Ensure method flags are compatible with FIPS mode OpenSSL (#46)

+ Copy flags from base methods for RSA and EVP methods + Specify the normally unused FIPS flags for ciphers and digests
2022-05-03 18:57:57 +01:00 · 2022-05-03 18:57:57 +01:00 · 055d83b469
--- a/SymCryptEngine/src/scossl.c
+++ b/SymCryptEngine/src/scossl.c
@ -60,8 +60,8 @@ static SCOSSL_STATUS scossl_bind_engine(ENGINE* e)
        scossl_module_initialized = 1;
    }

+    scossl_rsa_method = RSA_meth_dup(RSA_PKCS1_OpenSSL());
    scossl_eckey_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL());
-    scossl_rsa_method = RSA_meth_new("SCOSSL (SymCrypt engine for OpenSSL) RSA Method", 0);
    // scossl_dsa_method = DSA_meth_dup(DSA_OpenSSL());
    scossl_dh_method = DH_meth_dup(DH_OpenSSL());

@ -76,6 +76,7 @@ static SCOSSL_STATUS scossl_bind_engine(ENGINE* e)

    /* Setup RSA_METHOD */
    if( (scossl_rsa_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, NULL)) == -1
+        || !RSA_meth_set1_name(scossl_rsa_method, "SCOSSL (SymCrypt engine for OpenSSL) RSA Method")
        || !RSA_meth_set_pub_enc(scossl_rsa_method, scossl_rsa_pub_enc)
        || !RSA_meth_set_priv_dec(scossl_rsa_method, scossl_rsa_priv_dec)
        || !RSA_meth_set_priv_enc(scossl_rsa_method, scossl_rsa_priv_enc)
@ -92,12 +93,12 @@ static SCOSSL_STATUS scossl_bind_engine(ENGINE* e)
        goto end;
    }

-    if( (scossl_eckey_idx = EC_KEY_get_ex_new_index(0, NULL, NULL, NULL, NULL)) == -1)
+    /* Setup EC_METHOD */
+    if( (scossl_eckey_idx = EC_KEY_get_ex_new_index(0, NULL, NULL, NULL, NULL)) == -1 )
    {
        goto end;
    }

-    /* Setup EC_METHOD */
    EC_KEY_METHOD_set_init(scossl_eckey_method,
                           NULL, // eckey_init - lazily initialize ex_data only when the engine needs to
                           scossl_eckey_finish,
@ -128,13 +129,10 @@ static SCOSSL_STATUS scossl_bind_engine(ENGINE* e)
    //     goto end;
    // }

-    if( (scossl_dh_idx = DH_get_ex_new_index(0, NULL, NULL, NULL, NULL)) == -1)
-    {
-        goto end;
-    }
-
    // /* Setup DH METHOD */
-    if (   !DH_meth_set_generate_key(scossl_dh_method, scossl_dh_generate_key)
+    if (   (scossl_dh_idx = DH_get_ex_new_index(0, NULL, NULL, NULL, NULL)) == -1
+        || !DH_meth_set1_name(scossl_dh_method, "SCOSSL (SymCrypt engine for OpenSSL) DH Method")
+        || !DH_meth_set_generate_key(scossl_dh_method, scossl_dh_generate_key)
        || !DH_meth_set_compute_key(scossl_dh_method, scossl_dh_compute_key)
        || !DH_meth_set_finish(scossl_dh_method, scossl_dh_finish)
        )
--- a/SymCryptEngine/src/scossl_ciphers.c
+++ b/SymCryptEngine/src/scossl_ciphers.c
@ -144,7 +144,7 @@ SCOSSL_STATUS scossl_aes_cbc_cipher(
    _Inout_ EVP_CIPHER_CTX *ctx, _Out_ unsigned char *out, _In_reads_bytes_(inl) const unsigned char *in, size_t inl);
 static SCOSSL_STATUS scossl_aes_cbc_ctrl(_In_ EVP_CIPHER_CTX *ctx, int type, int arg, _Inout_ void *ptr);
 #define AES_CBC_FLAGS    (EVP_CIPH_FLAG_DEFAULT_ASN1|EVP_CIPH_CBC_MODE|EVP_CIPH_CUSTOM_COPY \
-                         |EVP_CIPH_ALWAYS_CALL_INIT)
+                         |EVP_CIPH_ALWAYS_CALL_INIT|EVP_CIPH_FLAG_FIPS)

 /* AES128 - CBC */
 static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
@ -205,7 +205,8 @@ SCOSSL_STATUS scossl_aes_ecb_init_key(
 SCOSSL_STATUS scossl_aes_ecb_cipher(
    _Inout_ EVP_CIPHER_CTX *ctx, _Out_ unsigned char *out, _In_reads_bytes_(inl) const unsigned char *in, size_t inl);
 static SCOSSL_STATUS scossl_aes_ecb_ctrl(_In_ EVP_CIPHER_CTX *ctx, int type, int arg, _Inout_ void *ptr);
-#define AES_ECB_FLAGS    (EVP_CIPH_FLAG_DEFAULT_ASN1|EVP_CIPH_ECB_MODE|EVP_CIPH_CUSTOM_COPY)
+#define AES_ECB_FLAGS    (EVP_CIPH_FLAG_DEFAULT_ASN1|EVP_CIPH_ECB_MODE|EVP_CIPH_CUSTOM_COPY \
+                         |EVP_CIPH_FLAG_FIPS)

 /* AES128 - ecb */
 static EVP_CIPHER *_hidden_aes_128_ecb = NULL;
@ -313,7 +314,8 @@ SCOSSL_RETURNLENGTH scossl_aes_gcm_cipher(
 static _Success_(return > 0) int scossl_aes_gcm_ctrl(_Inout_ EVP_CIPHER_CTX *ctx, int type, int arg, _Inout_ void *ptr);
 #define AES_GCM_FLAGS   (EVP_CIPH_FLAG_DEFAULT_ASN1|EVP_CIPH_GCM_MODE|EVP_CIPH_CUSTOM_COPY \
                        |EVP_CIPH_CUSTOM_IV|EVP_CIPH_CUSTOM_IV_LENGTH|EVP_CIPH_FLAG_CUSTOM_CIPHER \
-                        |EVP_CIPH_ALWAYS_CALL_INIT|EVP_CIPH_CTRL_INIT|EVP_CIPH_FLAG_AEAD_CIPHER)
+                        |EVP_CIPH_ALWAYS_CALL_INIT|EVP_CIPH_CTRL_INIT|EVP_CIPH_FLAG_AEAD_CIPHER \
+                        |EVP_CIPH_FLAG_FIPS)

 /* AES128 - GCM */
 static EVP_CIPHER *_hidden_aes_128_gcm = NULL;
@ -373,7 +375,8 @@ SCOSSL_RETURNLENGTH scossl_aes_ccm_cipher(
 static _Success_(return > 0) int scossl_aes_ccm_ctrl(_Inout_ EVP_CIPHER_CTX *ctx, int type, int arg, _Inout_ void *ptr);
 #define AES_CCM_FLAGS   (EVP_CIPH_FLAG_DEFAULT_ASN1|EVP_CIPH_CCM_MODE|EVP_CIPH_CUSTOM_COPY \
                        |EVP_CIPH_CUSTOM_IV|EVP_CIPH_CUSTOM_IV_LENGTH|EVP_CIPH_FLAG_CUSTOM_CIPHER \
-                        |EVP_CIPH_ALWAYS_CALL_INIT|EVP_CIPH_CTRL_INIT|EVP_CIPH_FLAG_AEAD_CIPHER)
+                        |EVP_CIPH_ALWAYS_CALL_INIT|EVP_CIPH_CTRL_INIT|EVP_CIPH_FLAG_AEAD_CIPHER \
+                        |EVP_CIPH_FLAG_FIPS )

 /* AES128 - CCM */
 static EVP_CIPHER *_hidden_aes_128_ccm = NULL;
--- a/SymCryptEngine/src/scossl_digests.c
+++ b/SymCryptEngine/src/scossl_digests.c
@ -53,7 +53,7 @@ static const EVP_MD *scossl_digest_sha1(void)
        || !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH)
        || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK)
        || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md, sizeof(SYMCRYPT_SHA1_STATE))
-        || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT)
+        || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS)
        || !EVP_MD_meth_set_init(_hidden_sha1_md, scossl_digest_sha1_init)
        || !EVP_MD_meth_set_update(_hidden_sha1_md, scossl_digest_sha1_update)
        || !EVP_MD_meth_set_final(_hidden_sha1_md, scossl_digest_sha1_final)
@ -78,7 +78,7 @@ static const EVP_MD *scossl_digest_sha256(void)
        || !EVP_MD_meth_set_result_size(_hidden_sha256_md, SHA256_DIGEST_LENGTH)
        || !EVP_MD_meth_set_input_blocksize(_hidden_sha256_md, SHA256_CBLOCK)
        || !EVP_MD_meth_set_app_datasize(_hidden_sha256_md, sizeof(SYMCRYPT_SHA256_STATE))
-        || !EVP_MD_meth_set_flags(_hidden_sha256_md, EVP_MD_FLAG_DIGALGID_ABSENT)
+        || !EVP_MD_meth_set_flags(_hidden_sha256_md, EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS)
        || !EVP_MD_meth_set_init(_hidden_sha256_md, scossl_digest_sha256_init)
        || !EVP_MD_meth_set_update(_hidden_sha256_md, scossl_digest_sha256_update)
        || !EVP_MD_meth_set_final(_hidden_sha256_md, scossl_digest_sha256_final)
@ -103,7 +103,7 @@ static const EVP_MD *scossl_digest_sha384(void)
        || !EVP_MD_meth_set_result_size(_hidden_sha384_md, SHA384_DIGEST_LENGTH)
        || !EVP_MD_meth_set_input_blocksize(_hidden_sha384_md, SHA512_CBLOCK)
        || !EVP_MD_meth_set_app_datasize(_hidden_sha384_md, sizeof(SYMCRYPT_SHA384_STATE))
-        || !EVP_MD_meth_set_flags(_hidden_sha384_md, EVP_MD_FLAG_DIGALGID_ABSENT)
+        || !EVP_MD_meth_set_flags(_hidden_sha384_md, EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS)
        || !EVP_MD_meth_set_init(_hidden_sha384_md, scossl_digest_sha384_init)
        || !EVP_MD_meth_set_update(_hidden_sha384_md, scossl_digest_sha384_update)
        || !EVP_MD_meth_set_final(_hidden_sha384_md, scossl_digest_sha384_final)
@ -128,7 +128,7 @@ static const EVP_MD *scossl_digest_sha512(void)
        || !EVP_MD_meth_set_result_size(_hidden_sha512_md, SHA512_DIGEST_LENGTH)
        || !EVP_MD_meth_set_input_blocksize(_hidden_sha512_md, SHA512_CBLOCK)
        || !EVP_MD_meth_set_app_datasize(_hidden_sha512_md, sizeof(SYMCRYPT_SHA512_STATE))
-        || !EVP_MD_meth_set_flags(_hidden_sha512_md, EVP_MD_FLAG_DIGALGID_ABSENT)
+        || !EVP_MD_meth_set_flags(_hidden_sha512_md, EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS)
        || !EVP_MD_meth_set_init(_hidden_sha512_md, scossl_digest_sha512_init)
        || !EVP_MD_meth_set_update(_hidden_sha512_md, scossl_digest_sha512_update)
        || !EVP_MD_meth_set_final(_hidden_sha512_md, scossl_digest_sha512_final)
--- a/SymCryptEngine/src/scossl_pkey_meths.c
+++ b/SymCryptEngine/src/scossl_pkey_meths.c
@ -158,8 +158,11 @@ static EVP_PKEY_METHOD *scossl_pkey_tls1_prf(void)
 {
    int (*pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2) = NULL;
    int (*pctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value) = NULL;
+    int flags = 0;

-    if((_scossl_pkey_tls1_prf = EVP_PKEY_meth_new(EVP_PKEY_TLS1_PRF, 0)) != NULL)
+    EVP_PKEY_meth_get0_info( NULL, &flags, _openssl_pkey_tls1_prf );
+
+    if((_scossl_pkey_tls1_prf = EVP_PKEY_meth_new(EVP_PKEY_TLS1_PRF, flags)) != NULL)
    {
        // Use the default ctrl_str implementation, internally calls our ctrl method
        EVP_PKEY_meth_get_ctrl(_openssl_pkey_tls1_prf, &pctrl, &pctrl_str);
@ -180,8 +183,11 @@ static EVP_PKEY_METHOD *scossl_pkey_hkdf(void)
 {
    int (*pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2) = NULL;
    int (*pctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value) = NULL;
+    int flags = 0;

-    if((_scossl_pkey_hkdf = EVP_PKEY_meth_new(EVP_PKEY_HKDF, 0)) != NULL)
+    EVP_PKEY_meth_get0_info( NULL, &flags, _openssl_pkey_hkdf );
+
+    if((_scossl_pkey_hkdf = EVP_PKEY_meth_new(EVP_PKEY_HKDF, flags)) != NULL)
    {
        // Use the default ctrl_str implementation, internally calls our ctrl method
        EVP_PKEY_meth_get_ctrl(_openssl_pkey_hkdf, &pctrl, &pctrl_str);