]> git.ipfire.org Git - ipfire-3.x.git/blame - openssl/patches/openssl-1.0.1e-fips.patch
projects / ipfire-3.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
paxctl: Update to 0.8.
[ipfire-3.x.git] / openssl / patches / openssl-1.0.1e-fips.patch
CommitLineData
37d333a7
MT		 1diff -up openssl-1.0.1e/apps/pkcs12.c.fips openssl-1.0.1e/apps/pkcs12.c
2--- openssl-1.0.1e/apps/pkcs12.c.fips 2013-02-11 16:26:04.000000000 +0100
3+++ openssl-1.0.1e/apps/pkcs12.c 2013-02-19 12:47:33.714118364 +0100
0595faf5
MT		 4@@ -67,6 +67,9 @@
5 #include <openssl/err.h>
6 #include <openssl/pem.h>
7 #include <openssl/pkcs12.h>
8+#ifdef OPENSSL_FIPS
9+#include <openssl/fips.h>
10+#endif
11
12 #define PROG pkcs12_main
13
14@@ -130,6 +133,11 @@ int MAIN(int argc, char **argv)
15
16 apps_startup();
17
18+#ifdef OPENSSL_FIPS
19+ if (FIPS_mode())
20+ cert_pbe = key_pbe; /* cannot use RC2 in the FIPS mode */
21+#endif
22+
23 enc = EVP_des_ede3_cbc();
24 if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
25
37d333a7
MT		 26diff -up openssl-1.0.1e/apps/speed.c.fips openssl-1.0.1e/apps/speed.c
27--- openssl-1.0.1e/apps/speed.c.fips 2013-02-11 16:26:04.000000000 +0100
28+++ openssl-1.0.1e/apps/speed.c 2013-02-19 12:47:33.715118384 +0100
0595faf5
MT		 29@@ -195,7 +195,6 @@
30 #ifdef OPENSSL_DOING_MAKEDEPEND
31 #undef AES_set_encrypt_key
32 #undef AES_set_decrypt_key
33-#undef DES_set_key_unchecked
34 #endif
35 #define BF_set_key private_BF_set_key
36 #define CAST_set_key private_CAST_set_key
37@@ -203,7 +202,6 @@
38 #define SEED_set_key private_SEED_set_key
39 #define RC2_set_key private_RC2_set_key
40 #define RC4_set_key private_RC4_set_key
41-#define DES_set_key_unchecked private_DES_set_key_unchecked
42 #define AES_set_encrypt_key private_AES_set_encrypt_key
43 #define AES_set_decrypt_key private_AES_set_decrypt_key
44 #define Camellia_set_key private_Camellia_set_key
45@@ -941,7 +939,12 @@ int MAIN(int argc, char **argv)
46 #ifndef OPENSSL_NO_RSA
47 if (strcmp(*argv,"rsa") == 0)
48 {
49+#ifdef OPENSSL_FIPS
50+ if (!FIPS_mode())
51+#endif
52+ {
53 rsa_doit[R_RSA_512]=1;
54+ }
55 rsa_doit[R_RSA_1024]=1;
56 rsa_doit[R_RSA_2048]=1;
57 rsa_doit[R_RSA_4096]=1;
58@@ -951,7 +954,12 @@ int MAIN(int argc, char **argv)
59 #ifndef OPENSSL_NO_DSA
60 if (strcmp(*argv,"dsa") == 0)
61 {
62+#ifdef OPENSSL_FIPS
63+ if (!FIPS_mode())
64+#endif
65+ {
66 dsa_doit[R_DSA_512]=1;
67+ }
68 dsa_doit[R_DSA_1024]=1;
69 dsa_doit[R_DSA_2048]=1;
70 }
71@@ -1226,30 +1234,54 @@ int MAIN(int argc, char **argv)
72 AES_set_encrypt_key(key32,256,&aes_ks3);
73 #endif
74 #ifndef OPENSSL_NO_CAMELLIA
75+ if (doit[D_CBC_128_CML] || doit[D_CBC_192_CML] || doit[D_CBC_256_CML])
76+ {
77 Camellia_set_key(key16,128,&camellia_ks1);
78 Camellia_set_key(ckey24,192,&camellia_ks2);
79 Camellia_set_key(ckey32,256,&camellia_ks3);
80+ }
81 #endif
82 #ifndef OPENSSL_NO_IDEA
83+ if (doit[D_CBC_IDEA])
84+ {
85 idea_set_encrypt_key(key16,&idea_ks);
86+ }
87 #endif
88 #ifndef OPENSSL_NO_SEED
89+ if (doit[D_CBC_SEED])
90+ {
91 SEED_set_key(key16,&seed_ks);
92+ }
93 #endif
94 #ifndef OPENSSL_NO_RC4
95+ if (doit[D_RC4])
96+ {
97 RC4_set_key(&rc4_ks,16,key16);
98+ }
99 #endif
100 #ifndef OPENSSL_NO_RC2
101+ if (doit[D_CBC_RC2])
102+ {
103 RC2_set_key(&rc2_ks,16,key16,128);
104+ }
105 #endif
106 #ifndef OPENSSL_NO_RC5
107+ if (doit[D_CBC_RC5])
108+ {
109 RC5_32_set_key(&rc5_ks,16,key16,12);
110+ }
111 #endif
112 #ifndef OPENSSL_NO_BF
113+ if (doit[D_CBC_BF])
114+ {
115 BF_set_key(&bf_ks,16,key16);
116+ }
117 #endif
118 #ifndef OPENSSL_NO_CAST
119+ if (doit[D_CBC_CAST])
120+ {
121 CAST_set_key(&cast_ks,16,key16);
122+ }
123 #endif
124 #ifndef OPENSSL_NO_RSA
125 memset(rsa_c,0,sizeof(rsa_c));
37d333a7
MT		 126diff -up openssl-1.0.1e/Configure.fips openssl-1.0.1e/Configure
127--- openssl-1.0.1e/Configure.fips 2013-02-19 12:47:33.670117470 +0100
128+++ openssl-1.0.1e/Configure 2013-02-19 12:47:33.716118405 +0100
129@@ -995,11 +995,6 @@ if (defined($disabled{"md5"}) || defined
0595faf5
MT		 130 $disabled{"ssl2"} = "forced";
131 }
132
133-if ($fips && $fipslibdir eq "")
134- {
135- $fipslibdir = $fipsdir . "/lib/";
136- }
137-
138 # RSAX ENGINE sets default non-FIPS RSA method.
139 if ($fips)
140 {
37d333a7 141@@ -1474,7 +1469,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b
0595faf5
MT		 142 if ($fips)
143 {
144 $openssl_other_defines.="#define OPENSSL_FIPS\n";
145- $cflags .= " -I\$(FIPSDIR)/include";
146 }
147
148 $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
37d333a7 149@@ -1661,9 +1655,12 @@ while (<IN>)
0595faf5
MT		 150
151 s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
152 s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
153- s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
154 s/^BASEADDR=.*/BASEADDR=$baseaddr/;
155
156+ if ($fips)
157+ {
158+ s/^FIPS=.*/FIPS=yes/;
159+ }
160 s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
161 s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
162 s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
37d333a7
MT		 163diff -up openssl-1.0.1e/crypto/aes/aes_misc.c.fips openssl-1.0.1e/crypto/aes/aes_misc.c
164--- openssl-1.0.1e/crypto/aes/aes_misc.c.fips 2013-02-11 16:26:04.000000000 +0100
165+++ openssl-1.0.1e/crypto/aes/aes_misc.c 2013-02-19 12:47:33.717118426 +0100
0595faf5
MT		 166@@ -69,17 +69,11 @@ const char *AES_options(void) {
167 int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
168 AES_KEY *key)
169 {
170-#ifdef OPENSSL_FIPS
171- fips_cipher_abort(AES);
172-#endif
173 return private_AES_set_encrypt_key(userKey, bits, key);
174 }
175
176 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
177 AES_KEY *key)
178 {
179-#ifdef OPENSSL_FIPS
180- fips_cipher_abort(AES);
181-#endif
182 return private_AES_set_decrypt_key(userKey, bits, key);
183 }
37d333a7
MT		 184diff -up openssl-1.0.1e/crypto/cmac/cmac.c.fips openssl-1.0.1e/crypto/cmac/cmac.c
185--- openssl-1.0.1e/crypto/cmac/cmac.c.fips 2013-02-11 16:26:04.000000000 +0100
186+++ openssl-1.0.1e/crypto/cmac/cmac.c 2013-02-19 12:47:33.717118426 +0100
0595faf5
MT		 187@@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void)
188
189 void CMAC_CTX_cleanup(CMAC_CTX *ctx)
190 {
191-#ifdef OPENSSL_FIPS
192- if (FIPS_mode() && !ctx->cctx.engine)
193- {
194- FIPS_cmac_ctx_cleanup(ctx);
195- return;
196- }
197-#endif
198 EVP_CIPHER_CTX_cleanup(&ctx->cctx);
199 OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
200 OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
201@@ -164,11 +157,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void
202 EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
203 return 0;
204 }
205- /* Other algorithm blocking will be done in FIPS_cmac_init,
206- * via FIPS_cipherinit().
207- */
208- if (!impl && !ctx->cctx.engine)
209- return FIPS_cmac_init(ctx, key, keylen, cipher, NULL);
210 }
211 #endif
212 /* All zeros means restart */
a7ff9508 213@@ -216,10 +204,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
0595faf5
MT		 214 {
215 const unsigned char *data = in;
216 size_t bl;
217-#ifdef OPENSSL_FIPS
218- if (FIPS_mode() && !ctx->cctx.engine)
219- return FIPS_cmac_update(ctx, in, dlen);
220-#endif
221 if (ctx->nlast_block == -1)
222 return 0;
223 if (dlen == 0)
a7ff9508 224@@ -261,10 +245,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
0595faf5
MT		 225 int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
226 {
227 int i, bl, lb;
228-#ifdef OPENSSL_FIPS
229- if (FIPS_mode() && !ctx->cctx.engine)
230- return FIPS_cmac_final(ctx, out, poutlen);
231-#endif
232 if (ctx->nlast_block == -1)
233 return 0;
234 bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
37d333a7
MT		 235diff -up openssl-1.0.1e/crypto/crypto.h.fips openssl-1.0.1e/crypto/crypto.h
236--- openssl-1.0.1e/crypto/crypto.h.fips 2013-02-19 12:47:33.444112876 +0100
237+++ openssl-1.0.1e/crypto/crypto.h 2013-02-19 12:47:33.718118447 +0100
0595faf5
MT		 238@@ -553,24 +553,29 @@ int FIPS_mode_set(int r);
239 void OPENSSL_init(void);
240
241 #define fips_md_init(alg) fips_md_init_ctx(alg, alg)
242+#define nonfips_md_init(alg) nonfips_md_init_ctx(alg, alg)
243+#define fips_md_init_ctx(alg, cx) \
244+ int alg##_Init(cx##_CTX *c)
245
246 #ifdef OPENSSL_FIPS
247-#define fips_md_init_ctx(alg, cx) \
248+#define nonfips_md_init_ctx(alg, cx) \
249 int alg##_Init(cx##_CTX *c) \
250 { \
251 if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
252- "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
253+ "Digest " #alg " forbidden in FIPS mode!"); \
254 return private_##alg##_Init(c); \
255 } \
256 int private_##alg##_Init(cx##_CTX *c)
257
258 #define fips_cipher_abort(alg) \
259 if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
260- "Low level API call to cipher " #alg " forbidden in FIPS mode!")
261+ "Cipher " #alg " forbidden in FIPS mode!")
262+
263+/* die if FIPS selftest failed */
264+void FIPS_selftest_check(void);
265
266 #else
267-#define fips_md_init_ctx(alg, cx) \
268- int alg##_Init(cx##_CTX *c)
269+#define nonfips_md_init_ctx(alg, cx) fips_md_init_ctx(alg, cx)
270 #define fips_cipher_abort(alg) while(0)
271 #endif
272
37d333a7 273@@ -587,6 +592,9 @@ int CRYPTO_memcmp(const void *a, const v
0595faf5
MT		 274 */
275 void ERR_load_CRYPTO_strings(void);
276
277+#define OPENSSL_HAVE_INIT 1
278+void OPENSSL_init_library(void);
279+
280 /* Error codes for the CRYPTO functions. */
281
282 /* Function codes. */
37d333a7
MT		 283diff -up openssl-1.0.1e/crypto/des/des.h.fips openssl-1.0.1e/crypto/des/des.h
284--- openssl-1.0.1e/crypto/des/des.h.fips 2013-02-19 12:47:33.516114340 +0100
285+++ openssl-1.0.1e/crypto/des/des.h 2013-02-19 12:47:33.718118447 +0100
0595faf5
MT		 286@@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE
287 int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
288 int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
289 void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
290-#ifdef OPENSSL_FIPS
291-void private_DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
292-#endif
293 void DES_string_to_key(const char *str,DES_cblock *key);
294 void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
295 void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
37d333a7
MT		 296diff -up openssl-1.0.1e/crypto/des/set_key.c.fips openssl-1.0.1e/crypto/des/set_key.c
297--- openssl-1.0.1e/crypto/des/set_key.c.fips 2013-02-11 16:26:04.000000000 +0100
298+++ openssl-1.0.1e/crypto/des/set_key.c 2013-02-19 12:47:33.719118468 +0100
299@@ -336,13 +336,6 @@ int DES_set_key_checked(const_DES_cblock
0595faf5
MT		 300 }
301
302 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
303-#ifdef OPENSSL_FIPS
304- {
305- fips_cipher_abort(DES);
306- private_DES_set_key_unchecked(key, schedule);
307- }
308-void private_DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
309-#endif
310 {
311 static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
312 register DES_LONG c,d,t,s,t2;
37d333a7
MT		 313diff -up openssl-1.0.1e/crypto/dh/dh_gen.c.fips openssl-1.0.1e/crypto/dh/dh_gen.c
314--- openssl-1.0.1e/crypto/dh/dh_gen.c.fips 2013-02-11 16:26:04.000000000 +0100
315+++ openssl-1.0.1e/crypto/dh/dh_gen.c 2013-02-19 12:47:33.719118468 +0100
0595faf5
MT		 316@@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i
317 #endif
318 if(ret->meth->generate_params)
319 return ret->meth->generate_params(ret, prime_len, generator, cb);
320-#ifdef OPENSSL_FIPS
321- if (FIPS_mode())
322- return FIPS_dh_generate_parameters_ex(ret, prime_len,
323- generator, cb);
324-#endif
325 return dh_builtin_genparams(ret, prime_len, generator, cb);
326 }
327
328@@ -123,6 +118,20 @@ static int dh_builtin_genparams(DH *ret,
329 int g,ok= -1;
330 BN_CTX *ctx=NULL;
331
332+#ifdef OPENSSL_FIPS
333+ if(FIPS_selftest_failed())
334+ {
335+ FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS,FIPS_R_FIPS_SELFTEST_FAILED);
336+ return 0;
337+ }
338+
339+ if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
340+ {
341+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
342+ goto err;
343+ }
344+#endif
345+
346 ctx=BN_CTX_new();
347 if (ctx == NULL) goto err;
348 BN_CTX_start(ctx);
37d333a7
MT		 349diff -up openssl-1.0.1e/crypto/dh/dh.h.fips openssl-1.0.1e/crypto/dh/dh.h
350--- openssl-1.0.1e/crypto/dh/dh.h.fips 2013-02-19 12:47:33.388111739 +0100
351+++ openssl-1.0.1e/crypto/dh/dh.h 2013-02-19 12:47:33.719118468 +0100
0595faf5
MT		 352@@ -77,6 +77,8 @@
353 # define OPENSSL_DH_MAX_MODULUS_BITS 10000
354 #endif
355
356+#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
357+
358 #define DH_FLAG_CACHE_MONT_P 0x01
359 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
360 * implementation now uses constant time
37d333a7
MT		 361diff -up openssl-1.0.1e/crypto/dh/dh_key.c.fips openssl-1.0.1e/crypto/dh/dh_key.c
362--- openssl-1.0.1e/crypto/dh/dh_key.c.fips 2013-02-11 16:26:04.000000000 +0100
363+++ openssl-1.0.1e/crypto/dh/dh_key.c 2013-02-19 12:47:33.720118488 +0100
0595faf5
MT		 364@@ -61,6 +61,9 @@
365 #include <openssl/bn.h>
366 #include <openssl/rand.h>
367 #include <openssl/dh.h>
368+#ifdef OPENSSL_FIPS
369+#include <openssl/fips.h>
370+#endif
371
372 static int generate_key(DH *dh);
373 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
374@@ -104,7 +107,7 @@ compute_key,
375 dh_bn_mod_exp,
376 dh_init,
377 dh_finish,
378-0,
379+DH_FLAG_FIPS_METHOD,
380 NULL,
381 NULL
382 };
383@@ -123,6 +126,14 @@ static int generate_key(DH *dh)
384 BN_MONT_CTX *mont=NULL;
385 BIGNUM *pub_key=NULL,*priv_key=NULL;
386
387+#ifdef OPENSSL_FIPS
388+ if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
389+ {
390+ DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
391+ return 0;
392+ }
393+#endif
394+
395 ctx = BN_CTX_new();
396 if (ctx == NULL) goto err;
397
398@@ -213,6 +224,13 @@ static int compute_key(unsigned char *ke
399 DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
400 goto err;
401 }
402+#ifdef OPENSSL_FIPS
403+ if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
404+ {
405+ DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
406+ goto err;
407+ }
408+#endif
409
410 ctx = BN_CTX_new();
411 if (ctx == NULL) goto err;
412@@ -280,6 +298,9 @@ static int dh_bn_mod_exp(const DH *dh, B
413
414 static int dh_init(DH *dh)
415 {
416+#ifdef OPENSSL_FIPS
417+ FIPS_selftest_check();
418+#endif
419 dh->flags |= DH_FLAG_CACHE_MONT_P;
420 return(1);
421 }
37d333a7
MT		 422diff -up openssl-1.0.1e/crypto/dh/dh_lib.c.fips openssl-1.0.1e/crypto/dh/dh_lib.c
423--- openssl-1.0.1e/crypto/dh/dh_lib.c.fips 2013-02-11 16:26:04.000000000 +0100
424+++ openssl-1.0.1e/crypto/dh/dh_lib.c 2013-02-19 12:47:33.720118488 +0100
0595faf5
MT		 425@@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v
426 {
427 if(!default_DH_method)
428 {
429-#ifdef OPENSSL_FIPS
430- if (FIPS_mode())
431- return FIPS_dh_openssl();
432- else
433- return DH_OpenSSL();
434-#else
435 default_DH_method = DH_OpenSSL();
436-#endif
437 }
438 return default_DH_method;
439 }
37d333a7
MT		 440diff -up openssl-1.0.1e/crypto/dsa/dsa_err.c.fips openssl-1.0.1e/crypto/dsa/dsa_err.c
441--- openssl-1.0.1e/crypto/dsa/dsa_err.c.fips 2013-02-11 16:26:04.000000000 +0100
442+++ openssl-1.0.1e/crypto/dsa/dsa_err.c 2013-02-19 12:47:33.720118488 +0100
0595faf5
MT		 443@@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]=
444 {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"},
445 {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
446 {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
447+{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "dsa_builtin_keygen"},
448+{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"},
449 {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
450 {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
451 {ERR_FUNC(DSA_F_DSA_GENERATE_KEY), "DSA_generate_key"},
452@@ -106,6 +108,8 @@ static ERR_STRING_DATA DSA_str_reasons[]
453 {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
454 {ERR_REASON(DSA_R_DECODE_ERROR) ,"decode error"},
455 {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE) ,"invalid digest type"},
456+{ERR_REASON(DSA_R_KEY_SIZE_INVALID) ,"key size invalid"},
457+{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
458 {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
459 {ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
460 {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"},
37d333a7
MT		 461diff -up openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips openssl-1.0.1e/crypto/dsa/dsa_gen.c
462--- openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips 2013-02-11 16:26:04.000000000 +0100
463+++ openssl-1.0.1e/crypto/dsa/dsa_gen.c 2013-02-19 12:47:33.721118508 +0100
0595faf5
MT		 464@@ -85,6 +85,14 @@
465 #include <openssl/fips.h>
466 #endif
467
468+#ifndef OPENSSL_FIPS
469+static int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
470+ const EVP_MD *evpmd, unsigned char *seed, int seed_len,
471+ BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb);
472+static int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
473+ BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb);
474+#endif
475+
476 int DSA_generate_parameters_ex(DSA *ret, int bits,
477 const unsigned char *seed_in, int seed_len,
478 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
479@@ -100,14 +108,6 @@ int DSA_generate_parameters_ex(DSA *ret,
480 if(ret->meth->dsa_paramgen)
481 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
482 counter_ret, h_ret, cb);
483-#ifdef OPENSSL_FIPS
484- else if (FIPS_mode())
485- {
486- return FIPS_dsa_generate_parameters_ex(ret, bits,
487- seed_in, seed_len,
488- counter_ret, h_ret, cb);
489- }
490-#endif
491 else
492 {
493 const EVP_MD *evpmd;
494@@ -125,27 +125,119 @@ int DSA_generate_parameters_ex(DSA *ret,
495 }
496
497 return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
498- seed_in, seed_len, NULL, counter_ret, h_ret, cb);
499+ seed_in, seed_len, counter_ret, h_ret, cb);
500 }
501 }
502
503+#ifdef OPENSSL_FIPS
504+int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
505+ const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
506+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
507+ {
508+ return dsa_builtin_paramgen(ret, bits, qbits,
509+ evpmd, seed_in, seed_len,
510+ counter_ret, h_ret, cb);
511+ }
512+#endif
513+
514 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
515 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
516- unsigned char *seed_out,
517 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
518 {
519 int ok=0;
520 unsigned char seed[SHA256_DIGEST_LENGTH];
521+ BIGNUM *g=NULL,*q=NULL,*p=NULL;
522+ size_t qsize = qbits >> 3;
523+ BN_CTX *ctx=NULL;
524+
525+#ifdef OPENSSL_FIPS
526+ if(FIPS_selftest_failed())
527+ {
528+ FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN,
529+ FIPS_R_FIPS_SELFTEST_FAILED);
530+ goto err;
531+ }
532+
533+ if (FIPS_module_mode() &&
534+ (bits != 1024 || qbits != 160) &&
535+ (bits != 2048 || qbits != 224) &&
536+ (bits != 2048 || qbits != 256) &&
537+ (bits != 3072 || qbits != 256))
538+ {
539+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_INVALID);
540+ goto err;
541+ }
542+#endif
543+ if (seed_len && (seed_len < (size_t)qsize))
544+ seed_in = NULL; /* seed buffer too small -- ignore */
545+ if (seed_len > sizeof(seed))
546+ seed_len = sizeof(seed); /* App. 2.2 of FIPS PUB 186 allows larger SEED,
547+ * but our internal buffers are restricted to 256 bits*/
548+ if (seed_in != NULL)
549+ memcpy(seed, seed_in, seed_len);
550+ else
551+ seed_len = 0;
552+
553+ if ((ctx=BN_CTX_new()) == NULL)
554+ goto err;
555+
556+ BN_CTX_start(ctx);
557+
558+ if (!FIPS_dsa_generate_pq(ctx, bits, qbits, evpmd,
559+ seed, seed_len, &p, &q, counter_ret, cb))
560+ goto err;
561+
562+ if (!FIPS_dsa_generate_g(ctx, p, q, &g, h_ret, cb))
563+ goto err;
564+
565+ ok=1;
566+err:
567+ if (ok)
568+ {
569+ if(ret->p)
570+ {
571+ BN_free(ret->p);
572+ ret->p = NULL;
573+ }
574+ if(ret->q)
575+ {
576+ BN_free(ret->q);
577+ ret->q = NULL;
578+ }
579+ if(ret->g)
580+ {
581+ BN_free(ret->g);
582+ ret->g = NULL;
583+ }
584+ ret->p=BN_dup(p);
585+ ret->q=BN_dup(q);
586+ ret->g=BN_dup(g);
587+ if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
588+ ok=0;
589+ }
590+ if(ctx)
591+ {
592+ BN_CTX_end(ctx);
593+ BN_CTX_free(ctx);
594+ }
595+ return ok;
596+ }
597+
598+#ifndef OPENSSL_FIPS
599+static
600+#endif
601+int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
602+ const EVP_MD *evpmd, unsigned char *seed, int seed_len,
603+ BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb)
604+ {
605+ int ok=0;
606 unsigned char md[SHA256_DIGEST_LENGTH];
607- unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH];
608+ unsigned char buf[SHA256_DIGEST_LENGTH];
609 BIGNUM *r0,*W,*X,*c,*test;
610- BIGNUM *g=NULL,*q=NULL,*p=NULL;
611- BN_MONT_CTX *mont=NULL;
612- int i, k, n=0, m=0, qsize = qbits >> 3;
613+ BIGNUM *q=NULL,*p=NULL;
614+ int i, k, b, n=0, m=0, qsize = qbits >> 3;
615 int counter=0;
616 int r=0;
617- BN_CTX *ctx=NULL;
618- unsigned int h=2;
619
620 if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
621 qsize != SHA256_DIGEST_LENGTH)
622@@ -153,51 +245,43 @@ int dsa_builtin_paramgen(DSA *ret, size_
623 return 0;
624
625 if (evpmd == NULL)
626- /* use SHA1 as default */
627- evpmd = EVP_sha1();
628+ {
629+ if (qbits <= 160)
630+ evpmd = EVP_sha1();
631+ else if (qbits <= 224)
632+ evpmd = EVP_sha224();
633+ else
634+ evpmd = EVP_sha256();
635+ }
636
637 if (bits < 512)
638 bits = 512;
639
640 bits = (bits+63)/64*64;
641
642- /* NB: seed_len == 0 is special case: copy generated seed to
643- * seed_in if it is not NULL.
644- */
645- if (seed_len && (seed_len < (size_t)qsize))
646- seed_in = NULL; /* seed buffer too small -- ignore */
647- if (seed_len > (size_t)qsize)
648- seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
649- * but our internal buffers are restricted to 160 bits*/
650- if (seed_in != NULL)
651- memcpy(seed, seed_in, seed_len);
652-
653- if ((ctx=BN_CTX_new()) == NULL)
654- goto err;
655-
656- if ((mont=BN_MONT_CTX_new()) == NULL)
657- goto err;
658-
659- BN_CTX_start(ctx);
660 r0 = BN_CTX_get(ctx);
661- g = BN_CTX_get(ctx);
662 W = BN_CTX_get(ctx);
663- q = BN_CTX_get(ctx);
664+ *q_ret = q = BN_CTX_get(ctx);
665 X = BN_CTX_get(ctx);
666 c = BN_CTX_get(ctx);
667- p = BN_CTX_get(ctx);
668+ *p_ret = p = BN_CTX_get(ctx);
669 test = BN_CTX_get(ctx);
670
671 if (!BN_lshift(test,BN_value_one(),bits-1))
672 goto err;
673
674+ /* step 3 n = \lceil bits / qbits \rceil - 1 */
675+ n = (bits+qbits-1)/qbits - 1;
676+ /* step 4 b = bits - 1 - n * qbits */
677+ b = bits - 1 - n*qbits;
678+
679 for (;;)
680 {
681 for (;;) /* find q */
682 {
683 int seed_is_random;
684
685- /* step 1 */
686+ /* step 5 generate seed */
687 if(!BN_GENCB_call(cb, 0, m++))
688 goto err;
689
690@@ -212,30 +296,18 @@ int dsa_builtin_paramgen(DSA *ret, size_
691 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
692 }
693 memcpy(buf , seed, qsize);
694- memcpy(buf2, seed, qsize);
695- /* precompute "SEED + 1" for step 7: */
696- for (i = qsize-1; i >= 0; i--)
697- {
698- buf[i]++;
699- if (buf[i] != 0)
700- break;
701- }
702
703- /* step 2 */
704+ /* step 6 U = hash(seed) */
705 if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
706 goto err;
707- if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
708- goto err;
709- for (i = 0; i < qsize; i++)
710- md[i]^=buf2[i];
711
712- /* step 3 */
713+ /* step 7 q = 2^(qbits-1) + U + 1 - (U mod 2) */
714 md[0] |= 0x80;
715 md[qsize-1] |= 0x01;
716 if (!BN_bin2bn(md, qsize, q))
717 goto err;
718
719- /* step 4 */
720+ /* step 8 test for prime (64 round of Rabin-Miller) */
721 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
722 seed_is_random, cb);
723 if (r > 0)
724@@ -243,27 +315,22 @@ int dsa_builtin_paramgen(DSA *ret, size_
725 if (r != 0)
726 goto err;
727
728- /* do a callback call */
729- /* step 5 */
730 }
731
732 if(!BN_GENCB_call(cb, 2, 0)) goto err;
733 if(!BN_GENCB_call(cb, 3, 0)) goto err;
734
735- /* step 6 */
736+ /* step 11 */
737 counter=0;
738- /* "offset = 2" */
739-
740- n=(bits-1)/160;
741+ /* "offset = 1" */
742
743 for (;;)
744 {
745 if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
746 goto err;
747
748- /* step 7 */
749+ /* step 11.1, 11.2 obtain W */
750 BN_zero(W);
751- /* now 'buf' contains "SEED + offset - 1" */
752 for (k=0; k<=n; k++)
753 {
754 /* obtain "SEED + offset + k" by incrementing: */
755@@ -278,28 +345,30 @@ int dsa_builtin_paramgen(DSA *ret, size_
756 NULL))
757 goto err;
758
759- /* step 8 */
760 if (!BN_bin2bn(md, qsize, r0))
761 goto err;
762- if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err;
763+ if (k == n)
764+ BN_mask_bits(r0,b);
765+ if (!BN_lshift(r0,r0,qbits*k)) goto err;
766 if (!BN_add(W,W,r0)) goto err;
767 }
768
769- /* more of step 8 */
770- if (!BN_mask_bits(W,bits-1)) goto err;
771+ /* step 11.3 X = W + 2^(L-1) */
772 if (!BN_copy(X,W)) goto err;
773 if (!BN_add(X,X,test)) goto err;
774
775- /* step 9 */
776+ /* step 11.4 c = X mod 2*q */
777 if (!BN_lshift1(r0,q)) goto err;
778 if (!BN_mod(c,X,r0,ctx)) goto err;
779+
780+ /* step 11.5 p = X - (c - 1) */
781 if (!BN_sub(r0,c,BN_value_one())) goto err;
782 if (!BN_sub(p,X,r0)) goto err;
783
784- /* step 10 */
785+ /* step 11.6 */
786 if (BN_cmp(p,test) >= 0)
787 {
788- /* step 11 */
789+ /* step 11.7 */
790 r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
791 ctx, 1, cb);
792 if (r > 0)
793@@ -308,19 +377,45 @@ int dsa_builtin_paramgen(DSA *ret, size_
794 goto err;
795 }
796
797- /* step 13 */
798+ /* step 11.9 */
799 counter++;
800 /* "offset = offset + n + 1" */
801
802- /* step 14 */
803- if (counter >= 4096) break;
804+ /* step 12 */
805+ if (counter >= 4*bits) break;
806 }
807 }
808 end:
809 if(!BN_GENCB_call(cb, 2, 1))
810 goto err;
811
812- /* We now need to generate g */
813+ ok=1;
814+err:
815+ if (ok)
816+ {
817+ if (counter_ret != NULL) *counter_ret=counter;
818+ }
819+ return ok;
820+ }
821+
822+#ifndef OPENSSL_FIPS
823+static
824+#endif
825+int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
826+ BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb)
827+ {
828+ int ok=0;
829+ BIGNUM *r0, *test, *g = NULL;
830+ BN_MONT_CTX *mont;
831+ unsigned int h=2;
832+
833+ if ((mont=BN_MONT_CTX_new()) == NULL)
834+ goto err;
835+
836+ r0 = BN_CTX_get(ctx);
837+ *g_ret = g = BN_CTX_get(ctx);
838+ test = BN_CTX_get(ctx);
839+
840 /* Set r0=(p-1)/q */
841 if (!BN_sub(test,p,BN_value_one())) goto err;
842 if (!BN_div(r0,NULL,test,q,ctx)) goto err;
843@@ -344,26 +439,7 @@ end:
844 err:
845 if (ok)
846 {
847- if(ret->p) BN_free(ret->p);
848- if(ret->q) BN_free(ret->q);
849- if(ret->g) BN_free(ret->g);
850- ret->p=BN_dup(p);
851- ret->q=BN_dup(q);
852- ret->g=BN_dup(g);
853- if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
854- {
855- ok=0;
856- goto err;
857- }
858- if (counter_ret != NULL) *counter_ret=counter;
859 if (h_ret != NULL) *h_ret=h;
860- if (seed_out)
861- memcpy(seed_out, seed, qsize);
862- }
863- if(ctx)
864- {
865- BN_CTX_end(ctx);
866- BN_CTX_free(ctx);
867 }
868 if (mont != NULL) BN_MONT_CTX_free(mont);
869 return ok;
37d333a7
MT		 870diff -up openssl-1.0.1e/crypto/dsa/dsa.h.fips openssl-1.0.1e/crypto/dsa/dsa.h
871--- openssl-1.0.1e/crypto/dsa/dsa.h.fips 2013-02-19 12:47:33.205108020 +0100
872+++ openssl-1.0.1e/crypto/dsa/dsa.h 2013-02-19 12:47:33.721118508 +0100
0595faf5
MT		 873@@ -88,6 +88,8 @@
874 # define OPENSSL_DSA_MAX_MODULUS_BITS 10000
875 #endif
876
877+#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
878+
879 #define DSA_FLAG_CACHE_MONT_P 0x01
880 #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
881 * implementation now uses constant time
882@@ -264,6 +266,17 @@ int DSA_print_fp(FILE *bp, const DSA *x,
883 DH *DSA_dup_DH(const DSA *r);
884 #endif
885
886+#ifdef OPENSSL_FIPS
887+int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
888+ const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
889+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
890+int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
891+ const EVP_MD *evpmd, unsigned char *seed, int seed_len,
892+ BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb);
893+int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
894+ BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb);
895+#endif
896+
897 #define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
898 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
899 EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
900@@ -285,10 +298,13 @@ void ERR_load_DSA_strings(void);
901 #define DSA_F_DO_DSA_PRINT 104
902 #define DSA_F_DSAPARAMS_PRINT 100
903 #define DSA_F_DSAPARAMS_PRINT_FP 101
904+#define DSA_F_DSA_BUILTIN_KEYGEN 124
905+#define DSA_F_DSA_BUILTIN_PARAMGEN 123
906 #define DSA_F_DSA_DO_SIGN 112
907 #define DSA_F_DSA_DO_VERIFY 113
908-#define DSA_F_DSA_GENERATE_KEY 124
909-#define DSA_F_DSA_GENERATE_PARAMETERS_EX 123
910+#define DSA_F_DSA_GENERATE_KEY 126
911+#define DSA_F_DSA_GENERATE_PARAMETERS_EX 127
912+#define DSA_F_DSA_GENERATE_PARAMETERS /* unused */ 125
913 #define DSA_F_DSA_NEW_METHOD 103
914 #define DSA_F_DSA_PARAM_DECODE 119
915 #define DSA_F_DSA_PRINT_FP 105
916@@ -314,11 +330,15 @@ void ERR_load_DSA_strings(void);
917 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
918 #define DSA_R_DECODE_ERROR 104
919 #define DSA_R_INVALID_DIGEST_TYPE 106
920+#define DSA_R_KEY_SIZE_INVALID 113
921+#define DSA_R_KEY_SIZE_TOO_SMALL 110
922 #define DSA_R_MISSING_PARAMETERS 101
923 #define DSA_R_MODULUS_TOO_LARGE 103
924-#define DSA_R_NEED_NEW_SETUP_VALUES 110
925+#define DSA_R_NEED_NEW_SETUP_VALUES 112
926 #define DSA_R_NON_FIPS_DSA_METHOD 111
927+#define DSA_R_NON_FIPS_METHOD 111
928 #define DSA_R_NO_PARAMETERS_SET 107
929+#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE /* unused */ 112
930 #define DSA_R_PARAMETER_ENCODING_ERROR 105
931
932 #ifdef __cplusplus
37d333a7
MT		 933diff -up openssl-1.0.1e/crypto/dsa/dsa_key.c.fips openssl-1.0.1e/crypto/dsa/dsa_key.c
934--- openssl-1.0.1e/crypto/dsa/dsa_key.c.fips 2013-02-11 16:26:04.000000000 +0100
935+++ openssl-1.0.1e/crypto/dsa/dsa_key.c 2013-02-19 12:47:33.722118528 +0100
936@@ -66,6 +66,35 @@
0595faf5
MT		 937
938 #ifdef OPENSSL_FIPS
939 #include <openssl/fips.h>
940+#include <openssl/evp.h>
941+
942+static int fips_check_dsa(DSA *dsa)
943+ {
37d333a7 944+ EVP_PKEY *pk;
0595faf5 945+ unsigned char tbs[] = "DSA Pairwise Check Data";
37d333a7 946+ int ret = 0;
0595faf5 947+
37d333a7
MT		 948+ if ((pk=EVP_PKEY_new()) == NULL)
949+ goto err;
950+
951+ EVP_PKEY_set1_DSA(pk, dsa);
952+
953+ if (fips_pkey_signature_test(pk, tbs, 0, NULL, 0, NULL, 0, NULL))
954+ ret = 1;
955+
956+ err:
957+ if (ret == 0)
0595faf5
MT		 958+ {
959+ FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
960+ fips_set_selftest_fail();
0595faf5 961+ }
37d333a7
MT		 962+
963+ if (pk)
964+ EVP_PKEY_free(pk);
965+
966+ return ret;
0595faf5
MT		 967+ }
968+
969 #endif
970
971 static int dsa_builtin_keygen(DSA *dsa);
37d333a7 972@@ -82,10 +111,6 @@ int DSA_generate_key(DSA *dsa)
0595faf5
MT		 973 #endif
974 if(dsa->meth->dsa_keygen)
975 return dsa->meth->dsa_keygen(dsa);
976-#ifdef OPENSSL_FIPS
977- if (FIPS_mode())
978- return FIPS_dsa_generate_key(dsa);
979-#endif
980 return dsa_builtin_keygen(dsa);
981 }
982
37d333a7 983@@ -95,6 +120,15 @@ static int dsa_builtin_keygen(DSA *dsa)
0595faf5
MT		 984 BN_CTX *ctx=NULL;
985 BIGNUM *pub_key=NULL,*priv_key=NULL;
986
987+#ifdef OPENSSL_FIPS
988+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
989+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
990+ {
991+ DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
992+ goto err;
993+ }
994+#endif
995+
996 if ((ctx=BN_CTX_new()) == NULL) goto err;
997
998 if (dsa->priv_key == NULL)
37d333a7 999@@ -133,6 +167,14 @@ static int dsa_builtin_keygen(DSA *dsa)
0595faf5
MT		 1000
1001 dsa->priv_key=priv_key;
1002 dsa->pub_key=pub_key;
1003+#ifdef OPENSSL_FIPS
1004+ if(FIPS_mode() && !fips_check_dsa(dsa))
1005+ {
1006+ dsa->pub_key = NULL;
1007+ dsa->priv_key = NULL;
1008+ goto err;
1009+ }
1010+#endif
1011 ok=1;
1012
1013 err:
37d333a7
MT		 1014diff -up openssl-1.0.1e/crypto/dsa/dsa_lib.c.fips openssl-1.0.1e/crypto/dsa/dsa_lib.c
1015--- openssl-1.0.1e/crypto/dsa/dsa_lib.c.fips 2013-02-11 16:26:04.000000000 +0100
1016+++ openssl-1.0.1e/crypto/dsa/dsa_lib.c 2013-02-19 12:47:33.722118528 +0100
0595faf5
MT		 1017@@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method
1018 {
1019 if(!default_DSA_method)
1020 {
1021-#ifdef OPENSSL_FIPS
1022- if (FIPS_mode())
1023- return FIPS_dsa_openssl();
1024- else
1025- return DSA_OpenSSL();
1026-#else
1027 default_DSA_method = DSA_OpenSSL();
1028-#endif
1029 }
1030 return default_DSA_method;
1031 }
37d333a7
MT		 1032diff -up openssl-1.0.1e/crypto/dsa/dsa_locl.h.fips openssl-1.0.1e/crypto/dsa/dsa_locl.h
1033--- openssl-1.0.1e/crypto/dsa/dsa_locl.h.fips 2013-02-19 12:47:33.209108100 +0100
1034+++ openssl-1.0.1e/crypto/dsa/dsa_locl.h 2013-02-19 12:47:33.722118528 +0100
0595faf5
MT		 1035@@ -56,5 +56,4 @@
1036
1037 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
1038 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
1039- unsigned char *seed_out,
1040 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
37d333a7
MT		 1041diff -up openssl-1.0.1e/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1e/crypto/dsa/dsa_ossl.c
1042--- openssl-1.0.1e/crypto/dsa/dsa_ossl.c.fips 2013-02-11 16:26:04.000000000 +0100
1043+++ openssl-1.0.1e/crypto/dsa/dsa_ossl.c 2013-02-19 12:47:33.723118548 +0100
0595faf5
MT		 1044@@ -65,6 +65,9 @@
1045 #include <openssl/dsa.h>
1046 #include <openssl/rand.h>
1047 #include <openssl/asn1.h>
1048+#ifdef OPENSSL_FIPS
1049+#include <openssl/fips.h>
1050+#endif
1051
1052 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
1053 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
1054@@ -82,7 +85,7 @@ NULL, /* dsa_mod_exp, */
1055 NULL, /* dsa_bn_mod_exp, */
1056 dsa_init,
1057 dsa_finish,
1058-0,
1059+DSA_FLAG_FIPS_METHOD,
1060 NULL,
1061 NULL,
1062 NULL
1063@@ -138,6 +141,21 @@ static DSA_SIG *dsa_do_sign(const unsign
1064 DSA_SIG *ret=NULL;
1065 int noredo = 0;
1066
1067+#ifdef OPENSSL_FIPS
1068+ if(FIPS_selftest_failed())
1069+ {
1070+ FIPSerr(FIPS_F_DSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
1071+ return NULL;
1072+ }
1073+
1074+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
1075+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
1076+ {
1077+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
1078+ return NULL;
1079+ }
1080+#endif
1081+
1082 BN_init(&m);
1083 BN_init(&xr);
1084
1085@@ -325,6 +343,21 @@ static int dsa_do_verify(const unsigned
1086 return -1;
1087 }
1088
1089+#ifdef OPENSSL_FIPS
1090+ if(FIPS_selftest_failed())
1091+ {
1092+ FIPSerr(FIPS_F_DSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
1093+ return -1;
1094+ }
1095+
1096+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
1097+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
1098+ {
1099+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);
1100+ return -1;
1101+ }
1102+#endif
1103+
1104 if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
1105 {
1106 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
1107@@ -399,6 +432,9 @@ static int dsa_do_verify(const unsigned
1108
1109 static int dsa_init(DSA *dsa)
1110 {
1111+#ifdef OPENSSL_FIPS
1112+ FIPS_selftest_check();
1113+#endif
1114 dsa->flags|=DSA_FLAG_CACHE_MONT_P;
1115 return(1);
1116 }
37d333a7
MT		 1117diff -up openssl-1.0.1e/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1e/crypto/dsa/dsa_pmeth.c
1118--- openssl-1.0.1e/crypto/dsa/dsa_pmeth.c.fips 2013-02-11 16:26:04.000000000 +0100
1119+++ openssl-1.0.1e/crypto/dsa/dsa_pmeth.c 2013-02-19 12:47:33.723118548 +0100
0595faf5
MT		 1120@@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
1121 if (!dsa)
1122 return 0;
1123 ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
1124- NULL, 0, NULL, NULL, NULL, pcb);
1125+ NULL, 0, NULL, NULL, pcb);
1126 if (ret)
1127 EVP_PKEY_assign_DSA(pkey, dsa);
1128 else
37d333a7
MT		 1129diff -up openssl-1.0.1e/crypto/dsa/dsatest.c.fips openssl-1.0.1e/crypto/dsa/dsatest.c
1130--- openssl-1.0.1e/crypto/dsa/dsatest.c.fips 2013-02-11 16:26:04.000000000 +0100
1131+++ openssl-1.0.1e/crypto/dsa/dsatest.c 2013-02-19 12:47:33.723118548 +0100
0595faf5
MT		 1132@@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int
1133 /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
1134 * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
1135 static unsigned char seed[20]={
1136- 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
1137- 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
1138+ 0x02,0x47,0x11,0x92,0x11,0x88,0xC8,0xFB,0xAF,0x48,0x4C,0x62,
1139+ 0xDF,0xA5,0xBE,0xA0,0xA4,0x3C,0x56,0xE3,
1140 };
1141
1142 static unsigned char out_p[]={
1143- 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
1144- 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
1145- 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
1146- 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
1147- 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
1148- 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
1149- 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
1150- 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
1151+ 0xAC,0xCB,0x1E,0x63,0x60,0x69,0x0C,0xFB,0x06,0x19,0x68,0x3E,
1152+ 0xA5,0x01,0x5A,0xA2,0x15,0x5C,0xE2,0x99,0x2D,0xD5,0x30,0x99,
1153+ 0x7E,0x5F,0x8D,0xE2,0xF7,0xC6,0x2E,0x8D,0xA3,0x9F,0x58,0xAD,
1154+ 0xD6,0xA9,0x7D,0x0E,0x0D,0x95,0x53,0xA6,0x71,0x3A,0xDE,0xAB,
1155+ 0xAC,0xE9,0xF4,0x36,0x55,0x9E,0xB9,0xD6,0x93,0xBF,0xF3,0x18,
1156+ 0x1C,0x14,0x7B,0xA5,0x42,0x2E,0xCD,0x00,0xEB,0x35,0x3B,0x1B,
1157+ 0xA8,0x51,0xBB,0xE1,0x58,0x42,0x85,0x84,0x22,0xA7,0x97,0x5E,
1158+ 0x99,0x6F,0x38,0x20,0xBD,0x9D,0xB6,0xD9,0x33,0x37,0x2A,0xFD,
1159+ 0xBB,0xD4,0xBC,0x0C,0x2A,0x67,0xCB,0x9F,0xBB,0xDF,0xF9,0x93,
1160+ 0xAA,0xD6,0xF0,0xD6,0x95,0x0B,0x5D,0x65,0x14,0xD0,0x18,0x9D,
1161+ 0xC6,0xAF,0xF0,0xC6,0x37,0x7C,0xF3,0x5F,
1162 };
1163
1164 static unsigned char out_q[]={
1165- 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
1166- 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
1167- 0xda,0xce,0x91,0x5f,
1168+ 0xE3,0x8E,0x5E,0x6D,0xBF,0x2B,0x79,0xF8,0xC5,0x4B,0x89,0x8B,
1169+ 0xBA,0x2D,0x91,0xC3,0x6C,0x80,0xAC,0x87,
1170 };
1171
1172 static unsigned char out_g[]={
1173- 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
1174- 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
1175- 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
1176- 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
1177- 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
1178- 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
1179- 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
1180- 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
1181+ 0x42,0x4A,0x04,0x4E,0x79,0xB4,0x99,0x7F,0xFD,0x58,0x36,0x2C,
1182+ 0x1B,0x5F,0x18,0x7E,0x0D,0xCC,0xAB,0x81,0xC9,0x5D,0x10,0xCE,
1183+ 0x4E,0x80,0x7E,0x58,0xB4,0x34,0x3F,0xA7,0x45,0xC7,0xAA,0x36,
1184+ 0x24,0x42,0xA9,0x3B,0xE8,0x0E,0x04,0x02,0x2D,0xFB,0xA6,0x13,
1185+ 0xB9,0xB5,0x15,0xA5,0x56,0x07,0x35,0xE4,0x03,0xB6,0x79,0x7C,
1186+ 0x62,0xDD,0xDF,0x3F,0x71,0x3A,0x9D,0x8B,0xC4,0xF6,0xE7,0x1D,
1187+ 0x52,0xA8,0xA9,0x43,0x1D,0x33,0x51,0x88,0x39,0xBD,0x73,0xE9,
1188+ 0x5F,0xBE,0x82,0x49,0x27,0xE6,0xB5,0x53,0xC1,0x38,0xAC,0x2F,
1189+ 0x6D,0x97,0x6C,0xEB,0x67,0xC1,0x5F,0x67,0xF8,0x35,0x05,0x5E,
1190+ 0xD5,0x68,0x80,0xAA,0x96,0xCA,0x0B,0x8A,0xE6,0xF1,0xB1,0x41,
1191+ 0xC6,0x75,0x94,0x0A,0x0A,0x2A,0xFA,0x29,
1192 };
1193
1194 static const unsigned char str1[]="12345678901234567890";
1195@@ -157,7 +162,7 @@ int main(int argc, char **argv)
1196 BIO_printf(bio_err,"test generation of DSA parameters\n");
1197
1198 BN_GENCB_set(&cb, dsa_cb, bio_err);
1199- if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
1200+ if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 1024,
1201 seed, 20, &counter, &h, &cb))
1202 goto end;
1203
1204@@ -170,9 +175,9 @@ int main(int argc, char **argv)
1205 BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
1206
1207 DSA_print(bio_err,dsa,0);
1208- if (counter != 105)
1209+ if (counter != 239)
1210 {
1211- BIO_printf(bio_err,"counter should be 105\n");
1212+ BIO_printf(bio_err,"counter should be 239\n");
1213 goto end;
1214 }
1215 if (h != 2)
37d333a7
MT		 1216diff -up openssl-1.0.1e/crypto/engine/eng_all.c.fips openssl-1.0.1e/crypto/engine/eng_all.c
1217--- openssl-1.0.1e/crypto/engine/eng_all.c.fips 2013-02-11 16:26:04.000000000 +0100
1218+++ openssl-1.0.1e/crypto/engine/eng_all.c 2013-02-19 12:47:33.724118569 +0100
0595faf5
MT		 1219@@ -58,11 +58,25 @@
1220
1221 #include "cryptlib.h"
1222 #include "eng_int.h"
1223+#ifdef OPENSSL_FIPS
1224+#include <openssl/fips.h>
1225+#endif
1226
1227 void ENGINE_load_builtin_engines(void)
1228 {
1229 /* Some ENGINEs need this */
1230 OPENSSL_cpuid_setup();
1231+#ifdef OPENSSL_FIPS
1232+ OPENSSL_init_library();
1233+ if (FIPS_mode()) {
1234+ /* We allow loading dynamic engine as a third party
1235+ engine might be FIPS validated.
1236+ User is disallowed to load non-validated engines
1237+ by security policy. */
1238+ ENGINE_load_dynamic();
1239+ return;
1240+ }
1241+#endif
1242 #if 0
1243 /* There's no longer any need for an "openssl" ENGINE unless, one day,
1244 * it is the *only* way for standard builtin implementations to be be
37d333a7
MT		 1245diff -up openssl-1.0.1e/crypto/evp/c_allc.c.fips openssl-1.0.1e/crypto/evp/c_allc.c
1246--- openssl-1.0.1e/crypto/evp/c_allc.c.fips 2013-02-11 16:26:04.000000000 +0100
1247+++ openssl-1.0.1e/crypto/evp/c_allc.c 2013-02-19 12:47:33.725118589 +0100
0595faf5
MT		 1248@@ -65,6 +65,11 @@
1249 void OpenSSL_add_all_ciphers(void)
1250 {
1251
1252+#ifdef OPENSSL_FIPS
1253+ OPENSSL_init_library();
1254+ if(!FIPS_mode())
1255+ {
1256+#endif
1257 #ifndef OPENSSL_NO_DES
1258 EVP_add_cipher(EVP_des_cfb());
1259 EVP_add_cipher(EVP_des_cfb1());
1260@@ -227,4 +232,60 @@ void OpenSSL_add_all_ciphers(void)
1261 EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
1262 EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
1263 #endif
1264+#ifdef OPENSSL_FIPS
1265+ }
1266+ else
1267+ {
1268+#ifndef OPENSSL_NO_DES
1269+ EVP_add_cipher(EVP_des_ede_cfb());
1270+ EVP_add_cipher(EVP_des_ede3_cfb());
1271+
1272+ EVP_add_cipher(EVP_des_ede_ofb());
1273+ EVP_add_cipher(EVP_des_ede3_ofb());
1274+
1275+ EVP_add_cipher(EVP_des_ede_cbc());
1276+ EVP_add_cipher(EVP_des_ede3_cbc());
1277+ EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
1278+ EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
1279+
1280+ EVP_add_cipher(EVP_des_ede());
1281+ EVP_add_cipher(EVP_des_ede3());
1282+#endif
1283+
1284+#ifndef OPENSSL_NO_AES
1285+ EVP_add_cipher(EVP_aes_128_ecb());
1286+ EVP_add_cipher(EVP_aes_128_cbc());
1287+ EVP_add_cipher(EVP_aes_128_cfb());
1288+ EVP_add_cipher(EVP_aes_128_cfb1());
1289+ EVP_add_cipher(EVP_aes_128_cfb8());
1290+ EVP_add_cipher(EVP_aes_128_ofb());
1291+ EVP_add_cipher(EVP_aes_128_ctr());
1292+ EVP_add_cipher(EVP_aes_128_gcm());
1293+ EVP_add_cipher(EVP_aes_128_xts());
1294+ EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
1295+ EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
1296+ EVP_add_cipher(EVP_aes_192_ecb());
1297+ EVP_add_cipher(EVP_aes_192_cbc());
1298+ EVP_add_cipher(EVP_aes_192_cfb());
1299+ EVP_add_cipher(EVP_aes_192_cfb1());
1300+ EVP_add_cipher(EVP_aes_192_cfb8());
1301+ EVP_add_cipher(EVP_aes_192_ofb());
1302+ EVP_add_cipher(EVP_aes_192_ctr());
1303+ EVP_add_cipher(EVP_aes_192_gcm());
1304+ EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
1305+ EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
1306+ EVP_add_cipher(EVP_aes_256_ecb());
1307+ EVP_add_cipher(EVP_aes_256_cbc());
1308+ EVP_add_cipher(EVP_aes_256_cfb());
1309+ EVP_add_cipher(EVP_aes_256_cfb1());
1310+ EVP_add_cipher(EVP_aes_256_cfb8());
1311+ EVP_add_cipher(EVP_aes_256_ofb());
1312+ EVP_add_cipher(EVP_aes_256_ctr());
1313+ EVP_add_cipher(EVP_aes_256_gcm());
1314+ EVP_add_cipher(EVP_aes_256_xts());
1315+ EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
1316+ EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
1317+#endif
1318+ }
1319+#endif
1320 }
37d333a7
MT		 1321diff -up openssl-1.0.1e/crypto/evp/c_alld.c.fips openssl-1.0.1e/crypto/evp/c_alld.c
1322--- openssl-1.0.1e/crypto/evp/c_alld.c.fips 2013-02-11 16:26:04.000000000 +0100
1323+++ openssl-1.0.1e/crypto/evp/c_alld.c 2013-02-19 12:47:33.725118589 +0100
0595faf5
MT		 1324@@ -64,6 +64,11 @@
1325
1326 void OpenSSL_add_all_digests(void)
1327 {
1328+#ifdef OPENSSL_FIPS
1329+ OPENSSL_init_library();
1330+ if (!FIPS_mode())
1331+ {
1332+#endif
1333 #ifndef OPENSSL_NO_MD4
1334 EVP_add_digest(EVP_md4());
1335 #endif
1336@@ -111,4 +116,32 @@ void OpenSSL_add_all_digests(void)
1337 #ifndef OPENSSL_NO_WHIRLPOOL
1338 EVP_add_digest(EVP_whirlpool());
1339 #endif
1340+#ifdef OPENSSL_FIPS
1341+ }
1342+ else
1343+ {
1344+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
1345+ EVP_add_digest(EVP_sha1());
1346+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
1347+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
1348+#ifndef OPENSSL_NO_DSA
1349+ EVP_add_digest(EVP_dss1());
1350+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
1351+ EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
1352+ EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
1353+#endif
1354+#ifndef OPENSSL_NO_ECDSA
1355+ EVP_add_digest(EVP_ecdsa());
1356+#endif
1357+#endif
1358+#ifndef OPENSSL_NO_SHA256
1359+ EVP_add_digest(EVP_sha224());
1360+ EVP_add_digest(EVP_sha256());
1361+#endif
1362+#ifndef OPENSSL_NO_SHA512
1363+ EVP_add_digest(EVP_sha384());
1364+ EVP_add_digest(EVP_sha512());
1365+#endif
1366+ }
1367+#endif
1368 }
37d333a7
MT		 1369diff -up openssl-1.0.1e/crypto/evp/digest.c.fips openssl-1.0.1e/crypto/evp/digest.c
1370--- openssl-1.0.1e/crypto/evp/digest.c.fips 2013-02-11 16:26:04.000000000 +0100
1371+++ openssl-1.0.1e/crypto/evp/digest.c 2013-02-19 12:51:41.276779877 +0100
0595faf5
MT		 1372@@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
1373 return EVP_DigestInit_ex(ctx, type, NULL);
1374 }
1375
1376+#ifdef OPENSSL_FIPS
1377+
1378+/* The purpose of these is to trap programs that attempt to use non FIPS
1379+ * algorithms in FIPS mode and ignore the errors.
1380+ */
1381+
1382+static int bad_init(EVP_MD_CTX *ctx)
1383+ { FIPS_ERROR_IGNORED("Digest init"); return 0;}
1384+
1385+static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count)
1386+ { FIPS_ERROR_IGNORED("Digest update"); return 0;}
1387+
1388+static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
1389+ { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
1390+
1391+static const EVP_MD bad_md =
1392+ {
1393+ 0,
1394+ 0,
1395+ 0,
1396+ 0,
1397+ bad_init,
1398+ bad_update,
1399+ bad_final,
1400+ NULL,
1401+ NULL,
1402+ NULL,
1403+ 0,
1404+ {0,0,0,0},
1405+ };
1406+
1407+#endif
1408+
1409 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
1410 {
1411 EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
1412+#ifdef OPENSSL_FIPS
1413+ if(FIPS_selftest_failed())
1414+ {
1415+ FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
1416+ ctx->digest = &bad_md;
1417+ return 0;
1418+ }
1419+#endif
1420 #ifndef OPENSSL_NO_ENGINE
1421 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
1422 * so this context may already have an ENGINE! Try to avoid releasing
1423@@ -201,6 +242,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
1424 #endif
1425 if (ctx->digest != type)
1426 {
1427+#ifdef OPENSSL_FIPS
1428+ if (FIPS_mode())
1429+ {
1430+ if (!(type->flags & EVP_MD_FLAG_FIPS)
1431+ && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
1432+ {
1433+ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
1434+ ctx->digest = &bad_md;
1435+ return 0;
1436+ }
1437+ }
1438+#endif
1439 if (ctx->digest && ctx->digest->ctx_size)
1440 OPENSSL_free(ctx->md_data);
1441 ctx->digest=type;
1442@@ -229,26 +282,15 @@ skip_to_init:
1443 }
1444 if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
1445 return 1;
1446-#ifdef OPENSSL_FIPS
1447- if (FIPS_mode())
1448- {
1449- if (FIPS_digestinit(ctx, type))
1450- return 1;
1451- OPENSSL_free(ctx->md_data);
1452- ctx->md_data = NULL;
1453- return 0;
1454- }
1455-#endif
1456 return ctx->digest->init(ctx);
1457 }
1458
1459 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
1460 {
1461 #ifdef OPENSSL_FIPS
1462- return FIPS_digestupdate(ctx, data, count);
1463-#else
1464- return ctx->update(ctx,data,count);
1465+ FIPS_selftest_check();
1466 #endif
1467+ return ctx->update(ctx,data,count);
1468 }
1469
1470 /* The caller can assume that this removes any secret data from the context */
37d333a7 1471@@ -263,11 +305,11 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns
0595faf5
MT		 1472 /* The caller can assume that this removes any secret data from the context */
1473 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
1474 {
1475-#ifdef OPENSSL_FIPS
1476- return FIPS_digestfinal(ctx, md, size);
1477-#else
1478 int ret;
37d333a7 1479
0595faf5
MT		 1480+#ifdef OPENSSL_FIPS
1481+ FIPS_selftest_check();
1482+#endif
0595faf5
MT		 1483 OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
1484 ret=ctx->digest->final(ctx,md);
1485 if (size != NULL)
37d333a7 1486@@ -279,7 +321,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,
0595faf5
MT		 1487 }
1488 memset(ctx->md_data,0,ctx->digest->ctx_size);
1489 return ret;
1490-#endif
1491 }
1492
1493 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
37d333a7 1494@@ -373,7 +414,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
0595faf5
MT		 1495 /* This call frees resources associated with the context */
1496 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
1497 {
1498-#ifndef OPENSSL_FIPS
1499 /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
1500 * because sometimes only copies of the context are ever finalised.
1501 */
37d333a7 1502@@ -386,7 +426,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
0595faf5
MT		 1503 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
1504 OPENSSL_free(ctx->md_data);
1505 }
1506-#endif
1507 if (ctx->pctx)
1508 EVP_PKEY_CTX_free(ctx->pctx);
1509 #ifndef OPENSSL_NO_ENGINE
37d333a7 1510@@ -395,9 +434,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
0595faf5
MT		 1511 * functional reference we held for this reason. */
1512 ENGINE_finish(ctx->engine);
1513 #endif
1514-#ifdef OPENSSL_FIPS
1515- FIPS_md_ctx_cleanup(ctx);
1516-#endif
1517 memset(ctx,'\0',sizeof *ctx);
1518
1519 return 1;
37d333a7
MT		 1520diff -up openssl-1.0.1e/crypto/evp/e_aes.c.fips openssl-1.0.1e/crypto/evp/e_aes.c
1521--- openssl-1.0.1e/crypto/evp/e_aes.c.fips 2013-02-11 16:26:04.000000000 +0100
1522+++ openssl-1.0.1e/crypto/evp/e_aes.c 2013-02-19 12:47:33.726118609 +0100
0595faf5
MT		 1523@@ -56,7 +56,6 @@
1524 #include <assert.h>
1525 #include <openssl/aes.h>
1526 #include "evp_locl.h"
1527-#ifndef OPENSSL_FIPS
1528 #include "modes_lcl.h"
1529 #include <openssl/rand.h>
1530
1531@@ -716,7 +715,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *
1532 if (arg <= 0)
1533 return 0;
1534 #ifdef OPENSSL_FIPS
1535- if (FIPS_module_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)
1536+ if (FIPS_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)
1537 && arg < 12)
1538 return 0;
1539 #endif
1540@@ -1128,7 +1127,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
1541 return 0;
1542 #ifdef OPENSSL_FIPS
1543 /* Requirement of SP800-38E */
1544- if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
1545+ if (FIPS_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
1546 (len > (1UL<<20)*16))
1547 {
1548 EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
37d333a7 1549@@ -1311,4 +1310,3 @@ BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm
0595faf5
MT		 1550 BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
1551
1552 #endif
1553-#endif
37d333a7
MT		 1554diff -up openssl-1.0.1e/crypto/evp/e_des3.c.fips openssl-1.0.1e/crypto/evp/e_des3.c
1555--- openssl-1.0.1e/crypto/evp/e_des3.c.fips 2013-02-11 16:26:04.000000000 +0100
1556+++ openssl-1.0.1e/crypto/evp/e_des3.c 2013-02-19 12:47:33.727118629 +0100
0595faf5
MT		 1557@@ -65,8 +65,6 @@
1558 #include <openssl/des.h>
1559 #include <openssl/rand.h>
1560
1561-#ifndef OPENSSL_FIPS
1562-
1563 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1564 const unsigned char *iv,int enc);
1565
1566@@ -208,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH
1567 }
1568
1569 BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
1570- EVP_CIPH_RAND_KEY, des_ede_init_key, NULL,
1571- EVP_CIPHER_set_asn1_iv,
1572- EVP_CIPHER_get_asn1_iv,
1573+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1574+ des_ede_init_key,
1575+ NULL, NULL, NULL,
1576 des3_ctrl)
1577
1578 #define des_ede3_cfb64_cipher des_ede_cfb64_cipher
1579@@ -219,21 +217,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY,
1580 #define des_ede3_ecb_cipher des_ede_ecb_cipher
1581
1582 BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
1583- EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
1584- EVP_CIPHER_set_asn1_iv,
1585- EVP_CIPHER_get_asn1_iv,
1586+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1587+ des_ede3_init_key,
1588+ NULL, NULL, NULL,
1589 des3_ctrl)
1590
1591 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
1592- EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
1593- EVP_CIPHER_set_asn1_iv,
1594- EVP_CIPHER_get_asn1_iv,
1595+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1596+ des_ede3_init_key,
1597+ NULL, NULL, NULL,
1598 des3_ctrl)
1599
1600 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
1601- EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
1602- EVP_CIPHER_set_asn1_iv,
1603- EVP_CIPHER_get_asn1_iv,
1604+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1605+ des_ede3_init_key,
1606+ NULL, NULL, NULL,
1607 des3_ctrl)
1608
1609 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1610@@ -313,4 +311,3 @@ const EVP_CIPHER *EVP_des_ede3(void)
1611 return &des_ede3_ecb;
1612 }
1613 #endif
1614-#endif
37d333a7
MT		 1615diff -up openssl-1.0.1e/crypto/evp/e_null.c.fips openssl-1.0.1e/crypto/evp/e_null.c
1616--- openssl-1.0.1e/crypto/evp/e_null.c.fips 2013-02-11 16:26:04.000000000 +0100
1617+++ openssl-1.0.1e/crypto/evp/e_null.c 2013-02-19 12:47:33.727118629 +0100
0595faf5
MT		 1618@@ -61,8 +61,6 @@
1619 #include <openssl/evp.h>
1620 #include <openssl/objects.h>
1621
1622-#ifndef OPENSSL_FIPS
1623-
1624 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1625 const unsigned char *iv,int enc);
1626 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1627@@ -71,7 +69,7 @@ static const EVP_CIPHER n_cipher=
1628 {
1629 NID_undef,
1630 1,0,0,
1631- 0,
1632+ EVP_CIPH_FLAG_FIPS,
1633 null_init_key,
1634 null_cipher,
1635 NULL,
1636@@ -101,4 +99,3 @@ static int null_cipher(EVP_CIPHER_CTX *c
1637 memcpy((char *)out,(const char *)in,inl);
1638 return 1;
1639 }
1640-#endif
37d333a7
MT		 1641diff -up openssl-1.0.1e/crypto/evp/evp_enc.c.fips openssl-1.0.1e/crypto/evp/evp_enc.c
1642--- openssl-1.0.1e/crypto/evp/evp_enc.c.fips 2013-02-11 16:26:04.000000000 +0100
1643+++ openssl-1.0.1e/crypto/evp/evp_enc.c 2013-02-19 12:47:33.728118649 +0100
0595faf5
MT		 1644@@ -69,17 +69,58 @@
1645 #endif
1646 #include "evp_locl.h"
1647
1648-#ifdef OPENSSL_FIPS
1649-#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
1650-#else
1651 #define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
1652-#endif
1653
1654
1655 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
1656
1657+#ifdef OPENSSL_FIPS
1658+
1659+/* The purpose of these is to trap programs that attempt to use non FIPS
1660+ * algorithms in FIPS mode and ignore the errors.
1661+ */
1662+
1663+static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1664+ const unsigned char *iv, int enc)
1665+ { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
1666+
1667+static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1668+ const unsigned char *in, unsigned int inl)
1669+ { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
1670+
1671+/* NB: no cleanup because it is allowed after failed init */
1672+
1673+static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
1674+ { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
1675+static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
1676+ { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
1677+static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
1678+ { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
1679+
1680+static const EVP_CIPHER bad_cipher =
1681+ {
1682+ 0,
1683+ 0,
1684+ 0,
1685+ 0,
1686+ 0,
1687+ bad_init,
1688+ bad_do_cipher,
1689+ NULL,
1690+ 0,
1691+ bad_set_asn1,
1692+ bad_get_asn1,
1693+ bad_ctrl,
1694+ NULL
1695+ };
1696+
1697+#endif
1698+
1699 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
1700 {
1701+#ifdef OPENSSL_FIPS
1702+ FIPS_selftest_check();
1703+#endif
1704 memset(ctx,0,sizeof(EVP_CIPHER_CTX));
1705 /* ctx->cipher=NULL; */
1706 }
1707@@ -111,6 +152,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
1708 enc = 1;
1709 ctx->encrypt = enc;
1710 }
1711+#ifdef OPENSSL_FIPS
1712+ if(FIPS_selftest_failed())
1713+ {
1714+ FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
1715+ ctx->cipher = &bad_cipher;
1716+ return 0;
1717+ }
1718+#endif
1719 #ifndef OPENSSL_NO_ENGINE
1720 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
1721 * so this context may already have an ENGINE! Try to avoid releasing
a7ff9508 1722@@ -169,10 +218,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
0595faf5
MT		 1723 ctx->engine = NULL;
1724 #endif
1725
1726-#ifdef OPENSSL_FIPS
a7ff9508
MT		 1727- if (FIPS_mode())
1728- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
1729-#endif
0595faf5
MT		 1730 ctx->cipher=cipher;
1731 if (ctx->cipher->ctx_size)
1732 {
a7ff9508 1733@@ -206,10 +251,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
0595faf5
MT		 1734 #ifndef OPENSSL_NO_ENGINE
1735 skip_to_init:
1736 #endif
1737-#ifdef OPENSSL_FIPS
a7ff9508
MT		 1738- if (FIPS_mode())
1739- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
1740-#endif
0595faf5
MT		 1741 /* we assume block size is a power of 2 in *cryptUpdate */
1742 OPENSSL_assert(ctx->cipher->block_size == 1
1743 || ctx->cipher->block_size == 8
a7ff9508 1744@@ -249,6 +290,22 @@ skip_to_init:
0595faf5
MT		 1745 }
1746 }
1747
1748+#ifdef OPENSSL_FIPS
1749+ /* After 'key' is set no further parameters changes are permissible.
1750+ * So only check for non FIPS enabling at this point.
1751+ */
1752+ if (key && FIPS_mode())
1753+ {
1754+ if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
1755+ & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
1756+ {
1757+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS);
1758+ ctx->cipher = &bad_cipher;
1759+ return 0;
1760+ }
1761+ }
1762+#endif
1763+
1764 if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
1765 if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
1766 }
0595faf5
MT		 1767@@ -568,7 +625,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX
1768
1769 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
1770 {
1771-#ifndef OPENSSL_FIPS
1772 if (c->cipher != NULL)
1773 {
1774 if(c->cipher->cleanup && !c->cipher->cleanup(c))
1775@@ -579,16 +635,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT
1776 }
1777 if (c->cipher_data)
1778 OPENSSL_free(c->cipher_data);
1779-#endif
1780 #ifndef OPENSSL_NO_ENGINE
1781 if (c->engine)
1782 /* The EVP_CIPHER we used belongs to an ENGINE, release the
1783 * functional reference we held for this reason. */
1784 ENGINE_finish(c->engine);
1785 #endif
1786-#ifdef OPENSSL_FIPS
1787- FIPS_cipher_ctx_cleanup(c);
1788-#endif
1789 memset(c,0,sizeof(EVP_CIPHER_CTX));
1790 return 1;
1791 }
37d333a7
MT		 1792diff -up openssl-1.0.1e/crypto/evp/evp.h.fips openssl-1.0.1e/crypto/evp/evp.h
1793--- openssl-1.0.1e/crypto/evp/evp.h.fips 2013-02-19 12:47:33.474113487 +0100
1794+++ openssl-1.0.1e/crypto/evp/evp.h 2013-02-19 12:47:33.728118649 +0100
0595faf5
MT		 1795@@ -75,6 +75,10 @@
1796 #include <openssl/bio.h>
1797 #endif
1798
1799+#ifdef OPENSSL_FIPS
1800+#include <openssl/fips.h>
1801+#endif
1802+
1803 /*
1804 #define EVP_RC2_KEY_SIZE 16
1805 #define EVP_RC4_KEY_SIZE 16
1806@@ -272,10 +276,6 @@ struct env_md_ctx_st
1807 * cleaned */
1808 #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
1809 * in EVP_MD_CTX_cleanup */
1810-/* FIPS and pad options are ignored in 1.0.0, definitions are here
1811- * so we don't accidentally reuse the values for other purposes.
1812- */
1813-
1814 #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
1815 * in FIPS mode */
1816
1817@@ -287,6 +287,10 @@ struct env_md_ctx_st
1818 #define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */
1819 #define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */
1820 #define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */
1821+#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \
1822+ ((ctx->flags>>16) &0xFFFF) /* seed length */
1823+#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */
1824+#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */
1825
1826 #define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */
1827
1828@@ -338,15 +342,15 @@ struct evp_cipher_st
1829 /* cipher handles random key generation */
1830 #define EVP_CIPH_RAND_KEY 0x200
1831 /* cipher has its own additional copying logic */
1832-#define EVP_CIPH_CUSTOM_COPY 0x400
1833+#define EVP_CIPH_CUSTOM_COPY 0x4000
1834 /* Allow use default ASN1 get/set iv */
1835 #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
1836 /* Buffer length in bits not bytes: CFB1 mode only */
1837 #define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
1838 /* Note if suitable for use in FIPS mode */
1839-#define EVP_CIPH_FLAG_FIPS 0x4000
1840+#define EVP_CIPH_FLAG_FIPS 0x400
1841 /* Allow non FIPS cipher in FIPS mode */
1842-#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000
1843+#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
1844 /* Cipher handles any and all padding logic as well
1845 * as finalisation.
1846 */
37d333a7
MT		 1847diff -up openssl-1.0.1e/crypto/evp/evp_lib.c.fips openssl-1.0.1e/crypto/evp/evp_lib.c
1848--- openssl-1.0.1e/crypto/evp/evp_lib.c.fips 2013-02-11 16:26:04.000000000 +0100
1849+++ openssl-1.0.1e/crypto/evp/evp_lib.c 2013-02-19 12:47:33.729118669 +0100
0595faf5
MT		 1850@@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_
1851
1852 int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
1853 {
1854+#ifdef OPENSSL_FIPS
1855+ FIPS_selftest_check();
1856+#endif
1857 return ctx->cipher->do_cipher(ctx,out,in,inl);
1858 }
1859
37d333a7
MT		 1860diff -up openssl-1.0.1e/crypto/evp/evp_locl.h.fips openssl-1.0.1e/crypto/evp/evp_locl.h
1861--- openssl-1.0.1e/crypto/evp/evp_locl.h.fips 2013-02-19 12:47:33.465113304 +0100
1862+++ openssl-1.0.1e/crypto/evp/evp_locl.h 2013-02-19 12:47:33.729118669 +0100
0595faf5
MT		 1863@@ -258,10 +258,9 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
1864 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
1865 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
1866 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
1867- 0, cipher##_init_key, NULL, \
1868- EVP_CIPHER_set_asn1_iv, \
1869- EVP_CIPHER_get_asn1_iv, \
1870- NULL)
1871+ EVP_CIPH_FLAG_DEFAULT_ASN1, \
1872+ cipher##_init_key, NULL, NULL, NULL, NULL)
1873+
1874
1875 struct evp_pkey_ctx_st
1876 {
1877@@ -367,11 +366,6 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_
1878 #define MD2_Init private_MD2_Init
1879 #define MDC2_Init private_MDC2_Init
1880 #define SHA_Init private_SHA_Init
1881-#define SHA1_Init private_SHA1_Init
1882-#define SHA224_Init private_SHA224_Init
1883-#define SHA256_Init private_SHA256_Init
1884-#define SHA384_Init private_SHA384_Init
1885-#define SHA512_Init private_SHA512_Init
1886
1887 #define BF_set_key private_BF_set_key
1888 #define CAST_set_key private_CAST_set_key
1889@@ -379,7 +373,6 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_
1890 #define SEED_set_key private_SEED_set_key
1891 #define RC2_set_key private_RC2_set_key
1892 #define RC4_set_key private_RC4_set_key
1893-#define DES_set_key_unchecked private_DES_set_key_unchecked
1894 #define Camellia_set_key private_Camellia_set_key
1895
1896 #endif
37d333a7
MT		 1897diff -up openssl-1.0.1e/crypto/evp/Makefile.fips openssl-1.0.1e/crypto/evp/Makefile
1898--- openssl-1.0.1e/crypto/evp/Makefile.fips 2013-02-11 16:26:04.000000000 +0100
1899+++ openssl-1.0.1e/crypto/evp/Makefile 2013-02-19 12:53:25.468917386 +0100
0595faf5
MT		 1900@@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_
1901 bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
1902 c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
1903 evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
1904- e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \
1905+ e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
1906 e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
1907
37d333a7 1908 LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
0595faf5
MT		 1909@@ -41,7 +41,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_
1910 bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
1911 c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
1912 evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
1913- e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \
1914+ e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \
1915 e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
1916
1917 SRC= $(LIBSRC)
37d333a7
MT		 1918diff -up openssl-1.0.1e/crypto/evp/m_dss1.c.fips openssl-1.0.1e/crypto/evp/m_dss1.c
1919--- openssl-1.0.1e/crypto/evp/m_dss1.c.fips 2013-02-11 16:26:04.000000000 +0100
1920+++ openssl-1.0.1e/crypto/evp/m_dss1.c 2013-02-19 12:47:33.730118689 +0100
0595faf5
MT		 1921@@ -68,8 +68,6 @@
1922 #include <openssl/dsa.h>
1923 #endif
1924
1925-#ifndef OPENSSL_FIPS
1926-
1927 static int init(EVP_MD_CTX *ctx)
1928 { return SHA1_Init(ctx->md_data); }
1929
1930@@ -84,7 +82,7 @@ static const EVP_MD dss1_md=
1931 NID_dsa,
1932 NID_dsaWithSHA1,
1933 SHA_DIGEST_LENGTH,
1934- EVP_MD_FLAG_PKEY_DIGEST,
1935+ EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
1936 init,
1937 update,
1938 final,
1939@@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
1940 return(&dss1_md);
1941 }
1942 #endif
1943-#endif
37d333a7
MT		 1944diff -up openssl-1.0.1e/crypto/evp/m_dss.c.fips openssl-1.0.1e/crypto/evp/m_dss.c
1945--- openssl-1.0.1e/crypto/evp/m_dss.c.fips 2013-02-11 16:26:04.000000000 +0100
1946+++ openssl-1.0.1e/crypto/evp/m_dss.c 2013-02-19 12:47:33.730118689 +0100
0595faf5
MT		 1947@@ -66,7 +66,6 @@
1948 #endif
1949
1950 #ifndef OPENSSL_NO_SHA
1951-#ifndef OPENSSL_FIPS
1952
1953 static int init(EVP_MD_CTX *ctx)
1954 { return SHA1_Init(ctx->md_data); }
1955@@ -82,7 +81,7 @@ static const EVP_MD dsa_md=
1956 NID_dsaWithSHA,
1957 NID_dsaWithSHA,
1958 SHA_DIGEST_LENGTH,
1959- EVP_MD_FLAG_PKEY_DIGEST,
1960+ EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
1961 init,
1962 update,
1963 final,
1964@@ -98,4 +97,3 @@ const EVP_MD *EVP_dss(void)
1965 return(&dsa_md);
1966 }
1967 #endif
1968-#endif
37d333a7
MT		 1969diff -up openssl-1.0.1e/crypto/evp/m_md2.c.fips openssl-1.0.1e/crypto/evp/m_md2.c
1970--- openssl-1.0.1e/crypto/evp/m_md2.c.fips 2013-02-11 16:26:04.000000000 +0100
1971+++ openssl-1.0.1e/crypto/evp/m_md2.c 2013-02-19 12:47:33.731118710 +0100
0595faf5
MT		 1972@@ -68,6 +68,7 @@
1973 #ifndef OPENSSL_NO_RSA
1974 #include <openssl/rsa.h>
1975 #endif
1976+#include "evp_locl.h"
1977
1978 static int init(EVP_MD_CTX *ctx)
1979 { return MD2_Init(ctx->md_data); }
37d333a7
MT		 1980diff -up openssl-1.0.1e/crypto/evp/m_sha1.c.fips openssl-1.0.1e/crypto/evp/m_sha1.c
1981--- openssl-1.0.1e/crypto/evp/m_sha1.c.fips 2013-02-11 16:26:04.000000000 +0100
1982+++ openssl-1.0.1e/crypto/evp/m_sha1.c 2013-02-19 12:47:33.731118710 +0100
0595faf5
MT		 1983@@ -59,8 +59,6 @@
1984 #include <stdio.h>
1985 #include "cryptlib.h"
1986
1987-#ifndef OPENSSL_FIPS
1988-
1989 #ifndef OPENSSL_NO_SHA
1990
1991 #include <openssl/evp.h>
1992@@ -85,7 +83,8 @@ static const EVP_MD sha1_md=
1993 NID_sha1,
1994 NID_sha1WithRSAEncryption,
1995 SHA_DIGEST_LENGTH,
1996- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
1997+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
1998+ EVP_MD_FLAG_FIPS,
1999 init,
2000 update,
2001 final,
2002@@ -122,7 +121,8 @@ static const EVP_MD sha224_md=
2003 NID_sha224,
2004 NID_sha224WithRSAEncryption,
2005 SHA224_DIGEST_LENGTH,
2006- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
2007+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
2008+ EVP_MD_FLAG_FIPS,
2009 init224,
2010 update256,
2011 final256,
2012@@ -141,7 +141,8 @@ static const EVP_MD sha256_md=
2013 NID_sha256,
2014 NID_sha256WithRSAEncryption,
2015 SHA256_DIGEST_LENGTH,
2016- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
2017+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
2018+ EVP_MD_FLAG_FIPS,
2019 init256,
2020 update256,
2021 final256,
2022@@ -172,7 +173,8 @@ static const EVP_MD sha384_md=
2023 NID_sha384,
2024 NID_sha384WithRSAEncryption,
2025 SHA384_DIGEST_LENGTH,
2026- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
2027+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
2028+ EVP_MD_FLAG_FIPS,
2029 init384,
2030 update512,
2031 final512,
2032@@ -191,7 +193,8 @@ static const EVP_MD sha512_md=
2033 NID_sha512,
2034 NID_sha512WithRSAEncryption,
2035 SHA512_DIGEST_LENGTH,
2036- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
2037+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
2038+ EVP_MD_FLAG_FIPS,
2039 init512,
2040 update512,
2041 final512,
2042@@ -206,4 +209,3 @@ const EVP_MD *EVP_sha512(void)
2043 { return(&sha512_md); }
2044 #endif /* ifndef OPENSSL_NO_SHA512 */
2045
2046-#endif
37d333a7
MT		 2047diff -up openssl-1.0.1e/crypto/evp/p_sign.c.fips openssl-1.0.1e/crypto/evp/p_sign.c
2048--- openssl-1.0.1e/crypto/evp/p_sign.c.fips 2013-02-11 16:26:04.000000000 +0100
2049+++ openssl-1.0.1e/crypto/evp/p_sign.c 2013-02-19 12:47:33.731118710 +0100
0595faf5
MT		 2050@@ -61,6 +61,7 @@
2051 #include <openssl/evp.h>
2052 #include <openssl/objects.h>
2053 #include <openssl/x509.h>
2054+#include <openssl/rsa.h>
2055
2056 #ifdef undef
2057 void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
2058@@ -103,6 +104,22 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsig
2059 goto err;
2060 if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
2061 goto err;
2062+ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931)
2063+ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0)
2064+ goto err;
2065+ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS)
2066+ {
2067+ int saltlen;
2068+ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
2069+ goto err;
2070+ saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx);
2071+ if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
2072+ saltlen = -1;
2073+ else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
2074+ saltlen = -2;
2075+ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
2076+ goto err;
2077+ }
2078 if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
2079 goto err;
2080 *siglen = sltmp;
37d333a7
MT		 2081diff -up openssl-1.0.1e/crypto/evp/p_verify.c.fips openssl-1.0.1e/crypto/evp/p_verify.c
2082--- openssl-1.0.1e/crypto/evp/p_verify.c.fips 2013-02-11 16:26:04.000000000 +0100
2083+++ openssl-1.0.1e/crypto/evp/p_verify.c 2013-02-19 12:47:33.732118731 +0100
0595faf5
MT		 2084@@ -61,6 +61,7 @@
2085 #include <openssl/evp.h>
2086 #include <openssl/objects.h>
2087 #include <openssl/x509.h>
2088+#include <openssl/rsa.h>
2089
2090 int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
2091 unsigned int siglen, EVP_PKEY *pkey)
2092@@ -88,6 +89,22 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, con
2093 goto err;
2094 if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
2095 goto err;
2096+ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931)
2097+ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0)
2098+ goto err;
2099+ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS)
2100+ {
2101+ int saltlen;
2102+ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
2103+ goto err;
2104+ saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx);
2105+ if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
2106+ saltlen = -1;
2107+ else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
2108+ saltlen = -2;
2109+ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
2110+ goto err;
2111+ }
2112 i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
2113 err:
2114 EVP_PKEY_CTX_free(pkctx);
37d333a7
MT		 2115diff -up openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c
2116--- openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c.fips 2013-02-19 12:47:33.732118731 +0100
2117+++ openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c 2013-02-19 12:47:33.732118731 +0100
0595faf5
MT		 2118@@ -0,0 +1,939 @@
2119+/* ====================================================================
2120+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
2121+ *
2122+ * Redistribution and use in source and binary forms, with or without
2123+ * modification, are permitted provided that the following conditions
2124+ * are met:
2125+ *
2126+ * 1. Redistributions of source code must retain the above copyright
2127+ * notice, this list of conditions and the following disclaimer.
2128+ *
2129+ * 2. Redistributions in binary form must reproduce the above copyright
2130+ * notice, this list of conditions and the following disclaimer in
2131+ * the documentation and/or other materials provided with the
2132+ * distribution.
2133+ *
2134+ * 3. All advertising materials mentioning features or use of this
2135+ * software must display the following acknowledgment:
2136+ * "This product includes software developed by the OpenSSL Project
2137+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
2138+ *
2139+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
2140+ * endorse or promote products derived from this software without
2141+ * prior written permission. For written permission, please contact
2142+ * openssl-core@openssl.org.
2143+ *
2144+ * 5. Products derived from this software may not be called "OpenSSL"
2145+ * nor may "OpenSSL" appear in their names without prior written
2146+ * permission of the OpenSSL Project.
2147+ *
2148+ * 6. Redistributions of any form whatsoever must retain the following
2149+ * acknowledgment:
2150+ * "This product includes software developed by the OpenSSL Project
2151+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
2152+ *
2153+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
2154+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2155+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
2156+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
2157+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
2158+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
2159+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
2160+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2161+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
2162+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
2163+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
2164+ * OF THE POSSIBILITY OF SUCH DAMAGE.
2165+ *
2166+ */
2167+/*---------------------------------------------
2168+ NIST AES Algorithm Validation Suite
2169+ Test Program
2170+
2171+ Donated to OpenSSL by:
2172+ V-ONE Corporation
2173+ 20250 Century Blvd, Suite 300
2174+ Germantown, MD 20874
2175+ U.S.A.
2176+ ----------------------------------------------*/
2177+
2178+#include <stdio.h>
2179+#include <stdlib.h>
2180+#include <string.h>
2181+#include <errno.h>
2182+#include <assert.h>
2183+#include <ctype.h>
2184+#include <openssl/aes.h>
2185+#include <openssl/evp.h>
2186+#include <openssl/bn.h>
2187+
2188+#include <openssl/err.h>
2189+#include "e_os.h"
2190+
2191+#ifndef OPENSSL_FIPS
2192+
2193+int main(int argc, char *argv[])
2194+{
2195+ printf("No FIPS AES support\n");
2196+ return(0);
2197+}
2198+
2199+#else
2200+
2201+#include <openssl/fips.h>
2202+#include "fips_utl.h"
2203+
2204+#define AES_BLOCK_SIZE 16
2205+
2206+#define VERBOSE 0
2207+
2208+/*-----------------------------------------------*/
2209+
2210+int AESTest(EVP_CIPHER_CTX *ctx,
2211+ char *amode, int akeysz, unsigned char *aKey,
2212+ unsigned char *iVec,
2213+ int dir, /* 0 = decrypt, 1 = encrypt */
2214+ unsigned char *plaintext, unsigned char *ciphertext, int len)
2215+ {
2216+ const EVP_CIPHER *cipher = NULL;
2217+
2218+ if (strcasecmp(amode, "CBC") == 0)
2219+ {
2220+ switch (akeysz)
2221+ {
2222+ case 128:
2223+ cipher = EVP_aes_128_cbc();
2224+ break;
2225+
2226+ case 192:
2227+ cipher = EVP_aes_192_cbc();
2228+ break;
2229+
2230+ case 256:
2231+ cipher = EVP_aes_256_cbc();
2232+ break;
2233+ }
2234+
2235+ }
2236+ else if (strcasecmp(amode, "ECB") == 0)
2237+ {
2238+ switch (akeysz)
2239+ {
2240+ case 128:
2241+ cipher = EVP_aes_128_ecb();
2242+ break;
2243+
2244+ case 192:
2245+ cipher = EVP_aes_192_ecb();
2246+ break;
2247+
2248+ case 256:
2249+ cipher = EVP_aes_256_ecb();
2250+ break;
2251+ }
2252+ }
2253+ else if (strcasecmp(amode, "CFB128") == 0)
2254+ {
2255+ switch (akeysz)
2256+ {
2257+ case 128:
2258+ cipher = EVP_aes_128_cfb128();
2259+ break;
2260+
2261+ case 192:
2262+ cipher = EVP_aes_192_cfb128();
2263+ break;
2264+
2265+ case 256:
2266+ cipher = EVP_aes_256_cfb128();
2267+ break;
2268+ }
2269+
2270+ }
2271+ else if (strncasecmp(amode, "OFB", 3) == 0)
2272+ {
2273+ switch (akeysz)
2274+ {
2275+ case 128:
2276+ cipher = EVP_aes_128_ofb();
2277+ break;
2278+
2279+ case 192:
2280+ cipher = EVP_aes_192_ofb();
2281+ break;
2282+
2283+ case 256:
2284+ cipher = EVP_aes_256_ofb();
2285+ break;
2286+ }
2287+ }
2288+ else if(!strcasecmp(amode,"CFB1"))
2289+ {
2290+ switch (akeysz)
2291+ {
2292+ case 128:
2293+ cipher = EVP_aes_128_cfb1();
2294+ break;
2295+
2296+ case 192:
2297+ cipher = EVP_aes_192_cfb1();
2298+ break;
2299+
2300+ case 256:
2301+ cipher = EVP_aes_256_cfb1();
2302+ break;
2303+ }
2304+ }
2305+ else if(!strcasecmp(amode,"CFB8"))
2306+ {
2307+ switch (akeysz)
2308+ {
2309+ case 128:
2310+ cipher = EVP_aes_128_cfb8();
2311+ break;
2312+
2313+ case 192:
2314+ cipher = EVP_aes_192_cfb8();
2315+ break;
2316+
2317+ case 256:
2318+ cipher = EVP_aes_256_cfb8();
2319+ break;
2320+ }
2321+ }
2322+ else
2323+ {
2324+ printf("Unknown mode: %s\n", amode);
2325+ return 0;
2326+ }
2327+ if (!cipher)
2328+ {
2329+ printf("Invalid key size: %d\n", akeysz);
2330+ return 0;
2331+ }
2332+ if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
2333+ return 0;
2334+ if(!strcasecmp(amode,"CFB1"))
2335+ M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
2336+ if (dir)
2337+ EVP_Cipher(ctx, ciphertext, plaintext, len);
2338+ else
2339+ EVP_Cipher(ctx, plaintext, ciphertext, len);
2340+ return 1;
2341+ }
2342+
2343+/*-----------------------------------------------*/
2344+char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
2345+char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"};
2346+enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128};
2347+enum XCrypt {XDECRYPT, XENCRYPT};
2348+
2349+/*=============================*/
2350+/* Monte Carlo Tests */
2351+/*-----------------------------*/
2352+
2353+/*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/
2354+/*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/
2355+
2356+#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
2357+#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
2358+
2359+int do_mct(char *amode,
2360+ int akeysz, unsigned char *aKey,unsigned char *iVec,
2361+ int dir, unsigned char *text, int len,
2362+ FILE *rfp)
2363+ {
2364+ int ret = 0;
2365+ unsigned char key[101][32];
2366+ unsigned char iv[101][AES_BLOCK_SIZE];
2367+ unsigned char ptext[1001][32];
2368+ unsigned char ctext[1001][32];
2369+ unsigned char ciphertext[64+4];
2370+ int i, j, n, n1, n2;
2371+ int imode = 0, nkeysz = akeysz/8;
2372+ EVP_CIPHER_CTX ctx;
2373+ EVP_CIPHER_CTX_init(&ctx);
2374+
2375+ if (len > 32)
2376+ {
2377+ printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n",
2378+ amode, akeysz);
2379+ return -1;
2380+ }
2381+ for (imode = 0; imode < 6; ++imode)
2382+ if (strcmp(amode, t_mode[imode]) == 0)
2383+ break;
2384+ if (imode == 6)
2385+ {
2386+ printf("Unrecognized mode: %s\n", amode);
2387+ return -1;
2388+ }
2389+
2390+ memcpy(key[0], aKey, nkeysz);
2391+ if (iVec)
2392+ memcpy(iv[0], iVec, AES_BLOCK_SIZE);
2393+ if (dir == XENCRYPT)
2394+ memcpy(ptext[0], text, len);
2395+ else
2396+ memcpy(ctext[0], text, len);
2397+ for (i = 0; i < 100; ++i)
2398+ {
2399+ /* printf("Iteration %d\n", i); */
2400+ if (i > 0)
2401+ {
2402+ fprintf(rfp,"COUNT = %d\n",i);
2403+ OutputValue("KEY",key[i],nkeysz,rfp,0);
2404+ if (imode != ECB) /* ECB */
2405+ OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0);
2406+ /* Output Ciphertext | Plaintext */
2407+ OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp,
2408+ imode == CFB1);
2409+ }
2410+ for (j = 0; j < 1000; ++j)
2411+ {
2412+ switch (imode)
2413+ {
2414+ case ECB:
2415+ if (j == 0)
2416+ { /* set up encryption */
2417+ ret = AESTest(&ctx, amode, akeysz, key[i], NULL,
2418+ dir, /* 0 = decrypt, 1 = encrypt */
2419+ ptext[j], ctext[j], len);
2420+ if (dir == XENCRYPT)
2421+ memcpy(ptext[j+1], ctext[j], len);
2422+ else
2423+ memcpy(ctext[j+1], ptext[j], len);
2424+ }
2425+ else
2426+ {
2427+ if (dir == XENCRYPT)
2428+ {
2429+ EVP_Cipher(&ctx, ctext[j], ptext[j], len);
2430+ memcpy(ptext[j+1], ctext[j], len);
2431+ }
2432+ else
2433+ {
2434+ EVP_Cipher(&ctx, ptext[j], ctext[j], len);
2435+ memcpy(ctext[j+1], ptext[j], len);
2436+ }
2437+ }
2438+ break;
2439+
2440+ case CBC:
2441+ case OFB:
2442+ case CFB128:
2443+ if (j == 0)
2444+ {
2445+ ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
2446+ dir, /* 0 = decrypt, 1 = encrypt */
2447+ ptext[j], ctext[j], len);
2448+ if (dir == XENCRYPT)
2449+ memcpy(ptext[j+1], iv[i], len);
2450+ else
2451+ memcpy(ctext[j+1], iv[i], len);
2452+ }
2453+ else
2454+ {
2455+ if (dir == XENCRYPT)
2456+ {
2457+ EVP_Cipher(&ctx, ctext[j], ptext[j], len);
2458+ memcpy(ptext[j+1], ctext[j-1], len);
2459+ }
2460+ else
2461+ {
2462+ EVP_Cipher(&ctx, ptext[j], ctext[j], len);
2463+ memcpy(ctext[j+1], ptext[j-1], len);
2464+ }
2465+ }
2466+ break;
2467+
2468+ case CFB8:
2469+ if (j == 0)
2470+ {
2471+ ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
2472+ dir, /* 0 = decrypt, 1 = encrypt */
2473+ ptext[j], ctext[j], len);
2474+ }
2475+ else
2476+ {
2477+ if (dir == XENCRYPT)
2478+ EVP_Cipher(&ctx, ctext[j], ptext[j], len);
2479+ else
2480+ EVP_Cipher(&ctx, ptext[j], ctext[j], len);
2481+ }
2482+ if (dir == XENCRYPT)
2483+ {
2484+ if (j < 16)
2485+ memcpy(ptext[j+1], &iv[i][j], len);
2486+ else
2487+ memcpy(ptext[j+1], ctext[j-16], len);
2488+ }
2489+ else
2490+ {
2491+ if (j < 16)
2492+ memcpy(ctext[j+1], &iv[i][j], len);
2493+ else
2494+ memcpy(ctext[j+1], ptext[j-16], len);
2495+ }
2496+ break;
2497+
2498+ case CFB1:
2499+ if(j == 0)
2500+ {
2501+#if 0
2502+ /* compensate for wrong endianness of input file */
2503+ if(i == 0)
2504+ ptext[0][0]<<=7;
2505+#endif
2506+ ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
2507+ ptext[j], ctext[j], len);
2508+ }
2509+ else
2510+ {
2511+ if (dir == XENCRYPT)
2512+ EVP_Cipher(&ctx, ctext[j], ptext[j], len);
2513+ else
2514+ EVP_Cipher(&ctx, ptext[j], ctext[j], len);
2515+
2516+ }
2517+ if(dir == XENCRYPT)
2518+ {
2519+ if(j < 128)
2520+ sb(ptext[j+1],0,gb(iv[i],j));
2521+ else
2522+ sb(ptext[j+1],0,gb(ctext[j-128],0));
2523+ }
2524+ else
2525+ {
2526+ if(j < 128)
2527+ sb(ctext[j+1],0,gb(iv[i],j));
2528+ else
2529+ sb(ctext[j+1],0,gb(ptext[j-128],0));
2530+ }
2531+ break;
2532+ }
2533+ }
2534+ --j; /* reset to last of range */
2535+ /* Output Ciphertext | Plaintext */
2536+ OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp,
2537+ imode == CFB1);
2538+ fprintf(rfp, "\n"); /* add separator */
2539+
2540+ /* Compute next KEY */
2541+ if (dir == XENCRYPT)
2542+ {
2543+ if (imode == CFB8)
2544+ { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
2545+ for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
2546+ ciphertext[n1] = ctext[j-n2][0];
2547+ }
2548+ else if(imode == CFB1)
2549+ {
2550+ for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
2551+ sb(ciphertext,n1,gb(ctext[j-n2],0));
2552+ }
2553+ else
2554+ switch (akeysz)
2555+ {
2556+ case 128:
2557+ memcpy(ciphertext, ctext[j], 16);
2558+ break;
2559+ case 192:
2560+ memcpy(ciphertext, ctext[j-1]+8, 8);
2561+ memcpy(ciphertext+8, ctext[j], 16);
2562+ break;
2563+ case 256:
2564+ memcpy(ciphertext, ctext[j-1], 16);
2565+ memcpy(ciphertext+16, ctext[j], 16);
2566+ break;
2567+ }
2568+ }
2569+ else
2570+ {
2571+ if (imode == CFB8)
2572+ { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
2573+ for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
2574+ ciphertext[n1] = ptext[j-n2][0];
2575+ }
2576+ else if(imode == CFB1)
2577+ {
2578+ for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
2579+ sb(ciphertext,n1,gb(ptext[j-n2],0));
2580+ }
2581+ else
2582+ switch (akeysz)
2583+ {
2584+ case 128:
2585+ memcpy(ciphertext, ptext[j], 16);
2586+ break;
2587+ case 192:
2588+ memcpy(ciphertext, ptext[j-1]+8, 8);
2589+ memcpy(ciphertext+8, ptext[j], 16);
2590+ break;
2591+ case 256:
2592+ memcpy(ciphertext, ptext[j-1], 16);
2593+ memcpy(ciphertext+16, ptext[j], 16);
2594+ break;
2595+ }
2596+ }
2597+ /* Compute next key: Key[i+1] = Key[i] xor ct */
2598+ for (n = 0; n < nkeysz; ++n)
2599+ key[i+1][n] = key[i][n] ^ ciphertext[n];
2600+
2601+ /* Compute next IV and text */
2602+ if (dir == XENCRYPT)
2603+ {
2604+ switch (imode)
2605+ {
2606+ case ECB:
2607+ memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE);
2608+ break;
2609+ case CBC:
2610+ case OFB:
2611+ case CFB128:
2612+ memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE);
2613+ memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE);
2614+ break;
2615+ case CFB8:
2616+ /* IV[i+1] = ct */
2617+ for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
2618+ iv[i+1][n1] = ctext[j-n2][0];
2619+ ptext[0][0] = ctext[j-16][0];
2620+ break;
2621+ case CFB1:
2622+ for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
2623+ sb(iv[i+1],n1,gb(ctext[j-n2],0));
2624+ ptext[0][0]=ctext[j-128][0]&0x80;
2625+ break;
2626+ }
2627+ }
2628+ else
2629+ {
2630+ switch (imode)
2631+ {
2632+ case ECB:
2633+ memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE);
2634+ break;
2635+ case CBC:
2636+ case OFB:
2637+ case CFB128:
2638+ memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE);
2639+ memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE);
2640+ break;
2641+ case CFB8:
2642+ for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
2643+ iv[i+1][n1] = ptext[j-n2][0];
2644+ ctext[0][0] = ptext[j-16][0];
2645+ break;
2646+ case CFB1:
2647+ for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
2648+ sb(iv[i+1],n1,gb(ptext[j-n2],0));
2649+ ctext[0][0]=ptext[j-128][0]&0x80;
2650+ break;
2651+ }
2652+ }
2653+ }
2654+
2655+ return ret;
2656+ }
2657+
2658+/*================================================*/
2659+/*----------------------------
2660+ # Config info for v-one
2661+ # AESVS MMT test data for ECB
2662+ # State : Encrypt and Decrypt
2663+ # Key Length : 256
2664+ # Fri Aug 30 04:07:22 PM
2665+ ----------------------------*/
2666+
2667+int proc_file(char *rqfile, char *rspfile)
2668+ {
2669+ char afn[256], rfn[256];
2670+ FILE *afp = NULL, *rfp = NULL;
2671+ char ibuf[2048];
2672+ char tbuf[2048];
2673+ int ilen, len, ret = 0;
2674+ char algo[8] = "";
2675+ char amode[8] = "";
2676+ char atest[8] = "";
2677+ int akeysz = 0;
2678+ unsigned char iVec[20], aKey[40];
2679+ int dir = -1, err = 0, step = 0;
2680+ unsigned char plaintext[2048];
2681+ unsigned char ciphertext[2048];
2682+ char *rp;
2683+ EVP_CIPHER_CTX ctx;
2684+ EVP_CIPHER_CTX_init(&ctx);
2685+
2686+ if (!rqfile || !(*rqfile))
2687+ {
2688+ printf("No req file\n");
2689+ return -1;
2690+ }
2691+ strcpy(afn, rqfile);
2692+
2693+ if ((afp = fopen(afn, "r")) == NULL)
2694+ {
2695+ printf("Cannot open file: %s, %s\n",
2696+ afn, strerror(errno));
2697+ return -1;
2698+ }
2699+ if (!rspfile)
2700+ {
2701+ strcpy(rfn,afn);
2702+ rp=strstr(rfn,"req/");
2703+#ifdef OPENSSL_SYS_WIN32
2704+ if (!rp)
2705+ rp=strstr(rfn,"req\\");
2706+#endif
2707+ assert(rp);
2708+ memcpy(rp,"rsp",3);
2709+ rp = strstr(rfn, ".req");
2710+ memcpy(rp, ".rsp", 4);
2711+ rspfile = rfn;
2712+ }
2713+ if ((rfp = fopen(rspfile, "w")) == NULL)
2714+ {
2715+ printf("Cannot open file: %s, %s\n",
2716+ rfn, strerror(errno));
2717+ fclose(afp);
2718+ afp = NULL;
2719+ return -1;
2720+ }
2721+ while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
2722+ {
2723+ tidy_line(tbuf, ibuf);
2724+ ilen = strlen(ibuf);
2725+ /* printf("step=%d ibuf=%s",step,ibuf); */
2726+ switch (step)
2727+ {
2728+ case 0: /* read preamble */
2729+ if (ibuf[0] == '\n')
2730+ { /* end of preamble */
2731+ if ((*algo == '\0') ||
2732+ (*amode == '\0') ||
2733+ (akeysz == 0))
2734+ {
2735+ printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n",
2736+ algo,amode,akeysz);
2737+ err = 1;
2738+ }
2739+ else
2740+ {
2741+ fputs(ibuf, rfp);
2742+ ++ step;
2743+ }
2744+ }
2745+ else if (ibuf[0] != '#')
2746+ {
2747+ printf("Invalid preamble item: %s\n", ibuf);
2748+ err = 1;
2749+ }
2750+ else
2751+ { /* process preamble */
2752+ char *xp, *pp = ibuf+2;
2753+ int n;
2754+ if (akeysz)
2755+ { /* insert current time & date */
2756+ time_t rtim = time(0);
2757+ fprintf(rfp, "# %s", ctime(&rtim));
2758+ }
2759+ else
2760+ {
2761+ fputs(ibuf, rfp);
2762+ if (strncmp(pp, "AESVS ", 6) == 0)
2763+ {
2764+ strcpy(algo, "AES");
2765+ /* get test type */
2766+ pp += 6;
2767+ xp = strchr(pp, ' ');
2768+ n = xp-pp;
2769+ strncpy(atest, pp, n);
2770+ atest[n] = '\0';
2771+ /* get mode */
2772+ xp = strrchr(pp, ' '); /* get mode" */
2773+ n = strlen(xp+1)-1;
2774+ strncpy(amode, xp+1, n);
2775+ amode[n] = '\0';
2776+ /* amode[3] = '\0'; */
2777+ if (VERBOSE)
2778+ printf("Test = %s, Mode = %s\n", atest, amode);
2779+ }
2780+ else if (strncasecmp(pp, "Key Length : ", 13) == 0)
2781+ {
2782+ akeysz = atoi(pp+13);
2783+ if (VERBOSE)
2784+ printf("Key size = %d\n", akeysz);
2785+ }
2786+ }
2787+ }
2788+ break;
2789+
2790+ case 1: /* [ENCRYPT] | [DECRYPT] */
2791+ if (ibuf[0] == '[')
2792+ {
2793+ fputs(ibuf, rfp);
2794+ ++step;
2795+ if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
2796+ dir = 1;
2797+ else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
2798+ dir = 0;
2799+ else
2800+ {
2801+ printf("Invalid keyword: %s\n", ibuf);
2802+ err = 1;
2803+ }
2804+ break;
2805+ }
2806+ else if (dir == -1)
2807+ {
2808+ err = 1;
2809+ printf("Missing ENCRYPT/DECRYPT keyword\n");
2810+ break;
2811+ }
2812+ else
2813+ step = 2;
2814+
2815+ case 2: /* KEY = xxxx */
2816+ fputs(ibuf, rfp);
2817+ if(*ibuf == '\n')
2818+ break;
2819+ if(!strncasecmp(ibuf,"COUNT = ",8))
2820+ break;
2821+
2822+ if (strncasecmp(ibuf, "KEY = ", 6) != 0)
2823+ {
2824+ printf("Missing KEY\n");
2825+ err = 1;
2826+ }
2827+ else
2828+ {
2829+ len = hex2bin((char*)ibuf+6, aKey);
2830+ if (len < 0)
2831+ {
2832+ printf("Invalid KEY\n");
2833+ err =1;
2834+ break;
2835+ }
2836+ PrintValue("KEY", aKey, len);
2837+ if (strcmp(amode, "ECB") == 0)
2838+ {
2839+ memset(iVec, 0, sizeof(iVec));
2840+ step = (dir)? 4: 5; /* no ivec for ECB */
2841+ }
2842+ else
2843+ ++step;
2844+ }
2845+ break;
2846+
2847+ case 3: /* IV = xxxx */
2848+ fputs(ibuf, rfp);
2849+ if (strncasecmp(ibuf, "IV = ", 5) != 0)
2850+ {
2851+ printf("Missing IV\n");
2852+ err = 1;
2853+ }
2854+ else
2855+ {
2856+ len = hex2bin((char*)ibuf+5, iVec);
2857+ if (len < 0)
2858+ {
2859+ printf("Invalid IV\n");
2860+ err =1;
2861+ break;
2862+ }
2863+ PrintValue("IV", iVec, len);
2864+ step = (dir)? 4: 5;
2865+ }
2866+ break;
2867+
2868+ case 4: /* PLAINTEXT = xxxx */
2869+ fputs(ibuf, rfp);
2870+ if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
2871+ {
2872+ printf("Missing PLAINTEXT\n");
2873+ err = 1;
2874+ }
2875+ else
2876+ {
2877+ int nn = strlen(ibuf+12);
2878+ if(!strcmp(amode,"CFB1"))
2879+ len=bint2bin(ibuf+12,nn-1,plaintext);
2880+ else
2881+ len=hex2bin(ibuf+12, plaintext);
2882+ if (len < 0)
2883+ {
2884+ printf("Invalid PLAINTEXT: %s", ibuf+12);
2885+ err =1;
2886+ break;
2887+ }
2888+ if (len >= sizeof(plaintext))
2889+ {
2890+ printf("Buffer overflow\n");
2891+ }
2892+ PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
2893+ if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
2894+ {
2895+ if(do_mct(amode, akeysz, aKey, iVec,
2896+ dir, (unsigned char*)plaintext, len,
2897+ rfp) < 0)
2898+ EXIT(1);
2899+ }
2900+ else
2901+ {
2902+ ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
2903+ dir, /* 0 = decrypt, 1 = encrypt */
2904+ plaintext, ciphertext, len);
2905+ OutputValue("CIPHERTEXT",ciphertext,len,rfp,
2906+ !strcmp(amode,"CFB1"));
2907+ }
2908+ step = 6;
2909+ }
2910+ break;
2911+
2912+ case 5: /* CIPHERTEXT = xxxx */
2913+ fputs(ibuf, rfp);
2914+ if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
2915+ {
2916+ printf("Missing KEY\n");
2917+ err = 1;
2918+ }
2919+ else
2920+ {
2921+ if(!strcmp(amode,"CFB1"))
2922+ len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
2923+ else
2924+ len = hex2bin(ibuf+13,ciphertext);
2925+ if (len < 0)
2926+ {
2927+ printf("Invalid CIPHERTEXT\n");
2928+ err =1;
2929+ break;
2930+ }
2931+
2932+ PrintValue("CIPHERTEXT", ciphertext, len);
2933+ if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
2934+ {
2935+ do_mct(amode, akeysz, aKey, iVec,
2936+ dir, ciphertext, len, rfp);
2937+ }
2938+ else
2939+ {
2940+ ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
2941+ dir, /* 0 = decrypt, 1 = encrypt */
2942+ plaintext, ciphertext, len);
2943+ OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
2944+ !strcmp(amode,"CFB1"));
2945+ }
2946+ step = 6;
2947+ }
2948+ break;
2949+
2950+ case 6:
2951+ if (ibuf[0] != '\n')
2952+ {
2953+ err = 1;
2954+ printf("Missing terminator\n");
2955+ }
2956+ else if (strcmp(atest, "MCT") != 0)
2957+ { /* MCT already added terminating nl */
2958+ fputs(ibuf, rfp);
2959+ }
2960+ step = 1;
2961+ break;
2962+ }
2963+ }
2964+ if (rfp)
2965+ fclose(rfp);
2966+ if (afp)
2967+ fclose(afp);
2968+ return err;
2969+ }
2970+
2971+/*--------------------------------------------------
2972+ Processes either a single file or
2973+ a set of files whose names are passed in a file.
2974+ A single file is specified as:
2975+ aes_test -f xxx.req
2976+ A set of files is specified as:
2977+ aes_test -d xxxxx.xxx
2978+ The default is: -d req.txt
2979+--------------------------------------------------*/
2980+int main(int argc, char **argv)
2981+ {
2982+ char *rqlist = "req.txt", *rspfile = NULL;
2983+ FILE *fp = NULL;
2984+ char fn[250] = "", rfn[256] = "";
2985+ int f_opt = 0, d_opt = 1;
2986+
2987+#ifdef OPENSSL_FIPS
2988+ if(!FIPS_mode_set(1))
2989+ {
2990+ do_print_errors();
2991+ EXIT(1);
2992+ }
2993+#endif
2994+ if (argc > 1)
2995+ {
2996+ if (strcasecmp(argv[1], "-d") == 0)
2997+ {
2998+ d_opt = 1;
2999+ }
3000+ else if (strcasecmp(argv[1], "-f") == 0)
3001+ {
3002+ f_opt = 1;
3003+ d_opt = 0;
3004+ }
3005+ else
3006+ {
3007+ printf("Invalid parameter: %s\n", argv[1]);
3008+ return 0;
3009+ }
3010+ if (argc < 3)
3011+ {
3012+ printf("Missing parameter\n");
3013+ return 0;
3014+ }
3015+ if (d_opt)
3016+ rqlist = argv[2];
3017+ else
3018+ {
3019+ strcpy(fn, argv[2]);
3020+ rspfile = argv[3];
3021+ }
3022+ }
3023+ if (d_opt)
3024+ { /* list of files (directory) */
3025+ if (!(fp = fopen(rqlist, "r")))
3026+ {
3027+ printf("Cannot open req list file\n");
3028+ return -1;
3029+ }
3030+ while (fgets(fn, sizeof(fn), fp))
3031+ {
3032+ strtok(fn, "\r\n");
3033+ strcpy(rfn, fn);
3034+ if (VERBOSE)
3035+ printf("Processing: %s\n", rfn);
3036+ if (proc_file(rfn, rspfile))
3037+ {
3038+ printf(">>> Processing failed for: %s <<<\n", rfn);
3039+ EXIT(1);
3040+ }
3041+ }
3042+ fclose(fp);
3043+ }
3044+ else /* single file */
3045+ {
3046+ if (VERBOSE)
3047+ printf("Processing: %s\n", fn);
3048+ if (proc_file(fn, rspfile))
3049+ {
3050+ printf(">>> Processing failed for: %s <<<\n", fn);
3051+ }
3052+ }
3053+ EXIT(0);
3054+ return 0;
3055+ }
3056+
3057+#endif
37d333a7
MT		 3058diff -up openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c
3059--- openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c.fips 2013-02-19 12:47:33.732118731 +0100
3060+++ openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c 2013-02-19 12:47:33.732118731 +0100
0595faf5
MT		 3061@@ -0,0 +1,517 @@
3062+/* fips_cmactest.c */
3063+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3064+ * project 2005.
3065+ */
3066+/* ====================================================================
3067+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
3068+ *
3069+ * Redistribution and use in source and binary forms, with or without
3070+ * modification, are permitted provided that the following conditions
3071+ * are met:
3072+ *
3073+ * 1. Redistributions of source code must retain the above copyright
3074+ * notice, this list of conditions and the following disclaimer.
3075+ *
3076+ * 2. Redistributions in binary form must reproduce the above copyright
3077+ * notice, this list of conditions and the following disclaimer in
3078+ * the documentation and/or other materials provided with the
3079+ * distribution.
3080+ *
3081+ * 3. All advertising materials mentioning features or use of this
3082+ * software must display the following acknowledgment:
3083+ * "This product includes software developed by the OpenSSL Project
3084+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
3085+ *
3086+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
3087+ * endorse or promote products derived from this software without
3088+ * prior written permission. For written permission, please contact
3089+ * licensing@OpenSSL.org.
3090+ *
3091+ * 5. Products derived from this software may not be called "OpenSSL"
3092+ * nor may "OpenSSL" appear in their names without prior written
3093+ * permission of the OpenSSL Project.
3094+ *
3095+ * 6. Redistributions of any form whatsoever must retain the following
3096+ * acknowledgment:
3097+ * "This product includes software developed by the OpenSSL Project
3098+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
3099+ *
3100+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
3101+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3102+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
3103+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
3104+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
3105+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
3106+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
3107+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3108+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
3109+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
3110+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
3111+ * OF THE POSSIBILITY OF SUCH DAMAGE.
3112+ * ====================================================================
3113+ *
3114+ * This product includes cryptographic software written by Eric Young
3115+ * (eay@cryptsoft.com). This product includes software written by Tim
3116+ * Hudson (tjh@cryptsoft.com).
3117+ *
3118+ */
3119+
3120+#define OPENSSL_FIPSAPI
3121+
3122+#include <stdio.h>
3123+#include <ctype.h>
3124+#include <string.h>
3125+#include <openssl/bio.h>
3126+#include <openssl/evp.h>
3127+#include <openssl/cmac.h>
3128+#include <openssl/err.h>
3129+#include <openssl/bn.h>
3130+
3131+#ifndef OPENSSL_FIPS
3132+
3133+int main(int argc, char *argv[])
3134+{
3135+ printf("No FIPS CMAC support\n");
3136+ return(0);
3137+}
3138+
3139+#else
3140+
3141+#include <openssl/fips.h>
3142+#include "fips_utl.h"
3143+
3144+static int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
3145+ int mode, int Klen_counts_keys, int known_keylen);
3146+static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
3147+ unsigned char *Key, int Klen,
3148+ unsigned char *Msg, int Msglen,
3149+ int Tlen);
3150+static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
3151+ unsigned char *Key, int Klen,
3152+ unsigned char *Msg, int Msglen,
3153+ unsigned char *Mac, int Maclen,
3154+ int Tlen);
3155+
3156+#ifdef FIPS_ALGVS
3157+int fips_cmactest_main(int argc, char **argv)
3158+#else
3159+int main(int argc, char **argv)
3160+#endif
3161+ {
3162+ FILE *in = NULL, *out = NULL;
3163+ int mode = 0; /* 0 => Generate, 1 => Verify */
3164+ int Klen_counts_keys = 0; /* 0 => Klen is size of one key
3165+ 1 => Klen is amount of keys
3166+ */
3167+ int known_keylen = 0; /* Only set when Klen_counts_keys = 1 */
3168+ const EVP_CIPHER *cipher = 0;
3169+ int ret = 1;
3170+ fips_algtest_init();
3171+
3172+ while (argc > 1 && argv[1][0] == '-')
3173+ {
3174+ switch (argv[1][1])
3175+ {
3176+ case 'a':
3177+ {
3178+ char *p = &argv[1][2];
3179+ if (*p == '\0')
3180+ {
3181+ if (argc <= 2)
3182+ {
3183+ fprintf(stderr, "Option %s needs a value\n", argv[1]);
3184+ goto end;
3185+ }
3186+ argv++;
3187+ argc--;
3188+ p = &argv[1][0];
3189+ }
3190+ if (!strcmp(p, "aes128"))
3191+ cipher = EVP_aes_128_cbc();
3192+ else if (!strcmp(p, "aes192"))
3193+ cipher = EVP_aes_192_cbc();
3194+ else if (!strcmp(p, "aes256"))
3195+ cipher = EVP_aes_256_cbc();
3196+ else if (!strcmp(p, "tdea3") || !strcmp(p, "tdes3"))
3197+ {
3198+ cipher = EVP_des_ede3_cbc();
3199+ Klen_counts_keys = 1;
3200+ known_keylen = 8;
3201+ }
3202+ else
3203+ {
3204+ fprintf(stderr, "Unknown algorithm %s\n", p);
3205+ goto end;
3206+ }
3207+ }
3208+ break;
3209+ case 'g':
3210+ mode = 0;
3211+ break;
3212+ case 'v':
3213+ mode = 1;
3214+ break;
3215+ default:
3216+ fprintf(stderr, "Unknown option %s\n", argv[1]);
3217+ goto end;
3218+ }
3219+ argv++;
3220+ argc--;
3221+ }
3222+ if (argc == 1)
3223+ in = stdin;
3224+ else
3225+ in = fopen(argv[1], "r");
3226+
3227+ if (argc < 2)
3228+ out = stdout;
3229+ else
3230+ out = fopen(argv[2], "w");
3231+
3232+ if (!in)
3233+ {
3234+ fprintf(stderr, "FATAL input initialization error\n");
3235+ goto end;
3236+ }
3237+
3238+ if (!out)
3239+ {
3240+ fprintf(stderr, "FATAL output initialization error\n");
3241+ goto end;
3242+ }
3243+
3244+ if (!cmac_test(cipher, out, in, mode,
3245+ Klen_counts_keys, known_keylen))
3246+ {
3247+ fprintf(stderr, "FATAL cmac file processing error\n");
3248+ goto end;
3249+ }
3250+ else
3251+ ret = 0;
3252+
3253+ end:
3254+
3255+ if (in && (in != stdin))
3256+ fclose(in);
3257+ if (out && (out != stdout))
3258+ fclose(out);
3259+
3260+ return ret;
3261+
3262+ }
3263+
3264+#define CMAC_TEST_MAXLINELEN 150000
3265+
3266+int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
3267+ int mode, int Klen_counts_keys, int known_keylen)
3268+ {
3269+ char *linebuf, *olinebuf, *p, *q;
3270+ char *keyword, *value;
3271+ unsigned char **Keys = NULL, *Msg = NULL, *Mac = NULL;
3272+ unsigned char *Key = NULL;
3273+ int Count, Klen, Mlen, Tlen;
3274+ long Keylen, Msglen, Maclen;
3275+ int ret = 0;
3276+ int lnum = 0;
3277+
3278+ olinebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
3279+ linebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
3280+
3281+ if (!linebuf || !olinebuf)
3282+ goto error;
3283+
3284+ Count = -1;
3285+ Klen = -1;
3286+ Mlen = -1;
3287+ Tlen = -1;
3288+
3289+ while (fgets(olinebuf, CMAC_TEST_MAXLINELEN, in))
3290+ {
3291+ lnum++;
3292+ strcpy(linebuf, olinebuf);
3293+ keyword = linebuf;
3294+ /* Skip leading space */
3295+ while (isspace((unsigned char)*keyword))
3296+ keyword++;
3297+
3298+ /* Skip comments */
3299+ if (keyword[0] == '#')
3300+ {
3301+ if (fputs(olinebuf, out) < 0)
3302+ goto error;
3303+ continue;
3304+ }
3305+
3306+ /* Look for = sign */
3307+ p = strchr(linebuf, '=');
3308+
3309+ /* If no = or starts with [ (for [L=20] line) just copy */
3310+ if (!p)
3311+ {
3312+ if (fputs(olinebuf, out) < 0)
3313+ goto error;
3314+ continue;
3315+ }
3316+
3317+ q = p - 1;
3318+
3319+ /* Remove trailing space */
3320+ while (isspace((unsigned char)*q))
3321+ *q-- = 0;
3322+
3323+ *p = 0;
3324+ value = p + 1;
3325+
3326+ /* Remove leading space from value */
3327+ while (isspace((unsigned char)*value))
3328+ value++;
3329+
3330+ /* Remove trailing space from value */
3331+ p = value + strlen(value) - 1;
3332+
3333+ while (*p == '\n' || isspace((unsigned char)*p))
3334+ *p-- = 0;
3335+
3336+ if (!strcmp(keyword, "Count"))
3337+ {
3338+ if (Count != -1)
3339+ goto parse_error;
3340+ Count = atoi(value);
3341+ if (Count < 0)
3342+ goto parse_error;
3343+ }
3344+ else if (!strcmp(keyword, "Klen"))
3345+ {
3346+ if (Klen != -1)
3347+ goto parse_error;
3348+ Klen = atoi(value);
3349+ if (Klen < 0)
3350+ goto parse_error;
3351+ if (Klen_counts_keys)
3352+ {
3353+ Keys = OPENSSL_malloc(sizeof(*Keys) * Klen);
3354+ memset(Keys, '\0', sizeof(*Keys) * Klen);
3355+ }
3356+ else
3357+ {
3358+ Keys = OPENSSL_malloc(sizeof(*Keys));
3359+ memset(Keys, '\0', sizeof(*Keys));
3360+ }
3361+ }
3362+ else if (!strcmp(keyword, "Mlen"))
3363+ {
3364+ if (Mlen != -1)
3365+ goto parse_error;
3366+ Mlen = atoi(value);
3367+ if (Mlen < 0)
3368+ goto parse_error;
3369+ }
3370+ else if (!strcmp(keyword, "Tlen"))
3371+ {
3372+ if (Tlen != -1)
3373+ goto parse_error;
3374+ Tlen = atoi(value);
3375+ if (Tlen < 0)
3376+ goto parse_error;
3377+ }
3378+ else if (!strcmp(keyword, "Key") && !Klen_counts_keys)
3379+ {
3380+ if (Keys[0])
3381+ goto parse_error;
3382+ Keys[0] = hex2bin_m(value, &Keylen);
3383+ if (!Keys[0])
3384+ goto parse_error;
3385+ }
3386+ else if (!strncmp(keyword, "Key", 3) && Klen_counts_keys)
3387+ {
3388+ int keynum = atoi(keyword + 3);
3389+ if (!keynum || keynum > Klen || Keys[keynum-1])
3390+ goto parse_error;
3391+ Keys[keynum-1] = hex2bin_m(value, &Keylen);
3392+ if (!Keys[keynum-1])
3393+ goto parse_error;
3394+ }
3395+ else if (!strcmp(keyword, "Msg"))
3396+ {
3397+ if (Msg)
3398+ goto parse_error;
3399+ Msg = hex2bin_m(value, &Msglen);
3400+ if (!Msg)
3401+ goto parse_error;
3402+ }
3403+ else if (!strcmp(keyword, "Mac"))
3404+ {
3405+ if (mode == 0)
3406+ continue;
3407+ if (Mac)
3408+ goto parse_error;
3409+ Mac = hex2bin_m(value, &Maclen);
3410+ if (!Mac)
3411+ goto parse_error;
3412+ }
3413+ else if (!strcmp(keyword, "Result"))
3414+ {
3415+ if (mode == 1)
3416+ continue;
3417+ goto parse_error;
3418+ }
3419+ else
3420+ goto parse_error;
3421+
3422+ fputs(olinebuf, out);
3423+
3424+ if (Keys && Msg && (!mode || Mac) && (Tlen > 0) && (Klen > 0))
3425+ {
3426+ if (Klen_counts_keys)
3427+ {
3428+ int x;
3429+ Key = OPENSSL_malloc(Klen * known_keylen);
3430+ for (x = 0; x < Klen; x++)
3431+ {
3432+ memcpy(Key + x * known_keylen,
3433+ Keys[x], known_keylen);
3434+ OPENSSL_free(Keys[x]);
3435+ }
3436+ Klen *= known_keylen;
3437+ }
3438+ else
3439+ {
3440+ Key = OPENSSL_malloc(Klen);
3441+ memcpy(Key, Keys[0], Klen);
3442+ OPENSSL_free(Keys[0]);
3443+ }
3444+ OPENSSL_free(Keys);
3445+
3446+ switch(mode)
3447+ {
3448+ case 0:
3449+ if (!print_cmac_gen(cipher, out,
3450+ Key, Klen,
3451+ Msg, Mlen,
3452+ Tlen))
3453+ goto error;
3454+ break;
3455+ case 1:
3456+ if (!print_cmac_ver(cipher, out,
3457+ Key, Klen,
3458+ Msg, Mlen,
3459+ Mac, Maclen,
3460+ Tlen))
3461+ goto error;
3462+ break;
3463+ }
3464+
3465+ OPENSSL_free(Key);
3466+ Key = NULL;
3467+ OPENSSL_free(Msg);
3468+ Msg = NULL;
3469+ OPENSSL_free(Mac);
3470+ Mac = NULL;
3471+ Klen = -1;
3472+ Mlen = -1;
3473+ Tlen = -1;
3474+ Count = -1;
3475+ }
3476+ }
3477+
3478+
3479+ ret = 1;
3480+
3481+
3482+ error:
3483+
3484+ if (olinebuf)
3485+ OPENSSL_free(olinebuf);
3486+ if (linebuf)
3487+ OPENSSL_free(linebuf);
3488+ if (Key)
3489+ OPENSSL_free(Key);
3490+ if (Msg)
3491+ OPENSSL_free(Msg);
3492+ if (Mac)
3493+ OPENSSL_free(Mac);
3494+
3495+ return ret;
3496+
3497+ parse_error:
3498+
3499+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
3500+
3501+ goto error;
3502+
3503+ }
3504+
3505+static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
3506+ unsigned char *Key, int Klen,
3507+ unsigned char *Msg, int Mlen,
3508+ int Tlen)
3509+ {
3510+ int rc, i;
3511+ size_t reslen;
3512+ unsigned char res[128];
3513+ CMAC_CTX *cmac_ctx = CMAC_CTX_new();
3514+
3515+ CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
3516+ CMAC_Update(cmac_ctx, Msg, Mlen);
3517+ if (!CMAC_Final(cmac_ctx, res, &reslen))
3518+ {
3519+ fputs("Error calculating CMAC\n", stderr);
3520+ rc = 0;
3521+ }
3522+ else if (Tlen > (int)reslen)
3523+ {
3524+ fputs("Parameter error, Tlen > CMAC length\n", stderr);
3525+ rc = 0;
3526+ }
3527+ else
3528+ {
3529+ fputs("Mac = ", out);
3530+ for (i = 0; i < Tlen; i++)
3531+ fprintf(out, "%02x", res[i]);
3532+ fputs(RESP_EOL, out);
3533+ rc = 1;
3534+ }
3535+ CMAC_CTX_free(cmac_ctx);
3536+ return rc;
3537+ }
3538+
3539+static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
3540+ unsigned char *Key, int Klen,
3541+ unsigned char *Msg, int Mlen,
3542+ unsigned char *Mac, int Maclen,
3543+ int Tlen)
3544+ {
3545+ int rc = 1;
3546+ size_t reslen;
3547+ unsigned char res[128];
3548+ CMAC_CTX *cmac_ctx = CMAC_CTX_new();
3549+
3550+ CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
3551+ CMAC_Update(cmac_ctx, Msg, Mlen);
3552+ if (!CMAC_Final(cmac_ctx, res, &reslen))
3553+ {
3554+ fputs("Error calculating CMAC\n", stderr);
3555+ rc = 0;
3556+ }
3557+ else if (Tlen > (int)reslen)
3558+ {
3559+ fputs("Parameter error, Tlen > CMAC length\n", stderr);
3560+ rc = 0;
3561+ }
3562+ else if (Tlen != Maclen)
3563+ {
3564+ fputs("Parameter error, Tlen != resulting Mac length\n", stderr);
3565+ rc = 0;
3566+ }
3567+ else
3568+ {
3569+ if (!memcmp(Mac, res, Maclen))
3570+ fputs("Result = P" RESP_EOL, out);
3571+ else
3572+ fputs("Result = F" RESP_EOL, out);
3573+ }
3574+ CMAC_CTX_free(cmac_ctx);
3575+ return rc;
3576+ }
3577+
3578+#endif
37d333a7
MT		 3579diff -up openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c
3580--- openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c.fips 2013-02-19 12:47:33.733118752 +0100
3581+++ openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c 2013-02-19 12:47:33.733118752 +0100
0595faf5
MT		 3582@@ -0,0 +1,702 @@
3583+/* ====================================================================
3584+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
3585+ *
3586+ * Redistribution and use in source and binary forms, with or without
3587+ * modification, are permitted provided that the following conditions
3588+ * are met:
3589+ *
3590+ * 1. Redistributions of source code must retain the above copyright
3591+ * notice, this list of conditions and the following disclaimer.
3592+ *
3593+ * 2. Redistributions in binary form must reproduce the above copyright
3594+ * notice, this list of conditions and the following disclaimer in
3595+ * the documentation and/or other materials provided with the
3596+ * distribution.
3597+ *
3598+ * 3. All advertising materials mentioning features or use of this
3599+ * software must display the following acknowledgment:
3600+ * "This product includes software developed by the OpenSSL Project
3601+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
3602+ *
3603+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
3604+ * endorse or promote products derived from this software without
3605+ * prior written permission. For written permission, please contact
3606+ * openssl-core@openssl.org.
3607+ *
3608+ * 5. Products derived from this software may not be called "OpenSSL"
3609+ * nor may "OpenSSL" appear in their names without prior written
3610+ * permission of the OpenSSL Project.
3611+ *
3612+ * 6. Redistributions of any form whatsoever must retain the following
3613+ * acknowledgment:
3614+ * "This product includes software developed by the OpenSSL Project
3615+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
3616+ *
3617+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
3618+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3619+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
3620+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
3621+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
3622+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
3623+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
3624+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3625+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
3626+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
3627+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
3628+ * OF THE POSSIBILITY OF SUCH DAMAGE.
3629+ *
3630+ */
3631+/*---------------------------------------------
3632+ NIST DES Modes of Operation Validation System
3633+ Test Program
3634+
3635+ Based on the AES Validation Suite, which was:
3636+ Donated to OpenSSL by:
3637+ V-ONE Corporation
3638+ 20250 Century Blvd, Suite 300
3639+ Germantown, MD 20874
3640+ U.S.A.
3641+ ----------------------------------------------*/
3642+
3643+#include <stdio.h>
3644+#include <stdlib.h>
3645+#include <string.h>
3646+#include <errno.h>
3647+#include <assert.h>
3648+#include <ctype.h>
3649+#include <openssl/des.h>
3650+#include <openssl/evp.h>
3651+#include <openssl/bn.h>
3652+
3653+#include <openssl/err.h>
3654+#include "e_os.h"
3655+
3656+#ifndef OPENSSL_FIPS
3657+
3658+int main(int argc, char *argv[])
3659+{
3660+ printf("No FIPS DES support\n");
3661+ return(0);
3662+}
3663+
3664+#else
3665+
3666+#include <openssl/fips.h>
3667+#include "fips_utl.h"
3668+
3669+#define DES_BLOCK_SIZE 8
3670+
3671+#define VERBOSE 0
3672+
3673+int DESTest(EVP_CIPHER_CTX *ctx,
3674+ char *amode, int akeysz, unsigned char *aKey,
3675+ unsigned char *iVec,
3676+ int dir, /* 0 = decrypt, 1 = encrypt */
3677+ unsigned char *out, unsigned char *in, int len)
3678+ {
3679+ const EVP_CIPHER *cipher = NULL;
3680+
3681+ if (akeysz != 192)
3682+ {
3683+ printf("Invalid key size: %d\n", akeysz);
3684+ EXIT(1);
3685+ }
3686+
3687+ if (strcasecmp(amode, "CBC") == 0)
3688+ cipher = EVP_des_ede3_cbc();
3689+ else if (strcasecmp(amode, "ECB") == 0)
3690+ cipher = EVP_des_ede3_ecb();
3691+ else if (strcasecmp(amode, "CFB64") == 0)
3692+ cipher = EVP_des_ede3_cfb64();
3693+ else if (strncasecmp(amode, "OFB", 3) == 0)
3694+ cipher = EVP_des_ede3_ofb();
3695+ else if(!strcasecmp(amode,"CFB8"))
3696+ cipher = EVP_des_ede3_cfb8();
3697+ else if(!strcasecmp(amode,"CFB1"))
3698+ cipher = EVP_des_ede3_cfb1();
3699+ else
3700+ {
3701+ printf("Unknown mode: %s\n", amode);
3702+ EXIT(1);
3703+ }
3704+
3705+ if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
3706+ return 0;
3707+ if(!strcasecmp(amode,"CFB1"))
3708+ M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
3709+ EVP_Cipher(ctx, out, in, len);
3710+
3711+ return 1;
3712+ }
3713+
3714+void DebugValue(char *tag, unsigned char *val, int len)
3715+ {
3716+ char obuf[2048];
3717+ int olen;
3718+ olen = bin2hex(val, len, obuf);
3719+ printf("%s = %.*s\n", tag, olen, obuf);
3720+ }
3721+
3722+void shiftin(unsigned char *dst,unsigned char *src,int nbits)
3723+ {
3724+ int n;
3725+
3726+ /* move the bytes... */
3727+ memmove(dst,dst+nbits/8,3*8-nbits/8);
3728+ /* append new data */
3729+ memcpy(dst+3*8-nbits/8,src,(nbits+7)/8);
3730+ /* left shift the bits */
3731+ if(nbits%8)
3732+ for(n=0 ; n < 3*8 ; ++n)
3733+ dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8));
3734+ }
3735+
3736+/*-----------------------------------------------*/
3737+char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
3738+char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
3739+enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB64};
3740+int Sizes[6]={64,64,64,1,8,64};
3741+
3742+void do_mct(char *amode,
3743+ int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec,
3744+ int dir, unsigned char *text, int len,
3745+ FILE *rfp)
3746+ {
3747+ int i,imode;
3748+ unsigned char nk[4*8]; /* longest key+8 */
3749+ unsigned char text0[8];
3750+
3751+ for (imode=0 ; imode < 6 ; ++imode)
3752+ if(!strcmp(amode,t_mode[imode]))
3753+ break;
3754+ if (imode == 6)
3755+ {
3756+ printf("Unrecognized mode: %s\n", amode);
3757+ EXIT(1);
3758+ }
3759+
3760+ for(i=0 ; i < 400 ; ++i)
3761+ {
3762+ int j;
3763+ int n;
3764+ int kp=akeysz/64;
3765+ unsigned char old_iv[8];
3766+ EVP_CIPHER_CTX ctx;
3767+ EVP_CIPHER_CTX_init(&ctx);
3768+
3769+ fprintf(rfp,"\nCOUNT = %d\n",i);
3770+ if(kp == 1)
3771+ OutputValue("KEY",akey,8,rfp,0);
3772+ else
3773+ for(n=0 ; n < kp ; ++n)
3774+ {
3775+ fprintf(rfp,"KEY%d",n+1);
3776+ OutputValue("",akey+n*8,8,rfp,0);
3777+ }
3778+
3779+ if(imode != ECB)
3780+ OutputValue("IV",ivec,8,rfp,0);
3781+ OutputValue(t_tag[dir^1],text,len,rfp,imode == CFB1);
3782+#if 0
3783+ /* compensate for endianness */
3784+ if(imode == CFB1)
3785+ text[0]<<=7;
3786+#endif
3787+ memcpy(text0,text,8);
3788+
3789+ for(j=0 ; j < 10000 ; ++j)
3790+ {
3791+ unsigned char old_text[8];
3792+
3793+ memcpy(old_text,text,8);
3794+ if(j == 0)
3795+ {
3796+ memcpy(old_iv,ivec,8);
3797+ DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len);
3798+ }
3799+ else
3800+ {
3801+ memcpy(old_iv,ctx.iv,8);
3802+ EVP_Cipher(&ctx,text,text,len);
3803+ }
3804+ if(j == 9999)
3805+ {
3806+ OutputValue(t_tag[dir],text,len,rfp,imode == CFB1);
3807+ /* memcpy(ivec,text,8); */
3808+ }
3809+ /* DebugValue("iv",ctx.iv,8); */
3810+ /* accumulate material for the next key */
3811+ shiftin(nk,text,Sizes[imode]);
3812+ /* DebugValue("nk",nk,24);*/
3813+ if((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64
3814+ || imode == CBC)) || imode == OFB)
3815+ memcpy(text,old_iv,8);
3816+
3817+ if(!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64))
3818+ {
3819+ /* the test specifies using the output of the raw DES operation
3820+ which we don't have, so reconstruct it... */
3821+ for(n=0 ; n < 8 ; ++n)
3822+ text[n]^=old_text[n];
3823+ }
3824+ }
3825+ for(n=0 ; n < 8 ; ++n)
3826+ akey[n]^=nk[16+n];
3827+ for(n=0 ; n < 8 ; ++n)
3828+ akey[8+n]^=nk[8+n];
3829+ for(n=0 ; n < 8 ; ++n)
3830+ akey[16+n]^=nk[n];
3831+ if(numkeys < 3)
3832+ memcpy(&akey[2*8],akey,8);
3833+ if(numkeys < 2)
3834+ memcpy(&akey[8],akey,8);
3835+ DES_set_odd_parity((DES_cblock *)akey);
3836+ DES_set_odd_parity((DES_cblock *)(akey+8));
3837+ DES_set_odd_parity((DES_cblock *)(akey+16));
3838+ memcpy(ivec,ctx.iv,8);
3839+
3840+ /* pointless exercise - the final text doesn't depend on the
3841+ initial text in OFB mode, so who cares what it is? (Who
3842+ designed these tests?) */
3843+ if(imode == OFB)
3844+ for(n=0 ; n < 8 ; ++n)
3845+ text[n]=text0[n]^old_iv[n];
3846+ }
3847+ }
3848+
3849+int proc_file(char *rqfile, char *rspfile)
3850+ {
3851+ char afn[256], rfn[256];
3852+ FILE *afp = NULL, *rfp = NULL;
3853+ char ibuf[2048], tbuf[2048];
3854+ int ilen, len, ret = 0;
3855+ char amode[8] = "";
3856+ char atest[100] = "";
3857+ int akeysz=0;
3858+ unsigned char iVec[20], aKey[40];
3859+ int dir = -1, err = 0, step = 0;
3860+ unsigned char plaintext[2048];
3861+ unsigned char ciphertext[2048];
3862+ char *rp;
3863+ EVP_CIPHER_CTX ctx;
3864+ int numkeys=1;
3865+ EVP_CIPHER_CTX_init(&ctx);
3866+
3867+ if (!rqfile || !(*rqfile))
3868+ {
3869+ printf("No req file\n");
3870+ return -1;
3871+ }
3872+ strcpy(afn, rqfile);
3873+
3874+ if ((afp = fopen(afn, "r")) == NULL)
3875+ {
3876+ printf("Cannot open file: %s, %s\n",
3877+ afn, strerror(errno));
3878+ return -1;
3879+ }
3880+ if (!rspfile)
3881+ {
3882+ strcpy(rfn,afn);
3883+ rp=strstr(rfn,"req/");
3884+#ifdef OPENSSL_SYS_WIN32
3885+ if (!rp)
3886+ rp=strstr(rfn,"req\\");
3887+#endif
3888+ assert(rp);
3889+ memcpy(rp,"rsp",3);
3890+ rp = strstr(rfn, ".req");
3891+ memcpy(rp, ".rsp", 4);
3892+ rspfile = rfn;
3893+ }
3894+ if ((rfp = fopen(rspfile, "w")) == NULL)
3895+ {
3896+ printf("Cannot open file: %s, %s\n",
3897+ rfn, strerror(errno));
3898+ fclose(afp);
3899+ afp = NULL;
3900+ return -1;
3901+ }
3902+ while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
3903+ {
3904+ tidy_line(tbuf, ibuf);
3905+ ilen = strlen(ibuf);
3906+ /* printf("step=%d ibuf=%s",step,ibuf);*/
3907+ if(step == 3 && !strcmp(amode,"ECB"))
3908+ {
3909+ memset(iVec, 0, sizeof(iVec));
3910+ step = (dir)? 4: 5; /* no ivec for ECB */
3911+ }
3912+ switch (step)
3913+ {
3914+ case 0: /* read preamble */
3915+ if (ibuf[0] == '\n')
3916+ { /* end of preamble */
3917+ if (*amode == '\0')
3918+ {
3919+ printf("Missing Mode\n");
3920+ err = 1;
3921+ }
3922+ else
3923+ {
3924+ fputs(ibuf, rfp);
3925+ ++ step;
3926+ }
3927+ }
3928+ else if (ibuf[0] != '#')
3929+ {
3930+ printf("Invalid preamble item: %s\n", ibuf);
3931+ err = 1;
3932+ }
3933+ else
3934+ { /* process preamble */
3935+ char *xp, *pp = ibuf+2;
3936+ int n;
3937+ if(*amode)
3938+ { /* insert current time & date */
3939+ time_t rtim = time(0);
3940+ fprintf(rfp, "# %s", ctime(&rtim));
3941+ }
3942+ else
3943+ {
3944+ fputs(ibuf, rfp);
3945+ if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4)
3946+ || !strncmp(pp,"TDES ",5)
3947+ || !strncmp(pp,"PERMUTATION ",12)
3948+ || !strncmp(pp,"SUBSTITUTION ",13)
3949+ || !strncmp(pp,"VARIABLE ",9))
3950+ {
3951+ /* get test type */
3952+ if(!strncmp(pp,"DES ",4))
3953+ pp+=4;
3954+ else if(!strncmp(pp,"TDES ",5))
3955+ pp+=5;
3956+ xp = strchr(pp, ' ');
3957+ n = xp-pp;
3958+ strncpy(atest, pp, n);
3959+ atest[n] = '\0';
3960+ /* get mode */
3961+ xp = strrchr(pp, ' '); /* get mode" */
3962+ n = strlen(xp+1)-1;
3963+ strncpy(amode, xp+1, n);
3964+ amode[n] = '\0';
3965+ /* amode[3] = '\0'; */
3966+ if (VERBOSE)
3967+ printf("Test=%s, Mode=%s\n",atest,amode);
3968+ }
3969+ }
3970+ }
3971+ break;
3972+
3973+ case 1: /* [ENCRYPT] | [DECRYPT] */
3974+ if(ibuf[0] == '\n')
3975+ break;
3976+ if (ibuf[0] == '[')
3977+ {
3978+ fputs(ibuf, rfp);
3979+ ++step;
3980+ if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
3981+ dir = 1;
3982+ else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
3983+ dir = 0;
3984+ else
3985+ {
3986+ printf("Invalid keyword: %s\n", ibuf);
3987+ err = 1;
3988+ }
3989+ break;
3990+ }
3991+ else if (dir == -1)
3992+ {
3993+ err = 1;
3994+ printf("Missing ENCRYPT/DECRYPT keyword\n");
3995+ break;
3996+ }
3997+ else
3998+ step = 2;
3999+
4000+ case 2: /* KEY = xxxx */
4001+ if(*ibuf == '\n')
4002+ {
4003+ fputs(ibuf, rfp);
4004+ break;
4005+ }
4006+ if(!strncasecmp(ibuf,"COUNT = ",8))
4007+ {
4008+ fputs(ibuf, rfp);
4009+ break;
4010+ }
4011+ if(!strncasecmp(ibuf,"COUNT=",6))
4012+ {
4013+ fputs(ibuf, rfp);
4014+ break;
4015+ }
4016+ if(!strncasecmp(ibuf,"NumKeys = ",10))
4017+ {
4018+ numkeys=atoi(ibuf+10);
4019+ break;
4020+ }
4021+
4022+ fputs(ibuf, rfp);
4023+ if(!strncasecmp(ibuf,"KEY = ",6))
4024+ {
4025+ akeysz=64;
4026+ len = hex2bin((char*)ibuf+6, aKey);
4027+ if (len < 0)
4028+ {
4029+ printf("Invalid KEY\n");
4030+ err=1;
4031+ break;
4032+ }
4033+ PrintValue("KEY", aKey, len);
4034+ ++step;
4035+ }
4036+ else if(!strncasecmp(ibuf,"KEYs = ",7))
4037+ {
4038+ akeysz=64*3;
4039+ len=hex2bin(ibuf+7,aKey);
4040+ if(len != 8)
4041+ {
4042+ printf("Invalid KEY\n");
4043+ err=1;
4044+ break;
4045+ }
4046+ memcpy(aKey+8,aKey,8);
4047+ memcpy(aKey+16,aKey,8);
4048+ ibuf[4]='\0';
4049+ PrintValue("KEYs",aKey,len);
4050+ ++step;
4051+ }
4052+ else if(!strncasecmp(ibuf,"KEY",3))
4053+ {
4054+ int n=ibuf[3]-'1';
4055+
4056+ akeysz=64*3;
4057+ len=hex2bin(ibuf+7,aKey+n*8);
4058+ if(len != 8)
4059+ {
4060+ printf("Invalid KEY\n");
4061+ err=1;
4062+ break;
4063+ }
4064+ ibuf[4]='\0';
4065+ PrintValue(ibuf,aKey,len);
4066+ if(n == 2)
4067+ ++step;
4068+ }
4069+ else
4070+ {
4071+ printf("Missing KEY\n");
4072+ err = 1;
4073+ }
4074+ break;
4075+
4076+ case 3: /* IV = xxxx */
4077+ fputs(ibuf, rfp);
4078+ if (strncasecmp(ibuf, "IV = ", 5) != 0)
4079+ {
4080+ printf("Missing IV\n");
4081+ err = 1;
4082+ }
4083+ else
4084+ {
4085+ len = hex2bin((char*)ibuf+5, iVec);
4086+ if (len < 0)
4087+ {
4088+ printf("Invalid IV\n");
4089+ err =1;
4090+ break;
4091+ }
4092+ PrintValue("IV", iVec, len);
4093+ step = (dir)? 4: 5;
4094+ }
4095+ break;
4096+
4097+ case 4: /* PLAINTEXT = xxxx */
4098+ fputs(ibuf, rfp);
4099+ if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
4100+ {
4101+ printf("Missing PLAINTEXT\n");
4102+ err = 1;
4103+ }
4104+ else
4105+ {
4106+ int nn = strlen(ibuf+12);
4107+ if(!strcmp(amode,"CFB1"))
4108+ len=bint2bin(ibuf+12,nn-1,plaintext);
4109+ else
4110+ len=hex2bin(ibuf+12, plaintext);
4111+ if (len < 0)
4112+ {
4113+ printf("Invalid PLAINTEXT: %s", ibuf+12);
4114+ err =1;
4115+ break;
4116+ }
4117+ if (len >= sizeof(plaintext))
4118+ {
4119+ printf("Buffer overflow\n");
4120+ }
4121+ PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
4122+ if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
4123+ {
4124+ do_mct(amode,akeysz,numkeys,aKey,iVec,dir,plaintext,len,rfp);
4125+ }
4126+ else
4127+ {
4128+ assert(dir == 1);
4129+ ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
4130+ dir, /* 0 = decrypt, 1 = encrypt */
4131+ ciphertext, plaintext, len);
4132+ OutputValue("CIPHERTEXT",ciphertext,len,rfp,
4133+ !strcmp(amode,"CFB1"));
4134+ }
4135+ step = 6;
4136+ }
4137+ break;
4138+
4139+ case 5: /* CIPHERTEXT = xxxx */
4140+ fputs(ibuf, rfp);
4141+ if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
4142+ {
4143+ printf("Missing KEY\n");
4144+ err = 1;
4145+ }
4146+ else
4147+ {
4148+ if(!strcmp(amode,"CFB1"))
4149+ len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
4150+ else
4151+ len = hex2bin(ibuf+13,ciphertext);
4152+ if (len < 0)
4153+ {
4154+ printf("Invalid CIPHERTEXT\n");
4155+ err =1;
4156+ break;
4157+ }
4158+
4159+ PrintValue("CIPHERTEXT", ciphertext, len);
4160+ if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
4161+ {
4162+ do_mct(amode, akeysz, numkeys, aKey, iVec,
4163+ dir, ciphertext, len, rfp);
4164+ }
4165+ else
4166+ {
4167+ assert(dir == 0);
4168+ ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
4169+ dir, /* 0 = decrypt, 1 = encrypt */
4170+ plaintext, ciphertext, len);
4171+ OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
4172+ !strcmp(amode,"CFB1"));
4173+ }
4174+ step = 6;
4175+ }
4176+ break;
4177+
4178+ case 6:
4179+ if (ibuf[0] != '\n')
4180+ {
4181+ err = 1;
4182+ printf("Missing terminator\n");
4183+ }
4184+ else if (strcmp(atest, "MCT") != 0)
4185+ { /* MCT already added terminating nl */
4186+ fputs(ibuf, rfp);
4187+ }
4188+ step = 1;
4189+ break;
4190+ }
4191+ }
4192+ if (rfp)
4193+ fclose(rfp);
4194+ if (afp)
4195+ fclose(afp);
4196+ return err;
4197+ }
4198+
4199+/*--------------------------------------------------
4200+ Processes either a single file or
4201+ a set of files whose names are passed in a file.
4202+ A single file is specified as:
4203+ aes_test -f xxx.req
4204+ A set of files is specified as:
4205+ aes_test -d xxxxx.xxx
4206+ The default is: -d req.txt
4207+--------------------------------------------------*/
4208+int main(int argc, char **argv)
4209+ {
4210+ char *rqlist = "req.txt", *rspfile = NULL;
4211+ FILE *fp = NULL;
4212+ char fn[250] = "", rfn[256] = "";
4213+ int f_opt = 0, d_opt = 1;
4214+
4215+#ifdef OPENSSL_FIPS
4216+ if(!FIPS_mode_set(1))
4217+ {
4218+ do_print_errors();
4219+ EXIT(1);
4220+ }
4221+#endif
4222+ if (argc > 1)
4223+ {
4224+ if (strcasecmp(argv[1], "-d") == 0)
4225+ {
4226+ d_opt = 1;
4227+ }
4228+ else if (strcasecmp(argv[1], "-f") == 0)
4229+ {
4230+ f_opt = 1;
4231+ d_opt = 0;
4232+ }
4233+ else
4234+ {
4235+ printf("Invalid parameter: %s\n", argv[1]);
4236+ return 0;
4237+ }
4238+ if (argc < 3)
4239+ {
4240+ printf("Missing parameter\n");
4241+ return 0;
4242+ }
4243+ if (d_opt)
4244+ rqlist = argv[2];
4245+ else
4246+ {
4247+ strcpy(fn, argv[2]);
4248+ rspfile = argv[3];
4249+ }
4250+ }
4251+ if (d_opt)
4252+ { /* list of files (directory) */
4253+ if (!(fp = fopen(rqlist, "r")))
4254+ {
4255+ printf("Cannot open req list file\n");
4256+ return -1;
4257+ }
4258+ while (fgets(fn, sizeof(fn), fp))
4259+ {
4260+ strtok(fn, "\r\n");
4261+ strcpy(rfn, fn);
4262+ printf("Processing: %s\n", rfn);
4263+ if (proc_file(rfn, rspfile))
4264+ {
4265+ printf(">>> Processing failed for: %s <<<\n", rfn);
4266+ EXIT(1);
4267+ }
4268+ }
4269+ fclose(fp);
4270+ }
4271+ else /* single file */
4272+ {
4273+ if (VERBOSE)
4274+ printf("Processing: %s\n", fn);
4275+ if (proc_file(fn, rspfile))
4276+ {
4277+ printf(">>> Processing failed for: %s <<<\n", fn);
4278+ }
4279+ }
4280+ EXIT(0);
4281+ return 0;
4282+ }
4283+
4284+#endif
37d333a7
MT		 4285diff -up openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c
4286--- openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c.fips 2013-02-19 12:47:33.733118752 +0100
4287+++ openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c 2013-02-19 12:47:33.733118752 +0100
0595faf5
MT		 4288@@ -0,0 +1,292 @@
4289+/* fips/dh/fips_dhvs.c */
4290+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4291+ * project.
4292+ */
4293+/* ====================================================================
4294+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
4295+ *
4296+ * Redistribution and use in source and binary forms, with or without
4297+ * modification, are permitted provided that the following conditions
4298+ * are met:
4299+ *
4300+ * 1. Redistributions of source code must retain the above copyright
4301+ * notice, this list of conditions and the following disclaimer.
4302+ *
4303+ * 2. Redistributions in binary form must reproduce the above copyright
4304+ * notice, this list of conditions and the following disclaimer in
4305+ * the documentation and/or other materials provided with the
4306+ * distribution.
4307+ *
4308+ * 3. All advertising materials mentioning features or use of this
4309+ * software must display the following acknowledgment:
4310+ * "This product includes software developed by the OpenSSL Project
4311+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
4312+ *
4313+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
4314+ * endorse or promote products derived from this software without
4315+ * prior written permission. For written permission, please contact
4316+ * licensing@OpenSSL.org.
4317+ *
4318+ * 5. Products derived from this software may not be called "OpenSSL"
4319+ * nor may "OpenSSL" appear in their names without prior written
4320+ * permission of the OpenSSL Project.
4321+ *
4322+ * 6. Redistributions of any form whatsoever must retain the following
4323+ * acknowledgment:
4324+ * "This product includes software developed by the OpenSSL Project
4325+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
4326+ *
4327+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
4328+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4329+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
4330+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
4331+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
4332+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
4333+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
4334+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4335+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
4336+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
4337+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
4338+ * OF THE POSSIBILITY OF SUCH DAMAGE.
4339+ * ====================================================================
4340+ */
4341+
4342+
4343+#define OPENSSL_FIPSAPI
4344+#include <openssl/opensslconf.h>
4345+
4346+#ifndef OPENSSL_FIPS
4347+#include <stdio.h>
4348+
4349+int main(int argc, char **argv)
4350+{
4351+ printf("No FIPS DH support\n");
4352+ return(0);
4353+}
4354+#else
4355+
4356+#include <openssl/crypto.h>
4357+#include <openssl/bn.h>
4358+#include <openssl/dh.h>
4359+#include <openssl/fips.h>
4360+#include <openssl/err.h>
4361+#include <openssl/evp.h>
4362+#include <string.h>
4363+#include <ctype.h>
4364+
4365+#include "fips_utl.h"
4366+
4367+static const EVP_MD *parse_md(char *line)
4368+ {
4369+ char *p;
4370+ if (line[0] != '[' || line[1] != 'F')
4371+ return NULL;
4372+ p = strchr(line, '-');
4373+ if (!p)
4374+ return NULL;
4375+ line = p + 1;
4376+ p = strchr(line, ']');
4377+ if (!p)
4378+ return NULL;
4379+ *p = 0;
4380+ p = line;
4381+ while(isspace(*p))
4382+ p++;
4383+ if (!strcmp(p, "SHA1"))
4384+ return EVP_sha1();
4385+ else if (!strcmp(p, "SHA224"))
4386+ return EVP_sha224();
4387+ else if (!strcmp(p, "SHA256"))
4388+ return EVP_sha256();
4389+ else if (!strcmp(p, "SHA384"))
4390+ return EVP_sha384();
4391+ else if (!strcmp(p, "SHA512"))
4392+ return EVP_sha512();
4393+ else
4394+ return NULL;
4395+ }
4396+
4397+static void output_Zhash(FILE *out, int exout,
4398+ DH *dh, BIGNUM *peerkey, const EVP_MD *md,
4399+ unsigned char *rhash, size_t rhashlen)
4400+ {
4401+ unsigned char *Z;
4402+ unsigned char chash[EVP_MAX_MD_SIZE];
4403+ int Zlen;
4404+ if (rhash == NULL)
4405+ {
4406+ rhashlen = M_EVP_MD_size(md);
4407+ if (!DH_generate_key(dh))
4408+ exit (1);
4409+ do_bn_print_name(out, "YephemIUT", dh->pub_key);
4410+ if (exout)
4411+ do_bn_print_name(out, "XephemIUT", dh->priv_key);
4412+ }
4413+ Z = OPENSSL_malloc(BN_num_bytes(dh->p));
4414+ if (!Z)
4415+ exit(1);
4416+ Zlen = DH_compute_key_padded(Z, peerkey, dh);
4417+ if (exout)
4418+ OutputValue("Z", Z, Zlen, out, 0);
4419+ FIPS_digest(Z, Zlen, chash, NULL, md);
4420+ OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0);
4421+ if (rhash)
4422+ {
4423+ fprintf(out, "Result = %s\n",
4424+ memcmp(chash, rhash, rhashlen) ? "F" : "P");
4425+ }
4426+ else
4427+ {
4428+ BN_clear_free(dh->priv_key);
4429+ BN_clear_free(dh->pub_key);
4430+ dh->priv_key = NULL;
4431+ dh->pub_key = NULL;
4432+ }
4433+ OPENSSL_cleanse(Z, Zlen);
4434+ OPENSSL_free(Z);
4435+ }
4436+
4437+#ifdef FIPS_ALGVS
4438+int fips_dhvs_main(int argc, char **argv)
4439+#else
4440+int main(int argc, char **argv)
4441+#endif
4442+ {
4443+ char **args = argv + 1;
4444+ int argn = argc - 1;
4445+ FILE *in, *out;
4446+ char buf[2048], lbuf[2048];
4447+ unsigned char *rhash;
4448+ long rhashlen;
4449+ DH *dh = NULL;
4450+ const EVP_MD *md = NULL;
4451+ BIGNUM *peerkey = NULL;
4452+ char *keyword = NULL, *value = NULL;
4453+ int do_verify = -1, exout = 0;
4454+
4455+ fips_algtest_init();
4456+
4457+ if (argn && !strcmp(*args, "dhver"))
4458+ {
4459+ do_verify = 1;
4460+ args++;
4461+ argn--;
4462+ }
4463+ else if (argn && !strcmp(*args, "dhgen"))
4464+ {
4465+ do_verify = 0;
4466+ args++;
4467+ argn--;
4468+ }
4469+
4470+ if (argn && !strcmp(*args, "-exout"))
4471+ {
4472+ exout = 1;
4473+ args++;
4474+ argn--;
4475+ }
4476+
4477+ if (do_verify == -1)
4478+ {
4479+ fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
4480+ exit(1);
4481+ }
4482+
4483+ if (argn == 2)
4484+ {
4485+ in = fopen(*args, "r");
4486+ if (!in)
4487+ {
4488+ fprintf(stderr, "Error opening input file\n");
4489+ exit(1);
4490+ }
4491+ out = fopen(args[1], "w");
4492+ if (!out)
4493+ {
4494+ fprintf(stderr, "Error opening output file\n");
4495+ exit(1);
4496+ }
4497+ }
4498+ else if (argn == 0)
4499+ {
4500+ in = stdin;
4501+ out = stdout;
4502+ }
4503+ else
4504+ {
4505+ fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
4506+ exit(1);
4507+ }
4508+
4509+ dh = FIPS_dh_new();
4510+
4511+ while (fgets(buf, sizeof(buf), in) != NULL)
4512+ {
4513+ fputs(buf, out);
4514+ if (strlen(buf) > 6 && !strncmp(buf, "[F", 2))
4515+ {
4516+ md = parse_md(buf);
4517+ if (md == NULL)
4518+ goto parse_error;
4519+ if (dh)
4520+ FIPS_dh_free(dh);
4521+ dh = FIPS_dh_new();
4522+ continue;
4523+ }
4524+ if (!parse_line(&keyword, &value, lbuf, buf))
4525+ continue;
4526+ if (!strcmp(keyword, "P"))
4527+ {
4528+ if (!do_hex2bn(&dh->p, value))
4529+ goto parse_error;
4530+ }
4531+ else if (!strcmp(keyword, "Q"))
4532+ {
4533+ if (!do_hex2bn(&dh->q, value))
4534+ goto parse_error;
4535+ }
4536+ else if (!strcmp(keyword, "G"))
4537+ {
4538+ if (!do_hex2bn(&dh->g, value))
4539+ goto parse_error;
4540+ }
4541+ else if (!strcmp(keyword, "XephemIUT"))
4542+ {
4543+ if (!do_hex2bn(&dh->priv_key, value))
4544+ goto parse_error;
4545+ }
4546+ else if (!strcmp(keyword, "YephemIUT"))
4547+ {
4548+ if (!do_hex2bn(&dh->pub_key, value))
4549+ goto parse_error;
4550+ }
4551+ else if (!strcmp(keyword, "YephemCAVS"))
4552+ {
4553+ if (!do_hex2bn(&peerkey, value))
4554+ goto parse_error;
4555+ if (do_verify == 0)
4556+ output_Zhash(out, exout, dh, peerkey, md,
4557+ NULL, 0);
4558+ }
4559+ else if (!strcmp(keyword, "CAVSHashZZ"))
4560+ {
4561+ if (!md)
4562+ goto parse_error;
4563+ rhash = hex2bin_m(value, &rhashlen);
4564+ if (!rhash || rhashlen != M_EVP_MD_size(md))
4565+ goto parse_error;
4566+ output_Zhash(out, exout, dh, peerkey, md,
4567+ rhash, rhashlen);
4568+ }
4569+ }
4570+ if (in && in != stdin)
4571+ fclose(in);
4572+ if (out && out != stdout)
4573+ fclose(out);
4574+ return 0;
4575+ parse_error:
4576+ fprintf(stderr, "Error Parsing request file\n");
4577+ exit(1);
4578+ }
4579+
4580+#endif
37d333a7
MT		 4581diff -up openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c
4582--- openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c.fips 2013-02-19 12:47:33.733118752 +0100
4583+++ openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c 2013-02-19 12:47:33.733118752 +0100
0595faf5
MT		 4584@@ -0,0 +1,416 @@
4585+/* fips/rand/fips_drbgvs.c */
4586+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4587+ * project.
4588+ */
4589+/* ====================================================================
4590+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
4591+ *
4592+ * Redistribution and use in source and binary forms, with or without
4593+ * modification, are permitted provided that the following conditions
4594+ * are met:
4595+ *
4596+ * 1. Redistributions of source code must retain the above copyright
4597+ * notice, this list of conditions and the following disclaimer.
4598+ *
4599+ * 2. Redistributions in binary form must reproduce the above copyright
4600+ * notice, this list of conditions and the following disclaimer in
4601+ * the documentation and/or other materials provided with the
4602+ * distribution.
4603+ *
4604+ * 3. All advertising materials mentioning features or use of this
4605+ * software must display the following acknowledgment:
4606+ * "This product includes software developed by the OpenSSL Project
4607+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
4608+ *
4609+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
4610+ * endorse or promote products derived from this software without
4611+ * prior written permission. For written permission, please contact
4612+ * licensing@OpenSSL.org.
4613+ *
4614+ * 5. Products derived from this software may not be called "OpenSSL"
4615+ * nor may "OpenSSL" appear in their names without prior written
4616+ * permission of the OpenSSL Project.
4617+ *
4618+ * 6. Redistributions of any form whatsoever must retain the following
4619+ * acknowledgment:
4620+ * "This product includes software developed by the OpenSSL Project
4621+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
4622+ *
4623+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
4624+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4625+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
4626+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
4627+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
4628+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
4629+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
4630+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4631+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
4632+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
4633+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
4634+ * OF THE POSSIBILITY OF SUCH DAMAGE.
4635+ * ====================================================================
4636+ */
4637+
4638+
4639+#define OPENSSL_FIPSAPI
4640+#include <openssl/opensslconf.h>
4641+
4642+#ifndef OPENSSL_FIPS
4643+#include <stdio.h>
4644+
4645+int main(int argc, char **argv)
4646+{
4647+ printf("No FIPS DRBG support\n");
4648+ return(0);
4649+}
4650+#else
4651+
4652+#include <openssl/bn.h>
4653+#include <openssl/dsa.h>
4654+#include <openssl/fips.h>
4655+#include <openssl/fips_rand.h>
4656+#include <openssl/err.h>
4657+#include <openssl/evp.h>
4658+#include <string.h>
4659+#include <ctype.h>
4660+
4661+#include "fips_utl.h"
4662+
4663+static int dparse_md(char *str)
4664+ {
4665+ switch(atoi(str + 5))
4666+ {
4667+ case 1:
4668+ return NID_sha1;
4669+
4670+ case 224:
4671+ return NID_sha224;
4672+
4673+ case 256:
4674+ return NID_sha256;
4675+
4676+ case 384:
4677+ return NID_sha384;
4678+
4679+ case 512:
4680+ return NID_sha512;
4681+
4682+ }
4683+
4684+ return NID_undef;
4685+ }
4686+
4687+static int parse_ec(char *str)
4688+ {
4689+ int curve_nid, md_nid;
4690+ char *md;
4691+ md = strchr(str, ' ');
4692+ if (!md)
4693+ return NID_undef;
4694+ if (!strncmp(str, "[P-256", 6))
4695+ curve_nid = NID_X9_62_prime256v1;
4696+ else if (!strncmp(str, "[P-384", 6))
4697+ curve_nid = NID_secp384r1;
4698+ else if (!strncmp(str, "[P-521", 6))
4699+ curve_nid = NID_secp521r1;
4700+ else
4701+ return NID_undef;
4702+ md_nid = dparse_md(md);
4703+ if (md_nid == NID_undef)
4704+ return NID_undef;
4705+ return (curve_nid << 16) | md_nid;
4706+ }
4707+
4708+static int parse_aes(char *str, int *pdf)
4709+ {
4710+
4711+ if (!strncmp(str + 9, "no", 2))
4712+ *pdf = 0;
4713+ else
4714+ *pdf = DRBG_FLAG_CTR_USE_DF;
4715+
4716+ switch(atoi(str + 5))
4717+ {
4718+ case 128:
4719+ return NID_aes_128_ctr;
4720+
4721+ case 192:
4722+ return NID_aes_192_ctr;
4723+
4724+ case 256:
4725+ return NID_aes_256_ctr;
4726+
4727+ default:
4728+ return NID_undef;
4729+
4730+ }
4731+ }
4732+
4733+typedef struct
4734+ {
4735+ unsigned char *ent;
4736+ size_t entlen;
4737+ unsigned char *nonce;
4738+ size_t noncelen;
4739+ } TEST_ENT;
4740+
4741+static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
4742+ int entropy, size_t min_len, size_t max_len)
4743+ {
4744+ TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
4745+ *pout = (unsigned char *)t->ent;
4746+ return t->entlen;
4747+ }
4748+
4749+static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
4750+ int entropy, size_t min_len, size_t max_len)
4751+ {
4752+ TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
4753+ *pout = (unsigned char *)t->nonce;
4754+ return t->noncelen;
4755+ }
4756+
4757+#ifdef FIPS_ALGVS
4758+int fips_drbgvs_main(int argc,char **argv)
4759+#else
4760+int main(int argc,char **argv)
4761+#endif
4762+ {
4763+ FILE *in = NULL, *out = NULL;
4764+ DRBG_CTX *dctx = NULL;
4765+ TEST_ENT t;
4766+ int r, nid = 0;
4767+ int pr = 0;
4768+ char buf[2048], lbuf[2048];
4769+ unsigned char randout[2048];
4770+ char *keyword = NULL, *value = NULL;
4771+
4772+ unsigned char *ent = NULL, *nonce = NULL, *pers = NULL, *adin = NULL;
4773+ long entlen, noncelen, perslen, adinlen;
4774+ int df = 0;
4775+
4776+ enum dtype { DRBG_NONE, DRBG_CTR, DRBG_HASH, DRBG_HMAC, DRBG_DUAL_EC }
4777+ drbg_type = DRBG_NONE;
4778+
4779+ int randoutlen = 0;
4780+
4781+ int gen = 0;
4782+
4783+ fips_algtest_init();
4784+
4785+ if (argc == 3)
4786+ {
4787+ in = fopen(argv[1], "r");
4788+ if (!in)
4789+ {
4790+ fprintf(stderr, "Error opening input file\n");
4791+ exit(1);
4792+ }
4793+ out = fopen(argv[2], "w");
4794+ if (!out)
4795+ {
4796+ fprintf(stderr, "Error opening output file\n");
4797+ exit(1);
4798+ }
4799+ }
4800+ else if (argc == 1)
4801+ {
4802+ in = stdin;
4803+ out = stdout;
4804+ }
4805+ else
4806+ {
4807+ fprintf(stderr,"%s (infile outfile)\n",argv[0]);
4808+ exit(1);
4809+ }
4810+
4811+ while (fgets(buf, sizeof(buf), in) != NULL)
4812+ {
4813+ fputs(buf, out);
4814+ if (drbg_type == DRBG_NONE)
4815+ {
4816+ if (strstr(buf, "CTR_DRBG"))
4817+ drbg_type = DRBG_CTR;
4818+ else if (strstr(buf, "Hash_DRBG"))
4819+ drbg_type = DRBG_HASH;
4820+ else if (strstr(buf, "HMAC_DRBG"))
4821+ drbg_type = DRBG_HMAC;
4822+ else if (strstr(buf, "Dual_EC_DRBG"))
4823+ drbg_type = DRBG_DUAL_EC;
4824+ else
4825+ continue;
4826+ }
4827+ if (strlen(buf) > 4 && !strncmp(buf, "[SHA-", 5))
4828+ {
4829+ nid = dparse_md(buf);
4830+ if (nid == NID_undef)
4831+ exit(1);
4832+ if (drbg_type == DRBG_HMAC)
4833+ {
4834+ switch (nid)
4835+ {
4836+ case NID_sha1:
4837+ nid = NID_hmacWithSHA1;
4838+ break;
4839+
4840+ case NID_sha224:
4841+ nid = NID_hmacWithSHA224;
4842+ break;
4843+
4844+ case NID_sha256:
4845+ nid = NID_hmacWithSHA256;
4846+ break;
4847+
4848+ case NID_sha384:
4849+ nid = NID_hmacWithSHA384;
4850+ break;
4851+
4852+ case NID_sha512:
4853+ nid = NID_hmacWithSHA512;
4854+ break;
4855+
4856+ default:
4857+ exit(1);
4858+ }
4859+ }
4860+ }
4861+ if (strlen(buf) > 12 && !strncmp(buf, "[AES-", 5))
4862+ {
4863+ nid = parse_aes(buf, &df);
4864+ if (nid == NID_undef)
4865+ exit(1);
4866+ }
4867+ if (strlen(buf) > 12 && !strncmp(buf, "[P-", 3))
4868+ {
4869+ nid = parse_ec(buf);
4870+ if (nid == NID_undef)
4871+ exit(1);
4872+ }
4873+ if (!parse_line(&keyword, &value, lbuf, buf))
4874+ continue;
4875+
4876+ if (!strcmp(keyword, "[PredictionResistance"))
4877+ {
4878+ if (!strcmp(value, "True]"))
4879+ pr = 1;
4880+ else if (!strcmp(value, "False]"))
4881+ pr = 0;
4882+ else
4883+ exit(1);
4884+ }
4885+
4886+ if (!strcmp(keyword, "EntropyInput"))
4887+ {
4888+ ent = hex2bin_m(value, &entlen);
4889+ t.ent = ent;
4890+ t.entlen = entlen;
4891+ }
4892+
4893+ if (!strcmp(keyword, "Nonce"))
4894+ {
4895+ nonce = hex2bin_m(value, &noncelen);
4896+ t.nonce = nonce;
4897+ t.noncelen = noncelen;
4898+ }
4899+
4900+ if (!strcmp(keyword, "PersonalizationString"))
4901+ {
4902+ pers = hex2bin_m(value, &perslen);
4903+ if (nid == 0)
4904+ {
4905+ fprintf(stderr, "DRBG type not recognised!\n");
4906+ exit (1);
4907+ }
4908+ dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST);
4909+ if (!dctx)
4910+ exit (1);
4911+ FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0,
4912+ test_nonce, 0);
4913+ FIPS_drbg_set_app_data(dctx, &t);
4914+ randoutlen = (int)FIPS_drbg_get_blocklength(dctx);
4915+ r = FIPS_drbg_instantiate(dctx, pers, perslen);
4916+ if (!r)
4917+ {
4918+ fprintf(stderr, "Error instantiating DRBG\n");
4919+ exit(1);
4920+ }
4921+ OPENSSL_free(pers);
4922+ OPENSSL_free(ent);
4923+ OPENSSL_free(nonce);
4924+ ent = nonce = pers = NULL;
4925+ gen = 0;
4926+ }
4927+
4928+ if (!strcmp(keyword, "AdditionalInput"))
4929+ {
4930+ adin = hex2bin_m(value, &adinlen);
4931+ if (pr)
4932+ continue;
4933+ r = FIPS_drbg_generate(dctx, randout, randoutlen, 0,
4934+ adin, adinlen);
4935+ if (!r)
4936+ {
4937+ fprintf(stderr, "Error generating DRBG bits\n");
4938+ exit(1);
4939+ }
4940+ if (!r)
4941+ exit(1);
4942+ OPENSSL_free(adin);
4943+ adin = NULL;
4944+ gen++;
4945+ }
4946+
4947+ if (pr)
4948+ {
4949+ if (!strcmp(keyword, "EntropyInputPR"))
4950+ {
4951+ ent = hex2bin_m(value, &entlen);
4952+ t.ent = ent;
4953+ t.entlen = entlen;
4954+ r = FIPS_drbg_generate(dctx,
4955+ randout, randoutlen,
4956+ 1, adin, adinlen);
4957+ if (!r)
4958+ {
4959+ fprintf(stderr,
4960+ "Error generating DRBG bits\n");
4961+ exit(1);
4962+ }
4963+ OPENSSL_free(adin);
4964+ OPENSSL_free(ent);
4965+ adin = ent = NULL;
4966+ gen++;
4967+ }
4968+ }
4969+ if (!strcmp(keyword, "EntropyInputReseed"))
4970+ {
4971+ ent = hex2bin_m(value, &entlen);
4972+ t.ent = ent;
4973+ t.entlen = entlen;
4974+ }
4975+ if (!strcmp(keyword, "AdditionalInputReseed"))
4976+ {
4977+ adin = hex2bin_m(value, &adinlen);
4978+ FIPS_drbg_reseed(dctx, adin, adinlen);
4979+ OPENSSL_free(ent);
4980+ OPENSSL_free(adin);
4981+ ent = adin = NULL;
4982+ }
4983+ if (gen == 2)
4984+ {
4985+ OutputValue("ReturnedBits", randout, randoutlen,
4986+ out, 0);
4987+ FIPS_drbg_free(dctx);
4988+ dctx = NULL;
4989+ gen = 0;
4990+ }
4991+
4992+ }
4993+ if (in && in != stdin)
4994+ fclose(in);
4995+ if (out && out != stdout)
4996+ fclose(out);
4997+ return 0;
4998+ }
4999+
5000+#endif
37d333a7
MT		 5001diff -up openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c
5002--- openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c.fips 2013-02-19 12:47:33.733118752 +0100
5003+++ openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c 2013-02-19 12:47:33.733118752 +0100
0595faf5
MT		 5004@@ -0,0 +1,537 @@
5005+#include <openssl/opensslconf.h>
5006+
5007+#ifndef OPENSSL_FIPS
5008+#include <stdio.h>
5009+
5010+int main(int argc, char **argv)
5011+{
5012+ printf("No FIPS DSA support\n");
5013+ return(0);
5014+}
5015+#else
5016+
5017+#include <openssl/bn.h>
5018+#include <openssl/dsa.h>
5019+#include <openssl/fips.h>
5020+#include <openssl/err.h>
5021+#include <openssl/evp.h>
5022+#include <string.h>
5023+#include <ctype.h>
5024+
5025+#include "fips_utl.h"
5026+
5027+static void pbn(const char *name, BIGNUM *bn)
5028+ {
5029+ int len, i;
5030+ unsigned char *tmp;
5031+ len = BN_num_bytes(bn);
5032+ tmp = OPENSSL_malloc(len);
5033+ if (!tmp)
5034+ {
5035+ fprintf(stderr, "Memory allocation error\n");
5036+ return;
5037+ }
5038+ BN_bn2bin(bn, tmp);
5039+ printf("%s = ", name);
5040+ for (i = 0; i < len; i++)
5041+ printf("%02X", tmp[i]);
5042+ fputs("\n", stdout);
5043+ OPENSSL_free(tmp);
5044+ return;
5045+ }
5046+
5047+void primes()
5048+ {
5049+ char buf[10240];
5050+ char lbuf[10240];
5051+ char *keyword, *value;
5052+
5053+ while(fgets(buf,sizeof buf,stdin) != NULL)
5054+ {
5055+ fputs(buf,stdout);
5056+ if (!parse_line(&keyword, &value, lbuf, buf))
5057+ continue;
5058+ if(!strcmp(keyword,"Prime"))
5059+ {
5060+ BIGNUM *pp;
5061+
5062+ pp=BN_new();
5063+ do_hex2bn(&pp,value);
5064+ printf("result= %c\n",
5065+ BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
5066+ }
5067+ }
5068+ }
5069+
5070+void pqg()
5071+ {
5072+ char buf[1024];
5073+ char lbuf[1024];
5074+ char *keyword, *value;
5075+ int nmod=0;
5076+
5077+ while(fgets(buf,sizeof buf,stdin) != NULL)
5078+ {
5079+ if (!parse_line(&keyword, &value, lbuf, buf))
5080+ {
5081+ fputs(buf,stdout);
5082+ continue;
5083+ }
5084+ if(!strcmp(keyword,"[mod"))
5085+ nmod=atoi(value);
5086+ else if(!strcmp(keyword,"N"))
5087+ {
5088+ int n=atoi(value);
5089+
5090+ printf("[mod = %d]\n\n",nmod);
5091+
5092+ while(n--)
5093+ {
5094+ unsigned char seed[20];
5095+ DSA *dsa;
5096+ int counter;
5097+ unsigned long h;
5098+ dsa = FIPS_dsa_new();
5099+
5100+ if (!DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL))
5101+ {
5102+ do_print_errors();
5103+ exit(1);
5104+ }
5105+ pbn("P",dsa->p);
5106+ pbn("Q",dsa->q);
5107+ pbn("G",dsa->g);
5108+ pv("Seed",seed,20);
5109+ printf("c = %d\n",counter);
5110+ printf("H = %lx\n",h);
5111+ putc('\n',stdout);
5112+ }
5113+ }
5114+ else
5115+ fputs(buf,stdout);
5116+ }
5117+ }
5118+
5119+void pqgver()
5120+ {
5121+ char buf[1024];
5122+ char lbuf[1024];
5123+ char *keyword, *value;
5124+ BIGNUM *p = NULL, *q = NULL, *g = NULL;
5125+ int counter, counter2;
5126+ unsigned long h, h2;
5127+ DSA *dsa=NULL;
5128+ int nmod=0;
5129+ unsigned char seed[1024];
5130+
5131+ while(fgets(buf,sizeof buf,stdin) != NULL)
5132+ {
5133+ if (!parse_line(&keyword, &value, lbuf, buf))
5134+ {
5135+ fputs(buf,stdout);
5136+ continue;
5137+ }
5138+ fputs(buf, stdout);
5139+ if(!strcmp(keyword,"[mod"))
5140+ nmod=atoi(value);
5141+ else if(!strcmp(keyword,"P"))
5142+ p=hex2bn(value);
5143+ else if(!strcmp(keyword,"Q"))
5144+ q=hex2bn(value);
5145+ else if(!strcmp(keyword,"G"))
5146+ g=hex2bn(value);
5147+ else if(!strcmp(keyword,"Seed"))
5148+ {
5149+ int slen = hex2bin(value, seed);
5150+ if (slen != 20)
5151+ {
5152+ fprintf(stderr, "Seed parse length error\n");
5153+ exit (1);
5154+ }
5155+ }
5156+ else if(!strcmp(keyword,"c"))
5157+ counter =atoi(buf+4);
5158+ else if(!strcmp(keyword,"H"))
5159+ {
5160+ h = atoi(value);
5161+ if (!p || !q || !g)
5162+ {
5163+ fprintf(stderr, "Parse Error\n");
5164+ exit (1);
5165+ }
5166+ dsa = FIPS_dsa_new();
5167+ if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
5168+ {
5169+ do_print_errors();
5170+ exit(1);
5171+ }
5172+ if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
5173+ || (counter != counter2) || (h != h2))
5174+ printf("Result = F\n");
5175+ else
5176+ printf("Result = P\n");
5177+ BN_free(p);
5178+ BN_free(q);
5179+ BN_free(g);
5180+ p = NULL;
5181+ q = NULL;
5182+ g = NULL;
5183+ FIPS_dsa_free(dsa);
5184+ dsa = NULL;
5185+ }
5186+ }
5187+ }
5188+
5189+/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
5190+ * algorithm tests. It is an additional test to perform sanity checks on the
5191+ * output of the KeyPair test.
5192+ */
5193+
5194+static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
5195+ BN_CTX *ctx)
5196+ {
5197+ BIGNUM *rem = NULL;
5198+ if (BN_num_bits(p) != nmod)
5199+ return 0;
5200+ if (BN_num_bits(q) != 160)
5201+ return 0;
5202+ if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
5203+ return 0;
5204+ if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
5205+ return 0;
5206+ rem = BN_new();
5207+ if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
5208+ || (BN_cmp(g, BN_value_one()) <= 0)
5209+ || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
5210+ {
5211+ BN_free(rem);
5212+ return 0;
5213+ }
5214+ /* Todo: check g */
5215+ BN_free(rem);
5216+ return 1;
5217+ }
5218+
5219+void keyver()
5220+ {
5221+ char buf[1024];
5222+ char lbuf[1024];
5223+ char *keyword, *value;
5224+ BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
5225+ BIGNUM *Y2;
5226+ BN_CTX *ctx = NULL;
5227+ int nmod=0, paramcheck = 0;
5228+
5229+ ctx = BN_CTX_new();
5230+ Y2 = BN_new();
5231+
5232+ while(fgets(buf,sizeof buf,stdin) != NULL)
5233+ {
5234+ if (!parse_line(&keyword, &value, lbuf, buf))
5235+ {
5236+ fputs(buf,stdout);
5237+ continue;
5238+ }
5239+ if(!strcmp(keyword,"[mod"))
5240+ {
5241+ if (p)
5242+ BN_free(p);
5243+ p = NULL;
5244+ if (q)
5245+ BN_free(q);
5246+ q = NULL;
5247+ if (g)
5248+ BN_free(g);
5249+ g = NULL;
5250+ paramcheck = 0;
5251+ nmod=atoi(value);
5252+ }
5253+ else if(!strcmp(keyword,"P"))
5254+ p=hex2bn(value);
5255+ else if(!strcmp(keyword,"Q"))
5256+ q=hex2bn(value);
5257+ else if(!strcmp(keyword,"G"))
5258+ g=hex2bn(value);
5259+ else if(!strcmp(keyword,"X"))
5260+ X=hex2bn(value);
5261+ else if(!strcmp(keyword,"Y"))
5262+ {
5263+ Y=hex2bn(value);
5264+ if (!p || !q || !g || !X || !Y)
5265+ {
5266+ fprintf(stderr, "Parse Error\n");
5267+ exit (1);
5268+ }
5269+ pbn("P",p);
5270+ pbn("Q",q);
5271+ pbn("G",g);
5272+ pbn("X",X);
5273+ pbn("Y",Y);
5274+ if (!paramcheck)
5275+ {
5276+ if (dss_paramcheck(nmod, p, q, g, ctx))
5277+ paramcheck = 1;
5278+ else
5279+ paramcheck = -1;
5280+ }
5281+ if (paramcheck != 1)
5282+ printf("Result = F\n");
5283+ else
5284+ {
5285+ if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
5286+ printf("Result = F\n");
5287+ else
5288+ printf("Result = P\n");
5289+ }
5290+ BN_free(X);
5291+ BN_free(Y);
5292+ X = NULL;
5293+ Y = NULL;
5294+ }
5295+ }
5296+ if (p)
5297+ BN_free(p);
5298+ if (q)
5299+ BN_free(q);
5300+ if (g)
5301+ BN_free(g);
5302+ if (Y2)
5303+ BN_free(Y2);
5304+ }
5305+
5306+void keypair()
5307+ {
5308+ char buf[1024];
5309+ char lbuf[1024];
5310+ char *keyword, *value;
5311+ int nmod=0;
5312+
5313+ while(fgets(buf,sizeof buf,stdin) != NULL)
5314+ {
5315+ if (!parse_line(&keyword, &value, lbuf, buf))
5316+ {
5317+ fputs(buf,stdout);
5318+ continue;
5319+ }
5320+ if(!strcmp(keyword,"[mod"))
5321+ nmod=atoi(value);
5322+ else if(!strcmp(keyword,"N"))
5323+ {
5324+ DSA *dsa;
5325+ int n=atoi(value);
5326+
5327+ printf("[mod = %d]\n\n",nmod);
5328+ dsa = FIPS_dsa_new();
5329+ if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
5330+ {
5331+ do_print_errors();
5332+ exit(1);
5333+ }
5334+ pbn("P",dsa->p);
5335+ pbn("Q",dsa->q);
5336+ pbn("G",dsa->g);
5337+ putc('\n',stdout);
5338+
5339+ while(n--)
5340+ {
5341+ if (!DSA_generate_key(dsa))
5342+ {
5343+ do_print_errors();
5344+ exit(1);
5345+ }
5346+
5347+ pbn("X",dsa->priv_key);
5348+ pbn("Y",dsa->pub_key);
5349+ putc('\n',stdout);
5350+ }
5351+ }
5352+ }
5353+ }
5354+
5355+void siggen()
5356+ {
5357+ char buf[1024];
5358+ char lbuf[1024];
5359+ char *keyword, *value;
5360+ int nmod=0;
5361+ DSA *dsa=NULL;
5362+
5363+ while(fgets(buf,sizeof buf,stdin) != NULL)
5364+ {
5365+ if (!parse_line(&keyword, &value, lbuf, buf))
5366+ {
5367+ fputs(buf,stdout);
5368+ continue;
5369+ }
5370+ if(!strcmp(keyword,"[mod"))
5371+ {
5372+ nmod=atoi(value);
5373+ printf("[mod = %d]\n\n",nmod);
5374+ if (dsa)
5375+ FIPS_dsa_free(dsa);
5376+ dsa = FIPS_dsa_new();
5377+ if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
5378+ {
5379+ do_print_errors();
5380+ exit(1);
5381+ }
5382+ pbn("P",dsa->p);
5383+ pbn("Q",dsa->q);
5384+ pbn("G",dsa->g);
5385+ putc('\n',stdout);
5386+ }
5387+ else if(!strcmp(keyword,"Msg"))
5388+ {
5389+ unsigned char msg[1024];
5390+ unsigned char sbuf[60];
5391+ unsigned int slen;
5392+ int n;
5393+ EVP_PKEY pk;
5394+ EVP_MD_CTX mctx;
5395+ DSA_SIG *sig;
5396+ EVP_MD_CTX_init(&mctx);
5397+
5398+ n=hex2bin(value,msg);
5399+ pv("Msg",msg,n);
5400+
5401+ if (!DSA_generate_key(dsa))
5402+ {
5403+ do_print_errors();
5404+ exit(1);
5405+ }
5406+ pk.type = EVP_PKEY_DSA;
5407+ pk.pkey.dsa = dsa;
5408+ pbn("Y",dsa->pub_key);
5409+
5410+ EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
5411+ EVP_SignUpdate(&mctx, msg, n);
5412+ EVP_SignFinal(&mctx, sbuf, &slen, &pk);
5413+
5414+ sig = DSA_SIG_new();
5415+ FIPS_dsa_sig_decode(sig, sbuf, slen);
5416+
5417+ pbn("R",sig->r);
5418+ pbn("S",sig->s);
5419+ putc('\n',stdout);
5420+ DSA_SIG_free(sig);
5421+ EVP_MD_CTX_cleanup(&mctx);
5422+ }
5423+ }
5424+ if (dsa)
5425+ FIPS_dsa_free(dsa);
5426+ }
5427+
5428+void sigver()
5429+ {
5430+ DSA *dsa=NULL;
5431+ char buf[1024];
5432+ char lbuf[1024];
5433+ unsigned char msg[1024];
5434+ char *keyword, *value;
5435+ int nmod=0, n=0;
5436+ DSA_SIG sg, *sig = &sg;
5437+
5438+ sig->r = NULL;
5439+ sig->s = NULL;
5440+
5441+ while(fgets(buf,sizeof buf,stdin) != NULL)
5442+ {
5443+ if (!parse_line(&keyword, &value, lbuf, buf))
5444+ {
5445+ fputs(buf,stdout);
5446+ continue;
5447+ }
5448+ if(!strcmp(keyword,"[mod"))
5449+ {
5450+ nmod=atoi(value);
5451+ if(dsa)
5452+ FIPS_dsa_free(dsa);
5453+ dsa=FIPS_dsa_new();
5454+ }
5455+ else if(!strcmp(keyword,"P"))
5456+ dsa->p=hex2bn(value);
5457+ else if(!strcmp(keyword,"Q"))
5458+ dsa->q=hex2bn(value);
5459+ else if(!strcmp(keyword,"G"))
5460+ {
5461+ dsa->g=hex2bn(value);
5462+
5463+ printf("[mod = %d]\n\n",nmod);
5464+ pbn("P",dsa->p);
5465+ pbn("Q",dsa->q);
5466+ pbn("G",dsa->g);
5467+ putc('\n',stdout);
5468+ }
5469+ else if(!strcmp(keyword,"Msg"))
5470+ {
5471+ n=hex2bin(value,msg);
5472+ pv("Msg",msg,n);
5473+ }
5474+ else if(!strcmp(keyword,"Y"))
5475+ dsa->pub_key=hex2bn(value);
5476+ else if(!strcmp(keyword,"R"))
5477+ sig->r=hex2bn(value);
5478+ else if(!strcmp(keyword,"S"))
5479+ {
5480+ EVP_MD_CTX mctx;
5481+ EVP_PKEY pk;
5482+ unsigned char sigbuf[60];
5483+ unsigned int slen;
5484+ int r;
5485+ EVP_MD_CTX_init(&mctx);
5486+ pk.type = EVP_PKEY_DSA;
5487+ pk.pkey.dsa = dsa;
5488+ sig->s=hex2bn(value);
5489+
5490+ pbn("Y",dsa->pub_key);
5491+ pbn("R",sig->r);
5492+ pbn("S",sig->s);
5493+
5494+ slen = FIPS_dsa_sig_encode(sigbuf, sig);
5495+ EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL);
5496+ EVP_VerifyUpdate(&mctx, msg, n);
5497+ r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk);
5498+ EVP_MD_CTX_cleanup(&mctx);
5499+
5500+ printf("Result = %c\n", r == 1 ? 'P' : 'F');
5501+ putc('\n',stdout);
5502+ }
5503+ }
5504+ }
5505+
5506+int main(int argc,char **argv)
5507+ {
5508+ if(argc != 2)
5509+ {
5510+ fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]);
5511+ exit(1);
5512+ }
5513+ if(!FIPS_mode_set(1))
5514+ {
5515+ do_print_errors();
5516+ exit(1);
5517+ }
5518+ if(!strcmp(argv[1],"prime"))
5519+ primes();
5520+ else if(!strcmp(argv[1],"pqg"))
5521+ pqg();
5522+ else if(!strcmp(argv[1],"pqgver"))
5523+ pqgver();
5524+ else if(!strcmp(argv[1],"keypair"))
5525+ keypair();
5526+ else if(!strcmp(argv[1],"keyver"))
5527+ keyver();
5528+ else if(!strcmp(argv[1],"siggen"))
5529+ siggen();
5530+ else if(!strcmp(argv[1],"sigver"))
5531+ sigver();
5532+ else
5533+ {
5534+ fprintf(stderr,"Don't know how to %s.\n",argv[1]);
5535+ exit(1);
5536+ }
5537+
5538+ return 0;
5539+ }
5540+
5541+#endif
37d333a7
MT		 5542diff -up openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c
5543--- openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c.fips 2013-02-19 12:47:33.734118772 +0100
5544+++ openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c 2013-02-19 12:47:33.734118772 +0100
0595faf5
MT		 5545@@ -0,0 +1,571 @@
5546+/* fips/aes/fips_gcmtest.c */
5547+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
5548+ * project.
5549+ */
5550+/* ====================================================================
5551+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
5552+ *
5553+ * Redistribution and use in source and binary forms, with or without
5554+ * modification, are permitted provided that the following conditions
5555+ * are met:
5556+ *
5557+ * 1. Redistributions of source code must retain the above copyright
5558+ * notice, this list of conditions and the following disclaimer.
5559+ *
5560+ * 2. Redistributions in binary form must reproduce the above copyright
5561+ * notice, this list of conditions and the following disclaimer in
5562+ * the documentation and/or other materials provided with the
5563+ * distribution.
5564+ *
5565+ * 3. All advertising materials mentioning features or use of this
5566+ * software must display the following acknowledgment:
5567+ * "This product includes software developed by the OpenSSL Project
5568+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
5569+ *
5570+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
5571+ * endorse or promote products derived from this software without
5572+ * prior written permission. For written permission, please contact
5573+ * licensing@OpenSSL.org.
5574+ *
5575+ * 5. Products derived from this software may not be called "OpenSSL"
5576+ * nor may "OpenSSL" appear in their names without prior written
5577+ * permission of the OpenSSL Project.
5578+ *
5579+ * 6. Redistributions of any form whatsoever must retain the following
5580+ * acknowledgment:
5581+ * "This product includes software developed by the OpenSSL Project
5582+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
5583+ *
5584+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
5585+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
5586+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
5587+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
5588+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
5589+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
5590+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
5591+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
5592+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
5593+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
5594+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
5595+ * OF THE POSSIBILITY OF SUCH DAMAGE.
5596+ * ====================================================================
5597+ */
5598+
5599+
5600+#define OPENSSL_FIPSAPI
5601+#include <openssl/opensslconf.h>
5602+
5603+#ifndef OPENSSL_FIPS
5604+#include <stdio.h>
5605+
5606+int main(int argc, char **argv)
5607+{
5608+ printf("No FIPS GCM support\n");
5609+ return(0);
5610+}
5611+#else
5612+
5613+#include <openssl/bn.h>
5614+#include <openssl/dsa.h>
5615+#include <openssl/fips.h>
5616+#include <openssl/err.h>
5617+#include <openssl/evp.h>
5618+#include <string.h>
5619+#include <ctype.h>
5620+
5621+#include "fips_utl.h"
5622+
5623+static void gcmtest(FILE *in, FILE *out, int encrypt)
5624+ {
5625+ char buf[2048];
5626+ char lbuf[2048];
5627+ char *keyword, *value;
5628+ int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1;
5629+ int rv;
5630+ long l;
5631+ unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL;
5632+ unsigned char *ct = NULL, *pt = NULL;
5633+ EVP_CIPHER_CTX ctx;
5634+ const EVP_CIPHER *gcm = NULL;
5635+ FIPS_cipher_ctx_init(&ctx);
5636+
5637+ while(fgets(buf,sizeof buf,in) != NULL)
5638+ {
5639+ fputs(buf,out);
5640+ if (!parse_line(&keyword, &value, lbuf, buf))
5641+ continue;
5642+ if(!strcmp(keyword,"[Keylen"))
5643+ {
5644+ keylen = atoi(value);
5645+ if (keylen == 128)
5646+ gcm = EVP_aes_128_gcm();
5647+ else if (keylen == 192)
5648+ gcm = EVP_aes_192_gcm();
5649+ else if (keylen == 256)
5650+ gcm = EVP_aes_256_gcm();
5651+ else
5652+ {
5653+ fprintf(stderr, "Unsupported keylen %d\n",
5654+ keylen);
5655+ }
5656+ keylen >>= 3;
5657+ }
5658+ else if (!strcmp(keyword, "[IVlen"))
5659+ ivlen = atoi(value) >> 3;
5660+ else if (!strcmp(keyword, "[AADlen"))
5661+ aadlen = atoi(value) >> 3;
5662+ else if (!strcmp(keyword, "[Taglen"))
5663+ taglen = atoi(value) >> 3;
5664+ else if (!strcmp(keyword, "[PTlen"))
5665+ ptlen = atoi(value) >> 3;
5666+ else if(!strcmp(keyword,"Key"))
5667+ {
5668+ key = hex2bin_m(value, &l);
5669+ if (l != keylen)
5670+ {
5671+ fprintf(stderr, "Inconsistent Key length\n");
5672+ exit(1);
5673+ }
5674+ }
5675+ else if(!strcmp(keyword,"IV"))
5676+ {
5677+ iv = hex2bin_m(value, &l);
5678+ if (l != ivlen)
5679+ {
5680+ fprintf(stderr, "Inconsistent IV length\n");
5681+ exit(1);
5682+ }
5683+ }
5684+ else if(!strcmp(keyword,"PT"))
5685+ {
5686+ pt = hex2bin_m(value, &l);
5687+ if (l != ptlen)
5688+ {
5689+ fprintf(stderr, "Inconsistent PT length\n");
5690+ exit(1);
5691+ }
5692+ }
5693+ else if(!strcmp(keyword,"CT"))
5694+ {
5695+ ct = hex2bin_m(value, &l);
5696+ if (l != ptlen)
5697+ {
5698+ fprintf(stderr, "Inconsistent CT length\n");
5699+ exit(1);
5700+ }
5701+ }
5702+ else if(!strcmp(keyword,"AAD"))
5703+ {
5704+ aad = hex2bin_m(value, &l);
5705+ if (l != aadlen)
5706+ {
5707+ fprintf(stderr, "Inconsistent AAD length\n");
5708+ exit(1);
5709+ }
5710+ }
5711+ else if(!strcmp(keyword,"Tag"))
5712+ {
5713+ tag = hex2bin_m(value, &l);
5714+ if (l != taglen)
5715+ {
5716+ fprintf(stderr, "Inconsistent Tag length\n");
5717+ exit(1);
5718+ }
5719+ }
5720+ if (encrypt && pt && aad && (iv || encrypt==1))
5721+ {
5722+ tag = OPENSSL_malloc(taglen);
5723+ FIPS_cipherinit(&ctx, gcm, NULL, NULL, 1);
5724+ /* Relax FIPS constraints for testing */
5725+ M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
5726+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
5727+ if (encrypt == 1)
5728+ {
5729+ static unsigned char iv_fixed[4] = {1,2,3,4};
5730+ if (!iv)
5731+ iv = OPENSSL_malloc(ivlen);
5732+ FIPS_cipherinit(&ctx, NULL, key, NULL, 1);
5733+ FIPS_cipher_ctx_ctrl(&ctx,
5734+ EVP_CTRL_GCM_SET_IV_FIXED,
5735+ 4, iv_fixed);
5736+ if (!FIPS_cipher_ctx_ctrl(&ctx,
5737+ EVP_CTRL_GCM_IV_GEN, 0, iv))
5738+ {
5739+ fprintf(stderr, "IV gen error\n");
5740+ exit(1);
5741+ }
5742+ OutputValue("IV", iv, ivlen, out, 0);
5743+ }
5744+ else
5745+ FIPS_cipherinit(&ctx, NULL, key, iv, 1);
5746+
5747+
5748+ if (aadlen)
5749+ FIPS_cipher(&ctx, NULL, aad, aadlen);
5750+ if (ptlen)
5751+ {
5752+ ct = OPENSSL_malloc(ptlen);
5753+ rv = FIPS_cipher(&ctx, ct, pt, ptlen);
5754+ }
5755+ FIPS_cipher(&ctx, NULL, NULL, 0);
5756+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG,
5757+ taglen, tag);
5758+ OutputValue("CT", ct, ptlen, out, 0);
5759+ OutputValue("Tag", tag, taglen, out, 0);
5760+ if (iv)
5761+ OPENSSL_free(iv);
5762+ if (aad)
5763+ OPENSSL_free(aad);
5764+ if (ct)
5765+ OPENSSL_free(ct);
5766+ if (pt)
5767+ OPENSSL_free(pt);
5768+ if (key)
5769+ OPENSSL_free(key);
5770+ if (tag)
5771+ OPENSSL_free(tag);
5772+ iv = aad = ct = pt = key = tag = NULL;
5773+ }
5774+ if (!encrypt && tag)
5775+ {
5776+ FIPS_cipherinit(&ctx, gcm, NULL, NULL, 0);
5777+ /* Relax FIPS constraints for testing */
5778+ M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
5779+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
5780+ FIPS_cipherinit(&ctx, NULL, key, iv, 0);
5781+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag);
5782+ if (aadlen)
5783+ FIPS_cipher(&ctx, NULL, aad, aadlen);
5784+ if (ptlen)
5785+ {
5786+ pt = OPENSSL_malloc(ptlen);
5787+ rv = FIPS_cipher(&ctx, pt, ct, ptlen);
5788+ }
5789+ rv = FIPS_cipher(&ctx, NULL, NULL, 0);
5790+ if (rv < 0)
5791+ fprintf(out, "FAIL" RESP_EOL);
5792+ else
5793+ OutputValue("PT", pt, ptlen, out, 0);
5794+ if (iv)
5795+ OPENSSL_free(iv);
5796+ if (aad)
5797+ OPENSSL_free(aad);
5798+ if (ct)
5799+ OPENSSL_free(ct);
5800+ if (pt)
5801+ OPENSSL_free(pt);
5802+ if (key)
5803+ OPENSSL_free(key);
5804+ if (tag)
5805+ OPENSSL_free(tag);
5806+ iv = aad = ct = pt = key = tag = NULL;
5807+ }
5808+ }
5809+ FIPS_cipher_ctx_cleanup(&ctx);
5810+ }
5811+
5812+static void xtstest(FILE *in, FILE *out)
5813+ {
5814+ char buf[204800];
5815+ char lbuf[204800];
5816+ char *keyword, *value;
5817+ int inlen = 0;
5818+ int encrypt = 0;
5819+ long l;
5820+ unsigned char *key = NULL, *iv = NULL;
5821+ unsigned char *inbuf = NULL, *outbuf = NULL;
5822+ EVP_CIPHER_CTX ctx;
5823+ const EVP_CIPHER *xts = NULL;
5824+ FIPS_cipher_ctx_init(&ctx);
5825+
5826+ while(fgets(buf,sizeof buf,in) != NULL)
5827+ {
5828+ fputs(buf,out);
5829+ if (buf[0] == '[' && strlen(buf) >= 9)
5830+ {
5831+ if(!strncmp(buf,"[ENCRYPT]", 9))
5832+ encrypt = 1;
5833+ else if(!strncmp(buf,"[DECRYPT]", 9))
5834+ encrypt = 0;
5835+ }
5836+ if (!parse_line(&keyword, &value, lbuf, buf))
5837+ continue;
5838+ else if(!strcmp(keyword,"Key"))
5839+ {
5840+ key = hex2bin_m(value, &l);
5841+ if (l == 32)
5842+ xts = EVP_aes_128_xts();
5843+ else if (l == 64)
5844+ xts = EVP_aes_256_xts();
5845+ else
5846+ {
5847+ fprintf(stderr, "Inconsistent Key length\n");
5848+ exit(1);
5849+ }
5850+ }
5851+ else if(!strcmp(keyword,"i"))
5852+ {
5853+ iv = hex2bin_m(value, &l);
5854+ if (l != 16)
5855+ {
5856+ fprintf(stderr, "Inconsistent i length\n");
5857+ exit(1);
5858+ }
5859+ }
5860+ else if(encrypt && !strcmp(keyword,"PT"))
5861+ {
5862+ inbuf = hex2bin_m(value, &l);
5863+ inlen = l;
5864+ }
5865+ else if(!encrypt && !strcmp(keyword,"CT"))
5866+ {
5867+ inbuf = hex2bin_m(value, &l);
5868+ inlen = l;
5869+ }
5870+ if (inbuf)
5871+ {
5872+ FIPS_cipherinit(&ctx, xts, key, iv, encrypt);
5873+ outbuf = OPENSSL_malloc(inlen);
5874+ FIPS_cipher(&ctx, outbuf, inbuf, inlen);
5875+ OutputValue(encrypt ? "CT":"PT", outbuf, inlen, out, 0);
5876+ OPENSSL_free(inbuf);
5877+ OPENSSL_free(outbuf);
5878+ OPENSSL_free(key);
5879+ OPENSSL_free(iv);
5880+ iv = key = inbuf = outbuf = NULL;
5881+ }
5882+ }
5883+ FIPS_cipher_ctx_cleanup(&ctx);
5884+ }
5885+
5886+static void ccmtest(FILE *in, FILE *out)
5887+ {
5888+ char buf[200048];
5889+ char lbuf[200048];
5890+ char *keyword, *value;
5891+ long l;
5892+ unsigned char *Key = NULL, *Nonce = NULL;
5893+ unsigned char *Adata = NULL, *Payload = NULL;
5894+ unsigned char *CT = NULL;
5895+ int Plen = -1, Nlen = -1, Tlen = -1, Alen = -1;
5896+ int decr = 0;
5897+ EVP_CIPHER_CTX ctx;
5898+ const EVP_CIPHER *ccm = NULL;
5899+ FIPS_cipher_ctx_init(&ctx);
5900+
5901+ while(fgets(buf,sizeof buf,in) != NULL)
5902+ {
5903+ char *p;
5904+ fputs(buf,out);
5905+ redo:
5906+ if (!parse_line(&keyword, &value, lbuf, buf))
5907+ continue;
5908+
5909+ /* If surrounded by square brackets zap them */
5910+ if (keyword[0] == '[')
5911+ {
5912+ keyword++;
5913+ p = strchr(value, ']');
5914+ if (p)
5915+ *p = 0;
5916+ }
5917+ /* See if we have a comma separated list of parameters
5918+ * if so copy rest of line back to buffer and redo later.
5919+ */
5920+ p = strchr(value, ',');
5921+ if (p)
5922+ {
5923+ *p = 0;
5924+ strcpy(buf, p + 1);
5925+ strcat(buf, "\n");
5926+ decr = 1;
5927+ }
5928+ if (!strcmp(keyword,"Plen"))
5929+ Plen = atoi(value);
5930+ else if (!strcmp(keyword,"Nlen"))
5931+ Nlen = atoi(value);
5932+ else if (!strcmp(keyword,"Tlen"))
5933+ Tlen = atoi(value);
5934+ else if (!strcmp(keyword,"Alen"))
5935+ Alen = atoi(value);
5936+ if (p)
5937+ goto redo;
5938+ if (!strcmp(keyword,"Key"))
5939+ {
5940+ if (Key)
5941+ OPENSSL_free(Key);
5942+ Key = hex2bin_m(value, &l);
5943+ if (l == 16)
5944+ ccm = EVP_aes_128_ccm();
5945+ else if (l == 24)
5946+ ccm = EVP_aes_192_ccm();
5947+ else if (l == 32)
5948+ ccm = EVP_aes_256_ccm();
5949+ else
5950+ {
5951+ fprintf(stderr, "Inconsistent Key length\n");
5952+ exit(1);
5953+ }
5954+ }
5955+ else if (!strcmp(keyword,"Nonce"))
5956+ {
5957+ if (Nonce)
5958+ OPENSSL_free(Nonce);
5959+ Nonce = hex2bin_m(value, &l);
5960+ if (l != Nlen)
5961+ {
5962+ fprintf(stderr, "Inconsistent nonce length\n");
5963+ exit(1);
5964+ }
5965+ }
5966+ else if (!strcmp(keyword,"Payload") && !decr)
5967+ {
5968+ Payload = hex2bin_m(value, &l);
5969+ if (Plen && l != Plen)
5970+ {
5971+ fprintf(stderr, "Inconsistent Payload length\n");
5972+ exit(1);
5973+ }
5974+ }
5975+ else if (!strcmp(keyword,"Adata"))
5976+ {
5977+ if (Adata)
5978+ OPENSSL_free(Adata);
5979+ Adata = hex2bin_m(value, &l);
5980+ if (Alen && l != Alen)
5981+ {
5982+ fprintf(stderr, "Inconsistent Payload length\n");
5983+ exit(1);
5984+ }
5985+ }
5986+ else if (!strcmp(keyword,"CT") && decr)
5987+ {
5988+ CT = hex2bin_m(value, &l);
5989+ if (l != (Plen + Tlen))
5990+ {
5991+ fprintf(stderr, "Inconsistent CT length\n");
5992+ exit(1);
5993+ }
5994+ }
5995+ if (Payload)
5996+ {
5997+ FIPS_cipherinit(&ctx, ccm, NULL, NULL, 1);
5998+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
5999+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, Tlen, 0);
6000+ FIPS_cipherinit(&ctx, NULL, Key, Nonce, 1);
6001+
6002+ FIPS_cipher(&ctx, NULL, NULL, Plen);
6003+ FIPS_cipher(&ctx, NULL, Adata, Alen);
6004+ CT = OPENSSL_malloc(Plen + Tlen);
6005+ FIPS_cipher(&ctx, CT, Payload, Plen);
6006+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, Tlen,
6007+ CT + Plen);
6008+ OutputValue("CT", CT, Plen + Tlen, out, 0);
6009+ OPENSSL_free(CT);
6010+ OPENSSL_free(Payload);
6011+ CT = Payload = NULL;
6012+ }
6013+ if (CT)
6014+ {
6015+ int rv;
6016+ int len = Plen == 0 ? 1: Plen;
6017+ FIPS_cipherinit(&ctx, ccm, NULL, NULL, 0);
6018+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
6019+ FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
6020+ Tlen, CT + Plen);
6021+ FIPS_cipherinit(&ctx, NULL, Key, Nonce, 0);
6022+ FIPS_cipher(&ctx, NULL, NULL, Plen);
6023+ FIPS_cipher(&ctx, NULL, Adata, Alen);
6024+ Payload = OPENSSL_malloc(len);
6025+ rv = FIPS_cipher(&ctx, Payload, CT, Plen);
6026+ if (rv >= 0)
6027+ {
6028+ if (rv == 0)
6029+ Payload[0] = 0;
6030+ fputs("Result = Pass" RESP_EOL, out);
6031+ OutputValue("Payload", Payload, len, out, 0);
6032+ }
6033+ else
6034+ fputs("Result = Fail" RESP_EOL, out);
6035+ OPENSSL_free(CT);
6036+ OPENSSL_free(Payload);
6037+ CT = Payload = NULL;
6038+ }
6039+ }
6040+ if (Key)
6041+ OPENSSL_free(Key);
6042+ if (Nonce)
6043+ OPENSSL_free(Nonce);
6044+ if (Adata)
6045+ OPENSSL_free(Adata);
6046+ FIPS_cipher_ctx_cleanup(&ctx);
6047+ }
6048+
6049+#ifdef FIPS_ALGVS
6050+int fips_gcmtest_main(int argc, char **argv)
6051+#else
6052+int main(int argc, char **argv)
6053+#endif
6054+ {
6055+ int encrypt;
6056+ int xts = 0, ccm = 0;
6057+ FILE *in, *out;
6058+ if (argc == 4)
6059+ {
6060+ in = fopen(argv[2], "r");
6061+ if (!in)
6062+ {
6063+ fprintf(stderr, "Error opening input file\n");
6064+ exit(1);
6065+ }
6066+ out = fopen(argv[3], "w");
6067+ if (!out)
6068+ {
6069+ fprintf(stderr, "Error opening output file\n");
6070+ exit(1);
6071+ }
6072+ }
6073+ else if (argc == 2)
6074+ {
6075+ in = stdin;
6076+ out = stdout;
6077+ }
6078+ else
6079+ {
6080+ fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]);
6081+ exit(1);
6082+ }
6083+ fips_algtest_init();
6084+ if(!strcmp(argv[1],"-encrypt"))
6085+ encrypt = 1;
6086+ else if(!strcmp(argv[1],"-encryptIVext"))
6087+ encrypt = 2;
6088+ else if(!strcmp(argv[1],"-decrypt"))
6089+ encrypt = 0;
6090+ else if(!strcmp(argv[1],"-ccm"))
6091+ ccm = 1;
6092+ else if(!strcmp(argv[1],"-xts"))
6093+ xts = 1;
6094+ else
6095+ {
6096+ fprintf(stderr,"Don't know how to %s.\n",argv[1]);
6097+ exit(1);
6098+ }
6099+
6100+ if (ccm)
6101+ ccmtest(in, out);
6102+ else if (xts)
6103+ xtstest(in, out);
6104+ else
6105+ gcmtest(in, out, encrypt);
6106+
6107+ if (argc == 4)
6108+ {
6109+ fclose(in);
6110+ fclose(out);
6111+ }
6112+
6113+ return 0;
6114+}
6115+
6116+#endif
37d333a7
MT		 6117diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c
6118--- openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c.fips 2013-02-19 12:47:33.734118772 +0100
6119+++ openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c 2013-02-19 12:47:33.734118772 +0100
0595faf5
MT		 6120@@ -0,0 +1,230 @@
6121+/*
6122+ * Crude test driver for processing the VST and MCT testvector files
6123+ * generated by the CMVP RNGVS product.
6124+ *
6125+ * Note the input files are assumed to have a _very_ specific format
6126+ * as described in the NIST document "The Random Number Generator
6127+ * Validation System (RNGVS)", May 25, 2004.
6128+ *
6129+ */
6130+#include <openssl/opensslconf.h>
6131+
6132+#ifndef OPENSSL_FIPS
6133+#include <stdio.h>
6134+
6135+int main(int argc, char **argv)
6136+{
6137+ printf("No FIPS RNG support\n");
6138+ return 0;
6139+}
6140+#else
6141+
6142+#include <openssl/bn.h>
6143+#include <openssl/dsa.h>
6144+#include <openssl/fips.h>
6145+#include <openssl/err.h>
6146+#include <openssl/rand.h>
6147+#include <openssl/fips_rand.h>
6148+#include <openssl/x509v3.h>
6149+#include <string.h>
6150+#include <ctype.h>
6151+
6152+#include "fips_utl.h"
6153+
6154+void vst()
6155+ {
6156+ unsigned char *key = NULL;
6157+ unsigned char *v = NULL;
6158+ unsigned char *dt = NULL;
6159+ unsigned char ret[16];
6160+ char buf[1024];
6161+ char lbuf[1024];
6162+ char *keyword, *value;
6163+ long i, keylen;
6164+
6165+ keylen = 0;
6166+
6167+ while(fgets(buf,sizeof buf,stdin) != NULL)
6168+ {
6169+ fputs(buf,stdout);
6170+ if(!strncmp(buf,"[AES 128-Key]", 13))
6171+ keylen = 16;
6172+ else if(!strncmp(buf,"[AES 192-Key]", 13))
6173+ keylen = 24;
6174+ else if(!strncmp(buf,"[AES 256-Key]", 13))
6175+ keylen = 32;
6176+ if (!parse_line(&keyword, &value, lbuf, buf))
6177+ continue;
6178+ if(!strcmp(keyword,"Key"))
6179+ {
6180+ key=hex2bin_m(value,&i);
6181+ if (i != keylen)
6182+ {
6183+ fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
6184+ return;
6185+ }
6186+ }
6187+ else if(!strcmp(keyword,"DT"))
6188+ {
6189+ dt=hex2bin_m(value,&i);
6190+ if (i != 16)
6191+ {
6192+ fprintf(stderr, "Invalid DT length\n");
6193+ return;
6194+ }
6195+ }
6196+ else if(!strcmp(keyword,"V"))
6197+ {
6198+ v=hex2bin_m(value,&i);
6199+ if (i != 16)
6200+ {
6201+ fprintf(stderr, "Invalid V length\n");
6202+ return;
6203+ }
6204+
6205+ if (!key || !dt)
6206+ {
6207+ fprintf(stderr, "Missing key or DT\n");
6208+ return;
6209+ }
6210+
6211+ FIPS_x931_set_key(key, keylen);
6212+ FIPS_x931_seed(v,16);
6213+ FIPS_x931_set_dt(dt);
6214+ if (FIPS_x931_bytes(ret,16) <= 0)
6215+ {
6216+ fprintf(stderr, "Error getting PRNG value\n");
6217+ return;
6218+ }
6219+
6220+ pv("R",ret,16);
6221+ OPENSSL_free(key);
6222+ key = NULL;
6223+ OPENSSL_free(dt);
6224+ dt = NULL;
6225+ OPENSSL_free(v);
6226+ v = NULL;
6227+ }
6228+ }
6229+ }
6230+
6231+void mct()
6232+ {
6233+ unsigned char *key = NULL;
6234+ unsigned char *v = NULL;
6235+ unsigned char *dt = NULL;
6236+ unsigned char ret[16];
6237+ char buf[1024];
6238+ char lbuf[1024];
6239+ char *keyword, *value;
6240+ long i, keylen;
6241+ int j;
6242+
6243+ keylen = 0;
6244+
6245+ while(fgets(buf,sizeof buf,stdin) != NULL)
6246+ {
6247+ fputs(buf,stdout);
6248+ if(!strncmp(buf,"[AES 128-Key]", 13))
6249+ keylen = 16;
6250+ else if(!strncmp(buf,"[AES 192-Key]", 13))
6251+ keylen = 24;
6252+ else if(!strncmp(buf,"[AES 256-Key]", 13))
6253+ keylen = 32;
6254+ if (!parse_line(&keyword, &value, lbuf, buf))
6255+ continue;
6256+ if(!strcmp(keyword,"Key"))
6257+ {
6258+ key=hex2bin_m(value,&i);
6259+ if (i != keylen)
6260+ {
6261+ fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
6262+ return;
6263+ }
6264+ }
6265+ else if(!strcmp(keyword,"DT"))
6266+ {
6267+ dt=hex2bin_m(value,&i);
6268+ if (i != 16)
6269+ {
6270+ fprintf(stderr, "Invalid DT length\n");
6271+ return;
6272+ }
6273+ }
6274+ else if(!strcmp(keyword,"V"))
6275+ {
6276+ v=hex2bin_m(value,&i);
6277+ if (i != 16)
6278+ {
6279+ fprintf(stderr, "Invalid V length\n");
6280+ return;
6281+ }
6282+
6283+ if (!key || !dt)
6284+ {
6285+ fprintf(stderr, "Missing key or DT\n");
6286+ return;
6287+ }
6288+
6289+ FIPS_x931_set_key(key, keylen);
6290+ FIPS_x931_seed(v,16);
6291+ for (i = 0; i < 10000; i++)
6292+ {
6293+ FIPS_x931_set_dt(dt);
6294+ if (FIPS_x931_bytes(ret,16) <= 0)
6295+ {
6296+ fprintf(stderr, "Error getting PRNG value\n");
6297+ return;
6298+ }
6299+ /* Increment DT */
6300+ for (j = 15; j >= 0; j--)
6301+ {
6302+ dt[j]++;
6303+ if (dt[j])
6304+ break;
6305+ }
6306+ }
6307+
6308+ pv("R",ret,16);
6309+ OPENSSL_free(key);
6310+ key = NULL;
6311+ OPENSSL_free(dt);
6312+ dt = NULL;
6313+ OPENSSL_free(v);
6314+ v = NULL;
6315+ }
6316+ }
6317+ }
6318+
6319+int main(int argc,char **argv)
6320+ {
6321+ if(argc != 2)
6322+ {
6323+ fprintf(stderr,"%s [mct|vst]\n",argv[0]);
6324+ exit(1);
6325+ }
6326+ if(!FIPS_mode_set(1))
6327+ {
6328+ do_print_errors();
6329+ exit(1);
6330+ }
6331+ FIPS_x931_reset();
6332+ if (!FIPS_x931_test_mode())
6333+ {
6334+ fprintf(stderr, "Error setting PRNG test mode\n");
6335+ do_print_errors();
6336+ exit(1);
6337+ }
6338+ if(!strcmp(argv[1],"mct"))
6339+ mct();
6340+ else if(!strcmp(argv[1],"vst"))
6341+ vst();
6342+ else
6343+ {
6344+ fprintf(stderr,"Don't know how to %s.\n",argv[1]);
6345+ exit(1);
6346+ }
6347+
6348+ return 0;
6349+ }
6350+#endif
37d333a7
MT		 6351diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c
6352--- openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c.fips 2013-02-19 12:47:33.734118772 +0100
6353+++ openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c 2013-02-19 12:47:33.734118772 +0100
0595faf5
MT		 6354@@ -0,0 +1,390 @@
6355+/* fips_rsagtest.c */
6356+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
6357+ * project 2005.
6358+ */
6359+/* ====================================================================
6360+ * Copyright (c) 2005,2007 The OpenSSL Project. All rights reserved.
6361+ *
6362+ * Redistribution and use in source and binary forms, with or without
6363+ * modification, are permitted provided that the following conditions
6364+ * are met:
6365+ *
6366+ * 1. Redistributions of source code must retain the above copyright
6367+ * notice, this list of conditions and the following disclaimer.
6368+ *
6369+ * 2. Redistributions in binary form must reproduce the above copyright
6370+ * notice, this list of conditions and the following disclaimer in
6371+ * the documentation and/or other materials provided with the
6372+ * distribution.
6373+ *
6374+ * 3. All advertising materials mentioning features or use of this
6375+ * software must display the following acknowledgment:
6376+ * "This product includes software developed by the OpenSSL Project
6377+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
6378+ *
6379+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
6380+ * endorse or promote products derived from this software without
6381+ * prior written permission. For written permission, please contact
6382+ * licensing@OpenSSL.org.
6383+ *
6384+ * 5. Products derived from this software may not be called "OpenSSL"
6385+ * nor may "OpenSSL" appear in their names without prior written
6386+ * permission of the OpenSSL Project.
6387+ *
6388+ * 6. Redistributions of any form whatsoever must retain the following
6389+ * acknowledgment:
6390+ * "This product includes software developed by the OpenSSL Project
6391+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
6392+ *
6393+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
6394+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
6395+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
6396+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
6397+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
6398+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
6399+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
6400+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
6401+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
6402+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
6403+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
6404+ * OF THE POSSIBILITY OF SUCH DAMAGE.
6405+ * ====================================================================
6406+ *
6407+ * This product includes cryptographic software written by Eric Young
6408+ * (eay@cryptsoft.com). This product includes software written by Tim
6409+ * Hudson (tjh@cryptsoft.com).
6410+ *
6411+ */
6412+
6413+#include <stdio.h>
6414+#include <ctype.h>
6415+#include <string.h>
6416+#include <openssl/bio.h>
6417+#include <openssl/evp.h>
6418+#include <openssl/hmac.h>
6419+#include <openssl/err.h>
6420+#include <openssl/rsa.h>
6421+#include <openssl/bn.h>
6422+#include <openssl/x509v3.h>
6423+
6424+#ifndef OPENSSL_FIPS
6425+
6426+int main(int argc, char *argv[])
6427+{
6428+ printf("No FIPS RSA support\n");
6429+ return(0);
6430+}
6431+
6432+#else
6433+
6434+#include "fips_utl.h"
6435+
6436+int rsa_test(FILE *out, FILE *in);
6437+static int rsa_printkey1(FILE *out, RSA *rsa,
6438+ BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
6439+ BIGNUM *e);
6440+static int rsa_printkey2(FILE *out, RSA *rsa,
6441+ BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq);
6442+
6443+int main(int argc, char **argv)
6444+ {
6445+ FILE *in = NULL, *out = NULL;
6446+
6447+ int ret = 1;
6448+
6449+ if(!FIPS_mode_set(1))
6450+ {
6451+ do_print_errors();
6452+ goto end;
6453+ }
6454+
6455+ if (argc == 1)
6456+ in = stdin;
6457+ else
6458+ in = fopen(argv[1], "r");
6459+
6460+ if (argc < 2)
6461+ out = stdout;
6462+ else
6463+ out = fopen(argv[2], "w");
6464+
6465+ if (!in)
6466+ {
6467+ fprintf(stderr, "FATAL input initialization error\n");
6468+ goto end;
6469+ }
6470+
6471+ if (!out)
6472+ {
6473+ fprintf(stderr, "FATAL output initialization error\n");
6474+ goto end;
6475+ }
6476+
6477+ if (!rsa_test(out, in))
6478+ {
6479+ fprintf(stderr, "FATAL RSAGTEST file processing error\n");
6480+ goto end;
6481+ }
6482+ else
6483+ ret = 0;
6484+
6485+ end:
6486+
6487+ if (ret)
6488+ do_print_errors();
6489+
6490+ if (in && (in != stdin))
6491+ fclose(in);
6492+ if (out && (out != stdout))
6493+ fclose(out);
6494+
6495+ return ret;
6496+
6497+ }
6498+
6499+#define RSA_TEST_MAXLINELEN 10240
6500+
6501+int rsa_test(FILE *out, FILE *in)
6502+ {
6503+ char *linebuf, *olinebuf, *p, *q;
6504+ char *keyword, *value;
6505+ RSA *rsa = NULL;
6506+ BIGNUM *Xp1 = NULL, *Xp2 = NULL, *Xp = NULL;
6507+ BIGNUM *Xq1 = NULL, *Xq2 = NULL, *Xq = NULL;
6508+ BIGNUM *e = NULL;
6509+ int ret = 0;
6510+ int lnum = 0;
6511+
6512+ olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
6513+ linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
6514+
6515+ if (!linebuf || !olinebuf)
6516+ goto error;
6517+
6518+ while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
6519+ {
6520+ lnum++;
6521+ strcpy(linebuf, olinebuf);
6522+ keyword = linebuf;
6523+ /* Skip leading space */
6524+ while (isspace((unsigned char)*keyword))
6525+ keyword++;
6526+
6527+ /* Look for = sign */
6528+ p = strchr(linebuf, '=');
6529+
6530+ /* If no = or starts with [ (for [foo = bar] line) just copy */
6531+ if (!p || *keyword=='[')
6532+ {
6533+ if (fputs(olinebuf, out) < 0)
6534+ goto error;
6535+ continue;
6536+ }
6537+
6538+ q = p - 1;
6539+
6540+ /* Remove trailing space */
6541+ while (isspace((unsigned char)*q))
6542+ *q-- = 0;
6543+
6544+ *p = 0;
6545+ value = p + 1;
6546+
6547+ /* Remove leading space from value */
6548+ while (isspace((unsigned char)*value))
6549+ value++;
6550+
6551+ /* Remove trailing space from value */
6552+ p = value + strlen(value) - 1;
6553+
6554+ while (*p == '\n' || isspace((unsigned char)*p))
6555+ *p-- = 0;
6556+
6557+ if (!strcmp(keyword, "xp1"))
6558+ {
6559+ if (Xp1 || !do_hex2bn(&Xp1,value))
6560+ goto parse_error;
6561+ }
6562+ else if (!strcmp(keyword, "xp2"))
6563+ {
6564+ if (Xp2 || !do_hex2bn(&Xp2,value))
6565+ goto parse_error;
6566+ }
6567+ else if (!strcmp(keyword, "Xp"))
6568+ {
6569+ if (Xp || !do_hex2bn(&Xp,value))
6570+ goto parse_error;
6571+ }
6572+ else if (!strcmp(keyword, "xq1"))
6573+ {
6574+ if (Xq1 || !do_hex2bn(&Xq1,value))
6575+ goto parse_error;
6576+ }
6577+ else if (!strcmp(keyword, "xq2"))
6578+ {
6579+ if (Xq2 || !do_hex2bn(&Xq2,value))
6580+ goto parse_error;
6581+ }
6582+ else if (!strcmp(keyword, "Xq"))
6583+ {
6584+ if (Xq || !do_hex2bn(&Xq,value))
6585+ goto parse_error;
6586+ }
6587+ else if (!strcmp(keyword, "e"))
6588+ {
6589+ if (e || !do_hex2bn(&e,value))
6590+ goto parse_error;
6591+ }
6592+ else if (!strcmp(keyword, "p1"))
6593+ continue;
6594+ else if (!strcmp(keyword, "p2"))
6595+ continue;
6596+ else if (!strcmp(keyword, "p"))
6597+ continue;
6598+ else if (!strcmp(keyword, "q1"))
6599+ continue;
6600+ else if (!strcmp(keyword, "q2"))
6601+ continue;
6602+ else if (!strcmp(keyword, "q"))
6603+ continue;
6604+ else if (!strcmp(keyword, "n"))
6605+ continue;
6606+ else if (!strcmp(keyword, "d"))
6607+ continue;
6608+ else
6609+ goto parse_error;
6610+
6611+ fputs(olinebuf, out);
6612+
6613+ if (e && Xp1 && Xp2 && Xp)
6614+ {
6615+ rsa = FIPS_rsa_new();
6616+ if (!rsa)
6617+ goto error;
6618+ if (!rsa_printkey1(out, rsa, Xp1, Xp2, Xp, e))
6619+ goto error;
6620+ BN_free(Xp1);
6621+ Xp1 = NULL;
6622+ BN_free(Xp2);
6623+ Xp2 = NULL;
6624+ BN_free(Xp);
6625+ Xp = NULL;
6626+ BN_free(e);
6627+ e = NULL;
6628+ }
6629+
6630+ if (rsa && Xq1 && Xq2 && Xq)
6631+ {
6632+ if (!rsa_printkey2(out, rsa, Xq1, Xq2, Xq))
6633+ goto error;
6634+ BN_free(Xq1);
6635+ Xq1 = NULL;
6636+ BN_free(Xq2);
6637+ Xq2 = NULL;
6638+ BN_free(Xq);
6639+ Xq = NULL;
6640+ FIPS_rsa_free(rsa);
6641+ rsa = NULL;
6642+ }
6643+ }
6644+
6645+ ret = 1;
6646+
6647+ error:
6648+
6649+ if (olinebuf)
6650+ OPENSSL_free(olinebuf);
6651+ if (linebuf)
6652+ OPENSSL_free(linebuf);
6653+
6654+ if (Xp1)
6655+ BN_free(Xp1);
6656+ if (Xp2)
6657+ BN_free(Xp2);
6658+ if (Xp)
6659+ BN_free(Xp);
6660+ if (Xq1)
6661+ BN_free(Xq1);
6662+ if (Xq1)
6663+ BN_free(Xq1);
6664+ if (Xq2)
6665+ BN_free(Xq2);
6666+ if (Xq)
6667+ BN_free(Xq);
6668+ if (e)
6669+ BN_free(e);
6670+ if (rsa)
6671+ FIPS_rsa_free(rsa);
6672+
6673+ return ret;
6674+
6675+ parse_error:
6676+
6677+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
6678+
6679+ goto error;
6680+
6681+ }
6682+
6683+static int rsa_printkey1(FILE *out, RSA *rsa,
6684+ BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
6685+ BIGNUM *e)
6686+ {
6687+ int ret = 0;
6688+ BIGNUM *p1 = NULL, *p2 = NULL;
6689+ p1 = BN_new();
6690+ p2 = BN_new();
6691+ if (!p1 || !p2)
6692+ goto error;
6693+
6694+ if (!RSA_X931_derive_ex(rsa, p1, p2, NULL, NULL, Xp1, Xp2, Xp,
6695+ NULL, NULL, NULL, e, NULL))
6696+ goto error;
6697+
6698+ do_bn_print_name(out, "p1", p1);
6699+ do_bn_print_name(out, "p2", p2);
6700+ do_bn_print_name(out, "p", rsa->p);
6701+
6702+ ret = 1;
6703+
6704+ error:
6705+ if (p1)
6706+ BN_free(p1);
6707+ if (p2)
6708+ BN_free(p2);
6709+
6710+ return ret;
6711+ }
6712+
6713+static int rsa_printkey2(FILE *out, RSA *rsa,
6714+ BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq)
6715+ {
6716+ int ret = 0;
6717+ BIGNUM *q1 = NULL, *q2 = NULL;
6718+ q1 = BN_new();
6719+ q2 = BN_new();
6720+ if (!q1 || !q2)
6721+ goto error;
6722+
6723+ if (!RSA_X931_derive_ex(rsa, NULL, NULL, q1, q2, NULL, NULL, NULL,
6724+ Xq1, Xq2, Xq, NULL, NULL))
6725+ goto error;
6726+
6727+ do_bn_print_name(out, "q1", q1);
6728+ do_bn_print_name(out, "q2", q2);
6729+ do_bn_print_name(out, "q", rsa->q);
6730+ do_bn_print_name(out, "n", rsa->n);
6731+ do_bn_print_name(out, "d", rsa->d);
6732+
6733+ ret = 1;
6734+
6735+ error:
6736+ if (q1)
6737+ BN_free(q1);
6738+ if (q2)
6739+ BN_free(q2);
6740+
6741+ return ret;
6742+ }
6743+
6744+#endif
37d333a7
MT		 6745diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c
6746--- openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c.fips 2013-02-19 12:47:33.734118772 +0100
6747+++ openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c 2013-02-19 12:47:33.734118772 +0100
0595faf5
MT		 6748@@ -0,0 +1,370 @@
6749+/* fips_rsastest.c */
6750+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
6751+ * project 2005.
6752+ */
6753+/* ====================================================================
6754+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
6755+ *
6756+ * Redistribution and use in source and binary forms, with or without
6757+ * modification, are permitted provided that the following conditions
6758+ * are met:
6759+ *
6760+ * 1. Redistributions of source code must retain the above copyright
6761+ * notice, this list of conditions and the following disclaimer.
6762+ *
6763+ * 2. Redistributions in binary form must reproduce the above copyright
6764+ * notice, this list of conditions and the following disclaimer in
6765+ * the documentation and/or other materials provided with the
6766+ * distribution.
6767+ *
6768+ * 3. All advertising materials mentioning features or use of this
6769+ * software must display the following acknowledgment:
6770+ * "This product includes software developed by the OpenSSL Project
6771+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
6772+ *
6773+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
6774+ * endorse or promote products derived from this software without
6775+ * prior written permission. For written permission, please contact
6776+ * licensing@OpenSSL.org.
6777+ *
6778+ * 5. Products derived from this software may not be called "OpenSSL"
6779+ * nor may "OpenSSL" appear in their names without prior written
6780+ * permission of the OpenSSL Project.
6781+ *
6782+ * 6. Redistributions of any form whatsoever must retain the following
6783+ * acknowledgment:
6784+ * "This product includes software developed by the OpenSSL Project
6785+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
6786+ *
6787+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
6788+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
6789+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
6790+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
6791+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
6792+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
6793+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
6794+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
6795+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
6796+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
6797+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
6798+ * OF THE POSSIBILITY OF SUCH DAMAGE.
6799+ * ====================================================================
6800+ *
6801+ * This product includes cryptographic software written by Eric Young
6802+ * (eay@cryptsoft.com). This product includes software written by Tim
6803+ * Hudson (tjh@cryptsoft.com).
6804+ *
6805+ */
6806+
6807+#include <stdio.h>
6808+#include <ctype.h>
6809+#include <string.h>
6810+#include <openssl/bio.h>
6811+#include <openssl/evp.h>
6812+#include <openssl/hmac.h>
6813+#include <openssl/err.h>
6814+#include <openssl/rsa.h>
6815+#include <openssl/bn.h>
6816+#include <openssl/x509v3.h>
6817+
6818+#ifndef OPENSSL_FIPS
6819+
6820+int main(int argc, char *argv[])
6821+{
6822+ printf("No FIPS RSA support\n");
6823+ return(0);
6824+}
6825+
6826+#else
6827+
6828+#include "fips_utl.h"
6829+
6830+static int rsa_stest(FILE *out, FILE *in, int Saltlen);
6831+static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
6832+ unsigned char *Msg, long Msglen, int Saltlen);
6833+
6834+int main(int argc, char **argv)
6835+ {
6836+ FILE *in = NULL, *out = NULL;
6837+
6838+ int ret = 1, Saltlen = -1;
6839+
6840+ if(!FIPS_mode_set(1))
6841+ {
6842+ do_print_errors();
6843+ goto end;
6844+ }
6845+
6846+ if ((argc > 2) && !strcmp("-saltlen", argv[1]))
6847+ {
6848+ Saltlen = atoi(argv[2]);
6849+ if (Saltlen < 0)
6850+ {
6851+ fprintf(stderr, "FATAL: Invalid salt length\n");
6852+ goto end;
6853+ }
6854+ argc -= 2;
6855+ argv += 2;
6856+ }
6857+ else if ((argc > 1) && !strcmp("-x931", argv[1]))
6858+ {
6859+ Saltlen = -2;
6860+ argc--;
6861+ argv++;
6862+ }
6863+
6864+ if (argc == 1)
6865+ in = stdin;
6866+ else
6867+ in = fopen(argv[1], "r");
6868+
6869+ if (argc < 2)
6870+ out = stdout;
6871+ else
6872+ out = fopen(argv[2], "w");
6873+
6874+ if (!in)
6875+ {
6876+ fprintf(stderr, "FATAL input initialization error\n");
6877+ goto end;
6878+ }
6879+
6880+ if (!out)
6881+ {
6882+ fprintf(stderr, "FATAL output initialization error\n");
6883+ goto end;
6884+ }
6885+
6886+ if (!rsa_stest(out, in, Saltlen))
6887+ {
6888+ fprintf(stderr, "FATAL RSASTEST file processing error\n");
6889+ goto end;
6890+ }
6891+ else
6892+ ret = 0;
6893+
6894+ end:
6895+
6896+ if (ret)
6897+ do_print_errors();
6898+
6899+ if (in && (in != stdin))
6900+ fclose(in);
6901+ if (out && (out != stdout))
6902+ fclose(out);
6903+
6904+ return ret;
6905+
6906+ }
6907+
6908+#define RSA_TEST_MAXLINELEN 10240
6909+
6910+int rsa_stest(FILE *out, FILE *in, int Saltlen)
6911+ {
6912+ char *linebuf, *olinebuf, *p, *q;
6913+ char *keyword, *value;
6914+ RSA *rsa = NULL;
6915+ const EVP_MD *dgst = NULL;
6916+ unsigned char *Msg = NULL;
6917+ long Msglen = -1;
6918+ int keylen = -1, current_keylen = -1;
6919+ int ret = 0;
6920+ int lnum = 0;
6921+
6922+ olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
6923+ linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
6924+
6925+ if (!linebuf || !olinebuf)
6926+ goto error;
6927+
6928+ while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
6929+ {
6930+ lnum++;
6931+ strcpy(linebuf, olinebuf);
6932+ keyword = linebuf;
6933+ /* Skip leading space */
6934+ while (isspace((unsigned char)*keyword))
6935+ keyword++;
6936+
6937+ /* Look for = sign */
6938+ p = strchr(linebuf, '=');
6939+
6940+ /* If no = just copy */
6941+ if (!p)
6942+ {
6943+ if (fputs(olinebuf, out) < 0)
6944+ goto error;
6945+ continue;
6946+ }
6947+
6948+ q = p - 1;
6949+
6950+ /* Remove trailing space */
6951+ while (isspace((unsigned char)*q))
6952+ *q-- = 0;
6953+
6954+ *p = 0;
6955+ value = p + 1;
6956+
6957+ /* Remove leading space from value */
6958+ while (isspace((unsigned char)*value))
6959+ value++;
6960+
6961+ /* Remove trailing space from value */
6962+ p = value + strlen(value) - 1;
6963+
6964+ while (*p == '\n' || isspace((unsigned char)*p))
6965+ *p-- = 0;
6966+
6967+ /* Look for [mod = XXX] for key length */
6968+
6969+ if (!strcmp(keyword, "[mod"))
6970+ {
6971+ p = value + strlen(value) - 1;
6972+ if (*p != ']')
6973+ goto parse_error;
6974+ *p = 0;
6975+ keylen = atoi(value);
6976+ if (keylen < 0)
6977+ goto parse_error;
6978+ }
6979+ else if (!strcmp(keyword, "SHAAlg"))
6980+ {
6981+ if (!strcmp(value, "SHA1"))
6982+ dgst = EVP_sha1();
6983+ else if (!strcmp(value, "SHA224"))
6984+ dgst = EVP_sha224();
6985+ else if (!strcmp(value, "SHA256"))
6986+ dgst = EVP_sha256();
6987+ else if (!strcmp(value, "SHA384"))
6988+ dgst = EVP_sha384();
6989+ else if (!strcmp(value, "SHA512"))
6990+ dgst = EVP_sha512();
6991+ else
6992+ {
6993+ fprintf(stderr,
6994+ "FATAL: unsupported algorithm \"%s\"\n",
6995+ value);
6996+ goto parse_error;
6997+ }
6998+ }
6999+ else if (!strcmp(keyword, "Msg"))
7000+ {
7001+ if (Msg)
7002+ goto parse_error;
7003+ if (strlen(value) & 1)
7004+ *(--value) = '0';
7005+ Msg = hex2bin_m(value, &Msglen);
7006+ if (!Msg)
7007+ goto parse_error;
7008+ }
7009+
7010+ fputs(olinebuf, out);
7011+
7012+ /* If key length has changed, generate and output public
7013+ * key components of new RSA private key.
7014+ */
7015+
7016+ if (keylen != current_keylen)
7017+ {
7018+ BIGNUM *bn_e;
7019+ if (rsa)
7020+ FIPS_rsa_free(rsa);
7021+ rsa = FIPS_rsa_new();
7022+ if (!rsa)
7023+ goto error;
7024+ bn_e = BN_new();
7025+ if (!bn_e || !BN_set_word(bn_e, 0x1001))
7026+ goto error;
7027+ if (!RSA_X931_generate_key_ex(rsa, keylen, bn_e, NULL))
7028+ goto error;
7029+ BN_free(bn_e);
7030+ fputs("n = ", out);
7031+ do_bn_print(out, rsa->n);
7032+ fputs("\ne = ", out);
7033+ do_bn_print(out, rsa->e);
7034+ fputs("\n", out);
7035+ current_keylen = keylen;
7036+ }
7037+
7038+ if (Msg && dgst)
7039+ {
7040+ if (!rsa_printsig(out, rsa, dgst, Msg, Msglen,
7041+ Saltlen))
7042+ goto error;
7043+ OPENSSL_free(Msg);
7044+ Msg = NULL;
7045+ }
7046+
7047+ }
7048+
7049+ ret = 1;
7050+
7051+ error:
7052+
7053+ if (olinebuf)
7054+ OPENSSL_free(olinebuf);
7055+ if (linebuf)
7056+ OPENSSL_free(linebuf);
7057+ if (rsa)
7058+ FIPS_rsa_free(rsa);
7059+
7060+ return ret;
7061+
7062+ parse_error:
7063+
7064+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
7065+
7066+ goto error;
7067+
7068+ }
7069+
7070+static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
7071+ unsigned char *Msg, long Msglen, int Saltlen)
7072+ {
7073+ int ret = 0;
7074+ unsigned char *sigbuf = NULL;
7075+ int i, siglen;
7076+ /* EVP_PKEY structure */
7077+ EVP_PKEY pk;
7078+ EVP_MD_CTX ctx;
7079+ pk.type = EVP_PKEY_RSA;
7080+ pk.pkey.rsa = rsa;
7081+
7082+ siglen = RSA_size(rsa);
7083+ sigbuf = OPENSSL_malloc(siglen);
7084+ if (!sigbuf)
7085+ goto error;
7086+
7087+ EVP_MD_CTX_init(&ctx);
7088+
7089+ if (Saltlen >= 0)
7090+ {
7091+ M_EVP_MD_CTX_set_flags(&ctx,
7092+ EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16));
7093+ }
7094+ else if (Saltlen == -2)
7095+ M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931);
7096+ if (!EVP_SignInit_ex(&ctx, dgst, NULL))
7097+ goto error;
7098+ if (!EVP_SignUpdate(&ctx, Msg, Msglen))
7099+ goto error;
7100+ if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, &pk))
7101+ goto error;
7102+
7103+ EVP_MD_CTX_cleanup(&ctx);
7104+
7105+ fputs("S = ", out);
7106+
7107+ for (i = 0; i < siglen; i++)
7108+ fprintf(out, "%02X", sigbuf[i]);
7109+
7110+ fputs("\n", out);
7111+
7112+ ret = 1;
7113+
7114+ error:
7115+
7116+ return ret;
7117+ }
7118+#endif
37d333a7
MT		 7119diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c
7120--- openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c.fips 2013-02-19 12:47:33.735118792 +0100
7121+++ openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c 2013-02-19 12:47:33.735118792 +0100
0595faf5
MT		 7122@@ -0,0 +1,377 @@
7123+/* fips_rsavtest.c */
7124+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
7125+ * project 2005.
7126+ */
7127+/* ====================================================================
7128+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
7129+ *
7130+ * Redistribution and use in source and binary forms, with or without
7131+ * modification, are permitted provided that the following conditions
7132+ * are met:
7133+ *
7134+ * 1. Redistributions of source code must retain the above copyright
7135+ * notice, this list of conditions and the following disclaimer.
7136+ *
7137+ * 2. Redistributions in binary form must reproduce the above copyright
7138+ * notice, this list of conditions and the following disclaimer in
7139+ * the documentation and/or other materials provided with the
7140+ * distribution.
7141+ *
7142+ * 3. All advertising materials mentioning features or use of this
7143+ * software must display the following acknowledgment:
7144+ * "This product includes software developed by the OpenSSL Project
7145+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
7146+ *
7147+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
7148+ * endorse or promote products derived from this software without
7149+ * prior written permission. For written permission, please contact
7150+ * licensing@OpenSSL.org.
7151+ *
7152+ * 5. Products derived from this software may not be called "OpenSSL"
7153+ * nor may "OpenSSL" appear in their names without prior written
7154+ * permission of the OpenSSL Project.
7155+ *
7156+ * 6. Redistributions of any form whatsoever must retain the following
7157+ * acknowledgment:
7158+ * "This product includes software developed by the OpenSSL Project
7159+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
7160+ *
7161+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
7162+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
7163+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
7164+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
7165+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
7166+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
7167+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
7168+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
7169+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
7170+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
7171+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
7172+ * OF THE POSSIBILITY OF SUCH DAMAGE.
7173+ * ====================================================================
7174+ *
7175+ * This product includes cryptographic software written by Eric Young
7176+ * (eay@cryptsoft.com). This product includes software written by Tim
7177+ * Hudson (tjh@cryptsoft.com).
7178+ *
7179+ */
7180+
7181+#include <stdio.h>
7182+#include <ctype.h>
7183+#include <string.h>
7184+#include <openssl/bio.h>
7185+#include <openssl/evp.h>
7186+#include <openssl/hmac.h>
7187+#include <openssl/err.h>
7188+#include <openssl/x509v3.h>
7189+#include <openssl/bn.h>
7190+#include <openssl/rsa.h>
7191+
7192+#ifndef OPENSSL_FIPS
7193+
7194+int main(int argc, char *argv[])
7195+{
7196+ printf("No FIPS RSA support\n");
7197+ return(0);
7198+}
7199+
7200+#else
7201+
7202+#include "fips_utl.h"
7203+
7204+int rsa_test(FILE *out, FILE *in, int saltlen);
7205+static int rsa_printver(FILE *out,
7206+ BIGNUM *n, BIGNUM *e,
7207+ const EVP_MD *dgst,
7208+ unsigned char *Msg, long Msglen,
7209+ unsigned char *S, long Slen, int Saltlen);
7210+
7211+int main(int argc, char **argv)
7212+ {
7213+ FILE *in = NULL, *out = NULL;
7214+
7215+ int ret = 1;
7216+ int Saltlen = -1;
7217+
7218+ if(!FIPS_mode_set(1))
7219+ {
7220+ do_print_errors();
7221+ goto end;
7222+ }
7223+
7224+ if ((argc > 2) && !strcmp("-saltlen", argv[1]))
7225+ {
7226+ Saltlen = atoi(argv[2]);
7227+ if (Saltlen < 0)
7228+ {
7229+ fprintf(stderr, "FATAL: Invalid salt length\n");
7230+ goto end;
7231+ }
7232+ argc -= 2;
7233+ argv += 2;
7234+ }
7235+ else if ((argc > 1) && !strcmp("-x931", argv[1]))
7236+ {
7237+ Saltlen = -2;
7238+ argc--;
7239+ argv++;
7240+ }
7241+
7242+ if (argc == 1)
7243+ in = stdin;
7244+ else
7245+ in = fopen(argv[1], "r");
7246+
7247+ if (argc < 2)
7248+ out = stdout;
7249+ else
7250+ out = fopen(argv[2], "w");
7251+
7252+ if (!in)
7253+ {
7254+ fprintf(stderr, "FATAL input initialization error\n");
7255+ goto end;
7256+ }
7257+
7258+ if (!out)
7259+ {
7260+ fprintf(stderr, "FATAL output initialization error\n");
7261+ goto end;
7262+ }
7263+
7264+ if (!rsa_test(out, in, Saltlen))
7265+ {
7266+ fprintf(stderr, "FATAL RSAVTEST file processing error\n");
7267+ goto end;
7268+ }
7269+ else
7270+ ret = 0;
7271+
7272+ end:
7273+
7274+ if (ret)
7275+ do_print_errors();
7276+
7277+ if (in && (in != stdin))
7278+ fclose(in);
7279+ if (out && (out != stdout))
7280+ fclose(out);
7281+
7282+ return ret;
7283+
7284+ }
7285+
7286+#define RSA_TEST_MAXLINELEN 10240
7287+
7288+int rsa_test(FILE *out, FILE *in, int Saltlen)
7289+ {
7290+ char *linebuf, *olinebuf, *p, *q;
7291+ char *keyword, *value;
7292+ const EVP_MD *dgst = NULL;
7293+ BIGNUM *n = NULL, *e = NULL;
7294+ unsigned char *Msg = NULL, *S = NULL;
7295+ long Msglen, Slen;
7296+ int ret = 0;
7297+ int lnum = 0;
7298+
7299+ olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
7300+ linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
7301+
7302+ if (!linebuf || !olinebuf)
7303+ goto error;
7304+
7305+ while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
7306+ {
7307+ lnum++;
7308+ strcpy(linebuf, olinebuf);
7309+ keyword = linebuf;
7310+ /* Skip leading space */
7311+ while (isspace((unsigned char)*keyword))
7312+ keyword++;
7313+
7314+ /* Look for = sign */
7315+ p = strchr(linebuf, '=');
7316+
7317+ /* If no = or starts with [ (for [foo = bar] line) just copy */
7318+ if (!p || *keyword=='[')
7319+ {
7320+ if (fputs(olinebuf, out) < 0)
7321+ goto error;
7322+ continue;
7323+ }
7324+
7325+ q = p - 1;
7326+
7327+ /* Remove trailing space */
7328+ while (isspace((unsigned char)*q))
7329+ *q-- = 0;
7330+
7331+ *p = 0;
7332+ value = p + 1;
7333+
7334+ /* Remove leading space from value */
7335+ while (isspace((unsigned char)*value))
7336+ value++;
7337+
7338+ /* Remove trailing space from value */
7339+ p = value + strlen(value) - 1;
7340+
7341+ while (*p == '\n' || isspace((unsigned char)*p))
7342+ *p-- = 0;
7343+
7344+ if (!strcmp(keyword, "n"))
7345+ {
7346+ if (!do_hex2bn(&n,value))
7347+ goto parse_error;
7348+ }
7349+ else if (!strcmp(keyword, "e"))
7350+ {
7351+ if (!do_hex2bn(&e,value))
7352+ goto parse_error;
7353+ }
7354+ else if (!strcmp(keyword, "SHAAlg"))
7355+ {
7356+ if (!strcmp(value, "SHA1"))
7357+ dgst = EVP_sha1();
7358+ else if (!strcmp(value, "SHA224"))
7359+ dgst = EVP_sha224();
7360+ else if (!strcmp(value, "SHA256"))
7361+ dgst = EVP_sha256();
7362+ else if (!strcmp(value, "SHA384"))
7363+ dgst = EVP_sha384();
7364+ else if (!strcmp(value, "SHA512"))
7365+ dgst = EVP_sha512();
7366+ else
7367+ {
7368+ fprintf(stderr,
7369+ "FATAL: unsupported algorithm \"%s\"\n",
7370+ value);
7371+ goto parse_error;
7372+ }
7373+ }
7374+ else if (!strcmp(keyword, "Msg"))
7375+ {
7376+ if (Msg)
7377+ goto parse_error;
7378+ if (strlen(value) & 1)
7379+ *(--value) = '0';
7380+ Msg = hex2bin_m(value, &Msglen);
7381+ if (!Msg)
7382+ goto parse_error;
7383+ }
7384+ else if (!strcmp(keyword, "S"))
7385+ {
7386+ if (S)
7387+ goto parse_error;
7388+ if (strlen(value) & 1)
7389+ *(--value) = '0';
7390+ S = hex2bin_m(value, &Slen);
7391+ if (!S)
7392+ goto parse_error;
7393+ }
7394+ else if (!strcmp(keyword, "Result"))
7395+ continue;
7396+ else
7397+ goto parse_error;
7398+
7399+ fputs(olinebuf, out);
7400+
7401+ if (n && e && Msg && S && dgst)
7402+ {
7403+ if (!rsa_printver(out, n, e, dgst,
7404+ Msg, Msglen, S, Slen, Saltlen))
7405+ goto error;
7406+ OPENSSL_free(Msg);
7407+ Msg = NULL;
7408+ OPENSSL_free(S);
7409+ S = NULL;
7410+ }
7411+
7412+ }
7413+
7414+
7415+ ret = 1;
7416+
7417+
7418+ error:
7419+
7420+ if (olinebuf)
7421+ OPENSSL_free(olinebuf);
7422+ if (linebuf)
7423+ OPENSSL_free(linebuf);
7424+ if (n)
7425+ BN_free(n);
7426+ if (e)
7427+ BN_free(e);
7428+
7429+ return ret;
7430+
7431+ parse_error:
7432+
7433+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
7434+
7435+ goto error;
7436+
7437+ }
7438+
7439+static int rsa_printver(FILE *out,
7440+ BIGNUM *n, BIGNUM *e,
7441+ const EVP_MD *dgst,
7442+ unsigned char *Msg, long Msglen,
7443+ unsigned char *S, long Slen, int Saltlen)
7444+ {
7445+ int ret = 0, r;
7446+ /* Setup RSA and EVP_PKEY structures */
7447+ RSA *rsa_pubkey = NULL;
7448+ EVP_PKEY pk;
7449+ EVP_MD_CTX ctx;
7450+ unsigned char *buf = NULL;
7451+ rsa_pubkey = FIPS_rsa_new();
7452+ if (!rsa_pubkey)
7453+ goto error;
7454+ rsa_pubkey->n = BN_dup(n);
7455+ rsa_pubkey->e = BN_dup(e);
7456+ if (!rsa_pubkey->n || !rsa_pubkey->e)
7457+ goto error;
7458+ pk.type = EVP_PKEY_RSA;
7459+ pk.pkey.rsa = rsa_pubkey;
7460+
7461+ EVP_MD_CTX_init(&ctx);
7462+
7463+ if (Saltlen >= 0)
7464+ {
7465+ M_EVP_MD_CTX_set_flags(&ctx,
7466+ EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16));
7467+ }
7468+ else if (Saltlen == -2)
7469+ M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931);
7470+ if (!EVP_VerifyInit_ex(&ctx, dgst, NULL))
7471+ goto error;
7472+ if (!EVP_VerifyUpdate(&ctx, Msg, Msglen))
7473+ goto error;
7474+
7475+ r = EVP_VerifyFinal(&ctx, S, Slen, &pk);
7476+
7477+
7478+ EVP_MD_CTX_cleanup(&ctx);
7479+
7480+ if (r < 0)
7481+ goto error;
7482+ ERR_clear_error();
7483+
7484+ if (r == 0)
7485+ fputs("Result = F\n", out);
7486+ else
7487+ fputs("Result = P\n", out);
7488+
7489+ ret = 1;
7490+
7491+ error:
7492+ if (rsa_pubkey)
7493+ FIPS_rsa_free(rsa_pubkey);
7494+ if (buf)
7495+ OPENSSL_free(buf);
7496+
7497+ return ret;
7498+ }
7499+#endif
37d333a7
MT		 7500diff -up openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c
7501--- openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c.fips 2013-02-19 12:47:33.735118792 +0100
7502+++ openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c 2013-02-19 12:47:33.735118792 +0100
0595faf5
MT		 7503@@ -0,0 +1,388 @@
7504+/* fips_shatest.c */
7505+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
7506+ * project 2005.
7507+ */
7508+/* ====================================================================
7509+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
7510+ *
7511+ * Redistribution and use in source and binary forms, with or without
7512+ * modification, are permitted provided that the following conditions
7513+ * are met:
7514+ *
7515+ * 1. Redistributions of source code must retain the above copyright
7516+ * notice, this list of conditions and the following disclaimer.
7517+ *
7518+ * 2. Redistributions in binary form must reproduce the above copyright
7519+ * notice, this list of conditions and the following disclaimer in
7520+ * the documentation and/or other materials provided with the
7521+ * distribution.
7522+ *
7523+ * 3. All advertising materials mentioning features or use of this
7524+ * software must display the following acknowledgment:
7525+ * "This product includes software developed by the OpenSSL Project
7526+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
7527+ *
7528+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
7529+ * endorse or promote products derived from this software without
7530+ * prior written permission. For written permission, please contact
7531+ * licensing@OpenSSL.org.
7532+ *
7533+ * 5. Products derived from this software may not be called "OpenSSL"
7534+ * nor may "OpenSSL" appear in their names without prior written
7535+ * permission of the OpenSSL Project.
7536+ *
7537+ * 6. Redistributions of any form whatsoever must retain the following
7538+ * acknowledgment:
7539+ * "This product includes software developed by the OpenSSL Project
7540+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
7541+ *
7542+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
7543+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
7544+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
7545+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
7546+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
7547+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
7548+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
7549+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
7550+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
7551+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
7552+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
7553+ * OF THE POSSIBILITY OF SUCH DAMAGE.
7554+ * ====================================================================
7555+ *
7556+ * This product includes cryptographic software written by Eric Young
7557+ * (eay@cryptsoft.com). This product includes software written by Tim
7558+ * Hudson (tjh@cryptsoft.com).
7559+ *
7560+ */
7561+
7562+#include <stdio.h>
7563+#include <ctype.h>
7564+#include <string.h>
7565+#include <openssl/bio.h>
7566+#include <openssl/evp.h>
7567+#include <openssl/err.h>
7568+#include <openssl/bn.h>
7569+#include <openssl/x509v3.h>
7570+
7571+#ifndef OPENSSL_FIPS
7572+
7573+int main(int argc, char *argv[])
7574+{
7575+ printf("No FIPS SHAXXX support\n");
7576+ return(0);
7577+}
7578+
7579+#else
7580+
7581+#include "fips_utl.h"
7582+
7583+static int dgst_test(FILE *out, FILE *in);
7584+static int print_dgst(const EVP_MD *md, FILE *out,
7585+ unsigned char *Msg, int Msglen);
7586+static int print_monte(const EVP_MD *md, FILE *out,
7587+ unsigned char *Seed, int SeedLen);
7588+
7589+int main(int argc, char **argv)
7590+ {
7591+ FILE *in = NULL, *out = NULL;
7592+
7593+ int ret = 1;
7594+
7595+ if(!FIPS_mode_set(1))
7596+ {
7597+ do_print_errors();
7598+ goto end;
7599+ }
7600+
7601+ if (argc == 1)
7602+ in = stdin;
7603+ else
7604+ in = fopen(argv[1], "r");
7605+
7606+ if (argc < 2)
7607+ out = stdout;
7608+ else
7609+ out = fopen(argv[2], "w");
7610+
7611+ if (!in)
7612+ {
7613+ fprintf(stderr, "FATAL input initialization error\n");
7614+ goto end;
7615+ }
7616+
7617+ if (!out)
7618+ {
7619+ fprintf(stderr, "FATAL output initialization error\n");
7620+ goto end;
7621+ }
7622+
7623+ if (!dgst_test(out, in))
7624+ {
7625+ fprintf(stderr, "FATAL digest file processing error\n");
7626+ goto end;
7627+ }
7628+ else
7629+ ret = 0;
7630+
7631+ end:
7632+
7633+ if (ret)
7634+ do_print_errors();
7635+
7636+ if (in && (in != stdin))
7637+ fclose(in);
7638+ if (out && (out != stdout))
7639+ fclose(out);
7640+
7641+ return ret;
7642+
7643+ }
7644+
7645+#define SHA_TEST_MAX_BITS 102400
7646+#define SHA_TEST_MAXLINELEN (((SHA_TEST_MAX_BITS >> 3) * 2) + 100)
7647+
7648+int dgst_test(FILE *out, FILE *in)
7649+ {
7650+ const EVP_MD *md = NULL;
7651+ char *linebuf, *olinebuf, *p, *q;
7652+ char *keyword, *value;
7653+ unsigned char *Msg = NULL, *Seed = NULL;
7654+ long MsgLen = -1, Len = -1, SeedLen = -1;
7655+ int ret = 0;
7656+ int lnum = 0;
7657+
7658+ olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
7659+ linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
7660+
7661+ if (!linebuf || !olinebuf)
7662+ goto error;
7663+
7664+
7665+ while (fgets(olinebuf, SHA_TEST_MAXLINELEN, in))
7666+ {
7667+ lnum++;
7668+ strcpy(linebuf, olinebuf);
7669+ keyword = linebuf;
7670+ /* Skip leading space */
7671+ while (isspace((unsigned char)*keyword))
7672+ keyword++;
7673+
7674+ /* Look for = sign */
7675+ p = strchr(linebuf, '=');
7676+
7677+ /* If no = or starts with [ (for [L=20] line) just copy */
7678+ if (!p)
7679+ {
7680+ fputs(olinebuf, out);
7681+ continue;
7682+ }
7683+
7684+ q = p - 1;
7685+
7686+ /* Remove trailing space */
7687+ while (isspace((unsigned char)*q))
7688+ *q-- = 0;
7689+
7690+ *p = 0;
7691+ value = p + 1;
7692+
7693+ /* Remove leading space from value */
7694+ while (isspace((unsigned char)*value))
7695+ value++;
7696+
7697+ /* Remove trailing space from value */
7698+ p = value + strlen(value) - 1;
7699+ while (*p == '\n' || isspace((unsigned char)*p))
7700+ *p-- = 0;
7701+
7702+ if (!strcmp(keyword,"[L") && *p==']')
7703+ {
7704+ switch (atoi(value))
7705+ {
7706+ case 20: md=EVP_sha1(); break;
7707+ case 28: md=EVP_sha224(); break;
7708+ case 32: md=EVP_sha256(); break;
7709+ case 48: md=EVP_sha384(); break;
7710+ case 64: md=EVP_sha512(); break;
7711+ default: goto parse_error;
7712+ }
7713+ }
7714+ else if (!strcmp(keyword, "Len"))
7715+ {
7716+ if (Len != -1)
7717+ goto parse_error;
7718+ Len = atoi(value);
7719+ if (Len < 0)
7720+ goto parse_error;
7721+ /* Only handle multiples of 8 bits */
7722+ if (Len & 0x7)
7723+ goto parse_error;
7724+ if (Len > SHA_TEST_MAX_BITS)
7725+ goto parse_error;
7726+ MsgLen = Len >> 3;
7727+ }
7728+
7729+ else if (!strcmp(keyword, "Msg"))
7730+ {
7731+ long tmplen;
7732+ if (strlen(value) & 1)
7733+ *(--value) = '0';
7734+ if (Msg)
7735+ goto parse_error;
7736+ Msg = hex2bin_m(value, &tmplen);
7737+ if (!Msg)
7738+ goto parse_error;
7739+ }
7740+ else if (!strcmp(keyword, "Seed"))
7741+ {
7742+ if (strlen(value) & 1)
7743+ *(--value) = '0';
7744+ if (Seed)
7745+ goto parse_error;
7746+ Seed = hex2bin_m(value, &SeedLen);
7747+ if (!Seed)
7748+ goto parse_error;
7749+ }
7750+ else if (!strcmp(keyword, "MD"))
7751+ continue;
7752+ else
7753+ goto parse_error;
7754+
7755+ fputs(olinebuf, out);
7756+
7757+ if (md && Msg && (MsgLen >= 0))
7758+ {
7759+ if (!print_dgst(md, out, Msg, MsgLen))
7760+ goto error;
7761+ OPENSSL_free(Msg);
7762+ Msg = NULL;
7763+ MsgLen = -1;
7764+ Len = -1;
7765+ }
7766+ else if (md && Seed && (SeedLen > 0))
7767+ {
7768+ if (!print_monte(md, out, Seed, SeedLen))
7769+ goto error;
7770+ OPENSSL_free(Seed);
7771+ Seed = NULL;
7772+ SeedLen = -1;
7773+ }
7774+
7775+
7776+ }
7777+
7778+
7779+ ret = 1;
7780+
7781+
7782+ error:
7783+
7784+ if (olinebuf)
7785+ OPENSSL_free(olinebuf);
7786+ if (linebuf)
7787+ OPENSSL_free(linebuf);
7788+ if (Msg)
7789+ OPENSSL_free(Msg);
7790+ if (Seed)
7791+ OPENSSL_free(Seed);
7792+
7793+ return ret;
7794+
7795+ parse_error:
7796+
7797+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
7798+
7799+ goto error;
7800+
7801+ }
7802+
7803+static int print_dgst(const EVP_MD *emd, FILE *out,
7804+ unsigned char *Msg, int Msglen)
7805+ {
7806+ int i, mdlen;
7807+ unsigned char md[EVP_MAX_MD_SIZE];
7808+ if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL))
7809+ {
7810+ fputs("Error calculating HASH\n", stderr);
7811+ return 0;
7812+ }
7813+ fputs("MD = ", out);
7814+ for (i = 0; i < mdlen; i++)
7815+ fprintf(out, "%02x", md[i]);
7816+ fputs("\n", out);
7817+ return 1;
7818+ }
7819+
7820+static int print_monte(const EVP_MD *md, FILE *out,
7821+ unsigned char *Seed, int SeedLen)
7822+ {
7823+ unsigned int i, j, k;
7824+ int ret = 0;
7825+ EVP_MD_CTX ctx;
7826+ unsigned char *m1, *m2, *m3, *p;
7827+ unsigned int mlen, m1len, m2len, m3len;
7828+
7829+ EVP_MD_CTX_init(&ctx);
7830+
7831+ if (SeedLen > EVP_MAX_MD_SIZE)
7832+ mlen = SeedLen;
7833+ else
7834+ mlen = EVP_MAX_MD_SIZE;
7835+
7836+ m1 = OPENSSL_malloc(mlen);
7837+ m2 = OPENSSL_malloc(mlen);
7838+ m3 = OPENSSL_malloc(mlen);
7839+
7840+ if (!m1 || !m2 || !m3)
7841+ goto mc_error;
7842+
7843+ m1len = m2len = m3len = SeedLen;
7844+ memcpy(m1, Seed, SeedLen);
7845+ memcpy(m2, Seed, SeedLen);
7846+ memcpy(m3, Seed, SeedLen);
7847+
7848+ fputs("\n", out);
7849+
7850+ for (j = 0; j < 100; j++)
7851+ {
7852+ for (i = 0; i < 1000; i++)
7853+ {
7854+ EVP_DigestInit_ex(&ctx, md, NULL);
7855+ EVP_DigestUpdate(&ctx, m1, m1len);
7856+ EVP_DigestUpdate(&ctx, m2, m2len);
7857+ EVP_DigestUpdate(&ctx, m3, m3len);
7858+ p = m1;
7859+ m1 = m2;
7860+ m1len = m2len;
7861+ m2 = m3;
7862+ m2len = m3len;
7863+ m3 = p;
7864+ EVP_DigestFinal_ex(&ctx, m3, &m3len);
7865+ }
7866+ fprintf(out, "COUNT = %d\n", j);
7867+ fputs("MD = ", out);
7868+ for (k = 0; k < m3len; k++)
7869+ fprintf(out, "%02x", m3[k]);
7870+ fputs("\n\n", out);
7871+ memcpy(m1, m3, m3len);
7872+ memcpy(m2, m3, m3len);
7873+ m1len = m2len = m3len;
7874+ }
7875+
7876+ ret = 1;
7877+
7878+ mc_error:
7879+ if (m1)
7880+ OPENSSL_free(m1);
7881+ if (m2)
7882+ OPENSSL_free(m2);
7883+ if (m3)
7884+ OPENSSL_free(m3);
7885+
7886+ EVP_MD_CTX_cleanup(&ctx);
7887+
7888+ return ret;
7889+ }
7890+
7891+#endif
37d333a7
MT		 7892diff -up openssl-1.0.1e/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1e/crypto/fips/cavs/fips_utl.h
7893--- openssl-1.0.1e/crypto/fips/cavs/fips_utl.h.fips 2013-02-19 12:47:33.735118792 +0100
7894+++ openssl-1.0.1e/crypto/fips/cavs/fips_utl.h 2013-02-19 12:47:33.735118792 +0100
0595faf5
MT		 7895@@ -0,0 +1,343 @@
7896+/* ====================================================================
7897+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
7898+ *
7899+ * Redistribution and use in source and binary forms, with or without
7900+ * modification, are permitted provided that the following conditions
7901+ * are met:
7902+ *
7903+ * 1. Redistributions of source code must retain the above copyright
7904+ * notice, this list of conditions and the following disclaimer.
7905+ *
7906+ * 2. Redistributions in binary form must reproduce the above copyright
7907+ * notice, this list of conditions and the following disclaimer in
7908+ * the documentation and/or other materials provided with the
7909+ * distribution.
7910+ *
7911+ * 3. All advertising materials mentioning features or use of this
7912+ * software must display the following acknowledgment:
7913+ * "This product includes software developed by the OpenSSL Project
7914+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
7915+ *
7916+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
7917+ * endorse or promote products derived from this software without
7918+ * prior written permission. For written permission, please contact
7919+ * openssl-core@openssl.org.
7920+ *
7921+ * 5. Products derived from this software may not be called "OpenSSL"
7922+ * nor may "OpenSSL" appear in their names without prior written
7923+ * permission of the OpenSSL Project.
7924+ *
7925+ * 6. Redistributions of any form whatsoever must retain the following
7926+ * acknowledgment:
7927+ * "This product includes software developed by the OpenSSL Project
7928+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
7929+ *
7930+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
7931+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
7932+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
7933+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
7934+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
7935+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
7936+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
7937+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
7938+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
7939+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
7940+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
7941+ * OF THE POSSIBILITY OF SUCH DAMAGE.
7942+ *
7943+ */
7944+
7945+void do_print_errors(void)
7946+ {
7947+ const char *file, *data;
7948+ int line, flags;
7949+ unsigned long l;
7950+ while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)))
7951+ {
7952+ fprintf(stderr, "ERROR:%lx:lib=%d,func=%d,reason=%d"
7953+ ":file=%s:line=%d:%s\n",
7954+ l, ERR_GET_LIB(l), ERR_GET_FUNC(l), ERR_GET_REASON(l),
7955+ file, line, flags & ERR_TXT_STRING ? data : "");
7956+ }
7957+ }
7958+
7959+int hex2bin(const char *in, unsigned char *out)
7960+ {
7961+ int n1, n2;
7962+ unsigned char ch;
7963+
7964+ for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
7965+ { /* first byte */
7966+ if ((in[n1] >= '0') && (in[n1] <= '9'))
7967+ ch = in[n1++] - '0';
7968+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
7969+ ch = in[n1++] - 'A' + 10;
7970+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
7971+ ch = in[n1++] - 'a' + 10;
7972+ else
7973+ return -1;
7974+ if(!in[n1])
7975+ {
7976+ out[n2++]=ch;
7977+ break;
7978+ }
7979+ out[n2] = ch << 4;
7980+ /* second byte */
7981+ if ((in[n1] >= '0') && (in[n1] <= '9'))
7982+ ch = in[n1++] - '0';
7983+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
7984+ ch = in[n1++] - 'A' + 10;
7985+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
7986+ ch = in[n1++] - 'a' + 10;
7987+ else
7988+ return -1;
7989+ out[n2++] |= ch;
7990+ }
7991+ return n2;
7992+ }
7993+
7994+unsigned char *hex2bin_m(const char *in, long *plen)
7995+ {
7996+ unsigned char *p;
7997+ p = OPENSSL_malloc((strlen(in) + 1)/2);
7998+ *plen = hex2bin(in, p);
7999+ return p;
8000+ }
8001+
8002+int do_hex2bn(BIGNUM **pr, const char *in)
8003+ {
8004+ unsigned char *p;
8005+ long plen;
8006+ int r = 0;
8007+ p = hex2bin_m(in, &plen);
8008+ if (!p)
8009+ return 0;
8010+ if (!*pr)
8011+ *pr = BN_new();
8012+ if (!*pr)
8013+ return 0;
8014+ if (BN_bin2bn(p, plen, *pr))
8015+ r = 1;
8016+ OPENSSL_free(p);
8017+ return r;
8018+ }
8019+
8020+int do_bn_print(FILE *out, BIGNUM *bn)
8021+ {
8022+ int len, i;
8023+ unsigned char *tmp;
8024+ len = BN_num_bytes(bn);
8025+ if (len == 0)
8026+ {
8027+ fputs("00", out);
8028+ return 1;
8029+ }
8030+
8031+ tmp = OPENSSL_malloc(len);
8032+ if (!tmp)
8033+ {
8034+ fprintf(stderr, "Memory allocation error\n");
8035+ return 0;
8036+ }
8037+ BN_bn2bin(bn, tmp);
8038+ for (i = 0; i < len; i++)
8039+ fprintf(out, "%02x", tmp[i]);
8040+ OPENSSL_free(tmp);
8041+ return 1;
8042+ }
8043+
8044+int do_bn_print_name(FILE *out, const char *name, BIGNUM *bn)
8045+ {
8046+ int r;
8047+ fprintf(out, "%s = ", name);
8048+ r = do_bn_print(out, bn);
8049+ if (!r)
8050+ return 0;
8051+ fputs("\n", out);
8052+ return 1;
8053+ }
8054+
8055+int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf)
8056+ {
8057+ char *keyword, *value, *p, *q;
8058+ strcpy(linebuf, olinebuf);
8059+ keyword = linebuf;
8060+ /* Skip leading space */
8061+ while (isspace((unsigned char)*keyword))
8062+ keyword++;
8063+
8064+ /* Look for = sign */
8065+ p = strchr(linebuf, '=');
8066+
8067+ /* If no '=' exit */
8068+ if (!p)
8069+ return 0;
8070+
8071+ q = p - 1;
8072+
8073+ /* Remove trailing space */
8074+ while (isspace((unsigned char)*q))
8075+ *q-- = 0;
8076+
8077+ *p = 0;
8078+ value = p + 1;
8079+
8080+ /* Remove leading space from value */
8081+ while (isspace((unsigned char)*value))
8082+ value++;
8083+
8084+ /* Remove trailing space from value */
8085+ p = value + strlen(value) - 1;
8086+
8087+ while (*p == '\n' || isspace((unsigned char)*p))
8088+ *p-- = 0;
8089+
8090+ *pkw = keyword;
8091+ *pval = value;
8092+ return 1;
8093+ }
8094+
8095+BIGNUM *hex2bn(const char *in)
8096+ {
8097+ BIGNUM *p=NULL;
8098+
8099+ if (!do_hex2bn(&p, in))
8100+ return NULL;
8101+
8102+ return p;
8103+ }
8104+
8105+int bin2hex(const unsigned char *in,int len,char *out)
8106+ {
8107+ int n1, n2;
8108+ unsigned char ch;
8109+
8110+ for (n1=0,n2=0 ; n1 < len ; ++n1)
8111+ {
8112+ ch=in[n1] >> 4;
8113+ if (ch <= 0x09)
8114+ out[n2++]=ch+'0';
8115+ else
8116+ out[n2++]=ch-10+'a';
8117+ ch=in[n1] & 0x0f;
8118+ if(ch <= 0x09)
8119+ out[n2++]=ch+'0';
8120+ else
8121+ out[n2++]=ch-10+'a';
8122+ }
8123+ out[n2]='\0';
8124+ return n2;
8125+ }
8126+
8127+void pv(const char *tag,const unsigned char *val,int len)
8128+ {
8129+ char obuf[2048];
8130+
8131+ bin2hex(val,len,obuf);
8132+ printf("%s = %s\n",tag,obuf);
8133+ }
8134+
8135+/* To avoid extensive changes to test program at this stage just convert
8136+ * the input line into an acceptable form. Keyword lines converted to form
8137+ * "keyword = value\n" no matter what white space present, all other lines
8138+ * just have leading and trailing space removed.
8139+ */
8140+
8141+int tidy_line(char *linebuf, char *olinebuf)
8142+ {
8143+ char *keyword, *value, *p, *q;
8144+ strcpy(linebuf, olinebuf);
8145+ keyword = linebuf;
8146+ /* Skip leading space */
8147+ while (isspace((unsigned char)*keyword))
8148+ keyword++;
8149+ /* Look for = sign */
8150+ p = strchr(linebuf, '=');
8151+
8152+ /* If no '=' just chop leading, trailing ws */
8153+ if (!p)
8154+ {
8155+ p = keyword + strlen(keyword) - 1;
8156+ while (*p == '\n' || isspace((unsigned char)*p))
8157+ *p-- = 0;
8158+ strcpy(olinebuf, keyword);
8159+ strcat(olinebuf, "\n");
8160+ return 1;
8161+ }
8162+
8163+ q = p - 1;
8164+
8165+ /* Remove trailing space */
8166+ while (isspace((unsigned char)*q))
8167+ *q-- = 0;
8168+
8169+ *p = 0;
8170+ value = p + 1;
8171+
8172+ /* Remove leading space from value */
8173+ while (isspace((unsigned char)*value))
8174+ value++;
8175+
8176+ /* Remove trailing space from value */
8177+ p = value + strlen(value) - 1;
8178+
8179+ while (*p == '\n' || isspace((unsigned char)*p))
8180+ *p-- = 0;
8181+
8182+ strcpy(olinebuf, keyword);
8183+ strcat(olinebuf, " = ");
8184+ strcat(olinebuf, value);
8185+ strcat(olinebuf, "\n");
8186+
8187+ return 1;
8188+ }
8189+
8190+/* NB: this return the number of _bits_ read */
8191+int bint2bin(const char *in, int len, unsigned char *out)
8192+ {
8193+ int n;
8194+
8195+ memset(out,0,len);
8196+ for(n=0 ; n < len ; ++n)
8197+ if(in[n] == '1')
8198+ out[n/8]|=(0x80 >> (n%8));
8199+ return len;
8200+ }
8201+
8202+int bin2bint(const unsigned char *in,int len,char *out)
8203+ {
8204+ int n;
8205+
8206+ for(n=0 ; n < len ; ++n)
8207+ out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
8208+ return n;
8209+ }
8210+
8211+/*-----------------------------------------------*/
8212+
8213+void PrintValue(char *tag, unsigned char *val, int len)
8214+{
8215+#if VERBOSE
8216+ char obuf[2048];
8217+ int olen;
8218+ olen = bin2hex(val, len, obuf);
8219+ printf("%s = %.*s\n", tag, olen, obuf);
8220+#endif
8221+}
8222+
8223+void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
8224+ {
8225+ char obuf[2048];
8226+ int olen;
8227+
8228+ if(bitmode)
8229+ olen=bin2bint(val,len,obuf);
8230+ else
8231+ olen=bin2hex(val,len,obuf);
8232+
8233+ fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
8234+#if VERBOSE
8235+ printf("%s = %.*s\n", tag, olen, obuf);
8236+#endif
8237+ }
8238+
37d333a7
MT		 8239diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_aes_selftest.c
8240--- openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips 2013-02-19 12:47:33.735118792 +0100
8241+++ openssl-1.0.1e/crypto/fips/fips_aes_selftest.c 2013-02-19 12:47:33.735118792 +0100
0595faf5
MT		 8242@@ -0,0 +1,359 @@
8243+/* ====================================================================
8244+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
8245+ *
8246+ * Redistribution and use in source and binary forms, with or without
8247+ * modification, are permitted provided that the following conditions
8248+ * are met:
8249+ *
8250+ * 1. Redistributions of source code must retain the above copyright
8251+ * notice, this list of conditions and the following disclaimer.
8252+ *
8253+ * 2. Redistributions in binary form must reproduce the above copyright
8254+ * notice, this list of conditions and the following disclaimer in
8255+ * the documentation and/or other materials provided with the
8256+ * distribution.
8257+ *
8258+ * 3. All advertising materials mentioning features or use of this
8259+ * software must display the following acknowledgment:
8260+ * "This product includes software developed by the OpenSSL Project
8261+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
8262+ *
8263+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
8264+ * endorse or promote products derived from this software without
8265+ * prior written permission. For written permission, please contact
8266+ * openssl-core@openssl.org.
8267+ *
8268+ * 5. Products derived from this software may not be called "OpenSSL"
8269+ * nor may "OpenSSL" appear in their names without prior written
8270+ * permission of the OpenSSL Project.
8271+ *
8272+ * 6. Redistributions of any form whatsoever must retain the following
8273+ * acknowledgment:
8274+ * "This product includes software developed by the OpenSSL Project
8275+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
8276+ *
8277+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
8278+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
8279+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
8280+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
8281+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
8282+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
8283+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
8284+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
8285+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
8286+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
8287+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
8288+ * OF THE POSSIBILITY OF SUCH DAMAGE.
8289+ *
8290+ */
8291+
8292+#include <string.h>
8293+#include <openssl/err.h>
8294+#ifdef OPENSSL_FIPS
8295+#include <openssl/fips.h>
8296+#endif
8297+#include <openssl/evp.h>
8298+
8299+#ifdef OPENSSL_FIPS
8300+static const struct
8301+ {
8302+ const unsigned char key[16];
8303+ const unsigned char plaintext[16];
8304+ const unsigned char ciphertext[16];
8305+ } tests[]=
8306+ {
8307+ {
8308+ { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
8309+ 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
8310+ { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
8311+ 0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF },
8312+ { 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30,
8313+ 0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A },
8314+ },
8315+ };
8316+
8317+static int corrupt_aes;
8318+
8319+void FIPS_corrupt_aes()
8320+ {
8321+ corrupt_aes = 1;
8322+ }
8323+
8324+int FIPS_selftest_aes()
8325+ {
8326+ int n;
8327+ int ret = 0;
8328+ EVP_CIPHER_CTX ctx;
8329+ EVP_CIPHER_CTX_init(&ctx);
8330+
8331+ for(n=0 ; n < 1 ; ++n)
8332+ {
8333+ unsigned char key[16];
8334+
8335+ memcpy(key, tests[n].key, sizeof(key));
8336+ if (corrupt_aes)
8337+ key[0]++;
8338+ if (fips_cipher_test(&ctx, EVP_aes_128_ecb(),
8339+ key, NULL,
8340+ tests[n].plaintext,
8341+ tests[n].ciphertext,
8342+ 16) <= 0)
8343+ goto err;
8344+ }
8345+ ret = 1;
8346+ err:
8347+ EVP_CIPHER_CTX_cleanup(&ctx);
8348+ if (ret == 0)
8349+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
8350+ return ret;
8351+ }
8352+
8353+/* AES-CCM test data from NIST public test vectors */
8354+
8355+static const unsigned char ccm_key[] = {
8356+ 0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6,
8357+ 0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe8
8358+};
8359+static const unsigned char ccm_nonce[] = {
8360+ 0x76,0x40,0x43,0xc4,0x94,0x60,0xb7
8361+};
8362+static const unsigned char ccm_adata[] = {
8363+ 0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7,
8364+ 0x5f,0x10,0xbd,0xe7,0x8c,0x23,0xfa,0x0e,0xb8,0xf9,0xaa,0xa5,
8365+ 0x3a,0xde,0xfb,0xf4,0xcb,0xf7,0x8f,0xe4
8366+};
8367+static const unsigned char ccm_pt[] = {
8368+ 0xc8,0xd2,0x75,0xf9,0x19,0xe1,0x7d,0x7f,0xe6,0x9c,0x2a,0x1f,
8369+ 0x58,0x93,0x9d,0xfe,0x4d,0x40,0x37,0x91,0xb5,0xdf,0x13,0x10
8370+};
8371+static const unsigned char ccm_ct[] = {
8372+ 0x8a,0x0f,0x3d,0x82,0x29,0xe4,0x8e,0x74,0x87,0xfd,0x95,0xa2,
8373+ 0x8a,0xd3,0x92,0xc8,0x0b,0x36,0x81,0xd4,0xfb,0xc7,0xbb,0xfd
8374+};
8375+static const unsigned char ccm_tag[] = {
8376+ 0x2d,0xd6,0xef,0x1c,0x45,0xd4,0xcc,0xb7,0x23,0xdc,0x07,0x44,
8377+ 0x14,0xdb,0x50,0x6d
8378+};
8379+
8380+int FIPS_selftest_aes_ccm(void)
8381+ {
8382+ int ret = 0;
8383+ unsigned char out[128], tag[16];
8384+ EVP_CIPHER_CTX ctx;
8385+ EVP_CIPHER_CTX_init(&ctx);
8386+ memset(out, 0, sizeof(out));
8387+ if (!EVP_CipherInit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 1))
8388+ goto err;
8389+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
8390+ sizeof(ccm_nonce), NULL))
8391+ goto err;
8392+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
8393+ sizeof(ccm_tag), NULL))
8394+ goto err;
8395+ if (!EVP_CipherInit(&ctx, NULL, ccm_key, ccm_nonce, 1))
8396+ goto err;
8397+ if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt))
8398+ goto err;
8399+ if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
8400+ goto err;
8401+ if (EVP_Cipher(&ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct))
8402+ goto err;
8403+
8404+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, 16, tag))
8405+ goto err;
8406+ if (memcmp(tag, ccm_tag, sizeof(ccm_tag))
8407+ || memcmp(out, ccm_ct, sizeof(ccm_ct)))
8408+ goto err;
8409+
8410+ memset(out, 0, sizeof(out));
8411+
8412+ if (!EVP_CipherInit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 0))
8413+ goto err;
8414+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
8415+ sizeof(ccm_nonce), NULL))
8416+ goto err;
8417+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag))
8418+ goto err;
8419+ if (!EVP_CipherInit(&ctx, NULL, ccm_key, ccm_nonce, 0))
8420+ goto err;
8421+ if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct))
8422+ goto err;
8423+ if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
8424+ goto err;
8425+ if (EVP_Cipher(&ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt))
8426+ goto err;
8427+
8428+ if (memcmp(out, ccm_pt, sizeof(ccm_pt)))
8429+ goto err;
8430+
8431+ ret = 1;
8432+
8433+ err:
8434+ EVP_CIPHER_CTX_cleanup(&ctx);
8435+
8436+ if (ret == 0)
8437+ {
8438+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM,FIPS_R_SELFTEST_FAILED);
8439+ return 0;
8440+ }
8441+ else
8442+ return ret;
8443+
8444+ }
8445+
8446+/* AES-GCM test data from NIST public test vectors */
8447+
8448+static const unsigned char gcm_key[] = {
8449+ 0xee,0xbc,0x1f,0x57,0x48,0x7f,0x51,0x92,0x1c,0x04,0x65,0x66,
8450+ 0x5f,0x8a,0xe6,0xd1,0x65,0x8b,0xb2,0x6d,0xe6,0xf8,0xa0,0x69,
8451+ 0xa3,0x52,0x02,0x93,0xa5,0x72,0x07,0x8f
8452+};
8453+static const unsigned char gcm_iv[] = {
8454+ 0x99,0xaa,0x3e,0x68,0xed,0x81,0x73,0xa0,0xee,0xd0,0x66,0x84
8455+};
8456+static const unsigned char gcm_pt[] = {
8457+ 0xf5,0x6e,0x87,0x05,0x5b,0xc3,0x2d,0x0e,0xeb,0x31,0xb2,0xea,
8458+ 0xcc,0x2b,0xf2,0xa5
8459+};
8460+static const unsigned char gcm_aad[] = {
8461+ 0x4d,0x23,0xc3,0xce,0xc3,0x34,0xb4,0x9b,0xdb,0x37,0x0c,0x43,
8462+ 0x7f,0xec,0x78,0xde
8463+};
8464+static const unsigned char gcm_ct[] = {
8465+ 0xf7,0x26,0x44,0x13,0xa8,0x4c,0x0e,0x7c,0xd5,0x36,0x86,0x7e,
8466+ 0xb9,0xf2,0x17,0x36
8467+};
8468+static const unsigned char gcm_tag[] = {
8469+ 0x67,0xba,0x05,0x10,0x26,0x2a,0xe4,0x87,0xd7,0x37,0xee,0x62,
8470+ 0x98,0xf7,0x7e,0x0c
8471+};
8472+
8473+int FIPS_selftest_aes_gcm(void)
8474+ {
8475+ int ret = 0;
8476+ unsigned char out[128], tag[16];
8477+ EVP_CIPHER_CTX ctx;
8478+ EVP_CIPHER_CTX_init(&ctx);
8479+ memset(out, 0, sizeof(out));
8480+ memset(tag, 0, sizeof(tag));
8481+ if (!EVP_CipherInit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
8482+ goto err;
8483+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
8484+ sizeof(gcm_iv), NULL))
8485+ goto err;
8486+ if (!EVP_CipherInit(&ctx, NULL, gcm_key, gcm_iv, 1))
8487+ goto err;
8488+ if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
8489+ goto err;
8490+ if (EVP_Cipher(&ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct))
8491+ goto err;
8492+ if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0)
8493+ goto err;
8494+
8495+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
8496+ goto err;
8497+
8498+ if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
8499+ goto err;
8500+
8501+ memset(out, 0, sizeof(out));
8502+
8503+ if (!EVP_CipherInit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0))
8504+ goto err;
8505+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
8506+ sizeof(gcm_iv), NULL))
8507+ goto err;
8508+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
8509+ goto err;
8510+ if (!EVP_CipherInit(&ctx, NULL, gcm_key, gcm_iv, 0))
8511+ goto err;
8512+ if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
8513+ goto err;
8514+ if (EVP_Cipher(&ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt))
8515+ goto err;
8516+ if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0)
8517+ goto err;
8518+
8519+ if (memcmp(out, gcm_pt, 16))
8520+ goto err;
8521+
8522+ ret = 1;
8523+
8524+ err:
8525+ EVP_CIPHER_CTX_cleanup(&ctx);
8526+
8527+ if (ret == 0)
8528+ {
8529+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED);
8530+ return 0;
8531+ }
8532+ else
8533+ return ret;
8534+
8535+ }
8536+
8537+
8538+static const unsigned char XTS_128_key[] = {
8539+ 0xa1,0xb9,0x0c,0xba,0x3f,0x06,0xac,0x35,0x3b,0x2c,0x34,0x38,
8540+ 0x76,0x08,0x17,0x62,0x09,0x09,0x23,0x02,0x6e,0x91,0x77,0x18,
8541+ 0x15,0xf2,0x9d,0xab,0x01,0x93,0x2f,0x2f
8542+};
8543+static const unsigned char XTS_128_i[] = {
8544+ 0x4f,0xae,0xf7,0x11,0x7c,0xda,0x59,0xc6,0x6e,0x4b,0x92,0x01,
8545+ 0x3e,0x76,0x8a,0xd5
8546+};
8547+static const unsigned char XTS_128_pt[] = {
8548+ 0xeb,0xab,0xce,0x95,0xb1,0x4d,0x3c,0x8d,0x6f,0xb3,0x50,0x39,
8549+ 0x07,0x90,0x31,0x1c
8550+};
8551+static const unsigned char XTS_128_ct[] = {
8552+ 0x77,0x8a,0xe8,0xb4,0x3c,0xb9,0x8d,0x5a,0x82,0x50,0x81,0xd5,
8553+ 0xbe,0x47,0x1c,0x63
8554+};
8555+
8556+static const unsigned char XTS_256_key[] = {
8557+ 0x1e,0xa6,0x61,0xc5,0x8d,0x94,0x3a,0x0e,0x48,0x01,0xe4,0x2f,
8558+ 0x4b,0x09,0x47,0x14,0x9e,0x7f,0x9f,0x8e,0x3e,0x68,0xd0,0xc7,
8559+ 0x50,0x52,0x10,0xbd,0x31,0x1a,0x0e,0x7c,0xd6,0xe1,0x3f,0xfd,
8560+ 0xf2,0x41,0x8d,0x8d,0x19,0x11,0xc0,0x04,0xcd,0xa5,0x8d,0xa3,
8561+ 0xd6,0x19,0xb7,0xe2,0xb9,0x14,0x1e,0x58,0x31,0x8e,0xea,0x39,
8562+ 0x2c,0xf4,0x1b,0x08
8563+};
8564+static const unsigned char XTS_256_i[] = {
8565+ 0xad,0xf8,0xd9,0x26,0x27,0x46,0x4a,0xd2,0xf0,0x42,0x8e,0x84,
8566+ 0xa9,0xf8,0x75,0x64
8567+};
8568+static const unsigned char XTS_256_pt[] = {
8569+ 0x2e,0xed,0xea,0x52,0xcd,0x82,0x15,0xe1,0xac,0xc6,0x47,0xe8,
8570+ 0x10,0xbb,0xc3,0x64,0x2e,0x87,0x28,0x7f,0x8d,0x2e,0x57,0xe3,
8571+ 0x6c,0x0a,0x24,0xfb,0xc1,0x2a,0x20,0x2e
8572+};
8573+static const unsigned char XTS_256_ct[] = {
8574+ 0xcb,0xaa,0xd0,0xe2,0xf6,0xce,0xa3,0xf5,0x0b,0x37,0xf9,0x34,
8575+ 0xd4,0x6a,0x9b,0x13,0x0b,0x9d,0x54,0xf0,0x7e,0x34,0xf3,0x6a,
8576+ 0xf7,0x93,0xe8,0x6f,0x73,0xc6,0xd7,0xdb
8577+};
8578+
8579+int FIPS_selftest_aes_xts()
8580+ {
8581+ int ret = 1;
8582+ EVP_CIPHER_CTX ctx;
8583+ EVP_CIPHER_CTX_init(&ctx);
8584+
8585+ if (fips_cipher_test(&ctx, EVP_aes_128_xts(),
8586+ XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct,
8587+ sizeof(XTS_128_pt)) <= 0)
8588+ ret = 0;
8589+
8590+ if (fips_cipher_test(&ctx, EVP_aes_256_xts(),
8591+ XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct,
8592+ sizeof(XTS_256_pt)) <= 0)
8593+ ret = 0;
8594+
8595+ EVP_CIPHER_CTX_cleanup(&ctx);
8596+ if (ret == 0)
8597+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS,FIPS_R_SELFTEST_FAILED);
8598+ return ret;
8599+ }
8600+
8601+#endif
37d333a7
MT		 8602diff -up openssl-1.0.1e/crypto/fips/fips.c.fips openssl-1.0.1e/crypto/fips/fips.c
8603--- openssl-1.0.1e/crypto/fips/fips.c.fips 2013-02-19 12:47:33.735118792 +0100
8604+++ openssl-1.0.1e/crypto/fips/fips.c 2013-02-19 12:47:33.736118812 +0100
0595faf5
MT		 8605@@ -0,0 +1,489 @@
8606+/* ====================================================================
8607+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
8608+ *
8609+ * Redistribution and use in source and binary forms, with or without
8610+ * modification, are permitted provided that the following conditions
8611+ * are met:
8612+ *
8613+ * 1. Redistributions of source code must retain the above copyright
8614+ * notice, this list of conditions and the following disclaimer.
8615+ *
8616+ * 2. Redistributions in binary form must reproduce the above copyright
8617+ * notice, this list of conditions and the following disclaimer in
8618+ * the documentation and/or other materials provided with the
8619+ * distribution.
8620+ *
8621+ * 3. All advertising materials mentioning features or use of this
8622+ * software must display the following acknowledgment:
8623+ * "This product includes software developed by the OpenSSL Project
8624+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
8625+ *
8626+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
8627+ * endorse or promote products derived from this software without
8628+ * prior written permission. For written permission, please contact
8629+ * openssl-core@openssl.org.
8630+ *
8631+ * 5. Products derived from this software may not be called "OpenSSL"
8632+ * nor may "OpenSSL" appear in their names without prior written
8633+ * permission of the OpenSSL Project.
8634+ *
8635+ * 6. Redistributions of any form whatsoever must retain the following
8636+ * acknowledgment:
8637+ * "This product includes software developed by the OpenSSL Project
8638+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
8639+ *
8640+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
8641+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
8642+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
8643+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
8644+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
8645+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
8646+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
8647+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
8648+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
8649+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
8650+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
8651+ * OF THE POSSIBILITY OF SUCH DAMAGE.
8652+ *
8653+ */
8654+
8655+#define _GNU_SOURCE
8656+
8657+#include <openssl/rand.h>
8658+#include <openssl/fips_rand.h>
8659+#include <openssl/err.h>
8660+#include <openssl/bio.h>
8661+#include <openssl/hmac.h>
8662+#include <openssl/rsa.h>
8663+#include <string.h>
8664+#include <limits.h>
8665+#include <dlfcn.h>
8666+#include <stdio.h>
8667+#include <stdlib.h>
8668+#include "fips_locl.h"
8669+
8670+#ifdef OPENSSL_FIPS
8671+
8672+#include <openssl/fips.h>
8673+
8674+#ifndef PATH_MAX
8675+#define PATH_MAX 1024
8676+#endif
8677+
8678+static int fips_selftest_fail = 0;
8679+static int fips_mode = 0;
8680+static int fips_started = 0;
8681+
8682+static int fips_is_owning_thread(void);
8683+static int fips_set_owning_thread(void);
8684+static int fips_clear_owning_thread(void);
8685+
8686+#define fips_w_lock() CRYPTO_w_lock(CRYPTO_LOCK_FIPS)
8687+#define fips_w_unlock() CRYPTO_w_unlock(CRYPTO_LOCK_FIPS)
8688+#define fips_r_lock() CRYPTO_r_lock(CRYPTO_LOCK_FIPS)
8689+#define fips_r_unlock() CRYPTO_r_unlock(CRYPTO_LOCK_FIPS)
8690+
8691+static void fips_set_mode(int onoff)
8692+ {
8693+ int owning_thread = fips_is_owning_thread();
8694+
8695+ if (fips_started)
8696+ {
8697+ if (!owning_thread) fips_w_lock();
8698+ fips_mode = onoff;
8699+ if (!owning_thread) fips_w_unlock();
8700+ }
8701+ }
8702+
8703+int FIPS_module_mode(void)
8704+ {
8705+ int ret = 0;
8706+ int owning_thread = fips_is_owning_thread();
8707+
8708+ if (fips_started)
8709+ {
8710+ if (!owning_thread) fips_r_lock();
8711+ ret = fips_mode;
8712+ if (!owning_thread) fips_r_unlock();
8713+ }
8714+ return ret;
8715+ }
8716+
8717+int FIPS_selftest_failed(void)
8718+ {
8719+ int ret = 0;
8720+ if (fips_started)
8721+ {
8722+ int owning_thread = fips_is_owning_thread();
8723+
8724+ if (!owning_thread) fips_r_lock();
8725+ ret = fips_selftest_fail;
8726+ if (!owning_thread) fips_r_unlock();
8727+ }
8728+ return ret;
8729+ }
8730+
8731+/* Selftest failure fatal exit routine. This will be called
8732+ * during *any* cryptographic operation. It has the minimum
8733+ * overhead possible to avoid too big a performance hit.
8734+ */
8735+
8736+void FIPS_selftest_check(void)
8737+ {
8738+ if (fips_selftest_fail)
8739+ {
8740+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
8741+ }
8742+ }
8743+
8744+void fips_set_selftest_fail(void)
8745+ {
8746+ fips_selftest_fail = 1;
8747+ }
8748+
8749+/* we implement what libfipscheck does ourselves */
8750+
8751+static int
8752+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
8753+{
8754+ Dl_info info;
8755+ void *dl, *sym;
8756+ int rv = -1;
8757+
8758+ dl = dlopen(libname, RTLD_LAZY);
8759+ if (dl == NULL) {
8760+ return -1;
8761+ }
8762+
8763+ sym = dlsym(dl, symbolname);
8764+
8765+ if (sym != NULL && dladdr(sym, &info)) {
8766+ strncpy(path, info.dli_fname, pathlen-1);
8767+ path[pathlen-1] = '\0';
8768+ rv = 0;
8769+ }
8770+
8771+ dlclose(dl);
8772+
8773+ return rv;
8774+}
8775+
8776+static const char conv[] = "0123456789abcdef";
8777+
8778+static char *
8779+bin2hex(void *buf, size_t len)
8780+{
8781+ char *hex, *p;
8782+ unsigned char *src = buf;
8783+
8784+ hex = malloc(len * 2 + 1);
8785+ if (hex == NULL)
8786+ return NULL;
8787+
8788+ p = hex;
8789+
8790+ while (len > 0) {
8791+ unsigned c;
8792+
8793+ c = *src;
8794+ src++;
8795+
8796+ *p = conv[c >> 4];
8797+ ++p;
8798+ *p = conv[c & 0x0f];
8799+ ++p;
8800+ --len;
8801+ }
8802+ *p = '\0';
8803+ return hex;
8804+}
8805+
8806+#define HMAC_PREFIX "."
8807+#define HMAC_SUFFIX ".hmac"
8808+#define READ_BUFFER_LENGTH 16384
8809+
8810+static char *
8811+make_hmac_path(const char *origpath)
8812+{
8813+ char *path, *p;
8814+ const char *fn;
8815+
8816+ path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath));
8817+ if(path == NULL) {
8818+ return NULL;
8819+ }
8820+
8821+ fn = strrchr(origpath, '/');
8822+ if (fn == NULL) {
8823+ fn = origpath;
8824+ } else {
8825+ ++fn;
8826+ }
8827+
8828+ strncpy(path, origpath, fn-origpath);
8829+ p = path + (fn - origpath);
8830+ p = stpcpy(p, HMAC_PREFIX);
8831+ p = stpcpy(p, fn);
8832+ p = stpcpy(p, HMAC_SUFFIX);
8833+
8834+ return path;
8835+}
8836+
8837+static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
8838+
8839+static int
8840+compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
8841+{
8842+ FILE *f = NULL;
8843+ int rv = -1;
8844+ unsigned char rbuf[READ_BUFFER_LENGTH];
8845+ size_t len;
8846+ unsigned int hlen;
8847+ HMAC_CTX c;
8848+
8849+ HMAC_CTX_init(&c);
8850+
8851+ f = fopen(path, "r");
8852+
8853+ if (f == NULL) {
8854+ goto end;
8855+ }
8856+
8857+ HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
8858+
8859+ while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
8860+ HMAC_Update(&c, rbuf, len);
8861+ }
8862+
8863+ len = sizeof(rbuf);
8864+ /* reuse rbuf for hmac */
8865+ HMAC_Final(&c, rbuf, &hlen);
8866+
8867+ *buf = malloc(hlen);
8868+ if (*buf == NULL) {
8869+ goto end;
8870+ }
8871+
8872+ *hmaclen = hlen;
8873+
8874+ memcpy(*buf, rbuf, hlen);
8875+
8876+ rv = 0;
8877+end:
8878+ HMAC_CTX_cleanup(&c);
8879+
8880+ if (f)
8881+ fclose(f);
8882+
8883+ return rv;
8884+}
8885+
8886+static int
8887+FIPSCHECK_verify(const char *libname, const char *symbolname)
8888+{
8889+ char path[PATH_MAX+1];
8890+ int rv;
8891+ FILE *hf;
8892+ char *hmacpath, *p;
8893+ char *hmac = NULL;
8894+ size_t n;
8895+
8896+ rv = get_library_path(libname, symbolname, path, sizeof(path));
8897+
8898+ if (rv < 0)
8899+ return 0;
8900+
8901+ hmacpath = make_hmac_path(path);
8902+ if (hmacpath == NULL)
8903+ return 0;
8904+
8905+ hf = fopen(hmacpath, "r");
8906+ if (hf == NULL) {
8907+ free(hmacpath);
8908+ return 0;
8909+ }
8910+
8911+ if (getline(&hmac, &n, hf) > 0) {
8912+ void *buf;
8913+ size_t hmaclen;
8914+ char *hex;
8915+
8916+ if ((p=strchr(hmac, '\n')) != NULL)
8917+ *p = '\0';
8918+
8919+ if (compute_file_hmac(path, &buf, &hmaclen) < 0) {
8920+ rv = -4;
8921+ goto end;
8922+ }
8923+
8924+ if ((hex=bin2hex(buf, hmaclen)) == NULL) {
8925+ free(buf);
8926+ rv = -5;
8927+ goto end;
8928+ }
8929+
8930+ if (strcmp(hex, hmac) != 0) {
8931+ rv = -1;
8932+ }
8933+ free(buf);
8934+ free(hex);
8935+ }
8936+
8937+end:
8938+ free(hmac);
8939+ free(hmacpath);
8940+ fclose(hf);
8941+
8942+ if (rv < 0)
8943+ return 0;
8944+
8945+ /* check successful */
8946+ return 1;
8947+}
8948+
8949+int FIPS_module_mode_set(int onoff, const char *auth)
8950+ {
8951+ int ret = 0;
8952+
8953+ fips_w_lock();
8954+ fips_started = 1;
8955+ fips_set_owning_thread();
8956+
8957+ if(onoff)
8958+ {
8959+
8960+ fips_selftest_fail = 0;
8961+
8962+ /* Don't go into FIPS mode twice, just so we can do automagic
8963+ seeding */
8964+ if(FIPS_module_mode())
8965+ {
8966+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET);
8967+ fips_selftest_fail = 1;
8968+ ret = 0;
8969+ goto end;
8970+ }
8971+
8972+#ifdef OPENSSL_IA32_SSE2
8973+ {
8974+ extern unsigned int OPENSSL_ia32cap_P[2];
8975+ if ((OPENSSL_ia32cap_P[0] & (1<<25|1<<26)) != (1<<25|1<<26))
8976+ {
8977+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_UNSUPPORTED_PLATFORM);
8978+ fips_selftest_fail = 1;
8979+ ret = 0;
8980+ goto end;
8981+ }
8982+ OPENSSL_ia32cap_P[0] |= (1<<28); /* set "shared cache" */
8983+ OPENSSL_ia32cap_P[1] &= ~(1<<(60-32)); /* clear AVX */
8984+ }
8985+#endif
8986+
8987+ if(!FIPSCHECK_verify("libcrypto.so." SHLIB_VERSION_NUMBER,"FIPS_mode_set"))
8988+ {
8989+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
8990+ fips_selftest_fail = 1;
8991+ ret = 0;
8992+ goto end;
8993+ }
8994+
8995+ if(!FIPSCHECK_verify("libssl.so." SHLIB_VERSION_NUMBER,"SSL_CTX_new"))
8996+ {
8997+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
8998+ fips_selftest_fail = 1;
8999+ ret = 0;
9000+ goto end;
9001+ }
9002+
9003+ if(FIPS_selftest())
9004+ fips_set_mode(onoff);
9005+ else
9006+ {
9007+ fips_selftest_fail = 1;
9008+ ret = 0;
9009+ goto end;
9010+ }
9011+ ret = 1;
9012+ goto end;
9013+ }
9014+ fips_set_mode(0);
9015+ fips_selftest_fail = 0;
9016+ ret = 1;
9017+end:
9018+ fips_clear_owning_thread();
9019+ fips_w_unlock();
9020+ return ret;
9021+ }
9022+
9023+static CRYPTO_THREADID fips_thread;
9024+static int fips_thread_set = 0;
9025+
9026+static int fips_is_owning_thread(void)
9027+ {
9028+ int ret = 0;
9029+
9030+ if (fips_started)
9031+ {
9032+ CRYPTO_r_lock(CRYPTO_LOCK_FIPS2);
9033+ if (fips_thread_set)
9034+ {
9035+ CRYPTO_THREADID cur;
9036+ CRYPTO_THREADID_current(&cur);
9037+ if (!CRYPTO_THREADID_cmp(&cur, &fips_thread))
9038+ ret = 1;
9039+ }
9040+ CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2);
9041+ }
9042+ return ret;
9043+ }
9044+
9045+int fips_set_owning_thread(void)
9046+ {
9047+ int ret = 0;
9048+
9049+ if (fips_started)
9050+ {
9051+ CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
9052+ if (!fips_thread_set)
9053+ {
9054+ CRYPTO_THREADID_current(&fips_thread);
9055+ ret = 1;
9056+ fips_thread_set = 1;
9057+ }
9058+ CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
9059+ }
9060+ return ret;
9061+ }
9062+
9063+int fips_clear_owning_thread(void)
9064+ {
9065+ int ret = 0;
9066+
9067+ if (fips_started)
9068+ {
9069+ CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
9070+ if (fips_thread_set)
9071+ {
9072+ CRYPTO_THREADID cur;
9073+ CRYPTO_THREADID_current(&cur);
9074+ if (!CRYPTO_THREADID_cmp(&cur, &fips_thread))
9075+ fips_thread_set = 0;
9076+ }
9077+ CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
9078+ }
9079+ return ret;
9080+ }
9081+
9082+
9083+#if 0
9084+/* The purpose of this is to ensure the error code exists and the function
9085+ * name is to keep the error checking script quiet
9086+ */
9087+void hash_final(void)
9088+ {
9089+ FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);
9090+ }
9091+#endif
9092+
9093+
9094+#endif
37d333a7
MT		 9095diff -up openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c
9096--- openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c.fips 2013-02-19 12:47:33.736118812 +0100
9097+++ openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c 2013-02-19 12:47:33.736118812 +0100
0595faf5
MT		 9098@@ -0,0 +1,161 @@
9099+/* ====================================================================
9100+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
9101+ *
9102+ * Redistribution and use in source and binary forms, with or without
9103+ * modification, are permitted provided that the following conditions
9104+ * are met:
9105+ *
9106+ * 1. Redistributions of source code must retain the above copyright
9107+ * notice, this list of conditions and the following disclaimer.
9108+ *
9109+ * 2. Redistributions in binary form must reproduce the above copyright
9110+ * notice, this list of conditions and the following disclaimer in
9111+ * the documentation and/or other materials provided with the
9112+ * distribution.
9113+ *
9114+ * 3. All advertising materials mentioning features or use of this
9115+ * software must display the following acknowledgment:
9116+ * "This product includes software developed by the OpenSSL Project
9117+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
9118+ *
9119+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
9120+ * endorse or promote products derived from this software without
9121+ * prior written permission. For written permission, please contact
9122+ * openssl-core@openssl.org.
9123+ *
9124+ * 5. Products derived from this software may not be called "OpenSSL"
9125+ * nor may "OpenSSL" appear in their names without prior written
9126+ * permission of the OpenSSL Project.
9127+ *
9128+ * 6. Redistributions of any form whatsoever must retain the following
9129+ * acknowledgment:
9130+ * "This product includes software developed by the OpenSSL Project
9131+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
9132+ *
9133+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
9134+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
9135+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
9136+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
9137+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
9138+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9139+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
9140+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
9141+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
9142+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
9143+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
9144+ * OF THE POSSIBILITY OF SUCH DAMAGE.
9145+ *
9146+ */
9147+
9148+#include <string.h>
9149+#include <openssl/err.h>
9150+#include <openssl/fips.h>
9151+#include <openssl/cmac.h>
9152+#include "fips_locl.h"
9153+
9154+#ifdef OPENSSL_FIPS
9155+typedef struct {
9156+ int nid;
9157+ const unsigned char key[EVP_MAX_KEY_LENGTH]; size_t keysize;
9158+ const unsigned char msg[64]; size_t msgsize;
9159+ const unsigned char mac[32]; size_t macsize;
9160+} CMAC_KAT;
9161+
9162+/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */
9163+static const CMAC_KAT vector[] = {
9164+ { NID_aes_128_cbc, /* Count = 32 from CMACGenAES128.txt */
9165+ { 0x77,0xa7,0x7f,0xaf, 0x29,0x0c,0x1f,0xa3,
9166+ 0x0c,0x68,0x3d,0xf1, 0x6b,0xa7,0xa7,0x7b, }, 128,
9167+ { 0x02,0x06,0x83,0xe1, 0xf0,0x39,0x2f,0x4c,
9168+ 0xac,0x54,0x31,0x8b, 0x60,0x29,0x25,0x9e,
9169+ 0x9c,0x55,0x3d,0xbc, 0x4b,0x6a,0xd9,0x98,
9170+ 0xe6,0x4d,0x58,0xe4, 0xe7,0xdc,0x2e,0x13, }, 256,
9171+ { 0xfb,0xfe,0xa4,0x1b, }, 32
9172+ },
9173+ { NID_aes_192_cbc, /* Count = 23 from CMACGenAES192.txt */
9174+ { 0x7b,0x32,0x39,0x13, 0x69,0xaa,0x4c,0xa9,
9175+ 0x75,0x58,0x09,0x5b, 0xe3,0xc3,0xec,0x86,
9176+ 0x2b,0xd0,0x57,0xce, 0xf1,0xe3,0x2d,0x62, }, 192,
9177+ { 0x0 }, 0,
9178+ { 0xe4,0xd9,0x34,0x0b, 0x03,0xe6,0x7d,0xef,
9179+ 0xd4,0x96,0x9c,0xc1, 0xed,0x37,0x35,0xe6, }, 128,
9180+ },
9181+ { NID_aes_256_cbc, /* Count = 33 from CMACGenAES256.txt */
9182+ { 0x0b,0x12,0x2a,0xc8, 0xf3,0x4e,0xd1,0xfe,
9183+ 0x08,0x2a,0x36,0x25, 0xd1,0x57,0x56,0x14,
9184+ 0x54,0x16,0x7a,0xc1, 0x45,0xa1,0x0b,0xbf,
9185+ 0x77,0xc6,0xa7,0x05, 0x96,0xd5,0x74,0xf1, }, 256,
9186+ { 0x49,0x8b,0x53,0xfd, 0xec,0x87,0xed,0xcb,
9187+ 0xf0,0x70,0x97,0xdc, 0xcd,0xe9,0x3a,0x08,
9188+ 0x4b,0xad,0x75,0x01, 0xa2,0x24,0xe3,0x88,
9189+ 0xdf,0x34,0x9c,0xe1, 0x89,0x59,0xfe,0x84,
9190+ 0x85,0xf8,0xad,0x15, 0x37,0xf0,0xd8,0x96,
9191+ 0xea,0x73,0xbe,0xdc, 0x72,0x14,0x71,0x3f, }, 384,
9192+ { 0xf6,0x2c,0x46,0x32, 0x9b, }, 40,
9193+ },
9194+ { NID_des_ede3_cbc, /* Count = 41 from CMACGenTDES3.req */
9195+ { 0x89,0xbc,0xd9,0x52, 0xa8,0xc8,0xab,0x37,
9196+ 0x1a,0xf4,0x8a,0xc7, 0xd0,0x70,0x85,0xd5,
9197+ 0xef,0xf7,0x02,0xe6, 0xd6,0x2c,0xdc,0x23, }, 192,
9198+ { 0xfa,0x62,0x0c,0x1b, 0xbe,0x97,0x31,0x9e,
9199+ 0x9a,0x0c,0xf0,0x49, 0x21,0x21,0xf7,0xa2,
9200+ 0x0e,0xb0,0x8a,0x6a, 0x70,0x9d,0xcb,0xd0,
9201+ 0x0a,0xaf,0x38,0xe4, 0xf9,0x9e,0x75,0x4e, }, 256,
9202+ { 0x8f,0x49,0xa1,0xb7, 0xd6,0xaa,0x22,0x58, }, 64,
9203+ },
9204+};
9205+
9206+int FIPS_selftest_cmac()
9207+ {
9208+ size_t n, outlen;
9209+ unsigned char out[32];
9210+ const EVP_CIPHER *cipher;
9211+ CMAC_CTX *ctx = CMAC_CTX_new();
9212+ const CMAC_KAT *t;
9213+ int rv = 1;
9214+
9215+ for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
9216+ {
9217+ cipher = FIPS_get_cipherbynid(t->nid);
9218+ if (!cipher)
9219+ {
9220+ rv = -1;
9221+ goto err;
9222+ }
9223+ if (!CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0))
9224+ {
9225+ rv = -1;
9226+ goto err;
9227+ }
9228+ if (!CMAC_Update(ctx, t->msg, t->msgsize/8))
9229+ {
9230+ rv = -1;
9231+ goto err;
9232+ }
9233+
9234+ if (!CMAC_Final(ctx, out, &outlen))
9235+ {
9236+ rv = -1;
9237+ goto err;
9238+ }
9239+ CMAC_CTX_cleanup(ctx);
9240+
9241+ if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))
9242+ {
9243+ rv = 0;
9244+ }
9245+ }
9246+
9247+ err:
9248+ CMAC_CTX_free(ctx);
9249+
9250+ if (rv == -1)
9251+ {
9252+ rv = 0;
9253+ }
9254+ if (!rv)
9255+ FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
9256+
9257+ return rv;
9258+ }
9259+#endif
37d333a7
MT		 9260diff -up openssl-1.0.1e/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_des_selftest.c
9261--- openssl-1.0.1e/crypto/fips/fips_des_selftest.c.fips 2013-02-19 12:47:33.736118812 +0100
9262+++ openssl-1.0.1e/crypto/fips/fips_des_selftest.c 2013-02-19 12:47:33.736118812 +0100
0595faf5
MT		 9263@@ -0,0 +1,147 @@
9264+/* ====================================================================
9265+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
9266+ *
9267+ * Redistribution and use in source and binary forms, with or without
9268+ * modification, are permitted provided that the following conditions
9269+ * are met:
9270+ *
9271+ * 1. Redistributions of source code must retain the above copyright
9272+ * notice, this list of conditions and the following disclaimer.
9273+ *
9274+ * 2. Redistributions in binary form must reproduce the above copyright
9275+ * notice, this list of conditions and the following disclaimer in
9276+ * the documentation and/or other materials provided with the
9277+ * distribution.
9278+ *
9279+ * 3. All advertising materials mentioning features or use of this
9280+ * software must display the following acknowledgment:
9281+ * "This product includes software developed by the OpenSSL Project
9282+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
9283+ *
9284+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
9285+ * endorse or promote products derived from this software without
9286+ * prior written permission. For written permission, please contact
9287+ * openssl-core@openssl.org.
9288+ *
9289+ * 5. Products derived from this software may not be called "OpenSSL"
9290+ * nor may "OpenSSL" appear in their names without prior written
9291+ * permission of the OpenSSL Project.
9292+ *
9293+ * 6. Redistributions of any form whatsoever must retain the following
9294+ * acknowledgment:
9295+ * "This product includes software developed by the OpenSSL Project
9296+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
9297+ *
9298+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
9299+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
9300+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
9301+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
9302+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
9303+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9304+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
9305+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
9306+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
9307+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
9308+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
9309+ * OF THE POSSIBILITY OF SUCH DAMAGE.
9310+ *
9311+ */
9312+
9313+#include <string.h>
9314+#include <openssl/err.h>
9315+#ifdef OPENSSL_FIPS
9316+#include <openssl/fips.h>
9317+#endif
9318+#include <openssl/evp.h>
9319+#include <openssl/opensslconf.h>
9320+
9321+#ifdef OPENSSL_FIPS
9322+
9323+static const struct
9324+ {
9325+ const unsigned char key[16];
9326+ const unsigned char plaintext[8];
9327+ const unsigned char ciphertext[8];
9328+ } tests2[]=
9329+ {
9330+ {
9331+ { 0x7c,0x4f,0x6e,0xf7,0xa2,0x04,0x16,0xec,
9332+ 0x0b,0x6b,0x7c,0x9e,0x5e,0x19,0xa7,0xc4 },
9333+ { 0x06,0xa7,0xd8,0x79,0xaa,0xce,0x69,0xef },
9334+ { 0x4c,0x11,0x17,0x55,0xbf,0xc4,0x4e,0xfd }
9335+ },
9336+ {
9337+ { 0x5d,0x9e,0x01,0xd3,0x25,0xc7,0x3e,0x34,
9338+ 0x01,0x16,0x7c,0x85,0x23,0xdf,0xe0,0x68 },
9339+ { 0x9c,0x50,0x09,0x0f,0x5e,0x7d,0x69,0x7e },
9340+ { 0xd2,0x0b,0x18,0xdf,0xd9,0x0d,0x9e,0xff },
9341+ }
9342+ };
9343+
9344+static const struct
9345+ {
9346+ const unsigned char key[24];
9347+ const unsigned char plaintext[8];
9348+ const unsigned char ciphertext[8];
9349+ } tests3[]=
9350+ {
9351+ {
9352+ { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
9353+ 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
9354+ 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 },
9355+ { 0x8f,0x8f,0xbf,0x9b,0x5d,0x48,0xb4,0x1c },
9356+ { 0x59,0x8c,0xe5,0xd3,0x6c,0xa2,0xea,0x1b },
9357+ },
9358+ {
9359+ { 0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE,
9360+ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
9361+ 0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
9362+ { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
9363+ { 0x11,0x25,0xb0,0x35,0xbe,0xa0,0x82,0x86 },
9364+ },
9365+ };
9366+
9367+
9368+static int corrupt_des;
9369+
9370+void FIPS_corrupt_des()
9371+ {
9372+ corrupt_des = 1;
9373+ }
9374+
9375+int FIPS_selftest_des()
9376+ {
9377+ int n, ret = 0;
9378+ EVP_CIPHER_CTX ctx;
9379+ EVP_CIPHER_CTX_init(&ctx);
9380+ /* Encrypt/decrypt with 2-key 3DES and compare to known answers */
9381+ for(n=0 ; n < 2 ; ++n)
9382+ {
9383+ unsigned char plaintext[8];
9384+
9385+ memcpy(plaintext, tests2[n].plaintext, sizeof(plaintext));
9386+ if (corrupt_des)
9387+ plaintext[0]++;
9388+ if (!fips_cipher_test(&ctx, EVP_des_ede_ecb(),
9389+ tests2[n].key, NULL,
9390+ plaintext, tests2[n].ciphertext, 8))
9391+ goto err;
9392+ }
9393+
9394+ /* Encrypt/decrypt with 3DES and compare to known answers */
9395+ for(n=0 ; n < 2 ; ++n)
9396+ {
9397+ if (!fips_cipher_test(&ctx, EVP_des_ede3_ecb(),
9398+ tests3[n].key, NULL,
9399+ tests3[n].plaintext, tests3[n].ciphertext, 8))
9400+ goto err;
9401+ }
9402+ ret = 1;
9403+ err:
9404+ EVP_CIPHER_CTX_cleanup(&ctx);
9405+ if (ret == 0)
9406+ FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
9407+
9408+ return ret;
9409+ }
9410+#endif
37d333a7
MT		 9411diff -up openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c
9412--- openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c.fips 2013-02-19 12:47:33.736118812 +0100
9413+++ openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c 2013-02-19 12:47:33.736118812 +0100
0595faf5
MT		 9414@@ -0,0 +1,436 @@
9415+/* fips/rand/fips_drbg_ctr.c */
9416+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
9417+ * project.
9418+ */
9419+/* ====================================================================
9420+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
9421+ *
9422+ * Redistribution and use in source and binary forms, with or without
9423+ * modification, are permitted provided that the following conditions
9424+ * are met:
9425+ *
9426+ * 1. Redistributions of source code must retain the above copyright
9427+ * notice, this list of conditions and the following disclaimer.
9428+ *
9429+ * 2. Redistributions in binary form must reproduce the above copyright
9430+ * notice, this list of conditions and the following disclaimer in
9431+ * the documentation and/or other materials provided with the
9432+ * distribution.
9433+ *
9434+ * 3. All advertising materials mentioning features or use of this
9435+ * software must display the following acknowledgment:
9436+ * "This product includes software developed by the OpenSSL Project
9437+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
9438+ *
9439+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
9440+ * endorse or promote products derived from this software without
9441+ * prior written permission. For written permission, please contact
9442+ * licensing@OpenSSL.org.
9443+ *
9444+ * 5. Products derived from this software may not be called "OpenSSL"
9445+ * nor may "OpenSSL" appear in their names without prior written
9446+ * permission of the OpenSSL Project.
9447+ *
9448+ * 6. Redistributions of any form whatsoever must retain the following
9449+ * acknowledgment:
9450+ * "This product includes software developed by the OpenSSL Project
9451+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
9452+ *
9453+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
9454+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
9455+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
9456+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
9457+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
9458+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9459+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
9460+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
9461+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
9462+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
9463+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
9464+ * OF THE POSSIBILITY OF SUCH DAMAGE.
9465+ * ====================================================================
9466+ */
9467+
9468+#include <stdlib.h>
9469+#include <string.h>
9470+#include <openssl/crypto.h>
9471+#include <openssl/fips.h>
9472+#include <openssl/fips_rand.h>
9473+#include "fips_rand_lcl.h"
9474+
9475+static void inc_128(DRBG_CTR_CTX *cctx)
9476+ {
9477+ int i;
9478+ unsigned char c;
9479+ unsigned char *p = cctx->V + 15;
9480+ for (i = 0; i < 16; i++)
9481+ {
9482+ c = *p;
9483+ c++;
9484+ *p = c;
9485+ if (c)
9486+ return;
9487+ p--;
9488+ }
9489+ }
9490+
9491+static void ctr_XOR(DRBG_CTR_CTX *cctx, const unsigned char *in, size_t inlen)
9492+ {
9493+ size_t i, n;
9494+ /* Any zero padding will have no effect on the result as we
9495+ * are XORing. So just process however much input we have.
9496+ */
9497+
9498+ if (!in || !inlen)
9499+ return;
9500+
9501+ if (inlen < cctx->keylen)
9502+ n = inlen;
9503+ else
9504+ n = cctx->keylen;
9505+
9506+ for (i = 0; i < n; i++)
9507+ cctx->K[i] ^= in[i];
9508+ if (inlen <= cctx->keylen)
9509+ return;
9510+
9511+ n = inlen - cctx->keylen;
9512+ /* Should never happen */
9513+ if (n > 16)
9514+ n = 16;
9515+ for (i = 0; i < 16; i++)
9516+ cctx->V[i] ^= in[i + cctx->keylen];
9517+ }
9518+
9519+/* Process a complete block using BCC algorithm of SPP 800-90 10.4.3 */
9520+
9521+static void ctr_BCC_block(DRBG_CTR_CTX *cctx, unsigned char *out,
9522+ const unsigned char *in)
9523+ {
9524+ int i;
9525+ for (i = 0; i < 16; i++)
9526+ out[i] ^= in[i];
9527+ AES_encrypt(out, out, &cctx->df_ks);
9528+#if 0
9529+fprintf(stderr, "BCC in+out\n");
9530+BIO_dump_fp(stderr, in, 16);
9531+BIO_dump_fp(stderr, out, 16);
9532+#endif
9533+ }
9534+
9535+/* Handle several BCC operations for as much data as we need for K and X */
9536+static void ctr_BCC_blocks(DRBG_CTR_CTX *cctx, const unsigned char *in)
9537+ {
9538+ ctr_BCC_block(cctx, cctx->KX, in);
9539+ ctr_BCC_block(cctx, cctx->KX + 16, in);
9540+ if (cctx->keylen != 16)
9541+ ctr_BCC_block(cctx, cctx->KX + 32, in);
9542+ }
9543+/* Initialise BCC blocks: these have the value 0,1,2 in leftmost positions:
9544+ * see 10.4.2 stage 7.
9545+ */
9546+static void ctr_BCC_init(DRBG_CTR_CTX *cctx)
9547+ {
9548+ memset(cctx->KX, 0, 48);
9549+ memset(cctx->bltmp, 0, 16);
9550+ ctr_BCC_block(cctx, cctx->KX, cctx->bltmp);
9551+ cctx->bltmp[3] = 1;
9552+ ctr_BCC_block(cctx, cctx->KX + 16, cctx->bltmp);
9553+ if (cctx->keylen != 16)
9554+ {
9555+ cctx->bltmp[3] = 2;
9556+ ctr_BCC_block(cctx, cctx->KX + 32, cctx->bltmp);
9557+ }
9558+ }
9559+
9560+/* Process several blocks into BCC algorithm, some possibly partial */
9561+static void ctr_BCC_update(DRBG_CTR_CTX *cctx,
9562+ const unsigned char *in, size_t inlen)
9563+ {
9564+ if (!in || !inlen)
9565+ return;
9566+ /* If we have partial block handle it first */
9567+ if (cctx->bltmp_pos)
9568+ {
9569+ size_t left = 16 - cctx->bltmp_pos;
9570+ /* If we now have a complete block process it */
9571+ if (inlen >= left)
9572+ {
9573+ memcpy(cctx->bltmp + cctx->bltmp_pos, in, left);
9574+ ctr_BCC_blocks(cctx, cctx->bltmp);
9575+ cctx->bltmp_pos = 0;
9576+ inlen -= left;
9577+ in += left;
9578+ }
9579+ }
9580+ /* Process zero or more complete blocks */
9581+ while (inlen >= 16)
9582+ {
9583+ ctr_BCC_blocks(cctx, in);
9584+ in += 16;
9585+ inlen -= 16;
9586+ }
9587+ /* Copy any remaining partial block to the temporary buffer */
9588+ if (inlen > 0)
9589+ {
9590+ memcpy(cctx->bltmp + cctx->bltmp_pos, in, inlen);
9591+ cctx->bltmp_pos += inlen;
9592+ }
9593+ }
9594+
9595+static void ctr_BCC_final(DRBG_CTR_CTX *cctx)
9596+ {
9597+ if (cctx->bltmp_pos)
9598+ {
9599+ memset(cctx->bltmp + cctx->bltmp_pos, 0, 16 - cctx->bltmp_pos);
9600+ ctr_BCC_blocks(cctx, cctx->bltmp);
9601+ }
9602+ }
9603+
9604+static void ctr_df(DRBG_CTR_CTX *cctx,
9605+ const unsigned char *in1, size_t in1len,
9606+ const unsigned char *in2, size_t in2len,
9607+ const unsigned char *in3, size_t in3len)
9608+ {
9609+ size_t inlen;
9610+ unsigned char *p = cctx->bltmp;
9611+ static unsigned char c80 = 0x80;
9612+
9613+ ctr_BCC_init(cctx);
9614+ if (!in1)
9615+ in1len = 0;
9616+ if (!in2)
9617+ in2len = 0;
9618+ if (!in3)
9619+ in3len = 0;
9620+ inlen = in1len + in2len + in3len;
9621+ /* Initialise L||N in temporary block */
9622+ *p++ = (inlen >> 24) & 0xff;
9623+ *p++ = (inlen >> 16) & 0xff;
9624+ *p++ = (inlen >> 8) & 0xff;
9625+ *p++ = inlen & 0xff;
9626+ /* NB keylen is at most 32 bytes */
9627+ *p++ = 0;
9628+ *p++ = 0;
9629+ *p++ = 0;
9630+ *p = (unsigned char)((cctx->keylen + 16) & 0xff);
9631+ cctx->bltmp_pos = 8;
9632+ ctr_BCC_update(cctx, in1, in1len);
9633+ ctr_BCC_update(cctx, in2, in2len);
9634+ ctr_BCC_update(cctx, in3, in3len);
9635+ ctr_BCC_update(cctx, &c80, 1);
9636+ ctr_BCC_final(cctx);
9637+ /* Set up key K */
9638+ AES_set_encrypt_key(cctx->KX, cctx->keylen * 8, &cctx->df_kxks);
9639+ /* X follows key K */
9640+ AES_encrypt(cctx->KX + cctx->keylen, cctx->KX, &cctx->df_kxks);
9641+ AES_encrypt(cctx->KX, cctx->KX + 16, &cctx->df_kxks);
9642+ if (cctx->keylen != 16)
9643+ AES_encrypt(cctx->KX + 16, cctx->KX + 32, &cctx->df_kxks);
9644+#if 0
9645+fprintf(stderr, "Output of ctr_df:\n");
9646+BIO_dump_fp(stderr, cctx->KX, cctx->keylen + 16);
9647+#endif
9648+ }
9649+
9650+/* NB the no-df Update in SP800-90 specifies a constant input length
9651+ * of seedlen, however other uses of this algorithm pad the input with
9652+ * zeroes if necessary and have up to two parameters XORed together,
9653+ * handle both cases in this function instead.
9654+ */
9655+
9656+static void ctr_Update(DRBG_CTX *dctx,
9657+ const unsigned char *in1, size_t in1len,
9658+ const unsigned char *in2, size_t in2len,
9659+ const unsigned char *nonce, size_t noncelen)
9660+ {
9661+ DRBG_CTR_CTX *cctx = &dctx->d.ctr;
9662+ /* ks is already setup for correct key */
9663+ inc_128(cctx);
9664+ AES_encrypt(cctx->V, cctx->K, &cctx->ks);
9665+ /* If keylen longer than 128 bits need extra encrypt */
9666+ if (cctx->keylen != 16)
9667+ {
9668+ inc_128(cctx);
9669+ AES_encrypt(cctx->V, cctx->K + 16, &cctx->ks);
9670+ }
9671+ inc_128(cctx);
9672+ AES_encrypt(cctx->V, cctx->V, &cctx->ks);
9673+ /* If 192 bit key part of V is on end of K */
9674+ if (cctx->keylen == 24)
9675+ {
9676+ memcpy(cctx->V + 8, cctx->V, 8);
9677+ memcpy(cctx->V, cctx->K + 24, 8);
9678+ }
9679+
9680+ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
9681+ {
9682+ /* If no input reuse existing derived value */
9683+ if (in1 || nonce || in2)
9684+ ctr_df(cctx, in1, in1len, nonce, noncelen, in2, in2len);
9685+ /* If this a reuse input in1len != 0 */
9686+ if (in1len)
9687+ ctr_XOR(cctx, cctx->KX, dctx->seedlen);
9688+ }
9689+ else
9690+ {
9691+ ctr_XOR(cctx, in1, in1len);
9692+ ctr_XOR(cctx, in2, in2len);
9693+ }
9694+
9695+ AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
9696+#if 0
9697+fprintf(stderr, "K+V after update is:\n");
9698+BIO_dump_fp(stderr, cctx->K, cctx->keylen);
9699+BIO_dump_fp(stderr, cctx->V, 16);
9700+#endif
9701+ }
9702+
9703+static int drbg_ctr_instantiate(DRBG_CTX *dctx,
9704+ const unsigned char *ent, size_t entlen,
9705+ const unsigned char *nonce, size_t noncelen,
9706+ const unsigned char *pers, size_t perslen)
9707+ {
9708+ DRBG_CTR_CTX *cctx = &dctx->d.ctr;
9709+ memset(cctx->K, 0, sizeof(cctx->K));
9710+ memset(cctx->V, 0, sizeof(cctx->V));
9711+ AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
9712+ ctr_Update(dctx, ent, entlen, pers, perslen, nonce, noncelen);
9713+ return 1;
9714+ }
9715+
9716+static int drbg_ctr_reseed(DRBG_CTX *dctx,
9717+ const unsigned char *ent, size_t entlen,
9718+ const unsigned char *adin, size_t adinlen)
9719+ {
9720+ ctr_Update(dctx, ent, entlen, adin, adinlen, NULL, 0);
9721+ return 1;
9722+ }
9723+
9724+static int drbg_ctr_generate(DRBG_CTX *dctx,
9725+ unsigned char *out, size_t outlen,
9726+ const unsigned char *adin, size_t adinlen)
9727+ {
9728+ DRBG_CTR_CTX *cctx = &dctx->d.ctr;
9729+ if (adin && adinlen)
9730+ {
9731+ ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
9732+ /* This means we reuse derived value */
9733+ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
9734+ {
9735+ adin = NULL;
9736+ adinlen = 1;
9737+ }
9738+ }
9739+ else
9740+ adinlen = 0;
9741+
9742+ for (;;)
9743+ {
9744+ inc_128(cctx);
9745+ if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
9746+ {
9747+ AES_encrypt(cctx->V, dctx->lb, &cctx->ks);
9748+ dctx->lb_valid = 1;
9749+ continue;
9750+ }
9751+ if (outlen < 16)
9752+ {
9753+ /* Use K as temp space as it will be updated */
9754+ AES_encrypt(cctx->V, cctx->K, &cctx->ks);
9755+ if (!fips_drbg_cprng_test(dctx, cctx->K))
9756+ return 0;
9757+ memcpy(out, cctx->K, outlen);
9758+ break;
9759+ }
9760+ AES_encrypt(cctx->V, out, &cctx->ks);
9761+ if (!fips_drbg_cprng_test(dctx, out))
9762+ return 0;
9763+ out += 16;
9764+ outlen -= 16;
9765+ if (outlen == 0)
9766+ break;
9767+ }
9768+
9769+ ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
9770+
9771+ return 1;
9772+
9773+ }
9774+
9775+static int drbg_ctr_uninstantiate(DRBG_CTX *dctx)
9776+ {
9777+ memset(&dctx->d.ctr, 0, sizeof(DRBG_CTR_CTX));
9778+ return 1;
9779+ }
9780+
9781+int fips_drbg_ctr_init(DRBG_CTX *dctx)
9782+ {
9783+ DRBG_CTR_CTX *cctx = &dctx->d.ctr;
9784+
9785+ size_t keylen;
9786+
9787+ switch (dctx->type)
9788+ {
9789+ case NID_aes_128_ctr:
9790+ keylen = 16;
9791+ break;
9792+
9793+ case NID_aes_192_ctr:
9794+ keylen = 24;
9795+ break;
9796+
9797+ case NID_aes_256_ctr:
9798+ keylen = 32;
9799+ break;
9800+
9801+ default:
9802+ return -2;
9803+ }
9804+
9805+ dctx->instantiate = drbg_ctr_instantiate;
9806+ dctx->reseed = drbg_ctr_reseed;
9807+ dctx->generate = drbg_ctr_generate;
9808+ dctx->uninstantiate = drbg_ctr_uninstantiate;
9809+
9810+ cctx->keylen = keylen;
9811+ dctx->strength = keylen * 8;
9812+ dctx->blocklength = 16;
9813+ dctx->seedlen = keylen + 16;
9814+
9815+ if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
9816+ {
9817+ /* df initialisation */
9818+ static unsigned char df_key[32] =
9819+ {
9820+ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
9821+ 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
9822+ 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
9823+ 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f
9824+ };
9825+ /* Set key schedule for df_key */
9826+ AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks);
9827+
9828+ dctx->min_entropy = cctx->keylen;
9829+ dctx->max_entropy = DRBG_MAX_LENGTH;
9830+ dctx->min_nonce = dctx->min_entropy / 2;
9831+ dctx->max_nonce = DRBG_MAX_LENGTH;
9832+ dctx->max_pers = DRBG_MAX_LENGTH;
9833+ dctx->max_adin = DRBG_MAX_LENGTH;
9834+ }
9835+ else
9836+ {
9837+ dctx->min_entropy = dctx->seedlen;
9838+ dctx->max_entropy = dctx->seedlen;
9839+ /* Nonce not used */
9840+ dctx->min_nonce = 0;
9841+ dctx->max_nonce = 0;
9842+ dctx->max_pers = dctx->seedlen;
9843+ dctx->max_adin = dctx->seedlen;
9844+ }
9845+
9846+ dctx->max_request = 1<<16;
9847+ dctx->reseed_interval = 1<<24;
9848+
9849+ return 1;
9850+ }
37d333a7
MT		 9851diff -up openssl-1.0.1e/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_hash.c
9852--- openssl-1.0.1e/crypto/fips/fips_drbg_hash.c.fips 2013-02-19 12:47:33.736118812 +0100
9853+++ openssl-1.0.1e/crypto/fips/fips_drbg_hash.c 2013-02-19 12:47:33.736118812 +0100
0595faf5
MT		 9854@@ -0,0 +1,378 @@
9855+/* fips/rand/fips_drbg_hash.c */
9856+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
9857+ * project.
9858+ */
9859+/* ====================================================================
9860+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
9861+ *
9862+ * Redistribution and use in source and binary forms, with or without
9863+ * modification, are permitted provided that the following conditions
9864+ * are met:
9865+ *
9866+ * 1. Redistributions of source code must retain the above copyright
9867+ * notice, this list of conditions and the following disclaimer.
9868+ *
9869+ * 2. Redistributions in binary form must reproduce the above copyright
9870+ * notice, this list of conditions and the following disclaimer in
9871+ * the documentation and/or other materials provided with the
9872+ * distribution.
9873+ *
9874+ * 3. All advertising materials mentioning features or use of this
9875+ * software must display the following acknowledgment:
9876+ * "This product includes software developed by the OpenSSL Project
9877+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
9878+ *
9879+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
9880+ * endorse or promote products derived from this software without
9881+ * prior written permission. For written permission, please contact
9882+ * licensing@OpenSSL.org.
9883+ *
9884+ * 5. Products derived from this software may not be called "OpenSSL"
9885+ * nor may "OpenSSL" appear in their names without prior written
9886+ * permission of the OpenSSL Project.
9887+ *
9888+ * 6. Redistributions of any form whatsoever must retain the following
9889+ * acknowledgment:
9890+ * "This product includes software developed by the OpenSSL Project
9891+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
9892+ *
9893+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
9894+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
9895+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
9896+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
9897+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
9898+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9899+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
9900+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
9901+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
9902+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
9903+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
9904+ * OF THE POSSIBILITY OF SUCH DAMAGE.
9905+ * ====================================================================
9906+ */
9907+
9908+#define OPENSSL_FIPSAPI
9909+
9910+#include <stdlib.h>
9911+#include <string.h>
9912+#include <openssl/crypto.h>
9913+#include <openssl/fips.h>
9914+#include <openssl/fips_rand.h>
9915+#include "fips_rand_lcl.h"
9916+
9917+/* This is Hash_df from SP 800-90 10.4.1 */
9918+
9919+static int hash_df(DRBG_CTX *dctx, unsigned char *out,
9920+ const unsigned char *in1, size_t in1len,
9921+ const unsigned char *in2, size_t in2len,
9922+ const unsigned char *in3, size_t in3len,
9923+ const unsigned char *in4, size_t in4len)
9924+ {
9925+ EVP_MD_CTX *mctx = &dctx->d.hash.mctx;
9926+ unsigned char *vtmp = dctx->d.hash.vtmp;
9927+ unsigned char tmp[6];
9928+ /* Standard only ever needs seedlen bytes which is always less than
9929+ * maximum permitted so no need to check length.
9930+ */
9931+ size_t outlen = dctx->seedlen;
9932+ tmp[0] = 1;
9933+ tmp[1] = ((outlen * 8) >> 24) & 0xff;
9934+ tmp[2] = ((outlen * 8) >> 16) & 0xff;
9935+ tmp[3] = ((outlen * 8) >> 8) & 0xff;
9936+ tmp[4] = (outlen * 8) & 0xff;
9937+ if (!in1)
9938+ {
9939+ tmp[5] = (unsigned char)in1len;
9940+ in1 = tmp + 5;
9941+ in1len = 1;
9942+ }
9943+ for (;;)
9944+ {
9945+ if (!FIPS_digestinit(mctx, dctx->d.hash.md))
9946+ return 0;
9947+ if (!FIPS_digestupdate(mctx, tmp, 5))
9948+ return 0;
9949+ if (in1 && !FIPS_digestupdate(mctx, in1, in1len))
9950+ return 0;
9951+ if (in2 && !FIPS_digestupdate(mctx, in2, in2len))
9952+ return 0;
9953+ if (in3 && !FIPS_digestupdate(mctx, in3, in3len))
9954+ return 0;
9955+ if (in4 && !FIPS_digestupdate(mctx, in4, in4len))
9956+ return 0;
9957+ if (outlen < dctx->blocklength)
9958+ {
9959+ if (!FIPS_digestfinal(mctx, vtmp, NULL))
9960+ return 0;
9961+ memcpy(out, vtmp, outlen);
9962+ OPENSSL_cleanse(vtmp, dctx->blocklength);
9963+ return 1;
9964+ }
9965+ else if(!FIPS_digestfinal(mctx, out, NULL))
9966+ return 0;
9967+
9968+ outlen -= dctx->blocklength;
9969+ if (outlen == 0)
9970+ return 1;
9971+ tmp[0]++;
9972+ out += dctx->blocklength;
9973+ }
9974+ }
9975+
9976+
9977+/* Add an unsigned buffer to the buf value, storing the result in buf. For
9978+ * this algorithm the length of input never exceeds the seed length.
9979+ */
9980+
9981+static void ctx_add_buf(DRBG_CTX *dctx, unsigned char *buf,
9982+ unsigned char *in, size_t inlen)
9983+ {
9984+ size_t i = inlen;
9985+ const unsigned char *q;
9986+ unsigned char c, *p;
9987+ p = buf + dctx->seedlen;
9988+ q = in + inlen;
9989+
9990+ OPENSSL_assert(i <= dctx->seedlen);
9991+
9992+ /* Special case: zero length, just increment buffer */
9993+ if (i)
9994+ c = 0;
9995+ else
9996+ c = 1;
9997+
9998+ while (i)
9999+ {
10000+ int r;
10001+ p--;
10002+ q--;
10003+ r = *p + *q + c;
10004+ /* Carry */
10005+ if (r > 0xff)
10006+ c = 1;
10007+ else
10008+ c = 0;
10009+ *p = r & 0xff;
10010+ i--;
10011+ }
10012+
10013+ i = dctx->seedlen - inlen;
10014+
10015+ /* If not adding whole buffer handle final carries */
10016+ if (c && i)
10017+ {
10018+ do
10019+ {
10020+ p--;
10021+ c = *p;
10022+ c++;
10023+ *p = c;
10024+ if(c)
10025+ return;
10026+ } while(i--);
10027+ }
10028+ }
10029+
10030+/* Finalise and add hash to V */
10031+
10032+static int ctx_add_md(DRBG_CTX *dctx)
10033+ {
10034+ if (!FIPS_digestfinal(&dctx->d.hash.mctx, dctx->d.hash.vtmp, NULL))
10035+ return 0;
10036+ ctx_add_buf(dctx, dctx->d.hash.V, dctx->d.hash.vtmp, dctx->blocklength);
10037+ return 1;
10038+ }
10039+
10040+static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
10041+ {
10042+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
10043+ if (outlen == 0)
10044+ return 1;
10045+ memcpy(hctx->vtmp, hctx->V, dctx->seedlen);
10046+ for(;;)
10047+ {
10048+ FIPS_digestinit(&hctx->mctx, hctx->md);
10049+ FIPS_digestupdate(&hctx->mctx, hctx->vtmp, dctx->seedlen);
10050+ if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
10051+ {
10052+ FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL);
10053+ dctx->lb_valid = 1;
10054+ }
10055+ else if (outlen < dctx->blocklength)
10056+ {
10057+ FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL);
10058+ if (!fips_drbg_cprng_test(dctx, hctx->vtmp))
10059+ return 0;
10060+ memcpy(out, hctx->vtmp, outlen);
10061+ return 1;
10062+ }
10063+ else
10064+ {
10065+ FIPS_digestfinal(&hctx->mctx, out, NULL);
10066+ if (!fips_drbg_cprng_test(dctx, out))
10067+ return 0;
10068+ outlen -= dctx->blocklength;
10069+ if (outlen == 0)
10070+ return 1;
10071+ out += dctx->blocklength;
10072+ }
10073+ ctx_add_buf(dctx, hctx->vtmp, NULL, 0);
10074+ }
10075+ }
10076+
10077+static int drbg_hash_instantiate(DRBG_CTX *dctx,
10078+ const unsigned char *ent, size_t ent_len,
10079+ const unsigned char *nonce, size_t nonce_len,
10080+ const unsigned char *pstr, size_t pstr_len)
10081+ {
10082+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
10083+ if (!hash_df(dctx, hctx->V,
10084+ ent, ent_len, nonce, nonce_len, pstr, pstr_len,
10085+ NULL, 0))
10086+ return 0;
10087+ if (!hash_df(dctx, hctx->C,
10088+ NULL, 0, hctx->V, dctx->seedlen,
10089+ NULL, 0, NULL, 0))
10090+ return 0;
10091+
10092+#ifdef HASH_DRBG_TRACE
10093+ fprintf(stderr, "V+C after instantiate:\n");
10094+ hexprint(stderr, hctx->V, dctx->seedlen);
10095+ hexprint(stderr, hctx->C, dctx->seedlen);
10096+#endif
10097+ return 1;
10098+ }
10099+
10100+
10101+static int drbg_hash_reseed(DRBG_CTX *dctx,
10102+ const unsigned char *ent, size_t ent_len,
10103+ const unsigned char *adin, size_t adin_len)
10104+ {
10105+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
10106+ /* V about to be updated so use C as output instead */
10107+ if (!hash_df(dctx, hctx->C,
10108+ NULL, 1, hctx->V, dctx->seedlen,
10109+ ent, ent_len, adin, adin_len))
10110+ return 0;
10111+ memcpy(hctx->V, hctx->C, dctx->seedlen);
10112+ if (!hash_df(dctx, hctx->C, NULL, 0,
10113+ hctx->V, dctx->seedlen, NULL, 0, NULL, 0))
10114+ return 0;
10115+#ifdef HASH_DRBG_TRACE
10116+ fprintf(stderr, "V+C after reseed:\n");
10117+ hexprint(stderr, hctx->V, dctx->seedlen);
10118+ hexprint(stderr, hctx->C, dctx->seedlen);
10119+#endif
10120+ return 1;
10121+ }
10122+
10123+static int drbg_hash_generate(DRBG_CTX *dctx,
10124+ unsigned char *out, size_t outlen,
10125+ const unsigned char *adin, size_t adin_len)
10126+ {
10127+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
10128+ EVP_MD_CTX *mctx = &hctx->mctx;
10129+ unsigned char tmp[4];
10130+ if (adin && adin_len)
10131+ {
10132+ tmp[0] = 2;
10133+ if (!FIPS_digestinit(mctx, hctx->md))
10134+ return 0;
10135+ if (!EVP_DigestUpdate(mctx, tmp, 1))
10136+ return 0;
10137+ if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
10138+ return 0;
10139+ if (!EVP_DigestUpdate(mctx, adin, adin_len))
10140+ return 0;
10141+ if (!ctx_add_md(dctx))
10142+ return 0;
10143+ }
10144+ if (!hash_gen(dctx, out, outlen))
10145+ return 0;
10146+
10147+ tmp[0] = 3;
10148+ if (!FIPS_digestinit(mctx, hctx->md))
10149+ return 0;
10150+ if (!EVP_DigestUpdate(mctx, tmp, 1))
10151+ return 0;
10152+ if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
10153+ return 0;
10154+
10155+ if (!ctx_add_md(dctx))
10156+ return 0;
10157+
10158+ ctx_add_buf(dctx, hctx->V, hctx->C, dctx->seedlen);
10159+
10160+ tmp[0] = (dctx->reseed_counter >> 24) & 0xff;
10161+ tmp[1] = (dctx->reseed_counter >> 16) & 0xff;
10162+ tmp[2] = (dctx->reseed_counter >> 8) & 0xff;
10163+ tmp[3] = dctx->reseed_counter & 0xff;
10164+ ctx_add_buf(dctx, hctx->V, tmp, 4);
10165+#ifdef HASH_DRBG_TRACE
10166+ fprintf(stderr, "V+C after generate:\n");
10167+ hexprint(stderr, hctx->V, dctx->seedlen);
10168+ hexprint(stderr, hctx->C, dctx->seedlen);
10169+#endif
10170+ return 1;
10171+ }
10172+
10173+static int drbg_hash_uninstantiate(DRBG_CTX *dctx)
10174+ {
10175+ EVP_MD_CTX_cleanup(&dctx->d.hash.mctx);
10176+ OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX));
10177+ return 1;
10178+ }
10179+
10180+int fips_drbg_hash_init(DRBG_CTX *dctx)
10181+ {
10182+ const EVP_MD *md;
10183+ DRBG_HASH_CTX *hctx = &dctx->d.hash;
10184+ md = FIPS_get_digestbynid(dctx->type);
10185+ if (!md)
10186+ return -2;
10187+ switch (dctx->type)
10188+ {
10189+ case NID_sha1:
10190+ dctx->strength = 128;
10191+ break;
10192+
10193+ case NID_sha224:
10194+ dctx->strength = 192;
10195+ break;
10196+
10197+ default:
10198+ dctx->strength = 256;
10199+ break;
10200+ }
10201+
10202+ dctx->instantiate = drbg_hash_instantiate;
10203+ dctx->reseed = drbg_hash_reseed;
10204+ dctx->generate = drbg_hash_generate;
10205+ dctx->uninstantiate = drbg_hash_uninstantiate;
10206+
10207+ dctx->d.hash.md = md;
10208+ EVP_MD_CTX_init(&hctx->mctx);
10209+
10210+ /* These are taken from SP 800-90 10.1 table 2 */
10211+
10212+ dctx->blocklength = M_EVP_MD_size(md);
10213+ if (dctx->blocklength > 32)
10214+ dctx->seedlen = 111;
10215+ else
10216+ dctx->seedlen = 55;
10217+
10218+
10219+ dctx->min_entropy = dctx->strength / 8;
10220+ dctx->max_entropy = DRBG_MAX_LENGTH;
10221+
10222+ dctx->min_nonce = dctx->min_entropy / 2;
10223+ dctx->max_nonce = DRBG_MAX_LENGTH;
10224+
10225+ dctx->max_pers = DRBG_MAX_LENGTH;
10226+ dctx->max_adin = DRBG_MAX_LENGTH;
10227+
10228+ dctx->max_request = 1<<16;
10229+ dctx->reseed_interval = 1<<24;
10230+
10231+ return 1;
10232+ }
37d333a7
MT		 10233diff -up openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c
10234--- openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c.fips 2013-02-19 12:47:33.737118832 +0100
10235+++ openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c 2013-02-19 12:47:33.737118832 +0100
0595faf5
MT		 10236@@ -0,0 +1,281 @@
10237+/* fips/rand/fips_drbg_hmac.c */
10238+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
10239+ * project.
10240+ */
10241+/* ====================================================================
10242+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
10243+ *
10244+ * Redistribution and use in source and binary forms, with or without
10245+ * modification, are permitted provided that the following conditions
10246+ * are met:
10247+ *
10248+ * 1. Redistributions of source code must retain the above copyright
10249+ * notice, this list of conditions and the following disclaimer.
10250+ *
10251+ * 2. Redistributions in binary form must reproduce the above copyright
10252+ * notice, this list of conditions and the following disclaimer in
10253+ * the documentation and/or other materials provided with the
10254+ * distribution.
10255+ *
10256+ * 3. All advertising materials mentioning features or use of this
10257+ * software must display the following acknowledgment:
10258+ * "This product includes software developed by the OpenSSL Project
10259+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
10260+ *
10261+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
10262+ * endorse or promote products derived from this software without
10263+ * prior written permission. For written permission, please contact
10264+ * licensing@OpenSSL.org.
10265+ *
10266+ * 5. Products derived from this software may not be called "OpenSSL"
10267+ * nor may "OpenSSL" appear in their names without prior written
10268+ * permission of the OpenSSL Project.
10269+ *
10270+ * 6. Redistributions of any form whatsoever must retain the following
10271+ * acknowledgment:
10272+ * "This product includes software developed by the OpenSSL Project
10273+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
10274+ *
10275+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
10276+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
10277+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
10278+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
10279+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
10280+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
10281+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
10282+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
10283+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
10284+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
10285+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
10286+ * OF THE POSSIBILITY OF SUCH DAMAGE.
10287+ * ====================================================================
10288+ */
10289+
10290+#include <stdlib.h>
10291+#include <string.h>
10292+#include <openssl/crypto.h>
10293+#include <openssl/evp.h>
10294+#include <openssl/hmac.h>
10295+#include <openssl/aes.h>
10296+#include <openssl/fips.h>
10297+#include <openssl/fips_rand.h>
10298+#include "fips_rand_lcl.h"
10299+
10300+static int drbg_hmac_update(DRBG_CTX *dctx,
10301+ const unsigned char *in1, size_t in1len,
10302+ const unsigned char *in2, size_t in2len,
10303+ const unsigned char *in3, size_t in3len
10304+ )
10305+ {
10306+ static unsigned char c0 = 0, c1 = 1;
10307+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
10308+ HMAC_CTX *hctx = &hmac->hctx;
10309+
10310+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
10311+ return 0;
10312+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
10313+ return 0;
10314+ if (!HMAC_Update(hctx, &c0, 1))
10315+ return 0;
10316+ if (in1len && !HMAC_Update(hctx, in1, in1len))
10317+ return 0;
10318+ if (in2len && !HMAC_Update(hctx, in2, in2len))
10319+ return 0;
10320+ if (in3len && !HMAC_Update(hctx, in3, in3len))
10321+ return 0;
10322+
10323+ if (!HMAC_Final(hctx, hmac->K, NULL))
10324+ return 0;
10325+
10326+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
10327+ return 0;
10328+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
10329+ return 0;
10330+
10331+ if (!HMAC_Final(hctx, hmac->V, NULL))
10332+ return 0;
10333+
10334+ if (!in1len && !in2len && !in3len)
10335+ return 1;
10336+
10337+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
10338+ return 0;
10339+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
10340+ return 0;
10341+ if (!HMAC_Update(hctx, &c1, 1))
10342+ return 0;
10343+ if (in1len && !HMAC_Update(hctx, in1, in1len))
10344+ return 0;
10345+ if (in2len && !HMAC_Update(hctx, in2, in2len))
10346+ return 0;
10347+ if (in3len && !HMAC_Update(hctx, in3, in3len))
10348+ return 0;
10349+
10350+ if (!HMAC_Final(hctx, hmac->K, NULL))
10351+ return 0;
10352+
10353+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
10354+ return 0;
10355+ if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
10356+ return 0;
10357+
10358+ if (!HMAC_Final(hctx, hmac->V, NULL))
10359+ return 0;
10360+
10361+ return 1;
10362+
10363+ }
10364+
10365+static int drbg_hmac_instantiate(DRBG_CTX *dctx,
10366+ const unsigned char *ent, size_t ent_len,
10367+ const unsigned char *nonce, size_t nonce_len,
10368+ const unsigned char *pstr, size_t pstr_len)
10369+ {
10370+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
10371+ memset(hmac->K, 0, dctx->blocklength);
10372+ memset(hmac->V, 1, dctx->blocklength);
10373+ if (!drbg_hmac_update(dctx,
10374+ ent, ent_len, nonce, nonce_len, pstr, pstr_len))
10375+ return 0;
10376+
10377+#ifdef HMAC_DRBG_TRACE
10378+ fprintf(stderr, "K+V after instantiate:\n");
10379+ hexprint(stderr, hmac->K, hmac->blocklength);
10380+ hexprint(stderr, hmac->V, hmac->blocklength);
10381+#endif
10382+ return 1;
10383+ }
10384+
10385+static int drbg_hmac_reseed(DRBG_CTX *dctx,
10386+ const unsigned char *ent, size_t ent_len,
10387+ const unsigned char *adin, size_t adin_len)
10388+ {
10389+ if (!drbg_hmac_update(dctx,
10390+ ent, ent_len, adin, adin_len, NULL, 0))
10391+ return 0;
10392+
10393+#ifdef HMAC_DRBG_TRACE
10394+ {
10395+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
10396+ fprintf(stderr, "K+V after reseed:\n");
10397+ hexprint(stderr, hmac->K, hmac->blocklength);
10398+ hexprint(stderr, hmac->V, hmac->blocklength);
10399+ }
10400+#endif
10401+ return 1;
10402+ }
10403+
10404+static int drbg_hmac_generate(DRBG_CTX *dctx,
10405+ unsigned char *out, size_t outlen,
10406+ const unsigned char *adin, size_t adin_len)
10407+ {
10408+ DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
10409+ HMAC_CTX *hctx = &hmac->hctx;
10410+ const unsigned char *Vtmp = hmac->V;
10411+ if (adin_len && !drbg_hmac_update(dctx, adin, adin_len,
10412+ NULL, 0, NULL, 0))
10413+ return 0;
10414+ for (;;)
10415+ {
10416+ if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength,
10417+ hmac->md, NULL))
10418+ return 0;
10419+ if (!HMAC_Update(hctx, Vtmp, dctx->blocklength))
10420+ return 0;
10421+ if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
10422+ {
10423+ if (!HMAC_Final(hctx, dctx->lb, NULL))
10424+ return 0;
10425+ dctx->lb_valid = 1;
10426+ Vtmp = dctx->lb;
10427+ continue;
10428+ }
10429+ else if (outlen > dctx->blocklength)
10430+ {
10431+ if (!HMAC_Final(hctx, out, NULL))
10432+ return 0;
10433+ if (!fips_drbg_cprng_test(dctx, out))
10434+ return 0;
10435+ Vtmp = out;
10436+ }
10437+ else
10438+ {
10439+ if (!HMAC_Final(hctx, hmac->V, NULL))
10440+ return 0;
10441+ if (!fips_drbg_cprng_test(dctx, hmac->V))
10442+ return 0;
10443+ memcpy(out, hmac->V, outlen);
10444+ break;
10445+ }
10446+ out += dctx->blocklength;
10447+ outlen -= dctx->blocklength;
10448+ }
10449+ if (!drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0))
10450+ return 0;
10451+
10452+ return 1;
10453+ }
10454+
10455+static int drbg_hmac_uninstantiate(DRBG_CTX *dctx)
10456+ {
10457+ HMAC_CTX_cleanup(&dctx->d.hmac.hctx);
10458+ OPENSSL_cleanse(&dctx->d.hmac, sizeof(DRBG_HMAC_CTX));
10459+ return 1;
10460+ }
10461+
10462+int fips_drbg_hmac_init(DRBG_CTX *dctx)
10463+ {
10464+ const EVP_MD *md = NULL;
10465+ DRBG_HMAC_CTX *hctx = &dctx->d.hmac;
10466+ dctx->strength = 256;
10467+ switch (dctx->type)
10468+ {
10469+ case NID_hmacWithSHA1:
10470+ md = EVP_sha1();
10471+ dctx->strength = 128;
10472+ break;
10473+
10474+ case NID_hmacWithSHA224:
10475+ md = EVP_sha224();
10476+ dctx->strength = 192;
10477+ break;
10478+
10479+ case NID_hmacWithSHA256:
10480+ md = EVP_sha256();
10481+ break;
10482+
10483+ case NID_hmacWithSHA384:
10484+ md = EVP_sha384();
10485+ break;
10486+
10487+ case NID_hmacWithSHA512:
10488+ md = EVP_sha512();
10489+ break;
10490+
10491+ default:
10492+ dctx->strength = 0;
10493+ return -2;
10494+ }
10495+ dctx->instantiate = drbg_hmac_instantiate;
10496+ dctx->reseed = drbg_hmac_reseed;
10497+ dctx->generate = drbg_hmac_generate;
10498+ dctx->uninstantiate = drbg_hmac_uninstantiate;
10499+ HMAC_CTX_init(&hctx->hctx);
10500+ hctx->md = md;
10501+ dctx->blocklength = M_EVP_MD_size(md);
10502+ dctx->seedlen = M_EVP_MD_size(md);
10503+
10504+ dctx->min_entropy = dctx->strength / 8;
10505+ dctx->max_entropy = DRBG_MAX_LENGTH;
10506+
10507+ dctx->min_nonce = dctx->min_entropy / 2;
10508+ dctx->max_nonce = DRBG_MAX_LENGTH;
10509+
10510+ dctx->max_pers = DRBG_MAX_LENGTH;
10511+ dctx->max_adin = DRBG_MAX_LENGTH;
10512+
10513+ dctx->max_request = 1<<16;
10514+ dctx->reseed_interval = 1<<24;
10515+
10516+ return 1;
10517+ }
37d333a7
MT		 10518diff -up openssl-1.0.1e/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_lib.c
10519--- openssl-1.0.1e/crypto/fips/fips_drbg_lib.c.fips 2013-02-19 12:47:33.737118832 +0100
10520+++ openssl-1.0.1e/crypto/fips/fips_drbg_lib.c 2013-02-19 12:47:33.737118832 +0100
a7ff9508 10521@@ -0,0 +1,578 @@
0595faf5
MT		 10522+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
10523+ * project.
10524+ */
10525+/* ====================================================================
10526+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
10527+ *
10528+ * Redistribution and use in source and binary forms, with or without
10529+ * modification, are permitted provided that the following conditions
10530+ * are met:
10531+ *
10532+ * 1. Redistributions of source code must retain the above copyright
10533+ * notice, this list of conditions and the following disclaimer.
10534+ *
10535+ * 2. Redistributions in binary form must reproduce the above copyright
10536+ * notice, this list of conditions and the following disclaimer in
10537+ * the documentation and/or other materials provided with the
10538+ * distribution.
10539+ *
10540+ * 3. All advertising materials mentioning features or use of this
10541+ * software must display the following acknowledgment:
10542+ * "This product includes software developed by the OpenSSL Project
10543+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
10544+ *
10545+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
10546+ * endorse or promote products derived from this software without
10547+ * prior written permission. For written permission, please contact
10548+ * licensing@OpenSSL.org.
10549+ *
10550+ * 5. Products derived from this software may not be called "OpenSSL"
10551+ * nor may "OpenSSL" appear in their names without prior written
10552+ * permission of the OpenSSL Project.
10553+ *
10554+ * 6. Redistributions of any form whatsoever must retain the following
10555+ * acknowledgment:
10556+ * "This product includes software developed by the OpenSSL Project
10557+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
10558+ *
10559+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
10560+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
10561+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
10562+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
10563+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
10564+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
10565+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
10566+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
10567+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
10568+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
10569+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
10570+ * OF THE POSSIBILITY OF SUCH DAMAGE.
10571+ * ====================================================================
10572+ */
10573+
10574+#include <string.h>
10575+#include <openssl/crypto.h>
10576+#include <openssl/err.h>
10577+#include <openssl/fips_rand.h>
10578+#include "fips_locl.h"
10579+#include "fips_rand_lcl.h"
10580+
10581+/* Support framework for SP800-90 DRBGs */
10582+
10583+int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
10584+ {
10585+ int rv;
10586+ memset(dctx, 0, sizeof(DRBG_CTX));
10587+ dctx->status = DRBG_STATUS_UNINITIALISED;
10588+ dctx->xflags = flags;
10589+ dctx->type = type;
10590+
10591+ dctx->iflags = 0;
10592+ dctx->entropy_blocklen = 0;
10593+ dctx->health_check_cnt = 0;
10594+ dctx->health_check_interval = DRBG_HEALTH_INTERVAL;
10595+
10596+ rv = fips_drbg_hash_init(dctx);
10597+
10598+ if (rv == -2)
10599+ rv = fips_drbg_ctr_init(dctx);
10600+ if (rv == -2)
10601+ rv = fips_drbg_hmac_init(dctx);
10602+
10603+ if (rv <= 0)
10604+ {
10605+ if (rv == -2)
10606+ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_UNSUPPORTED_DRBG_TYPE);
10607+ else
10608+ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_ERROR_INITIALISING_DRBG);
10609+ }
10610+
10611+ /* If not in test mode run selftests on DRBG of the same type */
10612+
10613+ if (!(dctx->xflags & DRBG_FLAG_TEST))
10614+ {
10615+ if (!FIPS_drbg_health_check(dctx))
10616+ {
10617+ FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);
10618+ return 0;
10619+ }
10620+ }
10621+
10622+ return rv;
10623+ }
10624+
10625+DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
10626+ {
10627+ DRBG_CTX *dctx;
10628+ dctx = OPENSSL_malloc(sizeof(DRBG_CTX));
10629+ if (!dctx)
10630+ {
10631+ FIPSerr(FIPS_F_FIPS_DRBG_NEW, ERR_R_MALLOC_FAILURE);
10632+ return NULL;
10633+ }
10634+
10635+ if (type == 0)
10636+ {
10637+ memset(dctx, 0, sizeof(DRBG_CTX));
10638+ dctx->type = 0;
10639+ dctx->status = DRBG_STATUS_UNINITIALISED;
10640+ return dctx;
10641+ }
10642+
10643+ if (FIPS_drbg_init(dctx, type, flags) <= 0)
10644+ {
10645+ OPENSSL_free(dctx);
10646+ return NULL;
10647+ }
10648+
10649+ return dctx;
10650+ }
10651+
10652+void FIPS_drbg_free(DRBG_CTX *dctx)
10653+ {
10654+ if (dctx->uninstantiate)
10655+ dctx->uninstantiate(dctx);
10656+ /* Don't free up default DRBG */
10657+ if (dctx == FIPS_get_default_drbg())
10658+ {
10659+ memset(dctx, 0, sizeof(DRBG_CTX));
10660+ dctx->type = 0;
10661+ dctx->status = DRBG_STATUS_UNINITIALISED;
10662+ }
10663+ else
10664+ {
10665+ OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
10666+ OPENSSL_free(dctx);
10667+ }
10668+ }
10669+
10670+static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
10671+ int entropy, size_t min_len, size_t max_len)
10672+ {
10673+ unsigned char *tout, *p;
10674+ size_t bl = dctx->entropy_blocklen, rv;
10675+ if (!dctx->get_entropy)
10676+ return 0;
10677+ if (dctx->xflags & DRBG_FLAG_TEST || !bl)
10678+ return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
10679+ rv = dctx->get_entropy(dctx, &tout, entropy + bl,
10680+ min_len + bl, max_len + bl);
a7ff9508
MT		 10681+ if (tout == NULL)
10682+ return 0;
0595faf5
MT		 10683+ *pout = tout + bl;
10684+ if (rv < (min_len + bl) || (rv % bl))
10685+ return 0;
10686+ /* Compare consecutive blocks for continuous PRNG test */
10687+ for (p = tout; p < tout + rv - bl; p += bl)
10688+ {
10689+ if (!memcmp(p, p + bl, bl))
10690+ {
10691+ FIPSerr(FIPS_F_FIPS_GET_ENTROPY, FIPS_R_ENTROPY_SOURCE_STUCK);
10692+ return 0;
10693+ }
10694+ }
10695+ rv -= bl;
10696+ if (rv > max_len)
10697+ return max_len;
10698+ return rv;
10699+ }
10700+
10701+static void fips_cleanup_entropy(DRBG_CTX *dctx,
10702+ unsigned char *out, size_t olen)
10703+ {
10704+ size_t bl;
10705+ if (dctx->xflags & DRBG_FLAG_TEST)
10706+ bl = 0;
10707+ else
10708+ bl = dctx->entropy_blocklen;
10709+ /* Call cleanup with original arguments */
10710+ dctx->cleanup_entropy(dctx, out - bl, olen + bl);
10711+ }
10712+
10713+
10714+int FIPS_drbg_instantiate(DRBG_CTX *dctx,
10715+ const unsigned char *pers, size_t perslen)
10716+ {
10717+ size_t entlen = 0, noncelen = 0;
10718+ unsigned char *nonce = NULL, *entropy = NULL;
10719+
10720+#if 0
10721+ /* Put here so error script picks them up */
10722+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE,
10723+ FIPS_R_PERSONALISATION_STRING_TOO_LONG);
10724+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_IN_ERROR_STATE);
10725+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ALREADY_INSTANTIATED);
10726+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY);
10727+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE);
10728+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR);
10729+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED);
10730+#endif
10731+
10732+ int r = 0;
10733+
10734+ if (perslen > dctx->max_pers)
10735+ {
10736+ r = FIPS_R_PERSONALISATION_STRING_TOO_LONG;
10737+ goto end;
10738+ }
10739+
10740+ if (!dctx->instantiate)
10741+ {
10742+ r = FIPS_R_DRBG_NOT_INITIALISED;
10743+ goto end;
10744+ }
10745+
10746+ if (dctx->status != DRBG_STATUS_UNINITIALISED)
10747+ {
10748+ if (dctx->status == DRBG_STATUS_ERROR)
10749+ r = FIPS_R_IN_ERROR_STATE;
10750+ else
10751+ r = FIPS_R_ALREADY_INSTANTIATED;
10752+ goto end;
10753+ }
10754+
10755+ dctx->status = DRBG_STATUS_ERROR;
10756+
10757+ entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
10758+ dctx->min_entropy, dctx->max_entropy);
10759+
10760+ if (entlen < dctx->min_entropy || entlen > dctx->max_entropy)
10761+ {
10762+ r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
10763+ goto end;
10764+ }
10765+
10766+ if (dctx->max_nonce > 0 && dctx->get_nonce)
10767+ {
10768+ noncelen = dctx->get_nonce(dctx, &nonce,
10769+ dctx->strength / 2,
10770+ dctx->min_nonce, dctx->max_nonce);
10771+
10772+ if (noncelen < dctx->min_nonce || noncelen > dctx->max_nonce)
10773+ {
10774+ r = FIPS_R_ERROR_RETRIEVING_NONCE;
10775+ goto end;
10776+ }
10777+
10778+ }
10779+
10780+ if (!dctx->instantiate(dctx,
10781+ entropy, entlen,
10782+ nonce, noncelen,
10783+ pers, perslen))
10784+ {
10785+ r = FIPS_R_ERROR_INSTANTIATING_DRBG;
10786+ goto end;
10787+ }
10788+
10789+
10790+ dctx->status = DRBG_STATUS_READY;
10791+ if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
10792+ dctx->reseed_counter = 1;
10793+
10794+ end:
10795+
10796+ if (entropy && dctx->cleanup_entropy)
10797+ fips_cleanup_entropy(dctx, entropy, entlen);
10798+
10799+ if (nonce && dctx->cleanup_nonce)
10800+ dctx->cleanup_nonce(dctx, nonce, noncelen);
10801+
10802+ if (dctx->status == DRBG_STATUS_READY)
10803+ return 1;
10804+
10805+ if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
10806+ FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, r);
10807+
10808+ return 0;
10809+
10810+ }
10811+
10812+static int drbg_reseed(DRBG_CTX *dctx,
10813+ const unsigned char *adin, size_t adinlen, int hcheck)
10814+ {
10815+ unsigned char *entropy = NULL;
10816+ size_t entlen = 0;
10817+ int r = 0;
10818+
10819+#if 0
10820+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_NOT_INSTANTIATED);
10821+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
10822+#endif
10823+ if (dctx->status != DRBG_STATUS_READY
10824+ && dctx->status != DRBG_STATUS_RESEED)
10825+ {
10826+ if (dctx->status == DRBG_STATUS_ERROR)
10827+ r = FIPS_R_IN_ERROR_STATE;
10828+ else if(dctx->status == DRBG_STATUS_UNINITIALISED)
10829+ r = FIPS_R_NOT_INSTANTIATED;
10830+ goto end;
10831+ }
10832+
10833+ if (!adin)
10834+ adinlen = 0;
10835+ else if (adinlen > dctx->max_adin)
10836+ {
10837+ r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
10838+ goto end;
10839+ }
10840+
10841+ dctx->status = DRBG_STATUS_ERROR;
10842+ /* Peform health check on all reseed operations if not a prediction
10843+ * resistance request and not in test mode.
10844+ */
10845+ if (hcheck && !(dctx->xflags & DRBG_FLAG_TEST))
10846+ {
10847+ if (!FIPS_drbg_health_check(dctx))
10848+ {
10849+ r = FIPS_R_SELFTEST_FAILURE;
10850+ goto end;
10851+ }
10852+ }
10853+
10854+ entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
10855+ dctx->min_entropy, dctx->max_entropy);
10856+
10857+ if (entlen < dctx->min_entropy || entlen > dctx->max_entropy)
10858+ {
10859+ r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
10860+ goto end;
10861+ }
10862+
10863+ if (!dctx->reseed(dctx, entropy, entlen, adin, adinlen))
10864+ goto end;
10865+
10866+ dctx->status = DRBG_STATUS_READY;
10867+ if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
10868+ dctx->reseed_counter = 1;
10869+ end:
10870+
10871+ if (entropy && dctx->cleanup_entropy)
10872+ fips_cleanup_entropy(dctx, entropy, entlen);
10873+
10874+ if (dctx->status == DRBG_STATUS_READY)
10875+ return 1;
10876+
10877+ if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
10878+ FIPSerr(FIPS_F_DRBG_RESEED, r);
10879+
10880+ return 0;
10881+ }
10882+
10883+int FIPS_drbg_reseed(DRBG_CTX *dctx,
10884+ const unsigned char *adin, size_t adinlen)
10885+ {
10886+ return drbg_reseed(dctx, adin, adinlen, 1);
10887+ }
10888+
10889+static int fips_drbg_check(DRBG_CTX *dctx)
10890+ {
10891+ if (dctx->xflags & DRBG_FLAG_TEST)
10892+ return 1;
10893+ dctx->health_check_cnt++;
10894+ if (dctx->health_check_cnt >= dctx->health_check_interval)
10895+ {
10896+ if (!FIPS_drbg_health_check(dctx))
10897+ {
10898+ FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE);
10899+ return 0;
10900+ }
10901+ }
10902+ return 1;
10903+ }
10904+
10905+int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
10906+ int prediction_resistance,
10907+ const unsigned char *adin, size_t adinlen)
10908+ {
10909+ int r = 0;
10910+
10911+ if (FIPS_selftest_failed())
10912+ {
10913+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED);
10914+ return 0;
10915+ }
10916+
10917+ if (!fips_drbg_check(dctx))
10918+ return 0;
10919+
10920+ if (dctx->status != DRBG_STATUS_READY
10921+ && dctx->status != DRBG_STATUS_RESEED)
10922+ {
10923+ if (dctx->status == DRBG_STATUS_ERROR)
10924+ r = FIPS_R_IN_ERROR_STATE;
10925+ else if(dctx->status == DRBG_STATUS_UNINITIALISED)
10926+ r = FIPS_R_NOT_INSTANTIATED;
10927+ goto end;
10928+ }
10929+
10930+ if (outlen > dctx->max_request)
10931+ {
10932+ r = FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG;
10933+ return 0;
10934+ }
10935+
10936+ if (adinlen > dctx->max_adin)
10937+ {
10938+ r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
10939+ goto end;
10940+ }
10941+
10942+ if (dctx->iflags & DRBG_CUSTOM_RESEED)
10943+ dctx->generate(dctx, NULL, outlen, NULL, 0);
10944+ else if (dctx->reseed_counter >= dctx->reseed_interval)
10945+ dctx->status = DRBG_STATUS_RESEED;
10946+
10947+ if (dctx->status == DRBG_STATUS_RESEED || prediction_resistance)
10948+ {
10949+ /* If prediction resistance request don't do health check */
10950+ int hcheck = prediction_resistance ? 0 : 1;
10951+
10952+ if (!drbg_reseed(dctx, adin, adinlen, hcheck))
10953+ {
10954+ r = FIPS_R_RESEED_ERROR;
10955+ goto end;
10956+ }
10957+ adin = NULL;
10958+ adinlen = 0;
10959+ }
10960+
10961+ if (!dctx->generate(dctx, out, outlen, adin, adinlen))
10962+ {
10963+ r = FIPS_R_GENERATE_ERROR;
10964+ dctx->status = DRBG_STATUS_ERROR;
10965+ goto end;
10966+ }
10967+ if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
10968+ {
10969+ if (dctx->reseed_counter >= dctx->reseed_interval)
10970+ dctx->status = DRBG_STATUS_RESEED;
10971+ else
10972+ dctx->reseed_counter++;
10973+ }
10974+
10975+ end:
10976+ if (r)
10977+ {
10978+ if (!(dctx->iflags & DRBG_FLAG_NOERR))
10979+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, r);
10980+ return 0;
10981+ }
10982+
10983+ return 1;
10984+ }
10985+
10986+int FIPS_drbg_uninstantiate(DRBG_CTX *dctx)
10987+ {
10988+ int rv;
10989+ if (!dctx->uninstantiate)
10990+ rv = 1;
10991+ else
10992+ rv = dctx->uninstantiate(dctx);
10993+ /* Although we'd like to cleanse here we can't because we have to
10994+ * test the uninstantiate really zeroes the data.
10995+ */
10996+ memset(&dctx->d, 0, sizeof(dctx->d));
10997+ dctx->status = DRBG_STATUS_UNINITIALISED;
10998+ /* If method has problems uninstantiating, return error */
10999+ return rv;
11000+ }
11001+
11002+int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
11003+ size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
11004+ int entropy, size_t min_len, size_t max_len),
11005+ void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
11006+ size_t entropy_blocklen,
11007+ size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
11008+ int entropy, size_t min_len, size_t max_len),
11009+ void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen))
11010+ {
11011+ if (dctx->status != DRBG_STATUS_UNINITIALISED)
11012+ return 0;
11013+ dctx->entropy_blocklen = entropy_blocklen;
11014+ dctx->get_entropy = get_entropy;
11015+ dctx->cleanup_entropy = cleanup_entropy;
11016+ dctx->get_nonce = get_nonce;
11017+ dctx->cleanup_nonce = cleanup_nonce;
11018+ return 1;
11019+ }
11020+
11021+int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
11022+ size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout),
11023+ void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
11024+ int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num),
11025+ int (*rand_add_cb)(DRBG_CTX *ctx,
11026+ const void *buf, int num, double entropy))
11027+ {
11028+ if (dctx->status != DRBG_STATUS_UNINITIALISED)
11029+ return 0;
11030+ dctx->get_adin = get_adin;
11031+ dctx->cleanup_adin = cleanup_adin;
11032+ dctx->rand_seed_cb = rand_seed_cb;
11033+ dctx->rand_add_cb = rand_add_cb;
11034+ return 1;
11035+ }
11036+
11037+void *FIPS_drbg_get_app_data(DRBG_CTX *dctx)
11038+ {
11039+ return dctx->app_data;
11040+ }
11041+
11042+void FIPS_drbg_set_app_data(DRBG_CTX *dctx, void *app_data)
11043+ {
11044+ dctx->app_data = app_data;
11045+ }
11046+
11047+size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx)
11048+ {
11049+ return dctx->blocklength;
11050+ }
11051+
11052+int FIPS_drbg_get_strength(DRBG_CTX *dctx)
11053+ {
11054+ return dctx->strength;
11055+ }
11056+
11057+void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval)
11058+ {
11059+ dctx->health_check_interval = interval;
11060+ }
11061+
11062+void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval)
11063+ {
11064+ dctx->reseed_interval = interval;
11065+ }
11066+
11067+static int drbg_stick = 0;
11068+
11069+void FIPS_drbg_stick(int onoff)
11070+ {
11071+ drbg_stick = onoff;
11072+ }
11073+
11074+/* Continuous DRBG utility function */
11075+int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out)
11076+ {
11077+ /* No CPRNG in test mode */
11078+ if (dctx->xflags & DRBG_FLAG_TEST)
11079+ return 1;
11080+ /* Check block is valid: should never happen */
11081+ if (dctx->lb_valid == 0)
11082+ {
11083+ FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_INTERNAL_ERROR);
11084+ fips_set_selftest_fail();
11085+ return 0;
11086+ }
11087+ if (drbg_stick)
11088+ memcpy(dctx->lb, out, dctx->blocklength);
11089+ /* Check against last block: fail if match */
11090+ if (!memcmp(dctx->lb, out, dctx->blocklength))
11091+ {
11092+ FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_DRBG_STUCK);
11093+ fips_set_selftest_fail();
11094+ return 0;
11095+ }
11096+ /* Save last block for next comparison */
11097+ memcpy(dctx->lb, out, dctx->blocklength);
11098+ return 1;
11099+ }
37d333a7
MT		 11100diff -up openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_rand.c
11101--- openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips 2013-02-19 12:47:33.737118832 +0100
11102+++ openssl-1.0.1e/crypto/fips/fips_drbg_rand.c 2013-02-19 12:47:33.737118832 +0100
0595faf5
MT		 11103@@ -0,0 +1,172 @@
11104+/* fips/rand/fips_drbg_rand.c */
11105+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
11106+ * project.
11107+ */
11108+/* ====================================================================
11109+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
11110+ *
11111+ * Redistribution and use in source and binary forms, with or without
11112+ * modification, are permitted provided that the following conditions
11113+ * are met:
11114+ *
11115+ * 1. Redistributions of source code must retain the above copyright
11116+ * notice, this list of conditions and the following disclaimer.
11117+ *
11118+ * 2. Redistributions in binary form must reproduce the above copyright
11119+ * notice, this list of conditions and the following disclaimer in
11120+ * the documentation and/or other materials provided with the
11121+ * distribution.
11122+ *
11123+ * 3. All advertising materials mentioning features or use of this
11124+ * software must display the following acknowledgment:
11125+ * "This product includes software developed by the OpenSSL Project
11126+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
11127+ *
11128+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
11129+ * endorse or promote products derived from this software without
11130+ * prior written permission. For written permission, please contact
11131+ * licensing@OpenSSL.org.
11132+ *
11133+ * 5. Products derived from this software may not be called "OpenSSL"
11134+ * nor may "OpenSSL" appear in their names without prior written
11135+ * permission of the OpenSSL Project.
11136+ *
11137+ * 6. Redistributions of any form whatsoever must retain the following
11138+ * acknowledgment:
11139+ * "This product includes software developed by the OpenSSL Project
11140+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
11141+ *
11142+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
11143+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
11144+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
11145+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
11146+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
11147+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
11148+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
11149+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
11150+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
11151+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
11152+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
11153+ * OF THE POSSIBILITY OF SUCH DAMAGE.
11154+ * ====================================================================
11155+ */
11156+
11157+#include <string.h>
11158+#include <openssl/crypto.h>
11159+#include <openssl/err.h>
11160+#include <openssl/rand.h>
11161+#include <openssl/fips_rand.h>
11162+#include "fips_rand_lcl.h"
11163+
11164+/* Mapping of SP800-90 DRBGs to OpenSSL RAND_METHOD */
11165+
11166+/* Since we only have one global PRNG used at any time in OpenSSL use a global
11167+ * variable to store context.
11168+ */
11169+
11170+static DRBG_CTX ossl_dctx;
11171+
11172+DRBG_CTX *FIPS_get_default_drbg(void)
11173+ {
11174+ return &ossl_dctx;
11175+ }
11176+
11177+static int fips_drbg_bytes(unsigned char *out, int count)
11178+ {
11179+ DRBG_CTX *dctx = &ossl_dctx;
11180+ int rv = 0;
11181+ unsigned char *adin = NULL;
11182+ size_t adinlen = 0;
11183+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
11184+ do
11185+ {
11186+ size_t rcnt;
11187+ if (count > (int)dctx->max_request)
11188+ rcnt = dctx->max_request;
11189+ else
11190+ rcnt = count;
11191+ if (dctx->get_adin)
11192+ {
11193+ adinlen = dctx->get_adin(dctx, &adin);
11194+ if (adinlen && !adin)
11195+ {
11196+ FIPSerr(FIPS_F_FIPS_DRBG_BYTES, FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT);
11197+ goto err;
11198+ }
11199+ }
11200+ rv = FIPS_drbg_generate(dctx, out, rcnt, 0, adin, adinlen);
11201+ if (adin)
11202+ {
11203+ if (dctx->cleanup_adin)
11204+ dctx->cleanup_adin(dctx, adin, adinlen);
11205+ adin = NULL;
11206+ }
11207+ if (!rv)
11208+ goto err;
11209+ out += rcnt;
11210+ count -= rcnt;
11211+ }
11212+ while (count);
11213+ rv = 1;
11214+ err:
11215+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
11216+ return rv;
11217+ }
11218+
11219+static int fips_drbg_pseudo(unsigned char *out, int count)
11220+ {
11221+ if (fips_drbg_bytes(out, count) <= 0)
11222+ return -1;
11223+ return 1;
11224+ }
11225+
11226+static int fips_drbg_status(void)
11227+ {
11228+ DRBG_CTX *dctx = &ossl_dctx;
11229+ int rv;
11230+ CRYPTO_r_lock(CRYPTO_LOCK_RAND);
11231+ rv = dctx->status == DRBG_STATUS_READY ? 1 : 0;
11232+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
11233+ return rv;
11234+ }
11235+
11236+static void fips_drbg_cleanup(void)
11237+ {
11238+ DRBG_CTX *dctx = &ossl_dctx;
11239+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
11240+ FIPS_drbg_uninstantiate(dctx);
11241+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
11242+ }
11243+
11244+static int fips_drbg_seed(const void *seed, int seedlen)
11245+ {
11246+ DRBG_CTX *dctx = &ossl_dctx;
11247+ if (dctx->rand_seed_cb)
11248+ return dctx->rand_seed_cb(dctx, seed, seedlen);
11249+ return 1;
11250+ }
11251+
11252+static int fips_drbg_add(const void *seed, int seedlen,
11253+ double add_entropy)
11254+ {
11255+ DRBG_CTX *dctx = &ossl_dctx;
11256+ if (dctx->rand_add_cb)
11257+ return dctx->rand_add_cb(dctx, seed, seedlen, add_entropy);
11258+ return 1;
11259+ }
11260+
11261+static const RAND_METHOD rand_drbg_meth =
11262+ {
11263+ fips_drbg_seed,
11264+ fips_drbg_bytes,
11265+ fips_drbg_cleanup,
11266+ fips_drbg_add,
11267+ fips_drbg_pseudo,
11268+ fips_drbg_status
11269+ };
11270+
11271+const RAND_METHOD *FIPS_drbg_method(void)
11272+ {
11273+ return &rand_drbg_meth;
11274+ }
11275+
37d333a7
MT		 11276diff -up openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c
11277--- openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c.fips 2013-02-19 12:47:33.737118832 +0100
11278+++ openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c 2013-02-19 12:47:33.737118832 +0100
0595faf5
MT		 11279@@ -0,0 +1,862 @@
11280+/* fips/rand/fips_drbg_selftest.c */
11281+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
11282+ * project.
11283+ */
11284+/* ====================================================================
11285+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
11286+ *
11287+ * Redistribution and use in source and binary forms, with or without
11288+ * modification, are permitted provided that the following conditions
11289+ * are met:
11290+ *
11291+ * 1. Redistributions of source code must retain the above copyright
11292+ * notice, this list of conditions and the following disclaimer.
11293+ *
11294+ * 2. Redistributions in binary form must reproduce the above copyright
11295+ * notice, this list of conditions and the following disclaimer in
11296+ * the documentation and/or other materials provided with the
11297+ * distribution.
11298+ *
11299+ * 3. All advertising materials mentioning features or use of this
11300+ * software must display the following acknowledgment:
11301+ * "This product includes software developed by the OpenSSL Project
11302+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
11303+ *
11304+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
11305+ * endorse or promote products derived from this software without
11306+ * prior written permission. For written permission, please contact
11307+ * licensing@OpenSSL.org.
11308+ *
11309+ * 5. Products derived from this software may not be called "OpenSSL"
11310+ * nor may "OpenSSL" appear in their names without prior written
11311+ * permission of the OpenSSL Project.
11312+ *
11313+ * 6. Redistributions of any form whatsoever must retain the following
11314+ * acknowledgment:
11315+ * "This product includes software developed by the OpenSSL Project
11316+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
11317+ *
11318+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
11319+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
11320+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
11321+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
11322+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
11323+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
11324+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
11325+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
11326+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
11327+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
11328+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
11329+ * OF THE POSSIBILITY OF SUCH DAMAGE.
11330+ * ====================================================================
11331+ */
11332+
11333+#include <string.h>
11334+#include <openssl/crypto.h>
11335+#include <openssl/err.h>
11336+#include <openssl/fips_rand.h>
11337+#include "fips_rand_lcl.h"
11338+#include "fips_locl.h"
11339+
11340+#include "fips_drbg_selftest.h"
11341+
11342+typedef struct {
11343+ int post;
11344+ int nid;
11345+ unsigned int flags;
11346+
11347+ /* KAT data for no PR */
11348+ const unsigned char *ent;
11349+ size_t entlen;
11350+ const unsigned char *nonce;
11351+ size_t noncelen;
11352+ const unsigned char *pers;
11353+ size_t perslen;
11354+ const unsigned char *adin;
11355+ size_t adinlen;
11356+ const unsigned char *entreseed;
11357+ size_t entreseedlen;
11358+ const unsigned char *adinreseed;
11359+ size_t adinreseedlen;
11360+ const unsigned char *adin2;
11361+ size_t adin2len;
11362+ const unsigned char *kat;
11363+ size_t katlen;
11364+ const unsigned char *kat2;
11365+ size_t kat2len;
11366+
11367+ /* KAT data for PR */
11368+ const unsigned char *ent_pr;
11369+ size_t entlen_pr;
11370+ const unsigned char *nonce_pr;
11371+ size_t noncelen_pr;
11372+ const unsigned char *pers_pr;
11373+ size_t perslen_pr;
11374+ const unsigned char *adin_pr;
11375+ size_t adinlen_pr;
11376+ const unsigned char *entpr_pr;
11377+ size_t entprlen_pr;
11378+ const unsigned char *ading_pr;
11379+ size_t adinglen_pr;
11380+ const unsigned char *entg_pr;
11381+ size_t entglen_pr;
11382+ const unsigned char *kat_pr;
11383+ size_t katlen_pr;
11384+ const unsigned char *kat2_pr;
11385+ size_t kat2len_pr;
11386+
11387+ } DRBG_SELFTEST_DATA;
11388+
11389+#define make_drbg_test_data(nid, flag, pr, p) {p, nid, flag | DRBG_FLAG_TEST, \
11390+ pr##_entropyinput, sizeof(pr##_entropyinput), \
11391+ pr##_nonce, sizeof(pr##_nonce), \
11392+ pr##_personalizationstring, sizeof(pr##_personalizationstring), \
11393+ pr##_additionalinput, sizeof(pr##_additionalinput), \
11394+ pr##_entropyinputreseed, sizeof(pr##_entropyinputreseed), \
11395+ pr##_additionalinputreseed, sizeof(pr##_additionalinputreseed), \
11396+ pr##_additionalinput2, sizeof(pr##_additionalinput2), \
11397+ pr##_int_returnedbits, sizeof(pr##_int_returnedbits), \
11398+ pr##_returnedbits, sizeof(pr##_returnedbits), \
11399+ pr##_pr_entropyinput, sizeof(pr##_pr_entropyinput), \
11400+ pr##_pr_nonce, sizeof(pr##_pr_nonce), \
11401+ pr##_pr_personalizationstring, sizeof(pr##_pr_personalizationstring), \
11402+ pr##_pr_additionalinput, sizeof(pr##_pr_additionalinput), \
11403+ pr##_pr_entropyinputpr, sizeof(pr##_pr_entropyinputpr), \
11404+ pr##_pr_additionalinput2, sizeof(pr##_pr_additionalinput2), \
11405+ pr##_pr_entropyinputpr2, sizeof(pr##_pr_entropyinputpr2), \
11406+ pr##_pr_int_returnedbits, sizeof(pr##_pr_int_returnedbits), \
11407+ pr##_pr_returnedbits, sizeof(pr##_pr_returnedbits), \
11408+ }
11409+
11410+#define make_drbg_test_data_df(nid, pr, p) \
11411+ make_drbg_test_data(nid, DRBG_FLAG_CTR_USE_DF, pr, p)
11412+
11413+#define make_drbg_test_data_ec(curve, md, pr, p) \
11414+ make_drbg_test_data((curve << 16) | md , 0, pr, p)
11415+
11416+static DRBG_SELFTEST_DATA drbg_test[] = {
11417+ make_drbg_test_data_df(NID_aes_128_ctr, aes_128_use_df, 0),
11418+ make_drbg_test_data_df(NID_aes_192_ctr, aes_192_use_df, 0),
11419+ make_drbg_test_data_df(NID_aes_256_ctr, aes_256_use_df, 1),
11420+ make_drbg_test_data(NID_aes_128_ctr, 0, aes_128_no_df, 0),
11421+ make_drbg_test_data(NID_aes_192_ctr, 0, aes_192_no_df, 0),
11422+ make_drbg_test_data(NID_aes_256_ctr, 0, aes_256_no_df, 1),
11423+ make_drbg_test_data(NID_sha1, 0, sha1, 0),
11424+ make_drbg_test_data(NID_sha224, 0, sha224, 0),
11425+ make_drbg_test_data(NID_sha256, 0, sha256, 1),
11426+ make_drbg_test_data(NID_sha384, 0, sha384, 0),
11427+ make_drbg_test_data(NID_sha512, 0, sha512, 0),
11428+ make_drbg_test_data(NID_hmacWithSHA1, 0, hmac_sha1, 0),
11429+ make_drbg_test_data(NID_hmacWithSHA224, 0, hmac_sha224, 0),
11430+ make_drbg_test_data(NID_hmacWithSHA256, 0, hmac_sha256, 1),
11431+ make_drbg_test_data(NID_hmacWithSHA384, 0, hmac_sha384, 0),
11432+ make_drbg_test_data(NID_hmacWithSHA512, 0, hmac_sha512, 0),
11433+ {0,0,0}
11434+ };
11435+
11436+typedef struct
11437+ {
11438+ const unsigned char *ent;
11439+ size_t entlen;
11440+ int entcnt;
11441+ const unsigned char *nonce;
11442+ size_t noncelen;
11443+ int noncecnt;
11444+ } TEST_ENT;
11445+
11446+static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
11447+ int entropy, size_t min_len, size_t max_len)
11448+ {
11449+ TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
11450+ *pout = (unsigned char *)t->ent;
11451+ t->entcnt++;
11452+ return t->entlen;
11453+ }
11454+
11455+static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
11456+ int entropy, size_t min_len, size_t max_len)
11457+ {
11458+ TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
11459+ *pout = (unsigned char *)t->nonce;
11460+ t->noncecnt++;
11461+ return t->noncelen;
11462+ }
11463+
11464+static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
11465+ int quick)
11466+ {
11467+ TEST_ENT t;
11468+ int rv = 0;
11469+ size_t adinlen;
11470+ unsigned char randout[1024];
11471+
11472+ /* Initial test without PR */
11473+
11474+ /* Instantiate DRBG with test entropy, nonce and personalisation
11475+ * string.
11476+ */
11477+
11478+ if (!FIPS_drbg_init(dctx, td->nid, td->flags))
11479+ return 0;
11480+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
11481+ return 0;
11482+
11483+ FIPS_drbg_set_app_data(dctx, &t);
11484+
11485+ t.ent = td->ent;
11486+ t.entlen = td->entlen;
11487+ t.nonce = td->nonce;
11488+ t.noncelen = td->noncelen;
11489+ t.entcnt = 0;
11490+ t.noncecnt = 0;
11491+
11492+ if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
11493+ goto err;
11494+
11495+ /* Note for CTR without DF some additional input values
11496+ * ignore bytes after the keylength: so reduce adinlen
11497+ * to half to ensure invalid data is fed in.
11498+ */
11499+ if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
11500+ adinlen = td->adinlen / 2;
11501+ else
11502+ adinlen = td->adinlen;
11503+
11504+ /* Generate with no PR and verify output matches expected data */
11505+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11506+ td->adin, adinlen))
11507+ goto err;
11508+
11509+ if (memcmp(randout, td->kat, td->katlen))
11510+ {
11511+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST1_FAILURE);
11512+ goto err2;
11513+ }
11514+ /* If abbreviated POST end of test */
11515+ if (quick)
11516+ {
11517+ rv = 1;
11518+ goto err;
11519+ }
11520+ /* Reseed DRBG with test entropy and additional input */
11521+ t.ent = td->entreseed;
11522+ t.entlen = td->entreseedlen;
11523+
11524+ if (!FIPS_drbg_reseed(dctx, td->adinreseed, td->adinreseedlen))
11525+ goto err;
11526+
11527+ /* Generate with no PR and verify output matches expected data */
11528+ if (!FIPS_drbg_generate(dctx, randout, td->kat2len, 0,
11529+ td->adin2, td->adin2len))
11530+ goto err;
11531+
11532+ if (memcmp(randout, td->kat2, td->kat2len))
11533+ {
11534+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST2_FAILURE);
11535+ goto err2;
11536+ }
11537+
11538+ FIPS_drbg_uninstantiate(dctx);
11539+
11540+ /* Now test with PR */
11541+
11542+ /* Instantiate DRBG with test entropy, nonce and personalisation
11543+ * string.
11544+ */
11545+ if (!FIPS_drbg_init(dctx, td->nid, td->flags))
11546+ return 0;
11547+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
11548+ return 0;
11549+
11550+ FIPS_drbg_set_app_data(dctx, &t);
11551+
11552+ t.ent = td->ent_pr;
11553+ t.entlen = td->entlen_pr;
11554+ t.nonce = td->nonce_pr;
11555+ t.noncelen = td->noncelen_pr;
11556+ t.entcnt = 0;
11557+ t.noncecnt = 0;
11558+
11559+ if (!FIPS_drbg_instantiate(dctx, td->pers_pr, td->perslen_pr))
11560+ goto err;
11561+
11562+ /* Now generate with PR: we need to supply entropy as this will
11563+ * perform a reseed operation. Check output matches expected value.
11564+ */
11565+
11566+ t.ent = td->entpr_pr;
11567+ t.entlen = td->entprlen_pr;
11568+
11569+ /* Note for CTR without DF some additional input values
11570+ * ignore bytes after the keylength: so reduce adinlen
11571+ * to half to ensure invalid data is fed in.
11572+ */
11573+ if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
11574+ adinlen = td->adinlen_pr / 2;
11575+ else
11576+ adinlen = td->adinlen_pr;
11577+ if (!FIPS_drbg_generate(dctx, randout, td->katlen_pr, 1,
11578+ td->adin_pr, adinlen))
11579+ goto err;
11580+
11581+ if (memcmp(randout, td->kat_pr, td->katlen_pr))
11582+ {
11583+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST1_FAILURE);
11584+ goto err2;
11585+ }
11586+
11587+ /* Now generate again with PR: supply new entropy again.
11588+ * Check output matches expected value.
11589+ */
11590+
11591+ t.ent = td->entg_pr;
11592+ t.entlen = td->entglen_pr;
11593+
11594+ if (!FIPS_drbg_generate(dctx, randout, td->kat2len_pr, 1,
11595+ td->ading_pr, td->adinglen_pr))
11596+ goto err;
11597+
11598+ if (memcmp(randout, td->kat2_pr, td->kat2len_pr))
11599+ {
11600+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST2_FAILURE);
11601+ goto err2;
11602+ }
11603+ /* All OK, test complete */
11604+ rv = 1;
11605+
11606+ err:
11607+ if (rv == 0)
11608+ FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED);
11609+ err2:
11610+ FIPS_drbg_uninstantiate(dctx);
11611+
11612+ return rv;
11613+
11614+ }
11615+
11616+/* Initialise a DRBG based on selftest data */
11617+
11618+static int do_drbg_init(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td, TEST_ENT *t)
11619+ {
11620+
11621+ if (!FIPS_drbg_init(dctx, td->nid, td->flags))
11622+ return 0;
11623+
11624+ if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
11625+ return 0;
11626+
11627+ FIPS_drbg_set_app_data(dctx, t);
11628+
11629+ t->ent = td->ent;
11630+ t->entlen = td->entlen;
11631+ t->nonce = td->nonce;
11632+ t->noncelen = td->noncelen;
11633+ t->entcnt = 0;
11634+ t->noncecnt = 0;
11635+ return 1;
11636+ }
11637+
11638+/* Initialise and instantiate DRBG based on selftest data */
11639+static int do_drbg_instantiate(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
11640+ TEST_ENT *t)
11641+ {
11642+ if (!do_drbg_init(dctx, td, t))
11643+ return 0;
11644+ if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
11645+ return 0;
11646+
11647+ return 1;
11648+ }
11649+
11650+/* This function performs extensive error checking as required by SP800-90.
11651+ * Induce several failure modes and check an error condition is set.
11652+ * This function along with fips_drbg_single_kat peforms the health checking
11653+ * operation.
11654+ */
11655+
11656+static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
11657+ {
11658+ unsigned char randout[1024];
11659+ TEST_ENT t;
11660+ size_t i;
11661+ unsigned int reseed_counter_tmp;
11662+ unsigned char *p = (unsigned char *)dctx;
11663+
11664+ /* Initialise DRBG */
11665+
11666+ if (!do_drbg_init(dctx, td, &t))
11667+ goto err;
11668+
11669+ /* Don't report induced errors */
11670+ dctx->iflags |= DRBG_FLAG_NOERR;
11671+
11672+ /* Personalisation string tests */
11673+
11674+ /* Test detection of too large personlisation string */
11675+
11676+ if (FIPS_drbg_instantiate(dctx, td->pers, dctx->max_pers + 1) > 0)
11677+ {
11678+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_PERSONALISATION_ERROR_UNDETECTED);
11679+ goto err;
11680+ }
11681+
11682+ /* Entropy source tests */
11683+
11684+ /* Test entropy source failure detecion: i.e. returns no data */
11685+
11686+ t.entlen = 0;
11687+
11688+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
11689+ {
11690+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11691+ goto err;
11692+ }
11693+
11694+ /* Try to generate output from uninstantiated DRBG */
11695+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11696+ td->adin, td->adinlen))
11697+ {
11698+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_GENERATE_ERROR_UNDETECTED);
11699+ goto err;
11700+ }
11701+
11702+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11703+ if (!FIPS_drbg_uninstantiate(dctx))
11704+ {
11705+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11706+ goto err;
11707+ }
11708+
11709+ if (!do_drbg_init(dctx, td, &t))
11710+ goto err;
11711+
11712+ dctx->iflags |= DRBG_FLAG_NOERR;
11713+
11714+ /* Test insufficient entropy */
11715+
11716+ t.entlen = dctx->min_entropy - 1;
11717+
11718+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
11719+ {
11720+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11721+ goto err;
11722+ }
11723+
11724+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11725+ if (!FIPS_drbg_uninstantiate(dctx))
11726+ {
11727+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11728+ goto err;
11729+ }
11730+
11731+ /* Test too much entropy */
11732+
11733+ if (!do_drbg_init(dctx, td, &t))
11734+ goto err;
11735+
11736+ dctx->iflags |= DRBG_FLAG_NOERR;
11737+
11738+ t.entlen = dctx->max_entropy + 1;
11739+
11740+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
11741+ {
11742+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11743+ goto err;
11744+ }
11745+
11746+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11747+ if (!FIPS_drbg_uninstantiate(dctx))
11748+ {
11749+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11750+ goto err;
11751+ }
11752+
11753+ /* Nonce tests */
11754+
11755+ /* Test too small nonce */
11756+
11757+ if (dctx->min_nonce)
11758+ {
11759+
11760+ if (!do_drbg_init(dctx, td, &t))
11761+ goto err;
11762+
11763+ dctx->iflags |= DRBG_FLAG_NOERR;
11764+
11765+ t.noncelen = dctx->min_nonce - 1;
11766+
11767+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
11768+ {
11769+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_NONCE_ERROR_UNDETECTED);
11770+ goto err;
11771+ }
11772+
11773+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11774+ if (!FIPS_drbg_uninstantiate(dctx))
11775+ {
11776+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11777+ goto err;
11778+ }
11779+
11780+ }
11781+
11782+ /* Test too large nonce */
11783+
11784+ if (dctx->max_nonce)
11785+ {
11786+
11787+ if (!do_drbg_init(dctx, td, &t))
11788+ goto err;
11789+
11790+ dctx->iflags |= DRBG_FLAG_NOERR;
11791+
11792+ t.noncelen = dctx->max_nonce + 1;
11793+
11794+ if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
11795+ {
11796+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_NONCE_ERROR_UNDETECTED);
11797+ goto err;
11798+ }
11799+
11800+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11801+ if (!FIPS_drbg_uninstantiate(dctx))
11802+ {
11803+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11804+ goto err;
11805+ }
11806+
11807+ }
11808+
11809+ /* Instantiate with valid data. */
11810+ if (!do_drbg_instantiate(dctx, td, &t))
11811+ goto err;
11812+
11813+ /* Check generation is now OK */
11814+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11815+ td->adin, td->adinlen))
11816+ goto err;
11817+
11818+ dctx->iflags |= DRBG_FLAG_NOERR;
11819+
11820+ /* Request too much data for one request */
11821+ if (FIPS_drbg_generate(dctx, randout, dctx->max_request + 1, 0,
11822+ td->adin, td->adinlen))
11823+ {
11824+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED);
11825+ goto err;
11826+ }
11827+
11828+ /* Try too large additional input */
11829+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11830+ td->adin, dctx->max_adin + 1))
11831+ {
11832+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
11833+ goto err;
11834+ }
11835+
11836+ /* Check prediction resistance request fails if entropy source
11837+ * failure.
11838+ */
11839+
11840+ t.entlen = 0;
11841+
11842+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
11843+ td->adin, td->adinlen))
11844+ {
11845+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11846+ goto err;
11847+ }
11848+
11849+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11850+ if (!FIPS_drbg_uninstantiate(dctx))
11851+ {
11852+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11853+ goto err;
11854+ }
11855+
11856+
11857+ /* Instantiate again with valid data */
11858+
11859+ if (!do_drbg_instantiate(dctx, td, &t))
11860+ goto err;
11861+ /* Test reseed counter works */
11862+ /* Save initial reseed counter */
11863+ reseed_counter_tmp = dctx->reseed_counter;
11864+ /* Set reseed counter to beyond interval */
11865+ dctx->reseed_counter = dctx->reseed_interval;
11866+
11867+ /* Generate output and check entropy has been requested for reseed */
11868+ t.entcnt = 0;
11869+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11870+ td->adin, td->adinlen))
11871+ goto err;
11872+ if (t.entcnt != 1)
11873+ {
11874+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
11875+ goto err;
11876+ }
11877+ /* Check reseed counter has been reset */
11878+ if (dctx->reseed_counter != reseed_counter_tmp + 1)
11879+ {
11880+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
11881+ goto err;
11882+ }
11883+
11884+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11885+ if (!FIPS_drbg_uninstantiate(dctx))
11886+ {
11887+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11888+ goto err;
11889+ }
11890+
11891+ /* Check prediction resistance request fails if entropy source
11892+ * failure.
11893+ */
11894+
11895+ t.entlen = 0;
11896+
11897+ dctx->iflags |= DRBG_FLAG_NOERR;
11898+ if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
11899+ td->adin, td->adinlen))
11900+ {
11901+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11902+ goto err;
11903+ }
11904+
11905+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11906+
11907+ if (!FIPS_drbg_uninstantiate(dctx))
11908+ {
11909+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11910+ goto err;
11911+ }
11912+
11913+
11914+ if (!do_drbg_instantiate(dctx, td, &t))
11915+ goto err;
11916+ /* Test reseed counter works */
11917+ /* Save initial reseed counter */
11918+ reseed_counter_tmp = dctx->reseed_counter;
11919+ /* Set reseed counter to beyond interval */
11920+ dctx->reseed_counter = dctx->reseed_interval;
11921+
11922+ /* Generate output and check entropy has been requested for reseed */
11923+ t.entcnt = 0;
11924+ if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11925+ td->adin, td->adinlen))
11926+ goto err;
11927+ if (t.entcnt != 1)
11928+ {
11929+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
11930+ goto err;
11931+ }
11932+ /* Check reseed counter has been reset */
11933+ if (dctx->reseed_counter != reseed_counter_tmp + 1)
11934+ {
11935+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
11936+ goto err;
11937+ }
11938+
11939+ dctx->iflags &= ~DRBG_FLAG_NOERR;
11940+ if (!FIPS_drbg_uninstantiate(dctx))
11941+ {
11942+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11943+ goto err;
11944+ }
11945+
11946+ /* Explicit reseed tests */
11947+
11948+ /* Test explicit reseed with too large additional input */
11949+ if (!do_drbg_init(dctx, td, &t))
11950+ goto err;
11951+
11952+ dctx->iflags |= DRBG_FLAG_NOERR;
11953+
11954+ if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0)
11955+ {
11956+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
11957+ goto err;
11958+ }
11959+
11960+ /* Test explicit reseed with entropy source failure */
11961+
11962+ t.entlen = 0;
11963+
11964+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
11965+ {
11966+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11967+ goto err;
11968+ }
11969+
11970+ if (!FIPS_drbg_uninstantiate(dctx))
11971+ {
11972+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11973+ goto err;
11974+ }
11975+
11976+ /* Test explicit reseed with too much entropy */
11977+
11978+ if (!do_drbg_init(dctx, td, &t))
11979+ goto err;
11980+
11981+ dctx->iflags |= DRBG_FLAG_NOERR;
11982+
11983+ t.entlen = dctx->max_entropy + 1;
11984+
11985+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
11986+ {
11987+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11988+ goto err;
11989+ }
11990+
11991+ if (!FIPS_drbg_uninstantiate(dctx))
11992+ {
11993+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11994+ goto err;
11995+ }
11996+
11997+ /* Test explicit reseed with too little entropy */
11998+
11999+ if (!do_drbg_init(dctx, td, &t))
12000+ goto err;
12001+
12002+ dctx->iflags |= DRBG_FLAG_NOERR;
12003+
12004+ t.entlen = dctx->min_entropy - 1;
12005+
12006+ if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
12007+ {
12008+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
12009+ goto err;
12010+ }
12011+
12012+ if (!FIPS_drbg_uninstantiate(dctx))
12013+ {
12014+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
12015+ goto err;
12016+ }
12017+
12018+ p = (unsigned char *)&dctx->d;
12019+ /* Standard says we have to check uninstantiate really zeroes
12020+ * the data...
12021+ */
12022+ for (i = 0; i < sizeof(dctx->d); i++)
12023+ {
12024+ if (*p != 0)
12025+ {
12026+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ZEROISE_ERROR);
12027+ goto err;
12028+ }
12029+ p++;
12030+ }
12031+
12032+ return 1;
12033+
12034+ err:
12035+ /* A real error as opposed to an induced one: underlying function will
12036+ * indicate the error.
12037+ */
12038+ if (!(dctx->iflags & DRBG_FLAG_NOERR))
12039+ FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_FUNCTION_ERROR);
12040+ FIPS_drbg_uninstantiate(dctx);
12041+ return 0;
12042+
12043+ }
12044+
12045+int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags)
12046+ {
12047+ DRBG_SELFTEST_DATA *td;
12048+ flags |= DRBG_FLAG_TEST;
12049+ for (td = drbg_test; td->nid != 0; td++)
12050+ {
12051+ if (td->nid == nid && td->flags == flags)
12052+ {
12053+ if (!fips_drbg_single_kat(dctx, td, 0))
12054+ return 0;
12055+ return fips_drbg_error_check(dctx, td);
12056+ }
12057+ }
12058+ return 0;
12059+ }
12060+
12061+int FIPS_drbg_health_check(DRBG_CTX *dctx)
12062+ {
12063+ int rv;
12064+ DRBG_CTX *tctx = NULL;
12065+ tctx = FIPS_drbg_new(0, 0);
12066+ fips_post_started(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
12067+ if (!tctx)
12068+ return 0;
12069+ rv = fips_drbg_kat(tctx, dctx->type, dctx->xflags);
12070+ if (tctx)
12071+ FIPS_drbg_free(tctx);
12072+ if (rv)
12073+ fips_post_success(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
12074+ else
12075+ fips_post_failed(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
12076+ if (!rv)
12077+ dctx->status = DRBG_STATUS_ERROR;
12078+ else
12079+ dctx->health_check_cnt = 0;
12080+ return rv;
12081+ }
12082+
12083+int FIPS_selftest_drbg(void)
12084+ {
12085+ DRBG_CTX *dctx;
12086+ DRBG_SELFTEST_DATA *td;
12087+ int rv = 1;
12088+ dctx = FIPS_drbg_new(0, 0);
12089+ if (!dctx)
12090+ return 0;
12091+ for (td = drbg_test; td->nid != 0; td++)
12092+ {
12093+ if (td->post != 1)
12094+ continue;
12095+ if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
12096+ return 1;
12097+ if (!fips_drbg_single_kat(dctx, td, 1))
12098+ {
12099+ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
12100+ rv = 0;
12101+ continue;
12102+ }
12103+ if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
12104+ return 0;
12105+ }
12106+ FIPS_drbg_free(dctx);
12107+ return rv;
12108+ }
12109+
12110+
12111+int FIPS_selftest_drbg_all(void)
12112+ {
12113+ DRBG_CTX *dctx;
12114+ DRBG_SELFTEST_DATA *td;
12115+ int rv = 1;
12116+ dctx = FIPS_drbg_new(0, 0);
12117+ if (!dctx)
12118+ return 0;
12119+ for (td = drbg_test; td->nid != 0; td++)
12120+ {
12121+ if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
12122+ return 1;
12123+ if (!fips_drbg_single_kat(dctx, td, 0))
12124+ {
12125+ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
12126+ rv = 0;
12127+ continue;
12128+ }
12129+ if (!fips_drbg_error_check(dctx, td))
12130+ {
12131+ fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
12132+ rv = 0;
12133+ continue;
12134+ }
12135+ if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
12136+ return 0;
12137+ }
12138+ FIPS_drbg_free(dctx);
12139+ return rv;
12140+ }
12141+
37d333a7
MT		 12142diff -up openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h
12143--- openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h.fips 2013-02-19 12:47:33.738118852 +0100
12144+++ openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h 2013-02-19 12:47:33.738118852 +0100
0595faf5
MT		 12145@@ -0,0 +1,2335 @@
12146+/* ====================================================================
12147+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
12148+ *
12149+ * Redistribution and use in source and binary forms, with or without
12150+ * modification, are permitted provided that the following conditions
12151+ * are met:
12152+ *
12153+ * 1. Redistributions of source code must retain the above copyright
12154+ * notice, this list of conditions and the following disclaimer.
12155+ *
12156+ * 2. Redistributions in binary form must reproduce the above copyright
12157+ * notice, this list of conditions and the following disclaimer in
12158+ * the documentation and/or other materials provided with the
12159+ * distribution.
12160+ *
12161+ * 3. All advertising materials mentioning features or use of this
12162+ * software must display the following acknowledgment:
12163+ * "This product includes software developed by the OpenSSL Project
12164+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
12165+ *
12166+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
12167+ * endorse or promote products derived from this software without
12168+ * prior written permission. For written permission, please contact
12169+ * openssl-core.org.
12170+ *
12171+ * 5. Products derived from this software may not be called "OpenSSL"
12172+ * nor may "OpenSSL" appear in their names without prior written
12173+ * permission of the OpenSSL Project.
12174+ *
12175+ * 6. Redistributions of any form whatsoever must retain the following
12176+ * acknowledgment:
12177+ * "This product includes software developed by the OpenSSL Project
12178+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
12179+ *
12180+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
12181+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
12182+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
12183+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
12184+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
12185+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
12186+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
12187+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
12188+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
12189+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
12190+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
12191+ * OF THE POSSIBILITY OF SUCH DAMAGE.
12192+ *
12193+ */
12194+
12195+/* Selftest and health check data for the SP800-90 DRBG */
12196+
12197+#define __fips_constseg
12198+
12199+/* AES-128 use df PR */
12200+__fips_constseg
12201+static const unsigned char aes_128_use_df_pr_entropyinput[] =
12202+ {
12203+ 0x61,0x52,0x7c,0xe3,0x23,0x7d,0x0a,0x07,0x10,0x0c,0x50,0x33,
12204+ 0xc8,0xdb,0xff,0x12
12205+ };
12206+
12207+__fips_constseg
12208+static const unsigned char aes_128_use_df_pr_nonce[] =
12209+ {
12210+ 0x51,0x0d,0x85,0x77,0xed,0x22,0x97,0x28
12211+ };
12212+
12213+__fips_constseg
12214+static const unsigned char aes_128_use_df_pr_personalizationstring[] =
12215+ {
12216+ 0x59,0x9f,0xbb,0xcd,0xd5,0x25,0x69,0xb5,0xcb,0xb5,0x03,0xfe,
12217+ 0xd7,0xd7,0x01,0x67
12218+ };
12219+
12220+__fips_constseg
12221+static const unsigned char aes_128_use_df_pr_additionalinput[] =
12222+ {
12223+ 0xef,0x88,0x76,0x01,0xaf,0x3c,0xfe,0x8b,0xaf,0x26,0x06,0x9e,
12224+ 0x9a,0x47,0x08,0x76
12225+ };
12226+
12227+__fips_constseg
12228+static const unsigned char aes_128_use_df_pr_entropyinputpr[] =
12229+ {
12230+ 0xe2,0x76,0xf9,0xf6,0x3a,0xba,0x10,0x9f,0xbf,0x47,0x0e,0x51,
12231+ 0x09,0xfb,0xa3,0xb6
12232+ };
12233+
12234+__fips_constseg
12235+static const unsigned char aes_128_use_df_pr_int_returnedbits[] =
12236+ {
12237+ 0xd4,0x98,0x8a,0x46,0x80,0x4c,0xdb,0xa3,0x59,0x02,0x57,0x52,
12238+ 0x66,0x1c,0xea,0x5b
12239+ };
12240+
12241+__fips_constseg
12242+static const unsigned char aes_128_use_df_pr_additionalinput2[] =
12243+ {
12244+ 0x88,0x8c,0x91,0xd6,0xbe,0x56,0x6e,0x08,0x9a,0x62,0x2b,0x11,
12245+ 0x3f,0x5e,0x31,0x06
12246+ };
12247+
12248+__fips_constseg
12249+static const unsigned char aes_128_use_df_pr_entropyinputpr2[] =
12250+ {
12251+ 0xc0,0x5c,0x6b,0x98,0x01,0x0d,0x58,0x18,0x51,0x18,0x96,0xae,
12252+ 0xa7,0xe3,0xa8,0x67
12253+ };
12254+
12255+__fips_constseg
12256+static const unsigned char aes_128_use_df_pr_returnedbits[] =
12257+ {
12258+ 0xcf,0x01,0xac,0x22,0x31,0x06,0x8e,0xfc,0xce,0x56,0xea,0x24,
12259+ 0x0f,0x38,0x43,0xc6
12260+ };
12261+
12262+
12263+/* AES-128 use df No PR */
12264+__fips_constseg
12265+static const unsigned char aes_128_use_df_entropyinput[] =
12266+ {
12267+ 0x1f,0x8e,0x34,0x82,0x0c,0xb7,0xbe,0xc5,0x01,0x3e,0xd0,0xa3,
12268+ 0x9d,0x7d,0x1c,0x9b
12269+ };
12270+
12271+__fips_constseg
12272+static const unsigned char aes_128_use_df_nonce[] =
12273+ {
12274+ 0xd5,0x4d,0xbd,0x4a,0x93,0x7f,0xb8,0x96
12275+ };
12276+
12277+__fips_constseg
12278+static const unsigned char aes_128_use_df_personalizationstring[] =
12279+ {
12280+ 0xab,0xd6,0x3f,0x04,0xfe,0x27,0x6b,0x2d,0xd7,0xc3,0x1c,0xf3,
12281+ 0x38,0x66,0xba,0x1b
12282+ };
12283+
12284+__fips_constseg
12285+static const unsigned char aes_128_use_df_additionalinput[] =
12286+ {
12287+ 0xfe,0xf4,0x09,0xa8,0xb7,0x73,0x27,0x9c,0x5f,0xa7,0xea,0x46,
12288+ 0xb5,0xe2,0xb2,0x41
12289+ };
12290+
12291+__fips_constseg
12292+static const unsigned char aes_128_use_df_int_returnedbits[] =
12293+ {
12294+ 0x42,0xe4,0x4e,0x7b,0x27,0xdd,0xcb,0xbc,0x0a,0xcf,0xa6,0x67,
12295+ 0xe7,0x57,0x11,0xb4
12296+ };
12297+
12298+__fips_constseg
12299+static const unsigned char aes_128_use_df_entropyinputreseed[] =
12300+ {
12301+ 0x14,0x26,0x69,0xd9,0xf3,0x65,0x03,0xd6,0x6b,0xb9,0x44,0x0b,
12302+ 0xc7,0xc4,0x9e,0x39
12303+ };
12304+
12305+__fips_constseg
12306+static const unsigned char aes_128_use_df_additionalinputreseed[] =
12307+ {
12308+ 0x55,0x2e,0x60,0x9a,0x05,0x72,0x8a,0xa8,0xef,0x22,0x81,0x5a,
12309+ 0xc8,0x93,0xfa,0x84
12310+ };
12311+
12312+__fips_constseg
12313+static const unsigned char aes_128_use_df_additionalinput2[] =
12314+ {
12315+ 0x3c,0x40,0xc8,0xc4,0x16,0x0c,0x21,0xa4,0x37,0x2c,0x8f,0xa5,
12316+ 0x06,0x0c,0x15,0x2c
12317+ };
12318+
12319+__fips_constseg
12320+static const unsigned char aes_128_use_df_returnedbits[] =
12321+ {
12322+ 0xe1,0x3e,0x99,0x98,0x86,0x67,0x0b,0x63,0x7b,0xbe,0x3f,0x88,
12323+ 0x46,0x81,0xc7,0x19
12324+ };
12325+
12326+
12327+/* AES-192 use df PR */
12328+__fips_constseg
12329+static const unsigned char aes_192_use_df_pr_entropyinput[] =
12330+ {
12331+ 0x2b,0x4e,0x8b,0xe1,0xf1,0x34,0x80,0x56,0x81,0xf9,0x74,0xec,
12332+ 0x17,0x44,0x2a,0xf1,0x14,0xb0,0xbf,0x97,0x39,0xb7,0x04,0x7d
12333+ };
12334+
12335+__fips_constseg
12336+static const unsigned char aes_192_use_df_pr_nonce[] =
12337+ {
12338+ 0xd6,0x9d,0xeb,0x14,0x4e,0x6c,0x30,0x1e,0x39,0x55,0x73,0xd0,
12339+ 0xd1,0x80,0x78,0xfa
12340+ };
12341+
12342+__fips_constseg
12343+static const unsigned char aes_192_use_df_pr_personalizationstring[] =
12344+ {
12345+ 0xfc,0x43,0x4a,0xf8,0x9a,0x55,0xb3,0x53,0x83,0xe2,0x18,0x16,
12346+ 0x0c,0xdc,0xcd,0x5e,0x4f,0xa0,0x03,0x01,0x2b,0x9f,0xe4,0xd5,
12347+ 0x7d,0x49,0xf0,0x41,0x9e,0x3d,0x99,0x04
12348+ };
12349+
12350+__fips_constseg
12351+static const unsigned char aes_192_use_df_pr_additionalinput[] =
12352+ {
12353+ 0x5e,0x9f,0x49,0x6f,0x21,0x8b,0x1d,0x32,0xd5,0x84,0x5c,0xac,
12354+ 0xaf,0xdf,0xe4,0x79,0x9e,0xaf,0xa9,0x82,0xd0,0xf8,0x4f,0xcb,
12355+ 0x69,0x10,0x0a,0x7e,0x81,0x57,0xb5,0x36
12356+ };
12357+
12358+__fips_constseg
12359+static const unsigned char aes_192_use_df_pr_entropyinputpr[] =
12360+ {
12361+ 0xd4,0x81,0x0c,0xd7,0x66,0x39,0xec,0x42,0x53,0x87,0x41,0xa5,
12362+ 0x1e,0x7d,0x80,0x91,0x8e,0xbb,0xed,0xac,0x14,0x02,0x1a,0xd5
12363+ };
12364+
12365+__fips_constseg
12366+static const unsigned char aes_192_use_df_pr_int_returnedbits[] =
12367+ {
12368+ 0xdf,0x1d,0x39,0x45,0x7c,0x9b,0xc6,0x2b,0x7d,0x8c,0x93,0xe9,
12369+ 0x19,0x30,0x6b,0x67
12370+ };
12371+
12372+__fips_constseg
12373+static const unsigned char aes_192_use_df_pr_additionalinput2[] =
12374+ {
12375+ 0x00,0x71,0x27,0x4e,0xd3,0x14,0xf1,0x20,0x7f,0x4a,0x41,0x32,
12376+ 0x2a,0x97,0x11,0x43,0x8f,0x4a,0x15,0x7b,0x9b,0x51,0x79,0xda,
12377+ 0x49,0x3d,0xde,0xe8,0xbc,0x93,0x91,0x99
12378+ };
12379+
12380+__fips_constseg
12381+static const unsigned char aes_192_use_df_pr_entropyinputpr2[] =
12382+ {
12383+ 0x90,0xee,0x76,0xa1,0x45,0x8d,0xb7,0x40,0xb0,0x11,0xbf,0xd0,
12384+ 0x65,0xd7,0x3c,0x7c,0x4f,0x20,0x3f,0x4e,0x11,0x9d,0xb3,0x5e
12385+ };
12386+
12387+__fips_constseg
12388+static const unsigned char aes_192_use_df_pr_returnedbits[] =
12389+ {
12390+ 0x24,0x3b,0x20,0xa4,0x37,0x66,0xba,0x72,0x39,0x3f,0xcf,0x3c,
12391+ 0x7e,0x1a,0x2b,0x83
12392+ };
12393+
12394+
12395+/* AES-192 use df No PR */
12396+__fips_constseg
12397+static const unsigned char aes_192_use_df_entropyinput[] =
12398+ {
12399+ 0x8d,0x74,0xa4,0x50,0x1a,0x02,0x68,0x0c,0x2a,0x69,0xc4,0x82,
12400+ 0x3b,0xbb,0xda,0x0e,0x7f,0x77,0xa3,0x17,0x78,0x57,0xb2,0x7b
12401+ };
12402+
12403+__fips_constseg
12404+static const unsigned char aes_192_use_df_nonce[] =
12405+ {
12406+ 0x75,0xd5,0x1f,0xac,0xa4,0x8d,0x42,0x78,0xd7,0x69,0x86,0x9d,
12407+ 0x77,0xd7,0x41,0x0e
12408+ };
12409+
12410+__fips_constseg
12411+static const unsigned char aes_192_use_df_personalizationstring[] =
12412+ {
12413+ 0x4e,0x33,0x41,0x3c,0x9c,0xc2,0xd2,0x53,0xaf,0x90,0xea,0xcf,
12414+ 0x19,0x50,0x1e,0xe6,0x6f,0x63,0xc8,0x32,0x22,0xdc,0x07,0x65,
12415+ 0x9c,0xd3,0xf8,0x30,0x9e,0xed,0x35,0x70
12416+ };
12417+
12418+__fips_constseg
12419+static const unsigned char aes_192_use_df_additionalinput[] =
12420+ {
12421+ 0x5d,0x8b,0x8c,0xc1,0xdf,0x0e,0x02,0x78,0xfb,0x19,0xb8,0x69,
12422+ 0x78,0x4e,0x9c,0x52,0xbc,0xc7,0x20,0xc9,0xe6,0x5e,0x77,0x22,
12423+ 0x28,0x3d,0x0c,0x9e,0x68,0xa8,0x45,0xd7
12424+ };
12425+
12426+__fips_constseg
12427+static const unsigned char aes_192_use_df_int_returnedbits[] =
12428+ {
12429+ 0xd5,0xe7,0x08,0xc5,0x19,0x99,0xd5,0x31,0x03,0x0a,0x74,0xb6,
12430+ 0xb7,0xed,0xe9,0xea
12431+ };
12432+
12433+__fips_constseg
12434+static const unsigned char aes_192_use_df_entropyinputreseed[] =
12435+ {
12436+ 0x9c,0x26,0xda,0xf1,0xac,0xd9,0x5a,0xd6,0xa8,0x65,0xf5,0x02,
12437+ 0x8f,0xdc,0xa2,0x09,0x54,0xa6,0xe2,0xa4,0xde,0x32,0xe0,0x01
12438+ };
12439+
12440+__fips_constseg
12441+static const unsigned char aes_192_use_df_additionalinputreseed[] =
12442+ {
12443+ 0x9b,0x90,0xb0,0x3a,0x0e,0x3a,0x80,0x07,0x4a,0xf4,0xda,0x76,
12444+ 0x28,0x30,0x3c,0xee,0x54,0x1b,0x94,0x59,0x51,0x43,0x56,0x77,
12445+ 0xaf,0x88,0xdd,0x63,0x89,0x47,0x06,0x65
12446+ };
12447+
12448+__fips_constseg
12449+static const unsigned char aes_192_use_df_additionalinput2[] =
12450+ {
12451+ 0x3c,0x11,0x64,0x7a,0x96,0xf5,0xd8,0xb8,0xae,0xd6,0x70,0x4e,
12452+ 0x16,0x96,0xde,0xe9,0x62,0xbc,0xee,0x28,0x2f,0x26,0xa6,0xf0,
12453+ 0x56,0xef,0xa3,0xf1,0x6b,0xa1,0xb1,0x77
12454+ };
12455+
12456+__fips_constseg
12457+static const unsigned char aes_192_use_df_returnedbits[] =
12458+ {
12459+ 0x0b,0xe2,0x56,0x03,0x1e,0xdb,0x2c,0x6d,0x7f,0x1b,0x15,0x58,
12460+ 0x1a,0xf9,0x13,0x28
12461+ };
12462+
12463+
12464+/* AES-256 use df PR */
12465+__fips_constseg
12466+static const unsigned char aes_256_use_df_pr_entropyinput[] =
12467+ {
12468+ 0x61,0x68,0xfc,0x1a,0xf0,0xb5,0x95,0x6b,0x85,0x09,0x9b,0x74,
12469+ 0x3f,0x13,0x78,0x49,0x3b,0x85,0xec,0x93,0x13,0x3b,0xa9,0x4f,
12470+ 0x96,0xab,0x2c,0xe4,0xc8,0x8f,0xdd,0x6a
12471+ };
12472+
12473+__fips_constseg
12474+static const unsigned char aes_256_use_df_pr_nonce[] =
12475+ {
12476+ 0xad,0xd2,0xbb,0xba,0xb7,0x65,0x89,0xc3,0x21,0x6c,0x55,0x33,
12477+ 0x2b,0x36,0xff,0xa4
12478+ };
12479+
12480+__fips_constseg
12481+static const unsigned char aes_256_use_df_pr_personalizationstring[] =
12482+ {
12483+ 0x6e,0xca,0xe7,0x20,0x72,0xd3,0x84,0x5a,0x32,0xd3,0x4b,0x24,
12484+ 0x72,0xc4,0x63,0x2b,0x9d,0x12,0x24,0x0c,0x23,0x26,0x8e,0x83,
12485+ 0x16,0x37,0x0b,0xd1,0x06,0x4f,0x68,0x6d
12486+ };
12487+
12488+__fips_constseg
12489+static const unsigned char aes_256_use_df_pr_additionalinput[] =
12490+ {
12491+ 0x7e,0x08,0x4a,0xbb,0xe3,0x21,0x7c,0xc9,0x23,0xd2,0xf8,0xb0,
12492+ 0x73,0x98,0xba,0x84,0x74,0x23,0xab,0x06,0x8a,0xe2,0x22,0xd3,
12493+ 0x7b,0xce,0x9b,0xd2,0x4a,0x76,0xb8,0xde
12494+ };
12495+
12496+__fips_constseg
12497+static const unsigned char aes_256_use_df_pr_entropyinputpr[] =
12498+ {
12499+ 0x0b,0x23,0xaf,0xdf,0xf1,0x62,0xd7,0xd3,0x43,0x97,0xf8,0x77,
12500+ 0x04,0xa8,0x42,0x20,0xbd,0xf6,0x0f,0xc1,0x17,0x2f,0x9f,0x54,
12501+ 0xbb,0x56,0x17,0x86,0x68,0x0e,0xba,0xa9
12502+ };
12503+
12504+__fips_constseg
12505+static const unsigned char aes_256_use_df_pr_int_returnedbits[] =
12506+ {
12507+ 0x31,0x8e,0xad,0xaf,0x40,0xeb,0x6b,0x74,0x31,0x46,0x80,0xc7,
12508+ 0x17,0xab,0x3c,0x7a
12509+ };
12510+
12511+__fips_constseg
12512+static const unsigned char aes_256_use_df_pr_additionalinput2[] =
12513+ {
12514+ 0x94,0x6b,0xc9,0x9f,0xab,0x8d,0xc5,0xec,0x71,0x88,0x1d,0x00,
12515+ 0x8c,0x89,0x68,0xe4,0xc8,0x07,0x77,0x36,0x17,0x6d,0x79,0x78,
12516+ 0xc7,0x06,0x4e,0x99,0x04,0x28,0x29,0xc3
12517+ };
12518+
12519+__fips_constseg
12520+static const unsigned char aes_256_use_df_pr_entropyinputpr2[] =
12521+ {
12522+ 0xbf,0x6c,0x59,0x2a,0x0d,0x44,0x0f,0xae,0x9a,0x5e,0x03,0x73,
12523+ 0xd8,0xa6,0xe1,0xcf,0x25,0x61,0x38,0x24,0x86,0x9e,0x53,0xe8,
12524+ 0xa4,0xdf,0x56,0xf4,0x06,0x07,0x9c,0x0f
12525+ };
12526+
12527+__fips_constseg
12528+static const unsigned char aes_256_use_df_pr_returnedbits[] =
12529+ {
12530+ 0x22,0x4a,0xb4,0xb8,0xb6,0xee,0x7d,0xb1,0x9e,0xc9,0xf9,0xa0,
12531+ 0xd9,0xe2,0x97,0x00
12532+ };
12533+
12534+
12535+/* AES-256 use df No PR */
12536+__fips_constseg
12537+static const unsigned char aes_256_use_df_entropyinput[] =
12538+ {
12539+ 0xa5,0x3e,0x37,0x10,0x17,0x43,0x91,0x93,0x59,0x1e,0x47,0x50,
12540+ 0x87,0xaa,0xdd,0xd5,0xc1,0xc3,0x86,0xcd,0xca,0x0d,0xdb,0x68,
12541+ 0xe0,0x02,0xd8,0x0f,0xdc,0x40,0x1a,0x47
12542+ };
12543+
12544+__fips_constseg
12545+static const unsigned char aes_256_use_df_nonce[] =
12546+ {
12547+ 0xa9,0x4d,0xa5,0x5a,0xfd,0xc5,0x0c,0xe5,0x1c,0x9a,0x3b,0x8a,
12548+ 0x4c,0x44,0x84,0x40
12549+ };
12550+
12551+__fips_constseg
12552+static const unsigned char aes_256_use_df_personalizationstring[] =
12553+ {
12554+ 0x8b,0x52,0xa2,0x4a,0x93,0xc3,0x4e,0xa7,0x1e,0x1c,0xa7,0x05,
12555+ 0xeb,0x82,0x9b,0xa6,0x5d,0xe4,0xd4,0xe0,0x7f,0xa3,0xd8,0x6b,
12556+ 0x37,0x84,0x5f,0xf1,0xc7,0xd5,0xf6,0xd2
12557+ };
12558+
12559+__fips_constseg
12560+static const unsigned char aes_256_use_df_additionalinput[] =
12561+ {
12562+ 0x20,0xf4,0x22,0xed,0xf8,0x5c,0xa1,0x6a,0x01,0xcf,0xbe,0x5f,
12563+ 0x8d,0x6c,0x94,0x7f,0xae,0x12,0xa8,0x57,0xdb,0x2a,0xa9,0xbf,
12564+ 0xc7,0xb3,0x65,0x81,0x80,0x8d,0x0d,0x46
12565+ };
12566+
12567+__fips_constseg
12568+static const unsigned char aes_256_use_df_int_returnedbits[] =
12569+ {
12570+ 0x4e,0x44,0xfd,0xf3,0x9e,0x29,0xa2,0xb8,0x0f,0x5d,0x6c,0xe1,
12571+ 0x28,0x0c,0x3b,0xc1
12572+ };
12573+
12574+__fips_constseg
12575+static const unsigned char aes_256_use_df_entropyinputreseed[] =
12576+ {
12577+ 0xdd,0x40,0xe5,0x98,0x7b,0x27,0x16,0x73,0x15,0x68,0xd2,0x76,
12578+ 0xbf,0x0c,0x67,0x15,0x75,0x79,0x03,0xd3,0xde,0xde,0x91,0x46,
12579+ 0x42,0xdd,0xd4,0x67,0xc8,0x79,0xc8,0x1e
12580+ };
12581+
12582+__fips_constseg
12583+static const unsigned char aes_256_use_df_additionalinputreseed[] =
12584+ {
12585+ 0x7f,0xd8,0x1f,0xbd,0x2a,0xb5,0x1c,0x11,0x5d,0x83,0x4e,0x99,
12586+ 0xf6,0x5c,0xa5,0x40,0x20,0xed,0x38,0x8e,0xd5,0x9e,0xe0,0x75,
12587+ 0x93,0xfe,0x12,0x5e,0x5d,0x73,0xfb,0x75
12588+ };
12589+
12590+__fips_constseg
12591+static const unsigned char aes_256_use_df_additionalinput2[] =
12592+ {
12593+ 0xcd,0x2c,0xff,0x14,0x69,0x3e,0x4c,0x9e,0xfd,0xfe,0x26,0x0d,
12594+ 0xe9,0x86,0x00,0x49,0x30,0xba,0xb1,0xc6,0x50,0x57,0x77,0x2a,
12595+ 0x62,0x39,0x2c,0x3b,0x74,0xeb,0xc9,0x0d
12596+ };
12597+
12598+__fips_constseg
12599+static const unsigned char aes_256_use_df_returnedbits[] =
12600+ {
12601+ 0x4f,0x78,0xbe,0xb9,0x4d,0x97,0x8c,0xe9,0xd0,0x97,0xfe,0xad,
12602+ 0xfa,0xfd,0x35,0x5e
12603+ };
12604+
12605+
12606+/* AES-128 no df PR */
12607+__fips_constseg
12608+static const unsigned char aes_128_no_df_pr_entropyinput[] =
12609+ {
12610+ 0x9a,0x25,0x65,0x10,0x67,0xd5,0xb6,0x6b,0x70,0xa1,0xb3,0xa4,
12611+ 0x43,0x95,0x80,0xc0,0x84,0x0a,0x79,0xb0,0x88,0x74,0xf2,0xbf,
12612+ 0x31,0x6c,0x33,0x38,0x0b,0x00,0xb2,0x5a
12613+ };
12614+
12615+__fips_constseg
12616+static const unsigned char aes_128_no_df_pr_nonce[] =
12617+ {
12618+ 0x78,0x47,0x6b,0xf7,0x90,0x8e,0x87,0xf1
12619+ };
12620+
12621+__fips_constseg
12622+static const unsigned char aes_128_no_df_pr_personalizationstring[] =
12623+ {
12624+ 0xf7,0x22,0x1d,0x3a,0xbe,0x1d,0xca,0x32,0x1b,0xbd,0x87,0x0c,
12625+ 0x51,0x24,0x19,0xee,0xa3,0x23,0x09,0x63,0x33,0x3d,0xa8,0x0c,
12626+ 0x1c,0xfa,0x42,0x89,0xcc,0x6f,0xa0,0xa8
12627+ };
12628+
12629+__fips_constseg
12630+static const unsigned char aes_128_no_df_pr_additionalinput[] =
12631+ {
12632+ 0xc9,0xe0,0x80,0xbf,0x8c,0x45,0x58,0x39,0xff,0x00,0xab,0x02,
12633+ 0x4c,0x3e,0x3a,0x95,0x9b,0x80,0xa8,0x21,0x2a,0xee,0xba,0x73,
12634+ 0xb1,0xd9,0xcf,0x28,0xf6,0x8f,0x9b,0x12
12635+ };
12636+
12637+__fips_constseg
12638+static const unsigned char aes_128_no_df_pr_entropyinputpr[] =
12639+ {
12640+ 0x4c,0xa8,0xc5,0xf0,0x59,0x9e,0xa6,0x8d,0x26,0x53,0xd7,0x8a,
12641+ 0xa9,0xd8,0xf7,0xed,0xb2,0xf9,0x12,0x42,0xe1,0xe5,0xbd,0xe7,
12642+ 0xe7,0x1d,0x74,0x99,0x00,0x9d,0x31,0x3e
12643+ };
12644+
12645+__fips_constseg
12646+static const unsigned char aes_128_no_df_pr_int_returnedbits[] =
12647+ {
12648+ 0xe2,0xac,0x20,0xf0,0x80,0xe7,0xbc,0x7e,0x9c,0x7b,0x65,0x71,
12649+ 0xaf,0x19,0x32,0x16
12650+ };
12651+
12652+__fips_constseg
12653+static const unsigned char aes_128_no_df_pr_additionalinput2[] =
12654+ {
12655+ 0x32,0x7f,0x38,0x8b,0x73,0x0a,0x78,0x83,0xdc,0x30,0xbe,0x9f,
12656+ 0x10,0x1f,0xf5,0x1f,0xca,0x00,0xb5,0x0d,0xd6,0x9d,0x60,0x83,
12657+ 0x51,0x54,0x7d,0x38,0x23,0x3a,0x52,0x50
12658+ };
12659+
12660+__fips_constseg
12661+static const unsigned char aes_128_no_df_pr_entropyinputpr2[] =
12662+ {
12663+ 0x18,0x61,0x53,0x56,0xed,0xed,0xd7,0x20,0xfb,0x71,0x04,0x7a,
12664+ 0xb2,0xac,0xc1,0x28,0xcd,0xf2,0xc2,0xfc,0xaa,0xb1,0x06,0x07,
12665+ 0xe9,0x46,0x95,0x02,0x48,0x01,0x78,0xf9
12666+ };
12667+
12668+__fips_constseg
12669+static const unsigned char aes_128_no_df_pr_returnedbits[] =
12670+ {
12671+ 0x29,0xc8,0x1b,0x15,0xb1,0xd1,0xc2,0xf6,0x71,0x86,0x68,0x33,
12672+ 0x57,0x82,0x33,0xaf
12673+ };
12674+
12675+
12676+/* AES-128 no df No PR */
12677+__fips_constseg
12678+static const unsigned char aes_128_no_df_entropyinput[] =
12679+ {
12680+ 0xc9,0xc5,0x79,0xbc,0xe8,0xc5,0x19,0xd8,0xbc,0x66,0x73,0x67,
12681+ 0xf6,0xd3,0x72,0xaa,0xa6,0x16,0xb8,0x50,0xb7,0x47,0x3a,0x42,
12682+ 0xab,0xf4,0x16,0xb2,0x96,0xd2,0xb6,0x60
12683+ };
12684+
12685+__fips_constseg
12686+static const unsigned char aes_128_no_df_nonce[] =
12687+ {
12688+ 0x5f,0xbf,0x97,0x0c,0x4b,0xa4,0x87,0x13
12689+ };
12690+
12691+__fips_constseg
12692+static const unsigned char aes_128_no_df_personalizationstring[] =
12693+ {
12694+ 0xce,0xfb,0x7b,0x3f,0xd4,0x6b,0x29,0x0d,0x69,0x06,0xff,0xbb,
12695+ 0xf2,0xe5,0xc6,0x6c,0x0a,0x10,0xa0,0xcf,0x1a,0x48,0xc7,0x8b,
12696+ 0x3c,0x16,0x88,0xed,0x50,0x13,0x81,0xce
12697+ };
12698+
12699+__fips_constseg
12700+static const unsigned char aes_128_no_df_additionalinput[] =
12701+ {
12702+ 0x4b,0x22,0x46,0x18,0x02,0x7b,0xd2,0x1b,0x22,0x42,0x7c,0x37,
12703+ 0xd9,0xf6,0xe8,0x9b,0x12,0x30,0x5f,0xe9,0x90,0xe8,0x08,0x24,
12704+ 0x4f,0x06,0x66,0xdb,0x19,0x2b,0x13,0x95
12705+ };
12706+
12707+__fips_constseg
12708+static const unsigned char aes_128_no_df_int_returnedbits[] =
12709+ {
12710+ 0x2e,0x96,0x70,0x64,0xfa,0xdf,0xdf,0x57,0xb5,0x82,0xee,0xd6,
12711+ 0xed,0x3e,0x65,0xc2
12712+ };
12713+
12714+__fips_constseg
12715+static const unsigned char aes_128_no_df_entropyinputreseed[] =
12716+ {
12717+ 0x26,0xc0,0x72,0x16,0x3a,0x4b,0xb7,0x99,0xd4,0x07,0xaf,0x66,
12718+ 0x62,0x36,0x96,0xa4,0x51,0x17,0xfa,0x07,0x8b,0x17,0x5e,0xa1,
12719+ 0x2f,0x3c,0x10,0xe7,0x90,0xd0,0x46,0x00
12720+ };
12721+
12722+__fips_constseg
12723+static const unsigned char aes_128_no_df_additionalinputreseed[] =
12724+ {
12725+ 0x83,0x39,0x37,0x7b,0x02,0x06,0xd2,0x12,0x13,0x8d,0x8b,0xf2,
12726+ 0xf0,0xf6,0x26,0xeb,0xa4,0x22,0x7b,0xc2,0xe7,0xba,0x79,0xe4,
12727+ 0x3b,0x77,0x5d,0x4d,0x47,0xb2,0x2d,0xb4
12728+ };
12729+
12730+__fips_constseg
12731+static const unsigned char aes_128_no_df_additionalinput2[] =
12732+ {
12733+ 0x0b,0xb9,0x67,0x37,0xdb,0x83,0xdf,0xca,0x81,0x8b,0xf9,0x3f,
12734+ 0xf1,0x11,0x1b,0x2f,0xf0,0x61,0xa6,0xdf,0xba,0xa3,0xb1,0xac,
12735+ 0xd3,0xe6,0x09,0xb8,0x2c,0x6a,0x67,0xd6
12736+ };
12737+
12738+__fips_constseg
12739+static const unsigned char aes_128_no_df_returnedbits[] =
12740+ {
12741+ 0x1e,0xa7,0xa4,0xe4,0xe1,0xa6,0x7c,0x69,0x9a,0x44,0x6c,0x36,
12742+ 0x81,0x37,0x19,0xd4
12743+ };
12744+
12745+
12746+/* AES-192 no df PR */
12747+__fips_constseg
12748+static const unsigned char aes_192_no_df_pr_entropyinput[] =
12749+ {
12750+ 0x9d,0x2c,0xd2,0x55,0x66,0xea,0xe0,0xbe,0x18,0xb7,0x76,0xe7,
12751+ 0x73,0x35,0xd8,0x1f,0xad,0x3a,0xe3,0x81,0x0e,0x92,0xd0,0x61,
12752+ 0xc9,0x12,0x26,0xf6,0x1c,0xdf,0xfe,0x47,0xaa,0xfe,0x7d,0x5a,
12753+ 0x17,0x1f,0x8d,0x9a
12754+ };
12755+
12756+__fips_constseg
12757+static const unsigned char aes_192_no_df_pr_nonce[] =
12758+ {
12759+ 0x44,0x82,0xed,0xe8,0x4c,0x28,0x5a,0x14,0xff,0x88,0x8d,0x19,
12760+ 0x61,0x5c,0xee,0x0f
12761+ };
12762+
12763+__fips_constseg
12764+static const unsigned char aes_192_no_df_pr_personalizationstring[] =
12765+ {
12766+ 0x47,0xd7,0x9b,0x99,0xaa,0xcb,0xe7,0xd2,0x57,0x66,0x2c,0xe1,
12767+ 0x78,0xd6,0x2c,0xea,0xa3,0x23,0x5f,0x2a,0xc1,0x3a,0xf0,0xa4,
12768+ 0x20,0x3b,0xfa,0x07,0xd5,0x05,0x02,0xe4,0x57,0x01,0xb6,0x10,
12769+ 0x57,0x2e,0xe7,0x55
12770+ };
12771+
12772+__fips_constseg
12773+static const unsigned char aes_192_no_df_pr_additionalinput[] =
12774+ {
12775+ 0x4b,0x74,0x0b,0x40,0xce,0x6b,0xc2,0x6a,0x24,0xb4,0xf3,0xad,
12776+ 0x7a,0xa5,0x7a,0xa2,0x15,0xe2,0xc8,0x61,0x15,0xc6,0xb7,0x85,
12777+ 0x69,0x11,0xad,0x7b,0x14,0xd2,0xf6,0x12,0xa1,0x95,0x5d,0x3f,
12778+ 0xe2,0xd0,0x0c,0x2f
12779+ };
12780+
12781+__fips_constseg
12782+static const unsigned char aes_192_no_df_pr_entropyinputpr[] =
12783+ {
12784+ 0x0c,0x9c,0xad,0x05,0xee,0xae,0x48,0x23,0x89,0x59,0xa1,0x94,
12785+ 0xd7,0xd8,0x75,0xd5,0x54,0x93,0xc7,0x4a,0xd9,0x26,0xde,0xeb,
12786+ 0xba,0xb0,0x7e,0x30,0x1d,0x5f,0x69,0x40,0x9c,0x3b,0x17,0x58,
12787+ 0x1d,0x30,0xb3,0x78
12788+ };
12789+
12790+__fips_constseg
12791+static const unsigned char aes_192_no_df_pr_int_returnedbits[] =
12792+ {
12793+ 0xf7,0x93,0xb0,0x6d,0x77,0x83,0xd5,0x38,0x01,0xe1,0x52,0x40,
12794+ 0x7e,0x3e,0x0c,0x26
12795+ };
12796+
12797+__fips_constseg
12798+static const unsigned char aes_192_no_df_pr_additionalinput2[] =
12799+ {
12800+ 0xbc,0x4b,0x37,0x44,0x1c,0xc5,0x45,0x5f,0x8f,0x51,0x62,0x8a,
12801+ 0x85,0x30,0x1d,0x7c,0xe4,0xcf,0xf7,0x44,0xce,0x32,0x3e,0x57,
12802+ 0x95,0xa4,0x2a,0xdf,0xfd,0x9e,0x38,0x41,0xb3,0xf6,0xc5,0xee,
12803+ 0x0c,0x4b,0xee,0x6e
12804+ };
12805+
12806+__fips_constseg
12807+static const unsigned char aes_192_no_df_pr_entropyinputpr2[] =
12808+ {
12809+ 0xec,0xaf,0xf6,0x4f,0xb1,0xa0,0x54,0xb5,0x5b,0xe3,0x46,0xb0,
12810+ 0x76,0x5a,0x7c,0x3f,0x7b,0x94,0x69,0x21,0x51,0x02,0xe5,0x9f,
12811+ 0x04,0x59,0x02,0x98,0xc6,0x43,0x2c,0xcc,0x26,0x4c,0x87,0x6b,
12812+ 0x8e,0x0a,0x83,0xdf
12813+ };
12814+
12815+__fips_constseg
12816+static const unsigned char aes_192_no_df_pr_returnedbits[] =
12817+ {
12818+ 0x74,0x45,0xfb,0x53,0x84,0x96,0xbe,0xff,0x15,0xcc,0x41,0x91,
12819+ 0xb9,0xa1,0x21,0x68
12820+ };
12821+
12822+
12823+/* AES-192 no df No PR */
12824+__fips_constseg
12825+static const unsigned char aes_192_no_df_entropyinput[] =
12826+ {
12827+ 0x3c,0x7d,0xb5,0xe0,0x54,0xd9,0x6e,0x8c,0xa9,0x86,0xce,0x4e,
12828+ 0x6b,0xaf,0xeb,0x2f,0xe7,0x75,0xe0,0x8b,0xa4,0x3b,0x07,0xfe,
12829+ 0xbe,0x33,0x75,0x93,0x80,0x27,0xb5,0x29,0x47,0x8b,0xc7,0x28,
12830+ 0x94,0xc3,0x59,0x63
12831+ };
12832+
12833+__fips_constseg
12834+static const unsigned char aes_192_no_df_nonce[] =
12835+ {
12836+ 0x43,0xf1,0x7d,0xb8,0xc3,0xfe,0xd0,0x23,0x6b,0xb4,0x92,0xdb,
12837+ 0x29,0xfd,0x45,0x71
12838+ };
12839+
12840+__fips_constseg
12841+static const unsigned char aes_192_no_df_personalizationstring[] =
12842+ {
12843+ 0x9f,0x24,0x29,0x99,0x9e,0x01,0xab,0xe9,0x19,0xd8,0x23,0x08,
12844+ 0xb7,0xd6,0x7e,0x8c,0xc0,0x9e,0x7f,0x6e,0x5b,0x33,0x20,0x96,
12845+ 0x0b,0x23,0x2c,0xa5,0x6a,0xf8,0x1b,0x04,0x26,0xdb,0x2e,0x2b,
12846+ 0x3b,0x88,0xce,0x35
12847+ };
12848+
12849+__fips_constseg
12850+static const unsigned char aes_192_no_df_additionalinput[] =
12851+ {
12852+ 0x94,0xe9,0x7c,0x3d,0xa7,0xdb,0x60,0x83,0x1f,0x98,0x3f,0x0b,
12853+ 0x88,0x59,0x57,0x51,0x88,0x9f,0x76,0x49,0x9f,0xa6,0xda,0x71,
12854+ 0x1d,0x0d,0x47,0x16,0x63,0xc5,0x68,0xe4,0x5d,0x39,0x69,0xb3,
12855+ 0x3e,0xbe,0xd4,0x8e
12856+ };
12857+
12858+__fips_constseg
12859+static const unsigned char aes_192_no_df_int_returnedbits[] =
12860+ {
12861+ 0xf9,0xd7,0xad,0x69,0xab,0x8f,0x23,0x56,0x70,0x17,0x4f,0x2a,
12862+ 0x45,0xe7,0x4a,0xc5
12863+ };
12864+
12865+__fips_constseg
12866+static const unsigned char aes_192_no_df_entropyinputreseed[] =
12867+ {
12868+ 0xa6,0x71,0x6a,0x3d,0xba,0xd1,0xe8,0x66,0xa6,0xef,0xb2,0x0e,
12869+ 0xa8,0x9c,0xaa,0x4e,0xaf,0x17,0x89,0x50,0x00,0xda,0xa1,0xb1,
12870+ 0x0b,0xa4,0xd9,0x35,0x89,0xc8,0xe5,0xb0,0xd9,0xb7,0xc4,0x33,
12871+ 0x9b,0xcb,0x7e,0x75
12872+ };
12873+
12874+__fips_constseg
12875+static const unsigned char aes_192_no_df_additionalinputreseed[] =
12876+ {
12877+ 0x27,0x21,0xfc,0xc2,0xbd,0xf3,0x3c,0xce,0xc3,0xca,0xc1,0x01,
12878+ 0xe0,0xff,0x93,0x12,0x7d,0x54,0x42,0xe3,0x9f,0x03,0xdf,0x27,
12879+ 0x04,0x07,0x3c,0x53,0x7f,0xa8,0x66,0xc8,0x97,0x4b,0x61,0x40,
12880+ 0x5d,0x7a,0x25,0x79
12881+ };
12882+
12883+__fips_constseg
12884+static const unsigned char aes_192_no_df_additionalinput2[] =
12885+ {
12886+ 0x2d,0x8e,0x16,0x5d,0x0b,0x9f,0xeb,0xaa,0xd6,0xec,0x28,0x71,
12887+ 0x7c,0x0b,0xc1,0x1d,0xd4,0x44,0x19,0x47,0xfd,0x1d,0x7c,0xe5,
12888+ 0xf3,0x27,0xe1,0xb6,0x72,0x0a,0xe0,0xec,0x0e,0xcd,0xef,0x1a,
12889+ 0x91,0x6a,0xe3,0x5f
12890+ };
12891+
12892+__fips_constseg
12893+static const unsigned char aes_192_no_df_returnedbits[] =
12894+ {
12895+ 0xe5,0xda,0xb8,0xe0,0x63,0x59,0x5a,0xcc,0x3d,0xdc,0x9f,0xe8,
12896+ 0x66,0x67,0x2c,0x92
12897+ };
12898+
12899+
12900+/* AES-256 no df PR */
12901+__fips_constseg
12902+static const unsigned char aes_256_no_df_pr_entropyinput[] =
12903+ {
12904+ 0x15,0xc7,0x5d,0xcb,0x41,0x4b,0x16,0x01,0x3a,0xd1,0x44,0xe8,
12905+ 0x22,0x32,0xc6,0x9c,0x3f,0xe7,0x43,0xf5,0x9a,0xd3,0xea,0xf2,
12906+ 0xd7,0x4e,0x6e,0x6a,0x55,0x73,0x40,0xef,0x89,0xad,0x0d,0x03,
12907+ 0x96,0x7e,0x78,0x81,0x2f,0x91,0x1b,0x44,0xb0,0x02,0xba,0x1c
12908+ };
12909+
12910+__fips_constseg
12911+static const unsigned char aes_256_no_df_pr_nonce[] =
12912+ {
12913+ 0xdc,0xe4,0xd4,0x27,0x7a,0x90,0xd7,0x99,0x43,0xa1,0x3c,0x30,
12914+ 0xcc,0x4b,0xee,0x2e
12915+ };
12916+
12917+__fips_constseg
12918+static const unsigned char aes_256_no_df_pr_personalizationstring[] =
12919+ {
12920+ 0xe3,0xe6,0xb9,0x11,0xe4,0x7a,0xa4,0x40,0x6b,0xf8,0x73,0xf7,
12921+ 0x7e,0xec,0xc7,0xb9,0x97,0xbf,0xf8,0x25,0x7b,0xbe,0x11,0x9b,
12922+ 0x5b,0x6a,0x0c,0x2e,0x2b,0x01,0x51,0xcd,0x41,0x4b,0x6b,0xac,
12923+ 0x31,0xa8,0x0b,0xf7,0xe6,0x59,0x42,0xb8,0x03,0x0c,0xf8,0x06
12924+ };
12925+
12926+__fips_constseg
12927+static const unsigned char aes_256_no_df_pr_additionalinput[] =
12928+ {
12929+ 0x6a,0x9f,0x00,0x91,0xae,0xfe,0xcf,0x84,0x99,0xce,0xb1,0x40,
12930+ 0x6d,0x5d,0x33,0x28,0x84,0xf4,0x8c,0x63,0x4c,0x7e,0xbd,0x2c,
12931+ 0x80,0x76,0xee,0x5a,0xaa,0x15,0x07,0x31,0xd8,0xbb,0x8c,0x69,
12932+ 0x9d,0x9d,0xbc,0x7e,0x49,0xae,0xec,0x39,0x6b,0xd1,0x1f,0x7e
12933+ };
12934+
12935+__fips_constseg
12936+static const unsigned char aes_256_no_df_pr_entropyinputpr[] =
12937+ {
12938+ 0xf3,0xb9,0x75,0x9c,0xbd,0x88,0xea,0xa2,0x50,0xad,0xd6,0x16,
12939+ 0x1a,0x12,0x3c,0x86,0x68,0xaf,0x6f,0xbe,0x19,0xf2,0xee,0xcc,
12940+ 0xa5,0x70,0x84,0x53,0x50,0xcb,0x9f,0x14,0xa9,0xe5,0xee,0xb9,
12941+ 0x48,0x45,0x40,0xe2,0xc7,0xc9,0x9a,0x74,0xff,0x8c,0x99,0x1f
12942+ };
12943+
12944+__fips_constseg
12945+static const unsigned char aes_256_no_df_pr_int_returnedbits[] =
12946+ {
12947+ 0x2e,0xf2,0x45,0x4c,0x62,0x2e,0x0a,0xb9,0x6b,0xa2,0xfd,0x56,
12948+ 0x79,0x60,0x93,0xcf
12949+ };
12950+
12951+__fips_constseg
12952+static const unsigned char aes_256_no_df_pr_additionalinput2[] =
12953+ {
12954+ 0xaf,0x69,0x20,0xe9,0x3b,0x37,0x9d,0x3f,0xb4,0x80,0x02,0x7a,
12955+ 0x25,0x7d,0xb8,0xde,0x71,0xc5,0x06,0x0c,0xb4,0xe2,0x8f,0x35,
12956+ 0xd8,0x14,0x0d,0x7f,0x76,0x63,0x4e,0xb5,0xee,0xe9,0x6f,0x34,
12957+ 0xc7,0x5f,0x56,0x14,0x4a,0xe8,0x73,0x95,0x5b,0x1c,0xb9,0xcb
12958+ };
12959+
12960+__fips_constseg
12961+static const unsigned char aes_256_no_df_pr_entropyinputpr2[] =
12962+ {
12963+ 0xe5,0xb0,0x2e,0x7e,0x52,0x30,0xe3,0x63,0x82,0xb6,0x44,0xd3,
12964+ 0x25,0x19,0x05,0x24,0x9a,0x9f,0x5f,0x27,0x6a,0x29,0xab,0xfa,
12965+ 0x07,0xa2,0x42,0x0f,0xc5,0xa8,0x94,0x7c,0x17,0x7b,0x85,0x83,
12966+ 0x0c,0x25,0x0e,0x63,0x0b,0xe9,0x12,0x60,0xcd,0xef,0x80,0x0f
12967+ };
12968+
12969+__fips_constseg
12970+static const unsigned char aes_256_no_df_pr_returnedbits[] =
12971+ {
12972+ 0x5e,0xf2,0x26,0xef,0x9f,0x58,0x5d,0xd5,0x4a,0x10,0xfe,0xa7,
12973+ 0x2d,0x5f,0x4a,0x46
12974+ };
12975+
12976+
12977+/* AES-256 no df No PR */
12978+__fips_constseg
12979+static const unsigned char aes_256_no_df_entropyinput[] =
12980+ {
12981+ 0xfb,0xcf,0x1b,0x61,0x16,0x89,0x78,0x23,0xf5,0xd8,0x96,0xe3,
12982+ 0x4e,0x64,0x0b,0x29,0x9a,0x3f,0xf8,0xa5,0xed,0xf2,0xfe,0xdb,
12983+ 0x16,0xca,0x7f,0x10,0xfa,0x5e,0x18,0x76,0x2c,0x63,0x5e,0x96,
12984+ 0xcf,0xb3,0xd6,0xfc,0xaf,0x99,0x39,0x28,0x9c,0x61,0xe8,0xb3
12985+ };
12986+
12987+__fips_constseg
12988+static const unsigned char aes_256_no_df_nonce[] =
12989+ {
12990+ 0x12,0x96,0xf0,0x52,0xf3,0x8d,0x81,0xcf,0xde,0x86,0xf2,0x99,
12991+ 0x43,0x96,0xb9,0xf0
12992+ };
12993+
12994+__fips_constseg
12995+static const unsigned char aes_256_no_df_personalizationstring[] =
12996+ {
12997+ 0x63,0x0d,0x78,0xf5,0x90,0x8e,0x32,0x47,0xb0,0x4d,0x37,0x60,
12998+ 0x09,0x96,0xbc,0xbf,0x97,0x7a,0x62,0x14,0x45,0xbd,0x8d,0xcc,
12999+ 0x69,0xfb,0x03,0xe1,0x80,0x1c,0xc7,0xe2,0x2a,0xf9,0x37,0x3f,
13000+ 0x66,0x4d,0x62,0xd9,0x10,0xe0,0xad,0xc8,0x9a,0xf0,0xa8,0x6d
13001+ };
13002+
13003+__fips_constseg
13004+static const unsigned char aes_256_no_df_additionalinput[] =
13005+ {
13006+ 0x36,0xc6,0x13,0x60,0xbb,0x14,0xad,0x22,0xb0,0x38,0xac,0xa6,
13007+ 0x18,0x16,0x93,0x25,0x86,0xb7,0xdc,0xdc,0x36,0x98,0x2b,0xf9,
13008+ 0x68,0x33,0xd3,0xc6,0xff,0xce,0x8d,0x15,0x59,0x82,0x76,0xed,
13009+ 0x6f,0x8d,0x49,0x74,0x2f,0xda,0xdc,0x1f,0x17,0xd0,0xde,0x17
13010+ };
13011+
13012+__fips_constseg
13013+static const unsigned char aes_256_no_df_int_returnedbits[] =
13014+ {
13015+ 0x16,0x2f,0x8e,0x3f,0x21,0x7a,0x1c,0x20,0x56,0xd1,0x92,0xf6,
13016+ 0xd2,0x25,0x75,0x0e
13017+ };
13018+
13019+__fips_constseg
13020+static const unsigned char aes_256_no_df_entropyinputreseed[] =
13021+ {
13022+ 0x91,0x79,0x76,0xee,0xe0,0xcf,0x9e,0xc2,0xd5,0xd4,0x23,0x9b,
13023+ 0x12,0x8c,0x7e,0x0a,0xb7,0xd2,0x8b,0xd6,0x7c,0xa3,0xc6,0xe5,
13024+ 0x0e,0xaa,0xc7,0x6b,0xae,0x0d,0xfa,0x53,0x06,0x79,0xa1,0xed,
13025+ 0x4d,0x6a,0x0e,0xd8,0x9d,0xbe,0x1b,0x31,0x93,0x7b,0xec,0xfb
13026+ };
13027+
13028+__fips_constseg
13029+static const unsigned char aes_256_no_df_additionalinputreseed[] =
13030+ {
13031+ 0xd2,0x46,0x50,0x22,0x10,0x14,0x63,0xf7,0xea,0x0f,0xb9,0x7e,
13032+ 0x0d,0xe1,0x94,0x07,0xaf,0x09,0x44,0x31,0xea,0x64,0xa4,0x18,
13033+ 0x5b,0xf9,0xd8,0xc2,0xfa,0x03,0x47,0xc5,0x39,0x43,0xd5,0x3b,
13034+ 0x62,0x86,0x64,0xea,0x2c,0x73,0x8c,0xae,0x9d,0x98,0x98,0x29
13035+ };
13036+
13037+__fips_constseg
13038+static const unsigned char aes_256_no_df_additionalinput2[] =
13039+ {
13040+ 0x8c,0xab,0x18,0xf8,0xc3,0xec,0x18,0x5c,0xb3,0x1e,0x9d,0xbe,
13041+ 0x3f,0x03,0xb4,0x00,0x98,0x9d,0xae,0xeb,0xf4,0x94,0xf8,0x42,
13042+ 0x8f,0xe3,0x39,0x07,0xe1,0xc9,0xad,0x0b,0x1f,0xed,0xc0,0xba,
13043+ 0xf6,0xd1,0xec,0x27,0x86,0x7b,0xd6,0x55,0x9b,0x60,0xa5,0xc6
13044+ };
13045+
13046+__fips_constseg
13047+static const unsigned char aes_256_no_df_returnedbits[] =
13048+ {
13049+ 0xef,0xd2,0xd8,0x5c,0xdc,0x62,0x25,0x9f,0xaa,0x1e,0x2c,0x67,
13050+ 0xf6,0x02,0x32,0xe2
13051+ };
13052+
13053+
13054+/* SHA-1 PR */
13055+__fips_constseg
13056+static const unsigned char sha1_pr_entropyinput[] =
13057+ {
13058+ 0xd2,0x36,0xa5,0x27,0x31,0x73,0xdd,0x11,0x4f,0x93,0xbd,0xe2,
13059+ 0x31,0xa5,0x91,0x13
13060+ };
13061+
13062+__fips_constseg
13063+static const unsigned char sha1_pr_nonce[] =
13064+ {
13065+ 0xb5,0xb3,0x60,0xef,0xf7,0x63,0x31,0xf3
13066+ };
13067+
13068+__fips_constseg
13069+static const unsigned char sha1_pr_personalizationstring[] =
13070+ {
13071+ 0xd4,0xbb,0x02,0x10,0xb2,0x71,0xdb,0x81,0xd6,0xf0,0x42,0x60,
13072+ 0xda,0xea,0x77,0x52
13073+ };
13074+
13075+__fips_constseg
13076+static const unsigned char sha1_pr_additionalinput[] =
13077+ {
13078+ 0x4d,0xd2,0x6c,0x87,0xfb,0x2c,0x4f,0xa6,0x8d,0x16,0x63,0x22,
13079+ 0x6a,0x51,0xe3,0xf8
13080+ };
13081+
13082+__fips_constseg
13083+static const unsigned char sha1_pr_entropyinputpr[] =
13084+ {
13085+ 0xc9,0x83,0x9e,0x16,0xf6,0x1c,0x0f,0xb2,0xec,0x60,0x31,0xa9,
13086+ 0xcb,0xa9,0x36,0x7a
13087+ };
13088+
13089+__fips_constseg
13090+static const unsigned char sha1_pr_int_returnedbits[] =
13091+ {
13092+ 0xa8,0x13,0x4f,0xf4,0x31,0x02,0x44,0xe3,0xd3,0x3d,0x61,0x9e,
13093+ 0xe5,0xc6,0x3e,0x89,0xb5,0x9b,0x0f,0x35
13094+ };
13095+
13096+__fips_constseg
13097+static const unsigned char sha1_pr_additionalinput2[] =
13098+ {
13099+ 0xf9,0xe8,0xd2,0x72,0x13,0x34,0x95,0x6f,0x15,0x49,0x47,0x99,
13100+ 0x16,0x03,0x19,0x47
13101+ };
13102+
13103+__fips_constseg
13104+static const unsigned char sha1_pr_entropyinputpr2[] =
13105+ {
13106+ 0x4e,0x8c,0x49,0x9b,0x4a,0x5c,0x9b,0x9c,0x3a,0xee,0xfb,0xd2,
13107+ 0xae,0xcd,0x8c,0xc4
13108+ };
13109+
13110+__fips_constseg
13111+static const unsigned char sha1_pr_returnedbits[] =
13112+ {
13113+ 0x50,0xb4,0xb4,0xcd,0x68,0x57,0xfc,0x2e,0xc1,0x52,0xcc,0xf6,
13114+ 0x68,0xa4,0x81,0xed,0x7e,0xe4,0x1d,0x87
13115+ };
13116+
13117+
13118+/* SHA-1 No PR */
13119+__fips_constseg
13120+static const unsigned char sha1_entropyinput[] =
13121+ {
13122+ 0xa9,0x47,0x1b,0x29,0x2d,0x1c,0x05,0xdf,0x76,0xd0,0x62,0xf9,
13123+ 0xe2,0x7f,0x4c,0x7b
13124+ };
13125+
13126+__fips_constseg
13127+static const unsigned char sha1_nonce[] =
13128+ {
13129+ 0x53,0x23,0x24,0xe3,0xec,0x0c,0x54,0x14
13130+ };
13131+
13132+__fips_constseg
13133+static const unsigned char sha1_personalizationstring[] =
13134+ {
13135+ 0x7a,0x87,0xa1,0xac,0x1c,0xfd,0xab,0xae,0xf7,0xd6,0xfb,0x76,
13136+ 0x28,0xec,0x6d,0xca
13137+ };
13138+
13139+__fips_constseg
13140+static const unsigned char sha1_additionalinput[] =
13141+ {
13142+ 0xfc,0x92,0x35,0xd6,0x7e,0xb7,0x24,0x65,0xfd,0x12,0x27,0x35,
13143+ 0xc0,0x72,0xca,0x28
13144+ };
13145+
13146+__fips_constseg
13147+static const unsigned char sha1_int_returnedbits[] =
13148+ {
13149+ 0x57,0x88,0x82,0xe5,0x25,0xa5,0x2c,0x4a,0x06,0x20,0x6c,0x72,
13150+ 0x55,0x61,0xdd,0x90,0x71,0x9f,0x95,0xea
13151+ };
13152+
13153+__fips_constseg
13154+static const unsigned char sha1_entropyinputreseed[] =
13155+ {
13156+ 0x69,0xa5,0x40,0x62,0x98,0x47,0x56,0x73,0x4a,0x8f,0x60,0x96,
13157+ 0xd6,0x99,0x27,0xed
13158+ };
13159+
13160+__fips_constseg
13161+static const unsigned char sha1_additionalinputreseed[] =
13162+ {
13163+ 0xe5,0x40,0x4e,0xbd,0x50,0x00,0xf5,0x15,0xa6,0xee,0x45,0xda,
13164+ 0x84,0x3d,0xd4,0xc0
13165+ };
13166+
13167+__fips_constseg
13168+static const unsigned char sha1_additionalinput2[] =
13169+ {
13170+ 0x11,0x51,0x14,0xf0,0x09,0x1b,0x4e,0x56,0x0d,0xe9,0xf6,0x1e,
13171+ 0x52,0x65,0xcd,0x96
13172+ };
13173+
13174+__fips_constseg
13175+static const unsigned char sha1_returnedbits[] =
13176+ {
13177+ 0xa1,0x9c,0x94,0x6e,0x29,0xe1,0x33,0x0d,0x32,0xd6,0xaa,0xce,
13178+ 0x71,0x3f,0x52,0x72,0x8b,0x42,0xa8,0xd7
13179+ };
13180+
13181+
13182+/* SHA-224 PR */
13183+__fips_constseg
13184+static const unsigned char sha224_pr_entropyinput[] =
13185+ {
13186+ 0x12,0x69,0x32,0x4f,0x83,0xa6,0xf5,0x14,0xe3,0x49,0x3e,0x75,
13187+ 0x3e,0xde,0xad,0xa1,0x29,0xc3,0xf3,0x19,0x20,0xb5,0x4c,0xd9
13188+ };
13189+
13190+__fips_constseg
13191+static const unsigned char sha224_pr_nonce[] =
13192+ {
13193+ 0x6a,0x78,0xd0,0xeb,0xbb,0x5a,0xf0,0xee,0xe8,0xc3,0xba,0x71
13194+ };
13195+
13196+__fips_constseg
13197+static const unsigned char sha224_pr_personalizationstring[] =
13198+ {
13199+ 0xd5,0xb8,0xb6,0xbc,0xc1,0x5b,0x60,0x31,0x3c,0xf5,0xe5,0xc0,
13200+ 0x8e,0x52,0x7a,0xbd,0xea,0x47,0xa9,0x5f,0x8f,0xf9,0x8b,0xae
13201+ };
13202+
13203+__fips_constseg
13204+static const unsigned char sha224_pr_additionalinput[] =
13205+ {
13206+ 0x1f,0x55,0xec,0xae,0x16,0x12,0x84,0xba,0x84,0x16,0x19,0x88,
13207+ 0x8e,0xb8,0x33,0x25,0x54,0xff,0xca,0x79,0xaf,0x07,0x25,0x50
13208+ };
13209+
13210+__fips_constseg
13211+static const unsigned char sha224_pr_entropyinputpr[] =
13212+ {
13213+ 0x92,0xa3,0x32,0xa8,0x9a,0x0a,0x58,0x7c,0x1d,0x5a,0x7e,0xe1,
13214+ 0xb2,0x73,0xab,0x0e,0x16,0x79,0x23,0xd3,0x29,0x89,0x81,0xe1
13215+ };
13216+
13217+__fips_constseg
13218+static const unsigned char sha224_pr_int_returnedbits[] =
13219+ {
13220+ 0xf3,0x38,0x91,0x40,0x37,0x7a,0x51,0x72,0x42,0x74,0x78,0x0a,
13221+ 0x69,0xfd,0xa6,0x44,0x43,0x45,0x6c,0x0c,0x5a,0x19,0xff,0xf1,
13222+ 0x54,0x60,0xee,0x6a
13223+ };
13224+
13225+__fips_constseg
13226+static const unsigned char sha224_pr_additionalinput2[] =
13227+ {
13228+ 0x75,0xf3,0x04,0x25,0xdd,0x36,0xa8,0x37,0x46,0xae,0x0c,0x52,
13229+ 0x05,0x79,0x4c,0x26,0xdb,0xe9,0x71,0x16,0x4c,0x0a,0xf2,0x60
13230+ };
13231+
13232+__fips_constseg
13233+static const unsigned char sha224_pr_entropyinputpr2[] =
13234+ {
13235+ 0xea,0xc5,0x03,0x0a,0x4f,0xb0,0x38,0x8d,0x23,0xd4,0xc8,0x77,
13236+ 0xe2,0x6d,0x9c,0x0b,0x44,0xf7,0x2d,0x5b,0xbf,0x5d,0x2a,0x11
13237+ };
13238+
13239+__fips_constseg
13240+static const unsigned char sha224_pr_returnedbits[] =
13241+ {
13242+ 0x60,0x50,0x2b,0xe7,0x86,0xd8,0x26,0x73,0xe3,0x1d,0x95,0x20,
13243+ 0xb3,0x2c,0x32,0x1c,0xf5,0xce,0x57,0xa6,0x67,0x2b,0xdc,0x4e,
13244+ 0xdd,0x11,0x4c,0xc4
13245+ };
13246+
13247+
13248+/* SHA-224 No PR */
13249+__fips_constseg
13250+static const unsigned char sha224_entropyinput[] =
13251+ {
13252+ 0xb2,0x1c,0x77,0x4d,0xf6,0xd3,0xb6,0x40,0xb7,0x30,0x3e,0x29,
13253+ 0xb0,0x85,0x1c,0xbe,0x4a,0xea,0x6b,0x5a,0xb5,0x8a,0x97,0xeb
13254+ };
13255+
13256+__fips_constseg
13257+static const unsigned char sha224_nonce[] =
13258+ {
13259+ 0x42,0x02,0x0a,0x1c,0x98,0x9a,0x77,0x9e,0x9f,0x80,0xba,0xe0
13260+ };
13261+
13262+__fips_constseg
13263+static const unsigned char sha224_personalizationstring[] =
13264+ {
13265+ 0x98,0xb8,0x04,0x41,0xfc,0xc1,0x5d,0xc5,0xe9,0xb9,0x08,0xda,
13266+ 0xf9,0xfa,0x0d,0x90,0xce,0xdf,0x1d,0x10,0xa9,0x8d,0x50,0x0c
13267+ };
13268+
13269+__fips_constseg
13270+static const unsigned char sha224_additionalinput[] =
13271+ {
13272+ 0x9a,0x8d,0x39,0x49,0x42,0xd5,0x0b,0xae,0xe1,0xaf,0xb7,0x00,
13273+ 0x02,0xfa,0x96,0xb1,0xa5,0x1d,0x2d,0x25,0x78,0xee,0x83,0x3f
13274+ };
13275+
13276+__fips_constseg
13277+static const unsigned char sha224_int_returnedbits[] =
13278+ {
13279+ 0xe4,0xf5,0x53,0x79,0x5a,0x97,0x58,0x06,0x08,0xba,0x7b,0xfa,
13280+ 0xf0,0x83,0x05,0x8c,0x22,0xc0,0xc9,0xdb,0x15,0xe7,0xde,0x20,
13281+ 0x55,0x22,0x9a,0xad
13282+ };
13283+
13284+__fips_constseg
13285+static const unsigned char sha224_entropyinputreseed[] =
13286+ {
13287+ 0x67,0x09,0x48,0xaa,0x07,0x16,0x99,0x89,0x7f,0x6d,0xa0,0xe5,
13288+ 0x8f,0xdf,0xbc,0xdb,0xfe,0xe5,0x6c,0x7a,0x95,0x4a,0x66,0x17
13289+ };
13290+
13291+__fips_constseg
13292+static const unsigned char sha224_additionalinputreseed[] =
13293+ {
13294+ 0x0f,0x4b,0x1c,0x6f,0xb7,0xe3,0x47,0xe5,0x5d,0x7d,0x38,0xd6,
13295+ 0x28,0x9b,0xeb,0x55,0x63,0x09,0x3e,0x7c,0x56,0xea,0xf8,0x19
13296+ };
13297+
13298+__fips_constseg
13299+static const unsigned char sha224_additionalinput2[] =
13300+ {
13301+ 0x2d,0x26,0x7c,0x37,0xe4,0x7a,0x28,0x5e,0x5a,0x3c,0xaf,0x3d,
13302+ 0x5a,0x8e,0x55,0xa2,0x1a,0x6e,0xc0,0xe5,0xf6,0x21,0xd3,0xf6
13303+ };
13304+
13305+__fips_constseg
13306+static const unsigned char sha224_returnedbits[] =
13307+ {
13308+ 0x4d,0x83,0x35,0xdf,0x67,0xa9,0xfc,0x17,0xda,0x70,0xcc,0x8b,
13309+ 0x7f,0x77,0xae,0xa2,0x5f,0xb9,0x7e,0x74,0x4c,0x26,0xc1,0x7a,
13310+ 0x3b,0xa7,0x5c,0x93
13311+ };
13312+
13313+
13314+/* SHA-256 PR */
13315+__fips_constseg
13316+static const unsigned char sha256_pr_entropyinput[] =
13317+ {
13318+ 0xce,0x49,0x00,0x7a,0x56,0xe3,0x67,0x8f,0xe1,0xb6,0xa7,0xd4,
13319+ 0x4f,0x08,0x7a,0x1b,0x01,0xf4,0xfa,0x6b,0xef,0xb7,0xe5,0xeb,
13320+ 0x07,0x3d,0x11,0x0d,0xc8,0xea,0x2b,0xfe
13321+ };
13322+
13323+__fips_constseg
13324+static const unsigned char sha256_pr_nonce[] =
13325+ {
13326+ 0x73,0x41,0xc8,0x92,0x94,0xe2,0xc5,0x5f,0x93,0xfd,0x39,0x5d,
13327+ 0x2b,0x91,0x4d,0x38
13328+ };
13329+
13330+__fips_constseg
13331+static const unsigned char sha256_pr_personalizationstring[] =
13332+ {
13333+ 0x50,0x6d,0x01,0x01,0x07,0x5a,0x80,0x35,0x7a,0x56,0x1a,0x56,
13334+ 0x2f,0x9a,0x0b,0x35,0xb2,0xb1,0xc9,0xe5,0xca,0x69,0x61,0x48,
13335+ 0xff,0xfb,0x0f,0xd9,0x4b,0x79,0x1d,0xba
13336+ };
13337+
13338+__fips_constseg
13339+static const unsigned char sha256_pr_additionalinput[] =
13340+ {
13341+ 0x20,0xb8,0xdf,0x44,0x77,0x5a,0xb8,0xd3,0xbf,0xf6,0xcf,0xac,
13342+ 0x5e,0xa6,0x96,0x62,0x73,0x44,0x40,0x4a,0x30,0xfb,0x38,0xa5,
13343+ 0x7b,0x0d,0xe4,0x0d,0xc6,0xe4,0x9a,0x1f
13344+ };
13345+
13346+__fips_constseg
13347+static const unsigned char sha256_pr_entropyinputpr[] =
13348+ {
13349+ 0x04,0xc4,0x65,0xf4,0xd3,0xbf,0x83,0x4b,0xab,0xc8,0x41,0xa8,
13350+ 0xc2,0xe0,0x44,0x63,0x77,0x4c,0x6f,0x6c,0x49,0x46,0xff,0x94,
13351+ 0x17,0xea,0xe6,0x1a,0x9d,0x5e,0x66,0x78
13352+ };
13353+
13354+__fips_constseg
13355+static const unsigned char sha256_pr_int_returnedbits[] =
13356+ {
13357+ 0x07,0x4d,0xac,0x9b,0x86,0xca,0x4a,0xaa,0x6e,0x7a,0x03,0xa2,
13358+ 0x5d,0x10,0xea,0x0b,0xf9,0x83,0xcc,0xd1,0xfc,0xe2,0x07,0xc7,
13359+ 0x06,0x34,0x60,0x6f,0x83,0x94,0x99,0x76
13360+ };
13361+
13362+__fips_constseg
13363+static const unsigned char sha256_pr_additionalinput2[] =
13364+ {
13365+ 0x89,0x4e,0x45,0x8c,0x11,0xf9,0xbc,0x5b,0xac,0x74,0x8b,0x4b,
13366+ 0x5f,0xf7,0x19,0xf3,0xf5,0x24,0x54,0x14,0xd1,0x15,0xb1,0x43,
13367+ 0x12,0xa4,0x5f,0xd4,0xec,0xfc,0xcd,0x09
13368+ };
13369+
13370+__fips_constseg
13371+static const unsigned char sha256_pr_entropyinputpr2[] =
13372+ {
13373+ 0x0e,0xeb,0x1f,0xd7,0xfc,0xd1,0x9d,0xd4,0x05,0x36,0x8b,0xb2,
13374+ 0xfb,0xe4,0xf4,0x51,0x0c,0x87,0x9b,0x02,0x44,0xd5,0x92,0x4d,
13375+ 0x44,0xfe,0x1a,0x03,0x43,0x56,0xbd,0x86
13376+ };
13377+
13378+__fips_constseg
13379+static const unsigned char sha256_pr_returnedbits[] =
13380+ {
13381+ 0x02,0xaa,0xb6,0x1d,0x7e,0x2a,0x40,0x03,0x69,0x2d,0x49,0xa3,
13382+ 0x41,0xe7,0x44,0x0b,0xaf,0x7b,0x85,0xe4,0x5f,0x53,0x3b,0x64,
13383+ 0xbc,0x89,0xc8,0x82,0xd4,0x78,0x37,0xa2
13384+ };
13385+
13386+
13387+/* SHA-256 No PR */
13388+__fips_constseg
13389+static const unsigned char sha256_entropyinput[] =
13390+ {
13391+ 0x5b,0x1b,0xec,0x4d,0xa9,0x38,0x74,0x5a,0x34,0x0b,0x7b,0xc5,
13392+ 0xe5,0xd7,0x66,0x7c,0xbc,0x82,0xb9,0x0e,0x2d,0x1f,0x92,0xd7,
13393+ 0xc1,0xbc,0x67,0x69,0xec,0x6b,0x03,0x3c
13394+ };
13395+
13396+__fips_constseg
13397+static const unsigned char sha256_nonce[] =
13398+ {
13399+ 0xa4,0x0c,0xd8,0x9c,0x61,0xd8,0xc3,0x54,0xfe,0x53,0xc9,0xe5,
13400+ 0x5d,0x6f,0x6d,0x35
13401+ };
13402+
13403+__fips_constseg
13404+static const unsigned char sha256_personalizationstring[] =
13405+ {
13406+ 0x22,0x5e,0x62,0x93,0x42,0x83,0x78,0x24,0xd8,0x40,0x8c,0xde,
13407+ 0x6f,0xf9,0xa4,0x7a,0xc5,0xa7,0x3b,0x88,0xa3,0xee,0x42,0x20,
13408+ 0xfd,0x61,0x56,0xc6,0x4c,0x13,0x41,0x9c
13409+ };
13410+
13411+__fips_constseg
13412+static const unsigned char sha256_additionalinput[] =
13413+ {
13414+ 0xbf,0x74,0x5b,0xf6,0xc5,0x64,0x5e,0x99,0x34,0x8f,0xbc,0xa4,
13415+ 0xe2,0xbd,0xd8,0x85,0x26,0x37,0xea,0xba,0x4f,0xf2,0x9a,0x9a,
13416+ 0x66,0xfc,0xdf,0x63,0x26,0x26,0x19,0x87
13417+ };
13418+
13419+__fips_constseg
13420+static const unsigned char sha256_int_returnedbits[] =
13421+ {
13422+ 0xb3,0xc6,0x07,0x07,0xd6,0x75,0xf6,0x2b,0xd6,0x21,0x96,0xf1,
13423+ 0xae,0xdb,0x2b,0xac,0x25,0x2a,0xae,0xae,0x41,0x72,0x03,0x5e,
13424+ 0xbf,0xd3,0x64,0xbc,0x59,0xf9,0xc0,0x76
13425+ };
13426+
13427+__fips_constseg
13428+static const unsigned char sha256_entropyinputreseed[] =
13429+ {
13430+ 0xbf,0x20,0x33,0x56,0x29,0xa8,0x37,0x04,0x1f,0x78,0x34,0x3d,
13431+ 0x81,0x2a,0xc9,0x86,0xc6,0x7a,0x2f,0x88,0x5e,0xd5,0xbe,0x34,
13432+ 0x46,0x20,0xa4,0x35,0xeb,0xc7,0xe2,0x9d
13433+ };
13434+
13435+__fips_constseg
13436+static const unsigned char sha256_additionalinputreseed[] =
13437+ {
13438+ 0x9b,0xae,0x2d,0x2d,0x61,0xa4,0x89,0xeb,0x43,0x46,0xa7,0xda,
13439+ 0xef,0x40,0xca,0x4a,0x99,0x11,0x41,0xdc,0x5c,0x94,0xe9,0xac,
13440+ 0xd4,0xd0,0xe6,0xbd,0xfb,0x03,0x9c,0xa8
13441+ };
13442+
13443+__fips_constseg
13444+static const unsigned char sha256_additionalinput2[] =
13445+ {
13446+ 0x23,0xaa,0x0c,0xbd,0x28,0x33,0xe2,0x51,0xfc,0x71,0xd2,0x15,
13447+ 0x1f,0x76,0xfd,0x0d,0xe0,0xb7,0xb5,0x84,0x75,0x5b,0xbe,0xf3,
13448+ 0x5c,0xca,0xc5,0x30,0xf2,0x75,0x1f,0xda
13449+ };
13450+
13451+__fips_constseg
13452+static const unsigned char sha256_returnedbits[] =
13453+ {
13454+ 0x90,0x3c,0xc1,0x10,0x8c,0x12,0x01,0xc6,0xa6,0x3a,0x0f,0x4d,
13455+ 0xb6,0x3a,0x4f,0x41,0x9c,0x61,0x75,0x84,0xe9,0x74,0x75,0xfd,
13456+ 0xfe,0xf2,0x1f,0x43,0xd8,0x5e,0x24,0xa3
13457+ };
13458+
13459+
13460+/* SHA-384 PR */
13461+__fips_constseg
13462+static const unsigned char sha384_pr_entropyinput[] =
13463+ {
13464+ 0x71,0x9d,0xb2,0x5a,0x71,0x6d,0x04,0xe9,0x1e,0xc7,0x92,0x24,
13465+ 0x6e,0x12,0x33,0xa9,0x52,0x64,0x31,0xef,0x71,0xeb,0x22,0x55,
13466+ 0x28,0x97,0x06,0x6a,0xc0,0x0c,0xa0,0x7e
13467+ };
13468+
13469+__fips_constseg
13470+static const unsigned char sha384_pr_nonce[] =
13471+ {
13472+ 0xf5,0x0d,0xfa,0xb0,0xec,0x6a,0x7c,0xd6,0xbd,0x9b,0x05,0xfd,
13473+ 0x38,0x3e,0x2e,0x56
13474+ };
13475+
13476+__fips_constseg
13477+static const unsigned char sha384_pr_personalizationstring[] =
13478+ {
13479+ 0x74,0xac,0x7e,0x6d,0xb1,0xa4,0xe7,0x21,0xd1,0x1e,0x6e,0x96,
13480+ 0x6d,0x4d,0x53,0x46,0x82,0x96,0x6e,0xcf,0xaa,0x81,0x8d,0x7d,
13481+ 0x9e,0xe1,0x0f,0x15,0xea,0x41,0xbf,0xe3
13482+ };
13483+
13484+__fips_constseg
13485+static const unsigned char sha384_pr_additionalinput[] =
13486+ {
13487+ 0xda,0x95,0xd4,0xd0,0xb8,0x11,0xd3,0x49,0x27,0x5d,0xa9,0x39,
13488+ 0x68,0xf3,0xa8,0xe9,0x5d,0x19,0x8a,0x2b,0x66,0xe8,0x69,0x06,
13489+ 0x7c,0x9e,0x03,0xa1,0x8b,0x26,0x2d,0x6e
13490+ };
13491+
13492+__fips_constseg
13493+static const unsigned char sha384_pr_entropyinputpr[] =
13494+ {
13495+ 0x49,0xdf,0x44,0x00,0xe4,0x1c,0x75,0x0b,0x26,0x5a,0x59,0x64,
13496+ 0x1f,0x4e,0xb1,0xb2,0x13,0xf1,0x22,0x4e,0xb4,0x6d,0x9a,0xcc,
13497+ 0xa0,0x48,0xe6,0xcf,0x1d,0xd1,0x92,0x0d
13498+ };
13499+
13500+__fips_constseg
13501+static const unsigned char sha384_pr_int_returnedbits[] =
13502+ {
13503+ 0xc8,0x52,0xae,0xbf,0x04,0x3c,0x27,0xb7,0x78,0x18,0xaa,0x8f,
13504+ 0xff,0xcf,0xa4,0xf1,0xcc,0xe7,0x68,0xfa,0x22,0xa2,0x13,0x45,
13505+ 0xe8,0xdd,0x87,0xe6,0xf2,0x6e,0xdd,0xc7,0x52,0x90,0x9f,0x7b,
13506+ 0xfa,0x61,0x2d,0x9d,0x9e,0xcf,0x98,0xac,0x52,0x40,0xce,0xaf
13507+ };
13508+
13509+__fips_constseg
13510+static const unsigned char sha384_pr_additionalinput2[] =
13511+ {
13512+ 0x61,0x7c,0x03,0x9a,0x3e,0x50,0x57,0x60,0xc5,0x83,0xc9,0xb2,
13513+ 0xd1,0x87,0x85,0x66,0x92,0x5d,0x84,0x0e,0x53,0xfb,0x70,0x03,
13514+ 0x72,0xfd,0xba,0xae,0x9c,0x8f,0xf8,0x18
13515+ };
13516+
13517+__fips_constseg
13518+static const unsigned char sha384_pr_entropyinputpr2[] =
13519+ {
13520+ 0xf8,0xeb,0x89,0xb1,0x8d,0x78,0xbe,0x21,0xe0,0xbb,0x9d,0xb7,
13521+ 0x95,0x0e,0xd9,0x46,0x0c,0x8c,0xe2,0x63,0xb7,0x9d,0x67,0x90,
13522+ 0xbd,0xc7,0x0b,0xa5,0xce,0xb2,0x65,0x81
13523+ };
13524+
13525+__fips_constseg
13526+static const unsigned char sha384_pr_returnedbits[] =
13527+ {
13528+ 0xe6,0x9f,0xfe,0x68,0xd6,0xb5,0x79,0xf1,0x06,0x5f,0xa3,0xbb,
13529+ 0x23,0x85,0xd8,0xf0,0x29,0x5a,0x68,0x9e,0xf5,0xf4,0xa6,0x12,
13530+ 0xe0,0x9a,0xe2,0xac,0x00,0x1d,0x98,0x26,0xfc,0x53,0x95,0x53,
13531+ 0xe4,0x3e,0x17,0xd5,0x08,0x0b,0x70,0x3d,0x67,0x99,0xac,0x66
13532+ };
13533+
13534+
13535+/* SHA-384 No PR */
13536+__fips_constseg
13537+static const unsigned char sha384_entropyinput[] =
13538+ {
13539+ 0x07,0x15,0x27,0x2a,0xaf,0x74,0x24,0x37,0xbc,0xd5,0x14,0x69,
13540+ 0xce,0x11,0xff,0xa2,0x6b,0xb8,0x05,0x67,0x34,0xf8,0xbd,0x6d,
13541+ 0x6a,0xcc,0xcd,0x60,0xa3,0x68,0xca,0xf4
13542+ };
13543+
13544+__fips_constseg
13545+static const unsigned char sha384_nonce[] =
13546+ {
13547+ 0x70,0x17,0xc2,0x5b,0x5d,0x22,0x0b,0x06,0x15,0x54,0x78,0x77,
13548+ 0x44,0xaf,0x2f,0x09
13549+ };
13550+
13551+__fips_constseg
13552+static const unsigned char sha384_personalizationstring[] =
13553+ {
13554+ 0x89,0x39,0x28,0xb0,0x60,0xeb,0x3d,0xdc,0x55,0x75,0x86,0xeb,
13555+ 0xae,0xa2,0x8f,0xbc,0x1b,0x75,0xd4,0xe1,0x0f,0xaa,0x38,0xca,
13556+ 0x62,0x8b,0xcb,0x2c,0x26,0xf6,0xbc,0xb1
13557+ };
13558+
13559+__fips_constseg
13560+static const unsigned char sha384_additionalinput[] =
13561+ {
13562+ 0x30,0x2b,0x42,0x35,0xef,0xda,0x40,0x55,0x28,0xc6,0x95,0xfb,
13563+ 0x54,0x01,0x62,0xd7,0x87,0x14,0x48,0x6d,0x90,0x4c,0xa9,0x02,
13564+ 0x54,0x40,0x22,0xc8,0x66,0xa5,0x48,0x48
13565+ };
13566+
13567+__fips_constseg
13568+static const unsigned char sha384_int_returnedbits[] =
13569+ {
13570+ 0x82,0xc4,0xa1,0x9c,0x21,0xd2,0xe7,0xa5,0xa6,0xf6,0x5f,0x04,
13571+ 0x5c,0xc7,0x31,0x9d,0x8d,0x59,0x74,0x50,0x19,0x89,0x2f,0x63,
13572+ 0xd5,0xb7,0x7e,0xeb,0x15,0xe3,0x70,0x83,0xa1,0x24,0x59,0xfa,
13573+ 0x2c,0x56,0xf6,0x88,0x3a,0x92,0x93,0xa1,0xfb,0x79,0xc1,0x7a
13574+ };
13575+
13576+__fips_constseg
13577+static const unsigned char sha384_entropyinputreseed[] =
13578+ {
13579+ 0x39,0xa6,0xe8,0x5c,0x82,0x17,0x71,0x26,0x57,0x4f,0x9f,0xc2,
13580+ 0x55,0xff,0x5c,0x9b,0x53,0x1a,0xd1,0x5f,0xbc,0x62,0xe4,0x27,
13581+ 0x2d,0x32,0xf0,0xe4,0x52,0x8c,0xc5,0x0c
13582+ };
13583+
13584+__fips_constseg
13585+static const unsigned char sha384_additionalinputreseed[] =
13586+ {
13587+ 0x8d,0xcb,0x8d,0xce,0x08,0xea,0x80,0xe8,0x9b,0x61,0xa8,0x0f,
13588+ 0xaf,0x49,0x20,0x9e,0x74,0xcb,0x57,0x80,0x42,0xb0,0x84,0x5e,
13589+ 0x30,0x2a,0x67,0x08,0xf4,0xe3,0x40,0x22
13590+ };
13591+
13592+__fips_constseg
13593+static const unsigned char sha384_additionalinput2[] =
13594+ {
13595+ 0x7c,0x8f,0xc2,0xae,0x22,0x4a,0xd6,0xf6,0x05,0xa4,0x7a,0xea,
13596+ 0xbb,0x25,0xd0,0xb7,0x5a,0xd6,0xcf,0x9d,0xf3,0x6c,0xe2,0xb2,
13597+ 0x4e,0xb4,0xbd,0xf4,0xe5,0x40,0x80,0x94
13598+ };
13599+
13600+__fips_constseg
13601+static const unsigned char sha384_returnedbits[] =
13602+ {
13603+ 0x9e,0x7e,0xfb,0x59,0xbb,0xaa,0x3c,0xf7,0xe1,0xf8,0x76,0xdd,
13604+ 0x63,0x5f,0xaf,0x23,0xd6,0x64,0x61,0xc0,0x9a,0x09,0x47,0xc9,
13605+ 0x33,0xdf,0x6d,0x55,0x91,0x34,0x79,0x70,0xc4,0x99,0x6e,0x54,
13606+ 0x09,0x64,0x21,0x1a,0xbd,0x1e,0x80,0x40,0x34,0xad,0xfa,0xd7
13607+ };
13608+
13609+
13610+/* SHA-512 PR */
13611+__fips_constseg
13612+static const unsigned char sha512_pr_entropyinput[] =
13613+ {
13614+ 0x13,0xf7,0x61,0x75,0x65,0x28,0xa2,0x59,0x13,0x5a,0x4a,0x4f,
13615+ 0x56,0x60,0x8c,0x53,0x7d,0xb0,0xbd,0x06,0x4f,0xed,0xcc,0xd2,
13616+ 0xa2,0xb5,0xfd,0x5b,0x3a,0xab,0xec,0x28
13617+ };
13618+
13619+__fips_constseg
13620+static const unsigned char sha512_pr_nonce[] =
13621+ {
13622+ 0xbe,0xa3,0x91,0x93,0x1d,0xc3,0x31,0x3a,0x23,0x33,0x50,0x67,
13623+ 0x88,0xc7,0xa2,0xc4
13624+ };
13625+
13626+__fips_constseg
13627+static const unsigned char sha512_pr_personalizationstring[] =
13628+ {
13629+ 0x1f,0x59,0x4d,0x7b,0xe6,0x46,0x91,0x48,0xc1,0x25,0xfa,0xff,
13630+ 0x89,0x12,0x77,0x35,0xdf,0x3e,0xf4,0x80,0x5f,0xd9,0xb0,0x07,
13631+ 0x22,0x41,0xdd,0x48,0x78,0x6b,0x77,0x2b
13632+ };
13633+
13634+__fips_constseg
13635+static const unsigned char sha512_pr_additionalinput[] =
13636+ {
13637+ 0x30,0xff,0x63,0x6f,0xac,0xd9,0x84,0x39,0x6f,0xe4,0x99,0xce,
13638+ 0x91,0x7d,0x7e,0xc8,0x58,0xf2,0x12,0xc3,0xb6,0xad,0xda,0x22,
13639+ 0x04,0xa0,0xd2,0x21,0xfe,0xf2,0x95,0x1d
13640+ };
13641+
13642+__fips_constseg
13643+static const unsigned char sha512_pr_entropyinputpr[] =
13644+ {
13645+ 0x64,0x54,0x13,0xec,0x4f,0x77,0xda,0xb2,0x92,0x2e,0x52,0x80,
13646+ 0x11,0x10,0xc2,0xf8,0xe6,0xa7,0xcd,0x4b,0xfc,0x32,0x2e,0x9e,
13647+ 0xeb,0xbb,0xb1,0xbf,0x15,0x5c,0x73,0x08
13648+ };
13649+
13650+__fips_constseg
13651+static const unsigned char sha512_pr_int_returnedbits[] =
13652+ {
13653+ 0xef,0x1e,0xdc,0x0a,0xa4,0x36,0x91,0x9c,0x3d,0x27,0x97,0x50,
13654+ 0x8d,0x36,0x29,0x8d,0xce,0x6a,0x0c,0xf7,0x21,0xc0,0x91,0xae,
13655+ 0x0c,0x96,0x72,0xbd,0x52,0x81,0x58,0xfc,0x6d,0xe5,0xf7,0xa5,
13656+ 0xfd,0x5d,0xa7,0x58,0x68,0xc8,0x99,0x58,0x8e,0xc8,0xce,0x95,
13657+ 0x01,0x7d,0xff,0xa4,0xc8,0xf7,0x63,0xfe,0x5f,0x69,0x83,0x53,
13658+ 0xe2,0xc6,0x8b,0xc3
13659+ };
13660+
13661+__fips_constseg
13662+static const unsigned char sha512_pr_additionalinput2[] =
13663+ {
13664+ 0xe6,0x9b,0xc4,0x88,0x34,0xca,0xea,0x29,0x2f,0x98,0x05,0xa4,
13665+ 0xd3,0xc0,0x7b,0x11,0xe8,0xbb,0x75,0xf2,0xbd,0x29,0xb7,0x40,
13666+ 0x25,0x7f,0xc1,0xb7,0xb1,0xf1,0x25,0x61
13667+ };
13668+
13669+__fips_constseg
13670+static const unsigned char sha512_pr_entropyinputpr2[] =
13671+ {
13672+ 0x23,0x6d,0xff,0xde,0xfb,0xd1,0xba,0x33,0x18,0xe6,0xbe,0xb5,
13673+ 0x48,0x77,0x6d,0x7f,0xa7,0xe1,0x4d,0x48,0x1e,0x3c,0xa7,0x34,
13674+ 0x1a,0xc8,0x60,0xdb,0x8f,0x99,0x15,0x99
13675+ };
13676+
13677+__fips_constseg
13678+static const unsigned char sha512_pr_returnedbits[] =
13679+ {
13680+ 0x70,0x27,0x31,0xdb,0x92,0x70,0x21,0xfe,0x16,0xb6,0xc8,0x51,
13681+ 0x34,0x87,0x65,0xd0,0x4e,0xfd,0xfe,0x68,0xec,0xac,0xdc,0x93,
13682+ 0x41,0x38,0x92,0x90,0xb4,0x94,0xf9,0x0d,0xa4,0xf7,0x4e,0x80,
13683+ 0x92,0x67,0x48,0x40,0xa7,0x08,0xc7,0xbc,0x66,0x00,0xfd,0xf7,
13684+ 0x4c,0x8b,0x17,0x6e,0xd1,0x8f,0x9b,0xf3,0x6f,0xf6,0x34,0xdd,
13685+ 0x67,0xf7,0x68,0xdd
13686+ };
13687+
13688+
13689+/* SHA-512 No PR */
13690+__fips_constseg
13691+static const unsigned char sha512_entropyinput[] =
13692+ {
13693+ 0xb6,0x0b,0xb7,0xbc,0x84,0x56,0xf6,0x12,0xaf,0x45,0x67,0x17,
13694+ 0x7c,0xd1,0xb2,0x78,0x2b,0xa0,0xf2,0xbe,0xb6,0x6d,0x8b,0x56,
13695+ 0xc6,0xbc,0x4d,0xe1,0xf7,0xbe,0xce,0xbd
13696+ };
13697+
13698+__fips_constseg
13699+static const unsigned char sha512_nonce[] =
13700+ {
13701+ 0x9d,0xed,0xc0,0xe5,0x5a,0x98,0x6a,0xcb,0x51,0x7d,0x76,0x31,
13702+ 0x5a,0x64,0xf0,0xf7
13703+ };
13704+
13705+__fips_constseg
13706+static const unsigned char sha512_personalizationstring[] =
13707+ {
13708+ 0xc2,0x6d,0xa3,0xc3,0x06,0x74,0xe5,0x01,0x5c,0x10,0x17,0xc7,
13709+ 0xaf,0x83,0x9d,0x59,0x8d,0x2d,0x29,0x38,0xc5,0x59,0x70,0x8b,
13710+ 0x46,0x48,0x2d,0xcf,0x36,0x7d,0x59,0xc0
13711+ };
13712+
13713+__fips_constseg
13714+static const unsigned char sha512_additionalinput[] =
13715+ {
13716+ 0xec,0x8c,0xd4,0xf7,0x61,0x6e,0x0d,0x95,0x79,0xb7,0x28,0xad,
13717+ 0x5f,0x69,0x74,0x5f,0x2d,0x36,0x06,0x8a,0x6b,0xac,0x54,0x97,
13718+ 0xc4,0xa1,0x12,0x85,0x0a,0xdf,0x4b,0x34
13719+ };
13720+
13721+__fips_constseg
13722+static const unsigned char sha512_int_returnedbits[] =
13723+ {
13724+ 0x84,0x2f,0x1f,0x68,0x6a,0xa3,0xad,0x1e,0xfb,0xf4,0x15,0xbd,
13725+ 0xde,0x38,0xd4,0x30,0x80,0x51,0xe9,0xd3,0xc7,0x20,0x88,0xe9,
13726+ 0xf5,0xcc,0xdf,0x57,0x5c,0x47,0x2f,0x57,0x3c,0x5f,0x13,0x56,
13727+ 0xcc,0xc5,0x4f,0x84,0xf8,0x10,0x41,0xd5,0x7e,0x58,0x6e,0x19,
13728+ 0x19,0x9e,0xaf,0xc2,0x22,0x58,0x41,0x50,0x79,0xc2,0xd8,0x04,
13729+ 0x28,0xd4,0x39,0x9a
13730+ };
13731+
13732+__fips_constseg
13733+static const unsigned char sha512_entropyinputreseed[] =
13734+ {
13735+ 0xfa,0x7f,0x46,0x51,0x83,0x62,0x98,0x16,0x9a,0x19,0xa2,0x49,
13736+ 0xa9,0xe6,0x4a,0xd8,0x85,0xe7,0xd4,0x3b,0x2c,0x82,0xc5,0x82,
13737+ 0xbf,0x11,0xf9,0x9e,0xbc,0xd0,0x01,0xee
13738+ };
13739+
13740+__fips_constseg
13741+static const unsigned char sha512_additionalinputreseed[] =
13742+ {
13743+ 0xb9,0x12,0xe0,0x4f,0xf7,0xa7,0xc4,0xd8,0xd0,0x8e,0x99,0x29,
13744+ 0x7c,0x9a,0xe9,0xcf,0xc4,0x6c,0xf8,0xc3,0xa7,0x41,0x83,0xd6,
13745+ 0x2e,0xfa,0xb8,0x5e,0x8e,0x6b,0x78,0x20
13746+ };
13747+
13748+__fips_constseg
13749+static const unsigned char sha512_additionalinput2[] =
13750+ {
13751+ 0xd7,0x07,0x52,0xb9,0x83,0x2c,0x03,0x71,0xee,0xc9,0xc0,0x85,
13752+ 0xe1,0x57,0xb2,0xcd,0x3a,0xf0,0xc9,0x34,0x24,0x41,0x1c,0x42,
13753+ 0x99,0xb2,0x84,0xe9,0x17,0xd2,0x76,0x92
13754+ };
13755+
13756+__fips_constseg
13757+static const unsigned char sha512_returnedbits[] =
13758+ {
13759+ 0x36,0x17,0x5d,0x98,0x2b,0x65,0x25,0x8e,0xc8,0x29,0xdf,0x27,
13760+ 0x05,0x36,0x26,0x12,0x8a,0x68,0x74,0x27,0x37,0xd4,0x7f,0x32,
13761+ 0xb1,0x12,0xd6,0x85,0x83,0xeb,0x2e,0xa0,0xed,0x4b,0xb5,0x7b,
13762+ 0x6f,0x39,0x3c,0x71,0x77,0x02,0x12,0xcc,0x2c,0x3a,0x8e,0x63,
13763+ 0xdf,0x4a,0xbd,0x6f,0x6e,0x2e,0xed,0x0a,0x85,0xa5,0x2f,0xa2,
13764+ 0x68,0xde,0x42,0xb5
13765+ };
13766+
13767+
13768+/* HMAC SHA-1 PR */
13769+__fips_constseg
13770+static const unsigned char hmac_sha1_pr_entropyinput[] =
13771+ {
13772+ 0x26,0x5f,0x36,0x14,0xff,0x3d,0x83,0xfa,0x73,0x5e,0x75,0xdc,
13773+ 0x2c,0x18,0x17,0x1b
13774+ };
13775+
13776+__fips_constseg
13777+static const unsigned char hmac_sha1_pr_nonce[] =
13778+ {
13779+ 0xc8,0xe3,0x57,0xa5,0x7b,0x74,0x86,0x6e
13780+ };
13781+
13782+__fips_constseg
13783+static const unsigned char hmac_sha1_pr_personalizationstring[] =
13784+ {
13785+ 0x6e,0xdb,0x0d,0xfe,0x7d,0xac,0x79,0xd0,0xa5,0x3a,0x48,0x85,
13786+ 0x80,0xe2,0x7f,0x2a
13787+ };
13788+
13789+__fips_constseg
13790+static const unsigned char hmac_sha1_pr_additionalinput[] =
13791+ {
13792+ 0x31,0xcd,0x5e,0x43,0xdc,0xfb,0x7a,0x79,0xca,0x88,0xde,0x1f,
13793+ 0xd7,0xbb,0x42,0x09
13794+ };
13795+
13796+__fips_constseg
13797+static const unsigned char hmac_sha1_pr_entropyinputpr[] =
13798+ {
13799+ 0x7c,0x23,0x95,0x38,0x00,0x95,0xc1,0x78,0x1f,0x8f,0xd7,0x63,
13800+ 0x23,0x87,0x2a,0xed
13801+ };
13802+
13803+__fips_constseg
13804+static const unsigned char hmac_sha1_pr_int_returnedbits[] =
13805+ {
13806+ 0xbb,0x34,0xe7,0x93,0xa3,0x02,0x2c,0x4a,0xd0,0x89,0xda,0x7f,
13807+ 0xed,0xf4,0x4c,0xde,0x17,0xec,0xe5,0x6c
13808+ };
13809+
13810+__fips_constseg
13811+static const unsigned char hmac_sha1_pr_additionalinput2[] =
13812+ {
13813+ 0x49,0xbc,0x2d,0x2c,0xb7,0x32,0xcb,0x20,0xdf,0xf5,0x77,0x58,
13814+ 0xa0,0x4b,0x93,0x6e
13815+ };
13816+
13817+__fips_constseg
13818+static const unsigned char hmac_sha1_pr_entropyinputpr2[] =
13819+ {
13820+ 0x3c,0xaa,0xb0,0x21,0x42,0xb0,0xdd,0x34,0xf0,0x16,0x7f,0x0c,
13821+ 0x0f,0xff,0x2e,0xaf
13822+ };
13823+
13824+__fips_constseg
13825+static const unsigned char hmac_sha1_pr_returnedbits[] =
13826+ {
13827+ 0x8e,0xcb,0xa3,0x64,0xb2,0xb8,0x33,0x6c,0x64,0x3b,0x78,0x16,
13828+ 0x99,0x35,0xc8,0x30,0xcb,0x3e,0xa0,0xd8
13829+ };
13830+
13831+
13832+/* HMAC SHA-1 No PR */
13833+__fips_constseg
13834+static const unsigned char hmac_sha1_entropyinput[] =
13835+ {
13836+ 0x32,0x9a,0x2a,0x87,0x7b,0x89,0x7c,0xf6,0xcb,0x95,0xd5,0x40,
13837+ 0x17,0xfe,0x47,0x70
13838+ };
13839+
13840+__fips_constseg
13841+static const unsigned char hmac_sha1_nonce[] =
13842+ {
13843+ 0x16,0xd8,0xe0,0xc7,0x52,0xcf,0x4a,0x25
13844+ };
13845+
13846+__fips_constseg
13847+static const unsigned char hmac_sha1_personalizationstring[] =
13848+ {
13849+ 0x35,0x35,0xa9,0xa5,0x40,0xbe,0x9b,0xd1,0x56,0xdd,0x44,0x00,
13850+ 0x72,0xf7,0xd3,0x5e
13851+ };
13852+
13853+__fips_constseg
13854+static const unsigned char hmac_sha1_additionalinput[] =
13855+ {
13856+ 0x1b,0x2c,0x84,0x2d,0x4a,0x89,0x8f,0x69,0x19,0xf1,0xf3,0xdb,
13857+ 0xbb,0xe3,0xaa,0xea
13858+ };
13859+
13860+__fips_constseg
13861+static const unsigned char hmac_sha1_int_returnedbits[] =
13862+ {
13863+ 0xcf,0xfa,0x7d,0x72,0x0f,0xe6,0xc7,0x96,0xa0,0x69,0x31,0x11,
13864+ 0x9b,0x0b,0x1a,0x20,0x1f,0x3f,0xaa,0xd1
13865+ };
13866+
13867+__fips_constseg
13868+static const unsigned char hmac_sha1_entropyinputreseed[] =
13869+ {
13870+ 0x90,0x75,0x15,0x04,0x95,0xf1,0xba,0x81,0x0c,0x37,0x94,0x6f,
13871+ 0x86,0x52,0x6d,0x9c
13872+ };
13873+
13874+__fips_constseg
13875+static const unsigned char hmac_sha1_additionalinputreseed[] =
13876+ {
13877+ 0x5b,0x40,0xba,0x5f,0x17,0x70,0xf0,0x4b,0xdf,0xc9,0x97,0x92,
13878+ 0x79,0xc5,0x82,0x28
13879+ };
13880+
13881+__fips_constseg
13882+static const unsigned char hmac_sha1_additionalinput2[] =
13883+ {
13884+ 0x97,0xc8,0x80,0x90,0xb3,0xaa,0x6e,0x60,0xea,0x83,0x7a,0xe3,
13885+ 0x8a,0xca,0xa4,0x7f
13886+ };
13887+
13888+__fips_constseg
13889+static const unsigned char hmac_sha1_returnedbits[] =
13890+ {
13891+ 0x90,0xbd,0x05,0x56,0x6d,0xb5,0x22,0xd5,0xb9,0x5a,0x29,0x2d,
13892+ 0xe9,0x0b,0xe1,0xac,0xde,0x27,0x0b,0xb0
13893+ };
13894+
13895+
13896+/* HMAC SHA-224 PR */
13897+__fips_constseg
13898+static const unsigned char hmac_sha224_pr_entropyinput[] =
13899+ {
13900+ 0x17,0x32,0x2b,0x2e,0x6f,0x1b,0x9c,0x6d,0x31,0xe0,0x34,0x07,
13901+ 0xcf,0xed,0xf6,0xb6,0x5a,0x76,0x4c,0xbc,0x62,0x85,0x01,0x90
13902+ };
13903+
13904+__fips_constseg
13905+static const unsigned char hmac_sha224_pr_nonce[] =
13906+ {
13907+ 0x38,0xbf,0x5f,0x20,0xb3,0x68,0x2f,0x43,0x61,0x05,0x8f,0x23
13908+ };
13909+
13910+__fips_constseg
13911+static const unsigned char hmac_sha224_pr_personalizationstring[] =
13912+ {
13913+ 0xc0,0xc9,0x45,0xac,0x8d,0x27,0x77,0x08,0x0b,0x17,0x6d,0xed,
13914+ 0xc1,0x7d,0xd5,0x07,0x9d,0x6e,0xf8,0x23,0x2a,0x22,0x13,0xbd
13915+ };
13916+
13917+__fips_constseg
13918+static const unsigned char hmac_sha224_pr_additionalinput[] =
13919+ {
13920+ 0xa4,0x3c,0xe7,0x3b,0xea,0x19,0x45,0x32,0xc2,0x83,0x6d,0x21,
13921+ 0x8a,0xc0,0xee,0x67,0x45,0xde,0x13,0x7d,0x9d,0x61,0x00,0x3b
13922+ };
13923+
13924+__fips_constseg
13925+static const unsigned char hmac_sha224_pr_entropyinputpr[] =
13926+ {
13927+ 0x15,0x05,0x74,0x4a,0x7f,0x8d,0x5c,0x60,0x16,0xe5,0x7b,0xad,
13928+ 0xf5,0x41,0x8f,0x55,0x60,0xc4,0x09,0xee,0x1e,0x11,0x81,0xab
13929+ };
13930+
13931+__fips_constseg
13932+static const unsigned char hmac_sha224_pr_int_returnedbits[] =
13933+ {
13934+ 0x6f,0xf5,0x9a,0xe2,0x54,0x53,0x30,0x3d,0x5a,0x27,0x29,0x38,
13935+ 0x27,0xf2,0x0d,0x05,0xe9,0x26,0xcb,0x16,0xc3,0x51,0x5f,0x13,
13936+ 0x41,0xfe,0x99,0xf2
13937+ };
13938+
13939+__fips_constseg
13940+static const unsigned char hmac_sha224_pr_additionalinput2[] =
13941+ {
13942+ 0x73,0x81,0x88,0x84,0x8f,0xed,0x6f,0x10,0x9f,0x93,0xbf,0x17,
13943+ 0x35,0x7c,0xef,0xd5,0x8d,0x26,0xa6,0x7a,0xe8,0x09,0x36,0x4f
13944+ };
13945+
13946+__fips_constseg
13947+static const unsigned char hmac_sha224_pr_entropyinputpr2[] =
13948+ {
13949+ 0xe6,0xcf,0xcf,0x7e,0x12,0xe5,0x43,0xd2,0x38,0xd8,0x24,0x6f,
13950+ 0x5a,0x37,0x68,0xbf,0x4f,0xa0,0xff,0xd5,0x61,0x8a,0x93,0xe0
13951+ };
13952+
13953+__fips_constseg
13954+static const unsigned char hmac_sha224_pr_returnedbits[] =
13955+ {
13956+ 0xaf,0xf9,0xd8,0x19,0x91,0x30,0x82,0x6f,0xa9,0x1e,0x9d,0xd7,
13957+ 0xf3,0x50,0xe0,0xc7,0xd5,0x64,0x96,0x7d,0x4c,0x4d,0x78,0x03,
13958+ 0x6d,0xd8,0x9e,0x72
13959+ };
13960+
13961+
13962+/* HMAC SHA-224 No PR */
13963+__fips_constseg
13964+static const unsigned char hmac_sha224_entropyinput[] =
13965+ {
13966+ 0x11,0x82,0xfd,0xd9,0x42,0xf4,0xfa,0xc8,0xf2,0x41,0xe6,0x54,
13967+ 0x01,0xae,0x22,0x6e,0xc6,0xaf,0xaf,0xd0,0xa6,0xb2,0xe2,0x6d
13968+ };
13969+
13970+__fips_constseg
13971+static const unsigned char hmac_sha224_nonce[] =
13972+ {
13973+ 0xa9,0x48,0xd7,0x92,0x39,0x7e,0x2a,0xdc,0x30,0x1f,0x0e,0x2b
13974+ };
13975+
13976+__fips_constseg
13977+static const unsigned char hmac_sha224_personalizationstring[] =
13978+ {
13979+ 0x11,0xd5,0xf4,0xbd,0x67,0x8c,0x31,0xcf,0xa3,0x3f,0x1e,0x6b,
13980+ 0xa8,0x07,0x02,0x0b,0xc8,0x2e,0x6c,0x64,0x41,0x5b,0xc8,0x37
13981+ };
13982+
13983+__fips_constseg
13984+static const unsigned char hmac_sha224_additionalinput[] =
13985+ {
13986+ 0x68,0x18,0xc2,0x06,0xeb,0x3e,0x04,0x95,0x44,0x5e,0xfb,0xe6,
13987+ 0x41,0xc1,0x5c,0xcc,0x40,0x2f,0xb7,0xd2,0x0f,0xf3,0x6b,0xe7
13988+ };
13989+
13990+__fips_constseg
13991+static const unsigned char hmac_sha224_int_returnedbits[] =
13992+ {
13993+ 0x7f,0x45,0xc7,0x5d,0x32,0xe6,0x17,0x60,0xba,0xdc,0xb8,0x42,
13994+ 0x1b,0x9c,0xf1,0xfa,0x3b,0x4d,0x29,0x54,0xc6,0x90,0xff,0x5c,
13995+ 0xcd,0xd6,0xa9,0xcc
13996+ };
13997+
13998+__fips_constseg
13999+static const unsigned char hmac_sha224_entropyinputreseed[] =
14000+ {
14001+ 0xc4,0x8e,0x37,0x95,0x69,0x53,0x28,0xd7,0x37,0xbb,0x70,0x95,
14002+ 0x1c,0x07,0x1d,0xd9,0xb7,0xe6,0x1b,0xbb,0xfe,0x41,0xeb,0xc9
14003+ };
14004+
14005+__fips_constseg
14006+static const unsigned char hmac_sha224_additionalinputreseed[] =
14007+ {
14008+ 0x53,0x17,0xa1,0x6a,0xfa,0x77,0x47,0xb0,0x95,0x56,0x9a,0x20,
14009+ 0x57,0xde,0x5c,0x89,0x9f,0x7f,0xe2,0xde,0x17,0x3a,0x50,0x23
14010+ };
14011+
14012+__fips_constseg
14013+static const unsigned char hmac_sha224_additionalinput2[] =
14014+ {
14015+ 0x3a,0x32,0xf9,0x85,0x0c,0xc1,0xed,0x76,0x2d,0xdf,0x40,0xc3,
14016+ 0x06,0x22,0x66,0xd4,0x9a,0x9a,0xff,0x5a,0x7e,0x7a,0xf3,0x96
14017+ };
14018+
14019+__fips_constseg
14020+static const unsigned char hmac_sha224_returnedbits[] =
14021+ {
14022+ 0x43,0xb4,0x57,0x5c,0x38,0x25,0x9d,0xae,0xec,0x96,0xd1,0x85,
14023+ 0x3a,0x84,0x8d,0xfe,0x68,0xd5,0x0e,0x5c,0x8f,0x65,0xa5,0x4e,
14024+ 0x45,0x84,0xa8,0x94
14025+ };
14026+
14027+
14028+/* HMAC SHA-256 PR */
14029+__fips_constseg
14030+static const unsigned char hmac_sha256_pr_entropyinput[] =
14031+ {
14032+ 0x4d,0xb0,0x43,0xd8,0x34,0x4b,0x10,0x70,0xb1,0x8b,0xed,0xea,
14033+ 0x07,0x92,0x9f,0x6c,0x79,0x31,0xaf,0x81,0x29,0xeb,0x6e,0xca,
14034+ 0x32,0x48,0x28,0xe7,0x02,0x5d,0xa6,0xa6
14035+ };
14036+
14037+__fips_constseg
14038+static const unsigned char hmac_sha256_pr_nonce[] =
14039+ {
14040+ 0x3a,0xae,0x15,0xa9,0x99,0xdc,0xe4,0x67,0x34,0x3b,0x70,0x15,
14041+ 0xaa,0xd3,0x30,0x9a
14042+ };
14043+
14044+__fips_constseg
14045+static const unsigned char hmac_sha256_pr_personalizationstring[] =
14046+ {
14047+ 0x13,0x1d,0x24,0x04,0xb0,0x18,0x81,0x15,0x21,0x51,0x2a,0x24,
14048+ 0x52,0x61,0xbe,0x64,0x82,0x6b,0x55,0x2f,0xe2,0xf1,0x40,0x7d,
14049+ 0x71,0xd8,0x01,0x86,0x15,0xb7,0x8b,0xb5
14050+ };
14051+
14052+__fips_constseg
14053+static const unsigned char hmac_sha256_pr_additionalinput[] =
14054+ {
14055+ 0x8f,0xa6,0x54,0x5f,0xb1,0xd0,0xd8,0xc3,0xe7,0x0c,0x15,0xa9,
14056+ 0x23,0x6e,0xfe,0xfb,0x93,0xf7,0x3a,0xbd,0x59,0x01,0xfa,0x18,
14057+ 0x8e,0xe9,0x1a,0xa9,0x78,0xfc,0x79,0x0b
14058+ };
14059+
14060+__fips_constseg
14061+static const unsigned char hmac_sha256_pr_entropyinputpr[] =
14062+ {
14063+ 0xcf,0x24,0xb9,0xeb,0xb3,0xd4,0xcd,0x17,0x37,0x38,0x75,0x79,
14064+ 0x15,0xcb,0x2d,0x75,0x51,0xf1,0xcc,0xaa,0x32,0xa4,0xa7,0x36,
14065+ 0x7c,0x5c,0xe4,0x47,0xf1,0x3e,0x1d,0xe5
14066+ };
14067+
14068+__fips_constseg
14069+static const unsigned char hmac_sha256_pr_int_returnedbits[] =
14070+ {
14071+ 0x52,0x42,0xfa,0xeb,0x85,0xe0,0x30,0x22,0x79,0x00,0x16,0xb2,
14072+ 0x88,0x2f,0x14,0x6a,0xb7,0xfc,0xb7,0x53,0xdc,0x4a,0x12,0xef,
14073+ 0x54,0xd6,0x33,0xe9,0x20,0xd6,0xfd,0x56
14074+ };
14075+
14076+__fips_constseg
14077+static const unsigned char hmac_sha256_pr_additionalinput2[] =
14078+ {
14079+ 0xf4,0xf6,0x49,0xa1,0x2d,0x64,0x2b,0x30,0x58,0xf8,0xbd,0xb8,
14080+ 0x75,0xeb,0xbb,0x5e,0x1c,0x9b,0x81,0x6a,0xda,0x14,0x86,0x6e,
14081+ 0xd0,0xda,0x18,0xb7,0x88,0xfb,0x59,0xf3
14082+ };
14083+
14084+__fips_constseg
14085+static const unsigned char hmac_sha256_pr_entropyinputpr2[] =
14086+ {
14087+ 0x21,0xcd,0x6e,0x46,0xad,0x99,0x07,0x17,0xb4,0x3d,0x76,0x0a,
14088+ 0xff,0x5b,0x52,0x50,0x78,0xdf,0x1f,0x24,0x06,0x0d,0x3f,0x74,
14089+ 0xa9,0xc9,0x37,0xcf,0xd8,0x26,0x25,0x91
14090+ };
14091+
14092+__fips_constseg
14093+static const unsigned char hmac_sha256_pr_returnedbits[] =
14094+ {
14095+ 0xa7,0xaf,0x2f,0x29,0xe0,0x3a,0x72,0x95,0x96,0x1c,0xa9,0xf0,
14096+ 0x4a,0x17,0x4d,0x66,0x06,0x10,0xbf,0x39,0x89,0x88,0xb8,0x91,
14097+ 0x37,0x18,0x99,0xcf,0x8c,0x53,0x3b,0x7e
14098+ };
14099+
14100+
14101+/* HMAC SHA-256 No PR */
14102+__fips_constseg
14103+static const unsigned char hmac_sha256_entropyinput[] =
14104+ {
14105+ 0x96,0xb7,0x53,0x22,0x1e,0x52,0x2a,0x96,0xb1,0x15,0x3c,0x35,
14106+ 0x5a,0x8b,0xd3,0x4a,0xa6,0x6c,0x83,0x0a,0x7d,0xa3,0x23,0x3d,
14107+ 0x43,0xa1,0x07,0x2c,0x2d,0xe3,0x81,0xcc
14108+ };
14109+
14110+__fips_constseg
14111+static const unsigned char hmac_sha256_nonce[] =
14112+ {
14113+ 0xf1,0xac,0x97,0xcb,0x5e,0x06,0x48,0xd2,0x94,0xbe,0x15,0x2e,
14114+ 0xc7,0xfc,0xc2,0x01
14115+ };
14116+
14117+__fips_constseg
14118+static const unsigned char hmac_sha256_personalizationstring[] =
14119+ {
14120+ 0x98,0xc5,0x1e,0x35,0x5e,0x89,0x0d,0xce,0x64,0x6d,0x18,0xa7,
14121+ 0x5a,0xc6,0xf3,0xe7,0xd6,0x9e,0xc0,0xea,0xb7,0x3a,0x8d,0x65,
14122+ 0xb8,0xeb,0x10,0xd7,0x57,0x18,0xa0,0x32
14123+ };
14124+
14125+__fips_constseg
14126+static const unsigned char hmac_sha256_additionalinput[] =
14127+ {
14128+ 0x1b,0x10,0xaf,0xac,0xd0,0x65,0x95,0xad,0x04,0xad,0x03,0x1c,
14129+ 0xe0,0x40,0xd6,0x3e,0x1c,0x46,0x53,0x39,0x7c,0xe2,0xbc,0xda,
14130+ 0x8c,0xa2,0x33,0xa7,0x9a,0x26,0xd3,0x27
14131+ };
14132+
14133+__fips_constseg
14134+static const unsigned char hmac_sha256_int_returnedbits[] =
14135+ {
14136+ 0xba,0x61,0x0e,0x55,0xfe,0x11,0x8a,0x9e,0x0f,0x80,0xdf,0x1d,
14137+ 0x03,0x0a,0xfe,0x15,0x94,0x28,0x4b,0xba,0xf4,0x9f,0x51,0x25,
14138+ 0x88,0xe5,0x4e,0xfb,0xaf,0xce,0x69,0x90
14139+ };
14140+
14141+__fips_constseg
14142+static const unsigned char hmac_sha256_entropyinputreseed[] =
14143+ {
14144+ 0x62,0x7f,0x1e,0x6b,0xe8,0x8e,0xe1,0x35,0x7d,0x9b,0x4f,0xc7,
14145+ 0xec,0xc8,0xac,0xef,0x6b,0x13,0x9e,0x05,0x56,0xc1,0x08,0xf9,
14146+ 0x2f,0x0f,0x27,0x9c,0xd4,0x15,0xed,0x2d
14147+ };
14148+
14149+__fips_constseg
14150+static const unsigned char hmac_sha256_additionalinputreseed[] =
14151+ {
14152+ 0xc7,0x76,0x6e,0xa9,0xd2,0xb2,0x76,0x40,0x82,0x25,0x2c,0xb3,
14153+ 0x6f,0xac,0xe9,0x74,0xef,0x8f,0x3c,0x8e,0xcd,0xf1,0xbf,0xb3,
14154+ 0x49,0x77,0x34,0x88,0x52,0x36,0xe6,0x2e
14155+ };
14156+
14157+__fips_constseg
14158+static const unsigned char hmac_sha256_additionalinput2[] =
14159+ {
14160+ 0x8d,0xb8,0x0c,0xd1,0xbf,0x70,0xf6,0x19,0xc3,0x41,0x80,0x9f,
14161+ 0xe1,0xa5,0xa4,0x1f,0x2c,0x26,0xb1,0xe5,0xd8,0xeb,0xbe,0xf8,
14162+ 0xdf,0x88,0x6a,0x89,0xd6,0x05,0xd8,0x9d
14163+ };
14164+
14165+__fips_constseg
14166+static const unsigned char hmac_sha256_returnedbits[] =
14167+ {
14168+ 0x43,0x12,0x2a,0x2c,0x40,0x53,0x2e,0x7c,0x66,0x34,0xac,0xc3,
14169+ 0x43,0xe3,0xe0,0x6a,0xfc,0xfa,0xea,0x87,0x21,0x1f,0xe2,0x26,
14170+ 0xc4,0xf9,0x09,0x9a,0x0d,0x6e,0x7f,0xe0
14171+ };
14172+
14173+
14174+/* HMAC SHA-384 PR */
14175+__fips_constseg
14176+static const unsigned char hmac_sha384_pr_entropyinput[] =
14177+ {
14178+ 0x69,0x81,0x98,0x88,0x44,0xf5,0xd6,0x2e,0x00,0x08,0x3b,0xc5,
14179+ 0xfb,0xd7,0x8e,0x6f,0x23,0xf8,0x6d,0x09,0xd6,0x85,0x49,0xd1,
14180+ 0xf8,0x6d,0xa4,0x58,0x54,0xfd,0x88,0xa9
14181+ };
14182+
14183+__fips_constseg
14184+static const unsigned char hmac_sha384_pr_nonce[] =
14185+ {
14186+ 0x6e,0x38,0x81,0xca,0xb7,0xe8,0x6e,0x66,0x49,0x8a,0xb2,0x59,
14187+ 0xee,0x16,0xc9,0xde
14188+ };
14189+
14190+__fips_constseg
14191+static const unsigned char hmac_sha384_pr_personalizationstring[] =
14192+ {
14193+ 0xfe,0x4c,0xd9,0xf4,0x78,0x3b,0x08,0x41,0x8d,0x8f,0x55,0xc4,
14194+ 0x43,0x56,0xb6,0x12,0x36,0x6b,0x30,0xb7,0x5e,0xe1,0xb9,0x47,
14195+ 0x04,0xb1,0x4e,0xa9,0x00,0xa1,0x52,0xa1
14196+ };
14197+
14198+__fips_constseg
14199+static const unsigned char hmac_sha384_pr_additionalinput[] =
14200+ {
14201+ 0x89,0xe9,0xcc,0x8f,0x27,0x3c,0x26,0xd1,0x95,0xc8,0x7d,0x0f,
14202+ 0x5b,0x1a,0xf0,0x78,0x39,0x56,0x6f,0xa4,0x23,0xe7,0xd1,0xda,
14203+ 0x7c,0x66,0x33,0xa0,0x90,0xc9,0x92,0x88
14204+ };
14205+
14206+__fips_constseg
14207+static const unsigned char hmac_sha384_pr_entropyinputpr[] =
14208+ {
14209+ 0xbe,0x3d,0x7c,0x0d,0xca,0xda,0x7c,0x49,0xb8,0x12,0x36,0xc0,
14210+ 0xdb,0xad,0x35,0xa8,0xc7,0x0b,0x2a,0x2c,0x69,0x6d,0x25,0x56,
14211+ 0x63,0x82,0x11,0x3e,0xa7,0x33,0x70,0x72
14212+ };
14213+
14214+__fips_constseg
14215+static const unsigned char hmac_sha384_pr_int_returnedbits[] =
14216+ {
14217+ 0x82,0x3d,0xe6,0x54,0x80,0x42,0xf8,0xba,0x90,0x4f,0x06,0xa6,
14218+ 0xd2,0x7f,0xbf,0x79,0x7c,0x12,0x7d,0xa6,0xa2,0x66,0xe8,0xa6,
14219+ 0xc0,0xd6,0x4a,0x55,0xbf,0xd8,0x0a,0xc5,0xf8,0x03,0x88,0xdd,
14220+ 0x8e,0x87,0xd1,0x5a,0x48,0x26,0x72,0x2a,0x8e,0xcf,0xee,0xba
14221+ };
14222+
14223+__fips_constseg
14224+static const unsigned char hmac_sha384_pr_additionalinput2[] =
14225+ {
14226+ 0x8f,0xff,0xd9,0x84,0xbb,0x85,0x3a,0x66,0xa1,0x21,0xce,0xb2,
14227+ 0x3a,0x3a,0x17,0x22,0x19,0xae,0xc7,0xb6,0x63,0x81,0xd5,0xff,
14228+ 0x0d,0xc8,0xe1,0xaf,0x57,0xd2,0xcb,0x60
14229+ };
14230+
14231+__fips_constseg
14232+static const unsigned char hmac_sha384_pr_entropyinputpr2[] =
14233+ {
14234+ 0xd7,0xfb,0xc9,0xe8,0xe2,0xf2,0xaa,0x4c,0xb8,0x51,0x2f,0xe1,
14235+ 0x22,0xba,0xf3,0xda,0x0a,0x19,0x76,0x71,0x57,0xb2,0x1d,0x94,
14236+ 0x09,0x69,0x6c,0xd3,0x97,0x51,0x81,0x87
14237+ };
14238+
14239+__fips_constseg
14240+static const unsigned char hmac_sha384_pr_returnedbits[] =
14241+ {
14242+ 0xe6,0x19,0x28,0xa8,0x21,0xce,0x5e,0xdb,0x24,0x79,0x8c,0x76,
14243+ 0x5d,0x73,0xb2,0xdf,0xac,0xef,0x85,0xa7,0x3b,0x19,0x09,0x8b,
14244+ 0x7f,0x98,0x28,0xa9,0x93,0xd8,0x7a,0xad,0x55,0x8b,0x24,0x9d,
14245+ 0xe6,0x98,0xfe,0x47,0xd5,0x48,0xc1,0x23,0xd8,0x1d,0x62,0x75
14246+ };
14247+
14248+
14249+/* HMAC SHA-384 No PR */
14250+__fips_constseg
14251+static const unsigned char hmac_sha384_entropyinput[] =
14252+ {
14253+ 0xc3,0x56,0x2b,0x1d,0xc2,0xbb,0xa8,0xf0,0xae,0x1b,0x0d,0xd3,
14254+ 0x5a,0x6c,0xda,0x57,0x8e,0xa5,0x8a,0x0d,0x6c,0x4b,0x18,0xb1,
14255+ 0x04,0x3e,0xb4,0x99,0x35,0xc4,0xc0,0x5f
14256+ };
14257+
14258+__fips_constseg
14259+static const unsigned char hmac_sha384_nonce[] =
14260+ {
14261+ 0xc5,0x49,0x1e,0x66,0x27,0x92,0xbe,0xec,0xb5,0x1e,0x4b,0xb1,
14262+ 0x38,0xe3,0xeb,0x62
14263+ };
14264+
14265+__fips_constseg
14266+static const unsigned char hmac_sha384_personalizationstring[] =
14267+ {
14268+ 0xbe,0xe7,0x6b,0x57,0xde,0x88,0x11,0x96,0x9b,0x6e,0xea,0xe5,
14269+ 0x63,0x83,0x4c,0xb6,0x8d,0x66,0xaa,0x1f,0x8b,0x54,0xe7,0x62,
14270+ 0x6d,0x5a,0xfc,0xbf,0x97,0xba,0xcd,0x77
14271+ };
14272+
14273+__fips_constseg
14274+static const unsigned char hmac_sha384_additionalinput[] =
14275+ {
14276+ 0xe5,0x28,0x5f,0x43,0xf5,0x83,0x6e,0x0a,0x83,0x5c,0xe3,0x81,
14277+ 0x03,0xf2,0xf8,0x78,0x00,0x7c,0x95,0x87,0x16,0xd6,0x6c,0x58,
14278+ 0x33,0x6c,0x53,0x35,0x0d,0x66,0xe3,0xce
14279+ };
14280+
14281+__fips_constseg
14282+static const unsigned char hmac_sha384_int_returnedbits[] =
14283+ {
14284+ 0xe2,0x1f,0xf3,0xda,0x0d,0x19,0x99,0x87,0xc4,0x90,0xa2,0x31,
14285+ 0xca,0x2a,0x89,0x58,0x43,0x44,0xb8,0xde,0xcf,0xa4,0xbe,0x3b,
14286+ 0x53,0x26,0x22,0x31,0x76,0x41,0x22,0xb5,0xa8,0x70,0x2f,0x4b,
14287+ 0x64,0x95,0x4d,0x48,0x96,0x35,0xe6,0xbd,0x3c,0x34,0xdb,0x1b
14288+ };
14289+
14290+__fips_constseg
14291+static const unsigned char hmac_sha384_entropyinputreseed[] =
14292+ {
14293+ 0x77,0x61,0xba,0xbc,0xf2,0xc1,0xf3,0x4b,0x86,0x65,0xfd,0x48,
14294+ 0x0e,0x3c,0x02,0x5e,0xa2,0x7a,0x6b,0x7c,0xed,0x21,0x5e,0xf9,
14295+ 0xcd,0xcd,0x77,0x07,0x2b,0xbe,0xc5,0x5c
14296+ };
14297+
14298+__fips_constseg
14299+static const unsigned char hmac_sha384_additionalinputreseed[] =
14300+ {
14301+ 0x18,0x24,0x5f,0xc6,0x84,0xd1,0x67,0xc3,0x9a,0x11,0xa5,0x8c,
14302+ 0x07,0x39,0x21,0x83,0x4d,0x04,0xc4,0x6a,0x28,0x19,0xcf,0x92,
14303+ 0x21,0xd9,0x9e,0x41,0x72,0x6c,0x9e,0x63
14304+ };
14305+
14306+__fips_constseg
14307+static const unsigned char hmac_sha384_additionalinput2[] =
14308+ {
14309+ 0x96,0x67,0x41,0x28,0x9b,0xb7,0x92,0x8d,0x64,0x3b,0xe4,0xcf,
14310+ 0x7e,0xaa,0x1e,0xb1,0x4b,0x1d,0x09,0x56,0x67,0x9c,0xc6,0x6d,
14311+ 0x3b,0xe8,0x91,0x9d,0xe1,0x8a,0xb7,0x32
14312+ };
14313+
14314+__fips_constseg
14315+static const unsigned char hmac_sha384_returnedbits[] =
14316+ {
14317+ 0xe3,0x59,0x61,0x38,0x92,0xec,0xe2,0x3c,0xff,0xb7,0xdb,0x19,
14318+ 0x0f,0x5b,0x93,0x68,0x0d,0xa4,0x94,0x40,0x72,0x0b,0xe0,0xed,
14319+ 0x4d,0xcd,0x68,0xa0,0x1e,0xfe,0x67,0xb2,0xfa,0x21,0x56,0x74,
14320+ 0xa4,0xad,0xcf,0xb7,0x60,0x66,0x2e,0x40,0xde,0x82,0xca,0xfb
14321+ };
14322+
14323+
14324+/* HMAC SHA-512 PR */
14325+__fips_constseg
14326+static const unsigned char hmac_sha512_pr_entropyinput[] =
14327+ {
14328+ 0xaa,0x9e,0x45,0x67,0x0e,0x00,0x2a,0x67,0x98,0xd6,0xda,0x0b,
14329+ 0x0f,0x17,0x7e,0xac,0xfd,0x27,0xc4,0xca,0x84,0xdf,0xde,0xba,
14330+ 0x85,0xd9,0xbe,0x8f,0xf3,0xff,0x91,0x4d
14331+ };
14332+
14333+__fips_constseg
14334+static const unsigned char hmac_sha512_pr_nonce[] =
14335+ {
14336+ 0x8c,0x49,0x2f,0x58,0x1e,0x7a,0xda,0x4b,0x7e,0x8a,0x30,0x7b,
14337+ 0x86,0xea,0xaf,0xa2
14338+ };
14339+
14340+__fips_constseg
14341+static const unsigned char hmac_sha512_pr_personalizationstring[] =
14342+ {
14343+ 0x71,0xe1,0xbb,0xad,0xa7,0x4b,0x2e,0x31,0x3b,0x0b,0xec,0x24,
14344+ 0x99,0x38,0xbc,0xaa,0x05,0x4c,0x46,0x44,0xfa,0xad,0x8e,0x02,
14345+ 0xc1,0x7e,0xad,0xec,0x54,0xa6,0xd0,0xad
14346+ };
14347+
14348+__fips_constseg
14349+static const unsigned char hmac_sha512_pr_additionalinput[] =
14350+ {
14351+ 0x3d,0x6e,0xa6,0xa8,0x29,0x2a,0xb2,0xf5,0x98,0x42,0xe4,0x92,
14352+ 0x78,0x22,0x67,0xfd,0x1b,0x15,0x1e,0x29,0xaa,0x71,0x3c,0x3c,
14353+ 0xe7,0x05,0x20,0xa9,0x29,0xc6,0x75,0x71
14354+ };
14355+
14356+__fips_constseg
14357+static const unsigned char hmac_sha512_pr_entropyinputpr[] =
14358+ {
14359+ 0xab,0xb9,0x16,0xd8,0x55,0x35,0x54,0xb7,0x97,0x3f,0x94,0xbc,
14360+ 0x2f,0x7c,0x70,0xc7,0xd0,0xed,0xb7,0x4b,0xf7,0xf6,0x6c,0x03,
14361+ 0x0c,0xb0,0x03,0xd8,0xbb,0x71,0xd9,0x10
14362+ };
14363+
14364+__fips_constseg
14365+static const unsigned char hmac_sha512_pr_int_returnedbits[] =
14366+ {
14367+ 0x8e,0xd3,0xfd,0x52,0x9e,0x83,0x08,0x49,0x18,0x6e,0x23,0x56,
14368+ 0x5c,0x45,0x93,0x34,0x05,0xe2,0x98,0x8f,0x0c,0xd4,0x32,0x0c,
14369+ 0xfd,0xda,0x5f,0x92,0x3a,0x8c,0x81,0xbd,0xf6,0x6c,0x55,0xfd,
14370+ 0xb8,0x20,0xce,0x8d,0x97,0x27,0xe8,0xe8,0xe0,0xb3,0x85,0x50,
14371+ 0xa2,0xc2,0xb2,0x95,0x1d,0x48,0xd3,0x7b,0x4b,0x78,0x13,0x35,
14372+ 0x05,0x17,0xbe,0x0d
14373+ };
14374+
14375+__fips_constseg
14376+static const unsigned char hmac_sha512_pr_additionalinput2[] =
14377+ {
14378+ 0xc3,0xfc,0x95,0xaa,0x69,0x06,0xae,0x59,0x41,0xce,0x26,0x08,
14379+ 0x29,0x6d,0x45,0xda,0xe8,0xb3,0x6c,0x95,0x60,0x0f,0x70,0x2c,
14380+ 0x10,0xba,0x38,0x8c,0xcf,0x29,0x99,0xaa
14381+ };
14382+
14383+__fips_constseg
14384+static const unsigned char hmac_sha512_pr_entropyinputpr2[] =
14385+ {
14386+ 0x3b,0x9a,0x25,0xce,0xd7,0xf9,0x5c,0xd1,0x3a,0x3e,0xaa,0x71,
14387+ 0x14,0x3e,0x19,0xe8,0xce,0xe6,0xfe,0x51,0x84,0xe9,0x1b,0xfe,
14388+ 0x3f,0xa7,0xf2,0xfd,0x76,0x5f,0x6a,0xe7
14389+ };
14390+
14391+__fips_constseg
14392+static const unsigned char hmac_sha512_pr_returnedbits[] =
14393+ {
14394+ 0xb7,0x82,0xa9,0x57,0x81,0x67,0x53,0xb5,0xa1,0xe9,0x3d,0x35,
14395+ 0xf9,0xe4,0x97,0xbe,0xa6,0xca,0xf1,0x01,0x13,0x09,0xe7,0x21,
14396+ 0xc0,0xed,0x93,0x5d,0x4b,0xf4,0xeb,0x8d,0x53,0x25,0x8a,0xc4,
14397+ 0xb1,0x6f,0x6e,0x37,0xcd,0x2e,0xac,0x39,0xb2,0xb6,0x99,0xa3,
14398+ 0x82,0x00,0xb0,0x21,0xf0,0xc7,0x2f,0x4c,0x73,0x92,0xfd,0x00,
14399+ 0xb6,0xaf,0xbc,0xd3
14400+ };
14401+
14402+
14403+/* HMAC SHA-512 No PR */
14404+__fips_constseg
14405+static const unsigned char hmac_sha512_entropyinput[] =
14406+ {
14407+ 0x6e,0x85,0xe6,0x25,0x96,0x29,0xa7,0x52,0x5b,0x60,0xba,0xaa,
14408+ 0xde,0xdb,0x36,0x0a,0x51,0x9a,0x15,0xae,0x6e,0x18,0xd3,0xfe,
14409+ 0x39,0xb9,0x4a,0x96,0xf8,0x77,0xcb,0x95
14410+ };
14411+
14412+__fips_constseg
14413+static const unsigned char hmac_sha512_nonce[] =
14414+ {
14415+ 0xe0,0xa6,0x5d,0x08,0xc3,0x7c,0xae,0x25,0x2e,0x80,0xd1,0x3e,
14416+ 0xd9,0xaf,0x43,0x3c
14417+ };
14418+
14419+__fips_constseg
14420+static const unsigned char hmac_sha512_personalizationstring[] =
14421+ {
14422+ 0x53,0x99,0x52,0x5f,0x11,0xa9,0x64,0x66,0x20,0x5e,0x1b,0x5f,
14423+ 0x42,0xb3,0xf4,0xda,0xed,0xbb,0x63,0xc1,0x23,0xaf,0xd0,0x01,
14424+ 0x90,0x3b,0xd0,0x78,0xe4,0x0b,0xa7,0x20
14425+ };
14426+
14427+__fips_constseg
14428+static const unsigned char hmac_sha512_additionalinput[] =
14429+ {
14430+ 0x85,0x90,0x80,0xd3,0x98,0xf1,0x53,0x6d,0x68,0x15,0x8f,0xe5,
14431+ 0x60,0x3f,0x17,0x29,0x55,0x8d,0x33,0xb1,0x45,0x64,0x64,0x8d,
14432+ 0x50,0x21,0x89,0xae,0xf6,0xfd,0x32,0x73
14433+ };
14434+
14435+__fips_constseg
14436+static const unsigned char hmac_sha512_int_returnedbits[] =
14437+ {
14438+ 0x28,0x56,0x30,0x6f,0xf4,0xa1,0x48,0xe0,0xc9,0xf5,0x75,0x90,
14439+ 0xcc,0xfb,0xdf,0xdf,0x71,0x3d,0x0a,0x9a,0x03,0x65,0x3b,0x18,
14440+ 0x61,0xe3,0xd1,0xda,0xcc,0x4a,0xfe,0x55,0x38,0xf8,0x21,0x6b,
14441+ 0xfa,0x18,0x01,0x42,0x39,0x2f,0x99,0x53,0x38,0x15,0x82,0x34,
14442+ 0xc5,0x93,0x92,0xbc,0x4d,0x75,0x1a,0x5f,0x21,0x27,0xcc,0xa1,
14443+ 0xb1,0x57,0x69,0xe8
14444+ };
14445+
14446+__fips_constseg
14447+static const unsigned char hmac_sha512_entropyinputreseed[] =
14448+ {
14449+ 0x8c,0x52,0x7e,0x77,0x72,0x3f,0xa3,0x04,0x97,0x10,0x9b,0x41,
14450+ 0xbd,0xe8,0xff,0x89,0xed,0x80,0xe3,0xbd,0xaa,0x12,0x2d,0xca,
14451+ 0x75,0x82,0x36,0x77,0x88,0xcd,0xa6,0x73
14452+ };
14453+
14454+__fips_constseg
14455+static const unsigned char hmac_sha512_additionalinputreseed[] =
14456+ {
14457+ 0x7e,0x32,0xe3,0x69,0x69,0x07,0x34,0xa2,0x16,0xa2,0x5d,0x1a,
14458+ 0x10,0x91,0xd3,0xe2,0x21,0xa2,0xa3,0xdd,0xcd,0x0c,0x09,0x86,
14459+ 0x11,0xe1,0x50,0xff,0x5c,0xb7,0xeb,0x5c
14460+ };
14461+
14462+__fips_constseg
14463+static const unsigned char hmac_sha512_additionalinput2[] =
14464+ {
14465+ 0x7f,0x78,0x66,0xd8,0xfb,0x67,0xcf,0x8d,0x8c,0x08,0x30,0xa5,
14466+ 0xf8,0x7d,0xcf,0x44,0x59,0xce,0xf8,0xdf,0x58,0xd3,0x60,0xcb,
14467+ 0xa8,0x60,0xb9,0x07,0xc4,0xb1,0x95,0x48
14468+ };
14469+
14470+__fips_constseg
14471+static const unsigned char hmac_sha512_returnedbits[] =
14472+ {
14473+ 0xdf,0xa7,0x36,0xd4,0xdc,0x5d,0x4d,0x31,0xad,0x69,0x46,0x9f,
14474+ 0xf1,0x7c,0xd7,0x3b,0x4f,0x55,0xf2,0xd7,0xb9,0x9d,0xad,0x7a,
14475+ 0x79,0x08,0x59,0xa5,0xdc,0x74,0xf5,0x9b,0x73,0xd2,0x13,0x25,
14476+ 0x0b,0x81,0x08,0x08,0x25,0xfb,0x39,0xf2,0xf0,0xa3,0xa4,0x8d,
14477+ 0xef,0x05,0x9e,0xb8,0xc7,0x52,0xe4,0x0e,0x42,0xaa,0x7c,0x79,
14478+ 0xc2,0xd6,0xfd,0xa5
14479+ };
14480+
37d333a7
MT		 14481diff -up openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c
14482--- openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c.fips 2013-02-19 12:47:33.739118872 +0100
14483+++ openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c 2013-02-19 12:47:33.739118872 +0100
0595faf5
MT		 14484@@ -0,0 +1,193 @@
14485+/* ====================================================================
14486+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
14487+ *
14488+ * Redistribution and use in source and binary forms, with or without
14489+ * modification, are permitted provided that the following conditions
14490+ * are met:
14491+ *
14492+ * 1. Redistributions of source code must retain the above copyright
14493+ * notice, this list of conditions and the following disclaimer.
14494+ *
14495+ * 2. Redistributions in binary form must reproduce the above copyright
14496+ * notice, this list of conditions and the following disclaimer in
14497+ * the documentation and/or other materials provided with the
14498+ * distribution.
14499+ *
14500+ * 3. All advertising materials mentioning features or use of this
14501+ * software must display the following acknowledgment:
14502+ * "This product includes software developed by the OpenSSL Project
14503+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
14504+ *
14505+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
14506+ * endorse or promote products derived from this software without
14507+ * prior written permission. For written permission, please contact
14508+ * openssl-core@openssl.org.
14509+ *
14510+ * 5. Products derived from this software may not be called "OpenSSL"
14511+ * nor may "OpenSSL" appear in their names without prior written
14512+ * permission of the OpenSSL Project.
14513+ *
14514+ * 6. Redistributions of any form whatsoever must retain the following
14515+ * acknowledgment:
14516+ * "This product includes software developed by the OpenSSL Project
14517+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
14518+ *
14519+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
14520+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
14521+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
14522+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
14523+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
14524+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
14525+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
14526+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
14527+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
14528+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
14529+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
14530+ * OF THE POSSIBILITY OF SUCH DAMAGE.
14531+ *
14532+ */
14533+
14534+#include <string.h>
14535+#include <openssl/crypto.h>
14536+#include <openssl/dsa.h>
14537+#include <openssl/fips.h>
14538+#include <openssl/err.h>
14539+#include <openssl/evp.h>
14540+#include <openssl/bn.h>
14541+#include "fips_locl.h"
14542+
14543+#ifdef OPENSSL_FIPS
14544+
14545+static const unsigned char dsa_test_2048_p[] = {
14546+ 0xa8,0x53,0x78,0xd8,0xfd,0x3f,0x8d,0x72,0xec,0x74,0x18,0x08,
14547+ 0x0d,0xa2,0x13,0x17,0xe4,0x3e,0xc4,0xb6,0x2b,0xa8,0xc8,0x62,
14548+ 0x3b,0x7e,0x4d,0x04,0x44,0x1d,0xd1,0xa0,0x65,0x86,0x62,0x59,
14549+ 0x64,0x93,0xca,0x8e,0x9e,0x8f,0xbb,0x7e,0x34,0xaa,0xdd,0xb6,
14550+ 0x2e,0x5d,0x67,0xb6,0xd0,0x9a,0x6e,0x61,0xb7,0x69,0xe7,0xc3,
14551+ 0x52,0xaa,0x2b,0x10,0xe2,0x0c,0xa0,0x63,0x69,0x63,0xb5,0x52,
14552+ 0x3e,0x86,0x47,0x0d,0xec,0xbb,0xed,0xa0,0x27,0xe7,0x97,0xe7,
14553+ 0xb6,0x76,0x35,0xd4,0xd4,0x9c,0x30,0x70,0x0e,0x74,0xaf,0x8a,
14554+ 0x0f,0xf1,0x56,0xa8,0x01,0xaf,0x57,0xa2,0x6e,0x70,0x78,0xf1,
14555+ 0xd8,0x2f,0x74,0x90,0x8e,0xcb,0x6d,0x07,0xe7,0x0b,0x35,0x03,
14556+ 0xee,0xd9,0x4f,0xa3,0x2c,0xf1,0x7a,0x7f,0xc3,0xd6,0xcf,0x40,
14557+ 0xdc,0x7b,0x00,0x83,0x0e,0x6a,0x25,0x66,0xdc,0x07,0x3e,0x34,
14558+ 0x33,0x12,0x51,0x7c,0x6a,0xa5,0x15,0x2b,0x4b,0xfe,0xcd,0x2e,
14559+ 0x55,0x1f,0xee,0x34,0x63,0x18,0xa1,0x53,0x42,0x3c,0x99,0x6b,
14560+ 0x0d,0x5d,0xcb,0x91,0x02,0xae,0xdd,0x38,0x79,0x86,0x16,0xf1,
14561+ 0xf1,0xe0,0xd6,0xc4,0x03,0x52,0x5b,0x1f,0x9b,0x3d,0x4d,0xc7,
14562+ 0x66,0xde,0x2d,0xfc,0x4a,0x56,0xd7,0xb8,0xba,0x59,0x63,0xd6,
14563+ 0x0f,0x3e,0x16,0x31,0x88,0x70,0xad,0x43,0x69,0x52,0xe5,0x57,
14564+ 0x65,0x37,0x4e,0xab,0x85,0xe8,0xec,0x17,0xd6,0xb9,0xa4,0x54,
14565+ 0x7b,0x9b,0x5f,0x27,0x52,0xf3,0x10,0x5b,0xe8,0x09,0xb2,0x3a,
14566+ 0x2c,0x8d,0x74,0x69,0xdb,0x02,0xe2,0x4d,0x59,0x23,0x94,0xa7,
14567+ 0xdb,0xa0,0x69,0xe9
14568+};
14569+
14570+static const unsigned char dsa_test_2048_q[] = {
14571+ 0xd2,0x77,0x04,0x4e,0x50,0xf5,0xa4,0xe3,0xf5,0x10,0xa5,0x0a,
14572+ 0x0b,0x84,0xfd,0xff,0xbc,0xa0,0x47,0xed,0x27,0x60,0x20,0x56,
14573+ 0x74,0x41,0xa0,0xa5
14574+};
14575+
14576+static const unsigned char dsa_test_2048_g[] = {
14577+ 0x13,0xd7,0x54,0xe2,0x1f,0xd2,0x41,0x65,0x5d,0xa8,0x91,0xc5,
14578+ 0x22,0xa6,0x5a,0x72,0xa8,0x9b,0xdc,0x64,0xec,0x9b,0x54,0xa8,
14579+ 0x21,0xed,0x4a,0x89,0x8b,0x49,0x0e,0x0c,0x4f,0xcb,0x72,0x19,
14580+ 0x2a,0x4a,0x20,0xf5,0x41,0xf3,0xf2,0x92,0x53,0x99,0xf0,0xba,
14581+ 0xec,0xf9,0x29,0xaa,0xfb,0xf7,0x9d,0xfe,0x43,0x32,0x39,0x3b,
14582+ 0x32,0xcd,0x2e,0x2f,0xcf,0x27,0x2f,0x32,0xa6,0x27,0x43,0x4a,
14583+ 0x0d,0xf2,0x42,0xb7,0x5b,0x41,0x4d,0xf3,0x72,0x12,0x1e,0x53,
14584+ 0xa5,0x53,0xf2,0x22,0xf8,0x36,0xb0,0x00,0xf0,0x16,0x48,0x5b,
14585+ 0x6b,0xd0,0x89,0x84,0x51,0x80,0x1d,0xcd,0x8d,0xe6,0x4c,0xd5,
14586+ 0x36,0x56,0x96,0xff,0xc5,0x32,0xd5,0x28,0xc5,0x06,0x62,0x0a,
14587+ 0x94,0x2a,0x03,0x05,0x04,0x6d,0x8f,0x18,0x76,0x34,0x1f,0x1e,
14588+ 0x57,0x0b,0xc3,0x97,0x4b,0xa6,0xb9,0xa4,0x38,0xe9,0x70,0x23,
14589+ 0x02,0xa2,0xe6,0xe6,0x7b,0xfd,0x06,0xd3,0x2b,0xc6,0x79,0x96,
14590+ 0x22,0x71,0xd7,0xb4,0x0c,0xd7,0x2f,0x38,0x6e,0x64,0xe0,0xd7,
14591+ 0xef,0x86,0xca,0x8c,0xa5,0xd1,0x42,0x28,0xdc,0x2a,0x4f,0x16,
14592+ 0xe3,0x18,0x98,0x86,0xb5,0x99,0x06,0x74,0xf4,0x20,0x0f,0x3a,
14593+ 0x4c,0xf6,0x5a,0x3f,0x0d,0xdb,0xa1,0xfa,0x67,0x2d,0xff,0x2f,
14594+ 0x5e,0x14,0x3d,0x10,0xe4,0xe9,0x7a,0xe8,0x4f,0x6d,0xa0,0x95,
14595+ 0x35,0xd5,0xb9,0xdf,0x25,0x91,0x81,0xa7,0x9b,0x63,0xb0,0x69,
14596+ 0xe9,0x49,0x97,0x2b,0x02,0xba,0x36,0xb3,0x58,0x6a,0xab,0x7e,
14597+ 0x45,0xf3,0x22,0xf8,0x2e,0x4e,0x85,0xca,0x3a,0xb8,0x55,0x91,
14598+ 0xb3,0xc2,0xa9,0x66
14599+};
14600+
14601+static const unsigned char dsa_test_2048_pub_key[] = {
14602+ 0x24,0x52,0xf3,0xcc,0xbe,0x9e,0xd5,0xca,0x7d,0xc7,0x4c,0x60,
14603+ 0x2b,0x99,0x22,0x6e,0x8f,0x2f,0xab,0x38,0xe7,0xd7,0xdd,0xfb,
14604+ 0x75,0x53,0x9b,0x17,0x15,0x5e,0x9f,0xcf,0xd1,0xab,0xa5,0x64,
14605+ 0xeb,0x85,0x35,0xd8,0x12,0xc9,0xc2,0xdc,0xf9,0x72,0x84,0x44,
14606+ 0x1b,0xc4,0x82,0x24,0x36,0x24,0xc7,0xf4,0x57,0x58,0x0c,0x1c,
14607+ 0x38,0xa5,0x7c,0x46,0xc4,0x57,0x39,0x24,0x70,0xed,0xb5,0x2c,
14608+ 0xb5,0xa6,0xe0,0x3f,0xe6,0x28,0x7b,0xb6,0xf4,0x9a,0x42,0xa2,
14609+ 0x06,0x5a,0x05,0x4f,0x03,0x08,0x39,0xdf,0x1f,0xd3,0x14,0x9c,
14610+ 0x4c,0xa0,0x53,0x1d,0xd8,0xca,0x8a,0xaa,0x9c,0xc7,0x33,0x71,
14611+ 0x93,0x38,0x73,0x48,0x33,0x61,0x18,0x22,0x45,0x45,0xe8,0x8c,
14612+ 0x80,0xff,0xd8,0x76,0x5d,0x74,0x36,0x03,0x33,0xcc,0xab,0x99,
14613+ 0x72,0x77,0x9b,0x65,0x25,0xa6,0x5b,0xdd,0x0d,0x10,0xc6,0x75,
14614+ 0xc1,0x09,0xbb,0xd3,0xe5,0xbe,0x4d,0x72,0xef,0x6e,0xba,0x6e,
14615+ 0x43,0x8d,0x52,0x26,0x23,0x7d,0xb8,0x88,0x37,0x9c,0x5f,0xcc,
14616+ 0x47,0xa3,0x84,0x7f,0xf6,0x37,0x11,0xba,0xed,0x6d,0x03,0xaf,
14617+ 0xe8,0x1e,0x69,0x4a,0x41,0x3b,0x68,0x0b,0xd3,0x8a,0xb4,0x90,
14618+ 0x3f,0x83,0x70,0xa7,0x07,0xef,0x55,0x1d,0x49,0x41,0x02,0x6d,
14619+ 0x95,0x79,0xd6,0x91,0xde,0x8e,0xda,0xa1,0x61,0x05,0xeb,0x9d,
14620+ 0xba,0x3c,0x2f,0x4c,0x1b,0xec,0x50,0x82,0x75,0xaa,0x02,0x07,
14621+ 0xe2,0x51,0xb5,0xec,0xcb,0x28,0x6a,0x4b,0x01,0xd4,0x49,0xd3,
14622+ 0x0a,0xcb,0x67,0x37,0x17,0xa0,0xd2,0xfb,0x3b,0x50,0xc8,0x93,
14623+ 0xf7,0xda,0xb1,0x4f
14624+};
14625+
14626+static const unsigned char dsa_test_2048_priv_key[] = {
14627+ 0x0c,0x4b,0x30,0x89,0xd1,0xb8,0x62,0xcb,0x3c,0x43,0x64,0x91,
14628+ 0xf0,0x91,0x54,0x70,0xc5,0x27,0x96,0xe3,0xac,0xbe,0xe8,0x00,
14629+ 0xec,0x55,0xf6,0xcc
14630+};
14631+
14632+static int corrupt_dsa;
14633+
14634+void FIPS_corrupt_dsa()
14635+ {
14636+ corrupt_dsa = 1;
14637+ }
14638+
14639+int FIPS_selftest_dsa()
14640+ {
14641+ DSA *dsa = NULL;
14642+ EVP_PKEY *pk = NULL;
14643+ int ret = 0;
14644+
14645+ dsa = DSA_new();
14646+
14647+ if(dsa == NULL)
14648+ goto err;
14649+
14650+ fips_load_key_component(dsa, p, dsa_test_2048);
14651+ fips_load_key_component(dsa, q, dsa_test_2048);
14652+ fips_load_key_component(dsa, g, dsa_test_2048);
14653+ fips_load_key_component(dsa, pub_key, dsa_test_2048);
14654+ fips_load_key_component(dsa, priv_key, dsa_test_2048);
14655+
14656+ if (corrupt_dsa)
14657+ BN_set_bit(dsa->pub_key, 2047);
14658+
14659+ if ((pk=EVP_PKEY_new()) == NULL)
14660+ goto err;
14661+
14662+ EVP_PKEY_assign_DSA(pk, dsa);
14663+
14664+ if (!fips_pkey_signature_test(pk, NULL, 0,
14665+ NULL, 0, EVP_sha256(), 0,
14666+ "DSA SHA256"))
14667+ goto err;
14668+ ret = 1;
14669+
14670+ err:
14671+ if (pk)
14672+ EVP_PKEY_free(pk);
14673+ else if (dsa)
14674+ DSA_free(dsa);
14675+ return ret;
14676+ }
14677+#endif
37d333a7
MT		 14678diff -up openssl-1.0.1e/crypto/fips/fips_enc.c.fips openssl-1.0.1e/crypto/fips/fips_enc.c
14679--- openssl-1.0.1e/crypto/fips/fips_enc.c.fips 2013-02-19 12:47:33.739118872 +0100
14680+++ openssl-1.0.1e/crypto/fips/fips_enc.c 2013-02-19 12:47:33.739118872 +0100
0595faf5
MT		 14681@@ -0,0 +1,191 @@
14682+/* fipe/evp/fips_enc.c */
14683+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
14684+ * All rights reserved.
14685+ *
14686+ * This package is an SSL implementation written
14687+ * by Eric Young (eay@cryptsoft.com).
14688+ * The implementation was written so as to conform with Netscapes SSL.
14689+ *
14690+ * This library is free for commercial and non-commercial use as long as
14691+ * the following conditions are aheared to. The following conditions
14692+ * apply to all code found in this distribution, be it the RC4, RSA,
14693+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
14694+ * included with this distribution is covered by the same copyright terms
14695+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14696+ *
14697+ * Copyright remains Eric Young's, and as such any Copyright notices in
14698+ * the code are not to be removed.
14699+ * If this package is used in a product, Eric Young should be given attribution
14700+ * as the author of the parts of the library used.
14701+ * This can be in the form of a textual message at program startup or
14702+ * in documentation (online or textual) provided with the package.
14703+ *
14704+ * Redistribution and use in source and binary forms, with or without
14705+ * modification, are permitted provided that the following conditions
14706+ * are met:
14707+ * 1. Redistributions of source code must retain the copyright
14708+ * notice, this list of conditions and the following disclaimer.
14709+ * 2. Redistributions in binary form must reproduce the above copyright
14710+ * notice, this list of conditions and the following disclaimer in the
14711+ * documentation and/or other materials provided with the distribution.
14712+ * 3. All advertising materials mentioning features or use of this software
14713+ * must display the following acknowledgement:
14714+ * "This product includes cryptographic software written by
14715+ * Eric Young (eay@cryptsoft.com)"
14716+ * The word 'cryptographic' can be left out if the rouines from the library
14717+ * being used are not cryptographic related :-).
14718+ * 4. If you include any Windows specific code (or a derivative thereof) from
14719+ * the apps directory (application code) you must include an acknowledgement:
14720+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
14721+ *
14722+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
14723+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
14724+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
14725+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
14726+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
14727+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
14728+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
14729+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
14730+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
14731+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
14732+ * SUCH DAMAGE.
14733+ *
14734+ * The licence and distribution terms for any publically available version or
14735+ * derivative of this code cannot be changed. i.e. this code cannot simply be
14736+ * copied and put under another distribution licence
14737+ * [including the GNU Public Licence.]
14738+ */
14739+
14740+#include <stdio.h>
14741+#include <string.h>
14742+#include <openssl/evp.h>
14743+#include <openssl/err.h>
14744+#include <openssl/fips.h>
14745+
14746+const EVP_CIPHER *FIPS_get_cipherbynid(int nid)
14747+ {
14748+ switch (nid)
14749+ {
14750+ case NID_aes_128_cbc:
14751+ return EVP_aes_128_cbc();
14752+
14753+ case NID_aes_128_ccm:
14754+ return EVP_aes_128_ccm();
14755+
14756+ case NID_aes_128_cfb1:
14757+ return EVP_aes_128_cfb1();
14758+
14759+ case NID_aes_128_cfb128:
14760+ return EVP_aes_128_cfb128();
14761+
14762+ case NID_aes_128_cfb8:
14763+ return EVP_aes_128_cfb8();
14764+
14765+ case NID_aes_128_ctr:
14766+ return EVP_aes_128_ctr();
14767+
14768+ case NID_aes_128_ecb:
14769+ return EVP_aes_128_ecb();
14770+
14771+ case NID_aes_128_gcm:
14772+ return EVP_aes_128_gcm();
14773+
14774+ case NID_aes_128_ofb128:
14775+ return EVP_aes_128_ofb();
14776+
14777+ case NID_aes_128_xts:
14778+ return EVP_aes_128_xts();
14779+
14780+ case NID_aes_192_cbc:
14781+ return EVP_aes_192_cbc();
14782+
14783+ case NID_aes_192_ccm:
14784+ return EVP_aes_192_ccm();
14785+
14786+ case NID_aes_192_cfb1:
14787+ return EVP_aes_192_cfb1();
14788+
14789+ case NID_aes_192_cfb128:
14790+ return EVP_aes_192_cfb128();
14791+
14792+ case NID_aes_192_cfb8:
14793+ return EVP_aes_192_cfb8();
14794+
14795+ case NID_aes_192_ctr:
14796+ return EVP_aes_192_ctr();
14797+
14798+ case NID_aes_192_ecb:
14799+ return EVP_aes_192_ecb();
14800+
14801+ case NID_aes_192_gcm:
14802+ return EVP_aes_192_gcm();
14803+
14804+ case NID_aes_192_ofb128:
14805+ return EVP_aes_192_ofb();
14806+
14807+ case NID_aes_256_cbc:
14808+ return EVP_aes_256_cbc();
14809+
14810+ case NID_aes_256_ccm:
14811+ return EVP_aes_256_ccm();
14812+
14813+ case NID_aes_256_cfb1:
14814+ return EVP_aes_256_cfb1();
14815+
14816+ case NID_aes_256_cfb128:
14817+ return EVP_aes_256_cfb128();
14818+
14819+ case NID_aes_256_cfb8:
14820+ return EVP_aes_256_cfb8();
14821+
14822+ case NID_aes_256_ctr:
14823+ return EVP_aes_256_ctr();
14824+
14825+ case NID_aes_256_ecb:
14826+ return EVP_aes_256_ecb();
14827+
14828+ case NID_aes_256_gcm:
14829+ return EVP_aes_256_gcm();
14830+
14831+ case NID_aes_256_ofb128:
14832+ return EVP_aes_256_ofb();
14833+
14834+ case NID_aes_256_xts:
14835+ return EVP_aes_256_xts();
14836+
14837+ case NID_des_ede_ecb:
14838+ return EVP_des_ede();
14839+
14840+ case NID_des_ede3_ecb:
14841+ return EVP_des_ede3();
14842+
14843+ case NID_des_ede3_cbc:
14844+ return EVP_des_ede3_cbc();
14845+
14846+ case NID_des_ede3_cfb1:
14847+ return EVP_des_ede3_cfb1();
14848+
14849+ case NID_des_ede3_cfb64:
14850+ return EVP_des_ede3_cfb64();
14851+
14852+ case NID_des_ede3_cfb8:
14853+ return EVP_des_ede3_cfb8();
14854+
14855+ case NID_des_ede3_ofb64:
14856+ return EVP_des_ede3_ofb();
14857+
14858+ case NID_des_ede_cbc:
14859+ return EVP_des_ede_cbc();
14860+
14861+ case NID_des_ede_cfb64:
14862+ return EVP_des_ede_cfb64();
14863+
14864+ case NID_des_ede_ofb64:
14865+ return EVP_des_ede_ofb();
14866+
14867+ default:
14868+ return NULL;
14869+
14870+ }
14871+ }
14872+
37d333a7
MT		 14873diff -up openssl-1.0.1e/crypto/fips/fips.h.fips openssl-1.0.1e/crypto/fips/fips.h
14874--- openssl-1.0.1e/crypto/fips/fips.h.fips 2013-02-19 12:47:33.739118872 +0100
14875+++ openssl-1.0.1e/crypto/fips/fips.h 2013-02-19 12:47:33.739118872 +0100
0595faf5
MT		 14876@@ -0,0 +1,279 @@
14877+/* ====================================================================
14878+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
14879+ *
14880+ * Redistribution and use in source and binary forms, with or without
14881+ * modification, are permitted provided that the following conditions
14882+ * are met:
14883+ *
14884+ * 1. Redistributions of source code must retain the above copyright
14885+ * notice, this list of conditions and the following disclaimer.
14886+ *
14887+ * 2. Redistributions in binary form must reproduce the above copyright
14888+ * notice, this list of conditions and the following disclaimer in
14889+ * the documentation and/or other materials provided with the
14890+ * distribution.
14891+ *
14892+ * 3. All advertising materials mentioning features or use of this
14893+ * software must display the following acknowledgment:
14894+ * "This product includes software developed by the OpenSSL Project
14895+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
14896+ *
14897+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
14898+ * endorse or promote products derived from this software without
14899+ * prior written permission. For written permission, please contact
14900+ * openssl-core@openssl.org.
14901+ *
14902+ * 5. Products derived from this software may not be called "OpenSSL"
14903+ * nor may "OpenSSL" appear in their names without prior written
14904+ * permission of the OpenSSL Project.
14905+ *
14906+ * 6. Redistributions of any form whatsoever must retain the following
14907+ * acknowledgment:
14908+ * "This product includes software developed by the OpenSSL Project
14909+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
14910+ *
14911+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
14912+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
14913+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
14914+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
14915+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
14916+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
14917+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
14918+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
14919+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
14920+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
14921+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
14922+ * OF THE POSSIBILITY OF SUCH DAMAGE.
14923+ *
14924+ */
14925+
14926+#include <openssl/opensslconf.h>
14927+#include <openssl/crypto.h>
14928+#include <stdarg.h>
14929+
14930+#ifndef OPENSSL_FIPS
14931+#error FIPS is disabled.
14932+#endif
14933+
14934+#ifdef OPENSSL_FIPS
14935+
14936+#ifdef __cplusplus
14937+extern "C" {
14938+#endif
14939+
14940+struct dsa_st;
14941+struct rsa_st;
14942+struct evp_pkey_st;
14943+struct env_md_st;
14944+struct env_md_ctx_st;
14945+struct evp_cipher_st;
14946+struct evp_cipher_ctx_st;
14947+struct dh_method;
14948+struct CMAC_CTX_st;
14949+struct hmac_ctx_st;
14950+
14951+int FIPS_module_mode_set(int onoff, const char *auth);
14952+int FIPS_module_mode(void);
14953+const void *FIPS_rand_check(void);
14954+int FIPS_selftest(void);
14955+int FIPS_selftest_failed(void);
14956+void FIPS_corrupt_sha1(void);
14957+int FIPS_selftest_sha1(void);
14958+int FIPS_selftest_sha2(void);
14959+void FIPS_corrupt_aes(void);
14960+int FIPS_selftest_aes_ccm(void);
14961+int FIPS_selftest_aes_gcm(void);
14962+int FIPS_selftest_aes_xts(void);
14963+int FIPS_selftest_aes(void);
14964+void FIPS_corrupt_des(void);
14965+int FIPS_selftest_des(void);
14966+void FIPS_corrupt_rsa(void);
14967+void FIPS_corrupt_rsa_keygen(void);
14968+int FIPS_selftest_rsa(void);
14969+void FIPS_corrupt_dsa(void);
14970+void FIPS_corrupt_dsa_keygen(void);
14971+int FIPS_selftest_dsa(void);
14972+void FIPS_corrupt_rng(void);
14973+void FIPS_rng_stick(void);
14974+void FIPS_x931_stick(int onoff);
14975+void FIPS_drbg_stick(int onoff);
14976+int FIPS_selftest_rng(void);
14977+int FIPS_selftest_x931(void);
14978+int FIPS_selftest_hmac(void);
14979+int FIPS_selftest_drbg(void);
14980+int FIPS_selftest_drbg_all(void);
14981+int FIPS_selftest_cmac(void);
14982+
14983+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
14984+
14985+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
14986+ alg " previous FIPS forbidden algorithm error ignored");
14987+
14988+int fips_pkey_signature_test(struct evp_pkey_st *pkey,
14989+ const unsigned char *tbs, int tbslen,
14990+ const unsigned char *kat, unsigned int katlen,
14991+ const struct env_md_st *digest, unsigned int md_flags,
14992+ const char *fail_str);
14993+
14994+int fips_cipher_test(struct evp_cipher_ctx_st *ctx,
14995+ const struct evp_cipher_st *cipher,
14996+ const unsigned char *key,
14997+ const unsigned char *iv,
14998+ const unsigned char *plaintext,
14999+ const unsigned char *ciphertext,
15000+ int len);
15001+
15002+void fips_set_selftest_fail(void);
15003+
15004+const struct env_md_st *FIPS_get_digestbynid(int nid);
15005+
15006+const struct evp_cipher_st *FIPS_get_cipherbynid(int nid);
15007+
15008+
15009+/* BEGIN ERROR CODES */
15010+/* The following lines are auto generated by the script mkerr.pl. Any changes
15011+ * made after this point may be overwritten when the script is next run.
15012+ */
15013+void ERR_load_FIPS_strings(void);
15014+
15015+/* Error codes for the FIPS functions. */
15016+
15017+/* Function codes. */
15018+#define FIPS_F_DH_BUILTIN_GENPARAMS 100
15019+#define FIPS_F_DH_INIT 148
15020+#define FIPS_F_DRBG_RESEED 162
15021+#define FIPS_F_DSA_BUILTIN_PARAMGEN 101
15022+#define FIPS_F_DSA_BUILTIN_PARAMGEN2 107
15023+#define FIPS_F_DSA_DO_SIGN 102
15024+#define FIPS_F_DSA_DO_VERIFY 103
15025+#define FIPS_F_ECDH_COMPUTE_KEY 163
15026+#define FIPS_F_ECDSA_DO_SIGN 164
15027+#define FIPS_F_ECDSA_DO_VERIFY 165
15028+#define FIPS_F_EC_KEY_GENERATE_KEY 166
15029+#define FIPS_F_EVP_CIPHERINIT_EX 124
15030+#define FIPS_F_EVP_DIGESTINIT_EX 125
15031+#define FIPS_F_FIPS_CHECK_DSA 104
15032+#define FIPS_F_FIPS_CHECK_DSA_PRNG 151
15033+#define FIPS_F_FIPS_CHECK_EC 142
15034+#define FIPS_F_FIPS_CHECK_EC_PRNG 152
15035+#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105
15036+#define FIPS_F_FIPS_CHECK_RSA 106
15037+#define FIPS_F_FIPS_CHECK_RSA_PRNG 150
15038+#define FIPS_F_FIPS_CIPHER 160
15039+#define FIPS_F_FIPS_CIPHERINIT 143
15040+#define FIPS_F_FIPS_CIPHER_CTX_CTRL 161
15041+#define FIPS_F_FIPS_DIGESTFINAL 158
15042+#define FIPS_F_FIPS_DIGESTINIT 128
15043+#define FIPS_F_FIPS_DIGESTUPDATE 159
15044+#define FIPS_F_FIPS_DRBG_BYTES 131
15045+#define FIPS_F_FIPS_DRBG_CHECK 146
15046+#define FIPS_F_FIPS_DRBG_CPRNG_TEST 132
15047+#define FIPS_F_FIPS_DRBG_ERROR_CHECK 136
15048+#define FIPS_F_FIPS_DRBG_GENERATE 134
15049+#define FIPS_F_FIPS_DRBG_INIT 135
15050+#define FIPS_F_FIPS_DRBG_INSTANTIATE 138
15051+#define FIPS_F_FIPS_DRBG_NEW 139
15052+#define FIPS_F_FIPS_DRBG_RESEED 140
15053+#define FIPS_F_FIPS_DRBG_SINGLE_KAT 141
15054+#define FIPS_F_FIPS_DSA_CHECK /* unused */ 107
15055+#define FIPS_F_FIPS_DSA_SIGN_DIGEST 154
15056+#define FIPS_F_FIPS_DSA_VERIFY_DIGEST 155
15057+#define FIPS_F_FIPS_GET_ENTROPY 147
15058+#define FIPS_F_FIPS_MODE_SET /* unused */ 108
15059+#define FIPS_F_FIPS_MODULE_MODE_SET 108
15060+#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109
15061+#define FIPS_F_FIPS_RAND_ADD 137
15062+#define FIPS_F_FIPS_RAND_BYTES 122
15063+#define FIPS_F_FIPS_RAND_PSEUDO_BYTES 167
15064+#define FIPS_F_FIPS_RAND_SEED 168
15065+#define FIPS_F_FIPS_RAND_SET_METHOD 126
15066+#define FIPS_F_FIPS_RAND_STATUS 127
15067+#define FIPS_F_FIPS_RSA_SIGN_DIGEST 156
15068+#define FIPS_F_FIPS_RSA_VERIFY_DIGEST 157
15069+#define FIPS_F_FIPS_SELFTEST_AES 110
15070+#define FIPS_F_FIPS_SELFTEST_AES_CCM 145
15071+#define FIPS_F_FIPS_SELFTEST_AES_GCM 129
15072+#define FIPS_F_FIPS_SELFTEST_AES_XTS 144
15073+#define FIPS_F_FIPS_SELFTEST_CMAC 130
15074+#define FIPS_F_FIPS_SELFTEST_DES 111
15075+#define FIPS_F_FIPS_SELFTEST_DSA 112
15076+#define FIPS_F_FIPS_SELFTEST_ECDSA 133
15077+#define FIPS_F_FIPS_SELFTEST_HMAC 113
15078+#define FIPS_F_FIPS_SELFTEST_RNG /* unused */ 114
15079+#define FIPS_F_FIPS_SELFTEST_SHA1 115
15080+#define FIPS_F_FIPS_SELFTEST_X931 114
15081+#define FIPS_F_FIPS_SET_PRNG_KEY 153
15082+#define FIPS_F_HASH_FINAL 123
15083+#define FIPS_F_RSA_BUILTIN_KEYGEN 116
15084+#define FIPS_F_RSA_EAY_INIT 149
15085+#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 117
15086+#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 118
15087+#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 119
15088+#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 120
15089+#define FIPS_F_RSA_X931_GENERATE_KEY_EX 121
15090+#define FIPS_F_SSLEAY_RAND_BYTES /* unused */ 122
15091+
15092+/* Reason codes. */
15093+#define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED 150
15094+#define FIPS_R_ADDITIONAL_INPUT_TOO_LONG 125
15095+#define FIPS_R_ALREADY_INSTANTIATED 134
15096+#define FIPS_R_AUTHENTICATION_FAILURE 151
15097+#define FIPS_R_CANNOT_READ_EXE /* unused */ 103
15098+#define FIPS_R_CANNOT_READ_EXE_DIGEST /* unused */ 104
15099+#define FIPS_R_CONTRADICTING_EVIDENCE 114
15100+#define FIPS_R_DRBG_NOT_INITIALISED 152
15101+#define FIPS_R_DRBG_STUCK 103
15102+#define FIPS_R_ENTROPY_ERROR_UNDETECTED 104
15103+#define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105
15104+#define FIPS_R_ENTROPY_SOURCE_STUCK 142
15105+#define FIPS_R_ERROR_INITIALISING_DRBG 115
15106+#define FIPS_R_ERROR_INSTANTIATING_DRBG 127
15107+#define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 124
15108+#define FIPS_R_ERROR_RETRIEVING_ENTROPY 122
15109+#define FIPS_R_ERROR_RETRIEVING_NONCE 140
15110+#define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH /* unused */ 105
15111+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110
15112+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111
15113+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112
15114+#define FIPS_R_FIPS_MODE_ALREADY_SET 102
15115+#define FIPS_R_FIPS_SELFTEST_FAILED 106
15116+#define FIPS_R_FUNCTION_ERROR 116
15117+#define FIPS_R_GENERATE_ERROR 137
15118+#define FIPS_R_GENERATE_ERROR_UNDETECTED 118
15119+#define FIPS_R_INSTANTIATE_ERROR 119
15120+#define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 120
15121+#define FIPS_R_INTERNAL_ERROR 121
15122+#define FIPS_R_INVALID_KEY_LENGTH 109
15123+#define FIPS_R_INVALID_PARAMETERS 144
15124+#define FIPS_R_IN_ERROR_STATE 123
15125+#define FIPS_R_KEY_TOO_SHORT 108
15126+#define FIPS_R_NONCE_ERROR_UNDETECTED 149
15127+#define FIPS_R_NON_FIPS_METHOD 100
15128+#define FIPS_R_NOPR_TEST1_FAILURE 145
15129+#define FIPS_R_NOPR_TEST2_FAILURE 146
15130+#define FIPS_R_NOT_INSTANTIATED 126
15131+#define FIPS_R_PAIRWISE_TEST_FAILED 107
15132+#define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 128
15133+#define FIPS_R_PERSONALISATION_STRING_TOO_LONG 129
15134+#define FIPS_R_PRNG_STRENGTH_TOO_LOW 143
15135+#define FIPS_R_PR_TEST1_FAILURE 147
15136+#define FIPS_R_PR_TEST2_FAILURE 148
15137+#define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 130
15138+#define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 131
15139+#define FIPS_R_RESEED_COUNTER_ERROR 132
15140+#define FIPS_R_RESEED_ERROR 133
15141+#define FIPS_R_RSA_DECRYPT_ERROR /* unused */ 115
15142+#define FIPS_R_RSA_ENCRYPT_ERROR /* unused */ 116
15143+#define FIPS_R_SELFTEST_FAILED 101
15144+#define FIPS_R_SELFTEST_FAILURE 135
15145+#define FIPS_R_STRENGTH_ERROR_UNDETECTED 136
15146+#define FIPS_R_TEST_FAILURE 117
15147+#define FIPS_R_UNINSTANTIATE_ERROR 141
15148+#define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138
15149+#define FIPS_R_UNSUPPORTED_DRBG_TYPE 139
15150+#define FIPS_R_UNSUPPORTED_PLATFORM 113
15151+
15152+#ifdef __cplusplus
15153+}
15154+#endif
15155+#endif
37d333a7
MT		 15156diff -up openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c
15157--- openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c.fips 2013-02-19 12:47:33.739118872 +0100
15158+++ openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c 2013-02-19 12:47:33.740118893 +0100
0595faf5
MT		 15159@@ -0,0 +1,137 @@
15160+/* ====================================================================
15161+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
15162+ *
15163+ * Redistribution and use in source and binary forms, with or without
15164+ * modification, are permitted provided that the following conditions
15165+ * are met:
15166+ *
15167+ * 1. Redistributions of source code must retain the above copyright
15168+ * notice, this list of conditions and the following disclaimer.
15169+ *
15170+ * 2. Redistributions in binary form must reproduce the above copyright
15171+ * notice, this list of conditions and the following disclaimer in
15172+ * the documentation and/or other materials provided with the
15173+ * distribution.
15174+ *
15175+ * 3. All advertising materials mentioning features or use of this
15176+ * software must display the following acknowledgment:
15177+ * "This product includes software developed by the OpenSSL Project
15178+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
15179+ *
15180+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
15181+ * endorse or promote products derived from this software without
15182+ * prior written permission. For written permission, please contact
15183+ * openssl-core@openssl.org.
15184+ *
15185+ * 5. Products derived from this software may not be called "OpenSSL"
15186+ * nor may "OpenSSL" appear in their names without prior written
15187+ * permission of the OpenSSL Project.
15188+ *
15189+ * 6. Redistributions of any form whatsoever must retain the following
15190+ * acknowledgment:
15191+ * "This product includes software developed by the OpenSSL Project
15192+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
15193+ *
15194+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
15195+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15196+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15197+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
15198+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15199+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
15200+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
15201+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15202+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
15203+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
15204+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
15205+ * OF THE POSSIBILITY OF SUCH DAMAGE.
15206+ *
15207+ */
15208+
15209+#include <string.h>
15210+#include <openssl/err.h>
15211+#ifdef OPENSSL_FIPS
15212+#include <openssl/fips.h>
15213+#endif
15214+#include <openssl/hmac.h>
15215+
15216+#ifdef OPENSSL_FIPS
15217+typedef struct {
15218+ const EVP_MD *(*alg)(void);
15219+ const char *key, *iv;
15220+ unsigned char kaval[EVP_MAX_MD_SIZE];
15221+} HMAC_KAT;
15222+
15223+static const HMAC_KAT vector[] = {
15224+ { EVP_sha1,
15225+ /* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */
15226+ "0123456789:;<=>?@ABC",
15227+ "Sample #2",
15228+ { 0x09,0x22,0xd3,0x40,0x5f,0xaa,0x3d,0x19,
15229+ 0x4f,0x82,0xa4,0x58,0x30,0x73,0x7d,0x5c,
15230+ 0xc6,0xc7,0x5d,0x24 }
15231+ },
15232+ { EVP_sha224,
15233+ /* just keep extending the above... */
15234+ "0123456789:;<=>?@ABC",
15235+ "Sample #2",
15236+ { 0xdd,0xef,0x0a,0x40,0xcb,0x7d,0x50,0xfb,
15237+ 0x6e,0xe6,0xce,0xa1,0x20,0xba,0x26,0xaa,
15238+ 0x08,0xf3,0x07,0x75,0x87,0xb8,0xad,0x1b,
15239+ 0x8c,0x8d,0x12,0xc7 }
15240+ },
15241+ { EVP_sha256,
15242+ "0123456789:;<=>?@ABC",
15243+ "Sample #2",
15244+ { 0xb8,0xf2,0x0d,0xb5,0x41,0xea,0x43,0x09,
15245+ 0xca,0x4e,0xa9,0x38,0x0c,0xd0,0xe8,0x34,
15246+ 0xf7,0x1f,0xbe,0x91,0x74,0xa2,0x61,0x38,
15247+ 0x0d,0xc1,0x7e,0xae,0x6a,0x34,0x51,0xd9 }
15248+ },
15249+ { EVP_sha384,
15250+ "0123456789:;<=>?@ABC",
15251+ "Sample #2",
15252+ { 0x08,0xbc,0xb0,0xda,0x49,0x1e,0x87,0xad,
15253+ 0x9a,0x1d,0x6a,0xce,0x23,0xc5,0x0b,0xf6,
15254+ 0xb7,0x18,0x06,0xa5,0x77,0xcd,0x49,0x04,
15255+ 0x89,0xf1,0xe6,0x23,0x44,0x51,0x51,0x9f,
15256+ 0x85,0x56,0x80,0x79,0x0c,0xbd,0x4d,0x50,
15257+ 0xa4,0x5f,0x29,0xe3,0x93,0xf0,0xe8,0x7f }
15258+ },
15259+ { EVP_sha512,
15260+ "0123456789:;<=>?@ABC",
15261+ "Sample #2",
15262+ { 0x80,0x9d,0x44,0x05,0x7c,0x5b,0x95,0x41,
15263+ 0x05,0xbd,0x04,0x13,0x16,0xdb,0x0f,0xac,
15264+ 0x44,0xd5,0xa4,0xd5,0xd0,0x89,0x2b,0xd0,
15265+ 0x4e,0x86,0x64,0x12,0xc0,0x90,0x77,0x68,
15266+ 0xf1,0x87,0xb7,0x7c,0x4f,0xae,0x2c,0x2f,
15267+ 0x21,0xa5,0xb5,0x65,0x9a,0x4f,0x4b,0xa7,
15268+ 0x47,0x02,0xa3,0xde,0x9b,0x51,0xf1,0x45,
15269+ 0xbd,0x4f,0x25,0x27,0x42,0x98,0x99,0x05 }
15270+ },
15271+};
15272+
15273+int FIPS_selftest_hmac()
15274+ {
15275+ int n;
15276+ unsigned int outlen;
15277+ unsigned char out[EVP_MAX_MD_SIZE];
15278+ const EVP_MD *md;
15279+ const HMAC_KAT *t;
15280+
15281+ for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
15282+ {
15283+ md = (*t->alg)();
15284+ HMAC(md,t->key,strlen(t->key),
15285+ (const unsigned char *)t->iv,strlen(t->iv),
15286+ out,&outlen);
15287+
15288+ if(memcmp(out,t->kaval,outlen))
15289+ {
15290+ FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
15291+ return 0;
15292+ }
15293+ }
15294+ return 1;
15295+ }
15296+#endif
37d333a7
MT		 15297diff -up openssl-1.0.1e/crypto/fips/fips_locl.h.fips openssl-1.0.1e/crypto/fips/fips_locl.h
15298--- openssl-1.0.1e/crypto/fips/fips_locl.h.fips 2013-02-19 12:47:33.740118893 +0100
15299+++ openssl-1.0.1e/crypto/fips/fips_locl.h 2013-02-19 12:47:33.740118893 +0100
0595faf5
MT		 15300@@ -0,0 +1,71 @@
15301+/* ====================================================================
15302+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
15303+ *
15304+ * Redistribution and use in source and binary forms, with or without
15305+ * modification, are permitted provided that the following conditions
15306+ * are met:
15307+ *
15308+ * 1. Redistributions of source code must retain the above copyright
15309+ * notice, this list of conditions and the following disclaimer.
15310+ *
15311+ * 2. Redistributions in binary form must reproduce the above copyright
15312+ * notice, this list of conditions and the following disclaimer in
15313+ * the documentation and/or other materials provided with the
15314+ * distribution.
15315+ *
15316+ * 3. All advertising materials mentioning features or use of this
15317+ * software must display the following acknowledgment:
15318+ * "This product includes software developed by the OpenSSL Project
15319+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
15320+ *
15321+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
15322+ * endorse or promote products derived from this software without
15323+ * prior written permission. For written permission, please contact
15324+ * openssl-core@openssl.org.
15325+ *
15326+ * 5. Products derived from this software may not be called "OpenSSL"
15327+ * nor may "OpenSSL" appear in their names without prior written
15328+ * permission of the OpenSSL Project.
15329+ *
15330+ * 6. Redistributions of any form whatsoever must retain the following
15331+ * acknowledgment:
15332+ * "This product includes software developed by the OpenSSL Project
15333+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
15334+ *
15335+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
15336+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15337+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15338+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
15339+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15340+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
15341+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
15342+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15343+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
15344+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
15345+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
15346+ * OF THE POSSIBILITY OF SUCH DAMAGE.
15347+ *
15348+ */
15349+
15350+#ifdef OPENSSL_FIPS
15351+
15352+#ifdef __cplusplus
15353+extern "C" {
15354+#endif
15355+
15356+#define FIPS_MAX_CIPHER_TEST_SIZE 32
15357+#define fips_load_key_component(key, comp, pre) \
15358+ key->comp = BN_bin2bn(pre##_##comp, sizeof(pre##_##comp), key->comp); \
15359+ if (!key->comp) \
15360+ goto err
15361+
15362+#define fips_post_started(id, subid, ex) 1
15363+#define fips_post_success(id, subid, ex) 1
15364+#define fips_post_failed(id, subid, ex) 1
15365+#define fips_post_corrupt(id, subid, ex) 1
15366+#define fips_post_status() 1
15367+
15368+#ifdef __cplusplus
15369+}
15370+#endif
15371+#endif
37d333a7
MT		 15372diff -up openssl-1.0.1e/crypto/fips/fips_md.c.fips openssl-1.0.1e/crypto/fips/fips_md.c
15373--- openssl-1.0.1e/crypto/fips/fips_md.c.fips 2013-02-19 12:47:33.740118893 +0100
15374+++ openssl-1.0.1e/crypto/fips/fips_md.c 2013-02-19 12:47:33.740118893 +0100
0595faf5
MT		 15375@@ -0,0 +1,145 @@
15376+/* fips/evp/fips_md.c */
15377+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
15378+ * All rights reserved.
15379+ *
15380+ * This package is an SSL implementation written
15381+ * by Eric Young (eay@cryptsoft.com).
15382+ * The implementation was written so as to conform with Netscapes SSL.
15383+ *
15384+ * This library is free for commercial and non-commercial use as long as
15385+ * the following conditions are aheared to. The following conditions
15386+ * apply to all code found in this distribution, be it the RC4, RSA,
15387+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
15388+ * included with this distribution is covered by the same copyright terms
15389+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15390+ *
15391+ * Copyright remains Eric Young's, and as such any Copyright notices in
15392+ * the code are not to be removed.
15393+ * If this package is used in a product, Eric Young should be given attribution
15394+ * as the author of the parts of the library used.
15395+ * This can be in the form of a textual message at program startup or
15396+ * in documentation (online or textual) provided with the package.
15397+ *
15398+ * Redistribution and use in source and binary forms, with or without
15399+ * modification, are permitted provided that the following conditions
15400+ * are met:
15401+ * 1. Redistributions of source code must retain the copyright
15402+ * notice, this list of conditions and the following disclaimer.
15403+ * 2. Redistributions in binary form must reproduce the above copyright
15404+ * notice, this list of conditions and the following disclaimer in the
15405+ * documentation and/or other materials provided with the distribution.
15406+ * 3. All advertising materials mentioning features or use of this software
15407+ * must display the following acknowledgement:
15408+ * "This product includes cryptographic software written by
15409+ * Eric Young (eay@cryptsoft.com)"
15410+ * The word 'cryptographic' can be left out if the rouines from the library
15411+ * being used are not cryptographic related :-).
15412+ * 4. If you include any Windows specific code (or a derivative thereof) from
15413+ * the apps directory (application code) you must include an acknowledgement:
15414+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
15415+ *
15416+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
15417+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15418+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
15419+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
15420+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
15421+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
15422+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15423+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
15424+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
15425+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
15426+ * SUCH DAMAGE.
15427+ *
15428+ * The licence and distribution terms for any publically available version or
15429+ * derivative of this code cannot be changed. i.e. this code cannot simply be
15430+ * copied and put under another distribution licence
15431+ * [including the GNU Public Licence.]
15432+ */
15433+/* ====================================================================
15434+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
15435+ *
15436+ * Redistribution and use in source and binary forms, with or without
15437+ * modification, are permitted provided that the following conditions
15438+ * are met:
15439+ *
15440+ * 1. Redistributions of source code must retain the above copyright
15441+ * notice, this list of conditions and the following disclaimer.
15442+ *
15443+ * 2. Redistributions in binary form must reproduce the above copyright
15444+ * notice, this list of conditions and the following disclaimer in
15445+ * the documentation and/or other materials provided with the
15446+ * distribution.
15447+ *
15448+ * 3. All advertising materials mentioning features or use of this
15449+ * software must display the following acknowledgment:
15450+ * "This product includes software developed by the OpenSSL Project
15451+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
15452+ *
15453+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
15454+ * endorse or promote products derived from this software without
15455+ * prior written permission. For written permission, please contact
15456+ * openssl-core@openssl.org.
15457+ *
15458+ * 5. Products derived from this software may not be called "OpenSSL"
15459+ * nor may "OpenSSL" appear in their names without prior written
15460+ * permission of the OpenSSL Project.
15461+ *
15462+ * 6. Redistributions of any form whatsoever must retain the following
15463+ * acknowledgment:
15464+ * "This product includes software developed by the OpenSSL Project
15465+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
15466+ *
15467+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
15468+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15469+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15470+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
15471+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15472+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
15473+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
15474+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15475+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
15476+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
15477+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
15478+ * OF THE POSSIBILITY OF SUCH DAMAGE.
15479+ * ====================================================================
15480+ *
15481+ * This product includes cryptographic software written by Eric Young
15482+ * (eay@cryptsoft.com). This product includes software written by Tim
15483+ * Hudson (tjh@cryptsoft.com).
15484+ *
15485+ */
15486+
15487+/* Minimal standalone FIPS versions of Digest operations */
15488+
15489+#define OPENSSL_FIPSAPI
15490+
15491+#include <stdio.h>
15492+#include <string.h>
15493+#include <openssl/objects.h>
15494+#include <openssl/evp.h>
15495+#include <openssl/err.h>
15496+#include <openssl/fips.h>
15497+
15498+const EVP_MD *FIPS_get_digestbynid(int nid)
15499+ {
15500+ switch (nid)
15501+ {
15502+ case NID_sha1:
15503+ return EVP_sha1();
15504+
15505+ case NID_sha224:
15506+ return EVP_sha224();
15507+
15508+ case NID_sha256:
15509+ return EVP_sha256();
15510+
15511+ case NID_sha384:
15512+ return EVP_sha384();
15513+
15514+ case NID_sha512:
15515+ return EVP_sha512();
15516+
15517+ default:
15518+ return NULL;
15519+ }
15520+ }
37d333a7
MT		 15521diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips openssl-1.0.1e/crypto/fips/fips_post.c
15522--- openssl-1.0.1e/crypto/fips/fips_post.c.fips 2013-02-19 12:47:33.740118893 +0100
15523+++ openssl-1.0.1e/crypto/fips/fips_post.c 2013-02-19 12:47:33.740118893 +0100
0595faf5
MT		 15524@@ -0,0 +1,205 @@
15525+/* ====================================================================
15526+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
15527+ *
15528+ * Redistribution and use in source and binary forms, with or without
15529+ * modification, are permitted provided that the following conditions
15530+ * are met:
15531+ *
15532+ * 1. Redistributions of source code must retain the above copyright
15533+ * notice, this list of conditions and the following disclaimer.
15534+ *
15535+ * 2. Redistributions in binary form must reproduce the above copyright
15536+ * notice, this list of conditions and the following disclaimer in
15537+ * the documentation and/or other materials provided with the
15538+ * distribution.
15539+ *
15540+ * 3. All advertising materials mentioning features or use of this
15541+ * software must display the following acknowledgment:
15542+ * "This product includes software developed by the OpenSSL Project
15543+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
15544+ *
15545+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
15546+ * endorse or promote products derived from this software without
15547+ * prior written permission. For written permission, please contact
15548+ * openssl-core@openssl.org.
15549+ *
15550+ * 5. Products derived from this software may not be called "OpenSSL"
15551+ * nor may "OpenSSL" appear in their names without prior written
15552+ * permission of the OpenSSL Project.
15553+ *
15554+ * 6. Redistributions of any form whatsoever must retain the following
15555+ * acknowledgment:
15556+ * "This product includes software developed by the OpenSSL Project
15557+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
15558+ *
15559+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
15560+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15561+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15562+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
15563+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15564+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
15565+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
15566+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15567+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
15568+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
15569+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
15570+ * OF THE POSSIBILITY OF SUCH DAMAGE.
15571+ *
15572+ */
15573+
15574+#define OPENSSL_FIPSAPI
15575+
15576+#include <openssl/crypto.h>
15577+#include <openssl/rand.h>
15578+#include <openssl/fips_rand.h>
15579+#include <openssl/err.h>
15580+#include <openssl/bio.h>
15581+#include <openssl/hmac.h>
15582+#include <openssl/rsa.h>
15583+#include <openssl/dsa.h>
15584+#include <string.h>
15585+#include <limits.h>
15586+
15587+#ifdef OPENSSL_FIPS
15588+
15589+/* Power on self test (POST) support functions */
15590+
15591+#include <openssl/fips.h>
15592+#include "fips_locl.h"
15593+
15594+/* Run all selftests */
15595+int FIPS_selftest(void)
15596+ {
15597+ int rv = 1;
15598+ if (!FIPS_selftest_drbg())
15599+ rv = 0;
15600+ if (!FIPS_selftest_x931())
15601+ rv = 0;
15602+ if (!FIPS_selftest_sha1())
15603+ rv = 0;
15604+ if (!FIPS_selftest_sha2())
15605+ rv = 0;
15606+ if (!FIPS_selftest_hmac())
15607+ rv = 0;
15608+ if (!FIPS_selftest_cmac())
15609+ rv = 0;
15610+ if (!FIPS_selftest_aes())
15611+ rv = 0;
15612+ if (!FIPS_selftest_aes_ccm())
15613+ rv = 0;
15614+ if (!FIPS_selftest_aes_gcm())
15615+ rv = 0;
15616+ if (!FIPS_selftest_aes_xts())
15617+ rv = 0;
15618+ if (!FIPS_selftest_des())
15619+ rv = 0;
15620+ if (!FIPS_selftest_rsa())
15621+ rv = 0;
15622+ if (!FIPS_selftest_dsa())
15623+ rv = 0;
15624+ return rv;
15625+ }
15626+
15627+/* Generalized public key test routine. Signs and verifies the data
15628+ * supplied in tbs using mesage digest md and setting option digest
15629+ * flags md_flags. If the 'kat' parameter is not NULL it will
15630+ * additionally check the signature matches it: a known answer test
15631+ * The string "fail_str" is used for identification purposes in case
15632+ * of failure. If "pkey" is NULL just perform a message digest check.
15633+ */
15634+
15635+int fips_pkey_signature_test(EVP_PKEY *pkey,
15636+ const unsigned char *tbs, int tbslen,
15637+ const unsigned char *kat, unsigned int katlen,
15638+ const EVP_MD *digest, unsigned int md_flags,
15639+ const char *fail_str)
15640+ {
15641+ int ret = 0;
15642+ unsigned char sigtmp[256], *sig = sigtmp;
15643+ unsigned int siglen;
15644+ EVP_MD_CTX mctx;
15645+ EVP_MD_CTX_init(&mctx);
15646+
15647+ if (digest == NULL)
15648+ digest = EVP_sha256();
15649+
15650+ if ((pkey->type == EVP_PKEY_RSA)
15651+ && (RSA_size(pkey->pkey.rsa) > sizeof(sigtmp)))
15652+ {
15653+ sig = OPENSSL_malloc(RSA_size(pkey->pkey.rsa));
15654+ if (!sig)
15655+ {
15656+ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,ERR_R_MALLOC_FAILURE);
15657+ return 0;
15658+ }
15659+ }
15660+
15661+ if (tbslen == -1)
15662+ tbslen = strlen((char *)tbs);
15663+
15664+ if (md_flags)
15665+ EVP_MD_CTX_set_flags(&mctx, md_flags);
15666+
15667+ if (!EVP_SignInit_ex(&mctx, digest, NULL))
15668+ goto error;
15669+ if (!EVP_SignUpdate(&mctx, tbs, tbslen))
15670+ goto error;
15671+ if (!EVP_SignFinal(&mctx, sig, &siglen, pkey))
15672+ goto error;
15673+
15674+ if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen)))
15675+ goto error;
15676+
15677+ if (!EVP_VerifyInit_ex(&mctx, digest, NULL))
15678+ goto error;
15679+ if (!EVP_VerifyUpdate(&mctx, tbs, tbslen))
15680+ goto error;
15681+ ret = EVP_VerifyFinal(&mctx, sig, siglen, pkey);
15682+
15683+ error:
15684+ if (sig != sigtmp)
15685+ OPENSSL_free(sig);
15686+ EVP_MD_CTX_cleanup(&mctx);
15687+ if (ret != 1)
15688+ {
15689+ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,FIPS_R_TEST_FAILURE);
15690+ if (fail_str)
15691+ ERR_add_error_data(2, "Type=", fail_str);
15692+ return 0;
15693+ }
15694+ return 1;
15695+ }
15696+
15697+/* Generalized symmetric cipher test routine. Encrypt data, verify result
15698+ * against known answer, decrypt and compare with original plaintext.
15699+ */
15700+
15701+int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
15702+ const unsigned char *key,
15703+ const unsigned char *iv,
15704+ const unsigned char *plaintext,
15705+ const unsigned char *ciphertext,
15706+ int len)
15707+ {
15708+ unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
15709+ unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
15710+
15711+ OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
15712+ memset(pltmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
15713+ memset(citmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
15714+
15715+ if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0)
15716+ return 0;
15717+ if (EVP_Cipher(ctx, citmp, plaintext, len) <= 0)
15718+ return 0;
15719+ if (memcmp(citmp, ciphertext, len))
15720+ return 0;
15721+ if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0)
15722+ return 0;
15723+ if (EVP_Cipher(ctx, pltmp, citmp, len) <= 0)
15724+ return 0;
15725+ if (memcmp(pltmp, plaintext, len))
15726+ return 0;
15727+ return 1;
15728+ }
15729+#endif
37d333a7
MT		 15730diff -up openssl-1.0.1e/crypto/fips/fips_rand.c.fips openssl-1.0.1e/crypto/fips/fips_rand.c
15731--- openssl-1.0.1e/crypto/fips/fips_rand.c.fips 2013-02-19 12:47:33.740118893 +0100
15732+++ openssl-1.0.1e/crypto/fips/fips_rand.c 2013-02-19 12:47:33.740118893 +0100
0595faf5
MT		 15733@@ -0,0 +1,457 @@
15734+/* ====================================================================
15735+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
15736+ *
15737+ * Redistribution and use in source and binary forms, with or without
15738+ * modification, are permitted provided that the following conditions
15739+ * are met:
15740+ *
15741+ * 1. Redistributions of source code must retain the above copyright
15742+ * notice, this list of conditions and the following disclaimer.
15743+ *
15744+ * 2. Redistributions in binary form must reproduce the above copyright
15745+ * notice, this list of conditions and the following disclaimer in
15746+ * the documentation and/or other materials provided with the
15747+ * distribution.
15748+ *
15749+ * 3. All advertising materials mentioning features or use of this
15750+ * software must display the following acknowledgment:
15751+ * "This product includes software developed by the OpenSSL Project
15752+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
15753+ *
15754+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
15755+ * endorse or promote products derived from this software without
15756+ * prior written permission. For written permission, please contact
15757+ * openssl-core@openssl.org.
15758+ *
15759+ * 5. Products derived from this software may not be called "OpenSSL"
15760+ * nor may "OpenSSL" appear in their names without prior written
15761+ * permission of the OpenSSL Project.
15762+ *
15763+ * 6. Redistributions of any form whatsoever must retain the following
15764+ * acknowledgment:
15765+ * "This product includes software developed by the OpenSSL Project
15766+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
15767+ *
15768+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
15769+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15770+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15771+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
15772+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15773+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
15774+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
15775+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15776+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
15777+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
15778+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
15779+ * OF THE POSSIBILITY OF SUCH DAMAGE.
15780+ *
15781+ */
15782+
15783+/*
15784+ * This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4.
15785+ */
15786+#include <openssl/crypto.h>
15787+#include "e_os.h"
15788+
15789+/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't
15790+ be defined and gettimeofday() won't be declared with strict compilers
15791+ like DEC C in ANSI C mode. */
15792+#ifndef _XOPEN_SOURCE_EXTENDED
15793+#define _XOPEN_SOURCE_EXTENDED 1
15794+#endif
15795+
15796+#include <openssl/rand.h>
15797+#include <openssl/aes.h>
15798+#include <openssl/err.h>
15799+#include <openssl/fips_rand.h>
15800+#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS))
15801+# include <sys/time.h>
15802+#endif
15803+#if defined(OPENSSL_SYS_VXWORKS)
15804+# include <time.h>
15805+#endif
15806+#include <assert.h>
15807+#ifndef OPENSSL_SYS_WIN32
15808+# ifdef OPENSSL_UNISTD
15809+# include OPENSSL_UNISTD
15810+# else
15811+# include <unistd.h>
15812+# endif
15813+#endif
15814+#include <string.h>
15815+#include <openssl/fips.h>
15816+#include "fips_locl.h"
15817+
15818+#ifdef OPENSSL_FIPS
15819+
15820+void *OPENSSL_stderr(void);
15821+
15822+#define AES_BLOCK_LENGTH 16
15823+
15824+
15825+/* AES FIPS PRNG implementation */
15826+
15827+typedef struct
15828+ {
15829+ int seeded;
15830+ int keyed;
15831+ int test_mode;
15832+ int second;
15833+ int error;
15834+ unsigned long counter;
15835+ AES_KEY ks;
15836+ int vpos;
15837+ /* Temporary storage for key if it equals seed length */
15838+ unsigned char tmp_key[AES_BLOCK_LENGTH];
15839+ unsigned char V[AES_BLOCK_LENGTH];
15840+ unsigned char DT[AES_BLOCK_LENGTH];
15841+ unsigned char last[AES_BLOCK_LENGTH];
15842+ } FIPS_PRNG_CTX;
15843+
15844+static FIPS_PRNG_CTX sctx;
15845+
15846+static int fips_prng_fail = 0;
15847+
15848+void FIPS_x931_stick(int onoff)
15849+ {
15850+ fips_prng_fail = onoff;
15851+ }
15852+
15853+void FIPS_rng_stick(void)
15854+ {
15855+ FIPS_x931_stick(1);
15856+ }
15857+
15858+static void fips_rand_prng_reset(FIPS_PRNG_CTX *ctx)
15859+ {
15860+ ctx->seeded = 0;
15861+ ctx->keyed = 0;
15862+ ctx->test_mode = 0;
15863+ ctx->counter = 0;
15864+ ctx->second = 0;
15865+ ctx->error = 0;
15866+ ctx->vpos = 0;
15867+ OPENSSL_cleanse(ctx->V, AES_BLOCK_LENGTH);
15868+ OPENSSL_cleanse(&ctx->ks, sizeof(AES_KEY));
15869+ }
15870+
15871+
15872+static int fips_set_prng_key(FIPS_PRNG_CTX *ctx,
15873+ const unsigned char *key, unsigned int keylen)
15874+ {
15875+ if (FIPS_selftest_failed())
15876+ {
15877+ FIPSerr(FIPS_F_FIPS_SET_PRNG_KEY, FIPS_R_SELFTEST_FAILED);
15878+ return 0;
15879+ }
15880+ if (keylen != 16 && keylen != 24 && keylen != 32)
15881+ {
15882+ /* error: invalid key size */
15883+ return 0;
15884+ }
15885+ AES_set_encrypt_key(key, keylen << 3, &ctx->ks);
15886+ if (keylen == 16)
15887+ {
15888+ memcpy(ctx->tmp_key, key, 16);
15889+ ctx->keyed = 2;
15890+ }
15891+ else
15892+ ctx->keyed = 1;
15893+ ctx->seeded = 0;
15894+ ctx->second = 0;
15895+ return 1;
15896+ }
15897+
15898+static int fips_set_prng_seed(FIPS_PRNG_CTX *ctx,
15899+ const unsigned char *seed, unsigned int seedlen)
15900+ {
15901+ unsigned int i;
15902+ if (!ctx->keyed)
15903+ return 0;
15904+ /* In test mode seed is just supplied data */
15905+ if (ctx->test_mode)
15906+ {
15907+ if (seedlen != AES_BLOCK_LENGTH)
15908+ return 0;
15909+ memcpy(ctx->V, seed, AES_BLOCK_LENGTH);
15910+ ctx->seeded = 1;
15911+ return 1;
15912+ }
15913+ /* Outside test mode XOR supplied data with existing seed */
15914+ for (i = 0; i < seedlen; i++)
15915+ {
15916+ ctx->V[ctx->vpos++] ^= seed[i];
15917+ if (ctx->vpos == AES_BLOCK_LENGTH)
15918+ {
15919+ ctx->vpos = 0;
15920+ /* Special case if first seed and key length equals
15921+ * block size check key and seed do not match.
15922+ */
15923+ if (ctx->keyed == 2)
15924+ {
15925+ if (!memcmp(ctx->tmp_key, ctx->V, 16))
15926+ {
15927+ RANDerr(RAND_F_FIPS_SET_PRNG_SEED,
15928+ RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY);
15929+ return 0;
15930+ }
15931+ OPENSSL_cleanse(ctx->tmp_key, 16);
15932+ ctx->keyed = 1;
15933+ }
15934+ ctx->seeded = 1;
15935+ }
15936+ }
15937+ return 1;
15938+ }
15939+
15940+static int fips_set_test_mode(FIPS_PRNG_CTX *ctx)
15941+ {
15942+ if (ctx->keyed)
15943+ {
15944+ RANDerr(RAND_F_FIPS_SET_TEST_MODE,RAND_R_PRNG_KEYED);
15945+ return 0;
15946+ }
15947+ ctx->test_mode = 1;
15948+ return 1;
15949+ }
15950+
15951+int FIPS_x931_test_mode(void)
15952+ {
15953+ return fips_set_test_mode(&sctx);
15954+ }
15955+
15956+int FIPS_rand_test_mode(void)
15957+ {
15958+ return fips_set_test_mode(&sctx);
15959+ }
15960+
15961+
15962+int FIPS_x931_set_dt(unsigned char *dt)
15963+ {
15964+ if (!sctx.test_mode)
15965+ {
15966+ RANDerr(RAND_F_FIPS_X931_SET_DT,RAND_R_NOT_IN_TEST_MODE);
15967+ return 0;
15968+ }
15969+ memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
15970+ return 1;
15971+ }
15972+
15973+int FIPS_rand_set_dt(unsigned char *dt)
15974+ {
15975+ if (!sctx.test_mode)
15976+ {
15977+ RANDerr(RAND_F_FIPS_RAND_SET_DT,RAND_R_NOT_IN_TEST_MODE);
15978+ return 0;
15979+ }
15980+ memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
15981+ return 1;
15982+ }
15983+
15984+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr)
15985+ {
15986+#ifdef OPENSSL_SYS_WIN32
15987+ FILETIME ft;
15988+#elif defined(OPENSSL_SYS_VXWORKS)
15989+ struct timespec ts;
15990+#else
15991+ struct timeval tv;
15992+#endif
15993+
15994+#ifndef GETPID_IS_MEANINGLESS
15995+ unsigned long pid;
15996+#endif
15997+
15998+#ifdef OPENSSL_SYS_WIN32
15999+ GetSystemTimeAsFileTime(&ft);
16000+ buf[0] = (unsigned char) (ft.dwHighDateTime & 0xff);
16001+ buf[1] = (unsigned char) ((ft.dwHighDateTime >> 8) & 0xff);
16002+ buf[2] = (unsigned char) ((ft.dwHighDateTime >> 16) & 0xff);
16003+ buf[3] = (unsigned char) ((ft.dwHighDateTime >> 24) & 0xff);
16004+ buf[4] = (unsigned char) (ft.dwLowDateTime & 0xff);
16005+ buf[5] = (unsigned char) ((ft.dwLowDateTime >> 8) & 0xff);
16006+ buf[6] = (unsigned char) ((ft.dwLowDateTime >> 16) & 0xff);
16007+ buf[7] = (unsigned char) ((ft.dwLowDateTime >> 24) & 0xff);
16008+#elif defined(OPENSSL_SYS_VXWORKS)
16009+ clock_gettime(CLOCK_REALTIME, &ts);
16010+ buf[0] = (unsigned char) (ts.tv_sec & 0xff);
16011+ buf[1] = (unsigned char) ((ts.tv_sec >> 8) & 0xff);
16012+ buf[2] = (unsigned char) ((ts.tv_sec >> 16) & 0xff);
16013+ buf[3] = (unsigned char) ((ts.tv_sec >> 24) & 0xff);
16014+ buf[4] = (unsigned char) (ts.tv_nsec & 0xff);
16015+ buf[5] = (unsigned char) ((ts.tv_nsec >> 8) & 0xff);
16016+ buf[6] = (unsigned char) ((ts.tv_nsec >> 16) & 0xff);
16017+ buf[7] = (unsigned char) ((ts.tv_nsec >> 24) & 0xff);
16018+#else
16019+ gettimeofday(&tv,NULL);
16020+ buf[0] = (unsigned char) (tv.tv_sec & 0xff);
16021+ buf[1] = (unsigned char) ((tv.tv_sec >> 8) & 0xff);
16022+ buf[2] = (unsigned char) ((tv.tv_sec >> 16) & 0xff);
16023+ buf[3] = (unsigned char) ((tv.tv_sec >> 24) & 0xff);
16024+ buf[4] = (unsigned char) (tv.tv_usec & 0xff);
16025+ buf[5] = (unsigned char) ((tv.tv_usec >> 8) & 0xff);
16026+ buf[6] = (unsigned char) ((tv.tv_usec >> 16) & 0xff);
16027+ buf[7] = (unsigned char) ((tv.tv_usec >> 24) & 0xff);
16028+#endif
16029+ buf[8] = (unsigned char) (*pctr & 0xff);
16030+ buf[9] = (unsigned char) ((*pctr >> 8) & 0xff);
16031+ buf[10] = (unsigned char) ((*pctr >> 16) & 0xff);
16032+ buf[11] = (unsigned char) ((*pctr >> 24) & 0xff);
16033+
16034+ (*pctr)++;
16035+
16036+
16037+#ifndef GETPID_IS_MEANINGLESS
16038+ pid=(unsigned long)getpid();
16039+ buf[12] = (unsigned char) (pid & 0xff);
16040+ buf[13] = (unsigned char) ((pid >> 8) & 0xff);
16041+ buf[14] = (unsigned char) ((pid >> 16) & 0xff);
16042+ buf[15] = (unsigned char) ((pid >> 24) & 0xff);
16043+#endif
16044+ }
16045+
16046+static int fips_rand(FIPS_PRNG_CTX *ctx,
16047+ unsigned char *out, unsigned int outlen)
16048+ {
16049+ unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH];
16050+ unsigned char tmp[AES_BLOCK_LENGTH];
16051+ int i;
16052+ if (ctx->error)
16053+ {
16054+ RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_ERROR);
16055+ return 0;
16056+ }
16057+ if (!ctx->keyed)
16058+ {
16059+ RANDerr(RAND_F_FIPS_RAND,RAND_R_NO_KEY_SET);
16060+ return 0;
16061+ }
16062+ if (!ctx->seeded)
16063+ {
16064+ RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_NOT_SEEDED);
16065+ return 0;
16066+ }
16067+ for (;;)
16068+ {
16069+ if (!ctx->test_mode)
16070+ FIPS_get_timevec(ctx->DT, &ctx->counter);
16071+ AES_encrypt(ctx->DT, I, &ctx->ks);
16072+ for (i = 0; i < AES_BLOCK_LENGTH; i++)
16073+ tmp[i] = I[i] ^ ctx->V[i];
16074+ AES_encrypt(tmp, R, &ctx->ks);
16075+ for (i = 0; i < AES_BLOCK_LENGTH; i++)
16076+ tmp[i] = R[i] ^ I[i];
16077+ AES_encrypt(tmp, ctx->V, &ctx->ks);
16078+ /* Continuous PRNG test */
16079+ if (ctx->second)
16080+ {
16081+ if (fips_prng_fail)
16082+ memcpy(ctx->last, R, AES_BLOCK_LENGTH);
16083+ if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH))
16084+ {
16085+ RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_STUCK);
16086+ ctx->error = 1;
16087+ fips_set_selftest_fail();
16088+ return 0;
16089+ }
16090+ }
16091+ memcpy(ctx->last, R, AES_BLOCK_LENGTH);
16092+ if (!ctx->second)
16093+ {
16094+ ctx->second = 1;
16095+ if (!ctx->test_mode)
16096+ continue;
16097+ }
16098+
16099+ if (outlen <= AES_BLOCK_LENGTH)
16100+ {
16101+ memcpy(out, R, outlen);
16102+ break;
16103+ }
16104+
16105+ memcpy(out, R, AES_BLOCK_LENGTH);
16106+ out += AES_BLOCK_LENGTH;
16107+ outlen -= AES_BLOCK_LENGTH;
16108+ }
16109+ return 1;
16110+ }
16111+
16112+
16113+int FIPS_x931_set_key(const unsigned char *key, int keylen)
16114+ {
16115+ int ret;
16116+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
16117+ ret = fips_set_prng_key(&sctx, key, keylen);
16118+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
16119+ return ret;
16120+ }
16121+
16122+int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen)
16123+ {
16124+ return FIPS_x931_set_key(key, keylen);
16125+ }
16126+
16127+int FIPS_x931_seed(const void *seed, int seedlen)
16128+ {
16129+ int ret;
16130+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
16131+ ret = fips_set_prng_seed(&sctx, seed, seedlen);
16132+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
16133+ return ret;
16134+ }
16135+
16136+
16137+int FIPS_x931_bytes(unsigned char *out, int count)
16138+ {
16139+ int ret;
16140+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
16141+ ret = fips_rand(&sctx, out, count);
16142+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
16143+ return ret;
16144+ }
16145+
16146+int FIPS_x931_status(void)
16147+ {
16148+ int ret;
16149+ CRYPTO_r_lock(CRYPTO_LOCK_RAND);
16150+ ret = sctx.seeded;
16151+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
16152+ return ret;
16153+ }
16154+
16155+void FIPS_x931_reset(void)
16156+ {
16157+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
16158+ fips_rand_prng_reset(&sctx);
16159+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
16160+ }
16161+
16162+static int fips_do_rand_seed(const void *seed, int seedlen)
16163+ {
16164+ FIPS_x931_seed(seed, seedlen);
16165+ return 1;
16166+ }
16167+
16168+static int fips_do_rand_add(const void *seed, int seedlen,
16169+ double add_entropy)
16170+ {
16171+ FIPS_x931_seed(seed, seedlen);
16172+ return 1;
16173+ }
16174+
16175+static const RAND_METHOD rand_x931_meth=
16176+ {
16177+ fips_do_rand_seed,
16178+ FIPS_x931_bytes,
16179+ FIPS_x931_reset,
16180+ fips_do_rand_add,
16181+ FIPS_x931_bytes,
16182+ FIPS_x931_status
16183+ };
16184+
16185+const RAND_METHOD *FIPS_x931_method(void)
16186+{
16187+ return &rand_x931_meth;
16188+}
16189+
16190+#endif
37d333a7
MT		 16191diff -up openssl-1.0.1e/crypto/fips/fips_rand.h.fips openssl-1.0.1e/crypto/fips/fips_rand.h
16192--- openssl-1.0.1e/crypto/fips/fips_rand.h.fips 2013-02-19 12:47:33.740118893 +0100
16193+++ openssl-1.0.1e/crypto/fips/fips_rand.h 2013-02-19 12:47:33.741118914 +0100
0595faf5
MT		 16194@@ -0,0 +1,145 @@
16195+/* ====================================================================
16196+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
16197+ *
16198+ * Redistribution and use in source and binary forms, with or without
16199+ * modification, are permitted provided that the following conditions
16200+ * are met:
16201+ *
16202+ * 1. Redistributions of source code must retain the above copyright
16203+ * notice, this list of conditions and the following disclaimer.
16204+ *
16205+ * 2. Redistributions in binary form must reproduce the above copyright
16206+ * notice, this list of conditions and the following disclaimer in
16207+ * the documentation and/or other materials provided with the
16208+ * distribution.
16209+ *
16210+ * 3. All advertising materials mentioning features or use of this
16211+ * software must display the following acknowledgment:
16212+ * "This product includes software developed by the OpenSSL Project
16213+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
16214+ *
16215+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
16216+ * endorse or promote products derived from this software without
16217+ * prior written permission. For written permission, please contact
16218+ * openssl-core@openssl.org.
16219+ *
16220+ * 5. Products derived from this software may not be called "OpenSSL"
16221+ * nor may "OpenSSL" appear in their names without prior written
16222+ * permission of the OpenSSL Project.
16223+ *
16224+ * 6. Redistributions of any form whatsoever must retain the following
16225+ * acknowledgment:
16226+ * "This product includes software developed by the OpenSSL Project
16227+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
16228+ *
16229+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
16230+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16231+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16232+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
16233+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
16234+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
16235+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
16236+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
16237+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16238+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
16239+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
16240+ * OF THE POSSIBILITY OF SUCH DAMAGE.
16241+ *
16242+ */
16243+
16244+#ifndef HEADER_FIPS_RAND_H
16245+#define HEADER_FIPS_RAND_H
16246+
16247+#include <openssl/aes.h>
16248+#include <openssl/evp.h>
16249+#include <openssl/hmac.h>
16250+#include <openssl/rand.h>
16251+
16252+#ifdef OPENSSL_FIPS
16253+
16254+#ifdef __cplusplus
16255+extern "C" {
16256+#endif
16257+
16258+int FIPS_x931_set_key(const unsigned char *key, int keylen);
16259+int FIPS_x931_seed(const void *buf, int num);
16260+int FIPS_x931_bytes(unsigned char *out, int outlen);
16261+
16262+int FIPS_x931_test_mode(void);
16263+void FIPS_x931_reset(void);
16264+int FIPS_x931_set_dt(unsigned char *dt);
16265+
16266+int FIPS_x931_status(void);
16267+
16268+const RAND_METHOD *FIPS_x931_method(void);
16269+
16270+typedef struct drbg_ctx_st DRBG_CTX;
16271+/* DRBG external flags */
16272+/* Flag for CTR mode only: use derivation function ctr_df */
16273+#define DRBG_FLAG_CTR_USE_DF 0x1
16274+/* PRNG is in test state */
16275+#define DRBG_FLAG_TEST 0x2
16276+
16277+DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags);
16278+int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags);
16279+int FIPS_drbg_instantiate(DRBG_CTX *dctx,
16280+ const unsigned char *pers, size_t perslen);
16281+int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin, size_t adinlen);
16282+int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
16283+ int prediction_resistance,
16284+ const unsigned char *adin, size_t adinlen);
16285+
16286+int FIPS_drbg_uninstantiate(DRBG_CTX *dctx);
16287+void FIPS_drbg_free(DRBG_CTX *dctx);
16288+
16289+int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
16290+ size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
16291+ int entropy, size_t min_len, size_t max_len),
16292+ void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
16293+ size_t entropy_blocklen,
16294+ size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
16295+ int entropy, size_t min_len, size_t max_len),
16296+ void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen));
16297+
16298+int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
16299+ size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout),
16300+ void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
16301+ int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num),
16302+ int (*rand_add_cb)(DRBG_CTX *ctx,
16303+ const void *buf, int num, double entropy));
16304+
16305+void *FIPS_drbg_get_app_data(DRBG_CTX *ctx);
16306+void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data);
16307+size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx);
16308+int FIPS_drbg_get_strength(DRBG_CTX *dctx);
16309+void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval);
16310+void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval);
16311+
16312+int FIPS_drbg_health_check(DRBG_CTX *dctx);
16313+
16314+DRBG_CTX *FIPS_get_default_drbg(void);
16315+const RAND_METHOD *FIPS_drbg_method(void);
16316+
16317+
16318+int FIPS_rand_set_method(const RAND_METHOD *meth);
16319+const RAND_METHOD *FIPS_rand_get_method(void);
16320+
16321+void FIPS_rand_set_bits(int nbits);
16322+
16323+int FIPS_rand_strength(void);
16324+
16325+/* 1.0.0 compat functions */
16326+int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen);
16327+int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num);
16328+int FIPS_rand_bytes(unsigned char *out, FIPS_RAND_SIZE_T outlen);
16329+int FIPS_rand_test_mode(void);
16330+void FIPS_rand_reset(void);
16331+int FIPS_rand_set_dt(unsigned char *dt);
16332+int FIPS_rand_status(void);
16333+const RAND_METHOD *FIPS_rand_method(void);
16334+
16335+#ifdef __cplusplus
16336+}
16337+#endif
16338+#endif
16339+#endif
37d333a7
MT		 16340diff -up openssl-1.0.1e/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1e/crypto/fips/fips_rand_lcl.h
16341--- openssl-1.0.1e/crypto/fips/fips_rand_lcl.h.fips 2013-02-19 12:47:33.741118914 +0100
16342+++ openssl-1.0.1e/crypto/fips/fips_rand_lcl.h 2013-02-19 12:47:33.741118914 +0100
0595faf5
MT		 16343@@ -0,0 +1,219 @@
16344+/* fips/rand/fips_rand_lcl.h */
16345+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
16346+ * project.
16347+ */
16348+/* ====================================================================
16349+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
16350+ *
16351+ * Redistribution and use in source and binary forms, with or without
16352+ * modification, are permitted provided that the following conditions
16353+ * are met:
16354+ *
16355+ * 1. Redistributions of source code must retain the above copyright
16356+ * notice, this list of conditions and the following disclaimer.
16357+ *
16358+ * 2. Redistributions in binary form must reproduce the above copyright
16359+ * notice, this list of conditions and the following disclaimer in
16360+ * the documentation and/or other materials provided with the
16361+ * distribution.
16362+ *
16363+ * 3. All advertising materials mentioning features or use of this
16364+ * software must display the following acknowledgment:
16365+ * "This product includes software developed by the OpenSSL Project
16366+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
16367+ *
16368+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
16369+ * endorse or promote products derived from this software without
16370+ * prior written permission. For written permission, please contact
16371+ * licensing@OpenSSL.org.
16372+ *
16373+ * 5. Products derived from this software may not be called "OpenSSL"
16374+ * nor may "OpenSSL" appear in their names without prior written
16375+ * permission of the OpenSSL Project.
16376+ *
16377+ * 6. Redistributions of any form whatsoever must retain the following
16378+ * acknowledgment:
16379+ * "This product includes software developed by the OpenSSL Project
16380+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
16381+ *
16382+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
16383+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16384+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16385+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
16386+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
16387+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
16388+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
16389+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
16390+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16391+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
16392+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
16393+ * OF THE POSSIBILITY OF SUCH DAMAGE.
16394+ * ====================================================================
16395+ */
16396+
16397+typedef struct drbg_hash_ctx_st DRBG_HASH_CTX;
16398+typedef struct drbg_hmac_ctx_st DRBG_HMAC_CTX;
16399+typedef struct drbg_ctr_ctx_st DRBG_CTR_CTX;
16400+
16401+/* 888 bits from 10.1 table 2 */
16402+#define HASH_PRNG_MAX_SEEDLEN 111
16403+
16404+struct drbg_hash_ctx_st
16405+ {
16406+ const EVP_MD *md;
16407+ EVP_MD_CTX mctx;
16408+ unsigned char V[HASH_PRNG_MAX_SEEDLEN];
16409+ unsigned char C[HASH_PRNG_MAX_SEEDLEN];
16410+ /* Temporary value storage: should always exceed max digest length */
16411+ unsigned char vtmp[HASH_PRNG_MAX_SEEDLEN];
16412+ };
16413+
16414+struct drbg_hmac_ctx_st
16415+ {
16416+ const EVP_MD *md;
16417+ HMAC_CTX hctx;
16418+ unsigned char K[EVP_MAX_MD_SIZE];
16419+ unsigned char V[EVP_MAX_MD_SIZE];
16420+ };
16421+
16422+struct drbg_ctr_ctx_st
16423+ {
16424+ AES_KEY ks;
16425+ size_t keylen;
16426+ unsigned char K[32];
16427+ unsigned char V[16];
16428+ /* Temp variables used by derivation function */
16429+ AES_KEY df_ks;
16430+ AES_KEY df_kxks;
16431+ /* Temporary block storage used by ctr_df */
16432+ unsigned char bltmp[16];
16433+ size_t bltmp_pos;
16434+ unsigned char KX[48];
16435+ };
16436+
16437+/* DRBG internal flags */
16438+
16439+/* Functions shouldn't call err library */
16440+#define DRBG_FLAG_NOERR 0x1
16441+/* Custom reseed checking */
16442+#define DRBG_CUSTOM_RESEED 0x2
16443+
16444+/* DRBG status values */
16445+/* not initialised */
16446+#define DRBG_STATUS_UNINITIALISED 0
16447+/* ok and ready to generate random bits */
16448+#define DRBG_STATUS_READY 1
16449+/* reseed required */
16450+#define DRBG_STATUS_RESEED 2
16451+/* fatal error condition */
16452+#define DRBG_STATUS_ERROR 3
16453+
16454+/* A default maximum length: larger than any reasonable value used in pratice */
16455+
16456+#define DRBG_MAX_LENGTH 0x7ffffff0
16457+/* Maximum DRBG block length: all md sizes are bigger than cipher blocks sizes
16458+ * so use max digest length.
16459+ */
16460+#define DRBG_MAX_BLOCK EVP_MAX_MD_SIZE
16461+
16462+#define DRBG_HEALTH_INTERVAL (1 << 24)
16463+
16464+/* DRBG context structure */
16465+
16466+struct drbg_ctx_st
16467+ {
16468+ /* First types common to all implementations */
16469+ /* DRBG type: a NID for the underlying algorithm */
16470+ int type;
16471+ /* Various external flags */
16472+ unsigned int xflags;
16473+ /* Various internal use only flags */
16474+ unsigned int iflags;
16475+ /* Used for periodic health checks */
16476+ int health_check_cnt, health_check_interval;
16477+
16478+ /* The following parameters are setup by mechanism drbg_init() call */
16479+ int strength;
16480+ size_t blocklength;
16481+ size_t max_request;
16482+
16483+ size_t min_entropy, max_entropy;
16484+ size_t min_nonce, max_nonce;
16485+ size_t max_pers, max_adin;
16486+ unsigned int reseed_counter;
16487+ unsigned int reseed_interval;
16488+ size_t seedlen;
16489+ int status;
16490+ /* Application data: typically used by test get_entropy */
16491+ void *app_data;
16492+ /* Implementation specific structures */
16493+ union
16494+ {
16495+ DRBG_HASH_CTX hash;
16496+ DRBG_HMAC_CTX hmac;
16497+ DRBG_CTR_CTX ctr;
16498+ } d;
16499+ /* Initialiase PRNG and setup callbacks below */
16500+ int (*init)(DRBG_CTX *ctx, int nid, int security, unsigned int flags);
16501+ /* Intantiate PRNG */
16502+ int (*instantiate)(DRBG_CTX *ctx,
16503+ const unsigned char *ent, size_t entlen,
16504+ const unsigned char *nonce, size_t noncelen,
16505+ const unsigned char *pers, size_t perslen);
16506+ /* reseed */
16507+ int (*reseed)(DRBG_CTX *ctx,
16508+ const unsigned char *ent, size_t entlen,
16509+ const unsigned char *adin, size_t adinlen);
16510+ /* generat output */
16511+ int (*generate)(DRBG_CTX *ctx,
16512+ unsigned char *out, size_t outlen,
16513+ const unsigned char *adin, size_t adinlen);
16514+ /* uninstantiate */
16515+ int (*uninstantiate)(DRBG_CTX *ctx);
16516+
16517+ /* Entropy source block length */
16518+ size_t entropy_blocklen;
16519+
16520+ /* entropy gathering function */
16521+ size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
16522+ int entropy, size_t min_len, size_t max_len);
16523+ /* Indicates we have finished with entropy buffer */
16524+ void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
16525+
16526+ /* nonce gathering function */
16527+ size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
16528+ int entropy, size_t min_len, size_t max_len);
16529+ /* Indicates we have finished with nonce buffer */
16530+ void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
16531+
16532+ /* Continuous random number test temporary area */
16533+ /* Last block */
16534+ unsigned char lb[EVP_MAX_MD_SIZE];
16535+ /* set if lb is valid */
16536+ int lb_valid;
16537+
16538+ /* Callbacks used when called through RAND interface */
16539+ /* Get any additional input for generate */
16540+ size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout);
16541+ void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
16542+ /* Callback for RAND_seed(), RAND_add() */
16543+ int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num);
16544+ int (*rand_add_cb)(DRBG_CTX *ctx,
16545+ const void *buf, int num, double entropy);
16546+ };
16547+
16548+
16549+int fips_drbg_ctr_init(DRBG_CTX *dctx);
16550+int fips_drbg_hash_init(DRBG_CTX *dctx);
16551+int fips_drbg_hmac_init(DRBG_CTX *dctx);
16552+int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags);
16553+int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out);
16554+
16555+const struct env_md_st *FIPS_get_digestbynid(int nid);
16556+
16557+const struct evp_cipher_st *FIPS_get_cipherbynid(int nid);
16558+
16559+#define FIPS_digestinit EVP_DigestInit
16560+#define FIPS_digestupdate EVP_DigestUpdate
16561+#define FIPS_digestfinal EVP_DigestFinal
16562+#define M_EVP_MD_size EVP_MD_size
37d333a7
MT		 16563diff -up openssl-1.0.1e/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1e/crypto/fips/fips_rand_lib.c
16564--- openssl-1.0.1e/crypto/fips/fips_rand_lib.c.fips 2013-02-19 12:47:33.741118914 +0100
16565+++ openssl-1.0.1e/crypto/fips/fips_rand_lib.c 2013-02-19 12:47:33.741118914 +0100
0595faf5
MT		 16566@@ -0,0 +1,191 @@
16567+/* ====================================================================
16568+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
16569+ *
16570+ * Redistribution and use in source and binary forms, with or without
16571+ * modification, are permitted provided that the following conditions
16572+ * are met:
16573+ *
16574+ * 1. Redistributions of source code must retain the above copyright
16575+ * notice, this list of conditions and the following disclaimer.
16576+ *
16577+ * 2. Redistributions in binary form must reproduce the above copyright
16578+ * notice, this list of conditions and the following disclaimer in
16579+ * the documentation and/or other materials provided with the
16580+ * distribution.
16581+ *
16582+ * 3. All advertising materials mentioning features or use of this
16583+ * software must display the following acknowledgment:
16584+ * "This product includes software developed by the OpenSSL Project
16585+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
16586+ *
16587+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
16588+ * endorse or promote products derived from this software without
16589+ * prior written permission. For written permission, please contact
16590+ * openssl-core@openssl.org.
16591+ *
16592+ * 5. Products derived from this software may not be called "OpenSSL"
16593+ * nor may "OpenSSL" appear in their names without prior written
16594+ * permission of the OpenSSL Project.
16595+ *
16596+ * 6. Redistributions of any form whatsoever must retain the following
16597+ * acknowledgment:
16598+ * "This product includes software developed by the OpenSSL Project
16599+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
16600+ *
16601+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
16602+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16603+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16604+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
16605+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
16606+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
16607+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
16608+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
16609+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16610+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
16611+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
16612+ * OF THE POSSIBILITY OF SUCH DAMAGE.
16613+ *
16614+ */
16615+
16616+#include <openssl/crypto.h>
16617+#include <openssl/rand.h>
16618+#include <openssl/err.h>
16619+#include <openssl/fips.h>
16620+#include <openssl/fips_rand.h>
16621+#include "e_os.h"
16622+
16623+/* FIPS API for PRNG use. Similar to RAND functionality but without
16624+ * ENGINE and additional checking for non-FIPS rand methods.
16625+ */
16626+
16627+static const RAND_METHOD *fips_rand_meth = NULL;
16628+static int fips_approved_rand_meth = 0;
16629+static int fips_rand_bits = 0;
16630+
16631+/* Allows application to override number of bits and uses non-FIPS methods */
16632+void FIPS_rand_set_bits(int nbits)
16633+ {
16634+ fips_rand_bits = nbits;
16635+ }
16636+
16637+int FIPS_rand_set_method(const RAND_METHOD *meth)
16638+ {
16639+ if (!fips_rand_bits)
16640+ {
16641+ if (meth == FIPS_drbg_method())
16642+ fips_approved_rand_meth = 1;
16643+ else if (meth == FIPS_x931_method())
16644+ fips_approved_rand_meth = 2;
16645+ else
16646+ {
16647+ fips_approved_rand_meth = 0;
16648+ if (FIPS_module_mode())
16649+ {
16650+ FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD,
16651+ FIPS_R_NON_FIPS_METHOD);
16652+ return 0;
16653+ }
16654+ }
16655+ }
16656+ fips_rand_meth = meth;
16657+ return 1;
16658+ }
16659+
16660+const RAND_METHOD *FIPS_rand_get_method(void)
16661+ {
16662+ return fips_rand_meth;
16663+ }
16664+
16665+const RAND_METHOD *FIPS_rand_method(void)
16666+ {
16667+ return FIPS_rand_get_method();
16668+ }
16669+
16670+void FIPS_rand_reset(void)
16671+ {
16672+ if (fips_rand_meth && fips_rand_meth->cleanup)
16673+ fips_rand_meth->cleanup();
16674+ }
16675+
16676+int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num)
16677+ {
16678+ if (!fips_approved_rand_meth && FIPS_module_mode())
16679+ {
16680+ FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
16681+ return 0;
16682+ }
16683+ if (fips_rand_meth && fips_rand_meth->seed)
16684+ fips_rand_meth->seed(buf,num);
16685+ return 1;
16686+ }
16687+
16688+void FIPS_rand_add(const void *buf, int num, double entropy)
16689+ {
16690+ if (!fips_approved_rand_meth && FIPS_module_mode())
16691+ {
16692+ FIPSerr(FIPS_F_FIPS_RAND_ADD, FIPS_R_NON_FIPS_METHOD);
16693+ return;
16694+ }
16695+ if (fips_rand_meth && fips_rand_meth->add)
16696+ fips_rand_meth->add(buf,num,entropy);
16697+ }
16698+
16699+int FIPS_rand_bytes(unsigned char *buf, FIPS_RAND_SIZE_T num)
16700+ {
16701+ if (!fips_approved_rand_meth && FIPS_module_mode())
16702+ {
16703+ FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
16704+ return 0;
16705+ }
16706+ if (fips_rand_meth && fips_rand_meth->bytes)
16707+ return fips_rand_meth->bytes(buf,num);
16708+ return 0;
16709+ }
16710+
16711+int FIPS_rand_pseudo_bytes(unsigned char *buf, int num)
16712+ {
16713+ if (!fips_approved_rand_meth && FIPS_module_mode())
16714+ {
16715+ FIPSerr(FIPS_F_FIPS_RAND_PSEUDO_BYTES, FIPS_R_NON_FIPS_METHOD);
16716+ return 0;
16717+ }
16718+ if (fips_rand_meth && fips_rand_meth->pseudorand)
16719+ return fips_rand_meth->pseudorand(buf,num);
16720+ return -1;
16721+ }
16722+
16723+int FIPS_rand_status(void)
16724+ {
16725+ if (!fips_approved_rand_meth && FIPS_module_mode())
16726+ {
16727+ FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
16728+ return 0;
16729+ }
16730+ if (fips_rand_meth && fips_rand_meth->status)
16731+ return fips_rand_meth->status();
16732+ return 0;
16733+ }
16734+
16735+/* Return instantiated strength of PRNG. For DRBG this is an internal
16736+ * parameter. For X9.31 PRNG it is 80 bits (from SP800-131). Any other
16737+ * type of PRNG is not approved and returns 0 in FIPS mode and maximum
16738+ * 256 outside FIPS mode.
16739+ */
16740+
16741+int FIPS_rand_strength(void)
16742+ {
16743+ if (fips_rand_bits)
16744+ return fips_rand_bits;
16745+ if (fips_approved_rand_meth == 1)
16746+ return FIPS_drbg_get_strength(FIPS_get_default_drbg());
16747+ else if (fips_approved_rand_meth == 2)
16748+ return 80;
16749+ else if (fips_approved_rand_meth == 0)
16750+ {
16751+ if (FIPS_module_mode())
16752+ return 0;
16753+ else
16754+ return 256;
16755+ }
16756+ return 0;
16757+ }
37d333a7
MT		 16758diff -up openssl-1.0.1e/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_rand_selftest.c
16759--- openssl-1.0.1e/crypto/fips/fips_rand_selftest.c.fips 2013-02-19 12:47:33.741118914 +0100
16760+++ openssl-1.0.1e/crypto/fips/fips_rand_selftest.c 2013-02-19 12:47:33.741118914 +0100
0595faf5
MT		 16761@@ -0,0 +1,183 @@
16762+/* ====================================================================
16763+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
16764+ *
16765+ * Redistribution and use in source and binary forms, with or without
16766+ * modification, are permitted provided that the following conditions
16767+ * are met:
16768+ *
16769+ * 1. Redistributions of source code must retain the above copyright
16770+ * notice, this list of conditions and the following disclaimer.
16771+ *
16772+ * 2. Redistributions in binary form must reproduce the above copyright
16773+ * notice, this list of conditions and the following disclaimer in
16774+ * the documentation and/or other materials provided with the
16775+ * distribution.
16776+ *
16777+ * 3. All advertising materials mentioning features or use of this
16778+ * software must display the following acknowledgment:
16779+ * "This product includes software developed by the OpenSSL Project
16780+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
16781+ *
16782+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
16783+ * endorse or promote products derived from this software without
16784+ * prior written permission. For written permission, please contact
16785+ * openssl-core@openssl.org.
16786+ *
16787+ * 5. Products derived from this software may not be called "OpenSSL"
16788+ * nor may "OpenSSL" appear in their names without prior written
16789+ * permission of the OpenSSL Project.
16790+ *
16791+ * 6. Redistributions of any form whatsoever must retain the following
16792+ * acknowledgment:
16793+ * "This product includes software developed by the OpenSSL Project
16794+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
16795+ *
16796+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
16797+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16798+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16799+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
16800+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
16801+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
16802+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
16803+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
16804+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16805+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
16806+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
16807+ * OF THE POSSIBILITY OF SUCH DAMAGE.
16808+ *
16809+ */
16810+
16811+#include <string.h>
16812+#include <openssl/err.h>
16813+#include <openssl/fips.h>
16814+#include <openssl/rand.h>
16815+#include <openssl/fips_rand.h>
16816+#include "fips_locl.h"
16817+
16818+#ifdef OPENSSL_FIPS
16819+
16820+
16821+
16822+typedef struct
16823+ {
16824+ unsigned char DT[16];
16825+ unsigned char V[16];
16826+ unsigned char R[16];
16827+ } AES_PRNG_TV;
16828+
16829+/* The following test vectors are taken directly from the RGNVS spec */
16830+
16831+static unsigned char aes_128_key[16] =
16832+ {0xf3,0xb1,0x66,0x6d,0x13,0x60,0x72,0x42,
16833+ 0xed,0x06,0x1c,0xab,0xb8,0xd4,0x62,0x02};
16834+
16835+static AES_PRNG_TV aes_128_tv =
16836+ {
16837+ /* DT */
16838+ {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
16839+ 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xf9},
16840+ /* V */
16841+ {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
16842+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
16843+ /* R */
16844+ {0x59,0x53,0x1e,0xd1,0x3b,0xb0,0xc0,0x55,
16845+ 0x84,0x79,0x66,0x85,0xc1,0x2f,0x76,0x41}
16846+ };
16847+
16848+static unsigned char aes_192_key[24] =
16849+ {0x15,0xd8,0x78,0x0d,0x62,0xd3,0x25,0x6e,
16850+ 0x44,0x64,0x10,0x13,0x60,0x2b,0xa9,0xbc,
16851+ 0x4a,0xfb,0xca,0xeb,0x4c,0x8b,0x99,0x3b};
16852+
16853+static AES_PRNG_TV aes_192_tv =
16854+ {
16855+ /* DT */
16856+ {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
16857+ 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4b},
16858+ /* V */
16859+ {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
16860+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
16861+ /* R */
16862+ {0x17,0x07,0xd5,0x28,0x19,0x79,0x1e,0xef,
16863+ 0xa5,0x0c,0xbf,0x25,0xe5,0x56,0xb4,0x93}
16864+ };
16865+
16866+static unsigned char aes_256_key[32] =
16867+ {0x6d,0x14,0x06,0x6c,0xb6,0xd8,0x21,0x2d,
16868+ 0x82,0x8d,0xfa,0xf2,0x7a,0x03,0xb7,0x9f,
16869+ 0x0c,0xc7,0x3e,0xcd,0x76,0xeb,0xee,0xb5,
16870+ 0x21,0x05,0x8c,0x4f,0x31,0x7a,0x80,0xbb};
16871+
16872+static AES_PRNG_TV aes_256_tv =
16873+ {
16874+ /* DT */
16875+ {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
16876+ 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x88},
16877+ /* V */
16878+ {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
16879+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
16880+ /* R */
16881+ {0x35,0xc7,0xef,0xa7,0x78,0x4d,0x29,0xbc,
16882+ 0x82,0x79,0x99,0xfb,0xd0,0xb3,0x3b,0x72}
16883+ };
16884+
16885+void FIPS_corrupt_rng()
16886+ {
16887+ aes_192_tv.V[0]++;
16888+ }
16889+
16890+#define fips_x931_test(key, tv) \
16891+ do_x931_test(key, sizeof key, &tv)
16892+
16893+static int do_x931_test(unsigned char *key, int keylen,
16894+ AES_PRNG_TV *tv)
16895+ {
16896+ unsigned char R[16], V[16];
16897+ int rv = 1;
16898+ memcpy(V, tv->V, sizeof(V));
16899+ if (!FIPS_x931_set_key(key, keylen))
16900+ return 0;
16901+ if (!fips_post_started(FIPS_TEST_X931, keylen, NULL))
16902+ return 1;
16903+ if (!fips_post_corrupt(FIPS_TEST_X931, keylen, NULL))
16904+ V[0]++;
16905+ FIPS_x931_seed(V, 16);
16906+ FIPS_x931_set_dt(tv->DT);
16907+ FIPS_x931_bytes(R, 16);
16908+ if (memcmp(R, tv->R, 16))
16909+ {
16910+ fips_post_failed(FIPS_TEST_X931, keylen, NULL);
16911+ rv = 0;
16912+ }
16913+ else if (!fips_post_success(FIPS_TEST_X931, keylen, NULL))
16914+ return 0;
16915+ return rv;
16916+ }
16917+
16918+int FIPS_selftest_x931()
16919+ {
16920+ int rv = 1;
16921+ FIPS_x931_reset();
16922+ if (!FIPS_x931_test_mode())
16923+ {
16924+ FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
16925+ return 0;
16926+ }
16927+ if (!fips_x931_test(aes_128_key,aes_128_tv))
16928+ rv = 0;
16929+ if (!fips_x931_test(aes_192_key, aes_192_tv))
16930+ rv = 0;
16931+ if (!fips_x931_test(aes_256_key, aes_256_tv))
16932+ rv = 0;
16933+ FIPS_x931_reset();
16934+ if (!rv)
16935+ FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
16936+ return rv;
16937+ }
16938+
16939+int FIPS_selftest_rng(void)
16940+ {
16941+ return FIPS_selftest_x931();
16942+ }
16943+
16944+#endif
37d333a7
MT		 16945diff -up openssl-1.0.1e/crypto/fips/fips_randtest.c.fips openssl-1.0.1e/crypto/fips/fips_randtest.c
16946--- openssl-1.0.1e/crypto/fips/fips_randtest.c.fips 2013-02-19 12:47:33.741118914 +0100
16947+++ openssl-1.0.1e/crypto/fips/fips_randtest.c 2013-02-19 12:47:33.741118914 +0100
0595faf5
MT		 16948@@ -0,0 +1,250 @@
16949+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
16950+ * All rights reserved.
16951+ *
16952+ * This package is an SSL implementation written
16953+ * by Eric Young (eay@cryptsoft.com).
16954+ * The implementation was written so as to conform with Netscapes SSL.
16955+ *
16956+ * This library is free for commercial and non-commercial use as long as
16957+ * the following conditions are aheared to. The following conditions
16958+ * apply to all code found in this distribution, be it the RC4, RSA,
16959+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
16960+ * included with this distribution is covered by the same copyright terms
16961+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16962+ *
16963+ * Copyright remains Eric Young's, and as such any Copyright notices in
16964+ * the code are not to be removed.
16965+ * If this package is used in a product, Eric Young should be given attribution
16966+ * as the author of the parts of the library used.
16967+ * This can be in the form of a textual message at program startup or
16968+ * in documentation (online or textual) provided with the package.
16969+ *
16970+ * Redistribution and use in source and binary forms, with or without
16971+ * modification, are permitted provided that the following conditions
16972+ * are met:
16973+ * 1. Redistributions of source code must retain the copyright
16974+ * notice, this list of conditions and the following disclaimer.
16975+ * 2. Redistributions in binary form must reproduce the above copyright
16976+ * notice, this list of conditions and the following disclaimer in the
16977+ * documentation and/or other materials provided with the distribution.
16978+ * 3. All advertising materials mentioning features or use of this software
16979+ * must display the following acknowledgement:
16980+ * "This product includes cryptographic software written by
16981+ * Eric Young (eay@cryptsoft.com)"
16982+ * The word 'cryptographic' can be left out if the rouines from the library
16983+ * being used are not cryptographic related :-).
16984+ * 4. If you include any Windows specific code (or a derivative thereof) from
16985+ * the apps directory (application code) you must include an acknowledgement:
16986+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
16987+ *
16988+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
16989+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16990+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16991+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
16992+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
16993+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
16994+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
16995+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
16996+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
16997+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
16998+ * SUCH DAMAGE.
16999+ *
17000+ * The licence and distribution terms for any publically available version or
17001+ * derivative of this code cannot be changed. i.e. this code cannot simply be
17002+ * copied and put under another distribution licence
17003+ * [including the GNU Public Licence.]
17004+ */
17005+/* ====================================================================
17006+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
17007+ *
17008+ * Redistribution and use in source and binary forms, with or without
17009+ * modification, are permitted provided that the following conditions
17010+ * are met:
17011+ *
17012+ * 1. Redistributions of source code must retain the above copyright
17013+ * notice, this list of conditions and the following disclaimer.
17014+ *
17015+ * 2. Redistributions in binary form must reproduce the above copyright
17016+ * notice, this list of conditions and the following disclaimer in
17017+ * the documentation and/or other materials provided with the
17018+ * distribution.
17019+ *
17020+ * 3. All advertising materials mentioning features or use of this
17021+ * software must display the following acknowledgment:
17022+ * "This product includes software developed by the OpenSSL Project
17023+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
17024+ *
17025+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
17026+ * endorse or promote products derived from this software without
17027+ * prior written permission. For written permission, please contact
17028+ * openssl-core@openssl.org.
17029+ *
17030+ * 5. Products derived from this software may not be called "OpenSSL"
17031+ * nor may "OpenSSL" appear in their names without prior written
17032+ * permission of the OpenSSL Project.
17033+ *
17034+ * 6. Redistributions of any form whatsoever must retain the following
17035+ * acknowledgment:
17036+ * "This product includes software developed by the OpenSSL Project
17037+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
17038+ *
17039+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
17040+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17041+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
17042+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
17043+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
17044+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
17045+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
17046+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17047+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
17048+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
17049+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
17050+ * OF THE POSSIBILITY OF SUCH DAMAGE.
17051+ *
17052+ */
17053+
17054+#include <stdio.h>
17055+#include <stdlib.h>
17056+#include <string.h>
17057+#include <ctype.h>
17058+#include <openssl/rand.h>
17059+#include <openssl/fips_rand.h>
17060+#include <openssl/err.h>
17061+#include <openssl/bn.h>
17062+
17063+#include "e_os.h"
17064+
17065+#ifndef OPENSSL_FIPS
17066+int main(int argc, char *argv[])
17067+{
17068+ printf("No FIPS RAND support\n");
17069+ return(0);
17070+}
17071+
17072+#else
17073+
17074+#include "fips_utl.h"
17075+#include <openssl/fips.h>
17076+
17077+typedef struct
17078+ {
17079+ unsigned char DT[16];
17080+ unsigned char V[16];
17081+ unsigned char R[16];
17082+ } AES_PRNG_MCT;
17083+
17084+static const unsigned char aes_128_mct_key[16] =
17085+ {0x9f,0x5b,0x51,0x20,0x0b,0xf3,0x34,0xb5,
17086+ 0xd8,0x2b,0xe8,0xc3,0x72,0x55,0xc8,0x48};
17087+
17088+static const AES_PRNG_MCT aes_128_mct_tv = {
17089+ /* DT */
17090+ {0x63,0x76,0xbb,0xe5,0x29,0x02,0xba,0x3b,
17091+ 0x67,0xc9,0x25,0xfa,0x70,0x1f,0x11,0xac},
17092+ /* V */
17093+ {0x57,0x2c,0x8e,0x76,0x87,0x26,0x47,0x97,
17094+ 0x7e,0x74,0xfb,0xdd,0xc4,0x95,0x01,0xd1},
17095+ /* R */
17096+ {0x48,0xe9,0xbd,0x0d,0x06,0xee,0x18,0xfb,
17097+ 0xe4,0x57,0x90,0xd5,0xc3,0xfc,0x9b,0x73}
17098+};
17099+
17100+static const unsigned char aes_192_mct_key[24] =
17101+ {0xb7,0x6c,0x34,0xd1,0x09,0x67,0xab,0x73,
17102+ 0x4d,0x5a,0xd5,0x34,0x98,0x16,0x0b,0x91,
17103+ 0xbc,0x35,0x51,0x16,0x6b,0xae,0x93,0x8a};
17104+
17105+static const AES_PRNG_MCT aes_192_mct_tv = {
17106+ /* DT */
17107+ {0x84,0xce,0x22,0x7d,0x91,0x5a,0xa3,0xc9,
17108+ 0x84,0x3c,0x0a,0xb3,0xa9,0x63,0x15,0x52},
17109+ /* V */
17110+ {0xb6,0xaf,0xe6,0x8f,0x99,0x9e,0x90,0x64,
17111+ 0xdd,0xc7,0x7a,0xc1,0xbb,0x90,0x3a,0x6d},
17112+ /* R */
17113+ {0xfc,0x85,0x60,0x9a,0x29,0x6f,0xef,0x21,
17114+ 0xdd,0x86,0x20,0x32,0x8a,0x29,0x6f,0x47}
17115+};
17116+
17117+static const unsigned char aes_256_mct_key[32] =
17118+ {0x9b,0x05,0xc8,0x68,0xff,0x47,0xf8,0x3a,
17119+ 0xa6,0x3a,0xa8,0xcb,0x4e,0x71,0xb2,0xe0,
17120+ 0xb8,0x7e,0xf1,0x37,0xb6,0xb4,0xf6,0x6d,
17121+ 0x86,0x32,0xfc,0x1f,0x5e,0x1d,0x1e,0x50};
17122+
17123+static const AES_PRNG_MCT aes_256_mct_tv = {
17124+ /* DT */
17125+ {0x31,0x6e,0x35,0x9a,0xb1,0x44,0xf0,0xee,
17126+ 0x62,0x6d,0x04,0x46,0xe0,0xa3,0x92,0x4c},
17127+ /* V */
17128+ {0x4f,0xcd,0xc1,0x87,0x82,0x1f,0x4d,0xa1,
17129+ 0x3e,0x0e,0x56,0x44,0x59,0xe8,0x83,0xca},
17130+ /* R */
17131+ {0xc8,0x87,0xc2,0x61,0x5b,0xd0,0xb9,0xe1,
17132+ 0xe7,0xf3,0x8b,0xd7,0x5b,0xd5,0xf1,0x8d}
17133+};
17134+
17135+static void dump(const unsigned char *b,int n)
17136+ {
17137+ while(n-- > 0)
17138+ {
17139+ printf(" %02x",*b++);
17140+ }
17141+ }
17142+
17143+static void compare(const unsigned char *result,const unsigned char *expected,
17144+ int n)
17145+ {
17146+ int i;
17147+
17148+ for(i=0 ; i < n ; ++i)
17149+ if(result[i] != expected[i])
17150+ {
17151+ puts("Random test failed, got:");
17152+ dump(result,n);
17153+ puts("\n expected:");
17154+ dump(expected,n);
17155+ putchar('\n');
17156+ EXIT(1);
17157+ }
17158+ }
17159+
17160+
17161+static void run_test(const unsigned char *key, int keylen,
17162+ const AES_PRNG_MCT *tv)
17163+ {
17164+ unsigned char buf[16], dt[16];
17165+ int i, j;
17166+ FIPS_x931_reset();
17167+ FIPS_x931_test_mode();
17168+ FIPS_x931_set_key(key, keylen);
17169+ FIPS_x931_seed(tv->V, 16);
17170+ memcpy(dt, tv->DT, 16);
17171+ for (i = 0; i < 10000; i++)
17172+ {
17173+ FIPS_x931_set_dt(dt);
17174+ FIPS_x931_bytes(buf, 16);
17175+ /* Increment DT */
17176+ for (j = 15; j >= 0; j--)
17177+ {
17178+ dt[j]++;
17179+ if (dt[j])
17180+ break;
17181+ }
17182+ }
17183+
17184+ compare(buf,tv->R, 16);
17185+ }
17186+
17187+int main()
17188+ {
17189+ run_test(aes_128_mct_key, 16, &aes_128_mct_tv);
17190+ printf("FIPS PRNG test 1 done\n");
17191+ run_test(aes_192_mct_key, 24, &aes_192_mct_tv);
17192+ printf("FIPS PRNG test 2 done\n");
17193+ run_test(aes_256_mct_key, 32, &aes_256_mct_tv);
17194+ printf("FIPS PRNG test 3 done\n");
17195+ return 0;
17196+ }
17197+
17198+#endif
37d333a7
MT		 17199diff -up openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c
17200--- openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips 2013-02-19 12:47:33.742118935 +0100
17201+++ openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c 2013-02-19 12:47:33.742118935 +0100
0595faf5
MT		 17202@@ -0,0 +1,444 @@
17203+/* ====================================================================
17204+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
17205+ *
17206+ * Redistribution and use in source and binary forms, with or without
17207+ * modification, are permitted provided that the following conditions
17208+ * are met:
17209+ *
17210+ * 1. Redistributions of source code must retain the above copyright
17211+ * notice, this list of conditions and the following disclaimer.
17212+ *
17213+ * 2. Redistributions in binary form must reproduce the above copyright
17214+ * notice, this list of conditions and the following disclaimer in
17215+ * the documentation and/or other materials provided with the
17216+ * distribution.
17217+ *
17218+ * 3. All advertising materials mentioning features or use of this
17219+ * software must display the following acknowledgment:
17220+ * "This product includes software developed by the OpenSSL Project
17221+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
17222+ *
17223+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
17224+ * endorse or promote products derived from this software without
17225+ * prior written permission. For written permission, please contact
17226+ * openssl-core@openssl.org.
17227+ *
17228+ * 5. Products derived from this software may not be called "OpenSSL"
17229+ * nor may "OpenSSL" appear in their names without prior written
17230+ * permission of the OpenSSL Project.
17231+ *
17232+ * 6. Redistributions of any form whatsoever must retain the following
17233+ * acknowledgment:
17234+ * "This product includes software developed by the OpenSSL Project
17235+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
17236+ *
17237+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
17238+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17239+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
17240+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
17241+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
17242+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
17243+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
17244+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17245+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
17246+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
17247+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
17248+ * OF THE POSSIBILITY OF SUCH DAMAGE.
17249+ *
17250+ */
17251+
17252+#include <string.h>
17253+#include <openssl/err.h>
17254+#ifdef OPENSSL_FIPS
17255+#include <openssl/fips.h>
17256+#endif
17257+#include <openssl/rsa.h>
17258+#include <openssl/evp.h>
17259+#include <openssl/bn.h>
17260+#include <openssl/opensslconf.h>
17261+
17262+#ifdef OPENSSL_FIPS
17263+
17264+static const unsigned char n[] =
17265+"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
17266+"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
17267+"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
17268+"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
17269+"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
17270+"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
17271+"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
17272+"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
17273+"\xCB";
17274+
17275+static int corrupt_rsa;
17276+
17277+static int setrsakey(RSA *key)
17278+ {
17279+ static const unsigned char e[] = "\x11";
17280+
17281+ static const unsigned char d[] =
17282+"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
17283+"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
17284+"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
17285+"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
17286+"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
17287+"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
17288+"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
17289+"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
17290+"\xC1";
17291+
17292+ static const unsigned char p[] =
17293+"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
17294+"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
17295+"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
17296+"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
17297+"\x99";
17298+
17299+ static const unsigned char q[] =
17300+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
17301+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
17302+"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
17303+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
17304+"\x03";
17305+
17306+ static const unsigned char dmp1[] =
17307+"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
17308+"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
17309+"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
17310+"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
17311+
17312+ static const unsigned char dmq1[] =
17313+"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
17314+"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
17315+"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
17316+"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
17317+
17318+ static const unsigned char iqmp[] =
17319+"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
17320+"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
17321+"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
17322+"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
17323+"\xF7";
17324+
17325+ key->n = BN_bin2bn(n, sizeof(n)-1, key->n);
17326+ if (corrupt_rsa)
17327+ BN_set_bit(key->n, 1024);
17328+ key->e = BN_bin2bn(e, sizeof(e)-1, key->e);
17329+ key->d = BN_bin2bn(d, sizeof(d)-1, key->d);
17330+ key->p = BN_bin2bn(p, sizeof(p)-1, key->p);
17331+ key->q = BN_bin2bn(q, sizeof(q)-1, key->q);
17332+ key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1);
17333+ key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1);
17334+ key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp);
17335+ return 1;
17336+ }
17337+
17338+void FIPS_corrupt_rsa()
17339+ {
17340+ corrupt_rsa = 1;
17341+ }
17342+
17343+/* Known Answer Test (KAT) data for the above RSA private key signing
17344+ * kat_tbs.
17345+ */
17346+
17347+static const unsigned char kat_tbs[] = "OpenSSL FIPS 140-2 Public Key RSA KAT";
17348+
17349+static const unsigned char kat_RSA_PSS_SHA1[] = {
17350+ 0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9, 0x46, 0xDA, 0x0F,
17351+ 0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D, 0xD2, 0x90, 0xBB,
17352+ 0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C, 0xB7, 0xF8, 0xD3,
17353+ 0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7, 0x83, 0xD5, 0x4C,
17354+ 0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51, 0x60, 0xD0, 0xA7,
17355+ 0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E, 0x3F, 0x9B, 0xF5,
17356+ 0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47, 0xF0, 0xC5, 0x45,
17357+ 0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F, 0xF8, 0xB7, 0x31,
17358+ 0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB, 0x9F, 0xBA, 0xE8,
17359+ 0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E, 0x20, 0x25, 0x84,
17360+ 0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9
17361+};
17362+
17363+static const unsigned char kat_RSA_PSS_SHA224[] = {
17364+ 0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF, 0xC5, 0x58, 0xA7,
17365+ 0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98, 0x08, 0x95, 0xFA,
17366+ 0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87, 0x7B, 0x1F, 0x57,
17367+ 0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55, 0x54, 0x1C, 0x89,
17368+ 0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC, 0x86, 0x05, 0xEE,
17369+ 0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64, 0x0B, 0xAB, 0x22,
17370+ 0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64, 0x62, 0xD1, 0xB5,
17371+ 0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA, 0x38, 0x24, 0x49,
17372+ 0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5, 0x03, 0xEA, 0x2D,
17373+ 0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF, 0x95, 0xC0, 0x00,
17374+ 0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0
17375+};
17376+
17377+static const unsigned char kat_RSA_PSS_SHA256[] = {
17378+ 0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0, 0x31, 0xE3, 0x89,
17379+ 0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25, 0x9A, 0xF3, 0x8F,
17380+ 0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D, 0x7D, 0x73, 0x28,
17381+ 0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3, 0x96, 0x73, 0x4E,
17382+ 0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D, 0x49, 0x47, 0x05,
17383+ 0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D, 0x6D, 0x26, 0xBA,
17384+ 0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A, 0xF3, 0xDA, 0xB6,
17385+ 0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F, 0x56, 0xCD, 0x9F,
17386+ 0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47, 0x12, 0xE4, 0x6D,
17387+ 0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E, 0x49, 0xB9, 0xF6,
17388+ 0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C
17389+};
17390+
17391+static const unsigned char kat_RSA_PSS_SHA384[] = {
17392+ 0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4, 0x31, 0xA8, 0xF2,
17393+ 0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57, 0x45, 0xCD, 0x5E,
17394+ 0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71, 0x44, 0x9A, 0xCD,
17395+ 0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F, 0x78, 0x23, 0x7F,
17396+ 0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31, 0xDC, 0x42, 0x6C,
17397+ 0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3, 0xAC, 0x4F, 0xFB,
17398+ 0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF, 0xD9, 0x3D, 0x2F,
17399+ 0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32, 0xAD, 0x42, 0x89,
17400+ 0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87, 0x1F, 0xCA, 0x6F,
17401+ 0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E, 0x60, 0xF4, 0x55,
17402+ 0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1
17403+};
17404+
17405+static const unsigned char kat_RSA_PSS_SHA512[] = {
17406+ 0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57, 0xAE, 0x63, 0x8C,
17407+ 0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F, 0x12, 0x53, 0x9A,
17408+ 0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51, 0xED, 0x9E, 0xDD,
17409+ 0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60, 0x79, 0x23, 0x39,
17410+ 0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67, 0x5F, 0xFE, 0xD7,
17411+ 0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D, 0x78, 0x55, 0x61,
17412+ 0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20, 0xB0, 0x85, 0x13,
17413+ 0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A, 0x6A, 0x39, 0x63,
17414+ 0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF, 0xF4, 0xA8, 0xFE,
17415+ 0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F, 0x80, 0xC2, 0x88,
17416+ 0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B
17417+};
17418+
17419+static const unsigned char kat_RSA_SHA1[] = {
17420+ 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C,
17421+ 0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B,
17422+ 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55, 0x77, 0x90, 0xCF,
17423+ 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8,
17424+ 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1,
17425+ 0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA,
17426+ 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E, 0xCA, 0x2E, 0x4E,
17427+ 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F,
17428+ 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F,
17429+ 0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95,
17430+ 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4
17431+};
17432+
17433+static const unsigned char kat_RSA_SHA224[] = {
17434+ 0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB, 0xB7, 0x15, 0xF9,
17435+ 0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0, 0xA9, 0x18, 0x8D,
17436+ 0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5, 0x1A, 0xC5, 0x89,
17437+ 0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30, 0x2C, 0x9E, 0xCD,
17438+ 0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6, 0x45, 0x41, 0xE5,
17439+ 0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E, 0x0B, 0xA9, 0xCC,
17440+ 0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84, 0x02, 0xC6, 0x3B,
17441+ 0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91, 0x28, 0x3E, 0xB2,
17442+ 0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0, 0x66, 0xE6, 0x35,
17443+ 0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77, 0x82, 0xE6, 0xDC,
17444+ 0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D
17445+};
17446+
17447+static const unsigned char kat_RSA_SHA256[] = {
17448+ 0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05, 0x17, 0xA5, 0x23,
17449+ 0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20, 0x7B, 0xAA, 0x23,
17450+ 0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE, 0xAD, 0x6F, 0x35,
17451+ 0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17, 0x58, 0xB2, 0x6E,
17452+ 0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A, 0x90, 0x2D, 0x18,
17453+ 0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58, 0x7A, 0x91, 0x30,
17454+ 0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF, 0xE2, 0x80, 0x3A,
17455+ 0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE, 0x81, 0xA6, 0x38,
17456+ 0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C, 0xEE, 0xD1, 0xDA,
17457+ 0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1, 0x90, 0x27, 0x90,
17458+ 0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A
17459+};
17460+
17461+static const unsigned char kat_RSA_SHA384[] = {
17462+ 0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27, 0xEF, 0xE6, 0x1F,
17463+ 0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63, 0x56, 0x47, 0xC7,
17464+ 0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA, 0xFA, 0x5D, 0x5C,
17465+ 0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D, 0xA9, 0xA6, 0x55,
17466+ 0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28, 0x7F, 0xB6, 0xCF,
17467+ 0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19, 0x2B, 0x30, 0xC2,
17468+ 0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2, 0x7D, 0xEB, 0x8C,
17469+ 0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F, 0x8B, 0x9C, 0xCD,
17470+ 0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0, 0x8F, 0x99, 0xF1,
17471+ 0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E, 0x37, 0xDC, 0x04,
17472+ 0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF
17473+};
17474+
17475+static const unsigned char kat_RSA_SHA512[] = {
17476+ 0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16, 0x51, 0x5D, 0xCF,
17477+ 0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40, 0xF8, 0xB2, 0x9A,
17478+ 0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82, 0x6B, 0x32, 0xF1,
17479+ 0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C, 0x54, 0x9F, 0xD8,
17480+ 0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6, 0x53, 0x62, 0xB5,
17481+ 0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4, 0x75, 0x92, 0x6B,
17482+ 0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B, 0x1D, 0x47, 0xE6,
17483+ 0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16, 0x63, 0x84, 0x05,
17484+ 0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64, 0x71, 0xE0, 0x2D,
17485+ 0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB, 0x98, 0x65, 0x91,
17486+ 0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84
17487+};
17488+
17489+static const unsigned char kat_RSA_X931_SHA1[] = {
17490+ 0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42, 0x45, 0x4D, 0xDF,
17491+ 0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD, 0xC4, 0xB2, 0x75,
17492+ 0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E, 0x14, 0xB8, 0xAC,
17493+ 0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04, 0xEE, 0xA9, 0x97,
17494+ 0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B, 0x38, 0xBE, 0xD6,
17495+ 0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1, 0x1A, 0x11, 0x19,
17496+ 0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63, 0x0C, 0x59, 0xD7,
17497+ 0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D, 0x24, 0x1C, 0x99,
17498+ 0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB, 0xEA, 0xED, 0x76,
17499+ 0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84, 0x1C, 0xB3, 0x67,
17500+ 0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49
17501+};
17502+
17503+static const unsigned char kat_RSA_X931_SHA256[] = {
17504+ 0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F, 0x64, 0x54, 0x89,
17505+ 0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58, 0x92, 0x1C, 0xDD,
17506+ 0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05, 0x95, 0x73, 0xCF,
17507+ 0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8, 0x7B, 0xC8, 0x9B,
17508+ 0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13, 0xB8, 0xF0, 0x4B,
17509+ 0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4, 0x38, 0x0E, 0x98,
17510+ 0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E, 0x59, 0x01, 0xEC,
17511+ 0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46, 0x8D, 0xA0, 0x8C,
17512+ 0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35, 0xA1, 0x42, 0xBD,
17513+ 0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86, 0xF0, 0x5B, 0xDC,
17514+ 0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80
17515+};
17516+
17517+static const unsigned char kat_RSA_X931_SHA384[] = {
17518+ 0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB, 0x7B, 0xEC, 0x7B,
17519+ 0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7, 0x39, 0x37, 0xCB,
17520+ 0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9, 0xBE, 0x2E, 0xE3,
17521+ 0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7, 0x4A, 0x63, 0xF6,
17522+ 0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99, 0x66, 0xEE, 0x31,
17523+ 0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E, 0x6D, 0x8D, 0xF1,
17524+ 0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0, 0x60, 0x41, 0x79,
17525+ 0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34, 0xD5, 0x7C, 0xFF,
17526+ 0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5, 0x12, 0x44, 0x35,
17527+ 0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5, 0xDC, 0xC6, 0x6D,
17528+ 0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28
17529+};
17530+
17531+static const unsigned char kat_RSA_X931_SHA512[] = {
17532+ 0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64, 0x3A, 0xC1, 0x63,
17533+ 0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1, 0xD9, 0xDA, 0xAC,
17534+ 0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05, 0x9E, 0x77, 0xD7,
17535+ 0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E, 0xF9, 0x14, 0x28,
17536+ 0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA, 0xC7, 0xF8, 0xC5,
17537+ 0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34, 0x53, 0xD2, 0xAF,
17538+ 0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10, 0xE0, 0xF6, 0xD0,
17539+ 0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F, 0x46, 0x5F, 0x09,
17540+ 0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04, 0x2D, 0xFB, 0x7C,
17541+ 0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11, 0x30, 0x71, 0x1B,
17542+ 0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
17543+};
17544+
17545+
17546+int FIPS_selftest_rsa()
17547+ {
17548+ int ret = 0;
17549+ RSA *key;
17550+ EVP_PKEY *pk = NULL;
17551+
17552+ if ((key=RSA_new()) == NULL)
17553+ goto err;
17554+ setrsakey(key);
17555+ if ((pk=EVP_PKEY_new()) == NULL)
17556+ goto err;
17557+
17558+ EVP_PKEY_assign_RSA(pk, key);
17559+
17560+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17561+ kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
17562+ EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1,
17563+ "RSA SHA1 PKCS#1"))
17564+ goto err;
17565+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17566+ kat_RSA_SHA224, sizeof(kat_RSA_SHA224),
17567+ EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PKCS1,
17568+ "RSA SHA224 PKCS#1"))
17569+ goto err;
17570+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17571+ kat_RSA_SHA256, sizeof(kat_RSA_SHA256),
17572+ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PKCS1,
17573+ "RSA SHA256 PKCS#1"))
17574+ goto err;
17575+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17576+ kat_RSA_SHA384, sizeof(kat_RSA_SHA384),
17577+ EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PKCS1,
17578+ "RSA SHA384 PKCS#1"))
17579+ goto err;
17580+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17581+ kat_RSA_SHA512, sizeof(kat_RSA_SHA512),
17582+ EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PKCS1,
17583+ "RSA SHA512 PKCS#1"))
17584+ goto err;
17585+
17586+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17587+ kat_RSA_PSS_SHA1, sizeof(kat_RSA_PSS_SHA1),
17588+ EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS,
17589+ "RSA SHA1 PSS"))
17590+ goto err;
17591+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17592+ kat_RSA_PSS_SHA224, sizeof(kat_RSA_PSS_SHA224),
17593+ EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PSS,
17594+ "RSA SHA224 PSS"))
17595+ goto err;
17596+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17597+ kat_RSA_PSS_SHA256, sizeof(kat_RSA_PSS_SHA256),
17598+ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PSS,
17599+ "RSA SHA256 PSS"))
17600+ goto err;
17601+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17602+ kat_RSA_PSS_SHA384, sizeof(kat_RSA_PSS_SHA384),
17603+ EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PSS,
17604+ "RSA SHA384 PSS"))
17605+ goto err;
17606+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17607+ kat_RSA_PSS_SHA512, sizeof(kat_RSA_PSS_SHA512),
17608+ EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PSS,
17609+ "RSA SHA512 PSS"))
17610+ goto err;
17611+
17612+
17613+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17614+ kat_RSA_X931_SHA1, sizeof(kat_RSA_X931_SHA1),
17615+ EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931,
17616+ "RSA SHA1 X931"))
17617+ goto err;
17618+ /* NB: SHA224 not supported in X9.31 */
17619+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17620+ kat_RSA_X931_SHA256, sizeof(kat_RSA_X931_SHA256),
17621+ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_X931,
17622+ "RSA SHA256 X931"))
17623+ goto err;
17624+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17625+ kat_RSA_X931_SHA384, sizeof(kat_RSA_X931_SHA384),
17626+ EVP_sha384(), EVP_MD_CTX_FLAG_PAD_X931,
17627+ "RSA SHA384 X931"))
17628+ goto err;
17629+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17630+ kat_RSA_X931_SHA512, sizeof(kat_RSA_X931_SHA512),
17631+ EVP_sha512(), EVP_MD_CTX_FLAG_PAD_X931,
17632+ "RSA SHA512 X931"))
17633+ goto err;
17634+
17635+
17636+ ret = 1;
17637+
17638+ err:
17639+ if (pk)
17640+ EVP_PKEY_free(pk);
17641+ else if (key)
17642+ RSA_free(key);
17643+ return ret;
17644+ }
17645+
17646+#endif /* def OPENSSL_FIPS */
37d333a7
MT		 17647diff -up openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c
17648--- openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c.fips 2013-02-19 12:47:33.742118935 +0100
17649+++ openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c 2013-02-19 12:47:33.742118935 +0100
0595faf5
MT		 17650@@ -0,0 +1,282 @@
17651+/* crypto/rsa/rsa_gen.c */
17652+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
17653+ * All rights reserved.
17654+ *
17655+ * This package is an SSL implementation written
17656+ * by Eric Young (eay@cryptsoft.com).
17657+ * The implementation was written so as to conform with Netscapes SSL.
17658+ *
17659+ * This library is free for commercial and non-commercial use as long as
17660+ * the following conditions are aheared to. The following conditions
17661+ * apply to all code found in this distribution, be it the RC4, RSA,
17662+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
17663+ * included with this distribution is covered by the same copyright terms
17664+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
17665+ *
17666+ * Copyright remains Eric Young's, and as such any Copyright notices in
17667+ * the code are not to be removed.
17668+ * If this package is used in a product, Eric Young should be given attribution
17669+ * as the author of the parts of the library used.
17670+ * This can be in the form of a textual message at program startup or
17671+ * in documentation (online or textual) provided with the package.
17672+ *
17673+ * Redistribution and use in source and binary forms, with or without
17674+ * modification, are permitted provided that the following conditions
17675+ * are met:
17676+ * 1. Redistributions of source code must retain the copyright
17677+ * notice, this list of conditions and the following disclaimer.
17678+ * 2. Redistributions in binary form must reproduce the above copyright
17679+ * notice, this list of conditions and the following disclaimer in the
17680+ * documentation and/or other materials provided with the distribution.
17681+ * 3. All advertising materials mentioning features or use of this software
17682+ * must display the following acknowledgement:
17683+ * "This product includes cryptographic software written by
17684+ * Eric Young (eay@cryptsoft.com)"
17685+ * The word 'cryptographic' can be left out if the rouines from the library
17686+ * being used are not cryptographic related :-).
17687+ * 4. If you include any Windows specific code (or a derivative thereof) from
17688+ * the apps directory (application code) you must include an acknowledgement:
17689+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
17690+ *
17691+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
17692+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17693+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17694+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17695+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
17696+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
17697+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17698+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
17699+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
17700+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
17701+ * SUCH DAMAGE.
17702+ *
17703+ * The licence and distribution terms for any publically available version or
17704+ * derivative of this code cannot be changed. i.e. this code cannot simply be
17705+ * copied and put under another distribution licence
17706+ * [including the GNU Public Licence.]
17707+ */
17708+
17709+#include <stdio.h>
17710+#include <string.h>
17711+#include <time.h>
17712+#include <openssl/err.h>
17713+#include <openssl/bn.h>
17714+#include <openssl/rsa.h>
17715+#ifdef OPENSSL_FIPS
17716+#include <openssl/fips.h>
17717+
17718+extern int fips_check_rsa(RSA *rsa);
17719+#endif
17720+
17721+/* X9.31 RSA key derivation and generation */
17722+
17723+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
17724+ const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
17725+ const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
17726+ const BIGNUM *e, BN_GENCB *cb)
17727+ {
17728+ BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL;
17729+ BN_CTX *ctx=NULL,*ctx2=NULL;
17730+
17731+ if (!rsa)
17732+ goto err;
17733+
17734+ ctx = BN_CTX_new();
17735+ if (!ctx)
17736+ goto err;
17737+ BN_CTX_start(ctx);
17738+
17739+ r0 = BN_CTX_get(ctx);
17740+ r1 = BN_CTX_get(ctx);
17741+ r2 = BN_CTX_get(ctx);
17742+ r3 = BN_CTX_get(ctx);
17743+
17744+ if (r3 == NULL)
17745+ goto err;
17746+ if (!rsa->e)
17747+ {
17748+ rsa->e = BN_dup(e);
17749+ if (!rsa->e)
17750+ goto err;
17751+ }
17752+ else
17753+ e = rsa->e;
17754+
17755+ /* If not all parameters present only calculate what we can.
17756+ * This allows test programs to output selective parameters.
17757+ */
17758+
17759+ if (Xp && !rsa->p)
17760+ {
17761+ rsa->p = BN_new();
17762+ if (!rsa->p)
17763+ goto err;
17764+
17765+ if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
17766+ Xp, Xp1, Xp2, e, ctx, cb))
17767+ goto err;
17768+ }
17769+
17770+ if (Xq && !rsa->q)
17771+ {
17772+ rsa->q = BN_new();
17773+ if (!rsa->q)
17774+ goto err;
17775+ if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
17776+ Xq, Xq1, Xq2, e, ctx, cb))
17777+ goto err;
17778+ }
17779+
17780+ if (!rsa->p || !rsa->q)
17781+ {
17782+ BN_CTX_end(ctx);
17783+ BN_CTX_free(ctx);
17784+ return 2;
17785+ }
17786+
17787+ /* Since both primes are set we can now calculate all remaining
17788+ * components.
17789+ */
17790+
17791+ /* calculate n */
17792+ rsa->n=BN_new();
17793+ if (rsa->n == NULL)
17794+ goto err;
17795+ if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx))
17796+ goto err;
17797+
17798+ /* calculate d */
17799+ if (!BN_sub(r1,rsa->p,BN_value_one()))
17800+ goto err; /* p-1 */
17801+ if (!BN_sub(r2,rsa->q,BN_value_one()))
17802+ goto err; /* q-1 */
17803+ if (!BN_mul(r0,r1,r2,ctx))
17804+ goto err; /* (p-1)(q-1) */
17805+
17806+ if (!BN_gcd(r3, r1, r2, ctx))
17807+ goto err;
17808+
17809+ if (!BN_div(r0, NULL, r0, r3, ctx))
17810+ goto err; /* LCM((p-1)(q-1)) */
17811+
17812+ ctx2 = BN_CTX_new();
17813+ if (!ctx2)
17814+ goto err;
17815+
17816+ rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */
17817+ if (rsa->d == NULL)
17818+ goto err;
17819+
17820+ /* calculate d mod (p-1) */
17821+ rsa->dmp1=BN_new();
17822+ if (rsa->dmp1 == NULL)
17823+ goto err;
17824+ if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx))
17825+ goto err;
17826+
17827+ /* calculate d mod (q-1) */
17828+ rsa->dmq1=BN_new();
17829+ if (rsa->dmq1 == NULL)
17830+ goto err;
17831+ if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx))
17832+ goto err;
17833+
17834+ /* calculate inverse of q mod p */
17835+ rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
17836+
17837+ err:
17838+ if (ctx)
17839+ {
17840+ BN_CTX_end(ctx);
17841+ BN_CTX_free(ctx);
17842+ }
17843+ if (ctx2)
17844+ BN_CTX_free(ctx2);
17845+ /* If this is set all calls successful */
17846+ if (rsa && rsa->iqmp != NULL)
17847+ return 1;
17848+
17849+ return 0;
17850+
17851+ }
17852+
17853+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
17854+ {
17855+ int ok = 0;
17856+ BIGNUM *Xp = NULL, *Xq = NULL;
17857+ BN_CTX *ctx = NULL;
17858+
17859+#ifdef OPENSSL_FIPS
17860+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) &&
17861+ (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
17862+ {
17863+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT);
17864+ return 0;
17865+ }
17866+
17867+ if (bits & 0xff)
17868+ {
17869+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_INVALID_KEY_LENGTH);
17870+ return 0;
17871+ }
17872+
17873+ if(FIPS_selftest_failed())
17874+ {
17875+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST_FAILED);
17876+ return 0;
17877+ }
17878+#endif
17879+
17880+ ctx = BN_CTX_new();
17881+ if (!ctx)
17882+ goto error;
17883+
17884+ BN_CTX_start(ctx);
17885+ Xp = BN_CTX_get(ctx);
17886+ Xq = BN_CTX_get(ctx);
17887+ if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
17888+ goto error;
17889+
17890+ rsa->p = BN_new();
17891+ rsa->q = BN_new();
17892+ if (!rsa->p || !rsa->q)
17893+ goto error;
17894+
17895+ /* Generate two primes from Xp, Xq */
17896+
17897+ if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
17898+ e, ctx, cb))
17899+ goto error;
17900+
17901+ if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
17902+ e, ctx, cb))
17903+ goto error;
17904+
17905+ /* Since rsa->p and rsa->q are valid this call will just derive
17906+ * remaining RSA components.
17907+ */
17908+
17909+ if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
17910+ NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
17911+ goto error;
17912+
17913+#ifdef OPENSSL_FIPS
17914+ if(!fips_check_rsa(rsa))
17915+ goto error;
17916+#endif
17917+
17918+ ok = 1;
17919+
17920+ error:
17921+ if (ctx)
17922+ {
17923+ BN_CTX_end(ctx);
17924+ BN_CTX_free(ctx);
17925+ }
17926+
17927+ if (ok)
17928+ return 1;
17929+
17930+ return 0;
17931+
17932+ }
37d333a7
MT		 17933diff -up openssl-1.0.1e/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_sha_selftest.c
17934--- openssl-1.0.1e/crypto/fips/fips_sha_selftest.c.fips 2013-02-19 12:47:33.742118935 +0100
17935+++ openssl-1.0.1e/crypto/fips/fips_sha_selftest.c 2013-02-19 12:47:33.742118935 +0100
0595faf5
MT		 17936@@ -0,0 +1,140 @@
17937+/* ====================================================================
17938+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
17939+ *
17940+ * Redistribution and use in source and binary forms, with or without
17941+ * modification, are permitted provided that the following conditions
17942+ * are met:
17943+ *
17944+ * 1. Redistributions of source code must retain the above copyright
17945+ * notice, this list of conditions and the following disclaimer.
17946+ *
17947+ * 2. Redistributions in binary form must reproduce the above copyright
17948+ * notice, this list of conditions and the following disclaimer in
17949+ * the documentation and/or other materials provided with the
17950+ * distribution.
17951+ *
17952+ * 3. All advertising materials mentioning features or use of this
17953+ * software must display the following acknowledgment:
17954+ * "This product includes software developed by the OpenSSL Project
17955+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
17956+ *
17957+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
17958+ * endorse or promote products derived from this software without
17959+ * prior written permission. For written permission, please contact
17960+ * openssl-core@openssl.org.
17961+ *
17962+ * 5. Products derived from this software may not be called "OpenSSL"
17963+ * nor may "OpenSSL" appear in their names without prior written
17964+ * permission of the OpenSSL Project.
17965+ *
17966+ * 6. Redistributions of any form whatsoever must retain the following
17967+ * acknowledgment:
17968+ * "This product includes software developed by the OpenSSL Project
17969+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
17970+ *
17971+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
17972+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17973+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
17974+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
17975+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
17976+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
17977+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
17978+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17979+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
17980+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
17981+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
17982+ * OF THE POSSIBILITY OF SUCH DAMAGE.
17983+ *
17984+ */
17985+
17986+#include <string.h>
17987+#include <openssl/err.h>
17988+#ifdef OPENSSL_FIPS
17989+#include <openssl/fips.h>
17990+#endif
17991+#include <openssl/evp.h>
17992+#include <openssl/sha.h>
17993+
17994+#ifdef OPENSSL_FIPS
17995+static const char test[][60]=
17996+ {
17997+ "",
17998+ "abc",
17999+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
18000+ };
18001+
18002+static const unsigned char ret[][SHA_DIGEST_LENGTH]=
18003+ {
18004+ { 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55,
18005+ 0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 },
18006+ { 0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
18007+ 0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d },
18008+ { 0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
18009+ 0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 },
18010+ };
18011+
18012+static int corrupt_sha;
18013+
18014+void FIPS_corrupt_sha1()
18015+ {
18016+ corrupt_sha = 1;
18017+ }
18018+
18019+int FIPS_selftest_sha1()
18020+ {
18021+ int n;
18022+
18023+ for(n=0 ; n<sizeof(test)/sizeof(test[0]) ; ++n)
18024+ {
18025+ unsigned char md[SHA_DIGEST_LENGTH];
18026+
18027+ EVP_Digest(test[n],strlen(test[n])+corrupt_sha,md, NULL, EVP_sha1(), NULL);
18028+ if(memcmp(md,ret[n],sizeof md))
18029+ {
18030+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED);
18031+ return 0;
18032+ }
18033+ }
18034+ return 1;
18035+ }
18036+
18037+static const unsigned char msg_sha256[] = { 0xfa, 0x48, 0x59, 0x2a, 0xe1, 0xae, 0x1f, 0x30,
18038+ 0xfc };
18039+static const unsigned char dig_sha256[] = { 0xf7, 0x26, 0xd8, 0x98, 0x47, 0x91, 0x68, 0x5b,
18040+ 0x9e, 0x39, 0xb2, 0x58, 0xbb, 0x75, 0xbf, 0x01,
18041+ 0x17, 0x0c, 0x84, 0x00, 0x01, 0x7a, 0x94, 0x83,
18042+ 0xf3, 0x0b, 0x15, 0x84, 0x4b, 0x69, 0x88, 0x8a };
18043+
18044+static const unsigned char msg_sha512[] = { 0x37, 0xd1, 0x35, 0x9d, 0x18, 0x41, 0xe9, 0xb7,
18045+ 0x6d, 0x9a, 0x13, 0xda, 0x5f, 0xf3, 0xbd };
18046+static const unsigned char dig_sha512[] = { 0x11, 0x13, 0xc4, 0x19, 0xed, 0x2b, 0x1d, 0x16,
18047+ 0x11, 0xeb, 0x9b, 0xbe, 0xf0, 0x7f, 0xcf, 0x44,
18048+ 0x8b, 0xd7, 0x57, 0xbd, 0x8d, 0xa9, 0x25, 0xb0,
18049+ 0x47, 0x25, 0xd6, 0x6c, 0x9a, 0x54, 0x7f, 0x8f,
18050+ 0x0b, 0x53, 0x1a, 0x10, 0x68, 0x32, 0x03, 0x38,
18051+ 0x82, 0xc4, 0x87, 0xc4, 0xea, 0x0e, 0xd1, 0x04,
18052+ 0xa9, 0x98, 0xc1, 0x05, 0xa3, 0xf3, 0xf8, 0xb1,
18053+ 0xaf, 0xbc, 0xd9, 0x78, 0x7e, 0xee, 0x3d, 0x43 };
18054+
18055+int FIPS_selftest_sha2(void)
18056+ {
18057+ unsigned char md[SHA512_DIGEST_LENGTH];
18058+
18059+ EVP_Digest(msg_sha256, sizeof(msg_sha256), md, NULL, EVP_sha256(), NULL);
18060+ if(memcmp(dig_sha256, md, sizeof(dig_sha256)))
18061+ {
18062+ FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED);
18063+ return 0;
18064+ }
18065+
18066+ EVP_Digest(msg_sha512, sizeof(msg_sha512), md, NULL, EVP_sha512(), NULL);
18067+ if(memcmp(dig_sha512, md, sizeof(dig_sha512)))
18068+ {
18069+ FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED);
18070+ return 0;
18071+ }
18072+
18073+ return 1;
18074+ }
18075+
18076+#endif
37d333a7
MT		 18077diff -up openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c
18078--- openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c.fips 2013-02-19 12:47:33.742118935 +0100
18079+++ openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c 2013-02-19 12:47:33.742118935 +0100
0595faf5
MT		 18080@@ -0,0 +1,180 @@
18081+/* ====================================================================
18082+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
18083+ *
18084+ * Redistribution and use in source and binary forms, with or without
18085+ * modification, are permitted provided that the following conditions
18086+ * are met:
18087+ *
18088+ * 1. Redistributions of source code must retain the above copyright
18089+ * notice, this list of conditions and the following disclaimer.
18090+ *
18091+ * 2. Redistributions in binary form must reproduce the above copyright
18092+ * notice, this list of conditions and the following disclaimer in
18093+ * the documentation and/or other materials provided with the
18094+ * distribution.
18095+ *
18096+ * 3. All advertising materials mentioning features or use of this
18097+ * software must display the following acknowledgment:
18098+ * "This product includes software developed by the OpenSSL Project
18099+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
18100+ *
18101+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
18102+ * endorse or promote products derived from this software without
18103+ * prior written permission. For written permission, please contact
18104+ * openssl-core@openssl.org.
18105+ *
18106+ * 5. Products derived from this software may not be called "OpenSSL"
18107+ * nor may "OpenSSL" appear in their names without prior written
18108+ * permission of the OpenSSL Project.
18109+ *
18110+ * 6. Redistributions of any form whatsoever must retain the following
18111+ * acknowledgment:
18112+ * "This product includes software developed by the OpenSSL Project
18113+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
18114+ *
18115+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
18116+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18117+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18118+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
18119+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
18120+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18121+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
18122+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
18123+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
18124+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
18125+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
18126+ * OF THE POSSIBILITY OF SUCH DAMAGE.
18127+ *
18128+ */
18129+
18130+#include <stdio.h>
18131+#include <stdlib.h>
18132+#include <string.h>
18133+#include <openssl/opensslconf.h>
18134+#include <openssl/sha.h>
18135+#include <openssl/hmac.h>
18136+
18137+#ifndef FIPSCANISTER_O
18138+int FIPS_selftest_failed() { return 0; }
18139+void FIPS_selftest_check() {}
18140+void OPENSSL_cleanse(void *p,size_t len) {}
18141+#endif
18142+
18143+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
18144+ defined(__INTEL__) || \
18145+ defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
18146+
18147+unsigned int OPENSSL_ia32cap_P[2];
18148+#endif
18149+
18150+#ifdef OPENSSL_FIPS
18151+
18152+static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
18153+ const char *key)
18154+ {
18155+ size_t len=strlen(key);
18156+ int i;
18157+ unsigned char keymd[HMAC_MAX_MD_CBLOCK];
18158+ unsigned char pad[HMAC_MAX_MD_CBLOCK];
18159+
18160+ if (len > SHA_CBLOCK)
18161+ {
18162+ SHA256_Init(md_ctx);
18163+ SHA256_Update(md_ctx,key,len);
18164+ SHA256_Final(keymd,md_ctx);
18165+ len=SHA256_DIGEST_LENGTH;
18166+ }
18167+ else
18168+ memcpy(keymd,key,len);
18169+ memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len);
18170+
18171+ for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
18172+ pad[i]=0x36^keymd[i];
18173+ SHA256_Init(md_ctx);
18174+ SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
18175+
18176+ for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
18177+ pad[i]=0x5c^keymd[i];
18178+ SHA256_Init(o_ctx);
18179+ SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
18180+ }
18181+
18182+static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
18183+ {
18184+ unsigned char buf[SHA256_DIGEST_LENGTH];
18185+
18186+ SHA256_Final(buf,md_ctx);
18187+ SHA256_Update(o_ctx,buf,sizeof buf);
18188+ SHA256_Final(md,o_ctx);
18189+ }
18190+
18191+#endif
18192+
18193+int main(int argc,char **argv)
18194+ {
18195+#ifdef OPENSSL_FIPS
18196+ static char key[]="orboDeJITITejsirpADONivirpUkvarP";
18197+ int n,binary=0;
18198+
18199+ if(argc < 2)
18200+ {
18201+ fprintf(stderr,"%s [<file>]+\n",argv[0]);
18202+ exit(1);
18203+ }
18204+
18205+ n=1;
18206+ if (!strcmp(argv[n],"-binary"))
18207+ {
18208+ n++;
18209+ binary=1; /* emit binary fingerprint... */
18210+ }
18211+
18212+ for(; n < argc ; ++n)
18213+ {
18214+ FILE *f=fopen(argv[n],"rb");
18215+ SHA256_CTX md_ctx,o_ctx;
18216+ unsigned char md[SHA256_DIGEST_LENGTH];
18217+ int i;
18218+
18219+ if(!f)
18220+ {
18221+ perror(argv[n]);
18222+ exit(2);
18223+ }
18224+
18225+ hmac_init(&md_ctx,&o_ctx,key);
18226+ for( ; ; )
18227+ {
18228+ char buf[1024];
18229+ size_t l=fread(buf,1,sizeof buf,f);
18230+
18231+ if(l == 0)
18232+ {
18233+ if(ferror(f))
18234+ {
18235+ perror(argv[n]);
18236+ exit(3);
18237+ }
18238+ else
18239+ break;
18240+ }
18241+ SHA256_Update(&md_ctx,buf,l);
18242+ }
18243+ hmac_final(md,&md_ctx,&o_ctx);
18244+
18245+ if (binary)
18246+ {
18247+ fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
18248+ break; /* ... for single(!) file */
18249+ }
18250+
18251+/* printf("HMAC-SHA1(%s)= ",argv[n]); */
18252+ for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
18253+ printf("%02x",md[i]);
18254+ printf("\n");
18255+ }
18256+#endif
18257+ return 0;
18258+ }
18259+
18260+
37d333a7
MT		 18261diff -up openssl-1.0.1e/crypto/fips/fips_test_suite.c.fips openssl-1.0.1e/crypto/fips/fips_test_suite.c
18262--- openssl-1.0.1e/crypto/fips/fips_test_suite.c.fips 2013-02-19 12:47:33.743118955 +0100
18263+++ openssl-1.0.1e/crypto/fips/fips_test_suite.c 2013-02-19 12:47:33.743118955 +0100
0595faf5
MT		 18264@@ -0,0 +1,588 @@
18265+/* ====================================================================
18266+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
18267+ *
18268+ *
18269+ * This command is intended as a test driver for the FIPS-140 testing
18270+ * lab performing FIPS-140 validation. It demonstrates the use of the
18271+ * OpenSSL library ito perform a variety of common cryptographic
18272+ * functions. A power-up self test is demonstrated by deliberately
18273+ * pointing to an invalid executable hash
18274+ *
18275+ * Contributed by Steve Marquess.
18276+ *
18277+ */
18278+#include <stdio.h>
18279+#include <assert.h>
18280+#include <ctype.h>
18281+#include <string.h>
18282+#include <stdlib.h>
18283+#include <openssl/aes.h>
18284+#include <openssl/des.h>
18285+#include <openssl/rsa.h>
18286+#include <openssl/dsa.h>
18287+#include <openssl/dh.h>
18288+#include <openssl/hmac.h>
18289+#include <openssl/err.h>
18290+
18291+#include <openssl/bn.h>
18292+#include <openssl/rand.h>
18293+#include <openssl/sha.h>
18294+
18295+
18296+#ifndef OPENSSL_FIPS
18297+int main(int argc, char *argv[])
18298+ {
18299+ printf("No FIPS support\n");
18300+ return(0);
18301+ }
18302+#else
18303+
18304+#include <openssl/fips.h>
18305+#include "fips_utl.h"
18306+
18307+/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
18308+*/
18309+static int FIPS_aes_test(void)
18310+ {
18311+ int ret = 0;
18312+ unsigned char pltmp[16];
18313+ unsigned char citmp[16];
18314+ unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
18315+ unsigned char plaintext[16] = "etaonrishdlcu";
18316+ EVP_CIPHER_CTX ctx;
18317+ EVP_CIPHER_CTX_init(&ctx);
18318+ if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0)
18319+ goto err;
18320+ EVP_Cipher(&ctx, citmp, plaintext, 16);
18321+ if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0)
18322+ goto err;
18323+ EVP_Cipher(&ctx, pltmp, citmp, 16);
18324+ if (memcmp(pltmp, plaintext, 16))
18325+ goto err;
18326+ ret = 1;
18327+ err:
18328+ EVP_CIPHER_CTX_cleanup(&ctx);
18329+ return ret;
18330+ }
18331+
18332+static int FIPS_des3_test(void)
18333+ {
18334+ int ret = 0;
18335+ unsigned char pltmp[8];
18336+ unsigned char citmp[8];
18337+ unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
18338+ 19,20,21,22,23,24};
18339+ unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
18340+ EVP_CIPHER_CTX ctx;
18341+ EVP_CIPHER_CTX_init(&ctx);
18342+ if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 1) <= 0)
18343+ goto err;
18344+ EVP_Cipher(&ctx, citmp, plaintext, 8);
18345+ if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 0) <= 0)
18346+ goto err;
18347+ EVP_Cipher(&ctx, pltmp, citmp, 8);
18348+ if (memcmp(pltmp, plaintext, 8))
18349+ goto err;
18350+ ret = 1;
18351+ err:
18352+ EVP_CIPHER_CTX_cleanup(&ctx);
18353+ return ret;
18354+ }
18355+
18356+/*
18357+ * DSA: generate keys and sign, verify input plaintext.
18358+ */
18359+static int FIPS_dsa_test(int bad)
18360+ {
18361+ DSA *dsa = NULL;
18362+ EVP_PKEY pk;
18363+ unsigned char dgst[] = "etaonrishdlc";
18364+ unsigned char buf[60];
18365+ unsigned int slen;
18366+ int r = 0;
18367+ EVP_MD_CTX mctx;
18368+
18369+ ERR_clear_error();
18370+ EVP_MD_CTX_init(&mctx);
18371+ dsa = DSA_new();
18372+ if (!dsa)
18373+ goto end;
18374+ if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
18375+ goto end;
18376+ if (!DSA_generate_key(dsa))
18377+ goto end;
18378+ if (bad)
18379+ BN_add_word(dsa->pub_key, 1);
18380+
18381+ pk.type = EVP_PKEY_DSA;
18382+ pk.pkey.dsa = dsa;
18383+
18384+ if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
18385+ goto end;
18386+ if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))
18387+ goto end;
18388+ if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
18389+ goto end;
18390+
18391+ if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
18392+ goto end;
18393+ if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))
18394+ goto end;
18395+ r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
18396+ end:
18397+ EVP_MD_CTX_cleanup(&mctx);
18398+ if (dsa)
18399+ DSA_free(dsa);
18400+ if (r != 1)
18401+ return 0;
18402+ return 1;
18403+ }
18404+
18405+/*
18406+ * RSA: generate keys and sign, verify input plaintext.
18407+ */
18408+static int FIPS_rsa_test(int bad)
18409+ {
18410+ RSA *key;
18411+ unsigned char input_ptext[] = "etaonrishdlc";
18412+ unsigned char buf[256];
18413+ unsigned int slen;
18414+ BIGNUM *bn;
18415+ EVP_MD_CTX mctx;
18416+ EVP_PKEY pk;
18417+ int r = 0;
18418+
18419+ ERR_clear_error();
18420+ EVP_MD_CTX_init(&mctx);
18421+ key = RSA_new();
18422+ bn = BN_new();
18423+ if (!key || !bn)
18424+ return 0;
18425+ BN_set_word(bn, 65537);
18426+ if (!RSA_generate_key_ex(key, 1024,bn,NULL))
18427+ return 0;
18428+ BN_free(bn);
18429+ if (bad)
18430+ BN_add_word(key->n, 1);
18431+
18432+ pk.type = EVP_PKEY_RSA;
18433+ pk.pkey.rsa = key;
18434+
18435+ if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))
18436+ goto end;
18437+ if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
18438+ goto end;
18439+ if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
18440+ goto end;
18441+
18442+ if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))
18443+ goto end;
18444+ if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
18445+ goto end;
18446+ r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
18447+ end:
18448+ EVP_MD_CTX_cleanup(&mctx);
18449+ if (key)
18450+ RSA_free(key);
18451+ if (r != 1)
18452+ return 0;
18453+ return 1;
18454+ }
18455+
18456+/* SHA1: generate hash of known digest value and compare to known
18457+ precomputed correct hash
18458+*/
18459+static int FIPS_sha1_test()
18460+ {
18461+ unsigned char digest[SHA_DIGEST_LENGTH] =
18462+ { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
18463+ unsigned char str[] = "etaonrishd";
18464+
18465+ unsigned char md[SHA_DIGEST_LENGTH];
18466+
18467+ ERR_clear_error();
18468+ if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0;
18469+ if (memcmp(md,digest,sizeof(md)))
18470+ return 0;
18471+ return 1;
18472+ }
18473+
18474+/* SHA256: generate hash of known digest value and compare to known
18475+ precomputed correct hash
18476+*/
18477+static int FIPS_sha256_test()
18478+ {
18479+ unsigned char digest[SHA256_DIGEST_LENGTH] =
18480+ {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
18481+ 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
18482+ unsigned char str[] = "etaonrishd";
18483+
18484+ unsigned char md[SHA256_DIGEST_LENGTH];
18485+
18486+ ERR_clear_error();
18487+ if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha256(), NULL)) return 0;
18488+ if (memcmp(md,digest,sizeof(md)))
18489+ return 0;
18490+ return 1;
18491+ }
18492+
18493+/* SHA512: generate hash of known digest value and compare to known
18494+ precomputed correct hash
18495+*/
18496+static int FIPS_sha512_test()
18497+ {
18498+ unsigned char digest[SHA512_DIGEST_LENGTH] =
18499+ {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
18500+ 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
18501+ 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
18502+ 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
18503+ unsigned char str[] = "etaonrishd";
18504+
18505+ unsigned char md[SHA512_DIGEST_LENGTH];
18506+
18507+ ERR_clear_error();
18508+ if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha512(), NULL)) return 0;
18509+ if (memcmp(md,digest,sizeof(md)))
18510+ return 0;
18511+ return 1;
18512+ }
18513+
18514+/* HMAC-SHA1: generate hash of known digest value and compare to known
18515+ precomputed correct hash
18516+*/
18517+static int FIPS_hmac_sha1_test()
18518+ {
18519+ unsigned char key[] = "etaonrishd";
18520+ unsigned char iv[] = "Sample text";
18521+ unsigned char kaval[EVP_MAX_MD_SIZE] =
18522+ {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
18523+ 0xb2, 0xfb, 0xec, 0xc6};
18524+
18525+ unsigned char out[EVP_MAX_MD_SIZE];
18526+ unsigned int outlen;
18527+
18528+ ERR_clear_error();
18529+ if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
18530+ if (memcmp(out,kaval,outlen))
18531+ return 0;
18532+ return 1;
18533+ }
18534+
18535+/* HMAC-SHA224: generate hash of known digest value and compare to known
18536+ precomputed correct hash
18537+*/
18538+static int FIPS_hmac_sha224_test()
18539+ {
18540+ unsigned char key[] = "etaonrishd";
18541+ unsigned char iv[] = "Sample text";
18542+ unsigned char kaval[EVP_MAX_MD_SIZE] =
18543+ {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
18544+ 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
18545+
18546+ unsigned char out[EVP_MAX_MD_SIZE];
18547+ unsigned int outlen;
18548+
18549+ ERR_clear_error();
18550+ if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
18551+ if (memcmp(out,kaval,outlen))
18552+ return 0;
18553+ return 1;
18554+ }
18555+
18556+/* HMAC-SHA256: generate hash of known digest value and compare to known
18557+ precomputed correct hash
18558+*/
18559+static int FIPS_hmac_sha256_test()
18560+ {
18561+ unsigned char key[] = "etaonrishd";
18562+ unsigned char iv[] = "Sample text";
18563+ unsigned char kaval[EVP_MAX_MD_SIZE] =
18564+ {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
18565+ 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
18566+
18567+ unsigned char out[EVP_MAX_MD_SIZE];
18568+ unsigned int outlen;
18569+
18570+ ERR_clear_error();
18571+ if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
18572+ if (memcmp(out,kaval,outlen))
18573+ return 0;
18574+ return 1;
18575+ }
18576+
18577+/* HMAC-SHA384: generate hash of known digest value and compare to known
18578+ precomputed correct hash
18579+*/
18580+static int FIPS_hmac_sha384_test()
18581+ {
18582+ unsigned char key[] = "etaonrishd";
18583+ unsigned char iv[] = "Sample text";
18584+ unsigned char kaval[EVP_MAX_MD_SIZE] =
18585+ {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
18586+ 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
18587+ 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
18588+
18589+ unsigned char out[EVP_MAX_MD_SIZE];
18590+ unsigned int outlen;
18591+
18592+ ERR_clear_error();
18593+ if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
18594+ if (memcmp(out,kaval,outlen))
18595+ return 0;
18596+ return 1;
18597+ }
18598+
18599+/* HMAC-SHA512: generate hash of known digest value and compare to known
18600+ precomputed correct hash
18601+*/
18602+static int FIPS_hmac_sha512_test()
18603+ {
18604+ unsigned char key[] = "etaonrishd";
18605+ unsigned char iv[] = "Sample text";
18606+ unsigned char kaval[EVP_MAX_MD_SIZE] =
18607+ {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
18608+ 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
18609+ 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
18610+ 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
18611+
18612+ unsigned char out[EVP_MAX_MD_SIZE];
18613+ unsigned int outlen;
18614+
18615+ ERR_clear_error();
18616+ if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
18617+ if (memcmp(out,kaval,outlen))
18618+ return 0;
18619+ return 1;
18620+ }
18621+
18622+
18623+/* DH: generate shared parameters
18624+*/
18625+static int dh_test()
18626+ {
18627+ DH *dh;
18628+ ERR_clear_error();
18629+ dh = FIPS_dh_new();
18630+ if (!dh)
18631+ return 0;
18632+ if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
18633+ return 0;
18634+ FIPS_dh_free(dh);
18635+ return 1;
18636+ }
18637+
18638+/* Zeroize
18639+*/
18640+static int Zeroize()
18641+ {
18642+ RSA *key;
18643+ BIGNUM *bn;
18644+ unsigned char userkey[16] =
18645+ { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
18646+ int i, n;
18647+
18648+ key = FIPS_rsa_new();
18649+ bn = BN_new();
18650+ if (!key || !bn)
18651+ return 0;
18652+ BN_set_word(bn, 65537);
18653+ if (!RSA_generate_key_ex(key, 1024,bn,NULL))
18654+ return 0;
18655+ BN_free(bn);
18656+
18657+ n = BN_num_bytes(key->d);
18658+ printf(" Generated %d byte RSA private key\n", n);
18659+ printf("\tBN key before overwriting:\n");
18660+ do_bn_print(stdout, key->d);
18661+ BN_rand(key->d,n*8,-1,0);
18662+ printf("\tBN key after overwriting:\n");
18663+ do_bn_print(stdout, key->d);
18664+
18665+ printf("\tchar buffer key before overwriting: \n\t\t");
18666+ for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
18667+ printf("\n");
18668+ RAND_bytes(userkey, sizeof userkey);
18669+ printf("\tchar buffer key after overwriting: \n\t\t");
18670+ for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
18671+ printf("\n");
18672+
18673+ return 1;
18674+ }
18675+
18676+static int Error;
18677+const char * Fail(const char *msg)
18678+ {
18679+ do_print_errors();
18680+ Error++;
18681+ return msg;
18682+ }
18683+
18684+int main(int argc,char **argv)
18685+ {
18686+
18687+ int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
18688+ int bad_rsa = 0, bad_dsa = 0;
18689+ int do_rng_stick = 0;
18690+ int no_exit = 0;
18691+
18692+ printf("\tFIPS-mode test application\n\n");
18693+
18694+ /* Load entropy from external file, if any */
18695+ RAND_load_file(".rnd", 1024);
18696+
18697+ if (argv[1]) {
18698+ /* Corrupted KAT tests */
18699+ if (!strcmp(argv[1], "aes")) {
18700+ FIPS_corrupt_aes();
18701+ printf("AES encryption/decryption with corrupted KAT...\n");
18702+ } else if (!strcmp(argv[1], "des")) {
18703+ FIPS_corrupt_des();
18704+ printf("DES3-ECB encryption/decryption with corrupted KAT...\n");
18705+ } else if (!strcmp(argv[1], "dsa")) {
18706+ FIPS_corrupt_dsa();
18707+ printf("DSA key generation and signature validation with corrupted KAT...\n");
18708+ } else if (!strcmp(argv[1], "rsa")) {
18709+ FIPS_corrupt_rsa();
18710+ printf("RSA key generation and signature validation with corrupted KAT...\n");
18711+ } else if (!strcmp(argv[1], "rsakey")) {
18712+ printf("RSA key generation and signature validation with corrupted key...\n");
18713+ bad_rsa = 1;
18714+ no_exit = 1;
18715+ } else if (!strcmp(argv[1], "rsakeygen")) {
18716+ do_corrupt_rsa_keygen = 1;
18717+ no_exit = 1;
18718+ printf("RSA key generation and signature validation with corrupted keygen...\n");
18719+ } else if (!strcmp(argv[1], "dsakey")) {
18720+ printf("DSA key generation and signature validation with corrupted key...\n");
18721+ bad_dsa = 1;
18722+ no_exit = 1;
18723+ } else if (!strcmp(argv[1], "dsakeygen")) {
18724+ do_corrupt_dsa_keygen = 1;
18725+ no_exit = 1;
18726+ printf("DSA key generation and signature validation with corrupted keygen...\n");
18727+ } else if (!strcmp(argv[1], "sha1")) {
18728+ FIPS_corrupt_sha1();
18729+ printf("SHA-1 hash with corrupted KAT...\n");
18730+ } else if (!strcmp(argv[1], "rng")) {
18731+ FIPS_corrupt_rng();
18732+ } else if (!strcmp(argv[1], "rngstick")) {
18733+ do_rng_stick = 1;
18734+ no_exit = 1;
18735+ printf("RNG test with stuck continuous test...\n");
18736+ } else {
18737+ printf("Bad argument \"%s\"\n", argv[1]);
18738+ exit(1);
18739+ }
18740+ if (!no_exit) {
18741+ if (!FIPS_mode_set(1)) {
18742+ do_print_errors();
18743+ printf("Power-up self test failed\n");
18744+ exit(1);
18745+ }
18746+ printf("Power-up self test successful\n");
18747+ exit(0);
18748+ }
18749+ }
18750+
18751+ /* Non-Approved cryptographic operation
18752+ */
18753+ printf("1. Non-Approved cryptographic operation test...\n");
18754+ printf("\ta. Included algorithm (D-H)...");
18755+ printf( dh_test() ? "successful\n" : Fail("FAILED!\n") );
18756+
18757+ /* Power-up self test
18758+ */
18759+ ERR_clear_error();
18760+ printf("2. Automatic power-up self test...");
18761+ if (!FIPS_mode_set(1))
18762+ {
18763+ do_print_errors();
18764+ printf(Fail("FAILED!\n"));
18765+ exit(1);
18766+ }
18767+ printf("successful\n");
18768+ if (do_corrupt_dsa_keygen)
18769+ FIPS_corrupt_dsa_keygen();
18770+ if (do_corrupt_rsa_keygen)
18771+ FIPS_corrupt_rsa_keygen();
18772+ if (do_rng_stick)
18773+ FIPS_rng_stick();
18774+
18775+ /* AES encryption/decryption
18776+ */
18777+ printf("3. AES encryption/decryption...");
18778+ printf( FIPS_aes_test() ? "successful\n" : Fail("FAILED!\n") );
18779+
18780+ /* RSA key generation and encryption/decryption
18781+ */
18782+ printf("4. RSA key generation and encryption/decryption...");
18783+ printf( FIPS_rsa_test(bad_rsa) ? "successful\n" : Fail("FAILED!\n") );
18784+
18785+ /* DES-CBC encryption/decryption
18786+ */
18787+ printf("5. DES-ECB encryption/decryption...");
18788+ printf( FIPS_des3_test() ? "successful\n" : Fail("FAILED!\n") );
18789+
18790+ /* DSA key generation and signature validation
18791+ */
18792+ printf("6. DSA key generation and signature validation...");
18793+ printf( FIPS_dsa_test(bad_dsa) ? "successful\n" : Fail("FAILED!\n") );
18794+
18795+ /* SHA-1 hash
18796+ */
18797+ printf("7a. SHA-1 hash...");
18798+ printf( FIPS_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
18799+
18800+ /* SHA-256 hash
18801+ */
18802+ printf("7b. SHA-256 hash...");
18803+ printf( FIPS_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
18804+
18805+ /* SHA-512 hash
18806+ */
18807+ printf("7c. SHA-512 hash...");
18808+ printf( FIPS_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
18809+
18810+ /* HMAC-SHA-1 hash
18811+ */
18812+ printf("7d. HMAC-SHA-1 hash...");
18813+ printf( FIPS_hmac_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
18814+
18815+ /* HMAC-SHA-224 hash
18816+ */
18817+ printf("7e. HMAC-SHA-224 hash...");
18818+ printf( FIPS_hmac_sha224_test() ? "successful\n" : Fail("FAILED!\n") );
18819+
18820+ /* HMAC-SHA-256 hash
18821+ */
18822+ printf("7f. HMAC-SHA-256 hash...");
18823+ printf( FIPS_hmac_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
18824+
18825+ /* HMAC-SHA-384 hash
18826+ */
18827+ printf("7g. HMAC-SHA-384 hash...");
18828+ printf( FIPS_hmac_sha384_test() ? "successful\n" : Fail("FAILED!\n") );
18829+
18830+ /* HMAC-SHA-512 hash
18831+ */
18832+ printf("7h. HMAC-SHA-512 hash...");
18833+ printf( FIPS_hmac_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
18834+
18835+ /* Non-Approved cryptographic operation
18836+ */
18837+ printf("8. Non-Approved cryptographic operation test...\n");
18838+ printf("\ta. Included algorithm (D-H)...");
18839+ printf( dh_test() ? "successful as expected\n"
18840+ : Fail("failed INCORRECTLY!\n") );
18841+
18842+ /* Zeroization
18843+ */
18844+ printf("9. Zero-ization...\n");
18845+ printf( Zeroize() ? "\tsuccessful as expected\n"
18846+ : Fail("\tfailed INCORRECTLY!\n") );
18847+
18848+ printf("\nAll tests completed with %d errors\n", Error);
18849+ return Error ? 1 : 0;
18850+ }
18851+
18852+#endif
37d333a7
MT		 18853diff -up openssl-1.0.1e/crypto/fips/Makefile.fips openssl-1.0.1e/crypto/fips/Makefile
18854--- openssl-1.0.1e/crypto/fips/Makefile.fips 2013-02-19 12:47:33.743118955 +0100
18855+++ openssl-1.0.1e/crypto/fips/Makefile 2013-02-19 12:47:33.743118955 +0100
0595faf5
MT		 18856@@ -0,0 +1,340 @@
18857+#
18858+# OpenSSL/crypto/fips/Makefile
18859+#
18860+
18861+DIR= fips
18862+TOP= ../..
18863+CC= cc
18864+INCLUDES=
18865+CFLAG=-g
18866+MAKEFILE= Makefile
18867+AR= ar r
18868+
18869+CFLAGS= $(INCLUDES) $(CFLAG)
18870+
18871+GENERAL=Makefile
18872+TEST=fips_test_suite.c fips_randtest.c
18873+APPS=
18874+
18875+PROGRAM= fips_standalone_hmac
18876+EXE= $(PROGRAM)$(EXE_EXT)
18877+
18878+LIB=$(TOP)/libcrypto.a
18879+LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c \
18880+ fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
18881+ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
18882+ fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
18883+ fips_cmac_selftest.c fips_enc.c fips_md.c
18884+
18885+LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \
18886+ fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \
18887+ fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
18888+ fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
18889+ fips_cmac_selftest.o fips_enc.o fips_md.o
18890+
18891+LIBCRYPTO=-L.. -lcrypto
18892+
18893+SRC= $(LIBSRC) fips_standalone_hmac.c
18894+
18895+EXHEADER= fips.h fips_rand.h
18896+HEADER= $(EXHEADER)
18897+
18898+ALL= $(GENERAL) $(SRC) $(HEADER)
18899+
18900+top:
18901+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
18902+
18903+all: lib exe
18904+
18905+lib: $(LIBOBJ)
18906+ $(AR) $(LIB) $(LIBOBJ)
18907+ $(RANLIB) $(LIB) || echo Never mind.
18908+ @touch lib
18909+
18910+exe: $(EXE)
18911+
18912+files:
18913+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
18914+
18915+links:
18916+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
18917+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
18918+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
18919+
18920+install:
18921+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
18922+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
18923+ do \
18924+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
18925+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
18926+ done;
18927+
18928+tags:
18929+ ctags $(SRC)
18930+
18931+tests:
18932+
18933+lint:
18934+ lint -DLINT $(INCLUDES) $(SRC)>fluff
18935+
18936+depend:
18937+ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
18938+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
18939+
18940+dclean:
18941+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
18942+ mv -f Makefile.new $(MAKEFILE)
18943+
18944+clean:
18945+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
18946+
18947+$(EXE): $(PROGRAM).o
18948+ FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../sha/$$i" ; done; \
18949+ $(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM
18950+
18951+# DO NOT DELETE THIS LINE -- make depend depends on it.
18952+
18953+fips.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
18954+fips.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
18955+fips.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
18956+fips.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
18957+fips.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
18958+fips.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
18959+fips.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
18960+fips.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
18961+fips.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
18962+fips.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
18963+fips.o: ../../include/openssl/symhacks.h fips.c fips_locl.h
18964+fips_aes_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
18965+fips_aes_selftest.o: ../../include/openssl/crypto.h
18966+fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
18967+fips_aes_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
18968+fips_aes_selftest.o: ../../include/openssl/lhash.h
18969+fips_aes_selftest.o: ../../include/openssl/obj_mac.h
18970+fips_aes_selftest.o: ../../include/openssl/objects.h
18971+fips_aes_selftest.o: ../../include/openssl/opensslconf.h
18972+fips_aes_selftest.o: ../../include/openssl/opensslv.h
18973+fips_aes_selftest.o: ../../include/openssl/ossl_typ.h
18974+fips_aes_selftest.o: ../../include/openssl/safestack.h
18975+fips_aes_selftest.o: ../../include/openssl/stack.h
18976+fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c
18977+fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
18978+fips_des_selftest.o: ../../include/openssl/crypto.h
18979+fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
18980+fips_des_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
18981+fips_des_selftest.o: ../../include/openssl/lhash.h
18982+fips_des_selftest.o: ../../include/openssl/obj_mac.h
18983+fips_des_selftest.o: ../../include/openssl/objects.h
18984+fips_des_selftest.o: ../../include/openssl/opensslconf.h
18985+fips_des_selftest.o: ../../include/openssl/opensslv.h
18986+fips_des_selftest.o: ../../include/openssl/ossl_typ.h
18987+fips_des_selftest.o: ../../include/openssl/safestack.h
18988+fips_des_selftest.o: ../../include/openssl/stack.h
18989+fips_des_selftest.o: ../../include/openssl/symhacks.h fips_des_selftest.c
18990+fips_drbg_ctr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
18991+fips_drbg_ctr.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
18992+fips_drbg_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
18993+fips_drbg_ctr.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
18994+fips_drbg_ctr.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
18995+fips_drbg_ctr.o: ../../include/openssl/objects.h
18996+fips_drbg_ctr.o: ../../include/openssl/opensslconf.h
18997+fips_drbg_ctr.o: ../../include/openssl/opensslv.h
18998+fips_drbg_ctr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
18999+fips_drbg_ctr.o: ../../include/openssl/safestack.h
19000+fips_drbg_ctr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
19001+fips_drbg_ctr.o: fips_drbg_ctr.c fips_rand_lcl.h
19002+fips_drbg_hash.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19003+fips_drbg_hash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19004+fips_drbg_hash.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
19005+fips_drbg_hash.o: ../../include/openssl/fips.h
19006+fips_drbg_hash.o: ../../include/openssl/fips_rand.h
19007+fips_drbg_hash.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
19008+fips_drbg_hash.o: ../../include/openssl/objects.h
19009+fips_drbg_hash.o: ../../include/openssl/opensslconf.h
19010+fips_drbg_hash.o: ../../include/openssl/opensslv.h
19011+fips_drbg_hash.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19012+fips_drbg_hash.o: ../../include/openssl/safestack.h
19013+fips_drbg_hash.o: ../../include/openssl/stack.h
19014+fips_drbg_hash.o: ../../include/openssl/symhacks.h fips_drbg_hash.c
19015+fips_drbg_hash.o: fips_rand_lcl.h
19016+fips_drbg_hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19017+fips_drbg_hmac.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19018+fips_drbg_hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
19019+fips_drbg_hmac.o: ../../include/openssl/fips.h
19020+fips_drbg_hmac.o: ../../include/openssl/fips_rand.h
19021+fips_drbg_hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
19022+fips_drbg_hmac.o: ../../include/openssl/objects.h
19023+fips_drbg_hmac.o: ../../include/openssl/opensslconf.h
19024+fips_drbg_hmac.o: ../../include/openssl/opensslv.h
19025+fips_drbg_hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19026+fips_drbg_hmac.o: ../../include/openssl/safestack.h
19027+fips_drbg_hmac.o: ../../include/openssl/stack.h
19028+fips_drbg_hmac.o: ../../include/openssl/symhacks.h fips_drbg_hmac.c
19029+fips_drbg_hmac.o: fips_rand_lcl.h
19030+fips_drbg_lib.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19031+fips_drbg_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19032+fips_drbg_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19033+fips_drbg_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19034+fips_drbg_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
19035+fips_drbg_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
19036+fips_drbg_lib.o: ../../include/openssl/objects.h
19037+fips_drbg_lib.o: ../../include/openssl/opensslconf.h
19038+fips_drbg_lib.o: ../../include/openssl/opensslv.h
19039+fips_drbg_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19040+fips_drbg_lib.o: ../../include/openssl/safestack.h
19041+fips_drbg_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
19042+fips_drbg_lib.o: fips_drbg_lib.c fips_locl.h fips_rand_lcl.h
19043+fips_drbg_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19044+fips_drbg_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19045+fips_drbg_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19046+fips_drbg_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19047+fips_drbg_rand.o: ../../include/openssl/fips_rand.h
19048+fips_drbg_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
19049+fips_drbg_rand.o: ../../include/openssl/obj_mac.h
19050+fips_drbg_rand.o: ../../include/openssl/objects.h
19051+fips_drbg_rand.o: ../../include/openssl/opensslconf.h
19052+fips_drbg_rand.o: ../../include/openssl/opensslv.h
19053+fips_drbg_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19054+fips_drbg_rand.o: ../../include/openssl/safestack.h
19055+fips_drbg_rand.o: ../../include/openssl/stack.h
19056+fips_drbg_rand.o: ../../include/openssl/symhacks.h fips_drbg_rand.c
19057+fips_drbg_rand.o: fips_rand_lcl.h
19058+fips_drbg_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19059+fips_drbg_selftest.o: ../../include/openssl/bio.h
19060+fips_drbg_selftest.o: ../../include/openssl/crypto.h
19061+fips_drbg_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19062+fips_drbg_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19063+fips_drbg_selftest.o: ../../include/openssl/fips_rand.h
19064+fips_drbg_selftest.o: ../../include/openssl/hmac.h
19065+fips_drbg_selftest.o: ../../include/openssl/lhash.h
19066+fips_drbg_selftest.o: ../../include/openssl/obj_mac.h
19067+fips_drbg_selftest.o: ../../include/openssl/objects.h
19068+fips_drbg_selftest.o: ../../include/openssl/opensslconf.h
19069+fips_drbg_selftest.o: ../../include/openssl/opensslv.h
19070+fips_drbg_selftest.o: ../../include/openssl/ossl_typ.h
19071+fips_drbg_selftest.o: ../../include/openssl/rand.h
19072+fips_drbg_selftest.o: ../../include/openssl/safestack.h
19073+fips_drbg_selftest.o: ../../include/openssl/stack.h
19074+fips_drbg_selftest.o: ../../include/openssl/symhacks.h fips_drbg_selftest.c
19075+fips_drbg_selftest.o: fips_drbg_selftest.h fips_locl.h fips_rand_lcl.h
19076+fips_dsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19077+fips_dsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
19078+fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
19079+fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
19080+fips_dsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
19081+fips_dsa_selftest.o: ../../include/openssl/obj_mac.h
19082+fips_dsa_selftest.o: ../../include/openssl/objects.h
19083+fips_dsa_selftest.o: ../../include/openssl/opensslconf.h
19084+fips_dsa_selftest.o: ../../include/openssl/opensslv.h
19085+fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h
19086+fips_dsa_selftest.o: ../../include/openssl/safestack.h
19087+fips_dsa_selftest.o: ../../include/openssl/stack.h
19088+fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
19089+fips_dsa_selftest.o: fips_locl.h
19090+fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19091+fips_hmac_selftest.o: ../../include/openssl/crypto.h
19092+fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19093+fips_hmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19094+fips_hmac_selftest.o: ../../include/openssl/hmac.h
19095+fips_hmac_selftest.o: ../../include/openssl/lhash.h
19096+fips_hmac_selftest.o: ../../include/openssl/obj_mac.h
19097+fips_hmac_selftest.o: ../../include/openssl/objects.h
19098+fips_hmac_selftest.o: ../../include/openssl/opensslconf.h
19099+fips_hmac_selftest.o: ../../include/openssl/opensslv.h
19100+fips_hmac_selftest.o: ../../include/openssl/ossl_typ.h
19101+fips_hmac_selftest.o: ../../include/openssl/safestack.h
19102+fips_hmac_selftest.o: ../../include/openssl/stack.h
19103+fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c
19104+fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19105+fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19106+fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
19107+fips_post.o: ../../include/openssl/err.h ../../include/openssl/evp.h
19108+fips_post.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
19109+fips_post.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
19110+fips_post.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
19111+fips_post.o: ../../include/openssl/opensslconf.h
19112+fips_post.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
19113+fips_post.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
19114+fips_post.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
19115+fips_post.o: ../../include/openssl/symhacks.h fips_locl.h fips_post.c
19116+fips_rand.o: ../../e_os.h ../../include/openssl/aes.h
19117+fips_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19118+fips_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
19119+fips_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h
19120+fips_rand.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
19121+fips_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
19122+fips_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
19123+fips_rand.o: ../../include/openssl/opensslconf.h
19124+fips_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
19125+fips_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
19126+fips_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
19127+fips_rand.o: fips_locl.h fips_rand.c
19128+fips_rand_lib.o: ../../e_os.h ../../include/openssl/aes.h
19129+fips_rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19130+fips_rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
19131+fips_rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
19132+fips_rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
19133+fips_rand_lib.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
19134+fips_rand_lib.o: ../../include/openssl/obj_mac.h
19135+fips_rand_lib.o: ../../include/openssl/objects.h
19136+fips_rand_lib.o: ../../include/openssl/opensslconf.h
19137+fips_rand_lib.o: ../../include/openssl/opensslv.h
19138+fips_rand_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19139+fips_rand_lib.o: ../../include/openssl/safestack.h
19140+fips_rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
19141+fips_rand_lib.o: fips_rand_lib.c
19142+fips_rand_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19143+fips_rand_selftest.o: ../../include/openssl/bio.h
19144+fips_rand_selftest.o: ../../include/openssl/crypto.h
19145+fips_rand_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19146+fips_rand_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19147+fips_rand_selftest.o: ../../include/openssl/fips_rand.h
19148+fips_rand_selftest.o: ../../include/openssl/hmac.h
19149+fips_rand_selftest.o: ../../include/openssl/lhash.h
19150+fips_rand_selftest.o: ../../include/openssl/obj_mac.h
19151+fips_rand_selftest.o: ../../include/openssl/objects.h
19152+fips_rand_selftest.o: ../../include/openssl/opensslconf.h
19153+fips_rand_selftest.o: ../../include/openssl/opensslv.h
19154+fips_rand_selftest.o: ../../include/openssl/ossl_typ.h
19155+fips_rand_selftest.o: ../../include/openssl/rand.h
19156+fips_rand_selftest.o: ../../include/openssl/safestack.h
19157+fips_rand_selftest.o: ../../include/openssl/stack.h
19158+fips_rand_selftest.o: ../../include/openssl/symhacks.h fips_locl.h
19159+fips_rand_selftest.o: fips_rand_selftest.c
19160+fips_rsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19161+fips_rsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
19162+fips_rsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19163+fips_rsa_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19164+fips_rsa_selftest.o: ../../include/openssl/lhash.h
19165+fips_rsa_selftest.o: ../../include/openssl/obj_mac.h
19166+fips_rsa_selftest.o: ../../include/openssl/objects.h
19167+fips_rsa_selftest.o: ../../include/openssl/opensslconf.h
19168+fips_rsa_selftest.o: ../../include/openssl/opensslv.h
19169+fips_rsa_selftest.o: ../../include/openssl/ossl_typ.h
19170+fips_rsa_selftest.o: ../../include/openssl/rsa.h
19171+fips_rsa_selftest.o: ../../include/openssl/safestack.h
19172+fips_rsa_selftest.o: ../../include/openssl/stack.h
19173+fips_rsa_selftest.o: ../../include/openssl/symhacks.h fips_rsa_selftest.c
19174+fips_rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19175+fips_rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
19176+fips_rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19177+fips_rsa_x931g.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
19178+fips_rsa_x931g.o: ../../include/openssl/opensslconf.h
19179+fips_rsa_x931g.o: ../../include/openssl/opensslv.h
19180+fips_rsa_x931g.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
19181+fips_rsa_x931g.o: ../../include/openssl/safestack.h
19182+fips_rsa_x931g.o: ../../include/openssl/stack.h
19183+fips_rsa_x931g.o: ../../include/openssl/symhacks.h fips_rsa_x931g.c
19184+fips_sha_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19185+fips_sha_selftest.o: ../../include/openssl/crypto.h
19186+fips_sha_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19187+fips_sha_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19188+fips_sha_selftest.o: ../../include/openssl/lhash.h
19189+fips_sha_selftest.o: ../../include/openssl/obj_mac.h
19190+fips_sha_selftest.o: ../../include/openssl/objects.h
19191+fips_sha_selftest.o: ../../include/openssl/opensslconf.h
19192+fips_sha_selftest.o: ../../include/openssl/opensslv.h
19193+fips_sha_selftest.o: ../../include/openssl/ossl_typ.h
19194+fips_sha_selftest.o: ../../include/openssl/safestack.h
19195+fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
19196+fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c
37d333a7
MT		 19197diff -up openssl-1.0.1e/crypto/hmac/hmac.c.fips openssl-1.0.1e/crypto/hmac/hmac.c
19198--- openssl-1.0.1e/crypto/hmac/hmac.c.fips 2013-02-11 16:26:04.000000000 +0100
19199+++ openssl-1.0.1e/crypto/hmac/hmac.c 2013-02-19 12:47:33.743118955 +0100
0595faf5
MT		 19200@@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
19201 EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
19202 return 0;
19203 }
19204- /* Other algorithm blocking will be done in FIPS_cmac_init,
19205- * via FIPS_hmac_init_ex().
19206- */
19207- if (!impl && !ctx->i_ctx.engine)
19208- return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
19209 }
19210 #endif
19211
19212@@ -99,6 +94,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
19213
19214 if (key != NULL)
19215 {
19216+#ifdef OPENSSL_FIPS
19217+ if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
19218+ && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
19219+ || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
19220+ || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
19221+ goto err;
19222+#endif
19223 reset=1;
19224 j=EVP_MD_block_size(md);
19225 OPENSSL_assert(j <= (int)sizeof(ctx->key));
19226@@ -155,10 +157,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void
19227
19228 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
19229 {
19230-#ifdef OPENSSL_FIPS
19231- if (FIPS_mode() && !ctx->i_ctx.engine)
19232- return FIPS_hmac_update(ctx, data, len);
19233-#endif
19234 return EVP_DigestUpdate(&ctx->md_ctx,data,len);
19235 }
19236
19237@@ -166,10 +164,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned c
19238 {
19239 unsigned int i;
19240 unsigned char buf[EVP_MAX_MD_SIZE];
19241-#ifdef OPENSSL_FIPS
19242- if (FIPS_mode() && !ctx->i_ctx.engine)
19243- return FIPS_hmac_final(ctx, md, len);
19244-#endif
19245
19246 if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
19247 goto err;
19248@@ -209,13 +203,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_C
19249
19250 void HMAC_CTX_cleanup(HMAC_CTX *ctx)
19251 {
19252-#ifdef OPENSSL_FIPS
19253- if (FIPS_mode() && !ctx->i_ctx.engine)
19254- {
19255- FIPS_hmac_ctx_cleanup(ctx);
19256- return;
19257- }
19258-#endif
19259 EVP_MD_CTX_cleanup(&ctx->i_ctx);
19260 EVP_MD_CTX_cleanup(&ctx->o_ctx);
19261 EVP_MD_CTX_cleanup(&ctx->md_ctx);
37d333a7
MT		 19262diff -up openssl-1.0.1e/crypto/md2/md2_dgst.c.fips openssl-1.0.1e/crypto/md2/md2_dgst.c
19263--- openssl-1.0.1e/crypto/md2/md2_dgst.c.fips 2013-02-11 16:26:04.000000000 +0100
19264+++ openssl-1.0.1e/crypto/md2/md2_dgst.c 2013-02-19 12:47:33.743118955 +0100
0595faf5
MT		 19265@@ -62,6 +62,11 @@
19266 #include <openssl/md2.h>
19267 #include <openssl/opensslv.h>
19268 #include <openssl/crypto.h>
19269+#ifdef OPENSSL_FIPS
19270+#include <openssl/fips.h>
19271+#endif
19272+
19273+#include <openssl/err.h>
19274
19275 const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;
19276
19277@@ -116,7 +121,7 @@ const char *MD2_options(void)
19278 return("md2(int)");
19279 }
19280
19281-fips_md_init(MD2)
19282+nonfips_md_init(MD2)
19283 {
19284 c->num=0;
19285 memset(c->state,0,sizeof c->state);
37d333a7
MT		 19286diff -up openssl-1.0.1e/crypto/md4/md4_dgst.c.fips openssl-1.0.1e/crypto/md4/md4_dgst.c
19287--- openssl-1.0.1e/crypto/md4/md4_dgst.c.fips 2013-02-11 16:26:04.000000000 +0100
19288+++ openssl-1.0.1e/crypto/md4/md4_dgst.c 2013-02-19 12:47:33.744118975 +0100
0595faf5
MT		 19289@@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V
19290 #define INIT_DATA_C (unsigned long)0x98badcfeL
19291 #define INIT_DATA_D (unsigned long)0x10325476L
19292
19293-fips_md_init(MD4)
19294+nonfips_md_init(MD4)
19295 {
19296 memset (c,0,sizeof(*c));
19297 c->A=INIT_DATA_A;
37d333a7
MT		 19298diff -up openssl-1.0.1e/crypto/md5/md5_dgst.c.fips openssl-1.0.1e/crypto/md5/md5_dgst.c
19299--- openssl-1.0.1e/crypto/md5/md5_dgst.c.fips 2013-02-11 16:26:04.000000000 +0100
19300+++ openssl-1.0.1e/crypto/md5/md5_dgst.c 2013-02-19 12:47:33.744118975 +0100
0595faf5
MT		 19301@@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V
19302 #define INIT_DATA_C (unsigned long)0x98badcfeL
19303 #define INIT_DATA_D (unsigned long)0x10325476L
19304
19305-fips_md_init(MD5)
19306+nonfips_md_init(MD5)
19307 {
19308 memset (c,0,sizeof(*c));
19309 c->A=INIT_DATA_A;
37d333a7
MT		 19310diff -up openssl-1.0.1e/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1e/crypto/mdc2/mdc2dgst.c
19311--- openssl-1.0.1e/crypto/mdc2/mdc2dgst.c.fips 2013-02-11 16:26:04.000000000 +0100
19312+++ openssl-1.0.1e/crypto/mdc2/mdc2dgst.c 2013-02-19 12:47:33.744118975 +0100
0595faf5
MT		 19313@@ -76,7 +76,7 @@
19314 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
19315
19316 static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
19317-fips_md_init(MDC2)
19318+nonfips_md_init(MDC2)
19319 {
19320 c->num=0;
19321 c->pad_type=1;
37d333a7
MT		 19322diff -up openssl-1.0.1e/crypto/o_fips.c.fips openssl-1.0.1e/crypto/o_fips.c
19323--- openssl-1.0.1e/crypto/o_fips.c.fips 2013-02-11 16:26:04.000000000 +0100
19324+++ openssl-1.0.1e/crypto/o_fips.c 2013-02-19 12:47:33.744118975 +0100
19325@@ -79,6 +79,8 @@ int FIPS_mode_set(int r)
19326 #ifndef FIPS_AUTH_USER_PASS
19327 #define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password"
19328 #endif
19329+ if (FIPS_module_mode()) /* can be implicitly initialized by OPENSSL_init() */
19330+ return 1;
19331 if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
19332 return 0;
19333 if (r)
19334diff -up openssl-1.0.1e/crypto/o_init.c.fips openssl-1.0.1e/crypto/o_init.c
19335--- openssl-1.0.1e/crypto/o_init.c.fips 2013-02-11 16:26:04.000000000 +0100
19336+++ openssl-1.0.1e/crypto/o_init.c 2013-02-19 12:47:33.744118975 +0100
0595faf5
MT		 19337@@ -55,28 +55,63 @@
19338 #include <e_os.h>
19339 #include <openssl/err.h>
19340 #ifdef OPENSSL_FIPS
19341+#include <sys/types.h>
19342+#include <sys/stat.h>
19343+#include <fcntl.h>
19344+#include <unistd.h>
19345+#include <errno.h>
19346+#include <stdlib.h>
19347 #include <openssl/fips.h>
19348 #include <openssl/rand.h>
19349+
19350+#define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
19351+
19352+static void init_fips_mode(void)
19353+ {
19354+ char buf[2] = "0";
19355+ int fd;
19356+
19357+ if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
19358+ {
19359+ buf[0] = '1';
19360+ }
19361+ else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0)
19362+ {
19363+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
19364+ close(fd);
19365+ }
19366+ /* Failure reading the fips mode switch file means just not
19367+ * switching into FIPS mode. We would break too many things
19368+ * otherwise.
19369+ */
19370+
19371+ if (buf[0] == '1')
19372+ {
19373+ FIPS_mode_set(1);
19374+ }
19375+ }
19376 #endif
19377
19378 /* Perform any essential OpenSSL initialization operations.
19379 * Currently only sets FIPS callbacks
19380 */
19381
19382-void OPENSSL_init(void)
19383+void OPENSSL_init_library(void)
19384 {
19385 static int done = 0;
19386 if (done)
19387 return;
19388 done = 1;
19389 #ifdef OPENSSL_FIPS
19390- FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
19391- FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
19392- FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
19393 RAND_init_fips();
19394+ init_fips_mode();
19395 #endif
19396 #if 0
19397 fprintf(stderr, "Called OPENSSL_init\n");
19398 #endif
19399 }
19400
19401+void OPENSSL_init(void)
19402+ {
19403+ OPENSSL_init_library();
19404+ }
37d333a7
MT		 19405diff -up openssl-1.0.1e/crypto/opensslconf.h.in.fips openssl-1.0.1e/crypto/opensslconf.h.in
19406--- openssl-1.0.1e/crypto/opensslconf.h.in.fips 2013-02-11 16:26:04.000000000 +0100
19407+++ openssl-1.0.1e/crypto/opensslconf.h.in 2013-02-19 12:47:33.744118975 +0100
0595faf5
MT		 19408@@ -1,5 +1,20 @@
19409 /* crypto/opensslconf.h.in */
19410
19411+#ifdef OPENSSL_DOING_MAKEDEPEND
19412+
19413+/* Include any symbols here that have to be explicitly set to enable a feature
19414+ * that should be visible to makedepend.
19415+ *
19416+ * [Our "make depend" doesn't actually look at this, we use actual build settings
19417+ * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
19418+ */
19419+
19420+#ifndef OPENSSL_FIPS
19421+#define OPENSSL_FIPS
19422+#endif
19423+
19424+#endif
19425+
19426 /* Generate 80386 code? */
19427 #undef I386_ONLY
19428
37d333a7
MT		 19429diff -up openssl-1.0.1e/crypto/pkcs12/p12_crt.c.fips openssl-1.0.1e/crypto/pkcs12/p12_crt.c
19430--- openssl-1.0.1e/crypto/pkcs12/p12_crt.c.fips 2013-02-11 16:26:04.000000000 +0100
19431+++ openssl-1.0.1e/crypto/pkcs12/p12_crt.c 2013-02-19 12:47:33.744118975 +0100
0595faf5
MT		 19432@@ -59,6 +59,10 @@
19433 #include <stdio.h>
19434 #include "cryptlib.h"
19435 #include <openssl/pkcs12.h>
19436+#ifdef OPENSSL_FIPS
19437+#include <openssl/fips.h>
19438+#endif
19439+
19440
19441
19442 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
19443@@ -90,7 +94,14 @@ PKCS12 *PKCS12_create(char *pass, char *
19444
19445 /* Set defaults */
19446 if (!nid_cert)
19447+ {
19448+#ifdef OPENSSL_FIPS
19449+ if (FIPS_mode())
19450+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
19451+ else
19452+#endif
19453 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
19454+ }
19455 if (!nid_key)
19456 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
19457 if (!iter)
37d333a7
MT		 19458diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips openssl-1.0.1e/crypto/rand/md_rand.c
19459--- openssl-1.0.1e/crypto/rand/md_rand.c.fips 2013-02-11 16:26:04.000000000 +0100
19460+++ openssl-1.0.1e/crypto/rand/md_rand.c 2013-02-19 12:47:33.745118995 +0100
0595faf5
MT		 19461@@ -389,7 +389,10 @@ static int ssleay_rand_bytes(unsigned ch
19462 CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
19463 crypto_lock_rand = 1;
19464
19465- if (!initialized)
19466+ /* always poll for external entropy in FIPS mode, drbg provides the
19467+ * expansion
19468+ */
19469+ if (!initialized || FIPS_module_mode())
19470 {
19471 RAND_poll();
19472 initialized = 1;
37d333a7
MT		 19473diff -up openssl-1.0.1e/crypto/rand/rand.h.fips openssl-1.0.1e/crypto/rand/rand.h
19474--- openssl-1.0.1e/crypto/rand/rand.h.fips 2013-02-19 12:47:33.176107430 +0100
19475+++ openssl-1.0.1e/crypto/rand/rand.h 2013-02-19 12:47:33.745118995 +0100
0595faf5
MT		 19476@@ -133,15 +133,33 @@ void ERR_load_RAND_strings(void);
19477 /* Error codes for the RAND functions. */
19478
19479 /* Function codes. */
19480+#define RAND_F_ENG_RAND_GET_RAND_METHOD 108
19481+#define RAND_F_FIPS_RAND 103
19482+#define RAND_F_FIPS_RAND_BYTES 102
19483+#define RAND_F_FIPS_RAND_SET_DT 106
19484+#define RAND_F_FIPS_X931_SET_DT 106
19485+#define RAND_F_FIPS_SET_DT 104
19486+#define RAND_F_FIPS_SET_PRNG_SEED 107
19487+#define RAND_F_FIPS_SET_TEST_MODE 105
19488 #define RAND_F_RAND_GET_RAND_METHOD 101
19489-#define RAND_F_RAND_INIT_FIPS 102
19490+#define RAND_F_RAND_INIT_FIPS 109
19491 #define RAND_F_SSLEAY_RAND_BYTES 100
19492
19493 /* Reason codes. */
19494-#define RAND_R_ERROR_INITIALISING_DRBG 102
19495-#define RAND_R_ERROR_INSTANTIATING_DRBG 103
19496-#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101
19497+#define RAND_R_ERROR_INITIALISING_DRBG 112
19498+#define RAND_R_ERROR_INSTANTIATING_DRBG 113
19499+#define RAND_R_NON_FIPS_METHOD 105
19500+#define RAND_R_NOT_IN_TEST_MODE 106
19501+#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 111
19502+#define RAND_R_NO_KEY_SET 107
19503+#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101
19504+#define RAND_R_PRNG_ERROR 108
19505+#define RAND_R_PRNG_KEYED 109
19506+#define RAND_R_PRNG_NOT_REKEYED 102
19507+#define RAND_R_PRNG_NOT_RESEEDED 103
19508 #define RAND_R_PRNG_NOT_SEEDED 100
19509+#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110
19510+#define RAND_R_PRNG_STUCK 104
19511
19512 #ifdef __cplusplus
19513 }
37d333a7
MT		 19514diff -up openssl-1.0.1e/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1e/crypto/ripemd/rmd_dgst.c
19515--- openssl-1.0.1e/crypto/ripemd/rmd_dgst.c.fips 2013-02-11 16:26:04.000000000 +0100
19516+++ openssl-1.0.1e/crypto/ripemd/rmd_dgst.c 2013-02-19 12:47:33.745118995 +0100
0595faf5
MT		 19517@@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160"
19518 void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
19519 # endif
19520
19521-fips_md_init(RIPEMD160)
19522+nonfips_md_init(RIPEMD160)
19523 {
19524 memset (c,0,sizeof(*c));
19525 c->A=RIPEMD160_A;
37d333a7
MT		 19526diff -up openssl-1.0.1e/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1e/crypto/rsa/rsa_crpt.c
19527--- openssl-1.0.1e/crypto/rsa/rsa_crpt.c.fips 2013-02-11 16:26:04.000000000 +0100
19528+++ openssl-1.0.1e/crypto/rsa/rsa_crpt.c 2013-02-19 12:47:33.745118995 +0100
0595faf5
MT		 19529@@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const
19530 RSA *rsa, int padding)
19531 {
19532 #ifdef OPENSSL_FIPS
19533- if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
19534- && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
19535+ if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
19536 {
19537- RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
19538+ RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
19539 return -1;
19540 }
19541 #endif
19542@@ -118,10 +117,9 @@ int RSA_public_decrypt(int flen, const u
19543 RSA *rsa, int padding)
19544 {
19545 #ifdef OPENSSL_FIPS
19546- if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
19547- && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
19548+ if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
19549 {
19550- RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
19551+ RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
19552 return -1;
19553 }
19554 #endif
37d333a7
MT		 19555diff -up openssl-1.0.1e/crypto/rsa/rsa_eay.c.fips openssl-1.0.1e/crypto/rsa/rsa_eay.c
19556--- openssl-1.0.1e/crypto/rsa/rsa_eay.c.fips 2013-02-11 16:26:04.000000000 +0100
19557+++ openssl-1.0.1e/crypto/rsa/rsa_eay.c 2013-02-19 12:47:33.745118995 +0100
0595faf5
MT		 19558@@ -114,6 +114,10 @@
19559 #include <openssl/bn.h>
19560 #include <openssl/rsa.h>
19561 #include <openssl/rand.h>
19562+#include <openssl/err.h>
19563+#ifdef OPENSSL_FIPS
19564+#include <openssl/fips.h>
19565+#endif
19566
19567 #ifndef RSA_NULL
19568
19569@@ -138,7 +142,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth={
19570 BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */
19571 RSA_eay_init,
19572 RSA_eay_finish,
19573- 0, /* flags */
19574+ RSA_FLAG_FIPS_METHOD, /* flags */
19575 NULL,
19576 0, /* rsa_sign */
19577 0, /* rsa_verify */
19578@@ -158,6 +162,24 @@ static int RSA_eay_public_encrypt(int fl
19579 unsigned char *buf=NULL;
19580 BN_CTX *ctx=NULL;
19581
19582+#ifdef OPENSSL_FIPS
19583+ if(FIPS_mode())
19584+ {
19585+ if (FIPS_selftest_failed())
19586+ {
19587+ FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
19588+ goto err;
19589+ }
19590+
19591+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
19592+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
19593+ {
19594+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
19595+ return -1;
19596+ }
19597+ }
19598+#endif
19599+
19600 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
19601 {
19602 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
19603@@ -361,6 +383,24 @@ static int RSA_eay_private_encrypt(int f
19604 BIGNUM *unblind = NULL;
19605 BN_BLINDING *blinding = NULL;
19606
19607+#ifdef OPENSSL_FIPS
19608+ if (FIPS_mode())
19609+ {
19610+ if(FIPS_selftest_failed())
19611+ {
19612+ FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
19613+ return -1;
19614+ }
19615+
19616+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
19617+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
19618+ {
19619+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
19620+ return -1;
19621+ }
19622+ }
19623+#endif
19624+
19625 if ((ctx=BN_CTX_new()) == NULL) goto err;
19626 BN_CTX_start(ctx);
19627 f = BN_CTX_get(ctx);
19628@@ -504,6 +544,24 @@ static int RSA_eay_private_decrypt(int f
19629 BIGNUM *unblind = NULL;
19630 BN_BLINDING *blinding = NULL;
19631
19632+#ifdef OPENSSL_FIPS
19633+ if (FIPS_mode())
19634+ {
19635+ if(FIPS_selftest_failed())
19636+ {
19637+ FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
19638+ return -1;
19639+ }
19640+
19641+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
19642+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
19643+ {
19644+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
19645+ return -1;
19646+ }
19647+ }
19648+#endif
19649+
19650 if((ctx = BN_CTX_new()) == NULL) goto err;
19651 BN_CTX_start(ctx);
19652 f = BN_CTX_get(ctx);
19653@@ -639,6 +697,24 @@ static int RSA_eay_public_decrypt(int fl
19654 unsigned char *buf=NULL;
19655 BN_CTX *ctx=NULL;
19656
19657+#ifdef OPENSSL_FIPS
19658+ if (FIPS_mode())
19659+ {
19660+ if(FIPS_selftest_failed())
19661+ {
19662+ FIPSerr(FIPS_F_RSA_EAY_PUBLIC_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
19663+ goto err;
19664+ }
19665+
19666+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
19667+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
19668+ {
19669+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
19670+ return -1;
19671+ }
19672+ }
19673+#endif
19674+
19675 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
19676 {
19677 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
0595faf5
MT		 19678@@ -897,6 +973,9 @@ err:
19679
19680 static int RSA_eay_init(RSA *rsa)
19681 {
19682+#ifdef OPENSSL_FIPS
19683+ FIPS_selftest_check();
19684+#endif
19685 rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
19686 return(1);
19687 }
37d333a7
MT		 19688diff -up openssl-1.0.1e/crypto/rsa/rsa_err.c.fips openssl-1.0.1e/crypto/rsa/rsa_err.c
19689--- openssl-1.0.1e/crypto/rsa/rsa_err.c.fips 2013-02-11 16:26:04.000000000 +0100
19690+++ openssl-1.0.1e/crypto/rsa/rsa_err.c 2013-02-19 12:47:33.746119015 +0100
0595faf5
MT		 19691@@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]=
19692 {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"},
19693 {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
19694 {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
19695+{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"},
19696+{ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"},
19697 {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
19698 {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
19699 {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
37d333a7
MT		 19700diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips openssl-1.0.1e/crypto/rsa/rsa_gen.c
19701--- openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips 2013-02-11 16:26:04.000000000 +0100
19702+++ openssl-1.0.1e/crypto/rsa/rsa_gen.c 2013-02-19 12:47:33.746119015 +0100
0595faf5
MT		 19703@@ -69,6 +69,78 @@
19704 #include <openssl/rsa.h>
19705 #ifdef OPENSSL_FIPS
19706 #include <openssl/fips.h>
19707+#include <openssl/err.h>
19708+#include <openssl/evp.h>
19709+
19710+static int fips_rsa_pairwise_fail = 0;
19711+
19712+void FIPS_corrupt_rsa_keygen(void)
19713+ {
19714+ fips_rsa_pairwise_fail = 1;
19715+ }
19716+
19717+int fips_check_rsa(RSA *rsa)
19718+ {
19719+ const unsigned char tbs[] = "RSA Pairwise Check Data";
19720+ unsigned char *ctbuf = NULL, *ptbuf = NULL;
19721+ int len, ret = 0;
19722+ EVP_PKEY *pk;
19723+
19724+ if ((pk=EVP_PKEY_new()) == NULL)
19725+ goto err;
19726+
19727+ EVP_PKEY_set1_RSA(pk, rsa);
19728+
19729+ /* Perform pairwise consistency signature test */
19730+ if (!fips_pkey_signature_test(pk, tbs, -1,
19731+ NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
19732+ || !fips_pkey_signature_test(pk, tbs, -1,
19733+ NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, NULL)
19734+ || !fips_pkey_signature_test(pk, tbs, -1,
19735+ NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, NULL))
19736+ goto err;
19737+ /* Now perform pairwise consistency encrypt/decrypt test */
19738+ ctbuf = OPENSSL_malloc(RSA_size(rsa));
19739+ if (!ctbuf)
19740+ goto err;
19741+
19742+ len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING);
19743+ if (len <= 0)
19744+ goto err;
19745+ /* Check ciphertext doesn't match plaintext */
19746+ if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
19747+ goto err;
19748+ ptbuf = OPENSSL_malloc(RSA_size(rsa));
19749+
19750+ if (!ptbuf)
19751+ goto err;
19752+ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
19753+ if (len != (sizeof(tbs) - 1))
19754+ goto err;
19755+ if (memcmp(ptbuf, tbs, len))
19756+ goto err;
19757+
19758+ ret = 1;
19759+
19760+ if (!ptbuf)
19761+ goto err;
19762+
19763+ err:
19764+ if (ret == 0)
19765+ {
19766+ fips_set_selftest_fail();
19767+ FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
19768+ }
19769+
19770+ if (ctbuf)
19771+ OPENSSL_free(ctbuf);
19772+ if (ptbuf)
19773+ OPENSSL_free(ptbuf);
19774+ if (pk)
19775+ EVP_PKEY_free(pk);
19776+
19777+ return ret;
19778+ }
19779 #endif
19780
19781 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
19782@@ -81,7 +153,7 @@ static int rsa_builtin_keygen(RSA *rsa,
19783 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
19784 {
19785 #ifdef OPENSSL_FIPS
19786- if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
19787+ if (FIPS_module_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
19788 && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
19789 {
19790 RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
19791@@ -90,10 +162,6 @@ int RSA_generate_key_ex(RSA *rsa, int bi
19792 #endif
19793 if(rsa->meth->rsa_keygen)
19794 return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
19795-#ifdef OPENSSL_FIPS
19796- if (FIPS_mode())
19797- return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
19798-#endif
19799 return rsa_builtin_keygen(rsa, bits, e_value, cb);
19800 }
19801
19802@@ -105,6 +173,23 @@ static int rsa_builtin_keygen(RSA *rsa,
19803 int bitsp,bitsq,ok= -1,n=0;
19804 BN_CTX *ctx=NULL;
19805
19806+#ifdef OPENSSL_FIPS
19807+ if (FIPS_module_mode())
19808+ {
19809+ if(FIPS_selftest_failed())
19810+ {
19811+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED);
19812+ return 0;
19813+ }
19814+
19815+ if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
19816+ {
19817+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
19818+ return 0;
19819+ }
19820+ }
19821+#endif
19822+
19823 ctx=BN_CTX_new();
19824 if (ctx == NULL) goto err;
19825 BN_CTX_start(ctx);
19826@@ -216,6 +301,17 @@ static int rsa_builtin_keygen(RSA *rsa,
19827 p = rsa->p;
19828 if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
19829
19830+#ifdef OPENSSL_FIPS
19831+ if (FIPS_module_mode())
19832+ {
19833+ if (fips_rsa_pairwise_fail)
19834+ BN_add_word(rsa->n, 1);
19835+
19836+ if(!fips_check_rsa(rsa))
19837+ goto err;
19838+ }
19839+#endif
19840+
19841 ok=1;
19842 err:
19843 if (ok == -1)
37d333a7
MT		 19844diff -up openssl-1.0.1e/crypto/rsa/rsa.h.fips openssl-1.0.1e/crypto/rsa/rsa.h
19845--- openssl-1.0.1e/crypto/rsa/rsa.h.fips 2013-02-19 12:47:33.485113710 +0100
19846+++ openssl-1.0.1e/crypto/rsa/rsa.h 2013-02-19 12:47:33.746119015 +0100
0595faf5
MT		 19847@@ -164,6 +164,8 @@ struct rsa_st
19848 # define OPENSSL_RSA_MAX_MODULUS_BITS 16384
19849 #endif
19850
19851+#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
19852+
19853 #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
19854 # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
19855 #endif
19856@@ -290,6 +292,11 @@ RSA * RSA_generate_key(int bits, unsigne
19857
19858 /* New version */
19859 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
19860+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
19861+ const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
19862+ const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
19863+ const BIGNUM *e, BN_GENCB *cb);
19864+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb);
19865
19866 int RSA_check_key(const RSA *);
19867 /* next 4 return -1 on error */
19868@@ -487,7 +494,7 @@ void ERR_load_RSA_strings(void);
19869 #define RSA_F_RSA_PADDING_ADD_NONE 107
19870 #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
19871 #define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125
19872-#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148
19873+#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 158
19874 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
19875 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
19876 #define RSA_F_RSA_PADDING_ADD_SSLV23 110
19877@@ -500,20 +507,22 @@ void ERR_load_RSA_strings(void);
19878 #define RSA_F_RSA_PADDING_CHECK_X931 128
19879 #define RSA_F_RSA_PRINT 115
19880 #define RSA_F_RSA_PRINT_FP 116
19881-#define RSA_F_RSA_PRIVATE_DECRYPT 150
19882-#define RSA_F_RSA_PRIVATE_ENCRYPT 151
19883+#define RSA_F_RSA_PRIVATE_DECRYPT 157
19884+#define RSA_F_RSA_PRIVATE_ENCRYPT 148
19885 #define RSA_F_RSA_PRIV_DECODE 137
19886 #define RSA_F_RSA_PRIV_ENCODE 138
19887-#define RSA_F_RSA_PUBLIC_DECRYPT 152
19888+#define RSA_F_RSA_PUBLIC_DECRYPT 149
19889 #define RSA_F_RSA_PUBLIC_ENCRYPT 153
19890 #define RSA_F_RSA_PUB_DECODE 139
19891 #define RSA_F_RSA_SETUP_BLINDING 136
19892+#define RSA_F_RSA_SET_DEFAULT_METHOD 150
19893+#define RSA_F_RSA_SET_METHOD 151
19894 #define RSA_F_RSA_SIGN 117
19895 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
19896 #define RSA_F_RSA_VERIFY 119
19897 #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
19898 #define RSA_F_RSA_VERIFY_PKCS1_PSS 126
19899-#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149
19900+#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 152
19901
19902 /* Reason codes. */
19903 #define RSA_R_ALGORITHM_MISMATCH 100
19904@@ -542,21 +551,22 @@ void ERR_load_RSA_strings(void);
19905 #define RSA_R_INVALID_MGF1_MD 156
19906 #define RSA_R_INVALID_PADDING 138
19907 #define RSA_R_INVALID_PADDING_MODE 141
19908-#define RSA_R_INVALID_PSS_PARAMETERS 149
19909+#define RSA_R_INVALID_PSS_PARAMETERS 157
19910 #define RSA_R_INVALID_PSS_SALTLEN 146
19911-#define RSA_R_INVALID_SALT_LENGTH 150
19912+#define RSA_R_INVALID_SALT_LENGTH 158
19913 #define RSA_R_INVALID_TRAILER 139
19914 #define RSA_R_INVALID_X931_DIGEST 142
19915 #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
19916 #define RSA_R_KEY_SIZE_TOO_SMALL 120
19917 #define RSA_R_LAST_OCTET_INVALID 134
19918 #define RSA_R_MODULUS_TOO_LARGE 105
19919-#define RSA_R_NON_FIPS_RSA_METHOD 157
19920+#define RSA_R_NON_FIPS_RSA_METHOD 149
19921+#define RSA_R_NON_FIPS_METHOD 149
19922 #define RSA_R_NO_PUBLIC_EXPONENT 140
19923 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
19924 #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
19925 #define RSA_R_OAEP_DECODING_ERROR 121
19926-#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158
19927+#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 150
19928 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
19929 #define RSA_R_PADDING_CHECK_FAILED 114
19930 #define RSA_R_P_NOT_PRIME 128
37d333a7
MT		 19931diff -up openssl-1.0.1e/crypto/rsa/rsa_lib.c.fips openssl-1.0.1e/crypto/rsa/rsa_lib.c
19932--- openssl-1.0.1e/crypto/rsa/rsa_lib.c.fips 2013-02-11 16:26:04.000000000 +0100
19933+++ openssl-1.0.1e/crypto/rsa/rsa_lib.c 2013-02-19 12:47:33.746119015 +0100
0595faf5
MT		 19934@@ -84,6 +84,13 @@ RSA *RSA_new(void)
19935
19936 void RSA_set_default_method(const RSA_METHOD *meth)
19937 {
19938+#ifdef OPENSSL_FIPS
19939+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
19940+ {
19941+ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
19942+ return;
19943+ }
19944+#endif
19945 default_RSA_meth = meth;
19946 }
19947
19948@@ -91,18 +98,11 @@ const RSA_METHOD *RSA_get_default_method
19949 {
19950 if (default_RSA_meth == NULL)
19951 {
19952-#ifdef OPENSSL_FIPS
19953- if (FIPS_mode())
19954- return FIPS_rsa_pkcs1_ssleay();
19955- else
19956- return RSA_PKCS1_SSLeay();
19957-#else
19958 #ifdef RSA_NULL
19959 default_RSA_meth=RSA_null_method();
19960 #else
19961 default_RSA_meth=RSA_PKCS1_SSLeay();
19962 #endif
19963-#endif
19964 }
19965
19966 return default_RSA_meth;
19967@@ -118,6 +118,13 @@ int RSA_set_method(RSA *rsa, const RSA_M
19968 /* NB: The caller is specifically setting a method, so it's not up to us
19969 * to deal with which ENGINE it comes from. */
19970 const RSA_METHOD *mtmp;
19971+#ifdef OPENSSL_FIPS
19972+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
19973+ {
19974+ RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
19975+ return 0;
19976+ }
19977+#endif
19978 mtmp = rsa->meth;
19979 if (mtmp->finish) mtmp->finish(rsa);
19980 #ifndef OPENSSL_NO_ENGINE
19981@@ -170,6 +177,18 @@ RSA *RSA_new_method(ENGINE *engine)
19982 }
19983 }
19984 #endif
19985+#ifdef OPENSSL_FIPS
19986+ if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD))
19987+ {
19988+ RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
19989+#ifndef OPENSSL_NO_ENGINE
19990+ if (ret->engine)
19991+ ENGINE_finish(ret->engine);
19992+#endif
19993+ OPENSSL_free(ret);
19994+ return NULL;
19995+ }
19996+#endif
19997
19998 ret->pad=0;
19999 ret->version=0;
20000@@ -188,7 +207,7 @@ RSA *RSA_new_method(ENGINE *engine)
20001 ret->blinding=NULL;
20002 ret->mt_blinding=NULL;
20003 ret->bignum_data=NULL;
20004- ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
20005+ ret->flags=ret->meth->flags;
20006 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
20007 {
20008 #ifndef OPENSSL_NO_ENGINE
37d333a7
MT		 20009diff -up openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1e/crypto/rsa/rsa_pmeth.c
20010--- openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.fips 2013-02-11 16:26:04.000000000 +0100
20011+++ openssl-1.0.1e/crypto/rsa/rsa_pmeth.c 2013-02-19 12:47:33.746119015 +0100
0595faf5
MT		 20012@@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c
20013 RSA_R_INVALID_DIGEST_LENGTH);
20014 return -1;
20015 }
20016-#ifdef OPENSSL_FIPS
20017- if (ret > 0)
20018- {
20019- unsigned int slen;
20020- ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
20021- rctx->pad_mode,
20022- rctx->saltlen,
20023- rctx->mgf1md,
20024- sig, &slen);
20025- if (ret > 0)
20026- *siglen = slen;
20027- else
20028- *siglen = 0;
20029- return ret;
20030- }
20031-#endif
20032
20033 if (EVP_MD_type(rctx->md) == NID_mdc2)
20034 {
20035@@ -354,19 +338,6 @@ static int pkey_rsa_verify(EVP_PKEY_CTX
20036 #endif
20037 if (rctx->md)
20038 {
20039-#ifdef OPENSSL_FIPS
20040- if (rv > 0)
20041- {
20042- return FIPS_rsa_verify_digest(rsa,
20043- tbs, tbslen,
20044- rctx->md,
20045- rctx->pad_mode,
20046- rctx->saltlen,
20047- rctx->mgf1md,
20048- sig, siglen);
20049-
20050- }
20051-#endif
20052 if (rctx->pad_mode == RSA_PKCS1_PADDING)
20053 return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
20054 sig, siglen, rsa);
37d333a7
MT		 20055diff -up openssl-1.0.1e/crypto/rsa/rsa_sign.c.fips openssl-1.0.1e/crypto/rsa/rsa_sign.c
20056--- openssl-1.0.1e/crypto/rsa/rsa_sign.c.fips 2013-02-11 16:26:04.000000000 +0100
20057+++ openssl-1.0.1e/crypto/rsa/rsa_sign.c 2013-02-19 12:47:33.747119035 +0100
0595faf5
MT		 20058@@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch
20059 i2d_X509_SIG(&sig,&p);
20060 s=tmps;
20061 }
20062- i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
20063+ /* NB: call underlying method directly to avoid FIPS blocking */
20064+ i = rsa->meth->rsa_priv_enc ? rsa->meth->rsa_priv_enc(i,s,sigret,rsa,RSA_PKCS1_PADDING) : 0;
20065 if (i <= 0)
20066 ret=0;
20067 else
20068@@ -178,8 +179,8 @@ int int_rsa_verify(int dtype, const unsi
20069
20070 if((dtype == NID_md5_sha1) && rm)
20071 {
20072- i = RSA_public_decrypt((int)siglen,
20073- sigbuf,rm,rsa,RSA_PKCS1_PADDING);
20074+ i = rsa->meth->rsa_pub_dec ? rsa->meth->rsa_pub_dec((int)siglen,
20075+ sigbuf,rm,rsa,RSA_PKCS1_PADDING) : 0;
20076 if (i <= 0)
20077 return 0;
20078 *prm_len = i;
20079@@ -196,7 +197,8 @@ int int_rsa_verify(int dtype, const unsi
20080 RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
20081 goto err;
20082 }
20083- i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
20084+ /* NB: call underlying method directly to avoid FIPS blocking */
20085+ i = rsa->meth->rsa_pub_dec ? rsa->meth->rsa_pub_dec((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING) : 0;
20086
20087 if (i <= 0) goto err;
20088 /* Oddball MDC2 case: signature can be OCTET STRING.
37d333a7
MT		 20089diff -up openssl-1.0.1e/crypto/sha/sha256.c.fips openssl-1.0.1e/crypto/sha/sha256.c
20090--- openssl-1.0.1e/crypto/sha/sha256.c.fips 2013-02-11 16:26:04.000000000 +0100
20091+++ openssl-1.0.1e/crypto/sha/sha256.c 2013-02-19 12:47:33.747119035 +0100
0595faf5
MT		 20092@@ -12,12 +12,19 @@
20093
20094 #include <openssl/crypto.h>
20095 #include <openssl/sha.h>
20096+#ifdef OPENSSL_FIPS
20097+#include <openssl/fips.h>
20098+#endif
20099+
20100 #include <openssl/opensslv.h>
20101
20102 const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
20103
20104 fips_md_init_ctx(SHA224, SHA256)
20105 {
20106+#ifdef OPENSSL_FIPS
20107+ FIPS_selftest_check();
20108+#endif
20109 memset (c,0,sizeof(*c));
20110 c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL;
20111 c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL;
20112@@ -29,6 +36,9 @@ fips_md_init_ctx(SHA224, SHA256)
20113
20114 fips_md_init(SHA256)
20115 {
20116+#ifdef OPENSSL_FIPS
20117+ FIPS_selftest_check();
20118+#endif
20119 memset (c,0,sizeof(*c));
20120 c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL;
20121 c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
37d333a7
MT		 20122diff -up openssl-1.0.1e/crypto/sha/sha512.c.fips openssl-1.0.1e/crypto/sha/sha512.c
20123--- openssl-1.0.1e/crypto/sha/sha512.c.fips 2013-02-11 16:26:04.000000000 +0100
20124+++ openssl-1.0.1e/crypto/sha/sha512.c 2013-02-19 12:47:33.747119035 +0100
0595faf5
MT		 20125@@ -5,6 +5,10 @@
20126 * ====================================================================
20127 */
20128 #include <openssl/opensslconf.h>
20129+#ifdef OPENSSL_FIPS
20130+#include <openssl/fips.h>
20131+#endif
20132+
20133 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
20134 /*
20135 * IMPLEMENTATION NOTES.
20136@@ -61,6 +65,9 @@ const char SHA512_version[]="SHA-512" OP
20137
20138 fips_md_init_ctx(SHA384, SHA512)
20139 {
20140+#ifdef OPENSSL_FIPS
20141+ FIPS_selftest_check();
20142+#endif
20143 c->h[0]=U64(0xcbbb9d5dc1059ed8);
20144 c->h[1]=U64(0x629a292a367cd507);
20145 c->h[2]=U64(0x9159015a3070dd17);
20146@@ -77,6 +84,9 @@ fips_md_init_ctx(SHA384, SHA512)
20147
20148 fips_md_init(SHA512)
20149 {
20150+#ifdef OPENSSL_FIPS
20151+ FIPS_selftest_check();
20152+#endif
20153 c->h[0]=U64(0x6a09e667f3bcc908);
20154 c->h[1]=U64(0xbb67ae8584caa73b);
20155 c->h[2]=U64(0x3c6ef372fe94f82b);
37d333a7
MT		 20156diff -up openssl-1.0.1e/crypto/sha/sha.h.fips openssl-1.0.1e/crypto/sha/sha.h
20157--- openssl-1.0.1e/crypto/sha/sha.h.fips 2013-02-19 12:47:32.986103568 +0100
20158+++ openssl-1.0.1e/crypto/sha/sha.h 2013-02-19 12:47:33.747119035 +0100
0595faf5
MT		 20159@@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char *
20160 void SHA_Transform(SHA_CTX *c, const unsigned char *data);
20161 #endif
20162 #ifndef OPENSSL_NO_SHA1
20163-#ifdef OPENSSL_FIPS
20164-int private_SHA1_Init(SHA_CTX *c);
20165-#endif
20166 int SHA1_Init(SHA_CTX *c);
20167 int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
20168 int SHA1_Final(unsigned char *md, SHA_CTX *c);
20169@@ -141,10 +138,6 @@ typedef struct SHA256state_st
20170 } SHA256_CTX;
20171
20172 #ifndef OPENSSL_NO_SHA256
20173-#ifdef OPENSSL_FIPS
20174-int private_SHA224_Init(SHA256_CTX *c);
20175-int private_SHA256_Init(SHA256_CTX *c);
20176-#endif
20177 int SHA224_Init(SHA256_CTX *c);
20178 int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
20179 int SHA224_Final(unsigned char *md, SHA256_CTX *c);
20180@@ -192,10 +185,6 @@ typedef struct SHA512state_st
20181 #endif
20182
20183 #ifndef OPENSSL_NO_SHA512
20184-#ifdef OPENSSL_FIPS
20185-int private_SHA384_Init(SHA512_CTX *c);
20186-int private_SHA512_Init(SHA512_CTX *c);
20187-#endif
20188 int SHA384_Init(SHA512_CTX *c);
20189 int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
20190 int SHA384_Final(unsigned char *md, SHA512_CTX *c);
37d333a7
MT		 20191diff -up openssl-1.0.1e/crypto/sha/sha_locl.h.fips openssl-1.0.1e/crypto/sha/sha_locl.h
20192--- openssl-1.0.1e/crypto/sha/sha_locl.h.fips 2013-02-19 12:47:32.991103670 +0100
20193+++ openssl-1.0.1e/crypto/sha/sha_locl.h 2013-02-19 12:47:33.747119035 +0100
0595faf5
MT		 20194@@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c,
20195 #define INIT_DATA_h4 0xc3d2e1f0UL
20196
20197 #ifdef SHA_0
20198-fips_md_init(SHA)
20199+nonfips_md_init(SHA)
20200 #else
20201 fips_md_init_ctx(SHA1, SHA)
20202 #endif
20203 {
20204+#if defined(SHA_1) && defined(OPENSSL_FIPS)
20205+ FIPS_selftest_check();
20206+#endif
20207 memset (c,0,sizeof(*c));
20208 c->h0=INIT_DATA_h0;
20209 c->h1=INIT_DATA_h1;
37d333a7
MT		 20210diff -up openssl-1.0.1e/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1e/crypto/whrlpool/wp_dgst.c
20211--- openssl-1.0.1e/crypto/whrlpool/wp_dgst.c.fips 2013-02-11 16:26:04.000000000 +0100
20212+++ openssl-1.0.1e/crypto/whrlpool/wp_dgst.c 2013-02-19 12:47:33.748119055 +0100
0595faf5
MT		 20213@@ -55,7 +55,7 @@
20214 #include <openssl/crypto.h>
20215 #include <string.h>
20216
20217-fips_md_init(WHIRLPOOL)
20218+nonfips_md_init(WHIRLPOOL)
20219 {
20220 memset (c,0,sizeof(*c));
20221 return(1);
37d333a7
MT		 20222diff -up openssl-1.0.1e/Makefile.org.fips openssl-1.0.1e/Makefile.org
20223--- openssl-1.0.1e/Makefile.org.fips 2013-02-19 12:47:33.678117634 +0100
20224+++ openssl-1.0.1e/Makefile.org 2013-02-19 12:47:33.748119055 +0100
0595faf5
MT		 20225@@ -136,6 +136,9 @@ FIPSCANLIB=
20226
20227 BASEADDR=
20228
20229+# Non-empty if FIPS enabled
20230+FIPS=
20231+
20232 DIRS= crypto ssl engines apps test tools
20233 ENGDIRS= ccgost
20234 SHLIBDIRS= crypto ssl
20235@@ -148,7 +151,7 @@ SDIRS= \
20236 bn ec rsa dsa ecdsa dh ecdh dso engine \
20237 buffer bio stack lhash rand err \
20238 evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
20239- cms pqueue ts jpake srp store cmac
20240+ cms pqueue ts jpake srp store cmac fips
20241 # keep in mind that the above list is adjusted by ./Configure
20242 # according to no-xxx arguments...
20243
20244@@ -237,6 +240,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESS
20245 FIPSLIBDIR='${FIPSLIBDIR}' \
20246 FIPSDIR='${FIPSDIR}' \
20247 FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
20248+ FIPS="$${FIPS:-$(FIPS)}" \
20249 THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
20250 # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
20251 # which in turn eliminates ambiguities in variable treatment with -e.
37d333a7
MT		 20252diff -up openssl-1.0.1e/ssl/ssl_algs.c.fips openssl-1.0.1e/ssl/ssl_algs.c
20253--- openssl-1.0.1e/ssl/ssl_algs.c.fips 2013-02-11 16:26:04.000000000 +0100
20254+++ openssl-1.0.1e/ssl/ssl_algs.c 2013-02-19 12:47:33.748119055 +0100
0595faf5
MT		 20255@@ -64,6 +64,12 @@
20256 int SSL_library_init(void)
20257 {
20258
20259+#ifdef OPENSSL_FIPS
20260+ OPENSSL_init_library();
20261+ if (!FIPS_mode())
20262+ {
20263+#endif
20264+
20265 #ifndef OPENSSL_NO_DES
20266 EVP_add_cipher(EVP_des_cbc());
20267 EVP_add_cipher(EVP_des_ede3_cbc());
37d333a7 20268@@ -137,6 +143,50 @@ int SSL_library_init(void)
0595faf5
MT		 20269 EVP_add_digest(EVP_sha());
20270 EVP_add_digest(EVP_dss());
20271 #endif
20272+#ifdef OPENSSL_FIPS
20273+ }
20274+ else
20275+ {
20276+#ifndef OPENSSL_NO_DES
20277+ EVP_add_cipher(EVP_des_ede3_cbc());
20278+#endif
20279+#ifndef OPENSSL_NO_AES
20280+ EVP_add_cipher(EVP_aes_128_cbc());
20281+ EVP_add_cipher(EVP_aes_192_cbc());
20282+ EVP_add_cipher(EVP_aes_256_cbc());
20283+ EVP_add_cipher(EVP_aes_128_gcm());
20284+ EVP_add_cipher(EVP_aes_256_gcm());
20285+#endif
20286+#ifndef OPENSSL_NO_MD5
20287+ /* needed even in the FIPS mode for TLS MAC */
20288+ EVP_add_digest(EVP_md5());
20289+ EVP_add_digest_alias(SN_md5,"ssl2-md5");
20290+ EVP_add_digest_alias(SN_md5,"ssl3-md5");
20291+#endif
20292+#ifndef OPENSSL_NO_SHA
20293+ EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
20294+ EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
20295+ EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
20296+#endif
20297+#ifndef OPENSSL_NO_SHA256
20298+ EVP_add_digest(EVP_sha224());
20299+ EVP_add_digest(EVP_sha256());
20300+#endif
20301+#ifndef OPENSSL_NO_SHA512
20302+ EVP_add_digest(EVP_sha384());
20303+ EVP_add_digest(EVP_sha512());
20304+#endif
20305+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
20306+ EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
20307+ EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
20308+ EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
20309+ EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
20310+#endif
20311+#ifndef OPENSSL_NO_ECDSA
20312+ EVP_add_digest(EVP_ecdsa());
20313+#endif
20314+ }
20315+#endif
20316 #ifndef OPENSSL_NO_COMP
20317 /* This will initialise the built-in compression algorithms.
20318 The value returned is a STACK_OF(SSL_COMP), but that can
IPFire 3.x development tree