]> git.ipfire.org Git - people/ms/ipfire-3.x.git/blame - openssl/patches/openssl-1.0.1b-fips.patch
projects / people / ms / ipfire-3.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
openssl: Update to 1.0.1b.
[people/ms/ipfire-3.x.git] / openssl / patches / openssl-1.0.1b-fips.patch
CommitLineData
a7ff9508
MT		 1diff -up openssl-1.0.1b/apps/pkcs12.c.fips openssl-1.0.1b/apps/pkcs12.c
2--- openssl-1.0.1b/apps/pkcs12.c.fips 2011-03-13 19:20:23.000000000 +0100
3+++ openssl-1.0.1b/apps/pkcs12.c 2012-04-26 18:00:51.379768840 +0200
0595faf5
MT		 4@@ -67,6 +67,9 @@
5 #include <openssl/err.h>
6 #include <openssl/pem.h>
7 #include <openssl/pkcs12.h>
8+#ifdef OPENSSL_FIPS
9+#include <openssl/fips.h>
10+#endif
11
12 #define PROG pkcs12_main
13
14@@ -130,6 +133,11 @@ int MAIN(int argc, char **argv)
15
16 apps_startup();
17
18+#ifdef OPENSSL_FIPS
19+ if (FIPS_mode())
20+ cert_pbe = key_pbe; /* cannot use RC2 in the FIPS mode */
21+#endif
22+
23 enc = EVP_des_ede3_cbc();
24 if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
25
a7ff9508
MT		 26diff -up openssl-1.0.1b/apps/speed.c.fips openssl-1.0.1b/apps/speed.c
27--- openssl-1.0.1b/apps/speed.c.fips 2012-01-11 22:49:16.000000000 +0100
28+++ openssl-1.0.1b/apps/speed.c 2012-04-26 18:00:51.380768861 +0200
0595faf5
MT		 29@@ -195,7 +195,6 @@
30 #ifdef OPENSSL_DOING_MAKEDEPEND
31 #undef AES_set_encrypt_key
32 #undef AES_set_decrypt_key
33-#undef DES_set_key_unchecked
34 #endif
35 #define BF_set_key private_BF_set_key
36 #define CAST_set_key private_CAST_set_key
37@@ -203,7 +202,6 @@
38 #define SEED_set_key private_SEED_set_key
39 #define RC2_set_key private_RC2_set_key
40 #define RC4_set_key private_RC4_set_key
41-#define DES_set_key_unchecked private_DES_set_key_unchecked
42 #define AES_set_encrypt_key private_AES_set_encrypt_key
43 #define AES_set_decrypt_key private_AES_set_decrypt_key
44 #define Camellia_set_key private_Camellia_set_key
45@@ -941,7 +939,12 @@ int MAIN(int argc, char **argv)
46 #ifndef OPENSSL_NO_RSA
47 if (strcmp(*argv,"rsa") == 0)
48 {
49+#ifdef OPENSSL_FIPS
50+ if (!FIPS_mode())
51+#endif
52+ {
53 rsa_doit[R_RSA_512]=1;
54+ }
55 rsa_doit[R_RSA_1024]=1;
56 rsa_doit[R_RSA_2048]=1;
57 rsa_doit[R_RSA_4096]=1;
58@@ -951,7 +954,12 @@ int MAIN(int argc, char **argv)
59 #ifndef OPENSSL_NO_DSA
60 if (strcmp(*argv,"dsa") == 0)
61 {
62+#ifdef OPENSSL_FIPS
63+ if (!FIPS_mode())
64+#endif
65+ {
66 dsa_doit[R_DSA_512]=1;
67+ }
68 dsa_doit[R_DSA_1024]=1;
69 dsa_doit[R_DSA_2048]=1;
70 }
71@@ -1226,30 +1234,54 @@ int MAIN(int argc, char **argv)
72 AES_set_encrypt_key(key32,256,&aes_ks3);
73 #endif
74 #ifndef OPENSSL_NO_CAMELLIA
75+ if (doit[D_CBC_128_CML] || doit[D_CBC_192_CML] || doit[D_CBC_256_CML])
76+ {
77 Camellia_set_key(key16,128,&camellia_ks1);
78 Camellia_set_key(ckey24,192,&camellia_ks2);
79 Camellia_set_key(ckey32,256,&camellia_ks3);
80+ }
81 #endif
82 #ifndef OPENSSL_NO_IDEA
83+ if (doit[D_CBC_IDEA])
84+ {
85 idea_set_encrypt_key(key16,&idea_ks);
86+ }
87 #endif
88 #ifndef OPENSSL_NO_SEED
89+ if (doit[D_CBC_SEED])
90+ {
91 SEED_set_key(key16,&seed_ks);
92+ }
93 #endif
94 #ifndef OPENSSL_NO_RC4
95+ if (doit[D_RC4])
96+ {
97 RC4_set_key(&rc4_ks,16,key16);
98+ }
99 #endif
100 #ifndef OPENSSL_NO_RC2
101+ if (doit[D_CBC_RC2])
102+ {
103 RC2_set_key(&rc2_ks,16,key16,128);
104+ }
105 #endif
106 #ifndef OPENSSL_NO_RC5
107+ if (doit[D_CBC_RC5])
108+ {
109 RC5_32_set_key(&rc5_ks,16,key16,12);
110+ }
111 #endif
112 #ifndef OPENSSL_NO_BF
113+ if (doit[D_CBC_BF])
114+ {
115 BF_set_key(&bf_ks,16,key16);
116+ }
117 #endif
118 #ifndef OPENSSL_NO_CAST
119+ if (doit[D_CBC_CAST])
120+ {
121 CAST_set_key(&cast_ks,16,key16);
122+ }
123 #endif
124 #ifndef OPENSSL_NO_RSA
125 memset(rsa_c,0,sizeof(rsa_c));
a7ff9508
MT		 126diff -up openssl-1.0.1b/Configure.fips openssl-1.0.1b/Configure
127--- openssl-1.0.1b/Configure.fips 2012-04-26 18:00:51.341768009 +0200
128+++ openssl-1.0.1b/Configure 2012-04-26 18:00:51.381768883 +0200
0595faf5
MT		 129@@ -993,11 +993,6 @@ if (defined($disabled{"md5"}) || defined
130 $disabled{"ssl2"} = "forced";
131 }
132
133-if ($fips && $fipslibdir eq "")
134- {
135- $fipslibdir = $fipsdir . "/lib/";
136- }
137-
138 # RSAX ENGINE sets default non-FIPS RSA method.
139 if ($fips)
140 {
a7ff9508 141@@ -1472,7 +1467,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b
0595faf5
MT		 142 if ($fips)
143 {
144 $openssl_other_defines.="#define OPENSSL_FIPS\n";
145- $cflags .= " -I\$(FIPSDIR)/include";
146 }
147
148 $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
a7ff9508 149@@ -1659,9 +1653,12 @@ while (<IN>)
0595faf5
MT		 150
151 s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
152 s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
153- s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
154 s/^BASEADDR=.*/BASEADDR=$baseaddr/;
155
156+ if ($fips)
157+ {
158+ s/^FIPS=.*/FIPS=yes/;
159+ }
160 s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
161 s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
162 s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
a7ff9508
MT		 163diff -up openssl-1.0.1b/crypto/aes/aes_misc.c.fips openssl-1.0.1b/crypto/aes/aes_misc.c
164--- openssl-1.0.1b/crypto/aes/aes_misc.c.fips 2011-06-05 19:36:33.000000000 +0200
165+++ openssl-1.0.1b/crypto/aes/aes_misc.c 2012-04-26 18:00:51.382768906 +0200
0595faf5
MT		 166@@ -69,17 +69,11 @@ const char *AES_options(void) {
167 int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
168 AES_KEY *key)
169 {
170-#ifdef OPENSSL_FIPS
171- fips_cipher_abort(AES);
172-#endif
173 return private_AES_set_encrypt_key(userKey, bits, key);
174 }
175
176 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
177 AES_KEY *key)
178 {
179-#ifdef OPENSSL_FIPS
180- fips_cipher_abort(AES);
181-#endif
182 return private_AES_set_decrypt_key(userKey, bits, key);
183 }
a7ff9508
MT		 184diff -up openssl-1.0.1b/crypto/cmac/cmac.c.fips openssl-1.0.1b/crypto/cmac/cmac.c
185--- openssl-1.0.1b/crypto/cmac/cmac.c.fips 2012-04-11 17:11:16.000000000 +0200
186+++ openssl-1.0.1b/crypto/cmac/cmac.c 2012-04-26 18:00:51.382768906 +0200
0595faf5
MT		 187@@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void)
188
189 void CMAC_CTX_cleanup(CMAC_CTX *ctx)
190 {
191-#ifdef OPENSSL_FIPS
192- if (FIPS_mode() && !ctx->cctx.engine)
193- {
194- FIPS_cmac_ctx_cleanup(ctx);
195- return;
196- }
197-#endif
198 EVP_CIPHER_CTX_cleanup(&ctx->cctx);
199 OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
200 OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
201@@ -164,11 +157,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void
202 EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
203 return 0;
204 }
205- /* Other algorithm blocking will be done in FIPS_cmac_init,
206- * via FIPS_cipherinit().
207- */
208- if (!impl && !ctx->cctx.engine)
209- return FIPS_cmac_init(ctx, key, keylen, cipher, NULL);
210 }
211 #endif
212 /* All zeros means restart */
a7ff9508 213@@ -216,10 +204,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
0595faf5
MT		 214 {
215 const unsigned char *data = in;
216 size_t bl;
217-#ifdef OPENSSL_FIPS
218- if (FIPS_mode() && !ctx->cctx.engine)
219- return FIPS_cmac_update(ctx, in, dlen);
220-#endif
221 if (ctx->nlast_block == -1)
222 return 0;
223 if (dlen == 0)
a7ff9508 224@@ -261,10 +245,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
0595faf5
MT		 225 int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
226 {
227 int i, bl, lb;
228-#ifdef OPENSSL_FIPS
229- if (FIPS_mode() && !ctx->cctx.engine)
230- return FIPS_cmac_final(ctx, out, poutlen);
231-#endif
232 if (ctx->nlast_block == -1)
233 return 0;
234 bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
a7ff9508
MT		 235diff -up openssl-1.0.1b/crypto/crypto.h.fips openssl-1.0.1b/crypto/crypto.h
236--- openssl-1.0.1b/crypto/crypto.h.fips 2012-04-26 18:00:51.094762613 +0200
237+++ openssl-1.0.1b/crypto/crypto.h 2012-04-26 18:00:51.382768906 +0200
0595faf5
MT		 238@@ -553,24 +553,29 @@ int FIPS_mode_set(int r);
239 void OPENSSL_init(void);
240
241 #define fips_md_init(alg) fips_md_init_ctx(alg, alg)
242+#define nonfips_md_init(alg) nonfips_md_init_ctx(alg, alg)
243+#define fips_md_init_ctx(alg, cx) \
244+ int alg##_Init(cx##_CTX *c)
245
246 #ifdef OPENSSL_FIPS
247-#define fips_md_init_ctx(alg, cx) \
248+#define nonfips_md_init_ctx(alg, cx) \
249 int alg##_Init(cx##_CTX *c) \
250 { \
251 if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
252- "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
253+ "Digest " #alg " forbidden in FIPS mode!"); \
254 return private_##alg##_Init(c); \
255 } \
256 int private_##alg##_Init(cx##_CTX *c)
257
258 #define fips_cipher_abort(alg) \
259 if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
260- "Low level API call to cipher " #alg " forbidden in FIPS mode!")
261+ "Cipher " #alg " forbidden in FIPS mode!")
262+
263+/* die if FIPS selftest failed */
264+void FIPS_selftest_check(void);
265
266 #else
267-#define fips_md_init_ctx(alg, cx) \
268- int alg##_Init(cx##_CTX *c)
269+#define nonfips_md_init_ctx(alg, cx) fips_md_init_ctx(alg, cx)
270 #define fips_cipher_abort(alg) while(0)
271 #endif
272
273@@ -580,6 +585,9 @@ void OPENSSL_init(void);
274 */
275 void ERR_load_CRYPTO_strings(void);
276
277+#define OPENSSL_HAVE_INIT 1
278+void OPENSSL_init_library(void);
279+
280 /* Error codes for the CRYPTO functions. */
281
282 /* Function codes. */
a7ff9508
MT		 283diff -up openssl-1.0.1b/crypto/des/des.h.fips openssl-1.0.1b/crypto/des/des.h
284--- openssl-1.0.1b/crypto/des/des.h.fips 2012-04-26 18:00:51.173764340 +0200
285+++ openssl-1.0.1b/crypto/des/des.h 2012-04-26 18:00:51.383768928 +0200
0595faf5
MT		 286@@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE
287 int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
288 int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
289 void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
290-#ifdef OPENSSL_FIPS
291-void private_DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
292-#endif
293 void DES_string_to_key(const char *str,DES_cblock *key);
294 void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
295 void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
a7ff9508
MT		 296diff -up openssl-1.0.1b/crypto/des/set_key.c.fips openssl-1.0.1b/crypto/des/set_key.c
297--- openssl-1.0.1b/crypto/des/set_key.c.fips 2011-06-01 18:54:04.000000000 +0200
298+++ openssl-1.0.1b/crypto/des/set_key.c 2012-04-26 18:00:51.383768928 +0200
0595faf5
MT		 299@@ -337,13 +337,6 @@ int DES_set_key_checked(const_DES_cblock
300 }
301
302 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
303-#ifdef OPENSSL_FIPS
304- {
305- fips_cipher_abort(DES);
306- private_DES_set_key_unchecked(key, schedule);
307- }
308-void private_DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
309-#endif
310 {
311 static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
312 register DES_LONG c,d,t,s,t2;
a7ff9508
MT		 313diff -up openssl-1.0.1b/crypto/dh/dh_gen.c.fips openssl-1.0.1b/crypto/dh/dh_gen.c
314--- openssl-1.0.1b/crypto/dh/dh_gen.c.fips 2011-06-09 17:21:46.000000000 +0200
315+++ openssl-1.0.1b/crypto/dh/dh_gen.c 2012-04-26 18:00:51.383768928 +0200
0595faf5
MT		 316@@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i
317 #endif
318 if(ret->meth->generate_params)
319 return ret->meth->generate_params(ret, prime_len, generator, cb);
320-#ifdef OPENSSL_FIPS
321- if (FIPS_mode())
322- return FIPS_dh_generate_parameters_ex(ret, prime_len,
323- generator, cb);
324-#endif
325 return dh_builtin_genparams(ret, prime_len, generator, cb);
326 }
327
328@@ -123,6 +118,20 @@ static int dh_builtin_genparams(DH *ret,
329 int g,ok= -1;
330 BN_CTX *ctx=NULL;
331
332+#ifdef OPENSSL_FIPS
333+ if(FIPS_selftest_failed())
334+ {
335+ FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS,FIPS_R_FIPS_SELFTEST_FAILED);
336+ return 0;
337+ }
338+
339+ if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
340+ {
341+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
342+ goto err;
343+ }
344+#endif
345+
346 ctx=BN_CTX_new();
347 if (ctx == NULL) goto err;
348 BN_CTX_start(ctx);
a7ff9508
MT		 349diff -up openssl-1.0.1b/crypto/dh/dh.h.fips openssl-1.0.1b/crypto/dh/dh.h
350--- openssl-1.0.1b/crypto/dh/dh.h.fips 2012-04-26 18:00:51.033761281 +0200
351+++ openssl-1.0.1b/crypto/dh/dh.h 2012-04-26 18:00:51.384768950 +0200
0595faf5
MT		 352@@ -77,6 +77,8 @@
353 # define OPENSSL_DH_MAX_MODULUS_BITS 10000
354 #endif
355
356+#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
357+
358 #define DH_FLAG_CACHE_MONT_P 0x01
359 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
360 * implementation now uses constant time
a7ff9508
MT		 361diff -up openssl-1.0.1b/crypto/dh/dh_key.c.fips openssl-1.0.1b/crypto/dh/dh_key.c
362--- openssl-1.0.1b/crypto/dh/dh_key.c.fips 2011-11-14 15:16:09.000000000 +0100
363+++ openssl-1.0.1b/crypto/dh/dh_key.c 2012-04-26 18:00:51.384768950 +0200
0595faf5
MT		 364@@ -61,6 +61,9 @@
365 #include <openssl/bn.h>
366 #include <openssl/rand.h>
367 #include <openssl/dh.h>
368+#ifdef OPENSSL_FIPS
369+#include <openssl/fips.h>
370+#endif
371
372 static int generate_key(DH *dh);
373 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
374@@ -104,7 +107,7 @@ compute_key,
375 dh_bn_mod_exp,
376 dh_init,
377 dh_finish,
378-0,
379+DH_FLAG_FIPS_METHOD,
380 NULL,
381 NULL
382 };
383@@ -123,6 +126,14 @@ static int generate_key(DH *dh)
384 BN_MONT_CTX *mont=NULL;
385 BIGNUM *pub_key=NULL,*priv_key=NULL;
386
387+#ifdef OPENSSL_FIPS
388+ if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
389+ {
390+ DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
391+ return 0;
392+ }
393+#endif
394+
395 ctx = BN_CTX_new();
396 if (ctx == NULL) goto err;
397
398@@ -213,6 +224,13 @@ static int compute_key(unsigned char *ke
399 DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
400 goto err;
401 }
402+#ifdef OPENSSL_FIPS
403+ if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
404+ {
405+ DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
406+ goto err;
407+ }
408+#endif
409
410 ctx = BN_CTX_new();
411 if (ctx == NULL) goto err;
412@@ -280,6 +298,9 @@ static int dh_bn_mod_exp(const DH *dh, B
413
414 static int dh_init(DH *dh)
415 {
416+#ifdef OPENSSL_FIPS
417+ FIPS_selftest_check();
418+#endif
419 dh->flags |= DH_FLAG_CACHE_MONT_P;
420 return(1);
421 }
a7ff9508
MT		 422diff -up openssl-1.0.1b/crypto/dh/dh_lib.c.fips openssl-1.0.1b/crypto/dh/dh_lib.c
423--- openssl-1.0.1b/crypto/dh/dh_lib.c.fips 2011-06-20 21:41:11.000000000 +0200
424+++ openssl-1.0.1b/crypto/dh/dh_lib.c 2012-04-26 18:00:51.384768950 +0200
0595faf5
MT		 425@@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v
426 {
427 if(!default_DH_method)
428 {
429-#ifdef OPENSSL_FIPS
430- if (FIPS_mode())
431- return FIPS_dh_openssl();
432- else
433- return DH_OpenSSL();
434-#else
435 default_DH_method = DH_OpenSSL();
436-#endif
437 }
438 return default_DH_method;
439 }
a7ff9508
MT		 440diff -up openssl-1.0.1b/crypto/dsa/dsa_err.c.fips openssl-1.0.1b/crypto/dsa/dsa_err.c
441--- openssl-1.0.1b/crypto/dsa/dsa_err.c.fips 2011-10-10 01:13:49.000000000 +0200
442+++ openssl-1.0.1b/crypto/dsa/dsa_err.c 2012-04-26 18:00:51.385768972 +0200
0595faf5
MT		 443@@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]=
444 {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"},
445 {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
446 {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
447+{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "dsa_builtin_keygen"},
448+{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"},
449 {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
450 {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
451 {ERR_FUNC(DSA_F_DSA_GENERATE_KEY), "DSA_generate_key"},
452@@ -106,6 +108,8 @@ static ERR_STRING_DATA DSA_str_reasons[]
453 {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
454 {ERR_REASON(DSA_R_DECODE_ERROR) ,"decode error"},
455 {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE) ,"invalid digest type"},
456+{ERR_REASON(DSA_R_KEY_SIZE_INVALID) ,"key size invalid"},
457+{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
458 {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
459 {ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
460 {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"},
a7ff9508
MT		 461diff -up openssl-1.0.1b/crypto/dsa/dsa_gen.c.fips openssl-1.0.1b/crypto/dsa/dsa_gen.c
462--- openssl-1.0.1b/crypto/dsa/dsa_gen.c.fips 2011-06-09 17:21:46.000000000 +0200
463+++ openssl-1.0.1b/crypto/dsa/dsa_gen.c 2012-04-26 18:00:51.385768972 +0200
0595faf5
MT		 464@@ -85,6 +85,14 @@
465 #include <openssl/fips.h>
466 #endif
467
468+#ifndef OPENSSL_FIPS
469+static int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
470+ const EVP_MD *evpmd, unsigned char *seed, int seed_len,
471+ BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb);
472+static int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
473+ BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb);
474+#endif
475+
476 int DSA_generate_parameters_ex(DSA *ret, int bits,
477 const unsigned char *seed_in, int seed_len,
478 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
479@@ -100,14 +108,6 @@ int DSA_generate_parameters_ex(DSA *ret,
480 if(ret->meth->dsa_paramgen)
481 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
482 counter_ret, h_ret, cb);
483-#ifdef OPENSSL_FIPS
484- else if (FIPS_mode())
485- {
486- return FIPS_dsa_generate_parameters_ex(ret, bits,
487- seed_in, seed_len,
488- counter_ret, h_ret, cb);
489- }
490-#endif
491 else
492 {
493 const EVP_MD *evpmd;
494@@ -125,27 +125,119 @@ int DSA_generate_parameters_ex(DSA *ret,
495 }
496
497 return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
498- seed_in, seed_len, NULL, counter_ret, h_ret, cb);
499+ seed_in, seed_len, counter_ret, h_ret, cb);
500 }
501 }
502
503+#ifdef OPENSSL_FIPS
504+int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
505+ const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
506+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
507+ {
508+ return dsa_builtin_paramgen(ret, bits, qbits,
509+ evpmd, seed_in, seed_len,
510+ counter_ret, h_ret, cb);
511+ }
512+#endif
513+
514 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
515 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
516- unsigned char *seed_out,
517 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
518 {
519 int ok=0;
520 unsigned char seed[SHA256_DIGEST_LENGTH];
521+ BIGNUM *g=NULL,*q=NULL,*p=NULL;
522+ size_t qsize = qbits >> 3;
523+ BN_CTX *ctx=NULL;
524+
525+#ifdef OPENSSL_FIPS
526+ if(FIPS_selftest_failed())
527+ {
528+ FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN,
529+ FIPS_R_FIPS_SELFTEST_FAILED);
530+ goto err;
531+ }
532+
533+ if (FIPS_module_mode() &&
534+ (bits != 1024 || qbits != 160) &&
535+ (bits != 2048 || qbits != 224) &&
536+ (bits != 2048 || qbits != 256) &&
537+ (bits != 3072 || qbits != 256))
538+ {
539+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_INVALID);
540+ goto err;
541+ }
542+#endif
543+ if (seed_len && (seed_len < (size_t)qsize))
544+ seed_in = NULL; /* seed buffer too small -- ignore */
545+ if (seed_len > sizeof(seed))
546+ seed_len = sizeof(seed); /* App. 2.2 of FIPS PUB 186 allows larger SEED,
547+ * but our internal buffers are restricted to 256 bits*/
548+ if (seed_in != NULL)
549+ memcpy(seed, seed_in, seed_len);
550+ else
551+ seed_len = 0;
552+
553+ if ((ctx=BN_CTX_new()) == NULL)
554+ goto err;
555+
556+ BN_CTX_start(ctx);
557+
558+ if (!FIPS_dsa_generate_pq(ctx, bits, qbits, evpmd,
559+ seed, seed_len, &p, &q, counter_ret, cb))
560+ goto err;
561+
562+ if (!FIPS_dsa_generate_g(ctx, p, q, &g, h_ret, cb))
563+ goto err;
564+
565+ ok=1;
566+err:
567+ if (ok)
568+ {
569+ if(ret->p)
570+ {
571+ BN_free(ret->p);
572+ ret->p = NULL;
573+ }
574+ if(ret->q)
575+ {
576+ BN_free(ret->q);
577+ ret->q = NULL;
578+ }
579+ if(ret->g)
580+ {
581+ BN_free(ret->g);
582+ ret->g = NULL;
583+ }
584+ ret->p=BN_dup(p);
585+ ret->q=BN_dup(q);
586+ ret->g=BN_dup(g);
587+ if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
588+ ok=0;
589+ }
590+ if(ctx)
591+ {
592+ BN_CTX_end(ctx);
593+ BN_CTX_free(ctx);
594+ }
595+ return ok;
596+ }
597+
598+#ifndef OPENSSL_FIPS
599+static
600+#endif
601+int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
602+ const EVP_MD *evpmd, unsigned char *seed, int seed_len,
603+ BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb)
604+ {
605+ int ok=0;
606 unsigned char md[SHA256_DIGEST_LENGTH];
607- unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH];
608+ unsigned char buf[SHA256_DIGEST_LENGTH];
609 BIGNUM *r0,*W,*X,*c,*test;
610- BIGNUM *g=NULL,*q=NULL,*p=NULL;
611- BN_MONT_CTX *mont=NULL;
612- int i, k, n=0, m=0, qsize = qbits >> 3;
613+ BIGNUM *q=NULL,*p=NULL;
614+ int i, k, b, n=0, m=0, qsize = qbits >> 3;
615 int counter=0;
616 int r=0;
617- BN_CTX *ctx=NULL;
618- unsigned int h=2;
619
620 if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
621 qsize != SHA256_DIGEST_LENGTH)
622@@ -153,51 +245,43 @@ int dsa_builtin_paramgen(DSA *ret, size_
623 return 0;
624
625 if (evpmd == NULL)
626- /* use SHA1 as default */
627- evpmd = EVP_sha1();
628+ {
629+ if (qbits <= 160)
630+ evpmd = EVP_sha1();
631+ else if (qbits <= 224)
632+ evpmd = EVP_sha224();
633+ else
634+ evpmd = EVP_sha256();
635+ }
636
637 if (bits < 512)
638 bits = 512;
639
640 bits = (bits+63)/64*64;
641
642- /* NB: seed_len == 0 is special case: copy generated seed to
643- * seed_in if it is not NULL.
644- */
645- if (seed_len && (seed_len < (size_t)qsize))
646- seed_in = NULL; /* seed buffer too small -- ignore */
647- if (seed_len > (size_t)qsize)
648- seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
649- * but our internal buffers are restricted to 160 bits*/
650- if (seed_in != NULL)
651- memcpy(seed, seed_in, seed_len);
652-
653- if ((ctx=BN_CTX_new()) == NULL)
654- goto err;
655-
656- if ((mont=BN_MONT_CTX_new()) == NULL)
657- goto err;
658-
659- BN_CTX_start(ctx);
660 r0 = BN_CTX_get(ctx);
661- g = BN_CTX_get(ctx);
662 W = BN_CTX_get(ctx);
663- q = BN_CTX_get(ctx);
664+ *q_ret = q = BN_CTX_get(ctx);
665 X = BN_CTX_get(ctx);
666 c = BN_CTX_get(ctx);
667- p = BN_CTX_get(ctx);
668+ *p_ret = p = BN_CTX_get(ctx);
669 test = BN_CTX_get(ctx);
670
671 if (!BN_lshift(test,BN_value_one(),bits-1))
672 goto err;
673
674+ /* step 3 n = \lceil bits / qbits \rceil - 1 */
675+ n = (bits+qbits-1)/qbits - 1;
676+ /* step 4 b = bits - 1 - n * qbits */
677+ b = bits - 1 - n*qbits;
678+
679 for (;;)
680 {
681 for (;;) /* find q */
682 {
683 int seed_is_random;
684
685- /* step 1 */
686+ /* step 5 generate seed */
687 if(!BN_GENCB_call(cb, 0, m++))
688 goto err;
689
690@@ -212,30 +296,18 @@ int dsa_builtin_paramgen(DSA *ret, size_
691 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
692 }
693 memcpy(buf , seed, qsize);
694- memcpy(buf2, seed, qsize);
695- /* precompute "SEED + 1" for step 7: */
696- for (i = qsize-1; i >= 0; i--)
697- {
698- buf[i]++;
699- if (buf[i] != 0)
700- break;
701- }
702
703- /* step 2 */
704+ /* step 6 U = hash(seed) */
705 if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
706 goto err;
707- if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
708- goto err;
709- for (i = 0; i < qsize; i++)
710- md[i]^=buf2[i];
711
712- /* step 3 */
713+ /* step 7 q = 2^(qbits-1) + U + 1 - (U mod 2) */
714 md[0] |= 0x80;
715 md[qsize-1] |= 0x01;
716 if (!BN_bin2bn(md, qsize, q))
717 goto err;
718
719- /* step 4 */
720+ /* step 8 test for prime (64 round of Rabin-Miller) */
721 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
722 seed_is_random, cb);
723 if (r > 0)
724@@ -243,27 +315,22 @@ int dsa_builtin_paramgen(DSA *ret, size_
725 if (r != 0)
726 goto err;
727
728- /* do a callback call */
729- /* step 5 */
730 }
731
732 if(!BN_GENCB_call(cb, 2, 0)) goto err;
733 if(!BN_GENCB_call(cb, 3, 0)) goto err;
734
735- /* step 6 */
736+ /* step 11 */
737 counter=0;
738- /* "offset = 2" */
739-
740- n=(bits-1)/160;
741+ /* "offset = 1" */
742
743 for (;;)
744 {
745 if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
746 goto err;
747
748- /* step 7 */
749+ /* step 11.1, 11.2 obtain W */
750 BN_zero(W);
751- /* now 'buf' contains "SEED + offset - 1" */
752 for (k=0; k<=n; k++)
753 {
754 /* obtain "SEED + offset + k" by incrementing: */
755@@ -278,28 +345,30 @@ int dsa_builtin_paramgen(DSA *ret, size_
756 NULL))
757 goto err;
758
759- /* step 8 */
760 if (!BN_bin2bn(md, qsize, r0))
761 goto err;
762- if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err;
763+ if (k == n)
764+ BN_mask_bits(r0,b);
765+ if (!BN_lshift(r0,r0,qbits*k)) goto err;
766 if (!BN_add(W,W,r0)) goto err;
767 }
768
769- /* more of step 8 */
770- if (!BN_mask_bits(W,bits-1)) goto err;
771+ /* step 11.3 X = W + 2^(L-1) */
772 if (!BN_copy(X,W)) goto err;
773 if (!BN_add(X,X,test)) goto err;
774
775- /* step 9 */
776+ /* step 11.4 c = X mod 2*q */
777 if (!BN_lshift1(r0,q)) goto err;
778 if (!BN_mod(c,X,r0,ctx)) goto err;
779+
780+ /* step 11.5 p = X - (c - 1) */
781 if (!BN_sub(r0,c,BN_value_one())) goto err;
782 if (!BN_sub(p,X,r0)) goto err;
783
784- /* step 10 */
785+ /* step 11.6 */
786 if (BN_cmp(p,test) >= 0)
787 {
788- /* step 11 */
789+ /* step 11.7 */
790 r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
791 ctx, 1, cb);
792 if (r > 0)
793@@ -308,19 +377,45 @@ int dsa_builtin_paramgen(DSA *ret, size_
794 goto err;
795 }
796
797- /* step 13 */
798+ /* step 11.9 */
799 counter++;
800 /* "offset = offset + n + 1" */
801
802- /* step 14 */
803- if (counter >= 4096) break;
804+ /* step 12 */
805+ if (counter >= 4*bits) break;
806 }
807 }
808 end:
809 if(!BN_GENCB_call(cb, 2, 1))
810 goto err;
811
812- /* We now need to generate g */
813+ ok=1;
814+err:
815+ if (ok)
816+ {
817+ if (counter_ret != NULL) *counter_ret=counter;
818+ }
819+ return ok;
820+ }
821+
822+#ifndef OPENSSL_FIPS
823+static
824+#endif
825+int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
826+ BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb)
827+ {
828+ int ok=0;
829+ BIGNUM *r0, *test, *g = NULL;
830+ BN_MONT_CTX *mont;
831+ unsigned int h=2;
832+
833+ if ((mont=BN_MONT_CTX_new()) == NULL)
834+ goto err;
835+
836+ r0 = BN_CTX_get(ctx);
837+ *g_ret = g = BN_CTX_get(ctx);
838+ test = BN_CTX_get(ctx);
839+
840 /* Set r0=(p-1)/q */
841 if (!BN_sub(test,p,BN_value_one())) goto err;
842 if (!BN_div(r0,NULL,test,q,ctx)) goto err;
843@@ -344,26 +439,7 @@ end:
844 err:
845 if (ok)
846 {
847- if(ret->p) BN_free(ret->p);
848- if(ret->q) BN_free(ret->q);
849- if(ret->g) BN_free(ret->g);
850- ret->p=BN_dup(p);
851- ret->q=BN_dup(q);
852- ret->g=BN_dup(g);
853- if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
854- {
855- ok=0;
856- goto err;
857- }
858- if (counter_ret != NULL) *counter_ret=counter;
859 if (h_ret != NULL) *h_ret=h;
860- if (seed_out)
861- memcpy(seed_out, seed, qsize);
862- }
863- if(ctx)
864- {
865- BN_CTX_end(ctx);
866- BN_CTX_free(ctx);
867 }
868 if (mont != NULL) BN_MONT_CTX_free(mont);
869 return ok;
a7ff9508
MT		 870diff -up openssl-1.0.1b/crypto/dsa/dsa.h.fips openssl-1.0.1b/crypto/dsa/dsa.h
871--- openssl-1.0.1b/crypto/dsa/dsa.h.fips 2012-04-26 18:00:50.840757065 +0200
872+++ openssl-1.0.1b/crypto/dsa/dsa.h 2012-04-26 18:00:51.386768993 +0200
0595faf5
MT		 873@@ -88,6 +88,8 @@
874 # define OPENSSL_DSA_MAX_MODULUS_BITS 10000
875 #endif
876
877+#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
878+
879 #define DSA_FLAG_CACHE_MONT_P 0x01
880 #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
881 * implementation now uses constant time
882@@ -264,6 +266,17 @@ int DSA_print_fp(FILE *bp, const DSA *x,
883 DH *DSA_dup_DH(const DSA *r);
884 #endif
885
886+#ifdef OPENSSL_FIPS
887+int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
888+ const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
889+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
890+int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
891+ const EVP_MD *evpmd, unsigned char *seed, int seed_len,
892+ BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb);
893+int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
894+ BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb);
895+#endif
896+
897 #define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
898 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
899 EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
900@@ -285,10 +298,13 @@ void ERR_load_DSA_strings(void);
901 #define DSA_F_DO_DSA_PRINT 104
902 #define DSA_F_DSAPARAMS_PRINT 100
903 #define DSA_F_DSAPARAMS_PRINT_FP 101
904+#define DSA_F_DSA_BUILTIN_KEYGEN 124
905+#define DSA_F_DSA_BUILTIN_PARAMGEN 123
906 #define DSA_F_DSA_DO_SIGN 112
907 #define DSA_F_DSA_DO_VERIFY 113
908-#define DSA_F_DSA_GENERATE_KEY 124
909-#define DSA_F_DSA_GENERATE_PARAMETERS_EX 123
910+#define DSA_F_DSA_GENERATE_KEY 126
911+#define DSA_F_DSA_GENERATE_PARAMETERS_EX 127
912+#define DSA_F_DSA_GENERATE_PARAMETERS /* unused */ 125
913 #define DSA_F_DSA_NEW_METHOD 103
914 #define DSA_F_DSA_PARAM_DECODE 119
915 #define DSA_F_DSA_PRINT_FP 105
916@@ -314,11 +330,15 @@ void ERR_load_DSA_strings(void);
917 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
918 #define DSA_R_DECODE_ERROR 104
919 #define DSA_R_INVALID_DIGEST_TYPE 106
920+#define DSA_R_KEY_SIZE_INVALID 113
921+#define DSA_R_KEY_SIZE_TOO_SMALL 110
922 #define DSA_R_MISSING_PARAMETERS 101
923 #define DSA_R_MODULUS_TOO_LARGE 103
924-#define DSA_R_NEED_NEW_SETUP_VALUES 110
925+#define DSA_R_NEED_NEW_SETUP_VALUES 112
926 #define DSA_R_NON_FIPS_DSA_METHOD 111
927+#define DSA_R_NON_FIPS_METHOD 111
928 #define DSA_R_NO_PARAMETERS_SET 107
929+#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE /* unused */ 112
930 #define DSA_R_PARAMETER_ENCODING_ERROR 105
931
932 #ifdef __cplusplus
a7ff9508
MT		 933diff -up openssl-1.0.1b/crypto/dsa/dsa_key.c.fips openssl-1.0.1b/crypto/dsa/dsa_key.c
934--- openssl-1.0.1b/crypto/dsa/dsa_key.c.fips 2011-06-09 17:21:46.000000000 +0200
935+++ openssl-1.0.1b/crypto/dsa/dsa_key.c 2012-04-26 18:00:51.386768993 +0200
0595faf5
MT		 936@@ -66,6 +66,24 @@
937
938 #ifdef OPENSSL_FIPS
939 #include <openssl/fips.h>
940+#include <openssl/evp.h>
941+
942+static int fips_check_dsa(DSA *dsa)
943+ {
944+ EVP_PKEY pk;
945+ unsigned char tbs[] = "DSA Pairwise Check Data";
946+ pk.type = EVP_PKEY_DSA;
947+ pk.pkey.dsa = dsa;
948+
949+ if (!fips_pkey_signature_test(&pk, tbs, 0, NULL, 0, NULL, 0, NULL))
950+ {
951+ FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
952+ fips_set_selftest_fail();
953+ return 0;
954+ }
955+ return 1;
956+ }
957+
958 #endif
959
960 static int dsa_builtin_keygen(DSA *dsa);
961@@ -82,10 +100,6 @@ int DSA_generate_key(DSA *dsa)
962 #endif
963 if(dsa->meth->dsa_keygen)
964 return dsa->meth->dsa_keygen(dsa);
965-#ifdef OPENSSL_FIPS
966- if (FIPS_mode())
967- return FIPS_dsa_generate_key(dsa);
968-#endif
969 return dsa_builtin_keygen(dsa);
970 }
971
972@@ -95,6 +109,15 @@ static int dsa_builtin_keygen(DSA *dsa)
973 BN_CTX *ctx=NULL;
974 BIGNUM *pub_key=NULL,*priv_key=NULL;
975
976+#ifdef OPENSSL_FIPS
977+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
978+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
979+ {
980+ DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
981+ goto err;
982+ }
983+#endif
984+
985 if ((ctx=BN_CTX_new()) == NULL) goto err;
986
987 if (dsa->priv_key == NULL)
988@@ -133,6 +156,14 @@ static int dsa_builtin_keygen(DSA *dsa)
989
990 dsa->priv_key=priv_key;
991 dsa->pub_key=pub_key;
992+#ifdef OPENSSL_FIPS
993+ if(FIPS_mode() && !fips_check_dsa(dsa))
994+ {
995+ dsa->pub_key = NULL;
996+ dsa->priv_key = NULL;
997+ goto err;
998+ }
999+#endif
1000 ok=1;
1001
1002 err:
a7ff9508
MT		 1003diff -up openssl-1.0.1b/crypto/dsa/dsa_lib.c.fips openssl-1.0.1b/crypto/dsa/dsa_lib.c
1004--- openssl-1.0.1b/crypto/dsa/dsa_lib.c.fips 2011-11-14 15:16:09.000000000 +0100
1005+++ openssl-1.0.1b/crypto/dsa/dsa_lib.c 2012-04-26 18:00:51.387769014 +0200
0595faf5
MT		 1006@@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method
1007 {
1008 if(!default_DSA_method)
1009 {
1010-#ifdef OPENSSL_FIPS
1011- if (FIPS_mode())
1012- return FIPS_dsa_openssl();
1013- else
1014- return DSA_OpenSSL();
1015-#else
1016 default_DSA_method = DSA_OpenSSL();
1017-#endif
1018 }
1019 return default_DSA_method;
1020 }
a7ff9508
MT		 1021diff -up openssl-1.0.1b/crypto/dsa/dsa_locl.h.fips openssl-1.0.1b/crypto/dsa/dsa_locl.h
1022--- openssl-1.0.1b/crypto/dsa/dsa_locl.h.fips 2012-04-26 18:00:50.844757152 +0200
1023+++ openssl-1.0.1b/crypto/dsa/dsa_locl.h 2012-04-26 18:00:51.387769014 +0200
0595faf5
MT		 1024@@ -56,5 +56,4 @@
1025
1026 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
1027 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
1028- unsigned char *seed_out,
1029 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
a7ff9508
MT		 1030diff -up openssl-1.0.1b/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1b/crypto/dsa/dsa_ossl.c
1031--- openssl-1.0.1b/crypto/dsa/dsa_ossl.c.fips 2011-02-01 13:53:47.000000000 +0100
1032+++ openssl-1.0.1b/crypto/dsa/dsa_ossl.c 2012-04-26 18:00:51.388769035 +0200
0595faf5
MT		 1033@@ -65,6 +65,9 @@
1034 #include <openssl/dsa.h>
1035 #include <openssl/rand.h>
1036 #include <openssl/asn1.h>
1037+#ifdef OPENSSL_FIPS
1038+#include <openssl/fips.h>
1039+#endif
1040
1041 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
1042 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
1043@@ -82,7 +85,7 @@ NULL, /* dsa_mod_exp, */
1044 NULL, /* dsa_bn_mod_exp, */
1045 dsa_init,
1046 dsa_finish,
1047-0,
1048+DSA_FLAG_FIPS_METHOD,
1049 NULL,
1050 NULL,
1051 NULL
1052@@ -138,6 +141,21 @@ static DSA_SIG *dsa_do_sign(const unsign
1053 DSA_SIG *ret=NULL;
1054 int noredo = 0;
1055
1056+#ifdef OPENSSL_FIPS
1057+ if(FIPS_selftest_failed())
1058+ {
1059+ FIPSerr(FIPS_F_DSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
1060+ return NULL;
1061+ }
1062+
1063+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
1064+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
1065+ {
1066+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
1067+ return NULL;
1068+ }
1069+#endif
1070+
1071 BN_init(&m);
1072 BN_init(&xr);
1073
1074@@ -325,6 +343,21 @@ static int dsa_do_verify(const unsigned
1075 return -1;
1076 }
1077
1078+#ifdef OPENSSL_FIPS
1079+ if(FIPS_selftest_failed())
1080+ {
1081+ FIPSerr(FIPS_F_DSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
1082+ return -1;
1083+ }
1084+
1085+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
1086+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
1087+ {
1088+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);
1089+ return -1;
1090+ }
1091+#endif
1092+
1093 if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
1094 {
1095 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
1096@@ -399,6 +432,9 @@ static int dsa_do_verify(const unsigned
1097
1098 static int dsa_init(DSA *dsa)
1099 {
1100+#ifdef OPENSSL_FIPS
1101+ FIPS_selftest_check();
1102+#endif
1103 dsa->flags|=DSA_FLAG_CACHE_MONT_P;
1104 return(1);
1105 }
a7ff9508
MT		 1106diff -up openssl-1.0.1b/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1b/crypto/dsa/dsa_pmeth.c
1107--- openssl-1.0.1b/crypto/dsa/dsa_pmeth.c.fips 2011-06-20 22:05:13.000000000 +0200
1108+++ openssl-1.0.1b/crypto/dsa/dsa_pmeth.c 2012-04-26 18:00:51.388769035 +0200
0595faf5
MT		 1109@@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
1110 if (!dsa)
1111 return 0;
1112 ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
1113- NULL, 0, NULL, NULL, NULL, pcb);
1114+ NULL, 0, NULL, NULL, pcb);
1115 if (ret)
1116 EVP_PKEY_assign_DSA(pkey, dsa);
1117 else
a7ff9508
MT		 1118diff -up openssl-1.0.1b/crypto/dsa/dsatest.c.fips openssl-1.0.1b/crypto/dsa/dsatest.c
1119--- openssl-1.0.1b/crypto/dsa/dsatest.c.fips 2008-08-06 17:54:11.000000000 +0200
1120+++ openssl-1.0.1b/crypto/dsa/dsatest.c 2012-04-26 18:00:51.389769058 +0200
0595faf5
MT		 1121@@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int
1122 /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
1123 * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
1124 static unsigned char seed[20]={
1125- 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
1126- 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
1127+ 0x02,0x47,0x11,0x92,0x11,0x88,0xC8,0xFB,0xAF,0x48,0x4C,0x62,
1128+ 0xDF,0xA5,0xBE,0xA0,0xA4,0x3C,0x56,0xE3,
1129 };
1130
1131 static unsigned char out_p[]={
1132- 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
1133- 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
1134- 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
1135- 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
1136- 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
1137- 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
1138- 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
1139- 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
1140+ 0xAC,0xCB,0x1E,0x63,0x60,0x69,0x0C,0xFB,0x06,0x19,0x68,0x3E,
1141+ 0xA5,0x01,0x5A,0xA2,0x15,0x5C,0xE2,0x99,0x2D,0xD5,0x30,0x99,
1142+ 0x7E,0x5F,0x8D,0xE2,0xF7,0xC6,0x2E,0x8D,0xA3,0x9F,0x58,0xAD,
1143+ 0xD6,0xA9,0x7D,0x0E,0x0D,0x95,0x53,0xA6,0x71,0x3A,0xDE,0xAB,
1144+ 0xAC,0xE9,0xF4,0x36,0x55,0x9E,0xB9,0xD6,0x93,0xBF,0xF3,0x18,
1145+ 0x1C,0x14,0x7B,0xA5,0x42,0x2E,0xCD,0x00,0xEB,0x35,0x3B,0x1B,
1146+ 0xA8,0x51,0xBB,0xE1,0x58,0x42,0x85,0x84,0x22,0xA7,0x97,0x5E,
1147+ 0x99,0x6F,0x38,0x20,0xBD,0x9D,0xB6,0xD9,0x33,0x37,0x2A,0xFD,
1148+ 0xBB,0xD4,0xBC,0x0C,0x2A,0x67,0xCB,0x9F,0xBB,0xDF,0xF9,0x93,
1149+ 0xAA,0xD6,0xF0,0xD6,0x95,0x0B,0x5D,0x65,0x14,0xD0,0x18,0x9D,
1150+ 0xC6,0xAF,0xF0,0xC6,0x37,0x7C,0xF3,0x5F,
1151 };
1152
1153 static unsigned char out_q[]={
1154- 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
1155- 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
1156- 0xda,0xce,0x91,0x5f,
1157+ 0xE3,0x8E,0x5E,0x6D,0xBF,0x2B,0x79,0xF8,0xC5,0x4B,0x89,0x8B,
1158+ 0xBA,0x2D,0x91,0xC3,0x6C,0x80,0xAC,0x87,
1159 };
1160
1161 static unsigned char out_g[]={
1162- 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
1163- 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
1164- 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
1165- 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
1166- 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
1167- 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
1168- 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
1169- 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
1170+ 0x42,0x4A,0x04,0x4E,0x79,0xB4,0x99,0x7F,0xFD,0x58,0x36,0x2C,
1171+ 0x1B,0x5F,0x18,0x7E,0x0D,0xCC,0xAB,0x81,0xC9,0x5D,0x10,0xCE,
1172+ 0x4E,0x80,0x7E,0x58,0xB4,0x34,0x3F,0xA7,0x45,0xC7,0xAA,0x36,
1173+ 0x24,0x42,0xA9,0x3B,0xE8,0x0E,0x04,0x02,0x2D,0xFB,0xA6,0x13,
1174+ 0xB9,0xB5,0x15,0xA5,0x56,0x07,0x35,0xE4,0x03,0xB6,0x79,0x7C,
1175+ 0x62,0xDD,0xDF,0x3F,0x71,0x3A,0x9D,0x8B,0xC4,0xF6,0xE7,0x1D,
1176+ 0x52,0xA8,0xA9,0x43,0x1D,0x33,0x51,0x88,0x39,0xBD,0x73,0xE9,
1177+ 0x5F,0xBE,0x82,0x49,0x27,0xE6,0xB5,0x53,0xC1,0x38,0xAC,0x2F,
1178+ 0x6D,0x97,0x6C,0xEB,0x67,0xC1,0x5F,0x67,0xF8,0x35,0x05,0x5E,
1179+ 0xD5,0x68,0x80,0xAA,0x96,0xCA,0x0B,0x8A,0xE6,0xF1,0xB1,0x41,
1180+ 0xC6,0x75,0x94,0x0A,0x0A,0x2A,0xFA,0x29,
1181 };
1182
1183 static const unsigned char str1[]="12345678901234567890";
1184@@ -157,7 +162,7 @@ int main(int argc, char **argv)
1185 BIO_printf(bio_err,"test generation of DSA parameters\n");
1186
1187 BN_GENCB_set(&cb, dsa_cb, bio_err);
1188- if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
1189+ if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 1024,
1190 seed, 20, &counter, &h, &cb))
1191 goto end;
1192
1193@@ -170,9 +175,9 @@ int main(int argc, char **argv)
1194 BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
1195
1196 DSA_print(bio_err,dsa,0);
1197- if (counter != 105)
1198+ if (counter != 239)
1199 {
1200- BIO_printf(bio_err,"counter should be 105\n");
1201+ BIO_printf(bio_err,"counter should be 239\n");
1202 goto end;
1203 }
1204 if (h != 2)
a7ff9508
MT		 1205diff -up openssl-1.0.1b/crypto/engine/eng_all.c.fips openssl-1.0.1b/crypto/engine/eng_all.c
1206--- openssl-1.0.1b/crypto/engine/eng_all.c.fips 2011-08-10 20:53:13.000000000 +0200
1207+++ openssl-1.0.1b/crypto/engine/eng_all.c 2012-04-26 18:00:51.389769058 +0200
0595faf5
MT		 1208@@ -58,11 +58,25 @@
1209
1210 #include "cryptlib.h"
1211 #include "eng_int.h"
1212+#ifdef OPENSSL_FIPS
1213+#include <openssl/fips.h>
1214+#endif
1215
1216 void ENGINE_load_builtin_engines(void)
1217 {
1218 /* Some ENGINEs need this */
1219 OPENSSL_cpuid_setup();
1220+#ifdef OPENSSL_FIPS
1221+ OPENSSL_init_library();
1222+ if (FIPS_mode()) {
1223+ /* We allow loading dynamic engine as a third party
1224+ engine might be FIPS validated.
1225+ User is disallowed to load non-validated engines
1226+ by security policy. */
1227+ ENGINE_load_dynamic();
1228+ return;
1229+ }
1230+#endif
1231 #if 0
1232 /* There's no longer any need for an "openssl" ENGINE unless, one day,
1233 * it is the *only* way for standard builtin implementations to be be
a7ff9508
MT		 1234diff -up openssl-1.0.1b/crypto/err/err_all.c.fips openssl-1.0.1b/crypto/err/err_all.c
1235--- openssl-1.0.1b/crypto/err/err_all.c.fips 2011-06-21 18:58:10.000000000 +0200
1236+++ openssl-1.0.1b/crypto/err/err_all.c 2012-04-26 18:00:51.390769081 +0200
0595faf5
MT		 1237@@ -96,6 +96,9 @@
1238 #include <openssl/ocsp.h>
1239 #include <openssl/err.h>
1240 #include <openssl/ts.h>
1241+#ifdef OPENSSL_FIPS
1242+#include <openssl/fips.h>
1243+#endif
1244 #ifndef OPENSSL_NO_CMS
1245 #include <openssl/cms.h>
1246 #endif
1247@@ -153,6 +156,9 @@ void ERR_load_crypto_strings(void)
1248 #endif
1249 ERR_load_OCSP_strings();
1250 ERR_load_UI_strings();
1251+#ifdef OPENSSL_FIPS
1252+ ERR_load_FIPS_strings();
1253+#endif
1254 #ifndef OPENSSL_NO_CMS
1255 ERR_load_CMS_strings();
1256 #endif
a7ff9508
MT		 1257diff -up openssl-1.0.1b/crypto/evp/c_allc.c.fips openssl-1.0.1b/crypto/evp/c_allc.c
1258--- openssl-1.0.1b/crypto/evp/c_allc.c.fips 2011-11-14 22:13:35.000000000 +0100
1259+++ openssl-1.0.1b/crypto/evp/c_allc.c 2012-04-26 18:00:51.390769081 +0200
0595faf5
MT		 1260@@ -65,6 +65,11 @@
1261 void OpenSSL_add_all_ciphers(void)
1262 {
1263
1264+#ifdef OPENSSL_FIPS
1265+ OPENSSL_init_library();
1266+ if(!FIPS_mode())
1267+ {
1268+#endif
1269 #ifndef OPENSSL_NO_DES
1270 EVP_add_cipher(EVP_des_cfb());
1271 EVP_add_cipher(EVP_des_cfb1());
1272@@ -227,4 +232,60 @@ void OpenSSL_add_all_ciphers(void)
1273 EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
1274 EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
1275 #endif
1276+#ifdef OPENSSL_FIPS
1277+ }
1278+ else
1279+ {
1280+#ifndef OPENSSL_NO_DES
1281+ EVP_add_cipher(EVP_des_ede_cfb());
1282+ EVP_add_cipher(EVP_des_ede3_cfb());
1283+
1284+ EVP_add_cipher(EVP_des_ede_ofb());
1285+ EVP_add_cipher(EVP_des_ede3_ofb());
1286+
1287+ EVP_add_cipher(EVP_des_ede_cbc());
1288+ EVP_add_cipher(EVP_des_ede3_cbc());
1289+ EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
1290+ EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
1291+
1292+ EVP_add_cipher(EVP_des_ede());
1293+ EVP_add_cipher(EVP_des_ede3());
1294+#endif
1295+
1296+#ifndef OPENSSL_NO_AES
1297+ EVP_add_cipher(EVP_aes_128_ecb());
1298+ EVP_add_cipher(EVP_aes_128_cbc());
1299+ EVP_add_cipher(EVP_aes_128_cfb());
1300+ EVP_add_cipher(EVP_aes_128_cfb1());
1301+ EVP_add_cipher(EVP_aes_128_cfb8());
1302+ EVP_add_cipher(EVP_aes_128_ofb());
1303+ EVP_add_cipher(EVP_aes_128_ctr());
1304+ EVP_add_cipher(EVP_aes_128_gcm());
1305+ EVP_add_cipher(EVP_aes_128_xts());
1306+ EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
1307+ EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
1308+ EVP_add_cipher(EVP_aes_192_ecb());
1309+ EVP_add_cipher(EVP_aes_192_cbc());
1310+ EVP_add_cipher(EVP_aes_192_cfb());
1311+ EVP_add_cipher(EVP_aes_192_cfb1());
1312+ EVP_add_cipher(EVP_aes_192_cfb8());
1313+ EVP_add_cipher(EVP_aes_192_ofb());
1314+ EVP_add_cipher(EVP_aes_192_ctr());
1315+ EVP_add_cipher(EVP_aes_192_gcm());
1316+ EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
1317+ EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
1318+ EVP_add_cipher(EVP_aes_256_ecb());
1319+ EVP_add_cipher(EVP_aes_256_cbc());
1320+ EVP_add_cipher(EVP_aes_256_cfb());
1321+ EVP_add_cipher(EVP_aes_256_cfb1());
1322+ EVP_add_cipher(EVP_aes_256_cfb8());
1323+ EVP_add_cipher(EVP_aes_256_ofb());
1324+ EVP_add_cipher(EVP_aes_256_ctr());
1325+ EVP_add_cipher(EVP_aes_256_gcm());
1326+ EVP_add_cipher(EVP_aes_256_xts());
1327+ EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
1328+ EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
1329+#endif
1330+ }
1331+#endif
1332 }
a7ff9508
MT		 1333diff -up openssl-1.0.1b/crypto/evp/c_alld.c.fips openssl-1.0.1b/crypto/evp/c_alld.c
1334--- openssl-1.0.1b/crypto/evp/c_alld.c.fips 2009-07-08 10:50:53.000000000 +0200
1335+++ openssl-1.0.1b/crypto/evp/c_alld.c 2012-04-26 18:00:51.390769081 +0200
0595faf5
MT		 1336@@ -64,6 +64,11 @@
1337
1338 void OpenSSL_add_all_digests(void)
1339 {
1340+#ifdef OPENSSL_FIPS
1341+ OPENSSL_init_library();
1342+ if (!FIPS_mode())
1343+ {
1344+#endif
1345 #ifndef OPENSSL_NO_MD4
1346 EVP_add_digest(EVP_md4());
1347 #endif
1348@@ -111,4 +116,32 @@ void OpenSSL_add_all_digests(void)
1349 #ifndef OPENSSL_NO_WHIRLPOOL
1350 EVP_add_digest(EVP_whirlpool());
1351 #endif
1352+#ifdef OPENSSL_FIPS
1353+ }
1354+ else
1355+ {
1356+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
1357+ EVP_add_digest(EVP_sha1());
1358+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
1359+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
1360+#ifndef OPENSSL_NO_DSA
1361+ EVP_add_digest(EVP_dss1());
1362+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
1363+ EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
1364+ EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
1365+#endif
1366+#ifndef OPENSSL_NO_ECDSA
1367+ EVP_add_digest(EVP_ecdsa());
1368+#endif
1369+#endif
1370+#ifndef OPENSSL_NO_SHA256
1371+ EVP_add_digest(EVP_sha224());
1372+ EVP_add_digest(EVP_sha256());
1373+#endif
1374+#ifndef OPENSSL_NO_SHA512
1375+ EVP_add_digest(EVP_sha384());
1376+ EVP_add_digest(EVP_sha512());
1377+#endif
1378+ }
1379+#endif
1380 }
a7ff9508
MT		 1381diff -up openssl-1.0.1b/crypto/evp/digest.c.fips openssl-1.0.1b/crypto/evp/digest.c
1382--- openssl-1.0.1b/crypto/evp/digest.c.fips 2011-05-29 17:55:13.000000000 +0200
1383+++ openssl-1.0.1b/crypto/evp/digest.c 2012-04-26 18:00:51.391769103 +0200
0595faf5
MT		 1384@@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
1385 return EVP_DigestInit_ex(ctx, type, NULL);
1386 }
1387
1388+#ifdef OPENSSL_FIPS
1389+
1390+/* The purpose of these is to trap programs that attempt to use non FIPS
1391+ * algorithms in FIPS mode and ignore the errors.
1392+ */
1393+
1394+static int bad_init(EVP_MD_CTX *ctx)
1395+ { FIPS_ERROR_IGNORED("Digest init"); return 0;}
1396+
1397+static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count)
1398+ { FIPS_ERROR_IGNORED("Digest update"); return 0;}
1399+
1400+static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
1401+ { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
1402+
1403+static const EVP_MD bad_md =
1404+ {
1405+ 0,
1406+ 0,
1407+ 0,
1408+ 0,
1409+ bad_init,
1410+ bad_update,
1411+ bad_final,
1412+ NULL,
1413+ NULL,
1414+ NULL,
1415+ 0,
1416+ {0,0,0,0},
1417+ };
1418+
1419+#endif
1420+
1421 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
1422 {
1423 EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
1424+#ifdef OPENSSL_FIPS
1425+ if(FIPS_selftest_failed())
1426+ {
1427+ FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
1428+ ctx->digest = &bad_md;
1429+ return 0;
1430+ }
1431+#endif
1432 #ifndef OPENSSL_NO_ENGINE
1433 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
1434 * so this context may already have an ENGINE! Try to avoid releasing
1435@@ -201,6 +242,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
1436 #endif
1437 if (ctx->digest != type)
1438 {
1439+#ifdef OPENSSL_FIPS
1440+ if (FIPS_mode())
1441+ {
1442+ if (!(type->flags & EVP_MD_FLAG_FIPS)
1443+ && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
1444+ {
1445+ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
1446+ ctx->digest = &bad_md;
1447+ return 0;
1448+ }
1449+ }
1450+#endif
1451 if (ctx->digest && ctx->digest->ctx_size)
1452 OPENSSL_free(ctx->md_data);
1453 ctx->digest=type;
1454@@ -229,26 +282,15 @@ skip_to_init:
1455 }
1456 if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
1457 return 1;
1458-#ifdef OPENSSL_FIPS
1459- if (FIPS_mode())
1460- {
1461- if (FIPS_digestinit(ctx, type))
1462- return 1;
1463- OPENSSL_free(ctx->md_data);
1464- ctx->md_data = NULL;
1465- return 0;
1466- }
1467-#endif
1468 return ctx->digest->init(ctx);
1469 }
1470
1471 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
1472 {
1473 #ifdef OPENSSL_FIPS
1474- return FIPS_digestupdate(ctx, data, count);
1475-#else
1476- return ctx->update(ctx,data,count);
1477+ FIPS_selftest_check();
1478 #endif
1479+ return ctx->update(ctx,data,count);
1480 }
1481
1482 /* The caller can assume that this removes any secret data from the context */
1483@@ -263,10 +305,11 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns
1484 /* The caller can assume that this removes any secret data from the context */
1485 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
1486 {
1487-#ifdef OPENSSL_FIPS
1488- return FIPS_digestfinal(ctx, md, size);
1489-#else
1490 int ret;
1491+#ifdef OPENSSL_FIPS
1492+ FIPS_selftest_check();
1493+#endif
1494+
1495 OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
1496 ret=ctx->digest->final(ctx,md);
1497 if (size != NULL)
1498@@ -278,7 +321,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,
1499 }
1500 memset(ctx->md_data,0,ctx->digest->ctx_size);
1501 return ret;
1502-#endif
1503 }
1504
1505 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
1506@@ -372,7 +414,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
1507 /* This call frees resources associated with the context */
1508 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
1509 {
1510-#ifndef OPENSSL_FIPS
1511 /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
1512 * because sometimes only copies of the context are ever finalised.
1513 */
1514@@ -385,7 +426,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
1515 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
1516 OPENSSL_free(ctx->md_data);
1517 }
1518-#endif
1519 if (ctx->pctx)
1520 EVP_PKEY_CTX_free(ctx->pctx);
1521 #ifndef OPENSSL_NO_ENGINE
1522@@ -394,9 +434,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
1523 * functional reference we held for this reason. */
1524 ENGINE_finish(ctx->engine);
1525 #endif
1526-#ifdef OPENSSL_FIPS
1527- FIPS_md_ctx_cleanup(ctx);
1528-#endif
1529 memset(ctx,'\0',sizeof *ctx);
1530
1531 return 1;
a7ff9508
MT		 1532diff -up openssl-1.0.1b/crypto/evp/e_aes.c.fips openssl-1.0.1b/crypto/evp/e_aes.c
1533--- openssl-1.0.1b/crypto/evp/e_aes.c.fips 2011-11-15 13:19:56.000000000 +0100
1534+++ openssl-1.0.1b/crypto/evp/e_aes.c 2012-04-26 18:00:51.391769103 +0200
0595faf5
MT		 1535@@ -56,7 +56,6 @@
1536 #include <assert.h>
1537 #include <openssl/aes.h>
1538 #include "evp_locl.h"
1539-#ifndef OPENSSL_FIPS
1540 #include "modes_lcl.h"
1541 #include <openssl/rand.h>
1542
1543@@ -716,7 +715,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *
1544 if (arg <= 0)
1545 return 0;
1546 #ifdef OPENSSL_FIPS
1547- if (FIPS_module_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)
1548+ if (FIPS_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)
1549 && arg < 12)
1550 return 0;
1551 #endif
1552@@ -1128,7 +1127,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
1553 return 0;
1554 #ifdef OPENSSL_FIPS
1555 /* Requirement of SP800-38E */
1556- if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
1557+ if (FIPS_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
1558 (len > (1UL<<20)*16))
1559 {
1560 EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
1561@@ -1310,4 +1309,3 @@ BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm
1562 BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
1563
1564 #endif
1565-#endif
a7ff9508
MT		 1566diff -up openssl-1.0.1b/crypto/evp/e_des3.c.fips openssl-1.0.1b/crypto/evp/e_des3.c
1567--- openssl-1.0.1b/crypto/evp/e_des3.c.fips 2011-05-29 01:01:26.000000000 +0200
1568+++ openssl-1.0.1b/crypto/evp/e_des3.c 2012-04-26 18:00:51.392769125 +0200
0595faf5
MT		 1569@@ -65,8 +65,6 @@
1570 #include <openssl/des.h>
1571 #include <openssl/rand.h>
1572
1573-#ifndef OPENSSL_FIPS
1574-
1575 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1576 const unsigned char *iv,int enc);
1577
1578@@ -208,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH
1579 }
1580
1581 BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
1582- EVP_CIPH_RAND_KEY, des_ede_init_key, NULL,
1583- EVP_CIPHER_set_asn1_iv,
1584- EVP_CIPHER_get_asn1_iv,
1585+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1586+ des_ede_init_key,
1587+ NULL, NULL, NULL,
1588 des3_ctrl)
1589
1590 #define des_ede3_cfb64_cipher des_ede_cfb64_cipher
1591@@ -219,21 +217,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY,
1592 #define des_ede3_ecb_cipher des_ede_ecb_cipher
1593
1594 BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
1595- EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
1596- EVP_CIPHER_set_asn1_iv,
1597- EVP_CIPHER_get_asn1_iv,
1598+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1599+ des_ede3_init_key,
1600+ NULL, NULL, NULL,
1601 des3_ctrl)
1602
1603 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
1604- EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
1605- EVP_CIPHER_set_asn1_iv,
1606- EVP_CIPHER_get_asn1_iv,
1607+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1608+ des_ede3_init_key,
1609+ NULL, NULL, NULL,
1610 des3_ctrl)
1611
1612 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
1613- EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
1614- EVP_CIPHER_set_asn1_iv,
1615- EVP_CIPHER_get_asn1_iv,
1616+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1617+ des_ede3_init_key,
1618+ NULL, NULL, NULL,
1619 des3_ctrl)
1620
1621 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1622@@ -313,4 +311,3 @@ const EVP_CIPHER *EVP_des_ede3(void)
1623 return &des_ede3_ecb;
1624 }
1625 #endif
1626-#endif
a7ff9508
MT		 1627diff -up openssl-1.0.1b/crypto/evp/e_null.c.fips openssl-1.0.1b/crypto/evp/e_null.c
1628--- openssl-1.0.1b/crypto/evp/e_null.c.fips 2011-06-20 22:00:10.000000000 +0200
1629+++ openssl-1.0.1b/crypto/evp/e_null.c 2012-04-26 18:00:51.392769125 +0200
0595faf5
MT		 1630@@ -61,8 +61,6 @@
1631 #include <openssl/evp.h>
1632 #include <openssl/objects.h>
1633
1634-#ifndef OPENSSL_FIPS
1635-
1636 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1637 const unsigned char *iv,int enc);
1638 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1639@@ -71,7 +69,7 @@ static const EVP_CIPHER n_cipher=
1640 {
1641 NID_undef,
1642 1,0,0,
1643- 0,
1644+ EVP_CIPH_FLAG_FIPS,
1645 null_init_key,
1646 null_cipher,
1647 NULL,
1648@@ -101,4 +99,3 @@ static int null_cipher(EVP_CIPHER_CTX *c
1649 memcpy((char *)out,(const char *)in,inl);
1650 return 1;
1651 }
1652-#endif
a7ff9508
MT		 1653diff -up openssl-1.0.1b/crypto/evp/evp_enc.c.fips openssl-1.0.1b/crypto/evp/evp_enc.c
1654--- openssl-1.0.1b/crypto/evp/evp_enc.c.fips 2012-04-20 02:07:48.000000000 +0200
1655+++ openssl-1.0.1b/crypto/evp/evp_enc.c 2012-04-26 18:02:25.419823276 +0200
0595faf5
MT		 1656@@ -69,17 +69,58 @@
1657 #endif
1658 #include "evp_locl.h"
1659
1660-#ifdef OPENSSL_FIPS
1661-#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
1662-#else
1663 #define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
1664-#endif
1665
1666
1667 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
1668
1669+#ifdef OPENSSL_FIPS
1670+
1671+/* The purpose of these is to trap programs that attempt to use non FIPS
1672+ * algorithms in FIPS mode and ignore the errors.
1673+ */
1674+
1675+static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1676+ const unsigned char *iv, int enc)
1677+ { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
1678+
1679+static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1680+ const unsigned char *in, unsigned int inl)
1681+ { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
1682+
1683+/* NB: no cleanup because it is allowed after failed init */
1684+
1685+static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
1686+ { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
1687+static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
1688+ { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
1689+static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
1690+ { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
1691+
1692+static const EVP_CIPHER bad_cipher =
1693+ {
1694+ 0,
1695+ 0,
1696+ 0,
1697+ 0,
1698+ 0,
1699+ bad_init,
1700+ bad_do_cipher,
1701+ NULL,
1702+ 0,
1703+ bad_set_asn1,
1704+ bad_get_asn1,
1705+ bad_ctrl,
1706+ NULL
1707+ };
1708+
1709+#endif
1710+
1711 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
1712 {
1713+#ifdef OPENSSL_FIPS
1714+ FIPS_selftest_check();
1715+#endif
1716 memset(ctx,0,sizeof(EVP_CIPHER_CTX));
1717 /* ctx->cipher=NULL; */
1718 }
1719@@ -111,6 +152,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
1720 enc = 1;
1721 ctx->encrypt = enc;
1722 }
1723+#ifdef OPENSSL_FIPS
1724+ if(FIPS_selftest_failed())
1725+ {
1726+ FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
1727+ ctx->cipher = &bad_cipher;
1728+ return 0;
1729+ }
1730+#endif
1731 #ifndef OPENSSL_NO_ENGINE
1732 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
1733 * so this context may already have an ENGINE! Try to avoid releasing
a7ff9508 1734@@ -169,10 +218,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
0595faf5
MT		 1735 ctx->engine = NULL;
1736 #endif
1737
1738-#ifdef OPENSSL_FIPS
a7ff9508
MT		 1739- if (FIPS_mode())
1740- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
1741-#endif
0595faf5
MT		 1742 ctx->cipher=cipher;
1743 if (ctx->cipher->ctx_size)
1744 {
a7ff9508 1745@@ -206,10 +251,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
0595faf5
MT		 1746 #ifndef OPENSSL_NO_ENGINE
1747 skip_to_init:
1748 #endif
1749-#ifdef OPENSSL_FIPS
a7ff9508
MT		 1750- if (FIPS_mode())
1751- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
1752-#endif
0595faf5
MT		 1753 /* we assume block size is a power of 2 in *cryptUpdate */
1754 OPENSSL_assert(ctx->cipher->block_size == 1
1755 || ctx->cipher->block_size == 8
a7ff9508 1756@@ -249,6 +290,22 @@ skip_to_init:
0595faf5
MT		 1757 }
1758 }
1759
1760+#ifdef OPENSSL_FIPS
1761+ /* After 'key' is set no further parameters changes are permissible.
1762+ * So only check for non FIPS enabling at this point.
1763+ */
1764+ if (key && FIPS_mode())
1765+ {
1766+ if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
1767+ & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
1768+ {
1769+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS);
1770+ ctx->cipher = &bad_cipher;
1771+ return 0;
1772+ }
1773+ }
1774+#endif
1775+
1776 if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
1777 if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
1778 }
0595faf5
MT		 1779@@ -568,7 +625,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX
1780
1781 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
1782 {
1783-#ifndef OPENSSL_FIPS
1784 if (c->cipher != NULL)
1785 {
1786 if(c->cipher->cleanup && !c->cipher->cleanup(c))
1787@@ -579,16 +635,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT
1788 }
1789 if (c->cipher_data)
1790 OPENSSL_free(c->cipher_data);
1791-#endif
1792 #ifndef OPENSSL_NO_ENGINE
1793 if (c->engine)
1794 /* The EVP_CIPHER we used belongs to an ENGINE, release the
1795 * functional reference we held for this reason. */
1796 ENGINE_finish(c->engine);
1797 #endif
1798-#ifdef OPENSSL_FIPS
1799- FIPS_cipher_ctx_cleanup(c);
1800-#endif
1801 memset(c,0,sizeof(EVP_CIPHER_CTX));
1802 return 1;
1803 }
a7ff9508
MT		 1804diff -up openssl-1.0.1b/crypto/evp/evp.h.fips openssl-1.0.1b/crypto/evp/evp.h
1805--- openssl-1.0.1b/crypto/evp/evp.h.fips 2012-04-26 18:00:51.128763357 +0200
1806+++ openssl-1.0.1b/crypto/evp/evp.h 2012-04-26 18:00:51.394769168 +0200
0595faf5
MT		 1807@@ -75,6 +75,10 @@
1808 #include <openssl/bio.h>
1809 #endif
1810
1811+#ifdef OPENSSL_FIPS
1812+#include <openssl/fips.h>
1813+#endif
1814+
1815 /*
1816 #define EVP_RC2_KEY_SIZE 16
1817 #define EVP_RC4_KEY_SIZE 16
1818@@ -272,10 +276,6 @@ struct env_md_ctx_st
1819 * cleaned */
1820 #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
1821 * in EVP_MD_CTX_cleanup */
1822-/* FIPS and pad options are ignored in 1.0.0, definitions are here
1823- * so we don't accidentally reuse the values for other purposes.
1824- */
1825-
1826 #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
1827 * in FIPS mode */
1828
1829@@ -287,6 +287,10 @@ struct env_md_ctx_st
1830 #define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */
1831 #define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */
1832 #define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */
1833+#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \
1834+ ((ctx->flags>>16) &0xFFFF) /* seed length */
1835+#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */
1836+#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */
1837
1838 #define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */
1839
1840@@ -338,15 +342,15 @@ struct evp_cipher_st
1841 /* cipher handles random key generation */
1842 #define EVP_CIPH_RAND_KEY 0x200
1843 /* cipher has its own additional copying logic */
1844-#define EVP_CIPH_CUSTOM_COPY 0x400
1845+#define EVP_CIPH_CUSTOM_COPY 0x4000
1846 /* Allow use default ASN1 get/set iv */
1847 #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
1848 /* Buffer length in bits not bytes: CFB1 mode only */
1849 #define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
1850 /* Note if suitable for use in FIPS mode */
1851-#define EVP_CIPH_FLAG_FIPS 0x4000
1852+#define EVP_CIPH_FLAG_FIPS 0x400
1853 /* Allow non FIPS cipher in FIPS mode */
1854-#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000
1855+#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
1856 /* Cipher handles any and all padding logic as well
1857 * as finalisation.
1858 */
a7ff9508
MT		 1859diff -up openssl-1.0.1b/crypto/evp/evp_lib.c.fips openssl-1.0.1b/crypto/evp/evp_lib.c
1860--- openssl-1.0.1b/crypto/evp/evp_lib.c.fips 2011-05-29 04:32:05.000000000 +0200
1861+++ openssl-1.0.1b/crypto/evp/evp_lib.c 2012-04-26 18:00:51.394769168 +0200
0595faf5
MT		 1862@@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_
1863
1864 int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
1865 {
1866+#ifdef OPENSSL_FIPS
1867+ FIPS_selftest_check();
1868+#endif
1869 return ctx->cipher->do_cipher(ctx,out,in,inl);
1870 }
1871
a7ff9508
MT		 1872diff -up openssl-1.0.1b/crypto/evp/evp_locl.h.fips openssl-1.0.1b/crypto/evp/evp_locl.h
1873--- openssl-1.0.1b/crypto/evp/evp_locl.h.fips 2012-04-26 18:00:51.118763138 +0200
1874+++ openssl-1.0.1b/crypto/evp/evp_locl.h 2012-04-26 18:00:51.395769190 +0200
0595faf5
MT		 1875@@ -258,10 +258,9 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
1876 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
1877 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
1878 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
1879- 0, cipher##_init_key, NULL, \
1880- EVP_CIPHER_set_asn1_iv, \
1881- EVP_CIPHER_get_asn1_iv, \
1882- NULL)
1883+ EVP_CIPH_FLAG_DEFAULT_ASN1, \
1884+ cipher##_init_key, NULL, NULL, NULL, NULL)
1885+
1886
1887 struct evp_pkey_ctx_st
1888 {
1889@@ -367,11 +366,6 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_
1890 #define MD2_Init private_MD2_Init
1891 #define MDC2_Init private_MDC2_Init
1892 #define SHA_Init private_SHA_Init
1893-#define SHA1_Init private_SHA1_Init
1894-#define SHA224_Init private_SHA224_Init
1895-#define SHA256_Init private_SHA256_Init
1896-#define SHA384_Init private_SHA384_Init
1897-#define SHA512_Init private_SHA512_Init
1898
1899 #define BF_set_key private_BF_set_key
1900 #define CAST_set_key private_CAST_set_key
1901@@ -379,7 +373,6 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_
1902 #define SEED_set_key private_SEED_set_key
1903 #define RC2_set_key private_RC2_set_key
1904 #define RC4_set_key private_RC4_set_key
1905-#define DES_set_key_unchecked private_DES_set_key_unchecked
1906 #define Camellia_set_key private_Camellia_set_key
1907
1908 #endif
a7ff9508
MT		 1909diff -up openssl-1.0.1b/crypto/evp/Makefile.fips openssl-1.0.1b/crypto/evp/Makefile
1910--- openssl-1.0.1b/crypto/evp/Makefile.fips 2012-04-26 12:42:19.000000000 +0200
1911+++ openssl-1.0.1b/crypto/evp/Makefile 2012-04-26 18:00:51.395769190 +0200
0595faf5
MT		 1912@@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_
1913 bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
1914 c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
1915 evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
1916- e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \
1917+ e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
1918 e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
1919
1920 LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
1921@@ -41,7 +41,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_
1922 bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
1923 c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
1924 evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
1925- e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \
1926+ e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \
1927 e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
1928
1929 SRC= $(LIBSRC)
a7ff9508
MT		 1930diff -up openssl-1.0.1b/crypto/evp/m_dss1.c.fips openssl-1.0.1b/crypto/evp/m_dss1.c
1931--- openssl-1.0.1b/crypto/evp/m_dss1.c.fips 2011-06-01 17:11:00.000000000 +0200
1932+++ openssl-1.0.1b/crypto/evp/m_dss1.c 2012-04-26 18:00:51.396769212 +0200
0595faf5
MT		 1933@@ -68,8 +68,6 @@
1934 #include <openssl/dsa.h>
1935 #endif
1936
1937-#ifndef OPENSSL_FIPS
1938-
1939 static int init(EVP_MD_CTX *ctx)
1940 { return SHA1_Init(ctx->md_data); }
1941
1942@@ -84,7 +82,7 @@ static const EVP_MD dss1_md=
1943 NID_dsa,
1944 NID_dsaWithSHA1,
1945 SHA_DIGEST_LENGTH,
1946- EVP_MD_FLAG_PKEY_DIGEST,
1947+ EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
1948 init,
1949 update,
1950 final,
1951@@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
1952 return(&dss1_md);
1953 }
1954 #endif
1955-#endif
a7ff9508
MT		 1956diff -up openssl-1.0.1b/crypto/evp/m_dss.c.fips openssl-1.0.1b/crypto/evp/m_dss.c
1957--- openssl-1.0.1b/crypto/evp/m_dss.c.fips 2011-06-01 17:11:00.000000000 +0200
1958+++ openssl-1.0.1b/crypto/evp/m_dss.c 2012-04-26 18:00:51.396769212 +0200
0595faf5
MT		 1959@@ -66,7 +66,6 @@
1960 #endif
1961
1962 #ifndef OPENSSL_NO_SHA
1963-#ifndef OPENSSL_FIPS
1964
1965 static int init(EVP_MD_CTX *ctx)
1966 { return SHA1_Init(ctx->md_data); }
1967@@ -82,7 +81,7 @@ static const EVP_MD dsa_md=
1968 NID_dsaWithSHA,
1969 NID_dsaWithSHA,
1970 SHA_DIGEST_LENGTH,
1971- EVP_MD_FLAG_PKEY_DIGEST,
1972+ EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
1973 init,
1974 update,
1975 final,
1976@@ -98,4 +97,3 @@ const EVP_MD *EVP_dss(void)
1977 return(&dsa_md);
1978 }
1979 #endif
1980-#endif
a7ff9508
MT		 1981diff -up openssl-1.0.1b/crypto/evp/m_md2.c.fips openssl-1.0.1b/crypto/evp/m_md2.c
1982--- openssl-1.0.1b/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200
1983+++ openssl-1.0.1b/crypto/evp/m_md2.c 2012-04-26 18:00:51.396769212 +0200
0595faf5
MT		 1984@@ -68,6 +68,7 @@
1985 #ifndef OPENSSL_NO_RSA
1986 #include <openssl/rsa.h>
1987 #endif
1988+#include "evp_locl.h"
1989
1990 static int init(EVP_MD_CTX *ctx)
1991 { return MD2_Init(ctx->md_data); }
a7ff9508
MT		 1992diff -up openssl-1.0.1b/crypto/evp/m_sha1.c.fips openssl-1.0.1b/crypto/evp/m_sha1.c
1993--- openssl-1.0.1b/crypto/evp/m_sha1.c.fips 2011-05-29 01:01:26.000000000 +0200
1994+++ openssl-1.0.1b/crypto/evp/m_sha1.c 2012-04-26 18:00:51.396769212 +0200
0595faf5
MT		 1995@@ -59,8 +59,6 @@
1996 #include <stdio.h>
1997 #include "cryptlib.h"
1998
1999-#ifndef OPENSSL_FIPS
2000-
2001 #ifndef OPENSSL_NO_SHA
2002
2003 #include <openssl/evp.h>
2004@@ -85,7 +83,8 @@ static const EVP_MD sha1_md=
2005 NID_sha1,
2006 NID_sha1WithRSAEncryption,
2007 SHA_DIGEST_LENGTH,
2008- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
2009+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
2010+ EVP_MD_FLAG_FIPS,
2011 init,
2012 update,
2013 final,
2014@@ -122,7 +121,8 @@ static const EVP_MD sha224_md=
2015 NID_sha224,
2016 NID_sha224WithRSAEncryption,
2017 SHA224_DIGEST_LENGTH,
2018- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
2019+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
2020+ EVP_MD_FLAG_FIPS,
2021 init224,
2022 update256,
2023 final256,
2024@@ -141,7 +141,8 @@ static const EVP_MD sha256_md=
2025 NID_sha256,
2026 NID_sha256WithRSAEncryption,
2027 SHA256_DIGEST_LENGTH,
2028- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
2029+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
2030+ EVP_MD_FLAG_FIPS,
2031 init256,
2032 update256,
2033 final256,
2034@@ -172,7 +173,8 @@ static const EVP_MD sha384_md=
2035 NID_sha384,
2036 NID_sha384WithRSAEncryption,
2037 SHA384_DIGEST_LENGTH,
2038- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
2039+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
2040+ EVP_MD_FLAG_FIPS,
2041 init384,
2042 update512,
2043 final512,
2044@@ -191,7 +193,8 @@ static const EVP_MD sha512_md=
2045 NID_sha512,
2046 NID_sha512WithRSAEncryption,
2047 SHA512_DIGEST_LENGTH,
2048- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
2049+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
2050+ EVP_MD_FLAG_FIPS,
2051 init512,
2052 update512,
2053 final512,
2054@@ -206,4 +209,3 @@ const EVP_MD *EVP_sha512(void)
2055 { return(&sha512_md); }
2056 #endif /* ifndef OPENSSL_NO_SHA512 */
2057
2058-#endif
a7ff9508
MT		 2059diff -up openssl-1.0.1b/crypto/evp/p_sign.c.fips openssl-1.0.1b/crypto/evp/p_sign.c
2060--- openssl-1.0.1b/crypto/evp/p_sign.c.fips 2011-06-09 18:02:39.000000000 +0200
2061+++ openssl-1.0.1b/crypto/evp/p_sign.c 2012-04-26 18:00:51.396769212 +0200
0595faf5
MT		 2062@@ -61,6 +61,7 @@
2063 #include <openssl/evp.h>
2064 #include <openssl/objects.h>
2065 #include <openssl/x509.h>
2066+#include <openssl/rsa.h>
2067
2068 #ifdef undef
2069 void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
2070@@ -103,6 +104,22 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsig
2071 goto err;
2072 if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
2073 goto err;
2074+ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931)
2075+ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0)
2076+ goto err;
2077+ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS)
2078+ {
2079+ int saltlen;
2080+ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
2081+ goto err;
2082+ saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx);
2083+ if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
2084+ saltlen = -1;
2085+ else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
2086+ saltlen = -2;
2087+ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
2088+ goto err;
2089+ }
2090 if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
2091 goto err;
2092 *siglen = sltmp;
a7ff9508
MT		 2093diff -up openssl-1.0.1b/crypto/evp/p_verify.c.fips openssl-1.0.1b/crypto/evp/p_verify.c
2094--- openssl-1.0.1b/crypto/evp/p_verify.c.fips 2011-06-09 18:02:39.000000000 +0200
2095+++ openssl-1.0.1b/crypto/evp/p_verify.c 2012-04-26 18:00:51.396769212 +0200
0595faf5
MT		 2096@@ -61,6 +61,7 @@
2097 #include <openssl/evp.h>
2098 #include <openssl/objects.h>
2099 #include <openssl/x509.h>
2100+#include <openssl/rsa.h>
2101
2102 int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
2103 unsigned int siglen, EVP_PKEY *pkey)
2104@@ -88,6 +89,22 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, con
2105 goto err;
2106 if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
2107 goto err;
2108+ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931)
2109+ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0)
2110+ goto err;
2111+ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS)
2112+ {
2113+ int saltlen;
2114+ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
2115+ goto err;
2116+ saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx);
2117+ if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
2118+ saltlen = -1;
2119+ else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
2120+ saltlen = -2;
2121+ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
2122+ goto err;
2123+ }
2124 i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
2125 err:
2126 EVP_PKEY_CTX_free(pkctx);
a7ff9508
MT		 2127diff -up openssl-1.0.1b/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_aesavs.c
2128--- openssl-1.0.1b/crypto/fips/cavs/fips_aesavs.c.fips 2012-04-26 18:00:51.397769234 +0200
2129+++ openssl-1.0.1b/crypto/fips/cavs/fips_aesavs.c 2012-04-26 18:00:51.397769234 +0200
0595faf5
MT		 2130@@ -0,0 +1,939 @@
2131+/* ====================================================================
2132+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
2133+ *
2134+ * Redistribution and use in source and binary forms, with or without
2135+ * modification, are permitted provided that the following conditions
2136+ * are met:
2137+ *
2138+ * 1. Redistributions of source code must retain the above copyright
2139+ * notice, this list of conditions and the following disclaimer.
2140+ *
2141+ * 2. Redistributions in binary form must reproduce the above copyright
2142+ * notice, this list of conditions and the following disclaimer in
2143+ * the documentation and/or other materials provided with the
2144+ * distribution.
2145+ *
2146+ * 3. All advertising materials mentioning features or use of this
2147+ * software must display the following acknowledgment:
2148+ * "This product includes software developed by the OpenSSL Project
2149+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
2150+ *
2151+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
2152+ * endorse or promote products derived from this software without
2153+ * prior written permission. For written permission, please contact
2154+ * openssl-core@openssl.org.
2155+ *
2156+ * 5. Products derived from this software may not be called "OpenSSL"
2157+ * nor may "OpenSSL" appear in their names without prior written
2158+ * permission of the OpenSSL Project.
2159+ *
2160+ * 6. Redistributions of any form whatsoever must retain the following
2161+ * acknowledgment:
2162+ * "This product includes software developed by the OpenSSL Project
2163+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
2164+ *
2165+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
2166+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2167+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
2168+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
2169+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
2170+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
2171+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
2172+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2173+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
2174+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
2175+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
2176+ * OF THE POSSIBILITY OF SUCH DAMAGE.
2177+ *
2178+ */
2179+/*---------------------------------------------
2180+ NIST AES Algorithm Validation Suite
2181+ Test Program
2182+
2183+ Donated to OpenSSL by:
2184+ V-ONE Corporation
2185+ 20250 Century Blvd, Suite 300
2186+ Germantown, MD 20874
2187+ U.S.A.
2188+ ----------------------------------------------*/
2189+
2190+#include <stdio.h>
2191+#include <stdlib.h>
2192+#include <string.h>
2193+#include <errno.h>
2194+#include <assert.h>
2195+#include <ctype.h>
2196+#include <openssl/aes.h>
2197+#include <openssl/evp.h>
2198+#include <openssl/bn.h>
2199+
2200+#include <openssl/err.h>
2201+#include "e_os.h"
2202+
2203+#ifndef OPENSSL_FIPS
2204+
2205+int main(int argc, char *argv[])
2206+{
2207+ printf("No FIPS AES support\n");
2208+ return(0);
2209+}
2210+
2211+#else
2212+
2213+#include <openssl/fips.h>
2214+#include "fips_utl.h"
2215+
2216+#define AES_BLOCK_SIZE 16
2217+
2218+#define VERBOSE 0
2219+
2220+/*-----------------------------------------------*/
2221+
2222+int AESTest(EVP_CIPHER_CTX *ctx,
2223+ char *amode, int akeysz, unsigned char *aKey,
2224+ unsigned char *iVec,
2225+ int dir, /* 0 = decrypt, 1 = encrypt */
2226+ unsigned char *plaintext, unsigned char *ciphertext, int len)
2227+ {
2228+ const EVP_CIPHER *cipher = NULL;
2229+
2230+ if (strcasecmp(amode, "CBC") == 0)
2231+ {
2232+ switch (akeysz)
2233+ {
2234+ case 128:
2235+ cipher = EVP_aes_128_cbc();
2236+ break;
2237+
2238+ case 192:
2239+ cipher = EVP_aes_192_cbc();
2240+ break;
2241+
2242+ case 256:
2243+ cipher = EVP_aes_256_cbc();
2244+ break;
2245+ }
2246+
2247+ }
2248+ else if (strcasecmp(amode, "ECB") == 0)
2249+ {
2250+ switch (akeysz)
2251+ {
2252+ case 128:
2253+ cipher = EVP_aes_128_ecb();
2254+ break;
2255+
2256+ case 192:
2257+ cipher = EVP_aes_192_ecb();
2258+ break;
2259+
2260+ case 256:
2261+ cipher = EVP_aes_256_ecb();
2262+ break;
2263+ }
2264+ }
2265+ else if (strcasecmp(amode, "CFB128") == 0)
2266+ {
2267+ switch (akeysz)
2268+ {
2269+ case 128:
2270+ cipher = EVP_aes_128_cfb128();
2271+ break;
2272+
2273+ case 192:
2274+ cipher = EVP_aes_192_cfb128();
2275+ break;
2276+
2277+ case 256:
2278+ cipher = EVP_aes_256_cfb128();
2279+ break;
2280+ }
2281+
2282+ }
2283+ else if (strncasecmp(amode, "OFB", 3) == 0)
2284+ {
2285+ switch (akeysz)
2286+ {
2287+ case 128:
2288+ cipher = EVP_aes_128_ofb();
2289+ break;
2290+
2291+ case 192:
2292+ cipher = EVP_aes_192_ofb();
2293+ break;
2294+
2295+ case 256:
2296+ cipher = EVP_aes_256_ofb();
2297+ break;
2298+ }
2299+ }
2300+ else if(!strcasecmp(amode,"CFB1"))
2301+ {
2302+ switch (akeysz)
2303+ {
2304+ case 128:
2305+ cipher = EVP_aes_128_cfb1();
2306+ break;
2307+
2308+ case 192:
2309+ cipher = EVP_aes_192_cfb1();
2310+ break;
2311+
2312+ case 256:
2313+ cipher = EVP_aes_256_cfb1();
2314+ break;
2315+ }
2316+ }
2317+ else if(!strcasecmp(amode,"CFB8"))
2318+ {
2319+ switch (akeysz)
2320+ {
2321+ case 128:
2322+ cipher = EVP_aes_128_cfb8();
2323+ break;
2324+
2325+ case 192:
2326+ cipher = EVP_aes_192_cfb8();
2327+ break;
2328+
2329+ case 256:
2330+ cipher = EVP_aes_256_cfb8();
2331+ break;
2332+ }
2333+ }
2334+ else
2335+ {
2336+ printf("Unknown mode: %s\n", amode);
2337+ return 0;
2338+ }
2339+ if (!cipher)
2340+ {
2341+ printf("Invalid key size: %d\n", akeysz);
2342+ return 0;
2343+ }
2344+ if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
2345+ return 0;
2346+ if(!strcasecmp(amode,"CFB1"))
2347+ M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
2348+ if (dir)
2349+ EVP_Cipher(ctx, ciphertext, plaintext, len);
2350+ else
2351+ EVP_Cipher(ctx, plaintext, ciphertext, len);
2352+ return 1;
2353+ }
2354+
2355+/*-----------------------------------------------*/
2356+char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
2357+char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"};
2358+enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128};
2359+enum XCrypt {XDECRYPT, XENCRYPT};
2360+
2361+/*=============================*/
2362+/* Monte Carlo Tests */
2363+/*-----------------------------*/
2364+
2365+/*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/
2366+/*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/
2367+
2368+#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
2369+#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
2370+
2371+int do_mct(char *amode,
2372+ int akeysz, unsigned char *aKey,unsigned char *iVec,
2373+ int dir, unsigned char *text, int len,
2374+ FILE *rfp)
2375+ {
2376+ int ret = 0;
2377+ unsigned char key[101][32];
2378+ unsigned char iv[101][AES_BLOCK_SIZE];
2379+ unsigned char ptext[1001][32];
2380+ unsigned char ctext[1001][32];
2381+ unsigned char ciphertext[64+4];
2382+ int i, j, n, n1, n2;
2383+ int imode = 0, nkeysz = akeysz/8;
2384+ EVP_CIPHER_CTX ctx;
2385+ EVP_CIPHER_CTX_init(&ctx);
2386+
2387+ if (len > 32)
2388+ {
2389+ printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n",
2390+ amode, akeysz);
2391+ return -1;
2392+ }
2393+ for (imode = 0; imode < 6; ++imode)
2394+ if (strcmp(amode, t_mode[imode]) == 0)
2395+ break;
2396+ if (imode == 6)
2397+ {
2398+ printf("Unrecognized mode: %s\n", amode);
2399+ return -1;
2400+ }
2401+
2402+ memcpy(key[0], aKey, nkeysz);
2403+ if (iVec)
2404+ memcpy(iv[0], iVec, AES_BLOCK_SIZE);
2405+ if (dir == XENCRYPT)
2406+ memcpy(ptext[0], text, len);
2407+ else
2408+ memcpy(ctext[0], text, len);
2409+ for (i = 0; i < 100; ++i)
2410+ {
2411+ /* printf("Iteration %d\n", i); */
2412+ if (i > 0)
2413+ {
2414+ fprintf(rfp,"COUNT = %d\n",i);
2415+ OutputValue("KEY",key[i],nkeysz,rfp,0);
2416+ if (imode != ECB) /* ECB */
2417+ OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0);
2418+ /* Output Ciphertext | Plaintext */
2419+ OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp,
2420+ imode == CFB1);
2421+ }
2422+ for (j = 0; j < 1000; ++j)
2423+ {
2424+ switch (imode)
2425+ {
2426+ case ECB:
2427+ if (j == 0)
2428+ { /* set up encryption */
2429+ ret = AESTest(&ctx, amode, akeysz, key[i], NULL,
2430+ dir, /* 0 = decrypt, 1 = encrypt */
2431+ ptext[j], ctext[j], len);
2432+ if (dir == XENCRYPT)
2433+ memcpy(ptext[j+1], ctext[j], len);
2434+ else
2435+ memcpy(ctext[j+1], ptext[j], len);
2436+ }
2437+ else
2438+ {
2439+ if (dir == XENCRYPT)
2440+ {
2441+ EVP_Cipher(&ctx, ctext[j], ptext[j], len);
2442+ memcpy(ptext[j+1], ctext[j], len);
2443+ }
2444+ else
2445+ {
2446+ EVP_Cipher(&ctx, ptext[j], ctext[j], len);
2447+ memcpy(ctext[j+1], ptext[j], len);
2448+ }
2449+ }
2450+ break;
2451+
2452+ case CBC:
2453+ case OFB:
2454+ case CFB128:
2455+ if (j == 0)
2456+ {
2457+ ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
2458+ dir, /* 0 = decrypt, 1 = encrypt */
2459+ ptext[j], ctext[j], len);
2460+ if (dir == XENCRYPT)
2461+ memcpy(ptext[j+1], iv[i], len);
2462+ else
2463+ memcpy(ctext[j+1], iv[i], len);
2464+ }
2465+ else
2466+ {
2467+ if (dir == XENCRYPT)
2468+ {
2469+ EVP_Cipher(&ctx, ctext[j], ptext[j], len);
2470+ memcpy(ptext[j+1], ctext[j-1], len);
2471+ }
2472+ else
2473+ {
2474+ EVP_Cipher(&ctx, ptext[j], ctext[j], len);
2475+ memcpy(ctext[j+1], ptext[j-1], len);
2476+ }
2477+ }
2478+ break;
2479+
2480+ case CFB8:
2481+ if (j == 0)
2482+ {
2483+ ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
2484+ dir, /* 0 = decrypt, 1 = encrypt */
2485+ ptext[j], ctext[j], len);
2486+ }
2487+ else
2488+ {
2489+ if (dir == XENCRYPT)
2490+ EVP_Cipher(&ctx, ctext[j], ptext[j], len);
2491+ else
2492+ EVP_Cipher(&ctx, ptext[j], ctext[j], len);
2493+ }
2494+ if (dir == XENCRYPT)
2495+ {
2496+ if (j < 16)
2497+ memcpy(ptext[j+1], &iv[i][j], len);
2498+ else
2499+ memcpy(ptext[j+1], ctext[j-16], len);
2500+ }
2501+ else
2502+ {
2503+ if (j < 16)
2504+ memcpy(ctext[j+1], &iv[i][j], len);
2505+ else
2506+ memcpy(ctext[j+1], ptext[j-16], len);
2507+ }
2508+ break;
2509+
2510+ case CFB1:
2511+ if(j == 0)
2512+ {
2513+#if 0
2514+ /* compensate for wrong endianness of input file */
2515+ if(i == 0)
2516+ ptext[0][0]<<=7;
2517+#endif
2518+ ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
2519+ ptext[j], ctext[j], len);
2520+ }
2521+ else
2522+ {
2523+ if (dir == XENCRYPT)
2524+ EVP_Cipher(&ctx, ctext[j], ptext[j], len);
2525+ else
2526+ EVP_Cipher(&ctx, ptext[j], ctext[j], len);
2527+
2528+ }
2529+ if(dir == XENCRYPT)
2530+ {
2531+ if(j < 128)
2532+ sb(ptext[j+1],0,gb(iv[i],j));
2533+ else
2534+ sb(ptext[j+1],0,gb(ctext[j-128],0));
2535+ }
2536+ else
2537+ {
2538+ if(j < 128)
2539+ sb(ctext[j+1],0,gb(iv[i],j));
2540+ else
2541+ sb(ctext[j+1],0,gb(ptext[j-128],0));
2542+ }
2543+ break;
2544+ }
2545+ }
2546+ --j; /* reset to last of range */
2547+ /* Output Ciphertext | Plaintext */
2548+ OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp,
2549+ imode == CFB1);
2550+ fprintf(rfp, "\n"); /* add separator */
2551+
2552+ /* Compute next KEY */
2553+ if (dir == XENCRYPT)
2554+ {
2555+ if (imode == CFB8)
2556+ { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
2557+ for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
2558+ ciphertext[n1] = ctext[j-n2][0];
2559+ }
2560+ else if(imode == CFB1)
2561+ {
2562+ for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
2563+ sb(ciphertext,n1,gb(ctext[j-n2],0));
2564+ }
2565+ else
2566+ switch (akeysz)
2567+ {
2568+ case 128:
2569+ memcpy(ciphertext, ctext[j], 16);
2570+ break;
2571+ case 192:
2572+ memcpy(ciphertext, ctext[j-1]+8, 8);
2573+ memcpy(ciphertext+8, ctext[j], 16);
2574+ break;
2575+ case 256:
2576+ memcpy(ciphertext, ctext[j-1], 16);
2577+ memcpy(ciphertext+16, ctext[j], 16);
2578+ break;
2579+ }
2580+ }
2581+ else
2582+ {
2583+ if (imode == CFB8)
2584+ { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
2585+ for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
2586+ ciphertext[n1] = ptext[j-n2][0];
2587+ }
2588+ else if(imode == CFB1)
2589+ {
2590+ for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
2591+ sb(ciphertext,n1,gb(ptext[j-n2],0));
2592+ }
2593+ else
2594+ switch (akeysz)
2595+ {
2596+ case 128:
2597+ memcpy(ciphertext, ptext[j], 16);
2598+ break;
2599+ case 192:
2600+ memcpy(ciphertext, ptext[j-1]+8, 8);
2601+ memcpy(ciphertext+8, ptext[j], 16);
2602+ break;
2603+ case 256:
2604+ memcpy(ciphertext, ptext[j-1], 16);
2605+ memcpy(ciphertext+16, ptext[j], 16);
2606+ break;
2607+ }
2608+ }
2609+ /* Compute next key: Key[i+1] = Key[i] xor ct */
2610+ for (n = 0; n < nkeysz; ++n)
2611+ key[i+1][n] = key[i][n] ^ ciphertext[n];
2612+
2613+ /* Compute next IV and text */
2614+ if (dir == XENCRYPT)
2615+ {
2616+ switch (imode)
2617+ {
2618+ case ECB:
2619+ memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE);
2620+ break;
2621+ case CBC:
2622+ case OFB:
2623+ case CFB128:
2624+ memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE);
2625+ memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE);
2626+ break;
2627+ case CFB8:
2628+ /* IV[i+1] = ct */
2629+ for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
2630+ iv[i+1][n1] = ctext[j-n2][0];
2631+ ptext[0][0] = ctext[j-16][0];
2632+ break;
2633+ case CFB1:
2634+ for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
2635+ sb(iv[i+1],n1,gb(ctext[j-n2],0));
2636+ ptext[0][0]=ctext[j-128][0]&0x80;
2637+ break;
2638+ }
2639+ }
2640+ else
2641+ {
2642+ switch (imode)
2643+ {
2644+ case ECB:
2645+ memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE);
2646+ break;
2647+ case CBC:
2648+ case OFB:
2649+ case CFB128:
2650+ memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE);
2651+ memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE);
2652+ break;
2653+ case CFB8:
2654+ for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
2655+ iv[i+1][n1] = ptext[j-n2][0];
2656+ ctext[0][0] = ptext[j-16][0];
2657+ break;
2658+ case CFB1:
2659+ for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
2660+ sb(iv[i+1],n1,gb(ptext[j-n2],0));
2661+ ctext[0][0]=ptext[j-128][0]&0x80;
2662+ break;
2663+ }
2664+ }
2665+ }
2666+
2667+ return ret;
2668+ }
2669+
2670+/*================================================*/
2671+/*----------------------------
2672+ # Config info for v-one
2673+ # AESVS MMT test data for ECB
2674+ # State : Encrypt and Decrypt
2675+ # Key Length : 256
2676+ # Fri Aug 30 04:07:22 PM
2677+ ----------------------------*/
2678+
2679+int proc_file(char *rqfile, char *rspfile)
2680+ {
2681+ char afn[256], rfn[256];
2682+ FILE *afp = NULL, *rfp = NULL;
2683+ char ibuf[2048];
2684+ char tbuf[2048];
2685+ int ilen, len, ret = 0;
2686+ char algo[8] = "";
2687+ char amode[8] = "";
2688+ char atest[8] = "";
2689+ int akeysz = 0;
2690+ unsigned char iVec[20], aKey[40];
2691+ int dir = -1, err = 0, step = 0;
2692+ unsigned char plaintext[2048];
2693+ unsigned char ciphertext[2048];
2694+ char *rp;
2695+ EVP_CIPHER_CTX ctx;
2696+ EVP_CIPHER_CTX_init(&ctx);
2697+
2698+ if (!rqfile || !(*rqfile))
2699+ {
2700+ printf("No req file\n");
2701+ return -1;
2702+ }
2703+ strcpy(afn, rqfile);
2704+
2705+ if ((afp = fopen(afn, "r")) == NULL)
2706+ {
2707+ printf("Cannot open file: %s, %s\n",
2708+ afn, strerror(errno));
2709+ return -1;
2710+ }
2711+ if (!rspfile)
2712+ {
2713+ strcpy(rfn,afn);
2714+ rp=strstr(rfn,"req/");
2715+#ifdef OPENSSL_SYS_WIN32
2716+ if (!rp)
2717+ rp=strstr(rfn,"req\\");
2718+#endif
2719+ assert(rp);
2720+ memcpy(rp,"rsp",3);
2721+ rp = strstr(rfn, ".req");
2722+ memcpy(rp, ".rsp", 4);
2723+ rspfile = rfn;
2724+ }
2725+ if ((rfp = fopen(rspfile, "w")) == NULL)
2726+ {
2727+ printf("Cannot open file: %s, %s\n",
2728+ rfn, strerror(errno));
2729+ fclose(afp);
2730+ afp = NULL;
2731+ return -1;
2732+ }
2733+ while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
2734+ {
2735+ tidy_line(tbuf, ibuf);
2736+ ilen = strlen(ibuf);
2737+ /* printf("step=%d ibuf=%s",step,ibuf); */
2738+ switch (step)
2739+ {
2740+ case 0: /* read preamble */
2741+ if (ibuf[0] == '\n')
2742+ { /* end of preamble */
2743+ if ((*algo == '\0') ||
2744+ (*amode == '\0') ||
2745+ (akeysz == 0))
2746+ {
2747+ printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n",
2748+ algo,amode,akeysz);
2749+ err = 1;
2750+ }
2751+ else
2752+ {
2753+ fputs(ibuf, rfp);
2754+ ++ step;
2755+ }
2756+ }
2757+ else if (ibuf[0] != '#')
2758+ {
2759+ printf("Invalid preamble item: %s\n", ibuf);
2760+ err = 1;
2761+ }
2762+ else
2763+ { /* process preamble */
2764+ char *xp, *pp = ibuf+2;
2765+ int n;
2766+ if (akeysz)
2767+ { /* insert current time & date */
2768+ time_t rtim = time(0);
2769+ fprintf(rfp, "# %s", ctime(&rtim));
2770+ }
2771+ else
2772+ {
2773+ fputs(ibuf, rfp);
2774+ if (strncmp(pp, "AESVS ", 6) == 0)
2775+ {
2776+ strcpy(algo, "AES");
2777+ /* get test type */
2778+ pp += 6;
2779+ xp = strchr(pp, ' ');
2780+ n = xp-pp;
2781+ strncpy(atest, pp, n);
2782+ atest[n] = '\0';
2783+ /* get mode */
2784+ xp = strrchr(pp, ' '); /* get mode" */
2785+ n = strlen(xp+1)-1;
2786+ strncpy(amode, xp+1, n);
2787+ amode[n] = '\0';
2788+ /* amode[3] = '\0'; */
2789+ if (VERBOSE)
2790+ printf("Test = %s, Mode = %s\n", atest, amode);
2791+ }
2792+ else if (strncasecmp(pp, "Key Length : ", 13) == 0)
2793+ {
2794+ akeysz = atoi(pp+13);
2795+ if (VERBOSE)
2796+ printf("Key size = %d\n", akeysz);
2797+ }
2798+ }
2799+ }
2800+ break;
2801+
2802+ case 1: /* [ENCRYPT] | [DECRYPT] */
2803+ if (ibuf[0] == '[')
2804+ {
2805+ fputs(ibuf, rfp);
2806+ ++step;
2807+ if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
2808+ dir = 1;
2809+ else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
2810+ dir = 0;
2811+ else
2812+ {
2813+ printf("Invalid keyword: %s\n", ibuf);
2814+ err = 1;
2815+ }
2816+ break;
2817+ }
2818+ else if (dir == -1)
2819+ {
2820+ err = 1;
2821+ printf("Missing ENCRYPT/DECRYPT keyword\n");
2822+ break;
2823+ }
2824+ else
2825+ step = 2;
2826+
2827+ case 2: /* KEY = xxxx */
2828+ fputs(ibuf, rfp);
2829+ if(*ibuf == '\n')
2830+ break;
2831+ if(!strncasecmp(ibuf,"COUNT = ",8))
2832+ break;
2833+
2834+ if (strncasecmp(ibuf, "KEY = ", 6) != 0)
2835+ {
2836+ printf("Missing KEY\n");
2837+ err = 1;
2838+ }
2839+ else
2840+ {
2841+ len = hex2bin((char*)ibuf+6, aKey);
2842+ if (len < 0)
2843+ {
2844+ printf("Invalid KEY\n");
2845+ err =1;
2846+ break;
2847+ }
2848+ PrintValue("KEY", aKey, len);
2849+ if (strcmp(amode, "ECB") == 0)
2850+ {
2851+ memset(iVec, 0, sizeof(iVec));
2852+ step = (dir)? 4: 5; /* no ivec for ECB */
2853+ }
2854+ else
2855+ ++step;
2856+ }
2857+ break;
2858+
2859+ case 3: /* IV = xxxx */
2860+ fputs(ibuf, rfp);
2861+ if (strncasecmp(ibuf, "IV = ", 5) != 0)
2862+ {
2863+ printf("Missing IV\n");
2864+ err = 1;
2865+ }
2866+ else
2867+ {
2868+ len = hex2bin((char*)ibuf+5, iVec);
2869+ if (len < 0)
2870+ {
2871+ printf("Invalid IV\n");
2872+ err =1;
2873+ break;
2874+ }
2875+ PrintValue("IV", iVec, len);
2876+ step = (dir)? 4: 5;
2877+ }
2878+ break;
2879+
2880+ case 4: /* PLAINTEXT = xxxx */
2881+ fputs(ibuf, rfp);
2882+ if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
2883+ {
2884+ printf("Missing PLAINTEXT\n");
2885+ err = 1;
2886+ }
2887+ else
2888+ {
2889+ int nn = strlen(ibuf+12);
2890+ if(!strcmp(amode,"CFB1"))
2891+ len=bint2bin(ibuf+12,nn-1,plaintext);
2892+ else
2893+ len=hex2bin(ibuf+12, plaintext);
2894+ if (len < 0)
2895+ {
2896+ printf("Invalid PLAINTEXT: %s", ibuf+12);
2897+ err =1;
2898+ break;
2899+ }
2900+ if (len >= sizeof(plaintext))
2901+ {
2902+ printf("Buffer overflow\n");
2903+ }
2904+ PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
2905+ if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
2906+ {
2907+ if(do_mct(amode, akeysz, aKey, iVec,
2908+ dir, (unsigned char*)plaintext, len,
2909+ rfp) < 0)
2910+ EXIT(1);
2911+ }
2912+ else
2913+ {
2914+ ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
2915+ dir, /* 0 = decrypt, 1 = encrypt */
2916+ plaintext, ciphertext, len);
2917+ OutputValue("CIPHERTEXT",ciphertext,len,rfp,
2918+ !strcmp(amode,"CFB1"));
2919+ }
2920+ step = 6;
2921+ }
2922+ break;
2923+
2924+ case 5: /* CIPHERTEXT = xxxx */
2925+ fputs(ibuf, rfp);
2926+ if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
2927+ {
2928+ printf("Missing KEY\n");
2929+ err = 1;
2930+ }
2931+ else
2932+ {
2933+ if(!strcmp(amode,"CFB1"))
2934+ len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
2935+ else
2936+ len = hex2bin(ibuf+13,ciphertext);
2937+ if (len < 0)
2938+ {
2939+ printf("Invalid CIPHERTEXT\n");
2940+ err =1;
2941+ break;
2942+ }
2943+
2944+ PrintValue("CIPHERTEXT", ciphertext, len);
2945+ if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
2946+ {
2947+ do_mct(amode, akeysz, aKey, iVec,
2948+ dir, ciphertext, len, rfp);
2949+ }
2950+ else
2951+ {
2952+ ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
2953+ dir, /* 0 = decrypt, 1 = encrypt */
2954+ plaintext, ciphertext, len);
2955+ OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
2956+ !strcmp(amode,"CFB1"));
2957+ }
2958+ step = 6;
2959+ }
2960+ break;
2961+
2962+ case 6:
2963+ if (ibuf[0] != '\n')
2964+ {
2965+ err = 1;
2966+ printf("Missing terminator\n");
2967+ }
2968+ else if (strcmp(atest, "MCT") != 0)
2969+ { /* MCT already added terminating nl */
2970+ fputs(ibuf, rfp);
2971+ }
2972+ step = 1;
2973+ break;
2974+ }
2975+ }
2976+ if (rfp)
2977+ fclose(rfp);
2978+ if (afp)
2979+ fclose(afp);
2980+ return err;
2981+ }
2982+
2983+/*--------------------------------------------------
2984+ Processes either a single file or
2985+ a set of files whose names are passed in a file.
2986+ A single file is specified as:
2987+ aes_test -f xxx.req
2988+ A set of files is specified as:
2989+ aes_test -d xxxxx.xxx
2990+ The default is: -d req.txt
2991+--------------------------------------------------*/
2992+int main(int argc, char **argv)
2993+ {
2994+ char *rqlist = "req.txt", *rspfile = NULL;
2995+ FILE *fp = NULL;
2996+ char fn[250] = "", rfn[256] = "";
2997+ int f_opt = 0, d_opt = 1;
2998+
2999+#ifdef OPENSSL_FIPS
3000+ if(!FIPS_mode_set(1))
3001+ {
3002+ do_print_errors();
3003+ EXIT(1);
3004+ }
3005+#endif
3006+ if (argc > 1)
3007+ {
3008+ if (strcasecmp(argv[1], "-d") == 0)
3009+ {
3010+ d_opt = 1;
3011+ }
3012+ else if (strcasecmp(argv[1], "-f") == 0)
3013+ {
3014+ f_opt = 1;
3015+ d_opt = 0;
3016+ }
3017+ else
3018+ {
3019+ printf("Invalid parameter: %s\n", argv[1]);
3020+ return 0;
3021+ }
3022+ if (argc < 3)
3023+ {
3024+ printf("Missing parameter\n");
3025+ return 0;
3026+ }
3027+ if (d_opt)
3028+ rqlist = argv[2];
3029+ else
3030+ {
3031+ strcpy(fn, argv[2]);
3032+ rspfile = argv[3];
3033+ }
3034+ }
3035+ if (d_opt)
3036+ { /* list of files (directory) */
3037+ if (!(fp = fopen(rqlist, "r")))
3038+ {
3039+ printf("Cannot open req list file\n");
3040+ return -1;
3041+ }
3042+ while (fgets(fn, sizeof(fn), fp))
3043+ {
3044+ strtok(fn, "\r\n");
3045+ strcpy(rfn, fn);
3046+ if (VERBOSE)
3047+ printf("Processing: %s\n", rfn);
3048+ if (proc_file(rfn, rspfile))
3049+ {
3050+ printf(">>> Processing failed for: %s <<<\n", rfn);
3051+ EXIT(1);
3052+ }
3053+ }
3054+ fclose(fp);
3055+ }
3056+ else /* single file */
3057+ {
3058+ if (VERBOSE)
3059+ printf("Processing: %s\n", fn);
3060+ if (proc_file(fn, rspfile))
3061+ {
3062+ printf(">>> Processing failed for: %s <<<\n", fn);
3063+ }
3064+ }
3065+ EXIT(0);
3066+ return 0;
3067+ }
3068+
3069+#endif
a7ff9508
MT		 3070diff -up openssl-1.0.1b/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_cmactest.c
3071--- openssl-1.0.1b/crypto/fips/cavs/fips_cmactest.c.fips 2012-04-26 18:00:51.397769234 +0200
3072+++ openssl-1.0.1b/crypto/fips/cavs/fips_cmactest.c 2012-04-26 18:00:51.397769234 +0200
0595faf5
MT		 3073@@ -0,0 +1,517 @@
3074+/* fips_cmactest.c */
3075+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3076+ * project 2005.
3077+ */
3078+/* ====================================================================
3079+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
3080+ *
3081+ * Redistribution and use in source and binary forms, with or without
3082+ * modification, are permitted provided that the following conditions
3083+ * are met:
3084+ *
3085+ * 1. Redistributions of source code must retain the above copyright
3086+ * notice, this list of conditions and the following disclaimer.
3087+ *
3088+ * 2. Redistributions in binary form must reproduce the above copyright
3089+ * notice, this list of conditions and the following disclaimer in
3090+ * the documentation and/or other materials provided with the
3091+ * distribution.
3092+ *
3093+ * 3. All advertising materials mentioning features or use of this
3094+ * software must display the following acknowledgment:
3095+ * "This product includes software developed by the OpenSSL Project
3096+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
3097+ *
3098+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
3099+ * endorse or promote products derived from this software without
3100+ * prior written permission. For written permission, please contact
3101+ * licensing@OpenSSL.org.
3102+ *
3103+ * 5. Products derived from this software may not be called "OpenSSL"
3104+ * nor may "OpenSSL" appear in their names without prior written
3105+ * permission of the OpenSSL Project.
3106+ *
3107+ * 6. Redistributions of any form whatsoever must retain the following
3108+ * acknowledgment:
3109+ * "This product includes software developed by the OpenSSL Project
3110+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
3111+ *
3112+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
3113+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3114+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
3115+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
3116+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
3117+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
3118+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
3119+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3120+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
3121+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
3122+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
3123+ * OF THE POSSIBILITY OF SUCH DAMAGE.
3124+ * ====================================================================
3125+ *
3126+ * This product includes cryptographic software written by Eric Young
3127+ * (eay@cryptsoft.com). This product includes software written by Tim
3128+ * Hudson (tjh@cryptsoft.com).
3129+ *
3130+ */
3131+
3132+#define OPENSSL_FIPSAPI
3133+
3134+#include <stdio.h>
3135+#include <ctype.h>
3136+#include <string.h>
3137+#include <openssl/bio.h>
3138+#include <openssl/evp.h>
3139+#include <openssl/cmac.h>
3140+#include <openssl/err.h>
3141+#include <openssl/bn.h>
3142+
3143+#ifndef OPENSSL_FIPS
3144+
3145+int main(int argc, char *argv[])
3146+{
3147+ printf("No FIPS CMAC support\n");
3148+ return(0);
3149+}
3150+
3151+#else
3152+
3153+#include <openssl/fips.h>
3154+#include "fips_utl.h"
3155+
3156+static int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
3157+ int mode, int Klen_counts_keys, int known_keylen);
3158+static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
3159+ unsigned char *Key, int Klen,
3160+ unsigned char *Msg, int Msglen,
3161+ int Tlen);
3162+static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
3163+ unsigned char *Key, int Klen,
3164+ unsigned char *Msg, int Msglen,
3165+ unsigned char *Mac, int Maclen,
3166+ int Tlen);
3167+
3168+#ifdef FIPS_ALGVS
3169+int fips_cmactest_main(int argc, char **argv)
3170+#else
3171+int main(int argc, char **argv)
3172+#endif
3173+ {
3174+ FILE *in = NULL, *out = NULL;
3175+ int mode = 0; /* 0 => Generate, 1 => Verify */
3176+ int Klen_counts_keys = 0; /* 0 => Klen is size of one key
3177+ 1 => Klen is amount of keys
3178+ */
3179+ int known_keylen = 0; /* Only set when Klen_counts_keys = 1 */
3180+ const EVP_CIPHER *cipher = 0;
3181+ int ret = 1;
3182+ fips_algtest_init();
3183+
3184+ while (argc > 1 && argv[1][0] == '-')
3185+ {
3186+ switch (argv[1][1])
3187+ {
3188+ case 'a':
3189+ {
3190+ char *p = &argv[1][2];
3191+ if (*p == '\0')
3192+ {
3193+ if (argc <= 2)
3194+ {
3195+ fprintf(stderr, "Option %s needs a value\n", argv[1]);
3196+ goto end;
3197+ }
3198+ argv++;
3199+ argc--;
3200+ p = &argv[1][0];
3201+ }
3202+ if (!strcmp(p, "aes128"))
3203+ cipher = EVP_aes_128_cbc();
3204+ else if (!strcmp(p, "aes192"))
3205+ cipher = EVP_aes_192_cbc();
3206+ else if (!strcmp(p, "aes256"))
3207+ cipher = EVP_aes_256_cbc();
3208+ else if (!strcmp(p, "tdea3") || !strcmp(p, "tdes3"))
3209+ {
3210+ cipher = EVP_des_ede3_cbc();
3211+ Klen_counts_keys = 1;
3212+ known_keylen = 8;
3213+ }
3214+ else
3215+ {
3216+ fprintf(stderr, "Unknown algorithm %s\n", p);
3217+ goto end;
3218+ }
3219+ }
3220+ break;
3221+ case 'g':
3222+ mode = 0;
3223+ break;
3224+ case 'v':
3225+ mode = 1;
3226+ break;
3227+ default:
3228+ fprintf(stderr, "Unknown option %s\n", argv[1]);
3229+ goto end;
3230+ }
3231+ argv++;
3232+ argc--;
3233+ }
3234+ if (argc == 1)
3235+ in = stdin;
3236+ else
3237+ in = fopen(argv[1], "r");
3238+
3239+ if (argc < 2)
3240+ out = stdout;
3241+ else
3242+ out = fopen(argv[2], "w");
3243+
3244+ if (!in)
3245+ {
3246+ fprintf(stderr, "FATAL input initialization error\n");
3247+ goto end;
3248+ }
3249+
3250+ if (!out)
3251+ {
3252+ fprintf(stderr, "FATAL output initialization error\n");
3253+ goto end;
3254+ }
3255+
3256+ if (!cmac_test(cipher, out, in, mode,
3257+ Klen_counts_keys, known_keylen))
3258+ {
3259+ fprintf(stderr, "FATAL cmac file processing error\n");
3260+ goto end;
3261+ }
3262+ else
3263+ ret = 0;
3264+
3265+ end:
3266+
3267+ if (in && (in != stdin))
3268+ fclose(in);
3269+ if (out && (out != stdout))
3270+ fclose(out);
3271+
3272+ return ret;
3273+
3274+ }
3275+
3276+#define CMAC_TEST_MAXLINELEN 150000
3277+
3278+int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
3279+ int mode, int Klen_counts_keys, int known_keylen)
3280+ {
3281+ char *linebuf, *olinebuf, *p, *q;
3282+ char *keyword, *value;
3283+ unsigned char **Keys = NULL, *Msg = NULL, *Mac = NULL;
3284+ unsigned char *Key = NULL;
3285+ int Count, Klen, Mlen, Tlen;
3286+ long Keylen, Msglen, Maclen;
3287+ int ret = 0;
3288+ int lnum = 0;
3289+
3290+ olinebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
3291+ linebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
3292+
3293+ if (!linebuf || !olinebuf)
3294+ goto error;
3295+
3296+ Count = -1;
3297+ Klen = -1;
3298+ Mlen = -1;
3299+ Tlen = -1;
3300+
3301+ while (fgets(olinebuf, CMAC_TEST_MAXLINELEN, in))
3302+ {
3303+ lnum++;
3304+ strcpy(linebuf, olinebuf);
3305+ keyword = linebuf;
3306+ /* Skip leading space */
3307+ while (isspace((unsigned char)*keyword))
3308+ keyword++;
3309+
3310+ /* Skip comments */
3311+ if (keyword[0] == '#')
3312+ {
3313+ if (fputs(olinebuf, out) < 0)
3314+ goto error;
3315+ continue;
3316+ }
3317+
3318+ /* Look for = sign */
3319+ p = strchr(linebuf, '=');
3320+
3321+ /* If no = or starts with [ (for [L=20] line) just copy */
3322+ if (!p)
3323+ {
3324+ if (fputs(olinebuf, out) < 0)
3325+ goto error;
3326+ continue;
3327+ }
3328+
3329+ q = p - 1;
3330+
3331+ /* Remove trailing space */
3332+ while (isspace((unsigned char)*q))
3333+ *q-- = 0;
3334+
3335+ *p = 0;
3336+ value = p + 1;
3337+
3338+ /* Remove leading space from value */
3339+ while (isspace((unsigned char)*value))
3340+ value++;
3341+
3342+ /* Remove trailing space from value */
3343+ p = value + strlen(value) - 1;
3344+
3345+ while (*p == '\n' || isspace((unsigned char)*p))
3346+ *p-- = 0;
3347+
3348+ if (!strcmp(keyword, "Count"))
3349+ {
3350+ if (Count != -1)
3351+ goto parse_error;
3352+ Count = atoi(value);
3353+ if (Count < 0)
3354+ goto parse_error;
3355+ }
3356+ else if (!strcmp(keyword, "Klen"))
3357+ {
3358+ if (Klen != -1)
3359+ goto parse_error;
3360+ Klen = atoi(value);
3361+ if (Klen < 0)
3362+ goto parse_error;
3363+ if (Klen_counts_keys)
3364+ {
3365+ Keys = OPENSSL_malloc(sizeof(*Keys) * Klen);
3366+ memset(Keys, '\0', sizeof(*Keys) * Klen);
3367+ }
3368+ else
3369+ {
3370+ Keys = OPENSSL_malloc(sizeof(*Keys));
3371+ memset(Keys, '\0', sizeof(*Keys));
3372+ }
3373+ }
3374+ else if (!strcmp(keyword, "Mlen"))
3375+ {
3376+ if (Mlen != -1)
3377+ goto parse_error;
3378+ Mlen = atoi(value);
3379+ if (Mlen < 0)
3380+ goto parse_error;
3381+ }
3382+ else if (!strcmp(keyword, "Tlen"))
3383+ {
3384+ if (Tlen != -1)
3385+ goto parse_error;
3386+ Tlen = atoi(value);
3387+ if (Tlen < 0)
3388+ goto parse_error;
3389+ }
3390+ else if (!strcmp(keyword, "Key") && !Klen_counts_keys)
3391+ {
3392+ if (Keys[0])
3393+ goto parse_error;
3394+ Keys[0] = hex2bin_m(value, &Keylen);
3395+ if (!Keys[0])
3396+ goto parse_error;
3397+ }
3398+ else if (!strncmp(keyword, "Key", 3) && Klen_counts_keys)
3399+ {
3400+ int keynum = atoi(keyword + 3);
3401+ if (!keynum || keynum > Klen || Keys[keynum-1])
3402+ goto parse_error;
3403+ Keys[keynum-1] = hex2bin_m(value, &Keylen);
3404+ if (!Keys[keynum-1])
3405+ goto parse_error;
3406+ }
3407+ else if (!strcmp(keyword, "Msg"))
3408+ {
3409+ if (Msg)
3410+ goto parse_error;
3411+ Msg = hex2bin_m(value, &Msglen);
3412+ if (!Msg)
3413+ goto parse_error;
3414+ }
3415+ else if (!strcmp(keyword, "Mac"))
3416+ {
3417+ if (mode == 0)
3418+ continue;
3419+ if (Mac)
3420+ goto parse_error;
3421+ Mac = hex2bin_m(value, &Maclen);
3422+ if (!Mac)
3423+ goto parse_error;
3424+ }
3425+ else if (!strcmp(keyword, "Result"))
3426+ {
3427+ if (mode == 1)
3428+ continue;
3429+ goto parse_error;
3430+ }
3431+ else
3432+ goto parse_error;
3433+
3434+ fputs(olinebuf, out);
3435+
3436+ if (Keys && Msg && (!mode || Mac) && (Tlen > 0) && (Klen > 0))
3437+ {
3438+ if (Klen_counts_keys)
3439+ {
3440+ int x;
3441+ Key = OPENSSL_malloc(Klen * known_keylen);
3442+ for (x = 0; x < Klen; x++)
3443+ {
3444+ memcpy(Key + x * known_keylen,
3445+ Keys[x], known_keylen);
3446+ OPENSSL_free(Keys[x]);
3447+ }
3448+ Klen *= known_keylen;
3449+ }
3450+ else
3451+ {
3452+ Key = OPENSSL_malloc(Klen);
3453+ memcpy(Key, Keys[0], Klen);
3454+ OPENSSL_free(Keys[0]);
3455+ }
3456+ OPENSSL_free(Keys);
3457+
3458+ switch(mode)
3459+ {
3460+ case 0:
3461+ if (!print_cmac_gen(cipher, out,
3462+ Key, Klen,
3463+ Msg, Mlen,
3464+ Tlen))
3465+ goto error;
3466+ break;
3467+ case 1:
3468+ if (!print_cmac_ver(cipher, out,
3469+ Key, Klen,
3470+ Msg, Mlen,
3471+ Mac, Maclen,
3472+ Tlen))
3473+ goto error;
3474+ break;
3475+ }
3476+
3477+ OPENSSL_free(Key);
3478+ Key = NULL;
3479+ OPENSSL_free(Msg);
3480+ Msg = NULL;
3481+ OPENSSL_free(Mac);
3482+ Mac = NULL;
3483+ Klen = -1;
3484+ Mlen = -1;
3485+ Tlen = -1;
3486+ Count = -1;
3487+ }
3488+ }
3489+
3490+
3491+ ret = 1;
3492+
3493+
3494+ error:
3495+
3496+ if (olinebuf)
3497+ OPENSSL_free(olinebuf);
3498+ if (linebuf)
3499+ OPENSSL_free(linebuf);
3500+ if (Key)
3501+ OPENSSL_free(Key);
3502+ if (Msg)
3503+ OPENSSL_free(Msg);
3504+ if (Mac)
3505+ OPENSSL_free(Mac);
3506+
3507+ return ret;
3508+
3509+ parse_error:
3510+
3511+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
3512+
3513+ goto error;
3514+
3515+ }
3516+
3517+static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
3518+ unsigned char *Key, int Klen,
3519+ unsigned char *Msg, int Mlen,
3520+ int Tlen)
3521+ {
3522+ int rc, i;
3523+ size_t reslen;
3524+ unsigned char res[128];
3525+ CMAC_CTX *cmac_ctx = CMAC_CTX_new();
3526+
3527+ CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
3528+ CMAC_Update(cmac_ctx, Msg, Mlen);
3529+ if (!CMAC_Final(cmac_ctx, res, &reslen))
3530+ {
3531+ fputs("Error calculating CMAC\n", stderr);
3532+ rc = 0;
3533+ }
3534+ else if (Tlen > (int)reslen)
3535+ {
3536+ fputs("Parameter error, Tlen > CMAC length\n", stderr);
3537+ rc = 0;
3538+ }
3539+ else
3540+ {
3541+ fputs("Mac = ", out);
3542+ for (i = 0; i < Tlen; i++)
3543+ fprintf(out, "%02x", res[i]);
3544+ fputs(RESP_EOL, out);
3545+ rc = 1;
3546+ }
3547+ CMAC_CTX_free(cmac_ctx);
3548+ return rc;
3549+ }
3550+
3551+static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
3552+ unsigned char *Key, int Klen,
3553+ unsigned char *Msg, int Mlen,
3554+ unsigned char *Mac, int Maclen,
3555+ int Tlen)
3556+ {
3557+ int rc = 1;
3558+ size_t reslen;
3559+ unsigned char res[128];
3560+ CMAC_CTX *cmac_ctx = CMAC_CTX_new();
3561+
3562+ CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
3563+ CMAC_Update(cmac_ctx, Msg, Mlen);
3564+ if (!CMAC_Final(cmac_ctx, res, &reslen))
3565+ {
3566+ fputs("Error calculating CMAC\n", stderr);
3567+ rc = 0;
3568+ }
3569+ else if (Tlen > (int)reslen)
3570+ {
3571+ fputs("Parameter error, Tlen > CMAC length\n", stderr);
3572+ rc = 0;
3573+ }
3574+ else if (Tlen != Maclen)
3575+ {
3576+ fputs("Parameter error, Tlen != resulting Mac length\n", stderr);
3577+ rc = 0;
3578+ }
3579+ else
3580+ {
3581+ if (!memcmp(Mac, res, Maclen))
3582+ fputs("Result = P" RESP_EOL, out);
3583+ else
3584+ fputs("Result = F" RESP_EOL, out);
3585+ }
3586+ CMAC_CTX_free(cmac_ctx);
3587+ return rc;
3588+ }
3589+
3590+#endif
a7ff9508
MT		 3591diff -up openssl-1.0.1b/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_desmovs.c
3592--- openssl-1.0.1b/crypto/fips/cavs/fips_desmovs.c.fips 2012-04-26 18:00:51.398769255 +0200
3593+++ openssl-1.0.1b/crypto/fips/cavs/fips_desmovs.c 2012-04-26 18:00:51.398769255 +0200
0595faf5
MT		 3594@@ -0,0 +1,702 @@
3595+/* ====================================================================
3596+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
3597+ *
3598+ * Redistribution and use in source and binary forms, with or without
3599+ * modification, are permitted provided that the following conditions
3600+ * are met:
3601+ *
3602+ * 1. Redistributions of source code must retain the above copyright
3603+ * notice, this list of conditions and the following disclaimer.
3604+ *
3605+ * 2. Redistributions in binary form must reproduce the above copyright
3606+ * notice, this list of conditions and the following disclaimer in
3607+ * the documentation and/or other materials provided with the
3608+ * distribution.
3609+ *
3610+ * 3. All advertising materials mentioning features or use of this
3611+ * software must display the following acknowledgment:
3612+ * "This product includes software developed by the OpenSSL Project
3613+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
3614+ *
3615+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
3616+ * endorse or promote products derived from this software without
3617+ * prior written permission. For written permission, please contact
3618+ * openssl-core@openssl.org.
3619+ *
3620+ * 5. Products derived from this software may not be called "OpenSSL"
3621+ * nor may "OpenSSL" appear in their names without prior written
3622+ * permission of the OpenSSL Project.
3623+ *
3624+ * 6. Redistributions of any form whatsoever must retain the following
3625+ * acknowledgment:
3626+ * "This product includes software developed by the OpenSSL Project
3627+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
3628+ *
3629+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
3630+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3631+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
3632+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
3633+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
3634+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
3635+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
3636+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3637+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
3638+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
3639+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
3640+ * OF THE POSSIBILITY OF SUCH DAMAGE.
3641+ *
3642+ */
3643+/*---------------------------------------------
3644+ NIST DES Modes of Operation Validation System
3645+ Test Program
3646+
3647+ Based on the AES Validation Suite, which was:
3648+ Donated to OpenSSL by:
3649+ V-ONE Corporation
3650+ 20250 Century Blvd, Suite 300
3651+ Germantown, MD 20874
3652+ U.S.A.
3653+ ----------------------------------------------*/
3654+
3655+#include <stdio.h>
3656+#include <stdlib.h>
3657+#include <string.h>
3658+#include <errno.h>
3659+#include <assert.h>
3660+#include <ctype.h>
3661+#include <openssl/des.h>
3662+#include <openssl/evp.h>
3663+#include <openssl/bn.h>
3664+
3665+#include <openssl/err.h>
3666+#include "e_os.h"
3667+
3668+#ifndef OPENSSL_FIPS
3669+
3670+int main(int argc, char *argv[])
3671+{
3672+ printf("No FIPS DES support\n");
3673+ return(0);
3674+}
3675+
3676+#else
3677+
3678+#include <openssl/fips.h>
3679+#include "fips_utl.h"
3680+
3681+#define DES_BLOCK_SIZE 8
3682+
3683+#define VERBOSE 0
3684+
3685+int DESTest(EVP_CIPHER_CTX *ctx,
3686+ char *amode, int akeysz, unsigned char *aKey,
3687+ unsigned char *iVec,
3688+ int dir, /* 0 = decrypt, 1 = encrypt */
3689+ unsigned char *out, unsigned char *in, int len)
3690+ {
3691+ const EVP_CIPHER *cipher = NULL;
3692+
3693+ if (akeysz != 192)
3694+ {
3695+ printf("Invalid key size: %d\n", akeysz);
3696+ EXIT(1);
3697+ }
3698+
3699+ if (strcasecmp(amode, "CBC") == 0)
3700+ cipher = EVP_des_ede3_cbc();
3701+ else if (strcasecmp(amode, "ECB") == 0)
3702+ cipher = EVP_des_ede3_ecb();
3703+ else if (strcasecmp(amode, "CFB64") == 0)
3704+ cipher = EVP_des_ede3_cfb64();
3705+ else if (strncasecmp(amode, "OFB", 3) == 0)
3706+ cipher = EVP_des_ede3_ofb();
3707+ else if(!strcasecmp(amode,"CFB8"))
3708+ cipher = EVP_des_ede3_cfb8();
3709+ else if(!strcasecmp(amode,"CFB1"))
3710+ cipher = EVP_des_ede3_cfb1();
3711+ else
3712+ {
3713+ printf("Unknown mode: %s\n", amode);
3714+ EXIT(1);
3715+ }
3716+
3717+ if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
3718+ return 0;
3719+ if(!strcasecmp(amode,"CFB1"))
3720+ M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
3721+ EVP_Cipher(ctx, out, in, len);
3722+
3723+ return 1;
3724+ }
3725+
3726+void DebugValue(char *tag, unsigned char *val, int len)
3727+ {
3728+ char obuf[2048];
3729+ int olen;
3730+ olen = bin2hex(val, len, obuf);
3731+ printf("%s = %.*s\n", tag, olen, obuf);
3732+ }
3733+
3734+void shiftin(unsigned char *dst,unsigned char *src,int nbits)
3735+ {
3736+ int n;
3737+
3738+ /* move the bytes... */
3739+ memmove(dst,dst+nbits/8,3*8-nbits/8);
3740+ /* append new data */
3741+ memcpy(dst+3*8-nbits/8,src,(nbits+7)/8);
3742+ /* left shift the bits */
3743+ if(nbits%8)
3744+ for(n=0 ; n < 3*8 ; ++n)
3745+ dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8));
3746+ }
3747+
3748+/*-----------------------------------------------*/
3749+char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
3750+char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
3751+enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB64};
3752+int Sizes[6]={64,64,64,1,8,64};
3753+
3754+void do_mct(char *amode,
3755+ int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec,
3756+ int dir, unsigned char *text, int len,
3757+ FILE *rfp)
3758+ {
3759+ int i,imode;
3760+ unsigned char nk[4*8]; /* longest key+8 */
3761+ unsigned char text0[8];
3762+
3763+ for (imode=0 ; imode < 6 ; ++imode)
3764+ if(!strcmp(amode,t_mode[imode]))
3765+ break;
3766+ if (imode == 6)
3767+ {
3768+ printf("Unrecognized mode: %s\n", amode);
3769+ EXIT(1);
3770+ }
3771+
3772+ for(i=0 ; i < 400 ; ++i)
3773+ {
3774+ int j;
3775+ int n;
3776+ int kp=akeysz/64;
3777+ unsigned char old_iv[8];
3778+ EVP_CIPHER_CTX ctx;
3779+ EVP_CIPHER_CTX_init(&ctx);
3780+
3781+ fprintf(rfp,"\nCOUNT = %d\n",i);
3782+ if(kp == 1)
3783+ OutputValue("KEY",akey,8,rfp,0);
3784+ else
3785+ for(n=0 ; n < kp ; ++n)
3786+ {
3787+ fprintf(rfp,"KEY%d",n+1);
3788+ OutputValue("",akey+n*8,8,rfp,0);
3789+ }
3790+
3791+ if(imode != ECB)
3792+ OutputValue("IV",ivec,8,rfp,0);
3793+ OutputValue(t_tag[dir^1],text,len,rfp,imode == CFB1);
3794+#if 0
3795+ /* compensate for endianness */
3796+ if(imode == CFB1)
3797+ text[0]<<=7;
3798+#endif
3799+ memcpy(text0,text,8);
3800+
3801+ for(j=0 ; j < 10000 ; ++j)
3802+ {
3803+ unsigned char old_text[8];
3804+
3805+ memcpy(old_text,text,8);
3806+ if(j == 0)
3807+ {
3808+ memcpy(old_iv,ivec,8);
3809+ DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len);
3810+ }
3811+ else
3812+ {
3813+ memcpy(old_iv,ctx.iv,8);
3814+ EVP_Cipher(&ctx,text,text,len);
3815+ }
3816+ if(j == 9999)
3817+ {
3818+ OutputValue(t_tag[dir],text,len,rfp,imode == CFB1);
3819+ /* memcpy(ivec,text,8); */
3820+ }
3821+ /* DebugValue("iv",ctx.iv,8); */
3822+ /* accumulate material for the next key */
3823+ shiftin(nk,text,Sizes[imode]);
3824+ /* DebugValue("nk",nk,24);*/
3825+ if((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64
3826+ || imode == CBC)) || imode == OFB)
3827+ memcpy(text,old_iv,8);
3828+
3829+ if(!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64))
3830+ {
3831+ /* the test specifies using the output of the raw DES operation
3832+ which we don't have, so reconstruct it... */
3833+ for(n=0 ; n < 8 ; ++n)
3834+ text[n]^=old_text[n];
3835+ }
3836+ }
3837+ for(n=0 ; n < 8 ; ++n)
3838+ akey[n]^=nk[16+n];
3839+ for(n=0 ; n < 8 ; ++n)
3840+ akey[8+n]^=nk[8+n];
3841+ for(n=0 ; n < 8 ; ++n)
3842+ akey[16+n]^=nk[n];
3843+ if(numkeys < 3)
3844+ memcpy(&akey[2*8],akey,8);
3845+ if(numkeys < 2)
3846+ memcpy(&akey[8],akey,8);
3847+ DES_set_odd_parity((DES_cblock *)akey);
3848+ DES_set_odd_parity((DES_cblock *)(akey+8));
3849+ DES_set_odd_parity((DES_cblock *)(akey+16));
3850+ memcpy(ivec,ctx.iv,8);
3851+
3852+ /* pointless exercise - the final text doesn't depend on the
3853+ initial text in OFB mode, so who cares what it is? (Who
3854+ designed these tests?) */
3855+ if(imode == OFB)
3856+ for(n=0 ; n < 8 ; ++n)
3857+ text[n]=text0[n]^old_iv[n];
3858+ }
3859+ }
3860+
3861+int proc_file(char *rqfile, char *rspfile)
3862+ {
3863+ char afn[256], rfn[256];
3864+ FILE *afp = NULL, *rfp = NULL;
3865+ char ibuf[2048], tbuf[2048];
3866+ int ilen, len, ret = 0;
3867+ char amode[8] = "";
3868+ char atest[100] = "";
3869+ int akeysz=0;
3870+ unsigned char iVec[20], aKey[40];
3871+ int dir = -1, err = 0, step = 0;
3872+ unsigned char plaintext[2048];
3873+ unsigned char ciphertext[2048];
3874+ char *rp;
3875+ EVP_CIPHER_CTX ctx;
3876+ int numkeys=1;
3877+ EVP_CIPHER_CTX_init(&ctx);
3878+
3879+ if (!rqfile || !(*rqfile))
3880+ {
3881+ printf("No req file\n");
3882+ return -1;
3883+ }
3884+ strcpy(afn, rqfile);
3885+
3886+ if ((afp = fopen(afn, "r")) == NULL)
3887+ {
3888+ printf("Cannot open file: %s, %s\n",
3889+ afn, strerror(errno));
3890+ return -1;
3891+ }
3892+ if (!rspfile)
3893+ {
3894+ strcpy(rfn,afn);
3895+ rp=strstr(rfn,"req/");
3896+#ifdef OPENSSL_SYS_WIN32
3897+ if (!rp)
3898+ rp=strstr(rfn,"req\\");
3899+#endif
3900+ assert(rp);
3901+ memcpy(rp,"rsp",3);
3902+ rp = strstr(rfn, ".req");
3903+ memcpy(rp, ".rsp", 4);
3904+ rspfile = rfn;
3905+ }
3906+ if ((rfp = fopen(rspfile, "w")) == NULL)
3907+ {
3908+ printf("Cannot open file: %s, %s\n",
3909+ rfn, strerror(errno));
3910+ fclose(afp);
3911+ afp = NULL;
3912+ return -1;
3913+ }
3914+ while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
3915+ {
3916+ tidy_line(tbuf, ibuf);
3917+ ilen = strlen(ibuf);
3918+ /* printf("step=%d ibuf=%s",step,ibuf);*/
3919+ if(step == 3 && !strcmp(amode,"ECB"))
3920+ {
3921+ memset(iVec, 0, sizeof(iVec));
3922+ step = (dir)? 4: 5; /* no ivec for ECB */
3923+ }
3924+ switch (step)
3925+ {
3926+ case 0: /* read preamble */
3927+ if (ibuf[0] == '\n')
3928+ { /* end of preamble */
3929+ if (*amode == '\0')
3930+ {
3931+ printf("Missing Mode\n");
3932+ err = 1;
3933+ }
3934+ else
3935+ {
3936+ fputs(ibuf, rfp);
3937+ ++ step;
3938+ }
3939+ }
3940+ else if (ibuf[0] != '#')
3941+ {
3942+ printf("Invalid preamble item: %s\n", ibuf);
3943+ err = 1;
3944+ }
3945+ else
3946+ { /* process preamble */
3947+ char *xp, *pp = ibuf+2;
3948+ int n;
3949+ if(*amode)
3950+ { /* insert current time & date */
3951+ time_t rtim = time(0);
3952+ fprintf(rfp, "# %s", ctime(&rtim));
3953+ }
3954+ else
3955+ {
3956+ fputs(ibuf, rfp);
3957+ if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4)
3958+ || !strncmp(pp,"TDES ",5)
3959+ || !strncmp(pp,"PERMUTATION ",12)
3960+ || !strncmp(pp,"SUBSTITUTION ",13)
3961+ || !strncmp(pp,"VARIABLE ",9))
3962+ {
3963+ /* get test type */
3964+ if(!strncmp(pp,"DES ",4))
3965+ pp+=4;
3966+ else if(!strncmp(pp,"TDES ",5))
3967+ pp+=5;
3968+ xp = strchr(pp, ' ');
3969+ n = xp-pp;
3970+ strncpy(atest, pp, n);
3971+ atest[n] = '\0';
3972+ /* get mode */
3973+ xp = strrchr(pp, ' '); /* get mode" */
3974+ n = strlen(xp+1)-1;
3975+ strncpy(amode, xp+1, n);
3976+ amode[n] = '\0';
3977+ /* amode[3] = '\0'; */
3978+ if (VERBOSE)
3979+ printf("Test=%s, Mode=%s\n",atest,amode);
3980+ }
3981+ }
3982+ }
3983+ break;
3984+
3985+ case 1: /* [ENCRYPT] | [DECRYPT] */
3986+ if(ibuf[0] == '\n')
3987+ break;
3988+ if (ibuf[0] == '[')
3989+ {
3990+ fputs(ibuf, rfp);
3991+ ++step;
3992+ if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
3993+ dir = 1;
3994+ else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
3995+ dir = 0;
3996+ else
3997+ {
3998+ printf("Invalid keyword: %s\n", ibuf);
3999+ err = 1;
4000+ }
4001+ break;
4002+ }
4003+ else if (dir == -1)
4004+ {
4005+ err = 1;
4006+ printf("Missing ENCRYPT/DECRYPT keyword\n");
4007+ break;
4008+ }
4009+ else
4010+ step = 2;
4011+
4012+ case 2: /* KEY = xxxx */
4013+ if(*ibuf == '\n')
4014+ {
4015+ fputs(ibuf, rfp);
4016+ break;
4017+ }
4018+ if(!strncasecmp(ibuf,"COUNT = ",8))
4019+ {
4020+ fputs(ibuf, rfp);
4021+ break;
4022+ }
4023+ if(!strncasecmp(ibuf,"COUNT=",6))
4024+ {
4025+ fputs(ibuf, rfp);
4026+ break;
4027+ }
4028+ if(!strncasecmp(ibuf,"NumKeys = ",10))
4029+ {
4030+ numkeys=atoi(ibuf+10);
4031+ break;
4032+ }
4033+
4034+ fputs(ibuf, rfp);
4035+ if(!strncasecmp(ibuf,"KEY = ",6))
4036+ {
4037+ akeysz=64;
4038+ len = hex2bin((char*)ibuf+6, aKey);
4039+ if (len < 0)
4040+ {
4041+ printf("Invalid KEY\n");
4042+ err=1;
4043+ break;
4044+ }
4045+ PrintValue("KEY", aKey, len);
4046+ ++step;
4047+ }
4048+ else if(!strncasecmp(ibuf,"KEYs = ",7))
4049+ {
4050+ akeysz=64*3;
4051+ len=hex2bin(ibuf+7,aKey);
4052+ if(len != 8)
4053+ {
4054+ printf("Invalid KEY\n");
4055+ err=1;
4056+ break;
4057+ }
4058+ memcpy(aKey+8,aKey,8);
4059+ memcpy(aKey+16,aKey,8);
4060+ ibuf[4]='\0';
4061+ PrintValue("KEYs",aKey,len);
4062+ ++step;
4063+ }
4064+ else if(!strncasecmp(ibuf,"KEY",3))
4065+ {
4066+ int n=ibuf[3]-'1';
4067+
4068+ akeysz=64*3;
4069+ len=hex2bin(ibuf+7,aKey+n*8);
4070+ if(len != 8)
4071+ {
4072+ printf("Invalid KEY\n");
4073+ err=1;
4074+ break;
4075+ }
4076+ ibuf[4]='\0';
4077+ PrintValue(ibuf,aKey,len);
4078+ if(n == 2)
4079+ ++step;
4080+ }
4081+ else
4082+ {
4083+ printf("Missing KEY\n");
4084+ err = 1;
4085+ }
4086+ break;
4087+
4088+ case 3: /* IV = xxxx */
4089+ fputs(ibuf, rfp);
4090+ if (strncasecmp(ibuf, "IV = ", 5) != 0)
4091+ {
4092+ printf("Missing IV\n");
4093+ err = 1;
4094+ }
4095+ else
4096+ {
4097+ len = hex2bin((char*)ibuf+5, iVec);
4098+ if (len < 0)
4099+ {
4100+ printf("Invalid IV\n");
4101+ err =1;
4102+ break;
4103+ }
4104+ PrintValue("IV", iVec, len);
4105+ step = (dir)? 4: 5;
4106+ }
4107+ break;
4108+
4109+ case 4: /* PLAINTEXT = xxxx */
4110+ fputs(ibuf, rfp);
4111+ if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
4112+ {
4113+ printf("Missing PLAINTEXT\n");
4114+ err = 1;
4115+ }
4116+ else
4117+ {
4118+ int nn = strlen(ibuf+12);
4119+ if(!strcmp(amode,"CFB1"))
4120+ len=bint2bin(ibuf+12,nn-1,plaintext);
4121+ else
4122+ len=hex2bin(ibuf+12, plaintext);
4123+ if (len < 0)
4124+ {
4125+ printf("Invalid PLAINTEXT: %s", ibuf+12);
4126+ err =1;
4127+ break;
4128+ }
4129+ if (len >= sizeof(plaintext))
4130+ {
4131+ printf("Buffer overflow\n");
4132+ }
4133+ PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
4134+ if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
4135+ {
4136+ do_mct(amode,akeysz,numkeys,aKey,iVec,dir,plaintext,len,rfp);
4137+ }
4138+ else
4139+ {
4140+ assert(dir == 1);
4141+ ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
4142+ dir, /* 0 = decrypt, 1 = encrypt */
4143+ ciphertext, plaintext, len);
4144+ OutputValue("CIPHERTEXT",ciphertext,len,rfp,
4145+ !strcmp(amode,"CFB1"));
4146+ }
4147+ step = 6;
4148+ }
4149+ break;
4150+
4151+ case 5: /* CIPHERTEXT = xxxx */
4152+ fputs(ibuf, rfp);
4153+ if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
4154+ {
4155+ printf("Missing KEY\n");
4156+ err = 1;
4157+ }
4158+ else
4159+ {
4160+ if(!strcmp(amode,"CFB1"))
4161+ len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
4162+ else
4163+ len = hex2bin(ibuf+13,ciphertext);
4164+ if (len < 0)
4165+ {
4166+ printf("Invalid CIPHERTEXT\n");
4167+ err =1;
4168+ break;
4169+ }
4170+
4171+ PrintValue("CIPHERTEXT", ciphertext, len);
4172+ if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
4173+ {
4174+ do_mct(amode, akeysz, numkeys, aKey, iVec,
4175+ dir, ciphertext, len, rfp);
4176+ }
4177+ else
4178+ {
4179+ assert(dir == 0);
4180+ ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
4181+ dir, /* 0 = decrypt, 1 = encrypt */
4182+ plaintext, ciphertext, len);
4183+ OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
4184+ !strcmp(amode,"CFB1"));
4185+ }
4186+ step = 6;
4187+ }
4188+ break;
4189+
4190+ case 6:
4191+ if (ibuf[0] != '\n')
4192+ {
4193+ err = 1;
4194+ printf("Missing terminator\n");
4195+ }
4196+ else if (strcmp(atest, "MCT") != 0)
4197+ { /* MCT already added terminating nl */
4198+ fputs(ibuf, rfp);
4199+ }
4200+ step = 1;
4201+ break;
4202+ }
4203+ }
4204+ if (rfp)
4205+ fclose(rfp);
4206+ if (afp)
4207+ fclose(afp);
4208+ return err;
4209+ }
4210+
4211+/*--------------------------------------------------
4212+ Processes either a single file or
4213+ a set of files whose names are passed in a file.
4214+ A single file is specified as:
4215+ aes_test -f xxx.req
4216+ A set of files is specified as:
4217+ aes_test -d xxxxx.xxx
4218+ The default is: -d req.txt
4219+--------------------------------------------------*/
4220+int main(int argc, char **argv)
4221+ {
4222+ char *rqlist = "req.txt", *rspfile = NULL;
4223+ FILE *fp = NULL;
4224+ char fn[250] = "", rfn[256] = "";
4225+ int f_opt = 0, d_opt = 1;
4226+
4227+#ifdef OPENSSL_FIPS
4228+ if(!FIPS_mode_set(1))
4229+ {
4230+ do_print_errors();
4231+ EXIT(1);
4232+ }
4233+#endif
4234+ if (argc > 1)
4235+ {
4236+ if (strcasecmp(argv[1], "-d") == 0)
4237+ {
4238+ d_opt = 1;
4239+ }
4240+ else if (strcasecmp(argv[1], "-f") == 0)
4241+ {
4242+ f_opt = 1;
4243+ d_opt = 0;
4244+ }
4245+ else
4246+ {
4247+ printf("Invalid parameter: %s\n", argv[1]);
4248+ return 0;
4249+ }
4250+ if (argc < 3)
4251+ {
4252+ printf("Missing parameter\n");
4253+ return 0;
4254+ }
4255+ if (d_opt)
4256+ rqlist = argv[2];
4257+ else
4258+ {
4259+ strcpy(fn, argv[2]);
4260+ rspfile = argv[3];
4261+ }
4262+ }
4263+ if (d_opt)
4264+ { /* list of files (directory) */
4265+ if (!(fp = fopen(rqlist, "r")))
4266+ {
4267+ printf("Cannot open req list file\n");
4268+ return -1;
4269+ }
4270+ while (fgets(fn, sizeof(fn), fp))
4271+ {
4272+ strtok(fn, "\r\n");
4273+ strcpy(rfn, fn);
4274+ printf("Processing: %s\n", rfn);
4275+ if (proc_file(rfn, rspfile))
4276+ {
4277+ printf(">>> Processing failed for: %s <<<\n", rfn);
4278+ EXIT(1);
4279+ }
4280+ }
4281+ fclose(fp);
4282+ }
4283+ else /* single file */
4284+ {
4285+ if (VERBOSE)
4286+ printf("Processing: %s\n", fn);
4287+ if (proc_file(fn, rspfile))
4288+ {
4289+ printf(">>> Processing failed for: %s <<<\n", fn);
4290+ }
4291+ }
4292+ EXIT(0);
4293+ return 0;
4294+ }
4295+
4296+#endif
a7ff9508
MT		 4297diff -up openssl-1.0.1b/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_dhvs.c
4298--- openssl-1.0.1b/crypto/fips/cavs/fips_dhvs.c.fips 2012-04-26 18:00:51.398769255 +0200
4299+++ openssl-1.0.1b/crypto/fips/cavs/fips_dhvs.c 2012-04-26 18:00:51.398769255 +0200
0595faf5
MT		 4300@@ -0,0 +1,292 @@
4301+/* fips/dh/fips_dhvs.c */
4302+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4303+ * project.
4304+ */
4305+/* ====================================================================
4306+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
4307+ *
4308+ * Redistribution and use in source and binary forms, with or without
4309+ * modification, are permitted provided that the following conditions
4310+ * are met:
4311+ *
4312+ * 1. Redistributions of source code must retain the above copyright
4313+ * notice, this list of conditions and the following disclaimer.
4314+ *
4315+ * 2. Redistributions in binary form must reproduce the above copyright
4316+ * notice, this list of conditions and the following disclaimer in
4317+ * the documentation and/or other materials provided with the
4318+ * distribution.
4319+ *
4320+ * 3. All advertising materials mentioning features or use of this
4321+ * software must display the following acknowledgment:
4322+ * "This product includes software developed by the OpenSSL Project
4323+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
4324+ *
4325+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
4326+ * endorse or promote products derived from this software without
4327+ * prior written permission. For written permission, please contact
4328+ * licensing@OpenSSL.org.
4329+ *
4330+ * 5. Products derived from this software may not be called "OpenSSL"
4331+ * nor may "OpenSSL" appear in their names without prior written
4332+ * permission of the OpenSSL Project.
4333+ *
4334+ * 6. Redistributions of any form whatsoever must retain the following
4335+ * acknowledgment:
4336+ * "This product includes software developed by the OpenSSL Project
4337+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
4338+ *
4339+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
4340+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4341+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
4342+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
4343+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
4344+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
4345+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
4346+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4347+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
4348+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
4349+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
4350+ * OF THE POSSIBILITY OF SUCH DAMAGE.
4351+ * ====================================================================
4352+ */
4353+
4354+
4355+#define OPENSSL_FIPSAPI
4356+#include <openssl/opensslconf.h>
4357+
4358+#ifndef OPENSSL_FIPS
4359+#include <stdio.h>
4360+
4361+int main(int argc, char **argv)
4362+{
4363+ printf("No FIPS DH support\n");
4364+ return(0);
4365+}
4366+#else
4367+
4368+#include <openssl/crypto.h>
4369+#include <openssl/bn.h>
4370+#include <openssl/dh.h>
4371+#include <openssl/fips.h>
4372+#include <openssl/err.h>
4373+#include <openssl/evp.h>
4374+#include <string.h>
4375+#include <ctype.h>
4376+
4377+#include "fips_utl.h"
4378+
4379+static const EVP_MD *parse_md(char *line)
4380+ {
4381+ char *p;
4382+ if (line[0] != '[' || line[1] != 'F')
4383+ return NULL;
4384+ p = strchr(line, '-');
4385+ if (!p)
4386+ return NULL;
4387+ line = p + 1;
4388+ p = strchr(line, ']');
4389+ if (!p)
4390+ return NULL;
4391+ *p = 0;
4392+ p = line;
4393+ while(isspace(*p))
4394+ p++;
4395+ if (!strcmp(p, "SHA1"))
4396+ return EVP_sha1();
4397+ else if (!strcmp(p, "SHA224"))
4398+ return EVP_sha224();
4399+ else if (!strcmp(p, "SHA256"))
4400+ return EVP_sha256();
4401+ else if (!strcmp(p, "SHA384"))
4402+ return EVP_sha384();
4403+ else if (!strcmp(p, "SHA512"))
4404+ return EVP_sha512();
4405+ else
4406+ return NULL;
4407+ }
4408+
4409+static void output_Zhash(FILE *out, int exout,
4410+ DH *dh, BIGNUM *peerkey, const EVP_MD *md,
4411+ unsigned char *rhash, size_t rhashlen)
4412+ {
4413+ unsigned char *Z;
4414+ unsigned char chash[EVP_MAX_MD_SIZE];
4415+ int Zlen;
4416+ if (rhash == NULL)
4417+ {
4418+ rhashlen = M_EVP_MD_size(md);
4419+ if (!DH_generate_key(dh))
4420+ exit (1);
4421+ do_bn_print_name(out, "YephemIUT", dh->pub_key);
4422+ if (exout)
4423+ do_bn_print_name(out, "XephemIUT", dh->priv_key);
4424+ }
4425+ Z = OPENSSL_malloc(BN_num_bytes(dh->p));
4426+ if (!Z)
4427+ exit(1);
4428+ Zlen = DH_compute_key_padded(Z, peerkey, dh);
4429+ if (exout)
4430+ OutputValue("Z", Z, Zlen, out, 0);
4431+ FIPS_digest(Z, Zlen, chash, NULL, md);
4432+ OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0);
4433+ if (rhash)
4434+ {
4435+ fprintf(out, "Result = %s\n",
4436+ memcmp(chash, rhash, rhashlen) ? "F" : "P");
4437+ }
4438+ else
4439+ {
4440+ BN_clear_free(dh->priv_key);
4441+ BN_clear_free(dh->pub_key);
4442+ dh->priv_key = NULL;
4443+ dh->pub_key = NULL;
4444+ }
4445+ OPENSSL_cleanse(Z, Zlen);
4446+ OPENSSL_free(Z);
4447+ }
4448+
4449+#ifdef FIPS_ALGVS
4450+int fips_dhvs_main(int argc, char **argv)
4451+#else
4452+int main(int argc, char **argv)
4453+#endif
4454+ {
4455+ char **args = argv + 1;
4456+ int argn = argc - 1;
4457+ FILE *in, *out;
4458+ char buf[2048], lbuf[2048];
4459+ unsigned char *rhash;
4460+ long rhashlen;
4461+ DH *dh = NULL;
4462+ const EVP_MD *md = NULL;
4463+ BIGNUM *peerkey = NULL;
4464+ char *keyword = NULL, *value = NULL;
4465+ int do_verify = -1, exout = 0;
4466+
4467+ fips_algtest_init();
4468+
4469+ if (argn && !strcmp(*args, "dhver"))
4470+ {
4471+ do_verify = 1;
4472+ args++;
4473+ argn--;
4474+ }
4475+ else if (argn && !strcmp(*args, "dhgen"))
4476+ {
4477+ do_verify = 0;
4478+ args++;
4479+ argn--;
4480+ }
4481+
4482+ if (argn && !strcmp(*args, "-exout"))
4483+ {
4484+ exout = 1;
4485+ args++;
4486+ argn--;
4487+ }
4488+
4489+ if (do_verify == -1)
4490+ {
4491+ fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
4492+ exit(1);
4493+ }
4494+
4495+ if (argn == 2)
4496+ {
4497+ in = fopen(*args, "r");
4498+ if (!in)
4499+ {
4500+ fprintf(stderr, "Error opening input file\n");
4501+ exit(1);
4502+ }
4503+ out = fopen(args[1], "w");
4504+ if (!out)
4505+ {
4506+ fprintf(stderr, "Error opening output file\n");
4507+ exit(1);
4508+ }
4509+ }
4510+ else if (argn == 0)
4511+ {
4512+ in = stdin;
4513+ out = stdout;
4514+ }
4515+ else
4516+ {
4517+ fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
4518+ exit(1);
4519+ }
4520+
4521+ dh = FIPS_dh_new();
4522+
4523+ while (fgets(buf, sizeof(buf), in) != NULL)
4524+ {
4525+ fputs(buf, out);
4526+ if (strlen(buf) > 6 && !strncmp(buf, "[F", 2))
4527+ {
4528+ md = parse_md(buf);
4529+ if (md == NULL)
4530+ goto parse_error;
4531+ if (dh)
4532+ FIPS_dh_free(dh);
4533+ dh = FIPS_dh_new();
4534+ continue;
4535+ }
4536+ if (!parse_line(&keyword, &value, lbuf, buf))
4537+ continue;
4538+ if (!strcmp(keyword, "P"))
4539+ {
4540+ if (!do_hex2bn(&dh->p, value))
4541+ goto parse_error;
4542+ }
4543+ else if (!strcmp(keyword, "Q"))
4544+ {
4545+ if (!do_hex2bn(&dh->q, value))
4546+ goto parse_error;
4547+ }
4548+ else if (!strcmp(keyword, "G"))
4549+ {
4550+ if (!do_hex2bn(&dh->g, value))
4551+ goto parse_error;
4552+ }
4553+ else if (!strcmp(keyword, "XephemIUT"))
4554+ {
4555+ if (!do_hex2bn(&dh->priv_key, value))
4556+ goto parse_error;
4557+ }
4558+ else if (!strcmp(keyword, "YephemIUT"))
4559+ {
4560+ if (!do_hex2bn(&dh->pub_key, value))
4561+ goto parse_error;
4562+ }
4563+ else if (!strcmp(keyword, "YephemCAVS"))
4564+ {
4565+ if (!do_hex2bn(&peerkey, value))
4566+ goto parse_error;
4567+ if (do_verify == 0)
4568+ output_Zhash(out, exout, dh, peerkey, md,
4569+ NULL, 0);
4570+ }
4571+ else if (!strcmp(keyword, "CAVSHashZZ"))
4572+ {
4573+ if (!md)
4574+ goto parse_error;
4575+ rhash = hex2bin_m(value, &rhashlen);
4576+ if (!rhash || rhashlen != M_EVP_MD_size(md))
4577+ goto parse_error;
4578+ output_Zhash(out, exout, dh, peerkey, md,
4579+ rhash, rhashlen);
4580+ }
4581+ }
4582+ if (in && in != stdin)
4583+ fclose(in);
4584+ if (out && out != stdout)
4585+ fclose(out);
4586+ return 0;
4587+ parse_error:
4588+ fprintf(stderr, "Error Parsing request file\n");
4589+ exit(1);
4590+ }
4591+
4592+#endif
a7ff9508
MT		 4593diff -up openssl-1.0.1b/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_drbgvs.c
4594--- openssl-1.0.1b/crypto/fips/cavs/fips_drbgvs.c.fips 2012-04-26 18:00:51.398769255 +0200
4595+++ openssl-1.0.1b/crypto/fips/cavs/fips_drbgvs.c 2012-04-26 18:00:51.398769255 +0200
0595faf5
MT		 4596@@ -0,0 +1,416 @@
4597+/* fips/rand/fips_drbgvs.c */
4598+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4599+ * project.
4600+ */
4601+/* ====================================================================
4602+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
4603+ *
4604+ * Redistribution and use in source and binary forms, with or without
4605+ * modification, are permitted provided that the following conditions
4606+ * are met:
4607+ *
4608+ * 1. Redistributions of source code must retain the above copyright
4609+ * notice, this list of conditions and the following disclaimer.
4610+ *
4611+ * 2. Redistributions in binary form must reproduce the above copyright
4612+ * notice, this list of conditions and the following disclaimer in
4613+ * the documentation and/or other materials provided with the
4614+ * distribution.
4615+ *
4616+ * 3. All advertising materials mentioning features or use of this
4617+ * software must display the following acknowledgment:
4618+ * "This product includes software developed by the OpenSSL Project
4619+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
4620+ *
4621+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
4622+ * endorse or promote products derived from this software without
4623+ * prior written permission. For written permission, please contact
4624+ * licensing@OpenSSL.org.
4625+ *
4626+ * 5. Products derived from this software may not be called "OpenSSL"
4627+ * nor may "OpenSSL" appear in their names without prior written
4628+ * permission of the OpenSSL Project.
4629+ *
4630+ * 6. Redistributions of any form whatsoever must retain the following
4631+ * acknowledgment:
4632+ * "This product includes software developed by the OpenSSL Project
4633+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
4634+ *
4635+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
4636+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4637+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
4638+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
4639+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
4640+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
4641+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
4642+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4643+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
4644+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
4645+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
4646+ * OF THE POSSIBILITY OF SUCH DAMAGE.
4647+ * ====================================================================
4648+ */
4649+
4650+
4651+#define OPENSSL_FIPSAPI
4652+#include <openssl/opensslconf.h>
4653+
4654+#ifndef OPENSSL_FIPS
4655+#include <stdio.h>
4656+
4657+int main(int argc, char **argv)
4658+{
4659+ printf("No FIPS DRBG support\n");
4660+ return(0);
4661+}
4662+#else
4663+
4664+#include <openssl/bn.h>
4665+#include <openssl/dsa.h>
4666+#include <openssl/fips.h>
4667+#include <openssl/fips_rand.h>
4668+#include <openssl/err.h>
4669+#include <openssl/evp.h>
4670+#include <string.h>
4671+#include <ctype.h>
4672+
4673+#include "fips_utl.h"
4674+
4675+static int dparse_md(char *str)
4676+ {
4677+ switch(atoi(str + 5))
4678+ {
4679+ case 1:
4680+ return NID_sha1;
4681+
4682+ case 224:
4683+ return NID_sha224;
4684+
4685+ case 256:
4686+ return NID_sha256;
4687+
4688+ case 384:
4689+ return NID_sha384;
4690+
4691+ case 512:
4692+ return NID_sha512;
4693+
4694+ }
4695+
4696+ return NID_undef;
4697+ }
4698+
4699+static int parse_ec(char *str)
4700+ {
4701+ int curve_nid, md_nid;
4702+ char *md;
4703+ md = strchr(str, ' ');
4704+ if (!md)
4705+ return NID_undef;
4706+ if (!strncmp(str, "[P-256", 6))
4707+ curve_nid = NID_X9_62_prime256v1;
4708+ else if (!strncmp(str, "[P-384", 6))
4709+ curve_nid = NID_secp384r1;
4710+ else if (!strncmp(str, "[P-521", 6))
4711+ curve_nid = NID_secp521r1;
4712+ else
4713+ return NID_undef;
4714+ md_nid = dparse_md(md);
4715+ if (md_nid == NID_undef)
4716+ return NID_undef;
4717+ return (curve_nid << 16) | md_nid;
4718+ }
4719+
4720+static int parse_aes(char *str, int *pdf)
4721+ {
4722+
4723+ if (!strncmp(str + 9, "no", 2))
4724+ *pdf = 0;
4725+ else
4726+ *pdf = DRBG_FLAG_CTR_USE_DF;
4727+
4728+ switch(atoi(str + 5))
4729+ {
4730+ case 128:
4731+ return NID_aes_128_ctr;
4732+
4733+ case 192:
4734+ return NID_aes_192_ctr;
4735+
4736+ case 256:
4737+ return NID_aes_256_ctr;
4738+
4739+ default:
4740+ return NID_undef;
4741+
4742+ }
4743+ }
4744+
4745+typedef struct
4746+ {
4747+ unsigned char *ent;
4748+ size_t entlen;
4749+ unsigned char *nonce;
4750+ size_t noncelen;
4751+ } TEST_ENT;
4752+
4753+static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
4754+ int entropy, size_t min_len, size_t max_len)
4755+ {
4756+ TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
4757+ *pout = (unsigned char *)t->ent;
4758+ return t->entlen;
4759+ }
4760+
4761+static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
4762+ int entropy, size_t min_len, size_t max_len)
4763+ {
4764+ TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
4765+ *pout = (unsigned char *)t->nonce;
4766+ return t->noncelen;
4767+ }
4768+
4769+#ifdef FIPS_ALGVS
4770+int fips_drbgvs_main(int argc,char **argv)
4771+#else
4772+int main(int argc,char **argv)
4773+#endif
4774+ {
4775+ FILE *in = NULL, *out = NULL;
4776+ DRBG_CTX *dctx = NULL;
4777+ TEST_ENT t;
4778+ int r, nid = 0;
4779+ int pr = 0;
4780+ char buf[2048], lbuf[2048];
4781+ unsigned char randout[2048];
4782+ char *keyword = NULL, *value = NULL;
4783+
4784+ unsigned char *ent = NULL, *nonce = NULL, *pers = NULL, *adin = NULL;
4785+ long entlen, noncelen, perslen, adinlen;
4786+ int df = 0;
4787+
4788+ enum dtype { DRBG_NONE, DRBG_CTR, DRBG_HASH, DRBG_HMAC, DRBG_DUAL_EC }
4789+ drbg_type = DRBG_NONE;
4790+
4791+ int randoutlen = 0;
4792+
4793+ int gen = 0;
4794+
4795+ fips_algtest_init();
4796+
4797+ if (argc == 3)
4798+ {
4799+ in = fopen(argv[1], "r");
4800+ if (!in)
4801+ {
4802+ fprintf(stderr, "Error opening input file\n");
4803+ exit(1);
4804+ }
4805+ out = fopen(argv[2], "w");
4806+ if (!out)
4807+ {
4808+ fprintf(stderr, "Error opening output file\n");
4809+ exit(1);
4810+ }
4811+ }
4812+ else if (argc == 1)
4813+ {
4814+ in = stdin;
4815+ out = stdout;
4816+ }
4817+ else
4818+ {
4819+ fprintf(stderr,"%s (infile outfile)\n",argv[0]);
4820+ exit(1);
4821+ }
4822+
4823+ while (fgets(buf, sizeof(buf), in) != NULL)
4824+ {
4825+ fputs(buf, out);
4826+ if (drbg_type == DRBG_NONE)
4827+ {
4828+ if (strstr(buf, "CTR_DRBG"))
4829+ drbg_type = DRBG_CTR;
4830+ else if (strstr(buf, "Hash_DRBG"))
4831+ drbg_type = DRBG_HASH;
4832+ else if (strstr(buf, "HMAC_DRBG"))
4833+ drbg_type = DRBG_HMAC;
4834+ else if (strstr(buf, "Dual_EC_DRBG"))
4835+ drbg_type = DRBG_DUAL_EC;
4836+ else
4837+ continue;
4838+ }
4839+ if (strlen(buf) > 4 && !strncmp(buf, "[SHA-", 5))
4840+ {
4841+ nid = dparse_md(buf);
4842+ if (nid == NID_undef)
4843+ exit(1);
4844+ if (drbg_type == DRBG_HMAC)
4845+ {
4846+ switch (nid)
4847+ {
4848+ case NID_sha1:
4849+ nid = NID_hmacWithSHA1;
4850+ break;
4851+
4852+ case NID_sha224:
4853+ nid = NID_hmacWithSHA224;
4854+ break;
4855+
4856+ case NID_sha256:
4857+ nid = NID_hmacWithSHA256;
4858+ break;
4859+
4860+ case NID_sha384:
4861+ nid = NID_hmacWithSHA384;
4862+ break;
4863+
4864+ case NID_sha512:
4865+ nid = NID_hmacWithSHA512;
4866+ break;
4867+
4868+ default:
4869+ exit(1);
4870+ }
4871+ }
4872+ }
4873+ if (strlen(buf) > 12 && !strncmp(buf, "[AES-", 5))
4874+ {
4875+ nid = parse_aes(buf, &df);
4876+ if (nid == NID_undef)
4877+ exit(1);
4878+ }
4879+ if (strlen(buf) > 12 && !strncmp(buf, "[P-", 3))
4880+ {
4881+ nid = parse_ec(buf);
4882+ if (nid == NID_undef)
4883+ exit(1);
4884+ }
4885+ if (!parse_line(&keyword, &value, lbuf, buf))
4886+ continue;
4887+
4888+ if (!strcmp(keyword, "[PredictionResistance"))
4889+ {
4890+ if (!strcmp(value, "True]"))
4891+ pr = 1;
4892+ else if (!strcmp(value, "False]"))
4893+ pr = 0;
4894+ else
4895+ exit(1);
4896+ }
4897+
4898+ if (!strcmp(keyword, "EntropyInput"))
4899+ {
4900+ ent = hex2bin_m(value, &entlen);
4901+ t.ent = ent;
4902+ t.entlen = entlen;
4903+ }
4904+
4905+ if (!strcmp(keyword, "Nonce"))
4906+ {
4907+ nonce = hex2bin_m(value, &noncelen);
4908+ t.nonce = nonce;
4909+ t.noncelen = noncelen;
4910+ }
4911+
4912+ if (!strcmp(keyword, "PersonalizationString"))
4913+ {
4914+ pers = hex2bin_m(value, &perslen);
4915+ if (nid == 0)
4916+ {
4917+ fprintf(stderr, "DRBG type not recognised!\n");
4918+ exit (1);
4919+ }
4920+ dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST);
4921+ if (!dctx)
4922+ exit (1);
4923+ FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0,
4924+ test_nonce, 0);
4925+ FIPS_drbg_set_app_data(dctx, &t);
4926+ randoutlen = (int)FIPS_drbg_get_blocklength(dctx);
4927+ r = FIPS_drbg_instantiate(dctx, pers, perslen);
4928+ if (!r)
4929+ {
4930+ fprintf(stderr, "Error instantiating DRBG\n");
4931+ exit(1);
4932+ }
4933+ OPENSSL_free(pers);
4934+ OPENSSL_free(ent);
4935+ OPENSSL_free(nonce);
4936+ ent = nonce = pers = NULL;
4937+ gen = 0;
4938+ }
4939+
4940+ if (!strcmp(keyword, "AdditionalInput"))
4941+ {
4942+ adin = hex2bin_m(value, &adinlen);
4943+ if (pr)
4944+ continue;
4945+ r = FIPS_drbg_generate(dctx, randout, randoutlen, 0,
4946+ adin, adinlen);
4947+ if (!r)
4948+ {
4949+ fprintf(stderr, "Error generating DRBG bits\n");
4950+ exit(1);
4951+ }
4952+ if (!r)
4953+ exit(1);
4954+ OPENSSL_free(adin);
4955+ adin = NULL;
4956+ gen++;
4957+ }
4958+
4959+ if (pr)
4960+ {
4961+ if (!strcmp(keyword, "EntropyInputPR"))
4962+ {
4963+ ent = hex2bin_m(value, &entlen);
4964+ t.ent = ent;
4965+ t.entlen = entlen;
4966+ r = FIPS_drbg_generate(dctx,
4967+ randout, randoutlen,
4968+ 1, adin, adinlen);
4969+ if (!r)
4970+ {
4971+ fprintf(stderr,
4972+ "Error generating DRBG bits\n");
4973+ exit(1);
4974+ }
4975+ OPENSSL_free(adin);
4976+ OPENSSL_free(ent);
4977+ adin = ent = NULL;
4978+ gen++;
4979+ }
4980+ }
4981+ if (!strcmp(keyword, "EntropyInputReseed"))
4982+ {
4983+ ent = hex2bin_m(value, &entlen);
4984+ t.ent = ent;
4985+ t.entlen = entlen;
4986+ }
4987+ if (!strcmp(keyword, "AdditionalInputReseed"))
4988+ {
4989+ adin = hex2bin_m(value, &adinlen);
4990+ FIPS_drbg_reseed(dctx, adin, adinlen);
4991+ OPENSSL_free(ent);
4992+ OPENSSL_free(adin);
4993+ ent = adin = NULL;
4994+ }
4995+ if (gen == 2)
4996+ {
4997+ OutputValue("ReturnedBits", randout, randoutlen,
4998+ out, 0);
4999+ FIPS_drbg_free(dctx);
5000+ dctx = NULL;
5001+ gen = 0;
5002+ }
5003+
5004+ }
5005+ if (in && in != stdin)
5006+ fclose(in);
5007+ if (out && out != stdout)
5008+ fclose(out);
5009+ return 0;
5010+ }
5011+
5012+#endif
a7ff9508
MT		 5013diff -up openssl-1.0.1b/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_dssvs.c
5014--- openssl-1.0.1b/crypto/fips/cavs/fips_dssvs.c.fips 2012-04-26 18:00:51.398769255 +0200
5015+++ openssl-1.0.1b/crypto/fips/cavs/fips_dssvs.c 2012-04-26 18:00:51.398769255 +0200
0595faf5
MT		 5016@@ -0,0 +1,537 @@
5017+#include <openssl/opensslconf.h>
5018+
5019+#ifndef OPENSSL_FIPS
5020+#include <stdio.h>
5021+
5022+int main(int argc, char **argv)
5023+{
5024+ printf("No FIPS DSA support\n");
5025+ return(0);
5026+}
5027+#else
5028+
5029+#include <openssl/bn.h>
5030+#include <openssl/dsa.h>
5031+#include <openssl/fips.h>
5032+#include <openssl/err.h>
5033+#include <openssl/evp.h>
5034+#include <string.h>
5035+#include <ctype.h>
5036+
5037+#include "fips_utl.h"
5038+
5039+static void pbn(const char *name, BIGNUM *bn)
5040+ {
5041+ int len, i;
5042+ unsigned char *tmp;
5043+ len = BN_num_bytes(bn);
5044+ tmp = OPENSSL_malloc(len);
5045+ if (!tmp)
5046+ {
5047+ fprintf(stderr, "Memory allocation error\n");
5048+ return;
5049+ }
5050+ BN_bn2bin(bn, tmp);
5051+ printf("%s = ", name);
5052+ for (i = 0; i < len; i++)
5053+ printf("%02X", tmp[i]);
5054+ fputs("\n", stdout);
5055+ OPENSSL_free(tmp);
5056+ return;
5057+ }
5058+
5059+void primes()
5060+ {
5061+ char buf[10240];
5062+ char lbuf[10240];
5063+ char *keyword, *value;
5064+
5065+ while(fgets(buf,sizeof buf,stdin) != NULL)
5066+ {
5067+ fputs(buf,stdout);
5068+ if (!parse_line(&keyword, &value, lbuf, buf))
5069+ continue;
5070+ if(!strcmp(keyword,"Prime"))
5071+ {
5072+ BIGNUM *pp;
5073+
5074+ pp=BN_new();
5075+ do_hex2bn(&pp,value);
5076+ printf("result= %c\n",
5077+ BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
5078+ }
5079+ }
5080+ }
5081+
5082+void pqg()
5083+ {
5084+ char buf[1024];
5085+ char lbuf[1024];
5086+ char *keyword, *value;
5087+ int nmod=0;
5088+
5089+ while(fgets(buf,sizeof buf,stdin) != NULL)
5090+ {
5091+ if (!parse_line(&keyword, &value, lbuf, buf))
5092+ {
5093+ fputs(buf,stdout);
5094+ continue;
5095+ }
5096+ if(!strcmp(keyword,"[mod"))
5097+ nmod=atoi(value);
5098+ else if(!strcmp(keyword,"N"))
5099+ {
5100+ int n=atoi(value);
5101+
5102+ printf("[mod = %d]\n\n",nmod);
5103+
5104+ while(n--)
5105+ {
5106+ unsigned char seed[20];
5107+ DSA *dsa;
5108+ int counter;
5109+ unsigned long h;
5110+ dsa = FIPS_dsa_new();
5111+
5112+ if (!DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL))
5113+ {
5114+ do_print_errors();
5115+ exit(1);
5116+ }
5117+ pbn("P",dsa->p);
5118+ pbn("Q",dsa->q);
5119+ pbn("G",dsa->g);
5120+ pv("Seed",seed,20);
5121+ printf("c = %d\n",counter);
5122+ printf("H = %lx\n",h);
5123+ putc('\n',stdout);
5124+ }
5125+ }
5126+ else
5127+ fputs(buf,stdout);
5128+ }
5129+ }
5130+
5131+void pqgver()
5132+ {
5133+ char buf[1024];
5134+ char lbuf[1024];
5135+ char *keyword, *value;
5136+ BIGNUM *p = NULL, *q = NULL, *g = NULL;
5137+ int counter, counter2;
5138+ unsigned long h, h2;
5139+ DSA *dsa=NULL;
5140+ int nmod=0;
5141+ unsigned char seed[1024];
5142+
5143+ while(fgets(buf,sizeof buf,stdin) != NULL)
5144+ {
5145+ if (!parse_line(&keyword, &value, lbuf, buf))
5146+ {
5147+ fputs(buf,stdout);
5148+ continue;
5149+ }
5150+ fputs(buf, stdout);
5151+ if(!strcmp(keyword,"[mod"))
5152+ nmod=atoi(value);
5153+ else if(!strcmp(keyword,"P"))
5154+ p=hex2bn(value);
5155+ else if(!strcmp(keyword,"Q"))
5156+ q=hex2bn(value);
5157+ else if(!strcmp(keyword,"G"))
5158+ g=hex2bn(value);
5159+ else if(!strcmp(keyword,"Seed"))
5160+ {
5161+ int slen = hex2bin(value, seed);
5162+ if (slen != 20)
5163+ {
5164+ fprintf(stderr, "Seed parse length error\n");
5165+ exit (1);
5166+ }
5167+ }
5168+ else if(!strcmp(keyword,"c"))
5169+ counter =atoi(buf+4);
5170+ else if(!strcmp(keyword,"H"))
5171+ {
5172+ h = atoi(value);
5173+ if (!p || !q || !g)
5174+ {
5175+ fprintf(stderr, "Parse Error\n");
5176+ exit (1);
5177+ }
5178+ dsa = FIPS_dsa_new();
5179+ if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
5180+ {
5181+ do_print_errors();
5182+ exit(1);
5183+ }
5184+ if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
5185+ || (counter != counter2) || (h != h2))
5186+ printf("Result = F\n");
5187+ else
5188+ printf("Result = P\n");
5189+ BN_free(p);
5190+ BN_free(q);
5191+ BN_free(g);
5192+ p = NULL;
5193+ q = NULL;
5194+ g = NULL;
5195+ FIPS_dsa_free(dsa);
5196+ dsa = NULL;
5197+ }
5198+ }
5199+ }
5200+
5201+/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
5202+ * algorithm tests. It is an additional test to perform sanity checks on the
5203+ * output of the KeyPair test.
5204+ */
5205+
5206+static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
5207+ BN_CTX *ctx)
5208+ {
5209+ BIGNUM *rem = NULL;
5210+ if (BN_num_bits(p) != nmod)
5211+ return 0;
5212+ if (BN_num_bits(q) != 160)
5213+ return 0;
5214+ if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
5215+ return 0;
5216+ if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
5217+ return 0;
5218+ rem = BN_new();
5219+ if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
5220+ || (BN_cmp(g, BN_value_one()) <= 0)
5221+ || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
5222+ {
5223+ BN_free(rem);
5224+ return 0;
5225+ }
5226+ /* Todo: check g */
5227+ BN_free(rem);
5228+ return 1;
5229+ }
5230+
5231+void keyver()
5232+ {
5233+ char buf[1024];
5234+ char lbuf[1024];
5235+ char *keyword, *value;
5236+ BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
5237+ BIGNUM *Y2;
5238+ BN_CTX *ctx = NULL;
5239+ int nmod=0, paramcheck = 0;
5240+
5241+ ctx = BN_CTX_new();
5242+ Y2 = BN_new();
5243+
5244+ while(fgets(buf,sizeof buf,stdin) != NULL)
5245+ {
5246+ if (!parse_line(&keyword, &value, lbuf, buf))
5247+ {
5248+ fputs(buf,stdout);
5249+ continue;
5250+ }
5251+ if(!strcmp(keyword,"[mod"))
5252+ {
5253+ if (p)
5254+ BN_free(p);
5255+ p = NULL;
5256+ if (q)
5257+ BN_free(q);
5258+ q = NULL;
5259+ if (g)
5260+ BN_free(g);
5261+ g = NULL;
5262+ paramcheck = 0;
5263+ nmod=atoi(value);
5264+ }
5265+ else if(!strcmp(keyword,"P"))
5266+ p=hex2bn(value);
5267+ else if(!strcmp(keyword,"Q"))
5268+ q=hex2bn(value);
5269+ else if(!strcmp(keyword,"G"))
5270+ g=hex2bn(value);
5271+ else if(!strcmp(keyword,"X"))
5272+ X=hex2bn(value);
5273+ else if(!strcmp(keyword,"Y"))
5274+ {
5275+ Y=hex2bn(value);
5276+ if (!p || !q || !g || !X || !Y)
5277+ {
5278+ fprintf(stderr, "Parse Error\n");
5279+ exit (1);
5280+ }
5281+ pbn("P",p);
5282+ pbn("Q",q);
5283+ pbn("G",g);
5284+ pbn("X",X);
5285+ pbn("Y",Y);
5286+ if (!paramcheck)
5287+ {
5288+ if (dss_paramcheck(nmod, p, q, g, ctx))
5289+ paramcheck = 1;
5290+ else
5291+ paramcheck = -1;
5292+ }
5293+ if (paramcheck != 1)
5294+ printf("Result = F\n");
5295+ else
5296+ {
5297+ if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
5298+ printf("Result = F\n");
5299+ else
5300+ printf("Result = P\n");
5301+ }
5302+ BN_free(X);
5303+ BN_free(Y);
5304+ X = NULL;
5305+ Y = NULL;
5306+ }
5307+ }
5308+ if (p)
5309+ BN_free(p);
5310+ if (q)
5311+ BN_free(q);
5312+ if (g)
5313+ BN_free(g);
5314+ if (Y2)
5315+ BN_free(Y2);
5316+ }
5317+
5318+void keypair()
5319+ {
5320+ char buf[1024];
5321+ char lbuf[1024];
5322+ char *keyword, *value;
5323+ int nmod=0;
5324+
5325+ while(fgets(buf,sizeof buf,stdin) != NULL)
5326+ {
5327+ if (!parse_line(&keyword, &value, lbuf, buf))
5328+ {
5329+ fputs(buf,stdout);
5330+ continue;
5331+ }
5332+ if(!strcmp(keyword,"[mod"))
5333+ nmod=atoi(value);
5334+ else if(!strcmp(keyword,"N"))
5335+ {
5336+ DSA *dsa;
5337+ int n=atoi(value);
5338+
5339+ printf("[mod = %d]\n\n",nmod);
5340+ dsa = FIPS_dsa_new();
5341+ if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
5342+ {
5343+ do_print_errors();
5344+ exit(1);
5345+ }
5346+ pbn("P",dsa->p);
5347+ pbn("Q",dsa->q);
5348+ pbn("G",dsa->g);
5349+ putc('\n',stdout);
5350+
5351+ while(n--)
5352+ {
5353+ if (!DSA_generate_key(dsa))
5354+ {
5355+ do_print_errors();
5356+ exit(1);
5357+ }
5358+
5359+ pbn("X",dsa->priv_key);
5360+ pbn("Y",dsa->pub_key);
5361+ putc('\n',stdout);
5362+ }
5363+ }
5364+ }
5365+ }
5366+
5367+void siggen()
5368+ {
5369+ char buf[1024];
5370+ char lbuf[1024];
5371+ char *keyword, *value;
5372+ int nmod=0;
5373+ DSA *dsa=NULL;
5374+
5375+ while(fgets(buf,sizeof buf,stdin) != NULL)
5376+ {
5377+ if (!parse_line(&keyword, &value, lbuf, buf))
5378+ {
5379+ fputs(buf,stdout);
5380+ continue;
5381+ }
5382+ if(!strcmp(keyword,"[mod"))
5383+ {
5384+ nmod=atoi(value);
5385+ printf("[mod = %d]\n\n",nmod);
5386+ if (dsa)
5387+ FIPS_dsa_free(dsa);
5388+ dsa = FIPS_dsa_new();
5389+ if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
5390+ {
5391+ do_print_errors();
5392+ exit(1);
5393+ }
5394+ pbn("P",dsa->p);
5395+ pbn("Q",dsa->q);
5396+ pbn("G",dsa->g);
5397+ putc('\n',stdout);
5398+ }
5399+ else if(!strcmp(keyword,"Msg"))
5400+ {
5401+ unsigned char msg[1024];
5402+ unsigned char sbuf[60];
5403+ unsigned int slen;
5404+ int n;
5405+ EVP_PKEY pk;
5406+ EVP_MD_CTX mctx;
5407+ DSA_SIG *sig;
5408+ EVP_MD_CTX_init(&mctx);
5409+
5410+ n=hex2bin(value,msg);
5411+ pv("Msg",msg,n);
5412+
5413+ if (!DSA_generate_key(dsa))
5414+ {
5415+ do_print_errors();
5416+ exit(1);
5417+ }
5418+ pk.type = EVP_PKEY_DSA;
5419+ pk.pkey.dsa = dsa;
5420+ pbn("Y",dsa->pub_key);
5421+
5422+ EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
5423+ EVP_SignUpdate(&mctx, msg, n);
5424+ EVP_SignFinal(&mctx, sbuf, &slen, &pk);
5425+
5426+ sig = DSA_SIG_new();
5427+ FIPS_dsa_sig_decode(sig, sbuf, slen);
5428+
5429+ pbn("R",sig->r);
5430+ pbn("S",sig->s);
5431+ putc('\n',stdout);
5432+ DSA_SIG_free(sig);
5433+ EVP_MD_CTX_cleanup(&mctx);
5434+ }
5435+ }
5436+ if (dsa)
5437+ FIPS_dsa_free(dsa);
5438+ }
5439+
5440+void sigver()
5441+ {
5442+ DSA *dsa=NULL;
5443+ char buf[1024];
5444+ char lbuf[1024];
5445+ unsigned char msg[1024];
5446+ char *keyword, *value;
5447+ int nmod=0, n=0;
5448+ DSA_SIG sg, *sig = &sg;
5449+
5450+ sig->r = NULL;
5451+ sig->s = NULL;
5452+
5453+ while(fgets(buf,sizeof buf,stdin) != NULL)
5454+ {
5455+ if (!parse_line(&keyword, &value, lbuf, buf))
5456+ {
5457+ fputs(buf,stdout);
5458+ continue;
5459+ }
5460+ if(!strcmp(keyword,"[mod"))
5461+ {
5462+ nmod=atoi(value);
5463+ if(dsa)
5464+ FIPS_dsa_free(dsa);
5465+ dsa=FIPS_dsa_new();
5466+ }
5467+ else if(!strcmp(keyword,"P"))
5468+ dsa->p=hex2bn(value);
5469+ else if(!strcmp(keyword,"Q"))
5470+ dsa->q=hex2bn(value);
5471+ else if(!strcmp(keyword,"G"))
5472+ {
5473+ dsa->g=hex2bn(value);
5474+
5475+ printf("[mod = %d]\n\n",nmod);
5476+ pbn("P",dsa->p);
5477+ pbn("Q",dsa->q);
5478+ pbn("G",dsa->g);
5479+ putc('\n',stdout);
5480+ }
5481+ else if(!strcmp(keyword,"Msg"))
5482+ {
5483+ n=hex2bin(value,msg);
5484+ pv("Msg",msg,n);
5485+ }
5486+ else if(!strcmp(keyword,"Y"))
5487+ dsa->pub_key=hex2bn(value);
5488+ else if(!strcmp(keyword,"R"))
5489+ sig->r=hex2bn(value);
5490+ else if(!strcmp(keyword,"S"))
5491+ {
5492+ EVP_MD_CTX mctx;
5493+ EVP_PKEY pk;
5494+ unsigned char sigbuf[60];
5495+ unsigned int slen;
5496+ int r;
5497+ EVP_MD_CTX_init(&mctx);
5498+ pk.type = EVP_PKEY_DSA;
5499+ pk.pkey.dsa = dsa;
5500+ sig->s=hex2bn(value);
5501+
5502+ pbn("Y",dsa->pub_key);
5503+ pbn("R",sig->r);
5504+ pbn("S",sig->s);
5505+
5506+ slen = FIPS_dsa_sig_encode(sigbuf, sig);
5507+ EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL);
5508+ EVP_VerifyUpdate(&mctx, msg, n);
5509+ r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk);
5510+ EVP_MD_CTX_cleanup(&mctx);
5511+
5512+ printf("Result = %c\n", r == 1 ? 'P' : 'F');
5513+ putc('\n',stdout);
5514+ }
5515+ }
5516+ }
5517+
5518+int main(int argc,char **argv)
5519+ {
5520+ if(argc != 2)
5521+ {
5522+ fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]);
5523+ exit(1);
5524+ }
5525+ if(!FIPS_mode_set(1))
5526+ {
5527+ do_print_errors();
5528+ exit(1);
5529+ }
5530+ if(!strcmp(argv[1],"prime"))
5531+ primes();
5532+ else if(!strcmp(argv[1],"pqg"))
5533+ pqg();
5534+ else if(!strcmp(argv[1],"pqgver"))
5535+ pqgver();
5536+ else if(!strcmp(argv[1],"keypair"))
5537+ keypair();
5538+ else if(!strcmp(argv[1],"keyver"))
5539+ keyver();
5540+ else if(!strcmp(argv[1],"siggen"))
5541+ siggen();
5542+ else if(!strcmp(argv[1],"sigver"))
5543+ sigver();
5544+ else
5545+ {
5546+ fprintf(stderr,"Don't know how to %s.\n",argv[1]);
5547+ exit(1);
5548+ }
5549+
5550+ return 0;
5551+ }
5552+
5553+#endif
a7ff9508
MT		 5554diff -up openssl-1.0.1b/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_gcmtest.c
5555--- openssl-1.0.1b/crypto/fips/cavs/fips_gcmtest.c.fips 2012-04-26 18:00:51.399769276 +0200
5556+++ openssl-1.0.1b/crypto/fips/cavs/fips_gcmtest.c 2012-04-26 18:00:51.399769276 +0200
0595faf5
MT		 5557@@ -0,0 +1,571 @@
5558+/* fips/aes/fips_gcmtest.c */
5559+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
5560+ * project.
5561+ */
5562+/* ====================================================================
5563+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
5564+ *
5565+ * Redistribution and use in source and binary forms, with or without
5566+ * modification, are permitted provided that the following conditions
5567+ * are met:
5568+ *
5569+ * 1. Redistributions of source code must retain the above copyright
5570+ * notice, this list of conditions and the following disclaimer.
5571+ *
5572+ * 2. Redistributions in binary form must reproduce the above copyright
5573+ * notice, this list of conditions and the following disclaimer in
5574+ * the documentation and/or other materials provided with the
5575+ * distribution.
5576+ *
5577+ * 3. All advertising materials mentioning features or use of this
5578+ * software must display the following acknowledgment:
5579+ * "This product includes software developed by the OpenSSL Project
5580+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
5581+ *
5582+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
5583+ * endorse or promote products derived from this software without
5584+ * prior written permission. For written permission, please contact
5585+ * licensing@OpenSSL.org.
5586+ *
5587+ * 5. Products derived from this software may not be called "OpenSSL"
5588+ * nor may "OpenSSL" appear in their names without prior written
5589+ * permission of the OpenSSL Project.
5590+ *
5591+ * 6. Redistributions of any form whatsoever must retain the following
5592+ * acknowledgment:
5593+ * "This product includes software developed by the OpenSSL Project
5594+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
5595+ *
5596+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
5597+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
5598+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
5599+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
5600+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
5601+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
5602+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
5603+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
5604+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
5605+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
5606+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
5607+ * OF THE POSSIBILITY OF SUCH DAMAGE.
5608+ * ====================================================================
5609+ */
5610+
5611+
5612+#define OPENSSL_FIPSAPI
5613+#include <openssl/opensslconf.h>
5614+
5615+#ifndef OPENSSL_FIPS
5616+#include <stdio.h>
5617+
5618+int main(int argc, char **argv)
5619+{
5620+ printf("No FIPS GCM support\n");
5621+ return(0);
5622+}
5623+#else
5624+
5625+#include <openssl/bn.h>
5626+#include <openssl/dsa.h>
5627+#include <openssl/fips.h>
5628+#include <openssl/err.h>
5629+#include <openssl/evp.h>
5630+#include <string.h>
5631+#include <ctype.h>
5632+
5633+#include "fips_utl.h"
5634+
5635+static void gcmtest(FILE *in, FILE *out, int encrypt)
5636+ {
5637+ char buf[2048];
5638+ char lbuf[2048];
5639+ char *keyword, *value;
5640+ int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1;
5641+ int rv;
5642+ long l;
5643+ unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL;
5644+ unsigned char *ct = NULL, *pt = NULL;
5645+ EVP_CIPHER_CTX ctx;
5646+ const EVP_CIPHER *gcm = NULL;
5647+ FIPS_cipher_ctx_init(&ctx);
5648+
5649+ while(fgets(buf,sizeof buf,in) != NULL)
5650+ {
5651+ fputs(buf,out);
5652+ if (!parse_line(&keyword, &value, lbuf, buf))
5653+ continue;
5654+ if(!strcmp(keyword,"[Keylen"))
5655+ {
5656+ keylen = atoi(value);
5657+ if (keylen == 128)
5658+ gcm = EVP_aes_128_gcm();
5659+ else if (keylen == 192)
5660+ gcm = EVP_aes_192_gcm();
5661+ else if (keylen == 256)
5662+ gcm = EVP_aes_256_gcm();
5663+ else
5664+ {
5665+ fprintf(stderr, "Unsupported keylen %d\n",
5666+ keylen);
5667+ }
5668+ keylen >>= 3;
5669+ }
5670+ else if (!strcmp(keyword, "[IVlen"))
5671+ ivlen = atoi(value) >> 3;
5672+ else if (!strcmp(keyword, "[AADlen"))
5673+ aadlen = atoi(value) >> 3;
5674+ else if (!strcmp(keyword, "[Taglen"))
5675+ taglen = atoi(value) >> 3;
5676+ else if (!strcmp(keyword, "[PTlen"))
5677+ ptlen = atoi(value) >> 3;
5678+ else if(!strcmp(keyword,"Key"))
5679+ {
5680+ key = hex2bin_m(value, &l);
5681+ if (l != keylen)
5682+ {
5683+ fprintf(stderr, "Inconsistent Key length\n");
5684+ exit(1);
5685+ }
5686+ }
5687+ else if(!strcmp(keyword,"IV"))
5688+ {
5689+ iv = hex2bin_m(value, &l);
5690+ if (l != ivlen)
5691+ {
5692+ fprintf(stderr, "Inconsistent IV length\n");
5693+ exit(1);
5694+ }
5695+ }
5696+ else if(!strcmp(keyword,"PT"))
5697+ {
5698+ pt = hex2bin_m(value, &l);
5699+ if (l != ptlen)
5700+ {
5701+ fprintf(stderr, "Inconsistent PT length\n");
5702+ exit(1);
5703+ }
5704+ }
5705+ else if(!strcmp(keyword,"CT"))
5706+ {
5707+ ct = hex2bin_m(value, &l);
5708+ if (l != ptlen)
5709+ {
5710+ fprintf(stderr, "Inconsistent CT length\n");
5711+ exit(1);
5712+ }
5713+ }
5714+ else if(!strcmp(keyword,"AAD"))
5715+ {
5716+ aad = hex2bin_m(value, &l);
5717+ if (l != aadlen)
5718+ {
5719+ fprintf(stderr, "Inconsistent AAD length\n");
5720+ exit(1);
5721+ }
5722+ }
5723+ else if(!strcmp(keyword,"Tag"))
5724+ {
5725+ tag = hex2bin_m(value, &l);
5726+ if (l != taglen)
5727+ {
5728+ fprintf(stderr, "Inconsistent Tag length\n");
5729+ exit(1);
5730+ }
5731+ }
5732+ if (encrypt && pt && aad && (iv || encrypt==1))
5733+ {
5734+ tag = OPENSSL_malloc(taglen);
5735+ FIPS_cipherinit(&ctx, gcm, NULL, NULL, 1);
5736+ /* Relax FIPS constraints for testing */
5737+ M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
5738+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
5739+ if (encrypt == 1)
5740+ {
5741+ static unsigned char iv_fixed[4] = {1,2,3,4};
5742+ if (!iv)
5743+ iv = OPENSSL_malloc(ivlen);
5744+ FIPS_cipherinit(&ctx, NULL, key, NULL, 1);
5745+ FIPS_cipher_ctx_ctrl(&ctx,
5746+ EVP_CTRL_GCM_SET_IV_FIXED,
5747+ 4, iv_fixed);
5748+ if (!FIPS_cipher_ctx_ctrl(&ctx,
5749+ EVP_CTRL_GCM_IV_GEN, 0, iv))
5750+ {
5751+ fprintf(stderr, "IV gen error\n");
5752+ exit(1);
5753+ }
5754+ OutputValue("IV", iv, ivlen, out, 0);
5755+ }
5756+ else
5757+ FIPS_cipherinit(&ctx, NULL, key, iv, 1);
5758+
5759+
5760+ if (aadlen)
5761+ FIPS_cipher(&ctx, NULL, aad, aadlen);
5762+ if (ptlen)
5763+ {
5764+ ct = OPENSSL_malloc(ptlen);
5765+ rv = FIPS_cipher(&ctx, ct, pt, ptlen);
5766+ }
5767+ FIPS_cipher(&ctx, NULL, NULL, 0);
5768+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG,
5769+ taglen, tag);
5770+ OutputValue("CT", ct, ptlen, out, 0);
5771+ OutputValue("Tag", tag, taglen, out, 0);
5772+ if (iv)
5773+ OPENSSL_free(iv);
5774+ if (aad)
5775+ OPENSSL_free(aad);
5776+ if (ct)
5777+ OPENSSL_free(ct);
5778+ if (pt)
5779+ OPENSSL_free(pt);
5780+ if (key)
5781+ OPENSSL_free(key);
5782+ if (tag)
5783+ OPENSSL_free(tag);
5784+ iv = aad = ct = pt = key = tag = NULL;
5785+ }
5786+ if (!encrypt && tag)
5787+ {
5788+ FIPS_cipherinit(&ctx, gcm, NULL, NULL, 0);
5789+ /* Relax FIPS constraints for testing */
5790+ M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
5791+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
5792+ FIPS_cipherinit(&ctx, NULL, key, iv, 0);
5793+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag);
5794+ if (aadlen)
5795+ FIPS_cipher(&ctx, NULL, aad, aadlen);
5796+ if (ptlen)
5797+ {
5798+ pt = OPENSSL_malloc(ptlen);
5799+ rv = FIPS_cipher(&ctx, pt, ct, ptlen);
5800+ }
5801+ rv = FIPS_cipher(&ctx, NULL, NULL, 0);
5802+ if (rv < 0)
5803+ fprintf(out, "FAIL" RESP_EOL);
5804+ else
5805+ OutputValue("PT", pt, ptlen, out, 0);
5806+ if (iv)
5807+ OPENSSL_free(iv);
5808+ if (aad)
5809+ OPENSSL_free(aad);
5810+ if (ct)
5811+ OPENSSL_free(ct);
5812+ if (pt)
5813+ OPENSSL_free(pt);
5814+ if (key)
5815+ OPENSSL_free(key);
5816+ if (tag)
5817+ OPENSSL_free(tag);
5818+ iv = aad = ct = pt = key = tag = NULL;
5819+ }
5820+ }
5821+ FIPS_cipher_ctx_cleanup(&ctx);
5822+ }
5823+
5824+static void xtstest(FILE *in, FILE *out)
5825+ {
5826+ char buf[204800];
5827+ char lbuf[204800];
5828+ char *keyword, *value;
5829+ int inlen = 0;
5830+ int encrypt = 0;
5831+ long l;
5832+ unsigned char *key = NULL, *iv = NULL;
5833+ unsigned char *inbuf = NULL, *outbuf = NULL;
5834+ EVP_CIPHER_CTX ctx;
5835+ const EVP_CIPHER *xts = NULL;
5836+ FIPS_cipher_ctx_init(&ctx);
5837+
5838+ while(fgets(buf,sizeof buf,in) != NULL)
5839+ {
5840+ fputs(buf,out);
5841+ if (buf[0] == '[' && strlen(buf) >= 9)
5842+ {
5843+ if(!strncmp(buf,"[ENCRYPT]", 9))
5844+ encrypt = 1;
5845+ else if(!strncmp(buf,"[DECRYPT]", 9))
5846+ encrypt = 0;
5847+ }
5848+ if (!parse_line(&keyword, &value, lbuf, buf))
5849+ continue;
5850+ else if(!strcmp(keyword,"Key"))
5851+ {
5852+ key = hex2bin_m(value, &l);
5853+ if (l == 32)
5854+ xts = EVP_aes_128_xts();
5855+ else if (l == 64)
5856+ xts = EVP_aes_256_xts();
5857+ else
5858+ {
5859+ fprintf(stderr, "Inconsistent Key length\n");
5860+ exit(1);
5861+ }
5862+ }
5863+ else if(!strcmp(keyword,"i"))
5864+ {
5865+ iv = hex2bin_m(value, &l);
5866+ if (l != 16)
5867+ {
5868+ fprintf(stderr, "Inconsistent i length\n");
5869+ exit(1);
5870+ }
5871+ }
5872+ else if(encrypt && !strcmp(keyword,"PT"))
5873+ {
5874+ inbuf = hex2bin_m(value, &l);
5875+ inlen = l;
5876+ }
5877+ else if(!encrypt && !strcmp(keyword,"CT"))
5878+ {
5879+ inbuf = hex2bin_m(value, &l);
5880+ inlen = l;
5881+ }
5882+ if (inbuf)
5883+ {
5884+ FIPS_cipherinit(&ctx, xts, key, iv, encrypt);
5885+ outbuf = OPENSSL_malloc(inlen);
5886+ FIPS_cipher(&ctx, outbuf, inbuf, inlen);
5887+ OutputValue(encrypt ? "CT":"PT", outbuf, inlen, out, 0);
5888+ OPENSSL_free(inbuf);
5889+ OPENSSL_free(outbuf);
5890+ OPENSSL_free(key);
5891+ OPENSSL_free(iv);
5892+ iv = key = inbuf = outbuf = NULL;
5893+ }
5894+ }
5895+ FIPS_cipher_ctx_cleanup(&ctx);
5896+ }
5897+
5898+static void ccmtest(FILE *in, FILE *out)
5899+ {
5900+ char buf[200048];
5901+ char lbuf[200048];
5902+ char *keyword, *value;
5903+ long l;
5904+ unsigned char *Key = NULL, *Nonce = NULL;
5905+ unsigned char *Adata = NULL, *Payload = NULL;
5906+ unsigned char *CT = NULL;
5907+ int Plen = -1, Nlen = -1, Tlen = -1, Alen = -1;
5908+ int decr = 0;
5909+ EVP_CIPHER_CTX ctx;
5910+ const EVP_CIPHER *ccm = NULL;
5911+ FIPS_cipher_ctx_init(&ctx);
5912+
5913+ while(fgets(buf,sizeof buf,in) != NULL)
5914+ {
5915+ char *p;
5916+ fputs(buf,out);
5917+ redo:
5918+ if (!parse_line(&keyword, &value, lbuf, buf))
5919+ continue;
5920+
5921+ /* If surrounded by square brackets zap them */
5922+ if (keyword[0] == '[')
5923+ {
5924+ keyword++;
5925+ p = strchr(value, ']');
5926+ if (p)
5927+ *p = 0;
5928+ }
5929+ /* See if we have a comma separated list of parameters
5930+ * if so copy rest of line back to buffer and redo later.
5931+ */
5932+ p = strchr(value, ',');
5933+ if (p)
5934+ {
5935+ *p = 0;
5936+ strcpy(buf, p + 1);
5937+ strcat(buf, "\n");
5938+ decr = 1;
5939+ }
5940+ if (!strcmp(keyword,"Plen"))
5941+ Plen = atoi(value);
5942+ else if (!strcmp(keyword,"Nlen"))
5943+ Nlen = atoi(value);
5944+ else if (!strcmp(keyword,"Tlen"))
5945+ Tlen = atoi(value);
5946+ else if (!strcmp(keyword,"Alen"))
5947+ Alen = atoi(value);
5948+ if (p)
5949+ goto redo;
5950+ if (!strcmp(keyword,"Key"))
5951+ {
5952+ if (Key)
5953+ OPENSSL_free(Key);
5954+ Key = hex2bin_m(value, &l);
5955+ if (l == 16)
5956+ ccm = EVP_aes_128_ccm();
5957+ else if (l == 24)
5958+ ccm = EVP_aes_192_ccm();
5959+ else if (l == 32)
5960+ ccm = EVP_aes_256_ccm();
5961+ else
5962+ {
5963+ fprintf(stderr, "Inconsistent Key length\n");
5964+ exit(1);
5965+ }
5966+ }
5967+ else if (!strcmp(keyword,"Nonce"))
5968+ {
5969+ if (Nonce)
5970+ OPENSSL_free(Nonce);
5971+ Nonce = hex2bin_m(value, &l);
5972+ if (l != Nlen)
5973+ {
5974+ fprintf(stderr, "Inconsistent nonce length\n");
5975+ exit(1);
5976+ }
5977+ }
5978+ else if (!strcmp(keyword,"Payload") && !decr)
5979+ {
5980+ Payload = hex2bin_m(value, &l);
5981+ if (Plen && l != Plen)
5982+ {
5983+ fprintf(stderr, "Inconsistent Payload length\n");
5984+ exit(1);
5985+ }
5986+ }
5987+ else if (!strcmp(keyword,"Adata"))
5988+ {
5989+ if (Adata)
5990+ OPENSSL_free(Adata);
5991+ Adata = hex2bin_m(value, &l);
5992+ if (Alen && l != Alen)
5993+ {
5994+ fprintf(stderr, "Inconsistent Payload length\n");
5995+ exit(1);
5996+ }
5997+ }
5998+ else if (!strcmp(keyword,"CT") && decr)
5999+ {
6000+ CT = hex2bin_m(value, &l);
6001+ if (l != (Plen + Tlen))
6002+ {
6003+ fprintf(stderr, "Inconsistent CT length\n");
6004+ exit(1);
6005+ }
6006+ }
6007+ if (Payload)
6008+ {
6009+ FIPS_cipherinit(&ctx, ccm, NULL, NULL, 1);
6010+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
6011+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, Tlen, 0);
6012+ FIPS_cipherinit(&ctx, NULL, Key, Nonce, 1);
6013+
6014+ FIPS_cipher(&ctx, NULL, NULL, Plen);
6015+ FIPS_cipher(&ctx, NULL, Adata, Alen);
6016+ CT = OPENSSL_malloc(Plen + Tlen);
6017+ FIPS_cipher(&ctx, CT, Payload, Plen);
6018+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, Tlen,
6019+ CT + Plen);
6020+ OutputValue("CT", CT, Plen + Tlen, out, 0);
6021+ OPENSSL_free(CT);
6022+ OPENSSL_free(Payload);
6023+ CT = Payload = NULL;
6024+ }
6025+ if (CT)
6026+ {
6027+ int rv;
6028+ int len = Plen == 0 ? 1: Plen;
6029+ FIPS_cipherinit(&ctx, ccm, NULL, NULL, 0);
6030+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
6031+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
6032+ Tlen, CT + Plen);
6033+ FIPS_cipherinit(&ctx, NULL, Key, Nonce, 0);
6034+ FIPS_cipher(&ctx, NULL, NULL, Plen);
6035+ FIPS_cipher(&ctx, NULL, Adata, Alen);
6036+ Payload = OPENSSL_malloc(len);
6037+ rv = FIPS_cipher(&ctx, Payload, CT, Plen);
6038+ if (rv >= 0)
6039+ {
6040+ if (rv == 0)
6041+ Payload[0] = 0;
6042+ fputs("Result = Pass" RESP_EOL, out);
6043+ OutputValue("Payload", Payload, len, out, 0);
6044+ }
6045+ else
6046+ fputs("Result = Fail" RESP_EOL, out);
6047+ OPENSSL_free(CT);
6048+ OPENSSL_free(Payload);
6049+ CT = Payload = NULL;
6050+ }
6051+ }
6052+ if (Key)
6053+ OPENSSL_free(Key);
6054+ if (Nonce)
6055+ OPENSSL_free(Nonce);
6056+ if (Adata)
6057+ OPENSSL_free(Adata);
6058+ FIPS_cipher_ctx_cleanup(&ctx);
6059+ }
6060+
6061+#ifdef FIPS_ALGVS
6062+int fips_gcmtest_main(int argc, char **argv)
6063+#else
6064+int main(int argc, char **argv)
6065+#endif
6066+ {
6067+ int encrypt;
6068+ int xts = 0, ccm = 0;
6069+ FILE *in, *out;
6070+ if (argc == 4)
6071+ {
6072+ in = fopen(argv[2], "r");
6073+ if (!in)
6074+ {
6075+ fprintf(stderr, "Error opening input file\n");
6076+ exit(1);
6077+ }
6078+ out = fopen(argv[3], "w");
6079+ if (!out)
6080+ {
6081+ fprintf(stderr, "Error opening output file\n");
6082+ exit(1);
6083+ }
6084+ }
6085+ else if (argc == 2)
6086+ {
6087+ in = stdin;
6088+ out = stdout;
6089+ }
6090+ else
6091+ {
6092+ fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]);
6093+ exit(1);
6094+ }
6095+ fips_algtest_init();
6096+ if(!strcmp(argv[1],"-encrypt"))
6097+ encrypt = 1;
6098+ else if(!strcmp(argv[1],"-encryptIVext"))
6099+ encrypt = 2;
6100+ else if(!strcmp(argv[1],"-decrypt"))
6101+ encrypt = 0;
6102+ else if(!strcmp(argv[1],"-ccm"))
6103+ ccm = 1;
6104+ else if(!strcmp(argv[1],"-xts"))
6105+ xts = 1;
6106+ else
6107+ {
6108+ fprintf(stderr,"Don't know how to %s.\n",argv[1]);
6109+ exit(1);
6110+ }
6111+
6112+ if (ccm)
6113+ ccmtest(in, out);
6114+ else if (xts)
6115+ xtstest(in, out);
6116+ else
6117+ gcmtest(in, out, encrypt);
6118+
6119+ if (argc == 4)
6120+ {
6121+ fclose(in);
6122+ fclose(out);
6123+ }
6124+
6125+ return 0;
6126+}
6127+
6128+#endif
a7ff9508
MT		 6129diff -up openssl-1.0.1b/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_rngvs.c
6130--- openssl-1.0.1b/crypto/fips/cavs/fips_rngvs.c.fips 2012-04-26 18:00:51.399769276 +0200
6131+++ openssl-1.0.1b/crypto/fips/cavs/fips_rngvs.c 2012-04-26 18:00:51.399769276 +0200
0595faf5
MT		 6132@@ -0,0 +1,230 @@
6133+/*
6134+ * Crude test driver for processing the VST and MCT testvector files
6135+ * generated by the CMVP RNGVS product.
6136+ *
6137+ * Note the input files are assumed to have a _very_ specific format
6138+ * as described in the NIST document "The Random Number Generator
6139+ * Validation System (RNGVS)", May 25, 2004.
6140+ *
6141+ */
6142+#include <openssl/opensslconf.h>
6143+
6144+#ifndef OPENSSL_FIPS
6145+#include <stdio.h>
6146+
6147+int main(int argc, char **argv)
6148+{
6149+ printf("No FIPS RNG support\n");
6150+ return 0;
6151+}
6152+#else
6153+
6154+#include <openssl/bn.h>
6155+#include <openssl/dsa.h>
6156+#include <openssl/fips.h>
6157+#include <openssl/err.h>
6158+#include <openssl/rand.h>
6159+#include <openssl/fips_rand.h>
6160+#include <openssl/x509v3.h>
6161+#include <string.h>
6162+#include <ctype.h>
6163+
6164+#include "fips_utl.h"
6165+
6166+void vst()
6167+ {
6168+ unsigned char *key = NULL;
6169+ unsigned char *v = NULL;
6170+ unsigned char *dt = NULL;
6171+ unsigned char ret[16];
6172+ char buf[1024];
6173+ char lbuf[1024];
6174+ char *keyword, *value;
6175+ long i, keylen;
6176+
6177+ keylen = 0;
6178+
6179+ while(fgets(buf,sizeof buf,stdin) != NULL)
6180+ {
6181+ fputs(buf,stdout);
6182+ if(!strncmp(buf,"[AES 128-Key]", 13))
6183+ keylen = 16;
6184+ else if(!strncmp(buf,"[AES 192-Key]", 13))
6185+ keylen = 24;
6186+ else if(!strncmp(buf,"[AES 256-Key]", 13))
6187+ keylen = 32;
6188+ if (!parse_line(&keyword, &value, lbuf, buf))
6189+ continue;
6190+ if(!strcmp(keyword,"Key"))
6191+ {
6192+ key=hex2bin_m(value,&i);
6193+ if (i != keylen)
6194+ {
6195+ fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
6196+ return;
6197+ }
6198+ }
6199+ else if(!strcmp(keyword,"DT"))
6200+ {
6201+ dt=hex2bin_m(value,&i);
6202+ if (i != 16)
6203+ {
6204+ fprintf(stderr, "Invalid DT length\n");
6205+ return;
6206+ }
6207+ }
6208+ else if(!strcmp(keyword,"V"))
6209+ {
6210+ v=hex2bin_m(value,&i);
6211+ if (i != 16)
6212+ {
6213+ fprintf(stderr, "Invalid V length\n");
6214+ return;
6215+ }
6216+
6217+ if (!key || !dt)
6218+ {
6219+ fprintf(stderr, "Missing key or DT\n");
6220+ return;
6221+ }
6222+
6223+ FIPS_x931_set_key(key, keylen);
6224+ FIPS_x931_seed(v,16);
6225+ FIPS_x931_set_dt(dt);
6226+ if (FIPS_x931_bytes(ret,16) <= 0)
6227+ {
6228+ fprintf(stderr, "Error getting PRNG value\n");
6229+ return;
6230+ }
6231+
6232+ pv("R",ret,16);
6233+ OPENSSL_free(key);
6234+ key = NULL;
6235+ OPENSSL_free(dt);
6236+ dt = NULL;
6237+ OPENSSL_free(v);
6238+ v = NULL;
6239+ }
6240+ }
6241+ }
6242+
6243+void mct()
6244+ {
6245+ unsigned char *key = NULL;
6246+ unsigned char *v = NULL;
6247+ unsigned char *dt = NULL;
6248+ unsigned char ret[16];
6249+ char buf[1024];
6250+ char lbuf[1024];
6251+ char *keyword, *value;
6252+ long i, keylen;
6253+ int j;
6254+
6255+ keylen = 0;
6256+
6257+ while(fgets(buf,sizeof buf,stdin) != NULL)
6258+ {
6259+ fputs(buf,stdout);
6260+ if(!strncmp(buf,"[AES 128-Key]", 13))
6261+ keylen = 16;
6262+ else if(!strncmp(buf,"[AES 192-Key]", 13))
6263+ keylen = 24;
6264+ else if(!strncmp(buf,"[AES 256-Key]", 13))
6265+ keylen = 32;
6266+ if (!parse_line(&keyword, &value, lbuf, buf))
6267+ continue;
6268+ if(!strcmp(keyword,"Key"))
6269+ {
6270+ key=hex2bin_m(value,&i);
6271+ if (i != keylen)
6272+ {
6273+ fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
6274+ return;
6275+ }
6276+ }
6277+ else if(!strcmp(keyword,"DT"))
6278+ {
6279+ dt=hex2bin_m(value,&i);
6280+ if (i != 16)
6281+ {
6282+ fprintf(stderr, "Invalid DT length\n");
6283+ return;
6284+ }
6285+ }
6286+ else if(!strcmp(keyword,"V"))
6287+ {
6288+ v=hex2bin_m(value,&i);
6289+ if (i != 16)
6290+ {
6291+ fprintf(stderr, "Invalid V length\n");
6292+ return;
6293+ }
6294+
6295+ if (!key || !dt)
6296+ {
6297+ fprintf(stderr, "Missing key or DT\n");
6298+ return;
6299+ }
6300+
6301+ FIPS_x931_set_key(key, keylen);
6302+ FIPS_x931_seed(v,16);
6303+ for (i = 0; i < 10000; i++)
6304+ {
6305+ FIPS_x931_set_dt(dt);
6306+ if (FIPS_x931_bytes(ret,16) <= 0)
6307+ {
6308+ fprintf(stderr, "Error getting PRNG value\n");
6309+ return;
6310+ }
6311+ /* Increment DT */
6312+ for (j = 15; j >= 0; j--)
6313+ {
6314+ dt[j]++;
6315+ if (dt[j])
6316+ break;
6317+ }
6318+ }
6319+
6320+ pv("R",ret,16);
6321+ OPENSSL_free(key);
6322+ key = NULL;
6323+ OPENSSL_free(dt);
6324+ dt = NULL;
6325+ OPENSSL_free(v);
6326+ v = NULL;
6327+ }
6328+ }
6329+ }
6330+
6331+int main(int argc,char **argv)
6332+ {
6333+ if(argc != 2)
6334+ {
6335+ fprintf(stderr,"%s [mct|vst]\n",argv[0]);
6336+ exit(1);
6337+ }
6338+ if(!FIPS_mode_set(1))
6339+ {
6340+ do_print_errors();
6341+ exit(1);
6342+ }
6343+ FIPS_x931_reset();
6344+ if (!FIPS_x931_test_mode())
6345+ {
6346+ fprintf(stderr, "Error setting PRNG test mode\n");
6347+ do_print_errors();
6348+ exit(1);
6349+ }
6350+ if(!strcmp(argv[1],"mct"))
6351+ mct();
6352+ else if(!strcmp(argv[1],"vst"))
6353+ vst();
6354+ else
6355+ {
6356+ fprintf(stderr,"Don't know how to %s.\n",argv[1]);
6357+ exit(1);
6358+ }
6359+
6360+ return 0;
6361+ }
6362+#endif
a7ff9508
MT		 6363diff -up openssl-1.0.1b/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_rsagtest.c
6364--- openssl-1.0.1b/crypto/fips/cavs/fips_rsagtest.c.fips 2012-04-26 18:00:51.399769276 +0200
6365+++ openssl-1.0.1b/crypto/fips/cavs/fips_rsagtest.c 2012-04-26 18:00:51.399769276 +0200
0595faf5
MT		 6366@@ -0,0 +1,390 @@
6367+/* fips_rsagtest.c */
6368+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
6369+ * project 2005.
6370+ */
6371+/* ====================================================================
6372+ * Copyright (c) 2005,2007 The OpenSSL Project. All rights reserved.
6373+ *
6374+ * Redistribution and use in source and binary forms, with or without
6375+ * modification, are permitted provided that the following conditions
6376+ * are met:
6377+ *
6378+ * 1. Redistributions of source code must retain the above copyright
6379+ * notice, this list of conditions and the following disclaimer.
6380+ *
6381+ * 2. Redistributions in binary form must reproduce the above copyright
6382+ * notice, this list of conditions and the following disclaimer in
6383+ * the documentation and/or other materials provided with the
6384+ * distribution.
6385+ *
6386+ * 3. All advertising materials mentioning features or use of this
6387+ * software must display the following acknowledgment:
6388+ * "This product includes software developed by the OpenSSL Project
6389+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
6390+ *
6391+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
6392+ * endorse or promote products derived from this software without
6393+ * prior written permission. For written permission, please contact
6394+ * licensing@OpenSSL.org.
6395+ *
6396+ * 5. Products derived from this software may not be called "OpenSSL"
6397+ * nor may "OpenSSL" appear in their names without prior written
6398+ * permission of the OpenSSL Project.
6399+ *
6400+ * 6. Redistributions of any form whatsoever must retain the following
6401+ * acknowledgment:
6402+ * "This product includes software developed by the OpenSSL Project
6403+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
6404+ *
6405+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
6406+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
6407+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
6408+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
6409+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
6410+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
6411+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
6412+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
6413+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
6414+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
6415+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
6416+ * OF THE POSSIBILITY OF SUCH DAMAGE.
6417+ * ====================================================================
6418+ *
6419+ * This product includes cryptographic software written by Eric Young
6420+ * (eay@cryptsoft.com). This product includes software written by Tim
6421+ * Hudson (tjh@cryptsoft.com).
6422+ *
6423+ */
6424+
6425+#include <stdio.h>
6426+#include <ctype.h>
6427+#include <string.h>
6428+#include <openssl/bio.h>
6429+#include <openssl/evp.h>
6430+#include <openssl/hmac.h>
6431+#include <openssl/err.h>
6432+#include <openssl/rsa.h>
6433+#include <openssl/bn.h>
6434+#include <openssl/x509v3.h>
6435+
6436+#ifndef OPENSSL_FIPS
6437+
6438+int main(int argc, char *argv[])
6439+{
6440+ printf("No FIPS RSA support\n");
6441+ return(0);
6442+}
6443+
6444+#else
6445+
6446+#include "fips_utl.h"
6447+
6448+int rsa_test(FILE *out, FILE *in);
6449+static int rsa_printkey1(FILE *out, RSA *rsa,
6450+ BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
6451+ BIGNUM *e);
6452+static int rsa_printkey2(FILE *out, RSA *rsa,
6453+ BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq);
6454+
6455+int main(int argc, char **argv)
6456+ {
6457+ FILE *in = NULL, *out = NULL;
6458+
6459+ int ret = 1;
6460+
6461+ if(!FIPS_mode_set(1))
6462+ {
6463+ do_print_errors();
6464+ goto end;
6465+ }
6466+
6467+ if (argc == 1)
6468+ in = stdin;
6469+ else
6470+ in = fopen(argv[1], "r");
6471+
6472+ if (argc < 2)
6473+ out = stdout;
6474+ else
6475+ out = fopen(argv[2], "w");
6476+
6477+ if (!in)
6478+ {
6479+ fprintf(stderr, "FATAL input initialization error\n");
6480+ goto end;
6481+ }
6482+
6483+ if (!out)
6484+ {
6485+ fprintf(stderr, "FATAL output initialization error\n");
6486+ goto end;
6487+ }
6488+
6489+ if (!rsa_test(out, in))
6490+ {
6491+ fprintf(stderr, "FATAL RSAGTEST file processing error\n");
6492+ goto end;
6493+ }
6494+ else
6495+ ret = 0;
6496+
6497+ end:
6498+
6499+ if (ret)
6500+ do_print_errors();
6501+
6502+ if (in && (in != stdin))
6503+ fclose(in);
6504+ if (out && (out != stdout))
6505+ fclose(out);
6506+
6507+ return ret;
6508+
6509+ }
6510+
6511+#define RSA_TEST_MAXLINELEN 10240
6512+
6513+int rsa_test(FILE *out, FILE *in)
6514+ {
6515+ char *linebuf, *olinebuf, *p, *q;
6516+ char *keyword, *value;
6517+ RSA *rsa = NULL;
6518+ BIGNUM *Xp1 = NULL, *Xp2 = NULL, *Xp = NULL;
6519+ BIGNUM *Xq1 = NULL, *Xq2 = NULL, *Xq = NULL;
6520+ BIGNUM *e = NULL;
6521+ int ret = 0;
6522+ int lnum = 0;
6523+
6524+ olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
6525+ linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
6526+
6527+ if (!linebuf || !olinebuf)
6528+ goto error;
6529+
6530+ while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
6531+ {
6532+ lnum++;
6533+ strcpy(linebuf, olinebuf);
6534+ keyword = linebuf;
6535+ /* Skip leading space */
6536+ while (isspace((unsigned char)*keyword))
6537+ keyword++;
6538+
6539+ /* Look for = sign */
6540+ p = strchr(linebuf, '=');
6541+
6542+ /* If no = or starts with [ (for [foo = bar] line) just copy */
6543+ if (!p || *keyword=='[')
6544+ {
6545+ if (fputs(olinebuf, out) < 0)
6546+ goto error;
6547+ continue;
6548+ }
6549+
6550+ q = p - 1;
6551+
6552+ /* Remove trailing space */
6553+ while (isspace((unsigned char)*q))
6554+ *q-- = 0;
6555+
6556+ *p = 0;
6557+ value = p + 1;
6558+
6559+ /* Remove leading space from value */
6560+ while (isspace((unsigned char)*value))
6561+ value++;
6562+
6563+ /* Remove trailing space from value */
6564+ p = value + strlen(value) - 1;
6565+
6566+ while (*p == '\n' || isspace((unsigned char)*p))
6567+ *p-- = 0;
6568+
6569+ if (!strcmp(keyword, "xp1"))
6570+ {
6571+ if (Xp1 || !do_hex2bn(&Xp1,value))
6572+ goto parse_error;
6573+ }
6574+ else if (!strcmp(keyword, "xp2"))
6575+ {
6576+ if (Xp2 || !do_hex2bn(&Xp2,value))
6577+ goto parse_error;
6578+ }
6579+ else if (!strcmp(keyword, "Xp"))
6580+ {
6581+ if (Xp || !do_hex2bn(&Xp,value))
6582+ goto parse_error;
6583+ }
6584+ else if (!strcmp(keyword, "xq1"))
6585+ {
6586+ if (Xq1 || !do_hex2bn(&Xq1,value))
6587+ goto parse_error;
6588+ }
6589+ else if (!strcmp(keyword, "xq2"))
6590+ {
6591+ if (Xq2 || !do_hex2bn(&Xq2,value))
6592+ goto parse_error;
6593+ }
6594+ else if (!strcmp(keyword, "Xq"))
6595+ {
6596+ if (Xq || !do_hex2bn(&Xq,value))
6597+ goto parse_error;
6598+ }
6599+ else if (!strcmp(keyword, "e"))
6600+ {
6601+ if (e || !do_hex2bn(&e,value))
6602+ goto parse_error;
6603+ }
6604+ else if (!strcmp(keyword, "p1"))
6605+ continue;
6606+ else if (!strcmp(keyword, "p2"))
6607+ continue;
6608+ else if (!strcmp(keyword, "p"))
6609+ continue;
6610+ else if (!strcmp(keyword, "q1"))
6611+ continue;
6612+ else if (!strcmp(keyword, "q2"))
6613+ continue;
6614+ else if (!strcmp(keyword, "q"))
6615+ continue;
6616+ else if (!strcmp(keyword, "n"))
6617+ continue;
6618+ else if (!strcmp(keyword, "d"))
6619+ continue;
6620+ else
6621+ goto parse_error;
6622+
6623+ fputs(olinebuf, out);
6624+
6625+ if (e && Xp1 && Xp2 && Xp)
6626+ {
6627+ rsa = FIPS_rsa_new();
6628+ if (!rsa)
6629+ goto error;
6630+ if (!rsa_printkey1(out, rsa, Xp1, Xp2, Xp, e))
6631+ goto error;
6632+ BN_free(Xp1);
6633+ Xp1 = NULL;
6634+ BN_free(Xp2);
6635+ Xp2 = NULL;
6636+ BN_free(Xp);
6637+ Xp = NULL;
6638+ BN_free(e);
6639+ e = NULL;
6640+ }
6641+
6642+ if (rsa && Xq1 && Xq2 && Xq)
6643+ {
6644+ if (!rsa_printkey2(out, rsa, Xq1, Xq2, Xq))
6645+ goto error;
6646+ BN_free(Xq1);
6647+ Xq1 = NULL;
6648+ BN_free(Xq2);
6649+ Xq2 = NULL;
6650+ BN_free(Xq);
6651+ Xq = NULL;
6652+ FIPS_rsa_free(rsa);
6653+ rsa = NULL;
6654+ }
6655+ }
6656+
6657+ ret = 1;
6658+
6659+ error:
6660+
6661+ if (olinebuf)
6662+ OPENSSL_free(olinebuf);
6663+ if (linebuf)
6664+ OPENSSL_free(linebuf);
6665+
6666+ if (Xp1)
6667+ BN_free(Xp1);
6668+ if (Xp2)
6669+ BN_free(Xp2);
6670+ if (Xp)
6671+ BN_free(Xp);
6672+ if (Xq1)
6673+ BN_free(Xq1);
6674+ if (Xq1)
6675+ BN_free(Xq1);
6676+ if (Xq2)
6677+ BN_free(Xq2);
6678+ if (Xq)
6679+ BN_free(Xq);
6680+ if (e)
6681+ BN_free(e);
6682+ if (rsa)
6683+ FIPS_rsa_free(rsa);
6684+
6685+ return ret;
6686+
6687+ parse_error:
6688+
6689+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
6690+
6691+ goto error;
6692+
6693+ }
6694+
6695+static int rsa_printkey1(FILE *out, RSA *rsa,
6696+ BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
6697+ BIGNUM *e)
6698+ {
6699+ int ret = 0;
6700+ BIGNUM *p1 = NULL, *p2 = NULL;
6701+ p1 = BN_new();
6702+ p2 = BN_new();
6703+ if (!p1 || !p2)
6704+ goto error;
6705+
6706+ if (!RSA_X931_derive_ex(rsa, p1, p2, NULL, NULL, Xp1, Xp2, Xp,
6707+ NULL, NULL, NULL, e, NULL))
6708+ goto error;
6709+
6710+ do_bn_print_name(out, "p1", p1);
6711+ do_bn_print_name(out, "p2", p2);
6712+ do_bn_print_name(out, "p", rsa->p);
6713+
6714+ ret = 1;
6715+
6716+ error:
6717+ if (p1)
6718+ BN_free(p1);
6719+ if (p2)
6720+ BN_free(p2);
6721+
6722+ return ret;
6723+ }
6724+
6725+static int rsa_printkey2(FILE *out, RSA *rsa,
6726+ BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq)
6727+ {
6728+ int ret = 0;
6729+ BIGNUM *q1 = NULL, *q2 = NULL;
6730+ q1 = BN_new();
6731+ q2 = BN_new();
6732+ if (!q1 || !q2)
6733+ goto error;
6734+
6735+ if (!RSA_X931_derive_ex(rsa, NULL, NULL, q1, q2, NULL, NULL, NULL,
6736+ Xq1, Xq2, Xq, NULL, NULL))
6737+ goto error;
6738+
6739+ do_bn_print_name(out, "q1", q1);
6740+ do_bn_print_name(out, "q2", q2);
6741+ do_bn_print_name(out, "q", rsa->q);
6742+ do_bn_print_name(out, "n", rsa->n);
6743+ do_bn_print_name(out, "d", rsa->d);
6744+
6745+ ret = 1;
6746+
6747+ error:
6748+ if (q1)
6749+ BN_free(q1);
6750+ if (q2)
6751+ BN_free(q2);
6752+
6753+ return ret;
6754+ }
6755+
6756+#endif
a7ff9508
MT		 6757diff -up openssl-1.0.1b/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_rsastest.c
6758--- openssl-1.0.1b/crypto/fips/cavs/fips_rsastest.c.fips 2012-04-26 18:00:51.400769298 +0200
6759+++ openssl-1.0.1b/crypto/fips/cavs/fips_rsastest.c 2012-04-26 18:00:51.400769298 +0200
0595faf5
MT		 6760@@ -0,0 +1,370 @@
6761+/* fips_rsastest.c */
6762+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
6763+ * project 2005.
6764+ */
6765+/* ====================================================================
6766+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
6767+ *
6768+ * Redistribution and use in source and binary forms, with or without
6769+ * modification, are permitted provided that the following conditions
6770+ * are met:
6771+ *
6772+ * 1. Redistributions of source code must retain the above copyright
6773+ * notice, this list of conditions and the following disclaimer.
6774+ *
6775+ * 2. Redistributions in binary form must reproduce the above copyright
6776+ * notice, this list of conditions and the following disclaimer in
6777+ * the documentation and/or other materials provided with the
6778+ * distribution.
6779+ *
6780+ * 3. All advertising materials mentioning features or use of this
6781+ * software must display the following acknowledgment:
6782+ * "This product includes software developed by the OpenSSL Project
6783+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
6784+ *
6785+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
6786+ * endorse or promote products derived from this software without
6787+ * prior written permission. For written permission, please contact
6788+ * licensing@OpenSSL.org.
6789+ *
6790+ * 5. Products derived from this software may not be called "OpenSSL"
6791+ * nor may "OpenSSL" appear in their names without prior written
6792+ * permission of the OpenSSL Project.
6793+ *
6794+ * 6. Redistributions of any form whatsoever must retain the following
6795+ * acknowledgment:
6796+ * "This product includes software developed by the OpenSSL Project
6797+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
6798+ *
6799+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
6800+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
6801+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
6802+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
6803+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
6804+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
6805+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
6806+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
6807+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
6808+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
6809+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
6810+ * OF THE POSSIBILITY OF SUCH DAMAGE.
6811+ * ====================================================================
6812+ *
6813+ * This product includes cryptographic software written by Eric Young
6814+ * (eay@cryptsoft.com). This product includes software written by Tim
6815+ * Hudson (tjh@cryptsoft.com).
6816+ *
6817+ */
6818+
6819+#include <stdio.h>
6820+#include <ctype.h>
6821+#include <string.h>
6822+#include <openssl/bio.h>
6823+#include <openssl/evp.h>
6824+#include <openssl/hmac.h>
6825+#include <openssl/err.h>
6826+#include <openssl/rsa.h>
6827+#include <openssl/bn.h>
6828+#include <openssl/x509v3.h>
6829+
6830+#ifndef OPENSSL_FIPS
6831+
6832+int main(int argc, char *argv[])
6833+{
6834+ printf("No FIPS RSA support\n");
6835+ return(0);
6836+}
6837+
6838+#else
6839+
6840+#include "fips_utl.h"
6841+
6842+static int rsa_stest(FILE *out, FILE *in, int Saltlen);
6843+static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
6844+ unsigned char *Msg, long Msglen, int Saltlen);
6845+
6846+int main(int argc, char **argv)
6847+ {
6848+ FILE *in = NULL, *out = NULL;
6849+
6850+ int ret = 1, Saltlen = -1;
6851+
6852+ if(!FIPS_mode_set(1))
6853+ {
6854+ do_print_errors();
6855+ goto end;
6856+ }
6857+
6858+ if ((argc > 2) && !strcmp("-saltlen", argv[1]))
6859+ {
6860+ Saltlen = atoi(argv[2]);
6861+ if (Saltlen < 0)
6862+ {
6863+ fprintf(stderr, "FATAL: Invalid salt length\n");
6864+ goto end;
6865+ }
6866+ argc -= 2;
6867+ argv += 2;
6868+ }
6869+ else if ((argc > 1) && !strcmp("-x931", argv[1]))
6870+ {
6871+ Saltlen = -2;
6872+ argc--;
6873+ argv++;
6874+ }
6875+
6876+ if (argc == 1)
6877+ in = stdin;
6878+ else
6879+ in = fopen(argv[1], "r");
6880+
6881+ if (argc < 2)
6882+ out = stdout;
6883+ else
6884+ out = fopen(argv[2], "w");
6885+
6886+ if (!in)
6887+ {
6888+ fprintf(stderr, "FATAL input initialization error\n");
6889+ goto end;
6890+ }
6891+
6892+ if (!out)
6893+ {
6894+ fprintf(stderr, "FATAL output initialization error\n");
6895+ goto end;
6896+ }
6897+
6898+ if (!rsa_stest(out, in, Saltlen))
6899+ {
6900+ fprintf(stderr, "FATAL RSASTEST file processing error\n");
6901+ goto end;
6902+ }
6903+ else
6904+ ret = 0;
6905+
6906+ end:
6907+
6908+ if (ret)
6909+ do_print_errors();
6910+
6911+ if (in && (in != stdin))
6912+ fclose(in);
6913+ if (out && (out != stdout))
6914+ fclose(out);
6915+
6916+ return ret;
6917+
6918+ }
6919+
6920+#define RSA_TEST_MAXLINELEN 10240
6921+
6922+int rsa_stest(FILE *out, FILE *in, int Saltlen)
6923+ {
6924+ char *linebuf, *olinebuf, *p, *q;
6925+ char *keyword, *value;
6926+ RSA *rsa = NULL;
6927+ const EVP_MD *dgst = NULL;
6928+ unsigned char *Msg = NULL;
6929+ long Msglen = -1;
6930+ int keylen = -1, current_keylen = -1;
6931+ int ret = 0;
6932+ int lnum = 0;
6933+
6934+ olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
6935+ linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
6936+
6937+ if (!linebuf || !olinebuf)
6938+ goto error;
6939+
6940+ while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
6941+ {
6942+ lnum++;
6943+ strcpy(linebuf, olinebuf);
6944+ keyword = linebuf;
6945+ /* Skip leading space */
6946+ while (isspace((unsigned char)*keyword))
6947+ keyword++;
6948+
6949+ /* Look for = sign */
6950+ p = strchr(linebuf, '=');
6951+
6952+ /* If no = just copy */
6953+ if (!p)
6954+ {
6955+ if (fputs(olinebuf, out) < 0)
6956+ goto error;
6957+ continue;
6958+ }
6959+
6960+ q = p - 1;
6961+
6962+ /* Remove trailing space */
6963+ while (isspace((unsigned char)*q))
6964+ *q-- = 0;
6965+
6966+ *p = 0;
6967+ value = p + 1;
6968+
6969+ /* Remove leading space from value */
6970+ while (isspace((unsigned char)*value))
6971+ value++;
6972+
6973+ /* Remove trailing space from value */
6974+ p = value + strlen(value) - 1;
6975+
6976+ while (*p == '\n' || isspace((unsigned char)*p))
6977+ *p-- = 0;
6978+
6979+ /* Look for [mod = XXX] for key length */
6980+
6981+ if (!strcmp(keyword, "[mod"))
6982+ {
6983+ p = value + strlen(value) - 1;
6984+ if (*p != ']')
6985+ goto parse_error;
6986+ *p = 0;
6987+ keylen = atoi(value);
6988+ if (keylen < 0)
6989+ goto parse_error;
6990+ }
6991+ else if (!strcmp(keyword, "SHAAlg"))
6992+ {
6993+ if (!strcmp(value, "SHA1"))
6994+ dgst = EVP_sha1();
6995+ else if (!strcmp(value, "SHA224"))
6996+ dgst = EVP_sha224();
6997+ else if (!strcmp(value, "SHA256"))
6998+ dgst = EVP_sha256();
6999+ else if (!strcmp(value, "SHA384"))
7000+ dgst = EVP_sha384();
7001+ else if (!strcmp(value, "SHA512"))
7002+ dgst = EVP_sha512();
7003+ else
7004+ {
7005+ fprintf(stderr,
7006+ "FATAL: unsupported algorithm \"%s\"\n",
7007+ value);
7008+ goto parse_error;
7009+ }
7010+ }
7011+ else if (!strcmp(keyword, "Msg"))
7012+ {
7013+ if (Msg)
7014+ goto parse_error;
7015+ if (strlen(value) & 1)
7016+ *(--value) = '0';
7017+ Msg = hex2bin_m(value, &Msglen);
7018+ if (!Msg)
7019+ goto parse_error;
7020+ }
7021+
7022+ fputs(olinebuf, out);
7023+
7024+ /* If key length has changed, generate and output public
7025+ * key components of new RSA private key.
7026+ */
7027+
7028+ if (keylen != current_keylen)
7029+ {
7030+ BIGNUM *bn_e;
7031+ if (rsa)
7032+ FIPS_rsa_free(rsa);
7033+ rsa = FIPS_rsa_new();
7034+ if (!rsa)
7035+ goto error;
7036+ bn_e = BN_new();
7037+ if (!bn_e || !BN_set_word(bn_e, 0x1001))
7038+ goto error;
7039+ if (!RSA_X931_generate_key_ex(rsa, keylen, bn_e, NULL))
7040+ goto error;
7041+ BN_free(bn_e);
7042+ fputs("n = ", out);
7043+ do_bn_print(out, rsa->n);
7044+ fputs("\ne = ", out);
7045+ do_bn_print(out, rsa->e);
7046+ fputs("\n", out);
7047+ current_keylen = keylen;
7048+ }
7049+
7050+ if (Msg && dgst)
7051+ {
7052+ if (!rsa_printsig(out, rsa, dgst, Msg, Msglen,
7053+ Saltlen))
7054+ goto error;
7055+ OPENSSL_free(Msg);
7056+ Msg = NULL;
7057+ }
7058+
7059+ }
7060+
7061+ ret = 1;
7062+
7063+ error:
7064+
7065+ if (olinebuf)
7066+ OPENSSL_free(olinebuf);
7067+ if (linebuf)
7068+ OPENSSL_free(linebuf);
7069+ if (rsa)
7070+ FIPS_rsa_free(rsa);
7071+
7072+ return ret;
7073+
7074+ parse_error:
7075+
7076+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
7077+
7078+ goto error;
7079+
7080+ }
7081+
7082+static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
7083+ unsigned char *Msg, long Msglen, int Saltlen)
7084+ {
7085+ int ret = 0;
7086+ unsigned char *sigbuf = NULL;
7087+ int i, siglen;
7088+ /* EVP_PKEY structure */
7089+ EVP_PKEY pk;
7090+ EVP_MD_CTX ctx;
7091+ pk.type = EVP_PKEY_RSA;
7092+ pk.pkey.rsa = rsa;
7093+
7094+ siglen = RSA_size(rsa);
7095+ sigbuf = OPENSSL_malloc(siglen);
7096+ if (!sigbuf)
7097+ goto error;
7098+
7099+ EVP_MD_CTX_init(&ctx);
7100+
7101+ if (Saltlen >= 0)
7102+ {
7103+ M_EVP_MD_CTX_set_flags(&ctx,
7104+ EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16));
7105+ }
7106+ else if (Saltlen == -2)
7107+ M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931);
7108+ if (!EVP_SignInit_ex(&ctx, dgst, NULL))
7109+ goto error;
7110+ if (!EVP_SignUpdate(&ctx, Msg, Msglen))
7111+ goto error;
7112+ if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, &pk))
7113+ goto error;
7114+
7115+ EVP_MD_CTX_cleanup(&ctx);
7116+
7117+ fputs("S = ", out);
7118+
7119+ for (i = 0; i < siglen; i++)
7120+ fprintf(out, "%02X", sigbuf[i]);
7121+
7122+ fputs("\n", out);
7123+
7124+ ret = 1;
7125+
7126+ error:
7127+
7128+ return ret;
7129+ }
7130+#endif
a7ff9508
MT		 7131diff -up openssl-1.0.1b/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_rsavtest.c
7132--- openssl-1.0.1b/crypto/fips/cavs/fips_rsavtest.c.fips 2012-04-26 18:00:51.400769298 +0200
7133+++ openssl-1.0.1b/crypto/fips/cavs/fips_rsavtest.c 2012-04-26 18:00:51.400769298 +0200
0595faf5
MT		 7134@@ -0,0 +1,377 @@
7135+/* fips_rsavtest.c */
7136+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
7137+ * project 2005.
7138+ */
7139+/* ====================================================================
7140+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
7141+ *
7142+ * Redistribution and use in source and binary forms, with or without
7143+ * modification, are permitted provided that the following conditions
7144+ * are met:
7145+ *
7146+ * 1. Redistributions of source code must retain the above copyright
7147+ * notice, this list of conditions and the following disclaimer.
7148+ *
7149+ * 2. Redistributions in binary form must reproduce the above copyright
7150+ * notice, this list of conditions and the following disclaimer in
7151+ * the documentation and/or other materials provided with the
7152+ * distribution.
7153+ *
7154+ * 3. All advertising materials mentioning features or use of this
7155+ * software must display the following acknowledgment:
7156+ * "This product includes software developed by the OpenSSL Project
7157+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
7158+ *
7159+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
7160+ * endorse or promote products derived from this software without
7161+ * prior written permission. For written permission, please contact
7162+ * licensing@OpenSSL.org.
7163+ *
7164+ * 5. Products derived from this software may not be called "OpenSSL"
7165+ * nor may "OpenSSL" appear in their names without prior written
7166+ * permission of the OpenSSL Project.
7167+ *
7168+ * 6. Redistributions of any form whatsoever must retain the following
7169+ * acknowledgment:
7170+ * "This product includes software developed by the OpenSSL Project
7171+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
7172+ *
7173+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
7174+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
7175+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
7176+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
7177+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
7178+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
7179+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
7180+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
7181+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
7182+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
7183+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
7184+ * OF THE POSSIBILITY OF SUCH DAMAGE.
7185+ * ====================================================================
7186+ *
7187+ * This product includes cryptographic software written by Eric Young
7188+ * (eay@cryptsoft.com). This product includes software written by Tim
7189+ * Hudson (tjh@cryptsoft.com).
7190+ *
7191+ */
7192+
7193+#include <stdio.h>
7194+#include <ctype.h>
7195+#include <string.h>
7196+#include <openssl/bio.h>
7197+#include <openssl/evp.h>
7198+#include <openssl/hmac.h>
7199+#include <openssl/err.h>
7200+#include <openssl/x509v3.h>
7201+#include <openssl/bn.h>
7202+#include <openssl/rsa.h>
7203+
7204+#ifndef OPENSSL_FIPS
7205+
7206+int main(int argc, char *argv[])
7207+{
7208+ printf("No FIPS RSA support\n");
7209+ return(0);
7210+}
7211+
7212+#else
7213+
7214+#include "fips_utl.h"
7215+
7216+int rsa_test(FILE *out, FILE *in, int saltlen);
7217+static int rsa_printver(FILE *out,
7218+ BIGNUM *n, BIGNUM *e,
7219+ const EVP_MD *dgst,
7220+ unsigned char *Msg, long Msglen,
7221+ unsigned char *S, long Slen, int Saltlen);
7222+
7223+int main(int argc, char **argv)
7224+ {
7225+ FILE *in = NULL, *out = NULL;
7226+
7227+ int ret = 1;
7228+ int Saltlen = -1;
7229+
7230+ if(!FIPS_mode_set(1))
7231+ {
7232+ do_print_errors();
7233+ goto end;
7234+ }
7235+
7236+ if ((argc > 2) && !strcmp("-saltlen", argv[1]))
7237+ {
7238+ Saltlen = atoi(argv[2]);
7239+ if (Saltlen < 0)
7240+ {
7241+ fprintf(stderr, "FATAL: Invalid salt length\n");
7242+ goto end;
7243+ }
7244+ argc -= 2;
7245+ argv += 2;
7246+ }
7247+ else if ((argc > 1) && !strcmp("-x931", argv[1]))
7248+ {
7249+ Saltlen = -2;
7250+ argc--;
7251+ argv++;
7252+ }
7253+
7254+ if (argc == 1)
7255+ in = stdin;
7256+ else
7257+ in = fopen(argv[1], "r");
7258+
7259+ if (argc < 2)
7260+ out = stdout;
7261+ else
7262+ out = fopen(argv[2], "w");
7263+
7264+ if (!in)
7265+ {
7266+ fprintf(stderr, "FATAL input initialization error\n");
7267+ goto end;
7268+ }
7269+
7270+ if (!out)
7271+ {
7272+ fprintf(stderr, "FATAL output initialization error\n");
7273+ goto end;
7274+ }
7275+
7276+ if (!rsa_test(out, in, Saltlen))
7277+ {
7278+ fprintf(stderr, "FATAL RSAVTEST file processing error\n");
7279+ goto end;
7280+ }
7281+ else
7282+ ret = 0;
7283+
7284+ end:
7285+
7286+ if (ret)
7287+ do_print_errors();
7288+
7289+ if (in && (in != stdin))
7290+ fclose(in);
7291+ if (out && (out != stdout))
7292+ fclose(out);
7293+
7294+ return ret;
7295+
7296+ }
7297+
7298+#define RSA_TEST_MAXLINELEN 10240
7299+
7300+int rsa_test(FILE *out, FILE *in, int Saltlen)
7301+ {
7302+ char *linebuf, *olinebuf, *p, *q;
7303+ char *keyword, *value;
7304+ const EVP_MD *dgst = NULL;
7305+ BIGNUM *n = NULL, *e = NULL;
7306+ unsigned char *Msg = NULL, *S = NULL;
7307+ long Msglen, Slen;
7308+ int ret = 0;
7309+ int lnum = 0;
7310+
7311+ olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
7312+ linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
7313+
7314+ if (!linebuf || !olinebuf)
7315+ goto error;
7316+
7317+ while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
7318+ {
7319+ lnum++;
7320+ strcpy(linebuf, olinebuf);
7321+ keyword = linebuf;
7322+ /* Skip leading space */
7323+ while (isspace((unsigned char)*keyword))
7324+ keyword++;
7325+
7326+ /* Look for = sign */
7327+ p = strchr(linebuf, '=');
7328+
7329+ /* If no = or starts with [ (for [foo = bar] line) just copy */
7330+ if (!p || *keyword=='[')
7331+ {
7332+ if (fputs(olinebuf, out) < 0)
7333+ goto error;
7334+ continue;
7335+ }
7336+
7337+ q = p - 1;
7338+
7339+ /* Remove trailing space */
7340+ while (isspace((unsigned char)*q))
7341+ *q-- = 0;
7342+
7343+ *p = 0;
7344+ value = p + 1;
7345+
7346+ /* Remove leading space from value */
7347+ while (isspace((unsigned char)*value))
7348+ value++;
7349+
7350+ /* Remove trailing space from value */
7351+ p = value + strlen(value) - 1;
7352+
7353+ while (*p == '\n' || isspace((unsigned char)*p))
7354+ *p-- = 0;
7355+
7356+ if (!strcmp(keyword, "n"))
7357+ {
7358+ if (!do_hex2bn(&n,value))
7359+ goto parse_error;
7360+ }
7361+ else if (!strcmp(keyword, "e"))
7362+ {
7363+ if (!do_hex2bn(&e,value))
7364+ goto parse_error;
7365+ }
7366+ else if (!strcmp(keyword, "SHAAlg"))
7367+ {
7368+ if (!strcmp(value, "SHA1"))
7369+ dgst = EVP_sha1();
7370+ else if (!strcmp(value, "SHA224"))
7371+ dgst = EVP_sha224();
7372+ else if (!strcmp(value, "SHA256"))
7373+ dgst = EVP_sha256();
7374+ else if (!strcmp(value, "SHA384"))
7375+ dgst = EVP_sha384();
7376+ else if (!strcmp(value, "SHA512"))
7377+ dgst = EVP_sha512();
7378+ else
7379+ {
7380+ fprintf(stderr,
7381+ "FATAL: unsupported algorithm \"%s\"\n",
7382+ value);
7383+ goto parse_error;
7384+ }
7385+ }
7386+ else if (!strcmp(keyword, "Msg"))
7387+ {
7388+ if (Msg)
7389+ goto parse_error;
7390+ if (strlen(value) & 1)
7391+ *(--value) = '0';
7392+ Msg = hex2bin_m(value, &Msglen);
7393+ if (!Msg)
7394+ goto parse_error;
7395+ }
7396+ else if (!strcmp(keyword, "S"))
7397+ {
7398+ if (S)
7399+ goto parse_error;
7400+ if (strlen(value) & 1)
7401+ *(--value) = '0';
7402+ S = hex2bin_m(value, &Slen);
7403+ if (!S)
7404+ goto parse_error;
7405+ }
7406+ else if (!strcmp(keyword, "Result"))
7407+ continue;
7408+ else
7409+ goto parse_error;
7410+
7411+ fputs(olinebuf, out);
7412+
7413+ if (n && e && Msg && S && dgst)
7414+ {
7415+ if (!rsa_printver(out, n, e, dgst,
7416+ Msg, Msglen, S, Slen, Saltlen))
7417+ goto error;
7418+ OPENSSL_free(Msg);
7419+ Msg = NULL;
7420+ OPENSSL_free(S);
7421+ S = NULL;
7422+ }
7423+
7424+ }
7425+
7426+
7427+ ret = 1;
7428+
7429+
7430+ error:
7431+
7432+ if (olinebuf)
7433+ OPENSSL_free(olinebuf);
7434+ if (linebuf)
7435+ OPENSSL_free(linebuf);
7436+ if (n)
7437+ BN_free(n);
7438+ if (e)
7439+ BN_free(e);
7440+
7441+ return ret;
7442+
7443+ parse_error:
7444+
7445+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
7446+
7447+ goto error;
7448+
7449+ }
7450+
7451+static int rsa_printver(FILE *out,
7452+ BIGNUM *n, BIGNUM *e,
7453+ const EVP_MD *dgst,
7454+ unsigned char *Msg, long Msglen,
7455+ unsigned char *S, long Slen, int Saltlen)
7456+ {
7457+ int ret = 0, r;
7458+ /* Setup RSA and EVP_PKEY structures */
7459+ RSA *rsa_pubkey = NULL;
7460+ EVP_PKEY pk;
7461+ EVP_MD_CTX ctx;
7462+ unsigned char *buf = NULL;
7463+ rsa_pubkey = FIPS_rsa_new();
7464+ if (!rsa_pubkey)
7465+ goto error;
7466+ rsa_pubkey->n = BN_dup(n);
7467+ rsa_pubkey->e = BN_dup(e);
7468+ if (!rsa_pubkey->n || !rsa_pubkey->e)
7469+ goto error;
7470+ pk.type = EVP_PKEY_RSA;
7471+ pk.pkey.rsa = rsa_pubkey;
7472+
7473+ EVP_MD_CTX_init(&ctx);
7474+
7475+ if (Saltlen >= 0)
7476+ {
7477+ M_EVP_MD_CTX_set_flags(&ctx,
7478+ EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16));
7479+ }
7480+ else if (Saltlen == -2)
7481+ M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931);
7482+ if (!EVP_VerifyInit_ex(&ctx, dgst, NULL))
7483+ goto error;
7484+ if (!EVP_VerifyUpdate(&ctx, Msg, Msglen))
7485+ goto error;
7486+
7487+ r = EVP_VerifyFinal(&ctx, S, Slen, &pk);
7488+
7489+
7490+ EVP_MD_CTX_cleanup(&ctx);
7491+
7492+ if (r < 0)
7493+ goto error;
7494+ ERR_clear_error();
7495+
7496+ if (r == 0)
7497+ fputs("Result = F\n", out);
7498+ else
7499+ fputs("Result = P\n", out);
7500+
7501+ ret = 1;
7502+
7503+ error:
7504+ if (rsa_pubkey)
7505+ FIPS_rsa_free(rsa_pubkey);
7506+ if (buf)
7507+ OPENSSL_free(buf);
7508+
7509+ return ret;
7510+ }
7511+#endif
a7ff9508
MT		 7512diff -up openssl-1.0.1b/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_shatest.c
7513--- openssl-1.0.1b/crypto/fips/cavs/fips_shatest.c.fips 2012-04-26 18:00:51.400769298 +0200
7514+++ openssl-1.0.1b/crypto/fips/cavs/fips_shatest.c 2012-04-26 18:00:51.400769298 +0200
0595faf5
MT		 7515@@ -0,0 +1,388 @@
7516+/* fips_shatest.c */
7517+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
7518+ * project 2005.
7519+ */
7520+/* ====================================================================
7521+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
7522+ *
7523+ * Redistribution and use in source and binary forms, with or without
7524+ * modification, are permitted provided that the following conditions
7525+ * are met:
7526+ *
7527+ * 1. Redistributions of source code must retain the above copyright
7528+ * notice, this list of conditions and the following disclaimer.
7529+ *
7530+ * 2. Redistributions in binary form must reproduce the above copyright
7531+ * notice, this list of conditions and the following disclaimer in
7532+ * the documentation and/or other materials provided with the
7533+ * distribution.
7534+ *
7535+ * 3. All advertising materials mentioning features or use of this
7536+ * software must display the following acknowledgment:
7537+ * "This product includes software developed by the OpenSSL Project
7538+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
7539+ *
7540+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
7541+ * endorse or promote products derived from this software without
7542+ * prior written permission. For written permission, please contact
7543+ * licensing@OpenSSL.org.
7544+ *
7545+ * 5. Products derived from this software may not be called "OpenSSL"
7546+ * nor may "OpenSSL" appear in their names without prior written
7547+ * permission of the OpenSSL Project.
7548+ *
7549+ * 6. Redistributions of any form whatsoever must retain the following
7550+ * acknowledgment:
7551+ * "This product includes software developed by the OpenSSL Project
7552+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
7553+ *
7554+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
7555+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
7556+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
7557+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
7558+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
7559+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
7560+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
7561+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
7562+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
7563+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
7564+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
7565+ * OF THE POSSIBILITY OF SUCH DAMAGE.
7566+ * ====================================================================
7567+ *
7568+ * This product includes cryptographic software written by Eric Young
7569+ * (eay@cryptsoft.com). This product includes software written by Tim
7570+ * Hudson (tjh@cryptsoft.com).
7571+ *
7572+ */
7573+
7574+#include <stdio.h>
7575+#include <ctype.h>
7576+#include <string.h>
7577+#include <openssl/bio.h>
7578+#include <openssl/evp.h>
7579+#include <openssl/err.h>
7580+#include <openssl/bn.h>
7581+#include <openssl/x509v3.h>
7582+
7583+#ifndef OPENSSL_FIPS
7584+
7585+int main(int argc, char *argv[])
7586+{
7587+ printf("No FIPS SHAXXX support\n");
7588+ return(0);
7589+}
7590+
7591+#else
7592+
7593+#include "fips_utl.h"
7594+
7595+static int dgst_test(FILE *out, FILE *in);
7596+static int print_dgst(const EVP_MD *md, FILE *out,
7597+ unsigned char *Msg, int Msglen);
7598+static int print_monte(const EVP_MD *md, FILE *out,
7599+ unsigned char *Seed, int SeedLen);
7600+
7601+int main(int argc, char **argv)
7602+ {
7603+ FILE *in = NULL, *out = NULL;
7604+
7605+ int ret = 1;
7606+
7607+ if(!FIPS_mode_set(1))
7608+ {
7609+ do_print_errors();
7610+ goto end;
7611+ }
7612+
7613+ if (argc == 1)
7614+ in = stdin;
7615+ else
7616+ in = fopen(argv[1], "r");
7617+
7618+ if (argc < 2)
7619+ out = stdout;
7620+ else
7621+ out = fopen(argv[2], "w");
7622+
7623+ if (!in)
7624+ {
7625+ fprintf(stderr, "FATAL input initialization error\n");
7626+ goto end;
7627+ }
7628+
7629+ if (!out)
7630+ {
7631+ fprintf(stderr, "FATAL output initialization error\n");
7632+ goto end;
7633+ }
7634+
7635+ if (!dgst_test(out, in))
7636+ {
7637+ fprintf(stderr, "FATAL digest file processing error\n");
7638+ goto end;
7639+ }
7640+ else
7641+ ret = 0;
7642+
7643+ end:
7644+
7645+ if (ret)
7646+ do_print_errors();
7647+
7648+ if (in && (in != stdin))
7649+ fclose(in);
7650+ if (out && (out != stdout))
7651+ fclose(out);
7652+
7653+ return ret;
7654+
7655+ }
7656+
7657+#define SHA_TEST_MAX_BITS 102400
7658+#define SHA_TEST_MAXLINELEN (((SHA_TEST_MAX_BITS >> 3) * 2) + 100)
7659+
7660+int dgst_test(FILE *out, FILE *in)
7661+ {
7662+ const EVP_MD *md = NULL;
7663+ char *linebuf, *olinebuf, *p, *q;
7664+ char *keyword, *value;
7665+ unsigned char *Msg = NULL, *Seed = NULL;
7666+ long MsgLen = -1, Len = -1, SeedLen = -1;
7667+ int ret = 0;
7668+ int lnum = 0;
7669+
7670+ olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
7671+ linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
7672+
7673+ if (!linebuf || !olinebuf)
7674+ goto error;
7675+
7676+
7677+ while (fgets(olinebuf, SHA_TEST_MAXLINELEN, in))
7678+ {
7679+ lnum++;
7680+ strcpy(linebuf, olinebuf);
7681+ keyword = linebuf;
7682+ /* Skip leading space */
7683+ while (isspace((unsigned char)*keyword))
7684+ keyword++;
7685+
7686+ /* Look for = sign */
7687+ p = strchr(linebuf, '=');
7688+
7689+ /* If no = or starts with [ (for [L=20] line) just copy */
7690+ if (!p)
7691+ {
7692+ fputs(olinebuf, out);
7693+ continue;
7694+ }
7695+
7696+ q = p - 1;
7697+
7698+ /* Remove trailing space */
7699+ while (isspace((unsigned char)*q))
7700+ *q-- = 0;
7701+
7702+ *p = 0;
7703+ value = p + 1;
7704+
7705+ /* Remove leading space from value */
7706+ while (isspace((unsigned char)*value))
7707+ value++;
7708+
7709+ /* Remove trailing space from value */
7710+ p = value + strlen(value) - 1;
7711+ while (*p == '\n' || isspace((unsigned char)*p))
7712+ *p-- = 0;
7713+
7714+ if (!strcmp(keyword,"[L") && *p==']')
7715+ {
7716+ switch (atoi(value))
7717+ {
7718+ case 20: md=EVP_sha1(); break;
7719+ case 28: md=EVP_sha224(); break;
7720+ case 32: md=EVP_sha256(); break;
7721+ case 48: md=EVP_sha384(); break;
7722+ case 64: md=EVP_sha512(); break;
7723+ default: goto parse_error;
7724+ }
7725+ }
7726+ else if (!strcmp(keyword, "Len"))
7727+ {
7728+ if (Len != -1)
7729+ goto parse_error;
7730+ Len = atoi(value);
7731+ if (Len < 0)
7732+ goto parse_error;
7733+ /* Only handle multiples of 8 bits */
7734+ if (Len & 0x7)
7735+ goto parse_error;
7736+ if (Len > SHA_TEST_MAX_BITS)
7737+ goto parse_error;
7738+ MsgLen = Len >> 3;
7739+ }
7740+
7741+ else if (!strcmp(keyword, "Msg"))
7742+ {
7743+ long tmplen;
7744+ if (strlen(value) & 1)
7745+ *(--value) = '0';
7746+ if (Msg)
7747+ goto parse_error;
7748+ Msg = hex2bin_m(value, &tmplen);
7749+ if (!Msg)
7750+ goto parse_error;
7751+ }
7752+ else if (!strcmp(keyword, "Seed"))
7753+ {
7754+ if (strlen(value) & 1)
7755+ *(--value) = '0';
7756+ if (Seed)
7757+ goto parse_error;
7758+ Seed = hex2bin_m(value, &SeedLen);
7759+ if (!Seed)
7760+ goto parse_error;
7761+ }
7762+ else if (!strcmp(keyword, "MD"))
7763+ continue;
7764+ else
7765+ goto parse_error;
7766+
7767+ fputs(olinebuf, out);
7768+
7769+ if (md && Msg && (MsgLen >= 0))
7770+ {
7771+ if (!print_dgst(md, out, Msg, MsgLen))
7772+ goto error;
7773+ OPENSSL_free(Msg);
7774+ Msg = NULL;
7775+ MsgLen = -1;
7776+ Len = -1;
7777+ }
7778+ else if (md && Seed && (SeedLen > 0))
7779+ {
7780+ if (!print_monte(md, out, Seed, SeedLen))
7781+ goto error;
7782+ OPENSSL_free(Seed);
7783+ Seed = NULL;
7784+ SeedLen = -1;
7785+ }
7786+
7787+
7788+ }
7789+
7790+
7791+ ret = 1;
7792+
7793+
7794+ error:
7795+
7796+ if (olinebuf)
7797+ OPENSSL_free(olinebuf);
7798+ if (linebuf)
7799+ OPENSSL_free(linebuf);
7800+ if (Msg)
7801+ OPENSSL_free(Msg);
7802+ if (Seed)
7803+ OPENSSL_free(Seed);
7804+
7805+ return ret;
7806+
7807+ parse_error:
7808+
7809+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
7810+
7811+ goto error;
7812+
7813+ }
7814+
7815+static int print_dgst(const EVP_MD *emd, FILE *out,
7816+ unsigned char *Msg, int Msglen)
7817+ {
7818+ int i, mdlen;
7819+ unsigned char md[EVP_MAX_MD_SIZE];
7820+ if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL))
7821+ {
7822+ fputs("Error calculating HASH\n", stderr);
7823+ return 0;
7824+ }
7825+ fputs("MD = ", out);
7826+ for (i = 0; i < mdlen; i++)
7827+ fprintf(out, "%02x", md[i]);
7828+ fputs("\n", out);
7829+ return 1;
7830+ }
7831+
7832+static int print_monte(const EVP_MD *md, FILE *out,
7833+ unsigned char *Seed, int SeedLen)
7834+ {
7835+ unsigned int i, j, k;
7836+ int ret = 0;
7837+ EVP_MD_CTX ctx;
7838+ unsigned char *m1, *m2, *m3, *p;
7839+ unsigned int mlen, m1len, m2len, m3len;
7840+
7841+ EVP_MD_CTX_init(&ctx);
7842+
7843+ if (SeedLen > EVP_MAX_MD_SIZE)
7844+ mlen = SeedLen;
7845+ else
7846+ mlen = EVP_MAX_MD_SIZE;
7847+
7848+ m1 = OPENSSL_malloc(mlen);
7849+ m2 = OPENSSL_malloc(mlen);
7850+ m3 = OPENSSL_malloc(mlen);
7851+
7852+ if (!m1 || !m2 || !m3)
7853+ goto mc_error;
7854+
7855+ m1len = m2len = m3len = SeedLen;
7856+ memcpy(m1, Seed, SeedLen);
7857+ memcpy(m2, Seed, SeedLen);
7858+ memcpy(m3, Seed, SeedLen);
7859+
7860+ fputs("\n", out);
7861+
7862+ for (j = 0; j < 100; j++)
7863+ {
7864+ for (i = 0; i < 1000; i++)
7865+ {
7866+ EVP_DigestInit_ex(&ctx, md, NULL);
7867+ EVP_DigestUpdate(&ctx, m1, m1len);
7868+ EVP_DigestUpdate(&ctx, m2, m2len);
7869+ EVP_DigestUpdate(&ctx, m3, m3len);
7870+ p = m1;
7871+ m1 = m2;
7872+ m1len = m2len;
7873+ m2 = m3;
7874+ m2len = m3len;
7875+ m3 = p;
7876+ EVP_DigestFinal_ex(&ctx, m3, &m3len);
7877+ }
7878+ fprintf(out, "COUNT = %d\n", j);
7879+ fputs("MD = ", out);
7880+ for (k = 0; k < m3len; k++)
7881+ fprintf(out, "%02x", m3[k]);
7882+ fputs("\n\n", out);
7883+ memcpy(m1, m3, m3len);
7884+ memcpy(m2, m3, m3len);
7885+ m1len = m2len = m3len;
7886+ }
7887+
7888+ ret = 1;
7889+
7890+ mc_error:
7891+ if (m1)
7892+ OPENSSL_free(m1);
7893+ if (m2)
7894+ OPENSSL_free(m2);
7895+ if (m3)
7896+ OPENSSL_free(m3);
7897+
7898+ EVP_MD_CTX_cleanup(&ctx);
7899+
7900+ return ret;
7901+ }
7902+
7903+#endif
a7ff9508
MT		 7904diff -up openssl-1.0.1b/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1b/crypto/fips/cavs/fips_utl.h
7905--- openssl-1.0.1b/crypto/fips/cavs/fips_utl.h.fips 2012-04-26 18:00:51.400769298 +0200
7906+++ openssl-1.0.1b/crypto/fips/cavs/fips_utl.h 2012-04-26 18:00:51.400769298 +0200
0595faf5
MT		 7907@@ -0,0 +1,343 @@
7908+/* ====================================================================
7909+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
7910+ *
7911+ * Redistribution and use in source and binary forms, with or without
7912+ * modification, are permitted provided that the following conditions
7913+ * are met:
7914+ *
7915+ * 1. Redistributions of source code must retain the above copyright
7916+ * notice, this list of conditions and the following disclaimer.
7917+ *
7918+ * 2. Redistributions in binary form must reproduce the above copyright
7919+ * notice, this list of conditions and the following disclaimer in
7920+ * the documentation and/or other materials provided with the
7921+ * distribution.
7922+ *
7923+ * 3. All advertising materials mentioning features or use of this
7924+ * software must display the following acknowledgment:
7925+ * "This product includes software developed by the OpenSSL Project
7926+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
7927+ *
7928+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
7929+ * endorse or promote products derived from this software without
7930+ * prior written permission. For written permission, please contact
7931+ * openssl-core@openssl.org.
7932+ *
7933+ * 5. Products derived from this software may not be called "OpenSSL"
7934+ * nor may "OpenSSL" appear in their names without prior written
7935+ * permission of the OpenSSL Project.
7936+ *
7937+ * 6. Redistributions of any form whatsoever must retain the following
7938+ * acknowledgment:
7939+ * "This product includes software developed by the OpenSSL Project
7940+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
7941+ *
7942+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
7943+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
7944+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
7945+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
7946+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
7947+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
7948+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
7949+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
7950+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
7951+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
7952+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
7953+ * OF THE POSSIBILITY OF SUCH DAMAGE.
7954+ *
7955+ */
7956+
7957+void do_print_errors(void)
7958+ {
7959+ const char *file, *data;
7960+ int line, flags;
7961+ unsigned long l;
7962+ while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)))
7963+ {
7964+ fprintf(stderr, "ERROR:%lx:lib=%d,func=%d,reason=%d"
7965+ ":file=%s:line=%d:%s\n",
7966+ l, ERR_GET_LIB(l), ERR_GET_FUNC(l), ERR_GET_REASON(l),
7967+ file, line, flags & ERR_TXT_STRING ? data : "");
7968+ }
7969+ }
7970+
7971+int hex2bin(const char *in, unsigned char *out)
7972+ {
7973+ int n1, n2;
7974+ unsigned char ch;
7975+
7976+ for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
7977+ { /* first byte */
7978+ if ((in[n1] >= '0') && (in[n1] <= '9'))
7979+ ch = in[n1++] - '0';
7980+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
7981+ ch = in[n1++] - 'A' + 10;
7982+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
7983+ ch = in[n1++] - 'a' + 10;
7984+ else
7985+ return -1;
7986+ if(!in[n1])
7987+ {
7988+ out[n2++]=ch;
7989+ break;
7990+ }
7991+ out[n2] = ch << 4;
7992+ /* second byte */
7993+ if ((in[n1] >= '0') && (in[n1] <= '9'))
7994+ ch = in[n1++] - '0';
7995+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
7996+ ch = in[n1++] - 'A' + 10;
7997+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
7998+ ch = in[n1++] - 'a' + 10;
7999+ else
8000+ return -1;
8001+ out[n2++] |= ch;
8002+ }
8003+ return n2;
8004+ }
8005+
8006+unsigned char *hex2bin_m(const char *in, long *plen)
8007+ {
8008+ unsigned char *p;
8009+ p = OPENSSL_malloc((strlen(in) + 1)/2);
8010+ *plen = hex2bin(in, p);
8011+ return p;
8012+ }
8013+
8014+int do_hex2bn(BIGNUM **pr, const char *in)
8015+ {
8016+ unsigned char *p;
8017+ long plen;
8018+ int r = 0;
8019+ p = hex2bin_m(in, &plen);
8020+ if (!p)
8021+ return 0;
8022+ if (!*pr)
8023+ *pr = BN_new();
8024+ if (!*pr)
8025+ return 0;
8026+ if (BN_bin2bn(p, plen, *pr))
8027+ r = 1;
8028+ OPENSSL_free(p);
8029+ return r;
8030+ }
8031+
8032+int do_bn_print(FILE *out, BIGNUM *bn)
8033+ {
8034+ int len, i;
8035+ unsigned char *tmp;
8036+ len = BN_num_bytes(bn);
8037+ if (len == 0)
8038+ {
8039+ fputs("00", out);
8040+ return 1;
8041+ }
8042+
8043+ tmp = OPENSSL_malloc(len);
8044+ if (!tmp)
8045+ {
8046+ fprintf(stderr, "Memory allocation error\n");
8047+ return 0;
8048+ }
8049+ BN_bn2bin(bn, tmp);
8050+ for (i = 0; i < len; i++)
8051+ fprintf(out, "%02x", tmp[i]);
8052+ OPENSSL_free(tmp);
8053+ return 1;
8054+ }
8055+
8056+int do_bn_print_name(FILE *out, const char *name, BIGNUM *bn)
8057+ {
8058+ int r;
8059+ fprintf(out, "%s = ", name);
8060+ r = do_bn_print(out, bn);
8061+ if (!r)
8062+ return 0;
8063+ fputs("\n", out);
8064+ return 1;
8065+ }
8066+
8067+int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf)
8068+ {
8069+ char *keyword, *value, *p, *q;
8070+ strcpy(linebuf, olinebuf);
8071+ keyword = linebuf;
8072+ /* Skip leading space */
8073+ while (isspace((unsigned char)*keyword))
8074+ keyword++;
8075+
8076+ /* Look for = sign */
8077+ p = strchr(linebuf, '=');
8078+
8079+ /* If no '=' exit */
8080+ if (!p)
8081+ return 0;
8082+
8083+ q = p - 1;
8084+
8085+ /* Remove trailing space */
8086+ while (isspace((unsigned char)*q))
8087+ *q-- = 0;
8088+
8089+ *p = 0;
8090+ value = p + 1;
8091+
8092+ /* Remove leading space from value */
8093+ while (isspace((unsigned char)*value))
8094+ value++;
8095+
8096+ /* Remove trailing space from value */
8097+ p = value + strlen(value) - 1;
8098+
8099+ while (*p == '\n' || isspace((unsigned char)*p))
8100+ *p-- = 0;
8101+
8102+ *pkw = keyword;
8103+ *pval = value;
8104+ return 1;
8105+ }
8106+
8107+BIGNUM *hex2bn(const char *in)
8108+ {
8109+ BIGNUM *p=NULL;
8110+
8111+ if (!do_hex2bn(&p, in))
8112+ return NULL;
8113+
8114+ return p;
8115+ }
8116+
8117+int bin2hex(const unsigned char *in,int len,char *out)
8118+ {
8119+ int n1, n2;
8120+ unsigned char ch;
8121+
8122+ for (n1=0,n2=0 ; n1 < len ; ++n1)
8123+ {
8124+ ch=in[n1] >> 4;
8125+ if (ch <= 0x09)
8126+ out[n2++]=ch+'0';
8127+ else
8128+ out[n2++]=ch-10+'a';
8129+ ch=in[n1] & 0x0f;
8130+ if(ch <= 0x09)
8131+ out[n2++]=ch+'0';
8132+ else
8133+ out[n2++]=ch-10+'a';
8134+ }
8135+ out[n2]='\0';
8136+ return n2;
8137+ }
8138+
8139+void pv(const char *tag,const unsigned char *val,int len)
8140+ {
8141+ char obuf[2048];
8142+
8143+ bin2hex(val,len,obuf);
8144+ printf("%s = %s\n",tag,obuf);
8145+ }
8146+
8147+/* To avoid extensive changes to test program at this stage just convert
8148+ * the input line into an acceptable form. Keyword lines converted to form
8149+ * "keyword = value\n" no matter what white space present, all other lines
8150+ * just have leading and trailing space removed.
8151+ */
8152+
8153+int tidy_line(char *linebuf, char *olinebuf)
8154+ {
8155+ char *keyword, *value, *p, *q;
8156+ strcpy(linebuf, olinebuf);
8157+ keyword = linebuf;
8158+ /* Skip leading space */
8159+ while (isspace((unsigned char)*keyword))
8160+ keyword++;
8161+ /* Look for = sign */
8162+ p = strchr(linebuf, '=');
8163+
8164+ /* If no '=' just chop leading, trailing ws */
8165+ if (!p)
8166+ {
8167+ p = keyword + strlen(keyword) - 1;
8168+ while (*p == '\n' || isspace((unsigned char)*p))
8169+ *p-- = 0;
8170+ strcpy(olinebuf, keyword);
8171+ strcat(olinebuf, "\n");
8172+ return 1;
8173+ }
8174+
8175+ q = p - 1;
8176+
8177+ /* Remove trailing space */
8178+ while (isspace((unsigned char)*q))
8179+ *q-- = 0;
8180+
8181+ *p = 0;
8182+ value = p + 1;
8183+
8184+ /* Remove leading space from value */
8185+ while (isspace((unsigned char)*value))
8186+ value++;
8187+
8188+ /* Remove trailing space from value */
8189+ p = value + strlen(value) - 1;
8190+
8191+ while (*p == '\n' || isspace((unsigned char)*p))
8192+ *p-- = 0;
8193+
8194+ strcpy(olinebuf, keyword);
8195+ strcat(olinebuf, " = ");
8196+ strcat(olinebuf, value);
8197+ strcat(olinebuf, "\n");
8198+
8199+ return 1;
8200+ }
8201+
8202+/* NB: this return the number of _bits_ read */
8203+int bint2bin(const char *in, int len, unsigned char *out)
8204+ {
8205+ int n;
8206+
8207+ memset(out,0,len);
8208+ for(n=0 ; n < len ; ++n)
8209+ if(in[n] == '1')
8210+ out[n/8]|=(0x80 >> (n%8));
8211+ return len;
8212+ }
8213+
8214+int bin2bint(const unsigned char *in,int len,char *out)
8215+ {
8216+ int n;
8217+
8218+ for(n=0 ; n < len ; ++n)
8219+ out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
8220+ return n;
8221+ }
8222+
8223+/*-----------------------------------------------*/
8224+
8225+void PrintValue(char *tag, unsigned char *val, int len)
8226+{
8227+#if VERBOSE
8228+ char obuf[2048];
8229+ int olen;
8230+ olen = bin2hex(val, len, obuf);
8231+ printf("%s = %.*s\n", tag, olen, obuf);
8232+#endif
8233+}
8234+
8235+void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
8236+ {
8237+ char obuf[2048];
8238+ int olen;
8239+
8240+ if(bitmode)
8241+ olen=bin2bint(val,len,obuf);
8242+ else
8243+ olen=bin2hex(val,len,obuf);
8244+
8245+ fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
8246+#if VERBOSE
8247+ printf("%s = %.*s\n", tag, olen, obuf);
8248+#endif
8249+ }
8250+
a7ff9508
MT		 8251diff -up openssl-1.0.1b/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_aes_selftest.c
8252--- openssl-1.0.1b/crypto/fips/fips_aes_selftest.c.fips 2012-04-26 18:00:51.401769321 +0200
8253+++ openssl-1.0.1b/crypto/fips/fips_aes_selftest.c 2012-04-26 18:00:51.401769321 +0200
0595faf5
MT		 8254@@ -0,0 +1,359 @@
8255+/* ====================================================================
8256+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
8257+ *
8258+ * Redistribution and use in source and binary forms, with or without
8259+ * modification, are permitted provided that the following conditions
8260+ * are met:
8261+ *
8262+ * 1. Redistributions of source code must retain the above copyright
8263+ * notice, this list of conditions and the following disclaimer.
8264+ *
8265+ * 2. Redistributions in binary form must reproduce the above copyright
8266+ * notice, this list of conditions and the following disclaimer in
8267+ * the documentation and/or other materials provided with the
8268+ * distribution.
8269+ *
8270+ * 3. All advertising materials mentioning features or use of this
8271+ * software must display the following acknowledgment:
8272+ * "This product includes software developed by the OpenSSL Project
8273+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
8274+ *
8275+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
8276+ * endorse or promote products derived from this software without
8277+ * prior written permission. For written permission, please contact
8278+ * openssl-core@openssl.org.
8279+ *
8280+ * 5. Products derived from this software may not be called "OpenSSL"
8281+ * nor may "OpenSSL" appear in their names without prior written
8282+ * permission of the OpenSSL Project.
8283+ *
8284+ * 6. Redistributions of any form whatsoever must retain the following
8285+ * acknowledgment:
8286+ * "This product includes software developed by the OpenSSL Project
8287+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
8288+ *
8289+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
8290+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
8291+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
8292+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
8293+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
8294+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
8295+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
8296+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
8297+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
8298+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
8299+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
8300+ * OF THE POSSIBILITY OF SUCH DAMAGE.
8301+ *
8302+ */
8303+
8304+#include <string.h>
8305+#include <openssl/err.h>
8306+#ifdef OPENSSL_FIPS
8307+#include <openssl/fips.h>
8308+#endif
8309+#include <openssl/evp.h>
8310+
8311+#ifdef OPENSSL_FIPS
8312+static const struct
8313+ {
8314+ const unsigned char key[16];
8315+ const unsigned char plaintext[16];
8316+ const unsigned char ciphertext[16];
8317+ } tests[]=
8318+ {
8319+ {
8320+ { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
8321+ 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
8322+ { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
8323+ 0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF },
8324+ { 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30,
8325+ 0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A },
8326+ },
8327+ };
8328+
8329+static int corrupt_aes;
8330+
8331+void FIPS_corrupt_aes()
8332+ {
8333+ corrupt_aes = 1;
8334+ }
8335+
8336+int FIPS_selftest_aes()
8337+ {
8338+ int n;
8339+ int ret = 0;
8340+ EVP_CIPHER_CTX ctx;
8341+ EVP_CIPHER_CTX_init(&ctx);
8342+
8343+ for(n=0 ; n < 1 ; ++n)
8344+ {
8345+ unsigned char key[16];
8346+
8347+ memcpy(key, tests[n].key, sizeof(key));
8348+ if (corrupt_aes)
8349+ key[0]++;
8350+ if (fips_cipher_test(&ctx, EVP_aes_128_ecb(),
8351+ key, NULL,
8352+ tests[n].plaintext,
8353+ tests[n].ciphertext,
8354+ 16) <= 0)
8355+ goto err;
8356+ }
8357+ ret = 1;
8358+ err:
8359+ EVP_CIPHER_CTX_cleanup(&ctx);
8360+ if (ret == 0)
8361+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
8362+ return ret;
8363+ }
8364+
8365+/* AES-CCM test data from NIST public test vectors */
8366+
8367+static const unsigned char ccm_key[] = {
8368+ 0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6,
8369+ 0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe8
8370+};
8371+static const unsigned char ccm_nonce[] = {
8372+ 0x76,0x40,0x43,0xc4,0x94,0x60,0xb7
8373+};
8374+static const unsigned char ccm_adata[] = {
8375+ 0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7,
8376+ 0x5f,0x10,0xbd,0xe7,0x8c,0x23,0xfa,0x0e,0xb8,0xf9,0xaa,0xa5,
8377+ 0x3a,0xde,0xfb,0xf4,0xcb,0xf7,0x8f,0xe4
8378+};
8379+static const unsigned char ccm_pt[] = {
8380+ 0xc8,0xd2,0x75,0xf9,0x19,0xe1,0x7d,0x7f,0xe6,0x9c,0x2a,0x1f,
8381+ 0x58,0x93,0x9d,0xfe,0x4d,0x40,0x37,0x91,0xb5,0xdf,0x13,0x10
8382+};
8383+static const unsigned char ccm_ct[] = {
8384+ 0x8a,0x0f,0x3d,0x82,0x29,0xe4,0x8e,0x74,0x87,0xfd,0x95,0xa2,
8385+ 0x8a,0xd3,0x92,0xc8,0x0b,0x36,0x81,0xd4,0xfb,0xc7,0xbb,0xfd
8386+};
8387+static const unsigned char ccm_tag[] = {
8388+ 0x2d,0xd6,0xef,0x1c,0x45,0xd4,0xcc,0xb7,0x23,0xdc,0x07,0x44,
8389+ 0x14,0xdb,0x50,0x6d
8390+};
8391+
8392+int FIPS_selftest_aes_ccm(void)
8393+ {
8394+ int ret = 0;
8395+ unsigned char out[128], tag[16];
8396+ EVP_CIPHER_CTX ctx;
8397+ EVP_CIPHER_CTX_init(&ctx);
8398+ memset(out, 0, sizeof(out));
8399+ if (!EVP_CipherInit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 1))
8400+ goto err;
8401+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
8402+ sizeof(ccm_nonce), NULL))
8403+ goto err;
8404+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
8405+ sizeof(ccm_tag), NULL))
8406+ goto err;
8407+ if (!EVP_CipherInit(&ctx, NULL, ccm_key, ccm_nonce, 1))
8408+ goto err;
8409+ if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt))
8410+ goto err;
8411+ if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
8412+ goto err;
8413+ if (EVP_Cipher(&ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct))
8414+ goto err;
8415+
8416+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, 16, tag))
8417+ goto err;
8418+ if (memcmp(tag, ccm_tag, sizeof(ccm_tag))
8419+ || memcmp(out, ccm_ct, sizeof(ccm_ct)))
8420+ goto err;
8421+
8422+ memset(out, 0, sizeof(out));
8423+
8424+ if (!EVP_CipherInit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 0))
8425+ goto err;
8426+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
8427+ sizeof(ccm_nonce), NULL))
8428+ goto err;
8429+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag))
8430+ goto err;
8431+ if (!EVP_CipherInit(&ctx, NULL, ccm_key, ccm_nonce, 0))
8432+ goto err;
8433+ if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct))
8434+ goto err;
8435+ if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
8436+ goto err;
8437+ if (EVP_Cipher(&ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt))
8438+ goto err;
8439+
8440+ if (memcmp(out, ccm_pt, sizeof(ccm_pt)))
8441+ goto err;
8442+
8443+ ret = 1;
8444+
8445+ err:
8446+ EVP_CIPHER_CTX_cleanup(&ctx);
8447+
8448+ if (ret == 0)
8449+ {
8450+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM,FIPS_R_SELFTEST_FAILED);
8451+ return 0;
8452+ }
8453+ else
8454+ return ret;
8455+
8456+ }
8457+
8458+/* AES-GCM test data from NIST public test vectors */
8459+
8460+static const unsigned char gcm_key[] = {
8461+ 0xee,0xbc,0x1f,0x57,0x48,0x7f,0x51,0x92,0x1c,0x04,0x65,0x66,
8462+ 0x5f,0x8a,0xe6,0xd1,0x65,0x8b,0xb2,0x6d,0xe6,0xf8,0xa0,0x69,
8463+ 0xa3,0x52,0x02,0x93,0xa5,0x72,0x07,0x8f
8464+};
8465+static const unsigned char gcm_iv[] = {
8466+ 0x99,0xaa,0x3e,0x68,0xed,0x81,0x73,0xa0,0xee,0xd0,0x66,0x84
8467+};
8468+static const unsigned char gcm_pt[] = {
8469+ 0xf5,0x6e,0x87,0x05,0x5b,0xc3,0x2d,0x0e,0xeb,0x31,0xb2,0xea,
8470+ 0xcc,0x2b,0xf2,0xa5
8471+};
8472+static const unsigned char gcm_aad[] = {
8473+ 0x4d,0x23,0xc3,0xce,0xc3,0x34,0xb4,0x9b,0xdb,0x37,0x0c,0x43,
8474+ 0x7f,0xec,0x78,0xde
8475+};
8476+static const unsigned char gcm_ct[] = {
8477+ 0xf7,0x26,0x44,0x13,0xa8,0x4c,0x0e,0x7c,0xd5,0x36,0x86,0x7e,
8478+ 0xb9,0xf2,0x17,0x36
8479+};
8480+static const unsigned char gcm_tag[] = {
8481+ 0x67,0xba,0x05,0x10,0x26,0x2a,0xe4,0x87,0xd7,0x37,0xee,0x62,
8482+ 0x98,0xf7,0x7e,0x0c
8483+};
8484+
8485+int FIPS_selftest_aes_gcm(void)
8486+ {
8487+ int ret = 0;
8488+ unsigned char out[128], tag[16];
8489+ EVP_CIPHER_CTX ctx;
8490+ EVP_CIPHER_CTX_init(&ctx);
8491+ memset(out, 0, sizeof(out));
8492+ memset(tag, 0, sizeof(tag));
8493+ if (!EVP_CipherInit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
8494+ goto err;
8495+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
8496+ sizeof(gcm_iv), NULL))
8497+ goto err;
8498+ if (!EVP_CipherInit(&ctx, NULL, gcm_key, gcm_iv, 1))
8499+ goto err;
8500+ if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
8501+ goto err;
8502+ if (EVP_Cipher(&ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct))
8503+ goto err;
8504+ if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0)
8505+ goto err;
8506+
8507+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
8508+ goto err;
8509+
8510+ if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
8511+ goto err;
8512+
8513+ memset(out, 0, sizeof(out));
8514+
8515+ if (!EVP_CipherInit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0))
8516+ goto err;
8517+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
8518+ sizeof(gcm_iv), NULL))
8519+ goto err;
8520+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
8521+ goto err;
8522+ if (!EVP_CipherInit(&ctx, NULL, gcm_key, gcm_iv, 0))
8523+ goto err;
8524+ if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
8525+ goto err;
8526+ if (EVP_Cipher(&ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt))
8527+ goto err;
8528+ if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0)
8529+ goto err;
8530+
8531+ if (memcmp(out, gcm_pt, 16))
8532+ goto err;
8533+
8534+ ret = 1;
8535+
8536+ err:
8537+ EVP_CIPHER_CTX_cleanup(&ctx);
8538+
8539+ if (ret == 0)
8540+ {
8541+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED);
8542+ return 0;
8543+ }
8544+ else
8545+ return ret;
8546+
8547+ }
8548+
8549+
8550+static const unsigned char XTS_128_key[] = {
8551+ 0xa1,0xb9,0x0c,0xba,0x3f,0x06,0xac,0x35,0x3b,0x2c,0x34,0x38,
8552+ 0x76,0x08,0x17,0x62,0x09,0x09,0x23,0x02,0x6e,0x91,0x77,0x18,
8553+ 0x15,0xf2,0x9d,0xab,0x01,0x93,0x2f,0x2f
8554+};
8555+static const unsigned char XTS_128_i[] = {
8556+ 0x4f,0xae,0xf7,0x11,0x7c,0xda,0x59,0xc6,0x6e,0x4b,0x92,0x01,
8557+ 0x3e,0x76,0x8a,0xd5
8558+};
8559+static const unsigned char XTS_128_pt[] = {
8560+ 0xeb,0xab,0xce,0x95,0xb1,0x4d,0x3c,0x8d,0x6f,0xb3,0x50,0x39,
8561+ 0x07,0x90,0x31,0x1c
8562+};
8563+static const unsigned char XTS_128_ct[] = {
8564+ 0x77,0x8a,0xe8,0xb4,0x3c,0xb9,0x8d,0x5a,0x82,0x50,0x81,0xd5,
8565+ 0xbe,0x47,0x1c,0x63
8566+};
8567+
8568+static const unsigned char XTS_256_key[] = {
8569+ 0x1e,0xa6,0x61,0xc5,0x8d,0x94,0x3a,0x0e,0x48,0x01,0xe4,0x2f,
8570+ 0x4b,0x09,0x47,0x14,0x9e,0x7f,0x9f,0x8e,0x3e,0x68,0xd0,0xc7,
8571+ 0x50,0x52,0x10,0xbd,0x31,0x1a,0x0e,0x7c,0xd6,0xe1,0x3f,0xfd,
8572+ 0xf2,0x41,0x8d,0x8d,0x19,0x11,0xc0,0x04,0xcd,0xa5,0x8d,0xa3,
8573+ 0xd6,0x19,0xb7,0xe2,0xb9,0x14,0x1e,0x58,0x31,0x8e,0xea,0x39,
8574+ 0x2c,0xf4,0x1b,0x08
8575+};
8576+static const unsigned char XTS_256_i[] = {
8577+ 0xad,0xf8,0xd9,0x26,0x27,0x46,0x4a,0xd2,0xf0,0x42,0x8e,0x84,
8578+ 0xa9,0xf8,0x75,0x64
8579+};
8580+static const unsigned char XTS_256_pt[] = {
8581+ 0x2e,0xed,0xea,0x52,0xcd,0x82,0x15,0xe1,0xac,0xc6,0x47,0xe8,
8582+ 0x10,0xbb,0xc3,0x64,0x2e,0x87,0x28,0x7f,0x8d,0x2e,0x57,0xe3,
8583+ 0x6c,0x0a,0x24,0xfb,0xc1,0x2a,0x20,0x2e
8584+};
8585+static const unsigned char XTS_256_ct[] = {
8586+ 0xcb,0xaa,0xd0,0xe2,0xf6,0xce,0xa3,0xf5,0x0b,0x37,0xf9,0x34,
8587+ 0xd4,0x6a,0x9b,0x13,0x0b,0x9d,0x54,0xf0,0x7e,0x34,0xf3,0x6a,
8588+ 0xf7,0x93,0xe8,0x6f,0x73,0xc6,0xd7,0xdb
8589+};
8590+
8591+int FIPS_selftest_aes_xts()
8592+ {
8593+ int ret = 1;
8594+ EVP_CIPHER_CTX ctx;
8595+ EVP_CIPHER_CTX_init(&ctx);
8596+
8597+ if (fips_cipher_test(&ctx, EVP_aes_128_xts(),
8598+ XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct,
8599+ sizeof(XTS_128_pt)) <= 0)
8600+ ret = 0;
8601+
8602+ if (fips_cipher_test(&ctx, EVP_aes_256_xts(),
8603+ XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct,
8604+ sizeof(XTS_256_pt)) <= 0)
8605+ ret = 0;
8606+
8607+ EVP_CIPHER_CTX_cleanup(&ctx);
8608+ if (ret == 0)
8609+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS,FIPS_R_SELFTEST_FAILED);
8610+ return ret;
8611+ }
8612+
8613+#endif
a7ff9508
MT		 8614diff -up openssl-1.0.1b/crypto/fips/fips.c.fips openssl-1.0.1b/crypto/fips/fips.c
8615--- openssl-1.0.1b/crypto/fips/fips.c.fips 2012-04-26 18:00:51.401769321 +0200
8616+++ openssl-1.0.1b/crypto/fips/fips.c 2012-04-26 18:00:51.401769321 +0200
0595faf5
MT		 8617@@ -0,0 +1,489 @@
8618+/* ====================================================================
8619+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
8620+ *
8621+ * Redistribution and use in source and binary forms, with or without
8622+ * modification, are permitted provided that the following conditions
8623+ * are met:
8624+ *
8625+ * 1. Redistributions of source code must retain the above copyright
8626+ * notice, this list of conditions and the following disclaimer.
8627+ *
8628+ * 2. Redistributions in binary form must reproduce the above copyright
8629+ * notice, this list of conditions and the following disclaimer in
8630+ * the documentation and/or other materials provided with the
8631+ * distribution.
8632+ *
8633+ * 3. All advertising materials mentioning features or use of this
8634+ * software must display the following acknowledgment:
8635+ * "This product includes software developed by the OpenSSL Project
8636+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
8637+ *
8638+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
8639+ * endorse or promote products derived from this software without
8640+ * prior written permission. For written permission, please contact
8641+ * openssl-core@openssl.org.
8642+ *
8643+ * 5. Products derived from this software may not be called "OpenSSL"
8644+ * nor may "OpenSSL" appear in their names without prior written
8645+ * permission of the OpenSSL Project.
8646+ *
8647+ * 6. Redistributions of any form whatsoever must retain the following
8648+ * acknowledgment:
8649+ * "This product includes software developed by the OpenSSL Project
8650+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
8651+ *
8652+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
8653+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
8654+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
8655+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
8656+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
8657+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
8658+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
8659+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
8660+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
8661+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
8662+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
8663+ * OF THE POSSIBILITY OF SUCH DAMAGE.
8664+ *
8665+ */
8666+
8667+#define _GNU_SOURCE
8668+
8669+#include <openssl/rand.h>
8670+#include <openssl/fips_rand.h>
8671+#include <openssl/err.h>
8672+#include <openssl/bio.h>
8673+#include <openssl/hmac.h>
8674+#include <openssl/rsa.h>
8675+#include <string.h>
8676+#include <limits.h>
8677+#include <dlfcn.h>
8678+#include <stdio.h>
8679+#include <stdlib.h>
8680+#include "fips_locl.h"
8681+
8682+#ifdef OPENSSL_FIPS
8683+
8684+#include <openssl/fips.h>
8685+
8686+#ifndef PATH_MAX
8687+#define PATH_MAX 1024
8688+#endif
8689+
8690+static int fips_selftest_fail = 0;
8691+static int fips_mode = 0;
8692+static int fips_started = 0;
8693+
8694+static int fips_is_owning_thread(void);
8695+static int fips_set_owning_thread(void);
8696+static int fips_clear_owning_thread(void);
8697+
8698+#define fips_w_lock() CRYPTO_w_lock(CRYPTO_LOCK_FIPS)
8699+#define fips_w_unlock() CRYPTO_w_unlock(CRYPTO_LOCK_FIPS)
8700+#define fips_r_lock() CRYPTO_r_lock(CRYPTO_LOCK_FIPS)
8701+#define fips_r_unlock() CRYPTO_r_unlock(CRYPTO_LOCK_FIPS)
8702+
8703+static void fips_set_mode(int onoff)
8704+ {
8705+ int owning_thread = fips_is_owning_thread();
8706+
8707+ if (fips_started)
8708+ {
8709+ if (!owning_thread) fips_w_lock();
8710+ fips_mode = onoff;
8711+ if (!owning_thread) fips_w_unlock();
8712+ }
8713+ }
8714+
8715+int FIPS_module_mode(void)
8716+ {
8717+ int ret = 0;
8718+ int owning_thread = fips_is_owning_thread();
8719+
8720+ if (fips_started)
8721+ {
8722+ if (!owning_thread) fips_r_lock();
8723+ ret = fips_mode;
8724+ if (!owning_thread) fips_r_unlock();
8725+ }
8726+ return ret;
8727+ }
8728+
8729+int FIPS_selftest_failed(void)
8730+ {
8731+ int ret = 0;
8732+ if (fips_started)
8733+ {
8734+ int owning_thread = fips_is_owning_thread();
8735+
8736+ if (!owning_thread) fips_r_lock();
8737+ ret = fips_selftest_fail;
8738+ if (!owning_thread) fips_r_unlock();
8739+ }
8740+ return ret;
8741+ }
8742+
8743+/* Selftest failure fatal exit routine. This will be called
8744+ * during *any* cryptographic operation. It has the minimum
8745+ * overhead possible to avoid too big a performance hit.
8746+ */
8747+
8748+void FIPS_selftest_check(void)
8749+ {
8750+ if (fips_selftest_fail)
8751+ {
8752+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
8753+ }
8754+ }
8755+
8756+void fips_set_selftest_fail(void)
8757+ {
8758+ fips_selftest_fail = 1;
8759+ }
8760+
8761+/* we implement what libfipscheck does ourselves */
8762+
8763+static int
8764+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
8765+{
8766+ Dl_info info;
8767+ void *dl, *sym;
8768+ int rv = -1;
8769+
8770+ dl = dlopen(libname, RTLD_LAZY);
8771+ if (dl == NULL) {
8772+ return -1;
8773+ }
8774+
8775+ sym = dlsym(dl, symbolname);
8776+
8777+ if (sym != NULL && dladdr(sym, &info)) {
8778+ strncpy(path, info.dli_fname, pathlen-1);
8779+ path[pathlen-1] = '\0';
8780+ rv = 0;
8781+ }
8782+
8783+ dlclose(dl);
8784+
8785+ return rv;
8786+}
8787+
8788+static const char conv[] = "0123456789abcdef";
8789+
8790+static char *
8791+bin2hex(void *buf, size_t len)
8792+{
8793+ char *hex, *p;
8794+ unsigned char *src = buf;
8795+
8796+ hex = malloc(len * 2 + 1);
8797+ if (hex == NULL)
8798+ return NULL;
8799+
8800+ p = hex;
8801+
8802+ while (len > 0) {
8803+ unsigned c;
8804+
8805+ c = *src;
8806+ src++;
8807+
8808+ *p = conv[c >> 4];
8809+ ++p;
8810+ *p = conv[c & 0x0f];
8811+ ++p;
8812+ --len;
8813+ }
8814+ *p = '\0';
8815+ return hex;
8816+}
8817+
8818+#define HMAC_PREFIX "."
8819+#define HMAC_SUFFIX ".hmac"
8820+#define READ_BUFFER_LENGTH 16384
8821+
8822+static char *
8823+make_hmac_path(const char *origpath)
8824+{
8825+ char *path, *p;
8826+ const char *fn;
8827+
8828+ path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath));
8829+ if(path == NULL) {
8830+ return NULL;
8831+ }
8832+
8833+ fn = strrchr(origpath, '/');
8834+ if (fn == NULL) {
8835+ fn = origpath;
8836+ } else {
8837+ ++fn;
8838+ }
8839+
8840+ strncpy(path, origpath, fn-origpath);
8841+ p = path + (fn - origpath);
8842+ p = stpcpy(p, HMAC_PREFIX);
8843+ p = stpcpy(p, fn);
8844+ p = stpcpy(p, HMAC_SUFFIX);
8845+
8846+ return path;
8847+}
8848+
8849+static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
8850+
8851+static int
8852+compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
8853+{
8854+ FILE *f = NULL;
8855+ int rv = -1;
8856+ unsigned char rbuf[READ_BUFFER_LENGTH];
8857+ size_t len;
8858+ unsigned int hlen;
8859+ HMAC_CTX c;
8860+
8861+ HMAC_CTX_init(&c);
8862+
8863+ f = fopen(path, "r");
8864+
8865+ if (f == NULL) {
8866+ goto end;
8867+ }
8868+
8869+ HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
8870+
8871+ while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
8872+ HMAC_Update(&c, rbuf, len);
8873+ }
8874+
8875+ len = sizeof(rbuf);
8876+ /* reuse rbuf for hmac */
8877+ HMAC_Final(&c, rbuf, &hlen);
8878+
8879+ *buf = malloc(hlen);
8880+ if (*buf == NULL) {
8881+ goto end;
8882+ }
8883+
8884+ *hmaclen = hlen;
8885+
8886+ memcpy(*buf, rbuf, hlen);
8887+
8888+ rv = 0;
8889+end:
8890+ HMAC_CTX_cleanup(&c);
8891+
8892+ if (f)
8893+ fclose(f);
8894+
8895+ return rv;
8896+}
8897+
8898+static int
8899+FIPSCHECK_verify(const char *libname, const char *symbolname)
8900+{
8901+ char path[PATH_MAX+1];
8902+ int rv;
8903+ FILE *hf;
8904+ char *hmacpath, *p;
8905+ char *hmac = NULL;
8906+ size_t n;
8907+
8908+ rv = get_library_path(libname, symbolname, path, sizeof(path));
8909+
8910+ if (rv < 0)
8911+ return 0;
8912+
8913+ hmacpath = make_hmac_path(path);
8914+ if (hmacpath == NULL)
8915+ return 0;
8916+
8917+ hf = fopen(hmacpath, "r");
8918+ if (hf == NULL) {
8919+ free(hmacpath);
8920+ return 0;
8921+ }
8922+
8923+ if (getline(&hmac, &n, hf) > 0) {
8924+ void *buf;
8925+ size_t hmaclen;
8926+ char *hex;
8927+
8928+ if ((p=strchr(hmac, '\n')) != NULL)
8929+ *p = '\0';
8930+
8931+ if (compute_file_hmac(path, &buf, &hmaclen) < 0) {
8932+ rv = -4;
8933+ goto end;
8934+ }
8935+
8936+ if ((hex=bin2hex(buf, hmaclen)) == NULL) {
8937+ free(buf);
8938+ rv = -5;
8939+ goto end;
8940+ }
8941+
8942+ if (strcmp(hex, hmac) != 0) {
8943+ rv = -1;
8944+ }
8945+ free(buf);
8946+ free(hex);
8947+ }
8948+
8949+end:
8950+ free(hmac);
8951+ free(hmacpath);
8952+ fclose(hf);
8953+
8954+ if (rv < 0)
8955+ return 0;
8956+
8957+ /* check successful */
8958+ return 1;
8959+}
8960+
8961+int FIPS_module_mode_set(int onoff, const char *auth)
8962+ {
8963+ int ret = 0;
8964+
8965+ fips_w_lock();
8966+ fips_started = 1;
8967+ fips_set_owning_thread();
8968+
8969+ if(onoff)
8970+ {
8971+
8972+ fips_selftest_fail = 0;
8973+
8974+ /* Don't go into FIPS mode twice, just so we can do automagic
8975+ seeding */
8976+ if(FIPS_module_mode())
8977+ {
8978+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET);
8979+ fips_selftest_fail = 1;
8980+ ret = 0;
8981+ goto end;
8982+ }
8983+
8984+#ifdef OPENSSL_IA32_SSE2
8985+ {
8986+ extern unsigned int OPENSSL_ia32cap_P[2];
8987+ if ((OPENSSL_ia32cap_P[0] & (1<<25|1<<26)) != (1<<25|1<<26))
8988+ {
8989+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_UNSUPPORTED_PLATFORM);
8990+ fips_selftest_fail = 1;
8991+ ret = 0;
8992+ goto end;
8993+ }
8994+ OPENSSL_ia32cap_P[0] |= (1<<28); /* set "shared cache" */
8995+ OPENSSL_ia32cap_P[1] &= ~(1<<(60-32)); /* clear AVX */
8996+ }
8997+#endif
8998+
8999+ if(!FIPSCHECK_verify("libcrypto.so." SHLIB_VERSION_NUMBER,"FIPS_mode_set"))
9000+ {
9001+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
9002+ fips_selftest_fail = 1;
9003+ ret = 0;
9004+ goto end;
9005+ }
9006+
9007+ if(!FIPSCHECK_verify("libssl.so." SHLIB_VERSION_NUMBER,"SSL_CTX_new"))
9008+ {
9009+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
9010+ fips_selftest_fail = 1;
9011+ ret = 0;
9012+ goto end;
9013+ }
9014+
9015+ if(FIPS_selftest())
9016+ fips_set_mode(onoff);
9017+ else
9018+ {
9019+ fips_selftest_fail = 1;
9020+ ret = 0;
9021+ goto end;
9022+ }
9023+ ret = 1;
9024+ goto end;
9025+ }
9026+ fips_set_mode(0);
9027+ fips_selftest_fail = 0;
9028+ ret = 1;
9029+end:
9030+ fips_clear_owning_thread();
9031+ fips_w_unlock();
9032+ return ret;
9033+ }
9034+
9035+static CRYPTO_THREADID fips_thread;
9036+static int fips_thread_set = 0;
9037+
9038+static int fips_is_owning_thread(void)
9039+ {
9040+ int ret = 0;
9041+
9042+ if (fips_started)
9043+ {
9044+ CRYPTO_r_lock(CRYPTO_LOCK_FIPS2);
9045+ if (fips_thread_set)
9046+ {
9047+ CRYPTO_THREADID cur;
9048+ CRYPTO_THREADID_current(&cur);
9049+ if (!CRYPTO_THREADID_cmp(&cur, &fips_thread))
9050+ ret = 1;
9051+ }
9052+ CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2);
9053+ }
9054+ return ret;
9055+ }
9056+
9057+int fips_set_owning_thread(void)
9058+ {
9059+ int ret = 0;
9060+
9061+ if (fips_started)
9062+ {
9063+ CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
9064+ if (!fips_thread_set)
9065+ {
9066+ CRYPTO_THREADID_current(&fips_thread);
9067+ ret = 1;
9068+ fips_thread_set = 1;
9069+ }
9070+ CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
9071+ }
9072+ return ret;
9073+ }
9074+
9075+int fips_clear_owning_thread(void)
9076+ {
9077+ int ret = 0;
9078+
9079+ if (fips_started)
9080+ {
9081+ CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
9082+ if (fips_thread_set)
9083+ {
9084+ CRYPTO_THREADID cur;
9085+ CRYPTO_THREADID_current(&cur);
9086+ if (!CRYPTO_THREADID_cmp(&cur, &fips_thread))
9087+ fips_thread_set = 0;
9088+ }
9089+ CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
9090+ }
9091+ return ret;
9092+ }
9093+
9094+
9095+#if 0
9096+/* The purpose of this is to ensure the error code exists and the function
9097+ * name is to keep the error checking script quiet
9098+ */
9099+void hash_final(void)
9100+ {
9101+ FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);
9102+ }
9103+#endif
9104+
9105+
9106+#endif
a7ff9508
MT		 9107diff -up openssl-1.0.1b/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_cmac_selftest.c
9108--- openssl-1.0.1b/crypto/fips/fips_cmac_selftest.c.fips 2012-04-26 18:00:51.401769321 +0200
9109+++ openssl-1.0.1b/crypto/fips/fips_cmac_selftest.c 2012-04-26 18:00:51.401769321 +0200
0595faf5
MT		 9110@@ -0,0 +1,161 @@
9111+/* ====================================================================
9112+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
9113+ *
9114+ * Redistribution and use in source and binary forms, with or without
9115+ * modification, are permitted provided that the following conditions
9116+ * are met:
9117+ *
9118+ * 1. Redistributions of source code must retain the above copyright
9119+ * notice, this list of conditions and the following disclaimer.
9120+ *
9121+ * 2. Redistributions in binary form must reproduce the above copyright
9122+ * notice, this list of conditions and the following disclaimer in
9123+ * the documentation and/or other materials provided with the
9124+ * distribution.
9125+ *
9126+ * 3. All advertising materials mentioning features or use of this
9127+ * software must display the following acknowledgment:
9128+ * "This product includes software developed by the OpenSSL Project
9129+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
9130+ *
9131+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
9132+ * endorse or promote products derived from this software without
9133+ * prior written permission. For written permission, please contact
9134+ * openssl-core@openssl.org.
9135+ *
9136+ * 5. Products derived from this software may not be called "OpenSSL"
9137+ * nor may "OpenSSL" appear in their names without prior written
9138+ * permission of the OpenSSL Project.
9139+ *
9140+ * 6. Redistributions of any form whatsoever must retain the following
9141+ * acknowledgment:
9142+ * "This product includes software developed by the OpenSSL Project
9143+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
9144+ *
9145+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
9146+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
9147+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
9148+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
9149+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
9150+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9151+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
9152+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
9153+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
9154+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
9155+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
9156+ * OF THE POSSIBILITY OF SUCH DAMAGE.
9157+ *
9158+ */
9159+
9160+#include <string.h>
9161+#include <openssl/err.h>
9162+#include <openssl/fips.h>
9163+#include <openssl/cmac.h>
9164+#include "fips_locl.h"
9165+
9166+#ifdef OPENSSL_FIPS
9167+typedef struct {
9168+ int nid;
9169+ const unsigned char key[EVP_MAX_KEY_LENGTH]; size_t keysize;
9170+ const unsigned char msg[64]; size_t msgsize;
9171+ const unsigned char mac[32]; size_t macsize;
9172+} CMAC_KAT;
9173+
9174+/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */
9175+static const CMAC_KAT vector[] = {
9176+ { NID_aes_128_cbc, /* Count = 32 from CMACGenAES128.txt */
9177+ { 0x77,0xa7,0x7f,0xaf, 0x29,0x0c,0x1f,0xa3,
9178+ 0x0c,0x68,0x3d,0xf1, 0x6b,0xa7,0xa7,0x7b, }, 128,
9179+ { 0x02,0x06,0x83,0xe1, 0xf0,0x39,0x2f,0x4c,
9180+ 0xac,0x54,0x31,0x8b, 0x60,0x29,0x25,0x9e,
9181+ 0x9c,0x55,0x3d,0xbc, 0x4b,0x6a,0xd9,0x98,
9182+ 0xe6,0x4d,0x58,0xe4, 0xe7,0xdc,0x2e,0x13, }, 256,
9183+ { 0xfb,0xfe,0xa4,0x1b, }, 32
9184+ },
9185+ { NID_aes_192_cbc, /* Count = 23 from CMACGenAES192.txt */
9186+ { 0x7b,0x32,0x39,0x13, 0x69,0xaa,0x4c,0xa9,
9187+ 0x75,0x58,0x09,0x5b, 0xe3,0xc3,0xec,0x86,
9188+ 0x2b,0xd0,0x57,0xce, 0xf1,0xe3,0x2d,0x62, }, 192,
9189+ { 0x0 }, 0,
9190+ { 0xe4,0xd9,0x34,0x0b, 0x03,0xe6,0x7d,0xef,
9191+ 0xd4,0x96,0x9c,0xc1, 0xed,0x37,0x35,0xe6, }, 128,
9192+ },
9193+ { NID_aes_256_cbc, /* Count = 33 from CMACGenAES256.txt */
9194+ { 0x0b,0x12,0x2a,0xc8, 0xf3,0x4e,0xd1,0xfe,
9195+ 0x08,0x2a,0x36,0x25, 0xd1,0x57,0x56,0x14,
9196+ 0x54,0x16,0x7a,0xc1, 0x45,0xa1,0x0b,0xbf,
9197+ 0x77,0xc6,0xa7,0x05, 0x96,0xd5,0x74,0xf1, }, 256,
9198+ { 0x49,0x8b,0x53,0xfd, 0xec,0x87,0xed,0xcb,
9199+ 0xf0,0x70,0x97,0xdc, 0xcd,0xe9,0x3a,0x08,
9200+ 0x4b,0xad,0x75,0x01, 0xa2,0x24,0xe3,0x88,
9201+ 0xdf,0x34,0x9c,0xe1, 0x89,0x59,0xfe,0x84,
9202+ 0x85,0xf8,0xad,0x15, 0x37,0xf0,0xd8,0x96,
9203+ 0xea,0x73,0xbe,0xdc, 0x72,0x14,0x71,0x3f, }, 384,
9204+ { 0xf6,0x2c,0x46,0x32, 0x9b, }, 40,
9205+ },
9206+ { NID_des_ede3_cbc, /* Count = 41 from CMACGenTDES3.req */
9207+ { 0x89,0xbc,0xd9,0x52, 0xa8,0xc8,0xab,0x37,
9208+ 0x1a,0xf4,0x8a,0xc7, 0xd0,0x70,0x85,0xd5,
9209+ 0xef,0xf7,0x02,0xe6, 0xd6,0x2c,0xdc,0x23, }, 192,
9210+ { 0xfa,0x62,0x0c,0x1b, 0xbe,0x97,0x31,0x9e,
9211+ 0x9a,0x0c,0xf0,0x49, 0x21,0x21,0xf7,0xa2,
9212+ 0x0e,0xb0,0x8a,0x6a, 0x70,0x9d,0xcb,0xd0,
9213+ 0x0a,0xaf,0x38,0xe4, 0xf9,0x9e,0x75,0x4e, }, 256,
9214+ { 0x8f,0x49,0xa1,0xb7, 0xd6,0xaa,0x22,0x58, }, 64,
9215+ },
9216+};
9217+
9218+int FIPS_selftest_cmac()
9219+ {
9220+ size_t n, outlen;
9221+ unsigned char out[32];
9222+ const EVP_CIPHER *cipher;
9223+ CMAC_CTX *ctx = CMAC_CTX_new();
9224+ const CMAC_KAT *t;
9225+ int rv = 1;
9226+
9227+ for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
9228+ {
9229+ cipher = FIPS_get_cipherbynid(t->nid);
9230+ if (!cipher)
9231+ {
9232+ rv = -1;
9233+ goto err;
9234+ }
9235+ if (!CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0))
9236+ {
9237+ rv = -1;
9238+ goto err;
9239+ }
9240+ if (!CMAC_Update(ctx, t->msg, t->msgsize/8))
9241+ {
9242+ rv = -1;
9243+ goto err;
9244+ }
9245+
9246+ if (!CMAC_Final(ctx, out, &outlen))
9247+ {
9248+ rv = -1;
9249+ goto err;
9250+ }
9251+ CMAC_CTX_cleanup(ctx);
9252+
9253+ if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))
9254+ {
9255+ rv = 0;
9256+ }
9257+ }
9258+
9259+ err:
9260+ CMAC_CTX_free(ctx);
9261+
9262+ if (rv == -1)
9263+ {
9264+ rv = 0;
9265+ }
9266+ if (!rv)
9267+ FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
9268+
9269+ return rv;
9270+ }
9271+#endif
a7ff9508
MT		 9272diff -up openssl-1.0.1b/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_des_selftest.c
9273--- openssl-1.0.1b/crypto/fips/fips_des_selftest.c.fips 2012-04-26 18:00:51.401769321 +0200
9274+++ openssl-1.0.1b/crypto/fips/fips_des_selftest.c 2012-04-26 18:00:51.401769321 +0200
0595faf5
MT		 9275@@ -0,0 +1,147 @@
9276+/* ====================================================================
9277+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
9278+ *
9279+ * Redistribution and use in source and binary forms, with or without
9280+ * modification, are permitted provided that the following conditions
9281+ * are met:
9282+ *
9283+ * 1. Redistributions of source code must retain the above copyright
9284+ * notice, this list of conditions and the following disclaimer.
9285+ *
9286+ * 2. Redistributions in binary form must reproduce the above copyright
9287+ * notice, this list of conditions and the following disclaimer in
9288+ * the documentation and/or other materials provided with the
9289+ * distribution.
9290+ *
9291+ * 3. All advertising materials mentioning features or use of this
9292+ * software must display the following acknowledgment:
9293+ * "This product includes software developed by the OpenSSL Project
9294+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
9295+ *
9296+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
9297+ * endorse or promote products derived from this software without
9298+ * prior written permission. For written permission, please contact
9299+ * openssl-core@openssl.org.
9300+ *
9301+ * 5. Products derived from this software may not be called "OpenSSL"
9302+ * nor may "OpenSSL" appear in their names without prior written
9303+ * permission of the OpenSSL Project.
9304+ *
9305+ * 6. Redistributions of any form whatsoever must retain the following
9306+ * acknowledgment:
9307+ * "This product includes software developed by the OpenSSL Project
9308+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
9309+ *
9310+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
9311+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
9312+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
9313+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
9314+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
9315+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9316+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
9317+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
9318+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
9319+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
9320+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
9321+ * OF THE POSSIBILITY OF SUCH DAMAGE.
9322+ *
9323+ */
9324+
9325+#include <string.h>
9326+#include <openssl/err.h>
9327+#ifdef OPENSSL_FIPS
9328+#include <openssl/fips.h>
9329+#endif
9330+#include <openssl/evp.h>
9331+#include <openssl/opensslconf.h>
9332+
9333+#ifdef OPENSSL_FIPS
9334+
9335+static const struct
9336+ {
9337+ const unsigned char key[16];
9338+ const unsigned char plaintext[8];
9339+ const unsigned char ciphertext[8];
9340+ } tests2[]=
9341+ {
9342+ {
9343+ { 0x7c,0x4f,0x6e,0xf7,0xa2,0x04,0x16,0xec,
9344+ 0x0b,0x6b,0x7c,0x9e,0x5e,0x19,0xa7,0xc4 },
9345+ { 0x06,0xa7,0xd8,0x79,0xaa,0xce,0x69,0xef },
9346+ { 0x4c,0x11,0x17,0x55,0xbf,0xc4,0x4e,0xfd }
9347+ },
9348+ {
9349+ { 0x5d,0x9e,0x01,0xd3,0x25,0xc7,0x3e,0x34,
9350+ 0x01,0x16,0x7c,0x85,0x23,0xdf,0xe0,0x68 },
9351+ { 0x9c,0x50,0x09,0x0f,0x5e,0x7d,0x69,0x7e },
9352+ { 0xd2,0x0b,0x18,0xdf,0xd9,0x0d,0x9e,0xff },
9353+ }
9354+ };
9355+
9356+static const struct
9357+ {
9358+ const unsigned char key[24];
9359+ const unsigned char plaintext[8];
9360+ const unsigned char ciphertext[8];
9361+ } tests3[]=
9362+ {
9363+ {
9364+ { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
9365+ 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
9366+ 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 },
9367+ { 0x8f,0x8f,0xbf,0x9b,0x5d,0x48,0xb4,0x1c },
9368+ { 0x59,0x8c,0xe5,0xd3,0x6c,0xa2,0xea,0x1b },
9369+ },
9370+ {
9371+ { 0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE,
9372+ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
9373+ 0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
9374+ { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
9375+ { 0x11,0x25,0xb0,0x35,0xbe,0xa0,0x82,0x86 },
9376+ },
9377+ };
9378+
9379+
9380+static int corrupt_des;
9381+
9382+void FIPS_corrupt_des()
9383+ {
9384+ corrupt_des = 1;
9385+ }
9386+
9387+int FIPS_selftest_des()
9388+ {
9389+ int n, ret = 0;
9390+ EVP_CIPHER_CTX ctx;
9391+ EVP_CIPHER_CTX_init(&ctx);
9392+ /* Encrypt/decrypt with 2-key 3DES and compare to known answers */
9393+ for(n=0 ; n < 2 ; ++n)
9394+ {
9395+ unsigned char plaintext[8];
9396+
9397+ memcpy(plaintext, tests2[n].plaintext, sizeof(plaintext));
9398+ if (corrupt_des)
9399+ plaintext[0]++;
9400+ if (!fips_cipher_test(&ctx, EVP_des_ede_ecb(),
9401+ tests2[n].key, NULL,
9402+ plaintext, tests2[n].ciphertext, 8))
9403+ goto err;
9404+ }
9405+
9406+ /* Encrypt/decrypt with 3DES and compare to known answers */
9407+ for(n=0 ; n < 2 ; ++n)
9408+ {
9409+ if (!fips_cipher_test(&ctx, EVP_des_ede3_ecb(),
9410+ tests3[n].key, NULL,
9411+ tests3[n].plaintext, tests3[n].ciphertext, 8))
9412+ goto err;
9413+ }
9414+ ret = 1;
9415+ err:
9416+ EVP_CIPHER_CTX_cleanup(&ctx);
9417+ if (ret == 0)
9418+ FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
9419+
9420+ return ret;
9421+ }
9422+#endif
a7ff9508
MT		 9423diff -up openssl-1.0.1b/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_ctr.c
9424--- openssl-1.0.1b/crypto/fips/fips_drbg_ctr.c.fips 2012-04-26 18:00:51.401769321 +0200
9425+++ openssl-1.0.1b/crypto/fips/fips_drbg_ctr.c 2012-04-26 18:00:51.402769343 +0200
0595faf5
MT		 9426@@ -0,0 +1,436 @@
9427+/* fips/rand/fips_drbg_ctr.c */
9428+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
9429+ * project.
9430+ */
9431+/* ====================================================================
9432+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
9433+ *
9434+ * Redistribution and use in source and binary forms, with or without
9435+ * modification, are permitted provided that the following conditions
9436+ * are met:
9437+ *
9438+ * 1. Redistributions of source code must retain the above copyright
9439+ * notice, this list of conditions and the following disclaimer.
9440+ *
9441+ * 2. Redistributions in binary form must reproduce the above copyright
9442+ * notice, this list of conditions and the following disclaimer in
9443+ * the documentation and/or other materials provided with the
9444+ * distribution.
9445+ *
9446+ * 3. All advertising materials mentioning features or use of this
9447+ * software must display the following acknowledgment:
9448+ * "This product includes software developed by the OpenSSL Project
9449+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
9450+ *
9451+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
9452+ * endorse or promote products derived from this software without
9453+ * prior written permission. For written permission, please contact
9454+ * licensing@OpenSSL.org.
9455+ *
9456+ * 5. Products derived from this software may not be called "OpenSSL"
9457+ * nor may "OpenSSL" appear in their names without prior written
9458+ * permission of the OpenSSL Project.
9459+ *
9460+ * 6. Redistributions of any form whatsoever must retain the following
9461+ * acknowledgment:
9462+ * "This product includes software developed by the OpenSSL Project
9463+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
9464+ *
9465+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
9466+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
9467+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
9468+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
9469+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
9470+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9471+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
9472+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
9473+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
9474+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
9475+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
9476+ * OF THE POSSIBILITY OF SUCH DAMAGE.
9477+ * ====================================================================
9478+ */
9479+
9480+#include <stdlib.h>
9481+#include <string.h>
9482+#include <openssl/crypto.h>
9483+#include <openssl/fips.h>
9484+#include <openssl/fips_rand.h>
9485+#include "fips_rand_lcl.h"
9486+
9487+static void inc_128(DRBG_CTR_CTX *cctx)
9488+ {
9489+ int i;
9490+ unsigned char c;
9491+ unsigned char *p = cctx->V + 15;
9492+ for (i = 0; i < 16; i++)
9493+ {
9494+ c = *p;
9495+ c++;
9496+ *p = c;
9497+ if (c)
9498+ return;
9499+ p--;
9500+ }
9501+ }
9502+
9503+static void ctr_XOR(DRBG_CTR_CTX *cctx, const unsigned char *in, size_t inlen)
9504+ {
9505+ size_t i, n;
9506+ /* Any zero padding will have no effect on the result as we
9507+ * are XORing. So just process however much input we have.
9508+ */
9509+
9510+ if (!in || !inlen)
9511+ return;
9512+
9513+ if (inlen < cctx->keylen)
9514+ n = inlen;
9515+ else
9516+ n = cctx->keylen;
9517+
9518+ for (i = 0; i < n; i++)
9519+ cctx->K[i] ^= in[i];
9520+ if (inlen <= cctx->keylen)
9521+ return;
9522+
9523+ n = inlen - cctx->keylen;
9524+ /* Should never happen */
9525+ if (n > 16)
9526+ n = 16;
9527+ for (i = 0; i < 16; i++)
9528+ cctx->V[i] ^= in[i + cctx->keylen];
9529+ }
9530+
9531+/* Process a complete block using BCC algorithm of SPP 800-90 10.4.3 */
9532+
9533+static void ctr_BCC_block(DRBG_CTR_CTX *cctx, unsigned char *out,
9534+ const unsigned char *in)
9535+ {
9536+ int i;
9537+ for (i = 0; i < 16; i++)
9538+ out[i] ^= in[i];
9539+ AES_encrypt(out, out, &cctx->df_ks);
9540+#if 0
9541+fprintf(stderr, "BCC in+out\n");
9542+BIO_dump_fp(stderr, in, 16);
9543+BIO_dump_fp(stderr, out, 16);
9544+#endif
9545+ }
9546+
9547+/* Handle several BCC operations for as much data as we need for K and X */
9548+static void ctr_BCC_blocks(DRBG_CTR_CTX *cctx, const unsigned char *in)
9549+ {
9550+ ctr_BCC_block(cctx, cctx->KX, in);
9551+ ctr_BCC_block(cctx, cctx->KX + 16, in);
9552+ if (cctx->keylen != 16)
9553+ ctr_BCC_block(cctx, cctx->KX + 32, in);
9554+ }
9555+/* Initialise BCC blocks: these have the value 0,1,2 in leftmost positions:
9556+ * see 10.4.2 stage 7.
9557+ */
9558+static void ctr_BCC_init(DRBG_CTR_CTX *cctx)
9559+ {
9560+ memset(cctx->KX, 0, 48);
9561+ memset(cctx->bltmp, 0, 16);
9562+ ctr_BCC_block(cctx, cctx->KX, cctx->bltmp);
9563+ cctx->bltmp[3] = 1;
9564+ ctr_BCC_block(cctx, cctx->KX + 16, cctx->bltmp);
9565+ if (cctx->keylen != 16)
9566+ {
9567+ cctx->bltmp[3] = 2;
9568+ ctr_BCC_block(cctx, cctx->KX + 32, cctx->bltmp);
9569+ }
9570+ }
9571+
9572+/* Process several blocks into BCC algorithm, some possibly partial */
9573+static void ctr_BCC_update(DRBG_CTR_CTX *cctx,
9574+ const unsigned char *in, size_t inlen)
9575+ {
9576+ if (!in || !inlen)
9577+ return;
9578+ /* If we have partial block handle it first */
9579+ if (cctx->bltmp_pos)
9580+ {
9581+ size_t left = 16 - cctx->bltmp_pos;
9582+ /* If we now have a complete block process it */
9583+ if (inlen >= left)
9584+ {
9585+ memcpy(cctx->bltmp + cctx->bltmp_pos, in, left);
9586+ ctr_BCC_blocks(cctx, cctx->bltmp);
9587+ cctx->bltmp_pos = 0;
9588+ inlen -= left;
9589+ in += left;
9590+ }
9591+ }
9592+ /* Process zero or more complete blocks */
9593+ while (inlen >= 16)
9594+ {
9595+ ctr_BCC_blocks(cctx, in);
9596+ in += 16;
9597+ inlen -= 16;
9598+ }
9599+ /* Copy any remaining partial block to the temporary buffer */
9600+ if (inlen > 0)
9601+ {
9602+ memcpy(cctx->bltmp + cctx->bltmp_pos, in, inlen);
9603+ cctx->bltmp_pos += inlen;
9604+ }
9605+ }
9606+
9607+static void ctr_BCC_final(DRBG_CTR_CTX *cctx)
9608+ {
9609+ if (cctx->bltmp_pos)
9610+ {
9611+ memset(cctx->bltmp + cctx->bltmp_pos, 0, 16 - cctx->bltmp_pos);
9612+ ctr_BCC_blocks(cctx, cctx->bltmp);
9613+ }
9614+ }
9615+
9616+static void ctr_df(DRBG_CTR_CTX *cctx,
9617+ const unsigned char *in1, size_t in1len,
9618+ const unsigned char *in2, size_t in2len,
9619+ const unsigned char *in3, size_t in3len)
9620+ {
9621+ size_t inlen;
9622+ unsigned char *p = cctx->bltmp;
9623+ static unsigned char c80 = 0x80;
9624+
9625+ ctr_BCC_init(cctx);
9626+ if (!in1)
9627+ in1len = 0;
9628+ if (!in2)
9629+ in2len = 0;
9630+ if (!in3)
9631+ in3len = 0;
9632+ inlen = in1len + in2len + in3len;
9633+ /* Initialise L||N in temporary block */
9634+ *p++ = (inlen >> 24) & 0xff;
9635+ *p++ = (inlen >> 16) & 0xff;
9636+ *p++ = (inlen >> 8) & 0xff;
9637+ *p++ = inlen & 0xff;
9638+ /* NB keylen is at most 32 bytes */
9639+ *p++ = 0;
9640+ *p++ = 0;
9641+ *p++ = 0;
9642+ *p = (unsigned char)((cctx->keylen + 16) & 0xff);
9643+ cctx->bltmp_pos = 8;
9644+ ctr_BCC_update(cctx, in1, in1len);
9645+ ctr_BCC_update(cctx, in2, in2len);
9646+ ctr_BCC_update(cctx, in3, in3len);
9647+ ctr_BCC_update(cctx, &c80, 1);
9648+ ctr_BCC_final(cctx);
9649+ /* Set up key K */
9650+ AES_set_encrypt_key(cctx->KX, cctx->keylen * 8, &cctx->df_kxks);
9651+ /* X follows key K */
9652+ AES_encrypt(cctx->KX + cctx->keylen, cctx->KX, &cctx->df_kxks);
9653+ AES_encrypt(cctx->KX, cctx->KX + 16, &cctx->df_kxks);
9654+ if (cctx->keylen != 16)
9655+ AES_encrypt(cctx->KX + 16, cctx->KX + 32, &cctx->df_kxks);
9656+#if 0
9657+fprintf(stderr, "Output of ctr_df:\n");
9658+BIO_dump_fp(stderr, cctx->KX, cctx->keylen + 16);
9659+#endif
9660+ }
9661+
9662+/* NB the no-df Update in SP800-90 specifies a constant input length
9663+ * of seedlen, however other uses of this algorithm pad the input with
9664+ * zeroes if necessary and have up to two parameters XORed together,
9665+ * handle both cases in this function instead.
9666+ */
9667+
9668+static void ctr_Update(DRBG_CTX *dctx,
9669+ const unsigned char *in1, size_t in1len,
9670+ const unsigned char *in2, size_t in2len,
9671+ const unsigned char *nonce, size_t noncelen)
9672+ {
9673+ DRBG_CTR_CTX *cctx = &dctx->d.ctr;
9674+ /* ks is already setup for correct key */
9675+ inc_128(cctx);
9676+ AES_encrypt(cctx->V, cctx->K, &cctx->ks);
9677+ /* If keylen longer than 128 bits need extra encrypt */
9678+ if (cctx->keylen != 16)
9679+ {
9680+ inc_128(cctx);
9681+ AES_encrypt(cctx->V, cctx->K + 16, &cctx->ks);
9682+ }
9683+ inc_128(cctx);
9684+ AES_encrypt(cctx->V, cctx->V, &cctx->ks);
9685+ /* If 192 bit key part of V is on end of K */
9686+ if (cctx->keylen == 24)
9687+ {
9688+ memcpy(cctx->V + 8, cctx->V, 8);
9689+ memcpy(cctx->V, cctx->K + 24, 8);
9690+ }
9691+
9692+ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
9693+ {
9694+ /* If no input reuse existing derived value */
9695+ if (in1 || nonce || in2)
9696+ ctr_df(cctx, in1, in1len, nonce, noncelen, in2, in2len);
9697+ /* If this a reuse input in1len != 0 */
9698+ if (in1len)
9699+ ctr_XOR(cctx, cctx->KX, dctx->seedlen);
9700+ }
9701+ else
9702+ {
9703+ ctr_XOR(cctx, in1, in1len);
9704+ ctr_XOR(cctx, in2, in2len);
9705+ }
9706+
9707+ AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
9708+#if 0
9709+fprintf(stderr, "K+V after update is:\n");
9710+BIO_dump_fp(stderr, cctx->K, cctx->keylen);
9711+BIO_dump_fp(stderr, cctx->V, 16);
9712+#endif
9713+ }
9714+
9715+static int drbg_ctr_instantiate(DRBG_CTX *dctx,
9716+ const unsigned char *ent, size_t entlen,
9717+ const unsigned char *nonce, size_t noncelen,
9718+ const unsigned char *pers, size_t perslen)
9719+ {
9720+ DRBG_CTR_CTX *cctx = &dctx->d.ctr;
9721+ memset(cctx->K, 0, sizeof(cctx->K));
9722+ memset(cctx->V, 0, sizeof(cctx->V));
9723+ AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
9724+ ctr_Update(dctx, ent, entlen, pers, perslen, nonce, noncelen);
9725+ return 1;
9726+ }
9727+
9728+static int drbg_ctr_reseed(DRBG_CTX *dctx,
9729+ const unsigned char *ent, size_t entlen,
9730+ const unsigned char *adin, size_t adinlen)
9731+ {
9732+ ctr_Update(dctx, ent, entlen, adin, adinlen, NULL, 0);
9733+ return 1;
9734+ }
9735+
9736+static int drbg_ctr_generate(DRBG_CTX *dctx,
9737+ unsigned char *out, size_t outlen,
9738+ const unsigned char *adin, size_t adinlen)
9739+ {
9740+ DRBG_CTR_CTX *cctx = &dctx->d.ctr;
9741+ if (adin && adinlen)
9742+ {
9743+ ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
9744+ /* This means we reuse derived value */
9745+ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
9746+ {
9747+ adin = NULL;
9748+ adinlen = 1;
9749+ }
9750+ }
9751+ else
9752+ adinlen = 0;
9753+
9754+ for (;;)
9755+ {
9756+ inc_128(cctx);
9757+ if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
9758+ {
9759+ AES_encrypt(cctx->V, dctx->lb, &cctx->ks);
9760+ dctx->lb_valid = 1;
9761+ continue;
9762+ }
9763+ if (outlen < 16)
9764+ {
9765+ /* Use K as temp space as it will be updated */
9766+ AES_encrypt(cctx->V, cctx->K, &cctx->ks);
9767+ if (!fips_drbg_cprng_test(dctx, cctx->K))
9768+ return 0;
9769+ memcpy(out, cctx->K, outlen);
9770+ break;
9771+ }
9772+ AES_encrypt(cctx->V, out, &cctx->ks);
9773+ if (!fips_drbg_cprng_test(dctx, out))
9774+ return 0;
9775+ out += 16;
9776+ outlen -= 16;
9777+ if (outlen == 0)
9778+ break;
9779+ }
9780+
9781+ ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
9782+
9783+ return 1;
9784+
9785+ }
9786+
9787+static int drbg_ctr_uninstantiate(DRBG_CTX *dctx)
9788+ {
9789+ memset(&dctx->d.ctr, 0, sizeof(DRBG_CTR_CTX));
9790+ return 1;
9791+ }
9792+
9793+int fips_drbg_ctr_init(DRBG_CTX *dctx)
9794+ {
9795+ DRBG_CTR_CTX *cctx = &dctx->d.ctr;
9796+
9797+ size_t keylen;
9798+
9799+ switch (dctx->type)
9800+ {
9801+ case NID_aes_128_ctr:
9802+ keylen = 16;
9803+ break;
9804+
9805+ case NID_aes_192_ctr:
9806+ keylen = 24;
9807+ break;
9808+
9809+ case NID_aes_256_ctr:
9810+ keylen = 32;
9811+ break;
9812+
9813+ default:
9814+ return -2;
9815+ }
9816+
9817+ dctx->instantiate = drbg_ctr_instantiate;
9818+ dctx->reseed = drbg_ctr_reseed;
9819+ dctx->generate = drbg_ctr_generate;
9820+ dctx->uninstantiate = drbg_ctr_uninstantiate;
9821+
9822+ cctx->keylen = keylen;
9823+ dctx->strength = keylen * 8;
9824+ dctx->blocklength = 16;
9825+ dctx->seedlen = keylen + 16;
9826+
9827+ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
9828+ {
9829+ /* df initialisation */
9830+ static unsigned char df_key[32] =
9831+ {
9832+ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
9833+ 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
9834+ 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
9835+ 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f
9836+ };
9837+ /* Set key schedule for df_key */
9838+ AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks);
9839+
9840+ dctx->min_entropy = cctx->keylen;
9841+ dctx->max_entropy = DRBG_MAX_LENGTH;
9842+ dctx->min_nonce = dctx->min_entropy / 2;
9843+ dctx->max_nonce = DRBG_MAX_LENGTH;
9844+ dctx->max_pers = DRBG_MAX_LENGTH;
9845+ dctx->max_adin = DRBG_MAX_LENGTH;
9846+ }
9847+ else
9848+ {
9849+ dctx->min_entropy = dctx->seedlen;
9850+ dctx->max_entropy = dctx->seedlen;
9851+ /* Nonce not used */
9852+ dctx->min_nonce = 0;
9853+ dctx->max_nonce = 0;
9854+ dctx->max_pers = dctx->seedlen;
9855+ dctx->max_adin = dctx->seedlen;
9856+ }
9857+
9858+ dctx->max_request = 1<<16;
9859+ dctx->reseed_interval = 1<<24;
9860+
9861+ return 1;
9862+ }
a7ff9508
MT		 9863diff -up openssl-1.0.1b/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_hash.c
9864--- openssl-1.0.1b/crypto/fips/fips_drbg_hash.c.fips 2012-04-26 18:00:51.402769343 +0200
9865+++ openssl-1.0.1b/crypto/fips/fips_drbg_hash.c 2012-04-26 18:00:51.402769343 +0200
0595faf5
MT		 9866@@ -0,0 +1,378 @@
9867+/* fips/rand/fips_drbg_hash.c */
9868+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
9869+ * project.
9870+ */
9871+/* ====================================================================
9872+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
9873+ *
9874+ * Redistribution and use in source and binary forms, with or without
9875+ * modification, are permitted provided that the following conditions
9876+ * are met:
9877+ *
9878+ * 1. Redistributions of source code must retain the above copyright
9879+ * notice, this list of conditions and the following disclaimer.
9880+ *
9881+ * 2. Redistributions in binary form must reproduce the above copyright
9882+ * notice, this list of conditions and the following disclaimer in
9883+ * the documentation and/or other materials provided with the
9884+ * distribution.
9885+ *
9886+ * 3. All advertising materials mentioning features or use of this
9887+ * software must display the following acknowledgment:
9888+ * "This product includes software developed by the OpenSSL Project
9889+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
9890+ *
9891+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
9892+ * endorse or promote products derived from this software without
9893+ * prior written permission. For written permission, please contact
9894+ * licensing@OpenSSL.org.
9895+ *
9896+ * 5. Products derived from this software may not be called "OpenSSL"
9897+ * nor may "OpenSSL" appear in their names without prior written
9898+ * permission of the OpenSSL Project.
9899+ *
9900+ * 6. Redistributions of any form whatsoever must retain the following
9901+ * acknowledgment:
9902+ * "This product includes software developed by the OpenSSL Project
9903+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
9904+ *
9905+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
9906+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
9907+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
9908+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
9909+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
9910+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9911+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
9912+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
9913+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
9914+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
9915+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
9916+ * OF THE POSSIBILITY OF SUCH DAMAGE.
9917+ * ====================================================================
9918+ */
9919+
9920+#define OPENSSL_FIPSAPI
9921+
9922+#include <stdlib.h>
9923+#include <string.h>
9924+#include <openssl/crypto.h>
9925+#include <openssl/fips.h>
9926+#include <openssl/fips_rand.h>
9927+#include "fips_rand_lcl.h"
9928+
9929+/* This is Hash_df from SP 800-90 10.4.1 */
9930+
9931+static int hash_df(DRBG_CTX *dctx, unsigned char *out,
9932+ const unsigned char *in1, size_t in1len,
9933+ const unsigned char *in2, size_t in2len,
9934+ const unsigned char *in3, size_t in3len,
9935+ const unsigned char *in4, size_t in4len)
9936+ {
9937+ EVP_MD_CTX *mctx = &dctx->d.hash.mctx;
9938+ unsigned char *vtmp = dctx->d.hash.vtmp;
9939+ unsigned char tmp[6];
9940+ /* Standard only ever needs seedlen bytes which is always less than
9941+ * maximum permitted so no need to check length.
9942+ */
9943+ size_t outlen = dctx->seedlen;
9944+ tmp[0] = 1;
9945+ tmp[1] = ((outlen * 8) >> 24) & 0xff;
9946+ tmp[2] = ((outlen * 8) >> 16) & 0xff;
9947+ tmp[3] = ((outlen * 8) >> 8) & 0xff;
9948+ tmp[4] = (outlen * 8) & 0xff;
9949+ if (!in1)
9950+ {
9951+ tmp[5] = (unsigned char)in1len;
9952+ in1 = tmp + 5;
9953+ in1len = 1;
9954+ }
9955+ for (;;)
9956+ {
9957+ if (!FIPS_digestinit(mctx, dctx->d.hash.md))
9958+ return 0;
9959+ if (!FIPS_digestupdate(mctx, tmp, 5))
9960+ return 0;
9961+ if (in1 && !FIPS_digestupdate(mctx, in1, in1len))
9962+ return 0;
9963+ if (in2 && !FIPS_digestupdate(mctx, in2, in2len))
9964+ return 0;
9965+ if (in3 && !FIPS_digestupdate(mctx, in3, in3len))
9966+ return 0;
9967+ if (in4 && !FIPS_digestupdate(mctx, in4, in4len))
9968+ return 0;
9969+ if (outlen < dctx->blocklength)
9970+ {
9971+ if (!FIPS_digestfinal(mctx, vtmp, NULL))
9972+ return 0;
9973+ memcpy(out, vtmp, outlen);
9974+ OPENSSL_cleanse(vtmp, dctx->blocklength);
9975+ return 1;
9976+ }
9977+ else if(!FIPS_digestfinal(mctx, out, NULL))
9978+ return 0;
9979+
9980+ outlen -= dctx->blocklength;
9981+ if (outlen == 0)
9982+ return 1;
9983+ tmp[0]++;
9984+ out += dctx->blocklength;
9985+ }
9986+ }
9987+
9988+
9989+/* Add an unsigned buffer to the buf value, storing the result in buf. For
9990+ * this algorithm the length of input never exceeds the seed length.
9991+ */
9992+
9993+static void ctx_add_buf(DRBG_CTX *dctx, unsigned char *buf,
9994+ unsigned char *in, size_t inlen)
9995+ {
9996+ size_t i = inlen;
9997+ const unsigned char *q;
9998+ unsigned char c, *p;
9999+ p = buf + dctx->seedlen;
10000+ q = in + inlen;
10001+
10002+ OPENSSL_assert(i <= dctx->seedlen);
10003+
10004+ /* Special case: zero length, just increment buffer */
10005+ if (i)
10006+ c = 0;
10007+ else
10008+ c = 1;
10009+
10010+ while (i)
10011+ {
10012+ int r;
10013+ p--;
10014+ q--;
10015+ r = *p + *q + c;
10016+ /* Carry */
10017+ if (r > 0xff)
10018+ c = 1;
10019+ else
10020+ c = 0;
10021+ *p = r & 0xff;
10022+ i--;
10023+ }
10024+
10025+ i = dctx->seedlen - inlen;
10026+
10027+ /* If not adding whole buffer handle final carries */
10028+ if (c && i)
10029+ {
10030+ do
10031+ {
10032+ p--;
10033+ c = *p;
10034+ c++;
10035+ *p = c;
10036+ if(c)
10037+ return;
10038+ } while(i--);
10039+ }
10040+ }
10041+
10042+/* Finalise and add hash to V */
10043+
10044+static int ctx_add_md(DRBG_CTX *dctx)
10045+ {
10046+ if (!FIPS_digestfinal(&dctx->d.hash.mctx, dctx->d.hash.vtmp, NULL))
10047+ return 0;
10048+ ctx_add_buf(dctx, dctx->d.hash.V, dctx->d.hash.vtmp, dctx->blocklength);
10049+ return 1;
10050+ }
10051+
10052+static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
10053+ {
10054+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
10055+ if (outlen == 0)
10056+ return 1;
10057+ memcpy(hctx->vtmp, hctx->V, dctx->seedlen);
10058+ for(;;)
10059+ {
10060+ FIPS_digestinit(&hctx->mctx, hctx->md);
10061+ FIPS_digestupdate(&hctx->mctx, hctx->vtmp, dctx->seedlen);
10062+ if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
10063+ {
10064+ FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL);
10065+ dctx->lb_valid = 1;
10066+ }
10067+ else if (outlen < dctx->blocklength)
10068+ {
10069+ FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL);
10070+ if (!fips_drbg_cprng_test(dctx, hctx->vtmp))
10071+ return 0;
10072+ memcpy(out, hctx->vtmp, outlen);
10073+ return 1;
10074+ }
10075+ else
10076+ {
10077+ FIPS_digestfinal(&hctx->mctx, out, NULL);
10078+ if (!fips_drbg_cprng_test(dctx, out))
10079+ return 0;
10080+ outlen -= dctx->blocklength;
10081+ if (outlen == 0)
10082+ return 1;
10083+ out += dctx->blocklength;
10084+ }
10085+ ctx_add_buf(dctx, hctx->vtmp, NULL, 0);
10086+ }
10087+ }
10088+
10089+static int drbg_hash_instantiate(DRBG_CTX *dctx,
10090+ const unsigned char *ent, size_t ent_len,
10091+ const unsigned char *nonce, size_t nonce_len,
10092+ const unsigned char *pstr, size_t pstr_len)
10093+ {
10094+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
10095+ if (!hash_df(dctx, hctx->V,
10096+ ent, ent_len, nonce, nonce_len, pstr, pstr_len,
10097+ NULL, 0))
10098+ return 0;
10099+ if (!hash_df(dctx, hctx->C,
10100+ NULL, 0, hctx->V, dctx->seedlen,
10101+ NULL, 0, NULL, 0))
10102+ return 0;
10103+
10104+#ifdef HASH_DRBG_TRACE
10105+ fprintf(stderr, "V+C after instantiate:\n");
10106+ hexprint(stderr, hctx->V, dctx->seedlen);
10107+ hexprint(stderr, hctx->C, dctx->seedlen);
10108+#endif
10109+ return 1;
10110+ }
10111+
10112+
10113+static int drbg_hash_reseed(DRBG_CTX *dctx,
10114+ const unsigned char *ent, size_t ent_len,
10115+ const unsigned char *adin, size_t adin_len)
10116+ {
10117+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
10118+ /* V about to be updated so use C as output instead */
10119+ if (!hash_df(dctx, hctx->C,
10120+ NULL, 1, hctx->V, dctx->seedlen,
10121+ ent, ent_len, adin, adin_len))
10122+ return 0;
10123+ memcpy(hctx->V, hctx->C, dctx->seedlen);
10124+ if (!hash_df(dctx, hctx->C, NULL, 0,
10125+ hctx->V, dctx->seedlen, NULL, 0, NULL, 0))
10126+ return 0;
10127+#ifdef HASH_DRBG_TRACE
10128+ fprintf(stderr, "V+C after reseed:\n");
10129+ hexprint(stderr, hctx->V, dctx->seedlen);
10130+ hexprint(stderr, hctx->C, dctx->seedlen);
10131+#endif
10132+ return 1;
10133+ }
10134+
10135+static int drbg_hash_generate(DRBG_CTX *dctx,
10136+ unsigned char *out, size_t outlen,
10137+ const unsigned char *adin, size_t adin_len)
10138+ {
10139+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
10140+ EVP_MD_CTX *mctx = &hctx->mctx;
10141+ unsigned char tmp[4];
10142+ if (adin && adin_len)
10143+ {
10144+ tmp[0] = 2;
10145+ if (!FIPS_digestinit(mctx, hctx->md))
10146+ return 0;
10147+ if (!EVP_DigestUpdate(mctx, tmp, 1))
10148+ return 0;
10149+ if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
10150+ return 0;
10151+ if (!EVP_DigestUpdate(mctx, adin, adin_len))
10152+ return 0;
10153+ if (!ctx_add_md(dctx))
10154+ return 0;
10155+ }
10156+ if (!hash_gen(dctx, out, outlen))
10157+ return 0;
10158+
10159+ tmp[0] = 3;
10160+ if (!FIPS_digestinit(mctx, hctx->md))
10161+ return 0;
10162+ if (!EVP_DigestUpdate(mctx, tmp, 1))
10163+ return 0;
10164+ if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
10165+ return 0;
10166+
10167+ if (!ctx_add_md(dctx))
10168+ return 0;
10169+
10170+ ctx_add_buf(dctx, hctx->V, hctx->C, dctx->seedlen);
10171+
10172+ tmp[0] = (dctx->reseed_counter >> 24) & 0xff;
10173+ tmp[1] = (dctx->reseed_counter >> 16) & 0xff;
10174+ tmp[2] = (dctx->reseed_counter >> 8) & 0xff;
10175+ tmp[3] = dctx->reseed_counter & 0xff;
10176+ ctx_add_buf(dctx, hctx->V, tmp, 4);
10177+#ifdef HASH_DRBG_TRACE
10178+ fprintf(stderr, "V+C after generate:\n");
10179+ hexprint(stderr, hctx->V, dctx->seedlen);
10180+ hexprint(stderr, hctx->C, dctx->seedlen);
10181+#endif
10182+ return 1;
10183+ }
10184+
10185+static int drbg_hash_uninstantiate(DRBG_CTX *dctx)
10186+ {
10187+ EVP_MD_CTX_cleanup(&dctx->d.hash.mctx);
10188+ OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX));
10189+ return 1;
10190+ }
10191+
10192+int fips_drbg_hash_init(DRBG_CTX *dctx)
10193+ {
10194+ const EVP_MD *md;
10195+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
10196+ md = FIPS_get_digestbynid(dctx->type);
10197+ if (!md)
10198+ return -2;
10199+ switch (dctx->type)
10200+ {
10201+ case NID_sha1:
10202+ dctx->strength = 128;
10203+ break;
10204+
10205+ case NID_sha224:
10206+ dctx->strength = 192;
10207+ break;
10208+
10209+ default:
10210+ dctx->strength = 256;
10211+ break;
10212+ }
10213+
10214+ dctx->instantiate = drbg_hash_instantiate;
10215+ dctx->reseed = drbg_hash_reseed;
10216+ dctx->generate = drbg_hash_generate;
10217+ dctx->uninstantiate = drbg_hash_uninstantiate;
10218+
10219+ dctx->d.hash.md = md;
10220+ EVP_MD_CTX_init(&hctx->mctx);
10221+
10222+ /* These are taken from SP 800-90 10.1 table 2 */
10223+
10224+ dctx->blocklength = M_EVP_MD_size(md);
10225+ if (dctx->blocklength > 32)
10226+ dctx->seedlen = 111;
10227+ else
10228+ dctx->seedlen = 55;
10229+
10230+
10231+ dctx->min_entropy = dctx->strength / 8;
10232+ dctx->max_entropy = DRBG_MAX_LENGTH;
10233+
10234+ dctx->min_nonce = dctx->min_entropy / 2;
10235+ dctx->max_nonce = DRBG_MAX_LENGTH;
10236+
10237+ dctx->max_pers = DRBG_MAX_LENGTH;
10238+ dctx->max_adin = DRBG_MAX_LENGTH;
10239+
10240+ dctx->max_request = 1<<16;
10241+ dctx->reseed_interval = 1<<24;
10242+
10243+ return 1;
10244+ }
a7ff9508
MT		 10245diff -up openssl-1.0.1b/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_hmac.c
10246--- openssl-1.0.1b/crypto/fips/fips_drbg_hmac.c.fips 2012-04-26 18:00:51.402769343 +0200
10247+++ openssl-1.0.1b/crypto/fips/fips_drbg_hmac.c 2012-04-26 18:00:51.402769343 +0200
0595faf5
MT		 10248@@ -0,0 +1,281 @@
10249+/* fips/rand/fips_drbg_hmac.c */
10250+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
10251+ * project.
10252+ */
10253+/* ====================================================================
10254+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
10255+ *
10256+ * Redistribution and use in source and binary forms, with or without
10257+ * modification, are permitted provided that the following conditions
10258+ * are met:
10259+ *
10260+ * 1. Redistributions of source code must retain the above copyright
10261+ * notice, this list of conditions and the following disclaimer.
10262+ *
10263+ * 2. Redistributions in binary form must reproduce the above copyright
10264+ * notice, this list of conditions and the following disclaimer in
10265+ * the documentation and/or other materials provided with the
10266+ * distribution.
10267+ *
10268+ * 3. All advertising materials mentioning features or use of this
10269+ * software must display the following acknowledgment:
10270+ * "This product includes software developed by the OpenSSL Project
10271+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
10272+ *
10273+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
10274+ * endorse or promote products derived from this software without
10275+ * prior written permission. For written permission, please contact
10276+ * licensing@OpenSSL.org.
10277+ *
10278+ * 5. Products derived from this software may not be called "OpenSSL"
10279+ * nor may "OpenSSL" appear in their names without prior written
10280+ * permission of the OpenSSL Project.
10281+ *
10282+ * 6. Redistributions of any form whatsoever must retain the following
10283+ * acknowledgment:
10284+ * "This product includes software developed by the OpenSSL Project
10285+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
10286+ *
10287+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
10288+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
10289+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
10290+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
10291+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
10292+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
10293+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
10294+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
10295+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
10296+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
10297+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
10298+ * OF THE POSSIBILITY OF SUCH DAMAGE.
10299+ * ====================================================================
10300+ */
10301+
10302+#include <stdlib.h>
10303+#include <string.h>
10304+#include <openssl/crypto.h>
10305+#include <openssl/evp.h>
10306+#include <openssl/hmac.h>
10307+#include <openssl/aes.h>
10308+#include <openssl/fips.h>
10309+#include <openssl/fips_rand.h>
10310+#include "fips_rand_lcl.h"
10311+
10312+static int drbg_hmac_update(DRBG_CTX *dctx,
10313+ const unsigned char *in1, size_t in1len,
10314+ const unsigned char *in2, size_t in2len,
10315+ const unsigned char *in3, size_t in3len
10316+ )
10317+ {
10318+ static unsigned char c0 = 0, c1 = 1;
10319+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
10320+ HMAC_CTX *hctx = &hmac->hctx;
10321+
10322+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
10323+ return 0;
10324+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
10325+ return 0;
10326+ if (!HMAC_Update(hctx, &c0, 1))
10327+ return 0;
10328+ if (in1len && !HMAC_Update(hctx, in1, in1len))
10329+ return 0;
10330+ if (in2len && !HMAC_Update(hctx, in2, in2len))
10331+ return 0;
10332+ if (in3len && !HMAC_Update(hctx, in3, in3len))
10333+ return 0;
10334+
10335+ if (!HMAC_Final(hctx, hmac->K, NULL))
10336+ return 0;
10337+
10338+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
10339+ return 0;
10340+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
10341+ return 0;
10342+
10343+ if (!HMAC_Final(hctx, hmac->V, NULL))
10344+ return 0;
10345+
10346+ if (!in1len && !in2len && !in3len)
10347+ return 1;
10348+
10349+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
10350+ return 0;
10351+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
10352+ return 0;
10353+ if (!HMAC_Update(hctx, &c1, 1))
10354+ return 0;
10355+ if (in1len && !HMAC_Update(hctx, in1, in1len))
10356+ return 0;
10357+ if (in2len && !HMAC_Update(hctx, in2, in2len))
10358+ return 0;
10359+ if (in3len && !HMAC_Update(hctx, in3, in3len))
10360+ return 0;
10361+
10362+ if (!HMAC_Final(hctx, hmac->K, NULL))
10363+ return 0;
10364+
10365+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
10366+ return 0;
10367+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
10368+ return 0;
10369+
10370+ if (!HMAC_Final(hctx, hmac->V, NULL))
10371+ return 0;
10372+
10373+ return 1;
10374+
10375+ }
10376+
10377+static int drbg_hmac_instantiate(DRBG_CTX *dctx,
10378+ const unsigned char *ent, size_t ent_len,
10379+ const unsigned char *nonce, size_t nonce_len,
10380+ const unsigned char *pstr, size_t pstr_len)
10381+ {
10382+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
10383+ memset(hmac->K, 0, dctx->blocklength);
10384+ memset(hmac->V, 1, dctx->blocklength);
10385+ if (!drbg_hmac_update(dctx,
10386+ ent, ent_len, nonce, nonce_len, pstr, pstr_len))
10387+ return 0;
10388+
10389+#ifdef HMAC_DRBG_TRACE
10390+ fprintf(stderr, "K+V after instantiate:\n");
10391+ hexprint(stderr, hmac->K, hmac->blocklength);
10392+ hexprint(stderr, hmac->V, hmac->blocklength);
10393+#endif
10394+ return 1;
10395+ }
10396+
10397+static int drbg_hmac_reseed(DRBG_CTX *dctx,
10398+ const unsigned char *ent, size_t ent_len,
10399+ const unsigned char *adin, size_t adin_len)
10400+ {
10401+ if (!drbg_hmac_update(dctx,
10402+ ent, ent_len, adin, adin_len, NULL, 0))
10403+ return 0;
10404+
10405+#ifdef HMAC_DRBG_TRACE
10406+ {
10407+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
10408+ fprintf(stderr, "K+V after reseed:\n");
10409+ hexprint(stderr, hmac->K, hmac->blocklength);
10410+ hexprint(stderr, hmac->V, hmac->blocklength);
10411+ }
10412+#endif
10413+ return 1;
10414+ }
10415+
10416+static int drbg_hmac_generate(DRBG_CTX *dctx,
10417+ unsigned char *out, size_t outlen,
10418+ const unsigned char *adin, size_t adin_len)
10419+ {
10420+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
10421+ HMAC_CTX *hctx = &hmac->hctx;
10422+ const unsigned char *Vtmp = hmac->V;
10423+ if (adin_len && !drbg_hmac_update(dctx, adin, adin_len,
10424+ NULL, 0, NULL, 0))
10425+ return 0;
10426+ for (;;)
10427+ {
10428+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength,
10429+ hmac->md, NULL))
10430+ return 0;
10431+ if (!HMAC_Update(hctx, Vtmp, dctx->blocklength))
10432+ return 0;
10433+ if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
10434+ {
10435+ if (!HMAC_Final(hctx, dctx->lb, NULL))
10436+ return 0;
10437+ dctx->lb_valid = 1;
10438+ Vtmp = dctx->lb;
10439+ continue;
10440+ }
10441+ else if (outlen > dctx->blocklength)
10442+ {
10443+ if (!HMAC_Final(hctx, out, NULL))
10444+ return 0;
10445+ if (!fips_drbg_cprng_test(dctx, out))
10446+ return 0;
10447+ Vtmp = out;
10448+ }
10449+ else
10450+ {
10451+ if (!HMAC_Final(hctx, hmac->V, NULL))
10452+ return 0;
10453+ if (!fips_drbg_cprng_test(dctx, hmac->V))
10454+ return 0;
10455+ memcpy(out, hmac->V, outlen);
10456+ break;
10457+ }
10458+ out += dctx->blocklength;
10459+ outlen -= dctx->blocklength;
10460+ }
10461+ if (!drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0))
10462+ return 0;
10463+
10464+ return 1;
10465+ }
10466+
10467+static int drbg_hmac_uninstantiate(DRBG_CTX *dctx)
10468+ {
10469+ HMAC_CTX_cleanup(&dctx->d.hmac.hctx);
10470+ OPENSSL_cleanse(&dctx->d.hmac, sizeof(DRBG_HMAC_CTX));
10471+ return 1;
10472+ }
10473+
10474+int fips_drbg_hmac_init(DRBG_CTX *dctx)
10475+ {
10476+ const EVP_MD *md = NULL;
10477+ DRBG_HMAC_CTX *hctx = &dctx->d.hmac;
10478+ dctx->strength = 256;
10479+ switch (dctx->type)
10480+ {
10481+ case NID_hmacWithSHA1:
10482+ md = EVP_sha1();
10483+ dctx->strength = 128;
10484+ break;
10485+
10486+ case NID_hmacWithSHA224:
10487+ md = EVP_sha224();
10488+ dctx->strength = 192;
10489+ break;
10490+
10491+ case NID_hmacWithSHA256:
10492+ md = EVP_sha256();
10493+ break;
10494+
10495+ case NID_hmacWithSHA384:
10496+ md = EVP_sha384();
10497+ break;
10498+
10499+ case NID_hmacWithSHA512:
10500+ md = EVP_sha512();
10501+ break;
10502+
10503+ default:
10504+ dctx->strength = 0;
10505+ return -2;
10506+ }
10507+ dctx->instantiate = drbg_hmac_instantiate;
10508+ dctx->reseed = drbg_hmac_reseed;
10509+ dctx->generate = drbg_hmac_generate;
10510+ dctx->uninstantiate = drbg_hmac_uninstantiate;
10511+ HMAC_CTX_init(&hctx->hctx);
10512+ hctx->md = md;
10513+ dctx->blocklength = M_EVP_MD_size(md);
10514+ dctx->seedlen = M_EVP_MD_size(md);
10515+
10516+ dctx->min_entropy = dctx->strength / 8;
10517+ dctx->max_entropy = DRBG_MAX_LENGTH;
10518+
10519+ dctx->min_nonce = dctx->min_entropy / 2;
10520+ dctx->max_nonce = DRBG_MAX_LENGTH;
10521+
10522+ dctx->max_pers = DRBG_MAX_LENGTH;
10523+ dctx->max_adin = DRBG_MAX_LENGTH;
10524+
10525+ dctx->max_request = 1<<16;
10526+ dctx->reseed_interval = 1<<24;
10527+
10528+ return 1;
10529+ }
a7ff9508
MT		 10530diff -up openssl-1.0.1b/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_lib.c
10531--- openssl-1.0.1b/crypto/fips/fips_drbg_lib.c.fips 2012-04-26 18:00:51.402769343 +0200
10532+++ openssl-1.0.1b/crypto/fips/fips_drbg_lib.c 2012-04-26 18:00:51.402769343 +0200
10533@@ -0,0 +1,578 @@
0595faf5
MT		 10534+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
10535+ * project.
10536+ */
10537+/* ====================================================================
10538+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
10539+ *
10540+ * Redistribution and use in source and binary forms, with or without
10541+ * modification, are permitted provided that the following conditions
10542+ * are met:
10543+ *
10544+ * 1. Redistributions of source code must retain the above copyright
10545+ * notice, this list of conditions and the following disclaimer.
10546+ *
10547+ * 2. Redistributions in binary form must reproduce the above copyright
10548+ * notice, this list of conditions and the following disclaimer in
10549+ * the documentation and/or other materials provided with the
10550+ * distribution.
10551+ *
10552+ * 3. All advertising materials mentioning features or use of this
10553+ * software must display the following acknowledgment:
10554+ * "This product includes software developed by the OpenSSL Project
10555+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
10556+ *
10557+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
10558+ * endorse or promote products derived from this software without
10559+ * prior written permission. For written permission, please contact
10560+ * licensing@OpenSSL.org.
10561+ *
10562+ * 5. Products derived from this software may not be called "OpenSSL"
10563+ * nor may "OpenSSL" appear in their names without prior written
10564+ * permission of the OpenSSL Project.
10565+ *
10566+ * 6. Redistributions of any form whatsoever must retain the following
10567+ * acknowledgment:
10568+ * "This product includes software developed by the OpenSSL Project
10569+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
10570+ *
10571+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
10572+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
10573+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
10574+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
10575+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
10576+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
10577+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
10578+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
10579+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
10580+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
10581+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
10582+ * OF THE POSSIBILITY OF SUCH DAMAGE.
10583+ * ====================================================================
10584+ */
10585+
10586+#include <string.h>
10587+#include <openssl/crypto.h>
10588+#include <openssl/err.h>
10589+#include <openssl/fips_rand.h>
10590+#include "fips_locl.h"
10591+#include "fips_rand_lcl.h"
10592+
10593+/* Support framework for SP800-90 DRBGs */
10594+
10595+int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
10596+ {
10597+ int rv;
10598+ memset(dctx, 0, sizeof(DRBG_CTX));
10599+ dctx->status = DRBG_STATUS_UNINITIALISED;
10600+ dctx->xflags = flags;
10601+ dctx->type = type;
10602+
10603+ dctx->iflags = 0;
10604+ dctx->entropy_blocklen = 0;
10605+ dctx->health_check_cnt = 0;
10606+ dctx->health_check_interval = DRBG_HEALTH_INTERVAL;
10607+
10608+ rv = fips_drbg_hash_init(dctx);
10609+
10610+ if (rv == -2)
10611+ rv = fips_drbg_ctr_init(dctx);
10612+ if (rv == -2)
10613+ rv = fips_drbg_hmac_init(dctx);
10614+
10615+ if (rv <= 0)
10616+ {
10617+ if (rv == -2)
10618+ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_UNSUPPORTED_DRBG_TYPE);
10619+ else
10620+ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_ERROR_INITIALISING_DRBG);
10621+ }
10622+
10623+ /* If not in test mode run selftests on DRBG of the same type */
10624+
10625+ if (!(dctx->xflags & DRBG_FLAG_TEST))
10626+ {
10627+ if (!FIPS_drbg_health_check(dctx))
10628+ {
10629+ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);
10630+ return 0;
10631+ }
10632+ }
10633+
10634+ return rv;
10635+ }
10636+
10637+DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
10638+ {
10639+ DRBG_CTX *dctx;
10640+ dctx = OPENSSL_malloc(sizeof(DRBG_CTX));
10641+ if (!dctx)
10642+ {
10643+ FIPSerr(FIPS_F_FIPS_DRBG_NEW, ERR_R_MALLOC_FAILURE);
10644+ return NULL;
10645+ }
10646+
10647+ if (type == 0)
10648+ {
10649+ memset(dctx, 0, sizeof(DRBG_CTX));
10650+ dctx->type = 0;
10651+ dctx->status = DRBG_STATUS_UNINITIALISED;
10652+ return dctx;
10653+ }
10654+
10655+ if (FIPS_drbg_init(dctx, type, flags) <= 0)
10656+ {
10657+ OPENSSL_free(dctx);
10658+ return NULL;
10659+ }
10660+
10661+ return dctx;
10662+ }
10663+
10664+void FIPS_drbg_free(DRBG_CTX *dctx)
10665+ {
10666+ if (dctx->uninstantiate)
10667+ dctx->uninstantiate(dctx);
10668+ /* Don't free up default DRBG */
10669+ if (dctx == FIPS_get_default_drbg())
10670+ {
10671+ memset(dctx, 0, sizeof(DRBG_CTX));
10672+ dctx->type = 0;
10673+ dctx->status = DRBG_STATUS_UNINITIALISED;
10674+ }
10675+ else
10676+ {
10677+ OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
10678+ OPENSSL_free(dctx);
10679+ }
10680+ }
10681+
10682+static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
10683+ int entropy, size_t min_len, size_t max_len)
10684+ {
10685+ unsigned char *tout, *p;
10686+ size_t bl = dctx->entropy_blocklen, rv;
10687+ if (!dctx->get_entropy)
10688+ return 0;
10689+ if (dctx->xflags & DRBG_FLAG_TEST || !bl)
10690+ return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
10691+ rv = dctx->get_entropy(dctx, &tout, entropy + bl,
10692+ min_len + bl, max_len + bl);
a7ff9508
MT		 10693+ if (tout == NULL)
10694+ return 0;
0595faf5
MT		 10695+ *pout = tout + bl;
10696+ if (rv < (min_len + bl) || (rv % bl))
10697+ return 0;
10698+ /* Compare consecutive blocks for continuous PRNG test */
10699+ for (p = tout; p < tout + rv - bl; p += bl)
10700+ {
10701+ if (!memcmp(p, p + bl, bl))
10702+ {
10703+ FIPSerr(FIPS_F_FIPS_GET_ENTROPY, FIPS_R_ENTROPY_SOURCE_STUCK);
10704+ return 0;
10705+ }
10706+ }
10707+ rv -= bl;
10708+ if (rv > max_len)
10709+ return max_len;
10710+ return rv;
10711+ }
10712+
10713+static void fips_cleanup_entropy(DRBG_CTX *dctx,
10714+ unsigned char *out, size_t olen)
10715+ {
10716+ size_t bl;
10717+ if (dctx->xflags & DRBG_FLAG_TEST)
10718+ bl = 0;
10719+ else
10720+ bl = dctx->entropy_blocklen;
10721+ /* Call cleanup with original arguments */
10722+ dctx->cleanup_entropy(dctx, out - bl, olen + bl);
10723+ }
10724+
10725+
10726+int FIPS_drbg_instantiate(DRBG_CTX *dctx,
10727+ const unsigned char *pers, size_t perslen)
10728+ {
10729+ size_t entlen = 0, noncelen = 0;
10730+ unsigned char *nonce = NULL, *entropy = NULL;
10731+
10732+#if 0
10733+ /* Put here so error script picks them up */
10734+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE,
10735+ FIPS_R_PERSONALISATION_STRING_TOO_LONG);
10736+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_IN_ERROR_STATE);
10737+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ALREADY_INSTANTIATED);
10738+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY);
10739+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE);
10740+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR);
10741+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED);
10742+#endif
10743+
10744+ int r = 0;
10745+
10746+ if (perslen > dctx->max_pers)
10747+ {
10748+ r = FIPS_R_PERSONALISATION_STRING_TOO_LONG;
10749+ goto end;
10750+ }
10751+
10752+ if (!dctx->instantiate)
10753+ {
10754+ r = FIPS_R_DRBG_NOT_INITIALISED;
10755+ goto end;
10756+ }
10757+
10758+ if (dctx->status != DRBG_STATUS_UNINITIALISED)
10759+ {
10760+ if (dctx->status == DRBG_STATUS_ERROR)
10761+ r = FIPS_R_IN_ERROR_STATE;
10762+ else
10763+ r = FIPS_R_ALREADY_INSTANTIATED;
10764+ goto end;
10765+ }
10766+
10767+ dctx->status = DRBG_STATUS_ERROR;
10768+
10769+ entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
10770+ dctx->min_entropy, dctx->max_entropy);
10771+
10772+ if (entlen < dctx->min_entropy || entlen > dctx->max_entropy)
10773+ {
10774+ r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
10775+ goto end;
10776+ }
10777+
10778+ if (dctx->max_nonce > 0 && dctx->get_nonce)
10779+ {
10780+ noncelen = dctx->get_nonce(dctx, &nonce,
10781+ dctx->strength / 2,
10782+ dctx->min_nonce, dctx->max_nonce);
10783+
10784+ if (noncelen < dctx->min_nonce || noncelen > dctx->max_nonce)
10785+ {
10786+ r = FIPS_R_ERROR_RETRIEVING_NONCE;
10787+ goto end;
10788+ }
10789+
10790+ }
10791+
10792+ if (!dctx->instantiate(dctx,
10793+ entropy, entlen,
10794+ nonce, noncelen,
10795+ pers, perslen))
10796+ {
10797+ r = FIPS_R_ERROR_INSTANTIATING_DRBG;
10798+ goto end;
10799+ }
10800+
10801+
10802+ dctx->status = DRBG_STATUS_READY;
10803+ if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
10804+ dctx->reseed_counter = 1;
10805+
10806+ end:
10807+
10808+ if (entropy && dctx->cleanup_entropy)
10809+ fips_cleanup_entropy(dctx, entropy, entlen);
10810+
10811+ if (nonce && dctx->cleanup_nonce)
10812+ dctx->cleanup_nonce(dctx, nonce, noncelen);
10813+
10814+ if (dctx->status == DRBG_STATUS_READY)
10815+ return 1;
10816+
10817+ if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
10818+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, r);
10819+
10820+ return 0;
10821+
10822+ }
10823+
10824+static int drbg_reseed(DRBG_CTX *dctx,
10825+ const unsigned char *adin, size_t adinlen, int hcheck)
10826+ {
10827+ unsigned char *entropy = NULL;
10828+ size_t entlen = 0;
10829+ int r = 0;
10830+
10831+#if 0
10832+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_NOT_INSTANTIATED);
10833+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
10834+#endif
10835+ if (dctx->status != DRBG_STATUS_READY
10836+ && dctx->status != DRBG_STATUS_RESEED)
10837+ {
10838+ if (dctx->status == DRBG_STATUS_ERROR)
10839+ r = FIPS_R_IN_ERROR_STATE;
10840+ else if(dctx->status == DRBG_STATUS_UNINITIALISED)
10841+ r = FIPS_R_NOT_INSTANTIATED;
10842+ goto end;
10843+ }
10844+
10845+ if (!adin)
10846+ adinlen = 0;
10847+ else if (adinlen > dctx->max_adin)
10848+ {
10849+ r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
10850+ goto end;
10851+ }
10852+
10853+ dctx->status = DRBG_STATUS_ERROR;
10854+ /* Peform health check on all reseed operations if not a prediction
10855+ * resistance request and not in test mode.
10856+ */
10857+ if (hcheck && !(dctx->xflags & DRBG_FLAG_TEST))
10858+ {
10859+ if (!FIPS_drbg_health_check(dctx))
10860+ {
10861+ r = FIPS_R_SELFTEST_FAILURE;
10862+ goto end;
10863+ }
10864+ }
10865+
10866+ entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
10867+ dctx->min_entropy, dctx->max_entropy);
10868+
10869+ if (entlen < dctx->min_entropy || entlen > dctx->max_entropy)
10870+ {
10871+ r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
10872+ goto end;
10873+ }
10874+
10875+ if (!dctx->reseed(dctx, entropy, entlen, adin, adinlen))
10876+ goto end;
10877+
10878+ dctx->status = DRBG_STATUS_READY;
10879+ if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
10880+ dctx->reseed_counter = 1;
10881+ end:
10882+
10883+ if (entropy && dctx->cleanup_entropy)
10884+ fips_cleanup_entropy(dctx, entropy, entlen);
10885+
10886+ if (dctx->status == DRBG_STATUS_READY)
10887+ return 1;
10888+
10889+ if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
10890+ FIPSerr(FIPS_F_DRBG_RESEED, r);
10891+
10892+ return 0;
10893+ }
10894+
10895+int FIPS_drbg_reseed(DRBG_CTX *dctx,
10896+ const unsigned char *adin, size_t adinlen)
10897+ {
10898+ return drbg_reseed(dctx, adin, adinlen, 1);
10899+ }
10900+
10901+static int fips_drbg_check(DRBG_CTX *dctx)
10902+ {
10903+ if (dctx->xflags & DRBG_FLAG_TEST)
10904+ return 1;
10905+ dctx->health_check_cnt++;
10906+ if (dctx->health_check_cnt >= dctx->health_check_interval)
10907+ {
10908+ if (!FIPS_drbg_health_check(dctx))
10909+ {
10910+ FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE);
10911+ return 0;
10912+ }
10913+ }
10914+ return 1;
10915+ }
10916+
10917+int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
10918+ int prediction_resistance,
10919+ const unsigned char *adin, size_t adinlen)
10920+ {
10921+ int r = 0;
10922+
10923+ if (FIPS_selftest_failed())
10924+ {
10925+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED);
10926+ return 0;
10927+ }
10928+
10929+ if (!fips_drbg_check(dctx))
10930+ return 0;
10931+
10932+ if (dctx->status != DRBG_STATUS_READY
10933+ && dctx->status != DRBG_STATUS_RESEED)
10934+ {
10935+ if (dctx->status == DRBG_STATUS_ERROR)
10936+ r = FIPS_R_IN_ERROR_STATE;
10937+ else if(dctx->status == DRBG_STATUS_UNINITIALISED)
10938+ r = FIPS_R_NOT_INSTANTIATED;
10939+ goto end;
10940+ }
10941+
10942+ if (outlen > dctx->max_request)
10943+ {
10944+ r = FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG;
10945+ return 0;
10946+ }
10947+
10948+ if (adinlen > dctx->max_adin)
10949+ {
10950+ r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
10951+ goto end;
10952+ }
10953+
10954+ if (dctx->iflags & DRBG_CUSTOM_RESEED)
10955+ dctx->generate(dctx, NULL, outlen, NULL, 0);
10956+ else if (dctx->reseed_counter >= dctx->reseed_interval)
10957+ dctx->status = DRBG_STATUS_RESEED;
10958+
10959+ if (dctx->status == DRBG_STATUS_RESEED || prediction_resistance)
10960+ {
10961+ /* If prediction resistance request don't do health check */
10962+ int hcheck = prediction_resistance ? 0 : 1;
10963+
10964+ if (!drbg_reseed(dctx, adin, adinlen, hcheck))
10965+ {
10966+ r = FIPS_R_RESEED_ERROR;
10967+ goto end;
10968+ }
10969+ adin = NULL;
10970+ adinlen = 0;
10971+ }
10972+
10973+ if (!dctx->generate(dctx, out, outlen, adin, adinlen))
10974+ {
10975+ r = FIPS_R_GENERATE_ERROR;
10976+ dctx->status = DRBG_STATUS_ERROR;
10977+ goto end;
10978+ }
10979+ if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
10980+ {
10981+ if (dctx->reseed_counter >= dctx->reseed_interval)
10982+ dctx->status = DRBG_STATUS_RESEED;
10983+ else
10984+ dctx->reseed_counter++;
10985+ }
10986+
10987+ end:
10988+ if (r)
10989+ {
10990+ if (!(dctx->iflags & DRBG_FLAG_NOERR))
10991+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, r);
10992+ return 0;
10993+ }
10994+
10995+ return 1;
10996+ }
10997+
10998+int FIPS_drbg_uninstantiate(DRBG_CTX *dctx)
10999+ {
11000+ int rv;
11001+ if (!dctx->uninstantiate)
11002+ rv = 1;
11003+ else
11004+ rv = dctx->uninstantiate(dctx);
11005+ /* Although we'd like to cleanse here we can't because we have to
11006+ * test the uninstantiate really zeroes the data.
11007+ */
11008+ memset(&dctx->d, 0, sizeof(dctx->d));
11009+ dctx->status = DRBG_STATUS_UNINITIALISED;
11010+ /* If method has problems uninstantiating, return error */
11011+ return rv;
11012+ }
11013+
11014+int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
11015+ size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
11016+ int entropy, size_t min_len, size_t max_len),
11017+ void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
11018+ size_t entropy_blocklen,
11019+ size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
11020+ int entropy, size_t min_len, size_t max_len),
11021+ void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen))
11022+ {
11023+ if (dctx->status != DRBG_STATUS_UNINITIALISED)
11024+ return 0;
11025+ dctx->entropy_blocklen = entropy_blocklen;
11026+ dctx->get_entropy = get_entropy;
11027+ dctx->cleanup_entropy = cleanup_entropy;
11028+ dctx->get_nonce = get_nonce;
11029+ dctx->cleanup_nonce = cleanup_nonce;
11030+ return 1;
11031+ }
11032+
11033+int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
11034+ size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout),
11035+ void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
11036+ int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num),
11037+ int (*rand_add_cb)(DRBG_CTX *ctx,
11038+ const void *buf, int num, double entropy))
11039+ {
11040+ if (dctx->status != DRBG_STATUS_UNINITIALISED)
11041+ return 0;
11042+ dctx->get_adin = get_adin;
11043+ dctx->cleanup_adin = cleanup_adin;
11044+ dctx->rand_seed_cb = rand_seed_cb;
11045+ dctx->rand_add_cb = rand_add_cb;
11046+ return 1;
11047+ }
11048+
11049+void *FIPS_drbg_get_app_data(DRBG_CTX *dctx)
11050+ {
11051+ return dctx->app_data;
11052+ }
11053+
11054+void FIPS_drbg_set_app_data(DRBG_CTX *dctx, void *app_data)
11055+ {
11056+ dctx->app_data = app_data;
11057+ }
11058+
11059+size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx)
11060+ {
11061+ return dctx->blocklength;
11062+ }
11063+
11064+int FIPS_drbg_get_strength(DRBG_CTX *dctx)
11065+ {
11066+ return dctx->strength;
11067+ }
11068+
11069+void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval)
11070+ {
11071+ dctx->health_check_interval = interval;
11072+ }
11073+
11074+void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval)
11075+ {
11076+ dctx->reseed_interval = interval;
11077+ }
11078+
11079+static int drbg_stick = 0;
11080+
11081+void FIPS_drbg_stick(int onoff)
11082+ {
11083+ drbg_stick = onoff;
11084+ }
11085+
11086+/* Continuous DRBG utility function */
11087+int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out)
11088+ {
11089+ /* No CPRNG in test mode */
11090+ if (dctx->xflags & DRBG_FLAG_TEST)
11091+ return 1;
11092+ /* Check block is valid: should never happen */
11093+ if (dctx->lb_valid == 0)
11094+ {
11095+ FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_INTERNAL_ERROR);
11096+ fips_set_selftest_fail();
11097+ return 0;
11098+ }
11099+ if (drbg_stick)
11100+ memcpy(dctx->lb, out, dctx->blocklength);
11101+ /* Check against last block: fail if match */
11102+ if (!memcmp(dctx->lb, out, dctx->blocklength))
11103+ {
11104+ FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_DRBG_STUCK);
11105+ fips_set_selftest_fail();
11106+ return 0;
11107+ }
11108+ /* Save last block for next comparison */
11109+ memcpy(dctx->lb, out, dctx->blocklength);
11110+ return 1;
11111+ }
a7ff9508
MT		 11112diff -up openssl-1.0.1b/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_rand.c
11113--- openssl-1.0.1b/crypto/fips/fips_drbg_rand.c.fips 2012-04-26 18:00:51.403769365 +0200
11114+++ openssl-1.0.1b/crypto/fips/fips_drbg_rand.c 2012-04-26 18:00:51.403769365 +0200
0595faf5
MT		 11115@@ -0,0 +1,172 @@
11116+/* fips/rand/fips_drbg_rand.c */
11117+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
11118+ * project.
11119+ */
11120+/* ====================================================================
11121+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
11122+ *
11123+ * Redistribution and use in source and binary forms, with or without
11124+ * modification, are permitted provided that the following conditions
11125+ * are met:
11126+ *
11127+ * 1. Redistributions of source code must retain the above copyright
11128+ * notice, this list of conditions and the following disclaimer.
11129+ *
11130+ * 2. Redistributions in binary form must reproduce the above copyright
11131+ * notice, this list of conditions and the following disclaimer in
11132+ * the documentation and/or other materials provided with the
11133+ * distribution.
11134+ *
11135+ * 3. All advertising materials mentioning features or use of this
11136+ * software must display the following acknowledgment:
11137+ * "This product includes software developed by the OpenSSL Project
11138+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
11139+ *
11140+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
11141+ * endorse or promote products derived from this software without
11142+ * prior written permission. For written permission, please contact
11143+ * licensing@OpenSSL.org.
11144+ *
11145+ * 5. Products derived from this software may not be called "OpenSSL"
11146+ * nor may "OpenSSL" appear in their names without prior written
11147+ * permission of the OpenSSL Project.
11148+ *
11149+ * 6. Redistributions of any form whatsoever must retain the following
11150+ * acknowledgment:
11151+ * "This product includes software developed by the OpenSSL Project
11152+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
11153+ *
11154+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
11155+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
11156+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
11157+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
11158+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
11159+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
11160+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
11161+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
11162+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
11163+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
11164+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
11165+ * OF THE POSSIBILITY OF SUCH DAMAGE.
11166+ * ====================================================================
11167+ */
11168+
11169+#include <string.h>
11170+#include <openssl/crypto.h>
11171+#include <openssl/err.h>
11172+#include <openssl/rand.h>
11173+#include <openssl/fips_rand.h>
11174+#include "fips_rand_lcl.h"
11175+
11176+/* Mapping of SP800-90 DRBGs to OpenSSL RAND_METHOD */
11177+
11178+/* Since we only have one global PRNG used at any time in OpenSSL use a global
11179+ * variable to store context.
11180+ */
11181+
11182+static DRBG_CTX ossl_dctx;
11183+
11184+DRBG_CTX *FIPS_get_default_drbg(void)
11185+ {
11186+ return &ossl_dctx;
11187+ }
11188+
11189+static int fips_drbg_bytes(unsigned char *out, int count)
11190+ {
11191+ DRBG_CTX *dctx = &ossl_dctx;
11192+ int rv = 0;
11193+ unsigned char *adin = NULL;
11194+ size_t adinlen = 0;
11195+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
11196+ do
11197+ {
11198+ size_t rcnt;
11199+ if (count > (int)dctx->max_request)
11200+ rcnt = dctx->max_request;
11201+ else
11202+ rcnt = count;
11203+ if (dctx->get_adin)
11204+ {
11205+ adinlen = dctx->get_adin(dctx, &adin);
11206+ if (adinlen && !adin)
11207+ {
11208+ FIPSerr(FIPS_F_FIPS_DRBG_BYTES, FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT);
11209+ goto err;
11210+ }
11211+ }
11212+ rv = FIPS_drbg_generate(dctx, out, rcnt, 0, adin, adinlen);
11213+ if (adin)
11214+ {
11215+ if (dctx->cleanup_adin)
11216+ dctx->cleanup_adin(dctx, adin, adinlen);
11217+ adin = NULL;
11218+ }
11219+ if (!rv)
11220+ goto err;
11221+ out += rcnt;
11222+ count -= rcnt;
11223+ }
11224+ while (count);
11225+ rv = 1;
11226+ err:
11227+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
11228+ return rv;
11229+ }
11230+
11231+static int fips_drbg_pseudo(unsigned char *out, int count)
11232+ {
11233+ if (fips_drbg_bytes(out, count) <= 0)
11234+ return -1;
11235+ return 1;
11236+ }
11237+
11238+static int fips_drbg_status(void)
11239+ {
11240+ DRBG_CTX *dctx = &ossl_dctx;
11241+ int rv;
11242+ CRYPTO_r_lock(CRYPTO_LOCK_RAND);
11243+ rv = dctx->status == DRBG_STATUS_READY ? 1 : 0;
11244+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
11245+ return rv;
11246+ }
11247+
11248+static void fips_drbg_cleanup(void)
11249+ {
11250+ DRBG_CTX *dctx = &ossl_dctx;
11251+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
11252+ FIPS_drbg_uninstantiate(dctx);
11253+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
11254+ }
11255+
11256+static int fips_drbg_seed(const void *seed, int seedlen)
11257+ {
11258+ DRBG_CTX *dctx = &ossl_dctx;
11259+ if (dctx->rand_seed_cb)
11260+ return dctx->rand_seed_cb(dctx, seed, seedlen);
11261+ return 1;
11262+ }
11263+
11264+static int fips_drbg_add(const void *seed, int seedlen,
11265+ double add_entropy)
11266+ {
11267+ DRBG_CTX *dctx = &ossl_dctx;
11268+ if (dctx->rand_add_cb)
11269+ return dctx->rand_add_cb(dctx, seed, seedlen, add_entropy);
11270+ return 1;
11271+ }
11272+
11273+static const RAND_METHOD rand_drbg_meth =
11274+ {
11275+ fips_drbg_seed,
11276+ fips_drbg_bytes,
11277+ fips_drbg_cleanup,
11278+ fips_drbg_add,
11279+ fips_drbg_pseudo,
11280+ fips_drbg_status
11281+ };
11282+
11283+const RAND_METHOD *FIPS_drbg_method(void)
11284+ {
11285+ return &rand_drbg_meth;
11286+ }
11287+
a7ff9508
MT		 11288diff -up openssl-1.0.1b/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_selftest.c
11289--- openssl-1.0.1b/crypto/fips/fips_drbg_selftest.c.fips 2012-04-26 18:00:51.403769365 +0200
11290+++ openssl-1.0.1b/crypto/fips/fips_drbg_selftest.c 2012-04-26 18:00:51.403769365 +0200
0595faf5
MT		 11291@@ -0,0 +1,862 @@
11292+/* fips/rand/fips_drbg_selftest.c */
11293+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
11294+ * project.
11295+ */
11296+/* ====================================================================
11297+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
11298+ *
11299+ * Redistribution and use in source and binary forms, with or without
11300+ * modification, are permitted provided that the following conditions
11301+ * are met:
11302+ *
11303+ * 1. Redistributions of source code must retain the above copyright
11304+ * notice, this list of conditions and the following disclaimer.
11305+ *
11306+ * 2. Redistributions in binary form must reproduce the above copyright
11307+ * notice, this list of conditions and the following disclaimer in
11308+ * the documentation and/or other materials provided with the
11309+ * distribution.
11310+ *
11311+ * 3. All advertising materials mentioning features or use of this
11312+ * software must display the following acknowledgment:
11313+ * "This product includes software developed by the OpenSSL Project
11314+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
11315+ *
11316+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
11317+ * endorse or promote products derived from this software without
11318+ * prior written permission. For written permission, please contact
11319+ * licensing@OpenSSL.org.
11320+ *
11321+ * 5. Products derived from this software may not be called "OpenSSL"
11322+ * nor may "OpenSSL" appear in their names without prior written
11323+ * permission of the OpenSSL Project.
11324+ *
11325+ * 6. Redistributions of any form whatsoever must retain the following
11326+ * acknowledgment:
11327+ * "This product includes software developed by the OpenSSL Project
11328+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
11329+ *
11330+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
11331+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
11332+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
11333+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
11334+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
11335+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
11336+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
11337+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
11338+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
11339+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
11340+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
11341+ * OF THE POSSIBILITY OF SUCH DAMAGE.
11342+ * ====================================================================
11343+ */
11344+
11345+#include <string.h>
11346+#include <openssl/crypto.h>
11347+#include <openssl/err.h>
11348+#include <openssl/fips_rand.h>
11349+#include "fips_rand_lcl.h"
11350+#include "fips_locl.h"
11351+
11352+#include "fips_drbg_selftest.h"
11353+
11354+typedef struct {
11355+ int post;
11356+ int nid;
11357+ unsigned int flags;
11358+
11359+ /* KAT data for no PR */
11360+ const unsigned char *ent;
11361+ size_t entlen;
11362+ const unsigned char *nonce;
11363+ size_t noncelen;
11364+ const unsigned char *pers;
11365+ size_t perslen;
11366+ const unsigned char *adin;
11367+ size_t adinlen;
11368+ const unsigned char *entreseed;
11369+ size_t entreseedlen;
11370+ const unsigned char *adinreseed;
11371+ size_t adinreseedlen;
11372+ const unsigned char *adin2;
11373+ size_t adin2len;
11374+ const unsigned char *kat;
11375+ size_t katlen;
11376+ const unsigned char *kat2;
11377+ size_t kat2len;
11378+
11379+ /* KAT data for PR */
11380+ const unsigned char *ent_pr;
11381+ size_t entlen_pr;
11382+ const unsigned char *nonce_pr;
11383+ size_t noncelen_pr;
11384+ const unsigned char *pers_pr;
11385+ size_t perslen_pr;
11386+ const unsigned char *adin_pr;
11387+ size_t adinlen_pr;
11388+ const unsigned char *entpr_pr;
11389+ size_t entprlen_pr;
11390+ const unsigned char *ading_pr;
11391+ size_t adinglen_pr;
11392+ const unsigned char *entg_pr;
11393+ size_t entglen_pr;
11394+ const unsigned char *kat_pr;
11395+ size_t katlen_pr;
11396+ const unsigned char *kat2_pr;
11397+ size_t kat2len_pr;
11398+
11399+ } DRBG_SELFTEST_DATA;
11400+
11401+#define make_drbg_test_data(nid, flag, pr, p) {p, nid, flag | DRBG_FLAG_TEST, \
11402+ pr##_entropyinput, sizeof(pr##_entropyinput), \
11403+ pr##_nonce, sizeof(pr##_nonce), \
11404+ pr##_personalizationstring, sizeof(pr##_personalizationstring), \
11405+ pr##_additionalinput, sizeof(pr##_additionalinput), \
11406+ pr##_entropyinputreseed, sizeof(pr##_entropyinputreseed), \
11407+ pr##_additionalinputreseed, sizeof(pr##_additionalinputreseed), \
11408+ pr##_additionalinput2, sizeof(pr##_additionalinput2), \
11409+ pr##_int_returnedbits, sizeof(pr##_int_returnedbits), \
11410+ pr##_returnedbits, sizeof(pr##_returnedbits), \
11411+ pr##_pr_entropyinput, sizeof(pr##_pr_entropyinput), \
11412+ pr##_pr_nonce, sizeof(pr##_pr_nonce), \
11413+ pr##_pr_personalizationstring, sizeof(pr##_pr_personalizationstring), \
11414+ pr##_pr_additionalinput, sizeof(pr##_pr_additionalinput), \
11415+ pr##_pr_entropyinputpr, sizeof(pr##_pr_entropyinputpr), \
11416+ pr##_pr_additionalinput2, sizeof(pr##_pr_additionalinput2), \
11417+ pr##_pr_entropyinputpr2, sizeof(pr##_pr_entropyinputpr2), \
11418+ pr##_pr_int_returnedbits, sizeof(pr##_pr_int_returnedbits), \
11419+ pr##_pr_returnedbits, sizeof(pr##_pr_returnedbits), \
11420+ }
11421+
11422+#define make_drbg_test_data_df(nid, pr, p) \
11423+ make_drbg_test_data(nid, DRBG_FLAG_CTR_USE_DF, pr, p)
11424+
11425+#define make_drbg_test_data_ec(curve, md, pr, p) \
11426+ make_drbg_test_data((curve << 16) | md , 0, pr, p)
11427+
11428+static DRBG_SELFTEST_DATA drbg_test[] = {
11429+ make_drbg_test_data_df(NID_aes_128_ctr, aes_128_use_df, 0),
11430+ make_drbg_test_data_df(NID_aes_192_ctr, aes_192_use_df, 0),
11431+ make_drbg_test_data_df(NID_aes_256_ctr, aes_256_use_df, 1),
11432+ make_drbg_test_data(NID_aes_128_ctr, 0, aes_128_no_df, 0),
11433+ make_drbg_test_data(NID_aes_192_ctr, 0, aes_192_no_df, 0),
11434+ make_drbg_test_data(NID_aes_256_ctr, 0, aes_256_no_df, 1),
11435+ make_drbg_test_data(NID_sha1, 0, sha1, 0),
11436+ make_drbg_test_data(NID_sha224, 0, sha224, 0),
11437+ make_drbg_test_data(NID_sha256, 0, sha256, 1),
11438+ make_drbg_test_data(NID_sha384, 0, sha384, 0),
11439+ make_drbg_test_data(NID_sha512, 0, sha512, 0),
11440+ make_drbg_test_data(NID_hmacWithSHA1, 0, hmac_sha1, 0),
11441+ make_drbg_test_data(NID_hmacWithSHA224, 0, hmac_sha224, 0),
11442+ make_drbg_test_data(NID_hmacWithSHA256, 0, hmac_sha256, 1),
11443+ make_drbg_test_data(NID_hmacWithSHA384, 0, hmac_sha384, 0),
11444+ make_drbg_test_data(NID_hmacWithSHA512, 0, hmac_sha512, 0),
11445+ {0,0,0}
11446+ };
11447+
11448+typedef struct
11449+ {
11450+ const unsigned char *ent;
11451+ size_t entlen;
11452+ int entcnt;
11453+ const unsigned char *nonce;
11454+ size_t noncelen;
11455+ int noncecnt;
11456+ } TEST_ENT;
11457+
11458+static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
11459+ int entropy, size_t min_len, size_t max_len)
11460+ {
11461+ TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
11462+ *pout = (unsigned char *)t->ent;
11463+ t->entcnt++;
11464+ return t->entlen;
11465+ }
11466+
11467+static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
11468+ int entropy, size_t min_len, size_t max_len)
11469+ {
11470+ TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
11471+ *pout = (unsigned char *)t->nonce;
11472+ t->noncecnt++;
11473+ return t->noncelen;
11474+ }
11475+
11476+static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
11477+ int quick)
11478+ {
11479+ TEST_ENT t;
11480+ int rv = 0;
11481+ size_t adinlen;
11482+ unsigned char randout[1024];
11483+
11484+ /* Initial test without PR */
11485+
11486+ /* Instantiate DRBG with test entropy, nonce and personalisation
11487+ * string.
11488+ */
11489+
11490+ if (!FIPS_drbg_init(dctx, td->nid, td->flags))
11491+ return 0;
11492+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
11493+ return 0;
11494+
11495+ FIPS_drbg_set_app_data(dctx, &t);
11496+
11497+ t.ent = td->ent;
11498+ t.entlen = td->entlen;
11499+ t.nonce = td->nonce;
11500+ t.noncelen = td->noncelen;
11501+ t.entcnt = 0;
11502+ t.noncecnt = 0;
11503+
11504+ if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
11505+ goto err;
11506+
11507+ /* Note for CTR without DF some additional input values
11508+ * ignore bytes after the keylength: so reduce adinlen
11509+ * to half to ensure invalid data is fed in.
11510+ */
11511+ if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
11512+ adinlen = td->adinlen / 2;
11513+ else
11514+ adinlen = td->adinlen;
11515+
11516+ /* Generate with no PR and verify output matches expected data */
11517+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11518+ td->adin, adinlen))
11519+ goto err;
11520+
11521+ if (memcmp(randout, td->kat, td->katlen))
11522+ {
11523+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST1_FAILURE);
11524+ goto err2;
11525+ }
11526+ /* If abbreviated POST end of test */
11527+ if (quick)
11528+ {
11529+ rv = 1;
11530+ goto err;
11531+ }
11532+ /* Reseed DRBG with test entropy and additional input */
11533+ t.ent = td->entreseed;
11534+ t.entlen = td->entreseedlen;
11535+
11536+ if (!FIPS_drbg_reseed(dctx, td->adinreseed, td->adinreseedlen))
11537+ goto err;
11538+
11539+ /* Generate with no PR and verify output matches expected data */
11540+ if (!FIPS_drbg_generate(dctx, randout, td->kat2len, 0,
11541+ td->adin2, td->adin2len))
11542+ goto err;
11543+
11544+ if (memcmp(randout, td->kat2, td->kat2len))
11545+ {
11546+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST2_FAILURE);
11547+ goto err2;
11548+ }
11549+
11550+ FIPS_drbg_uninstantiate(dctx);
11551+
11552+ /* Now test with PR */
11553+
11554+ /* Instantiate DRBG with test entropy, nonce and personalisation
11555+ * string.
11556+ */
11557+ if (!FIPS_drbg_init(dctx, td->nid, td->flags))
11558+ return 0;
11559+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
11560+ return 0;
11561+
11562+ FIPS_drbg_set_app_data(dctx, &t);
11563+
11564+ t.ent = td->ent_pr;
11565+ t.entlen = td->entlen_pr;
11566+ t.nonce = td->nonce_pr;
11567+ t.noncelen = td->noncelen_pr;
11568+ t.entcnt = 0;
11569+ t.noncecnt = 0;
11570+
11571+ if (!FIPS_drbg_instantiate(dctx, td->pers_pr, td->perslen_pr))
11572+ goto err;
11573+
11574+ /* Now generate with PR: we need to supply entropy as this will
11575+ * perform a reseed operation. Check output matches expected value.
11576+ */
11577+
11578+ t.ent = td->entpr_pr;
11579+ t.entlen = td->entprlen_pr;
11580+
11581+ /* Note for CTR without DF some additional input values
11582+ * ignore bytes after the keylength: so reduce adinlen
11583+ * to half to ensure invalid data is fed in.
11584+ */
11585+ if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
11586+ adinlen = td->adinlen_pr / 2;
11587+ else
11588+ adinlen = td->adinlen_pr;
11589+ if (!FIPS_drbg_generate(dctx, randout, td->katlen_pr, 1,
11590+ td->adin_pr, adinlen))
11591+ goto err;
11592+
11593+ if (memcmp(randout, td->kat_pr, td->katlen_pr))
11594+ {
11595+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST1_FAILURE);
11596+ goto err2;
11597+ }
11598+
11599+ /* Now generate again with PR: supply new entropy again.
11600+ * Check output matches expected value.
11601+ */
11602+
11603+ t.ent = td->entg_pr;
11604+ t.entlen = td->entglen_pr;
11605+
11606+ if (!FIPS_drbg_generate(dctx, randout, td->kat2len_pr, 1,
11607+ td->ading_pr, td->adinglen_pr))
11608+ goto err;
11609+
11610+ if (memcmp(randout, td->kat2_pr, td->kat2len_pr))
11611+ {
11612+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST2_FAILURE);
11613+ goto err2;
11614+ }
11615+ /* All OK, test complete */
11616+ rv = 1;
11617+
11618+ err:
11619+ if (rv == 0)
11620+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED);
11621+ err2:
11622+ FIPS_drbg_uninstantiate(dctx);
11623+
11624+ return rv;
11625+
11626+ }
11627+
11628+/* Initialise a DRBG based on selftest data */
11629+
11630+static int do_drbg_init(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td, TEST_ENT *t)
11631+ {
11632+
11633+ if (!FIPS_drbg_init(dctx, td->nid, td->flags))
11634+ return 0;
11635+
11636+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
11637+ return 0;
11638+
11639+ FIPS_drbg_set_app_data(dctx, t);
11640+
11641+ t->ent = td->ent;
11642+ t->entlen = td->entlen;
11643+ t->nonce = td->nonce;
11644+ t->noncelen = td->noncelen;
11645+ t->entcnt = 0;
11646+ t->noncecnt = 0;
11647+ return 1;
11648+ }
11649+
11650+/* Initialise and instantiate DRBG based on selftest data */
11651+static int do_drbg_instantiate(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
11652+ TEST_ENT *t)
11653+ {
11654+ if (!do_drbg_init(dctx, td, t))
11655+ return 0;
11656+ if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
11657+ return 0;
11658+
11659+ return 1;
11660+ }
11661+
11662+/* This function performs extensive error checking as required by SP800-90.
11663+ * Induce several failure modes and check an error condition is set.
11664+ * This function along with fips_drbg_single_kat peforms the health checking
11665+ * operation.
11666+ */
11667+
11668+static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
11669+ {
11670+ unsigned char randout[1024];
11671+ TEST_ENT t;
11672+ size_t i;
11673+ unsigned int reseed_counter_tmp;
11674+ unsigned char *p = (unsigned char *)dctx;
11675+
11676+ /* Initialise DRBG */
11677+
11678+ if (!do_drbg_init(dctx, td, &t))
11679+ goto err;
11680+
11681+ /* Don't report induced errors */
11682+ dctx->iflags |= DRBG_FLAG_NOERR;
11683+
11684+ /* Personalisation string tests */
11685+
11686+ /* Test detection of too large personlisation string */
11687+
11688+ if (FIPS_drbg_instantiate(dctx, td->pers, dctx->max_pers + 1) > 0)
11689+ {
11690+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_PERSONALISATION_ERROR_UNDETECTED);
11691+ goto err;
11692+ }
11693+
11694+ /* Entropy source tests */
11695+
11696+ /* Test entropy source failure detecion: i.e. returns no data */
11697+
11698+ t.entlen = 0;
11699+
11700+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
11701+ {
11702+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11703+ goto err;
11704+ }
11705+
11706+ /* Try to generate output from uninstantiated DRBG */
11707+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11708+ td->adin, td->adinlen))
11709+ {
11710+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_GENERATE_ERROR_UNDETECTED);
11711+ goto err;
11712+ }
11713+
11714+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11715+ if (!FIPS_drbg_uninstantiate(dctx))
11716+ {
11717+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11718+ goto err;
11719+ }
11720+
11721+ if (!do_drbg_init(dctx, td, &t))
11722+ goto err;
11723+
11724+ dctx->iflags |= DRBG_FLAG_NOERR;
11725+
11726+ /* Test insufficient entropy */
11727+
11728+ t.entlen = dctx->min_entropy - 1;
11729+
11730+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
11731+ {
11732+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11733+ goto err;
11734+ }
11735+
11736+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11737+ if (!FIPS_drbg_uninstantiate(dctx))
11738+ {
11739+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11740+ goto err;
11741+ }
11742+
11743+ /* Test too much entropy */
11744+
11745+ if (!do_drbg_init(dctx, td, &t))
11746+ goto err;
11747+
11748+ dctx->iflags |= DRBG_FLAG_NOERR;
11749+
11750+ t.entlen = dctx->max_entropy + 1;
11751+
11752+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
11753+ {
11754+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11755+ goto err;
11756+ }
11757+
11758+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11759+ if (!FIPS_drbg_uninstantiate(dctx))
11760+ {
11761+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11762+ goto err;
11763+ }
11764+
11765+ /* Nonce tests */
11766+
11767+ /* Test too small nonce */
11768+
11769+ if (dctx->min_nonce)
11770+ {
11771+
11772+ if (!do_drbg_init(dctx, td, &t))
11773+ goto err;
11774+
11775+ dctx->iflags |= DRBG_FLAG_NOERR;
11776+
11777+ t.noncelen = dctx->min_nonce - 1;
11778+
11779+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
11780+ {
11781+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_NONCE_ERROR_UNDETECTED);
11782+ goto err;
11783+ }
11784+
11785+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11786+ if (!FIPS_drbg_uninstantiate(dctx))
11787+ {
11788+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11789+ goto err;
11790+ }
11791+
11792+ }
11793+
11794+ /* Test too large nonce */
11795+
11796+ if (dctx->max_nonce)
11797+ {
11798+
11799+ if (!do_drbg_init(dctx, td, &t))
11800+ goto err;
11801+
11802+ dctx->iflags |= DRBG_FLAG_NOERR;
11803+
11804+ t.noncelen = dctx->max_nonce + 1;
11805+
11806+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
11807+ {
11808+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_NONCE_ERROR_UNDETECTED);
11809+ goto err;
11810+ }
11811+
11812+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11813+ if (!FIPS_drbg_uninstantiate(dctx))
11814+ {
11815+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11816+ goto err;
11817+ }
11818+
11819+ }
11820+
11821+ /* Instantiate with valid data. */
11822+ if (!do_drbg_instantiate(dctx, td, &t))
11823+ goto err;
11824+
11825+ /* Check generation is now OK */
11826+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11827+ td->adin, td->adinlen))
11828+ goto err;
11829+
11830+ dctx->iflags |= DRBG_FLAG_NOERR;
11831+
11832+ /* Request too much data for one request */
11833+ if (FIPS_drbg_generate(dctx, randout, dctx->max_request + 1, 0,
11834+ td->adin, td->adinlen))
11835+ {
11836+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED);
11837+ goto err;
11838+ }
11839+
11840+ /* Try too large additional input */
11841+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11842+ td->adin, dctx->max_adin + 1))
11843+ {
11844+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
11845+ goto err;
11846+ }
11847+
11848+ /* Check prediction resistance request fails if entropy source
11849+ * failure.
11850+ */
11851+
11852+ t.entlen = 0;
11853+
11854+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
11855+ td->adin, td->adinlen))
11856+ {
11857+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11858+ goto err;
11859+ }
11860+
11861+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11862+ if (!FIPS_drbg_uninstantiate(dctx))
11863+ {
11864+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11865+ goto err;
11866+ }
11867+
11868+
11869+ /* Instantiate again with valid data */
11870+
11871+ if (!do_drbg_instantiate(dctx, td, &t))
11872+ goto err;
11873+ /* Test reseed counter works */
11874+ /* Save initial reseed counter */
11875+ reseed_counter_tmp = dctx->reseed_counter;
11876+ /* Set reseed counter to beyond interval */
11877+ dctx->reseed_counter = dctx->reseed_interval;
11878+
11879+ /* Generate output and check entropy has been requested for reseed */
11880+ t.entcnt = 0;
11881+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11882+ td->adin, td->adinlen))
11883+ goto err;
11884+ if (t.entcnt != 1)
11885+ {
11886+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
11887+ goto err;
11888+ }
11889+ /* Check reseed counter has been reset */
11890+ if (dctx->reseed_counter != reseed_counter_tmp + 1)
11891+ {
11892+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
11893+ goto err;
11894+ }
11895+
11896+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11897+ if (!FIPS_drbg_uninstantiate(dctx))
11898+ {
11899+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11900+ goto err;
11901+ }
11902+
11903+ /* Check prediction resistance request fails if entropy source
11904+ * failure.
11905+ */
11906+
11907+ t.entlen = 0;
11908+
11909+ dctx->iflags |= DRBG_FLAG_NOERR;
11910+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
11911+ td->adin, td->adinlen))
11912+ {
11913+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11914+ goto err;
11915+ }
11916+
11917+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11918+
11919+ if (!FIPS_drbg_uninstantiate(dctx))
11920+ {
11921+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11922+ goto err;
11923+ }
11924+
11925+
11926+ if (!do_drbg_instantiate(dctx, td, &t))
11927+ goto err;
11928+ /* Test reseed counter works */
11929+ /* Save initial reseed counter */
11930+ reseed_counter_tmp = dctx->reseed_counter;
11931+ /* Set reseed counter to beyond interval */
11932+ dctx->reseed_counter = dctx->reseed_interval;
11933+
11934+ /* Generate output and check entropy has been requested for reseed */
11935+ t.entcnt = 0;
11936+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11937+ td->adin, td->adinlen))
11938+ goto err;
11939+ if (t.entcnt != 1)
11940+ {
11941+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
11942+ goto err;
11943+ }
11944+ /* Check reseed counter has been reset */
11945+ if (dctx->reseed_counter != reseed_counter_tmp + 1)
11946+ {
11947+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
11948+ goto err;
11949+ }
11950+
11951+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11952+ if (!FIPS_drbg_uninstantiate(dctx))
11953+ {
11954+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11955+ goto err;
11956+ }
11957+
11958+ /* Explicit reseed tests */
11959+
11960+ /* Test explicit reseed with too large additional input */
11961+ if (!do_drbg_init(dctx, td, &t))
11962+ goto err;
11963+
11964+ dctx->iflags |= DRBG_FLAG_NOERR;
11965+
11966+ if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0)
11967+ {
11968+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
11969+ goto err;
11970+ }
11971+
11972+ /* Test explicit reseed with entropy source failure */
11973+
11974+ t.entlen = 0;
11975+
11976+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
11977+ {
11978+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11979+ goto err;
11980+ }
11981+
11982+ if (!FIPS_drbg_uninstantiate(dctx))
11983+ {
11984+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11985+ goto err;
11986+ }
11987+
11988+ /* Test explicit reseed with too much entropy */
11989+
11990+ if (!do_drbg_init(dctx, td, &t))
11991+ goto err;
11992+
11993+ dctx->iflags |= DRBG_FLAG_NOERR;
11994+
11995+ t.entlen = dctx->max_entropy + 1;
11996+
11997+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
11998+ {
11999+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
12000+ goto err;
12001+ }
12002+
12003+ if (!FIPS_drbg_uninstantiate(dctx))
12004+ {
12005+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
12006+ goto err;
12007+ }
12008+
12009+ /* Test explicit reseed with too little entropy */
12010+
12011+ if (!do_drbg_init(dctx, td, &t))
12012+ goto err;
12013+
12014+ dctx->iflags |= DRBG_FLAG_NOERR;
12015+
12016+ t.entlen = dctx->min_entropy - 1;
12017+
12018+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
12019+ {
12020+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
12021+ goto err;
12022+ }
12023+
12024+ if (!FIPS_drbg_uninstantiate(dctx))
12025+ {
12026+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
12027+ goto err;
12028+ }
12029+
12030+ p = (unsigned char *)&dctx->d;
12031+ /* Standard says we have to check uninstantiate really zeroes
12032+ * the data...
12033+ */
12034+ for (i = 0; i < sizeof(dctx->d); i++)
12035+ {
12036+ if (*p != 0)
12037+ {
12038+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ZEROISE_ERROR);
12039+ goto err;
12040+ }
12041+ p++;
12042+ }
12043+
12044+ return 1;
12045+
12046+ err:
12047+ /* A real error as opposed to an induced one: underlying function will
12048+ * indicate the error.
12049+ */
12050+ if (!(dctx->iflags & DRBG_FLAG_NOERR))
12051+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_FUNCTION_ERROR);
12052+ FIPS_drbg_uninstantiate(dctx);
12053+ return 0;
12054+
12055+ }
12056+
12057+int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags)
12058+ {
12059+ DRBG_SELFTEST_DATA *td;
12060+ flags |= DRBG_FLAG_TEST;
12061+ for (td = drbg_test; td->nid != 0; td++)
12062+ {
12063+ if (td->nid == nid && td->flags == flags)
12064+ {
12065+ if (!fips_drbg_single_kat(dctx, td, 0))
12066+ return 0;
12067+ return fips_drbg_error_check(dctx, td);
12068+ }
12069+ }
12070+ return 0;
12071+ }
12072+
12073+int FIPS_drbg_health_check(DRBG_CTX *dctx)
12074+ {
12075+ int rv;
12076+ DRBG_CTX *tctx = NULL;
12077+ tctx = FIPS_drbg_new(0, 0);
12078+ fips_post_started(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
12079+ if (!tctx)
12080+ return 0;
12081+ rv = fips_drbg_kat(tctx, dctx->type, dctx->xflags);
12082+ if (tctx)
12083+ FIPS_drbg_free(tctx);
12084+ if (rv)
12085+ fips_post_success(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
12086+ else
12087+ fips_post_failed(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
12088+ if (!rv)
12089+ dctx->status = DRBG_STATUS_ERROR;
12090+ else
12091+ dctx->health_check_cnt = 0;
12092+ return rv;
12093+ }
12094+
12095+int FIPS_selftest_drbg(void)
12096+ {
12097+ DRBG_CTX *dctx;
12098+ DRBG_SELFTEST_DATA *td;
12099+ int rv = 1;
12100+ dctx = FIPS_drbg_new(0, 0);
12101+ if (!dctx)
12102+ return 0;
12103+ for (td = drbg_test; td->nid != 0; td++)
12104+ {
12105+ if (td->post != 1)
12106+ continue;
12107+ if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
12108+ return 1;
12109+ if (!fips_drbg_single_kat(dctx, td, 1))
12110+ {
12111+ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
12112+ rv = 0;
12113+ continue;
12114+ }
12115+ if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
12116+ return 0;
12117+ }
12118+ FIPS_drbg_free(dctx);
12119+ return rv;
12120+ }
12121+
12122+
12123+int FIPS_selftest_drbg_all(void)
12124+ {
12125+ DRBG_CTX *dctx;
12126+ DRBG_SELFTEST_DATA *td;
12127+ int rv = 1;
12128+ dctx = FIPS_drbg_new(0, 0);
12129+ if (!dctx)
12130+ return 0;
12131+ for (td = drbg_test; td->nid != 0; td++)
12132+ {
12133+ if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
12134+ return 1;
12135+ if (!fips_drbg_single_kat(dctx, td, 0))
12136+ {
12137+ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
12138+ rv = 0;
12139+ continue;
12140+ }
12141+ if (!fips_drbg_error_check(dctx, td))
12142+ {
12143+ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
12144+ rv = 0;
12145+ continue;
12146+ }
12147+ if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
12148+ return 0;
12149+ }
12150+ FIPS_drbg_free(dctx);
12151+ return rv;
12152+ }
12153+
a7ff9508
MT		 12154diff -up openssl-1.0.1b/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1b/crypto/fips/fips_drbg_selftest.h
12155--- openssl-1.0.1b/crypto/fips/fips_drbg_selftest.h.fips 2012-04-26 18:00:51.404769387 +0200
12156+++ openssl-1.0.1b/crypto/fips/fips_drbg_selftest.h 2012-04-26 18:00:51.404769387 +0200
0595faf5
MT		 12157@@ -0,0 +1,2335 @@
12158+/* ====================================================================
12159+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
12160+ *
12161+ * Redistribution and use in source and binary forms, with or without
12162+ * modification, are permitted provided that the following conditions
12163+ * are met:
12164+ *
12165+ * 1. Redistributions of source code must retain the above copyright
12166+ * notice, this list of conditions and the following disclaimer.
12167+ *
12168+ * 2. Redistributions in binary form must reproduce the above copyright
12169+ * notice, this list of conditions and the following disclaimer in
12170+ * the documentation and/or other materials provided with the
12171+ * distribution.
12172+ *
12173+ * 3. All advertising materials mentioning features or use of this
12174+ * software must display the following acknowledgment:
12175+ * "This product includes software developed by the OpenSSL Project
12176+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
12177+ *
12178+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
12179+ * endorse or promote products derived from this software without
12180+ * prior written permission. For written permission, please contact
12181+ * openssl-core.org.
12182+ *
12183+ * 5. Products derived from this software may not be called "OpenSSL"
12184+ * nor may "OpenSSL" appear in their names without prior written
12185+ * permission of the OpenSSL Project.
12186+ *
12187+ * 6. Redistributions of any form whatsoever must retain the following
12188+ * acknowledgment:
12189+ * "This product includes software developed by the OpenSSL Project
12190+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
12191+ *
12192+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
12193+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
12194+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
12195+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
12196+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
12197+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
12198+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
12199+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
12200+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
12201+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
12202+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
12203+ * OF THE POSSIBILITY OF SUCH DAMAGE.
12204+ *
12205+ */
12206+
12207+/* Selftest and health check data for the SP800-90 DRBG */
12208+
12209+#define __fips_constseg
12210+
12211+/* AES-128 use df PR */
12212+__fips_constseg
12213+static const unsigned char aes_128_use_df_pr_entropyinput[] =
12214+ {
12215+ 0x61,0x52,0x7c,0xe3,0x23,0x7d,0x0a,0x07,0x10,0x0c,0x50,0x33,
12216+ 0xc8,0xdb,0xff,0x12
12217+ };
12218+
12219+__fips_constseg
12220+static const unsigned char aes_128_use_df_pr_nonce[] =
12221+ {
12222+ 0x51,0x0d,0x85,0x77,0xed,0x22,0x97,0x28
12223+ };
12224+
12225+__fips_constseg
12226+static const unsigned char aes_128_use_df_pr_personalizationstring[] =
12227+ {
12228+ 0x59,0x9f,0xbb,0xcd,0xd5,0x25,0x69,0xb5,0xcb,0xb5,0x03,0xfe,
12229+ 0xd7,0xd7,0x01,0x67
12230+ };
12231+
12232+__fips_constseg
12233+static const unsigned char aes_128_use_df_pr_additionalinput[] =
12234+ {
12235+ 0xef,0x88,0x76,0x01,0xaf,0x3c,0xfe,0x8b,0xaf,0x26,0x06,0x9e,
12236+ 0x9a,0x47,0x08,0x76
12237+ };
12238+
12239+__fips_constseg
12240+static const unsigned char aes_128_use_df_pr_entropyinputpr[] =
12241+ {
12242+ 0xe2,0x76,0xf9,0xf6,0x3a,0xba,0x10,0x9f,0xbf,0x47,0x0e,0x51,
12243+ 0x09,0xfb,0xa3,0xb6
12244+ };
12245+
12246+__fips_constseg
12247+static const unsigned char aes_128_use_df_pr_int_returnedbits[] =
12248+ {
12249+ 0xd4,0x98,0x8a,0x46,0x80,0x4c,0xdb,0xa3,0x59,0x02,0x57,0x52,
12250+ 0x66,0x1c,0xea,0x5b
12251+ };
12252+
12253+__fips_constseg
12254+static const unsigned char aes_128_use_df_pr_additionalinput2[] =
12255+ {
12256+ 0x88,0x8c,0x91,0xd6,0xbe,0x56,0x6e,0x08,0x9a,0x62,0x2b,0x11,
12257+ 0x3f,0x5e,0x31,0x06
12258+ };
12259+
12260+__fips_constseg
12261+static const unsigned char aes_128_use_df_pr_entropyinputpr2[] =
12262+ {
12263+ 0xc0,0x5c,0x6b,0x98,0x01,0x0d,0x58,0x18,0x51,0x18,0x96,0xae,
12264+ 0xa7,0xe3,0xa8,0x67
12265+ };
12266+
12267+__fips_constseg
12268+static const unsigned char aes_128_use_df_pr_returnedbits[] =
12269+ {
12270+ 0xcf,0x01,0xac,0x22,0x31,0x06,0x8e,0xfc,0xce,0x56,0xea,0x24,
12271+ 0x0f,0x38,0x43,0xc6
12272+ };
12273+
12274+
12275+/* AES-128 use df No PR */
12276+__fips_constseg
12277+static const unsigned char aes_128_use_df_entropyinput[] =
12278+ {
12279+ 0x1f,0x8e,0x34,0x82,0x0c,0xb7,0xbe,0xc5,0x01,0x3e,0xd0,0xa3,
12280+ 0x9d,0x7d,0x1c,0x9b
12281+ };
12282+
12283+__fips_constseg
12284+static const unsigned char aes_128_use_df_nonce[] =
12285+ {
12286+ 0xd5,0x4d,0xbd,0x4a,0x93,0x7f,0xb8,0x96
12287+ };
12288+
12289+__fips_constseg
12290+static const unsigned char aes_128_use_df_personalizationstring[] =
12291+ {
12292+ 0xab,0xd6,0x3f,0x04,0xfe,0x27,0x6b,0x2d,0xd7,0xc3,0x1c,0xf3,
12293+ 0x38,0x66,0xba,0x1b
12294+ };
12295+
12296+__fips_constseg
12297+static const unsigned char aes_128_use_df_additionalinput[] =
12298+ {
12299+ 0xfe,0xf4,0x09,0xa8,0xb7,0x73,0x27,0x9c,0x5f,0xa7,0xea,0x46,
12300+ 0xb5,0xe2,0xb2,0x41
12301+ };
12302+
12303+__fips_constseg
12304+static const unsigned char aes_128_use_df_int_returnedbits[] =
12305+ {
12306+ 0x42,0xe4,0x4e,0x7b,0x27,0xdd,0xcb,0xbc,0x0a,0xcf,0xa6,0x67,
12307+ 0xe7,0x57,0x11,0xb4
12308+ };
12309+
12310+__fips_constseg
12311+static const unsigned char aes_128_use_df_entropyinputreseed[] =
12312+ {
12313+ 0x14,0x26,0x69,0xd9,0xf3,0x65,0x03,0xd6,0x6b,0xb9,0x44,0x0b,
12314+ 0xc7,0xc4,0x9e,0x39
12315+ };
12316+
12317+__fips_constseg
12318+static const unsigned char aes_128_use_df_additionalinputreseed[] =
12319+ {
12320+ 0x55,0x2e,0x60,0x9a,0x05,0x72,0x8a,0xa8,0xef,0x22,0x81,0x5a,
12321+ 0xc8,0x93,0xfa,0x84
12322+ };
12323+
12324+__fips_constseg
12325+static const unsigned char aes_128_use_df_additionalinput2[] =
12326+ {
12327+ 0x3c,0x40,0xc8,0xc4,0x16,0x0c,0x21,0xa4,0x37,0x2c,0x8f,0xa5,
12328+ 0x06,0x0c,0x15,0x2c
12329+ };
12330+
12331+__fips_constseg
12332+static const unsigned char aes_128_use_df_returnedbits[] =
12333+ {
12334+ 0xe1,0x3e,0x99,0x98,0x86,0x67,0x0b,0x63,0x7b,0xbe,0x3f,0x88,
12335+ 0x46,0x81,0xc7,0x19
12336+ };
12337+
12338+
12339+/* AES-192 use df PR */
12340+__fips_constseg
12341+static const unsigned char aes_192_use_df_pr_entropyinput[] =
12342+ {
12343+ 0x2b,0x4e,0x8b,0xe1,0xf1,0x34,0x80,0x56,0x81,0xf9,0x74,0xec,
12344+ 0x17,0x44,0x2a,0xf1,0x14,0xb0,0xbf,0x97,0x39,0xb7,0x04,0x7d
12345+ };
12346+
12347+__fips_constseg
12348+static const unsigned char aes_192_use_df_pr_nonce[] =
12349+ {
12350+ 0xd6,0x9d,0xeb,0x14,0x4e,0x6c,0x30,0x1e,0x39,0x55,0x73,0xd0,
12351+ 0xd1,0x80,0x78,0xfa
12352+ };
12353+
12354+__fips_constseg
12355+static const unsigned char aes_192_use_df_pr_personalizationstring[] =
12356+ {
12357+ 0xfc,0x43,0x4a,0xf8,0x9a,0x55,0xb3,0x53,0x83,0xe2,0x18,0x16,
12358+ 0x0c,0xdc,0xcd,0x5e,0x4f,0xa0,0x03,0x01,0x2b,0x9f,0xe4,0xd5,
12359+ 0x7d,0x49,0xf0,0x41,0x9e,0x3d,0x99,0x04
12360+ };
12361+
12362+__fips_constseg
12363+static const unsigned char aes_192_use_df_pr_additionalinput[] =
12364+ {
12365+ 0x5e,0x9f,0x49,0x6f,0x21,0x8b,0x1d,0x32,0xd5,0x84,0x5c,0xac,
12366+ 0xaf,0xdf,0xe4,0x79,0x9e,0xaf,0xa9,0x82,0xd0,0xf8,0x4f,0xcb,
12367+ 0x69,0x10,0x0a,0x7e,0x81,0x57,0xb5,0x36
12368+ };
12369+
12370+__fips_constseg
12371+static const unsigned char aes_192_use_df_pr_entropyinputpr[] =
12372+ {
12373+ 0xd4,0x81,0x0c,0xd7,0x66,0x39,0xec,0x42,0x53,0x87,0x41,0xa5,
12374+ 0x1e,0x7d,0x80,0x91,0x8e,0xbb,0xed,0xac,0x14,0x02,0x1a,0xd5
12375+ };
12376+
12377+__fips_constseg
12378+static const unsigned char aes_192_use_df_pr_int_returnedbits[] =
12379+ {
12380+ 0xdf,0x1d,0x39,0x45,0x7c,0x9b,0xc6,0x2b,0x7d,0x8c,0x93,0xe9,
12381+ 0x19,0x30,0x6b,0x67
12382+ };
12383+
12384+__fips_constseg
12385+static const unsigned char aes_192_use_df_pr_additionalinput2[] =
12386+ {
12387+ 0x00,0x71,0x27,0x4e,0xd3,0x14,0xf1,0x20,0x7f,0x4a,0x41,0x32,
12388+ 0x2a,0x97,0x11,0x43,0x8f,0x4a,0x15,0x7b,0x9b,0x51,0x79,0xda,
12389+ 0x49,0x3d,0xde,0xe8,0xbc,0x93,0x91,0x99
12390+ };
12391+
12392+__fips_constseg
12393+static const unsigned char aes_192_use_df_pr_entropyinputpr2[] =
12394+ {
12395+ 0x90,0xee,0x76,0xa1,0x45,0x8d,0xb7,0x40,0xb0,0x11,0xbf,0xd0,
12396+ 0x65,0xd7,0x3c,0x7c,0x4f,0x20,0x3f,0x4e,0x11,0x9d,0xb3,0x5e
12397+ };
12398+
12399+__fips_constseg
12400+static const unsigned char aes_192_use_df_pr_returnedbits[] =
12401+ {
12402+ 0x24,0x3b,0x20,0xa4,0x37,0x66,0xba,0x72,0x39,0x3f,0xcf,0x3c,
12403+ 0x7e,0x1a,0x2b,0x83
12404+ };
12405+
12406+
12407+/* AES-192 use df No PR */
12408+__fips_constseg
12409+static const unsigned char aes_192_use_df_entropyinput[] =
12410+ {
12411+ 0x8d,0x74,0xa4,0x50,0x1a,0x02,0x68,0x0c,0x2a,0x69,0xc4,0x82,
12412+ 0x3b,0xbb,0xda,0x0e,0x7f,0x77,0xa3,0x17,0x78,0x57,0xb2,0x7b
12413+ };
12414+
12415+__fips_constseg
12416+static const unsigned char aes_192_use_df_nonce[] =
12417+ {
12418+ 0x75,0xd5,0x1f,0xac,0xa4,0x8d,0x42,0x78,0xd7,0x69,0x86,0x9d,
12419+ 0x77,0xd7,0x41,0x0e
12420+ };
12421+
12422+__fips_constseg
12423+static const unsigned char aes_192_use_df_personalizationstring[] =
12424+ {
12425+ 0x4e,0x33,0x41,0x3c,0x9c,0xc2,0xd2,0x53,0xaf,0x90,0xea,0xcf,
12426+ 0x19,0x50,0x1e,0xe6,0x6f,0x63,0xc8,0x32,0x22,0xdc,0x07,0x65,
12427+ 0x9c,0xd3,0xf8,0x30,0x9e,0xed,0x35,0x70
12428+ };
12429+
12430+__fips_constseg
12431+static const unsigned char aes_192_use_df_additionalinput[] =
12432+ {
12433+ 0x5d,0x8b,0x8c,0xc1,0xdf,0x0e,0x02,0x78,0xfb,0x19,0xb8,0x69,
12434+ 0x78,0x4e,0x9c,0x52,0xbc,0xc7,0x20,0xc9,0xe6,0x5e,0x77,0x22,
12435+ 0x28,0x3d,0x0c,0x9e,0x68,0xa8,0x45,0xd7
12436+ };
12437+
12438+__fips_constseg
12439+static const unsigned char aes_192_use_df_int_returnedbits[] =
12440+ {
12441+ 0xd5,0xe7,0x08,0xc5,0x19,0x99,0xd5,0x31,0x03,0x0a,0x74,0xb6,
12442+ 0xb7,0xed,0xe9,0xea
12443+ };
12444+
12445+__fips_constseg
12446+static const unsigned char aes_192_use_df_entropyinputreseed[] =
12447+ {
12448+ 0x9c,0x26,0xda,0xf1,0xac,0xd9,0x5a,0xd6,0xa8,0x65,0xf5,0x02,
12449+ 0x8f,0xdc,0xa2,0x09,0x54,0xa6,0xe2,0xa4,0xde,0x32,0xe0,0x01
12450+ };
12451+
12452+__fips_constseg
12453+static const unsigned char aes_192_use_df_additionalinputreseed[] =
12454+ {
12455+ 0x9b,0x90,0xb0,0x3a,0x0e,0x3a,0x80,0x07,0x4a,0xf4,0xda,0x76,
12456+ 0x28,0x30,0x3c,0xee,0x54,0x1b,0x94,0x59,0x51,0x43,0x56,0x77,
12457+ 0xaf,0x88,0xdd,0x63,0x89,0x47,0x06,0x65
12458+ };
12459+
12460+__fips_constseg
12461+static const unsigned char aes_192_use_df_additionalinput2[] =
12462+ {
12463+ 0x3c,0x11,0x64,0x7a,0x96,0xf5,0xd8,0xb8,0xae,0xd6,0x70,0x4e,
12464+ 0x16,0x96,0xde,0xe9,0x62,0xbc,0xee,0x28,0x2f,0x26,0xa6,0xf0,
12465+ 0x56,0xef,0xa3,0xf1,0x6b,0xa1,0xb1,0x77
12466+ };
12467+
12468+__fips_constseg
12469+static const unsigned char aes_192_use_df_returnedbits[] =
12470+ {
12471+ 0x0b,0xe2,0x56,0x03,0x1e,0xdb,0x2c,0x6d,0x7f,0x1b,0x15,0x58,
12472+ 0x1a,0xf9,0x13,0x28
12473+ };
12474+
12475+
12476+/* AES-256 use df PR */
12477+__fips_constseg
12478+static const unsigned char aes_256_use_df_pr_entropyinput[] =
12479+ {
12480+ 0x61,0x68,0xfc,0x1a,0xf0,0xb5,0x95,0x6b,0x85,0x09,0x9b,0x74,
12481+ 0x3f,0x13,0x78,0x49,0x3b,0x85,0xec,0x93,0x13,0x3b,0xa9,0x4f,
12482+ 0x96,0xab,0x2c,0xe4,0xc8,0x8f,0xdd,0x6a
12483+ };
12484+
12485+__fips_constseg
12486+static const unsigned char aes_256_use_df_pr_nonce[] =
12487+ {
12488+ 0xad,0xd2,0xbb,0xba,0xb7,0x65,0x89,0xc3,0x21,0x6c,0x55,0x33,
12489+ 0x2b,0x36,0xff,0xa4
12490+ };
12491+
12492+__fips_constseg
12493+static const unsigned char aes_256_use_df_pr_personalizationstring[] =
12494+ {
12495+ 0x6e,0xca,0xe7,0x20,0x72,0xd3,0x84,0x5a,0x32,0xd3,0x4b,0x24,
12496+ 0x72,0xc4,0x63,0x2b,0x9d,0x12,0x24,0x0c,0x23,0x26,0x8e,0x83,
12497+ 0x16,0x37,0x0b,0xd1,0x06,0x4f,0x68,0x6d
12498+ };
12499+
12500+__fips_constseg
12501+static const unsigned char aes_256_use_df_pr_additionalinput[] =
12502+ {
12503+ 0x7e,0x08,0x4a,0xbb,0xe3,0x21,0x7c,0xc9,0x23,0xd2,0xf8,0xb0,
12504+ 0x73,0x98,0xba,0x84,0x74,0x23,0xab,0x06,0x8a,0xe2,0x22,0xd3,
12505+ 0x7b,0xce,0x9b,0xd2,0x4a,0x76,0xb8,0xde
12506+ };
12507+
12508+__fips_constseg
12509+static const unsigned char aes_256_use_df_pr_entropyinputpr[] =
12510+ {
12511+ 0x0b,0x23,0xaf,0xdf,0xf1,0x62,0xd7,0xd3,0x43,0x97,0xf8,0x77,
12512+ 0x04,0xa8,0x42,0x20,0xbd,0xf6,0x0f,0xc1,0x17,0x2f,0x9f,0x54,
12513+ 0xbb,0x56,0x17,0x86,0x68,0x0e,0xba,0xa9
12514+ };
12515+
12516+__fips_constseg
12517+static const unsigned char aes_256_use_df_pr_int_returnedbits[] =
12518+ {
12519+ 0x31,0x8e,0xad,0xaf,0x40,0xeb,0x6b,0x74,0x31,0x46,0x80,0xc7,
12520+ 0x17,0xab,0x3c,0x7a
12521+ };
12522+
12523+__fips_constseg
12524+static const unsigned char aes_256_use_df_pr_additionalinput2[] =
12525+ {
12526+ 0x94,0x6b,0xc9,0x9f,0xab,0x8d,0xc5,0xec,0x71,0x88,0x1d,0x00,
12527+ 0x8c,0x89,0x68,0xe4,0xc8,0x07,0x77,0x36,0x17,0x6d,0x79,0x78,
12528+ 0xc7,0x06,0x4e,0x99,0x04,0x28,0x29,0xc3
12529+ };
12530+
12531+__fips_constseg
12532+static const unsigned char aes_256_use_df_pr_entropyinputpr2[] =
12533+ {
12534+ 0xbf,0x6c,0x59,0x2a,0x0d,0x44,0x0f,0xae,0x9a,0x5e,0x03,0x73,
12535+ 0xd8,0xa6,0xe1,0xcf,0x25,0x61,0x38,0x24,0x86,0x9e,0x53,0xe8,
12536+ 0xa4,0xdf,0x56,0xf4,0x06,0x07,0x9c,0x0f
12537+ };
12538+
12539+__fips_constseg
12540+static const unsigned char aes_256_use_df_pr_returnedbits[] =
12541+ {
12542+ 0x22,0x4a,0xb4,0xb8,0xb6,0xee,0x7d,0xb1,0x9e,0xc9,0xf9,0xa0,
12543+ 0xd9,0xe2,0x97,0x00
12544+ };
12545+
12546+
12547+/* AES-256 use df No PR */
12548+__fips_constseg
12549+static const unsigned char aes_256_use_df_entropyinput[] =
12550+ {
12551+ 0xa5,0x3e,0x37,0x10,0x17,0x43,0x91,0x93,0x59,0x1e,0x47,0x50,
12552+ 0x87,0xaa,0xdd,0xd5,0xc1,0xc3,0x86,0xcd,0xca,0x0d,0xdb,0x68,
12553+ 0xe0,0x02,0xd8,0x0f,0xdc,0x40,0x1a,0x47
12554+ };
12555+
12556+__fips_constseg
12557+static const unsigned char aes_256_use_df_nonce[] =
12558+ {
12559+ 0xa9,0x4d,0xa5,0x5a,0xfd,0xc5,0x0c,0xe5,0x1c,0x9a,0x3b,0x8a,
12560+ 0x4c,0x44,0x84,0x40
12561+ };
12562+
12563+__fips_constseg
12564+static const unsigned char aes_256_use_df_personalizationstring[] =
12565+ {
12566+ 0x8b,0x52,0xa2,0x4a,0x93,0xc3,0x4e,0xa7,0x1e,0x1c,0xa7,0x05,
12567+ 0xeb,0x82,0x9b,0xa6,0x5d,0xe4,0xd4,0xe0,0x7f,0xa3,0xd8,0x6b,
12568+ 0x37,0x84,0x5f,0xf1,0xc7,0xd5,0xf6,0xd2
12569+ };
12570+
12571+__fips_constseg
12572+static const unsigned char aes_256_use_df_additionalinput[] =
12573+ {
12574+ 0x20,0xf4,0x22,0xed,0xf8,0x5c,0xa1,0x6a,0x01,0xcf,0xbe,0x5f,
12575+ 0x8d,0x6c,0x94,0x7f,0xae,0x12,0xa8,0x57,0xdb,0x2a,0xa9,0xbf,
12576+ 0xc7,0xb3,0x65,0x81,0x80,0x8d,0x0d,0x46
12577+ };
12578+
12579+__fips_constseg
12580+static const unsigned char aes_256_use_df_int_returnedbits[] =
12581+ {
12582+ 0x4e,0x44,0xfd,0xf3,0x9e,0x29,0xa2,0xb8,0x0f,0x5d,0x6c,0xe1,
12583+ 0x28,0x0c,0x3b,0xc1
12584+ };
12585+
12586+__fips_constseg
12587+static const unsigned char aes_256_use_df_entropyinputreseed[] =
12588+ {
12589+ 0xdd,0x40,0xe5,0x98,0x7b,0x27,0x16,0x73,0x15,0x68,0xd2,0x76,
12590+ 0xbf,0x0c,0x67,0x15,0x75,0x79,0x03,0xd3,0xde,0xde,0x91,0x46,
12591+ 0x42,0xdd,0xd4,0x67,0xc8,0x79,0xc8,0x1e
12592+ };
12593+
12594+__fips_constseg
12595+static const unsigned char aes_256_use_df_additionalinputreseed[] =
12596+ {
12597+ 0x7f,0xd8,0x1f,0xbd,0x2a,0xb5,0x1c,0x11,0x5d,0x83,0x4e,0x99,
12598+ 0xf6,0x5c,0xa5,0x40,0x20,0xed,0x38,0x8e,0xd5,0x9e,0xe0,0x75,
12599+ 0x93,0xfe,0x12,0x5e,0x5d,0x73,0xfb,0x75
12600+ };
12601+
12602+__fips_constseg
12603+static const unsigned char aes_256_use_df_additionalinput2[] =
12604+ {
12605+ 0xcd,0x2c,0xff,0x14,0x69,0x3e,0x4c,0x9e,0xfd,0xfe,0x26,0x0d,
12606+ 0xe9,0x86,0x00,0x49,0x30,0xba,0xb1,0xc6,0x50,0x57,0x77,0x2a,
12607+ 0x62,0x39,0x2c,0x3b,0x74,0xeb,0xc9,0x0d
12608+ };
12609+
12610+__fips_constseg
12611+static const unsigned char aes_256_use_df_returnedbits[] =
12612+ {
12613+ 0x4f,0x78,0xbe,0xb9,0x4d,0x97,0x8c,0xe9,0xd0,0x97,0xfe,0xad,
12614+ 0xfa,0xfd,0x35,0x5e
12615+ };
12616+
12617+
12618+/* AES-128 no df PR */
12619+__fips_constseg
12620+static const unsigned char aes_128_no_df_pr_entropyinput[] =
12621+ {
12622+ 0x9a,0x25,0x65,0x10,0x67,0xd5,0xb6,0x6b,0x70,0xa1,0xb3,0xa4,
12623+ 0x43,0x95,0x80,0xc0,0x84,0x0a,0x79,0xb0,0x88,0x74,0xf2,0xbf,
12624+ 0x31,0x6c,0x33,0x38,0x0b,0x00,0xb2,0x5a
12625+ };
12626+
12627+__fips_constseg
12628+static const unsigned char aes_128_no_df_pr_nonce[] =
12629+ {
12630+ 0x78,0x47,0x6b,0xf7,0x90,0x8e,0x87,0xf1
12631+ };
12632+
12633+__fips_constseg
12634+static const unsigned char aes_128_no_df_pr_personalizationstring[] =
12635+ {
12636+ 0xf7,0x22,0x1d,0x3a,0xbe,0x1d,0xca,0x32,0x1b,0xbd,0x87,0x0c,
12637+ 0x51,0x24,0x19,0xee,0xa3,0x23,0x09,0x63,0x33,0x3d,0xa8,0x0c,
12638+ 0x1c,0xfa,0x42,0x89,0xcc,0x6f,0xa0,0xa8
12639+ };
12640+
12641+__fips_constseg
12642+static const unsigned char aes_128_no_df_pr_additionalinput[] =
12643+ {
12644+ 0xc9,0xe0,0x80,0xbf,0x8c,0x45,0x58,0x39,0xff,0x00,0xab,0x02,
12645+ 0x4c,0x3e,0x3a,0x95,0x9b,0x80,0xa8,0x21,0x2a,0xee,0xba,0x73,
12646+ 0xb1,0xd9,0xcf,0x28,0xf6,0x8f,0x9b,0x12
12647+ };
12648+
12649+__fips_constseg
12650+static const unsigned char aes_128_no_df_pr_entropyinputpr[] =
12651+ {
12652+ 0x4c,0xa8,0xc5,0xf0,0x59,0x9e,0xa6,0x8d,0x26,0x53,0xd7,0x8a,
12653+ 0xa9,0xd8,0xf7,0xed,0xb2,0xf9,0x12,0x42,0xe1,0xe5,0xbd,0xe7,
12654+ 0xe7,0x1d,0x74,0x99,0x00,0x9d,0x31,0x3e
12655+ };
12656+
12657+__fips_constseg
12658+static const unsigned char aes_128_no_df_pr_int_returnedbits[] =
12659+ {
12660+ 0xe2,0xac,0x20,0xf0,0x80,0xe7,0xbc,0x7e,0x9c,0x7b,0x65,0x71,
12661+ 0xaf,0x19,0x32,0x16
12662+ };
12663+
12664+__fips_constseg
12665+static const unsigned char aes_128_no_df_pr_additionalinput2[] =
12666+ {
12667+ 0x32,0x7f,0x38,0x8b,0x73,0x0a,0x78,0x83,0xdc,0x30,0xbe,0x9f,
12668+ 0x10,0x1f,0xf5,0x1f,0xca,0x00,0xb5,0x0d,0xd6,0x9d,0x60,0x83,
12669+ 0x51,0x54,0x7d,0x38,0x23,0x3a,0x52,0x50
12670+ };
12671+
12672+__fips_constseg
12673+static const unsigned char aes_128_no_df_pr_entropyinputpr2[] =
12674+ {
12675+ 0x18,0x61,0x53,0x56,0xed,0xed,0xd7,0x20,0xfb,0x71,0x04,0x7a,
12676+ 0xb2,0xac,0xc1,0x28,0xcd,0xf2,0xc2,0xfc,0xaa,0xb1,0x06,0x07,
12677+ 0xe9,0x46,0x95,0x02,0x48,0x01,0x78,0xf9
12678+ };
12679+
12680+__fips_constseg
12681+static const unsigned char aes_128_no_df_pr_returnedbits[] =
12682+ {
12683+ 0x29,0xc8,0x1b,0x15,0xb1,0xd1,0xc2,0xf6,0x71,0x86,0x68,0x33,
12684+ 0x57,0x82,0x33,0xaf
12685+ };
12686+
12687+
12688+/* AES-128 no df No PR */
12689+__fips_constseg
12690+static const unsigned char aes_128_no_df_entropyinput[] =
12691+ {
12692+ 0xc9,0xc5,0x79,0xbc,0xe8,0xc5,0x19,0xd8,0xbc,0x66,0x73,0x67,
12693+ 0xf6,0xd3,0x72,0xaa,0xa6,0x16,0xb8,0x50,0xb7,0x47,0x3a,0x42,
12694+ 0xab,0xf4,0x16,0xb2,0x96,0xd2,0xb6,0x60
12695+ };
12696+
12697+__fips_constseg
12698+static const unsigned char aes_128_no_df_nonce[] =
12699+ {
12700+ 0x5f,0xbf,0x97,0x0c,0x4b,0xa4,0x87,0x13
12701+ };
12702+
12703+__fips_constseg
12704+static const unsigned char aes_128_no_df_personalizationstring[] =
12705+ {
12706+ 0xce,0xfb,0x7b,0x3f,0xd4,0x6b,0x29,0x0d,0x69,0x06,0xff,0xbb,
12707+ 0xf2,0xe5,0xc6,0x6c,0x0a,0x10,0xa0,0xcf,0x1a,0x48,0xc7,0x8b,
12708+ 0x3c,0x16,0x88,0xed,0x50,0x13,0x81,0xce
12709+ };
12710+
12711+__fips_constseg
12712+static const unsigned char aes_128_no_df_additionalinput[] =
12713+ {
12714+ 0x4b,0x22,0x46,0x18,0x02,0x7b,0xd2,0x1b,0x22,0x42,0x7c,0x37,
12715+ 0xd9,0xf6,0xe8,0x9b,0x12,0x30,0x5f,0xe9,0x90,0xe8,0x08,0x24,
12716+ 0x4f,0x06,0x66,0xdb,0x19,0x2b,0x13,0x95
12717+ };
12718+
12719+__fips_constseg
12720+static const unsigned char aes_128_no_df_int_returnedbits[] =
12721+ {
12722+ 0x2e,0x96,0x70,0x64,0xfa,0xdf,0xdf,0x57,0xb5,0x82,0xee,0xd6,
12723+ 0xed,0x3e,0x65,0xc2
12724+ };
12725+
12726+__fips_constseg
12727+static const unsigned char aes_128_no_df_entropyinputreseed[] =
12728+ {
12729+ 0x26,0xc0,0x72,0x16,0x3a,0x4b,0xb7,0x99,0xd4,0x07,0xaf,0x66,
12730+ 0x62,0x36,0x96,0xa4,0x51,0x17,0xfa,0x07,0x8b,0x17,0x5e,0xa1,
12731+ 0x2f,0x3c,0x10,0xe7,0x90,0xd0,0x46,0x00
12732+ };
12733+
12734+__fips_constseg
12735+static const unsigned char aes_128_no_df_additionalinputreseed[] =
12736+ {
12737+ 0x83,0x39,0x37,0x7b,0x02,0x06,0xd2,0x12,0x13,0x8d,0x8b,0xf2,
12738+ 0xf0,0xf6,0x26,0xeb,0xa4,0x22,0x7b,0xc2,0xe7,0xba,0x79,0xe4,
12739+ 0x3b,0x77,0x5d,0x4d,0x47,0xb2,0x2d,0xb4
12740+ };
12741+
12742+__fips_constseg
12743+static const unsigned char aes_128_no_df_additionalinput2[] =
12744+ {
12745+ 0x0b,0xb9,0x67,0x37,0xdb,0x83,0xdf,0xca,0x81,0x8b,0xf9,0x3f,
12746+ 0xf1,0x11,0x1b,0x2f,0xf0,0x61,0xa6,0xdf,0xba,0xa3,0xb1,0xac,
12747+ 0xd3,0xe6,0x09,0xb8,0x2c,0x6a,0x67,0xd6
12748+ };
12749+
12750+__fips_constseg
12751+static const unsigned char aes_128_no_df_returnedbits[] =
12752+ {
12753+ 0x1e,0xa7,0xa4,0xe4,0xe1,0xa6,0x7c,0x69,0x9a,0x44,0x6c,0x36,
12754+ 0x81,0x37,0x19,0xd4
12755+ };
12756+
12757+
12758+/* AES-192 no df PR */
12759+__fips_constseg
12760+static const unsigned char aes_192_no_df_pr_entropyinput[] =
12761+ {
12762+ 0x9d,0x2c,0xd2,0x55,0x66,0xea,0xe0,0xbe,0x18,0xb7,0x76,0xe7,
12763+ 0x73,0x35,0xd8,0x1f,0xad,0x3a,0xe3,0x81,0x0e,0x92,0xd0,0x61,
12764+ 0xc9,0x12,0x26,0xf6,0x1c,0xdf,0xfe,0x47,0xaa,0xfe,0x7d,0x5a,
12765+ 0x17,0x1f,0x8d,0x9a
12766+ };
12767+
12768+__fips_constseg
12769+static const unsigned char aes_192_no_df_pr_nonce[] =
12770+ {
12771+ 0x44,0x82,0xed,0xe8,0x4c,0x28,0x5a,0x14,0xff,0x88,0x8d,0x19,
12772+ 0x61,0x5c,0xee,0x0f
12773+ };
12774+
12775+__fips_constseg
12776+static const unsigned char aes_192_no_df_pr_personalizationstring[] =
12777+ {
12778+ 0x47,0xd7,0x9b,0x99,0xaa,0xcb,0xe7,0xd2,0x57,0x66,0x2c,0xe1,
12779+ 0x78,0xd6,0x2c,0xea,0xa3,0x23,0x5f,0x2a,0xc1,0x3a,0xf0,0xa4,
12780+ 0x20,0x3b,0xfa,0x07,0xd5,0x05,0x02,0xe4,0x57,0x01,0xb6,0x10,
12781+ 0x57,0x2e,0xe7,0x55
12782+ };
12783+
12784+__fips_constseg
12785+static const unsigned char aes_192_no_df_pr_additionalinput[] =
12786+ {
12787+ 0x4b,0x74,0x0b,0x40,0xce,0x6b,0xc2,0x6a,0x24,0xb4,0xf3,0xad,
12788+ 0x7a,0xa5,0x7a,0xa2,0x15,0xe2,0xc8,0x61,0x15,0xc6,0xb7,0x85,
12789+ 0x69,0x11,0xad,0x7b,0x14,0xd2,0xf6,0x12,0xa1,0x95,0x5d,0x3f,
12790+ 0xe2,0xd0,0x0c,0x2f
12791+ };
12792+
12793+__fips_constseg
12794+static const unsigned char aes_192_no_df_pr_entropyinputpr[] =
12795+ {
12796+ 0x0c,0x9c,0xad,0x05,0xee,0xae,0x48,0x23,0x89,0x59,0xa1,0x94,
12797+ 0xd7,0xd8,0x75,0xd5,0x54,0x93,0xc7,0x4a,0xd9,0x26,0xde,0xeb,
12798+ 0xba,0xb0,0x7e,0x30,0x1d,0x5f,0x69,0x40,0x9c,0x3b,0x17,0x58,
12799+ 0x1d,0x30,0xb3,0x78
12800+ };
12801+
12802+__fips_constseg
12803+static const unsigned char aes_192_no_df_pr_int_returnedbits[] =
12804+ {
12805+ 0xf7,0x93,0xb0,0x6d,0x77,0x83,0xd5,0x38,0x01,0xe1,0x52,0x40,
12806+ 0x7e,0x3e,0x0c,0x26
12807+ };
12808+
12809+__fips_constseg
12810+static const unsigned char aes_192_no_df_pr_additionalinput2[] =
12811+ {
12812+ 0xbc,0x4b,0x37,0x44,0x1c,0xc5,0x45,0x5f,0x8f,0x51,0x62,0x8a,
12813+ 0x85,0x30,0x1d,0x7c,0xe4,0xcf,0xf7,0x44,0xce,0x32,0x3e,0x57,
12814+ 0x95,0xa4,0x2a,0xdf,0xfd,0x9e,0x38,0x41,0xb3,0xf6,0xc5,0xee,
12815+ 0x0c,0x4b,0xee,0x6e
12816+ };
12817+
12818+__fips_constseg
12819+static const unsigned char aes_192_no_df_pr_entropyinputpr2[] =
12820+ {
12821+ 0xec,0xaf,0xf6,0x4f,0xb1,0xa0,0x54,0xb5,0x5b,0xe3,0x46,0xb0,
12822+ 0x76,0x5a,0x7c,0x3f,0x7b,0x94,0x69,0x21,0x51,0x02,0xe5,0x9f,
12823+ 0x04,0x59,0x02,0x98,0xc6,0x43,0x2c,0xcc,0x26,0x4c,0x87,0x6b,
12824+ 0x8e,0x0a,0x83,0xdf
12825+ };
12826+
12827+__fips_constseg
12828+static const unsigned char aes_192_no_df_pr_returnedbits[] =
12829+ {
12830+ 0x74,0x45,0xfb,0x53,0x84,0x96,0xbe,0xff,0x15,0xcc,0x41,0x91,
12831+ 0xb9,0xa1,0x21,0x68
12832+ };
12833+
12834+
12835+/* AES-192 no df No PR */
12836+__fips_constseg
12837+static const unsigned char aes_192_no_df_entropyinput[] =
12838+ {
12839+ 0x3c,0x7d,0xb5,0xe0,0x54,0xd9,0x6e,0x8c,0xa9,0x86,0xce,0x4e,
12840+ 0x6b,0xaf,0xeb,0x2f,0xe7,0x75,0xe0,0x8b,0xa4,0x3b,0x07,0xfe,
12841+ 0xbe,0x33,0x75,0x93,0x80,0x27,0xb5,0x29,0x47,0x8b,0xc7,0x28,
12842+ 0x94,0xc3,0x59,0x63
12843+ };
12844+
12845+__fips_constseg
12846+static const unsigned char aes_192_no_df_nonce[] =
12847+ {
12848+ 0x43,0xf1,0x7d,0xb8,0xc3,0xfe,0xd0,0x23,0x6b,0xb4,0x92,0xdb,
12849+ 0x29,0xfd,0x45,0x71
12850+ };
12851+
12852+__fips_constseg
12853+static const unsigned char aes_192_no_df_personalizationstring[] =
12854+ {
12855+ 0x9f,0x24,0x29,0x99,0x9e,0x01,0xab,0xe9,0x19,0xd8,0x23,0x08,
12856+ 0xb7,0xd6,0x7e,0x8c,0xc0,0x9e,0x7f,0x6e,0x5b,0x33,0x20,0x96,
12857+ 0x0b,0x23,0x2c,0xa5,0x6a,0xf8,0x1b,0x04,0x26,0xdb,0x2e,0x2b,
12858+ 0x3b,0x88,0xce,0x35
12859+ };
12860+
12861+__fips_constseg
12862+static const unsigned char aes_192_no_df_additionalinput[] =
12863+ {
12864+ 0x94,0xe9,0x7c,0x3d,0xa7,0xdb,0x60,0x83,0x1f,0x98,0x3f,0x0b,
12865+ 0x88,0x59,0x57,0x51,0x88,0x9f,0x76,0x49,0x9f,0xa6,0xda,0x71,
12866+ 0x1d,0x0d,0x47,0x16,0x63,0xc5,0x68,0xe4,0x5d,0x39,0x69,0xb3,
12867+ 0x3e,0xbe,0xd4,0x8e
12868+ };
12869+
12870+__fips_constseg
12871+static const unsigned char aes_192_no_df_int_returnedbits[] =
12872+ {
12873+ 0xf9,0xd7,0xad,0x69,0xab,0x8f,0x23,0x56,0x70,0x17,0x4f,0x2a,
12874+ 0x45,0xe7,0x4a,0xc5
12875+ };
12876+
12877+__fips_constseg
12878+static const unsigned char aes_192_no_df_entropyinputreseed[] =
12879+ {
12880+ 0xa6,0x71,0x6a,0x3d,0xba,0xd1,0xe8,0x66,0xa6,0xef,0xb2,0x0e,
12881+ 0xa8,0x9c,0xaa,0x4e,0xaf,0x17,0x89,0x50,0x00,0xda,0xa1,0xb1,
12882+ 0x0b,0xa4,0xd9,0x35,0x89,0xc8,0xe5,0xb0,0xd9,0xb7,0xc4,0x33,
12883+ 0x9b,0xcb,0x7e,0x75
12884+ };
12885+
12886+__fips_constseg
12887+static const unsigned char aes_192_no_df_additionalinputreseed[] =
12888+ {
12889+ 0x27,0x21,0xfc,0xc2,0xbd,0xf3,0x3c,0xce,0xc3,0xca,0xc1,0x01,
12890+ 0xe0,0xff,0x93,0x12,0x7d,0x54,0x42,0xe3,0x9f,0x03,0xdf,0x27,
12891+ 0x04,0x07,0x3c,0x53,0x7f,0xa8,0x66,0xc8,0x97,0x4b,0x61,0x40,
12892+ 0x5d,0x7a,0x25,0x79
12893+ };
12894+
12895+__fips_constseg
12896+static const unsigned char aes_192_no_df_additionalinput2[] =
12897+ {
12898+ 0x2d,0x8e,0x16,0x5d,0x0b,0x9f,0xeb,0xaa,0xd6,0xec,0x28,0x71,
12899+ 0x7c,0x0b,0xc1,0x1d,0xd4,0x44,0x19,0x47,0xfd,0x1d,0x7c,0xe5,
12900+ 0xf3,0x27,0xe1,0xb6,0x72,0x0a,0xe0,0xec,0x0e,0xcd,0xef,0x1a,
12901+ 0x91,0x6a,0xe3,0x5f
12902+ };
12903+
12904+__fips_constseg
12905+static const unsigned char aes_192_no_df_returnedbits[] =
12906+ {
12907+ 0xe5,0xda,0xb8,0xe0,0x63,0x59,0x5a,0xcc,0x3d,0xdc,0x9f,0xe8,
12908+ 0x66,0x67,0x2c,0x92
12909+ };
12910+
12911+
12912+/* AES-256 no df PR */
12913+__fips_constseg
12914+static const unsigned char aes_256_no_df_pr_entropyinput[] =
12915+ {
12916+ 0x15,0xc7,0x5d,0xcb,0x41,0x4b,0x16,0x01,0x3a,0xd1,0x44,0xe8,
12917+ 0x22,0x32,0xc6,0x9c,0x3f,0xe7,0x43,0xf5,0x9a,0xd3,0xea,0xf2,
12918+ 0xd7,0x4e,0x6e,0x6a,0x55,0x73,0x40,0xef,0x89,0xad,0x0d,0x03,
12919+ 0x96,0x7e,0x78,0x81,0x2f,0x91,0x1b,0x44,0xb0,0x02,0xba,0x1c
12920+ };
12921+
12922+__fips_constseg
12923+static const unsigned char aes_256_no_df_pr_nonce[] =
12924+ {
12925+ 0xdc,0xe4,0xd4,0x27,0x7a,0x90,0xd7,0x99,0x43,0xa1,0x3c,0x30,
12926+ 0xcc,0x4b,0xee,0x2e
12927+ };
12928+
12929+__fips_constseg
12930+static const unsigned char aes_256_no_df_pr_personalizationstring[] =
12931+ {
12932+ 0xe3,0xe6,0xb9,0x11,0xe4,0x7a,0xa4,0x40,0x6b,0xf8,0x73,0xf7,
12933+ 0x7e,0xec,0xc7,0xb9,0x97,0xbf,0xf8,0x25,0x7b,0xbe,0x11,0x9b,
12934+ 0x5b,0x6a,0x0c,0x2e,0x2b,0x01,0x51,0xcd,0x41,0x4b,0x6b,0xac,
12935+ 0x31,0xa8,0x0b,0xf7,0xe6,0x59,0x42,0xb8,0x03,0x0c,0xf8,0x06
12936+ };
12937+
12938+__fips_constseg
12939+static const unsigned char aes_256_no_df_pr_additionalinput[] =
12940+ {
12941+ 0x6a,0x9f,0x00,0x91,0xae,0xfe,0xcf,0x84,0x99,0xce,0xb1,0x40,
12942+ 0x6d,0x5d,0x33,0x28,0x84,0xf4,0x8c,0x63,0x4c,0x7e,0xbd,0x2c,
12943+ 0x80,0x76,0xee,0x5a,0xaa,0x15,0x07,0x31,0xd8,0xbb,0x8c,0x69,
12944+ 0x9d,0x9d,0xbc,0x7e,0x49,0xae,0xec,0x39,0x6b,0xd1,0x1f,0x7e
12945+ };
12946+
12947+__fips_constseg
12948+static const unsigned char aes_256_no_df_pr_entropyinputpr[] =
12949+ {
12950+ 0xf3,0xb9,0x75,0x9c,0xbd,0x88,0xea,0xa2,0x50,0xad,0xd6,0x16,
12951+ 0x1a,0x12,0x3c,0x86,0x68,0xaf,0x6f,0xbe,0x19,0xf2,0xee,0xcc,
12952+ 0xa5,0x70,0x84,0x53,0x50,0xcb,0x9f,0x14,0xa9,0xe5,0xee,0xb9,
12953+ 0x48,0x45,0x40,0xe2,0xc7,0xc9,0x9a,0x74,0xff,0x8c,0x99,0x1f
12954+ };
12955+
12956+__fips_constseg
12957+static const unsigned char aes_256_no_df_pr_int_returnedbits[] =
12958+ {
12959+ 0x2e,0xf2,0x45,0x4c,0x62,0x2e,0x0a,0xb9,0x6b,0xa2,0xfd,0x56,
12960+ 0x79,0x60,0x93,0xcf
12961+ };
12962+
12963+__fips_constseg
12964+static const unsigned char aes_256_no_df_pr_additionalinput2[] =
12965+ {
12966+ 0xaf,0x69,0x20,0xe9,0x3b,0x37,0x9d,0x3f,0xb4,0x80,0x02,0x7a,
12967+ 0x25,0x7d,0xb8,0xde,0x71,0xc5,0x06,0x0c,0xb4,0xe2,0x8f,0x35,
12968+ 0xd8,0x14,0x0d,0x7f,0x76,0x63,0x4e,0xb5,0xee,0xe9,0x6f,0x34,
12969+ 0xc7,0x5f,0x56,0x14,0x4a,0xe8,0x73,0x95,0x5b,0x1c,0xb9,0xcb
12970+ };
12971+
12972+__fips_constseg
12973+static const unsigned char aes_256_no_df_pr_entropyinputpr2[] =
12974+ {
12975+ 0xe5,0xb0,0x2e,0x7e,0x52,0x30,0xe3,0x63,0x82,0xb6,0x44,0xd3,
12976+ 0x25,0x19,0x05,0x24,0x9a,0x9f,0x5f,0x27,0x6a,0x29,0xab,0xfa,
12977+ 0x07,0xa2,0x42,0x0f,0xc5,0xa8,0x94,0x7c,0x17,0x7b,0x85,0x83,
12978+ 0x0c,0x25,0x0e,0x63,0x0b,0xe9,0x12,0x60,0xcd,0xef,0x80,0x0f
12979+ };
12980+
12981+__fips_constseg
12982+static const unsigned char aes_256_no_df_pr_returnedbits[] =
12983+ {
12984+ 0x5e,0xf2,0x26,0xef,0x9f,0x58,0x5d,0xd5,0x4a,0x10,0xfe,0xa7,
12985+ 0x2d,0x5f,0x4a,0x46
12986+ };
12987+
12988+
12989+/* AES-256 no df No PR */
12990+__fips_constseg
12991+static const unsigned char aes_256_no_df_entropyinput[] =
12992+ {
12993+ 0xfb,0xcf,0x1b,0x61,0x16,0x89,0x78,0x23,0xf5,0xd8,0x96,0xe3,
12994+ 0x4e,0x64,0x0b,0x29,0x9a,0x3f,0xf8,0xa5,0xed,0xf2,0xfe,0xdb,
12995+ 0x16,0xca,0x7f,0x10,0xfa,0x5e,0x18,0x76,0x2c,0x63,0x5e,0x96,
12996+ 0xcf,0xb3,0xd6,0xfc,0xaf,0x99,0x39,0x28,0x9c,0x61,0xe8,0xb3
12997+ };
12998+
12999+__fips_constseg
13000+static const unsigned char aes_256_no_df_nonce[] =
13001+ {
13002+ 0x12,0x96,0xf0,0x52,0xf3,0x8d,0x81,0xcf,0xde,0x86,0xf2,0x99,
13003+ 0x43,0x96,0xb9,0xf0
13004+ };
13005+
13006+__fips_constseg
13007+static const unsigned char aes_256_no_df_personalizationstring[] =
13008+ {
13009+ 0x63,0x0d,0x78,0xf5,0x90,0x8e,0x32,0x47,0xb0,0x4d,0x37,0x60,
13010+ 0x09,0x96,0xbc,0xbf,0x97,0x7a,0x62,0x14,0x45,0xbd,0x8d,0xcc,
13011+ 0x69,0xfb,0x03,0xe1,0x80,0x1c,0xc7,0xe2,0x2a,0xf9,0x37,0x3f,
13012+ 0x66,0x4d,0x62,0xd9,0x10,0xe0,0xad,0xc8,0x9a,0xf0,0xa8,0x6d
13013+ };
13014+
13015+__fips_constseg
13016+static const unsigned char aes_256_no_df_additionalinput[] =
13017+ {
13018+ 0x36,0xc6,0x13,0x60,0xbb,0x14,0xad,0x22,0xb0,0x38,0xac,0xa6,
13019+ 0x18,0x16,0x93,0x25,0x86,0xb7,0xdc,0xdc,0x36,0x98,0x2b,0xf9,
13020+ 0x68,0x33,0xd3,0xc6,0xff,0xce,0x8d,0x15,0x59,0x82,0x76,0xed,
13021+ 0x6f,0x8d,0x49,0x74,0x2f,0xda,0xdc,0x1f,0x17,0xd0,0xde,0x17
13022+ };
13023+
13024+__fips_constseg
13025+static const unsigned char aes_256_no_df_int_returnedbits[] =
13026+ {
13027+ 0x16,0x2f,0x8e,0x3f,0x21,0x7a,0x1c,0x20,0x56,0xd1,0x92,0xf6,
13028+ 0xd2,0x25,0x75,0x0e
13029+ };
13030+
13031+__fips_constseg
13032+static const unsigned char aes_256_no_df_entropyinputreseed[] =
13033+ {
13034+ 0x91,0x79,0x76,0xee,0xe0,0xcf,0x9e,0xc2,0xd5,0xd4,0x23,0x9b,
13035+ 0x12,0x8c,0x7e,0x0a,0xb7,0xd2,0x8b,0xd6,0x7c,0xa3,0xc6,0xe5,
13036+ 0x0e,0xaa,0xc7,0x6b,0xae,0x0d,0xfa,0x53,0x06,0x79,0xa1,0xed,
13037+ 0x4d,0x6a,0x0e,0xd8,0x9d,0xbe,0x1b,0x31,0x93,0x7b,0xec,0xfb
13038+ };
13039+
13040+__fips_constseg
13041+static const unsigned char aes_256_no_df_additionalinputreseed[] =
13042+ {
13043+ 0xd2,0x46,0x50,0x22,0x10,0x14,0x63,0xf7,0xea,0x0f,0xb9,0x7e,
13044+ 0x0d,0xe1,0x94,0x07,0xaf,0x09,0x44,0x31,0xea,0x64,0xa4,0x18,
13045+ 0x5b,0xf9,0xd8,0xc2,0xfa,0x03,0x47,0xc5,0x39,0x43,0xd5,0x3b,
13046+ 0x62,0x86,0x64,0xea,0x2c,0x73,0x8c,0xae,0x9d,0x98,0x98,0x29
13047+ };
13048+
13049+__fips_constseg
13050+static const unsigned char aes_256_no_df_additionalinput2[] =
13051+ {
13052+ 0x8c,0xab,0x18,0xf8,0xc3,0xec,0x18,0x5c,0xb3,0x1e,0x9d,0xbe,
13053+ 0x3f,0x03,0xb4,0x00,0x98,0x9d,0xae,0xeb,0xf4,0x94,0xf8,0x42,
13054+ 0x8f,0xe3,0x39,0x07,0xe1,0xc9,0xad,0x0b,0x1f,0xed,0xc0,0xba,
13055+ 0xf6,0xd1,0xec,0x27,0x86,0x7b,0xd6,0x55,0x9b,0x60,0xa5,0xc6
13056+ };
13057+
13058+__fips_constseg
13059+static const unsigned char aes_256_no_df_returnedbits[] =
13060+ {
13061+ 0xef,0xd2,0xd8,0x5c,0xdc,0x62,0x25,0x9f,0xaa,0x1e,0x2c,0x67,
13062+ 0xf6,0x02,0x32,0xe2
13063+ };
13064+
13065+
13066+/* SHA-1 PR */
13067+__fips_constseg
13068+static const unsigned char sha1_pr_entropyinput[] =
13069+ {
13070+ 0xd2,0x36,0xa5,0x27,0x31,0x73,0xdd,0x11,0x4f,0x93,0xbd,0xe2,
13071+ 0x31,0xa5,0x91,0x13
13072+ };
13073+
13074+__fips_constseg
13075+static const unsigned char sha1_pr_nonce[] =
13076+ {
13077+ 0xb5,0xb3,0x60,0xef,0xf7,0x63,0x31,0xf3
13078+ };
13079+
13080+__fips_constseg
13081+static const unsigned char sha1_pr_personalizationstring[] =
13082+ {
13083+ 0xd4,0xbb,0x02,0x10,0xb2,0x71,0xdb,0x81,0xd6,0xf0,0x42,0x60,
13084+ 0xda,0xea,0x77,0x52
13085+ };
13086+
13087+__fips_constseg
13088+static const unsigned char sha1_pr_additionalinput[] =
13089+ {
13090+ 0x4d,0xd2,0x6c,0x87,0xfb,0x2c,0x4f,0xa6,0x8d,0x16,0x63,0x22,
13091+ 0x6a,0x51,0xe3,0xf8
13092+ };
13093+
13094+__fips_constseg
13095+static const unsigned char sha1_pr_entropyinputpr[] =
13096+ {
13097+ 0xc9,0x83,0x9e,0x16,0xf6,0x1c,0x0f,0xb2,0xec,0x60,0x31,0xa9,
13098+ 0xcb,0xa9,0x36,0x7a
13099+ };
13100+
13101+__fips_constseg
13102+static const unsigned char sha1_pr_int_returnedbits[] =
13103+ {
13104+ 0xa8,0x13,0x4f,0xf4,0x31,0x02,0x44,0xe3,0xd3,0x3d,0x61,0x9e,
13105+ 0xe5,0xc6,0x3e,0x89,0xb5,0x9b,0x0f,0x35
13106+ };
13107+
13108+__fips_constseg
13109+static const unsigned char sha1_pr_additionalinput2[] =
13110+ {
13111+ 0xf9,0xe8,0xd2,0x72,0x13,0x34,0x95,0x6f,0x15,0x49,0x47,0x99,
13112+ 0x16,0x03,0x19,0x47
13113+ };
13114+
13115+__fips_constseg
13116+static const unsigned char sha1_pr_entropyinputpr2[] =
13117+ {
13118+ 0x4e,0x8c,0x49,0x9b,0x4a,0x5c,0x9b,0x9c,0x3a,0xee,0xfb,0xd2,
13119+ 0xae,0xcd,0x8c,0xc4
13120+ };
13121+
13122+__fips_constseg
13123+static const unsigned char sha1_pr_returnedbits[] =
13124+ {
13125+ 0x50,0xb4,0xb4,0xcd,0x68,0x57,0xfc,0x2e,0xc1,0x52,0xcc,0xf6,
13126+ 0x68,0xa4,0x81,0xed,0x7e,0xe4,0x1d,0x87
13127+ };
13128+
13129+
13130+/* SHA-1 No PR */
13131+__fips_constseg
13132+static const unsigned char sha1_entropyinput[] =
13133+ {
13134+ 0xa9,0x47,0x1b,0x29,0x2d,0x1c,0x05,0xdf,0x76,0xd0,0x62,0xf9,
13135+ 0xe2,0x7f,0x4c,0x7b
13136+ };
13137+
13138+__fips_constseg
13139+static const unsigned char sha1_nonce[] =
13140+ {
13141+ 0x53,0x23,0x24,0xe3,0xec,0x0c,0x54,0x14
13142+ };
13143+
13144+__fips_constseg
13145+static const unsigned char sha1_personalizationstring[] =
13146+ {
13147+ 0x7a,0x87,0xa1,0xac,0x1c,0xfd,0xab,0xae,0xf7,0xd6,0xfb,0x76,
13148+ 0x28,0xec,0x6d,0xca
13149+ };
13150+
13151+__fips_constseg
13152+static const unsigned char sha1_additionalinput[] =
13153+ {
13154+ 0xfc,0x92,0x35,0xd6,0x7e,0xb7,0x24,0x65,0xfd,0x12,0x27,0x35,
13155+ 0xc0,0x72,0xca,0x28
13156+ };
13157+
13158+__fips_constseg
13159+static const unsigned char sha1_int_returnedbits[] =
13160+ {
13161+ 0x57,0x88,0x82,0xe5,0x25,0xa5,0x2c,0x4a,0x06,0x20,0x6c,0x72,
13162+ 0x55,0x61,0xdd,0x90,0x71,0x9f,0x95,0xea
13163+ };
13164+
13165+__fips_constseg
13166+static const unsigned char sha1_entropyinputreseed[] =
13167+ {
13168+ 0x69,0xa5,0x40,0x62,0x98,0x47,0x56,0x73,0x4a,0x8f,0x60,0x96,
13169+ 0xd6,0x99,0x27,0xed
13170+ };
13171+
13172+__fips_constseg
13173+static const unsigned char sha1_additionalinputreseed[] =
13174+ {
13175+ 0xe5,0x40,0x4e,0xbd,0x50,0x00,0xf5,0x15,0xa6,0xee,0x45,0xda,
13176+ 0x84,0x3d,0xd4,0xc0
13177+ };
13178+
13179+__fips_constseg
13180+static const unsigned char sha1_additionalinput2[] =
13181+ {
13182+ 0x11,0x51,0x14,0xf0,0x09,0x1b,0x4e,0x56,0x0d,0xe9,0xf6,0x1e,
13183+ 0x52,0x65,0xcd,0x96
13184+ };
13185+
13186+__fips_constseg
13187+static const unsigned char sha1_returnedbits[] =
13188+ {
13189+ 0xa1,0x9c,0x94,0x6e,0x29,0xe1,0x33,0x0d,0x32,0xd6,0xaa,0xce,
13190+ 0x71,0x3f,0x52,0x72,0x8b,0x42,0xa8,0xd7
13191+ };
13192+
13193+
13194+/* SHA-224 PR */
13195+__fips_constseg
13196+static const unsigned char sha224_pr_entropyinput[] =
13197+ {
13198+ 0x12,0x69,0x32,0x4f,0x83,0xa6,0xf5,0x14,0xe3,0x49,0x3e,0x75,
13199+ 0x3e,0xde,0xad,0xa1,0x29,0xc3,0xf3,0x19,0x20,0xb5,0x4c,0xd9
13200+ };
13201+
13202+__fips_constseg
13203+static const unsigned char sha224_pr_nonce[] =
13204+ {
13205+ 0x6a,0x78,0xd0,0xeb,0xbb,0x5a,0xf0,0xee,0xe8,0xc3,0xba,0x71
13206+ };
13207+
13208+__fips_constseg
13209+static const unsigned char sha224_pr_personalizationstring[] =
13210+ {
13211+ 0xd5,0xb8,0xb6,0xbc,0xc1,0x5b,0x60,0x31,0x3c,0xf5,0xe5,0xc0,
13212+ 0x8e,0x52,0x7a,0xbd,0xea,0x47,0xa9,0x5f,0x8f,0xf9,0x8b,0xae
13213+ };
13214+
13215+__fips_constseg
13216+static const unsigned char sha224_pr_additionalinput[] =
13217+ {
13218+ 0x1f,0x55,0xec,0xae,0x16,0x12,0x84,0xba,0x84,0x16,0x19,0x88,
13219+ 0x8e,0xb8,0x33,0x25,0x54,0xff,0xca,0x79,0xaf,0x07,0x25,0x50
13220+ };
13221+
13222+__fips_constseg
13223+static const unsigned char sha224_pr_entropyinputpr[] =
13224+ {
13225+ 0x92,0xa3,0x32,0xa8,0x9a,0x0a,0x58,0x7c,0x1d,0x5a,0x7e,0xe1,
13226+ 0xb2,0x73,0xab,0x0e,0x16,0x79,0x23,0xd3,0x29,0x89,0x81,0xe1
13227+ };
13228+
13229+__fips_constseg
13230+static const unsigned char sha224_pr_int_returnedbits[] =
13231+ {
13232+ 0xf3,0x38,0x91,0x40,0x37,0x7a,0x51,0x72,0x42,0x74,0x78,0x0a,
13233+ 0x69,0xfd,0xa6,0x44,0x43,0x45,0x6c,0x0c,0x5a,0x19,0xff,0xf1,
13234+ 0x54,0x60,0xee,0x6a
13235+ };
13236+
13237+__fips_constseg
13238+static const unsigned char sha224_pr_additionalinput2[] =
13239+ {
13240+ 0x75,0xf3,0x04,0x25,0xdd,0x36,0xa8,0x37,0x46,0xae,0x0c,0x52,
13241+ 0x05,0x79,0x4c,0x26,0xdb,0xe9,0x71,0x16,0x4c,0x0a,0xf2,0x60
13242+ };
13243+
13244+__fips_constseg
13245+static const unsigned char sha224_pr_entropyinputpr2[] =
13246+ {
13247+ 0xea,0xc5,0x03,0x0a,0x4f,0xb0,0x38,0x8d,0x23,0xd4,0xc8,0x77,
13248+ 0xe2,0x6d,0x9c,0x0b,0x44,0xf7,0x2d,0x5b,0xbf,0x5d,0x2a,0x11
13249+ };
13250+
13251+__fips_constseg
13252+static const unsigned char sha224_pr_returnedbits[] =
13253+ {
13254+ 0x60,0x50,0x2b,0xe7,0x86,0xd8,0x26,0x73,0xe3,0x1d,0x95,0x20,
13255+ 0xb3,0x2c,0x32,0x1c,0xf5,0xce,0x57,0xa6,0x67,0x2b,0xdc,0x4e,
13256+ 0xdd,0x11,0x4c,0xc4
13257+ };
13258+
13259+
13260+/* SHA-224 No PR */
13261+__fips_constseg
13262+static const unsigned char sha224_entropyinput[] =
13263+ {
13264+ 0xb2,0x1c,0x77,0x4d,0xf6,0xd3,0xb6,0x40,0xb7,0x30,0x3e,0x29,
13265+ 0xb0,0x85,0x1c,0xbe,0x4a,0xea,0x6b,0x5a,0xb5,0x8a,0x97,0xeb
13266+ };
13267+
13268+__fips_constseg
13269+static const unsigned char sha224_nonce[] =
13270+ {
13271+ 0x42,0x02,0x0a,0x1c,0x98,0x9a,0x77,0x9e,0x9f,0x80,0xba,0xe0
13272+ };
13273+
13274+__fips_constseg
13275+static const unsigned char sha224_personalizationstring[] =
13276+ {
13277+ 0x98,0xb8,0x04,0x41,0xfc,0xc1,0x5d,0xc5,0xe9,0xb9,0x08,0xda,
13278+ 0xf9,0xfa,0x0d,0x90,0xce,0xdf,0x1d,0x10,0xa9,0x8d,0x50,0x0c
13279+ };
13280+
13281+__fips_constseg
13282+static const unsigned char sha224_additionalinput[] =
13283+ {
13284+ 0x9a,0x8d,0x39,0x49,0x42,0xd5,0x0b,0xae,0xe1,0xaf,0xb7,0x00,
13285+ 0x02,0xfa,0x96,0xb1,0xa5,0x1d,0x2d,0x25,0x78,0xee,0x83,0x3f
13286+ };
13287+
13288+__fips_constseg
13289+static const unsigned char sha224_int_returnedbits[] =
13290+ {
13291+ 0xe4,0xf5,0x53,0x79,0x5a,0x97,0x58,0x06,0x08,0xba,0x7b,0xfa,
13292+ 0xf0,0x83,0x05,0x8c,0x22,0xc0,0xc9,0xdb,0x15,0xe7,0xde,0x20,
13293+ 0x55,0x22,0x9a,0xad
13294+ };
13295+
13296+__fips_constseg
13297+static const unsigned char sha224_entropyinputreseed[] =
13298+ {
13299+ 0x67,0x09,0x48,0xaa,0x07,0x16,0x99,0x89,0x7f,0x6d,0xa0,0xe5,
13300+ 0x8f,0xdf,0xbc,0xdb,0xfe,0xe5,0x6c,0x7a,0x95,0x4a,0x66,0x17
13301+ };
13302+
13303+__fips_constseg
13304+static const unsigned char sha224_additionalinputreseed[] =
13305+ {
13306+ 0x0f,0x4b,0x1c,0x6f,0xb7,0xe3,0x47,0xe5,0x5d,0x7d,0x38,0xd6,
13307+ 0x28,0x9b,0xeb,0x55,0x63,0x09,0x3e,0x7c,0x56,0xea,0xf8,0x19
13308+ };
13309+
13310+__fips_constseg
13311+static const unsigned char sha224_additionalinput2[] =
13312+ {
13313+ 0x2d,0x26,0x7c,0x37,0xe4,0x7a,0x28,0x5e,0x5a,0x3c,0xaf,0x3d,
13314+ 0x5a,0x8e,0x55,0xa2,0x1a,0x6e,0xc0,0xe5,0xf6,0x21,0xd3,0xf6
13315+ };
13316+
13317+__fips_constseg
13318+static const unsigned char sha224_returnedbits[] =
13319+ {
13320+ 0x4d,0x83,0x35,0xdf,0x67,0xa9,0xfc,0x17,0xda,0x70,0xcc,0x8b,
13321+ 0x7f,0x77,0xae,0xa2,0x5f,0xb9,0x7e,0x74,0x4c,0x26,0xc1,0x7a,
13322+ 0x3b,0xa7,0x5c,0x93
13323+ };
13324+
13325+
13326+/* SHA-256 PR */
13327+__fips_constseg
13328+static const unsigned char sha256_pr_entropyinput[] =
13329+ {
13330+ 0xce,0x49,0x00,0x7a,0x56,0xe3,0x67,0x8f,0xe1,0xb6,0xa7,0xd4,
13331+ 0x4f,0x08,0x7a,0x1b,0x01,0xf4,0xfa,0x6b,0xef,0xb7,0xe5,0xeb,
13332+ 0x07,0x3d,0x11,0x0d,0xc8,0xea,0x2b,0xfe
13333+ };
13334+
13335+__fips_constseg
13336+static const unsigned char sha256_pr_nonce[] =
13337+ {
13338+ 0x73,0x41,0xc8,0x92,0x94,0xe2,0xc5,0x5f,0x93,0xfd,0x39,0x5d,
13339+ 0x2b,0x91,0x4d,0x38
13340+ };
13341+
13342+__fips_constseg
13343+static const unsigned char sha256_pr_personalizationstring[] =
13344+ {
13345+ 0x50,0x6d,0x01,0x01,0x07,0x5a,0x80,0x35,0x7a,0x56,0x1a,0x56,
13346+ 0x2f,0x9a,0x0b,0x35,0xb2,0xb1,0xc9,0xe5,0xca,0x69,0x61,0x48,
13347+ 0xff,0xfb,0x0f,0xd9,0x4b,0x79,0x1d,0xba
13348+ };
13349+
13350+__fips_constseg
13351+static const unsigned char sha256_pr_additionalinput[] =
13352+ {
13353+ 0x20,0xb8,0xdf,0x44,0x77,0x5a,0xb8,0xd3,0xbf,0xf6,0xcf,0xac,
13354+ 0x5e,0xa6,0x96,0x62,0x73,0x44,0x40,0x4a,0x30,0xfb,0x38,0xa5,
13355+ 0x7b,0x0d,0xe4,0x0d,0xc6,0xe4,0x9a,0x1f
13356+ };
13357+
13358+__fips_constseg
13359+static const unsigned char sha256_pr_entropyinputpr[] =
13360+ {
13361+ 0x04,0xc4,0x65,0xf4,0xd3,0xbf,0x83,0x4b,0xab,0xc8,0x41,0xa8,
13362+ 0xc2,0xe0,0x44,0x63,0x77,0x4c,0x6f,0x6c,0x49,0x46,0xff,0x94,
13363+ 0x17,0xea,0xe6,0x1a,0x9d,0x5e,0x66,0x78
13364+ };
13365+
13366+__fips_constseg
13367+static const unsigned char sha256_pr_int_returnedbits[] =
13368+ {
13369+ 0x07,0x4d,0xac,0x9b,0x86,0xca,0x4a,0xaa,0x6e,0x7a,0x03,0xa2,
13370+ 0x5d,0x10,0xea,0x0b,0xf9,0x83,0xcc,0xd1,0xfc,0xe2,0x07,0xc7,
13371+ 0x06,0x34,0x60,0x6f,0x83,0x94,0x99,0x76
13372+ };
13373+
13374+__fips_constseg
13375+static const unsigned char sha256_pr_additionalinput2[] =
13376+ {
13377+ 0x89,0x4e,0x45,0x8c,0x11,0xf9,0xbc,0x5b,0xac,0x74,0x8b,0x4b,
13378+ 0x5f,0xf7,0x19,0xf3,0xf5,0x24,0x54,0x14,0xd1,0x15,0xb1,0x43,
13379+ 0x12,0xa4,0x5f,0xd4,0xec,0xfc,0xcd,0x09
13380+ };
13381+
13382+__fips_constseg
13383+static const unsigned char sha256_pr_entropyinputpr2[] =
13384+ {
13385+ 0x0e,0xeb,0x1f,0xd7,0xfc,0xd1,0x9d,0xd4,0x05,0x36,0x8b,0xb2,
13386+ 0xfb,0xe4,0xf4,0x51,0x0c,0x87,0x9b,0x02,0x44,0xd5,0x92,0x4d,
13387+ 0x44,0xfe,0x1a,0x03,0x43,0x56,0xbd,0x86
13388+ };
13389+
13390+__fips_constseg
13391+static const unsigned char sha256_pr_returnedbits[] =
13392+ {
13393+ 0x02,0xaa,0xb6,0x1d,0x7e,0x2a,0x40,0x03,0x69,0x2d,0x49,0xa3,
13394+ 0x41,0xe7,0x44,0x0b,0xaf,0x7b,0x85,0xe4,0x5f,0x53,0x3b,0x64,
13395+ 0xbc,0x89,0xc8,0x82,0xd4,0x78,0x37,0xa2
13396+ };
13397+
13398+
13399+/* SHA-256 No PR */
13400+__fips_constseg
13401+static const unsigned char sha256_entropyinput[] =
13402+ {
13403+ 0x5b,0x1b,0xec,0x4d,0xa9,0x38,0x74,0x5a,0x34,0x0b,0x7b,0xc5,
13404+ 0xe5,0xd7,0x66,0x7c,0xbc,0x82,0xb9,0x0e,0x2d,0x1f,0x92,0xd7,
13405+ 0xc1,0xbc,0x67,0x69,0xec,0x6b,0x03,0x3c
13406+ };
13407+
13408+__fips_constseg
13409+static const unsigned char sha256_nonce[] =
13410+ {
13411+ 0xa4,0x0c,0xd8,0x9c,0x61,0xd8,0xc3,0x54,0xfe,0x53,0xc9,0xe5,
13412+ 0x5d,0x6f,0x6d,0x35
13413+ };
13414+
13415+__fips_constseg
13416+static const unsigned char sha256_personalizationstring[] =
13417+ {
13418+ 0x22,0x5e,0x62,0x93,0x42,0x83,0x78,0x24,0xd8,0x40,0x8c,0xde,
13419+ 0x6f,0xf9,0xa4,0x7a,0xc5,0xa7,0x3b,0x88,0xa3,0xee,0x42,0x20,
13420+ 0xfd,0x61,0x56,0xc6,0x4c,0x13,0x41,0x9c
13421+ };
13422+
13423+__fips_constseg
13424+static const unsigned char sha256_additionalinput[] =
13425+ {
13426+ 0xbf,0x74,0x5b,0xf6,0xc5,0x64,0x5e,0x99,0x34,0x8f,0xbc,0xa4,
13427+ 0xe2,0xbd,0xd8,0x85,0x26,0x37,0xea,0xba,0x4f,0xf2,0x9a,0x9a,
13428+ 0x66,0xfc,0xdf,0x63,0x26,0x26,0x19,0x87
13429+ };
13430+
13431+__fips_constseg
13432+static const unsigned char sha256_int_returnedbits[] =
13433+ {
13434+ 0xb3,0xc6,0x07,0x07,0xd6,0x75,0xf6,0x2b,0xd6,0x21,0x96,0xf1,
13435+ 0xae,0xdb,0x2b,0xac,0x25,0x2a,0xae,0xae,0x41,0x72,0x03,0x5e,
13436+ 0xbf,0xd3,0x64,0xbc,0x59,0xf9,0xc0,0x76
13437+ };
13438+
13439+__fips_constseg
13440+static const unsigned char sha256_entropyinputreseed[] =
13441+ {
13442+ 0xbf,0x20,0x33,0x56,0x29,0xa8,0x37,0x04,0x1f,0x78,0x34,0x3d,
13443+ 0x81,0x2a,0xc9,0x86,0xc6,0x7a,0x2f,0x88,0x5e,0xd5,0xbe,0x34,
13444+ 0x46,0x20,0xa4,0x35,0xeb,0xc7,0xe2,0x9d
13445+ };
13446+
13447+__fips_constseg
13448+static const unsigned char sha256_additionalinputreseed[] =
13449+ {
13450+ 0x9b,0xae,0x2d,0x2d,0x61,0xa4,0x89,0xeb,0x43,0x46,0xa7,0xda,
13451+ 0xef,0x40,0xca,0x4a,0x99,0x11,0x41,0xdc,0x5c,0x94,0xe9,0xac,
13452+ 0xd4,0xd0,0xe6,0xbd,0xfb,0x03,0x9c,0xa8
13453+ };
13454+
13455+__fips_constseg
13456+static const unsigned char sha256_additionalinput2[] =
13457+ {
13458+ 0x23,0xaa,0x0c,0xbd,0x28,0x33,0xe2,0x51,0xfc,0x71,0xd2,0x15,
13459+ 0x1f,0x76,0xfd,0x0d,0xe0,0xb7,0xb5,0x84,0x75,0x5b,0xbe,0xf3,
13460+ 0x5c,0xca,0xc5,0x30,0xf2,0x75,0x1f,0xda
13461+ };
13462+
13463+__fips_constseg
13464+static const unsigned char sha256_returnedbits[] =
13465+ {
13466+ 0x90,0x3c,0xc1,0x10,0x8c,0x12,0x01,0xc6,0xa6,0x3a,0x0f,0x4d,
13467+ 0xb6,0x3a,0x4f,0x41,0x9c,0x61,0x75,0x84,0xe9,0x74,0x75,0xfd,
13468+ 0xfe,0xf2,0x1f,0x43,0xd8,0x5e,0x24,0xa3
13469+ };
13470+
13471+
13472+/* SHA-384 PR */
13473+__fips_constseg
13474+static const unsigned char sha384_pr_entropyinput[] =
13475+ {
13476+ 0x71,0x9d,0xb2,0x5a,0x71,0x6d,0x04,0xe9,0x1e,0xc7,0x92,0x24,
13477+ 0x6e,0x12,0x33,0xa9,0x52,0x64,0x31,0xef,0x71,0xeb,0x22,0x55,
13478+ 0x28,0x97,0x06,0x6a,0xc0,0x0c,0xa0,0x7e
13479+ };
13480+
13481+__fips_constseg
13482+static const unsigned char sha384_pr_nonce[] =
13483+ {
13484+ 0xf5,0x0d,0xfa,0xb0,0xec,0x6a,0x7c,0xd6,0xbd,0x9b,0x05,0xfd,
13485+ 0x38,0x3e,0x2e,0x56
13486+ };
13487+
13488+__fips_constseg
13489+static const unsigned char sha384_pr_personalizationstring[] =
13490+ {
13491+ 0x74,0xac,0x7e,0x6d,0xb1,0xa4,0xe7,0x21,0xd1,0x1e,0x6e,0x96,
13492+ 0x6d,0x4d,0x53,0x46,0x82,0x96,0x6e,0xcf,0xaa,0x81,0x8d,0x7d,
13493+ 0x9e,0xe1,0x0f,0x15,0xea,0x41,0xbf,0xe3
13494+ };
13495+
13496+__fips_constseg
13497+static const unsigned char sha384_pr_additionalinput[] =
13498+ {
13499+ 0xda,0x95,0xd4,0xd0,0xb8,0x11,0xd3,0x49,0x27,0x5d,0xa9,0x39,
13500+ 0x68,0xf3,0xa8,0xe9,0x5d,0x19,0x8a,0x2b,0x66,0xe8,0x69,0x06,
13501+ 0x7c,0x9e,0x03,0xa1,0x8b,0x26,0x2d,0x6e
13502+ };
13503+
13504+__fips_constseg
13505+static const unsigned char sha384_pr_entropyinputpr[] =
13506+ {
13507+ 0x49,0xdf,0x44,0x00,0xe4,0x1c,0x75,0x0b,0x26,0x5a,0x59,0x64,
13508+ 0x1f,0x4e,0xb1,0xb2,0x13,0xf1,0x22,0x4e,0xb4,0x6d,0x9a,0xcc,
13509+ 0xa0,0x48,0xe6,0xcf,0x1d,0xd1,0x92,0x0d
13510+ };
13511+
13512+__fips_constseg
13513+static const unsigned char sha384_pr_int_returnedbits[] =
13514+ {
13515+ 0xc8,0x52,0xae,0xbf,0x04,0x3c,0x27,0xb7,0x78,0x18,0xaa,0x8f,
13516+ 0xff,0xcf,0xa4,0xf1,0xcc,0xe7,0x68,0xfa,0x22,0xa2,0x13,0x45,
13517+ 0xe8,0xdd,0x87,0xe6,0xf2,0x6e,0xdd,0xc7,0x52,0x90,0x9f,0x7b,
13518+ 0xfa,0x61,0x2d,0x9d,0x9e,0xcf,0x98,0xac,0x52,0x40,0xce,0xaf
13519+ };
13520+
13521+__fips_constseg
13522+static const unsigned char sha384_pr_additionalinput2[] =
13523+ {
13524+ 0x61,0x7c,0x03,0x9a,0x3e,0x50,0x57,0x60,0xc5,0x83,0xc9,0xb2,
13525+ 0xd1,0x87,0x85,0x66,0x92,0x5d,0x84,0x0e,0x53,0xfb,0x70,0x03,
13526+ 0x72,0xfd,0xba,0xae,0x9c,0x8f,0xf8,0x18
13527+ };
13528+
13529+__fips_constseg
13530+static const unsigned char sha384_pr_entropyinputpr2[] =
13531+ {
13532+ 0xf8,0xeb,0x89,0xb1,0x8d,0x78,0xbe,0x21,0xe0,0xbb,0x9d,0xb7,
13533+ 0x95,0x0e,0xd9,0x46,0x0c,0x8c,0xe2,0x63,0xb7,0x9d,0x67,0x90,
13534+ 0xbd,0xc7,0x0b,0xa5,0xce,0xb2,0x65,0x81
13535+ };
13536+
13537+__fips_constseg
13538+static const unsigned char sha384_pr_returnedbits[] =
13539+ {
13540+ 0xe6,0x9f,0xfe,0x68,0xd6,0xb5,0x79,0xf1,0x06,0x5f,0xa3,0xbb,
13541+ 0x23,0x85,0xd8,0xf0,0x29,0x5a,0x68,0x9e,0xf5,0xf4,0xa6,0x12,
13542+ 0xe0,0x9a,0xe2,0xac,0x00,0x1d,0x98,0x26,0xfc,0x53,0x95,0x53,
13543+ 0xe4,0x3e,0x17,0xd5,0x08,0x0b,0x70,0x3d,0x67,0x99,0xac,0x66
13544+ };
13545+
13546+
13547+/* SHA-384 No PR */
13548+__fips_constseg
13549+static const unsigned char sha384_entropyinput[] =
13550+ {
13551+ 0x07,0x15,0x27,0x2a,0xaf,0x74,0x24,0x37,0xbc,0xd5,0x14,0x69,
13552+ 0xce,0x11,0xff,0xa2,0x6b,0xb8,0x05,0x67,0x34,0xf8,0xbd,0x6d,
13553+ 0x6a,0xcc,0xcd,0x60,0xa3,0x68,0xca,0xf4
13554+ };
13555+
13556+__fips_constseg
13557+static const unsigned char sha384_nonce[] =
13558+ {
13559+ 0x70,0x17,0xc2,0x5b,0x5d,0x22,0x0b,0x06,0x15,0x54,0x78,0x77,
13560+ 0x44,0xaf,0x2f,0x09
13561+ };
13562+
13563+__fips_constseg
13564+static const unsigned char sha384_personalizationstring[] =
13565+ {
13566+ 0x89,0x39,0x28,0xb0,0x60,0xeb,0x3d,0xdc,0x55,0x75,0x86,0xeb,
13567+ 0xae,0xa2,0x8f,0xbc,0x1b,0x75,0xd4,0xe1,0x0f,0xaa,0x38,0xca,
13568+ 0x62,0x8b,0xcb,0x2c,0x26,0xf6,0xbc,0xb1
13569+ };
13570+
13571+__fips_constseg
13572+static const unsigned char sha384_additionalinput[] =
13573+ {
13574+ 0x30,0x2b,0x42,0x35,0xef,0xda,0x40,0x55,0x28,0xc6,0x95,0xfb,
13575+ 0x54,0x01,0x62,0xd7,0x87,0x14,0x48,0x6d,0x90,0x4c,0xa9,0x02,
13576+ 0x54,0x40,0x22,0xc8,0x66,0xa5,0x48,0x48
13577+ };
13578+
13579+__fips_constseg
13580+static const unsigned char sha384_int_returnedbits[] =
13581+ {
13582+ 0x82,0xc4,0xa1,0x9c,0x21,0xd2,0xe7,0xa5,0xa6,0xf6,0x5f,0x04,
13583+ 0x5c,0xc7,0x31,0x9d,0x8d,0x59,0x74,0x50,0x19,0x89,0x2f,0x63,
13584+ 0xd5,0xb7,0x7e,0xeb,0x15,0xe3,0x70,0x83,0xa1,0x24,0x59,0xfa,
13585+ 0x2c,0x56,0xf6,0x88,0x3a,0x92,0x93,0xa1,0xfb,0x79,0xc1,0x7a
13586+ };
13587+
13588+__fips_constseg
13589+static const unsigned char sha384_entropyinputreseed[] =
13590+ {
13591+ 0x39,0xa6,0xe8,0x5c,0x82,0x17,0x71,0x26,0x57,0x4f,0x9f,0xc2,
13592+ 0x55,0xff,0x5c,0x9b,0x53,0x1a,0xd1,0x5f,0xbc,0x62,0xe4,0x27,
13593+ 0x2d,0x32,0xf0,0xe4,0x52,0x8c,0xc5,0x0c
13594+ };
13595+
13596+__fips_constseg
13597+static const unsigned char sha384_additionalinputreseed[] =
13598+ {
13599+ 0x8d,0xcb,0x8d,0xce,0x08,0xea,0x80,0xe8,0x9b,0x61,0xa8,0x0f,
13600+ 0xaf,0x49,0x20,0x9e,0x74,0xcb,0x57,0x80,0x42,0xb0,0x84,0x5e,
13601+ 0x30,0x2a,0x67,0x08,0xf4,0xe3,0x40,0x22
13602+ };
13603+
13604+__fips_constseg
13605+static const unsigned char sha384_additionalinput2[] =
13606+ {
13607+ 0x7c,0x8f,0xc2,0xae,0x22,0x4a,0xd6,0xf6,0x05,0xa4,0x7a,0xea,
13608+ 0xbb,0x25,0xd0,0xb7,0x5a,0xd6,0xcf,0x9d,0xf3,0x6c,0xe2,0xb2,
13609+ 0x4e,0xb4,0xbd,0xf4,0xe5,0x40,0x80,0x94
13610+ };
13611+
13612+__fips_constseg
13613+static const unsigned char sha384_returnedbits[] =
13614+ {
13615+ 0x9e,0x7e,0xfb,0x59,0xbb,0xaa,0x3c,0xf7,0xe1,0xf8,0x76,0xdd,
13616+ 0x63,0x5f,0xaf,0x23,0xd6,0x64,0x61,0xc0,0x9a,0x09,0x47,0xc9,
13617+ 0x33,0xdf,0x6d,0x55,0x91,0x34,0x79,0x70,0xc4,0x99,0x6e,0x54,
13618+ 0x09,0x64,0x21,0x1a,0xbd,0x1e,0x80,0x40,0x34,0xad,0xfa,0xd7
13619+ };
13620+
13621+
13622+/* SHA-512 PR */
13623+__fips_constseg
13624+static const unsigned char sha512_pr_entropyinput[] =
13625+ {
13626+ 0x13,0xf7,0x61,0x75,0x65,0x28,0xa2,0x59,0x13,0x5a,0x4a,0x4f,
13627+ 0x56,0x60,0x8c,0x53,0x7d,0xb0,0xbd,0x06,0x4f,0xed,0xcc,0xd2,
13628+ 0xa2,0xb5,0xfd,0x5b,0x3a,0xab,0xec,0x28
13629+ };
13630+
13631+__fips_constseg
13632+static const unsigned char sha512_pr_nonce[] =
13633+ {
13634+ 0xbe,0xa3,0x91,0x93,0x1d,0xc3,0x31,0x3a,0x23,0x33,0x50,0x67,
13635+ 0x88,0xc7,0xa2,0xc4
13636+ };
13637+
13638+__fips_constseg
13639+static const unsigned char sha512_pr_personalizationstring[] =
13640+ {
13641+ 0x1f,0x59,0x4d,0x7b,0xe6,0x46,0x91,0x48,0xc1,0x25,0xfa,0xff,
13642+ 0x89,0x12,0x77,0x35,0xdf,0x3e,0xf4,0x80,0x5f,0xd9,0xb0,0x07,
13643+ 0x22,0x41,0xdd,0x48,0x78,0x6b,0x77,0x2b
13644+ };
13645+
13646+__fips_constseg
13647+static const unsigned char sha512_pr_additionalinput[] =
13648+ {
13649+ 0x30,0xff,0x63,0x6f,0xac,0xd9,0x84,0x39,0x6f,0xe4,0x99,0xce,
13650+ 0x91,0x7d,0x7e,0xc8,0x58,0xf2,0x12,0xc3,0xb6,0xad,0xda,0x22,
13651+ 0x04,0xa0,0xd2,0x21,0xfe,0xf2,0x95,0x1d
13652+ };
13653+
13654+__fips_constseg
13655+static const unsigned char sha512_pr_entropyinputpr[] =
13656+ {
13657+ 0x64,0x54,0x13,0xec,0x4f,0x77,0xda,0xb2,0x92,0x2e,0x52,0x80,
13658+ 0x11,0x10,0xc2,0xf8,0xe6,0xa7,0xcd,0x4b,0xfc,0x32,0x2e,0x9e,
13659+ 0xeb,0xbb,0xb1,0xbf,0x15,0x5c,0x73,0x08
13660+ };
13661+
13662+__fips_constseg
13663+static const unsigned char sha512_pr_int_returnedbits[] =
13664+ {
13665+ 0xef,0x1e,0xdc,0x0a,0xa4,0x36,0x91,0x9c,0x3d,0x27,0x97,0x50,
13666+ 0x8d,0x36,0x29,0x8d,0xce,0x6a,0x0c,0xf7,0x21,0xc0,0x91,0xae,
13667+ 0x0c,0x96,0x72,0xbd,0x52,0x81,0x58,0xfc,0x6d,0xe5,0xf7,0xa5,
13668+ 0xfd,0x5d,0xa7,0x58,0x68,0xc8,0x99,0x58,0x8e,0xc8,0xce,0x95,
13669+ 0x01,0x7d,0xff,0xa4,0xc8,0xf7,0x63,0xfe,0x5f,0x69,0x83,0x53,
13670+ 0xe2,0xc6,0x8b,0xc3
13671+ };
13672+
13673+__fips_constseg
13674+static const unsigned char sha512_pr_additionalinput2[] =
13675+ {
13676+ 0xe6,0x9b,0xc4,0x88,0x34,0xca,0xea,0x29,0x2f,0x98,0x05,0xa4,
13677+ 0xd3,0xc0,0x7b,0x11,0xe8,0xbb,0x75,0xf2,0xbd,0x29,0xb7,0x40,
13678+ 0x25,0x7f,0xc1,0xb7,0xb1,0xf1,0x25,0x61
13679+ };
13680+
13681+__fips_constseg
13682+static const unsigned char sha512_pr_entropyinputpr2[] =
13683+ {
13684+ 0x23,0x6d,0xff,0xde,0xfb,0xd1,0xba,0x33,0x18,0xe6,0xbe,0xb5,
13685+ 0x48,0x77,0x6d,0x7f,0xa7,0xe1,0x4d,0x48,0x1e,0x3c,0xa7,0x34,
13686+ 0x1a,0xc8,0x60,0xdb,0x8f,0x99,0x15,0x99
13687+ };
13688+
13689+__fips_constseg
13690+static const unsigned char sha512_pr_returnedbits[] =
13691+ {
13692+ 0x70,0x27,0x31,0xdb,0x92,0x70,0x21,0xfe,0x16,0xb6,0xc8,0x51,
13693+ 0x34,0x87,0x65,0xd0,0x4e,0xfd,0xfe,0x68,0xec,0xac,0xdc,0x93,
13694+ 0x41,0x38,0x92,0x90,0xb4,0x94,0xf9,0x0d,0xa4,0xf7,0x4e,0x80,
13695+ 0x92,0x67,0x48,0x40,0xa7,0x08,0xc7,0xbc,0x66,0x00,0xfd,0xf7,
13696+ 0x4c,0x8b,0x17,0x6e,0xd1,0x8f,0x9b,0xf3,0x6f,0xf6,0x34,0xdd,
13697+ 0x67,0xf7,0x68,0xdd
13698+ };
13699+
13700+
13701+/* SHA-512 No PR */
13702+__fips_constseg
13703+static const unsigned char sha512_entropyinput[] =
13704+ {
13705+ 0xb6,0x0b,0xb7,0xbc,0x84,0x56,0xf6,0x12,0xaf,0x45,0x67,0x17,
13706+ 0x7c,0xd1,0xb2,0x78,0x2b,0xa0,0xf2,0xbe,0xb6,0x6d,0x8b,0x56,
13707+ 0xc6,0xbc,0x4d,0xe1,0xf7,0xbe,0xce,0xbd
13708+ };
13709+
13710+__fips_constseg
13711+static const unsigned char sha512_nonce[] =
13712+ {
13713+ 0x9d,0xed,0xc0,0xe5,0x5a,0x98,0x6a,0xcb,0x51,0x7d,0x76,0x31,
13714+ 0x5a,0x64,0xf0,0xf7
13715+ };
13716+
13717+__fips_constseg
13718+static const unsigned char sha512_personalizationstring[] =
13719+ {
13720+ 0xc2,0x6d,0xa3,0xc3,0x06,0x74,0xe5,0x01,0x5c,0x10,0x17,0xc7,
13721+ 0xaf,0x83,0x9d,0x59,0x8d,0x2d,0x29,0x38,0xc5,0x59,0x70,0x8b,
13722+ 0x46,0x48,0x2d,0xcf,0x36,0x7d,0x59,0xc0
13723+ };
13724+
13725+__fips_constseg
13726+static const unsigned char sha512_additionalinput[] =
13727+ {
13728+ 0xec,0x8c,0xd4,0xf7,0x61,0x6e,0x0d,0x95,0x79,0xb7,0x28,0xad,
13729+ 0x5f,0x69,0x74,0x5f,0x2d,0x36,0x06,0x8a,0x6b,0xac,0x54,0x97,
13730+ 0xc4,0xa1,0x12,0x85,0x0a,0xdf,0x4b,0x34
13731+ };
13732+
13733+__fips_constseg
13734+static const unsigned char sha512_int_returnedbits[] =
13735+ {
13736+ 0x84,0x2f,0x1f,0x68,0x6a,0xa3,0xad,0x1e,0xfb,0xf4,0x15,0xbd,
13737+ 0xde,0x38,0xd4,0x30,0x80,0x51,0xe9,0xd3,0xc7,0x20,0x88,0xe9,
13738+ 0xf5,0xcc,0xdf,0x57,0x5c,0x47,0x2f,0x57,0x3c,0x5f,0x13,0x56,
13739+ 0xcc,0xc5,0x4f,0x84,0xf8,0x10,0x41,0xd5,0x7e,0x58,0x6e,0x19,
13740+ 0x19,0x9e,0xaf,0xc2,0x22,0x58,0x41,0x50,0x79,0xc2,0xd8,0x04,
13741+ 0x28,0xd4,0x39,0x9a
13742+ };
13743+
13744+__fips_constseg
13745+static const unsigned char sha512_entropyinputreseed[] =
13746+ {
13747+ 0xfa,0x7f,0x46,0x51,0x83,0x62,0x98,0x16,0x9a,0x19,0xa2,0x49,
13748+ 0xa9,0xe6,0x4a,0xd8,0x85,0xe7,0xd4,0x3b,0x2c,0x82,0xc5,0x82,
13749+ 0xbf,0x11,0xf9,0x9e,0xbc,0xd0,0x01,0xee
13750+ };
13751+
13752+__fips_constseg
13753+static const unsigned char sha512_additionalinputreseed[] =
13754+ {
13755+ 0xb9,0x12,0xe0,0x4f,0xf7,0xa7,0xc4,0xd8,0xd0,0x8e,0x99,0x29,
13756+ 0x7c,0x9a,0xe9,0xcf,0xc4,0x6c,0xf8,0xc3,0xa7,0x41,0x83,0xd6,
13757+ 0x2e,0xfa,0xb8,0x5e,0x8e,0x6b,0x78,0x20
13758+ };
13759+
13760+__fips_constseg
13761+static const unsigned char sha512_additionalinput2[] =
13762+ {
13763+ 0xd7,0x07,0x52,0xb9,0x83,0x2c,0x03,0x71,0xee,0xc9,0xc0,0x85,
13764+ 0xe1,0x57,0xb2,0xcd,0x3a,0xf0,0xc9,0x34,0x24,0x41,0x1c,0x42,
13765+ 0x99,0xb2,0x84,0xe9,0x17,0xd2,0x76,0x92
13766+ };
13767+
13768+__fips_constseg
13769+static const unsigned char sha512_returnedbits[] =
13770+ {
13771+ 0x36,0x17,0x5d,0x98,0x2b,0x65,0x25,0x8e,0xc8,0x29,0xdf,0x27,
13772+ 0x05,0x36,0x26,0x12,0x8a,0x68,0x74,0x27,0x37,0xd4,0x7f,0x32,
13773+ 0xb1,0x12,0xd6,0x85,0x83,0xeb,0x2e,0xa0,0xed,0x4b,0xb5,0x7b,
13774+ 0x6f,0x39,0x3c,0x71,0x77,0x02,0x12,0xcc,0x2c,0x3a,0x8e,0x63,
13775+ 0xdf,0x4a,0xbd,0x6f,0x6e,0x2e,0xed,0x0a,0x85,0xa5,0x2f,0xa2,
13776+ 0x68,0xde,0x42,0xb5
13777+ };
13778+
13779+
13780+/* HMAC SHA-1 PR */
13781+__fips_constseg
13782+static const unsigned char hmac_sha1_pr_entropyinput[] =
13783+ {
13784+ 0x26,0x5f,0x36,0x14,0xff,0x3d,0x83,0xfa,0x73,0x5e,0x75,0xdc,
13785+ 0x2c,0x18,0x17,0x1b
13786+ };
13787+
13788+__fips_constseg
13789+static const unsigned char hmac_sha1_pr_nonce[] =
13790+ {
13791+ 0xc8,0xe3,0x57,0xa5,0x7b,0x74,0x86,0x6e
13792+ };
13793+
13794+__fips_constseg
13795+static const unsigned char hmac_sha1_pr_personalizationstring[] =
13796+ {
13797+ 0x6e,0xdb,0x0d,0xfe,0x7d,0xac,0x79,0xd0,0xa5,0x3a,0x48,0x85,
13798+ 0x80,0xe2,0x7f,0x2a
13799+ };
13800+
13801+__fips_constseg
13802+static const unsigned char hmac_sha1_pr_additionalinput[] =
13803+ {
13804+ 0x31,0xcd,0x5e,0x43,0xdc,0xfb,0x7a,0x79,0xca,0x88,0xde,0x1f,
13805+ 0xd7,0xbb,0x42,0x09
13806+ };
13807+
13808+__fips_constseg
13809+static const unsigned char hmac_sha1_pr_entropyinputpr[] =
13810+ {
13811+ 0x7c,0x23,0x95,0x38,0x00,0x95,0xc1,0x78,0x1f,0x8f,0xd7,0x63,
13812+ 0x23,0x87,0x2a,0xed
13813+ };
13814+
13815+__fips_constseg
13816+static const unsigned char hmac_sha1_pr_int_returnedbits[] =
13817+ {
13818+ 0xbb,0x34,0xe7,0x93,0xa3,0x02,0x2c,0x4a,0xd0,0x89,0xda,0x7f,
13819+ 0xed,0xf4,0x4c,0xde,0x17,0xec,0xe5,0x6c
13820+ };
13821+
13822+__fips_constseg
13823+static const unsigned char hmac_sha1_pr_additionalinput2[] =
13824+ {
13825+ 0x49,0xbc,0x2d,0x2c,0xb7,0x32,0xcb,0x20,0xdf,0xf5,0x77,0x58,
13826+ 0xa0,0x4b,0x93,0x6e
13827+ };
13828+
13829+__fips_constseg
13830+static const unsigned char hmac_sha1_pr_entropyinputpr2[] =
13831+ {
13832+ 0x3c,0xaa,0xb0,0x21,0x42,0xb0,0xdd,0x34,0xf0,0x16,0x7f,0x0c,
13833+ 0x0f,0xff,0x2e,0xaf
13834+ };
13835+
13836+__fips_constseg
13837+static const unsigned char hmac_sha1_pr_returnedbits[] =
13838+ {
13839+ 0x8e,0xcb,0xa3,0x64,0xb2,0xb8,0x33,0x6c,0x64,0x3b,0x78,0x16,
13840+ 0x99,0x35,0xc8,0x30,0xcb,0x3e,0xa0,0xd8
13841+ };
13842+
13843+
13844+/* HMAC SHA-1 No PR */
13845+__fips_constseg
13846+static const unsigned char hmac_sha1_entropyinput[] =
13847+ {
13848+ 0x32,0x9a,0x2a,0x87,0x7b,0x89,0x7c,0xf6,0xcb,0x95,0xd5,0x40,
13849+ 0x17,0xfe,0x47,0x70
13850+ };
13851+
13852+__fips_constseg
13853+static const unsigned char hmac_sha1_nonce[] =
13854+ {
13855+ 0x16,0xd8,0xe0,0xc7,0x52,0xcf,0x4a,0x25
13856+ };
13857+
13858+__fips_constseg
13859+static const unsigned char hmac_sha1_personalizationstring[] =
13860+ {
13861+ 0x35,0x35,0xa9,0xa5,0x40,0xbe,0x9b,0xd1,0x56,0xdd,0x44,0x00,
13862+ 0x72,0xf7,0xd3,0x5e
13863+ };
13864+
13865+__fips_constseg
13866+static const unsigned char hmac_sha1_additionalinput[] =
13867+ {
13868+ 0x1b,0x2c,0x84,0x2d,0x4a,0x89,0x8f,0x69,0x19,0xf1,0xf3,0xdb,
13869+ 0xbb,0xe3,0xaa,0xea
13870+ };
13871+
13872+__fips_constseg
13873+static const unsigned char hmac_sha1_int_returnedbits[] =
13874+ {
13875+ 0xcf,0xfa,0x7d,0x72,0x0f,0xe6,0xc7,0x96,0xa0,0x69,0x31,0x11,
13876+ 0x9b,0x0b,0x1a,0x20,0x1f,0x3f,0xaa,0xd1
13877+ };
13878+
13879+__fips_constseg
13880+static const unsigned char hmac_sha1_entropyinputreseed[] =
13881+ {
13882+ 0x90,0x75,0x15,0x04,0x95,0xf1,0xba,0x81,0x0c,0x37,0x94,0x6f,
13883+ 0x86,0x52,0x6d,0x9c
13884+ };
13885+
13886+__fips_constseg
13887+static const unsigned char hmac_sha1_additionalinputreseed[] =
13888+ {
13889+ 0x5b,0x40,0xba,0x5f,0x17,0x70,0xf0,0x4b,0xdf,0xc9,0x97,0x92,
13890+ 0x79,0xc5,0x82,0x28
13891+ };
13892+
13893+__fips_constseg
13894+static const unsigned char hmac_sha1_additionalinput2[] =
13895+ {
13896+ 0x97,0xc8,0x80,0x90,0xb3,0xaa,0x6e,0x60,0xea,0x83,0x7a,0xe3,
13897+ 0x8a,0xca,0xa4,0x7f
13898+ };
13899+
13900+__fips_constseg
13901+static const unsigned char hmac_sha1_returnedbits[] =
13902+ {
13903+ 0x90,0xbd,0x05,0x56,0x6d,0xb5,0x22,0xd5,0xb9,0x5a,0x29,0x2d,
13904+ 0xe9,0x0b,0xe1,0xac,0xde,0x27,0x0b,0xb0
13905+ };
13906+
13907+
13908+/* HMAC SHA-224 PR */
13909+__fips_constseg
13910+static const unsigned char hmac_sha224_pr_entropyinput[] =
13911+ {
13912+ 0x17,0x32,0x2b,0x2e,0x6f,0x1b,0x9c,0x6d,0x31,0xe0,0x34,0x07,
13913+ 0xcf,0xed,0xf6,0xb6,0x5a,0x76,0x4c,0xbc,0x62,0x85,0x01,0x90
13914+ };
13915+
13916+__fips_constseg
13917+static const unsigned char hmac_sha224_pr_nonce[] =
13918+ {
13919+ 0x38,0xbf,0x5f,0x20,0xb3,0x68,0x2f,0x43,0x61,0x05,0x8f,0x23
13920+ };
13921+
13922+__fips_constseg
13923+static const unsigned char hmac_sha224_pr_personalizationstring[] =
13924+ {
13925+ 0xc0,0xc9,0x45,0xac,0x8d,0x27,0x77,0x08,0x0b,0x17,0x6d,0xed,
13926+ 0xc1,0x7d,0xd5,0x07,0x9d,0x6e,0xf8,0x23,0x2a,0x22,0x13,0xbd
13927+ };
13928+
13929+__fips_constseg
13930+static const unsigned char hmac_sha224_pr_additionalinput[] =
13931+ {
13932+ 0xa4,0x3c,0xe7,0x3b,0xea,0x19,0x45,0x32,0xc2,0x83,0x6d,0x21,
13933+ 0x8a,0xc0,0xee,0x67,0x45,0xde,0x13,0x7d,0x9d,0x61,0x00,0x3b
13934+ };
13935+
13936+__fips_constseg
13937+static const unsigned char hmac_sha224_pr_entropyinputpr[] =
13938+ {
13939+ 0x15,0x05,0x74,0x4a,0x7f,0x8d,0x5c,0x60,0x16,0xe5,0x7b,0xad,
13940+ 0xf5,0x41,0x8f,0x55,0x60,0xc4,0x09,0xee,0x1e,0x11,0x81,0xab
13941+ };
13942+
13943+__fips_constseg
13944+static const unsigned char hmac_sha224_pr_int_returnedbits[] =
13945+ {
13946+ 0x6f,0xf5,0x9a,0xe2,0x54,0x53,0x30,0x3d,0x5a,0x27,0x29,0x38,
13947+ 0x27,0xf2,0x0d,0x05,0xe9,0x26,0xcb,0x16,0xc3,0x51,0x5f,0x13,
13948+ 0x41,0xfe,0x99,0xf2
13949+ };
13950+
13951+__fips_constseg
13952+static const unsigned char hmac_sha224_pr_additionalinput2[] =
13953+ {
13954+ 0x73,0x81,0x88,0x84,0x8f,0xed,0x6f,0x10,0x9f,0x93,0xbf,0x17,
13955+ 0x35,0x7c,0xef,0xd5,0x8d,0x26,0xa6,0x7a,0xe8,0x09,0x36,0x4f
13956+ };
13957+
13958+__fips_constseg
13959+static const unsigned char hmac_sha224_pr_entropyinputpr2[] =
13960+ {
13961+ 0xe6,0xcf,0xcf,0x7e,0x12,0xe5,0x43,0xd2,0x38,0xd8,0x24,0x6f,
13962+ 0x5a,0x37,0x68,0xbf,0x4f,0xa0,0xff,0xd5,0x61,0x8a,0x93,0xe0
13963+ };
13964+
13965+__fips_constseg
13966+static const unsigned char hmac_sha224_pr_returnedbits[] =
13967+ {
13968+ 0xaf,0xf9,0xd8,0x19,0x91,0x30,0x82,0x6f,0xa9,0x1e,0x9d,0xd7,
13969+ 0xf3,0x50,0xe0,0xc7,0xd5,0x64,0x96,0x7d,0x4c,0x4d,0x78,0x03,
13970+ 0x6d,0xd8,0x9e,0x72
13971+ };
13972+
13973+
13974+/* HMAC SHA-224 No PR */
13975+__fips_constseg
13976+static const unsigned char hmac_sha224_entropyinput[] =
13977+ {
13978+ 0x11,0x82,0xfd,0xd9,0x42,0xf4,0xfa,0xc8,0xf2,0x41,0xe6,0x54,
13979+ 0x01,0xae,0x22,0x6e,0xc6,0xaf,0xaf,0xd0,0xa6,0xb2,0xe2,0x6d
13980+ };
13981+
13982+__fips_constseg
13983+static const unsigned char hmac_sha224_nonce[] =
13984+ {
13985+ 0xa9,0x48,0xd7,0x92,0x39,0x7e,0x2a,0xdc,0x30,0x1f,0x0e,0x2b
13986+ };
13987+
13988+__fips_constseg
13989+static const unsigned char hmac_sha224_personalizationstring[] =
13990+ {
13991+ 0x11,0xd5,0xf4,0xbd,0x67,0x8c,0x31,0xcf,0xa3,0x3f,0x1e,0x6b,
13992+ 0xa8,0x07,0x02,0x0b,0xc8,0x2e,0x6c,0x64,0x41,0x5b,0xc8,0x37
13993+ };
13994+
13995+__fips_constseg
13996+static const unsigned char hmac_sha224_additionalinput[] =
13997+ {
13998+ 0x68,0x18,0xc2,0x06,0xeb,0x3e,0x04,0x95,0x44,0x5e,0xfb,0xe6,
13999+ 0x41,0xc1,0x5c,0xcc,0x40,0x2f,0xb7,0xd2,0x0f,0xf3,0x6b,0xe7
14000+ };
14001+
14002+__fips_constseg
14003+static const unsigned char hmac_sha224_int_returnedbits[] =
14004+ {
14005+ 0x7f,0x45,0xc7,0x5d,0x32,0xe6,0x17,0x60,0xba,0xdc,0xb8,0x42,
14006+ 0x1b,0x9c,0xf1,0xfa,0x3b,0x4d,0x29,0x54,0xc6,0x90,0xff,0x5c,
14007+ 0xcd,0xd6,0xa9,0xcc
14008+ };
14009+
14010+__fips_constseg
14011+static const unsigned char hmac_sha224_entropyinputreseed[] =
14012+ {
14013+ 0xc4,0x8e,0x37,0x95,0x69,0x53,0x28,0xd7,0x37,0xbb,0x70,0x95,
14014+ 0x1c,0x07,0x1d,0xd9,0xb7,0xe6,0x1b,0xbb,0xfe,0x41,0xeb,0xc9
14015+ };
14016+
14017+__fips_constseg
14018+static const unsigned char hmac_sha224_additionalinputreseed[] =
14019+ {
14020+ 0x53,0x17,0xa1,0x6a,0xfa,0x77,0x47,0xb0,0x95,0x56,0x9a,0x20,
14021+ 0x57,0xde,0x5c,0x89,0x9f,0x7f,0xe2,0xde,0x17,0x3a,0x50,0x23
14022+ };
14023+
14024+__fips_constseg
14025+static const unsigned char hmac_sha224_additionalinput2[] =
14026+ {
14027+ 0x3a,0x32,0xf9,0x85,0x0c,0xc1,0xed,0x76,0x2d,0xdf,0x40,0xc3,
14028+ 0x06,0x22,0x66,0xd4,0x9a,0x9a,0xff,0x5a,0x7e,0x7a,0xf3,0x96
14029+ };
14030+
14031+__fips_constseg
14032+static const unsigned char hmac_sha224_returnedbits[] =
14033+ {
14034+ 0x43,0xb4,0x57,0x5c,0x38,0x25,0x9d,0xae,0xec,0x96,0xd1,0x85,
14035+ 0x3a,0x84,0x8d,0xfe,0x68,0xd5,0x0e,0x5c,0x8f,0x65,0xa5,0x4e,
14036+ 0x45,0x84,0xa8,0x94
14037+ };
14038+
14039+
14040+/* HMAC SHA-256 PR */
14041+__fips_constseg
14042+static const unsigned char hmac_sha256_pr_entropyinput[] =
14043+ {
14044+ 0x4d,0xb0,0x43,0xd8,0x34,0x4b,0x10,0x70,0xb1,0x8b,0xed,0xea,
14045+ 0x07,0x92,0x9f,0x6c,0x79,0x31,0xaf,0x81,0x29,0xeb,0x6e,0xca,
14046+ 0x32,0x48,0x28,0xe7,0x02,0x5d,0xa6,0xa6
14047+ };
14048+
14049+__fips_constseg
14050+static const unsigned char hmac_sha256_pr_nonce[] =
14051+ {
14052+ 0x3a,0xae,0x15,0xa9,0x99,0xdc,0xe4,0x67,0x34,0x3b,0x70,0x15,
14053+ 0xaa,0xd3,0x30,0x9a
14054+ };
14055+
14056+__fips_constseg
14057+static const unsigned char hmac_sha256_pr_personalizationstring[] =
14058+ {
14059+ 0x13,0x1d,0x24,0x04,0xb0,0x18,0x81,0x15,0x21,0x51,0x2a,0x24,
14060+ 0x52,0x61,0xbe,0x64,0x82,0x6b,0x55,0x2f,0xe2,0xf1,0x40,0x7d,
14061+ 0x71,0xd8,0x01,0x86,0x15,0xb7,0x8b,0xb5
14062+ };
14063+
14064+__fips_constseg
14065+static const unsigned char hmac_sha256_pr_additionalinput[] =
14066+ {
14067+ 0x8f,0xa6,0x54,0x5f,0xb1,0xd0,0xd8,0xc3,0xe7,0x0c,0x15,0xa9,
14068+ 0x23,0x6e,0xfe,0xfb,0x93,0xf7,0x3a,0xbd,0x59,0x01,0xfa,0x18,
14069+ 0x8e,0xe9,0x1a,0xa9,0x78,0xfc,0x79,0x0b
14070+ };
14071+
14072+__fips_constseg
14073+static const unsigned char hmac_sha256_pr_entropyinputpr[] =
14074+ {
14075+ 0xcf,0x24,0xb9,0xeb,0xb3,0xd4,0xcd,0x17,0x37,0x38,0x75,0x79,
14076+ 0x15,0xcb,0x2d,0x75,0x51,0xf1,0xcc,0xaa,0x32,0xa4,0xa7,0x36,
14077+ 0x7c,0x5c,0xe4,0x47,0xf1,0x3e,0x1d,0xe5
14078+ };
14079+
14080+__fips_constseg
14081+static const unsigned char hmac_sha256_pr_int_returnedbits[] =
14082+ {
14083+ 0x52,0x42,0xfa,0xeb,0x85,0xe0,0x30,0x22,0x79,0x00,0x16,0xb2,
14084+ 0x88,0x2f,0x14,0x6a,0xb7,0xfc,0xb7,0x53,0xdc,0x4a,0x12,0xef,
14085+ 0x54,0xd6,0x33,0xe9,0x20,0xd6,0xfd,0x56
14086+ };
14087+
14088+__fips_constseg
14089+static const unsigned char hmac_sha256_pr_additionalinput2[] =
14090+ {
14091+ 0xf4,0xf6,0x49,0xa1,0x2d,0x64,0x2b,0x30,0x58,0xf8,0xbd,0xb8,
14092+ 0x75,0xeb,0xbb,0x5e,0x1c,0x9b,0x81,0x6a,0xda,0x14,0x86,0x6e,
14093+ 0xd0,0xda,0x18,0xb7,0x88,0xfb,0x59,0xf3
14094+ };
14095+
14096+__fips_constseg
14097+static const unsigned char hmac_sha256_pr_entropyinputpr2[] =
14098+ {
14099+ 0x21,0xcd,0x6e,0x46,0xad,0x99,0x07,0x17,0xb4,0x3d,0x76,0x0a,
14100+ 0xff,0x5b,0x52,0x50,0x78,0xdf,0x1f,0x24,0x06,0x0d,0x3f,0x74,
14101+ 0xa9,0xc9,0x37,0xcf,0xd8,0x26,0x25,0x91
14102+ };
14103+
14104+__fips_constseg
14105+static const unsigned char hmac_sha256_pr_returnedbits[] =
14106+ {
14107+ 0xa7,0xaf,0x2f,0x29,0xe0,0x3a,0x72,0x95,0x96,0x1c,0xa9,0xf0,
14108+ 0x4a,0x17,0x4d,0x66,0x06,0x10,0xbf,0x39,0x89,0x88,0xb8,0x91,
14109+ 0x37,0x18,0x99,0xcf,0x8c,0x53,0x3b,0x7e
14110+ };
14111+
14112+
14113+/* HMAC SHA-256 No PR */
14114+__fips_constseg
14115+static const unsigned char hmac_sha256_entropyinput[] =
14116+ {
14117+ 0x96,0xb7,0x53,0x22,0x1e,0x52,0x2a,0x96,0xb1,0x15,0x3c,0x35,
14118+ 0x5a,0x8b,0xd3,0x4a,0xa6,0x6c,0x83,0x0a,0x7d,0xa3,0x23,0x3d,
14119+ 0x43,0xa1,0x07,0x2c,0x2d,0xe3,0x81,0xcc
14120+ };
14121+
14122+__fips_constseg
14123+static const unsigned char hmac_sha256_nonce[] =
14124+ {
14125+ 0xf1,0xac,0x97,0xcb,0x5e,0x06,0x48,0xd2,0x94,0xbe,0x15,0x2e,
14126+ 0xc7,0xfc,0xc2,0x01
14127+ };
14128+
14129+__fips_constseg
14130+static const unsigned char hmac_sha256_personalizationstring[] =
14131+ {
14132+ 0x98,0xc5,0x1e,0x35,0x5e,0x89,0x0d,0xce,0x64,0x6d,0x18,0xa7,
14133+ 0x5a,0xc6,0xf3,0xe7,0xd6,0x9e,0xc0,0xea,0xb7,0x3a,0x8d,0x65,
14134+ 0xb8,0xeb,0x10,0xd7,0x57,0x18,0xa0,0x32
14135+ };
14136+
14137+__fips_constseg
14138+static const unsigned char hmac_sha256_additionalinput[] =
14139+ {
14140+ 0x1b,0x10,0xaf,0xac,0xd0,0x65,0x95,0xad,0x04,0xad,0x03,0x1c,
14141+ 0xe0,0x40,0xd6,0x3e,0x1c,0x46,0x53,0x39,0x7c,0xe2,0xbc,0xda,
14142+ 0x8c,0xa2,0x33,0xa7,0x9a,0x26,0xd3,0x27
14143+ };
14144+
14145+__fips_constseg
14146+static const unsigned char hmac_sha256_int_returnedbits[] =
14147+ {
14148+ 0xba,0x61,0x0e,0x55,0xfe,0x11,0x8a,0x9e,0x0f,0x80,0xdf,0x1d,
14149+ 0x03,0x0a,0xfe,0x15,0x94,0x28,0x4b,0xba,0xf4,0x9f,0x51,0x25,
14150+ 0x88,0xe5,0x4e,0xfb,0xaf,0xce,0x69,0x90
14151+ };
14152+
14153+__fips_constseg
14154+static const unsigned char hmac_sha256_entropyinputreseed[] =
14155+ {
14156+ 0x62,0x7f,0x1e,0x6b,0xe8,0x8e,0xe1,0x35,0x7d,0x9b,0x4f,0xc7,
14157+ 0xec,0xc8,0xac,0xef,0x6b,0x13,0x9e,0x05,0x56,0xc1,0x08,0xf9,
14158+ 0x2f,0x0f,0x27,0x9c,0xd4,0x15,0xed,0x2d
14159+ };
14160+
14161+__fips_constseg
14162+static const unsigned char hmac_sha256_additionalinputreseed[] =
14163+ {
14164+ 0xc7,0x76,0x6e,0xa9,0xd2,0xb2,0x76,0x40,0x82,0x25,0x2c,0xb3,
14165+ 0x6f,0xac,0xe9,0x74,0xef,0x8f,0x3c,0x8e,0xcd,0xf1,0xbf,0xb3,
14166+ 0x49,0x77,0x34,0x88,0x52,0x36,0xe6,0x2e
14167+ };
14168+
14169+__fips_constseg
14170+static const unsigned char hmac_sha256_additionalinput2[] =
14171+ {
14172+ 0x8d,0xb8,0x0c,0xd1,0xbf,0x70,0xf6,0x19,0xc3,0x41,0x80,0x9f,
14173+ 0xe1,0xa5,0xa4,0x1f,0x2c,0x26,0xb1,0xe5,0xd8,0xeb,0xbe,0xf8,
14174+ 0xdf,0x88,0x6a,0x89,0xd6,0x05,0xd8,0x9d
14175+ };
14176+
14177+__fips_constseg
14178+static const unsigned char hmac_sha256_returnedbits[] =
14179+ {
14180+ 0x43,0x12,0x2a,0x2c,0x40,0x53,0x2e,0x7c,0x66,0x34,0xac,0xc3,
14181+ 0x43,0xe3,0xe0,0x6a,0xfc,0xfa,0xea,0x87,0x21,0x1f,0xe2,0x26,
14182+ 0xc4,0xf9,0x09,0x9a,0x0d,0x6e,0x7f,0xe0
14183+ };
14184+
14185+
14186+/* HMAC SHA-384 PR */
14187+__fips_constseg
14188+static const unsigned char hmac_sha384_pr_entropyinput[] =
14189+ {
14190+ 0x69,0x81,0x98,0x88,0x44,0xf5,0xd6,0x2e,0x00,0x08,0x3b,0xc5,
14191+ 0xfb,0xd7,0x8e,0x6f,0x23,0xf8,0x6d,0x09,0xd6,0x85,0x49,0xd1,
14192+ 0xf8,0x6d,0xa4,0x58,0x54,0xfd,0x88,0xa9
14193+ };
14194+
14195+__fips_constseg
14196+static const unsigned char hmac_sha384_pr_nonce[] =
14197+ {
14198+ 0x6e,0x38,0x81,0xca,0xb7,0xe8,0x6e,0x66,0x49,0x8a,0xb2,0x59,
14199+ 0xee,0x16,0xc9,0xde
14200+ };
14201+
14202+__fips_constseg
14203+static const unsigned char hmac_sha384_pr_personalizationstring[] =
14204+ {
14205+ 0xfe,0x4c,0xd9,0xf4,0x78,0x3b,0x08,0x41,0x8d,0x8f,0x55,0xc4,
14206+ 0x43,0x56,0xb6,0x12,0x36,0x6b,0x30,0xb7,0x5e,0xe1,0xb9,0x47,
14207+ 0x04,0xb1,0x4e,0xa9,0x00,0xa1,0x52,0xa1
14208+ };
14209+
14210+__fips_constseg
14211+static const unsigned char hmac_sha384_pr_additionalinput[] =
14212+ {
14213+ 0x89,0xe9,0xcc,0x8f,0x27,0x3c,0x26,0xd1,0x95,0xc8,0x7d,0x0f,
14214+ 0x5b,0x1a,0xf0,0x78,0x39,0x56,0x6f,0xa4,0x23,0xe7,0xd1,0xda,
14215+ 0x7c,0x66,0x33,0xa0,0x90,0xc9,0x92,0x88
14216+ };
14217+
14218+__fips_constseg
14219+static const unsigned char hmac_sha384_pr_entropyinputpr[] =
14220+ {
14221+ 0xbe,0x3d,0x7c,0x0d,0xca,0xda,0x7c,0x49,0xb8,0x12,0x36,0xc0,
14222+ 0xdb,0xad,0x35,0xa8,0xc7,0x0b,0x2a,0x2c,0x69,0x6d,0x25,0x56,
14223+ 0x63,0x82,0x11,0x3e,0xa7,0x33,0x70,0x72
14224+ };
14225+
14226+__fips_constseg
14227+static const unsigned char hmac_sha384_pr_int_returnedbits[] =
14228+ {
14229+ 0x82,0x3d,0xe6,0x54,0x80,0x42,0xf8,0xba,0x90,0x4f,0x06,0xa6,
14230+ 0xd2,0x7f,0xbf,0x79,0x7c,0x12,0x7d,0xa6,0xa2,0x66,0xe8,0xa6,
14231+ 0xc0,0xd6,0x4a,0x55,0xbf,0xd8,0x0a,0xc5,0xf8,0x03,0x88,0xdd,
14232+ 0x8e,0x87,0xd1,0x5a,0x48,0x26,0x72,0x2a,0x8e,0xcf,0xee,0xba
14233+ };
14234+
14235+__fips_constseg
14236+static const unsigned char hmac_sha384_pr_additionalinput2[] =
14237+ {
14238+ 0x8f,0xff,0xd9,0x84,0xbb,0x85,0x3a,0x66,0xa1,0x21,0xce,0xb2,
14239+ 0x3a,0x3a,0x17,0x22,0x19,0xae,0xc7,0xb6,0x63,0x81,0xd5,0xff,
14240+ 0x0d,0xc8,0xe1,0xaf,0x57,0xd2,0xcb,0x60
14241+ };
14242+
14243+__fips_constseg
14244+static const unsigned char hmac_sha384_pr_entropyinputpr2[] =
14245+ {
14246+ 0xd7,0xfb,0xc9,0xe8,0xe2,0xf2,0xaa,0x4c,0xb8,0x51,0x2f,0xe1,
14247+ 0x22,0xba,0xf3,0xda,0x0a,0x19,0x76,0x71,0x57,0xb2,0x1d,0x94,
14248+ 0x09,0x69,0x6c,0xd3,0x97,0x51,0x81,0x87
14249+ };
14250+
14251+__fips_constseg
14252+static const unsigned char hmac_sha384_pr_returnedbits[] =
14253+ {
14254+ 0xe6,0x19,0x28,0xa8,0x21,0xce,0x5e,0xdb,0x24,0x79,0x8c,0x76,
14255+ 0x5d,0x73,0xb2,0xdf,0xac,0xef,0x85,0xa7,0x3b,0x19,0x09,0x8b,
14256+ 0x7f,0x98,0x28,0xa9,0x93,0xd8,0x7a,0xad,0x55,0x8b,0x24,0x9d,
14257+ 0xe6,0x98,0xfe,0x47,0xd5,0x48,0xc1,0x23,0xd8,0x1d,0x62,0x75
14258+ };
14259+
14260+
14261+/* HMAC SHA-384 No PR */
14262+__fips_constseg
14263+static const unsigned char hmac_sha384_entropyinput[] =
14264+ {
14265+ 0xc3,0x56,0x2b,0x1d,0xc2,0xbb,0xa8,0xf0,0xae,0x1b,0x0d,0xd3,
14266+ 0x5a,0x6c,0xda,0x57,0x8e,0xa5,0x8a,0x0d,0x6c,0x4b,0x18,0xb1,
14267+ 0x04,0x3e,0xb4,0x99,0x35,0xc4,0xc0,0x5f
14268+ };
14269+
14270+__fips_constseg
14271+static const unsigned char hmac_sha384_nonce[] =
14272+ {
14273+ 0xc5,0x49,0x1e,0x66,0x27,0x92,0xbe,0xec,0xb5,0x1e,0x4b,0xb1,
14274+ 0x38,0xe3,0xeb,0x62
14275+ };
14276+
14277+__fips_constseg
14278+static const unsigned char hmac_sha384_personalizationstring[] =
14279+ {
14280+ 0xbe,0xe7,0x6b,0x57,0xde,0x88,0x11,0x96,0x9b,0x6e,0xea,0xe5,
14281+ 0x63,0x83,0x4c,0xb6,0x8d,0x66,0xaa,0x1f,0x8b,0x54,0xe7,0x62,
14282+ 0x6d,0x5a,0xfc,0xbf,0x97,0xba,0xcd,0x77
14283+ };
14284+
14285+__fips_constseg
14286+static const unsigned char hmac_sha384_additionalinput[] =
14287+ {
14288+ 0xe5,0x28,0x5f,0x43,0xf5,0x83,0x6e,0x0a,0x83,0x5c,0xe3,0x81,
14289+ 0x03,0xf2,0xf8,0x78,0x00,0x7c,0x95,0x87,0x16,0xd6,0x6c,0x58,
14290+ 0x33,0x6c,0x53,0x35,0x0d,0x66,0xe3,0xce
14291+ };
14292+
14293+__fips_constseg
14294+static const unsigned char hmac_sha384_int_returnedbits[] =
14295+ {
14296+ 0xe2,0x1f,0xf3,0xda,0x0d,0x19,0x99,0x87,0xc4,0x90,0xa2,0x31,
14297+ 0xca,0x2a,0x89,0x58,0x43,0x44,0xb8,0xde,0xcf,0xa4,0xbe,0x3b,
14298+ 0x53,0x26,0x22,0x31,0x76,0x41,0x22,0xb5,0xa8,0x70,0x2f,0x4b,
14299+ 0x64,0x95,0x4d,0x48,0x96,0x35,0xe6,0xbd,0x3c,0x34,0xdb,0x1b
14300+ };
14301+
14302+__fips_constseg
14303+static const unsigned char hmac_sha384_entropyinputreseed[] =
14304+ {
14305+ 0x77,0x61,0xba,0xbc,0xf2,0xc1,0xf3,0x4b,0x86,0x65,0xfd,0x48,
14306+ 0x0e,0x3c,0x02,0x5e,0xa2,0x7a,0x6b,0x7c,0xed,0x21,0x5e,0xf9,
14307+ 0xcd,0xcd,0x77,0x07,0x2b,0xbe,0xc5,0x5c
14308+ };
14309+
14310+__fips_constseg
14311+static const unsigned char hmac_sha384_additionalinputreseed[] =
14312+ {
14313+ 0x18,0x24,0x5f,0xc6,0x84,0xd1,0x67,0xc3,0x9a,0x11,0xa5,0x8c,
14314+ 0x07,0x39,0x21,0x83,0x4d,0x04,0xc4,0x6a,0x28,0x19,0xcf,0x92,
14315+ 0x21,0xd9,0x9e,0x41,0x72,0x6c,0x9e,0x63
14316+ };
14317+
14318+__fips_constseg
14319+static const unsigned char hmac_sha384_additionalinput2[] =
14320+ {
14321+ 0x96,0x67,0x41,0x28,0x9b,0xb7,0x92,0x8d,0x64,0x3b,0xe4,0xcf,
14322+ 0x7e,0xaa,0x1e,0xb1,0x4b,0x1d,0x09,0x56,0x67,0x9c,0xc6,0x6d,
14323+ 0x3b,0xe8,0x91,0x9d,0xe1,0x8a,0xb7,0x32
14324+ };
14325+
14326+__fips_constseg
14327+static const unsigned char hmac_sha384_returnedbits[] =
14328+ {
14329+ 0xe3,0x59,0x61,0x38,0x92,0xec,0xe2,0x3c,0xff,0xb7,0xdb,0x19,
14330+ 0x0f,0x5b,0x93,0x68,0x0d,0xa4,0x94,0x40,0x72,0x0b,0xe0,0xed,
14331+ 0x4d,0xcd,0x68,0xa0,0x1e,0xfe,0x67,0xb2,0xfa,0x21,0x56,0x74,
14332+ 0xa4,0xad,0xcf,0xb7,0x60,0x66,0x2e,0x40,0xde,0x82,0xca,0xfb
14333+ };
14334+
14335+
14336+/* HMAC SHA-512 PR */
14337+__fips_constseg
14338+static const unsigned char hmac_sha512_pr_entropyinput[] =
14339+ {
14340+ 0xaa,0x9e,0x45,0x67,0x0e,0x00,0x2a,0x67,0x98,0xd6,0xda,0x0b,
14341+ 0x0f,0x17,0x7e,0xac,0xfd,0x27,0xc4,0xca,0x84,0xdf,0xde,0xba,
14342+ 0x85,0xd9,0xbe,0x8f,0xf3,0xff,0x91,0x4d
14343+ };
14344+
14345+__fips_constseg
14346+static const unsigned char hmac_sha512_pr_nonce[] =
14347+ {
14348+ 0x8c,0x49,0x2f,0x58,0x1e,0x7a,0xda,0x4b,0x7e,0x8a,0x30,0x7b,
14349+ 0x86,0xea,0xaf,0xa2
14350+ };
14351+
14352+__fips_constseg
14353+static const unsigned char hmac_sha512_pr_personalizationstring[] =
14354+ {
14355+ 0x71,0xe1,0xbb,0xad,0xa7,0x4b,0x2e,0x31,0x3b,0x0b,0xec,0x24,
14356+ 0x99,0x38,0xbc,0xaa,0x05,0x4c,0x46,0x44,0xfa,0xad,0x8e,0x02,
14357+ 0xc1,0x7e,0xad,0xec,0x54,0xa6,0xd0,0xad
14358+ };
14359+
14360+__fips_constseg
14361+static const unsigned char hmac_sha512_pr_additionalinput[] =
14362+ {
14363+ 0x3d,0x6e,0xa6,0xa8,0x29,0x2a,0xb2,0xf5,0x98,0x42,0xe4,0x92,
14364+ 0x78,0x22,0x67,0xfd,0x1b,0x15,0x1e,0x29,0xaa,0x71,0x3c,0x3c,
14365+ 0xe7,0x05,0x20,0xa9,0x29,0xc6,0x75,0x71
14366+ };
14367+
14368+__fips_constseg
14369+static const unsigned char hmac_sha512_pr_entropyinputpr[] =
14370+ {
14371+ 0xab,0xb9,0x16,0xd8,0x55,0x35,0x54,0xb7,0x97,0x3f,0x94,0xbc,
14372+ 0x2f,0x7c,0x70,0xc7,0xd0,0xed,0xb7,0x4b,0xf7,0xf6,0x6c,0x03,
14373+ 0x0c,0xb0,0x03,0xd8,0xbb,0x71,0xd9,0x10
14374+ };
14375+
14376+__fips_constseg
14377+static const unsigned char hmac_sha512_pr_int_returnedbits[] =
14378+ {
14379+ 0x8e,0xd3,0xfd,0x52,0x9e,0x83,0x08,0x49,0x18,0x6e,0x23,0x56,
14380+ 0x5c,0x45,0x93,0x34,0x05,0xe2,0x98,0x8f,0x0c,0xd4,0x32,0x0c,
14381+ 0xfd,0xda,0x5f,0x92,0x3a,0x8c,0x81,0xbd,0xf6,0x6c,0x55,0xfd,
14382+ 0xb8,0x20,0xce,0x8d,0x97,0x27,0xe8,0xe8,0xe0,0xb3,0x85,0x50,
14383+ 0xa2,0xc2,0xb2,0x95,0x1d,0x48,0xd3,0x7b,0x4b,0x78,0x13,0x35,
14384+ 0x05,0x17,0xbe,0x0d
14385+ };
14386+
14387+__fips_constseg
14388+static const unsigned char hmac_sha512_pr_additionalinput2[] =
14389+ {
14390+ 0xc3,0xfc,0x95,0xaa,0x69,0x06,0xae,0x59,0x41,0xce,0x26,0x08,
14391+ 0x29,0x6d,0x45,0xda,0xe8,0xb3,0x6c,0x95,0x60,0x0f,0x70,0x2c,
14392+ 0x10,0xba,0x38,0x8c,0xcf,0x29,0x99,0xaa
14393+ };
14394+
14395+__fips_constseg
14396+static const unsigned char hmac_sha512_pr_entropyinputpr2[] =
14397+ {
14398+ 0x3b,0x9a,0x25,0xce,0xd7,0xf9,0x5c,0xd1,0x3a,0x3e,0xaa,0x71,
14399+ 0x14,0x3e,0x19,0xe8,0xce,0xe6,0xfe,0x51,0x84,0xe9,0x1b,0xfe,
14400+ 0x3f,0xa7,0xf2,0xfd,0x76,0x5f,0x6a,0xe7
14401+ };
14402+
14403+__fips_constseg
14404+static const unsigned char hmac_sha512_pr_returnedbits[] =
14405+ {
14406+ 0xb7,0x82,0xa9,0x57,0x81,0x67,0x53,0xb5,0xa1,0xe9,0x3d,0x35,
14407+ 0xf9,0xe4,0x97,0xbe,0xa6,0xca,0xf1,0x01,0x13,0x09,0xe7,0x21,
14408+ 0xc0,0xed,0x93,0x5d,0x4b,0xf4,0xeb,0x8d,0x53,0x25,0x8a,0xc4,
14409+ 0xb1,0x6f,0x6e,0x37,0xcd,0x2e,0xac,0x39,0xb2,0xb6,0x99,0xa3,
14410+ 0x82,0x00,0xb0,0x21,0xf0,0xc7,0x2f,0x4c,0x73,0x92,0xfd,0x00,
14411+ 0xb6,0xaf,0xbc,0xd3
14412+ };
14413+
14414+
14415+/* HMAC SHA-512 No PR */
14416+__fips_constseg
14417+static const unsigned char hmac_sha512_entropyinput[] =
14418+ {
14419+ 0x6e,0x85,0xe6,0x25,0x96,0x29,0xa7,0x52,0x5b,0x60,0xba,0xaa,
14420+ 0xde,0xdb,0x36,0x0a,0x51,0x9a,0x15,0xae,0x6e,0x18,0xd3,0xfe,
14421+ 0x39,0xb9,0x4a,0x96,0xf8,0x77,0xcb,0x95
14422+ };
14423+
14424+__fips_constseg
14425+static const unsigned char hmac_sha512_nonce[] =
14426+ {
14427+ 0xe0,0xa6,0x5d,0x08,0xc3,0x7c,0xae,0x25,0x2e,0x80,0xd1,0x3e,
14428+ 0xd9,0xaf,0x43,0x3c
14429+ };
14430+
14431+__fips_constseg
14432+static const unsigned char hmac_sha512_personalizationstring[] =
14433+ {
14434+ 0x53,0x99,0x52,0x5f,0x11,0xa9,0x64,0x66,0x20,0x5e,0x1b,0x5f,
14435+ 0x42,0xb3,0xf4,0xda,0xed,0xbb,0x63,0xc1,0x23,0xaf,0xd0,0x01,
14436+ 0x90,0x3b,0xd0,0x78,0xe4,0x0b,0xa7,0x20
14437+ };
14438+
14439+__fips_constseg
14440+static const unsigned char hmac_sha512_additionalinput[] =
14441+ {
14442+ 0x85,0x90,0x80,0xd3,0x98,0xf1,0x53,0x6d,0x68,0x15,0x8f,0xe5,
14443+ 0x60,0x3f,0x17,0x29,0x55,0x8d,0x33,0xb1,0x45,0x64,0x64,0x8d,
14444+ 0x50,0x21,0x89,0xae,0xf6,0xfd,0x32,0x73
14445+ };
14446+
14447+__fips_constseg
14448+static const unsigned char hmac_sha512_int_returnedbits[] =
14449+ {
14450+ 0x28,0x56,0x30,0x6f,0xf4,0xa1,0x48,0xe0,0xc9,0xf5,0x75,0x90,
14451+ 0xcc,0xfb,0xdf,0xdf,0x71,0x3d,0x0a,0x9a,0x03,0x65,0x3b,0x18,
14452+ 0x61,0xe3,0xd1,0xda,0xcc,0x4a,0xfe,0x55,0x38,0xf8,0x21,0x6b,
14453+ 0xfa,0x18,0x01,0x42,0x39,0x2f,0x99,0x53,0x38,0x15,0x82,0x34,
14454+ 0xc5,0x93,0x92,0xbc,0x4d,0x75,0x1a,0x5f,0x21,0x27,0xcc,0xa1,
14455+ 0xb1,0x57,0x69,0xe8
14456+ };
14457+
14458+__fips_constseg
14459+static const unsigned char hmac_sha512_entropyinputreseed[] =
14460+ {
14461+ 0x8c,0x52,0x7e,0x77,0x72,0x3f,0xa3,0x04,0x97,0x10,0x9b,0x41,
14462+ 0xbd,0xe8,0xff,0x89,0xed,0x80,0xe3,0xbd,0xaa,0x12,0x2d,0xca,
14463+ 0x75,0x82,0x36,0x77,0x88,0xcd,0xa6,0x73
14464+ };
14465+
14466+__fips_constseg
14467+static const unsigned char hmac_sha512_additionalinputreseed[] =
14468+ {
14469+ 0x7e,0x32,0xe3,0x69,0x69,0x07,0x34,0xa2,0x16,0xa2,0x5d,0x1a,
14470+ 0x10,0x91,0xd3,0xe2,0x21,0xa2,0xa3,0xdd,0xcd,0x0c,0x09,0x86,
14471+ 0x11,0xe1,0x50,0xff,0x5c,0xb7,0xeb,0x5c
14472+ };
14473+
14474+__fips_constseg
14475+static const unsigned char hmac_sha512_additionalinput2[] =
14476+ {
14477+ 0x7f,0x78,0x66,0xd8,0xfb,0x67,0xcf,0x8d,0x8c,0x08,0x30,0xa5,
14478+ 0xf8,0x7d,0xcf,0x44,0x59,0xce,0xf8,0xdf,0x58,0xd3,0x60,0xcb,
14479+ 0xa8,0x60,0xb9,0x07,0xc4,0xb1,0x95,0x48
14480+ };
14481+
14482+__fips_constseg
14483+static const unsigned char hmac_sha512_returnedbits[] =
14484+ {
14485+ 0xdf,0xa7,0x36,0xd4,0xdc,0x5d,0x4d,0x31,0xad,0x69,0x46,0x9f,
14486+ 0xf1,0x7c,0xd7,0x3b,0x4f,0x55,0xf2,0xd7,0xb9,0x9d,0xad,0x7a,
14487+ 0x79,0x08,0x59,0xa5,0xdc,0x74,0xf5,0x9b,0x73,0xd2,0x13,0x25,
14488+ 0x0b,0x81,0x08,0x08,0x25,0xfb,0x39,0xf2,0xf0,0xa3,0xa4,0x8d,
14489+ 0xef,0x05,0x9e,0xb8,0xc7,0x52,0xe4,0x0e,0x42,0xaa,0x7c,0x79,
14490+ 0xc2,0xd6,0xfd,0xa5
14491+ };
14492+
a7ff9508
MT		 14493diff -up openssl-1.0.1b/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_dsa_selftest.c
14494--- openssl-1.0.1b/crypto/fips/fips_dsa_selftest.c.fips 2012-04-26 18:00:51.404769387 +0200
14495+++ openssl-1.0.1b/crypto/fips/fips_dsa_selftest.c 2012-04-26 18:00:51.404769387 +0200
0595faf5
MT		 14496@@ -0,0 +1,193 @@
14497+/* ====================================================================
14498+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
14499+ *
14500+ * Redistribution and use in source and binary forms, with or without
14501+ * modification, are permitted provided that the following conditions
14502+ * are met:
14503+ *
14504+ * 1. Redistributions of source code must retain the above copyright
14505+ * notice, this list of conditions and the following disclaimer.
14506+ *
14507+ * 2. Redistributions in binary form must reproduce the above copyright
14508+ * notice, this list of conditions and the following disclaimer in
14509+ * the documentation and/or other materials provided with the
14510+ * distribution.
14511+ *
14512+ * 3. All advertising materials mentioning features or use of this
14513+ * software must display the following acknowledgment:
14514+ * "This product includes software developed by the OpenSSL Project
14515+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
14516+ *
14517+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
14518+ * endorse or promote products derived from this software without
14519+ * prior written permission. For written permission, please contact
14520+ * openssl-core@openssl.org.
14521+ *
14522+ * 5. Products derived from this software may not be called "OpenSSL"
14523+ * nor may "OpenSSL" appear in their names without prior written
14524+ * permission of the OpenSSL Project.
14525+ *
14526+ * 6. Redistributions of any form whatsoever must retain the following
14527+ * acknowledgment:
14528+ * "This product includes software developed by the OpenSSL Project
14529+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
14530+ *
14531+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
14532+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
14533+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
14534+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
14535+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
14536+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
14537+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
14538+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
14539+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
14540+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
14541+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
14542+ * OF THE POSSIBILITY OF SUCH DAMAGE.
14543+ *
14544+ */
14545+
14546+#include <string.h>
14547+#include <openssl/crypto.h>
14548+#include <openssl/dsa.h>
14549+#include <openssl/fips.h>
14550+#include <openssl/err.h>
14551+#include <openssl/evp.h>
14552+#include <openssl/bn.h>
14553+#include "fips_locl.h"
14554+
14555+#ifdef OPENSSL_FIPS
14556+
14557+static const unsigned char dsa_test_2048_p[] = {
14558+ 0xa8,0x53,0x78,0xd8,0xfd,0x3f,0x8d,0x72,0xec,0x74,0x18,0x08,
14559+ 0x0d,0xa2,0x13,0x17,0xe4,0x3e,0xc4,0xb6,0x2b,0xa8,0xc8,0x62,
14560+ 0x3b,0x7e,0x4d,0x04,0x44,0x1d,0xd1,0xa0,0x65,0x86,0x62,0x59,
14561+ 0x64,0x93,0xca,0x8e,0x9e,0x8f,0xbb,0x7e,0x34,0xaa,0xdd,0xb6,
14562+ 0x2e,0x5d,0x67,0xb6,0xd0,0x9a,0x6e,0x61,0xb7,0x69,0xe7,0xc3,
14563+ 0x52,0xaa,0x2b,0x10,0xe2,0x0c,0xa0,0x63,0x69,0x63,0xb5,0x52,
14564+ 0x3e,0x86,0x47,0x0d,0xec,0xbb,0xed,0xa0,0x27,0xe7,0x97,0xe7,
14565+ 0xb6,0x76,0x35,0xd4,0xd4,0x9c,0x30,0x70,0x0e,0x74,0xaf,0x8a,
14566+ 0x0f,0xf1,0x56,0xa8,0x01,0xaf,0x57,0xa2,0x6e,0x70,0x78,0xf1,
14567+ 0xd8,0x2f,0x74,0x90,0x8e,0xcb,0x6d,0x07,0xe7,0x0b,0x35,0x03,
14568+ 0xee,0xd9,0x4f,0xa3,0x2c,0xf1,0x7a,0x7f,0xc3,0xd6,0xcf,0x40,
14569+ 0xdc,0x7b,0x00,0x83,0x0e,0x6a,0x25,0x66,0xdc,0x07,0x3e,0x34,
14570+ 0x33,0x12,0x51,0x7c,0x6a,0xa5,0x15,0x2b,0x4b,0xfe,0xcd,0x2e,
14571+ 0x55,0x1f,0xee,0x34,0x63,0x18,0xa1,0x53,0x42,0x3c,0x99,0x6b,
14572+ 0x0d,0x5d,0xcb,0x91,0x02,0xae,0xdd,0x38,0x79,0x86,0x16,0xf1,
14573+ 0xf1,0xe0,0xd6,0xc4,0x03,0x52,0x5b,0x1f,0x9b,0x3d,0x4d,0xc7,
14574+ 0x66,0xde,0x2d,0xfc,0x4a,0x56,0xd7,0xb8,0xba,0x59,0x63,0xd6,
14575+ 0x0f,0x3e,0x16,0x31,0x88,0x70,0xad,0x43,0x69,0x52,0xe5,0x57,
14576+ 0x65,0x37,0x4e,0xab,0x85,0xe8,0xec,0x17,0xd6,0xb9,0xa4,0x54,
14577+ 0x7b,0x9b,0x5f,0x27,0x52,0xf3,0x10,0x5b,0xe8,0x09,0xb2,0x3a,
14578+ 0x2c,0x8d,0x74,0x69,0xdb,0x02,0xe2,0x4d,0x59,0x23,0x94,0xa7,
14579+ 0xdb,0xa0,0x69,0xe9
14580+};
14581+
14582+static const unsigned char dsa_test_2048_q[] = {
14583+ 0xd2,0x77,0x04,0x4e,0x50,0xf5,0xa4,0xe3,0xf5,0x10,0xa5,0x0a,
14584+ 0x0b,0x84,0xfd,0xff,0xbc,0xa0,0x47,0xed,0x27,0x60,0x20,0x56,
14585+ 0x74,0x41,0xa0,0xa5
14586+};
14587+
14588+static const unsigned char dsa_test_2048_g[] = {
14589+ 0x13,0xd7,0x54,0xe2,0x1f,0xd2,0x41,0x65,0x5d,0xa8,0x91,0xc5,
14590+ 0x22,0xa6,0x5a,0x72,0xa8,0x9b,0xdc,0x64,0xec,0x9b,0x54,0xa8,
14591+ 0x21,0xed,0x4a,0x89,0x8b,0x49,0x0e,0x0c,0x4f,0xcb,0x72,0x19,
14592+ 0x2a,0x4a,0x20,0xf5,0x41,0xf3,0xf2,0x92,0x53,0x99,0xf0,0xba,
14593+ 0xec,0xf9,0x29,0xaa,0xfb,0xf7,0x9d,0xfe,0x43,0x32,0x39,0x3b,
14594+ 0x32,0xcd,0x2e,0x2f,0xcf,0x27,0x2f,0x32,0xa6,0x27,0x43,0x4a,
14595+ 0x0d,0xf2,0x42,0xb7,0x5b,0x41,0x4d,0xf3,0x72,0x12,0x1e,0x53,
14596+ 0xa5,0x53,0xf2,0x22,0xf8,0x36,0xb0,0x00,0xf0,0x16,0x48,0x5b,
14597+ 0x6b,0xd0,0x89,0x84,0x51,0x80,0x1d,0xcd,0x8d,0xe6,0x4c,0xd5,
14598+ 0x36,0x56,0x96,0xff,0xc5,0x32,0xd5,0x28,0xc5,0x06,0x62,0x0a,
14599+ 0x94,0x2a,0x03,0x05,0x04,0x6d,0x8f,0x18,0x76,0x34,0x1f,0x1e,
14600+ 0x57,0x0b,0xc3,0x97,0x4b,0xa6,0xb9,0xa4,0x38,0xe9,0x70,0x23,
14601+ 0x02,0xa2,0xe6,0xe6,0x7b,0xfd,0x06,0xd3,0x2b,0xc6,0x79,0x96,
14602+ 0x22,0x71,0xd7,0xb4,0x0c,0xd7,0x2f,0x38,0x6e,0x64,0xe0,0xd7,
14603+ 0xef,0x86,0xca,0x8c,0xa5,0xd1,0x42,0x28,0xdc,0x2a,0x4f,0x16,
14604+ 0xe3,0x18,0x98,0x86,0xb5,0x99,0x06,0x74,0xf4,0x20,0x0f,0x3a,
14605+ 0x4c,0xf6,0x5a,0x3f,0x0d,0xdb,0xa1,0xfa,0x67,0x2d,0xff,0x2f,
14606+ 0x5e,0x14,0x3d,0x10,0xe4,0xe9,0x7a,0xe8,0x4f,0x6d,0xa0,0x95,
14607+ 0x35,0xd5,0xb9,0xdf,0x25,0x91,0x81,0xa7,0x9b,0x63,0xb0,0x69,
14608+ 0xe9,0x49,0x97,0x2b,0x02,0xba,0x36,0xb3,0x58,0x6a,0xab,0x7e,
14609+ 0x45,0xf3,0x22,0xf8,0x2e,0x4e,0x85,0xca,0x3a,0xb8,0x55,0x91,
14610+ 0xb3,0xc2,0xa9,0x66
14611+};
14612+
14613+static const unsigned char dsa_test_2048_pub_key[] = {
14614+ 0x24,0x52,0xf3,0xcc,0xbe,0x9e,0xd5,0xca,0x7d,0xc7,0x4c,0x60,
14615+ 0x2b,0x99,0x22,0x6e,0x8f,0x2f,0xab,0x38,0xe7,0xd7,0xdd,0xfb,
14616+ 0x75,0x53,0x9b,0x17,0x15,0x5e,0x9f,0xcf,0xd1,0xab,0xa5,0x64,
14617+ 0xeb,0x85,0x35,0xd8,0x12,0xc9,0xc2,0xdc,0xf9,0x72,0x84,0x44,
14618+ 0x1b,0xc4,0x82,0x24,0x36,0x24,0xc7,0xf4,0x57,0x58,0x0c,0x1c,
14619+ 0x38,0xa5,0x7c,0x46,0xc4,0x57,0x39,0x24,0x70,0xed,0xb5,0x2c,
14620+ 0xb5,0xa6,0xe0,0x3f,0xe6,0x28,0x7b,0xb6,0xf4,0x9a,0x42,0xa2,
14621+ 0x06,0x5a,0x05,0x4f,0x03,0x08,0x39,0xdf,0x1f,0xd3,0x14,0x9c,
14622+ 0x4c,0xa0,0x53,0x1d,0xd8,0xca,0x8a,0xaa,0x9c,0xc7,0x33,0x71,
14623+ 0x93,0x38,0x73,0x48,0x33,0x61,0x18,0x22,0x45,0x45,0xe8,0x8c,
14624+ 0x80,0xff,0xd8,0x76,0x5d,0x74,0x36,0x03,0x33,0xcc,0xab,0x99,
14625+ 0x72,0x77,0x9b,0x65,0x25,0xa6,0x5b,0xdd,0x0d,0x10,0xc6,0x75,
14626+ 0xc1,0x09,0xbb,0xd3,0xe5,0xbe,0x4d,0x72,0xef,0x6e,0xba,0x6e,
14627+ 0x43,0x8d,0x52,0x26,0x23,0x7d,0xb8,0x88,0x37,0x9c,0x5f,0xcc,
14628+ 0x47,0xa3,0x84,0x7f,0xf6,0x37,0x11,0xba,0xed,0x6d,0x03,0xaf,
14629+ 0xe8,0x1e,0x69,0x4a,0x41,0x3b,0x68,0x0b,0xd3,0x8a,0xb4,0x90,
14630+ 0x3f,0x83,0x70,0xa7,0x07,0xef,0x55,0x1d,0x49,0x41,0x02,0x6d,
14631+ 0x95,0x79,0xd6,0x91,0xde,0x8e,0xda,0xa1,0x61,0x05,0xeb,0x9d,
14632+ 0xba,0x3c,0x2f,0x4c,0x1b,0xec,0x50,0x82,0x75,0xaa,0x02,0x07,
14633+ 0xe2,0x51,0xb5,0xec,0xcb,0x28,0x6a,0x4b,0x01,0xd4,0x49,0xd3,
14634+ 0x0a,0xcb,0x67,0x37,0x17,0xa0,0xd2,0xfb,0x3b,0x50,0xc8,0x93,
14635+ 0xf7,0xda,0xb1,0x4f
14636+};
14637+
14638+static const unsigned char dsa_test_2048_priv_key[] = {
14639+ 0x0c,0x4b,0x30,0x89,0xd1,0xb8,0x62,0xcb,0x3c,0x43,0x64,0x91,
14640+ 0xf0,0x91,0x54,0x70,0xc5,0x27,0x96,0xe3,0xac,0xbe,0xe8,0x00,
14641+ 0xec,0x55,0xf6,0xcc
14642+};
14643+
14644+static int corrupt_dsa;
14645+
14646+void FIPS_corrupt_dsa()
14647+ {
14648+ corrupt_dsa = 1;
14649+ }
14650+
14651+int FIPS_selftest_dsa()
14652+ {
14653+ DSA *dsa = NULL;
14654+ EVP_PKEY *pk = NULL;
14655+ int ret = 0;
14656+
14657+ dsa = DSA_new();
14658+
14659+ if(dsa == NULL)
14660+ goto err;
14661+
14662+ fips_load_key_component(dsa, p, dsa_test_2048);
14663+ fips_load_key_component(dsa, q, dsa_test_2048);
14664+ fips_load_key_component(dsa, g, dsa_test_2048);
14665+ fips_load_key_component(dsa, pub_key, dsa_test_2048);
14666+ fips_load_key_component(dsa, priv_key, dsa_test_2048);
14667+
14668+ if (corrupt_dsa)
14669+ BN_set_bit(dsa->pub_key, 2047);
14670+
14671+ if ((pk=EVP_PKEY_new()) == NULL)
14672+ goto err;
14673+
14674+ EVP_PKEY_assign_DSA(pk, dsa);
14675+
14676+ if (!fips_pkey_signature_test(pk, NULL, 0,
14677+ NULL, 0, EVP_sha256(), 0,
14678+ "DSA SHA256"))
14679+ goto err;
14680+ ret = 1;
14681+
14682+ err:
14683+ if (pk)
14684+ EVP_PKEY_free(pk);
14685+ else if (dsa)
14686+ DSA_free(dsa);
14687+ return ret;
14688+ }
14689+#endif
a7ff9508
MT		 14690diff -up openssl-1.0.1b/crypto/fips/fips_enc.c.fips openssl-1.0.1b/crypto/fips/fips_enc.c
14691--- openssl-1.0.1b/crypto/fips/fips_enc.c.fips 2012-04-26 18:00:51.405769408 +0200
14692+++ openssl-1.0.1b/crypto/fips/fips_enc.c 2012-04-26 18:00:51.405769408 +0200
0595faf5
MT		 14693@@ -0,0 +1,191 @@
14694+/* fipe/evp/fips_enc.c */
14695+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
14696+ * All rights reserved.
14697+ *
14698+ * This package is an SSL implementation written
14699+ * by Eric Young (eay@cryptsoft.com).
14700+ * The implementation was written so as to conform with Netscapes SSL.
14701+ *
14702+ * This library is free for commercial and non-commercial use as long as
14703+ * the following conditions are aheared to. The following conditions
14704+ * apply to all code found in this distribution, be it the RC4, RSA,
14705+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
14706+ * included with this distribution is covered by the same copyright terms
14707+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14708+ *
14709+ * Copyright remains Eric Young's, and as such any Copyright notices in
14710+ * the code are not to be removed.
14711+ * If this package is used in a product, Eric Young should be given attribution
14712+ * as the author of the parts of the library used.
14713+ * This can be in the form of a textual message at program startup or
14714+ * in documentation (online or textual) provided with the package.
14715+ *
14716+ * Redistribution and use in source and binary forms, with or without
14717+ * modification, are permitted provided that the following conditions
14718+ * are met:
14719+ * 1. Redistributions of source code must retain the copyright
14720+ * notice, this list of conditions and the following disclaimer.
14721+ * 2. Redistributions in binary form must reproduce the above copyright
14722+ * notice, this list of conditions and the following disclaimer in the
14723+ * documentation and/or other materials provided with the distribution.
14724+ * 3. All advertising materials mentioning features or use of this software
14725+ * must display the following acknowledgement:
14726+ * "This product includes cryptographic software written by
14727+ * Eric Young (eay@cryptsoft.com)"
14728+ * The word 'cryptographic' can be left out if the rouines from the library
14729+ * being used are not cryptographic related :-).
14730+ * 4. If you include any Windows specific code (or a derivative thereof) from
14731+ * the apps directory (application code) you must include an acknowledgement:
14732+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
14733+ *
14734+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
14735+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
14736+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
14737+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
14738+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
14739+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
14740+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
14741+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
14742+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
14743+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
14744+ * SUCH DAMAGE.
14745+ *
14746+ * The licence and distribution terms for any publically available version or
14747+ * derivative of this code cannot be changed. i.e. this code cannot simply be
14748+ * copied and put under another distribution licence
14749+ * [including the GNU Public Licence.]
14750+ */
14751+
14752+#include <stdio.h>
14753+#include <string.h>
14754+#include <openssl/evp.h>
14755+#include <openssl/err.h>
14756+#include <openssl/fips.h>
14757+
14758+const EVP_CIPHER *FIPS_get_cipherbynid(int nid)
14759+ {
14760+ switch (nid)
14761+ {
14762+ case NID_aes_128_cbc:
14763+ return EVP_aes_128_cbc();
14764+
14765+ case NID_aes_128_ccm:
14766+ return EVP_aes_128_ccm();
14767+
14768+ case NID_aes_128_cfb1:
14769+ return EVP_aes_128_cfb1();
14770+
14771+ case NID_aes_128_cfb128:
14772+ return EVP_aes_128_cfb128();
14773+
14774+ case NID_aes_128_cfb8:
14775+ return EVP_aes_128_cfb8();
14776+
14777+ case NID_aes_128_ctr:
14778+ return EVP_aes_128_ctr();
14779+
14780+ case NID_aes_128_ecb:
14781+ return EVP_aes_128_ecb();
14782+
14783+ case NID_aes_128_gcm:
14784+ return EVP_aes_128_gcm();
14785+
14786+ case NID_aes_128_ofb128:
14787+ return EVP_aes_128_ofb();
14788+
14789+ case NID_aes_128_xts:
14790+ return EVP_aes_128_xts();
14791+
14792+ case NID_aes_192_cbc:
14793+ return EVP_aes_192_cbc();
14794+
14795+ case NID_aes_192_ccm:
14796+ return EVP_aes_192_ccm();
14797+
14798+ case NID_aes_192_cfb1:
14799+ return EVP_aes_192_cfb1();
14800+
14801+ case NID_aes_192_cfb128:
14802+ return EVP_aes_192_cfb128();
14803+
14804+ case NID_aes_192_cfb8:
14805+ return EVP_aes_192_cfb8();
14806+
14807+ case NID_aes_192_ctr:
14808+ return EVP_aes_192_ctr();
14809+
14810+ case NID_aes_192_ecb:
14811+ return EVP_aes_192_ecb();
14812+
14813+ case NID_aes_192_gcm:
14814+ return EVP_aes_192_gcm();
14815+
14816+ case NID_aes_192_ofb128:
14817+ return EVP_aes_192_ofb();
14818+
14819+ case NID_aes_256_cbc:
14820+ return EVP_aes_256_cbc();
14821+
14822+ case NID_aes_256_ccm:
14823+ return EVP_aes_256_ccm();
14824+
14825+ case NID_aes_256_cfb1:
14826+ return EVP_aes_256_cfb1();
14827+
14828+ case NID_aes_256_cfb128:
14829+ return EVP_aes_256_cfb128();
14830+
14831+ case NID_aes_256_cfb8:
14832+ return EVP_aes_256_cfb8();
14833+
14834+ case NID_aes_256_ctr:
14835+ return EVP_aes_256_ctr();
14836+
14837+ case NID_aes_256_ecb:
14838+ return EVP_aes_256_ecb();
14839+
14840+ case NID_aes_256_gcm:
14841+ return EVP_aes_256_gcm();
14842+
14843+ case NID_aes_256_ofb128:
14844+ return EVP_aes_256_ofb();
14845+
14846+ case NID_aes_256_xts:
14847+ return EVP_aes_256_xts();
14848+
14849+ case NID_des_ede_ecb:
14850+ return EVP_des_ede();
14851+
14852+ case NID_des_ede3_ecb:
14853+ return EVP_des_ede3();
14854+
14855+ case NID_des_ede3_cbc:
14856+ return EVP_des_ede3_cbc();
14857+
14858+ case NID_des_ede3_cfb1:
14859+ return EVP_des_ede3_cfb1();
14860+
14861+ case NID_des_ede3_cfb64:
14862+ return EVP_des_ede3_cfb64();
14863+
14864+ case NID_des_ede3_cfb8:
14865+ return EVP_des_ede3_cfb8();
14866+
14867+ case NID_des_ede3_ofb64:
14868+ return EVP_des_ede3_ofb();
14869+
14870+ case NID_des_ede_cbc:
14871+ return EVP_des_ede_cbc();
14872+
14873+ case NID_des_ede_cfb64:
14874+ return EVP_des_ede_cfb64();
14875+
14876+ case NID_des_ede_ofb64:
14877+ return EVP_des_ede_ofb();
14878+
14879+ default:
14880+ return NULL;
14881+
14882+ }
14883+ }
14884+
a7ff9508
MT		 14885diff -up openssl-1.0.1b/crypto/fips/fips.h.fips openssl-1.0.1b/crypto/fips/fips.h
14886--- openssl-1.0.1b/crypto/fips/fips.h.fips 2012-04-26 18:00:51.405769408 +0200
14887+++ openssl-1.0.1b/crypto/fips/fips.h 2012-04-26 18:00:51.405769408 +0200
0595faf5
MT		 14888@@ -0,0 +1,279 @@
14889+/* ====================================================================
14890+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
14891+ *
14892+ * Redistribution and use in source and binary forms, with or without
14893+ * modification, are permitted provided that the following conditions
14894+ * are met:
14895+ *
14896+ * 1. Redistributions of source code must retain the above copyright
14897+ * notice, this list of conditions and the following disclaimer.
14898+ *
14899+ * 2. Redistributions in binary form must reproduce the above copyright
14900+ * notice, this list of conditions and the following disclaimer in
14901+ * the documentation and/or other materials provided with the
14902+ * distribution.
14903+ *
14904+ * 3. All advertising materials mentioning features or use of this
14905+ * software must display the following acknowledgment:
14906+ * "This product includes software developed by the OpenSSL Project
14907+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
14908+ *
14909+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
14910+ * endorse or promote products derived from this software without
14911+ * prior written permission. For written permission, please contact
14912+ * openssl-core@openssl.org.
14913+ *
14914+ * 5. Products derived from this software may not be called "OpenSSL"
14915+ * nor may "OpenSSL" appear in their names without prior written
14916+ * permission of the OpenSSL Project.
14917+ *
14918+ * 6. Redistributions of any form whatsoever must retain the following
14919+ * acknowledgment:
14920+ * "This product includes software developed by the OpenSSL Project
14921+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
14922+ *
14923+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
14924+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
14925+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
14926+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
14927+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
14928+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
14929+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
14930+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
14931+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
14932+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
14933+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
14934+ * OF THE POSSIBILITY OF SUCH DAMAGE.
14935+ *
14936+ */
14937+
14938+#include <openssl/opensslconf.h>
14939+#include <openssl/crypto.h>
14940+#include <stdarg.h>
14941+
14942+#ifndef OPENSSL_FIPS
14943+#error FIPS is disabled.
14944+#endif
14945+
14946+#ifdef OPENSSL_FIPS
14947+
14948+#ifdef __cplusplus
14949+extern "C" {
14950+#endif
14951+
14952+struct dsa_st;
14953+struct rsa_st;
14954+struct evp_pkey_st;
14955+struct env_md_st;
14956+struct env_md_ctx_st;
14957+struct evp_cipher_st;
14958+struct evp_cipher_ctx_st;
14959+struct dh_method;
14960+struct CMAC_CTX_st;
14961+struct hmac_ctx_st;
14962+
14963+int FIPS_module_mode_set(int onoff, const char *auth);
14964+int FIPS_module_mode(void);
14965+const void *FIPS_rand_check(void);
14966+int FIPS_selftest(void);
14967+int FIPS_selftest_failed(void);
14968+void FIPS_corrupt_sha1(void);
14969+int FIPS_selftest_sha1(void);
14970+int FIPS_selftest_sha2(void);
14971+void FIPS_corrupt_aes(void);
14972+int FIPS_selftest_aes_ccm(void);
14973+int FIPS_selftest_aes_gcm(void);
14974+int FIPS_selftest_aes_xts(void);
14975+int FIPS_selftest_aes(void);
14976+void FIPS_corrupt_des(void);
14977+int FIPS_selftest_des(void);
14978+void FIPS_corrupt_rsa(void);
14979+void FIPS_corrupt_rsa_keygen(void);
14980+int FIPS_selftest_rsa(void);
14981+void FIPS_corrupt_dsa(void);
14982+void FIPS_corrupt_dsa_keygen(void);
14983+int FIPS_selftest_dsa(void);
14984+void FIPS_corrupt_rng(void);
14985+void FIPS_rng_stick(void);
14986+void FIPS_x931_stick(int onoff);
14987+void FIPS_drbg_stick(int onoff);
14988+int FIPS_selftest_rng(void);
14989+int FIPS_selftest_x931(void);
14990+int FIPS_selftest_hmac(void);
14991+int FIPS_selftest_drbg(void);
14992+int FIPS_selftest_drbg_all(void);
14993+int FIPS_selftest_cmac(void);
14994+
14995+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
14996+
14997+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
14998+ alg " previous FIPS forbidden algorithm error ignored");
14999+
15000+int fips_pkey_signature_test(struct evp_pkey_st *pkey,
15001+ const unsigned char *tbs, int tbslen,
15002+ const unsigned char *kat, unsigned int katlen,
15003+ const struct env_md_st *digest, unsigned int md_flags,
15004+ const char *fail_str);
15005+
15006+int fips_cipher_test(struct evp_cipher_ctx_st *ctx,
15007+ const struct evp_cipher_st *cipher,
15008+ const unsigned char *key,
15009+ const unsigned char *iv,
15010+ const unsigned char *plaintext,
15011+ const unsigned char *ciphertext,
15012+ int len);
15013+
15014+void fips_set_selftest_fail(void);
15015+
15016+const struct env_md_st *FIPS_get_digestbynid(int nid);
15017+
15018+const struct evp_cipher_st *FIPS_get_cipherbynid(int nid);
15019+
15020+
15021+/* BEGIN ERROR CODES */
15022+/* The following lines are auto generated by the script mkerr.pl. Any changes
15023+ * made after this point may be overwritten when the script is next run.
15024+ */
15025+void ERR_load_FIPS_strings(void);
15026+
15027+/* Error codes for the FIPS functions. */
15028+
15029+/* Function codes. */
15030+#define FIPS_F_DH_BUILTIN_GENPARAMS 100
15031+#define FIPS_F_DH_INIT 148
15032+#define FIPS_F_DRBG_RESEED 162
15033+#define FIPS_F_DSA_BUILTIN_PARAMGEN 101
15034+#define FIPS_F_DSA_BUILTIN_PARAMGEN2 107
15035+#define FIPS_F_DSA_DO_SIGN 102
15036+#define FIPS_F_DSA_DO_VERIFY 103
15037+#define FIPS_F_ECDH_COMPUTE_KEY 163
15038+#define FIPS_F_ECDSA_DO_SIGN 164
15039+#define FIPS_F_ECDSA_DO_VERIFY 165
15040+#define FIPS_F_EC_KEY_GENERATE_KEY 166
15041+#define FIPS_F_EVP_CIPHERINIT_EX 124
15042+#define FIPS_F_EVP_DIGESTINIT_EX 125
15043+#define FIPS_F_FIPS_CHECK_DSA 104
15044+#define FIPS_F_FIPS_CHECK_DSA_PRNG 151
15045+#define FIPS_F_FIPS_CHECK_EC 142
15046+#define FIPS_F_FIPS_CHECK_EC_PRNG 152
15047+#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105
15048+#define FIPS_F_FIPS_CHECK_RSA 106
15049+#define FIPS_F_FIPS_CHECK_RSA_PRNG 150
15050+#define FIPS_F_FIPS_CIPHER 160
15051+#define FIPS_F_FIPS_CIPHERINIT 143
15052+#define FIPS_F_FIPS_CIPHER_CTX_CTRL 161
15053+#define FIPS_F_FIPS_DIGESTFINAL 158
15054+#define FIPS_F_FIPS_DIGESTINIT 128
15055+#define FIPS_F_FIPS_DIGESTUPDATE 159
15056+#define FIPS_F_FIPS_DRBG_BYTES 131
15057+#define FIPS_F_FIPS_DRBG_CHECK 146
15058+#define FIPS_F_FIPS_DRBG_CPRNG_TEST 132
15059+#define FIPS_F_FIPS_DRBG_ERROR_CHECK 136
15060+#define FIPS_F_FIPS_DRBG_GENERATE 134
15061+#define FIPS_F_FIPS_DRBG_INIT 135
15062+#define FIPS_F_FIPS_DRBG_INSTANTIATE 138
15063+#define FIPS_F_FIPS_DRBG_NEW 139
15064+#define FIPS_F_FIPS_DRBG_RESEED 140
15065+#define FIPS_F_FIPS_DRBG_SINGLE_KAT 141
15066+#define FIPS_F_FIPS_DSA_CHECK /* unused */ 107
15067+#define FIPS_F_FIPS_DSA_SIGN_DIGEST 154
15068+#define FIPS_F_FIPS_DSA_VERIFY_DIGEST 155
15069+#define FIPS_F_FIPS_GET_ENTROPY 147
15070+#define FIPS_F_FIPS_MODE_SET /* unused */ 108
15071+#define FIPS_F_FIPS_MODULE_MODE_SET 108
15072+#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109
15073+#define FIPS_F_FIPS_RAND_ADD 137
15074+#define FIPS_F_FIPS_RAND_BYTES 122
15075+#define FIPS_F_FIPS_RAND_PSEUDO_BYTES 167
15076+#define FIPS_F_FIPS_RAND_SEED 168
15077+#define FIPS_F_FIPS_RAND_SET_METHOD 126
15078+#define FIPS_F_FIPS_RAND_STATUS 127
15079+#define FIPS_F_FIPS_RSA_SIGN_DIGEST 156
15080+#define FIPS_F_FIPS_RSA_VERIFY_DIGEST 157
15081+#define FIPS_F_FIPS_SELFTEST_AES 110
15082+#define FIPS_F_FIPS_SELFTEST_AES_CCM 145
15083+#define FIPS_F_FIPS_SELFTEST_AES_GCM 129
15084+#define FIPS_F_FIPS_SELFTEST_AES_XTS 144
15085+#define FIPS_F_FIPS_SELFTEST_CMAC 130
15086+#define FIPS_F_FIPS_SELFTEST_DES 111
15087+#define FIPS_F_FIPS_SELFTEST_DSA 112
15088+#define FIPS_F_FIPS_SELFTEST_ECDSA 133
15089+#define FIPS_F_FIPS_SELFTEST_HMAC 113
15090+#define FIPS_F_FIPS_SELFTEST_RNG /* unused */ 114
15091+#define FIPS_F_FIPS_SELFTEST_SHA1 115
15092+#define FIPS_F_FIPS_SELFTEST_X931 114
15093+#define FIPS_F_FIPS_SET_PRNG_KEY 153
15094+#define FIPS_F_HASH_FINAL 123
15095+#define FIPS_F_RSA_BUILTIN_KEYGEN 116
15096+#define FIPS_F_RSA_EAY_INIT 149
15097+#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 117
15098+#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 118
15099+#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 119
15100+#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 120
15101+#define FIPS_F_RSA_X931_GENERATE_KEY_EX 121
15102+#define FIPS_F_SSLEAY_RAND_BYTES /* unused */ 122
15103+
15104+/* Reason codes. */
15105+#define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED 150
15106+#define FIPS_R_ADDITIONAL_INPUT_TOO_LONG 125
15107+#define FIPS_R_ALREADY_INSTANTIATED 134
15108+#define FIPS_R_AUTHENTICATION_FAILURE 151
15109+#define FIPS_R_CANNOT_READ_EXE /* unused */ 103
15110+#define FIPS_R_CANNOT_READ_EXE_DIGEST /* unused */ 104
15111+#define FIPS_R_CONTRADICTING_EVIDENCE 114
15112+#define FIPS_R_DRBG_NOT_INITIALISED 152
15113+#define FIPS_R_DRBG_STUCK 103
15114+#define FIPS_R_ENTROPY_ERROR_UNDETECTED 104
15115+#define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105
15116+#define FIPS_R_ENTROPY_SOURCE_STUCK 142
15117+#define FIPS_R_ERROR_INITIALISING_DRBG 115
15118+#define FIPS_R_ERROR_INSTANTIATING_DRBG 127
15119+#define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 124
15120+#define FIPS_R_ERROR_RETRIEVING_ENTROPY 122
15121+#define FIPS_R_ERROR_RETRIEVING_NONCE 140
15122+#define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH /* unused */ 105
15123+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110
15124+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111
15125+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112
15126+#define FIPS_R_FIPS_MODE_ALREADY_SET 102
15127+#define FIPS_R_FIPS_SELFTEST_FAILED 106
15128+#define FIPS_R_FUNCTION_ERROR 116
15129+#define FIPS_R_GENERATE_ERROR 137
15130+#define FIPS_R_GENERATE_ERROR_UNDETECTED 118
15131+#define FIPS_R_INSTANTIATE_ERROR 119
15132+#define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 120
15133+#define FIPS_R_INTERNAL_ERROR 121
15134+#define FIPS_R_INVALID_KEY_LENGTH 109
15135+#define FIPS_R_INVALID_PARAMETERS 144
15136+#define FIPS_R_IN_ERROR_STATE 123
15137+#define FIPS_R_KEY_TOO_SHORT 108
15138+#define FIPS_R_NONCE_ERROR_UNDETECTED 149
15139+#define FIPS_R_NON_FIPS_METHOD 100
15140+#define FIPS_R_NOPR_TEST1_FAILURE 145
15141+#define FIPS_R_NOPR_TEST2_FAILURE 146
15142+#define FIPS_R_NOT_INSTANTIATED 126
15143+#define FIPS_R_PAIRWISE_TEST_FAILED 107
15144+#define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 128
15145+#define FIPS_R_PERSONALISATION_STRING_TOO_LONG 129
15146+#define FIPS_R_PRNG_STRENGTH_TOO_LOW 143
15147+#define FIPS_R_PR_TEST1_FAILURE 147
15148+#define FIPS_R_PR_TEST2_FAILURE 148
15149+#define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 130
15150+#define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 131
15151+#define FIPS_R_RESEED_COUNTER_ERROR 132
15152+#define FIPS_R_RESEED_ERROR 133
15153+#define FIPS_R_RSA_DECRYPT_ERROR /* unused */ 115
15154+#define FIPS_R_RSA_ENCRYPT_ERROR /* unused */ 116
15155+#define FIPS_R_SELFTEST_FAILED 101
15156+#define FIPS_R_SELFTEST_FAILURE 135
15157+#define FIPS_R_STRENGTH_ERROR_UNDETECTED 136
15158+#define FIPS_R_TEST_FAILURE 117
15159+#define FIPS_R_UNINSTANTIATE_ERROR 141
15160+#define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138
15161+#define FIPS_R_UNSUPPORTED_DRBG_TYPE 139
15162+#define FIPS_R_UNSUPPORTED_PLATFORM 113
15163+
15164+#ifdef __cplusplus
15165+}
15166+#endif
15167+#endif
a7ff9508
MT		 15168diff -up openssl-1.0.1b/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_hmac_selftest.c
15169--- openssl-1.0.1b/crypto/fips/fips_hmac_selftest.c.fips 2012-04-26 18:00:51.405769408 +0200
15170+++ openssl-1.0.1b/crypto/fips/fips_hmac_selftest.c 2012-04-26 18:00:51.405769408 +0200
0595faf5
MT		 15171@@ -0,0 +1,137 @@
15172+/* ====================================================================
15173+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
15174+ *
15175+ * Redistribution and use in source and binary forms, with or without
15176+ * modification, are permitted provided that the following conditions
15177+ * are met:
15178+ *
15179+ * 1. Redistributions of source code must retain the above copyright
15180+ * notice, this list of conditions and the following disclaimer.
15181+ *
15182+ * 2. Redistributions in binary form must reproduce the above copyright
15183+ * notice, this list of conditions and the following disclaimer in
15184+ * the documentation and/or other materials provided with the
15185+ * distribution.
15186+ *
15187+ * 3. All advertising materials mentioning features or use of this
15188+ * software must display the following acknowledgment:
15189+ * "This product includes software developed by the OpenSSL Project
15190+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
15191+ *
15192+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
15193+ * endorse or promote products derived from this software without
15194+ * prior written permission. For written permission, please contact
15195+ * openssl-core@openssl.org.
15196+ *
15197+ * 5. Products derived from this software may not be called "OpenSSL"
15198+ * nor may "OpenSSL" appear in their names without prior written
15199+ * permission of the OpenSSL Project.
15200+ *
15201+ * 6. Redistributions of any form whatsoever must retain the following
15202+ * acknowledgment:
15203+ * "This product includes software developed by the OpenSSL Project
15204+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
15205+ *
15206+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
15207+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15208+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15209+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
15210+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15211+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
15212+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
15213+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15214+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
15215+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
15216+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
15217+ * OF THE POSSIBILITY OF SUCH DAMAGE.
15218+ *
15219+ */
15220+
15221+#include <string.h>
15222+#include <openssl/err.h>
15223+#ifdef OPENSSL_FIPS
15224+#include <openssl/fips.h>
15225+#endif
15226+#include <openssl/hmac.h>
15227+
15228+#ifdef OPENSSL_FIPS
15229+typedef struct {
15230+ const EVP_MD *(*alg)(void);
15231+ const char *key, *iv;
15232+ unsigned char kaval[EVP_MAX_MD_SIZE];
15233+} HMAC_KAT;
15234+
15235+static const HMAC_KAT vector[] = {
15236+ { EVP_sha1,
15237+ /* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */
15238+ "0123456789:;<=>?@ABC",
15239+ "Sample #2",
15240+ { 0x09,0x22,0xd3,0x40,0x5f,0xaa,0x3d,0x19,
15241+ 0x4f,0x82,0xa4,0x58,0x30,0x73,0x7d,0x5c,
15242+ 0xc6,0xc7,0x5d,0x24 }
15243+ },
15244+ { EVP_sha224,
15245+ /* just keep extending the above... */
15246+ "0123456789:;<=>?@ABC",
15247+ "Sample #2",
15248+ { 0xdd,0xef,0x0a,0x40,0xcb,0x7d,0x50,0xfb,
15249+ 0x6e,0xe6,0xce,0xa1,0x20,0xba,0x26,0xaa,
15250+ 0x08,0xf3,0x07,0x75,0x87,0xb8,0xad,0x1b,
15251+ 0x8c,0x8d,0x12,0xc7 }
15252+ },
15253+ { EVP_sha256,
15254+ "0123456789:;<=>?@ABC",
15255+ "Sample #2",
15256+ { 0xb8,0xf2,0x0d,0xb5,0x41,0xea,0x43,0x09,
15257+ 0xca,0x4e,0xa9,0x38,0x0c,0xd0,0xe8,0x34,
15258+ 0xf7,0x1f,0xbe,0x91,0x74,0xa2,0x61,0x38,
15259+ 0x0d,0xc1,0x7e,0xae,0x6a,0x34,0x51,0xd9 }
15260+ },
15261+ { EVP_sha384,
15262+ "0123456789:;<=>?@ABC",
15263+ "Sample #2",
15264+ { 0x08,0xbc,0xb0,0xda,0x49,0x1e,0x87,0xad,
15265+ 0x9a,0x1d,0x6a,0xce,0x23,0xc5,0x0b,0xf6,
15266+ 0xb7,0x18,0x06,0xa5,0x77,0xcd,0x49,0x04,
15267+ 0x89,0xf1,0xe6,0x23,0x44,0x51,0x51,0x9f,
15268+ 0x85,0x56,0x80,0x79,0x0c,0xbd,0x4d,0x50,
15269+ 0xa4,0x5f,0x29,0xe3,0x93,0xf0,0xe8,0x7f }
15270+ },
15271+ { EVP_sha512,
15272+ "0123456789:;<=>?@ABC",
15273+ "Sample #2",
15274+ { 0x80,0x9d,0x44,0x05,0x7c,0x5b,0x95,0x41,
15275+ 0x05,0xbd,0x04,0x13,0x16,0xdb,0x0f,0xac,
15276+ 0x44,0xd5,0xa4,0xd5,0xd0,0x89,0x2b,0xd0,
15277+ 0x4e,0x86,0x64,0x12,0xc0,0x90,0x77,0x68,
15278+ 0xf1,0x87,0xb7,0x7c,0x4f,0xae,0x2c,0x2f,
15279+ 0x21,0xa5,0xb5,0x65,0x9a,0x4f,0x4b,0xa7,
15280+ 0x47,0x02,0xa3,0xde,0x9b,0x51,0xf1,0x45,
15281+ 0xbd,0x4f,0x25,0x27,0x42,0x98,0x99,0x05 }
15282+ },
15283+};
15284+
15285+int FIPS_selftest_hmac()
15286+ {
15287+ int n;
15288+ unsigned int outlen;
15289+ unsigned char out[EVP_MAX_MD_SIZE];
15290+ const EVP_MD *md;
15291+ const HMAC_KAT *t;
15292+
15293+ for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
15294+ {
15295+ md = (*t->alg)();
15296+ HMAC(md,t->key,strlen(t->key),
15297+ (const unsigned char *)t->iv,strlen(t->iv),
15298+ out,&outlen);
15299+
15300+ if(memcmp(out,t->kaval,outlen))
15301+ {
15302+ FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
15303+ return 0;
15304+ }
15305+ }
15306+ return 1;
15307+ }
15308+#endif
a7ff9508
MT		 15309diff -up openssl-1.0.1b/crypto/fips/fips_locl.h.fips openssl-1.0.1b/crypto/fips/fips_locl.h
15310--- openssl-1.0.1b/crypto/fips/fips_locl.h.fips 2012-04-26 18:00:51.405769408 +0200
15311+++ openssl-1.0.1b/crypto/fips/fips_locl.h 2012-04-26 18:00:51.405769408 +0200
0595faf5
MT		 15312@@ -0,0 +1,71 @@
15313+/* ====================================================================
15314+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
15315+ *
15316+ * Redistribution and use in source and binary forms, with or without
15317+ * modification, are permitted provided that the following conditions
15318+ * are met:
15319+ *
15320+ * 1. Redistributions of source code must retain the above copyright
15321+ * notice, this list of conditions and the following disclaimer.
15322+ *
15323+ * 2. Redistributions in binary form must reproduce the above copyright
15324+ * notice, this list of conditions and the following disclaimer in
15325+ * the documentation and/or other materials provided with the
15326+ * distribution.
15327+ *
15328+ * 3. All advertising materials mentioning features or use of this
15329+ * software must display the following acknowledgment:
15330+ * "This product includes software developed by the OpenSSL Project
15331+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
15332+ *
15333+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
15334+ * endorse or promote products derived from this software without
15335+ * prior written permission. For written permission, please contact
15336+ * openssl-core@openssl.org.
15337+ *
15338+ * 5. Products derived from this software may not be called "OpenSSL"
15339+ * nor may "OpenSSL" appear in their names without prior written
15340+ * permission of the OpenSSL Project.
15341+ *
15342+ * 6. Redistributions of any form whatsoever must retain the following
15343+ * acknowledgment:
15344+ * "This product includes software developed by the OpenSSL Project
15345+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
15346+ *
15347+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
15348+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15349+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15350+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
15351+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15352+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
15353+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
15354+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15355+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
15356+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
15357+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
15358+ * OF THE POSSIBILITY OF SUCH DAMAGE.
15359+ *
15360+ */
15361+
15362+#ifdef OPENSSL_FIPS
15363+
15364+#ifdef __cplusplus
15365+extern "C" {
15366+#endif
15367+
15368+#define FIPS_MAX_CIPHER_TEST_SIZE 32
15369+#define fips_load_key_component(key, comp, pre) \
15370+ key->comp = BN_bin2bn(pre##_##comp, sizeof(pre##_##comp), key->comp); \
15371+ if (!key->comp) \
15372+ goto err
15373+
15374+#define fips_post_started(id, subid, ex) 1
15375+#define fips_post_success(id, subid, ex) 1
15376+#define fips_post_failed(id, subid, ex) 1
15377+#define fips_post_corrupt(id, subid, ex) 1
15378+#define fips_post_status() 1
15379+
15380+#ifdef __cplusplus
15381+}
15382+#endif
15383+#endif
a7ff9508
MT		 15384diff -up openssl-1.0.1b/crypto/fips/fips_md.c.fips openssl-1.0.1b/crypto/fips/fips_md.c
15385--- openssl-1.0.1b/crypto/fips/fips_md.c.fips 2012-04-26 18:00:51.405769408 +0200
15386+++ openssl-1.0.1b/crypto/fips/fips_md.c 2012-04-26 18:00:51.405769408 +0200
0595faf5
MT		 15387@@ -0,0 +1,145 @@
15388+/* fips/evp/fips_md.c */
15389+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
15390+ * All rights reserved.
15391+ *
15392+ * This package is an SSL implementation written
15393+ * by Eric Young (eay@cryptsoft.com).
15394+ * The implementation was written so as to conform with Netscapes SSL.
15395+ *
15396+ * This library is free for commercial and non-commercial use as long as
15397+ * the following conditions are aheared to. The following conditions
15398+ * apply to all code found in this distribution, be it the RC4, RSA,
15399+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
15400+ * included with this distribution is covered by the same copyright terms
15401+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15402+ *
15403+ * Copyright remains Eric Young's, and as such any Copyright notices in
15404+ * the code are not to be removed.
15405+ * If this package is used in a product, Eric Young should be given attribution
15406+ * as the author of the parts of the library used.
15407+ * This can be in the form of a textual message at program startup or
15408+ * in documentation (online or textual) provided with the package.
15409+ *
15410+ * Redistribution and use in source and binary forms, with or without
15411+ * modification, are permitted provided that the following conditions
15412+ * are met:
15413+ * 1. Redistributions of source code must retain the copyright
15414+ * notice, this list of conditions and the following disclaimer.
15415+ * 2. Redistributions in binary form must reproduce the above copyright
15416+ * notice, this list of conditions and the following disclaimer in the
15417+ * documentation and/or other materials provided with the distribution.
15418+ * 3. All advertising materials mentioning features or use of this software
15419+ * must display the following acknowledgement:
15420+ * "This product includes cryptographic software written by
15421+ * Eric Young (eay@cryptsoft.com)"
15422+ * The word 'cryptographic' can be left out if the rouines from the library
15423+ * being used are not cryptographic related :-).
15424+ * 4. If you include any Windows specific code (or a derivative thereof) from
15425+ * the apps directory (application code) you must include an acknowledgement:
15426+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
15427+ *
15428+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
15429+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15430+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
15431+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
15432+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
15433+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
15434+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15435+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
15436+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
15437+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
15438+ * SUCH DAMAGE.
15439+ *
15440+ * The licence and distribution terms for any publically available version or
15441+ * derivative of this code cannot be changed. i.e. this code cannot simply be
15442+ * copied and put under another distribution licence
15443+ * [including the GNU Public Licence.]
15444+ */
15445+/* ====================================================================
15446+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
15447+ *
15448+ * Redistribution and use in source and binary forms, with or without
15449+ * modification, are permitted provided that the following conditions
15450+ * are met:
15451+ *
15452+ * 1. Redistributions of source code must retain the above copyright
15453+ * notice, this list of conditions and the following disclaimer.
15454+ *
15455+ * 2. Redistributions in binary form must reproduce the above copyright
15456+ * notice, this list of conditions and the following disclaimer in
15457+ * the documentation and/or other materials provided with the
15458+ * distribution.
15459+ *
15460+ * 3. All advertising materials mentioning features or use of this
15461+ * software must display the following acknowledgment:
15462+ * "This product includes software developed by the OpenSSL Project
15463+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
15464+ *
15465+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
15466+ * endorse or promote products derived from this software without
15467+ * prior written permission. For written permission, please contact
15468+ * openssl-core@openssl.org.
15469+ *
15470+ * 5. Products derived from this software may not be called "OpenSSL"
15471+ * nor may "OpenSSL" appear in their names without prior written
15472+ * permission of the OpenSSL Project.
15473+ *
15474+ * 6. Redistributions of any form whatsoever must retain the following
15475+ * acknowledgment:
15476+ * "This product includes software developed by the OpenSSL Project
15477+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
15478+ *
15479+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
15480+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15481+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15482+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
15483+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15484+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
15485+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
15486+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15487+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
15488+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
15489+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
15490+ * OF THE POSSIBILITY OF SUCH DAMAGE.
15491+ * ====================================================================
15492+ *
15493+ * This product includes cryptographic software written by Eric Young
15494+ * (eay@cryptsoft.com). This product includes software written by Tim
15495+ * Hudson (tjh@cryptsoft.com).
15496+ *
15497+ */
15498+
15499+/* Minimal standalone FIPS versions of Digest operations */
15500+
15501+#define OPENSSL_FIPSAPI
15502+
15503+#include <stdio.h>
15504+#include <string.h>
15505+#include <openssl/objects.h>
15506+#include <openssl/evp.h>
15507+#include <openssl/err.h>
15508+#include <openssl/fips.h>
15509+
15510+const EVP_MD *FIPS_get_digestbynid(int nid)
15511+ {
15512+ switch (nid)
15513+ {
15514+ case NID_sha1:
15515+ return EVP_sha1();
15516+
15517+ case NID_sha224:
15518+ return EVP_sha224();
15519+
15520+ case NID_sha256:
15521+ return EVP_sha256();
15522+
15523+ case NID_sha384:
15524+ return EVP_sha384();
15525+
15526+ case NID_sha512:
15527+ return EVP_sha512();
15528+
15529+ default:
15530+ return NULL;
15531+ }
15532+ }
a7ff9508
MT		 15533diff -up openssl-1.0.1b/crypto/fips/fips_post.c.fips openssl-1.0.1b/crypto/fips/fips_post.c
15534--- openssl-1.0.1b/crypto/fips/fips_post.c.fips 2012-04-26 18:00:51.406769429 +0200
15535+++ openssl-1.0.1b/crypto/fips/fips_post.c 2012-04-26 18:00:51.406769429 +0200
0595faf5
MT		 15536@@ -0,0 +1,205 @@
15537+/* ====================================================================
15538+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
15539+ *
15540+ * Redistribution and use in source and binary forms, with or without
15541+ * modification, are permitted provided that the following conditions
15542+ * are met:
15543+ *
15544+ * 1. Redistributions of source code must retain the above copyright
15545+ * notice, this list of conditions and the following disclaimer.
15546+ *
15547+ * 2. Redistributions in binary form must reproduce the above copyright
15548+ * notice, this list of conditions and the following disclaimer in
15549+ * the documentation and/or other materials provided with the
15550+ * distribution.
15551+ *
15552+ * 3. All advertising materials mentioning features or use of this
15553+ * software must display the following acknowledgment:
15554+ * "This product includes software developed by the OpenSSL Project
15555+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
15556+ *
15557+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
15558+ * endorse or promote products derived from this software without
15559+ * prior written permission. For written permission, please contact
15560+ * openssl-core@openssl.org.
15561+ *
15562+ * 5. Products derived from this software may not be called "OpenSSL"
15563+ * nor may "OpenSSL" appear in their names without prior written
15564+ * permission of the OpenSSL Project.
15565+ *
15566+ * 6. Redistributions of any form whatsoever must retain the following
15567+ * acknowledgment:
15568+ * "This product includes software developed by the OpenSSL Project
15569+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
15570+ *
15571+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
15572+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15573+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15574+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
15575+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15576+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
15577+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
15578+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15579+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
15580+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
15581+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
15582+ * OF THE POSSIBILITY OF SUCH DAMAGE.
15583+ *
15584+ */
15585+
15586+#define OPENSSL_FIPSAPI
15587+
15588+#include <openssl/crypto.h>
15589+#include <openssl/rand.h>
15590+#include <openssl/fips_rand.h>
15591+#include <openssl/err.h>
15592+#include <openssl/bio.h>
15593+#include <openssl/hmac.h>
15594+#include <openssl/rsa.h>
15595+#include <openssl/dsa.h>
15596+#include <string.h>
15597+#include <limits.h>
15598+
15599+#ifdef OPENSSL_FIPS
15600+
15601+/* Power on self test (POST) support functions */
15602+
15603+#include <openssl/fips.h>
15604+#include "fips_locl.h"
15605+
15606+/* Run all selftests */
15607+int FIPS_selftest(void)
15608+ {
15609+ int rv = 1;
15610+ if (!FIPS_selftest_drbg())
15611+ rv = 0;
15612+ if (!FIPS_selftest_x931())
15613+ rv = 0;
15614+ if (!FIPS_selftest_sha1())
15615+ rv = 0;
15616+ if (!FIPS_selftest_sha2())
15617+ rv = 0;
15618+ if (!FIPS_selftest_hmac())
15619+ rv = 0;
15620+ if (!FIPS_selftest_cmac())
15621+ rv = 0;
15622+ if (!FIPS_selftest_aes())
15623+ rv = 0;
15624+ if (!FIPS_selftest_aes_ccm())
15625+ rv = 0;
15626+ if (!FIPS_selftest_aes_gcm())
15627+ rv = 0;
15628+ if (!FIPS_selftest_aes_xts())
15629+ rv = 0;
15630+ if (!FIPS_selftest_des())
15631+ rv = 0;
15632+ if (!FIPS_selftest_rsa())
15633+ rv = 0;
15634+ if (!FIPS_selftest_dsa())
15635+ rv = 0;
15636+ return rv;
15637+ }
15638+
15639+/* Generalized public key test routine. Signs and verifies the data
15640+ * supplied in tbs using mesage digest md and setting option digest
15641+ * flags md_flags. If the 'kat' parameter is not NULL it will
15642+ * additionally check the signature matches it: a known answer test
15643+ * The string "fail_str" is used for identification purposes in case
15644+ * of failure. If "pkey" is NULL just perform a message digest check.
15645+ */
15646+
15647+int fips_pkey_signature_test(EVP_PKEY *pkey,
15648+ const unsigned char *tbs, int tbslen,
15649+ const unsigned char *kat, unsigned int katlen,
15650+ const EVP_MD *digest, unsigned int md_flags,
15651+ const char *fail_str)
15652+ {
15653+ int ret = 0;
15654+ unsigned char sigtmp[256], *sig = sigtmp;
15655+ unsigned int siglen;
15656+ EVP_MD_CTX mctx;
15657+ EVP_MD_CTX_init(&mctx);
15658+
15659+ if (digest == NULL)
15660+ digest = EVP_sha256();
15661+
15662+ if ((pkey->type == EVP_PKEY_RSA)
15663+ && (RSA_size(pkey->pkey.rsa) > sizeof(sigtmp)))
15664+ {
15665+ sig = OPENSSL_malloc(RSA_size(pkey->pkey.rsa));
15666+ if (!sig)
15667+ {
15668+ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,ERR_R_MALLOC_FAILURE);
15669+ return 0;
15670+ }
15671+ }
15672+
15673+ if (tbslen == -1)
15674+ tbslen = strlen((char *)tbs);
15675+
15676+ if (md_flags)
15677+ EVP_MD_CTX_set_flags(&mctx, md_flags);
15678+
15679+ if (!EVP_SignInit_ex(&mctx, digest, NULL))
15680+ goto error;
15681+ if (!EVP_SignUpdate(&mctx, tbs, tbslen))
15682+ goto error;
15683+ if (!EVP_SignFinal(&mctx, sig, &siglen, pkey))
15684+ goto error;
15685+
15686+ if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen)))
15687+ goto error;
15688+
15689+ if (!EVP_VerifyInit_ex(&mctx, digest, NULL))
15690+ goto error;
15691+ if (!EVP_VerifyUpdate(&mctx, tbs, tbslen))
15692+ goto error;
15693+ ret = EVP_VerifyFinal(&mctx, sig, siglen, pkey);
15694+
15695+ error:
15696+ if (sig != sigtmp)
15697+ OPENSSL_free(sig);
15698+ EVP_MD_CTX_cleanup(&mctx);
15699+ if (ret != 1)
15700+ {
15701+ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,FIPS_R_TEST_FAILURE);
15702+ if (fail_str)
15703+ ERR_add_error_data(2, "Type=", fail_str);
15704+ return 0;
15705+ }
15706+ return 1;
15707+ }
15708+
15709+/* Generalized symmetric cipher test routine. Encrypt data, verify result
15710+ * against known answer, decrypt and compare with original plaintext.
15711+ */
15712+
15713+int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
15714+ const unsigned char *key,
15715+ const unsigned char *iv,
15716+ const unsigned char *plaintext,
15717+ const unsigned char *ciphertext,
15718+ int len)
15719+ {
15720+ unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
15721+ unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
15722+
15723+ OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
15724+ memset(pltmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
15725+ memset(citmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
15726+
15727+ if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0)
15728+ return 0;
15729+ if (EVP_Cipher(ctx, citmp, plaintext, len) <= 0)
15730+ return 0;
15731+ if (memcmp(citmp, ciphertext, len))
15732+ return 0;
15733+ if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0)
15734+ return 0;
15735+ if (EVP_Cipher(ctx, pltmp, citmp, len) <= 0)
15736+ return 0;
15737+ if (memcmp(pltmp, plaintext, len))
15738+ return 0;
15739+ return 1;
15740+ }
15741+#endif
a7ff9508
MT		 15742diff -up openssl-1.0.1b/crypto/fips/fips_rand.c.fips openssl-1.0.1b/crypto/fips/fips_rand.c
15743--- openssl-1.0.1b/crypto/fips/fips_rand.c.fips 2012-04-26 18:00:51.406769429 +0200
15744+++ openssl-1.0.1b/crypto/fips/fips_rand.c 2012-04-26 18:00:51.406769429 +0200
0595faf5
MT		 15745@@ -0,0 +1,457 @@
15746+/* ====================================================================
15747+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
15748+ *
15749+ * Redistribution and use in source and binary forms, with or without
15750+ * modification, are permitted provided that the following conditions
15751+ * are met:
15752+ *
15753+ * 1. Redistributions of source code must retain the above copyright
15754+ * notice, this list of conditions and the following disclaimer.
15755+ *
15756+ * 2. Redistributions in binary form must reproduce the above copyright
15757+ * notice, this list of conditions and the following disclaimer in
15758+ * the documentation and/or other materials provided with the
15759+ * distribution.
15760+ *
15761+ * 3. All advertising materials mentioning features or use of this
15762+ * software must display the following acknowledgment:
15763+ * "This product includes software developed by the OpenSSL Project
15764+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
15765+ *
15766+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
15767+ * endorse or promote products derived from this software without
15768+ * prior written permission. For written permission, please contact
15769+ * openssl-core@openssl.org.
15770+ *
15771+ * 5. Products derived from this software may not be called "OpenSSL"
15772+ * nor may "OpenSSL" appear in their names without prior written
15773+ * permission of the OpenSSL Project.
15774+ *
15775+ * 6. Redistributions of any form whatsoever must retain the following
15776+ * acknowledgment:
15777+ * "This product includes software developed by the OpenSSL Project
15778+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
15779+ *
15780+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
15781+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15782+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15783+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
15784+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15785+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
15786+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
15787+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15788+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
15789+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
15790+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
15791+ * OF THE POSSIBILITY OF SUCH DAMAGE.
15792+ *
15793+ */
15794+
15795+/*
15796+ * This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4.
15797+ */
15798+#include <openssl/crypto.h>
15799+#include "e_os.h"
15800+
15801+/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't
15802+ be defined and gettimeofday() won't be declared with strict compilers
15803+ like DEC C in ANSI C mode. */
15804+#ifndef _XOPEN_SOURCE_EXTENDED
15805+#define _XOPEN_SOURCE_EXTENDED 1
15806+#endif
15807+
15808+#include <openssl/rand.h>
15809+#include <openssl/aes.h>
15810+#include <openssl/err.h>
15811+#include <openssl/fips_rand.h>
15812+#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS))
15813+# include <sys/time.h>
15814+#endif
15815+#if defined(OPENSSL_SYS_VXWORKS)
15816+# include <time.h>
15817+#endif
15818+#include <assert.h>
15819+#ifndef OPENSSL_SYS_WIN32
15820+# ifdef OPENSSL_UNISTD
15821+# include OPENSSL_UNISTD
15822+# else
15823+# include <unistd.h>
15824+# endif
15825+#endif
15826+#include <string.h>
15827+#include <openssl/fips.h>
15828+#include "fips_locl.h"
15829+
15830+#ifdef OPENSSL_FIPS
15831+
15832+void *OPENSSL_stderr(void);
15833+
15834+#define AES_BLOCK_LENGTH 16
15835+
15836+
15837+/* AES FIPS PRNG implementation */
15838+
15839+typedef struct
15840+ {
15841+ int seeded;
15842+ int keyed;
15843+ int test_mode;
15844+ int second;
15845+ int error;
15846+ unsigned long counter;
15847+ AES_KEY ks;
15848+ int vpos;
15849+ /* Temporary storage for key if it equals seed length */
15850+ unsigned char tmp_key[AES_BLOCK_LENGTH];
15851+ unsigned char V[AES_BLOCK_LENGTH];
15852+ unsigned char DT[AES_BLOCK_LENGTH];
15853+ unsigned char last[AES_BLOCK_LENGTH];
15854+ } FIPS_PRNG_CTX;
15855+
15856+static FIPS_PRNG_CTX sctx;
15857+
15858+static int fips_prng_fail = 0;
15859+
15860+void FIPS_x931_stick(int onoff)
15861+ {
15862+ fips_prng_fail = onoff;
15863+ }
15864+
15865+void FIPS_rng_stick(void)
15866+ {
15867+ FIPS_x931_stick(1);
15868+ }
15869+
15870+static void fips_rand_prng_reset(FIPS_PRNG_CTX *ctx)
15871+ {
15872+ ctx->seeded = 0;
15873+ ctx->keyed = 0;
15874+ ctx->test_mode = 0;
15875+ ctx->counter = 0;
15876+ ctx->second = 0;
15877+ ctx->error = 0;
15878+ ctx->vpos = 0;
15879+ OPENSSL_cleanse(ctx->V, AES_BLOCK_LENGTH);
15880+ OPENSSL_cleanse(&ctx->ks, sizeof(AES_KEY));
15881+ }
15882+
15883+
15884+static int fips_set_prng_key(FIPS_PRNG_CTX *ctx,
15885+ const unsigned char *key, unsigned int keylen)
15886+ {
15887+ if (FIPS_selftest_failed())
15888+ {
15889+ FIPSerr(FIPS_F_FIPS_SET_PRNG_KEY, FIPS_R_SELFTEST_FAILED);
15890+ return 0;
15891+ }
15892+ if (keylen != 16 && keylen != 24 && keylen != 32)
15893+ {
15894+ /* error: invalid key size */
15895+ return 0;
15896+ }
15897+ AES_set_encrypt_key(key, keylen << 3, &ctx->ks);
15898+ if (keylen == 16)
15899+ {
15900+ memcpy(ctx->tmp_key, key, 16);
15901+ ctx->keyed = 2;
15902+ }
15903+ else
15904+ ctx->keyed = 1;
15905+ ctx->seeded = 0;
15906+ ctx->second = 0;
15907+ return 1;
15908+ }
15909+
15910+static int fips_set_prng_seed(FIPS_PRNG_CTX *ctx,
15911+ const unsigned char *seed, unsigned int seedlen)
15912+ {
15913+ unsigned int i;
15914+ if (!ctx->keyed)
15915+ return 0;
15916+ /* In test mode seed is just supplied data */
15917+ if (ctx->test_mode)
15918+ {
15919+ if (seedlen != AES_BLOCK_LENGTH)
15920+ return 0;
15921+ memcpy(ctx->V, seed, AES_BLOCK_LENGTH);
15922+ ctx->seeded = 1;
15923+ return 1;
15924+ }
15925+ /* Outside test mode XOR supplied data with existing seed */
15926+ for (i = 0; i < seedlen; i++)
15927+ {
15928+ ctx->V[ctx->vpos++] ^= seed[i];
15929+ if (ctx->vpos == AES_BLOCK_LENGTH)
15930+ {
15931+ ctx->vpos = 0;
15932+ /* Special case if first seed and key length equals
15933+ * block size check key and seed do not match.
15934+ */
15935+ if (ctx->keyed == 2)
15936+ {
15937+ if (!memcmp(ctx->tmp_key, ctx->V, 16))
15938+ {
15939+ RANDerr(RAND_F_FIPS_SET_PRNG_SEED,
15940+ RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY);
15941+ return 0;
15942+ }
15943+ OPENSSL_cleanse(ctx->tmp_key, 16);
15944+ ctx->keyed = 1;
15945+ }
15946+ ctx->seeded = 1;
15947+ }
15948+ }
15949+ return 1;
15950+ }
15951+
15952+static int fips_set_test_mode(FIPS_PRNG_CTX *ctx)
15953+ {
15954+ if (ctx->keyed)
15955+ {
15956+ RANDerr(RAND_F_FIPS_SET_TEST_MODE,RAND_R_PRNG_KEYED);
15957+ return 0;
15958+ }
15959+ ctx->test_mode = 1;
15960+ return 1;
15961+ }
15962+
15963+int FIPS_x931_test_mode(void)
15964+ {
15965+ return fips_set_test_mode(&sctx);
15966+ }
15967+
15968+int FIPS_rand_test_mode(void)
15969+ {
15970+ return fips_set_test_mode(&sctx);
15971+ }
15972+
15973+
15974+int FIPS_x931_set_dt(unsigned char *dt)
15975+ {
15976+ if (!sctx.test_mode)
15977+ {
15978+ RANDerr(RAND_F_FIPS_X931_SET_DT,RAND_R_NOT_IN_TEST_MODE);
15979+ return 0;
15980+ }
15981+ memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
15982+ return 1;
15983+ }
15984+
15985+int FIPS_rand_set_dt(unsigned char *dt)
15986+ {
15987+ if (!sctx.test_mode)
15988+ {
15989+ RANDerr(RAND_F_FIPS_RAND_SET_DT,RAND_R_NOT_IN_TEST_MODE);
15990+ return 0;
15991+ }
15992+ memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
15993+ return 1;
15994+ }
15995+
15996+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr)
15997+ {
15998+#ifdef OPENSSL_SYS_WIN32
15999+ FILETIME ft;
16000+#elif defined(OPENSSL_SYS_VXWORKS)
16001+ struct timespec ts;
16002+#else
16003+ struct timeval tv;
16004+#endif
16005+
16006+#ifndef GETPID_IS_MEANINGLESS
16007+ unsigned long pid;
16008+#endif
16009+
16010+#ifdef OPENSSL_SYS_WIN32
16011+ GetSystemTimeAsFileTime(&ft);
16012+ buf[0] = (unsigned char) (ft.dwHighDateTime & 0xff);
16013+ buf[1] = (unsigned char) ((ft.dwHighDateTime >> 8) & 0xff);
16014+ buf[2] = (unsigned char) ((ft.dwHighDateTime >> 16) & 0xff);
16015+ buf[3] = (unsigned char) ((ft.dwHighDateTime >> 24) & 0xff);
16016+ buf[4] = (unsigned char) (ft.dwLowDateTime & 0xff);
16017+ buf[5] = (unsigned char) ((ft.dwLowDateTime >> 8) & 0xff);
16018+ buf[6] = (unsigned char) ((ft.dwLowDateTime >> 16) & 0xff);
16019+ buf[7] = (unsigned char) ((ft.dwLowDateTime >> 24) & 0xff);
16020+#elif defined(OPENSSL_SYS_VXWORKS)
16021+ clock_gettime(CLOCK_REALTIME, &ts);
16022+ buf[0] = (unsigned char) (ts.tv_sec & 0xff);
16023+ buf[1] = (unsigned char) ((ts.tv_sec >> 8) & 0xff);
16024+ buf[2] = (unsigned char) ((ts.tv_sec >> 16) & 0xff);
16025+ buf[3] = (unsigned char) ((ts.tv_sec >> 24) & 0xff);
16026+ buf[4] = (unsigned char) (ts.tv_nsec & 0xff);
16027+ buf[5] = (unsigned char) ((ts.tv_nsec >> 8) & 0xff);
16028+ buf[6] = (unsigned char) ((ts.tv_nsec >> 16) & 0xff);
16029+ buf[7] = (unsigned char) ((ts.tv_nsec >> 24) & 0xff);
16030+#else
16031+ gettimeofday(&tv,NULL);
16032+ buf[0] = (unsigned char) (tv.tv_sec & 0xff);
16033+ buf[1] = (unsigned char) ((tv.tv_sec >> 8) & 0xff);
16034+ buf[2] = (unsigned char) ((tv.tv_sec >> 16) & 0xff);
16035+ buf[3] = (unsigned char) ((tv.tv_sec >> 24) & 0xff);
16036+ buf[4] = (unsigned char) (tv.tv_usec & 0xff);
16037+ buf[5] = (unsigned char) ((tv.tv_usec >> 8) & 0xff);
16038+ buf[6] = (unsigned char) ((tv.tv_usec >> 16) & 0xff);
16039+ buf[7] = (unsigned char) ((tv.tv_usec >> 24) & 0xff);
16040+#endif
16041+ buf[8] = (unsigned char) (*pctr & 0xff);
16042+ buf[9] = (unsigned char) ((*pctr >> 8) & 0xff);
16043+ buf[10] = (unsigned char) ((*pctr >> 16) & 0xff);
16044+ buf[11] = (unsigned char) ((*pctr >> 24) & 0xff);
16045+
16046+ (*pctr)++;
16047+
16048+
16049+#ifndef GETPID_IS_MEANINGLESS
16050+ pid=(unsigned long)getpid();
16051+ buf[12] = (unsigned char) (pid & 0xff);
16052+ buf[13] = (unsigned char) ((pid >> 8) & 0xff);
16053+ buf[14] = (unsigned char) ((pid >> 16) & 0xff);
16054+ buf[15] = (unsigned char) ((pid >> 24) & 0xff);
16055+#endif
16056+ }
16057+
16058+static int fips_rand(FIPS_PRNG_CTX *ctx,
16059+ unsigned char *out, unsigned int outlen)
16060+ {
16061+ unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH];
16062+ unsigned char tmp[AES_BLOCK_LENGTH];
16063+ int i;
16064+ if (ctx->error)
16065+ {
16066+ RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_ERROR);
16067+ return 0;
16068+ }
16069+ if (!ctx->keyed)
16070+ {
16071+ RANDerr(RAND_F_FIPS_RAND,RAND_R_NO_KEY_SET);
16072+ return 0;
16073+ }
16074+ if (!ctx->seeded)
16075+ {
16076+ RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_NOT_SEEDED);
16077+ return 0;
16078+ }
16079+ for (;;)
16080+ {
16081+ if (!ctx->test_mode)
16082+ FIPS_get_timevec(ctx->DT, &ctx->counter);
16083+ AES_encrypt(ctx->DT, I, &ctx->ks);
16084+ for (i = 0; i < AES_BLOCK_LENGTH; i++)
16085+ tmp[i] = I[i] ^ ctx->V[i];
16086+ AES_encrypt(tmp, R, &ctx->ks);
16087+ for (i = 0; i < AES_BLOCK_LENGTH; i++)
16088+ tmp[i] = R[i] ^ I[i];
16089+ AES_encrypt(tmp, ctx->V, &ctx->ks);
16090+ /* Continuous PRNG test */
16091+ if (ctx->second)
16092+ {
16093+ if (fips_prng_fail)
16094+ memcpy(ctx->last, R, AES_BLOCK_LENGTH);
16095+ if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH))
16096+ {
16097+ RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_STUCK);
16098+ ctx->error = 1;
16099+ fips_set_selftest_fail();
16100+ return 0;
16101+ }
16102+ }
16103+ memcpy(ctx->last, R, AES_BLOCK_LENGTH);
16104+ if (!ctx->second)
16105+ {
16106+ ctx->second = 1;
16107+ if (!ctx->test_mode)
16108+ continue;
16109+ }
16110+
16111+ if (outlen <= AES_BLOCK_LENGTH)
16112+ {
16113+ memcpy(out, R, outlen);
16114+ break;
16115+ }
16116+
16117+ memcpy(out, R, AES_BLOCK_LENGTH);
16118+ out += AES_BLOCK_LENGTH;
16119+ outlen -= AES_BLOCK_LENGTH;
16120+ }
16121+ return 1;
16122+ }
16123+
16124+
16125+int FIPS_x931_set_key(const unsigned char *key, int keylen)
16126+ {
16127+ int ret;
16128+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
16129+ ret = fips_set_prng_key(&sctx, key, keylen);
16130+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
16131+ return ret;
16132+ }
16133+
16134+int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen)
16135+ {
16136+ return FIPS_x931_set_key(key, keylen);
16137+ }
16138+
16139+int FIPS_x931_seed(const void *seed, int seedlen)
16140+ {
16141+ int ret;
16142+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
16143+ ret = fips_set_prng_seed(&sctx, seed, seedlen);
16144+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
16145+ return ret;
16146+ }
16147+
16148+
16149+int FIPS_x931_bytes(unsigned char *out, int count)
16150+ {
16151+ int ret;
16152+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
16153+ ret = fips_rand(&sctx, out, count);
16154+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
16155+ return ret;
16156+ }
16157+
16158+int FIPS_x931_status(void)
16159+ {
16160+ int ret;
16161+ CRYPTO_r_lock(CRYPTO_LOCK_RAND);
16162+ ret = sctx.seeded;
16163+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
16164+ return ret;
16165+ }
16166+
16167+void FIPS_x931_reset(void)
16168+ {
16169+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
16170+ fips_rand_prng_reset(&sctx);
16171+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
16172+ }
16173+
16174+static int fips_do_rand_seed(const void *seed, int seedlen)
16175+ {
16176+ FIPS_x931_seed(seed, seedlen);
16177+ return 1;
16178+ }
16179+
16180+static int fips_do_rand_add(const void *seed, int seedlen,
16181+ double add_entropy)
16182+ {
16183+ FIPS_x931_seed(seed, seedlen);
16184+ return 1;
16185+ }
16186+
16187+static const RAND_METHOD rand_x931_meth=
16188+ {
16189+ fips_do_rand_seed,
16190+ FIPS_x931_bytes,
16191+ FIPS_x931_reset,
16192+ fips_do_rand_add,
16193+ FIPS_x931_bytes,
16194+ FIPS_x931_status
16195+ };
16196+
16197+const RAND_METHOD *FIPS_x931_method(void)
16198+{
16199+ return &rand_x931_meth;
16200+}
16201+
16202+#endif
a7ff9508
MT		 16203diff -up openssl-1.0.1b/crypto/fips/fips_rand.h.fips openssl-1.0.1b/crypto/fips/fips_rand.h
16204--- openssl-1.0.1b/crypto/fips/fips_rand.h.fips 2012-04-26 18:00:51.406769429 +0200
16205+++ openssl-1.0.1b/crypto/fips/fips_rand.h 2012-04-26 18:00:51.406769429 +0200
0595faf5
MT		 16206@@ -0,0 +1,145 @@
16207+/* ====================================================================
16208+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
16209+ *
16210+ * Redistribution and use in source and binary forms, with or without
16211+ * modification, are permitted provided that the following conditions
16212+ * are met:
16213+ *
16214+ * 1. Redistributions of source code must retain the above copyright
16215+ * notice, this list of conditions and the following disclaimer.
16216+ *
16217+ * 2. Redistributions in binary form must reproduce the above copyright
16218+ * notice, this list of conditions and the following disclaimer in
16219+ * the documentation and/or other materials provided with the
16220+ * distribution.
16221+ *
16222+ * 3. All advertising materials mentioning features or use of this
16223+ * software must display the following acknowledgment:
16224+ * "This product includes software developed by the OpenSSL Project
16225+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
16226+ *
16227+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
16228+ * endorse or promote products derived from this software without
16229+ * prior written permission. For written permission, please contact
16230+ * openssl-core@openssl.org.
16231+ *
16232+ * 5. Products derived from this software may not be called "OpenSSL"
16233+ * nor may "OpenSSL" appear in their names without prior written
16234+ * permission of the OpenSSL Project.
16235+ *
16236+ * 6. Redistributions of any form whatsoever must retain the following
16237+ * acknowledgment:
16238+ * "This product includes software developed by the OpenSSL Project
16239+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
16240+ *
16241+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
16242+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16243+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16244+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
16245+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
16246+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
16247+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
16248+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
16249+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16250+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
16251+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
16252+ * OF THE POSSIBILITY OF SUCH DAMAGE.
16253+ *
16254+ */
16255+
16256+#ifndef HEADER_FIPS_RAND_H
16257+#define HEADER_FIPS_RAND_H
16258+
16259+#include <openssl/aes.h>
16260+#include <openssl/evp.h>
16261+#include <openssl/hmac.h>
16262+#include <openssl/rand.h>
16263+
16264+#ifdef OPENSSL_FIPS
16265+
16266+#ifdef __cplusplus
16267+extern "C" {
16268+#endif
16269+
16270+int FIPS_x931_set_key(const unsigned char *key, int keylen);
16271+int FIPS_x931_seed(const void *buf, int num);
16272+int FIPS_x931_bytes(unsigned char *out, int outlen);
16273+
16274+int FIPS_x931_test_mode(void);
16275+void FIPS_x931_reset(void);
16276+int FIPS_x931_set_dt(unsigned char *dt);
16277+
16278+int FIPS_x931_status(void);
16279+
16280+const RAND_METHOD *FIPS_x931_method(void);
16281+
16282+typedef struct drbg_ctx_st DRBG_CTX;
16283+/* DRBG external flags */
16284+/* Flag for CTR mode only: use derivation function ctr_df */
16285+#define DRBG_FLAG_CTR_USE_DF 0x1
16286+/* PRNG is in test state */
16287+#define DRBG_FLAG_TEST 0x2
16288+
16289+DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags);
16290+int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags);
16291+int FIPS_drbg_instantiate(DRBG_CTX *dctx,
16292+ const unsigned char *pers, size_t perslen);
16293+int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin, size_t adinlen);
16294+int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
16295+ int prediction_resistance,
16296+ const unsigned char *adin, size_t adinlen);
16297+
16298+int FIPS_drbg_uninstantiate(DRBG_CTX *dctx);
16299+void FIPS_drbg_free(DRBG_CTX *dctx);
16300+
16301+int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
16302+ size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
16303+ int entropy, size_t min_len, size_t max_len),
16304+ void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
16305+ size_t entropy_blocklen,
16306+ size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
16307+ int entropy, size_t min_len, size_t max_len),
16308+ void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen));
16309+
16310+int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
16311+ size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout),
16312+ void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
16313+ int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num),
16314+ int (*rand_add_cb)(DRBG_CTX *ctx,
16315+ const void *buf, int num, double entropy));
16316+
16317+void *FIPS_drbg_get_app_data(DRBG_CTX *ctx);
16318+void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data);
16319+size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx);
16320+int FIPS_drbg_get_strength(DRBG_CTX *dctx);
16321+void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval);
16322+void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval);
16323+
16324+int FIPS_drbg_health_check(DRBG_CTX *dctx);
16325+
16326+DRBG_CTX *FIPS_get_default_drbg(void);
16327+const RAND_METHOD *FIPS_drbg_method(void);
16328+
16329+
16330+int FIPS_rand_set_method(const RAND_METHOD *meth);
16331+const RAND_METHOD *FIPS_rand_get_method(void);
16332+
16333+void FIPS_rand_set_bits(int nbits);
16334+
16335+int FIPS_rand_strength(void);
16336+
16337+/* 1.0.0 compat functions */
16338+int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen);
16339+int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num);
16340+int FIPS_rand_bytes(unsigned char *out, FIPS_RAND_SIZE_T outlen);
16341+int FIPS_rand_test_mode(void);
16342+void FIPS_rand_reset(void);
16343+int FIPS_rand_set_dt(unsigned char *dt);
16344+int FIPS_rand_status(void);
16345+const RAND_METHOD *FIPS_rand_method(void);
16346+
16347+#ifdef __cplusplus
16348+}
16349+#endif
16350+#endif
16351+#endif
a7ff9508
MT		 16352diff -up openssl-1.0.1b/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1b/crypto/fips/fips_rand_lcl.h
16353--- openssl-1.0.1b/crypto/fips/fips_rand_lcl.h.fips 2012-04-26 18:00:51.406769429 +0200
16354+++ openssl-1.0.1b/crypto/fips/fips_rand_lcl.h 2012-04-26 18:00:51.406769429 +0200
0595faf5
MT		 16355@@ -0,0 +1,219 @@
16356+/* fips/rand/fips_rand_lcl.h */
16357+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
16358+ * project.
16359+ */
16360+/* ====================================================================
16361+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
16362+ *
16363+ * Redistribution and use in source and binary forms, with or without
16364+ * modification, are permitted provided that the following conditions
16365+ * are met:
16366+ *
16367+ * 1. Redistributions of source code must retain the above copyright
16368+ * notice, this list of conditions and the following disclaimer.
16369+ *
16370+ * 2. Redistributions in binary form must reproduce the above copyright
16371+ * notice, this list of conditions and the following disclaimer in
16372+ * the documentation and/or other materials provided with the
16373+ * distribution.
16374+ *
16375+ * 3. All advertising materials mentioning features or use of this
16376+ * software must display the following acknowledgment:
16377+ * "This product includes software developed by the OpenSSL Project
16378+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
16379+ *
16380+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
16381+ * endorse or promote products derived from this software without
16382+ * prior written permission. For written permission, please contact
16383+ * licensing@OpenSSL.org.
16384+ *
16385+ * 5. Products derived from this software may not be called "OpenSSL"
16386+ * nor may "OpenSSL" appear in their names without prior written
16387+ * permission of the OpenSSL Project.
16388+ *
16389+ * 6. Redistributions of any form whatsoever must retain the following
16390+ * acknowledgment:
16391+ * "This product includes software developed by the OpenSSL Project
16392+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
16393+ *
16394+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
16395+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16396+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16397+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
16398+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
16399+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
16400+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
16401+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
16402+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16403+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
16404+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
16405+ * OF THE POSSIBILITY OF SUCH DAMAGE.
16406+ * ====================================================================
16407+ */
16408+
16409+typedef struct drbg_hash_ctx_st DRBG_HASH_CTX;
16410+typedef struct drbg_hmac_ctx_st DRBG_HMAC_CTX;
16411+typedef struct drbg_ctr_ctx_st DRBG_CTR_CTX;
16412+
16413+/* 888 bits from 10.1 table 2 */
16414+#define HASH_PRNG_MAX_SEEDLEN 111
16415+
16416+struct drbg_hash_ctx_st
16417+ {
16418+ const EVP_MD *md;
16419+ EVP_MD_CTX mctx;
16420+ unsigned char V[HASH_PRNG_MAX_SEEDLEN];
16421+ unsigned char C[HASH_PRNG_MAX_SEEDLEN];
16422+ /* Temporary value storage: should always exceed max digest length */
16423+ unsigned char vtmp[HASH_PRNG_MAX_SEEDLEN];
16424+ };
16425+
16426+struct drbg_hmac_ctx_st
16427+ {
16428+ const EVP_MD *md;
16429+ HMAC_CTX hctx;
16430+ unsigned char K[EVP_MAX_MD_SIZE];
16431+ unsigned char V[EVP_MAX_MD_SIZE];
16432+ };
16433+
16434+struct drbg_ctr_ctx_st
16435+ {
16436+ AES_KEY ks;
16437+ size_t keylen;
16438+ unsigned char K[32];
16439+ unsigned char V[16];
16440+ /* Temp variables used by derivation function */
16441+ AES_KEY df_ks;
16442+ AES_KEY df_kxks;
16443+ /* Temporary block storage used by ctr_df */
16444+ unsigned char bltmp[16];
16445+ size_t bltmp_pos;
16446+ unsigned char KX[48];
16447+ };
16448+
16449+/* DRBG internal flags */
16450+
16451+/* Functions shouldn't call err library */
16452+#define DRBG_FLAG_NOERR 0x1
16453+/* Custom reseed checking */
16454+#define DRBG_CUSTOM_RESEED 0x2
16455+
16456+/* DRBG status values */
16457+/* not initialised */
16458+#define DRBG_STATUS_UNINITIALISED 0
16459+/* ok and ready to generate random bits */
16460+#define DRBG_STATUS_READY 1
16461+/* reseed required */
16462+#define DRBG_STATUS_RESEED 2
16463+/* fatal error condition */
16464+#define DRBG_STATUS_ERROR 3
16465+
16466+/* A default maximum length: larger than any reasonable value used in pratice */
16467+
16468+#define DRBG_MAX_LENGTH 0x7ffffff0
16469+/* Maximum DRBG block length: all md sizes are bigger than cipher blocks sizes
16470+ * so use max digest length.
16471+ */
16472+#define DRBG_MAX_BLOCK EVP_MAX_MD_SIZE
16473+
16474+#define DRBG_HEALTH_INTERVAL (1 << 24)
16475+
16476+/* DRBG context structure */
16477+
16478+struct drbg_ctx_st
16479+ {
16480+ /* First types common to all implementations */
16481+ /* DRBG type: a NID for the underlying algorithm */
16482+ int type;
16483+ /* Various external flags */
16484+ unsigned int xflags;
16485+ /* Various internal use only flags */
16486+ unsigned int iflags;
16487+ /* Used for periodic health checks */
16488+ int health_check_cnt, health_check_interval;
16489+
16490+ /* The following parameters are setup by mechanism drbg_init() call */
16491+ int strength;
16492+ size_t blocklength;
16493+ size_t max_request;
16494+
16495+ size_t min_entropy, max_entropy;
16496+ size_t min_nonce, max_nonce;
16497+ size_t max_pers, max_adin;
16498+ unsigned int reseed_counter;
16499+ unsigned int reseed_interval;
16500+ size_t seedlen;
16501+ int status;
16502+ /* Application data: typically used by test get_entropy */
16503+ void *app_data;
16504+ /* Implementation specific structures */
16505+ union
16506+ {
16507+ DRBG_HASH_CTX hash;
16508+ DRBG_HMAC_CTX hmac;
16509+ DRBG_CTR_CTX ctr;
16510+ } d;
16511+ /* Initialiase PRNG and setup callbacks below */
16512+ int (*init)(DRBG_CTX *ctx, int nid, int security, unsigned int flags);
16513+ /* Intantiate PRNG */
16514+ int (*instantiate)(DRBG_CTX *ctx,
16515+ const unsigned char *ent, size_t entlen,
16516+ const unsigned char *nonce, size_t noncelen,
16517+ const unsigned char *pers, size_t perslen);
16518+ /* reseed */
16519+ int (*reseed)(DRBG_CTX *ctx,
16520+ const unsigned char *ent, size_t entlen,
16521+ const unsigned char *adin, size_t adinlen);
16522+ /* generat output */
16523+ int (*generate)(DRBG_CTX *ctx,
16524+ unsigned char *out, size_t outlen,
16525+ const unsigned char *adin, size_t adinlen);
16526+ /* uninstantiate */
16527+ int (*uninstantiate)(DRBG_CTX *ctx);
16528+
16529+ /* Entropy source block length */
16530+ size_t entropy_blocklen;
16531+
16532+ /* entropy gathering function */
16533+ size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
16534+ int entropy, size_t min_len, size_t max_len);
16535+ /* Indicates we have finished with entropy buffer */
16536+ void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
16537+
16538+ /* nonce gathering function */
16539+ size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
16540+ int entropy, size_t min_len, size_t max_len);
16541+ /* Indicates we have finished with nonce buffer */
16542+ void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
16543+
16544+ /* Continuous random number test temporary area */
16545+ /* Last block */
16546+ unsigned char lb[EVP_MAX_MD_SIZE];
16547+ /* set if lb is valid */
16548+ int lb_valid;
16549+
16550+ /* Callbacks used when called through RAND interface */
16551+ /* Get any additional input for generate */
16552+ size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout);
16553+ void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
16554+ /* Callback for RAND_seed(), RAND_add() */
16555+ int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num);
16556+ int (*rand_add_cb)(DRBG_CTX *ctx,
16557+ const void *buf, int num, double entropy);
16558+ };
16559+
16560+
16561+int fips_drbg_ctr_init(DRBG_CTX *dctx);
16562+int fips_drbg_hash_init(DRBG_CTX *dctx);
16563+int fips_drbg_hmac_init(DRBG_CTX *dctx);
16564+int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags);
16565+int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out);
16566+
16567+const struct env_md_st *FIPS_get_digestbynid(int nid);
16568+
16569+const struct evp_cipher_st *FIPS_get_cipherbynid(int nid);
16570+
16571+#define FIPS_digestinit EVP_DigestInit
16572+#define FIPS_digestupdate EVP_DigestUpdate
16573+#define FIPS_digestfinal EVP_DigestFinal
16574+#define M_EVP_MD_size EVP_MD_size
a7ff9508
MT		 16575diff -up openssl-1.0.1b/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1b/crypto/fips/fips_rand_lib.c
16576--- openssl-1.0.1b/crypto/fips/fips_rand_lib.c.fips 2012-04-26 18:00:51.407769451 +0200
16577+++ openssl-1.0.1b/crypto/fips/fips_rand_lib.c 2012-04-26 18:00:51.407769451 +0200
0595faf5
MT		 16578@@ -0,0 +1,191 @@
16579+/* ====================================================================
16580+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
16581+ *
16582+ * Redistribution and use in source and binary forms, with or without
16583+ * modification, are permitted provided that the following conditions
16584+ * are met:
16585+ *
16586+ * 1. Redistributions of source code must retain the above copyright
16587+ * notice, this list of conditions and the following disclaimer.
16588+ *
16589+ * 2. Redistributions in binary form must reproduce the above copyright
16590+ * notice, this list of conditions and the following disclaimer in
16591+ * the documentation and/or other materials provided with the
16592+ * distribution.
16593+ *
16594+ * 3. All advertising materials mentioning features or use of this
16595+ * software must display the following acknowledgment:
16596+ * "This product includes software developed by the OpenSSL Project
16597+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
16598+ *
16599+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
16600+ * endorse or promote products derived from this software without
16601+ * prior written permission. For written permission, please contact
16602+ * openssl-core@openssl.org.
16603+ *
16604+ * 5. Products derived from this software may not be called "OpenSSL"
16605+ * nor may "OpenSSL" appear in their names without prior written
16606+ * permission of the OpenSSL Project.
16607+ *
16608+ * 6. Redistributions of any form whatsoever must retain the following
16609+ * acknowledgment:
16610+ * "This product includes software developed by the OpenSSL Project
16611+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
16612+ *
16613+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
16614+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16615+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16616+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
16617+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
16618+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
16619+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
16620+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
16621+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16622+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
16623+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
16624+ * OF THE POSSIBILITY OF SUCH DAMAGE.
16625+ *
16626+ */
16627+
16628+#include <openssl/crypto.h>
16629+#include <openssl/rand.h>
16630+#include <openssl/err.h>
16631+#include <openssl/fips.h>
16632+#include <openssl/fips_rand.h>
16633+#include "e_os.h"
16634+
16635+/* FIPS API for PRNG use. Similar to RAND functionality but without
16636+ * ENGINE and additional checking for non-FIPS rand methods.
16637+ */
16638+
16639+static const RAND_METHOD *fips_rand_meth = NULL;
16640+static int fips_approved_rand_meth = 0;
16641+static int fips_rand_bits = 0;
16642+
16643+/* Allows application to override number of bits and uses non-FIPS methods */
16644+void FIPS_rand_set_bits(int nbits)
16645+ {
16646+ fips_rand_bits = nbits;
16647+ }
16648+
16649+int FIPS_rand_set_method(const RAND_METHOD *meth)
16650+ {
16651+ if (!fips_rand_bits)
16652+ {
16653+ if (meth == FIPS_drbg_method())
16654+ fips_approved_rand_meth = 1;
16655+ else if (meth == FIPS_x931_method())
16656+ fips_approved_rand_meth = 2;
16657+ else
16658+ {
16659+ fips_approved_rand_meth = 0;
16660+ if (FIPS_module_mode())
16661+ {
16662+ FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD,
16663+ FIPS_R_NON_FIPS_METHOD);
16664+ return 0;
16665+ }
16666+ }
16667+ }
16668+ fips_rand_meth = meth;
16669+ return 1;
16670+ }
16671+
16672+const RAND_METHOD *FIPS_rand_get_method(void)
16673+ {
16674+ return fips_rand_meth;
16675+ }
16676+
16677+const RAND_METHOD *FIPS_rand_method(void)
16678+ {
16679+ return FIPS_rand_get_method();
16680+ }
16681+
16682+void FIPS_rand_reset(void)
16683+ {
16684+ if (fips_rand_meth && fips_rand_meth->cleanup)
16685+ fips_rand_meth->cleanup();
16686+ }
16687+
16688+int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num)
16689+ {
16690+ if (!fips_approved_rand_meth && FIPS_module_mode())
16691+ {
16692+ FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
16693+ return 0;
16694+ }
16695+ if (fips_rand_meth && fips_rand_meth->seed)
16696+ fips_rand_meth->seed(buf,num);
16697+ return 1;
16698+ }
16699+
16700+void FIPS_rand_add(const void *buf, int num, double entropy)
16701+ {
16702+ if (!fips_approved_rand_meth && FIPS_module_mode())
16703+ {
16704+ FIPSerr(FIPS_F_FIPS_RAND_ADD, FIPS_R_NON_FIPS_METHOD);
16705+ return;
16706+ }
16707+ if (fips_rand_meth && fips_rand_meth->add)
16708+ fips_rand_meth->add(buf,num,entropy);
16709+ }
16710+
16711+int FIPS_rand_bytes(unsigned char *buf, FIPS_RAND_SIZE_T num)
16712+ {
16713+ if (!fips_approved_rand_meth && FIPS_module_mode())
16714+ {
16715+ FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
16716+ return 0;
16717+ }
16718+ if (fips_rand_meth && fips_rand_meth->bytes)
16719+ return fips_rand_meth->bytes(buf,num);
16720+ return 0;
16721+ }
16722+
16723+int FIPS_rand_pseudo_bytes(unsigned char *buf, int num)
16724+ {
16725+ if (!fips_approved_rand_meth && FIPS_module_mode())
16726+ {
16727+ FIPSerr(FIPS_F_FIPS_RAND_PSEUDO_BYTES, FIPS_R_NON_FIPS_METHOD);
16728+ return 0;
16729+ }
16730+ if (fips_rand_meth && fips_rand_meth->pseudorand)
16731+ return fips_rand_meth->pseudorand(buf,num);
16732+ return -1;
16733+ }
16734+
16735+int FIPS_rand_status(void)
16736+ {
16737+ if (!fips_approved_rand_meth && FIPS_module_mode())
16738+ {
16739+ FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
16740+ return 0;
16741+ }
16742+ if (fips_rand_meth && fips_rand_meth->status)
16743+ return fips_rand_meth->status();
16744+ return 0;
16745+ }
16746+
16747+/* Return instantiated strength of PRNG. For DRBG this is an internal
16748+ * parameter. For X9.31 PRNG it is 80 bits (from SP800-131). Any other
16749+ * type of PRNG is not approved and returns 0 in FIPS mode and maximum
16750+ * 256 outside FIPS mode.
16751+ */
16752+
16753+int FIPS_rand_strength(void)
16754+ {
16755+ if (fips_rand_bits)
16756+ return fips_rand_bits;
16757+ if (fips_approved_rand_meth == 1)
16758+ return FIPS_drbg_get_strength(FIPS_get_default_drbg());
16759+ else if (fips_approved_rand_meth == 2)
16760+ return 80;
16761+ else if (fips_approved_rand_meth == 0)
16762+ {
16763+ if (FIPS_module_mode())
16764+ return 0;
16765+ else
16766+ return 256;
16767+ }
16768+ return 0;
16769+ }
a7ff9508
MT		 16770diff -up openssl-1.0.1b/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_rand_selftest.c
16771--- openssl-1.0.1b/crypto/fips/fips_rand_selftest.c.fips 2012-04-26 18:00:51.407769451 +0200
16772+++ openssl-1.0.1b/crypto/fips/fips_rand_selftest.c 2012-04-26 18:00:51.407769451 +0200
0595faf5
MT		 16773@@ -0,0 +1,183 @@
16774+/* ====================================================================
16775+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
16776+ *
16777+ * Redistribution and use in source and binary forms, with or without
16778+ * modification, are permitted provided that the following conditions
16779+ * are met:
16780+ *
16781+ * 1. Redistributions of source code must retain the above copyright
16782+ * notice, this list of conditions and the following disclaimer.
16783+ *
16784+ * 2. Redistributions in binary form must reproduce the above copyright
16785+ * notice, this list of conditions and the following disclaimer in
16786+ * the documentation and/or other materials provided with the
16787+ * distribution.
16788+ *
16789+ * 3. All advertising materials mentioning features or use of this
16790+ * software must display the following acknowledgment:
16791+ * "This product includes software developed by the OpenSSL Project
16792+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
16793+ *
16794+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
16795+ * endorse or promote products derived from this software without
16796+ * prior written permission. For written permission, please contact
16797+ * openssl-core@openssl.org.
16798+ *
16799+ * 5. Products derived from this software may not be called "OpenSSL"
16800+ * nor may "OpenSSL" appear in their names without prior written
16801+ * permission of the OpenSSL Project.
16802+ *
16803+ * 6. Redistributions of any form whatsoever must retain the following
16804+ * acknowledgment:
16805+ * "This product includes software developed by the OpenSSL Project
16806+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
16807+ *
16808+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
16809+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16810+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16811+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
16812+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
16813+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
16814+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
16815+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
16816+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16817+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
16818+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
16819+ * OF THE POSSIBILITY OF SUCH DAMAGE.
16820+ *
16821+ */
16822+
16823+#include <string.h>
16824+#include <openssl/err.h>
16825+#include <openssl/fips.h>
16826+#include <openssl/rand.h>
16827+#include <openssl/fips_rand.h>
16828+#include "fips_locl.h"
16829+
16830+#ifdef OPENSSL_FIPS
16831+
16832+
16833+
16834+typedef struct
16835+ {
16836+ unsigned char DT[16];
16837+ unsigned char V[16];
16838+ unsigned char R[16];
16839+ } AES_PRNG_TV;
16840+
16841+/* The following test vectors are taken directly from the RGNVS spec */
16842+
16843+static unsigned char aes_128_key[16] =
16844+ {0xf3,0xb1,0x66,0x6d,0x13,0x60,0x72,0x42,
16845+ 0xed,0x06,0x1c,0xab,0xb8,0xd4,0x62,0x02};
16846+
16847+static AES_PRNG_TV aes_128_tv =
16848+ {
16849+ /* DT */
16850+ {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
16851+ 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xf9},
16852+ /* V */
16853+ {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
16854+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
16855+ /* R */
16856+ {0x59,0x53,0x1e,0xd1,0x3b,0xb0,0xc0,0x55,
16857+ 0x84,0x79,0x66,0x85,0xc1,0x2f,0x76,0x41}
16858+ };
16859+
16860+static unsigned char aes_192_key[24] =
16861+ {0x15,0xd8,0x78,0x0d,0x62,0xd3,0x25,0x6e,
16862+ 0x44,0x64,0x10,0x13,0x60,0x2b,0xa9,0xbc,
16863+ 0x4a,0xfb,0xca,0xeb,0x4c,0x8b,0x99,0x3b};
16864+
16865+static AES_PRNG_TV aes_192_tv =
16866+ {
16867+ /* DT */
16868+ {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
16869+ 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4b},
16870+ /* V */
16871+ {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
16872+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
16873+ /* R */
16874+ {0x17,0x07,0xd5,0x28,0x19,0x79,0x1e,0xef,
16875+ 0xa5,0x0c,0xbf,0x25,0xe5,0x56,0xb4,0x93}
16876+ };
16877+
16878+static unsigned char aes_256_key[32] =
16879+ {0x6d,0x14,0x06,0x6c,0xb6,0xd8,0x21,0x2d,
16880+ 0x82,0x8d,0xfa,0xf2,0x7a,0x03,0xb7,0x9f,
16881+ 0x0c,0xc7,0x3e,0xcd,0x76,0xeb,0xee,0xb5,
16882+ 0x21,0x05,0x8c,0x4f,0x31,0x7a,0x80,0xbb};
16883+
16884+static AES_PRNG_TV aes_256_tv =
16885+ {
16886+ /* DT */
16887+ {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
16888+ 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x88},
16889+ /* V */
16890+ {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
16891+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
16892+ /* R */
16893+ {0x35,0xc7,0xef,0xa7,0x78,0x4d,0x29,0xbc,
16894+ 0x82,0x79,0x99,0xfb,0xd0,0xb3,0x3b,0x72}
16895+ };
16896+
16897+void FIPS_corrupt_rng()
16898+ {
16899+ aes_192_tv.V[0]++;
16900+ }
16901+
16902+#define fips_x931_test(key, tv) \
16903+ do_x931_test(key, sizeof key, &tv)
16904+
16905+static int do_x931_test(unsigned char *key, int keylen,
16906+ AES_PRNG_TV *tv)
16907+ {
16908+ unsigned char R[16], V[16];
16909+ int rv = 1;
16910+ memcpy(V, tv->V, sizeof(V));
16911+ if (!FIPS_x931_set_key(key, keylen))
16912+ return 0;
16913+ if (!fips_post_started(FIPS_TEST_X931, keylen, NULL))
16914+ return 1;
16915+ if (!fips_post_corrupt(FIPS_TEST_X931, keylen, NULL))
16916+ V[0]++;
16917+ FIPS_x931_seed(V, 16);
16918+ FIPS_x931_set_dt(tv->DT);
16919+ FIPS_x931_bytes(R, 16);
16920+ if (memcmp(R, tv->R, 16))
16921+ {
16922+ fips_post_failed(FIPS_TEST_X931, keylen, NULL);
16923+ rv = 0;
16924+ }
16925+ else if (!fips_post_success(FIPS_TEST_X931, keylen, NULL))
16926+ return 0;
16927+ return rv;
16928+ }
16929+
16930+int FIPS_selftest_x931()
16931+ {
16932+ int rv = 1;
16933+ FIPS_x931_reset();
16934+ if (!FIPS_x931_test_mode())
16935+ {
16936+ FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
16937+ return 0;
16938+ }
16939+ if (!fips_x931_test(aes_128_key,aes_128_tv))
16940+ rv = 0;
16941+ if (!fips_x931_test(aes_192_key, aes_192_tv))
16942+ rv = 0;
16943+ if (!fips_x931_test(aes_256_key, aes_256_tv))
16944+ rv = 0;
16945+ FIPS_x931_reset();
16946+ if (!rv)
16947+ FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
16948+ return rv;
16949+ }
16950+
16951+int FIPS_selftest_rng(void)
16952+ {
16953+ return FIPS_selftest_x931();
16954+ }
16955+
16956+#endif
a7ff9508
MT		 16957diff -up openssl-1.0.1b/crypto/fips/fips_randtest.c.fips openssl-1.0.1b/crypto/fips/fips_randtest.c
16958--- openssl-1.0.1b/crypto/fips/fips_randtest.c.fips 2012-04-26 18:00:51.407769451 +0200
16959+++ openssl-1.0.1b/crypto/fips/fips_randtest.c 2012-04-26 18:00:51.407769451 +0200
0595faf5
MT		 16960@@ -0,0 +1,250 @@
16961+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
16962+ * All rights reserved.
16963+ *
16964+ * This package is an SSL implementation written
16965+ * by Eric Young (eay@cryptsoft.com).
16966+ * The implementation was written so as to conform with Netscapes SSL.
16967+ *
16968+ * This library is free for commercial and non-commercial use as long as
16969+ * the following conditions are aheared to. The following conditions
16970+ * apply to all code found in this distribution, be it the RC4, RSA,
16971+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
16972+ * included with this distribution is covered by the same copyright terms
16973+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16974+ *
16975+ * Copyright remains Eric Young's, and as such any Copyright notices in
16976+ * the code are not to be removed.
16977+ * If this package is used in a product, Eric Young should be given attribution
16978+ * as the author of the parts of the library used.
16979+ * This can be in the form of a textual message at program startup or
16980+ * in documentation (online or textual) provided with the package.
16981+ *
16982+ * Redistribution and use in source and binary forms, with or without
16983+ * modification, are permitted provided that the following conditions
16984+ * are met:
16985+ * 1. Redistributions of source code must retain the copyright
16986+ * notice, this list of conditions and the following disclaimer.
16987+ * 2. Redistributions in binary form must reproduce the above copyright
16988+ * notice, this list of conditions and the following disclaimer in the
16989+ * documentation and/or other materials provided with the distribution.
16990+ * 3. All advertising materials mentioning features or use of this software
16991+ * must display the following acknowledgement:
16992+ * "This product includes cryptographic software written by
16993+ * Eric Young (eay@cryptsoft.com)"
16994+ * The word 'cryptographic' can be left out if the rouines from the library
16995+ * being used are not cryptographic related :-).
16996+ * 4. If you include any Windows specific code (or a derivative thereof) from
16997+ * the apps directory (application code) you must include an acknowledgement:
16998+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
16999+ *
17000+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
17001+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17002+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17003+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17004+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
17005+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
17006+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17007+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
17008+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
17009+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
17010+ * SUCH DAMAGE.
17011+ *
17012+ * The licence and distribution terms for any publically available version or
17013+ * derivative of this code cannot be changed. i.e. this code cannot simply be
17014+ * copied and put under another distribution licence
17015+ * [including the GNU Public Licence.]
17016+ */
17017+/* ====================================================================
17018+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
17019+ *
17020+ * Redistribution and use in source and binary forms, with or without
17021+ * modification, are permitted provided that the following conditions
17022+ * are met:
17023+ *
17024+ * 1. Redistributions of source code must retain the above copyright
17025+ * notice, this list of conditions and the following disclaimer.
17026+ *
17027+ * 2. Redistributions in binary form must reproduce the above copyright
17028+ * notice, this list of conditions and the following disclaimer in
17029+ * the documentation and/or other materials provided with the
17030+ * distribution.
17031+ *
17032+ * 3. All advertising materials mentioning features or use of this
17033+ * software must display the following acknowledgment:
17034+ * "This product includes software developed by the OpenSSL Project
17035+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
17036+ *
17037+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
17038+ * endorse or promote products derived from this software without
17039+ * prior written permission. For written permission, please contact
17040+ * openssl-core@openssl.org.
17041+ *
17042+ * 5. Products derived from this software may not be called "OpenSSL"
17043+ * nor may "OpenSSL" appear in their names without prior written
17044+ * permission of the OpenSSL Project.
17045+ *
17046+ * 6. Redistributions of any form whatsoever must retain the following
17047+ * acknowledgment:
17048+ * "This product includes software developed by the OpenSSL Project
17049+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
17050+ *
17051+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
17052+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17053+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
17054+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
17055+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
17056+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
17057+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
17058+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17059+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
17060+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
17061+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
17062+ * OF THE POSSIBILITY OF SUCH DAMAGE.
17063+ *
17064+ */
17065+
17066+#include <stdio.h>
17067+#include <stdlib.h>
17068+#include <string.h>
17069+#include <ctype.h>
17070+#include <openssl/rand.h>
17071+#include <openssl/fips_rand.h>
17072+#include <openssl/err.h>
17073+#include <openssl/bn.h>
17074+
17075+#include "e_os.h"
17076+
17077+#ifndef OPENSSL_FIPS
17078+int main(int argc, char *argv[])
17079+{
17080+ printf("No FIPS RAND support\n");
17081+ return(0);
17082+}
17083+
17084+#else
17085+
17086+#include "fips_utl.h"
17087+#include <openssl/fips.h>
17088+
17089+typedef struct
17090+ {
17091+ unsigned char DT[16];
17092+ unsigned char V[16];
17093+ unsigned char R[16];
17094+ } AES_PRNG_MCT;
17095+
17096+static const unsigned char aes_128_mct_key[16] =
17097+ {0x9f,0x5b,0x51,0x20,0x0b,0xf3,0x34,0xb5,
17098+ 0xd8,0x2b,0xe8,0xc3,0x72,0x55,0xc8,0x48};
17099+
17100+static const AES_PRNG_MCT aes_128_mct_tv = {
17101+ /* DT */
17102+ {0x63,0x76,0xbb,0xe5,0x29,0x02,0xba,0x3b,
17103+ 0x67,0xc9,0x25,0xfa,0x70,0x1f,0x11,0xac},
17104+ /* V */
17105+ {0x57,0x2c,0x8e,0x76,0x87,0x26,0x47,0x97,
17106+ 0x7e,0x74,0xfb,0xdd,0xc4,0x95,0x01,0xd1},
17107+ /* R */
17108+ {0x48,0xe9,0xbd,0x0d,0x06,0xee,0x18,0xfb,
17109+ 0xe4,0x57,0x90,0xd5,0xc3,0xfc,0x9b,0x73}
17110+};
17111+
17112+static const unsigned char aes_192_mct_key[24] =
17113+ {0xb7,0x6c,0x34,0xd1,0x09,0x67,0xab,0x73,
17114+ 0x4d,0x5a,0xd5,0x34,0x98,0x16,0x0b,0x91,
17115+ 0xbc,0x35,0x51,0x16,0x6b,0xae,0x93,0x8a};
17116+
17117+static const AES_PRNG_MCT aes_192_mct_tv = {
17118+ /* DT */
17119+ {0x84,0xce,0x22,0x7d,0x91,0x5a,0xa3,0xc9,
17120+ 0x84,0x3c,0x0a,0xb3,0xa9,0x63,0x15,0x52},
17121+ /* V */
17122+ {0xb6,0xaf,0xe6,0x8f,0x99,0x9e,0x90,0x64,
17123+ 0xdd,0xc7,0x7a,0xc1,0xbb,0x90,0x3a,0x6d},
17124+ /* R */
17125+ {0xfc,0x85,0x60,0x9a,0x29,0x6f,0xef,0x21,
17126+ 0xdd,0x86,0x20,0x32,0x8a,0x29,0x6f,0x47}
17127+};
17128+
17129+static const unsigned char aes_256_mct_key[32] =
17130+ {0x9b,0x05,0xc8,0x68,0xff,0x47,0xf8,0x3a,
17131+ 0xa6,0x3a,0xa8,0xcb,0x4e,0x71,0xb2,0xe0,
17132+ 0xb8,0x7e,0xf1,0x37,0xb6,0xb4,0xf6,0x6d,
17133+ 0x86,0x32,0xfc,0x1f,0x5e,0x1d,0x1e,0x50};
17134+
17135+static const AES_PRNG_MCT aes_256_mct_tv = {
17136+ /* DT */
17137+ {0x31,0x6e,0x35,0x9a,0xb1,0x44,0xf0,0xee,
17138+ 0x62,0x6d,0x04,0x46,0xe0,0xa3,0x92,0x4c},
17139+ /* V */
17140+ {0x4f,0xcd,0xc1,0x87,0x82,0x1f,0x4d,0xa1,
17141+ 0x3e,0x0e,0x56,0x44,0x59,0xe8,0x83,0xca},
17142+ /* R */
17143+ {0xc8,0x87,0xc2,0x61,0x5b,0xd0,0xb9,0xe1,
17144+ 0xe7,0xf3,0x8b,0xd7,0x5b,0xd5,0xf1,0x8d}
17145+};
17146+
17147+static void dump(const unsigned char *b,int n)
17148+ {
17149+ while(n-- > 0)
17150+ {
17151+ printf(" %02x",*b++);
17152+ }
17153+ }
17154+
17155+static void compare(const unsigned char *result,const unsigned char *expected,
17156+ int n)
17157+ {
17158+ int i;
17159+
17160+ for(i=0 ; i < n ; ++i)
17161+ if(result[i] != expected[i])
17162+ {
17163+ puts("Random test failed, got:");
17164+ dump(result,n);
17165+ puts("\n expected:");
17166+ dump(expected,n);
17167+ putchar('\n');
17168+ EXIT(1);
17169+ }
17170+ }
17171+
17172+
17173+static void run_test(const unsigned char *key, int keylen,
17174+ const AES_PRNG_MCT *tv)
17175+ {
17176+ unsigned char buf[16], dt[16];
17177+ int i, j;
17178+ FIPS_x931_reset();
17179+ FIPS_x931_test_mode();
17180+ FIPS_x931_set_key(key, keylen);
17181+ FIPS_x931_seed(tv->V, 16);
17182+ memcpy(dt, tv->DT, 16);
17183+ for (i = 0; i < 10000; i++)
17184+ {
17185+ FIPS_x931_set_dt(dt);
17186+ FIPS_x931_bytes(buf, 16);
17187+ /* Increment DT */
17188+ for (j = 15; j >= 0; j--)
17189+ {
17190+ dt[j]++;
17191+ if (dt[j])
17192+ break;
17193+ }
17194+ }
17195+
17196+ compare(buf,tv->R, 16);
17197+ }
17198+
17199+int main()
17200+ {
17201+ run_test(aes_128_mct_key, 16, &aes_128_mct_tv);
17202+ printf("FIPS PRNG test 1 done\n");
17203+ run_test(aes_192_mct_key, 24, &aes_192_mct_tv);
17204+ printf("FIPS PRNG test 2 done\n");
17205+ run_test(aes_256_mct_key, 32, &aes_256_mct_tv);
17206+ printf("FIPS PRNG test 3 done\n");
17207+ return 0;
17208+ }
17209+
17210+#endif
a7ff9508
MT		 17211diff -up openssl-1.0.1b/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_rsa_selftest.c
17212--- openssl-1.0.1b/crypto/fips/fips_rsa_selftest.c.fips 2012-04-26 18:00:51.407769451 +0200
17213+++ openssl-1.0.1b/crypto/fips/fips_rsa_selftest.c 2012-04-26 18:00:51.407769451 +0200
0595faf5
MT		 17214@@ -0,0 +1,444 @@
17215+/* ====================================================================
17216+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
17217+ *
17218+ * Redistribution and use in source and binary forms, with or without
17219+ * modification, are permitted provided that the following conditions
17220+ * are met:
17221+ *
17222+ * 1. Redistributions of source code must retain the above copyright
17223+ * notice, this list of conditions and the following disclaimer.
17224+ *
17225+ * 2. Redistributions in binary form must reproduce the above copyright
17226+ * notice, this list of conditions and the following disclaimer in
17227+ * the documentation and/or other materials provided with the
17228+ * distribution.
17229+ *
17230+ * 3. All advertising materials mentioning features or use of this
17231+ * software must display the following acknowledgment:
17232+ * "This product includes software developed by the OpenSSL Project
17233+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
17234+ *
17235+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
17236+ * endorse or promote products derived from this software without
17237+ * prior written permission. For written permission, please contact
17238+ * openssl-core@openssl.org.
17239+ *
17240+ * 5. Products derived from this software may not be called "OpenSSL"
17241+ * nor may "OpenSSL" appear in their names without prior written
17242+ * permission of the OpenSSL Project.
17243+ *
17244+ * 6. Redistributions of any form whatsoever must retain the following
17245+ * acknowledgment:
17246+ * "This product includes software developed by the OpenSSL Project
17247+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
17248+ *
17249+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
17250+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17251+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
17252+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
17253+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
17254+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
17255+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
17256+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17257+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
17258+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
17259+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
17260+ * OF THE POSSIBILITY OF SUCH DAMAGE.
17261+ *
17262+ */
17263+
17264+#include <string.h>
17265+#include <openssl/err.h>
17266+#ifdef OPENSSL_FIPS
17267+#include <openssl/fips.h>
17268+#endif
17269+#include <openssl/rsa.h>
17270+#include <openssl/evp.h>
17271+#include <openssl/bn.h>
17272+#include <openssl/opensslconf.h>
17273+
17274+#ifdef OPENSSL_FIPS
17275+
17276+static const unsigned char n[] =
17277+"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
17278+"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
17279+"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
17280+"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
17281+"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
17282+"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
17283+"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
17284+"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
17285+"\xCB";
17286+
17287+static int corrupt_rsa;
17288+
17289+static int setrsakey(RSA *key)
17290+ {
17291+ static const unsigned char e[] = "\x11";
17292+
17293+ static const unsigned char d[] =
17294+"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
17295+"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
17296+"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
17297+"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
17298+"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
17299+"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
17300+"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
17301+"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
17302+"\xC1";
17303+
17304+ static const unsigned char p[] =
17305+"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
17306+"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
17307+"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
17308+"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
17309+"\x99";
17310+
17311+ static const unsigned char q[] =
17312+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
17313+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
17314+"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
17315+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
17316+"\x03";
17317+
17318+ static const unsigned char dmp1[] =
17319+"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
17320+"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
17321+"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
17322+"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
17323+
17324+ static const unsigned char dmq1[] =
17325+"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
17326+"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
17327+"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
17328+"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
17329+
17330+ static const unsigned char iqmp[] =
17331+"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
17332+"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
17333+"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
17334+"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
17335+"\xF7";
17336+
17337+ key->n = BN_bin2bn(n, sizeof(n)-1, key->n);
17338+ if (corrupt_rsa)
17339+ BN_set_bit(key->n, 1024);
17340+ key->e = BN_bin2bn(e, sizeof(e)-1, key->e);
17341+ key->d = BN_bin2bn(d, sizeof(d)-1, key->d);
17342+ key->p = BN_bin2bn(p, sizeof(p)-1, key->p);
17343+ key->q = BN_bin2bn(q, sizeof(q)-1, key->q);
17344+ key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1);
17345+ key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1);
17346+ key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp);
17347+ return 1;
17348+ }
17349+
17350+void FIPS_corrupt_rsa()
17351+ {
17352+ corrupt_rsa = 1;
17353+ }
17354+
17355+/* Known Answer Test (KAT) data for the above RSA private key signing
17356+ * kat_tbs.
17357+ */
17358+
17359+static const unsigned char kat_tbs[] = "OpenSSL FIPS 140-2 Public Key RSA KAT";
17360+
17361+static const unsigned char kat_RSA_PSS_SHA1[] = {
17362+ 0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9, 0x46, 0xDA, 0x0F,
17363+ 0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D, 0xD2, 0x90, 0xBB,
17364+ 0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C, 0xB7, 0xF8, 0xD3,
17365+ 0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7, 0x83, 0xD5, 0x4C,
17366+ 0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51, 0x60, 0xD0, 0xA7,
17367+ 0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E, 0x3F, 0x9B, 0xF5,
17368+ 0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47, 0xF0, 0xC5, 0x45,
17369+ 0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F, 0xF8, 0xB7, 0x31,
17370+ 0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB, 0x9F, 0xBA, 0xE8,
17371+ 0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E, 0x20, 0x25, 0x84,
17372+ 0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9
17373+};
17374+
17375+static const unsigned char kat_RSA_PSS_SHA224[] = {
17376+ 0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF, 0xC5, 0x58, 0xA7,
17377+ 0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98, 0x08, 0x95, 0xFA,
17378+ 0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87, 0x7B, 0x1F, 0x57,
17379+ 0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55, 0x54, 0x1C, 0x89,
17380+ 0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC, 0x86, 0x05, 0xEE,
17381+ 0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64, 0x0B, 0xAB, 0x22,
17382+ 0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64, 0x62, 0xD1, 0xB5,
17383+ 0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA, 0x38, 0x24, 0x49,
17384+ 0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5, 0x03, 0xEA, 0x2D,
17385+ 0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF, 0x95, 0xC0, 0x00,
17386+ 0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0
17387+};
17388+
17389+static const unsigned char kat_RSA_PSS_SHA256[] = {
17390+ 0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0, 0x31, 0xE3, 0x89,
17391+ 0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25, 0x9A, 0xF3, 0x8F,
17392+ 0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D, 0x7D, 0x73, 0x28,
17393+ 0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3, 0x96, 0x73, 0x4E,
17394+ 0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D, 0x49, 0x47, 0x05,
17395+ 0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D, 0x6D, 0x26, 0xBA,
17396+ 0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A, 0xF3, 0xDA, 0xB6,
17397+ 0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F, 0x56, 0xCD, 0x9F,
17398+ 0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47, 0x12, 0xE4, 0x6D,
17399+ 0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E, 0x49, 0xB9, 0xF6,
17400+ 0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C
17401+};
17402+
17403+static const unsigned char kat_RSA_PSS_SHA384[] = {
17404+ 0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4, 0x31, 0xA8, 0xF2,
17405+ 0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57, 0x45, 0xCD, 0x5E,
17406+ 0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71, 0x44, 0x9A, 0xCD,
17407+ 0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F, 0x78, 0x23, 0x7F,
17408+ 0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31, 0xDC, 0x42, 0x6C,
17409+ 0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3, 0xAC, 0x4F, 0xFB,
17410+ 0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF, 0xD9, 0x3D, 0x2F,
17411+ 0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32, 0xAD, 0x42, 0x89,
17412+ 0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87, 0x1F, 0xCA, 0x6F,
17413+ 0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E, 0x60, 0xF4, 0x55,
17414+ 0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1
17415+};
17416+
17417+static const unsigned char kat_RSA_PSS_SHA512[] = {
17418+ 0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57, 0xAE, 0x63, 0x8C,
17419+ 0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F, 0x12, 0x53, 0x9A,
17420+ 0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51, 0xED, 0x9E, 0xDD,
17421+ 0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60, 0x79, 0x23, 0x39,
17422+ 0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67, 0x5F, 0xFE, 0xD7,
17423+ 0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D, 0x78, 0x55, 0x61,
17424+ 0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20, 0xB0, 0x85, 0x13,
17425+ 0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A, 0x6A, 0x39, 0x63,
17426+ 0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF, 0xF4, 0xA8, 0xFE,
17427+ 0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F, 0x80, 0xC2, 0x88,
17428+ 0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B
17429+};
17430+
17431+static const unsigned char kat_RSA_SHA1[] = {
17432+ 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C,
17433+ 0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B,
17434+ 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55, 0x77, 0x90, 0xCF,
17435+ 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8,
17436+ 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1,
17437+ 0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA,
17438+ 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E, 0xCA, 0x2E, 0x4E,
17439+ 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F,
17440+ 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F,
17441+ 0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95,
17442+ 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4
17443+};
17444+
17445+static const unsigned char kat_RSA_SHA224[] = {
17446+ 0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB, 0xB7, 0x15, 0xF9,
17447+ 0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0, 0xA9, 0x18, 0x8D,
17448+ 0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5, 0x1A, 0xC5, 0x89,
17449+ 0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30, 0x2C, 0x9E, 0xCD,
17450+ 0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6, 0x45, 0x41, 0xE5,
17451+ 0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E, 0x0B, 0xA9, 0xCC,
17452+ 0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84, 0x02, 0xC6, 0x3B,
17453+ 0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91, 0x28, 0x3E, 0xB2,
17454+ 0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0, 0x66, 0xE6, 0x35,
17455+ 0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77, 0x82, 0xE6, 0xDC,
17456+ 0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D
17457+};
17458+
17459+static const unsigned char kat_RSA_SHA256[] = {
17460+ 0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05, 0x17, 0xA5, 0x23,
17461+ 0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20, 0x7B, 0xAA, 0x23,
17462+ 0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE, 0xAD, 0x6F, 0x35,
17463+ 0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17, 0x58, 0xB2, 0x6E,
17464+ 0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A, 0x90, 0x2D, 0x18,
17465+ 0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58, 0x7A, 0x91, 0x30,
17466+ 0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF, 0xE2, 0x80, 0x3A,
17467+ 0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE, 0x81, 0xA6, 0x38,
17468+ 0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C, 0xEE, 0xD1, 0xDA,
17469+ 0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1, 0x90, 0x27, 0x90,
17470+ 0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A
17471+};
17472+
17473+static const unsigned char kat_RSA_SHA384[] = {
17474+ 0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27, 0xEF, 0xE6, 0x1F,
17475+ 0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63, 0x56, 0x47, 0xC7,
17476+ 0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA, 0xFA, 0x5D, 0x5C,
17477+ 0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D, 0xA9, 0xA6, 0x55,
17478+ 0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28, 0x7F, 0xB6, 0xCF,
17479+ 0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19, 0x2B, 0x30, 0xC2,
17480+ 0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2, 0x7D, 0xEB, 0x8C,
17481+ 0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F, 0x8B, 0x9C, 0xCD,
17482+ 0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0, 0x8F, 0x99, 0xF1,
17483+ 0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E, 0x37, 0xDC, 0x04,
17484+ 0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF
17485+};
17486+
17487+static const unsigned char kat_RSA_SHA512[] = {
17488+ 0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16, 0x51, 0x5D, 0xCF,
17489+ 0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40, 0xF8, 0xB2, 0x9A,
17490+ 0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82, 0x6B, 0x32, 0xF1,
17491+ 0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C, 0x54, 0x9F, 0xD8,
17492+ 0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6, 0x53, 0x62, 0xB5,
17493+ 0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4, 0x75, 0x92, 0x6B,
17494+ 0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B, 0x1D, 0x47, 0xE6,
17495+ 0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16, 0x63, 0x84, 0x05,
17496+ 0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64, 0x71, 0xE0, 0x2D,
17497+ 0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB, 0x98, 0x65, 0x91,
17498+ 0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84
17499+};
17500+
17501+static const unsigned char kat_RSA_X931_SHA1[] = {
17502+ 0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42, 0x45, 0x4D, 0xDF,
17503+ 0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD, 0xC4, 0xB2, 0x75,
17504+ 0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E, 0x14, 0xB8, 0xAC,
17505+ 0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04, 0xEE, 0xA9, 0x97,
17506+ 0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B, 0x38, 0xBE, 0xD6,
17507+ 0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1, 0x1A, 0x11, 0x19,
17508+ 0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63, 0x0C, 0x59, 0xD7,
17509+ 0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D, 0x24, 0x1C, 0x99,
17510+ 0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB, 0xEA, 0xED, 0x76,
17511+ 0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84, 0x1C, 0xB3, 0x67,
17512+ 0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49
17513+};
17514+
17515+static const unsigned char kat_RSA_X931_SHA256[] = {
17516+ 0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F, 0x64, 0x54, 0x89,
17517+ 0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58, 0x92, 0x1C, 0xDD,
17518+ 0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05, 0x95, 0x73, 0xCF,
17519+ 0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8, 0x7B, 0xC8, 0x9B,
17520+ 0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13, 0xB8, 0xF0, 0x4B,
17521+ 0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4, 0x38, 0x0E, 0x98,
17522+ 0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E, 0x59, 0x01, 0xEC,
17523+ 0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46, 0x8D, 0xA0, 0x8C,
17524+ 0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35, 0xA1, 0x42, 0xBD,
17525+ 0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86, 0xF0, 0x5B, 0xDC,
17526+ 0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80
17527+};
17528+
17529+static const unsigned char kat_RSA_X931_SHA384[] = {
17530+ 0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB, 0x7B, 0xEC, 0x7B,
17531+ 0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7, 0x39, 0x37, 0xCB,
17532+ 0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9, 0xBE, 0x2E, 0xE3,
17533+ 0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7, 0x4A, 0x63, 0xF6,
17534+ 0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99, 0x66, 0xEE, 0x31,
17535+ 0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E, 0x6D, 0x8D, 0xF1,
17536+ 0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0, 0x60, 0x41, 0x79,
17537+ 0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34, 0xD5, 0x7C, 0xFF,
17538+ 0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5, 0x12, 0x44, 0x35,
17539+ 0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5, 0xDC, 0xC6, 0x6D,
17540+ 0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28
17541+};
17542+
17543+static const unsigned char kat_RSA_X931_SHA512[] = {
17544+ 0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64, 0x3A, 0xC1, 0x63,
17545+ 0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1, 0xD9, 0xDA, 0xAC,
17546+ 0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05, 0x9E, 0x77, 0xD7,
17547+ 0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E, 0xF9, 0x14, 0x28,
17548+ 0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA, 0xC7, 0xF8, 0xC5,
17549+ 0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34, 0x53, 0xD2, 0xAF,
17550+ 0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10, 0xE0, 0xF6, 0xD0,
17551+ 0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F, 0x46, 0x5F, 0x09,
17552+ 0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04, 0x2D, 0xFB, 0x7C,
17553+ 0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11, 0x30, 0x71, 0x1B,
17554+ 0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
17555+};
17556+
17557+
17558+int FIPS_selftest_rsa()
17559+ {
17560+ int ret = 0;
17561+ RSA *key;
17562+ EVP_PKEY *pk = NULL;
17563+
17564+ if ((key=RSA_new()) == NULL)
17565+ goto err;
17566+ setrsakey(key);
17567+ if ((pk=EVP_PKEY_new()) == NULL)
17568+ goto err;
17569+
17570+ EVP_PKEY_assign_RSA(pk, key);
17571+
17572+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17573+ kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
17574+ EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1,
17575+ "RSA SHA1 PKCS#1"))
17576+ goto err;
17577+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17578+ kat_RSA_SHA224, sizeof(kat_RSA_SHA224),
17579+ EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PKCS1,
17580+ "RSA SHA224 PKCS#1"))
17581+ goto err;
17582+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17583+ kat_RSA_SHA256, sizeof(kat_RSA_SHA256),
17584+ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PKCS1,
17585+ "RSA SHA256 PKCS#1"))
17586+ goto err;
17587+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17588+ kat_RSA_SHA384, sizeof(kat_RSA_SHA384),
17589+ EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PKCS1,
17590+ "RSA SHA384 PKCS#1"))
17591+ goto err;
17592+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17593+ kat_RSA_SHA512, sizeof(kat_RSA_SHA512),
17594+ EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PKCS1,
17595+ "RSA SHA512 PKCS#1"))
17596+ goto err;
17597+
17598+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17599+ kat_RSA_PSS_SHA1, sizeof(kat_RSA_PSS_SHA1),
17600+ EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS,
17601+ "RSA SHA1 PSS"))
17602+ goto err;
17603+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17604+ kat_RSA_PSS_SHA224, sizeof(kat_RSA_PSS_SHA224),
17605+ EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PSS,
17606+ "RSA SHA224 PSS"))
17607+ goto err;
17608+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17609+ kat_RSA_PSS_SHA256, sizeof(kat_RSA_PSS_SHA256),
17610+ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PSS,
17611+ "RSA SHA256 PSS"))
17612+ goto err;
17613+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17614+ kat_RSA_PSS_SHA384, sizeof(kat_RSA_PSS_SHA384),
17615+ EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PSS,
17616+ "RSA SHA384 PSS"))
17617+ goto err;
17618+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17619+ kat_RSA_PSS_SHA512, sizeof(kat_RSA_PSS_SHA512),
17620+ EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PSS,
17621+ "RSA SHA512 PSS"))
17622+ goto err;
17623+
17624+
17625+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17626+ kat_RSA_X931_SHA1, sizeof(kat_RSA_X931_SHA1),
17627+ EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931,
17628+ "RSA SHA1 X931"))
17629+ goto err;
17630+ /* NB: SHA224 not supported in X9.31 */
17631+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17632+ kat_RSA_X931_SHA256, sizeof(kat_RSA_X931_SHA256),
17633+ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_X931,
17634+ "RSA SHA256 X931"))
17635+ goto err;
17636+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17637+ kat_RSA_X931_SHA384, sizeof(kat_RSA_X931_SHA384),
17638+ EVP_sha384(), EVP_MD_CTX_FLAG_PAD_X931,
17639+ "RSA SHA384 X931"))
17640+ goto err;
17641+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17642+ kat_RSA_X931_SHA512, sizeof(kat_RSA_X931_SHA512),
17643+ EVP_sha512(), EVP_MD_CTX_FLAG_PAD_X931,
17644+ "RSA SHA512 X931"))
17645+ goto err;
17646+
17647+
17648+ ret = 1;
17649+
17650+ err:
17651+ if (pk)
17652+ EVP_PKEY_free(pk);
17653+ else if (key)
17654+ RSA_free(key);
17655+ return ret;
17656+ }
17657+
17658+#endif /* def OPENSSL_FIPS */
a7ff9508
MT		 17659diff -up openssl-1.0.1b/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1b/crypto/fips/fips_rsa_x931g.c
17660--- openssl-1.0.1b/crypto/fips/fips_rsa_x931g.c.fips 2012-04-26 18:00:51.408769474 +0200
17661+++ openssl-1.0.1b/crypto/fips/fips_rsa_x931g.c 2012-04-26 18:00:51.408769474 +0200
0595faf5
MT		 17662@@ -0,0 +1,282 @@
17663+/* crypto/rsa/rsa_gen.c */
17664+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
17665+ * All rights reserved.
17666+ *
17667+ * This package is an SSL implementation written
17668+ * by Eric Young (eay@cryptsoft.com).
17669+ * The implementation was written so as to conform with Netscapes SSL.
17670+ *
17671+ * This library is free for commercial and non-commercial use as long as
17672+ * the following conditions are aheared to. The following conditions
17673+ * apply to all code found in this distribution, be it the RC4, RSA,
17674+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
17675+ * included with this distribution is covered by the same copyright terms
17676+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
17677+ *
17678+ * Copyright remains Eric Young's, and as such any Copyright notices in
17679+ * the code are not to be removed.
17680+ * If this package is used in a product, Eric Young should be given attribution
17681+ * as the author of the parts of the library used.
17682+ * This can be in the form of a textual message at program startup or
17683+ * in documentation (online or textual) provided with the package.
17684+ *
17685+ * Redistribution and use in source and binary forms, with or without
17686+ * modification, are permitted provided that the following conditions
17687+ * are met:
17688+ * 1. Redistributions of source code must retain the copyright
17689+ * notice, this list of conditions and the following disclaimer.
17690+ * 2. Redistributions in binary form must reproduce the above copyright
17691+ * notice, this list of conditions and the following disclaimer in the
17692+ * documentation and/or other materials provided with the distribution.
17693+ * 3. All advertising materials mentioning features or use of this software
17694+ * must display the following acknowledgement:
17695+ * "This product includes cryptographic software written by
17696+ * Eric Young (eay@cryptsoft.com)"
17697+ * The word 'cryptographic' can be left out if the rouines from the library
17698+ * being used are not cryptographic related :-).
17699+ * 4. If you include any Windows specific code (or a derivative thereof) from
17700+ * the apps directory (application code) you must include an acknowledgement:
17701+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
17702+ *
17703+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
17704+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17705+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17706+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17707+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
17708+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
17709+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17710+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
17711+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
17712+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
17713+ * SUCH DAMAGE.
17714+ *
17715+ * The licence and distribution terms for any publically available version or
17716+ * derivative of this code cannot be changed. i.e. this code cannot simply be
17717+ * copied and put under another distribution licence
17718+ * [including the GNU Public Licence.]
17719+ */
17720+
17721+#include <stdio.h>
17722+#include <string.h>
17723+#include <time.h>
17724+#include <openssl/err.h>
17725+#include <openssl/bn.h>
17726+#include <openssl/rsa.h>
17727+#ifdef OPENSSL_FIPS
17728+#include <openssl/fips.h>
17729+
17730+extern int fips_check_rsa(RSA *rsa);
17731+#endif
17732+
17733+/* X9.31 RSA key derivation and generation */
17734+
17735+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
17736+ const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
17737+ const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
17738+ const BIGNUM *e, BN_GENCB *cb)
17739+ {
17740+ BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL;
17741+ BN_CTX *ctx=NULL,*ctx2=NULL;
17742+
17743+ if (!rsa)
17744+ goto err;
17745+
17746+ ctx = BN_CTX_new();
17747+ if (!ctx)
17748+ goto err;
17749+ BN_CTX_start(ctx);
17750+
17751+ r0 = BN_CTX_get(ctx);
17752+ r1 = BN_CTX_get(ctx);
17753+ r2 = BN_CTX_get(ctx);
17754+ r3 = BN_CTX_get(ctx);
17755+
17756+ if (r3 == NULL)
17757+ goto err;
17758+ if (!rsa->e)
17759+ {
17760+ rsa->e = BN_dup(e);
17761+ if (!rsa->e)
17762+ goto err;
17763+ }
17764+ else
17765+ e = rsa->e;
17766+
17767+ /* If not all parameters present only calculate what we can.
17768+ * This allows test programs to output selective parameters.
17769+ */
17770+
17771+ if (Xp && !rsa->p)
17772+ {
17773+ rsa->p = BN_new();
17774+ if (!rsa->p)
17775+ goto err;
17776+
17777+ if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
17778+ Xp, Xp1, Xp2, e, ctx, cb))
17779+ goto err;
17780+ }
17781+
17782+ if (Xq && !rsa->q)
17783+ {
17784+ rsa->q = BN_new();
17785+ if (!rsa->q)
17786+ goto err;
17787+ if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
17788+ Xq, Xq1, Xq2, e, ctx, cb))
17789+ goto err;
17790+ }
17791+
17792+ if (!rsa->p || !rsa->q)
17793+ {
17794+ BN_CTX_end(ctx);
17795+ BN_CTX_free(ctx);
17796+ return 2;
17797+ }
17798+
17799+ /* Since both primes are set we can now calculate all remaining
17800+ * components.
17801+ */
17802+
17803+ /* calculate n */
17804+ rsa->n=BN_new();
17805+ if (rsa->n == NULL)
17806+ goto err;
17807+ if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx))
17808+ goto err;
17809+
17810+ /* calculate d */
17811+ if (!BN_sub(r1,rsa->p,BN_value_one()))
17812+ goto err; /* p-1 */
17813+ if (!BN_sub(r2,rsa->q,BN_value_one()))
17814+ goto err; /* q-1 */
17815+ if (!BN_mul(r0,r1,r2,ctx))
17816+ goto err; /* (p-1)(q-1) */
17817+
17818+ if (!BN_gcd(r3, r1, r2, ctx))
17819+ goto err;
17820+
17821+ if (!BN_div(r0, NULL, r0, r3, ctx))
17822+ goto err; /* LCM((p-1)(q-1)) */
17823+
17824+ ctx2 = BN_CTX_new();
17825+ if (!ctx2)
17826+ goto err;
17827+
17828+ rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */
17829+ if (rsa->d == NULL)
17830+ goto err;
17831+
17832+ /* calculate d mod (p-1) */
17833+ rsa->dmp1=BN_new();
17834+ if (rsa->dmp1 == NULL)
17835+ goto err;
17836+ if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx))
17837+ goto err;
17838+
17839+ /* calculate d mod (q-1) */
17840+ rsa->dmq1=BN_new();
17841+ if (rsa->dmq1 == NULL)
17842+ goto err;
17843+ if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx))
17844+ goto err;
17845+
17846+ /* calculate inverse of q mod p */
17847+ rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
17848+
17849+ err:
17850+ if (ctx)
17851+ {
17852+ BN_CTX_end(ctx);
17853+ BN_CTX_free(ctx);
17854+ }
17855+ if (ctx2)
17856+ BN_CTX_free(ctx2);
17857+ /* If this is set all calls successful */
17858+ if (rsa && rsa->iqmp != NULL)
17859+ return 1;
17860+
17861+ return 0;
17862+
17863+ }
17864+
17865+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
17866+ {
17867+ int ok = 0;
17868+ BIGNUM *Xp = NULL, *Xq = NULL;
17869+ BN_CTX *ctx = NULL;
17870+
17871+#ifdef OPENSSL_FIPS
17872+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) &&
17873+ (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
17874+ {
17875+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT);
17876+ return 0;
17877+ }
17878+
17879+ if (bits & 0xff)
17880+ {
17881+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_INVALID_KEY_LENGTH);
17882+ return 0;
17883+ }
17884+
17885+ if(FIPS_selftest_failed())
17886+ {
17887+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST_FAILED);
17888+ return 0;
17889+ }
17890+#endif
17891+
17892+ ctx = BN_CTX_new();
17893+ if (!ctx)
17894+ goto error;
17895+
17896+ BN_CTX_start(ctx);
17897+ Xp = BN_CTX_get(ctx);
17898+ Xq = BN_CTX_get(ctx);
17899+ if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
17900+ goto error;
17901+
17902+ rsa->p = BN_new();
17903+ rsa->q = BN_new();
17904+ if (!rsa->p || !rsa->q)
17905+ goto error;
17906+
17907+ /* Generate two primes from Xp, Xq */
17908+
17909+ if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
17910+ e, ctx, cb))
17911+ goto error;
17912+
17913+ if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
17914+ e, ctx, cb))
17915+ goto error;
17916+
17917+ /* Since rsa->p and rsa->q are valid this call will just derive
17918+ * remaining RSA components.
17919+ */
17920+
17921+ if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
17922+ NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
17923+ goto error;
17924+
17925+#ifdef OPENSSL_FIPS
17926+ if(!fips_check_rsa(rsa))
17927+ goto error;
17928+#endif
17929+
17930+ ok = 1;
17931+
17932+ error:
17933+ if (ctx)
17934+ {
17935+ BN_CTX_end(ctx);
17936+ BN_CTX_free(ctx);
17937+ }
17938+
17939+ if (ok)
17940+ return 1;
17941+
17942+ return 0;
17943+
17944+ }
a7ff9508
MT		 17945diff -up openssl-1.0.1b/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_sha_selftest.c
17946--- openssl-1.0.1b/crypto/fips/fips_sha_selftest.c.fips 2012-04-26 18:00:51.408769474 +0200
17947+++ openssl-1.0.1b/crypto/fips/fips_sha_selftest.c 2012-04-26 18:00:51.408769474 +0200
0595faf5
MT		 17948@@ -0,0 +1,140 @@
17949+/* ====================================================================
17950+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
17951+ *
17952+ * Redistribution and use in source and binary forms, with or without
17953+ * modification, are permitted provided that the following conditions
17954+ * are met:
17955+ *
17956+ * 1. Redistributions of source code must retain the above copyright
17957+ * notice, this list of conditions and the following disclaimer.
17958+ *
17959+ * 2. Redistributions in binary form must reproduce the above copyright
17960+ * notice, this list of conditions and the following disclaimer in
17961+ * the documentation and/or other materials provided with the
17962+ * distribution.
17963+ *
17964+ * 3. All advertising materials mentioning features or use of this
17965+ * software must display the following acknowledgment:
17966+ * "This product includes software developed by the OpenSSL Project
17967+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
17968+ *
17969+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
17970+ * endorse or promote products derived from this software without
17971+ * prior written permission. For written permission, please contact
17972+ * openssl-core@openssl.org.
17973+ *
17974+ * 5. Products derived from this software may not be called "OpenSSL"
17975+ * nor may "OpenSSL" appear in their names without prior written
17976+ * permission of the OpenSSL Project.
17977+ *
17978+ * 6. Redistributions of any form whatsoever must retain the following
17979+ * acknowledgment:
17980+ * "This product includes software developed by the OpenSSL Project
17981+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
17982+ *
17983+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
17984+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17985+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
17986+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
17987+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
17988+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
17989+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
17990+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17991+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
17992+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
17993+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
17994+ * OF THE POSSIBILITY OF SUCH DAMAGE.
17995+ *
17996+ */
17997+
17998+#include <string.h>
17999+#include <openssl/err.h>
18000+#ifdef OPENSSL_FIPS
18001+#include <openssl/fips.h>
18002+#endif
18003+#include <openssl/evp.h>
18004+#include <openssl/sha.h>
18005+
18006+#ifdef OPENSSL_FIPS
18007+static const char test[][60]=
18008+ {
18009+ "",
18010+ "abc",
18011+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
18012+ };
18013+
18014+static const unsigned char ret[][SHA_DIGEST_LENGTH]=
18015+ {
18016+ { 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55,
18017+ 0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 },
18018+ { 0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
18019+ 0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d },
18020+ { 0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
18021+ 0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 },
18022+ };
18023+
18024+static int corrupt_sha;
18025+
18026+void FIPS_corrupt_sha1()
18027+ {
18028+ corrupt_sha = 1;
18029+ }
18030+
18031+int FIPS_selftest_sha1()
18032+ {
18033+ int n;
18034+
18035+ for(n=0 ; n<sizeof(test)/sizeof(test[0]) ; ++n)
18036+ {
18037+ unsigned char md[SHA_DIGEST_LENGTH];
18038+
18039+ EVP_Digest(test[n],strlen(test[n])+corrupt_sha,md, NULL, EVP_sha1(), NULL);
18040+ if(memcmp(md,ret[n],sizeof md))
18041+ {
18042+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED);
18043+ return 0;
18044+ }
18045+ }
18046+ return 1;
18047+ }
18048+
18049+static const unsigned char msg_sha256[] = { 0xfa, 0x48, 0x59, 0x2a, 0xe1, 0xae, 0x1f, 0x30,
18050+ 0xfc };
18051+static const unsigned char dig_sha256[] = { 0xf7, 0x26, 0xd8, 0x98, 0x47, 0x91, 0x68, 0x5b,
18052+ 0x9e, 0x39, 0xb2, 0x58, 0xbb, 0x75, 0xbf, 0x01,
18053+ 0x17, 0x0c, 0x84, 0x00, 0x01, 0x7a, 0x94, 0x83,
18054+ 0xf3, 0x0b, 0x15, 0x84, 0x4b, 0x69, 0x88, 0x8a };
18055+
18056+static const unsigned char msg_sha512[] = { 0x37, 0xd1, 0x35, 0x9d, 0x18, 0x41, 0xe9, 0xb7,
18057+ 0x6d, 0x9a, 0x13, 0xda, 0x5f, 0xf3, 0xbd };
18058+static const unsigned char dig_sha512[] = { 0x11, 0x13, 0xc4, 0x19, 0xed, 0x2b, 0x1d, 0x16,
18059+ 0x11, 0xeb, 0x9b, 0xbe, 0xf0, 0x7f, 0xcf, 0x44,
18060+ 0x8b, 0xd7, 0x57, 0xbd, 0x8d, 0xa9, 0x25, 0xb0,
18061+ 0x47, 0x25, 0xd6, 0x6c, 0x9a, 0x54, 0x7f, 0x8f,
18062+ 0x0b, 0x53, 0x1a, 0x10, 0x68, 0x32, 0x03, 0x38,
18063+ 0x82, 0xc4, 0x87, 0xc4, 0xea, 0x0e, 0xd1, 0x04,
18064+ 0xa9, 0x98, 0xc1, 0x05, 0xa3, 0xf3, 0xf8, 0xb1,
18065+ 0xaf, 0xbc, 0xd9, 0x78, 0x7e, 0xee, 0x3d, 0x43 };
18066+
18067+int FIPS_selftest_sha2(void)
18068+ {
18069+ unsigned char md[SHA512_DIGEST_LENGTH];
18070+
18071+ EVP_Digest(msg_sha256, sizeof(msg_sha256), md, NULL, EVP_sha256(), NULL);
18072+ if(memcmp(dig_sha256, md, sizeof(dig_sha256)))
18073+ {
18074+ FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED);
18075+ return 0;
18076+ }
18077+
18078+ EVP_Digest(msg_sha512, sizeof(msg_sha512), md, NULL, EVP_sha512(), NULL);
18079+ if(memcmp(dig_sha512, md, sizeof(dig_sha512)))
18080+ {
18081+ FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED);
18082+ return 0;
18083+ }
18084+
18085+ return 1;
18086+ }
18087+
18088+#endif
a7ff9508
MT		 18089diff -up openssl-1.0.1b/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1b/crypto/fips/fips_standalone_hmac.c
18090--- openssl-1.0.1b/crypto/fips/fips_standalone_hmac.c.fips 2012-04-26 18:00:51.408769474 +0200
18091+++ openssl-1.0.1b/crypto/fips/fips_standalone_hmac.c 2012-04-26 18:00:51.408769474 +0200
0595faf5
MT		 18092@@ -0,0 +1,180 @@
18093+/* ====================================================================
18094+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
18095+ *
18096+ * Redistribution and use in source and binary forms, with or without
18097+ * modification, are permitted provided that the following conditions
18098+ * are met:
18099+ *
18100+ * 1. Redistributions of source code must retain the above copyright
18101+ * notice, this list of conditions and the following disclaimer.
18102+ *
18103+ * 2. Redistributions in binary form must reproduce the above copyright
18104+ * notice, this list of conditions and the following disclaimer in
18105+ * the documentation and/or other materials provided with the
18106+ * distribution.
18107+ *
18108+ * 3. All advertising materials mentioning features or use of this
18109+ * software must display the following acknowledgment:
18110+ * "This product includes software developed by the OpenSSL Project
18111+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
18112+ *
18113+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
18114+ * endorse or promote products derived from this software without
18115+ * prior written permission. For written permission, please contact
18116+ * openssl-core@openssl.org.
18117+ *
18118+ * 5. Products derived from this software may not be called "OpenSSL"
18119+ * nor may "OpenSSL" appear in their names without prior written
18120+ * permission of the OpenSSL Project.
18121+ *
18122+ * 6. Redistributions of any form whatsoever must retain the following
18123+ * acknowledgment:
18124+ * "This product includes software developed by the OpenSSL Project
18125+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
18126+ *
18127+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
18128+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18129+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18130+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
18131+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
18132+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18133+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
18134+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
18135+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
18136+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
18137+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
18138+ * OF THE POSSIBILITY OF SUCH DAMAGE.
18139+ *
18140+ */
18141+
18142+#include <stdio.h>
18143+#include <stdlib.h>
18144+#include <string.h>
18145+#include <openssl/opensslconf.h>
18146+#include <openssl/sha.h>
18147+#include <openssl/hmac.h>
18148+
18149+#ifndef FIPSCANISTER_O
18150+int FIPS_selftest_failed() { return 0; }
18151+void FIPS_selftest_check() {}
18152+void OPENSSL_cleanse(void *p,size_t len) {}
18153+#endif
18154+
18155+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
18156+ defined(__INTEL__) || \
18157+ defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
18158+
18159+unsigned int OPENSSL_ia32cap_P[2];
18160+#endif
18161+
18162+#ifdef OPENSSL_FIPS
18163+
18164+static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
18165+ const char *key)
18166+ {
18167+ size_t len=strlen(key);
18168+ int i;
18169+ unsigned char keymd[HMAC_MAX_MD_CBLOCK];
18170+ unsigned char pad[HMAC_MAX_MD_CBLOCK];
18171+
18172+ if (len > SHA_CBLOCK)
18173+ {
18174+ SHA256_Init(md_ctx);
18175+ SHA256_Update(md_ctx,key,len);
18176+ SHA256_Final(keymd,md_ctx);
18177+ len=SHA256_DIGEST_LENGTH;
18178+ }
18179+ else
18180+ memcpy(keymd,key,len);
18181+ memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len);
18182+
18183+ for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
18184+ pad[i]=0x36^keymd[i];
18185+ SHA256_Init(md_ctx);
18186+ SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
18187+
18188+ for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
18189+ pad[i]=0x5c^keymd[i];
18190+ SHA256_Init(o_ctx);
18191+ SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
18192+ }
18193+
18194+static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
18195+ {
18196+ unsigned char buf[SHA256_DIGEST_LENGTH];
18197+
18198+ SHA256_Final(buf,md_ctx);
18199+ SHA256_Update(o_ctx,buf,sizeof buf);
18200+ SHA256_Final(md,o_ctx);
18201+ }
18202+
18203+#endif
18204+
18205+int main(int argc,char **argv)
18206+ {
18207+#ifdef OPENSSL_FIPS
18208+ static char key[]="orboDeJITITejsirpADONivirpUkvarP";
18209+ int n,binary=0;
18210+
18211+ if(argc < 2)
18212+ {
18213+ fprintf(stderr,"%s [<file>]+\n",argv[0]);
18214+ exit(1);
18215+ }
18216+
18217+ n=1;
18218+ if (!strcmp(argv[n],"-binary"))
18219+ {
18220+ n++;
18221+ binary=1; /* emit binary fingerprint... */
18222+ }
18223+
18224+ for(; n < argc ; ++n)
18225+ {
18226+ FILE *f=fopen(argv[n],"rb");
18227+ SHA256_CTX md_ctx,o_ctx;
18228+ unsigned char md[SHA256_DIGEST_LENGTH];
18229+ int i;
18230+
18231+ if(!f)
18232+ {
18233+ perror(argv[n]);
18234+ exit(2);
18235+ }
18236+
18237+ hmac_init(&md_ctx,&o_ctx,key);
18238+ for( ; ; )
18239+ {
18240+ char buf[1024];
18241+ size_t l=fread(buf,1,sizeof buf,f);
18242+
18243+ if(l == 0)
18244+ {
18245+ if(ferror(f))
18246+ {
18247+ perror(argv[n]);
18248+ exit(3);
18249+ }
18250+ else
18251+ break;
18252+ }
18253+ SHA256_Update(&md_ctx,buf,l);
18254+ }
18255+ hmac_final(md,&md_ctx,&o_ctx);
18256+
18257+ if (binary)
18258+ {
18259+ fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
18260+ break; /* ... for single(!) file */
18261+ }
18262+
18263+/* printf("HMAC-SHA1(%s)= ",argv[n]); */
18264+ for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
18265+ printf("%02x",md[i]);
18266+ printf("\n");
18267+ }
18268+#endif
18269+ return 0;
18270+ }
18271+
18272+
a7ff9508
MT		 18273diff -up openssl-1.0.1b/crypto/fips/fips_test_suite.c.fips openssl-1.0.1b/crypto/fips/fips_test_suite.c
18274--- openssl-1.0.1b/crypto/fips/fips_test_suite.c.fips 2012-04-26 18:00:51.408769474 +0200
18275+++ openssl-1.0.1b/crypto/fips/fips_test_suite.c 2012-04-26 18:00:51.408769474 +0200
0595faf5
MT		 18276@@ -0,0 +1,588 @@
18277+/* ====================================================================
18278+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
18279+ *
18280+ *
18281+ * This command is intended as a test driver for the FIPS-140 testing
18282+ * lab performing FIPS-140 validation. It demonstrates the use of the
18283+ * OpenSSL library ito perform a variety of common cryptographic
18284+ * functions. A power-up self test is demonstrated by deliberately
18285+ * pointing to an invalid executable hash
18286+ *
18287+ * Contributed by Steve Marquess.
18288+ *
18289+ */
18290+#include <stdio.h>
18291+#include <assert.h>
18292+#include <ctype.h>
18293+#include <string.h>
18294+#include <stdlib.h>
18295+#include <openssl/aes.h>
18296+#include <openssl/des.h>
18297+#include <openssl/rsa.h>
18298+#include <openssl/dsa.h>
18299+#include <openssl/dh.h>
18300+#include <openssl/hmac.h>
18301+#include <openssl/err.h>
18302+
18303+#include <openssl/bn.h>
18304+#include <openssl/rand.h>
18305+#include <openssl/sha.h>
18306+
18307+
18308+#ifndef OPENSSL_FIPS
18309+int main(int argc, char *argv[])
18310+ {
18311+ printf("No FIPS support\n");
18312+ return(0);
18313+ }
18314+#else
18315+
18316+#include <openssl/fips.h>
18317+#include "fips_utl.h"
18318+
18319+/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
18320+*/
18321+static int FIPS_aes_test(void)
18322+ {
18323+ int ret = 0;
18324+ unsigned char pltmp[16];
18325+ unsigned char citmp[16];
18326+ unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
18327+ unsigned char plaintext[16] = "etaonrishdlcu";
18328+ EVP_CIPHER_CTX ctx;
18329+ EVP_CIPHER_CTX_init(&ctx);
18330+ if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0)
18331+ goto err;
18332+ EVP_Cipher(&ctx, citmp, plaintext, 16);
18333+ if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0)
18334+ goto err;
18335+ EVP_Cipher(&ctx, pltmp, citmp, 16);
18336+ if (memcmp(pltmp, plaintext, 16))
18337+ goto err;
18338+ ret = 1;
18339+ err:
18340+ EVP_CIPHER_CTX_cleanup(&ctx);
18341+ return ret;
18342+ }
18343+
18344+static int FIPS_des3_test(void)
18345+ {
18346+ int ret = 0;
18347+ unsigned char pltmp[8];
18348+ unsigned char citmp[8];
18349+ unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
18350+ 19,20,21,22,23,24};
18351+ unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
18352+ EVP_CIPHER_CTX ctx;
18353+ EVP_CIPHER_CTX_init(&ctx);
18354+ if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 1) <= 0)
18355+ goto err;
18356+ EVP_Cipher(&ctx, citmp, plaintext, 8);
18357+ if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 0) <= 0)
18358+ goto err;
18359+ EVP_Cipher(&ctx, pltmp, citmp, 8);
18360+ if (memcmp(pltmp, plaintext, 8))
18361+ goto err;
18362+ ret = 1;
18363+ err:
18364+ EVP_CIPHER_CTX_cleanup(&ctx);
18365+ return ret;
18366+ }
18367+
18368+/*
18369+ * DSA: generate keys and sign, verify input plaintext.
18370+ */
18371+static int FIPS_dsa_test(int bad)
18372+ {
18373+ DSA *dsa = NULL;
18374+ EVP_PKEY pk;
18375+ unsigned char dgst[] = "etaonrishdlc";
18376+ unsigned char buf[60];
18377+ unsigned int slen;
18378+ int r = 0;
18379+ EVP_MD_CTX mctx;
18380+
18381+ ERR_clear_error();
18382+ EVP_MD_CTX_init(&mctx);
18383+ dsa = DSA_new();
18384+ if (!dsa)
18385+ goto end;
18386+ if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
18387+ goto end;
18388+ if (!DSA_generate_key(dsa))
18389+ goto end;
18390+ if (bad)
18391+ BN_add_word(dsa->pub_key, 1);
18392+
18393+ pk.type = EVP_PKEY_DSA;
18394+ pk.pkey.dsa = dsa;
18395+
18396+ if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
18397+ goto end;
18398+ if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))
18399+ goto end;
18400+ if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
18401+ goto end;
18402+
18403+ if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
18404+ goto end;
18405+ if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))
18406+ goto end;
18407+ r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
18408+ end:
18409+ EVP_MD_CTX_cleanup(&mctx);
18410+ if (dsa)
18411+ DSA_free(dsa);
18412+ if (r != 1)
18413+ return 0;
18414+ return 1;
18415+ }
18416+
18417+/*
18418+ * RSA: generate keys and sign, verify input plaintext.
18419+ */
18420+static int FIPS_rsa_test(int bad)
18421+ {
18422+ RSA *key;
18423+ unsigned char input_ptext[] = "etaonrishdlc";
18424+ unsigned char buf[256];
18425+ unsigned int slen;
18426+ BIGNUM *bn;
18427+ EVP_MD_CTX mctx;
18428+ EVP_PKEY pk;
18429+ int r = 0;
18430+
18431+ ERR_clear_error();
18432+ EVP_MD_CTX_init(&mctx);
18433+ key = RSA_new();
18434+ bn = BN_new();
18435+ if (!key || !bn)
18436+ return 0;
18437+ BN_set_word(bn, 65537);
18438+ if (!RSA_generate_key_ex(key, 1024,bn,NULL))
18439+ return 0;
18440+ BN_free(bn);
18441+ if (bad)
18442+ BN_add_word(key->n, 1);
18443+
18444+ pk.type = EVP_PKEY_RSA;
18445+ pk.pkey.rsa = key;
18446+
18447+ if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))
18448+ goto end;
18449+ if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
18450+ goto end;
18451+ if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
18452+ goto end;
18453+
18454+ if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))
18455+ goto end;
18456+ if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
18457+ goto end;
18458+ r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
18459+ end:
18460+ EVP_MD_CTX_cleanup(&mctx);
18461+ if (key)
18462+ RSA_free(key);
18463+ if (r != 1)
18464+ return 0;
18465+ return 1;
18466+ }
18467+
18468+/* SHA1: generate hash of known digest value and compare to known
18469+ precomputed correct hash
18470+*/
18471+static int FIPS_sha1_test()
18472+ {
18473+ unsigned char digest[SHA_DIGEST_LENGTH] =
18474+ { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
18475+ unsigned char str[] = "etaonrishd";
18476+
18477+ unsigned char md[SHA_DIGEST_LENGTH];
18478+
18479+ ERR_clear_error();
18480+ if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0;
18481+ if (memcmp(md,digest,sizeof(md)))
18482+ return 0;
18483+ return 1;
18484+ }
18485+
18486+/* SHA256: generate hash of known digest value and compare to known
18487+ precomputed correct hash
18488+*/
18489+static int FIPS_sha256_test()
18490+ {
18491+ unsigned char digest[SHA256_DIGEST_LENGTH] =
18492+ {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
18493+ 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
18494+ unsigned char str[] = "etaonrishd";
18495+
18496+ unsigned char md[SHA256_DIGEST_LENGTH];
18497+
18498+ ERR_clear_error();
18499+ if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha256(), NULL)) return 0;
18500+ if (memcmp(md,digest,sizeof(md)))
18501+ return 0;
18502+ return 1;
18503+ }
18504+
18505+/* SHA512: generate hash of known digest value and compare to known
18506+ precomputed correct hash
18507+*/
18508+static int FIPS_sha512_test()
18509+ {
18510+ unsigned char digest[SHA512_DIGEST_LENGTH] =
18511+ {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
18512+ 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
18513+ 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
18514+ 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
18515+ unsigned char str[] = "etaonrishd";
18516+
18517+ unsigned char md[SHA512_DIGEST_LENGTH];
18518+
18519+ ERR_clear_error();
18520+ if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha512(), NULL)) return 0;
18521+ if (memcmp(md,digest,sizeof(md)))
18522+ return 0;
18523+ return 1;
18524+ }
18525+
18526+/* HMAC-SHA1: generate hash of known digest value and compare to known
18527+ precomputed correct hash
18528+*/
18529+static int FIPS_hmac_sha1_test()
18530+ {
18531+ unsigned char key[] = "etaonrishd";
18532+ unsigned char iv[] = "Sample text";
18533+ unsigned char kaval[EVP_MAX_MD_SIZE] =
18534+ {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
18535+ 0xb2, 0xfb, 0xec, 0xc6};
18536+
18537+ unsigned char out[EVP_MAX_MD_SIZE];
18538+ unsigned int outlen;
18539+
18540+ ERR_clear_error();
18541+ if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
18542+ if (memcmp(out,kaval,outlen))
18543+ return 0;
18544+ return 1;
18545+ }
18546+
18547+/* HMAC-SHA224: generate hash of known digest value and compare to known
18548+ precomputed correct hash
18549+*/
18550+static int FIPS_hmac_sha224_test()
18551+ {
18552+ unsigned char key[] = "etaonrishd";
18553+ unsigned char iv[] = "Sample text";
18554+ unsigned char kaval[EVP_MAX_MD_SIZE] =
18555+ {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
18556+ 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
18557+
18558+ unsigned char out[EVP_MAX_MD_SIZE];
18559+ unsigned int outlen;
18560+
18561+ ERR_clear_error();
18562+ if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
18563+ if (memcmp(out,kaval,outlen))
18564+ return 0;
18565+ return 1;
18566+ }
18567+
18568+/* HMAC-SHA256: generate hash of known digest value and compare to known
18569+ precomputed correct hash
18570+*/
18571+static int FIPS_hmac_sha256_test()
18572+ {
18573+ unsigned char key[] = "etaonrishd";
18574+ unsigned char iv[] = "Sample text";
18575+ unsigned char kaval[EVP_MAX_MD_SIZE] =
18576+ {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
18577+ 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
18578+
18579+ unsigned char out[EVP_MAX_MD_SIZE];
18580+ unsigned int outlen;
18581+
18582+ ERR_clear_error();
18583+ if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
18584+ if (memcmp(out,kaval,outlen))
18585+ return 0;
18586+ return 1;
18587+ }
18588+
18589+/* HMAC-SHA384: generate hash of known digest value and compare to known
18590+ precomputed correct hash
18591+*/
18592+static int FIPS_hmac_sha384_test()
18593+ {
18594+ unsigned char key[] = "etaonrishd";
18595+ unsigned char iv[] = "Sample text";
18596+ unsigned char kaval[EVP_MAX_MD_SIZE] =
18597+ {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
18598+ 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
18599+ 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
18600+
18601+ unsigned char out[EVP_MAX_MD_SIZE];
18602+ unsigned int outlen;
18603+
18604+ ERR_clear_error();
18605+ if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
18606+ if (memcmp(out,kaval,outlen))
18607+ return 0;
18608+ return 1;
18609+ }
18610+
18611+/* HMAC-SHA512: generate hash of known digest value and compare to known
18612+ precomputed correct hash
18613+*/
18614+static int FIPS_hmac_sha512_test()
18615+ {
18616+ unsigned char key[] = "etaonrishd";
18617+ unsigned char iv[] = "Sample text";
18618+ unsigned char kaval[EVP_MAX_MD_SIZE] =
18619+ {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
18620+ 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
18621+ 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
18622+ 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
18623+
18624+ unsigned char out[EVP_MAX_MD_SIZE];
18625+ unsigned int outlen;
18626+
18627+ ERR_clear_error();
18628+ if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
18629+ if (memcmp(out,kaval,outlen))
18630+ return 0;
18631+ return 1;
18632+ }
18633+
18634+
18635+/* DH: generate shared parameters
18636+*/
18637+static int dh_test()
18638+ {
18639+ DH *dh;
18640+ ERR_clear_error();
18641+ dh = FIPS_dh_new();
18642+ if (!dh)
18643+ return 0;
18644+ if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
18645+ return 0;
18646+ FIPS_dh_free(dh);
18647+ return 1;
18648+ }
18649+
18650+/* Zeroize
18651+*/
18652+static int Zeroize()
18653+ {
18654+ RSA *key;
18655+ BIGNUM *bn;
18656+ unsigned char userkey[16] =
18657+ { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
18658+ int i, n;
18659+
18660+ key = FIPS_rsa_new();
18661+ bn = BN_new();
18662+ if (!key || !bn)
18663+ return 0;
18664+ BN_set_word(bn, 65537);
18665+ if (!RSA_generate_key_ex(key, 1024,bn,NULL))
18666+ return 0;
18667+ BN_free(bn);
18668+
18669+ n = BN_num_bytes(key->d);
18670+ printf(" Generated %d byte RSA private key\n", n);
18671+ printf("\tBN key before overwriting:\n");
18672+ do_bn_print(stdout, key->d);
18673+ BN_rand(key->d,n*8,-1,0);
18674+ printf("\tBN key after overwriting:\n");
18675+ do_bn_print(stdout, key->d);
18676+
18677+ printf("\tchar buffer key before overwriting: \n\t\t");
18678+ for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
18679+ printf("\n");
18680+ RAND_bytes(userkey, sizeof userkey);
18681+ printf("\tchar buffer key after overwriting: \n\t\t");
18682+ for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
18683+ printf("\n");
18684+
18685+ return 1;
18686+ }
18687+
18688+static int Error;
18689+const char * Fail(const char *msg)
18690+ {
18691+ do_print_errors();
18692+ Error++;
18693+ return msg;
18694+ }
18695+
18696+int main(int argc,char **argv)
18697+ {
18698+
18699+ int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
18700+ int bad_rsa = 0, bad_dsa = 0;
18701+ int do_rng_stick = 0;
18702+ int no_exit = 0;
18703+
18704+ printf("\tFIPS-mode test application\n\n");
18705+
18706+ /* Load entropy from external file, if any */
18707+ RAND_load_file(".rnd", 1024);
18708+
18709+ if (argv[1]) {
18710+ /* Corrupted KAT tests */
18711+ if (!strcmp(argv[1], "aes")) {
18712+ FIPS_corrupt_aes();
18713+ printf("AES encryption/decryption with corrupted KAT...\n");
18714+ } else if (!strcmp(argv[1], "des")) {
18715+ FIPS_corrupt_des();
18716+ printf("DES3-ECB encryption/decryption with corrupted KAT...\n");
18717+ } else if (!strcmp(argv[1], "dsa")) {
18718+ FIPS_corrupt_dsa();
18719+ printf("DSA key generation and signature validation with corrupted KAT...\n");
18720+ } else if (!strcmp(argv[1], "rsa")) {
18721+ FIPS_corrupt_rsa();
18722+ printf("RSA key generation and signature validation with corrupted KAT...\n");
18723+ } else if (!strcmp(argv[1], "rsakey")) {
18724+ printf("RSA key generation and signature validation with corrupted key...\n");
18725+ bad_rsa = 1;
18726+ no_exit = 1;
18727+ } else if (!strcmp(argv[1], "rsakeygen")) {
18728+ do_corrupt_rsa_keygen = 1;
18729+ no_exit = 1;
18730+ printf("RSA key generation and signature validation with corrupted keygen...\n");
18731+ } else if (!strcmp(argv[1], "dsakey")) {
18732+ printf("DSA key generation and signature validation with corrupted key...\n");
18733+ bad_dsa = 1;
18734+ no_exit = 1;
18735+ } else if (!strcmp(argv[1], "dsakeygen")) {
18736+ do_corrupt_dsa_keygen = 1;
18737+ no_exit = 1;
18738+ printf("DSA key generation and signature validation with corrupted keygen...\n");
18739+ } else if (!strcmp(argv[1], "sha1")) {
18740+ FIPS_corrupt_sha1();
18741+ printf("SHA-1 hash with corrupted KAT...\n");
18742+ } else if (!strcmp(argv[1], "rng")) {
18743+ FIPS_corrupt_rng();
18744+ } else if (!strcmp(argv[1], "rngstick")) {
18745+ do_rng_stick = 1;
18746+ no_exit = 1;
18747+ printf("RNG test with stuck continuous test...\n");
18748+ } else {
18749+ printf("Bad argument \"%s\"\n", argv[1]);
18750+ exit(1);
18751+ }
18752+ if (!no_exit) {
18753+ if (!FIPS_mode_set(1)) {
18754+ do_print_errors();
18755+ printf("Power-up self test failed\n");
18756+ exit(1);
18757+ }
18758+ printf("Power-up self test successful\n");
18759+ exit(0);
18760+ }
18761+ }
18762+
18763+ /* Non-Approved cryptographic operation
18764+ */
18765+ printf("1. Non-Approved cryptographic operation test...\n");
18766+ printf("\ta. Included algorithm (D-H)...");
18767+ printf( dh_test() ? "successful\n" : Fail("FAILED!\n") );
18768+
18769+ /* Power-up self test
18770+ */
18771+ ERR_clear_error();
18772+ printf("2. Automatic power-up self test...");
18773+ if (!FIPS_mode_set(1))
18774+ {
18775+ do_print_errors();
18776+ printf(Fail("FAILED!\n"));
18777+ exit(1);
18778+ }
18779+ printf("successful\n");
18780+ if (do_corrupt_dsa_keygen)
18781+ FIPS_corrupt_dsa_keygen();
18782+ if (do_corrupt_rsa_keygen)
18783+ FIPS_corrupt_rsa_keygen();
18784+ if (do_rng_stick)
18785+ FIPS_rng_stick();
18786+
18787+ /* AES encryption/decryption
18788+ */
18789+ printf("3. AES encryption/decryption...");
18790+ printf( FIPS_aes_test() ? "successful\n" : Fail("FAILED!\n") );
18791+
18792+ /* RSA key generation and encryption/decryption
18793+ */
18794+ printf("4. RSA key generation and encryption/decryption...");
18795+ printf( FIPS_rsa_test(bad_rsa) ? "successful\n" : Fail("FAILED!\n") );
18796+
18797+ /* DES-CBC encryption/decryption
18798+ */
18799+ printf("5. DES-ECB encryption/decryption...");
18800+ printf( FIPS_des3_test() ? "successful\n" : Fail("FAILED!\n") );
18801+
18802+ /* DSA key generation and signature validation
18803+ */
18804+ printf("6. DSA key generation and signature validation...");
18805+ printf( FIPS_dsa_test(bad_dsa) ? "successful\n" : Fail("FAILED!\n") );
18806+
18807+ /* SHA-1 hash
18808+ */
18809+ printf("7a. SHA-1 hash...");
18810+ printf( FIPS_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
18811+
18812+ /* SHA-256 hash
18813+ */
18814+ printf("7b. SHA-256 hash...");
18815+ printf( FIPS_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
18816+
18817+ /* SHA-512 hash
18818+ */
18819+ printf("7c. SHA-512 hash...");
18820+ printf( FIPS_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
18821+
18822+ /* HMAC-SHA-1 hash
18823+ */
18824+ printf("7d. HMAC-SHA-1 hash...");
18825+ printf( FIPS_hmac_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
18826+
18827+ /* HMAC-SHA-224 hash
18828+ */
18829+ printf("7e. HMAC-SHA-224 hash...");
18830+ printf( FIPS_hmac_sha224_test() ? "successful\n" : Fail("FAILED!\n") );
18831+
18832+ /* HMAC-SHA-256 hash
18833+ */
18834+ printf("7f. HMAC-SHA-256 hash...");
18835+ printf( FIPS_hmac_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
18836+
18837+ /* HMAC-SHA-384 hash
18838+ */
18839+ printf("7g. HMAC-SHA-384 hash...");
18840+ printf( FIPS_hmac_sha384_test() ? "successful\n" : Fail("FAILED!\n") );
18841+
18842+ /* HMAC-SHA-512 hash
18843+ */
18844+ printf("7h. HMAC-SHA-512 hash...");
18845+ printf( FIPS_hmac_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
18846+
18847+ /* Non-Approved cryptographic operation
18848+ */
18849+ printf("8. Non-Approved cryptographic operation test...\n");
18850+ printf("\ta. Included algorithm (D-H)...");
18851+ printf( dh_test() ? "successful as expected\n"
18852+ : Fail("failed INCORRECTLY!\n") );
18853+
18854+ /* Zeroization
18855+ */
18856+ printf("9. Zero-ization...\n");
18857+ printf( Zeroize() ? "\tsuccessful as expected\n"
18858+ : Fail("\tfailed INCORRECTLY!\n") );
18859+
18860+ printf("\nAll tests completed with %d errors\n", Error);
18861+ return Error ? 1 : 0;
18862+ }
18863+
18864+#endif
a7ff9508
MT		 18865diff -up openssl-1.0.1b/crypto/fips/Makefile.fips openssl-1.0.1b/crypto/fips/Makefile
18866--- openssl-1.0.1b/crypto/fips/Makefile.fips 2012-04-26 18:00:51.409769496 +0200
18867+++ openssl-1.0.1b/crypto/fips/Makefile 2012-04-26 18:00:51.409769496 +0200
0595faf5
MT		 18868@@ -0,0 +1,340 @@
18869+#
18870+# OpenSSL/crypto/fips/Makefile
18871+#
18872+
18873+DIR= fips
18874+TOP= ../..
18875+CC= cc
18876+INCLUDES=
18877+CFLAG=-g
18878+MAKEFILE= Makefile
18879+AR= ar r
18880+
18881+CFLAGS= $(INCLUDES) $(CFLAG)
18882+
18883+GENERAL=Makefile
18884+TEST=fips_test_suite.c fips_randtest.c
18885+APPS=
18886+
18887+PROGRAM= fips_standalone_hmac
18888+EXE= $(PROGRAM)$(EXE_EXT)
18889+
18890+LIB=$(TOP)/libcrypto.a
18891+LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c \
18892+ fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
18893+ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
18894+ fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
18895+ fips_cmac_selftest.c fips_enc.c fips_md.c
18896+
18897+LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \
18898+ fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \
18899+ fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
18900+ fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
18901+ fips_cmac_selftest.o fips_enc.o fips_md.o
18902+
18903+LIBCRYPTO=-L.. -lcrypto
18904+
18905+SRC= $(LIBSRC) fips_standalone_hmac.c
18906+
18907+EXHEADER= fips.h fips_rand.h
18908+HEADER= $(EXHEADER)
18909+
18910+ALL= $(GENERAL) $(SRC) $(HEADER)
18911+
18912+top:
18913+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
18914+
18915+all: lib exe
18916+
18917+lib: $(LIBOBJ)
18918+ $(AR) $(LIB) $(LIBOBJ)
18919+ $(RANLIB) $(LIB) || echo Never mind.
18920+ @touch lib
18921+
18922+exe: $(EXE)
18923+
18924+files:
18925+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
18926+
18927+links:
18928+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
18929+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
18930+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
18931+
18932+install:
18933+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
18934+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
18935+ do \
18936+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
18937+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
18938+ done;
18939+
18940+tags:
18941+ ctags $(SRC)
18942+
18943+tests:
18944+
18945+lint:
18946+ lint -DLINT $(INCLUDES) $(SRC)>fluff
18947+
18948+depend:
18949+ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
18950+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
18951+
18952+dclean:
18953+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
18954+ mv -f Makefile.new $(MAKEFILE)
18955+
18956+clean:
18957+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
18958+
18959+$(EXE): $(PROGRAM).o
18960+ FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../sha/$$i" ; done; \
18961+ $(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM
18962+
18963+# DO NOT DELETE THIS LINE -- make depend depends on it.
18964+
18965+fips.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
18966+fips.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
18967+fips.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
18968+fips.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
18969+fips.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
18970+fips.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
18971+fips.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
18972+fips.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
18973+fips.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
18974+fips.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
18975+fips.o: ../../include/openssl/symhacks.h fips.c fips_locl.h
18976+fips_aes_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
18977+fips_aes_selftest.o: ../../include/openssl/crypto.h
18978+fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
18979+fips_aes_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
18980+fips_aes_selftest.o: ../../include/openssl/lhash.h
18981+fips_aes_selftest.o: ../../include/openssl/obj_mac.h
18982+fips_aes_selftest.o: ../../include/openssl/objects.h
18983+fips_aes_selftest.o: ../../include/openssl/opensslconf.h
18984+fips_aes_selftest.o: ../../include/openssl/opensslv.h
18985+fips_aes_selftest.o: ../../include/openssl/ossl_typ.h
18986+fips_aes_selftest.o: ../../include/openssl/safestack.h
18987+fips_aes_selftest.o: ../../include/openssl/stack.h
18988+fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c
18989+fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
18990+fips_des_selftest.o: ../../include/openssl/crypto.h
18991+fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
18992+fips_des_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
18993+fips_des_selftest.o: ../../include/openssl/lhash.h
18994+fips_des_selftest.o: ../../include/openssl/obj_mac.h
18995+fips_des_selftest.o: ../../include/openssl/objects.h
18996+fips_des_selftest.o: ../../include/openssl/opensslconf.h
18997+fips_des_selftest.o: ../../include/openssl/opensslv.h
18998+fips_des_selftest.o: ../../include/openssl/ossl_typ.h
18999+fips_des_selftest.o: ../../include/openssl/safestack.h
19000+fips_des_selftest.o: ../../include/openssl/stack.h
19001+fips_des_selftest.o: ../../include/openssl/symhacks.h fips_des_selftest.c
19002+fips_drbg_ctr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19003+fips_drbg_ctr.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19004+fips_drbg_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
19005+fips_drbg_ctr.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
19006+fips_drbg_ctr.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
19007+fips_drbg_ctr.o: ../../include/openssl/objects.h
19008+fips_drbg_ctr.o: ../../include/openssl/opensslconf.h
19009+fips_drbg_ctr.o: ../../include/openssl/opensslv.h
19010+fips_drbg_ctr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19011+fips_drbg_ctr.o: ../../include/openssl/safestack.h
19012+fips_drbg_ctr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
19013+fips_drbg_ctr.o: fips_drbg_ctr.c fips_rand_lcl.h
19014+fips_drbg_hash.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19015+fips_drbg_hash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19016+fips_drbg_hash.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
19017+fips_drbg_hash.o: ../../include/openssl/fips.h
19018+fips_drbg_hash.o: ../../include/openssl/fips_rand.h
19019+fips_drbg_hash.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
19020+fips_drbg_hash.o: ../../include/openssl/objects.h
19021+fips_drbg_hash.o: ../../include/openssl/opensslconf.h
19022+fips_drbg_hash.o: ../../include/openssl/opensslv.h
19023+fips_drbg_hash.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19024+fips_drbg_hash.o: ../../include/openssl/safestack.h
19025+fips_drbg_hash.o: ../../include/openssl/stack.h
19026+fips_drbg_hash.o: ../../include/openssl/symhacks.h fips_drbg_hash.c
19027+fips_drbg_hash.o: fips_rand_lcl.h
19028+fips_drbg_hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19029+fips_drbg_hmac.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19030+fips_drbg_hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
19031+fips_drbg_hmac.o: ../../include/openssl/fips.h
19032+fips_drbg_hmac.o: ../../include/openssl/fips_rand.h
19033+fips_drbg_hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
19034+fips_drbg_hmac.o: ../../include/openssl/objects.h
19035+fips_drbg_hmac.o: ../../include/openssl/opensslconf.h
19036+fips_drbg_hmac.o: ../../include/openssl/opensslv.h
19037+fips_drbg_hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19038+fips_drbg_hmac.o: ../../include/openssl/safestack.h
19039+fips_drbg_hmac.o: ../../include/openssl/stack.h
19040+fips_drbg_hmac.o: ../../include/openssl/symhacks.h fips_drbg_hmac.c
19041+fips_drbg_hmac.o: fips_rand_lcl.h
19042+fips_drbg_lib.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19043+fips_drbg_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19044+fips_drbg_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19045+fips_drbg_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19046+fips_drbg_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
19047+fips_drbg_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
19048+fips_drbg_lib.o: ../../include/openssl/objects.h
19049+fips_drbg_lib.o: ../../include/openssl/opensslconf.h
19050+fips_drbg_lib.o: ../../include/openssl/opensslv.h
19051+fips_drbg_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19052+fips_drbg_lib.o: ../../include/openssl/safestack.h
19053+fips_drbg_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
19054+fips_drbg_lib.o: fips_drbg_lib.c fips_locl.h fips_rand_lcl.h
19055+fips_drbg_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19056+fips_drbg_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19057+fips_drbg_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19058+fips_drbg_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19059+fips_drbg_rand.o: ../../include/openssl/fips_rand.h
19060+fips_drbg_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
19061+fips_drbg_rand.o: ../../include/openssl/obj_mac.h
19062+fips_drbg_rand.o: ../../include/openssl/objects.h
19063+fips_drbg_rand.o: ../../include/openssl/opensslconf.h
19064+fips_drbg_rand.o: ../../include/openssl/opensslv.h
19065+fips_drbg_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19066+fips_drbg_rand.o: ../../include/openssl/safestack.h
19067+fips_drbg_rand.o: ../../include/openssl/stack.h
19068+fips_drbg_rand.o: ../../include/openssl/symhacks.h fips_drbg_rand.c
19069+fips_drbg_rand.o: fips_rand_lcl.h
19070+fips_drbg_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19071+fips_drbg_selftest.o: ../../include/openssl/bio.h
19072+fips_drbg_selftest.o: ../../include/openssl/crypto.h
19073+fips_drbg_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19074+fips_drbg_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19075+fips_drbg_selftest.o: ../../include/openssl/fips_rand.h
19076+fips_drbg_selftest.o: ../../include/openssl/hmac.h
19077+fips_drbg_selftest.o: ../../include/openssl/lhash.h
19078+fips_drbg_selftest.o: ../../include/openssl/obj_mac.h
19079+fips_drbg_selftest.o: ../../include/openssl/objects.h
19080+fips_drbg_selftest.o: ../../include/openssl/opensslconf.h
19081+fips_drbg_selftest.o: ../../include/openssl/opensslv.h
19082+fips_drbg_selftest.o: ../../include/openssl/ossl_typ.h
19083+fips_drbg_selftest.o: ../../include/openssl/rand.h
19084+fips_drbg_selftest.o: ../../include/openssl/safestack.h
19085+fips_drbg_selftest.o: ../../include/openssl/stack.h
19086+fips_drbg_selftest.o: ../../include/openssl/symhacks.h fips_drbg_selftest.c
19087+fips_drbg_selftest.o: fips_drbg_selftest.h fips_locl.h fips_rand_lcl.h
19088+fips_dsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19089+fips_dsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
19090+fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
19091+fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
19092+fips_dsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
19093+fips_dsa_selftest.o: ../../include/openssl/obj_mac.h
19094+fips_dsa_selftest.o: ../../include/openssl/objects.h
19095+fips_dsa_selftest.o: ../../include/openssl/opensslconf.h
19096+fips_dsa_selftest.o: ../../include/openssl/opensslv.h
19097+fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h
19098+fips_dsa_selftest.o: ../../include/openssl/safestack.h
19099+fips_dsa_selftest.o: ../../include/openssl/stack.h
19100+fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
19101+fips_dsa_selftest.o: fips_locl.h
19102+fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19103+fips_hmac_selftest.o: ../../include/openssl/crypto.h
19104+fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19105+fips_hmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19106+fips_hmac_selftest.o: ../../include/openssl/hmac.h
19107+fips_hmac_selftest.o: ../../include/openssl/lhash.h
19108+fips_hmac_selftest.o: ../../include/openssl/obj_mac.h
19109+fips_hmac_selftest.o: ../../include/openssl/objects.h
19110+fips_hmac_selftest.o: ../../include/openssl/opensslconf.h
19111+fips_hmac_selftest.o: ../../include/openssl/opensslv.h
19112+fips_hmac_selftest.o: ../../include/openssl/ossl_typ.h
19113+fips_hmac_selftest.o: ../../include/openssl/safestack.h
19114+fips_hmac_selftest.o: ../../include/openssl/stack.h
19115+fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c
19116+fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19117+fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19118+fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
19119+fips_post.o: ../../include/openssl/err.h ../../include/openssl/evp.h
19120+fips_post.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
19121+fips_post.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
19122+fips_post.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
19123+fips_post.o: ../../include/openssl/opensslconf.h
19124+fips_post.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
19125+fips_post.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
19126+fips_post.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
19127+fips_post.o: ../../include/openssl/symhacks.h fips_locl.h fips_post.c
19128+fips_rand.o: ../../e_os.h ../../include/openssl/aes.h
19129+fips_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19130+fips_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
19131+fips_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h
19132+fips_rand.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
19133+fips_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
19134+fips_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
19135+fips_rand.o: ../../include/openssl/opensslconf.h
19136+fips_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
19137+fips_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
19138+fips_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
19139+fips_rand.o: fips_locl.h fips_rand.c
19140+fips_rand_lib.o: ../../e_os.h ../../include/openssl/aes.h
19141+fips_rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19142+fips_rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
19143+fips_rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
19144+fips_rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
19145+fips_rand_lib.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
19146+fips_rand_lib.o: ../../include/openssl/obj_mac.h
19147+fips_rand_lib.o: ../../include/openssl/objects.h
19148+fips_rand_lib.o: ../../include/openssl/opensslconf.h
19149+fips_rand_lib.o: ../../include/openssl/opensslv.h
19150+fips_rand_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19151+fips_rand_lib.o: ../../include/openssl/safestack.h
19152+fips_rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
19153+fips_rand_lib.o: fips_rand_lib.c
19154+fips_rand_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19155+fips_rand_selftest.o: ../../include/openssl/bio.h
19156+fips_rand_selftest.o: ../../include/openssl/crypto.h
19157+fips_rand_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19158+fips_rand_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19159+fips_rand_selftest.o: ../../include/openssl/fips_rand.h
19160+fips_rand_selftest.o: ../../include/openssl/hmac.h
19161+fips_rand_selftest.o: ../../include/openssl/lhash.h
19162+fips_rand_selftest.o: ../../include/openssl/obj_mac.h
19163+fips_rand_selftest.o: ../../include/openssl/objects.h
19164+fips_rand_selftest.o: ../../include/openssl/opensslconf.h
19165+fips_rand_selftest.o: ../../include/openssl/opensslv.h
19166+fips_rand_selftest.o: ../../include/openssl/ossl_typ.h
19167+fips_rand_selftest.o: ../../include/openssl/rand.h
19168+fips_rand_selftest.o: ../../include/openssl/safestack.h
19169+fips_rand_selftest.o: ../../include/openssl/stack.h
19170+fips_rand_selftest.o: ../../include/openssl/symhacks.h fips_locl.h
19171+fips_rand_selftest.o: fips_rand_selftest.c
19172+fips_rsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19173+fips_rsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
19174+fips_rsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19175+fips_rsa_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19176+fips_rsa_selftest.o: ../../include/openssl/lhash.h
19177+fips_rsa_selftest.o: ../../include/openssl/obj_mac.h
19178+fips_rsa_selftest.o: ../../include/openssl/objects.h
19179+fips_rsa_selftest.o: ../../include/openssl/opensslconf.h
19180+fips_rsa_selftest.o: ../../include/openssl/opensslv.h
19181+fips_rsa_selftest.o: ../../include/openssl/ossl_typ.h
19182+fips_rsa_selftest.o: ../../include/openssl/rsa.h
19183+fips_rsa_selftest.o: ../../include/openssl/safestack.h
19184+fips_rsa_selftest.o: ../../include/openssl/stack.h
19185+fips_rsa_selftest.o: ../../include/openssl/symhacks.h fips_rsa_selftest.c
19186+fips_rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19187+fips_rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
19188+fips_rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19189+fips_rsa_x931g.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
19190+fips_rsa_x931g.o: ../../include/openssl/opensslconf.h
19191+fips_rsa_x931g.o: ../../include/openssl/opensslv.h
19192+fips_rsa_x931g.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
19193+fips_rsa_x931g.o: ../../include/openssl/safestack.h
19194+fips_rsa_x931g.o: ../../include/openssl/stack.h
19195+fips_rsa_x931g.o: ../../include/openssl/symhacks.h fips_rsa_x931g.c
19196+fips_sha_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19197+fips_sha_selftest.o: ../../include/openssl/crypto.h
19198+fips_sha_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19199+fips_sha_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19200+fips_sha_selftest.o: ../../include/openssl/lhash.h
19201+fips_sha_selftest.o: ../../include/openssl/obj_mac.h
19202+fips_sha_selftest.o: ../../include/openssl/objects.h
19203+fips_sha_selftest.o: ../../include/openssl/opensslconf.h
19204+fips_sha_selftest.o: ../../include/openssl/opensslv.h
19205+fips_sha_selftest.o: ../../include/openssl/ossl_typ.h
19206+fips_sha_selftest.o: ../../include/openssl/safestack.h
19207+fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
19208+fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c
a7ff9508
MT		 19209diff -up openssl-1.0.1b/crypto/hmac/hmac.c.fips openssl-1.0.1b/crypto/hmac/hmac.c
19210--- openssl-1.0.1b/crypto/hmac/hmac.c.fips 2011-06-12 17:07:26.000000000 +0200
19211+++ openssl-1.0.1b/crypto/hmac/hmac.c 2012-04-26 18:00:51.409769496 +0200
0595faf5
MT		 19212@@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
19213 EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
19214 return 0;
19215 }
19216- /* Other algorithm blocking will be done in FIPS_cmac_init,
19217- * via FIPS_hmac_init_ex().
19218- */
19219- if (!impl && !ctx->i_ctx.engine)
19220- return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
19221 }
19222 #endif
19223
19224@@ -99,6 +94,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
19225
19226 if (key != NULL)
19227 {
19228+#ifdef OPENSSL_FIPS
19229+ if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
19230+ && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
19231+ || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
19232+ || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
19233+ goto err;
19234+#endif
19235 reset=1;
19236 j=EVP_MD_block_size(md);
19237 OPENSSL_assert(j <= (int)sizeof(ctx->key));
19238@@ -155,10 +157,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void
19239
19240 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
19241 {
19242-#ifdef OPENSSL_FIPS
19243- if (FIPS_mode() && !ctx->i_ctx.engine)
19244- return FIPS_hmac_update(ctx, data, len);
19245-#endif
19246 return EVP_DigestUpdate(&ctx->md_ctx,data,len);
19247 }
19248
19249@@ -166,10 +164,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned c
19250 {
19251 unsigned int i;
19252 unsigned char buf[EVP_MAX_MD_SIZE];
19253-#ifdef OPENSSL_FIPS
19254- if (FIPS_mode() && !ctx->i_ctx.engine)
19255- return FIPS_hmac_final(ctx, md, len);
19256-#endif
19257
19258 if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
19259 goto err;
19260@@ -209,13 +203,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_C
19261
19262 void HMAC_CTX_cleanup(HMAC_CTX *ctx)
19263 {
19264-#ifdef OPENSSL_FIPS
19265- if (FIPS_mode() && !ctx->i_ctx.engine)
19266- {
19267- FIPS_hmac_ctx_cleanup(ctx);
19268- return;
19269- }
19270-#endif
19271 EVP_MD_CTX_cleanup(&ctx->i_ctx);
19272 EVP_MD_CTX_cleanup(&ctx->o_ctx);
19273 EVP_MD_CTX_cleanup(&ctx->md_ctx);
a7ff9508
MT		 19274diff -up openssl-1.0.1b/crypto/md2/md2_dgst.c.fips openssl-1.0.1b/crypto/md2/md2_dgst.c
19275--- openssl-1.0.1b/crypto/md2/md2_dgst.c.fips 2011-06-01 15:39:43.000000000 +0200
19276+++ openssl-1.0.1b/crypto/md2/md2_dgst.c 2012-04-26 18:00:51.409769496 +0200
0595faf5
MT		 19277@@ -62,6 +62,11 @@
19278 #include <openssl/md2.h>
19279 #include <openssl/opensslv.h>
19280 #include <openssl/crypto.h>
19281+#ifdef OPENSSL_FIPS
19282+#include <openssl/fips.h>
19283+#endif
19284+
19285+#include <openssl/err.h>
19286
19287 const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;
19288
19289@@ -116,7 +121,7 @@ const char *MD2_options(void)
19290 return("md2(int)");
19291 }
19292
19293-fips_md_init(MD2)
19294+nonfips_md_init(MD2)
19295 {
19296 c->num=0;
19297 memset(c->state,0,sizeof c->state);
a7ff9508
MT		 19298diff -up openssl-1.0.1b/crypto/md4/md4_dgst.c.fips openssl-1.0.1b/crypto/md4/md4_dgst.c
19299--- openssl-1.0.1b/crypto/md4/md4_dgst.c.fips 2011-06-01 15:39:43.000000000 +0200
19300+++ openssl-1.0.1b/crypto/md4/md4_dgst.c 2012-04-26 18:00:51.409769496 +0200
0595faf5
MT		 19301@@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V
19302 #define INIT_DATA_C (unsigned long)0x98badcfeL
19303 #define INIT_DATA_D (unsigned long)0x10325476L
19304
19305-fips_md_init(MD4)
19306+nonfips_md_init(MD4)
19307 {
19308 memset (c,0,sizeof(*c));
19309 c->A=INIT_DATA_A;
a7ff9508
MT		 19310diff -up openssl-1.0.1b/crypto/md5/md5_dgst.c.fips openssl-1.0.1b/crypto/md5/md5_dgst.c
19311--- openssl-1.0.1b/crypto/md5/md5_dgst.c.fips 2011-06-01 15:39:43.000000000 +0200
19312+++ openssl-1.0.1b/crypto/md5/md5_dgst.c 2012-04-26 18:00:51.409769496 +0200
0595faf5
MT		 19313@@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V
19314 #define INIT_DATA_C (unsigned long)0x98badcfeL
19315 #define INIT_DATA_D (unsigned long)0x10325476L
19316
19317-fips_md_init(MD5)
19318+nonfips_md_init(MD5)
19319 {
19320 memset (c,0,sizeof(*c));
19321 c->A=INIT_DATA_A;
a7ff9508
MT		 19322diff -up openssl-1.0.1b/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1b/crypto/mdc2/mdc2dgst.c
19323--- openssl-1.0.1b/crypto/mdc2/mdc2dgst.c.fips 2011-06-01 15:39:44.000000000 +0200
19324+++ openssl-1.0.1b/crypto/mdc2/mdc2dgst.c 2012-04-26 18:00:51.691775656 +0200
0595faf5
MT		 19325@@ -76,7 +76,7 @@
19326 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
19327
19328 static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
19329-fips_md_init(MDC2)
19330+nonfips_md_init(MDC2)
19331 {
19332 c->num=0;
19333 c->pad_type=1;
a7ff9508
MT		 19334diff -up openssl-1.0.1b/crypto/o_init.c.fips openssl-1.0.1b/crypto/o_init.c
19335--- openssl-1.0.1b/crypto/o_init.c.fips 2011-05-26 16:19:19.000000000 +0200
19336+++ openssl-1.0.1b/crypto/o_init.c 2012-04-26 18:00:51.696775766 +0200
0595faf5
MT		 19337@@ -55,28 +55,63 @@
19338 #include <e_os.h>
19339 #include <openssl/err.h>
19340 #ifdef OPENSSL_FIPS
19341+#include <sys/types.h>
19342+#include <sys/stat.h>
19343+#include <fcntl.h>
19344+#include <unistd.h>
19345+#include <errno.h>
19346+#include <stdlib.h>
19347 #include <openssl/fips.h>
19348 #include <openssl/rand.h>
19349+
19350+#define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
19351+
19352+static void init_fips_mode(void)
19353+ {
19354+ char buf[2] = "0";
19355+ int fd;
19356+
19357+ if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
19358+ {
19359+ buf[0] = '1';
19360+ }
19361+ else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0)
19362+ {
19363+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
19364+ close(fd);
19365+ }
19366+ /* Failure reading the fips mode switch file means just not
19367+ * switching into FIPS mode. We would break too many things
19368+ * otherwise.
19369+ */
19370+
19371+ if (buf[0] == '1')
19372+ {
19373+ FIPS_mode_set(1);
19374+ }
19375+ }
19376 #endif
19377
19378 /* Perform any essential OpenSSL initialization operations.
19379 * Currently only sets FIPS callbacks
19380 */
19381
19382-void OPENSSL_init(void)
19383+void OPENSSL_init_library(void)
19384 {
19385 static int done = 0;
19386 if (done)
19387 return;
19388 done = 1;
19389 #ifdef OPENSSL_FIPS
19390- FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
19391- FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
19392- FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
19393 RAND_init_fips();
19394+ init_fips_mode();
19395 #endif
19396 #if 0
19397 fprintf(stderr, "Called OPENSSL_init\n");
19398 #endif
19399 }
19400
19401+void OPENSSL_init(void)
19402+ {
19403+ OPENSSL_init_library();
19404+ }
a7ff9508
MT		 19405diff -up openssl-1.0.1b/crypto/opensslconf.h.in.fips openssl-1.0.1b/crypto/opensslconf.h.in
19406--- openssl-1.0.1b/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100
19407+++ openssl-1.0.1b/crypto/opensslconf.h.in 2012-04-26 18:00:51.702775897 +0200
0595faf5
MT		 19408@@ -1,5 +1,20 @@
19409 /* crypto/opensslconf.h.in */
19410
19411+#ifdef OPENSSL_DOING_MAKEDEPEND
19412+
19413+/* Include any symbols here that have to be explicitly set to enable a feature
19414+ * that should be visible to makedepend.
19415+ *
19416+ * [Our "make depend" doesn't actually look at this, we use actual build settings
19417+ * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
19418+ */
19419+
19420+#ifndef OPENSSL_FIPS
19421+#define OPENSSL_FIPS
19422+#endif
19423+
19424+#endif
19425+
19426 /* Generate 80386 code? */
19427 #undef I386_ONLY
19428
a7ff9508
MT		 19429diff -up openssl-1.0.1b/crypto/pkcs12/p12_crt.c.fips openssl-1.0.1b/crypto/pkcs12/p12_crt.c
19430--- openssl-1.0.1b/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100
19431+++ openssl-1.0.1b/crypto/pkcs12/p12_crt.c 2012-04-26 18:00:51.708776028 +0200
0595faf5
MT		 19432@@ -59,6 +59,10 @@
19433 #include <stdio.h>
19434 #include "cryptlib.h"
19435 #include <openssl/pkcs12.h>
19436+#ifdef OPENSSL_FIPS
19437+#include <openssl/fips.h>
19438+#endif
19439+
19440
19441
19442 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
19443@@ -90,7 +94,14 @@ PKCS12 *PKCS12_create(char *pass, char *
19444
19445 /* Set defaults */
19446 if (!nid_cert)
19447+ {
19448+#ifdef OPENSSL_FIPS
19449+ if (FIPS_mode())
19450+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
19451+ else
19452+#endif
19453 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
19454+ }
19455 if (!nid_key)
19456 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
19457 if (!iter)
a7ff9508
MT		 19458diff -up openssl-1.0.1b/crypto/rand/md_rand.c.fips openssl-1.0.1b/crypto/rand/md_rand.c
19459--- openssl-1.0.1b/crypto/rand/md_rand.c.fips 2011-01-26 15:55:23.000000000 +0100
19460+++ openssl-1.0.1b/crypto/rand/md_rand.c 2012-04-26 18:00:51.713776137 +0200
0595faf5
MT		 19461@@ -389,7 +389,10 @@ static int ssleay_rand_bytes(unsigned ch
19462 CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
19463 crypto_lock_rand = 1;
19464
19465- if (!initialized)
19466+ /* always poll for external entropy in FIPS mode, drbg provides the
19467+ * expansion
19468+ */
19469+ if (!initialized || FIPS_module_mode())
19470 {
19471 RAND_poll();
19472 initialized = 1;
a7ff9508
MT		 19473diff -up openssl-1.0.1b/crypto/rand/rand.h.fips openssl-1.0.1b/crypto/rand/rand.h
19474--- openssl-1.0.1b/crypto/rand/rand.h.fips 2012-04-26 18:00:50.809756388 +0200
19475+++ openssl-1.0.1b/crypto/rand/rand.h 2012-04-26 18:00:51.714776159 +0200
0595faf5
MT		 19476@@ -133,15 +133,33 @@ void ERR_load_RAND_strings(void);
19477 /* Error codes for the RAND functions. */
19478
19479 /* Function codes. */
19480+#define RAND_F_ENG_RAND_GET_RAND_METHOD 108
19481+#define RAND_F_FIPS_RAND 103
19482+#define RAND_F_FIPS_RAND_BYTES 102
19483+#define RAND_F_FIPS_RAND_SET_DT 106
19484+#define RAND_F_FIPS_X931_SET_DT 106
19485+#define RAND_F_FIPS_SET_DT 104
19486+#define RAND_F_FIPS_SET_PRNG_SEED 107
19487+#define RAND_F_FIPS_SET_TEST_MODE 105
19488 #define RAND_F_RAND_GET_RAND_METHOD 101
19489-#define RAND_F_RAND_INIT_FIPS 102
19490+#define RAND_F_RAND_INIT_FIPS 109
19491 #define RAND_F_SSLEAY_RAND_BYTES 100
19492
19493 /* Reason codes. */
19494-#define RAND_R_ERROR_INITIALISING_DRBG 102
19495-#define RAND_R_ERROR_INSTANTIATING_DRBG 103
19496-#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101
19497+#define RAND_R_ERROR_INITIALISING_DRBG 112
19498+#define RAND_R_ERROR_INSTANTIATING_DRBG 113
19499+#define RAND_R_NON_FIPS_METHOD 105
19500+#define RAND_R_NOT_IN_TEST_MODE 106
19501+#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 111
19502+#define RAND_R_NO_KEY_SET 107
19503+#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101
19504+#define RAND_R_PRNG_ERROR 108
19505+#define RAND_R_PRNG_KEYED 109
19506+#define RAND_R_PRNG_NOT_REKEYED 102
19507+#define RAND_R_PRNG_NOT_RESEEDED 103
19508 #define RAND_R_PRNG_NOT_SEEDED 100
19509+#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110
19510+#define RAND_R_PRNG_STUCK 104
19511
19512 #ifdef __cplusplus
19513 }
a7ff9508
MT		 19514diff -up openssl-1.0.1b/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1b/crypto/ripemd/rmd_dgst.c
19515--- openssl-1.0.1b/crypto/ripemd/rmd_dgst.c.fips 2011-06-01 15:39:44.000000000 +0200
19516+++ openssl-1.0.1b/crypto/ripemd/rmd_dgst.c 2012-04-26 18:00:51.715776181 +0200
0595faf5
MT		 19517@@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160"
19518 void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
19519 # endif
19520
19521-fips_md_init(RIPEMD160)
19522+nonfips_md_init(RIPEMD160)
19523 {
19524 memset (c,0,sizeof(*c));
19525 c->A=RIPEMD160_A;
a7ff9508
MT		 19526diff -up openssl-1.0.1b/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1b/crypto/rsa/rsa_crpt.c
19527--- openssl-1.0.1b/crypto/rsa/rsa_crpt.c.fips 2011-06-02 20:22:42.000000000 +0200
19528+++ openssl-1.0.1b/crypto/rsa/rsa_crpt.c 2012-04-26 18:00:51.715776181 +0200
0595faf5
MT		 19529@@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const
19530 RSA *rsa, int padding)
19531 {
19532 #ifdef OPENSSL_FIPS
19533- if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
19534- && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
19535+ if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
19536 {
19537- RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
19538+ RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
19539 return -1;
19540 }
19541 #endif
19542@@ -118,10 +117,9 @@ int RSA_public_decrypt(int flen, const u
19543 RSA *rsa, int padding)
19544 {
19545 #ifdef OPENSSL_FIPS
19546- if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
19547- && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
19548+ if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
19549 {
19550- RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
19551+ RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
19552 return -1;
19553 }
19554 #endif
a7ff9508
MT		 19555diff -up openssl-1.0.1b/crypto/rsa/rsa_eay.c.fips openssl-1.0.1b/crypto/rsa/rsa_eay.c
19556--- openssl-1.0.1b/crypto/rsa/rsa_eay.c.fips 2011-10-19 16:58:59.000000000 +0200
19557+++ openssl-1.0.1b/crypto/rsa/rsa_eay.c 2012-04-26 18:00:51.716776203 +0200
0595faf5
MT		 19558@@ -114,6 +114,10 @@
19559 #include <openssl/bn.h>
19560 #include <openssl/rsa.h>
19561 #include <openssl/rand.h>
19562+#include <openssl/err.h>
19563+#ifdef OPENSSL_FIPS
19564+#include <openssl/fips.h>
19565+#endif
19566
19567 #ifndef RSA_NULL
19568
19569@@ -138,7 +142,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth={
19570 BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */
19571 RSA_eay_init,
19572 RSA_eay_finish,
19573- 0, /* flags */
19574+ RSA_FLAG_FIPS_METHOD, /* flags */
19575 NULL,
19576 0, /* rsa_sign */
19577 0, /* rsa_verify */
19578@@ -158,6 +162,24 @@ static int RSA_eay_public_encrypt(int fl
19579 unsigned char *buf=NULL;
19580 BN_CTX *ctx=NULL;
19581
19582+#ifdef OPENSSL_FIPS
19583+ if(FIPS_mode())
19584+ {
19585+ if (FIPS_selftest_failed())
19586+ {
19587+ FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
19588+ goto err;
19589+ }
19590+
19591+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
19592+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
19593+ {
19594+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
19595+ return -1;
19596+ }
19597+ }
19598+#endif
19599+
19600 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
19601 {
19602 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
19603@@ -361,6 +383,24 @@ static int RSA_eay_private_encrypt(int f
19604 BIGNUM *unblind = NULL;
19605 BN_BLINDING *blinding = NULL;
19606
19607+#ifdef OPENSSL_FIPS
19608+ if (FIPS_mode())
19609+ {
19610+ if(FIPS_selftest_failed())
19611+ {
19612+ FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
19613+ return -1;
19614+ }
19615+
19616+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
19617+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
19618+ {
19619+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
19620+ return -1;
19621+ }
19622+ }
19623+#endif
19624+
19625 if ((ctx=BN_CTX_new()) == NULL) goto err;
19626 BN_CTX_start(ctx);
19627 f = BN_CTX_get(ctx);
19628@@ -504,6 +544,24 @@ static int RSA_eay_private_decrypt(int f
19629 BIGNUM *unblind = NULL;
19630 BN_BLINDING *blinding = NULL;
19631
19632+#ifdef OPENSSL_FIPS
19633+ if (FIPS_mode())
19634+ {
19635+ if(FIPS_selftest_failed())
19636+ {
19637+ FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
19638+ return -1;
19639+ }
19640+
19641+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
19642+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
19643+ {
19644+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
19645+ return -1;
19646+ }
19647+ }
19648+#endif
19649+
19650 if((ctx = BN_CTX_new()) == NULL) goto err;
19651 BN_CTX_start(ctx);
19652 f = BN_CTX_get(ctx);
19653@@ -639,6 +697,24 @@ static int RSA_eay_public_decrypt(int fl
19654 unsigned char *buf=NULL;
19655 BN_CTX *ctx=NULL;
19656
19657+#ifdef OPENSSL_FIPS
19658+ if (FIPS_mode())
19659+ {
19660+ if(FIPS_selftest_failed())
19661+ {
19662+ FIPSerr(FIPS_F_RSA_EAY_PUBLIC_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
19663+ goto err;
19664+ }
19665+
19666+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
19667+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
19668+ {
19669+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
19670+ return -1;
19671+ }
19672+ }
19673+#endif
19674+
19675 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
19676 {
19677 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
19678@@ -847,12 +923,12 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c
19679 if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
19680
19681 /* If p < q it is occasionally possible for the correction of
19682- * adding 'p' if r0 is negative above to leave the result still
19683+ * adding 'p' if r0 is negative above to leave the result still
19684 * negative. This can break the private key operations: the following
19685 * second correction should *always* correct this rare occurrence.
19686 * This will *never* happen with OpenSSL generated keys because
19687- * they ensure p > q [steve]
19688- */
19689+ * they ensure p > q [steve]
19690+ */
19691 if (BN_is_negative(r0))
19692 if (!BN_add(r0,r0,rsa->p)) goto err;
19693 if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
19694@@ -897,6 +973,9 @@ err:
19695
19696 static int RSA_eay_init(RSA *rsa)
19697 {
19698+#ifdef OPENSSL_FIPS
19699+ FIPS_selftest_check();
19700+#endif
19701 rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
19702 return(1);
19703 }
a7ff9508
MT		 19704diff -up openssl-1.0.1b/crypto/rsa/rsa_err.c.fips openssl-1.0.1b/crypto/rsa/rsa_err.c
19705--- openssl-1.0.1b/crypto/rsa/rsa_err.c.fips 2011-10-10 01:13:50.000000000 +0200
19706+++ openssl-1.0.1b/crypto/rsa/rsa_err.c 2012-04-26 18:00:51.717776225 +0200
0595faf5
MT		 19707@@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]=
19708 {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"},
19709 {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
19710 {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
19711+{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"},
19712+{ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"},
19713 {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
19714 {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
19715 {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
a7ff9508
MT		 19716diff -up openssl-1.0.1b/crypto/rsa/rsa_gen.c.fips openssl-1.0.1b/crypto/rsa/rsa_gen.c
19717--- openssl-1.0.1b/crypto/rsa/rsa_gen.c.fips 2011-06-09 15:18:07.000000000 +0200
19718+++ openssl-1.0.1b/crypto/rsa/rsa_gen.c 2012-04-26 18:00:51.718776246 +0200
0595faf5
MT		 19719@@ -69,6 +69,78 @@
19720 #include <openssl/rsa.h>
19721 #ifdef OPENSSL_FIPS
19722 #include <openssl/fips.h>
19723+#include <openssl/err.h>
19724+#include <openssl/evp.h>
19725+
19726+static int fips_rsa_pairwise_fail = 0;
19727+
19728+void FIPS_corrupt_rsa_keygen(void)
19729+ {
19730+ fips_rsa_pairwise_fail = 1;
19731+ }
19732+
19733+int fips_check_rsa(RSA *rsa)
19734+ {
19735+ const unsigned char tbs[] = "RSA Pairwise Check Data";
19736+ unsigned char *ctbuf = NULL, *ptbuf = NULL;
19737+ int len, ret = 0;
19738+ EVP_PKEY *pk;
19739+
19740+ if ((pk=EVP_PKEY_new()) == NULL)
19741+ goto err;
19742+
19743+ EVP_PKEY_set1_RSA(pk, rsa);
19744+
19745+ /* Perform pairwise consistency signature test */
19746+ if (!fips_pkey_signature_test(pk, tbs, -1,
19747+ NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
19748+ || !fips_pkey_signature_test(pk, tbs, -1,
19749+ NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, NULL)
19750+ || !fips_pkey_signature_test(pk, tbs, -1,
19751+ NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, NULL))
19752+ goto err;
19753+ /* Now perform pairwise consistency encrypt/decrypt test */
19754+ ctbuf = OPENSSL_malloc(RSA_size(rsa));
19755+ if (!ctbuf)
19756+ goto err;
19757+
19758+ len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING);
19759+ if (len <= 0)
19760+ goto err;
19761+ /* Check ciphertext doesn't match plaintext */
19762+ if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
19763+ goto err;
19764+ ptbuf = OPENSSL_malloc(RSA_size(rsa));
19765+
19766+ if (!ptbuf)
19767+ goto err;
19768+ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
19769+ if (len != (sizeof(tbs) - 1))
19770+ goto err;
19771+ if (memcmp(ptbuf, tbs, len))
19772+ goto err;
19773+
19774+ ret = 1;
19775+
19776+ if (!ptbuf)
19777+ goto err;
19778+
19779+ err:
19780+ if (ret == 0)
19781+ {
19782+ fips_set_selftest_fail();
19783+ FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
19784+ }
19785+
19786+ if (ctbuf)
19787+ OPENSSL_free(ctbuf);
19788+ if (ptbuf)
19789+ OPENSSL_free(ptbuf);
19790+ if (pk)
19791+ EVP_PKEY_free(pk);
19792+
19793+ return ret;
19794+ }
19795 #endif
19796
19797 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
19798@@ -81,7 +153,7 @@ static int rsa_builtin_keygen(RSA *rsa,
19799 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
19800 {
19801 #ifdef OPENSSL_FIPS
19802- if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
19803+ if (FIPS_module_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
19804 && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
19805 {
19806 RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
19807@@ -90,10 +162,6 @@ int RSA_generate_key_ex(RSA *rsa, int bi
19808 #endif
19809 if(rsa->meth->rsa_keygen)
19810 return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
19811-#ifdef OPENSSL_FIPS
19812- if (FIPS_mode())
19813- return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
19814-#endif
19815 return rsa_builtin_keygen(rsa, bits, e_value, cb);
19816 }
19817
19818@@ -105,6 +173,23 @@ static int rsa_builtin_keygen(RSA *rsa,
19819 int bitsp,bitsq,ok= -1,n=0;
19820 BN_CTX *ctx=NULL;
19821
19822+#ifdef OPENSSL_FIPS
19823+ if (FIPS_module_mode())
19824+ {
19825+ if(FIPS_selftest_failed())
19826+ {
19827+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED);
19828+ return 0;
19829+ }
19830+
19831+ if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
19832+ {
19833+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
19834+ return 0;
19835+ }
19836+ }
19837+#endif
19838+
19839 ctx=BN_CTX_new();
19840 if (ctx == NULL) goto err;
19841 BN_CTX_start(ctx);
19842@@ -216,6 +301,17 @@ static int rsa_builtin_keygen(RSA *rsa,
19843 p = rsa->p;
19844 if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
19845
19846+#ifdef OPENSSL_FIPS
19847+ if (FIPS_module_mode())
19848+ {
19849+ if (fips_rsa_pairwise_fail)
19850+ BN_add_word(rsa->n, 1);
19851+
19852+ if(!fips_check_rsa(rsa))
19853+ goto err;
19854+ }
19855+#endif
19856+
19857 ok=1;
19858 err:
19859 if (ok == -1)
a7ff9508
MT		 19860diff -up openssl-1.0.1b/crypto/rsa/rsa.h.fips openssl-1.0.1b/crypto/rsa/rsa.h
19861--- openssl-1.0.1b/crypto/rsa/rsa.h.fips 2012-04-26 18:00:51.140763619 +0200
19862+++ openssl-1.0.1b/crypto/rsa/rsa.h 2012-04-26 18:00:51.718776246 +0200
0595faf5
MT		 19863@@ -164,6 +164,8 @@ struct rsa_st
19864 # define OPENSSL_RSA_MAX_MODULUS_BITS 16384
19865 #endif
19866
19867+#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
19868+
19869 #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
19870 # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
19871 #endif
19872@@ -290,6 +292,11 @@ RSA * RSA_generate_key(int bits, unsigne
19873
19874 /* New version */
19875 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
19876+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
19877+ const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
19878+ const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
19879+ const BIGNUM *e, BN_GENCB *cb);
19880+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb);
19881
19882 int RSA_check_key(const RSA *);
19883 /* next 4 return -1 on error */
19884@@ -487,7 +494,7 @@ void ERR_load_RSA_strings(void);
19885 #define RSA_F_RSA_PADDING_ADD_NONE 107
19886 #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
19887 #define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125
19888-#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148
19889+#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 158
19890 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
19891 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
19892 #define RSA_F_RSA_PADDING_ADD_SSLV23 110
19893@@ -500,20 +507,22 @@ void ERR_load_RSA_strings(void);
19894 #define RSA_F_RSA_PADDING_CHECK_X931 128
19895 #define RSA_F_RSA_PRINT 115
19896 #define RSA_F_RSA_PRINT_FP 116
19897-#define RSA_F_RSA_PRIVATE_DECRYPT 150
19898-#define RSA_F_RSA_PRIVATE_ENCRYPT 151
19899+#define RSA_F_RSA_PRIVATE_DECRYPT 157
19900+#define RSA_F_RSA_PRIVATE_ENCRYPT 148
19901 #define RSA_F_RSA_PRIV_DECODE 137
19902 #define RSA_F_RSA_PRIV_ENCODE 138
19903-#define RSA_F_RSA_PUBLIC_DECRYPT 152
19904+#define RSA_F_RSA_PUBLIC_DECRYPT 149
19905 #define RSA_F_RSA_PUBLIC_ENCRYPT 153
19906 #define RSA_F_RSA_PUB_DECODE 139
19907 #define RSA_F_RSA_SETUP_BLINDING 136
19908+#define RSA_F_RSA_SET_DEFAULT_METHOD 150
19909+#define RSA_F_RSA_SET_METHOD 151
19910 #define RSA_F_RSA_SIGN 117
19911 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
19912 #define RSA_F_RSA_VERIFY 119
19913 #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
19914 #define RSA_F_RSA_VERIFY_PKCS1_PSS 126
19915-#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149
19916+#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 152
19917
19918 /* Reason codes. */
19919 #define RSA_R_ALGORITHM_MISMATCH 100
19920@@ -542,21 +551,22 @@ void ERR_load_RSA_strings(void);
19921 #define RSA_R_INVALID_MGF1_MD 156
19922 #define RSA_R_INVALID_PADDING 138
19923 #define RSA_R_INVALID_PADDING_MODE 141
19924-#define RSA_R_INVALID_PSS_PARAMETERS 149
19925+#define RSA_R_INVALID_PSS_PARAMETERS 157
19926 #define RSA_R_INVALID_PSS_SALTLEN 146
19927-#define RSA_R_INVALID_SALT_LENGTH 150
19928+#define RSA_R_INVALID_SALT_LENGTH 158
19929 #define RSA_R_INVALID_TRAILER 139
19930 #define RSA_R_INVALID_X931_DIGEST 142
19931 #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
19932 #define RSA_R_KEY_SIZE_TOO_SMALL 120
19933 #define RSA_R_LAST_OCTET_INVALID 134
19934 #define RSA_R_MODULUS_TOO_LARGE 105
19935-#define RSA_R_NON_FIPS_RSA_METHOD 157
19936+#define RSA_R_NON_FIPS_RSA_METHOD 149
19937+#define RSA_R_NON_FIPS_METHOD 149
19938 #define RSA_R_NO_PUBLIC_EXPONENT 140
19939 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
19940 #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
19941 #define RSA_R_OAEP_DECODING_ERROR 121
19942-#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158
19943+#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 150
19944 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
19945 #define RSA_R_PADDING_CHECK_FAILED 114
19946 #define RSA_R_P_NOT_PRIME 128
a7ff9508
MT		 19947diff -up openssl-1.0.1b/crypto/rsa/rsa_lib.c.fips openssl-1.0.1b/crypto/rsa/rsa_lib.c
19948--- openssl-1.0.1b/crypto/rsa/rsa_lib.c.fips 2011-06-20 21:41:13.000000000 +0200
19949+++ openssl-1.0.1b/crypto/rsa/rsa_lib.c 2012-04-26 18:00:51.719776267 +0200
0595faf5
MT		 19950@@ -84,6 +84,13 @@ RSA *RSA_new(void)
19951
19952 void RSA_set_default_method(const RSA_METHOD *meth)
19953 {
19954+#ifdef OPENSSL_FIPS
19955+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
19956+ {
19957+ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
19958+ return;
19959+ }
19960+#endif
19961 default_RSA_meth = meth;
19962 }
19963
19964@@ -91,18 +98,11 @@ const RSA_METHOD *RSA_get_default_method
19965 {
19966 if (default_RSA_meth == NULL)
19967 {
19968-#ifdef OPENSSL_FIPS
19969- if (FIPS_mode())
19970- return FIPS_rsa_pkcs1_ssleay();
19971- else
19972- return RSA_PKCS1_SSLeay();
19973-#else
19974 #ifdef RSA_NULL
19975 default_RSA_meth=RSA_null_method();
19976 #else
19977 default_RSA_meth=RSA_PKCS1_SSLeay();
19978 #endif
19979-#endif
19980 }
19981
19982 return default_RSA_meth;
19983@@ -118,6 +118,13 @@ int RSA_set_method(RSA *rsa, const RSA_M
19984 /* NB: The caller is specifically setting a method, so it's not up to us
19985 * to deal with which ENGINE it comes from. */
19986 const RSA_METHOD *mtmp;
19987+#ifdef OPENSSL_FIPS
19988+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
19989+ {
19990+ RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
19991+ return 0;
19992+ }
19993+#endif
19994 mtmp = rsa->meth;
19995 if (mtmp->finish) mtmp->finish(rsa);
19996 #ifndef OPENSSL_NO_ENGINE
19997@@ -170,6 +177,18 @@ RSA *RSA_new_method(ENGINE *engine)
19998 }
19999 }
20000 #endif
20001+#ifdef OPENSSL_FIPS
20002+ if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD))
20003+ {
20004+ RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
20005+#ifndef OPENSSL_NO_ENGINE
20006+ if (ret->engine)
20007+ ENGINE_finish(ret->engine);
20008+#endif
20009+ OPENSSL_free(ret);
20010+ return NULL;
20011+ }
20012+#endif
20013
20014 ret->pad=0;
20015 ret->version=0;
20016@@ -188,7 +207,7 @@ RSA *RSA_new_method(ENGINE *engine)
20017 ret->blinding=NULL;
20018 ret->mt_blinding=NULL;
20019 ret->bignum_data=NULL;
20020- ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
20021+ ret->flags=ret->meth->flags;
20022 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
20023 {
20024 #ifndef OPENSSL_NO_ENGINE
a7ff9508
MT		 20025diff -up openssl-1.0.1b/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1b/crypto/rsa/rsa_pmeth.c
20026--- openssl-1.0.1b/crypto/rsa/rsa_pmeth.c.fips 2012-02-15 15:14:01.000000000 +0100
20027+++ openssl-1.0.1b/crypto/rsa/rsa_pmeth.c 2012-04-26 18:00:51.720776289 +0200
0595faf5
MT		 20028@@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c
20029 RSA_R_INVALID_DIGEST_LENGTH);
20030 return -1;
20031 }
20032-#ifdef OPENSSL_FIPS
20033- if (ret > 0)
20034- {
20035- unsigned int slen;
20036- ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
20037- rctx->pad_mode,
20038- rctx->saltlen,
20039- rctx->mgf1md,
20040- sig, &slen);
20041- if (ret > 0)
20042- *siglen = slen;
20043- else
20044- *siglen = 0;
20045- return ret;
20046- }
20047-#endif
20048
20049 if (EVP_MD_type(rctx->md) == NID_mdc2)
20050 {
20051@@ -354,19 +338,6 @@ static int pkey_rsa_verify(EVP_PKEY_CTX
20052 #endif
20053 if (rctx->md)
20054 {
20055-#ifdef OPENSSL_FIPS
20056- if (rv > 0)
20057- {
20058- return FIPS_rsa_verify_digest(rsa,
20059- tbs, tbslen,
20060- rctx->md,
20061- rctx->pad_mode,
20062- rctx->saltlen,
20063- rctx->mgf1md,
20064- sig, siglen);
20065-
20066- }
20067-#endif
20068 if (rctx->pad_mode == RSA_PKCS1_PADDING)
20069 return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
20070 sig, siglen, rsa);
a7ff9508
MT		 20071diff -up openssl-1.0.1b/crypto/rsa/rsa_sign.c.fips openssl-1.0.1b/crypto/rsa/rsa_sign.c
20072--- openssl-1.0.1b/crypto/rsa/rsa_sign.c.fips 2012-02-15 15:00:09.000000000 +0100
20073+++ openssl-1.0.1b/crypto/rsa/rsa_sign.c 2012-04-26 18:00:51.720776289 +0200
0595faf5
MT		 20074@@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch
20075 i2d_X509_SIG(&sig,&p);
20076 s=tmps;
20077 }
20078- i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
20079+ /* NB: call underlying method directly to avoid FIPS blocking */
20080+ i = rsa->meth->rsa_priv_enc ? rsa->meth->rsa_priv_enc(i,s,sigret,rsa,RSA_PKCS1_PADDING) : 0;
20081 if (i <= 0)
20082 ret=0;
20083 else
20084@@ -178,8 +179,8 @@ int int_rsa_verify(int dtype, const unsi
20085
20086 if((dtype == NID_md5_sha1) && rm)
20087 {
20088- i = RSA_public_decrypt((int)siglen,
20089- sigbuf,rm,rsa,RSA_PKCS1_PADDING);
20090+ i = rsa->meth->rsa_pub_dec ? rsa->meth->rsa_pub_dec((int)siglen,
20091+ sigbuf,rm,rsa,RSA_PKCS1_PADDING) : 0;
20092 if (i <= 0)
20093 return 0;
20094 *prm_len = i;
20095@@ -196,7 +197,8 @@ int int_rsa_verify(int dtype, const unsi
20096 RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
20097 goto err;
20098 }
20099- i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
20100+ /* NB: call underlying method directly to avoid FIPS blocking */
20101+ i = rsa->meth->rsa_pub_dec ? rsa->meth->rsa_pub_dec((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING) : 0;
20102
20103 if (i <= 0) goto err;
20104 /* Oddball MDC2 case: signature can be OCTET STRING.
a7ff9508
MT		 20105diff -up openssl-1.0.1b/crypto/sha/sha256.c.fips openssl-1.0.1b/crypto/sha/sha256.c
20106--- openssl-1.0.1b/crypto/sha/sha256.c.fips 2011-06-01 15:39:44.000000000 +0200
20107+++ openssl-1.0.1b/crypto/sha/sha256.c 2012-04-26 18:00:51.721776312 +0200
0595faf5
MT		 20108@@ -12,12 +12,19 @@
20109
20110 #include <openssl/crypto.h>
20111 #include <openssl/sha.h>
20112+#ifdef OPENSSL_FIPS
20113+#include <openssl/fips.h>
20114+#endif
20115+
20116 #include <openssl/opensslv.h>
20117
20118 const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
20119
20120 fips_md_init_ctx(SHA224, SHA256)
20121 {
20122+#ifdef OPENSSL_FIPS
20123+ FIPS_selftest_check();
20124+#endif
20125 memset (c,0,sizeof(*c));
20126 c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL;
20127 c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL;
20128@@ -29,6 +36,9 @@ fips_md_init_ctx(SHA224, SHA256)
20129
20130 fips_md_init(SHA256)
20131 {
20132+#ifdef OPENSSL_FIPS
20133+ FIPS_selftest_check();
20134+#endif
20135 memset (c,0,sizeof(*c));
20136 c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL;
20137 c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
a7ff9508
MT		 20138diff -up openssl-1.0.1b/crypto/sha/sha512.c.fips openssl-1.0.1b/crypto/sha/sha512.c
20139--- openssl-1.0.1b/crypto/sha/sha512.c.fips 2011-11-14 21:58:01.000000000 +0100
20140+++ openssl-1.0.1b/crypto/sha/sha512.c 2012-04-26 18:00:51.722776334 +0200
0595faf5
MT		 20141@@ -5,6 +5,10 @@
20142 * ====================================================================
20143 */
20144 #include <openssl/opensslconf.h>
20145+#ifdef OPENSSL_FIPS
20146+#include <openssl/fips.h>
20147+#endif
20148+
20149 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
20150 /*
20151 * IMPLEMENTATION NOTES.
20152@@ -61,6 +65,9 @@ const char SHA512_version[]="SHA-512" OP
20153
20154 fips_md_init_ctx(SHA384, SHA512)
20155 {
20156+#ifdef OPENSSL_FIPS
20157+ FIPS_selftest_check();
20158+#endif
20159 c->h[0]=U64(0xcbbb9d5dc1059ed8);
20160 c->h[1]=U64(0x629a292a367cd507);
20161 c->h[2]=U64(0x9159015a3070dd17);
20162@@ -77,6 +84,9 @@ fips_md_init_ctx(SHA384, SHA512)
20163
20164 fips_md_init(SHA512)
20165 {
20166+#ifdef OPENSSL_FIPS
20167+ FIPS_selftest_check();
20168+#endif
20169 c->h[0]=U64(0x6a09e667f3bcc908);
20170 c->h[1]=U64(0xbb67ae8584caa73b);
20171 c->h[2]=U64(0x3c6ef372fe94f82b);
a7ff9508
MT		 20172diff -up openssl-1.0.1b/crypto/sha/sha.h.fips openssl-1.0.1b/crypto/sha/sha.h
20173--- openssl-1.0.1b/crypto/sha/sha.h.fips 2012-04-26 18:00:50.616752170 +0200
20174+++ openssl-1.0.1b/crypto/sha/sha.h 2012-04-26 18:00:51.722776334 +0200
0595faf5
MT		 20175@@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char *
20176 void SHA_Transform(SHA_CTX *c, const unsigned char *data);
20177 #endif
20178 #ifndef OPENSSL_NO_SHA1
20179-#ifdef OPENSSL_FIPS
20180-int private_SHA1_Init(SHA_CTX *c);
20181-#endif
20182 int SHA1_Init(SHA_CTX *c);
20183 int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
20184 int SHA1_Final(unsigned char *md, SHA_CTX *c);
20185@@ -141,10 +138,6 @@ typedef struct SHA256state_st
20186 } SHA256_CTX;
20187
20188 #ifndef OPENSSL_NO_SHA256
20189-#ifdef OPENSSL_FIPS
20190-int private_SHA224_Init(SHA256_CTX *c);
20191-int private_SHA256_Init(SHA256_CTX *c);
20192-#endif
20193 int SHA224_Init(SHA256_CTX *c);
20194 int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
20195 int SHA224_Final(unsigned char *md, SHA256_CTX *c);
20196@@ -192,10 +185,6 @@ typedef struct SHA512state_st
20197 #endif
20198
20199 #ifndef OPENSSL_NO_SHA512
20200-#ifdef OPENSSL_FIPS
20201-int private_SHA384_Init(SHA512_CTX *c);
20202-int private_SHA512_Init(SHA512_CTX *c);
20203-#endif
20204 int SHA384_Init(SHA512_CTX *c);
20205 int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
20206 int SHA384_Final(unsigned char *md, SHA512_CTX *c);
a7ff9508
MT		 20207diff -up openssl-1.0.1b/crypto/sha/sha_locl.h.fips openssl-1.0.1b/crypto/sha/sha_locl.h
20208--- openssl-1.0.1b/crypto/sha/sha_locl.h.fips 2012-04-26 18:00:50.622752302 +0200
20209+++ openssl-1.0.1b/crypto/sha/sha_locl.h 2012-04-26 18:00:51.723776356 +0200
0595faf5
MT		 20210@@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c,
20211 #define INIT_DATA_h4 0xc3d2e1f0UL
20212
20213 #ifdef SHA_0
20214-fips_md_init(SHA)
20215+nonfips_md_init(SHA)
20216 #else
20217 fips_md_init_ctx(SHA1, SHA)
20218 #endif
20219 {
20220+#if defined(SHA_1) && defined(OPENSSL_FIPS)
20221+ FIPS_selftest_check();
20222+#endif
20223 memset (c,0,sizeof(*c));
20224 c->h0=INIT_DATA_h0;
20225 c->h1=INIT_DATA_h1;
a7ff9508
MT		 20226diff -up openssl-1.0.1b/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1b/crypto/whrlpool/wp_dgst.c
20227--- openssl-1.0.1b/crypto/whrlpool/wp_dgst.c.fips 2011-06-01 15:39:45.000000000 +0200
20228+++ openssl-1.0.1b/crypto/whrlpool/wp_dgst.c 2012-04-26 18:00:51.724776378 +0200
0595faf5
MT		 20229@@ -55,7 +55,7 @@
20230 #include <openssl/crypto.h>
20231 #include <string.h>
20232
20233-fips_md_init(WHIRLPOOL)
20234+nonfips_md_init(WHIRLPOOL)
20235 {
20236 memset (c,0,sizeof(*c));
20237 return(1);
a7ff9508
MT		 20238diff -up openssl-1.0.1b/Makefile.org.fips openssl-1.0.1b/Makefile.org
20239--- openssl-1.0.1b/Makefile.org.fips 2012-04-26 18:00:51.350768207 +0200
20240+++ openssl-1.0.1b/Makefile.org 2012-04-26 18:00:51.724776378 +0200
0595faf5
MT		 20241@@ -136,6 +136,9 @@ FIPSCANLIB=
20242
20243 BASEADDR=
20244
20245+# Non-empty if FIPS enabled
20246+FIPS=
20247+
20248 DIRS= crypto ssl engines apps test tools
20249 ENGDIRS= ccgost
20250 SHLIBDIRS= crypto ssl
20251@@ -148,7 +151,7 @@ SDIRS= \
20252 bn ec rsa dsa ecdsa dh ecdh dso engine \
20253 buffer bio stack lhash rand err \
20254 evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
20255- cms pqueue ts jpake srp store cmac
20256+ cms pqueue ts jpake srp store cmac fips
20257 # keep in mind that the above list is adjusted by ./Configure
20258 # according to no-xxx arguments...
20259
20260@@ -237,6 +240,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESS
20261 FIPSLIBDIR='${FIPSLIBDIR}' \
20262 FIPSDIR='${FIPSDIR}' \
20263 FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
20264+ FIPS="$${FIPS:-$(FIPS)}" \
20265 THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
20266 # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
20267 # which in turn eliminates ambiguities in variable treatment with -e.
a7ff9508
MT		 20268diff -up openssl-1.0.1b/ssl/ssl_algs.c.fips openssl-1.0.1b/ssl/ssl_algs.c
20269--- openssl-1.0.1b/ssl/ssl_algs.c.fips 2012-01-15 14:42:50.000000000 +0100
20270+++ openssl-1.0.1b/ssl/ssl_algs.c 2012-04-26 18:00:51.725776399 +0200
0595faf5
MT		 20271@@ -64,6 +64,12 @@
20272 int SSL_library_init(void)
20273 {
20274
20275+#ifdef OPENSSL_FIPS
20276+ OPENSSL_init_library();
20277+ if (!FIPS_mode())
20278+ {
20279+#endif
20280+
20281 #ifndef OPENSSL_NO_DES
20282 EVP_add_cipher(EVP_des_cbc());
20283 EVP_add_cipher(EVP_des_ede3_cbc());
20284@@ -136,6 +142,50 @@ int SSL_library_init(void)
20285 EVP_add_digest(EVP_sha());
20286 EVP_add_digest(EVP_dss());
20287 #endif
20288+#ifdef OPENSSL_FIPS
20289+ }
20290+ else
20291+ {
20292+#ifndef OPENSSL_NO_DES
20293+ EVP_add_cipher(EVP_des_ede3_cbc());
20294+#endif
20295+#ifndef OPENSSL_NO_AES
20296+ EVP_add_cipher(EVP_aes_128_cbc());
20297+ EVP_add_cipher(EVP_aes_192_cbc());
20298+ EVP_add_cipher(EVP_aes_256_cbc());
20299+ EVP_add_cipher(EVP_aes_128_gcm());
20300+ EVP_add_cipher(EVP_aes_256_gcm());
20301+#endif
20302+#ifndef OPENSSL_NO_MD5
20303+ /* needed even in the FIPS mode for TLS MAC */
20304+ EVP_add_digest(EVP_md5());
20305+ EVP_add_digest_alias(SN_md5,"ssl2-md5");
20306+ EVP_add_digest_alias(SN_md5,"ssl3-md5");
20307+#endif
20308+#ifndef OPENSSL_NO_SHA
20309+ EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
20310+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
20311+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
20312+#endif
20313+#ifndef OPENSSL_NO_SHA256
20314+ EVP_add_digest(EVP_sha224());
20315+ EVP_add_digest(EVP_sha256());
20316+#endif
20317+#ifndef OPENSSL_NO_SHA512
20318+ EVP_add_digest(EVP_sha384());
20319+ EVP_add_digest(EVP_sha512());
20320+#endif
20321+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
20322+ EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
20323+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
20324+ EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
20325+ EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
20326+#endif
20327+#ifndef OPENSSL_NO_ECDSA
20328+ EVP_add_digest(EVP_ecdsa());
20329+#endif
20330+ }
20331+#endif
20332 #ifndef OPENSSL_NO_COMP
20333 /* This will initialise the built-in compression algorithms.
20334 The value returned is a STACK_OF(SSL_COMP), but that can
Michael's tree of IPFire 3.x.