# HG changeset patch # User Misaki Miyashita # Date 1280947192 25200 # Node ID c176c071a066ad8695a2359c5f08af2ec36b6342 # Parent dc5824d1233f07f6797512e25bed981dac3781a5 6972233 Panic is seen when fips-140 mode is enabled and rebooted diff -r dc5824d1233f -r c176c071a066 usr/src/common/crypto/fips/fips_dsa_util.c --- a/usr/src/common/crypto/fips/fips_dsa_util.c Wed Aug 04 10:44:20 2010 -0600 +++ b/usr/src/common/crypto/fips/fips_dsa_util.c Wed Aug 04 11:39:52 2010 -0700 @@ -93,9 +93,13 @@ /* * DSA Known Random Values (known random key block is 160-bits) * and (known random signature block is 160-bits). + * Note: known random key block must be numerically smaller than + * dsa_Q even after bignum_random() turns on the MSB. */ static uint8_t dsa_known_random_key_block[] = { - "This is DSA RNG key!" + 0x91, 0x22, 0x59, 0xdf, 0xe5, 0xec, 0x4c, 0x6e, + 0xf9, 0x43, 0xf0, 0x4b, 0x2d, 0x50, 0x51, 0xc6, + 0x91, 0x99, 0x8b, 0xcf }; static uint8_t dsa_known_random_signature_block[] = { @@ -160,19 +164,13 @@ if (sha1_context == NULL) return (CKR_HOST_MEMORY); + /* hash the message: context is freed by the function */ rv = fips_sha1_hash(sha1_context, in, inlen, sha1_computed_digest); if (rv != CKR_OK) - goto clean1; - - rv = dsa_sign(bkey, sha1_computed_digest, FIPS_DSA_DIGEST_LENGTH, out); + return (rv); -clean1: -#ifdef _KERNEL - kmem_free(sha1_context, sizeof (SHA1_CTX)); -#else - free(sha1_context); -#endif - return (rv); + return (dsa_sign(bkey, sha1_computed_digest, + FIPS_DSA_DIGEST_LENGTH, out)); } int @@ -186,20 +184,13 @@ if (sha1_context == NULL) return (CKR_HOST_MEMORY); + /* hash the message: context is freed by the function */ rv = fips_sha1_hash(sha1_context, data, FIPS_DSA_DIGEST_LENGTH, sha1_computed_digest); if (rv != CKR_OK) - goto clean1; - - rv = dsa_verify(bkey, sha1_computed_digest, sig); + return (rv); -clean1: -#ifdef _KERNEL - kmem_free(sha1_context, sizeof (SHA1_CTX)); -#else - free(sha1_context); -#endif - return (rv); + return (dsa_verify(bkey, sha1_computed_digest, sig)); } /* @@ -211,6 +202,8 @@ DSAbytekey dsa_params; CK_RV rv; uint8_t dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH]; + uint8_t pubvalue[FIPS_DSA_PRIME_LENGTH]; + uint8_t privalue[FIPS_DSA_SUBPRIME_LENGTH]; /* * Generate a DSA public/private key pair. @@ -222,6 +215,12 @@ dsa_params.base = dsa_G; dsa_params.base_bytes = FIPS_DSA_BASE_LENGTH; + /* Output from DSA key pair generation */ + dsa_params.private_x = privalue; + dsa_params.private_x_bits = CRYPTO_BYTES2BITS(sizeof (privalue)); + dsa_params.public_y = pubvalue; + dsa_params.public_y_bits = CRYPTO_BYTES2BITS(sizeof (pubvalue)); + dsa_params.rfunc = fips_dsa_random_func; rv = fips_dsa_genkey_pair(&dsa_params); diff -r dc5824d1233f -r c176c071a066 usr/src/uts/common/crypto/core/kcf.c --- a/usr/src/uts/common/crypto/core/kcf.c Wed Aug 04 10:44:20 2010 -0600 +++ b/usr/src/uts/common/crypto/core/kcf.c Wed Aug 04 11:39:52 2010 -0700 @@ -247,7 +247,7 @@ { door_arg_t darg; door_handle_t ldh; - kcf_door_arg_t *kda = { 0 }, *rkda; + kcf_door_arg_t *kda = { 0 }, *rkda = NULL; int ret = 0; KCF_FRMWRK_DEBUG(1, ("Starting IC check")); @@ -294,7 +294,7 @@ KCF_FRMWRK_DEBUG(1, ("Integrity Check succeeds.\n")); exit: - if (rkda != kda) + if ((rkda != NULL) && (rkda != kda)) kmem_free(rkda, darg.rsize); kmem_free(kda, sizeof (kcf_door_arg_t));