6972233 Panic is seen when fips-140 mode is enabled and rebooted

2 files changed, 22 insertions, 23 deletions

diff --git a/usr/src/common/crypto/fips/fips_dsa_util.c b/usr/src/common/crypto/fips/fips_dsa_util.c
index b73f763cac..9434c5ebf9 100644
--- a/usr/src/common/crypto/fips/fips_dsa_util.c
+++ b/usr/src/common/crypto/fips/fips_dsa_util.c
@@ -93,9 +93,13 @@ static uint8_t dsa_G[] = {
 /*
  * DSA Known Random Values (known random key block is 160-bits)
  * and (known random signature block is 160-bits).
+ * Note: known random key block must be numerically smaller than
+ * dsa_Q even after bignum_random() turns on the MSB.
  */
 static uint8_t dsa_known_random_key_block[] = {
-	"This is DSA RNG key!"
+	0x91, 0x22, 0x59, 0xdf, 0xe5, 0xec, 0x4c, 0x6e,
+	0xf9, 0x43, 0xf0, 0x4b, 0x2d, 0x50, 0x51, 0xc6,
+	0x91, 0x99, 0x8b, 0xcf
 };
 
 static uint8_t dsa_known_random_signature_block[] = {
@@ -160,19 +164,13 @@ fips_dsa_digest_sign(DSAbytekey *bkey,
 	if (sha1_context == NULL)
 		return (CKR_HOST_MEMORY);
 
+	/* hash the message: context is freed by the function */
 	rv = fips_sha1_hash(sha1_context, in, inlen, sha1_computed_digest);
 	if (rv != CKR_OK)
-		goto clean1;
-
-	rv = dsa_sign(bkey, sha1_computed_digest, FIPS_DSA_DIGEST_LENGTH, out);
+		return (rv);
 
-clean1:
-#ifdef _KERNEL
-	kmem_free(sha1_context, sizeof (SHA1_CTX));
-#else
-	free(sha1_context);
-#endif
-	return (rv);
+	return (dsa_sign(bkey, sha1_computed_digest,
+	    FIPS_DSA_DIGEST_LENGTH, out));
 }
 
 int
@@ -186,20 +184,13 @@ fips_dsa_verify(DSAbytekey *bkey, uint8_t *data, uint8_t *sig)
 	if (sha1_context == NULL)
 		return (CKR_HOST_MEMORY);
 
+	/* hash the message: context is freed by the function */
 	rv = fips_sha1_hash(sha1_context, data, FIPS_DSA_DIGEST_LENGTH,
 	    sha1_computed_digest);
 	if (rv != CKR_OK)
-		goto clean1;
+		return (rv);
 
-	rv = dsa_verify(bkey, sha1_computed_digest, sig);
-
-clean1:
-#ifdef _KERNEL
-	kmem_free(sha1_context, sizeof (SHA1_CTX));
-#else
-	free(sha1_context);
-#endif
-	return (rv);
+	return (dsa_verify(bkey, sha1_computed_digest, sig));
 }
 
 /*
@@ -211,6 +202,8 @@ fips_dsa_post(void)
 	DSAbytekey dsa_params;
 	CK_RV rv;
 	uint8_t dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH];
+	uint8_t pubvalue[FIPS_DSA_PRIME_LENGTH];
+	uint8_t	privalue[FIPS_DSA_SUBPRIME_LENGTH];
 
 	/*
 	 * Generate a DSA public/private key pair.
@@ -222,6 +215,12 @@ fips_dsa_post(void)
 	dsa_params.base = dsa_G;
 	dsa_params.base_bytes = FIPS_DSA_BASE_LENGTH;
 
+	/* Output from DSA key pair generation */
+	dsa_params.private_x = privalue;
+	dsa_params.private_x_bits = CRYPTO_BYTES2BITS(sizeof (privalue));
+	dsa_params.public_y = pubvalue;
+	dsa_params.public_y_bits = CRYPTO_BYTES2BITS(sizeof (pubvalue));
+
 	dsa_params.rfunc = fips_dsa_random_func;
 
 	rv = fips_dsa_genkey_pair(&dsa_params);
diff --git a/usr/src/uts/common/crypto/core/kcf.c b/usr/src/uts/common/crypto/core/kcf.c
index e170b77977..3ffaac033d 100644
--- a/usr/src/uts/common/crypto/core/kcf.c
+++ b/usr/src/uts/common/crypto/core/kcf.c
@@ -247,7 +247,7 @@ kcf_fips140_integrity_check()
 {
 	door_arg_t darg;
 	door_handle_t ldh;
-	kcf_door_arg_t *kda = { 0 }, *rkda;
+	kcf_door_arg_t *kda = { 0 }, *rkda = NULL;
 	int ret = 0;
 
 	KCF_FRMWRK_DEBUG(1, ("Starting IC check"));
@@ -294,7 +294,7 @@ kcf_fips140_integrity_check()
 	KCF_FRMWRK_DEBUG(1, ("Integrity Check succeeds.\n"));
 
 exit:
-	if (rkda != kda)
+	if ((rkda != NULL) && (rkda != kda))
 		kmem_free(rkda, darg.rsize);
 
 	kmem_free(kda, sizeof (kcf_door_arg_t));