First part of the FIPS module.

Change-Id: Ic3a91ccd2c8cdc364740f256fdb8a7ff66177947
Reviewed-on: https://boringssl-review.googlesource.com/14506
Reviewed-by: Adam Langley <[email protected]>
Commit-Queue: Adam Langley <[email protected]>

Author: agl

CMakeLists.txt

@@ -236,6 +236,10 @@ if (OPENSSL_NO_ASM)
   set(ARCH "generic")
 endif()
 
+if(FIPS)
+  add_definitions(-DBORINGSSL_FIPS)
+endif()
+
 # Add minimal googletest targets. The provided one has many side-effects, and
 # googletest has a very straightforward build.
 add_library(gtest third_party/googletest/src/gtest-all.cc)

crypto/CMakeLists.txt

@@ -67,9 +67,6 @@ add_subdirectory(bytestring)
 add_subdirectory(pool)
 
 # Level 0.2 - depends on nothing but itself
-add_subdirectory(sha)
-add_subdirectory(md4)
-add_subdirectory(md5)
 add_subdirectory(modes)
 add_subdirectory(aes)
 add_subdirectory(des)
@@ -80,7 +77,7 @@ add_subdirectory(poly1305)
 add_subdirectory(curve25519)
 
 # Level 1, depends only on 0.*
-add_subdirectory(digest)
+add_subdirectory(digest_extra)
 add_subdirectory(cipher)
 add_subdirectory(rand)
 add_subdirectory(bio)
@@ -96,7 +93,7 @@ add_subdirectory(rsa)
 add_subdirectory(ec)
 add_subdirectory(ecdh)
 add_subdirectory(ecdsa)
-add_subdirectory(hmac)
+add_subdirectory(hmac_extra)
 
 # Level 3
 add_subdirectory(cmac)
@@ -112,8 +109,12 @@ add_subdirectory(pkcs8)
 # Test support code
 add_subdirectory(test)
 
+add_subdirectory(fipsmodule)
+
 add_library(
-  crypto
+  crypto_base
+
+  OBJECT
 
   cpu-aarch64-linux.c
   cpu-arm.c
@@ -129,17 +130,31 @@ add_library(
   thread_none.c
   thread_pthread.c
   thread_win.c
+)
+
+if(FIPS)
+  SET_SOURCE_FILES_PROPERTIES(fipsmodule/bcm.o PROPERTIES EXTERNAL_OBJECT true)
+  SET_SOURCE_FILES_PROPERTIES(fipsmodule/bcm.o PROPERTIES GENERATED true)
+
+  set(
+    CRYPTO_FIPS_OBJECTS
+
+    fipsmodule/bcm.o
+  )
+endif()
+
+add_library(
+  crypto
 
+  $<TARGET_OBJECTS:crypto_base>
   $<TARGET_OBJECTS:stack>
   $<TARGET_OBJECTS:lhash>
   $<TARGET_OBJECTS:err>
   $<TARGET_OBJECTS:base64>
   $<TARGET_OBJECTS:bytestring>
   $<TARGET_OBJECTS:pool>
-  $<TARGET_OBJECTS:sha>
-  $<TARGET_OBJECTS:md4>
-  $<TARGET_OBJECTS:md5>
-  $<TARGET_OBJECTS:digest>
+  $<TARGET_OBJECTS:fipsmodule>
+  $<TARGET_OBJECTS:digest_extra>
   $<TARGET_OBJECTS:cipher>
   $<TARGET_OBJECTS:modes>
   $<TARGET_OBJECTS:aes>
@@ -162,16 +177,23 @@ add_library(
   $<TARGET_OBJECTS:ec>
   $<TARGET_OBJECTS:ecdh>
   $<TARGET_OBJECTS:ecdsa>
-  $<TARGET_OBJECTS:hmac>
   $<TARGET_OBJECTS:cmac>
   $<TARGET_OBJECTS:evp>
   $<TARGET_OBJECTS:hkdf>
   $<TARGET_OBJECTS:pem>
   $<TARGET_OBJECTS:x509>
   $<TARGET_OBJECTS:x509v3>
   $<TARGET_OBJECTS:pkcs8_lib>
+
+  ${CRYPTO_FIPS_OBJECTS}
 )
 
+if(FIPS)
+  add_dependencies(crypto bcm_o_target)
+endif()
+
+SET_TARGET_PROPERTIES(crypto PROPERTIES LINKER_LANGUAGE C)
+
 if(NOT MSVC AND NOT ANDROID)
   target_link_libraries(crypto pthread)
 endif()

crypto/crypto.c

@@ -93,6 +93,11 @@ uint32_t OPENSSL_armcap_P = 0;
 
 #endif
 
+#if defined(BORINGSSL_FIPS)
+/* In FIPS mode, the power-on self-test function calls |CRYPTO_library_init|
+ * because we have to ensure that CPUID detection occurs first. */
+#define BORINGSSL_NO_STATIC_INITIALIZER
+#endif
 
 #if defined(OPENSSL_WINDOWS) && !defined(BORINGSSL_NO_STATIC_INITIALIZER)
 #define OPENSSL_CDECL __cdecl
@@ -166,5 +171,3 @@ int ENGINE_register_all_complete(void) {
 }
 
 void OPENSSL_load_builtin_modules(void) {}
-
-int FIPS_mode(void) { return 0; }

crypto/digest/CMakeLists.txt crypto/digest_extra/CMakeLists.txt

@@ -1,12 +1,11 @@
 include_directories(../../include)
 
 add_library(
-  digest
+  digest_extra
 
   OBJECT
 
-  digest.c
-  digests.c
+  digest_extra.c
 )
 
 add_executable(

crypto/digest/digests.c crypto/digest_extra/digest_extra.c

@@ -56,206 +56,15 @@
 
 #include <openssl/digest.h>
 
-#include <assert.h>
 #include <string.h>
 
 #include <openssl/asn1.h>
 #include <openssl/bytestring.h>
-#include <openssl/md4.h>
-#include <openssl/md5.h>
 #include <openssl/nid.h>
-#include <openssl/sha.h>
 
 #include "internal.h"
 #include "../internal.h"
 
-#if defined(NDEBUG)
-#define CHECK(x) (void) (x)
-#else
-#define CHECK(x) assert(x)
-#endif
-
-
-static void md4_init(EVP_MD_CTX *ctx) {
-  CHECK(MD4_Init(ctx->md_data));
-}
-
-static void md4_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
-  CHECK(MD4_Update(ctx->md_data, data, count));
-}
-
-static void md4_final(EVP_MD_CTX *ctx, uint8_t *out) {
-  CHECK(MD4_Final(out, ctx->md_data));
-}
-
-static const EVP_MD md4_md = {
-    NID_md4,    MD4_DIGEST_LENGTH, 0 /* flags */,       md4_init,
-    md4_update, md4_final,         64 /* block size */, sizeof(MD4_CTX),
-};
-
-const EVP_MD *EVP_md4(void) { return &md4_md; }
-
-
-static void md5_init(EVP_MD_CTX *ctx) {
-  CHECK(MD5_Init(ctx->md_data));
-}
-
-static void md5_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
-  CHECK(MD5_Update(ctx->md_data, data, count));
-}
-
-static void md5_final(EVP_MD_CTX *ctx, uint8_t *out) {
-  CHECK(MD5_Final(out, ctx->md_data));
-}
-
-static const EVP_MD md5_md = {
-    NID_md5,    MD5_DIGEST_LENGTH, 0 /* flags */,       md5_init,
-    md5_update, md5_final,         64 /* block size */, sizeof(MD5_CTX),
-};
-
-const EVP_MD *EVP_md5(void) { return &md5_md; }
-
-
-static void sha1_init(EVP_MD_CTX *ctx) {
-  CHECK(SHA1_Init(ctx->md_data));
-}
-
-static void sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
-  CHECK(SHA1_Update(ctx->md_data, data, count));
-}
-
-static void sha1_final(EVP_MD_CTX *ctx, uint8_t *md) {
-  CHECK(SHA1_Final(md, ctx->md_data));
-}
-
-static const EVP_MD sha1_md = {
-    NID_sha1,    SHA_DIGEST_LENGTH, 0 /* flags */,       sha1_init,
-    sha1_update, sha1_final,        64 /* block size */, sizeof(SHA_CTX),
-};
-
-const EVP_MD *EVP_sha1(void) { return &sha1_md; }
-
-
-static void sha224_init(EVP_MD_CTX *ctx) {
-  CHECK(SHA224_Init(ctx->md_data));
-}
-
-static void sha224_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
-  CHECK(SHA224_Update(ctx->md_data, data, count));
-}
-
-static void sha224_final(EVP_MD_CTX *ctx, uint8_t *md) {
-  CHECK(SHA224_Final(md, ctx->md_data));
-}
-
-static const EVP_MD sha224_md = {
-    NID_sha224,          SHA224_DIGEST_LENGTH, 0 /* flags */,
-    sha224_init,         sha224_update,        sha224_final,
-    64 /* block size */, sizeof(SHA256_CTX),
-};
-
-const EVP_MD *EVP_sha224(void) { return &sha224_md; }
-
-
-static void sha256_init(EVP_MD_CTX *ctx) {
-  CHECK(SHA256_Init(ctx->md_data));
-}
-
-static void sha256_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
-  CHECK(SHA256_Update(ctx->md_data, data, count));
-}
-
-static void sha256_final(EVP_MD_CTX *ctx, uint8_t *md) {
-  CHECK(SHA256_Final(md, ctx->md_data));
-}
-
-static const EVP_MD sha256_md = {
-    NID_sha256,          SHA256_DIGEST_LENGTH, 0 /* flags */,
-    sha256_init,         sha256_update,        sha256_final,
-    64 /* block size */, sizeof(SHA256_CTX),
-};
-
-const EVP_MD *EVP_sha256(void) { return &sha256_md; }
-
-
-static void sha384_init(EVP_MD_CTX *ctx) {
-  CHECK(SHA384_Init(ctx->md_data));
-}
-
-static void sha384_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
-  CHECK(SHA384_Update(ctx->md_data, data, count));
-}
-
-static void sha384_final(EVP_MD_CTX *ctx, uint8_t *md) {
-  CHECK(SHA384_Final(md, ctx->md_data));
-}
-
-static const EVP_MD sha384_md = {
-    NID_sha384,           SHA384_DIGEST_LENGTH, 0 /* flags */,
-    sha384_init,          sha384_update,        sha384_final,
-    128 /* block size */, sizeof(SHA512_CTX),
-};
-
-const EVP_MD *EVP_sha384(void) { return &sha384_md; }
-
-
-static void sha512_init(EVP_MD_CTX *ctx) {
-  CHECK(SHA512_Init(ctx->md_data));
-}
-
-static void sha512_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
-  CHECK(SHA512_Update(ctx->md_data, data, count));
-}
-
-static void sha512_final(EVP_MD_CTX *ctx, uint8_t *md) {
-  CHECK(SHA512_Final(md, ctx->md_data));
-}
-
-static const EVP_MD sha512_md = {
-    NID_sha512,           SHA512_DIGEST_LENGTH, 0 /* flags */,
-    sha512_init,          sha512_update,        sha512_final,
-    128 /* block size */, sizeof(SHA512_CTX),
-};
-
-const EVP_MD *EVP_sha512(void) { return &sha512_md; }
-
-
-typedef struct {
-  MD5_CTX md5;
-  SHA_CTX sha1;
-} MD5_SHA1_CTX;
-
-static void md5_sha1_init(EVP_MD_CTX *md_ctx) {
-  MD5_SHA1_CTX *ctx = md_ctx->md_data;
-  CHECK(MD5_Init(&ctx->md5) && SHA1_Init(&ctx->sha1));
-}
-
-static void md5_sha1_update(EVP_MD_CTX *md_ctx, const void *data,
-                            size_t count) {
-  MD5_SHA1_CTX *ctx = md_ctx->md_data;
-  CHECK(MD5_Update(&ctx->md5, data, count) &&
-        SHA1_Update(&ctx->sha1, data, count));
-}
-
-static void md5_sha1_final(EVP_MD_CTX *md_ctx, uint8_t *out) {
-  MD5_SHA1_CTX *ctx = md_ctx->md_data;
-  CHECK(MD5_Final(out, &ctx->md5) &&
-        SHA1_Final(out + MD5_DIGEST_LENGTH, &ctx->sha1));
-}
-
-static const EVP_MD md5_sha1_md = {
-    NID_md5_sha1,
-    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
-    0 /* flags */,
-    md5_sha1_init,
-    md5_sha1_update,
-    md5_sha1_final,
-    64 /* block size */,
-    sizeof(MD5_SHA1_CTX),
-};
-
-const EVP_MD *EVP_md5_sha1(void) { return &md5_sha1_md; }
-
 
 struct nid_to_digest {
   int nid;

crypto/digest/digest_test.cc crypto/digest_extra/digest_test.cc

@@ -0,0 +1,32 @@
+/* Copyright (c) 2017, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_DIGEST_EXTRA_INTERNAL_H
+#define OPENSSL_HEADER_DIGEST_EXTRA_INTERNAL_H
+
+#include <openssl/base.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+const EVP_MD *EVP_parse_digest_algorithm(CBS *cbs);
+
+
+#if defined(__cplusplus)
+}  /* extern C */
+#endif
+
+#endif  /* OPENSSL_HEADER_DIGEST_EXTRA_INTERNAL */

crypto/digest_extra/internal.h

@@ -58,7 +58,7 @@
 #include <openssl/err.h>
 
 #include "internal.h"
-#include "../digest/internal.h"
+#include "../fipsmodule/digest/internal.h"
 
 
 static const struct evp_md_pctx_ops md_pctx_ops = {