to return so we at
least can see what stdout/stderr was received so far.

Change-Id: Ief7f7759d02a3fbfc504d2f214b742672b0fe9e6
Reviewed-on: https://boringssl-review.googlesource.com/16005
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-08 20:42:20 +00:00
Adam Langley
4c7b3bfd73 Switch integrity hash to SHA-512.
SHA-512 is faster to calculate on 64-bit systems and we're only
targetting 64-bit systems with FIPS.

Change-Id: I5e9b8419ad4ddc72ec682c4193ffb17975d228e5
Reviewed-on: https://boringssl-review.googlesource.com/16025
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-08 20:36:20 +00:00
Adam Langley
238148a8f6 Don't indicate FIPS mode when built with ASAN.
ASAN prevents the integrity test from running, so don't indicate FIPS
mode in that case.

Change-Id: I14c79e733e53ef16f164132bc1fded871ce3f133
Reviewed-on: https://boringssl-review.googlesource.com/16024
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-08 19:51:14 +00:00
Adam Langley
c0485d67f4 Teach delocate.go to handle loading function pointers into XMM registers.
Sadly, LEA cannot target XMM registers.

Change-Id: I5f4245b5df1625ba3ea7ebf7ccf6dcceb9dab1d9
Reviewed-on: https://boringssl-review.googlesource.com/15988
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-08 17:26:20 +00:00
David Benjamin
c862c31f4c perlasm/x86_64-xlate.pl: work around problem with hex constants in masm.
Perl, multiple versions, for some reason occasionally takes issue with
letter b[?] in ox([0-9a-f]+) regex. As result some constants, such as
0xb1 came out wrong when generating code for MASM. Fixes upstream
GH#3241.

(Imported from upstream's c47aea8af1e28e46e1ad5e2e7468b49fec3f4f29.)

This does not affect of the configurations we generate and is imported
to avoid a diff against upstream.

Change-Id: Iacde0ca5220c3607681fad081fbe72d8d613518f
Reviewed-on: https://boringssl-review.googlesource.com/15985
Reviewed-by: Adam Langley <agl@google.com>
2017-05-05 23:10:56 +00:00
David Benjamin
4323e22793 Tidy up FIPS module dependencies.
This avoids depending the FIPS module on crypto/bytestring and moves
ECDSA_SIG_{new,free} into the module.

Change-Id: I7b45ef07f1140873a0da300501141b6ae272a5d9
Reviewed-on: https://boringssl-review.googlesource.com/15984
Reviewed-by: Adam Langley <agl@google.com>
2017-05-05 23:10:24 +00:00
David Benjamin
e34eaa6409 Remove old masm workaround.
This dates to ded93581f1, but we have
since switched to building with nasm, to match upstream's supported
assemblers. Since this doesn't affect anything we generate, remove the
workaround to reduce the diff against upstream.

Change-Id: I549ae97ad6d6f28836f6c9d54dcf51c518de7521
Reviewed-on: https://boringssl-review.googlesource.com/15986
Reviewed-by: Adam Langley <agl@google.com>
2017-05-05 23:07:47 +00:00
Matthew Braithwaite
45dd8a04f5 Add missing #includes of delocate.h.
Change-Id: I48adda9909ded195005c4f8277f153d4dbd2bfec
Reviewed-on: https://boringssl-review.googlesource.com/15987
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-05 22:41:30 +00:00
Adam Langley
2e2a226ac9 Move cipher/ into crypto/fipsmodule/
Change-Id: Id65e0988534056a72d9b40cc9ba5194e2d9b8a7c
Reviewed-on: https://boringssl-review.googlesource.com/15904
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-05 22:39:40 +00:00
Adam Langley
4249481a66 Add EVP_AEAD_CTX_[new|free] and UniquePtr support.
EVP_AEAD_CTX is otherwise a pain to use from C++ when you need to keep
it around.

Change-Id: I1dff926b33a3246680be21b89b69dfb336d25cd5
Reviewed-on: https://boringssl-review.googlesource.com/15965
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-05 21:29:44 +00:00
Michael Ryleev
a90044a463 Bypass building fipsmodule/rand/urandom.c when builing for Trusty
Change-Id: Icf1d6ec9d3fb33a124a9f61c75d29248a2582680
Reviewed-on: https://boringssl-review.googlesource.com/15964
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-05 17:21:23 +00:00
Adam Langley
b0521e38d2 Add AES-GCM-SIV assembly.
Nearly all of the assembly code was written by Shay and is submitted
under the CLA.

Change-Id: Ia70952d4ba2713ccc5e96a0952c22e5400c90f3a
Reviewed-on: https://boringssl-review.googlesource.com/15649
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-04 22:27:07 +00:00
Martin Kreichgauer
bf21849e3d fipsoracle: Remove fax sample verification baked into test suites. This is covered by run_cavp.go.
Change-Id: If2514337bc444ec68e0f4ffeecb85e47b1ed9c09
Reviewed-on: https://boringssl-review.googlesource.com/15906
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-04 22:10:37 +00:00
Adam Langley
96dec443d9 Move rsa/ to fipsmodule/rsa/
Change-Id: Id20d371ae7a88a91aaba7a9e23574eccb9caeb3c
Reviewed-on: https://boringssl-review.googlesource.com/15849
Reviewed-by: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-04 21:22:39 +00:00
Adam Langley
aacb72c1b7 Move ec/ and ecdsa/ into fipsmodule/
The names in the P-224 code collided with the P-256 code and thus many
of the functions and constants in the P-224 code have been prefixed.

Change-Id: I6bcd304640c539d0483d129d5eaf1702894929a8
Reviewed-on: https://boringssl-review.googlesource.com/15847
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-04 20:27:23 +00:00
Steven Valdez
ac52908e59 Fix RSA KeyGen CAVP test padding.
Change-Id: I13119c99a7e7542dd66d4c294a1881138c7ab7bd
Reviewed-on: https://boringssl-review.googlesource.com/15925
Reviewed-by: Adam Langley <agl@google.com>
2017-05-04 19:21:04 +00:00
David Benjamin
61ae41f198 Use a minimal totient when generating RSA keys.
FIPS 186-4 wants d = e^-1 (mod lcm(p-1, q-1)), not (p-1)*(q-1).

Note this means the size of d might reveal information about p-1 and
q-1. However, we do operations with Chinese Remainder Theorem, so we
only use d (mod p-1) and d (mod q-1) as exponents. Using a minimal
totient does not affect those two values.

This removes RSA_recover_crt_params. Using a minimal d breaks (or rather
reveals an existing bug in) the function.

While I'm here, rename those ridiculous variable names.

Change-Id: Iaf623271d49cd664ba0eca24aa25a393f5666fac
Reviewed-on: https://boringssl-review.googlesource.com/15944
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-04 19:16:48 +00:00
Steven Valdez
a3d9c39c06 Fix ECDSA KeyPair CAVP test.
Change-Id: Id65e8b4765be735d693dd0e749aa9a7ac4de178e
Reviewed-on: https://boringssl-review.googlesource.com/15924
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-04 14:51:30 +00:00
Adam Langley
02690f7583 Run CAVP tests in parallel.
Change-Id: I11810afab77469e3a346954085b3b4db1ef9ed14
Reviewed-on: https://boringssl-review.googlesource.com/15905
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2017-05-03 23:52:28 +00:00
Martin Kreichgauer
ddfcc6a60b fipsoracle: Combine all test oracles into a single binary.
Change-Id: If53f88135976e5f8f113c0e68bd880e378c98fd9
Reviewed-on: https://boringssl-review.googlesource.com/15885
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2017-05-03 23:36:37 +00:00
Adam Langley
148ea89bbf Two tweaks to CAVP outputs to conform to NIST's expectations.
Response files should have a “.rsp” suffix, and a magic header is needed
in the CTR-DRBG output.

Change-Id: I5dce7929e872cec394e70d3495d76b589e27dd4a
Reviewed-on: https://boringssl-review.googlesource.com/15884
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-03 20:40:49 +00:00
David Benjamin
616c4c26e0 Fix make_errors.go.
It needs to be taught about modules that are split in two.

Change-Id: Icbf32450eeba2255f40f37c72f1b569a0ebd3a96
Reviewed-on: https://boringssl-review.googlesource.com/15865
Reviewed-by: Adam Langley <agl@google.com>
2017-05-03 20:02:21 +00:00
David Benjamin
073391f7d6 Detach encrypt and keygen hooks from RSA_METHOD.
Nothing is using them. For encrypt, there's generally no need to swap
out public key operations. keygen seems especially pointless as one
could just as easily call the other function directly.

The one behavior change is RSA_encrypt now gracefully detects if called
on an empty RSA, to match the other un-RSA_METHOD-ed functions which had
similar treatments. (Conscrypt was filling in the encrypt function
purely to provide a non-crashing no-op function. They leave the public
bits blank and pass their custom keys through sufficiently many layers
of Java crypto goo that it's not obvious whether this is reachable.)

We still can't take the function pointers out, but once
96bbe03dfd
trickles back into everything, we can finally prune RSA_METHOD.

Bump BORINGSSL_API_VERSION as a convenience so I can land the
corresponding removal in Conscrypt immediately.

Change-Id: Ia2ef4780a5dfcb869b224e1ff632daab8d378b2e
Reviewed-on: https://boringssl-review.googlesource.com/15864
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-03 19:15:47 +00:00
Martin Kreichgauer
be5c67d4b1 fipsoracle: Add AES KeyWrap test.
Change-Id: Ia67616674e4ccda66ff1a5627393b703a5f9cfe3
Reviewed-on: https://boringssl-review.googlesource.com/15848
Reviewed-by: Adam Langley <agl@google.com>
2017-05-03 18:54:49 +00:00
Steven Valdez
9b7228c544 Adding RSA2 KeyGen CAVP tests.
Change-Id: I11eecf6dc50b95477fc1e909d9ed97987899abcb
Reviewed-on: https://boringssl-review.googlesource.com/15833
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-03 17:35:45 +00:00
David Benjamin
2d933590cf Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAME
(Imported from upstream's 16d78fbc2a6804453824752110737ab7b7f04ea8.)

Change-Id: I6b5ae3b9bf457d6555fa1583bcd7c168b5fc8310
Reviewed-on: https://boringssl-review.googlesource.com/15836
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-03 17:18:27 +00:00
David Benjamin
c0ae51dfe4 Fix URL links in comment
(Imported from upstream's 54538204d870b97c751d13efeefa876bd792a44b.)

Change-Id: If9967b67a74ab7dea175e97ea8bda195c3cd0478
Reviewed-on: https://boringssl-review.googlesource.com/15835
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-03 17:17:48 +00:00
David Benjamin
9afa7bc92c Fix time offset calculation.
ASN1_GENERALIZEDTIME and ASN1_UTCTIME may be specified using offsets,
even though that's not supported within certificates. [davidben: This
commit message seems off as crypto/x509 does not reject them. It merely
has a comment telling you that it's doing it wrong.]

To convert the offset time back to GMT, the offsets are supposed to be
subtracted, not added. e.g. 1759-0500 == 2359+0100 == 2259Z.

(Imported from upstream's d2335f30970ed3edc1c7c11700ab7f34396cf086.)

Change-Id: Id0d4c5b650e77db3b04b15e66b069807f6f31266
Reviewed-on: https://boringssl-review.googlesource.com/15834
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-03 16:23:16 +00:00
Adam Langley
e5adaef980 Put spaces between arguments of failed tests.
When a test fails, there should be spaces between the argv of the failed
command line.

Change-Id: I5c168a919c1615df34a0eab63a7232453168adb3
Reviewed-on: https://boringssl-review.googlesource.com/15846
Reviewed-by: David Benjamin <davidben@google.com>
2017-05-02 22:13:30 +00:00
Adam Langley
73eb3a9d22 Undefine some macros in bn/
I forgot to scrub these files when they moved and their macros are
currently leaking into other files. This isn't a problem, but does
prevent ec/ code from being moved into the module at the moment.

Change-Id: I5433fb043e90a03ae3dc5c38cb3a69563aada007
Reviewed-on: https://boringssl-review.googlesource.com/15845
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-02 22:11:50 +00:00
Martin Kreichgauer
6dd055d2eb fipsoracle: Add MCT mode for TDES.
Change-Id: I0dafd669a6d4e435d7597c0db26ef467e4beef0d
Reviewed-on: https://boringssl-review.googlesource.com/15805
Reviewed-by: Adam Langley <agl@google.com>
2017-05-02 22:09:32 +00:00
David Benjamin
5eb75e211e Shush some uninitialized variable warnings.
We seem to have tweaked some inlining one way or another and confused
the compiler's uninitialized value warning.

https://build.chromium.org/p/client.boringssl/builders/android_aarch64_rel/builds/1010/steps/ninja/logs/stdio

Change-Id: I0115da889eb7fffedaa4bd7ecc896f5b68215d68
Reviewed-on: https://boringssl-review.googlesource.com/15832
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-02 21:28:23 +00:00
David Benjamin
ca62bee964 Don't emit a redirector for OPENSSL_ia32cap_get.
Another synthesized function which may be referenced directly.

Change-Id: Ic75fe66ce7244246a2d4a707b6a5fee24cac6941
Reviewed-on: https://boringssl-review.googlesource.com/15831
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-02 21:23:23 +00:00
David Benjamin
fa839dcac0 Don't depend on crypto/bytestring for ECDSA self-tests.
This will let us keep CBS/CBB out of the module. It also makes the PWCT
actually use a hard-coded public key since kEC was using the
private-key-only serialization.

Change-Id: I3769fa26fc789c4797a56534df73f810cf5441c4
Reviewed-on: https://boringssl-review.googlesource.com/15830
Reviewed-by: Adam Langley <agl@google.com>
2017-05-02 21:09:51 +00:00
David Benjamin
09ffa773dd Don't depend on crypto/bytestring for RSA self-tests.
This will let us keep CBS/CBB out of the module.

Change-Id: I780de0fa2c102cf27eee2cc242ee23740fbc16ce
Reviewed-on: https://boringssl-review.googlesource.com/15829
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-02 21:09:03 +00:00
David Benjamin
83a9a264be Check RSA2 SigVer* files.
The FAX files include extra junk, so we need to strip them out of the
file.

Change-Id: Ib5762a20696a0ca6a847dcc56afa6ea27b02a5cc
Reviewed-on: https://boringssl-review.googlesource.com/15828
Reviewed-by: Adam Langley <agl@google.com>
2017-05-02 21:07:31 +00:00
David Benjamin
8209a7c535 Add RSA-PSS to RSA2 Sig{Gen,Ver} drivers.
Change-Id: Iba3392fe77010688ecc2bb87f59d4aa7a25ce685
Reviewed-on: https://boringssl-review.googlesource.com/15827
Reviewed-by: Adam Langley <agl@google.com>
2017-05-02 21:05:15 +00:00
David Benjamin
2baccac82f Tidy up pkey_rsa_verify_recover.
RSA_verify_raw is the same as RSA_public_decrypt and fits the calling
convention better. This also avoids the extra copy.

Change-Id: Ib7e3152af26872440290a289f178c9a1d9bc673f
Reviewed-on: https://boringssl-review.googlesource.com/15826
Reviewed-by: Adam Langley <agl@google.com>
2017-05-02 20:32:37 +00:00
David Benjamin
79d18bc4dd Add crypto/rsa-level RSA-PSS functions.
This allows us to implement RSA-PSS in the FIPS module without pulling
in EVP_PKEY. It also allows people to use RSA-PSS on an RSA*.
Empirically folks seem to use the low-level padding functions a lot,
which is unfortunate.

This allows us to remove a now redundant length check in p_rsa.c.

Change-Id: I5270e01c6999d462d378865db2b858103c335485
Reviewed-on: https://boringssl-review.googlesource.com/15825
Reviewed-by: Adam Langley <agl@google.com>
2017-05-02 20:30:24 +00:00
David Benjamin
05821b0ee3 Consistently check length in RSA_add_pkcs1_prefix.
We check the length for MD5+SHA1 but not the normal cases. Instead,
EVP_PKEY_sign externally checks the length (largely because the silly
RSA-PSS padding function forces it). We especially should be checking
the length for these because otherwise the prefix built into the ASN.1
prefix is wrong.

The primary motivation is to avoid putting EVP_PKEY inside the FIPS
module. This means all logic for supported algorithms should live in
crypto/rsa.

This requires fixing up the verify_recover logic and some tests,
including bcm.c's KAT bits.

(evp_tests.txt is now this odd mixture of EVP-level and RSA-level error
codes. A follow-up change will add new APIs for RSA-PSS which will allow
p_rsa.c to be trimmed down and make things consistent.)

Change-Id: I29158e9695b28e8632b06b449234a5dded35c3e7
Reviewed-on: https://boringssl-review.googlesource.com/15824
Reviewed-by: Adam Langley <agl@google.com>
2017-05-02 20:29:47 +00:00
Adam Langley
8a3a2a99b2 Move des/ to crypto/fipsmodule/
Change-Id: I167b7045c537d95294d387936f3d7bad530e1c6f
Reviewed-on: https://boringssl-review.googlesource.com/15844
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-02 19:21:02 +00:00
Steven Valdez
d1c89cd7e9 Adding RSA2 PKCS15 CAVP tests.
Change-Id: I7ee611484b576a2195405ee47c29af7168b9556e
Reviewed-on: https://boringssl-review.googlesource.com/15804
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-02 18:46:23 +00:00
David Benjamin
8ee0d14795 Fix comment typo.
Thanks to Alex Gaynor for catching this.

Change-Id: I00e86f90a6ecb845393c0f4f9f8177a053645e70
Reviewed-on: https://boringssl-review.googlesource.com/15784
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-02 14:07:33 +00:00
Martin Kreichgauer
2b2676f698 fipsoracle: Add cavp_tdes_test (KAT mode only).
Change-Id: I560051d554760feab8b432de429ccbef7bc19c0a
Reviewed-on: https://boringssl-review.googlesource.com/15684
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-01 22:58:35 +00:00