]>
Commit | Line | Data |
---|---|---|
a7ff9508 MT |
1 | diff -up openssl-1.0.1b/apps/pkcs12.c.fips openssl-1.0.1b/apps/pkcs12.c |
2 | --- openssl-1.0.1b/apps/pkcs12.c.fips 2011-03-13 19:20:23.000000000 +0100 | |
3 | +++ openssl-1.0.1b/apps/pkcs12.c 2012-04-26 18:00:51.379768840 +0200 | |
0595faf5 MT |
4 | @@ -67,6 +67,9 @@ |
5 | #include <openssl/err.h> | |
6 | #include <openssl/pem.h> | |
7 | #include <openssl/pkcs12.h> | |
8 | +#ifdef OPENSSL_FIPS | |
9 | +#include <openssl/fips.h> | |
10 | +#endif | |
11 | ||
12 | #define PROG pkcs12_main | |
13 | ||
14 | @@ -130,6 +133,11 @@ int MAIN(int argc, char **argv) | |
15 | ||
16 | apps_startup(); | |
17 | ||
18 | +#ifdef OPENSSL_FIPS | |
19 | + if (FIPS_mode()) | |
20 | + cert_pbe = key_pbe; /* cannot use RC2 in the FIPS mode */ | |
21 | +#endif | |
22 | + | |
23 | enc = EVP_des_ede3_cbc(); | |
24 | if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); | |
25 | ||
a7ff9508 MT |
26 | diff -up openssl-1.0.1b/apps/speed.c.fips openssl-1.0.1b/apps/speed.c |
27 | --- openssl-1.0.1b/apps/speed.c.fips 2012-01-11 22:49:16.000000000 +0100 | |
28 | +++ openssl-1.0.1b/apps/speed.c 2012-04-26 18:00:51.380768861 +0200 | |
0595faf5 MT |
29 | @@ -195,7 +195,6 @@ |
30 | #ifdef OPENSSL_DOING_MAKEDEPEND | |
31 | #undef AES_set_encrypt_key | |
32 | #undef AES_set_decrypt_key | |
33 | -#undef DES_set_key_unchecked | |
34 | #endif | |
35 | #define BF_set_key private_BF_set_key | |
36 | #define CAST_set_key private_CAST_set_key | |
37 | @@ -203,7 +202,6 @@ | |
38 | #define SEED_set_key private_SEED_set_key | |
39 | #define RC2_set_key private_RC2_set_key | |
40 | #define RC4_set_key private_RC4_set_key | |
41 | -#define DES_set_key_unchecked private_DES_set_key_unchecked | |
42 | #define AES_set_encrypt_key private_AES_set_encrypt_key | |
43 | #define AES_set_decrypt_key private_AES_set_decrypt_key | |
44 | #define Camellia_set_key private_Camellia_set_key | |
45 | @@ -941,7 +939,12 @@ int MAIN(int argc, char **argv) | |
46 | #ifndef OPENSSL_NO_RSA | |
47 | if (strcmp(*argv,"rsa") == 0) | |
48 | { | |
49 | +#ifdef OPENSSL_FIPS | |
50 | + if (!FIPS_mode()) | |
51 | +#endif | |
52 | + { | |
53 | rsa_doit[R_RSA_512]=1; | |
54 | + } | |
55 | rsa_doit[R_RSA_1024]=1; | |
56 | rsa_doit[R_RSA_2048]=1; | |
57 | rsa_doit[R_RSA_4096]=1; | |
58 | @@ -951,7 +954,12 @@ int MAIN(int argc, char **argv) | |
59 | #ifndef OPENSSL_NO_DSA | |
60 | if (strcmp(*argv,"dsa") == 0) | |
61 | { | |
62 | +#ifdef OPENSSL_FIPS | |
63 | + if (!FIPS_mode()) | |
64 | +#endif | |
65 | + { | |
66 | dsa_doit[R_DSA_512]=1; | |
67 | + } | |
68 | dsa_doit[R_DSA_1024]=1; | |
69 | dsa_doit[R_DSA_2048]=1; | |
70 | } | |
71 | @@ -1226,30 +1234,54 @@ int MAIN(int argc, char **argv) | |
72 | AES_set_encrypt_key(key32,256,&aes_ks3); | |
73 | #endif | |
74 | #ifndef OPENSSL_NO_CAMELLIA | |
75 | + if (doit[D_CBC_128_CML] || doit[D_CBC_192_CML] || doit[D_CBC_256_CML]) | |
76 | + { | |
77 | Camellia_set_key(key16,128,&camellia_ks1); | |
78 | Camellia_set_key(ckey24,192,&camellia_ks2); | |
79 | Camellia_set_key(ckey32,256,&camellia_ks3); | |
80 | + } | |
81 | #endif | |
82 | #ifndef OPENSSL_NO_IDEA | |
83 | + if (doit[D_CBC_IDEA]) | |
84 | + { | |
85 | idea_set_encrypt_key(key16,&idea_ks); | |
86 | + } | |
87 | #endif | |
88 | #ifndef OPENSSL_NO_SEED | |
89 | + if (doit[D_CBC_SEED]) | |
90 | + { | |
91 | SEED_set_key(key16,&seed_ks); | |
92 | + } | |
93 | #endif | |
94 | #ifndef OPENSSL_NO_RC4 | |
95 | + if (doit[D_RC4]) | |
96 | + { | |
97 | RC4_set_key(&rc4_ks,16,key16); | |
98 | + } | |
99 | #endif | |
100 | #ifndef OPENSSL_NO_RC2 | |
101 | + if (doit[D_CBC_RC2]) | |
102 | + { | |
103 | RC2_set_key(&rc2_ks,16,key16,128); | |
104 | + } | |
105 | #endif | |
106 | #ifndef OPENSSL_NO_RC5 | |
107 | + if (doit[D_CBC_RC5]) | |
108 | + { | |
109 | RC5_32_set_key(&rc5_ks,16,key16,12); | |
110 | + } | |
111 | #endif | |
112 | #ifndef OPENSSL_NO_BF | |
113 | + if (doit[D_CBC_BF]) | |
114 | + { | |
115 | BF_set_key(&bf_ks,16,key16); | |
116 | + } | |
117 | #endif | |
118 | #ifndef OPENSSL_NO_CAST | |
119 | + if (doit[D_CBC_CAST]) | |
120 | + { | |
121 | CAST_set_key(&cast_ks,16,key16); | |
122 | + } | |
123 | #endif | |
124 | #ifndef OPENSSL_NO_RSA | |
125 | memset(rsa_c,0,sizeof(rsa_c)); | |
a7ff9508 MT |
126 | diff -up openssl-1.0.1b/Configure.fips openssl-1.0.1b/Configure |
127 | --- openssl-1.0.1b/Configure.fips 2012-04-26 18:00:51.341768009 +0200 | |
128 | +++ openssl-1.0.1b/Configure 2012-04-26 18:00:51.381768883 +0200 | |
0595faf5 MT |
129 | @@ -993,11 +993,6 @@ if (defined($disabled{"md5"}) || defined |
130 | $disabled{"ssl2"} = "forced"; | |
131 | } | |
132 | ||
133 | -if ($fips && $fipslibdir eq "") | |
134 | - { | |
135 | - $fipslibdir = $fipsdir . "/lib/"; | |
136 | - } | |
137 | - | |
138 | # RSAX ENGINE sets default non-FIPS RSA method. | |
139 | if ($fips) | |
140 | { | |
a7ff9508 | 141 | @@ -1472,7 +1467,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b |
0595faf5 MT |
142 | if ($fips) |
143 | { | |
144 | $openssl_other_defines.="#define OPENSSL_FIPS\n"; | |
145 | - $cflags .= " -I\$(FIPSDIR)/include"; | |
146 | } | |
147 | ||
148 | $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); | |
a7ff9508 | 149 | @@ -1659,9 +1653,12 @@ while (<IN>) |
0595faf5 MT |
150 | |
151 | s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; | |
152 | s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; | |
153 | - s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips; | |
154 | s/^BASEADDR=.*/BASEADDR=$baseaddr/; | |
155 | ||
156 | + if ($fips) | |
157 | + { | |
158 | + s/^FIPS=.*/FIPS=yes/; | |
159 | + } | |
160 | s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; | |
161 | s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; | |
162 | s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); | |
a7ff9508 MT |
163 | diff -up openssl-1.0.1b/crypto/aes/aes_misc.c.fips openssl-1.0.1b/crypto/aes/aes_misc.c |
164 | --- openssl-1.0.1b/crypto/aes/aes_misc.c.fips 2011-06-05 19:36:33.000000000 +0200 | |
165 | +++ openssl-1.0.1b/crypto/aes/aes_misc.c 2012-04-26 18:00:51.382768906 +0200 | |
0595faf5 MT |
166 | @@ -69,17 +69,11 @@ const char *AES_options(void) { |
167 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits, | |
168 | AES_KEY *key) | |
169 | { | |
170 | -#ifdef OPENSSL_FIPS | |
171 | - fips_cipher_abort(AES); | |
172 | -#endif | |
173 | return private_AES_set_encrypt_key(userKey, bits, key); | |
174 | } | |
175 | ||
176 | int AES_set_decrypt_key(const unsigned char *userKey, const int bits, | |
177 | AES_KEY *key) | |
178 | { | |
179 | -#ifdef OPENSSL_FIPS | |
180 | - fips_cipher_abort(AES); | |
181 | -#endif | |
182 | return private_AES_set_decrypt_key(userKey, bits, key); | |
183 | } | |
a7ff9508 MT |
184 | diff -up openssl-1.0.1b/crypto/cmac/cmac.c.fips openssl-1.0.1b/crypto/cmac/cmac.c |
185 | --- openssl-1.0.1b/crypto/cmac/cmac.c.fips 2012-04-11 17:11:16.000000000 +0200 | |
186 | +++ openssl-1.0.1b/crypto/cmac/cmac.c 2012-04-26 18:00:51.382768906 +0200 | |
0595faf5 MT |
187 | @@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void) |
188 | ||
189 | void CMAC_CTX_cleanup(CMAC_CTX *ctx) | |
190 | { | |
191 | -#ifdef OPENSSL_FIPS | |
192 | - if (FIPS_mode() && !ctx->cctx.engine) | |
193 | - { | |
194 | - FIPS_cmac_ctx_cleanup(ctx); | |
195 | - return; | |
196 | - } | |
197 | -#endif | |
198 | EVP_CIPHER_CTX_cleanup(&ctx->cctx); | |
199 | OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH); | |
200 | OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH); | |
201 | @@ -164,11 +157,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void | |
202 | EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS); | |
203 | return 0; | |
204 | } | |
205 | - /* Other algorithm blocking will be done in FIPS_cmac_init, | |
206 | - * via FIPS_cipherinit(). | |
207 | - */ | |
208 | - if (!impl && !ctx->cctx.engine) | |
209 | - return FIPS_cmac_init(ctx, key, keylen, cipher, NULL); | |
210 | } | |
211 | #endif | |
212 | /* All zeros means restart */ | |
a7ff9508 | 213 | @@ -216,10 +204,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi |
0595faf5 MT |
214 | { |
215 | const unsigned char *data = in; | |
216 | size_t bl; | |
217 | -#ifdef OPENSSL_FIPS | |
218 | - if (FIPS_mode() && !ctx->cctx.engine) | |
219 | - return FIPS_cmac_update(ctx, in, dlen); | |
220 | -#endif | |
221 | if (ctx->nlast_block == -1) | |
222 | return 0; | |
223 | if (dlen == 0) | |
a7ff9508 | 224 | @@ -261,10 +245,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi |
0595faf5 MT |
225 | int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) |
226 | { | |
227 | int i, bl, lb; | |
228 | -#ifdef OPENSSL_FIPS | |
229 | - if (FIPS_mode() && !ctx->cctx.engine) | |
230 | - return FIPS_cmac_final(ctx, out, poutlen); | |
231 | -#endif | |
232 | if (ctx->nlast_block == -1) | |
233 | return 0; | |
234 | bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); | |
a7ff9508 MT |
235 | diff -up openssl-1.0.1b/crypto/crypto.h.fips openssl-1.0.1b/crypto/crypto.h |
236 | --- openssl-1.0.1b/crypto/crypto.h.fips 2012-04-26 18:00:51.094762613 +0200 | |
237 | +++ openssl-1.0.1b/crypto/crypto.h 2012-04-26 18:00:51.382768906 +0200 | |
0595faf5 MT |
238 | @@ -553,24 +553,29 @@ int FIPS_mode_set(int r); |
239 | void OPENSSL_init(void); | |
240 | ||
241 | #define fips_md_init(alg) fips_md_init_ctx(alg, alg) | |
242 | +#define nonfips_md_init(alg) nonfips_md_init_ctx(alg, alg) | |
243 | +#define fips_md_init_ctx(alg, cx) \ | |
244 | + int alg##_Init(cx##_CTX *c) | |
245 | ||
246 | #ifdef OPENSSL_FIPS | |
247 | -#define fips_md_init_ctx(alg, cx) \ | |
248 | +#define nonfips_md_init_ctx(alg, cx) \ | |
249 | int alg##_Init(cx##_CTX *c) \ | |
250 | { \ | |
251 | if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ | |
252 | - "Low level API call to digest " #alg " forbidden in FIPS mode!"); \ | |
253 | + "Digest " #alg " forbidden in FIPS mode!"); \ | |
254 | return private_##alg##_Init(c); \ | |
255 | } \ | |
256 | int private_##alg##_Init(cx##_CTX *c) | |
257 | ||
258 | #define fips_cipher_abort(alg) \ | |
259 | if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ | |
260 | - "Low level API call to cipher " #alg " forbidden in FIPS mode!") | |
261 | + "Cipher " #alg " forbidden in FIPS mode!") | |
262 | + | |
263 | +/* die if FIPS selftest failed */ | |
264 | +void FIPS_selftest_check(void); | |
265 | ||
266 | #else | |
267 | -#define fips_md_init_ctx(alg, cx) \ | |
268 | - int alg##_Init(cx##_CTX *c) | |
269 | +#define nonfips_md_init_ctx(alg, cx) fips_md_init_ctx(alg, cx) | |
270 | #define fips_cipher_abort(alg) while(0) | |
271 | #endif | |
272 | ||
273 | @@ -580,6 +585,9 @@ void OPENSSL_init(void); | |
274 | */ | |
275 | void ERR_load_CRYPTO_strings(void); | |
276 | ||
277 | +#define OPENSSL_HAVE_INIT 1 | |
278 | +void OPENSSL_init_library(void); | |
279 | + | |
280 | /* Error codes for the CRYPTO functions. */ | |
281 | ||
282 | /* Function codes. */ | |
a7ff9508 MT |
283 | diff -up openssl-1.0.1b/crypto/des/des.h.fips openssl-1.0.1b/crypto/des/des.h |
284 | --- openssl-1.0.1b/crypto/des/des.h.fips 2012-04-26 18:00:51.173764340 +0200 | |
285 | +++ openssl-1.0.1b/crypto/des/des.h 2012-04-26 18:00:51.383768928 +0200 | |
0595faf5 MT |
286 | @@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE |
287 | int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule); | |
288 | int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule); | |
289 | void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule); | |
290 | -#ifdef OPENSSL_FIPS | |
291 | -void private_DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule); | |
292 | -#endif | |
293 | void DES_string_to_key(const char *str,DES_cblock *key); | |
294 | void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2); | |
295 | void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length, | |
a7ff9508 MT |
296 | diff -up openssl-1.0.1b/crypto/des/set_key.c.fips openssl-1.0.1b/crypto/des/set_key.c |
297 | --- openssl-1.0.1b/crypto/des/set_key.c.fips 2011-06-01 18:54:04.000000000 +0200 | |
298 | +++ openssl-1.0.1b/crypto/des/set_key.c 2012-04-26 18:00:51.383768928 +0200 | |
0595faf5 MT |
299 | @@ -337,13 +337,6 @@ int DES_set_key_checked(const_DES_cblock |
300 | } | |
301 | ||
302 | void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) | |
303 | -#ifdef OPENSSL_FIPS | |
304 | - { | |
305 | - fips_cipher_abort(DES); | |
306 | - private_DES_set_key_unchecked(key, schedule); | |
307 | - } | |
308 | -void private_DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) | |
309 | -#endif | |
310 | { | |
311 | static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; | |
312 | register DES_LONG c,d,t,s,t2; | |
a7ff9508 MT |
313 | diff -up openssl-1.0.1b/crypto/dh/dh_gen.c.fips openssl-1.0.1b/crypto/dh/dh_gen.c |
314 | --- openssl-1.0.1b/crypto/dh/dh_gen.c.fips 2011-06-09 17:21:46.000000000 +0200 | |
315 | +++ openssl-1.0.1b/crypto/dh/dh_gen.c 2012-04-26 18:00:51.383768928 +0200 | |
0595faf5 MT |
316 | @@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i |
317 | #endif | |
318 | if(ret->meth->generate_params) | |
319 | return ret->meth->generate_params(ret, prime_len, generator, cb); | |
320 | -#ifdef OPENSSL_FIPS | |
321 | - if (FIPS_mode()) | |
322 | - return FIPS_dh_generate_parameters_ex(ret, prime_len, | |
323 | - generator, cb); | |
324 | -#endif | |
325 | return dh_builtin_genparams(ret, prime_len, generator, cb); | |
326 | } | |
327 | ||
328 | @@ -123,6 +118,20 @@ static int dh_builtin_genparams(DH *ret, | |
329 | int g,ok= -1; | |
330 | BN_CTX *ctx=NULL; | |
331 | ||
332 | +#ifdef OPENSSL_FIPS | |
333 | + if(FIPS_selftest_failed()) | |
334 | + { | |
335 | + FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS,FIPS_R_FIPS_SELFTEST_FAILED); | |
336 | + return 0; | |
337 | + } | |
338 | + | |
339 | + if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) | |
340 | + { | |
341 | + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); | |
342 | + goto err; | |
343 | + } | |
344 | +#endif | |
345 | + | |
346 | ctx=BN_CTX_new(); | |
347 | if (ctx == NULL) goto err; | |
348 | BN_CTX_start(ctx); | |
a7ff9508 MT |
349 | diff -up openssl-1.0.1b/crypto/dh/dh.h.fips openssl-1.0.1b/crypto/dh/dh.h |
350 | --- openssl-1.0.1b/crypto/dh/dh.h.fips 2012-04-26 18:00:51.033761281 +0200 | |
351 | +++ openssl-1.0.1b/crypto/dh/dh.h 2012-04-26 18:00:51.384768950 +0200 | |
0595faf5 MT |
352 | @@ -77,6 +77,8 @@ |
353 | # define OPENSSL_DH_MAX_MODULUS_BITS 10000 | |
354 | #endif | |
355 | ||
356 | +#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 | |
357 | + | |
358 | #define DH_FLAG_CACHE_MONT_P 0x01 | |
359 | #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH | |
360 | * implementation now uses constant time | |
a7ff9508 MT |
361 | diff -up openssl-1.0.1b/crypto/dh/dh_key.c.fips openssl-1.0.1b/crypto/dh/dh_key.c |
362 | --- openssl-1.0.1b/crypto/dh/dh_key.c.fips 2011-11-14 15:16:09.000000000 +0100 | |
363 | +++ openssl-1.0.1b/crypto/dh/dh_key.c 2012-04-26 18:00:51.384768950 +0200 | |
0595faf5 MT |
364 | @@ -61,6 +61,9 @@ |
365 | #include <openssl/bn.h> | |
366 | #include <openssl/rand.h> | |
367 | #include <openssl/dh.h> | |
368 | +#ifdef OPENSSL_FIPS | |
369 | +#include <openssl/fips.h> | |
370 | +#endif | |
371 | ||
372 | static int generate_key(DH *dh); | |
373 | static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); | |
374 | @@ -104,7 +107,7 @@ compute_key, | |
375 | dh_bn_mod_exp, | |
376 | dh_init, | |
377 | dh_finish, | |
378 | -0, | |
379 | +DH_FLAG_FIPS_METHOD, | |
380 | NULL, | |
381 | NULL | |
382 | }; | |
383 | @@ -123,6 +126,14 @@ static int generate_key(DH *dh) | |
384 | BN_MONT_CTX *mont=NULL; | |
385 | BIGNUM *pub_key=NULL,*priv_key=NULL; | |
386 | ||
387 | +#ifdef OPENSSL_FIPS | |
388 | + if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) | |
389 | + { | |
390 | + DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL); | |
391 | + return 0; | |
392 | + } | |
393 | +#endif | |
394 | + | |
395 | ctx = BN_CTX_new(); | |
396 | if (ctx == NULL) goto err; | |
397 | ||
398 | @@ -213,6 +224,13 @@ static int compute_key(unsigned char *ke | |
399 | DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); | |
400 | goto err; | |
401 | } | |
402 | +#ifdef OPENSSL_FIPS | |
403 | + if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) | |
404 | + { | |
405 | + DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL); | |
406 | + goto err; | |
407 | + } | |
408 | +#endif | |
409 | ||
410 | ctx = BN_CTX_new(); | |
411 | if (ctx == NULL) goto err; | |
412 | @@ -280,6 +298,9 @@ static int dh_bn_mod_exp(const DH *dh, B | |
413 | ||
414 | static int dh_init(DH *dh) | |
415 | { | |
416 | +#ifdef OPENSSL_FIPS | |
417 | + FIPS_selftest_check(); | |
418 | +#endif | |
419 | dh->flags |= DH_FLAG_CACHE_MONT_P; | |
420 | return(1); | |
421 | } | |
a7ff9508 MT |
422 | diff -up openssl-1.0.1b/crypto/dh/dh_lib.c.fips openssl-1.0.1b/crypto/dh/dh_lib.c |
423 | --- openssl-1.0.1b/crypto/dh/dh_lib.c.fips 2011-06-20 21:41:11.000000000 +0200 | |
424 | +++ openssl-1.0.1b/crypto/dh/dh_lib.c 2012-04-26 18:00:51.384768950 +0200 | |
0595faf5 MT |
425 | @@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v |
426 | { | |
427 | if(!default_DH_method) | |
428 | { | |
429 | -#ifdef OPENSSL_FIPS | |
430 | - if (FIPS_mode()) | |
431 | - return FIPS_dh_openssl(); | |
432 | - else | |
433 | - return DH_OpenSSL(); | |
434 | -#else | |
435 | default_DH_method = DH_OpenSSL(); | |
436 | -#endif | |
437 | } | |
438 | return default_DH_method; | |
439 | } | |
a7ff9508 MT |
440 | diff -up openssl-1.0.1b/crypto/dsa/dsa_err.c.fips openssl-1.0.1b/crypto/dsa/dsa_err.c |
441 | --- openssl-1.0.1b/crypto/dsa/dsa_err.c.fips 2011-10-10 01:13:49.000000000 +0200 | |
442 | +++ openssl-1.0.1b/crypto/dsa/dsa_err.c 2012-04-26 18:00:51.385768972 +0200 | |
0595faf5 MT |
443 | @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]= |
444 | {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, | |
445 | {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, | |
446 | {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, | |
447 | +{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "dsa_builtin_keygen"}, | |
448 | +{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"}, | |
449 | {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, | |
450 | {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, | |
451 | {ERR_FUNC(DSA_F_DSA_GENERATE_KEY), "DSA_generate_key"}, | |
452 | @@ -106,6 +108,8 @@ static ERR_STRING_DATA DSA_str_reasons[] | |
453 | {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, | |
454 | {ERR_REASON(DSA_R_DECODE_ERROR) ,"decode error"}, | |
455 | {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE) ,"invalid digest type"}, | |
456 | +{ERR_REASON(DSA_R_KEY_SIZE_INVALID) ,"key size invalid"}, | |
457 | +{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, | |
458 | {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, | |
459 | {ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, | |
460 | {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"}, | |
a7ff9508 MT |
461 | diff -up openssl-1.0.1b/crypto/dsa/dsa_gen.c.fips openssl-1.0.1b/crypto/dsa/dsa_gen.c |
462 | --- openssl-1.0.1b/crypto/dsa/dsa_gen.c.fips 2011-06-09 17:21:46.000000000 +0200 | |
463 | +++ openssl-1.0.1b/crypto/dsa/dsa_gen.c 2012-04-26 18:00:51.385768972 +0200 | |
0595faf5 MT |
464 | @@ -85,6 +85,14 @@ |
465 | #include <openssl/fips.h> | |
466 | #endif | |
467 | ||
468 | +#ifndef OPENSSL_FIPS | |
469 | +static int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits, | |
470 | + const EVP_MD *evpmd, unsigned char *seed, int seed_len, | |
471 | + BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb); | |
472 | +static int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q, | |
473 | + BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb); | |
474 | +#endif | |
475 | + | |
476 | int DSA_generate_parameters_ex(DSA *ret, int bits, | |
477 | const unsigned char *seed_in, int seed_len, | |
478 | int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) | |
479 | @@ -100,14 +108,6 @@ int DSA_generate_parameters_ex(DSA *ret, | |
480 | if(ret->meth->dsa_paramgen) | |
481 | return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, | |
482 | counter_ret, h_ret, cb); | |
483 | -#ifdef OPENSSL_FIPS | |
484 | - else if (FIPS_mode()) | |
485 | - { | |
486 | - return FIPS_dsa_generate_parameters_ex(ret, bits, | |
487 | - seed_in, seed_len, | |
488 | - counter_ret, h_ret, cb); | |
489 | - } | |
490 | -#endif | |
491 | else | |
492 | { | |
493 | const EVP_MD *evpmd; | |
494 | @@ -125,27 +125,119 @@ int DSA_generate_parameters_ex(DSA *ret, | |
495 | } | |
496 | ||
497 | return dsa_builtin_paramgen(ret, bits, qbits, evpmd, | |
498 | - seed_in, seed_len, NULL, counter_ret, h_ret, cb); | |
499 | + seed_in, seed_len, counter_ret, h_ret, cb); | |
500 | } | |
501 | } | |
502 | ||
503 | +#ifdef OPENSSL_FIPS | |
504 | +int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, | |
505 | + const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, | |
506 | + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) | |
507 | + { | |
508 | + return dsa_builtin_paramgen(ret, bits, qbits, | |
509 | + evpmd, seed_in, seed_len, | |
510 | + counter_ret, h_ret, cb); | |
511 | + } | |
512 | +#endif | |
513 | + | |
514 | int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, | |
515 | const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, | |
516 | - unsigned char *seed_out, | |
517 | int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) | |
518 | { | |
519 | int ok=0; | |
520 | unsigned char seed[SHA256_DIGEST_LENGTH]; | |
521 | + BIGNUM *g=NULL,*q=NULL,*p=NULL; | |
522 | + size_t qsize = qbits >> 3; | |
523 | + BN_CTX *ctx=NULL; | |
524 | + | |
525 | +#ifdef OPENSSL_FIPS | |
526 | + if(FIPS_selftest_failed()) | |
527 | + { | |
528 | + FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN, | |
529 | + FIPS_R_FIPS_SELFTEST_FAILED); | |
530 | + goto err; | |
531 | + } | |
532 | + | |
533 | + if (FIPS_module_mode() && | |
534 | + (bits != 1024 || qbits != 160) && | |
535 | + (bits != 2048 || qbits != 224) && | |
536 | + (bits != 2048 || qbits != 256) && | |
537 | + (bits != 3072 || qbits != 256)) | |
538 | + { | |
539 | + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_INVALID); | |
540 | + goto err; | |
541 | + } | |
542 | +#endif | |
543 | + if (seed_len && (seed_len < (size_t)qsize)) | |
544 | + seed_in = NULL; /* seed buffer too small -- ignore */ | |
545 | + if (seed_len > sizeof(seed)) | |
546 | + seed_len = sizeof(seed); /* App. 2.2 of FIPS PUB 186 allows larger SEED, | |
547 | + * but our internal buffers are restricted to 256 bits*/ | |
548 | + if (seed_in != NULL) | |
549 | + memcpy(seed, seed_in, seed_len); | |
550 | + else | |
551 | + seed_len = 0; | |
552 | + | |
553 | + if ((ctx=BN_CTX_new()) == NULL) | |
554 | + goto err; | |
555 | + | |
556 | + BN_CTX_start(ctx); | |
557 | + | |
558 | + if (!FIPS_dsa_generate_pq(ctx, bits, qbits, evpmd, | |
559 | + seed, seed_len, &p, &q, counter_ret, cb)) | |
560 | + goto err; | |
561 | + | |
562 | + if (!FIPS_dsa_generate_g(ctx, p, q, &g, h_ret, cb)) | |
563 | + goto err; | |
564 | + | |
565 | + ok=1; | |
566 | +err: | |
567 | + if (ok) | |
568 | + { | |
569 | + if(ret->p) | |
570 | + { | |
571 | + BN_free(ret->p); | |
572 | + ret->p = NULL; | |
573 | + } | |
574 | + if(ret->q) | |
575 | + { | |
576 | + BN_free(ret->q); | |
577 | + ret->q = NULL; | |
578 | + } | |
579 | + if(ret->g) | |
580 | + { | |
581 | + BN_free(ret->g); | |
582 | + ret->g = NULL; | |
583 | + } | |
584 | + ret->p=BN_dup(p); | |
585 | + ret->q=BN_dup(q); | |
586 | + ret->g=BN_dup(g); | |
587 | + if (ret->p == NULL || ret->q == NULL || ret->g == NULL) | |
588 | + ok=0; | |
589 | + } | |
590 | + if(ctx) | |
591 | + { | |
592 | + BN_CTX_end(ctx); | |
593 | + BN_CTX_free(ctx); | |
594 | + } | |
595 | + return ok; | |
596 | + } | |
597 | + | |
598 | +#ifndef OPENSSL_FIPS | |
599 | +static | |
600 | +#endif | |
601 | +int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits, | |
602 | + const EVP_MD *evpmd, unsigned char *seed, int seed_len, | |
603 | + BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb) | |
604 | + { | |
605 | + int ok=0; | |
606 | unsigned char md[SHA256_DIGEST_LENGTH]; | |
607 | - unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH]; | |
608 | + unsigned char buf[SHA256_DIGEST_LENGTH]; | |
609 | BIGNUM *r0,*W,*X,*c,*test; | |
610 | - BIGNUM *g=NULL,*q=NULL,*p=NULL; | |
611 | - BN_MONT_CTX *mont=NULL; | |
612 | - int i, k, n=0, m=0, qsize = qbits >> 3; | |
613 | + BIGNUM *q=NULL,*p=NULL; | |
614 | + int i, k, b, n=0, m=0, qsize = qbits >> 3; | |
615 | int counter=0; | |
616 | int r=0; | |
617 | - BN_CTX *ctx=NULL; | |
618 | - unsigned int h=2; | |
619 | ||
620 | if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && | |
621 | qsize != SHA256_DIGEST_LENGTH) | |
622 | @@ -153,51 +245,43 @@ int dsa_builtin_paramgen(DSA *ret, size_ | |
623 | return 0; | |
624 | ||
625 | if (evpmd == NULL) | |
626 | - /* use SHA1 as default */ | |
627 | - evpmd = EVP_sha1(); | |
628 | + { | |
629 | + if (qbits <= 160) | |
630 | + evpmd = EVP_sha1(); | |
631 | + else if (qbits <= 224) | |
632 | + evpmd = EVP_sha224(); | |
633 | + else | |
634 | + evpmd = EVP_sha256(); | |
635 | + } | |
636 | ||
637 | if (bits < 512) | |
638 | bits = 512; | |
639 | ||
640 | bits = (bits+63)/64*64; | |
641 | ||
642 | - /* NB: seed_len == 0 is special case: copy generated seed to | |
643 | - * seed_in if it is not NULL. | |
644 | - */ | |
645 | - if (seed_len && (seed_len < (size_t)qsize)) | |
646 | - seed_in = NULL; /* seed buffer too small -- ignore */ | |
647 | - if (seed_len > (size_t)qsize) | |
648 | - seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED, | |
649 | - * but our internal buffers are restricted to 160 bits*/ | |
650 | - if (seed_in != NULL) | |
651 | - memcpy(seed, seed_in, seed_len); | |
652 | - | |
653 | - if ((ctx=BN_CTX_new()) == NULL) | |
654 | - goto err; | |
655 | - | |
656 | - if ((mont=BN_MONT_CTX_new()) == NULL) | |
657 | - goto err; | |
658 | - | |
659 | - BN_CTX_start(ctx); | |
660 | r0 = BN_CTX_get(ctx); | |
661 | - g = BN_CTX_get(ctx); | |
662 | W = BN_CTX_get(ctx); | |
663 | - q = BN_CTX_get(ctx); | |
664 | + *q_ret = q = BN_CTX_get(ctx); | |
665 | X = BN_CTX_get(ctx); | |
666 | c = BN_CTX_get(ctx); | |
667 | - p = BN_CTX_get(ctx); | |
668 | + *p_ret = p = BN_CTX_get(ctx); | |
669 | test = BN_CTX_get(ctx); | |
670 | ||
671 | if (!BN_lshift(test,BN_value_one(),bits-1)) | |
672 | goto err; | |
673 | ||
674 | + /* step 3 n = \lceil bits / qbits \rceil - 1 */ | |
675 | + n = (bits+qbits-1)/qbits - 1; | |
676 | + /* step 4 b = bits - 1 - n * qbits */ | |
677 | + b = bits - 1 - n*qbits; | |
678 | + | |
679 | for (;;) | |
680 | { | |
681 | for (;;) /* find q */ | |
682 | { | |
683 | int seed_is_random; | |
684 | ||
685 | - /* step 1 */ | |
686 | + /* step 5 generate seed */ | |
687 | if(!BN_GENCB_call(cb, 0, m++)) | |
688 | goto err; | |
689 | ||
690 | @@ -212,30 +296,18 @@ int dsa_builtin_paramgen(DSA *ret, size_ | |
691 | seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ | |
692 | } | |
693 | memcpy(buf , seed, qsize); | |
694 | - memcpy(buf2, seed, qsize); | |
695 | - /* precompute "SEED + 1" for step 7: */ | |
696 | - for (i = qsize-1; i >= 0; i--) | |
697 | - { | |
698 | - buf[i]++; | |
699 | - if (buf[i] != 0) | |
700 | - break; | |
701 | - } | |
702 | ||
703 | - /* step 2 */ | |
704 | + /* step 6 U = hash(seed) */ | |
705 | if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL)) | |
706 | goto err; | |
707 | - if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) | |
708 | - goto err; | |
709 | - for (i = 0; i < qsize; i++) | |
710 | - md[i]^=buf2[i]; | |
711 | ||
712 | - /* step 3 */ | |
713 | + /* step 7 q = 2^(qbits-1) + U + 1 - (U mod 2) */ | |
714 | md[0] |= 0x80; | |
715 | md[qsize-1] |= 0x01; | |
716 | if (!BN_bin2bn(md, qsize, q)) | |
717 | goto err; | |
718 | ||
719 | - /* step 4 */ | |
720 | + /* step 8 test for prime (64 round of Rabin-Miller) */ | |
721 | r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, | |
722 | seed_is_random, cb); | |
723 | if (r > 0) | |
724 | @@ -243,27 +315,22 @@ int dsa_builtin_paramgen(DSA *ret, size_ | |
725 | if (r != 0) | |
726 | goto err; | |
727 | ||
728 | - /* do a callback call */ | |
729 | - /* step 5 */ | |
730 | } | |
731 | ||
732 | if(!BN_GENCB_call(cb, 2, 0)) goto err; | |
733 | if(!BN_GENCB_call(cb, 3, 0)) goto err; | |
734 | ||
735 | - /* step 6 */ | |
736 | + /* step 11 */ | |
737 | counter=0; | |
738 | - /* "offset = 2" */ | |
739 | - | |
740 | - n=(bits-1)/160; | |
741 | + /* "offset = 1" */ | |
742 | ||
743 | for (;;) | |
744 | { | |
745 | if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) | |
746 | goto err; | |
747 | ||
748 | - /* step 7 */ | |
749 | + /* step 11.1, 11.2 obtain W */ | |
750 | BN_zero(W); | |
751 | - /* now 'buf' contains "SEED + offset - 1" */ | |
752 | for (k=0; k<=n; k++) | |
753 | { | |
754 | /* obtain "SEED + offset + k" by incrementing: */ | |
755 | @@ -278,28 +345,30 @@ int dsa_builtin_paramgen(DSA *ret, size_ | |
756 | NULL)) | |
757 | goto err; | |
758 | ||
759 | - /* step 8 */ | |
760 | if (!BN_bin2bn(md, qsize, r0)) | |
761 | goto err; | |
762 | - if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err; | |
763 | + if (k == n) | |
764 | + BN_mask_bits(r0,b); | |
765 | + if (!BN_lshift(r0,r0,qbits*k)) goto err; | |
766 | if (!BN_add(W,W,r0)) goto err; | |
767 | } | |
768 | ||
769 | - /* more of step 8 */ | |
770 | - if (!BN_mask_bits(W,bits-1)) goto err; | |
771 | + /* step 11.3 X = W + 2^(L-1) */ | |
772 | if (!BN_copy(X,W)) goto err; | |
773 | if (!BN_add(X,X,test)) goto err; | |
774 | ||
775 | - /* step 9 */ | |
776 | + /* step 11.4 c = X mod 2*q */ | |
777 | if (!BN_lshift1(r0,q)) goto err; | |
778 | if (!BN_mod(c,X,r0,ctx)) goto err; | |
779 | + | |
780 | + /* step 11.5 p = X - (c - 1) */ | |
781 | if (!BN_sub(r0,c,BN_value_one())) goto err; | |
782 | if (!BN_sub(p,X,r0)) goto err; | |
783 | ||
784 | - /* step 10 */ | |
785 | + /* step 11.6 */ | |
786 | if (BN_cmp(p,test) >= 0) | |
787 | { | |
788 | - /* step 11 */ | |
789 | + /* step 11.7 */ | |
790 | r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, | |
791 | ctx, 1, cb); | |
792 | if (r > 0) | |
793 | @@ -308,19 +377,45 @@ int dsa_builtin_paramgen(DSA *ret, size_ | |
794 | goto err; | |
795 | } | |
796 | ||
797 | - /* step 13 */ | |
798 | + /* step 11.9 */ | |
799 | counter++; | |
800 | /* "offset = offset + n + 1" */ | |
801 | ||
802 | - /* step 14 */ | |
803 | - if (counter >= 4096) break; | |
804 | + /* step 12 */ | |
805 | + if (counter >= 4*bits) break; | |
806 | } | |
807 | } | |
808 | end: | |
809 | if(!BN_GENCB_call(cb, 2, 1)) | |
810 | goto err; | |
811 | ||
812 | - /* We now need to generate g */ | |
813 | + ok=1; | |
814 | +err: | |
815 | + if (ok) | |
816 | + { | |
817 | + if (counter_ret != NULL) *counter_ret=counter; | |
818 | + } | |
819 | + return ok; | |
820 | + } | |
821 | + | |
822 | +#ifndef OPENSSL_FIPS | |
823 | +static | |
824 | +#endif | |
825 | +int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q, | |
826 | + BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb) | |
827 | + { | |
828 | + int ok=0; | |
829 | + BIGNUM *r0, *test, *g = NULL; | |
830 | + BN_MONT_CTX *mont; | |
831 | + unsigned int h=2; | |
832 | + | |
833 | + if ((mont=BN_MONT_CTX_new()) == NULL) | |
834 | + goto err; | |
835 | + | |
836 | + r0 = BN_CTX_get(ctx); | |
837 | + *g_ret = g = BN_CTX_get(ctx); | |
838 | + test = BN_CTX_get(ctx); | |
839 | + | |
840 | /* Set r0=(p-1)/q */ | |
841 | if (!BN_sub(test,p,BN_value_one())) goto err; | |
842 | if (!BN_div(r0,NULL,test,q,ctx)) goto err; | |
843 | @@ -344,26 +439,7 @@ end: | |
844 | err: | |
845 | if (ok) | |
846 | { | |
847 | - if(ret->p) BN_free(ret->p); | |
848 | - if(ret->q) BN_free(ret->q); | |
849 | - if(ret->g) BN_free(ret->g); | |
850 | - ret->p=BN_dup(p); | |
851 | - ret->q=BN_dup(q); | |
852 | - ret->g=BN_dup(g); | |
853 | - if (ret->p == NULL || ret->q == NULL || ret->g == NULL) | |
854 | - { | |
855 | - ok=0; | |
856 | - goto err; | |
857 | - } | |
858 | - if (counter_ret != NULL) *counter_ret=counter; | |
859 | if (h_ret != NULL) *h_ret=h; | |
860 | - if (seed_out) | |
861 | - memcpy(seed_out, seed, qsize); | |
862 | - } | |
863 | - if(ctx) | |
864 | - { | |
865 | - BN_CTX_end(ctx); | |
866 | - BN_CTX_free(ctx); | |
867 | } | |
868 | if (mont != NULL) BN_MONT_CTX_free(mont); | |
869 | return ok; | |
a7ff9508 MT |
870 | diff -up openssl-1.0.1b/crypto/dsa/dsa.h.fips openssl-1.0.1b/crypto/dsa/dsa.h |
871 | --- openssl-1.0.1b/crypto/dsa/dsa.h.fips 2012-04-26 18:00:50.840757065 +0200 | |
872 | +++ openssl-1.0.1b/crypto/dsa/dsa.h 2012-04-26 18:00:51.386768993 +0200 | |
0595faf5 MT |
873 | @@ -88,6 +88,8 @@ |
874 | # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 | |
875 | #endif | |
876 | ||
877 | +#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 | |
878 | + | |
879 | #define DSA_FLAG_CACHE_MONT_P 0x01 | |
880 | #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA | |
881 | * implementation now uses constant time | |
882 | @@ -264,6 +266,17 @@ int DSA_print_fp(FILE *bp, const DSA *x, | |
883 | DH *DSA_dup_DH(const DSA *r); | |
884 | #endif | |
885 | ||
886 | +#ifdef OPENSSL_FIPS | |
887 | +int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, | |
888 | + const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, | |
889 | + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); | |
890 | +int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits, | |
891 | + const EVP_MD *evpmd, unsigned char *seed, int seed_len, | |
892 | + BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb); | |
893 | +int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q, | |
894 | + BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb); | |
895 | +#endif | |
896 | + | |
897 | #define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ | |
898 | EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ | |
899 | EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) | |
900 | @@ -285,10 +298,13 @@ void ERR_load_DSA_strings(void); | |
901 | #define DSA_F_DO_DSA_PRINT 104 | |
902 | #define DSA_F_DSAPARAMS_PRINT 100 | |
903 | #define DSA_F_DSAPARAMS_PRINT_FP 101 | |
904 | +#define DSA_F_DSA_BUILTIN_KEYGEN 124 | |
905 | +#define DSA_F_DSA_BUILTIN_PARAMGEN 123 | |
906 | #define DSA_F_DSA_DO_SIGN 112 | |
907 | #define DSA_F_DSA_DO_VERIFY 113 | |
908 | -#define DSA_F_DSA_GENERATE_KEY 124 | |
909 | -#define DSA_F_DSA_GENERATE_PARAMETERS_EX 123 | |
910 | +#define DSA_F_DSA_GENERATE_KEY 126 | |
911 | +#define DSA_F_DSA_GENERATE_PARAMETERS_EX 127 | |
912 | +#define DSA_F_DSA_GENERATE_PARAMETERS /* unused */ 125 | |
913 | #define DSA_F_DSA_NEW_METHOD 103 | |
914 | #define DSA_F_DSA_PARAM_DECODE 119 | |
915 | #define DSA_F_DSA_PRINT_FP 105 | |
916 | @@ -314,11 +330,15 @@ void ERR_load_DSA_strings(void); | |
917 | #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 | |
918 | #define DSA_R_DECODE_ERROR 104 | |
919 | #define DSA_R_INVALID_DIGEST_TYPE 106 | |
920 | +#define DSA_R_KEY_SIZE_INVALID 113 | |
921 | +#define DSA_R_KEY_SIZE_TOO_SMALL 110 | |
922 | #define DSA_R_MISSING_PARAMETERS 101 | |
923 | #define DSA_R_MODULUS_TOO_LARGE 103 | |
924 | -#define DSA_R_NEED_NEW_SETUP_VALUES 110 | |
925 | +#define DSA_R_NEED_NEW_SETUP_VALUES 112 | |
926 | #define DSA_R_NON_FIPS_DSA_METHOD 111 | |
927 | +#define DSA_R_NON_FIPS_METHOD 111 | |
928 | #define DSA_R_NO_PARAMETERS_SET 107 | |
929 | +#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE /* unused */ 112 | |
930 | #define DSA_R_PARAMETER_ENCODING_ERROR 105 | |
931 | ||
932 | #ifdef __cplusplus | |
a7ff9508 MT |
933 | diff -up openssl-1.0.1b/crypto/dsa/dsa_key.c.fips openssl-1.0.1b/crypto/dsa/dsa_key.c |
934 | --- openssl-1.0.1b/crypto/dsa/dsa_key.c.fips 2011-06-09 17:21:46.000000000 +0200 | |
935 | +++ openssl-1.0.1b/crypto/dsa/dsa_key.c 2012-04-26 18:00:51.386768993 +0200 | |
0595faf5 MT |
936 | @@ -66,6 +66,24 @@ |
937 | ||
938 | #ifdef OPENSSL_FIPS | |
939 | #include <openssl/fips.h> | |
940 | +#include <openssl/evp.h> | |
941 | + | |
942 | +static int fips_check_dsa(DSA *dsa) | |
943 | + { | |
944 | + EVP_PKEY pk; | |
945 | + unsigned char tbs[] = "DSA Pairwise Check Data"; | |
946 | + pk.type = EVP_PKEY_DSA; | |
947 | + pk.pkey.dsa = dsa; | |
948 | + | |
949 | + if (!fips_pkey_signature_test(&pk, tbs, 0, NULL, 0, NULL, 0, NULL)) | |
950 | + { | |
951 | + FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED); | |
952 | + fips_set_selftest_fail(); | |
953 | + return 0; | |
954 | + } | |
955 | + return 1; | |
956 | + } | |
957 | + | |
958 | #endif | |
959 | ||
960 | static int dsa_builtin_keygen(DSA *dsa); | |
961 | @@ -82,10 +100,6 @@ int DSA_generate_key(DSA *dsa) | |
962 | #endif | |
963 | if(dsa->meth->dsa_keygen) | |
964 | return dsa->meth->dsa_keygen(dsa); | |
965 | -#ifdef OPENSSL_FIPS | |
966 | - if (FIPS_mode()) | |
967 | - return FIPS_dsa_generate_key(dsa); | |
968 | -#endif | |
969 | return dsa_builtin_keygen(dsa); | |
970 | } | |
971 | ||
972 | @@ -95,6 +109,15 @@ static int dsa_builtin_keygen(DSA *dsa) | |
973 | BN_CTX *ctx=NULL; | |
974 | BIGNUM *pub_key=NULL,*priv_key=NULL; | |
975 | ||
976 | +#ifdef OPENSSL_FIPS | |
977 | + if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) | |
978 | + && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) | |
979 | + { | |
980 | + DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL); | |
981 | + goto err; | |
982 | + } | |
983 | +#endif | |
984 | + | |
985 | if ((ctx=BN_CTX_new()) == NULL) goto err; | |
986 | ||
987 | if (dsa->priv_key == NULL) | |
988 | @@ -133,6 +156,14 @@ static int dsa_builtin_keygen(DSA *dsa) | |
989 | ||
990 | dsa->priv_key=priv_key; | |
991 | dsa->pub_key=pub_key; | |
992 | +#ifdef OPENSSL_FIPS | |
993 | + if(FIPS_mode() && !fips_check_dsa(dsa)) | |
994 | + { | |
995 | + dsa->pub_key = NULL; | |
996 | + dsa->priv_key = NULL; | |
997 | + goto err; | |
998 | + } | |
999 | +#endif | |
1000 | ok=1; | |
1001 | ||
1002 | err: | |
a7ff9508 MT |
1003 | diff -up openssl-1.0.1b/crypto/dsa/dsa_lib.c.fips openssl-1.0.1b/crypto/dsa/dsa_lib.c |
1004 | --- openssl-1.0.1b/crypto/dsa/dsa_lib.c.fips 2011-11-14 15:16:09.000000000 +0100 | |
1005 | +++ openssl-1.0.1b/crypto/dsa/dsa_lib.c 2012-04-26 18:00:51.387769014 +0200 | |
0595faf5 MT |
1006 | @@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method |
1007 | { | |
1008 | if(!default_DSA_method) | |
1009 | { | |
1010 | -#ifdef OPENSSL_FIPS | |
1011 | - if (FIPS_mode()) | |
1012 | - return FIPS_dsa_openssl(); | |
1013 | - else | |
1014 | - return DSA_OpenSSL(); | |
1015 | -#else | |
1016 | default_DSA_method = DSA_OpenSSL(); | |
1017 | -#endif | |
1018 | } | |
1019 | return default_DSA_method; | |
1020 | } | |
a7ff9508 MT |
1021 | diff -up openssl-1.0.1b/crypto/dsa/dsa_locl.h.fips openssl-1.0.1b/crypto/dsa/dsa_locl.h |
1022 | --- openssl-1.0.1b/crypto/dsa/dsa_locl.h.fips 2012-04-26 18:00:50.844757152 +0200 | |
1023 | +++ openssl-1.0.1b/crypto/dsa/dsa_locl.h 2012-04-26 18:00:51.387769014 +0200 | |
0595faf5 MT |
1024 | @@ -56,5 +56,4 @@ |
1025 | ||
1026 | int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, | |
1027 | const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, | |
1028 | - unsigned char *seed_out, | |
1029 | int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); | |
a7ff9508 MT |
1030 | diff -up openssl-1.0.1b/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1b/crypto/dsa/dsa_ossl.c |
1031 | --- openssl-1.0.1b/crypto/dsa/dsa_ossl.c.fips 2011-02-01 13:53:47.000000000 +0100 | |
1032 | +++ openssl-1.0.1b/crypto/dsa/dsa_ossl.c 2012-04-26 18:00:51.388769035 +0200 | |
0595faf5 MT |
1033 | @@ -65,6 +65,9 @@ |
1034 | #include <openssl/dsa.h> | |
1035 | #include <openssl/rand.h> | |
1036 | #include <openssl/asn1.h> | |
1037 | +#ifdef OPENSSL_FIPS | |
1038 | +#include <openssl/fips.h> | |
1039 | +#endif | |
1040 | ||
1041 | static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); | |
1042 | static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); | |
1043 | @@ -82,7 +85,7 @@ NULL, /* dsa_mod_exp, */ | |
1044 | NULL, /* dsa_bn_mod_exp, */ | |
1045 | dsa_init, | |
1046 | dsa_finish, | |
1047 | -0, | |
1048 | +DSA_FLAG_FIPS_METHOD, | |
1049 | NULL, | |
1050 | NULL, | |
1051 | NULL | |
1052 | @@ -138,6 +141,21 @@ static DSA_SIG *dsa_do_sign(const unsign | |
1053 | DSA_SIG *ret=NULL; | |
1054 | int noredo = 0; | |
1055 | ||
1056 | +#ifdef OPENSSL_FIPS | |
1057 | + if(FIPS_selftest_failed()) | |
1058 | + { | |
1059 | + FIPSerr(FIPS_F_DSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED); | |
1060 | + return NULL; | |
1061 | + } | |
1062 | + | |
1063 | + if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) | |
1064 | + && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) | |
1065 | + { | |
1066 | + DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL); | |
1067 | + return NULL; | |
1068 | + } | |
1069 | +#endif | |
1070 | + | |
1071 | BN_init(&m); | |
1072 | BN_init(&xr); | |
1073 | ||
1074 | @@ -325,6 +343,21 @@ static int dsa_do_verify(const unsigned | |
1075 | return -1; | |
1076 | } | |
1077 | ||
1078 | +#ifdef OPENSSL_FIPS | |
1079 | + if(FIPS_selftest_failed()) | |
1080 | + { | |
1081 | + FIPSerr(FIPS_F_DSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED); | |
1082 | + return -1; | |
1083 | + } | |
1084 | + | |
1085 | + if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) | |
1086 | + && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) | |
1087 | + { | |
1088 | + DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL); | |
1089 | + return -1; | |
1090 | + } | |
1091 | +#endif | |
1092 | + | |
1093 | if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) | |
1094 | { | |
1095 | DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); | |
1096 | @@ -399,6 +432,9 @@ static int dsa_do_verify(const unsigned | |
1097 | ||
1098 | static int dsa_init(DSA *dsa) | |
1099 | { | |
1100 | +#ifdef OPENSSL_FIPS | |
1101 | + FIPS_selftest_check(); | |
1102 | +#endif | |
1103 | dsa->flags|=DSA_FLAG_CACHE_MONT_P; | |
1104 | return(1); | |
1105 | } | |
a7ff9508 MT |
1106 | diff -up openssl-1.0.1b/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1b/crypto/dsa/dsa_pmeth.c |
1107 | --- openssl-1.0.1b/crypto/dsa/dsa_pmeth.c.fips 2011-06-20 22:05:13.000000000 +0200 | |
1108 | +++ openssl-1.0.1b/crypto/dsa/dsa_pmeth.c 2012-04-26 18:00:51.388769035 +0200 | |
0595faf5 MT |
1109 | @@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT |
1110 | if (!dsa) | |
1111 | return 0; | |
1112 | ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, | |
1113 | - NULL, 0, NULL, NULL, NULL, pcb); | |
1114 | + NULL, 0, NULL, NULL, pcb); | |
1115 | if (ret) | |
1116 | EVP_PKEY_assign_DSA(pkey, dsa); | |
1117 | else | |
a7ff9508 MT |
1118 | diff -up openssl-1.0.1b/crypto/dsa/dsatest.c.fips openssl-1.0.1b/crypto/dsa/dsatest.c |
1119 | --- openssl-1.0.1b/crypto/dsa/dsatest.c.fips 2008-08-06 17:54:11.000000000 +0200 | |
1120 | +++ openssl-1.0.1b/crypto/dsa/dsatest.c 2012-04-26 18:00:51.389769058 +0200 | |
0595faf5 MT |
1121 | @@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int |
1122 | /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to | |
1123 | * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ | |
1124 | static unsigned char seed[20]={ | |
1125 | - 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40, | |
1126 | - 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3, | |
1127 | + 0x02,0x47,0x11,0x92,0x11,0x88,0xC8,0xFB,0xAF,0x48,0x4C,0x62, | |
1128 | + 0xDF,0xA5,0xBE,0xA0,0xA4,0x3C,0x56,0xE3, | |
1129 | }; | |
1130 | ||
1131 | static unsigned char out_p[]={ | |
1132 | - 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa, | |
1133 | - 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb, | |
1134 | - 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7, | |
1135 | - 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5, | |
1136 | - 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf, | |
1137 | - 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac, | |
1138 | - 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2, | |
1139 | - 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91, | |
1140 | + 0xAC,0xCB,0x1E,0x63,0x60,0x69,0x0C,0xFB,0x06,0x19,0x68,0x3E, | |
1141 | + 0xA5,0x01,0x5A,0xA2,0x15,0x5C,0xE2,0x99,0x2D,0xD5,0x30,0x99, | |
1142 | + 0x7E,0x5F,0x8D,0xE2,0xF7,0xC6,0x2E,0x8D,0xA3,0x9F,0x58,0xAD, | |
1143 | + 0xD6,0xA9,0x7D,0x0E,0x0D,0x95,0x53,0xA6,0x71,0x3A,0xDE,0xAB, | |
1144 | + 0xAC,0xE9,0xF4,0x36,0x55,0x9E,0xB9,0xD6,0x93,0xBF,0xF3,0x18, | |
1145 | + 0x1C,0x14,0x7B,0xA5,0x42,0x2E,0xCD,0x00,0xEB,0x35,0x3B,0x1B, | |
1146 | + 0xA8,0x51,0xBB,0xE1,0x58,0x42,0x85,0x84,0x22,0xA7,0x97,0x5E, | |
1147 | + 0x99,0x6F,0x38,0x20,0xBD,0x9D,0xB6,0xD9,0x33,0x37,0x2A,0xFD, | |
1148 | + 0xBB,0xD4,0xBC,0x0C,0x2A,0x67,0xCB,0x9F,0xBB,0xDF,0xF9,0x93, | |
1149 | + 0xAA,0xD6,0xF0,0xD6,0x95,0x0B,0x5D,0x65,0x14,0xD0,0x18,0x9D, | |
1150 | + 0xC6,0xAF,0xF0,0xC6,0x37,0x7C,0xF3,0x5F, | |
1151 | }; | |
1152 | ||
1153 | static unsigned char out_q[]={ | |
1154 | - 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee, | |
1155 | - 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e, | |
1156 | - 0xda,0xce,0x91,0x5f, | |
1157 | + 0xE3,0x8E,0x5E,0x6D,0xBF,0x2B,0x79,0xF8,0xC5,0x4B,0x89,0x8B, | |
1158 | + 0xBA,0x2D,0x91,0xC3,0x6C,0x80,0xAC,0x87, | |
1159 | }; | |
1160 | ||
1161 | static unsigned char out_g[]={ | |
1162 | - 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13, | |
1163 | - 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00, | |
1164 | - 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb, | |
1165 | - 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e, | |
1166 | - 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf, | |
1167 | - 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c, | |
1168 | - 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c, | |
1169 | - 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02, | |
1170 | + 0x42,0x4A,0x04,0x4E,0x79,0xB4,0x99,0x7F,0xFD,0x58,0x36,0x2C, | |
1171 | + 0x1B,0x5F,0x18,0x7E,0x0D,0xCC,0xAB,0x81,0xC9,0x5D,0x10,0xCE, | |
1172 | + 0x4E,0x80,0x7E,0x58,0xB4,0x34,0x3F,0xA7,0x45,0xC7,0xAA,0x36, | |
1173 | + 0x24,0x42,0xA9,0x3B,0xE8,0x0E,0x04,0x02,0x2D,0xFB,0xA6,0x13, | |
1174 | + 0xB9,0xB5,0x15,0xA5,0x56,0x07,0x35,0xE4,0x03,0xB6,0x79,0x7C, | |
1175 | + 0x62,0xDD,0xDF,0x3F,0x71,0x3A,0x9D,0x8B,0xC4,0xF6,0xE7,0x1D, | |
1176 | + 0x52,0xA8,0xA9,0x43,0x1D,0x33,0x51,0x88,0x39,0xBD,0x73,0xE9, | |
1177 | + 0x5F,0xBE,0x82,0x49,0x27,0xE6,0xB5,0x53,0xC1,0x38,0xAC,0x2F, | |
1178 | + 0x6D,0x97,0x6C,0xEB,0x67,0xC1,0x5F,0x67,0xF8,0x35,0x05,0x5E, | |
1179 | + 0xD5,0x68,0x80,0xAA,0x96,0xCA,0x0B,0x8A,0xE6,0xF1,0xB1,0x41, | |
1180 | + 0xC6,0x75,0x94,0x0A,0x0A,0x2A,0xFA,0x29, | |
1181 | }; | |
1182 | ||
1183 | static const unsigned char str1[]="12345678901234567890"; | |
1184 | @@ -157,7 +162,7 @@ int main(int argc, char **argv) | |
1185 | BIO_printf(bio_err,"test generation of DSA parameters\n"); | |
1186 | ||
1187 | BN_GENCB_set(&cb, dsa_cb, bio_err); | |
1188 | - if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, | |
1189 | + if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 1024, | |
1190 | seed, 20, &counter, &h, &cb)) | |
1191 | goto end; | |
1192 | ||
1193 | @@ -170,9 +175,9 @@ int main(int argc, char **argv) | |
1194 | BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h); | |
1195 | ||
1196 | DSA_print(bio_err,dsa,0); | |
1197 | - if (counter != 105) | |
1198 | + if (counter != 239) | |
1199 | { | |
1200 | - BIO_printf(bio_err,"counter should be 105\n"); | |
1201 | + BIO_printf(bio_err,"counter should be 239\n"); | |
1202 | goto end; | |
1203 | } | |
1204 | if (h != 2) | |
a7ff9508 MT |
1205 | diff -up openssl-1.0.1b/crypto/engine/eng_all.c.fips openssl-1.0.1b/crypto/engine/eng_all.c |
1206 | --- openssl-1.0.1b/crypto/engine/eng_all.c.fips 2011-08-10 20:53:13.000000000 +0200 | |
1207 | +++ openssl-1.0.1b/crypto/engine/eng_all.c 2012-04-26 18:00:51.389769058 +0200 | |
0595faf5 MT |
1208 | @@ -58,11 +58,25 @@ |
1209 | ||
1210 | #include "cryptlib.h" | |
1211 | #include "eng_int.h" | |
1212 | +#ifdef OPENSSL_FIPS | |
1213 | +#include <openssl/fips.h> | |
1214 | +#endif | |
1215 | ||
1216 | void ENGINE_load_builtin_engines(void) | |
1217 | { | |
1218 | /* Some ENGINEs need this */ | |
1219 | OPENSSL_cpuid_setup(); | |
1220 | +#ifdef OPENSSL_FIPS | |
1221 | + OPENSSL_init_library(); | |
1222 | + if (FIPS_mode()) { | |
1223 | + /* We allow loading dynamic engine as a third party | |
1224 | + engine might be FIPS validated. | |
1225 | + User is disallowed to load non-validated engines | |
1226 | + by security policy. */ | |
1227 | + ENGINE_load_dynamic(); | |
1228 | + return; | |
1229 | + } | |
1230 | +#endif | |
1231 | #if 0 | |
1232 | /* There's no longer any need for an "openssl" ENGINE unless, one day, | |
1233 | * it is the *only* way for standard builtin implementations to be be | |
a7ff9508 MT |
1234 | diff -up openssl-1.0.1b/crypto/err/err_all.c.fips openssl-1.0.1b/crypto/err/err_all.c |
1235 | --- openssl-1.0.1b/crypto/err/err_all.c.fips 2011-06-21 18:58:10.000000000 +0200 | |
1236 | +++ openssl-1.0.1b/crypto/err/err_all.c 2012-04-26 18:00:51.390769081 +0200 | |
0595faf5 MT |
1237 | @@ -96,6 +96,9 @@ |
1238 | #include <openssl/ocsp.h> | |
1239 | #include <openssl/err.h> | |
1240 | #include <openssl/ts.h> | |
1241 | +#ifdef OPENSSL_FIPS | |
1242 | +#include <openssl/fips.h> | |
1243 | +#endif | |
1244 | #ifndef OPENSSL_NO_CMS | |
1245 | #include <openssl/cms.h> | |
1246 | #endif | |
1247 | @@ -153,6 +156,9 @@ void ERR_load_crypto_strings(void) | |
1248 | #endif | |
1249 | ERR_load_OCSP_strings(); | |
1250 | ERR_load_UI_strings(); | |
1251 | +#ifdef OPENSSL_FIPS | |
1252 | + ERR_load_FIPS_strings(); | |
1253 | +#endif | |
1254 | #ifndef OPENSSL_NO_CMS | |
1255 | ERR_load_CMS_strings(); | |
1256 | #endif | |
a7ff9508 MT |
1257 | diff -up openssl-1.0.1b/crypto/evp/c_allc.c.fips openssl-1.0.1b/crypto/evp/c_allc.c |
1258 | --- openssl-1.0.1b/crypto/evp/c_allc.c.fips 2011-11-14 22:13:35.000000000 +0100 | |
1259 | +++ openssl-1.0.1b/crypto/evp/c_allc.c 2012-04-26 18:00:51.390769081 +0200 | |
0595faf5 MT |
1260 | @@ -65,6 +65,11 @@ |
1261 | void OpenSSL_add_all_ciphers(void) | |
1262 | { | |
1263 | ||
1264 | +#ifdef OPENSSL_FIPS | |
1265 | + OPENSSL_init_library(); | |
1266 | + if(!FIPS_mode()) | |
1267 | + { | |
1268 | +#endif | |
1269 | #ifndef OPENSSL_NO_DES | |
1270 | EVP_add_cipher(EVP_des_cfb()); | |
1271 | EVP_add_cipher(EVP_des_cfb1()); | |
1272 | @@ -227,4 +232,60 @@ void OpenSSL_add_all_ciphers(void) | |
1273 | EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256"); | |
1274 | EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256"); | |
1275 | #endif | |
1276 | +#ifdef OPENSSL_FIPS | |
1277 | + } | |
1278 | + else | |
1279 | + { | |
1280 | +#ifndef OPENSSL_NO_DES | |
1281 | + EVP_add_cipher(EVP_des_ede_cfb()); | |
1282 | + EVP_add_cipher(EVP_des_ede3_cfb()); | |
1283 | + | |
1284 | + EVP_add_cipher(EVP_des_ede_ofb()); | |
1285 | + EVP_add_cipher(EVP_des_ede3_ofb()); | |
1286 | + | |
1287 | + EVP_add_cipher(EVP_des_ede_cbc()); | |
1288 | + EVP_add_cipher(EVP_des_ede3_cbc()); | |
1289 | + EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3"); | |
1290 | + EVP_add_cipher_alias(SN_des_ede3_cbc,"des3"); | |
1291 | + | |
1292 | + EVP_add_cipher(EVP_des_ede()); | |
1293 | + EVP_add_cipher(EVP_des_ede3()); | |
1294 | +#endif | |
1295 | + | |
1296 | +#ifndef OPENSSL_NO_AES | |
1297 | + EVP_add_cipher(EVP_aes_128_ecb()); | |
1298 | + EVP_add_cipher(EVP_aes_128_cbc()); | |
1299 | + EVP_add_cipher(EVP_aes_128_cfb()); | |
1300 | + EVP_add_cipher(EVP_aes_128_cfb1()); | |
1301 | + EVP_add_cipher(EVP_aes_128_cfb8()); | |
1302 | + EVP_add_cipher(EVP_aes_128_ofb()); | |
1303 | + EVP_add_cipher(EVP_aes_128_ctr()); | |
1304 | + EVP_add_cipher(EVP_aes_128_gcm()); | |
1305 | + EVP_add_cipher(EVP_aes_128_xts()); | |
1306 | + EVP_add_cipher_alias(SN_aes_128_cbc,"AES128"); | |
1307 | + EVP_add_cipher_alias(SN_aes_128_cbc,"aes128"); | |
1308 | + EVP_add_cipher(EVP_aes_192_ecb()); | |
1309 | + EVP_add_cipher(EVP_aes_192_cbc()); | |
1310 | + EVP_add_cipher(EVP_aes_192_cfb()); | |
1311 | + EVP_add_cipher(EVP_aes_192_cfb1()); | |
1312 | + EVP_add_cipher(EVP_aes_192_cfb8()); | |
1313 | + EVP_add_cipher(EVP_aes_192_ofb()); | |
1314 | + EVP_add_cipher(EVP_aes_192_ctr()); | |
1315 | + EVP_add_cipher(EVP_aes_192_gcm()); | |
1316 | + EVP_add_cipher_alias(SN_aes_192_cbc,"AES192"); | |
1317 | + EVP_add_cipher_alias(SN_aes_192_cbc,"aes192"); | |
1318 | + EVP_add_cipher(EVP_aes_256_ecb()); | |
1319 | + EVP_add_cipher(EVP_aes_256_cbc()); | |
1320 | + EVP_add_cipher(EVP_aes_256_cfb()); | |
1321 | + EVP_add_cipher(EVP_aes_256_cfb1()); | |
1322 | + EVP_add_cipher(EVP_aes_256_cfb8()); | |
1323 | + EVP_add_cipher(EVP_aes_256_ofb()); | |
1324 | + EVP_add_cipher(EVP_aes_256_ctr()); | |
1325 | + EVP_add_cipher(EVP_aes_256_gcm()); | |
1326 | + EVP_add_cipher(EVP_aes_256_xts()); | |
1327 | + EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); | |
1328 | + EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); | |
1329 | +#endif | |
1330 | + } | |
1331 | +#endif | |
1332 | } | |
a7ff9508 MT |
1333 | diff -up openssl-1.0.1b/crypto/evp/c_alld.c.fips openssl-1.0.1b/crypto/evp/c_alld.c |
1334 | --- openssl-1.0.1b/crypto/evp/c_alld.c.fips 2009-07-08 10:50:53.000000000 +0200 | |
1335 | +++ openssl-1.0.1b/crypto/evp/c_alld.c 2012-04-26 18:00:51.390769081 +0200 | |
0595faf5 MT |
1336 | @@ -64,6 +64,11 @@ |
1337 | ||
1338 | void OpenSSL_add_all_digests(void) | |
1339 | { | |
1340 | +#ifdef OPENSSL_FIPS | |
1341 | + OPENSSL_init_library(); | |
1342 | + if (!FIPS_mode()) | |
1343 | + { | |
1344 | +#endif | |
1345 | #ifndef OPENSSL_NO_MD4 | |
1346 | EVP_add_digest(EVP_md4()); | |
1347 | #endif | |
1348 | @@ -111,4 +116,32 @@ void OpenSSL_add_all_digests(void) | |
1349 | #ifndef OPENSSL_NO_WHIRLPOOL | |
1350 | EVP_add_digest(EVP_whirlpool()); | |
1351 | #endif | |
1352 | +#ifdef OPENSSL_FIPS | |
1353 | + } | |
1354 | + else | |
1355 | + { | |
1356 | +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) | |
1357 | + EVP_add_digest(EVP_sha1()); | |
1358 | + EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); | |
1359 | + EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); | |
1360 | +#ifndef OPENSSL_NO_DSA | |
1361 | + EVP_add_digest(EVP_dss1()); | |
1362 | + EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); | |
1363 | + EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); | |
1364 | + EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); | |
1365 | +#endif | |
1366 | +#ifndef OPENSSL_NO_ECDSA | |
1367 | + EVP_add_digest(EVP_ecdsa()); | |
1368 | +#endif | |
1369 | +#endif | |
1370 | +#ifndef OPENSSL_NO_SHA256 | |
1371 | + EVP_add_digest(EVP_sha224()); | |
1372 | + EVP_add_digest(EVP_sha256()); | |
1373 | +#endif | |
1374 | +#ifndef OPENSSL_NO_SHA512 | |
1375 | + EVP_add_digest(EVP_sha384()); | |
1376 | + EVP_add_digest(EVP_sha512()); | |
1377 | +#endif | |
1378 | + } | |
1379 | +#endif | |
1380 | } | |
a7ff9508 MT |
1381 | diff -up openssl-1.0.1b/crypto/evp/digest.c.fips openssl-1.0.1b/crypto/evp/digest.c |
1382 | --- openssl-1.0.1b/crypto/evp/digest.c.fips 2011-05-29 17:55:13.000000000 +0200 | |
1383 | +++ openssl-1.0.1b/crypto/evp/digest.c 2012-04-26 18:00:51.391769103 +0200 | |
0595faf5 MT |
1384 | @@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons |
1385 | return EVP_DigestInit_ex(ctx, type, NULL); | |
1386 | } | |
1387 | ||
1388 | +#ifdef OPENSSL_FIPS | |
1389 | + | |
1390 | +/* The purpose of these is to trap programs that attempt to use non FIPS | |
1391 | + * algorithms in FIPS mode and ignore the errors. | |
1392 | + */ | |
1393 | + | |
1394 | +static int bad_init(EVP_MD_CTX *ctx) | |
1395 | + { FIPS_ERROR_IGNORED("Digest init"); return 0;} | |
1396 | + | |
1397 | +static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count) | |
1398 | + { FIPS_ERROR_IGNORED("Digest update"); return 0;} | |
1399 | + | |
1400 | +static int bad_final(EVP_MD_CTX *ctx,unsigned char *md) | |
1401 | + { FIPS_ERROR_IGNORED("Digest Final"); return 0;} | |
1402 | + | |
1403 | +static const EVP_MD bad_md = | |
1404 | + { | |
1405 | + 0, | |
1406 | + 0, | |
1407 | + 0, | |
1408 | + 0, | |
1409 | + bad_init, | |
1410 | + bad_update, | |
1411 | + bad_final, | |
1412 | + NULL, | |
1413 | + NULL, | |
1414 | + NULL, | |
1415 | + 0, | |
1416 | + {0,0,0,0}, | |
1417 | + }; | |
1418 | + | |
1419 | +#endif | |
1420 | + | |
1421 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | |
1422 | { | |
1423 | EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); | |
1424 | +#ifdef OPENSSL_FIPS | |
1425 | + if(FIPS_selftest_failed()) | |
1426 | + { | |
1427 | + FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED); | |
1428 | + ctx->digest = &bad_md; | |
1429 | + return 0; | |
1430 | + } | |
1431 | +#endif | |
1432 | #ifndef OPENSSL_NO_ENGINE | |
1433 | /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts | |
1434 | * so this context may already have an ENGINE! Try to avoid releasing | |
1435 | @@ -201,6 +242,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c | |
1436 | #endif | |
1437 | if (ctx->digest != type) | |
1438 | { | |
1439 | +#ifdef OPENSSL_FIPS | |
1440 | + if (FIPS_mode()) | |
1441 | + { | |
1442 | + if (!(type->flags & EVP_MD_FLAG_FIPS) | |
1443 | + && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) | |
1444 | + { | |
1445 | + EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); | |
1446 | + ctx->digest = &bad_md; | |
1447 | + return 0; | |
1448 | + } | |
1449 | + } | |
1450 | +#endif | |
1451 | if (ctx->digest && ctx->digest->ctx_size) | |
1452 | OPENSSL_free(ctx->md_data); | |
1453 | ctx->digest=type; | |
1454 | @@ -229,26 +282,15 @@ skip_to_init: | |
1455 | } | |
1456 | if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) | |
1457 | return 1; | |
1458 | -#ifdef OPENSSL_FIPS | |
1459 | - if (FIPS_mode()) | |
1460 | - { | |
1461 | - if (FIPS_digestinit(ctx, type)) | |
1462 | - return 1; | |
1463 | - OPENSSL_free(ctx->md_data); | |
1464 | - ctx->md_data = NULL; | |
1465 | - return 0; | |
1466 | - } | |
1467 | -#endif | |
1468 | return ctx->digest->init(ctx); | |
1469 | } | |
1470 | ||
1471 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) | |
1472 | { | |
1473 | #ifdef OPENSSL_FIPS | |
1474 | - return FIPS_digestupdate(ctx, data, count); | |
1475 | -#else | |
1476 | - return ctx->update(ctx,data,count); | |
1477 | + FIPS_selftest_check(); | |
1478 | #endif | |
1479 | + return ctx->update(ctx,data,count); | |
1480 | } | |
1481 | ||
1482 | /* The caller can assume that this removes any secret data from the context */ | |
1483 | @@ -263,10 +305,11 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns | |
1484 | /* The caller can assume that this removes any secret data from the context */ | |
1485 | int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) | |
1486 | { | |
1487 | -#ifdef OPENSSL_FIPS | |
1488 | - return FIPS_digestfinal(ctx, md, size); | |
1489 | -#else | |
1490 | int ret; | |
1491 | +#ifdef OPENSSL_FIPS | |
1492 | + FIPS_selftest_check(); | |
1493 | +#endif | |
1494 | + | |
1495 | OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); | |
1496 | ret=ctx->digest->final(ctx,md); | |
1497 | if (size != NULL) | |
1498 | @@ -278,7 +321,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, | |
1499 | } | |
1500 | memset(ctx->md_data,0,ctx->digest->ctx_size); | |
1501 | return ret; | |
1502 | -#endif | |
1503 | } | |
1504 | ||
1505 | int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) | |
1506 | @@ -372,7 +414,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) | |
1507 | /* This call frees resources associated with the context */ | |
1508 | int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) | |
1509 | { | |
1510 | -#ifndef OPENSSL_FIPS | |
1511 | /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, | |
1512 | * because sometimes only copies of the context are ever finalised. | |
1513 | */ | |
1514 | @@ -385,7 +426,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) | |
1515 | OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); | |
1516 | OPENSSL_free(ctx->md_data); | |
1517 | } | |
1518 | -#endif | |
1519 | if (ctx->pctx) | |
1520 | EVP_PKEY_CTX_free(ctx->pctx); | |
1521 | #ifndef OPENSSL_NO_ENGINE | |
1522 | @@ -394,9 +434,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) | |
1523 | * functional reference we held for this reason. */ | |
1524 | ENGINE_finish(ctx->engine); | |
1525 | #endif | |
1526 | -#ifdef OPENSSL_FIPS | |
1527 | - FIPS_md_ctx_cleanup(ctx); | |
1528 | -#endif | |
1529 | memset(ctx,'\0',sizeof *ctx); | |
1530 | ||
1531 | return 1; | |
a7ff9508 MT |
1532 | diff -up openssl-1.0.1b/crypto/evp/e_aes.c.fips openssl-1.0.1b/crypto/evp/e_aes.c |
1533 | --- openssl-1.0.1b/crypto/evp/e_aes.c.fips 2011-11-15 13:19:56.000000000 +0100 | |
1534 | +++ openssl-1.0.1b/crypto/evp/e_aes.c 2012-04-26 18:00:51.391769103 +0200 | |
0595faf5 MT |
1535 | @@ -56,7 +56,6 @@ |
1536 | #include <assert.h> | |
1537 | #include <openssl/aes.h> | |
1538 | #include "evp_locl.h" | |
1539 | -#ifndef OPENSSL_FIPS | |
1540 | #include "modes_lcl.h" | |
1541 | #include <openssl/rand.h> | |
1542 | ||
1543 | @@ -716,7 +715,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * | |
1544 | if (arg <= 0) | |
1545 | return 0; | |
1546 | #ifdef OPENSSL_FIPS | |
1547 | - if (FIPS_module_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) | |
1548 | + if (FIPS_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) | |
1549 | && arg < 12) | |
1550 | return 0; | |
1551 | #endif | |
1552 | @@ -1128,7 +1127,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX | |
1553 | return 0; | |
1554 | #ifdef OPENSSL_FIPS | |
1555 | /* Requirement of SP800-38E */ | |
1556 | - if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && | |
1557 | + if (FIPS_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && | |
1558 | (len > (1UL<<20)*16)) | |
1559 | { | |
1560 | EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE); | |
1561 | @@ -1310,4 +1309,3 @@ BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm | |
1562 | BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) | |
1563 | ||
1564 | #endif | |
1565 | -#endif | |
a7ff9508 MT |
1566 | diff -up openssl-1.0.1b/crypto/evp/e_des3.c.fips openssl-1.0.1b/crypto/evp/e_des3.c |
1567 | --- openssl-1.0.1b/crypto/evp/e_des3.c.fips 2011-05-29 01:01:26.000000000 +0200 | |
1568 | +++ openssl-1.0.1b/crypto/evp/e_des3.c 2012-04-26 18:00:51.392769125 +0200 | |
0595faf5 MT |
1569 | @@ -65,8 +65,6 @@ |
1570 | #include <openssl/des.h> | |
1571 | #include <openssl/rand.h> | |
1572 | ||
1573 | -#ifndef OPENSSL_FIPS | |
1574 | - | |
1575 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |
1576 | const unsigned char *iv,int enc); | |
1577 | ||
1578 | @@ -208,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH | |
1579 | } | |
1580 | ||
1581 | BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, | |
1582 | - EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, | |
1583 | - EVP_CIPHER_set_asn1_iv, | |
1584 | - EVP_CIPHER_get_asn1_iv, | |
1585 | + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, | |
1586 | + des_ede_init_key, | |
1587 | + NULL, NULL, NULL, | |
1588 | des3_ctrl) | |
1589 | ||
1590 | #define des_ede3_cfb64_cipher des_ede_cfb64_cipher | |
1591 | @@ -219,21 +217,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, | |
1592 | #define des_ede3_ecb_cipher des_ede_ecb_cipher | |
1593 | ||
1594 | BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, | |
1595 | - EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, | |
1596 | - EVP_CIPHER_set_asn1_iv, | |
1597 | - EVP_CIPHER_get_asn1_iv, | |
1598 | + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, | |
1599 | + des_ede3_init_key, | |
1600 | + NULL, NULL, NULL, | |
1601 | des3_ctrl) | |
1602 | ||
1603 | BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, | |
1604 | - EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, | |
1605 | - EVP_CIPHER_set_asn1_iv, | |
1606 | - EVP_CIPHER_get_asn1_iv, | |
1607 | + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, | |
1608 | + des_ede3_init_key, | |
1609 | + NULL, NULL, NULL, | |
1610 | des3_ctrl) | |
1611 | ||
1612 | BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, | |
1613 | - EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, | |
1614 | - EVP_CIPHER_set_asn1_iv, | |
1615 | - EVP_CIPHER_get_asn1_iv, | |
1616 | + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, | |
1617 | + des_ede3_init_key, | |
1618 | + NULL, NULL, NULL, | |
1619 | des3_ctrl) | |
1620 | ||
1621 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |
1622 | @@ -313,4 +311,3 @@ const EVP_CIPHER *EVP_des_ede3(void) | |
1623 | return &des_ede3_ecb; | |
1624 | } | |
1625 | #endif | |
1626 | -#endif | |
a7ff9508 MT |
1627 | diff -up openssl-1.0.1b/crypto/evp/e_null.c.fips openssl-1.0.1b/crypto/evp/e_null.c |
1628 | --- openssl-1.0.1b/crypto/evp/e_null.c.fips 2011-06-20 22:00:10.000000000 +0200 | |
1629 | +++ openssl-1.0.1b/crypto/evp/e_null.c 2012-04-26 18:00:51.392769125 +0200 | |
0595faf5 MT |
1630 | @@ -61,8 +61,6 @@ |
1631 | #include <openssl/evp.h> | |
1632 | #include <openssl/objects.h> | |
1633 | ||
1634 | -#ifndef OPENSSL_FIPS | |
1635 | - | |
1636 | static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |
1637 | const unsigned char *iv,int enc); | |
1638 | static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
1639 | @@ -71,7 +69,7 @@ static const EVP_CIPHER n_cipher= | |
1640 | { | |
1641 | NID_undef, | |
1642 | 1,0,0, | |
1643 | - 0, | |
1644 | + EVP_CIPH_FLAG_FIPS, | |
1645 | null_init_key, | |
1646 | null_cipher, | |
1647 | NULL, | |
1648 | @@ -101,4 +99,3 @@ static int null_cipher(EVP_CIPHER_CTX *c | |
1649 | memcpy((char *)out,(const char *)in,inl); | |
1650 | return 1; | |
1651 | } | |
1652 | -#endif | |
a7ff9508 MT |
1653 | diff -up openssl-1.0.1b/crypto/evp/evp_enc.c.fips openssl-1.0.1b/crypto/evp/evp_enc.c |
1654 | --- openssl-1.0.1b/crypto/evp/evp_enc.c.fips 2012-04-20 02:07:48.000000000 +0200 | |
1655 | +++ openssl-1.0.1b/crypto/evp/evp_enc.c 2012-04-26 18:02:25.419823276 +0200 | |
0595faf5 MT |
1656 | @@ -69,17 +69,58 @@ |
1657 | #endif | |
1658 | #include "evp_locl.h" | |
1659 | ||
1660 | -#ifdef OPENSSL_FIPS | |
1661 | -#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl) | |
1662 | -#else | |
1663 | #define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl) | |
1664 | -#endif | |
1665 | ||
1666 | ||
1667 | const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; | |
1668 | ||
1669 | +#ifdef OPENSSL_FIPS | |
1670 | + | |
1671 | +/* The purpose of these is to trap programs that attempt to use non FIPS | |
1672 | + * algorithms in FIPS mode and ignore the errors. | |
1673 | + */ | |
1674 | + | |
1675 | +static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |
1676 | + const unsigned char *iv, int enc) | |
1677 | + { FIPS_ERROR_IGNORED("Cipher init"); return 0;} | |
1678 | + | |
1679 | +static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
1680 | + const unsigned char *in, unsigned int inl) | |
1681 | + { FIPS_ERROR_IGNORED("Cipher update"); return 0;} | |
1682 | + | |
1683 | +/* NB: no cleanup because it is allowed after failed init */ | |
1684 | + | |
1685 | +static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) | |
1686 | + { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;} | |
1687 | +static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) | |
1688 | + { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;} | |
1689 | +static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) | |
1690 | + { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;} | |
1691 | + | |
1692 | +static const EVP_CIPHER bad_cipher = | |
1693 | + { | |
1694 | + 0, | |
1695 | + 0, | |
1696 | + 0, | |
1697 | + 0, | |
1698 | + 0, | |
1699 | + bad_init, | |
1700 | + bad_do_cipher, | |
1701 | + NULL, | |
1702 | + 0, | |
1703 | + bad_set_asn1, | |
1704 | + bad_get_asn1, | |
1705 | + bad_ctrl, | |
1706 | + NULL | |
1707 | + }; | |
1708 | + | |
1709 | +#endif | |
1710 | + | |
1711 | void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) | |
1712 | { | |
1713 | +#ifdef OPENSSL_FIPS | |
1714 | + FIPS_selftest_check(); | |
1715 | +#endif | |
1716 | memset(ctx,0,sizeof(EVP_CIPHER_CTX)); | |
1717 | /* ctx->cipher=NULL; */ | |
1718 | } | |
1719 | @@ -111,6 +152,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct | |
1720 | enc = 1; | |
1721 | ctx->encrypt = enc; | |
1722 | } | |
1723 | +#ifdef OPENSSL_FIPS | |
1724 | + if(FIPS_selftest_failed()) | |
1725 | + { | |
1726 | + FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED); | |
1727 | + ctx->cipher = &bad_cipher; | |
1728 | + return 0; | |
1729 | + } | |
1730 | +#endif | |
1731 | #ifndef OPENSSL_NO_ENGINE | |
1732 | /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts | |
1733 | * so this context may already have an ENGINE! Try to avoid releasing | |
a7ff9508 | 1734 | @@ -169,10 +218,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct |
0595faf5 MT |
1735 | ctx->engine = NULL; |
1736 | #endif | |
1737 | ||
1738 | -#ifdef OPENSSL_FIPS | |
a7ff9508 MT |
1739 | - if (FIPS_mode()) |
1740 | - return FIPS_cipherinit(ctx, cipher, key, iv, enc); | |
1741 | -#endif | |
0595faf5 MT |
1742 | ctx->cipher=cipher; |
1743 | if (ctx->cipher->ctx_size) | |
1744 | { | |
a7ff9508 | 1745 | @@ -206,10 +251,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct |
0595faf5 MT |
1746 | #ifndef OPENSSL_NO_ENGINE |
1747 | skip_to_init: | |
1748 | #endif | |
1749 | -#ifdef OPENSSL_FIPS | |
a7ff9508 MT |
1750 | - if (FIPS_mode()) |
1751 | - return FIPS_cipherinit(ctx, cipher, key, iv, enc); | |
1752 | -#endif | |
0595faf5 MT |
1753 | /* we assume block size is a power of 2 in *cryptUpdate */ |
1754 | OPENSSL_assert(ctx->cipher->block_size == 1 | |
1755 | || ctx->cipher->block_size == 8 | |
a7ff9508 | 1756 | @@ -249,6 +290,22 @@ skip_to_init: |
0595faf5 MT |
1757 | } |
1758 | } | |
1759 | ||
1760 | +#ifdef OPENSSL_FIPS | |
1761 | + /* After 'key' is set no further parameters changes are permissible. | |
1762 | + * So only check for non FIPS enabling at this point. | |
1763 | + */ | |
1764 | + if (key && FIPS_mode()) | |
1765 | + { | |
1766 | + if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS) | |
1767 | + & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) | |
1768 | + { | |
1769 | + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS); | |
1770 | + ctx->cipher = &bad_cipher; | |
1771 | + return 0; | |
1772 | + } | |
1773 | + } | |
1774 | +#endif | |
1775 | + | |
1776 | if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { | |
1777 | if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; | |
1778 | } | |
0595faf5 MT |
1779 | @@ -568,7 +625,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX |
1780 | ||
1781 | int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) | |
1782 | { | |
1783 | -#ifndef OPENSSL_FIPS | |
1784 | if (c->cipher != NULL) | |
1785 | { | |
1786 | if(c->cipher->cleanup && !c->cipher->cleanup(c)) | |
1787 | @@ -579,16 +635,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT | |
1788 | } | |
1789 | if (c->cipher_data) | |
1790 | OPENSSL_free(c->cipher_data); | |
1791 | -#endif | |
1792 | #ifndef OPENSSL_NO_ENGINE | |
1793 | if (c->engine) | |
1794 | /* The EVP_CIPHER we used belongs to an ENGINE, release the | |
1795 | * functional reference we held for this reason. */ | |
1796 | ENGINE_finish(c->engine); | |
1797 | #endif | |
1798 | -#ifdef OPENSSL_FIPS | |
1799 | - FIPS_cipher_ctx_cleanup(c); | |
1800 | -#endif | |
1801 | memset(c,0,sizeof(EVP_CIPHER_CTX)); | |
1802 | return 1; | |
1803 | } | |
a7ff9508 MT |
1804 | diff -up openssl-1.0.1b/crypto/evp/evp.h.fips openssl-1.0.1b/crypto/evp/evp.h |
1805 | --- openssl-1.0.1b/crypto/evp/evp.h.fips 2012-04-26 18:00:51.128763357 +0200 | |
1806 | +++ openssl-1.0.1b/crypto/evp/evp.h 2012-04-26 18:00:51.394769168 +0200 | |
0595faf5 MT |
1807 | @@ -75,6 +75,10 @@ |
1808 | #include <openssl/bio.h> | |
1809 | #endif | |
1810 | ||
1811 | +#ifdef OPENSSL_FIPS | |
1812 | +#include <openssl/fips.h> | |
1813 | +#endif | |
1814 | + | |
1815 | /* | |
1816 | #define EVP_RC2_KEY_SIZE 16 | |
1817 | #define EVP_RC4_KEY_SIZE 16 | |
1818 | @@ -272,10 +276,6 @@ struct env_md_ctx_st | |
1819 | * cleaned */ | |
1820 | #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data | |
1821 | * in EVP_MD_CTX_cleanup */ | |
1822 | -/* FIPS and pad options are ignored in 1.0.0, definitions are here | |
1823 | - * so we don't accidentally reuse the values for other purposes. | |
1824 | - */ | |
1825 | - | |
1826 | #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest | |
1827 | * in FIPS mode */ | |
1828 | ||
1829 | @@ -287,6 +287,10 @@ struct env_md_ctx_st | |
1830 | #define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */ | |
1831 | #define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */ | |
1832 | #define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ | |
1833 | +#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \ | |
1834 | + ((ctx->flags>>16) &0xFFFF) /* seed length */ | |
1835 | +#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */ | |
1836 | +#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */ | |
1837 | ||
1838 | #define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */ | |
1839 | ||
1840 | @@ -338,15 +342,15 @@ struct evp_cipher_st | |
1841 | /* cipher handles random key generation */ | |
1842 | #define EVP_CIPH_RAND_KEY 0x200 | |
1843 | /* cipher has its own additional copying logic */ | |
1844 | -#define EVP_CIPH_CUSTOM_COPY 0x400 | |
1845 | +#define EVP_CIPH_CUSTOM_COPY 0x4000 | |
1846 | /* Allow use default ASN1 get/set iv */ | |
1847 | #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 | |
1848 | /* Buffer length in bits not bytes: CFB1 mode only */ | |
1849 | #define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 | |
1850 | /* Note if suitable for use in FIPS mode */ | |
1851 | -#define EVP_CIPH_FLAG_FIPS 0x4000 | |
1852 | +#define EVP_CIPH_FLAG_FIPS 0x400 | |
1853 | /* Allow non FIPS cipher in FIPS mode */ | |
1854 | -#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 | |
1855 | +#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 | |
1856 | /* Cipher handles any and all padding logic as well | |
1857 | * as finalisation. | |
1858 | */ | |
a7ff9508 MT |
1859 | diff -up openssl-1.0.1b/crypto/evp/evp_lib.c.fips openssl-1.0.1b/crypto/evp/evp_lib.c |
1860 | --- openssl-1.0.1b/crypto/evp/evp_lib.c.fips 2011-05-29 04:32:05.000000000 +0200 | |
1861 | +++ openssl-1.0.1b/crypto/evp/evp_lib.c 2012-04-26 18:00:51.394769168 +0200 | |
0595faf5 MT |
1862 | @@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_ |
1863 | ||
1864 | int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) | |
1865 | { | |
1866 | +#ifdef OPENSSL_FIPS | |
1867 | + FIPS_selftest_check(); | |
1868 | +#endif | |
1869 | return ctx->cipher->do_cipher(ctx,out,in,inl); | |
1870 | } | |
1871 | ||
a7ff9508 MT |
1872 | diff -up openssl-1.0.1b/crypto/evp/evp_locl.h.fips openssl-1.0.1b/crypto/evp/evp_locl.h |
1873 | --- openssl-1.0.1b/crypto/evp/evp_locl.h.fips 2012-04-26 18:00:51.118763138 +0200 | |
1874 | +++ openssl-1.0.1b/crypto/evp/evp_locl.h 2012-04-26 18:00:51.395769190 +0200 | |
0595faf5 MT |
1875 | @@ -258,10 +258,9 @@ const EVP_CIPHER *EVP_##cname##_ecb(void |
1876 | BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ | |
1877 | BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ | |
1878 | NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ | |
1879 | - 0, cipher##_init_key, NULL, \ | |
1880 | - EVP_CIPHER_set_asn1_iv, \ | |
1881 | - EVP_CIPHER_get_asn1_iv, \ | |
1882 | - NULL) | |
1883 | + EVP_CIPH_FLAG_DEFAULT_ASN1, \ | |
1884 | + cipher##_init_key, NULL, NULL, NULL, NULL) | |
1885 | + | |
1886 | ||
1887 | struct evp_pkey_ctx_st | |
1888 | { | |
1889 | @@ -367,11 +366,6 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_ | |
1890 | #define MD2_Init private_MD2_Init | |
1891 | #define MDC2_Init private_MDC2_Init | |
1892 | #define SHA_Init private_SHA_Init | |
1893 | -#define SHA1_Init private_SHA1_Init | |
1894 | -#define SHA224_Init private_SHA224_Init | |
1895 | -#define SHA256_Init private_SHA256_Init | |
1896 | -#define SHA384_Init private_SHA384_Init | |
1897 | -#define SHA512_Init private_SHA512_Init | |
1898 | ||
1899 | #define BF_set_key private_BF_set_key | |
1900 | #define CAST_set_key private_CAST_set_key | |
1901 | @@ -379,7 +373,6 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_ | |
1902 | #define SEED_set_key private_SEED_set_key | |
1903 | #define RC2_set_key private_RC2_set_key | |
1904 | #define RC4_set_key private_RC4_set_key | |
1905 | -#define DES_set_key_unchecked private_DES_set_key_unchecked | |
1906 | #define Camellia_set_key private_Camellia_set_key | |
1907 | ||
1908 | #endif | |
a7ff9508 MT |
1909 | diff -up openssl-1.0.1b/crypto/evp/Makefile.fips openssl-1.0.1b/crypto/evp/Makefile |
1910 | --- openssl-1.0.1b/crypto/evp/Makefile.fips 2012-04-26 12:42:19.000000000 +0200 | |
1911 | +++ openssl-1.0.1b/crypto/evp/Makefile 2012-04-26 18:00:51.395769190 +0200 | |
0595faf5 MT |
1912 | @@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_ |
1913 | bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ | |
1914 | c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ | |
1915 | evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \ | |
1916 | - e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \ | |
1917 | + e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ | |
1918 | e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c | |
1919 | ||
1920 | LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \ | |
1921 | @@ -41,7 +41,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_ | |
1922 | bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ | |
1923 | c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \ | |
1924 | evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \ | |
1925 | - e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \ | |
1926 | + e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \ | |
1927 | e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o | |
1928 | ||
1929 | SRC= $(LIBSRC) | |
a7ff9508 MT |
1930 | diff -up openssl-1.0.1b/crypto/evp/m_dss1.c.fips openssl-1.0.1b/crypto/evp/m_dss1.c |
1931 | --- openssl-1.0.1b/crypto/evp/m_dss1.c.fips 2011-06-01 17:11:00.000000000 +0200 | |
1932 | +++ openssl-1.0.1b/crypto/evp/m_dss1.c 2012-04-26 18:00:51.396769212 +0200 | |
0595faf5 MT |
1933 | @@ -68,8 +68,6 @@ |
1934 | #include <openssl/dsa.h> | |
1935 | #endif | |
1936 | ||
1937 | -#ifndef OPENSSL_FIPS | |
1938 | - | |
1939 | static int init(EVP_MD_CTX *ctx) | |
1940 | { return SHA1_Init(ctx->md_data); } | |
1941 | ||
1942 | @@ -84,7 +82,7 @@ static const EVP_MD dss1_md= | |
1943 | NID_dsa, | |
1944 | NID_dsaWithSHA1, | |
1945 | SHA_DIGEST_LENGTH, | |
1946 | - EVP_MD_FLAG_PKEY_DIGEST, | |
1947 | + EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS, | |
1948 | init, | |
1949 | update, | |
1950 | final, | |
1951 | @@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void) | |
1952 | return(&dss1_md); | |
1953 | } | |
1954 | #endif | |
1955 | -#endif | |
a7ff9508 MT |
1956 | diff -up openssl-1.0.1b/crypto/evp/m_dss.c.fips openssl-1.0.1b/crypto/evp/m_dss.c |
1957 | --- openssl-1.0.1b/crypto/evp/m_dss.c.fips 2011-06-01 17:11:00.000000000 +0200 | |
1958 | +++ openssl-1.0.1b/crypto/evp/m_dss.c 2012-04-26 18:00:51.396769212 +0200 | |
0595faf5 MT |
1959 | @@ -66,7 +66,6 @@ |
1960 | #endif | |
1961 | ||
1962 | #ifndef OPENSSL_NO_SHA | |
1963 | -#ifndef OPENSSL_FIPS | |
1964 | ||
1965 | static int init(EVP_MD_CTX *ctx) | |
1966 | { return SHA1_Init(ctx->md_data); } | |
1967 | @@ -82,7 +81,7 @@ static const EVP_MD dsa_md= | |
1968 | NID_dsaWithSHA, | |
1969 | NID_dsaWithSHA, | |
1970 | SHA_DIGEST_LENGTH, | |
1971 | - EVP_MD_FLAG_PKEY_DIGEST, | |
1972 | + EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS, | |
1973 | init, | |
1974 | update, | |
1975 | final, | |
1976 | @@ -98,4 +97,3 @@ const EVP_MD *EVP_dss(void) | |
1977 | return(&dsa_md); | |
1978 | } | |
1979 | #endif | |
1980 | -#endif | |
a7ff9508 MT |
1981 | diff -up openssl-1.0.1b/crypto/evp/m_md2.c.fips openssl-1.0.1b/crypto/evp/m_md2.c |
1982 | --- openssl-1.0.1b/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200 | |
1983 | +++ openssl-1.0.1b/crypto/evp/m_md2.c 2012-04-26 18:00:51.396769212 +0200 | |
0595faf5 MT |
1984 | @@ -68,6 +68,7 @@ |
1985 | #ifndef OPENSSL_NO_RSA | |
1986 | #include <openssl/rsa.h> | |
1987 | #endif | |
1988 | +#include "evp_locl.h" | |
1989 | ||
1990 | static int init(EVP_MD_CTX *ctx) | |
1991 | { return MD2_Init(ctx->md_data); } | |
a7ff9508 MT |
1992 | diff -up openssl-1.0.1b/crypto/evp/m_sha1.c.fips openssl-1.0.1b/crypto/evp/m_sha1.c |
1993 | --- openssl-1.0.1b/crypto/evp/m_sha1.c.fips 2011-05-29 01:01:26.000000000 +0200 | |
1994 | +++ openssl-1.0.1b/crypto/evp/m_sha1.c 2012-04-26 18:00:51.396769212 +0200 | |
0595faf5 MT |
1995 | @@ -59,8 +59,6 @@ |
1996 | #include <stdio.h> | |
1997 | #include "cryptlib.h" | |
1998 | ||
1999 | -#ifndef OPENSSL_FIPS | |
2000 | - | |
2001 | #ifndef OPENSSL_NO_SHA | |
2002 | ||
2003 | #include <openssl/evp.h> | |
2004 | @@ -85,7 +83,8 @@ static const EVP_MD sha1_md= | |
2005 | NID_sha1, | |
2006 | NID_sha1WithRSAEncryption, | |
2007 | SHA_DIGEST_LENGTH, | |
2008 | - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, | |
2009 | + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT| | |
2010 | + EVP_MD_FLAG_FIPS, | |
2011 | init, | |
2012 | update, | |
2013 | final, | |
2014 | @@ -122,7 +121,8 @@ static const EVP_MD sha224_md= | |
2015 | NID_sha224, | |
2016 | NID_sha224WithRSAEncryption, | |
2017 | SHA224_DIGEST_LENGTH, | |
2018 | - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, | |
2019 | + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT| | |
2020 | + EVP_MD_FLAG_FIPS, | |
2021 | init224, | |
2022 | update256, | |
2023 | final256, | |
2024 | @@ -141,7 +141,8 @@ static const EVP_MD sha256_md= | |
2025 | NID_sha256, | |
2026 | NID_sha256WithRSAEncryption, | |
2027 | SHA256_DIGEST_LENGTH, | |
2028 | - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, | |
2029 | + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT| | |
2030 | + EVP_MD_FLAG_FIPS, | |
2031 | init256, | |
2032 | update256, | |
2033 | final256, | |
2034 | @@ -172,7 +173,8 @@ static const EVP_MD sha384_md= | |
2035 | NID_sha384, | |
2036 | NID_sha384WithRSAEncryption, | |
2037 | SHA384_DIGEST_LENGTH, | |
2038 | - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, | |
2039 | + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT| | |
2040 | + EVP_MD_FLAG_FIPS, | |
2041 | init384, | |
2042 | update512, | |
2043 | final512, | |
2044 | @@ -191,7 +193,8 @@ static const EVP_MD sha512_md= | |
2045 | NID_sha512, | |
2046 | NID_sha512WithRSAEncryption, | |
2047 | SHA512_DIGEST_LENGTH, | |
2048 | - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, | |
2049 | + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT| | |
2050 | + EVP_MD_FLAG_FIPS, | |
2051 | init512, | |
2052 | update512, | |
2053 | final512, | |
2054 | @@ -206,4 +209,3 @@ const EVP_MD *EVP_sha512(void) | |
2055 | { return(&sha512_md); } | |
2056 | #endif /* ifndef OPENSSL_NO_SHA512 */ | |
2057 | ||
2058 | -#endif | |
a7ff9508 MT |
2059 | diff -up openssl-1.0.1b/crypto/evp/p_sign.c.fips openssl-1.0.1b/crypto/evp/p_sign.c |
2060 | --- openssl-1.0.1b/crypto/evp/p_sign.c.fips 2011-06-09 18:02:39.000000000 +0200 | |
2061 | +++ openssl-1.0.1b/crypto/evp/p_sign.c 2012-04-26 18:00:51.396769212 +0200 | |
0595faf5 MT |
2062 | @@ -61,6 +61,7 @@ |
2063 | #include <openssl/evp.h> | |
2064 | #include <openssl/objects.h> | |
2065 | #include <openssl/x509.h> | |
2066 | +#include <openssl/rsa.h> | |
2067 | ||
2068 | #ifdef undef | |
2069 | void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) | |
2070 | @@ -103,6 +104,22 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsig | |
2071 | goto err; | |
2072 | if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) | |
2073 | goto err; | |
2074 | + if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931) | |
2075 | + if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0) | |
2076 | + goto err; | |
2077 | + if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS) | |
2078 | + { | |
2079 | + int saltlen; | |
2080 | + if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0) | |
2081 | + goto err; | |
2082 | + saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx); | |
2083 | + if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN) | |
2084 | + saltlen = -1; | |
2085 | + else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC) | |
2086 | + saltlen = -2; | |
2087 | + if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0) | |
2088 | + goto err; | |
2089 | + } | |
2090 | if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) | |
2091 | goto err; | |
2092 | *siglen = sltmp; | |
a7ff9508 MT |
2093 | diff -up openssl-1.0.1b/crypto/evp/p_verify.c.fips openssl-1.0.1b/crypto/evp/p_verify.c |
2094 | --- openssl-1.0.1b/crypto/evp/p_verify.c.fips 2011-06-09 18:02:39.000000000 +0200 | |
2095 | +++ openssl-1.0.1b/crypto/evp/p_verify.c 2012-04-26 18:00:51.396769212 +0200 | |
0595faf5 MT |
2096 | @@ -61,6 +61,7 @@ |
2097 | #include <openssl/evp.h> | |
2098 | #include <openssl/objects.h> | |
2099 | #include <openssl/x509.h> | |
2100 | +#include <openssl/rsa.h> | |
2101 | ||
2102 | int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, | |
2103 | unsigned int siglen, EVP_PKEY *pkey) | |
2104 | @@ -88,6 +89,22 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, con | |
2105 | goto err; | |
2106 | if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) | |
2107 | goto err; | |
2108 | + if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931) | |
2109 | + if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0) | |
2110 | + goto err; | |
2111 | + if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS) | |
2112 | + { | |
2113 | + int saltlen; | |
2114 | + if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0) | |
2115 | + goto err; | |
2116 | + saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx); | |
2117 | + if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN) | |
2118 | + saltlen = -1; | |
2119 | + else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC) | |
2120 | + saltlen = -2; | |
2121 | + if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0) | |
2122 | + goto err; | |
2123 | + } | |
2124 | i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); | |
2125 | err: | |
2126 | EVP_PKEY_CTX_free(pkctx); | |
a7ff9508 MT |
2127 | diff -up openssl-1.0.1b/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_aesavs.c |
2128 | --- openssl-1.0.1b/crypto/fips/cavs/fips_aesavs.c.fips 2012-04-26 18:00:51.397769234 +0200 | |
2129 | +++ openssl-1.0.1b/crypto/fips/cavs/fips_aesavs.c 2012-04-26 18:00:51.397769234 +0200 | |
0595faf5 MT |
2130 | @@ -0,0 +1,939 @@ |
2131 | +/* ==================================================================== | |
2132 | + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | |
2133 | + * | |
2134 | + * Redistribution and use in source and binary forms, with or without | |
2135 | + * modification, are permitted provided that the following conditions | |
2136 | + * are met: | |
2137 | + * | |
2138 | + * 1. Redistributions of source code must retain the above copyright | |
2139 | + * notice, this list of conditions and the following disclaimer. | |
2140 | + * | |
2141 | + * 2. Redistributions in binary form must reproduce the above copyright | |
2142 | + * notice, this list of conditions and the following disclaimer in | |
2143 | + * the documentation and/or other materials provided with the | |
2144 | + * distribution. | |
2145 | + * | |
2146 | + * 3. All advertising materials mentioning features or use of this | |
2147 | + * software must display the following acknowledgment: | |
2148 | + * "This product includes software developed by the OpenSSL Project | |
2149 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
2150 | + * | |
2151 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
2152 | + * endorse or promote products derived from this software without | |
2153 | + * prior written permission. For written permission, please contact | |
2154 | + * openssl-core@openssl.org. | |
2155 | + * | |
2156 | + * 5. Products derived from this software may not be called "OpenSSL" | |
2157 | + * nor may "OpenSSL" appear in their names without prior written | |
2158 | + * permission of the OpenSSL Project. | |
2159 | + * | |
2160 | + * 6. Redistributions of any form whatsoever must retain the following | |
2161 | + * acknowledgment: | |
2162 | + * "This product includes software developed by the OpenSSL Project | |
2163 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
2164 | + * | |
2165 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
2166 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
2167 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
2168 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
2169 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
2170 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
2171 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
2172 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
2173 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
2174 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
2175 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
2176 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
2177 | + * | |
2178 | + */ | |
2179 | +/*--------------------------------------------- | |
2180 | + NIST AES Algorithm Validation Suite | |
2181 | + Test Program | |
2182 | + | |
2183 | + Donated to OpenSSL by: | |
2184 | + V-ONE Corporation | |
2185 | + 20250 Century Blvd, Suite 300 | |
2186 | + Germantown, MD 20874 | |
2187 | + U.S.A. | |
2188 | + ----------------------------------------------*/ | |
2189 | + | |
2190 | +#include <stdio.h> | |
2191 | +#include <stdlib.h> | |
2192 | +#include <string.h> | |
2193 | +#include <errno.h> | |
2194 | +#include <assert.h> | |
2195 | +#include <ctype.h> | |
2196 | +#include <openssl/aes.h> | |
2197 | +#include <openssl/evp.h> | |
2198 | +#include <openssl/bn.h> | |
2199 | + | |
2200 | +#include <openssl/err.h> | |
2201 | +#include "e_os.h" | |
2202 | + | |
2203 | +#ifndef OPENSSL_FIPS | |
2204 | + | |
2205 | +int main(int argc, char *argv[]) | |
2206 | +{ | |
2207 | + printf("No FIPS AES support\n"); | |
2208 | + return(0); | |
2209 | +} | |
2210 | + | |
2211 | +#else | |
2212 | + | |
2213 | +#include <openssl/fips.h> | |
2214 | +#include "fips_utl.h" | |
2215 | + | |
2216 | +#define AES_BLOCK_SIZE 16 | |
2217 | + | |
2218 | +#define VERBOSE 0 | |
2219 | + | |
2220 | +/*-----------------------------------------------*/ | |
2221 | + | |
2222 | +int AESTest(EVP_CIPHER_CTX *ctx, | |
2223 | + char *amode, int akeysz, unsigned char *aKey, | |
2224 | + unsigned char *iVec, | |
2225 | + int dir, /* 0 = decrypt, 1 = encrypt */ | |
2226 | + unsigned char *plaintext, unsigned char *ciphertext, int len) | |
2227 | + { | |
2228 | + const EVP_CIPHER *cipher = NULL; | |
2229 | + | |
2230 | + if (strcasecmp(amode, "CBC") == 0) | |
2231 | + { | |
2232 | + switch (akeysz) | |
2233 | + { | |
2234 | + case 128: | |
2235 | + cipher = EVP_aes_128_cbc(); | |
2236 | + break; | |
2237 | + | |
2238 | + case 192: | |
2239 | + cipher = EVP_aes_192_cbc(); | |
2240 | + break; | |
2241 | + | |
2242 | + case 256: | |
2243 | + cipher = EVP_aes_256_cbc(); | |
2244 | + break; | |
2245 | + } | |
2246 | + | |
2247 | + } | |
2248 | + else if (strcasecmp(amode, "ECB") == 0) | |
2249 | + { | |
2250 | + switch (akeysz) | |
2251 | + { | |
2252 | + case 128: | |
2253 | + cipher = EVP_aes_128_ecb(); | |
2254 | + break; | |
2255 | + | |
2256 | + case 192: | |
2257 | + cipher = EVP_aes_192_ecb(); | |
2258 | + break; | |
2259 | + | |
2260 | + case 256: | |
2261 | + cipher = EVP_aes_256_ecb(); | |
2262 | + break; | |
2263 | + } | |
2264 | + } | |
2265 | + else if (strcasecmp(amode, "CFB128") == 0) | |
2266 | + { | |
2267 | + switch (akeysz) | |
2268 | + { | |
2269 | + case 128: | |
2270 | + cipher = EVP_aes_128_cfb128(); | |
2271 | + break; | |
2272 | + | |
2273 | + case 192: | |
2274 | + cipher = EVP_aes_192_cfb128(); | |
2275 | + break; | |
2276 | + | |
2277 | + case 256: | |
2278 | + cipher = EVP_aes_256_cfb128(); | |
2279 | + break; | |
2280 | + } | |
2281 | + | |
2282 | + } | |
2283 | + else if (strncasecmp(amode, "OFB", 3) == 0) | |
2284 | + { | |
2285 | + switch (akeysz) | |
2286 | + { | |
2287 | + case 128: | |
2288 | + cipher = EVP_aes_128_ofb(); | |
2289 | + break; | |
2290 | + | |
2291 | + case 192: | |
2292 | + cipher = EVP_aes_192_ofb(); | |
2293 | + break; | |
2294 | + | |
2295 | + case 256: | |
2296 | + cipher = EVP_aes_256_ofb(); | |
2297 | + break; | |
2298 | + } | |
2299 | + } | |
2300 | + else if(!strcasecmp(amode,"CFB1")) | |
2301 | + { | |
2302 | + switch (akeysz) | |
2303 | + { | |
2304 | + case 128: | |
2305 | + cipher = EVP_aes_128_cfb1(); | |
2306 | + break; | |
2307 | + | |
2308 | + case 192: | |
2309 | + cipher = EVP_aes_192_cfb1(); | |
2310 | + break; | |
2311 | + | |
2312 | + case 256: | |
2313 | + cipher = EVP_aes_256_cfb1(); | |
2314 | + break; | |
2315 | + } | |
2316 | + } | |
2317 | + else if(!strcasecmp(amode,"CFB8")) | |
2318 | + { | |
2319 | + switch (akeysz) | |
2320 | + { | |
2321 | + case 128: | |
2322 | + cipher = EVP_aes_128_cfb8(); | |
2323 | + break; | |
2324 | + | |
2325 | + case 192: | |
2326 | + cipher = EVP_aes_192_cfb8(); | |
2327 | + break; | |
2328 | + | |
2329 | + case 256: | |
2330 | + cipher = EVP_aes_256_cfb8(); | |
2331 | + break; | |
2332 | + } | |
2333 | + } | |
2334 | + else | |
2335 | + { | |
2336 | + printf("Unknown mode: %s\n", amode); | |
2337 | + return 0; | |
2338 | + } | |
2339 | + if (!cipher) | |
2340 | + { | |
2341 | + printf("Invalid key size: %d\n", akeysz); | |
2342 | + return 0; | |
2343 | + } | |
2344 | + if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0) | |
2345 | + return 0; | |
2346 | + if(!strcasecmp(amode,"CFB1")) | |
2347 | + M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS); | |
2348 | + if (dir) | |
2349 | + EVP_Cipher(ctx, ciphertext, plaintext, len); | |
2350 | + else | |
2351 | + EVP_Cipher(ctx, plaintext, ciphertext, len); | |
2352 | + return 1; | |
2353 | + } | |
2354 | + | |
2355 | +/*-----------------------------------------------*/ | |
2356 | +char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"}; | |
2357 | +char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"}; | |
2358 | +enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128}; | |
2359 | +enum XCrypt {XDECRYPT, XENCRYPT}; | |
2360 | + | |
2361 | +/*=============================*/ | |
2362 | +/* Monte Carlo Tests */ | |
2363 | +/*-----------------------------*/ | |
2364 | + | |
2365 | +/*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/ | |
2366 | +/*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/ | |
2367 | + | |
2368 | +#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1) | |
2369 | +#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8))) | |
2370 | + | |
2371 | +int do_mct(char *amode, | |
2372 | + int akeysz, unsigned char *aKey,unsigned char *iVec, | |
2373 | + int dir, unsigned char *text, int len, | |
2374 | + FILE *rfp) | |
2375 | + { | |
2376 | + int ret = 0; | |
2377 | + unsigned char key[101][32]; | |
2378 | + unsigned char iv[101][AES_BLOCK_SIZE]; | |
2379 | + unsigned char ptext[1001][32]; | |
2380 | + unsigned char ctext[1001][32]; | |
2381 | + unsigned char ciphertext[64+4]; | |
2382 | + int i, j, n, n1, n2; | |
2383 | + int imode = 0, nkeysz = akeysz/8; | |
2384 | + EVP_CIPHER_CTX ctx; | |
2385 | + EVP_CIPHER_CTX_init(&ctx); | |
2386 | + | |
2387 | + if (len > 32) | |
2388 | + { | |
2389 | + printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n", | |
2390 | + amode, akeysz); | |
2391 | + return -1; | |
2392 | + } | |
2393 | + for (imode = 0; imode < 6; ++imode) | |
2394 | + if (strcmp(amode, t_mode[imode]) == 0) | |
2395 | + break; | |
2396 | + if (imode == 6) | |
2397 | + { | |
2398 | + printf("Unrecognized mode: %s\n", amode); | |
2399 | + return -1; | |
2400 | + } | |
2401 | + | |
2402 | + memcpy(key[0], aKey, nkeysz); | |
2403 | + if (iVec) | |
2404 | + memcpy(iv[0], iVec, AES_BLOCK_SIZE); | |
2405 | + if (dir == XENCRYPT) | |
2406 | + memcpy(ptext[0], text, len); | |
2407 | + else | |
2408 | + memcpy(ctext[0], text, len); | |
2409 | + for (i = 0; i < 100; ++i) | |
2410 | + { | |
2411 | + /* printf("Iteration %d\n", i); */ | |
2412 | + if (i > 0) | |
2413 | + { | |
2414 | + fprintf(rfp,"COUNT = %d\n",i); | |
2415 | + OutputValue("KEY",key[i],nkeysz,rfp,0); | |
2416 | + if (imode != ECB) /* ECB */ | |
2417 | + OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0); | |
2418 | + /* Output Ciphertext | Plaintext */ | |
2419 | + OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp, | |
2420 | + imode == CFB1); | |
2421 | + } | |
2422 | + for (j = 0; j < 1000; ++j) | |
2423 | + { | |
2424 | + switch (imode) | |
2425 | + { | |
2426 | + case ECB: | |
2427 | + if (j == 0) | |
2428 | + { /* set up encryption */ | |
2429 | + ret = AESTest(&ctx, amode, akeysz, key[i], NULL, | |
2430 | + dir, /* 0 = decrypt, 1 = encrypt */ | |
2431 | + ptext[j], ctext[j], len); | |
2432 | + if (dir == XENCRYPT) | |
2433 | + memcpy(ptext[j+1], ctext[j], len); | |
2434 | + else | |
2435 | + memcpy(ctext[j+1], ptext[j], len); | |
2436 | + } | |
2437 | + else | |
2438 | + { | |
2439 | + if (dir == XENCRYPT) | |
2440 | + { | |
2441 | + EVP_Cipher(&ctx, ctext[j], ptext[j], len); | |
2442 | + memcpy(ptext[j+1], ctext[j], len); | |
2443 | + } | |
2444 | + else | |
2445 | + { | |
2446 | + EVP_Cipher(&ctx, ptext[j], ctext[j], len); | |
2447 | + memcpy(ctext[j+1], ptext[j], len); | |
2448 | + } | |
2449 | + } | |
2450 | + break; | |
2451 | + | |
2452 | + case CBC: | |
2453 | + case OFB: | |
2454 | + case CFB128: | |
2455 | + if (j == 0) | |
2456 | + { | |
2457 | + ret = AESTest(&ctx, amode, akeysz, key[i], iv[i], | |
2458 | + dir, /* 0 = decrypt, 1 = encrypt */ | |
2459 | + ptext[j], ctext[j], len); | |
2460 | + if (dir == XENCRYPT) | |
2461 | + memcpy(ptext[j+1], iv[i], len); | |
2462 | + else | |
2463 | + memcpy(ctext[j+1], iv[i], len); | |
2464 | + } | |
2465 | + else | |
2466 | + { | |
2467 | + if (dir == XENCRYPT) | |
2468 | + { | |
2469 | + EVP_Cipher(&ctx, ctext[j], ptext[j], len); | |
2470 | + memcpy(ptext[j+1], ctext[j-1], len); | |
2471 | + } | |
2472 | + else | |
2473 | + { | |
2474 | + EVP_Cipher(&ctx, ptext[j], ctext[j], len); | |
2475 | + memcpy(ctext[j+1], ptext[j-1], len); | |
2476 | + } | |
2477 | + } | |
2478 | + break; | |
2479 | + | |
2480 | + case CFB8: | |
2481 | + if (j == 0) | |
2482 | + { | |
2483 | + ret = AESTest(&ctx, amode, akeysz, key[i], iv[i], | |
2484 | + dir, /* 0 = decrypt, 1 = encrypt */ | |
2485 | + ptext[j], ctext[j], len); | |
2486 | + } | |
2487 | + else | |
2488 | + { | |
2489 | + if (dir == XENCRYPT) | |
2490 | + EVP_Cipher(&ctx, ctext[j], ptext[j], len); | |
2491 | + else | |
2492 | + EVP_Cipher(&ctx, ptext[j], ctext[j], len); | |
2493 | + } | |
2494 | + if (dir == XENCRYPT) | |
2495 | + { | |
2496 | + if (j < 16) | |
2497 | + memcpy(ptext[j+1], &iv[i][j], len); | |
2498 | + else | |
2499 | + memcpy(ptext[j+1], ctext[j-16], len); | |
2500 | + } | |
2501 | + else | |
2502 | + { | |
2503 | + if (j < 16) | |
2504 | + memcpy(ctext[j+1], &iv[i][j], len); | |
2505 | + else | |
2506 | + memcpy(ctext[j+1], ptext[j-16], len); | |
2507 | + } | |
2508 | + break; | |
2509 | + | |
2510 | + case CFB1: | |
2511 | + if(j == 0) | |
2512 | + { | |
2513 | +#if 0 | |
2514 | + /* compensate for wrong endianness of input file */ | |
2515 | + if(i == 0) | |
2516 | + ptext[0][0]<<=7; | |
2517 | +#endif | |
2518 | + ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir, | |
2519 | + ptext[j], ctext[j], len); | |
2520 | + } | |
2521 | + else | |
2522 | + { | |
2523 | + if (dir == XENCRYPT) | |
2524 | + EVP_Cipher(&ctx, ctext[j], ptext[j], len); | |
2525 | + else | |
2526 | + EVP_Cipher(&ctx, ptext[j], ctext[j], len); | |
2527 | + | |
2528 | + } | |
2529 | + if(dir == XENCRYPT) | |
2530 | + { | |
2531 | + if(j < 128) | |
2532 | + sb(ptext[j+1],0,gb(iv[i],j)); | |
2533 | + else | |
2534 | + sb(ptext[j+1],0,gb(ctext[j-128],0)); | |
2535 | + } | |
2536 | + else | |
2537 | + { | |
2538 | + if(j < 128) | |
2539 | + sb(ctext[j+1],0,gb(iv[i],j)); | |
2540 | + else | |
2541 | + sb(ctext[j+1],0,gb(ptext[j-128],0)); | |
2542 | + } | |
2543 | + break; | |
2544 | + } | |
2545 | + } | |
2546 | + --j; /* reset to last of range */ | |
2547 | + /* Output Ciphertext | Plaintext */ | |
2548 | + OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp, | |
2549 | + imode == CFB1); | |
2550 | + fprintf(rfp, "\n"); /* add separator */ | |
2551 | + | |
2552 | + /* Compute next KEY */ | |
2553 | + if (dir == XENCRYPT) | |
2554 | + { | |
2555 | + if (imode == CFB8) | |
2556 | + { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */ | |
2557 | + for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2) | |
2558 | + ciphertext[n1] = ctext[j-n2][0]; | |
2559 | + } | |
2560 | + else if(imode == CFB1) | |
2561 | + { | |
2562 | + for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2) | |
2563 | + sb(ciphertext,n1,gb(ctext[j-n2],0)); | |
2564 | + } | |
2565 | + else | |
2566 | + switch (akeysz) | |
2567 | + { | |
2568 | + case 128: | |
2569 | + memcpy(ciphertext, ctext[j], 16); | |
2570 | + break; | |
2571 | + case 192: | |
2572 | + memcpy(ciphertext, ctext[j-1]+8, 8); | |
2573 | + memcpy(ciphertext+8, ctext[j], 16); | |
2574 | + break; | |
2575 | + case 256: | |
2576 | + memcpy(ciphertext, ctext[j-1], 16); | |
2577 | + memcpy(ciphertext+16, ctext[j], 16); | |
2578 | + break; | |
2579 | + } | |
2580 | + } | |
2581 | + else | |
2582 | + { | |
2583 | + if (imode == CFB8) | |
2584 | + { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */ | |
2585 | + for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2) | |
2586 | + ciphertext[n1] = ptext[j-n2][0]; | |
2587 | + } | |
2588 | + else if(imode == CFB1) | |
2589 | + { | |
2590 | + for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2) | |
2591 | + sb(ciphertext,n1,gb(ptext[j-n2],0)); | |
2592 | + } | |
2593 | + else | |
2594 | + switch (akeysz) | |
2595 | + { | |
2596 | + case 128: | |
2597 | + memcpy(ciphertext, ptext[j], 16); | |
2598 | + break; | |
2599 | + case 192: | |
2600 | + memcpy(ciphertext, ptext[j-1]+8, 8); | |
2601 | + memcpy(ciphertext+8, ptext[j], 16); | |
2602 | + break; | |
2603 | + case 256: | |
2604 | + memcpy(ciphertext, ptext[j-1], 16); | |
2605 | + memcpy(ciphertext+16, ptext[j], 16); | |
2606 | + break; | |
2607 | + } | |
2608 | + } | |
2609 | + /* Compute next key: Key[i+1] = Key[i] xor ct */ | |
2610 | + for (n = 0; n < nkeysz; ++n) | |
2611 | + key[i+1][n] = key[i][n] ^ ciphertext[n]; | |
2612 | + | |
2613 | + /* Compute next IV and text */ | |
2614 | + if (dir == XENCRYPT) | |
2615 | + { | |
2616 | + switch (imode) | |
2617 | + { | |
2618 | + case ECB: | |
2619 | + memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE); | |
2620 | + break; | |
2621 | + case CBC: | |
2622 | + case OFB: | |
2623 | + case CFB128: | |
2624 | + memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE); | |
2625 | + memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE); | |
2626 | + break; | |
2627 | + case CFB8: | |
2628 | + /* IV[i+1] = ct */ | |
2629 | + for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2) | |
2630 | + iv[i+1][n1] = ctext[j-n2][0]; | |
2631 | + ptext[0][0] = ctext[j-16][0]; | |
2632 | + break; | |
2633 | + case CFB1: | |
2634 | + for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2) | |
2635 | + sb(iv[i+1],n1,gb(ctext[j-n2],0)); | |
2636 | + ptext[0][0]=ctext[j-128][0]&0x80; | |
2637 | + break; | |
2638 | + } | |
2639 | + } | |
2640 | + else | |
2641 | + { | |
2642 | + switch (imode) | |
2643 | + { | |
2644 | + case ECB: | |
2645 | + memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE); | |
2646 | + break; | |
2647 | + case CBC: | |
2648 | + case OFB: | |
2649 | + case CFB128: | |
2650 | + memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE); | |
2651 | + memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE); | |
2652 | + break; | |
2653 | + case CFB8: | |
2654 | + for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2) | |
2655 | + iv[i+1][n1] = ptext[j-n2][0]; | |
2656 | + ctext[0][0] = ptext[j-16][0]; | |
2657 | + break; | |
2658 | + case CFB1: | |
2659 | + for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2) | |
2660 | + sb(iv[i+1],n1,gb(ptext[j-n2],0)); | |
2661 | + ctext[0][0]=ptext[j-128][0]&0x80; | |
2662 | + break; | |
2663 | + } | |
2664 | + } | |
2665 | + } | |
2666 | + | |
2667 | + return ret; | |
2668 | + } | |
2669 | + | |
2670 | +/*================================================*/ | |
2671 | +/*---------------------------- | |
2672 | + # Config info for v-one | |
2673 | + # AESVS MMT test data for ECB | |
2674 | + # State : Encrypt and Decrypt | |
2675 | + # Key Length : 256 | |
2676 | + # Fri Aug 30 04:07:22 PM | |
2677 | + ----------------------------*/ | |
2678 | + | |
2679 | +int proc_file(char *rqfile, char *rspfile) | |
2680 | + { | |
2681 | + char afn[256], rfn[256]; | |
2682 | + FILE *afp = NULL, *rfp = NULL; | |
2683 | + char ibuf[2048]; | |
2684 | + char tbuf[2048]; | |
2685 | + int ilen, len, ret = 0; | |
2686 | + char algo[8] = ""; | |
2687 | + char amode[8] = ""; | |
2688 | + char atest[8] = ""; | |
2689 | + int akeysz = 0; | |
2690 | + unsigned char iVec[20], aKey[40]; | |
2691 | + int dir = -1, err = 0, step = 0; | |
2692 | + unsigned char plaintext[2048]; | |
2693 | + unsigned char ciphertext[2048]; | |
2694 | + char *rp; | |
2695 | + EVP_CIPHER_CTX ctx; | |
2696 | + EVP_CIPHER_CTX_init(&ctx); | |
2697 | + | |
2698 | + if (!rqfile || !(*rqfile)) | |
2699 | + { | |
2700 | + printf("No req file\n"); | |
2701 | + return -1; | |
2702 | + } | |
2703 | + strcpy(afn, rqfile); | |
2704 | + | |
2705 | + if ((afp = fopen(afn, "r")) == NULL) | |
2706 | + { | |
2707 | + printf("Cannot open file: %s, %s\n", | |
2708 | + afn, strerror(errno)); | |
2709 | + return -1; | |
2710 | + } | |
2711 | + if (!rspfile) | |
2712 | + { | |
2713 | + strcpy(rfn,afn); | |
2714 | + rp=strstr(rfn,"req/"); | |
2715 | +#ifdef OPENSSL_SYS_WIN32 | |
2716 | + if (!rp) | |
2717 | + rp=strstr(rfn,"req\\"); | |
2718 | +#endif | |
2719 | + assert(rp); | |
2720 | + memcpy(rp,"rsp",3); | |
2721 | + rp = strstr(rfn, ".req"); | |
2722 | + memcpy(rp, ".rsp", 4); | |
2723 | + rspfile = rfn; | |
2724 | + } | |
2725 | + if ((rfp = fopen(rspfile, "w")) == NULL) | |
2726 | + { | |
2727 | + printf("Cannot open file: %s, %s\n", | |
2728 | + rfn, strerror(errno)); | |
2729 | + fclose(afp); | |
2730 | + afp = NULL; | |
2731 | + return -1; | |
2732 | + } | |
2733 | + while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL) | |
2734 | + { | |
2735 | + tidy_line(tbuf, ibuf); | |
2736 | + ilen = strlen(ibuf); | |
2737 | + /* printf("step=%d ibuf=%s",step,ibuf); */ | |
2738 | + switch (step) | |
2739 | + { | |
2740 | + case 0: /* read preamble */ | |
2741 | + if (ibuf[0] == '\n') | |
2742 | + { /* end of preamble */ | |
2743 | + if ((*algo == '\0') || | |
2744 | + (*amode == '\0') || | |
2745 | + (akeysz == 0)) | |
2746 | + { | |
2747 | + printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n", | |
2748 | + algo,amode,akeysz); | |
2749 | + err = 1; | |
2750 | + } | |
2751 | + else | |
2752 | + { | |
2753 | + fputs(ibuf, rfp); | |
2754 | + ++ step; | |
2755 | + } | |
2756 | + } | |
2757 | + else if (ibuf[0] != '#') | |
2758 | + { | |
2759 | + printf("Invalid preamble item: %s\n", ibuf); | |
2760 | + err = 1; | |
2761 | + } | |
2762 | + else | |
2763 | + { /* process preamble */ | |
2764 | + char *xp, *pp = ibuf+2; | |
2765 | + int n; | |
2766 | + if (akeysz) | |
2767 | + { /* insert current time & date */ | |
2768 | + time_t rtim = time(0); | |
2769 | + fprintf(rfp, "# %s", ctime(&rtim)); | |
2770 | + } | |
2771 | + else | |
2772 | + { | |
2773 | + fputs(ibuf, rfp); | |
2774 | + if (strncmp(pp, "AESVS ", 6) == 0) | |
2775 | + { | |
2776 | + strcpy(algo, "AES"); | |
2777 | + /* get test type */ | |
2778 | + pp += 6; | |
2779 | + xp = strchr(pp, ' '); | |
2780 | + n = xp-pp; | |
2781 | + strncpy(atest, pp, n); | |
2782 | + atest[n] = '\0'; | |
2783 | + /* get mode */ | |
2784 | + xp = strrchr(pp, ' '); /* get mode" */ | |
2785 | + n = strlen(xp+1)-1; | |
2786 | + strncpy(amode, xp+1, n); | |
2787 | + amode[n] = '\0'; | |
2788 | + /* amode[3] = '\0'; */ | |
2789 | + if (VERBOSE) | |
2790 | + printf("Test = %s, Mode = %s\n", atest, amode); | |
2791 | + } | |
2792 | + else if (strncasecmp(pp, "Key Length : ", 13) == 0) | |
2793 | + { | |
2794 | + akeysz = atoi(pp+13); | |
2795 | + if (VERBOSE) | |
2796 | + printf("Key size = %d\n", akeysz); | |
2797 | + } | |
2798 | + } | |
2799 | + } | |
2800 | + break; | |
2801 | + | |
2802 | + case 1: /* [ENCRYPT] | [DECRYPT] */ | |
2803 | + if (ibuf[0] == '[') | |
2804 | + { | |
2805 | + fputs(ibuf, rfp); | |
2806 | + ++step; | |
2807 | + if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0) | |
2808 | + dir = 1; | |
2809 | + else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0) | |
2810 | + dir = 0; | |
2811 | + else | |
2812 | + { | |
2813 | + printf("Invalid keyword: %s\n", ibuf); | |
2814 | + err = 1; | |
2815 | + } | |
2816 | + break; | |
2817 | + } | |
2818 | + else if (dir == -1) | |
2819 | + { | |
2820 | + err = 1; | |
2821 | + printf("Missing ENCRYPT/DECRYPT keyword\n"); | |
2822 | + break; | |
2823 | + } | |
2824 | + else | |
2825 | + step = 2; | |
2826 | + | |
2827 | + case 2: /* KEY = xxxx */ | |
2828 | + fputs(ibuf, rfp); | |
2829 | + if(*ibuf == '\n') | |
2830 | + break; | |
2831 | + if(!strncasecmp(ibuf,"COUNT = ",8)) | |
2832 | + break; | |
2833 | + | |
2834 | + if (strncasecmp(ibuf, "KEY = ", 6) != 0) | |
2835 | + { | |
2836 | + printf("Missing KEY\n"); | |
2837 | + err = 1; | |
2838 | + } | |
2839 | + else | |
2840 | + { | |
2841 | + len = hex2bin((char*)ibuf+6, aKey); | |
2842 | + if (len < 0) | |
2843 | + { | |
2844 | + printf("Invalid KEY\n"); | |
2845 | + err =1; | |
2846 | + break; | |
2847 | + } | |
2848 | + PrintValue("KEY", aKey, len); | |
2849 | + if (strcmp(amode, "ECB") == 0) | |
2850 | + { | |
2851 | + memset(iVec, 0, sizeof(iVec)); | |
2852 | + step = (dir)? 4: 5; /* no ivec for ECB */ | |
2853 | + } | |
2854 | + else | |
2855 | + ++step; | |
2856 | + } | |
2857 | + break; | |
2858 | + | |
2859 | + case 3: /* IV = xxxx */ | |
2860 | + fputs(ibuf, rfp); | |
2861 | + if (strncasecmp(ibuf, "IV = ", 5) != 0) | |
2862 | + { | |
2863 | + printf("Missing IV\n"); | |
2864 | + err = 1; | |
2865 | + } | |
2866 | + else | |
2867 | + { | |
2868 | + len = hex2bin((char*)ibuf+5, iVec); | |
2869 | + if (len < 0) | |
2870 | + { | |
2871 | + printf("Invalid IV\n"); | |
2872 | + err =1; | |
2873 | + break; | |
2874 | + } | |
2875 | + PrintValue("IV", iVec, len); | |
2876 | + step = (dir)? 4: 5; | |
2877 | + } | |
2878 | + break; | |
2879 | + | |
2880 | + case 4: /* PLAINTEXT = xxxx */ | |
2881 | + fputs(ibuf, rfp); | |
2882 | + if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0) | |
2883 | + { | |
2884 | + printf("Missing PLAINTEXT\n"); | |
2885 | + err = 1; | |
2886 | + } | |
2887 | + else | |
2888 | + { | |
2889 | + int nn = strlen(ibuf+12); | |
2890 | + if(!strcmp(amode,"CFB1")) | |
2891 | + len=bint2bin(ibuf+12,nn-1,plaintext); | |
2892 | + else | |
2893 | + len=hex2bin(ibuf+12, plaintext); | |
2894 | + if (len < 0) | |
2895 | + { | |
2896 | + printf("Invalid PLAINTEXT: %s", ibuf+12); | |
2897 | + err =1; | |
2898 | + break; | |
2899 | + } | |
2900 | + if (len >= sizeof(plaintext)) | |
2901 | + { | |
2902 | + printf("Buffer overflow\n"); | |
2903 | + } | |
2904 | + PrintValue("PLAINTEXT", (unsigned char*)plaintext, len); | |
2905 | + if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */ | |
2906 | + { | |
2907 | + if(do_mct(amode, akeysz, aKey, iVec, | |
2908 | + dir, (unsigned char*)plaintext, len, | |
2909 | + rfp) < 0) | |
2910 | + EXIT(1); | |
2911 | + } | |
2912 | + else | |
2913 | + { | |
2914 | + ret = AESTest(&ctx, amode, akeysz, aKey, iVec, | |
2915 | + dir, /* 0 = decrypt, 1 = encrypt */ | |
2916 | + plaintext, ciphertext, len); | |
2917 | + OutputValue("CIPHERTEXT",ciphertext,len,rfp, | |
2918 | + !strcmp(amode,"CFB1")); | |
2919 | + } | |
2920 | + step = 6; | |
2921 | + } | |
2922 | + break; | |
2923 | + | |
2924 | + case 5: /* CIPHERTEXT = xxxx */ | |
2925 | + fputs(ibuf, rfp); | |
2926 | + if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0) | |
2927 | + { | |
2928 | + printf("Missing KEY\n"); | |
2929 | + err = 1; | |
2930 | + } | |
2931 | + else | |
2932 | + { | |
2933 | + if(!strcmp(amode,"CFB1")) | |
2934 | + len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext); | |
2935 | + else | |
2936 | + len = hex2bin(ibuf+13,ciphertext); | |
2937 | + if (len < 0) | |
2938 | + { | |
2939 | + printf("Invalid CIPHERTEXT\n"); | |
2940 | + err =1; | |
2941 | + break; | |
2942 | + } | |
2943 | + | |
2944 | + PrintValue("CIPHERTEXT", ciphertext, len); | |
2945 | + if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */ | |
2946 | + { | |
2947 | + do_mct(amode, akeysz, aKey, iVec, | |
2948 | + dir, ciphertext, len, rfp); | |
2949 | + } | |
2950 | + else | |
2951 | + { | |
2952 | + ret = AESTest(&ctx, amode, akeysz, aKey, iVec, | |
2953 | + dir, /* 0 = decrypt, 1 = encrypt */ | |
2954 | + plaintext, ciphertext, len); | |
2955 | + OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp, | |
2956 | + !strcmp(amode,"CFB1")); | |
2957 | + } | |
2958 | + step = 6; | |
2959 | + } | |
2960 | + break; | |
2961 | + | |
2962 | + case 6: | |
2963 | + if (ibuf[0] != '\n') | |
2964 | + { | |
2965 | + err = 1; | |
2966 | + printf("Missing terminator\n"); | |
2967 | + } | |
2968 | + else if (strcmp(atest, "MCT") != 0) | |
2969 | + { /* MCT already added terminating nl */ | |
2970 | + fputs(ibuf, rfp); | |
2971 | + } | |
2972 | + step = 1; | |
2973 | + break; | |
2974 | + } | |
2975 | + } | |
2976 | + if (rfp) | |
2977 | + fclose(rfp); | |
2978 | + if (afp) | |
2979 | + fclose(afp); | |
2980 | + return err; | |
2981 | + } | |
2982 | + | |
2983 | +/*-------------------------------------------------- | |
2984 | + Processes either a single file or | |
2985 | + a set of files whose names are passed in a file. | |
2986 | + A single file is specified as: | |
2987 | + aes_test -f xxx.req | |
2988 | + A set of files is specified as: | |
2989 | + aes_test -d xxxxx.xxx | |
2990 | + The default is: -d req.txt | |
2991 | +--------------------------------------------------*/ | |
2992 | +int main(int argc, char **argv) | |
2993 | + { | |
2994 | + char *rqlist = "req.txt", *rspfile = NULL; | |
2995 | + FILE *fp = NULL; | |
2996 | + char fn[250] = "", rfn[256] = ""; | |
2997 | + int f_opt = 0, d_opt = 1; | |
2998 | + | |
2999 | +#ifdef OPENSSL_FIPS | |
3000 | + if(!FIPS_mode_set(1)) | |
3001 | + { | |
3002 | + do_print_errors(); | |
3003 | + EXIT(1); | |
3004 | + } | |
3005 | +#endif | |
3006 | + if (argc > 1) | |
3007 | + { | |
3008 | + if (strcasecmp(argv[1], "-d") == 0) | |
3009 | + { | |
3010 | + d_opt = 1; | |
3011 | + } | |
3012 | + else if (strcasecmp(argv[1], "-f") == 0) | |
3013 | + { | |
3014 | + f_opt = 1; | |
3015 | + d_opt = 0; | |
3016 | + } | |
3017 | + else | |
3018 | + { | |
3019 | + printf("Invalid parameter: %s\n", argv[1]); | |
3020 | + return 0; | |
3021 | + } | |
3022 | + if (argc < 3) | |
3023 | + { | |
3024 | + printf("Missing parameter\n"); | |
3025 | + return 0; | |
3026 | + } | |
3027 | + if (d_opt) | |
3028 | + rqlist = argv[2]; | |
3029 | + else | |
3030 | + { | |
3031 | + strcpy(fn, argv[2]); | |
3032 | + rspfile = argv[3]; | |
3033 | + } | |
3034 | + } | |
3035 | + if (d_opt) | |
3036 | + { /* list of files (directory) */ | |
3037 | + if (!(fp = fopen(rqlist, "r"))) | |
3038 | + { | |
3039 | + printf("Cannot open req list file\n"); | |
3040 | + return -1; | |
3041 | + } | |
3042 | + while (fgets(fn, sizeof(fn), fp)) | |
3043 | + { | |
3044 | + strtok(fn, "\r\n"); | |
3045 | + strcpy(rfn, fn); | |
3046 | + if (VERBOSE) | |
3047 | + printf("Processing: %s\n", rfn); | |
3048 | + if (proc_file(rfn, rspfile)) | |
3049 | + { | |
3050 | + printf(">>> Processing failed for: %s <<<\n", rfn); | |
3051 | + EXIT(1); | |
3052 | + } | |
3053 | + } | |
3054 | + fclose(fp); | |
3055 | + } | |
3056 | + else /* single file */ | |
3057 | + { | |
3058 | + if (VERBOSE) | |
3059 | + printf("Processing: %s\n", fn); | |
3060 | + if (proc_file(fn, rspfile)) | |
3061 | + { | |
3062 | + printf(">>> Processing failed for: %s <<<\n", fn); | |
3063 | + } | |
3064 | + } | |
3065 | + EXIT(0); | |
3066 | + return 0; | |
3067 | + } | |
3068 | + | |
3069 | +#endif | |
a7ff9508 MT |
3070 | diff -up openssl-1.0.1b/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_cmactest.c |
3071 | --- openssl-1.0.1b/crypto/fips/cavs/fips_cmactest.c.fips 2012-04-26 18:00:51.397769234 +0200 | |
3072 | +++ openssl-1.0.1b/crypto/fips/cavs/fips_cmactest.c 2012-04-26 18:00:51.397769234 +0200 | |
0595faf5 MT |
3073 | @@ -0,0 +1,517 @@ |
3074 | +/* fips_cmactest.c */ | |
3075 | +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
3076 | + * project 2005. | |
3077 | + */ | |
3078 | +/* ==================================================================== | |
3079 | + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. | |
3080 | + * | |
3081 | + * Redistribution and use in source and binary forms, with or without | |
3082 | + * modification, are permitted provided that the following conditions | |
3083 | + * are met: | |
3084 | + * | |
3085 | + * 1. Redistributions of source code must retain the above copyright | |
3086 | + * notice, this list of conditions and the following disclaimer. | |
3087 | + * | |
3088 | + * 2. Redistributions in binary form must reproduce the above copyright | |
3089 | + * notice, this list of conditions and the following disclaimer in | |
3090 | + * the documentation and/or other materials provided with the | |
3091 | + * distribution. | |
3092 | + * | |
3093 | + * 3. All advertising materials mentioning features or use of this | |
3094 | + * software must display the following acknowledgment: | |
3095 | + * "This product includes software developed by the OpenSSL Project | |
3096 | + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
3097 | + * | |
3098 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
3099 | + * endorse or promote products derived from this software without | |
3100 | + * prior written permission. For written permission, please contact | |
3101 | + * licensing@OpenSSL.org. | |
3102 | + * | |
3103 | + * 5. Products derived from this software may not be called "OpenSSL" | |
3104 | + * nor may "OpenSSL" appear in their names without prior written | |
3105 | + * permission of the OpenSSL Project. | |
3106 | + * | |
3107 | + * 6. Redistributions of any form whatsoever must retain the following | |
3108 | + * acknowledgment: | |
3109 | + * "This product includes software developed by the OpenSSL Project | |
3110 | + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
3111 | + * | |
3112 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
3113 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
3114 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
3115 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
3116 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
3117 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
3118 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
3119 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
3120 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
3121 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
3122 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
3123 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
3124 | + * ==================================================================== | |
3125 | + * | |
3126 | + * This product includes cryptographic software written by Eric Young | |
3127 | + * (eay@cryptsoft.com). This product includes software written by Tim | |
3128 | + * Hudson (tjh@cryptsoft.com). | |
3129 | + * | |
3130 | + */ | |
3131 | + | |
3132 | +#define OPENSSL_FIPSAPI | |
3133 | + | |
3134 | +#include <stdio.h> | |
3135 | +#include <ctype.h> | |
3136 | +#include <string.h> | |
3137 | +#include <openssl/bio.h> | |
3138 | +#include <openssl/evp.h> | |
3139 | +#include <openssl/cmac.h> | |
3140 | +#include <openssl/err.h> | |
3141 | +#include <openssl/bn.h> | |
3142 | + | |
3143 | +#ifndef OPENSSL_FIPS | |
3144 | + | |
3145 | +int main(int argc, char *argv[]) | |
3146 | +{ | |
3147 | + printf("No FIPS CMAC support\n"); | |
3148 | + return(0); | |
3149 | +} | |
3150 | + | |
3151 | +#else | |
3152 | + | |
3153 | +#include <openssl/fips.h> | |
3154 | +#include "fips_utl.h" | |
3155 | + | |
3156 | +static int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, | |
3157 | + int mode, int Klen_counts_keys, int known_keylen); | |
3158 | +static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out, | |
3159 | + unsigned char *Key, int Klen, | |
3160 | + unsigned char *Msg, int Msglen, | |
3161 | + int Tlen); | |
3162 | +static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out, | |
3163 | + unsigned char *Key, int Klen, | |
3164 | + unsigned char *Msg, int Msglen, | |
3165 | + unsigned char *Mac, int Maclen, | |
3166 | + int Tlen); | |
3167 | + | |
3168 | +#ifdef FIPS_ALGVS | |
3169 | +int fips_cmactest_main(int argc, char **argv) | |
3170 | +#else | |
3171 | +int main(int argc, char **argv) | |
3172 | +#endif | |
3173 | + { | |
3174 | + FILE *in = NULL, *out = NULL; | |
3175 | + int mode = 0; /* 0 => Generate, 1 => Verify */ | |
3176 | + int Klen_counts_keys = 0; /* 0 => Klen is size of one key | |
3177 | + 1 => Klen is amount of keys | |
3178 | + */ | |
3179 | + int known_keylen = 0; /* Only set when Klen_counts_keys = 1 */ | |
3180 | + const EVP_CIPHER *cipher = 0; | |
3181 | + int ret = 1; | |
3182 | + fips_algtest_init(); | |
3183 | + | |
3184 | + while (argc > 1 && argv[1][0] == '-') | |
3185 | + { | |
3186 | + switch (argv[1][1]) | |
3187 | + { | |
3188 | + case 'a': | |
3189 | + { | |
3190 | + char *p = &argv[1][2]; | |
3191 | + if (*p == '\0') | |
3192 | + { | |
3193 | + if (argc <= 2) | |
3194 | + { | |
3195 | + fprintf(stderr, "Option %s needs a value\n", argv[1]); | |
3196 | + goto end; | |
3197 | + } | |
3198 | + argv++; | |
3199 | + argc--; | |
3200 | + p = &argv[1][0]; | |
3201 | + } | |
3202 | + if (!strcmp(p, "aes128")) | |
3203 | + cipher = EVP_aes_128_cbc(); | |
3204 | + else if (!strcmp(p, "aes192")) | |
3205 | + cipher = EVP_aes_192_cbc(); | |
3206 | + else if (!strcmp(p, "aes256")) | |
3207 | + cipher = EVP_aes_256_cbc(); | |
3208 | + else if (!strcmp(p, "tdea3") || !strcmp(p, "tdes3")) | |
3209 | + { | |
3210 | + cipher = EVP_des_ede3_cbc(); | |
3211 | + Klen_counts_keys = 1; | |
3212 | + known_keylen = 8; | |
3213 | + } | |
3214 | + else | |
3215 | + { | |
3216 | + fprintf(stderr, "Unknown algorithm %s\n", p); | |
3217 | + goto end; | |
3218 | + } | |
3219 | + } | |
3220 | + break; | |
3221 | + case 'g': | |
3222 | + mode = 0; | |
3223 | + break; | |
3224 | + case 'v': | |
3225 | + mode = 1; | |
3226 | + break; | |
3227 | + default: | |
3228 | + fprintf(stderr, "Unknown option %s\n", argv[1]); | |
3229 | + goto end; | |
3230 | + } | |
3231 | + argv++; | |
3232 | + argc--; | |
3233 | + } | |
3234 | + if (argc == 1) | |
3235 | + in = stdin; | |
3236 | + else | |
3237 | + in = fopen(argv[1], "r"); | |
3238 | + | |
3239 | + if (argc < 2) | |
3240 | + out = stdout; | |
3241 | + else | |
3242 | + out = fopen(argv[2], "w"); | |
3243 | + | |
3244 | + if (!in) | |
3245 | + { | |
3246 | + fprintf(stderr, "FATAL input initialization error\n"); | |
3247 | + goto end; | |
3248 | + } | |
3249 | + | |
3250 | + if (!out) | |
3251 | + { | |
3252 | + fprintf(stderr, "FATAL output initialization error\n"); | |
3253 | + goto end; | |
3254 | + } | |
3255 | + | |
3256 | + if (!cmac_test(cipher, out, in, mode, | |
3257 | + Klen_counts_keys, known_keylen)) | |
3258 | + { | |
3259 | + fprintf(stderr, "FATAL cmac file processing error\n"); | |
3260 | + goto end; | |
3261 | + } | |
3262 | + else | |
3263 | + ret = 0; | |
3264 | + | |
3265 | + end: | |
3266 | + | |
3267 | + if (in && (in != stdin)) | |
3268 | + fclose(in); | |
3269 | + if (out && (out != stdout)) | |
3270 | + fclose(out); | |
3271 | + | |
3272 | + return ret; | |
3273 | + | |
3274 | + } | |
3275 | + | |
3276 | +#define CMAC_TEST_MAXLINELEN 150000 | |
3277 | + | |
3278 | +int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, | |
3279 | + int mode, int Klen_counts_keys, int known_keylen) | |
3280 | + { | |
3281 | + char *linebuf, *olinebuf, *p, *q; | |
3282 | + char *keyword, *value; | |
3283 | + unsigned char **Keys = NULL, *Msg = NULL, *Mac = NULL; | |
3284 | + unsigned char *Key = NULL; | |
3285 | + int Count, Klen, Mlen, Tlen; | |
3286 | + long Keylen, Msglen, Maclen; | |
3287 | + int ret = 0; | |
3288 | + int lnum = 0; | |
3289 | + | |
3290 | + olinebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN); | |
3291 | + linebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN); | |
3292 | + | |
3293 | + if (!linebuf || !olinebuf) | |
3294 | + goto error; | |
3295 | + | |
3296 | + Count = -1; | |
3297 | + Klen = -1; | |
3298 | + Mlen = -1; | |
3299 | + Tlen = -1; | |
3300 | + | |
3301 | + while (fgets(olinebuf, CMAC_TEST_MAXLINELEN, in)) | |
3302 | + { | |
3303 | + lnum++; | |
3304 | + strcpy(linebuf, olinebuf); | |
3305 | + keyword = linebuf; | |
3306 | + /* Skip leading space */ | |
3307 | + while (isspace((unsigned char)*keyword)) | |
3308 | + keyword++; | |
3309 | + | |
3310 | + /* Skip comments */ | |
3311 | + if (keyword[0] == '#') | |
3312 | + { | |
3313 | + if (fputs(olinebuf, out) < 0) | |
3314 | + goto error; | |
3315 | + continue; | |
3316 | + } | |
3317 | + | |
3318 | + /* Look for = sign */ | |
3319 | + p = strchr(linebuf, '='); | |
3320 | + | |
3321 | + /* If no = or starts with [ (for [L=20] line) just copy */ | |
3322 | + if (!p) | |
3323 | + { | |
3324 | + if (fputs(olinebuf, out) < 0) | |
3325 | + goto error; | |
3326 | + continue; | |
3327 | + } | |
3328 | + | |
3329 | + q = p - 1; | |
3330 | + | |
3331 | + /* Remove trailing space */ | |
3332 | + while (isspace((unsigned char)*q)) | |
3333 | + *q-- = 0; | |
3334 | + | |
3335 | + *p = 0; | |
3336 | + value = p + 1; | |
3337 | + | |
3338 | + /* Remove leading space from value */ | |
3339 | + while (isspace((unsigned char)*value)) | |
3340 | + value++; | |
3341 | + | |
3342 | + /* Remove trailing space from value */ | |
3343 | + p = value + strlen(value) - 1; | |
3344 | + | |
3345 | + while (*p == '\n' || isspace((unsigned char)*p)) | |
3346 | + *p-- = 0; | |
3347 | + | |
3348 | + if (!strcmp(keyword, "Count")) | |
3349 | + { | |
3350 | + if (Count != -1) | |
3351 | + goto parse_error; | |
3352 | + Count = atoi(value); | |
3353 | + if (Count < 0) | |
3354 | + goto parse_error; | |
3355 | + } | |
3356 | + else if (!strcmp(keyword, "Klen")) | |
3357 | + { | |
3358 | + if (Klen != -1) | |
3359 | + goto parse_error; | |
3360 | + Klen = atoi(value); | |
3361 | + if (Klen < 0) | |
3362 | + goto parse_error; | |
3363 | + if (Klen_counts_keys) | |
3364 | + { | |
3365 | + Keys = OPENSSL_malloc(sizeof(*Keys) * Klen); | |
3366 | + memset(Keys, '\0', sizeof(*Keys) * Klen); | |
3367 | + } | |
3368 | + else | |
3369 | + { | |
3370 | + Keys = OPENSSL_malloc(sizeof(*Keys)); | |
3371 | + memset(Keys, '\0', sizeof(*Keys)); | |
3372 | + } | |
3373 | + } | |
3374 | + else if (!strcmp(keyword, "Mlen")) | |
3375 | + { | |
3376 | + if (Mlen != -1) | |
3377 | + goto parse_error; | |
3378 | + Mlen = atoi(value); | |
3379 | + if (Mlen < 0) | |
3380 | + goto parse_error; | |
3381 | + } | |
3382 | + else if (!strcmp(keyword, "Tlen")) | |
3383 | + { | |
3384 | + if (Tlen != -1) | |
3385 | + goto parse_error; | |
3386 | + Tlen = atoi(value); | |
3387 | + if (Tlen < 0) | |
3388 | + goto parse_error; | |
3389 | + } | |
3390 | + else if (!strcmp(keyword, "Key") && !Klen_counts_keys) | |
3391 | + { | |
3392 | + if (Keys[0]) | |
3393 | + goto parse_error; | |
3394 | + Keys[0] = hex2bin_m(value, &Keylen); | |
3395 | + if (!Keys[0]) | |
3396 | + goto parse_error; | |
3397 | + } | |
3398 | + else if (!strncmp(keyword, "Key", 3) && Klen_counts_keys) | |
3399 | + { | |
3400 | + int keynum = atoi(keyword + 3); | |
3401 | + if (!keynum || keynum > Klen || Keys[keynum-1]) | |
3402 | + goto parse_error; | |
3403 | + Keys[keynum-1] = hex2bin_m(value, &Keylen); | |
3404 | + if (!Keys[keynum-1]) | |
3405 | + goto parse_error; | |
3406 | + } | |
3407 | + else if (!strcmp(keyword, "Msg")) | |
3408 | + { | |
3409 | + if (Msg) | |
3410 | + goto parse_error; | |
3411 | + Msg = hex2bin_m(value, &Msglen); | |
3412 | + if (!Msg) | |
3413 | + goto parse_error; | |
3414 | + } | |
3415 | + else if (!strcmp(keyword, "Mac")) | |
3416 | + { | |
3417 | + if (mode == 0) | |
3418 | + continue; | |
3419 | + if (Mac) | |
3420 | + goto parse_error; | |
3421 | + Mac = hex2bin_m(value, &Maclen); | |
3422 | + if (!Mac) | |
3423 | + goto parse_error; | |
3424 | + } | |
3425 | + else if (!strcmp(keyword, "Result")) | |
3426 | + { | |
3427 | + if (mode == 1) | |
3428 | + continue; | |
3429 | + goto parse_error; | |
3430 | + } | |
3431 | + else | |
3432 | + goto parse_error; | |
3433 | + | |
3434 | + fputs(olinebuf, out); | |
3435 | + | |
3436 | + if (Keys && Msg && (!mode || Mac) && (Tlen > 0) && (Klen > 0)) | |
3437 | + { | |
3438 | + if (Klen_counts_keys) | |
3439 | + { | |
3440 | + int x; | |
3441 | + Key = OPENSSL_malloc(Klen * known_keylen); | |
3442 | + for (x = 0; x < Klen; x++) | |
3443 | + { | |
3444 | + memcpy(Key + x * known_keylen, | |
3445 | + Keys[x], known_keylen); | |
3446 | + OPENSSL_free(Keys[x]); | |
3447 | + } | |
3448 | + Klen *= known_keylen; | |
3449 | + } | |
3450 | + else | |
3451 | + { | |
3452 | + Key = OPENSSL_malloc(Klen); | |
3453 | + memcpy(Key, Keys[0], Klen); | |
3454 | + OPENSSL_free(Keys[0]); | |
3455 | + } | |
3456 | + OPENSSL_free(Keys); | |
3457 | + | |
3458 | + switch(mode) | |
3459 | + { | |
3460 | + case 0: | |
3461 | + if (!print_cmac_gen(cipher, out, | |
3462 | + Key, Klen, | |
3463 | + Msg, Mlen, | |
3464 | + Tlen)) | |
3465 | + goto error; | |
3466 | + break; | |
3467 | + case 1: | |
3468 | + if (!print_cmac_ver(cipher, out, | |
3469 | + Key, Klen, | |
3470 | + Msg, Mlen, | |
3471 | + Mac, Maclen, | |
3472 | + Tlen)) | |
3473 | + goto error; | |
3474 | + break; | |
3475 | + } | |
3476 | + | |
3477 | + OPENSSL_free(Key); | |
3478 | + Key = NULL; | |
3479 | + OPENSSL_free(Msg); | |
3480 | + Msg = NULL; | |
3481 | + OPENSSL_free(Mac); | |
3482 | + Mac = NULL; | |
3483 | + Klen = -1; | |
3484 | + Mlen = -1; | |
3485 | + Tlen = -1; | |
3486 | + Count = -1; | |
3487 | + } | |
3488 | + } | |
3489 | + | |
3490 | + | |
3491 | + ret = 1; | |
3492 | + | |
3493 | + | |
3494 | + error: | |
3495 | + | |
3496 | + if (olinebuf) | |
3497 | + OPENSSL_free(olinebuf); | |
3498 | + if (linebuf) | |
3499 | + OPENSSL_free(linebuf); | |
3500 | + if (Key) | |
3501 | + OPENSSL_free(Key); | |
3502 | + if (Msg) | |
3503 | + OPENSSL_free(Msg); | |
3504 | + if (Mac) | |
3505 | + OPENSSL_free(Mac); | |
3506 | + | |
3507 | + return ret; | |
3508 | + | |
3509 | + parse_error: | |
3510 | + | |
3511 | + fprintf(stderr, "FATAL parse error processing line %d\n", lnum); | |
3512 | + | |
3513 | + goto error; | |
3514 | + | |
3515 | + } | |
3516 | + | |
3517 | +static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out, | |
3518 | + unsigned char *Key, int Klen, | |
3519 | + unsigned char *Msg, int Mlen, | |
3520 | + int Tlen) | |
3521 | + { | |
3522 | + int rc, i; | |
3523 | + size_t reslen; | |
3524 | + unsigned char res[128]; | |
3525 | + CMAC_CTX *cmac_ctx = CMAC_CTX_new(); | |
3526 | + | |
3527 | + CMAC_Init(cmac_ctx, Key, Klen, cipher, 0); | |
3528 | + CMAC_Update(cmac_ctx, Msg, Mlen); | |
3529 | + if (!CMAC_Final(cmac_ctx, res, &reslen)) | |
3530 | + { | |
3531 | + fputs("Error calculating CMAC\n", stderr); | |
3532 | + rc = 0; | |
3533 | + } | |
3534 | + else if (Tlen > (int)reslen) | |
3535 | + { | |
3536 | + fputs("Parameter error, Tlen > CMAC length\n", stderr); | |
3537 | + rc = 0; | |
3538 | + } | |
3539 | + else | |
3540 | + { | |
3541 | + fputs("Mac = ", out); | |
3542 | + for (i = 0; i < Tlen; i++) | |
3543 | + fprintf(out, "%02x", res[i]); | |
3544 | + fputs(RESP_EOL, out); | |
3545 | + rc = 1; | |
3546 | + } | |
3547 | + CMAC_CTX_free(cmac_ctx); | |
3548 | + return rc; | |
3549 | + } | |
3550 | + | |
3551 | +static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out, | |
3552 | + unsigned char *Key, int Klen, | |
3553 | + unsigned char *Msg, int Mlen, | |
3554 | + unsigned char *Mac, int Maclen, | |
3555 | + int Tlen) | |
3556 | + { | |
3557 | + int rc = 1; | |
3558 | + size_t reslen; | |
3559 | + unsigned char res[128]; | |
3560 | + CMAC_CTX *cmac_ctx = CMAC_CTX_new(); | |
3561 | + | |
3562 | + CMAC_Init(cmac_ctx, Key, Klen, cipher, 0); | |
3563 | + CMAC_Update(cmac_ctx, Msg, Mlen); | |
3564 | + if (!CMAC_Final(cmac_ctx, res, &reslen)) | |
3565 | + { | |
3566 | + fputs("Error calculating CMAC\n", stderr); | |
3567 | + rc = 0; | |
3568 | + } | |
3569 | + else if (Tlen > (int)reslen) | |
3570 | + { | |
3571 | + fputs("Parameter error, Tlen > CMAC length\n", stderr); | |
3572 | + rc = 0; | |
3573 | + } | |
3574 | + else if (Tlen != Maclen) | |
3575 | + { | |
3576 | + fputs("Parameter error, Tlen != resulting Mac length\n", stderr); | |
3577 | + rc = 0; | |
3578 | + } | |
3579 | + else | |
3580 | + { | |
3581 | + if (!memcmp(Mac, res, Maclen)) | |
3582 | + fputs("Result = P" RESP_EOL, out); | |
3583 | + else | |
3584 | + fputs("Result = F" RESP_EOL, out); | |
3585 | + } | |
3586 | + CMAC_CTX_free(cmac_ctx); | |
3587 | + return rc; | |
3588 | + } | |
3589 | + | |
3590 | +#endif | |
a7ff9508 MT |
3591 | diff -up openssl-1.0.1b/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_desmovs.c |
3592 | --- openssl-1.0.1b/crypto/fips/cavs/fips_desmovs.c.fips 2012-04-26 18:00:51.398769255 +0200 | |
3593 | +++ openssl-1.0.1b/crypto/fips/cavs/fips_desmovs.c 2012-04-26 18:00:51.398769255 +0200 | |
0595faf5 MT |
3594 | @@ -0,0 +1,702 @@ |
3595 | +/* ==================================================================== | |
3596 | + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | |
3597 | + * | |
3598 | + * Redistribution and use in source and binary forms, with or without | |
3599 | + * modification, are permitted provided that the following conditions | |
3600 | + * are met: | |
3601 | + * | |
3602 | + * 1. Redistributions of source code must retain the above copyright | |
3603 | + * notice, this list of conditions and the following disclaimer. | |
3604 | + * | |
3605 | + * 2. Redistributions in binary form must reproduce the above copyright | |
3606 | + * notice, this list of conditions and the following disclaimer in | |
3607 | + * the documentation and/or other materials provided with the | |
3608 | + * distribution. | |
3609 | + * | |
3610 | + * 3. All advertising materials mentioning features or use of this | |
3611 | + * software must display the following acknowledgment: | |
3612 | + * "This product includes software developed by the OpenSSL Project | |
3613 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
3614 | + * | |
3615 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
3616 | + * endorse or promote products derived from this software without | |
3617 | + * prior written permission. For written permission, please contact | |
3618 | + * openssl-core@openssl.org. | |
3619 | + * | |
3620 | + * 5. Products derived from this software may not be called "OpenSSL" | |
3621 | + * nor may "OpenSSL" appear in their names without prior written | |
3622 | + * permission of the OpenSSL Project. | |
3623 | + * | |
3624 | + * 6. Redistributions of any form whatsoever must retain the following | |
3625 | + * acknowledgment: | |
3626 | + * "This product includes software developed by the OpenSSL Project | |
3627 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
3628 | + * | |
3629 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
3630 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
3631 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
3632 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
3633 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
3634 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
3635 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
3636 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
3637 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
3638 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
3639 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
3640 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
3641 | + * | |
3642 | + */ | |
3643 | +/*--------------------------------------------- | |
3644 | + NIST DES Modes of Operation Validation System | |
3645 | + Test Program | |
3646 | + | |
3647 | + Based on the AES Validation Suite, which was: | |
3648 | + Donated to OpenSSL by: | |
3649 | + V-ONE Corporation | |
3650 | + 20250 Century Blvd, Suite 300 | |
3651 | + Germantown, MD 20874 | |
3652 | + U.S.A. | |
3653 | + ----------------------------------------------*/ | |
3654 | + | |
3655 | +#include <stdio.h> | |
3656 | +#include <stdlib.h> | |
3657 | +#include <string.h> | |
3658 | +#include <errno.h> | |
3659 | +#include <assert.h> | |
3660 | +#include <ctype.h> | |
3661 | +#include <openssl/des.h> | |
3662 | +#include <openssl/evp.h> | |
3663 | +#include <openssl/bn.h> | |
3664 | + | |
3665 | +#include <openssl/err.h> | |
3666 | +#include "e_os.h" | |
3667 | + | |
3668 | +#ifndef OPENSSL_FIPS | |
3669 | + | |
3670 | +int main(int argc, char *argv[]) | |
3671 | +{ | |
3672 | + printf("No FIPS DES support\n"); | |
3673 | + return(0); | |
3674 | +} | |
3675 | + | |
3676 | +#else | |
3677 | + | |
3678 | +#include <openssl/fips.h> | |
3679 | +#include "fips_utl.h" | |
3680 | + | |
3681 | +#define DES_BLOCK_SIZE 8 | |
3682 | + | |
3683 | +#define VERBOSE 0 | |
3684 | + | |
3685 | +int DESTest(EVP_CIPHER_CTX *ctx, | |
3686 | + char *amode, int akeysz, unsigned char *aKey, | |
3687 | + unsigned char *iVec, | |
3688 | + int dir, /* 0 = decrypt, 1 = encrypt */ | |
3689 | + unsigned char *out, unsigned char *in, int len) | |
3690 | + { | |
3691 | + const EVP_CIPHER *cipher = NULL; | |
3692 | + | |
3693 | + if (akeysz != 192) | |
3694 | + { | |
3695 | + printf("Invalid key size: %d\n", akeysz); | |
3696 | + EXIT(1); | |
3697 | + } | |
3698 | + | |
3699 | + if (strcasecmp(amode, "CBC") == 0) | |
3700 | + cipher = EVP_des_ede3_cbc(); | |
3701 | + else if (strcasecmp(amode, "ECB") == 0) | |
3702 | + cipher = EVP_des_ede3_ecb(); | |
3703 | + else if (strcasecmp(amode, "CFB64") == 0) | |
3704 | + cipher = EVP_des_ede3_cfb64(); | |
3705 | + else if (strncasecmp(amode, "OFB", 3) == 0) | |
3706 | + cipher = EVP_des_ede3_ofb(); | |
3707 | + else if(!strcasecmp(amode,"CFB8")) | |
3708 | + cipher = EVP_des_ede3_cfb8(); | |
3709 | + else if(!strcasecmp(amode,"CFB1")) | |
3710 | + cipher = EVP_des_ede3_cfb1(); | |
3711 | + else | |
3712 | + { | |
3713 | + printf("Unknown mode: %s\n", amode); | |
3714 | + EXIT(1); | |
3715 | + } | |
3716 | + | |
3717 | + if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0) | |
3718 | + return 0; | |
3719 | + if(!strcasecmp(amode,"CFB1")) | |
3720 | + M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS); | |
3721 | + EVP_Cipher(ctx, out, in, len); | |
3722 | + | |
3723 | + return 1; | |
3724 | + } | |
3725 | + | |
3726 | +void DebugValue(char *tag, unsigned char *val, int len) | |
3727 | + { | |
3728 | + char obuf[2048]; | |
3729 | + int olen; | |
3730 | + olen = bin2hex(val, len, obuf); | |
3731 | + printf("%s = %.*s\n", tag, olen, obuf); | |
3732 | + } | |
3733 | + | |
3734 | +void shiftin(unsigned char *dst,unsigned char *src,int nbits) | |
3735 | + { | |
3736 | + int n; | |
3737 | + | |
3738 | + /* move the bytes... */ | |
3739 | + memmove(dst,dst+nbits/8,3*8-nbits/8); | |
3740 | + /* append new data */ | |
3741 | + memcpy(dst+3*8-nbits/8,src,(nbits+7)/8); | |
3742 | + /* left shift the bits */ | |
3743 | + if(nbits%8) | |
3744 | + for(n=0 ; n < 3*8 ; ++n) | |
3745 | + dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8)); | |
3746 | + } | |
3747 | + | |
3748 | +/*-----------------------------------------------*/ | |
3749 | +char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"}; | |
3750 | +char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"}; | |
3751 | +enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB64}; | |
3752 | +int Sizes[6]={64,64,64,1,8,64}; | |
3753 | + | |
3754 | +void do_mct(char *amode, | |
3755 | + int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec, | |
3756 | + int dir, unsigned char *text, int len, | |
3757 | + FILE *rfp) | |
3758 | + { | |
3759 | + int i,imode; | |
3760 | + unsigned char nk[4*8]; /* longest key+8 */ | |
3761 | + unsigned char text0[8]; | |
3762 | + | |
3763 | + for (imode=0 ; imode < 6 ; ++imode) | |
3764 | + if(!strcmp(amode,t_mode[imode])) | |
3765 | + break; | |
3766 | + if (imode == 6) | |
3767 | + { | |
3768 | + printf("Unrecognized mode: %s\n", amode); | |
3769 | + EXIT(1); | |
3770 | + } | |
3771 | + | |
3772 | + for(i=0 ; i < 400 ; ++i) | |
3773 | + { | |
3774 | + int j; | |
3775 | + int n; | |
3776 | + int kp=akeysz/64; | |
3777 | + unsigned char old_iv[8]; | |
3778 | + EVP_CIPHER_CTX ctx; | |
3779 | + EVP_CIPHER_CTX_init(&ctx); | |
3780 | + | |
3781 | + fprintf(rfp,"\nCOUNT = %d\n",i); | |
3782 | + if(kp == 1) | |
3783 | + OutputValue("KEY",akey,8,rfp,0); | |
3784 | + else | |
3785 | + for(n=0 ; n < kp ; ++n) | |
3786 | + { | |
3787 | + fprintf(rfp,"KEY%d",n+1); | |
3788 | + OutputValue("",akey+n*8,8,rfp,0); | |
3789 | + } | |
3790 | + | |
3791 | + if(imode != ECB) | |
3792 | + OutputValue("IV",ivec,8,rfp,0); | |
3793 | + OutputValue(t_tag[dir^1],text,len,rfp,imode == CFB1); | |
3794 | +#if 0 | |
3795 | + /* compensate for endianness */ | |
3796 | + if(imode == CFB1) | |
3797 | + text[0]<<=7; | |
3798 | +#endif | |
3799 | + memcpy(text0,text,8); | |
3800 | + | |
3801 | + for(j=0 ; j < 10000 ; ++j) | |
3802 | + { | |
3803 | + unsigned char old_text[8]; | |
3804 | + | |
3805 | + memcpy(old_text,text,8); | |
3806 | + if(j == 0) | |
3807 | + { | |
3808 | + memcpy(old_iv,ivec,8); | |
3809 | + DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len); | |
3810 | + } | |
3811 | + else | |
3812 | + { | |
3813 | + memcpy(old_iv,ctx.iv,8); | |
3814 | + EVP_Cipher(&ctx,text,text,len); | |
3815 | + } | |
3816 | + if(j == 9999) | |
3817 | + { | |
3818 | + OutputValue(t_tag[dir],text,len,rfp,imode == CFB1); | |
3819 | + /* memcpy(ivec,text,8); */ | |
3820 | + } | |
3821 | + /* DebugValue("iv",ctx.iv,8); */ | |
3822 | + /* accumulate material for the next key */ | |
3823 | + shiftin(nk,text,Sizes[imode]); | |
3824 | + /* DebugValue("nk",nk,24);*/ | |
3825 | + if((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64 | |
3826 | + || imode == CBC)) || imode == OFB) | |
3827 | + memcpy(text,old_iv,8); | |
3828 | + | |
3829 | + if(!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64)) | |
3830 | + { | |
3831 | + /* the test specifies using the output of the raw DES operation | |
3832 | + which we don't have, so reconstruct it... */ | |
3833 | + for(n=0 ; n < 8 ; ++n) | |
3834 | + text[n]^=old_text[n]; | |
3835 | + } | |
3836 | + } | |
3837 | + for(n=0 ; n < 8 ; ++n) | |
3838 | + akey[n]^=nk[16+n]; | |
3839 | + for(n=0 ; n < 8 ; ++n) | |
3840 | + akey[8+n]^=nk[8+n]; | |
3841 | + for(n=0 ; n < 8 ; ++n) | |
3842 | + akey[16+n]^=nk[n]; | |
3843 | + if(numkeys < 3) | |
3844 | + memcpy(&akey[2*8],akey,8); | |
3845 | + if(numkeys < 2) | |
3846 | + memcpy(&akey[8],akey,8); | |
3847 | + DES_set_odd_parity((DES_cblock *)akey); | |
3848 | + DES_set_odd_parity((DES_cblock *)(akey+8)); | |
3849 | + DES_set_odd_parity((DES_cblock *)(akey+16)); | |
3850 | + memcpy(ivec,ctx.iv,8); | |
3851 | + | |
3852 | + /* pointless exercise - the final text doesn't depend on the | |
3853 | + initial text in OFB mode, so who cares what it is? (Who | |
3854 | + designed these tests?) */ | |
3855 | + if(imode == OFB) | |
3856 | + for(n=0 ; n < 8 ; ++n) | |
3857 | + text[n]=text0[n]^old_iv[n]; | |
3858 | + } | |
3859 | + } | |
3860 | + | |
3861 | +int proc_file(char *rqfile, char *rspfile) | |
3862 | + { | |
3863 | + char afn[256], rfn[256]; | |
3864 | + FILE *afp = NULL, *rfp = NULL; | |
3865 | + char ibuf[2048], tbuf[2048]; | |
3866 | + int ilen, len, ret = 0; | |
3867 | + char amode[8] = ""; | |
3868 | + char atest[100] = ""; | |
3869 | + int akeysz=0; | |
3870 | + unsigned char iVec[20], aKey[40]; | |
3871 | + int dir = -1, err = 0, step = 0; | |
3872 | + unsigned char plaintext[2048]; | |
3873 | + unsigned char ciphertext[2048]; | |
3874 | + char *rp; | |
3875 | + EVP_CIPHER_CTX ctx; | |
3876 | + int numkeys=1; | |
3877 | + EVP_CIPHER_CTX_init(&ctx); | |
3878 | + | |
3879 | + if (!rqfile || !(*rqfile)) | |
3880 | + { | |
3881 | + printf("No req file\n"); | |
3882 | + return -1; | |
3883 | + } | |
3884 | + strcpy(afn, rqfile); | |
3885 | + | |
3886 | + if ((afp = fopen(afn, "r")) == NULL) | |
3887 | + { | |
3888 | + printf("Cannot open file: %s, %s\n", | |
3889 | + afn, strerror(errno)); | |
3890 | + return -1; | |
3891 | + } | |
3892 | + if (!rspfile) | |
3893 | + { | |
3894 | + strcpy(rfn,afn); | |
3895 | + rp=strstr(rfn,"req/"); | |
3896 | +#ifdef OPENSSL_SYS_WIN32 | |
3897 | + if (!rp) | |
3898 | + rp=strstr(rfn,"req\\"); | |
3899 | +#endif | |
3900 | + assert(rp); | |
3901 | + memcpy(rp,"rsp",3); | |
3902 | + rp = strstr(rfn, ".req"); | |
3903 | + memcpy(rp, ".rsp", 4); | |
3904 | + rspfile = rfn; | |
3905 | + } | |
3906 | + if ((rfp = fopen(rspfile, "w")) == NULL) | |
3907 | + { | |
3908 | + printf("Cannot open file: %s, %s\n", | |
3909 | + rfn, strerror(errno)); | |
3910 | + fclose(afp); | |
3911 | + afp = NULL; | |
3912 | + return -1; | |
3913 | + } | |
3914 | + while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL) | |
3915 | + { | |
3916 | + tidy_line(tbuf, ibuf); | |
3917 | + ilen = strlen(ibuf); | |
3918 | + /* printf("step=%d ibuf=%s",step,ibuf);*/ | |
3919 | + if(step == 3 && !strcmp(amode,"ECB")) | |
3920 | + { | |
3921 | + memset(iVec, 0, sizeof(iVec)); | |
3922 | + step = (dir)? 4: 5; /* no ivec for ECB */ | |
3923 | + } | |
3924 | + switch (step) | |
3925 | + { | |
3926 | + case 0: /* read preamble */ | |
3927 | + if (ibuf[0] == '\n') | |
3928 | + { /* end of preamble */ | |
3929 | + if (*amode == '\0') | |
3930 | + { | |
3931 | + printf("Missing Mode\n"); | |
3932 | + err = 1; | |
3933 | + } | |
3934 | + else | |
3935 | + { | |
3936 | + fputs(ibuf, rfp); | |
3937 | + ++ step; | |
3938 | + } | |
3939 | + } | |
3940 | + else if (ibuf[0] != '#') | |
3941 | + { | |
3942 | + printf("Invalid preamble item: %s\n", ibuf); | |
3943 | + err = 1; | |
3944 | + } | |
3945 | + else | |
3946 | + { /* process preamble */ | |
3947 | + char *xp, *pp = ibuf+2; | |
3948 | + int n; | |
3949 | + if(*amode) | |
3950 | + { /* insert current time & date */ | |
3951 | + time_t rtim = time(0); | |
3952 | + fprintf(rfp, "# %s", ctime(&rtim)); | |
3953 | + } | |
3954 | + else | |
3955 | + { | |
3956 | + fputs(ibuf, rfp); | |
3957 | + if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4) | |
3958 | + || !strncmp(pp,"TDES ",5) | |
3959 | + || !strncmp(pp,"PERMUTATION ",12) | |
3960 | + || !strncmp(pp,"SUBSTITUTION ",13) | |
3961 | + || !strncmp(pp,"VARIABLE ",9)) | |
3962 | + { | |
3963 | + /* get test type */ | |
3964 | + if(!strncmp(pp,"DES ",4)) | |
3965 | + pp+=4; | |
3966 | + else if(!strncmp(pp,"TDES ",5)) | |
3967 | + pp+=5; | |
3968 | + xp = strchr(pp, ' '); | |
3969 | + n = xp-pp; | |
3970 | + strncpy(atest, pp, n); | |
3971 | + atest[n] = '\0'; | |
3972 | + /* get mode */ | |
3973 | + xp = strrchr(pp, ' '); /* get mode" */ | |
3974 | + n = strlen(xp+1)-1; | |
3975 | + strncpy(amode, xp+1, n); | |
3976 | + amode[n] = '\0'; | |
3977 | + /* amode[3] = '\0'; */ | |
3978 | + if (VERBOSE) | |
3979 | + printf("Test=%s, Mode=%s\n",atest,amode); | |
3980 | + } | |
3981 | + } | |
3982 | + } | |
3983 | + break; | |
3984 | + | |
3985 | + case 1: /* [ENCRYPT] | [DECRYPT] */ | |
3986 | + if(ibuf[0] == '\n') | |
3987 | + break; | |
3988 | + if (ibuf[0] == '[') | |
3989 | + { | |
3990 | + fputs(ibuf, rfp); | |
3991 | + ++step; | |
3992 | + if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0) | |
3993 | + dir = 1; | |
3994 | + else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0) | |
3995 | + dir = 0; | |
3996 | + else | |
3997 | + { | |
3998 | + printf("Invalid keyword: %s\n", ibuf); | |
3999 | + err = 1; | |
4000 | + } | |
4001 | + break; | |
4002 | + } | |
4003 | + else if (dir == -1) | |
4004 | + { | |
4005 | + err = 1; | |
4006 | + printf("Missing ENCRYPT/DECRYPT keyword\n"); | |
4007 | + break; | |
4008 | + } | |
4009 | + else | |
4010 | + step = 2; | |
4011 | + | |
4012 | + case 2: /* KEY = xxxx */ | |
4013 | + if(*ibuf == '\n') | |
4014 | + { | |
4015 | + fputs(ibuf, rfp); | |
4016 | + break; | |
4017 | + } | |
4018 | + if(!strncasecmp(ibuf,"COUNT = ",8)) | |
4019 | + { | |
4020 | + fputs(ibuf, rfp); | |
4021 | + break; | |
4022 | + } | |
4023 | + if(!strncasecmp(ibuf,"COUNT=",6)) | |
4024 | + { | |
4025 | + fputs(ibuf, rfp); | |
4026 | + break; | |
4027 | + } | |
4028 | + if(!strncasecmp(ibuf,"NumKeys = ",10)) | |
4029 | + { | |
4030 | + numkeys=atoi(ibuf+10); | |
4031 | + break; | |
4032 | + } | |
4033 | + | |
4034 | + fputs(ibuf, rfp); | |
4035 | + if(!strncasecmp(ibuf,"KEY = ",6)) | |
4036 | + { | |
4037 | + akeysz=64; | |
4038 | + len = hex2bin((char*)ibuf+6, aKey); | |
4039 | + if (len < 0) | |
4040 | + { | |
4041 | + printf("Invalid KEY\n"); | |
4042 | + err=1; | |
4043 | + break; | |
4044 | + } | |
4045 | + PrintValue("KEY", aKey, len); | |
4046 | + ++step; | |
4047 | + } | |
4048 | + else if(!strncasecmp(ibuf,"KEYs = ",7)) | |
4049 | + { | |
4050 | + akeysz=64*3; | |
4051 | + len=hex2bin(ibuf+7,aKey); | |
4052 | + if(len != 8) | |
4053 | + { | |
4054 | + printf("Invalid KEY\n"); | |
4055 | + err=1; | |
4056 | + break; | |
4057 | + } | |
4058 | + memcpy(aKey+8,aKey,8); | |
4059 | + memcpy(aKey+16,aKey,8); | |
4060 | + ibuf[4]='\0'; | |
4061 | + PrintValue("KEYs",aKey,len); | |
4062 | + ++step; | |
4063 | + } | |
4064 | + else if(!strncasecmp(ibuf,"KEY",3)) | |
4065 | + { | |
4066 | + int n=ibuf[3]-'1'; | |
4067 | + | |
4068 | + akeysz=64*3; | |
4069 | + len=hex2bin(ibuf+7,aKey+n*8); | |
4070 | + if(len != 8) | |
4071 | + { | |
4072 | + printf("Invalid KEY\n"); | |
4073 | + err=1; | |
4074 | + break; | |
4075 | + } | |
4076 | + ibuf[4]='\0'; | |
4077 | + PrintValue(ibuf,aKey,len); | |
4078 | + if(n == 2) | |
4079 | + ++step; | |
4080 | + } | |
4081 | + else | |
4082 | + { | |
4083 | + printf("Missing KEY\n"); | |
4084 | + err = 1; | |
4085 | + } | |
4086 | + break; | |
4087 | + | |
4088 | + case 3: /* IV = xxxx */ | |
4089 | + fputs(ibuf, rfp); | |
4090 | + if (strncasecmp(ibuf, "IV = ", 5) != 0) | |
4091 | + { | |
4092 | + printf("Missing IV\n"); | |
4093 | + err = 1; | |
4094 | + } | |
4095 | + else | |
4096 | + { | |
4097 | + len = hex2bin((char*)ibuf+5, iVec); | |
4098 | + if (len < 0) | |
4099 | + { | |
4100 | + printf("Invalid IV\n"); | |
4101 | + err =1; | |
4102 | + break; | |
4103 | + } | |
4104 | + PrintValue("IV", iVec, len); | |
4105 | + step = (dir)? 4: 5; | |
4106 | + } | |
4107 | + break; | |
4108 | + | |
4109 | + case 4: /* PLAINTEXT = xxxx */ | |
4110 | + fputs(ibuf, rfp); | |
4111 | + if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0) | |
4112 | + { | |
4113 | + printf("Missing PLAINTEXT\n"); | |
4114 | + err = 1; | |
4115 | + } | |
4116 | + else | |
4117 | + { | |
4118 | + int nn = strlen(ibuf+12); | |
4119 | + if(!strcmp(amode,"CFB1")) | |
4120 | + len=bint2bin(ibuf+12,nn-1,plaintext); | |
4121 | + else | |
4122 | + len=hex2bin(ibuf+12, plaintext); | |
4123 | + if (len < 0) | |
4124 | + { | |
4125 | + printf("Invalid PLAINTEXT: %s", ibuf+12); | |
4126 | + err =1; | |
4127 | + break; | |
4128 | + } | |
4129 | + if (len >= sizeof(plaintext)) | |
4130 | + { | |
4131 | + printf("Buffer overflow\n"); | |
4132 | + } | |
4133 | + PrintValue("PLAINTEXT", (unsigned char*)plaintext, len); | |
4134 | + if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */ | |
4135 | + { | |
4136 | + do_mct(amode,akeysz,numkeys,aKey,iVec,dir,plaintext,len,rfp); | |
4137 | + } | |
4138 | + else | |
4139 | + { | |
4140 | + assert(dir == 1); | |
4141 | + ret = DESTest(&ctx, amode, akeysz, aKey, iVec, | |
4142 | + dir, /* 0 = decrypt, 1 = encrypt */ | |
4143 | + ciphertext, plaintext, len); | |
4144 | + OutputValue("CIPHERTEXT",ciphertext,len,rfp, | |
4145 | + !strcmp(amode,"CFB1")); | |
4146 | + } | |
4147 | + step = 6; | |
4148 | + } | |
4149 | + break; | |
4150 | + | |
4151 | + case 5: /* CIPHERTEXT = xxxx */ | |
4152 | + fputs(ibuf, rfp); | |
4153 | + if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0) | |
4154 | + { | |
4155 | + printf("Missing KEY\n"); | |
4156 | + err = 1; | |
4157 | + } | |
4158 | + else | |
4159 | + { | |
4160 | + if(!strcmp(amode,"CFB1")) | |
4161 | + len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext); | |
4162 | + else | |
4163 | + len = hex2bin(ibuf+13,ciphertext); | |
4164 | + if (len < 0) | |
4165 | + { | |
4166 | + printf("Invalid CIPHERTEXT\n"); | |
4167 | + err =1; | |
4168 | + break; | |
4169 | + } | |
4170 | + | |
4171 | + PrintValue("CIPHERTEXT", ciphertext, len); | |
4172 | + if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */ | |
4173 | + { | |
4174 | + do_mct(amode, akeysz, numkeys, aKey, iVec, | |
4175 | + dir, ciphertext, len, rfp); | |
4176 | + } | |
4177 | + else | |
4178 | + { | |
4179 | + assert(dir == 0); | |
4180 | + ret = DESTest(&ctx, amode, akeysz, aKey, iVec, | |
4181 | + dir, /* 0 = decrypt, 1 = encrypt */ | |
4182 | + plaintext, ciphertext, len); | |
4183 | + OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp, | |
4184 | + !strcmp(amode,"CFB1")); | |
4185 | + } | |
4186 | + step = 6; | |
4187 | + } | |
4188 | + break; | |
4189 | + | |
4190 | + case 6: | |
4191 | + if (ibuf[0] != '\n') | |
4192 | + { | |
4193 | + err = 1; | |
4194 | + printf("Missing terminator\n"); | |
4195 | + } | |
4196 | + else if (strcmp(atest, "MCT") != 0) | |
4197 | + { /* MCT already added terminating nl */ | |
4198 | + fputs(ibuf, rfp); | |
4199 | + } | |
4200 | + step = 1; | |
4201 | + break; | |
4202 | + } | |
4203 | + } | |
4204 | + if (rfp) | |
4205 | + fclose(rfp); | |
4206 | + if (afp) | |
4207 | + fclose(afp); | |
4208 | + return err; | |
4209 | + } | |
4210 | + | |
4211 | +/*-------------------------------------------------- | |
4212 | + Processes either a single file or | |
4213 | + a set of files whose names are passed in a file. | |
4214 | + A single file is specified as: | |
4215 | + aes_test -f xxx.req | |
4216 | + A set of files is specified as: | |
4217 | + aes_test -d xxxxx.xxx | |
4218 | + The default is: -d req.txt | |
4219 | +--------------------------------------------------*/ | |
4220 | +int main(int argc, char **argv) | |
4221 | + { | |
4222 | + char *rqlist = "req.txt", *rspfile = NULL; | |
4223 | + FILE *fp = NULL; | |
4224 | + char fn[250] = "", rfn[256] = ""; | |
4225 | + int f_opt = 0, d_opt = 1; | |
4226 | + | |
4227 | +#ifdef OPENSSL_FIPS | |
4228 | + if(!FIPS_mode_set(1)) | |
4229 | + { | |
4230 | + do_print_errors(); | |
4231 | + EXIT(1); | |
4232 | + } | |
4233 | +#endif | |
4234 | + if (argc > 1) | |
4235 | + { | |
4236 | + if (strcasecmp(argv[1], "-d") == 0) | |
4237 | + { | |
4238 | + d_opt = 1; | |
4239 | + } | |
4240 | + else if (strcasecmp(argv[1], "-f") == 0) | |
4241 | + { | |
4242 | + f_opt = 1; | |
4243 | + d_opt = 0; | |
4244 | + } | |
4245 | + else | |
4246 | + { | |
4247 | + printf("Invalid parameter: %s\n", argv[1]); | |
4248 | + return 0; | |
4249 | + } | |
4250 | + if (argc < 3) | |
4251 | + { | |
4252 | + printf("Missing parameter\n"); | |
4253 | + return 0; | |
4254 | + } | |
4255 | + if (d_opt) | |
4256 | + rqlist = argv[2]; | |
4257 | + else | |
4258 | + { | |
4259 | + strcpy(fn, argv[2]); | |
4260 | + rspfile = argv[3]; | |
4261 | + } | |
4262 | + } | |
4263 | + if (d_opt) | |
4264 | + { /* list of files (directory) */ | |
4265 | + if (!(fp = fopen(rqlist, "r"))) | |
4266 | + { | |
4267 | + printf("Cannot open req list file\n"); | |
4268 | + return -1; | |
4269 | + } | |
4270 | + while (fgets(fn, sizeof(fn), fp)) | |
4271 | + { | |
4272 | + strtok(fn, "\r\n"); | |
4273 | + strcpy(rfn, fn); | |
4274 | + printf("Processing: %s\n", rfn); | |
4275 | + if (proc_file(rfn, rspfile)) | |
4276 | + { | |
4277 | + printf(">>> Processing failed for: %s <<<\n", rfn); | |
4278 | + EXIT(1); | |
4279 | + } | |
4280 | + } | |
4281 | + fclose(fp); | |
4282 | + } | |
4283 | + else /* single file */ | |
4284 | + { | |
4285 | + if (VERBOSE) | |
4286 | + printf("Processing: %s\n", fn); | |
4287 | + if (proc_file(fn, rspfile)) | |
4288 | + { | |
4289 | + printf(">>> Processing failed for: %s <<<\n", fn); | |
4290 | + } | |
4291 | + } | |
4292 | + EXIT(0); | |
4293 | + return 0; | |
4294 | + } | |
4295 | + | |
4296 | +#endif | |
a7ff9508 MT |
4297 | diff -up openssl-1.0.1b/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_dhvs.c |
4298 | --- openssl-1.0.1b/crypto/fips/cavs/fips_dhvs.c.fips 2012-04-26 18:00:51.398769255 +0200 | |
4299 | +++ openssl-1.0.1b/crypto/fips/cavs/fips_dhvs.c 2012-04-26 18:00:51.398769255 +0200 | |
0595faf5 MT |
4300 | @@ -0,0 +1,292 @@ |
4301 | +/* fips/dh/fips_dhvs.c */ | |
4302 | +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
4303 | + * project. | |
4304 | + */ | |
4305 | +/* ==================================================================== | |
4306 | + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | |
4307 | + * | |
4308 | + * Redistribution and use in source and binary forms, with or without | |
4309 | + * modification, are permitted provided that the following conditions | |
4310 | + * are met: | |
4311 | + * | |
4312 | + * 1. Redistributions of source code must retain the above copyright | |
4313 | + * notice, this list of conditions and the following disclaimer. | |
4314 | + * | |
4315 | + * 2. Redistributions in binary form must reproduce the above copyright | |
4316 | + * notice, this list of conditions and the following disclaimer in | |
4317 | + * the documentation and/or other materials provided with the | |
4318 | + * distribution. | |
4319 | + * | |
4320 | + * 3. All advertising materials mentioning features or use of this | |
4321 | + * software must display the following acknowledgment: | |
4322 | + * "This product includes software developed by the OpenSSL Project | |
4323 | + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
4324 | + * | |
4325 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
4326 | + * endorse or promote products derived from this software without | |
4327 | + * prior written permission. For written permission, please contact | |
4328 | + * licensing@OpenSSL.org. | |
4329 | + * | |
4330 | + * 5. Products derived from this software may not be called "OpenSSL" | |
4331 | + * nor may "OpenSSL" appear in their names without prior written | |
4332 | + * permission of the OpenSSL Project. | |
4333 | + * | |
4334 | + * 6. Redistributions of any form whatsoever must retain the following | |
4335 | + * acknowledgment: | |
4336 | + * "This product includes software developed by the OpenSSL Project | |
4337 | + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
4338 | + * | |
4339 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
4340 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
4341 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
4342 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
4343 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
4344 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
4345 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
4346 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
4347 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
4348 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
4349 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
4350 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
4351 | + * ==================================================================== | |
4352 | + */ | |
4353 | + | |
4354 | + | |
4355 | +#define OPENSSL_FIPSAPI | |
4356 | +#include <openssl/opensslconf.h> | |
4357 | + | |
4358 | +#ifndef OPENSSL_FIPS | |
4359 | +#include <stdio.h> | |
4360 | + | |
4361 | +int main(int argc, char **argv) | |
4362 | +{ | |
4363 | + printf("No FIPS DH support\n"); | |
4364 | + return(0); | |
4365 | +} | |
4366 | +#else | |
4367 | + | |
4368 | +#include <openssl/crypto.h> | |
4369 | +#include <openssl/bn.h> | |
4370 | +#include <openssl/dh.h> | |
4371 | +#include <openssl/fips.h> | |
4372 | +#include <openssl/err.h> | |
4373 | +#include <openssl/evp.h> | |
4374 | +#include <string.h> | |
4375 | +#include <ctype.h> | |
4376 | + | |
4377 | +#include "fips_utl.h" | |
4378 | + | |
4379 | +static const EVP_MD *parse_md(char *line) | |
4380 | + { | |
4381 | + char *p; | |
4382 | + if (line[0] != '[' || line[1] != 'F') | |
4383 | + return NULL; | |
4384 | + p = strchr(line, '-'); | |
4385 | + if (!p) | |
4386 | + return NULL; | |
4387 | + line = p + 1; | |
4388 | + p = strchr(line, ']'); | |
4389 | + if (!p) | |
4390 | + return NULL; | |
4391 | + *p = 0; | |
4392 | + p = line; | |
4393 | + while(isspace(*p)) | |
4394 | + p++; | |
4395 | + if (!strcmp(p, "SHA1")) | |
4396 | + return EVP_sha1(); | |
4397 | + else if (!strcmp(p, "SHA224")) | |
4398 | + return EVP_sha224(); | |
4399 | + else if (!strcmp(p, "SHA256")) | |
4400 | + return EVP_sha256(); | |
4401 | + else if (!strcmp(p, "SHA384")) | |
4402 | + return EVP_sha384(); | |
4403 | + else if (!strcmp(p, "SHA512")) | |
4404 | + return EVP_sha512(); | |
4405 | + else | |
4406 | + return NULL; | |
4407 | + } | |
4408 | + | |
4409 | +static void output_Zhash(FILE *out, int exout, | |
4410 | + DH *dh, BIGNUM *peerkey, const EVP_MD *md, | |
4411 | + unsigned char *rhash, size_t rhashlen) | |
4412 | + { | |
4413 | + unsigned char *Z; | |
4414 | + unsigned char chash[EVP_MAX_MD_SIZE]; | |
4415 | + int Zlen; | |
4416 | + if (rhash == NULL) | |
4417 | + { | |
4418 | + rhashlen = M_EVP_MD_size(md); | |
4419 | + if (!DH_generate_key(dh)) | |
4420 | + exit (1); | |
4421 | + do_bn_print_name(out, "YephemIUT", dh->pub_key); | |
4422 | + if (exout) | |
4423 | + do_bn_print_name(out, "XephemIUT", dh->priv_key); | |
4424 | + } | |
4425 | + Z = OPENSSL_malloc(BN_num_bytes(dh->p)); | |
4426 | + if (!Z) | |
4427 | + exit(1); | |
4428 | + Zlen = DH_compute_key_padded(Z, peerkey, dh); | |
4429 | + if (exout) | |
4430 | + OutputValue("Z", Z, Zlen, out, 0); | |
4431 | + FIPS_digest(Z, Zlen, chash, NULL, md); | |
4432 | + OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0); | |
4433 | + if (rhash) | |
4434 | + { | |
4435 | + fprintf(out, "Result = %s\n", | |
4436 | + memcmp(chash, rhash, rhashlen) ? "F" : "P"); | |
4437 | + } | |
4438 | + else | |
4439 | + { | |
4440 | + BN_clear_free(dh->priv_key); | |
4441 | + BN_clear_free(dh->pub_key); | |
4442 | + dh->priv_key = NULL; | |
4443 | + dh->pub_key = NULL; | |
4444 | + } | |
4445 | + OPENSSL_cleanse(Z, Zlen); | |
4446 | + OPENSSL_free(Z); | |
4447 | + } | |
4448 | + | |
4449 | +#ifdef FIPS_ALGVS | |
4450 | +int fips_dhvs_main(int argc, char **argv) | |
4451 | +#else | |
4452 | +int main(int argc, char **argv) | |
4453 | +#endif | |
4454 | + { | |
4455 | + char **args = argv + 1; | |
4456 | + int argn = argc - 1; | |
4457 | + FILE *in, *out; | |
4458 | + char buf[2048], lbuf[2048]; | |
4459 | + unsigned char *rhash; | |
4460 | + long rhashlen; | |
4461 | + DH *dh = NULL; | |
4462 | + const EVP_MD *md = NULL; | |
4463 | + BIGNUM *peerkey = NULL; | |
4464 | + char *keyword = NULL, *value = NULL; | |
4465 | + int do_verify = -1, exout = 0; | |
4466 | + | |
4467 | + fips_algtest_init(); | |
4468 | + | |
4469 | + if (argn && !strcmp(*args, "dhver")) | |
4470 | + { | |
4471 | + do_verify = 1; | |
4472 | + args++; | |
4473 | + argn--; | |
4474 | + } | |
4475 | + else if (argn && !strcmp(*args, "dhgen")) | |
4476 | + { | |
4477 | + do_verify = 0; | |
4478 | + args++; | |
4479 | + argn--; | |
4480 | + } | |
4481 | + | |
4482 | + if (argn && !strcmp(*args, "-exout")) | |
4483 | + { | |
4484 | + exout = 1; | |
4485 | + args++; | |
4486 | + argn--; | |
4487 | + } | |
4488 | + | |
4489 | + if (do_verify == -1) | |
4490 | + { | |
4491 | + fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]); | |
4492 | + exit(1); | |
4493 | + } | |
4494 | + | |
4495 | + if (argn == 2) | |
4496 | + { | |
4497 | + in = fopen(*args, "r"); | |
4498 | + if (!in) | |
4499 | + { | |
4500 | + fprintf(stderr, "Error opening input file\n"); | |
4501 | + exit(1); | |
4502 | + } | |
4503 | + out = fopen(args[1], "w"); | |
4504 | + if (!out) | |
4505 | + { | |
4506 | + fprintf(stderr, "Error opening output file\n"); | |
4507 | + exit(1); | |
4508 | + } | |
4509 | + } | |
4510 | + else if (argn == 0) | |
4511 | + { | |
4512 | + in = stdin; | |
4513 | + out = stdout; | |
4514 | + } | |
4515 | + else | |
4516 | + { | |
4517 | + fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]); | |
4518 | + exit(1); | |
4519 | + } | |
4520 | + | |
4521 | + dh = FIPS_dh_new(); | |
4522 | + | |
4523 | + while (fgets(buf, sizeof(buf), in) != NULL) | |
4524 | + { | |
4525 | + fputs(buf, out); | |
4526 | + if (strlen(buf) > 6 && !strncmp(buf, "[F", 2)) | |
4527 | + { | |
4528 | + md = parse_md(buf); | |
4529 | + if (md == NULL) | |
4530 | + goto parse_error; | |
4531 | + if (dh) | |
4532 | + FIPS_dh_free(dh); | |
4533 | + dh = FIPS_dh_new(); | |
4534 | + continue; | |
4535 | + } | |
4536 | + if (!parse_line(&keyword, &value, lbuf, buf)) | |
4537 | + continue; | |
4538 | + if (!strcmp(keyword, "P")) | |
4539 | + { | |
4540 | + if (!do_hex2bn(&dh->p, value)) | |
4541 | + goto parse_error; | |
4542 | + } | |
4543 | + else if (!strcmp(keyword, "Q")) | |
4544 | + { | |
4545 | + if (!do_hex2bn(&dh->q, value)) | |
4546 | + goto parse_error; | |
4547 | + } | |
4548 | + else if (!strcmp(keyword, "G")) | |
4549 | + { | |
4550 | + if (!do_hex2bn(&dh->g, value)) | |
4551 | + goto parse_error; | |
4552 | + } | |
4553 | + else if (!strcmp(keyword, "XephemIUT")) | |
4554 | + { | |
4555 | + if (!do_hex2bn(&dh->priv_key, value)) | |
4556 | + goto parse_error; | |
4557 | + } | |
4558 | + else if (!strcmp(keyword, "YephemIUT")) | |
4559 | + { | |
4560 | + if (!do_hex2bn(&dh->pub_key, value)) | |
4561 | + goto parse_error; | |
4562 | + } | |
4563 | + else if (!strcmp(keyword, "YephemCAVS")) | |
4564 | + { | |
4565 | + if (!do_hex2bn(&peerkey, value)) | |
4566 | + goto parse_error; | |
4567 | + if (do_verify == 0) | |
4568 | + output_Zhash(out, exout, dh, peerkey, md, | |
4569 | + NULL, 0); | |
4570 | + } | |
4571 | + else if (!strcmp(keyword, "CAVSHashZZ")) | |
4572 | + { | |
4573 | + if (!md) | |
4574 | + goto parse_error; | |
4575 | + rhash = hex2bin_m(value, &rhashlen); | |
4576 | + if (!rhash || rhashlen != M_EVP_MD_size(md)) | |
4577 | + goto parse_error; | |
4578 | + output_Zhash(out, exout, dh, peerkey, md, | |
4579 | + rhash, rhashlen); | |
4580 | + } | |
4581 | + } | |
4582 | + if (in && in != stdin) | |
4583 | + fclose(in); | |
4584 | + if (out && out != stdout) | |
4585 | + fclose(out); | |
4586 | + return 0; | |
4587 | + parse_error: | |
4588 | + fprintf(stderr, "Error Parsing request file\n"); | |
4589 | + exit(1); | |
4590 | + } | |
4591 | + | |
4592 | +#endif | |
a7ff9508 MT |
4593 | diff -up openssl-1.0.1b/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_drbgvs.c |
4594 | --- openssl-1.0.1b/crypto/fips/cavs/fips_drbgvs.c.fips 2012-04-26 18:00:51.398769255 +0200 | |
4595 | +++ openssl-1.0.1b/crypto/fips/cavs/fips_drbgvs.c 2012-04-26 18:00:51.398769255 +0200 | |
0595faf5 MT |
4596 | @@ -0,0 +1,416 @@ |
4597 | +/* fips/rand/fips_drbgvs.c */ | |
4598 | +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
4599 | + * project. | |
4600 | + */ | |
4601 | +/* ==================================================================== | |
4602 | + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | |
4603 | + * | |
4604 | + * Redistribution and use in source and binary forms, with or without | |
4605 | + * modification, are permitted provided that the following conditions | |
4606 | + * are met: | |
4607 | + * | |
4608 | + * 1. Redistributions of source code must retain the above copyright | |
4609 | + * notice, this list of conditions and the following disclaimer. | |
4610 | + * | |
4611 | + * 2. Redistributions in binary form must reproduce the above copyright | |
4612 | + * notice, this list of conditions and the following disclaimer in | |
4613 | + * the documentation and/or other materials provided with the | |
4614 | + * distribution. | |
4615 | + * | |
4616 | + * 3. All advertising materials mentioning features or use of this | |
4617 | + * software must display the following acknowledgment: | |
4618 | + * "This product includes software developed by the OpenSSL Project | |
4619 | + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
4620 | + * | |
4621 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
4622 | + * endorse or promote products derived from this software without | |
4623 | + * prior written permission. For written permission, please contact | |
4624 | + * licensing@OpenSSL.org. | |
4625 | + * | |
4626 | + * 5. Products derived from this software may not be called "OpenSSL" | |
4627 | + * nor may "OpenSSL" appear in their names without prior written | |
4628 | + * permission of the OpenSSL Project. | |
4629 | + * | |
4630 | + * 6. Redistributions of any form whatsoever must retain the following | |
4631 | + * acknowledgment: | |
4632 | + * "This product includes software developed by the OpenSSL Project | |
4633 | + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
4634 | + * | |
4635 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
4636 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
4637 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
4638 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
4639 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
4640 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
4641 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
4642 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
4643 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
4644 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
4645 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
4646 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
4647 | + * ==================================================================== | |
4648 | + */ | |
4649 | + | |
4650 | + | |
4651 | +#define OPENSSL_FIPSAPI | |
4652 | +#include <openssl/opensslconf.h> | |
4653 | + | |
4654 | +#ifndef OPENSSL_FIPS | |
4655 | +#include <stdio.h> | |
4656 | + | |
4657 | +int main(int argc, char **argv) | |
4658 | +{ | |
4659 | + printf("No FIPS DRBG support\n"); | |
4660 | + return(0); | |
4661 | +} | |
4662 | +#else | |
4663 | + | |
4664 | +#include <openssl/bn.h> | |
4665 | +#include <openssl/dsa.h> | |
4666 | +#include <openssl/fips.h> | |
4667 | +#include <openssl/fips_rand.h> | |
4668 | +#include <openssl/err.h> | |
4669 | +#include <openssl/evp.h> | |
4670 | +#include <string.h> | |
4671 | +#include <ctype.h> | |
4672 | + | |
4673 | +#include "fips_utl.h" | |
4674 | + | |
4675 | +static int dparse_md(char *str) | |
4676 | + { | |
4677 | + switch(atoi(str + 5)) | |
4678 | + { | |
4679 | + case 1: | |
4680 | + return NID_sha1; | |
4681 | + | |
4682 | + case 224: | |
4683 | + return NID_sha224; | |
4684 | + | |
4685 | + case 256: | |
4686 | + return NID_sha256; | |
4687 | + | |
4688 | + case 384: | |
4689 | + return NID_sha384; | |
4690 | + | |
4691 | + case 512: | |
4692 | + return NID_sha512; | |
4693 | + | |
4694 | + } | |
4695 | + | |
4696 | + return NID_undef; | |
4697 | + } | |
4698 | + | |
4699 | +static int parse_ec(char *str) | |
4700 | + { | |
4701 | + int curve_nid, md_nid; | |
4702 | + char *md; | |
4703 | + md = strchr(str, ' '); | |
4704 | + if (!md) | |
4705 | + return NID_undef; | |
4706 | + if (!strncmp(str, "[P-256", 6)) | |
4707 | + curve_nid = NID_X9_62_prime256v1; | |
4708 | + else if (!strncmp(str, "[P-384", 6)) | |
4709 | + curve_nid = NID_secp384r1; | |
4710 | + else if (!strncmp(str, "[P-521", 6)) | |
4711 | + curve_nid = NID_secp521r1; | |
4712 | + else | |
4713 | + return NID_undef; | |
4714 | + md_nid = dparse_md(md); | |
4715 | + if (md_nid == NID_undef) | |
4716 | + return NID_undef; | |
4717 | + return (curve_nid << 16) | md_nid; | |
4718 | + } | |
4719 | + | |
4720 | +static int parse_aes(char *str, int *pdf) | |
4721 | + { | |
4722 | + | |
4723 | + if (!strncmp(str + 9, "no", 2)) | |
4724 | + *pdf = 0; | |
4725 | + else | |
4726 | + *pdf = DRBG_FLAG_CTR_USE_DF; | |
4727 | + | |
4728 | + switch(atoi(str + 5)) | |
4729 | + { | |
4730 | + case 128: | |
4731 | + return NID_aes_128_ctr; | |
4732 | + | |
4733 | + case 192: | |
4734 | + return NID_aes_192_ctr; | |
4735 | + | |
4736 | + case 256: | |
4737 | + return NID_aes_256_ctr; | |
4738 | + | |
4739 | + default: | |
4740 | + return NID_undef; | |
4741 | + | |
4742 | + } | |
4743 | + } | |
4744 | + | |
4745 | +typedef struct | |
4746 | + { | |
4747 | + unsigned char *ent; | |
4748 | + size_t entlen; | |
4749 | + unsigned char *nonce; | |
4750 | + size_t noncelen; | |
4751 | + } TEST_ENT; | |
4752 | + | |
4753 | +static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout, | |
4754 | + int entropy, size_t min_len, size_t max_len) | |
4755 | + { | |
4756 | + TEST_ENT *t = FIPS_drbg_get_app_data(dctx); | |
4757 | + *pout = (unsigned char *)t->ent; | |
4758 | + return t->entlen; | |
4759 | + } | |
4760 | + | |
4761 | +static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout, | |
4762 | + int entropy, size_t min_len, size_t max_len) | |
4763 | + { | |
4764 | + TEST_ENT *t = FIPS_drbg_get_app_data(dctx); | |
4765 | + *pout = (unsigned char *)t->nonce; | |
4766 | + return t->noncelen; | |
4767 | + } | |
4768 | + | |
4769 | +#ifdef FIPS_ALGVS | |
4770 | +int fips_drbgvs_main(int argc,char **argv) | |
4771 | +#else | |
4772 | +int main(int argc,char **argv) | |
4773 | +#endif | |
4774 | + { | |
4775 | + FILE *in = NULL, *out = NULL; | |
4776 | + DRBG_CTX *dctx = NULL; | |
4777 | + TEST_ENT t; | |
4778 | + int r, nid = 0; | |
4779 | + int pr = 0; | |
4780 | + char buf[2048], lbuf[2048]; | |
4781 | + unsigned char randout[2048]; | |
4782 | + char *keyword = NULL, *value = NULL; | |
4783 | + | |
4784 | + unsigned char *ent = NULL, *nonce = NULL, *pers = NULL, *adin = NULL; | |
4785 | + long entlen, noncelen, perslen, adinlen; | |
4786 | + int df = 0; | |
4787 | + | |
4788 | + enum dtype { DRBG_NONE, DRBG_CTR, DRBG_HASH, DRBG_HMAC, DRBG_DUAL_EC } | |
4789 | + drbg_type = DRBG_NONE; | |
4790 | + | |
4791 | + int randoutlen = 0; | |
4792 | + | |
4793 | + int gen = 0; | |
4794 | + | |
4795 | + fips_algtest_init(); | |
4796 | + | |
4797 | + if (argc == 3) | |
4798 | + { | |
4799 | + in = fopen(argv[1], "r"); | |
4800 | + if (!in) | |
4801 | + { | |
4802 | + fprintf(stderr, "Error opening input file\n"); | |
4803 | + exit(1); | |
4804 | + } | |
4805 | + out = fopen(argv[2], "w"); | |
4806 | + if (!out) | |
4807 | + { | |
4808 | + fprintf(stderr, "Error opening output file\n"); | |
4809 | + exit(1); | |
4810 | + } | |
4811 | + } | |
4812 | + else if (argc == 1) | |
4813 | + { | |
4814 | + in = stdin; | |
4815 | + out = stdout; | |
4816 | + } | |
4817 | + else | |
4818 | + { | |
4819 | + fprintf(stderr,"%s (infile outfile)\n",argv[0]); | |
4820 | + exit(1); | |
4821 | + } | |
4822 | + | |
4823 | + while (fgets(buf, sizeof(buf), in) != NULL) | |
4824 | + { | |
4825 | + fputs(buf, out); | |
4826 | + if (drbg_type == DRBG_NONE) | |
4827 | + { | |
4828 | + if (strstr(buf, "CTR_DRBG")) | |
4829 | + drbg_type = DRBG_CTR; | |
4830 | + else if (strstr(buf, "Hash_DRBG")) | |
4831 | + drbg_type = DRBG_HASH; | |
4832 | + else if (strstr(buf, "HMAC_DRBG")) | |
4833 | + drbg_type = DRBG_HMAC; | |
4834 | + else if (strstr(buf, "Dual_EC_DRBG")) | |
4835 | + drbg_type = DRBG_DUAL_EC; | |
4836 | + else | |
4837 | + continue; | |
4838 | + } | |
4839 | + if (strlen(buf) > 4 && !strncmp(buf, "[SHA-", 5)) | |
4840 | + { | |
4841 | + nid = dparse_md(buf); | |
4842 | + if (nid == NID_undef) | |
4843 | + exit(1); | |
4844 | + if (drbg_type == DRBG_HMAC) | |
4845 | + { | |
4846 | + switch (nid) | |
4847 | + { | |
4848 | + case NID_sha1: | |
4849 | + nid = NID_hmacWithSHA1; | |
4850 | + break; | |
4851 | + | |
4852 | + case NID_sha224: | |
4853 | + nid = NID_hmacWithSHA224; | |
4854 | + break; | |
4855 | + | |
4856 | + case NID_sha256: | |
4857 | + nid = NID_hmacWithSHA256; | |
4858 | + break; | |
4859 | + | |
4860 | + case NID_sha384: | |
4861 | + nid = NID_hmacWithSHA384; | |
4862 | + break; | |
4863 | + | |
4864 | + case NID_sha512: | |
4865 | + nid = NID_hmacWithSHA512; | |
4866 | + break; | |
4867 | + | |
4868 | + default: | |
4869 | + exit(1); | |
4870 | + } | |
4871 | + } | |
4872 | + } | |
4873 | + if (strlen(buf) > 12 && !strncmp(buf, "[AES-", 5)) | |
4874 | + { | |
4875 | + nid = parse_aes(buf, &df); | |
4876 | + if (nid == NID_undef) | |
4877 | + exit(1); | |
4878 | + } | |
4879 | + if (strlen(buf) > 12 && !strncmp(buf, "[P-", 3)) | |
4880 | + { | |
4881 | + nid = parse_ec(buf); | |
4882 | + if (nid == NID_undef) | |
4883 | + exit(1); | |
4884 | + } | |
4885 | + if (!parse_line(&keyword, &value, lbuf, buf)) | |
4886 | + continue; | |
4887 | + | |
4888 | + if (!strcmp(keyword, "[PredictionResistance")) | |
4889 | + { | |
4890 | + if (!strcmp(value, "True]")) | |
4891 | + pr = 1; | |
4892 | + else if (!strcmp(value, "False]")) | |
4893 | + pr = 0; | |
4894 | + else | |
4895 | + exit(1); | |
4896 | + } | |
4897 | + | |
4898 | + if (!strcmp(keyword, "EntropyInput")) | |
4899 | + { | |
4900 | + ent = hex2bin_m(value, &entlen); | |
4901 | + t.ent = ent; | |
4902 | + t.entlen = entlen; | |
4903 | + } | |
4904 | + | |
4905 | + if (!strcmp(keyword, "Nonce")) | |
4906 | + { | |
4907 | + nonce = hex2bin_m(value, &noncelen); | |
4908 | + t.nonce = nonce; | |
4909 | + t.noncelen = noncelen; | |
4910 | + } | |
4911 | + | |
4912 | + if (!strcmp(keyword, "PersonalizationString")) | |
4913 | + { | |
4914 | + pers = hex2bin_m(value, &perslen); | |
4915 | + if (nid == 0) | |
4916 | + { | |
4917 | + fprintf(stderr, "DRBG type not recognised!\n"); | |
4918 | + exit (1); | |
4919 | + } | |
4920 | + dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST); | |
4921 | + if (!dctx) | |
4922 | + exit (1); | |
4923 | + FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, | |
4924 | + test_nonce, 0); | |
4925 | + FIPS_drbg_set_app_data(dctx, &t); | |
4926 | + randoutlen = (int)FIPS_drbg_get_blocklength(dctx); | |
4927 | + r = FIPS_drbg_instantiate(dctx, pers, perslen); | |
4928 | + if (!r) | |
4929 | + { | |
4930 | + fprintf(stderr, "Error instantiating DRBG\n"); | |
4931 | + exit(1); | |
4932 | + } | |
4933 | + OPENSSL_free(pers); | |
4934 | + OPENSSL_free(ent); | |
4935 | + OPENSSL_free(nonce); | |
4936 | + ent = nonce = pers = NULL; | |
4937 | + gen = 0; | |
4938 | + } | |
4939 | + | |
4940 | + if (!strcmp(keyword, "AdditionalInput")) | |
4941 | + { | |
4942 | + adin = hex2bin_m(value, &adinlen); | |
4943 | + if (pr) | |
4944 | + continue; | |
4945 | + r = FIPS_drbg_generate(dctx, randout, randoutlen, 0, | |
4946 | + adin, adinlen); | |
4947 | + if (!r) | |
4948 | + { | |
4949 | + fprintf(stderr, "Error generating DRBG bits\n"); | |
4950 | + exit(1); | |
4951 | + } | |
4952 | + if (!r) | |
4953 | + exit(1); | |
4954 | + OPENSSL_free(adin); | |
4955 | + adin = NULL; | |
4956 | + gen++; | |
4957 | + } | |
4958 | + | |
4959 | + if (pr) | |
4960 | + { | |
4961 | + if (!strcmp(keyword, "EntropyInputPR")) | |
4962 | + { | |
4963 | + ent = hex2bin_m(value, &entlen); | |
4964 | + t.ent = ent; | |
4965 | + t.entlen = entlen; | |
4966 | + r = FIPS_drbg_generate(dctx, | |
4967 | + randout, randoutlen, | |
4968 | + 1, adin, adinlen); | |
4969 | + if (!r) | |
4970 | + { | |
4971 | + fprintf(stderr, | |
4972 | + "Error generating DRBG bits\n"); | |
4973 | + exit(1); | |
4974 | + } | |
4975 | + OPENSSL_free(adin); | |
4976 | + OPENSSL_free(ent); | |
4977 | + adin = ent = NULL; | |
4978 | + gen++; | |
4979 | + } | |
4980 | + } | |
4981 | + if (!strcmp(keyword, "EntropyInputReseed")) | |
4982 | + { | |
4983 | + ent = hex2bin_m(value, &entlen); | |
4984 | + t.ent = ent; | |
4985 | + t.entlen = entlen; | |
4986 | + } | |
4987 | + if (!strcmp(keyword, "AdditionalInputReseed")) | |
4988 | + { | |
4989 | + adin = hex2bin_m(value, &adinlen); | |
4990 | + FIPS_drbg_reseed(dctx, adin, adinlen); | |
4991 | + OPENSSL_free(ent); | |
4992 | + OPENSSL_free(adin); | |
4993 | + ent = adin = NULL; | |
4994 | + } | |
4995 | + if (gen == 2) | |
4996 | + { | |
4997 | + OutputValue("ReturnedBits", randout, randoutlen, | |
4998 | + out, 0); | |
4999 | + FIPS_drbg_free(dctx); | |
5000 | + dctx = NULL; | |
5001 | + gen = 0; | |
5002 | + } | |
5003 | + | |
5004 | + } | |
5005 | + if (in && in != stdin) | |
5006 | + fclose(in); | |
5007 | + if (out && out != stdout) | |
5008 | + fclose(out); | |
5009 | + return 0; | |
5010 | + } | |
5011 | + | |
5012 | +#endif | |
a7ff9508 MT |
5013 | diff -up openssl-1.0.1b/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_dssvs.c |
5014 | --- openssl-1.0.1b/crypto/fips/cavs/fips_dssvs.c.fips 2012-04-26 18:00:51.398769255 +0200 | |
5015 | +++ openssl-1.0.1b/crypto/fips/cavs/fips_dssvs.c 2012-04-26 18:00:51.398769255 +0200 | |
0595faf5 MT |
5016 | @@ -0,0 +1,537 @@ |
5017 | +#include <openssl/opensslconf.h> | |
5018 | + | |
5019 | +#ifndef OPENSSL_FIPS | |
5020 | +#include <stdio.h> | |
5021 | + | |
5022 | +int main(int argc, char **argv) | |
5023 | +{ | |
5024 | + printf("No FIPS DSA support\n"); | |
5025 | + return(0); | |
5026 | +} | |
5027 | +#else | |
5028 | + | |
5029 | +#include <openssl/bn.h> | |
5030 | +#include <openssl/dsa.h> | |
5031 | +#include <openssl/fips.h> | |
5032 | +#include <openssl/err.h> | |
5033 | +#include <openssl/evp.h> | |
5034 | +#include <string.h> | |
5035 | +#include <ctype.h> | |
5036 | + | |
5037 | +#include "fips_utl.h" | |
5038 | + | |
5039 | +static void pbn(const char *name, BIGNUM *bn) | |
5040 | + { | |
5041 | + int len, i; | |
5042 | + unsigned char *tmp; | |
5043 | + len = BN_num_bytes(bn); | |
5044 | + tmp = OPENSSL_malloc(len); | |
5045 | + if (!tmp) | |
5046 | + { | |
5047 | + fprintf(stderr, "Memory allocation error\n"); | |
5048 | + return; | |
5049 | + } | |
5050 | + BN_bn2bin(bn, tmp); | |
5051 | + printf("%s = ", name); | |
5052 | + for (i = 0; i < len; i++) | |
5053 | + printf("%02X", tmp[i]); | |
5054 | + fputs("\n", stdout); | |
5055 | + OPENSSL_free(tmp); | |
5056 | + return; | |
5057 | + } | |
5058 | + | |
5059 | +void primes() | |
5060 | + { | |
5061 | + char buf[10240]; | |
5062 | + char lbuf[10240]; | |
5063 | + char *keyword, *value; | |
5064 | + | |
5065 | + while(fgets(buf,sizeof buf,stdin) != NULL) | |
5066 | + { | |
5067 | + fputs(buf,stdout); | |
5068 | + if (!parse_line(&keyword, &value, lbuf, buf)) | |
5069 | + continue; | |
5070 | + if(!strcmp(keyword,"Prime")) | |
5071 | + { | |
5072 | + BIGNUM *pp; | |
5073 | + | |
5074 | + pp=BN_new(); | |
5075 | + do_hex2bn(&pp,value); | |
5076 | + printf("result= %c\n", | |
5077 | + BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F'); | |
5078 | + } | |
5079 | + } | |
5080 | + } | |
5081 | + | |
5082 | +void pqg() | |
5083 | + { | |
5084 | + char buf[1024]; | |
5085 | + char lbuf[1024]; | |
5086 | + char *keyword, *value; | |
5087 | + int nmod=0; | |
5088 | + | |
5089 | + while(fgets(buf,sizeof buf,stdin) != NULL) | |
5090 | + { | |
5091 | + if (!parse_line(&keyword, &value, lbuf, buf)) | |
5092 | + { | |
5093 | + fputs(buf,stdout); | |
5094 | + continue; | |
5095 | + } | |
5096 | + if(!strcmp(keyword,"[mod")) | |
5097 | + nmod=atoi(value); | |
5098 | + else if(!strcmp(keyword,"N")) | |
5099 | + { | |
5100 | + int n=atoi(value); | |
5101 | + | |
5102 | + printf("[mod = %d]\n\n",nmod); | |
5103 | + | |
5104 | + while(n--) | |
5105 | + { | |
5106 | + unsigned char seed[20]; | |
5107 | + DSA *dsa; | |
5108 | + int counter; | |
5109 | + unsigned long h; | |
5110 | + dsa = FIPS_dsa_new(); | |
5111 | + | |
5112 | + if (!DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL)) | |
5113 | + { | |
5114 | + do_print_errors(); | |
5115 | + exit(1); | |
5116 | + } | |
5117 | + pbn("P",dsa->p); | |
5118 | + pbn("Q",dsa->q); | |
5119 | + pbn("G",dsa->g); | |
5120 | + pv("Seed",seed,20); | |
5121 | + printf("c = %d\n",counter); | |
5122 | + printf("H = %lx\n",h); | |
5123 | + putc('\n',stdout); | |
5124 | + } | |
5125 | + } | |
5126 | + else | |
5127 | + fputs(buf,stdout); | |
5128 | + } | |
5129 | + } | |
5130 | + | |
5131 | +void pqgver() | |
5132 | + { | |
5133 | + char buf[1024]; | |
5134 | + char lbuf[1024]; | |
5135 | + char *keyword, *value; | |
5136 | + BIGNUM *p = NULL, *q = NULL, *g = NULL; | |
5137 | + int counter, counter2; | |
5138 | + unsigned long h, h2; | |
5139 | + DSA *dsa=NULL; | |
5140 | + int nmod=0; | |
5141 | + unsigned char seed[1024]; | |
5142 | + | |
5143 | + while(fgets(buf,sizeof buf,stdin) != NULL) | |
5144 | + { | |
5145 | + if (!parse_line(&keyword, &value, lbuf, buf)) | |
5146 | + { | |
5147 | + fputs(buf,stdout); | |
5148 | + continue; | |
5149 | + } | |
5150 | + fputs(buf, stdout); | |
5151 | + if(!strcmp(keyword,"[mod")) | |
5152 | + nmod=atoi(value); | |
5153 | + else if(!strcmp(keyword,"P")) | |
5154 | + p=hex2bn(value); | |
5155 | + else if(!strcmp(keyword,"Q")) | |
5156 | + q=hex2bn(value); | |
5157 | + else if(!strcmp(keyword,"G")) | |
5158 | + g=hex2bn(value); | |
5159 | + else if(!strcmp(keyword,"Seed")) | |
5160 | + { | |
5161 | + int slen = hex2bin(value, seed); | |
5162 | + if (slen != 20) | |
5163 | + { | |
5164 | + fprintf(stderr, "Seed parse length error\n"); | |
5165 | + exit (1); | |
5166 | + } | |
5167 | + } | |
5168 | + else if(!strcmp(keyword,"c")) | |
5169 | + counter =atoi(buf+4); | |
5170 | + else if(!strcmp(keyword,"H")) | |
5171 | + { | |
5172 | + h = atoi(value); | |
5173 | + if (!p || !q || !g) | |
5174 | + { | |
5175 | + fprintf(stderr, "Parse Error\n"); | |
5176 | + exit (1); | |
5177 | + } | |
5178 | + dsa = FIPS_dsa_new(); | |
5179 | + if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL)) | |
5180 | + { | |
5181 | + do_print_errors(); | |
5182 | + exit(1); | |
5183 | + } | |
5184 | + if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g) | |
5185 | + || (counter != counter2) || (h != h2)) | |
5186 | + printf("Result = F\n"); | |
5187 | + else | |
5188 | + printf("Result = P\n"); | |
5189 | + BN_free(p); | |
5190 | + BN_free(q); | |
5191 | + BN_free(g); | |
5192 | + p = NULL; | |
5193 | + q = NULL; | |
5194 | + g = NULL; | |
5195 | + FIPS_dsa_free(dsa); | |
5196 | + dsa = NULL; | |
5197 | + } | |
5198 | + } | |
5199 | + } | |
5200 | + | |
5201 | +/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2 | |
5202 | + * algorithm tests. It is an additional test to perform sanity checks on the | |
5203 | + * output of the KeyPair test. | |
5204 | + */ | |
5205 | + | |
5206 | +static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g, | |
5207 | + BN_CTX *ctx) | |
5208 | + { | |
5209 | + BIGNUM *rem = NULL; | |
5210 | + if (BN_num_bits(p) != nmod) | |
5211 | + return 0; | |
5212 | + if (BN_num_bits(q) != 160) | |
5213 | + return 0; | |
5214 | + if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1) | |
5215 | + return 0; | |
5216 | + if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1) | |
5217 | + return 0; | |
5218 | + rem = BN_new(); | |
5219 | + if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem) | |
5220 | + || (BN_cmp(g, BN_value_one()) <= 0) | |
5221 | + || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem)) | |
5222 | + { | |
5223 | + BN_free(rem); | |
5224 | + return 0; | |
5225 | + } | |
5226 | + /* Todo: check g */ | |
5227 | + BN_free(rem); | |
5228 | + return 1; | |
5229 | + } | |
5230 | + | |
5231 | +void keyver() | |
5232 | + { | |
5233 | + char buf[1024]; | |
5234 | + char lbuf[1024]; | |
5235 | + char *keyword, *value; | |
5236 | + BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL; | |
5237 | + BIGNUM *Y2; | |
5238 | + BN_CTX *ctx = NULL; | |
5239 | + int nmod=0, paramcheck = 0; | |
5240 | + | |
5241 | + ctx = BN_CTX_new(); | |
5242 | + Y2 = BN_new(); | |
5243 | + | |
5244 | + while(fgets(buf,sizeof buf,stdin) != NULL) | |
5245 | + { | |
5246 | + if (!parse_line(&keyword, &value, lbuf, buf)) | |
5247 | + { | |
5248 | + fputs(buf,stdout); | |
5249 | + continue; | |
5250 | + } | |
5251 | + if(!strcmp(keyword,"[mod")) | |
5252 | + { | |
5253 | + if (p) | |
5254 | + BN_free(p); | |
5255 | + p = NULL; | |
5256 | + if (q) | |
5257 | + BN_free(q); | |
5258 | + q = NULL; | |
5259 | + if (g) | |
5260 | + BN_free(g); | |
5261 | + g = NULL; | |
5262 | + paramcheck = 0; | |
5263 | + nmod=atoi(value); | |
5264 | + } | |
5265 | + else if(!strcmp(keyword,"P")) | |
5266 | + p=hex2bn(value); | |
5267 | + else if(!strcmp(keyword,"Q")) | |
5268 | + q=hex2bn(value); | |
5269 | + else if(!strcmp(keyword,"G")) | |
5270 | + g=hex2bn(value); | |
5271 | + else if(!strcmp(keyword,"X")) | |
5272 | + X=hex2bn(value); | |
5273 | + else if(!strcmp(keyword,"Y")) | |
5274 | + { | |
5275 | + Y=hex2bn(value); | |
5276 | + if (!p || !q || !g || !X || !Y) | |
5277 | + { | |
5278 | + fprintf(stderr, "Parse Error\n"); | |
5279 | + exit (1); | |
5280 | + } | |
5281 | + pbn("P",p); | |
5282 | + pbn("Q",q); | |
5283 | + pbn("G",g); | |
5284 | + pbn("X",X); | |
5285 | + pbn("Y",Y); | |
5286 | + if (!paramcheck) | |
5287 | + { | |
5288 | + if (dss_paramcheck(nmod, p, q, g, ctx)) | |
5289 | + paramcheck = 1; | |
5290 | + else | |
5291 | + paramcheck = -1; | |
5292 | + } | |
5293 | + if (paramcheck != 1) | |
5294 | + printf("Result = F\n"); | |
5295 | + else | |
5296 | + { | |
5297 | + if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y)) | |
5298 | + printf("Result = F\n"); | |
5299 | + else | |
5300 | + printf("Result = P\n"); | |
5301 | + } | |
5302 | + BN_free(X); | |
5303 | + BN_free(Y); | |
5304 | + X = NULL; | |
5305 | + Y = NULL; | |
5306 | + } | |
5307 | + } | |
5308 | + if (p) | |
5309 | + BN_free(p); | |
5310 | + if (q) | |
5311 | + BN_free(q); | |
5312 | + if (g) | |
5313 | + BN_free(g); | |
5314 | + if (Y2) | |
5315 | + BN_free(Y2); | |
5316 | + } | |
5317 | + | |
5318 | +void keypair() | |
5319 | + { | |
5320 | + char buf[1024]; | |
5321 | + char lbuf[1024]; | |
5322 | + char *keyword, *value; | |
5323 | + int nmod=0; | |
5324 | + | |
5325 | + while(fgets(buf,sizeof buf,stdin) != NULL) | |
5326 | + { | |
5327 | + if (!parse_line(&keyword, &value, lbuf, buf)) | |
5328 | + { | |
5329 | + fputs(buf,stdout); | |
5330 | + continue; | |
5331 | + } | |
5332 | + if(!strcmp(keyword,"[mod")) | |
5333 | + nmod=atoi(value); | |
5334 | + else if(!strcmp(keyword,"N")) | |
5335 | + { | |
5336 | + DSA *dsa; | |
5337 | + int n=atoi(value); | |
5338 | + | |
5339 | + printf("[mod = %d]\n\n",nmod); | |
5340 | + dsa = FIPS_dsa_new(); | |
5341 | + if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL)) | |
5342 | + { | |
5343 | + do_print_errors(); | |
5344 | + exit(1); | |
5345 | + } | |
5346 | + pbn("P",dsa->p); | |
5347 | + pbn("Q",dsa->q); | |
5348 | + pbn("G",dsa->g); | |
5349 | + putc('\n',stdout); | |
5350 | + | |
5351 | + while(n--) | |
5352 | + { | |
5353 | + if (!DSA_generate_key(dsa)) | |
5354 | + { | |
5355 | + do_print_errors(); | |
5356 | + exit(1); | |
5357 | + } | |
5358 | + | |
5359 | + pbn("X",dsa->priv_key); | |
5360 | + pbn("Y",dsa->pub_key); | |
5361 | + putc('\n',stdout); | |
5362 | + } | |
5363 | + } | |
5364 | + } | |
5365 | + } | |
5366 | + | |
5367 | +void siggen() | |
5368 | + { | |
5369 | + char buf[1024]; | |
5370 | + char lbuf[1024]; | |
5371 | + char *keyword, *value; | |
5372 | + int nmod=0; | |
5373 | + DSA *dsa=NULL; | |
5374 | + | |
5375 | + while(fgets(buf,sizeof buf,stdin) != NULL) | |
5376 | + { | |
5377 | + if (!parse_line(&keyword, &value, lbuf, buf)) | |
5378 | + { | |
5379 | + fputs(buf,stdout); | |
5380 | + continue; | |
5381 | + } | |
5382 | + if(!strcmp(keyword,"[mod")) | |
5383 | + { | |
5384 | + nmod=atoi(value); | |
5385 | + printf("[mod = %d]\n\n",nmod); | |
5386 | + if (dsa) | |
5387 | + FIPS_dsa_free(dsa); | |
5388 | + dsa = FIPS_dsa_new(); | |
5389 | + if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL)) | |
5390 | + { | |
5391 | + do_print_errors(); | |
5392 | + exit(1); | |
5393 | + } | |
5394 | + pbn("P",dsa->p); | |
5395 | + pbn("Q",dsa->q); | |
5396 | + pbn("G",dsa->g); | |
5397 | + putc('\n',stdout); | |
5398 | + } | |
5399 | + else if(!strcmp(keyword,"Msg")) | |
5400 | + { | |
5401 | + unsigned char msg[1024]; | |
5402 | + unsigned char sbuf[60]; | |
5403 | + unsigned int slen; | |
5404 | + int n; | |
5405 | + EVP_PKEY pk; | |
5406 | + EVP_MD_CTX mctx; | |
5407 | + DSA_SIG *sig; | |
5408 | + EVP_MD_CTX_init(&mctx); | |
5409 | + | |
5410 | + n=hex2bin(value,msg); | |
5411 | + pv("Msg",msg,n); | |
5412 | + | |
5413 | + if (!DSA_generate_key(dsa)) | |
5414 | + { | |
5415 | + do_print_errors(); | |
5416 | + exit(1); | |
5417 | + } | |
5418 | + pk.type = EVP_PKEY_DSA; | |
5419 | + pk.pkey.dsa = dsa; | |
5420 | + pbn("Y",dsa->pub_key); | |
5421 | + | |
5422 | + EVP_SignInit_ex(&mctx, EVP_dss1(), NULL); | |
5423 | + EVP_SignUpdate(&mctx, msg, n); | |
5424 | + EVP_SignFinal(&mctx, sbuf, &slen, &pk); | |
5425 | + | |
5426 | + sig = DSA_SIG_new(); | |
5427 | + FIPS_dsa_sig_decode(sig, sbuf, slen); | |
5428 | + | |
5429 | + pbn("R",sig->r); | |
5430 | + pbn("S",sig->s); | |
5431 | + putc('\n',stdout); | |
5432 | + DSA_SIG_free(sig); | |
5433 | + EVP_MD_CTX_cleanup(&mctx); | |
5434 | + } | |
5435 | + } | |
5436 | + if (dsa) | |
5437 | + FIPS_dsa_free(dsa); | |
5438 | + } | |
5439 | + | |
5440 | +void sigver() | |
5441 | + { | |
5442 | + DSA *dsa=NULL; | |
5443 | + char buf[1024]; | |
5444 | + char lbuf[1024]; | |
5445 | + unsigned char msg[1024]; | |
5446 | + char *keyword, *value; | |
5447 | + int nmod=0, n=0; | |
5448 | + DSA_SIG sg, *sig = &sg; | |
5449 | + | |
5450 | + sig->r = NULL; | |
5451 | + sig->s = NULL; | |
5452 | + | |
5453 | + while(fgets(buf,sizeof buf,stdin) != NULL) | |
5454 | + { | |
5455 | + if (!parse_line(&keyword, &value, lbuf, buf)) | |
5456 | + { | |
5457 | + fputs(buf,stdout); | |
5458 | + continue; | |
5459 | + } | |
5460 | + if(!strcmp(keyword,"[mod")) | |
5461 | + { | |
5462 | + nmod=atoi(value); | |
5463 | + if(dsa) | |
5464 | + FIPS_dsa_free(dsa); | |
5465 | + dsa=FIPS_dsa_new(); | |
5466 | + } | |
5467 | + else if(!strcmp(keyword,"P")) | |
5468 | + dsa->p=hex2bn(value); | |
5469 | + else if(!strcmp(keyword,"Q")) | |
5470 | + dsa->q=hex2bn(value); | |
5471 | + else if(!strcmp(keyword,"G")) | |
5472 | + { | |
5473 | + dsa->g=hex2bn(value); | |
5474 | + | |
5475 | + printf("[mod = %d]\n\n",nmod); | |
5476 | + pbn("P",dsa->p); | |
5477 | + pbn("Q",dsa->q); | |
5478 | + pbn("G",dsa->g); | |
5479 | + putc('\n',stdout); | |
5480 | + } | |
5481 | + else if(!strcmp(keyword,"Msg")) | |
5482 | + { | |
5483 | + n=hex2bin(value,msg); | |
5484 | + pv("Msg",msg,n); | |
5485 | + } | |
5486 | + else if(!strcmp(keyword,"Y")) | |
5487 | + dsa->pub_key=hex2bn(value); | |
5488 | + else if(!strcmp(keyword,"R")) | |
5489 | + sig->r=hex2bn(value); | |
5490 | + else if(!strcmp(keyword,"S")) | |
5491 | + { | |
5492 | + EVP_MD_CTX mctx; | |
5493 | + EVP_PKEY pk; | |
5494 | + unsigned char sigbuf[60]; | |
5495 | + unsigned int slen; | |
5496 | + int r; | |
5497 | + EVP_MD_CTX_init(&mctx); | |
5498 | + pk.type = EVP_PKEY_DSA; | |
5499 | + pk.pkey.dsa = dsa; | |
5500 | + sig->s=hex2bn(value); | |
5501 | + | |
5502 | + pbn("Y",dsa->pub_key); | |
5503 | + pbn("R",sig->r); | |
5504 | + pbn("S",sig->s); | |
5505 | + | |
5506 | + slen = FIPS_dsa_sig_encode(sigbuf, sig); | |
5507 | + EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL); | |
5508 | + EVP_VerifyUpdate(&mctx, msg, n); | |
5509 | + r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk); | |
5510 | + EVP_MD_CTX_cleanup(&mctx); | |
5511 | + | |
5512 | + printf("Result = %c\n", r == 1 ? 'P' : 'F'); | |
5513 | + putc('\n',stdout); | |
5514 | + } | |
5515 | + } | |
5516 | + } | |
5517 | + | |
5518 | +int main(int argc,char **argv) | |
5519 | + { | |
5520 | + if(argc != 2) | |
5521 | + { | |
5522 | + fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]); | |
5523 | + exit(1); | |
5524 | + } | |
5525 | + if(!FIPS_mode_set(1)) | |
5526 | + { | |
5527 | + do_print_errors(); | |
5528 | + exit(1); | |
5529 | + } | |
5530 | + if(!strcmp(argv[1],"prime")) | |
5531 | + primes(); | |
5532 | + else if(!strcmp(argv[1],"pqg")) | |
5533 | + pqg(); | |
5534 | + else if(!strcmp(argv[1],"pqgver")) | |
5535 | + pqgver(); | |
5536 | + else if(!strcmp(argv[1],"keypair")) | |
5537 | + keypair(); | |
5538 | + else if(!strcmp(argv[1],"keyver")) | |
5539 | + keyver(); | |
5540 | + else if(!strcmp(argv[1],"siggen")) | |
5541 | + siggen(); | |
5542 | + else if(!strcmp(argv[1],"sigver")) | |
5543 | + sigver(); | |
5544 | + else | |
5545 | + { | |
5546 | + fprintf(stderr,"Don't know how to %s.\n",argv[1]); | |
5547 | + exit(1); | |
5548 | + } | |
5549 | + | |
5550 | + return 0; | |
5551 | + } | |
5552 | + | |
5553 | +#endif | |
a7ff9508 MT |
5554 | diff -up openssl-1.0.1b/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_gcmtest.c |
5555 | --- openssl-1.0.1b/crypto/fips/cavs/fips_gcmtest.c.fips 2012-04-26 18:00:51.399769276 +0200 | |
5556 | +++ openssl-1.0.1b/crypto/fips/cavs/fips_gcmtest.c 2012-04-26 18:00:51.399769276 +0200 | |
0595faf5 MT |
5557 | @@ -0,0 +1,571 @@ |
5558 | +/* fips/aes/fips_gcmtest.c */ | |
5559 | +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
5560 | + * project. | |
5561 | + */ | |
5562 | +/* ==================================================================== | |
5563 | + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | |
5564 | + * | |
5565 | + * Redistribution and use in source and binary forms, with or without | |
5566 | + * modification, are permitted provided that the following conditions | |
5567 | + * are met: | |
5568 | + * | |
5569 | + * 1. Redistributions of source code must retain the above copyright | |
5570 | + * notice, this list of conditions and the following disclaimer. | |
5571 | + * | |
5572 | + * 2. Redistributions in binary form must reproduce the above copyright | |
5573 | + * notice, this list of conditions and the following disclaimer in | |
5574 | + * the documentation and/or other materials provided with the | |
5575 | + * distribution. | |
5576 | + * | |
5577 | + * 3. All advertising materials mentioning features or use of this | |
5578 | + * software must display the following acknowledgment: | |
5579 | + * "This product includes software developed by the OpenSSL Project | |
5580 | + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
5581 | + * | |
5582 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
5583 | + * endorse or promote products derived from this software without | |
5584 | + * prior written permission. For written permission, please contact | |
5585 | + * licensing@OpenSSL.org. | |
5586 | + * | |
5587 | + * 5. Products derived from this software may not be called "OpenSSL" | |
5588 | + * nor may "OpenSSL" appear in their names without prior written | |
5589 | + * permission of the OpenSSL Project. | |
5590 | + * | |
5591 | + * 6. Redistributions of any form whatsoever must retain the following | |
5592 | + * acknowledgment: | |
5593 | + * "This product includes software developed by the OpenSSL Project | |
5594 | + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
5595 | + * | |
5596 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
5597 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
5598 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
5599 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
5600 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
5601 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
5602 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
5603 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
5604 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
5605 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
5606 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
5607 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
5608 | + * ==================================================================== | |
5609 | + */ | |
5610 | + | |
5611 | + | |
5612 | +#define OPENSSL_FIPSAPI | |
5613 | +#include <openssl/opensslconf.h> | |
5614 | + | |
5615 | +#ifndef OPENSSL_FIPS | |
5616 | +#include <stdio.h> | |
5617 | + | |
5618 | +int main(int argc, char **argv) | |
5619 | +{ | |
5620 | + printf("No FIPS GCM support\n"); | |
5621 | + return(0); | |
5622 | +} | |
5623 | +#else | |
5624 | + | |
5625 | +#include <openssl/bn.h> | |
5626 | +#include <openssl/dsa.h> | |
5627 | +#include <openssl/fips.h> | |
5628 | +#include <openssl/err.h> | |
5629 | +#include <openssl/evp.h> | |
5630 | +#include <string.h> | |
5631 | +#include <ctype.h> | |
5632 | + | |
5633 | +#include "fips_utl.h" | |
5634 | + | |
5635 | +static void gcmtest(FILE *in, FILE *out, int encrypt) | |
5636 | + { | |
5637 | + char buf[2048]; | |
5638 | + char lbuf[2048]; | |
5639 | + char *keyword, *value; | |
5640 | + int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1; | |
5641 | + int rv; | |
5642 | + long l; | |
5643 | + unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL; | |
5644 | + unsigned char *ct = NULL, *pt = NULL; | |
5645 | + EVP_CIPHER_CTX ctx; | |
5646 | + const EVP_CIPHER *gcm = NULL; | |
5647 | + FIPS_cipher_ctx_init(&ctx); | |
5648 | + | |
5649 | + while(fgets(buf,sizeof buf,in) != NULL) | |
5650 | + { | |
5651 | + fputs(buf,out); | |
5652 | + if (!parse_line(&keyword, &value, lbuf, buf)) | |
5653 | + continue; | |
5654 | + if(!strcmp(keyword,"[Keylen")) | |
5655 | + { | |
5656 | + keylen = atoi(value); | |
5657 | + if (keylen == 128) | |
5658 | + gcm = EVP_aes_128_gcm(); | |
5659 | + else if (keylen == 192) | |
5660 | + gcm = EVP_aes_192_gcm(); | |
5661 | + else if (keylen == 256) | |
5662 | + gcm = EVP_aes_256_gcm(); | |
5663 | + else | |
5664 | + { | |
5665 | + fprintf(stderr, "Unsupported keylen %d\n", | |
5666 | + keylen); | |
5667 | + } | |
5668 | + keylen >>= 3; | |
5669 | + } | |
5670 | + else if (!strcmp(keyword, "[IVlen")) | |
5671 | + ivlen = atoi(value) >> 3; | |
5672 | + else if (!strcmp(keyword, "[AADlen")) | |
5673 | + aadlen = atoi(value) >> 3; | |
5674 | + else if (!strcmp(keyword, "[Taglen")) | |
5675 | + taglen = atoi(value) >> 3; | |
5676 | + else if (!strcmp(keyword, "[PTlen")) | |
5677 | + ptlen = atoi(value) >> 3; | |
5678 | + else if(!strcmp(keyword,"Key")) | |
5679 | + { | |
5680 | + key = hex2bin_m(value, &l); | |
5681 | + if (l != keylen) | |
5682 | + { | |
5683 | + fprintf(stderr, "Inconsistent Key length\n"); | |
5684 | + exit(1); | |
5685 | + } | |
5686 | + } | |
5687 | + else if(!strcmp(keyword,"IV")) | |
5688 | + { | |
5689 | + iv = hex2bin_m(value, &l); | |
5690 | + if (l != ivlen) | |
5691 | + { | |
5692 | + fprintf(stderr, "Inconsistent IV length\n"); | |
5693 | + exit(1); | |
5694 | + } | |
5695 | + } | |
5696 | + else if(!strcmp(keyword,"PT")) | |
5697 | + { | |
5698 | + pt = hex2bin_m(value, &l); | |
5699 | + if (l != ptlen) | |
5700 | + { | |
5701 | + fprintf(stderr, "Inconsistent PT length\n"); | |
5702 | + exit(1); | |
5703 | + } | |
5704 | + } | |
5705 | + else if(!strcmp(keyword,"CT")) | |
5706 | + { | |
5707 | + ct = hex2bin_m(value, &l); | |
5708 | + if (l != ptlen) | |
5709 | + { | |
5710 | + fprintf(stderr, "Inconsistent CT length\n"); | |
5711 | + exit(1); | |
5712 | + } | |
5713 | + } | |
5714 | + else if(!strcmp(keyword,"AAD")) | |
5715 | + { | |
5716 | + aad = hex2bin_m(value, &l); | |
5717 | + if (l != aadlen) | |
5718 | + { | |
5719 | + fprintf(stderr, "Inconsistent AAD length\n"); | |
5720 | + exit(1); | |
5721 | + } | |
5722 | + } | |
5723 | + else if(!strcmp(keyword,"Tag")) | |
5724 | + { | |
5725 | + tag = hex2bin_m(value, &l); | |
5726 | + if (l != taglen) | |
5727 | + { | |
5728 | + fprintf(stderr, "Inconsistent Tag length\n"); | |
5729 | + exit(1); | |
5730 | + } | |
5731 | + } | |
5732 | + if (encrypt && pt && aad && (iv || encrypt==1)) | |
5733 | + { | |
5734 | + tag = OPENSSL_malloc(taglen); | |
5735 | + FIPS_cipherinit(&ctx, gcm, NULL, NULL, 1); | |
5736 | + /* Relax FIPS constraints for testing */ | |
5737 | + M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW); | |
5738 | + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0); | |
5739 | + if (encrypt == 1) | |
5740 | + { | |
5741 | + static unsigned char iv_fixed[4] = {1,2,3,4}; | |
5742 | + if (!iv) | |
5743 | + iv = OPENSSL_malloc(ivlen); | |
5744 | + FIPS_cipherinit(&ctx, NULL, key, NULL, 1); | |
5745 | + FIPS_cipher_ctx_ctrl(&ctx, | |
5746 | + EVP_CTRL_GCM_SET_IV_FIXED, | |
5747 | + 4, iv_fixed); | |
5748 | + if (!FIPS_cipher_ctx_ctrl(&ctx, | |
5749 | + EVP_CTRL_GCM_IV_GEN, 0, iv)) | |
5750 | + { | |
5751 | + fprintf(stderr, "IV gen error\n"); | |
5752 | + exit(1); | |
5753 | + } | |
5754 | + OutputValue("IV", iv, ivlen, out, 0); | |
5755 | + } | |
5756 | + else | |
5757 | + FIPS_cipherinit(&ctx, NULL, key, iv, 1); | |
5758 | + | |
5759 | + | |
5760 | + if (aadlen) | |
5761 | + FIPS_cipher(&ctx, NULL, aad, aadlen); | |
5762 | + if (ptlen) | |
5763 | + { | |
5764 | + ct = OPENSSL_malloc(ptlen); | |
5765 | + rv = FIPS_cipher(&ctx, ct, pt, ptlen); | |
5766 | + } | |
5767 | + FIPS_cipher(&ctx, NULL, NULL, 0); | |
5768 | + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, | |
5769 | + taglen, tag); | |
5770 | + OutputValue("CT", ct, ptlen, out, 0); | |
5771 | + OutputValue("Tag", tag, taglen, out, 0); | |
5772 | + if (iv) | |
5773 | + OPENSSL_free(iv); | |
5774 | + if (aad) | |
5775 | + OPENSSL_free(aad); | |
5776 | + if (ct) | |
5777 | + OPENSSL_free(ct); | |
5778 | + if (pt) | |
5779 | + OPENSSL_free(pt); | |
5780 | + if (key) | |
5781 | + OPENSSL_free(key); | |
5782 | + if (tag) | |
5783 | + OPENSSL_free(tag); | |
5784 | + iv = aad = ct = pt = key = tag = NULL; | |
5785 | + } | |
5786 | + if (!encrypt && tag) | |
5787 | + { | |
5788 | + FIPS_cipherinit(&ctx, gcm, NULL, NULL, 0); | |
5789 | + /* Relax FIPS constraints for testing */ | |
5790 | + M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW); | |
5791 | + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0); | |
5792 | + FIPS_cipherinit(&ctx, NULL, key, iv, 0); | |
5793 | + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag); | |
5794 | + if (aadlen) | |
5795 | + FIPS_cipher(&ctx, NULL, aad, aadlen); | |
5796 | + if (ptlen) | |
5797 | + { | |
5798 | + pt = OPENSSL_malloc(ptlen); | |
5799 | + rv = FIPS_cipher(&ctx, pt, ct, ptlen); | |
5800 | + } | |
5801 | + rv = FIPS_cipher(&ctx, NULL, NULL, 0); | |
5802 | + if (rv < 0) | |
5803 | + fprintf(out, "FAIL" RESP_EOL); | |
5804 | + else | |
5805 | + OutputValue("PT", pt, ptlen, out, 0); | |
5806 | + if (iv) | |
5807 | + OPENSSL_free(iv); | |
5808 | + if (aad) | |
5809 | + OPENSSL_free(aad); | |
5810 | + if (ct) | |
5811 | + OPENSSL_free(ct); | |
5812 | + if (pt) | |
5813 | + OPENSSL_free(pt); | |
5814 | + if (key) | |
5815 | + OPENSSL_free(key); | |
5816 | + if (tag) | |
5817 | + OPENSSL_free(tag); | |
5818 | + iv = aad = ct = pt = key = tag = NULL; | |
5819 | + } | |
5820 | + } | |
5821 | + FIPS_cipher_ctx_cleanup(&ctx); | |
5822 | + } | |
5823 | + | |
5824 | +static void xtstest(FILE *in, FILE *out) | |
5825 | + { | |
5826 | + char buf[204800]; | |
5827 | + char lbuf[204800]; | |
5828 | + char *keyword, *value; | |
5829 | + int inlen = 0; | |
5830 | + int encrypt = 0; | |
5831 | + long l; | |
5832 | + unsigned char *key = NULL, *iv = NULL; | |
5833 | + unsigned char *inbuf = NULL, *outbuf = NULL; | |
5834 | + EVP_CIPHER_CTX ctx; | |
5835 | + const EVP_CIPHER *xts = NULL; | |
5836 | + FIPS_cipher_ctx_init(&ctx); | |
5837 | + | |
5838 | + while(fgets(buf,sizeof buf,in) != NULL) | |
5839 | + { | |
5840 | + fputs(buf,out); | |
5841 | + if (buf[0] == '[' && strlen(buf) >= 9) | |
5842 | + { | |
5843 | + if(!strncmp(buf,"[ENCRYPT]", 9)) | |
5844 | + encrypt = 1; | |
5845 | + else if(!strncmp(buf,"[DECRYPT]", 9)) | |
5846 | + encrypt = 0; | |
5847 | + } | |
5848 | + if (!parse_line(&keyword, &value, lbuf, buf)) | |
5849 | + continue; | |
5850 | + else if(!strcmp(keyword,"Key")) | |
5851 | + { | |
5852 | + key = hex2bin_m(value, &l); | |
5853 | + if (l == 32) | |
5854 | + xts = EVP_aes_128_xts(); | |
5855 | + else if (l == 64) | |
5856 | + xts = EVP_aes_256_xts(); | |
5857 | + else | |
5858 | + { | |
5859 | + fprintf(stderr, "Inconsistent Key length\n"); | |
5860 | + exit(1); | |
5861 | + } | |
5862 | + } | |
5863 | + else if(!strcmp(keyword,"i")) | |
5864 | + { | |
5865 | + iv = hex2bin_m(value, &l); | |
5866 | + if (l != 16) | |
5867 | + { | |
5868 | + fprintf(stderr, "Inconsistent i length\n"); | |
5869 | + exit(1); | |
5870 | + } | |
5871 | + } | |
5872 | + else if(encrypt && !strcmp(keyword,"PT")) | |
5873 | + { | |
5874 | + inbuf = hex2bin_m(value, &l); | |
5875 | + inlen = l; | |
5876 | + } | |
5877 | + else if(!encrypt && !strcmp(keyword,"CT")) | |
5878 | + { | |
5879 | + inbuf = hex2bin_m(value, &l); | |
5880 | + inlen = l; | |
5881 | + } | |
5882 | + if (inbuf) | |
5883 | + { | |
5884 | + FIPS_cipherinit(&ctx, xts, key, iv, encrypt); | |
5885 | + outbuf = OPENSSL_malloc(inlen); | |
5886 | + FIPS_cipher(&ctx, outbuf, inbuf, inlen); | |
5887 | + OutputValue(encrypt ? "CT":"PT", outbuf, inlen, out, 0); | |
5888 | + OPENSSL_free(inbuf); | |
5889 | + OPENSSL_free(outbuf); | |
5890 | + OPENSSL_free(key); | |
5891 | + OPENSSL_free(iv); | |
5892 | + iv = key = inbuf = outbuf = NULL; | |
5893 | + } | |
5894 | + } | |
5895 | + FIPS_cipher_ctx_cleanup(&ctx); | |
5896 | + } | |
5897 | + | |
5898 | +static void ccmtest(FILE *in, FILE *out) | |
5899 | + { | |
5900 | + char buf[200048]; | |
5901 | + char lbuf[200048]; | |
5902 | + char *keyword, *value; | |
5903 | + long l; | |
5904 | + unsigned char *Key = NULL, *Nonce = NULL; | |
5905 | + unsigned char *Adata = NULL, *Payload = NULL; | |
5906 | + unsigned char *CT = NULL; | |
5907 | + int Plen = -1, Nlen = -1, Tlen = -1, Alen = -1; | |
5908 | + int decr = 0; | |
5909 | + EVP_CIPHER_CTX ctx; | |
5910 | + const EVP_CIPHER *ccm = NULL; | |
5911 | + FIPS_cipher_ctx_init(&ctx); | |
5912 | + | |
5913 | + while(fgets(buf,sizeof buf,in) != NULL) | |
5914 | + { | |
5915 | + char *p; | |
5916 | + fputs(buf,out); | |
5917 | + redo: | |
5918 | + if (!parse_line(&keyword, &value, lbuf, buf)) | |
5919 | + continue; | |
5920 | + | |
5921 | + /* If surrounded by square brackets zap them */ | |
5922 | + if (keyword[0] == '[') | |
5923 | + { | |
5924 | + keyword++; | |
5925 | + p = strchr(value, ']'); | |
5926 | + if (p) | |
5927 | + *p = 0; | |
5928 | + } | |
5929 | + /* See if we have a comma separated list of parameters | |
5930 | + * if so copy rest of line back to buffer and redo later. | |
5931 | + */ | |
5932 | + p = strchr(value, ','); | |
5933 | + if (p) | |
5934 | + { | |
5935 | + *p = 0; | |
5936 | + strcpy(buf, p + 1); | |
5937 | + strcat(buf, "\n"); | |
5938 | + decr = 1; | |
5939 | + } | |
5940 | + if (!strcmp(keyword,"Plen")) | |
5941 | + Plen = atoi(value); | |
5942 | + else if (!strcmp(keyword,"Nlen")) | |
5943 | + Nlen = atoi(value); | |
5944 | + else if (!strcmp(keyword,"Tlen")) | |
5945 | + Tlen = atoi(value); | |
5946 | + else if (!strcmp(keyword,"Alen")) | |
5947 | + Alen = atoi(value); | |
5948 | + if (p) | |
5949 | + goto redo; | |
5950 | + if (!strcmp(keyword,"Key")) | |
5951 | + { | |
5952 | + if (Key) | |
5953 | + OPENSSL_free(Key); | |
5954 | + Key = hex2bin_m(value, &l); | |
5955 | + if (l == 16) | |
5956 | + ccm = EVP_aes_128_ccm(); | |
5957 | + else if (l == 24) | |
5958 | + ccm = EVP_aes_192_ccm(); | |
5959 | + else if (l == 32) | |
5960 | + ccm = EVP_aes_256_ccm(); | |
5961 | + else | |
5962 | + { | |
5963 | + fprintf(stderr, "Inconsistent Key length\n"); | |
5964 | + exit(1); | |
5965 | + } | |
5966 | + } | |
5967 | + else if (!strcmp(keyword,"Nonce")) | |
5968 | + { | |
5969 | + if (Nonce) | |
5970 | + OPENSSL_free(Nonce); | |
5971 | + Nonce = hex2bin_m(value, &l); | |
5972 | + if (l != Nlen) | |
5973 | + { | |
5974 | + fprintf(stderr, "Inconsistent nonce length\n"); | |
5975 | + exit(1); | |
5976 | + } | |
5977 | + } | |
5978 | + else if (!strcmp(keyword,"Payload") && !decr) | |
5979 | + { | |
5980 | + Payload = hex2bin_m(value, &l); | |
5981 | + if (Plen && l != Plen) | |
5982 | + { | |
5983 | + fprintf(stderr, "Inconsistent Payload length\n"); | |
5984 | + exit(1); | |
5985 | + } | |
5986 | + } | |
5987 | + else if (!strcmp(keyword,"Adata")) | |
5988 | + { | |
5989 | + if (Adata) | |
5990 | + OPENSSL_free(Adata); | |
5991 | + Adata = hex2bin_m(value, &l); | |
5992 | + if (Alen && l != Alen) | |
5993 | + { | |
5994 | + fprintf(stderr, "Inconsistent Payload length\n"); | |
5995 | + exit(1); | |
5996 | + } | |
5997 | + } | |
5998 | + else if (!strcmp(keyword,"CT") && decr) | |
5999 | + { | |
6000 | + CT = hex2bin_m(value, &l); | |
6001 | + if (l != (Plen + Tlen)) | |
6002 | + { | |
6003 | + fprintf(stderr, "Inconsistent CT length\n"); | |
6004 | + exit(1); | |
6005 | + } | |
6006 | + } | |
6007 | + if (Payload) | |
6008 | + { | |
6009 | + FIPS_cipherinit(&ctx, ccm, NULL, NULL, 1); | |
6010 | + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0); | |
6011 | + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, Tlen, 0); | |
6012 | + FIPS_cipherinit(&ctx, NULL, Key, Nonce, 1); | |
6013 | + | |
6014 | + FIPS_cipher(&ctx, NULL, NULL, Plen); | |
6015 | + FIPS_cipher(&ctx, NULL, Adata, Alen); | |
6016 | + CT = OPENSSL_malloc(Plen + Tlen); | |
6017 | + FIPS_cipher(&ctx, CT, Payload, Plen); | |
6018 | + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, Tlen, | |
6019 | + CT + Plen); | |
6020 | + OutputValue("CT", CT, Plen + Tlen, out, 0); | |
6021 | + OPENSSL_free(CT); | |
6022 | + OPENSSL_free(Payload); | |
6023 | + CT = Payload = NULL; | |
6024 | + } | |
6025 | + if (CT) | |
6026 | + { | |
6027 | + int rv; | |
6028 | + int len = Plen == 0 ? 1: Plen; | |
6029 | + FIPS_cipherinit(&ctx, ccm, NULL, NULL, 0); | |
6030 | + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0); | |
6031 | + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, | |
6032 | + Tlen, CT + Plen); | |
6033 | + FIPS_cipherinit(&ctx, NULL, Key, Nonce, 0); | |
6034 | + FIPS_cipher(&ctx, NULL, NULL, Plen); | |
6035 | + FIPS_cipher(&ctx, NULL, Adata, Alen); | |
6036 | + Payload = OPENSSL_malloc(len); | |
6037 | + rv = FIPS_cipher(&ctx, Payload, CT, Plen); | |
6038 | + if (rv >= 0) | |
6039 | + { | |
6040 | + if (rv == 0) | |
6041 | + Payload[0] = 0; | |
6042 | + fputs("Result = Pass" RESP_EOL, out); | |
6043 | + OutputValue("Payload", Payload, len, out, 0); | |
6044 | + } | |
6045 | + else | |
6046 | + fputs("Result = Fail" RESP_EOL, out); | |
6047 | + OPENSSL_free(CT); | |
6048 | + OPENSSL_free(Payload); | |
6049 | + CT = Payload = NULL; | |
6050 | + } | |
6051 | + } | |
6052 | + if (Key) | |
6053 | + OPENSSL_free(Key); | |
6054 | + if (Nonce) | |
6055 | + OPENSSL_free(Nonce); | |
6056 | + if (Adata) | |
6057 | + OPENSSL_free(Adata); | |
6058 | + FIPS_cipher_ctx_cleanup(&ctx); | |
6059 | + } | |
6060 | + | |
6061 | +#ifdef FIPS_ALGVS | |
6062 | +int fips_gcmtest_main(int argc, char **argv) | |
6063 | +#else | |
6064 | +int main(int argc, char **argv) | |
6065 | +#endif | |
6066 | + { | |
6067 | + int encrypt; | |
6068 | + int xts = 0, ccm = 0; | |
6069 | + FILE *in, *out; | |
6070 | + if (argc == 4) | |
6071 | + { | |
6072 | + in = fopen(argv[2], "r"); | |
6073 | + if (!in) | |
6074 | + { | |
6075 | + fprintf(stderr, "Error opening input file\n"); | |
6076 | + exit(1); | |
6077 | + } | |
6078 | + out = fopen(argv[3], "w"); | |
6079 | + if (!out) | |
6080 | + { | |
6081 | + fprintf(stderr, "Error opening output file\n"); | |
6082 | + exit(1); | |
6083 | + } | |
6084 | + } | |
6085 | + else if (argc == 2) | |
6086 | + { | |
6087 | + in = stdin; | |
6088 | + out = stdout; | |
6089 | + } | |
6090 | + else | |
6091 | + { | |
6092 | + fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]); | |
6093 | + exit(1); | |
6094 | + } | |
6095 | + fips_algtest_init(); | |
6096 | + if(!strcmp(argv[1],"-encrypt")) | |
6097 | + encrypt = 1; | |
6098 | + else if(!strcmp(argv[1],"-encryptIVext")) | |
6099 | + encrypt = 2; | |
6100 | + else if(!strcmp(argv[1],"-decrypt")) | |
6101 | + encrypt = 0; | |
6102 | + else if(!strcmp(argv[1],"-ccm")) | |
6103 | + ccm = 1; | |
6104 | + else if(!strcmp(argv[1],"-xts")) | |
6105 | + xts = 1; | |
6106 | + else | |
6107 | + { | |
6108 | + fprintf(stderr,"Don't know how to %s.\n",argv[1]); | |
6109 | + exit(1); | |
6110 | + } | |
6111 | + | |
6112 | + if (ccm) | |
6113 | + ccmtest(in, out); | |
6114 | + else if (xts) | |
6115 | + xtstest(in, out); | |
6116 | + else | |
6117 | + gcmtest(in, out, encrypt); | |
6118 | + | |
6119 | + if (argc == 4) | |
6120 | + { | |
6121 | + fclose(in); | |
6122 | + fclose(out); | |
6123 | + } | |
6124 | + | |
6125 | + return 0; | |
6126 | +} | |
6127 | + | |
6128 | +#endif | |
a7ff9508 MT |
6129 | diff -up openssl-1.0.1b/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_rngvs.c |
6130 | --- openssl-1.0.1b/crypto/fips/cavs/fips_rngvs.c.fips 2012-04-26 18:00:51.399769276 +0200 | |
6131 | +++ openssl-1.0.1b/crypto/fips/cavs/fips_rngvs.c 2012-04-26 18:00:51.399769276 +0200 | |
0595faf5 MT |
6132 | @@ -0,0 +1,230 @@ |
6133 | +/* | |
6134 | + * Crude test driver for processing the VST and MCT testvector files | |
6135 | + * generated by the CMVP RNGVS product. | |
6136 | + * | |
6137 | + * Note the input files are assumed to have a _very_ specific format | |
6138 | + * as described in the NIST document "The Random Number Generator | |
6139 | + * Validation System (RNGVS)", May 25, 2004. | |
6140 | + * | |
6141 | + */ | |
6142 | +#include <openssl/opensslconf.h> | |
6143 | + | |
6144 | +#ifndef OPENSSL_FIPS | |
6145 | +#include <stdio.h> | |
6146 | + | |
6147 | +int main(int argc, char **argv) | |
6148 | +{ | |
6149 | + printf("No FIPS RNG support\n"); | |
6150 | + return 0; | |
6151 | +} | |
6152 | +#else | |
6153 | + | |
6154 | +#include <openssl/bn.h> | |
6155 | +#include <openssl/dsa.h> | |
6156 | +#include <openssl/fips.h> | |
6157 | +#include <openssl/err.h> | |
6158 | +#include <openssl/rand.h> | |
6159 | +#include <openssl/fips_rand.h> | |
6160 | +#include <openssl/x509v3.h> | |
6161 | +#include <string.h> | |
6162 | +#include <ctype.h> | |
6163 | + | |
6164 | +#include "fips_utl.h" | |
6165 | + | |
6166 | +void vst() | |
6167 | + { | |
6168 | + unsigned char *key = NULL; | |
6169 | + unsigned char *v = NULL; | |
6170 | + unsigned char *dt = NULL; | |
6171 | + unsigned char ret[16]; | |
6172 | + char buf[1024]; | |
6173 | + char lbuf[1024]; | |
6174 | + char *keyword, *value; | |
6175 | + long i, keylen; | |
6176 | + | |
6177 | + keylen = 0; | |
6178 | + | |
6179 | + while(fgets(buf,sizeof buf,stdin) != NULL) | |
6180 | + { | |
6181 | + fputs(buf,stdout); | |
6182 | + if(!strncmp(buf,"[AES 128-Key]", 13)) | |
6183 | + keylen = 16; | |
6184 | + else if(!strncmp(buf,"[AES 192-Key]", 13)) | |
6185 | + keylen = 24; | |
6186 | + else if(!strncmp(buf,"[AES 256-Key]", 13)) | |
6187 | + keylen = 32; | |
6188 | + if (!parse_line(&keyword, &value, lbuf, buf)) | |
6189 | + continue; | |
6190 | + if(!strcmp(keyword,"Key")) | |
6191 | + { | |
6192 | + key=hex2bin_m(value,&i); | |
6193 | + if (i != keylen) | |
6194 | + { | |
6195 | + fprintf(stderr, "Invalid key length, expecting %ld\n", keylen); | |
6196 | + return; | |
6197 | + } | |
6198 | + } | |
6199 | + else if(!strcmp(keyword,"DT")) | |
6200 | + { | |
6201 | + dt=hex2bin_m(value,&i); | |
6202 | + if (i != 16) | |
6203 | + { | |
6204 | + fprintf(stderr, "Invalid DT length\n"); | |
6205 | + return; | |
6206 | + } | |
6207 | + } | |
6208 | + else if(!strcmp(keyword,"V")) | |
6209 | + { | |
6210 | + v=hex2bin_m(value,&i); | |
6211 | + if (i != 16) | |
6212 | + { | |
6213 | + fprintf(stderr, "Invalid V length\n"); | |
6214 | + return; | |
6215 | + } | |
6216 | + | |
6217 | + if (!key || !dt) | |
6218 | + { | |
6219 | + fprintf(stderr, "Missing key or DT\n"); | |
6220 | + return; | |
6221 | + } | |
6222 | + | |
6223 | + FIPS_x931_set_key(key, keylen); | |
6224 | + FIPS_x931_seed(v,16); | |
6225 | + FIPS_x931_set_dt(dt); | |
6226 | + if (FIPS_x931_bytes(ret,16) <= 0) | |
6227 | + { | |
6228 | + fprintf(stderr, "Error getting PRNG value\n"); | |
6229 | + return; | |
6230 | + } | |
6231 | + | |
6232 | + pv("R",ret,16); | |
6233 | + OPENSSL_free(key); | |
6234 | + key = NULL; | |
6235 | + OPENSSL_free(dt); | |
6236 | + dt = NULL; | |
6237 | + OPENSSL_free(v); | |
6238 | + v = NULL; | |
6239 | + } | |
6240 | + } | |
6241 | + } | |
6242 | + | |
6243 | +void mct() | |
6244 | + { | |
6245 | + unsigned char *key = NULL; | |
6246 | + unsigned char *v = NULL; | |
6247 | + unsigned char *dt = NULL; | |
6248 | + unsigned char ret[16]; | |
6249 | + char buf[1024]; | |
6250 | + char lbuf[1024]; | |
6251 | + char *keyword, *value; | |
6252 | + long i, keylen; | |
6253 | + int j; | |
6254 | + | |
6255 | + keylen = 0; | |
6256 | + | |
6257 | + while(fgets(buf,sizeof buf,stdin) != NULL) | |
6258 | + { | |
6259 | + fputs(buf,stdout); | |
6260 | + if(!strncmp(buf,"[AES 128-Key]", 13)) | |
6261 | + keylen = 16; | |
6262 | + else if(!strncmp(buf,"[AES 192-Key]", 13)) | |
6263 | + keylen = 24; | |
6264 | + else if(!strncmp(buf,"[AES 256-Key]", 13)) | |
6265 | + keylen = 32; | |
6266 | + if (!parse_line(&keyword, &value, lbuf, buf)) | |
6267 | + continue; | |
6268 | + if(!strcmp(keyword,"Key")) | |
6269 | + { | |
6270 | + key=hex2bin_m(value,&i); | |
6271 | + if (i != keylen) | |
6272 | + { | |
6273 | + fprintf(stderr, "Invalid key length, expecting %ld\n", keylen); | |
6274 | + return; | |
6275 | + } | |
6276 | + } | |
6277 | + else if(!strcmp(keyword,"DT")) | |
6278 | + { | |
6279 | + dt=hex2bin_m(value,&i); | |
6280 | + if (i != 16) | |
6281 | + { | |
6282 | + fprintf(stderr, "Invalid DT length\n"); | |
6283 | + return; | |
6284 | + } | |
6285 | + } | |
6286 | + else if(!strcmp(keyword,"V")) | |
6287 | + { | |
6288 | + v=hex2bin_m(value,&i); | |
6289 | + if (i != 16) | |
6290 | + { | |
6291 | + fprintf(stderr, "Invalid V length\n"); | |
6292 | + return; | |
6293 | + } | |
6294 | + | |
6295 | + if (!key || !dt) | |
6296 | + { | |
6297 | + fprintf(stderr, "Missing key or DT\n"); | |
6298 | + return; | |
6299 | + } | |
6300 | + | |
6301 | + FIPS_x931_set_key(key, keylen); | |
6302 | + FIPS_x931_seed(v,16); | |
6303 | + for (i = 0; i < 10000; i++) | |
6304 | + { | |
6305 | + FIPS_x931_set_dt(dt); | |
6306 | + if (FIPS_x931_bytes(ret,16) <= 0) | |
6307 | + { | |
6308 | + fprintf(stderr, "Error getting PRNG value\n"); | |
6309 | + return; | |
6310 | + } | |
6311 | + /* Increment DT */ | |
6312 | + for (j = 15; j >= 0; j--) | |
6313 | + { | |
6314 | + dt[j]++; | |
6315 | + if (dt[j]) | |
6316 | + break; | |
6317 | + } | |
6318 | + } | |
6319 | + | |
6320 | + pv("R",ret,16); | |
6321 | + OPENSSL_free(key); | |
6322 | + key = NULL; | |
6323 | + OPENSSL_free(dt); | |
6324 | + dt = NULL; | |
6325 | + OPENSSL_free(v); | |
6326 | + v = NULL; | |
6327 | + } | |
6328 | + } | |
6329 | + } | |
6330 | + | |
6331 | +int main(int argc,char **argv) | |
6332 | + { | |
6333 | + if(argc != 2) | |
6334 | + { | |
6335 | + fprintf(stderr,"%s [mct|vst]\n",argv[0]); | |
6336 | + exit(1); | |
6337 | + } | |
6338 | + if(!FIPS_mode_set(1)) | |
6339 | + { | |
6340 | + do_print_errors(); | |
6341 | + exit(1); | |
6342 | + } | |
6343 | + FIPS_x931_reset(); | |
6344 | + if (!FIPS_x931_test_mode()) | |
6345 | + { | |
6346 | + fprintf(stderr, "Error setting PRNG test mode\n"); | |
6347 | + do_print_errors(); | |
6348 | + exit(1); | |
6349 | + } | |
6350 | + if(!strcmp(argv[1],"mct")) | |
6351 | + mct(); | |
6352 | + else if(!strcmp(argv[1],"vst")) | |
6353 | + vst(); | |
6354 | + else | |
6355 | + { | |
6356 | + fprintf(stderr,"Don't know how to %s.\n",argv[1]); | |
6357 | + exit(1); | |
6358 | + } | |
6359 | + | |
6360 | + return 0; | |
6361 | + } | |
6362 | +#endif | |
a7ff9508 MT |
6363 | diff -up openssl-1.0.1b/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_rsagtest.c |
6364 | --- openssl-1.0.1b/crypto/fips/cavs/fips_rsagtest.c.fips 2012-04-26 18:00:51.399769276 +0200 | |
6365 | +++ openssl-1.0.1b/crypto/fips/cavs/fips_rsagtest.c 2012-04-26 18:00:51.399769276 +0200 | |
0595faf5 MT |
6366 | @@ -0,0 +1,390 @@ |
6367 | +/* fips_rsagtest.c */ | |
6368 | +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
6369 | + * project 2005. | |
6370 | + */ | |
6371 | +/* ==================================================================== | |
6372 | + * Copyright (c) 2005,2007 The OpenSSL Project. All rights reserved. | |
6373 | + * | |
6374 | + * Redistribution and use in source and binary forms, with or without | |
6375 | + * modification, are permitted provided that the following conditions | |
6376 | + * are met: | |
6377 | + * | |
6378 | + * 1. Redistributions of source code must retain the above copyright | |
6379 | + * notice, this list of conditions and the following disclaimer. | |
6380 | + * | |
6381 | + * 2. Redistributions in binary form must reproduce the above copyright | |
6382 | + * notice, this list of conditions and the following disclaimer in | |
6383 | + * the documentation and/or other materials provided with the | |
6384 | + * distribution. | |
6385 | + * | |
6386 | + * 3. All advertising materials mentioning features or use of this | |
6387 | + * software must display the following acknowledgment: | |
6388 | + * "This product includes software developed by the OpenSSL Project | |
6389 | + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
6390 | + * | |
6391 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
6392 | + * endorse or promote products derived from this software without | |
6393 | + * prior written permission. For written permission, please contact | |
6394 | + * licensing@OpenSSL.org. | |
6395 | + * | |
6396 | + * 5. Products derived from this software may not be called "OpenSSL" | |
6397 | + * nor may "OpenSSL" appear in their names without prior written | |
6398 | + * permission of the OpenSSL Project. | |
6399 | + * | |
6400 | + * 6. Redistributions of any form whatsoever must retain the following | |
6401 | + * acknowledgment: | |
6402 | + * "This product includes software developed by the OpenSSL Project | |
6403 | + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
6404 | + * | |
6405 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
6406 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
6407 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
6408 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
6409 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
6410 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
6411 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
6412 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
6413 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
6414 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
6415 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
6416 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
6417 | + * ==================================================================== | |
6418 | + * | |
6419 | + * This product includes cryptographic software written by Eric Young | |
6420 | + * (eay@cryptsoft.com). This product includes software written by Tim | |
6421 | + * Hudson (tjh@cryptsoft.com). | |
6422 | + * | |
6423 | + */ | |
6424 | + | |
6425 | +#include <stdio.h> | |
6426 | +#include <ctype.h> | |
6427 | +#include <string.h> | |
6428 | +#include <openssl/bio.h> | |
6429 | +#include <openssl/evp.h> | |
6430 | +#include <openssl/hmac.h> | |
6431 | +#include <openssl/err.h> | |
6432 | +#include <openssl/rsa.h> | |
6433 | +#include <openssl/bn.h> | |
6434 | +#include <openssl/x509v3.h> | |
6435 | + | |
6436 | +#ifndef OPENSSL_FIPS | |
6437 | + | |
6438 | +int main(int argc, char *argv[]) | |
6439 | +{ | |
6440 | + printf("No FIPS RSA support\n"); | |
6441 | + return(0); | |
6442 | +} | |
6443 | + | |
6444 | +#else | |
6445 | + | |
6446 | +#include "fips_utl.h" | |
6447 | + | |
6448 | +int rsa_test(FILE *out, FILE *in); | |
6449 | +static int rsa_printkey1(FILE *out, RSA *rsa, | |
6450 | + BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp, | |
6451 | + BIGNUM *e); | |
6452 | +static int rsa_printkey2(FILE *out, RSA *rsa, | |
6453 | + BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq); | |
6454 | + | |
6455 | +int main(int argc, char **argv) | |
6456 | + { | |
6457 | + FILE *in = NULL, *out = NULL; | |
6458 | + | |
6459 | + int ret = 1; | |
6460 | + | |
6461 | + if(!FIPS_mode_set(1)) | |
6462 | + { | |
6463 | + do_print_errors(); | |
6464 | + goto end; | |
6465 | + } | |
6466 | + | |
6467 | + if (argc == 1) | |
6468 | + in = stdin; | |
6469 | + else | |
6470 | + in = fopen(argv[1], "r"); | |
6471 | + | |
6472 | + if (argc < 2) | |
6473 | + out = stdout; | |
6474 | + else | |
6475 | + out = fopen(argv[2], "w"); | |
6476 | + | |
6477 | + if (!in) | |
6478 | + { | |
6479 | + fprintf(stderr, "FATAL input initialization error\n"); | |
6480 | + goto end; | |
6481 | + } | |
6482 | + | |
6483 | + if (!out) | |
6484 | + { | |
6485 | + fprintf(stderr, "FATAL output initialization error\n"); | |
6486 | + goto end; | |
6487 | + } | |
6488 | + | |
6489 | + if (!rsa_test(out, in)) | |
6490 | + { | |
6491 | + fprintf(stderr, "FATAL RSAGTEST file processing error\n"); | |
6492 | + goto end; | |
6493 | + } | |
6494 | + else | |
6495 | + ret = 0; | |
6496 | + | |
6497 | + end: | |
6498 | + | |
6499 | + if (ret) | |
6500 | + do_print_errors(); | |
6501 | + | |
6502 | + if (in && (in != stdin)) | |
6503 | + fclose(in); | |
6504 | + if (out && (out != stdout)) | |
6505 | + fclose(out); | |
6506 | + | |
6507 | + return ret; | |
6508 | + | |
6509 | + } | |
6510 | + | |
6511 | +#define RSA_TEST_MAXLINELEN 10240 | |
6512 | + | |
6513 | +int rsa_test(FILE *out, FILE *in) | |
6514 | + { | |
6515 | + char *linebuf, *olinebuf, *p, *q; | |
6516 | + char *keyword, *value; | |
6517 | + RSA *rsa = NULL; | |
6518 | + BIGNUM *Xp1 = NULL, *Xp2 = NULL, *Xp = NULL; | |
6519 | + BIGNUM *Xq1 = NULL, *Xq2 = NULL, *Xq = NULL; | |
6520 | + BIGNUM *e = NULL; | |
6521 | + int ret = 0; | |
6522 | + int lnum = 0; | |
6523 | + | |
6524 | + olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); | |
6525 | + linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); | |
6526 | + | |
6527 | + if (!linebuf || !olinebuf) | |
6528 | + goto error; | |
6529 | + | |
6530 | + while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in)) | |
6531 | + { | |
6532 | + lnum++; | |
6533 | + strcpy(linebuf, olinebuf); | |
6534 | + keyword = linebuf; | |
6535 | + /* Skip leading space */ | |
6536 | + while (isspace((unsigned char)*keyword)) | |
6537 | + keyword++; | |
6538 | + | |
6539 | + /* Look for = sign */ | |
6540 | + p = strchr(linebuf, '='); | |
6541 | + | |
6542 | + /* If no = or starts with [ (for [foo = bar] line) just copy */ | |
6543 | + if (!p || *keyword=='[') | |
6544 | + { | |
6545 | + if (fputs(olinebuf, out) < 0) | |
6546 | + goto error; | |
6547 | + continue; | |
6548 | + } | |
6549 | + | |
6550 | + q = p - 1; | |
6551 | + | |
6552 | + /* Remove trailing space */ | |
6553 | + while (isspace((unsigned char)*q)) | |
6554 | + *q-- = 0; | |
6555 | + | |
6556 | + *p = 0; | |
6557 | + value = p + 1; | |
6558 | + | |
6559 | + /* Remove leading space from value */ | |
6560 | + while (isspace((unsigned char)*value)) | |
6561 | + value++; | |
6562 | + | |
6563 | + /* Remove trailing space from value */ | |
6564 | + p = value + strlen(value) - 1; | |
6565 | + | |
6566 | + while (*p == '\n' || isspace((unsigned char)*p)) | |
6567 | + *p-- = 0; | |
6568 | + | |
6569 | + if (!strcmp(keyword, "xp1")) | |
6570 | + { | |
6571 | + if (Xp1 || !do_hex2bn(&Xp1,value)) | |
6572 | + goto parse_error; | |
6573 | + } | |
6574 | + else if (!strcmp(keyword, "xp2")) | |
6575 | + { | |
6576 | + if (Xp2 || !do_hex2bn(&Xp2,value)) | |
6577 | + goto parse_error; | |
6578 | + } | |
6579 | + else if (!strcmp(keyword, "Xp")) | |
6580 | + { | |
6581 | + if (Xp || !do_hex2bn(&Xp,value)) | |
6582 | + goto parse_error; | |
6583 | + } | |
6584 | + else if (!strcmp(keyword, "xq1")) | |
6585 | + { | |
6586 | + if (Xq1 || !do_hex2bn(&Xq1,value)) | |
6587 | + goto parse_error; | |
6588 | + } | |
6589 | + else if (!strcmp(keyword, "xq2")) | |
6590 | + { | |
6591 | + if (Xq2 || !do_hex2bn(&Xq2,value)) | |
6592 | + goto parse_error; | |
6593 | + } | |
6594 | + else if (!strcmp(keyword, "Xq")) | |
6595 | + { | |
6596 | + if (Xq || !do_hex2bn(&Xq,value)) | |
6597 | + goto parse_error; | |
6598 | + } | |
6599 | + else if (!strcmp(keyword, "e")) | |
6600 | + { | |
6601 | + if (e || !do_hex2bn(&e,value)) | |
6602 | + goto parse_error; | |
6603 | + } | |
6604 | + else if (!strcmp(keyword, "p1")) | |
6605 | + continue; | |
6606 | + else if (!strcmp(keyword, "p2")) | |
6607 | + continue; | |
6608 | + else if (!strcmp(keyword, "p")) | |
6609 | + continue; | |
6610 | + else if (!strcmp(keyword, "q1")) | |
6611 | + continue; | |
6612 | + else if (!strcmp(keyword, "q2")) | |
6613 | + continue; | |
6614 | + else if (!strcmp(keyword, "q")) | |
6615 | + continue; | |
6616 | + else if (!strcmp(keyword, "n")) | |
6617 | + continue; | |
6618 | + else if (!strcmp(keyword, "d")) | |
6619 | + continue; | |
6620 | + else | |
6621 | + goto parse_error; | |
6622 | + | |
6623 | + fputs(olinebuf, out); | |
6624 | + | |
6625 | + if (e && Xp1 && Xp2 && Xp) | |
6626 | + { | |
6627 | + rsa = FIPS_rsa_new(); | |
6628 | + if (!rsa) | |
6629 | + goto error; | |
6630 | + if (!rsa_printkey1(out, rsa, Xp1, Xp2, Xp, e)) | |
6631 | + goto error; | |
6632 | + BN_free(Xp1); | |
6633 | + Xp1 = NULL; | |
6634 | + BN_free(Xp2); | |
6635 | + Xp2 = NULL; | |
6636 | + BN_free(Xp); | |
6637 | + Xp = NULL; | |
6638 | + BN_free(e); | |
6639 | + e = NULL; | |
6640 | + } | |
6641 | + | |
6642 | + if (rsa && Xq1 && Xq2 && Xq) | |
6643 | + { | |
6644 | + if (!rsa_printkey2(out, rsa, Xq1, Xq2, Xq)) | |
6645 | + goto error; | |
6646 | + BN_free(Xq1); | |
6647 | + Xq1 = NULL; | |
6648 | + BN_free(Xq2); | |
6649 | + Xq2 = NULL; | |
6650 | + BN_free(Xq); | |
6651 | + Xq = NULL; | |
6652 | + FIPS_rsa_free(rsa); | |
6653 | + rsa = NULL; | |
6654 | + } | |
6655 | + } | |
6656 | + | |
6657 | + ret = 1; | |
6658 | + | |
6659 | + error: | |
6660 | + | |
6661 | + if (olinebuf) | |
6662 | + OPENSSL_free(olinebuf); | |
6663 | + if (linebuf) | |
6664 | + OPENSSL_free(linebuf); | |
6665 | + | |
6666 | + if (Xp1) | |
6667 | + BN_free(Xp1); | |
6668 | + if (Xp2) | |
6669 | + BN_free(Xp2); | |
6670 | + if (Xp) | |
6671 | + BN_free(Xp); | |
6672 | + if (Xq1) | |
6673 | + BN_free(Xq1); | |
6674 | + if (Xq1) | |
6675 | + BN_free(Xq1); | |
6676 | + if (Xq2) | |
6677 | + BN_free(Xq2); | |
6678 | + if (Xq) | |
6679 | + BN_free(Xq); | |
6680 | + if (e) | |
6681 | + BN_free(e); | |
6682 | + if (rsa) | |
6683 | + FIPS_rsa_free(rsa); | |
6684 | + | |
6685 | + return ret; | |
6686 | + | |
6687 | + parse_error: | |
6688 | + | |
6689 | + fprintf(stderr, "FATAL parse error processing line %d\n", lnum); | |
6690 | + | |
6691 | + goto error; | |
6692 | + | |
6693 | + } | |
6694 | + | |
6695 | +static int rsa_printkey1(FILE *out, RSA *rsa, | |
6696 | + BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp, | |
6697 | + BIGNUM *e) | |
6698 | + { | |
6699 | + int ret = 0; | |
6700 | + BIGNUM *p1 = NULL, *p2 = NULL; | |
6701 | + p1 = BN_new(); | |
6702 | + p2 = BN_new(); | |
6703 | + if (!p1 || !p2) | |
6704 | + goto error; | |
6705 | + | |
6706 | + if (!RSA_X931_derive_ex(rsa, p1, p2, NULL, NULL, Xp1, Xp2, Xp, | |
6707 | + NULL, NULL, NULL, e, NULL)) | |
6708 | + goto error; | |
6709 | + | |
6710 | + do_bn_print_name(out, "p1", p1); | |
6711 | + do_bn_print_name(out, "p2", p2); | |
6712 | + do_bn_print_name(out, "p", rsa->p); | |
6713 | + | |
6714 | + ret = 1; | |
6715 | + | |
6716 | + error: | |
6717 | + if (p1) | |
6718 | + BN_free(p1); | |
6719 | + if (p2) | |
6720 | + BN_free(p2); | |
6721 | + | |
6722 | + return ret; | |
6723 | + } | |
6724 | + | |
6725 | +static int rsa_printkey2(FILE *out, RSA *rsa, | |
6726 | + BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq) | |
6727 | + { | |
6728 | + int ret = 0; | |
6729 | + BIGNUM *q1 = NULL, *q2 = NULL; | |
6730 | + q1 = BN_new(); | |
6731 | + q2 = BN_new(); | |
6732 | + if (!q1 || !q2) | |
6733 | + goto error; | |
6734 | + | |
6735 | + if (!RSA_X931_derive_ex(rsa, NULL, NULL, q1, q2, NULL, NULL, NULL, | |
6736 | + Xq1, Xq2, Xq, NULL, NULL)) | |
6737 | + goto error; | |
6738 | + | |
6739 | + do_bn_print_name(out, "q1", q1); | |
6740 | + do_bn_print_name(out, "q2", q2); | |
6741 | + do_bn_print_name(out, "q", rsa->q); | |
6742 | + do_bn_print_name(out, "n", rsa->n); | |
6743 | + do_bn_print_name(out, "d", rsa->d); | |
6744 | + | |
6745 | + ret = 1; | |
6746 | + | |
6747 | + error: | |
6748 | + if (q1) | |
6749 | + BN_free(q1); | |
6750 | + if (q2) | |
6751 | + BN_free(q2); | |
6752 | + | |
6753 | + return ret; | |
6754 | + } | |
6755 | + | |
6756 | +#endif | |
a7ff9508 MT |
6757 | diff -up openssl-1.0.1b/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_rsastest.c |
6758 | --- openssl-1.0.1b/crypto/fips/cavs/fips_rsastest.c.fips 2012-04-26 18:00:51.400769298 +0200 | |
6759 | +++ openssl-1.0.1b/crypto/fips/cavs/fips_rsastest.c 2012-04-26 18:00:51.400769298 +0200 | |
0595faf5 MT |
6760 | @@ -0,0 +1,370 @@ |
6761 | +/* fips_rsastest.c */ | |
6762 | +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
6763 | + * project 2005. | |
6764 | + */ | |
6765 | +/* ==================================================================== | |
6766 | + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. | |
6767 | + * | |
6768 | + * Redistribution and use in source and binary forms, with or without | |
6769 | + * modification, are permitted provided that the following conditions | |
6770 | + * are met: | |
6771 | + * | |
6772 | + * 1. Redistributions of source code must retain the above copyright | |
6773 | + * notice, this list of conditions and the following disclaimer. | |
6774 | + * | |
6775 | + * 2. Redistributions in binary form must reproduce the above copyright | |
6776 | + * notice, this list of conditions and the following disclaimer in | |
6777 | + * the documentation and/or other materials provided with the | |
6778 | + * distribution. | |
6779 | + * | |
6780 | + * 3. All advertising materials mentioning features or use of this | |
6781 | + * software must display the following acknowledgment: | |
6782 | + * "This product includes software developed by the OpenSSL Project | |
6783 | + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
6784 | + * | |
6785 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
6786 | + * endorse or promote products derived from this software without | |
6787 | + * prior written permission. For written permission, please contact | |
6788 | + * licensing@OpenSSL.org. | |
6789 | + * | |
6790 | + * 5. Products derived from this software may not be called "OpenSSL" | |
6791 | + * nor may "OpenSSL" appear in their names without prior written | |
6792 | + * permission of the OpenSSL Project. | |
6793 | + * | |
6794 | + * 6. Redistributions of any form whatsoever must retain the following | |
6795 | + * acknowledgment: | |
6796 | + * "This product includes software developed by the OpenSSL Project | |
6797 | + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
6798 | + * | |
6799 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
6800 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
6801 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
6802 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
6803 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
6804 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
6805 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
6806 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
6807 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
6808 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
6809 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
6810 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
6811 | + * ==================================================================== | |
6812 | + * | |
6813 | + * This product includes cryptographic software written by Eric Young | |
6814 | + * (eay@cryptsoft.com). This product includes software written by Tim | |
6815 | + * Hudson (tjh@cryptsoft.com). | |
6816 | + * | |
6817 | + */ | |
6818 | + | |
6819 | +#include <stdio.h> | |
6820 | +#include <ctype.h> | |
6821 | +#include <string.h> | |
6822 | +#include <openssl/bio.h> | |
6823 | +#include <openssl/evp.h> | |
6824 | +#include <openssl/hmac.h> | |
6825 | +#include <openssl/err.h> | |
6826 | +#include <openssl/rsa.h> | |
6827 | +#include <openssl/bn.h> | |
6828 | +#include <openssl/x509v3.h> | |
6829 | + | |
6830 | +#ifndef OPENSSL_FIPS | |
6831 | + | |
6832 | +int main(int argc, char *argv[]) | |
6833 | +{ | |
6834 | + printf("No FIPS RSA support\n"); | |
6835 | + return(0); | |
6836 | +} | |
6837 | + | |
6838 | +#else | |
6839 | + | |
6840 | +#include "fips_utl.h" | |
6841 | + | |
6842 | +static int rsa_stest(FILE *out, FILE *in, int Saltlen); | |
6843 | +static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst, | |
6844 | + unsigned char *Msg, long Msglen, int Saltlen); | |
6845 | + | |
6846 | +int main(int argc, char **argv) | |
6847 | + { | |
6848 | + FILE *in = NULL, *out = NULL; | |
6849 | + | |
6850 | + int ret = 1, Saltlen = -1; | |
6851 | + | |
6852 | + if(!FIPS_mode_set(1)) | |
6853 | + { | |
6854 | + do_print_errors(); | |
6855 | + goto end; | |
6856 | + } | |
6857 | + | |
6858 | + if ((argc > 2) && !strcmp("-saltlen", argv[1])) | |
6859 | + { | |
6860 | + Saltlen = atoi(argv[2]); | |
6861 | + if (Saltlen < 0) | |
6862 | + { | |
6863 | + fprintf(stderr, "FATAL: Invalid salt length\n"); | |
6864 | + goto end; | |
6865 | + } | |
6866 | + argc -= 2; | |
6867 | + argv += 2; | |
6868 | + } | |
6869 | + else if ((argc > 1) && !strcmp("-x931", argv[1])) | |
6870 | + { | |
6871 | + Saltlen = -2; | |
6872 | + argc--; | |
6873 | + argv++; | |
6874 | + } | |
6875 | + | |
6876 | + if (argc == 1) | |
6877 | + in = stdin; | |
6878 | + else | |
6879 | + in = fopen(argv[1], "r"); | |
6880 | + | |
6881 | + if (argc < 2) | |
6882 | + out = stdout; | |
6883 | + else | |
6884 | + out = fopen(argv[2], "w"); | |
6885 | + | |
6886 | + if (!in) | |
6887 | + { | |
6888 | + fprintf(stderr, "FATAL input initialization error\n"); | |
6889 | + goto end; | |
6890 | + } | |
6891 | + | |
6892 | + if (!out) | |
6893 | + { | |
6894 | + fprintf(stderr, "FATAL output initialization error\n"); | |
6895 | + goto end; | |
6896 | + } | |
6897 | + | |
6898 | + if (!rsa_stest(out, in, Saltlen)) | |
6899 | + { | |
6900 | + fprintf(stderr, "FATAL RSASTEST file processing error\n"); | |
6901 | + goto end; | |
6902 | + } | |
6903 | + else | |
6904 | + ret = 0; | |
6905 | + | |
6906 | + end: | |
6907 | + | |
6908 | + if (ret) | |
6909 | + do_print_errors(); | |
6910 | + | |
6911 | + if (in && (in != stdin)) | |
6912 | + fclose(in); | |
6913 | + if (out && (out != stdout)) | |
6914 | + fclose(out); | |
6915 | + | |
6916 | + return ret; | |
6917 | + | |
6918 | + } | |
6919 | + | |
6920 | +#define RSA_TEST_MAXLINELEN 10240 | |
6921 | + | |
6922 | +int rsa_stest(FILE *out, FILE *in, int Saltlen) | |
6923 | + { | |
6924 | + char *linebuf, *olinebuf, *p, *q; | |
6925 | + char *keyword, *value; | |
6926 | + RSA *rsa = NULL; | |
6927 | + const EVP_MD *dgst = NULL; | |
6928 | + unsigned char *Msg = NULL; | |
6929 | + long Msglen = -1; | |
6930 | + int keylen = -1, current_keylen = -1; | |
6931 | + int ret = 0; | |
6932 | + int lnum = 0; | |
6933 | + | |
6934 | + olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); | |
6935 | + linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); | |
6936 | + | |
6937 | + if (!linebuf || !olinebuf) | |
6938 | + goto error; | |
6939 | + | |
6940 | + while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in)) | |
6941 | + { | |
6942 | + lnum++; | |
6943 | + strcpy(linebuf, olinebuf); | |
6944 | + keyword = linebuf; | |
6945 | + /* Skip leading space */ | |
6946 | + while (isspace((unsigned char)*keyword)) | |
6947 | + keyword++; | |
6948 | + | |
6949 | + /* Look for = sign */ | |
6950 | + p = strchr(linebuf, '='); | |
6951 | + | |
6952 | + /* If no = just copy */ | |
6953 | + if (!p) | |
6954 | + { | |
6955 | + if (fputs(olinebuf, out) < 0) | |
6956 | + goto error; | |
6957 | + continue; | |
6958 | + } | |
6959 | + | |
6960 | + q = p - 1; | |
6961 | + | |
6962 | + /* Remove trailing space */ | |
6963 | + while (isspace((unsigned char)*q)) | |
6964 | + *q-- = 0; | |
6965 | + | |
6966 | + *p = 0; | |
6967 | + value = p + 1; | |
6968 | + | |
6969 | + /* Remove leading space from value */ | |
6970 | + while (isspace((unsigned char)*value)) | |
6971 | + value++; | |
6972 | + | |
6973 | + /* Remove trailing space from value */ | |
6974 | + p = value + strlen(value) - 1; | |
6975 | + | |
6976 | + while (*p == '\n' || isspace((unsigned char)*p)) | |
6977 | + *p-- = 0; | |
6978 | + | |
6979 | + /* Look for [mod = XXX] for key length */ | |
6980 | + | |
6981 | + if (!strcmp(keyword, "[mod")) | |
6982 | + { | |
6983 | + p = value + strlen(value) - 1; | |
6984 | + if (*p != ']') | |
6985 | + goto parse_error; | |
6986 | + *p = 0; | |
6987 | + keylen = atoi(value); | |
6988 | + if (keylen < 0) | |
6989 | + goto parse_error; | |
6990 | + } | |
6991 | + else if (!strcmp(keyword, "SHAAlg")) | |
6992 | + { | |
6993 | + if (!strcmp(value, "SHA1")) | |
6994 | + dgst = EVP_sha1(); | |
6995 | + else if (!strcmp(value, "SHA224")) | |
6996 | + dgst = EVP_sha224(); | |
6997 | + else if (!strcmp(value, "SHA256")) | |
6998 | + dgst = EVP_sha256(); | |
6999 | + else if (!strcmp(value, "SHA384")) | |
7000 | + dgst = EVP_sha384(); | |
7001 | + else if (!strcmp(value, "SHA512")) | |
7002 | + dgst = EVP_sha512(); | |
7003 | + else | |
7004 | + { | |
7005 | + fprintf(stderr, | |
7006 | + "FATAL: unsupported algorithm \"%s\"\n", | |
7007 | + value); | |
7008 | + goto parse_error; | |
7009 | + } | |
7010 | + } | |
7011 | + else if (!strcmp(keyword, "Msg")) | |
7012 | + { | |
7013 | + if (Msg) | |
7014 | + goto parse_error; | |
7015 | + if (strlen(value) & 1) | |
7016 | + *(--value) = '0'; | |
7017 | + Msg = hex2bin_m(value, &Msglen); | |
7018 | + if (!Msg) | |
7019 | + goto parse_error; | |
7020 | + } | |
7021 | + | |
7022 | + fputs(olinebuf, out); | |
7023 | + | |
7024 | + /* If key length has changed, generate and output public | |
7025 | + * key components of new RSA private key. | |
7026 | + */ | |
7027 | + | |
7028 | + if (keylen != current_keylen) | |
7029 | + { | |
7030 | + BIGNUM *bn_e; | |
7031 | + if (rsa) | |
7032 | + FIPS_rsa_free(rsa); | |
7033 | + rsa = FIPS_rsa_new(); | |
7034 | + if (!rsa) | |
7035 | + goto error; | |
7036 | + bn_e = BN_new(); | |
7037 | + if (!bn_e || !BN_set_word(bn_e, 0x1001)) | |
7038 | + goto error; | |
7039 | + if (!RSA_X931_generate_key_ex(rsa, keylen, bn_e, NULL)) | |
7040 | + goto error; | |
7041 | + BN_free(bn_e); | |
7042 | + fputs("n = ", out); | |
7043 | + do_bn_print(out, rsa->n); | |
7044 | + fputs("\ne = ", out); | |
7045 | + do_bn_print(out, rsa->e); | |
7046 | + fputs("\n", out); | |
7047 | + current_keylen = keylen; | |
7048 | + } | |
7049 | + | |
7050 | + if (Msg && dgst) | |
7051 | + { | |
7052 | + if (!rsa_printsig(out, rsa, dgst, Msg, Msglen, | |
7053 | + Saltlen)) | |
7054 | + goto error; | |
7055 | + OPENSSL_free(Msg); | |
7056 | + Msg = NULL; | |
7057 | + } | |
7058 | + | |
7059 | + } | |
7060 | + | |
7061 | + ret = 1; | |
7062 | + | |
7063 | + error: | |
7064 | + | |
7065 | + if (olinebuf) | |
7066 | + OPENSSL_free(olinebuf); | |
7067 | + if (linebuf) | |
7068 | + OPENSSL_free(linebuf); | |
7069 | + if (rsa) | |
7070 | + FIPS_rsa_free(rsa); | |
7071 | + | |
7072 | + return ret; | |
7073 | + | |
7074 | + parse_error: | |
7075 | + | |
7076 | + fprintf(stderr, "FATAL parse error processing line %d\n", lnum); | |
7077 | + | |
7078 | + goto error; | |
7079 | + | |
7080 | + } | |
7081 | + | |
7082 | +static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst, | |
7083 | + unsigned char *Msg, long Msglen, int Saltlen) | |
7084 | + { | |
7085 | + int ret = 0; | |
7086 | + unsigned char *sigbuf = NULL; | |
7087 | + int i, siglen; | |
7088 | + /* EVP_PKEY structure */ | |
7089 | + EVP_PKEY pk; | |
7090 | + EVP_MD_CTX ctx; | |
7091 | + pk.type = EVP_PKEY_RSA; | |
7092 | + pk.pkey.rsa = rsa; | |
7093 | + | |
7094 | + siglen = RSA_size(rsa); | |
7095 | + sigbuf = OPENSSL_malloc(siglen); | |
7096 | + if (!sigbuf) | |
7097 | + goto error; | |
7098 | + | |
7099 | + EVP_MD_CTX_init(&ctx); | |
7100 | + | |
7101 | + if (Saltlen >= 0) | |
7102 | + { | |
7103 | + M_EVP_MD_CTX_set_flags(&ctx, | |
7104 | + EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16)); | |
7105 | + } | |
7106 | + else if (Saltlen == -2) | |
7107 | + M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931); | |
7108 | + if (!EVP_SignInit_ex(&ctx, dgst, NULL)) | |
7109 | + goto error; | |
7110 | + if (!EVP_SignUpdate(&ctx, Msg, Msglen)) | |
7111 | + goto error; | |
7112 | + if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, &pk)) | |
7113 | + goto error; | |
7114 | + | |
7115 | + EVP_MD_CTX_cleanup(&ctx); | |
7116 | + | |
7117 | + fputs("S = ", out); | |
7118 | + | |
7119 | + for (i = 0; i < siglen; i++) | |
7120 | + fprintf(out, "%02X", sigbuf[i]); | |
7121 | + | |
7122 | + fputs("\n", out); | |
7123 | + | |
7124 | + ret = 1; | |
7125 | + | |
7126 | + error: | |
7127 | + | |
7128 | + return ret; | |
7129 | + } | |
7130 | +#endif | |
a7ff9508 MT |
7131 | diff -up openssl-1.0.1b/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_rsavtest.c |
7132 | --- openssl-1.0.1b/crypto/fips/cavs/fips_rsavtest.c.fips 2012-04-26 18:00:51.400769298 +0200 | |
7133 | +++ openssl-1.0.1b/crypto/fips/cavs/fips_rsavtest.c 2012-04-26 18:00:51.400769298 +0200 | |
0595faf5 MT |
7134 | @@ -0,0 +1,377 @@ |
7135 | +/* fips_rsavtest.c */ | |
7136 | +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
7137 | + * project 2005. | |
7138 | + */ | |
7139 | +/* ==================================================================== | |
7140 | + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. | |
7141 | + * | |
7142 | + * Redistribution and use in source and binary forms, with or without | |
7143 | + * modification, are permitted provided that the following conditions | |
7144 | + * are met: | |
7145 | + * | |
7146 | + * 1. Redistributions of source code must retain the above copyright | |
7147 | + * notice, this list of conditions and the following disclaimer. | |
7148 | + * | |
7149 | + * 2. Redistributions in binary form must reproduce the above copyright | |
7150 | + * notice, this list of conditions and the following disclaimer in | |
7151 | + * the documentation and/or other materials provided with the | |
7152 | + * distribution. | |
7153 | + * | |
7154 | + * 3. All advertising materials mentioning features or use of this | |
7155 | + * software must display the following acknowledgment: | |
7156 | + * "This product includes software developed by the OpenSSL Project | |
7157 | + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
7158 | + * | |
7159 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
7160 | + * endorse or promote products derived from this software without | |
7161 | + * prior written permission. For written permission, please contact | |
7162 | + * licensing@OpenSSL.org. | |
7163 | + * | |
7164 | + * 5. Products derived from this software may not be called "OpenSSL" | |
7165 | + * nor may "OpenSSL" appear in their names without prior written | |
7166 | + * permission of the OpenSSL Project. | |
7167 | + * | |
7168 | + * 6. Redistributions of any form whatsoever must retain the following | |
7169 | + * acknowledgment: | |
7170 | + * "This product includes software developed by the OpenSSL Project | |
7171 | + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
7172 | + * | |
7173 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
7174 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
7175 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
7176 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
7177 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
7178 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
7179 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
7180 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
7181 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
7182 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
7183 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
7184 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
7185 | + * ==================================================================== | |
7186 | + * | |
7187 | + * This product includes cryptographic software written by Eric Young | |
7188 | + * (eay@cryptsoft.com). This product includes software written by Tim | |
7189 | + * Hudson (tjh@cryptsoft.com). | |
7190 | + * | |
7191 | + */ | |
7192 | + | |
7193 | +#include <stdio.h> | |
7194 | +#include <ctype.h> | |
7195 | +#include <string.h> | |
7196 | +#include <openssl/bio.h> | |
7197 | +#include <openssl/evp.h> | |
7198 | +#include <openssl/hmac.h> | |
7199 | +#include <openssl/err.h> | |
7200 | +#include <openssl/x509v3.h> | |
7201 | +#include <openssl/bn.h> | |
7202 | +#include <openssl/rsa.h> | |
7203 | + | |
7204 | +#ifndef OPENSSL_FIPS | |
7205 | + | |
7206 | +int main(int argc, char *argv[]) | |
7207 | +{ | |
7208 | + printf("No FIPS RSA support\n"); | |
7209 | + return(0); | |
7210 | +} | |
7211 | + | |
7212 | +#else | |
7213 | + | |
7214 | +#include "fips_utl.h" | |
7215 | + | |
7216 | +int rsa_test(FILE *out, FILE *in, int saltlen); | |
7217 | +static int rsa_printver(FILE *out, | |
7218 | + BIGNUM *n, BIGNUM *e, | |
7219 | + const EVP_MD *dgst, | |
7220 | + unsigned char *Msg, long Msglen, | |
7221 | + unsigned char *S, long Slen, int Saltlen); | |
7222 | + | |
7223 | +int main(int argc, char **argv) | |
7224 | + { | |
7225 | + FILE *in = NULL, *out = NULL; | |
7226 | + | |
7227 | + int ret = 1; | |
7228 | + int Saltlen = -1; | |
7229 | + | |
7230 | + if(!FIPS_mode_set(1)) | |
7231 | + { | |
7232 | + do_print_errors(); | |
7233 | + goto end; | |
7234 | + } | |
7235 | + | |
7236 | + if ((argc > 2) && !strcmp("-saltlen", argv[1])) | |
7237 | + { | |
7238 | + Saltlen = atoi(argv[2]); | |
7239 | + if (Saltlen < 0) | |
7240 | + { | |
7241 | + fprintf(stderr, "FATAL: Invalid salt length\n"); | |
7242 | + goto end; | |
7243 | + } | |
7244 | + argc -= 2; | |
7245 | + argv += 2; | |
7246 | + } | |
7247 | + else if ((argc > 1) && !strcmp("-x931", argv[1])) | |
7248 | + { | |
7249 | + Saltlen = -2; | |
7250 | + argc--; | |
7251 | + argv++; | |
7252 | + } | |
7253 | + | |
7254 | + if (argc == 1) | |
7255 | + in = stdin; | |
7256 | + else | |
7257 | + in = fopen(argv[1], "r"); | |
7258 | + | |
7259 | + if (argc < 2) | |
7260 | + out = stdout; | |
7261 | + else | |
7262 | + out = fopen(argv[2], "w"); | |
7263 | + | |
7264 | + if (!in) | |
7265 | + { | |
7266 | + fprintf(stderr, "FATAL input initialization error\n"); | |
7267 | + goto end; | |
7268 | + } | |
7269 | + | |
7270 | + if (!out) | |
7271 | + { | |
7272 | + fprintf(stderr, "FATAL output initialization error\n"); | |
7273 | + goto end; | |
7274 | + } | |
7275 | + | |
7276 | + if (!rsa_test(out, in, Saltlen)) | |
7277 | + { | |
7278 | + fprintf(stderr, "FATAL RSAVTEST file processing error\n"); | |
7279 | + goto end; | |
7280 | + } | |
7281 | + else | |
7282 | + ret = 0; | |
7283 | + | |
7284 | + end: | |
7285 | + | |
7286 | + if (ret) | |
7287 | + do_print_errors(); | |
7288 | + | |
7289 | + if (in && (in != stdin)) | |
7290 | + fclose(in); | |
7291 | + if (out && (out != stdout)) | |
7292 | + fclose(out); | |
7293 | + | |
7294 | + return ret; | |
7295 | + | |
7296 | + } | |
7297 | + | |
7298 | +#define RSA_TEST_MAXLINELEN 10240 | |
7299 | + | |
7300 | +int rsa_test(FILE *out, FILE *in, int Saltlen) | |
7301 | + { | |
7302 | + char *linebuf, *olinebuf, *p, *q; | |
7303 | + char *keyword, *value; | |
7304 | + const EVP_MD *dgst = NULL; | |
7305 | + BIGNUM *n = NULL, *e = NULL; | |
7306 | + unsigned char *Msg = NULL, *S = NULL; | |
7307 | + long Msglen, Slen; | |
7308 | + int ret = 0; | |
7309 | + int lnum = 0; | |
7310 | + | |
7311 | + olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); | |
7312 | + linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); | |
7313 | + | |
7314 | + if (!linebuf || !olinebuf) | |
7315 | + goto error; | |
7316 | + | |
7317 | + while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in)) | |
7318 | + { | |
7319 | + lnum++; | |
7320 | + strcpy(linebuf, olinebuf); | |
7321 | + keyword = linebuf; | |
7322 | + /* Skip leading space */ | |
7323 | + while (isspace((unsigned char)*keyword)) | |
7324 | + keyword++; | |
7325 | + | |
7326 | + /* Look for = sign */ | |
7327 | + p = strchr(linebuf, '='); | |
7328 | + | |
7329 | + /* If no = or starts with [ (for [foo = bar] line) just copy */ | |
7330 | + if (!p || *keyword=='[') | |
7331 | + { | |
7332 | + if (fputs(olinebuf, out) < 0) | |
7333 | + goto error; | |
7334 | + continue; | |
7335 | + } | |
7336 | + | |
7337 | + q = p - 1; | |
7338 | + | |
7339 | + /* Remove trailing space */ | |
7340 | + while (isspace((unsigned char)*q)) | |
7341 | + *q-- = 0; | |
7342 | + | |
7343 | + *p = 0; | |
7344 | + value = p + 1; | |
7345 | + | |
7346 | + /* Remove leading space from value */ | |
7347 | + while (isspace((unsigned char)*value)) | |
7348 | + value++; | |
7349 | + | |
7350 | + /* Remove trailing space from value */ | |
7351 | + p = value + strlen(value) - 1; | |
7352 | + | |
7353 | + while (*p == '\n' || isspace((unsigned char)*p)) | |
7354 | + *p-- = 0; | |
7355 | + | |
7356 | + if (!strcmp(keyword, "n")) | |
7357 | + { | |
7358 | + if (!do_hex2bn(&n,value)) | |
7359 | + goto parse_error; | |
7360 | + } | |
7361 | + else if (!strcmp(keyword, "e")) | |
7362 | + { | |
7363 | + if (!do_hex2bn(&e,value)) | |
7364 | + goto parse_error; | |
7365 | + } | |
7366 | + else if (!strcmp(keyword, "SHAAlg")) | |
7367 | + { | |
7368 | + if (!strcmp(value, "SHA1")) | |
7369 | + dgst = EVP_sha1(); | |
7370 | + else if (!strcmp(value, "SHA224")) | |
7371 | + dgst = EVP_sha224(); | |
7372 | + else if (!strcmp(value, "SHA256")) | |
7373 | + dgst = EVP_sha256(); | |
7374 | + else if (!strcmp(value, "SHA384")) | |
7375 | + dgst = EVP_sha384(); | |
7376 | + else if (!strcmp(value, "SHA512")) | |
7377 | + dgst = EVP_sha512(); | |
7378 | + else | |
7379 | + { | |
7380 | + fprintf(stderr, | |
7381 | + "FATAL: unsupported algorithm \"%s\"\n", | |
7382 | + value); | |
7383 | + goto parse_error; | |
7384 | + } | |
7385 | + } | |
7386 | + else if (!strcmp(keyword, "Msg")) | |
7387 | + { | |
7388 | + if (Msg) | |
7389 | + goto parse_error; | |
7390 | + if (strlen(value) & 1) | |
7391 | + *(--value) = '0'; | |
7392 | + Msg = hex2bin_m(value, &Msglen); | |
7393 | + if (!Msg) | |
7394 | + goto parse_error; | |
7395 | + } | |
7396 | + else if (!strcmp(keyword, "S")) | |
7397 | + { | |
7398 | + if (S) | |
7399 | + goto parse_error; | |
7400 | + if (strlen(value) & 1) | |
7401 | + *(--value) = '0'; | |
7402 | + S = hex2bin_m(value, &Slen); | |
7403 | + if (!S) | |
7404 | + goto parse_error; | |
7405 | + } | |
7406 | + else if (!strcmp(keyword, "Result")) | |
7407 | + continue; | |
7408 | + else | |
7409 | + goto parse_error; | |
7410 | + | |
7411 | + fputs(olinebuf, out); | |
7412 | + | |
7413 | + if (n && e && Msg && S && dgst) | |
7414 | + { | |
7415 | + if (!rsa_printver(out, n, e, dgst, | |
7416 | + Msg, Msglen, S, Slen, Saltlen)) | |
7417 | + goto error; | |
7418 | + OPENSSL_free(Msg); | |
7419 | + Msg = NULL; | |
7420 | + OPENSSL_free(S); | |
7421 | + S = NULL; | |
7422 | + } | |
7423 | + | |
7424 | + } | |
7425 | + | |
7426 | + | |
7427 | + ret = 1; | |
7428 | + | |
7429 | + | |
7430 | + error: | |
7431 | + | |
7432 | + if (olinebuf) | |
7433 | + OPENSSL_free(olinebuf); | |
7434 | + if (linebuf) | |
7435 | + OPENSSL_free(linebuf); | |
7436 | + if (n) | |
7437 | + BN_free(n); | |
7438 | + if (e) | |
7439 | + BN_free(e); | |
7440 | + | |
7441 | + return ret; | |
7442 | + | |
7443 | + parse_error: | |
7444 | + | |
7445 | + fprintf(stderr, "FATAL parse error processing line %d\n", lnum); | |
7446 | + | |
7447 | + goto error; | |
7448 | + | |
7449 | + } | |
7450 | + | |
7451 | +static int rsa_printver(FILE *out, | |
7452 | + BIGNUM *n, BIGNUM *e, | |
7453 | + const EVP_MD *dgst, | |
7454 | + unsigned char *Msg, long Msglen, | |
7455 | + unsigned char *S, long Slen, int Saltlen) | |
7456 | + { | |
7457 | + int ret = 0, r; | |
7458 | + /* Setup RSA and EVP_PKEY structures */ | |
7459 | + RSA *rsa_pubkey = NULL; | |
7460 | + EVP_PKEY pk; | |
7461 | + EVP_MD_CTX ctx; | |
7462 | + unsigned char *buf = NULL; | |
7463 | + rsa_pubkey = FIPS_rsa_new(); | |
7464 | + if (!rsa_pubkey) | |
7465 | + goto error; | |
7466 | + rsa_pubkey->n = BN_dup(n); | |
7467 | + rsa_pubkey->e = BN_dup(e); | |
7468 | + if (!rsa_pubkey->n || !rsa_pubkey->e) | |
7469 | + goto error; | |
7470 | + pk.type = EVP_PKEY_RSA; | |
7471 | + pk.pkey.rsa = rsa_pubkey; | |
7472 | + | |
7473 | + EVP_MD_CTX_init(&ctx); | |
7474 | + | |
7475 | + if (Saltlen >= 0) | |
7476 | + { | |
7477 | + M_EVP_MD_CTX_set_flags(&ctx, | |
7478 | + EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16)); | |
7479 | + } | |
7480 | + else if (Saltlen == -2) | |
7481 | + M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931); | |
7482 | + if (!EVP_VerifyInit_ex(&ctx, dgst, NULL)) | |
7483 | + goto error; | |
7484 | + if (!EVP_VerifyUpdate(&ctx, Msg, Msglen)) | |
7485 | + goto error; | |
7486 | + | |
7487 | + r = EVP_VerifyFinal(&ctx, S, Slen, &pk); | |
7488 | + | |
7489 | + | |
7490 | + EVP_MD_CTX_cleanup(&ctx); | |
7491 | + | |
7492 | + if (r < 0) | |
7493 | + goto error; | |
7494 | + ERR_clear_error(); | |
7495 | + | |
7496 | + if (r == 0) | |
7497 | + fputs("Result = F\n", out); | |
7498 | + else | |
7499 | + fputs("Result = P\n", out); | |
7500 | + | |
7501 | + ret = 1; | |
7502 | + | |
7503 | + error: | |
7504 | + if (rsa_pubkey) | |
7505 | + FIPS_rsa_free(rsa_pubkey); | |
7506 | + if (buf) | |
7507 | + OPENSSL_free(buf); | |
7508 | + | |
7509 | + return ret; | |
7510 | + } | |
7511 | +#endif | |
a7ff9508 MT |
7512 | diff -up openssl-1.0.1b/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_shatest.c |
7513 | --- openssl-1.0.1b/crypto/fips/cavs/fips_shatest.c.fips 2012-04-26 18:00:51.400769298 +0200 | |
7514 | +++ openssl-1.0.1b/crypto/fips/cavs/fips_shatest.c 2012-04-26 18:00:51.400769298 +0200 | |
0595faf5 MT |
7515 | @@ -0,0 +1,388 @@ |
7516 | +/* fips_shatest.c */ | |
7517 | +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
7518 | + * project 2005. | |
7519 | + */ | |
7520 | +/* ==================================================================== | |
7521 | + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. | |
7522 | + * | |
7523 | + * Redistribution and use in source and binary forms, with or without | |
7524 | + * modification, are permitted provided that the following conditions | |
7525 | + * are met: | |
7526 | + * | |
7527 | + * 1. Redistributions of source code must retain the above copyright | |
7528 | + * notice, this list of conditions and the following disclaimer. | |
7529 | + * | |
7530 | + * 2. Redistributions in binary form must reproduce the above copyright | |
7531 | + * notice, this list of conditions and the following disclaimer in | |
7532 | + * the documentation and/or other materials provided with the | |
7533 | + * distribution. | |
7534 | + * | |
7535 | + * 3. All advertising materials mentioning features or use of this | |
7536 | + * software must display the following acknowledgment: | |
7537 | + * "This product includes software developed by the OpenSSL Project | |
7538 | + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
7539 | + * | |
7540 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
7541 | + * endorse or promote products derived from this software without | |
7542 | + * prior written permission. For written permission, please contact | |
7543 | + * licensing@OpenSSL.org. | |
7544 | + * | |
7545 | + * 5. Products derived from this software may not be called "OpenSSL" | |
7546 | + * nor may "OpenSSL" appear in their names without prior written | |
7547 | + * permission of the OpenSSL Project. | |
7548 | + * | |
7549 | + * 6. Redistributions of any form whatsoever must retain the following | |
7550 | + * acknowledgment: | |
7551 | + * "This product includes software developed by the OpenSSL Project | |
7552 | + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
7553 | + * | |
7554 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
7555 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
7556 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
7557 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
7558 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
7559 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
7560 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
7561 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
7562 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
7563 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
7564 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
7565 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
7566 | + * ==================================================================== | |
7567 | + * | |
7568 | + * This product includes cryptographic software written by Eric Young | |
7569 | + * (eay@cryptsoft.com). This product includes software written by Tim | |
7570 | + * Hudson (tjh@cryptsoft.com). | |
7571 | + * | |
7572 | + */ | |
7573 | + | |
7574 | +#include <stdio.h> | |
7575 | +#include <ctype.h> | |
7576 | +#include <string.h> | |
7577 | +#include <openssl/bio.h> | |
7578 | +#include <openssl/evp.h> | |
7579 | +#include <openssl/err.h> | |
7580 | +#include <openssl/bn.h> | |
7581 | +#include <openssl/x509v3.h> | |
7582 | + | |
7583 | +#ifndef OPENSSL_FIPS | |
7584 | + | |
7585 | +int main(int argc, char *argv[]) | |
7586 | +{ | |
7587 | + printf("No FIPS SHAXXX support\n"); | |
7588 | + return(0); | |
7589 | +} | |
7590 | + | |
7591 | +#else | |
7592 | + | |
7593 | +#include "fips_utl.h" | |
7594 | + | |
7595 | +static int dgst_test(FILE *out, FILE *in); | |
7596 | +static int print_dgst(const EVP_MD *md, FILE *out, | |
7597 | + unsigned char *Msg, int Msglen); | |
7598 | +static int print_monte(const EVP_MD *md, FILE *out, | |
7599 | + unsigned char *Seed, int SeedLen); | |
7600 | + | |
7601 | +int main(int argc, char **argv) | |
7602 | + { | |
7603 | + FILE *in = NULL, *out = NULL; | |
7604 | + | |
7605 | + int ret = 1; | |
7606 | + | |
7607 | + if(!FIPS_mode_set(1)) | |
7608 | + { | |
7609 | + do_print_errors(); | |
7610 | + goto end; | |
7611 | + } | |
7612 | + | |
7613 | + if (argc == 1) | |
7614 | + in = stdin; | |
7615 | + else | |
7616 | + in = fopen(argv[1], "r"); | |
7617 | + | |
7618 | + if (argc < 2) | |
7619 | + out = stdout; | |
7620 | + else | |
7621 | + out = fopen(argv[2], "w"); | |
7622 | + | |
7623 | + if (!in) | |
7624 | + { | |
7625 | + fprintf(stderr, "FATAL input initialization error\n"); | |
7626 | + goto end; | |
7627 | + } | |
7628 | + | |
7629 | + if (!out) | |
7630 | + { | |
7631 | + fprintf(stderr, "FATAL output initialization error\n"); | |
7632 | + goto end; | |
7633 | + } | |
7634 | + | |
7635 | + if (!dgst_test(out, in)) | |
7636 | + { | |
7637 | + fprintf(stderr, "FATAL digest file processing error\n"); | |
7638 | + goto end; | |
7639 | + } | |
7640 | + else | |
7641 | + ret = 0; | |
7642 | + | |
7643 | + end: | |
7644 | + | |
7645 | + if (ret) | |
7646 | + do_print_errors(); | |
7647 | + | |
7648 | + if (in && (in != stdin)) | |
7649 | + fclose(in); | |
7650 | + if (out && (out != stdout)) | |
7651 | + fclose(out); | |
7652 | + | |
7653 | + return ret; | |
7654 | + | |
7655 | + } | |
7656 | + | |
7657 | +#define SHA_TEST_MAX_BITS 102400 | |
7658 | +#define SHA_TEST_MAXLINELEN (((SHA_TEST_MAX_BITS >> 3) * 2) + 100) | |
7659 | + | |
7660 | +int dgst_test(FILE *out, FILE *in) | |
7661 | + { | |
7662 | + const EVP_MD *md = NULL; | |
7663 | + char *linebuf, *olinebuf, *p, *q; | |
7664 | + char *keyword, *value; | |
7665 | + unsigned char *Msg = NULL, *Seed = NULL; | |
7666 | + long MsgLen = -1, Len = -1, SeedLen = -1; | |
7667 | + int ret = 0; | |
7668 | + int lnum = 0; | |
7669 | + | |
7670 | + olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN); | |
7671 | + linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN); | |
7672 | + | |
7673 | + if (!linebuf || !olinebuf) | |
7674 | + goto error; | |
7675 | + | |
7676 | + | |
7677 | + while (fgets(olinebuf, SHA_TEST_MAXLINELEN, in)) | |
7678 | + { | |
7679 | + lnum++; | |
7680 | + strcpy(linebuf, olinebuf); | |
7681 | + keyword = linebuf; | |
7682 | + /* Skip leading space */ | |
7683 | + while (isspace((unsigned char)*keyword)) | |
7684 | + keyword++; | |
7685 | + | |
7686 | + /* Look for = sign */ | |
7687 | + p = strchr(linebuf, '='); | |
7688 | + | |
7689 | + /* If no = or starts with [ (for [L=20] line) just copy */ | |
7690 | + if (!p) | |
7691 | + { | |
7692 | + fputs(olinebuf, out); | |
7693 | + continue; | |
7694 | + } | |
7695 | + | |
7696 | + q = p - 1; | |
7697 | + | |
7698 | + /* Remove trailing space */ | |
7699 | + while (isspace((unsigned char)*q)) | |
7700 | + *q-- = 0; | |
7701 | + | |
7702 | + *p = 0; | |
7703 | + value = p + 1; | |
7704 | + | |
7705 | + /* Remove leading space from value */ | |
7706 | + while (isspace((unsigned char)*value)) | |
7707 | + value++; | |
7708 | + | |
7709 | + /* Remove trailing space from value */ | |
7710 | + p = value + strlen(value) - 1; | |
7711 | + while (*p == '\n' || isspace((unsigned char)*p)) | |
7712 | + *p-- = 0; | |
7713 | + | |
7714 | + if (!strcmp(keyword,"[L") && *p==']') | |
7715 | + { | |
7716 | + switch (atoi(value)) | |
7717 | + { | |
7718 | + case 20: md=EVP_sha1(); break; | |
7719 | + case 28: md=EVP_sha224(); break; | |
7720 | + case 32: md=EVP_sha256(); break; | |
7721 | + case 48: md=EVP_sha384(); break; | |
7722 | + case 64: md=EVP_sha512(); break; | |
7723 | + default: goto parse_error; | |
7724 | + } | |
7725 | + } | |
7726 | + else if (!strcmp(keyword, "Len")) | |
7727 | + { | |
7728 | + if (Len != -1) | |
7729 | + goto parse_error; | |
7730 | + Len = atoi(value); | |
7731 | + if (Len < 0) | |
7732 | + goto parse_error; | |
7733 | + /* Only handle multiples of 8 bits */ | |
7734 | + if (Len & 0x7) | |
7735 | + goto parse_error; | |
7736 | + if (Len > SHA_TEST_MAX_BITS) | |
7737 | + goto parse_error; | |
7738 | + MsgLen = Len >> 3; | |
7739 | + } | |
7740 | + | |
7741 | + else if (!strcmp(keyword, "Msg")) | |
7742 | + { | |
7743 | + long tmplen; | |
7744 | + if (strlen(value) & 1) | |
7745 | + *(--value) = '0'; | |
7746 | + if (Msg) | |
7747 | + goto parse_error; | |
7748 | + Msg = hex2bin_m(value, &tmplen); | |
7749 | + if (!Msg) | |
7750 | + goto parse_error; | |
7751 | + } | |
7752 | + else if (!strcmp(keyword, "Seed")) | |
7753 | + { | |
7754 | + if (strlen(value) & 1) | |
7755 | + *(--value) = '0'; | |
7756 | + if (Seed) | |
7757 | + goto parse_error; | |
7758 | + Seed = hex2bin_m(value, &SeedLen); | |
7759 | + if (!Seed) | |
7760 | + goto parse_error; | |
7761 | + } | |
7762 | + else if (!strcmp(keyword, "MD")) | |
7763 | + continue; | |
7764 | + else | |
7765 | + goto parse_error; | |
7766 | + | |
7767 | + fputs(olinebuf, out); | |
7768 | + | |
7769 | + if (md && Msg && (MsgLen >= 0)) | |
7770 | + { | |
7771 | + if (!print_dgst(md, out, Msg, MsgLen)) | |
7772 | + goto error; | |
7773 | + OPENSSL_free(Msg); | |
7774 | + Msg = NULL; | |
7775 | + MsgLen = -1; | |
7776 | + Len = -1; | |
7777 | + } | |
7778 | + else if (md && Seed && (SeedLen > 0)) | |
7779 | + { | |
7780 | + if (!print_monte(md, out, Seed, SeedLen)) | |
7781 | + goto error; | |
7782 | + OPENSSL_free(Seed); | |
7783 | + Seed = NULL; | |
7784 | + SeedLen = -1; | |
7785 | + } | |
7786 | + | |
7787 | + | |
7788 | + } | |
7789 | + | |
7790 | + | |
7791 | + ret = 1; | |
7792 | + | |
7793 | + | |
7794 | + error: | |
7795 | + | |
7796 | + if (olinebuf) | |
7797 | + OPENSSL_free(olinebuf); | |
7798 | + if (linebuf) | |
7799 | + OPENSSL_free(linebuf); | |
7800 | + if (Msg) | |
7801 | + OPENSSL_free(Msg); | |
7802 | + if (Seed) | |
7803 | + OPENSSL_free(Seed); | |
7804 | + | |
7805 | + return ret; | |
7806 | + | |
7807 | + parse_error: | |
7808 | + | |
7809 | + fprintf(stderr, "FATAL parse error processing line %d\n", lnum); | |
7810 | + | |
7811 | + goto error; | |
7812 | + | |
7813 | + } | |
7814 | + | |
7815 | +static int print_dgst(const EVP_MD *emd, FILE *out, | |
7816 | + unsigned char *Msg, int Msglen) | |
7817 | + { | |
7818 | + int i, mdlen; | |
7819 | + unsigned char md[EVP_MAX_MD_SIZE]; | |
7820 | + if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL)) | |
7821 | + { | |
7822 | + fputs("Error calculating HASH\n", stderr); | |
7823 | + return 0; | |
7824 | + } | |
7825 | + fputs("MD = ", out); | |
7826 | + for (i = 0; i < mdlen; i++) | |
7827 | + fprintf(out, "%02x", md[i]); | |
7828 | + fputs("\n", out); | |
7829 | + return 1; | |
7830 | + } | |
7831 | + | |
7832 | +static int print_monte(const EVP_MD *md, FILE *out, | |
7833 | + unsigned char *Seed, int SeedLen) | |
7834 | + { | |
7835 | + unsigned int i, j, k; | |
7836 | + int ret = 0; | |
7837 | + EVP_MD_CTX ctx; | |
7838 | + unsigned char *m1, *m2, *m3, *p; | |
7839 | + unsigned int mlen, m1len, m2len, m3len; | |
7840 | + | |
7841 | + EVP_MD_CTX_init(&ctx); | |
7842 | + | |
7843 | + if (SeedLen > EVP_MAX_MD_SIZE) | |
7844 | + mlen = SeedLen; | |
7845 | + else | |
7846 | + mlen = EVP_MAX_MD_SIZE; | |
7847 | + | |
7848 | + m1 = OPENSSL_malloc(mlen); | |
7849 | + m2 = OPENSSL_malloc(mlen); | |
7850 | + m3 = OPENSSL_malloc(mlen); | |
7851 | + | |
7852 | + if (!m1 || !m2 || !m3) | |
7853 | + goto mc_error; | |
7854 | + | |
7855 | + m1len = m2len = m3len = SeedLen; | |
7856 | + memcpy(m1, Seed, SeedLen); | |
7857 | + memcpy(m2, Seed, SeedLen); | |
7858 | + memcpy(m3, Seed, SeedLen); | |
7859 | + | |
7860 | + fputs("\n", out); | |
7861 | + | |
7862 | + for (j = 0; j < 100; j++) | |
7863 | + { | |
7864 | + for (i = 0; i < 1000; i++) | |
7865 | + { | |
7866 | + EVP_DigestInit_ex(&ctx, md, NULL); | |
7867 | + EVP_DigestUpdate(&ctx, m1, m1len); | |
7868 | + EVP_DigestUpdate(&ctx, m2, m2len); | |
7869 | + EVP_DigestUpdate(&ctx, m3, m3len); | |
7870 | + p = m1; | |
7871 | + m1 = m2; | |
7872 | + m1len = m2len; | |
7873 | + m2 = m3; | |
7874 | + m2len = m3len; | |
7875 | + m3 = p; | |
7876 | + EVP_DigestFinal_ex(&ctx, m3, &m3len); | |
7877 | + } | |
7878 | + fprintf(out, "COUNT = %d\n", j); | |
7879 | + fputs("MD = ", out); | |
7880 | + for (k = 0; k < m3len; k++) | |
7881 | + fprintf(out, "%02x", m3[k]); | |
7882 | + fputs("\n\n", out); | |
7883 | + memcpy(m1, m3, m3len); | |
7884 | + memcpy(m2, m3, m3len); | |
7885 | + m1len = m2len = m3len; | |
7886 | + } | |
7887 | + | |
7888 | + ret = 1; | |
7889 | + | |
7890 | + mc_error: | |
7891 | + if (m1) | |
7892 | + OPENSSL_free(m1); | |
7893 | + if (m2) | |
7894 | + OPENSSL_free(m2); | |
7895 | + if (m3) | |
7896 | + OPENSSL_free(m3); | |
7897 | + | |
7898 | + EVP_MD_CTX_cleanup(&ctx); | |
7899 | + | |
7900 | + return ret; | |
7901 | + } | |
7902 | + | |
7903 | +#endif | |
a7ff9508 MT |
7904 | diff -up openssl-1.0.1b/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1b/crypto/fips/cavs/fips_utl.h |
7905 | --- openssl-1.0.1b/crypto/fips/cavs/fips_utl.h.fips 2012-04-26 18:00:51.400769298 +0200 | |
7906 | +++ openssl-1.0.1b/crypto/fips/cavs/fips_utl.h 2012-04-26 18:00:51.400769298 +0200 | |
0595faf5 MT |
7907 | @@ -0,0 +1,343 @@ |
7908 | +/* ==================================================================== | |
7909 | + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. | |
7910 | + * | |
7911 | + * Redistribution and use in source and binary forms, with or without | |
7912 | + * modification, are permitted provided that the following conditions | |
7913 | + * are met: | |
7914 | + * | |
7915 | + * 1. Redistributions of source code must retain the above copyright | |
7916 | + * notice, this list of conditions and the following disclaimer. | |
7917 | + * | |
7918 | + * 2. Redistributions in binary form must reproduce the above copyright | |
7919 | + * notice, this list of conditions and the following disclaimer in | |
7920 | + * the documentation and/or other materials provided with the | |
7921 | + * distribution. | |
7922 | + * | |
7923 | + * 3. All advertising materials mentioning features or use of this | |
7924 | + * software must display the following acknowledgment: | |
7925 | + * "This product includes software developed by the OpenSSL Project | |
7926 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
7927 | + * | |
7928 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
7929 | + * endorse or promote products derived from this software without | |
7930 | + * prior written permission. For written permission, please contact | |
7931 | + * openssl-core@openssl.org. | |
7932 | + * | |
7933 | + * 5. Products derived from this software may not be called "OpenSSL" | |
7934 | + * nor may "OpenSSL" appear in their names without prior written | |
7935 | + * permission of the OpenSSL Project. | |
7936 | + * | |
7937 | + * 6. Redistributions of any form whatsoever must retain the following | |
7938 | + * acknowledgment: | |
7939 | + * "This product includes software developed by the OpenSSL Project | |
7940 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
7941 | + * | |
7942 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
7943 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
7944 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
7945 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
7946 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
7947 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
7948 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
7949 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
7950 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
7951 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
7952 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
7953 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
7954 | + * | |
7955 | + */ | |
7956 | + | |
7957 | +void do_print_errors(void) | |
7958 | + { | |
7959 | + const char *file, *data; | |
7960 | + int line, flags; | |
7961 | + unsigned long l; | |
7962 | + while ((l = ERR_get_error_line_data(&file, &line, &data, &flags))) | |
7963 | + { | |
7964 | + fprintf(stderr, "ERROR:%lx:lib=%d,func=%d,reason=%d" | |
7965 | + ":file=%s:line=%d:%s\n", | |
7966 | + l, ERR_GET_LIB(l), ERR_GET_FUNC(l), ERR_GET_REASON(l), | |
7967 | + file, line, flags & ERR_TXT_STRING ? data : ""); | |
7968 | + } | |
7969 | + } | |
7970 | + | |
7971 | +int hex2bin(const char *in, unsigned char *out) | |
7972 | + { | |
7973 | + int n1, n2; | |
7974 | + unsigned char ch; | |
7975 | + | |
7976 | + for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; ) | |
7977 | + { /* first byte */ | |
7978 | + if ((in[n1] >= '0') && (in[n1] <= '9')) | |
7979 | + ch = in[n1++] - '0'; | |
7980 | + else if ((in[n1] >= 'A') && (in[n1] <= 'F')) | |
7981 | + ch = in[n1++] - 'A' + 10; | |
7982 | + else if ((in[n1] >= 'a') && (in[n1] <= 'f')) | |
7983 | + ch = in[n1++] - 'a' + 10; | |
7984 | + else | |
7985 | + return -1; | |
7986 | + if(!in[n1]) | |
7987 | + { | |
7988 | + out[n2++]=ch; | |
7989 | + break; | |
7990 | + } | |
7991 | + out[n2] = ch << 4; | |
7992 | + /* second byte */ | |
7993 | + if ((in[n1] >= '0') && (in[n1] <= '9')) | |
7994 | + ch = in[n1++] - '0'; | |
7995 | + else if ((in[n1] >= 'A') && (in[n1] <= 'F')) | |
7996 | + ch = in[n1++] - 'A' + 10; | |
7997 | + else if ((in[n1] >= 'a') && (in[n1] <= 'f')) | |
7998 | + ch = in[n1++] - 'a' + 10; | |
7999 | + else | |
8000 | + return -1; | |
8001 | + out[n2++] |= ch; | |
8002 | + } | |
8003 | + return n2; | |
8004 | + } | |
8005 | + | |
8006 | +unsigned char *hex2bin_m(const char *in, long *plen) | |
8007 | + { | |
8008 | + unsigned char *p; | |
8009 | + p = OPENSSL_malloc((strlen(in) + 1)/2); | |
8010 | + *plen = hex2bin(in, p); | |
8011 | + return p; | |
8012 | + } | |
8013 | + | |
8014 | +int do_hex2bn(BIGNUM **pr, const char *in) | |
8015 | + { | |
8016 | + unsigned char *p; | |
8017 | + long plen; | |
8018 | + int r = 0; | |
8019 | + p = hex2bin_m(in, &plen); | |
8020 | + if (!p) | |
8021 | + return 0; | |
8022 | + if (!*pr) | |
8023 | + *pr = BN_new(); | |
8024 | + if (!*pr) | |
8025 | + return 0; | |
8026 | + if (BN_bin2bn(p, plen, *pr)) | |
8027 | + r = 1; | |
8028 | + OPENSSL_free(p); | |
8029 | + return r; | |
8030 | + } | |
8031 | + | |
8032 | +int do_bn_print(FILE *out, BIGNUM *bn) | |
8033 | + { | |
8034 | + int len, i; | |
8035 | + unsigned char *tmp; | |
8036 | + len = BN_num_bytes(bn); | |
8037 | + if (len == 0) | |
8038 | + { | |
8039 | + fputs("00", out); | |
8040 | + return 1; | |
8041 | + } | |
8042 | + | |
8043 | + tmp = OPENSSL_malloc(len); | |
8044 | + if (!tmp) | |
8045 | + { | |
8046 | + fprintf(stderr, "Memory allocation error\n"); | |
8047 | + return 0; | |
8048 | + } | |
8049 | + BN_bn2bin(bn, tmp); | |
8050 | + for (i = 0; i < len; i++) | |
8051 | + fprintf(out, "%02x", tmp[i]); | |
8052 | + OPENSSL_free(tmp); | |
8053 | + return 1; | |
8054 | + } | |
8055 | + | |
8056 | +int do_bn_print_name(FILE *out, const char *name, BIGNUM *bn) | |
8057 | + { | |
8058 | + int r; | |
8059 | + fprintf(out, "%s = ", name); | |
8060 | + r = do_bn_print(out, bn); | |
8061 | + if (!r) | |
8062 | + return 0; | |
8063 | + fputs("\n", out); | |
8064 | + return 1; | |
8065 | + } | |
8066 | + | |
8067 | +int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf) | |
8068 | + { | |
8069 | + char *keyword, *value, *p, *q; | |
8070 | + strcpy(linebuf, olinebuf); | |
8071 | + keyword = linebuf; | |
8072 | + /* Skip leading space */ | |
8073 | + while (isspace((unsigned char)*keyword)) | |
8074 | + keyword++; | |
8075 | + | |
8076 | + /* Look for = sign */ | |
8077 | + p = strchr(linebuf, '='); | |
8078 | + | |
8079 | + /* If no '=' exit */ | |
8080 | + if (!p) | |
8081 | + return 0; | |
8082 | + | |
8083 | + q = p - 1; | |
8084 | + | |
8085 | + /* Remove trailing space */ | |
8086 | + while (isspace((unsigned char)*q)) | |
8087 | + *q-- = 0; | |
8088 | + | |
8089 | + *p = 0; | |
8090 | + value = p + 1; | |
8091 | + | |
8092 | + /* Remove leading space from value */ | |
8093 | + while (isspace((unsigned char)*value)) | |
8094 | + value++; | |
8095 | + | |
8096 | + /* Remove trailing space from value */ | |
8097 | + p = value + strlen(value) - 1; | |
8098 | + | |
8099 | + while (*p == '\n' || isspace((unsigned char)*p)) | |
8100 | + *p-- = 0; | |
8101 | + | |
8102 | + *pkw = keyword; | |
8103 | + *pval = value; | |
8104 | + return 1; | |
8105 | + } | |
8106 | + | |
8107 | +BIGNUM *hex2bn(const char *in) | |
8108 | + { | |
8109 | + BIGNUM *p=NULL; | |
8110 | + | |
8111 | + if (!do_hex2bn(&p, in)) | |
8112 | + return NULL; | |
8113 | + | |
8114 | + return p; | |
8115 | + } | |
8116 | + | |
8117 | +int bin2hex(const unsigned char *in,int len,char *out) | |
8118 | + { | |
8119 | + int n1, n2; | |
8120 | + unsigned char ch; | |
8121 | + | |
8122 | + for (n1=0,n2=0 ; n1 < len ; ++n1) | |
8123 | + { | |
8124 | + ch=in[n1] >> 4; | |
8125 | + if (ch <= 0x09) | |
8126 | + out[n2++]=ch+'0'; | |
8127 | + else | |
8128 | + out[n2++]=ch-10+'a'; | |
8129 | + ch=in[n1] & 0x0f; | |
8130 | + if(ch <= 0x09) | |
8131 | + out[n2++]=ch+'0'; | |
8132 | + else | |
8133 | + out[n2++]=ch-10+'a'; | |
8134 | + } | |
8135 | + out[n2]='\0'; | |
8136 | + return n2; | |
8137 | + } | |
8138 | + | |
8139 | +void pv(const char *tag,const unsigned char *val,int len) | |
8140 | + { | |
8141 | + char obuf[2048]; | |
8142 | + | |
8143 | + bin2hex(val,len,obuf); | |
8144 | + printf("%s = %s\n",tag,obuf); | |
8145 | + } | |
8146 | + | |
8147 | +/* To avoid extensive changes to test program at this stage just convert | |
8148 | + * the input line into an acceptable form. Keyword lines converted to form | |
8149 | + * "keyword = value\n" no matter what white space present, all other lines | |
8150 | + * just have leading and trailing space removed. | |
8151 | + */ | |
8152 | + | |
8153 | +int tidy_line(char *linebuf, char *olinebuf) | |
8154 | + { | |
8155 | + char *keyword, *value, *p, *q; | |
8156 | + strcpy(linebuf, olinebuf); | |
8157 | + keyword = linebuf; | |
8158 | + /* Skip leading space */ | |
8159 | + while (isspace((unsigned char)*keyword)) | |
8160 | + keyword++; | |
8161 | + /* Look for = sign */ | |
8162 | + p = strchr(linebuf, '='); | |
8163 | + | |
8164 | + /* If no '=' just chop leading, trailing ws */ | |
8165 | + if (!p) | |
8166 | + { | |
8167 | + p = keyword + strlen(keyword) - 1; | |
8168 | + while (*p == '\n' || isspace((unsigned char)*p)) | |
8169 | + *p-- = 0; | |
8170 | + strcpy(olinebuf, keyword); | |
8171 | + strcat(olinebuf, "\n"); | |
8172 | + return 1; | |
8173 | + } | |
8174 | + | |
8175 | + q = p - 1; | |
8176 | + | |
8177 | + /* Remove trailing space */ | |
8178 | + while (isspace((unsigned char)*q)) | |
8179 | + *q-- = 0; | |
8180 | + | |
8181 | + *p = 0; | |
8182 | + value = p + 1; | |
8183 | + | |
8184 | + /* Remove leading space from value */ | |
8185 | + while (isspace((unsigned char)*value)) | |
8186 | + value++; | |
8187 | + | |
8188 | + /* Remove trailing space from value */ | |
8189 | + p = value + strlen(value) - 1; | |
8190 | + | |
8191 | + while (*p == '\n' || isspace((unsigned char)*p)) | |
8192 | + *p-- = 0; | |
8193 | + | |
8194 | + strcpy(olinebuf, keyword); | |
8195 | + strcat(olinebuf, " = "); | |
8196 | + strcat(olinebuf, value); | |
8197 | + strcat(olinebuf, "\n"); | |
8198 | + | |
8199 | + return 1; | |
8200 | + } | |
8201 | + | |
8202 | +/* NB: this return the number of _bits_ read */ | |
8203 | +int bint2bin(const char *in, int len, unsigned char *out) | |
8204 | + { | |
8205 | + int n; | |
8206 | + | |
8207 | + memset(out,0,len); | |
8208 | + for(n=0 ; n < len ; ++n) | |
8209 | + if(in[n] == '1') | |
8210 | + out[n/8]|=(0x80 >> (n%8)); | |
8211 | + return len; | |
8212 | + } | |
8213 | + | |
8214 | +int bin2bint(const unsigned char *in,int len,char *out) | |
8215 | + { | |
8216 | + int n; | |
8217 | + | |
8218 | + for(n=0 ; n < len ; ++n) | |
8219 | + out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0'; | |
8220 | + return n; | |
8221 | + } | |
8222 | + | |
8223 | +/*-----------------------------------------------*/ | |
8224 | + | |
8225 | +void PrintValue(char *tag, unsigned char *val, int len) | |
8226 | +{ | |
8227 | +#if VERBOSE | |
8228 | + char obuf[2048]; | |
8229 | + int olen; | |
8230 | + olen = bin2hex(val, len, obuf); | |
8231 | + printf("%s = %.*s\n", tag, olen, obuf); | |
8232 | +#endif | |
8233 | +} | |
8234 | + | |
8235 | +void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode) | |
8236 | + { | |
8237 | + char obuf[2048]; | |
8238 | + int olen; | |
8239 | + | |
8240 | + if(bitmode) | |
8241 | + olen=bin2bint(val,len,obuf); | |
8242 | + else | |
8243 | + olen=bin2hex(val,len,obuf); | |
8244 | + | |
8245 | + fprintf(rfp, "%s = %.*s\n", tag, olen, obuf); | |
8246 | +#if VERBOSE | |
8247 | + printf("%s = %.*s\n", tag, olen, obuf); | |
8248 | +#endif | |
8249 | + } | |
8250 | + | |
a7ff9508 MT |
8251 | diff -up openssl-1.0.1b/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_aes_selftest.c |
8252 | --- openssl-1.0.1b/crypto/fips/fips_aes_selftest.c.fips 2012-04-26 18:00:51.401769321 +0200 | |
8253 | +++ openssl-1.0.1b/crypto/fips/fips_aes_selftest.c 2012-04-26 18:00:51.401769321 +0200 | |
0595faf5 MT |
8254 | @@ -0,0 +1,359 @@ |
8255 | +/* ==================================================================== | |
8256 | + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. | |
8257 | + * | |
8258 | + * Redistribution and use in source and binary forms, with or without | |
8259 | + * modification, are permitted provided that the following conditions | |
8260 | + * are met: | |
8261 | + * | |
8262 | + * 1. Redistributions of source code must retain the above copyright | |
8263 | + * notice, this list of conditions and the following disclaimer. | |
8264 | + * | |
8265 | + * 2. Redistributions in binary form must reproduce the above copyright | |
8266 | + * notice, this list of conditions and the following disclaimer in | |
8267 | + * the documentation and/or other materials provided with the | |
8268 | + * distribution. | |
8269 | + * | |
8270 | + * 3. All advertising materials mentioning features or use of this | |
8271 | + * software must display the following acknowledgment: | |
8272 | + * "This product includes software developed by the OpenSSL Project | |
8273 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
8274 | + * | |
8275 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
8276 | + * endorse or promote products derived from this software without | |
8277 | + * prior written permission. For written permission, please contact | |
8278 | + * openssl-core@openssl.org. | |
8279 | + * | |
8280 | + * 5. Products derived from this software may not be called "OpenSSL" | |
8281 | + * nor may "OpenSSL" appear in their names without prior written | |
8282 | + * permission of the OpenSSL Project. | |
8283 | + * | |
8284 | + * 6. Redistributions of any form whatsoever must retain the following | |
8285 | + * acknowledgment: | |
8286 | + * "This product includes software developed by the OpenSSL Project | |
8287 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
8288 | + * | |
8289 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
8290 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
8291 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
8292 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
8293 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
8294 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
8295 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
8296 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
8297 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
8298 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
8299 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
8300 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
8301 | + * | |
8302 | + */ | |
8303 | + | |
8304 | +#include <string.h> | |
8305 | +#include <openssl/err.h> | |
8306 | +#ifdef OPENSSL_FIPS | |
8307 | +#include <openssl/fips.h> | |
8308 | +#endif | |
8309 | +#include <openssl/evp.h> | |
8310 | + | |
8311 | +#ifdef OPENSSL_FIPS | |
8312 | +static const struct | |
8313 | + { | |
8314 | + const unsigned char key[16]; | |
8315 | + const unsigned char plaintext[16]; | |
8316 | + const unsigned char ciphertext[16]; | |
8317 | + } tests[]= | |
8318 | + { | |
8319 | + { | |
8320 | + { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, | |
8321 | + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F }, | |
8322 | + { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77, | |
8323 | + 0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF }, | |
8324 | + { 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30, | |
8325 | + 0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A }, | |
8326 | + }, | |
8327 | + }; | |
8328 | + | |
8329 | +static int corrupt_aes; | |
8330 | + | |
8331 | +void FIPS_corrupt_aes() | |
8332 | + { | |
8333 | + corrupt_aes = 1; | |
8334 | + } | |
8335 | + | |
8336 | +int FIPS_selftest_aes() | |
8337 | + { | |
8338 | + int n; | |
8339 | + int ret = 0; | |
8340 | + EVP_CIPHER_CTX ctx; | |
8341 | + EVP_CIPHER_CTX_init(&ctx); | |
8342 | + | |
8343 | + for(n=0 ; n < 1 ; ++n) | |
8344 | + { | |
8345 | + unsigned char key[16]; | |
8346 | + | |
8347 | + memcpy(key, tests[n].key, sizeof(key)); | |
8348 | + if (corrupt_aes) | |
8349 | + key[0]++; | |
8350 | + if (fips_cipher_test(&ctx, EVP_aes_128_ecb(), | |
8351 | + key, NULL, | |
8352 | + tests[n].plaintext, | |
8353 | + tests[n].ciphertext, | |
8354 | + 16) <= 0) | |
8355 | + goto err; | |
8356 | + } | |
8357 | + ret = 1; | |
8358 | + err: | |
8359 | + EVP_CIPHER_CTX_cleanup(&ctx); | |
8360 | + if (ret == 0) | |
8361 | + FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED); | |
8362 | + return ret; | |
8363 | + } | |
8364 | + | |
8365 | +/* AES-CCM test data from NIST public test vectors */ | |
8366 | + | |
8367 | +static const unsigned char ccm_key[] = { | |
8368 | + 0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6, | |
8369 | + 0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe8 | |
8370 | +}; | |
8371 | +static const unsigned char ccm_nonce[] = { | |
8372 | + 0x76,0x40,0x43,0xc4,0x94,0x60,0xb7 | |
8373 | +}; | |
8374 | +static const unsigned char ccm_adata[] = { | |
8375 | + 0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7, | |
8376 | + 0x5f,0x10,0xbd,0xe7,0x8c,0x23,0xfa,0x0e,0xb8,0xf9,0xaa,0xa5, | |
8377 | + 0x3a,0xde,0xfb,0xf4,0xcb,0xf7,0x8f,0xe4 | |
8378 | +}; | |
8379 | +static const unsigned char ccm_pt[] = { | |
8380 | + 0xc8,0xd2,0x75,0xf9,0x19,0xe1,0x7d,0x7f,0xe6,0x9c,0x2a,0x1f, | |
8381 | + 0x58,0x93,0x9d,0xfe,0x4d,0x40,0x37,0x91,0xb5,0xdf,0x13,0x10 | |
8382 | +}; | |
8383 | +static const unsigned char ccm_ct[] = { | |
8384 | + 0x8a,0x0f,0x3d,0x82,0x29,0xe4,0x8e,0x74,0x87,0xfd,0x95,0xa2, | |
8385 | + 0x8a,0xd3,0x92,0xc8,0x0b,0x36,0x81,0xd4,0xfb,0xc7,0xbb,0xfd | |
8386 | +}; | |
8387 | +static const unsigned char ccm_tag[] = { | |
8388 | + 0x2d,0xd6,0xef,0x1c,0x45,0xd4,0xcc,0xb7,0x23,0xdc,0x07,0x44, | |
8389 | + 0x14,0xdb,0x50,0x6d | |
8390 | +}; | |
8391 | + | |
8392 | +int FIPS_selftest_aes_ccm(void) | |
8393 | + { | |
8394 | + int ret = 0; | |
8395 | + unsigned char out[128], tag[16]; | |
8396 | + EVP_CIPHER_CTX ctx; | |
8397 | + EVP_CIPHER_CTX_init(&ctx); | |
8398 | + memset(out, 0, sizeof(out)); | |
8399 | + if (!EVP_CipherInit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 1)) | |
8400 | + goto err; | |
8401 | + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, | |
8402 | + sizeof(ccm_nonce), NULL)) | |
8403 | + goto err; | |
8404 | + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, | |
8405 | + sizeof(ccm_tag), NULL)) | |
8406 | + goto err; | |
8407 | + if (!EVP_CipherInit(&ctx, NULL, ccm_key, ccm_nonce, 1)) | |
8408 | + goto err; | |
8409 | + if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt)) | |
8410 | + goto err; | |
8411 | + if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0) | |
8412 | + goto err; | |
8413 | + if (EVP_Cipher(&ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct)) | |
8414 | + goto err; | |
8415 | + | |
8416 | + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, 16, tag)) | |
8417 | + goto err; | |
8418 | + if (memcmp(tag, ccm_tag, sizeof(ccm_tag)) | |
8419 | + || memcmp(out, ccm_ct, sizeof(ccm_ct))) | |
8420 | + goto err; | |
8421 | + | |
8422 | + memset(out, 0, sizeof(out)); | |
8423 | + | |
8424 | + if (!EVP_CipherInit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 0)) | |
8425 | + goto err; | |
8426 | + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, | |
8427 | + sizeof(ccm_nonce), NULL)) | |
8428 | + goto err; | |
8429 | + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag)) | |
8430 | + goto err; | |
8431 | + if (!EVP_CipherInit(&ctx, NULL, ccm_key, ccm_nonce, 0)) | |
8432 | + goto err; | |
8433 | + if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct)) | |
8434 | + goto err; | |
8435 | + if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0) | |
8436 | + goto err; | |
8437 | + if (EVP_Cipher(&ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt)) | |
8438 | + goto err; | |
8439 | + | |
8440 | + if (memcmp(out, ccm_pt, sizeof(ccm_pt))) | |
8441 | + goto err; | |
8442 | + | |
8443 | + ret = 1; | |
8444 | + | |
8445 | + err: | |
8446 | + EVP_CIPHER_CTX_cleanup(&ctx); | |
8447 | + | |
8448 | + if (ret == 0) | |
8449 | + { | |
8450 | + FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM,FIPS_R_SELFTEST_FAILED); | |
8451 | + return 0; | |
8452 | + } | |
8453 | + else | |
8454 | + return ret; | |
8455 | + | |
8456 | + } | |
8457 | + | |
8458 | +/* AES-GCM test data from NIST public test vectors */ | |
8459 | + | |
8460 | +static const unsigned char gcm_key[] = { | |
8461 | + 0xee,0xbc,0x1f,0x57,0x48,0x7f,0x51,0x92,0x1c,0x04,0x65,0x66, | |
8462 | + 0x5f,0x8a,0xe6,0xd1,0x65,0x8b,0xb2,0x6d,0xe6,0xf8,0xa0,0x69, | |
8463 | + 0xa3,0x52,0x02,0x93,0xa5,0x72,0x07,0x8f | |
8464 | +}; | |
8465 | +static const unsigned char gcm_iv[] = { | |
8466 | + 0x99,0xaa,0x3e,0x68,0xed,0x81,0x73,0xa0,0xee,0xd0,0x66,0x84 | |
8467 | +}; | |
8468 | +static const unsigned char gcm_pt[] = { | |
8469 | + 0xf5,0x6e,0x87,0x05,0x5b,0xc3,0x2d,0x0e,0xeb,0x31,0xb2,0xea, | |
8470 | + 0xcc,0x2b,0xf2,0xa5 | |
8471 | +}; | |
8472 | +static const unsigned char gcm_aad[] = { | |
8473 | + 0x4d,0x23,0xc3,0xce,0xc3,0x34,0xb4,0x9b,0xdb,0x37,0x0c,0x43, | |
8474 | + 0x7f,0xec,0x78,0xde | |
8475 | +}; | |
8476 | +static const unsigned char gcm_ct[] = { | |
8477 | + 0xf7,0x26,0x44,0x13,0xa8,0x4c,0x0e,0x7c,0xd5,0x36,0x86,0x7e, | |
8478 | + 0xb9,0xf2,0x17,0x36 | |
8479 | +}; | |
8480 | +static const unsigned char gcm_tag[] = { | |
8481 | + 0x67,0xba,0x05,0x10,0x26,0x2a,0xe4,0x87,0xd7,0x37,0xee,0x62, | |
8482 | + 0x98,0xf7,0x7e,0x0c | |
8483 | +}; | |
8484 | + | |
8485 | +int FIPS_selftest_aes_gcm(void) | |
8486 | + { | |
8487 | + int ret = 0; | |
8488 | + unsigned char out[128], tag[16]; | |
8489 | + EVP_CIPHER_CTX ctx; | |
8490 | + EVP_CIPHER_CTX_init(&ctx); | |
8491 | + memset(out, 0, sizeof(out)); | |
8492 | + memset(tag, 0, sizeof(tag)); | |
8493 | + if (!EVP_CipherInit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1)) | |
8494 | + goto err; | |
8495 | + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, | |
8496 | + sizeof(gcm_iv), NULL)) | |
8497 | + goto err; | |
8498 | + if (!EVP_CipherInit(&ctx, NULL, gcm_key, gcm_iv, 1)) | |
8499 | + goto err; | |
8500 | + if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) | |
8501 | + goto err; | |
8502 | + if (EVP_Cipher(&ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct)) | |
8503 | + goto err; | |
8504 | + if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0) | |
8505 | + goto err; | |
8506 | + | |
8507 | + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) | |
8508 | + goto err; | |
8509 | + | |
8510 | + if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16)) | |
8511 | + goto err; | |
8512 | + | |
8513 | + memset(out, 0, sizeof(out)); | |
8514 | + | |
8515 | + if (!EVP_CipherInit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0)) | |
8516 | + goto err; | |
8517 | + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, | |
8518 | + sizeof(gcm_iv), NULL)) | |
8519 | + goto err; | |
8520 | + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag)) | |
8521 | + goto err; | |
8522 | + if (!EVP_CipherInit(&ctx, NULL, gcm_key, gcm_iv, 0)) | |
8523 | + goto err; | |
8524 | + if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) | |
8525 | + goto err; | |
8526 | + if (EVP_Cipher(&ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt)) | |
8527 | + goto err; | |
8528 | + if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0) | |
8529 | + goto err; | |
8530 | + | |
8531 | + if (memcmp(out, gcm_pt, 16)) | |
8532 | + goto err; | |
8533 | + | |
8534 | + ret = 1; | |
8535 | + | |
8536 | + err: | |
8537 | + EVP_CIPHER_CTX_cleanup(&ctx); | |
8538 | + | |
8539 | + if (ret == 0) | |
8540 | + { | |
8541 | + FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED); | |
8542 | + return 0; | |
8543 | + } | |
8544 | + else | |
8545 | + return ret; | |
8546 | + | |
8547 | + } | |
8548 | + | |
8549 | + | |
8550 | +static const unsigned char XTS_128_key[] = { | |
8551 | + 0xa1,0xb9,0x0c,0xba,0x3f,0x06,0xac,0x35,0x3b,0x2c,0x34,0x38, | |
8552 | + 0x76,0x08,0x17,0x62,0x09,0x09,0x23,0x02,0x6e,0x91,0x77,0x18, | |
8553 | + 0x15,0xf2,0x9d,0xab,0x01,0x93,0x2f,0x2f | |
8554 | +}; | |
8555 | +static const unsigned char XTS_128_i[] = { | |
8556 | + 0x4f,0xae,0xf7,0x11,0x7c,0xda,0x59,0xc6,0x6e,0x4b,0x92,0x01, | |
8557 | + 0x3e,0x76,0x8a,0xd5 | |
8558 | +}; | |
8559 | +static const unsigned char XTS_128_pt[] = { | |
8560 | + 0xeb,0xab,0xce,0x95,0xb1,0x4d,0x3c,0x8d,0x6f,0xb3,0x50,0x39, | |
8561 | + 0x07,0x90,0x31,0x1c | |
8562 | +}; | |
8563 | +static const unsigned char XTS_128_ct[] = { | |
8564 | + 0x77,0x8a,0xe8,0xb4,0x3c,0xb9,0x8d,0x5a,0x82,0x50,0x81,0xd5, | |
8565 | + 0xbe,0x47,0x1c,0x63 | |
8566 | +}; | |
8567 | + | |
8568 | +static const unsigned char XTS_256_key[] = { | |
8569 | + 0x1e,0xa6,0x61,0xc5,0x8d,0x94,0x3a,0x0e,0x48,0x01,0xe4,0x2f, | |
8570 | + 0x4b,0x09,0x47,0x14,0x9e,0x7f,0x9f,0x8e,0x3e,0x68,0xd0,0xc7, | |
8571 | + 0x50,0x52,0x10,0xbd,0x31,0x1a,0x0e,0x7c,0xd6,0xe1,0x3f,0xfd, | |
8572 | + 0xf2,0x41,0x8d,0x8d,0x19,0x11,0xc0,0x04,0xcd,0xa5,0x8d,0xa3, | |
8573 | + 0xd6,0x19,0xb7,0xe2,0xb9,0x14,0x1e,0x58,0x31,0x8e,0xea,0x39, | |
8574 | + 0x2c,0xf4,0x1b,0x08 | |
8575 | +}; | |
8576 | +static const unsigned char XTS_256_i[] = { | |
8577 | + 0xad,0xf8,0xd9,0x26,0x27,0x46,0x4a,0xd2,0xf0,0x42,0x8e,0x84, | |
8578 | + 0xa9,0xf8,0x75,0x64 | |
8579 | +}; | |
8580 | +static const unsigned char XTS_256_pt[] = { | |
8581 | + 0x2e,0xed,0xea,0x52,0xcd,0x82,0x15,0xe1,0xac,0xc6,0x47,0xe8, | |
8582 | + 0x10,0xbb,0xc3,0x64,0x2e,0x87,0x28,0x7f,0x8d,0x2e,0x57,0xe3, | |
8583 | + 0x6c,0x0a,0x24,0xfb,0xc1,0x2a,0x20,0x2e | |
8584 | +}; | |
8585 | +static const unsigned char XTS_256_ct[] = { | |
8586 | + 0xcb,0xaa,0xd0,0xe2,0xf6,0xce,0xa3,0xf5,0x0b,0x37,0xf9,0x34, | |
8587 | + 0xd4,0x6a,0x9b,0x13,0x0b,0x9d,0x54,0xf0,0x7e,0x34,0xf3,0x6a, | |
8588 | + 0xf7,0x93,0xe8,0x6f,0x73,0xc6,0xd7,0xdb | |
8589 | +}; | |
8590 | + | |
8591 | +int FIPS_selftest_aes_xts() | |
8592 | + { | |
8593 | + int ret = 1; | |
8594 | + EVP_CIPHER_CTX ctx; | |
8595 | + EVP_CIPHER_CTX_init(&ctx); | |
8596 | + | |
8597 | + if (fips_cipher_test(&ctx, EVP_aes_128_xts(), | |
8598 | + XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct, | |
8599 | + sizeof(XTS_128_pt)) <= 0) | |
8600 | + ret = 0; | |
8601 | + | |
8602 | + if (fips_cipher_test(&ctx, EVP_aes_256_xts(), | |
8603 | + XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct, | |
8604 | + sizeof(XTS_256_pt)) <= 0) | |
8605 | + ret = 0; | |
8606 | + | |
8607 | + EVP_CIPHER_CTX_cleanup(&ctx); | |
8608 | + if (ret == 0) | |
8609 | + FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS,FIPS_R_SELFTEST_FAILED); | |
8610 | + return ret; | |
8611 | + } | |
8612 | + | |
8613 | +#endif | |
a7ff9508 MT |
8614 | diff -up openssl-1.0.1b/crypto/fips/fips.c.fips openssl-1.0.1b/crypto/fips/fips.c |
8615 | --- openssl-1.0.1b/crypto/fips/fips.c.fips 2012-04-26 18:00:51.401769321 +0200 | |
8616 | +++ openssl-1.0.1b/crypto/fips/fips.c 2012-04-26 18:00:51.401769321 +0200 | |
0595faf5 MT |
8617 | @@ -0,0 +1,489 @@ |
8618 | +/* ==================================================================== | |
8619 | + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. | |
8620 | + * | |
8621 | + * Redistribution and use in source and binary forms, with or without | |
8622 | + * modification, are permitted provided that the following conditions | |
8623 | + * are met: | |
8624 | + * | |
8625 | + * 1. Redistributions of source code must retain the above copyright | |
8626 | + * notice, this list of conditions and the following disclaimer. | |
8627 | + * | |
8628 | + * 2. Redistributions in binary form must reproduce the above copyright | |
8629 | + * notice, this list of conditions and the following disclaimer in | |
8630 | + * the documentation and/or other materials provided with the | |
8631 | + * distribution. | |
8632 | + * | |
8633 | + * 3. All advertising materials mentioning features or use of this | |
8634 | + * software must display the following acknowledgment: | |
8635 | + * "This product includes software developed by the OpenSSL Project | |
8636 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
8637 | + * | |
8638 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
8639 | + * endorse or promote products derived from this software without | |
8640 | + * prior written permission. For written permission, please contact | |
8641 | + * openssl-core@openssl.org. | |
8642 | + * | |
8643 | + * 5. Products derived from this software may not be called "OpenSSL" | |
8644 | + * nor may "OpenSSL" appear in their names without prior written | |
8645 | + * permission of the OpenSSL Project. | |
8646 | + * | |
8647 | + * 6. Redistributions of any form whatsoever must retain the following | |
8648 | + * acknowledgment: | |
8649 | + * "This product includes software developed by the OpenSSL Project | |
8650 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
8651 | + * | |
8652 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
8653 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
8654 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
8655 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
8656 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
8657 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
8658 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
8659 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
8660 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
8661 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
8662 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
8663 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
8664 | + * | |
8665 | + */ | |
8666 | + | |
8667 | +#define _GNU_SOURCE | |
8668 | + | |
8669 | +#include <openssl/rand.h> | |
8670 | +#include <openssl/fips_rand.h> | |
8671 | +#include <openssl/err.h> | |
8672 | +#include <openssl/bio.h> | |
8673 | +#include <openssl/hmac.h> | |
8674 | +#include <openssl/rsa.h> | |
8675 | +#include <string.h> | |
8676 | +#include <limits.h> | |
8677 | +#include <dlfcn.h> | |
8678 | +#include <stdio.h> | |
8679 | +#include <stdlib.h> | |
8680 | +#include "fips_locl.h" | |
8681 | + | |
8682 | +#ifdef OPENSSL_FIPS | |
8683 | + | |
8684 | +#include <openssl/fips.h> | |
8685 | + | |
8686 | +#ifndef PATH_MAX | |
8687 | +#define PATH_MAX 1024 | |
8688 | +#endif | |
8689 | + | |
8690 | +static int fips_selftest_fail = 0; | |
8691 | +static int fips_mode = 0; | |
8692 | +static int fips_started = 0; | |
8693 | + | |
8694 | +static int fips_is_owning_thread(void); | |
8695 | +static int fips_set_owning_thread(void); | |
8696 | +static int fips_clear_owning_thread(void); | |
8697 | + | |
8698 | +#define fips_w_lock() CRYPTO_w_lock(CRYPTO_LOCK_FIPS) | |
8699 | +#define fips_w_unlock() CRYPTO_w_unlock(CRYPTO_LOCK_FIPS) | |
8700 | +#define fips_r_lock() CRYPTO_r_lock(CRYPTO_LOCK_FIPS) | |
8701 | +#define fips_r_unlock() CRYPTO_r_unlock(CRYPTO_LOCK_FIPS) | |
8702 | + | |
8703 | +static void fips_set_mode(int onoff) | |
8704 | + { | |
8705 | + int owning_thread = fips_is_owning_thread(); | |
8706 | + | |
8707 | + if (fips_started) | |
8708 | + { | |
8709 | + if (!owning_thread) fips_w_lock(); | |
8710 | + fips_mode = onoff; | |
8711 | + if (!owning_thread) fips_w_unlock(); | |
8712 | + } | |
8713 | + } | |
8714 | + | |
8715 | +int FIPS_module_mode(void) | |
8716 | + { | |
8717 | + int ret = 0; | |
8718 | + int owning_thread = fips_is_owning_thread(); | |
8719 | + | |
8720 | + if (fips_started) | |
8721 | + { | |
8722 | + if (!owning_thread) fips_r_lock(); | |
8723 | + ret = fips_mode; | |
8724 | + if (!owning_thread) fips_r_unlock(); | |
8725 | + } | |
8726 | + return ret; | |
8727 | + } | |
8728 | + | |
8729 | +int FIPS_selftest_failed(void) | |
8730 | + { | |
8731 | + int ret = 0; | |
8732 | + if (fips_started) | |
8733 | + { | |
8734 | + int owning_thread = fips_is_owning_thread(); | |
8735 | + | |
8736 | + if (!owning_thread) fips_r_lock(); | |
8737 | + ret = fips_selftest_fail; | |
8738 | + if (!owning_thread) fips_r_unlock(); | |
8739 | + } | |
8740 | + return ret; | |
8741 | + } | |
8742 | + | |
8743 | +/* Selftest failure fatal exit routine. This will be called | |
8744 | + * during *any* cryptographic operation. It has the minimum | |
8745 | + * overhead possible to avoid too big a performance hit. | |
8746 | + */ | |
8747 | + | |
8748 | +void FIPS_selftest_check(void) | |
8749 | + { | |
8750 | + if (fips_selftest_fail) | |
8751 | + { | |
8752 | + OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE"); | |
8753 | + } | |
8754 | + } | |
8755 | + | |
8756 | +void fips_set_selftest_fail(void) | |
8757 | + { | |
8758 | + fips_selftest_fail = 1; | |
8759 | + } | |
8760 | + | |
8761 | +/* we implement what libfipscheck does ourselves */ | |
8762 | + | |
8763 | +static int | |
8764 | +get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen) | |
8765 | +{ | |
8766 | + Dl_info info; | |
8767 | + void *dl, *sym; | |
8768 | + int rv = -1; | |
8769 | + | |
8770 | + dl = dlopen(libname, RTLD_LAZY); | |
8771 | + if (dl == NULL) { | |
8772 | + return -1; | |
8773 | + } | |
8774 | + | |
8775 | + sym = dlsym(dl, symbolname); | |
8776 | + | |
8777 | + if (sym != NULL && dladdr(sym, &info)) { | |
8778 | + strncpy(path, info.dli_fname, pathlen-1); | |
8779 | + path[pathlen-1] = '\0'; | |
8780 | + rv = 0; | |
8781 | + } | |
8782 | + | |
8783 | + dlclose(dl); | |
8784 | + | |
8785 | + return rv; | |
8786 | +} | |
8787 | + | |
8788 | +static const char conv[] = "0123456789abcdef"; | |
8789 | + | |
8790 | +static char * | |
8791 | +bin2hex(void *buf, size_t len) | |
8792 | +{ | |
8793 | + char *hex, *p; | |
8794 | + unsigned char *src = buf; | |
8795 | + | |
8796 | + hex = malloc(len * 2 + 1); | |
8797 | + if (hex == NULL) | |
8798 | + return NULL; | |
8799 | + | |
8800 | + p = hex; | |
8801 | + | |
8802 | + while (len > 0) { | |
8803 | + unsigned c; | |
8804 | + | |
8805 | + c = *src; | |
8806 | + src++; | |
8807 | + | |
8808 | + *p = conv[c >> 4]; | |
8809 | + ++p; | |
8810 | + *p = conv[c & 0x0f]; | |
8811 | + ++p; | |
8812 | + --len; | |
8813 | + } | |
8814 | + *p = '\0'; | |
8815 | + return hex; | |
8816 | +} | |
8817 | + | |
8818 | +#define HMAC_PREFIX "." | |
8819 | +#define HMAC_SUFFIX ".hmac" | |
8820 | +#define READ_BUFFER_LENGTH 16384 | |
8821 | + | |
8822 | +static char * | |
8823 | +make_hmac_path(const char *origpath) | |
8824 | +{ | |
8825 | + char *path, *p; | |
8826 | + const char *fn; | |
8827 | + | |
8828 | + path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath)); | |
8829 | + if(path == NULL) { | |
8830 | + return NULL; | |
8831 | + } | |
8832 | + | |
8833 | + fn = strrchr(origpath, '/'); | |
8834 | + if (fn == NULL) { | |
8835 | + fn = origpath; | |
8836 | + } else { | |
8837 | + ++fn; | |
8838 | + } | |
8839 | + | |
8840 | + strncpy(path, origpath, fn-origpath); | |
8841 | + p = path + (fn - origpath); | |
8842 | + p = stpcpy(p, HMAC_PREFIX); | |
8843 | + p = stpcpy(p, fn); | |
8844 | + p = stpcpy(p, HMAC_SUFFIX); | |
8845 | + | |
8846 | + return path; | |
8847 | +} | |
8848 | + | |
8849 | +static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP"; | |
8850 | + | |
8851 | +static int | |
8852 | +compute_file_hmac(const char *path, void **buf, size_t *hmaclen) | |
8853 | +{ | |
8854 | + FILE *f = NULL; | |
8855 | + int rv = -1; | |
8856 | + unsigned char rbuf[READ_BUFFER_LENGTH]; | |
8857 | + size_t len; | |
8858 | + unsigned int hlen; | |
8859 | + HMAC_CTX c; | |
8860 | + | |
8861 | + HMAC_CTX_init(&c); | |
8862 | + | |
8863 | + f = fopen(path, "r"); | |
8864 | + | |
8865 | + if (f == NULL) { | |
8866 | + goto end; | |
8867 | + } | |
8868 | + | |
8869 | + HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256()); | |
8870 | + | |
8871 | + while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) { | |
8872 | + HMAC_Update(&c, rbuf, len); | |
8873 | + } | |
8874 | + | |
8875 | + len = sizeof(rbuf); | |
8876 | + /* reuse rbuf for hmac */ | |
8877 | + HMAC_Final(&c, rbuf, &hlen); | |
8878 | + | |
8879 | + *buf = malloc(hlen); | |
8880 | + if (*buf == NULL) { | |
8881 | + goto end; | |
8882 | + } | |
8883 | + | |
8884 | + *hmaclen = hlen; | |
8885 | + | |
8886 | + memcpy(*buf, rbuf, hlen); | |
8887 | + | |
8888 | + rv = 0; | |
8889 | +end: | |
8890 | + HMAC_CTX_cleanup(&c); | |
8891 | + | |
8892 | + if (f) | |
8893 | + fclose(f); | |
8894 | + | |
8895 | + return rv; | |
8896 | +} | |
8897 | + | |
8898 | +static int | |
8899 | +FIPSCHECK_verify(const char *libname, const char *symbolname) | |
8900 | +{ | |
8901 | + char path[PATH_MAX+1]; | |
8902 | + int rv; | |
8903 | + FILE *hf; | |
8904 | + char *hmacpath, *p; | |
8905 | + char *hmac = NULL; | |
8906 | + size_t n; | |
8907 | + | |
8908 | + rv = get_library_path(libname, symbolname, path, sizeof(path)); | |
8909 | + | |
8910 | + if (rv < 0) | |
8911 | + return 0; | |
8912 | + | |
8913 | + hmacpath = make_hmac_path(path); | |
8914 | + if (hmacpath == NULL) | |
8915 | + return 0; | |
8916 | + | |
8917 | + hf = fopen(hmacpath, "r"); | |
8918 | + if (hf == NULL) { | |
8919 | + free(hmacpath); | |
8920 | + return 0; | |
8921 | + } | |
8922 | + | |
8923 | + if (getline(&hmac, &n, hf) > 0) { | |
8924 | + void *buf; | |
8925 | + size_t hmaclen; | |
8926 | + char *hex; | |
8927 | + | |
8928 | + if ((p=strchr(hmac, '\n')) != NULL) | |
8929 | + *p = '\0'; | |
8930 | + | |
8931 | + if (compute_file_hmac(path, &buf, &hmaclen) < 0) { | |
8932 | + rv = -4; | |
8933 | + goto end; | |
8934 | + } | |
8935 | + | |
8936 | + if ((hex=bin2hex(buf, hmaclen)) == NULL) { | |
8937 | + free(buf); | |
8938 | + rv = -5; | |
8939 | + goto end; | |
8940 | + } | |
8941 | + | |
8942 | + if (strcmp(hex, hmac) != 0) { | |
8943 | + rv = -1; | |
8944 | + } | |
8945 | + free(buf); | |
8946 | + free(hex); | |
8947 | + } | |
8948 | + | |
8949 | +end: | |
8950 | + free(hmac); | |
8951 | + free(hmacpath); | |
8952 | + fclose(hf); | |
8953 | + | |
8954 | + if (rv < 0) | |
8955 | + return 0; | |
8956 | + | |
8957 | + /* check successful */ | |
8958 | + return 1; | |
8959 | +} | |
8960 | + | |
8961 | +int FIPS_module_mode_set(int onoff, const char *auth) | |
8962 | + { | |
8963 | + int ret = 0; | |
8964 | + | |
8965 | + fips_w_lock(); | |
8966 | + fips_started = 1; | |
8967 | + fips_set_owning_thread(); | |
8968 | + | |
8969 | + if(onoff) | |
8970 | + { | |
8971 | + | |
8972 | + fips_selftest_fail = 0; | |
8973 | + | |
8974 | + /* Don't go into FIPS mode twice, just so we can do automagic | |
8975 | + seeding */ | |
8976 | + if(FIPS_module_mode()) | |
8977 | + { | |
8978 | + FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET); | |
8979 | + fips_selftest_fail = 1; | |
8980 | + ret = 0; | |
8981 | + goto end; | |
8982 | + } | |
8983 | + | |
8984 | +#ifdef OPENSSL_IA32_SSE2 | |
8985 | + { | |
8986 | + extern unsigned int OPENSSL_ia32cap_P[2]; | |
8987 | + if ((OPENSSL_ia32cap_P[0] & (1<<25|1<<26)) != (1<<25|1<<26)) | |
8988 | + { | |
8989 | + FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_UNSUPPORTED_PLATFORM); | |
8990 | + fips_selftest_fail = 1; | |
8991 | + ret = 0; | |
8992 | + goto end; | |
8993 | + } | |
8994 | + OPENSSL_ia32cap_P[0] |= (1<<28); /* set "shared cache" */ | |
8995 | + OPENSSL_ia32cap_P[1] &= ~(1<<(60-32)); /* clear AVX */ | |
8996 | + } | |
8997 | +#endif | |
8998 | + | |
8999 | + if(!FIPSCHECK_verify("libcrypto.so." SHLIB_VERSION_NUMBER,"FIPS_mode_set")) | |
9000 | + { | |
9001 | + FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); | |
9002 | + fips_selftest_fail = 1; | |
9003 | + ret = 0; | |
9004 | + goto end; | |
9005 | + } | |
9006 | + | |
9007 | + if(!FIPSCHECK_verify("libssl.so." SHLIB_VERSION_NUMBER,"SSL_CTX_new")) | |
9008 | + { | |
9009 | + FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); | |
9010 | + fips_selftest_fail = 1; | |
9011 | + ret = 0; | |
9012 | + goto end; | |
9013 | + } | |
9014 | + | |
9015 | + if(FIPS_selftest()) | |
9016 | + fips_set_mode(onoff); | |
9017 | + else | |
9018 | + { | |
9019 | + fips_selftest_fail = 1; | |
9020 | + ret = 0; | |
9021 | + goto end; | |
9022 | + } | |
9023 | + ret = 1; | |
9024 | + goto end; | |
9025 | + } | |
9026 | + fips_set_mode(0); | |
9027 | + fips_selftest_fail = 0; | |
9028 | + ret = 1; | |
9029 | +end: | |
9030 | + fips_clear_owning_thread(); | |
9031 | + fips_w_unlock(); | |
9032 | + return ret; | |
9033 | + } | |
9034 | + | |
9035 | +static CRYPTO_THREADID fips_thread; | |
9036 | +static int fips_thread_set = 0; | |
9037 | + | |
9038 | +static int fips_is_owning_thread(void) | |
9039 | + { | |
9040 | + int ret = 0; | |
9041 | + | |
9042 | + if (fips_started) | |
9043 | + { | |
9044 | + CRYPTO_r_lock(CRYPTO_LOCK_FIPS2); | |
9045 | + if (fips_thread_set) | |
9046 | + { | |
9047 | + CRYPTO_THREADID cur; | |
9048 | + CRYPTO_THREADID_current(&cur); | |
9049 | + if (!CRYPTO_THREADID_cmp(&cur, &fips_thread)) | |
9050 | + ret = 1; | |
9051 | + } | |
9052 | + CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2); | |
9053 | + } | |
9054 | + return ret; | |
9055 | + } | |
9056 | + | |
9057 | +int fips_set_owning_thread(void) | |
9058 | + { | |
9059 | + int ret = 0; | |
9060 | + | |
9061 | + if (fips_started) | |
9062 | + { | |
9063 | + CRYPTO_w_lock(CRYPTO_LOCK_FIPS2); | |
9064 | + if (!fips_thread_set) | |
9065 | + { | |
9066 | + CRYPTO_THREADID_current(&fips_thread); | |
9067 | + ret = 1; | |
9068 | + fips_thread_set = 1; | |
9069 | + } | |
9070 | + CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2); | |
9071 | + } | |
9072 | + return ret; | |
9073 | + } | |
9074 | + | |
9075 | +int fips_clear_owning_thread(void) | |
9076 | + { | |
9077 | + int ret = 0; | |
9078 | + | |
9079 | + if (fips_started) | |
9080 | + { | |
9081 | + CRYPTO_w_lock(CRYPTO_LOCK_FIPS2); | |
9082 | + if (fips_thread_set) | |
9083 | + { | |
9084 | + CRYPTO_THREADID cur; | |
9085 | + CRYPTO_THREADID_current(&cur); | |
9086 | + if (!CRYPTO_THREADID_cmp(&cur, &fips_thread)) | |
9087 | + fips_thread_set = 0; | |
9088 | + } | |
9089 | + CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2); | |
9090 | + } | |
9091 | + return ret; | |
9092 | + } | |
9093 | + | |
9094 | + | |
9095 | +#if 0 | |
9096 | +/* The purpose of this is to ensure the error code exists and the function | |
9097 | + * name is to keep the error checking script quiet | |
9098 | + */ | |
9099 | +void hash_final(void) | |
9100 | + { | |
9101 | + FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); | |
9102 | + } | |
9103 | +#endif | |
9104 | + | |
9105 | + | |
9106 | +#endif | |
a7ff9508 MT |
9107 | diff -up openssl-1.0.1b/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_cmac_selftest.c |
9108 | --- openssl-1.0.1b/crypto/fips/fips_cmac_selftest.c.fips 2012-04-26 18:00:51.401769321 +0200 | |
9109 | +++ openssl-1.0.1b/crypto/fips/fips_cmac_selftest.c 2012-04-26 18:00:51.401769321 +0200 | |
0595faf5 MT |
9110 | @@ -0,0 +1,161 @@ |
9111 | +/* ==================================================================== | |
9112 | + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | |
9113 | + * | |
9114 | + * Redistribution and use in source and binary forms, with or without | |
9115 | + * modification, are permitted provided that the following conditions | |
9116 | + * are met: | |
9117 | + * | |
9118 | + * 1. Redistributions of source code must retain the above copyright | |
9119 | + * notice, this list of conditions and the following disclaimer. | |
9120 | + * | |
9121 | + * 2. Redistributions in binary form must reproduce the above copyright | |
9122 | + * notice, this list of conditions and the following disclaimer in | |
9123 | + * the documentation and/or other materials provided with the | |
9124 | + * distribution. | |
9125 | + * | |
9126 | + * 3. All advertising materials mentioning features or use of this | |
9127 | + * software must display the following acknowledgment: | |
9128 | + * "This product includes software developed by the OpenSSL Project | |
9129 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
9130 | + * | |
9131 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
9132 | + * endorse or promote products derived from this software without | |
9133 | + * prior written permission. For written permission, please contact | |
9134 | + * openssl-core@openssl.org. | |
9135 | + * | |
9136 | + * 5. Products derived from this software may not be called "OpenSSL" | |
9137 | + * nor may "OpenSSL" appear in their names without prior written | |
9138 | + * permission of the OpenSSL Project. | |
9139 | + * | |
9140 | + * 6. Redistributions of any form whatsoever must retain the following | |
9141 | + * acknowledgment: | |
9142 | + * "This product includes software developed by the OpenSSL Project | |
9143 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
9144 | + * | |
9145 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
9146 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
9147 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
9148 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
9149 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
9150 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
9151 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
9152 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
9153 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
9154 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
9155 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
9156 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
9157 | + * | |
9158 | + */ | |
9159 | + | |
9160 | +#include <string.h> | |
9161 | +#include <openssl/err.h> | |
9162 | +#include <openssl/fips.h> | |
9163 | +#include <openssl/cmac.h> | |
9164 | +#include "fips_locl.h" | |
9165 | + | |
9166 | +#ifdef OPENSSL_FIPS | |
9167 | +typedef struct { | |
9168 | + int nid; | |
9169 | + const unsigned char key[EVP_MAX_KEY_LENGTH]; size_t keysize; | |
9170 | + const unsigned char msg[64]; size_t msgsize; | |
9171 | + const unsigned char mac[32]; size_t macsize; | |
9172 | +} CMAC_KAT; | |
9173 | + | |
9174 | +/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */ | |
9175 | +static const CMAC_KAT vector[] = { | |
9176 | + { NID_aes_128_cbc, /* Count = 32 from CMACGenAES128.txt */ | |
9177 | + { 0x77,0xa7,0x7f,0xaf, 0x29,0x0c,0x1f,0xa3, | |
9178 | + 0x0c,0x68,0x3d,0xf1, 0x6b,0xa7,0xa7,0x7b, }, 128, | |
9179 | + { 0x02,0x06,0x83,0xe1, 0xf0,0x39,0x2f,0x4c, | |
9180 | + 0xac,0x54,0x31,0x8b, 0x60,0x29,0x25,0x9e, | |
9181 | + 0x9c,0x55,0x3d,0xbc, 0x4b,0x6a,0xd9,0x98, | |
9182 | + 0xe6,0x4d,0x58,0xe4, 0xe7,0xdc,0x2e,0x13, }, 256, | |
9183 | + { 0xfb,0xfe,0xa4,0x1b, }, 32 | |
9184 | + }, | |
9185 | + { NID_aes_192_cbc, /* Count = 23 from CMACGenAES192.txt */ | |
9186 | + { 0x7b,0x32,0x39,0x13, 0x69,0xaa,0x4c,0xa9, | |
9187 | + 0x75,0x58,0x09,0x5b, 0xe3,0xc3,0xec,0x86, | |
9188 | + 0x2b,0xd0,0x57,0xce, 0xf1,0xe3,0x2d,0x62, }, 192, | |
9189 | + { 0x0 }, 0, | |
9190 | + { 0xe4,0xd9,0x34,0x0b, 0x03,0xe6,0x7d,0xef, | |
9191 | + 0xd4,0x96,0x9c,0xc1, 0xed,0x37,0x35,0xe6, }, 128, | |
9192 | + }, | |
9193 | + { NID_aes_256_cbc, /* Count = 33 from CMACGenAES256.txt */ | |
9194 | + { 0x0b,0x12,0x2a,0xc8, 0xf3,0x4e,0xd1,0xfe, | |
9195 | + 0x08,0x2a,0x36,0x25, 0xd1,0x57,0x56,0x14, | |
9196 | + 0x54,0x16,0x7a,0xc1, 0x45,0xa1,0x0b,0xbf, | |
9197 | + 0x77,0xc6,0xa7,0x05, 0x96,0xd5,0x74,0xf1, }, 256, | |
9198 | + { 0x49,0x8b,0x53,0xfd, 0xec,0x87,0xed,0xcb, | |
9199 | + 0xf0,0x70,0x97,0xdc, 0xcd,0xe9,0x3a,0x08, | |
9200 | + 0x4b,0xad,0x75,0x01, 0xa2,0x24,0xe3,0x88, | |
9201 | + 0xdf,0x34,0x9c,0xe1, 0x89,0x59,0xfe,0x84, | |
9202 | + 0x85,0xf8,0xad,0x15, 0x37,0xf0,0xd8,0x96, | |
9203 | + 0xea,0x73,0xbe,0xdc, 0x72,0x14,0x71,0x3f, }, 384, | |
9204 | + { 0xf6,0x2c,0x46,0x32, 0x9b, }, 40, | |
9205 | + }, | |
9206 | + { NID_des_ede3_cbc, /* Count = 41 from CMACGenTDES3.req */ | |
9207 | + { 0x89,0xbc,0xd9,0x52, 0xa8,0xc8,0xab,0x37, | |
9208 | + 0x1a,0xf4,0x8a,0xc7, 0xd0,0x70,0x85,0xd5, | |
9209 | + 0xef,0xf7,0x02,0xe6, 0xd6,0x2c,0xdc,0x23, }, 192, | |
9210 | + { 0xfa,0x62,0x0c,0x1b, 0xbe,0x97,0x31,0x9e, | |
9211 | + 0x9a,0x0c,0xf0,0x49, 0x21,0x21,0xf7,0xa2, | |
9212 | + 0x0e,0xb0,0x8a,0x6a, 0x70,0x9d,0xcb,0xd0, | |
9213 | + 0x0a,0xaf,0x38,0xe4, 0xf9,0x9e,0x75,0x4e, }, 256, | |
9214 | + { 0x8f,0x49,0xa1,0xb7, 0xd6,0xaa,0x22,0x58, }, 64, | |
9215 | + }, | |
9216 | +}; | |
9217 | + | |
9218 | +int FIPS_selftest_cmac() | |
9219 | + { | |
9220 | + size_t n, outlen; | |
9221 | + unsigned char out[32]; | |
9222 | + const EVP_CIPHER *cipher; | |
9223 | + CMAC_CTX *ctx = CMAC_CTX_new(); | |
9224 | + const CMAC_KAT *t; | |
9225 | + int rv = 1; | |
9226 | + | |
9227 | + for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++) | |
9228 | + { | |
9229 | + cipher = FIPS_get_cipherbynid(t->nid); | |
9230 | + if (!cipher) | |
9231 | + { | |
9232 | + rv = -1; | |
9233 | + goto err; | |
9234 | + } | |
9235 | + if (!CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0)) | |
9236 | + { | |
9237 | + rv = -1; | |
9238 | + goto err; | |
9239 | + } | |
9240 | + if (!CMAC_Update(ctx, t->msg, t->msgsize/8)) | |
9241 | + { | |
9242 | + rv = -1; | |
9243 | + goto err; | |
9244 | + } | |
9245 | + | |
9246 | + if (!CMAC_Final(ctx, out, &outlen)) | |
9247 | + { | |
9248 | + rv = -1; | |
9249 | + goto err; | |
9250 | + } | |
9251 | + CMAC_CTX_cleanup(ctx); | |
9252 | + | |
9253 | + if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8)) | |
9254 | + { | |
9255 | + rv = 0; | |
9256 | + } | |
9257 | + } | |
9258 | + | |
9259 | + err: | |
9260 | + CMAC_CTX_free(ctx); | |
9261 | + | |
9262 | + if (rv == -1) | |
9263 | + { | |
9264 | + rv = 0; | |
9265 | + } | |
9266 | + if (!rv) | |
9267 | + FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED); | |
9268 | + | |
9269 | + return rv; | |
9270 | + } | |
9271 | +#endif | |
a7ff9508 MT |
9272 | diff -up openssl-1.0.1b/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_des_selftest.c |
9273 | --- openssl-1.0.1b/crypto/fips/fips_des_selftest.c.fips 2012-04-26 18:00:51.401769321 +0200 | |
9274 | +++ openssl-1.0.1b/crypto/fips/fips_des_selftest.c 2012-04-26 18:00:51.401769321 +0200 | |
0595faf5 MT |
9275 | @@ -0,0 +1,147 @@ |
9276 | +/* ==================================================================== | |
9277 | + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. | |
9278 | + * | |
9279 | + * Redistribution and use in source and binary forms, with or without | |
9280 | + * modification, are permitted provided that the following conditions | |
9281 | + * are met: | |
9282 | + * | |
9283 | + * 1. Redistributions of source code must retain the above copyright | |
9284 | + * notice, this list of conditions and the following disclaimer. | |
9285 | + * | |
9286 | + * 2. Redistributions in binary form must reproduce the above copyright | |
9287 | + * notice, this list of conditions and the following disclaimer in | |
9288 | + * the documentation and/or other materials provided with the | |
9289 | + * distribution. | |
9290 | + * | |
9291 | + * 3. All advertising materials mentioning features or use of this | |
9292 | + * software must display the following acknowledgment: | |
9293 | + * "This product includes software developed by the OpenSSL Project | |
9294 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
9295 | + * | |
9296 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
9297 | + * endorse or promote products derived from this software without | |
9298 | + * prior written permission. For written permission, please contact | |
9299 | + * openssl-core@openssl.org. | |
9300 | + * | |
9301 | + * 5. Products derived from this software may not be called "OpenSSL" | |
9302 | + * nor may "OpenSSL" appear in their names without prior written | |
9303 | + * permission of the OpenSSL Project. | |
9304 | + * | |
9305 | + * 6. Redistributions of any form whatsoever must retain the following | |
9306 | + * acknowledgment: | |
9307 | + * "This product includes software developed by the OpenSSL Project | |
9308 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
9309 | + * | |
9310 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
9311 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
9312 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
9313 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
9314 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
9315 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
9316 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
9317 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
9318 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
9319 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
9320 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
9321 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
9322 | + * | |
9323 | + */ | |
9324 | + | |
9325 | +#include <string.h> | |
9326 | +#include <openssl/err.h> | |
9327 | +#ifdef OPENSSL_FIPS | |
9328 | +#include <openssl/fips.h> | |
9329 | +#endif | |
9330 | +#include <openssl/evp.h> | |
9331 | +#include <openssl/opensslconf.h> | |
9332 | + | |
9333 | +#ifdef OPENSSL_FIPS | |
9334 | + | |
9335 | +static const struct | |
9336 | + { | |
9337 | + const unsigned char key[16]; | |
9338 | + const unsigned char plaintext[8]; | |
9339 | + const unsigned char ciphertext[8]; | |
9340 | + } tests2[]= | |
9341 | + { | |
9342 | + { | |
9343 | + { 0x7c,0x4f,0x6e,0xf7,0xa2,0x04,0x16,0xec, | |
9344 | + 0x0b,0x6b,0x7c,0x9e,0x5e,0x19,0xa7,0xc4 }, | |
9345 | + { 0x06,0xa7,0xd8,0x79,0xaa,0xce,0x69,0xef }, | |
9346 | + { 0x4c,0x11,0x17,0x55,0xbf,0xc4,0x4e,0xfd } | |
9347 | + }, | |
9348 | + { | |
9349 | + { 0x5d,0x9e,0x01,0xd3,0x25,0xc7,0x3e,0x34, | |
9350 | + 0x01,0x16,0x7c,0x85,0x23,0xdf,0xe0,0x68 }, | |
9351 | + { 0x9c,0x50,0x09,0x0f,0x5e,0x7d,0x69,0x7e }, | |
9352 | + { 0xd2,0x0b,0x18,0xdf,0xd9,0x0d,0x9e,0xff }, | |
9353 | + } | |
9354 | + }; | |
9355 | + | |
9356 | +static const struct | |
9357 | + { | |
9358 | + const unsigned char key[24]; | |
9359 | + const unsigned char plaintext[8]; | |
9360 | + const unsigned char ciphertext[8]; | |
9361 | + } tests3[]= | |
9362 | + { | |
9363 | + { | |
9364 | + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, | |
9365 | + 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10, | |
9366 | + 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 }, | |
9367 | + { 0x8f,0x8f,0xbf,0x9b,0x5d,0x48,0xb4,0x1c }, | |
9368 | + { 0x59,0x8c,0xe5,0xd3,0x6c,0xa2,0xea,0x1b }, | |
9369 | + }, | |
9370 | + { | |
9371 | + { 0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE, | |
9372 | + 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF, | |
9373 | + 0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 }, | |
9374 | + { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF }, | |
9375 | + { 0x11,0x25,0xb0,0x35,0xbe,0xa0,0x82,0x86 }, | |
9376 | + }, | |
9377 | + }; | |
9378 | + | |
9379 | + | |
9380 | +static int corrupt_des; | |
9381 | + | |
9382 | +void FIPS_corrupt_des() | |
9383 | + { | |
9384 | + corrupt_des = 1; | |
9385 | + } | |
9386 | + | |
9387 | +int FIPS_selftest_des() | |
9388 | + { | |
9389 | + int n, ret = 0; | |
9390 | + EVP_CIPHER_CTX ctx; | |
9391 | + EVP_CIPHER_CTX_init(&ctx); | |
9392 | + /* Encrypt/decrypt with 2-key 3DES and compare to known answers */ | |
9393 | + for(n=0 ; n < 2 ; ++n) | |
9394 | + { | |
9395 | + unsigned char plaintext[8]; | |
9396 | + | |
9397 | + memcpy(plaintext, tests2[n].plaintext, sizeof(plaintext)); | |
9398 | + if (corrupt_des) | |
9399 | + plaintext[0]++; | |
9400 | + if (!fips_cipher_test(&ctx, EVP_des_ede_ecb(), | |
9401 | + tests2[n].key, NULL, | |
9402 | + plaintext, tests2[n].ciphertext, 8)) | |
9403 | + goto err; | |
9404 | + } | |
9405 | + | |
9406 | + /* Encrypt/decrypt with 3DES and compare to known answers */ | |
9407 | + for(n=0 ; n < 2 ; ++n) | |
9408 | + { | |
9409 | + if (!fips_cipher_test(&ctx, EVP_des_ede3_ecb(), | |
9410 | + tests3[n].key, NULL, | |
9411 | + tests3[n].plaintext, tests3[n].ciphertext, 8)) | |
9412 | + goto err; | |
9413 | + } | |
9414 | + ret = 1; | |
9415 | + err: | |
9416 | + EVP_CIPHER_CTX_cleanup(&ctx); | |
9417 | + if (ret == 0) | |
9418 | + FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED); | |
9419 | + | |
9420 | + return ret; | |
9421 | + } | |
9422 | +#endif | |
a7ff9508 MT |
9423 | diff -up openssl-1.0.1b/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_ctr.c |
9424 | --- openssl-1.0.1b/crypto/fips/fips_drbg_ctr.c.fips 2012-04-26 18:00:51.401769321 +0200 | |
9425 | +++ openssl-1.0.1b/crypto/fips/fips_drbg_ctr.c 2012-04-26 18:00:51.402769343 +0200 | |
0595faf5 MT |
9426 | @@ -0,0 +1,436 @@ |
9427 | +/* fips/rand/fips_drbg_ctr.c */ | |
9428 | +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
9429 | + * project. | |
9430 | + */ | |
9431 | +/* ==================================================================== | |
9432 | + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | |
9433 | + * | |
9434 | + * Redistribution and use in source and binary forms, with or without | |
9435 | + * modification, are permitted provided that the following conditions | |
9436 | + * are met: | |
9437 | + * | |
9438 | + * 1. Redistributions of source code must retain the above copyright | |
9439 | + * notice, this list of conditions and the following disclaimer. | |
9440 | + * | |
9441 | + * 2. Redistributions in binary form must reproduce the above copyright | |
9442 | + * notice, this list of conditions and the following disclaimer in | |
9443 | + * the documentation and/or other materials provided with the | |
9444 | + * distribution. | |
9445 | + * | |
9446 | + * 3. All advertising materials mentioning features or use of this | |
9447 | + * software must display the following acknowledgment: | |
9448 | + * "This product includes software developed by the OpenSSL Project | |
9449 | + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
9450 | + * | |
9451 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
9452 | + * endorse or promote products derived from this software without | |
9453 | + * prior written permission. For written permission, please contact | |
9454 | + * licensing@OpenSSL.org. | |
9455 | + * | |
9456 | + * 5. Products derived from this software may not be called "OpenSSL" | |
9457 | + * nor may "OpenSSL" appear in their names without prior written | |
9458 | + * permission of the OpenSSL Project. | |
9459 | + * | |
9460 | + * 6. Redistributions of any form whatsoever must retain the following | |
9461 | + * acknowledgment: | |
9462 | + * "This product includes software developed by the OpenSSL Project | |
9463 | + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
9464 | + * | |
9465 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
9466 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
9467 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
9468 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
9469 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
9470 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
9471 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
9472 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
9473 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
9474 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
9475 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
9476 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
9477 | + * ==================================================================== | |
9478 | + */ | |
9479 | + | |
9480 | +#include <stdlib.h> | |
9481 | +#include <string.h> | |
9482 | +#include <openssl/crypto.h> | |
9483 | +#include <openssl/fips.h> | |
9484 | +#include <openssl/fips_rand.h> | |
9485 | +#include "fips_rand_lcl.h" | |
9486 | + | |
9487 | +static void inc_128(DRBG_CTR_CTX *cctx) | |
9488 | + { | |
9489 | + int i; | |
9490 | + unsigned char c; | |
9491 | + unsigned char *p = cctx->V + 15; | |
9492 | + for (i = 0; i < 16; i++) | |
9493 | + { | |
9494 | + c = *p; | |
9495 | + c++; | |
9496 | + *p = c; | |
9497 | + if (c) | |
9498 | + return; | |
9499 | + p--; | |
9500 | + } | |
9501 | + } | |
9502 | + | |
9503 | +static void ctr_XOR(DRBG_CTR_CTX *cctx, const unsigned char *in, size_t inlen) | |
9504 | + { | |
9505 | + size_t i, n; | |
9506 | + /* Any zero padding will have no effect on the result as we | |
9507 | + * are XORing. So just process however much input we have. | |
9508 | + */ | |
9509 | + | |
9510 | + if (!in || !inlen) | |
9511 | + return; | |
9512 | + | |
9513 | + if (inlen < cctx->keylen) | |
9514 | + n = inlen; | |
9515 | + else | |
9516 | + n = cctx->keylen; | |
9517 | + | |
9518 | + for (i = 0; i < n; i++) | |
9519 | + cctx->K[i] ^= in[i]; | |
9520 | + if (inlen <= cctx->keylen) | |
9521 | + return; | |
9522 | + | |
9523 | + n = inlen - cctx->keylen; | |
9524 | + /* Should never happen */ | |
9525 | + if (n > 16) | |
9526 | + n = 16; | |
9527 | + for (i = 0; i < 16; i++) | |
9528 | + cctx->V[i] ^= in[i + cctx->keylen]; | |
9529 | + } | |
9530 | + | |
9531 | +/* Process a complete block using BCC algorithm of SPP 800-90 10.4.3 */ | |
9532 | + | |
9533 | +static void ctr_BCC_block(DRBG_CTR_CTX *cctx, unsigned char *out, | |
9534 | + const unsigned char *in) | |
9535 | + { | |
9536 | + int i; | |
9537 | + for (i = 0; i < 16; i++) | |
9538 | + out[i] ^= in[i]; | |
9539 | + AES_encrypt(out, out, &cctx->df_ks); | |
9540 | +#if 0 | |
9541 | +fprintf(stderr, "BCC in+out\n"); | |
9542 | +BIO_dump_fp(stderr, in, 16); | |
9543 | +BIO_dump_fp(stderr, out, 16); | |
9544 | +#endif | |
9545 | + } | |
9546 | + | |
9547 | +/* Handle several BCC operations for as much data as we need for K and X */ | |
9548 | +static void ctr_BCC_blocks(DRBG_CTR_CTX *cctx, const unsigned char *in) | |
9549 | + { | |
9550 | + ctr_BCC_block(cctx, cctx->KX, in); | |
9551 | + ctr_BCC_block(cctx, cctx->KX + 16, in); | |
9552 | + if (cctx->keylen != 16) | |
9553 | + ctr_BCC_block(cctx, cctx->KX + 32, in); | |
9554 | + } | |
9555 | +/* Initialise BCC blocks: these have the value 0,1,2 in leftmost positions: | |
9556 | + * see 10.4.2 stage 7. | |
9557 | + */ | |
9558 | +static void ctr_BCC_init(DRBG_CTR_CTX *cctx) | |
9559 | + { | |
9560 | + memset(cctx->KX, 0, 48); | |
9561 | + memset(cctx->bltmp, 0, 16); | |
9562 | + ctr_BCC_block(cctx, cctx->KX, cctx->bltmp); | |
9563 | + cctx->bltmp[3] = 1; | |
9564 | + ctr_BCC_block(cctx, cctx->KX + 16, cctx->bltmp); | |
9565 | + if (cctx->keylen != 16) | |
9566 | + { | |
9567 | + cctx->bltmp[3] = 2; | |
9568 | + ctr_BCC_block(cctx, cctx->KX + 32, cctx->bltmp); | |
9569 | + } | |
9570 | + } | |
9571 | + | |
9572 | +/* Process several blocks into BCC algorithm, some possibly partial */ | |
9573 | +static void ctr_BCC_update(DRBG_CTR_CTX *cctx, | |
9574 | + const unsigned char *in, size_t inlen) | |
9575 | + { | |
9576 | + if (!in || !inlen) | |
9577 | + return; | |
9578 | + /* If we have partial block handle it first */ | |
9579 | + if (cctx->bltmp_pos) | |
9580 | + { | |
9581 | + size_t left = 16 - cctx->bltmp_pos; | |
9582 | + /* If we now have a complete block process it */ | |
9583 | + if (inlen >= left) | |
9584 | + { | |
9585 | + memcpy(cctx->bltmp + cctx->bltmp_pos, in, left); | |
9586 | + ctr_BCC_blocks(cctx, cctx->bltmp); | |
9587 | + cctx->bltmp_pos = 0; | |
9588 | + inlen -= left; | |
9589 | + in += left; | |
9590 | + } | |
9591 | + } | |
9592 | + /* Process zero or more complete blocks */ | |
9593 | + while (inlen >= 16) | |
9594 | + { | |
9595 | + ctr_BCC_blocks(cctx, in); | |
9596 | + in += 16; | |
9597 | + inlen -= 16; | |
9598 | + } | |
9599 | + /* Copy any remaining partial block to the temporary buffer */ | |
9600 | + if (inlen > 0) | |
9601 | + { | |
9602 | + memcpy(cctx->bltmp + cctx->bltmp_pos, in, inlen); | |
9603 | + cctx->bltmp_pos += inlen; | |
9604 | + } | |
9605 | + } | |
9606 | + | |
9607 | +static void ctr_BCC_final(DRBG_CTR_CTX *cctx) | |
9608 | + { | |
9609 | + if (cctx->bltmp_pos) | |
9610 | + { | |
9611 | + memset(cctx->bltmp + cctx->bltmp_pos, 0, 16 - cctx->bltmp_pos); | |
9612 | + ctr_BCC_blocks(cctx, cctx->bltmp); | |
9613 | + } | |
9614 | + } | |
9615 | + | |
9616 | +static void ctr_df(DRBG_CTR_CTX *cctx, | |
9617 | + const unsigned char *in1, size_t in1len, | |
9618 | + const unsigned char *in2, size_t in2len, | |
9619 | + const unsigned char *in3, size_t in3len) | |
9620 | + { | |
9621 | + size_t inlen; | |
9622 | + unsigned char *p = cctx->bltmp; | |
9623 | + static unsigned char c80 = 0x80; | |
9624 | + | |
9625 | + ctr_BCC_init(cctx); | |
9626 | + if (!in1) | |
9627 | + in1len = 0; | |
9628 | + if (!in2) | |
9629 | + in2len = 0; | |
9630 | + if (!in3) | |
9631 | + in3len = 0; | |
9632 | + inlen = in1len + in2len + in3len; | |
9633 | + /* Initialise L||N in temporary block */ | |
9634 | + *p++ = (inlen >> 24) & 0xff; | |
9635 | + *p++ = (inlen >> 16) & 0xff; | |
9636 | + *p++ = (inlen >> 8) & 0xff; | |
9637 | + *p++ = inlen & 0xff; | |
9638 | + /* NB keylen is at most 32 bytes */ | |
9639 | + *p++ = 0; | |
9640 | + *p++ = 0; | |
9641 | + *p++ = 0; | |
9642 | + *p = (unsigned char)((cctx->keylen + 16) & 0xff); | |
9643 | + cctx->bltmp_pos = 8; | |
9644 | + ctr_BCC_update(cctx, in1, in1len); | |
9645 | + ctr_BCC_update(cctx, in2, in2len); | |
9646 | + ctr_BCC_update(cctx, in3, in3len); | |
9647 | + ctr_BCC_update(cctx, &c80, 1); | |
9648 | + ctr_BCC_final(cctx); | |
9649 | + /* Set up key K */ | |
9650 | + AES_set_encrypt_key(cctx->KX, cctx->keylen * 8, &cctx->df_kxks); | |
9651 | + /* X follows key K */ | |
9652 | + AES_encrypt(cctx->KX + cctx->keylen, cctx->KX, &cctx->df_kxks); | |
9653 | + AES_encrypt(cctx->KX, cctx->KX + 16, &cctx->df_kxks); | |
9654 | + if (cctx->keylen != 16) | |
9655 | + AES_encrypt(cctx->KX + 16, cctx->KX + 32, &cctx->df_kxks); | |
9656 | +#if 0 | |
9657 | +fprintf(stderr, "Output of ctr_df:\n"); | |
9658 | +BIO_dump_fp(stderr, cctx->KX, cctx->keylen + 16); | |
9659 | +#endif | |
9660 | + } | |
9661 | + | |
9662 | +/* NB the no-df Update in SP800-90 specifies a constant input length | |
9663 | + * of seedlen, however other uses of this algorithm pad the input with | |
9664 | + * zeroes if necessary and have up to two parameters XORed together, | |
9665 | + * handle both cases in this function instead. | |
9666 | + */ | |
9667 | + | |
9668 | +static void ctr_Update(DRBG_CTX *dctx, | |
9669 | + const unsigned char *in1, size_t in1len, | |
9670 | + const unsigned char *in2, size_t in2len, | |
9671 | + const unsigned char *nonce, size_t noncelen) | |
9672 | + { | |
9673 | + DRBG_CTR_CTX *cctx = &dctx->d.ctr; | |
9674 | + /* ks is already setup for correct key */ | |
9675 | + inc_128(cctx); | |
9676 | + AES_encrypt(cctx->V, cctx->K, &cctx->ks); | |
9677 | + /* If keylen longer than 128 bits need extra encrypt */ | |
9678 | + if (cctx->keylen != 16) | |
9679 | + { | |
9680 | + inc_128(cctx); | |
9681 | + AES_encrypt(cctx->V, cctx->K + 16, &cctx->ks); | |
9682 | + } | |
9683 | + inc_128(cctx); | |
9684 | + AES_encrypt(cctx->V, cctx->V, &cctx->ks); | |
9685 | + /* If 192 bit key part of V is on end of K */ | |
9686 | + if (cctx->keylen == 24) | |
9687 | + { | |
9688 | + memcpy(cctx->V + 8, cctx->V, 8); | |
9689 | + memcpy(cctx->V, cctx->K + 24, 8); | |
9690 | + } | |
9691 | + | |
9692 | + if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) | |
9693 | + { | |
9694 | + /* If no input reuse existing derived value */ | |
9695 | + if (in1 || nonce || in2) | |
9696 | + ctr_df(cctx, in1, in1len, nonce, noncelen, in2, in2len); | |
9697 | + /* If this a reuse input in1len != 0 */ | |
9698 | + if (in1len) | |
9699 | + ctr_XOR(cctx, cctx->KX, dctx->seedlen); | |
9700 | + } | |
9701 | + else | |
9702 | + { | |
9703 | + ctr_XOR(cctx, in1, in1len); | |
9704 | + ctr_XOR(cctx, in2, in2len); | |
9705 | + } | |
9706 | + | |
9707 | + AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks); | |
9708 | +#if 0 | |
9709 | +fprintf(stderr, "K+V after update is:\n"); | |
9710 | +BIO_dump_fp(stderr, cctx->K, cctx->keylen); | |
9711 | +BIO_dump_fp(stderr, cctx->V, 16); | |
9712 | +#endif | |
9713 | + } | |
9714 | + | |
9715 | +static int drbg_ctr_instantiate(DRBG_CTX *dctx, | |
9716 | + const unsigned char *ent, size_t entlen, | |
9717 | + const unsigned char *nonce, size_t noncelen, | |
9718 | + const unsigned char *pers, size_t perslen) | |
9719 | + { | |
9720 | + DRBG_CTR_CTX *cctx = &dctx->d.ctr; | |
9721 | + memset(cctx->K, 0, sizeof(cctx->K)); | |
9722 | + memset(cctx->V, 0, sizeof(cctx->V)); | |
9723 | + AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks); | |
9724 | + ctr_Update(dctx, ent, entlen, pers, perslen, nonce, noncelen); | |
9725 | + return 1; | |
9726 | + } | |
9727 | + | |
9728 | +static int drbg_ctr_reseed(DRBG_CTX *dctx, | |
9729 | + const unsigned char *ent, size_t entlen, | |
9730 | + const unsigned char *adin, size_t adinlen) | |
9731 | + { | |
9732 | + ctr_Update(dctx, ent, entlen, adin, adinlen, NULL, 0); | |
9733 | + return 1; | |
9734 | + } | |
9735 | + | |
9736 | +static int drbg_ctr_generate(DRBG_CTX *dctx, | |
9737 | + unsigned char *out, size_t outlen, | |
9738 | + const unsigned char *adin, size_t adinlen) | |
9739 | + { | |
9740 | + DRBG_CTR_CTX *cctx = &dctx->d.ctr; | |
9741 | + if (adin && adinlen) | |
9742 | + { | |
9743 | + ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0); | |
9744 | + /* This means we reuse derived value */ | |
9745 | + if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) | |
9746 | + { | |
9747 | + adin = NULL; | |
9748 | + adinlen = 1; | |
9749 | + } | |
9750 | + } | |
9751 | + else | |
9752 | + adinlen = 0; | |
9753 | + | |
9754 | + for (;;) | |
9755 | + { | |
9756 | + inc_128(cctx); | |
9757 | + if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid) | |
9758 | + { | |
9759 | + AES_encrypt(cctx->V, dctx->lb, &cctx->ks); | |
9760 | + dctx->lb_valid = 1; | |
9761 | + continue; | |
9762 | + } | |
9763 | + if (outlen < 16) | |
9764 | + { | |
9765 | + /* Use K as temp space as it will be updated */ | |
9766 | + AES_encrypt(cctx->V, cctx->K, &cctx->ks); | |
9767 | + if (!fips_drbg_cprng_test(dctx, cctx->K)) | |
9768 | + return 0; | |
9769 | + memcpy(out, cctx->K, outlen); | |
9770 | + break; | |
9771 | + } | |
9772 | + AES_encrypt(cctx->V, out, &cctx->ks); | |
9773 | + if (!fips_drbg_cprng_test(dctx, out)) | |
9774 | + return 0; | |
9775 | + out += 16; | |
9776 | + outlen -= 16; | |
9777 | + if (outlen == 0) | |
9778 | + break; | |
9779 | + } | |
9780 | + | |
9781 | + ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0); | |
9782 | + | |
9783 | + return 1; | |
9784 | + | |
9785 | + } | |
9786 | + | |
9787 | +static int drbg_ctr_uninstantiate(DRBG_CTX *dctx) | |
9788 | + { | |
9789 | + memset(&dctx->d.ctr, 0, sizeof(DRBG_CTR_CTX)); | |
9790 | + return 1; | |
9791 | + } | |
9792 | + | |
9793 | +int fips_drbg_ctr_init(DRBG_CTX *dctx) | |
9794 | + { | |
9795 | + DRBG_CTR_CTX *cctx = &dctx->d.ctr; | |
9796 | + | |
9797 | + size_t keylen; | |
9798 | + | |
9799 | + switch (dctx->type) | |
9800 | + { | |
9801 | + case NID_aes_128_ctr: | |
9802 | + keylen = 16; | |
9803 | + break; | |
9804 | + | |
9805 | + case NID_aes_192_ctr: | |
9806 | + keylen = 24; | |
9807 | + break; | |
9808 | + | |
9809 | + case NID_aes_256_ctr: | |
9810 | + keylen = 32; | |
9811 | + break; | |
9812 | + | |
9813 | + default: | |
9814 | + return -2; | |
9815 | + } | |
9816 | + | |
9817 | + dctx->instantiate = drbg_ctr_instantiate; | |
9818 | + dctx->reseed = drbg_ctr_reseed; | |
9819 | + dctx->generate = drbg_ctr_generate; | |
9820 | + dctx->uninstantiate = drbg_ctr_uninstantiate; | |
9821 | + | |
9822 | + cctx->keylen = keylen; | |
9823 | + dctx->strength = keylen * 8; | |
9824 | + dctx->blocklength = 16; | |
9825 | + dctx->seedlen = keylen + 16; | |
9826 | + | |
9827 | + if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) | |
9828 | + { | |
9829 | + /* df initialisation */ | |
9830 | + static unsigned char df_key[32] = | |
9831 | + { | |
9832 | + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, | |
9833 | + 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f, | |
9834 | + 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17, | |
9835 | + 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f | |
9836 | + }; | |
9837 | + /* Set key schedule for df_key */ | |
9838 | + AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks); | |
9839 | + | |
9840 | + dctx->min_entropy = cctx->keylen; | |
9841 | + dctx->max_entropy = DRBG_MAX_LENGTH; | |
9842 | + dctx->min_nonce = dctx->min_entropy / 2; | |
9843 | + dctx->max_nonce = DRBG_MAX_LENGTH; | |
9844 | + dctx->max_pers = DRBG_MAX_LENGTH; | |
9845 | + dctx->max_adin = DRBG_MAX_LENGTH; | |
9846 | + } | |
9847 | + else | |
9848 | + { | |
9849 | + dctx->min_entropy = dctx->seedlen; | |
9850 | + dctx->max_entropy = dctx->seedlen; | |
9851 | + /* Nonce not used */ | |
9852 | + dctx->min_nonce = 0; | |
9853 | + dctx->max_nonce = 0; | |
9854 | + dctx->max_pers = dctx->seedlen; | |
9855 | + dctx->max_adin = dctx->seedlen; | |
9856 | + } | |
9857 | + | |
9858 | + dctx->max_request = 1<<16; | |
9859 | + dctx->reseed_interval = 1<<24; | |
9860 | + | |
9861 | + return 1; | |
9862 | + } | |
a7ff9508 MT |
9863 | diff -up openssl-1.0.1b/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_hash.c |
9864 | --- openssl-1.0.1b/crypto/fips/fips_drbg_hash.c.fips 2012-04-26 18:00:51.402769343 +0200 | |
9865 | +++ openssl-1.0.1b/crypto/fips/fips_drbg_hash.c 2012-04-26 18:00:51.402769343 +0200 | |
0595faf5 MT |
9866 | @@ -0,0 +1,378 @@ |
9867 | +/* fips/rand/fips_drbg_hash.c */ | |
9868 | +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
9869 | + * project. | |
9870 | + */ | |
9871 | +/* ==================================================================== | |
9872 | + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | |
9873 | + * | |
9874 | + * Redistribution and use in source and binary forms, with or without | |
9875 | + * modification, are permitted provided that the following conditions | |
9876 | + * are met: | |
9877 | + * | |
9878 | + * 1. Redistributions of source code must retain the above copyright | |
9879 | + * notice, this list of conditions and the following disclaimer. | |
9880 | + * | |
9881 | + * 2. Redistributions in binary form must reproduce the above copyright | |
9882 | + * notice, this list of conditions and the following disclaimer in | |
9883 | + * the documentation and/or other materials provided with the | |
9884 | + * distribution. | |
9885 | + * | |
9886 | + * 3. All advertising materials mentioning features or use of this | |
9887 | + * software must display the following acknowledgment: | |
9888 | + * "This product includes software developed by the OpenSSL Project | |
9889 | + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
9890 | + * | |
9891 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
9892 | + * endorse or promote products derived from this software without | |
9893 | + * prior written permission. For written permission, please contact | |
9894 | + * licensing@OpenSSL.org. | |
9895 | + * | |
9896 | + * 5. Products derived from this software may not be called "OpenSSL" | |
9897 | + * nor may "OpenSSL" appear in their names without prior written | |
9898 | + * permission of the OpenSSL Project. | |
9899 | + * | |
9900 | + * 6. Redistributions of any form whatsoever must retain the following | |
9901 | + * acknowledgment: | |
9902 | + * "This product includes software developed by the OpenSSL Project | |
9903 | + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
9904 | + * | |
9905 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
9906 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
9907 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
9908 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
9909 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
9910 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
9911 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
9912 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
9913 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
9914 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
9915 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
9916 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
9917 | + * ==================================================================== | |
9918 | + */ | |
9919 | + | |
9920 | +#define OPENSSL_FIPSAPI | |
9921 | + | |
9922 | +#include <stdlib.h> | |
9923 | +#include <string.h> | |
9924 | +#include <openssl/crypto.h> | |
9925 | +#include <openssl/fips.h> | |
9926 | +#include <openssl/fips_rand.h> | |
9927 | +#include "fips_rand_lcl.h" | |
9928 | + | |
9929 | +/* This is Hash_df from SP 800-90 10.4.1 */ | |
9930 | + | |
9931 | +static int hash_df(DRBG_CTX *dctx, unsigned char *out, | |
9932 | + const unsigned char *in1, size_t in1len, | |
9933 | + const unsigned char *in2, size_t in2len, | |
9934 | + const unsigned char *in3, size_t in3len, | |
9935 | + const unsigned char *in4, size_t in4len) | |
9936 | + { | |
9937 | + EVP_MD_CTX *mctx = &dctx->d.hash.mctx; | |
9938 | + unsigned char *vtmp = dctx->d.hash.vtmp; | |
9939 | + unsigned char tmp[6]; | |
9940 | + /* Standard only ever needs seedlen bytes which is always less than | |
9941 | + * maximum permitted so no need to check length. | |
9942 | + */ | |
9943 | + size_t outlen = dctx->seedlen; | |
9944 | + tmp[0] = 1; | |
9945 | + tmp[1] = ((outlen * 8) >> 24) & 0xff; | |
9946 | + tmp[2] = ((outlen * 8) >> 16) & 0xff; | |
9947 | + tmp[3] = ((outlen * 8) >> 8) & 0xff; | |
9948 | + tmp[4] = (outlen * 8) & 0xff; | |
9949 | + if (!in1) | |
9950 | + { | |
9951 | + tmp[5] = (unsigned char)in1len; | |
9952 | + in1 = tmp + 5; | |
9953 | + in1len = 1; | |
9954 | + } | |
9955 | + for (;;) | |
9956 | + { | |
9957 | + if (!FIPS_digestinit(mctx, dctx->d.hash.md)) | |
9958 | + return 0; | |
9959 | + if (!FIPS_digestupdate(mctx, tmp, 5)) | |
9960 | + return 0; | |
9961 | + if (in1 && !FIPS_digestupdate(mctx, in1, in1len)) | |
9962 | + return 0; | |
9963 | + if (in2 && !FIPS_digestupdate(mctx, in2, in2len)) | |
9964 | + return 0; | |
9965 | + if (in3 && !FIPS_digestupdate(mctx, in3, in3len)) | |
9966 | + return 0; | |
9967 | + if (in4 && !FIPS_digestupdate(mctx, in4, in4len)) | |
9968 | + return 0; | |
9969 | + if (outlen < dctx->blocklength) | |
9970 | + { | |
9971 | + if (!FIPS_digestfinal(mctx, vtmp, NULL)) | |
9972 | + return 0; | |
9973 | + memcpy(out, vtmp, outlen); | |
9974 | + OPENSSL_cleanse(vtmp, dctx->blocklength); | |
9975 | + return 1; | |
9976 | + } | |
9977 | + else if(!FIPS_digestfinal(mctx, out, NULL)) | |
9978 | + return 0; | |
9979 | + | |
9980 | + outlen -= dctx->blocklength; | |
9981 | + if (outlen == 0) | |
9982 | + return 1; | |
9983 | + tmp[0]++; | |
9984 | + out += dctx->blocklength; | |
9985 | + } | |
9986 | + } | |
9987 | + | |
9988 | + | |
9989 | +/* Add an unsigned buffer to the buf value, storing the result in buf. For | |
9990 | + * this algorithm the length of input never exceeds the seed length. | |
9991 | + */ | |
9992 | + | |
9993 | +static void ctx_add_buf(DRBG_CTX *dctx, unsigned char *buf, | |
9994 | + unsigned char *in, size_t inlen) | |
9995 | + { | |
9996 | + size_t i = inlen; | |
9997 | + const unsigned char *q; | |
9998 | + unsigned char c, *p; | |
9999 | + p = buf + dctx->seedlen; | |
10000 | + q = in + inlen; | |
10001 | + | |
10002 | + OPENSSL_assert(i <= dctx->seedlen); | |
10003 | + | |
10004 | + /* Special case: zero length, just increment buffer */ | |
10005 | + if (i) | |
10006 | + c = 0; | |
10007 | + else | |
10008 | + c = 1; | |
10009 | + | |
10010 | + while (i) | |
10011 | + { | |
10012 | + int r; | |
10013 | + p--; | |
10014 | + q--; | |
10015 | + r = *p + *q + c; | |
10016 | + /* Carry */ | |
10017 | + if (r > 0xff) | |
10018 | + c = 1; | |
10019 | + else | |
10020 | + c = 0; | |
10021 | + *p = r & 0xff; | |
10022 | + i--; | |
10023 | + } | |
10024 | + | |
10025 | + i = dctx->seedlen - inlen; | |
10026 | + | |
10027 | + /* If not adding whole buffer handle final carries */ | |
10028 | + if (c && i) | |
10029 | + { | |
10030 | + do | |
10031 | + { | |
10032 | + p--; | |
10033 | + c = *p; | |
10034 | + c++; | |
10035 | + *p = c; | |
10036 | + if(c) | |
10037 | + return; | |
10038 | + } while(i--); | |
10039 | + } | |
10040 | + } | |
10041 | + | |
10042 | +/* Finalise and add hash to V */ | |
10043 | + | |
10044 | +static int ctx_add_md(DRBG_CTX *dctx) | |
10045 | + { | |
10046 | + if (!FIPS_digestfinal(&dctx->d.hash.mctx, dctx->d.hash.vtmp, NULL)) | |
10047 | + return 0; | |
10048 | + ctx_add_buf(dctx, dctx->d.hash.V, dctx->d.hash.vtmp, dctx->blocklength); | |
10049 | + return 1; | |
10050 | + } | |
10051 | + | |
10052 | +static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen) | |
10053 | + { | |
10054 | + DRBG_HASH_CTX *hctx = &dctx->d.hash; | |
10055 | + if (outlen == 0) | |
10056 | + return 1; | |
10057 | + memcpy(hctx->vtmp, hctx->V, dctx->seedlen); | |
10058 | + for(;;) | |
10059 | + { | |
10060 | + FIPS_digestinit(&hctx->mctx, hctx->md); | |
10061 | + FIPS_digestupdate(&hctx->mctx, hctx->vtmp, dctx->seedlen); | |
10062 | + if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid) | |
10063 | + { | |
10064 | + FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL); | |
10065 | + dctx->lb_valid = 1; | |
10066 | + } | |
10067 | + else if (outlen < dctx->blocklength) | |
10068 | + { | |
10069 | + FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL); | |
10070 | + if (!fips_drbg_cprng_test(dctx, hctx->vtmp)) | |
10071 | + return 0; | |
10072 | + memcpy(out, hctx->vtmp, outlen); | |
10073 | + return 1; | |
10074 | + } | |
10075 | + else | |
10076 | + { | |
10077 | + FIPS_digestfinal(&hctx->mctx, out, NULL); | |
10078 | + if (!fips_drbg_cprng_test(dctx, out)) | |
10079 | + return 0; | |
10080 | + outlen -= dctx->blocklength; | |
10081 | + if (outlen == 0) | |
10082 | + return 1; | |
10083 | + out += dctx->blocklength; | |
10084 | + } | |
10085 | + ctx_add_buf(dctx, hctx->vtmp, NULL, 0); | |
10086 | + } | |
10087 | + } | |
10088 | + | |
10089 | +static int drbg_hash_instantiate(DRBG_CTX *dctx, | |
10090 | + const unsigned char *ent, size_t ent_len, | |
10091 | + const unsigned char *nonce, size_t nonce_len, | |
10092 | + const unsigned char *pstr, size_t pstr_len) | |
10093 | + { | |
10094 | + DRBG_HASH_CTX *hctx = &dctx->d.hash; | |
10095 | + if (!hash_df(dctx, hctx->V, | |
10096 | + ent, ent_len, nonce, nonce_len, pstr, pstr_len, | |
10097 | + NULL, 0)) | |
10098 | + return 0; | |
10099 | + if (!hash_df(dctx, hctx->C, | |
10100 | + NULL, 0, hctx->V, dctx->seedlen, | |
10101 | + NULL, 0, NULL, 0)) | |
10102 | + return 0; | |
10103 | + | |
10104 | +#ifdef HASH_DRBG_TRACE | |
10105 | + fprintf(stderr, "V+C after instantiate:\n"); | |
10106 | + hexprint(stderr, hctx->V, dctx->seedlen); | |
10107 | + hexprint(stderr, hctx->C, dctx->seedlen); | |
10108 | +#endif | |
10109 | + return 1; | |
10110 | + } | |
10111 | + | |
10112 | + | |
10113 | +static int drbg_hash_reseed(DRBG_CTX *dctx, | |
10114 | + const unsigned char *ent, size_t ent_len, | |
10115 | + const unsigned char *adin, size_t adin_len) | |
10116 | + { | |
10117 | + DRBG_HASH_CTX *hctx = &dctx->d.hash; | |
10118 | + /* V about to be updated so use C as output instead */ | |
10119 | + if (!hash_df(dctx, hctx->C, | |
10120 | + NULL, 1, hctx->V, dctx->seedlen, | |
10121 | + ent, ent_len, adin, adin_len)) | |
10122 | + return 0; | |
10123 | + memcpy(hctx->V, hctx->C, dctx->seedlen); | |
10124 | + if (!hash_df(dctx, hctx->C, NULL, 0, | |
10125 | + hctx->V, dctx->seedlen, NULL, 0, NULL, 0)) | |
10126 | + return 0; | |
10127 | +#ifdef HASH_DRBG_TRACE | |
10128 | + fprintf(stderr, "V+C after reseed:\n"); | |
10129 | + hexprint(stderr, hctx->V, dctx->seedlen); | |
10130 | + hexprint(stderr, hctx->C, dctx->seedlen); | |
10131 | +#endif | |
10132 | + return 1; | |
10133 | + } | |
10134 | + | |
10135 | +static int drbg_hash_generate(DRBG_CTX *dctx, | |
10136 | + unsigned char *out, size_t outlen, | |
10137 | + const unsigned char *adin, size_t adin_len) | |
10138 | + { | |
10139 | + DRBG_HASH_CTX *hctx = &dctx->d.hash; | |
10140 | + EVP_MD_CTX *mctx = &hctx->mctx; | |
10141 | + unsigned char tmp[4]; | |
10142 | + if (adin && adin_len) | |
10143 | + { | |
10144 | + tmp[0] = 2; | |
10145 | + if (!FIPS_digestinit(mctx, hctx->md)) | |
10146 | + return 0; | |
10147 | + if (!EVP_DigestUpdate(mctx, tmp, 1)) | |
10148 | + return 0; | |
10149 | + if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen)) | |
10150 | + return 0; | |
10151 | + if (!EVP_DigestUpdate(mctx, adin, adin_len)) | |
10152 | + return 0; | |
10153 | + if (!ctx_add_md(dctx)) | |
10154 | + return 0; | |
10155 | + } | |
10156 | + if (!hash_gen(dctx, out, outlen)) | |
10157 | + return 0; | |
10158 | + | |
10159 | + tmp[0] = 3; | |
10160 | + if (!FIPS_digestinit(mctx, hctx->md)) | |
10161 | + return 0; | |
10162 | + if (!EVP_DigestUpdate(mctx, tmp, 1)) | |
10163 | + return 0; | |
10164 | + if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen)) | |
10165 | + return 0; | |
10166 | + | |
10167 | + if (!ctx_add_md(dctx)) | |
10168 | + return 0; | |
10169 | + | |
10170 | + ctx_add_buf(dctx, hctx->V, hctx->C, dctx->seedlen); | |
10171 | + | |
10172 | + tmp[0] = (dctx->reseed_counter >> 24) & 0xff; | |
10173 | + tmp[1] = (dctx->reseed_counter >> 16) & 0xff; | |
10174 | + tmp[2] = (dctx->reseed_counter >> 8) & 0xff; | |
10175 | + tmp[3] = dctx->reseed_counter & 0xff; | |
10176 | + ctx_add_buf(dctx, hctx->V, tmp, 4); | |
10177 | +#ifdef HASH_DRBG_TRACE | |
10178 | + fprintf(stderr, "V+C after generate:\n"); | |
10179 | + hexprint(stderr, hctx->V, dctx->seedlen); | |
10180 | + hexprint(stderr, hctx->C, dctx->seedlen); | |
10181 | +#endif | |
10182 | + return 1; | |
10183 | + } | |
10184 | + | |
10185 | +static int drbg_hash_uninstantiate(DRBG_CTX *dctx) | |
10186 | + { | |
10187 | + EVP_MD_CTX_cleanup(&dctx->d.hash.mctx); | |
10188 | + OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX)); | |
10189 | + return 1; | |
10190 | + } | |
10191 | + | |
10192 | +int fips_drbg_hash_init(DRBG_CTX *dctx) | |
10193 | + { | |
10194 | + const EVP_MD *md; | |
10195 | + DRBG_HASH_CTX *hctx = &dctx->d.hash; | |
10196 | + md = FIPS_get_digestbynid(dctx->type); | |
10197 | + if (!md) | |
10198 | + return -2; | |
10199 | + switch (dctx->type) | |
10200 | + { | |
10201 | + case NID_sha1: | |
10202 | + dctx->strength = 128; | |
10203 | + break; | |
10204 | + | |
10205 | + case NID_sha224: | |
10206 | + dctx->strength = 192; | |
10207 | + break; | |
10208 | + | |
10209 | + default: | |
10210 | + dctx->strength = 256; | |
10211 | + break; | |
10212 | + } | |
10213 | + | |
10214 | + dctx->instantiate = drbg_hash_instantiate; | |
10215 | + dctx->reseed = drbg_hash_reseed; | |
10216 | + dctx->generate = drbg_hash_generate; | |
10217 | + dctx->uninstantiate = drbg_hash_uninstantiate; | |
10218 | + | |
10219 | + dctx->d.hash.md = md; | |
10220 | + EVP_MD_CTX_init(&hctx->mctx); | |
10221 | + | |
10222 | + /* These are taken from SP 800-90 10.1 table 2 */ | |
10223 | + | |
10224 | + dctx->blocklength = M_EVP_MD_size(md); | |
10225 | + if (dctx->blocklength > 32) | |
10226 | + dctx->seedlen = 111; | |
10227 | + else | |
10228 | + dctx->seedlen = 55; | |
10229 | + | |
10230 | + | |
10231 | + dctx->min_entropy = dctx->strength / 8; | |
10232 | + dctx->max_entropy = DRBG_MAX_LENGTH; | |
10233 | + | |
10234 | + dctx->min_nonce = dctx->min_entropy / 2; | |
10235 | + dctx->max_nonce = DRBG_MAX_LENGTH; | |
10236 | + | |
10237 | + dctx->max_pers = DRBG_MAX_LENGTH; | |
10238 | + dctx->max_adin = DRBG_MAX_LENGTH; | |
10239 | + | |
10240 | + dctx->max_request = 1<<16; | |
10241 | + dctx->reseed_interval = 1<<24; | |
10242 | + | |
10243 | + return 1; | |
10244 | + } | |
a7ff9508 MT |
10245 | diff -up openssl-1.0.1b/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_hmac.c |
10246 | --- openssl-1.0.1b/crypto/fips/fips_drbg_hmac.c.fips 2012-04-26 18:00:51.402769343 +0200 | |
10247 | +++ openssl-1.0.1b/crypto/fips/fips_drbg_hmac.c 2012-04-26 18:00:51.402769343 +0200 | |
0595faf5 MT |
10248 | @@ -0,0 +1,281 @@ |
10249 | +/* fips/rand/fips_drbg_hmac.c */ | |
10250 | +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
10251 | + * project. | |
10252 | + */ | |
10253 | +/* ==================================================================== | |
10254 | + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | |
10255 | + * | |
10256 | + * Redistribution and use in source and binary forms, with or without | |
10257 | + * modification, are permitted provided that the following conditions | |
10258 | + * are met: | |
10259 | + * | |
10260 | + * 1. Redistributions of source code must retain the above copyright | |
10261 | + * notice, this list of conditions and the following disclaimer. | |
10262 | + * | |
10263 | + * 2. Redistributions in binary form must reproduce the above copyright | |
10264 | + * notice, this list of conditions and the following disclaimer in | |
10265 | + * the documentation and/or other materials provided with the | |
10266 | + * distribution. | |
10267 | + * | |
10268 | + * 3. All advertising materials mentioning features or use of this | |
10269 | + * software must display the following acknowledgment: | |
10270 | + * "This product includes software developed by the OpenSSL Project | |
10271 | + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
10272 | + * | |
10273 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
10274 | + * endorse or promote products derived from this software without | |
10275 | + * prior written permission. For written permission, please contact | |
10276 | + * licensing@OpenSSL.org. | |
10277 | + * | |
10278 | + * 5. Products derived from this software may not be called "OpenSSL" | |
10279 | + * nor may "OpenSSL" appear in their names without prior written | |
10280 | + * permission of the OpenSSL Project. | |
10281 | + * | |
10282 | + * 6. Redistributions of any form whatsoever must retain the following | |
10283 | + * acknowledgment: | |
10284 | + * "This product includes software developed by the OpenSSL Project | |
10285 | + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
10286 | + * | |
10287 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
10288 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
10289 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
10290 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
10291 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
10292 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
10293 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
10294 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
10295 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
10296 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
10297 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
10298 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
10299 | + * ==================================================================== | |
10300 | + */ | |
10301 | + | |
10302 | +#include <stdlib.h> | |
10303 | +#include <string.h> | |
10304 | +#include <openssl/crypto.h> | |
10305 | +#include <openssl/evp.h> | |
10306 | +#include <openssl/hmac.h> | |
10307 | +#include <openssl/aes.h> | |
10308 | +#include <openssl/fips.h> | |
10309 | +#include <openssl/fips_rand.h> | |
10310 | +#include "fips_rand_lcl.h" | |
10311 | + | |
10312 | +static int drbg_hmac_update(DRBG_CTX *dctx, | |
10313 | + const unsigned char *in1, size_t in1len, | |
10314 | + const unsigned char *in2, size_t in2len, | |
10315 | + const unsigned char *in3, size_t in3len | |
10316 | + ) | |
10317 | + { | |
10318 | + static unsigned char c0 = 0, c1 = 1; | |
10319 | + DRBG_HMAC_CTX *hmac = &dctx->d.hmac; | |
10320 | + HMAC_CTX *hctx = &hmac->hctx; | |
10321 | + | |
10322 | + if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL)) | |
10323 | + return 0; | |
10324 | + if (!HMAC_Update(hctx, hmac->V, dctx->blocklength)) | |
10325 | + return 0; | |
10326 | + if (!HMAC_Update(hctx, &c0, 1)) | |
10327 | + return 0; | |
10328 | + if (in1len && !HMAC_Update(hctx, in1, in1len)) | |
10329 | + return 0; | |
10330 | + if (in2len && !HMAC_Update(hctx, in2, in2len)) | |
10331 | + return 0; | |
10332 | + if (in3len && !HMAC_Update(hctx, in3, in3len)) | |
10333 | + return 0; | |
10334 | + | |
10335 | + if (!HMAC_Final(hctx, hmac->K, NULL)) | |
10336 | + return 0; | |
10337 | + | |
10338 | + if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL)) | |
10339 | + return 0; | |
10340 | + if (!HMAC_Update(hctx, hmac->V, dctx->blocklength)) | |
10341 | + return 0; | |
10342 | + | |
10343 | + if (!HMAC_Final(hctx, hmac->V, NULL)) | |
10344 | + return 0; | |
10345 | + | |
10346 | + if (!in1len && !in2len && !in3len) | |
10347 | + return 1; | |
10348 | + | |
10349 | + if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL)) | |
10350 | + return 0; | |
10351 | + if (!HMAC_Update(hctx, hmac->V, dctx->blocklength)) | |
10352 | + return 0; | |
10353 | + if (!HMAC_Update(hctx, &c1, 1)) | |
10354 | + return 0; | |
10355 | + if (in1len && !HMAC_Update(hctx, in1, in1len)) | |
10356 | + return 0; | |
10357 | + if (in2len && !HMAC_Update(hctx, in2, in2len)) | |
10358 | + return 0; | |
10359 | + if (in3len && !HMAC_Update(hctx, in3, in3len)) | |
10360 | + return 0; | |
10361 | + | |
10362 | + if (!HMAC_Final(hctx, hmac->K, NULL)) | |
10363 | + return 0; | |
10364 | + | |
10365 | + if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL)) | |
10366 | + return 0; | |
10367 | + if (!HMAC_Update(hctx, hmac->V, dctx->blocklength)) | |
10368 | + return 0; | |
10369 | + | |
10370 | + if (!HMAC_Final(hctx, hmac->V, NULL)) | |
10371 | + return 0; | |
10372 | + | |
10373 | + return 1; | |
10374 | + | |
10375 | + } | |
10376 | + | |
10377 | +static int drbg_hmac_instantiate(DRBG_CTX *dctx, | |
10378 | + const unsigned char *ent, size_t ent_len, | |
10379 | + const unsigned char *nonce, size_t nonce_len, | |
10380 | + const unsigned char *pstr, size_t pstr_len) | |
10381 | + { | |
10382 | + DRBG_HMAC_CTX *hmac = &dctx->d.hmac; | |
10383 | + memset(hmac->K, 0, dctx->blocklength); | |
10384 | + memset(hmac->V, 1, dctx->blocklength); | |
10385 | + if (!drbg_hmac_update(dctx, | |
10386 | + ent, ent_len, nonce, nonce_len, pstr, pstr_len)) | |
10387 | + return 0; | |
10388 | + | |
10389 | +#ifdef HMAC_DRBG_TRACE | |
10390 | + fprintf(stderr, "K+V after instantiate:\n"); | |
10391 | + hexprint(stderr, hmac->K, hmac->blocklength); | |
10392 | + hexprint(stderr, hmac->V, hmac->blocklength); | |
10393 | +#endif | |
10394 | + return 1; | |
10395 | + } | |
10396 | + | |
10397 | +static int drbg_hmac_reseed(DRBG_CTX *dctx, | |
10398 | + const unsigned char *ent, size_t ent_len, | |
10399 | + const unsigned char *adin, size_t adin_len) | |
10400 | + { | |
10401 | + if (!drbg_hmac_update(dctx, | |
10402 | + ent, ent_len, adin, adin_len, NULL, 0)) | |
10403 | + return 0; | |
10404 | + | |
10405 | +#ifdef HMAC_DRBG_TRACE | |
10406 | + { | |
10407 | + DRBG_HMAC_CTX *hmac = &dctx->d.hmac; | |
10408 | + fprintf(stderr, "K+V after reseed:\n"); | |
10409 | + hexprint(stderr, hmac->K, hmac->blocklength); | |
10410 | + hexprint(stderr, hmac->V, hmac->blocklength); | |
10411 | + } | |
10412 | +#endif | |
10413 | + return 1; | |
10414 | + } | |
10415 | + | |
10416 | +static int drbg_hmac_generate(DRBG_CTX *dctx, | |
10417 | + unsigned char *out, size_t outlen, | |
10418 | + const unsigned char *adin, size_t adin_len) | |
10419 | + { | |
10420 | + DRBG_HMAC_CTX *hmac = &dctx->d.hmac; | |
10421 | + HMAC_CTX *hctx = &hmac->hctx; | |
10422 | + const unsigned char *Vtmp = hmac->V; | |
10423 | + if (adin_len && !drbg_hmac_update(dctx, adin, adin_len, | |
10424 | + NULL, 0, NULL, 0)) | |
10425 | + return 0; | |
10426 | + for (;;) | |
10427 | + { | |
10428 | + if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, | |
10429 | + hmac->md, NULL)) | |
10430 | + return 0; | |
10431 | + if (!HMAC_Update(hctx, Vtmp, dctx->blocklength)) | |
10432 | + return 0; | |
10433 | + if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid) | |
10434 | + { | |
10435 | + if (!HMAC_Final(hctx, dctx->lb, NULL)) | |
10436 | + return 0; | |
10437 | + dctx->lb_valid = 1; | |
10438 | + Vtmp = dctx->lb; | |
10439 | + continue; | |
10440 | + } | |
10441 | + else if (outlen > dctx->blocklength) | |
10442 | + { | |
10443 | + if (!HMAC_Final(hctx, out, NULL)) | |
10444 | + return 0; | |
10445 | + if (!fips_drbg_cprng_test(dctx, out)) | |
10446 | + return 0; | |
10447 | + Vtmp = out; | |
10448 | + } | |
10449 | + else | |
10450 | + { | |
10451 | + if (!HMAC_Final(hctx, hmac->V, NULL)) | |
10452 | + return 0; | |
10453 | + if (!fips_drbg_cprng_test(dctx, hmac->V)) | |
10454 | + return 0; | |
10455 | + memcpy(out, hmac->V, outlen); | |
10456 | + break; | |
10457 | + } | |
10458 | + out += dctx->blocklength; | |
10459 | + outlen -= dctx->blocklength; | |
10460 | + } | |
10461 | + if (!drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0)) | |
10462 | + return 0; | |
10463 | + | |
10464 | + return 1; | |
10465 | + } | |
10466 | + | |
10467 | +static int drbg_hmac_uninstantiate(DRBG_CTX *dctx) | |
10468 | + { | |
10469 | + HMAC_CTX_cleanup(&dctx->d.hmac.hctx); | |
10470 | + OPENSSL_cleanse(&dctx->d.hmac, sizeof(DRBG_HMAC_CTX)); | |
10471 | + return 1; | |
10472 | + } | |
10473 | + | |
10474 | +int fips_drbg_hmac_init(DRBG_CTX *dctx) | |
10475 | + { | |
10476 | + const EVP_MD *md = NULL; | |
10477 | + DRBG_HMAC_CTX *hctx = &dctx->d.hmac; | |
10478 | + dctx->strength = 256; | |
10479 | + switch (dctx->type) | |
10480 | + { | |
10481 | + case NID_hmacWithSHA1: | |
10482 | + md = EVP_sha1(); | |
10483 | + dctx->strength = 128; | |
10484 | + break; | |
10485 | + | |
10486 | + case NID_hmacWithSHA224: | |
10487 | + md = EVP_sha224(); | |
10488 | + dctx->strength = 192; | |
10489 | + break; | |
10490 | + | |
10491 | + case NID_hmacWithSHA256: | |
10492 | + md = EVP_sha256(); | |
10493 | + break; | |
10494 | + | |
10495 | + case NID_hmacWithSHA384: | |
10496 | + md = EVP_sha384(); | |
10497 | + break; | |
10498 | + | |
10499 | + case NID_hmacWithSHA512: | |
10500 | + md = EVP_sha512(); | |
10501 | + break; | |
10502 | + | |
10503 | + default: | |
10504 | + dctx->strength = 0; | |
10505 | + return -2; | |
10506 | + } | |
10507 | + dctx->instantiate = drbg_hmac_instantiate; | |
10508 | + dctx->reseed = drbg_hmac_reseed; | |
10509 | + dctx->generate = drbg_hmac_generate; | |
10510 | + dctx->uninstantiate = drbg_hmac_uninstantiate; | |
10511 | + HMAC_CTX_init(&hctx->hctx); | |
10512 | + hctx->md = md; | |
10513 | + dctx->blocklength = M_EVP_MD_size(md); | |
10514 | + dctx->seedlen = M_EVP_MD_size(md); | |
10515 | + | |
10516 | + dctx->min_entropy = dctx->strength / 8; | |
10517 | + dctx->max_entropy = DRBG_MAX_LENGTH; | |
10518 | + | |
10519 | + dctx->min_nonce = dctx->min_entropy / 2; | |
10520 | + dctx->max_nonce = DRBG_MAX_LENGTH; | |
10521 | + | |
10522 | + dctx->max_pers = DRBG_MAX_LENGTH; | |
10523 | + dctx->max_adin = DRBG_MAX_LENGTH; | |
10524 | + | |
10525 | + dctx->max_request = 1<<16; | |
10526 | + dctx->reseed_interval = 1<<24; | |
10527 | + | |
10528 | + return 1; | |
10529 | + } | |
a7ff9508 MT |
10530 | diff -up openssl-1.0.1b/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_lib.c |
10531 | --- openssl-1.0.1b/crypto/fips/fips_drbg_lib.c.fips 2012-04-26 18:00:51.402769343 +0200 | |
10532 | +++ openssl-1.0.1b/crypto/fips/fips_drbg_lib.c 2012-04-26 18:00:51.402769343 +0200 | |
10533 | @@ -0,0 +1,578 @@ | |
0595faf5 MT |
10534 | +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
10535 | + * project. | |
10536 | + */ | |
10537 | +/* ==================================================================== | |
10538 | + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | |
10539 | + * | |
10540 | + * Redistribution and use in source and binary forms, with or without | |
10541 | + * modification, are permitted provided that the following conditions | |
10542 | + * are met: | |
10543 | + * | |
10544 | + * 1. Redistributions of source code must retain the above copyright | |
10545 | + * notice, this list of conditions and the following disclaimer. | |
10546 | + * | |
10547 | + * 2. Redistributions in binary form must reproduce the above copyright | |
10548 | + * notice, this list of conditions and the following disclaimer in | |
10549 | + * the documentation and/or other materials provided with the | |
10550 | + * distribution. | |
10551 | + * | |
10552 | + * 3. All advertising materials mentioning features or use of this | |
10553 | + * software must display the following acknowledgment: | |
10554 | + * "This product includes software developed by the OpenSSL Project | |
10555 | + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
10556 | + * | |
10557 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
10558 | + * endorse or promote products derived from this software without | |
10559 | + * prior written permission. For written permission, please contact | |
10560 | + * licensing@OpenSSL.org. | |
10561 | + * | |
10562 | + * 5. Products derived from this software may not be called "OpenSSL" | |
10563 | + * nor may "OpenSSL" appear in their names without prior written | |
10564 | + * permission of the OpenSSL Project. | |
10565 | + * | |
10566 | + * 6. Redistributions of any form whatsoever must retain the following | |
10567 | + * acknowledgment: | |
10568 | + * "This product includes software developed by the OpenSSL Project | |
10569 | + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
10570 | + * | |
10571 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
10572 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
10573 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
10574 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
10575 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
10576 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
10577 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
10578 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
10579 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
10580 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
10581 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
10582 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
10583 | + * ==================================================================== | |
10584 | + */ | |
10585 | + | |
10586 | +#include <string.h> | |
10587 | +#include <openssl/crypto.h> | |
10588 | +#include <openssl/err.h> | |
10589 | +#include <openssl/fips_rand.h> | |
10590 | +#include "fips_locl.h" | |
10591 | +#include "fips_rand_lcl.h" | |
10592 | + | |
10593 | +/* Support framework for SP800-90 DRBGs */ | |
10594 | + | |
10595 | +int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags) | |
10596 | + { | |
10597 | + int rv; | |
10598 | + memset(dctx, 0, sizeof(DRBG_CTX)); | |
10599 | + dctx->status = DRBG_STATUS_UNINITIALISED; | |
10600 | + dctx->xflags = flags; | |
10601 | + dctx->type = type; | |
10602 | + | |
10603 | + dctx->iflags = 0; | |
10604 | + dctx->entropy_blocklen = 0; | |
10605 | + dctx->health_check_cnt = 0; | |
10606 | + dctx->health_check_interval = DRBG_HEALTH_INTERVAL; | |
10607 | + | |
10608 | + rv = fips_drbg_hash_init(dctx); | |
10609 | + | |
10610 | + if (rv == -2) | |
10611 | + rv = fips_drbg_ctr_init(dctx); | |
10612 | + if (rv == -2) | |
10613 | + rv = fips_drbg_hmac_init(dctx); | |
10614 | + | |
10615 | + if (rv <= 0) | |
10616 | + { | |
10617 | + if (rv == -2) | |
10618 | + FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_UNSUPPORTED_DRBG_TYPE); | |
10619 | + else | |
10620 | + FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_ERROR_INITIALISING_DRBG); | |
10621 | + } | |
10622 | + | |
10623 | + /* If not in test mode run selftests on DRBG of the same type */ | |
10624 | + | |
10625 | + if (!(dctx->xflags & DRBG_FLAG_TEST)) | |
10626 | + { | |
10627 | + if (!FIPS_drbg_health_check(dctx)) | |
10628 | + { | |
10629 | + FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE); | |
10630 | + return 0; | |
10631 | + } | |
10632 | + } | |
10633 | + | |
10634 | + return rv; | |
10635 | + } | |
10636 | + | |
10637 | +DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags) | |
10638 | + { | |
10639 | + DRBG_CTX *dctx; | |
10640 | + dctx = OPENSSL_malloc(sizeof(DRBG_CTX)); | |
10641 | + if (!dctx) | |
10642 | + { | |
10643 | + FIPSerr(FIPS_F_FIPS_DRBG_NEW, ERR_R_MALLOC_FAILURE); | |
10644 | + return NULL; | |
10645 | + } | |
10646 | + | |
10647 | + if (type == 0) | |
10648 | + { | |
10649 | + memset(dctx, 0, sizeof(DRBG_CTX)); | |
10650 | + dctx->type = 0; | |
10651 | + dctx->status = DRBG_STATUS_UNINITIALISED; | |
10652 | + return dctx; | |
10653 | + } | |
10654 | + | |
10655 | + if (FIPS_drbg_init(dctx, type, flags) <= 0) | |
10656 | + { | |
10657 | + OPENSSL_free(dctx); | |
10658 | + return NULL; | |
10659 | + } | |
10660 | + | |
10661 | + return dctx; | |
10662 | + } | |
10663 | + | |
10664 | +void FIPS_drbg_free(DRBG_CTX *dctx) | |
10665 | + { | |
10666 | + if (dctx->uninstantiate) | |
10667 | + dctx->uninstantiate(dctx); | |
10668 | + /* Don't free up default DRBG */ | |
10669 | + if (dctx == FIPS_get_default_drbg()) | |
10670 | + { | |
10671 | + memset(dctx, 0, sizeof(DRBG_CTX)); | |
10672 | + dctx->type = 0; | |
10673 | + dctx->status = DRBG_STATUS_UNINITIALISED; | |
10674 | + } | |
10675 | + else | |
10676 | + { | |
10677 | + OPENSSL_cleanse(&dctx->d, sizeof(dctx->d)); | |
10678 | + OPENSSL_free(dctx); | |
10679 | + } | |
10680 | + } | |
10681 | + | |
10682 | +static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout, | |
10683 | + int entropy, size_t min_len, size_t max_len) | |
10684 | + { | |
10685 | + unsigned char *tout, *p; | |
10686 | + size_t bl = dctx->entropy_blocklen, rv; | |
10687 | + if (!dctx->get_entropy) | |
10688 | + return 0; | |
10689 | + if (dctx->xflags & DRBG_FLAG_TEST || !bl) | |
10690 | + return dctx->get_entropy(dctx, pout, entropy, min_len, max_len); | |
10691 | + rv = dctx->get_entropy(dctx, &tout, entropy + bl, | |
10692 | + min_len + bl, max_len + bl); | |
a7ff9508 MT |
10693 | + if (tout == NULL) |
10694 | + return 0; | |
0595faf5 MT |
10695 | + *pout = tout + bl; |
10696 | + if (rv < (min_len + bl) || (rv % bl)) | |
10697 | + return 0; | |
10698 | + /* Compare consecutive blocks for continuous PRNG test */ | |
10699 | + for (p = tout; p < tout + rv - bl; p += bl) | |
10700 | + { | |
10701 | + if (!memcmp(p, p + bl, bl)) | |
10702 | + { | |
10703 | + FIPSerr(FIPS_F_FIPS_GET_ENTROPY, FIPS_R_ENTROPY_SOURCE_STUCK); | |
10704 | + return 0; | |
10705 | + } | |
10706 | + } | |
10707 | + rv -= bl; | |
10708 | + if (rv > max_len) | |
10709 | + return max_len; | |
10710 | + return rv; | |
10711 | + } | |
10712 | + | |
10713 | +static void fips_cleanup_entropy(DRBG_CTX *dctx, | |
10714 | + unsigned char *out, size_t olen) | |
10715 | + { | |
10716 | + size_t bl; | |
10717 | + if (dctx->xflags & DRBG_FLAG_TEST) | |
10718 | + bl = 0; | |
10719 | + else | |
10720 | + bl = dctx->entropy_blocklen; | |
10721 | + /* Call cleanup with original arguments */ | |
10722 | + dctx->cleanup_entropy(dctx, out - bl, olen + bl); | |
10723 | + } | |
10724 | + | |
10725 | + | |
10726 | +int FIPS_drbg_instantiate(DRBG_CTX *dctx, | |
10727 | + const unsigned char *pers, size_t perslen) | |
10728 | + { | |
10729 | + size_t entlen = 0, noncelen = 0; | |
10730 | + unsigned char *nonce = NULL, *entropy = NULL; | |
10731 | + | |
10732 | +#if 0 | |
10733 | + /* Put here so error script picks them up */ | |
10734 | + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, | |
10735 | + FIPS_R_PERSONALISATION_STRING_TOO_LONG); | |
10736 | + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_IN_ERROR_STATE); | |
10737 | + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ALREADY_INSTANTIATED); | |
10738 | + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY); | |
10739 | + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE); | |
10740 | + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR); | |
10741 | + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED); | |
10742 | +#endif | |
10743 | + | |
10744 | + int r = 0; | |
10745 | + | |
10746 | + if (perslen > dctx->max_pers) | |
10747 | + { | |
10748 | + r = FIPS_R_PERSONALISATION_STRING_TOO_LONG; | |
10749 | + goto end; | |
10750 | + } | |
10751 | + | |
10752 | + if (!dctx->instantiate) | |
10753 | + { | |
10754 | + r = FIPS_R_DRBG_NOT_INITIALISED; | |
10755 | + goto end; | |
10756 | + } | |
10757 | + | |
10758 | + if (dctx->status != DRBG_STATUS_UNINITIALISED) | |
10759 | + { | |
10760 | + if (dctx->status == DRBG_STATUS_ERROR) | |
10761 | + r = FIPS_R_IN_ERROR_STATE; | |
10762 | + else | |
10763 | + r = FIPS_R_ALREADY_INSTANTIATED; | |
10764 | + goto end; | |
10765 | + } | |
10766 | + | |
10767 | + dctx->status = DRBG_STATUS_ERROR; | |
10768 | + | |
10769 | + entlen = fips_get_entropy(dctx, &entropy, dctx->strength, | |
10770 | + dctx->min_entropy, dctx->max_entropy); | |
10771 | + | |
10772 | + if (entlen < dctx->min_entropy || entlen > dctx->max_entropy) | |
10773 | + { | |
10774 | + r = FIPS_R_ERROR_RETRIEVING_ENTROPY; | |
10775 | + goto end; | |
10776 | + } | |
10777 | + | |
10778 | + if (dctx->max_nonce > 0 && dctx->get_nonce) | |
10779 | + { | |
10780 | + noncelen = dctx->get_nonce(dctx, &nonce, | |
10781 | + dctx->strength / 2, | |
10782 | + dctx->min_nonce, dctx->max_nonce); | |
10783 | + | |
10784 | + if (noncelen < dctx->min_nonce || noncelen > dctx->max_nonce) | |
10785 | + { | |
10786 | + r = FIPS_R_ERROR_RETRIEVING_NONCE; | |
10787 | + goto end; | |
10788 | + } | |
10789 | + | |
10790 | + } | |
10791 | + | |
10792 | + if (!dctx->instantiate(dctx, | |
10793 | + entropy, entlen, | |
10794 | + nonce, noncelen, | |
10795 | + pers, perslen)) | |
10796 | + { | |
10797 | + r = FIPS_R_ERROR_INSTANTIATING_DRBG; | |
10798 | + goto end; | |
10799 | + } | |
10800 | + | |
10801 | + | |
10802 | + dctx->status = DRBG_STATUS_READY; | |
10803 | + if (!(dctx->iflags & DRBG_CUSTOM_RESEED)) | |
10804 | + dctx->reseed_counter = 1; | |
10805 | + | |
10806 | + end: | |
10807 | + | |
10808 | + if (entropy && dctx->cleanup_entropy) | |
10809 | + fips_cleanup_entropy(dctx, entropy, entlen); | |
10810 | + | |
10811 | + if (nonce && dctx->cleanup_nonce) | |
10812 | + dctx->cleanup_nonce(dctx, nonce, noncelen); | |
10813 | + | |
10814 | + if (dctx->status == DRBG_STATUS_READY) | |
10815 | + return 1; | |
10816 | + | |
10817 | + if (r && !(dctx->iflags & DRBG_FLAG_NOERR)) | |
10818 | + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, r); | |
10819 | + | |
10820 | + return 0; | |
10821 | + | |
10822 | + } | |
10823 | + | |
10824 | +static int drbg_reseed(DRBG_CTX *dctx, | |
10825 | + const unsigned char *adin, size_t adinlen, int hcheck) | |
10826 | + { | |
10827 | + unsigned char *entropy = NULL; | |
10828 | + size_t entlen = 0; | |
10829 | + int r = 0; | |
10830 | + | |
10831 | +#if 0 | |
10832 | + FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_NOT_INSTANTIATED); | |
10833 | + FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG); | |
10834 | +#endif | |
10835 | + if (dctx->status != DRBG_STATUS_READY | |
10836 | + && dctx->status != DRBG_STATUS_RESEED) | |
10837 | + { | |
10838 | + if (dctx->status == DRBG_STATUS_ERROR) | |
10839 | + r = FIPS_R_IN_ERROR_STATE; | |
10840 | + else if(dctx->status == DRBG_STATUS_UNINITIALISED) | |
10841 | + r = FIPS_R_NOT_INSTANTIATED; | |
10842 | + goto end; | |
10843 | + } | |
10844 | + | |
10845 | + if (!adin) | |
10846 | + adinlen = 0; | |
10847 | + else if (adinlen > dctx->max_adin) | |
10848 | + { | |
10849 | + r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG; | |
10850 | + goto end; | |
10851 | + } | |
10852 | + | |
10853 | + dctx->status = DRBG_STATUS_ERROR; | |
10854 | + /* Peform health check on all reseed operations if not a prediction | |
10855 | + * resistance request and not in test mode. | |
10856 | + */ | |
10857 | + if (hcheck && !(dctx->xflags & DRBG_FLAG_TEST)) | |
10858 | + { | |
10859 | + if (!FIPS_drbg_health_check(dctx)) | |
10860 | + { | |
10861 | + r = FIPS_R_SELFTEST_FAILURE; | |
10862 | + goto end; | |
10863 | + } | |
10864 | + } | |
10865 | + | |
10866 | + entlen = fips_get_entropy(dctx, &entropy, dctx->strength, | |
10867 | + dctx->min_entropy, dctx->max_entropy); | |
10868 | + | |
10869 | + if (entlen < dctx->min_entropy || entlen > dctx->max_entropy) | |
10870 | + { | |
10871 | + r = FIPS_R_ERROR_RETRIEVING_ENTROPY; | |
10872 | + goto end; | |
10873 | + } | |
10874 | + | |
10875 | + if (!dctx->reseed(dctx, entropy, entlen, adin, adinlen)) | |
10876 | + goto end; | |
10877 | + | |
10878 | + dctx->status = DRBG_STATUS_READY; | |
10879 | + if (!(dctx->iflags & DRBG_CUSTOM_RESEED)) | |
10880 | + dctx->reseed_counter = 1; | |
10881 | + end: | |
10882 | + | |
10883 | + if (entropy && dctx->cleanup_entropy) | |
10884 | + fips_cleanup_entropy(dctx, entropy, entlen); | |
10885 | + | |
10886 | + if (dctx->status == DRBG_STATUS_READY) | |
10887 | + return 1; | |
10888 | + | |
10889 | + if (r && !(dctx->iflags & DRBG_FLAG_NOERR)) | |
10890 | + FIPSerr(FIPS_F_DRBG_RESEED, r); | |
10891 | + | |
10892 | + return 0; | |
10893 | + } | |
10894 | + | |
10895 | +int FIPS_drbg_reseed(DRBG_CTX *dctx, | |
10896 | + const unsigned char *adin, size_t adinlen) | |
10897 | + { | |
10898 | + return drbg_reseed(dctx, adin, adinlen, 1); | |
10899 | + } | |
10900 | + | |
10901 | +static int fips_drbg_check(DRBG_CTX *dctx) | |
10902 | + { | |
10903 | + if (dctx->xflags & DRBG_FLAG_TEST) | |
10904 | + return 1; | |
10905 | + dctx->health_check_cnt++; | |
10906 | + if (dctx->health_check_cnt >= dctx->health_check_interval) | |
10907 | + { | |
10908 | + if (!FIPS_drbg_health_check(dctx)) | |
10909 | + { | |
10910 | + FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE); | |
10911 | + return 0; | |
10912 | + } | |
10913 | + } | |
10914 | + return 1; | |
10915 | + } | |
10916 | + | |
10917 | +int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, | |
10918 | + int prediction_resistance, | |
10919 | + const unsigned char *adin, size_t adinlen) | |
10920 | + { | |
10921 | + int r = 0; | |
10922 | + | |
10923 | + if (FIPS_selftest_failed()) | |
10924 | + { | |
10925 | + FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED); | |
10926 | + return 0; | |
10927 | + } | |
10928 | + | |
10929 | + if (!fips_drbg_check(dctx)) | |
10930 | + return 0; | |
10931 | + | |
10932 | + if (dctx->status != DRBG_STATUS_READY | |
10933 | + && dctx->status != DRBG_STATUS_RESEED) | |
10934 | + { | |
10935 | + if (dctx->status == DRBG_STATUS_ERROR) | |
10936 | + r = FIPS_R_IN_ERROR_STATE; | |
10937 | + else if(dctx->status == DRBG_STATUS_UNINITIALISED) | |
10938 | + r = FIPS_R_NOT_INSTANTIATED; | |
10939 | + goto end; | |
10940 | + } | |
10941 | + | |
10942 | + if (outlen > dctx->max_request) | |
10943 | + { | |
10944 | + r = FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG; | |
10945 | + return 0; | |
10946 | + } | |
10947 | + | |
10948 | + if (adinlen > dctx->max_adin) | |
10949 | + { | |
10950 | + r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG; | |
10951 | + goto end; | |
10952 | + } | |
10953 | + | |
10954 | + if (dctx->iflags & DRBG_CUSTOM_RESEED) | |
10955 | + dctx->generate(dctx, NULL, outlen, NULL, 0); | |
10956 | + else if (dctx->reseed_counter >= dctx->reseed_interval) | |
10957 | + dctx->status = DRBG_STATUS_RESEED; | |
10958 | + | |
10959 | + if (dctx->status == DRBG_STATUS_RESEED || prediction_resistance) | |
10960 | + { | |
10961 | + /* If prediction resistance request don't do health check */ | |
10962 | + int hcheck = prediction_resistance ? 0 : 1; | |
10963 | + | |
10964 | + if (!drbg_reseed(dctx, adin, adinlen, hcheck)) | |
10965 | + { | |
10966 | + r = FIPS_R_RESEED_ERROR; | |
10967 | + goto end; | |
10968 | + } | |
10969 | + adin = NULL; | |
10970 | + adinlen = 0; | |
10971 | + } | |
10972 | + | |
10973 | + if (!dctx->generate(dctx, out, outlen, adin, adinlen)) | |
10974 | + { | |
10975 | + r = FIPS_R_GENERATE_ERROR; | |
10976 | + dctx->status = DRBG_STATUS_ERROR; | |
10977 | + goto end; | |
10978 | + } | |
10979 | + if (!(dctx->iflags & DRBG_CUSTOM_RESEED)) | |
10980 | + { | |
10981 | + if (dctx->reseed_counter >= dctx->reseed_interval) | |
10982 | + dctx->status = DRBG_STATUS_RESEED; | |
10983 | + else | |
10984 | + dctx->reseed_counter++; | |
10985 | + } | |
10986 | + | |
10987 | + end: | |
10988 | + if (r) | |
10989 | + { | |
10990 | + if (!(dctx->iflags & DRBG_FLAG_NOERR)) | |
10991 | + FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, r); | |
10992 | + return 0; | |
10993 | + } | |
10994 | + | |
10995 | + return 1; | |
10996 | + } | |
10997 | + | |
10998 | +int FIPS_drbg_uninstantiate(DRBG_CTX *dctx) | |
10999 | + { | |
11000 | + int rv; | |
11001 | + if (!dctx->uninstantiate) | |
11002 | + rv = 1; | |
11003 | + else | |
11004 | + rv = dctx->uninstantiate(dctx); | |
11005 | + /* Although we'd like to cleanse here we can't because we have to | |
11006 | + * test the uninstantiate really zeroes the data. | |
11007 | + */ | |
11008 | + memset(&dctx->d, 0, sizeof(dctx->d)); | |
11009 | + dctx->status = DRBG_STATUS_UNINITIALISED; | |
11010 | + /* If method has problems uninstantiating, return error */ | |
11011 | + return rv; | |
11012 | + } | |
11013 | + | |
11014 | +int FIPS_drbg_set_callbacks(DRBG_CTX *dctx, | |
11015 | + size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout, | |
11016 | + int entropy, size_t min_len, size_t max_len), | |
11017 | + void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen), | |
11018 | + size_t entropy_blocklen, | |
11019 | + size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout, | |
11020 | + int entropy, size_t min_len, size_t max_len), | |
11021 | + void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen)) | |
11022 | + { | |
11023 | + if (dctx->status != DRBG_STATUS_UNINITIALISED) | |
11024 | + return 0; | |
11025 | + dctx->entropy_blocklen = entropy_blocklen; | |
11026 | + dctx->get_entropy = get_entropy; | |
11027 | + dctx->cleanup_entropy = cleanup_entropy; | |
11028 | + dctx->get_nonce = get_nonce; | |
11029 | + dctx->cleanup_nonce = cleanup_nonce; | |
11030 | + return 1; | |
11031 | + } | |
11032 | + | |
11033 | +int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx, | |
11034 | + size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout), | |
11035 | + void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen), | |
11036 | + int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num), | |
11037 | + int (*rand_add_cb)(DRBG_CTX *ctx, | |
11038 | + const void *buf, int num, double entropy)) | |
11039 | + { | |
11040 | + if (dctx->status != DRBG_STATUS_UNINITIALISED) | |
11041 | + return 0; | |
11042 | + dctx->get_adin = get_adin; | |
11043 | + dctx->cleanup_adin = cleanup_adin; | |
11044 | + dctx->rand_seed_cb = rand_seed_cb; | |
11045 | + dctx->rand_add_cb = rand_add_cb; | |
11046 | + return 1; | |
11047 | + } | |
11048 | + | |
11049 | +void *FIPS_drbg_get_app_data(DRBG_CTX *dctx) | |
11050 | + { | |
11051 | + return dctx->app_data; | |
11052 | + } | |
11053 | + | |
11054 | +void FIPS_drbg_set_app_data(DRBG_CTX *dctx, void *app_data) | |
11055 | + { | |
11056 | + dctx->app_data = app_data; | |
11057 | + } | |
11058 | + | |
11059 | +size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx) | |
11060 | + { | |
11061 | + return dctx->blocklength; | |
11062 | + } | |
11063 | + | |
11064 | +int FIPS_drbg_get_strength(DRBG_CTX *dctx) | |
11065 | + { | |
11066 | + return dctx->strength; | |
11067 | + } | |
11068 | + | |
11069 | +void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval) | |
11070 | + { | |
11071 | + dctx->health_check_interval = interval; | |
11072 | + } | |
11073 | + | |
11074 | +void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval) | |
11075 | + { | |
11076 | + dctx->reseed_interval = interval; | |
11077 | + } | |
11078 | + | |
11079 | +static int drbg_stick = 0; | |
11080 | + | |
11081 | +void FIPS_drbg_stick(int onoff) | |
11082 | + { | |
11083 | + drbg_stick = onoff; | |
11084 | + } | |
11085 | + | |
11086 | +/* Continuous DRBG utility function */ | |
11087 | +int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out) | |
11088 | + { | |
11089 | + /* No CPRNG in test mode */ | |
11090 | + if (dctx->xflags & DRBG_FLAG_TEST) | |
11091 | + return 1; | |
11092 | + /* Check block is valid: should never happen */ | |
11093 | + if (dctx->lb_valid == 0) | |
11094 | + { | |
11095 | + FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_INTERNAL_ERROR); | |
11096 | + fips_set_selftest_fail(); | |
11097 | + return 0; | |
11098 | + } | |
11099 | + if (drbg_stick) | |
11100 | + memcpy(dctx->lb, out, dctx->blocklength); | |
11101 | + /* Check against last block: fail if match */ | |
11102 | + if (!memcmp(dctx->lb, out, dctx->blocklength)) | |
11103 | + { | |
11104 | + FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_DRBG_STUCK); | |
11105 | + fips_set_selftest_fail(); | |
11106 | + return 0; | |
11107 | + } | |
11108 | + /* Save last block for next comparison */ | |
11109 | + memcpy(dctx->lb, out, dctx->blocklength); | |
11110 | + return 1; | |
11111 | + } | |
a7ff9508 MT |
11112 | diff -up openssl-1.0.1b/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_rand.c |
11113 | --- openssl-1.0.1b/crypto/fips/fips_drbg_rand.c.fips 2012-04-26 18:00:51.403769365 +0200 | |
11114 | +++ openssl-1.0.1b/crypto/fips/fips_drbg_rand.c 2012-04-26 18:00:51.403769365 +0200 | |
0595faf5 MT |
11115 | @@ -0,0 +1,172 @@ |
11116 | +/* fips/rand/fips_drbg_rand.c */ | |
11117 | +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
11118 | + * project. | |
11119 | + */ | |
11120 | +/* ==================================================================== | |
11121 | + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | |
11122 | + * | |
11123 | + * Redistribution and use in source and binary forms, with or without | |
11124 | + * modification, are permitted provided that the following conditions | |
11125 | + * are met: | |
11126 | + * | |
11127 | + * 1. Redistributions of source code must retain the above copyright | |
11128 | + * notice, this list of conditions and the following disclaimer. | |
11129 | + * | |
11130 | + * 2. Redistributions in binary form must reproduce the above copyright | |
11131 | + * notice, this list of conditions and the following disclaimer in | |
11132 | + * the documentation and/or other materials provided with the | |
11133 | + * distribution. | |
11134 | + * | |
11135 | + * 3. All advertising materials mentioning features or use of this | |
11136 | + * software must display the following acknowledgment: | |
11137 | + * "This product includes software developed by the OpenSSL Project | |
11138 | + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
11139 | + * | |
11140 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
11141 | + * endorse or promote products derived from this software without | |
11142 | + * prior written permission. For written permission, please contact | |
11143 | + * licensing@OpenSSL.org. | |
11144 | + * | |
11145 | + * 5. Products derived from this software may not be called "OpenSSL" | |
11146 | + * nor may "OpenSSL" appear in their names without prior written | |
11147 | + * permission of the OpenSSL Project. | |
11148 | + * | |
11149 | + * 6. Redistributions of any form whatsoever must retain the following | |
11150 | + * acknowledgment: | |
11151 | + * "This product includes software developed by the OpenSSL Project | |
11152 | + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
11153 | + * | |
11154 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
11155 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
11156 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
11157 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
11158 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
11159 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
11160 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
11161 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
11162 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
11163 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
11164 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
11165 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
11166 | + * ==================================================================== | |
11167 | + */ | |
11168 | + | |
11169 | +#include <string.h> | |
11170 | +#include <openssl/crypto.h> | |
11171 | +#include <openssl/err.h> | |
11172 | +#include <openssl/rand.h> | |
11173 | +#include <openssl/fips_rand.h> | |
11174 | +#include "fips_rand_lcl.h" | |
11175 | + | |
11176 | +/* Mapping of SP800-90 DRBGs to OpenSSL RAND_METHOD */ | |
11177 | + | |
11178 | +/* Since we only have one global PRNG used at any time in OpenSSL use a global | |
11179 | + * variable to store context. | |
11180 | + */ | |
11181 | + | |
11182 | +static DRBG_CTX ossl_dctx; | |
11183 | + | |
11184 | +DRBG_CTX *FIPS_get_default_drbg(void) | |
11185 | + { | |
11186 | + return &ossl_dctx; | |
11187 | + } | |
11188 | + | |
11189 | +static int fips_drbg_bytes(unsigned char *out, int count) | |
11190 | + { | |
11191 | + DRBG_CTX *dctx = &ossl_dctx; | |
11192 | + int rv = 0; | |
11193 | + unsigned char *adin = NULL; | |
11194 | + size_t adinlen = 0; | |
11195 | + CRYPTO_w_lock(CRYPTO_LOCK_RAND); | |
11196 | + do | |
11197 | + { | |
11198 | + size_t rcnt; | |
11199 | + if (count > (int)dctx->max_request) | |
11200 | + rcnt = dctx->max_request; | |
11201 | + else | |
11202 | + rcnt = count; | |
11203 | + if (dctx->get_adin) | |
11204 | + { | |
11205 | + adinlen = dctx->get_adin(dctx, &adin); | |
11206 | + if (adinlen && !adin) | |
11207 | + { | |
11208 | + FIPSerr(FIPS_F_FIPS_DRBG_BYTES, FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT); | |
11209 | + goto err; | |
11210 | + } | |
11211 | + } | |
11212 | + rv = FIPS_drbg_generate(dctx, out, rcnt, 0, adin, adinlen); | |
11213 | + if (adin) | |
11214 | + { | |
11215 | + if (dctx->cleanup_adin) | |
11216 | + dctx->cleanup_adin(dctx, adin, adinlen); | |
11217 | + adin = NULL; | |
11218 | + } | |
11219 | + if (!rv) | |
11220 | + goto err; | |
11221 | + out += rcnt; | |
11222 | + count -= rcnt; | |
11223 | + } | |
11224 | + while (count); | |
11225 | + rv = 1; | |
11226 | + err: | |
11227 | + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); | |
11228 | + return rv; | |
11229 | + } | |
11230 | + | |
11231 | +static int fips_drbg_pseudo(unsigned char *out, int count) | |
11232 | + { | |
11233 | + if (fips_drbg_bytes(out, count) <= 0) | |
11234 | + return -1; | |
11235 | + return 1; | |
11236 | + } | |
11237 | + | |
11238 | +static int fips_drbg_status(void) | |
11239 | + { | |
11240 | + DRBG_CTX *dctx = &ossl_dctx; | |
11241 | + int rv; | |
11242 | + CRYPTO_r_lock(CRYPTO_LOCK_RAND); | |
11243 | + rv = dctx->status == DRBG_STATUS_READY ? 1 : 0; | |
11244 | + CRYPTO_r_unlock(CRYPTO_LOCK_RAND); | |
11245 | + return rv; | |
11246 | + } | |
11247 | + | |
11248 | +static void fips_drbg_cleanup(void) | |
11249 | + { | |
11250 | + DRBG_CTX *dctx = &ossl_dctx; | |
11251 | + CRYPTO_w_lock(CRYPTO_LOCK_RAND); | |
11252 | + FIPS_drbg_uninstantiate(dctx); | |
11253 | + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); | |
11254 | + } | |
11255 | + | |
11256 | +static int fips_drbg_seed(const void *seed, int seedlen) | |
11257 | + { | |
11258 | + DRBG_CTX *dctx = &ossl_dctx; | |
11259 | + if (dctx->rand_seed_cb) | |
11260 | + return dctx->rand_seed_cb(dctx, seed, seedlen); | |
11261 | + return 1; | |
11262 | + } | |
11263 | + | |
11264 | +static int fips_drbg_add(const void *seed, int seedlen, | |
11265 | + double add_entropy) | |
11266 | + { | |
11267 | + DRBG_CTX *dctx = &ossl_dctx; | |
11268 | + if (dctx->rand_add_cb) | |
11269 | + return dctx->rand_add_cb(dctx, seed, seedlen, add_entropy); | |
11270 | + return 1; | |
11271 | + } | |
11272 | + | |
11273 | +static const RAND_METHOD rand_drbg_meth = | |
11274 | + { | |
11275 | + fips_drbg_seed, | |
11276 | + fips_drbg_bytes, | |
11277 | + fips_drbg_cleanup, | |
11278 | + fips_drbg_add, | |
11279 | + fips_drbg_pseudo, | |
11280 | + fips_drbg_status | |
11281 | + }; | |
11282 | + | |
11283 | +const RAND_METHOD *FIPS_drbg_method(void) | |
11284 | + { | |
11285 | + return &rand_drbg_meth; | |
11286 | + } | |
11287 | + | |
a7ff9508 MT |
11288 | diff -up openssl-1.0.1b/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_selftest.c |
11289 | --- openssl-1.0.1b/crypto/fips/fips_drbg_selftest.c.fips 2012-04-26 18:00:51.403769365 +0200 | |
11290 | +++ openssl-1.0.1b/crypto/fips/fips_drbg_selftest.c 2012-04-26 18:00:51.403769365 +0200 | |
0595faf5 MT |
11291 | @@ -0,0 +1,862 @@ |
11292 | +/* fips/rand/fips_drbg_selftest.c */ | |
11293 | +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
11294 | + * project. | |
11295 | + */ | |
11296 | +/* ==================================================================== | |
11297 | + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | |
11298 | + * | |
11299 | + * Redistribution and use in source and binary forms, with or without | |
11300 | + * modification, are permitted provided that the following conditions | |
11301 | + * are met: | |
11302 | + * | |
11303 | + * 1. Redistributions of source code must retain the above copyright | |
11304 | + * notice, this list of conditions and the following disclaimer. | |
11305 | + * | |
11306 | + * 2. Redistributions in binary form must reproduce the above copyright | |
11307 | + * notice, this list of conditions and the following disclaimer in | |
11308 | + * the documentation and/or other materials provided with the | |
11309 | + * distribution. | |
11310 | + * | |
11311 | + * 3. All advertising materials mentioning features or use of this | |
11312 | + * software must display the following acknowledgment: | |
11313 | + * "This product includes software developed by the OpenSSL Project | |
11314 | + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
11315 | + * | |
11316 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
11317 | + * endorse or promote products derived from this software without | |
11318 | + * prior written permission. For written permission, please contact | |
11319 | + * licensing@OpenSSL.org. | |
11320 | + * | |
11321 | + * 5. Products derived from this software may not be called "OpenSSL" | |
11322 | + * nor may "OpenSSL" appear in their names without prior written | |
11323 | + * permission of the OpenSSL Project. | |
11324 | + * | |
11325 | + * 6. Redistributions of any form whatsoever must retain the following | |
11326 | + * acknowledgment: | |
11327 | + * "This product includes software developed by the OpenSSL Project | |
11328 | + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
11329 | + * | |
11330 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
11331 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
11332 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
11333 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
11334 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
11335 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
11336 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
11337 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
11338 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
11339 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
11340 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
11341 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
11342 | + * ==================================================================== | |
11343 | + */ | |
11344 | + | |
11345 | +#include <string.h> | |
11346 | +#include <openssl/crypto.h> | |
11347 | +#include <openssl/err.h> | |
11348 | +#include <openssl/fips_rand.h> | |
11349 | +#include "fips_rand_lcl.h" | |
11350 | +#include "fips_locl.h" | |
11351 | + | |
11352 | +#include "fips_drbg_selftest.h" | |
11353 | + | |
11354 | +typedef struct { | |
11355 | + int post; | |
11356 | + int nid; | |
11357 | + unsigned int flags; | |
11358 | + | |
11359 | + /* KAT data for no PR */ | |
11360 | + const unsigned char *ent; | |
11361 | + size_t entlen; | |
11362 | + const unsigned char *nonce; | |
11363 | + size_t noncelen; | |
11364 | + const unsigned char *pers; | |
11365 | + size_t perslen; | |
11366 | + const unsigned char *adin; | |
11367 | + size_t adinlen; | |
11368 | + const unsigned char *entreseed; | |
11369 | + size_t entreseedlen; | |
11370 | + const unsigned char *adinreseed; | |
11371 | + size_t adinreseedlen; | |
11372 | + const unsigned char *adin2; | |
11373 | + size_t adin2len; | |
11374 | + const unsigned char *kat; | |
11375 | + size_t katlen; | |
11376 | + const unsigned char *kat2; | |
11377 | + size_t kat2len; | |
11378 | + | |
11379 | + /* KAT data for PR */ | |
11380 | + const unsigned char *ent_pr; | |
11381 | + size_t entlen_pr; | |
11382 | + const unsigned char *nonce_pr; | |
11383 | + size_t noncelen_pr; | |
11384 | + const unsigned char *pers_pr; | |
11385 | + size_t perslen_pr; | |
11386 | + const unsigned char *adin_pr; | |
11387 | + size_t adinlen_pr; | |
11388 | + const unsigned char *entpr_pr; | |
11389 | + size_t entprlen_pr; | |
11390 | + const unsigned char *ading_pr; | |
11391 | + size_t adinglen_pr; | |
11392 | + const unsigned char *entg_pr; | |
11393 | + size_t entglen_pr; | |
11394 | + const unsigned char *kat_pr; | |
11395 | + size_t katlen_pr; | |
11396 | + const unsigned char *kat2_pr; | |
11397 | + size_t kat2len_pr; | |
11398 | + | |
11399 | + } DRBG_SELFTEST_DATA; | |
11400 | + | |
11401 | +#define make_drbg_test_data(nid, flag, pr, p) {p, nid, flag | DRBG_FLAG_TEST, \ | |
11402 | + pr##_entropyinput, sizeof(pr##_entropyinput), \ | |
11403 | + pr##_nonce, sizeof(pr##_nonce), \ | |
11404 | + pr##_personalizationstring, sizeof(pr##_personalizationstring), \ | |
11405 | + pr##_additionalinput, sizeof(pr##_additionalinput), \ | |
11406 | + pr##_entropyinputreseed, sizeof(pr##_entropyinputreseed), \ | |
11407 | + pr##_additionalinputreseed, sizeof(pr##_additionalinputreseed), \ | |
11408 | + pr##_additionalinput2, sizeof(pr##_additionalinput2), \ | |
11409 | + pr##_int_returnedbits, sizeof(pr##_int_returnedbits), \ | |
11410 | + pr##_returnedbits, sizeof(pr##_returnedbits), \ | |
11411 | + pr##_pr_entropyinput, sizeof(pr##_pr_entropyinput), \ | |
11412 | + pr##_pr_nonce, sizeof(pr##_pr_nonce), \ | |
11413 | + pr##_pr_personalizationstring, sizeof(pr##_pr_personalizationstring), \ | |
11414 | + pr##_pr_additionalinput, sizeof(pr##_pr_additionalinput), \ | |
11415 | + pr##_pr_entropyinputpr, sizeof(pr##_pr_entropyinputpr), \ | |
11416 | + pr##_pr_additionalinput2, sizeof(pr##_pr_additionalinput2), \ | |
11417 | + pr##_pr_entropyinputpr2, sizeof(pr##_pr_entropyinputpr2), \ | |
11418 | + pr##_pr_int_returnedbits, sizeof(pr##_pr_int_returnedbits), \ | |
11419 | + pr##_pr_returnedbits, sizeof(pr##_pr_returnedbits), \ | |
11420 | + } | |
11421 | + | |
11422 | +#define make_drbg_test_data_df(nid, pr, p) \ | |
11423 | + make_drbg_test_data(nid, DRBG_FLAG_CTR_USE_DF, pr, p) | |
11424 | + | |
11425 | +#define make_drbg_test_data_ec(curve, md, pr, p) \ | |
11426 | + make_drbg_test_data((curve << 16) | md , 0, pr, p) | |
11427 | + | |
11428 | +static DRBG_SELFTEST_DATA drbg_test[] = { | |
11429 | + make_drbg_test_data_df(NID_aes_128_ctr, aes_128_use_df, 0), | |
11430 | + make_drbg_test_data_df(NID_aes_192_ctr, aes_192_use_df, 0), | |
11431 | + make_drbg_test_data_df(NID_aes_256_ctr, aes_256_use_df, 1), | |
11432 | + make_drbg_test_data(NID_aes_128_ctr, 0, aes_128_no_df, 0), | |
11433 | + make_drbg_test_data(NID_aes_192_ctr, 0, aes_192_no_df, 0), | |
11434 | + make_drbg_test_data(NID_aes_256_ctr, 0, aes_256_no_df, 1), | |
11435 | + make_drbg_test_data(NID_sha1, 0, sha1, 0), | |
11436 | + make_drbg_test_data(NID_sha224, 0, sha224, 0), | |
11437 | + make_drbg_test_data(NID_sha256, 0, sha256, 1), | |
11438 | + make_drbg_test_data(NID_sha384, 0, sha384, 0), | |
11439 | + make_drbg_test_data(NID_sha512, 0, sha512, 0), | |
11440 | + make_drbg_test_data(NID_hmacWithSHA1, 0, hmac_sha1, 0), | |
11441 | + make_drbg_test_data(NID_hmacWithSHA224, 0, hmac_sha224, 0), | |
11442 | + make_drbg_test_data(NID_hmacWithSHA256, 0, hmac_sha256, 1), | |
11443 | + make_drbg_test_data(NID_hmacWithSHA384, 0, hmac_sha384, 0), | |
11444 | + make_drbg_test_data(NID_hmacWithSHA512, 0, hmac_sha512, 0), | |
11445 | + {0,0,0} | |
11446 | + }; | |
11447 | + | |
11448 | +typedef struct | |
11449 | + { | |
11450 | + const unsigned char *ent; | |
11451 | + size_t entlen; | |
11452 | + int entcnt; | |
11453 | + const unsigned char *nonce; | |
11454 | + size_t noncelen; | |
11455 | + int noncecnt; | |
11456 | + } TEST_ENT; | |
11457 | + | |
11458 | +static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout, | |
11459 | + int entropy, size_t min_len, size_t max_len) | |
11460 | + { | |
11461 | + TEST_ENT *t = FIPS_drbg_get_app_data(dctx); | |
11462 | + *pout = (unsigned char *)t->ent; | |
11463 | + t->entcnt++; | |
11464 | + return t->entlen; | |
11465 | + } | |
11466 | + | |
11467 | +static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout, | |
11468 | + int entropy, size_t min_len, size_t max_len) | |
11469 | + { | |
11470 | + TEST_ENT *t = FIPS_drbg_get_app_data(dctx); | |
11471 | + *pout = (unsigned char *)t->nonce; | |
11472 | + t->noncecnt++; | |
11473 | + return t->noncelen; | |
11474 | + } | |
11475 | + | |
11476 | +static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td, | |
11477 | + int quick) | |
11478 | + { | |
11479 | + TEST_ENT t; | |
11480 | + int rv = 0; | |
11481 | + size_t adinlen; | |
11482 | + unsigned char randout[1024]; | |
11483 | + | |
11484 | + /* Initial test without PR */ | |
11485 | + | |
11486 | + /* Instantiate DRBG with test entropy, nonce and personalisation | |
11487 | + * string. | |
11488 | + */ | |
11489 | + | |
11490 | + if (!FIPS_drbg_init(dctx, td->nid, td->flags)) | |
11491 | + return 0; | |
11492 | + if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0)) | |
11493 | + return 0; | |
11494 | + | |
11495 | + FIPS_drbg_set_app_data(dctx, &t); | |
11496 | + | |
11497 | + t.ent = td->ent; | |
11498 | + t.entlen = td->entlen; | |
11499 | + t.nonce = td->nonce; | |
11500 | + t.noncelen = td->noncelen; | |
11501 | + t.entcnt = 0; | |
11502 | + t.noncecnt = 0; | |
11503 | + | |
11504 | + if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen)) | |
11505 | + goto err; | |
11506 | + | |
11507 | + /* Note for CTR without DF some additional input values | |
11508 | + * ignore bytes after the keylength: so reduce adinlen | |
11509 | + * to half to ensure invalid data is fed in. | |
11510 | + */ | |
11511 | + if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags)) | |
11512 | + adinlen = td->adinlen / 2; | |
11513 | + else | |
11514 | + adinlen = td->adinlen; | |
11515 | + | |
11516 | + /* Generate with no PR and verify output matches expected data */ | |
11517 | + if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, | |
11518 | + td->adin, adinlen)) | |
11519 | + goto err; | |
11520 | + | |
11521 | + if (memcmp(randout, td->kat, td->katlen)) | |
11522 | + { | |
11523 | + FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST1_FAILURE); | |
11524 | + goto err2; | |
11525 | + } | |
11526 | + /* If abbreviated POST end of test */ | |
11527 | + if (quick) | |
11528 | + { | |
11529 | + rv = 1; | |
11530 | + goto err; | |
11531 | + } | |
11532 | + /* Reseed DRBG with test entropy and additional input */ | |
11533 | + t.ent = td->entreseed; | |
11534 | + t.entlen = td->entreseedlen; | |
11535 | + | |
11536 | + if (!FIPS_drbg_reseed(dctx, td->adinreseed, td->adinreseedlen)) | |
11537 | + goto err; | |
11538 | + | |
11539 | + /* Generate with no PR and verify output matches expected data */ | |
11540 | + if (!FIPS_drbg_generate(dctx, randout, td->kat2len, 0, | |
11541 | + td->adin2, td->adin2len)) | |
11542 | + goto err; | |
11543 | + | |
11544 | + if (memcmp(randout, td->kat2, td->kat2len)) | |
11545 | + { | |
11546 | + FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST2_FAILURE); | |
11547 | + goto err2; | |
11548 | + } | |
11549 | + | |
11550 | + FIPS_drbg_uninstantiate(dctx); | |
11551 | + | |
11552 | + /* Now test with PR */ | |
11553 | + | |
11554 | + /* Instantiate DRBG with test entropy, nonce and personalisation | |
11555 | + * string. | |
11556 | + */ | |
11557 | + if (!FIPS_drbg_init(dctx, td->nid, td->flags)) | |
11558 | + return 0; | |
11559 | + if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0)) | |
11560 | + return 0; | |
11561 | + | |
11562 | + FIPS_drbg_set_app_data(dctx, &t); | |
11563 | + | |
11564 | + t.ent = td->ent_pr; | |
11565 | + t.entlen = td->entlen_pr; | |
11566 | + t.nonce = td->nonce_pr; | |
11567 | + t.noncelen = td->noncelen_pr; | |
11568 | + t.entcnt = 0; | |
11569 | + t.noncecnt = 0; | |
11570 | + | |
11571 | + if (!FIPS_drbg_instantiate(dctx, td->pers_pr, td->perslen_pr)) | |
11572 | + goto err; | |
11573 | + | |
11574 | + /* Now generate with PR: we need to supply entropy as this will | |
11575 | + * perform a reseed operation. Check output matches expected value. | |
11576 | + */ | |
11577 | + | |
11578 | + t.ent = td->entpr_pr; | |
11579 | + t.entlen = td->entprlen_pr; | |
11580 | + | |
11581 | + /* Note for CTR without DF some additional input values | |
11582 | + * ignore bytes after the keylength: so reduce adinlen | |
11583 | + * to half to ensure invalid data is fed in. | |
11584 | + */ | |
11585 | + if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags)) | |
11586 | + adinlen = td->adinlen_pr / 2; | |
11587 | + else | |
11588 | + adinlen = td->adinlen_pr; | |
11589 | + if (!FIPS_drbg_generate(dctx, randout, td->katlen_pr, 1, | |
11590 | + td->adin_pr, adinlen)) | |
11591 | + goto err; | |
11592 | + | |
11593 | + if (memcmp(randout, td->kat_pr, td->katlen_pr)) | |
11594 | + { | |
11595 | + FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST1_FAILURE); | |
11596 | + goto err2; | |
11597 | + } | |
11598 | + | |
11599 | + /* Now generate again with PR: supply new entropy again. | |
11600 | + * Check output matches expected value. | |
11601 | + */ | |
11602 | + | |
11603 | + t.ent = td->entg_pr; | |
11604 | + t.entlen = td->entglen_pr; | |
11605 | + | |
11606 | + if (!FIPS_drbg_generate(dctx, randout, td->kat2len_pr, 1, | |
11607 | + td->ading_pr, td->adinglen_pr)) | |
11608 | + goto err; | |
11609 | + | |
11610 | + if (memcmp(randout, td->kat2_pr, td->kat2len_pr)) | |
11611 | + { | |
11612 | + FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST2_FAILURE); | |
11613 | + goto err2; | |
11614 | + } | |
11615 | + /* All OK, test complete */ | |
11616 | + rv = 1; | |
11617 | + | |
11618 | + err: | |
11619 | + if (rv == 0) | |
11620 | + FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED); | |
11621 | + err2: | |
11622 | + FIPS_drbg_uninstantiate(dctx); | |
11623 | + | |
11624 | + return rv; | |
11625 | + | |
11626 | + } | |
11627 | + | |
11628 | +/* Initialise a DRBG based on selftest data */ | |
11629 | + | |
11630 | +static int do_drbg_init(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td, TEST_ENT *t) | |
11631 | + { | |
11632 | + | |
11633 | + if (!FIPS_drbg_init(dctx, td->nid, td->flags)) | |
11634 | + return 0; | |
11635 | + | |
11636 | + if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0)) | |
11637 | + return 0; | |
11638 | + | |
11639 | + FIPS_drbg_set_app_data(dctx, t); | |
11640 | + | |
11641 | + t->ent = td->ent; | |
11642 | + t->entlen = td->entlen; | |
11643 | + t->nonce = td->nonce; | |
11644 | + t->noncelen = td->noncelen; | |
11645 | + t->entcnt = 0; | |
11646 | + t->noncecnt = 0; | |
11647 | + return 1; | |
11648 | + } | |
11649 | + | |
11650 | +/* Initialise and instantiate DRBG based on selftest data */ | |
11651 | +static int do_drbg_instantiate(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td, | |
11652 | + TEST_ENT *t) | |
11653 | + { | |
11654 | + if (!do_drbg_init(dctx, td, t)) | |
11655 | + return 0; | |
11656 | + if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen)) | |
11657 | + return 0; | |
11658 | + | |
11659 | + return 1; | |
11660 | + } | |
11661 | + | |
11662 | +/* This function performs extensive error checking as required by SP800-90. | |
11663 | + * Induce several failure modes and check an error condition is set. | |
11664 | + * This function along with fips_drbg_single_kat peforms the health checking | |
11665 | + * operation. | |
11666 | + */ | |
11667 | + | |
11668 | +static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) | |
11669 | + { | |
11670 | + unsigned char randout[1024]; | |
11671 | + TEST_ENT t; | |
11672 | + size_t i; | |
11673 | + unsigned int reseed_counter_tmp; | |
11674 | + unsigned char *p = (unsigned char *)dctx; | |
11675 | + | |
11676 | + /* Initialise DRBG */ | |
11677 | + | |
11678 | + if (!do_drbg_init(dctx, td, &t)) | |
11679 | + goto err; | |
11680 | + | |
11681 | + /* Don't report induced errors */ | |
11682 | + dctx->iflags |= DRBG_FLAG_NOERR; | |
11683 | + | |
11684 | + /* Personalisation string tests */ | |
11685 | + | |
11686 | + /* Test detection of too large personlisation string */ | |
11687 | + | |
11688 | + if (FIPS_drbg_instantiate(dctx, td->pers, dctx->max_pers + 1) > 0) | |
11689 | + { | |
11690 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_PERSONALISATION_ERROR_UNDETECTED); | |
11691 | + goto err; | |
11692 | + } | |
11693 | + | |
11694 | + /* Entropy source tests */ | |
11695 | + | |
11696 | + /* Test entropy source failure detecion: i.e. returns no data */ | |
11697 | + | |
11698 | + t.entlen = 0; | |
11699 | + | |
11700 | + if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) | |
11701 | + { | |
11702 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED); | |
11703 | + goto err; | |
11704 | + } | |
11705 | + | |
11706 | + /* Try to generate output from uninstantiated DRBG */ | |
11707 | + if (FIPS_drbg_generate(dctx, randout, td->katlen, 0, | |
11708 | + td->adin, td->adinlen)) | |
11709 | + { | |
11710 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_GENERATE_ERROR_UNDETECTED); | |
11711 | + goto err; | |
11712 | + } | |
11713 | + | |
11714 | + dctx->iflags &= ~DRBG_FLAG_NOERR; | |
11715 | + if (!FIPS_drbg_uninstantiate(dctx)) | |
11716 | + { | |
11717 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); | |
11718 | + goto err; | |
11719 | + } | |
11720 | + | |
11721 | + if (!do_drbg_init(dctx, td, &t)) | |
11722 | + goto err; | |
11723 | + | |
11724 | + dctx->iflags |= DRBG_FLAG_NOERR; | |
11725 | + | |
11726 | + /* Test insufficient entropy */ | |
11727 | + | |
11728 | + t.entlen = dctx->min_entropy - 1; | |
11729 | + | |
11730 | + if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) | |
11731 | + { | |
11732 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED); | |
11733 | + goto err; | |
11734 | + } | |
11735 | + | |
11736 | + dctx->iflags &= ~DRBG_FLAG_NOERR; | |
11737 | + if (!FIPS_drbg_uninstantiate(dctx)) | |
11738 | + { | |
11739 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); | |
11740 | + goto err; | |
11741 | + } | |
11742 | + | |
11743 | + /* Test too much entropy */ | |
11744 | + | |
11745 | + if (!do_drbg_init(dctx, td, &t)) | |
11746 | + goto err; | |
11747 | + | |
11748 | + dctx->iflags |= DRBG_FLAG_NOERR; | |
11749 | + | |
11750 | + t.entlen = dctx->max_entropy + 1; | |
11751 | + | |
11752 | + if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) | |
11753 | + { | |
11754 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED); | |
11755 | + goto err; | |
11756 | + } | |
11757 | + | |
11758 | + dctx->iflags &= ~DRBG_FLAG_NOERR; | |
11759 | + if (!FIPS_drbg_uninstantiate(dctx)) | |
11760 | + { | |
11761 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); | |
11762 | + goto err; | |
11763 | + } | |
11764 | + | |
11765 | + /* Nonce tests */ | |
11766 | + | |
11767 | + /* Test too small nonce */ | |
11768 | + | |
11769 | + if (dctx->min_nonce) | |
11770 | + { | |
11771 | + | |
11772 | + if (!do_drbg_init(dctx, td, &t)) | |
11773 | + goto err; | |
11774 | + | |
11775 | + dctx->iflags |= DRBG_FLAG_NOERR; | |
11776 | + | |
11777 | + t.noncelen = dctx->min_nonce - 1; | |
11778 | + | |
11779 | + if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) | |
11780 | + { | |
11781 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_NONCE_ERROR_UNDETECTED); | |
11782 | + goto err; | |
11783 | + } | |
11784 | + | |
11785 | + dctx->iflags &= ~DRBG_FLAG_NOERR; | |
11786 | + if (!FIPS_drbg_uninstantiate(dctx)) | |
11787 | + { | |
11788 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); | |
11789 | + goto err; | |
11790 | + } | |
11791 | + | |
11792 | + } | |
11793 | + | |
11794 | + /* Test too large nonce */ | |
11795 | + | |
11796 | + if (dctx->max_nonce) | |
11797 | + { | |
11798 | + | |
11799 | + if (!do_drbg_init(dctx, td, &t)) | |
11800 | + goto err; | |
11801 | + | |
11802 | + dctx->iflags |= DRBG_FLAG_NOERR; | |
11803 | + | |
11804 | + t.noncelen = dctx->max_nonce + 1; | |
11805 | + | |
11806 | + if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) | |
11807 | + { | |
11808 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_NONCE_ERROR_UNDETECTED); | |
11809 | + goto err; | |
11810 | + } | |
11811 | + | |
11812 | + dctx->iflags &= ~DRBG_FLAG_NOERR; | |
11813 | + if (!FIPS_drbg_uninstantiate(dctx)) | |
11814 | + { | |
11815 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); | |
11816 | + goto err; | |
11817 | + } | |
11818 | + | |
11819 | + } | |
11820 | + | |
11821 | + /* Instantiate with valid data. */ | |
11822 | + if (!do_drbg_instantiate(dctx, td, &t)) | |
11823 | + goto err; | |
11824 | + | |
11825 | + /* Check generation is now OK */ | |
11826 | + if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, | |
11827 | + td->adin, td->adinlen)) | |
11828 | + goto err; | |
11829 | + | |
11830 | + dctx->iflags |= DRBG_FLAG_NOERR; | |
11831 | + | |
11832 | + /* Request too much data for one request */ | |
11833 | + if (FIPS_drbg_generate(dctx, randout, dctx->max_request + 1, 0, | |
11834 | + td->adin, td->adinlen)) | |
11835 | + { | |
11836 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED); | |
11837 | + goto err; | |
11838 | + } | |
11839 | + | |
11840 | + /* Try too large additional input */ | |
11841 | + if (FIPS_drbg_generate(dctx, randout, td->katlen, 0, | |
11842 | + td->adin, dctx->max_adin + 1)) | |
11843 | + { | |
11844 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED); | |
11845 | + goto err; | |
11846 | + } | |
11847 | + | |
11848 | + /* Check prediction resistance request fails if entropy source | |
11849 | + * failure. | |
11850 | + */ | |
11851 | + | |
11852 | + t.entlen = 0; | |
11853 | + | |
11854 | + if (FIPS_drbg_generate(dctx, randout, td->katlen, 1, | |
11855 | + td->adin, td->adinlen)) | |
11856 | + { | |
11857 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED); | |
11858 | + goto err; | |
11859 | + } | |
11860 | + | |
11861 | + dctx->iflags &= ~DRBG_FLAG_NOERR; | |
11862 | + if (!FIPS_drbg_uninstantiate(dctx)) | |
11863 | + { | |
11864 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); | |
11865 | + goto err; | |
11866 | + } | |
11867 | + | |
11868 | + | |
11869 | + /* Instantiate again with valid data */ | |
11870 | + | |
11871 | + if (!do_drbg_instantiate(dctx, td, &t)) | |
11872 | + goto err; | |
11873 | + /* Test reseed counter works */ | |
11874 | + /* Save initial reseed counter */ | |
11875 | + reseed_counter_tmp = dctx->reseed_counter; | |
11876 | + /* Set reseed counter to beyond interval */ | |
11877 | + dctx->reseed_counter = dctx->reseed_interval; | |
11878 | + | |
11879 | + /* Generate output and check entropy has been requested for reseed */ | |
11880 | + t.entcnt = 0; | |
11881 | + if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, | |
11882 | + td->adin, td->adinlen)) | |
11883 | + goto err; | |
11884 | + if (t.entcnt != 1) | |
11885 | + { | |
11886 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED); | |
11887 | + goto err; | |
11888 | + } | |
11889 | + /* Check reseed counter has been reset */ | |
11890 | + if (dctx->reseed_counter != reseed_counter_tmp + 1) | |
11891 | + { | |
11892 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR); | |
11893 | + goto err; | |
11894 | + } | |
11895 | + | |
11896 | + dctx->iflags &= ~DRBG_FLAG_NOERR; | |
11897 | + if (!FIPS_drbg_uninstantiate(dctx)) | |
11898 | + { | |
11899 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); | |
11900 | + goto err; | |
11901 | + } | |
11902 | + | |
11903 | + /* Check prediction resistance request fails if entropy source | |
11904 | + * failure. | |
11905 | + */ | |
11906 | + | |
11907 | + t.entlen = 0; | |
11908 | + | |
11909 | + dctx->iflags |= DRBG_FLAG_NOERR; | |
11910 | + if (FIPS_drbg_generate(dctx, randout, td->katlen, 1, | |
11911 | + td->adin, td->adinlen)) | |
11912 | + { | |
11913 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED); | |
11914 | + goto err; | |
11915 | + } | |
11916 | + | |
11917 | + dctx->iflags &= ~DRBG_FLAG_NOERR; | |
11918 | + | |
11919 | + if (!FIPS_drbg_uninstantiate(dctx)) | |
11920 | + { | |
11921 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); | |
11922 | + goto err; | |
11923 | + } | |
11924 | + | |
11925 | + | |
11926 | + if (!do_drbg_instantiate(dctx, td, &t)) | |
11927 | + goto err; | |
11928 | + /* Test reseed counter works */ | |
11929 | + /* Save initial reseed counter */ | |
11930 | + reseed_counter_tmp = dctx->reseed_counter; | |
11931 | + /* Set reseed counter to beyond interval */ | |
11932 | + dctx->reseed_counter = dctx->reseed_interval; | |
11933 | + | |
11934 | + /* Generate output and check entropy has been requested for reseed */ | |
11935 | + t.entcnt = 0; | |
11936 | + if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, | |
11937 | + td->adin, td->adinlen)) | |
11938 | + goto err; | |
11939 | + if (t.entcnt != 1) | |
11940 | + { | |
11941 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED); | |
11942 | + goto err; | |
11943 | + } | |
11944 | + /* Check reseed counter has been reset */ | |
11945 | + if (dctx->reseed_counter != reseed_counter_tmp + 1) | |
11946 | + { | |
11947 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR); | |
11948 | + goto err; | |
11949 | + } | |
11950 | + | |
11951 | + dctx->iflags &= ~DRBG_FLAG_NOERR; | |
11952 | + if (!FIPS_drbg_uninstantiate(dctx)) | |
11953 | + { | |
11954 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); | |
11955 | + goto err; | |
11956 | + } | |
11957 | + | |
11958 | + /* Explicit reseed tests */ | |
11959 | + | |
11960 | + /* Test explicit reseed with too large additional input */ | |
11961 | + if (!do_drbg_init(dctx, td, &t)) | |
11962 | + goto err; | |
11963 | + | |
11964 | + dctx->iflags |= DRBG_FLAG_NOERR; | |
11965 | + | |
11966 | + if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0) | |
11967 | + { | |
11968 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED); | |
11969 | + goto err; | |
11970 | + } | |
11971 | + | |
11972 | + /* Test explicit reseed with entropy source failure */ | |
11973 | + | |
11974 | + t.entlen = 0; | |
11975 | + | |
11976 | + if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) | |
11977 | + { | |
11978 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED); | |
11979 | + goto err; | |
11980 | + } | |
11981 | + | |
11982 | + if (!FIPS_drbg_uninstantiate(dctx)) | |
11983 | + { | |
11984 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); | |
11985 | + goto err; | |
11986 | + } | |
11987 | + | |
11988 | + /* Test explicit reseed with too much entropy */ | |
11989 | + | |
11990 | + if (!do_drbg_init(dctx, td, &t)) | |
11991 | + goto err; | |
11992 | + | |
11993 | + dctx->iflags |= DRBG_FLAG_NOERR; | |
11994 | + | |
11995 | + t.entlen = dctx->max_entropy + 1; | |
11996 | + | |
11997 | + if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) | |
11998 | + { | |
11999 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED); | |
12000 | + goto err; | |
12001 | + } | |
12002 | + | |
12003 | + if (!FIPS_drbg_uninstantiate(dctx)) | |
12004 | + { | |
12005 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); | |
12006 | + goto err; | |
12007 | + } | |
12008 | + | |
12009 | + /* Test explicit reseed with too little entropy */ | |
12010 | + | |
12011 | + if (!do_drbg_init(dctx, td, &t)) | |
12012 | + goto err; | |
12013 | + | |
12014 | + dctx->iflags |= DRBG_FLAG_NOERR; | |
12015 | + | |
12016 | + t.entlen = dctx->min_entropy - 1; | |
12017 | + | |
12018 | + if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) | |
12019 | + { | |
12020 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED); | |
12021 | + goto err; | |
12022 | + } | |
12023 | + | |
12024 | + if (!FIPS_drbg_uninstantiate(dctx)) | |
12025 | + { | |
12026 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); | |
12027 | + goto err; | |
12028 | + } | |
12029 | + | |
12030 | + p = (unsigned char *)&dctx->d; | |
12031 | + /* Standard says we have to check uninstantiate really zeroes | |
12032 | + * the data... | |
12033 | + */ | |
12034 | + for (i = 0; i < sizeof(dctx->d); i++) | |
12035 | + { | |
12036 | + if (*p != 0) | |
12037 | + { | |
12038 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ZEROISE_ERROR); | |
12039 | + goto err; | |
12040 | + } | |
12041 | + p++; | |
12042 | + } | |
12043 | + | |
12044 | + return 1; | |
12045 | + | |
12046 | + err: | |
12047 | + /* A real error as opposed to an induced one: underlying function will | |
12048 | + * indicate the error. | |
12049 | + */ | |
12050 | + if (!(dctx->iflags & DRBG_FLAG_NOERR)) | |
12051 | + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_FUNCTION_ERROR); | |
12052 | + FIPS_drbg_uninstantiate(dctx); | |
12053 | + return 0; | |
12054 | + | |
12055 | + } | |
12056 | + | |
12057 | +int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags) | |
12058 | + { | |
12059 | + DRBG_SELFTEST_DATA *td; | |
12060 | + flags |= DRBG_FLAG_TEST; | |
12061 | + for (td = drbg_test; td->nid != 0; td++) | |
12062 | + { | |
12063 | + if (td->nid == nid && td->flags == flags) | |
12064 | + { | |
12065 | + if (!fips_drbg_single_kat(dctx, td, 0)) | |
12066 | + return 0; | |
12067 | + return fips_drbg_error_check(dctx, td); | |
12068 | + } | |
12069 | + } | |
12070 | + return 0; | |
12071 | + } | |
12072 | + | |
12073 | +int FIPS_drbg_health_check(DRBG_CTX *dctx) | |
12074 | + { | |
12075 | + int rv; | |
12076 | + DRBG_CTX *tctx = NULL; | |
12077 | + tctx = FIPS_drbg_new(0, 0); | |
12078 | + fips_post_started(FIPS_TEST_DRBG, dctx->type, &dctx->xflags); | |
12079 | + if (!tctx) | |
12080 | + return 0; | |
12081 | + rv = fips_drbg_kat(tctx, dctx->type, dctx->xflags); | |
12082 | + if (tctx) | |
12083 | + FIPS_drbg_free(tctx); | |
12084 | + if (rv) | |
12085 | + fips_post_success(FIPS_TEST_DRBG, dctx->type, &dctx->xflags); | |
12086 | + else | |
12087 | + fips_post_failed(FIPS_TEST_DRBG, dctx->type, &dctx->xflags); | |
12088 | + if (!rv) | |
12089 | + dctx->status = DRBG_STATUS_ERROR; | |
12090 | + else | |
12091 | + dctx->health_check_cnt = 0; | |
12092 | + return rv; | |
12093 | + } | |
12094 | + | |
12095 | +int FIPS_selftest_drbg(void) | |
12096 | + { | |
12097 | + DRBG_CTX *dctx; | |
12098 | + DRBG_SELFTEST_DATA *td; | |
12099 | + int rv = 1; | |
12100 | + dctx = FIPS_drbg_new(0, 0); | |
12101 | + if (!dctx) | |
12102 | + return 0; | |
12103 | + for (td = drbg_test; td->nid != 0; td++) | |
12104 | + { | |
12105 | + if (td->post != 1) | |
12106 | + continue; | |
12107 | + if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags)) | |
12108 | + return 1; | |
12109 | + if (!fips_drbg_single_kat(dctx, td, 1)) | |
12110 | + { | |
12111 | + fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags); | |
12112 | + rv = 0; | |
12113 | + continue; | |
12114 | + } | |
12115 | + if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags)) | |
12116 | + return 0; | |
12117 | + } | |
12118 | + FIPS_drbg_free(dctx); | |
12119 | + return rv; | |
12120 | + } | |
12121 | + | |
12122 | + | |
12123 | +int FIPS_selftest_drbg_all(void) | |
12124 | + { | |
12125 | + DRBG_CTX *dctx; | |
12126 | + DRBG_SELFTEST_DATA *td; | |
12127 | + int rv = 1; | |
12128 | + dctx = FIPS_drbg_new(0, 0); | |
12129 | + if (!dctx) | |
12130 | + return 0; | |
12131 | + for (td = drbg_test; td->nid != 0; td++) | |
12132 | + { | |
12133 | + if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags)) | |
12134 | + return 1; | |
12135 | + if (!fips_drbg_single_kat(dctx, td, 0)) | |
12136 | + { | |
12137 | + fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags); | |
12138 | + rv = 0; | |
12139 | + continue; | |
12140 | + } | |
12141 | + if (!fips_drbg_error_check(dctx, td)) | |
12142 | + { | |
12143 | + fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags); | |
12144 | + rv = 0; | |
12145 | + continue; | |
12146 | + } | |
12147 | + if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags)) | |
12148 | + return 0; | |
12149 | + } | |
12150 | + FIPS_drbg_free(dctx); | |
12151 | + return rv; | |
12152 | + } | |
12153 | + | |
a7ff9508 MT |
12154 | diff -up openssl-1.0.1b/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1b/crypto/fips/fips_drbg_selftest.h |
12155 | --- openssl-1.0.1b/crypto/fips/fips_drbg_selftest.h.fips 2012-04-26 18:00:51.404769387 +0200 | |
12156 | +++ openssl-1.0.1b/crypto/fips/fips_drbg_selftest.h 2012-04-26 18:00:51.404769387 +0200 | |
0595faf5 MT |
12157 | @@ -0,0 +1,2335 @@ |
12158 | +/* ==================================================================== | |
12159 | + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | |
12160 | + * | |
12161 | + * Redistribution and use in source and binary forms, with or without | |
12162 | + * modification, are permitted provided that the following conditions | |
12163 | + * are met: | |
12164 | + * | |
12165 | + * 1. Redistributions of source code must retain the above copyright | |
12166 | + * notice, this list of conditions and the following disclaimer. | |
12167 | + * | |
12168 | + * 2. Redistributions in binary form must reproduce the above copyright | |
12169 | + * notice, this list of conditions and the following disclaimer in | |
12170 | + * the documentation and/or other materials provided with the | |
12171 | + * distribution. | |
12172 | + * | |
12173 | + * 3. All advertising materials mentioning features or use of this | |
12174 | + * software must display the following acknowledgment: | |
12175 | + * "This product includes software developed by the OpenSSL Project | |
12176 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
12177 | + * | |
12178 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
12179 | + * endorse or promote products derived from this software without | |
12180 | + * prior written permission. For written permission, please contact | |
12181 | + * openssl-core.org. | |
12182 | + * | |
12183 | + * 5. Products derived from this software may not be called "OpenSSL" | |
12184 | + * nor may "OpenSSL" appear in their names without prior written | |
12185 | + * permission of the OpenSSL Project. | |
12186 | + * | |
12187 | + * 6. Redistributions of any form whatsoever must retain the following | |
12188 | + * acknowledgment: | |
12189 | + * "This product includes software developed by the OpenSSL Project | |
12190 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
12191 | + * | |
12192 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
12193 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
12194 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
12195 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
12196 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
12197 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
12198 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
12199 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
12200 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
12201 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
12202 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
12203 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
12204 | + * | |
12205 | + */ | |
12206 | + | |
12207 | +/* Selftest and health check data for the SP800-90 DRBG */ | |
12208 | + | |
12209 | +#define __fips_constseg | |
12210 | + | |
12211 | +/* AES-128 use df PR */ | |
12212 | +__fips_constseg | |
12213 | +static const unsigned char aes_128_use_df_pr_entropyinput[] = | |
12214 | + { | |
12215 | + 0x61,0x52,0x7c,0xe3,0x23,0x7d,0x0a,0x07,0x10,0x0c,0x50,0x33, | |
12216 | + 0xc8,0xdb,0xff,0x12 | |
12217 | + }; | |
12218 | + | |
12219 | +__fips_constseg | |
12220 | +static const unsigned char aes_128_use_df_pr_nonce[] = | |
12221 | + { | |
12222 | + 0x51,0x0d,0x85,0x77,0xed,0x22,0x97,0x28 | |
12223 | + }; | |
12224 | + | |
12225 | +__fips_constseg | |
12226 | +static const unsigned char aes_128_use_df_pr_personalizationstring[] = | |
12227 | + { | |
12228 | + 0x59,0x9f,0xbb,0xcd,0xd5,0x25,0x69,0xb5,0xcb,0xb5,0x03,0xfe, | |
12229 | + 0xd7,0xd7,0x01,0x67 | |
12230 | + }; | |
12231 | + | |
12232 | +__fips_constseg | |
12233 | +static const unsigned char aes_128_use_df_pr_additionalinput[] = | |
12234 | + { | |
12235 | + 0xef,0x88,0x76,0x01,0xaf,0x3c,0xfe,0x8b,0xaf,0x26,0x06,0x9e, | |
12236 | + 0x9a,0x47,0x08,0x76 | |
12237 | + }; | |
12238 | + | |
12239 | +__fips_constseg | |
12240 | +static const unsigned char aes_128_use_df_pr_entropyinputpr[] = | |
12241 | + { | |
12242 | + 0xe2,0x76,0xf9,0xf6,0x3a,0xba,0x10,0x9f,0xbf,0x47,0x0e,0x51, | |
12243 | + 0x09,0xfb,0xa3,0xb6 | |
12244 | + }; | |
12245 | + | |
12246 | +__fips_constseg | |
12247 | +static const unsigned char aes_128_use_df_pr_int_returnedbits[] = | |
12248 | + { | |
12249 | + 0xd4,0x98,0x8a,0x46,0x80,0x4c,0xdb,0xa3,0x59,0x02,0x57,0x52, | |
12250 | + 0x66,0x1c,0xea,0x5b | |
12251 | + }; | |
12252 | + | |
12253 | +__fips_constseg | |
12254 | +static const unsigned char aes_128_use_df_pr_additionalinput2[] = | |
12255 | + { | |
12256 | + 0x88,0x8c,0x91,0xd6,0xbe,0x56,0x6e,0x08,0x9a,0x62,0x2b,0x11, | |
12257 | + 0x3f,0x5e,0x31,0x06 | |
12258 | + }; | |
12259 | + | |
12260 | +__fips_constseg | |
12261 | +static const unsigned char aes_128_use_df_pr_entropyinputpr2[] = | |
12262 | + { | |
12263 | + 0xc0,0x5c,0x6b,0x98,0x01,0x0d,0x58,0x18,0x51,0x18,0x96,0xae, | |
12264 | + 0xa7,0xe3,0xa8,0x67 | |
12265 | + }; | |
12266 | + | |
12267 | +__fips_constseg | |
12268 | +static const unsigned char aes_128_use_df_pr_returnedbits[] = | |
12269 | + { | |
12270 | + 0xcf,0x01,0xac,0x22,0x31,0x06,0x8e,0xfc,0xce,0x56,0xea,0x24, | |
12271 | + 0x0f,0x38,0x43,0xc6 | |
12272 | + }; | |
12273 | + | |
12274 | + | |
12275 | +/* AES-128 use df No PR */ | |
12276 | +__fips_constseg | |
12277 | +static const unsigned char aes_128_use_df_entropyinput[] = | |
12278 | + { | |
12279 | + 0x1f,0x8e,0x34,0x82,0x0c,0xb7,0xbe,0xc5,0x01,0x3e,0xd0,0xa3, | |
12280 | + 0x9d,0x7d,0x1c,0x9b | |
12281 | + }; | |
12282 | + | |
12283 | +__fips_constseg | |
12284 | +static const unsigned char aes_128_use_df_nonce[] = | |
12285 | + { | |
12286 | + 0xd5,0x4d,0xbd,0x4a,0x93,0x7f,0xb8,0x96 | |
12287 | + }; | |
12288 | + | |
12289 | +__fips_constseg | |
12290 | +static const unsigned char aes_128_use_df_personalizationstring[] = | |
12291 | + { | |
12292 | + 0xab,0xd6,0x3f,0x04,0xfe,0x27,0x6b,0x2d,0xd7,0xc3,0x1c,0xf3, | |
12293 | + 0x38,0x66,0xba,0x1b | |
12294 | + }; | |
12295 | + | |
12296 | +__fips_constseg | |
12297 | +static const unsigned char aes_128_use_df_additionalinput[] = | |
12298 | + { | |
12299 | + 0xfe,0xf4,0x09,0xa8,0xb7,0x73,0x27,0x9c,0x5f,0xa7,0xea,0x46, | |
12300 | + 0xb5,0xe2,0xb2,0x41 | |
12301 | + }; | |
12302 | + | |
12303 | +__fips_constseg | |
12304 | +static const unsigned char aes_128_use_df_int_returnedbits[] = | |
12305 | + { | |
12306 | + 0x42,0xe4,0x4e,0x7b,0x27,0xdd,0xcb,0xbc,0x0a,0xcf,0xa6,0x67, | |
12307 | + 0xe7,0x57,0x11,0xb4 | |
12308 | + }; | |
12309 | + | |
12310 | +__fips_constseg | |
12311 | +static const unsigned char aes_128_use_df_entropyinputreseed[] = | |
12312 | + { | |
12313 | + 0x14,0x26,0x69,0xd9,0xf3,0x65,0x03,0xd6,0x6b,0xb9,0x44,0x0b, | |
12314 | + 0xc7,0xc4,0x9e,0x39 | |
12315 | + }; | |
12316 | + | |
12317 | +__fips_constseg | |
12318 | +static const unsigned char aes_128_use_df_additionalinputreseed[] = | |
12319 | + { | |
12320 | + 0x55,0x2e,0x60,0x9a,0x05,0x72,0x8a,0xa8,0xef,0x22,0x81,0x5a, | |
12321 | + 0xc8,0x93,0xfa,0x84 | |
12322 | + }; | |
12323 | + | |
12324 | +__fips_constseg | |
12325 | +static const unsigned char aes_128_use_df_additionalinput2[] = | |
12326 | + { | |
12327 | + 0x3c,0x40,0xc8,0xc4,0x16,0x0c,0x21,0xa4,0x37,0x2c,0x8f,0xa5, | |
12328 | + 0x06,0x0c,0x15,0x2c | |
12329 | + }; | |
12330 | + | |
12331 | +__fips_constseg | |
12332 | +static const unsigned char aes_128_use_df_returnedbits[] = | |
12333 | + { | |
12334 | + 0xe1,0x3e,0x99,0x98,0x86,0x67,0x0b,0x63,0x7b,0xbe,0x3f,0x88, | |
12335 | + 0x46,0x81,0xc7,0x19 | |
12336 | + }; | |
12337 | + | |
12338 | + | |
12339 | +/* AES-192 use df PR */ | |
12340 | +__fips_constseg | |
12341 | +static const unsigned char aes_192_use_df_pr_entropyinput[] = | |
12342 | + { | |
12343 | + 0x2b,0x4e,0x8b,0xe1,0xf1,0x34,0x80,0x56,0x81,0xf9,0x74,0xec, | |
12344 | + 0x17,0x44,0x2a,0xf1,0x14,0xb0,0xbf,0x97,0x39,0xb7,0x04,0x7d | |
12345 | + }; | |
12346 | + | |
12347 | +__fips_constseg | |
12348 | +static const unsigned char aes_192_use_df_pr_nonce[] = | |
12349 | + { | |
12350 | + 0xd6,0x9d,0xeb,0x14,0x4e,0x6c,0x30,0x1e,0x39,0x55,0x73,0xd0, | |
12351 | + 0xd1,0x80,0x78,0xfa | |
12352 | + }; | |
12353 | + | |
12354 | +__fips_constseg | |
12355 | +static const unsigned char aes_192_use_df_pr_personalizationstring[] = | |
12356 | + { | |
12357 | + 0xfc,0x43,0x4a,0xf8,0x9a,0x55,0xb3,0x53,0x83,0xe2,0x18,0x16, | |
12358 | + 0x0c,0xdc,0xcd,0x5e,0x4f,0xa0,0x03,0x01,0x2b,0x9f,0xe4,0xd5, | |
12359 | + 0x7d,0x49,0xf0,0x41,0x9e,0x3d,0x99,0x04 | |
12360 | + }; | |
12361 | + | |
12362 | +__fips_constseg | |
12363 | +static const unsigned char aes_192_use_df_pr_additionalinput[] = | |
12364 | + { | |
12365 | + 0x5e,0x9f,0x49,0x6f,0x21,0x8b,0x1d,0x32,0xd5,0x84,0x5c,0xac, | |
12366 | + 0xaf,0xdf,0xe4,0x79,0x9e,0xaf,0xa9,0x82,0xd0,0xf8,0x4f,0xcb, | |
12367 | + 0x69,0x10,0x0a,0x7e,0x81,0x57,0xb5,0x36 | |
12368 | + }; | |
12369 | + | |
12370 | +__fips_constseg | |
12371 | +static const unsigned char aes_192_use_df_pr_entropyinputpr[] = | |
12372 | + { | |
12373 | + 0xd4,0x81,0x0c,0xd7,0x66,0x39,0xec,0x42,0x53,0x87,0x41,0xa5, | |
12374 | + 0x1e,0x7d,0x80,0x91,0x8e,0xbb,0xed,0xac,0x14,0x02,0x1a,0xd5 | |
12375 | + }; | |
12376 | + | |
12377 | +__fips_constseg | |
12378 | +static const unsigned char aes_192_use_df_pr_int_returnedbits[] = | |
12379 | + { | |
12380 | + 0xdf,0x1d,0x39,0x45,0x7c,0x9b,0xc6,0x2b,0x7d,0x8c,0x93,0xe9, | |
12381 | + 0x19,0x30,0x6b,0x67 | |
12382 | + }; | |
12383 | + | |
12384 | +__fips_constseg | |
12385 | +static const unsigned char aes_192_use_df_pr_additionalinput2[] = | |
12386 | + { | |
12387 | + 0x00,0x71,0x27,0x4e,0xd3,0x14,0xf1,0x20,0x7f,0x4a,0x41,0x32, | |
12388 | + 0x2a,0x97,0x11,0x43,0x8f,0x4a,0x15,0x7b,0x9b,0x51,0x79,0xda, | |
12389 | + 0x49,0x3d,0xde,0xe8,0xbc,0x93,0x91,0x99 | |
12390 | + }; | |
12391 | + | |
12392 | +__fips_constseg | |
12393 | +static const unsigned char aes_192_use_df_pr_entropyinputpr2[] = | |
12394 | + { | |
12395 | + 0x90,0xee,0x76,0xa1,0x45,0x8d,0xb7,0x40,0xb0,0x11,0xbf,0xd0, | |
12396 | + 0x65,0xd7,0x3c,0x7c,0x4f,0x20,0x3f,0x4e,0x11,0x9d,0xb3,0x5e | |
12397 | + }; | |
12398 | + | |
12399 | +__fips_constseg | |
12400 | +static const unsigned char aes_192_use_df_pr_returnedbits[] = | |
12401 | + { | |
12402 | + 0x24,0x3b,0x20,0xa4,0x37,0x66,0xba,0x72,0x39,0x3f,0xcf,0x3c, | |
12403 | + 0x7e,0x1a,0x2b,0x83 | |
12404 | + }; | |
12405 | + | |
12406 | + | |
12407 | +/* AES-192 use df No PR */ | |
12408 | +__fips_constseg | |
12409 | +static const unsigned char aes_192_use_df_entropyinput[] = | |
12410 | + { | |
12411 | + 0x8d,0x74,0xa4,0x50,0x1a,0x02,0x68,0x0c,0x2a,0x69,0xc4,0x82, | |
12412 | + 0x3b,0xbb,0xda,0x0e,0x7f,0x77,0xa3,0x17,0x78,0x57,0xb2,0x7b | |
12413 | + }; | |
12414 | + | |
12415 | +__fips_constseg | |
12416 | +static const unsigned char aes_192_use_df_nonce[] = | |
12417 | + { | |
12418 | + 0x75,0xd5,0x1f,0xac,0xa4,0x8d,0x42,0x78,0xd7,0x69,0x86,0x9d, | |
12419 | + 0x77,0xd7,0x41,0x0e | |
12420 | + }; | |
12421 | + | |
12422 | +__fips_constseg | |
12423 | +static const unsigned char aes_192_use_df_personalizationstring[] = | |
12424 | + { | |
12425 | + 0x4e,0x33,0x41,0x3c,0x9c,0xc2,0xd2,0x53,0xaf,0x90,0xea,0xcf, | |
12426 | + 0x19,0x50,0x1e,0xe6,0x6f,0x63,0xc8,0x32,0x22,0xdc,0x07,0x65, | |
12427 | + 0x9c,0xd3,0xf8,0x30,0x9e,0xed,0x35,0x70 | |
12428 | + }; | |
12429 | + | |
12430 | +__fips_constseg | |
12431 | +static const unsigned char aes_192_use_df_additionalinput[] = | |
12432 | + { | |
12433 | + 0x5d,0x8b,0x8c,0xc1,0xdf,0x0e,0x02,0x78,0xfb,0x19,0xb8,0x69, | |
12434 | + 0x78,0x4e,0x9c,0x52,0xbc,0xc7,0x20,0xc9,0xe6,0x5e,0x77,0x22, | |
12435 | + 0x28,0x3d,0x0c,0x9e,0x68,0xa8,0x45,0xd7 | |
12436 | + }; | |
12437 | + | |
12438 | +__fips_constseg | |
12439 | +static const unsigned char aes_192_use_df_int_returnedbits[] = | |
12440 | + { | |
12441 | + 0xd5,0xe7,0x08,0xc5,0x19,0x99,0xd5,0x31,0x03,0x0a,0x74,0xb6, | |
12442 | + 0xb7,0xed,0xe9,0xea | |
12443 | + }; | |
12444 | + | |
12445 | +__fips_constseg | |
12446 | +static const unsigned char aes_192_use_df_entropyinputreseed[] = | |
12447 | + { | |
12448 | + 0x9c,0x26,0xda,0xf1,0xac,0xd9,0x5a,0xd6,0xa8,0x65,0xf5,0x02, | |
12449 | + 0x8f,0xdc,0xa2,0x09,0x54,0xa6,0xe2,0xa4,0xde,0x32,0xe0,0x01 | |
12450 | + }; | |
12451 | + | |
12452 | +__fips_constseg | |
12453 | +static const unsigned char aes_192_use_df_additionalinputreseed[] = | |
12454 | + { | |
12455 | + 0x9b,0x90,0xb0,0x3a,0x0e,0x3a,0x80,0x07,0x4a,0xf4,0xda,0x76, | |
12456 | + 0x28,0x30,0x3c,0xee,0x54,0x1b,0x94,0x59,0x51,0x43,0x56,0x77, | |
12457 | + 0xaf,0x88,0xdd,0x63,0x89,0x47,0x06,0x65 | |
12458 | + }; | |
12459 | + | |
12460 | +__fips_constseg | |
12461 | +static const unsigned char aes_192_use_df_additionalinput2[] = | |
12462 | + { | |
12463 | + 0x3c,0x11,0x64,0x7a,0x96,0xf5,0xd8,0xb8,0xae,0xd6,0x70,0x4e, | |
12464 | + 0x16,0x96,0xde,0xe9,0x62,0xbc,0xee,0x28,0x2f,0x26,0xa6,0xf0, | |
12465 | + 0x56,0xef,0xa3,0xf1,0x6b,0xa1,0xb1,0x77 | |
12466 | + }; | |
12467 | + | |
12468 | +__fips_constseg | |
12469 | +static const unsigned char aes_192_use_df_returnedbits[] = | |
12470 | + { | |
12471 | + 0x0b,0xe2,0x56,0x03,0x1e,0xdb,0x2c,0x6d,0x7f,0x1b,0x15,0x58, | |
12472 | + 0x1a,0xf9,0x13,0x28 | |
12473 | + }; | |
12474 | + | |
12475 | + | |
12476 | +/* AES-256 use df PR */ | |
12477 | +__fips_constseg | |
12478 | +static const unsigned char aes_256_use_df_pr_entropyinput[] = | |
12479 | + { | |
12480 | + 0x61,0x68,0xfc,0x1a,0xf0,0xb5,0x95,0x6b,0x85,0x09,0x9b,0x74, | |
12481 | + 0x3f,0x13,0x78,0x49,0x3b,0x85,0xec,0x93,0x13,0x3b,0xa9,0x4f, | |
12482 | + 0x96,0xab,0x2c,0xe4,0xc8,0x8f,0xdd,0x6a | |
12483 | + }; | |
12484 | + | |
12485 | +__fips_constseg | |
12486 | +static const unsigned char aes_256_use_df_pr_nonce[] = | |
12487 | + { | |
12488 | + 0xad,0xd2,0xbb,0xba,0xb7,0x65,0x89,0xc3,0x21,0x6c,0x55,0x33, | |
12489 | + 0x2b,0x36,0xff,0xa4 | |
12490 | + }; | |
12491 | + | |
12492 | +__fips_constseg | |
12493 | +static const unsigned char aes_256_use_df_pr_personalizationstring[] = | |
12494 | + { | |
12495 | + 0x6e,0xca,0xe7,0x20,0x72,0xd3,0x84,0x5a,0x32,0xd3,0x4b,0x24, | |
12496 | + 0x72,0xc4,0x63,0x2b,0x9d,0x12,0x24,0x0c,0x23,0x26,0x8e,0x83, | |
12497 | + 0x16,0x37,0x0b,0xd1,0x06,0x4f,0x68,0x6d | |
12498 | + }; | |
12499 | + | |
12500 | +__fips_constseg | |
12501 | +static const unsigned char aes_256_use_df_pr_additionalinput[] = | |
12502 | + { | |
12503 | + 0x7e,0x08,0x4a,0xbb,0xe3,0x21,0x7c,0xc9,0x23,0xd2,0xf8,0xb0, | |
12504 | + 0x73,0x98,0xba,0x84,0x74,0x23,0xab,0x06,0x8a,0xe2,0x22,0xd3, | |
12505 | + 0x7b,0xce,0x9b,0xd2,0x4a,0x76,0xb8,0xde | |
12506 | + }; | |
12507 | + | |
12508 | +__fips_constseg | |
12509 | +static const unsigned char aes_256_use_df_pr_entropyinputpr[] = | |
12510 | + { | |
12511 | + 0x0b,0x23,0xaf,0xdf,0xf1,0x62,0xd7,0xd3,0x43,0x97,0xf8,0x77, | |
12512 | + 0x04,0xa8,0x42,0x20,0xbd,0xf6,0x0f,0xc1,0x17,0x2f,0x9f,0x54, | |
12513 | + 0xbb,0x56,0x17,0x86,0x68,0x0e,0xba,0xa9 | |
12514 | + }; | |
12515 | + | |
12516 | +__fips_constseg | |
12517 | +static const unsigned char aes_256_use_df_pr_int_returnedbits[] = | |
12518 | + { | |
12519 | + 0x31,0x8e,0xad,0xaf,0x40,0xeb,0x6b,0x74,0x31,0x46,0x80,0xc7, | |
12520 | + 0x17,0xab,0x3c,0x7a | |
12521 | + }; | |
12522 | + | |
12523 | +__fips_constseg | |
12524 | +static const unsigned char aes_256_use_df_pr_additionalinput2[] = | |
12525 | + { | |
12526 | + 0x94,0x6b,0xc9,0x9f,0xab,0x8d,0xc5,0xec,0x71,0x88,0x1d,0x00, | |
12527 | + 0x8c,0x89,0x68,0xe4,0xc8,0x07,0x77,0x36,0x17,0x6d,0x79,0x78, | |
12528 | + 0xc7,0x06,0x4e,0x99,0x04,0x28,0x29,0xc3 | |
12529 | + }; | |
12530 | + | |
12531 | +__fips_constseg | |
12532 | +static const unsigned char aes_256_use_df_pr_entropyinputpr2[] = | |
12533 | + { | |
12534 | + 0xbf,0x6c,0x59,0x2a,0x0d,0x44,0x0f,0xae,0x9a,0x5e,0x03,0x73, | |
12535 | + 0xd8,0xa6,0xe1,0xcf,0x25,0x61,0x38,0x24,0x86,0x9e,0x53,0xe8, | |
12536 | + 0xa4,0xdf,0x56,0xf4,0x06,0x07,0x9c,0x0f | |
12537 | + }; | |
12538 | + | |
12539 | +__fips_constseg | |
12540 | +static const unsigned char aes_256_use_df_pr_returnedbits[] = | |
12541 | + { | |
12542 | + 0x22,0x4a,0xb4,0xb8,0xb6,0xee,0x7d,0xb1,0x9e,0xc9,0xf9,0xa0, | |
12543 | + 0xd9,0xe2,0x97,0x00 | |
12544 | + }; | |
12545 | + | |
12546 | + | |
12547 | +/* AES-256 use df No PR */ | |
12548 | +__fips_constseg | |
12549 | +static const unsigned char aes_256_use_df_entropyinput[] = | |
12550 | + { | |
12551 | + 0xa5,0x3e,0x37,0x10,0x17,0x43,0x91,0x93,0x59,0x1e,0x47,0x50, | |
12552 | + 0x87,0xaa,0xdd,0xd5,0xc1,0xc3,0x86,0xcd,0xca,0x0d,0xdb,0x68, | |
12553 | + 0xe0,0x02,0xd8,0x0f,0xdc,0x40,0x1a,0x47 | |
12554 | + }; | |
12555 | + | |
12556 | +__fips_constseg | |
12557 | +static const unsigned char aes_256_use_df_nonce[] = | |
12558 | + { | |
12559 | + 0xa9,0x4d,0xa5,0x5a,0xfd,0xc5,0x0c,0xe5,0x1c,0x9a,0x3b,0x8a, | |
12560 | + 0x4c,0x44,0x84,0x40 | |
12561 | + }; | |
12562 | + | |
12563 | +__fips_constseg | |
12564 | +static const unsigned char aes_256_use_df_personalizationstring[] = | |
12565 | + { | |
12566 | + 0x8b,0x52,0xa2,0x4a,0x93,0xc3,0x4e,0xa7,0x1e,0x1c,0xa7,0x05, | |
12567 | + 0xeb,0x82,0x9b,0xa6,0x5d,0xe4,0xd4,0xe0,0x7f,0xa3,0xd8,0x6b, | |
12568 | + 0x37,0x84,0x5f,0xf1,0xc7,0xd5,0xf6,0xd2 | |
12569 | + }; | |
12570 | + | |
12571 | +__fips_constseg | |
12572 | +static const unsigned char aes_256_use_df_additionalinput[] = | |
12573 | + { | |
12574 | + 0x20,0xf4,0x22,0xed,0xf8,0x5c,0xa1,0x6a,0x01,0xcf,0xbe,0x5f, | |
12575 | + 0x8d,0x6c,0x94,0x7f,0xae,0x12,0xa8,0x57,0xdb,0x2a,0xa9,0xbf, | |
12576 | + 0xc7,0xb3,0x65,0x81,0x80,0x8d,0x0d,0x46 | |
12577 | + }; | |
12578 | + | |
12579 | +__fips_constseg | |
12580 | +static const unsigned char aes_256_use_df_int_returnedbits[] = | |
12581 | + { | |
12582 | + 0x4e,0x44,0xfd,0xf3,0x9e,0x29,0xa2,0xb8,0x0f,0x5d,0x6c,0xe1, | |
12583 | + 0x28,0x0c,0x3b,0xc1 | |
12584 | + }; | |
12585 | + | |
12586 | +__fips_constseg | |
12587 | +static const unsigned char aes_256_use_df_entropyinputreseed[] = | |
12588 | + { | |
12589 | + 0xdd,0x40,0xe5,0x98,0x7b,0x27,0x16,0x73,0x15,0x68,0xd2,0x76, | |
12590 | + 0xbf,0x0c,0x67,0x15,0x75,0x79,0x03,0xd3,0xde,0xde,0x91,0x46, | |
12591 | + 0x42,0xdd,0xd4,0x67,0xc8,0x79,0xc8,0x1e | |
12592 | + }; | |
12593 | + | |
12594 | +__fips_constseg | |
12595 | +static const unsigned char aes_256_use_df_additionalinputreseed[] = | |
12596 | + { | |
12597 | + 0x7f,0xd8,0x1f,0xbd,0x2a,0xb5,0x1c,0x11,0x5d,0x83,0x4e,0x99, | |
12598 | + 0xf6,0x5c,0xa5,0x40,0x20,0xed,0x38,0x8e,0xd5,0x9e,0xe0,0x75, | |
12599 | + 0x93,0xfe,0x12,0x5e,0x5d,0x73,0xfb,0x75 | |
12600 | + }; | |
12601 | + | |
12602 | +__fips_constseg | |
12603 | +static const unsigned char aes_256_use_df_additionalinput2[] = | |
12604 | + { | |
12605 | + 0xcd,0x2c,0xff,0x14,0x69,0x3e,0x4c,0x9e,0xfd,0xfe,0x26,0x0d, | |
12606 | + 0xe9,0x86,0x00,0x49,0x30,0xba,0xb1,0xc6,0x50,0x57,0x77,0x2a, | |
12607 | + 0x62,0x39,0x2c,0x3b,0x74,0xeb,0xc9,0x0d | |
12608 | + }; | |
12609 | + | |
12610 | +__fips_constseg | |
12611 | +static const unsigned char aes_256_use_df_returnedbits[] = | |
12612 | + { | |
12613 | + 0x4f,0x78,0xbe,0xb9,0x4d,0x97,0x8c,0xe9,0xd0,0x97,0xfe,0xad, | |
12614 | + 0xfa,0xfd,0x35,0x5e | |
12615 | + }; | |
12616 | + | |
12617 | + | |
12618 | +/* AES-128 no df PR */ | |
12619 | +__fips_constseg | |
12620 | +static const unsigned char aes_128_no_df_pr_entropyinput[] = | |
12621 | + { | |
12622 | + 0x9a,0x25,0x65,0x10,0x67,0xd5,0xb6,0x6b,0x70,0xa1,0xb3,0xa4, | |
12623 | + 0x43,0x95,0x80,0xc0,0x84,0x0a,0x79,0xb0,0x88,0x74,0xf2,0xbf, | |
12624 | + 0x31,0x6c,0x33,0x38,0x0b,0x00,0xb2,0x5a | |
12625 | + }; | |
12626 | + | |
12627 | +__fips_constseg | |
12628 | +static const unsigned char aes_128_no_df_pr_nonce[] = | |
12629 | + { | |
12630 | + 0x78,0x47,0x6b,0xf7,0x90,0x8e,0x87,0xf1 | |
12631 | + }; | |
12632 | + | |
12633 | +__fips_constseg | |
12634 | +static const unsigned char aes_128_no_df_pr_personalizationstring[] = | |
12635 | + { | |
12636 | + 0xf7,0x22,0x1d,0x3a,0xbe,0x1d,0xca,0x32,0x1b,0xbd,0x87,0x0c, | |
12637 | + 0x51,0x24,0x19,0xee,0xa3,0x23,0x09,0x63,0x33,0x3d,0xa8,0x0c, | |
12638 | + 0x1c,0xfa,0x42,0x89,0xcc,0x6f,0xa0,0xa8 | |
12639 | + }; | |
12640 | + | |
12641 | +__fips_constseg | |
12642 | +static const unsigned char aes_128_no_df_pr_additionalinput[] = | |
12643 | + { | |
12644 | + 0xc9,0xe0,0x80,0xbf,0x8c,0x45,0x58,0x39,0xff,0x00,0xab,0x02, | |
12645 | + 0x4c,0x3e,0x3a,0x95,0x9b,0x80,0xa8,0x21,0x2a,0xee,0xba,0x73, | |
12646 | + 0xb1,0xd9,0xcf,0x28,0xf6,0x8f,0x9b,0x12 | |
12647 | + }; | |
12648 | + | |
12649 | +__fips_constseg | |
12650 | +static const unsigned char aes_128_no_df_pr_entropyinputpr[] = | |
12651 | + { | |
12652 | + 0x4c,0xa8,0xc5,0xf0,0x59,0x9e,0xa6,0x8d,0x26,0x53,0xd7,0x8a, | |
12653 | + 0xa9,0xd8,0xf7,0xed,0xb2,0xf9,0x12,0x42,0xe1,0xe5,0xbd,0xe7, | |
12654 | + 0xe7,0x1d,0x74,0x99,0x00,0x9d,0x31,0x3e | |
12655 | + }; | |
12656 | + | |
12657 | +__fips_constseg | |
12658 | +static const unsigned char aes_128_no_df_pr_int_returnedbits[] = | |
12659 | + { | |
12660 | + 0xe2,0xac,0x20,0xf0,0x80,0xe7,0xbc,0x7e,0x9c,0x7b,0x65,0x71, | |
12661 | + 0xaf,0x19,0x32,0x16 | |
12662 | + }; | |
12663 | + | |
12664 | +__fips_constseg | |
12665 | +static const unsigned char aes_128_no_df_pr_additionalinput2[] = | |
12666 | + { | |
12667 | + 0x32,0x7f,0x38,0x8b,0x73,0x0a,0x78,0x83,0xdc,0x30,0xbe,0x9f, | |
12668 | + 0x10,0x1f,0xf5,0x1f,0xca,0x00,0xb5,0x0d,0xd6,0x9d,0x60,0x83, | |
12669 | + 0x51,0x54,0x7d,0x38,0x23,0x3a,0x52,0x50 | |
12670 | + }; | |
12671 | + | |
12672 | +__fips_constseg | |
12673 | +static const unsigned char aes_128_no_df_pr_entropyinputpr2[] = | |
12674 | + { | |
12675 | + 0x18,0x61,0x53,0x56,0xed,0xed,0xd7,0x20,0xfb,0x71,0x04,0x7a, | |
12676 | + 0xb2,0xac,0xc1,0x28,0xcd,0xf2,0xc2,0xfc,0xaa,0xb1,0x06,0x07, | |
12677 | + 0xe9,0x46,0x95,0x02,0x48,0x01,0x78,0xf9 | |
12678 | + }; | |
12679 | + | |
12680 | +__fips_constseg | |
12681 | +static const unsigned char aes_128_no_df_pr_returnedbits[] = | |
12682 | + { | |
12683 | + 0x29,0xc8,0x1b,0x15,0xb1,0xd1,0xc2,0xf6,0x71,0x86,0x68,0x33, | |
12684 | + 0x57,0x82,0x33,0xaf | |
12685 | + }; | |
12686 | + | |
12687 | + | |
12688 | +/* AES-128 no df No PR */ | |
12689 | +__fips_constseg | |
12690 | +static const unsigned char aes_128_no_df_entropyinput[] = | |
12691 | + { | |
12692 | + 0xc9,0xc5,0x79,0xbc,0xe8,0xc5,0x19,0xd8,0xbc,0x66,0x73,0x67, | |
12693 | + 0xf6,0xd3,0x72,0xaa,0xa6,0x16,0xb8,0x50,0xb7,0x47,0x3a,0x42, | |
12694 | + 0xab,0xf4,0x16,0xb2,0x96,0xd2,0xb6,0x60 | |
12695 | + }; | |
12696 | + | |
12697 | +__fips_constseg | |
12698 | +static const unsigned char aes_128_no_df_nonce[] = | |
12699 | + { | |
12700 | + 0x5f,0xbf,0x97,0x0c,0x4b,0xa4,0x87,0x13 | |
12701 | + }; | |
12702 | + | |
12703 | +__fips_constseg | |
12704 | +static const unsigned char aes_128_no_df_personalizationstring[] = | |
12705 | + { | |
12706 | + 0xce,0xfb,0x7b,0x3f,0xd4,0x6b,0x29,0x0d,0x69,0x06,0xff,0xbb, | |
12707 | + 0xf2,0xe5,0xc6,0x6c,0x0a,0x10,0xa0,0xcf,0x1a,0x48,0xc7,0x8b, | |
12708 | + 0x3c,0x16,0x88,0xed,0x50,0x13,0x81,0xce | |
12709 | + }; | |
12710 | + | |
12711 | +__fips_constseg | |
12712 | +static const unsigned char aes_128_no_df_additionalinput[] = | |
12713 | + { | |
12714 | + 0x4b,0x22,0x46,0x18,0x02,0x7b,0xd2,0x1b,0x22,0x42,0x7c,0x37, | |
12715 | + 0xd9,0xf6,0xe8,0x9b,0x12,0x30,0x5f,0xe9,0x90,0xe8,0x08,0x24, | |
12716 | + 0x4f,0x06,0x66,0xdb,0x19,0x2b,0x13,0x95 | |
12717 | + }; | |
12718 | + | |
12719 | +__fips_constseg | |
12720 | +static const unsigned char aes_128_no_df_int_returnedbits[] = | |
12721 | + { | |
12722 | + 0x2e,0x96,0x70,0x64,0xfa,0xdf,0xdf,0x57,0xb5,0x82,0xee,0xd6, | |
12723 | + 0xed,0x3e,0x65,0xc2 | |
12724 | + }; | |
12725 | + | |
12726 | +__fips_constseg | |
12727 | +static const unsigned char aes_128_no_df_entropyinputreseed[] = | |
12728 | + { | |
12729 | + 0x26,0xc0,0x72,0x16,0x3a,0x4b,0xb7,0x99,0xd4,0x07,0xaf,0x66, | |
12730 | + 0x62,0x36,0x96,0xa4,0x51,0x17,0xfa,0x07,0x8b,0x17,0x5e,0xa1, | |
12731 | + 0x2f,0x3c,0x10,0xe7,0x90,0xd0,0x46,0x00 | |
12732 | + }; | |
12733 | + | |
12734 | +__fips_constseg | |
12735 | +static const unsigned char aes_128_no_df_additionalinputreseed[] = | |
12736 | + { | |
12737 | + 0x83,0x39,0x37,0x7b,0x02,0x06,0xd2,0x12,0x13,0x8d,0x8b,0xf2, | |
12738 | + 0xf0,0xf6,0x26,0xeb,0xa4,0x22,0x7b,0xc2,0xe7,0xba,0x79,0xe4, | |
12739 | + 0x3b,0x77,0x5d,0x4d,0x47,0xb2,0x2d,0xb4 | |
12740 | + }; | |
12741 | + | |
12742 | +__fips_constseg | |
12743 | +static const unsigned char aes_128_no_df_additionalinput2[] = | |
12744 | + { | |
12745 | + 0x0b,0xb9,0x67,0x37,0xdb,0x83,0xdf,0xca,0x81,0x8b,0xf9,0x3f, | |
12746 | + 0xf1,0x11,0x1b,0x2f,0xf0,0x61,0xa6,0xdf,0xba,0xa3,0xb1,0xac, | |
12747 | + 0xd3,0xe6,0x09,0xb8,0x2c,0x6a,0x67,0xd6 | |
12748 | + }; | |
12749 | + | |
12750 | +__fips_constseg | |
12751 | +static const unsigned char aes_128_no_df_returnedbits[] = | |
12752 | + { | |
12753 | + 0x1e,0xa7,0xa4,0xe4,0xe1,0xa6,0x7c,0x69,0x9a,0x44,0x6c,0x36, | |
12754 | + 0x81,0x37,0x19,0xd4 | |
12755 | + }; | |
12756 | + | |
12757 | + | |
12758 | +/* AES-192 no df PR */ | |
12759 | +__fips_constseg | |
12760 | +static const unsigned char aes_192_no_df_pr_entropyinput[] = | |
12761 | + { | |
12762 | + 0x9d,0x2c,0xd2,0x55,0x66,0xea,0xe0,0xbe,0x18,0xb7,0x76,0xe7, | |
12763 | + 0x73,0x35,0xd8,0x1f,0xad,0x3a,0xe3,0x81,0x0e,0x92,0xd0,0x61, | |
12764 | + 0xc9,0x12,0x26,0xf6,0x1c,0xdf,0xfe,0x47,0xaa,0xfe,0x7d,0x5a, | |
12765 | + 0x17,0x1f,0x8d,0x9a | |
12766 | + }; | |
12767 | + | |
12768 | +__fips_constseg | |
12769 | +static const unsigned char aes_192_no_df_pr_nonce[] = | |
12770 | + { | |
12771 | + 0x44,0x82,0xed,0xe8,0x4c,0x28,0x5a,0x14,0xff,0x88,0x8d,0x19, | |
12772 | + 0x61,0x5c,0xee,0x0f | |
12773 | + }; | |
12774 | + | |
12775 | +__fips_constseg | |
12776 | +static const unsigned char aes_192_no_df_pr_personalizationstring[] = | |
12777 | + { | |
12778 | + 0x47,0xd7,0x9b,0x99,0xaa,0xcb,0xe7,0xd2,0x57,0x66,0x2c,0xe1, | |
12779 | + 0x78,0xd6,0x2c,0xea,0xa3,0x23,0x5f,0x2a,0xc1,0x3a,0xf0,0xa4, | |
12780 | + 0x20,0x3b,0xfa,0x07,0xd5,0x05,0x02,0xe4,0x57,0x01,0xb6,0x10, | |
12781 | + 0x57,0x2e,0xe7,0x55 | |
12782 | + }; | |
12783 | + | |
12784 | +__fips_constseg | |
12785 | +static const unsigned char aes_192_no_df_pr_additionalinput[] = | |
12786 | + { | |
12787 | + 0x4b,0x74,0x0b,0x40,0xce,0x6b,0xc2,0x6a,0x24,0xb4,0xf3,0xad, | |
12788 | + 0x7a,0xa5,0x7a,0xa2,0x15,0xe2,0xc8,0x61,0x15,0xc6,0xb7,0x85, | |
12789 | + 0x69,0x11,0xad,0x7b,0x14,0xd2,0xf6,0x12,0xa1,0x95,0x5d,0x3f, | |
12790 | + 0xe2,0xd0,0x0c,0x2f | |
12791 | + }; | |
12792 | + | |
12793 | +__fips_constseg | |
12794 | +static const unsigned char aes_192_no_df_pr_entropyinputpr[] = | |
12795 | + { | |
12796 | + 0x0c,0x9c,0xad,0x05,0xee,0xae,0x48,0x23,0x89,0x59,0xa1,0x94, | |
12797 | + 0xd7,0xd8,0x75,0xd5,0x54,0x93,0xc7,0x4a,0xd9,0x26,0xde,0xeb, | |
12798 | + 0xba,0xb0,0x7e,0x30,0x1d,0x5f,0x69,0x40,0x9c,0x3b,0x17,0x58, | |
12799 | + 0x1d,0x30,0xb3,0x78 | |
12800 | + }; | |
12801 | + | |
12802 | +__fips_constseg | |
12803 | +static const unsigned char aes_192_no_df_pr_int_returnedbits[] = | |
12804 | + { | |
12805 | + 0xf7,0x93,0xb0,0x6d,0x77,0x83,0xd5,0x38,0x01,0xe1,0x52,0x40, | |
12806 | + 0x7e,0x3e,0x0c,0x26 | |
12807 | + }; | |
12808 | + | |
12809 | +__fips_constseg | |
12810 | +static const unsigned char aes_192_no_df_pr_additionalinput2[] = | |
12811 | + { | |
12812 | + 0xbc,0x4b,0x37,0x44,0x1c,0xc5,0x45,0x5f,0x8f,0x51,0x62,0x8a, | |
12813 | + 0x85,0x30,0x1d,0x7c,0xe4,0xcf,0xf7,0x44,0xce,0x32,0x3e,0x57, | |
12814 | + 0x95,0xa4,0x2a,0xdf,0xfd,0x9e,0x38,0x41,0xb3,0xf6,0xc5,0xee, | |
12815 | + 0x0c,0x4b,0xee,0x6e | |
12816 | + }; | |
12817 | + | |
12818 | +__fips_constseg | |
12819 | +static const unsigned char aes_192_no_df_pr_entropyinputpr2[] = | |
12820 | + { | |
12821 | + 0xec,0xaf,0xf6,0x4f,0xb1,0xa0,0x54,0xb5,0x5b,0xe3,0x46,0xb0, | |
12822 | + 0x76,0x5a,0x7c,0x3f,0x7b,0x94,0x69,0x21,0x51,0x02,0xe5,0x9f, | |
12823 | + 0x04,0x59,0x02,0x98,0xc6,0x43,0x2c,0xcc,0x26,0x4c,0x87,0x6b, | |
12824 | + 0x8e,0x0a,0x83,0xdf | |
12825 | + }; | |
12826 | + | |
12827 | +__fips_constseg | |
12828 | +static const unsigned char aes_192_no_df_pr_returnedbits[] = | |
12829 | + { | |
12830 | + 0x74,0x45,0xfb,0x53,0x84,0x96,0xbe,0xff,0x15,0xcc,0x41,0x91, | |
12831 | + 0xb9,0xa1,0x21,0x68 | |
12832 | + }; | |
12833 | + | |
12834 | + | |
12835 | +/* AES-192 no df No PR */ | |
12836 | +__fips_constseg | |
12837 | +static const unsigned char aes_192_no_df_entropyinput[] = | |
12838 | + { | |
12839 | + 0x3c,0x7d,0xb5,0xe0,0x54,0xd9,0x6e,0x8c,0xa9,0x86,0xce,0x4e, | |
12840 | + 0x6b,0xaf,0xeb,0x2f,0xe7,0x75,0xe0,0x8b,0xa4,0x3b,0x07,0xfe, | |
12841 | + 0xbe,0x33,0x75,0x93,0x80,0x27,0xb5,0x29,0x47,0x8b,0xc7,0x28, | |
12842 | + 0x94,0xc3,0x59,0x63 | |
12843 | + }; | |
12844 | + | |
12845 | +__fips_constseg | |
12846 | +static const unsigned char aes_192_no_df_nonce[] = | |
12847 | + { | |
12848 | + 0x43,0xf1,0x7d,0xb8,0xc3,0xfe,0xd0,0x23,0x6b,0xb4,0x92,0xdb, | |
12849 | + 0x29,0xfd,0x45,0x71 | |
12850 | + }; | |
12851 | + | |
12852 | +__fips_constseg | |
12853 | +static const unsigned char aes_192_no_df_personalizationstring[] = | |
12854 | + { | |
12855 | + 0x9f,0x24,0x29,0x99,0x9e,0x01,0xab,0xe9,0x19,0xd8,0x23,0x08, | |
12856 | + 0xb7,0xd6,0x7e,0x8c,0xc0,0x9e,0x7f,0x6e,0x5b,0x33,0x20,0x96, | |
12857 | + 0x0b,0x23,0x2c,0xa5,0x6a,0xf8,0x1b,0x04,0x26,0xdb,0x2e,0x2b, | |
12858 | + 0x3b,0x88,0xce,0x35 | |
12859 | + }; | |
12860 | + | |
12861 | +__fips_constseg | |
12862 | +static const unsigned char aes_192_no_df_additionalinput[] = | |
12863 | + { | |
12864 | + 0x94,0xe9,0x7c,0x3d,0xa7,0xdb,0x60,0x83,0x1f,0x98,0x3f,0x0b, | |
12865 | + 0x88,0x59,0x57,0x51,0x88,0x9f,0x76,0x49,0x9f,0xa6,0xda,0x71, | |
12866 | + 0x1d,0x0d,0x47,0x16,0x63,0xc5,0x68,0xe4,0x5d,0x39,0x69,0xb3, | |
12867 | + 0x3e,0xbe,0xd4,0x8e | |
12868 | + }; | |
12869 | + | |
12870 | +__fips_constseg | |
12871 | +static const unsigned char aes_192_no_df_int_returnedbits[] = | |
12872 | + { | |
12873 | + 0xf9,0xd7,0xad,0x69,0xab,0x8f,0x23,0x56,0x70,0x17,0x4f,0x2a, | |
12874 | + 0x45,0xe7,0x4a,0xc5 | |
12875 | + }; | |
12876 | + | |
12877 | +__fips_constseg | |
12878 | +static const unsigned char aes_192_no_df_entropyinputreseed[] = | |
12879 | + { | |
12880 | + 0xa6,0x71,0x6a,0x3d,0xba,0xd1,0xe8,0x66,0xa6,0xef,0xb2,0x0e, | |
12881 | + 0xa8,0x9c,0xaa,0x4e,0xaf,0x17,0x89,0x50,0x00,0xda,0xa1,0xb1, | |
12882 | + 0x0b,0xa4,0xd9,0x35,0x89,0xc8,0xe5,0xb0,0xd9,0xb7,0xc4,0x33, | |
12883 | + 0x9b,0xcb,0x7e,0x75 | |
12884 | + }; | |
12885 | + | |
12886 | +__fips_constseg | |
12887 | +static const unsigned char aes_192_no_df_additionalinputreseed[] = | |
12888 | + { | |
12889 | + 0x27,0x21,0xfc,0xc2,0xbd,0xf3,0x3c,0xce,0xc3,0xca,0xc1,0x01, | |
12890 | + 0xe0,0xff,0x93,0x12,0x7d,0x54,0x42,0xe3,0x9f,0x03,0xdf,0x27, | |
12891 | + 0x04,0x07,0x3c,0x53,0x7f,0xa8,0x66,0xc8,0x97,0x4b,0x61,0x40, | |
12892 | + 0x5d,0x7a,0x25,0x79 | |
12893 | + }; | |
12894 | + | |
12895 | +__fips_constseg | |
12896 | +static const unsigned char aes_192_no_df_additionalinput2[] = | |
12897 | + { | |
12898 | + 0x2d,0x8e,0x16,0x5d,0x0b,0x9f,0xeb,0xaa,0xd6,0xec,0x28,0x71, | |
12899 | + 0x7c,0x0b,0xc1,0x1d,0xd4,0x44,0x19,0x47,0xfd,0x1d,0x7c,0xe5, | |
12900 | + 0xf3,0x27,0xe1,0xb6,0x72,0x0a,0xe0,0xec,0x0e,0xcd,0xef,0x1a, | |
12901 | + 0x91,0x6a,0xe3,0x5f | |
12902 | + }; | |
12903 | + | |
12904 | +__fips_constseg | |
12905 | +static const unsigned char aes_192_no_df_returnedbits[] = | |
12906 | + { | |
12907 | + 0xe5,0xda,0xb8,0xe0,0x63,0x59,0x5a,0xcc,0x3d,0xdc,0x9f,0xe8, | |
12908 | + 0x66,0x67,0x2c,0x92 | |
12909 | + }; | |
12910 | + | |
12911 | + | |
12912 | +/* AES-256 no df PR */ | |
12913 | +__fips_constseg | |
12914 | +static const unsigned char aes_256_no_df_pr_entropyinput[] = | |
12915 | + { | |
12916 | + 0x15,0xc7,0x5d,0xcb,0x41,0x4b,0x16,0x01,0x3a,0xd1,0x44,0xe8, | |
12917 | + 0x22,0x32,0xc6,0x9c,0x3f,0xe7,0x43,0xf5,0x9a,0xd3,0xea,0xf2, | |
12918 | + 0xd7,0x4e,0x6e,0x6a,0x55,0x73,0x40,0xef,0x89,0xad,0x0d,0x03, | |
12919 | + 0x96,0x7e,0x78,0x81,0x2f,0x91,0x1b,0x44,0xb0,0x02,0xba,0x1c | |
12920 | + }; | |
12921 | + | |
12922 | +__fips_constseg | |
12923 | +static const unsigned char aes_256_no_df_pr_nonce[] = | |
12924 | + { | |
12925 | + 0xdc,0xe4,0xd4,0x27,0x7a,0x90,0xd7,0x99,0x43,0xa1,0x3c,0x30, | |
12926 | + 0xcc,0x4b,0xee,0x2e | |
12927 | + }; | |
12928 | + | |
12929 | +__fips_constseg | |
12930 | +static const unsigned char aes_256_no_df_pr_personalizationstring[] = | |
12931 | + { | |
12932 | + 0xe3,0xe6,0xb9,0x11,0xe4,0x7a,0xa4,0x40,0x6b,0xf8,0x73,0xf7, | |
12933 | + 0x7e,0xec,0xc7,0xb9,0x97,0xbf,0xf8,0x25,0x7b,0xbe,0x11,0x9b, | |
12934 | + 0x5b,0x6a,0x0c,0x2e,0x2b,0x01,0x51,0xcd,0x41,0x4b,0x6b,0xac, | |
12935 | + 0x31,0xa8,0x0b,0xf7,0xe6,0x59,0x42,0xb8,0x03,0x0c,0xf8,0x06 | |
12936 | + }; | |
12937 | + | |
12938 | +__fips_constseg | |
12939 | +static const unsigned char aes_256_no_df_pr_additionalinput[] = | |
12940 | + { | |
12941 | + 0x6a,0x9f,0x00,0x91,0xae,0xfe,0xcf,0x84,0x99,0xce,0xb1,0x40, | |
12942 | + 0x6d,0x5d,0x33,0x28,0x84,0xf4,0x8c,0x63,0x4c,0x7e,0xbd,0x2c, | |
12943 | + 0x80,0x76,0xee,0x5a,0xaa,0x15,0x07,0x31,0xd8,0xbb,0x8c,0x69, | |
12944 | + 0x9d,0x9d,0xbc,0x7e,0x49,0xae,0xec,0x39,0x6b,0xd1,0x1f,0x7e | |
12945 | + }; | |
12946 | + | |
12947 | +__fips_constseg | |
12948 | +static const unsigned char aes_256_no_df_pr_entropyinputpr[] = | |
12949 | + { | |
12950 | + 0xf3,0xb9,0x75,0x9c,0xbd,0x88,0xea,0xa2,0x50,0xad,0xd6,0x16, | |
12951 | + 0x1a,0x12,0x3c,0x86,0x68,0xaf,0x6f,0xbe,0x19,0xf2,0xee,0xcc, | |
12952 | + 0xa5,0x70,0x84,0x53,0x50,0xcb,0x9f,0x14,0xa9,0xe5,0xee,0xb9, | |
12953 | + 0x48,0x45,0x40,0xe2,0xc7,0xc9,0x9a,0x74,0xff,0x8c,0x99,0x1f | |
12954 | + }; | |
12955 | + | |
12956 | +__fips_constseg | |
12957 | +static const unsigned char aes_256_no_df_pr_int_returnedbits[] = | |
12958 | + { | |
12959 | + 0x2e,0xf2,0x45,0x4c,0x62,0x2e,0x0a,0xb9,0x6b,0xa2,0xfd,0x56, | |
12960 | + 0x79,0x60,0x93,0xcf | |
12961 | + }; | |
12962 | + | |
12963 | +__fips_constseg | |
12964 | +static const unsigned char aes_256_no_df_pr_additionalinput2[] = | |
12965 | + { | |
12966 | + 0xaf,0x69,0x20,0xe9,0x3b,0x37,0x9d,0x3f,0xb4,0x80,0x02,0x7a, | |
12967 | + 0x25,0x7d,0xb8,0xde,0x71,0xc5,0x06,0x0c,0xb4,0xe2,0x8f,0x35, | |
12968 | + 0xd8,0x14,0x0d,0x7f,0x76,0x63,0x4e,0xb5,0xee,0xe9,0x6f,0x34, | |
12969 | + 0xc7,0x5f,0x56,0x14,0x4a,0xe8,0x73,0x95,0x5b,0x1c,0xb9,0xcb | |
12970 | + }; | |
12971 | + | |
12972 | +__fips_constseg | |
12973 | +static const unsigned char aes_256_no_df_pr_entropyinputpr2[] = | |
12974 | + { | |
12975 | + 0xe5,0xb0,0x2e,0x7e,0x52,0x30,0xe3,0x63,0x82,0xb6,0x44,0xd3, | |
12976 | + 0x25,0x19,0x05,0x24,0x9a,0x9f,0x5f,0x27,0x6a,0x29,0xab,0xfa, | |
12977 | + 0x07,0xa2,0x42,0x0f,0xc5,0xa8,0x94,0x7c,0x17,0x7b,0x85,0x83, | |
12978 | + 0x0c,0x25,0x0e,0x63,0x0b,0xe9,0x12,0x60,0xcd,0xef,0x80,0x0f | |
12979 | + }; | |
12980 | + | |
12981 | +__fips_constseg | |
12982 | +static const unsigned char aes_256_no_df_pr_returnedbits[] = | |
12983 | + { | |
12984 | + 0x5e,0xf2,0x26,0xef,0x9f,0x58,0x5d,0xd5,0x4a,0x10,0xfe,0xa7, | |
12985 | + 0x2d,0x5f,0x4a,0x46 | |
12986 | + }; | |
12987 | + | |
12988 | + | |
12989 | +/* AES-256 no df No PR */ | |
12990 | +__fips_constseg | |
12991 | +static const unsigned char aes_256_no_df_entropyinput[] = | |
12992 | + { | |
12993 | + 0xfb,0xcf,0x1b,0x61,0x16,0x89,0x78,0x23,0xf5,0xd8,0x96,0xe3, | |
12994 | + 0x4e,0x64,0x0b,0x29,0x9a,0x3f,0xf8,0xa5,0xed,0xf2,0xfe,0xdb, | |
12995 | + 0x16,0xca,0x7f,0x10,0xfa,0x5e,0x18,0x76,0x2c,0x63,0x5e,0x96, | |
12996 | + 0xcf,0xb3,0xd6,0xfc,0xaf,0x99,0x39,0x28,0x9c,0x61,0xe8,0xb3 | |
12997 | + }; | |
12998 | + | |
12999 | +__fips_constseg | |
13000 | +static const unsigned char aes_256_no_df_nonce[] = | |
13001 | + { | |
13002 | + 0x12,0x96,0xf0,0x52,0xf3,0x8d,0x81,0xcf,0xde,0x86,0xf2,0x99, | |
13003 | + 0x43,0x96,0xb9,0xf0 | |
13004 | + }; | |
13005 | + | |
13006 | +__fips_constseg | |
13007 | +static const unsigned char aes_256_no_df_personalizationstring[] = | |
13008 | + { | |
13009 | + 0x63,0x0d,0x78,0xf5,0x90,0x8e,0x32,0x47,0xb0,0x4d,0x37,0x60, | |
13010 | + 0x09,0x96,0xbc,0xbf,0x97,0x7a,0x62,0x14,0x45,0xbd,0x8d,0xcc, | |
13011 | + 0x69,0xfb,0x03,0xe1,0x80,0x1c,0xc7,0xe2,0x2a,0xf9,0x37,0x3f, | |
13012 | + 0x66,0x4d,0x62,0xd9,0x10,0xe0,0xad,0xc8,0x9a,0xf0,0xa8,0x6d | |
13013 | + }; | |
13014 | + | |
13015 | +__fips_constseg | |
13016 | +static const unsigned char aes_256_no_df_additionalinput[] = | |
13017 | + { | |
13018 | + 0x36,0xc6,0x13,0x60,0xbb,0x14,0xad,0x22,0xb0,0x38,0xac,0xa6, | |
13019 | + 0x18,0x16,0x93,0x25,0x86,0xb7,0xdc,0xdc,0x36,0x98,0x2b,0xf9, | |
13020 | + 0x68,0x33,0xd3,0xc6,0xff,0xce,0x8d,0x15,0x59,0x82,0x76,0xed, | |
13021 | + 0x6f,0x8d,0x49,0x74,0x2f,0xda,0xdc,0x1f,0x17,0xd0,0xde,0x17 | |
13022 | + }; | |
13023 | + | |
13024 | +__fips_constseg | |
13025 | +static const unsigned char aes_256_no_df_int_returnedbits[] = | |
13026 | + { | |
13027 | + 0x16,0x2f,0x8e,0x3f,0x21,0x7a,0x1c,0x20,0x56,0xd1,0x92,0xf6, | |
13028 | + 0xd2,0x25,0x75,0x0e | |
13029 | + }; | |
13030 | + | |
13031 | +__fips_constseg | |
13032 | +static const unsigned char aes_256_no_df_entropyinputreseed[] = | |
13033 | + { | |
13034 | + 0x91,0x79,0x76,0xee,0xe0,0xcf,0x9e,0xc2,0xd5,0xd4,0x23,0x9b, | |
13035 | + 0x12,0x8c,0x7e,0x0a,0xb7,0xd2,0x8b,0xd6,0x7c,0xa3,0xc6,0xe5, | |
13036 | + 0x0e,0xaa,0xc7,0x6b,0xae,0x0d,0xfa,0x53,0x06,0x79,0xa1,0xed, | |
13037 | + 0x4d,0x6a,0x0e,0xd8,0x9d,0xbe,0x1b,0x31,0x93,0x7b,0xec,0xfb | |
13038 | + }; | |
13039 | + | |
13040 | +__fips_constseg | |
13041 | +static const unsigned char aes_256_no_df_additionalinputreseed[] = | |
13042 | + { | |
13043 | + 0xd2,0x46,0x50,0x22,0x10,0x14,0x63,0xf7,0xea,0x0f,0xb9,0x7e, | |
13044 | + 0x0d,0xe1,0x94,0x07,0xaf,0x09,0x44,0x31,0xea,0x64,0xa4,0x18, | |
13045 | + 0x5b,0xf9,0xd8,0xc2,0xfa,0x03,0x47,0xc5,0x39,0x43,0xd5,0x3b, | |
13046 | + 0x62,0x86,0x64,0xea,0x2c,0x73,0x8c,0xae,0x9d,0x98,0x98,0x29 | |
13047 | + }; | |
13048 | + | |
13049 | +__fips_constseg | |
13050 | +static const unsigned char aes_256_no_df_additionalinput2[] = | |
13051 | + { | |
13052 | + 0x8c,0xab,0x18,0xf8,0xc3,0xec,0x18,0x5c,0xb3,0x1e,0x9d,0xbe, | |
13053 | + 0x3f,0x03,0xb4,0x00,0x98,0x9d,0xae,0xeb,0xf4,0x94,0xf8,0x42, | |
13054 | + 0x8f,0xe3,0x39,0x07,0xe1,0xc9,0xad,0x0b,0x1f,0xed,0xc0,0xba, | |
13055 | + 0xf6,0xd1,0xec,0x27,0x86,0x7b,0xd6,0x55,0x9b,0x60,0xa5,0xc6 | |
13056 | + }; | |
13057 | + | |
13058 | +__fips_constseg | |
13059 | +static const unsigned char aes_256_no_df_returnedbits[] = | |
13060 | + { | |
13061 | + 0xef,0xd2,0xd8,0x5c,0xdc,0x62,0x25,0x9f,0xaa,0x1e,0x2c,0x67, | |
13062 | + 0xf6,0x02,0x32,0xe2 | |
13063 | + }; | |
13064 | + | |
13065 | + | |
13066 | +/* SHA-1 PR */ | |
13067 | +__fips_constseg | |
13068 | +static const unsigned char sha1_pr_entropyinput[] = | |
13069 | + { | |
13070 | + 0xd2,0x36,0xa5,0x27,0x31,0x73,0xdd,0x11,0x4f,0x93,0xbd,0xe2, | |
13071 | + 0x31,0xa5,0x91,0x13 | |
13072 | + }; | |
13073 | + | |
13074 | +__fips_constseg | |
13075 | +static const unsigned char sha1_pr_nonce[] = | |
13076 | + { | |
13077 | + 0xb5,0xb3,0x60,0xef,0xf7,0x63,0x31,0xf3 | |
13078 | + }; | |
13079 | + | |
13080 | +__fips_constseg | |
13081 | +static const unsigned char sha1_pr_personalizationstring[] = | |
13082 | + { | |
13083 | + 0xd4,0xbb,0x02,0x10,0xb2,0x71,0xdb,0x81,0xd6,0xf0,0x42,0x60, | |
13084 | + 0xda,0xea,0x77,0x52 | |
13085 | + }; | |
13086 | + | |
13087 | +__fips_constseg | |
13088 | +static const unsigned char sha1_pr_additionalinput[] = | |
13089 | + { | |
13090 | + 0x4d,0xd2,0x6c,0x87,0xfb,0x2c,0x4f,0xa6,0x8d,0x16,0x63,0x22, | |
13091 | + 0x6a,0x51,0xe3,0xf8 | |
13092 | + }; | |
13093 | + | |
13094 | +__fips_constseg | |
13095 | +static const unsigned char sha1_pr_entropyinputpr[] = | |
13096 | + { | |
13097 | + 0xc9,0x83,0x9e,0x16,0xf6,0x1c,0x0f,0xb2,0xec,0x60,0x31,0xa9, | |
13098 | + 0xcb,0xa9,0x36,0x7a | |
13099 | + }; | |
13100 | + | |
13101 | +__fips_constseg | |
13102 | +static const unsigned char sha1_pr_int_returnedbits[] = | |
13103 | + { | |
13104 | + 0xa8,0x13,0x4f,0xf4,0x31,0x02,0x44,0xe3,0xd3,0x3d,0x61,0x9e, | |
13105 | + 0xe5,0xc6,0x3e,0x89,0xb5,0x9b,0x0f,0x35 | |
13106 | + }; | |
13107 | + | |
13108 | +__fips_constseg | |
13109 | +static const unsigned char sha1_pr_additionalinput2[] = | |
13110 | + { | |
13111 | + 0xf9,0xe8,0xd2,0x72,0x13,0x34,0x95,0x6f,0x15,0x49,0x47,0x99, | |
13112 | + 0x16,0x03,0x19,0x47 | |
13113 | + }; | |
13114 | + | |
13115 | +__fips_constseg | |
13116 | +static const unsigned char sha1_pr_entropyinputpr2[] = | |
13117 | + { | |
13118 | + 0x4e,0x8c,0x49,0x9b,0x4a,0x5c,0x9b,0x9c,0x3a,0xee,0xfb,0xd2, | |
13119 | + 0xae,0xcd,0x8c,0xc4 | |
13120 | + }; | |
13121 | + | |
13122 | +__fips_constseg | |
13123 | +static const unsigned char sha1_pr_returnedbits[] = | |
13124 | + { | |
13125 | + 0x50,0xb4,0xb4,0xcd,0x68,0x57,0xfc,0x2e,0xc1,0x52,0xcc,0xf6, | |
13126 | + 0x68,0xa4,0x81,0xed,0x7e,0xe4,0x1d,0x87 | |
13127 | + }; | |
13128 | + | |
13129 | + | |
13130 | +/* SHA-1 No PR */ | |
13131 | +__fips_constseg | |
13132 | +static const unsigned char sha1_entropyinput[] = | |
13133 | + { | |
13134 | + 0xa9,0x47,0x1b,0x29,0x2d,0x1c,0x05,0xdf,0x76,0xd0,0x62,0xf9, | |
13135 | + 0xe2,0x7f,0x4c,0x7b | |
13136 | + }; | |
13137 | + | |
13138 | +__fips_constseg | |
13139 | +static const unsigned char sha1_nonce[] = | |
13140 | + { | |
13141 | + 0x53,0x23,0x24,0xe3,0xec,0x0c,0x54,0x14 | |
13142 | + }; | |
13143 | + | |
13144 | +__fips_constseg | |
13145 | +static const unsigned char sha1_personalizationstring[] = | |
13146 | + { | |
13147 | + 0x7a,0x87,0xa1,0xac,0x1c,0xfd,0xab,0xae,0xf7,0xd6,0xfb,0x76, | |
13148 | + 0x28,0xec,0x6d,0xca | |
13149 | + }; | |
13150 | + | |
13151 | +__fips_constseg | |
13152 | +static const unsigned char sha1_additionalinput[] = | |
13153 | + { | |
13154 | + 0xfc,0x92,0x35,0xd6,0x7e,0xb7,0x24,0x65,0xfd,0x12,0x27,0x35, | |
13155 | + 0xc0,0x72,0xca,0x28 | |
13156 | + }; | |
13157 | + | |
13158 | +__fips_constseg | |
13159 | +static const unsigned char sha1_int_returnedbits[] = | |
13160 | + { | |
13161 | + 0x57,0x88,0x82,0xe5,0x25,0xa5,0x2c,0x4a,0x06,0x20,0x6c,0x72, | |
13162 | + 0x55,0x61,0xdd,0x90,0x71,0x9f,0x95,0xea | |
13163 | + }; | |
13164 | + | |
13165 | +__fips_constseg | |
13166 | +static const unsigned char sha1_entropyinputreseed[] = | |
13167 | + { | |
13168 | + 0x69,0xa5,0x40,0x62,0x98,0x47,0x56,0x73,0x4a,0x8f,0x60,0x96, | |
13169 | + 0xd6,0x99,0x27,0xed | |
13170 | + }; | |
13171 | + | |
13172 | +__fips_constseg | |
13173 | +static const unsigned char sha1_additionalinputreseed[] = | |
13174 | + { | |
13175 | + 0xe5,0x40,0x4e,0xbd,0x50,0x00,0xf5,0x15,0xa6,0xee,0x45,0xda, | |
13176 | + 0x84,0x3d,0xd4,0xc0 | |
13177 | + }; | |
13178 | + | |
13179 | +__fips_constseg | |
13180 | +static const unsigned char sha1_additionalinput2[] = | |
13181 | + { | |
13182 | + 0x11,0x51,0x14,0xf0,0x09,0x1b,0x4e,0x56,0x0d,0xe9,0xf6,0x1e, | |
13183 | + 0x52,0x65,0xcd,0x96 | |
13184 | + }; | |
13185 | + | |
13186 | +__fips_constseg | |
13187 | +static const unsigned char sha1_returnedbits[] = | |
13188 | + { | |
13189 | + 0xa1,0x9c,0x94,0x6e,0x29,0xe1,0x33,0x0d,0x32,0xd6,0xaa,0xce, | |
13190 | + 0x71,0x3f,0x52,0x72,0x8b,0x42,0xa8,0xd7 | |
13191 | + }; | |
13192 | + | |
13193 | + | |
13194 | +/* SHA-224 PR */ | |
13195 | +__fips_constseg | |
13196 | +static const unsigned char sha224_pr_entropyinput[] = | |
13197 | + { | |
13198 | + 0x12,0x69,0x32,0x4f,0x83,0xa6,0xf5,0x14,0xe3,0x49,0x3e,0x75, | |
13199 | + 0x3e,0xde,0xad,0xa1,0x29,0xc3,0xf3,0x19,0x20,0xb5,0x4c,0xd9 | |
13200 | + }; | |
13201 | + | |
13202 | +__fips_constseg | |
13203 | +static const unsigned char sha224_pr_nonce[] = | |
13204 | + { | |
13205 | + 0x6a,0x78,0xd0,0xeb,0xbb,0x5a,0xf0,0xee,0xe8,0xc3,0xba,0x71 | |
13206 | + }; | |
13207 | + | |
13208 | +__fips_constseg | |
13209 | +static const unsigned char sha224_pr_personalizationstring[] = | |
13210 | + { | |
13211 | + 0xd5,0xb8,0xb6,0xbc,0xc1,0x5b,0x60,0x31,0x3c,0xf5,0xe5,0xc0, | |
13212 | + 0x8e,0x52,0x7a,0xbd,0xea,0x47,0xa9,0x5f,0x8f,0xf9,0x8b,0xae | |
13213 | + }; | |
13214 | + | |
13215 | +__fips_constseg | |
13216 | +static const unsigned char sha224_pr_additionalinput[] = | |
13217 | + { | |
13218 | + 0x1f,0x55,0xec,0xae,0x16,0x12,0x84,0xba,0x84,0x16,0x19,0x88, | |
13219 | + 0x8e,0xb8,0x33,0x25,0x54,0xff,0xca,0x79,0xaf,0x07,0x25,0x50 | |
13220 | + }; | |
13221 | + | |
13222 | +__fips_constseg | |
13223 | +static const unsigned char sha224_pr_entropyinputpr[] = | |
13224 | + { | |
13225 | + 0x92,0xa3,0x32,0xa8,0x9a,0x0a,0x58,0x7c,0x1d,0x5a,0x7e,0xe1, | |
13226 | + 0xb2,0x73,0xab,0x0e,0x16,0x79,0x23,0xd3,0x29,0x89,0x81,0xe1 | |
13227 | + }; | |
13228 | + | |
13229 | +__fips_constseg | |
13230 | +static const unsigned char sha224_pr_int_returnedbits[] = | |
13231 | + { | |
13232 | + 0xf3,0x38,0x91,0x40,0x37,0x7a,0x51,0x72,0x42,0x74,0x78,0x0a, | |
13233 | + 0x69,0xfd,0xa6,0x44,0x43,0x45,0x6c,0x0c,0x5a,0x19,0xff,0xf1, | |
13234 | + 0x54,0x60,0xee,0x6a | |
13235 | + }; | |
13236 | + | |
13237 | +__fips_constseg | |
13238 | +static const unsigned char sha224_pr_additionalinput2[] = | |
13239 | + { | |
13240 | + 0x75,0xf3,0x04,0x25,0xdd,0x36,0xa8,0x37,0x46,0xae,0x0c,0x52, | |
13241 | + 0x05,0x79,0x4c,0x26,0xdb,0xe9,0x71,0x16,0x4c,0x0a,0xf2,0x60 | |
13242 | + }; | |
13243 | + | |
13244 | +__fips_constseg | |
13245 | +static const unsigned char sha224_pr_entropyinputpr2[] = | |
13246 | + { | |
13247 | + 0xea,0xc5,0x03,0x0a,0x4f,0xb0,0x38,0x8d,0x23,0xd4,0xc8,0x77, | |
13248 | + 0xe2,0x6d,0x9c,0x0b,0x44,0xf7,0x2d,0x5b,0xbf,0x5d,0x2a,0x11 | |
13249 | + }; | |
13250 | + | |
13251 | +__fips_constseg | |
13252 | +static const unsigned char sha224_pr_returnedbits[] = | |
13253 | + { | |
13254 | + 0x60,0x50,0x2b,0xe7,0x86,0xd8,0x26,0x73,0xe3,0x1d,0x95,0x20, | |
13255 | + 0xb3,0x2c,0x32,0x1c,0xf5,0xce,0x57,0xa6,0x67,0x2b,0xdc,0x4e, | |
13256 | + 0xdd,0x11,0x4c,0xc4 | |
13257 | + }; | |
13258 | + | |
13259 | + | |
13260 | +/* SHA-224 No PR */ | |
13261 | +__fips_constseg | |
13262 | +static const unsigned char sha224_entropyinput[] = | |
13263 | + { | |
13264 | + 0xb2,0x1c,0x77,0x4d,0xf6,0xd3,0xb6,0x40,0xb7,0x30,0x3e,0x29, | |
13265 | + 0xb0,0x85,0x1c,0xbe,0x4a,0xea,0x6b,0x5a,0xb5,0x8a,0x97,0xeb | |
13266 | + }; | |
13267 | + | |
13268 | +__fips_constseg | |
13269 | +static const unsigned char sha224_nonce[] = | |
13270 | + { | |
13271 | + 0x42,0x02,0x0a,0x1c,0x98,0x9a,0x77,0x9e,0x9f,0x80,0xba,0xe0 | |
13272 | + }; | |
13273 | + | |
13274 | +__fips_constseg | |
13275 | +static const unsigned char sha224_personalizationstring[] = | |
13276 | + { | |
13277 | + 0x98,0xb8,0x04,0x41,0xfc,0xc1,0x5d,0xc5,0xe9,0xb9,0x08,0xda, | |
13278 | + 0xf9,0xfa,0x0d,0x90,0xce,0xdf,0x1d,0x10,0xa9,0x8d,0x50,0x0c | |
13279 | + }; | |
13280 | + | |
13281 | +__fips_constseg | |
13282 | +static const unsigned char sha224_additionalinput[] = | |
13283 | + { | |
13284 | + 0x9a,0x8d,0x39,0x49,0x42,0xd5,0x0b,0xae,0xe1,0xaf,0xb7,0x00, | |
13285 | + 0x02,0xfa,0x96,0xb1,0xa5,0x1d,0x2d,0x25,0x78,0xee,0x83,0x3f | |
13286 | + }; | |
13287 | + | |
13288 | +__fips_constseg | |
13289 | +static const unsigned char sha224_int_returnedbits[] = | |
13290 | + { | |
13291 | + 0xe4,0xf5,0x53,0x79,0x5a,0x97,0x58,0x06,0x08,0xba,0x7b,0xfa, | |
13292 | + 0xf0,0x83,0x05,0x8c,0x22,0xc0,0xc9,0xdb,0x15,0xe7,0xde,0x20, | |
13293 | + 0x55,0x22,0x9a,0xad | |
13294 | + }; | |
13295 | + | |
13296 | +__fips_constseg | |
13297 | +static const unsigned char sha224_entropyinputreseed[] = | |
13298 | + { | |
13299 | + 0x67,0x09,0x48,0xaa,0x07,0x16,0x99,0x89,0x7f,0x6d,0xa0,0xe5, | |
13300 | + 0x8f,0xdf,0xbc,0xdb,0xfe,0xe5,0x6c,0x7a,0x95,0x4a,0x66,0x17 | |
13301 | + }; | |
13302 | + | |
13303 | +__fips_constseg | |
13304 | +static const unsigned char sha224_additionalinputreseed[] = | |
13305 | + { | |
13306 | + 0x0f,0x4b,0x1c,0x6f,0xb7,0xe3,0x47,0xe5,0x5d,0x7d,0x38,0xd6, | |
13307 | + 0x28,0x9b,0xeb,0x55,0x63,0x09,0x3e,0x7c,0x56,0xea,0xf8,0x19 | |
13308 | + }; | |
13309 | + | |
13310 | +__fips_constseg | |
13311 | +static const unsigned char sha224_additionalinput2[] = | |
13312 | + { | |
13313 | + 0x2d,0x26,0x7c,0x37,0xe4,0x7a,0x28,0x5e,0x5a,0x3c,0xaf,0x3d, | |
13314 | + 0x5a,0x8e,0x55,0xa2,0x1a,0x6e,0xc0,0xe5,0xf6,0x21,0xd3,0xf6 | |
13315 | + }; | |
13316 | + | |
13317 | +__fips_constseg | |
13318 | +static const unsigned char sha224_returnedbits[] = | |
13319 | + { | |
13320 | + 0x4d,0x83,0x35,0xdf,0x67,0xa9,0xfc,0x17,0xda,0x70,0xcc,0x8b, | |
13321 | + 0x7f,0x77,0xae,0xa2,0x5f,0xb9,0x7e,0x74,0x4c,0x26,0xc1,0x7a, | |
13322 | + 0x3b,0xa7,0x5c,0x93 | |
13323 | + }; | |
13324 | + | |
13325 | + | |
13326 | +/* SHA-256 PR */ | |
13327 | +__fips_constseg | |
13328 | +static const unsigned char sha256_pr_entropyinput[] = | |
13329 | + { | |
13330 | + 0xce,0x49,0x00,0x7a,0x56,0xe3,0x67,0x8f,0xe1,0xb6,0xa7,0xd4, | |
13331 | + 0x4f,0x08,0x7a,0x1b,0x01,0xf4,0xfa,0x6b,0xef,0xb7,0xe5,0xeb, | |
13332 | + 0x07,0x3d,0x11,0x0d,0xc8,0xea,0x2b,0xfe | |
13333 | + }; | |
13334 | + | |
13335 | +__fips_constseg | |
13336 | +static const unsigned char sha256_pr_nonce[] = | |
13337 | + { | |
13338 | + 0x73,0x41,0xc8,0x92,0x94,0xe2,0xc5,0x5f,0x93,0xfd,0x39,0x5d, | |
13339 | + 0x2b,0x91,0x4d,0x38 | |
13340 | + }; | |
13341 | + | |
13342 | +__fips_constseg | |
13343 | +static const unsigned char sha256_pr_personalizationstring[] = | |
13344 | + { | |
13345 | + 0x50,0x6d,0x01,0x01,0x07,0x5a,0x80,0x35,0x7a,0x56,0x1a,0x56, | |
13346 | + 0x2f,0x9a,0x0b,0x35,0xb2,0xb1,0xc9,0xe5,0xca,0x69,0x61,0x48, | |
13347 | + 0xff,0xfb,0x0f,0xd9,0x4b,0x79,0x1d,0xba | |
13348 | + }; | |
13349 | + | |
13350 | +__fips_constseg | |
13351 | +static const unsigned char sha256_pr_additionalinput[] = | |
13352 | + { | |
13353 | + 0x20,0xb8,0xdf,0x44,0x77,0x5a,0xb8,0xd3,0xbf,0xf6,0xcf,0xac, | |
13354 | + 0x5e,0xa6,0x96,0x62,0x73,0x44,0x40,0x4a,0x30,0xfb,0x38,0xa5, | |
13355 | + 0x7b,0x0d,0xe4,0x0d,0xc6,0xe4,0x9a,0x1f | |
13356 | + }; | |
13357 | + | |
13358 | +__fips_constseg | |
13359 | +static const unsigned char sha256_pr_entropyinputpr[] = | |
13360 | + { | |
13361 | + 0x04,0xc4,0x65,0xf4,0xd3,0xbf,0x83,0x4b,0xab,0xc8,0x41,0xa8, | |
13362 | + 0xc2,0xe0,0x44,0x63,0x77,0x4c,0x6f,0x6c,0x49,0x46,0xff,0x94, | |
13363 | + 0x17,0xea,0xe6,0x1a,0x9d,0x5e,0x66,0x78 | |
13364 | + }; | |
13365 | + | |
13366 | +__fips_constseg | |
13367 | +static const unsigned char sha256_pr_int_returnedbits[] = | |
13368 | + { | |
13369 | + 0x07,0x4d,0xac,0x9b,0x86,0xca,0x4a,0xaa,0x6e,0x7a,0x03,0xa2, | |
13370 | + 0x5d,0x10,0xea,0x0b,0xf9,0x83,0xcc,0xd1,0xfc,0xe2,0x07,0xc7, | |
13371 | + 0x06,0x34,0x60,0x6f,0x83,0x94,0x99,0x76 | |
13372 | + }; | |
13373 | + | |
13374 | +__fips_constseg | |
13375 | +static const unsigned char sha256_pr_additionalinput2[] = | |
13376 | + { | |
13377 | + 0x89,0x4e,0x45,0x8c,0x11,0xf9,0xbc,0x5b,0xac,0x74,0x8b,0x4b, | |
13378 | + 0x5f,0xf7,0x19,0xf3,0xf5,0x24,0x54,0x14,0xd1,0x15,0xb1,0x43, | |
13379 | + 0x12,0xa4,0x5f,0xd4,0xec,0xfc,0xcd,0x09 | |
13380 | + }; | |
13381 | + | |
13382 | +__fips_constseg | |
13383 | +static const unsigned char sha256_pr_entropyinputpr2[] = | |
13384 | + { | |
13385 | + 0x0e,0xeb,0x1f,0xd7,0xfc,0xd1,0x9d,0xd4,0x05,0x36,0x8b,0xb2, | |
13386 | + 0xfb,0xe4,0xf4,0x51,0x0c,0x87,0x9b,0x02,0x44,0xd5,0x92,0x4d, | |
13387 | + 0x44,0xfe,0x1a,0x03,0x43,0x56,0xbd,0x86 | |
13388 | + }; | |
13389 | + | |
13390 | +__fips_constseg | |
13391 | +static const unsigned char sha256_pr_returnedbits[] = | |
13392 | + { | |
13393 | + 0x02,0xaa,0xb6,0x1d,0x7e,0x2a,0x40,0x03,0x69,0x2d,0x49,0xa3, | |
13394 | + 0x41,0xe7,0x44,0x0b,0xaf,0x7b,0x85,0xe4,0x5f,0x53,0x3b,0x64, | |
13395 | + 0xbc,0x89,0xc8,0x82,0xd4,0x78,0x37,0xa2 | |
13396 | + }; | |
13397 | + | |
13398 | + | |
13399 | +/* SHA-256 No PR */ | |
13400 | +__fips_constseg | |
13401 | +static const unsigned char sha256_entropyinput[] = | |
13402 | + { | |
13403 | + 0x5b,0x1b,0xec,0x4d,0xa9,0x38,0x74,0x5a,0x34,0x0b,0x7b,0xc5, | |
13404 | + 0xe5,0xd7,0x66,0x7c,0xbc,0x82,0xb9,0x0e,0x2d,0x1f,0x92,0xd7, | |
13405 | + 0xc1,0xbc,0x67,0x69,0xec,0x6b,0x03,0x3c | |
13406 | + }; | |
13407 | + | |
13408 | +__fips_constseg | |
13409 | +static const unsigned char sha256_nonce[] = | |
13410 | + { | |
13411 | + 0xa4,0x0c,0xd8,0x9c,0x61,0xd8,0xc3,0x54,0xfe,0x53,0xc9,0xe5, | |
13412 | + 0x5d,0x6f,0x6d,0x35 | |
13413 | + }; | |
13414 | + | |
13415 | +__fips_constseg | |
13416 | +static const unsigned char sha256_personalizationstring[] = | |
13417 | + { | |
13418 | + 0x22,0x5e,0x62,0x93,0x42,0x83,0x78,0x24,0xd8,0x40,0x8c,0xde, | |
13419 | + 0x6f,0xf9,0xa4,0x7a,0xc5,0xa7,0x3b,0x88,0xa3,0xee,0x42,0x20, | |
13420 | + 0xfd,0x61,0x56,0xc6,0x4c,0x13,0x41,0x9c | |
13421 | + }; | |
13422 | + | |
13423 | +__fips_constseg | |
13424 | +static const unsigned char sha256_additionalinput[] = | |
13425 | + { | |
13426 | + 0xbf,0x74,0x5b,0xf6,0xc5,0x64,0x5e,0x99,0x34,0x8f,0xbc,0xa4, | |
13427 | + 0xe2,0xbd,0xd8,0x85,0x26,0x37,0xea,0xba,0x4f,0xf2,0x9a,0x9a, | |
13428 | + 0x66,0xfc,0xdf,0x63,0x26,0x26,0x19,0x87 | |
13429 | + }; | |
13430 | + | |
13431 | +__fips_constseg | |
13432 | +static const unsigned char sha256_int_returnedbits[] = | |
13433 | + { | |
13434 | + 0xb3,0xc6,0x07,0x07,0xd6,0x75,0xf6,0x2b,0xd6,0x21,0x96,0xf1, | |
13435 | + 0xae,0xdb,0x2b,0xac,0x25,0x2a,0xae,0xae,0x41,0x72,0x03,0x5e, | |
13436 | + 0xbf,0xd3,0x64,0xbc,0x59,0xf9,0xc0,0x76 | |
13437 | + }; | |
13438 | + | |
13439 | +__fips_constseg | |
13440 | +static const unsigned char sha256_entropyinputreseed[] = | |
13441 | + { | |
13442 | + 0xbf,0x20,0x33,0x56,0x29,0xa8,0x37,0x04,0x1f,0x78,0x34,0x3d, | |
13443 | + 0x81,0x2a,0xc9,0x86,0xc6,0x7a,0x2f,0x88,0x5e,0xd5,0xbe,0x34, | |
13444 | + 0x46,0x20,0xa4,0x35,0xeb,0xc7,0xe2,0x9d | |
13445 | + }; | |
13446 | + | |
13447 | +__fips_constseg | |
13448 | +static const unsigned char sha256_additionalinputreseed[] = | |
13449 | + { | |
13450 | + 0x9b,0xae,0x2d,0x2d,0x61,0xa4,0x89,0xeb,0x43,0x46,0xa7,0xda, | |
13451 | + 0xef,0x40,0xca,0x4a,0x99,0x11,0x41,0xdc,0x5c,0x94,0xe9,0xac, | |
13452 | + 0xd4,0xd0,0xe6,0xbd,0xfb,0x03,0x9c,0xa8 | |
13453 | + }; | |
13454 | + | |
13455 | +__fips_constseg | |
13456 | +static const unsigned char sha256_additionalinput2[] = | |
13457 | + { | |
13458 | + 0x23,0xaa,0x0c,0xbd,0x28,0x33,0xe2,0x51,0xfc,0x71,0xd2,0x15, | |
13459 | + 0x1f,0x76,0xfd,0x0d,0xe0,0xb7,0xb5,0x84,0x75,0x5b,0xbe,0xf3, | |
13460 | + 0x5c,0xca,0xc5,0x30,0xf2,0x75,0x1f,0xda | |
13461 | + }; | |
13462 | + | |
13463 | +__fips_constseg | |
13464 | +static const unsigned char sha256_returnedbits[] = | |
13465 | + { | |
13466 | + 0x90,0x3c,0xc1,0x10,0x8c,0x12,0x01,0xc6,0xa6,0x3a,0x0f,0x4d, | |
13467 | + 0xb6,0x3a,0x4f,0x41,0x9c,0x61,0x75,0x84,0xe9,0x74,0x75,0xfd, | |
13468 | + 0xfe,0xf2,0x1f,0x43,0xd8,0x5e,0x24,0xa3 | |
13469 | + }; | |
13470 | + | |
13471 | + | |
13472 | +/* SHA-384 PR */ | |
13473 | +__fips_constseg | |
13474 | +static const unsigned char sha384_pr_entropyinput[] = | |
13475 | + { | |
13476 | + 0x71,0x9d,0xb2,0x5a,0x71,0x6d,0x04,0xe9,0x1e,0xc7,0x92,0x24, | |
13477 | + 0x6e,0x12,0x33,0xa9,0x52,0x64,0x31,0xef,0x71,0xeb,0x22,0x55, | |
13478 | + 0x28,0x97,0x06,0x6a,0xc0,0x0c,0xa0,0x7e | |
13479 | + }; | |
13480 | + | |
13481 | +__fips_constseg | |
13482 | +static const unsigned char sha384_pr_nonce[] = | |
13483 | + { | |
13484 | + 0xf5,0x0d,0xfa,0xb0,0xec,0x6a,0x7c,0xd6,0xbd,0x9b,0x05,0xfd, | |
13485 | + 0x38,0x3e,0x2e,0x56 | |
13486 | + }; | |
13487 | + | |
13488 | +__fips_constseg | |
13489 | +static const unsigned char sha384_pr_personalizationstring[] = | |
13490 | + { | |
13491 | + 0x74,0xac,0x7e,0x6d,0xb1,0xa4,0xe7,0x21,0xd1,0x1e,0x6e,0x96, | |
13492 | + 0x6d,0x4d,0x53,0x46,0x82,0x96,0x6e,0xcf,0xaa,0x81,0x8d,0x7d, | |
13493 | + 0x9e,0xe1,0x0f,0x15,0xea,0x41,0xbf,0xe3 | |
13494 | + }; | |
13495 | + | |
13496 | +__fips_constseg | |
13497 | +static const unsigned char sha384_pr_additionalinput[] = | |
13498 | + { | |
13499 | + 0xda,0x95,0xd4,0xd0,0xb8,0x11,0xd3,0x49,0x27,0x5d,0xa9,0x39, | |
13500 | + 0x68,0xf3,0xa8,0xe9,0x5d,0x19,0x8a,0x2b,0x66,0xe8,0x69,0x06, | |
13501 | + 0x7c,0x9e,0x03,0xa1,0x8b,0x26,0x2d,0x6e | |
13502 | + }; | |
13503 | + | |
13504 | +__fips_constseg | |
13505 | +static const unsigned char sha384_pr_entropyinputpr[] = | |
13506 | + { | |
13507 | + 0x49,0xdf,0x44,0x00,0xe4,0x1c,0x75,0x0b,0x26,0x5a,0x59,0x64, | |
13508 | + 0x1f,0x4e,0xb1,0xb2,0x13,0xf1,0x22,0x4e,0xb4,0x6d,0x9a,0xcc, | |
13509 | + 0xa0,0x48,0xe6,0xcf,0x1d,0xd1,0x92,0x0d | |
13510 | + }; | |
13511 | + | |
13512 | +__fips_constseg | |
13513 | +static const unsigned char sha384_pr_int_returnedbits[] = | |
13514 | + { | |
13515 | + 0xc8,0x52,0xae,0xbf,0x04,0x3c,0x27,0xb7,0x78,0x18,0xaa,0x8f, | |
13516 | + 0xff,0xcf,0xa4,0xf1,0xcc,0xe7,0x68,0xfa,0x22,0xa2,0x13,0x45, | |
13517 | + 0xe8,0xdd,0x87,0xe6,0xf2,0x6e,0xdd,0xc7,0x52,0x90,0x9f,0x7b, | |
13518 | + 0xfa,0x61,0x2d,0x9d,0x9e,0xcf,0x98,0xac,0x52,0x40,0xce,0xaf | |
13519 | + }; | |
13520 | + | |
13521 | +__fips_constseg | |
13522 | +static const unsigned char sha384_pr_additionalinput2[] = | |
13523 | + { | |
13524 | + 0x61,0x7c,0x03,0x9a,0x3e,0x50,0x57,0x60,0xc5,0x83,0xc9,0xb2, | |
13525 | + 0xd1,0x87,0x85,0x66,0x92,0x5d,0x84,0x0e,0x53,0xfb,0x70,0x03, | |
13526 | + 0x72,0xfd,0xba,0xae,0x9c,0x8f,0xf8,0x18 | |
13527 | + }; | |
13528 | + | |
13529 | +__fips_constseg | |
13530 | +static const unsigned char sha384_pr_entropyinputpr2[] = | |
13531 | + { | |
13532 | + 0xf8,0xeb,0x89,0xb1,0x8d,0x78,0xbe,0x21,0xe0,0xbb,0x9d,0xb7, | |
13533 | + 0x95,0x0e,0xd9,0x46,0x0c,0x8c,0xe2,0x63,0xb7,0x9d,0x67,0x90, | |
13534 | + 0xbd,0xc7,0x0b,0xa5,0xce,0xb2,0x65,0x81 | |
13535 | + }; | |
13536 | + | |
13537 | +__fips_constseg | |
13538 | +static const unsigned char sha384_pr_returnedbits[] = | |
13539 | + { | |
13540 | + 0xe6,0x9f,0xfe,0x68,0xd6,0xb5,0x79,0xf1,0x06,0x5f,0xa3,0xbb, | |
13541 | + 0x23,0x85,0xd8,0xf0,0x29,0x5a,0x68,0x9e,0xf5,0xf4,0xa6,0x12, | |
13542 | + 0xe0,0x9a,0xe2,0xac,0x00,0x1d,0x98,0x26,0xfc,0x53,0x95,0x53, | |
13543 | + 0xe4,0x3e,0x17,0xd5,0x08,0x0b,0x70,0x3d,0x67,0x99,0xac,0x66 | |
13544 | + }; | |
13545 | + | |
13546 | + | |
13547 | +/* SHA-384 No PR */ | |
13548 | +__fips_constseg | |
13549 | +static const unsigned char sha384_entropyinput[] = | |
13550 | + { | |
13551 | + 0x07,0x15,0x27,0x2a,0xaf,0x74,0x24,0x37,0xbc,0xd5,0x14,0x69, | |
13552 | + 0xce,0x11,0xff,0xa2,0x6b,0xb8,0x05,0x67,0x34,0xf8,0xbd,0x6d, | |
13553 | + 0x6a,0xcc,0xcd,0x60,0xa3,0x68,0xca,0xf4 | |
13554 | + }; | |
13555 | + | |
13556 | +__fips_constseg | |
13557 | +static const unsigned char sha384_nonce[] = | |
13558 | + { | |
13559 | + 0x70,0x17,0xc2,0x5b,0x5d,0x22,0x0b,0x06,0x15,0x54,0x78,0x77, | |
13560 | + 0x44,0xaf,0x2f,0x09 | |
13561 | + }; | |
13562 | + | |
13563 | +__fips_constseg | |
13564 | +static const unsigned char sha384_personalizationstring[] = | |
13565 | + { | |
13566 | + 0x89,0x39,0x28,0xb0,0x60,0xeb,0x3d,0xdc,0x55,0x75,0x86,0xeb, | |
13567 | + 0xae,0xa2,0x8f,0xbc,0x1b,0x75,0xd4,0xe1,0x0f,0xaa,0x38,0xca, | |
13568 | + 0x62,0x8b,0xcb,0x2c,0x26,0xf6,0xbc,0xb1 | |
13569 | + }; | |
13570 | + | |
13571 | +__fips_constseg | |
13572 | +static const unsigned char sha384_additionalinput[] = | |
13573 | + { | |
13574 | + 0x30,0x2b,0x42,0x35,0xef,0xda,0x40,0x55,0x28,0xc6,0x95,0xfb, | |
13575 | + 0x54,0x01,0x62,0xd7,0x87,0x14,0x48,0x6d,0x90,0x4c,0xa9,0x02, | |
13576 | + 0x54,0x40,0x22,0xc8,0x66,0xa5,0x48,0x48 | |
13577 | + }; | |
13578 | + | |
13579 | +__fips_constseg | |
13580 | +static const unsigned char sha384_int_returnedbits[] = | |
13581 | + { | |
13582 | + 0x82,0xc4,0xa1,0x9c,0x21,0xd2,0xe7,0xa5,0xa6,0xf6,0x5f,0x04, | |
13583 | + 0x5c,0xc7,0x31,0x9d,0x8d,0x59,0x74,0x50,0x19,0x89,0x2f,0x63, | |
13584 | + 0xd5,0xb7,0x7e,0xeb,0x15,0xe3,0x70,0x83,0xa1,0x24,0x59,0xfa, | |
13585 | + 0x2c,0x56,0xf6,0x88,0x3a,0x92,0x93,0xa1,0xfb,0x79,0xc1,0x7a | |
13586 | + }; | |
13587 | + | |
13588 | +__fips_constseg | |
13589 | +static const unsigned char sha384_entropyinputreseed[] = | |
13590 | + { | |
13591 | + 0x39,0xa6,0xe8,0x5c,0x82,0x17,0x71,0x26,0x57,0x4f,0x9f,0xc2, | |
13592 | + 0x55,0xff,0x5c,0x9b,0x53,0x1a,0xd1,0x5f,0xbc,0x62,0xe4,0x27, | |
13593 | + 0x2d,0x32,0xf0,0xe4,0x52,0x8c,0xc5,0x0c | |
13594 | + }; | |
13595 | + | |
13596 | +__fips_constseg | |
13597 | +static const unsigned char sha384_additionalinputreseed[] = | |
13598 | + { | |
13599 | + 0x8d,0xcb,0x8d,0xce,0x08,0xea,0x80,0xe8,0x9b,0x61,0xa8,0x0f, | |
13600 | + 0xaf,0x49,0x20,0x9e,0x74,0xcb,0x57,0x80,0x42,0xb0,0x84,0x5e, | |
13601 | + 0x30,0x2a,0x67,0x08,0xf4,0xe3,0x40,0x22 | |
13602 | + }; | |
13603 | + | |
13604 | +__fips_constseg | |
13605 | +static const unsigned char sha384_additionalinput2[] = | |
13606 | + { | |
13607 | + 0x7c,0x8f,0xc2,0xae,0x22,0x4a,0xd6,0xf6,0x05,0xa4,0x7a,0xea, | |
13608 | + 0xbb,0x25,0xd0,0xb7,0x5a,0xd6,0xcf,0x9d,0xf3,0x6c,0xe2,0xb2, | |
13609 | + 0x4e,0xb4,0xbd,0xf4,0xe5,0x40,0x80,0x94 | |
13610 | + }; | |
13611 | + | |
13612 | +__fips_constseg | |
13613 | +static const unsigned char sha384_returnedbits[] = | |
13614 | + { | |
13615 | + 0x9e,0x7e,0xfb,0x59,0xbb,0xaa,0x3c,0xf7,0xe1,0xf8,0x76,0xdd, | |
13616 | + 0x63,0x5f,0xaf,0x23,0xd6,0x64,0x61,0xc0,0x9a,0x09,0x47,0xc9, | |
13617 | + 0x33,0xdf,0x6d,0x55,0x91,0x34,0x79,0x70,0xc4,0x99,0x6e,0x54, | |
13618 | + 0x09,0x64,0x21,0x1a,0xbd,0x1e,0x80,0x40,0x34,0xad,0xfa,0xd7 | |
13619 | + }; | |
13620 | + | |
13621 | + | |
13622 | +/* SHA-512 PR */ | |
13623 | +__fips_constseg | |
13624 | +static const unsigned char sha512_pr_entropyinput[] = | |
13625 | + { | |
13626 | + 0x13,0xf7,0x61,0x75,0x65,0x28,0xa2,0x59,0x13,0x5a,0x4a,0x4f, | |
13627 | + 0x56,0x60,0x8c,0x53,0x7d,0xb0,0xbd,0x06,0x4f,0xed,0xcc,0xd2, | |
13628 | + 0xa2,0xb5,0xfd,0x5b,0x3a,0xab,0xec,0x28 | |
13629 | + }; | |
13630 | + | |
13631 | +__fips_constseg | |
13632 | +static const unsigned char sha512_pr_nonce[] = | |
13633 | + { | |
13634 | + 0xbe,0xa3,0x91,0x93,0x1d,0xc3,0x31,0x3a,0x23,0x33,0x50,0x67, | |
13635 | + 0x88,0xc7,0xa2,0xc4 | |
13636 | + }; | |
13637 | + | |
13638 | +__fips_constseg | |
13639 | +static const unsigned char sha512_pr_personalizationstring[] = | |
13640 | + { | |
13641 | + 0x1f,0x59,0x4d,0x7b,0xe6,0x46,0x91,0x48,0xc1,0x25,0xfa,0xff, | |
13642 | + 0x89,0x12,0x77,0x35,0xdf,0x3e,0xf4,0x80,0x5f,0xd9,0xb0,0x07, | |
13643 | + 0x22,0x41,0xdd,0x48,0x78,0x6b,0x77,0x2b | |
13644 | + }; | |
13645 | + | |
13646 | +__fips_constseg | |
13647 | +static const unsigned char sha512_pr_additionalinput[] = | |
13648 | + { | |
13649 | + 0x30,0xff,0x63,0x6f,0xac,0xd9,0x84,0x39,0x6f,0xe4,0x99,0xce, | |
13650 | + 0x91,0x7d,0x7e,0xc8,0x58,0xf2,0x12,0xc3,0xb6,0xad,0xda,0x22, | |
13651 | + 0x04,0xa0,0xd2,0x21,0xfe,0xf2,0x95,0x1d | |
13652 | + }; | |
13653 | + | |
13654 | +__fips_constseg | |
13655 | +static const unsigned char sha512_pr_entropyinputpr[] = | |
13656 | + { | |
13657 | + 0x64,0x54,0x13,0xec,0x4f,0x77,0xda,0xb2,0x92,0x2e,0x52,0x80, | |
13658 | + 0x11,0x10,0xc2,0xf8,0xe6,0xa7,0xcd,0x4b,0xfc,0x32,0x2e,0x9e, | |
13659 | + 0xeb,0xbb,0xb1,0xbf,0x15,0x5c,0x73,0x08 | |
13660 | + }; | |
13661 | + | |
13662 | +__fips_constseg | |
13663 | +static const unsigned char sha512_pr_int_returnedbits[] = | |
13664 | + { | |
13665 | + 0xef,0x1e,0xdc,0x0a,0xa4,0x36,0x91,0x9c,0x3d,0x27,0x97,0x50, | |
13666 | + 0x8d,0x36,0x29,0x8d,0xce,0x6a,0x0c,0xf7,0x21,0xc0,0x91,0xae, | |
13667 | + 0x0c,0x96,0x72,0xbd,0x52,0x81,0x58,0xfc,0x6d,0xe5,0xf7,0xa5, | |
13668 | + 0xfd,0x5d,0xa7,0x58,0x68,0xc8,0x99,0x58,0x8e,0xc8,0xce,0x95, | |
13669 | + 0x01,0x7d,0xff,0xa4,0xc8,0xf7,0x63,0xfe,0x5f,0x69,0x83,0x53, | |
13670 | + 0xe2,0xc6,0x8b,0xc3 | |
13671 | + }; | |
13672 | + | |
13673 | +__fips_constseg | |
13674 | +static const unsigned char sha512_pr_additionalinput2[] = | |
13675 | + { | |
13676 | + 0xe6,0x9b,0xc4,0x88,0x34,0xca,0xea,0x29,0x2f,0x98,0x05,0xa4, | |
13677 | + 0xd3,0xc0,0x7b,0x11,0xe8,0xbb,0x75,0xf2,0xbd,0x29,0xb7,0x40, | |
13678 | + 0x25,0x7f,0xc1,0xb7,0xb1,0xf1,0x25,0x61 | |
13679 | + }; | |
13680 | + | |
13681 | +__fips_constseg | |
13682 | +static const unsigned char sha512_pr_entropyinputpr2[] = | |
13683 | + { | |
13684 | + 0x23,0x6d,0xff,0xde,0xfb,0xd1,0xba,0x33,0x18,0xe6,0xbe,0xb5, | |
13685 | + 0x48,0x77,0x6d,0x7f,0xa7,0xe1,0x4d,0x48,0x1e,0x3c,0xa7,0x34, | |
13686 | + 0x1a,0xc8,0x60,0xdb,0x8f,0x99,0x15,0x99 | |
13687 | + }; | |
13688 | + | |
13689 | +__fips_constseg | |
13690 | +static const unsigned char sha512_pr_returnedbits[] = | |
13691 | + { | |
13692 | + 0x70,0x27,0x31,0xdb,0x92,0x70,0x21,0xfe,0x16,0xb6,0xc8,0x51, | |
13693 | + 0x34,0x87,0x65,0xd0,0x4e,0xfd,0xfe,0x68,0xec,0xac,0xdc,0x93, | |
13694 | + 0x41,0x38,0x92,0x90,0xb4,0x94,0xf9,0x0d,0xa4,0xf7,0x4e,0x80, | |
13695 | + 0x92,0x67,0x48,0x40,0xa7,0x08,0xc7,0xbc,0x66,0x00,0xfd,0xf7, | |
13696 | + 0x4c,0x8b,0x17,0x6e,0xd1,0x8f,0x9b,0xf3,0x6f,0xf6,0x34,0xdd, | |
13697 | + 0x67,0xf7,0x68,0xdd | |
13698 | + }; | |
13699 | + | |
13700 | + | |
13701 | +/* SHA-512 No PR */ | |
13702 | +__fips_constseg | |
13703 | +static const unsigned char sha512_entropyinput[] = | |
13704 | + { | |
13705 | + 0xb6,0x0b,0xb7,0xbc,0x84,0x56,0xf6,0x12,0xaf,0x45,0x67,0x17, | |
13706 | + 0x7c,0xd1,0xb2,0x78,0x2b,0xa0,0xf2,0xbe,0xb6,0x6d,0x8b,0x56, | |
13707 | + 0xc6,0xbc,0x4d,0xe1,0xf7,0xbe,0xce,0xbd | |
13708 | + }; | |
13709 | + | |
13710 | +__fips_constseg | |
13711 | +static const unsigned char sha512_nonce[] = | |
13712 | + { | |
13713 | + 0x9d,0xed,0xc0,0xe5,0x5a,0x98,0x6a,0xcb,0x51,0x7d,0x76,0x31, | |
13714 | + 0x5a,0x64,0xf0,0xf7 | |
13715 | + }; | |
13716 | + | |
13717 | +__fips_constseg | |
13718 | +static const unsigned char sha512_personalizationstring[] = | |
13719 | + { | |
13720 | + 0xc2,0x6d,0xa3,0xc3,0x06,0x74,0xe5,0x01,0x5c,0x10,0x17,0xc7, | |
13721 | + 0xaf,0x83,0x9d,0x59,0x8d,0x2d,0x29,0x38,0xc5,0x59,0x70,0x8b, | |
13722 | + 0x46,0x48,0x2d,0xcf,0x36,0x7d,0x59,0xc0 | |
13723 | + }; | |
13724 | + | |
13725 | +__fips_constseg | |
13726 | +static const unsigned char sha512_additionalinput[] = | |
13727 | + { | |
13728 | + 0xec,0x8c,0xd4,0xf7,0x61,0x6e,0x0d,0x95,0x79,0xb7,0x28,0xad, | |
13729 | + 0x5f,0x69,0x74,0x5f,0x2d,0x36,0x06,0x8a,0x6b,0xac,0x54,0x97, | |
13730 | + 0xc4,0xa1,0x12,0x85,0x0a,0xdf,0x4b,0x34 | |
13731 | + }; | |
13732 | + | |
13733 | +__fips_constseg | |
13734 | +static const unsigned char sha512_int_returnedbits[] = | |
13735 | + { | |
13736 | + 0x84,0x2f,0x1f,0x68,0x6a,0xa3,0xad,0x1e,0xfb,0xf4,0x15,0xbd, | |
13737 | + 0xde,0x38,0xd4,0x30,0x80,0x51,0xe9,0xd3,0xc7,0x20,0x88,0xe9, | |
13738 | + 0xf5,0xcc,0xdf,0x57,0x5c,0x47,0x2f,0x57,0x3c,0x5f,0x13,0x56, | |
13739 | + 0xcc,0xc5,0x4f,0x84,0xf8,0x10,0x41,0xd5,0x7e,0x58,0x6e,0x19, | |
13740 | + 0x19,0x9e,0xaf,0xc2,0x22,0x58,0x41,0x50,0x79,0xc2,0xd8,0x04, | |
13741 | + 0x28,0xd4,0x39,0x9a | |
13742 | + }; | |
13743 | + | |
13744 | +__fips_constseg | |
13745 | +static const unsigned char sha512_entropyinputreseed[] = | |
13746 | + { | |
13747 | + 0xfa,0x7f,0x46,0x51,0x83,0x62,0x98,0x16,0x9a,0x19,0xa2,0x49, | |
13748 | + 0xa9,0xe6,0x4a,0xd8,0x85,0xe7,0xd4,0x3b,0x2c,0x82,0xc5,0x82, | |
13749 | + 0xbf,0x11,0xf9,0x9e,0xbc,0xd0,0x01,0xee | |
13750 | + }; | |
13751 | + | |
13752 | +__fips_constseg | |
13753 | +static const unsigned char sha512_additionalinputreseed[] = | |
13754 | + { | |
13755 | + 0xb9,0x12,0xe0,0x4f,0xf7,0xa7,0xc4,0xd8,0xd0,0x8e,0x99,0x29, | |
13756 | + 0x7c,0x9a,0xe9,0xcf,0xc4,0x6c,0xf8,0xc3,0xa7,0x41,0x83,0xd6, | |
13757 | + 0x2e,0xfa,0xb8,0x5e,0x8e,0x6b,0x78,0x20 | |
13758 | + }; | |
13759 | + | |
13760 | +__fips_constseg | |
13761 | +static const unsigned char sha512_additionalinput2[] = | |
13762 | + { | |
13763 | + 0xd7,0x07,0x52,0xb9,0x83,0x2c,0x03,0x71,0xee,0xc9,0xc0,0x85, | |
13764 | + 0xe1,0x57,0xb2,0xcd,0x3a,0xf0,0xc9,0x34,0x24,0x41,0x1c,0x42, | |
13765 | + 0x99,0xb2,0x84,0xe9,0x17,0xd2,0x76,0x92 | |
13766 | + }; | |
13767 | + | |
13768 | +__fips_constseg | |
13769 | +static const unsigned char sha512_returnedbits[] = | |
13770 | + { | |
13771 | + 0x36,0x17,0x5d,0x98,0x2b,0x65,0x25,0x8e,0xc8,0x29,0xdf,0x27, | |
13772 | + 0x05,0x36,0x26,0x12,0x8a,0x68,0x74,0x27,0x37,0xd4,0x7f,0x32, | |
13773 | + 0xb1,0x12,0xd6,0x85,0x83,0xeb,0x2e,0xa0,0xed,0x4b,0xb5,0x7b, | |
13774 | + 0x6f,0x39,0x3c,0x71,0x77,0x02,0x12,0xcc,0x2c,0x3a,0x8e,0x63, | |
13775 | + 0xdf,0x4a,0xbd,0x6f,0x6e,0x2e,0xed,0x0a,0x85,0xa5,0x2f,0xa2, | |
13776 | + 0x68,0xde,0x42,0xb5 | |
13777 | + }; | |
13778 | + | |
13779 | + | |
13780 | +/* HMAC SHA-1 PR */ | |
13781 | +__fips_constseg | |
13782 | +static const unsigned char hmac_sha1_pr_entropyinput[] = | |
13783 | + { | |
13784 | + 0x26,0x5f,0x36,0x14,0xff,0x3d,0x83,0xfa,0x73,0x5e,0x75,0xdc, | |
13785 | + 0x2c,0x18,0x17,0x1b | |
13786 | + }; | |
13787 | + | |
13788 | +__fips_constseg | |
13789 | +static const unsigned char hmac_sha1_pr_nonce[] = | |
13790 | + { | |
13791 | + 0xc8,0xe3,0x57,0xa5,0x7b,0x74,0x86,0x6e | |
13792 | + }; | |
13793 | + | |
13794 | +__fips_constseg | |
13795 | +static const unsigned char hmac_sha1_pr_personalizationstring[] = | |
13796 | + { | |
13797 | + 0x6e,0xdb,0x0d,0xfe,0x7d,0xac,0x79,0xd0,0xa5,0x3a,0x48,0x85, | |
13798 | + 0x80,0xe2,0x7f,0x2a | |
13799 | + }; | |
13800 | + | |
13801 | +__fips_constseg | |
13802 | +static const unsigned char hmac_sha1_pr_additionalinput[] = | |
13803 | + { | |
13804 | + 0x31,0xcd,0x5e,0x43,0xdc,0xfb,0x7a,0x79,0xca,0x88,0xde,0x1f, | |
13805 | + 0xd7,0xbb,0x42,0x09 | |
13806 | + }; | |
13807 | + | |
13808 | +__fips_constseg | |
13809 | +static const unsigned char hmac_sha1_pr_entropyinputpr[] = | |
13810 | + { | |
13811 | + 0x7c,0x23,0x95,0x38,0x00,0x95,0xc1,0x78,0x1f,0x8f,0xd7,0x63, | |
13812 | + 0x23,0x87,0x2a,0xed | |
13813 | + }; | |
13814 | + | |
13815 | +__fips_constseg | |
13816 | +static const unsigned char hmac_sha1_pr_int_returnedbits[] = | |
13817 | + { | |
13818 | + 0xbb,0x34,0xe7,0x93,0xa3,0x02,0x2c,0x4a,0xd0,0x89,0xda,0x7f, | |
13819 | + 0xed,0xf4,0x4c,0xde,0x17,0xec,0xe5,0x6c | |
13820 | + }; | |
13821 | + | |
13822 | +__fips_constseg | |
13823 | +static const unsigned char hmac_sha1_pr_additionalinput2[] = | |
13824 | + { | |
13825 | + 0x49,0xbc,0x2d,0x2c,0xb7,0x32,0xcb,0x20,0xdf,0xf5,0x77,0x58, | |
13826 | + 0xa0,0x4b,0x93,0x6e | |
13827 | + }; | |
13828 | + | |
13829 | +__fips_constseg | |
13830 | +static const unsigned char hmac_sha1_pr_entropyinputpr2[] = | |
13831 | + { | |
13832 | + 0x3c,0xaa,0xb0,0x21,0x42,0xb0,0xdd,0x34,0xf0,0x16,0x7f,0x0c, | |
13833 | + 0x0f,0xff,0x2e,0xaf | |
13834 | + }; | |
13835 | + | |
13836 | +__fips_constseg | |
13837 | +static const unsigned char hmac_sha1_pr_returnedbits[] = | |
13838 | + { | |
13839 | + 0x8e,0xcb,0xa3,0x64,0xb2,0xb8,0x33,0x6c,0x64,0x3b,0x78,0x16, | |
13840 | + 0x99,0x35,0xc8,0x30,0xcb,0x3e,0xa0,0xd8 | |
13841 | + }; | |
13842 | + | |
13843 | + | |
13844 | +/* HMAC SHA-1 No PR */ | |
13845 | +__fips_constseg | |
13846 | +static const unsigned char hmac_sha1_entropyinput[] = | |
13847 | + { | |
13848 | + 0x32,0x9a,0x2a,0x87,0x7b,0x89,0x7c,0xf6,0xcb,0x95,0xd5,0x40, | |
13849 | + 0x17,0xfe,0x47,0x70 | |
13850 | + }; | |
13851 | + | |
13852 | +__fips_constseg | |
13853 | +static const unsigned char hmac_sha1_nonce[] = | |
13854 | + { | |
13855 | + 0x16,0xd8,0xe0,0xc7,0x52,0xcf,0x4a,0x25 | |
13856 | + }; | |
13857 | + | |
13858 | +__fips_constseg | |
13859 | +static const unsigned char hmac_sha1_personalizationstring[] = | |
13860 | + { | |
13861 | + 0x35,0x35,0xa9,0xa5,0x40,0xbe,0x9b,0xd1,0x56,0xdd,0x44,0x00, | |
13862 | + 0x72,0xf7,0xd3,0x5e | |
13863 | + }; | |
13864 | + | |
13865 | +__fips_constseg | |
13866 | +static const unsigned char hmac_sha1_additionalinput[] = | |
13867 | + { | |
13868 | + 0x1b,0x2c,0x84,0x2d,0x4a,0x89,0x8f,0x69,0x19,0xf1,0xf3,0xdb, | |
13869 | + 0xbb,0xe3,0xaa,0xea | |
13870 | + }; | |
13871 | + | |
13872 | +__fips_constseg | |
13873 | +static const unsigned char hmac_sha1_int_returnedbits[] = | |
13874 | + { | |
13875 | + 0xcf,0xfa,0x7d,0x72,0x0f,0xe6,0xc7,0x96,0xa0,0x69,0x31,0x11, | |
13876 | + 0x9b,0x0b,0x1a,0x20,0x1f,0x3f,0xaa,0xd1 | |
13877 | + }; | |
13878 | + | |
13879 | +__fips_constseg | |
13880 | +static const unsigned char hmac_sha1_entropyinputreseed[] = | |
13881 | + { | |
13882 | + 0x90,0x75,0x15,0x04,0x95,0xf1,0xba,0x81,0x0c,0x37,0x94,0x6f, | |
13883 | + 0x86,0x52,0x6d,0x9c | |
13884 | + }; | |
13885 | + | |
13886 | +__fips_constseg | |
13887 | +static const unsigned char hmac_sha1_additionalinputreseed[] = | |
13888 | + { | |
13889 | + 0x5b,0x40,0xba,0x5f,0x17,0x70,0xf0,0x4b,0xdf,0xc9,0x97,0x92, | |
13890 | + 0x79,0xc5,0x82,0x28 | |
13891 | + }; | |
13892 | + | |
13893 | +__fips_constseg | |
13894 | +static const unsigned char hmac_sha1_additionalinput2[] = | |
13895 | + { | |
13896 | + 0x97,0xc8,0x80,0x90,0xb3,0xaa,0x6e,0x60,0xea,0x83,0x7a,0xe3, | |
13897 | + 0x8a,0xca,0xa4,0x7f | |
13898 | + }; | |
13899 | + | |
13900 | +__fips_constseg | |
13901 | +static const unsigned char hmac_sha1_returnedbits[] = | |
13902 | + { | |
13903 | + 0x90,0xbd,0x05,0x56,0x6d,0xb5,0x22,0xd5,0xb9,0x5a,0x29,0x2d, | |
13904 | + 0xe9,0x0b,0xe1,0xac,0xde,0x27,0x0b,0xb0 | |
13905 | + }; | |
13906 | + | |
13907 | + | |
13908 | +/* HMAC SHA-224 PR */ | |
13909 | +__fips_constseg | |
13910 | +static const unsigned char hmac_sha224_pr_entropyinput[] = | |
13911 | + { | |
13912 | + 0x17,0x32,0x2b,0x2e,0x6f,0x1b,0x9c,0x6d,0x31,0xe0,0x34,0x07, | |
13913 | + 0xcf,0xed,0xf6,0xb6,0x5a,0x76,0x4c,0xbc,0x62,0x85,0x01,0x90 | |
13914 | + }; | |
13915 | + | |
13916 | +__fips_constseg | |
13917 | +static const unsigned char hmac_sha224_pr_nonce[] = | |
13918 | + { | |
13919 | + 0x38,0xbf,0x5f,0x20,0xb3,0x68,0x2f,0x43,0x61,0x05,0x8f,0x23 | |
13920 | + }; | |
13921 | + | |
13922 | +__fips_constseg | |
13923 | +static const unsigned char hmac_sha224_pr_personalizationstring[] = | |
13924 | + { | |
13925 | + 0xc0,0xc9,0x45,0xac,0x8d,0x27,0x77,0x08,0x0b,0x17,0x6d,0xed, | |
13926 | + 0xc1,0x7d,0xd5,0x07,0x9d,0x6e,0xf8,0x23,0x2a,0x22,0x13,0xbd | |
13927 | + }; | |
13928 | + | |
13929 | +__fips_constseg | |
13930 | +static const unsigned char hmac_sha224_pr_additionalinput[] = | |
13931 | + { | |
13932 | + 0xa4,0x3c,0xe7,0x3b,0xea,0x19,0x45,0x32,0xc2,0x83,0x6d,0x21, | |
13933 | + 0x8a,0xc0,0xee,0x67,0x45,0xde,0x13,0x7d,0x9d,0x61,0x00,0x3b | |
13934 | + }; | |
13935 | + | |
13936 | +__fips_constseg | |
13937 | +static const unsigned char hmac_sha224_pr_entropyinputpr[] = | |
13938 | + { | |
13939 | + 0x15,0x05,0x74,0x4a,0x7f,0x8d,0x5c,0x60,0x16,0xe5,0x7b,0xad, | |
13940 | + 0xf5,0x41,0x8f,0x55,0x60,0xc4,0x09,0xee,0x1e,0x11,0x81,0xab | |
13941 | + }; | |
13942 | + | |
13943 | +__fips_constseg | |
13944 | +static const unsigned char hmac_sha224_pr_int_returnedbits[] = | |
13945 | + { | |
13946 | + 0x6f,0xf5,0x9a,0xe2,0x54,0x53,0x30,0x3d,0x5a,0x27,0x29,0x38, | |
13947 | + 0x27,0xf2,0x0d,0x05,0xe9,0x26,0xcb,0x16,0xc3,0x51,0x5f,0x13, | |
13948 | + 0x41,0xfe,0x99,0xf2 | |
13949 | + }; | |
13950 | + | |
13951 | +__fips_constseg | |
13952 | +static const unsigned char hmac_sha224_pr_additionalinput2[] = | |
13953 | + { | |
13954 | + 0x73,0x81,0x88,0x84,0x8f,0xed,0x6f,0x10,0x9f,0x93,0xbf,0x17, | |
13955 | + 0x35,0x7c,0xef,0xd5,0x8d,0x26,0xa6,0x7a,0xe8,0x09,0x36,0x4f | |
13956 | + }; | |
13957 | + | |
13958 | +__fips_constseg | |
13959 | +static const unsigned char hmac_sha224_pr_entropyinputpr2[] = | |
13960 | + { | |
13961 | + 0xe6,0xcf,0xcf,0x7e,0x12,0xe5,0x43,0xd2,0x38,0xd8,0x24,0x6f, | |
13962 | + 0x5a,0x37,0x68,0xbf,0x4f,0xa0,0xff,0xd5,0x61,0x8a,0x93,0xe0 | |
13963 | + }; | |
13964 | + | |
13965 | +__fips_constseg | |
13966 | +static const unsigned char hmac_sha224_pr_returnedbits[] = | |
13967 | + { | |
13968 | + 0xaf,0xf9,0xd8,0x19,0x91,0x30,0x82,0x6f,0xa9,0x1e,0x9d,0xd7, | |
13969 | + 0xf3,0x50,0xe0,0xc7,0xd5,0x64,0x96,0x7d,0x4c,0x4d,0x78,0x03, | |
13970 | + 0x6d,0xd8,0x9e,0x72 | |
13971 | + }; | |
13972 | + | |
13973 | + | |
13974 | +/* HMAC SHA-224 No PR */ | |
13975 | +__fips_constseg | |
13976 | +static const unsigned char hmac_sha224_entropyinput[] = | |
13977 | + { | |
13978 | + 0x11,0x82,0xfd,0xd9,0x42,0xf4,0xfa,0xc8,0xf2,0x41,0xe6,0x54, | |
13979 | + 0x01,0xae,0x22,0x6e,0xc6,0xaf,0xaf,0xd0,0xa6,0xb2,0xe2,0x6d | |
13980 | + }; | |
13981 | + | |
13982 | +__fips_constseg | |
13983 | +static const unsigned char hmac_sha224_nonce[] = | |
13984 | + { | |
13985 | + 0xa9,0x48,0xd7,0x92,0x39,0x7e,0x2a,0xdc,0x30,0x1f,0x0e,0x2b | |
13986 | + }; | |
13987 | + | |
13988 | +__fips_constseg | |
13989 | +static const unsigned char hmac_sha224_personalizationstring[] = | |
13990 | + { | |
13991 | + 0x11,0xd5,0xf4,0xbd,0x67,0x8c,0x31,0xcf,0xa3,0x3f,0x1e,0x6b, | |
13992 | + 0xa8,0x07,0x02,0x0b,0xc8,0x2e,0x6c,0x64,0x41,0x5b,0xc8,0x37 | |
13993 | + }; | |
13994 | + | |
13995 | +__fips_constseg | |
13996 | +static const unsigned char hmac_sha224_additionalinput[] = | |
13997 | + { | |
13998 | + 0x68,0x18,0xc2,0x06,0xeb,0x3e,0x04,0x95,0x44,0x5e,0xfb,0xe6, | |
13999 | + 0x41,0xc1,0x5c,0xcc,0x40,0x2f,0xb7,0xd2,0x0f,0xf3,0x6b,0xe7 | |
14000 | + }; | |
14001 | + | |
14002 | +__fips_constseg | |
14003 | +static const unsigned char hmac_sha224_int_returnedbits[] = | |
14004 | + { | |
14005 | + 0x7f,0x45,0xc7,0x5d,0x32,0xe6,0x17,0x60,0xba,0xdc,0xb8,0x42, | |
14006 | + 0x1b,0x9c,0xf1,0xfa,0x3b,0x4d,0x29,0x54,0xc6,0x90,0xff,0x5c, | |
14007 | + 0xcd,0xd6,0xa9,0xcc | |
14008 | + }; | |
14009 | + | |
14010 | +__fips_constseg | |
14011 | +static const unsigned char hmac_sha224_entropyinputreseed[] = | |
14012 | + { | |
14013 | + 0xc4,0x8e,0x37,0x95,0x69,0x53,0x28,0xd7,0x37,0xbb,0x70,0x95, | |
14014 | + 0x1c,0x07,0x1d,0xd9,0xb7,0xe6,0x1b,0xbb,0xfe,0x41,0xeb,0xc9 | |
14015 | + }; | |
14016 | + | |
14017 | +__fips_constseg | |
14018 | +static const unsigned char hmac_sha224_additionalinputreseed[] = | |
14019 | + { | |
14020 | + 0x53,0x17,0xa1,0x6a,0xfa,0x77,0x47,0xb0,0x95,0x56,0x9a,0x20, | |
14021 | + 0x57,0xde,0x5c,0x89,0x9f,0x7f,0xe2,0xde,0x17,0x3a,0x50,0x23 | |
14022 | + }; | |
14023 | + | |
14024 | +__fips_constseg | |
14025 | +static const unsigned char hmac_sha224_additionalinput2[] = | |
14026 | + { | |
14027 | + 0x3a,0x32,0xf9,0x85,0x0c,0xc1,0xed,0x76,0x2d,0xdf,0x40,0xc3, | |
14028 | + 0x06,0x22,0x66,0xd4,0x9a,0x9a,0xff,0x5a,0x7e,0x7a,0xf3,0x96 | |
14029 | + }; | |
14030 | + | |
14031 | +__fips_constseg | |
14032 | +static const unsigned char hmac_sha224_returnedbits[] = | |
14033 | + { | |
14034 | + 0x43,0xb4,0x57,0x5c,0x38,0x25,0x9d,0xae,0xec,0x96,0xd1,0x85, | |
14035 | + 0x3a,0x84,0x8d,0xfe,0x68,0xd5,0x0e,0x5c,0x8f,0x65,0xa5,0x4e, | |
14036 | + 0x45,0x84,0xa8,0x94 | |
14037 | + }; | |
14038 | + | |
14039 | + | |
14040 | +/* HMAC SHA-256 PR */ | |
14041 | +__fips_constseg | |
14042 | +static const unsigned char hmac_sha256_pr_entropyinput[] = | |
14043 | + { | |
14044 | + 0x4d,0xb0,0x43,0xd8,0x34,0x4b,0x10,0x70,0xb1,0x8b,0xed,0xea, | |
14045 | + 0x07,0x92,0x9f,0x6c,0x79,0x31,0xaf,0x81,0x29,0xeb,0x6e,0xca, | |
14046 | + 0x32,0x48,0x28,0xe7,0x02,0x5d,0xa6,0xa6 | |
14047 | + }; | |
14048 | + | |
14049 | +__fips_constseg | |
14050 | +static const unsigned char hmac_sha256_pr_nonce[] = | |
14051 | + { | |
14052 | + 0x3a,0xae,0x15,0xa9,0x99,0xdc,0xe4,0x67,0x34,0x3b,0x70,0x15, | |
14053 | + 0xaa,0xd3,0x30,0x9a | |
14054 | + }; | |
14055 | + | |
14056 | +__fips_constseg | |
14057 | +static const unsigned char hmac_sha256_pr_personalizationstring[] = | |
14058 | + { | |
14059 | + 0x13,0x1d,0x24,0x04,0xb0,0x18,0x81,0x15,0x21,0x51,0x2a,0x24, | |
14060 | + 0x52,0x61,0xbe,0x64,0x82,0x6b,0x55,0x2f,0xe2,0xf1,0x40,0x7d, | |
14061 | + 0x71,0xd8,0x01,0x86,0x15,0xb7,0x8b,0xb5 | |
14062 | + }; | |
14063 | + | |
14064 | +__fips_constseg | |
14065 | +static const unsigned char hmac_sha256_pr_additionalinput[] = | |
14066 | + { | |
14067 | + 0x8f,0xa6,0x54,0x5f,0xb1,0xd0,0xd8,0xc3,0xe7,0x0c,0x15,0xa9, | |
14068 | + 0x23,0x6e,0xfe,0xfb,0x93,0xf7,0x3a,0xbd,0x59,0x01,0xfa,0x18, | |
14069 | + 0x8e,0xe9,0x1a,0xa9,0x78,0xfc,0x79,0x0b | |
14070 | + }; | |
14071 | + | |
14072 | +__fips_constseg | |
14073 | +static const unsigned char hmac_sha256_pr_entropyinputpr[] = | |
14074 | + { | |
14075 | + 0xcf,0x24,0xb9,0xeb,0xb3,0xd4,0xcd,0x17,0x37,0x38,0x75,0x79, | |
14076 | + 0x15,0xcb,0x2d,0x75,0x51,0xf1,0xcc,0xaa,0x32,0xa4,0xa7,0x36, | |
14077 | + 0x7c,0x5c,0xe4,0x47,0xf1,0x3e,0x1d,0xe5 | |
14078 | + }; | |
14079 | + | |
14080 | +__fips_constseg | |
14081 | +static const unsigned char hmac_sha256_pr_int_returnedbits[] = | |
14082 | + { | |
14083 | + 0x52,0x42,0xfa,0xeb,0x85,0xe0,0x30,0x22,0x79,0x00,0x16,0xb2, | |
14084 | + 0x88,0x2f,0x14,0x6a,0xb7,0xfc,0xb7,0x53,0xdc,0x4a,0x12,0xef, | |
14085 | + 0x54,0xd6,0x33,0xe9,0x20,0xd6,0xfd,0x56 | |
14086 | + }; | |
14087 | + | |
14088 | +__fips_constseg | |
14089 | +static const unsigned char hmac_sha256_pr_additionalinput2[] = | |
14090 | + { | |
14091 | + 0xf4,0xf6,0x49,0xa1,0x2d,0x64,0x2b,0x30,0x58,0xf8,0xbd,0xb8, | |
14092 | + 0x75,0xeb,0xbb,0x5e,0x1c,0x9b,0x81,0x6a,0xda,0x14,0x86,0x6e, | |
14093 | + 0xd0,0xda,0x18,0xb7,0x88,0xfb,0x59,0xf3 | |
14094 | + }; | |
14095 | + | |
14096 | +__fips_constseg | |
14097 | +static const unsigned char hmac_sha256_pr_entropyinputpr2[] = | |
14098 | + { | |
14099 | + 0x21,0xcd,0x6e,0x46,0xad,0x99,0x07,0x17,0xb4,0x3d,0x76,0x0a, | |
14100 | + 0xff,0x5b,0x52,0x50,0x78,0xdf,0x1f,0x24,0x06,0x0d,0x3f,0x74, | |
14101 | + 0xa9,0xc9,0x37,0xcf,0xd8,0x26,0x25,0x91 | |
14102 | + }; | |
14103 | + | |
14104 | +__fips_constseg | |
14105 | +static const unsigned char hmac_sha256_pr_returnedbits[] = | |
14106 | + { | |
14107 | + 0xa7,0xaf,0x2f,0x29,0xe0,0x3a,0x72,0x95,0x96,0x1c,0xa9,0xf0, | |
14108 | + 0x4a,0x17,0x4d,0x66,0x06,0x10,0xbf,0x39,0x89,0x88,0xb8,0x91, | |
14109 | + 0x37,0x18,0x99,0xcf,0x8c,0x53,0x3b,0x7e | |
14110 | + }; | |
14111 | + | |
14112 | + | |
14113 | +/* HMAC SHA-256 No PR */ | |
14114 | +__fips_constseg | |
14115 | +static const unsigned char hmac_sha256_entropyinput[] = | |
14116 | + { | |
14117 | + 0x96,0xb7,0x53,0x22,0x1e,0x52,0x2a,0x96,0xb1,0x15,0x3c,0x35, | |
14118 | + 0x5a,0x8b,0xd3,0x4a,0xa6,0x6c,0x83,0x0a,0x7d,0xa3,0x23,0x3d, | |
14119 | + 0x43,0xa1,0x07,0x2c,0x2d,0xe3,0x81,0xcc | |
14120 | + }; | |
14121 | + | |
14122 | +__fips_constseg | |
14123 | +static const unsigned char hmac_sha256_nonce[] = | |
14124 | + { | |
14125 | + 0xf1,0xac,0x97,0xcb,0x5e,0x06,0x48,0xd2,0x94,0xbe,0x15,0x2e, | |
14126 | + 0xc7,0xfc,0xc2,0x01 | |
14127 | + }; | |
14128 | + | |
14129 | +__fips_constseg | |
14130 | +static const unsigned char hmac_sha256_personalizationstring[] = | |
14131 | + { | |
14132 | + 0x98,0xc5,0x1e,0x35,0x5e,0x89,0x0d,0xce,0x64,0x6d,0x18,0xa7, | |
14133 | + 0x5a,0xc6,0xf3,0xe7,0xd6,0x9e,0xc0,0xea,0xb7,0x3a,0x8d,0x65, | |
14134 | + 0xb8,0xeb,0x10,0xd7,0x57,0x18,0xa0,0x32 | |
14135 | + }; | |
14136 | + | |
14137 | +__fips_constseg | |
14138 | +static const unsigned char hmac_sha256_additionalinput[] = | |
14139 | + { | |
14140 | + 0x1b,0x10,0xaf,0xac,0xd0,0x65,0x95,0xad,0x04,0xad,0x03,0x1c, | |
14141 | + 0xe0,0x40,0xd6,0x3e,0x1c,0x46,0x53,0x39,0x7c,0xe2,0xbc,0xda, | |
14142 | + 0x8c,0xa2,0x33,0xa7,0x9a,0x26,0xd3,0x27 | |
14143 | + }; | |
14144 | + | |
14145 | +__fips_constseg | |
14146 | +static const unsigned char hmac_sha256_int_returnedbits[] = | |
14147 | + { | |
14148 | + 0xba,0x61,0x0e,0x55,0xfe,0x11,0x8a,0x9e,0x0f,0x80,0xdf,0x1d, | |
14149 | + 0x03,0x0a,0xfe,0x15,0x94,0x28,0x4b,0xba,0xf4,0x9f,0x51,0x25, | |
14150 | + 0x88,0xe5,0x4e,0xfb,0xaf,0xce,0x69,0x90 | |
14151 | + }; | |
14152 | + | |
14153 | +__fips_constseg | |
14154 | +static const unsigned char hmac_sha256_entropyinputreseed[] = | |
14155 | + { | |
14156 | + 0x62,0x7f,0x1e,0x6b,0xe8,0x8e,0xe1,0x35,0x7d,0x9b,0x4f,0xc7, | |
14157 | + 0xec,0xc8,0xac,0xef,0x6b,0x13,0x9e,0x05,0x56,0xc1,0x08,0xf9, | |
14158 | + 0x2f,0x0f,0x27,0x9c,0xd4,0x15,0xed,0x2d | |
14159 | + }; | |
14160 | + | |
14161 | +__fips_constseg | |
14162 | +static const unsigned char hmac_sha256_additionalinputreseed[] = | |
14163 | + { | |
14164 | + 0xc7,0x76,0x6e,0xa9,0xd2,0xb2,0x76,0x40,0x82,0x25,0x2c,0xb3, | |
14165 | + 0x6f,0xac,0xe9,0x74,0xef,0x8f,0x3c,0x8e,0xcd,0xf1,0xbf,0xb3, | |
14166 | + 0x49,0x77,0x34,0x88,0x52,0x36,0xe6,0x2e | |
14167 | + }; | |
14168 | + | |
14169 | +__fips_constseg | |
14170 | +static const unsigned char hmac_sha256_additionalinput2[] = | |
14171 | + { | |
14172 | + 0x8d,0xb8,0x0c,0xd1,0xbf,0x70,0xf6,0x19,0xc3,0x41,0x80,0x9f, | |
14173 | + 0xe1,0xa5,0xa4,0x1f,0x2c,0x26,0xb1,0xe5,0xd8,0xeb,0xbe,0xf8, | |
14174 | + 0xdf,0x88,0x6a,0x89,0xd6,0x05,0xd8,0x9d | |
14175 | + }; | |
14176 | + | |
14177 | +__fips_constseg | |
14178 | +static const unsigned char hmac_sha256_returnedbits[] = | |
14179 | + { | |
14180 | + 0x43,0x12,0x2a,0x2c,0x40,0x53,0x2e,0x7c,0x66,0x34,0xac,0xc3, | |
14181 | + 0x43,0xe3,0xe0,0x6a,0xfc,0xfa,0xea,0x87,0x21,0x1f,0xe2,0x26, | |
14182 | + 0xc4,0xf9,0x09,0x9a,0x0d,0x6e,0x7f,0xe0 | |
14183 | + }; | |
14184 | + | |
14185 | + | |
14186 | +/* HMAC SHA-384 PR */ | |
14187 | +__fips_constseg | |
14188 | +static const unsigned char hmac_sha384_pr_entropyinput[] = | |
14189 | + { | |
14190 | + 0x69,0x81,0x98,0x88,0x44,0xf5,0xd6,0x2e,0x00,0x08,0x3b,0xc5, | |
14191 | + 0xfb,0xd7,0x8e,0x6f,0x23,0xf8,0x6d,0x09,0xd6,0x85,0x49,0xd1, | |
14192 | + 0xf8,0x6d,0xa4,0x58,0x54,0xfd,0x88,0xa9 | |
14193 | + }; | |
14194 | + | |
14195 | +__fips_constseg | |
14196 | +static const unsigned char hmac_sha384_pr_nonce[] = | |
14197 | + { | |
14198 | + 0x6e,0x38,0x81,0xca,0xb7,0xe8,0x6e,0x66,0x49,0x8a,0xb2,0x59, | |
14199 | + 0xee,0x16,0xc9,0xde | |
14200 | + }; | |
14201 | + | |
14202 | +__fips_constseg | |
14203 | +static const unsigned char hmac_sha384_pr_personalizationstring[] = | |
14204 | + { | |
14205 | + 0xfe,0x4c,0xd9,0xf4,0x78,0x3b,0x08,0x41,0x8d,0x8f,0x55,0xc4, | |
14206 | + 0x43,0x56,0xb6,0x12,0x36,0x6b,0x30,0xb7,0x5e,0xe1,0xb9,0x47, | |
14207 | + 0x04,0xb1,0x4e,0xa9,0x00,0xa1,0x52,0xa1 | |
14208 | + }; | |
14209 | + | |
14210 | +__fips_constseg | |
14211 | +static const unsigned char hmac_sha384_pr_additionalinput[] = | |
14212 | + { | |
14213 | + 0x89,0xe9,0xcc,0x8f,0x27,0x3c,0x26,0xd1,0x95,0xc8,0x7d,0x0f, | |
14214 | + 0x5b,0x1a,0xf0,0x78,0x39,0x56,0x6f,0xa4,0x23,0xe7,0xd1,0xda, | |
14215 | + 0x7c,0x66,0x33,0xa0,0x90,0xc9,0x92,0x88 | |
14216 | + }; | |
14217 | + | |
14218 | +__fips_constseg | |
14219 | +static const unsigned char hmac_sha384_pr_entropyinputpr[] = | |
14220 | + { | |
14221 | + 0xbe,0x3d,0x7c,0x0d,0xca,0xda,0x7c,0x49,0xb8,0x12,0x36,0xc0, | |
14222 | + 0xdb,0xad,0x35,0xa8,0xc7,0x0b,0x2a,0x2c,0x69,0x6d,0x25,0x56, | |
14223 | + 0x63,0x82,0x11,0x3e,0xa7,0x33,0x70,0x72 | |
14224 | + }; | |
14225 | + | |
14226 | +__fips_constseg | |
14227 | +static const unsigned char hmac_sha384_pr_int_returnedbits[] = | |
14228 | + { | |
14229 | + 0x82,0x3d,0xe6,0x54,0x80,0x42,0xf8,0xba,0x90,0x4f,0x06,0xa6, | |
14230 | + 0xd2,0x7f,0xbf,0x79,0x7c,0x12,0x7d,0xa6,0xa2,0x66,0xe8,0xa6, | |
14231 | + 0xc0,0xd6,0x4a,0x55,0xbf,0xd8,0x0a,0xc5,0xf8,0x03,0x88,0xdd, | |
14232 | + 0x8e,0x87,0xd1,0x5a,0x48,0x26,0x72,0x2a,0x8e,0xcf,0xee,0xba | |
14233 | + }; | |
14234 | + | |
14235 | +__fips_constseg | |
14236 | +static const unsigned char hmac_sha384_pr_additionalinput2[] = | |
14237 | + { | |
14238 | + 0x8f,0xff,0xd9,0x84,0xbb,0x85,0x3a,0x66,0xa1,0x21,0xce,0xb2, | |
14239 | + 0x3a,0x3a,0x17,0x22,0x19,0xae,0xc7,0xb6,0x63,0x81,0xd5,0xff, | |
14240 | + 0x0d,0xc8,0xe1,0xaf,0x57,0xd2,0xcb,0x60 | |
14241 | + }; | |
14242 | + | |
14243 | +__fips_constseg | |
14244 | +static const unsigned char hmac_sha384_pr_entropyinputpr2[] = | |
14245 | + { | |
14246 | + 0xd7,0xfb,0xc9,0xe8,0xe2,0xf2,0xaa,0x4c,0xb8,0x51,0x2f,0xe1, | |
14247 | + 0x22,0xba,0xf3,0xda,0x0a,0x19,0x76,0x71,0x57,0xb2,0x1d,0x94, | |
14248 | + 0x09,0x69,0x6c,0xd3,0x97,0x51,0x81,0x87 | |
14249 | + }; | |
14250 | + | |
14251 | +__fips_constseg | |
14252 | +static const unsigned char hmac_sha384_pr_returnedbits[] = | |
14253 | + { | |
14254 | + 0xe6,0x19,0x28,0xa8,0x21,0xce,0x5e,0xdb,0x24,0x79,0x8c,0x76, | |
14255 | + 0x5d,0x73,0xb2,0xdf,0xac,0xef,0x85,0xa7,0x3b,0x19,0x09,0x8b, | |
14256 | + 0x7f,0x98,0x28,0xa9,0x93,0xd8,0x7a,0xad,0x55,0x8b,0x24,0x9d, | |
14257 | + 0xe6,0x98,0xfe,0x47,0xd5,0x48,0xc1,0x23,0xd8,0x1d,0x62,0x75 | |
14258 | + }; | |
14259 | + | |
14260 | + | |
14261 | +/* HMAC SHA-384 No PR */ | |
14262 | +__fips_constseg | |
14263 | +static const unsigned char hmac_sha384_entropyinput[] = | |
14264 | + { | |
14265 | + 0xc3,0x56,0x2b,0x1d,0xc2,0xbb,0xa8,0xf0,0xae,0x1b,0x0d,0xd3, | |
14266 | + 0x5a,0x6c,0xda,0x57,0x8e,0xa5,0x8a,0x0d,0x6c,0x4b,0x18,0xb1, | |
14267 | + 0x04,0x3e,0xb4,0x99,0x35,0xc4,0xc0,0x5f | |
14268 | + }; | |
14269 | + | |
14270 | +__fips_constseg | |
14271 | +static const unsigned char hmac_sha384_nonce[] = | |
14272 | + { | |
14273 | + 0xc5,0x49,0x1e,0x66,0x27,0x92,0xbe,0xec,0xb5,0x1e,0x4b,0xb1, | |
14274 | + 0x38,0xe3,0xeb,0x62 | |
14275 | + }; | |
14276 | + | |
14277 | +__fips_constseg | |
14278 | +static const unsigned char hmac_sha384_personalizationstring[] = | |
14279 | + { | |
14280 | + 0xbe,0xe7,0x6b,0x57,0xde,0x88,0x11,0x96,0x9b,0x6e,0xea,0xe5, | |
14281 | + 0x63,0x83,0x4c,0xb6,0x8d,0x66,0xaa,0x1f,0x8b,0x54,0xe7,0x62, | |
14282 | + 0x6d,0x5a,0xfc,0xbf,0x97,0xba,0xcd,0x77 | |
14283 | + }; | |
14284 | + | |
14285 | +__fips_constseg | |
14286 | +static const unsigned char hmac_sha384_additionalinput[] = | |
14287 | + { | |
14288 | + 0xe5,0x28,0x5f,0x43,0xf5,0x83,0x6e,0x0a,0x83,0x5c,0xe3,0x81, | |
14289 | + 0x03,0xf2,0xf8,0x78,0x00,0x7c,0x95,0x87,0x16,0xd6,0x6c,0x58, | |
14290 | + 0x33,0x6c,0x53,0x35,0x0d,0x66,0xe3,0xce | |
14291 | + }; | |
14292 | + | |
14293 | +__fips_constseg | |
14294 | +static const unsigned char hmac_sha384_int_returnedbits[] = | |
14295 | + { | |
14296 | + 0xe2,0x1f,0xf3,0xda,0x0d,0x19,0x99,0x87,0xc4,0x90,0xa2,0x31, | |
14297 | + 0xca,0x2a,0x89,0x58,0x43,0x44,0xb8,0xde,0xcf,0xa4,0xbe,0x3b, | |
14298 | + 0x53,0x26,0x22,0x31,0x76,0x41,0x22,0xb5,0xa8,0x70,0x2f,0x4b, | |
14299 | + 0x64,0x95,0x4d,0x48,0x96,0x35,0xe6,0xbd,0x3c,0x34,0xdb,0x1b | |
14300 | + }; | |
14301 | + | |
14302 | +__fips_constseg | |
14303 | +static const unsigned char hmac_sha384_entropyinputreseed[] = | |
14304 | + { | |
14305 | + 0x77,0x61,0xba,0xbc,0xf2,0xc1,0xf3,0x4b,0x86,0x65,0xfd,0x48, | |
14306 | + 0x0e,0x3c,0x02,0x5e,0xa2,0x7a,0x6b,0x7c,0xed,0x21,0x5e,0xf9, | |
14307 | + 0xcd,0xcd,0x77,0x07,0x2b,0xbe,0xc5,0x5c | |
14308 | + }; | |
14309 | + | |
14310 | +__fips_constseg | |
14311 | +static const unsigned char hmac_sha384_additionalinputreseed[] = | |
14312 | + { | |
14313 | + 0x18,0x24,0x5f,0xc6,0x84,0xd1,0x67,0xc3,0x9a,0x11,0xa5,0x8c, | |
14314 | + 0x07,0x39,0x21,0x83,0x4d,0x04,0xc4,0x6a,0x28,0x19,0xcf,0x92, | |
14315 | + 0x21,0xd9,0x9e,0x41,0x72,0x6c,0x9e,0x63 | |
14316 | + }; | |
14317 | + | |
14318 | +__fips_constseg | |
14319 | +static const unsigned char hmac_sha384_additionalinput2[] = | |
14320 | + { | |
14321 | + 0x96,0x67,0x41,0x28,0x9b,0xb7,0x92,0x8d,0x64,0x3b,0xe4,0xcf, | |
14322 | + 0x7e,0xaa,0x1e,0xb1,0x4b,0x1d,0x09,0x56,0x67,0x9c,0xc6,0x6d, | |
14323 | + 0x3b,0xe8,0x91,0x9d,0xe1,0x8a,0xb7,0x32 | |
14324 | + }; | |
14325 | + | |
14326 | +__fips_constseg | |
14327 | +static const unsigned char hmac_sha384_returnedbits[] = | |
14328 | + { | |
14329 | + 0xe3,0x59,0x61,0x38,0x92,0xec,0xe2,0x3c,0xff,0xb7,0xdb,0x19, | |
14330 | + 0x0f,0x5b,0x93,0x68,0x0d,0xa4,0x94,0x40,0x72,0x0b,0xe0,0xed, | |
14331 | + 0x4d,0xcd,0x68,0xa0,0x1e,0xfe,0x67,0xb2,0xfa,0x21,0x56,0x74, | |
14332 | + 0xa4,0xad,0xcf,0xb7,0x60,0x66,0x2e,0x40,0xde,0x82,0xca,0xfb | |
14333 | + }; | |
14334 | + | |
14335 | + | |
14336 | +/* HMAC SHA-512 PR */ | |
14337 | +__fips_constseg | |
14338 | +static const unsigned char hmac_sha512_pr_entropyinput[] = | |
14339 | + { | |
14340 | + 0xaa,0x9e,0x45,0x67,0x0e,0x00,0x2a,0x67,0x98,0xd6,0xda,0x0b, | |
14341 | + 0x0f,0x17,0x7e,0xac,0xfd,0x27,0xc4,0xca,0x84,0xdf,0xde,0xba, | |
14342 | + 0x85,0xd9,0xbe,0x8f,0xf3,0xff,0x91,0x4d | |
14343 | + }; | |
14344 | + | |
14345 | +__fips_constseg | |
14346 | +static const unsigned char hmac_sha512_pr_nonce[] = | |
14347 | + { | |
14348 | + 0x8c,0x49,0x2f,0x58,0x1e,0x7a,0xda,0x4b,0x7e,0x8a,0x30,0x7b, | |
14349 | + 0x86,0xea,0xaf,0xa2 | |
14350 | + }; | |
14351 | + | |
14352 | +__fips_constseg | |
14353 | +static const unsigned char hmac_sha512_pr_personalizationstring[] = | |
14354 | + { | |
14355 | + 0x71,0xe1,0xbb,0xad,0xa7,0x4b,0x2e,0x31,0x3b,0x0b,0xec,0x24, | |
14356 | + 0x99,0x38,0xbc,0xaa,0x05,0x4c,0x46,0x44,0xfa,0xad,0x8e,0x02, | |
14357 | + 0xc1,0x7e,0xad,0xec,0x54,0xa6,0xd0,0xad | |
14358 | + }; | |
14359 | + | |
14360 | +__fips_constseg | |
14361 | +static const unsigned char hmac_sha512_pr_additionalinput[] = | |
14362 | + { | |
14363 | + 0x3d,0x6e,0xa6,0xa8,0x29,0x2a,0xb2,0xf5,0x98,0x42,0xe4,0x92, | |
14364 | + 0x78,0x22,0x67,0xfd,0x1b,0x15,0x1e,0x29,0xaa,0x71,0x3c,0x3c, | |
14365 | + 0xe7,0x05,0x20,0xa9,0x29,0xc6,0x75,0x71 | |
14366 | + }; | |
14367 | + | |
14368 | +__fips_constseg | |
14369 | +static const unsigned char hmac_sha512_pr_entropyinputpr[] = | |
14370 | + { | |
14371 | + 0xab,0xb9,0x16,0xd8,0x55,0x35,0x54,0xb7,0x97,0x3f,0x94,0xbc, | |
14372 | + 0x2f,0x7c,0x70,0xc7,0xd0,0xed,0xb7,0x4b,0xf7,0xf6,0x6c,0x03, | |
14373 | + 0x0c,0xb0,0x03,0xd8,0xbb,0x71,0xd9,0x10 | |
14374 | + }; | |
14375 | + | |
14376 | +__fips_constseg | |
14377 | +static const unsigned char hmac_sha512_pr_int_returnedbits[] = | |
14378 | + { | |
14379 | + 0x8e,0xd3,0xfd,0x52,0x9e,0x83,0x08,0x49,0x18,0x6e,0x23,0x56, | |
14380 | + 0x5c,0x45,0x93,0x34,0x05,0xe2,0x98,0x8f,0x0c,0xd4,0x32,0x0c, | |
14381 | + 0xfd,0xda,0x5f,0x92,0x3a,0x8c,0x81,0xbd,0xf6,0x6c,0x55,0xfd, | |
14382 | + 0xb8,0x20,0xce,0x8d,0x97,0x27,0xe8,0xe8,0xe0,0xb3,0x85,0x50, | |
14383 | + 0xa2,0xc2,0xb2,0x95,0x1d,0x48,0xd3,0x7b,0x4b,0x78,0x13,0x35, | |
14384 | + 0x05,0x17,0xbe,0x0d | |
14385 | + }; | |
14386 | + | |
14387 | +__fips_constseg | |
14388 | +static const unsigned char hmac_sha512_pr_additionalinput2[] = | |
14389 | + { | |
14390 | + 0xc3,0xfc,0x95,0xaa,0x69,0x06,0xae,0x59,0x41,0xce,0x26,0x08, | |
14391 | + 0x29,0x6d,0x45,0xda,0xe8,0xb3,0x6c,0x95,0x60,0x0f,0x70,0x2c, | |
14392 | + 0x10,0xba,0x38,0x8c,0xcf,0x29,0x99,0xaa | |
14393 | + }; | |
14394 | + | |
14395 | +__fips_constseg | |
14396 | +static const unsigned char hmac_sha512_pr_entropyinputpr2[] = | |
14397 | + { | |
14398 | + 0x3b,0x9a,0x25,0xce,0xd7,0xf9,0x5c,0xd1,0x3a,0x3e,0xaa,0x71, | |
14399 | + 0x14,0x3e,0x19,0xe8,0xce,0xe6,0xfe,0x51,0x84,0xe9,0x1b,0xfe, | |
14400 | + 0x3f,0xa7,0xf2,0xfd,0x76,0x5f,0x6a,0xe7 | |
14401 | + }; | |
14402 | + | |
14403 | +__fips_constseg | |
14404 | +static const unsigned char hmac_sha512_pr_returnedbits[] = | |
14405 | + { | |
14406 | + 0xb7,0x82,0xa9,0x57,0x81,0x67,0x53,0xb5,0xa1,0xe9,0x3d,0x35, | |
14407 | + 0xf9,0xe4,0x97,0xbe,0xa6,0xca,0xf1,0x01,0x13,0x09,0xe7,0x21, | |
14408 | + 0xc0,0xed,0x93,0x5d,0x4b,0xf4,0xeb,0x8d,0x53,0x25,0x8a,0xc4, | |
14409 | + 0xb1,0x6f,0x6e,0x37,0xcd,0x2e,0xac,0x39,0xb2,0xb6,0x99,0xa3, | |
14410 | + 0x82,0x00,0xb0,0x21,0xf0,0xc7,0x2f,0x4c,0x73,0x92,0xfd,0x00, | |
14411 | + 0xb6,0xaf,0xbc,0xd3 | |
14412 | + }; | |
14413 | + | |
14414 | + | |
14415 | +/* HMAC SHA-512 No PR */ | |
14416 | +__fips_constseg | |
14417 | +static const unsigned char hmac_sha512_entropyinput[] = | |
14418 | + { | |
14419 | + 0x6e,0x85,0xe6,0x25,0x96,0x29,0xa7,0x52,0x5b,0x60,0xba,0xaa, | |
14420 | + 0xde,0xdb,0x36,0x0a,0x51,0x9a,0x15,0xae,0x6e,0x18,0xd3,0xfe, | |
14421 | + 0x39,0xb9,0x4a,0x96,0xf8,0x77,0xcb,0x95 | |
14422 | + }; | |
14423 | + | |
14424 | +__fips_constseg | |
14425 | +static const unsigned char hmac_sha512_nonce[] = | |
14426 | + { | |
14427 | + 0xe0,0xa6,0x5d,0x08,0xc3,0x7c,0xae,0x25,0x2e,0x80,0xd1,0x3e, | |
14428 | + 0xd9,0xaf,0x43,0x3c | |
14429 | + }; | |
14430 | + | |
14431 | +__fips_constseg | |
14432 | +static const unsigned char hmac_sha512_personalizationstring[] = | |
14433 | + { | |
14434 | + 0x53,0x99,0x52,0x5f,0x11,0xa9,0x64,0x66,0x20,0x5e,0x1b,0x5f, | |
14435 | + 0x42,0xb3,0xf4,0xda,0xed,0xbb,0x63,0xc1,0x23,0xaf,0xd0,0x01, | |
14436 | + 0x90,0x3b,0xd0,0x78,0xe4,0x0b,0xa7,0x20 | |
14437 | + }; | |
14438 | + | |
14439 | +__fips_constseg | |
14440 | +static const unsigned char hmac_sha512_additionalinput[] = | |
14441 | + { | |
14442 | + 0x85,0x90,0x80,0xd3,0x98,0xf1,0x53,0x6d,0x68,0x15,0x8f,0xe5, | |
14443 | + 0x60,0x3f,0x17,0x29,0x55,0x8d,0x33,0xb1,0x45,0x64,0x64,0x8d, | |
14444 | + 0x50,0x21,0x89,0xae,0xf6,0xfd,0x32,0x73 | |
14445 | + }; | |
14446 | + | |
14447 | +__fips_constseg | |
14448 | +static const unsigned char hmac_sha512_int_returnedbits[] = | |
14449 | + { | |
14450 | + 0x28,0x56,0x30,0x6f,0xf4,0xa1,0x48,0xe0,0xc9,0xf5,0x75,0x90, | |
14451 | + 0xcc,0xfb,0xdf,0xdf,0x71,0x3d,0x0a,0x9a,0x03,0x65,0x3b,0x18, | |
14452 | + 0x61,0xe3,0xd1,0xda,0xcc,0x4a,0xfe,0x55,0x38,0xf8,0x21,0x6b, | |
14453 | + 0xfa,0x18,0x01,0x42,0x39,0x2f,0x99,0x53,0x38,0x15,0x82,0x34, | |
14454 | + 0xc5,0x93,0x92,0xbc,0x4d,0x75,0x1a,0x5f,0x21,0x27,0xcc,0xa1, | |
14455 | + 0xb1,0x57,0x69,0xe8 | |
14456 | + }; | |
14457 | + | |
14458 | +__fips_constseg | |
14459 | +static const unsigned char hmac_sha512_entropyinputreseed[] = | |
14460 | + { | |
14461 | + 0x8c,0x52,0x7e,0x77,0x72,0x3f,0xa3,0x04,0x97,0x10,0x9b,0x41, | |
14462 | + 0xbd,0xe8,0xff,0x89,0xed,0x80,0xe3,0xbd,0xaa,0x12,0x2d,0xca, | |
14463 | + 0x75,0x82,0x36,0x77,0x88,0xcd,0xa6,0x73 | |
14464 | + }; | |
14465 | + | |
14466 | +__fips_constseg | |
14467 | +static const unsigned char hmac_sha512_additionalinputreseed[] = | |
14468 | + { | |
14469 | + 0x7e,0x32,0xe3,0x69,0x69,0x07,0x34,0xa2,0x16,0xa2,0x5d,0x1a, | |
14470 | + 0x10,0x91,0xd3,0xe2,0x21,0xa2,0xa3,0xdd,0xcd,0x0c,0x09,0x86, | |
14471 | + 0x11,0xe1,0x50,0xff,0x5c,0xb7,0xeb,0x5c | |
14472 | + }; | |
14473 | + | |
14474 | +__fips_constseg | |
14475 | +static const unsigned char hmac_sha512_additionalinput2[] = | |
14476 | + { | |
14477 | + 0x7f,0x78,0x66,0xd8,0xfb,0x67,0xcf,0x8d,0x8c,0x08,0x30,0xa5, | |
14478 | + 0xf8,0x7d,0xcf,0x44,0x59,0xce,0xf8,0xdf,0x58,0xd3,0x60,0xcb, | |
14479 | + 0xa8,0x60,0xb9,0x07,0xc4,0xb1,0x95,0x48 | |
14480 | + }; | |
14481 | + | |
14482 | +__fips_constseg | |
14483 | +static const unsigned char hmac_sha512_returnedbits[] = | |
14484 | + { | |
14485 | + 0xdf,0xa7,0x36,0xd4,0xdc,0x5d,0x4d,0x31,0xad,0x69,0x46,0x9f, | |
14486 | + 0xf1,0x7c,0xd7,0x3b,0x4f,0x55,0xf2,0xd7,0xb9,0x9d,0xad,0x7a, | |
14487 | + 0x79,0x08,0x59,0xa5,0xdc,0x74,0xf5,0x9b,0x73,0xd2,0x13,0x25, | |
14488 | + 0x0b,0x81,0x08,0x08,0x25,0xfb,0x39,0xf2,0xf0,0xa3,0xa4,0x8d, | |
14489 | + 0xef,0x05,0x9e,0xb8,0xc7,0x52,0xe4,0x0e,0x42,0xaa,0x7c,0x79, | |
14490 | + 0xc2,0xd6,0xfd,0xa5 | |
14491 | + }; | |
14492 | + | |
a7ff9508 MT |
14493 | diff -up openssl-1.0.1b/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_dsa_selftest.c |
14494 | --- openssl-1.0.1b/crypto/fips/fips_dsa_selftest.c.fips 2012-04-26 18:00:51.404769387 +0200 | |
14495 | +++ openssl-1.0.1b/crypto/fips/fips_dsa_selftest.c 2012-04-26 18:00:51.404769387 +0200 | |
0595faf5 MT |
14496 | @@ -0,0 +1,193 @@ |
14497 | +/* ==================================================================== | |
14498 | + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | |
14499 | + * | |
14500 | + * Redistribution and use in source and binary forms, with or without | |
14501 | + * modification, are permitted provided that the following conditions | |
14502 | + * are met: | |
14503 | + * | |
14504 | + * 1. Redistributions of source code must retain the above copyright | |
14505 | + * notice, this list of conditions and the following disclaimer. | |
14506 | + * | |
14507 | + * 2. Redistributions in binary form must reproduce the above copyright | |
14508 | + * notice, this list of conditions and the following disclaimer in | |
14509 | + * the documentation and/or other materials provided with the | |
14510 | + * distribution. | |
14511 | + * | |
14512 | + * 3. All advertising materials mentioning features or use of this | |
14513 | + * software must display the following acknowledgment: | |
14514 | + * "This product includes software developed by the OpenSSL Project | |
14515 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
14516 | + * | |
14517 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
14518 | + * endorse or promote products derived from this software without | |
14519 | + * prior written permission. For written permission, please contact | |
14520 | + * openssl-core@openssl.org. | |
14521 | + * | |
14522 | + * 5. Products derived from this software may not be called "OpenSSL" | |
14523 | + * nor may "OpenSSL" appear in their names without prior written | |
14524 | + * permission of the OpenSSL Project. | |
14525 | + * | |
14526 | + * 6. Redistributions of any form whatsoever must retain the following | |
14527 | + * acknowledgment: | |
14528 | + * "This product includes software developed by the OpenSSL Project | |
14529 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
14530 | + * | |
14531 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
14532 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
14533 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
14534 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
14535 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
14536 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
14537 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
14538 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
14539 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
14540 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
14541 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
14542 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
14543 | + * | |
14544 | + */ | |
14545 | + | |
14546 | +#include <string.h> | |
14547 | +#include <openssl/crypto.h> | |
14548 | +#include <openssl/dsa.h> | |
14549 | +#include <openssl/fips.h> | |
14550 | +#include <openssl/err.h> | |
14551 | +#include <openssl/evp.h> | |
14552 | +#include <openssl/bn.h> | |
14553 | +#include "fips_locl.h" | |
14554 | + | |
14555 | +#ifdef OPENSSL_FIPS | |
14556 | + | |
14557 | +static const unsigned char dsa_test_2048_p[] = { | |
14558 | + 0xa8,0x53,0x78,0xd8,0xfd,0x3f,0x8d,0x72,0xec,0x74,0x18,0x08, | |
14559 | + 0x0d,0xa2,0x13,0x17,0xe4,0x3e,0xc4,0xb6,0x2b,0xa8,0xc8,0x62, | |
14560 | + 0x3b,0x7e,0x4d,0x04,0x44,0x1d,0xd1,0xa0,0x65,0x86,0x62,0x59, | |
14561 | + 0x64,0x93,0xca,0x8e,0x9e,0x8f,0xbb,0x7e,0x34,0xaa,0xdd,0xb6, | |
14562 | + 0x2e,0x5d,0x67,0xb6,0xd0,0x9a,0x6e,0x61,0xb7,0x69,0xe7,0xc3, | |
14563 | + 0x52,0xaa,0x2b,0x10,0xe2,0x0c,0xa0,0x63,0x69,0x63,0xb5,0x52, | |
14564 | + 0x3e,0x86,0x47,0x0d,0xec,0xbb,0xed,0xa0,0x27,0xe7,0x97,0xe7, | |
14565 | + 0xb6,0x76,0x35,0xd4,0xd4,0x9c,0x30,0x70,0x0e,0x74,0xaf,0x8a, | |
14566 | + 0x0f,0xf1,0x56,0xa8,0x01,0xaf,0x57,0xa2,0x6e,0x70,0x78,0xf1, | |
14567 | + 0xd8,0x2f,0x74,0x90,0x8e,0xcb,0x6d,0x07,0xe7,0x0b,0x35,0x03, | |
14568 | + 0xee,0xd9,0x4f,0xa3,0x2c,0xf1,0x7a,0x7f,0xc3,0xd6,0xcf,0x40, | |
14569 | + 0xdc,0x7b,0x00,0x83,0x0e,0x6a,0x25,0x66,0xdc,0x07,0x3e,0x34, | |
14570 | + 0x33,0x12,0x51,0x7c,0x6a,0xa5,0x15,0x2b,0x4b,0xfe,0xcd,0x2e, | |
14571 | + 0x55,0x1f,0xee,0x34,0x63,0x18,0xa1,0x53,0x42,0x3c,0x99,0x6b, | |
14572 | + 0x0d,0x5d,0xcb,0x91,0x02,0xae,0xdd,0x38,0x79,0x86,0x16,0xf1, | |
14573 | + 0xf1,0xe0,0xd6,0xc4,0x03,0x52,0x5b,0x1f,0x9b,0x3d,0x4d,0xc7, | |
14574 | + 0x66,0xde,0x2d,0xfc,0x4a,0x56,0xd7,0xb8,0xba,0x59,0x63,0xd6, | |
14575 | + 0x0f,0x3e,0x16,0x31,0x88,0x70,0xad,0x43,0x69,0x52,0xe5,0x57, | |
14576 | + 0x65,0x37,0x4e,0xab,0x85,0xe8,0xec,0x17,0xd6,0xb9,0xa4,0x54, | |
14577 | + 0x7b,0x9b,0x5f,0x27,0x52,0xf3,0x10,0x5b,0xe8,0x09,0xb2,0x3a, | |
14578 | + 0x2c,0x8d,0x74,0x69,0xdb,0x02,0xe2,0x4d,0x59,0x23,0x94,0xa7, | |
14579 | + 0xdb,0xa0,0x69,0xe9 | |
14580 | +}; | |
14581 | + | |
14582 | +static const unsigned char dsa_test_2048_q[] = { | |
14583 | + 0xd2,0x77,0x04,0x4e,0x50,0xf5,0xa4,0xe3,0xf5,0x10,0xa5,0x0a, | |
14584 | + 0x0b,0x84,0xfd,0xff,0xbc,0xa0,0x47,0xed,0x27,0x60,0x20,0x56, | |
14585 | + 0x74,0x41,0xa0,0xa5 | |
14586 | +}; | |
14587 | + | |
14588 | +static const unsigned char dsa_test_2048_g[] = { | |
14589 | + 0x13,0xd7,0x54,0xe2,0x1f,0xd2,0x41,0x65,0x5d,0xa8,0x91,0xc5, | |
14590 | + 0x22,0xa6,0x5a,0x72,0xa8,0x9b,0xdc,0x64,0xec,0x9b,0x54,0xa8, | |
14591 | + 0x21,0xed,0x4a,0x89,0x8b,0x49,0x0e,0x0c,0x4f,0xcb,0x72,0x19, | |
14592 | + 0x2a,0x4a,0x20,0xf5,0x41,0xf3,0xf2,0x92,0x53,0x99,0xf0,0xba, | |
14593 | + 0xec,0xf9,0x29,0xaa,0xfb,0xf7,0x9d,0xfe,0x43,0x32,0x39,0x3b, | |
14594 | + 0x32,0xcd,0x2e,0x2f,0xcf,0x27,0x2f,0x32,0xa6,0x27,0x43,0x4a, | |
14595 | + 0x0d,0xf2,0x42,0xb7,0x5b,0x41,0x4d,0xf3,0x72,0x12,0x1e,0x53, | |
14596 | + 0xa5,0x53,0xf2,0x22,0xf8,0x36,0xb0,0x00,0xf0,0x16,0x48,0x5b, | |
14597 | + 0x6b,0xd0,0x89,0x84,0x51,0x80,0x1d,0xcd,0x8d,0xe6,0x4c,0xd5, | |
14598 | + 0x36,0x56,0x96,0xff,0xc5,0x32,0xd5,0x28,0xc5,0x06,0x62,0x0a, | |
14599 | + 0x94,0x2a,0x03,0x05,0x04,0x6d,0x8f,0x18,0x76,0x34,0x1f,0x1e, | |
14600 | + 0x57,0x0b,0xc3,0x97,0x4b,0xa6,0xb9,0xa4,0x38,0xe9,0x70,0x23, | |
14601 | + 0x02,0xa2,0xe6,0xe6,0x7b,0xfd,0x06,0xd3,0x2b,0xc6,0x79,0x96, | |
14602 | + 0x22,0x71,0xd7,0xb4,0x0c,0xd7,0x2f,0x38,0x6e,0x64,0xe0,0xd7, | |
14603 | + 0xef,0x86,0xca,0x8c,0xa5,0xd1,0x42,0x28,0xdc,0x2a,0x4f,0x16, | |
14604 | + 0xe3,0x18,0x98,0x86,0xb5,0x99,0x06,0x74,0xf4,0x20,0x0f,0x3a, | |
14605 | + 0x4c,0xf6,0x5a,0x3f,0x0d,0xdb,0xa1,0xfa,0x67,0x2d,0xff,0x2f, | |
14606 | + 0x5e,0x14,0x3d,0x10,0xe4,0xe9,0x7a,0xe8,0x4f,0x6d,0xa0,0x95, | |
14607 | + 0x35,0xd5,0xb9,0xdf,0x25,0x91,0x81,0xa7,0x9b,0x63,0xb0,0x69, | |
14608 | + 0xe9,0x49,0x97,0x2b,0x02,0xba,0x36,0xb3,0x58,0x6a,0xab,0x7e, | |
14609 | + 0x45,0xf3,0x22,0xf8,0x2e,0x4e,0x85,0xca,0x3a,0xb8,0x55,0x91, | |
14610 | + 0xb3,0xc2,0xa9,0x66 | |
14611 | +}; | |
14612 | + | |
14613 | +static const unsigned char dsa_test_2048_pub_key[] = { | |
14614 | + 0x24,0x52,0xf3,0xcc,0xbe,0x9e,0xd5,0xca,0x7d,0xc7,0x4c,0x60, | |
14615 | + 0x2b,0x99,0x22,0x6e,0x8f,0x2f,0xab,0x38,0xe7,0xd7,0xdd,0xfb, | |
14616 | + 0x75,0x53,0x9b,0x17,0x15,0x5e,0x9f,0xcf,0xd1,0xab,0xa5,0x64, | |
14617 | + 0xeb,0x85,0x35,0xd8,0x12,0xc9,0xc2,0xdc,0xf9,0x72,0x84,0x44, | |
14618 | + 0x1b,0xc4,0x82,0x24,0x36,0x24,0xc7,0xf4,0x57,0x58,0x0c,0x1c, | |
14619 | + 0x38,0xa5,0x7c,0x46,0xc4,0x57,0x39,0x24,0x70,0xed,0xb5,0x2c, | |
14620 | + 0xb5,0xa6,0xe0,0x3f,0xe6,0x28,0x7b,0xb6,0xf4,0x9a,0x42,0xa2, | |
14621 | + 0x06,0x5a,0x05,0x4f,0x03,0x08,0x39,0xdf,0x1f,0xd3,0x14,0x9c, | |
14622 | + 0x4c,0xa0,0x53,0x1d,0xd8,0xca,0x8a,0xaa,0x9c,0xc7,0x33,0x71, | |
14623 | + 0x93,0x38,0x73,0x48,0x33,0x61,0x18,0x22,0x45,0x45,0xe8,0x8c, | |
14624 | + 0x80,0xff,0xd8,0x76,0x5d,0x74,0x36,0x03,0x33,0xcc,0xab,0x99, | |
14625 | + 0x72,0x77,0x9b,0x65,0x25,0xa6,0x5b,0xdd,0x0d,0x10,0xc6,0x75, | |
14626 | + 0xc1,0x09,0xbb,0xd3,0xe5,0xbe,0x4d,0x72,0xef,0x6e,0xba,0x6e, | |
14627 | + 0x43,0x8d,0x52,0x26,0x23,0x7d,0xb8,0x88,0x37,0x9c,0x5f,0xcc, | |
14628 | + 0x47,0xa3,0x84,0x7f,0xf6,0x37,0x11,0xba,0xed,0x6d,0x03,0xaf, | |
14629 | + 0xe8,0x1e,0x69,0x4a,0x41,0x3b,0x68,0x0b,0xd3,0x8a,0xb4,0x90, | |
14630 | + 0x3f,0x83,0x70,0xa7,0x07,0xef,0x55,0x1d,0x49,0x41,0x02,0x6d, | |
14631 | + 0x95,0x79,0xd6,0x91,0xde,0x8e,0xda,0xa1,0x61,0x05,0xeb,0x9d, | |
14632 | + 0xba,0x3c,0x2f,0x4c,0x1b,0xec,0x50,0x82,0x75,0xaa,0x02,0x07, | |
14633 | + 0xe2,0x51,0xb5,0xec,0xcb,0x28,0x6a,0x4b,0x01,0xd4,0x49,0xd3, | |
14634 | + 0x0a,0xcb,0x67,0x37,0x17,0xa0,0xd2,0xfb,0x3b,0x50,0xc8,0x93, | |
14635 | + 0xf7,0xda,0xb1,0x4f | |
14636 | +}; | |
14637 | + | |
14638 | +static const unsigned char dsa_test_2048_priv_key[] = { | |
14639 | + 0x0c,0x4b,0x30,0x89,0xd1,0xb8,0x62,0xcb,0x3c,0x43,0x64,0x91, | |
14640 | + 0xf0,0x91,0x54,0x70,0xc5,0x27,0x96,0xe3,0xac,0xbe,0xe8,0x00, | |
14641 | + 0xec,0x55,0xf6,0xcc | |
14642 | +}; | |
14643 | + | |
14644 | +static int corrupt_dsa; | |
14645 | + | |
14646 | +void FIPS_corrupt_dsa() | |
14647 | + { | |
14648 | + corrupt_dsa = 1; | |
14649 | + } | |
14650 | + | |
14651 | +int FIPS_selftest_dsa() | |
14652 | + { | |
14653 | + DSA *dsa = NULL; | |
14654 | + EVP_PKEY *pk = NULL; | |
14655 | + int ret = 0; | |
14656 | + | |
14657 | + dsa = DSA_new(); | |
14658 | + | |
14659 | + if(dsa == NULL) | |
14660 | + goto err; | |
14661 | + | |
14662 | + fips_load_key_component(dsa, p, dsa_test_2048); | |
14663 | + fips_load_key_component(dsa, q, dsa_test_2048); | |
14664 | + fips_load_key_component(dsa, g, dsa_test_2048); | |
14665 | + fips_load_key_component(dsa, pub_key, dsa_test_2048); | |
14666 | + fips_load_key_component(dsa, priv_key, dsa_test_2048); | |
14667 | + | |
14668 | + if (corrupt_dsa) | |
14669 | + BN_set_bit(dsa->pub_key, 2047); | |
14670 | + | |
14671 | + if ((pk=EVP_PKEY_new()) == NULL) | |
14672 | + goto err; | |
14673 | + | |
14674 | + EVP_PKEY_assign_DSA(pk, dsa); | |
14675 | + | |
14676 | + if (!fips_pkey_signature_test(pk, NULL, 0, | |
14677 | + NULL, 0, EVP_sha256(), 0, | |
14678 | + "DSA SHA256")) | |
14679 | + goto err; | |
14680 | + ret = 1; | |
14681 | + | |
14682 | + err: | |
14683 | + if (pk) | |
14684 | + EVP_PKEY_free(pk); | |
14685 | + else if (dsa) | |
14686 | + DSA_free(dsa); | |
14687 | + return ret; | |
14688 | + } | |
14689 | +#endif | |
a7ff9508 MT |
14690 | diff -up openssl-1.0.1b/crypto/fips/fips_enc.c.fips openssl-1.0.1b/crypto/fips/fips_enc.c |
14691 | --- openssl-1.0.1b/crypto/fips/fips_enc.c.fips 2012-04-26 18:00:51.405769408 +0200 | |
14692 | +++ openssl-1.0.1b/crypto/fips/fips_enc.c 2012-04-26 18:00:51.405769408 +0200 | |
0595faf5 MT |
14693 | @@ -0,0 +1,191 @@ |
14694 | +/* fipe/evp/fips_enc.c */ | |
14695 | +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | |
14696 | + * All rights reserved. | |
14697 | + * | |
14698 | + * This package is an SSL implementation written | |
14699 | + * by Eric Young (eay@cryptsoft.com). | |
14700 | + * The implementation was written so as to conform with Netscapes SSL. | |
14701 | + * | |
14702 | + * This library is free for commercial and non-commercial use as long as | |
14703 | + * the following conditions are aheared to. The following conditions | |
14704 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
14705 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
14706 | + * included with this distribution is covered by the same copyright terms | |
14707 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
14708 | + * | |
14709 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
14710 | + * the code are not to be removed. | |
14711 | + * If this package is used in a product, Eric Young should be given attribution | |
14712 | + * as the author of the parts of the library used. | |
14713 | + * This can be in the form of a textual message at program startup or | |
14714 | + * in documentation (online or textual) provided with the package. | |
14715 | + * | |
14716 | + * Redistribution and use in source and binary forms, with or without | |
14717 | + * modification, are permitted provided that the following conditions | |
14718 | + * are met: | |
14719 | + * 1. Redistributions of source code must retain the copyright | |
14720 | + * notice, this list of conditions and the following disclaimer. | |
14721 | + * 2. Redistributions in binary form must reproduce the above copyright | |
14722 | + * notice, this list of conditions and the following disclaimer in the | |
14723 | + * documentation and/or other materials provided with the distribution. | |
14724 | + * 3. All advertising materials mentioning features or use of this software | |
14725 | + * must display the following acknowledgement: | |
14726 | + * "This product includes cryptographic software written by | |
14727 | + * Eric Young (eay@cryptsoft.com)" | |
14728 | + * The word 'cryptographic' can be left out if the rouines from the library | |
14729 | + * being used are not cryptographic related :-). | |
14730 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
14731 | + * the apps directory (application code) you must include an acknowledgement: | |
14732 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
14733 | + * | |
14734 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
14735 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
14736 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
14737 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
14738 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
14739 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
14740 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
14741 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
14742 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
14743 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
14744 | + * SUCH DAMAGE. | |
14745 | + * | |
14746 | + * The licence and distribution terms for any publically available version or | |
14747 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
14748 | + * copied and put under another distribution licence | |
14749 | + * [including the GNU Public Licence.] | |
14750 | + */ | |
14751 | + | |
14752 | +#include <stdio.h> | |
14753 | +#include <string.h> | |
14754 | +#include <openssl/evp.h> | |
14755 | +#include <openssl/err.h> | |
14756 | +#include <openssl/fips.h> | |
14757 | + | |
14758 | +const EVP_CIPHER *FIPS_get_cipherbynid(int nid) | |
14759 | + { | |
14760 | + switch (nid) | |
14761 | + { | |
14762 | + case NID_aes_128_cbc: | |
14763 | + return EVP_aes_128_cbc(); | |
14764 | + | |
14765 | + case NID_aes_128_ccm: | |
14766 | + return EVP_aes_128_ccm(); | |
14767 | + | |
14768 | + case NID_aes_128_cfb1: | |
14769 | + return EVP_aes_128_cfb1(); | |
14770 | + | |
14771 | + case NID_aes_128_cfb128: | |
14772 | + return EVP_aes_128_cfb128(); | |
14773 | + | |
14774 | + case NID_aes_128_cfb8: | |
14775 | + return EVP_aes_128_cfb8(); | |
14776 | + | |
14777 | + case NID_aes_128_ctr: | |
14778 | + return EVP_aes_128_ctr(); | |
14779 | + | |
14780 | + case NID_aes_128_ecb: | |
14781 | + return EVP_aes_128_ecb(); | |
14782 | + | |
14783 | + case NID_aes_128_gcm: | |
14784 | + return EVP_aes_128_gcm(); | |
14785 | + | |
14786 | + case NID_aes_128_ofb128: | |
14787 | + return EVP_aes_128_ofb(); | |
14788 | + | |
14789 | + case NID_aes_128_xts: | |
14790 | + return EVP_aes_128_xts(); | |
14791 | + | |
14792 | + case NID_aes_192_cbc: | |
14793 | + return EVP_aes_192_cbc(); | |
14794 | + | |
14795 | + case NID_aes_192_ccm: | |
14796 | + return EVP_aes_192_ccm(); | |
14797 | + | |
14798 | + case NID_aes_192_cfb1: | |
14799 | + return EVP_aes_192_cfb1(); | |
14800 | + | |
14801 | + case NID_aes_192_cfb128: | |
14802 | + return EVP_aes_192_cfb128(); | |
14803 | + | |
14804 | + case NID_aes_192_cfb8: | |
14805 | + return EVP_aes_192_cfb8(); | |
14806 | + | |
14807 | + case NID_aes_192_ctr: | |
14808 | + return EVP_aes_192_ctr(); | |
14809 | + | |
14810 | + case NID_aes_192_ecb: | |
14811 | + return EVP_aes_192_ecb(); | |
14812 | + | |
14813 | + case NID_aes_192_gcm: | |
14814 | + return EVP_aes_192_gcm(); | |
14815 | + | |
14816 | + case NID_aes_192_ofb128: | |
14817 | + return EVP_aes_192_ofb(); | |
14818 | + | |
14819 | + case NID_aes_256_cbc: | |
14820 | + return EVP_aes_256_cbc(); | |
14821 | + | |
14822 | + case NID_aes_256_ccm: | |
14823 | + return EVP_aes_256_ccm(); | |
14824 | + | |
14825 | + case NID_aes_256_cfb1: | |
14826 | + return EVP_aes_256_cfb1(); | |
14827 | + | |
14828 | + case NID_aes_256_cfb128: | |
14829 | + return EVP_aes_256_cfb128(); | |
14830 | + | |
14831 | + case NID_aes_256_cfb8: | |
14832 | + return EVP_aes_256_cfb8(); | |
14833 | + | |
14834 | + case NID_aes_256_ctr: | |
14835 | + return EVP_aes_256_ctr(); | |
14836 | + | |
14837 | + case NID_aes_256_ecb: | |
14838 | + return EVP_aes_256_ecb(); | |
14839 | + | |
14840 | + case NID_aes_256_gcm: | |
14841 | + return EVP_aes_256_gcm(); | |
14842 | + | |
14843 | + case NID_aes_256_ofb128: | |
14844 | + return EVP_aes_256_ofb(); | |
14845 | + | |
14846 | + case NID_aes_256_xts: | |
14847 | + return EVP_aes_256_xts(); | |
14848 | + | |
14849 | + case NID_des_ede_ecb: | |
14850 | + return EVP_des_ede(); | |
14851 | + | |
14852 | + case NID_des_ede3_ecb: | |
14853 | + return EVP_des_ede3(); | |
14854 | + | |
14855 | + case NID_des_ede3_cbc: | |
14856 | + return EVP_des_ede3_cbc(); | |
14857 | + | |
14858 | + case NID_des_ede3_cfb1: | |
14859 | + return EVP_des_ede3_cfb1(); | |
14860 | + | |
14861 | + case NID_des_ede3_cfb64: | |
14862 | + return EVP_des_ede3_cfb64(); | |
14863 | + | |
14864 | + case NID_des_ede3_cfb8: | |
14865 | + return EVP_des_ede3_cfb8(); | |
14866 | + | |
14867 | + case NID_des_ede3_ofb64: | |
14868 | + return EVP_des_ede3_ofb(); | |
14869 | + | |
14870 | + case NID_des_ede_cbc: | |
14871 | + return EVP_des_ede_cbc(); | |
14872 | + | |
14873 | + case NID_des_ede_cfb64: | |
14874 | + return EVP_des_ede_cfb64(); | |
14875 | + | |
14876 | + case NID_des_ede_ofb64: | |
14877 | + return EVP_des_ede_ofb(); | |
14878 | + | |
14879 | + default: | |
14880 | + return NULL; | |
14881 | + | |
14882 | + } | |
14883 | + } | |
14884 | + | |
a7ff9508 MT |
14885 | diff -up openssl-1.0.1b/crypto/fips/fips.h.fips openssl-1.0.1b/crypto/fips/fips.h |
14886 | --- openssl-1.0.1b/crypto/fips/fips.h.fips 2012-04-26 18:00:51.405769408 +0200 | |
14887 | +++ openssl-1.0.1b/crypto/fips/fips.h 2012-04-26 18:00:51.405769408 +0200 | |
0595faf5 MT |
14888 | @@ -0,0 +1,279 @@ |
14889 | +/* ==================================================================== | |
14890 | + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. | |
14891 | + * | |
14892 | + * Redistribution and use in source and binary forms, with or without | |
14893 | + * modification, are permitted provided that the following conditions | |
14894 | + * are met: | |
14895 | + * | |
14896 | + * 1. Redistributions of source code must retain the above copyright | |
14897 | + * notice, this list of conditions and the following disclaimer. | |
14898 | + * | |
14899 | + * 2. Redistributions in binary form must reproduce the above copyright | |
14900 | + * notice, this list of conditions and the following disclaimer in | |
14901 | + * the documentation and/or other materials provided with the | |
14902 | + * distribution. | |
14903 | + * | |
14904 | + * 3. All advertising materials mentioning features or use of this | |
14905 | + * software must display the following acknowledgment: | |
14906 | + * "This product includes software developed by the OpenSSL Project | |
14907 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
14908 | + * | |
14909 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
14910 | + * endorse or promote products derived from this software without | |
14911 | + * prior written permission. For written permission, please contact | |
14912 | + * openssl-core@openssl.org. | |
14913 | + * | |
14914 | + * 5. Products derived from this software may not be called "OpenSSL" | |
14915 | + * nor may "OpenSSL" appear in their names without prior written | |
14916 | + * permission of the OpenSSL Project. | |
14917 | + * | |
14918 | + * 6. Redistributions of any form whatsoever must retain the following | |
14919 | + * acknowledgment: | |
14920 | + * "This product includes software developed by the OpenSSL Project | |
14921 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
14922 | + * | |
14923 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
14924 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
14925 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
14926 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
14927 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
14928 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
14929 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
14930 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
14931 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
14932 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
14933 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
14934 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
14935 | + * | |
14936 | + */ | |
14937 | + | |
14938 | +#include <openssl/opensslconf.h> | |
14939 | +#include <openssl/crypto.h> | |
14940 | +#include <stdarg.h> | |
14941 | + | |
14942 | +#ifndef OPENSSL_FIPS | |
14943 | +#error FIPS is disabled. | |
14944 | +#endif | |
14945 | + | |
14946 | +#ifdef OPENSSL_FIPS | |
14947 | + | |
14948 | +#ifdef __cplusplus | |
14949 | +extern "C" { | |
14950 | +#endif | |
14951 | + | |
14952 | +struct dsa_st; | |
14953 | +struct rsa_st; | |
14954 | +struct evp_pkey_st; | |
14955 | +struct env_md_st; | |
14956 | +struct env_md_ctx_st; | |
14957 | +struct evp_cipher_st; | |
14958 | +struct evp_cipher_ctx_st; | |
14959 | +struct dh_method; | |
14960 | +struct CMAC_CTX_st; | |
14961 | +struct hmac_ctx_st; | |
14962 | + | |
14963 | +int FIPS_module_mode_set(int onoff, const char *auth); | |
14964 | +int FIPS_module_mode(void); | |
14965 | +const void *FIPS_rand_check(void); | |
14966 | +int FIPS_selftest(void); | |
14967 | +int FIPS_selftest_failed(void); | |
14968 | +void FIPS_corrupt_sha1(void); | |
14969 | +int FIPS_selftest_sha1(void); | |
14970 | +int FIPS_selftest_sha2(void); | |
14971 | +void FIPS_corrupt_aes(void); | |
14972 | +int FIPS_selftest_aes_ccm(void); | |
14973 | +int FIPS_selftest_aes_gcm(void); | |
14974 | +int FIPS_selftest_aes_xts(void); | |
14975 | +int FIPS_selftest_aes(void); | |
14976 | +void FIPS_corrupt_des(void); | |
14977 | +int FIPS_selftest_des(void); | |
14978 | +void FIPS_corrupt_rsa(void); | |
14979 | +void FIPS_corrupt_rsa_keygen(void); | |
14980 | +int FIPS_selftest_rsa(void); | |
14981 | +void FIPS_corrupt_dsa(void); | |
14982 | +void FIPS_corrupt_dsa_keygen(void); | |
14983 | +int FIPS_selftest_dsa(void); | |
14984 | +void FIPS_corrupt_rng(void); | |
14985 | +void FIPS_rng_stick(void); | |
14986 | +void FIPS_x931_stick(int onoff); | |
14987 | +void FIPS_drbg_stick(int onoff); | |
14988 | +int FIPS_selftest_rng(void); | |
14989 | +int FIPS_selftest_x931(void); | |
14990 | +int FIPS_selftest_hmac(void); | |
14991 | +int FIPS_selftest_drbg(void); | |
14992 | +int FIPS_selftest_drbg_all(void); | |
14993 | +int FIPS_selftest_cmac(void); | |
14994 | + | |
14995 | +void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); | |
14996 | + | |
14997 | +#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ | |
14998 | + alg " previous FIPS forbidden algorithm error ignored"); | |
14999 | + | |
15000 | +int fips_pkey_signature_test(struct evp_pkey_st *pkey, | |
15001 | + const unsigned char *tbs, int tbslen, | |
15002 | + const unsigned char *kat, unsigned int katlen, | |
15003 | + const struct env_md_st *digest, unsigned int md_flags, | |
15004 | + const char *fail_str); | |
15005 | + | |
15006 | +int fips_cipher_test(struct evp_cipher_ctx_st *ctx, | |
15007 | + const struct evp_cipher_st *cipher, | |
15008 | + const unsigned char *key, | |
15009 | + const unsigned char *iv, | |
15010 | + const unsigned char *plaintext, | |
15011 | + const unsigned char *ciphertext, | |
15012 | + int len); | |
15013 | + | |
15014 | +void fips_set_selftest_fail(void); | |
15015 | + | |
15016 | +const struct env_md_st *FIPS_get_digestbynid(int nid); | |
15017 | + | |
15018 | +const struct evp_cipher_st *FIPS_get_cipherbynid(int nid); | |
15019 | + | |
15020 | + | |
15021 | +/* BEGIN ERROR CODES */ | |
15022 | +/* The following lines are auto generated by the script mkerr.pl. Any changes | |
15023 | + * made after this point may be overwritten when the script is next run. | |
15024 | + */ | |
15025 | +void ERR_load_FIPS_strings(void); | |
15026 | + | |
15027 | +/* Error codes for the FIPS functions. */ | |
15028 | + | |
15029 | +/* Function codes. */ | |
15030 | +#define FIPS_F_DH_BUILTIN_GENPARAMS 100 | |
15031 | +#define FIPS_F_DH_INIT 148 | |
15032 | +#define FIPS_F_DRBG_RESEED 162 | |
15033 | +#define FIPS_F_DSA_BUILTIN_PARAMGEN 101 | |
15034 | +#define FIPS_F_DSA_BUILTIN_PARAMGEN2 107 | |
15035 | +#define FIPS_F_DSA_DO_SIGN 102 | |
15036 | +#define FIPS_F_DSA_DO_VERIFY 103 | |
15037 | +#define FIPS_F_ECDH_COMPUTE_KEY 163 | |
15038 | +#define FIPS_F_ECDSA_DO_SIGN 164 | |
15039 | +#define FIPS_F_ECDSA_DO_VERIFY 165 | |
15040 | +#define FIPS_F_EC_KEY_GENERATE_KEY 166 | |
15041 | +#define FIPS_F_EVP_CIPHERINIT_EX 124 | |
15042 | +#define FIPS_F_EVP_DIGESTINIT_EX 125 | |
15043 | +#define FIPS_F_FIPS_CHECK_DSA 104 | |
15044 | +#define FIPS_F_FIPS_CHECK_DSA_PRNG 151 | |
15045 | +#define FIPS_F_FIPS_CHECK_EC 142 | |
15046 | +#define FIPS_F_FIPS_CHECK_EC_PRNG 152 | |
15047 | +#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105 | |
15048 | +#define FIPS_F_FIPS_CHECK_RSA 106 | |
15049 | +#define FIPS_F_FIPS_CHECK_RSA_PRNG 150 | |
15050 | +#define FIPS_F_FIPS_CIPHER 160 | |
15051 | +#define FIPS_F_FIPS_CIPHERINIT 143 | |
15052 | +#define FIPS_F_FIPS_CIPHER_CTX_CTRL 161 | |
15053 | +#define FIPS_F_FIPS_DIGESTFINAL 158 | |
15054 | +#define FIPS_F_FIPS_DIGESTINIT 128 | |
15055 | +#define FIPS_F_FIPS_DIGESTUPDATE 159 | |
15056 | +#define FIPS_F_FIPS_DRBG_BYTES 131 | |
15057 | +#define FIPS_F_FIPS_DRBG_CHECK 146 | |
15058 | +#define FIPS_F_FIPS_DRBG_CPRNG_TEST 132 | |
15059 | +#define FIPS_F_FIPS_DRBG_ERROR_CHECK 136 | |
15060 | +#define FIPS_F_FIPS_DRBG_GENERATE 134 | |
15061 | +#define FIPS_F_FIPS_DRBG_INIT 135 | |
15062 | +#define FIPS_F_FIPS_DRBG_INSTANTIATE 138 | |
15063 | +#define FIPS_F_FIPS_DRBG_NEW 139 | |
15064 | +#define FIPS_F_FIPS_DRBG_RESEED 140 | |
15065 | +#define FIPS_F_FIPS_DRBG_SINGLE_KAT 141 | |
15066 | +#define FIPS_F_FIPS_DSA_CHECK /* unused */ 107 | |
15067 | +#define FIPS_F_FIPS_DSA_SIGN_DIGEST 154 | |
15068 | +#define FIPS_F_FIPS_DSA_VERIFY_DIGEST 155 | |
15069 | +#define FIPS_F_FIPS_GET_ENTROPY 147 | |
15070 | +#define FIPS_F_FIPS_MODE_SET /* unused */ 108 | |
15071 | +#define FIPS_F_FIPS_MODULE_MODE_SET 108 | |
15072 | +#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109 | |
15073 | +#define FIPS_F_FIPS_RAND_ADD 137 | |
15074 | +#define FIPS_F_FIPS_RAND_BYTES 122 | |
15075 | +#define FIPS_F_FIPS_RAND_PSEUDO_BYTES 167 | |
15076 | +#define FIPS_F_FIPS_RAND_SEED 168 | |
15077 | +#define FIPS_F_FIPS_RAND_SET_METHOD 126 | |
15078 | +#define FIPS_F_FIPS_RAND_STATUS 127 | |
15079 | +#define FIPS_F_FIPS_RSA_SIGN_DIGEST 156 | |
15080 | +#define FIPS_F_FIPS_RSA_VERIFY_DIGEST 157 | |
15081 | +#define FIPS_F_FIPS_SELFTEST_AES 110 | |
15082 | +#define FIPS_F_FIPS_SELFTEST_AES_CCM 145 | |
15083 | +#define FIPS_F_FIPS_SELFTEST_AES_GCM 129 | |
15084 | +#define FIPS_F_FIPS_SELFTEST_AES_XTS 144 | |
15085 | +#define FIPS_F_FIPS_SELFTEST_CMAC 130 | |
15086 | +#define FIPS_F_FIPS_SELFTEST_DES 111 | |
15087 | +#define FIPS_F_FIPS_SELFTEST_DSA 112 | |
15088 | +#define FIPS_F_FIPS_SELFTEST_ECDSA 133 | |
15089 | +#define FIPS_F_FIPS_SELFTEST_HMAC 113 | |
15090 | +#define FIPS_F_FIPS_SELFTEST_RNG /* unused */ 114 | |
15091 | +#define FIPS_F_FIPS_SELFTEST_SHA1 115 | |
15092 | +#define FIPS_F_FIPS_SELFTEST_X931 114 | |
15093 | +#define FIPS_F_FIPS_SET_PRNG_KEY 153 | |
15094 | +#define FIPS_F_HASH_FINAL 123 | |
15095 | +#define FIPS_F_RSA_BUILTIN_KEYGEN 116 | |
15096 | +#define FIPS_F_RSA_EAY_INIT 149 | |
15097 | +#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 117 | |
15098 | +#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 118 | |
15099 | +#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 119 | |
15100 | +#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 120 | |
15101 | +#define FIPS_F_RSA_X931_GENERATE_KEY_EX 121 | |
15102 | +#define FIPS_F_SSLEAY_RAND_BYTES /* unused */ 122 | |
15103 | + | |
15104 | +/* Reason codes. */ | |
15105 | +#define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED 150 | |
15106 | +#define FIPS_R_ADDITIONAL_INPUT_TOO_LONG 125 | |
15107 | +#define FIPS_R_ALREADY_INSTANTIATED 134 | |
15108 | +#define FIPS_R_AUTHENTICATION_FAILURE 151 | |
15109 | +#define FIPS_R_CANNOT_READ_EXE /* unused */ 103 | |
15110 | +#define FIPS_R_CANNOT_READ_EXE_DIGEST /* unused */ 104 | |
15111 | +#define FIPS_R_CONTRADICTING_EVIDENCE 114 | |
15112 | +#define FIPS_R_DRBG_NOT_INITIALISED 152 | |
15113 | +#define FIPS_R_DRBG_STUCK 103 | |
15114 | +#define FIPS_R_ENTROPY_ERROR_UNDETECTED 104 | |
15115 | +#define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105 | |
15116 | +#define FIPS_R_ENTROPY_SOURCE_STUCK 142 | |
15117 | +#define FIPS_R_ERROR_INITIALISING_DRBG 115 | |
15118 | +#define FIPS_R_ERROR_INSTANTIATING_DRBG 127 | |
15119 | +#define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 124 | |
15120 | +#define FIPS_R_ERROR_RETRIEVING_ENTROPY 122 | |
15121 | +#define FIPS_R_ERROR_RETRIEVING_NONCE 140 | |
15122 | +#define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH /* unused */ 105 | |
15123 | +#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110 | |
15124 | +#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111 | |
15125 | +#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112 | |
15126 | +#define FIPS_R_FIPS_MODE_ALREADY_SET 102 | |
15127 | +#define FIPS_R_FIPS_SELFTEST_FAILED 106 | |
15128 | +#define FIPS_R_FUNCTION_ERROR 116 | |
15129 | +#define FIPS_R_GENERATE_ERROR 137 | |
15130 | +#define FIPS_R_GENERATE_ERROR_UNDETECTED 118 | |
15131 | +#define FIPS_R_INSTANTIATE_ERROR 119 | |
15132 | +#define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 120 | |
15133 | +#define FIPS_R_INTERNAL_ERROR 121 | |
15134 | +#define FIPS_R_INVALID_KEY_LENGTH 109 | |
15135 | +#define FIPS_R_INVALID_PARAMETERS 144 | |
15136 | +#define FIPS_R_IN_ERROR_STATE 123 | |
15137 | +#define FIPS_R_KEY_TOO_SHORT 108 | |
15138 | +#define FIPS_R_NONCE_ERROR_UNDETECTED 149 | |
15139 | +#define FIPS_R_NON_FIPS_METHOD 100 | |
15140 | +#define FIPS_R_NOPR_TEST1_FAILURE 145 | |
15141 | +#define FIPS_R_NOPR_TEST2_FAILURE 146 | |
15142 | +#define FIPS_R_NOT_INSTANTIATED 126 | |
15143 | +#define FIPS_R_PAIRWISE_TEST_FAILED 107 | |
15144 | +#define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 128 | |
15145 | +#define FIPS_R_PERSONALISATION_STRING_TOO_LONG 129 | |
15146 | +#define FIPS_R_PRNG_STRENGTH_TOO_LOW 143 | |
15147 | +#define FIPS_R_PR_TEST1_FAILURE 147 | |
15148 | +#define FIPS_R_PR_TEST2_FAILURE 148 | |
15149 | +#define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 130 | |
15150 | +#define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 131 | |
15151 | +#define FIPS_R_RESEED_COUNTER_ERROR 132 | |
15152 | +#define FIPS_R_RESEED_ERROR 133 | |
15153 | +#define FIPS_R_RSA_DECRYPT_ERROR /* unused */ 115 | |
15154 | +#define FIPS_R_RSA_ENCRYPT_ERROR /* unused */ 116 | |
15155 | +#define FIPS_R_SELFTEST_FAILED 101 | |
15156 | +#define FIPS_R_SELFTEST_FAILURE 135 | |
15157 | +#define FIPS_R_STRENGTH_ERROR_UNDETECTED 136 | |
15158 | +#define FIPS_R_TEST_FAILURE 117 | |
15159 | +#define FIPS_R_UNINSTANTIATE_ERROR 141 | |
15160 | +#define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138 | |
15161 | +#define FIPS_R_UNSUPPORTED_DRBG_TYPE 139 | |
15162 | +#define FIPS_R_UNSUPPORTED_PLATFORM 113 | |
15163 | + | |
15164 | +#ifdef __cplusplus | |
15165 | +} | |
15166 | +#endif | |
15167 | +#endif | |
a7ff9508 MT |
15168 | diff -up openssl-1.0.1b/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_hmac_selftest.c |
15169 | --- openssl-1.0.1b/crypto/fips/fips_hmac_selftest.c.fips 2012-04-26 18:00:51.405769408 +0200 | |
15170 | +++ openssl-1.0.1b/crypto/fips/fips_hmac_selftest.c 2012-04-26 18:00:51.405769408 +0200 | |
0595faf5 MT |
15171 | @@ -0,0 +1,137 @@ |
15172 | +/* ==================================================================== | |
15173 | + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. | |
15174 | + * | |
15175 | + * Redistribution and use in source and binary forms, with or without | |
15176 | + * modification, are permitted provided that the following conditions | |
15177 | + * are met: | |
15178 | + * | |
15179 | + * 1. Redistributions of source code must retain the above copyright | |
15180 | + * notice, this list of conditions and the following disclaimer. | |
15181 | + * | |
15182 | + * 2. Redistributions in binary form must reproduce the above copyright | |
15183 | + * notice, this list of conditions and the following disclaimer in | |
15184 | + * the documentation and/or other materials provided with the | |
15185 | + * distribution. | |
15186 | + * | |
15187 | + * 3. All advertising materials mentioning features or use of this | |
15188 | + * software must display the following acknowledgment: | |
15189 | + * "This product includes software developed by the OpenSSL Project | |
15190 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
15191 | + * | |
15192 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
15193 | + * endorse or promote products derived from this software without | |
15194 | + * prior written permission. For written permission, please contact | |
15195 | + * openssl-core@openssl.org. | |
15196 | + * | |
15197 | + * 5. Products derived from this software may not be called "OpenSSL" | |
15198 | + * nor may "OpenSSL" appear in their names without prior written | |
15199 | + * permission of the OpenSSL Project. | |
15200 | + * | |
15201 | + * 6. Redistributions of any form whatsoever must retain the following | |
15202 | + * acknowledgment: | |
15203 | + * "This product includes software developed by the OpenSSL Project | |
15204 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
15205 | + * | |
15206 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
15207 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
15208 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
15209 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
15210 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
15211 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
15212 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
15213 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
15214 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
15215 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
15216 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
15217 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
15218 | + * | |
15219 | + */ | |
15220 | + | |
15221 | +#include <string.h> | |
15222 | +#include <openssl/err.h> | |
15223 | +#ifdef OPENSSL_FIPS | |
15224 | +#include <openssl/fips.h> | |
15225 | +#endif | |
15226 | +#include <openssl/hmac.h> | |
15227 | + | |
15228 | +#ifdef OPENSSL_FIPS | |
15229 | +typedef struct { | |
15230 | + const EVP_MD *(*alg)(void); | |
15231 | + const char *key, *iv; | |
15232 | + unsigned char kaval[EVP_MAX_MD_SIZE]; | |
15233 | +} HMAC_KAT; | |
15234 | + | |
15235 | +static const HMAC_KAT vector[] = { | |
15236 | + { EVP_sha1, | |
15237 | + /* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */ | |
15238 | + "0123456789:;<=>?@ABC", | |
15239 | + "Sample #2", | |
15240 | + { 0x09,0x22,0xd3,0x40,0x5f,0xaa,0x3d,0x19, | |
15241 | + 0x4f,0x82,0xa4,0x58,0x30,0x73,0x7d,0x5c, | |
15242 | + 0xc6,0xc7,0x5d,0x24 } | |
15243 | + }, | |
15244 | + { EVP_sha224, | |
15245 | + /* just keep extending the above... */ | |
15246 | + "0123456789:;<=>?@ABC", | |
15247 | + "Sample #2", | |
15248 | + { 0xdd,0xef,0x0a,0x40,0xcb,0x7d,0x50,0xfb, | |
15249 | + 0x6e,0xe6,0xce,0xa1,0x20,0xba,0x26,0xaa, | |
15250 | + 0x08,0xf3,0x07,0x75,0x87,0xb8,0xad,0x1b, | |
15251 | + 0x8c,0x8d,0x12,0xc7 } | |
15252 | + }, | |
15253 | + { EVP_sha256, | |
15254 | + "0123456789:;<=>?@ABC", | |
15255 | + "Sample #2", | |
15256 | + { 0xb8,0xf2,0x0d,0xb5,0x41,0xea,0x43,0x09, | |
15257 | + 0xca,0x4e,0xa9,0x38,0x0c,0xd0,0xe8,0x34, | |
15258 | + 0xf7,0x1f,0xbe,0x91,0x74,0xa2,0x61,0x38, | |
15259 | + 0x0d,0xc1,0x7e,0xae,0x6a,0x34,0x51,0xd9 } | |
15260 | + }, | |
15261 | + { EVP_sha384, | |
15262 | + "0123456789:;<=>?@ABC", | |
15263 | + "Sample #2", | |
15264 | + { 0x08,0xbc,0xb0,0xda,0x49,0x1e,0x87,0xad, | |
15265 | + 0x9a,0x1d,0x6a,0xce,0x23,0xc5,0x0b,0xf6, | |
15266 | + 0xb7,0x18,0x06,0xa5,0x77,0xcd,0x49,0x04, | |
15267 | + 0x89,0xf1,0xe6,0x23,0x44,0x51,0x51,0x9f, | |
15268 | + 0x85,0x56,0x80,0x79,0x0c,0xbd,0x4d,0x50, | |
15269 | + 0xa4,0x5f,0x29,0xe3,0x93,0xf0,0xe8,0x7f } | |
15270 | + }, | |
15271 | + { EVP_sha512, | |
15272 | + "0123456789:;<=>?@ABC", | |
15273 | + "Sample #2", | |
15274 | + { 0x80,0x9d,0x44,0x05,0x7c,0x5b,0x95,0x41, | |
15275 | + 0x05,0xbd,0x04,0x13,0x16,0xdb,0x0f,0xac, | |
15276 | + 0x44,0xd5,0xa4,0xd5,0xd0,0x89,0x2b,0xd0, | |
15277 | + 0x4e,0x86,0x64,0x12,0xc0,0x90,0x77,0x68, | |
15278 | + 0xf1,0x87,0xb7,0x7c,0x4f,0xae,0x2c,0x2f, | |
15279 | + 0x21,0xa5,0xb5,0x65,0x9a,0x4f,0x4b,0xa7, | |
15280 | + 0x47,0x02,0xa3,0xde,0x9b,0x51,0xf1,0x45, | |
15281 | + 0xbd,0x4f,0x25,0x27,0x42,0x98,0x99,0x05 } | |
15282 | + }, | |
15283 | +}; | |
15284 | + | |
15285 | +int FIPS_selftest_hmac() | |
15286 | + { | |
15287 | + int n; | |
15288 | + unsigned int outlen; | |
15289 | + unsigned char out[EVP_MAX_MD_SIZE]; | |
15290 | + const EVP_MD *md; | |
15291 | + const HMAC_KAT *t; | |
15292 | + | |
15293 | + for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++) | |
15294 | + { | |
15295 | + md = (*t->alg)(); | |
15296 | + HMAC(md,t->key,strlen(t->key), | |
15297 | + (const unsigned char *)t->iv,strlen(t->iv), | |
15298 | + out,&outlen); | |
15299 | + | |
15300 | + if(memcmp(out,t->kaval,outlen)) | |
15301 | + { | |
15302 | + FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED); | |
15303 | + return 0; | |
15304 | + } | |
15305 | + } | |
15306 | + return 1; | |
15307 | + } | |
15308 | +#endif | |
a7ff9508 MT |
15309 | diff -up openssl-1.0.1b/crypto/fips/fips_locl.h.fips openssl-1.0.1b/crypto/fips/fips_locl.h |
15310 | --- openssl-1.0.1b/crypto/fips/fips_locl.h.fips 2012-04-26 18:00:51.405769408 +0200 | |
15311 | +++ openssl-1.0.1b/crypto/fips/fips_locl.h 2012-04-26 18:00:51.405769408 +0200 | |
0595faf5 MT |
15312 | @@ -0,0 +1,71 @@ |
15313 | +/* ==================================================================== | |
15314 | + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | |
15315 | + * | |
15316 | + * Redistribution and use in source and binary forms, with or without | |
15317 | + * modification, are permitted provided that the following conditions | |
15318 | + * are met: | |
15319 | + * | |
15320 | + * 1. Redistributions of source code must retain the above copyright | |
15321 | + * notice, this list of conditions and the following disclaimer. | |
15322 | + * | |
15323 | + * 2. Redistributions in binary form must reproduce the above copyright | |
15324 | + * notice, this list of conditions and the following disclaimer in | |
15325 | + * the documentation and/or other materials provided with the | |
15326 | + * distribution. | |
15327 | + * | |
15328 | + * 3. All advertising materials mentioning features or use of this | |
15329 | + * software must display the following acknowledgment: | |
15330 | + * "This product includes software developed by the OpenSSL Project | |
15331 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
15332 | + * | |
15333 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
15334 | + * endorse or promote products derived from this software without | |
15335 | + * prior written permission. For written permission, please contact | |
15336 | + * openssl-core@openssl.org. | |
15337 | + * | |
15338 | + * 5. Products derived from this software may not be called "OpenSSL" | |
15339 | + * nor may "OpenSSL" appear in their names without prior written | |
15340 | + * permission of the OpenSSL Project. | |
15341 | + * | |
15342 | + * 6. Redistributions of any form whatsoever must retain the following | |
15343 | + * acknowledgment: | |
15344 | + * "This product includes software developed by the OpenSSL Project | |
15345 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
15346 | + * | |
15347 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
15348 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
15349 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
15350 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
15351 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
15352 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
15353 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
15354 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
15355 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
15356 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
15357 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
15358 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
15359 | + * | |
15360 | + */ | |
15361 | + | |
15362 | +#ifdef OPENSSL_FIPS | |
15363 | + | |
15364 | +#ifdef __cplusplus | |
15365 | +extern "C" { | |
15366 | +#endif | |
15367 | + | |
15368 | +#define FIPS_MAX_CIPHER_TEST_SIZE 32 | |
15369 | +#define fips_load_key_component(key, comp, pre) \ | |
15370 | + key->comp = BN_bin2bn(pre##_##comp, sizeof(pre##_##comp), key->comp); \ | |
15371 | + if (!key->comp) \ | |
15372 | + goto err | |
15373 | + | |
15374 | +#define fips_post_started(id, subid, ex) 1 | |
15375 | +#define fips_post_success(id, subid, ex) 1 | |
15376 | +#define fips_post_failed(id, subid, ex) 1 | |
15377 | +#define fips_post_corrupt(id, subid, ex) 1 | |
15378 | +#define fips_post_status() 1 | |
15379 | + | |
15380 | +#ifdef __cplusplus | |
15381 | +} | |
15382 | +#endif | |
15383 | +#endif | |
a7ff9508 MT |
15384 | diff -up openssl-1.0.1b/crypto/fips/fips_md.c.fips openssl-1.0.1b/crypto/fips/fips_md.c |
15385 | --- openssl-1.0.1b/crypto/fips/fips_md.c.fips 2012-04-26 18:00:51.405769408 +0200 | |
15386 | +++ openssl-1.0.1b/crypto/fips/fips_md.c 2012-04-26 18:00:51.405769408 +0200 | |
0595faf5 MT |
15387 | @@ -0,0 +1,145 @@ |
15388 | +/* fips/evp/fips_md.c */ | |
15389 | +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | |
15390 | + * All rights reserved. | |
15391 | + * | |
15392 | + * This package is an SSL implementation written | |
15393 | + * by Eric Young (eay@cryptsoft.com). | |
15394 | + * The implementation was written so as to conform with Netscapes SSL. | |
15395 | + * | |
15396 | + * This library is free for commercial and non-commercial use as long as | |
15397 | + * the following conditions are aheared to. The following conditions | |
15398 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
15399 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
15400 | + * included with this distribution is covered by the same copyright terms | |
15401 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15402 | + * | |
15403 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
15404 | + * the code are not to be removed. | |
15405 | + * If this package is used in a product, Eric Young should be given attribution | |
15406 | + * as the author of the parts of the library used. | |
15407 | + * This can be in the form of a textual message at program startup or | |
15408 | + * in documentation (online or textual) provided with the package. | |
15409 | + * | |
15410 | + * Redistribution and use in source and binary forms, with or without | |
15411 | + * modification, are permitted provided that the following conditions | |
15412 | + * are met: | |
15413 | + * 1. Redistributions of source code must retain the copyright | |
15414 | + * notice, this list of conditions and the following disclaimer. | |
15415 | + * 2. Redistributions in binary form must reproduce the above copyright | |
15416 | + * notice, this list of conditions and the following disclaimer in the | |
15417 | + * documentation and/or other materials provided with the distribution. | |
15418 | + * 3. All advertising materials mentioning features or use of this software | |
15419 | + * must display the following acknowledgement: | |
15420 | + * "This product includes cryptographic software written by | |
15421 | + * Eric Young (eay@cryptsoft.com)" | |
15422 | + * The word 'cryptographic' can be left out if the rouines from the library | |
15423 | + * being used are not cryptographic related :-). | |
15424 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
15425 | + * the apps directory (application code) you must include an acknowledgement: | |
15426 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
15427 | + * | |
15428 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
15429 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
15430 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
15431 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
15432 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
15433 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
15434 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
15435 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
15436 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
15437 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
15438 | + * SUCH DAMAGE. | |
15439 | + * | |
15440 | + * The licence and distribution terms for any publically available version or | |
15441 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
15442 | + * copied and put under another distribution licence | |
15443 | + * [including the GNU Public Licence.] | |
15444 | + */ | |
15445 | +/* ==================================================================== | |
15446 | + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | |
15447 | + * | |
15448 | + * Redistribution and use in source and binary forms, with or without | |
15449 | + * modification, are permitted provided that the following conditions | |
15450 | + * are met: | |
15451 | + * | |
15452 | + * 1. Redistributions of source code must retain the above copyright | |
15453 | + * notice, this list of conditions and the following disclaimer. | |
15454 | + * | |
15455 | + * 2. Redistributions in binary form must reproduce the above copyright | |
15456 | + * notice, this list of conditions and the following disclaimer in | |
15457 | + * the documentation and/or other materials provided with the | |
15458 | + * distribution. | |
15459 | + * | |
15460 | + * 3. All advertising materials mentioning features or use of this | |
15461 | + * software must display the following acknowledgment: | |
15462 | + * "This product includes software developed by the OpenSSL Project | |
15463 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
15464 | + * | |
15465 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
15466 | + * endorse or promote products derived from this software without | |
15467 | + * prior written permission. For written permission, please contact | |
15468 | + * openssl-core@openssl.org. | |
15469 | + * | |
15470 | + * 5. Products derived from this software may not be called "OpenSSL" | |
15471 | + * nor may "OpenSSL" appear in their names without prior written | |
15472 | + * permission of the OpenSSL Project. | |
15473 | + * | |
15474 | + * 6. Redistributions of any form whatsoever must retain the following | |
15475 | + * acknowledgment: | |
15476 | + * "This product includes software developed by the OpenSSL Project | |
15477 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
15478 | + * | |
15479 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
15480 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
15481 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
15482 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
15483 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
15484 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
15485 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
15486 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
15487 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
15488 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
15489 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
15490 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
15491 | + * ==================================================================== | |
15492 | + * | |
15493 | + * This product includes cryptographic software written by Eric Young | |
15494 | + * (eay@cryptsoft.com). This product includes software written by Tim | |
15495 | + * Hudson (tjh@cryptsoft.com). | |
15496 | + * | |
15497 | + */ | |
15498 | + | |
15499 | +/* Minimal standalone FIPS versions of Digest operations */ | |
15500 | + | |
15501 | +#define OPENSSL_FIPSAPI | |
15502 | + | |
15503 | +#include <stdio.h> | |
15504 | +#include <string.h> | |
15505 | +#include <openssl/objects.h> | |
15506 | +#include <openssl/evp.h> | |
15507 | +#include <openssl/err.h> | |
15508 | +#include <openssl/fips.h> | |
15509 | + | |
15510 | +const EVP_MD *FIPS_get_digestbynid(int nid) | |
15511 | + { | |
15512 | + switch (nid) | |
15513 | + { | |
15514 | + case NID_sha1: | |
15515 | + return EVP_sha1(); | |
15516 | + | |
15517 | + case NID_sha224: | |
15518 | + return EVP_sha224(); | |
15519 | + | |
15520 | + case NID_sha256: | |
15521 | + return EVP_sha256(); | |
15522 | + | |
15523 | + case NID_sha384: | |
15524 | + return EVP_sha384(); | |
15525 | + | |
15526 | + case NID_sha512: | |
15527 | + return EVP_sha512(); | |
15528 | + | |
15529 | + default: | |
15530 | + return NULL; | |
15531 | + } | |
15532 | + } | |
a7ff9508 MT |
15533 | diff -up openssl-1.0.1b/crypto/fips/fips_post.c.fips openssl-1.0.1b/crypto/fips/fips_post.c |
15534 | --- openssl-1.0.1b/crypto/fips/fips_post.c.fips 2012-04-26 18:00:51.406769429 +0200 | |
15535 | +++ openssl-1.0.1b/crypto/fips/fips_post.c 2012-04-26 18:00:51.406769429 +0200 | |
0595faf5 MT |
15536 | @@ -0,0 +1,205 @@ |
15537 | +/* ==================================================================== | |
15538 | + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | |
15539 | + * | |
15540 | + * Redistribution and use in source and binary forms, with or without | |
15541 | + * modification, are permitted provided that the following conditions | |
15542 | + * are met: | |
15543 | + * | |
15544 | + * 1. Redistributions of source code must retain the above copyright | |
15545 | + * notice, this list of conditions and the following disclaimer. | |
15546 | + * | |
15547 | + * 2. Redistributions in binary form must reproduce the above copyright | |
15548 | + * notice, this list of conditions and the following disclaimer in | |
15549 | + * the documentation and/or other materials provided with the | |
15550 | + * distribution. | |
15551 | + * | |
15552 | + * 3. All advertising materials mentioning features or use of this | |
15553 | + * software must display the following acknowledgment: | |
15554 | + * "This product includes software developed by the OpenSSL Project | |
15555 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
15556 | + * | |
15557 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
15558 | + * endorse or promote products derived from this software without | |
15559 | + * prior written permission. For written permission, please contact | |
15560 | + * openssl-core@openssl.org. | |
15561 | + * | |
15562 | + * 5. Products derived from this software may not be called "OpenSSL" | |
15563 | + * nor may "OpenSSL" appear in their names without prior written | |
15564 | + * permission of the OpenSSL Project. | |
15565 | + * | |
15566 | + * 6. Redistributions of any form whatsoever must retain the following | |
15567 | + * acknowledgment: | |
15568 | + * "This product includes software developed by the OpenSSL Project | |
15569 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
15570 | + * | |
15571 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
15572 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
15573 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
15574 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
15575 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
15576 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
15577 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
15578 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
15579 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
15580 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
15581 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
15582 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
15583 | + * | |
15584 | + */ | |
15585 | + | |
15586 | +#define OPENSSL_FIPSAPI | |
15587 | + | |
15588 | +#include <openssl/crypto.h> | |
15589 | +#include <openssl/rand.h> | |
15590 | +#include <openssl/fips_rand.h> | |
15591 | +#include <openssl/err.h> | |
15592 | +#include <openssl/bio.h> | |
15593 | +#include <openssl/hmac.h> | |
15594 | +#include <openssl/rsa.h> | |
15595 | +#include <openssl/dsa.h> | |
15596 | +#include <string.h> | |
15597 | +#include <limits.h> | |
15598 | + | |
15599 | +#ifdef OPENSSL_FIPS | |
15600 | + | |
15601 | +/* Power on self test (POST) support functions */ | |
15602 | + | |
15603 | +#include <openssl/fips.h> | |
15604 | +#include "fips_locl.h" | |
15605 | + | |
15606 | +/* Run all selftests */ | |
15607 | +int FIPS_selftest(void) | |
15608 | + { | |
15609 | + int rv = 1; | |
15610 | + if (!FIPS_selftest_drbg()) | |
15611 | + rv = 0; | |
15612 | + if (!FIPS_selftest_x931()) | |
15613 | + rv = 0; | |
15614 | + if (!FIPS_selftest_sha1()) | |
15615 | + rv = 0; | |
15616 | + if (!FIPS_selftest_sha2()) | |
15617 | + rv = 0; | |
15618 | + if (!FIPS_selftest_hmac()) | |
15619 | + rv = 0; | |
15620 | + if (!FIPS_selftest_cmac()) | |
15621 | + rv = 0; | |
15622 | + if (!FIPS_selftest_aes()) | |
15623 | + rv = 0; | |
15624 | + if (!FIPS_selftest_aes_ccm()) | |
15625 | + rv = 0; | |
15626 | + if (!FIPS_selftest_aes_gcm()) | |
15627 | + rv = 0; | |
15628 | + if (!FIPS_selftest_aes_xts()) | |
15629 | + rv = 0; | |
15630 | + if (!FIPS_selftest_des()) | |
15631 | + rv = 0; | |
15632 | + if (!FIPS_selftest_rsa()) | |
15633 | + rv = 0; | |
15634 | + if (!FIPS_selftest_dsa()) | |
15635 | + rv = 0; | |
15636 | + return rv; | |
15637 | + } | |
15638 | + | |
15639 | +/* Generalized public key test routine. Signs and verifies the data | |
15640 | + * supplied in tbs using mesage digest md and setting option digest | |
15641 | + * flags md_flags. If the 'kat' parameter is not NULL it will | |
15642 | + * additionally check the signature matches it: a known answer test | |
15643 | + * The string "fail_str" is used for identification purposes in case | |
15644 | + * of failure. If "pkey" is NULL just perform a message digest check. | |
15645 | + */ | |
15646 | + | |
15647 | +int fips_pkey_signature_test(EVP_PKEY *pkey, | |
15648 | + const unsigned char *tbs, int tbslen, | |
15649 | + const unsigned char *kat, unsigned int katlen, | |
15650 | + const EVP_MD *digest, unsigned int md_flags, | |
15651 | + const char *fail_str) | |
15652 | + { | |
15653 | + int ret = 0; | |
15654 | + unsigned char sigtmp[256], *sig = sigtmp; | |
15655 | + unsigned int siglen; | |
15656 | + EVP_MD_CTX mctx; | |
15657 | + EVP_MD_CTX_init(&mctx); | |
15658 | + | |
15659 | + if (digest == NULL) | |
15660 | + digest = EVP_sha256(); | |
15661 | + | |
15662 | + if ((pkey->type == EVP_PKEY_RSA) | |
15663 | + && (RSA_size(pkey->pkey.rsa) > sizeof(sigtmp))) | |
15664 | + { | |
15665 | + sig = OPENSSL_malloc(RSA_size(pkey->pkey.rsa)); | |
15666 | + if (!sig) | |
15667 | + { | |
15668 | + FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,ERR_R_MALLOC_FAILURE); | |
15669 | + return 0; | |
15670 | + } | |
15671 | + } | |
15672 | + | |
15673 | + if (tbslen == -1) | |
15674 | + tbslen = strlen((char *)tbs); | |
15675 | + | |
15676 | + if (md_flags) | |
15677 | + EVP_MD_CTX_set_flags(&mctx, md_flags); | |
15678 | + | |
15679 | + if (!EVP_SignInit_ex(&mctx, digest, NULL)) | |
15680 | + goto error; | |
15681 | + if (!EVP_SignUpdate(&mctx, tbs, tbslen)) | |
15682 | + goto error; | |
15683 | + if (!EVP_SignFinal(&mctx, sig, &siglen, pkey)) | |
15684 | + goto error; | |
15685 | + | |
15686 | + if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen))) | |
15687 | + goto error; | |
15688 | + | |
15689 | + if (!EVP_VerifyInit_ex(&mctx, digest, NULL)) | |
15690 | + goto error; | |
15691 | + if (!EVP_VerifyUpdate(&mctx, tbs, tbslen)) | |
15692 | + goto error; | |
15693 | + ret = EVP_VerifyFinal(&mctx, sig, siglen, pkey); | |
15694 | + | |
15695 | + error: | |
15696 | + if (sig != sigtmp) | |
15697 | + OPENSSL_free(sig); | |
15698 | + EVP_MD_CTX_cleanup(&mctx); | |
15699 | + if (ret != 1) | |
15700 | + { | |
15701 | + FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,FIPS_R_TEST_FAILURE); | |
15702 | + if (fail_str) | |
15703 | + ERR_add_error_data(2, "Type=", fail_str); | |
15704 | + return 0; | |
15705 | + } | |
15706 | + return 1; | |
15707 | + } | |
15708 | + | |
15709 | +/* Generalized symmetric cipher test routine. Encrypt data, verify result | |
15710 | + * against known answer, decrypt and compare with original plaintext. | |
15711 | + */ | |
15712 | + | |
15713 | +int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, | |
15714 | + const unsigned char *key, | |
15715 | + const unsigned char *iv, | |
15716 | + const unsigned char *plaintext, | |
15717 | + const unsigned char *ciphertext, | |
15718 | + int len) | |
15719 | + { | |
15720 | + unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE]; | |
15721 | + unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE]; | |
15722 | + | |
15723 | + OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE); | |
15724 | + memset(pltmp, 0, FIPS_MAX_CIPHER_TEST_SIZE); | |
15725 | + memset(citmp, 0, FIPS_MAX_CIPHER_TEST_SIZE); | |
15726 | + | |
15727 | + if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0) | |
15728 | + return 0; | |
15729 | + if (EVP_Cipher(ctx, citmp, plaintext, len) <= 0) | |
15730 | + return 0; | |
15731 | + if (memcmp(citmp, ciphertext, len)) | |
15732 | + return 0; | |
15733 | + if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0) | |
15734 | + return 0; | |
15735 | + if (EVP_Cipher(ctx, pltmp, citmp, len) <= 0) | |
15736 | + return 0; | |
15737 | + if (memcmp(pltmp, plaintext, len)) | |
15738 | + return 0; | |
15739 | + return 1; | |
15740 | + } | |
15741 | +#endif | |
a7ff9508 MT |
15742 | diff -up openssl-1.0.1b/crypto/fips/fips_rand.c.fips openssl-1.0.1b/crypto/fips/fips_rand.c |
15743 | --- openssl-1.0.1b/crypto/fips/fips_rand.c.fips 2012-04-26 18:00:51.406769429 +0200 | |
15744 | +++ openssl-1.0.1b/crypto/fips/fips_rand.c 2012-04-26 18:00:51.406769429 +0200 | |
0595faf5 MT |
15745 | @@ -0,0 +1,457 @@ |
15746 | +/* ==================================================================== | |
15747 | + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. | |
15748 | + * | |
15749 | + * Redistribution and use in source and binary forms, with or without | |
15750 | + * modification, are permitted provided that the following conditions | |
15751 | + * are met: | |
15752 | + * | |
15753 | + * 1. Redistributions of source code must retain the above copyright | |
15754 | + * notice, this list of conditions and the following disclaimer. | |
15755 | + * | |
15756 | + * 2. Redistributions in binary form must reproduce the above copyright | |
15757 | + * notice, this list of conditions and the following disclaimer in | |
15758 | + * the documentation and/or other materials provided with the | |
15759 | + * distribution. | |
15760 | + * | |
15761 | + * 3. All advertising materials mentioning features or use of this | |
15762 | + * software must display the following acknowledgment: | |
15763 | + * "This product includes software developed by the OpenSSL Project | |
15764 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
15765 | + * | |
15766 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
15767 | + * endorse or promote products derived from this software without | |
15768 | + * prior written permission. For written permission, please contact | |
15769 | + * openssl-core@openssl.org. | |
15770 | + * | |
15771 | + * 5. Products derived from this software may not be called "OpenSSL" | |
15772 | + * nor may "OpenSSL" appear in their names without prior written | |
15773 | + * permission of the OpenSSL Project. | |
15774 | + * | |
15775 | + * 6. Redistributions of any form whatsoever must retain the following | |
15776 | + * acknowledgment: | |
15777 | + * "This product includes software developed by the OpenSSL Project | |
15778 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
15779 | + * | |
15780 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
15781 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
15782 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
15783 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
15784 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
15785 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
15786 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
15787 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
15788 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
15789 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
15790 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
15791 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
15792 | + * | |
15793 | + */ | |
15794 | + | |
15795 | +/* | |
15796 | + * This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4. | |
15797 | + */ | |
15798 | +#include <openssl/crypto.h> | |
15799 | +#include "e_os.h" | |
15800 | + | |
15801 | +/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't | |
15802 | + be defined and gettimeofday() won't be declared with strict compilers | |
15803 | + like DEC C in ANSI C mode. */ | |
15804 | +#ifndef _XOPEN_SOURCE_EXTENDED | |
15805 | +#define _XOPEN_SOURCE_EXTENDED 1 | |
15806 | +#endif | |
15807 | + | |
15808 | +#include <openssl/rand.h> | |
15809 | +#include <openssl/aes.h> | |
15810 | +#include <openssl/err.h> | |
15811 | +#include <openssl/fips_rand.h> | |
15812 | +#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS)) | |
15813 | +# include <sys/time.h> | |
15814 | +#endif | |
15815 | +#if defined(OPENSSL_SYS_VXWORKS) | |
15816 | +# include <time.h> | |
15817 | +#endif | |
15818 | +#include <assert.h> | |
15819 | +#ifndef OPENSSL_SYS_WIN32 | |
15820 | +# ifdef OPENSSL_UNISTD | |
15821 | +# include OPENSSL_UNISTD | |
15822 | +# else | |
15823 | +# include <unistd.h> | |
15824 | +# endif | |
15825 | +#endif | |
15826 | +#include <string.h> | |
15827 | +#include <openssl/fips.h> | |
15828 | +#include "fips_locl.h" | |
15829 | + | |
15830 | +#ifdef OPENSSL_FIPS | |
15831 | + | |
15832 | +void *OPENSSL_stderr(void); | |
15833 | + | |
15834 | +#define AES_BLOCK_LENGTH 16 | |
15835 | + | |
15836 | + | |
15837 | +/* AES FIPS PRNG implementation */ | |
15838 | + | |
15839 | +typedef struct | |
15840 | + { | |
15841 | + int seeded; | |
15842 | + int keyed; | |
15843 | + int test_mode; | |
15844 | + int second; | |
15845 | + int error; | |
15846 | + unsigned long counter; | |
15847 | + AES_KEY ks; | |
15848 | + int vpos; | |
15849 | + /* Temporary storage for key if it equals seed length */ | |
15850 | + unsigned char tmp_key[AES_BLOCK_LENGTH]; | |
15851 | + unsigned char V[AES_BLOCK_LENGTH]; | |
15852 | + unsigned char DT[AES_BLOCK_LENGTH]; | |
15853 | + unsigned char last[AES_BLOCK_LENGTH]; | |
15854 | + } FIPS_PRNG_CTX; | |
15855 | + | |
15856 | +static FIPS_PRNG_CTX sctx; | |
15857 | + | |
15858 | +static int fips_prng_fail = 0; | |
15859 | + | |
15860 | +void FIPS_x931_stick(int onoff) | |
15861 | + { | |
15862 | + fips_prng_fail = onoff; | |
15863 | + } | |
15864 | + | |
15865 | +void FIPS_rng_stick(void) | |
15866 | + { | |
15867 | + FIPS_x931_stick(1); | |
15868 | + } | |
15869 | + | |
15870 | +static void fips_rand_prng_reset(FIPS_PRNG_CTX *ctx) | |
15871 | + { | |
15872 | + ctx->seeded = 0; | |
15873 | + ctx->keyed = 0; | |
15874 | + ctx->test_mode = 0; | |
15875 | + ctx->counter = 0; | |
15876 | + ctx->second = 0; | |
15877 | + ctx->error = 0; | |
15878 | + ctx->vpos = 0; | |
15879 | + OPENSSL_cleanse(ctx->V, AES_BLOCK_LENGTH); | |
15880 | + OPENSSL_cleanse(&ctx->ks, sizeof(AES_KEY)); | |
15881 | + } | |
15882 | + | |
15883 | + | |
15884 | +static int fips_set_prng_key(FIPS_PRNG_CTX *ctx, | |
15885 | + const unsigned char *key, unsigned int keylen) | |
15886 | + { | |
15887 | + if (FIPS_selftest_failed()) | |
15888 | + { | |
15889 | + FIPSerr(FIPS_F_FIPS_SET_PRNG_KEY, FIPS_R_SELFTEST_FAILED); | |
15890 | + return 0; | |
15891 | + } | |
15892 | + if (keylen != 16 && keylen != 24 && keylen != 32) | |
15893 | + { | |
15894 | + /* error: invalid key size */ | |
15895 | + return 0; | |
15896 | + } | |
15897 | + AES_set_encrypt_key(key, keylen << 3, &ctx->ks); | |
15898 | + if (keylen == 16) | |
15899 | + { | |
15900 | + memcpy(ctx->tmp_key, key, 16); | |
15901 | + ctx->keyed = 2; | |
15902 | + } | |
15903 | + else | |
15904 | + ctx->keyed = 1; | |
15905 | + ctx->seeded = 0; | |
15906 | + ctx->second = 0; | |
15907 | + return 1; | |
15908 | + } | |
15909 | + | |
15910 | +static int fips_set_prng_seed(FIPS_PRNG_CTX *ctx, | |
15911 | + const unsigned char *seed, unsigned int seedlen) | |
15912 | + { | |
15913 | + unsigned int i; | |
15914 | + if (!ctx->keyed) | |
15915 | + return 0; | |
15916 | + /* In test mode seed is just supplied data */ | |
15917 | + if (ctx->test_mode) | |
15918 | + { | |
15919 | + if (seedlen != AES_BLOCK_LENGTH) | |
15920 | + return 0; | |
15921 | + memcpy(ctx->V, seed, AES_BLOCK_LENGTH); | |
15922 | + ctx->seeded = 1; | |
15923 | + return 1; | |
15924 | + } | |
15925 | + /* Outside test mode XOR supplied data with existing seed */ | |
15926 | + for (i = 0; i < seedlen; i++) | |
15927 | + { | |
15928 | + ctx->V[ctx->vpos++] ^= seed[i]; | |
15929 | + if (ctx->vpos == AES_BLOCK_LENGTH) | |
15930 | + { | |
15931 | + ctx->vpos = 0; | |
15932 | + /* Special case if first seed and key length equals | |
15933 | + * block size check key and seed do not match. | |
15934 | + */ | |
15935 | + if (ctx->keyed == 2) | |
15936 | + { | |
15937 | + if (!memcmp(ctx->tmp_key, ctx->V, 16)) | |
15938 | + { | |
15939 | + RANDerr(RAND_F_FIPS_SET_PRNG_SEED, | |
15940 | + RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY); | |
15941 | + return 0; | |
15942 | + } | |
15943 | + OPENSSL_cleanse(ctx->tmp_key, 16); | |
15944 | + ctx->keyed = 1; | |
15945 | + } | |
15946 | + ctx->seeded = 1; | |
15947 | + } | |
15948 | + } | |
15949 | + return 1; | |
15950 | + } | |
15951 | + | |
15952 | +static int fips_set_test_mode(FIPS_PRNG_CTX *ctx) | |
15953 | + { | |
15954 | + if (ctx->keyed) | |
15955 | + { | |
15956 | + RANDerr(RAND_F_FIPS_SET_TEST_MODE,RAND_R_PRNG_KEYED); | |
15957 | + return 0; | |
15958 | + } | |
15959 | + ctx->test_mode = 1; | |
15960 | + return 1; | |
15961 | + } | |
15962 | + | |
15963 | +int FIPS_x931_test_mode(void) | |
15964 | + { | |
15965 | + return fips_set_test_mode(&sctx); | |
15966 | + } | |
15967 | + | |
15968 | +int FIPS_rand_test_mode(void) | |
15969 | + { | |
15970 | + return fips_set_test_mode(&sctx); | |
15971 | + } | |
15972 | + | |
15973 | + | |
15974 | +int FIPS_x931_set_dt(unsigned char *dt) | |
15975 | + { | |
15976 | + if (!sctx.test_mode) | |
15977 | + { | |
15978 | + RANDerr(RAND_F_FIPS_X931_SET_DT,RAND_R_NOT_IN_TEST_MODE); | |
15979 | + return 0; | |
15980 | + } | |
15981 | + memcpy(sctx.DT, dt, AES_BLOCK_LENGTH); | |
15982 | + return 1; | |
15983 | + } | |
15984 | + | |
15985 | +int FIPS_rand_set_dt(unsigned char *dt) | |
15986 | + { | |
15987 | + if (!sctx.test_mode) | |
15988 | + { | |
15989 | + RANDerr(RAND_F_FIPS_RAND_SET_DT,RAND_R_NOT_IN_TEST_MODE); | |
15990 | + return 0; | |
15991 | + } | |
15992 | + memcpy(sctx.DT, dt, AES_BLOCK_LENGTH); | |
15993 | + return 1; | |
15994 | + } | |
15995 | + | |
15996 | +void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr) | |
15997 | + { | |
15998 | +#ifdef OPENSSL_SYS_WIN32 | |
15999 | + FILETIME ft; | |
16000 | +#elif defined(OPENSSL_SYS_VXWORKS) | |
16001 | + struct timespec ts; | |
16002 | +#else | |
16003 | + struct timeval tv; | |
16004 | +#endif | |
16005 | + | |
16006 | +#ifndef GETPID_IS_MEANINGLESS | |
16007 | + unsigned long pid; | |
16008 | +#endif | |
16009 | + | |
16010 | +#ifdef OPENSSL_SYS_WIN32 | |
16011 | + GetSystemTimeAsFileTime(&ft); | |
16012 | + buf[0] = (unsigned char) (ft.dwHighDateTime & 0xff); | |
16013 | + buf[1] = (unsigned char) ((ft.dwHighDateTime >> 8) & 0xff); | |
16014 | + buf[2] = (unsigned char) ((ft.dwHighDateTime >> 16) & 0xff); | |
16015 | + buf[3] = (unsigned char) ((ft.dwHighDateTime >> 24) & 0xff); | |
16016 | + buf[4] = (unsigned char) (ft.dwLowDateTime & 0xff); | |
16017 | + buf[5] = (unsigned char) ((ft.dwLowDateTime >> 8) & 0xff); | |
16018 | + buf[6] = (unsigned char) ((ft.dwLowDateTime >> 16) & 0xff); | |
16019 | + buf[7] = (unsigned char) ((ft.dwLowDateTime >> 24) & 0xff); | |
16020 | +#elif defined(OPENSSL_SYS_VXWORKS) | |
16021 | + clock_gettime(CLOCK_REALTIME, &ts); | |
16022 | + buf[0] = (unsigned char) (ts.tv_sec & 0xff); | |
16023 | + buf[1] = (unsigned char) ((ts.tv_sec >> 8) & 0xff); | |
16024 | + buf[2] = (unsigned char) ((ts.tv_sec >> 16) & 0xff); | |
16025 | + buf[3] = (unsigned char) ((ts.tv_sec >> 24) & 0xff); | |
16026 | + buf[4] = (unsigned char) (ts.tv_nsec & 0xff); | |
16027 | + buf[5] = (unsigned char) ((ts.tv_nsec >> 8) & 0xff); | |
16028 | + buf[6] = (unsigned char) ((ts.tv_nsec >> 16) & 0xff); | |
16029 | + buf[7] = (unsigned char) ((ts.tv_nsec >> 24) & 0xff); | |
16030 | +#else | |
16031 | + gettimeofday(&tv,NULL); | |
16032 | + buf[0] = (unsigned char) (tv.tv_sec & 0xff); | |
16033 | + buf[1] = (unsigned char) ((tv.tv_sec >> 8) & 0xff); | |
16034 | + buf[2] = (unsigned char) ((tv.tv_sec >> 16) & 0xff); | |
16035 | + buf[3] = (unsigned char) ((tv.tv_sec >> 24) & 0xff); | |
16036 | + buf[4] = (unsigned char) (tv.tv_usec & 0xff); | |
16037 | + buf[5] = (unsigned char) ((tv.tv_usec >> 8) & 0xff); | |
16038 | + buf[6] = (unsigned char) ((tv.tv_usec >> 16) & 0xff); | |
16039 | + buf[7] = (unsigned char) ((tv.tv_usec >> 24) & 0xff); | |
16040 | +#endif | |
16041 | + buf[8] = (unsigned char) (*pctr & 0xff); | |
16042 | + buf[9] = (unsigned char) ((*pctr >> 8) & 0xff); | |
16043 | + buf[10] = (unsigned char) ((*pctr >> 16) & 0xff); | |
16044 | + buf[11] = (unsigned char) ((*pctr >> 24) & 0xff); | |
16045 | + | |
16046 | + (*pctr)++; | |
16047 | + | |
16048 | + | |
16049 | +#ifndef GETPID_IS_MEANINGLESS | |
16050 | + pid=(unsigned long)getpid(); | |
16051 | + buf[12] = (unsigned char) (pid & 0xff); | |
16052 | + buf[13] = (unsigned char) ((pid >> 8) & 0xff); | |
16053 | + buf[14] = (unsigned char) ((pid >> 16) & 0xff); | |
16054 | + buf[15] = (unsigned char) ((pid >> 24) & 0xff); | |
16055 | +#endif | |
16056 | + } | |
16057 | + | |
16058 | +static int fips_rand(FIPS_PRNG_CTX *ctx, | |
16059 | + unsigned char *out, unsigned int outlen) | |
16060 | + { | |
16061 | + unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH]; | |
16062 | + unsigned char tmp[AES_BLOCK_LENGTH]; | |
16063 | + int i; | |
16064 | + if (ctx->error) | |
16065 | + { | |
16066 | + RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_ERROR); | |
16067 | + return 0; | |
16068 | + } | |
16069 | + if (!ctx->keyed) | |
16070 | + { | |
16071 | + RANDerr(RAND_F_FIPS_RAND,RAND_R_NO_KEY_SET); | |
16072 | + return 0; | |
16073 | + } | |
16074 | + if (!ctx->seeded) | |
16075 | + { | |
16076 | + RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_NOT_SEEDED); | |
16077 | + return 0; | |
16078 | + } | |
16079 | + for (;;) | |
16080 | + { | |
16081 | + if (!ctx->test_mode) | |
16082 | + FIPS_get_timevec(ctx->DT, &ctx->counter); | |
16083 | + AES_encrypt(ctx->DT, I, &ctx->ks); | |
16084 | + for (i = 0; i < AES_BLOCK_LENGTH; i++) | |
16085 | + tmp[i] = I[i] ^ ctx->V[i]; | |
16086 | + AES_encrypt(tmp, R, &ctx->ks); | |
16087 | + for (i = 0; i < AES_BLOCK_LENGTH; i++) | |
16088 | + tmp[i] = R[i] ^ I[i]; | |
16089 | + AES_encrypt(tmp, ctx->V, &ctx->ks); | |
16090 | + /* Continuous PRNG test */ | |
16091 | + if (ctx->second) | |
16092 | + { | |
16093 | + if (fips_prng_fail) | |
16094 | + memcpy(ctx->last, R, AES_BLOCK_LENGTH); | |
16095 | + if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH)) | |
16096 | + { | |
16097 | + RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_STUCK); | |
16098 | + ctx->error = 1; | |
16099 | + fips_set_selftest_fail(); | |
16100 | + return 0; | |
16101 | + } | |
16102 | + } | |
16103 | + memcpy(ctx->last, R, AES_BLOCK_LENGTH); | |
16104 | + if (!ctx->second) | |
16105 | + { | |
16106 | + ctx->second = 1; | |
16107 | + if (!ctx->test_mode) | |
16108 | + continue; | |
16109 | + } | |
16110 | + | |
16111 | + if (outlen <= AES_BLOCK_LENGTH) | |
16112 | + { | |
16113 | + memcpy(out, R, outlen); | |
16114 | + break; | |
16115 | + } | |
16116 | + | |
16117 | + memcpy(out, R, AES_BLOCK_LENGTH); | |
16118 | + out += AES_BLOCK_LENGTH; | |
16119 | + outlen -= AES_BLOCK_LENGTH; | |
16120 | + } | |
16121 | + return 1; | |
16122 | + } | |
16123 | + | |
16124 | + | |
16125 | +int FIPS_x931_set_key(const unsigned char *key, int keylen) | |
16126 | + { | |
16127 | + int ret; | |
16128 | + CRYPTO_w_lock(CRYPTO_LOCK_RAND); | |
16129 | + ret = fips_set_prng_key(&sctx, key, keylen); | |
16130 | + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); | |
16131 | + return ret; | |
16132 | + } | |
16133 | + | |
16134 | +int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen) | |
16135 | + { | |
16136 | + return FIPS_x931_set_key(key, keylen); | |
16137 | + } | |
16138 | + | |
16139 | +int FIPS_x931_seed(const void *seed, int seedlen) | |
16140 | + { | |
16141 | + int ret; | |
16142 | + CRYPTO_w_lock(CRYPTO_LOCK_RAND); | |
16143 | + ret = fips_set_prng_seed(&sctx, seed, seedlen); | |
16144 | + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); | |
16145 | + return ret; | |
16146 | + } | |
16147 | + | |
16148 | + | |
16149 | +int FIPS_x931_bytes(unsigned char *out, int count) | |
16150 | + { | |
16151 | + int ret; | |
16152 | + CRYPTO_w_lock(CRYPTO_LOCK_RAND); | |
16153 | + ret = fips_rand(&sctx, out, count); | |
16154 | + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); | |
16155 | + return ret; | |
16156 | + } | |
16157 | + | |
16158 | +int FIPS_x931_status(void) | |
16159 | + { | |
16160 | + int ret; | |
16161 | + CRYPTO_r_lock(CRYPTO_LOCK_RAND); | |
16162 | + ret = sctx.seeded; | |
16163 | + CRYPTO_r_unlock(CRYPTO_LOCK_RAND); | |
16164 | + return ret; | |
16165 | + } | |
16166 | + | |
16167 | +void FIPS_x931_reset(void) | |
16168 | + { | |
16169 | + CRYPTO_w_lock(CRYPTO_LOCK_RAND); | |
16170 | + fips_rand_prng_reset(&sctx); | |
16171 | + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); | |
16172 | + } | |
16173 | + | |
16174 | +static int fips_do_rand_seed(const void *seed, int seedlen) | |
16175 | + { | |
16176 | + FIPS_x931_seed(seed, seedlen); | |
16177 | + return 1; | |
16178 | + } | |
16179 | + | |
16180 | +static int fips_do_rand_add(const void *seed, int seedlen, | |
16181 | + double add_entropy) | |
16182 | + { | |
16183 | + FIPS_x931_seed(seed, seedlen); | |
16184 | + return 1; | |
16185 | + } | |
16186 | + | |
16187 | +static const RAND_METHOD rand_x931_meth= | |
16188 | + { | |
16189 | + fips_do_rand_seed, | |
16190 | + FIPS_x931_bytes, | |
16191 | + FIPS_x931_reset, | |
16192 | + fips_do_rand_add, | |
16193 | + FIPS_x931_bytes, | |
16194 | + FIPS_x931_status | |
16195 | + }; | |
16196 | + | |
16197 | +const RAND_METHOD *FIPS_x931_method(void) | |
16198 | +{ | |
16199 | + return &rand_x931_meth; | |
16200 | +} | |
16201 | + | |
16202 | +#endif | |
a7ff9508 MT |
16203 | diff -up openssl-1.0.1b/crypto/fips/fips_rand.h.fips openssl-1.0.1b/crypto/fips/fips_rand.h |
16204 | --- openssl-1.0.1b/crypto/fips/fips_rand.h.fips 2012-04-26 18:00:51.406769429 +0200 | |
16205 | +++ openssl-1.0.1b/crypto/fips/fips_rand.h 2012-04-26 18:00:51.406769429 +0200 | |
0595faf5 MT |
16206 | @@ -0,0 +1,145 @@ |
16207 | +/* ==================================================================== | |
16208 | + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. | |
16209 | + * | |
16210 | + * Redistribution and use in source and binary forms, with or without | |
16211 | + * modification, are permitted provided that the following conditions | |
16212 | + * are met: | |
16213 | + * | |
16214 | + * 1. Redistributions of source code must retain the above copyright | |
16215 | + * notice, this list of conditions and the following disclaimer. | |
16216 | + * | |
16217 | + * 2. Redistributions in binary form must reproduce the above copyright | |
16218 | + * notice, this list of conditions and the following disclaimer in | |
16219 | + * the documentation and/or other materials provided with the | |
16220 | + * distribution. | |
16221 | + * | |
16222 | + * 3. All advertising materials mentioning features or use of this | |
16223 | + * software must display the following acknowledgment: | |
16224 | + * "This product includes software developed by the OpenSSL Project | |
16225 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
16226 | + * | |
16227 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
16228 | + * endorse or promote products derived from this software without | |
16229 | + * prior written permission. For written permission, please contact | |
16230 | + * openssl-core@openssl.org. | |
16231 | + * | |
16232 | + * 5. Products derived from this software may not be called "OpenSSL" | |
16233 | + * nor may "OpenSSL" appear in their names without prior written | |
16234 | + * permission of the OpenSSL Project. | |
16235 | + * | |
16236 | + * 6. Redistributions of any form whatsoever must retain the following | |
16237 | + * acknowledgment: | |
16238 | + * "This product includes software developed by the OpenSSL Project | |
16239 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
16240 | + * | |
16241 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
16242 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
16243 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
16244 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
16245 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
16246 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
16247 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
16248 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
16249 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
16250 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
16251 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
16252 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
16253 | + * | |
16254 | + */ | |
16255 | + | |
16256 | +#ifndef HEADER_FIPS_RAND_H | |
16257 | +#define HEADER_FIPS_RAND_H | |
16258 | + | |
16259 | +#include <openssl/aes.h> | |
16260 | +#include <openssl/evp.h> | |
16261 | +#include <openssl/hmac.h> | |
16262 | +#include <openssl/rand.h> | |
16263 | + | |
16264 | +#ifdef OPENSSL_FIPS | |
16265 | + | |
16266 | +#ifdef __cplusplus | |
16267 | +extern "C" { | |
16268 | +#endif | |
16269 | + | |
16270 | +int FIPS_x931_set_key(const unsigned char *key, int keylen); | |
16271 | +int FIPS_x931_seed(const void *buf, int num); | |
16272 | +int FIPS_x931_bytes(unsigned char *out, int outlen); | |
16273 | + | |
16274 | +int FIPS_x931_test_mode(void); | |
16275 | +void FIPS_x931_reset(void); | |
16276 | +int FIPS_x931_set_dt(unsigned char *dt); | |
16277 | + | |
16278 | +int FIPS_x931_status(void); | |
16279 | + | |
16280 | +const RAND_METHOD *FIPS_x931_method(void); | |
16281 | + | |
16282 | +typedef struct drbg_ctx_st DRBG_CTX; | |
16283 | +/* DRBG external flags */ | |
16284 | +/* Flag for CTR mode only: use derivation function ctr_df */ | |
16285 | +#define DRBG_FLAG_CTR_USE_DF 0x1 | |
16286 | +/* PRNG is in test state */ | |
16287 | +#define DRBG_FLAG_TEST 0x2 | |
16288 | + | |
16289 | +DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags); | |
16290 | +int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags); | |
16291 | +int FIPS_drbg_instantiate(DRBG_CTX *dctx, | |
16292 | + const unsigned char *pers, size_t perslen); | |
16293 | +int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin, size_t adinlen); | |
16294 | +int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, | |
16295 | + int prediction_resistance, | |
16296 | + const unsigned char *adin, size_t adinlen); | |
16297 | + | |
16298 | +int FIPS_drbg_uninstantiate(DRBG_CTX *dctx); | |
16299 | +void FIPS_drbg_free(DRBG_CTX *dctx); | |
16300 | + | |
16301 | +int FIPS_drbg_set_callbacks(DRBG_CTX *dctx, | |
16302 | + size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout, | |
16303 | + int entropy, size_t min_len, size_t max_len), | |
16304 | + void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen), | |
16305 | + size_t entropy_blocklen, | |
16306 | + size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout, | |
16307 | + int entropy, size_t min_len, size_t max_len), | |
16308 | + void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen)); | |
16309 | + | |
16310 | +int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx, | |
16311 | + size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout), | |
16312 | + void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen), | |
16313 | + int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num), | |
16314 | + int (*rand_add_cb)(DRBG_CTX *ctx, | |
16315 | + const void *buf, int num, double entropy)); | |
16316 | + | |
16317 | +void *FIPS_drbg_get_app_data(DRBG_CTX *ctx); | |
16318 | +void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data); | |
16319 | +size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx); | |
16320 | +int FIPS_drbg_get_strength(DRBG_CTX *dctx); | |
16321 | +void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval); | |
16322 | +void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval); | |
16323 | + | |
16324 | +int FIPS_drbg_health_check(DRBG_CTX *dctx); | |
16325 | + | |
16326 | +DRBG_CTX *FIPS_get_default_drbg(void); | |
16327 | +const RAND_METHOD *FIPS_drbg_method(void); | |
16328 | + | |
16329 | + | |
16330 | +int FIPS_rand_set_method(const RAND_METHOD *meth); | |
16331 | +const RAND_METHOD *FIPS_rand_get_method(void); | |
16332 | + | |
16333 | +void FIPS_rand_set_bits(int nbits); | |
16334 | + | |
16335 | +int FIPS_rand_strength(void); | |
16336 | + | |
16337 | +/* 1.0.0 compat functions */ | |
16338 | +int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen); | |
16339 | +int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num); | |
16340 | +int FIPS_rand_bytes(unsigned char *out, FIPS_RAND_SIZE_T outlen); | |
16341 | +int FIPS_rand_test_mode(void); | |
16342 | +void FIPS_rand_reset(void); | |
16343 | +int FIPS_rand_set_dt(unsigned char *dt); | |
16344 | +int FIPS_rand_status(void); | |
16345 | +const RAND_METHOD *FIPS_rand_method(void); | |
16346 | + | |
16347 | +#ifdef __cplusplus | |
16348 | +} | |
16349 | +#endif | |
16350 | +#endif | |
16351 | +#endif | |
a7ff9508 MT |
16352 | diff -up openssl-1.0.1b/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1b/crypto/fips/fips_rand_lcl.h |
16353 | --- openssl-1.0.1b/crypto/fips/fips_rand_lcl.h.fips 2012-04-26 18:00:51.406769429 +0200 | |
16354 | +++ openssl-1.0.1b/crypto/fips/fips_rand_lcl.h 2012-04-26 18:00:51.406769429 +0200 | |
0595faf5 MT |
16355 | @@ -0,0 +1,219 @@ |
16356 | +/* fips/rand/fips_rand_lcl.h */ | |
16357 | +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
16358 | + * project. | |
16359 | + */ | |
16360 | +/* ==================================================================== | |
16361 | + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | |
16362 | + * | |
16363 | + * Redistribution and use in source and binary forms, with or without | |
16364 | + * modification, are permitted provided that the following conditions | |
16365 | + * are met: | |
16366 | + * | |
16367 | + * 1. Redistributions of source code must retain the above copyright | |
16368 | + * notice, this list of conditions and the following disclaimer. | |
16369 | + * | |
16370 | + * 2. Redistributions in binary form must reproduce the above copyright | |
16371 | + * notice, this list of conditions and the following disclaimer in | |
16372 | + * the documentation and/or other materials provided with the | |
16373 | + * distribution. | |
16374 | + * | |
16375 | + * 3. All advertising materials mentioning features or use of this | |
16376 | + * software must display the following acknowledgment: | |
16377 | + * "This product includes software developed by the OpenSSL Project | |
16378 | + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
16379 | + * | |
16380 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
16381 | + * endorse or promote products derived from this software without | |
16382 | + * prior written permission. For written permission, please contact | |
16383 | + * licensing@OpenSSL.org. | |
16384 | + * | |
16385 | + * 5. Products derived from this software may not be called "OpenSSL" | |
16386 | + * nor may "OpenSSL" appear in their names without prior written | |
16387 | + * permission of the OpenSSL Project. | |
16388 | + * | |
16389 | + * 6. Redistributions of any form whatsoever must retain the following | |
16390 | + * acknowledgment: | |
16391 | + * "This product includes software developed by the OpenSSL Project | |
16392 | + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
16393 | + * | |
16394 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
16395 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
16396 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
16397 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
16398 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
16399 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
16400 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
16401 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
16402 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
16403 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
16404 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
16405 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
16406 | + * ==================================================================== | |
16407 | + */ | |
16408 | + | |
16409 | +typedef struct drbg_hash_ctx_st DRBG_HASH_CTX; | |
16410 | +typedef struct drbg_hmac_ctx_st DRBG_HMAC_CTX; | |
16411 | +typedef struct drbg_ctr_ctx_st DRBG_CTR_CTX; | |
16412 | + | |
16413 | +/* 888 bits from 10.1 table 2 */ | |
16414 | +#define HASH_PRNG_MAX_SEEDLEN 111 | |
16415 | + | |
16416 | +struct drbg_hash_ctx_st | |
16417 | + { | |
16418 | + const EVP_MD *md; | |
16419 | + EVP_MD_CTX mctx; | |
16420 | + unsigned char V[HASH_PRNG_MAX_SEEDLEN]; | |
16421 | + unsigned char C[HASH_PRNG_MAX_SEEDLEN]; | |
16422 | + /* Temporary value storage: should always exceed max digest length */ | |
16423 | + unsigned char vtmp[HASH_PRNG_MAX_SEEDLEN]; | |
16424 | + }; | |
16425 | + | |
16426 | +struct drbg_hmac_ctx_st | |
16427 | + { | |
16428 | + const EVP_MD *md; | |
16429 | + HMAC_CTX hctx; | |
16430 | + unsigned char K[EVP_MAX_MD_SIZE]; | |
16431 | + unsigned char V[EVP_MAX_MD_SIZE]; | |
16432 | + }; | |
16433 | + | |
16434 | +struct drbg_ctr_ctx_st | |
16435 | + { | |
16436 | + AES_KEY ks; | |
16437 | + size_t keylen; | |
16438 | + unsigned char K[32]; | |
16439 | + unsigned char V[16]; | |
16440 | + /* Temp variables used by derivation function */ | |
16441 | + AES_KEY df_ks; | |
16442 | + AES_KEY df_kxks; | |
16443 | + /* Temporary block storage used by ctr_df */ | |
16444 | + unsigned char bltmp[16]; | |
16445 | + size_t bltmp_pos; | |
16446 | + unsigned char KX[48]; | |
16447 | + }; | |
16448 | + | |
16449 | +/* DRBG internal flags */ | |
16450 | + | |
16451 | +/* Functions shouldn't call err library */ | |
16452 | +#define DRBG_FLAG_NOERR 0x1 | |
16453 | +/* Custom reseed checking */ | |
16454 | +#define DRBG_CUSTOM_RESEED 0x2 | |
16455 | + | |
16456 | +/* DRBG status values */ | |
16457 | +/* not initialised */ | |
16458 | +#define DRBG_STATUS_UNINITIALISED 0 | |
16459 | +/* ok and ready to generate random bits */ | |
16460 | +#define DRBG_STATUS_READY 1 | |
16461 | +/* reseed required */ | |
16462 | +#define DRBG_STATUS_RESEED 2 | |
16463 | +/* fatal error condition */ | |
16464 | +#define DRBG_STATUS_ERROR 3 | |
16465 | + | |
16466 | +/* A default maximum length: larger than any reasonable value used in pratice */ | |
16467 | + | |
16468 | +#define DRBG_MAX_LENGTH 0x7ffffff0 | |
16469 | +/* Maximum DRBG block length: all md sizes are bigger than cipher blocks sizes | |
16470 | + * so use max digest length. | |
16471 | + */ | |
16472 | +#define DRBG_MAX_BLOCK EVP_MAX_MD_SIZE | |
16473 | + | |
16474 | +#define DRBG_HEALTH_INTERVAL (1 << 24) | |
16475 | + | |
16476 | +/* DRBG context structure */ | |
16477 | + | |
16478 | +struct drbg_ctx_st | |
16479 | + { | |
16480 | + /* First types common to all implementations */ | |
16481 | + /* DRBG type: a NID for the underlying algorithm */ | |
16482 | + int type; | |
16483 | + /* Various external flags */ | |
16484 | + unsigned int xflags; | |
16485 | + /* Various internal use only flags */ | |
16486 | + unsigned int iflags; | |
16487 | + /* Used for periodic health checks */ | |
16488 | + int health_check_cnt, health_check_interval; | |
16489 | + | |
16490 | + /* The following parameters are setup by mechanism drbg_init() call */ | |
16491 | + int strength; | |
16492 | + size_t blocklength; | |
16493 | + size_t max_request; | |
16494 | + | |
16495 | + size_t min_entropy, max_entropy; | |
16496 | + size_t min_nonce, max_nonce; | |
16497 | + size_t max_pers, max_adin; | |
16498 | + unsigned int reseed_counter; | |
16499 | + unsigned int reseed_interval; | |
16500 | + size_t seedlen; | |
16501 | + int status; | |
16502 | + /* Application data: typically used by test get_entropy */ | |
16503 | + void *app_data; | |
16504 | + /* Implementation specific structures */ | |
16505 | + union | |
16506 | + { | |
16507 | + DRBG_HASH_CTX hash; | |
16508 | + DRBG_HMAC_CTX hmac; | |
16509 | + DRBG_CTR_CTX ctr; | |
16510 | + } d; | |
16511 | + /* Initialiase PRNG and setup callbacks below */ | |
16512 | + int (*init)(DRBG_CTX *ctx, int nid, int security, unsigned int flags); | |
16513 | + /* Intantiate PRNG */ | |
16514 | + int (*instantiate)(DRBG_CTX *ctx, | |
16515 | + const unsigned char *ent, size_t entlen, | |
16516 | + const unsigned char *nonce, size_t noncelen, | |
16517 | + const unsigned char *pers, size_t perslen); | |
16518 | + /* reseed */ | |
16519 | + int (*reseed)(DRBG_CTX *ctx, | |
16520 | + const unsigned char *ent, size_t entlen, | |
16521 | + const unsigned char *adin, size_t adinlen); | |
16522 | + /* generat output */ | |
16523 | + int (*generate)(DRBG_CTX *ctx, | |
16524 | + unsigned char *out, size_t outlen, | |
16525 | + const unsigned char *adin, size_t adinlen); | |
16526 | + /* uninstantiate */ | |
16527 | + int (*uninstantiate)(DRBG_CTX *ctx); | |
16528 | + | |
16529 | + /* Entropy source block length */ | |
16530 | + size_t entropy_blocklen; | |
16531 | + | |
16532 | + /* entropy gathering function */ | |
16533 | + size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout, | |
16534 | + int entropy, size_t min_len, size_t max_len); | |
16535 | + /* Indicates we have finished with entropy buffer */ | |
16536 | + void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen); | |
16537 | + | |
16538 | + /* nonce gathering function */ | |
16539 | + size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout, | |
16540 | + int entropy, size_t min_len, size_t max_len); | |
16541 | + /* Indicates we have finished with nonce buffer */ | |
16542 | + void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen); | |
16543 | + | |
16544 | + /* Continuous random number test temporary area */ | |
16545 | + /* Last block */ | |
16546 | + unsigned char lb[EVP_MAX_MD_SIZE]; | |
16547 | + /* set if lb is valid */ | |
16548 | + int lb_valid; | |
16549 | + | |
16550 | + /* Callbacks used when called through RAND interface */ | |
16551 | + /* Get any additional input for generate */ | |
16552 | + size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout); | |
16553 | + void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen); | |
16554 | + /* Callback for RAND_seed(), RAND_add() */ | |
16555 | + int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num); | |
16556 | + int (*rand_add_cb)(DRBG_CTX *ctx, | |
16557 | + const void *buf, int num, double entropy); | |
16558 | + }; | |
16559 | + | |
16560 | + | |
16561 | +int fips_drbg_ctr_init(DRBG_CTX *dctx); | |
16562 | +int fips_drbg_hash_init(DRBG_CTX *dctx); | |
16563 | +int fips_drbg_hmac_init(DRBG_CTX *dctx); | |
16564 | +int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags); | |
16565 | +int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out); | |
16566 | + | |
16567 | +const struct env_md_st *FIPS_get_digestbynid(int nid); | |
16568 | + | |
16569 | +const struct evp_cipher_st *FIPS_get_cipherbynid(int nid); | |
16570 | + | |
16571 | +#define FIPS_digestinit EVP_DigestInit | |
16572 | +#define FIPS_digestupdate EVP_DigestUpdate | |
16573 | +#define FIPS_digestfinal EVP_DigestFinal | |
16574 | +#define M_EVP_MD_size EVP_MD_size | |
a7ff9508 MT |
16575 | diff -up openssl-1.0.1b/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1b/crypto/fips/fips_rand_lib.c |
16576 | --- openssl-1.0.1b/crypto/fips/fips_rand_lib.c.fips 2012-04-26 18:00:51.407769451 +0200 | |
16577 | +++ openssl-1.0.1b/crypto/fips/fips_rand_lib.c 2012-04-26 18:00:51.407769451 +0200 | |
0595faf5 MT |
16578 | @@ -0,0 +1,191 @@ |
16579 | +/* ==================================================================== | |
16580 | + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. | |
16581 | + * | |
16582 | + * Redistribution and use in source and binary forms, with or without | |
16583 | + * modification, are permitted provided that the following conditions | |
16584 | + * are met: | |
16585 | + * | |
16586 | + * 1. Redistributions of source code must retain the above copyright | |
16587 | + * notice, this list of conditions and the following disclaimer. | |
16588 | + * | |
16589 | + * 2. Redistributions in binary form must reproduce the above copyright | |
16590 | + * notice, this list of conditions and the following disclaimer in | |
16591 | + * the documentation and/or other materials provided with the | |
16592 | + * distribution. | |
16593 | + * | |
16594 | + * 3. All advertising materials mentioning features or use of this | |
16595 | + * software must display the following acknowledgment: | |
16596 | + * "This product includes software developed by the OpenSSL Project | |
16597 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
16598 | + * | |
16599 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
16600 | + * endorse or promote products derived from this software without | |
16601 | + * prior written permission. For written permission, please contact | |
16602 | + * openssl-core@openssl.org. | |
16603 | + * | |
16604 | + * 5. Products derived from this software may not be called "OpenSSL" | |
16605 | + * nor may "OpenSSL" appear in their names without prior written | |
16606 | + * permission of the OpenSSL Project. | |
16607 | + * | |
16608 | + * 6. Redistributions of any form whatsoever must retain the following | |
16609 | + * acknowledgment: | |
16610 | + * "This product includes software developed by the OpenSSL Project | |
16611 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
16612 | + * | |
16613 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
16614 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
16615 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
16616 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
16617 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
16618 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
16619 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
16620 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
16621 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
16622 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
16623 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
16624 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
16625 | + * | |
16626 | + */ | |
16627 | + | |
16628 | +#include <openssl/crypto.h> | |
16629 | +#include <openssl/rand.h> | |
16630 | +#include <openssl/err.h> | |
16631 | +#include <openssl/fips.h> | |
16632 | +#include <openssl/fips_rand.h> | |
16633 | +#include "e_os.h" | |
16634 | + | |
16635 | +/* FIPS API for PRNG use. Similar to RAND functionality but without | |
16636 | + * ENGINE and additional checking for non-FIPS rand methods. | |
16637 | + */ | |
16638 | + | |
16639 | +static const RAND_METHOD *fips_rand_meth = NULL; | |
16640 | +static int fips_approved_rand_meth = 0; | |
16641 | +static int fips_rand_bits = 0; | |
16642 | + | |
16643 | +/* Allows application to override number of bits and uses non-FIPS methods */ | |
16644 | +void FIPS_rand_set_bits(int nbits) | |
16645 | + { | |
16646 | + fips_rand_bits = nbits; | |
16647 | + } | |
16648 | + | |
16649 | +int FIPS_rand_set_method(const RAND_METHOD *meth) | |
16650 | + { | |
16651 | + if (!fips_rand_bits) | |
16652 | + { | |
16653 | + if (meth == FIPS_drbg_method()) | |
16654 | + fips_approved_rand_meth = 1; | |
16655 | + else if (meth == FIPS_x931_method()) | |
16656 | + fips_approved_rand_meth = 2; | |
16657 | + else | |
16658 | + { | |
16659 | + fips_approved_rand_meth = 0; | |
16660 | + if (FIPS_module_mode()) | |
16661 | + { | |
16662 | + FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD, | |
16663 | + FIPS_R_NON_FIPS_METHOD); | |
16664 | + return 0; | |
16665 | + } | |
16666 | + } | |
16667 | + } | |
16668 | + fips_rand_meth = meth; | |
16669 | + return 1; | |
16670 | + } | |
16671 | + | |
16672 | +const RAND_METHOD *FIPS_rand_get_method(void) | |
16673 | + { | |
16674 | + return fips_rand_meth; | |
16675 | + } | |
16676 | + | |
16677 | +const RAND_METHOD *FIPS_rand_method(void) | |
16678 | + { | |
16679 | + return FIPS_rand_get_method(); | |
16680 | + } | |
16681 | + | |
16682 | +void FIPS_rand_reset(void) | |
16683 | + { | |
16684 | + if (fips_rand_meth && fips_rand_meth->cleanup) | |
16685 | + fips_rand_meth->cleanup(); | |
16686 | + } | |
16687 | + | |
16688 | +int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num) | |
16689 | + { | |
16690 | + if (!fips_approved_rand_meth && FIPS_module_mode()) | |
16691 | + { | |
16692 | + FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD); | |
16693 | + return 0; | |
16694 | + } | |
16695 | + if (fips_rand_meth && fips_rand_meth->seed) | |
16696 | + fips_rand_meth->seed(buf,num); | |
16697 | + return 1; | |
16698 | + } | |
16699 | + | |
16700 | +void FIPS_rand_add(const void *buf, int num, double entropy) | |
16701 | + { | |
16702 | + if (!fips_approved_rand_meth && FIPS_module_mode()) | |
16703 | + { | |
16704 | + FIPSerr(FIPS_F_FIPS_RAND_ADD, FIPS_R_NON_FIPS_METHOD); | |
16705 | + return; | |
16706 | + } | |
16707 | + if (fips_rand_meth && fips_rand_meth->add) | |
16708 | + fips_rand_meth->add(buf,num,entropy); | |
16709 | + } | |
16710 | + | |
16711 | +int FIPS_rand_bytes(unsigned char *buf, FIPS_RAND_SIZE_T num) | |
16712 | + { | |
16713 | + if (!fips_approved_rand_meth && FIPS_module_mode()) | |
16714 | + { | |
16715 | + FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD); | |
16716 | + return 0; | |
16717 | + } | |
16718 | + if (fips_rand_meth && fips_rand_meth->bytes) | |
16719 | + return fips_rand_meth->bytes(buf,num); | |
16720 | + return 0; | |
16721 | + } | |
16722 | + | |
16723 | +int FIPS_rand_pseudo_bytes(unsigned char *buf, int num) | |
16724 | + { | |
16725 | + if (!fips_approved_rand_meth && FIPS_module_mode()) | |
16726 | + { | |
16727 | + FIPSerr(FIPS_F_FIPS_RAND_PSEUDO_BYTES, FIPS_R_NON_FIPS_METHOD); | |
16728 | + return 0; | |
16729 | + } | |
16730 | + if (fips_rand_meth && fips_rand_meth->pseudorand) | |
16731 | + return fips_rand_meth->pseudorand(buf,num); | |
16732 | + return -1; | |
16733 | + } | |
16734 | + | |
16735 | +int FIPS_rand_status(void) | |
16736 | + { | |
16737 | + if (!fips_approved_rand_meth && FIPS_module_mode()) | |
16738 | + { | |
16739 | + FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD); | |
16740 | + return 0; | |
16741 | + } | |
16742 | + if (fips_rand_meth && fips_rand_meth->status) | |
16743 | + return fips_rand_meth->status(); | |
16744 | + return 0; | |
16745 | + } | |
16746 | + | |
16747 | +/* Return instantiated strength of PRNG. For DRBG this is an internal | |
16748 | + * parameter. For X9.31 PRNG it is 80 bits (from SP800-131). Any other | |
16749 | + * type of PRNG is not approved and returns 0 in FIPS mode and maximum | |
16750 | + * 256 outside FIPS mode. | |
16751 | + */ | |
16752 | + | |
16753 | +int FIPS_rand_strength(void) | |
16754 | + { | |
16755 | + if (fips_rand_bits) | |
16756 | + return fips_rand_bits; | |
16757 | + if (fips_approved_rand_meth == 1) | |
16758 | + return FIPS_drbg_get_strength(FIPS_get_default_drbg()); | |
16759 | + else if (fips_approved_rand_meth == 2) | |
16760 | + return 80; | |
16761 | + else if (fips_approved_rand_meth == 0) | |
16762 | + { | |
16763 | + if (FIPS_module_mode()) | |
16764 | + return 0; | |
16765 | + else | |
16766 | + return 256; | |
16767 | + } | |
16768 | + return 0; | |
16769 | + } | |
a7ff9508 MT |
16770 | diff -up openssl-1.0.1b/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_rand_selftest.c |
16771 | --- openssl-1.0.1b/crypto/fips/fips_rand_selftest.c.fips 2012-04-26 18:00:51.407769451 +0200 | |
16772 | +++ openssl-1.0.1b/crypto/fips/fips_rand_selftest.c 2012-04-26 18:00:51.407769451 +0200 | |
0595faf5 MT |
16773 | @@ -0,0 +1,183 @@ |
16774 | +/* ==================================================================== | |
16775 | + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. | |
16776 | + * | |
16777 | + * Redistribution and use in source and binary forms, with or without | |
16778 | + * modification, are permitted provided that the following conditions | |
16779 | + * are met: | |
16780 | + * | |
16781 | + * 1. Redistributions of source code must retain the above copyright | |
16782 | + * notice, this list of conditions and the following disclaimer. | |
16783 | + * | |
16784 | + * 2. Redistributions in binary form must reproduce the above copyright | |
16785 | + * notice, this list of conditions and the following disclaimer in | |
16786 | + * the documentation and/or other materials provided with the | |
16787 | + * distribution. | |
16788 | + * | |
16789 | + * 3. All advertising materials mentioning features or use of this | |
16790 | + * software must display the following acknowledgment: | |
16791 | + * "This product includes software developed by the OpenSSL Project | |
16792 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
16793 | + * | |
16794 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
16795 | + * endorse or promote products derived from this software without | |
16796 | + * prior written permission. For written permission, please contact | |
16797 | + * openssl-core@openssl.org. | |
16798 | + * | |
16799 | + * 5. Products derived from this software may not be called "OpenSSL" | |
16800 | + * nor may "OpenSSL" appear in their names without prior written | |
16801 | + * permission of the OpenSSL Project. | |
16802 | + * | |
16803 | + * 6. Redistributions of any form whatsoever must retain the following | |
16804 | + * acknowledgment: | |
16805 | + * "This product includes software developed by the OpenSSL Project | |
16806 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
16807 | + * | |
16808 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
16809 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
16810 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
16811 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
16812 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
16813 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
16814 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
16815 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
16816 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
16817 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
16818 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
16819 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
16820 | + * | |
16821 | + */ | |
16822 | + | |
16823 | +#include <string.h> | |
16824 | +#include <openssl/err.h> | |
16825 | +#include <openssl/fips.h> | |
16826 | +#include <openssl/rand.h> | |
16827 | +#include <openssl/fips_rand.h> | |
16828 | +#include "fips_locl.h" | |
16829 | + | |
16830 | +#ifdef OPENSSL_FIPS | |
16831 | + | |
16832 | + | |
16833 | + | |
16834 | +typedef struct | |
16835 | + { | |
16836 | + unsigned char DT[16]; | |
16837 | + unsigned char V[16]; | |
16838 | + unsigned char R[16]; | |
16839 | + } AES_PRNG_TV; | |
16840 | + | |
16841 | +/* The following test vectors are taken directly from the RGNVS spec */ | |
16842 | + | |
16843 | +static unsigned char aes_128_key[16] = | |
16844 | + {0xf3,0xb1,0x66,0x6d,0x13,0x60,0x72,0x42, | |
16845 | + 0xed,0x06,0x1c,0xab,0xb8,0xd4,0x62,0x02}; | |
16846 | + | |
16847 | +static AES_PRNG_TV aes_128_tv = | |
16848 | + { | |
16849 | + /* DT */ | |
16850 | + {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62, | |
16851 | + 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xf9}, | |
16852 | + /* V */ | |
16853 | + {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00, | |
16854 | + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, | |
16855 | + /* R */ | |
16856 | + {0x59,0x53,0x1e,0xd1,0x3b,0xb0,0xc0,0x55, | |
16857 | + 0x84,0x79,0x66,0x85,0xc1,0x2f,0x76,0x41} | |
16858 | + }; | |
16859 | + | |
16860 | +static unsigned char aes_192_key[24] = | |
16861 | + {0x15,0xd8,0x78,0x0d,0x62,0xd3,0x25,0x6e, | |
16862 | + 0x44,0x64,0x10,0x13,0x60,0x2b,0xa9,0xbc, | |
16863 | + 0x4a,0xfb,0xca,0xeb,0x4c,0x8b,0x99,0x3b}; | |
16864 | + | |
16865 | +static AES_PRNG_TV aes_192_tv = | |
16866 | + { | |
16867 | + /* DT */ | |
16868 | + {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1, | |
16869 | + 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4b}, | |
16870 | + /* V */ | |
16871 | + {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00, | |
16872 | + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, | |
16873 | + /* R */ | |
16874 | + {0x17,0x07,0xd5,0x28,0x19,0x79,0x1e,0xef, | |
16875 | + 0xa5,0x0c,0xbf,0x25,0xe5,0x56,0xb4,0x93} | |
16876 | + }; | |
16877 | + | |
16878 | +static unsigned char aes_256_key[32] = | |
16879 | + {0x6d,0x14,0x06,0x6c,0xb6,0xd8,0x21,0x2d, | |
16880 | + 0x82,0x8d,0xfa,0xf2,0x7a,0x03,0xb7,0x9f, | |
16881 | + 0x0c,0xc7,0x3e,0xcd,0x76,0xeb,0xee,0xb5, | |
16882 | + 0x21,0x05,0x8c,0x4f,0x31,0x7a,0x80,0xbb}; | |
16883 | + | |
16884 | +static AES_PRNG_TV aes_256_tv = | |
16885 | + { | |
16886 | + /* DT */ | |
16887 | + {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5, | |
16888 | + 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x88}, | |
16889 | + /* V */ | |
16890 | + {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00, | |
16891 | + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, | |
16892 | + /* R */ | |
16893 | + {0x35,0xc7,0xef,0xa7,0x78,0x4d,0x29,0xbc, | |
16894 | + 0x82,0x79,0x99,0xfb,0xd0,0xb3,0x3b,0x72} | |
16895 | + }; | |
16896 | + | |
16897 | +void FIPS_corrupt_rng() | |
16898 | + { | |
16899 | + aes_192_tv.V[0]++; | |
16900 | + } | |
16901 | + | |
16902 | +#define fips_x931_test(key, tv) \ | |
16903 | + do_x931_test(key, sizeof key, &tv) | |
16904 | + | |
16905 | +static int do_x931_test(unsigned char *key, int keylen, | |
16906 | + AES_PRNG_TV *tv) | |
16907 | + { | |
16908 | + unsigned char R[16], V[16]; | |
16909 | + int rv = 1; | |
16910 | + memcpy(V, tv->V, sizeof(V)); | |
16911 | + if (!FIPS_x931_set_key(key, keylen)) | |
16912 | + return 0; | |
16913 | + if (!fips_post_started(FIPS_TEST_X931, keylen, NULL)) | |
16914 | + return 1; | |
16915 | + if (!fips_post_corrupt(FIPS_TEST_X931, keylen, NULL)) | |
16916 | + V[0]++; | |
16917 | + FIPS_x931_seed(V, 16); | |
16918 | + FIPS_x931_set_dt(tv->DT); | |
16919 | + FIPS_x931_bytes(R, 16); | |
16920 | + if (memcmp(R, tv->R, 16)) | |
16921 | + { | |
16922 | + fips_post_failed(FIPS_TEST_X931, keylen, NULL); | |
16923 | + rv = 0; | |
16924 | + } | |
16925 | + else if (!fips_post_success(FIPS_TEST_X931, keylen, NULL)) | |
16926 | + return 0; | |
16927 | + return rv; | |
16928 | + } | |
16929 | + | |
16930 | +int FIPS_selftest_x931() | |
16931 | + { | |
16932 | + int rv = 1; | |
16933 | + FIPS_x931_reset(); | |
16934 | + if (!FIPS_x931_test_mode()) | |
16935 | + { | |
16936 | + FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED); | |
16937 | + return 0; | |
16938 | + } | |
16939 | + if (!fips_x931_test(aes_128_key,aes_128_tv)) | |
16940 | + rv = 0; | |
16941 | + if (!fips_x931_test(aes_192_key, aes_192_tv)) | |
16942 | + rv = 0; | |
16943 | + if (!fips_x931_test(aes_256_key, aes_256_tv)) | |
16944 | + rv = 0; | |
16945 | + FIPS_x931_reset(); | |
16946 | + if (!rv) | |
16947 | + FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED); | |
16948 | + return rv; | |
16949 | + } | |
16950 | + | |
16951 | +int FIPS_selftest_rng(void) | |
16952 | + { | |
16953 | + return FIPS_selftest_x931(); | |
16954 | + } | |
16955 | + | |
16956 | +#endif | |
a7ff9508 MT |
16957 | diff -up openssl-1.0.1b/crypto/fips/fips_randtest.c.fips openssl-1.0.1b/crypto/fips/fips_randtest.c |
16958 | --- openssl-1.0.1b/crypto/fips/fips_randtest.c.fips 2012-04-26 18:00:51.407769451 +0200 | |
16959 | +++ openssl-1.0.1b/crypto/fips/fips_randtest.c 2012-04-26 18:00:51.407769451 +0200 | |
0595faf5 MT |
16960 | @@ -0,0 +1,250 @@ |
16961 | +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | |
16962 | + * All rights reserved. | |
16963 | + * | |
16964 | + * This package is an SSL implementation written | |
16965 | + * by Eric Young (eay@cryptsoft.com). | |
16966 | + * The implementation was written so as to conform with Netscapes SSL. | |
16967 | + * | |
16968 | + * This library is free for commercial and non-commercial use as long as | |
16969 | + * the following conditions are aheared to. The following conditions | |
16970 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
16971 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
16972 | + * included with this distribution is covered by the same copyright terms | |
16973 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
16974 | + * | |
16975 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
16976 | + * the code are not to be removed. | |
16977 | + * If this package is used in a product, Eric Young should be given attribution | |
16978 | + * as the author of the parts of the library used. | |
16979 | + * This can be in the form of a textual message at program startup or | |
16980 | + * in documentation (online or textual) provided with the package. | |
16981 | + * | |
16982 | + * Redistribution and use in source and binary forms, with or without | |
16983 | + * modification, are permitted provided that the following conditions | |
16984 | + * are met: | |
16985 | + * 1. Redistributions of source code must retain the copyright | |
16986 | + * notice, this list of conditions and the following disclaimer. | |
16987 | + * 2. Redistributions in binary form must reproduce the above copyright | |
16988 | + * notice, this list of conditions and the following disclaimer in the | |
16989 | + * documentation and/or other materials provided with the distribution. | |
16990 | + * 3. All advertising materials mentioning features or use of this software | |
16991 | + * must display the following acknowledgement: | |
16992 | + * "This product includes cryptographic software written by | |
16993 | + * Eric Young (eay@cryptsoft.com)" | |
16994 | + * The word 'cryptographic' can be left out if the rouines from the library | |
16995 | + * being used are not cryptographic related :-). | |
16996 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
16997 | + * the apps directory (application code) you must include an acknowledgement: | |
16998 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
16999 | + * | |
17000 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
17001 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
17002 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
17003 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
17004 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
17005 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
17006 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
17007 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
17008 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
17009 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
17010 | + * SUCH DAMAGE. | |
17011 | + * | |
17012 | + * The licence and distribution terms for any publically available version or | |
17013 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
17014 | + * copied and put under another distribution licence | |
17015 | + * [including the GNU Public Licence.] | |
17016 | + */ | |
17017 | +/* ==================================================================== | |
17018 | + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. | |
17019 | + * | |
17020 | + * Redistribution and use in source and binary forms, with or without | |
17021 | + * modification, are permitted provided that the following conditions | |
17022 | + * are met: | |
17023 | + * | |
17024 | + * 1. Redistributions of source code must retain the above copyright | |
17025 | + * notice, this list of conditions and the following disclaimer. | |
17026 | + * | |
17027 | + * 2. Redistributions in binary form must reproduce the above copyright | |
17028 | + * notice, this list of conditions and the following disclaimer in | |
17029 | + * the documentation and/or other materials provided with the | |
17030 | + * distribution. | |
17031 | + * | |
17032 | + * 3. All advertising materials mentioning features or use of this | |
17033 | + * software must display the following acknowledgment: | |
17034 | + * "This product includes software developed by the OpenSSL Project | |
17035 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
17036 | + * | |
17037 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
17038 | + * endorse or promote products derived from this software without | |
17039 | + * prior written permission. For written permission, please contact | |
17040 | + * openssl-core@openssl.org. | |
17041 | + * | |
17042 | + * 5. Products derived from this software may not be called "OpenSSL" | |
17043 | + * nor may "OpenSSL" appear in their names without prior written | |
17044 | + * permission of the OpenSSL Project. | |
17045 | + * | |
17046 | + * 6. Redistributions of any form whatsoever must retain the following | |
17047 | + * acknowledgment: | |
17048 | + * "This product includes software developed by the OpenSSL Project | |
17049 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
17050 | + * | |
17051 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
17052 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
17053 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
17054 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
17055 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
17056 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
17057 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
17058 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
17059 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
17060 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
17061 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
17062 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
17063 | + * | |
17064 | + */ | |
17065 | + | |
17066 | +#include <stdio.h> | |
17067 | +#include <stdlib.h> | |
17068 | +#include <string.h> | |
17069 | +#include <ctype.h> | |
17070 | +#include <openssl/rand.h> | |
17071 | +#include <openssl/fips_rand.h> | |
17072 | +#include <openssl/err.h> | |
17073 | +#include <openssl/bn.h> | |
17074 | + | |
17075 | +#include "e_os.h" | |
17076 | + | |
17077 | +#ifndef OPENSSL_FIPS | |
17078 | +int main(int argc, char *argv[]) | |
17079 | +{ | |
17080 | + printf("No FIPS RAND support\n"); | |
17081 | + return(0); | |
17082 | +} | |
17083 | + | |
17084 | +#else | |
17085 | + | |
17086 | +#include "fips_utl.h" | |
17087 | +#include <openssl/fips.h> | |
17088 | + | |
17089 | +typedef struct | |
17090 | + { | |
17091 | + unsigned char DT[16]; | |
17092 | + unsigned char V[16]; | |
17093 | + unsigned char R[16]; | |
17094 | + } AES_PRNG_MCT; | |
17095 | + | |
17096 | +static const unsigned char aes_128_mct_key[16] = | |
17097 | + {0x9f,0x5b,0x51,0x20,0x0b,0xf3,0x34,0xb5, | |
17098 | + 0xd8,0x2b,0xe8,0xc3,0x72,0x55,0xc8,0x48}; | |
17099 | + | |
17100 | +static const AES_PRNG_MCT aes_128_mct_tv = { | |
17101 | + /* DT */ | |
17102 | + {0x63,0x76,0xbb,0xe5,0x29,0x02,0xba,0x3b, | |
17103 | + 0x67,0xc9,0x25,0xfa,0x70,0x1f,0x11,0xac}, | |
17104 | + /* V */ | |
17105 | + {0x57,0x2c,0x8e,0x76,0x87,0x26,0x47,0x97, | |
17106 | + 0x7e,0x74,0xfb,0xdd,0xc4,0x95,0x01,0xd1}, | |
17107 | + /* R */ | |
17108 | + {0x48,0xe9,0xbd,0x0d,0x06,0xee,0x18,0xfb, | |
17109 | + 0xe4,0x57,0x90,0xd5,0xc3,0xfc,0x9b,0x73} | |
17110 | +}; | |
17111 | + | |
17112 | +static const unsigned char aes_192_mct_key[24] = | |
17113 | + {0xb7,0x6c,0x34,0xd1,0x09,0x67,0xab,0x73, | |
17114 | + 0x4d,0x5a,0xd5,0x34,0x98,0x16,0x0b,0x91, | |
17115 | + 0xbc,0x35,0x51,0x16,0x6b,0xae,0x93,0x8a}; | |
17116 | + | |
17117 | +static const AES_PRNG_MCT aes_192_mct_tv = { | |
17118 | + /* DT */ | |
17119 | + {0x84,0xce,0x22,0x7d,0x91,0x5a,0xa3,0xc9, | |
17120 | + 0x84,0x3c,0x0a,0xb3,0xa9,0x63,0x15,0x52}, | |
17121 | + /* V */ | |
17122 | + {0xb6,0xaf,0xe6,0x8f,0x99,0x9e,0x90,0x64, | |
17123 | + 0xdd,0xc7,0x7a,0xc1,0xbb,0x90,0x3a,0x6d}, | |
17124 | + /* R */ | |
17125 | + {0xfc,0x85,0x60,0x9a,0x29,0x6f,0xef,0x21, | |
17126 | + 0xdd,0x86,0x20,0x32,0x8a,0x29,0x6f,0x47} | |
17127 | +}; | |
17128 | + | |
17129 | +static const unsigned char aes_256_mct_key[32] = | |
17130 | + {0x9b,0x05,0xc8,0x68,0xff,0x47,0xf8,0x3a, | |
17131 | + 0xa6,0x3a,0xa8,0xcb,0x4e,0x71,0xb2,0xe0, | |
17132 | + 0xb8,0x7e,0xf1,0x37,0xb6,0xb4,0xf6,0x6d, | |
17133 | + 0x86,0x32,0xfc,0x1f,0x5e,0x1d,0x1e,0x50}; | |
17134 | + | |
17135 | +static const AES_PRNG_MCT aes_256_mct_tv = { | |
17136 | + /* DT */ | |
17137 | + {0x31,0x6e,0x35,0x9a,0xb1,0x44,0xf0,0xee, | |
17138 | + 0x62,0x6d,0x04,0x46,0xe0,0xa3,0x92,0x4c}, | |
17139 | + /* V */ | |
17140 | + {0x4f,0xcd,0xc1,0x87,0x82,0x1f,0x4d,0xa1, | |
17141 | + 0x3e,0x0e,0x56,0x44,0x59,0xe8,0x83,0xca}, | |
17142 | + /* R */ | |
17143 | + {0xc8,0x87,0xc2,0x61,0x5b,0xd0,0xb9,0xe1, | |
17144 | + 0xe7,0xf3,0x8b,0xd7,0x5b,0xd5,0xf1,0x8d} | |
17145 | +}; | |
17146 | + | |
17147 | +static void dump(const unsigned char *b,int n) | |
17148 | + { | |
17149 | + while(n-- > 0) | |
17150 | + { | |
17151 | + printf(" %02x",*b++); | |
17152 | + } | |
17153 | + } | |
17154 | + | |
17155 | +static void compare(const unsigned char *result,const unsigned char *expected, | |
17156 | + int n) | |
17157 | + { | |
17158 | + int i; | |
17159 | + | |
17160 | + for(i=0 ; i < n ; ++i) | |
17161 | + if(result[i] != expected[i]) | |
17162 | + { | |
17163 | + puts("Random test failed, got:"); | |
17164 | + dump(result,n); | |
17165 | + puts("\n expected:"); | |
17166 | + dump(expected,n); | |
17167 | + putchar('\n'); | |
17168 | + EXIT(1); | |
17169 | + } | |
17170 | + } | |
17171 | + | |
17172 | + | |
17173 | +static void run_test(const unsigned char *key, int keylen, | |
17174 | + const AES_PRNG_MCT *tv) | |
17175 | + { | |
17176 | + unsigned char buf[16], dt[16]; | |
17177 | + int i, j; | |
17178 | + FIPS_x931_reset(); | |
17179 | + FIPS_x931_test_mode(); | |
17180 | + FIPS_x931_set_key(key, keylen); | |
17181 | + FIPS_x931_seed(tv->V, 16); | |
17182 | + memcpy(dt, tv->DT, 16); | |
17183 | + for (i = 0; i < 10000; i++) | |
17184 | + { | |
17185 | + FIPS_x931_set_dt(dt); | |
17186 | + FIPS_x931_bytes(buf, 16); | |
17187 | + /* Increment DT */ | |
17188 | + for (j = 15; j >= 0; j--) | |
17189 | + { | |
17190 | + dt[j]++; | |
17191 | + if (dt[j]) | |
17192 | + break; | |
17193 | + } | |
17194 | + } | |
17195 | + | |
17196 | + compare(buf,tv->R, 16); | |
17197 | + } | |
17198 | + | |
17199 | +int main() | |
17200 | + { | |
17201 | + run_test(aes_128_mct_key, 16, &aes_128_mct_tv); | |
17202 | + printf("FIPS PRNG test 1 done\n"); | |
17203 | + run_test(aes_192_mct_key, 24, &aes_192_mct_tv); | |
17204 | + printf("FIPS PRNG test 2 done\n"); | |
17205 | + run_test(aes_256_mct_key, 32, &aes_256_mct_tv); | |
17206 | + printf("FIPS PRNG test 3 done\n"); | |
17207 | + return 0; | |
17208 | + } | |
17209 | + | |
17210 | +#endif | |
a7ff9508 MT |
17211 | diff -up openssl-1.0.1b/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_rsa_selftest.c |
17212 | --- openssl-1.0.1b/crypto/fips/fips_rsa_selftest.c.fips 2012-04-26 18:00:51.407769451 +0200 | |
17213 | +++ openssl-1.0.1b/crypto/fips/fips_rsa_selftest.c 2012-04-26 18:00:51.407769451 +0200 | |
0595faf5 MT |
17214 | @@ -0,0 +1,444 @@ |
17215 | +/* ==================================================================== | |
17216 | + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. | |
17217 | + * | |
17218 | + * Redistribution and use in source and binary forms, with or without | |
17219 | + * modification, are permitted provided that the following conditions | |
17220 | + * are met: | |
17221 | + * | |
17222 | + * 1. Redistributions of source code must retain the above copyright | |
17223 | + * notice, this list of conditions and the following disclaimer. | |
17224 | + * | |
17225 | + * 2. Redistributions in binary form must reproduce the above copyright | |
17226 | + * notice, this list of conditions and the following disclaimer in | |
17227 | + * the documentation and/or other materials provided with the | |
17228 | + * distribution. | |
17229 | + * | |
17230 | + * 3. All advertising materials mentioning features or use of this | |
17231 | + * software must display the following acknowledgment: | |
17232 | + * "This product includes software developed by the OpenSSL Project | |
17233 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
17234 | + * | |
17235 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
17236 | + * endorse or promote products derived from this software without | |
17237 | + * prior written permission. For written permission, please contact | |
17238 | + * openssl-core@openssl.org. | |
17239 | + * | |
17240 | + * 5. Products derived from this software may not be called "OpenSSL" | |
17241 | + * nor may "OpenSSL" appear in their names without prior written | |
17242 | + * permission of the OpenSSL Project. | |
17243 | + * | |
17244 | + * 6. Redistributions of any form whatsoever must retain the following | |
17245 | + * acknowledgment: | |
17246 | + * "This product includes software developed by the OpenSSL Project | |
17247 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
17248 | + * | |
17249 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
17250 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
17251 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
17252 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
17253 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
17254 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
17255 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
17256 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
17257 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
17258 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
17259 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
17260 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
17261 | + * | |
17262 | + */ | |
17263 | + | |
17264 | +#include <string.h> | |
17265 | +#include <openssl/err.h> | |
17266 | +#ifdef OPENSSL_FIPS | |
17267 | +#include <openssl/fips.h> | |
17268 | +#endif | |
17269 | +#include <openssl/rsa.h> | |
17270 | +#include <openssl/evp.h> | |
17271 | +#include <openssl/bn.h> | |
17272 | +#include <openssl/opensslconf.h> | |
17273 | + | |
17274 | +#ifdef OPENSSL_FIPS | |
17275 | + | |
17276 | +static const unsigned char n[] = | |
17277 | +"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" | |
17278 | +"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" | |
17279 | +"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" | |
17280 | +"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" | |
17281 | +"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" | |
17282 | +"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" | |
17283 | +"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" | |
17284 | +"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" | |
17285 | +"\xCB"; | |
17286 | + | |
17287 | +static int corrupt_rsa; | |
17288 | + | |
17289 | +static int setrsakey(RSA *key) | |
17290 | + { | |
17291 | + static const unsigned char e[] = "\x11"; | |
17292 | + | |
17293 | + static const unsigned char d[] = | |
17294 | +"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" | |
17295 | +"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" | |
17296 | +"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" | |
17297 | +"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" | |
17298 | +"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" | |
17299 | +"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" | |
17300 | +"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" | |
17301 | +"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" | |
17302 | +"\xC1"; | |
17303 | + | |
17304 | + static const unsigned char p[] = | |
17305 | +"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" | |
17306 | +"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" | |
17307 | +"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" | |
17308 | +"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" | |
17309 | +"\x99"; | |
17310 | + | |
17311 | + static const unsigned char q[] = | |
17312 | +"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" | |
17313 | +"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" | |
17314 | +"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" | |
17315 | +"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" | |
17316 | +"\x03"; | |
17317 | + | |
17318 | + static const unsigned char dmp1[] = | |
17319 | +"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" | |
17320 | +"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" | |
17321 | +"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" | |
17322 | +"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; | |
17323 | + | |
17324 | + static const unsigned char dmq1[] = | |
17325 | +"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" | |
17326 | +"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" | |
17327 | +"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" | |
17328 | +"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; | |
17329 | + | |
17330 | + static const unsigned char iqmp[] = | |
17331 | +"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" | |
17332 | +"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" | |
17333 | +"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" | |
17334 | +"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" | |
17335 | +"\xF7"; | |
17336 | + | |
17337 | + key->n = BN_bin2bn(n, sizeof(n)-1, key->n); | |
17338 | + if (corrupt_rsa) | |
17339 | + BN_set_bit(key->n, 1024); | |
17340 | + key->e = BN_bin2bn(e, sizeof(e)-1, key->e); | |
17341 | + key->d = BN_bin2bn(d, sizeof(d)-1, key->d); | |
17342 | + key->p = BN_bin2bn(p, sizeof(p)-1, key->p); | |
17343 | + key->q = BN_bin2bn(q, sizeof(q)-1, key->q); | |
17344 | + key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); | |
17345 | + key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); | |
17346 | + key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); | |
17347 | + return 1; | |
17348 | + } | |
17349 | + | |
17350 | +void FIPS_corrupt_rsa() | |
17351 | + { | |
17352 | + corrupt_rsa = 1; | |
17353 | + } | |
17354 | + | |
17355 | +/* Known Answer Test (KAT) data for the above RSA private key signing | |
17356 | + * kat_tbs. | |
17357 | + */ | |
17358 | + | |
17359 | +static const unsigned char kat_tbs[] = "OpenSSL FIPS 140-2 Public Key RSA KAT"; | |
17360 | + | |
17361 | +static const unsigned char kat_RSA_PSS_SHA1[] = { | |
17362 | + 0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9, 0x46, 0xDA, 0x0F, | |
17363 | + 0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D, 0xD2, 0x90, 0xBB, | |
17364 | + 0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C, 0xB7, 0xF8, 0xD3, | |
17365 | + 0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7, 0x83, 0xD5, 0x4C, | |
17366 | + 0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51, 0x60, 0xD0, 0xA7, | |
17367 | + 0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E, 0x3F, 0x9B, 0xF5, | |
17368 | + 0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47, 0xF0, 0xC5, 0x45, | |
17369 | + 0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F, 0xF8, 0xB7, 0x31, | |
17370 | + 0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB, 0x9F, 0xBA, 0xE8, | |
17371 | + 0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E, 0x20, 0x25, 0x84, | |
17372 | + 0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9 | |
17373 | +}; | |
17374 | + | |
17375 | +static const unsigned char kat_RSA_PSS_SHA224[] = { | |
17376 | + 0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF, 0xC5, 0x58, 0xA7, | |
17377 | + 0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98, 0x08, 0x95, 0xFA, | |
17378 | + 0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87, 0x7B, 0x1F, 0x57, | |
17379 | + 0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55, 0x54, 0x1C, 0x89, | |
17380 | + 0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC, 0x86, 0x05, 0xEE, | |
17381 | + 0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64, 0x0B, 0xAB, 0x22, | |
17382 | + 0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64, 0x62, 0xD1, 0xB5, | |
17383 | + 0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA, 0x38, 0x24, 0x49, | |
17384 | + 0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5, 0x03, 0xEA, 0x2D, | |
17385 | + 0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF, 0x95, 0xC0, 0x00, | |
17386 | + 0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0 | |
17387 | +}; | |
17388 | + | |
17389 | +static const unsigned char kat_RSA_PSS_SHA256[] = { | |
17390 | + 0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0, 0x31, 0xE3, 0x89, | |
17391 | + 0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25, 0x9A, 0xF3, 0x8F, | |
17392 | + 0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D, 0x7D, 0x73, 0x28, | |
17393 | + 0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3, 0x96, 0x73, 0x4E, | |
17394 | + 0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D, 0x49, 0x47, 0x05, | |
17395 | + 0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D, 0x6D, 0x26, 0xBA, | |
17396 | + 0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A, 0xF3, 0xDA, 0xB6, | |
17397 | + 0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F, 0x56, 0xCD, 0x9F, | |
17398 | + 0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47, 0x12, 0xE4, 0x6D, | |
17399 | + 0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E, 0x49, 0xB9, 0xF6, | |
17400 | + 0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C | |
17401 | +}; | |
17402 | + | |
17403 | +static const unsigned char kat_RSA_PSS_SHA384[] = { | |
17404 | + 0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4, 0x31, 0xA8, 0xF2, | |
17405 | + 0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57, 0x45, 0xCD, 0x5E, | |
17406 | + 0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71, 0x44, 0x9A, 0xCD, | |
17407 | + 0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F, 0x78, 0x23, 0x7F, | |
17408 | + 0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31, 0xDC, 0x42, 0x6C, | |
17409 | + 0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3, 0xAC, 0x4F, 0xFB, | |
17410 | + 0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF, 0xD9, 0x3D, 0x2F, | |
17411 | + 0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32, 0xAD, 0x42, 0x89, | |
17412 | + 0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87, 0x1F, 0xCA, 0x6F, | |
17413 | + 0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E, 0x60, 0xF4, 0x55, | |
17414 | + 0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1 | |
17415 | +}; | |
17416 | + | |
17417 | +static const unsigned char kat_RSA_PSS_SHA512[] = { | |
17418 | + 0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57, 0xAE, 0x63, 0x8C, | |
17419 | + 0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F, 0x12, 0x53, 0x9A, | |
17420 | + 0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51, 0xED, 0x9E, 0xDD, | |
17421 | + 0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60, 0x79, 0x23, 0x39, | |
17422 | + 0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67, 0x5F, 0xFE, 0xD7, | |
17423 | + 0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D, 0x78, 0x55, 0x61, | |
17424 | + 0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20, 0xB0, 0x85, 0x13, | |
17425 | + 0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A, 0x6A, 0x39, 0x63, | |
17426 | + 0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF, 0xF4, 0xA8, 0xFE, | |
17427 | + 0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F, 0x80, 0xC2, 0x88, | |
17428 | + 0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B | |
17429 | +}; | |
17430 | + | |
17431 | +static const unsigned char kat_RSA_SHA1[] = { | |
17432 | + 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C, | |
17433 | + 0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B, | |
17434 | + 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55, 0x77, 0x90, 0xCF, | |
17435 | + 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8, | |
17436 | + 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1, | |
17437 | + 0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA, | |
17438 | + 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E, 0xCA, 0x2E, 0x4E, | |
17439 | + 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F, | |
17440 | + 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F, | |
17441 | + 0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95, | |
17442 | + 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4 | |
17443 | +}; | |
17444 | + | |
17445 | +static const unsigned char kat_RSA_SHA224[] = { | |
17446 | + 0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB, 0xB7, 0x15, 0xF9, | |
17447 | + 0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0, 0xA9, 0x18, 0x8D, | |
17448 | + 0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5, 0x1A, 0xC5, 0x89, | |
17449 | + 0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30, 0x2C, 0x9E, 0xCD, | |
17450 | + 0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6, 0x45, 0x41, 0xE5, | |
17451 | + 0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E, 0x0B, 0xA9, 0xCC, | |
17452 | + 0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84, 0x02, 0xC6, 0x3B, | |
17453 | + 0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91, 0x28, 0x3E, 0xB2, | |
17454 | + 0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0, 0x66, 0xE6, 0x35, | |
17455 | + 0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77, 0x82, 0xE6, 0xDC, | |
17456 | + 0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D | |
17457 | +}; | |
17458 | + | |
17459 | +static const unsigned char kat_RSA_SHA256[] = { | |
17460 | + 0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05, 0x17, 0xA5, 0x23, | |
17461 | + 0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20, 0x7B, 0xAA, 0x23, | |
17462 | + 0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE, 0xAD, 0x6F, 0x35, | |
17463 | + 0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17, 0x58, 0xB2, 0x6E, | |
17464 | + 0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A, 0x90, 0x2D, 0x18, | |
17465 | + 0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58, 0x7A, 0x91, 0x30, | |
17466 | + 0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF, 0xE2, 0x80, 0x3A, | |
17467 | + 0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE, 0x81, 0xA6, 0x38, | |
17468 | + 0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C, 0xEE, 0xD1, 0xDA, | |
17469 | + 0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1, 0x90, 0x27, 0x90, | |
17470 | + 0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A | |
17471 | +}; | |
17472 | + | |
17473 | +static const unsigned char kat_RSA_SHA384[] = { | |
17474 | + 0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27, 0xEF, 0xE6, 0x1F, | |
17475 | + 0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63, 0x56, 0x47, 0xC7, | |
17476 | + 0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA, 0xFA, 0x5D, 0x5C, | |
17477 | + 0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D, 0xA9, 0xA6, 0x55, | |
17478 | + 0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28, 0x7F, 0xB6, 0xCF, | |
17479 | + 0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19, 0x2B, 0x30, 0xC2, | |
17480 | + 0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2, 0x7D, 0xEB, 0x8C, | |
17481 | + 0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F, 0x8B, 0x9C, 0xCD, | |
17482 | + 0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0, 0x8F, 0x99, 0xF1, | |
17483 | + 0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E, 0x37, 0xDC, 0x04, | |
17484 | + 0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF | |
17485 | +}; | |
17486 | + | |
17487 | +static const unsigned char kat_RSA_SHA512[] = { | |
17488 | + 0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16, 0x51, 0x5D, 0xCF, | |
17489 | + 0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40, 0xF8, 0xB2, 0x9A, | |
17490 | + 0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82, 0x6B, 0x32, 0xF1, | |
17491 | + 0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C, 0x54, 0x9F, 0xD8, | |
17492 | + 0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6, 0x53, 0x62, 0xB5, | |
17493 | + 0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4, 0x75, 0x92, 0x6B, | |
17494 | + 0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B, 0x1D, 0x47, 0xE6, | |
17495 | + 0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16, 0x63, 0x84, 0x05, | |
17496 | + 0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64, 0x71, 0xE0, 0x2D, | |
17497 | + 0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB, 0x98, 0x65, 0x91, | |
17498 | + 0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84 | |
17499 | +}; | |
17500 | + | |
17501 | +static const unsigned char kat_RSA_X931_SHA1[] = { | |
17502 | + 0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42, 0x45, 0x4D, 0xDF, | |
17503 | + 0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD, 0xC4, 0xB2, 0x75, | |
17504 | + 0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E, 0x14, 0xB8, 0xAC, | |
17505 | + 0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04, 0xEE, 0xA9, 0x97, | |
17506 | + 0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B, 0x38, 0xBE, 0xD6, | |
17507 | + 0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1, 0x1A, 0x11, 0x19, | |
17508 | + 0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63, 0x0C, 0x59, 0xD7, | |
17509 | + 0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D, 0x24, 0x1C, 0x99, | |
17510 | + 0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB, 0xEA, 0xED, 0x76, | |
17511 | + 0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84, 0x1C, 0xB3, 0x67, | |
17512 | + 0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49 | |
17513 | +}; | |
17514 | + | |
17515 | +static const unsigned char kat_RSA_X931_SHA256[] = { | |
17516 | + 0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F, 0x64, 0x54, 0x89, | |
17517 | + 0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58, 0x92, 0x1C, 0xDD, | |
17518 | + 0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05, 0x95, 0x73, 0xCF, | |
17519 | + 0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8, 0x7B, 0xC8, 0x9B, | |
17520 | + 0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13, 0xB8, 0xF0, 0x4B, | |
17521 | + 0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4, 0x38, 0x0E, 0x98, | |
17522 | + 0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E, 0x59, 0x01, 0xEC, | |
17523 | + 0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46, 0x8D, 0xA0, 0x8C, | |
17524 | + 0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35, 0xA1, 0x42, 0xBD, | |
17525 | + 0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86, 0xF0, 0x5B, 0xDC, | |
17526 | + 0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80 | |
17527 | +}; | |
17528 | + | |
17529 | +static const unsigned char kat_RSA_X931_SHA384[] = { | |
17530 | + 0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB, 0x7B, 0xEC, 0x7B, | |
17531 | + 0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7, 0x39, 0x37, 0xCB, | |
17532 | + 0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9, 0xBE, 0x2E, 0xE3, | |
17533 | + 0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7, 0x4A, 0x63, 0xF6, | |
17534 | + 0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99, 0x66, 0xEE, 0x31, | |
17535 | + 0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E, 0x6D, 0x8D, 0xF1, | |
17536 | + 0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0, 0x60, 0x41, 0x79, | |
17537 | + 0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34, 0xD5, 0x7C, 0xFF, | |
17538 | + 0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5, 0x12, 0x44, 0x35, | |
17539 | + 0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5, 0xDC, 0xC6, 0x6D, | |
17540 | + 0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28 | |
17541 | +}; | |
17542 | + | |
17543 | +static const unsigned char kat_RSA_X931_SHA512[] = { | |
17544 | + 0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64, 0x3A, 0xC1, 0x63, | |
17545 | + 0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1, 0xD9, 0xDA, 0xAC, | |
17546 | + 0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05, 0x9E, 0x77, 0xD7, | |
17547 | + 0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E, 0xF9, 0x14, 0x28, | |
17548 | + 0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA, 0xC7, 0xF8, 0xC5, | |
17549 | + 0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34, 0x53, 0xD2, 0xAF, | |
17550 | + 0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10, 0xE0, 0xF6, 0xD0, | |
17551 | + 0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F, 0x46, 0x5F, 0x09, | |
17552 | + 0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04, 0x2D, 0xFB, 0x7C, | |
17553 | + 0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11, 0x30, 0x71, 0x1B, | |
17554 | + 0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3 | |
17555 | +}; | |
17556 | + | |
17557 | + | |
17558 | +int FIPS_selftest_rsa() | |
17559 | + { | |
17560 | + int ret = 0; | |
17561 | + RSA *key; | |
17562 | + EVP_PKEY *pk = NULL; | |
17563 | + | |
17564 | + if ((key=RSA_new()) == NULL) | |
17565 | + goto err; | |
17566 | + setrsakey(key); | |
17567 | + if ((pk=EVP_PKEY_new()) == NULL) | |
17568 | + goto err; | |
17569 | + | |
17570 | + EVP_PKEY_assign_RSA(pk, key); | |
17571 | + | |
17572 | + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, | |
17573 | + kat_RSA_SHA1, sizeof(kat_RSA_SHA1), | |
17574 | + EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, | |
17575 | + "RSA SHA1 PKCS#1")) | |
17576 | + goto err; | |
17577 | + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, | |
17578 | + kat_RSA_SHA224, sizeof(kat_RSA_SHA224), | |
17579 | + EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PKCS1, | |
17580 | + "RSA SHA224 PKCS#1")) | |
17581 | + goto err; | |
17582 | + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, | |
17583 | + kat_RSA_SHA256, sizeof(kat_RSA_SHA256), | |
17584 | + EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PKCS1, | |
17585 | + "RSA SHA256 PKCS#1")) | |
17586 | + goto err; | |
17587 | + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, | |
17588 | + kat_RSA_SHA384, sizeof(kat_RSA_SHA384), | |
17589 | + EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PKCS1, | |
17590 | + "RSA SHA384 PKCS#1")) | |
17591 | + goto err; | |
17592 | + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, | |
17593 | + kat_RSA_SHA512, sizeof(kat_RSA_SHA512), | |
17594 | + EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PKCS1, | |
17595 | + "RSA SHA512 PKCS#1")) | |
17596 | + goto err; | |
17597 | + | |
17598 | + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, | |
17599 | + kat_RSA_PSS_SHA1, sizeof(kat_RSA_PSS_SHA1), | |
17600 | + EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, | |
17601 | + "RSA SHA1 PSS")) | |
17602 | + goto err; | |
17603 | + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, | |
17604 | + kat_RSA_PSS_SHA224, sizeof(kat_RSA_PSS_SHA224), | |
17605 | + EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PSS, | |
17606 | + "RSA SHA224 PSS")) | |
17607 | + goto err; | |
17608 | + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, | |
17609 | + kat_RSA_PSS_SHA256, sizeof(kat_RSA_PSS_SHA256), | |
17610 | + EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PSS, | |
17611 | + "RSA SHA256 PSS")) | |
17612 | + goto err; | |
17613 | + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, | |
17614 | + kat_RSA_PSS_SHA384, sizeof(kat_RSA_PSS_SHA384), | |
17615 | + EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PSS, | |
17616 | + "RSA SHA384 PSS")) | |
17617 | + goto err; | |
17618 | + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, | |
17619 | + kat_RSA_PSS_SHA512, sizeof(kat_RSA_PSS_SHA512), | |
17620 | + EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PSS, | |
17621 | + "RSA SHA512 PSS")) | |
17622 | + goto err; | |
17623 | + | |
17624 | + | |
17625 | + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, | |
17626 | + kat_RSA_X931_SHA1, sizeof(kat_RSA_X931_SHA1), | |
17627 | + EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, | |
17628 | + "RSA SHA1 X931")) | |
17629 | + goto err; | |
17630 | + /* NB: SHA224 not supported in X9.31 */ | |
17631 | + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, | |
17632 | + kat_RSA_X931_SHA256, sizeof(kat_RSA_X931_SHA256), | |
17633 | + EVP_sha256(), EVP_MD_CTX_FLAG_PAD_X931, | |
17634 | + "RSA SHA256 X931")) | |
17635 | + goto err; | |
17636 | + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, | |
17637 | + kat_RSA_X931_SHA384, sizeof(kat_RSA_X931_SHA384), | |
17638 | + EVP_sha384(), EVP_MD_CTX_FLAG_PAD_X931, | |
17639 | + "RSA SHA384 X931")) | |
17640 | + goto err; | |
17641 | + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, | |
17642 | + kat_RSA_X931_SHA512, sizeof(kat_RSA_X931_SHA512), | |
17643 | + EVP_sha512(), EVP_MD_CTX_FLAG_PAD_X931, | |
17644 | + "RSA SHA512 X931")) | |
17645 | + goto err; | |
17646 | + | |
17647 | + | |
17648 | + ret = 1; | |
17649 | + | |
17650 | + err: | |
17651 | + if (pk) | |
17652 | + EVP_PKEY_free(pk); | |
17653 | + else if (key) | |
17654 | + RSA_free(key); | |
17655 | + return ret; | |
17656 | + } | |
17657 | + | |
17658 | +#endif /* def OPENSSL_FIPS */ | |
a7ff9508 MT |
17659 | diff -up openssl-1.0.1b/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1b/crypto/fips/fips_rsa_x931g.c |
17660 | --- openssl-1.0.1b/crypto/fips/fips_rsa_x931g.c.fips 2012-04-26 18:00:51.408769474 +0200 | |
17661 | +++ openssl-1.0.1b/crypto/fips/fips_rsa_x931g.c 2012-04-26 18:00:51.408769474 +0200 | |
0595faf5 MT |
17662 | @@ -0,0 +1,282 @@ |
17663 | +/* crypto/rsa/rsa_gen.c */ | |
17664 | +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | |
17665 | + * All rights reserved. | |
17666 | + * | |
17667 | + * This package is an SSL implementation written | |
17668 | + * by Eric Young (eay@cryptsoft.com). | |
17669 | + * The implementation was written so as to conform with Netscapes SSL. | |
17670 | + * | |
17671 | + * This library is free for commercial and non-commercial use as long as | |
17672 | + * the following conditions are aheared to. The following conditions | |
17673 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
17674 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
17675 | + * included with this distribution is covered by the same copyright terms | |
17676 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
17677 | + * | |
17678 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
17679 | + * the code are not to be removed. | |
17680 | + * If this package is used in a product, Eric Young should be given attribution | |
17681 | + * as the author of the parts of the library used. | |
17682 | + * This can be in the form of a textual message at program startup or | |
17683 | + * in documentation (online or textual) provided with the package. | |
17684 | + * | |
17685 | + * Redistribution and use in source and binary forms, with or without | |
17686 | + * modification, are permitted provided that the following conditions | |
17687 | + * are met: | |
17688 | + * 1. Redistributions of source code must retain the copyright | |
17689 | + * notice, this list of conditions and the following disclaimer. | |
17690 | + * 2. Redistributions in binary form must reproduce the above copyright | |
17691 | + * notice, this list of conditions and the following disclaimer in the | |
17692 | + * documentation and/or other materials provided with the distribution. | |
17693 | + * 3. All advertising materials mentioning features or use of this software | |
17694 | + * must display the following acknowledgement: | |
17695 | + * "This product includes cryptographic software written by | |
17696 | + * Eric Young (eay@cryptsoft.com)" | |
17697 | + * The word 'cryptographic' can be left out if the rouines from the library | |
17698 | + * being used are not cryptographic related :-). | |
17699 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
17700 | + * the apps directory (application code) you must include an acknowledgement: | |
17701 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
17702 | + * | |
17703 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
17704 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
17705 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
17706 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
17707 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
17708 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
17709 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
17710 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
17711 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
17712 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
17713 | + * SUCH DAMAGE. | |
17714 | + * | |
17715 | + * The licence and distribution terms for any publically available version or | |
17716 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
17717 | + * copied and put under another distribution licence | |
17718 | + * [including the GNU Public Licence.] | |
17719 | + */ | |
17720 | + | |
17721 | +#include <stdio.h> | |
17722 | +#include <string.h> | |
17723 | +#include <time.h> | |
17724 | +#include <openssl/err.h> | |
17725 | +#include <openssl/bn.h> | |
17726 | +#include <openssl/rsa.h> | |
17727 | +#ifdef OPENSSL_FIPS | |
17728 | +#include <openssl/fips.h> | |
17729 | + | |
17730 | +extern int fips_check_rsa(RSA *rsa); | |
17731 | +#endif | |
17732 | + | |
17733 | +/* X9.31 RSA key derivation and generation */ | |
17734 | + | |
17735 | +int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, | |
17736 | + const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, | |
17737 | + const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, | |
17738 | + const BIGNUM *e, BN_GENCB *cb) | |
17739 | + { | |
17740 | + BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL; | |
17741 | + BN_CTX *ctx=NULL,*ctx2=NULL; | |
17742 | + | |
17743 | + if (!rsa) | |
17744 | + goto err; | |
17745 | + | |
17746 | + ctx = BN_CTX_new(); | |
17747 | + if (!ctx) | |
17748 | + goto err; | |
17749 | + BN_CTX_start(ctx); | |
17750 | + | |
17751 | + r0 = BN_CTX_get(ctx); | |
17752 | + r1 = BN_CTX_get(ctx); | |
17753 | + r2 = BN_CTX_get(ctx); | |
17754 | + r3 = BN_CTX_get(ctx); | |
17755 | + | |
17756 | + if (r3 == NULL) | |
17757 | + goto err; | |
17758 | + if (!rsa->e) | |
17759 | + { | |
17760 | + rsa->e = BN_dup(e); | |
17761 | + if (!rsa->e) | |
17762 | + goto err; | |
17763 | + } | |
17764 | + else | |
17765 | + e = rsa->e; | |
17766 | + | |
17767 | + /* If not all parameters present only calculate what we can. | |
17768 | + * This allows test programs to output selective parameters. | |
17769 | + */ | |
17770 | + | |
17771 | + if (Xp && !rsa->p) | |
17772 | + { | |
17773 | + rsa->p = BN_new(); | |
17774 | + if (!rsa->p) | |
17775 | + goto err; | |
17776 | + | |
17777 | + if (!BN_X931_derive_prime_ex(rsa->p, p1, p2, | |
17778 | + Xp, Xp1, Xp2, e, ctx, cb)) | |
17779 | + goto err; | |
17780 | + } | |
17781 | + | |
17782 | + if (Xq && !rsa->q) | |
17783 | + { | |
17784 | + rsa->q = BN_new(); | |
17785 | + if (!rsa->q) | |
17786 | + goto err; | |
17787 | + if (!BN_X931_derive_prime_ex(rsa->q, q1, q2, | |
17788 | + Xq, Xq1, Xq2, e, ctx, cb)) | |
17789 | + goto err; | |
17790 | + } | |
17791 | + | |
17792 | + if (!rsa->p || !rsa->q) | |
17793 | + { | |
17794 | + BN_CTX_end(ctx); | |
17795 | + BN_CTX_free(ctx); | |
17796 | + return 2; | |
17797 | + } | |
17798 | + | |
17799 | + /* Since both primes are set we can now calculate all remaining | |
17800 | + * components. | |
17801 | + */ | |
17802 | + | |
17803 | + /* calculate n */ | |
17804 | + rsa->n=BN_new(); | |
17805 | + if (rsa->n == NULL) | |
17806 | + goto err; | |
17807 | + if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) | |
17808 | + goto err; | |
17809 | + | |
17810 | + /* calculate d */ | |
17811 | + if (!BN_sub(r1,rsa->p,BN_value_one())) | |
17812 | + goto err; /* p-1 */ | |
17813 | + if (!BN_sub(r2,rsa->q,BN_value_one())) | |
17814 | + goto err; /* q-1 */ | |
17815 | + if (!BN_mul(r0,r1,r2,ctx)) | |
17816 | + goto err; /* (p-1)(q-1) */ | |
17817 | + | |
17818 | + if (!BN_gcd(r3, r1, r2, ctx)) | |
17819 | + goto err; | |
17820 | + | |
17821 | + if (!BN_div(r0, NULL, r0, r3, ctx)) | |
17822 | + goto err; /* LCM((p-1)(q-1)) */ | |
17823 | + | |
17824 | + ctx2 = BN_CTX_new(); | |
17825 | + if (!ctx2) | |
17826 | + goto err; | |
17827 | + | |
17828 | + rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */ | |
17829 | + if (rsa->d == NULL) | |
17830 | + goto err; | |
17831 | + | |
17832 | + /* calculate d mod (p-1) */ | |
17833 | + rsa->dmp1=BN_new(); | |
17834 | + if (rsa->dmp1 == NULL) | |
17835 | + goto err; | |
17836 | + if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) | |
17837 | + goto err; | |
17838 | + | |
17839 | + /* calculate d mod (q-1) */ | |
17840 | + rsa->dmq1=BN_new(); | |
17841 | + if (rsa->dmq1 == NULL) | |
17842 | + goto err; | |
17843 | + if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) | |
17844 | + goto err; | |
17845 | + | |
17846 | + /* calculate inverse of q mod p */ | |
17847 | + rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2); | |
17848 | + | |
17849 | + err: | |
17850 | + if (ctx) | |
17851 | + { | |
17852 | + BN_CTX_end(ctx); | |
17853 | + BN_CTX_free(ctx); | |
17854 | + } | |
17855 | + if (ctx2) | |
17856 | + BN_CTX_free(ctx2); | |
17857 | + /* If this is set all calls successful */ | |
17858 | + if (rsa && rsa->iqmp != NULL) | |
17859 | + return 1; | |
17860 | + | |
17861 | + return 0; | |
17862 | + | |
17863 | + } | |
17864 | + | |
17865 | +int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb) | |
17866 | + { | |
17867 | + int ok = 0; | |
17868 | + BIGNUM *Xp = NULL, *Xq = NULL; | |
17869 | + BN_CTX *ctx = NULL; | |
17870 | + | |
17871 | +#ifdef OPENSSL_FIPS | |
17872 | + if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && | |
17873 | + (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) | |
17874 | + { | |
17875 | + FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT); | |
17876 | + return 0; | |
17877 | + } | |
17878 | + | |
17879 | + if (bits & 0xff) | |
17880 | + { | |
17881 | + FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_INVALID_KEY_LENGTH); | |
17882 | + return 0; | |
17883 | + } | |
17884 | + | |
17885 | + if(FIPS_selftest_failed()) | |
17886 | + { | |
17887 | + FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST_FAILED); | |
17888 | + return 0; | |
17889 | + } | |
17890 | +#endif | |
17891 | + | |
17892 | + ctx = BN_CTX_new(); | |
17893 | + if (!ctx) | |
17894 | + goto error; | |
17895 | + | |
17896 | + BN_CTX_start(ctx); | |
17897 | + Xp = BN_CTX_get(ctx); | |
17898 | + Xq = BN_CTX_get(ctx); | |
17899 | + if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx)) | |
17900 | + goto error; | |
17901 | + | |
17902 | + rsa->p = BN_new(); | |
17903 | + rsa->q = BN_new(); | |
17904 | + if (!rsa->p || !rsa->q) | |
17905 | + goto error; | |
17906 | + | |
17907 | + /* Generate two primes from Xp, Xq */ | |
17908 | + | |
17909 | + if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp, | |
17910 | + e, ctx, cb)) | |
17911 | + goto error; | |
17912 | + | |
17913 | + if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq, | |
17914 | + e, ctx, cb)) | |
17915 | + goto error; | |
17916 | + | |
17917 | + /* Since rsa->p and rsa->q are valid this call will just derive | |
17918 | + * remaining RSA components. | |
17919 | + */ | |
17920 | + | |
17921 | + if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL, | |
17922 | + NULL, NULL, NULL, NULL, NULL, NULL, e, cb)) | |
17923 | + goto error; | |
17924 | + | |
17925 | +#ifdef OPENSSL_FIPS | |
17926 | + if(!fips_check_rsa(rsa)) | |
17927 | + goto error; | |
17928 | +#endif | |
17929 | + | |
17930 | + ok = 1; | |
17931 | + | |
17932 | + error: | |
17933 | + if (ctx) | |
17934 | + { | |
17935 | + BN_CTX_end(ctx); | |
17936 | + BN_CTX_free(ctx); | |
17937 | + } | |
17938 | + | |
17939 | + if (ok) | |
17940 | + return 1; | |
17941 | + | |
17942 | + return 0; | |
17943 | + | |
17944 | + } | |
a7ff9508 MT |
17945 | diff -up openssl-1.0.1b/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_sha_selftest.c |
17946 | --- openssl-1.0.1b/crypto/fips/fips_sha_selftest.c.fips 2012-04-26 18:00:51.408769474 +0200 | |
17947 | +++ openssl-1.0.1b/crypto/fips/fips_sha_selftest.c 2012-04-26 18:00:51.408769474 +0200 | |
0595faf5 MT |
17948 | @@ -0,0 +1,140 @@ |
17949 | +/* ==================================================================== | |
17950 | + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. | |
17951 | + * | |
17952 | + * Redistribution and use in source and binary forms, with or without | |
17953 | + * modification, are permitted provided that the following conditions | |
17954 | + * are met: | |
17955 | + * | |
17956 | + * 1. Redistributions of source code must retain the above copyright | |
17957 | + * notice, this list of conditions and the following disclaimer. | |
17958 | + * | |
17959 | + * 2. Redistributions in binary form must reproduce the above copyright | |
17960 | + * notice, this list of conditions and the following disclaimer in | |
17961 | + * the documentation and/or other materials provided with the | |
17962 | + * distribution. | |
17963 | + * | |
17964 | + * 3. All advertising materials mentioning features or use of this | |
17965 | + * software must display the following acknowledgment: | |
17966 | + * "This product includes software developed by the OpenSSL Project | |
17967 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
17968 | + * | |
17969 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
17970 | + * endorse or promote products derived from this software without | |
17971 | + * prior written permission. For written permission, please contact | |
17972 | + * openssl-core@openssl.org. | |
17973 | + * | |
17974 | + * 5. Products derived from this software may not be called "OpenSSL" | |
17975 | + * nor may "OpenSSL" appear in their names without prior written | |
17976 | + * permission of the OpenSSL Project. | |
17977 | + * | |
17978 | + * 6. Redistributions of any form whatsoever must retain the following | |
17979 | + * acknowledgment: | |
17980 | + * "This product includes software developed by the OpenSSL Project | |
17981 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
17982 | + * | |
17983 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
17984 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
17985 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
17986 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
17987 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
17988 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
17989 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
17990 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
17991 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
17992 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
17993 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
17994 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
17995 | + * | |
17996 | + */ | |
17997 | + | |
17998 | +#include <string.h> | |
17999 | +#include <openssl/err.h> | |
18000 | +#ifdef OPENSSL_FIPS | |
18001 | +#include <openssl/fips.h> | |
18002 | +#endif | |
18003 | +#include <openssl/evp.h> | |
18004 | +#include <openssl/sha.h> | |
18005 | + | |
18006 | +#ifdef OPENSSL_FIPS | |
18007 | +static const char test[][60]= | |
18008 | + { | |
18009 | + "", | |
18010 | + "abc", | |
18011 | + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" | |
18012 | + }; | |
18013 | + | |
18014 | +static const unsigned char ret[][SHA_DIGEST_LENGTH]= | |
18015 | + { | |
18016 | + { 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55, | |
18017 | + 0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 }, | |
18018 | + { 0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e, | |
18019 | + 0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d }, | |
18020 | + { 0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae, | |
18021 | + 0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 }, | |
18022 | + }; | |
18023 | + | |
18024 | +static int corrupt_sha; | |
18025 | + | |
18026 | +void FIPS_corrupt_sha1() | |
18027 | + { | |
18028 | + corrupt_sha = 1; | |
18029 | + } | |
18030 | + | |
18031 | +int FIPS_selftest_sha1() | |
18032 | + { | |
18033 | + int n; | |
18034 | + | |
18035 | + for(n=0 ; n<sizeof(test)/sizeof(test[0]) ; ++n) | |
18036 | + { | |
18037 | + unsigned char md[SHA_DIGEST_LENGTH]; | |
18038 | + | |
18039 | + EVP_Digest(test[n],strlen(test[n])+corrupt_sha,md, NULL, EVP_sha1(), NULL); | |
18040 | + if(memcmp(md,ret[n],sizeof md)) | |
18041 | + { | |
18042 | + FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED); | |
18043 | + return 0; | |
18044 | + } | |
18045 | + } | |
18046 | + return 1; | |
18047 | + } | |
18048 | + | |
18049 | +static const unsigned char msg_sha256[] = { 0xfa, 0x48, 0x59, 0x2a, 0xe1, 0xae, 0x1f, 0x30, | |
18050 | + 0xfc }; | |
18051 | +static const unsigned char dig_sha256[] = { 0xf7, 0x26, 0xd8, 0x98, 0x47, 0x91, 0x68, 0x5b, | |
18052 | + 0x9e, 0x39, 0xb2, 0x58, 0xbb, 0x75, 0xbf, 0x01, | |
18053 | + 0x17, 0x0c, 0x84, 0x00, 0x01, 0x7a, 0x94, 0x83, | |
18054 | + 0xf3, 0x0b, 0x15, 0x84, 0x4b, 0x69, 0x88, 0x8a }; | |
18055 | + | |
18056 | +static const unsigned char msg_sha512[] = { 0x37, 0xd1, 0x35, 0x9d, 0x18, 0x41, 0xe9, 0xb7, | |
18057 | + 0x6d, 0x9a, 0x13, 0xda, 0x5f, 0xf3, 0xbd }; | |
18058 | +static const unsigned char dig_sha512[] = { 0x11, 0x13, 0xc4, 0x19, 0xed, 0x2b, 0x1d, 0x16, | |
18059 | + 0x11, 0xeb, 0x9b, 0xbe, 0xf0, 0x7f, 0xcf, 0x44, | |
18060 | + 0x8b, 0xd7, 0x57, 0xbd, 0x8d, 0xa9, 0x25, 0xb0, | |
18061 | + 0x47, 0x25, 0xd6, 0x6c, 0x9a, 0x54, 0x7f, 0x8f, | |
18062 | + 0x0b, 0x53, 0x1a, 0x10, 0x68, 0x32, 0x03, 0x38, | |
18063 | + 0x82, 0xc4, 0x87, 0xc4, 0xea, 0x0e, 0xd1, 0x04, | |
18064 | + 0xa9, 0x98, 0xc1, 0x05, 0xa3, 0xf3, 0xf8, 0xb1, | |
18065 | + 0xaf, 0xbc, 0xd9, 0x78, 0x7e, 0xee, 0x3d, 0x43 }; | |
18066 | + | |
18067 | +int FIPS_selftest_sha2(void) | |
18068 | + { | |
18069 | + unsigned char md[SHA512_DIGEST_LENGTH]; | |
18070 | + | |
18071 | + EVP_Digest(msg_sha256, sizeof(msg_sha256), md, NULL, EVP_sha256(), NULL); | |
18072 | + if(memcmp(dig_sha256, md, sizeof(dig_sha256))) | |
18073 | + { | |
18074 | + FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED); | |
18075 | + return 0; | |
18076 | + } | |
18077 | + | |
18078 | + EVP_Digest(msg_sha512, sizeof(msg_sha512), md, NULL, EVP_sha512(), NULL); | |
18079 | + if(memcmp(dig_sha512, md, sizeof(dig_sha512))) | |
18080 | + { | |
18081 | + FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED); | |
18082 | + return 0; | |
18083 | + } | |
18084 | + | |
18085 | + return 1; | |
18086 | + } | |
18087 | + | |
18088 | +#endif | |
a7ff9508 MT |
18089 | diff -up openssl-1.0.1b/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1b/crypto/fips/fips_standalone_hmac.c |
18090 | --- openssl-1.0.1b/crypto/fips/fips_standalone_hmac.c.fips 2012-04-26 18:00:51.408769474 +0200 | |
18091 | +++ openssl-1.0.1b/crypto/fips/fips_standalone_hmac.c 2012-04-26 18:00:51.408769474 +0200 | |
0595faf5 MT |
18092 | @@ -0,0 +1,180 @@ |
18093 | +/* ==================================================================== | |
18094 | + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. | |
18095 | + * | |
18096 | + * Redistribution and use in source and binary forms, with or without | |
18097 | + * modification, are permitted provided that the following conditions | |
18098 | + * are met: | |
18099 | + * | |
18100 | + * 1. Redistributions of source code must retain the above copyright | |
18101 | + * notice, this list of conditions and the following disclaimer. | |
18102 | + * | |
18103 | + * 2. Redistributions in binary form must reproduce the above copyright | |
18104 | + * notice, this list of conditions and the following disclaimer in | |
18105 | + * the documentation and/or other materials provided with the | |
18106 | + * distribution. | |
18107 | + * | |
18108 | + * 3. All advertising materials mentioning features or use of this | |
18109 | + * software must display the following acknowledgment: | |
18110 | + * "This product includes software developed by the OpenSSL Project | |
18111 | + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
18112 | + * | |
18113 | + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
18114 | + * endorse or promote products derived from this software without | |
18115 | + * prior written permission. For written permission, please contact | |
18116 | + * openssl-core@openssl.org. | |
18117 | + * | |
18118 | + * 5. Products derived from this software may not be called "OpenSSL" | |
18119 | + * nor may "OpenSSL" appear in their names without prior written | |
18120 | + * permission of the OpenSSL Project. | |
18121 | + * | |
18122 | + * 6. Redistributions of any form whatsoever must retain the following | |
18123 | + * acknowledgment: | |
18124 | + * "This product includes software developed by the OpenSSL Project | |
18125 | + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
18126 | + * | |
18127 | + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
18128 | + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
18129 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
18130 | + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
18131 | + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
18132 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
18133 | + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
18134 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
18135 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
18136 | + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
18137 | + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
18138 | + * OF THE POSSIBILITY OF SUCH DAMAGE. | |
18139 | + * | |
18140 | + */ | |
18141 | + | |
18142 | +#include <stdio.h> | |
18143 | +#include <stdlib.h> | |
18144 | +#include <string.h> | |
18145 | +#include <openssl/opensslconf.h> | |
18146 | +#include <openssl/sha.h> | |
18147 | +#include <openssl/hmac.h> | |
18148 | + | |
18149 | +#ifndef FIPSCANISTER_O | |
18150 | +int FIPS_selftest_failed() { return 0; } | |
18151 | +void FIPS_selftest_check() {} | |
18152 | +void OPENSSL_cleanse(void *p,size_t len) {} | |
18153 | +#endif | |
18154 | + | |
18155 | +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ | |
18156 | + defined(__INTEL__) || \ | |
18157 | + defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) | |
18158 | + | |
18159 | +unsigned int OPENSSL_ia32cap_P[2]; | |
18160 | +#endif | |
18161 | + | |
18162 | +#ifdef OPENSSL_FIPS | |
18163 | + | |
18164 | +static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx, | |
18165 | + const char *key) | |
18166 | + { | |
18167 | + size_t len=strlen(key); | |
18168 | + int i; | |
18169 | + unsigned char keymd[HMAC_MAX_MD_CBLOCK]; | |
18170 | + unsigned char pad[HMAC_MAX_MD_CBLOCK]; | |
18171 | + | |
18172 | + if (len > SHA_CBLOCK) | |
18173 | + { | |
18174 | + SHA256_Init(md_ctx); | |
18175 | + SHA256_Update(md_ctx,key,len); | |
18176 | + SHA256_Final(keymd,md_ctx); | |
18177 | + len=SHA256_DIGEST_LENGTH; | |
18178 | + } | |
18179 | + else | |
18180 | + memcpy(keymd,key,len); | |
18181 | + memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len); | |
18182 | + | |
18183 | + for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++) | |
18184 | + pad[i]=0x36^keymd[i]; | |
18185 | + SHA256_Init(md_ctx); | |
18186 | + SHA256_Update(md_ctx,pad,SHA256_CBLOCK); | |
18187 | + | |
18188 | + for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++) | |
18189 | + pad[i]=0x5c^keymd[i]; | |
18190 | + SHA256_Init(o_ctx); | |
18191 | + SHA256_Update(o_ctx,pad,SHA256_CBLOCK); | |
18192 | + } | |
18193 | + | |
18194 | +static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx) | |
18195 | + { | |
18196 | + unsigned char buf[SHA256_DIGEST_LENGTH]; | |
18197 | + | |
18198 | + SHA256_Final(buf,md_ctx); | |
18199 | + SHA256_Update(o_ctx,buf,sizeof buf); | |
18200 | + SHA256_Final(md,o_ctx); | |
18201 | + } | |
18202 | + | |
18203 | +#endif | |
18204 | + | |
18205 | +int main(int argc,char **argv) | |
18206 | + { | |
18207 | +#ifdef OPENSSL_FIPS | |
18208 | + static char key[]="orboDeJITITejsirpADONivirpUkvarP"; | |
18209 | + int n,binary=0; | |
18210 | + | |
18211 | + if(argc < 2) | |
18212 | + { | |
18213 | + fprintf(stderr,"%s [<file>]+\n",argv[0]); | |
18214 | + exit(1); | |
18215 | + } | |
18216 | + | |
18217 | + n=1; | |
18218 | + if (!strcmp(argv[n],"-binary")) | |
18219 | + { | |
18220 | + n++; | |
18221 | + binary=1; /* emit binary fingerprint... */ | |
18222 | + } | |
18223 | + | |
18224 | + for(; n < argc ; ++n) | |
18225 | + { | |
18226 | + FILE *f=fopen(argv[n],"rb"); | |
18227 | + SHA256_CTX md_ctx,o_ctx; | |
18228 | + unsigned char md[SHA256_DIGEST_LENGTH]; | |
18229 | + int i; | |
18230 | + | |
18231 | + if(!f) | |
18232 | + { | |
18233 | + perror(argv[n]); | |
18234 | + exit(2); | |
18235 | + } | |
18236 | + | |
18237 | + hmac_init(&md_ctx,&o_ctx,key); | |
18238 | + for( ; ; ) | |
18239 | + { | |
18240 | + char buf[1024]; | |
18241 | + size_t l=fread(buf,1,sizeof buf,f); | |
18242 | + | |
18243 | + if(l == 0) | |
18244 | + { | |
18245 | + if(ferror(f)) | |
18246 | + { | |
18247 | + perror(argv[n]); | |
18248 | + exit(3); | |
18249 | + } | |
18250 | + else | |
18251 | + break; | |
18252 | + } | |
18253 | + SHA256_Update(&md_ctx,buf,l); | |
18254 | + } | |
18255 | + hmac_final(md,&md_ctx,&o_ctx); | |
18256 | + | |
18257 | + if (binary) | |
18258 | + { | |
18259 | + fwrite(md,SHA256_DIGEST_LENGTH,1,stdout); | |
18260 | + break; /* ... for single(!) file */ | |
18261 | + } | |
18262 | + | |
18263 | +/* printf("HMAC-SHA1(%s)= ",argv[n]); */ | |
18264 | + for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i) | |
18265 | + printf("%02x",md[i]); | |
18266 | + printf("\n"); | |
18267 | + } | |
18268 | +#endif | |
18269 | + return 0; | |
18270 | + } | |
18271 | + | |
18272 | + | |
a7ff9508 MT |
18273 | diff -up openssl-1.0.1b/crypto/fips/fips_test_suite.c.fips openssl-1.0.1b/crypto/fips/fips_test_suite.c |
18274 | --- openssl-1.0.1b/crypto/fips/fips_test_suite.c.fips 2012-04-26 18:00:51.408769474 +0200 | |
18275 | +++ openssl-1.0.1b/crypto/fips/fips_test_suite.c 2012-04-26 18:00:51.408769474 +0200 | |
0595faf5 MT |
18276 | @@ -0,0 +1,588 @@ |
18277 | +/* ==================================================================== | |
18278 | + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. | |
18279 | + * | |
18280 | + * | |
18281 | + * This command is intended as a test driver for the FIPS-140 testing | |
18282 | + * lab performing FIPS-140 validation. It demonstrates the use of the | |
18283 | + * OpenSSL library ito perform a variety of common cryptographic | |
18284 | + * functions. A power-up self test is demonstrated by deliberately | |
18285 | + * pointing to an invalid executable hash | |
18286 | + * | |
18287 | + * Contributed by Steve Marquess. | |
18288 | + * | |
18289 | + */ | |
18290 | +#include <stdio.h> | |
18291 | +#include <assert.h> | |
18292 | +#include <ctype.h> | |
18293 | +#include <string.h> | |
18294 | +#include <stdlib.h> | |
18295 | +#include <openssl/aes.h> | |
18296 | +#include <openssl/des.h> | |
18297 | +#include <openssl/rsa.h> | |
18298 | +#include <openssl/dsa.h> | |
18299 | +#include <openssl/dh.h> | |
18300 | +#include <openssl/hmac.h> | |
18301 | +#include <openssl/err.h> | |
18302 | + | |
18303 | +#include <openssl/bn.h> | |
18304 | +#include <openssl/rand.h> | |
18305 | +#include <openssl/sha.h> | |
18306 | + | |
18307 | + | |
18308 | +#ifndef OPENSSL_FIPS | |
18309 | +int main(int argc, char *argv[]) | |
18310 | + { | |
18311 | + printf("No FIPS support\n"); | |
18312 | + return(0); | |
18313 | + } | |
18314 | +#else | |
18315 | + | |
18316 | +#include <openssl/fips.h> | |
18317 | +#include "fips_utl.h" | |
18318 | + | |
18319 | +/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext | |
18320 | +*/ | |
18321 | +static int FIPS_aes_test(void) | |
18322 | + { | |
18323 | + int ret = 0; | |
18324 | + unsigned char pltmp[16]; | |
18325 | + unsigned char citmp[16]; | |
18326 | + unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16}; | |
18327 | + unsigned char plaintext[16] = "etaonrishdlcu"; | |
18328 | + EVP_CIPHER_CTX ctx; | |
18329 | + EVP_CIPHER_CTX_init(&ctx); | |
18330 | + if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0) | |
18331 | + goto err; | |
18332 | + EVP_Cipher(&ctx, citmp, plaintext, 16); | |
18333 | + if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0) | |
18334 | + goto err; | |
18335 | + EVP_Cipher(&ctx, pltmp, citmp, 16); | |
18336 | + if (memcmp(pltmp, plaintext, 16)) | |
18337 | + goto err; | |
18338 | + ret = 1; | |
18339 | + err: | |
18340 | + EVP_CIPHER_CTX_cleanup(&ctx); | |
18341 | + return ret; | |
18342 | + } | |
18343 | + | |
18344 | +static int FIPS_des3_test(void) | |
18345 | + { | |
18346 | + int ret = 0; | |
18347 | + unsigned char pltmp[8]; | |
18348 | + unsigned char citmp[8]; | |
18349 | + unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, | |
18350 | + 19,20,21,22,23,24}; | |
18351 | + unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' }; | |
18352 | + EVP_CIPHER_CTX ctx; | |
18353 | + EVP_CIPHER_CTX_init(&ctx); | |
18354 | + if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 1) <= 0) | |
18355 | + goto err; | |
18356 | + EVP_Cipher(&ctx, citmp, plaintext, 8); | |
18357 | + if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 0) <= 0) | |
18358 | + goto err; | |
18359 | + EVP_Cipher(&ctx, pltmp, citmp, 8); | |
18360 | + if (memcmp(pltmp, plaintext, 8)) | |
18361 | + goto err; | |
18362 | + ret = 1; | |
18363 | + err: | |
18364 | + EVP_CIPHER_CTX_cleanup(&ctx); | |
18365 | + return ret; | |
18366 | + } | |
18367 | + | |
18368 | +/* | |
18369 | + * DSA: generate keys and sign, verify input plaintext. | |
18370 | + */ | |
18371 | +static int FIPS_dsa_test(int bad) | |
18372 | + { | |
18373 | + DSA *dsa = NULL; | |
18374 | + EVP_PKEY pk; | |
18375 | + unsigned char dgst[] = "etaonrishdlc"; | |
18376 | + unsigned char buf[60]; | |
18377 | + unsigned int slen; | |
18378 | + int r = 0; | |
18379 | + EVP_MD_CTX mctx; | |
18380 | + | |
18381 | + ERR_clear_error(); | |
18382 | + EVP_MD_CTX_init(&mctx); | |
18383 | + dsa = DSA_new(); | |
18384 | + if (!dsa) | |
18385 | + goto end; | |
18386 | + if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL)) | |
18387 | + goto end; | |
18388 | + if (!DSA_generate_key(dsa)) | |
18389 | + goto end; | |
18390 | + if (bad) | |
18391 | + BN_add_word(dsa->pub_key, 1); | |
18392 | + | |
18393 | + pk.type = EVP_PKEY_DSA; | |
18394 | + pk.pkey.dsa = dsa; | |
18395 | + | |
18396 | + if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL)) | |
18397 | + goto end; | |
18398 | + if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1)) | |
18399 | + goto end; | |
18400 | + if (!EVP_SignFinal(&mctx, buf, &slen, &pk)) | |
18401 | + goto end; | |
18402 | + | |
18403 | + if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL)) | |
18404 | + goto end; | |
18405 | + if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1)) | |
18406 | + goto end; | |
18407 | + r = EVP_VerifyFinal(&mctx, buf, slen, &pk); | |
18408 | + end: | |
18409 | + EVP_MD_CTX_cleanup(&mctx); | |
18410 | + if (dsa) | |
18411 | + DSA_free(dsa); | |
18412 | + if (r != 1) | |
18413 | + return 0; | |
18414 | + return 1; | |
18415 | + } | |
18416 | + | |
18417 | +/* | |
18418 | + * RSA: generate keys and sign, verify input plaintext. | |
18419 | + */ | |
18420 | +static int FIPS_rsa_test(int bad) | |
18421 | + { | |
18422 | + RSA *key; | |
18423 | + unsigned char input_ptext[] = "etaonrishdlc"; | |
18424 | + unsigned char buf[256]; | |
18425 | + unsigned int slen; | |
18426 | + BIGNUM *bn; | |
18427 | + EVP_MD_CTX mctx; | |
18428 | + EVP_PKEY pk; | |
18429 | + int r = 0; | |
18430 | + | |
18431 | + ERR_clear_error(); | |
18432 | + EVP_MD_CTX_init(&mctx); | |
18433 | + key = RSA_new(); | |
18434 | + bn = BN_new(); | |
18435 | + if (!key || !bn) | |
18436 | + return 0; | |
18437 | + BN_set_word(bn, 65537); | |
18438 | + if (!RSA_generate_key_ex(key, 1024,bn,NULL)) | |
18439 | + return 0; | |
18440 | + BN_free(bn); | |
18441 | + if (bad) | |
18442 | + BN_add_word(key->n, 1); | |
18443 | + | |
18444 | + pk.type = EVP_PKEY_RSA; | |
18445 | + pk.pkey.rsa = key; | |
18446 | + | |
18447 | + if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL)) | |
18448 | + goto end; | |
18449 | + if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) | |
18450 | + goto end; | |
18451 | + if (!EVP_SignFinal(&mctx, buf, &slen, &pk)) | |
18452 | + goto end; | |
18453 | + | |
18454 | + if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL)) | |
18455 | + goto end; | |
18456 | + if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) | |
18457 | + goto end; | |
18458 | + r = EVP_VerifyFinal(&mctx, buf, slen, &pk); | |
18459 | + end: | |
18460 | + EVP_MD_CTX_cleanup(&mctx); | |
18461 | + if (key) | |
18462 | + RSA_free(key); | |
18463 | + if (r != 1) | |
18464 | + return 0; | |
18465 | + return 1; | |
18466 | + } | |
18467 | + | |
18468 | +/* SHA1: generate hash of known digest value and compare to known | |
18469 | + precomputed correct hash | |
18470 | +*/ | |
18471 | +static int FIPS_sha1_test() | |
18472 | + { | |
18473 | + unsigned char digest[SHA_DIGEST_LENGTH] = | |
18474 | + { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 }; | |
18475 | + unsigned char str[] = "etaonrishd"; | |
18476 | + | |
18477 | + unsigned char md[SHA_DIGEST_LENGTH]; | |
18478 | + | |
18479 | + ERR_clear_error(); | |
18480 | + if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0; | |
18481 | + if (memcmp(md,digest,sizeof(md))) | |
18482 | + return 0; | |
18483 | + return 1; | |
18484 | + } | |
18485 | + | |
18486 | +/* SHA256: generate hash of known digest value and compare to known | |
18487 | + precomputed correct hash | |
18488 | +*/ | |
18489 | +static int FIPS_sha256_test() | |
18490 | + { | |
18491 | + unsigned char digest[SHA256_DIGEST_LENGTH] = | |
18492 | + {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91, | |
18493 | + 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57}; | |
18494 | + unsigned char str[] = "etaonrishd"; | |
18495 | + | |
18496 | + unsigned char md[SHA256_DIGEST_LENGTH]; | |
18497 | + | |
18498 | + ERR_clear_error(); | |
18499 | + if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha256(), NULL)) return 0; | |
18500 | + if (memcmp(md,digest,sizeof(md))) | |
18501 | + return 0; | |
18502 | + return 1; | |
18503 | + } | |
18504 | + | |
18505 | +/* SHA512: generate hash of known digest value and compare to known | |
18506 | + precomputed correct hash | |
18507 | +*/ | |
18508 | +static int FIPS_sha512_test() | |
18509 | + { | |
18510 | + unsigned char digest[SHA512_DIGEST_LENGTH] = | |
18511 | + {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca, | |
18512 | + 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a, | |
18513 | + 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22, | |
18514 | + 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3}; | |
18515 | + unsigned char str[] = "etaonrishd"; | |
18516 | + | |
18517 | + unsigned char md[SHA512_DIGEST_LENGTH]; | |
18518 | + | |
18519 | + ERR_clear_error(); | |
18520 | + if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha512(), NULL)) return 0; | |
18521 | + if (memcmp(md,digest,sizeof(md))) | |
18522 | + return 0; | |
18523 | + return 1; | |
18524 | + } | |
18525 | + | |
18526 | +/* HMAC-SHA1: generate hash of known digest value and compare to known | |
18527 | + precomputed correct hash | |
18528 | +*/ | |
18529 | +static int FIPS_hmac_sha1_test() | |
18530 | + { | |
18531 | + unsigned char key[] = "etaonrishd"; | |
18532 | + unsigned char iv[] = "Sample text"; | |
18533 | + unsigned char kaval[EVP_MAX_MD_SIZE] = | |
18534 | + {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70, | |
18535 | + 0xb2, 0xfb, 0xec, 0xc6}; | |
18536 | + | |
18537 | + unsigned char out[EVP_MAX_MD_SIZE]; | |
18538 | + unsigned int outlen; | |
18539 | + | |
18540 | + ERR_clear_error(); | |
18541 | + if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0; | |
18542 | + if (memcmp(out,kaval,outlen)) | |
18543 | + return 0; | |
18544 | + return 1; | |
18545 | + } | |
18546 | + | |
18547 | +/* HMAC-SHA224: generate hash of known digest value and compare to known | |
18548 | + precomputed correct hash | |
18549 | +*/ | |
18550 | +static int FIPS_hmac_sha224_test() | |
18551 | + { | |
18552 | + unsigned char key[] = "etaonrishd"; | |
18553 | + unsigned char iv[] = "Sample text"; | |
18554 | + unsigned char kaval[EVP_MAX_MD_SIZE] = | |
18555 | + {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35, | |
18556 | + 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19}; | |
18557 | + | |
18558 | + unsigned char out[EVP_MAX_MD_SIZE]; | |
18559 | + unsigned int outlen; | |
18560 | + | |
18561 | + ERR_clear_error(); | |
18562 | + if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0; | |
18563 | + if (memcmp(out,kaval,outlen)) | |
18564 | + return 0; | |
18565 | + return 1; | |
18566 | + } | |
18567 | + | |
18568 | +/* HMAC-SHA256: generate hash of known digest value and compare to known | |
18569 | + precomputed correct hash | |
18570 | +*/ | |
18571 | +static int FIPS_hmac_sha256_test() | |
18572 | + { | |
18573 | + unsigned char key[] = "etaonrishd"; | |
18574 | + unsigned char iv[] = "Sample text"; | |
18575 | + unsigned char kaval[EVP_MAX_MD_SIZE] = | |
18576 | + {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87, | |
18577 | + 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4}; | |
18578 | + | |
18579 | + unsigned char out[EVP_MAX_MD_SIZE]; | |
18580 | + unsigned int outlen; | |
18581 | + | |
18582 | + ERR_clear_error(); | |
18583 | + if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0; | |
18584 | + if (memcmp(out,kaval,outlen)) | |
18585 | + return 0; | |
18586 | + return 1; | |
18587 | + } | |
18588 | + | |
18589 | +/* HMAC-SHA384: generate hash of known digest value and compare to known | |
18590 | + precomputed correct hash | |
18591 | +*/ | |
18592 | +static int FIPS_hmac_sha384_test() | |
18593 | + { | |
18594 | + unsigned char key[] = "etaonrishd"; | |
18595 | + unsigned char iv[] = "Sample text"; | |
18596 | + unsigned char kaval[EVP_MAX_MD_SIZE] = | |
18597 | + {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10, | |
18598 | + 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08, | |
18599 | + 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c}; | |
18600 | + | |
18601 | + unsigned char out[EVP_MAX_MD_SIZE]; | |
18602 | + unsigned int outlen; | |
18603 | + | |
18604 | + ERR_clear_error(); | |
18605 | + if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0; | |
18606 | + if (memcmp(out,kaval,outlen)) | |
18607 | + return 0; | |
18608 | + return 1; | |
18609 | + } | |
18610 | + | |
18611 | +/* HMAC-SHA512: generate hash of known digest value and compare to known | |
18612 | + precomputed correct hash | |
18613 | +*/ | |
18614 | +static int FIPS_hmac_sha512_test() | |
18615 | + { | |
18616 | + unsigned char key[] = "etaonrishd"; | |
18617 | + unsigned char iv[] = "Sample text"; | |
18618 | + unsigned char kaval[EVP_MAX_MD_SIZE] = | |
18619 | + {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6, | |
18620 | + 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1, | |
18621 | + 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c, | |
18622 | + 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53}; | |
18623 | + | |
18624 | + unsigned char out[EVP_MAX_MD_SIZE]; | |
18625 | + unsigned int outlen; | |
18626 | + | |
18627 | + ERR_clear_error(); | |
18628 | + if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0; | |
18629 | + if (memcmp(out,kaval,outlen)) | |
18630 | + return 0; | |
18631 | + return 1; | |
18632 | + } | |
18633 | + | |
18634 | + | |
18635 | +/* DH: generate shared parameters | |
18636 | +*/ | |
18637 | +static int dh_test() | |
18638 | + { | |
18639 | + DH *dh; | |
18640 | + ERR_clear_error(); | |
18641 | + dh = FIPS_dh_new(); | |
18642 | + if (!dh) | |
18643 | + return 0; | |
18644 | + if (!DH_generate_parameters_ex(dh, 1024, 2, NULL)) | |
18645 | + return 0; | |
18646 | + FIPS_dh_free(dh); | |
18647 | + return 1; | |
18648 | + } | |
18649 | + | |
18650 | +/* Zeroize | |
18651 | +*/ | |
18652 | +static int Zeroize() | |
18653 | + { | |
18654 | + RSA *key; | |
18655 | + BIGNUM *bn; | |
18656 | + unsigned char userkey[16] = | |
18657 | + { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 }; | |
18658 | + int i, n; | |
18659 | + | |
18660 | + key = FIPS_rsa_new(); | |
18661 | + bn = BN_new(); | |
18662 | + if (!key || !bn) | |
18663 | + return 0; | |
18664 | + BN_set_word(bn, 65537); | |
18665 | + if (!RSA_generate_key_ex(key, 1024,bn,NULL)) | |
18666 | + return 0; | |
18667 | + BN_free(bn); | |
18668 | + | |
18669 | + n = BN_num_bytes(key->d); | |
18670 | + printf(" Generated %d byte RSA private key\n", n); | |
18671 | + printf("\tBN key before overwriting:\n"); | |
18672 | + do_bn_print(stdout, key->d); | |
18673 | + BN_rand(key->d,n*8,-1,0); | |
18674 | + printf("\tBN key after overwriting:\n"); | |
18675 | + do_bn_print(stdout, key->d); | |
18676 | + | |
18677 | + printf("\tchar buffer key before overwriting: \n\t\t"); | |
18678 | + for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]); | |
18679 | + printf("\n"); | |
18680 | + RAND_bytes(userkey, sizeof userkey); | |
18681 | + printf("\tchar buffer key after overwriting: \n\t\t"); | |
18682 | + for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]); | |
18683 | + printf("\n"); | |
18684 | + | |
18685 | + return 1; | |
18686 | + } | |
18687 | + | |
18688 | +static int Error; | |
18689 | +const char * Fail(const char *msg) | |
18690 | + { | |
18691 | + do_print_errors(); | |
18692 | + Error++; | |
18693 | + return msg; | |
18694 | + } | |
18695 | + | |
18696 | +int main(int argc,char **argv) | |
18697 | + { | |
18698 | + | |
18699 | + int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0; | |
18700 | + int bad_rsa = 0, bad_dsa = 0; | |
18701 | + int do_rng_stick = 0; | |
18702 | + int no_exit = 0; | |
18703 | + | |
18704 | + printf("\tFIPS-mode test application\n\n"); | |
18705 | + | |
18706 | + /* Load entropy from external file, if any */ | |
18707 | + RAND_load_file(".rnd", 1024); | |
18708 | + | |
18709 | + if (argv[1]) { | |
18710 | + /* Corrupted KAT tests */ | |
18711 | + if (!strcmp(argv[1], "aes")) { | |
18712 | + FIPS_corrupt_aes(); | |
18713 | + printf("AES encryption/decryption with corrupted KAT...\n"); | |
18714 | + } else if (!strcmp(argv[1], "des")) { | |
18715 | + FIPS_corrupt_des(); | |
18716 | + printf("DES3-ECB encryption/decryption with corrupted KAT...\n"); | |
18717 | + } else if (!strcmp(argv[1], "dsa")) { | |
18718 | + FIPS_corrupt_dsa(); | |
18719 | + printf("DSA key generation and signature validation with corrupted KAT...\n"); | |
18720 | + } else if (!strcmp(argv[1], "rsa")) { | |
18721 | + FIPS_corrupt_rsa(); | |
18722 | + printf("RSA key generation and signature validation with corrupted KAT...\n"); | |
18723 | + } else if (!strcmp(argv[1], "rsakey")) { | |
18724 | + printf("RSA key generation and signature validation with corrupted key...\n"); | |
18725 | + bad_rsa = 1; | |
18726 | + no_exit = 1; | |
18727 | + } else if (!strcmp(argv[1], "rsakeygen")) { | |
18728 | + do_corrupt_rsa_keygen = 1; | |
18729 | + no_exit = 1; | |
18730 | + printf("RSA key generation and signature validation with corrupted keygen...\n"); | |
18731 | + } else if (!strcmp(argv[1], "dsakey")) { | |
18732 | + printf("DSA key generation and signature validation with corrupted key...\n"); | |
18733 | + bad_dsa = 1; | |
18734 | + no_exit = 1; | |
18735 | + } else if (!strcmp(argv[1], "dsakeygen")) { | |
18736 | + do_corrupt_dsa_keygen = 1; | |
18737 | + no_exit = 1; | |
18738 | + printf("DSA key generation and signature validation with corrupted keygen...\n"); | |
18739 | + } else if (!strcmp(argv[1], "sha1")) { | |
18740 | + FIPS_corrupt_sha1(); | |
18741 | + printf("SHA-1 hash with corrupted KAT...\n"); | |
18742 | + } else if (!strcmp(argv[1], "rng")) { | |
18743 | + FIPS_corrupt_rng(); | |
18744 | + } else if (!strcmp(argv[1], "rngstick")) { | |
18745 | + do_rng_stick = 1; | |
18746 | + no_exit = 1; | |
18747 | + printf("RNG test with stuck continuous test...\n"); | |
18748 | + } else { | |
18749 | + printf("Bad argument \"%s\"\n", argv[1]); | |
18750 | + exit(1); | |
18751 | + } | |
18752 | + if (!no_exit) { | |
18753 | + if (!FIPS_mode_set(1)) { | |
18754 | + do_print_errors(); | |
18755 | + printf("Power-up self test failed\n"); | |
18756 | + exit(1); | |
18757 | + } | |
18758 | + printf("Power-up self test successful\n"); | |
18759 | + exit(0); | |
18760 | + } | |
18761 | + } | |
18762 | + | |
18763 | + /* Non-Approved cryptographic operation | |
18764 | + */ | |
18765 | + printf("1. Non-Approved cryptographic operation test...\n"); | |
18766 | + printf("\ta. Included algorithm (D-H)..."); | |
18767 | + printf( dh_test() ? "successful\n" : Fail("FAILED!\n") ); | |
18768 | + | |
18769 | + /* Power-up self test | |
18770 | + */ | |
18771 | + ERR_clear_error(); | |
18772 | + printf("2. Automatic power-up self test..."); | |
18773 | + if (!FIPS_mode_set(1)) | |
18774 | + { | |
18775 | + do_print_errors(); | |
18776 | + printf(Fail("FAILED!\n")); | |
18777 | + exit(1); | |
18778 | + } | |
18779 | + printf("successful\n"); | |
18780 | + if (do_corrupt_dsa_keygen) | |
18781 | + FIPS_corrupt_dsa_keygen(); | |
18782 | + if (do_corrupt_rsa_keygen) | |
18783 | + FIPS_corrupt_rsa_keygen(); | |
18784 | + if (do_rng_stick) | |
18785 | + FIPS_rng_stick(); | |
18786 | + | |
18787 | + /* AES encryption/decryption | |
18788 | + */ | |
18789 | + printf("3. AES encryption/decryption..."); | |
18790 | + printf( FIPS_aes_test() ? "successful\n" : Fail("FAILED!\n") ); | |
18791 | + | |
18792 | + /* RSA key generation and encryption/decryption | |
18793 | + */ | |
18794 | + printf("4. RSA key generation and encryption/decryption..."); | |
18795 | + printf( FIPS_rsa_test(bad_rsa) ? "successful\n" : Fail("FAILED!\n") ); | |
18796 | + | |
18797 | + /* DES-CBC encryption/decryption | |
18798 | + */ | |
18799 | + printf("5. DES-ECB encryption/decryption..."); | |
18800 | + printf( FIPS_des3_test() ? "successful\n" : Fail("FAILED!\n") ); | |
18801 | + | |
18802 | + /* DSA key generation and signature validation | |
18803 | + */ | |
18804 | + printf("6. DSA key generation and signature validation..."); | |
18805 | + printf( FIPS_dsa_test(bad_dsa) ? "successful\n" : Fail("FAILED!\n") ); | |
18806 | + | |
18807 | + /* SHA-1 hash | |
18808 | + */ | |
18809 | + printf("7a. SHA-1 hash..."); | |
18810 | + printf( FIPS_sha1_test() ? "successful\n" : Fail("FAILED!\n") ); | |
18811 | + | |
18812 | + /* SHA-256 hash | |
18813 | + */ | |
18814 | + printf("7b. SHA-256 hash..."); | |
18815 | + printf( FIPS_sha256_test() ? "successful\n" : Fail("FAILED!\n") ); | |
18816 | + | |
18817 | + /* SHA-512 hash | |
18818 | + */ | |
18819 | + printf("7c. SHA-512 hash..."); | |
18820 | + printf( FIPS_sha512_test() ? "successful\n" : Fail("FAILED!\n") ); | |
18821 | + | |
18822 | + /* HMAC-SHA-1 hash | |
18823 | + */ | |
18824 | + printf("7d. HMAC-SHA-1 hash..."); | |
18825 | + printf( FIPS_hmac_sha1_test() ? "successful\n" : Fail("FAILED!\n") ); | |
18826 | + | |
18827 | + /* HMAC-SHA-224 hash | |
18828 | + */ | |
18829 | + printf("7e. HMAC-SHA-224 hash..."); | |
18830 | + printf( FIPS_hmac_sha224_test() ? "successful\n" : Fail("FAILED!\n") ); | |
18831 | + | |
18832 | + /* HMAC-SHA-256 hash | |
18833 | + */ | |
18834 | + printf("7f. HMAC-SHA-256 hash..."); | |
18835 | + printf( FIPS_hmac_sha256_test() ? "successful\n" : Fail("FAILED!\n") ); | |
18836 | + | |
18837 | + /* HMAC-SHA-384 hash | |
18838 | + */ | |
18839 | + printf("7g. HMAC-SHA-384 hash..."); | |
18840 | + printf( FIPS_hmac_sha384_test() ? "successful\n" : Fail("FAILED!\n") ); | |
18841 | + | |
18842 | + /* HMAC-SHA-512 hash | |
18843 | + */ | |
18844 | + printf("7h. HMAC-SHA-512 hash..."); | |
18845 | + printf( FIPS_hmac_sha512_test() ? "successful\n" : Fail("FAILED!\n") ); | |
18846 | + | |
18847 | + /* Non-Approved cryptographic operation | |
18848 | + */ | |
18849 | + printf("8. Non-Approved cryptographic operation test...\n"); | |
18850 | + printf("\ta. Included algorithm (D-H)..."); | |
18851 | + printf( dh_test() ? "successful as expected\n" | |
18852 | + : Fail("failed INCORRECTLY!\n") ); | |
18853 | + | |
18854 | + /* Zeroization | |
18855 | + */ | |
18856 | + printf("9. Zero-ization...\n"); | |
18857 | + printf( Zeroize() ? "\tsuccessful as expected\n" | |
18858 | + : Fail("\tfailed INCORRECTLY!\n") ); | |
18859 | + | |
18860 | + printf("\nAll tests completed with %d errors\n", Error); | |
18861 | + return Error ? 1 : 0; | |
18862 | + } | |
18863 | + | |
18864 | +#endif | |
a7ff9508 MT |
18865 | diff -up openssl-1.0.1b/crypto/fips/Makefile.fips openssl-1.0.1b/crypto/fips/Makefile |
18866 | --- openssl-1.0.1b/crypto/fips/Makefile.fips 2012-04-26 18:00:51.409769496 +0200 | |
18867 | +++ openssl-1.0.1b/crypto/fips/Makefile 2012-04-26 18:00:51.409769496 +0200 | |
0595faf5 MT |
18868 | @@ -0,0 +1,340 @@ |
18869 | +# | |
18870 | +# OpenSSL/crypto/fips/Makefile | |
18871 | +# | |
18872 | + | |
18873 | +DIR= fips | |
18874 | +TOP= ../.. | |
18875 | +CC= cc | |
18876 | +INCLUDES= | |
18877 | +CFLAG=-g | |
18878 | +MAKEFILE= Makefile | |
18879 | +AR= ar r | |
18880 | + | |
18881 | +CFLAGS= $(INCLUDES) $(CFLAG) | |
18882 | + | |
18883 | +GENERAL=Makefile | |
18884 | +TEST=fips_test_suite.c fips_randtest.c | |
18885 | +APPS= | |
18886 | + | |
18887 | +PROGRAM= fips_standalone_hmac | |
18888 | +EXE= $(PROGRAM)$(EXE_EXT) | |
18889 | + | |
18890 | +LIB=$(TOP)/libcrypto.a | |
18891 | +LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c \ | |
18892 | + fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ | |
18893 | + fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ | |
18894 | + fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \ | |
18895 | + fips_cmac_selftest.c fips_enc.c fips_md.c | |
18896 | + | |
18897 | +LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \ | |
18898 | + fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \ | |
18899 | + fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \ | |
18900 | + fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \ | |
18901 | + fips_cmac_selftest.o fips_enc.o fips_md.o | |
18902 | + | |
18903 | +LIBCRYPTO=-L.. -lcrypto | |
18904 | + | |
18905 | +SRC= $(LIBSRC) fips_standalone_hmac.c | |
18906 | + | |
18907 | +EXHEADER= fips.h fips_rand.h | |
18908 | +HEADER= $(EXHEADER) | |
18909 | + | |
18910 | +ALL= $(GENERAL) $(SRC) $(HEADER) | |
18911 | + | |
18912 | +top: | |
18913 | + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) | |
18914 | + | |
18915 | +all: lib exe | |
18916 | + | |
18917 | +lib: $(LIBOBJ) | |
18918 | + $(AR) $(LIB) $(LIBOBJ) | |
18919 | + $(RANLIB) $(LIB) || echo Never mind. | |
18920 | + @touch lib | |
18921 | + | |
18922 | +exe: $(EXE) | |
18923 | + | |
18924 | +files: | |
18925 | + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO | |
18926 | + | |
18927 | +links: | |
18928 | + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) | |
18929 | + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) | |
18930 | + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) | |
18931 | + | |
18932 | +install: | |
18933 | + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... | |
18934 | + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ | |
18935 | + do \ | |
18936 | + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ | |
18937 | + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ | |
18938 | + done; | |
18939 | + | |
18940 | +tags: | |
18941 | + ctags $(SRC) | |
18942 | + | |
18943 | +tests: | |
18944 | + | |
18945 | +lint: | |
18946 | + lint -DLINT $(INCLUDES) $(SRC)>fluff | |
18947 | + | |
18948 | +depend: | |
18949 | + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... | |
18950 | + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) | |
18951 | + | |
18952 | +dclean: | |
18953 | + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new | |
18954 | + mv -f Makefile.new $(MAKEFILE) | |
18955 | + | |
18956 | +clean: | |
18957 | + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff | |
18958 | + | |
18959 | +$(EXE): $(PROGRAM).o | |
18960 | + FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../sha/$$i" ; done; \ | |
18961 | + $(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM | |
18962 | + | |
18963 | +# DO NOT DELETE THIS LINE -- make depend depends on it. | |
18964 | + | |
18965 | +fips.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h | |
18966 | +fips.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h | |
18967 | +fips.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | |
18968 | +fips.o: ../../include/openssl/evp.h ../../include/openssl/fips.h | |
18969 | +fips.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h | |
18970 | +fips.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | |
18971 | +fips.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h | |
18972 | +fips.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | |
18973 | +fips.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h | |
18974 | +fips.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h | |
18975 | +fips.o: ../../include/openssl/symhacks.h fips.c fips_locl.h | |
18976 | +fips_aes_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h | |
18977 | +fips_aes_selftest.o: ../../include/openssl/crypto.h | |
18978 | +fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | |
18979 | +fips_aes_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h | |
18980 | +fips_aes_selftest.o: ../../include/openssl/lhash.h | |
18981 | +fips_aes_selftest.o: ../../include/openssl/obj_mac.h | |
18982 | +fips_aes_selftest.o: ../../include/openssl/objects.h | |
18983 | +fips_aes_selftest.o: ../../include/openssl/opensslconf.h | |
18984 | +fips_aes_selftest.o: ../../include/openssl/opensslv.h | |
18985 | +fips_aes_selftest.o: ../../include/openssl/ossl_typ.h | |
18986 | +fips_aes_selftest.o: ../../include/openssl/safestack.h | |
18987 | +fips_aes_selftest.o: ../../include/openssl/stack.h | |
18988 | +fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c | |
18989 | +fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h | |
18990 | +fips_des_selftest.o: ../../include/openssl/crypto.h | |
18991 | +fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | |
18992 | +fips_des_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h | |
18993 | +fips_des_selftest.o: ../../include/openssl/lhash.h | |
18994 | +fips_des_selftest.o: ../../include/openssl/obj_mac.h | |
18995 | +fips_des_selftest.o: ../../include/openssl/objects.h | |
18996 | +fips_des_selftest.o: ../../include/openssl/opensslconf.h | |
18997 | +fips_des_selftest.o: ../../include/openssl/opensslv.h | |
18998 | +fips_des_selftest.o: ../../include/openssl/ossl_typ.h | |
18999 | +fips_des_selftest.o: ../../include/openssl/safestack.h | |
19000 | +fips_des_selftest.o: ../../include/openssl/stack.h | |
19001 | +fips_des_selftest.o: ../../include/openssl/symhacks.h fips_des_selftest.c | |
19002 | +fips_drbg_ctr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h | |
19003 | +fips_drbg_ctr.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h | |
19004 | +fips_drbg_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h | |
19005 | +fips_drbg_ctr.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h | |
19006 | +fips_drbg_ctr.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h | |
19007 | +fips_drbg_ctr.o: ../../include/openssl/objects.h | |
19008 | +fips_drbg_ctr.o: ../../include/openssl/opensslconf.h | |
19009 | +fips_drbg_ctr.o: ../../include/openssl/opensslv.h | |
19010 | +fips_drbg_ctr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h | |
19011 | +fips_drbg_ctr.o: ../../include/openssl/safestack.h | |
19012 | +fips_drbg_ctr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | |
19013 | +fips_drbg_ctr.o: fips_drbg_ctr.c fips_rand_lcl.h | |
19014 | +fips_drbg_hash.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h | |
19015 | +fips_drbg_hash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h | |
19016 | +fips_drbg_hash.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h | |
19017 | +fips_drbg_hash.o: ../../include/openssl/fips.h | |
19018 | +fips_drbg_hash.o: ../../include/openssl/fips_rand.h | |
19019 | +fips_drbg_hash.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h | |
19020 | +fips_drbg_hash.o: ../../include/openssl/objects.h | |
19021 | +fips_drbg_hash.o: ../../include/openssl/opensslconf.h | |
19022 | +fips_drbg_hash.o: ../../include/openssl/opensslv.h | |
19023 | +fips_drbg_hash.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h | |
19024 | +fips_drbg_hash.o: ../../include/openssl/safestack.h | |
19025 | +fips_drbg_hash.o: ../../include/openssl/stack.h | |
19026 | +fips_drbg_hash.o: ../../include/openssl/symhacks.h fips_drbg_hash.c | |
19027 | +fips_drbg_hash.o: fips_rand_lcl.h | |
19028 | +fips_drbg_hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h | |
19029 | +fips_drbg_hmac.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h | |
19030 | +fips_drbg_hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h | |
19031 | +fips_drbg_hmac.o: ../../include/openssl/fips.h | |
19032 | +fips_drbg_hmac.o: ../../include/openssl/fips_rand.h | |
19033 | +fips_drbg_hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h | |
19034 | +fips_drbg_hmac.o: ../../include/openssl/objects.h | |
19035 | +fips_drbg_hmac.o: ../../include/openssl/opensslconf.h | |
19036 | +fips_drbg_hmac.o: ../../include/openssl/opensslv.h | |
19037 | +fips_drbg_hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h | |
19038 | +fips_drbg_hmac.o: ../../include/openssl/safestack.h | |
19039 | +fips_drbg_hmac.o: ../../include/openssl/stack.h | |
19040 | +fips_drbg_hmac.o: ../../include/openssl/symhacks.h fips_drbg_hmac.c | |
19041 | +fips_drbg_hmac.o: fips_rand_lcl.h | |
19042 | +fips_drbg_lib.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h | |
19043 | +fips_drbg_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h | |
19044 | +fips_drbg_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | |
19045 | +fips_drbg_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h | |
19046 | +fips_drbg_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h | |
19047 | +fips_drbg_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | |
19048 | +fips_drbg_lib.o: ../../include/openssl/objects.h | |
19049 | +fips_drbg_lib.o: ../../include/openssl/opensslconf.h | |
19050 | +fips_drbg_lib.o: ../../include/openssl/opensslv.h | |
19051 | +fips_drbg_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h | |
19052 | +fips_drbg_lib.o: ../../include/openssl/safestack.h | |
19053 | +fips_drbg_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | |
19054 | +fips_drbg_lib.o: fips_drbg_lib.c fips_locl.h fips_rand_lcl.h | |
19055 | +fips_drbg_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h | |
19056 | +fips_drbg_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h | |
19057 | +fips_drbg_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | |
19058 | +fips_drbg_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h | |
19059 | +fips_drbg_rand.o: ../../include/openssl/fips_rand.h | |
19060 | +fips_drbg_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h | |
19061 | +fips_drbg_rand.o: ../../include/openssl/obj_mac.h | |
19062 | +fips_drbg_rand.o: ../../include/openssl/objects.h | |
19063 | +fips_drbg_rand.o: ../../include/openssl/opensslconf.h | |
19064 | +fips_drbg_rand.o: ../../include/openssl/opensslv.h | |
19065 | +fips_drbg_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h | |
19066 | +fips_drbg_rand.o: ../../include/openssl/safestack.h | |
19067 | +fips_drbg_rand.o: ../../include/openssl/stack.h | |
19068 | +fips_drbg_rand.o: ../../include/openssl/symhacks.h fips_drbg_rand.c | |
19069 | +fips_drbg_rand.o: fips_rand_lcl.h | |
19070 | +fips_drbg_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h | |
19071 | +fips_drbg_selftest.o: ../../include/openssl/bio.h | |
19072 | +fips_drbg_selftest.o: ../../include/openssl/crypto.h | |
19073 | +fips_drbg_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | |
19074 | +fips_drbg_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h | |
19075 | +fips_drbg_selftest.o: ../../include/openssl/fips_rand.h | |
19076 | +fips_drbg_selftest.o: ../../include/openssl/hmac.h | |
19077 | +fips_drbg_selftest.o: ../../include/openssl/lhash.h | |
19078 | +fips_drbg_selftest.o: ../../include/openssl/obj_mac.h | |
19079 | +fips_drbg_selftest.o: ../../include/openssl/objects.h | |
19080 | +fips_drbg_selftest.o: ../../include/openssl/opensslconf.h | |
19081 | +fips_drbg_selftest.o: ../../include/openssl/opensslv.h | |
19082 | +fips_drbg_selftest.o: ../../include/openssl/ossl_typ.h | |
19083 | +fips_drbg_selftest.o: ../../include/openssl/rand.h | |
19084 | +fips_drbg_selftest.o: ../../include/openssl/safestack.h | |
19085 | +fips_drbg_selftest.o: ../../include/openssl/stack.h | |
19086 | +fips_drbg_selftest.o: ../../include/openssl/symhacks.h fips_drbg_selftest.c | |
19087 | +fips_drbg_selftest.o: fips_drbg_selftest.h fips_locl.h fips_rand_lcl.h | |
19088 | +fips_dsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h | |
19089 | +fips_dsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h | |
19090 | +fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h | |
19091 | +fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h | |
19092 | +fips_dsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h | |
19093 | +fips_dsa_selftest.o: ../../include/openssl/obj_mac.h | |
19094 | +fips_dsa_selftest.o: ../../include/openssl/objects.h | |
19095 | +fips_dsa_selftest.o: ../../include/openssl/opensslconf.h | |
19096 | +fips_dsa_selftest.o: ../../include/openssl/opensslv.h | |
19097 | +fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h | |
19098 | +fips_dsa_selftest.o: ../../include/openssl/safestack.h | |
19099 | +fips_dsa_selftest.o: ../../include/openssl/stack.h | |
19100 | +fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c | |
19101 | +fips_dsa_selftest.o: fips_locl.h | |
19102 | +fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h | |
19103 | +fips_hmac_selftest.o: ../../include/openssl/crypto.h | |
19104 | +fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | |
19105 | +fips_hmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h | |
19106 | +fips_hmac_selftest.o: ../../include/openssl/hmac.h | |
19107 | +fips_hmac_selftest.o: ../../include/openssl/lhash.h | |
19108 | +fips_hmac_selftest.o: ../../include/openssl/obj_mac.h | |
19109 | +fips_hmac_selftest.o: ../../include/openssl/objects.h | |
19110 | +fips_hmac_selftest.o: ../../include/openssl/opensslconf.h | |
19111 | +fips_hmac_selftest.o: ../../include/openssl/opensslv.h | |
19112 | +fips_hmac_selftest.o: ../../include/openssl/ossl_typ.h | |
19113 | +fips_hmac_selftest.o: ../../include/openssl/safestack.h | |
19114 | +fips_hmac_selftest.o: ../../include/openssl/stack.h | |
19115 | +fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c | |
19116 | +fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h | |
19117 | +fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h | |
19118 | +fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h | |
19119 | +fips_post.o: ../../include/openssl/err.h ../../include/openssl/evp.h | |
19120 | +fips_post.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h | |
19121 | +fips_post.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h | |
19122 | +fips_post.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | |
19123 | +fips_post.o: ../../include/openssl/opensslconf.h | |
19124 | +fips_post.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | |
19125 | +fips_post.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h | |
19126 | +fips_post.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h | |
19127 | +fips_post.o: ../../include/openssl/symhacks.h fips_locl.h fips_post.c | |
19128 | +fips_rand.o: ../../e_os.h ../../include/openssl/aes.h | |
19129 | +fips_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h | |
19130 | +fips_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | |
19131 | +fips_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h | |
19132 | +fips_rand.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h | |
19133 | +fips_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h | |
19134 | +fips_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | |
19135 | +fips_rand.o: ../../include/openssl/opensslconf.h | |
19136 | +fips_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | |
19137 | +fips_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h | |
19138 | +fips_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | |
19139 | +fips_rand.o: fips_locl.h fips_rand.c | |
19140 | +fips_rand_lib.o: ../../e_os.h ../../include/openssl/aes.h | |
19141 | +fips_rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h | |
19142 | +fips_rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h | |
19143 | +fips_rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h | |
19144 | +fips_rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h | |
19145 | +fips_rand_lib.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h | |
19146 | +fips_rand_lib.o: ../../include/openssl/obj_mac.h | |
19147 | +fips_rand_lib.o: ../../include/openssl/objects.h | |
19148 | +fips_rand_lib.o: ../../include/openssl/opensslconf.h | |
19149 | +fips_rand_lib.o: ../../include/openssl/opensslv.h | |
19150 | +fips_rand_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h | |
19151 | +fips_rand_lib.o: ../../include/openssl/safestack.h | |
19152 | +fips_rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | |
19153 | +fips_rand_lib.o: fips_rand_lib.c | |
19154 | +fips_rand_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h | |
19155 | +fips_rand_selftest.o: ../../include/openssl/bio.h | |
19156 | +fips_rand_selftest.o: ../../include/openssl/crypto.h | |
19157 | +fips_rand_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | |
19158 | +fips_rand_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h | |
19159 | +fips_rand_selftest.o: ../../include/openssl/fips_rand.h | |
19160 | +fips_rand_selftest.o: ../../include/openssl/hmac.h | |
19161 | +fips_rand_selftest.o: ../../include/openssl/lhash.h | |
19162 | +fips_rand_selftest.o: ../../include/openssl/obj_mac.h | |
19163 | +fips_rand_selftest.o: ../../include/openssl/objects.h | |
19164 | +fips_rand_selftest.o: ../../include/openssl/opensslconf.h | |
19165 | +fips_rand_selftest.o: ../../include/openssl/opensslv.h | |
19166 | +fips_rand_selftest.o: ../../include/openssl/ossl_typ.h | |
19167 | +fips_rand_selftest.o: ../../include/openssl/rand.h | |
19168 | +fips_rand_selftest.o: ../../include/openssl/safestack.h | |
19169 | +fips_rand_selftest.o: ../../include/openssl/stack.h | |
19170 | +fips_rand_selftest.o: ../../include/openssl/symhacks.h fips_locl.h | |
19171 | +fips_rand_selftest.o: fips_rand_selftest.c | |
19172 | +fips_rsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h | |
19173 | +fips_rsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h | |
19174 | +fips_rsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | |
19175 | +fips_rsa_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h | |
19176 | +fips_rsa_selftest.o: ../../include/openssl/lhash.h | |
19177 | +fips_rsa_selftest.o: ../../include/openssl/obj_mac.h | |
19178 | +fips_rsa_selftest.o: ../../include/openssl/objects.h | |
19179 | +fips_rsa_selftest.o: ../../include/openssl/opensslconf.h | |
19180 | +fips_rsa_selftest.o: ../../include/openssl/opensslv.h | |
19181 | +fips_rsa_selftest.o: ../../include/openssl/ossl_typ.h | |
19182 | +fips_rsa_selftest.o: ../../include/openssl/rsa.h | |
19183 | +fips_rsa_selftest.o: ../../include/openssl/safestack.h | |
19184 | +fips_rsa_selftest.o: ../../include/openssl/stack.h | |
19185 | +fips_rsa_selftest.o: ../../include/openssl/symhacks.h fips_rsa_selftest.c | |
19186 | +fips_rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h | |
19187 | +fips_rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h | |
19188 | +fips_rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | |
19189 | +fips_rsa_x931g.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h | |
19190 | +fips_rsa_x931g.o: ../../include/openssl/opensslconf.h | |
19191 | +fips_rsa_x931g.o: ../../include/openssl/opensslv.h | |
19192 | +fips_rsa_x931g.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h | |
19193 | +fips_rsa_x931g.o: ../../include/openssl/safestack.h | |
19194 | +fips_rsa_x931g.o: ../../include/openssl/stack.h | |
19195 | +fips_rsa_x931g.o: ../../include/openssl/symhacks.h fips_rsa_x931g.c | |
19196 | +fips_sha_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h | |
19197 | +fips_sha_selftest.o: ../../include/openssl/crypto.h | |
19198 | +fips_sha_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | |
19199 | +fips_sha_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h | |
19200 | +fips_sha_selftest.o: ../../include/openssl/lhash.h | |
19201 | +fips_sha_selftest.o: ../../include/openssl/obj_mac.h | |
19202 | +fips_sha_selftest.o: ../../include/openssl/objects.h | |
19203 | +fips_sha_selftest.o: ../../include/openssl/opensslconf.h | |
19204 | +fips_sha_selftest.o: ../../include/openssl/opensslv.h | |
19205 | +fips_sha_selftest.o: ../../include/openssl/ossl_typ.h | |
19206 | +fips_sha_selftest.o: ../../include/openssl/safestack.h | |
19207 | +fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | |
19208 | +fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c | |
a7ff9508 MT |
19209 | diff -up openssl-1.0.1b/crypto/hmac/hmac.c.fips openssl-1.0.1b/crypto/hmac/hmac.c |
19210 | --- openssl-1.0.1b/crypto/hmac/hmac.c.fips 2011-06-12 17:07:26.000000000 +0200 | |
19211 | +++ openssl-1.0.1b/crypto/hmac/hmac.c 2012-04-26 18:00:51.409769496 +0200 | |
0595faf5 MT |
19212 | @@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo |
19213 | EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); | |
19214 | return 0; | |
19215 | } | |
19216 | - /* Other algorithm blocking will be done in FIPS_cmac_init, | |
19217 | - * via FIPS_hmac_init_ex(). | |
19218 | - */ | |
19219 | - if (!impl && !ctx->i_ctx.engine) | |
19220 | - return FIPS_hmac_init_ex(ctx, key, len, md, NULL); | |
19221 | } | |
19222 | #endif | |
19223 | ||
19224 | @@ -99,6 +94,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo | |
19225 | ||
19226 | if (key != NULL) | |
19227 | { | |
19228 | +#ifdef OPENSSL_FIPS | |
19229 | + if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS) | |
19230 | + && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) | |
19231 | + || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) | |
19232 | + || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))) | |
19233 | + goto err; | |
19234 | +#endif | |
19235 | reset=1; | |
19236 | j=EVP_MD_block_size(md); | |
19237 | OPENSSL_assert(j <= (int)sizeof(ctx->key)); | |
19238 | @@ -155,10 +157,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void | |
19239 | ||
19240 | int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) | |
19241 | { | |
19242 | -#ifdef OPENSSL_FIPS | |
19243 | - if (FIPS_mode() && !ctx->i_ctx.engine) | |
19244 | - return FIPS_hmac_update(ctx, data, len); | |
19245 | -#endif | |
19246 | return EVP_DigestUpdate(&ctx->md_ctx,data,len); | |
19247 | } | |
19248 | ||
19249 | @@ -166,10 +164,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned c | |
19250 | { | |
19251 | unsigned int i; | |
19252 | unsigned char buf[EVP_MAX_MD_SIZE]; | |
19253 | -#ifdef OPENSSL_FIPS | |
19254 | - if (FIPS_mode() && !ctx->i_ctx.engine) | |
19255 | - return FIPS_hmac_final(ctx, md, len); | |
19256 | -#endif | |
19257 | ||
19258 | if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i)) | |
19259 | goto err; | |
19260 | @@ -209,13 +203,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_C | |
19261 | ||
19262 | void HMAC_CTX_cleanup(HMAC_CTX *ctx) | |
19263 | { | |
19264 | -#ifdef OPENSSL_FIPS | |
19265 | - if (FIPS_mode() && !ctx->i_ctx.engine) | |
19266 | - { | |
19267 | - FIPS_hmac_ctx_cleanup(ctx); | |
19268 | - return; | |
19269 | - } | |
19270 | -#endif | |
19271 | EVP_MD_CTX_cleanup(&ctx->i_ctx); | |
19272 | EVP_MD_CTX_cleanup(&ctx->o_ctx); | |
19273 | EVP_MD_CTX_cleanup(&ctx->md_ctx); | |
a7ff9508 MT |
19274 | diff -up openssl-1.0.1b/crypto/md2/md2_dgst.c.fips openssl-1.0.1b/crypto/md2/md2_dgst.c |
19275 | --- openssl-1.0.1b/crypto/md2/md2_dgst.c.fips 2011-06-01 15:39:43.000000000 +0200 | |
19276 | +++ openssl-1.0.1b/crypto/md2/md2_dgst.c 2012-04-26 18:00:51.409769496 +0200 | |
0595faf5 MT |
19277 | @@ -62,6 +62,11 @@ |
19278 | #include <openssl/md2.h> | |
19279 | #include <openssl/opensslv.h> | |
19280 | #include <openssl/crypto.h> | |
19281 | +#ifdef OPENSSL_FIPS | |
19282 | +#include <openssl/fips.h> | |
19283 | +#endif | |
19284 | + | |
19285 | +#include <openssl/err.h> | |
19286 | ||
19287 | const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT; | |
19288 | ||
19289 | @@ -116,7 +121,7 @@ const char *MD2_options(void) | |
19290 | return("md2(int)"); | |
19291 | } | |
19292 | ||
19293 | -fips_md_init(MD2) | |
19294 | +nonfips_md_init(MD2) | |
19295 | { | |
19296 | c->num=0; | |
19297 | memset(c->state,0,sizeof c->state); | |
a7ff9508 MT |
19298 | diff -up openssl-1.0.1b/crypto/md4/md4_dgst.c.fips openssl-1.0.1b/crypto/md4/md4_dgst.c |
19299 | --- openssl-1.0.1b/crypto/md4/md4_dgst.c.fips 2011-06-01 15:39:43.000000000 +0200 | |
19300 | +++ openssl-1.0.1b/crypto/md4/md4_dgst.c 2012-04-26 18:00:51.409769496 +0200 | |
0595faf5 MT |
19301 | @@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V |
19302 | #define INIT_DATA_C (unsigned long)0x98badcfeL | |
19303 | #define INIT_DATA_D (unsigned long)0x10325476L | |
19304 | ||
19305 | -fips_md_init(MD4) | |
19306 | +nonfips_md_init(MD4) | |
19307 | { | |
19308 | memset (c,0,sizeof(*c)); | |
19309 | c->A=INIT_DATA_A; | |
a7ff9508 MT |
19310 | diff -up openssl-1.0.1b/crypto/md5/md5_dgst.c.fips openssl-1.0.1b/crypto/md5/md5_dgst.c |
19311 | --- openssl-1.0.1b/crypto/md5/md5_dgst.c.fips 2011-06-01 15:39:43.000000000 +0200 | |
19312 | +++ openssl-1.0.1b/crypto/md5/md5_dgst.c 2012-04-26 18:00:51.409769496 +0200 | |
0595faf5 MT |
19313 | @@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V |
19314 | #define INIT_DATA_C (unsigned long)0x98badcfeL | |
19315 | #define INIT_DATA_D (unsigned long)0x10325476L | |
19316 | ||
19317 | -fips_md_init(MD5) | |
19318 | +nonfips_md_init(MD5) | |
19319 | { | |
19320 | memset (c,0,sizeof(*c)); | |
19321 | c->A=INIT_DATA_A; | |
a7ff9508 MT |
19322 | diff -up openssl-1.0.1b/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1b/crypto/mdc2/mdc2dgst.c |
19323 | --- openssl-1.0.1b/crypto/mdc2/mdc2dgst.c.fips 2011-06-01 15:39:44.000000000 +0200 | |
19324 | +++ openssl-1.0.1b/crypto/mdc2/mdc2dgst.c 2012-04-26 18:00:51.691775656 +0200 | |
0595faf5 MT |
19325 | @@ -76,7 +76,7 @@ |
19326 | *((c)++)=(unsigned char)(((l)>>24L)&0xff)) | |
19327 | ||
19328 | static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len); | |
19329 | -fips_md_init(MDC2) | |
19330 | +nonfips_md_init(MDC2) | |
19331 | { | |
19332 | c->num=0; | |
19333 | c->pad_type=1; | |
a7ff9508 MT |
19334 | diff -up openssl-1.0.1b/crypto/o_init.c.fips openssl-1.0.1b/crypto/o_init.c |
19335 | --- openssl-1.0.1b/crypto/o_init.c.fips 2011-05-26 16:19:19.000000000 +0200 | |
19336 | +++ openssl-1.0.1b/crypto/o_init.c 2012-04-26 18:00:51.696775766 +0200 | |
0595faf5 MT |
19337 | @@ -55,28 +55,63 @@ |
19338 | #include <e_os.h> | |
19339 | #include <openssl/err.h> | |
19340 | #ifdef OPENSSL_FIPS | |
19341 | +#include <sys/types.h> | |
19342 | +#include <sys/stat.h> | |
19343 | +#include <fcntl.h> | |
19344 | +#include <unistd.h> | |
19345 | +#include <errno.h> | |
19346 | +#include <stdlib.h> | |
19347 | #include <openssl/fips.h> | |
19348 | #include <openssl/rand.h> | |
19349 | + | |
19350 | +#define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" | |
19351 | + | |
19352 | +static void init_fips_mode(void) | |
19353 | + { | |
19354 | + char buf[2] = "0"; | |
19355 | + int fd; | |
19356 | + | |
19357 | + if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) | |
19358 | + { | |
19359 | + buf[0] = '1'; | |
19360 | + } | |
19361 | + else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) | |
19362 | + { | |
19363 | + while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR); | |
19364 | + close(fd); | |
19365 | + } | |
19366 | + /* Failure reading the fips mode switch file means just not | |
19367 | + * switching into FIPS mode. We would break too many things | |
19368 | + * otherwise. | |
19369 | + */ | |
19370 | + | |
19371 | + if (buf[0] == '1') | |
19372 | + { | |
19373 | + FIPS_mode_set(1); | |
19374 | + } | |
19375 | + } | |
19376 | #endif | |
19377 | ||
19378 | /* Perform any essential OpenSSL initialization operations. | |
19379 | * Currently only sets FIPS callbacks | |
19380 | */ | |
19381 | ||
19382 | -void OPENSSL_init(void) | |
19383 | +void OPENSSL_init_library(void) | |
19384 | { | |
19385 | static int done = 0; | |
19386 | if (done) | |
19387 | return; | |
19388 | done = 1; | |
19389 | #ifdef OPENSSL_FIPS | |
19390 | - FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock); | |
19391 | - FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata); | |
19392 | - FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free); | |
19393 | RAND_init_fips(); | |
19394 | + init_fips_mode(); | |
19395 | #endif | |
19396 | #if 0 | |
19397 | fprintf(stderr, "Called OPENSSL_init\n"); | |
19398 | #endif | |
19399 | } | |
19400 | ||
19401 | +void OPENSSL_init(void) | |
19402 | + { | |
19403 | + OPENSSL_init_library(); | |
19404 | + } | |
a7ff9508 MT |
19405 | diff -up openssl-1.0.1b/crypto/opensslconf.h.in.fips openssl-1.0.1b/crypto/opensslconf.h.in |
19406 | --- openssl-1.0.1b/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 | |
19407 | +++ openssl-1.0.1b/crypto/opensslconf.h.in 2012-04-26 18:00:51.702775897 +0200 | |
0595faf5 MT |
19408 | @@ -1,5 +1,20 @@ |
19409 | /* crypto/opensslconf.h.in */ | |
19410 | ||
19411 | +#ifdef OPENSSL_DOING_MAKEDEPEND | |
19412 | + | |
19413 | +/* Include any symbols here that have to be explicitly set to enable a feature | |
19414 | + * that should be visible to makedepend. | |
19415 | + * | |
19416 | + * [Our "make depend" doesn't actually look at this, we use actual build settings | |
19417 | + * instead; we want to make it easy to remove subdirectories with disabled algorithms.] | |
19418 | + */ | |
19419 | + | |
19420 | +#ifndef OPENSSL_FIPS | |
19421 | +#define OPENSSL_FIPS | |
19422 | +#endif | |
19423 | + | |
19424 | +#endif | |
19425 | + | |
19426 | /* Generate 80386 code? */ | |
19427 | #undef I386_ONLY | |
19428 | ||
a7ff9508 MT |
19429 | diff -up openssl-1.0.1b/crypto/pkcs12/p12_crt.c.fips openssl-1.0.1b/crypto/pkcs12/p12_crt.c |
19430 | --- openssl-1.0.1b/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100 | |
19431 | +++ openssl-1.0.1b/crypto/pkcs12/p12_crt.c 2012-04-26 18:00:51.708776028 +0200 | |
0595faf5 MT |
19432 | @@ -59,6 +59,10 @@ |
19433 | #include <stdio.h> | |
19434 | #include "cryptlib.h" | |
19435 | #include <openssl/pkcs12.h> | |
19436 | +#ifdef OPENSSL_FIPS | |
19437 | +#include <openssl/fips.h> | |
19438 | +#endif | |
19439 | + | |
19440 | ||
19441 | ||
19442 | static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); | |
19443 | @@ -90,7 +94,14 @@ PKCS12 *PKCS12_create(char *pass, char * | |
19444 | ||
19445 | /* Set defaults */ | |
19446 | if (!nid_cert) | |
19447 | + { | |
19448 | +#ifdef OPENSSL_FIPS | |
19449 | + if (FIPS_mode()) | |
19450 | + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | |
19451 | + else | |
19452 | +#endif | |
19453 | nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; | |
19454 | + } | |
19455 | if (!nid_key) | |
19456 | nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; | |
19457 | if (!iter) | |
a7ff9508 MT |
19458 | diff -up openssl-1.0.1b/crypto/rand/md_rand.c.fips openssl-1.0.1b/crypto/rand/md_rand.c |
19459 | --- openssl-1.0.1b/crypto/rand/md_rand.c.fips 2011-01-26 15:55:23.000000000 +0100 | |
19460 | +++ openssl-1.0.1b/crypto/rand/md_rand.c 2012-04-26 18:00:51.713776137 +0200 | |
0595faf5 MT |
19461 | @@ -389,7 +389,10 @@ static int ssleay_rand_bytes(unsigned ch |
19462 | CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); | |
19463 | crypto_lock_rand = 1; | |
19464 | ||
19465 | - if (!initialized) | |
19466 | + /* always poll for external entropy in FIPS mode, drbg provides the | |
19467 | + * expansion | |
19468 | + */ | |
19469 | + if (!initialized || FIPS_module_mode()) | |
19470 | { | |
19471 | RAND_poll(); | |
19472 | initialized = 1; | |
a7ff9508 MT |
19473 | diff -up openssl-1.0.1b/crypto/rand/rand.h.fips openssl-1.0.1b/crypto/rand/rand.h |
19474 | --- openssl-1.0.1b/crypto/rand/rand.h.fips 2012-04-26 18:00:50.809756388 +0200 | |
19475 | +++ openssl-1.0.1b/crypto/rand/rand.h 2012-04-26 18:00:51.714776159 +0200 | |
0595faf5 MT |
19476 | @@ -133,15 +133,33 @@ void ERR_load_RAND_strings(void); |
19477 | /* Error codes for the RAND functions. */ | |
19478 | ||
19479 | /* Function codes. */ | |
19480 | +#define RAND_F_ENG_RAND_GET_RAND_METHOD 108 | |
19481 | +#define RAND_F_FIPS_RAND 103 | |
19482 | +#define RAND_F_FIPS_RAND_BYTES 102 | |
19483 | +#define RAND_F_FIPS_RAND_SET_DT 106 | |
19484 | +#define RAND_F_FIPS_X931_SET_DT 106 | |
19485 | +#define RAND_F_FIPS_SET_DT 104 | |
19486 | +#define RAND_F_FIPS_SET_PRNG_SEED 107 | |
19487 | +#define RAND_F_FIPS_SET_TEST_MODE 105 | |
19488 | #define RAND_F_RAND_GET_RAND_METHOD 101 | |
19489 | -#define RAND_F_RAND_INIT_FIPS 102 | |
19490 | +#define RAND_F_RAND_INIT_FIPS 109 | |
19491 | #define RAND_F_SSLEAY_RAND_BYTES 100 | |
19492 | ||
19493 | /* Reason codes. */ | |
19494 | -#define RAND_R_ERROR_INITIALISING_DRBG 102 | |
19495 | -#define RAND_R_ERROR_INSTANTIATING_DRBG 103 | |
19496 | -#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 | |
19497 | +#define RAND_R_ERROR_INITIALISING_DRBG 112 | |
19498 | +#define RAND_R_ERROR_INSTANTIATING_DRBG 113 | |
19499 | +#define RAND_R_NON_FIPS_METHOD 105 | |
19500 | +#define RAND_R_NOT_IN_TEST_MODE 106 | |
19501 | +#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 111 | |
19502 | +#define RAND_R_NO_KEY_SET 107 | |
19503 | +#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101 | |
19504 | +#define RAND_R_PRNG_ERROR 108 | |
19505 | +#define RAND_R_PRNG_KEYED 109 | |
19506 | +#define RAND_R_PRNG_NOT_REKEYED 102 | |
19507 | +#define RAND_R_PRNG_NOT_RESEEDED 103 | |
19508 | #define RAND_R_PRNG_NOT_SEEDED 100 | |
19509 | +#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110 | |
19510 | +#define RAND_R_PRNG_STUCK 104 | |
19511 | ||
19512 | #ifdef __cplusplus | |
19513 | } | |
a7ff9508 MT |
19514 | diff -up openssl-1.0.1b/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1b/crypto/ripemd/rmd_dgst.c |
19515 | --- openssl-1.0.1b/crypto/ripemd/rmd_dgst.c.fips 2011-06-01 15:39:44.000000000 +0200 | |
19516 | +++ openssl-1.0.1b/crypto/ripemd/rmd_dgst.c 2012-04-26 18:00:51.715776181 +0200 | |
0595faf5 MT |
19517 | @@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160" |
19518 | void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); | |
19519 | # endif | |
19520 | ||
19521 | -fips_md_init(RIPEMD160) | |
19522 | +nonfips_md_init(RIPEMD160) | |
19523 | { | |
19524 | memset (c,0,sizeof(*c)); | |
19525 | c->A=RIPEMD160_A; | |
a7ff9508 MT |
19526 | diff -up openssl-1.0.1b/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1b/crypto/rsa/rsa_crpt.c |
19527 | --- openssl-1.0.1b/crypto/rsa/rsa_crpt.c.fips 2011-06-02 20:22:42.000000000 +0200 | |
19528 | +++ openssl-1.0.1b/crypto/rsa/rsa_crpt.c 2012-04-26 18:00:51.715776181 +0200 | |
0595faf5 MT |
19529 | @@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const |
19530 | RSA *rsa, int padding) | |
19531 | { | |
19532 | #ifdef OPENSSL_FIPS | |
19533 | - if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) | |
19534 | - && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) | |
19535 | + if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) | |
19536 | { | |
19537 | - RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD); | |
19538 | + RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); | |
19539 | return -1; | |
19540 | } | |
19541 | #endif | |
19542 | @@ -118,10 +117,9 @@ int RSA_public_decrypt(int flen, const u | |
19543 | RSA *rsa, int padding) | |
19544 | { | |
19545 | #ifdef OPENSSL_FIPS | |
19546 | - if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) | |
19547 | - && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) | |
19548 | + if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) | |
19549 | { | |
19550 | - RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD); | |
19551 | + RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); | |
19552 | return -1; | |
19553 | } | |
19554 | #endif | |
a7ff9508 MT |
19555 | diff -up openssl-1.0.1b/crypto/rsa/rsa_eay.c.fips openssl-1.0.1b/crypto/rsa/rsa_eay.c |
19556 | --- openssl-1.0.1b/crypto/rsa/rsa_eay.c.fips 2011-10-19 16:58:59.000000000 +0200 | |
19557 | +++ openssl-1.0.1b/crypto/rsa/rsa_eay.c 2012-04-26 18:00:51.716776203 +0200 | |
0595faf5 MT |
19558 | @@ -114,6 +114,10 @@ |
19559 | #include <openssl/bn.h> | |
19560 | #include <openssl/rsa.h> | |
19561 | #include <openssl/rand.h> | |
19562 | +#include <openssl/err.h> | |
19563 | +#ifdef OPENSSL_FIPS | |
19564 | +#include <openssl/fips.h> | |
19565 | +#endif | |
19566 | ||
19567 | #ifndef RSA_NULL | |
19568 | ||
19569 | @@ -138,7 +142,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth={ | |
19570 | BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */ | |
19571 | RSA_eay_init, | |
19572 | RSA_eay_finish, | |
19573 | - 0, /* flags */ | |
19574 | + RSA_FLAG_FIPS_METHOD, /* flags */ | |
19575 | NULL, | |
19576 | 0, /* rsa_sign */ | |
19577 | 0, /* rsa_verify */ | |
19578 | @@ -158,6 +162,24 @@ static int RSA_eay_public_encrypt(int fl | |
19579 | unsigned char *buf=NULL; | |
19580 | BN_CTX *ctx=NULL; | |
19581 | ||
19582 | +#ifdef OPENSSL_FIPS | |
19583 | + if(FIPS_mode()) | |
19584 | + { | |
19585 | + if (FIPS_selftest_failed()) | |
19586 | + { | |
19587 | + FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED); | |
19588 | + goto err; | |
19589 | + } | |
19590 | + | |
19591 | + if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) | |
19592 | + && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) | |
19593 | + { | |
19594 | + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); | |
19595 | + return -1; | |
19596 | + } | |
19597 | + } | |
19598 | +#endif | |
19599 | + | |
19600 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) | |
19601 | { | |
19602 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); | |
19603 | @@ -361,6 +383,24 @@ static int RSA_eay_private_encrypt(int f | |
19604 | BIGNUM *unblind = NULL; | |
19605 | BN_BLINDING *blinding = NULL; | |
19606 | ||
19607 | +#ifdef OPENSSL_FIPS | |
19608 | + if (FIPS_mode()) | |
19609 | + { | |
19610 | + if(FIPS_selftest_failed()) | |
19611 | + { | |
19612 | + FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED); | |
19613 | + return -1; | |
19614 | + } | |
19615 | + | |
19616 | + if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) | |
19617 | + && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) | |
19618 | + { | |
19619 | + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); | |
19620 | + return -1; | |
19621 | + } | |
19622 | + } | |
19623 | +#endif | |
19624 | + | |
19625 | if ((ctx=BN_CTX_new()) == NULL) goto err; | |
19626 | BN_CTX_start(ctx); | |
19627 | f = BN_CTX_get(ctx); | |
19628 | @@ -504,6 +544,24 @@ static int RSA_eay_private_decrypt(int f | |
19629 | BIGNUM *unblind = NULL; | |
19630 | BN_BLINDING *blinding = NULL; | |
19631 | ||
19632 | +#ifdef OPENSSL_FIPS | |
19633 | + if (FIPS_mode()) | |
19634 | + { | |
19635 | + if(FIPS_selftest_failed()) | |
19636 | + { | |
19637 | + FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED); | |
19638 | + return -1; | |
19639 | + } | |
19640 | + | |
19641 | + if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) | |
19642 | + && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) | |
19643 | + { | |
19644 | + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); | |
19645 | + return -1; | |
19646 | + } | |
19647 | + } | |
19648 | +#endif | |
19649 | + | |
19650 | if((ctx = BN_CTX_new()) == NULL) goto err; | |
19651 | BN_CTX_start(ctx); | |
19652 | f = BN_CTX_get(ctx); | |
19653 | @@ -639,6 +697,24 @@ static int RSA_eay_public_decrypt(int fl | |
19654 | unsigned char *buf=NULL; | |
19655 | BN_CTX *ctx=NULL; | |
19656 | ||
19657 | +#ifdef OPENSSL_FIPS | |
19658 | + if (FIPS_mode()) | |
19659 | + { | |
19660 | + if(FIPS_selftest_failed()) | |
19661 | + { | |
19662 | + FIPSerr(FIPS_F_RSA_EAY_PUBLIC_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED); | |
19663 | + goto err; | |
19664 | + } | |
19665 | + | |
19666 | + if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) | |
19667 | + && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) | |
19668 | + { | |
19669 | + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); | |
19670 | + return -1; | |
19671 | + } | |
19672 | + } | |
19673 | +#endif | |
19674 | + | |
19675 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) | |
19676 | { | |
19677 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); | |
19678 | @@ -847,12 +923,12 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c | |
19679 | if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err; | |
19680 | ||
19681 | /* If p < q it is occasionally possible for the correction of | |
19682 | - * adding 'p' if r0 is negative above to leave the result still | |
19683 | + * adding 'p' if r0 is negative above to leave the result still | |
19684 | * negative. This can break the private key operations: the following | |
19685 | * second correction should *always* correct this rare occurrence. | |
19686 | * This will *never* happen with OpenSSL generated keys because | |
19687 | - * they ensure p > q [steve] | |
19688 | - */ | |
19689 | + * they ensure p > q [steve] | |
19690 | + */ | |
19691 | if (BN_is_negative(r0)) | |
19692 | if (!BN_add(r0,r0,rsa->p)) goto err; | |
19693 | if (!BN_mul(r1,r0,rsa->q,ctx)) goto err; | |
19694 | @@ -897,6 +973,9 @@ err: | |
19695 | ||
19696 | static int RSA_eay_init(RSA *rsa) | |
19697 | { | |
19698 | +#ifdef OPENSSL_FIPS | |
19699 | + FIPS_selftest_check(); | |
19700 | +#endif | |
19701 | rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; | |
19702 | return(1); | |
19703 | } | |
a7ff9508 MT |
19704 | diff -up openssl-1.0.1b/crypto/rsa/rsa_err.c.fips openssl-1.0.1b/crypto/rsa/rsa_err.c |
19705 | --- openssl-1.0.1b/crypto/rsa/rsa_err.c.fips 2011-10-10 01:13:50.000000000 +0200 | |
19706 | +++ openssl-1.0.1b/crypto/rsa/rsa_err.c 2012-04-26 18:00:51.717776225 +0200 | |
0595faf5 MT |
19707 | @@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]= |
19708 | {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, | |
19709 | {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, | |
19710 | {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, | |
19711 | +{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"}, | |
19712 | +{ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"}, | |
19713 | {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, | |
19714 | {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, | |
19715 | {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, | |
a7ff9508 MT |
19716 | diff -up openssl-1.0.1b/crypto/rsa/rsa_gen.c.fips openssl-1.0.1b/crypto/rsa/rsa_gen.c |
19717 | --- openssl-1.0.1b/crypto/rsa/rsa_gen.c.fips 2011-06-09 15:18:07.000000000 +0200 | |
19718 | +++ openssl-1.0.1b/crypto/rsa/rsa_gen.c 2012-04-26 18:00:51.718776246 +0200 | |
0595faf5 MT |
19719 | @@ -69,6 +69,78 @@ |
19720 | #include <openssl/rsa.h> | |
19721 | #ifdef OPENSSL_FIPS | |
19722 | #include <openssl/fips.h> | |
19723 | +#include <openssl/err.h> | |
19724 | +#include <openssl/evp.h> | |
19725 | + | |
19726 | +static int fips_rsa_pairwise_fail = 0; | |
19727 | + | |
19728 | +void FIPS_corrupt_rsa_keygen(void) | |
19729 | + { | |
19730 | + fips_rsa_pairwise_fail = 1; | |
19731 | + } | |
19732 | + | |
19733 | +int fips_check_rsa(RSA *rsa) | |
19734 | + { | |
19735 | + const unsigned char tbs[] = "RSA Pairwise Check Data"; | |
19736 | + unsigned char *ctbuf = NULL, *ptbuf = NULL; | |
19737 | + int len, ret = 0; | |
19738 | + EVP_PKEY *pk; | |
19739 | + | |
19740 | + if ((pk=EVP_PKEY_new()) == NULL) | |
19741 | + goto err; | |
19742 | + | |
19743 | + EVP_PKEY_set1_RSA(pk, rsa); | |
19744 | + | |
19745 | + /* Perform pairwise consistency signature test */ | |
19746 | + if (!fips_pkey_signature_test(pk, tbs, -1, | |
19747 | + NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, NULL) | |
19748 | + || !fips_pkey_signature_test(pk, tbs, -1, | |
19749 | + NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, NULL) | |
19750 | + || !fips_pkey_signature_test(pk, tbs, -1, | |
19751 | + NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, NULL)) | |
19752 | + goto err; | |
19753 | + /* Now perform pairwise consistency encrypt/decrypt test */ | |
19754 | + ctbuf = OPENSSL_malloc(RSA_size(rsa)); | |
19755 | + if (!ctbuf) | |
19756 | + goto err; | |
19757 | + | |
19758 | + len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING); | |
19759 | + if (len <= 0) | |
19760 | + goto err; | |
19761 | + /* Check ciphertext doesn't match plaintext */ | |
19762 | + if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len)) | |
19763 | + goto err; | |
19764 | + ptbuf = OPENSSL_malloc(RSA_size(rsa)); | |
19765 | + | |
19766 | + if (!ptbuf) | |
19767 | + goto err; | |
19768 | + len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING); | |
19769 | + if (len != (sizeof(tbs) - 1)) | |
19770 | + goto err; | |
19771 | + if (memcmp(ptbuf, tbs, len)) | |
19772 | + goto err; | |
19773 | + | |
19774 | + ret = 1; | |
19775 | + | |
19776 | + if (!ptbuf) | |
19777 | + goto err; | |
19778 | + | |
19779 | + err: | |
19780 | + if (ret == 0) | |
19781 | + { | |
19782 | + fips_set_selftest_fail(); | |
19783 | + FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED); | |
19784 | + } | |
19785 | + | |
19786 | + if (ctbuf) | |
19787 | + OPENSSL_free(ctbuf); | |
19788 | + if (ptbuf) | |
19789 | + OPENSSL_free(ptbuf); | |
19790 | + if (pk) | |
19791 | + EVP_PKEY_free(pk); | |
19792 | + | |
19793 | + return ret; | |
19794 | + } | |
19795 | #endif | |
19796 | ||
19797 | static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); | |
19798 | @@ -81,7 +153,7 @@ static int rsa_builtin_keygen(RSA *rsa, | |
19799 | int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) | |
19800 | { | |
19801 | #ifdef OPENSSL_FIPS | |
19802 | - if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) | |
19803 | + if (FIPS_module_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) | |
19804 | && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) | |
19805 | { | |
19806 | RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD); | |
19807 | @@ -90,10 +162,6 @@ int RSA_generate_key_ex(RSA *rsa, int bi | |
19808 | #endif | |
19809 | if(rsa->meth->rsa_keygen) | |
19810 | return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); | |
19811 | -#ifdef OPENSSL_FIPS | |
19812 | - if (FIPS_mode()) | |
19813 | - return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb); | |
19814 | -#endif | |
19815 | return rsa_builtin_keygen(rsa, bits, e_value, cb); | |
19816 | } | |
19817 | ||
19818 | @@ -105,6 +173,23 @@ static int rsa_builtin_keygen(RSA *rsa, | |
19819 | int bitsp,bitsq,ok= -1,n=0; | |
19820 | BN_CTX *ctx=NULL; | |
19821 | ||
19822 | +#ifdef OPENSSL_FIPS | |
19823 | + if (FIPS_module_mode()) | |
19824 | + { | |
19825 | + if(FIPS_selftest_failed()) | |
19826 | + { | |
19827 | + FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED); | |
19828 | + return 0; | |
19829 | + } | |
19830 | + | |
19831 | + if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) | |
19832 | + { | |
19833 | + FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT); | |
19834 | + return 0; | |
19835 | + } | |
19836 | + } | |
19837 | +#endif | |
19838 | + | |
19839 | ctx=BN_CTX_new(); | |
19840 | if (ctx == NULL) goto err; | |
19841 | BN_CTX_start(ctx); | |
19842 | @@ -216,6 +301,17 @@ static int rsa_builtin_keygen(RSA *rsa, | |
19843 | p = rsa->p; | |
19844 | if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err; | |
19845 | ||
19846 | +#ifdef OPENSSL_FIPS | |
19847 | + if (FIPS_module_mode()) | |
19848 | + { | |
19849 | + if (fips_rsa_pairwise_fail) | |
19850 | + BN_add_word(rsa->n, 1); | |
19851 | + | |
19852 | + if(!fips_check_rsa(rsa)) | |
19853 | + goto err; | |
19854 | + } | |
19855 | +#endif | |
19856 | + | |
19857 | ok=1; | |
19858 | err: | |
19859 | if (ok == -1) | |
a7ff9508 MT |
19860 | diff -up openssl-1.0.1b/crypto/rsa/rsa.h.fips openssl-1.0.1b/crypto/rsa/rsa.h |
19861 | --- openssl-1.0.1b/crypto/rsa/rsa.h.fips 2012-04-26 18:00:51.140763619 +0200 | |
19862 | +++ openssl-1.0.1b/crypto/rsa/rsa.h 2012-04-26 18:00:51.718776246 +0200 | |
0595faf5 MT |
19863 | @@ -164,6 +164,8 @@ struct rsa_st |
19864 | # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 | |
19865 | #endif | |
19866 | ||
19867 | +#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 | |
19868 | + | |
19869 | #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS | |
19870 | # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 | |
19871 | #endif | |
19872 | @@ -290,6 +292,11 @@ RSA * RSA_generate_key(int bits, unsigne | |
19873 | ||
19874 | /* New version */ | |
19875 | int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); | |
19876 | +int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, | |
19877 | + const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, | |
19878 | + const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, | |
19879 | + const BIGNUM *e, BN_GENCB *cb); | |
19880 | +int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb); | |
19881 | ||
19882 | int RSA_check_key(const RSA *); | |
19883 | /* next 4 return -1 on error */ | |
19884 | @@ -487,7 +494,7 @@ void ERR_load_RSA_strings(void); | |
19885 | #define RSA_F_RSA_PADDING_ADD_NONE 107 | |
19886 | #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 | |
19887 | #define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 | |
19888 | -#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148 | |
19889 | +#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 158 | |
19890 | #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 | |
19891 | #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 | |
19892 | #define RSA_F_RSA_PADDING_ADD_SSLV23 110 | |
19893 | @@ -500,20 +507,22 @@ void ERR_load_RSA_strings(void); | |
19894 | #define RSA_F_RSA_PADDING_CHECK_X931 128 | |
19895 | #define RSA_F_RSA_PRINT 115 | |
19896 | #define RSA_F_RSA_PRINT_FP 116 | |
19897 | -#define RSA_F_RSA_PRIVATE_DECRYPT 150 | |
19898 | -#define RSA_F_RSA_PRIVATE_ENCRYPT 151 | |
19899 | +#define RSA_F_RSA_PRIVATE_DECRYPT 157 | |
19900 | +#define RSA_F_RSA_PRIVATE_ENCRYPT 148 | |
19901 | #define RSA_F_RSA_PRIV_DECODE 137 | |
19902 | #define RSA_F_RSA_PRIV_ENCODE 138 | |
19903 | -#define RSA_F_RSA_PUBLIC_DECRYPT 152 | |
19904 | +#define RSA_F_RSA_PUBLIC_DECRYPT 149 | |
19905 | #define RSA_F_RSA_PUBLIC_ENCRYPT 153 | |
19906 | #define RSA_F_RSA_PUB_DECODE 139 | |
19907 | #define RSA_F_RSA_SETUP_BLINDING 136 | |
19908 | +#define RSA_F_RSA_SET_DEFAULT_METHOD 150 | |
19909 | +#define RSA_F_RSA_SET_METHOD 151 | |
19910 | #define RSA_F_RSA_SIGN 117 | |
19911 | #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 | |
19912 | #define RSA_F_RSA_VERIFY 119 | |
19913 | #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 | |
19914 | #define RSA_F_RSA_VERIFY_PKCS1_PSS 126 | |
19915 | -#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149 | |
19916 | +#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 152 | |
19917 | ||
19918 | /* Reason codes. */ | |
19919 | #define RSA_R_ALGORITHM_MISMATCH 100 | |
19920 | @@ -542,21 +551,22 @@ void ERR_load_RSA_strings(void); | |
19921 | #define RSA_R_INVALID_MGF1_MD 156 | |
19922 | #define RSA_R_INVALID_PADDING 138 | |
19923 | #define RSA_R_INVALID_PADDING_MODE 141 | |
19924 | -#define RSA_R_INVALID_PSS_PARAMETERS 149 | |
19925 | +#define RSA_R_INVALID_PSS_PARAMETERS 157 | |
19926 | #define RSA_R_INVALID_PSS_SALTLEN 146 | |
19927 | -#define RSA_R_INVALID_SALT_LENGTH 150 | |
19928 | +#define RSA_R_INVALID_SALT_LENGTH 158 | |
19929 | #define RSA_R_INVALID_TRAILER 139 | |
19930 | #define RSA_R_INVALID_X931_DIGEST 142 | |
19931 | #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 | |
19932 | #define RSA_R_KEY_SIZE_TOO_SMALL 120 | |
19933 | #define RSA_R_LAST_OCTET_INVALID 134 | |
19934 | #define RSA_R_MODULUS_TOO_LARGE 105 | |
19935 | -#define RSA_R_NON_FIPS_RSA_METHOD 157 | |
19936 | +#define RSA_R_NON_FIPS_RSA_METHOD 149 | |
19937 | +#define RSA_R_NON_FIPS_METHOD 149 | |
19938 | #define RSA_R_NO_PUBLIC_EXPONENT 140 | |
19939 | #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 | |
19940 | #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 | |
19941 | #define RSA_R_OAEP_DECODING_ERROR 121 | |
19942 | -#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 | |
19943 | +#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 150 | |
19944 | #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 | |
19945 | #define RSA_R_PADDING_CHECK_FAILED 114 | |
19946 | #define RSA_R_P_NOT_PRIME 128 | |
a7ff9508 MT |
19947 | diff -up openssl-1.0.1b/crypto/rsa/rsa_lib.c.fips openssl-1.0.1b/crypto/rsa/rsa_lib.c |
19948 | --- openssl-1.0.1b/crypto/rsa/rsa_lib.c.fips 2011-06-20 21:41:13.000000000 +0200 | |
19949 | +++ openssl-1.0.1b/crypto/rsa/rsa_lib.c 2012-04-26 18:00:51.719776267 +0200 | |
0595faf5 MT |
19950 | @@ -84,6 +84,13 @@ RSA *RSA_new(void) |
19951 | ||
19952 | void RSA_set_default_method(const RSA_METHOD *meth) | |
19953 | { | |
19954 | +#ifdef OPENSSL_FIPS | |
19955 | + if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) | |
19956 | + { | |
19957 | + RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD); | |
19958 | + return; | |
19959 | + } | |
19960 | +#endif | |
19961 | default_RSA_meth = meth; | |
19962 | } | |
19963 | ||
19964 | @@ -91,18 +98,11 @@ const RSA_METHOD *RSA_get_default_method | |
19965 | { | |
19966 | if (default_RSA_meth == NULL) | |
19967 | { | |
19968 | -#ifdef OPENSSL_FIPS | |
19969 | - if (FIPS_mode()) | |
19970 | - return FIPS_rsa_pkcs1_ssleay(); | |
19971 | - else | |
19972 | - return RSA_PKCS1_SSLeay(); | |
19973 | -#else | |
19974 | #ifdef RSA_NULL | |
19975 | default_RSA_meth=RSA_null_method(); | |
19976 | #else | |
19977 | default_RSA_meth=RSA_PKCS1_SSLeay(); | |
19978 | #endif | |
19979 | -#endif | |
19980 | } | |
19981 | ||
19982 | return default_RSA_meth; | |
19983 | @@ -118,6 +118,13 @@ int RSA_set_method(RSA *rsa, const RSA_M | |
19984 | /* NB: The caller is specifically setting a method, so it's not up to us | |
19985 | * to deal with which ENGINE it comes from. */ | |
19986 | const RSA_METHOD *mtmp; | |
19987 | +#ifdef OPENSSL_FIPS | |
19988 | + if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) | |
19989 | + { | |
19990 | + RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD); | |
19991 | + return 0; | |
19992 | + } | |
19993 | +#endif | |
19994 | mtmp = rsa->meth; | |
19995 | if (mtmp->finish) mtmp->finish(rsa); | |
19996 | #ifndef OPENSSL_NO_ENGINE | |
19997 | @@ -170,6 +177,18 @@ RSA *RSA_new_method(ENGINE *engine) | |
19998 | } | |
19999 | } | |
20000 | #endif | |
20001 | +#ifdef OPENSSL_FIPS | |
20002 | + if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD)) | |
20003 | + { | |
20004 | + RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD); | |
20005 | +#ifndef OPENSSL_NO_ENGINE | |
20006 | + if (ret->engine) | |
20007 | + ENGINE_finish(ret->engine); | |
20008 | +#endif | |
20009 | + OPENSSL_free(ret); | |
20010 | + return NULL; | |
20011 | + } | |
20012 | +#endif | |
20013 | ||
20014 | ret->pad=0; | |
20015 | ret->version=0; | |
20016 | @@ -188,7 +207,7 @@ RSA *RSA_new_method(ENGINE *engine) | |
20017 | ret->blinding=NULL; | |
20018 | ret->mt_blinding=NULL; | |
20019 | ret->bignum_data=NULL; | |
20020 | - ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; | |
20021 | + ret->flags=ret->meth->flags; | |
20022 | if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) | |
20023 | { | |
20024 | #ifndef OPENSSL_NO_ENGINE | |
a7ff9508 MT |
20025 | diff -up openssl-1.0.1b/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1b/crypto/rsa/rsa_pmeth.c |
20026 | --- openssl-1.0.1b/crypto/rsa/rsa_pmeth.c.fips 2012-02-15 15:14:01.000000000 +0100 | |
20027 | +++ openssl-1.0.1b/crypto/rsa/rsa_pmeth.c 2012-04-26 18:00:51.720776289 +0200 | |
0595faf5 MT |
20028 | @@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c |
20029 | RSA_R_INVALID_DIGEST_LENGTH); | |
20030 | return -1; | |
20031 | } | |
20032 | -#ifdef OPENSSL_FIPS | |
20033 | - if (ret > 0) | |
20034 | - { | |
20035 | - unsigned int slen; | |
20036 | - ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md, | |
20037 | - rctx->pad_mode, | |
20038 | - rctx->saltlen, | |
20039 | - rctx->mgf1md, | |
20040 | - sig, &slen); | |
20041 | - if (ret > 0) | |
20042 | - *siglen = slen; | |
20043 | - else | |
20044 | - *siglen = 0; | |
20045 | - return ret; | |
20046 | - } | |
20047 | -#endif | |
20048 | ||
20049 | if (EVP_MD_type(rctx->md) == NID_mdc2) | |
20050 | { | |
20051 | @@ -354,19 +338,6 @@ static int pkey_rsa_verify(EVP_PKEY_CTX | |
20052 | #endif | |
20053 | if (rctx->md) | |
20054 | { | |
20055 | -#ifdef OPENSSL_FIPS | |
20056 | - if (rv > 0) | |
20057 | - { | |
20058 | - return FIPS_rsa_verify_digest(rsa, | |
20059 | - tbs, tbslen, | |
20060 | - rctx->md, | |
20061 | - rctx->pad_mode, | |
20062 | - rctx->saltlen, | |
20063 | - rctx->mgf1md, | |
20064 | - sig, siglen); | |
20065 | - | |
20066 | - } | |
20067 | -#endif | |
20068 | if (rctx->pad_mode == RSA_PKCS1_PADDING) | |
20069 | return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, | |
20070 | sig, siglen, rsa); | |
a7ff9508 MT |
20071 | diff -up openssl-1.0.1b/crypto/rsa/rsa_sign.c.fips openssl-1.0.1b/crypto/rsa/rsa_sign.c |
20072 | --- openssl-1.0.1b/crypto/rsa/rsa_sign.c.fips 2012-02-15 15:00:09.000000000 +0100 | |
20073 | +++ openssl-1.0.1b/crypto/rsa/rsa_sign.c 2012-04-26 18:00:51.720776289 +0200 | |
0595faf5 MT |
20074 | @@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch |
20075 | i2d_X509_SIG(&sig,&p); | |
20076 | s=tmps; | |
20077 | } | |
20078 | - i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); | |
20079 | + /* NB: call underlying method directly to avoid FIPS blocking */ | |
20080 | + i = rsa->meth->rsa_priv_enc ? rsa->meth->rsa_priv_enc(i,s,sigret,rsa,RSA_PKCS1_PADDING) : 0; | |
20081 | if (i <= 0) | |
20082 | ret=0; | |
20083 | else | |
20084 | @@ -178,8 +179,8 @@ int int_rsa_verify(int dtype, const unsi | |
20085 | ||
20086 | if((dtype == NID_md5_sha1) && rm) | |
20087 | { | |
20088 | - i = RSA_public_decrypt((int)siglen, | |
20089 | - sigbuf,rm,rsa,RSA_PKCS1_PADDING); | |
20090 | + i = rsa->meth->rsa_pub_dec ? rsa->meth->rsa_pub_dec((int)siglen, | |
20091 | + sigbuf,rm,rsa,RSA_PKCS1_PADDING) : 0; | |
20092 | if (i <= 0) | |
20093 | return 0; | |
20094 | *prm_len = i; | |
20095 | @@ -196,7 +197,8 @@ int int_rsa_verify(int dtype, const unsi | |
20096 | RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); | |
20097 | goto err; | |
20098 | } | |
20099 | - i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); | |
20100 | + /* NB: call underlying method directly to avoid FIPS blocking */ | |
20101 | + i = rsa->meth->rsa_pub_dec ? rsa->meth->rsa_pub_dec((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING) : 0; | |
20102 | ||
20103 | if (i <= 0) goto err; | |
20104 | /* Oddball MDC2 case: signature can be OCTET STRING. | |
a7ff9508 MT |
20105 | diff -up openssl-1.0.1b/crypto/sha/sha256.c.fips openssl-1.0.1b/crypto/sha/sha256.c |
20106 | --- openssl-1.0.1b/crypto/sha/sha256.c.fips 2011-06-01 15:39:44.000000000 +0200 | |
20107 | +++ openssl-1.0.1b/crypto/sha/sha256.c 2012-04-26 18:00:51.721776312 +0200 | |
0595faf5 MT |
20108 | @@ -12,12 +12,19 @@ |
20109 | ||
20110 | #include <openssl/crypto.h> | |
20111 | #include <openssl/sha.h> | |
20112 | +#ifdef OPENSSL_FIPS | |
20113 | +#include <openssl/fips.h> | |
20114 | +#endif | |
20115 | + | |
20116 | #include <openssl/opensslv.h> | |
20117 | ||
20118 | const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT; | |
20119 | ||
20120 | fips_md_init_ctx(SHA224, SHA256) | |
20121 | { | |
20122 | +#ifdef OPENSSL_FIPS | |
20123 | + FIPS_selftest_check(); | |
20124 | +#endif | |
20125 | memset (c,0,sizeof(*c)); | |
20126 | c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; | |
20127 | c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL; | |
20128 | @@ -29,6 +36,9 @@ fips_md_init_ctx(SHA224, SHA256) | |
20129 | ||
20130 | fips_md_init(SHA256) | |
20131 | { | |
20132 | +#ifdef OPENSSL_FIPS | |
20133 | + FIPS_selftest_check(); | |
20134 | +#endif | |
20135 | memset (c,0,sizeof(*c)); | |
20136 | c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; | |
20137 | c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; | |
a7ff9508 MT |
20138 | diff -up openssl-1.0.1b/crypto/sha/sha512.c.fips openssl-1.0.1b/crypto/sha/sha512.c |
20139 | --- openssl-1.0.1b/crypto/sha/sha512.c.fips 2011-11-14 21:58:01.000000000 +0100 | |
20140 | +++ openssl-1.0.1b/crypto/sha/sha512.c 2012-04-26 18:00:51.722776334 +0200 | |
0595faf5 MT |
20141 | @@ -5,6 +5,10 @@ |
20142 | * ==================================================================== | |
20143 | */ | |
20144 | #include <openssl/opensslconf.h> | |
20145 | +#ifdef OPENSSL_FIPS | |
20146 | +#include <openssl/fips.h> | |
20147 | +#endif | |
20148 | + | |
20149 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) | |
20150 | /* | |
20151 | * IMPLEMENTATION NOTES. | |
20152 | @@ -61,6 +65,9 @@ const char SHA512_version[]="SHA-512" OP | |
20153 | ||
20154 | fips_md_init_ctx(SHA384, SHA512) | |
20155 | { | |
20156 | +#ifdef OPENSSL_FIPS | |
20157 | + FIPS_selftest_check(); | |
20158 | +#endif | |
20159 | c->h[0]=U64(0xcbbb9d5dc1059ed8); | |
20160 | c->h[1]=U64(0x629a292a367cd507); | |
20161 | c->h[2]=U64(0x9159015a3070dd17); | |
20162 | @@ -77,6 +84,9 @@ fips_md_init_ctx(SHA384, SHA512) | |
20163 | ||
20164 | fips_md_init(SHA512) | |
20165 | { | |
20166 | +#ifdef OPENSSL_FIPS | |
20167 | + FIPS_selftest_check(); | |
20168 | +#endif | |
20169 | c->h[0]=U64(0x6a09e667f3bcc908); | |
20170 | c->h[1]=U64(0xbb67ae8584caa73b); | |
20171 | c->h[2]=U64(0x3c6ef372fe94f82b); | |
a7ff9508 MT |
20172 | diff -up openssl-1.0.1b/crypto/sha/sha.h.fips openssl-1.0.1b/crypto/sha/sha.h |
20173 | --- openssl-1.0.1b/crypto/sha/sha.h.fips 2012-04-26 18:00:50.616752170 +0200 | |
20174 | +++ openssl-1.0.1b/crypto/sha/sha.h 2012-04-26 18:00:51.722776334 +0200 | |
0595faf5 MT |
20175 | @@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char * |
20176 | void SHA_Transform(SHA_CTX *c, const unsigned char *data); | |
20177 | #endif | |
20178 | #ifndef OPENSSL_NO_SHA1 | |
20179 | -#ifdef OPENSSL_FIPS | |
20180 | -int private_SHA1_Init(SHA_CTX *c); | |
20181 | -#endif | |
20182 | int SHA1_Init(SHA_CTX *c); | |
20183 | int SHA1_Update(SHA_CTX *c, const void *data, size_t len); | |
20184 | int SHA1_Final(unsigned char *md, SHA_CTX *c); | |
20185 | @@ -141,10 +138,6 @@ typedef struct SHA256state_st | |
20186 | } SHA256_CTX; | |
20187 | ||
20188 | #ifndef OPENSSL_NO_SHA256 | |
20189 | -#ifdef OPENSSL_FIPS | |
20190 | -int private_SHA224_Init(SHA256_CTX *c); | |
20191 | -int private_SHA256_Init(SHA256_CTX *c); | |
20192 | -#endif | |
20193 | int SHA224_Init(SHA256_CTX *c); | |
20194 | int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); | |
20195 | int SHA224_Final(unsigned char *md, SHA256_CTX *c); | |
20196 | @@ -192,10 +185,6 @@ typedef struct SHA512state_st | |
20197 | #endif | |
20198 | ||
20199 | #ifndef OPENSSL_NO_SHA512 | |
20200 | -#ifdef OPENSSL_FIPS | |
20201 | -int private_SHA384_Init(SHA512_CTX *c); | |
20202 | -int private_SHA512_Init(SHA512_CTX *c); | |
20203 | -#endif | |
20204 | int SHA384_Init(SHA512_CTX *c); | |
20205 | int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); | |
20206 | int SHA384_Final(unsigned char *md, SHA512_CTX *c); | |
a7ff9508 MT |
20207 | diff -up openssl-1.0.1b/crypto/sha/sha_locl.h.fips openssl-1.0.1b/crypto/sha/sha_locl.h |
20208 | --- openssl-1.0.1b/crypto/sha/sha_locl.h.fips 2012-04-26 18:00:50.622752302 +0200 | |
20209 | +++ openssl-1.0.1b/crypto/sha/sha_locl.h 2012-04-26 18:00:51.723776356 +0200 | |
0595faf5 MT |
20210 | @@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c, |
20211 | #define INIT_DATA_h4 0xc3d2e1f0UL | |
20212 | ||
20213 | #ifdef SHA_0 | |
20214 | -fips_md_init(SHA) | |
20215 | +nonfips_md_init(SHA) | |
20216 | #else | |
20217 | fips_md_init_ctx(SHA1, SHA) | |
20218 | #endif | |
20219 | { | |
20220 | +#if defined(SHA_1) && defined(OPENSSL_FIPS) | |
20221 | + FIPS_selftest_check(); | |
20222 | +#endif | |
20223 | memset (c,0,sizeof(*c)); | |
20224 | c->h0=INIT_DATA_h0; | |
20225 | c->h1=INIT_DATA_h1; | |
a7ff9508 MT |
20226 | diff -up openssl-1.0.1b/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1b/crypto/whrlpool/wp_dgst.c |
20227 | --- openssl-1.0.1b/crypto/whrlpool/wp_dgst.c.fips 2011-06-01 15:39:45.000000000 +0200 | |
20228 | +++ openssl-1.0.1b/crypto/whrlpool/wp_dgst.c 2012-04-26 18:00:51.724776378 +0200 | |
0595faf5 MT |
20229 | @@ -55,7 +55,7 @@ |
20230 | #include <openssl/crypto.h> | |
20231 | #include <string.h> | |
20232 | ||
20233 | -fips_md_init(WHIRLPOOL) | |
20234 | +nonfips_md_init(WHIRLPOOL) | |
20235 | { | |
20236 | memset (c,0,sizeof(*c)); | |
20237 | return(1); | |
a7ff9508 MT |
20238 | diff -up openssl-1.0.1b/Makefile.org.fips openssl-1.0.1b/Makefile.org |
20239 | --- openssl-1.0.1b/Makefile.org.fips 2012-04-26 18:00:51.350768207 +0200 | |
20240 | +++ openssl-1.0.1b/Makefile.org 2012-04-26 18:00:51.724776378 +0200 | |
0595faf5 MT |
20241 | @@ -136,6 +136,9 @@ FIPSCANLIB= |
20242 | ||
20243 | BASEADDR= | |
20244 | ||
20245 | +# Non-empty if FIPS enabled | |
20246 | +FIPS= | |
20247 | + | |
20248 | DIRS= crypto ssl engines apps test tools | |
20249 | ENGDIRS= ccgost | |
20250 | SHLIBDIRS= crypto ssl | |
20251 | @@ -148,7 +151,7 @@ SDIRS= \ | |
20252 | bn ec rsa dsa ecdsa dh ecdh dso engine \ | |
20253 | buffer bio stack lhash rand err \ | |
20254 | evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ | |
20255 | - cms pqueue ts jpake srp store cmac | |
20256 | + cms pqueue ts jpake srp store cmac fips | |
20257 | # keep in mind that the above list is adjusted by ./Configure | |
20258 | # according to no-xxx arguments... | |
20259 | ||
20260 | @@ -237,6 +240,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESS | |
20261 | FIPSLIBDIR='${FIPSLIBDIR}' \ | |
20262 | FIPSDIR='${FIPSDIR}' \ | |
20263 | FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ | |
20264 | + FIPS="$${FIPS:-$(FIPS)}" \ | |
20265 | THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= | |
20266 | # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, | |
20267 | # which in turn eliminates ambiguities in variable treatment with -e. | |
a7ff9508 MT |
20268 | diff -up openssl-1.0.1b/ssl/ssl_algs.c.fips openssl-1.0.1b/ssl/ssl_algs.c |
20269 | --- openssl-1.0.1b/ssl/ssl_algs.c.fips 2012-01-15 14:42:50.000000000 +0100 | |
20270 | +++ openssl-1.0.1b/ssl/ssl_algs.c 2012-04-26 18:00:51.725776399 +0200 | |
0595faf5 MT |
20271 | @@ -64,6 +64,12 @@ |
20272 | int SSL_library_init(void) | |
20273 | { | |
20274 | ||
20275 | +#ifdef OPENSSL_FIPS | |
20276 | + OPENSSL_init_library(); | |
20277 | + if (!FIPS_mode()) | |
20278 | + { | |
20279 | +#endif | |
20280 | + | |
20281 | #ifndef OPENSSL_NO_DES | |
20282 | EVP_add_cipher(EVP_des_cbc()); | |
20283 | EVP_add_cipher(EVP_des_ede3_cbc()); | |
20284 | @@ -136,6 +142,50 @@ int SSL_library_init(void) | |
20285 | EVP_add_digest(EVP_sha()); | |
20286 | EVP_add_digest(EVP_dss()); | |
20287 | #endif | |
20288 | +#ifdef OPENSSL_FIPS | |
20289 | + } | |
20290 | + else | |
20291 | + { | |
20292 | +#ifndef OPENSSL_NO_DES | |
20293 | + EVP_add_cipher(EVP_des_ede3_cbc()); | |
20294 | +#endif | |
20295 | +#ifndef OPENSSL_NO_AES | |
20296 | + EVP_add_cipher(EVP_aes_128_cbc()); | |
20297 | + EVP_add_cipher(EVP_aes_192_cbc()); | |
20298 | + EVP_add_cipher(EVP_aes_256_cbc()); | |
20299 | + EVP_add_cipher(EVP_aes_128_gcm()); | |
20300 | + EVP_add_cipher(EVP_aes_256_gcm()); | |
20301 | +#endif | |
20302 | +#ifndef OPENSSL_NO_MD5 | |
20303 | + /* needed even in the FIPS mode for TLS MAC */ | |
20304 | + EVP_add_digest(EVP_md5()); | |
20305 | + EVP_add_digest_alias(SN_md5,"ssl2-md5"); | |
20306 | + EVP_add_digest_alias(SN_md5,"ssl3-md5"); | |
20307 | +#endif | |
20308 | +#ifndef OPENSSL_NO_SHA | |
20309 | + EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ | |
20310 | + EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); | |
20311 | + EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); | |
20312 | +#endif | |
20313 | +#ifndef OPENSSL_NO_SHA256 | |
20314 | + EVP_add_digest(EVP_sha224()); | |
20315 | + EVP_add_digest(EVP_sha256()); | |
20316 | +#endif | |
20317 | +#ifndef OPENSSL_NO_SHA512 | |
20318 | + EVP_add_digest(EVP_sha384()); | |
20319 | + EVP_add_digest(EVP_sha512()); | |
20320 | +#endif | |
20321 | +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) | |
20322 | + EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ | |
20323 | + EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); | |
20324 | + EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); | |
20325 | + EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); | |
20326 | +#endif | |
20327 | +#ifndef OPENSSL_NO_ECDSA | |
20328 | + EVP_add_digest(EVP_ecdsa()); | |
20329 | +#endif | |
20330 | + } | |
20331 | +#endif | |
20332 | #ifndef OPENSSL_NO_COMP | |
20333 | /* This will initialise the built-in compression algorithms. | |
20334 | The value returned is a STACK_OF(SSL_COMP), but that can |