diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2018-07-05 09:28:51 +1000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-03-12 12:00:52 +0000 |
commit | 8240d5fa6535fb20e24fbe7eadbb3d6452a8d305 (patch) | |
tree | 3e785e20a83324c8dab559a5e3da6d533bb82f33 /crypto/rsa/rsa_chk.c | |
parent | d1229190bfbb19439589557e4d65f9bccab09b2d (diff) | |
download | openssl-new-8240d5fa6535fb20e24fbe7eadbb3d6452a8d305.tar.gz |
FIPS 186-4 RSA Generation & Validation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6652)
Diffstat (limited to 'crypto/rsa/rsa_chk.c')
-rw-r--r-- | crypto/rsa/rsa_chk.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c index 805f998ff2..4f65dfa64b 100644 --- a/crypto/rsa/rsa_chk.c +++ b/crypto/rsa/rsa_chk.c @@ -16,8 +16,21 @@ int RSA_check_key(const RSA *key) return RSA_check_key_ex(key, NULL); } +/* + * NOTE: Key validation requires separate checks to be able to be accessed + * individually. These should be visible from the PKEY API.. + * See rsa_sp800_56b_check_public, rsa_sp800_56b_check_private and + * rsa_sp800_56b_check_keypair. + */ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) { +#ifdef FIPS_MODE + if (!(rsa_sp800_56b_check_public(key) + && rsa_sp800_56b_check_private(key) + && rsa_sp800_56b_check_keypair(key, NULL, -1, RSA_bits(key)) + return 0; + +#else BIGNUM *i, *j, *k, *l, *m; BN_CTX *ctx; int ret = 1, ex_primes = 0, idx; @@ -225,4 +238,5 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) BN_free(m); BN_CTX_free(ctx); return ret; +#endif /* FIPS_MODE */ } |