]> git.ipfire.org Git - people/amarx/ipfire-3.x.git/blob - openssl/patches/openssl-1.0.1b-fips.patch
projects / people / amarx / ipfire-3.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
openssl: Update to 1.0.1b.
[people/amarx/ipfire-3.x.git] / openssl / patches / openssl-1.0.1b-fips.patch
1 diff -up openssl-1.0.1b/apps/pkcs12.c.fips openssl-1.0.1b/apps/pkcs12.c
2 --- openssl-1.0.1b/apps/pkcs12.c.fips 2011-03-13 19:20:23.000000000 +0100
3 +++ openssl-1.0.1b/apps/pkcs12.c 2012-04-26 18:00:51.379768840 +0200
4 @@ -67,6 +67,9 @@
5 #include <openssl/err.h>
6 #include <openssl/pem.h>
7 #include <openssl/pkcs12.h>
8 +#ifdef OPENSSL_FIPS
9 +#include <openssl/fips.h>
10 +#endif
11
12 #define PROG pkcs12_main
13
14 @@ -130,6 +133,11 @@ int MAIN(int argc, char **argv)
15
16 apps_startup();
17
18 +#ifdef OPENSSL_FIPS
19 + if (FIPS_mode())
20 + cert_pbe = key_pbe; /* cannot use RC2 in the FIPS mode */
21 +#endif
22 +
23 enc = EVP_des_ede3_cbc();
24 if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
25
26 diff -up openssl-1.0.1b/apps/speed.c.fips openssl-1.0.1b/apps/speed.c
27 --- openssl-1.0.1b/apps/speed.c.fips 2012-01-11 22:49:16.000000000 +0100
28 +++ openssl-1.0.1b/apps/speed.c 2012-04-26 18:00:51.380768861 +0200
29 @@ -195,7 +195,6 @@
30 #ifdef OPENSSL_DOING_MAKEDEPEND
31 #undef AES_set_encrypt_key
32 #undef AES_set_decrypt_key
33 -#undef DES_set_key_unchecked
34 #endif
35 #define BF_set_key private_BF_set_key
36 #define CAST_set_key private_CAST_set_key
37 @@ -203,7 +202,6 @@
38 #define SEED_set_key private_SEED_set_key
39 #define RC2_set_key private_RC2_set_key
40 #define RC4_set_key private_RC4_set_key
41 -#define DES_set_key_unchecked private_DES_set_key_unchecked
42 #define AES_set_encrypt_key private_AES_set_encrypt_key
43 #define AES_set_decrypt_key private_AES_set_decrypt_key
44 #define Camellia_set_key private_Camellia_set_key
45 @@ -941,7 +939,12 @@ int MAIN(int argc, char **argv)
46 #ifndef OPENSSL_NO_RSA
47 if (strcmp(*argv,"rsa") == 0)
48 {
49 +#ifdef OPENSSL_FIPS
50 + if (!FIPS_mode())
51 +#endif
52 + {
53 rsa_doit[R_RSA_512]=1;
54 + }
55 rsa_doit[R_RSA_1024]=1;
56 rsa_doit[R_RSA_2048]=1;
57 rsa_doit[R_RSA_4096]=1;
58 @@ -951,7 +954,12 @@ int MAIN(int argc, char **argv)
59 #ifndef OPENSSL_NO_DSA
60 if (strcmp(*argv,"dsa") == 0)
61 {
62 +#ifdef OPENSSL_FIPS
63 + if (!FIPS_mode())
64 +#endif
65 + {
66 dsa_doit[R_DSA_512]=1;
67 + }
68 dsa_doit[R_DSA_1024]=1;
69 dsa_doit[R_DSA_2048]=1;
70 }
71 @@ -1226,30 +1234,54 @@ int MAIN(int argc, char **argv)
72 AES_set_encrypt_key(key32,256,&aes_ks3);
73 #endif
74 #ifndef OPENSSL_NO_CAMELLIA
75 + if (doit[D_CBC_128_CML] || doit[D_CBC_192_CML] || doit[D_CBC_256_CML])
76 + {
77 Camellia_set_key(key16,128,&camellia_ks1);
78 Camellia_set_key(ckey24,192,&camellia_ks2);
79 Camellia_set_key(ckey32,256,&camellia_ks3);
80 + }
81 #endif
82 #ifndef OPENSSL_NO_IDEA
83 + if (doit[D_CBC_IDEA])
84 + {
85 idea_set_encrypt_key(key16,&idea_ks);
86 + }
87 #endif
88 #ifndef OPENSSL_NO_SEED
89 + if (doit[D_CBC_SEED])
90 + {
91 SEED_set_key(key16,&seed_ks);
92 + }
93 #endif
94 #ifndef OPENSSL_NO_RC4
95 + if (doit[D_RC4])
96 + {
97 RC4_set_key(&rc4_ks,16,key16);
98 + }
99 #endif
100 #ifndef OPENSSL_NO_RC2
101 + if (doit[D_CBC_RC2])
102 + {
103 RC2_set_key(&rc2_ks,16,key16,128);
104 + }
105 #endif
106 #ifndef OPENSSL_NO_RC5
107 + if (doit[D_CBC_RC5])
108 + {
109 RC5_32_set_key(&rc5_ks,16,key16,12);
110 + }
111 #endif
112 #ifndef OPENSSL_NO_BF
113 + if (doit[D_CBC_BF])
114 + {
115 BF_set_key(&bf_ks,16,key16);
116 + }
117 #endif
118 #ifndef OPENSSL_NO_CAST
119 + if (doit[D_CBC_CAST])
120 + {
121 CAST_set_key(&cast_ks,16,key16);
122 + }
123 #endif
124 #ifndef OPENSSL_NO_RSA
125 memset(rsa_c,0,sizeof(rsa_c));
126 diff -up openssl-1.0.1b/Configure.fips openssl-1.0.1b/Configure
127 --- openssl-1.0.1b/Configure.fips 2012-04-26 18:00:51.341768009 +0200
128 +++ openssl-1.0.1b/Configure 2012-04-26 18:00:51.381768883 +0200
129 @@ -993,11 +993,6 @@ if (defined($disabled{"md5"}) || defined
130 $disabled{"ssl2"} = "forced";
131 }
132
133 -if ($fips && $fipslibdir eq "")
134 - {
135 - $fipslibdir = $fipsdir . "/lib/";
136 - }
137 -
138 # RSAX ENGINE sets default non-FIPS RSA method.
139 if ($fips)
140 {
141 @@ -1472,7 +1467,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b
142 if ($fips)
143 {
144 $openssl_other_defines.="#define OPENSSL_FIPS\n";
145 - $cflags .= " -I\$(FIPSDIR)/include";
146 }
147
148 $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
149 @@ -1659,9 +1653,12 @@ while (<IN>)
150
151 s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
152 s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
153 - s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
154 s/^BASEADDR=.*/BASEADDR=$baseaddr/;
155
156 + if ($fips)
157 + {
158 + s/^FIPS=.*/FIPS=yes/;
159 + }
160 s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
161 s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
162 s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
163 diff -up openssl-1.0.1b/crypto/aes/aes_misc.c.fips openssl-1.0.1b/crypto/aes/aes_misc.c
164 --- openssl-1.0.1b/crypto/aes/aes_misc.c.fips 2011-06-05 19:36:33.000000000 +0200
165 +++ openssl-1.0.1b/crypto/aes/aes_misc.c 2012-04-26 18:00:51.382768906 +0200
166 @@ -69,17 +69,11 @@ const char *AES_options(void) {
167 int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
168 AES_KEY *key)
169 {
170 -#ifdef OPENSSL_FIPS
171 - fips_cipher_abort(AES);
172 -#endif
173 return private_AES_set_encrypt_key(userKey, bits, key);
174 }
175
176 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
177 AES_KEY *key)
178 {
179 -#ifdef OPENSSL_FIPS
180 - fips_cipher_abort(AES);
181 -#endif
182 return private_AES_set_decrypt_key(userKey, bits, key);
183 }
184 diff -up openssl-1.0.1b/crypto/cmac/cmac.c.fips openssl-1.0.1b/crypto/cmac/cmac.c
185 --- openssl-1.0.1b/crypto/cmac/cmac.c.fips 2012-04-11 17:11:16.000000000 +0200
186 +++ openssl-1.0.1b/crypto/cmac/cmac.c 2012-04-26 18:00:51.382768906 +0200
187 @@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void)
188
189 void CMAC_CTX_cleanup(CMAC_CTX *ctx)
190 {
191 -#ifdef OPENSSL_FIPS
192 - if (FIPS_mode() && !ctx->cctx.engine)
193 - {
194 - FIPS_cmac_ctx_cleanup(ctx);
195 - return;
196 - }
197 -#endif
198 EVP_CIPHER_CTX_cleanup(&ctx->cctx);
199 OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
200 OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
201 @@ -164,11 +157,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void
202 EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
203 return 0;
204 }
205 - /* Other algorithm blocking will be done in FIPS_cmac_init,
206 - * via FIPS_cipherinit().
207 - */
208 - if (!impl && !ctx->cctx.engine)
209 - return FIPS_cmac_init(ctx, key, keylen, cipher, NULL);
210 }
211 #endif
212 /* All zeros means restart */
213 @@ -216,10 +204,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
214 {
215 const unsigned char *data = in;
216 size_t bl;
217 -#ifdef OPENSSL_FIPS
218 - if (FIPS_mode() && !ctx->cctx.engine)
219 - return FIPS_cmac_update(ctx, in, dlen);
220 -#endif
221 if (ctx->nlast_block == -1)
222 return 0;
223 if (dlen == 0)
224 @@ -261,10 +245,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
225 int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
226 {
227 int i, bl, lb;
228 -#ifdef OPENSSL_FIPS
229 - if (FIPS_mode() && !ctx->cctx.engine)
230 - return FIPS_cmac_final(ctx, out, poutlen);
231 -#endif
232 if (ctx->nlast_block == -1)
233 return 0;
234 bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
235 diff -up openssl-1.0.1b/crypto/crypto.h.fips openssl-1.0.1b/crypto/crypto.h
236 --- openssl-1.0.1b/crypto/crypto.h.fips 2012-04-26 18:00:51.094762613 +0200
237 +++ openssl-1.0.1b/crypto/crypto.h 2012-04-26 18:00:51.382768906 +0200
238 @@ -553,24 +553,29 @@ int FIPS_mode_set(int r);
239 void OPENSSL_init(void);
240
241 #define fips_md_init(alg) fips_md_init_ctx(alg, alg)
242 +#define nonfips_md_init(alg) nonfips_md_init_ctx(alg, alg)
243 +#define fips_md_init_ctx(alg, cx) \
244 + int alg##_Init(cx##_CTX *c)
245
246 #ifdef OPENSSL_FIPS
247 -#define fips_md_init_ctx(alg, cx) \
248 +#define nonfips_md_init_ctx(alg, cx) \
249 int alg##_Init(cx##_CTX *c) \
250 { \
251 if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
252 - "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
253 + "Digest " #alg " forbidden in FIPS mode!"); \
254 return private_##alg##_Init(c); \
255 } \
256 int private_##alg##_Init(cx##_CTX *c)
257
258 #define fips_cipher_abort(alg) \
259 if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
260 - "Low level API call to cipher " #alg " forbidden in FIPS mode!")
261 + "Cipher " #alg " forbidden in FIPS mode!")
262 +
263 +/* die if FIPS selftest failed */
264 +void FIPS_selftest_check(void);
265
266 #else
267 -#define fips_md_init_ctx(alg, cx) \
268 - int alg##_Init(cx##_CTX *c)
269 +#define nonfips_md_init_ctx(alg, cx) fips_md_init_ctx(alg, cx)
270 #define fips_cipher_abort(alg) while(0)
271 #endif
272
273 @@ -580,6 +585,9 @@ void OPENSSL_init(void);
274 */
275 void ERR_load_CRYPTO_strings(void);
276
277 +#define OPENSSL_HAVE_INIT 1
278 +void OPENSSL_init_library(void);
279 +
280 /* Error codes for the CRYPTO functions. */
281
282 /* Function codes. */
283 diff -up openssl-1.0.1b/crypto/des/des.h.fips openssl-1.0.1b/crypto/des/des.h
284 --- openssl-1.0.1b/crypto/des/des.h.fips 2012-04-26 18:00:51.173764340 +0200
285 +++ openssl-1.0.1b/crypto/des/des.h 2012-04-26 18:00:51.383768928 +0200
286 @@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE
287 int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
288 int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
289 void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
290 -#ifdef OPENSSL_FIPS
291 -void private_DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
292 -#endif
293 void DES_string_to_key(const char *str,DES_cblock *key);
294 void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
295 void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
296 diff -up openssl-1.0.1b/crypto/des/set_key.c.fips openssl-1.0.1b/crypto/des/set_key.c
297 --- openssl-1.0.1b/crypto/des/set_key.c.fips 2011-06-01 18:54:04.000000000 +0200
298 +++ openssl-1.0.1b/crypto/des/set_key.c 2012-04-26 18:00:51.383768928 +0200
299 @@ -337,13 +337,6 @@ int DES_set_key_checked(const_DES_cblock
300 }
301
302 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
303 -#ifdef OPENSSL_FIPS
304 - {
305 - fips_cipher_abort(DES);
306 - private_DES_set_key_unchecked(key, schedule);
307 - }
308 -void private_DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
309 -#endif
310 {
311 static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
312 register DES_LONG c,d,t,s,t2;
313 diff -up openssl-1.0.1b/crypto/dh/dh_gen.c.fips openssl-1.0.1b/crypto/dh/dh_gen.c
314 --- openssl-1.0.1b/crypto/dh/dh_gen.c.fips 2011-06-09 17:21:46.000000000 +0200
315 +++ openssl-1.0.1b/crypto/dh/dh_gen.c 2012-04-26 18:00:51.383768928 +0200
316 @@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i
317 #endif
318 if(ret->meth->generate_params)
319 return ret->meth->generate_params(ret, prime_len, generator, cb);
320 -#ifdef OPENSSL_FIPS
321 - if (FIPS_mode())
322 - return FIPS_dh_generate_parameters_ex(ret, prime_len,
323 - generator, cb);
324 -#endif
325 return dh_builtin_genparams(ret, prime_len, generator, cb);
326 }
327
328 @@ -123,6 +118,20 @@ static int dh_builtin_genparams(DH *ret,
329 int g,ok= -1;
330 BN_CTX *ctx=NULL;
331
332 +#ifdef OPENSSL_FIPS
333 + if(FIPS_selftest_failed())
334 + {
335 + FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS,FIPS_R_FIPS_SELFTEST_FAILED);
336 + return 0;
337 + }
338 +
339 + if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
340 + {
341 + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
342 + goto err;
343 + }
344 +#endif
345 +
346 ctx=BN_CTX_new();
347 if (ctx == NULL) goto err;
348 BN_CTX_start(ctx);
349 diff -up openssl-1.0.1b/crypto/dh/dh.h.fips openssl-1.0.1b/crypto/dh/dh.h
350 --- openssl-1.0.1b/crypto/dh/dh.h.fips 2012-04-26 18:00:51.033761281 +0200
351 +++ openssl-1.0.1b/crypto/dh/dh.h 2012-04-26 18:00:51.384768950 +0200
352 @@ -77,6 +77,8 @@
353 # define OPENSSL_DH_MAX_MODULUS_BITS 10000
354 #endif
355
356 +#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
357 +
358 #define DH_FLAG_CACHE_MONT_P 0x01
359 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
360 * implementation now uses constant time
361 diff -up openssl-1.0.1b/crypto/dh/dh_key.c.fips openssl-1.0.1b/crypto/dh/dh_key.c
362 --- openssl-1.0.1b/crypto/dh/dh_key.c.fips 2011-11-14 15:16:09.000000000 +0100
363 +++ openssl-1.0.1b/crypto/dh/dh_key.c 2012-04-26 18:00:51.384768950 +0200
364 @@ -61,6 +61,9 @@
365 #include <openssl/bn.h>
366 #include <openssl/rand.h>
367 #include <openssl/dh.h>
368 +#ifdef OPENSSL_FIPS
369 +#include <openssl/fips.h>
370 +#endif
371
372 static int generate_key(DH *dh);
373 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
374 @@ -104,7 +107,7 @@ compute_key,
375 dh_bn_mod_exp,
376 dh_init,
377 dh_finish,
378 -0,
379 +DH_FLAG_FIPS_METHOD,
380 NULL,
381 NULL
382 };
383 @@ -123,6 +126,14 @@ static int generate_key(DH *dh)
384 BN_MONT_CTX *mont=NULL;
385 BIGNUM *pub_key=NULL,*priv_key=NULL;
386
387 +#ifdef OPENSSL_FIPS
388 + if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
389 + {
390 + DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
391 + return 0;
392 + }
393 +#endif
394 +
395 ctx = BN_CTX_new();
396 if (ctx == NULL) goto err;
397
398 @@ -213,6 +224,13 @@ static int compute_key(unsigned char *ke
399 DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
400 goto err;
401 }
402 +#ifdef OPENSSL_FIPS
403 + if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
404 + {
405 + DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
406 + goto err;
407 + }
408 +#endif
409
410 ctx = BN_CTX_new();
411 if (ctx == NULL) goto err;
412 @@ -280,6 +298,9 @@ static int dh_bn_mod_exp(const DH *dh, B
413
414 static int dh_init(DH *dh)
415 {
416 +#ifdef OPENSSL_FIPS
417 + FIPS_selftest_check();
418 +#endif
419 dh->flags |= DH_FLAG_CACHE_MONT_P;
420 return(1);
421 }
422 diff -up openssl-1.0.1b/crypto/dh/dh_lib.c.fips openssl-1.0.1b/crypto/dh/dh_lib.c
423 --- openssl-1.0.1b/crypto/dh/dh_lib.c.fips 2011-06-20 21:41:11.000000000 +0200
424 +++ openssl-1.0.1b/crypto/dh/dh_lib.c 2012-04-26 18:00:51.384768950 +0200
425 @@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v
426 {
427 if(!default_DH_method)
428 {
429 -#ifdef OPENSSL_FIPS
430 - if (FIPS_mode())
431 - return FIPS_dh_openssl();
432 - else
433 - return DH_OpenSSL();
434 -#else
435 default_DH_method = DH_OpenSSL();
436 -#endif
437 }
438 return default_DH_method;
439 }
440 diff -up openssl-1.0.1b/crypto/dsa/dsa_err.c.fips openssl-1.0.1b/crypto/dsa/dsa_err.c
441 --- openssl-1.0.1b/crypto/dsa/dsa_err.c.fips 2011-10-10 01:13:49.000000000 +0200
442 +++ openssl-1.0.1b/crypto/dsa/dsa_err.c 2012-04-26 18:00:51.385768972 +0200
443 @@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]=
444 {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"},
445 {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
446 {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
447 +{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "dsa_builtin_keygen"},
448 +{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"},
449 {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
450 {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
451 {ERR_FUNC(DSA_F_DSA_GENERATE_KEY), "DSA_generate_key"},
452 @@ -106,6 +108,8 @@ static ERR_STRING_DATA DSA_str_reasons[]
453 {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
454 {ERR_REASON(DSA_R_DECODE_ERROR) ,"decode error"},
455 {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE) ,"invalid digest type"},
456 +{ERR_REASON(DSA_R_KEY_SIZE_INVALID) ,"key size invalid"},
457 +{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
458 {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
459 {ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
460 {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"},
461 diff -up openssl-1.0.1b/crypto/dsa/dsa_gen.c.fips openssl-1.0.1b/crypto/dsa/dsa_gen.c
462 --- openssl-1.0.1b/crypto/dsa/dsa_gen.c.fips 2011-06-09 17:21:46.000000000 +0200
463 +++ openssl-1.0.1b/crypto/dsa/dsa_gen.c 2012-04-26 18:00:51.385768972 +0200
464 @@ -85,6 +85,14 @@
465 #include <openssl/fips.h>
466 #endif
467
468 +#ifndef OPENSSL_FIPS
469 +static int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
470 + const EVP_MD *evpmd, unsigned char *seed, int seed_len,
471 + BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb);
472 +static int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
473 + BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb);
474 +#endif
475 +
476 int DSA_generate_parameters_ex(DSA *ret, int bits,
477 const unsigned char *seed_in, int seed_len,
478 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
479 @@ -100,14 +108,6 @@ int DSA_generate_parameters_ex(DSA *ret,
480 if(ret->meth->dsa_paramgen)
481 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
482 counter_ret, h_ret, cb);
483 -#ifdef OPENSSL_FIPS
484 - else if (FIPS_mode())
485 - {
486 - return FIPS_dsa_generate_parameters_ex(ret, bits,
487 - seed_in, seed_len,
488 - counter_ret, h_ret, cb);
489 - }
490 -#endif
491 else
492 {
493 const EVP_MD *evpmd;
494 @@ -125,27 +125,119 @@ int DSA_generate_parameters_ex(DSA *ret,
495 }
496
497 return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
498 - seed_in, seed_len, NULL, counter_ret, h_ret, cb);
499 + seed_in, seed_len, counter_ret, h_ret, cb);
500 }
501 }
502
503 +#ifdef OPENSSL_FIPS
504 +int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
505 + const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
506 + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
507 + {
508 + return dsa_builtin_paramgen(ret, bits, qbits,
509 + evpmd, seed_in, seed_len,
510 + counter_ret, h_ret, cb);
511 + }
512 +#endif
513 +
514 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
515 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
516 - unsigned char *seed_out,
517 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
518 {
519 int ok=0;
520 unsigned char seed[SHA256_DIGEST_LENGTH];
521 + BIGNUM *g=NULL,*q=NULL,*p=NULL;
522 + size_t qsize = qbits >> 3;
523 + BN_CTX *ctx=NULL;
524 +
525 +#ifdef OPENSSL_FIPS
526 + if(FIPS_selftest_failed())
527 + {
528 + FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN,
529 + FIPS_R_FIPS_SELFTEST_FAILED);
530 + goto err;
531 + }
532 +
533 + if (FIPS_module_mode() &&
534 + (bits != 1024 || qbits != 160) &&
535 + (bits != 2048 || qbits != 224) &&
536 + (bits != 2048 || qbits != 256) &&
537 + (bits != 3072 || qbits != 256))
538 + {
539 + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_INVALID);
540 + goto err;
541 + }
542 +#endif
543 + if (seed_len && (seed_len < (size_t)qsize))
544 + seed_in = NULL; /* seed buffer too small -- ignore */
545 + if (seed_len > sizeof(seed))
546 + seed_len = sizeof(seed); /* App. 2.2 of FIPS PUB 186 allows larger SEED,
547 + * but our internal buffers are restricted to 256 bits*/
548 + if (seed_in != NULL)
549 + memcpy(seed, seed_in, seed_len);
550 + else
551 + seed_len = 0;
552 +
553 + if ((ctx=BN_CTX_new()) == NULL)
554 + goto err;
555 +
556 + BN_CTX_start(ctx);
557 +
558 + if (!FIPS_dsa_generate_pq(ctx, bits, qbits, evpmd,
559 + seed, seed_len, &p, &q, counter_ret, cb))
560 + goto err;
561 +
562 + if (!FIPS_dsa_generate_g(ctx, p, q, &g, h_ret, cb))
563 + goto err;
564 +
565 + ok=1;
566 +err:
567 + if (ok)
568 + {
569 + if(ret->p)
570 + {
571 + BN_free(ret->p);
572 + ret->p = NULL;
573 + }
574 + if(ret->q)
575 + {
576 + BN_free(ret->q);
577 + ret->q = NULL;
578 + }
579 + if(ret->g)
580 + {
581 + BN_free(ret->g);
582 + ret->g = NULL;
583 + }
584 + ret->p=BN_dup(p);
585 + ret->q=BN_dup(q);
586 + ret->g=BN_dup(g);
587 + if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
588 + ok=0;
589 + }
590 + if(ctx)
591 + {
592 + BN_CTX_end(ctx);
593 + BN_CTX_free(ctx);
594 + }
595 + return ok;
596 + }
597 +
598 +#ifndef OPENSSL_FIPS
599 +static
600 +#endif
601 +int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
602 + const EVP_MD *evpmd, unsigned char *seed, int seed_len,
603 + BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb)
604 + {
605 + int ok=0;
606 unsigned char md[SHA256_DIGEST_LENGTH];
607 - unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH];
608 + unsigned char buf[SHA256_DIGEST_LENGTH];
609 BIGNUM *r0,*W,*X,*c,*test;
610 - BIGNUM *g=NULL,*q=NULL,*p=NULL;
611 - BN_MONT_CTX *mont=NULL;
612 - int i, k, n=0, m=0, qsize = qbits >> 3;
613 + BIGNUM *q=NULL,*p=NULL;
614 + int i, k, b, n=0, m=0, qsize = qbits >> 3;
615 int counter=0;
616 int r=0;
617 - BN_CTX *ctx=NULL;
618 - unsigned int h=2;
619
620 if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
621 qsize != SHA256_DIGEST_LENGTH)
622 @@ -153,51 +245,43 @@ int dsa_builtin_paramgen(DSA *ret, size_
623 return 0;
624
625 if (evpmd == NULL)
626 - /* use SHA1 as default */
627 - evpmd = EVP_sha1();
628 + {
629 + if (qbits <= 160)
630 + evpmd = EVP_sha1();
631 + else if (qbits <= 224)
632 + evpmd = EVP_sha224();
633 + else
634 + evpmd = EVP_sha256();
635 + }
636
637 if (bits < 512)
638 bits = 512;
639
640 bits = (bits+63)/64*64;
641
642 - /* NB: seed_len == 0 is special case: copy generated seed to
643 - * seed_in if it is not NULL.
644 - */
645 - if (seed_len && (seed_len < (size_t)qsize))
646 - seed_in = NULL; /* seed buffer too small -- ignore */
647 - if (seed_len > (size_t)qsize)
648 - seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
649 - * but our internal buffers are restricted to 160 bits*/
650 - if (seed_in != NULL)
651 - memcpy(seed, seed_in, seed_len);
652 -
653 - if ((ctx=BN_CTX_new()) == NULL)
654 - goto err;
655 -
656 - if ((mont=BN_MONT_CTX_new()) == NULL)
657 - goto err;
658 -
659 - BN_CTX_start(ctx);
660 r0 = BN_CTX_get(ctx);
661 - g = BN_CTX_get(ctx);
662 W = BN_CTX_get(ctx);
663 - q = BN_CTX_get(ctx);
664 + *q_ret = q = BN_CTX_get(ctx);
665 X = BN_CTX_get(ctx);
666 c = BN_CTX_get(ctx);
667 - p = BN_CTX_get(ctx);
668 + *p_ret = p = BN_CTX_get(ctx);
669 test = BN_CTX_get(ctx);
670
671 if (!BN_lshift(test,BN_value_one(),bits-1))
672 goto err;
673
674 + /* step 3 n = \lceil bits / qbits \rceil - 1 */
675 + n = (bits+qbits-1)/qbits - 1;
676 + /* step 4 b = bits - 1 - n * qbits */
677 + b = bits - 1 - n*qbits;
678 +
679 for (;;)
680 {
681 for (;;) /* find q */
682 {
683 int seed_is_random;
684
685 - /* step 1 */
686 + /* step 5 generate seed */
687 if(!BN_GENCB_call(cb, 0, m++))
688 goto err;
689
690 @@ -212,30 +296,18 @@ int dsa_builtin_paramgen(DSA *ret, size_
691 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
692 }
693 memcpy(buf , seed, qsize);
694 - memcpy(buf2, seed, qsize);
695 - /* precompute "SEED + 1" for step 7: */
696 - for (i = qsize-1; i >= 0; i--)
697 - {
698 - buf[i]++;
699 - if (buf[i] != 0)
700 - break;
701 - }
702
703 - /* step 2 */
704 + /* step 6 U = hash(seed) */
705 if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
706 goto err;
707 - if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
708 - goto err;
709 - for (i = 0; i < qsize; i++)
710 - md[i]^=buf2[i];
711
712 - /* step 3 */
713 + /* step 7 q = 2^(qbits-1) + U + 1 - (U mod 2) */
714 md[0] |= 0x80;
715 md[qsize-1] |= 0x01;
716 if (!BN_bin2bn(md, qsize, q))
717 goto err;
718
719 - /* step 4 */
720 + /* step 8 test for prime (64 round of Rabin-Miller) */
721 r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
722 seed_is_random, cb);
723 if (r > 0)
724 @@ -243,27 +315,22 @@ int dsa_builtin_paramgen(DSA *ret, size_
725 if (r != 0)
726 goto err;
727
728 - /* do a callback call */
729 - /* step 5 */
730 }
731
732 if(!BN_GENCB_call(cb, 2, 0)) goto err;
733 if(!BN_GENCB_call(cb, 3, 0)) goto err;
734
735 - /* step 6 */
736 + /* step 11 */
737 counter=0;
738 - /* "offset = 2" */
739 -
740 - n=(bits-1)/160;
741 + /* "offset = 1" */
742
743 for (;;)
744 {
745 if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
746 goto err;
747
748 - /* step 7 */
749 + /* step 11.1, 11.2 obtain W */
750 BN_zero(W);
751 - /* now 'buf' contains "SEED + offset - 1" */
752 for (k=0; k<=n; k++)
753 {
754 /* obtain "SEED + offset + k" by incrementing: */
755 @@ -278,28 +345,30 @@ int dsa_builtin_paramgen(DSA *ret, size_
756 NULL))
757 goto err;
758
759 - /* step 8 */
760 if (!BN_bin2bn(md, qsize, r0))
761 goto err;
762 - if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err;
763 + if (k == n)
764 + BN_mask_bits(r0,b);
765 + if (!BN_lshift(r0,r0,qbits*k)) goto err;
766 if (!BN_add(W,W,r0)) goto err;
767 }
768
769 - /* more of step 8 */
770 - if (!BN_mask_bits(W,bits-1)) goto err;
771 + /* step 11.3 X = W + 2^(L-1) */
772 if (!BN_copy(X,W)) goto err;
773 if (!BN_add(X,X,test)) goto err;
774
775 - /* step 9 */
776 + /* step 11.4 c = X mod 2*q */
777 if (!BN_lshift1(r0,q)) goto err;
778 if (!BN_mod(c,X,r0,ctx)) goto err;
779 +
780 + /* step 11.5 p = X - (c - 1) */
781 if (!BN_sub(r0,c,BN_value_one())) goto err;
782 if (!BN_sub(p,X,r0)) goto err;
783
784 - /* step 10 */
785 + /* step 11.6 */
786 if (BN_cmp(p,test) >= 0)
787 {
788 - /* step 11 */
789 + /* step 11.7 */
790 r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
791 ctx, 1, cb);
792 if (r > 0)
793 @@ -308,19 +377,45 @@ int dsa_builtin_paramgen(DSA *ret, size_
794 goto err;
795 }
796
797 - /* step 13 */
798 + /* step 11.9 */
799 counter++;
800 /* "offset = offset + n + 1" */
801
802 - /* step 14 */
803 - if (counter >= 4096) break;
804 + /* step 12 */
805 + if (counter >= 4*bits) break;
806 }
807 }
808 end:
809 if(!BN_GENCB_call(cb, 2, 1))
810 goto err;
811
812 - /* We now need to generate g */
813 + ok=1;
814 +err:
815 + if (ok)
816 + {
817 + if (counter_ret != NULL) *counter_ret=counter;
818 + }
819 + return ok;
820 + }
821 +
822 +#ifndef OPENSSL_FIPS
823 +static
824 +#endif
825 +int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
826 + BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb)
827 + {
828 + int ok=0;
829 + BIGNUM *r0, *test, *g = NULL;
830 + BN_MONT_CTX *mont;
831 + unsigned int h=2;
832 +
833 + if ((mont=BN_MONT_CTX_new()) == NULL)
834 + goto err;
835 +
836 + r0 = BN_CTX_get(ctx);
837 + *g_ret = g = BN_CTX_get(ctx);
838 + test = BN_CTX_get(ctx);
839 +
840 /* Set r0=(p-1)/q */
841 if (!BN_sub(test,p,BN_value_one())) goto err;
842 if (!BN_div(r0,NULL,test,q,ctx)) goto err;
843 @@ -344,26 +439,7 @@ end:
844 err:
845 if (ok)
846 {
847 - if(ret->p) BN_free(ret->p);
848 - if(ret->q) BN_free(ret->q);
849 - if(ret->g) BN_free(ret->g);
850 - ret->p=BN_dup(p);
851 - ret->q=BN_dup(q);
852 - ret->g=BN_dup(g);
853 - if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
854 - {
855 - ok=0;
856 - goto err;
857 - }
858 - if (counter_ret != NULL) *counter_ret=counter;
859 if (h_ret != NULL) *h_ret=h;
860 - if (seed_out)
861 - memcpy(seed_out, seed, qsize);
862 - }
863 - if(ctx)
864 - {
865 - BN_CTX_end(ctx);
866 - BN_CTX_free(ctx);
867 }
868 if (mont != NULL) BN_MONT_CTX_free(mont);
869 return ok;
870 diff -up openssl-1.0.1b/crypto/dsa/dsa.h.fips openssl-1.0.1b/crypto/dsa/dsa.h
871 --- openssl-1.0.1b/crypto/dsa/dsa.h.fips 2012-04-26 18:00:50.840757065 +0200
872 +++ openssl-1.0.1b/crypto/dsa/dsa.h 2012-04-26 18:00:51.386768993 +0200
873 @@ -88,6 +88,8 @@
874 # define OPENSSL_DSA_MAX_MODULUS_BITS 10000
875 #endif
876
877 +#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
878 +
879 #define DSA_FLAG_CACHE_MONT_P 0x01
880 #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
881 * implementation now uses constant time
882 @@ -264,6 +266,17 @@ int DSA_print_fp(FILE *bp, const DSA *x,
883 DH *DSA_dup_DH(const DSA *r);
884 #endif
885
886 +#ifdef OPENSSL_FIPS
887 +int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
888 + const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
889 + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
890 +int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
891 + const EVP_MD *evpmd, unsigned char *seed, int seed_len,
892 + BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb);
893 +int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
894 + BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb);
895 +#endif
896 +
897 #define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
898 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
899 EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
900 @@ -285,10 +298,13 @@ void ERR_load_DSA_strings(void);
901 #define DSA_F_DO_DSA_PRINT 104
902 #define DSA_F_DSAPARAMS_PRINT 100
903 #define DSA_F_DSAPARAMS_PRINT_FP 101
904 +#define DSA_F_DSA_BUILTIN_KEYGEN 124
905 +#define DSA_F_DSA_BUILTIN_PARAMGEN 123
906 #define DSA_F_DSA_DO_SIGN 112
907 #define DSA_F_DSA_DO_VERIFY 113
908 -#define DSA_F_DSA_GENERATE_KEY 124
909 -#define DSA_F_DSA_GENERATE_PARAMETERS_EX 123
910 +#define DSA_F_DSA_GENERATE_KEY 126
911 +#define DSA_F_DSA_GENERATE_PARAMETERS_EX 127
912 +#define DSA_F_DSA_GENERATE_PARAMETERS /* unused */ 125
913 #define DSA_F_DSA_NEW_METHOD 103
914 #define DSA_F_DSA_PARAM_DECODE 119
915 #define DSA_F_DSA_PRINT_FP 105
916 @@ -314,11 +330,15 @@ void ERR_load_DSA_strings(void);
917 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
918 #define DSA_R_DECODE_ERROR 104
919 #define DSA_R_INVALID_DIGEST_TYPE 106
920 +#define DSA_R_KEY_SIZE_INVALID 113
921 +#define DSA_R_KEY_SIZE_TOO_SMALL 110
922 #define DSA_R_MISSING_PARAMETERS 101
923 #define DSA_R_MODULUS_TOO_LARGE 103
924 -#define DSA_R_NEED_NEW_SETUP_VALUES 110
925 +#define DSA_R_NEED_NEW_SETUP_VALUES 112
926 #define DSA_R_NON_FIPS_DSA_METHOD 111
927 +#define DSA_R_NON_FIPS_METHOD 111
928 #define DSA_R_NO_PARAMETERS_SET 107
929 +#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE /* unused */ 112
930 #define DSA_R_PARAMETER_ENCODING_ERROR 105
931
932 #ifdef __cplusplus
933 diff -up openssl-1.0.1b/crypto/dsa/dsa_key.c.fips openssl-1.0.1b/crypto/dsa/dsa_key.c
934 --- openssl-1.0.1b/crypto/dsa/dsa_key.c.fips 2011-06-09 17:21:46.000000000 +0200
935 +++ openssl-1.0.1b/crypto/dsa/dsa_key.c 2012-04-26 18:00:51.386768993 +0200
936 @@ -66,6 +66,24 @@
937
938 #ifdef OPENSSL_FIPS
939 #include <openssl/fips.h>
940 +#include <openssl/evp.h>
941 +
942 +static int fips_check_dsa(DSA *dsa)
943 + {
944 + EVP_PKEY pk;
945 + unsigned char tbs[] = "DSA Pairwise Check Data";
946 + pk.type = EVP_PKEY_DSA;
947 + pk.pkey.dsa = dsa;
948 +
949 + if (!fips_pkey_signature_test(&pk, tbs, 0, NULL, 0, NULL, 0, NULL))
950 + {
951 + FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
952 + fips_set_selftest_fail();
953 + return 0;
954 + }
955 + return 1;
956 + }
957 +
958 #endif
959
960 static int dsa_builtin_keygen(DSA *dsa);
961 @@ -82,10 +100,6 @@ int DSA_generate_key(DSA *dsa)
962 #endif
963 if(dsa->meth->dsa_keygen)
964 return dsa->meth->dsa_keygen(dsa);
965 -#ifdef OPENSSL_FIPS
966 - if (FIPS_mode())
967 - return FIPS_dsa_generate_key(dsa);
968 -#endif
969 return dsa_builtin_keygen(dsa);
970 }
971
972 @@ -95,6 +109,15 @@ static int dsa_builtin_keygen(DSA *dsa)
973 BN_CTX *ctx=NULL;
974 BIGNUM *pub_key=NULL,*priv_key=NULL;
975
976 +#ifdef OPENSSL_FIPS
977 + if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
978 + && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
979 + {
980 + DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
981 + goto err;
982 + }
983 +#endif
984 +
985 if ((ctx=BN_CTX_new()) == NULL) goto err;
986
987 if (dsa->priv_key == NULL)
988 @@ -133,6 +156,14 @@ static int dsa_builtin_keygen(DSA *dsa)
989
990 dsa->priv_key=priv_key;
991 dsa->pub_key=pub_key;
992 +#ifdef OPENSSL_FIPS
993 + if(FIPS_mode() && !fips_check_dsa(dsa))
994 + {
995 + dsa->pub_key = NULL;
996 + dsa->priv_key = NULL;
997 + goto err;
998 + }
999 +#endif
1000 ok=1;
1001
1002 err:
1003 diff -up openssl-1.0.1b/crypto/dsa/dsa_lib.c.fips openssl-1.0.1b/crypto/dsa/dsa_lib.c
1004 --- openssl-1.0.1b/crypto/dsa/dsa_lib.c.fips 2011-11-14 15:16:09.000000000 +0100
1005 +++ openssl-1.0.1b/crypto/dsa/dsa_lib.c 2012-04-26 18:00:51.387769014 +0200
1006 @@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method
1007 {
1008 if(!default_DSA_method)
1009 {
1010 -#ifdef OPENSSL_FIPS
1011 - if (FIPS_mode())
1012 - return FIPS_dsa_openssl();
1013 - else
1014 - return DSA_OpenSSL();
1015 -#else
1016 default_DSA_method = DSA_OpenSSL();
1017 -#endif
1018 }
1019 return default_DSA_method;
1020 }
1021 diff -up openssl-1.0.1b/crypto/dsa/dsa_locl.h.fips openssl-1.0.1b/crypto/dsa/dsa_locl.h
1022 --- openssl-1.0.1b/crypto/dsa/dsa_locl.h.fips 2012-04-26 18:00:50.844757152 +0200
1023 +++ openssl-1.0.1b/crypto/dsa/dsa_locl.h 2012-04-26 18:00:51.387769014 +0200
1024 @@ -56,5 +56,4 @@
1025
1026 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
1027 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
1028 - unsigned char *seed_out,
1029 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
1030 diff -up openssl-1.0.1b/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1b/crypto/dsa/dsa_ossl.c
1031 --- openssl-1.0.1b/crypto/dsa/dsa_ossl.c.fips 2011-02-01 13:53:47.000000000 +0100
1032 +++ openssl-1.0.1b/crypto/dsa/dsa_ossl.c 2012-04-26 18:00:51.388769035 +0200
1033 @@ -65,6 +65,9 @@
1034 #include <openssl/dsa.h>
1035 #include <openssl/rand.h>
1036 #include <openssl/asn1.h>
1037 +#ifdef OPENSSL_FIPS
1038 +#include <openssl/fips.h>
1039 +#endif
1040
1041 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
1042 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
1043 @@ -82,7 +85,7 @@ NULL, /* dsa_mod_exp, */
1044 NULL, /* dsa_bn_mod_exp, */
1045 dsa_init,
1046 dsa_finish,
1047 -0,
1048 +DSA_FLAG_FIPS_METHOD,
1049 NULL,
1050 NULL,
1051 NULL
1052 @@ -138,6 +141,21 @@ static DSA_SIG *dsa_do_sign(const unsign
1053 DSA_SIG *ret=NULL;
1054 int noredo = 0;
1055
1056 +#ifdef OPENSSL_FIPS
1057 + if(FIPS_selftest_failed())
1058 + {
1059 + FIPSerr(FIPS_F_DSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
1060 + return NULL;
1061 + }
1062 +
1063 + if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
1064 + && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
1065 + {
1066 + DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
1067 + return NULL;
1068 + }
1069 +#endif
1070 +
1071 BN_init(&m);
1072 BN_init(&xr);
1073
1074 @@ -325,6 +343,21 @@ static int dsa_do_verify(const unsigned
1075 return -1;
1076 }
1077
1078 +#ifdef OPENSSL_FIPS
1079 + if(FIPS_selftest_failed())
1080 + {
1081 + FIPSerr(FIPS_F_DSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
1082 + return -1;
1083 + }
1084 +
1085 + if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
1086 + && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
1087 + {
1088 + DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);
1089 + return -1;
1090 + }
1091 +#endif
1092 +
1093 if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
1094 {
1095 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
1096 @@ -399,6 +432,9 @@ static int dsa_do_verify(const unsigned
1097
1098 static int dsa_init(DSA *dsa)
1099 {
1100 +#ifdef OPENSSL_FIPS
1101 + FIPS_selftest_check();
1102 +#endif
1103 dsa->flags|=DSA_FLAG_CACHE_MONT_P;
1104 return(1);
1105 }
1106 diff -up openssl-1.0.1b/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1b/crypto/dsa/dsa_pmeth.c
1107 --- openssl-1.0.1b/crypto/dsa/dsa_pmeth.c.fips 2011-06-20 22:05:13.000000000 +0200
1108 +++ openssl-1.0.1b/crypto/dsa/dsa_pmeth.c 2012-04-26 18:00:51.388769035 +0200
1109 @@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
1110 if (!dsa)
1111 return 0;
1112 ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
1113 - NULL, 0, NULL, NULL, NULL, pcb);
1114 + NULL, 0, NULL, NULL, pcb);
1115 if (ret)
1116 EVP_PKEY_assign_DSA(pkey, dsa);
1117 else
1118 diff -up openssl-1.0.1b/crypto/dsa/dsatest.c.fips openssl-1.0.1b/crypto/dsa/dsatest.c
1119 --- openssl-1.0.1b/crypto/dsa/dsatest.c.fips 2008-08-06 17:54:11.000000000 +0200
1120 +++ openssl-1.0.1b/crypto/dsa/dsatest.c 2012-04-26 18:00:51.389769058 +0200
1121 @@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int
1122 /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
1123 * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
1124 static unsigned char seed[20]={
1125 - 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
1126 - 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
1127 + 0x02,0x47,0x11,0x92,0x11,0x88,0xC8,0xFB,0xAF,0x48,0x4C,0x62,
1128 + 0xDF,0xA5,0xBE,0xA0,0xA4,0x3C,0x56,0xE3,
1129 };
1130
1131 static unsigned char out_p[]={
1132 - 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
1133 - 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
1134 - 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
1135 - 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
1136 - 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
1137 - 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
1138 - 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
1139 - 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
1140 + 0xAC,0xCB,0x1E,0x63,0x60,0x69,0x0C,0xFB,0x06,0x19,0x68,0x3E,
1141 + 0xA5,0x01,0x5A,0xA2,0x15,0x5C,0xE2,0x99,0x2D,0xD5,0x30,0x99,
1142 + 0x7E,0x5F,0x8D,0xE2,0xF7,0xC6,0x2E,0x8D,0xA3,0x9F,0x58,0xAD,
1143 + 0xD6,0xA9,0x7D,0x0E,0x0D,0x95,0x53,0xA6,0x71,0x3A,0xDE,0xAB,
1144 + 0xAC,0xE9,0xF4,0x36,0x55,0x9E,0xB9,0xD6,0x93,0xBF,0xF3,0x18,
1145 + 0x1C,0x14,0x7B,0xA5,0x42,0x2E,0xCD,0x00,0xEB,0x35,0x3B,0x1B,
1146 + 0xA8,0x51,0xBB,0xE1,0x58,0x42,0x85,0x84,0x22,0xA7,0x97,0x5E,
1147 + 0x99,0x6F,0x38,0x20,0xBD,0x9D,0xB6,0xD9,0x33,0x37,0x2A,0xFD,
1148 + 0xBB,0xD4,0xBC,0x0C,0x2A,0x67,0xCB,0x9F,0xBB,0xDF,0xF9,0x93,
1149 + 0xAA,0xD6,0xF0,0xD6,0x95,0x0B,0x5D,0x65,0x14,0xD0,0x18,0x9D,
1150 + 0xC6,0xAF,0xF0,0xC6,0x37,0x7C,0xF3,0x5F,
1151 };
1152
1153 static unsigned char out_q[]={
1154 - 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
1155 - 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
1156 - 0xda,0xce,0x91,0x5f,
1157 + 0xE3,0x8E,0x5E,0x6D,0xBF,0x2B,0x79,0xF8,0xC5,0x4B,0x89,0x8B,
1158 + 0xBA,0x2D,0x91,0xC3,0x6C,0x80,0xAC,0x87,
1159 };
1160
1161 static unsigned char out_g[]={
1162 - 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
1163 - 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
1164 - 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
1165 - 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
1166 - 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
1167 - 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
1168 - 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
1169 - 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
1170 + 0x42,0x4A,0x04,0x4E,0x79,0xB4,0x99,0x7F,0xFD,0x58,0x36,0x2C,
1171 + 0x1B,0x5F,0x18,0x7E,0x0D,0xCC,0xAB,0x81,0xC9,0x5D,0x10,0xCE,
1172 + 0x4E,0x80,0x7E,0x58,0xB4,0x34,0x3F,0xA7,0x45,0xC7,0xAA,0x36,
1173 + 0x24,0x42,0xA9,0x3B,0xE8,0x0E,0x04,0x02,0x2D,0xFB,0xA6,0x13,
1174 + 0xB9,0xB5,0x15,0xA5,0x56,0x07,0x35,0xE4,0x03,0xB6,0x79,0x7C,
1175 + 0x62,0xDD,0xDF,0x3F,0x71,0x3A,0x9D,0x8B,0xC4,0xF6,0xE7,0x1D,
1176 + 0x52,0xA8,0xA9,0x43,0x1D,0x33,0x51,0x88,0x39,0xBD,0x73,0xE9,
1177 + 0x5F,0xBE,0x82,0x49,0x27,0xE6,0xB5,0x53,0xC1,0x38,0xAC,0x2F,
1178 + 0x6D,0x97,0x6C,0xEB,0x67,0xC1,0x5F,0x67,0xF8,0x35,0x05,0x5E,
1179 + 0xD5,0x68,0x80,0xAA,0x96,0xCA,0x0B,0x8A,0xE6,0xF1,0xB1,0x41,
1180 + 0xC6,0x75,0x94,0x0A,0x0A,0x2A,0xFA,0x29,
1181 };
1182
1183 static const unsigned char str1[]="12345678901234567890";
1184 @@ -157,7 +162,7 @@ int main(int argc, char **argv)
1185 BIO_printf(bio_err,"test generation of DSA parameters\n");
1186
1187 BN_GENCB_set(&cb, dsa_cb, bio_err);
1188 - if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
1189 + if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 1024,
1190 seed, 20, &counter, &h, &cb))
1191 goto end;
1192
1193 @@ -170,9 +175,9 @@ int main(int argc, char **argv)
1194 BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
1195
1196 DSA_print(bio_err,dsa,0);
1197 - if (counter != 105)
1198 + if (counter != 239)
1199 {
1200 - BIO_printf(bio_err,"counter should be 105\n");
1201 + BIO_printf(bio_err,"counter should be 239\n");
1202 goto end;
1203 }
1204 if (h != 2)
1205 diff -up openssl-1.0.1b/crypto/engine/eng_all.c.fips openssl-1.0.1b/crypto/engine/eng_all.c
1206 --- openssl-1.0.1b/crypto/engine/eng_all.c.fips 2011-08-10 20:53:13.000000000 +0200
1207 +++ openssl-1.0.1b/crypto/engine/eng_all.c 2012-04-26 18:00:51.389769058 +0200
1208 @@ -58,11 +58,25 @@
1209
1210 #include "cryptlib.h"
1211 #include "eng_int.h"
1212 +#ifdef OPENSSL_FIPS
1213 +#include <openssl/fips.h>
1214 +#endif
1215
1216 void ENGINE_load_builtin_engines(void)
1217 {
1218 /* Some ENGINEs need this */
1219 OPENSSL_cpuid_setup();
1220 +#ifdef OPENSSL_FIPS
1221 + OPENSSL_init_library();
1222 + if (FIPS_mode()) {
1223 + /* We allow loading dynamic engine as a third party
1224 + engine might be FIPS validated.
1225 + User is disallowed to load non-validated engines
1226 + by security policy. */
1227 + ENGINE_load_dynamic();
1228 + return;
1229 + }
1230 +#endif
1231 #if 0
1232 /* There's no longer any need for an "openssl" ENGINE unless, one day,
1233 * it is the *only* way for standard builtin implementations to be be
1234 diff -up openssl-1.0.1b/crypto/err/err_all.c.fips openssl-1.0.1b/crypto/err/err_all.c
1235 --- openssl-1.0.1b/crypto/err/err_all.c.fips 2011-06-21 18:58:10.000000000 +0200
1236 +++ openssl-1.0.1b/crypto/err/err_all.c 2012-04-26 18:00:51.390769081 +0200
1237 @@ -96,6 +96,9 @@
1238 #include <openssl/ocsp.h>
1239 #include <openssl/err.h>
1240 #include <openssl/ts.h>
1241 +#ifdef OPENSSL_FIPS
1242 +#include <openssl/fips.h>
1243 +#endif
1244 #ifndef OPENSSL_NO_CMS
1245 #include <openssl/cms.h>
1246 #endif
1247 @@ -153,6 +156,9 @@ void ERR_load_crypto_strings(void)
1248 #endif
1249 ERR_load_OCSP_strings();
1250 ERR_load_UI_strings();
1251 +#ifdef OPENSSL_FIPS
1252 + ERR_load_FIPS_strings();
1253 +#endif
1254 #ifndef OPENSSL_NO_CMS
1255 ERR_load_CMS_strings();
1256 #endif
1257 diff -up openssl-1.0.1b/crypto/evp/c_allc.c.fips openssl-1.0.1b/crypto/evp/c_allc.c
1258 --- openssl-1.0.1b/crypto/evp/c_allc.c.fips 2011-11-14 22:13:35.000000000 +0100
1259 +++ openssl-1.0.1b/crypto/evp/c_allc.c 2012-04-26 18:00:51.390769081 +0200
1260 @@ -65,6 +65,11 @@
1261 void OpenSSL_add_all_ciphers(void)
1262 {
1263
1264 +#ifdef OPENSSL_FIPS
1265 + OPENSSL_init_library();
1266 + if(!FIPS_mode())
1267 + {
1268 +#endif
1269 #ifndef OPENSSL_NO_DES
1270 EVP_add_cipher(EVP_des_cfb());
1271 EVP_add_cipher(EVP_des_cfb1());
1272 @@ -227,4 +232,60 @@ void OpenSSL_add_all_ciphers(void)
1273 EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
1274 EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
1275 #endif
1276 +#ifdef OPENSSL_FIPS
1277 + }
1278 + else
1279 + {
1280 +#ifndef OPENSSL_NO_DES
1281 + EVP_add_cipher(EVP_des_ede_cfb());
1282 + EVP_add_cipher(EVP_des_ede3_cfb());
1283 +
1284 + EVP_add_cipher(EVP_des_ede_ofb());
1285 + EVP_add_cipher(EVP_des_ede3_ofb());
1286 +
1287 + EVP_add_cipher(EVP_des_ede_cbc());
1288 + EVP_add_cipher(EVP_des_ede3_cbc());
1289 + EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
1290 + EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
1291 +
1292 + EVP_add_cipher(EVP_des_ede());
1293 + EVP_add_cipher(EVP_des_ede3());
1294 +#endif
1295 +
1296 +#ifndef OPENSSL_NO_AES
1297 + EVP_add_cipher(EVP_aes_128_ecb());
1298 + EVP_add_cipher(EVP_aes_128_cbc());
1299 + EVP_add_cipher(EVP_aes_128_cfb());
1300 + EVP_add_cipher(EVP_aes_128_cfb1());
1301 + EVP_add_cipher(EVP_aes_128_cfb8());
1302 + EVP_add_cipher(EVP_aes_128_ofb());
1303 + EVP_add_cipher(EVP_aes_128_ctr());
1304 + EVP_add_cipher(EVP_aes_128_gcm());
1305 + EVP_add_cipher(EVP_aes_128_xts());
1306 + EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
1307 + EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
1308 + EVP_add_cipher(EVP_aes_192_ecb());
1309 + EVP_add_cipher(EVP_aes_192_cbc());
1310 + EVP_add_cipher(EVP_aes_192_cfb());
1311 + EVP_add_cipher(EVP_aes_192_cfb1());
1312 + EVP_add_cipher(EVP_aes_192_cfb8());
1313 + EVP_add_cipher(EVP_aes_192_ofb());
1314 + EVP_add_cipher(EVP_aes_192_ctr());
1315 + EVP_add_cipher(EVP_aes_192_gcm());
1316 + EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
1317 + EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
1318 + EVP_add_cipher(EVP_aes_256_ecb());
1319 + EVP_add_cipher(EVP_aes_256_cbc());
1320 + EVP_add_cipher(EVP_aes_256_cfb());
1321 + EVP_add_cipher(EVP_aes_256_cfb1());
1322 + EVP_add_cipher(EVP_aes_256_cfb8());
1323 + EVP_add_cipher(EVP_aes_256_ofb());
1324 + EVP_add_cipher(EVP_aes_256_ctr());
1325 + EVP_add_cipher(EVP_aes_256_gcm());
1326 + EVP_add_cipher(EVP_aes_256_xts());
1327 + EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
1328 + EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
1329 +#endif
1330 + }
1331 +#endif
1332 }
1333 diff -up openssl-1.0.1b/crypto/evp/c_alld.c.fips openssl-1.0.1b/crypto/evp/c_alld.c
1334 --- openssl-1.0.1b/crypto/evp/c_alld.c.fips 2009-07-08 10:50:53.000000000 +0200
1335 +++ openssl-1.0.1b/crypto/evp/c_alld.c 2012-04-26 18:00:51.390769081 +0200
1336 @@ -64,6 +64,11 @@
1337
1338 void OpenSSL_add_all_digests(void)
1339 {
1340 +#ifdef OPENSSL_FIPS
1341 + OPENSSL_init_library();
1342 + if (!FIPS_mode())
1343 + {
1344 +#endif
1345 #ifndef OPENSSL_NO_MD4
1346 EVP_add_digest(EVP_md4());
1347 #endif
1348 @@ -111,4 +116,32 @@ void OpenSSL_add_all_digests(void)
1349 #ifndef OPENSSL_NO_WHIRLPOOL
1350 EVP_add_digest(EVP_whirlpool());
1351 #endif
1352 +#ifdef OPENSSL_FIPS
1353 + }
1354 + else
1355 + {
1356 +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
1357 + EVP_add_digest(EVP_sha1());
1358 + EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
1359 + EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
1360 +#ifndef OPENSSL_NO_DSA
1361 + EVP_add_digest(EVP_dss1());
1362 + EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
1363 + EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
1364 + EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
1365 +#endif
1366 +#ifndef OPENSSL_NO_ECDSA
1367 + EVP_add_digest(EVP_ecdsa());
1368 +#endif
1369 +#endif
1370 +#ifndef OPENSSL_NO_SHA256
1371 + EVP_add_digest(EVP_sha224());
1372 + EVP_add_digest(EVP_sha256());
1373 +#endif
1374 +#ifndef OPENSSL_NO_SHA512
1375 + EVP_add_digest(EVP_sha384());
1376 + EVP_add_digest(EVP_sha512());
1377 +#endif
1378 + }
1379 +#endif
1380 }
1381 diff -up openssl-1.0.1b/crypto/evp/digest.c.fips openssl-1.0.1b/crypto/evp/digest.c
1382 --- openssl-1.0.1b/crypto/evp/digest.c.fips 2011-05-29 17:55:13.000000000 +0200
1383 +++ openssl-1.0.1b/crypto/evp/digest.c 2012-04-26 18:00:51.391769103 +0200
1384 @@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
1385 return EVP_DigestInit_ex(ctx, type, NULL);
1386 }
1387
1388 +#ifdef OPENSSL_FIPS
1389 +
1390 +/* The purpose of these is to trap programs that attempt to use non FIPS
1391 + * algorithms in FIPS mode and ignore the errors.
1392 + */
1393 +
1394 +static int bad_init(EVP_MD_CTX *ctx)
1395 + { FIPS_ERROR_IGNORED("Digest init"); return 0;}
1396 +
1397 +static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count)
1398 + { FIPS_ERROR_IGNORED("Digest update"); return 0;}
1399 +
1400 +static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
1401 + { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
1402 +
1403 +static const EVP_MD bad_md =
1404 + {
1405 + 0,
1406 + 0,
1407 + 0,
1408 + 0,
1409 + bad_init,
1410 + bad_update,
1411 + bad_final,
1412 + NULL,
1413 + NULL,
1414 + NULL,
1415 + 0,
1416 + {0,0,0,0},
1417 + };
1418 +
1419 +#endif
1420 +
1421 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
1422 {
1423 EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
1424 +#ifdef OPENSSL_FIPS
1425 + if(FIPS_selftest_failed())
1426 + {
1427 + FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
1428 + ctx->digest = &bad_md;
1429 + return 0;
1430 + }
1431 +#endif
1432 #ifndef OPENSSL_NO_ENGINE
1433 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
1434 * so this context may already have an ENGINE! Try to avoid releasing
1435 @@ -201,6 +242,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
1436 #endif
1437 if (ctx->digest != type)
1438 {
1439 +#ifdef OPENSSL_FIPS
1440 + if (FIPS_mode())
1441 + {
1442 + if (!(type->flags & EVP_MD_FLAG_FIPS)
1443 + && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
1444 + {
1445 + EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
1446 + ctx->digest = &bad_md;
1447 + return 0;
1448 + }
1449 + }
1450 +#endif
1451 if (ctx->digest && ctx->digest->ctx_size)
1452 OPENSSL_free(ctx->md_data);
1453 ctx->digest=type;
1454 @@ -229,26 +282,15 @@ skip_to_init:
1455 }
1456 if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
1457 return 1;
1458 -#ifdef OPENSSL_FIPS
1459 - if (FIPS_mode())
1460 - {
1461 - if (FIPS_digestinit(ctx, type))
1462 - return 1;
1463 - OPENSSL_free(ctx->md_data);
1464 - ctx->md_data = NULL;
1465 - return 0;
1466 - }
1467 -#endif
1468 return ctx->digest->init(ctx);
1469 }
1470
1471 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
1472 {
1473 #ifdef OPENSSL_FIPS
1474 - return FIPS_digestupdate(ctx, data, count);
1475 -#else
1476 - return ctx->update(ctx,data,count);
1477 + FIPS_selftest_check();
1478 #endif
1479 + return ctx->update(ctx,data,count);
1480 }
1481
1482 /* The caller can assume that this removes any secret data from the context */
1483 @@ -263,10 +305,11 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns
1484 /* The caller can assume that this removes any secret data from the context */
1485 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
1486 {
1487 -#ifdef OPENSSL_FIPS
1488 - return FIPS_digestfinal(ctx, md, size);
1489 -#else
1490 int ret;
1491 +#ifdef OPENSSL_FIPS
1492 + FIPS_selftest_check();
1493 +#endif
1494 +
1495 OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
1496 ret=ctx->digest->final(ctx,md);
1497 if (size != NULL)
1498 @@ -278,7 +321,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,
1499 }
1500 memset(ctx->md_data,0,ctx->digest->ctx_size);
1501 return ret;
1502 -#endif
1503 }
1504
1505 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
1506 @@ -372,7 +414,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
1507 /* This call frees resources associated with the context */
1508 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
1509 {
1510 -#ifndef OPENSSL_FIPS
1511 /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
1512 * because sometimes only copies of the context are ever finalised.
1513 */
1514 @@ -385,7 +426,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
1515 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
1516 OPENSSL_free(ctx->md_data);
1517 }
1518 -#endif
1519 if (ctx->pctx)
1520 EVP_PKEY_CTX_free(ctx->pctx);
1521 #ifndef OPENSSL_NO_ENGINE
1522 @@ -394,9 +434,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
1523 * functional reference we held for this reason. */
1524 ENGINE_finish(ctx->engine);
1525 #endif
1526 -#ifdef OPENSSL_FIPS
1527 - FIPS_md_ctx_cleanup(ctx);
1528 -#endif
1529 memset(ctx,'\0',sizeof *ctx);
1530
1531 return 1;
1532 diff -up openssl-1.0.1b/crypto/evp/e_aes.c.fips openssl-1.0.1b/crypto/evp/e_aes.c
1533 --- openssl-1.0.1b/crypto/evp/e_aes.c.fips 2011-11-15 13:19:56.000000000 +0100
1534 +++ openssl-1.0.1b/crypto/evp/e_aes.c 2012-04-26 18:00:51.391769103 +0200
1535 @@ -56,7 +56,6 @@
1536 #include <assert.h>
1537 #include <openssl/aes.h>
1538 #include "evp_locl.h"
1539 -#ifndef OPENSSL_FIPS
1540 #include "modes_lcl.h"
1541 #include <openssl/rand.h>
1542
1543 @@ -716,7 +715,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *
1544 if (arg <= 0)
1545 return 0;
1546 #ifdef OPENSSL_FIPS
1547 - if (FIPS_module_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)
1548 + if (FIPS_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)
1549 && arg < 12)
1550 return 0;
1551 #endif
1552 @@ -1128,7 +1127,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
1553 return 0;
1554 #ifdef OPENSSL_FIPS
1555 /* Requirement of SP800-38E */
1556 - if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
1557 + if (FIPS_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
1558 (len > (1UL<<20)*16))
1559 {
1560 EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
1561 @@ -1310,4 +1309,3 @@ BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm
1562 BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
1563
1564 #endif
1565 -#endif
1566 diff -up openssl-1.0.1b/crypto/evp/e_des3.c.fips openssl-1.0.1b/crypto/evp/e_des3.c
1567 --- openssl-1.0.1b/crypto/evp/e_des3.c.fips 2011-05-29 01:01:26.000000000 +0200
1568 +++ openssl-1.0.1b/crypto/evp/e_des3.c 2012-04-26 18:00:51.392769125 +0200
1569 @@ -65,8 +65,6 @@
1570 #include <openssl/des.h>
1571 #include <openssl/rand.h>
1572
1573 -#ifndef OPENSSL_FIPS
1574 -
1575 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1576 const unsigned char *iv,int enc);
1577
1578 @@ -208,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH
1579 }
1580
1581 BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
1582 - EVP_CIPH_RAND_KEY, des_ede_init_key, NULL,
1583 - EVP_CIPHER_set_asn1_iv,
1584 - EVP_CIPHER_get_asn1_iv,
1585 + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1586 + des_ede_init_key,
1587 + NULL, NULL, NULL,
1588 des3_ctrl)
1589
1590 #define des_ede3_cfb64_cipher des_ede_cfb64_cipher
1591 @@ -219,21 +217,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY,
1592 #define des_ede3_ecb_cipher des_ede_ecb_cipher
1593
1594 BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
1595 - EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
1596 - EVP_CIPHER_set_asn1_iv,
1597 - EVP_CIPHER_get_asn1_iv,
1598 + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1599 + des_ede3_init_key,
1600 + NULL, NULL, NULL,
1601 des3_ctrl)
1602
1603 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
1604 - EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
1605 - EVP_CIPHER_set_asn1_iv,
1606 - EVP_CIPHER_get_asn1_iv,
1607 + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1608 + des_ede3_init_key,
1609 + NULL, NULL, NULL,
1610 des3_ctrl)
1611
1612 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
1613 - EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
1614 - EVP_CIPHER_set_asn1_iv,
1615 - EVP_CIPHER_get_asn1_iv,
1616 + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1617 + des_ede3_init_key,
1618 + NULL, NULL, NULL,
1619 des3_ctrl)
1620
1621 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1622 @@ -313,4 +311,3 @@ const EVP_CIPHER *EVP_des_ede3(void)
1623 return &des_ede3_ecb;
1624 }
1625 #endif
1626 -#endif
1627 diff -up openssl-1.0.1b/crypto/evp/e_null.c.fips openssl-1.0.1b/crypto/evp/e_null.c
1628 --- openssl-1.0.1b/crypto/evp/e_null.c.fips 2011-06-20 22:00:10.000000000 +0200
1629 +++ openssl-1.0.1b/crypto/evp/e_null.c 2012-04-26 18:00:51.392769125 +0200
1630 @@ -61,8 +61,6 @@
1631 #include <openssl/evp.h>
1632 #include <openssl/objects.h>
1633
1634 -#ifndef OPENSSL_FIPS
1635 -
1636 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1637 const unsigned char *iv,int enc);
1638 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1639 @@ -71,7 +69,7 @@ static const EVP_CIPHER n_cipher=
1640 {
1641 NID_undef,
1642 1,0,0,
1643 - 0,
1644 + EVP_CIPH_FLAG_FIPS,
1645 null_init_key,
1646 null_cipher,
1647 NULL,
1648 @@ -101,4 +99,3 @@ static int null_cipher(EVP_CIPHER_CTX *c
1649 memcpy((char *)out,(const char *)in,inl);
1650 return 1;
1651 }
1652 -#endif
1653 diff -up openssl-1.0.1b/crypto/evp/evp_enc.c.fips openssl-1.0.1b/crypto/evp/evp_enc.c
1654 --- openssl-1.0.1b/crypto/evp/evp_enc.c.fips 2012-04-20 02:07:48.000000000 +0200
1655 +++ openssl-1.0.1b/crypto/evp/evp_enc.c 2012-04-26 18:02:25.419823276 +0200
1656 @@ -69,17 +69,58 @@
1657 #endif
1658 #include "evp_locl.h"
1659
1660 -#ifdef OPENSSL_FIPS
1661 -#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
1662 -#else
1663 #define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
1664 -#endif
1665
1666
1667 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
1668
1669 +#ifdef OPENSSL_FIPS
1670 +
1671 +/* The purpose of these is to trap programs that attempt to use non FIPS
1672 + * algorithms in FIPS mode and ignore the errors.
1673 + */
1674 +
1675 +static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1676 + const unsigned char *iv, int enc)
1677 + { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
1678 +
1679 +static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1680 + const unsigned char *in, unsigned int inl)
1681 + { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
1682 +
1683 +/* NB: no cleanup because it is allowed after failed init */
1684 +
1685 +static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
1686 + { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
1687 +static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
1688 + { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
1689 +static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
1690 + { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
1691 +
1692 +static const EVP_CIPHER bad_cipher =
1693 + {
1694 + 0,
1695 + 0,
1696 + 0,
1697 + 0,
1698 + 0,
1699 + bad_init,
1700 + bad_do_cipher,
1701 + NULL,
1702 + 0,
1703 + bad_set_asn1,
1704 + bad_get_asn1,
1705 + bad_ctrl,
1706 + NULL
1707 + };
1708 +
1709 +#endif
1710 +
1711 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
1712 {
1713 +#ifdef OPENSSL_FIPS
1714 + FIPS_selftest_check();
1715 +#endif
1716 memset(ctx,0,sizeof(EVP_CIPHER_CTX));
1717 /* ctx->cipher=NULL; */
1718 }
1719 @@ -111,6 +152,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
1720 enc = 1;
1721 ctx->encrypt = enc;
1722 }
1723 +#ifdef OPENSSL_FIPS
1724 + if(FIPS_selftest_failed())
1725 + {
1726 + FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
1727 + ctx->cipher = &bad_cipher;
1728 + return 0;
1729 + }
1730 +#endif
1731 #ifndef OPENSSL_NO_ENGINE
1732 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
1733 * so this context may already have an ENGINE! Try to avoid releasing
1734 @@ -169,10 +218,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
1735 ctx->engine = NULL;
1736 #endif
1737
1738 -#ifdef OPENSSL_FIPS
1739 - if (FIPS_mode())
1740 - return FIPS_cipherinit(ctx, cipher, key, iv, enc);
1741 -#endif
1742 ctx->cipher=cipher;
1743 if (ctx->cipher->ctx_size)
1744 {
1745 @@ -206,10 +251,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
1746 #ifndef OPENSSL_NO_ENGINE
1747 skip_to_init:
1748 #endif
1749 -#ifdef OPENSSL_FIPS
1750 - if (FIPS_mode())
1751 - return FIPS_cipherinit(ctx, cipher, key, iv, enc);
1752 -#endif
1753 /* we assume block size is a power of 2 in *cryptUpdate */
1754 OPENSSL_assert(ctx->cipher->block_size == 1
1755 || ctx->cipher->block_size == 8
1756 @@ -249,6 +290,22 @@ skip_to_init:
1757 }
1758 }
1759
1760 +#ifdef OPENSSL_FIPS
1761 + /* After 'key' is set no further parameters changes are permissible.
1762 + * So only check for non FIPS enabling at this point.
1763 + */
1764 + if (key && FIPS_mode())
1765 + {
1766 + if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
1767 + & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
1768 + {
1769 + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS);
1770 + ctx->cipher = &bad_cipher;
1771 + return 0;
1772 + }
1773 + }
1774 +#endif
1775 +
1776 if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
1777 if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
1778 }
1779 @@ -568,7 +625,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX
1780
1781 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
1782 {
1783 -#ifndef OPENSSL_FIPS
1784 if (c->cipher != NULL)
1785 {
1786 if(c->cipher->cleanup && !c->cipher->cleanup(c))
1787 @@ -579,16 +635,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT
1788 }
1789 if (c->cipher_data)
1790 OPENSSL_free(c->cipher_data);
1791 -#endif
1792 #ifndef OPENSSL_NO_ENGINE
1793 if (c->engine)
1794 /* The EVP_CIPHER we used belongs to an ENGINE, release the
1795 * functional reference we held for this reason. */
1796 ENGINE_finish(c->engine);
1797 #endif
1798 -#ifdef OPENSSL_FIPS
1799 - FIPS_cipher_ctx_cleanup(c);
1800 -#endif
1801 memset(c,0,sizeof(EVP_CIPHER_CTX));
1802 return 1;
1803 }
1804 diff -up openssl-1.0.1b/crypto/evp/evp.h.fips openssl-1.0.1b/crypto/evp/evp.h
1805 --- openssl-1.0.1b/crypto/evp/evp.h.fips 2012-04-26 18:00:51.128763357 +0200
1806 +++ openssl-1.0.1b/crypto/evp/evp.h 2012-04-26 18:00:51.394769168 +0200
1807 @@ -75,6 +75,10 @@
1808 #include <openssl/bio.h>
1809 #endif
1810
1811 +#ifdef OPENSSL_FIPS
1812 +#include <openssl/fips.h>
1813 +#endif
1814 +
1815 /*
1816 #define EVP_RC2_KEY_SIZE 16
1817 #define EVP_RC4_KEY_SIZE 16
1818 @@ -272,10 +276,6 @@ struct env_md_ctx_st
1819 * cleaned */
1820 #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
1821 * in EVP_MD_CTX_cleanup */
1822 -/* FIPS and pad options are ignored in 1.0.0, definitions are here
1823 - * so we don't accidentally reuse the values for other purposes.
1824 - */
1825 -
1826 #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
1827 * in FIPS mode */
1828
1829 @@ -287,6 +287,10 @@ struct env_md_ctx_st
1830 #define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */
1831 #define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */
1832 #define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */
1833 +#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \
1834 + ((ctx->flags>>16) &0xFFFF) /* seed length */
1835 +#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */
1836 +#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */
1837
1838 #define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */
1839
1840 @@ -338,15 +342,15 @@ struct evp_cipher_st
1841 /* cipher handles random key generation */
1842 #define EVP_CIPH_RAND_KEY 0x200
1843 /* cipher has its own additional copying logic */
1844 -#define EVP_CIPH_CUSTOM_COPY 0x400
1845 +#define EVP_CIPH_CUSTOM_COPY 0x4000
1846 /* Allow use default ASN1 get/set iv */
1847 #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
1848 /* Buffer length in bits not bytes: CFB1 mode only */
1849 #define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
1850 /* Note if suitable for use in FIPS mode */
1851 -#define EVP_CIPH_FLAG_FIPS 0x4000
1852 +#define EVP_CIPH_FLAG_FIPS 0x400
1853 /* Allow non FIPS cipher in FIPS mode */
1854 -#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000
1855 +#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
1856 /* Cipher handles any and all padding logic as well
1857 * as finalisation.
1858 */
1859 diff -up openssl-1.0.1b/crypto/evp/evp_lib.c.fips openssl-1.0.1b/crypto/evp/evp_lib.c
1860 --- openssl-1.0.1b/crypto/evp/evp_lib.c.fips 2011-05-29 04:32:05.000000000 +0200
1861 +++ openssl-1.0.1b/crypto/evp/evp_lib.c 2012-04-26 18:00:51.394769168 +0200
1862 @@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_
1863
1864 int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
1865 {
1866 +#ifdef OPENSSL_FIPS
1867 + FIPS_selftest_check();
1868 +#endif
1869 return ctx->cipher->do_cipher(ctx,out,in,inl);
1870 }
1871
1872 diff -up openssl-1.0.1b/crypto/evp/evp_locl.h.fips openssl-1.0.1b/crypto/evp/evp_locl.h
1873 --- openssl-1.0.1b/crypto/evp/evp_locl.h.fips 2012-04-26 18:00:51.118763138 +0200
1874 +++ openssl-1.0.1b/crypto/evp/evp_locl.h 2012-04-26 18:00:51.395769190 +0200
1875 @@ -258,10 +258,9 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
1876 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
1877 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
1878 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
1879 - 0, cipher##_init_key, NULL, \
1880 - EVP_CIPHER_set_asn1_iv, \
1881 - EVP_CIPHER_get_asn1_iv, \
1882 - NULL)
1883 + EVP_CIPH_FLAG_DEFAULT_ASN1, \
1884 + cipher##_init_key, NULL, NULL, NULL, NULL)
1885 +
1886
1887 struct evp_pkey_ctx_st
1888 {
1889 @@ -367,11 +366,6 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_
1890 #define MD2_Init private_MD2_Init
1891 #define MDC2_Init private_MDC2_Init
1892 #define SHA_Init private_SHA_Init
1893 -#define SHA1_Init private_SHA1_Init
1894 -#define SHA224_Init private_SHA224_Init
1895 -#define SHA256_Init private_SHA256_Init
1896 -#define SHA384_Init private_SHA384_Init
1897 -#define SHA512_Init private_SHA512_Init
1898
1899 #define BF_set_key private_BF_set_key
1900 #define CAST_set_key private_CAST_set_key
1901 @@ -379,7 +373,6 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_
1902 #define SEED_set_key private_SEED_set_key
1903 #define RC2_set_key private_RC2_set_key
1904 #define RC4_set_key private_RC4_set_key
1905 -#define DES_set_key_unchecked private_DES_set_key_unchecked
1906 #define Camellia_set_key private_Camellia_set_key
1907
1908 #endif
1909 diff -up openssl-1.0.1b/crypto/evp/Makefile.fips openssl-1.0.1b/crypto/evp/Makefile
1910 --- openssl-1.0.1b/crypto/evp/Makefile.fips 2012-04-26 12:42:19.000000000 +0200
1911 +++ openssl-1.0.1b/crypto/evp/Makefile 2012-04-26 18:00:51.395769190 +0200
1912 @@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_
1913 bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
1914 c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
1915 evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
1916 - e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \
1917 + e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
1918 e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
1919
1920 LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
1921 @@ -41,7 +41,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_
1922 bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
1923 c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
1924 evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
1925 - e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \
1926 + e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \
1927 e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
1928
1929 SRC= $(LIBSRC)
1930 diff -up openssl-1.0.1b/crypto/evp/m_dss1.c.fips openssl-1.0.1b/crypto/evp/m_dss1.c
1931 --- openssl-1.0.1b/crypto/evp/m_dss1.c.fips 2011-06-01 17:11:00.000000000 +0200
1932 +++ openssl-1.0.1b/crypto/evp/m_dss1.c 2012-04-26 18:00:51.396769212 +0200
1933 @@ -68,8 +68,6 @@
1934 #include <openssl/dsa.h>
1935 #endif
1936
1937 -#ifndef OPENSSL_FIPS
1938 -
1939 static int init(EVP_MD_CTX *ctx)
1940 { return SHA1_Init(ctx->md_data); }
1941
1942 @@ -84,7 +82,7 @@ static const EVP_MD dss1_md=
1943 NID_dsa,
1944 NID_dsaWithSHA1,
1945 SHA_DIGEST_LENGTH,
1946 - EVP_MD_FLAG_PKEY_DIGEST,
1947 + EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
1948 init,
1949 update,
1950 final,
1951 @@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
1952 return(&dss1_md);
1953 }
1954 #endif
1955 -#endif
1956 diff -up openssl-1.0.1b/crypto/evp/m_dss.c.fips openssl-1.0.1b/crypto/evp/m_dss.c
1957 --- openssl-1.0.1b/crypto/evp/m_dss.c.fips 2011-06-01 17:11:00.000000000 +0200
1958 +++ openssl-1.0.1b/crypto/evp/m_dss.c 2012-04-26 18:00:51.396769212 +0200
1959 @@ -66,7 +66,6 @@
1960 #endif
1961
1962 #ifndef OPENSSL_NO_SHA
1963 -#ifndef OPENSSL_FIPS
1964
1965 static int init(EVP_MD_CTX *ctx)
1966 { return SHA1_Init(ctx->md_data); }
1967 @@ -82,7 +81,7 @@ static const EVP_MD dsa_md=
1968 NID_dsaWithSHA,
1969 NID_dsaWithSHA,
1970 SHA_DIGEST_LENGTH,
1971 - EVP_MD_FLAG_PKEY_DIGEST,
1972 + EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
1973 init,
1974 update,
1975 final,
1976 @@ -98,4 +97,3 @@ const EVP_MD *EVP_dss(void)
1977 return(&dsa_md);
1978 }
1979 #endif
1980 -#endif
1981 diff -up openssl-1.0.1b/crypto/evp/m_md2.c.fips openssl-1.0.1b/crypto/evp/m_md2.c
1982 --- openssl-1.0.1b/crypto/evp/m_md2.c.fips 2005-07-16 14:37:32.000000000 +0200
1983 +++ openssl-1.0.1b/crypto/evp/m_md2.c 2012-04-26 18:00:51.396769212 +0200
1984 @@ -68,6 +68,7 @@
1985 #ifndef OPENSSL_NO_RSA
1986 #include <openssl/rsa.h>
1987 #endif
1988 +#include "evp_locl.h"
1989
1990 static int init(EVP_MD_CTX *ctx)
1991 { return MD2_Init(ctx->md_data); }
1992 diff -up openssl-1.0.1b/crypto/evp/m_sha1.c.fips openssl-1.0.1b/crypto/evp/m_sha1.c
1993 --- openssl-1.0.1b/crypto/evp/m_sha1.c.fips 2011-05-29 01:01:26.000000000 +0200
1994 +++ openssl-1.0.1b/crypto/evp/m_sha1.c 2012-04-26 18:00:51.396769212 +0200
1995 @@ -59,8 +59,6 @@
1996 #include <stdio.h>
1997 #include "cryptlib.h"
1998
1999 -#ifndef OPENSSL_FIPS
2000 -
2001 #ifndef OPENSSL_NO_SHA
2002
2003 #include <openssl/evp.h>
2004 @@ -85,7 +83,8 @@ static const EVP_MD sha1_md=
2005 NID_sha1,
2006 NID_sha1WithRSAEncryption,
2007 SHA_DIGEST_LENGTH,
2008 - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
2009 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
2010 + EVP_MD_FLAG_FIPS,
2011 init,
2012 update,
2013 final,
2014 @@ -122,7 +121,8 @@ static const EVP_MD sha224_md=
2015 NID_sha224,
2016 NID_sha224WithRSAEncryption,
2017 SHA224_DIGEST_LENGTH,
2018 - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
2019 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
2020 + EVP_MD_FLAG_FIPS,
2021 init224,
2022 update256,
2023 final256,
2024 @@ -141,7 +141,8 @@ static const EVP_MD sha256_md=
2025 NID_sha256,
2026 NID_sha256WithRSAEncryption,
2027 SHA256_DIGEST_LENGTH,
2028 - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
2029 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
2030 + EVP_MD_FLAG_FIPS,
2031 init256,
2032 update256,
2033 final256,
2034 @@ -172,7 +173,8 @@ static const EVP_MD sha384_md=
2035 NID_sha384,
2036 NID_sha384WithRSAEncryption,
2037 SHA384_DIGEST_LENGTH,
2038 - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
2039 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
2040 + EVP_MD_FLAG_FIPS,
2041 init384,
2042 update512,
2043 final512,
2044 @@ -191,7 +193,8 @@ static const EVP_MD sha512_md=
2045 NID_sha512,
2046 NID_sha512WithRSAEncryption,
2047 SHA512_DIGEST_LENGTH,
2048 - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
2049 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
2050 + EVP_MD_FLAG_FIPS,
2051 init512,
2052 update512,
2053 final512,
2054 @@ -206,4 +209,3 @@ const EVP_MD *EVP_sha512(void)
2055 { return(&sha512_md); }
2056 #endif /* ifndef OPENSSL_NO_SHA512 */
2057
2058 -#endif
2059 diff -up openssl-1.0.1b/crypto/evp/p_sign.c.fips openssl-1.0.1b/crypto/evp/p_sign.c
2060 --- openssl-1.0.1b/crypto/evp/p_sign.c.fips 2011-06-09 18:02:39.000000000 +0200
2061 +++ openssl-1.0.1b/crypto/evp/p_sign.c 2012-04-26 18:00:51.396769212 +0200
2062 @@ -61,6 +61,7 @@
2063 #include <openssl/evp.h>
2064 #include <openssl/objects.h>
2065 #include <openssl/x509.h>
2066 +#include <openssl/rsa.h>
2067
2068 #ifdef undef
2069 void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
2070 @@ -103,6 +104,22 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsig
2071 goto err;
2072 if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
2073 goto err;
2074 + if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931)
2075 + if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0)
2076 + goto err;
2077 + if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS)
2078 + {
2079 + int saltlen;
2080 + if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
2081 + goto err;
2082 + saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx);
2083 + if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
2084 + saltlen = -1;
2085 + else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
2086 + saltlen = -2;
2087 + if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
2088 + goto err;
2089 + }
2090 if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
2091 goto err;
2092 *siglen = sltmp;
2093 diff -up openssl-1.0.1b/crypto/evp/p_verify.c.fips openssl-1.0.1b/crypto/evp/p_verify.c
2094 --- openssl-1.0.1b/crypto/evp/p_verify.c.fips 2011-06-09 18:02:39.000000000 +0200
2095 +++ openssl-1.0.1b/crypto/evp/p_verify.c 2012-04-26 18:00:51.396769212 +0200
2096 @@ -61,6 +61,7 @@
2097 #include <openssl/evp.h>
2098 #include <openssl/objects.h>
2099 #include <openssl/x509.h>
2100 +#include <openssl/rsa.h>
2101
2102 int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
2103 unsigned int siglen, EVP_PKEY *pkey)
2104 @@ -88,6 +89,22 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, con
2105 goto err;
2106 if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
2107 goto err;
2108 + if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931)
2109 + if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0)
2110 + goto err;
2111 + if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS)
2112 + {
2113 + int saltlen;
2114 + if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
2115 + goto err;
2116 + saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx);
2117 + if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
2118 + saltlen = -1;
2119 + else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
2120 + saltlen = -2;
2121 + if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
2122 + goto err;
2123 + }
2124 i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
2125 err:
2126 EVP_PKEY_CTX_free(pkctx);
2127 diff -up openssl-1.0.1b/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_aesavs.c
2128 --- openssl-1.0.1b/crypto/fips/cavs/fips_aesavs.c.fips 2012-04-26 18:00:51.397769234 +0200
2129 +++ openssl-1.0.1b/crypto/fips/cavs/fips_aesavs.c 2012-04-26 18:00:51.397769234 +0200
2130 @@ -0,0 +1,939 @@
2131 +/* ====================================================================
2132 + * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
2133 + *
2134 + * Redistribution and use in source and binary forms, with or without
2135 + * modification, are permitted provided that the following conditions
2136 + * are met:
2137 + *
2138 + * 1. Redistributions of source code must retain the above copyright
2139 + * notice, this list of conditions and the following disclaimer.
2140 + *
2141 + * 2. Redistributions in binary form must reproduce the above copyright
2142 + * notice, this list of conditions and the following disclaimer in
2143 + * the documentation and/or other materials provided with the
2144 + * distribution.
2145 + *
2146 + * 3. All advertising materials mentioning features or use of this
2147 + * software must display the following acknowledgment:
2148 + * "This product includes software developed by the OpenSSL Project
2149 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
2150 + *
2151 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
2152 + * endorse or promote products derived from this software without
2153 + * prior written permission. For written permission, please contact
2154 + * openssl-core@openssl.org.
2155 + *
2156 + * 5. Products derived from this software may not be called "OpenSSL"
2157 + * nor may "OpenSSL" appear in their names without prior written
2158 + * permission of the OpenSSL Project.
2159 + *
2160 + * 6. Redistributions of any form whatsoever must retain the following
2161 + * acknowledgment:
2162 + * "This product includes software developed by the OpenSSL Project
2163 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
2164 + *
2165 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
2166 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2167 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
2168 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
2169 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
2170 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
2171 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
2172 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2173 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
2174 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
2175 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
2176 + * OF THE POSSIBILITY OF SUCH DAMAGE.
2177 + *
2178 + */
2179 +/*---------------------------------------------
2180 + NIST AES Algorithm Validation Suite
2181 + Test Program
2182 +
2183 + Donated to OpenSSL by:
2184 + V-ONE Corporation
2185 + 20250 Century Blvd, Suite 300
2186 + Germantown, MD 20874
2187 + U.S.A.
2188 + ----------------------------------------------*/
2189 +
2190 +#include <stdio.h>
2191 +#include <stdlib.h>
2192 +#include <string.h>
2193 +#include <errno.h>
2194 +#include <assert.h>
2195 +#include <ctype.h>
2196 +#include <openssl/aes.h>
2197 +#include <openssl/evp.h>
2198 +#include <openssl/bn.h>
2199 +
2200 +#include <openssl/err.h>
2201 +#include "e_os.h"
2202 +
2203 +#ifndef OPENSSL_FIPS
2204 +
2205 +int main(int argc, char *argv[])
2206 +{
2207 + printf("No FIPS AES support\n");
2208 + return(0);
2209 +}
2210 +
2211 +#else
2212 +
2213 +#include <openssl/fips.h>
2214 +#include "fips_utl.h"
2215 +
2216 +#define AES_BLOCK_SIZE 16
2217 +
2218 +#define VERBOSE 0
2219 +
2220 +/*-----------------------------------------------*/
2221 +
2222 +int AESTest(EVP_CIPHER_CTX *ctx,
2223 + char *amode, int akeysz, unsigned char *aKey,
2224 + unsigned char *iVec,
2225 + int dir, /* 0 = decrypt, 1 = encrypt */
2226 + unsigned char *plaintext, unsigned char *ciphertext, int len)
2227 + {
2228 + const EVP_CIPHER *cipher = NULL;
2229 +
2230 + if (strcasecmp(amode, "CBC") == 0)
2231 + {
2232 + switch (akeysz)
2233 + {
2234 + case 128:
2235 + cipher = EVP_aes_128_cbc();
2236 + break;
2237 +
2238 + case 192:
2239 + cipher = EVP_aes_192_cbc();
2240 + break;
2241 +
2242 + case 256:
2243 + cipher = EVP_aes_256_cbc();
2244 + break;
2245 + }
2246 +
2247 + }
2248 + else if (strcasecmp(amode, "ECB") == 0)
2249 + {
2250 + switch (akeysz)
2251 + {
2252 + case 128:
2253 + cipher = EVP_aes_128_ecb();
2254 + break;
2255 +
2256 + case 192:
2257 + cipher = EVP_aes_192_ecb();
2258 + break;
2259 +
2260 + case 256:
2261 + cipher = EVP_aes_256_ecb();
2262 + break;
2263 + }
2264 + }
2265 + else if (strcasecmp(amode, "CFB128") == 0)
2266 + {
2267 + switch (akeysz)
2268 + {
2269 + case 128:
2270 + cipher = EVP_aes_128_cfb128();
2271 + break;
2272 +
2273 + case 192:
2274 + cipher = EVP_aes_192_cfb128();
2275 + break;
2276 +
2277 + case 256:
2278 + cipher = EVP_aes_256_cfb128();
2279 + break;
2280 + }
2281 +
2282 + }
2283 + else if (strncasecmp(amode, "OFB", 3) == 0)
2284 + {
2285 + switch (akeysz)
2286 + {
2287 + case 128:
2288 + cipher = EVP_aes_128_ofb();
2289 + break;
2290 +
2291 + case 192:
2292 + cipher = EVP_aes_192_ofb();
2293 + break;
2294 +
2295 + case 256:
2296 + cipher = EVP_aes_256_ofb();
2297 + break;
2298 + }
2299 + }
2300 + else if(!strcasecmp(amode,"CFB1"))
2301 + {
2302 + switch (akeysz)
2303 + {
2304 + case 128:
2305 + cipher = EVP_aes_128_cfb1();
2306 + break;
2307 +
2308 + case 192:
2309 + cipher = EVP_aes_192_cfb1();
2310 + break;
2311 +
2312 + case 256:
2313 + cipher = EVP_aes_256_cfb1();
2314 + break;
2315 + }
2316 + }
2317 + else if(!strcasecmp(amode,"CFB8"))
2318 + {
2319 + switch (akeysz)
2320 + {
2321 + case 128:
2322 + cipher = EVP_aes_128_cfb8();
2323 + break;
2324 +
2325 + case 192:
2326 + cipher = EVP_aes_192_cfb8();
2327 + break;
2328 +
2329 + case 256:
2330 + cipher = EVP_aes_256_cfb8();
2331 + break;
2332 + }
2333 + }
2334 + else
2335 + {
2336 + printf("Unknown mode: %s\n", amode);
2337 + return 0;
2338 + }
2339 + if (!cipher)
2340 + {
2341 + printf("Invalid key size: %d\n", akeysz);
2342 + return 0;
2343 + }
2344 + if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
2345 + return 0;
2346 + if(!strcasecmp(amode,"CFB1"))
2347 + M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
2348 + if (dir)
2349 + EVP_Cipher(ctx, ciphertext, plaintext, len);
2350 + else
2351 + EVP_Cipher(ctx, plaintext, ciphertext, len);
2352 + return 1;
2353 + }
2354 +
2355 +/*-----------------------------------------------*/
2356 +char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
2357 +char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"};
2358 +enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128};
2359 +enum XCrypt {XDECRYPT, XENCRYPT};
2360 +
2361 +/*=============================*/
2362 +/* Monte Carlo Tests */
2363 +/*-----------------------------*/
2364 +
2365 +/*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/
2366 +/*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/
2367 +
2368 +#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
2369 +#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
2370 +
2371 +int do_mct(char *amode,
2372 + int akeysz, unsigned char *aKey,unsigned char *iVec,
2373 + int dir, unsigned char *text, int len,
2374 + FILE *rfp)
2375 + {
2376 + int ret = 0;
2377 + unsigned char key[101][32];
2378 + unsigned char iv[101][AES_BLOCK_SIZE];
2379 + unsigned char ptext[1001][32];
2380 + unsigned char ctext[1001][32];
2381 + unsigned char ciphertext[64+4];
2382 + int i, j, n, n1, n2;
2383 + int imode = 0, nkeysz = akeysz/8;
2384 + EVP_CIPHER_CTX ctx;
2385 + EVP_CIPHER_CTX_init(&ctx);
2386 +
2387 + if (len > 32)
2388 + {
2389 + printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n",
2390 + amode, akeysz);
2391 + return -1;
2392 + }
2393 + for (imode = 0; imode < 6; ++imode)
2394 + if (strcmp(amode, t_mode[imode]) == 0)
2395 + break;
2396 + if (imode == 6)
2397 + {
2398 + printf("Unrecognized mode: %s\n", amode);
2399 + return -1;
2400 + }
2401 +
2402 + memcpy(key[0], aKey, nkeysz);
2403 + if (iVec)
2404 + memcpy(iv[0], iVec, AES_BLOCK_SIZE);
2405 + if (dir == XENCRYPT)
2406 + memcpy(ptext[0], text, len);
2407 + else
2408 + memcpy(ctext[0], text, len);
2409 + for (i = 0; i < 100; ++i)
2410 + {
2411 + /* printf("Iteration %d\n", i); */
2412 + if (i > 0)
2413 + {
2414 + fprintf(rfp,"COUNT = %d\n",i);
2415 + OutputValue("KEY",key[i],nkeysz,rfp,0);
2416 + if (imode != ECB) /* ECB */
2417 + OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0);
2418 + /* Output Ciphertext | Plaintext */
2419 + OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp,
2420 + imode == CFB1);
2421 + }
2422 + for (j = 0; j < 1000; ++j)
2423 + {
2424 + switch (imode)
2425 + {
2426 + case ECB:
2427 + if (j == 0)
2428 + { /* set up encryption */
2429 + ret = AESTest(&ctx, amode, akeysz, key[i], NULL,
2430 + dir, /* 0 = decrypt, 1 = encrypt */
2431 + ptext[j], ctext[j], len);
2432 + if (dir == XENCRYPT)
2433 + memcpy(ptext[j+1], ctext[j], len);
2434 + else
2435 + memcpy(ctext[j+1], ptext[j], len);
2436 + }
2437 + else
2438 + {
2439 + if (dir == XENCRYPT)
2440 + {
2441 + EVP_Cipher(&ctx, ctext[j], ptext[j], len);
2442 + memcpy(ptext[j+1], ctext[j], len);
2443 + }
2444 + else
2445 + {
2446 + EVP_Cipher(&ctx, ptext[j], ctext[j], len);
2447 + memcpy(ctext[j+1], ptext[j], len);
2448 + }
2449 + }
2450 + break;
2451 +
2452 + case CBC:
2453 + case OFB:
2454 + case CFB128:
2455 + if (j == 0)
2456 + {
2457 + ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
2458 + dir, /* 0 = decrypt, 1 = encrypt */
2459 + ptext[j], ctext[j], len);
2460 + if (dir == XENCRYPT)
2461 + memcpy(ptext[j+1], iv[i], len);
2462 + else
2463 + memcpy(ctext[j+1], iv[i], len);
2464 + }
2465 + else
2466 + {
2467 + if (dir == XENCRYPT)
2468 + {
2469 + EVP_Cipher(&ctx, ctext[j], ptext[j], len);
2470 + memcpy(ptext[j+1], ctext[j-1], len);
2471 + }
2472 + else
2473 + {
2474 + EVP_Cipher(&ctx, ptext[j], ctext[j], len);
2475 + memcpy(ctext[j+1], ptext[j-1], len);
2476 + }
2477 + }
2478 + break;
2479 +
2480 + case CFB8:
2481 + if (j == 0)
2482 + {
2483 + ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
2484 + dir, /* 0 = decrypt, 1 = encrypt */
2485 + ptext[j], ctext[j], len);
2486 + }
2487 + else
2488 + {
2489 + if (dir == XENCRYPT)
2490 + EVP_Cipher(&ctx, ctext[j], ptext[j], len);
2491 + else
2492 + EVP_Cipher(&ctx, ptext[j], ctext[j], len);
2493 + }
2494 + if (dir == XENCRYPT)
2495 + {
2496 + if (j < 16)
2497 + memcpy(ptext[j+1], &iv[i][j], len);
2498 + else
2499 + memcpy(ptext[j+1], ctext[j-16], len);
2500 + }
2501 + else
2502 + {
2503 + if (j < 16)
2504 + memcpy(ctext[j+1], &iv[i][j], len);
2505 + else
2506 + memcpy(ctext[j+1], ptext[j-16], len);
2507 + }
2508 + break;
2509 +
2510 + case CFB1:
2511 + if(j == 0)
2512 + {
2513 +#if 0
2514 + /* compensate for wrong endianness of input file */
2515 + if(i == 0)
2516 + ptext[0][0]<<=7;
2517 +#endif
2518 + ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
2519 + ptext[j], ctext[j], len);
2520 + }
2521 + else
2522 + {
2523 + if (dir == XENCRYPT)
2524 + EVP_Cipher(&ctx, ctext[j], ptext[j], len);
2525 + else
2526 + EVP_Cipher(&ctx, ptext[j], ctext[j], len);
2527 +
2528 + }
2529 + if(dir == XENCRYPT)
2530 + {
2531 + if(j < 128)
2532 + sb(ptext[j+1],0,gb(iv[i],j));
2533 + else
2534 + sb(ptext[j+1],0,gb(ctext[j-128],0));
2535 + }
2536 + else
2537 + {
2538 + if(j < 128)
2539 + sb(ctext[j+1],0,gb(iv[i],j));
2540 + else
2541 + sb(ctext[j+1],0,gb(ptext[j-128],0));
2542 + }
2543 + break;
2544 + }
2545 + }
2546 + --j; /* reset to last of range */
2547 + /* Output Ciphertext | Plaintext */
2548 + OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp,
2549 + imode == CFB1);
2550 + fprintf(rfp, "\n"); /* add separator */
2551 +
2552 + /* Compute next KEY */
2553 + if (dir == XENCRYPT)
2554 + {
2555 + if (imode == CFB8)
2556 + { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
2557 + for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
2558 + ciphertext[n1] = ctext[j-n2][0];
2559 + }
2560 + else if(imode == CFB1)
2561 + {
2562 + for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
2563 + sb(ciphertext,n1,gb(ctext[j-n2],0));
2564 + }
2565 + else
2566 + switch (akeysz)
2567 + {
2568 + case 128:
2569 + memcpy(ciphertext, ctext[j], 16);
2570 + break;
2571 + case 192:
2572 + memcpy(ciphertext, ctext[j-1]+8, 8);
2573 + memcpy(ciphertext+8, ctext[j], 16);
2574 + break;
2575 + case 256:
2576 + memcpy(ciphertext, ctext[j-1], 16);
2577 + memcpy(ciphertext+16, ctext[j], 16);
2578 + break;
2579 + }
2580 + }
2581 + else
2582 + {
2583 + if (imode == CFB8)
2584 + { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
2585 + for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
2586 + ciphertext[n1] = ptext[j-n2][0];
2587 + }
2588 + else if(imode == CFB1)
2589 + {
2590 + for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
2591 + sb(ciphertext,n1,gb(ptext[j-n2],0));
2592 + }
2593 + else
2594 + switch (akeysz)
2595 + {
2596 + case 128:
2597 + memcpy(ciphertext, ptext[j], 16);
2598 + break;
2599 + case 192:
2600 + memcpy(ciphertext, ptext[j-1]+8, 8);
2601 + memcpy(ciphertext+8, ptext[j], 16);
2602 + break;
2603 + case 256:
2604 + memcpy(ciphertext, ptext[j-1], 16);
2605 + memcpy(ciphertext+16, ptext[j], 16);
2606 + break;
2607 + }
2608 + }
2609 + /* Compute next key: Key[i+1] = Key[i] xor ct */
2610 + for (n = 0; n < nkeysz; ++n)
2611 + key[i+1][n] = key[i][n] ^ ciphertext[n];
2612 +
2613 + /* Compute next IV and text */
2614 + if (dir == XENCRYPT)
2615 + {
2616 + switch (imode)
2617 + {
2618 + case ECB:
2619 + memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE);
2620 + break;
2621 + case CBC:
2622 + case OFB:
2623 + case CFB128:
2624 + memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE);
2625 + memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE);
2626 + break;
2627 + case CFB8:
2628 + /* IV[i+1] = ct */
2629 + for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
2630 + iv[i+1][n1] = ctext[j-n2][0];
2631 + ptext[0][0] = ctext[j-16][0];
2632 + break;
2633 + case CFB1:
2634 + for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
2635 + sb(iv[i+1],n1,gb(ctext[j-n2],0));
2636 + ptext[0][0]=ctext[j-128][0]&0x80;
2637 + break;
2638 + }
2639 + }
2640 + else
2641 + {
2642 + switch (imode)
2643 + {
2644 + case ECB:
2645 + memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE);
2646 + break;
2647 + case CBC:
2648 + case OFB:
2649 + case CFB128:
2650 + memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE);
2651 + memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE);
2652 + break;
2653 + case CFB8:
2654 + for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
2655 + iv[i+1][n1] = ptext[j-n2][0];
2656 + ctext[0][0] = ptext[j-16][0];
2657 + break;
2658 + case CFB1:
2659 + for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
2660 + sb(iv[i+1],n1,gb(ptext[j-n2],0));
2661 + ctext[0][0]=ptext[j-128][0]&0x80;
2662 + break;
2663 + }
2664 + }
2665 + }
2666 +
2667 + return ret;
2668 + }
2669 +
2670 +/*================================================*/
2671 +/*----------------------------
2672 + # Config info for v-one
2673 + # AESVS MMT test data for ECB
2674 + # State : Encrypt and Decrypt
2675 + # Key Length : 256
2676 + # Fri Aug 30 04:07:22 PM
2677 + ----------------------------*/
2678 +
2679 +int proc_file(char *rqfile, char *rspfile)
2680 + {
2681 + char afn[256], rfn[256];
2682 + FILE *afp = NULL, *rfp = NULL;
2683 + char ibuf[2048];
2684 + char tbuf[2048];
2685 + int ilen, len, ret = 0;
2686 + char algo[8] = "";
2687 + char amode[8] = "";
2688 + char atest[8] = "";
2689 + int akeysz = 0;
2690 + unsigned char iVec[20], aKey[40];
2691 + int dir = -1, err = 0, step = 0;
2692 + unsigned char plaintext[2048];
2693 + unsigned char ciphertext[2048];
2694 + char *rp;
2695 + EVP_CIPHER_CTX ctx;
2696 + EVP_CIPHER_CTX_init(&ctx);
2697 +
2698 + if (!rqfile || !(*rqfile))
2699 + {
2700 + printf("No req file\n");
2701 + return -1;
2702 + }
2703 + strcpy(afn, rqfile);
2704 +
2705 + if ((afp = fopen(afn, "r")) == NULL)
2706 + {
2707 + printf("Cannot open file: %s, %s\n",
2708 + afn, strerror(errno));
2709 + return -1;
2710 + }
2711 + if (!rspfile)
2712 + {
2713 + strcpy(rfn,afn);
2714 + rp=strstr(rfn,"req/");
2715 +#ifdef OPENSSL_SYS_WIN32
2716 + if (!rp)
2717 + rp=strstr(rfn,"req\\");
2718 +#endif
2719 + assert(rp);
2720 + memcpy(rp,"rsp",3);
2721 + rp = strstr(rfn, ".req");
2722 + memcpy(rp, ".rsp", 4);
2723 + rspfile = rfn;
2724 + }
2725 + if ((rfp = fopen(rspfile, "w")) == NULL)
2726 + {
2727 + printf("Cannot open file: %s, %s\n",
2728 + rfn, strerror(errno));
2729 + fclose(afp);
2730 + afp = NULL;
2731 + return -1;
2732 + }
2733 + while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
2734 + {
2735 + tidy_line(tbuf, ibuf);
2736 + ilen = strlen(ibuf);
2737 + /* printf("step=%d ibuf=%s",step,ibuf); */
2738 + switch (step)
2739 + {
2740 + case 0: /* read preamble */
2741 + if (ibuf[0] == '\n')
2742 + { /* end of preamble */
2743 + if ((*algo == '\0') ||
2744 + (*amode == '\0') ||
2745 + (akeysz == 0))
2746 + {
2747 + printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n",
2748 + algo,amode,akeysz);
2749 + err = 1;
2750 + }
2751 + else
2752 + {
2753 + fputs(ibuf, rfp);
2754 + ++ step;
2755 + }
2756 + }
2757 + else if (ibuf[0] != '#')
2758 + {
2759 + printf("Invalid preamble item: %s\n", ibuf);
2760 + err = 1;
2761 + }
2762 + else
2763 + { /* process preamble */
2764 + char *xp, *pp = ibuf+2;
2765 + int n;
2766 + if (akeysz)
2767 + { /* insert current time & date */
2768 + time_t rtim = time(0);
2769 + fprintf(rfp, "# %s", ctime(&rtim));
2770 + }
2771 + else
2772 + {
2773 + fputs(ibuf, rfp);
2774 + if (strncmp(pp, "AESVS ", 6) == 0)
2775 + {
2776 + strcpy(algo, "AES");
2777 + /* get test type */
2778 + pp += 6;
2779 + xp = strchr(pp, ' ');
2780 + n = xp-pp;
2781 + strncpy(atest, pp, n);
2782 + atest[n] = '\0';
2783 + /* get mode */
2784 + xp = strrchr(pp, ' '); /* get mode" */
2785 + n = strlen(xp+1)-1;
2786 + strncpy(amode, xp+1, n);
2787 + amode[n] = '\0';
2788 + /* amode[3] = '\0'; */
2789 + if (VERBOSE)
2790 + printf("Test = %s, Mode = %s\n", atest, amode);
2791 + }
2792 + else if (strncasecmp(pp, "Key Length : ", 13) == 0)
2793 + {
2794 + akeysz = atoi(pp+13);
2795 + if (VERBOSE)
2796 + printf("Key size = %d\n", akeysz);
2797 + }
2798 + }
2799 + }
2800 + break;
2801 +
2802 + case 1: /* [ENCRYPT] | [DECRYPT] */
2803 + if (ibuf[0] == '[')
2804 + {
2805 + fputs(ibuf, rfp);
2806 + ++step;
2807 + if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
2808 + dir = 1;
2809 + else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
2810 + dir = 0;
2811 + else
2812 + {
2813 + printf("Invalid keyword: %s\n", ibuf);
2814 + err = 1;
2815 + }
2816 + break;
2817 + }
2818 + else if (dir == -1)
2819 + {
2820 + err = 1;
2821 + printf("Missing ENCRYPT/DECRYPT keyword\n");
2822 + break;
2823 + }
2824 + else
2825 + step = 2;
2826 +
2827 + case 2: /* KEY = xxxx */
2828 + fputs(ibuf, rfp);
2829 + if(*ibuf == '\n')
2830 + break;
2831 + if(!strncasecmp(ibuf,"COUNT = ",8))
2832 + break;
2833 +
2834 + if (strncasecmp(ibuf, "KEY = ", 6) != 0)
2835 + {
2836 + printf("Missing KEY\n");
2837 + err = 1;
2838 + }
2839 + else
2840 + {
2841 + len = hex2bin((char*)ibuf+6, aKey);
2842 + if (len < 0)
2843 + {
2844 + printf("Invalid KEY\n");
2845 + err =1;
2846 + break;
2847 + }
2848 + PrintValue("KEY", aKey, len);
2849 + if (strcmp(amode, "ECB") == 0)
2850 + {
2851 + memset(iVec, 0, sizeof(iVec));
2852 + step = (dir)? 4: 5; /* no ivec for ECB */
2853 + }
2854 + else
2855 + ++step;
2856 + }
2857 + break;
2858 +
2859 + case 3: /* IV = xxxx */
2860 + fputs(ibuf, rfp);
2861 + if (strncasecmp(ibuf, "IV = ", 5) != 0)
2862 + {
2863 + printf("Missing IV\n");
2864 + err = 1;
2865 + }
2866 + else
2867 + {
2868 + len = hex2bin((char*)ibuf+5, iVec);
2869 + if (len < 0)
2870 + {
2871 + printf("Invalid IV\n");
2872 + err =1;
2873 + break;
2874 + }
2875 + PrintValue("IV", iVec, len);
2876 + step = (dir)? 4: 5;
2877 + }
2878 + break;
2879 +
2880 + case 4: /* PLAINTEXT = xxxx */
2881 + fputs(ibuf, rfp);
2882 + if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
2883 + {
2884 + printf("Missing PLAINTEXT\n");
2885 + err = 1;
2886 + }
2887 + else
2888 + {
2889 + int nn = strlen(ibuf+12);
2890 + if(!strcmp(amode,"CFB1"))
2891 + len=bint2bin(ibuf+12,nn-1,plaintext);
2892 + else
2893 + len=hex2bin(ibuf+12, plaintext);
2894 + if (len < 0)
2895 + {
2896 + printf("Invalid PLAINTEXT: %s", ibuf+12);
2897 + err =1;
2898 + break;
2899 + }
2900 + if (len >= sizeof(plaintext))
2901 + {
2902 + printf("Buffer overflow\n");
2903 + }
2904 + PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
2905 + if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
2906 + {
2907 + if(do_mct(amode, akeysz, aKey, iVec,
2908 + dir, (unsigned char*)plaintext, len,
2909 + rfp) < 0)
2910 + EXIT(1);
2911 + }
2912 + else
2913 + {
2914 + ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
2915 + dir, /* 0 = decrypt, 1 = encrypt */
2916 + plaintext, ciphertext, len);
2917 + OutputValue("CIPHERTEXT",ciphertext,len,rfp,
2918 + !strcmp(amode,"CFB1"));
2919 + }
2920 + step = 6;
2921 + }
2922 + break;
2923 +
2924 + case 5: /* CIPHERTEXT = xxxx */
2925 + fputs(ibuf, rfp);
2926 + if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
2927 + {
2928 + printf("Missing KEY\n");
2929 + err = 1;
2930 + }
2931 + else
2932 + {
2933 + if(!strcmp(amode,"CFB1"))
2934 + len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
2935 + else
2936 + len = hex2bin(ibuf+13,ciphertext);
2937 + if (len < 0)
2938 + {
2939 + printf("Invalid CIPHERTEXT\n");
2940 + err =1;
2941 + break;
2942 + }
2943 +
2944 + PrintValue("CIPHERTEXT", ciphertext, len);
2945 + if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
2946 + {
2947 + do_mct(amode, akeysz, aKey, iVec,
2948 + dir, ciphertext, len, rfp);
2949 + }
2950 + else
2951 + {
2952 + ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
2953 + dir, /* 0 = decrypt, 1 = encrypt */
2954 + plaintext, ciphertext, len);
2955 + OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
2956 + !strcmp(amode,"CFB1"));
2957 + }
2958 + step = 6;
2959 + }
2960 + break;
2961 +
2962 + case 6:
2963 + if (ibuf[0] != '\n')
2964 + {
2965 + err = 1;
2966 + printf("Missing terminator\n");
2967 + }
2968 + else if (strcmp(atest, "MCT") != 0)
2969 + { /* MCT already added terminating nl */
2970 + fputs(ibuf, rfp);
2971 + }
2972 + step = 1;
2973 + break;
2974 + }
2975 + }
2976 + if (rfp)
2977 + fclose(rfp);
2978 + if (afp)
2979 + fclose(afp);
2980 + return err;
2981 + }
2982 +
2983 +/*--------------------------------------------------
2984 + Processes either a single file or
2985 + a set of files whose names are passed in a file.
2986 + A single file is specified as:
2987 + aes_test -f xxx.req
2988 + A set of files is specified as:
2989 + aes_test -d xxxxx.xxx
2990 + The default is: -d req.txt
2991 +--------------------------------------------------*/
2992 +int main(int argc, char **argv)
2993 + {
2994 + char *rqlist = "req.txt", *rspfile = NULL;
2995 + FILE *fp = NULL;
2996 + char fn[250] = "", rfn[256] = "";
2997 + int f_opt = 0, d_opt = 1;
2998 +
2999 +#ifdef OPENSSL_FIPS
3000 + if(!FIPS_mode_set(1))
3001 + {
3002 + do_print_errors();
3003 + EXIT(1);
3004 + }
3005 +#endif
3006 + if (argc > 1)
3007 + {
3008 + if (strcasecmp(argv[1], "-d") == 0)
3009 + {
3010 + d_opt = 1;
3011 + }
3012 + else if (strcasecmp(argv[1], "-f") == 0)
3013 + {
3014 + f_opt = 1;
3015 + d_opt = 0;
3016 + }
3017 + else
3018 + {
3019 + printf("Invalid parameter: %s\n", argv[1]);
3020 + return 0;
3021 + }
3022 + if (argc < 3)
3023 + {
3024 + printf("Missing parameter\n");
3025 + return 0;
3026 + }
3027 + if (d_opt)
3028 + rqlist = argv[2];
3029 + else
3030 + {
3031 + strcpy(fn, argv[2]);
3032 + rspfile = argv[3];
3033 + }
3034 + }
3035 + if (d_opt)
3036 + { /* list of files (directory) */
3037 + if (!(fp = fopen(rqlist, "r")))
3038 + {
3039 + printf("Cannot open req list file\n");
3040 + return -1;
3041 + }
3042 + while (fgets(fn, sizeof(fn), fp))
3043 + {
3044 + strtok(fn, "\r\n");
3045 + strcpy(rfn, fn);
3046 + if (VERBOSE)
3047 + printf("Processing: %s\n", rfn);
3048 + if (proc_file(rfn, rspfile))
3049 + {
3050 + printf(">>> Processing failed for: %s <<<\n", rfn);
3051 + EXIT(1);
3052 + }
3053 + }
3054 + fclose(fp);
3055 + }
3056 + else /* single file */
3057 + {
3058 + if (VERBOSE)
3059 + printf("Processing: %s\n", fn);
3060 + if (proc_file(fn, rspfile))
3061 + {
3062 + printf(">>> Processing failed for: %s <<<\n", fn);
3063 + }
3064 + }
3065 + EXIT(0);
3066 + return 0;
3067 + }
3068 +
3069 +#endif
3070 diff -up openssl-1.0.1b/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_cmactest.c
3071 --- openssl-1.0.1b/crypto/fips/cavs/fips_cmactest.c.fips 2012-04-26 18:00:51.397769234 +0200
3072 +++ openssl-1.0.1b/crypto/fips/cavs/fips_cmactest.c 2012-04-26 18:00:51.397769234 +0200
3073 @@ -0,0 +1,517 @@
3074 +/* fips_cmactest.c */
3075 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3076 + * project 2005.
3077 + */
3078 +/* ====================================================================
3079 + * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
3080 + *
3081 + * Redistribution and use in source and binary forms, with or without
3082 + * modification, are permitted provided that the following conditions
3083 + * are met:
3084 + *
3085 + * 1. Redistributions of source code must retain the above copyright
3086 + * notice, this list of conditions and the following disclaimer.
3087 + *
3088 + * 2. Redistributions in binary form must reproduce the above copyright
3089 + * notice, this list of conditions and the following disclaimer in
3090 + * the documentation and/or other materials provided with the
3091 + * distribution.
3092 + *
3093 + * 3. All advertising materials mentioning features or use of this
3094 + * software must display the following acknowledgment:
3095 + * "This product includes software developed by the OpenSSL Project
3096 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
3097 + *
3098 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
3099 + * endorse or promote products derived from this software without
3100 + * prior written permission. For written permission, please contact
3101 + * licensing@OpenSSL.org.
3102 + *
3103 + * 5. Products derived from this software may not be called "OpenSSL"
3104 + * nor may "OpenSSL" appear in their names without prior written
3105 + * permission of the OpenSSL Project.
3106 + *
3107 + * 6. Redistributions of any form whatsoever must retain the following
3108 + * acknowledgment:
3109 + * "This product includes software developed by the OpenSSL Project
3110 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
3111 + *
3112 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
3113 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3114 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
3115 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
3116 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
3117 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
3118 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
3119 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3120 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
3121 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
3122 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
3123 + * OF THE POSSIBILITY OF SUCH DAMAGE.
3124 + * ====================================================================
3125 + *
3126 + * This product includes cryptographic software written by Eric Young
3127 + * (eay@cryptsoft.com). This product includes software written by Tim
3128 + * Hudson (tjh@cryptsoft.com).
3129 + *
3130 + */
3131 +
3132 +#define OPENSSL_FIPSAPI
3133 +
3134 +#include <stdio.h>
3135 +#include <ctype.h>
3136 +#include <string.h>
3137 +#include <openssl/bio.h>
3138 +#include <openssl/evp.h>
3139 +#include <openssl/cmac.h>
3140 +#include <openssl/err.h>
3141 +#include <openssl/bn.h>
3142 +
3143 +#ifndef OPENSSL_FIPS
3144 +
3145 +int main(int argc, char *argv[])
3146 +{
3147 + printf("No FIPS CMAC support\n");
3148 + return(0);
3149 +}
3150 +
3151 +#else
3152 +
3153 +#include <openssl/fips.h>
3154 +#include "fips_utl.h"
3155 +
3156 +static int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
3157 + int mode, int Klen_counts_keys, int known_keylen);
3158 +static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
3159 + unsigned char *Key, int Klen,
3160 + unsigned char *Msg, int Msglen,
3161 + int Tlen);
3162 +static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
3163 + unsigned char *Key, int Klen,
3164 + unsigned char *Msg, int Msglen,
3165 + unsigned char *Mac, int Maclen,
3166 + int Tlen);
3167 +
3168 +#ifdef FIPS_ALGVS
3169 +int fips_cmactest_main(int argc, char **argv)
3170 +#else
3171 +int main(int argc, char **argv)
3172 +#endif
3173 + {
3174 + FILE *in = NULL, *out = NULL;
3175 + int mode = 0; /* 0 => Generate, 1 => Verify */
3176 + int Klen_counts_keys = 0; /* 0 => Klen is size of one key
3177 + 1 => Klen is amount of keys
3178 + */
3179 + int known_keylen = 0; /* Only set when Klen_counts_keys = 1 */
3180 + const EVP_CIPHER *cipher = 0;
3181 + int ret = 1;
3182 + fips_algtest_init();
3183 +
3184 + while (argc > 1 && argv[1][0] == '-')
3185 + {
3186 + switch (argv[1][1])
3187 + {
3188 + case 'a':
3189 + {
3190 + char *p = &argv[1][2];
3191 + if (*p == '\0')
3192 + {
3193 + if (argc <= 2)
3194 + {
3195 + fprintf(stderr, "Option %s needs a value\n", argv[1]);
3196 + goto end;
3197 + }
3198 + argv++;
3199 + argc--;
3200 + p = &argv[1][0];
3201 + }
3202 + if (!strcmp(p, "aes128"))
3203 + cipher = EVP_aes_128_cbc();
3204 + else if (!strcmp(p, "aes192"))
3205 + cipher = EVP_aes_192_cbc();
3206 + else if (!strcmp(p, "aes256"))
3207 + cipher = EVP_aes_256_cbc();
3208 + else if (!strcmp(p, "tdea3") || !strcmp(p, "tdes3"))
3209 + {
3210 + cipher = EVP_des_ede3_cbc();
3211 + Klen_counts_keys = 1;
3212 + known_keylen = 8;
3213 + }
3214 + else
3215 + {
3216 + fprintf(stderr, "Unknown algorithm %s\n", p);
3217 + goto end;
3218 + }
3219 + }
3220 + break;
3221 + case 'g':
3222 + mode = 0;
3223 + break;
3224 + case 'v':
3225 + mode = 1;
3226 + break;
3227 + default:
3228 + fprintf(stderr, "Unknown option %s\n", argv[1]);
3229 + goto end;
3230 + }
3231 + argv++;
3232 + argc--;
3233 + }
3234 + if (argc == 1)
3235 + in = stdin;
3236 + else
3237 + in = fopen(argv[1], "r");
3238 +
3239 + if (argc < 2)
3240 + out = stdout;
3241 + else
3242 + out = fopen(argv[2], "w");
3243 +
3244 + if (!in)
3245 + {
3246 + fprintf(stderr, "FATAL input initialization error\n");
3247 + goto end;
3248 + }
3249 +
3250 + if (!out)
3251 + {
3252 + fprintf(stderr, "FATAL output initialization error\n");
3253 + goto end;
3254 + }
3255 +
3256 + if (!cmac_test(cipher, out, in, mode,
3257 + Klen_counts_keys, known_keylen))
3258 + {
3259 + fprintf(stderr, "FATAL cmac file processing error\n");
3260 + goto end;
3261 + }
3262 + else
3263 + ret = 0;
3264 +
3265 + end:
3266 +
3267 + if (in && (in != stdin))
3268 + fclose(in);
3269 + if (out && (out != stdout))
3270 + fclose(out);
3271 +
3272 + return ret;
3273 +
3274 + }
3275 +
3276 +#define CMAC_TEST_MAXLINELEN 150000
3277 +
3278 +int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
3279 + int mode, int Klen_counts_keys, int known_keylen)
3280 + {
3281 + char *linebuf, *olinebuf, *p, *q;
3282 + char *keyword, *value;
3283 + unsigned char **Keys = NULL, *Msg = NULL, *Mac = NULL;
3284 + unsigned char *Key = NULL;
3285 + int Count, Klen, Mlen, Tlen;
3286 + long Keylen, Msglen, Maclen;
3287 + int ret = 0;
3288 + int lnum = 0;
3289 +
3290 + olinebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
3291 + linebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
3292 +
3293 + if (!linebuf || !olinebuf)
3294 + goto error;
3295 +
3296 + Count = -1;
3297 + Klen = -1;
3298 + Mlen = -1;
3299 + Tlen = -1;
3300 +
3301 + while (fgets(olinebuf, CMAC_TEST_MAXLINELEN, in))
3302 + {
3303 + lnum++;
3304 + strcpy(linebuf, olinebuf);
3305 + keyword = linebuf;
3306 + /* Skip leading space */
3307 + while (isspace((unsigned char)*keyword))
3308 + keyword++;
3309 +
3310 + /* Skip comments */
3311 + if (keyword[0] == '#')
3312 + {
3313 + if (fputs(olinebuf, out) < 0)
3314 + goto error;
3315 + continue;
3316 + }
3317 +
3318 + /* Look for = sign */
3319 + p = strchr(linebuf, '=');
3320 +
3321 + /* If no = or starts with [ (for [L=20] line) just copy */
3322 + if (!p)
3323 + {
3324 + if (fputs(olinebuf, out) < 0)
3325 + goto error;
3326 + continue;
3327 + }
3328 +
3329 + q = p - 1;
3330 +
3331 + /* Remove trailing space */
3332 + while (isspace((unsigned char)*q))
3333 + *q-- = 0;
3334 +
3335 + *p = 0;
3336 + value = p + 1;
3337 +
3338 + /* Remove leading space from value */
3339 + while (isspace((unsigned char)*value))
3340 + value++;
3341 +
3342 + /* Remove trailing space from value */
3343 + p = value + strlen(value) - 1;
3344 +
3345 + while (*p == '\n' || isspace((unsigned char)*p))
3346 + *p-- = 0;
3347 +
3348 + if (!strcmp(keyword, "Count"))
3349 + {
3350 + if (Count != -1)
3351 + goto parse_error;
3352 + Count = atoi(value);
3353 + if (Count < 0)
3354 + goto parse_error;
3355 + }
3356 + else if (!strcmp(keyword, "Klen"))
3357 + {
3358 + if (Klen != -1)
3359 + goto parse_error;
3360 + Klen = atoi(value);
3361 + if (Klen < 0)
3362 + goto parse_error;
3363 + if (Klen_counts_keys)
3364 + {
3365 + Keys = OPENSSL_malloc(sizeof(*Keys) * Klen);
3366 + memset(Keys, '\0', sizeof(*Keys) * Klen);
3367 + }
3368 + else
3369 + {
3370 + Keys = OPENSSL_malloc(sizeof(*Keys));
3371 + memset(Keys, '\0', sizeof(*Keys));
3372 + }
3373 + }
3374 + else if (!strcmp(keyword, "Mlen"))
3375 + {
3376 + if (Mlen != -1)
3377 + goto parse_error;
3378 + Mlen = atoi(value);
3379 + if (Mlen < 0)
3380 + goto parse_error;
3381 + }
3382 + else if (!strcmp(keyword, "Tlen"))
3383 + {
3384 + if (Tlen != -1)
3385 + goto parse_error;
3386 + Tlen = atoi(value);
3387 + if (Tlen < 0)
3388 + goto parse_error;
3389 + }
3390 + else if (!strcmp(keyword, "Key") && !Klen_counts_keys)
3391 + {
3392 + if (Keys[0])
3393 + goto parse_error;
3394 + Keys[0] = hex2bin_m(value, &Keylen);
3395 + if (!Keys[0])
3396 + goto parse_error;
3397 + }
3398 + else if (!strncmp(keyword, "Key", 3) && Klen_counts_keys)
3399 + {
3400 + int keynum = atoi(keyword + 3);
3401 + if (!keynum || keynum > Klen || Keys[keynum-1])
3402 + goto parse_error;
3403 + Keys[keynum-1] = hex2bin_m(value, &Keylen);
3404 + if (!Keys[keynum-1])
3405 + goto parse_error;
3406 + }
3407 + else if (!strcmp(keyword, "Msg"))
3408 + {
3409 + if (Msg)
3410 + goto parse_error;
3411 + Msg = hex2bin_m(value, &Msglen);
3412 + if (!Msg)
3413 + goto parse_error;
3414 + }
3415 + else if (!strcmp(keyword, "Mac"))
3416 + {
3417 + if (mode == 0)
3418 + continue;
3419 + if (Mac)
3420 + goto parse_error;
3421 + Mac = hex2bin_m(value, &Maclen);
3422 + if (!Mac)
3423 + goto parse_error;
3424 + }
3425 + else if (!strcmp(keyword, "Result"))
3426 + {
3427 + if (mode == 1)
3428 + continue;
3429 + goto parse_error;
3430 + }
3431 + else
3432 + goto parse_error;
3433 +
3434 + fputs(olinebuf, out);
3435 +
3436 + if (Keys && Msg && (!mode || Mac) && (Tlen > 0) && (Klen > 0))
3437 + {
3438 + if (Klen_counts_keys)
3439 + {
3440 + int x;
3441 + Key = OPENSSL_malloc(Klen * known_keylen);
3442 + for (x = 0; x < Klen; x++)
3443 + {
3444 + memcpy(Key + x * known_keylen,
3445 + Keys[x], known_keylen);
3446 + OPENSSL_free(Keys[x]);
3447 + }
3448 + Klen *= known_keylen;
3449 + }
3450 + else
3451 + {
3452 + Key = OPENSSL_malloc(Klen);
3453 + memcpy(Key, Keys[0], Klen);
3454 + OPENSSL_free(Keys[0]);
3455 + }
3456 + OPENSSL_free(Keys);
3457 +
3458 + switch(mode)
3459 + {
3460 + case 0:
3461 + if (!print_cmac_gen(cipher, out,
3462 + Key, Klen,
3463 + Msg, Mlen,
3464 + Tlen))
3465 + goto error;
3466 + break;
3467 + case 1:
3468 + if (!print_cmac_ver(cipher, out,
3469 + Key, Klen,
3470 + Msg, Mlen,
3471 + Mac, Maclen,
3472 + Tlen))
3473 + goto error;
3474 + break;
3475 + }
3476 +
3477 + OPENSSL_free(Key);
3478 + Key = NULL;
3479 + OPENSSL_free(Msg);
3480 + Msg = NULL;
3481 + OPENSSL_free(Mac);
3482 + Mac = NULL;
3483 + Klen = -1;
3484 + Mlen = -1;
3485 + Tlen = -1;
3486 + Count = -1;
3487 + }
3488 + }
3489 +
3490 +
3491 + ret = 1;
3492 +
3493 +
3494 + error:
3495 +
3496 + if (olinebuf)
3497 + OPENSSL_free(olinebuf);
3498 + if (linebuf)
3499 + OPENSSL_free(linebuf);
3500 + if (Key)
3501 + OPENSSL_free(Key);
3502 + if (Msg)
3503 + OPENSSL_free(Msg);
3504 + if (Mac)
3505 + OPENSSL_free(Mac);
3506 +
3507 + return ret;
3508 +
3509 + parse_error:
3510 +
3511 + fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
3512 +
3513 + goto error;
3514 +
3515 + }
3516 +
3517 +static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
3518 + unsigned char *Key, int Klen,
3519 + unsigned char *Msg, int Mlen,
3520 + int Tlen)
3521 + {
3522 + int rc, i;
3523 + size_t reslen;
3524 + unsigned char res[128];
3525 + CMAC_CTX *cmac_ctx = CMAC_CTX_new();
3526 +
3527 + CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
3528 + CMAC_Update(cmac_ctx, Msg, Mlen);
3529 + if (!CMAC_Final(cmac_ctx, res, &reslen))
3530 + {
3531 + fputs("Error calculating CMAC\n", stderr);
3532 + rc = 0;
3533 + }
3534 + else if (Tlen > (int)reslen)
3535 + {
3536 + fputs("Parameter error, Tlen > CMAC length\n", stderr);
3537 + rc = 0;
3538 + }
3539 + else
3540 + {
3541 + fputs("Mac = ", out);
3542 + for (i = 0; i < Tlen; i++)
3543 + fprintf(out, "%02x", res[i]);
3544 + fputs(RESP_EOL, out);
3545 + rc = 1;
3546 + }
3547 + CMAC_CTX_free(cmac_ctx);
3548 + return rc;
3549 + }
3550 +
3551 +static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
3552 + unsigned char *Key, int Klen,
3553 + unsigned char *Msg, int Mlen,
3554 + unsigned char *Mac, int Maclen,
3555 + int Tlen)
3556 + {
3557 + int rc = 1;
3558 + size_t reslen;
3559 + unsigned char res[128];
3560 + CMAC_CTX *cmac_ctx = CMAC_CTX_new();
3561 +
3562 + CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
3563 + CMAC_Update(cmac_ctx, Msg, Mlen);
3564 + if (!CMAC_Final(cmac_ctx, res, &reslen))
3565 + {
3566 + fputs("Error calculating CMAC\n", stderr);
3567 + rc = 0;
3568 + }
3569 + else if (Tlen > (int)reslen)
3570 + {
3571 + fputs("Parameter error, Tlen > CMAC length\n", stderr);
3572 + rc = 0;
3573 + }
3574 + else if (Tlen != Maclen)
3575 + {
3576 + fputs("Parameter error, Tlen != resulting Mac length\n", stderr);
3577 + rc = 0;
3578 + }
3579 + else
3580 + {
3581 + if (!memcmp(Mac, res, Maclen))
3582 + fputs("Result = P" RESP_EOL, out);
3583 + else
3584 + fputs("Result = F" RESP_EOL, out);
3585 + }
3586 + CMAC_CTX_free(cmac_ctx);
3587 + return rc;
3588 + }
3589 +
3590 +#endif
3591 diff -up openssl-1.0.1b/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_desmovs.c
3592 --- openssl-1.0.1b/crypto/fips/cavs/fips_desmovs.c.fips 2012-04-26 18:00:51.398769255 +0200
3593 +++ openssl-1.0.1b/crypto/fips/cavs/fips_desmovs.c 2012-04-26 18:00:51.398769255 +0200
3594 @@ -0,0 +1,702 @@
3595 +/* ====================================================================
3596 + * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
3597 + *
3598 + * Redistribution and use in source and binary forms, with or without
3599 + * modification, are permitted provided that the following conditions
3600 + * are met:
3601 + *
3602 + * 1. Redistributions of source code must retain the above copyright
3603 + * notice, this list of conditions and the following disclaimer.
3604 + *
3605 + * 2. Redistributions in binary form must reproduce the above copyright
3606 + * notice, this list of conditions and the following disclaimer in
3607 + * the documentation and/or other materials provided with the
3608 + * distribution.
3609 + *
3610 + * 3. All advertising materials mentioning features or use of this
3611 + * software must display the following acknowledgment:
3612 + * "This product includes software developed by the OpenSSL Project
3613 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
3614 + *
3615 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
3616 + * endorse or promote products derived from this software without
3617 + * prior written permission. For written permission, please contact
3618 + * openssl-core@openssl.org.
3619 + *
3620 + * 5. Products derived from this software may not be called "OpenSSL"
3621 + * nor may "OpenSSL" appear in their names without prior written
3622 + * permission of the OpenSSL Project.
3623 + *
3624 + * 6. Redistributions of any form whatsoever must retain the following
3625 + * acknowledgment:
3626 + * "This product includes software developed by the OpenSSL Project
3627 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
3628 + *
3629 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
3630 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3631 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
3632 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
3633 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
3634 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
3635 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
3636 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3637 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
3638 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
3639 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
3640 + * OF THE POSSIBILITY OF SUCH DAMAGE.
3641 + *
3642 + */
3643 +/*---------------------------------------------
3644 + NIST DES Modes of Operation Validation System
3645 + Test Program
3646 +
3647 + Based on the AES Validation Suite, which was:
3648 + Donated to OpenSSL by:
3649 + V-ONE Corporation
3650 + 20250 Century Blvd, Suite 300
3651 + Germantown, MD 20874
3652 + U.S.A.
3653 + ----------------------------------------------*/
3654 +
3655 +#include <stdio.h>
3656 +#include <stdlib.h>
3657 +#include <string.h>
3658 +#include <errno.h>
3659 +#include <assert.h>
3660 +#include <ctype.h>
3661 +#include <openssl/des.h>
3662 +#include <openssl/evp.h>
3663 +#include <openssl/bn.h>
3664 +
3665 +#include <openssl/err.h>
3666 +#include "e_os.h"
3667 +
3668 +#ifndef OPENSSL_FIPS
3669 +
3670 +int main(int argc, char *argv[])
3671 +{
3672 + printf("No FIPS DES support\n");
3673 + return(0);
3674 +}
3675 +
3676 +#else
3677 +
3678 +#include <openssl/fips.h>
3679 +#include "fips_utl.h"
3680 +
3681 +#define DES_BLOCK_SIZE 8
3682 +
3683 +#define VERBOSE 0
3684 +
3685 +int DESTest(EVP_CIPHER_CTX *ctx,
3686 + char *amode, int akeysz, unsigned char *aKey,
3687 + unsigned char *iVec,
3688 + int dir, /* 0 = decrypt, 1 = encrypt */
3689 + unsigned char *out, unsigned char *in, int len)
3690 + {
3691 + const EVP_CIPHER *cipher = NULL;
3692 +
3693 + if (akeysz != 192)
3694 + {
3695 + printf("Invalid key size: %d\n", akeysz);
3696 + EXIT(1);
3697 + }
3698 +
3699 + if (strcasecmp(amode, "CBC") == 0)
3700 + cipher = EVP_des_ede3_cbc();
3701 + else if (strcasecmp(amode, "ECB") == 0)
3702 + cipher = EVP_des_ede3_ecb();
3703 + else if (strcasecmp(amode, "CFB64") == 0)
3704 + cipher = EVP_des_ede3_cfb64();
3705 + else if (strncasecmp(amode, "OFB", 3) == 0)
3706 + cipher = EVP_des_ede3_ofb();
3707 + else if(!strcasecmp(amode,"CFB8"))
3708 + cipher = EVP_des_ede3_cfb8();
3709 + else if(!strcasecmp(amode,"CFB1"))
3710 + cipher = EVP_des_ede3_cfb1();
3711 + else
3712 + {
3713 + printf("Unknown mode: %s\n", amode);
3714 + EXIT(1);
3715 + }
3716 +
3717 + if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
3718 + return 0;
3719 + if(!strcasecmp(amode,"CFB1"))
3720 + M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
3721 + EVP_Cipher(ctx, out, in, len);
3722 +
3723 + return 1;
3724 + }
3725 +
3726 +void DebugValue(char *tag, unsigned char *val, int len)
3727 + {
3728 + char obuf[2048];
3729 + int olen;
3730 + olen = bin2hex(val, len, obuf);
3731 + printf("%s = %.*s\n", tag, olen, obuf);
3732 + }
3733 +
3734 +void shiftin(unsigned char *dst,unsigned char *src,int nbits)
3735 + {
3736 + int n;
3737 +
3738 + /* move the bytes... */
3739 + memmove(dst,dst+nbits/8,3*8-nbits/8);
3740 + /* append new data */
3741 + memcpy(dst+3*8-nbits/8,src,(nbits+7)/8);
3742 + /* left shift the bits */
3743 + if(nbits%8)
3744 + for(n=0 ; n < 3*8 ; ++n)
3745 + dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8));
3746 + }
3747 +
3748 +/*-----------------------------------------------*/
3749 +char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
3750 +char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
3751 +enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB64};
3752 +int Sizes[6]={64,64,64,1,8,64};
3753 +
3754 +void do_mct(char *amode,
3755 + int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec,
3756 + int dir, unsigned char *text, int len,
3757 + FILE *rfp)
3758 + {
3759 + int i,imode;
3760 + unsigned char nk[4*8]; /* longest key+8 */
3761 + unsigned char text0[8];
3762 +
3763 + for (imode=0 ; imode < 6 ; ++imode)
3764 + if(!strcmp(amode,t_mode[imode]))
3765 + break;
3766 + if (imode == 6)
3767 + {
3768 + printf("Unrecognized mode: %s\n", amode);
3769 + EXIT(1);
3770 + }
3771 +
3772 + for(i=0 ; i < 400 ; ++i)
3773 + {
3774 + int j;
3775 + int n;
3776 + int kp=akeysz/64;
3777 + unsigned char old_iv[8];
3778 + EVP_CIPHER_CTX ctx;
3779 + EVP_CIPHER_CTX_init(&ctx);
3780 +
3781 + fprintf(rfp,"\nCOUNT = %d\n",i);
3782 + if(kp == 1)
3783 + OutputValue("KEY",akey,8,rfp,0);
3784 + else
3785 + for(n=0 ; n < kp ; ++n)
3786 + {
3787 + fprintf(rfp,"KEY%d",n+1);
3788 + OutputValue("",akey+n*8,8,rfp,0);
3789 + }
3790 +
3791 + if(imode != ECB)
3792 + OutputValue("IV",ivec,8,rfp,0);
3793 + OutputValue(t_tag[dir^1],text,len,rfp,imode == CFB1);
3794 +#if 0
3795 + /* compensate for endianness */
3796 + if(imode == CFB1)
3797 + text[0]<<=7;
3798 +#endif
3799 + memcpy(text0,text,8);
3800 +
3801 + for(j=0 ; j < 10000 ; ++j)
3802 + {
3803 + unsigned char old_text[8];
3804 +
3805 + memcpy(old_text,text,8);
3806 + if(j == 0)
3807 + {
3808 + memcpy(old_iv,ivec,8);
3809 + DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len);
3810 + }
3811 + else
3812 + {
3813 + memcpy(old_iv,ctx.iv,8);
3814 + EVP_Cipher(&ctx,text,text,len);
3815 + }
3816 + if(j == 9999)
3817 + {
3818 + OutputValue(t_tag[dir],text,len,rfp,imode == CFB1);
3819 + /* memcpy(ivec,text,8); */
3820 + }
3821 + /* DebugValue("iv",ctx.iv,8); */
3822 + /* accumulate material for the next key */
3823 + shiftin(nk,text,Sizes[imode]);
3824 + /* DebugValue("nk",nk,24);*/
3825 + if((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64
3826 + || imode == CBC)) || imode == OFB)
3827 + memcpy(text,old_iv,8);
3828 +
3829 + if(!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64))
3830 + {
3831 + /* the test specifies using the output of the raw DES operation
3832 + which we don't have, so reconstruct it... */
3833 + for(n=0 ; n < 8 ; ++n)
3834 + text[n]^=old_text[n];
3835 + }
3836 + }
3837 + for(n=0 ; n < 8 ; ++n)
3838 + akey[n]^=nk[16+n];
3839 + for(n=0 ; n < 8 ; ++n)
3840 + akey[8+n]^=nk[8+n];
3841 + for(n=0 ; n < 8 ; ++n)
3842 + akey[16+n]^=nk[n];
3843 + if(numkeys < 3)
3844 + memcpy(&akey[2*8],akey,8);
3845 + if(numkeys < 2)
3846 + memcpy(&akey[8],akey,8);
3847 + DES_set_odd_parity((DES_cblock *)akey);
3848 + DES_set_odd_parity((DES_cblock *)(akey+8));
3849 + DES_set_odd_parity((DES_cblock *)(akey+16));
3850 + memcpy(ivec,ctx.iv,8);
3851 +
3852 + /* pointless exercise - the final text doesn't depend on the
3853 + initial text in OFB mode, so who cares what it is? (Who
3854 + designed these tests?) */
3855 + if(imode == OFB)
3856 + for(n=0 ; n < 8 ; ++n)
3857 + text[n]=text0[n]^old_iv[n];
3858 + }
3859 + }
3860 +
3861 +int proc_file(char *rqfile, char *rspfile)
3862 + {
3863 + char afn[256], rfn[256];
3864 + FILE *afp = NULL, *rfp = NULL;
3865 + char ibuf[2048], tbuf[2048];
3866 + int ilen, len, ret = 0;
3867 + char amode[8] = "";
3868 + char atest[100] = "";
3869 + int akeysz=0;
3870 + unsigned char iVec[20], aKey[40];
3871 + int dir = -1, err = 0, step = 0;
3872 + unsigned char plaintext[2048];
3873 + unsigned char ciphertext[2048];
3874 + char *rp;
3875 + EVP_CIPHER_CTX ctx;
3876 + int numkeys=1;
3877 + EVP_CIPHER_CTX_init(&ctx);
3878 +
3879 + if (!rqfile || !(*rqfile))
3880 + {
3881 + printf("No req file\n");
3882 + return -1;
3883 + }
3884 + strcpy(afn, rqfile);
3885 +
3886 + if ((afp = fopen(afn, "r")) == NULL)
3887 + {
3888 + printf("Cannot open file: %s, %s\n",
3889 + afn, strerror(errno));
3890 + return -1;
3891 + }
3892 + if (!rspfile)
3893 + {
3894 + strcpy(rfn,afn);
3895 + rp=strstr(rfn,"req/");
3896 +#ifdef OPENSSL_SYS_WIN32
3897 + if (!rp)
3898 + rp=strstr(rfn,"req\\");
3899 +#endif
3900 + assert(rp);
3901 + memcpy(rp,"rsp",3);
3902 + rp = strstr(rfn, ".req");
3903 + memcpy(rp, ".rsp", 4);
3904 + rspfile = rfn;
3905 + }
3906 + if ((rfp = fopen(rspfile, "w")) == NULL)
3907 + {
3908 + printf("Cannot open file: %s, %s\n",
3909 + rfn, strerror(errno));
3910 + fclose(afp);
3911 + afp = NULL;
3912 + return -1;
3913 + }
3914 + while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
3915 + {
3916 + tidy_line(tbuf, ibuf);
3917 + ilen = strlen(ibuf);
3918 + /* printf("step=%d ibuf=%s",step,ibuf);*/
3919 + if(step == 3 && !strcmp(amode,"ECB"))
3920 + {
3921 + memset(iVec, 0, sizeof(iVec));
3922 + step = (dir)? 4: 5; /* no ivec for ECB */
3923 + }
3924 + switch (step)
3925 + {
3926 + case 0: /* read preamble */
3927 + if (ibuf[0] == '\n')
3928 + { /* end of preamble */
3929 + if (*amode == '\0')
3930 + {
3931 + printf("Missing Mode\n");
3932 + err = 1;
3933 + }
3934 + else
3935 + {
3936 + fputs(ibuf, rfp);
3937 + ++ step;
3938 + }
3939 + }
3940 + else if (ibuf[0] != '#')
3941 + {
3942 + printf("Invalid preamble item: %s\n", ibuf);
3943 + err = 1;
3944 + }
3945 + else
3946 + { /* process preamble */
3947 + char *xp, *pp = ibuf+2;
3948 + int n;
3949 + if(*amode)
3950 + { /* insert current time & date */
3951 + time_t rtim = time(0);
3952 + fprintf(rfp, "# %s", ctime(&rtim));
3953 + }
3954 + else
3955 + {
3956 + fputs(ibuf, rfp);
3957 + if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4)
3958 + || !strncmp(pp,"TDES ",5)
3959 + || !strncmp(pp,"PERMUTATION ",12)
3960 + || !strncmp(pp,"SUBSTITUTION ",13)
3961 + || !strncmp(pp,"VARIABLE ",9))
3962 + {
3963 + /* get test type */
3964 + if(!strncmp(pp,"DES ",4))
3965 + pp+=4;
3966 + else if(!strncmp(pp,"TDES ",5))
3967 + pp+=5;
3968 + xp = strchr(pp, ' ');
3969 + n = xp-pp;
3970 + strncpy(atest, pp, n);
3971 + atest[n] = '\0';
3972 + /* get mode */
3973 + xp = strrchr(pp, ' '); /* get mode" */
3974 + n = strlen(xp+1)-1;
3975 + strncpy(amode, xp+1, n);
3976 + amode[n] = '\0';
3977 + /* amode[3] = '\0'; */
3978 + if (VERBOSE)
3979 + printf("Test=%s, Mode=%s\n",atest,amode);
3980 + }
3981 + }
3982 + }
3983 + break;
3984 +
3985 + case 1: /* [ENCRYPT] | [DECRYPT] */
3986 + if(ibuf[0] == '\n')
3987 + break;
3988 + if (ibuf[0] == '[')
3989 + {
3990 + fputs(ibuf, rfp);
3991 + ++step;
3992 + if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
3993 + dir = 1;
3994 + else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
3995 + dir = 0;
3996 + else
3997 + {
3998 + printf("Invalid keyword: %s\n", ibuf);
3999 + err = 1;
4000 + }
4001 + break;
4002 + }
4003 + else if (dir == -1)
4004 + {
4005 + err = 1;
4006 + printf("Missing ENCRYPT/DECRYPT keyword\n");
4007 + break;
4008 + }
4009 + else
4010 + step = 2;
4011 +
4012 + case 2: /* KEY = xxxx */
4013 + if(*ibuf == '\n')
4014 + {
4015 + fputs(ibuf, rfp);
4016 + break;
4017 + }
4018 + if(!strncasecmp(ibuf,"COUNT = ",8))
4019 + {
4020 + fputs(ibuf, rfp);
4021 + break;
4022 + }
4023 + if(!strncasecmp(ibuf,"COUNT=",6))
4024 + {
4025 + fputs(ibuf, rfp);
4026 + break;
4027 + }
4028 + if(!strncasecmp(ibuf,"NumKeys = ",10))
4029 + {
4030 + numkeys=atoi(ibuf+10);
4031 + break;
4032 + }
4033 +
4034 + fputs(ibuf, rfp);
4035 + if(!strncasecmp(ibuf,"KEY = ",6))
4036 + {
4037 + akeysz=64;
4038 + len = hex2bin((char*)ibuf+6, aKey);
4039 + if (len < 0)
4040 + {
4041 + printf("Invalid KEY\n");
4042 + err=1;
4043 + break;
4044 + }
4045 + PrintValue("KEY", aKey, len);
4046 + ++step;
4047 + }
4048 + else if(!strncasecmp(ibuf,"KEYs = ",7))
4049 + {
4050 + akeysz=64*3;
4051 + len=hex2bin(ibuf+7,aKey);
4052 + if(len != 8)
4053 + {
4054 + printf("Invalid KEY\n");
4055 + err=1;
4056 + break;
4057 + }
4058 + memcpy(aKey+8,aKey,8);
4059 + memcpy(aKey+16,aKey,8);
4060 + ibuf[4]='\0';
4061 + PrintValue("KEYs",aKey,len);
4062 + ++step;
4063 + }
4064 + else if(!strncasecmp(ibuf,"KEY",3))
4065 + {
4066 + int n=ibuf[3]-'1';
4067 +
4068 + akeysz=64*3;
4069 + len=hex2bin(ibuf+7,aKey+n*8);
4070 + if(len != 8)
4071 + {
4072 + printf("Invalid KEY\n");
4073 + err=1;
4074 + break;
4075 + }
4076 + ibuf[4]='\0';
4077 + PrintValue(ibuf,aKey,len);
4078 + if(n == 2)
4079 + ++step;
4080 + }
4081 + else
4082 + {
4083 + printf("Missing KEY\n");
4084 + err = 1;
4085 + }
4086 + break;
4087 +
4088 + case 3: /* IV = xxxx */
4089 + fputs(ibuf, rfp);
4090 + if (strncasecmp(ibuf, "IV = ", 5) != 0)
4091 + {
4092 + printf("Missing IV\n");
4093 + err = 1;
4094 + }
4095 + else
4096 + {
4097 + len = hex2bin((char*)ibuf+5, iVec);
4098 + if (len < 0)
4099 + {
4100 + printf("Invalid IV\n");
4101 + err =1;
4102 + break;
4103 + }
4104 + PrintValue("IV", iVec, len);
4105 + step = (dir)? 4: 5;
4106 + }
4107 + break;
4108 +
4109 + case 4: /* PLAINTEXT = xxxx */
4110 + fputs(ibuf, rfp);
4111 + if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
4112 + {
4113 + printf("Missing PLAINTEXT\n");
4114 + err = 1;
4115 + }
4116 + else
4117 + {
4118 + int nn = strlen(ibuf+12);
4119 + if(!strcmp(amode,"CFB1"))
4120 + len=bint2bin(ibuf+12,nn-1,plaintext);
4121 + else
4122 + len=hex2bin(ibuf+12, plaintext);
4123 + if (len < 0)
4124 + {
4125 + printf("Invalid PLAINTEXT: %s", ibuf+12);
4126 + err =1;
4127 + break;
4128 + }
4129 + if (len >= sizeof(plaintext))
4130 + {
4131 + printf("Buffer overflow\n");
4132 + }
4133 + PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
4134 + if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
4135 + {
4136 + do_mct(amode,akeysz,numkeys,aKey,iVec,dir,plaintext,len,rfp);
4137 + }
4138 + else
4139 + {
4140 + assert(dir == 1);
4141 + ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
4142 + dir, /* 0 = decrypt, 1 = encrypt */
4143 + ciphertext, plaintext, len);
4144 + OutputValue("CIPHERTEXT",ciphertext,len,rfp,
4145 + !strcmp(amode,"CFB1"));
4146 + }
4147 + step = 6;
4148 + }
4149 + break;
4150 +
4151 + case 5: /* CIPHERTEXT = xxxx */
4152 + fputs(ibuf, rfp);
4153 + if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
4154 + {
4155 + printf("Missing KEY\n");
4156 + err = 1;
4157 + }
4158 + else
4159 + {
4160 + if(!strcmp(amode,"CFB1"))
4161 + len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
4162 + else
4163 + len = hex2bin(ibuf+13,ciphertext);
4164 + if (len < 0)
4165 + {
4166 + printf("Invalid CIPHERTEXT\n");
4167 + err =1;
4168 + break;
4169 + }
4170 +
4171 + PrintValue("CIPHERTEXT", ciphertext, len);
4172 + if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
4173 + {
4174 + do_mct(amode, akeysz, numkeys, aKey, iVec,
4175 + dir, ciphertext, len, rfp);
4176 + }
4177 + else
4178 + {
4179 + assert(dir == 0);
4180 + ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
4181 + dir, /* 0 = decrypt, 1 = encrypt */
4182 + plaintext, ciphertext, len);
4183 + OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
4184 + !strcmp(amode,"CFB1"));
4185 + }
4186 + step = 6;
4187 + }
4188 + break;
4189 +
4190 + case 6:
4191 + if (ibuf[0] != '\n')
4192 + {
4193 + err = 1;
4194 + printf("Missing terminator\n");
4195 + }
4196 + else if (strcmp(atest, "MCT") != 0)
4197 + { /* MCT already added terminating nl */
4198 + fputs(ibuf, rfp);
4199 + }
4200 + step = 1;
4201 + break;
4202 + }
4203 + }
4204 + if (rfp)
4205 + fclose(rfp);
4206 + if (afp)
4207 + fclose(afp);
4208 + return err;
4209 + }
4210 +
4211 +/*--------------------------------------------------
4212 + Processes either a single file or
4213 + a set of files whose names are passed in a file.
4214 + A single file is specified as:
4215 + aes_test -f xxx.req
4216 + A set of files is specified as:
4217 + aes_test -d xxxxx.xxx
4218 + The default is: -d req.txt
4219 +--------------------------------------------------*/
4220 +int main(int argc, char **argv)
4221 + {
4222 + char *rqlist = "req.txt", *rspfile = NULL;
4223 + FILE *fp = NULL;
4224 + char fn[250] = "", rfn[256] = "";
4225 + int f_opt = 0, d_opt = 1;
4226 +
4227 +#ifdef OPENSSL_FIPS
4228 + if(!FIPS_mode_set(1))
4229 + {
4230 + do_print_errors();
4231 + EXIT(1);
4232 + }
4233 +#endif
4234 + if (argc > 1)
4235 + {
4236 + if (strcasecmp(argv[1], "-d") == 0)
4237 + {
4238 + d_opt = 1;
4239 + }
4240 + else if (strcasecmp(argv[1], "-f") == 0)
4241 + {
4242 + f_opt = 1;
4243 + d_opt = 0;
4244 + }
4245 + else
4246 + {
4247 + printf("Invalid parameter: %s\n", argv[1]);
4248 + return 0;
4249 + }
4250 + if (argc < 3)
4251 + {
4252 + printf("Missing parameter\n");
4253 + return 0;
4254 + }
4255 + if (d_opt)
4256 + rqlist = argv[2];
4257 + else
4258 + {
4259 + strcpy(fn, argv[2]);
4260 + rspfile = argv[3];
4261 + }
4262 + }
4263 + if (d_opt)
4264 + { /* list of files (directory) */
4265 + if (!(fp = fopen(rqlist, "r")))
4266 + {
4267 + printf("Cannot open req list file\n");
4268 + return -1;
4269 + }
4270 + while (fgets(fn, sizeof(fn), fp))
4271 + {
4272 + strtok(fn, "\r\n");
4273 + strcpy(rfn, fn);
4274 + printf("Processing: %s\n", rfn);
4275 + if (proc_file(rfn, rspfile))
4276 + {
4277 + printf(">>> Processing failed for: %s <<<\n", rfn);
4278 + EXIT(1);
4279 + }
4280 + }
4281 + fclose(fp);
4282 + }
4283 + else /* single file */
4284 + {
4285 + if (VERBOSE)
4286 + printf("Processing: %s\n", fn);
4287 + if (proc_file(fn, rspfile))
4288 + {
4289 + printf(">>> Processing failed for: %s <<<\n", fn);
4290 + }
4291 + }
4292 + EXIT(0);
4293 + return 0;
4294 + }
4295 +
4296 +#endif
4297 diff -up openssl-1.0.1b/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_dhvs.c
4298 --- openssl-1.0.1b/crypto/fips/cavs/fips_dhvs.c.fips 2012-04-26 18:00:51.398769255 +0200
4299 +++ openssl-1.0.1b/crypto/fips/cavs/fips_dhvs.c 2012-04-26 18:00:51.398769255 +0200
4300 @@ -0,0 +1,292 @@
4301 +/* fips/dh/fips_dhvs.c */
4302 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4303 + * project.
4304 + */
4305 +/* ====================================================================
4306 + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
4307 + *
4308 + * Redistribution and use in source and binary forms, with or without
4309 + * modification, are permitted provided that the following conditions
4310 + * are met:
4311 + *
4312 + * 1. Redistributions of source code must retain the above copyright
4313 + * notice, this list of conditions and the following disclaimer.
4314 + *
4315 + * 2. Redistributions in binary form must reproduce the above copyright
4316 + * notice, this list of conditions and the following disclaimer in
4317 + * the documentation and/or other materials provided with the
4318 + * distribution.
4319 + *
4320 + * 3. All advertising materials mentioning features or use of this
4321 + * software must display the following acknowledgment:
4322 + * "This product includes software developed by the OpenSSL Project
4323 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
4324 + *
4325 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
4326 + * endorse or promote products derived from this software without
4327 + * prior written permission. For written permission, please contact
4328 + * licensing@OpenSSL.org.
4329 + *
4330 + * 5. Products derived from this software may not be called "OpenSSL"
4331 + * nor may "OpenSSL" appear in their names without prior written
4332 + * permission of the OpenSSL Project.
4333 + *
4334 + * 6. Redistributions of any form whatsoever must retain the following
4335 + * acknowledgment:
4336 + * "This product includes software developed by the OpenSSL Project
4337 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
4338 + *
4339 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
4340 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4341 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
4342 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
4343 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
4344 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
4345 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
4346 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4347 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
4348 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
4349 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
4350 + * OF THE POSSIBILITY OF SUCH DAMAGE.
4351 + * ====================================================================
4352 + */
4353 +
4354 +
4355 +#define OPENSSL_FIPSAPI
4356 +#include <openssl/opensslconf.h>
4357 +
4358 +#ifndef OPENSSL_FIPS
4359 +#include <stdio.h>
4360 +
4361 +int main(int argc, char **argv)
4362 +{
4363 + printf("No FIPS DH support\n");
4364 + return(0);
4365 +}
4366 +#else
4367 +
4368 +#include <openssl/crypto.h>
4369 +#include <openssl/bn.h>
4370 +#include <openssl/dh.h>
4371 +#include <openssl/fips.h>
4372 +#include <openssl/err.h>
4373 +#include <openssl/evp.h>
4374 +#include <string.h>
4375 +#include <ctype.h>
4376 +
4377 +#include "fips_utl.h"
4378 +
4379 +static const EVP_MD *parse_md(char *line)
4380 + {
4381 + char *p;
4382 + if (line[0] != '[' || line[1] != 'F')
4383 + return NULL;
4384 + p = strchr(line, '-');
4385 + if (!p)
4386 + return NULL;
4387 + line = p + 1;
4388 + p = strchr(line, ']');
4389 + if (!p)
4390 + return NULL;
4391 + *p = 0;
4392 + p = line;
4393 + while(isspace(*p))
4394 + p++;
4395 + if (!strcmp(p, "SHA1"))
4396 + return EVP_sha1();
4397 + else if (!strcmp(p, "SHA224"))
4398 + return EVP_sha224();
4399 + else if (!strcmp(p, "SHA256"))
4400 + return EVP_sha256();
4401 + else if (!strcmp(p, "SHA384"))
4402 + return EVP_sha384();
4403 + else if (!strcmp(p, "SHA512"))
4404 + return EVP_sha512();
4405 + else
4406 + return NULL;
4407 + }
4408 +
4409 +static void output_Zhash(FILE *out, int exout,
4410 + DH *dh, BIGNUM *peerkey, const EVP_MD *md,
4411 + unsigned char *rhash, size_t rhashlen)
4412 + {
4413 + unsigned char *Z;
4414 + unsigned char chash[EVP_MAX_MD_SIZE];
4415 + int Zlen;
4416 + if (rhash == NULL)
4417 + {
4418 + rhashlen = M_EVP_MD_size(md);
4419 + if (!DH_generate_key(dh))
4420 + exit (1);
4421 + do_bn_print_name(out, "YephemIUT", dh->pub_key);
4422 + if (exout)
4423 + do_bn_print_name(out, "XephemIUT", dh->priv_key);
4424 + }
4425 + Z = OPENSSL_malloc(BN_num_bytes(dh->p));
4426 + if (!Z)
4427 + exit(1);
4428 + Zlen = DH_compute_key_padded(Z, peerkey, dh);
4429 + if (exout)
4430 + OutputValue("Z", Z, Zlen, out, 0);
4431 + FIPS_digest(Z, Zlen, chash, NULL, md);
4432 + OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0);
4433 + if (rhash)
4434 + {
4435 + fprintf(out, "Result = %s\n",
4436 + memcmp(chash, rhash, rhashlen) ? "F" : "P");
4437 + }
4438 + else
4439 + {
4440 + BN_clear_free(dh->priv_key);
4441 + BN_clear_free(dh->pub_key);
4442 + dh->priv_key = NULL;
4443 + dh->pub_key = NULL;
4444 + }
4445 + OPENSSL_cleanse(Z, Zlen);
4446 + OPENSSL_free(Z);
4447 + }
4448 +
4449 +#ifdef FIPS_ALGVS
4450 +int fips_dhvs_main(int argc, char **argv)
4451 +#else
4452 +int main(int argc, char **argv)
4453 +#endif
4454 + {
4455 + char **args = argv + 1;
4456 + int argn = argc - 1;
4457 + FILE *in, *out;
4458 + char buf[2048], lbuf[2048];
4459 + unsigned char *rhash;
4460 + long rhashlen;
4461 + DH *dh = NULL;
4462 + const EVP_MD *md = NULL;
4463 + BIGNUM *peerkey = NULL;
4464 + char *keyword = NULL, *value = NULL;
4465 + int do_verify = -1, exout = 0;
4466 +
4467 + fips_algtest_init();
4468 +
4469 + if (argn && !strcmp(*args, "dhver"))
4470 + {
4471 + do_verify = 1;
4472 + args++;
4473 + argn--;
4474 + }
4475 + else if (argn && !strcmp(*args, "dhgen"))
4476 + {
4477 + do_verify = 0;
4478 + args++;
4479 + argn--;
4480 + }
4481 +
4482 + if (argn && !strcmp(*args, "-exout"))
4483 + {
4484 + exout = 1;
4485 + args++;
4486 + argn--;
4487 + }
4488 +
4489 + if (do_verify == -1)
4490 + {
4491 + fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
4492 + exit(1);
4493 + }
4494 +
4495 + if (argn == 2)
4496 + {
4497 + in = fopen(*args, "r");
4498 + if (!in)
4499 + {
4500 + fprintf(stderr, "Error opening input file\n");
4501 + exit(1);
4502 + }
4503 + out = fopen(args[1], "w");
4504 + if (!out)
4505 + {
4506 + fprintf(stderr, "Error opening output file\n");
4507 + exit(1);
4508 + }
4509 + }
4510 + else if (argn == 0)
4511 + {
4512 + in = stdin;
4513 + out = stdout;
4514 + }
4515 + else
4516 + {
4517 + fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
4518 + exit(1);
4519 + }
4520 +
4521 + dh = FIPS_dh_new();
4522 +
4523 + while (fgets(buf, sizeof(buf), in) != NULL)
4524 + {
4525 + fputs(buf, out);
4526 + if (strlen(buf) > 6 && !strncmp(buf, "[F", 2))
4527 + {
4528 + md = parse_md(buf);
4529 + if (md == NULL)
4530 + goto parse_error;
4531 + if (dh)
4532 + FIPS_dh_free(dh);
4533 + dh = FIPS_dh_new();
4534 + continue;
4535 + }
4536 + if (!parse_line(&keyword, &value, lbuf, buf))
4537 + continue;
4538 + if (!strcmp(keyword, "P"))
4539 + {
4540 + if (!do_hex2bn(&dh->p, value))
4541 + goto parse_error;
4542 + }
4543 + else if (!strcmp(keyword, "Q"))
4544 + {
4545 + if (!do_hex2bn(&dh->q, value))
4546 + goto parse_error;
4547 + }
4548 + else if (!strcmp(keyword, "G"))
4549 + {
4550 + if (!do_hex2bn(&dh->g, value))
4551 + goto parse_error;
4552 + }
4553 + else if (!strcmp(keyword, "XephemIUT"))
4554 + {
4555 + if (!do_hex2bn(&dh->priv_key, value))
4556 + goto parse_error;
4557 + }
4558 + else if (!strcmp(keyword, "YephemIUT"))
4559 + {
4560 + if (!do_hex2bn(&dh->pub_key, value))
4561 + goto parse_error;
4562 + }
4563 + else if (!strcmp(keyword, "YephemCAVS"))
4564 + {
4565 + if (!do_hex2bn(&peerkey, value))
4566 + goto parse_error;
4567 + if (do_verify == 0)
4568 + output_Zhash(out, exout, dh, peerkey, md,
4569 + NULL, 0);
4570 + }
4571 + else if (!strcmp(keyword, "CAVSHashZZ"))
4572 + {
4573 + if (!md)
4574 + goto parse_error;
4575 + rhash = hex2bin_m(value, &rhashlen);
4576 + if (!rhash || rhashlen != M_EVP_MD_size(md))
4577 + goto parse_error;
4578 + output_Zhash(out, exout, dh, peerkey, md,
4579 + rhash, rhashlen);
4580 + }
4581 + }
4582 + if (in && in != stdin)
4583 + fclose(in);
4584 + if (out && out != stdout)
4585 + fclose(out);
4586 + return 0;
4587 + parse_error:
4588 + fprintf(stderr, "Error Parsing request file\n");
4589 + exit(1);
4590 + }
4591 +
4592 +#endif
4593 diff -up openssl-1.0.1b/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_drbgvs.c
4594 --- openssl-1.0.1b/crypto/fips/cavs/fips_drbgvs.c.fips 2012-04-26 18:00:51.398769255 +0200
4595 +++ openssl-1.0.1b/crypto/fips/cavs/fips_drbgvs.c 2012-04-26 18:00:51.398769255 +0200
4596 @@ -0,0 +1,416 @@
4597 +/* fips/rand/fips_drbgvs.c */
4598 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4599 + * project.
4600 + */
4601 +/* ====================================================================
4602 + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
4603 + *
4604 + * Redistribution and use in source and binary forms, with or without
4605 + * modification, are permitted provided that the following conditions
4606 + * are met:
4607 + *
4608 + * 1. Redistributions of source code must retain the above copyright
4609 + * notice, this list of conditions and the following disclaimer.
4610 + *
4611 + * 2. Redistributions in binary form must reproduce the above copyright
4612 + * notice, this list of conditions and the following disclaimer in
4613 + * the documentation and/or other materials provided with the
4614 + * distribution.
4615 + *
4616 + * 3. All advertising materials mentioning features or use of this
4617 + * software must display the following acknowledgment:
4618 + * "This product includes software developed by the OpenSSL Project
4619 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
4620 + *
4621 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
4622 + * endorse or promote products derived from this software without
4623 + * prior written permission. For written permission, please contact
4624 + * licensing@OpenSSL.org.
4625 + *
4626 + * 5. Products derived from this software may not be called "OpenSSL"
4627 + * nor may "OpenSSL" appear in their names without prior written
4628 + * permission of the OpenSSL Project.
4629 + *
4630 + * 6. Redistributions of any form whatsoever must retain the following
4631 + * acknowledgment:
4632 + * "This product includes software developed by the OpenSSL Project
4633 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
4634 + *
4635 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
4636 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4637 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
4638 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
4639 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
4640 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
4641 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
4642 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4643 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
4644 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
4645 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
4646 + * OF THE POSSIBILITY OF SUCH DAMAGE.
4647 + * ====================================================================
4648 + */
4649 +
4650 +
4651 +#define OPENSSL_FIPSAPI
4652 +#include <openssl/opensslconf.h>
4653 +
4654 +#ifndef OPENSSL_FIPS
4655 +#include <stdio.h>
4656 +
4657 +int main(int argc, char **argv)
4658 +{
4659 + printf("No FIPS DRBG support\n");
4660 + return(0);
4661 +}
4662 +#else
4663 +
4664 +#include <openssl/bn.h>
4665 +#include <openssl/dsa.h>
4666 +#include <openssl/fips.h>
4667 +#include <openssl/fips_rand.h>
4668 +#include <openssl/err.h>
4669 +#include <openssl/evp.h>
4670 +#include <string.h>
4671 +#include <ctype.h>
4672 +
4673 +#include "fips_utl.h"
4674 +
4675 +static int dparse_md(char *str)
4676 + {
4677 + switch(atoi(str + 5))
4678 + {
4679 + case 1:
4680 + return NID_sha1;
4681 +
4682 + case 224:
4683 + return NID_sha224;
4684 +
4685 + case 256:
4686 + return NID_sha256;
4687 +
4688 + case 384:
4689 + return NID_sha384;
4690 +
4691 + case 512:
4692 + return NID_sha512;
4693 +
4694 + }
4695 +
4696 + return NID_undef;
4697 + }
4698 +
4699 +static int parse_ec(char *str)
4700 + {
4701 + int curve_nid, md_nid;
4702 + char *md;
4703 + md = strchr(str, ' ');
4704 + if (!md)
4705 + return NID_undef;
4706 + if (!strncmp(str, "[P-256", 6))
4707 + curve_nid = NID_X9_62_prime256v1;
4708 + else if (!strncmp(str, "[P-384", 6))
4709 + curve_nid = NID_secp384r1;
4710 + else if (!strncmp(str, "[P-521", 6))
4711 + curve_nid = NID_secp521r1;
4712 + else
4713 + return NID_undef;
4714 + md_nid = dparse_md(md);
4715 + if (md_nid == NID_undef)
4716 + return NID_undef;
4717 + return (curve_nid << 16) | md_nid;
4718 + }
4719 +
4720 +static int parse_aes(char *str, int *pdf)
4721 + {
4722 +
4723 + if (!strncmp(str + 9, "no", 2))
4724 + *pdf = 0;
4725 + else
4726 + *pdf = DRBG_FLAG_CTR_USE_DF;
4727 +
4728 + switch(atoi(str + 5))
4729 + {
4730 + case 128:
4731 + return NID_aes_128_ctr;
4732 +
4733 + case 192:
4734 + return NID_aes_192_ctr;
4735 +
4736 + case 256:
4737 + return NID_aes_256_ctr;
4738 +
4739 + default:
4740 + return NID_undef;
4741 +
4742 + }
4743 + }
4744 +
4745 +typedef struct
4746 + {
4747 + unsigned char *ent;
4748 + size_t entlen;
4749 + unsigned char *nonce;
4750 + size_t noncelen;
4751 + } TEST_ENT;
4752 +
4753 +static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
4754 + int entropy, size_t min_len, size_t max_len)
4755 + {
4756 + TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
4757 + *pout = (unsigned char *)t->ent;
4758 + return t->entlen;
4759 + }
4760 +
4761 +static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
4762 + int entropy, size_t min_len, size_t max_len)
4763 + {
4764 + TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
4765 + *pout = (unsigned char *)t->nonce;
4766 + return t->noncelen;
4767 + }
4768 +
4769 +#ifdef FIPS_ALGVS
4770 +int fips_drbgvs_main(int argc,char **argv)
4771 +#else
4772 +int main(int argc,char **argv)
4773 +#endif
4774 + {
4775 + FILE *in = NULL, *out = NULL;
4776 + DRBG_CTX *dctx = NULL;
4777 + TEST_ENT t;
4778 + int r, nid = 0;
4779 + int pr = 0;
4780 + char buf[2048], lbuf[2048];
4781 + unsigned char randout[2048];
4782 + char *keyword = NULL, *value = NULL;
4783 +
4784 + unsigned char *ent = NULL, *nonce = NULL, *pers = NULL, *adin = NULL;
4785 + long entlen, noncelen, perslen, adinlen;
4786 + int df = 0;
4787 +
4788 + enum dtype { DRBG_NONE, DRBG_CTR, DRBG_HASH, DRBG_HMAC, DRBG_DUAL_EC }
4789 + drbg_type = DRBG_NONE;
4790 +
4791 + int randoutlen = 0;
4792 +
4793 + int gen = 0;
4794 +
4795 + fips_algtest_init();
4796 +
4797 + if (argc == 3)
4798 + {
4799 + in = fopen(argv[1], "r");
4800 + if (!in)
4801 + {
4802 + fprintf(stderr, "Error opening input file\n");
4803 + exit(1);
4804 + }
4805 + out = fopen(argv[2], "w");
4806 + if (!out)
4807 + {
4808 + fprintf(stderr, "Error opening output file\n");
4809 + exit(1);
4810 + }
4811 + }
4812 + else if (argc == 1)
4813 + {
4814 + in = stdin;
4815 + out = stdout;
4816 + }
4817 + else
4818 + {
4819 + fprintf(stderr,"%s (infile outfile)\n",argv[0]);
4820 + exit(1);
4821 + }
4822 +
4823 + while (fgets(buf, sizeof(buf), in) != NULL)
4824 + {
4825 + fputs(buf, out);
4826 + if (drbg_type == DRBG_NONE)
4827 + {
4828 + if (strstr(buf, "CTR_DRBG"))
4829 + drbg_type = DRBG_CTR;
4830 + else if (strstr(buf, "Hash_DRBG"))
4831 + drbg_type = DRBG_HASH;
4832 + else if (strstr(buf, "HMAC_DRBG"))
4833 + drbg_type = DRBG_HMAC;
4834 + else if (strstr(buf, "Dual_EC_DRBG"))
4835 + drbg_type = DRBG_DUAL_EC;
4836 + else
4837 + continue;
4838 + }
4839 + if (strlen(buf) > 4 && !strncmp(buf, "[SHA-", 5))
4840 + {
4841 + nid = dparse_md(buf);
4842 + if (nid == NID_undef)
4843 + exit(1);
4844 + if (drbg_type == DRBG_HMAC)
4845 + {
4846 + switch (nid)
4847 + {
4848 + case NID_sha1:
4849 + nid = NID_hmacWithSHA1;
4850 + break;
4851 +
4852 + case NID_sha224:
4853 + nid = NID_hmacWithSHA224;
4854 + break;
4855 +
4856 + case NID_sha256:
4857 + nid = NID_hmacWithSHA256;
4858 + break;
4859 +
4860 + case NID_sha384:
4861 + nid = NID_hmacWithSHA384;
4862 + break;
4863 +
4864 + case NID_sha512:
4865 + nid = NID_hmacWithSHA512;
4866 + break;
4867 +
4868 + default:
4869 + exit(1);
4870 + }
4871 + }
4872 + }
4873 + if (strlen(buf) > 12 && !strncmp(buf, "[AES-", 5))
4874 + {
4875 + nid = parse_aes(buf, &df);
4876 + if (nid == NID_undef)
4877 + exit(1);
4878 + }
4879 + if (strlen(buf) > 12 && !strncmp(buf, "[P-", 3))
4880 + {
4881 + nid = parse_ec(buf);
4882 + if (nid == NID_undef)
4883 + exit(1);
4884 + }
4885 + if (!parse_line(&keyword, &value, lbuf, buf))
4886 + continue;
4887 +
4888 + if (!strcmp(keyword, "[PredictionResistance"))
4889 + {
4890 + if (!strcmp(value, "True]"))
4891 + pr = 1;
4892 + else if (!strcmp(value, "False]"))
4893 + pr = 0;
4894 + else
4895 + exit(1);
4896 + }
4897 +
4898 + if (!strcmp(keyword, "EntropyInput"))
4899 + {
4900 + ent = hex2bin_m(value, &entlen);
4901 + t.ent = ent;
4902 + t.entlen = entlen;
4903 + }
4904 +
4905 + if (!strcmp(keyword, "Nonce"))
4906 + {
4907 + nonce = hex2bin_m(value, &noncelen);
4908 + t.nonce = nonce;
4909 + t.noncelen = noncelen;
4910 + }
4911 +
4912 + if (!strcmp(keyword, "PersonalizationString"))
4913 + {
4914 + pers = hex2bin_m(value, &perslen);
4915 + if (nid == 0)
4916 + {
4917 + fprintf(stderr, "DRBG type not recognised!\n");
4918 + exit (1);
4919 + }
4920 + dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST);
4921 + if (!dctx)
4922 + exit (1);
4923 + FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0,
4924 + test_nonce, 0);
4925 + FIPS_drbg_set_app_data(dctx, &t);
4926 + randoutlen = (int)FIPS_drbg_get_blocklength(dctx);
4927 + r = FIPS_drbg_instantiate(dctx, pers, perslen);
4928 + if (!r)
4929 + {
4930 + fprintf(stderr, "Error instantiating DRBG\n");
4931 + exit(1);
4932 + }
4933 + OPENSSL_free(pers);
4934 + OPENSSL_free(ent);
4935 + OPENSSL_free(nonce);
4936 + ent = nonce = pers = NULL;
4937 + gen = 0;
4938 + }
4939 +
4940 + if (!strcmp(keyword, "AdditionalInput"))
4941 + {
4942 + adin = hex2bin_m(value, &adinlen);
4943 + if (pr)
4944 + continue;
4945 + r = FIPS_drbg_generate(dctx, randout, randoutlen, 0,
4946 + adin, adinlen);
4947 + if (!r)
4948 + {
4949 + fprintf(stderr, "Error generating DRBG bits\n");
4950 + exit(1);
4951 + }
4952 + if (!r)
4953 + exit(1);
4954 + OPENSSL_free(adin);
4955 + adin = NULL;
4956 + gen++;
4957 + }
4958 +
4959 + if (pr)
4960 + {
4961 + if (!strcmp(keyword, "EntropyInputPR"))
4962 + {
4963 + ent = hex2bin_m(value, &entlen);
4964 + t.ent = ent;
4965 + t.entlen = entlen;
4966 + r = FIPS_drbg_generate(dctx,
4967 + randout, randoutlen,
4968 + 1, adin, adinlen);
4969 + if (!r)
4970 + {
4971 + fprintf(stderr,
4972 + "Error generating DRBG bits\n");
4973 + exit(1);
4974 + }
4975 + OPENSSL_free(adin);
4976 + OPENSSL_free(ent);
4977 + adin = ent = NULL;
4978 + gen++;
4979 + }
4980 + }
4981 + if (!strcmp(keyword, "EntropyInputReseed"))
4982 + {
4983 + ent = hex2bin_m(value, &entlen);
4984 + t.ent = ent;
4985 + t.entlen = entlen;
4986 + }
4987 + if (!strcmp(keyword, "AdditionalInputReseed"))
4988 + {
4989 + adin = hex2bin_m(value, &adinlen);
4990 + FIPS_drbg_reseed(dctx, adin, adinlen);
4991 + OPENSSL_free(ent);
4992 + OPENSSL_free(adin);
4993 + ent = adin = NULL;
4994 + }
4995 + if (gen == 2)
4996 + {
4997 + OutputValue("ReturnedBits", randout, randoutlen,
4998 + out, 0);
4999 + FIPS_drbg_free(dctx);
5000 + dctx = NULL;
5001 + gen = 0;
5002 + }
5003 +
5004 + }
5005 + if (in && in != stdin)
5006 + fclose(in);
5007 + if (out && out != stdout)
5008 + fclose(out);
5009 + return 0;
5010 + }
5011 +
5012 +#endif
5013 diff -up openssl-1.0.1b/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_dssvs.c
5014 --- openssl-1.0.1b/crypto/fips/cavs/fips_dssvs.c.fips 2012-04-26 18:00:51.398769255 +0200
5015 +++ openssl-1.0.1b/crypto/fips/cavs/fips_dssvs.c 2012-04-26 18:00:51.398769255 +0200
5016 @@ -0,0 +1,537 @@
5017 +#include <openssl/opensslconf.h>
5018 +
5019 +#ifndef OPENSSL_FIPS
5020 +#include <stdio.h>
5021 +
5022 +int main(int argc, char **argv)
5023 +{
5024 + printf("No FIPS DSA support\n");
5025 + return(0);
5026 +}
5027 +#else
5028 +
5029 +#include <openssl/bn.h>
5030 +#include <openssl/dsa.h>
5031 +#include <openssl/fips.h>
5032 +#include <openssl/err.h>
5033 +#include <openssl/evp.h>
5034 +#include <string.h>
5035 +#include <ctype.h>
5036 +
5037 +#include "fips_utl.h"
5038 +
5039 +static void pbn(const char *name, BIGNUM *bn)
5040 + {
5041 + int len, i;
5042 + unsigned char *tmp;
5043 + len = BN_num_bytes(bn);
5044 + tmp = OPENSSL_malloc(len);
5045 + if (!tmp)
5046 + {
5047 + fprintf(stderr, "Memory allocation error\n");
5048 + return;
5049 + }
5050 + BN_bn2bin(bn, tmp);
5051 + printf("%s = ", name);
5052 + for (i = 0; i < len; i++)
5053 + printf("%02X", tmp[i]);
5054 + fputs("\n", stdout);
5055 + OPENSSL_free(tmp);
5056 + return;
5057 + }
5058 +
5059 +void primes()
5060 + {
5061 + char buf[10240];
5062 + char lbuf[10240];
5063 + char *keyword, *value;
5064 +
5065 + while(fgets(buf,sizeof buf,stdin) != NULL)
5066 + {
5067 + fputs(buf,stdout);
5068 + if (!parse_line(&keyword, &value, lbuf, buf))
5069 + continue;
5070 + if(!strcmp(keyword,"Prime"))
5071 + {
5072 + BIGNUM *pp;
5073 +
5074 + pp=BN_new();
5075 + do_hex2bn(&pp,value);
5076 + printf("result= %c\n",
5077 + BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
5078 + }
5079 + }
5080 + }
5081 +
5082 +void pqg()
5083 + {
5084 + char buf[1024];
5085 + char lbuf[1024];
5086 + char *keyword, *value;
5087 + int nmod=0;
5088 +
5089 + while(fgets(buf,sizeof buf,stdin) != NULL)
5090 + {
5091 + if (!parse_line(&keyword, &value, lbuf, buf))
5092 + {
5093 + fputs(buf,stdout);
5094 + continue;
5095 + }
5096 + if(!strcmp(keyword,"[mod"))
5097 + nmod=atoi(value);
5098 + else if(!strcmp(keyword,"N"))
5099 + {
5100 + int n=atoi(value);
5101 +
5102 + printf("[mod = %d]\n\n",nmod);
5103 +
5104 + while(n--)
5105 + {
5106 + unsigned char seed[20];
5107 + DSA *dsa;
5108 + int counter;
5109 + unsigned long h;
5110 + dsa = FIPS_dsa_new();
5111 +
5112 + if (!DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL))
5113 + {
5114 + do_print_errors();
5115 + exit(1);
5116 + }
5117 + pbn("P",dsa->p);
5118 + pbn("Q",dsa->q);
5119 + pbn("G",dsa->g);
5120 + pv("Seed",seed,20);
5121 + printf("c = %d\n",counter);
5122 + printf("H = %lx\n",h);
5123 + putc('\n',stdout);
5124 + }
5125 + }
5126 + else
5127 + fputs(buf,stdout);
5128 + }
5129 + }
5130 +
5131 +void pqgver()
5132 + {
5133 + char buf[1024];
5134 + char lbuf[1024];
5135 + char *keyword, *value;
5136 + BIGNUM *p = NULL, *q = NULL, *g = NULL;
5137 + int counter, counter2;
5138 + unsigned long h, h2;
5139 + DSA *dsa=NULL;
5140 + int nmod=0;
5141 + unsigned char seed[1024];
5142 +
5143 + while(fgets(buf,sizeof buf,stdin) != NULL)
5144 + {
5145 + if (!parse_line(&keyword, &value, lbuf, buf))
5146 + {
5147 + fputs(buf,stdout);
5148 + continue;
5149 + }
5150 + fputs(buf, stdout);
5151 + if(!strcmp(keyword,"[mod"))
5152 + nmod=atoi(value);
5153 + else if(!strcmp(keyword,"P"))
5154 + p=hex2bn(value);
5155 + else if(!strcmp(keyword,"Q"))
5156 + q=hex2bn(value);
5157 + else if(!strcmp(keyword,"G"))
5158 + g=hex2bn(value);
5159 + else if(!strcmp(keyword,"Seed"))
5160 + {
5161 + int slen = hex2bin(value, seed);
5162 + if (slen != 20)
5163 + {
5164 + fprintf(stderr, "Seed parse length error\n");
5165 + exit (1);
5166 + }
5167 + }
5168 + else if(!strcmp(keyword,"c"))
5169 + counter =atoi(buf+4);
5170 + else if(!strcmp(keyword,"H"))
5171 + {
5172 + h = atoi(value);
5173 + if (!p || !q || !g)
5174 + {
5175 + fprintf(stderr, "Parse Error\n");
5176 + exit (1);
5177 + }
5178 + dsa = FIPS_dsa_new();
5179 + if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
5180 + {
5181 + do_print_errors();
5182 + exit(1);
5183 + }
5184 + if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
5185 + || (counter != counter2) || (h != h2))
5186 + printf("Result = F\n");
5187 + else
5188 + printf("Result = P\n");
5189 + BN_free(p);
5190 + BN_free(q);
5191 + BN_free(g);
5192 + p = NULL;
5193 + q = NULL;
5194 + g = NULL;
5195 + FIPS_dsa_free(dsa);
5196 + dsa = NULL;
5197 + }
5198 + }
5199 + }
5200 +
5201 +/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
5202 + * algorithm tests. It is an additional test to perform sanity checks on the
5203 + * output of the KeyPair test.
5204 + */
5205 +
5206 +static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
5207 + BN_CTX *ctx)
5208 + {
5209 + BIGNUM *rem = NULL;
5210 + if (BN_num_bits(p) != nmod)
5211 + return 0;
5212 + if (BN_num_bits(q) != 160)
5213 + return 0;
5214 + if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
5215 + return 0;
5216 + if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
5217 + return 0;
5218 + rem = BN_new();
5219 + if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
5220 + || (BN_cmp(g, BN_value_one()) <= 0)
5221 + || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
5222 + {
5223 + BN_free(rem);
5224 + return 0;
5225 + }
5226 + /* Todo: check g */
5227 + BN_free(rem);
5228 + return 1;
5229 + }
5230 +
5231 +void keyver()
5232 + {
5233 + char buf[1024];
5234 + char lbuf[1024];
5235 + char *keyword, *value;
5236 + BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
5237 + BIGNUM *Y2;
5238 + BN_CTX *ctx = NULL;
5239 + int nmod=0, paramcheck = 0;
5240 +
5241 + ctx = BN_CTX_new();
5242 + Y2 = BN_new();
5243 +
5244 + while(fgets(buf,sizeof buf,stdin) != NULL)
5245 + {
5246 + if (!parse_line(&keyword, &value, lbuf, buf))
5247 + {
5248 + fputs(buf,stdout);
5249 + continue;
5250 + }
5251 + if(!strcmp(keyword,"[mod"))
5252 + {
5253 + if (p)
5254 + BN_free(p);
5255 + p = NULL;
5256 + if (q)
5257 + BN_free(q);
5258 + q = NULL;
5259 + if (g)
5260 + BN_free(g);
5261 + g = NULL;
5262 + paramcheck = 0;
5263 + nmod=atoi(value);
5264 + }
5265 + else if(!strcmp(keyword,"P"))
5266 + p=hex2bn(value);
5267 + else if(!strcmp(keyword,"Q"))
5268 + q=hex2bn(value);
5269 + else if(!strcmp(keyword,"G"))
5270 + g=hex2bn(value);
5271 + else if(!strcmp(keyword,"X"))
5272 + X=hex2bn(value);
5273 + else if(!strcmp(keyword,"Y"))
5274 + {
5275 + Y=hex2bn(value);
5276 + if (!p || !q || !g || !X || !Y)
5277 + {
5278 + fprintf(stderr, "Parse Error\n");
5279 + exit (1);
5280 + }
5281 + pbn("P",p);
5282 + pbn("Q",q);
5283 + pbn("G",g);
5284 + pbn("X",X);
5285 + pbn("Y",Y);
5286 + if (!paramcheck)
5287 + {
5288 + if (dss_paramcheck(nmod, p, q, g, ctx))
5289 + paramcheck = 1;
5290 + else
5291 + paramcheck = -1;
5292 + }
5293 + if (paramcheck != 1)
5294 + printf("Result = F\n");
5295 + else
5296 + {
5297 + if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
5298 + printf("Result = F\n");
5299 + else
5300 + printf("Result = P\n");
5301 + }
5302 + BN_free(X);
5303 + BN_free(Y);
5304 + X = NULL;
5305 + Y = NULL;
5306 + }
5307 + }
5308 + if (p)
5309 + BN_free(p);
5310 + if (q)
5311 + BN_free(q);
5312 + if (g)
5313 + BN_free(g);
5314 + if (Y2)
5315 + BN_free(Y2);
5316 + }
5317 +
5318 +void keypair()
5319 + {
5320 + char buf[1024];
5321 + char lbuf[1024];
5322 + char *keyword, *value;
5323 + int nmod=0;
5324 +
5325 + while(fgets(buf,sizeof buf,stdin) != NULL)
5326 + {
5327 + if (!parse_line(&keyword, &value, lbuf, buf))
5328 + {
5329 + fputs(buf,stdout);
5330 + continue;
5331 + }
5332 + if(!strcmp(keyword,"[mod"))
5333 + nmod=atoi(value);
5334 + else if(!strcmp(keyword,"N"))
5335 + {
5336 + DSA *dsa;
5337 + int n=atoi(value);
5338 +
5339 + printf("[mod = %d]\n\n",nmod);
5340 + dsa = FIPS_dsa_new();
5341 + if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
5342 + {
5343 + do_print_errors();
5344 + exit(1);
5345 + }
5346 + pbn("P",dsa->p);
5347 + pbn("Q",dsa->q);
5348 + pbn("G",dsa->g);
5349 + putc('\n',stdout);
5350 +
5351 + while(n--)
5352 + {
5353 + if (!DSA_generate_key(dsa))
5354 + {
5355 + do_print_errors();
5356 + exit(1);
5357 + }
5358 +
5359 + pbn("X",dsa->priv_key);
5360 + pbn("Y",dsa->pub_key);
5361 + putc('\n',stdout);
5362 + }
5363 + }
5364 + }
5365 + }
5366 +
5367 +void siggen()
5368 + {
5369 + char buf[1024];
5370 + char lbuf[1024];
5371 + char *keyword, *value;
5372 + int nmod=0;
5373 + DSA *dsa=NULL;
5374 +
5375 + while(fgets(buf,sizeof buf,stdin) != NULL)
5376 + {
5377 + if (!parse_line(&keyword, &value, lbuf, buf))
5378 + {
5379 + fputs(buf,stdout);
5380 + continue;
5381 + }
5382 + if(!strcmp(keyword,"[mod"))
5383 + {
5384 + nmod=atoi(value);
5385 + printf("[mod = %d]\n\n",nmod);
5386 + if (dsa)
5387 + FIPS_dsa_free(dsa);
5388 + dsa = FIPS_dsa_new();
5389 + if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
5390 + {
5391 + do_print_errors();
5392 + exit(1);
5393 + }
5394 + pbn("P",dsa->p);
5395 + pbn("Q",dsa->q);
5396 + pbn("G",dsa->g);
5397 + putc('\n',stdout);
5398 + }
5399 + else if(!strcmp(keyword,"Msg"))
5400 + {
5401 + unsigned char msg[1024];
5402 + unsigned char sbuf[60];
5403 + unsigned int slen;
5404 + int n;
5405 + EVP_PKEY pk;
5406 + EVP_MD_CTX mctx;
5407 + DSA_SIG *sig;
5408 + EVP_MD_CTX_init(&mctx);
5409 +
5410 + n=hex2bin(value,msg);
5411 + pv("Msg",msg,n);
5412 +
5413 + if (!DSA_generate_key(dsa))
5414 + {
5415 + do_print_errors();
5416 + exit(1);
5417 + }
5418 + pk.type = EVP_PKEY_DSA;
5419 + pk.pkey.dsa = dsa;
5420 + pbn("Y",dsa->pub_key);
5421 +
5422 + EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
5423 + EVP_SignUpdate(&mctx, msg, n);
5424 + EVP_SignFinal(&mctx, sbuf, &slen, &pk);
5425 +
5426 + sig = DSA_SIG_new();
5427 + FIPS_dsa_sig_decode(sig, sbuf, slen);
5428 +
5429 + pbn("R",sig->r);
5430 + pbn("S",sig->s);
5431 + putc('\n',stdout);
5432 + DSA_SIG_free(sig);
5433 + EVP_MD_CTX_cleanup(&mctx);
5434 + }
5435 + }
5436 + if (dsa)
5437 + FIPS_dsa_free(dsa);
5438 + }
5439 +
5440 +void sigver()
5441 + {
5442 + DSA *dsa=NULL;
5443 + char buf[1024];
5444 + char lbuf[1024];
5445 + unsigned char msg[1024];
5446 + char *keyword, *value;
5447 + int nmod=0, n=0;
5448 + DSA_SIG sg, *sig = &sg;
5449 +
5450 + sig->r = NULL;
5451 + sig->s = NULL;
5452 +
5453 + while(fgets(buf,sizeof buf,stdin) != NULL)
5454 + {
5455 + if (!parse_line(&keyword, &value, lbuf, buf))
5456 + {
5457 + fputs(buf,stdout);
5458 + continue;
5459 + }
5460 + if(!strcmp(keyword,"[mod"))
5461 + {
5462 + nmod=atoi(value);
5463 + if(dsa)
5464 + FIPS_dsa_free(dsa);
5465 + dsa=FIPS_dsa_new();
5466 + }
5467 + else if(!strcmp(keyword,"P"))
5468 + dsa->p=hex2bn(value);
5469 + else if(!strcmp(keyword,"Q"))
5470 + dsa->q=hex2bn(value);
5471 + else if(!strcmp(keyword,"G"))
5472 + {
5473 + dsa->g=hex2bn(value);
5474 +
5475 + printf("[mod = %d]\n\n",nmod);
5476 + pbn("P",dsa->p);
5477 + pbn("Q",dsa->q);
5478 + pbn("G",dsa->g);
5479 + putc('\n',stdout);
5480 + }
5481 + else if(!strcmp(keyword,"Msg"))
5482 + {
5483 + n=hex2bin(value,msg);
5484 + pv("Msg",msg,n);
5485 + }
5486 + else if(!strcmp(keyword,"Y"))
5487 + dsa->pub_key=hex2bn(value);
5488 + else if(!strcmp(keyword,"R"))
5489 + sig->r=hex2bn(value);
5490 + else if(!strcmp(keyword,"S"))
5491 + {
5492 + EVP_MD_CTX mctx;
5493 + EVP_PKEY pk;
5494 + unsigned char sigbuf[60];
5495 + unsigned int slen;
5496 + int r;
5497 + EVP_MD_CTX_init(&mctx);
5498 + pk.type = EVP_PKEY_DSA;
5499 + pk.pkey.dsa = dsa;
5500 + sig->s=hex2bn(value);
5501 +
5502 + pbn("Y",dsa->pub_key);
5503 + pbn("R",sig->r);
5504 + pbn("S",sig->s);
5505 +
5506 + slen = FIPS_dsa_sig_encode(sigbuf, sig);
5507 + EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL);
5508 + EVP_VerifyUpdate(&mctx, msg, n);
5509 + r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk);
5510 + EVP_MD_CTX_cleanup(&mctx);
5511 +
5512 + printf("Result = %c\n", r == 1 ? 'P' : 'F');
5513 + putc('\n',stdout);
5514 + }
5515 + }
5516 + }
5517 +
5518 +int main(int argc,char **argv)
5519 + {
5520 + if(argc != 2)
5521 + {
5522 + fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]);
5523 + exit(1);
5524 + }
5525 + if(!FIPS_mode_set(1))
5526 + {
5527 + do_print_errors();
5528 + exit(1);
5529 + }
5530 + if(!strcmp(argv[1],"prime"))
5531 + primes();
5532 + else if(!strcmp(argv[1],"pqg"))
5533 + pqg();
5534 + else if(!strcmp(argv[1],"pqgver"))
5535 + pqgver();
5536 + else if(!strcmp(argv[1],"keypair"))
5537 + keypair();
5538 + else if(!strcmp(argv[1],"keyver"))
5539 + keyver();
5540 + else if(!strcmp(argv[1],"siggen"))
5541 + siggen();
5542 + else if(!strcmp(argv[1],"sigver"))
5543 + sigver();
5544 + else
5545 + {
5546 + fprintf(stderr,"Don't know how to %s.\n",argv[1]);
5547 + exit(1);
5548 + }
5549 +
5550 + return 0;
5551 + }
5552 +
5553 +#endif
5554 diff -up openssl-1.0.1b/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_gcmtest.c
5555 --- openssl-1.0.1b/crypto/fips/cavs/fips_gcmtest.c.fips 2012-04-26 18:00:51.399769276 +0200
5556 +++ openssl-1.0.1b/crypto/fips/cavs/fips_gcmtest.c 2012-04-26 18:00:51.399769276 +0200
5557 @@ -0,0 +1,571 @@
5558 +/* fips/aes/fips_gcmtest.c */
5559 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
5560 + * project.
5561 + */
5562 +/* ====================================================================
5563 + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
5564 + *
5565 + * Redistribution and use in source and binary forms, with or without
5566 + * modification, are permitted provided that the following conditions
5567 + * are met:
5568 + *
5569 + * 1. Redistributions of source code must retain the above copyright
5570 + * notice, this list of conditions and the following disclaimer.
5571 + *
5572 + * 2. Redistributions in binary form must reproduce the above copyright
5573 + * notice, this list of conditions and the following disclaimer in
5574 + * the documentation and/or other materials provided with the
5575 + * distribution.
5576 + *
5577 + * 3. All advertising materials mentioning features or use of this
5578 + * software must display the following acknowledgment:
5579 + * "This product includes software developed by the OpenSSL Project
5580 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
5581 + *
5582 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
5583 + * endorse or promote products derived from this software without
5584 + * prior written permission. For written permission, please contact
5585 + * licensing@OpenSSL.org.
5586 + *
5587 + * 5. Products derived from this software may not be called "OpenSSL"
5588 + * nor may "OpenSSL" appear in their names without prior written
5589 + * permission of the OpenSSL Project.
5590 + *
5591 + * 6. Redistributions of any form whatsoever must retain the following
5592 + * acknowledgment:
5593 + * "This product includes software developed by the OpenSSL Project
5594 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
5595 + *
5596 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
5597 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
5598 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
5599 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
5600 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
5601 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
5602 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
5603 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
5604 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
5605 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
5606 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
5607 + * OF THE POSSIBILITY OF SUCH DAMAGE.
5608 + * ====================================================================
5609 + */
5610 +
5611 +
5612 +#define OPENSSL_FIPSAPI
5613 +#include <openssl/opensslconf.h>
5614 +
5615 +#ifndef OPENSSL_FIPS
5616 +#include <stdio.h>
5617 +
5618 +int main(int argc, char **argv)
5619 +{
5620 + printf("No FIPS GCM support\n");
5621 + return(0);
5622 +}
5623 +#else
5624 +
5625 +#include <openssl/bn.h>
5626 +#include <openssl/dsa.h>
5627 +#include <openssl/fips.h>
5628 +#include <openssl/err.h>
5629 +#include <openssl/evp.h>
5630 +#include <string.h>
5631 +#include <ctype.h>
5632 +
5633 +#include "fips_utl.h"
5634 +
5635 +static void gcmtest(FILE *in, FILE *out, int encrypt)
5636 + {
5637 + char buf[2048];
5638 + char lbuf[2048];
5639 + char *keyword, *value;
5640 + int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1;
5641 + int rv;
5642 + long l;
5643 + unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL;
5644 + unsigned char *ct = NULL, *pt = NULL;
5645 + EVP_CIPHER_CTX ctx;
5646 + const EVP_CIPHER *gcm = NULL;
5647 + FIPS_cipher_ctx_init(&ctx);
5648 +
5649 + while(fgets(buf,sizeof buf,in) != NULL)
5650 + {
5651 + fputs(buf,out);
5652 + if (!parse_line(&keyword, &value, lbuf, buf))
5653 + continue;
5654 + if(!strcmp(keyword,"[Keylen"))
5655 + {
5656 + keylen = atoi(value);
5657 + if (keylen == 128)
5658 + gcm = EVP_aes_128_gcm();
5659 + else if (keylen == 192)
5660 + gcm = EVP_aes_192_gcm();
5661 + else if (keylen == 256)
5662 + gcm = EVP_aes_256_gcm();
5663 + else
5664 + {
5665 + fprintf(stderr, "Unsupported keylen %d\n",
5666 + keylen);
5667 + }
5668 + keylen >>= 3;
5669 + }
5670 + else if (!strcmp(keyword, "[IVlen"))
5671 + ivlen = atoi(value) >> 3;
5672 + else if (!strcmp(keyword, "[AADlen"))
5673 + aadlen = atoi(value) >> 3;
5674 + else if (!strcmp(keyword, "[Taglen"))
5675 + taglen = atoi(value) >> 3;
5676 + else if (!strcmp(keyword, "[PTlen"))
5677 + ptlen = atoi(value) >> 3;
5678 + else if(!strcmp(keyword,"Key"))
5679 + {
5680 + key = hex2bin_m(value, &l);
5681 + if (l != keylen)
5682 + {
5683 + fprintf(stderr, "Inconsistent Key length\n");
5684 + exit(1);
5685 + }
5686 + }
5687 + else if(!strcmp(keyword,"IV"))
5688 + {
5689 + iv = hex2bin_m(value, &l);
5690 + if (l != ivlen)
5691 + {
5692 + fprintf(stderr, "Inconsistent IV length\n");
5693 + exit(1);
5694 + }
5695 + }
5696 + else if(!strcmp(keyword,"PT"))
5697 + {
5698 + pt = hex2bin_m(value, &l);
5699 + if (l != ptlen)
5700 + {
5701 + fprintf(stderr, "Inconsistent PT length\n");
5702 + exit(1);
5703 + }
5704 + }
5705 + else if(!strcmp(keyword,"CT"))
5706 + {
5707 + ct = hex2bin_m(value, &l);
5708 + if (l != ptlen)
5709 + {
5710 + fprintf(stderr, "Inconsistent CT length\n");
5711 + exit(1);
5712 + }
5713 + }
5714 + else if(!strcmp(keyword,"AAD"))
5715 + {
5716 + aad = hex2bin_m(value, &l);
5717 + if (l != aadlen)
5718 + {
5719 + fprintf(stderr, "Inconsistent AAD length\n");
5720 + exit(1);
5721 + }
5722 + }
5723 + else if(!strcmp(keyword,"Tag"))
5724 + {
5725 + tag = hex2bin_m(value, &l);
5726 + if (l != taglen)
5727 + {
5728 + fprintf(stderr, "Inconsistent Tag length\n");
5729 + exit(1);
5730 + }
5731 + }
5732 + if (encrypt && pt && aad && (iv || encrypt==1))
5733 + {
5734 + tag = OPENSSL_malloc(taglen);
5735 + FIPS_cipherinit(&ctx, gcm, NULL, NULL, 1);
5736 + /* Relax FIPS constraints for testing */
5737 + M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
5738 + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
5739 + if (encrypt == 1)
5740 + {
5741 + static unsigned char iv_fixed[4] = {1,2,3,4};
5742 + if (!iv)
5743 + iv = OPENSSL_malloc(ivlen);
5744 + FIPS_cipherinit(&ctx, NULL, key, NULL, 1);
5745 + FIPS_cipher_ctx_ctrl(&ctx,
5746 + EVP_CTRL_GCM_SET_IV_FIXED,
5747 + 4, iv_fixed);
5748 + if (!FIPS_cipher_ctx_ctrl(&ctx,
5749 + EVP_CTRL_GCM_IV_GEN, 0, iv))
5750 + {
5751 + fprintf(stderr, "IV gen error\n");
5752 + exit(1);
5753 + }
5754 + OutputValue("IV", iv, ivlen, out, 0);
5755 + }
5756 + else
5757 + FIPS_cipherinit(&ctx, NULL, key, iv, 1);
5758 +
5759 +
5760 + if (aadlen)
5761 + FIPS_cipher(&ctx, NULL, aad, aadlen);
5762 + if (ptlen)
5763 + {
5764 + ct = OPENSSL_malloc(ptlen);
5765 + rv = FIPS_cipher(&ctx, ct, pt, ptlen);
5766 + }
5767 + FIPS_cipher(&ctx, NULL, NULL, 0);
5768 + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG,
5769 + taglen, tag);
5770 + OutputValue("CT", ct, ptlen, out, 0);
5771 + OutputValue("Tag", tag, taglen, out, 0);
5772 + if (iv)
5773 + OPENSSL_free(iv);
5774 + if (aad)
5775 + OPENSSL_free(aad);
5776 + if (ct)
5777 + OPENSSL_free(ct);
5778 + if (pt)
5779 + OPENSSL_free(pt);
5780 + if (key)
5781 + OPENSSL_free(key);
5782 + if (tag)
5783 + OPENSSL_free(tag);
5784 + iv = aad = ct = pt = key = tag = NULL;
5785 + }
5786 + if (!encrypt && tag)
5787 + {
5788 + FIPS_cipherinit(&ctx, gcm, NULL, NULL, 0);
5789 + /* Relax FIPS constraints for testing */
5790 + M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
5791 + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
5792 + FIPS_cipherinit(&ctx, NULL, key, iv, 0);
5793 + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag);
5794 + if (aadlen)
5795 + FIPS_cipher(&ctx, NULL, aad, aadlen);
5796 + if (ptlen)
5797 + {
5798 + pt = OPENSSL_malloc(ptlen);
5799 + rv = FIPS_cipher(&ctx, pt, ct, ptlen);
5800 + }
5801 + rv = FIPS_cipher(&ctx, NULL, NULL, 0);
5802 + if (rv < 0)
5803 + fprintf(out, "FAIL" RESP_EOL);
5804 + else
5805 + OutputValue("PT", pt, ptlen, out, 0);
5806 + if (iv)
5807 + OPENSSL_free(iv);
5808 + if (aad)
5809 + OPENSSL_free(aad);
5810 + if (ct)
5811 + OPENSSL_free(ct);
5812 + if (pt)
5813 + OPENSSL_free(pt);
5814 + if (key)
5815 + OPENSSL_free(key);
5816 + if (tag)
5817 + OPENSSL_free(tag);
5818 + iv = aad = ct = pt = key = tag = NULL;
5819 + }
5820 + }
5821 + FIPS_cipher_ctx_cleanup(&ctx);
5822 + }
5823 +
5824 +static void xtstest(FILE *in, FILE *out)
5825 + {
5826 + char buf[204800];
5827 + char lbuf[204800];
5828 + char *keyword, *value;
5829 + int inlen = 0;
5830 + int encrypt = 0;
5831 + long l;
5832 + unsigned char *key = NULL, *iv = NULL;
5833 + unsigned char *inbuf = NULL, *outbuf = NULL;
5834 + EVP_CIPHER_CTX ctx;
5835 + const EVP_CIPHER *xts = NULL;
5836 + FIPS_cipher_ctx_init(&ctx);
5837 +
5838 + while(fgets(buf,sizeof buf,in) != NULL)
5839 + {
5840 + fputs(buf,out);
5841 + if (buf[0] == '[' && strlen(buf) >= 9)
5842 + {
5843 + if(!strncmp(buf,"[ENCRYPT]", 9))
5844 + encrypt = 1;
5845 + else if(!strncmp(buf,"[DECRYPT]", 9))
5846 + encrypt = 0;
5847 + }
5848 + if (!parse_line(&keyword, &value, lbuf, buf))
5849 + continue;
5850 + else if(!strcmp(keyword,"Key"))
5851 + {
5852 + key = hex2bin_m(value, &l);
5853 + if (l == 32)
5854 + xts = EVP_aes_128_xts();
5855 + else if (l == 64)
5856 + xts = EVP_aes_256_xts();
5857 + else
5858 + {
5859 + fprintf(stderr, "Inconsistent Key length\n");
5860 + exit(1);
5861 + }
5862 + }
5863 + else if(!strcmp(keyword,"i"))
5864 + {
5865 + iv = hex2bin_m(value, &l);
5866 + if (l != 16)
5867 + {
5868 + fprintf(stderr, "Inconsistent i length\n");
5869 + exit(1);
5870 + }
5871 + }
5872 + else if(encrypt && !strcmp(keyword,"PT"))
5873 + {
5874 + inbuf = hex2bin_m(value, &l);
5875 + inlen = l;
5876 + }
5877 + else if(!encrypt && !strcmp(keyword,"CT"))
5878 + {
5879 + inbuf = hex2bin_m(value, &l);
5880 + inlen = l;
5881 + }
5882 + if (inbuf)
5883 + {
5884 + FIPS_cipherinit(&ctx, xts, key, iv, encrypt);
5885 + outbuf = OPENSSL_malloc(inlen);
5886 + FIPS_cipher(&ctx, outbuf, inbuf, inlen);
5887 + OutputValue(encrypt ? "CT":"PT", outbuf, inlen, out, 0);
5888 + OPENSSL_free(inbuf);
5889 + OPENSSL_free(outbuf);
5890 + OPENSSL_free(key);
5891 + OPENSSL_free(iv);
5892 + iv = key = inbuf = outbuf = NULL;
5893 + }
5894 + }
5895 + FIPS_cipher_ctx_cleanup(&ctx);
5896 + }
5897 +
5898 +static void ccmtest(FILE *in, FILE *out)
5899 + {
5900 + char buf[200048];
5901 + char lbuf[200048];
5902 + char *keyword, *value;
5903 + long l;
5904 + unsigned char *Key = NULL, *Nonce = NULL;
5905 + unsigned char *Adata = NULL, *Payload = NULL;
5906 + unsigned char *CT = NULL;
5907 + int Plen = -1, Nlen = -1, Tlen = -1, Alen = -1;
5908 + int decr = 0;
5909 + EVP_CIPHER_CTX ctx;
5910 + const EVP_CIPHER *ccm = NULL;
5911 + FIPS_cipher_ctx_init(&ctx);
5912 +
5913 + while(fgets(buf,sizeof buf,in) != NULL)
5914 + {
5915 + char *p;
5916 + fputs(buf,out);
5917 + redo:
5918 + if (!parse_line(&keyword, &value, lbuf, buf))
5919 + continue;
5920 +
5921 + /* If surrounded by square brackets zap them */
5922 + if (keyword[0] == '[')
5923 + {
5924 + keyword++;
5925 + p = strchr(value, ']');
5926 + if (p)
5927 + *p = 0;
5928 + }
5929 + /* See if we have a comma separated list of parameters
5930 + * if so copy rest of line back to buffer and redo later.
5931 + */
5932 + p = strchr(value, ',');
5933 + if (p)
5934 + {
5935 + *p = 0;
5936 + strcpy(buf, p + 1);
5937 + strcat(buf, "\n");
5938 + decr = 1;
5939 + }
5940 + if (!strcmp(keyword,"Plen"))
5941 + Plen = atoi(value);
5942 + else if (!strcmp(keyword,"Nlen"))
5943 + Nlen = atoi(value);
5944 + else if (!strcmp(keyword,"Tlen"))
5945 + Tlen = atoi(value);
5946 + else if (!strcmp(keyword,"Alen"))
5947 + Alen = atoi(value);
5948 + if (p)
5949 + goto redo;
5950 + if (!strcmp(keyword,"Key"))
5951 + {
5952 + if (Key)
5953 + OPENSSL_free(Key);
5954 + Key = hex2bin_m(value, &l);
5955 + if (l == 16)
5956 + ccm = EVP_aes_128_ccm();
5957 + else if (l == 24)
5958 + ccm = EVP_aes_192_ccm();
5959 + else if (l == 32)
5960 + ccm = EVP_aes_256_ccm();
5961 + else
5962 + {
5963 + fprintf(stderr, "Inconsistent Key length\n");
5964 + exit(1);
5965 + }
5966 + }
5967 + else if (!strcmp(keyword,"Nonce"))
5968 + {
5969 + if (Nonce)
5970 + OPENSSL_free(Nonce);
5971 + Nonce = hex2bin_m(value, &l);
5972 + if (l != Nlen)
5973 + {
5974 + fprintf(stderr, "Inconsistent nonce length\n");
5975 + exit(1);
5976 + }
5977 + }
5978 + else if (!strcmp(keyword,"Payload") && !decr)
5979 + {
5980 + Payload = hex2bin_m(value, &l);
5981 + if (Plen && l != Plen)
5982 + {
5983 + fprintf(stderr, "Inconsistent Payload length\n");
5984 + exit(1);
5985 + }
5986 + }
5987 + else if (!strcmp(keyword,"Adata"))
5988 + {
5989 + if (Adata)
5990 + OPENSSL_free(Adata);
5991 + Adata = hex2bin_m(value, &l);
5992 + if (Alen && l != Alen)
5993 + {
5994 + fprintf(stderr, "Inconsistent Payload length\n");
5995 + exit(1);
5996 + }
5997 + }
5998 + else if (!strcmp(keyword,"CT") && decr)
5999 + {
6000 + CT = hex2bin_m(value, &l);
6001 + if (l != (Plen + Tlen))
6002 + {
6003 + fprintf(stderr, "Inconsistent CT length\n");
6004 + exit(1);
6005 + }
6006 + }
6007 + if (Payload)
6008 + {
6009 + FIPS_cipherinit(&ctx, ccm, NULL, NULL, 1);
6010 + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
6011 + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, Tlen, 0);
6012 + FIPS_cipherinit(&ctx, NULL, Key, Nonce, 1);
6013 +
6014 + FIPS_cipher(&ctx, NULL, NULL, Plen);
6015 + FIPS_cipher(&ctx, NULL, Adata, Alen);
6016 + CT = OPENSSL_malloc(Plen + Tlen);
6017 + FIPS_cipher(&ctx, CT, Payload, Plen);
6018 + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, Tlen,
6019 + CT + Plen);
6020 + OutputValue("CT", CT, Plen + Tlen, out, 0);
6021 + OPENSSL_free(CT);
6022 + OPENSSL_free(Payload);
6023 + CT = Payload = NULL;
6024 + }
6025 + if (CT)
6026 + {
6027 + int rv;
6028 + int len = Plen == 0 ? 1: Plen;
6029 + FIPS_cipherinit(&ctx, ccm, NULL, NULL, 0);
6030 + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
6031 + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
6032 + Tlen, CT + Plen);
6033 + FIPS_cipherinit(&ctx, NULL, Key, Nonce, 0);
6034 + FIPS_cipher(&ctx, NULL, NULL, Plen);
6035 + FIPS_cipher(&ctx, NULL, Adata, Alen);
6036 + Payload = OPENSSL_malloc(len);
6037 + rv = FIPS_cipher(&ctx, Payload, CT, Plen);
6038 + if (rv >= 0)
6039 + {
6040 + if (rv == 0)
6041 + Payload[0] = 0;
6042 + fputs("Result = Pass" RESP_EOL, out);
6043 + OutputValue("Payload", Payload, len, out, 0);
6044 + }
6045 + else
6046 + fputs("Result = Fail" RESP_EOL, out);
6047 + OPENSSL_free(CT);
6048 + OPENSSL_free(Payload);
6049 + CT = Payload = NULL;
6050 + }
6051 + }
6052 + if (Key)
6053 + OPENSSL_free(Key);
6054 + if (Nonce)
6055 + OPENSSL_free(Nonce);
6056 + if (Adata)
6057 + OPENSSL_free(Adata);
6058 + FIPS_cipher_ctx_cleanup(&ctx);
6059 + }
6060 +
6061 +#ifdef FIPS_ALGVS
6062 +int fips_gcmtest_main(int argc, char **argv)
6063 +#else
6064 +int main(int argc, char **argv)
6065 +#endif
6066 + {
6067 + int encrypt;
6068 + int xts = 0, ccm = 0;
6069 + FILE *in, *out;
6070 + if (argc == 4)
6071 + {
6072 + in = fopen(argv[2], "r");
6073 + if (!in)
6074 + {
6075 + fprintf(stderr, "Error opening input file\n");
6076 + exit(1);
6077 + }
6078 + out = fopen(argv[3], "w");
6079 + if (!out)
6080 + {
6081 + fprintf(stderr, "Error opening output file\n");
6082 + exit(1);
6083 + }
6084 + }
6085 + else if (argc == 2)
6086 + {
6087 + in = stdin;
6088 + out = stdout;
6089 + }
6090 + else
6091 + {
6092 + fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]);
6093 + exit(1);
6094 + }
6095 + fips_algtest_init();
6096 + if(!strcmp(argv[1],"-encrypt"))
6097 + encrypt = 1;
6098 + else if(!strcmp(argv[1],"-encryptIVext"))
6099 + encrypt = 2;
6100 + else if(!strcmp(argv[1],"-decrypt"))
6101 + encrypt = 0;
6102 + else if(!strcmp(argv[1],"-ccm"))
6103 + ccm = 1;
6104 + else if(!strcmp(argv[1],"-xts"))
6105 + xts = 1;
6106 + else
6107 + {
6108 + fprintf(stderr,"Don't know how to %s.\n",argv[1]);
6109 + exit(1);
6110 + }
6111 +
6112 + if (ccm)
6113 + ccmtest(in, out);
6114 + else if (xts)
6115 + xtstest(in, out);
6116 + else
6117 + gcmtest(in, out, encrypt);
6118 +
6119 + if (argc == 4)
6120 + {
6121 + fclose(in);
6122 + fclose(out);
6123 + }
6124 +
6125 + return 0;
6126 +}
6127 +
6128 +#endif
6129 diff -up openssl-1.0.1b/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_rngvs.c
6130 --- openssl-1.0.1b/crypto/fips/cavs/fips_rngvs.c.fips 2012-04-26 18:00:51.399769276 +0200
6131 +++ openssl-1.0.1b/crypto/fips/cavs/fips_rngvs.c 2012-04-26 18:00:51.399769276 +0200
6132 @@ -0,0 +1,230 @@
6133 +/*
6134 + * Crude test driver for processing the VST and MCT testvector files
6135 + * generated by the CMVP RNGVS product.
6136 + *
6137 + * Note the input files are assumed to have a _very_ specific format
6138 + * as described in the NIST document "The Random Number Generator
6139 + * Validation System (RNGVS)", May 25, 2004.
6140 + *
6141 + */
6142 +#include <openssl/opensslconf.h>
6143 +
6144 +#ifndef OPENSSL_FIPS
6145 +#include <stdio.h>
6146 +
6147 +int main(int argc, char **argv)
6148 +{
6149 + printf("No FIPS RNG support\n");
6150 + return 0;
6151 +}
6152 +#else
6153 +
6154 +#include <openssl/bn.h>
6155 +#include <openssl/dsa.h>
6156 +#include <openssl/fips.h>
6157 +#include <openssl/err.h>
6158 +#include <openssl/rand.h>
6159 +#include <openssl/fips_rand.h>
6160 +#include <openssl/x509v3.h>
6161 +#include <string.h>
6162 +#include <ctype.h>
6163 +
6164 +#include "fips_utl.h"
6165 +
6166 +void vst()
6167 + {
6168 + unsigned char *key = NULL;
6169 + unsigned char *v = NULL;
6170 + unsigned char *dt = NULL;
6171 + unsigned char ret[16];
6172 + char buf[1024];
6173 + char lbuf[1024];
6174 + char *keyword, *value;
6175 + long i, keylen;
6176 +
6177 + keylen = 0;
6178 +
6179 + while(fgets(buf,sizeof buf,stdin) != NULL)
6180 + {
6181 + fputs(buf,stdout);
6182 + if(!strncmp(buf,"[AES 128-Key]", 13))
6183 + keylen = 16;
6184 + else if(!strncmp(buf,"[AES 192-Key]", 13))
6185 + keylen = 24;
6186 + else if(!strncmp(buf,"[AES 256-Key]", 13))
6187 + keylen = 32;
6188 + if (!parse_line(&keyword, &value, lbuf, buf))
6189 + continue;
6190 + if(!strcmp(keyword,"Key"))
6191 + {
6192 + key=hex2bin_m(value,&i);
6193 + if (i != keylen)
6194 + {
6195 + fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
6196 + return;
6197 + }
6198 + }
6199 + else if(!strcmp(keyword,"DT"))
6200 + {
6201 + dt=hex2bin_m(value,&i);
6202 + if (i != 16)
6203 + {
6204 + fprintf(stderr, "Invalid DT length\n");
6205 + return;
6206 + }
6207 + }
6208 + else if(!strcmp(keyword,"V"))
6209 + {
6210 + v=hex2bin_m(value,&i);
6211 + if (i != 16)
6212 + {
6213 + fprintf(stderr, "Invalid V length\n");
6214 + return;
6215 + }
6216 +
6217 + if (!key || !dt)
6218 + {
6219 + fprintf(stderr, "Missing key or DT\n");
6220 + return;
6221 + }
6222 +
6223 + FIPS_x931_set_key(key, keylen);
6224 + FIPS_x931_seed(v,16);
6225 + FIPS_x931_set_dt(dt);
6226 + if (FIPS_x931_bytes(ret,16) <= 0)
6227 + {
6228 + fprintf(stderr, "Error getting PRNG value\n");
6229 + return;
6230 + }
6231 +
6232 + pv("R",ret,16);
6233 + OPENSSL_free(key);
6234 + key = NULL;
6235 + OPENSSL_free(dt);
6236 + dt = NULL;
6237 + OPENSSL_free(v);
6238 + v = NULL;
6239 + }
6240 + }
6241 + }
6242 +
6243 +void mct()
6244 + {
6245 + unsigned char *key = NULL;
6246 + unsigned char *v = NULL;
6247 + unsigned char *dt = NULL;
6248 + unsigned char ret[16];
6249 + char buf[1024];
6250 + char lbuf[1024];
6251 + char *keyword, *value;
6252 + long i, keylen;
6253 + int j;
6254 +
6255 + keylen = 0;
6256 +
6257 + while(fgets(buf,sizeof buf,stdin) != NULL)
6258 + {
6259 + fputs(buf,stdout);
6260 + if(!strncmp(buf,"[AES 128-Key]", 13))
6261 + keylen = 16;
6262 + else if(!strncmp(buf,"[AES 192-Key]", 13))
6263 + keylen = 24;
6264 + else if(!strncmp(buf,"[AES 256-Key]", 13))
6265 + keylen = 32;
6266 + if (!parse_line(&keyword, &value, lbuf, buf))
6267 + continue;
6268 + if(!strcmp(keyword,"Key"))
6269 + {
6270 + key=hex2bin_m(value,&i);
6271 + if (i != keylen)
6272 + {
6273 + fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
6274 + return;
6275 + }
6276 + }
6277 + else if(!strcmp(keyword,"DT"))
6278 + {
6279 + dt=hex2bin_m(value,&i);
6280 + if (i != 16)
6281 + {
6282 + fprintf(stderr, "Invalid DT length\n");
6283 + return;
6284 + }
6285 + }
6286 + else if(!strcmp(keyword,"V"))
6287 + {
6288 + v=hex2bin_m(value,&i);
6289 + if (i != 16)
6290 + {
6291 + fprintf(stderr, "Invalid V length\n");
6292 + return;
6293 + }
6294 +
6295 + if (!key || !dt)
6296 + {
6297 + fprintf(stderr, "Missing key or DT\n");
6298 + return;
6299 + }
6300 +
6301 + FIPS_x931_set_key(key, keylen);
6302 + FIPS_x931_seed(v,16);
6303 + for (i = 0; i < 10000; i++)
6304 + {
6305 + FIPS_x931_set_dt(dt);
6306 + if (FIPS_x931_bytes(ret,16) <= 0)
6307 + {
6308 + fprintf(stderr, "Error getting PRNG value\n");
6309 + return;
6310 + }
6311 + /* Increment DT */
6312 + for (j = 15; j >= 0; j--)
6313 + {
6314 + dt[j]++;
6315 + if (dt[j])
6316 + break;
6317 + }
6318 + }
6319 +
6320 + pv("R",ret,16);
6321 + OPENSSL_free(key);
6322 + key = NULL;
6323 + OPENSSL_free(dt);
6324 + dt = NULL;
6325 + OPENSSL_free(v);
6326 + v = NULL;
6327 + }
6328 + }
6329 + }
6330 +
6331 +int main(int argc,char **argv)
6332 + {
6333 + if(argc != 2)
6334 + {
6335 + fprintf(stderr,"%s [mct|vst]\n",argv[0]);
6336 + exit(1);
6337 + }
6338 + if(!FIPS_mode_set(1))
6339 + {
6340 + do_print_errors();
6341 + exit(1);
6342 + }
6343 + FIPS_x931_reset();
6344 + if (!FIPS_x931_test_mode())
6345 + {
6346 + fprintf(stderr, "Error setting PRNG test mode\n");
6347 + do_print_errors();
6348 + exit(1);
6349 + }
6350 + if(!strcmp(argv[1],"mct"))
6351 + mct();
6352 + else if(!strcmp(argv[1],"vst"))
6353 + vst();
6354 + else
6355 + {
6356 + fprintf(stderr,"Don't know how to %s.\n",argv[1]);
6357 + exit(1);
6358 + }
6359 +
6360 + return 0;
6361 + }
6362 +#endif
6363 diff -up openssl-1.0.1b/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_rsagtest.c
6364 --- openssl-1.0.1b/crypto/fips/cavs/fips_rsagtest.c.fips 2012-04-26 18:00:51.399769276 +0200
6365 +++ openssl-1.0.1b/crypto/fips/cavs/fips_rsagtest.c 2012-04-26 18:00:51.399769276 +0200
6366 @@ -0,0 +1,390 @@
6367 +/* fips_rsagtest.c */
6368 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
6369 + * project 2005.
6370 + */
6371 +/* ====================================================================
6372 + * Copyright (c) 2005,2007 The OpenSSL Project. All rights reserved.
6373 + *
6374 + * Redistribution and use in source and binary forms, with or without
6375 + * modification, are permitted provided that the following conditions
6376 + * are met:
6377 + *
6378 + * 1. Redistributions of source code must retain the above copyright
6379 + * notice, this list of conditions and the following disclaimer.
6380 + *
6381 + * 2. Redistributions in binary form must reproduce the above copyright
6382 + * notice, this list of conditions and the following disclaimer in
6383 + * the documentation and/or other materials provided with the
6384 + * distribution.
6385 + *
6386 + * 3. All advertising materials mentioning features or use of this
6387 + * software must display the following acknowledgment:
6388 + * "This product includes software developed by the OpenSSL Project
6389 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
6390 + *
6391 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
6392 + * endorse or promote products derived from this software without
6393 + * prior written permission. For written permission, please contact
6394 + * licensing@OpenSSL.org.
6395 + *
6396 + * 5. Products derived from this software may not be called "OpenSSL"
6397 + * nor may "OpenSSL" appear in their names without prior written
6398 + * permission of the OpenSSL Project.
6399 + *
6400 + * 6. Redistributions of any form whatsoever must retain the following
6401 + * acknowledgment:
6402 + * "This product includes software developed by the OpenSSL Project
6403 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
6404 + *
6405 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
6406 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
6407 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
6408 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
6409 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
6410 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
6411 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
6412 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
6413 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
6414 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
6415 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
6416 + * OF THE POSSIBILITY OF SUCH DAMAGE.
6417 + * ====================================================================
6418 + *
6419 + * This product includes cryptographic software written by Eric Young
6420 + * (eay@cryptsoft.com). This product includes software written by Tim
6421 + * Hudson (tjh@cryptsoft.com).
6422 + *
6423 + */
6424 +
6425 +#include <stdio.h>
6426 +#include <ctype.h>
6427 +#include <string.h>
6428 +#include <openssl/bio.h>
6429 +#include <openssl/evp.h>
6430 +#include <openssl/hmac.h>
6431 +#include <openssl/err.h>
6432 +#include <openssl/rsa.h>
6433 +#include <openssl/bn.h>
6434 +#include <openssl/x509v3.h>
6435 +
6436 +#ifndef OPENSSL_FIPS
6437 +
6438 +int main(int argc, char *argv[])
6439 +{
6440 + printf("No FIPS RSA support\n");
6441 + return(0);
6442 +}
6443 +
6444 +#else
6445 +
6446 +#include "fips_utl.h"
6447 +
6448 +int rsa_test(FILE *out, FILE *in);
6449 +static int rsa_printkey1(FILE *out, RSA *rsa,
6450 + BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
6451 + BIGNUM *e);
6452 +static int rsa_printkey2(FILE *out, RSA *rsa,
6453 + BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq);
6454 +
6455 +int main(int argc, char **argv)
6456 + {
6457 + FILE *in = NULL, *out = NULL;
6458 +
6459 + int ret = 1;
6460 +
6461 + if(!FIPS_mode_set(1))
6462 + {
6463 + do_print_errors();
6464 + goto end;
6465 + }
6466 +
6467 + if (argc == 1)
6468 + in = stdin;
6469 + else
6470 + in = fopen(argv[1], "r");
6471 +
6472 + if (argc < 2)
6473 + out = stdout;
6474 + else
6475 + out = fopen(argv[2], "w");
6476 +
6477 + if (!in)
6478 + {
6479 + fprintf(stderr, "FATAL input initialization error\n");
6480 + goto end;
6481 + }
6482 +
6483 + if (!out)
6484 + {
6485 + fprintf(stderr, "FATAL output initialization error\n");
6486 + goto end;
6487 + }
6488 +
6489 + if (!rsa_test(out, in))
6490 + {
6491 + fprintf(stderr, "FATAL RSAGTEST file processing error\n");
6492 + goto end;
6493 + }
6494 + else
6495 + ret = 0;
6496 +
6497 + end:
6498 +
6499 + if (ret)
6500 + do_print_errors();
6501 +
6502 + if (in && (in != stdin))
6503 + fclose(in);
6504 + if (out && (out != stdout))
6505 + fclose(out);
6506 +
6507 + return ret;
6508 +
6509 + }
6510 +
6511 +#define RSA_TEST_MAXLINELEN 10240
6512 +
6513 +int rsa_test(FILE *out, FILE *in)
6514 + {
6515 + char *linebuf, *olinebuf, *p, *q;
6516 + char *keyword, *value;
6517 + RSA *rsa = NULL;
6518 + BIGNUM *Xp1 = NULL, *Xp2 = NULL, *Xp = NULL;
6519 + BIGNUM *Xq1 = NULL, *Xq2 = NULL, *Xq = NULL;
6520 + BIGNUM *e = NULL;
6521 + int ret = 0;
6522 + int lnum = 0;
6523 +
6524 + olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
6525 + linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
6526 +
6527 + if (!linebuf || !olinebuf)
6528 + goto error;
6529 +
6530 + while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
6531 + {
6532 + lnum++;
6533 + strcpy(linebuf, olinebuf);
6534 + keyword = linebuf;
6535 + /* Skip leading space */
6536 + while (isspace((unsigned char)*keyword))
6537 + keyword++;
6538 +
6539 + /* Look for = sign */
6540 + p = strchr(linebuf, '=');
6541 +
6542 + /* If no = or starts with [ (for [foo = bar] line) just copy */
6543 + if (!p || *keyword=='[')
6544 + {
6545 + if (fputs(olinebuf, out) < 0)
6546 + goto error;
6547 + continue;
6548 + }
6549 +
6550 + q = p - 1;
6551 +
6552 + /* Remove trailing space */
6553 + while (isspace((unsigned char)*q))
6554 + *q-- = 0;
6555 +
6556 + *p = 0;
6557 + value = p + 1;
6558 +
6559 + /* Remove leading space from value */
6560 + while (isspace((unsigned char)*value))
6561 + value++;
6562 +
6563 + /* Remove trailing space from value */
6564 + p = value + strlen(value) - 1;
6565 +
6566 + while (*p == '\n' || isspace((unsigned char)*p))
6567 + *p-- = 0;
6568 +
6569 + if (!strcmp(keyword, "xp1"))
6570 + {
6571 + if (Xp1 || !do_hex2bn(&Xp1,value))
6572 + goto parse_error;
6573 + }
6574 + else if (!strcmp(keyword, "xp2"))
6575 + {
6576 + if (Xp2 || !do_hex2bn(&Xp2,value))
6577 + goto parse_error;
6578 + }
6579 + else if (!strcmp(keyword, "Xp"))
6580 + {
6581 + if (Xp || !do_hex2bn(&Xp,value))
6582 + goto parse_error;
6583 + }
6584 + else if (!strcmp(keyword, "xq1"))
6585 + {
6586 + if (Xq1 || !do_hex2bn(&Xq1,value))
6587 + goto parse_error;
6588 + }
6589 + else if (!strcmp(keyword, "xq2"))
6590 + {
6591 + if (Xq2 || !do_hex2bn(&Xq2,value))
6592 + goto parse_error;
6593 + }
6594 + else if (!strcmp(keyword, "Xq"))
6595 + {
6596 + if (Xq || !do_hex2bn(&Xq,value))
6597 + goto parse_error;
6598 + }
6599 + else if (!strcmp(keyword, "e"))
6600 + {
6601 + if (e || !do_hex2bn(&e,value))
6602 + goto parse_error;
6603 + }
6604 + else if (!strcmp(keyword, "p1"))
6605 + continue;
6606 + else if (!strcmp(keyword, "p2"))
6607 + continue;
6608 + else if (!strcmp(keyword, "p"))
6609 + continue;
6610 + else if (!strcmp(keyword, "q1"))
6611 + continue;
6612 + else if (!strcmp(keyword, "q2"))
6613 + continue;
6614 + else if (!strcmp(keyword, "q"))
6615 + continue;
6616 + else if (!strcmp(keyword, "n"))
6617 + continue;
6618 + else if (!strcmp(keyword, "d"))
6619 + continue;
6620 + else
6621 + goto parse_error;
6622 +
6623 + fputs(olinebuf, out);
6624 +
6625 + if (e && Xp1 && Xp2 && Xp)
6626 + {
6627 + rsa = FIPS_rsa_new();
6628 + if (!rsa)
6629 + goto error;
6630 + if (!rsa_printkey1(out, rsa, Xp1, Xp2, Xp, e))
6631 + goto error;
6632 + BN_free(Xp1);
6633 + Xp1 = NULL;
6634 + BN_free(Xp2);
6635 + Xp2 = NULL;
6636 + BN_free(Xp);
6637 + Xp = NULL;
6638 + BN_free(e);
6639 + e = NULL;
6640 + }
6641 +
6642 + if (rsa && Xq1 && Xq2 && Xq)
6643 + {
6644 + if (!rsa_printkey2(out, rsa, Xq1, Xq2, Xq))
6645 + goto error;
6646 + BN_free(Xq1);
6647 + Xq1 = NULL;
6648 + BN_free(Xq2);
6649 + Xq2 = NULL;
6650 + BN_free(Xq);
6651 + Xq = NULL;
6652 + FIPS_rsa_free(rsa);
6653 + rsa = NULL;
6654 + }
6655 + }
6656 +
6657 + ret = 1;
6658 +
6659 + error:
6660 +
6661 + if (olinebuf)
6662 + OPENSSL_free(olinebuf);
6663 + if (linebuf)
6664 + OPENSSL_free(linebuf);
6665 +
6666 + if (Xp1)
6667 + BN_free(Xp1);
6668 + if (Xp2)
6669 + BN_free(Xp2);
6670 + if (Xp)
6671 + BN_free(Xp);
6672 + if (Xq1)
6673 + BN_free(Xq1);
6674 + if (Xq1)
6675 + BN_free(Xq1);
6676 + if (Xq2)
6677 + BN_free(Xq2);
6678 + if (Xq)
6679 + BN_free(Xq);
6680 + if (e)
6681 + BN_free(e);
6682 + if (rsa)
6683 + FIPS_rsa_free(rsa);
6684 +
6685 + return ret;
6686 +
6687 + parse_error:
6688 +
6689 + fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
6690 +
6691 + goto error;
6692 +
6693 + }
6694 +
6695 +static int rsa_printkey1(FILE *out, RSA *rsa,
6696 + BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
6697 + BIGNUM *e)
6698 + {
6699 + int ret = 0;
6700 + BIGNUM *p1 = NULL, *p2 = NULL;
6701 + p1 = BN_new();
6702 + p2 = BN_new();
6703 + if (!p1 || !p2)
6704 + goto error;
6705 +
6706 + if (!RSA_X931_derive_ex(rsa, p1, p2, NULL, NULL, Xp1, Xp2, Xp,
6707 + NULL, NULL, NULL, e, NULL))
6708 + goto error;
6709 +
6710 + do_bn_print_name(out, "p1", p1);
6711 + do_bn_print_name(out, "p2", p2);
6712 + do_bn_print_name(out, "p", rsa->p);
6713 +
6714 + ret = 1;
6715 +
6716 + error:
6717 + if (p1)
6718 + BN_free(p1);
6719 + if (p2)
6720 + BN_free(p2);
6721 +
6722 + return ret;
6723 + }
6724 +
6725 +static int rsa_printkey2(FILE *out, RSA *rsa,
6726 + BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq)
6727 + {
6728 + int ret = 0;
6729 + BIGNUM *q1 = NULL, *q2 = NULL;
6730 + q1 = BN_new();
6731 + q2 = BN_new();
6732 + if (!q1 || !q2)
6733 + goto error;
6734 +
6735 + if (!RSA_X931_derive_ex(rsa, NULL, NULL, q1, q2, NULL, NULL, NULL,
6736 + Xq1, Xq2, Xq, NULL, NULL))
6737 + goto error;
6738 +
6739 + do_bn_print_name(out, "q1", q1);
6740 + do_bn_print_name(out, "q2", q2);
6741 + do_bn_print_name(out, "q", rsa->q);
6742 + do_bn_print_name(out, "n", rsa->n);
6743 + do_bn_print_name(out, "d", rsa->d);
6744 +
6745 + ret = 1;
6746 +
6747 + error:
6748 + if (q1)
6749 + BN_free(q1);
6750 + if (q2)
6751 + BN_free(q2);
6752 +
6753 + return ret;
6754 + }
6755 +
6756 +#endif
6757 diff -up openssl-1.0.1b/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_rsastest.c
6758 --- openssl-1.0.1b/crypto/fips/cavs/fips_rsastest.c.fips 2012-04-26 18:00:51.400769298 +0200
6759 +++ openssl-1.0.1b/crypto/fips/cavs/fips_rsastest.c 2012-04-26 18:00:51.400769298 +0200
6760 @@ -0,0 +1,370 @@
6761 +/* fips_rsastest.c */
6762 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
6763 + * project 2005.
6764 + */
6765 +/* ====================================================================
6766 + * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
6767 + *
6768 + * Redistribution and use in source and binary forms, with or without
6769 + * modification, are permitted provided that the following conditions
6770 + * are met:
6771 + *
6772 + * 1. Redistributions of source code must retain the above copyright
6773 + * notice, this list of conditions and the following disclaimer.
6774 + *
6775 + * 2. Redistributions in binary form must reproduce the above copyright
6776 + * notice, this list of conditions and the following disclaimer in
6777 + * the documentation and/or other materials provided with the
6778 + * distribution.
6779 + *
6780 + * 3. All advertising materials mentioning features or use of this
6781 + * software must display the following acknowledgment:
6782 + * "This product includes software developed by the OpenSSL Project
6783 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
6784 + *
6785 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
6786 + * endorse or promote products derived from this software without
6787 + * prior written permission. For written permission, please contact
6788 + * licensing@OpenSSL.org.
6789 + *
6790 + * 5. Products derived from this software may not be called "OpenSSL"
6791 + * nor may "OpenSSL" appear in their names without prior written
6792 + * permission of the OpenSSL Project.
6793 + *
6794 + * 6. Redistributions of any form whatsoever must retain the following
6795 + * acknowledgment:
6796 + * "This product includes software developed by the OpenSSL Project
6797 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
6798 + *
6799 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
6800 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
6801 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
6802 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
6803 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
6804 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
6805 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
6806 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
6807 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
6808 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
6809 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
6810 + * OF THE POSSIBILITY OF SUCH DAMAGE.
6811 + * ====================================================================
6812 + *
6813 + * This product includes cryptographic software written by Eric Young
6814 + * (eay@cryptsoft.com). This product includes software written by Tim
6815 + * Hudson (tjh@cryptsoft.com).
6816 + *
6817 + */
6818 +
6819 +#include <stdio.h>
6820 +#include <ctype.h>
6821 +#include <string.h>
6822 +#include <openssl/bio.h>
6823 +#include <openssl/evp.h>
6824 +#include <openssl/hmac.h>
6825 +#include <openssl/err.h>
6826 +#include <openssl/rsa.h>
6827 +#include <openssl/bn.h>
6828 +#include <openssl/x509v3.h>
6829 +
6830 +#ifndef OPENSSL_FIPS
6831 +
6832 +int main(int argc, char *argv[])
6833 +{
6834 + printf("No FIPS RSA support\n");
6835 + return(0);
6836 +}
6837 +
6838 +#else
6839 +
6840 +#include "fips_utl.h"
6841 +
6842 +static int rsa_stest(FILE *out, FILE *in, int Saltlen);
6843 +static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
6844 + unsigned char *Msg, long Msglen, int Saltlen);
6845 +
6846 +int main(int argc, char **argv)
6847 + {
6848 + FILE *in = NULL, *out = NULL;
6849 +
6850 + int ret = 1, Saltlen = -1;
6851 +
6852 + if(!FIPS_mode_set(1))
6853 + {
6854 + do_print_errors();
6855 + goto end;
6856 + }
6857 +
6858 + if ((argc > 2) && !strcmp("-saltlen", argv[1]))
6859 + {
6860 + Saltlen = atoi(argv[2]);
6861 + if (Saltlen < 0)
6862 + {
6863 + fprintf(stderr, "FATAL: Invalid salt length\n");
6864 + goto end;
6865 + }
6866 + argc -= 2;
6867 + argv += 2;
6868 + }
6869 + else if ((argc > 1) && !strcmp("-x931", argv[1]))
6870 + {
6871 + Saltlen = -2;
6872 + argc--;
6873 + argv++;
6874 + }
6875 +
6876 + if (argc == 1)
6877 + in = stdin;
6878 + else
6879 + in = fopen(argv[1], "r");
6880 +
6881 + if (argc < 2)
6882 + out = stdout;
6883 + else
6884 + out = fopen(argv[2], "w");
6885 +
6886 + if (!in)
6887 + {
6888 + fprintf(stderr, "FATAL input initialization error\n");
6889 + goto end;
6890 + }
6891 +
6892 + if (!out)
6893 + {
6894 + fprintf(stderr, "FATAL output initialization error\n");
6895 + goto end;
6896 + }
6897 +
6898 + if (!rsa_stest(out, in, Saltlen))
6899 + {
6900 + fprintf(stderr, "FATAL RSASTEST file processing error\n");
6901 + goto end;
6902 + }
6903 + else
6904 + ret = 0;
6905 +
6906 + end:
6907 +
6908 + if (ret)
6909 + do_print_errors();
6910 +
6911 + if (in && (in != stdin))
6912 + fclose(in);
6913 + if (out && (out != stdout))
6914 + fclose(out);
6915 +
6916 + return ret;
6917 +
6918 + }
6919 +
6920 +#define RSA_TEST_MAXLINELEN 10240
6921 +
6922 +int rsa_stest(FILE *out, FILE *in, int Saltlen)
6923 + {
6924 + char *linebuf, *olinebuf, *p, *q;
6925 + char *keyword, *value;
6926 + RSA *rsa = NULL;
6927 + const EVP_MD *dgst = NULL;
6928 + unsigned char *Msg = NULL;
6929 + long Msglen = -1;
6930 + int keylen = -1, current_keylen = -1;
6931 + int ret = 0;
6932 + int lnum = 0;
6933 +
6934 + olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
6935 + linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
6936 +
6937 + if (!linebuf || !olinebuf)
6938 + goto error;
6939 +
6940 + while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
6941 + {
6942 + lnum++;
6943 + strcpy(linebuf, olinebuf);
6944 + keyword = linebuf;
6945 + /* Skip leading space */
6946 + while (isspace((unsigned char)*keyword))
6947 + keyword++;
6948 +
6949 + /* Look for = sign */
6950 + p = strchr(linebuf, '=');
6951 +
6952 + /* If no = just copy */
6953 + if (!p)
6954 + {
6955 + if (fputs(olinebuf, out) < 0)
6956 + goto error;
6957 + continue;
6958 + }
6959 +
6960 + q = p - 1;
6961 +
6962 + /* Remove trailing space */
6963 + while (isspace((unsigned char)*q))
6964 + *q-- = 0;
6965 +
6966 + *p = 0;
6967 + value = p + 1;
6968 +
6969 + /* Remove leading space from value */
6970 + while (isspace((unsigned char)*value))
6971 + value++;
6972 +
6973 + /* Remove trailing space from value */
6974 + p = value + strlen(value) - 1;
6975 +
6976 + while (*p == '\n' || isspace((unsigned char)*p))
6977 + *p-- = 0;
6978 +
6979 + /* Look for [mod = XXX] for key length */
6980 +
6981 + if (!strcmp(keyword, "[mod"))
6982 + {
6983 + p = value + strlen(value) - 1;
6984 + if (*p != ']')
6985 + goto parse_error;
6986 + *p = 0;
6987 + keylen = atoi(value);
6988 + if (keylen < 0)
6989 + goto parse_error;
6990 + }
6991 + else if (!strcmp(keyword, "SHAAlg"))
6992 + {
6993 + if (!strcmp(value, "SHA1"))
6994 + dgst = EVP_sha1();
6995 + else if (!strcmp(value, "SHA224"))
6996 + dgst = EVP_sha224();
6997 + else if (!strcmp(value, "SHA256"))
6998 + dgst = EVP_sha256();
6999 + else if (!strcmp(value, "SHA384"))
7000 + dgst = EVP_sha384();
7001 + else if (!strcmp(value, "SHA512"))
7002 + dgst = EVP_sha512();
7003 + else
7004 + {
7005 + fprintf(stderr,
7006 + "FATAL: unsupported algorithm \"%s\"\n",
7007 + value);
7008 + goto parse_error;
7009 + }
7010 + }
7011 + else if (!strcmp(keyword, "Msg"))
7012 + {
7013 + if (Msg)
7014 + goto parse_error;
7015 + if (strlen(value) & 1)
7016 + *(--value) = '0';
7017 + Msg = hex2bin_m(value, &Msglen);
7018 + if (!Msg)
7019 + goto parse_error;
7020 + }
7021 +
7022 + fputs(olinebuf, out);
7023 +
7024 + /* If key length has changed, generate and output public
7025 + * key components of new RSA private key.
7026 + */
7027 +
7028 + if (keylen != current_keylen)
7029 + {
7030 + BIGNUM *bn_e;
7031 + if (rsa)
7032 + FIPS_rsa_free(rsa);
7033 + rsa = FIPS_rsa_new();
7034 + if (!rsa)
7035 + goto error;
7036 + bn_e = BN_new();
7037 + if (!bn_e || !BN_set_word(bn_e, 0x1001))
7038 + goto error;
7039 + if (!RSA_X931_generate_key_ex(rsa, keylen, bn_e, NULL))
7040 + goto error;
7041 + BN_free(bn_e);
7042 + fputs("n = ", out);
7043 + do_bn_print(out, rsa->n);
7044 + fputs("\ne = ", out);
7045 + do_bn_print(out, rsa->e);
7046 + fputs("\n", out);
7047 + current_keylen = keylen;
7048 + }
7049 +
7050 + if (Msg && dgst)
7051 + {
7052 + if (!rsa_printsig(out, rsa, dgst, Msg, Msglen,
7053 + Saltlen))
7054 + goto error;
7055 + OPENSSL_free(Msg);
7056 + Msg = NULL;
7057 + }
7058 +
7059 + }
7060 +
7061 + ret = 1;
7062 +
7063 + error:
7064 +
7065 + if (olinebuf)
7066 + OPENSSL_free(olinebuf);
7067 + if (linebuf)
7068 + OPENSSL_free(linebuf);
7069 + if (rsa)
7070 + FIPS_rsa_free(rsa);
7071 +
7072 + return ret;
7073 +
7074 + parse_error:
7075 +
7076 + fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
7077 +
7078 + goto error;
7079 +
7080 + }
7081 +
7082 +static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
7083 + unsigned char *Msg, long Msglen, int Saltlen)
7084 + {
7085 + int ret = 0;
7086 + unsigned char *sigbuf = NULL;
7087 + int i, siglen;
7088 + /* EVP_PKEY structure */
7089 + EVP_PKEY pk;
7090 + EVP_MD_CTX ctx;
7091 + pk.type = EVP_PKEY_RSA;
7092 + pk.pkey.rsa = rsa;
7093 +
7094 + siglen = RSA_size(rsa);
7095 + sigbuf = OPENSSL_malloc(siglen);
7096 + if (!sigbuf)
7097 + goto error;
7098 +
7099 + EVP_MD_CTX_init(&ctx);
7100 +
7101 + if (Saltlen >= 0)
7102 + {
7103 + M_EVP_MD_CTX_set_flags(&ctx,
7104 + EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16));
7105 + }
7106 + else if (Saltlen == -2)
7107 + M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931);
7108 + if (!EVP_SignInit_ex(&ctx, dgst, NULL))
7109 + goto error;
7110 + if (!EVP_SignUpdate(&ctx, Msg, Msglen))
7111 + goto error;
7112 + if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, &pk))
7113 + goto error;
7114 +
7115 + EVP_MD_CTX_cleanup(&ctx);
7116 +
7117 + fputs("S = ", out);
7118 +
7119 + for (i = 0; i < siglen; i++)
7120 + fprintf(out, "%02X", sigbuf[i]);
7121 +
7122 + fputs("\n", out);
7123 +
7124 + ret = 1;
7125 +
7126 + error:
7127 +
7128 + return ret;
7129 + }
7130 +#endif
7131 diff -up openssl-1.0.1b/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_rsavtest.c
7132 --- openssl-1.0.1b/crypto/fips/cavs/fips_rsavtest.c.fips 2012-04-26 18:00:51.400769298 +0200
7133 +++ openssl-1.0.1b/crypto/fips/cavs/fips_rsavtest.c 2012-04-26 18:00:51.400769298 +0200
7134 @@ -0,0 +1,377 @@
7135 +/* fips_rsavtest.c */
7136 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
7137 + * project 2005.
7138 + */
7139 +/* ====================================================================
7140 + * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
7141 + *
7142 + * Redistribution and use in source and binary forms, with or without
7143 + * modification, are permitted provided that the following conditions
7144 + * are met:
7145 + *
7146 + * 1. Redistributions of source code must retain the above copyright
7147 + * notice, this list of conditions and the following disclaimer.
7148 + *
7149 + * 2. Redistributions in binary form must reproduce the above copyright
7150 + * notice, this list of conditions and the following disclaimer in
7151 + * the documentation and/or other materials provided with the
7152 + * distribution.
7153 + *
7154 + * 3. All advertising materials mentioning features or use of this
7155 + * software must display the following acknowledgment:
7156 + * "This product includes software developed by the OpenSSL Project
7157 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
7158 + *
7159 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
7160 + * endorse or promote products derived from this software without
7161 + * prior written permission. For written permission, please contact
7162 + * licensing@OpenSSL.org.
7163 + *
7164 + * 5. Products derived from this software may not be called "OpenSSL"
7165 + * nor may "OpenSSL" appear in their names without prior written
7166 + * permission of the OpenSSL Project.
7167 + *
7168 + * 6. Redistributions of any form whatsoever must retain the following
7169 + * acknowledgment:
7170 + * "This product includes software developed by the OpenSSL Project
7171 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
7172 + *
7173 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
7174 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
7175 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
7176 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
7177 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
7178 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
7179 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
7180 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
7181 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
7182 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
7183 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
7184 + * OF THE POSSIBILITY OF SUCH DAMAGE.
7185 + * ====================================================================
7186 + *
7187 + * This product includes cryptographic software written by Eric Young
7188 + * (eay@cryptsoft.com). This product includes software written by Tim
7189 + * Hudson (tjh@cryptsoft.com).
7190 + *
7191 + */
7192 +
7193 +#include <stdio.h>
7194 +#include <ctype.h>
7195 +#include <string.h>
7196 +#include <openssl/bio.h>
7197 +#include <openssl/evp.h>
7198 +#include <openssl/hmac.h>
7199 +#include <openssl/err.h>
7200 +#include <openssl/x509v3.h>
7201 +#include <openssl/bn.h>
7202 +#include <openssl/rsa.h>
7203 +
7204 +#ifndef OPENSSL_FIPS
7205 +
7206 +int main(int argc, char *argv[])
7207 +{
7208 + printf("No FIPS RSA support\n");
7209 + return(0);
7210 +}
7211 +
7212 +#else
7213 +
7214 +#include "fips_utl.h"
7215 +
7216 +int rsa_test(FILE *out, FILE *in, int saltlen);
7217 +static int rsa_printver(FILE *out,
7218 + BIGNUM *n, BIGNUM *e,
7219 + const EVP_MD *dgst,
7220 + unsigned char *Msg, long Msglen,
7221 + unsigned char *S, long Slen, int Saltlen);
7222 +
7223 +int main(int argc, char **argv)
7224 + {
7225 + FILE *in = NULL, *out = NULL;
7226 +
7227 + int ret = 1;
7228 + int Saltlen = -1;
7229 +
7230 + if(!FIPS_mode_set(1))
7231 + {
7232 + do_print_errors();
7233 + goto end;
7234 + }
7235 +
7236 + if ((argc > 2) && !strcmp("-saltlen", argv[1]))
7237 + {
7238 + Saltlen = atoi(argv[2]);
7239 + if (Saltlen < 0)
7240 + {
7241 + fprintf(stderr, "FATAL: Invalid salt length\n");
7242 + goto end;
7243 + }
7244 + argc -= 2;
7245 + argv += 2;
7246 + }
7247 + else if ((argc > 1) && !strcmp("-x931", argv[1]))
7248 + {
7249 + Saltlen = -2;
7250 + argc--;
7251 + argv++;
7252 + }
7253 +
7254 + if (argc == 1)
7255 + in = stdin;
7256 + else
7257 + in = fopen(argv[1], "r");
7258 +
7259 + if (argc < 2)
7260 + out = stdout;
7261 + else
7262 + out = fopen(argv[2], "w");
7263 +
7264 + if (!in)
7265 + {
7266 + fprintf(stderr, "FATAL input initialization error\n");
7267 + goto end;
7268 + }
7269 +
7270 + if (!out)
7271 + {
7272 + fprintf(stderr, "FATAL output initialization error\n");
7273 + goto end;
7274 + }
7275 +
7276 + if (!rsa_test(out, in, Saltlen))
7277 + {
7278 + fprintf(stderr, "FATAL RSAVTEST file processing error\n");
7279 + goto end;
7280 + }
7281 + else
7282 + ret = 0;
7283 +
7284 + end:
7285 +
7286 + if (ret)
7287 + do_print_errors();
7288 +
7289 + if (in && (in != stdin))
7290 + fclose(in);
7291 + if (out && (out != stdout))
7292 + fclose(out);
7293 +
7294 + return ret;
7295 +
7296 + }
7297 +
7298 +#define RSA_TEST_MAXLINELEN 10240
7299 +
7300 +int rsa_test(FILE *out, FILE *in, int Saltlen)
7301 + {
7302 + char *linebuf, *olinebuf, *p, *q;
7303 + char *keyword, *value;
7304 + const EVP_MD *dgst = NULL;
7305 + BIGNUM *n = NULL, *e = NULL;
7306 + unsigned char *Msg = NULL, *S = NULL;
7307 + long Msglen, Slen;
7308 + int ret = 0;
7309 + int lnum = 0;
7310 +
7311 + olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
7312 + linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
7313 +
7314 + if (!linebuf || !olinebuf)
7315 + goto error;
7316 +
7317 + while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
7318 + {
7319 + lnum++;
7320 + strcpy(linebuf, olinebuf);
7321 + keyword = linebuf;
7322 + /* Skip leading space */
7323 + while (isspace((unsigned char)*keyword))
7324 + keyword++;
7325 +
7326 + /* Look for = sign */
7327 + p = strchr(linebuf, '=');
7328 +
7329 + /* If no = or starts with [ (for [foo = bar] line) just copy */
7330 + if (!p || *keyword=='[')
7331 + {
7332 + if (fputs(olinebuf, out) < 0)
7333 + goto error;
7334 + continue;
7335 + }
7336 +
7337 + q = p - 1;
7338 +
7339 + /* Remove trailing space */
7340 + while (isspace((unsigned char)*q))
7341 + *q-- = 0;
7342 +
7343 + *p = 0;
7344 + value = p + 1;
7345 +
7346 + /* Remove leading space from value */
7347 + while (isspace((unsigned char)*value))
7348 + value++;
7349 +
7350 + /* Remove trailing space from value */
7351 + p = value + strlen(value) - 1;
7352 +
7353 + while (*p == '\n' || isspace((unsigned char)*p))
7354 + *p-- = 0;
7355 +
7356 + if (!strcmp(keyword, "n"))
7357 + {
7358 + if (!do_hex2bn(&n,value))
7359 + goto parse_error;
7360 + }
7361 + else if (!strcmp(keyword, "e"))
7362 + {
7363 + if (!do_hex2bn(&e,value))
7364 + goto parse_error;
7365 + }
7366 + else if (!strcmp(keyword, "SHAAlg"))
7367 + {
7368 + if (!strcmp(value, "SHA1"))
7369 + dgst = EVP_sha1();
7370 + else if (!strcmp(value, "SHA224"))
7371 + dgst = EVP_sha224();
7372 + else if (!strcmp(value, "SHA256"))
7373 + dgst = EVP_sha256();
7374 + else if (!strcmp(value, "SHA384"))
7375 + dgst = EVP_sha384();
7376 + else if (!strcmp(value, "SHA512"))
7377 + dgst = EVP_sha512();
7378 + else
7379 + {
7380 + fprintf(stderr,
7381 + "FATAL: unsupported algorithm \"%s\"\n",
7382 + value);
7383 + goto parse_error;
7384 + }
7385 + }
7386 + else if (!strcmp(keyword, "Msg"))
7387 + {
7388 + if (Msg)
7389 + goto parse_error;
7390 + if (strlen(value) & 1)
7391 + *(--value) = '0';
7392 + Msg = hex2bin_m(value, &Msglen);
7393 + if (!Msg)
7394 + goto parse_error;
7395 + }
7396 + else if (!strcmp(keyword, "S"))
7397 + {
7398 + if (S)
7399 + goto parse_error;
7400 + if (strlen(value) & 1)
7401 + *(--value) = '0';
7402 + S = hex2bin_m(value, &Slen);
7403 + if (!S)
7404 + goto parse_error;
7405 + }
7406 + else if (!strcmp(keyword, "Result"))
7407 + continue;
7408 + else
7409 + goto parse_error;
7410 +
7411 + fputs(olinebuf, out);
7412 +
7413 + if (n && e && Msg && S && dgst)
7414 + {
7415 + if (!rsa_printver(out, n, e, dgst,
7416 + Msg, Msglen, S, Slen, Saltlen))
7417 + goto error;
7418 + OPENSSL_free(Msg);
7419 + Msg = NULL;
7420 + OPENSSL_free(S);
7421 + S = NULL;
7422 + }
7423 +
7424 + }
7425 +
7426 +
7427 + ret = 1;
7428 +
7429 +
7430 + error:
7431 +
7432 + if (olinebuf)
7433 + OPENSSL_free(olinebuf);
7434 + if (linebuf)
7435 + OPENSSL_free(linebuf);
7436 + if (n)
7437 + BN_free(n);
7438 + if (e)
7439 + BN_free(e);
7440 +
7441 + return ret;
7442 +
7443 + parse_error:
7444 +
7445 + fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
7446 +
7447 + goto error;
7448 +
7449 + }
7450 +
7451 +static int rsa_printver(FILE *out,
7452 + BIGNUM *n, BIGNUM *e,
7453 + const EVP_MD *dgst,
7454 + unsigned char *Msg, long Msglen,
7455 + unsigned char *S, long Slen, int Saltlen)
7456 + {
7457 + int ret = 0, r;
7458 + /* Setup RSA and EVP_PKEY structures */
7459 + RSA *rsa_pubkey = NULL;
7460 + EVP_PKEY pk;
7461 + EVP_MD_CTX ctx;
7462 + unsigned char *buf = NULL;
7463 + rsa_pubkey = FIPS_rsa_new();
7464 + if (!rsa_pubkey)
7465 + goto error;
7466 + rsa_pubkey->n = BN_dup(n);
7467 + rsa_pubkey->e = BN_dup(e);
7468 + if (!rsa_pubkey->n || !rsa_pubkey->e)
7469 + goto error;
7470 + pk.type = EVP_PKEY_RSA;
7471 + pk.pkey.rsa = rsa_pubkey;
7472 +
7473 + EVP_MD_CTX_init(&ctx);
7474 +
7475 + if (Saltlen >= 0)
7476 + {
7477 + M_EVP_MD_CTX_set_flags(&ctx,
7478 + EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16));
7479 + }
7480 + else if (Saltlen == -2)
7481 + M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931);
7482 + if (!EVP_VerifyInit_ex(&ctx, dgst, NULL))
7483 + goto error;
7484 + if (!EVP_VerifyUpdate(&ctx, Msg, Msglen))
7485 + goto error;
7486 +
7487 + r = EVP_VerifyFinal(&ctx, S, Slen, &pk);
7488 +
7489 +
7490 + EVP_MD_CTX_cleanup(&ctx);
7491 +
7492 + if (r < 0)
7493 + goto error;
7494 + ERR_clear_error();
7495 +
7496 + if (r == 0)
7497 + fputs("Result = F\n", out);
7498 + else
7499 + fputs("Result = P\n", out);
7500 +
7501 + ret = 1;
7502 +
7503 + error:
7504 + if (rsa_pubkey)
7505 + FIPS_rsa_free(rsa_pubkey);
7506 + if (buf)
7507 + OPENSSL_free(buf);
7508 +
7509 + return ret;
7510 + }
7511 +#endif
7512 diff -up openssl-1.0.1b/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1b/crypto/fips/cavs/fips_shatest.c
7513 --- openssl-1.0.1b/crypto/fips/cavs/fips_shatest.c.fips 2012-04-26 18:00:51.400769298 +0200
7514 +++ openssl-1.0.1b/crypto/fips/cavs/fips_shatest.c 2012-04-26 18:00:51.400769298 +0200
7515 @@ -0,0 +1,388 @@
7516 +/* fips_shatest.c */
7517 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
7518 + * project 2005.
7519 + */
7520 +/* ====================================================================
7521 + * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
7522 + *
7523 + * Redistribution and use in source and binary forms, with or without
7524 + * modification, are permitted provided that the following conditions
7525 + * are met:
7526 + *
7527 + * 1. Redistributions of source code must retain the above copyright
7528 + * notice, this list of conditions and the following disclaimer.
7529 + *
7530 + * 2. Redistributions in binary form must reproduce the above copyright
7531 + * notice, this list of conditions and the following disclaimer in
7532 + * the documentation and/or other materials provided with the
7533 + * distribution.
7534 + *
7535 + * 3. All advertising materials mentioning features or use of this
7536 + * software must display the following acknowledgment:
7537 + * "This product includes software developed by the OpenSSL Project
7538 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
7539 + *
7540 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
7541 + * endorse or promote products derived from this software without
7542 + * prior written permission. For written permission, please contact
7543 + * licensing@OpenSSL.org.
7544 + *
7545 + * 5. Products derived from this software may not be called "OpenSSL"
7546 + * nor may "OpenSSL" appear in their names without prior written
7547 + * permission of the OpenSSL Project.
7548 + *
7549 + * 6. Redistributions of any form whatsoever must retain the following
7550 + * acknowledgment:
7551 + * "This product includes software developed by the OpenSSL Project
7552 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
7553 + *
7554 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
7555 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
7556 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
7557 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
7558 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
7559 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
7560 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
7561 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
7562 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
7563 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
7564 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
7565 + * OF THE POSSIBILITY OF SUCH DAMAGE.
7566 + * ====================================================================
7567 + *
7568 + * This product includes cryptographic software written by Eric Young
7569 + * (eay@cryptsoft.com). This product includes software written by Tim
7570 + * Hudson (tjh@cryptsoft.com).
7571 + *
7572 + */
7573 +
7574 +#include <stdio.h>
7575 +#include <ctype.h>
7576 +#include <string.h>
7577 +#include <openssl/bio.h>
7578 +#include <openssl/evp.h>
7579 +#include <openssl/err.h>
7580 +#include <openssl/bn.h>
7581 +#include <openssl/x509v3.h>
7582 +
7583 +#ifndef OPENSSL_FIPS
7584 +
7585 +int main(int argc, char *argv[])
7586 +{
7587 + printf("No FIPS SHAXXX support\n");
7588 + return(0);
7589 +}
7590 +
7591 +#else
7592 +
7593 +#include "fips_utl.h"
7594 +
7595 +static int dgst_test(FILE *out, FILE *in);
7596 +static int print_dgst(const EVP_MD *md, FILE *out,
7597 + unsigned char *Msg, int Msglen);
7598 +static int print_monte(const EVP_MD *md, FILE *out,
7599 + unsigned char *Seed, int SeedLen);
7600 +
7601 +int main(int argc, char **argv)
7602 + {
7603 + FILE *in = NULL, *out = NULL;
7604 +
7605 + int ret = 1;
7606 +
7607 + if(!FIPS_mode_set(1))
7608 + {
7609 + do_print_errors();
7610 + goto end;
7611 + }
7612 +
7613 + if (argc == 1)
7614 + in = stdin;
7615 + else
7616 + in = fopen(argv[1], "r");
7617 +
7618 + if (argc < 2)
7619 + out = stdout;
7620 + else
7621 + out = fopen(argv[2], "w");
7622 +
7623 + if (!in)
7624 + {
7625 + fprintf(stderr, "FATAL input initialization error\n");
7626 + goto end;
7627 + }
7628 +
7629 + if (!out)
7630 + {
7631 + fprintf(stderr, "FATAL output initialization error\n");
7632 + goto end;
7633 + }
7634 +
7635 + if (!dgst_test(out, in))
7636 + {
7637 + fprintf(stderr, "FATAL digest file processing error\n");
7638 + goto end;
7639 + }
7640 + else
7641 + ret = 0;
7642 +
7643 + end:
7644 +
7645 + if (ret)
7646 + do_print_errors();
7647 +
7648 + if (in && (in != stdin))
7649 + fclose(in);
7650 + if (out && (out != stdout))
7651 + fclose(out);
7652 +
7653 + return ret;
7654 +
7655 + }
7656 +
7657 +#define SHA_TEST_MAX_BITS 102400
7658 +#define SHA_TEST_MAXLINELEN (((SHA_TEST_MAX_BITS >> 3) * 2) + 100)
7659 +
7660 +int dgst_test(FILE *out, FILE *in)
7661 + {
7662 + const EVP_MD *md = NULL;
7663 + char *linebuf, *olinebuf, *p, *q;
7664 + char *keyword, *value;
7665 + unsigned char *Msg = NULL, *Seed = NULL;
7666 + long MsgLen = -1, Len = -1, SeedLen = -1;
7667 + int ret = 0;
7668 + int lnum = 0;
7669 +
7670 + olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
7671 + linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
7672 +
7673 + if (!linebuf || !olinebuf)
7674 + goto error;
7675 +
7676 +
7677 + while (fgets(olinebuf, SHA_TEST_MAXLINELEN, in))
7678 + {
7679 + lnum++;
7680 + strcpy(linebuf, olinebuf);
7681 + keyword = linebuf;
7682 + /* Skip leading space */
7683 + while (isspace((unsigned char)*keyword))
7684 + keyword++;
7685 +
7686 + /* Look for = sign */
7687 + p = strchr(linebuf, '=');
7688 +
7689 + /* If no = or starts with [ (for [L=20] line) just copy */
7690 + if (!p)
7691 + {
7692 + fputs(olinebuf, out);
7693 + continue;
7694 + }
7695 +
7696 + q = p - 1;
7697 +
7698 + /* Remove trailing space */
7699 + while (isspace((unsigned char)*q))
7700 + *q-- = 0;
7701 +
7702 + *p = 0;
7703 + value = p + 1;
7704 +
7705 + /* Remove leading space from value */
7706 + while (isspace((unsigned char)*value))
7707 + value++;
7708 +
7709 + /* Remove trailing space from value */
7710 + p = value + strlen(value) - 1;
7711 + while (*p == '\n' || isspace((unsigned char)*p))
7712 + *p-- = 0;
7713 +
7714 + if (!strcmp(keyword,"[L") && *p==']')
7715 + {
7716 + switch (atoi(value))
7717 + {
7718 + case 20: md=EVP_sha1(); break;
7719 + case 28: md=EVP_sha224(); break;
7720 + case 32: md=EVP_sha256(); break;
7721 + case 48: md=EVP_sha384(); break;
7722 + case 64: md=EVP_sha512(); break;
7723 + default: goto parse_error;
7724 + }
7725 + }
7726 + else if (!strcmp(keyword, "Len"))
7727 + {
7728 + if (Len != -1)
7729 + goto parse_error;
7730 + Len = atoi(value);
7731 + if (Len < 0)
7732 + goto parse_error;
7733 + /* Only handle multiples of 8 bits */
7734 + if (Len & 0x7)
7735 + goto parse_error;
7736 + if (Len > SHA_TEST_MAX_BITS)
7737 + goto parse_error;
7738 + MsgLen = Len >> 3;
7739 + }
7740 +
7741 + else if (!strcmp(keyword, "Msg"))
7742 + {
7743 + long tmplen;
7744 + if (strlen(value) & 1)
7745 + *(--value) = '0';
7746 + if (Msg)
7747 + goto parse_error;
7748 + Msg = hex2bin_m(value, &tmplen);
7749 + if (!Msg)
7750 + goto parse_error;
7751 + }
7752 + else if (!strcmp(keyword, "Seed"))
7753 + {
7754 + if (strlen(value) & 1)
7755 + *(--value) = '0';
7756 + if (Seed)
7757 + goto parse_error;
7758 + Seed = hex2bin_m(value, &SeedLen);
7759 + if (!Seed)
7760 + goto parse_error;
7761 + }
7762 + else if (!strcmp(keyword, "MD"))
7763 + continue;
7764 + else
7765 + goto parse_error;
7766 +
7767 + fputs(olinebuf, out);
7768 +
7769 + if (md && Msg && (MsgLen >= 0))
7770 + {
7771 + if (!print_dgst(md, out, Msg, MsgLen))
7772 + goto error;
7773 + OPENSSL_free(Msg);
7774 + Msg = NULL;
7775 + MsgLen = -1;
7776 + Len = -1;
7777 + }
7778 + else if (md && Seed && (SeedLen > 0))
7779 + {
7780 + if (!print_monte(md, out, Seed, SeedLen))
7781 + goto error;
7782 + OPENSSL_free(Seed);
7783 + Seed = NULL;
7784 + SeedLen = -1;
7785 + }
7786 +
7787 +
7788 + }
7789 +
7790 +
7791 + ret = 1;
7792 +
7793 +
7794 + error:
7795 +
7796 + if (olinebuf)
7797 + OPENSSL_free(olinebuf);
7798 + if (linebuf)
7799 + OPENSSL_free(linebuf);
7800 + if (Msg)
7801 + OPENSSL_free(Msg);
7802 + if (Seed)
7803 + OPENSSL_free(Seed);
7804 +
7805 + return ret;
7806 +
7807 + parse_error:
7808 +
7809 + fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
7810 +
7811 + goto error;
7812 +
7813 + }
7814 +
7815 +static int print_dgst(const EVP_MD *emd, FILE *out,
7816 + unsigned char *Msg, int Msglen)
7817 + {
7818 + int i, mdlen;
7819 + unsigned char md[EVP_MAX_MD_SIZE];
7820 + if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL))
7821 + {
7822 + fputs("Error calculating HASH\n", stderr);
7823 + return 0;
7824 + }
7825 + fputs("MD = ", out);
7826 + for (i = 0; i < mdlen; i++)
7827 + fprintf(out, "%02x", md[i]);
7828 + fputs("\n", out);
7829 + return 1;
7830 + }
7831 +
7832 +static int print_monte(const EVP_MD *md, FILE *out,
7833 + unsigned char *Seed, int SeedLen)
7834 + {
7835 + unsigned int i, j, k;
7836 + int ret = 0;
7837 + EVP_MD_CTX ctx;
7838 + unsigned char *m1, *m2, *m3, *p;
7839 + unsigned int mlen, m1len, m2len, m3len;
7840 +
7841 + EVP_MD_CTX_init(&ctx);
7842 +
7843 + if (SeedLen > EVP_MAX_MD_SIZE)
7844 + mlen = SeedLen;
7845 + else
7846 + mlen = EVP_MAX_MD_SIZE;
7847 +
7848 + m1 = OPENSSL_malloc(mlen);
7849 + m2 = OPENSSL_malloc(mlen);
7850 + m3 = OPENSSL_malloc(mlen);
7851 +
7852 + if (!m1 || !m2 || !m3)
7853 + goto mc_error;
7854 +
7855 + m1len = m2len = m3len = SeedLen;
7856 + memcpy(m1, Seed, SeedLen);
7857 + memcpy(m2, Seed, SeedLen);
7858 + memcpy(m3, Seed, SeedLen);
7859 +
7860 + fputs("\n", out);
7861 +
7862 + for (j = 0; j < 100; j++)
7863 + {
7864 + for (i = 0; i < 1000; i++)
7865 + {
7866 + EVP_DigestInit_ex(&ctx, md, NULL);
7867 + EVP_DigestUpdate(&ctx, m1, m1len);
7868 + EVP_DigestUpdate(&ctx, m2, m2len);
7869 + EVP_DigestUpdate(&ctx, m3, m3len);
7870 + p = m1;
7871 + m1 = m2;
7872 + m1len = m2len;
7873 + m2 = m3;
7874 + m2len = m3len;
7875 + m3 = p;
7876 + EVP_DigestFinal_ex(&ctx, m3, &m3len);
7877 + }
7878 + fprintf(out, "COUNT = %d\n", j);
7879 + fputs("MD = ", out);
7880 + for (k = 0; k < m3len; k++)
7881 + fprintf(out, "%02x", m3[k]);
7882 + fputs("\n\n", out);
7883 + memcpy(m1, m3, m3len);
7884 + memcpy(m2, m3, m3len);
7885 + m1len = m2len = m3len;
7886 + }
7887 +
7888 + ret = 1;
7889 +
7890 + mc_error:
7891 + if (m1)
7892 + OPENSSL_free(m1);
7893 + if (m2)
7894 + OPENSSL_free(m2);
7895 + if (m3)
7896 + OPENSSL_free(m3);
7897 +
7898 + EVP_MD_CTX_cleanup(&ctx);
7899 +
7900 + return ret;
7901 + }
7902 +
7903 +#endif
7904 diff -up openssl-1.0.1b/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1b/crypto/fips/cavs/fips_utl.h
7905 --- openssl-1.0.1b/crypto/fips/cavs/fips_utl.h.fips 2012-04-26 18:00:51.400769298 +0200
7906 +++ openssl-1.0.1b/crypto/fips/cavs/fips_utl.h 2012-04-26 18:00:51.400769298 +0200
7907 @@ -0,0 +1,343 @@
7908 +/* ====================================================================
7909 + * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
7910 + *
7911 + * Redistribution and use in source and binary forms, with or without
7912 + * modification, are permitted provided that the following conditions
7913 + * are met:
7914 + *
7915 + * 1. Redistributions of source code must retain the above copyright
7916 + * notice, this list of conditions and the following disclaimer.
7917 + *
7918 + * 2. Redistributions in binary form must reproduce the above copyright
7919 + * notice, this list of conditions and the following disclaimer in
7920 + * the documentation and/or other materials provided with the
7921 + * distribution.
7922 + *
7923 + * 3. All advertising materials mentioning features or use of this
7924 + * software must display the following acknowledgment:
7925 + * "This product includes software developed by the OpenSSL Project
7926 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
7927 + *
7928 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
7929 + * endorse or promote products derived from this software without
7930 + * prior written permission. For written permission, please contact
7931 + * openssl-core@openssl.org.
7932 + *
7933 + * 5. Products derived from this software may not be called "OpenSSL"
7934 + * nor may "OpenSSL" appear in their names without prior written
7935 + * permission of the OpenSSL Project.
7936 + *
7937 + * 6. Redistributions of any form whatsoever must retain the following
7938 + * acknowledgment:
7939 + * "This product includes software developed by the OpenSSL Project
7940 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
7941 + *
7942 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
7943 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
7944 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
7945 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
7946 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
7947 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
7948 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
7949 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
7950 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
7951 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
7952 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
7953 + * OF THE POSSIBILITY OF SUCH DAMAGE.
7954 + *
7955 + */
7956 +
7957 +void do_print_errors(void)
7958 + {
7959 + const char *file, *data;
7960 + int line, flags;
7961 + unsigned long l;
7962 + while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)))
7963 + {
7964 + fprintf(stderr, "ERROR:%lx:lib=%d,func=%d,reason=%d"
7965 + ":file=%s:line=%d:%s\n",
7966 + l, ERR_GET_LIB(l), ERR_GET_FUNC(l), ERR_GET_REASON(l),
7967 + file, line, flags & ERR_TXT_STRING ? data : "");
7968 + }
7969 + }
7970 +
7971 +int hex2bin(const char *in, unsigned char *out)
7972 + {
7973 + int n1, n2;
7974 + unsigned char ch;
7975 +
7976 + for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
7977 + { /* first byte */
7978 + if ((in[n1] >= '0') && (in[n1] <= '9'))
7979 + ch = in[n1++] - '0';
7980 + else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
7981 + ch = in[n1++] - 'A' + 10;
7982 + else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
7983 + ch = in[n1++] - 'a' + 10;
7984 + else
7985 + return -1;
7986 + if(!in[n1])
7987 + {
7988 + out[n2++]=ch;
7989 + break;
7990 + }
7991 + out[n2] = ch << 4;
7992 + /* second byte */
7993 + if ((in[n1] >= '0') && (in[n1] <= '9'))
7994 + ch = in[n1++] - '0';
7995 + else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
7996 + ch = in[n1++] - 'A' + 10;
7997 + else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
7998 + ch = in[n1++] - 'a' + 10;
7999 + else
8000 + return -1;
8001 + out[n2++] |= ch;
8002 + }
8003 + return n2;
8004 + }
8005 +
8006 +unsigned char *hex2bin_m(const char *in, long *plen)
8007 + {
8008 + unsigned char *p;
8009 + p = OPENSSL_malloc((strlen(in) + 1)/2);
8010 + *plen = hex2bin(in, p);
8011 + return p;
8012 + }
8013 +
8014 +int do_hex2bn(BIGNUM **pr, const char *in)
8015 + {
8016 + unsigned char *p;
8017 + long plen;
8018 + int r = 0;
8019 + p = hex2bin_m(in, &plen);
8020 + if (!p)
8021 + return 0;
8022 + if (!*pr)
8023 + *pr = BN_new();
8024 + if (!*pr)
8025 + return 0;
8026 + if (BN_bin2bn(p, plen, *pr))
8027 + r = 1;
8028 + OPENSSL_free(p);
8029 + return r;
8030 + }
8031 +
8032 +int do_bn_print(FILE *out, BIGNUM *bn)
8033 + {
8034 + int len, i;
8035 + unsigned char *tmp;
8036 + len = BN_num_bytes(bn);
8037 + if (len == 0)
8038 + {
8039 + fputs("00", out);
8040 + return 1;
8041 + }
8042 +
8043 + tmp = OPENSSL_malloc(len);
8044 + if (!tmp)
8045 + {
8046 + fprintf(stderr, "Memory allocation error\n");
8047 + return 0;
8048 + }
8049 + BN_bn2bin(bn, tmp);
8050 + for (i = 0; i < len; i++)
8051 + fprintf(out, "%02x", tmp[i]);
8052 + OPENSSL_free(tmp);
8053 + return 1;
8054 + }
8055 +
8056 +int do_bn_print_name(FILE *out, const char *name, BIGNUM *bn)
8057 + {
8058 + int r;
8059 + fprintf(out, "%s = ", name);
8060 + r = do_bn_print(out, bn);
8061 + if (!r)
8062 + return 0;
8063 + fputs("\n", out);
8064 + return 1;
8065 + }
8066 +
8067 +int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf)
8068 + {
8069 + char *keyword, *value, *p, *q;
8070 + strcpy(linebuf, olinebuf);
8071 + keyword = linebuf;
8072 + /* Skip leading space */
8073 + while (isspace((unsigned char)*keyword))
8074 + keyword++;
8075 +
8076 + /* Look for = sign */
8077 + p = strchr(linebuf, '=');
8078 +
8079 + /* If no '=' exit */
8080 + if (!p)
8081 + return 0;
8082 +
8083 + q = p - 1;
8084 +
8085 + /* Remove trailing space */
8086 + while (isspace((unsigned char)*q))
8087 + *q-- = 0;
8088 +
8089 + *p = 0;
8090 + value = p + 1;
8091 +
8092 + /* Remove leading space from value */
8093 + while (isspace((unsigned char)*value))
8094 + value++;
8095 +
8096 + /* Remove trailing space from value */
8097 + p = value + strlen(value) - 1;
8098 +
8099 + while (*p == '\n' || isspace((unsigned char)*p))
8100 + *p-- = 0;
8101 +
8102 + *pkw = keyword;
8103 + *pval = value;
8104 + return 1;
8105 + }
8106 +
8107 +BIGNUM *hex2bn(const char *in)
8108 + {
8109 + BIGNUM *p=NULL;
8110 +
8111 + if (!do_hex2bn(&p, in))
8112 + return NULL;
8113 +
8114 + return p;
8115 + }
8116 +
8117 +int bin2hex(const unsigned char *in,int len,char *out)
8118 + {
8119 + int n1, n2;
8120 + unsigned char ch;
8121 +
8122 + for (n1=0,n2=0 ; n1 < len ; ++n1)
8123 + {
8124 + ch=in[n1] >> 4;
8125 + if (ch <= 0x09)
8126 + out[n2++]=ch+'0';
8127 + else
8128 + out[n2++]=ch-10+'a';
8129 + ch=in[n1] & 0x0f;
8130 + if(ch <= 0x09)
8131 + out[n2++]=ch+'0';
8132 + else
8133 + out[n2++]=ch-10+'a';
8134 + }
8135 + out[n2]='\0';
8136 + return n2;
8137 + }
8138 +
8139 +void pv(const char *tag,const unsigned char *val,int len)
8140 + {
8141 + char obuf[2048];
8142 +
8143 + bin2hex(val,len,obuf);
8144 + printf("%s = %s\n",tag,obuf);
8145 + }
8146 +
8147 +/* To avoid extensive changes to test program at this stage just convert
8148 + * the input line into an acceptable form. Keyword lines converted to form
8149 + * "keyword = value\n" no matter what white space present, all other lines
8150 + * just have leading and trailing space removed.
8151 + */
8152 +
8153 +int tidy_line(char *linebuf, char *olinebuf)
8154 + {
8155 + char *keyword, *value, *p, *q;
8156 + strcpy(linebuf, olinebuf);
8157 + keyword = linebuf;
8158 + /* Skip leading space */
8159 + while (isspace((unsigned char)*keyword))
8160 + keyword++;
8161 + /* Look for = sign */
8162 + p = strchr(linebuf, '=');
8163 +
8164 + /* If no '=' just chop leading, trailing ws */
8165 + if (!p)
8166 + {
8167 + p = keyword + strlen(keyword) - 1;
8168 + while (*p == '\n' || isspace((unsigned char)*p))
8169 + *p-- = 0;
8170 + strcpy(olinebuf, keyword);
8171 + strcat(olinebuf, "\n");
8172 + return 1;
8173 + }
8174 +
8175 + q = p - 1;
8176 +
8177 + /* Remove trailing space */
8178 + while (isspace((unsigned char)*q))
8179 + *q-- = 0;
8180 +
8181 + *p = 0;
8182 + value = p + 1;
8183 +
8184 + /* Remove leading space from value */
8185 + while (isspace((unsigned char)*value))
8186 + value++;
8187 +
8188 + /* Remove trailing space from value */
8189 + p = value + strlen(value) - 1;
8190 +
8191 + while (*p == '\n' || isspace((unsigned char)*p))
8192 + *p-- = 0;
8193 +
8194 + strcpy(olinebuf, keyword);
8195 + strcat(olinebuf, " = ");
8196 + strcat(olinebuf, value);
8197 + strcat(olinebuf, "\n");
8198 +
8199 + return 1;
8200 + }
8201 +
8202 +/* NB: this return the number of _bits_ read */
8203 +int bint2bin(const char *in, int len, unsigned char *out)
8204 + {
8205 + int n;
8206 +
8207 + memset(out,0,len);
8208 + for(n=0 ; n < len ; ++n)
8209 + if(in[n] == '1')
8210 + out[n/8]|=(0x80 >> (n%8));
8211 + return len;
8212 + }
8213 +
8214 +int bin2bint(const unsigned char *in,int len,char *out)
8215 + {
8216 + int n;
8217 +
8218 + for(n=0 ; n < len ; ++n)
8219 + out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
8220 + return n;
8221 + }
8222 +
8223 +/*-----------------------------------------------*/
8224 +
8225 +void PrintValue(char *tag, unsigned char *val, int len)
8226 +{
8227 +#if VERBOSE
8228 + char obuf[2048];
8229 + int olen;
8230 + olen = bin2hex(val, len, obuf);
8231 + printf("%s = %.*s\n", tag, olen, obuf);
8232 +#endif
8233 +}
8234 +
8235 +void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
8236 + {
8237 + char obuf[2048];
8238 + int olen;
8239 +
8240 + if(bitmode)
8241 + olen=bin2bint(val,len,obuf);
8242 + else
8243 + olen=bin2hex(val,len,obuf);
8244 +
8245 + fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
8246 +#if VERBOSE
8247 + printf("%s = %.*s\n", tag, olen, obuf);
8248 +#endif
8249 + }
8250 +
8251 diff -up openssl-1.0.1b/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_aes_selftest.c
8252 --- openssl-1.0.1b/crypto/fips/fips_aes_selftest.c.fips 2012-04-26 18:00:51.401769321 +0200
8253 +++ openssl-1.0.1b/crypto/fips/fips_aes_selftest.c 2012-04-26 18:00:51.401769321 +0200
8254 @@ -0,0 +1,359 @@
8255 +/* ====================================================================
8256 + * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
8257 + *
8258 + * Redistribution and use in source and binary forms, with or without
8259 + * modification, are permitted provided that the following conditions
8260 + * are met:
8261 + *
8262 + * 1. Redistributions of source code must retain the above copyright
8263 + * notice, this list of conditions and the following disclaimer.
8264 + *
8265 + * 2. Redistributions in binary form must reproduce the above copyright
8266 + * notice, this list of conditions and the following disclaimer in
8267 + * the documentation and/or other materials provided with the
8268 + * distribution.
8269 + *
8270 + * 3. All advertising materials mentioning features or use of this
8271 + * software must display the following acknowledgment:
8272 + * "This product includes software developed by the OpenSSL Project
8273 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
8274 + *
8275 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
8276 + * endorse or promote products derived from this software without
8277 + * prior written permission. For written permission, please contact
8278 + * openssl-core@openssl.org.
8279 + *
8280 + * 5. Products derived from this software may not be called "OpenSSL"
8281 + * nor may "OpenSSL" appear in their names without prior written
8282 + * permission of the OpenSSL Project.
8283 + *
8284 + * 6. Redistributions of any form whatsoever must retain the following
8285 + * acknowledgment:
8286 + * "This product includes software developed by the OpenSSL Project
8287 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
8288 + *
8289 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
8290 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
8291 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
8292 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
8293 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
8294 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
8295 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
8296 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
8297 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
8298 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
8299 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
8300 + * OF THE POSSIBILITY OF SUCH DAMAGE.
8301 + *
8302 + */
8303 +
8304 +#include <string.h>
8305 +#include <openssl/err.h>
8306 +#ifdef OPENSSL_FIPS
8307 +#include <openssl/fips.h>
8308 +#endif
8309 +#include <openssl/evp.h>
8310 +
8311 +#ifdef OPENSSL_FIPS
8312 +static const struct
8313 + {
8314 + const unsigned char key[16];
8315 + const unsigned char plaintext[16];
8316 + const unsigned char ciphertext[16];
8317 + } tests[]=
8318 + {
8319 + {
8320 + { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
8321 + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
8322 + { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
8323 + 0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF },
8324 + { 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30,
8325 + 0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A },
8326 + },
8327 + };
8328 +
8329 +static int corrupt_aes;
8330 +
8331 +void FIPS_corrupt_aes()
8332 + {
8333 + corrupt_aes = 1;
8334 + }
8335 +
8336 +int FIPS_selftest_aes()
8337 + {
8338 + int n;
8339 + int ret = 0;
8340 + EVP_CIPHER_CTX ctx;
8341 + EVP_CIPHER_CTX_init(&ctx);
8342 +
8343 + for(n=0 ; n < 1 ; ++n)
8344 + {
8345 + unsigned char key[16];
8346 +
8347 + memcpy(key, tests[n].key, sizeof(key));
8348 + if (corrupt_aes)
8349 + key[0]++;
8350 + if (fips_cipher_test(&ctx, EVP_aes_128_ecb(),
8351 + key, NULL,
8352 + tests[n].plaintext,
8353 + tests[n].ciphertext,
8354 + 16) <= 0)
8355 + goto err;
8356 + }
8357 + ret = 1;
8358 + err:
8359 + EVP_CIPHER_CTX_cleanup(&ctx);
8360 + if (ret == 0)
8361 + FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
8362 + return ret;
8363 + }
8364 +
8365 +/* AES-CCM test data from NIST public test vectors */
8366 +
8367 +static const unsigned char ccm_key[] = {
8368 + 0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6,
8369 + 0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe8
8370 +};
8371 +static const unsigned char ccm_nonce[] = {
8372 + 0x76,0x40,0x43,0xc4,0x94,0x60,0xb7
8373 +};
8374 +static const unsigned char ccm_adata[] = {
8375 + 0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7,
8376 + 0x5f,0x10,0xbd,0xe7,0x8c,0x23,0xfa,0x0e,0xb8,0xf9,0xaa,0xa5,
8377 + 0x3a,0xde,0xfb,0xf4,0xcb,0xf7,0x8f,0xe4
8378 +};
8379 +static const unsigned char ccm_pt[] = {
8380 + 0xc8,0xd2,0x75,0xf9,0x19,0xe1,0x7d,0x7f,0xe6,0x9c,0x2a,0x1f,
8381 + 0x58,0x93,0x9d,0xfe,0x4d,0x40,0x37,0x91,0xb5,0xdf,0x13,0x10
8382 +};
8383 +static const unsigned char ccm_ct[] = {
8384 + 0x8a,0x0f,0x3d,0x82,0x29,0xe4,0x8e,0x74,0x87,0xfd,0x95,0xa2,
8385 + 0x8a,0xd3,0x92,0xc8,0x0b,0x36,0x81,0xd4,0xfb,0xc7,0xbb,0xfd
8386 +};
8387 +static const unsigned char ccm_tag[] = {
8388 + 0x2d,0xd6,0xef,0x1c,0x45,0xd4,0xcc,0xb7,0x23,0xdc,0x07,0x44,
8389 + 0x14,0xdb,0x50,0x6d
8390 +};
8391 +
8392 +int FIPS_selftest_aes_ccm(void)
8393 + {
8394 + int ret = 0;
8395 + unsigned char out[128], tag[16];
8396 + EVP_CIPHER_CTX ctx;
8397 + EVP_CIPHER_CTX_init(&ctx);
8398 + memset(out, 0, sizeof(out));
8399 + if (!EVP_CipherInit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 1))
8400 + goto err;
8401 + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
8402 + sizeof(ccm_nonce), NULL))
8403 + goto err;
8404 + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
8405 + sizeof(ccm_tag), NULL))
8406 + goto err;
8407 + if (!EVP_CipherInit(&ctx, NULL, ccm_key, ccm_nonce, 1))
8408 + goto err;
8409 + if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt))
8410 + goto err;
8411 + if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
8412 + goto err;
8413 + if (EVP_Cipher(&ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct))
8414 + goto err;
8415 +
8416 + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, 16, tag))
8417 + goto err;
8418 + if (memcmp(tag, ccm_tag, sizeof(ccm_tag))
8419 + || memcmp(out, ccm_ct, sizeof(ccm_ct)))
8420 + goto err;
8421 +
8422 + memset(out, 0, sizeof(out));
8423 +
8424 + if (!EVP_CipherInit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 0))
8425 + goto err;
8426 + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
8427 + sizeof(ccm_nonce), NULL))
8428 + goto err;
8429 + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag))
8430 + goto err;
8431 + if (!EVP_CipherInit(&ctx, NULL, ccm_key, ccm_nonce, 0))
8432 + goto err;
8433 + if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct))
8434 + goto err;
8435 + if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
8436 + goto err;
8437 + if (EVP_Cipher(&ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt))
8438 + goto err;
8439 +
8440 + if (memcmp(out, ccm_pt, sizeof(ccm_pt)))
8441 + goto err;
8442 +
8443 + ret = 1;
8444 +
8445 + err:
8446 + EVP_CIPHER_CTX_cleanup(&ctx);
8447 +
8448 + if (ret == 0)
8449 + {
8450 + FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM,FIPS_R_SELFTEST_FAILED);
8451 + return 0;
8452 + }
8453 + else
8454 + return ret;
8455 +
8456 + }
8457 +
8458 +/* AES-GCM test data from NIST public test vectors */
8459 +
8460 +static const unsigned char gcm_key[] = {
8461 + 0xee,0xbc,0x1f,0x57,0x48,0x7f,0x51,0x92,0x1c,0x04,0x65,0x66,
8462 + 0x5f,0x8a,0xe6,0xd1,0x65,0x8b,0xb2,0x6d,0xe6,0xf8,0xa0,0x69,
8463 + 0xa3,0x52,0x02,0x93,0xa5,0x72,0x07,0x8f
8464 +};
8465 +static const unsigned char gcm_iv[] = {
8466 + 0x99,0xaa,0x3e,0x68,0xed,0x81,0x73,0xa0,0xee,0xd0,0x66,0x84
8467 +};
8468 +static const unsigned char gcm_pt[] = {
8469 + 0xf5,0x6e,0x87,0x05,0x5b,0xc3,0x2d,0x0e,0xeb,0x31,0xb2,0xea,
8470 + 0xcc,0x2b,0xf2,0xa5
8471 +};
8472 +static const unsigned char gcm_aad[] = {
8473 + 0x4d,0x23,0xc3,0xce,0xc3,0x34,0xb4,0x9b,0xdb,0x37,0x0c,0x43,
8474 + 0x7f,0xec,0x78,0xde
8475 +};
8476 +static const unsigned char gcm_ct[] = {
8477 + 0xf7,0x26,0x44,0x13,0xa8,0x4c,0x0e,0x7c,0xd5,0x36,0x86,0x7e,
8478 + 0xb9,0xf2,0x17,0x36
8479 +};
8480 +static const unsigned char gcm_tag[] = {
8481 + 0x67,0xba,0x05,0x10,0x26,0x2a,0xe4,0x87,0xd7,0x37,0xee,0x62,
8482 + 0x98,0xf7,0x7e,0x0c
8483 +};
8484 +
8485 +int FIPS_selftest_aes_gcm(void)
8486 + {
8487 + int ret = 0;
8488 + unsigned char out[128], tag[16];
8489 + EVP_CIPHER_CTX ctx;
8490 + EVP_CIPHER_CTX_init(&ctx);
8491 + memset(out, 0, sizeof(out));
8492 + memset(tag, 0, sizeof(tag));
8493 + if (!EVP_CipherInit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
8494 + goto err;
8495 + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
8496 + sizeof(gcm_iv), NULL))
8497 + goto err;
8498 + if (!EVP_CipherInit(&ctx, NULL, gcm_key, gcm_iv, 1))
8499 + goto err;
8500 + if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
8501 + goto err;
8502 + if (EVP_Cipher(&ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct))
8503 + goto err;
8504 + if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0)
8505 + goto err;
8506 +
8507 + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
8508 + goto err;
8509 +
8510 + if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
8511 + goto err;
8512 +
8513 + memset(out, 0, sizeof(out));
8514 +
8515 + if (!EVP_CipherInit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0))
8516 + goto err;
8517 + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
8518 + sizeof(gcm_iv), NULL))
8519 + goto err;
8520 + if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
8521 + goto err;
8522 + if (!EVP_CipherInit(&ctx, NULL, gcm_key, gcm_iv, 0))
8523 + goto err;
8524 + if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
8525 + goto err;
8526 + if (EVP_Cipher(&ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt))
8527 + goto err;
8528 + if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0)
8529 + goto err;
8530 +
8531 + if (memcmp(out, gcm_pt, 16))
8532 + goto err;
8533 +
8534 + ret = 1;
8535 +
8536 + err:
8537 + EVP_CIPHER_CTX_cleanup(&ctx);
8538 +
8539 + if (ret == 0)
8540 + {
8541 + FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED);
8542 + return 0;
8543 + }
8544 + else
8545 + return ret;
8546 +
8547 + }
8548 +
8549 +
8550 +static const unsigned char XTS_128_key[] = {
8551 + 0xa1,0xb9,0x0c,0xba,0x3f,0x06,0xac,0x35,0x3b,0x2c,0x34,0x38,
8552 + 0x76,0x08,0x17,0x62,0x09,0x09,0x23,0x02,0x6e,0x91,0x77,0x18,
8553 + 0x15,0xf2,0x9d,0xab,0x01,0x93,0x2f,0x2f
8554 +};
8555 +static const unsigned char XTS_128_i[] = {
8556 + 0x4f,0xae,0xf7,0x11,0x7c,0xda,0x59,0xc6,0x6e,0x4b,0x92,0x01,
8557 + 0x3e,0x76,0x8a,0xd5
8558 +};
8559 +static const unsigned char XTS_128_pt[] = {
8560 + 0xeb,0xab,0xce,0x95,0xb1,0x4d,0x3c,0x8d,0x6f,0xb3,0x50,0x39,
8561 + 0x07,0x90,0x31,0x1c
8562 +};
8563 +static const unsigned char XTS_128_ct[] = {
8564 + 0x77,0x8a,0xe8,0xb4,0x3c,0xb9,0x8d,0x5a,0x82,0x50,0x81,0xd5,
8565 + 0xbe,0x47,0x1c,0x63
8566 +};
8567 +
8568 +static const unsigned char XTS_256_key[] = {
8569 + 0x1e,0xa6,0x61,0xc5,0x8d,0x94,0x3a,0x0e,0x48,0x01,0xe4,0x2f,
8570 + 0x4b,0x09,0x47,0x14,0x9e,0x7f,0x9f,0x8e,0x3e,0x68,0xd0,0xc7,
8571 + 0x50,0x52,0x10,0xbd,0x31,0x1a,0x0e,0x7c,0xd6,0xe1,0x3f,0xfd,
8572 + 0xf2,0x41,0x8d,0x8d,0x19,0x11,0xc0,0x04,0xcd,0xa5,0x8d,0xa3,
8573 + 0xd6,0x19,0xb7,0xe2,0xb9,0x14,0x1e,0x58,0x31,0x8e,0xea,0x39,
8574 + 0x2c,0xf4,0x1b,0x08
8575 +};
8576 +static const unsigned char XTS_256_i[] = {
8577 + 0xad,0xf8,0xd9,0x26,0x27,0x46,0x4a,0xd2,0xf0,0x42,0x8e,0x84,
8578 + 0xa9,0xf8,0x75,0x64
8579 +};
8580 +static const unsigned char XTS_256_pt[] = {
8581 + 0x2e,0xed,0xea,0x52,0xcd,0x82,0x15,0xe1,0xac,0xc6,0x47,0xe8,
8582 + 0x10,0xbb,0xc3,0x64,0x2e,0x87,0x28,0x7f,0x8d,0x2e,0x57,0xe3,
8583 + 0x6c,0x0a,0x24,0xfb,0xc1,0x2a,0x20,0x2e
8584 +};
8585 +static const unsigned char XTS_256_ct[] = {
8586 + 0xcb,0xaa,0xd0,0xe2,0xf6,0xce,0xa3,0xf5,0x0b,0x37,0xf9,0x34,
8587 + 0xd4,0x6a,0x9b,0x13,0x0b,0x9d,0x54,0xf0,0x7e,0x34,0xf3,0x6a,
8588 + 0xf7,0x93,0xe8,0x6f,0x73,0xc6,0xd7,0xdb
8589 +};
8590 +
8591 +int FIPS_selftest_aes_xts()
8592 + {
8593 + int ret = 1;
8594 + EVP_CIPHER_CTX ctx;
8595 + EVP_CIPHER_CTX_init(&ctx);
8596 +
8597 + if (fips_cipher_test(&ctx, EVP_aes_128_xts(),
8598 + XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct,
8599 + sizeof(XTS_128_pt)) <= 0)
8600 + ret = 0;
8601 +
8602 + if (fips_cipher_test(&ctx, EVP_aes_256_xts(),
8603 + XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct,
8604 + sizeof(XTS_256_pt)) <= 0)
8605 + ret = 0;
8606 +
8607 + EVP_CIPHER_CTX_cleanup(&ctx);
8608 + if (ret == 0)
8609 + FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS,FIPS_R_SELFTEST_FAILED);
8610 + return ret;
8611 + }
8612 +
8613 +#endif
8614 diff -up openssl-1.0.1b/crypto/fips/fips.c.fips openssl-1.0.1b/crypto/fips/fips.c
8615 --- openssl-1.0.1b/crypto/fips/fips.c.fips 2012-04-26 18:00:51.401769321 +0200
8616 +++ openssl-1.0.1b/crypto/fips/fips.c 2012-04-26 18:00:51.401769321 +0200
8617 @@ -0,0 +1,489 @@
8618 +/* ====================================================================
8619 + * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
8620 + *
8621 + * Redistribution and use in source and binary forms, with or without
8622 + * modification, are permitted provided that the following conditions
8623 + * are met:
8624 + *
8625 + * 1. Redistributions of source code must retain the above copyright
8626 + * notice, this list of conditions and the following disclaimer.
8627 + *
8628 + * 2. Redistributions in binary form must reproduce the above copyright
8629 + * notice, this list of conditions and the following disclaimer in
8630 + * the documentation and/or other materials provided with the
8631 + * distribution.
8632 + *
8633 + * 3. All advertising materials mentioning features or use of this
8634 + * software must display the following acknowledgment:
8635 + * "This product includes software developed by the OpenSSL Project
8636 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
8637 + *
8638 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
8639 + * endorse or promote products derived from this software without
8640 + * prior written permission. For written permission, please contact
8641 + * openssl-core@openssl.org.
8642 + *
8643 + * 5. Products derived from this software may not be called "OpenSSL"
8644 + * nor may "OpenSSL" appear in their names without prior written
8645 + * permission of the OpenSSL Project.
8646 + *
8647 + * 6. Redistributions of any form whatsoever must retain the following
8648 + * acknowledgment:
8649 + * "This product includes software developed by the OpenSSL Project
8650 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
8651 + *
8652 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
8653 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
8654 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
8655 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
8656 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
8657 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
8658 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
8659 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
8660 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
8661 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
8662 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
8663 + * OF THE POSSIBILITY OF SUCH DAMAGE.
8664 + *
8665 + */
8666 +
8667 +#define _GNU_SOURCE
8668 +
8669 +#include <openssl/rand.h>
8670 +#include <openssl/fips_rand.h>
8671 +#include <openssl/err.h>
8672 +#include <openssl/bio.h>
8673 +#include <openssl/hmac.h>
8674 +#include <openssl/rsa.h>
8675 +#include <string.h>
8676 +#include <limits.h>
8677 +#include <dlfcn.h>
8678 +#include <stdio.h>
8679 +#include <stdlib.h>
8680 +#include "fips_locl.h"
8681 +
8682 +#ifdef OPENSSL_FIPS
8683 +
8684 +#include <openssl/fips.h>
8685 +
8686 +#ifndef PATH_MAX
8687 +#define PATH_MAX 1024
8688 +#endif
8689 +
8690 +static int fips_selftest_fail = 0;
8691 +static int fips_mode = 0;
8692 +static int fips_started = 0;
8693 +
8694 +static int fips_is_owning_thread(void);
8695 +static int fips_set_owning_thread(void);
8696 +static int fips_clear_owning_thread(void);
8697 +
8698 +#define fips_w_lock() CRYPTO_w_lock(CRYPTO_LOCK_FIPS)
8699 +#define fips_w_unlock() CRYPTO_w_unlock(CRYPTO_LOCK_FIPS)
8700 +#define fips_r_lock() CRYPTO_r_lock(CRYPTO_LOCK_FIPS)
8701 +#define fips_r_unlock() CRYPTO_r_unlock(CRYPTO_LOCK_FIPS)
8702 +
8703 +static void fips_set_mode(int onoff)
8704 + {
8705 + int owning_thread = fips_is_owning_thread();
8706 +
8707 + if (fips_started)
8708 + {
8709 + if (!owning_thread) fips_w_lock();
8710 + fips_mode = onoff;
8711 + if (!owning_thread) fips_w_unlock();
8712 + }
8713 + }
8714 +
8715 +int FIPS_module_mode(void)
8716 + {
8717 + int ret = 0;
8718 + int owning_thread = fips_is_owning_thread();
8719 +
8720 + if (fips_started)
8721 + {
8722 + if (!owning_thread) fips_r_lock();
8723 + ret = fips_mode;
8724 + if (!owning_thread) fips_r_unlock();
8725 + }
8726 + return ret;
8727 + }
8728 +
8729 +int FIPS_selftest_failed(void)
8730 + {
8731 + int ret = 0;
8732 + if (fips_started)
8733 + {
8734 + int owning_thread = fips_is_owning_thread();
8735 +
8736 + if (!owning_thread) fips_r_lock();
8737 + ret = fips_selftest_fail;
8738 + if (!owning_thread) fips_r_unlock();
8739 + }
8740 + return ret;
8741 + }
8742 +
8743 +/* Selftest failure fatal exit routine. This will be called
8744 + * during *any* cryptographic operation. It has the minimum
8745 + * overhead possible to avoid too big a performance hit.
8746 + */
8747 +
8748 +void FIPS_selftest_check(void)
8749 + {
8750 + if (fips_selftest_fail)
8751 + {
8752 + OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
8753 + }
8754 + }
8755 +
8756 +void fips_set_selftest_fail(void)
8757 + {
8758 + fips_selftest_fail = 1;
8759 + }
8760 +
8761 +/* we implement what libfipscheck does ourselves */
8762 +
8763 +static int
8764 +get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
8765 +{
8766 + Dl_info info;
8767 + void *dl, *sym;
8768 + int rv = -1;
8769 +
8770 + dl = dlopen(libname, RTLD_LAZY);
8771 + if (dl == NULL) {
8772 + return -1;
8773 + }
8774 +
8775 + sym = dlsym(dl, symbolname);
8776 +
8777 + if (sym != NULL && dladdr(sym, &info)) {
8778 + strncpy(path, info.dli_fname, pathlen-1);
8779 + path[pathlen-1] = '\0';
8780 + rv = 0;
8781 + }
8782 +
8783 + dlclose(dl);
8784 +
8785 + return rv;
8786 +}
8787 +
8788 +static const char conv[] = "0123456789abcdef";
8789 +
8790 +static char *
8791 +bin2hex(void *buf, size_t len)
8792 +{
8793 + char *hex, *p;
8794 + unsigned char *src = buf;
8795 +
8796 + hex = malloc(len * 2 + 1);
8797 + if (hex == NULL)
8798 + return NULL;
8799 +
8800 + p = hex;
8801 +
8802 + while (len > 0) {
8803 + unsigned c;
8804 +
8805 + c = *src;
8806 + src++;
8807 +
8808 + *p = conv[c >> 4];
8809 + ++p;
8810 + *p = conv[c & 0x0f];
8811 + ++p;
8812 + --len;
8813 + }
8814 + *p = '\0';
8815 + return hex;
8816 +}
8817 +
8818 +#define HMAC_PREFIX "."
8819 +#define HMAC_SUFFIX ".hmac"
8820 +#define READ_BUFFER_LENGTH 16384
8821 +
8822 +static char *
8823 +make_hmac_path(const char *origpath)
8824 +{
8825 + char *path, *p;
8826 + const char *fn;
8827 +
8828 + path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath));
8829 + if(path == NULL) {
8830 + return NULL;
8831 + }
8832 +
8833 + fn = strrchr(origpath, '/');
8834 + if (fn == NULL) {
8835 + fn = origpath;
8836 + } else {
8837 + ++fn;
8838 + }
8839 +
8840 + strncpy(path, origpath, fn-origpath);
8841 + p = path + (fn - origpath);
8842 + p = stpcpy(p, HMAC_PREFIX);
8843 + p = stpcpy(p, fn);
8844 + p = stpcpy(p, HMAC_SUFFIX);
8845 +
8846 + return path;
8847 +}
8848 +
8849 +static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
8850 +
8851 +static int
8852 +compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
8853 +{
8854 + FILE *f = NULL;
8855 + int rv = -1;
8856 + unsigned char rbuf[READ_BUFFER_LENGTH];
8857 + size_t len;
8858 + unsigned int hlen;
8859 + HMAC_CTX c;
8860 +
8861 + HMAC_CTX_init(&c);
8862 +
8863 + f = fopen(path, "r");
8864 +
8865 + if (f == NULL) {
8866 + goto end;
8867 + }
8868 +
8869 + HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
8870 +
8871 + while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
8872 + HMAC_Update(&c, rbuf, len);
8873 + }
8874 +
8875 + len = sizeof(rbuf);
8876 + /* reuse rbuf for hmac */
8877 + HMAC_Final(&c, rbuf, &hlen);
8878 +
8879 + *buf = malloc(hlen);
8880 + if (*buf == NULL) {
8881 + goto end;
8882 + }
8883 +
8884 + *hmaclen = hlen;
8885 +
8886 + memcpy(*buf, rbuf, hlen);
8887 +
8888 + rv = 0;
8889 +end:
8890 + HMAC_CTX_cleanup(&c);
8891 +
8892 + if (f)
8893 + fclose(f);
8894 +
8895 + return rv;
8896 +}
8897 +
8898 +static int
8899 +FIPSCHECK_verify(const char *libname, const char *symbolname)
8900 +{
8901 + char path[PATH_MAX+1];
8902 + int rv;
8903 + FILE *hf;
8904 + char *hmacpath, *p;
8905 + char *hmac = NULL;
8906 + size_t n;
8907 +
8908 + rv = get_library_path(libname, symbolname, path, sizeof(path));
8909 +
8910 + if (rv < 0)
8911 + return 0;
8912 +
8913 + hmacpath = make_hmac_path(path);
8914 + if (hmacpath == NULL)
8915 + return 0;
8916 +
8917 + hf = fopen(hmacpath, "r");
8918 + if (hf == NULL) {
8919 + free(hmacpath);
8920 + return 0;
8921 + }
8922 +
8923 + if (getline(&hmac, &n, hf) > 0) {
8924 + void *buf;
8925 + size_t hmaclen;
8926 + char *hex;
8927 +
8928 + if ((p=strchr(hmac, '\n')) != NULL)
8929 + *p = '\0';
8930 +
8931 + if (compute_file_hmac(path, &buf, &hmaclen) < 0) {
8932 + rv = -4;
8933 + goto end;
8934 + }
8935 +
8936 + if ((hex=bin2hex(buf, hmaclen)) == NULL) {
8937 + free(buf);
8938 + rv = -5;
8939 + goto end;
8940 + }
8941 +
8942 + if (strcmp(hex, hmac) != 0) {
8943 + rv = -1;
8944 + }
8945 + free(buf);
8946 + free(hex);
8947 + }
8948 +
8949 +end:
8950 + free(hmac);
8951 + free(hmacpath);
8952 + fclose(hf);
8953 +
8954 + if (rv < 0)
8955 + return 0;
8956 +
8957 + /* check successful */
8958 + return 1;
8959 +}
8960 +
8961 +int FIPS_module_mode_set(int onoff, const char *auth)
8962 + {
8963 + int ret = 0;
8964 +
8965 + fips_w_lock();
8966 + fips_started = 1;
8967 + fips_set_owning_thread();
8968 +
8969 + if(onoff)
8970 + {
8971 +
8972 + fips_selftest_fail = 0;
8973 +
8974 + /* Don't go into FIPS mode twice, just so we can do automagic
8975 + seeding */
8976 + if(FIPS_module_mode())
8977 + {
8978 + FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET);
8979 + fips_selftest_fail = 1;
8980 + ret = 0;
8981 + goto end;
8982 + }
8983 +
8984 +#ifdef OPENSSL_IA32_SSE2
8985 + {
8986 + extern unsigned int OPENSSL_ia32cap_P[2];
8987 + if ((OPENSSL_ia32cap_P[0] & (1<<25|1<<26)) != (1<<25|1<<26))
8988 + {
8989 + FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_UNSUPPORTED_PLATFORM);
8990 + fips_selftest_fail = 1;
8991 + ret = 0;
8992 + goto end;
8993 + }
8994 + OPENSSL_ia32cap_P[0] |= (1<<28); /* set "shared cache" */
8995 + OPENSSL_ia32cap_P[1] &= ~(1<<(60-32)); /* clear AVX */
8996 + }
8997 +#endif
8998 +
8999 + if(!FIPSCHECK_verify("libcrypto.so." SHLIB_VERSION_NUMBER,"FIPS_mode_set"))
9000 + {
9001 + FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
9002 + fips_selftest_fail = 1;
9003 + ret = 0;
9004 + goto end;
9005 + }
9006 +
9007 + if(!FIPSCHECK_verify("libssl.so." SHLIB_VERSION_NUMBER,"SSL_CTX_new"))
9008 + {
9009 + FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
9010 + fips_selftest_fail = 1;
9011 + ret = 0;
9012 + goto end;
9013 + }
9014 +
9015 + if(FIPS_selftest())
9016 + fips_set_mode(onoff);
9017 + else
9018 + {
9019 + fips_selftest_fail = 1;
9020 + ret = 0;
9021 + goto end;
9022 + }
9023 + ret = 1;
9024 + goto end;
9025 + }
9026 + fips_set_mode(0);
9027 + fips_selftest_fail = 0;
9028 + ret = 1;
9029 +end:
9030 + fips_clear_owning_thread();
9031 + fips_w_unlock();
9032 + return ret;
9033 + }
9034 +
9035 +static CRYPTO_THREADID fips_thread;
9036 +static int fips_thread_set = 0;
9037 +
9038 +static int fips_is_owning_thread(void)
9039 + {
9040 + int ret = 0;
9041 +
9042 + if (fips_started)
9043 + {
9044 + CRYPTO_r_lock(CRYPTO_LOCK_FIPS2);
9045 + if (fips_thread_set)
9046 + {
9047 + CRYPTO_THREADID cur;
9048 + CRYPTO_THREADID_current(&cur);
9049 + if (!CRYPTO_THREADID_cmp(&cur, &fips_thread))
9050 + ret = 1;
9051 + }
9052 + CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2);
9053 + }
9054 + return ret;
9055 + }
9056 +
9057 +int fips_set_owning_thread(void)
9058 + {
9059 + int ret = 0;
9060 +
9061 + if (fips_started)
9062 + {
9063 + CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
9064 + if (!fips_thread_set)
9065 + {
9066 + CRYPTO_THREADID_current(&fips_thread);
9067 + ret = 1;
9068 + fips_thread_set = 1;
9069 + }
9070 + CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
9071 + }
9072 + return ret;
9073 + }
9074 +
9075 +int fips_clear_owning_thread(void)
9076 + {
9077 + int ret = 0;
9078 +
9079 + if (fips_started)
9080 + {
9081 + CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
9082 + if (fips_thread_set)
9083 + {
9084 + CRYPTO_THREADID cur;
9085 + CRYPTO_THREADID_current(&cur);
9086 + if (!CRYPTO_THREADID_cmp(&cur, &fips_thread))
9087 + fips_thread_set = 0;
9088 + }
9089 + CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
9090 + }
9091 + return ret;
9092 + }
9093 +
9094 +
9095 +#if 0
9096 +/* The purpose of this is to ensure the error code exists and the function
9097 + * name is to keep the error checking script quiet
9098 + */
9099 +void hash_final(void)
9100 + {
9101 + FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);
9102 + }
9103 +#endif
9104 +
9105 +
9106 +#endif
9107 diff -up openssl-1.0.1b/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_cmac_selftest.c
9108 --- openssl-1.0.1b/crypto/fips/fips_cmac_selftest.c.fips 2012-04-26 18:00:51.401769321 +0200
9109 +++ openssl-1.0.1b/crypto/fips/fips_cmac_selftest.c 2012-04-26 18:00:51.401769321 +0200
9110 @@ -0,0 +1,161 @@
9111 +/* ====================================================================
9112 + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
9113 + *
9114 + * Redistribution and use in source and binary forms, with or without
9115 + * modification, are permitted provided that the following conditions
9116 + * are met:
9117 + *
9118 + * 1. Redistributions of source code must retain the above copyright
9119 + * notice, this list of conditions and the following disclaimer.
9120 + *
9121 + * 2. Redistributions in binary form must reproduce the above copyright
9122 + * notice, this list of conditions and the following disclaimer in
9123 + * the documentation and/or other materials provided with the
9124 + * distribution.
9125 + *
9126 + * 3. All advertising materials mentioning features or use of this
9127 + * software must display the following acknowledgment:
9128 + * "This product includes software developed by the OpenSSL Project
9129 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
9130 + *
9131 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
9132 + * endorse or promote products derived from this software without
9133 + * prior written permission. For written permission, please contact
9134 + * openssl-core@openssl.org.
9135 + *
9136 + * 5. Products derived from this software may not be called "OpenSSL"
9137 + * nor may "OpenSSL" appear in their names without prior written
9138 + * permission of the OpenSSL Project.
9139 + *
9140 + * 6. Redistributions of any form whatsoever must retain the following
9141 + * acknowledgment:
9142 + * "This product includes software developed by the OpenSSL Project
9143 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
9144 + *
9145 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
9146 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
9147 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
9148 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
9149 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
9150 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9151 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
9152 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
9153 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
9154 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
9155 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
9156 + * OF THE POSSIBILITY OF SUCH DAMAGE.
9157 + *
9158 + */
9159 +
9160 +#include <string.h>
9161 +#include <openssl/err.h>
9162 +#include <openssl/fips.h>
9163 +#include <openssl/cmac.h>
9164 +#include "fips_locl.h"
9165 +
9166 +#ifdef OPENSSL_FIPS
9167 +typedef struct {
9168 + int nid;
9169 + const unsigned char key[EVP_MAX_KEY_LENGTH]; size_t keysize;
9170 + const unsigned char msg[64]; size_t msgsize;
9171 + const unsigned char mac[32]; size_t macsize;
9172 +} CMAC_KAT;
9173 +
9174 +/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */
9175 +static const CMAC_KAT vector[] = {
9176 + { NID_aes_128_cbc, /* Count = 32 from CMACGenAES128.txt */
9177 + { 0x77,0xa7,0x7f,0xaf, 0x29,0x0c,0x1f,0xa3,
9178 + 0x0c,0x68,0x3d,0xf1, 0x6b,0xa7,0xa7,0x7b, }, 128,
9179 + { 0x02,0x06,0x83,0xe1, 0xf0,0x39,0x2f,0x4c,
9180 + 0xac,0x54,0x31,0x8b, 0x60,0x29,0x25,0x9e,
9181 + 0x9c,0x55,0x3d,0xbc, 0x4b,0x6a,0xd9,0x98,
9182 + 0xe6,0x4d,0x58,0xe4, 0xe7,0xdc,0x2e,0x13, }, 256,
9183 + { 0xfb,0xfe,0xa4,0x1b, }, 32
9184 + },
9185 + { NID_aes_192_cbc, /* Count = 23 from CMACGenAES192.txt */
9186 + { 0x7b,0x32,0x39,0x13, 0x69,0xaa,0x4c,0xa9,
9187 + 0x75,0x58,0x09,0x5b, 0xe3,0xc3,0xec,0x86,
9188 + 0x2b,0xd0,0x57,0xce, 0xf1,0xe3,0x2d,0x62, }, 192,
9189 + { 0x0 }, 0,
9190 + { 0xe4,0xd9,0x34,0x0b, 0x03,0xe6,0x7d,0xef,
9191 + 0xd4,0x96,0x9c,0xc1, 0xed,0x37,0x35,0xe6, }, 128,
9192 + },
9193 + { NID_aes_256_cbc, /* Count = 33 from CMACGenAES256.txt */
9194 + { 0x0b,0x12,0x2a,0xc8, 0xf3,0x4e,0xd1,0xfe,
9195 + 0x08,0x2a,0x36,0x25, 0xd1,0x57,0x56,0x14,
9196 + 0x54,0x16,0x7a,0xc1, 0x45,0xa1,0x0b,0xbf,
9197 + 0x77,0xc6,0xa7,0x05, 0x96,0xd5,0x74,0xf1, }, 256,
9198 + { 0x49,0x8b,0x53,0xfd, 0xec,0x87,0xed,0xcb,
9199 + 0xf0,0x70,0x97,0xdc, 0xcd,0xe9,0x3a,0x08,
9200 + 0x4b,0xad,0x75,0x01, 0xa2,0x24,0xe3,0x88,
9201 + 0xdf,0x34,0x9c,0xe1, 0x89,0x59,0xfe,0x84,
9202 + 0x85,0xf8,0xad,0x15, 0x37,0xf0,0xd8,0x96,
9203 + 0xea,0x73,0xbe,0xdc, 0x72,0x14,0x71,0x3f, }, 384,
9204 + { 0xf6,0x2c,0x46,0x32, 0x9b, }, 40,
9205 + },
9206 + { NID_des_ede3_cbc, /* Count = 41 from CMACGenTDES3.req */
9207 + { 0x89,0xbc,0xd9,0x52, 0xa8,0xc8,0xab,0x37,
9208 + 0x1a,0xf4,0x8a,0xc7, 0xd0,0x70,0x85,0xd5,
9209 + 0xef,0xf7,0x02,0xe6, 0xd6,0x2c,0xdc,0x23, }, 192,
9210 + { 0xfa,0x62,0x0c,0x1b, 0xbe,0x97,0x31,0x9e,
9211 + 0x9a,0x0c,0xf0,0x49, 0x21,0x21,0xf7,0xa2,
9212 + 0x0e,0xb0,0x8a,0x6a, 0x70,0x9d,0xcb,0xd0,
9213 + 0x0a,0xaf,0x38,0xe4, 0xf9,0x9e,0x75,0x4e, }, 256,
9214 + { 0x8f,0x49,0xa1,0xb7, 0xd6,0xaa,0x22,0x58, }, 64,
9215 + },
9216 +};
9217 +
9218 +int FIPS_selftest_cmac()
9219 + {
9220 + size_t n, outlen;
9221 + unsigned char out[32];
9222 + const EVP_CIPHER *cipher;
9223 + CMAC_CTX *ctx = CMAC_CTX_new();
9224 + const CMAC_KAT *t;
9225 + int rv = 1;
9226 +
9227 + for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
9228 + {
9229 + cipher = FIPS_get_cipherbynid(t->nid);
9230 + if (!cipher)
9231 + {
9232 + rv = -1;
9233 + goto err;
9234 + }
9235 + if (!CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0))
9236 + {
9237 + rv = -1;
9238 + goto err;
9239 + }
9240 + if (!CMAC_Update(ctx, t->msg, t->msgsize/8))
9241 + {
9242 + rv = -1;
9243 + goto err;
9244 + }
9245 +
9246 + if (!CMAC_Final(ctx, out, &outlen))
9247 + {
9248 + rv = -1;
9249 + goto err;
9250 + }
9251 + CMAC_CTX_cleanup(ctx);
9252 +
9253 + if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))
9254 + {
9255 + rv = 0;
9256 + }
9257 + }
9258 +
9259 + err:
9260 + CMAC_CTX_free(ctx);
9261 +
9262 + if (rv == -1)
9263 + {
9264 + rv = 0;
9265 + }
9266 + if (!rv)
9267 + FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
9268 +
9269 + return rv;
9270 + }
9271 +#endif
9272 diff -up openssl-1.0.1b/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_des_selftest.c
9273 --- openssl-1.0.1b/crypto/fips/fips_des_selftest.c.fips 2012-04-26 18:00:51.401769321 +0200
9274 +++ openssl-1.0.1b/crypto/fips/fips_des_selftest.c 2012-04-26 18:00:51.401769321 +0200
9275 @@ -0,0 +1,147 @@
9276 +/* ====================================================================
9277 + * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
9278 + *
9279 + * Redistribution and use in source and binary forms, with or without
9280 + * modification, are permitted provided that the following conditions
9281 + * are met:
9282 + *
9283 + * 1. Redistributions of source code must retain the above copyright
9284 + * notice, this list of conditions and the following disclaimer.
9285 + *
9286 + * 2. Redistributions in binary form must reproduce the above copyright
9287 + * notice, this list of conditions and the following disclaimer in
9288 + * the documentation and/or other materials provided with the
9289 + * distribution.
9290 + *
9291 + * 3. All advertising materials mentioning features or use of this
9292 + * software must display the following acknowledgment:
9293 + * "This product includes software developed by the OpenSSL Project
9294 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
9295 + *
9296 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
9297 + * endorse or promote products derived from this software without
9298 + * prior written permission. For written permission, please contact
9299 + * openssl-core@openssl.org.
9300 + *
9301 + * 5. Products derived from this software may not be called "OpenSSL"
9302 + * nor may "OpenSSL" appear in their names without prior written
9303 + * permission of the OpenSSL Project.
9304 + *
9305 + * 6. Redistributions of any form whatsoever must retain the following
9306 + * acknowledgment:
9307 + * "This product includes software developed by the OpenSSL Project
9308 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
9309 + *
9310 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
9311 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
9312 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
9313 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
9314 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
9315 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9316 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
9317 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
9318 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
9319 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
9320 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
9321 + * OF THE POSSIBILITY OF SUCH DAMAGE.
9322 + *
9323 + */
9324 +
9325 +#include <string.h>
9326 +#include <openssl/err.h>
9327 +#ifdef OPENSSL_FIPS
9328 +#include <openssl/fips.h>
9329 +#endif
9330 +#include <openssl/evp.h>
9331 +#include <openssl/opensslconf.h>
9332 +
9333 +#ifdef OPENSSL_FIPS
9334 +
9335 +static const struct
9336 + {
9337 + const unsigned char key[16];
9338 + const unsigned char plaintext[8];
9339 + const unsigned char ciphertext[8];
9340 + } tests2[]=
9341 + {
9342 + {
9343 + { 0x7c,0x4f,0x6e,0xf7,0xa2,0x04,0x16,0xec,
9344 + 0x0b,0x6b,0x7c,0x9e,0x5e,0x19,0xa7,0xc4 },
9345 + { 0x06,0xa7,0xd8,0x79,0xaa,0xce,0x69,0xef },
9346 + { 0x4c,0x11,0x17,0x55,0xbf,0xc4,0x4e,0xfd }
9347 + },
9348 + {
9349 + { 0x5d,0x9e,0x01,0xd3,0x25,0xc7,0x3e,0x34,
9350 + 0x01,0x16,0x7c,0x85,0x23,0xdf,0xe0,0x68 },
9351 + { 0x9c,0x50,0x09,0x0f,0x5e,0x7d,0x69,0x7e },
9352 + { 0xd2,0x0b,0x18,0xdf,0xd9,0x0d,0x9e,0xff },
9353 + }
9354 + };
9355 +
9356 +static const struct
9357 + {
9358 + const unsigned char key[24];
9359 + const unsigned char plaintext[8];
9360 + const unsigned char ciphertext[8];
9361 + } tests3[]=
9362 + {
9363 + {
9364 + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
9365 + 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
9366 + 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 },
9367 + { 0x8f,0x8f,0xbf,0x9b,0x5d,0x48,0xb4,0x1c },
9368 + { 0x59,0x8c,0xe5,0xd3,0x6c,0xa2,0xea,0x1b },
9369 + },
9370 + {
9371 + { 0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE,
9372 + 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
9373 + 0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
9374 + { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
9375 + { 0x11,0x25,0xb0,0x35,0xbe,0xa0,0x82,0x86 },
9376 + },
9377 + };
9378 +
9379 +
9380 +static int corrupt_des;
9381 +
9382 +void FIPS_corrupt_des()
9383 + {
9384 + corrupt_des = 1;
9385 + }
9386 +
9387 +int FIPS_selftest_des()
9388 + {
9389 + int n, ret = 0;
9390 + EVP_CIPHER_CTX ctx;
9391 + EVP_CIPHER_CTX_init(&ctx);
9392 + /* Encrypt/decrypt with 2-key 3DES and compare to known answers */
9393 + for(n=0 ; n < 2 ; ++n)
9394 + {
9395 + unsigned char plaintext[8];
9396 +
9397 + memcpy(plaintext, tests2[n].plaintext, sizeof(plaintext));
9398 + if (corrupt_des)
9399 + plaintext[0]++;
9400 + if (!fips_cipher_test(&ctx, EVP_des_ede_ecb(),
9401 + tests2[n].key, NULL,
9402 + plaintext, tests2[n].ciphertext, 8))
9403 + goto err;
9404 + }
9405 +
9406 + /* Encrypt/decrypt with 3DES and compare to known answers */
9407 + for(n=0 ; n < 2 ; ++n)
9408 + {
9409 + if (!fips_cipher_test(&ctx, EVP_des_ede3_ecb(),
9410 + tests3[n].key, NULL,
9411 + tests3[n].plaintext, tests3[n].ciphertext, 8))
9412 + goto err;
9413 + }
9414 + ret = 1;
9415 + err:
9416 + EVP_CIPHER_CTX_cleanup(&ctx);
9417 + if (ret == 0)
9418 + FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
9419 +
9420 + return ret;
9421 + }
9422 +#endif
9423 diff -up openssl-1.0.1b/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_ctr.c
9424 --- openssl-1.0.1b/crypto/fips/fips_drbg_ctr.c.fips 2012-04-26 18:00:51.401769321 +0200
9425 +++ openssl-1.0.1b/crypto/fips/fips_drbg_ctr.c 2012-04-26 18:00:51.402769343 +0200
9426 @@ -0,0 +1,436 @@
9427 +/* fips/rand/fips_drbg_ctr.c */
9428 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
9429 + * project.
9430 + */
9431 +/* ====================================================================
9432 + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
9433 + *
9434 + * Redistribution and use in source and binary forms, with or without
9435 + * modification, are permitted provided that the following conditions
9436 + * are met:
9437 + *
9438 + * 1. Redistributions of source code must retain the above copyright
9439 + * notice, this list of conditions and the following disclaimer.
9440 + *
9441 + * 2. Redistributions in binary form must reproduce the above copyright
9442 + * notice, this list of conditions and the following disclaimer in
9443 + * the documentation and/or other materials provided with the
9444 + * distribution.
9445 + *
9446 + * 3. All advertising materials mentioning features or use of this
9447 + * software must display the following acknowledgment:
9448 + * "This product includes software developed by the OpenSSL Project
9449 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
9450 + *
9451 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
9452 + * endorse or promote products derived from this software without
9453 + * prior written permission. For written permission, please contact
9454 + * licensing@OpenSSL.org.
9455 + *
9456 + * 5. Products derived from this software may not be called "OpenSSL"
9457 + * nor may "OpenSSL" appear in their names without prior written
9458 + * permission of the OpenSSL Project.
9459 + *
9460 + * 6. Redistributions of any form whatsoever must retain the following
9461 + * acknowledgment:
9462 + * "This product includes software developed by the OpenSSL Project
9463 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
9464 + *
9465 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
9466 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
9467 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
9468 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
9469 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
9470 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9471 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
9472 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
9473 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
9474 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
9475 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
9476 + * OF THE POSSIBILITY OF SUCH DAMAGE.
9477 + * ====================================================================
9478 + */
9479 +
9480 +#include <stdlib.h>
9481 +#include <string.h>
9482 +#include <openssl/crypto.h>
9483 +#include <openssl/fips.h>
9484 +#include <openssl/fips_rand.h>
9485 +#include "fips_rand_lcl.h"
9486 +
9487 +static void inc_128(DRBG_CTR_CTX *cctx)
9488 + {
9489 + int i;
9490 + unsigned char c;
9491 + unsigned char *p = cctx->V + 15;
9492 + for (i = 0; i < 16; i++)
9493 + {
9494 + c = *p;
9495 + c++;
9496 + *p = c;
9497 + if (c)
9498 + return;
9499 + p--;
9500 + }
9501 + }
9502 +
9503 +static void ctr_XOR(DRBG_CTR_CTX *cctx, const unsigned char *in, size_t inlen)
9504 + {
9505 + size_t i, n;
9506 + /* Any zero padding will have no effect on the result as we
9507 + * are XORing. So just process however much input we have.
9508 + */
9509 +
9510 + if (!in || !inlen)
9511 + return;
9512 +
9513 + if (inlen < cctx->keylen)
9514 + n = inlen;
9515 + else
9516 + n = cctx->keylen;
9517 +
9518 + for (i = 0; i < n; i++)
9519 + cctx->K[i] ^= in[i];
9520 + if (inlen <= cctx->keylen)
9521 + return;
9522 +
9523 + n = inlen - cctx->keylen;
9524 + /* Should never happen */
9525 + if (n > 16)
9526 + n = 16;
9527 + for (i = 0; i < 16; i++)
9528 + cctx->V[i] ^= in[i + cctx->keylen];
9529 + }
9530 +
9531 +/* Process a complete block using BCC algorithm of SPP 800-90 10.4.3 */
9532 +
9533 +static void ctr_BCC_block(DRBG_CTR_CTX *cctx, unsigned char *out,
9534 + const unsigned char *in)
9535 + {
9536 + int i;
9537 + for (i = 0; i < 16; i++)
9538 + out[i] ^= in[i];
9539 + AES_encrypt(out, out, &cctx->df_ks);
9540 +#if 0
9541 +fprintf(stderr, "BCC in+out\n");
9542 +BIO_dump_fp(stderr, in, 16);
9543 +BIO_dump_fp(stderr, out, 16);
9544 +#endif
9545 + }
9546 +
9547 +/* Handle several BCC operations for as much data as we need for K and X */
9548 +static void ctr_BCC_blocks(DRBG_CTR_CTX *cctx, const unsigned char *in)
9549 + {
9550 + ctr_BCC_block(cctx, cctx->KX, in);
9551 + ctr_BCC_block(cctx, cctx->KX + 16, in);
9552 + if (cctx->keylen != 16)
9553 + ctr_BCC_block(cctx, cctx->KX + 32, in);
9554 + }
9555 +/* Initialise BCC blocks: these have the value 0,1,2 in leftmost positions:
9556 + * see 10.4.2 stage 7.
9557 + */
9558 +static void ctr_BCC_init(DRBG_CTR_CTX *cctx)
9559 + {
9560 + memset(cctx->KX, 0, 48);
9561 + memset(cctx->bltmp, 0, 16);
9562 + ctr_BCC_block(cctx, cctx->KX, cctx->bltmp);
9563 + cctx->bltmp[3] = 1;
9564 + ctr_BCC_block(cctx, cctx->KX + 16, cctx->bltmp);
9565 + if (cctx->keylen != 16)
9566 + {
9567 + cctx->bltmp[3] = 2;
9568 + ctr_BCC_block(cctx, cctx->KX + 32, cctx->bltmp);
9569 + }
9570 + }
9571 +
9572 +/* Process several blocks into BCC algorithm, some possibly partial */
9573 +static void ctr_BCC_update(DRBG_CTR_CTX *cctx,
9574 + const unsigned char *in, size_t inlen)
9575 + {
9576 + if (!in || !inlen)
9577 + return;
9578 + /* If we have partial block handle it first */
9579 + if (cctx->bltmp_pos)
9580 + {
9581 + size_t left = 16 - cctx->bltmp_pos;
9582 + /* If we now have a complete block process it */
9583 + if (inlen >= left)
9584 + {
9585 + memcpy(cctx->bltmp + cctx->bltmp_pos, in, left);
9586 + ctr_BCC_blocks(cctx, cctx->bltmp);
9587 + cctx->bltmp_pos = 0;
9588 + inlen -= left;
9589 + in += left;
9590 + }
9591 + }
9592 + /* Process zero or more complete blocks */
9593 + while (inlen >= 16)
9594 + {
9595 + ctr_BCC_blocks(cctx, in);
9596 + in += 16;
9597 + inlen -= 16;
9598 + }
9599 + /* Copy any remaining partial block to the temporary buffer */
9600 + if (inlen > 0)
9601 + {
9602 + memcpy(cctx->bltmp + cctx->bltmp_pos, in, inlen);
9603 + cctx->bltmp_pos += inlen;
9604 + }
9605 + }
9606 +
9607 +static void ctr_BCC_final(DRBG_CTR_CTX *cctx)
9608 + {
9609 + if (cctx->bltmp_pos)
9610 + {
9611 + memset(cctx->bltmp + cctx->bltmp_pos, 0, 16 - cctx->bltmp_pos);
9612 + ctr_BCC_blocks(cctx, cctx->bltmp);
9613 + }
9614 + }
9615 +
9616 +static void ctr_df(DRBG_CTR_CTX *cctx,
9617 + const unsigned char *in1, size_t in1len,
9618 + const unsigned char *in2, size_t in2len,
9619 + const unsigned char *in3, size_t in3len)
9620 + {
9621 + size_t inlen;
9622 + unsigned char *p = cctx->bltmp;
9623 + static unsigned char c80 = 0x80;
9624 +
9625 + ctr_BCC_init(cctx);
9626 + if (!in1)
9627 + in1len = 0;
9628 + if (!in2)
9629 + in2len = 0;
9630 + if (!in3)
9631 + in3len = 0;
9632 + inlen = in1len + in2len + in3len;
9633 + /* Initialise L||N in temporary block */
9634 + *p++ = (inlen >> 24) & 0xff;
9635 + *p++ = (inlen >> 16) & 0xff;
9636 + *p++ = (inlen >> 8) & 0xff;
9637 + *p++ = inlen & 0xff;
9638 + /* NB keylen is at most 32 bytes */
9639 + *p++ = 0;
9640 + *p++ = 0;
9641 + *p++ = 0;
9642 + *p = (unsigned char)((cctx->keylen + 16) & 0xff);
9643 + cctx->bltmp_pos = 8;
9644 + ctr_BCC_update(cctx, in1, in1len);
9645 + ctr_BCC_update(cctx, in2, in2len);
9646 + ctr_BCC_update(cctx, in3, in3len);
9647 + ctr_BCC_update(cctx, &c80, 1);
9648 + ctr_BCC_final(cctx);
9649 + /* Set up key K */
9650 + AES_set_encrypt_key(cctx->KX, cctx->keylen * 8, &cctx->df_kxks);
9651 + /* X follows key K */
9652 + AES_encrypt(cctx->KX + cctx->keylen, cctx->KX, &cctx->df_kxks);
9653 + AES_encrypt(cctx->KX, cctx->KX + 16, &cctx->df_kxks);
9654 + if (cctx->keylen != 16)
9655 + AES_encrypt(cctx->KX + 16, cctx->KX + 32, &cctx->df_kxks);
9656 +#if 0
9657 +fprintf(stderr, "Output of ctr_df:\n");
9658 +BIO_dump_fp(stderr, cctx->KX, cctx->keylen + 16);
9659 +#endif
9660 + }
9661 +
9662 +/* NB the no-df Update in SP800-90 specifies a constant input length
9663 + * of seedlen, however other uses of this algorithm pad the input with
9664 + * zeroes if necessary and have up to two parameters XORed together,
9665 + * handle both cases in this function instead.
9666 + */
9667 +
9668 +static void ctr_Update(DRBG_CTX *dctx,
9669 + const unsigned char *in1, size_t in1len,
9670 + const unsigned char *in2, size_t in2len,
9671 + const unsigned char *nonce, size_t noncelen)
9672 + {
9673 + DRBG_CTR_CTX *cctx = &dctx->d.ctr;
9674 + /* ks is already setup for correct key */
9675 + inc_128(cctx);
9676 + AES_encrypt(cctx->V, cctx->K, &cctx->ks);
9677 + /* If keylen longer than 128 bits need extra encrypt */
9678 + if (cctx->keylen != 16)
9679 + {
9680 + inc_128(cctx);
9681 + AES_encrypt(cctx->V, cctx->K + 16, &cctx->ks);
9682 + }
9683 + inc_128(cctx);
9684 + AES_encrypt(cctx->V, cctx->V, &cctx->ks);
9685 + /* If 192 bit key part of V is on end of K */
9686 + if (cctx->keylen == 24)
9687 + {
9688 + memcpy(cctx->V + 8, cctx->V, 8);
9689 + memcpy(cctx->V, cctx->K + 24, 8);
9690 + }
9691 +
9692 + if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
9693 + {
9694 + /* If no input reuse existing derived value */
9695 + if (in1 || nonce || in2)
9696 + ctr_df(cctx, in1, in1len, nonce, noncelen, in2, in2len);
9697 + /* If this a reuse input in1len != 0 */
9698 + if (in1len)
9699 + ctr_XOR(cctx, cctx->KX, dctx->seedlen);
9700 + }
9701 + else
9702 + {
9703 + ctr_XOR(cctx, in1, in1len);
9704 + ctr_XOR(cctx, in2, in2len);
9705 + }
9706 +
9707 + AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
9708 +#if 0
9709 +fprintf(stderr, "K+V after update is:\n");
9710 +BIO_dump_fp(stderr, cctx->K, cctx->keylen);
9711 +BIO_dump_fp(stderr, cctx->V, 16);
9712 +#endif
9713 + }
9714 +
9715 +static int drbg_ctr_instantiate(DRBG_CTX *dctx,
9716 + const unsigned char *ent, size_t entlen,
9717 + const unsigned char *nonce, size_t noncelen,
9718 + const unsigned char *pers, size_t perslen)
9719 + {
9720 + DRBG_CTR_CTX *cctx = &dctx->d.ctr;
9721 + memset(cctx->K, 0, sizeof(cctx->K));
9722 + memset(cctx->V, 0, sizeof(cctx->V));
9723 + AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
9724 + ctr_Update(dctx, ent, entlen, pers, perslen, nonce, noncelen);
9725 + return 1;
9726 + }
9727 +
9728 +static int drbg_ctr_reseed(DRBG_CTX *dctx,
9729 + const unsigned char *ent, size_t entlen,
9730 + const unsigned char *adin, size_t adinlen)
9731 + {
9732 + ctr_Update(dctx, ent, entlen, adin, adinlen, NULL, 0);
9733 + return 1;
9734 + }
9735 +
9736 +static int drbg_ctr_generate(DRBG_CTX *dctx,
9737 + unsigned char *out, size_t outlen,
9738 + const unsigned char *adin, size_t adinlen)
9739 + {
9740 + DRBG_CTR_CTX *cctx = &dctx->d.ctr;
9741 + if (adin && adinlen)
9742 + {
9743 + ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
9744 + /* This means we reuse derived value */
9745 + if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
9746 + {
9747 + adin = NULL;
9748 + adinlen = 1;
9749 + }
9750 + }
9751 + else
9752 + adinlen = 0;
9753 +
9754 + for (;;)
9755 + {
9756 + inc_128(cctx);
9757 + if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
9758 + {
9759 + AES_encrypt(cctx->V, dctx->lb, &cctx->ks);
9760 + dctx->lb_valid = 1;
9761 + continue;
9762 + }
9763 + if (outlen < 16)
9764 + {
9765 + /* Use K as temp space as it will be updated */
9766 + AES_encrypt(cctx->V, cctx->K, &cctx->ks);
9767 + if (!fips_drbg_cprng_test(dctx, cctx->K))
9768 + return 0;
9769 + memcpy(out, cctx->K, outlen);
9770 + break;
9771 + }
9772 + AES_encrypt(cctx->V, out, &cctx->ks);
9773 + if (!fips_drbg_cprng_test(dctx, out))
9774 + return 0;
9775 + out += 16;
9776 + outlen -= 16;
9777 + if (outlen == 0)
9778 + break;
9779 + }
9780 +
9781 + ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
9782 +
9783 + return 1;
9784 +
9785 + }
9786 +
9787 +static int drbg_ctr_uninstantiate(DRBG_CTX *dctx)
9788 + {
9789 + memset(&dctx->d.ctr, 0, sizeof(DRBG_CTR_CTX));
9790 + return 1;
9791 + }
9792 +
9793 +int fips_drbg_ctr_init(DRBG_CTX *dctx)
9794 + {
9795 + DRBG_CTR_CTX *cctx = &dctx->d.ctr;
9796 +
9797 + size_t keylen;
9798 +
9799 + switch (dctx->type)
9800 + {
9801 + case NID_aes_128_ctr:
9802 + keylen = 16;
9803 + break;
9804 +
9805 + case NID_aes_192_ctr:
9806 + keylen = 24;
9807 + break;
9808 +
9809 + case NID_aes_256_ctr:
9810 + keylen = 32;
9811 + break;
9812 +
9813 + default:
9814 + return -2;
9815 + }
9816 +
9817 + dctx->instantiate = drbg_ctr_instantiate;
9818 + dctx->reseed = drbg_ctr_reseed;
9819 + dctx->generate = drbg_ctr_generate;
9820 + dctx->uninstantiate = drbg_ctr_uninstantiate;
9821 +
9822 + cctx->keylen = keylen;
9823 + dctx->strength = keylen * 8;
9824 + dctx->blocklength = 16;
9825 + dctx->seedlen = keylen + 16;
9826 +
9827 + if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
9828 + {
9829 + /* df initialisation */
9830 + static unsigned char df_key[32] =
9831 + {
9832 + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
9833 + 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
9834 + 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
9835 + 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f
9836 + };
9837 + /* Set key schedule for df_key */
9838 + AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks);
9839 +
9840 + dctx->min_entropy = cctx->keylen;
9841 + dctx->max_entropy = DRBG_MAX_LENGTH;
9842 + dctx->min_nonce = dctx->min_entropy / 2;
9843 + dctx->max_nonce = DRBG_MAX_LENGTH;
9844 + dctx->max_pers = DRBG_MAX_LENGTH;
9845 + dctx->max_adin = DRBG_MAX_LENGTH;
9846 + }
9847 + else
9848 + {
9849 + dctx->min_entropy = dctx->seedlen;
9850 + dctx->max_entropy = dctx->seedlen;
9851 + /* Nonce not used */
9852 + dctx->min_nonce = 0;
9853 + dctx->max_nonce = 0;
9854 + dctx->max_pers = dctx->seedlen;
9855 + dctx->max_adin = dctx->seedlen;
9856 + }
9857 +
9858 + dctx->max_request = 1<<16;
9859 + dctx->reseed_interval = 1<<24;
9860 +
9861 + return 1;
9862 + }
9863 diff -up openssl-1.0.1b/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_hash.c
9864 --- openssl-1.0.1b/crypto/fips/fips_drbg_hash.c.fips 2012-04-26 18:00:51.402769343 +0200
9865 +++ openssl-1.0.1b/crypto/fips/fips_drbg_hash.c 2012-04-26 18:00:51.402769343 +0200
9866 @@ -0,0 +1,378 @@
9867 +/* fips/rand/fips_drbg_hash.c */
9868 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
9869 + * project.
9870 + */
9871 +/* ====================================================================
9872 + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
9873 + *
9874 + * Redistribution and use in source and binary forms, with or without
9875 + * modification, are permitted provided that the following conditions
9876 + * are met:
9877 + *
9878 + * 1. Redistributions of source code must retain the above copyright
9879 + * notice, this list of conditions and the following disclaimer.
9880 + *
9881 + * 2. Redistributions in binary form must reproduce the above copyright
9882 + * notice, this list of conditions and the following disclaimer in
9883 + * the documentation and/or other materials provided with the
9884 + * distribution.
9885 + *
9886 + * 3. All advertising materials mentioning features or use of this
9887 + * software must display the following acknowledgment:
9888 + * "This product includes software developed by the OpenSSL Project
9889 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
9890 + *
9891 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
9892 + * endorse or promote products derived from this software without
9893 + * prior written permission. For written permission, please contact
9894 + * licensing@OpenSSL.org.
9895 + *
9896 + * 5. Products derived from this software may not be called "OpenSSL"
9897 + * nor may "OpenSSL" appear in their names without prior written
9898 + * permission of the OpenSSL Project.
9899 + *
9900 + * 6. Redistributions of any form whatsoever must retain the following
9901 + * acknowledgment:
9902 + * "This product includes software developed by the OpenSSL Project
9903 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
9904 + *
9905 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
9906 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
9907 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
9908 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
9909 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
9910 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9911 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
9912 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
9913 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
9914 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
9915 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
9916 + * OF THE POSSIBILITY OF SUCH DAMAGE.
9917 + * ====================================================================
9918 + */
9919 +
9920 +#define OPENSSL_FIPSAPI
9921 +
9922 +#include <stdlib.h>
9923 +#include <string.h>
9924 +#include <openssl/crypto.h>
9925 +#include <openssl/fips.h>
9926 +#include <openssl/fips_rand.h>
9927 +#include "fips_rand_lcl.h"
9928 +
9929 +/* This is Hash_df from SP 800-90 10.4.1 */
9930 +
9931 +static int hash_df(DRBG_CTX *dctx, unsigned char *out,
9932 + const unsigned char *in1, size_t in1len,
9933 + const unsigned char *in2, size_t in2len,
9934 + const unsigned char *in3, size_t in3len,
9935 + const unsigned char *in4, size_t in4len)
9936 + {
9937 + EVP_MD_CTX *mctx = &dctx->d.hash.mctx;
9938 + unsigned char *vtmp = dctx->d.hash.vtmp;
9939 + unsigned char tmp[6];
9940 + /* Standard only ever needs seedlen bytes which is always less than
9941 + * maximum permitted so no need to check length.
9942 + */
9943 + size_t outlen = dctx->seedlen;
9944 + tmp[0] = 1;
9945 + tmp[1] = ((outlen * 8) >> 24) & 0xff;
9946 + tmp[2] = ((outlen * 8) >> 16) & 0xff;
9947 + tmp[3] = ((outlen * 8) >> 8) & 0xff;
9948 + tmp[4] = (outlen * 8) & 0xff;
9949 + if (!in1)
9950 + {
9951 + tmp[5] = (unsigned char)in1len;
9952 + in1 = tmp + 5;
9953 + in1len = 1;
9954 + }
9955 + for (;;)
9956 + {
9957 + if (!FIPS_digestinit(mctx, dctx->d.hash.md))
9958 + return 0;
9959 + if (!FIPS_digestupdate(mctx, tmp, 5))
9960 + return 0;
9961 + if (in1 && !FIPS_digestupdate(mctx, in1, in1len))
9962 + return 0;
9963 + if (in2 && !FIPS_digestupdate(mctx, in2, in2len))
9964 + return 0;
9965 + if (in3 && !FIPS_digestupdate(mctx, in3, in3len))
9966 + return 0;
9967 + if (in4 && !FIPS_digestupdate(mctx, in4, in4len))
9968 + return 0;
9969 + if (outlen < dctx->blocklength)
9970 + {
9971 + if (!FIPS_digestfinal(mctx, vtmp, NULL))
9972 + return 0;
9973 + memcpy(out, vtmp, outlen);
9974 + OPENSSL_cleanse(vtmp, dctx->blocklength);
9975 + return 1;
9976 + }
9977 + else if(!FIPS_digestfinal(mctx, out, NULL))
9978 + return 0;
9979 +
9980 + outlen -= dctx->blocklength;
9981 + if (outlen == 0)
9982 + return 1;
9983 + tmp[0]++;
9984 + out += dctx->blocklength;
9985 + }
9986 + }
9987 +
9988 +
9989 +/* Add an unsigned buffer to the buf value, storing the result in buf. For
9990 + * this algorithm the length of input never exceeds the seed length.
9991 + */
9992 +
9993 +static void ctx_add_buf(DRBG_CTX *dctx, unsigned char *buf,
9994 + unsigned char *in, size_t inlen)
9995 + {
9996 + size_t i = inlen;
9997 + const unsigned char *q;
9998 + unsigned char c, *p;
9999 + p = buf + dctx->seedlen;
10000 + q = in + inlen;
10001 +
10002 + OPENSSL_assert(i <= dctx->seedlen);
10003 +
10004 + /* Special case: zero length, just increment buffer */
10005 + if (i)
10006 + c = 0;
10007 + else
10008 + c = 1;
10009 +
10010 + while (i)
10011 + {
10012 + int r;
10013 + p--;
10014 + q--;
10015 + r = *p + *q + c;
10016 + /* Carry */
10017 + if (r > 0xff)
10018 + c = 1;
10019 + else
10020 + c = 0;
10021 + *p = r & 0xff;
10022 + i--;
10023 + }
10024 +
10025 + i = dctx->seedlen - inlen;
10026 +
10027 + /* If not adding whole buffer handle final carries */
10028 + if (c && i)
10029 + {
10030 + do
10031 + {
10032 + p--;
10033 + c = *p;
10034 + c++;
10035 + *p = c;
10036 + if(c)
10037 + return;
10038 + } while(i--);
10039 + }
10040 + }
10041 +
10042 +/* Finalise and add hash to V */
10043 +
10044 +static int ctx_add_md(DRBG_CTX *dctx)
10045 + {
10046 + if (!FIPS_digestfinal(&dctx->d.hash.mctx, dctx->d.hash.vtmp, NULL))
10047 + return 0;
10048 + ctx_add_buf(dctx, dctx->d.hash.V, dctx->d.hash.vtmp, dctx->blocklength);
10049 + return 1;
10050 + }
10051 +
10052 +static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
10053 + {
10054 + DRBG_HASH_CTX *hctx = &dctx->d.hash;
10055 + if (outlen == 0)
10056 + return 1;
10057 + memcpy(hctx->vtmp, hctx->V, dctx->seedlen);
10058 + for(;;)
10059 + {
10060 + FIPS_digestinit(&hctx->mctx, hctx->md);
10061 + FIPS_digestupdate(&hctx->mctx, hctx->vtmp, dctx->seedlen);
10062 + if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
10063 + {
10064 + FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL);
10065 + dctx->lb_valid = 1;
10066 + }
10067 + else if (outlen < dctx->blocklength)
10068 + {
10069 + FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL);
10070 + if (!fips_drbg_cprng_test(dctx, hctx->vtmp))
10071 + return 0;
10072 + memcpy(out, hctx->vtmp, outlen);
10073 + return 1;
10074 + }
10075 + else
10076 + {
10077 + FIPS_digestfinal(&hctx->mctx, out, NULL);
10078 + if (!fips_drbg_cprng_test(dctx, out))
10079 + return 0;
10080 + outlen -= dctx->blocklength;
10081 + if (outlen == 0)
10082 + return 1;
10083 + out += dctx->blocklength;
10084 + }
10085 + ctx_add_buf(dctx, hctx->vtmp, NULL, 0);
10086 + }
10087 + }
10088 +
10089 +static int drbg_hash_instantiate(DRBG_CTX *dctx,
10090 + const unsigned char *ent, size_t ent_len,
10091 + const unsigned char *nonce, size_t nonce_len,
10092 + const unsigned char *pstr, size_t pstr_len)
10093 + {
10094 + DRBG_HASH_CTX *hctx = &dctx->d.hash;
10095 + if (!hash_df(dctx, hctx->V,
10096 + ent, ent_len, nonce, nonce_len, pstr, pstr_len,
10097 + NULL, 0))
10098 + return 0;
10099 + if (!hash_df(dctx, hctx->C,
10100 + NULL, 0, hctx->V, dctx->seedlen,
10101 + NULL, 0, NULL, 0))
10102 + return 0;
10103 +
10104 +#ifdef HASH_DRBG_TRACE
10105 + fprintf(stderr, "V+C after instantiate:\n");
10106 + hexprint(stderr, hctx->V, dctx->seedlen);
10107 + hexprint(stderr, hctx->C, dctx->seedlen);
10108 +#endif
10109 + return 1;
10110 + }
10111 +
10112 +
10113 +static int drbg_hash_reseed(DRBG_CTX *dctx,
10114 + const unsigned char *ent, size_t ent_len,
10115 + const unsigned char *adin, size_t adin_len)
10116 + {
10117 + DRBG_HASH_CTX *hctx = &dctx->d.hash;
10118 + /* V about to be updated so use C as output instead */
10119 + if (!hash_df(dctx, hctx->C,
10120 + NULL, 1, hctx->V, dctx->seedlen,
10121 + ent, ent_len, adin, adin_len))
10122 + return 0;
10123 + memcpy(hctx->V, hctx->C, dctx->seedlen);
10124 + if (!hash_df(dctx, hctx->C, NULL, 0,
10125 + hctx->V, dctx->seedlen, NULL, 0, NULL, 0))
10126 + return 0;
10127 +#ifdef HASH_DRBG_TRACE
10128 + fprintf(stderr, "V+C after reseed:\n");
10129 + hexprint(stderr, hctx->V, dctx->seedlen);
10130 + hexprint(stderr, hctx->C, dctx->seedlen);
10131 +#endif
10132 + return 1;
10133 + }
10134 +
10135 +static int drbg_hash_generate(DRBG_CTX *dctx,
10136 + unsigned char *out, size_t outlen,
10137 + const unsigned char *adin, size_t adin_len)
10138 + {
10139 + DRBG_HASH_CTX *hctx = &dctx->d.hash;
10140 + EVP_MD_CTX *mctx = &hctx->mctx;
10141 + unsigned char tmp[4];
10142 + if (adin && adin_len)
10143 + {
10144 + tmp[0] = 2;
10145 + if (!FIPS_digestinit(mctx, hctx->md))
10146 + return 0;
10147 + if (!EVP_DigestUpdate(mctx, tmp, 1))
10148 + return 0;
10149 + if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
10150 + return 0;
10151 + if (!EVP_DigestUpdate(mctx, adin, adin_len))
10152 + return 0;
10153 + if (!ctx_add_md(dctx))
10154 + return 0;
10155 + }
10156 + if (!hash_gen(dctx, out, outlen))
10157 + return 0;
10158 +
10159 + tmp[0] = 3;
10160 + if (!FIPS_digestinit(mctx, hctx->md))
10161 + return 0;
10162 + if (!EVP_DigestUpdate(mctx, tmp, 1))
10163 + return 0;
10164 + if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
10165 + return 0;
10166 +
10167 + if (!ctx_add_md(dctx))
10168 + return 0;
10169 +
10170 + ctx_add_buf(dctx, hctx->V, hctx->C, dctx->seedlen);
10171 +
10172 + tmp[0] = (dctx->reseed_counter >> 24) & 0xff;
10173 + tmp[1] = (dctx->reseed_counter >> 16) & 0xff;
10174 + tmp[2] = (dctx->reseed_counter >> 8) & 0xff;
10175 + tmp[3] = dctx->reseed_counter & 0xff;
10176 + ctx_add_buf(dctx, hctx->V, tmp, 4);
10177 +#ifdef HASH_DRBG_TRACE
10178 + fprintf(stderr, "V+C after generate:\n");
10179 + hexprint(stderr, hctx->V, dctx->seedlen);
10180 + hexprint(stderr, hctx->C, dctx->seedlen);
10181 +#endif
10182 + return 1;
10183 + }
10184 +
10185 +static int drbg_hash_uninstantiate(DRBG_CTX *dctx)
10186 + {
10187 + EVP_MD_CTX_cleanup(&dctx->d.hash.mctx);
10188 + OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX));
10189 + return 1;
10190 + }
10191 +
10192 +int fips_drbg_hash_init(DRBG_CTX *dctx)
10193 + {
10194 + const EVP_MD *md;
10195 + DRBG_HASH_CTX *hctx = &dctx->d.hash;
10196 + md = FIPS_get_digestbynid(dctx->type);
10197 + if (!md)
10198 + return -2;
10199 + switch (dctx->type)
10200 + {
10201 + case NID_sha1:
10202 + dctx->strength = 128;
10203 + break;
10204 +
10205 + case NID_sha224:
10206 + dctx->strength = 192;
10207 + break;
10208 +
10209 + default:
10210 + dctx->strength = 256;
10211 + break;
10212 + }
10213 +
10214 + dctx->instantiate = drbg_hash_instantiate;
10215 + dctx->reseed = drbg_hash_reseed;
10216 + dctx->generate = drbg_hash_generate;
10217 + dctx->uninstantiate = drbg_hash_uninstantiate;
10218 +
10219 + dctx->d.hash.md = md;
10220 + EVP_MD_CTX_init(&hctx->mctx);
10221 +
10222 + /* These are taken from SP 800-90 10.1 table 2 */
10223 +
10224 + dctx->blocklength = M_EVP_MD_size(md);
10225 + if (dctx->blocklength > 32)
10226 + dctx->seedlen = 111;
10227 + else
10228 + dctx->seedlen = 55;
10229 +
10230 +
10231 + dctx->min_entropy = dctx->strength / 8;
10232 + dctx->max_entropy = DRBG_MAX_LENGTH;
10233 +
10234 + dctx->min_nonce = dctx->min_entropy / 2;
10235 + dctx->max_nonce = DRBG_MAX_LENGTH;
10236 +
10237 + dctx->max_pers = DRBG_MAX_LENGTH;
10238 + dctx->max_adin = DRBG_MAX_LENGTH;
10239 +
10240 + dctx->max_request = 1<<16;
10241 + dctx->reseed_interval = 1<<24;
10242 +
10243 + return 1;
10244 + }
10245 diff -up openssl-1.0.1b/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_hmac.c
10246 --- openssl-1.0.1b/crypto/fips/fips_drbg_hmac.c.fips 2012-04-26 18:00:51.402769343 +0200
10247 +++ openssl-1.0.1b/crypto/fips/fips_drbg_hmac.c 2012-04-26 18:00:51.402769343 +0200
10248 @@ -0,0 +1,281 @@
10249 +/* fips/rand/fips_drbg_hmac.c */
10250 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
10251 + * project.
10252 + */
10253 +/* ====================================================================
10254 + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
10255 + *
10256 + * Redistribution and use in source and binary forms, with or without
10257 + * modification, are permitted provided that the following conditions
10258 + * are met:
10259 + *
10260 + * 1. Redistributions of source code must retain the above copyright
10261 + * notice, this list of conditions and the following disclaimer.
10262 + *
10263 + * 2. Redistributions in binary form must reproduce the above copyright
10264 + * notice, this list of conditions and the following disclaimer in
10265 + * the documentation and/or other materials provided with the
10266 + * distribution.
10267 + *
10268 + * 3. All advertising materials mentioning features or use of this
10269 + * software must display the following acknowledgment:
10270 + * "This product includes software developed by the OpenSSL Project
10271 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
10272 + *
10273 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
10274 + * endorse or promote products derived from this software without
10275 + * prior written permission. For written permission, please contact
10276 + * licensing@OpenSSL.org.
10277 + *
10278 + * 5. Products derived from this software may not be called "OpenSSL"
10279 + * nor may "OpenSSL" appear in their names without prior written
10280 + * permission of the OpenSSL Project.
10281 + *
10282 + * 6. Redistributions of any form whatsoever must retain the following
10283 + * acknowledgment:
10284 + * "This product includes software developed by the OpenSSL Project
10285 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
10286 + *
10287 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
10288 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
10289 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
10290 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
10291 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
10292 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
10293 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
10294 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
10295 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
10296 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
10297 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
10298 + * OF THE POSSIBILITY OF SUCH DAMAGE.
10299 + * ====================================================================
10300 + */
10301 +
10302 +#include <stdlib.h>
10303 +#include <string.h>
10304 +#include <openssl/crypto.h>
10305 +#include <openssl/evp.h>
10306 +#include <openssl/hmac.h>
10307 +#include <openssl/aes.h>
10308 +#include <openssl/fips.h>
10309 +#include <openssl/fips_rand.h>
10310 +#include "fips_rand_lcl.h"
10311 +
10312 +static int drbg_hmac_update(DRBG_CTX *dctx,
10313 + const unsigned char *in1, size_t in1len,
10314 + const unsigned char *in2, size_t in2len,
10315 + const unsigned char *in3, size_t in3len
10316 + )
10317 + {
10318 + static unsigned char c0 = 0, c1 = 1;
10319 + DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
10320 + HMAC_CTX *hctx = &hmac->hctx;
10321 +
10322 + if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
10323 + return 0;
10324 + if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
10325 + return 0;
10326 + if (!HMAC_Update(hctx, &c0, 1))
10327 + return 0;
10328 + if (in1len && !HMAC_Update(hctx, in1, in1len))
10329 + return 0;
10330 + if (in2len && !HMAC_Update(hctx, in2, in2len))
10331 + return 0;
10332 + if (in3len && !HMAC_Update(hctx, in3, in3len))
10333 + return 0;
10334 +
10335 + if (!HMAC_Final(hctx, hmac->K, NULL))
10336 + return 0;
10337 +
10338 + if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
10339 + return 0;
10340 + if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
10341 + return 0;
10342 +
10343 + if (!HMAC_Final(hctx, hmac->V, NULL))
10344 + return 0;
10345 +
10346 + if (!in1len && !in2len && !in3len)
10347 + return 1;
10348 +
10349 + if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
10350 + return 0;
10351 + if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
10352 + return 0;
10353 + if (!HMAC_Update(hctx, &c1, 1))
10354 + return 0;
10355 + if (in1len && !HMAC_Update(hctx, in1, in1len))
10356 + return 0;
10357 + if (in2len && !HMAC_Update(hctx, in2, in2len))
10358 + return 0;
10359 + if (in3len && !HMAC_Update(hctx, in3, in3len))
10360 + return 0;
10361 +
10362 + if (!HMAC_Final(hctx, hmac->K, NULL))
10363 + return 0;
10364 +
10365 + if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
10366 + return 0;
10367 + if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
10368 + return 0;
10369 +
10370 + if (!HMAC_Final(hctx, hmac->V, NULL))
10371 + return 0;
10372 +
10373 + return 1;
10374 +
10375 + }
10376 +
10377 +static int drbg_hmac_instantiate(DRBG_CTX *dctx,
10378 + const unsigned char *ent, size_t ent_len,
10379 + const unsigned char *nonce, size_t nonce_len,
10380 + const unsigned char *pstr, size_t pstr_len)
10381 + {
10382 + DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
10383 + memset(hmac->K, 0, dctx->blocklength);
10384 + memset(hmac->V, 1, dctx->blocklength);
10385 + if (!drbg_hmac_update(dctx,
10386 + ent, ent_len, nonce, nonce_len, pstr, pstr_len))
10387 + return 0;
10388 +
10389 +#ifdef HMAC_DRBG_TRACE
10390 + fprintf(stderr, "K+V after instantiate:\n");
10391 + hexprint(stderr, hmac->K, hmac->blocklength);
10392 + hexprint(stderr, hmac->V, hmac->blocklength);
10393 +#endif
10394 + return 1;
10395 + }
10396 +
10397 +static int drbg_hmac_reseed(DRBG_CTX *dctx,
10398 + const unsigned char *ent, size_t ent_len,
10399 + const unsigned char *adin, size_t adin_len)
10400 + {
10401 + if (!drbg_hmac_update(dctx,
10402 + ent, ent_len, adin, adin_len, NULL, 0))
10403 + return 0;
10404 +
10405 +#ifdef HMAC_DRBG_TRACE
10406 + {
10407 + DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
10408 + fprintf(stderr, "K+V after reseed:\n");
10409 + hexprint(stderr, hmac->K, hmac->blocklength);
10410 + hexprint(stderr, hmac->V, hmac->blocklength);
10411 + }
10412 +#endif
10413 + return 1;
10414 + }
10415 +
10416 +static int drbg_hmac_generate(DRBG_CTX *dctx,
10417 + unsigned char *out, size_t outlen,
10418 + const unsigned char *adin, size_t adin_len)
10419 + {
10420 + DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
10421 + HMAC_CTX *hctx = &hmac->hctx;
10422 + const unsigned char *Vtmp = hmac->V;
10423 + if (adin_len && !drbg_hmac_update(dctx, adin, adin_len,
10424 + NULL, 0, NULL, 0))
10425 + return 0;
10426 + for (;;)
10427 + {
10428 + if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength,
10429 + hmac->md, NULL))
10430 + return 0;
10431 + if (!HMAC_Update(hctx, Vtmp, dctx->blocklength))
10432 + return 0;
10433 + if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
10434 + {
10435 + if (!HMAC_Final(hctx, dctx->lb, NULL))
10436 + return 0;
10437 + dctx->lb_valid = 1;
10438 + Vtmp = dctx->lb;
10439 + continue;
10440 + }
10441 + else if (outlen > dctx->blocklength)
10442 + {
10443 + if (!HMAC_Final(hctx, out, NULL))
10444 + return 0;
10445 + if (!fips_drbg_cprng_test(dctx, out))
10446 + return 0;
10447 + Vtmp = out;
10448 + }
10449 + else
10450 + {
10451 + if (!HMAC_Final(hctx, hmac->V, NULL))
10452 + return 0;
10453 + if (!fips_drbg_cprng_test(dctx, hmac->V))
10454 + return 0;
10455 + memcpy(out, hmac->V, outlen);
10456 + break;
10457 + }
10458 + out += dctx->blocklength;
10459 + outlen -= dctx->blocklength;
10460 + }
10461 + if (!drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0))
10462 + return 0;
10463 +
10464 + return 1;
10465 + }
10466 +
10467 +static int drbg_hmac_uninstantiate(DRBG_CTX *dctx)
10468 + {
10469 + HMAC_CTX_cleanup(&dctx->d.hmac.hctx);
10470 + OPENSSL_cleanse(&dctx->d.hmac, sizeof(DRBG_HMAC_CTX));
10471 + return 1;
10472 + }
10473 +
10474 +int fips_drbg_hmac_init(DRBG_CTX *dctx)
10475 + {
10476 + const EVP_MD *md = NULL;
10477 + DRBG_HMAC_CTX *hctx = &dctx->d.hmac;
10478 + dctx->strength = 256;
10479 + switch (dctx->type)
10480 + {
10481 + case NID_hmacWithSHA1:
10482 + md = EVP_sha1();
10483 + dctx->strength = 128;
10484 + break;
10485 +
10486 + case NID_hmacWithSHA224:
10487 + md = EVP_sha224();
10488 + dctx->strength = 192;
10489 + break;
10490 +
10491 + case NID_hmacWithSHA256:
10492 + md = EVP_sha256();
10493 + break;
10494 +
10495 + case NID_hmacWithSHA384:
10496 + md = EVP_sha384();
10497 + break;
10498 +
10499 + case NID_hmacWithSHA512:
10500 + md = EVP_sha512();
10501 + break;
10502 +
10503 + default:
10504 + dctx->strength = 0;
10505 + return -2;
10506 + }
10507 + dctx->instantiate = drbg_hmac_instantiate;
10508 + dctx->reseed = drbg_hmac_reseed;
10509 + dctx->generate = drbg_hmac_generate;
10510 + dctx->uninstantiate = drbg_hmac_uninstantiate;
10511 + HMAC_CTX_init(&hctx->hctx);
10512 + hctx->md = md;
10513 + dctx->blocklength = M_EVP_MD_size(md);
10514 + dctx->seedlen = M_EVP_MD_size(md);
10515 +
10516 + dctx->min_entropy = dctx->strength / 8;
10517 + dctx->max_entropy = DRBG_MAX_LENGTH;
10518 +
10519 + dctx->min_nonce = dctx->min_entropy / 2;
10520 + dctx->max_nonce = DRBG_MAX_LENGTH;
10521 +
10522 + dctx->max_pers = DRBG_MAX_LENGTH;
10523 + dctx->max_adin = DRBG_MAX_LENGTH;
10524 +
10525 + dctx->max_request = 1<<16;
10526 + dctx->reseed_interval = 1<<24;
10527 +
10528 + return 1;
10529 + }
10530 diff -up openssl-1.0.1b/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_lib.c
10531 --- openssl-1.0.1b/crypto/fips/fips_drbg_lib.c.fips 2012-04-26 18:00:51.402769343 +0200
10532 +++ openssl-1.0.1b/crypto/fips/fips_drbg_lib.c 2012-04-26 18:00:51.402769343 +0200
10533 @@ -0,0 +1,578 @@
10534 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
10535 + * project.
10536 + */
10537 +/* ====================================================================
10538 + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
10539 + *
10540 + * Redistribution and use in source and binary forms, with or without
10541 + * modification, are permitted provided that the following conditions
10542 + * are met:
10543 + *
10544 + * 1. Redistributions of source code must retain the above copyright
10545 + * notice, this list of conditions and the following disclaimer.
10546 + *
10547 + * 2. Redistributions in binary form must reproduce the above copyright
10548 + * notice, this list of conditions and the following disclaimer in
10549 + * the documentation and/or other materials provided with the
10550 + * distribution.
10551 + *
10552 + * 3. All advertising materials mentioning features or use of this
10553 + * software must display the following acknowledgment:
10554 + * "This product includes software developed by the OpenSSL Project
10555 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
10556 + *
10557 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
10558 + * endorse or promote products derived from this software without
10559 + * prior written permission. For written permission, please contact
10560 + * licensing@OpenSSL.org.
10561 + *
10562 + * 5. Products derived from this software may not be called "OpenSSL"
10563 + * nor may "OpenSSL" appear in their names without prior written
10564 + * permission of the OpenSSL Project.
10565 + *
10566 + * 6. Redistributions of any form whatsoever must retain the following
10567 + * acknowledgment:
10568 + * "This product includes software developed by the OpenSSL Project
10569 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
10570 + *
10571 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
10572 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
10573 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
10574 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
10575 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
10576 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
10577 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
10578 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
10579 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
10580 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
10581 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
10582 + * OF THE POSSIBILITY OF SUCH DAMAGE.
10583 + * ====================================================================
10584 + */
10585 +
10586 +#include <string.h>
10587 +#include <openssl/crypto.h>
10588 +#include <openssl/err.h>
10589 +#include <openssl/fips_rand.h>
10590 +#include "fips_locl.h"
10591 +#include "fips_rand_lcl.h"
10592 +
10593 +/* Support framework for SP800-90 DRBGs */
10594 +
10595 +int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
10596 + {
10597 + int rv;
10598 + memset(dctx, 0, sizeof(DRBG_CTX));
10599 + dctx->status = DRBG_STATUS_UNINITIALISED;
10600 + dctx->xflags = flags;
10601 + dctx->type = type;
10602 +
10603 + dctx->iflags = 0;
10604 + dctx->entropy_blocklen = 0;
10605 + dctx->health_check_cnt = 0;
10606 + dctx->health_check_interval = DRBG_HEALTH_INTERVAL;
10607 +
10608 + rv = fips_drbg_hash_init(dctx);
10609 +
10610 + if (rv == -2)
10611 + rv = fips_drbg_ctr_init(dctx);
10612 + if (rv == -2)
10613 + rv = fips_drbg_hmac_init(dctx);
10614 +
10615 + if (rv <= 0)
10616 + {
10617 + if (rv == -2)
10618 + FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_UNSUPPORTED_DRBG_TYPE);
10619 + else
10620 + FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_ERROR_INITIALISING_DRBG);
10621 + }
10622 +
10623 + /* If not in test mode run selftests on DRBG of the same type */
10624 +
10625 + if (!(dctx->xflags & DRBG_FLAG_TEST))
10626 + {
10627 + if (!FIPS_drbg_health_check(dctx))
10628 + {
10629 + FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);
10630 + return 0;
10631 + }
10632 + }
10633 +
10634 + return rv;
10635 + }
10636 +
10637 +DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
10638 + {
10639 + DRBG_CTX *dctx;
10640 + dctx = OPENSSL_malloc(sizeof(DRBG_CTX));
10641 + if (!dctx)
10642 + {
10643 + FIPSerr(FIPS_F_FIPS_DRBG_NEW, ERR_R_MALLOC_FAILURE);
10644 + return NULL;
10645 + }
10646 +
10647 + if (type == 0)
10648 + {
10649 + memset(dctx, 0, sizeof(DRBG_CTX));
10650 + dctx->type = 0;
10651 + dctx->status = DRBG_STATUS_UNINITIALISED;
10652 + return dctx;
10653 + }
10654 +
10655 + if (FIPS_drbg_init(dctx, type, flags) <= 0)
10656 + {
10657 + OPENSSL_free(dctx);
10658 + return NULL;
10659 + }
10660 +
10661 + return dctx;
10662 + }
10663 +
10664 +void FIPS_drbg_free(DRBG_CTX *dctx)
10665 + {
10666 + if (dctx->uninstantiate)
10667 + dctx->uninstantiate(dctx);
10668 + /* Don't free up default DRBG */
10669 + if (dctx == FIPS_get_default_drbg())
10670 + {
10671 + memset(dctx, 0, sizeof(DRBG_CTX));
10672 + dctx->type = 0;
10673 + dctx->status = DRBG_STATUS_UNINITIALISED;
10674 + }
10675 + else
10676 + {
10677 + OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
10678 + OPENSSL_free(dctx);
10679 + }
10680 + }
10681 +
10682 +static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
10683 + int entropy, size_t min_len, size_t max_len)
10684 + {
10685 + unsigned char *tout, *p;
10686 + size_t bl = dctx->entropy_blocklen, rv;
10687 + if (!dctx->get_entropy)
10688 + return 0;
10689 + if (dctx->xflags & DRBG_FLAG_TEST || !bl)
10690 + return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
10691 + rv = dctx->get_entropy(dctx, &tout, entropy + bl,
10692 + min_len + bl, max_len + bl);
10693 + if (tout == NULL)
10694 + return 0;
10695 + *pout = tout + bl;
10696 + if (rv < (min_len + bl) || (rv % bl))
10697 + return 0;
10698 + /* Compare consecutive blocks for continuous PRNG test */
10699 + for (p = tout; p < tout + rv - bl; p += bl)
10700 + {
10701 + if (!memcmp(p, p + bl, bl))
10702 + {
10703 + FIPSerr(FIPS_F_FIPS_GET_ENTROPY, FIPS_R_ENTROPY_SOURCE_STUCK);
10704 + return 0;
10705 + }
10706 + }
10707 + rv -= bl;
10708 + if (rv > max_len)
10709 + return max_len;
10710 + return rv;
10711 + }
10712 +
10713 +static void fips_cleanup_entropy(DRBG_CTX *dctx,
10714 + unsigned char *out, size_t olen)
10715 + {
10716 + size_t bl;
10717 + if (dctx->xflags & DRBG_FLAG_TEST)
10718 + bl = 0;
10719 + else
10720 + bl = dctx->entropy_blocklen;
10721 + /* Call cleanup with original arguments */
10722 + dctx->cleanup_entropy(dctx, out - bl, olen + bl);
10723 + }
10724 +
10725 +
10726 +int FIPS_drbg_instantiate(DRBG_CTX *dctx,
10727 + const unsigned char *pers, size_t perslen)
10728 + {
10729 + size_t entlen = 0, noncelen = 0;
10730 + unsigned char *nonce = NULL, *entropy = NULL;
10731 +
10732 +#if 0
10733 + /* Put here so error script picks them up */
10734 + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE,
10735 + FIPS_R_PERSONALISATION_STRING_TOO_LONG);
10736 + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_IN_ERROR_STATE);
10737 + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ALREADY_INSTANTIATED);
10738 + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY);
10739 + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE);
10740 + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR);
10741 + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED);
10742 +#endif
10743 +
10744 + int r = 0;
10745 +
10746 + if (perslen > dctx->max_pers)
10747 + {
10748 + r = FIPS_R_PERSONALISATION_STRING_TOO_LONG;
10749 + goto end;
10750 + }
10751 +
10752 + if (!dctx->instantiate)
10753 + {
10754 + r = FIPS_R_DRBG_NOT_INITIALISED;
10755 + goto end;
10756 + }
10757 +
10758 + if (dctx->status != DRBG_STATUS_UNINITIALISED)
10759 + {
10760 + if (dctx->status == DRBG_STATUS_ERROR)
10761 + r = FIPS_R_IN_ERROR_STATE;
10762 + else
10763 + r = FIPS_R_ALREADY_INSTANTIATED;
10764 + goto end;
10765 + }
10766 +
10767 + dctx->status = DRBG_STATUS_ERROR;
10768 +
10769 + entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
10770 + dctx->min_entropy, dctx->max_entropy);
10771 +
10772 + if (entlen < dctx->min_entropy || entlen > dctx->max_entropy)
10773 + {
10774 + r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
10775 + goto end;
10776 + }
10777 +
10778 + if (dctx->max_nonce > 0 && dctx->get_nonce)
10779 + {
10780 + noncelen = dctx->get_nonce(dctx, &nonce,
10781 + dctx->strength / 2,
10782 + dctx->min_nonce, dctx->max_nonce);
10783 +
10784 + if (noncelen < dctx->min_nonce || noncelen > dctx->max_nonce)
10785 + {
10786 + r = FIPS_R_ERROR_RETRIEVING_NONCE;
10787 + goto end;
10788 + }
10789 +
10790 + }
10791 +
10792 + if (!dctx->instantiate(dctx,
10793 + entropy, entlen,
10794 + nonce, noncelen,
10795 + pers, perslen))
10796 + {
10797 + r = FIPS_R_ERROR_INSTANTIATING_DRBG;
10798 + goto end;
10799 + }
10800 +
10801 +
10802 + dctx->status = DRBG_STATUS_READY;
10803 + if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
10804 + dctx->reseed_counter = 1;
10805 +
10806 + end:
10807 +
10808 + if (entropy && dctx->cleanup_entropy)
10809 + fips_cleanup_entropy(dctx, entropy, entlen);
10810 +
10811 + if (nonce && dctx->cleanup_nonce)
10812 + dctx->cleanup_nonce(dctx, nonce, noncelen);
10813 +
10814 + if (dctx->status == DRBG_STATUS_READY)
10815 + return 1;
10816 +
10817 + if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
10818 + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, r);
10819 +
10820 + return 0;
10821 +
10822 + }
10823 +
10824 +static int drbg_reseed(DRBG_CTX *dctx,
10825 + const unsigned char *adin, size_t adinlen, int hcheck)
10826 + {
10827 + unsigned char *entropy = NULL;
10828 + size_t entlen = 0;
10829 + int r = 0;
10830 +
10831 +#if 0
10832 + FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_NOT_INSTANTIATED);
10833 + FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
10834 +#endif
10835 + if (dctx->status != DRBG_STATUS_READY
10836 + && dctx->status != DRBG_STATUS_RESEED)
10837 + {
10838 + if (dctx->status == DRBG_STATUS_ERROR)
10839 + r = FIPS_R_IN_ERROR_STATE;
10840 + else if(dctx->status == DRBG_STATUS_UNINITIALISED)
10841 + r = FIPS_R_NOT_INSTANTIATED;
10842 + goto end;
10843 + }
10844 +
10845 + if (!adin)
10846 + adinlen = 0;
10847 + else if (adinlen > dctx->max_adin)
10848 + {
10849 + r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
10850 + goto end;
10851 + }
10852 +
10853 + dctx->status = DRBG_STATUS_ERROR;
10854 + /* Peform health check on all reseed operations if not a prediction
10855 + * resistance request and not in test mode.
10856 + */
10857 + if (hcheck && !(dctx->xflags & DRBG_FLAG_TEST))
10858 + {
10859 + if (!FIPS_drbg_health_check(dctx))
10860 + {
10861 + r = FIPS_R_SELFTEST_FAILURE;
10862 + goto end;
10863 + }
10864 + }
10865 +
10866 + entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
10867 + dctx->min_entropy, dctx->max_entropy);
10868 +
10869 + if (entlen < dctx->min_entropy || entlen > dctx->max_entropy)
10870 + {
10871 + r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
10872 + goto end;
10873 + }
10874 +
10875 + if (!dctx->reseed(dctx, entropy, entlen, adin, adinlen))
10876 + goto end;
10877 +
10878 + dctx->status = DRBG_STATUS_READY;
10879 + if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
10880 + dctx->reseed_counter = 1;
10881 + end:
10882 +
10883 + if (entropy && dctx->cleanup_entropy)
10884 + fips_cleanup_entropy(dctx, entropy, entlen);
10885 +
10886 + if (dctx->status == DRBG_STATUS_READY)
10887 + return 1;
10888 +
10889 + if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
10890 + FIPSerr(FIPS_F_DRBG_RESEED, r);
10891 +
10892 + return 0;
10893 + }
10894 +
10895 +int FIPS_drbg_reseed(DRBG_CTX *dctx,
10896 + const unsigned char *adin, size_t adinlen)
10897 + {
10898 + return drbg_reseed(dctx, adin, adinlen, 1);
10899 + }
10900 +
10901 +static int fips_drbg_check(DRBG_CTX *dctx)
10902 + {
10903 + if (dctx->xflags & DRBG_FLAG_TEST)
10904 + return 1;
10905 + dctx->health_check_cnt++;
10906 + if (dctx->health_check_cnt >= dctx->health_check_interval)
10907 + {
10908 + if (!FIPS_drbg_health_check(dctx))
10909 + {
10910 + FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE);
10911 + return 0;
10912 + }
10913 + }
10914 + return 1;
10915 + }
10916 +
10917 +int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
10918 + int prediction_resistance,
10919 + const unsigned char *adin, size_t adinlen)
10920 + {
10921 + int r = 0;
10922 +
10923 + if (FIPS_selftest_failed())
10924 + {
10925 + FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED);
10926 + return 0;
10927 + }
10928 +
10929 + if (!fips_drbg_check(dctx))
10930 + return 0;
10931 +
10932 + if (dctx->status != DRBG_STATUS_READY
10933 + && dctx->status != DRBG_STATUS_RESEED)
10934 + {
10935 + if (dctx->status == DRBG_STATUS_ERROR)
10936 + r = FIPS_R_IN_ERROR_STATE;
10937 + else if(dctx->status == DRBG_STATUS_UNINITIALISED)
10938 + r = FIPS_R_NOT_INSTANTIATED;
10939 + goto end;
10940 + }
10941 +
10942 + if (outlen > dctx->max_request)
10943 + {
10944 + r = FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG;
10945 + return 0;
10946 + }
10947 +
10948 + if (adinlen > dctx->max_adin)
10949 + {
10950 + r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
10951 + goto end;
10952 + }
10953 +
10954 + if (dctx->iflags & DRBG_CUSTOM_RESEED)
10955 + dctx->generate(dctx, NULL, outlen, NULL, 0);
10956 + else if (dctx->reseed_counter >= dctx->reseed_interval)
10957 + dctx->status = DRBG_STATUS_RESEED;
10958 +
10959 + if (dctx->status == DRBG_STATUS_RESEED || prediction_resistance)
10960 + {
10961 + /* If prediction resistance request don't do health check */
10962 + int hcheck = prediction_resistance ? 0 : 1;
10963 +
10964 + if (!drbg_reseed(dctx, adin, adinlen, hcheck))
10965 + {
10966 + r = FIPS_R_RESEED_ERROR;
10967 + goto end;
10968 + }
10969 + adin = NULL;
10970 + adinlen = 0;
10971 + }
10972 +
10973 + if (!dctx->generate(dctx, out, outlen, adin, adinlen))
10974 + {
10975 + r = FIPS_R_GENERATE_ERROR;
10976 + dctx->status = DRBG_STATUS_ERROR;
10977 + goto end;
10978 + }
10979 + if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
10980 + {
10981 + if (dctx->reseed_counter >= dctx->reseed_interval)
10982 + dctx->status = DRBG_STATUS_RESEED;
10983 + else
10984 + dctx->reseed_counter++;
10985 + }
10986 +
10987 + end:
10988 + if (r)
10989 + {
10990 + if (!(dctx->iflags & DRBG_FLAG_NOERR))
10991 + FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, r);
10992 + return 0;
10993 + }
10994 +
10995 + return 1;
10996 + }
10997 +
10998 +int FIPS_drbg_uninstantiate(DRBG_CTX *dctx)
10999 + {
11000 + int rv;
11001 + if (!dctx->uninstantiate)
11002 + rv = 1;
11003 + else
11004 + rv = dctx->uninstantiate(dctx);
11005 + /* Although we'd like to cleanse here we can't because we have to
11006 + * test the uninstantiate really zeroes the data.
11007 + */
11008 + memset(&dctx->d, 0, sizeof(dctx->d));
11009 + dctx->status = DRBG_STATUS_UNINITIALISED;
11010 + /* If method has problems uninstantiating, return error */
11011 + return rv;
11012 + }
11013 +
11014 +int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
11015 + size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
11016 + int entropy, size_t min_len, size_t max_len),
11017 + void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
11018 + size_t entropy_blocklen,
11019 + size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
11020 + int entropy, size_t min_len, size_t max_len),
11021 + void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen))
11022 + {
11023 + if (dctx->status != DRBG_STATUS_UNINITIALISED)
11024 + return 0;
11025 + dctx->entropy_blocklen = entropy_blocklen;
11026 + dctx->get_entropy = get_entropy;
11027 + dctx->cleanup_entropy = cleanup_entropy;
11028 + dctx->get_nonce = get_nonce;
11029 + dctx->cleanup_nonce = cleanup_nonce;
11030 + return 1;
11031 + }
11032 +
11033 +int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
11034 + size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout),
11035 + void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
11036 + int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num),
11037 + int (*rand_add_cb)(DRBG_CTX *ctx,
11038 + const void *buf, int num, double entropy))
11039 + {
11040 + if (dctx->status != DRBG_STATUS_UNINITIALISED)
11041 + return 0;
11042 + dctx->get_adin = get_adin;
11043 + dctx->cleanup_adin = cleanup_adin;
11044 + dctx->rand_seed_cb = rand_seed_cb;
11045 + dctx->rand_add_cb = rand_add_cb;
11046 + return 1;
11047 + }
11048 +
11049 +void *FIPS_drbg_get_app_data(DRBG_CTX *dctx)
11050 + {
11051 + return dctx->app_data;
11052 + }
11053 +
11054 +void FIPS_drbg_set_app_data(DRBG_CTX *dctx, void *app_data)
11055 + {
11056 + dctx->app_data = app_data;
11057 + }
11058 +
11059 +size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx)
11060 + {
11061 + return dctx->blocklength;
11062 + }
11063 +
11064 +int FIPS_drbg_get_strength(DRBG_CTX *dctx)
11065 + {
11066 + return dctx->strength;
11067 + }
11068 +
11069 +void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval)
11070 + {
11071 + dctx->health_check_interval = interval;
11072 + }
11073 +
11074 +void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval)
11075 + {
11076 + dctx->reseed_interval = interval;
11077 + }
11078 +
11079 +static int drbg_stick = 0;
11080 +
11081 +void FIPS_drbg_stick(int onoff)
11082 + {
11083 + drbg_stick = onoff;
11084 + }
11085 +
11086 +/* Continuous DRBG utility function */
11087 +int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out)
11088 + {
11089 + /* No CPRNG in test mode */
11090 + if (dctx->xflags & DRBG_FLAG_TEST)
11091 + return 1;
11092 + /* Check block is valid: should never happen */
11093 + if (dctx->lb_valid == 0)
11094 + {
11095 + FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_INTERNAL_ERROR);
11096 + fips_set_selftest_fail();
11097 + return 0;
11098 + }
11099 + if (drbg_stick)
11100 + memcpy(dctx->lb, out, dctx->blocklength);
11101 + /* Check against last block: fail if match */
11102 + if (!memcmp(dctx->lb, out, dctx->blocklength))
11103 + {
11104 + FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_DRBG_STUCK);
11105 + fips_set_selftest_fail();
11106 + return 0;
11107 + }
11108 + /* Save last block for next comparison */
11109 + memcpy(dctx->lb, out, dctx->blocklength);
11110 + return 1;
11111 + }
11112 diff -up openssl-1.0.1b/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_rand.c
11113 --- openssl-1.0.1b/crypto/fips/fips_drbg_rand.c.fips 2012-04-26 18:00:51.403769365 +0200
11114 +++ openssl-1.0.1b/crypto/fips/fips_drbg_rand.c 2012-04-26 18:00:51.403769365 +0200
11115 @@ -0,0 +1,172 @@
11116 +/* fips/rand/fips_drbg_rand.c */
11117 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
11118 + * project.
11119 + */
11120 +/* ====================================================================
11121 + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
11122 + *
11123 + * Redistribution and use in source and binary forms, with or without
11124 + * modification, are permitted provided that the following conditions
11125 + * are met:
11126 + *
11127 + * 1. Redistributions of source code must retain the above copyright
11128 + * notice, this list of conditions and the following disclaimer.
11129 + *
11130 + * 2. Redistributions in binary form must reproduce the above copyright
11131 + * notice, this list of conditions and the following disclaimer in
11132 + * the documentation and/or other materials provided with the
11133 + * distribution.
11134 + *
11135 + * 3. All advertising materials mentioning features or use of this
11136 + * software must display the following acknowledgment:
11137 + * "This product includes software developed by the OpenSSL Project
11138 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
11139 + *
11140 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
11141 + * endorse or promote products derived from this software without
11142 + * prior written permission. For written permission, please contact
11143 + * licensing@OpenSSL.org.
11144 + *
11145 + * 5. Products derived from this software may not be called "OpenSSL"
11146 + * nor may "OpenSSL" appear in their names without prior written
11147 + * permission of the OpenSSL Project.
11148 + *
11149 + * 6. Redistributions of any form whatsoever must retain the following
11150 + * acknowledgment:
11151 + * "This product includes software developed by the OpenSSL Project
11152 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
11153 + *
11154 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
11155 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
11156 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
11157 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
11158 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
11159 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
11160 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
11161 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
11162 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
11163 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
11164 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
11165 + * OF THE POSSIBILITY OF SUCH DAMAGE.
11166 + * ====================================================================
11167 + */
11168 +
11169 +#include <string.h>
11170 +#include <openssl/crypto.h>
11171 +#include <openssl/err.h>
11172 +#include <openssl/rand.h>
11173 +#include <openssl/fips_rand.h>
11174 +#include "fips_rand_lcl.h"
11175 +
11176 +/* Mapping of SP800-90 DRBGs to OpenSSL RAND_METHOD */
11177 +
11178 +/* Since we only have one global PRNG used at any time in OpenSSL use a global
11179 + * variable to store context.
11180 + */
11181 +
11182 +static DRBG_CTX ossl_dctx;
11183 +
11184 +DRBG_CTX *FIPS_get_default_drbg(void)
11185 + {
11186 + return &ossl_dctx;
11187 + }
11188 +
11189 +static int fips_drbg_bytes(unsigned char *out, int count)
11190 + {
11191 + DRBG_CTX *dctx = &ossl_dctx;
11192 + int rv = 0;
11193 + unsigned char *adin = NULL;
11194 + size_t adinlen = 0;
11195 + CRYPTO_w_lock(CRYPTO_LOCK_RAND);
11196 + do
11197 + {
11198 + size_t rcnt;
11199 + if (count > (int)dctx->max_request)
11200 + rcnt = dctx->max_request;
11201 + else
11202 + rcnt = count;
11203 + if (dctx->get_adin)
11204 + {
11205 + adinlen = dctx->get_adin(dctx, &adin);
11206 + if (adinlen && !adin)
11207 + {
11208 + FIPSerr(FIPS_F_FIPS_DRBG_BYTES, FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT);
11209 + goto err;
11210 + }
11211 + }
11212 + rv = FIPS_drbg_generate(dctx, out, rcnt, 0, adin, adinlen);
11213 + if (adin)
11214 + {
11215 + if (dctx->cleanup_adin)
11216 + dctx->cleanup_adin(dctx, adin, adinlen);
11217 + adin = NULL;
11218 + }
11219 + if (!rv)
11220 + goto err;
11221 + out += rcnt;
11222 + count -= rcnt;
11223 + }
11224 + while (count);
11225 + rv = 1;
11226 + err:
11227 + CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
11228 + return rv;
11229 + }
11230 +
11231 +static int fips_drbg_pseudo(unsigned char *out, int count)
11232 + {
11233 + if (fips_drbg_bytes(out, count) <= 0)
11234 + return -1;
11235 + return 1;
11236 + }
11237 +
11238 +static int fips_drbg_status(void)
11239 + {
11240 + DRBG_CTX *dctx = &ossl_dctx;
11241 + int rv;
11242 + CRYPTO_r_lock(CRYPTO_LOCK_RAND);
11243 + rv = dctx->status == DRBG_STATUS_READY ? 1 : 0;
11244 + CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
11245 + return rv;
11246 + }
11247 +
11248 +static void fips_drbg_cleanup(void)
11249 + {
11250 + DRBG_CTX *dctx = &ossl_dctx;
11251 + CRYPTO_w_lock(CRYPTO_LOCK_RAND);
11252 + FIPS_drbg_uninstantiate(dctx);
11253 + CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
11254 + }
11255 +
11256 +static int fips_drbg_seed(const void *seed, int seedlen)
11257 + {
11258 + DRBG_CTX *dctx = &ossl_dctx;
11259 + if (dctx->rand_seed_cb)
11260 + return dctx->rand_seed_cb(dctx, seed, seedlen);
11261 + return 1;
11262 + }
11263 +
11264 +static int fips_drbg_add(const void *seed, int seedlen,
11265 + double add_entropy)
11266 + {
11267 + DRBG_CTX *dctx = &ossl_dctx;
11268 + if (dctx->rand_add_cb)
11269 + return dctx->rand_add_cb(dctx, seed, seedlen, add_entropy);
11270 + return 1;
11271 + }
11272 +
11273 +static const RAND_METHOD rand_drbg_meth =
11274 + {
11275 + fips_drbg_seed,
11276 + fips_drbg_bytes,
11277 + fips_drbg_cleanup,
11278 + fips_drbg_add,
11279 + fips_drbg_pseudo,
11280 + fips_drbg_status
11281 + };
11282 +
11283 +const RAND_METHOD *FIPS_drbg_method(void)
11284 + {
11285 + return &rand_drbg_meth;
11286 + }
11287 +
11288 diff -up openssl-1.0.1b/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_drbg_selftest.c
11289 --- openssl-1.0.1b/crypto/fips/fips_drbg_selftest.c.fips 2012-04-26 18:00:51.403769365 +0200
11290 +++ openssl-1.0.1b/crypto/fips/fips_drbg_selftest.c 2012-04-26 18:00:51.403769365 +0200
11291 @@ -0,0 +1,862 @@
11292 +/* fips/rand/fips_drbg_selftest.c */
11293 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
11294 + * project.
11295 + */
11296 +/* ====================================================================
11297 + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
11298 + *
11299 + * Redistribution and use in source and binary forms, with or without
11300 + * modification, are permitted provided that the following conditions
11301 + * are met:
11302 + *
11303 + * 1. Redistributions of source code must retain the above copyright
11304 + * notice, this list of conditions and the following disclaimer.
11305 + *
11306 + * 2. Redistributions in binary form must reproduce the above copyright
11307 + * notice, this list of conditions and the following disclaimer in
11308 + * the documentation and/or other materials provided with the
11309 + * distribution.
11310 + *
11311 + * 3. All advertising materials mentioning features or use of this
11312 + * software must display the following acknowledgment:
11313 + * "This product includes software developed by the OpenSSL Project
11314 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
11315 + *
11316 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
11317 + * endorse or promote products derived from this software without
11318 + * prior written permission. For written permission, please contact
11319 + * licensing@OpenSSL.org.
11320 + *
11321 + * 5. Products derived from this software may not be called "OpenSSL"
11322 + * nor may "OpenSSL" appear in their names without prior written
11323 + * permission of the OpenSSL Project.
11324 + *
11325 + * 6. Redistributions of any form whatsoever must retain the following
11326 + * acknowledgment:
11327 + * "This product includes software developed by the OpenSSL Project
11328 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
11329 + *
11330 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
11331 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
11332 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
11333 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
11334 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
11335 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
11336 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
11337 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
11338 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
11339 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
11340 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
11341 + * OF THE POSSIBILITY OF SUCH DAMAGE.
11342 + * ====================================================================
11343 + */
11344 +
11345 +#include <string.h>
11346 +#include <openssl/crypto.h>
11347 +#include <openssl/err.h>
11348 +#include <openssl/fips_rand.h>
11349 +#include "fips_rand_lcl.h"
11350 +#include "fips_locl.h"
11351 +
11352 +#include "fips_drbg_selftest.h"
11353 +
11354 +typedef struct {
11355 + int post;
11356 + int nid;
11357 + unsigned int flags;
11358 +
11359 + /* KAT data for no PR */
11360 + const unsigned char *ent;
11361 + size_t entlen;
11362 + const unsigned char *nonce;
11363 + size_t noncelen;
11364 + const unsigned char *pers;
11365 + size_t perslen;
11366 + const unsigned char *adin;
11367 + size_t adinlen;
11368 + const unsigned char *entreseed;
11369 + size_t entreseedlen;
11370 + const unsigned char *adinreseed;
11371 + size_t adinreseedlen;
11372 + const unsigned char *adin2;
11373 + size_t adin2len;
11374 + const unsigned char *kat;
11375 + size_t katlen;
11376 + const unsigned char *kat2;
11377 + size_t kat2len;
11378 +
11379 + /* KAT data for PR */
11380 + const unsigned char *ent_pr;
11381 + size_t entlen_pr;
11382 + const unsigned char *nonce_pr;
11383 + size_t noncelen_pr;
11384 + const unsigned char *pers_pr;
11385 + size_t perslen_pr;
11386 + const unsigned char *adin_pr;
11387 + size_t adinlen_pr;
11388 + const unsigned char *entpr_pr;
11389 + size_t entprlen_pr;
11390 + const unsigned char *ading_pr;
11391 + size_t adinglen_pr;
11392 + const unsigned char *entg_pr;
11393 + size_t entglen_pr;
11394 + const unsigned char *kat_pr;
11395 + size_t katlen_pr;
11396 + const unsigned char *kat2_pr;
11397 + size_t kat2len_pr;
11398 +
11399 + } DRBG_SELFTEST_DATA;
11400 +
11401 +#define make_drbg_test_data(nid, flag, pr, p) {p, nid, flag | DRBG_FLAG_TEST, \
11402 + pr##_entropyinput, sizeof(pr##_entropyinput), \
11403 + pr##_nonce, sizeof(pr##_nonce), \
11404 + pr##_personalizationstring, sizeof(pr##_personalizationstring), \
11405 + pr##_additionalinput, sizeof(pr##_additionalinput), \
11406 + pr##_entropyinputreseed, sizeof(pr##_entropyinputreseed), \
11407 + pr##_additionalinputreseed, sizeof(pr##_additionalinputreseed), \
11408 + pr##_additionalinput2, sizeof(pr##_additionalinput2), \
11409 + pr##_int_returnedbits, sizeof(pr##_int_returnedbits), \
11410 + pr##_returnedbits, sizeof(pr##_returnedbits), \
11411 + pr##_pr_entropyinput, sizeof(pr##_pr_entropyinput), \
11412 + pr##_pr_nonce, sizeof(pr##_pr_nonce), \
11413 + pr##_pr_personalizationstring, sizeof(pr##_pr_personalizationstring), \
11414 + pr##_pr_additionalinput, sizeof(pr##_pr_additionalinput), \
11415 + pr##_pr_entropyinputpr, sizeof(pr##_pr_entropyinputpr), \
11416 + pr##_pr_additionalinput2, sizeof(pr##_pr_additionalinput2), \
11417 + pr##_pr_entropyinputpr2, sizeof(pr##_pr_entropyinputpr2), \
11418 + pr##_pr_int_returnedbits, sizeof(pr##_pr_int_returnedbits), \
11419 + pr##_pr_returnedbits, sizeof(pr##_pr_returnedbits), \
11420 + }
11421 +
11422 +#define make_drbg_test_data_df(nid, pr, p) \
11423 + make_drbg_test_data(nid, DRBG_FLAG_CTR_USE_DF, pr, p)
11424 +
11425 +#define make_drbg_test_data_ec(curve, md, pr, p) \
11426 + make_drbg_test_data((curve << 16) | md , 0, pr, p)
11427 +
11428 +static DRBG_SELFTEST_DATA drbg_test[] = {
11429 + make_drbg_test_data_df(NID_aes_128_ctr, aes_128_use_df, 0),
11430 + make_drbg_test_data_df(NID_aes_192_ctr, aes_192_use_df, 0),
11431 + make_drbg_test_data_df(NID_aes_256_ctr, aes_256_use_df, 1),
11432 + make_drbg_test_data(NID_aes_128_ctr, 0, aes_128_no_df, 0),
11433 + make_drbg_test_data(NID_aes_192_ctr, 0, aes_192_no_df, 0),
11434 + make_drbg_test_data(NID_aes_256_ctr, 0, aes_256_no_df, 1),
11435 + make_drbg_test_data(NID_sha1, 0, sha1, 0),
11436 + make_drbg_test_data(NID_sha224, 0, sha224, 0),
11437 + make_drbg_test_data(NID_sha256, 0, sha256, 1),
11438 + make_drbg_test_data(NID_sha384, 0, sha384, 0),
11439 + make_drbg_test_data(NID_sha512, 0, sha512, 0),
11440 + make_drbg_test_data(NID_hmacWithSHA1, 0, hmac_sha1, 0),
11441 + make_drbg_test_data(NID_hmacWithSHA224, 0, hmac_sha224, 0),
11442 + make_drbg_test_data(NID_hmacWithSHA256, 0, hmac_sha256, 1),
11443 + make_drbg_test_data(NID_hmacWithSHA384, 0, hmac_sha384, 0),
11444 + make_drbg_test_data(NID_hmacWithSHA512, 0, hmac_sha512, 0),
11445 + {0,0,0}
11446 + };
11447 +
11448 +typedef struct
11449 + {
11450 + const unsigned char *ent;
11451 + size_t entlen;
11452 + int entcnt;
11453 + const unsigned char *nonce;
11454 + size_t noncelen;
11455 + int noncecnt;
11456 + } TEST_ENT;
11457 +
11458 +static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
11459 + int entropy, size_t min_len, size_t max_len)
11460 + {
11461 + TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
11462 + *pout = (unsigned char *)t->ent;
11463 + t->entcnt++;
11464 + return t->entlen;
11465 + }
11466 +
11467 +static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
11468 + int entropy, size_t min_len, size_t max_len)
11469 + {
11470 + TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
11471 + *pout = (unsigned char *)t->nonce;
11472 + t->noncecnt++;
11473 + return t->noncelen;
11474 + }
11475 +
11476 +static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
11477 + int quick)
11478 + {
11479 + TEST_ENT t;
11480 + int rv = 0;
11481 + size_t adinlen;
11482 + unsigned char randout[1024];
11483 +
11484 + /* Initial test without PR */
11485 +
11486 + /* Instantiate DRBG with test entropy, nonce and personalisation
11487 + * string.
11488 + */
11489 +
11490 + if (!FIPS_drbg_init(dctx, td->nid, td->flags))
11491 + return 0;
11492 + if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
11493 + return 0;
11494 +
11495 + FIPS_drbg_set_app_data(dctx, &t);
11496 +
11497 + t.ent = td->ent;
11498 + t.entlen = td->entlen;
11499 + t.nonce = td->nonce;
11500 + t.noncelen = td->noncelen;
11501 + t.entcnt = 0;
11502 + t.noncecnt = 0;
11503 +
11504 + if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
11505 + goto err;
11506 +
11507 + /* Note for CTR without DF some additional input values
11508 + * ignore bytes after the keylength: so reduce adinlen
11509 + * to half to ensure invalid data is fed in.
11510 + */
11511 + if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
11512 + adinlen = td->adinlen / 2;
11513 + else
11514 + adinlen = td->adinlen;
11515 +
11516 + /* Generate with no PR and verify output matches expected data */
11517 + if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11518 + td->adin, adinlen))
11519 + goto err;
11520 +
11521 + if (memcmp(randout, td->kat, td->katlen))
11522 + {
11523 + FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST1_FAILURE);
11524 + goto err2;
11525 + }
11526 + /* If abbreviated POST end of test */
11527 + if (quick)
11528 + {
11529 + rv = 1;
11530 + goto err;
11531 + }
11532 + /* Reseed DRBG with test entropy and additional input */
11533 + t.ent = td->entreseed;
11534 + t.entlen = td->entreseedlen;
11535 +
11536 + if (!FIPS_drbg_reseed(dctx, td->adinreseed, td->adinreseedlen))
11537 + goto err;
11538 +
11539 + /* Generate with no PR and verify output matches expected data */
11540 + if (!FIPS_drbg_generate(dctx, randout, td->kat2len, 0,
11541 + td->adin2, td->adin2len))
11542 + goto err;
11543 +
11544 + if (memcmp(randout, td->kat2, td->kat2len))
11545 + {
11546 + FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST2_FAILURE);
11547 + goto err2;
11548 + }
11549 +
11550 + FIPS_drbg_uninstantiate(dctx);
11551 +
11552 + /* Now test with PR */
11553 +
11554 + /* Instantiate DRBG with test entropy, nonce and personalisation
11555 + * string.
11556 + */
11557 + if (!FIPS_drbg_init(dctx, td->nid, td->flags))
11558 + return 0;
11559 + if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
11560 + return 0;
11561 +
11562 + FIPS_drbg_set_app_data(dctx, &t);
11563 +
11564 + t.ent = td->ent_pr;
11565 + t.entlen = td->entlen_pr;
11566 + t.nonce = td->nonce_pr;
11567 + t.noncelen = td->noncelen_pr;
11568 + t.entcnt = 0;
11569 + t.noncecnt = 0;
11570 +
11571 + if (!FIPS_drbg_instantiate(dctx, td->pers_pr, td->perslen_pr))
11572 + goto err;
11573 +
11574 + /* Now generate with PR: we need to supply entropy as this will
11575 + * perform a reseed operation. Check output matches expected value.
11576 + */
11577 +
11578 + t.ent = td->entpr_pr;
11579 + t.entlen = td->entprlen_pr;
11580 +
11581 + /* Note for CTR without DF some additional input values
11582 + * ignore bytes after the keylength: so reduce adinlen
11583 + * to half to ensure invalid data is fed in.
11584 + */
11585 + if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
11586 + adinlen = td->adinlen_pr / 2;
11587 + else
11588 + adinlen = td->adinlen_pr;
11589 + if (!FIPS_drbg_generate(dctx, randout, td->katlen_pr, 1,
11590 + td->adin_pr, adinlen))
11591 + goto err;
11592 +
11593 + if (memcmp(randout, td->kat_pr, td->katlen_pr))
11594 + {
11595 + FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST1_FAILURE);
11596 + goto err2;
11597 + }
11598 +
11599 + /* Now generate again with PR: supply new entropy again.
11600 + * Check output matches expected value.
11601 + */
11602 +
11603 + t.ent = td->entg_pr;
11604 + t.entlen = td->entglen_pr;
11605 +
11606 + if (!FIPS_drbg_generate(dctx, randout, td->kat2len_pr, 1,
11607 + td->ading_pr, td->adinglen_pr))
11608 + goto err;
11609 +
11610 + if (memcmp(randout, td->kat2_pr, td->kat2len_pr))
11611 + {
11612 + FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST2_FAILURE);
11613 + goto err2;
11614 + }
11615 + /* All OK, test complete */
11616 + rv = 1;
11617 +
11618 + err:
11619 + if (rv == 0)
11620 + FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED);
11621 + err2:
11622 + FIPS_drbg_uninstantiate(dctx);
11623 +
11624 + return rv;
11625 +
11626 + }
11627 +
11628 +/* Initialise a DRBG based on selftest data */
11629 +
11630 +static int do_drbg_init(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td, TEST_ENT *t)
11631 + {
11632 +
11633 + if (!FIPS_drbg_init(dctx, td->nid, td->flags))
11634 + return 0;
11635 +
11636 + if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
11637 + return 0;
11638 +
11639 + FIPS_drbg_set_app_data(dctx, t);
11640 +
11641 + t->ent = td->ent;
11642 + t->entlen = td->entlen;
11643 + t->nonce = td->nonce;
11644 + t->noncelen = td->noncelen;
11645 + t->entcnt = 0;
11646 + t->noncecnt = 0;
11647 + return 1;
11648 + }
11649 +
11650 +/* Initialise and instantiate DRBG based on selftest data */
11651 +static int do_drbg_instantiate(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
11652 + TEST_ENT *t)
11653 + {
11654 + if (!do_drbg_init(dctx, td, t))
11655 + return 0;
11656 + if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
11657 + return 0;
11658 +
11659 + return 1;
11660 + }
11661 +
11662 +/* This function performs extensive error checking as required by SP800-90.
11663 + * Induce several failure modes and check an error condition is set.
11664 + * This function along with fips_drbg_single_kat peforms the health checking
11665 + * operation.
11666 + */
11667 +
11668 +static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
11669 + {
11670 + unsigned char randout[1024];
11671 + TEST_ENT t;
11672 + size_t i;
11673 + unsigned int reseed_counter_tmp;
11674 + unsigned char *p = (unsigned char *)dctx;
11675 +
11676 + /* Initialise DRBG */
11677 +
11678 + if (!do_drbg_init(dctx, td, &t))
11679 + goto err;
11680 +
11681 + /* Don't report induced errors */
11682 + dctx->iflags |= DRBG_FLAG_NOERR;
11683 +
11684 + /* Personalisation string tests */
11685 +
11686 + /* Test detection of too large personlisation string */
11687 +
11688 + if (FIPS_drbg_instantiate(dctx, td->pers, dctx->max_pers + 1) > 0)
11689 + {
11690 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_PERSONALISATION_ERROR_UNDETECTED);
11691 + goto err;
11692 + }
11693 +
11694 + /* Entropy source tests */
11695 +
11696 + /* Test entropy source failure detecion: i.e. returns no data */
11697 +
11698 + t.entlen = 0;
11699 +
11700 + if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
11701 + {
11702 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11703 + goto err;
11704 + }
11705 +
11706 + /* Try to generate output from uninstantiated DRBG */
11707 + if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11708 + td->adin, td->adinlen))
11709 + {
11710 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_GENERATE_ERROR_UNDETECTED);
11711 + goto err;
11712 + }
11713 +
11714 + dctx->iflags &= ~DRBG_FLAG_NOERR;
11715 + if (!FIPS_drbg_uninstantiate(dctx))
11716 + {
11717 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11718 + goto err;
11719 + }
11720 +
11721 + if (!do_drbg_init(dctx, td, &t))
11722 + goto err;
11723 +
11724 + dctx->iflags |= DRBG_FLAG_NOERR;
11725 +
11726 + /* Test insufficient entropy */
11727 +
11728 + t.entlen = dctx->min_entropy - 1;
11729 +
11730 + if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
11731 + {
11732 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11733 + goto err;
11734 + }
11735 +
11736 + dctx->iflags &= ~DRBG_FLAG_NOERR;
11737 + if (!FIPS_drbg_uninstantiate(dctx))
11738 + {
11739 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11740 + goto err;
11741 + }
11742 +
11743 + /* Test too much entropy */
11744 +
11745 + if (!do_drbg_init(dctx, td, &t))
11746 + goto err;
11747 +
11748 + dctx->iflags |= DRBG_FLAG_NOERR;
11749 +
11750 + t.entlen = dctx->max_entropy + 1;
11751 +
11752 + if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
11753 + {
11754 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11755 + goto err;
11756 + }
11757 +
11758 + dctx->iflags &= ~DRBG_FLAG_NOERR;
11759 + if (!FIPS_drbg_uninstantiate(dctx))
11760 + {
11761 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11762 + goto err;
11763 + }
11764 +
11765 + /* Nonce tests */
11766 +
11767 + /* Test too small nonce */
11768 +
11769 + if (dctx->min_nonce)
11770 + {
11771 +
11772 + if (!do_drbg_init(dctx, td, &t))
11773 + goto err;
11774 +
11775 + dctx->iflags |= DRBG_FLAG_NOERR;
11776 +
11777 + t.noncelen = dctx->min_nonce - 1;
11778 +
11779 + if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
11780 + {
11781 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_NONCE_ERROR_UNDETECTED);
11782 + goto err;
11783 + }
11784 +
11785 + dctx->iflags &= ~DRBG_FLAG_NOERR;
11786 + if (!FIPS_drbg_uninstantiate(dctx))
11787 + {
11788 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11789 + goto err;
11790 + }
11791 +
11792 + }
11793 +
11794 + /* Test too large nonce */
11795 +
11796 + if (dctx->max_nonce)
11797 + {
11798 +
11799 + if (!do_drbg_init(dctx, td, &t))
11800 + goto err;
11801 +
11802 + dctx->iflags |= DRBG_FLAG_NOERR;
11803 +
11804 + t.noncelen = dctx->max_nonce + 1;
11805 +
11806 + if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
11807 + {
11808 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_NONCE_ERROR_UNDETECTED);
11809 + goto err;
11810 + }
11811 +
11812 + dctx->iflags &= ~DRBG_FLAG_NOERR;
11813 + if (!FIPS_drbg_uninstantiate(dctx))
11814 + {
11815 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11816 + goto err;
11817 + }
11818 +
11819 + }
11820 +
11821 + /* Instantiate with valid data. */
11822 + if (!do_drbg_instantiate(dctx, td, &t))
11823 + goto err;
11824 +
11825 + /* Check generation is now OK */
11826 + if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11827 + td->adin, td->adinlen))
11828 + goto err;
11829 +
11830 + dctx->iflags |= DRBG_FLAG_NOERR;
11831 +
11832 + /* Request too much data for one request */
11833 + if (FIPS_drbg_generate(dctx, randout, dctx->max_request + 1, 0,
11834 + td->adin, td->adinlen))
11835 + {
11836 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED);
11837 + goto err;
11838 + }
11839 +
11840 + /* Try too large additional input */
11841 + if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11842 + td->adin, dctx->max_adin + 1))
11843 + {
11844 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
11845 + goto err;
11846 + }
11847 +
11848 + /* Check prediction resistance request fails if entropy source
11849 + * failure.
11850 + */
11851 +
11852 + t.entlen = 0;
11853 +
11854 + if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
11855 + td->adin, td->adinlen))
11856 + {
11857 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11858 + goto err;
11859 + }
11860 +
11861 + dctx->iflags &= ~DRBG_FLAG_NOERR;
11862 + if (!FIPS_drbg_uninstantiate(dctx))
11863 + {
11864 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11865 + goto err;
11866 + }
11867 +
11868 +
11869 + /* Instantiate again with valid data */
11870 +
11871 + if (!do_drbg_instantiate(dctx, td, &t))
11872 + goto err;
11873 + /* Test reseed counter works */
11874 + /* Save initial reseed counter */
11875 + reseed_counter_tmp = dctx->reseed_counter;
11876 + /* Set reseed counter to beyond interval */
11877 + dctx->reseed_counter = dctx->reseed_interval;
11878 +
11879 + /* Generate output and check entropy has been requested for reseed */
11880 + t.entcnt = 0;
11881 + if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11882 + td->adin, td->adinlen))
11883 + goto err;
11884 + if (t.entcnt != 1)
11885 + {
11886 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
11887 + goto err;
11888 + }
11889 + /* Check reseed counter has been reset */
11890 + if (dctx->reseed_counter != reseed_counter_tmp + 1)
11891 + {
11892 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
11893 + goto err;
11894 + }
11895 +
11896 + dctx->iflags &= ~DRBG_FLAG_NOERR;
11897 + if (!FIPS_drbg_uninstantiate(dctx))
11898 + {
11899 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11900 + goto err;
11901 + }
11902 +
11903 + /* Check prediction resistance request fails if entropy source
11904 + * failure.
11905 + */
11906 +
11907 + t.entlen = 0;
11908 +
11909 + dctx->iflags |= DRBG_FLAG_NOERR;
11910 + if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
11911 + td->adin, td->adinlen))
11912 + {
11913 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11914 + goto err;
11915 + }
11916 +
11917 + dctx->iflags &= ~DRBG_FLAG_NOERR;
11918 +
11919 + if (!FIPS_drbg_uninstantiate(dctx))
11920 + {
11921 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11922 + goto err;
11923 + }
11924 +
11925 +
11926 + if (!do_drbg_instantiate(dctx, td, &t))
11927 + goto err;
11928 + /* Test reseed counter works */
11929 + /* Save initial reseed counter */
11930 + reseed_counter_tmp = dctx->reseed_counter;
11931 + /* Set reseed counter to beyond interval */
11932 + dctx->reseed_counter = dctx->reseed_interval;
11933 +
11934 + /* Generate output and check entropy has been requested for reseed */
11935 + t.entcnt = 0;
11936 + if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
11937 + td->adin, td->adinlen))
11938 + goto err;
11939 + if (t.entcnt != 1)
11940 + {
11941 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
11942 + goto err;
11943 + }
11944 + /* Check reseed counter has been reset */
11945 + if (dctx->reseed_counter != reseed_counter_tmp + 1)
11946 + {
11947 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
11948 + goto err;
11949 + }
11950 +
11951 + dctx->iflags &= ~DRBG_FLAG_NOERR;
11952 + if (!FIPS_drbg_uninstantiate(dctx))
11953 + {
11954 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11955 + goto err;
11956 + }
11957 +
11958 + /* Explicit reseed tests */
11959 +
11960 + /* Test explicit reseed with too large additional input */
11961 + if (!do_drbg_init(dctx, td, &t))
11962 + goto err;
11963 +
11964 + dctx->iflags |= DRBG_FLAG_NOERR;
11965 +
11966 + if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0)
11967 + {
11968 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
11969 + goto err;
11970 + }
11971 +
11972 + /* Test explicit reseed with entropy source failure */
11973 +
11974 + t.entlen = 0;
11975 +
11976 + if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
11977 + {
11978 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
11979 + goto err;
11980 + }
11981 +
11982 + if (!FIPS_drbg_uninstantiate(dctx))
11983 + {
11984 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
11985 + goto err;
11986 + }
11987 +
11988 + /* Test explicit reseed with too much entropy */
11989 +
11990 + if (!do_drbg_init(dctx, td, &t))
11991 + goto err;
11992 +
11993 + dctx->iflags |= DRBG_FLAG_NOERR;
11994 +
11995 + t.entlen = dctx->max_entropy + 1;
11996 +
11997 + if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
11998 + {
11999 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
12000 + goto err;
12001 + }
12002 +
12003 + if (!FIPS_drbg_uninstantiate(dctx))
12004 + {
12005 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
12006 + goto err;
12007 + }
12008 +
12009 + /* Test explicit reseed with too little entropy */
12010 +
12011 + if (!do_drbg_init(dctx, td, &t))
12012 + goto err;
12013 +
12014 + dctx->iflags |= DRBG_FLAG_NOERR;
12015 +
12016 + t.entlen = dctx->min_entropy - 1;
12017 +
12018 + if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
12019 + {
12020 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
12021 + goto err;
12022 + }
12023 +
12024 + if (!FIPS_drbg_uninstantiate(dctx))
12025 + {
12026 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
12027 + goto err;
12028 + }
12029 +
12030 + p = (unsigned char *)&dctx->d;
12031 + /* Standard says we have to check uninstantiate really zeroes
12032 + * the data...
12033 + */
12034 + for (i = 0; i < sizeof(dctx->d); i++)
12035 + {
12036 + if (*p != 0)
12037 + {
12038 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ZEROISE_ERROR);
12039 + goto err;
12040 + }
12041 + p++;
12042 + }
12043 +
12044 + return 1;
12045 +
12046 + err:
12047 + /* A real error as opposed to an induced one: underlying function will
12048 + * indicate the error.
12049 + */
12050 + if (!(dctx->iflags & DRBG_FLAG_NOERR))
12051 + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_FUNCTION_ERROR);
12052 + FIPS_drbg_uninstantiate(dctx);
12053 + return 0;
12054 +
12055 + }
12056 +
12057 +int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags)
12058 + {
12059 + DRBG_SELFTEST_DATA *td;
12060 + flags |= DRBG_FLAG_TEST;
12061 + for (td = drbg_test; td->nid != 0; td++)
12062 + {
12063 + if (td->nid == nid && td->flags == flags)
12064 + {
12065 + if (!fips_drbg_single_kat(dctx, td, 0))
12066 + return 0;
12067 + return fips_drbg_error_check(dctx, td);
12068 + }
12069 + }
12070 + return 0;
12071 + }
12072 +
12073 +int FIPS_drbg_health_check(DRBG_CTX *dctx)
12074 + {
12075 + int rv;
12076 + DRBG_CTX *tctx = NULL;
12077 + tctx = FIPS_drbg_new(0, 0);
12078 + fips_post_started(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
12079 + if (!tctx)
12080 + return 0;
12081 + rv = fips_drbg_kat(tctx, dctx->type, dctx->xflags);
12082 + if (tctx)
12083 + FIPS_drbg_free(tctx);
12084 + if (rv)
12085 + fips_post_success(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
12086 + else
12087 + fips_post_failed(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
12088 + if (!rv)
12089 + dctx->status = DRBG_STATUS_ERROR;
12090 + else
12091 + dctx->health_check_cnt = 0;
12092 + return rv;
12093 + }
12094 +
12095 +int FIPS_selftest_drbg(void)
12096 + {
12097 + DRBG_CTX *dctx;
12098 + DRBG_SELFTEST_DATA *td;
12099 + int rv = 1;
12100 + dctx = FIPS_drbg_new(0, 0);
12101 + if (!dctx)
12102 + return 0;
12103 + for (td = drbg_test; td->nid != 0; td++)
12104 + {
12105 + if (td->post != 1)
12106 + continue;
12107 + if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
12108 + return 1;
12109 + if (!fips_drbg_single_kat(dctx, td, 1))
12110 + {
12111 + fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
12112 + rv = 0;
12113 + continue;
12114 + }
12115 + if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
12116 + return 0;
12117 + }
12118 + FIPS_drbg_free(dctx);
12119 + return rv;
12120 + }
12121 +
12122 +
12123 +int FIPS_selftest_drbg_all(void)
12124 + {
12125 + DRBG_CTX *dctx;
12126 + DRBG_SELFTEST_DATA *td;
12127 + int rv = 1;
12128 + dctx = FIPS_drbg_new(0, 0);
12129 + if (!dctx)
12130 + return 0;
12131 + for (td = drbg_test; td->nid != 0; td++)
12132 + {
12133 + if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
12134 + return 1;
12135 + if (!fips_drbg_single_kat(dctx, td, 0))
12136 + {
12137 + fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
12138 + rv = 0;
12139 + continue;
12140 + }
12141 + if (!fips_drbg_error_check(dctx, td))
12142 + {
12143 + fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
12144 + rv = 0;
12145 + continue;
12146 + }
12147 + if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
12148 + return 0;
12149 + }
12150 + FIPS_drbg_free(dctx);
12151 + return rv;
12152 + }
12153 +
12154 diff -up openssl-1.0.1b/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1b/crypto/fips/fips_drbg_selftest.h
12155 --- openssl-1.0.1b/crypto/fips/fips_drbg_selftest.h.fips 2012-04-26 18:00:51.404769387 +0200
12156 +++ openssl-1.0.1b/crypto/fips/fips_drbg_selftest.h 2012-04-26 18:00:51.404769387 +0200
12157 @@ -0,0 +1,2335 @@
12158 +/* ====================================================================
12159 + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
12160 + *
12161 + * Redistribution and use in source and binary forms, with or without
12162 + * modification, are permitted provided that the following conditions
12163 + * are met:
12164 + *
12165 + * 1. Redistributions of source code must retain the above copyright
12166 + * notice, this list of conditions and the following disclaimer.
12167 + *
12168 + * 2. Redistributions in binary form must reproduce the above copyright
12169 + * notice, this list of conditions and the following disclaimer in
12170 + * the documentation and/or other materials provided with the
12171 + * distribution.
12172 + *
12173 + * 3. All advertising materials mentioning features or use of this
12174 + * software must display the following acknowledgment:
12175 + * "This product includes software developed by the OpenSSL Project
12176 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
12177 + *
12178 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
12179 + * endorse or promote products derived from this software without
12180 + * prior written permission. For written permission, please contact
12181 + * openssl-core.org.
12182 + *
12183 + * 5. Products derived from this software may not be called "OpenSSL"
12184 + * nor may "OpenSSL" appear in their names without prior written
12185 + * permission of the OpenSSL Project.
12186 + *
12187 + * 6. Redistributions of any form whatsoever must retain the following
12188 + * acknowledgment:
12189 + * "This product includes software developed by the OpenSSL Project
12190 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
12191 + *
12192 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
12193 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
12194 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
12195 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
12196 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
12197 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
12198 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
12199 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
12200 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
12201 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
12202 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
12203 + * OF THE POSSIBILITY OF SUCH DAMAGE.
12204 + *
12205 + */
12206 +
12207 +/* Selftest and health check data for the SP800-90 DRBG */
12208 +
12209 +#define __fips_constseg
12210 +
12211 +/* AES-128 use df PR */
12212 +__fips_constseg
12213 +static const unsigned char aes_128_use_df_pr_entropyinput[] =
12214 + {
12215 + 0x61,0x52,0x7c,0xe3,0x23,0x7d,0x0a,0x07,0x10,0x0c,0x50,0x33,
12216 + 0xc8,0xdb,0xff,0x12
12217 + };
12218 +
12219 +__fips_constseg
12220 +static const unsigned char aes_128_use_df_pr_nonce[] =
12221 + {
12222 + 0x51,0x0d,0x85,0x77,0xed,0x22,0x97,0x28
12223 + };
12224 +
12225 +__fips_constseg
12226 +static const unsigned char aes_128_use_df_pr_personalizationstring[] =
12227 + {
12228 + 0x59,0x9f,0xbb,0xcd,0xd5,0x25,0x69,0xb5,0xcb,0xb5,0x03,0xfe,
12229 + 0xd7,0xd7,0x01,0x67
12230 + };
12231 +
12232 +__fips_constseg
12233 +static const unsigned char aes_128_use_df_pr_additionalinput[] =
12234 + {
12235 + 0xef,0x88,0x76,0x01,0xaf,0x3c,0xfe,0x8b,0xaf,0x26,0x06,0x9e,
12236 + 0x9a,0x47,0x08,0x76
12237 + };
12238 +
12239 +__fips_constseg
12240 +static const unsigned char aes_128_use_df_pr_entropyinputpr[] =
12241 + {
12242 + 0xe2,0x76,0xf9,0xf6,0x3a,0xba,0x10,0x9f,0xbf,0x47,0x0e,0x51,
12243 + 0x09,0xfb,0xa3,0xb6
12244 + };
12245 +
12246 +__fips_constseg
12247 +static const unsigned char aes_128_use_df_pr_int_returnedbits[] =
12248 + {
12249 + 0xd4,0x98,0x8a,0x46,0x80,0x4c,0xdb,0xa3,0x59,0x02,0x57,0x52,
12250 + 0x66,0x1c,0xea,0x5b
12251 + };
12252 +
12253 +__fips_constseg
12254 +static const unsigned char aes_128_use_df_pr_additionalinput2[] =
12255 + {
12256 + 0x88,0x8c,0x91,0xd6,0xbe,0x56,0x6e,0x08,0x9a,0x62,0x2b,0x11,
12257 + 0x3f,0x5e,0x31,0x06
12258 + };
12259 +
12260 +__fips_constseg
12261 +static const unsigned char aes_128_use_df_pr_entropyinputpr2[] =
12262 + {
12263 + 0xc0,0x5c,0x6b,0x98,0x01,0x0d,0x58,0x18,0x51,0x18,0x96,0xae,
12264 + 0xa7,0xe3,0xa8,0x67
12265 + };
12266 +
12267 +__fips_constseg
12268 +static const unsigned char aes_128_use_df_pr_returnedbits[] =
12269 + {
12270 + 0xcf,0x01,0xac,0x22,0x31,0x06,0x8e,0xfc,0xce,0x56,0xea,0x24,
12271 + 0x0f,0x38,0x43,0xc6
12272 + };
12273 +
12274 +
12275 +/* AES-128 use df No PR */
12276 +__fips_constseg
12277 +static const unsigned char aes_128_use_df_entropyinput[] =
12278 + {
12279 + 0x1f,0x8e,0x34,0x82,0x0c,0xb7,0xbe,0xc5,0x01,0x3e,0xd0,0xa3,
12280 + 0x9d,0x7d,0x1c,0x9b
12281 + };
12282 +
12283 +__fips_constseg
12284 +static const unsigned char aes_128_use_df_nonce[] =
12285 + {
12286 + 0xd5,0x4d,0xbd,0x4a,0x93,0x7f,0xb8,0x96
12287 + };
12288 +
12289 +__fips_constseg
12290 +static const unsigned char aes_128_use_df_personalizationstring[] =
12291 + {
12292 + 0xab,0xd6,0x3f,0x04,0xfe,0x27,0x6b,0x2d,0xd7,0xc3,0x1c,0xf3,
12293 + 0x38,0x66,0xba,0x1b
12294 + };
12295 +
12296 +__fips_constseg
12297 +static const unsigned char aes_128_use_df_additionalinput[] =
12298 + {
12299 + 0xfe,0xf4,0x09,0xa8,0xb7,0x73,0x27,0x9c,0x5f,0xa7,0xea,0x46,
12300 + 0xb5,0xe2,0xb2,0x41
12301 + };
12302 +
12303 +__fips_constseg
12304 +static const unsigned char aes_128_use_df_int_returnedbits[] =
12305 + {
12306 + 0x42,0xe4,0x4e,0x7b,0x27,0xdd,0xcb,0xbc,0x0a,0xcf,0xa6,0x67,
12307 + 0xe7,0x57,0x11,0xb4
12308 + };
12309 +
12310 +__fips_constseg
12311 +static const unsigned char aes_128_use_df_entropyinputreseed[] =
12312 + {
12313 + 0x14,0x26,0x69,0xd9,0xf3,0x65,0x03,0xd6,0x6b,0xb9,0x44,0x0b,
12314 + 0xc7,0xc4,0x9e,0x39
12315 + };
12316 +
12317 +__fips_constseg
12318 +static const unsigned char aes_128_use_df_additionalinputreseed[] =
12319 + {
12320 + 0x55,0x2e,0x60,0x9a,0x05,0x72,0x8a,0xa8,0xef,0x22,0x81,0x5a,
12321 + 0xc8,0x93,0xfa,0x84
12322 + };
12323 +
12324 +__fips_constseg
12325 +static const unsigned char aes_128_use_df_additionalinput2[] =
12326 + {
12327 + 0x3c,0x40,0xc8,0xc4,0x16,0x0c,0x21,0xa4,0x37,0x2c,0x8f,0xa5,
12328 + 0x06,0x0c,0x15,0x2c
12329 + };
12330 +
12331 +__fips_constseg
12332 +static const unsigned char aes_128_use_df_returnedbits[] =
12333 + {
12334 + 0xe1,0x3e,0x99,0x98,0x86,0x67,0x0b,0x63,0x7b,0xbe,0x3f,0x88,
12335 + 0x46,0x81,0xc7,0x19
12336 + };
12337 +
12338 +
12339 +/* AES-192 use df PR */
12340 +__fips_constseg
12341 +static const unsigned char aes_192_use_df_pr_entropyinput[] =
12342 + {
12343 + 0x2b,0x4e,0x8b,0xe1,0xf1,0x34,0x80,0x56,0x81,0xf9,0x74,0xec,
12344 + 0x17,0x44,0x2a,0xf1,0x14,0xb0,0xbf,0x97,0x39,0xb7,0x04,0x7d
12345 + };
12346 +
12347 +__fips_constseg
12348 +static const unsigned char aes_192_use_df_pr_nonce[] =
12349 + {
12350 + 0xd6,0x9d,0xeb,0x14,0x4e,0x6c,0x30,0x1e,0x39,0x55,0x73,0xd0,
12351 + 0xd1,0x80,0x78,0xfa
12352 + };
12353 +
12354 +__fips_constseg
12355 +static const unsigned char aes_192_use_df_pr_personalizationstring[] =
12356 + {
12357 + 0xfc,0x43,0x4a,0xf8,0x9a,0x55,0xb3,0x53,0x83,0xe2,0x18,0x16,
12358 + 0x0c,0xdc,0xcd,0x5e,0x4f,0xa0,0x03,0x01,0x2b,0x9f,0xe4,0xd5,
12359 + 0x7d,0x49,0xf0,0x41,0x9e,0x3d,0x99,0x04
12360 + };
12361 +
12362 +__fips_constseg
12363 +static const unsigned char aes_192_use_df_pr_additionalinput[] =
12364 + {
12365 + 0x5e,0x9f,0x49,0x6f,0x21,0x8b,0x1d,0x32,0xd5,0x84,0x5c,0xac,
12366 + 0xaf,0xdf,0xe4,0x79,0x9e,0xaf,0xa9,0x82,0xd0,0xf8,0x4f,0xcb,
12367 + 0x69,0x10,0x0a,0x7e,0x81,0x57,0xb5,0x36
12368 + };
12369 +
12370 +__fips_constseg
12371 +static const unsigned char aes_192_use_df_pr_entropyinputpr[] =
12372 + {
12373 + 0xd4,0x81,0x0c,0xd7,0x66,0x39,0xec,0x42,0x53,0x87,0x41,0xa5,
12374 + 0x1e,0x7d,0x80,0x91,0x8e,0xbb,0xed,0xac,0x14,0x02,0x1a,0xd5
12375 + };
12376 +
12377 +__fips_constseg
12378 +static const unsigned char aes_192_use_df_pr_int_returnedbits[] =
12379 + {
12380 + 0xdf,0x1d,0x39,0x45,0x7c,0x9b,0xc6,0x2b,0x7d,0x8c,0x93,0xe9,
12381 + 0x19,0x30,0x6b,0x67
12382 + };
12383 +
12384 +__fips_constseg
12385 +static const unsigned char aes_192_use_df_pr_additionalinput2[] =
12386 + {
12387 + 0x00,0x71,0x27,0x4e,0xd3,0x14,0xf1,0x20,0x7f,0x4a,0x41,0x32,
12388 + 0x2a,0x97,0x11,0x43,0x8f,0x4a,0x15,0x7b,0x9b,0x51,0x79,0xda,
12389 + 0x49,0x3d,0xde,0xe8,0xbc,0x93,0x91,0x99
12390 + };
12391 +
12392 +__fips_constseg
12393 +static const unsigned char aes_192_use_df_pr_entropyinputpr2[] =
12394 + {
12395 + 0x90,0xee,0x76,0xa1,0x45,0x8d,0xb7,0x40,0xb0,0x11,0xbf,0xd0,
12396 + 0x65,0xd7,0x3c,0x7c,0x4f,0x20,0x3f,0x4e,0x11,0x9d,0xb3,0x5e
12397 + };
12398 +
12399 +__fips_constseg
12400 +static const unsigned char aes_192_use_df_pr_returnedbits[] =
12401 + {
12402 + 0x24,0x3b,0x20,0xa4,0x37,0x66,0xba,0x72,0x39,0x3f,0xcf,0x3c,
12403 + 0x7e,0x1a,0x2b,0x83
12404 + };
12405 +
12406 +
12407 +/* AES-192 use df No PR */
12408 +__fips_constseg
12409 +static const unsigned char aes_192_use_df_entropyinput[] =
12410 + {
12411 + 0x8d,0x74,0xa4,0x50,0x1a,0x02,0x68,0x0c,0x2a,0x69,0xc4,0x82,
12412 + 0x3b,0xbb,0xda,0x0e,0x7f,0x77,0xa3,0x17,0x78,0x57,0xb2,0x7b
12413 + };
12414 +
12415 +__fips_constseg
12416 +static const unsigned char aes_192_use_df_nonce[] =
12417 + {
12418 + 0x75,0xd5,0x1f,0xac,0xa4,0x8d,0x42,0x78,0xd7,0x69,0x86,0x9d,
12419 + 0x77,0xd7,0x41,0x0e
12420 + };
12421 +
12422 +__fips_constseg
12423 +static const unsigned char aes_192_use_df_personalizationstring[] =
12424 + {
12425 + 0x4e,0x33,0x41,0x3c,0x9c,0xc2,0xd2,0x53,0xaf,0x90,0xea,0xcf,
12426 + 0x19,0x50,0x1e,0xe6,0x6f,0x63,0xc8,0x32,0x22,0xdc,0x07,0x65,
12427 + 0x9c,0xd3,0xf8,0x30,0x9e,0xed,0x35,0x70
12428 + };
12429 +
12430 +__fips_constseg
12431 +static const unsigned char aes_192_use_df_additionalinput[] =
12432 + {
12433 + 0x5d,0x8b,0x8c,0xc1,0xdf,0x0e,0x02,0x78,0xfb,0x19,0xb8,0x69,
12434 + 0x78,0x4e,0x9c,0x52,0xbc,0xc7,0x20,0xc9,0xe6,0x5e,0x77,0x22,
12435 + 0x28,0x3d,0x0c,0x9e,0x68,0xa8,0x45,0xd7
12436 + };
12437 +
12438 +__fips_constseg
12439 +static const unsigned char aes_192_use_df_int_returnedbits[] =
12440 + {
12441 + 0xd5,0xe7,0x08,0xc5,0x19,0x99,0xd5,0x31,0x03,0x0a,0x74,0xb6,
12442 + 0xb7,0xed,0xe9,0xea
12443 + };
12444 +
12445 +__fips_constseg
12446 +static const unsigned char aes_192_use_df_entropyinputreseed[] =
12447 + {
12448 + 0x9c,0x26,0xda,0xf1,0xac,0xd9,0x5a,0xd6,0xa8,0x65,0xf5,0x02,
12449 + 0x8f,0xdc,0xa2,0x09,0x54,0xa6,0xe2,0xa4,0xde,0x32,0xe0,0x01
12450 + };
12451 +
12452 +__fips_constseg
12453 +static const unsigned char aes_192_use_df_additionalinputreseed[] =
12454 + {
12455 + 0x9b,0x90,0xb0,0x3a,0x0e,0x3a,0x80,0x07,0x4a,0xf4,0xda,0x76,
12456 + 0x28,0x30,0x3c,0xee,0x54,0x1b,0x94,0x59,0x51,0x43,0x56,0x77,
12457 + 0xaf,0x88,0xdd,0x63,0x89,0x47,0x06,0x65
12458 + };
12459 +
12460 +__fips_constseg
12461 +static const unsigned char aes_192_use_df_additionalinput2[] =
12462 + {
12463 + 0x3c,0x11,0x64,0x7a,0x96,0xf5,0xd8,0xb8,0xae,0xd6,0x70,0x4e,
12464 + 0x16,0x96,0xde,0xe9,0x62,0xbc,0xee,0x28,0x2f,0x26,0xa6,0xf0,
12465 + 0x56,0xef,0xa3,0xf1,0x6b,0xa1,0xb1,0x77
12466 + };
12467 +
12468 +__fips_constseg
12469 +static const unsigned char aes_192_use_df_returnedbits[] =
12470 + {
12471 + 0x0b,0xe2,0x56,0x03,0x1e,0xdb,0x2c,0x6d,0x7f,0x1b,0x15,0x58,
12472 + 0x1a,0xf9,0x13,0x28
12473 + };
12474 +
12475 +
12476 +/* AES-256 use df PR */
12477 +__fips_constseg
12478 +static const unsigned char aes_256_use_df_pr_entropyinput[] =
12479 + {
12480 + 0x61,0x68,0xfc,0x1a,0xf0,0xb5,0x95,0x6b,0x85,0x09,0x9b,0x74,
12481 + 0x3f,0x13,0x78,0x49,0x3b,0x85,0xec,0x93,0x13,0x3b,0xa9,0x4f,
12482 + 0x96,0xab,0x2c,0xe4,0xc8,0x8f,0xdd,0x6a
12483 + };
12484 +
12485 +__fips_constseg
12486 +static const unsigned char aes_256_use_df_pr_nonce[] =
12487 + {
12488 + 0xad,0xd2,0xbb,0xba,0xb7,0x65,0x89,0xc3,0x21,0x6c,0x55,0x33,
12489 + 0x2b,0x36,0xff,0xa4
12490 + };
12491 +
12492 +__fips_constseg
12493 +static const unsigned char aes_256_use_df_pr_personalizationstring[] =
12494 + {
12495 + 0x6e,0xca,0xe7,0x20,0x72,0xd3,0x84,0x5a,0x32,0xd3,0x4b,0x24,
12496 + 0x72,0xc4,0x63,0x2b,0x9d,0x12,0x24,0x0c,0x23,0x26,0x8e,0x83,
12497 + 0x16,0x37,0x0b,0xd1,0x06,0x4f,0x68,0x6d
12498 + };
12499 +
12500 +__fips_constseg
12501 +static const unsigned char aes_256_use_df_pr_additionalinput[] =
12502 + {
12503 + 0x7e,0x08,0x4a,0xbb,0xe3,0x21,0x7c,0xc9,0x23,0xd2,0xf8,0xb0,
12504 + 0x73,0x98,0xba,0x84,0x74,0x23,0xab,0x06,0x8a,0xe2,0x22,0xd3,
12505 + 0x7b,0xce,0x9b,0xd2,0x4a,0x76,0xb8,0xde
12506 + };
12507 +
12508 +__fips_constseg
12509 +static const unsigned char aes_256_use_df_pr_entropyinputpr[] =
12510 + {
12511 + 0x0b,0x23,0xaf,0xdf,0xf1,0x62,0xd7,0xd3,0x43,0x97,0xf8,0x77,
12512 + 0x04,0xa8,0x42,0x20,0xbd,0xf6,0x0f,0xc1,0x17,0x2f,0x9f,0x54,
12513 + 0xbb,0x56,0x17,0x86,0x68,0x0e,0xba,0xa9
12514 + };
12515 +
12516 +__fips_constseg
12517 +static const unsigned char aes_256_use_df_pr_int_returnedbits[] =
12518 + {
12519 + 0x31,0x8e,0xad,0xaf,0x40,0xeb,0x6b,0x74,0x31,0x46,0x80,0xc7,
12520 + 0x17,0xab,0x3c,0x7a
12521 + };
12522 +
12523 +__fips_constseg
12524 +static const unsigned char aes_256_use_df_pr_additionalinput2[] =
12525 + {
12526 + 0x94,0x6b,0xc9,0x9f,0xab,0x8d,0xc5,0xec,0x71,0x88,0x1d,0x00,
12527 + 0x8c,0x89,0x68,0xe4,0xc8,0x07,0x77,0x36,0x17,0x6d,0x79,0x78,
12528 + 0xc7,0x06,0x4e,0x99,0x04,0x28,0x29,0xc3
12529 + };
12530 +
12531 +__fips_constseg
12532 +static const unsigned char aes_256_use_df_pr_entropyinputpr2[] =
12533 + {
12534 + 0xbf,0x6c,0x59,0x2a,0x0d,0x44,0x0f,0xae,0x9a,0x5e,0x03,0x73,
12535 + 0xd8,0xa6,0xe1,0xcf,0x25,0x61,0x38,0x24,0x86,0x9e,0x53,0xe8,
12536 + 0xa4,0xdf,0x56,0xf4,0x06,0x07,0x9c,0x0f
12537 + };
12538 +
12539 +__fips_constseg
12540 +static const unsigned char aes_256_use_df_pr_returnedbits[] =
12541 + {
12542 + 0x22,0x4a,0xb4,0xb8,0xb6,0xee,0x7d,0xb1,0x9e,0xc9,0xf9,0xa0,
12543 + 0xd9,0xe2,0x97,0x00
12544 + };
12545 +
12546 +
12547 +/* AES-256 use df No PR */
12548 +__fips_constseg
12549 +static const unsigned char aes_256_use_df_entropyinput[] =
12550 + {
12551 + 0xa5,0x3e,0x37,0x10,0x17,0x43,0x91,0x93,0x59,0x1e,0x47,0x50,
12552 + 0x87,0xaa,0xdd,0xd5,0xc1,0xc3,0x86,0xcd,0xca,0x0d,0xdb,0x68,
12553 + 0xe0,0x02,0xd8,0x0f,0xdc,0x40,0x1a,0x47
12554 + };
12555 +
12556 +__fips_constseg
12557 +static const unsigned char aes_256_use_df_nonce[] =
12558 + {
12559 + 0xa9,0x4d,0xa5,0x5a,0xfd,0xc5,0x0c,0xe5,0x1c,0x9a,0x3b,0x8a,
12560 + 0x4c,0x44,0x84,0x40
12561 + };
12562 +
12563 +__fips_constseg
12564 +static const unsigned char aes_256_use_df_personalizationstring[] =
12565 + {
12566 + 0x8b,0x52,0xa2,0x4a,0x93,0xc3,0x4e,0xa7,0x1e,0x1c,0xa7,0x05,
12567 + 0xeb,0x82,0x9b,0xa6,0x5d,0xe4,0xd4,0xe0,0x7f,0xa3,0xd8,0x6b,
12568 + 0x37,0x84,0x5f,0xf1,0xc7,0xd5,0xf6,0xd2
12569 + };
12570 +
12571 +__fips_constseg
12572 +static const unsigned char aes_256_use_df_additionalinput[] =
12573 + {
12574 + 0x20,0xf4,0x22,0xed,0xf8,0x5c,0xa1,0x6a,0x01,0xcf,0xbe,0x5f,
12575 + 0x8d,0x6c,0x94,0x7f,0xae,0x12,0xa8,0x57,0xdb,0x2a,0xa9,0xbf,
12576 + 0xc7,0xb3,0x65,0x81,0x80,0x8d,0x0d,0x46
12577 + };
12578 +
12579 +__fips_constseg
12580 +static const unsigned char aes_256_use_df_int_returnedbits[] =
12581 + {
12582 + 0x4e,0x44,0xfd,0xf3,0x9e,0x29,0xa2,0xb8,0x0f,0x5d,0x6c,0xe1,
12583 + 0x28,0x0c,0x3b,0xc1
12584 + };
12585 +
12586 +__fips_constseg
12587 +static const unsigned char aes_256_use_df_entropyinputreseed[] =
12588 + {
12589 + 0xdd,0x40,0xe5,0x98,0x7b,0x27,0x16,0x73,0x15,0x68,0xd2,0x76,
12590 + 0xbf,0x0c,0x67,0x15,0x75,0x79,0x03,0xd3,0xde,0xde,0x91,0x46,
12591 + 0x42,0xdd,0xd4,0x67,0xc8,0x79,0xc8,0x1e
12592 + };
12593 +
12594 +__fips_constseg
12595 +static const unsigned char aes_256_use_df_additionalinputreseed[] =
12596 + {
12597 + 0x7f,0xd8,0x1f,0xbd,0x2a,0xb5,0x1c,0x11,0x5d,0x83,0x4e,0x99,
12598 + 0xf6,0x5c,0xa5,0x40,0x20,0xed,0x38,0x8e,0xd5,0x9e,0xe0,0x75,
12599 + 0x93,0xfe,0x12,0x5e,0x5d,0x73,0xfb,0x75
12600 + };
12601 +
12602 +__fips_constseg
12603 +static const unsigned char aes_256_use_df_additionalinput2[] =
12604 + {
12605 + 0xcd,0x2c,0xff,0x14,0x69,0x3e,0x4c,0x9e,0xfd,0xfe,0x26,0x0d,
12606 + 0xe9,0x86,0x00,0x49,0x30,0xba,0xb1,0xc6,0x50,0x57,0x77,0x2a,
12607 + 0x62,0x39,0x2c,0x3b,0x74,0xeb,0xc9,0x0d
12608 + };
12609 +
12610 +__fips_constseg
12611 +static const unsigned char aes_256_use_df_returnedbits[] =
12612 + {
12613 + 0x4f,0x78,0xbe,0xb9,0x4d,0x97,0x8c,0xe9,0xd0,0x97,0xfe,0xad,
12614 + 0xfa,0xfd,0x35,0x5e
12615 + };
12616 +
12617 +
12618 +/* AES-128 no df PR */
12619 +__fips_constseg
12620 +static const unsigned char aes_128_no_df_pr_entropyinput[] =
12621 + {
12622 + 0x9a,0x25,0x65,0x10,0x67,0xd5,0xb6,0x6b,0x70,0xa1,0xb3,0xa4,
12623 + 0x43,0x95,0x80,0xc0,0x84,0x0a,0x79,0xb0,0x88,0x74,0xf2,0xbf,
12624 + 0x31,0x6c,0x33,0x38,0x0b,0x00,0xb2,0x5a
12625 + };
12626 +
12627 +__fips_constseg
12628 +static const unsigned char aes_128_no_df_pr_nonce[] =
12629 + {
12630 + 0x78,0x47,0x6b,0xf7,0x90,0x8e,0x87,0xf1
12631 + };
12632 +
12633 +__fips_constseg
12634 +static const unsigned char aes_128_no_df_pr_personalizationstring[] =
12635 + {
12636 + 0xf7,0x22,0x1d,0x3a,0xbe,0x1d,0xca,0x32,0x1b,0xbd,0x87,0x0c,
12637 + 0x51,0x24,0x19,0xee,0xa3,0x23,0x09,0x63,0x33,0x3d,0xa8,0x0c,
12638 + 0x1c,0xfa,0x42,0x89,0xcc,0x6f,0xa0,0xa8
12639 + };
12640 +
12641 +__fips_constseg
12642 +static const unsigned char aes_128_no_df_pr_additionalinput[] =
12643 + {
12644 + 0xc9,0xe0,0x80,0xbf,0x8c,0x45,0x58,0x39,0xff,0x00,0xab,0x02,
12645 + 0x4c,0x3e,0x3a,0x95,0x9b,0x80,0xa8,0x21,0x2a,0xee,0xba,0x73,
12646 + 0xb1,0xd9,0xcf,0x28,0xf6,0x8f,0x9b,0x12
12647 + };
12648 +
12649 +__fips_constseg
12650 +static const unsigned char aes_128_no_df_pr_entropyinputpr[] =
12651 + {
12652 + 0x4c,0xa8,0xc5,0xf0,0x59,0x9e,0xa6,0x8d,0x26,0x53,0xd7,0x8a,
12653 + 0xa9,0xd8,0xf7,0xed,0xb2,0xf9,0x12,0x42,0xe1,0xe5,0xbd,0xe7,
12654 + 0xe7,0x1d,0x74,0x99,0x00,0x9d,0x31,0x3e
12655 + };
12656 +
12657 +__fips_constseg
12658 +static const unsigned char aes_128_no_df_pr_int_returnedbits[] =
12659 + {
12660 + 0xe2,0xac,0x20,0xf0,0x80,0xe7,0xbc,0x7e,0x9c,0x7b,0x65,0x71,
12661 + 0xaf,0x19,0x32,0x16
12662 + };
12663 +
12664 +__fips_constseg
12665 +static const unsigned char aes_128_no_df_pr_additionalinput2[] =
12666 + {
12667 + 0x32,0x7f,0x38,0x8b,0x73,0x0a,0x78,0x83,0xdc,0x30,0xbe,0x9f,
12668 + 0x10,0x1f,0xf5,0x1f,0xca,0x00,0xb5,0x0d,0xd6,0x9d,0x60,0x83,
12669 + 0x51,0x54,0x7d,0x38,0x23,0x3a,0x52,0x50
12670 + };
12671 +
12672 +__fips_constseg
12673 +static const unsigned char aes_128_no_df_pr_entropyinputpr2[] =
12674 + {
12675 + 0x18,0x61,0x53,0x56,0xed,0xed,0xd7,0x20,0xfb,0x71,0x04,0x7a,
12676 + 0xb2,0xac,0xc1,0x28,0xcd,0xf2,0xc2,0xfc,0xaa,0xb1,0x06,0x07,
12677 + 0xe9,0x46,0x95,0x02,0x48,0x01,0x78,0xf9
12678 + };
12679 +
12680 +__fips_constseg
12681 +static const unsigned char aes_128_no_df_pr_returnedbits[] =
12682 + {
12683 + 0x29,0xc8,0x1b,0x15,0xb1,0xd1,0xc2,0xf6,0x71,0x86,0x68,0x33,
12684 + 0x57,0x82,0x33,0xaf
12685 + };
12686 +
12687 +
12688 +/* AES-128 no df No PR */
12689 +__fips_constseg
12690 +static const unsigned char aes_128_no_df_entropyinput[] =
12691 + {
12692 + 0xc9,0xc5,0x79,0xbc,0xe8,0xc5,0x19,0xd8,0xbc,0x66,0x73,0x67,
12693 + 0xf6,0xd3,0x72,0xaa,0xa6,0x16,0xb8,0x50,0xb7,0x47,0x3a,0x42,
12694 + 0xab,0xf4,0x16,0xb2,0x96,0xd2,0xb6,0x60
12695 + };
12696 +
12697 +__fips_constseg
12698 +static const unsigned char aes_128_no_df_nonce[] =
12699 + {
12700 + 0x5f,0xbf,0x97,0x0c,0x4b,0xa4,0x87,0x13
12701 + };
12702 +
12703 +__fips_constseg
12704 +static const unsigned char aes_128_no_df_personalizationstring[] =
12705 + {
12706 + 0xce,0xfb,0x7b,0x3f,0xd4,0x6b,0x29,0x0d,0x69,0x06,0xff,0xbb,
12707 + 0xf2,0xe5,0xc6,0x6c,0x0a,0x10,0xa0,0xcf,0x1a,0x48,0xc7,0x8b,
12708 + 0x3c,0x16,0x88,0xed,0x50,0x13,0x81,0xce
12709 + };
12710 +
12711 +__fips_constseg
12712 +static const unsigned char aes_128_no_df_additionalinput[] =
12713 + {
12714 + 0x4b,0x22,0x46,0x18,0x02,0x7b,0xd2,0x1b,0x22,0x42,0x7c,0x37,
12715 + 0xd9,0xf6,0xe8,0x9b,0x12,0x30,0x5f,0xe9,0x90,0xe8,0x08,0x24,
12716 + 0x4f,0x06,0x66,0xdb,0x19,0x2b,0x13,0x95
12717 + };
12718 +
12719 +__fips_constseg
12720 +static const unsigned char aes_128_no_df_int_returnedbits[] =
12721 + {
12722 + 0x2e,0x96,0x70,0x64,0xfa,0xdf,0xdf,0x57,0xb5,0x82,0xee,0xd6,
12723 + 0xed,0x3e,0x65,0xc2
12724 + };
12725 +
12726 +__fips_constseg
12727 +static const unsigned char aes_128_no_df_entropyinputreseed[] =
12728 + {
12729 + 0x26,0xc0,0x72,0x16,0x3a,0x4b,0xb7,0x99,0xd4,0x07,0xaf,0x66,
12730 + 0x62,0x36,0x96,0xa4,0x51,0x17,0xfa,0x07,0x8b,0x17,0x5e,0xa1,
12731 + 0x2f,0x3c,0x10,0xe7,0x90,0xd0,0x46,0x00
12732 + };
12733 +
12734 +__fips_constseg
12735 +static const unsigned char aes_128_no_df_additionalinputreseed[] =
12736 + {
12737 + 0x83,0x39,0x37,0x7b,0x02,0x06,0xd2,0x12,0x13,0x8d,0x8b,0xf2,
12738 + 0xf0,0xf6,0x26,0xeb,0xa4,0x22,0x7b,0xc2,0xe7,0xba,0x79,0xe4,
12739 + 0x3b,0x77,0x5d,0x4d,0x47,0xb2,0x2d,0xb4
12740 + };
12741 +
12742 +__fips_constseg
12743 +static const unsigned char aes_128_no_df_additionalinput2[] =
12744 + {
12745 + 0x0b,0xb9,0x67,0x37,0xdb,0x83,0xdf,0xca,0x81,0x8b,0xf9,0x3f,
12746 + 0xf1,0x11,0x1b,0x2f,0xf0,0x61,0xa6,0xdf,0xba,0xa3,0xb1,0xac,
12747 + 0xd3,0xe6,0x09,0xb8,0x2c,0x6a,0x67,0xd6
12748 + };
12749 +
12750 +__fips_constseg
12751 +static const unsigned char aes_128_no_df_returnedbits[] =
12752 + {
12753 + 0x1e,0xa7,0xa4,0xe4,0xe1,0xa6,0x7c,0x69,0x9a,0x44,0x6c,0x36,
12754 + 0x81,0x37,0x19,0xd4
12755 + };
12756 +
12757 +
12758 +/* AES-192 no df PR */
12759 +__fips_constseg
12760 +static const unsigned char aes_192_no_df_pr_entropyinput[] =
12761 + {
12762 + 0x9d,0x2c,0xd2,0x55,0x66,0xea,0xe0,0xbe,0x18,0xb7,0x76,0xe7,
12763 + 0x73,0x35,0xd8,0x1f,0xad,0x3a,0xe3,0x81,0x0e,0x92,0xd0,0x61,
12764 + 0xc9,0x12,0x26,0xf6,0x1c,0xdf,0xfe,0x47,0xaa,0xfe,0x7d,0x5a,
12765 + 0x17,0x1f,0x8d,0x9a
12766 + };
12767 +
12768 +__fips_constseg
12769 +static const unsigned char aes_192_no_df_pr_nonce[] =
12770 + {
12771 + 0x44,0x82,0xed,0xe8,0x4c,0x28,0x5a,0x14,0xff,0x88,0x8d,0x19,
12772 + 0x61,0x5c,0xee,0x0f
12773 + };
12774 +
12775 +__fips_constseg
12776 +static const unsigned char aes_192_no_df_pr_personalizationstring[] =
12777 + {
12778 + 0x47,0xd7,0x9b,0x99,0xaa,0xcb,0xe7,0xd2,0x57,0x66,0x2c,0xe1,
12779 + 0x78,0xd6,0x2c,0xea,0xa3,0x23,0x5f,0x2a,0xc1,0x3a,0xf0,0xa4,
12780 + 0x20,0x3b,0xfa,0x07,0xd5,0x05,0x02,0xe4,0x57,0x01,0xb6,0x10,
12781 + 0x57,0x2e,0xe7,0x55
12782 + };
12783 +
12784 +__fips_constseg
12785 +static const unsigned char aes_192_no_df_pr_additionalinput[] =
12786 + {
12787 + 0x4b,0x74,0x0b,0x40,0xce,0x6b,0xc2,0x6a,0x24,0xb4,0xf3,0xad,
12788 + 0x7a,0xa5,0x7a,0xa2,0x15,0xe2,0xc8,0x61,0x15,0xc6,0xb7,0x85,
12789 + 0x69,0x11,0xad,0x7b,0x14,0xd2,0xf6,0x12,0xa1,0x95,0x5d,0x3f,
12790 + 0xe2,0xd0,0x0c,0x2f
12791 + };
12792 +
12793 +__fips_constseg
12794 +static const unsigned char aes_192_no_df_pr_entropyinputpr[] =
12795 + {
12796 + 0x0c,0x9c,0xad,0x05,0xee,0xae,0x48,0x23,0x89,0x59,0xa1,0x94,
12797 + 0xd7,0xd8,0x75,0xd5,0x54,0x93,0xc7,0x4a,0xd9,0x26,0xde,0xeb,
12798 + 0xba,0xb0,0x7e,0x30,0x1d,0x5f,0x69,0x40,0x9c,0x3b,0x17,0x58,
12799 + 0x1d,0x30,0xb3,0x78
12800 + };
12801 +
12802 +__fips_constseg
12803 +static const unsigned char aes_192_no_df_pr_int_returnedbits[] =
12804 + {
12805 + 0xf7,0x93,0xb0,0x6d,0x77,0x83,0xd5,0x38,0x01,0xe1,0x52,0x40,
12806 + 0x7e,0x3e,0x0c,0x26
12807 + };
12808 +
12809 +__fips_constseg
12810 +static const unsigned char aes_192_no_df_pr_additionalinput2[] =
12811 + {
12812 + 0xbc,0x4b,0x37,0x44,0x1c,0xc5,0x45,0x5f,0x8f,0x51,0x62,0x8a,
12813 + 0x85,0x30,0x1d,0x7c,0xe4,0xcf,0xf7,0x44,0xce,0x32,0x3e,0x57,
12814 + 0x95,0xa4,0x2a,0xdf,0xfd,0x9e,0x38,0x41,0xb3,0xf6,0xc5,0xee,
12815 + 0x0c,0x4b,0xee,0x6e
12816 + };
12817 +
12818 +__fips_constseg
12819 +static const unsigned char aes_192_no_df_pr_entropyinputpr2[] =
12820 + {
12821 + 0xec,0xaf,0xf6,0x4f,0xb1,0xa0,0x54,0xb5,0x5b,0xe3,0x46,0xb0,
12822 + 0x76,0x5a,0x7c,0x3f,0x7b,0x94,0x69,0x21,0x51,0x02,0xe5,0x9f,
12823 + 0x04,0x59,0x02,0x98,0xc6,0x43,0x2c,0xcc,0x26,0x4c,0x87,0x6b,
12824 + 0x8e,0x0a,0x83,0xdf
12825 + };
12826 +
12827 +__fips_constseg
12828 +static const unsigned char aes_192_no_df_pr_returnedbits[] =
12829 + {
12830 + 0x74,0x45,0xfb,0x53,0x84,0x96,0xbe,0xff,0x15,0xcc,0x41,0x91,
12831 + 0xb9,0xa1,0x21,0x68
12832 + };
12833 +
12834 +
12835 +/* AES-192 no df No PR */
12836 +__fips_constseg
12837 +static const unsigned char aes_192_no_df_entropyinput[] =
12838 + {
12839 + 0x3c,0x7d,0xb5,0xe0,0x54,0xd9,0x6e,0x8c,0xa9,0x86,0xce,0x4e,
12840 + 0x6b,0xaf,0xeb,0x2f,0xe7,0x75,0xe0,0x8b,0xa4,0x3b,0x07,0xfe,
12841 + 0xbe,0x33,0x75,0x93,0x80,0x27,0xb5,0x29,0x47,0x8b,0xc7,0x28,
12842 + 0x94,0xc3,0x59,0x63
12843 + };
12844 +
12845 +__fips_constseg
12846 +static const unsigned char aes_192_no_df_nonce[] =
12847 + {
12848 + 0x43,0xf1,0x7d,0xb8,0xc3,0xfe,0xd0,0x23,0x6b,0xb4,0x92,0xdb,
12849 + 0x29,0xfd,0x45,0x71
12850 + };
12851 +
12852 +__fips_constseg
12853 +static const unsigned char aes_192_no_df_personalizationstring[] =
12854 + {
12855 + 0x9f,0x24,0x29,0x99,0x9e,0x01,0xab,0xe9,0x19,0xd8,0x23,0x08,
12856 + 0xb7,0xd6,0x7e,0x8c,0xc0,0x9e,0x7f,0x6e,0x5b,0x33,0x20,0x96,
12857 + 0x0b,0x23,0x2c,0xa5,0x6a,0xf8,0x1b,0x04,0x26,0xdb,0x2e,0x2b,
12858 + 0x3b,0x88,0xce,0x35
12859 + };
12860 +
12861 +__fips_constseg
12862 +static const unsigned char aes_192_no_df_additionalinput[] =
12863 + {
12864 + 0x94,0xe9,0x7c,0x3d,0xa7,0xdb,0x60,0x83,0x1f,0x98,0x3f,0x0b,
12865 + 0x88,0x59,0x57,0x51,0x88,0x9f,0x76,0x49,0x9f,0xa6,0xda,0x71,
12866 + 0x1d,0x0d,0x47,0x16,0x63,0xc5,0x68,0xe4,0x5d,0x39,0x69,0xb3,
12867 + 0x3e,0xbe,0xd4,0x8e
12868 + };
12869 +
12870 +__fips_constseg
12871 +static const unsigned char aes_192_no_df_int_returnedbits[] =
12872 + {
12873 + 0xf9,0xd7,0xad,0x69,0xab,0x8f,0x23,0x56,0x70,0x17,0x4f,0x2a,
12874 + 0x45,0xe7,0x4a,0xc5
12875 + };
12876 +
12877 +__fips_constseg
12878 +static const unsigned char aes_192_no_df_entropyinputreseed[] =
12879 + {
12880 + 0xa6,0x71,0x6a,0x3d,0xba,0xd1,0xe8,0x66,0xa6,0xef,0xb2,0x0e,
12881 + 0xa8,0x9c,0xaa,0x4e,0xaf,0x17,0x89,0x50,0x00,0xda,0xa1,0xb1,
12882 + 0x0b,0xa4,0xd9,0x35,0x89,0xc8,0xe5,0xb0,0xd9,0xb7,0xc4,0x33,
12883 + 0x9b,0xcb,0x7e,0x75
12884 + };
12885 +
12886 +__fips_constseg
12887 +static const unsigned char aes_192_no_df_additionalinputreseed[] =
12888 + {
12889 + 0x27,0x21,0xfc,0xc2,0xbd,0xf3,0x3c,0xce,0xc3,0xca,0xc1,0x01,
12890 + 0xe0,0xff,0x93,0x12,0x7d,0x54,0x42,0xe3,0x9f,0x03,0xdf,0x27,
12891 + 0x04,0x07,0x3c,0x53,0x7f,0xa8,0x66,0xc8,0x97,0x4b,0x61,0x40,
12892 + 0x5d,0x7a,0x25,0x79
12893 + };
12894 +
12895 +__fips_constseg
12896 +static const unsigned char aes_192_no_df_additionalinput2[] =
12897 + {
12898 + 0x2d,0x8e,0x16,0x5d,0x0b,0x9f,0xeb,0xaa,0xd6,0xec,0x28,0x71,
12899 + 0x7c,0x0b,0xc1,0x1d,0xd4,0x44,0x19,0x47,0xfd,0x1d,0x7c,0xe5,
12900 + 0xf3,0x27,0xe1,0xb6,0x72,0x0a,0xe0,0xec,0x0e,0xcd,0xef,0x1a,
12901 + 0x91,0x6a,0xe3,0x5f
12902 + };
12903 +
12904 +__fips_constseg
12905 +static const unsigned char aes_192_no_df_returnedbits[] =
12906 + {
12907 + 0xe5,0xda,0xb8,0xe0,0x63,0x59,0x5a,0xcc,0x3d,0xdc,0x9f,0xe8,
12908 + 0x66,0x67,0x2c,0x92
12909 + };
12910 +
12911 +
12912 +/* AES-256 no df PR */
12913 +__fips_constseg
12914 +static const unsigned char aes_256_no_df_pr_entropyinput[] =
12915 + {
12916 + 0x15,0xc7,0x5d,0xcb,0x41,0x4b,0x16,0x01,0x3a,0xd1,0x44,0xe8,
12917 + 0x22,0x32,0xc6,0x9c,0x3f,0xe7,0x43,0xf5,0x9a,0xd3,0xea,0xf2,
12918 + 0xd7,0x4e,0x6e,0x6a,0x55,0x73,0x40,0xef,0x89,0xad,0x0d,0x03,
12919 + 0x96,0x7e,0x78,0x81,0x2f,0x91,0x1b,0x44,0xb0,0x02,0xba,0x1c
12920 + };
12921 +
12922 +__fips_constseg
12923 +static const unsigned char aes_256_no_df_pr_nonce[] =
12924 + {
12925 + 0xdc,0xe4,0xd4,0x27,0x7a,0x90,0xd7,0x99,0x43,0xa1,0x3c,0x30,
12926 + 0xcc,0x4b,0xee,0x2e
12927 + };
12928 +
12929 +__fips_constseg
12930 +static const unsigned char aes_256_no_df_pr_personalizationstring[] =
12931 + {
12932 + 0xe3,0xe6,0xb9,0x11,0xe4,0x7a,0xa4,0x40,0x6b,0xf8,0x73,0xf7,
12933 + 0x7e,0xec,0xc7,0xb9,0x97,0xbf,0xf8,0x25,0x7b,0xbe,0x11,0x9b,
12934 + 0x5b,0x6a,0x0c,0x2e,0x2b,0x01,0x51,0xcd,0x41,0x4b,0x6b,0xac,
12935 + 0x31,0xa8,0x0b,0xf7,0xe6,0x59,0x42,0xb8,0x03,0x0c,0xf8,0x06
12936 + };
12937 +
12938 +__fips_constseg
12939 +static const unsigned char aes_256_no_df_pr_additionalinput[] =
12940 + {
12941 + 0x6a,0x9f,0x00,0x91,0xae,0xfe,0xcf,0x84,0x99,0xce,0xb1,0x40,
12942 + 0x6d,0x5d,0x33,0x28,0x84,0xf4,0x8c,0x63,0x4c,0x7e,0xbd,0x2c,
12943 + 0x80,0x76,0xee,0x5a,0xaa,0x15,0x07,0x31,0xd8,0xbb,0x8c,0x69,
12944 + 0x9d,0x9d,0xbc,0x7e,0x49,0xae,0xec,0x39,0x6b,0xd1,0x1f,0x7e
12945 + };
12946 +
12947 +__fips_constseg
12948 +static const unsigned char aes_256_no_df_pr_entropyinputpr[] =
12949 + {
12950 + 0xf3,0xb9,0x75,0x9c,0xbd,0x88,0xea,0xa2,0x50,0xad,0xd6,0x16,
12951 + 0x1a,0x12,0x3c,0x86,0x68,0xaf,0x6f,0xbe,0x19,0xf2,0xee,0xcc,
12952 + 0xa5,0x70,0x84,0x53,0x50,0xcb,0x9f,0x14,0xa9,0xe5,0xee,0xb9,
12953 + 0x48,0x45,0x40,0xe2,0xc7,0xc9,0x9a,0x74,0xff,0x8c,0x99,0x1f
12954 + };
12955 +
12956 +__fips_constseg
12957 +static const unsigned char aes_256_no_df_pr_int_returnedbits[] =
12958 + {
12959 + 0x2e,0xf2,0x45,0x4c,0x62,0x2e,0x0a,0xb9,0x6b,0xa2,0xfd,0x56,
12960 + 0x79,0x60,0x93,0xcf
12961 + };
12962 +
12963 +__fips_constseg
12964 +static const unsigned char aes_256_no_df_pr_additionalinput2[] =
12965 + {
12966 + 0xaf,0x69,0x20,0xe9,0x3b,0x37,0x9d,0x3f,0xb4,0x80,0x02,0x7a,
12967 + 0x25,0x7d,0xb8,0xde,0x71,0xc5,0x06,0x0c,0xb4,0xe2,0x8f,0x35,
12968 + 0xd8,0x14,0x0d,0x7f,0x76,0x63,0x4e,0xb5,0xee,0xe9,0x6f,0x34,
12969 + 0xc7,0x5f,0x56,0x14,0x4a,0xe8,0x73,0x95,0x5b,0x1c,0xb9,0xcb
12970 + };
12971 +
12972 +__fips_constseg
12973 +static const unsigned char aes_256_no_df_pr_entropyinputpr2[] =
12974 + {
12975 + 0xe5,0xb0,0x2e,0x7e,0x52,0x30,0xe3,0x63,0x82,0xb6,0x44,0xd3,
12976 + 0x25,0x19,0x05,0x24,0x9a,0x9f,0x5f,0x27,0x6a,0x29,0xab,0xfa,
12977 + 0x07,0xa2,0x42,0x0f,0xc5,0xa8,0x94,0x7c,0x17,0x7b,0x85,0x83,
12978 + 0x0c,0x25,0x0e,0x63,0x0b,0xe9,0x12,0x60,0xcd,0xef,0x80,0x0f
12979 + };
12980 +
12981 +__fips_constseg
12982 +static const unsigned char aes_256_no_df_pr_returnedbits[] =
12983 + {
12984 + 0x5e,0xf2,0x26,0xef,0x9f,0x58,0x5d,0xd5,0x4a,0x10,0xfe,0xa7,
12985 + 0x2d,0x5f,0x4a,0x46
12986 + };
12987 +
12988 +
12989 +/* AES-256 no df No PR */
12990 +__fips_constseg
12991 +static const unsigned char aes_256_no_df_entropyinput[] =
12992 + {
12993 + 0xfb,0xcf,0x1b,0x61,0x16,0x89,0x78,0x23,0xf5,0xd8,0x96,0xe3,
12994 + 0x4e,0x64,0x0b,0x29,0x9a,0x3f,0xf8,0xa5,0xed,0xf2,0xfe,0xdb,
12995 + 0x16,0xca,0x7f,0x10,0xfa,0x5e,0x18,0x76,0x2c,0x63,0x5e,0x96,
12996 + 0xcf,0xb3,0xd6,0xfc,0xaf,0x99,0x39,0x28,0x9c,0x61,0xe8,0xb3
12997 + };
12998 +
12999 +__fips_constseg
13000 +static const unsigned char aes_256_no_df_nonce[] =
13001 + {
13002 + 0x12,0x96,0xf0,0x52,0xf3,0x8d,0x81,0xcf,0xde,0x86,0xf2,0x99,
13003 + 0x43,0x96,0xb9,0xf0
13004 + };
13005 +
13006 +__fips_constseg
13007 +static const unsigned char aes_256_no_df_personalizationstring[] =
13008 + {
13009 + 0x63,0x0d,0x78,0xf5,0x90,0x8e,0x32,0x47,0xb0,0x4d,0x37,0x60,
13010 + 0x09,0x96,0xbc,0xbf,0x97,0x7a,0x62,0x14,0x45,0xbd,0x8d,0xcc,
13011 + 0x69,0xfb,0x03,0xe1,0x80,0x1c,0xc7,0xe2,0x2a,0xf9,0x37,0x3f,
13012 + 0x66,0x4d,0x62,0xd9,0x10,0xe0,0xad,0xc8,0x9a,0xf0,0xa8,0x6d
13013 + };
13014 +
13015 +__fips_constseg
13016 +static const unsigned char aes_256_no_df_additionalinput[] =
13017 + {
13018 + 0x36,0xc6,0x13,0x60,0xbb,0x14,0xad,0x22,0xb0,0x38,0xac,0xa6,
13019 + 0x18,0x16,0x93,0x25,0x86,0xb7,0xdc,0xdc,0x36,0x98,0x2b,0xf9,
13020 + 0x68,0x33,0xd3,0xc6,0xff,0xce,0x8d,0x15,0x59,0x82,0x76,0xed,
13021 + 0x6f,0x8d,0x49,0x74,0x2f,0xda,0xdc,0x1f,0x17,0xd0,0xde,0x17
13022 + };
13023 +
13024 +__fips_constseg
13025 +static const unsigned char aes_256_no_df_int_returnedbits[] =
13026 + {
13027 + 0x16,0x2f,0x8e,0x3f,0x21,0x7a,0x1c,0x20,0x56,0xd1,0x92,0xf6,
13028 + 0xd2,0x25,0x75,0x0e
13029 + };
13030 +
13031 +__fips_constseg
13032 +static const unsigned char aes_256_no_df_entropyinputreseed[] =
13033 + {
13034 + 0x91,0x79,0x76,0xee,0xe0,0xcf,0x9e,0xc2,0xd5,0xd4,0x23,0x9b,
13035 + 0x12,0x8c,0x7e,0x0a,0xb7,0xd2,0x8b,0xd6,0x7c,0xa3,0xc6,0xe5,
13036 + 0x0e,0xaa,0xc7,0x6b,0xae,0x0d,0xfa,0x53,0x06,0x79,0xa1,0xed,
13037 + 0x4d,0x6a,0x0e,0xd8,0x9d,0xbe,0x1b,0x31,0x93,0x7b,0xec,0xfb
13038 + };
13039 +
13040 +__fips_constseg
13041 +static const unsigned char aes_256_no_df_additionalinputreseed[] =
13042 + {
13043 + 0xd2,0x46,0x50,0x22,0x10,0x14,0x63,0xf7,0xea,0x0f,0xb9,0x7e,
13044 + 0x0d,0xe1,0x94,0x07,0xaf,0x09,0x44,0x31,0xea,0x64,0xa4,0x18,
13045 + 0x5b,0xf9,0xd8,0xc2,0xfa,0x03,0x47,0xc5,0x39,0x43,0xd5,0x3b,
13046 + 0x62,0x86,0x64,0xea,0x2c,0x73,0x8c,0xae,0x9d,0x98,0x98,0x29
13047 + };
13048 +
13049 +__fips_constseg
13050 +static const unsigned char aes_256_no_df_additionalinput2[] =
13051 + {
13052 + 0x8c,0xab,0x18,0xf8,0xc3,0xec,0x18,0x5c,0xb3,0x1e,0x9d,0xbe,
13053 + 0x3f,0x03,0xb4,0x00,0x98,0x9d,0xae,0xeb,0xf4,0x94,0xf8,0x42,
13054 + 0x8f,0xe3,0x39,0x07,0xe1,0xc9,0xad,0x0b,0x1f,0xed,0xc0,0xba,
13055 + 0xf6,0xd1,0xec,0x27,0x86,0x7b,0xd6,0x55,0x9b,0x60,0xa5,0xc6
13056 + };
13057 +
13058 +__fips_constseg
13059 +static const unsigned char aes_256_no_df_returnedbits[] =
13060 + {
13061 + 0xef,0xd2,0xd8,0x5c,0xdc,0x62,0x25,0x9f,0xaa,0x1e,0x2c,0x67,
13062 + 0xf6,0x02,0x32,0xe2
13063 + };
13064 +
13065 +
13066 +/* SHA-1 PR */
13067 +__fips_constseg
13068 +static const unsigned char sha1_pr_entropyinput[] =
13069 + {
13070 + 0xd2,0x36,0xa5,0x27,0x31,0x73,0xdd,0x11,0x4f,0x93,0xbd,0xe2,
13071 + 0x31,0xa5,0x91,0x13
13072 + };
13073 +
13074 +__fips_constseg
13075 +static const unsigned char sha1_pr_nonce[] =
13076 + {
13077 + 0xb5,0xb3,0x60,0xef,0xf7,0x63,0x31,0xf3
13078 + };
13079 +
13080 +__fips_constseg
13081 +static const unsigned char sha1_pr_personalizationstring[] =
13082 + {
13083 + 0xd4,0xbb,0x02,0x10,0xb2,0x71,0xdb,0x81,0xd6,0xf0,0x42,0x60,
13084 + 0xda,0xea,0x77,0x52
13085 + };
13086 +
13087 +__fips_constseg
13088 +static const unsigned char sha1_pr_additionalinput[] =
13089 + {
13090 + 0x4d,0xd2,0x6c,0x87,0xfb,0x2c,0x4f,0xa6,0x8d,0x16,0x63,0x22,
13091 + 0x6a,0x51,0xe3,0xf8
13092 + };
13093 +
13094 +__fips_constseg
13095 +static const unsigned char sha1_pr_entropyinputpr[] =
13096 + {
13097 + 0xc9,0x83,0x9e,0x16,0xf6,0x1c,0x0f,0xb2,0xec,0x60,0x31,0xa9,
13098 + 0xcb,0xa9,0x36,0x7a
13099 + };
13100 +
13101 +__fips_constseg
13102 +static const unsigned char sha1_pr_int_returnedbits[] =
13103 + {
13104 + 0xa8,0x13,0x4f,0xf4,0x31,0x02,0x44,0xe3,0xd3,0x3d,0x61,0x9e,
13105 + 0xe5,0xc6,0x3e,0x89,0xb5,0x9b,0x0f,0x35
13106 + };
13107 +
13108 +__fips_constseg
13109 +static const unsigned char sha1_pr_additionalinput2[] =
13110 + {
13111 + 0xf9,0xe8,0xd2,0x72,0x13,0x34,0x95,0x6f,0x15,0x49,0x47,0x99,
13112 + 0x16,0x03,0x19,0x47
13113 + };
13114 +
13115 +__fips_constseg
13116 +static const unsigned char sha1_pr_entropyinputpr2[] =
13117 + {
13118 + 0x4e,0x8c,0x49,0x9b,0x4a,0x5c,0x9b,0x9c,0x3a,0xee,0xfb,0xd2,
13119 + 0xae,0xcd,0x8c,0xc4
13120 + };
13121 +
13122 +__fips_constseg
13123 +static const unsigned char sha1_pr_returnedbits[] =
13124 + {
13125 + 0x50,0xb4,0xb4,0xcd,0x68,0x57,0xfc,0x2e,0xc1,0x52,0xcc,0xf6,
13126 + 0x68,0xa4,0x81,0xed,0x7e,0xe4,0x1d,0x87
13127 + };
13128 +
13129 +
13130 +/* SHA-1 No PR */
13131 +__fips_constseg
13132 +static const unsigned char sha1_entropyinput[] =
13133 + {
13134 + 0xa9,0x47,0x1b,0x29,0x2d,0x1c,0x05,0xdf,0x76,0xd0,0x62,0xf9,
13135 + 0xe2,0x7f,0x4c,0x7b
13136 + };
13137 +
13138 +__fips_constseg
13139 +static const unsigned char sha1_nonce[] =
13140 + {
13141 + 0x53,0x23,0x24,0xe3,0xec,0x0c,0x54,0x14
13142 + };
13143 +
13144 +__fips_constseg
13145 +static const unsigned char sha1_personalizationstring[] =
13146 + {
13147 + 0x7a,0x87,0xa1,0xac,0x1c,0xfd,0xab,0xae,0xf7,0xd6,0xfb,0x76,
13148 + 0x28,0xec,0x6d,0xca
13149 + };
13150 +
13151 +__fips_constseg
13152 +static const unsigned char sha1_additionalinput[] =
13153 + {
13154 + 0xfc,0x92,0x35,0xd6,0x7e,0xb7,0x24,0x65,0xfd,0x12,0x27,0x35,
13155 + 0xc0,0x72,0xca,0x28
13156 + };
13157 +
13158 +__fips_constseg
13159 +static const unsigned char sha1_int_returnedbits[] =
13160 + {
13161 + 0x57,0x88,0x82,0xe5,0x25,0xa5,0x2c,0x4a,0x06,0x20,0x6c,0x72,
13162 + 0x55,0x61,0xdd,0x90,0x71,0x9f,0x95,0xea
13163 + };
13164 +
13165 +__fips_constseg
13166 +static const unsigned char sha1_entropyinputreseed[] =
13167 + {
13168 + 0x69,0xa5,0x40,0x62,0x98,0x47,0x56,0x73,0x4a,0x8f,0x60,0x96,
13169 + 0xd6,0x99,0x27,0xed
13170 + };
13171 +
13172 +__fips_constseg
13173 +static const unsigned char sha1_additionalinputreseed[] =
13174 + {
13175 + 0xe5,0x40,0x4e,0xbd,0x50,0x00,0xf5,0x15,0xa6,0xee,0x45,0xda,
13176 + 0x84,0x3d,0xd4,0xc0
13177 + };
13178 +
13179 +__fips_constseg
13180 +static const unsigned char sha1_additionalinput2[] =
13181 + {
13182 + 0x11,0x51,0x14,0xf0,0x09,0x1b,0x4e,0x56,0x0d,0xe9,0xf6,0x1e,
13183 + 0x52,0x65,0xcd,0x96
13184 + };
13185 +
13186 +__fips_constseg
13187 +static const unsigned char sha1_returnedbits[] =
13188 + {
13189 + 0xa1,0x9c,0x94,0x6e,0x29,0xe1,0x33,0x0d,0x32,0xd6,0xaa,0xce,
13190 + 0x71,0x3f,0x52,0x72,0x8b,0x42,0xa8,0xd7
13191 + };
13192 +
13193 +
13194 +/* SHA-224 PR */
13195 +__fips_constseg
13196 +static const unsigned char sha224_pr_entropyinput[] =
13197 + {
13198 + 0x12,0x69,0x32,0x4f,0x83,0xa6,0xf5,0x14,0xe3,0x49,0x3e,0x75,
13199 + 0x3e,0xde,0xad,0xa1,0x29,0xc3,0xf3,0x19,0x20,0xb5,0x4c,0xd9
13200 + };
13201 +
13202 +__fips_constseg
13203 +static const unsigned char sha224_pr_nonce[] =
13204 + {
13205 + 0x6a,0x78,0xd0,0xeb,0xbb,0x5a,0xf0,0xee,0xe8,0xc3,0xba,0x71
13206 + };
13207 +
13208 +__fips_constseg
13209 +static const unsigned char sha224_pr_personalizationstring[] =
13210 + {
13211 + 0xd5,0xb8,0xb6,0xbc,0xc1,0x5b,0x60,0x31,0x3c,0xf5,0xe5,0xc0,
13212 + 0x8e,0x52,0x7a,0xbd,0xea,0x47,0xa9,0x5f,0x8f,0xf9,0x8b,0xae
13213 + };
13214 +
13215 +__fips_constseg
13216 +static const unsigned char sha224_pr_additionalinput[] =
13217 + {
13218 + 0x1f,0x55,0xec,0xae,0x16,0x12,0x84,0xba,0x84,0x16,0x19,0x88,
13219 + 0x8e,0xb8,0x33,0x25,0x54,0xff,0xca,0x79,0xaf,0x07,0x25,0x50
13220 + };
13221 +
13222 +__fips_constseg
13223 +static const unsigned char sha224_pr_entropyinputpr[] =
13224 + {
13225 + 0x92,0xa3,0x32,0xa8,0x9a,0x0a,0x58,0x7c,0x1d,0x5a,0x7e,0xe1,
13226 + 0xb2,0x73,0xab,0x0e,0x16,0x79,0x23,0xd3,0x29,0x89,0x81,0xe1
13227 + };
13228 +
13229 +__fips_constseg
13230 +static const unsigned char sha224_pr_int_returnedbits[] =
13231 + {
13232 + 0xf3,0x38,0x91,0x40,0x37,0x7a,0x51,0x72,0x42,0x74,0x78,0x0a,
13233 + 0x69,0xfd,0xa6,0x44,0x43,0x45,0x6c,0x0c,0x5a,0x19,0xff,0xf1,
13234 + 0x54,0x60,0xee,0x6a
13235 + };
13236 +
13237 +__fips_constseg
13238 +static const unsigned char sha224_pr_additionalinput2[] =
13239 + {
13240 + 0x75,0xf3,0x04,0x25,0xdd,0x36,0xa8,0x37,0x46,0xae,0x0c,0x52,
13241 + 0x05,0x79,0x4c,0x26,0xdb,0xe9,0x71,0x16,0x4c,0x0a,0xf2,0x60
13242 + };
13243 +
13244 +__fips_constseg
13245 +static const unsigned char sha224_pr_entropyinputpr2[] =
13246 + {
13247 + 0xea,0xc5,0x03,0x0a,0x4f,0xb0,0x38,0x8d,0x23,0xd4,0xc8,0x77,
13248 + 0xe2,0x6d,0x9c,0x0b,0x44,0xf7,0x2d,0x5b,0xbf,0x5d,0x2a,0x11
13249 + };
13250 +
13251 +__fips_constseg
13252 +static const unsigned char sha224_pr_returnedbits[] =
13253 + {
13254 + 0x60,0x50,0x2b,0xe7,0x86,0xd8,0x26,0x73,0xe3,0x1d,0x95,0x20,
13255 + 0xb3,0x2c,0x32,0x1c,0xf5,0xce,0x57,0xa6,0x67,0x2b,0xdc,0x4e,
13256 + 0xdd,0x11,0x4c,0xc4
13257 + };
13258 +
13259 +
13260 +/* SHA-224 No PR */
13261 +__fips_constseg
13262 +static const unsigned char sha224_entropyinput[] =
13263 + {
13264 + 0xb2,0x1c,0x77,0x4d,0xf6,0xd3,0xb6,0x40,0xb7,0x30,0x3e,0x29,
13265 + 0xb0,0x85,0x1c,0xbe,0x4a,0xea,0x6b,0x5a,0xb5,0x8a,0x97,0xeb
13266 + };
13267 +
13268 +__fips_constseg
13269 +static const unsigned char sha224_nonce[] =
13270 + {
13271 + 0x42,0x02,0x0a,0x1c,0x98,0x9a,0x77,0x9e,0x9f,0x80,0xba,0xe0
13272 + };
13273 +
13274 +__fips_constseg
13275 +static const unsigned char sha224_personalizationstring[] =
13276 + {
13277 + 0x98,0xb8,0x04,0x41,0xfc,0xc1,0x5d,0xc5,0xe9,0xb9,0x08,0xda,
13278 + 0xf9,0xfa,0x0d,0x90,0xce,0xdf,0x1d,0x10,0xa9,0x8d,0x50,0x0c
13279 + };
13280 +
13281 +__fips_constseg
13282 +static const unsigned char sha224_additionalinput[] =
13283 + {
13284 + 0x9a,0x8d,0x39,0x49,0x42,0xd5,0x0b,0xae,0xe1,0xaf,0xb7,0x00,
13285 + 0x02,0xfa,0x96,0xb1,0xa5,0x1d,0x2d,0x25,0x78,0xee,0x83,0x3f
13286 + };
13287 +
13288 +__fips_constseg
13289 +static const unsigned char sha224_int_returnedbits[] =
13290 + {
13291 + 0xe4,0xf5,0x53,0x79,0x5a,0x97,0x58,0x06,0x08,0xba,0x7b,0xfa,
13292 + 0xf0,0x83,0x05,0x8c,0x22,0xc0,0xc9,0xdb,0x15,0xe7,0xde,0x20,
13293 + 0x55,0x22,0x9a,0xad
13294 + };
13295 +
13296 +__fips_constseg
13297 +static const unsigned char sha224_entropyinputreseed[] =
13298 + {
13299 + 0x67,0x09,0x48,0xaa,0x07,0x16,0x99,0x89,0x7f,0x6d,0xa0,0xe5,
13300 + 0x8f,0xdf,0xbc,0xdb,0xfe,0xe5,0x6c,0x7a,0x95,0x4a,0x66,0x17
13301 + };
13302 +
13303 +__fips_constseg
13304 +static const unsigned char sha224_additionalinputreseed[] =
13305 + {
13306 + 0x0f,0x4b,0x1c,0x6f,0xb7,0xe3,0x47,0xe5,0x5d,0x7d,0x38,0xd6,
13307 + 0x28,0x9b,0xeb,0x55,0x63,0x09,0x3e,0x7c,0x56,0xea,0xf8,0x19
13308 + };
13309 +
13310 +__fips_constseg
13311 +static const unsigned char sha224_additionalinput2[] =
13312 + {
13313 + 0x2d,0x26,0x7c,0x37,0xe4,0x7a,0x28,0x5e,0x5a,0x3c,0xaf,0x3d,
13314 + 0x5a,0x8e,0x55,0xa2,0x1a,0x6e,0xc0,0xe5,0xf6,0x21,0xd3,0xf6
13315 + };
13316 +
13317 +__fips_constseg
13318 +static const unsigned char sha224_returnedbits[] =
13319 + {
13320 + 0x4d,0x83,0x35,0xdf,0x67,0xa9,0xfc,0x17,0xda,0x70,0xcc,0x8b,
13321 + 0x7f,0x77,0xae,0xa2,0x5f,0xb9,0x7e,0x74,0x4c,0x26,0xc1,0x7a,
13322 + 0x3b,0xa7,0x5c,0x93
13323 + };
13324 +
13325 +
13326 +/* SHA-256 PR */
13327 +__fips_constseg
13328 +static const unsigned char sha256_pr_entropyinput[] =
13329 + {
13330 + 0xce,0x49,0x00,0x7a,0x56,0xe3,0x67,0x8f,0xe1,0xb6,0xa7,0xd4,
13331 + 0x4f,0x08,0x7a,0x1b,0x01,0xf4,0xfa,0x6b,0xef,0xb7,0xe5,0xeb,
13332 + 0x07,0x3d,0x11,0x0d,0xc8,0xea,0x2b,0xfe
13333 + };
13334 +
13335 +__fips_constseg
13336 +static const unsigned char sha256_pr_nonce[] =
13337 + {
13338 + 0x73,0x41,0xc8,0x92,0x94,0xe2,0xc5,0x5f,0x93,0xfd,0x39,0x5d,
13339 + 0x2b,0x91,0x4d,0x38
13340 + };
13341 +
13342 +__fips_constseg
13343 +static const unsigned char sha256_pr_personalizationstring[] =
13344 + {
13345 + 0x50,0x6d,0x01,0x01,0x07,0x5a,0x80,0x35,0x7a,0x56,0x1a,0x56,
13346 + 0x2f,0x9a,0x0b,0x35,0xb2,0xb1,0xc9,0xe5,0xca,0x69,0x61,0x48,
13347 + 0xff,0xfb,0x0f,0xd9,0x4b,0x79,0x1d,0xba
13348 + };
13349 +
13350 +__fips_constseg
13351 +static const unsigned char sha256_pr_additionalinput[] =
13352 + {
13353 + 0x20,0xb8,0xdf,0x44,0x77,0x5a,0xb8,0xd3,0xbf,0xf6,0xcf,0xac,
13354 + 0x5e,0xa6,0x96,0x62,0x73,0x44,0x40,0x4a,0x30,0xfb,0x38,0xa5,
13355 + 0x7b,0x0d,0xe4,0x0d,0xc6,0xe4,0x9a,0x1f
13356 + };
13357 +
13358 +__fips_constseg
13359 +static const unsigned char sha256_pr_entropyinputpr[] =
13360 + {
13361 + 0x04,0xc4,0x65,0xf4,0xd3,0xbf,0x83,0x4b,0xab,0xc8,0x41,0xa8,
13362 + 0xc2,0xe0,0x44,0x63,0x77,0x4c,0x6f,0x6c,0x49,0x46,0xff,0x94,
13363 + 0x17,0xea,0xe6,0x1a,0x9d,0x5e,0x66,0x78
13364 + };
13365 +
13366 +__fips_constseg
13367 +static const unsigned char sha256_pr_int_returnedbits[] =
13368 + {
13369 + 0x07,0x4d,0xac,0x9b,0x86,0xca,0x4a,0xaa,0x6e,0x7a,0x03,0xa2,
13370 + 0x5d,0x10,0xea,0x0b,0xf9,0x83,0xcc,0xd1,0xfc,0xe2,0x07,0xc7,
13371 + 0x06,0x34,0x60,0x6f,0x83,0x94,0x99,0x76
13372 + };
13373 +
13374 +__fips_constseg
13375 +static const unsigned char sha256_pr_additionalinput2[] =
13376 + {
13377 + 0x89,0x4e,0x45,0x8c,0x11,0xf9,0xbc,0x5b,0xac,0x74,0x8b,0x4b,
13378 + 0x5f,0xf7,0x19,0xf3,0xf5,0x24,0x54,0x14,0xd1,0x15,0xb1,0x43,
13379 + 0x12,0xa4,0x5f,0xd4,0xec,0xfc,0xcd,0x09
13380 + };
13381 +
13382 +__fips_constseg
13383 +static const unsigned char sha256_pr_entropyinputpr2[] =
13384 + {
13385 + 0x0e,0xeb,0x1f,0xd7,0xfc,0xd1,0x9d,0xd4,0x05,0x36,0x8b,0xb2,
13386 + 0xfb,0xe4,0xf4,0x51,0x0c,0x87,0x9b,0x02,0x44,0xd5,0x92,0x4d,
13387 + 0x44,0xfe,0x1a,0x03,0x43,0x56,0xbd,0x86
13388 + };
13389 +
13390 +__fips_constseg
13391 +static const unsigned char sha256_pr_returnedbits[] =
13392 + {
13393 + 0x02,0xaa,0xb6,0x1d,0x7e,0x2a,0x40,0x03,0x69,0x2d,0x49,0xa3,
13394 + 0x41,0xe7,0x44,0x0b,0xaf,0x7b,0x85,0xe4,0x5f,0x53,0x3b,0x64,
13395 + 0xbc,0x89,0xc8,0x82,0xd4,0x78,0x37,0xa2
13396 + };
13397 +
13398 +
13399 +/* SHA-256 No PR */
13400 +__fips_constseg
13401 +static const unsigned char sha256_entropyinput[] =
13402 + {
13403 + 0x5b,0x1b,0xec,0x4d,0xa9,0x38,0x74,0x5a,0x34,0x0b,0x7b,0xc5,
13404 + 0xe5,0xd7,0x66,0x7c,0xbc,0x82,0xb9,0x0e,0x2d,0x1f,0x92,0xd7,
13405 + 0xc1,0xbc,0x67,0x69,0xec,0x6b,0x03,0x3c
13406 + };
13407 +
13408 +__fips_constseg
13409 +static const unsigned char sha256_nonce[] =
13410 + {
13411 + 0xa4,0x0c,0xd8,0x9c,0x61,0xd8,0xc3,0x54,0xfe,0x53,0xc9,0xe5,
13412 + 0x5d,0x6f,0x6d,0x35
13413 + };
13414 +
13415 +__fips_constseg
13416 +static const unsigned char sha256_personalizationstring[] =
13417 + {
13418 + 0x22,0x5e,0x62,0x93,0x42,0x83,0x78,0x24,0xd8,0x40,0x8c,0xde,
13419 + 0x6f,0xf9,0xa4,0x7a,0xc5,0xa7,0x3b,0x88,0xa3,0xee,0x42,0x20,
13420 + 0xfd,0x61,0x56,0xc6,0x4c,0x13,0x41,0x9c
13421 + };
13422 +
13423 +__fips_constseg
13424 +static const unsigned char sha256_additionalinput[] =
13425 + {
13426 + 0xbf,0x74,0x5b,0xf6,0xc5,0x64,0x5e,0x99,0x34,0x8f,0xbc,0xa4,
13427 + 0xe2,0xbd,0xd8,0x85,0x26,0x37,0xea,0xba,0x4f,0xf2,0x9a,0x9a,
13428 + 0x66,0xfc,0xdf,0x63,0x26,0x26,0x19,0x87
13429 + };
13430 +
13431 +__fips_constseg
13432 +static const unsigned char sha256_int_returnedbits[] =
13433 + {
13434 + 0xb3,0xc6,0x07,0x07,0xd6,0x75,0xf6,0x2b,0xd6,0x21,0x96,0xf1,
13435 + 0xae,0xdb,0x2b,0xac,0x25,0x2a,0xae,0xae,0x41,0x72,0x03,0x5e,
13436 + 0xbf,0xd3,0x64,0xbc,0x59,0xf9,0xc0,0x76
13437 + };
13438 +
13439 +__fips_constseg
13440 +static const unsigned char sha256_entropyinputreseed[] =
13441 + {
13442 + 0xbf,0x20,0x33,0x56,0x29,0xa8,0x37,0x04,0x1f,0x78,0x34,0x3d,
13443 + 0x81,0x2a,0xc9,0x86,0xc6,0x7a,0x2f,0x88,0x5e,0xd5,0xbe,0x34,
13444 + 0x46,0x20,0xa4,0x35,0xeb,0xc7,0xe2,0x9d
13445 + };
13446 +
13447 +__fips_constseg
13448 +static const unsigned char sha256_additionalinputreseed[] =
13449 + {
13450 + 0x9b,0xae,0x2d,0x2d,0x61,0xa4,0x89,0xeb,0x43,0x46,0xa7,0xda,
13451 + 0xef,0x40,0xca,0x4a,0x99,0x11,0x41,0xdc,0x5c,0x94,0xe9,0xac,
13452 + 0xd4,0xd0,0xe6,0xbd,0xfb,0x03,0x9c,0xa8
13453 + };
13454 +
13455 +__fips_constseg
13456 +static const unsigned char sha256_additionalinput2[] =
13457 + {
13458 + 0x23,0xaa,0x0c,0xbd,0x28,0x33,0xe2,0x51,0xfc,0x71,0xd2,0x15,
13459 + 0x1f,0x76,0xfd,0x0d,0xe0,0xb7,0xb5,0x84,0x75,0x5b,0xbe,0xf3,
13460 + 0x5c,0xca,0xc5,0x30,0xf2,0x75,0x1f,0xda
13461 + };
13462 +
13463 +__fips_constseg
13464 +static const unsigned char sha256_returnedbits[] =
13465 + {
13466 + 0x90,0x3c,0xc1,0x10,0x8c,0x12,0x01,0xc6,0xa6,0x3a,0x0f,0x4d,
13467 + 0xb6,0x3a,0x4f,0x41,0x9c,0x61,0x75,0x84,0xe9,0x74,0x75,0xfd,
13468 + 0xfe,0xf2,0x1f,0x43,0xd8,0x5e,0x24,0xa3
13469 + };
13470 +
13471 +
13472 +/* SHA-384 PR */
13473 +__fips_constseg
13474 +static const unsigned char sha384_pr_entropyinput[] =
13475 + {
13476 + 0x71,0x9d,0xb2,0x5a,0x71,0x6d,0x04,0xe9,0x1e,0xc7,0x92,0x24,
13477 + 0x6e,0x12,0x33,0xa9,0x52,0x64,0x31,0xef,0x71,0xeb,0x22,0x55,
13478 + 0x28,0x97,0x06,0x6a,0xc0,0x0c,0xa0,0x7e
13479 + };
13480 +
13481 +__fips_constseg
13482 +static const unsigned char sha384_pr_nonce[] =
13483 + {
13484 + 0xf5,0x0d,0xfa,0xb0,0xec,0x6a,0x7c,0xd6,0xbd,0x9b,0x05,0xfd,
13485 + 0x38,0x3e,0x2e,0x56
13486 + };
13487 +
13488 +__fips_constseg
13489 +static const unsigned char sha384_pr_personalizationstring[] =
13490 + {
13491 + 0x74,0xac,0x7e,0x6d,0xb1,0xa4,0xe7,0x21,0xd1,0x1e,0x6e,0x96,
13492 + 0x6d,0x4d,0x53,0x46,0x82,0x96,0x6e,0xcf,0xaa,0x81,0x8d,0x7d,
13493 + 0x9e,0xe1,0x0f,0x15,0xea,0x41,0xbf,0xe3
13494 + };
13495 +
13496 +__fips_constseg
13497 +static const unsigned char sha384_pr_additionalinput[] =
13498 + {
13499 + 0xda,0x95,0xd4,0xd0,0xb8,0x11,0xd3,0x49,0x27,0x5d,0xa9,0x39,
13500 + 0x68,0xf3,0xa8,0xe9,0x5d,0x19,0x8a,0x2b,0x66,0xe8,0x69,0x06,
13501 + 0x7c,0x9e,0x03,0xa1,0x8b,0x26,0x2d,0x6e
13502 + };
13503 +
13504 +__fips_constseg
13505 +static const unsigned char sha384_pr_entropyinputpr[] =
13506 + {
13507 + 0x49,0xdf,0x44,0x00,0xe4,0x1c,0x75,0x0b,0x26,0x5a,0x59,0x64,
13508 + 0x1f,0x4e,0xb1,0xb2,0x13,0xf1,0x22,0x4e,0xb4,0x6d,0x9a,0xcc,
13509 + 0xa0,0x48,0xe6,0xcf,0x1d,0xd1,0x92,0x0d
13510 + };
13511 +
13512 +__fips_constseg
13513 +static const unsigned char sha384_pr_int_returnedbits[] =
13514 + {
13515 + 0xc8,0x52,0xae,0xbf,0x04,0x3c,0x27,0xb7,0x78,0x18,0xaa,0x8f,
13516 + 0xff,0xcf,0xa4,0xf1,0xcc,0xe7,0x68,0xfa,0x22,0xa2,0x13,0x45,
13517 + 0xe8,0xdd,0x87,0xe6,0xf2,0x6e,0xdd,0xc7,0x52,0x90,0x9f,0x7b,
13518 + 0xfa,0x61,0x2d,0x9d,0x9e,0xcf,0x98,0xac,0x52,0x40,0xce,0xaf
13519 + };
13520 +
13521 +__fips_constseg
13522 +static const unsigned char sha384_pr_additionalinput2[] =
13523 + {
13524 + 0x61,0x7c,0x03,0x9a,0x3e,0x50,0x57,0x60,0xc5,0x83,0xc9,0xb2,
13525 + 0xd1,0x87,0x85,0x66,0x92,0x5d,0x84,0x0e,0x53,0xfb,0x70,0x03,
13526 + 0x72,0xfd,0xba,0xae,0x9c,0x8f,0xf8,0x18
13527 + };
13528 +
13529 +__fips_constseg
13530 +static const unsigned char sha384_pr_entropyinputpr2[] =
13531 + {
13532 + 0xf8,0xeb,0x89,0xb1,0x8d,0x78,0xbe,0x21,0xe0,0xbb,0x9d,0xb7,
13533 + 0x95,0x0e,0xd9,0x46,0x0c,0x8c,0xe2,0x63,0xb7,0x9d,0x67,0x90,
13534 + 0xbd,0xc7,0x0b,0xa5,0xce,0xb2,0x65,0x81
13535 + };
13536 +
13537 +__fips_constseg
13538 +static const unsigned char sha384_pr_returnedbits[] =
13539 + {
13540 + 0xe6,0x9f,0xfe,0x68,0xd6,0xb5,0x79,0xf1,0x06,0x5f,0xa3,0xbb,
13541 + 0x23,0x85,0xd8,0xf0,0x29,0x5a,0x68,0x9e,0xf5,0xf4,0xa6,0x12,
13542 + 0xe0,0x9a,0xe2,0xac,0x00,0x1d,0x98,0x26,0xfc,0x53,0x95,0x53,
13543 + 0xe4,0x3e,0x17,0xd5,0x08,0x0b,0x70,0x3d,0x67,0x99,0xac,0x66
13544 + };
13545 +
13546 +
13547 +/* SHA-384 No PR */
13548 +__fips_constseg
13549 +static const unsigned char sha384_entropyinput[] =
13550 + {
13551 + 0x07,0x15,0x27,0x2a,0xaf,0x74,0x24,0x37,0xbc,0xd5,0x14,0x69,
13552 + 0xce,0x11,0xff,0xa2,0x6b,0xb8,0x05,0x67,0x34,0xf8,0xbd,0x6d,
13553 + 0x6a,0xcc,0xcd,0x60,0xa3,0x68,0xca,0xf4
13554 + };
13555 +
13556 +__fips_constseg
13557 +static const unsigned char sha384_nonce[] =
13558 + {
13559 + 0x70,0x17,0xc2,0x5b,0x5d,0x22,0x0b,0x06,0x15,0x54,0x78,0x77,
13560 + 0x44,0xaf,0x2f,0x09
13561 + };
13562 +
13563 +__fips_constseg
13564 +static const unsigned char sha384_personalizationstring[] =
13565 + {
13566 + 0x89,0x39,0x28,0xb0,0x60,0xeb,0x3d,0xdc,0x55,0x75,0x86,0xeb,
13567 + 0xae,0xa2,0x8f,0xbc,0x1b,0x75,0xd4,0xe1,0x0f,0xaa,0x38,0xca,
13568 + 0x62,0x8b,0xcb,0x2c,0x26,0xf6,0xbc,0xb1
13569 + };
13570 +
13571 +__fips_constseg
13572 +static const unsigned char sha384_additionalinput[] =
13573 + {
13574 + 0x30,0x2b,0x42,0x35,0xef,0xda,0x40,0x55,0x28,0xc6,0x95,0xfb,
13575 + 0x54,0x01,0x62,0xd7,0x87,0x14,0x48,0x6d,0x90,0x4c,0xa9,0x02,
13576 + 0x54,0x40,0x22,0xc8,0x66,0xa5,0x48,0x48
13577 + };
13578 +
13579 +__fips_constseg
13580 +static const unsigned char sha384_int_returnedbits[] =
13581 + {
13582 + 0x82,0xc4,0xa1,0x9c,0x21,0xd2,0xe7,0xa5,0xa6,0xf6,0x5f,0x04,
13583 + 0x5c,0xc7,0x31,0x9d,0x8d,0x59,0x74,0x50,0x19,0x89,0x2f,0x63,
13584 + 0xd5,0xb7,0x7e,0xeb,0x15,0xe3,0x70,0x83,0xa1,0x24,0x59,0xfa,
13585 + 0x2c,0x56,0xf6,0x88,0x3a,0x92,0x93,0xa1,0xfb,0x79,0xc1,0x7a
13586 + };
13587 +
13588 +__fips_constseg
13589 +static const unsigned char sha384_entropyinputreseed[] =
13590 + {
13591 + 0x39,0xa6,0xe8,0x5c,0x82,0x17,0x71,0x26,0x57,0x4f,0x9f,0xc2,
13592 + 0x55,0xff,0x5c,0x9b,0x53,0x1a,0xd1,0x5f,0xbc,0x62,0xe4,0x27,
13593 + 0x2d,0x32,0xf0,0xe4,0x52,0x8c,0xc5,0x0c
13594 + };
13595 +
13596 +__fips_constseg
13597 +static const unsigned char sha384_additionalinputreseed[] =
13598 + {
13599 + 0x8d,0xcb,0x8d,0xce,0x08,0xea,0x80,0xe8,0x9b,0x61,0xa8,0x0f,
13600 + 0xaf,0x49,0x20,0x9e,0x74,0xcb,0x57,0x80,0x42,0xb0,0x84,0x5e,
13601 + 0x30,0x2a,0x67,0x08,0xf4,0xe3,0x40,0x22
13602 + };
13603 +
13604 +__fips_constseg
13605 +static const unsigned char sha384_additionalinput2[] =
13606 + {
13607 + 0x7c,0x8f,0xc2,0xae,0x22,0x4a,0xd6,0xf6,0x05,0xa4,0x7a,0xea,
13608 + 0xbb,0x25,0xd0,0xb7,0x5a,0xd6,0xcf,0x9d,0xf3,0x6c,0xe2,0xb2,
13609 + 0x4e,0xb4,0xbd,0xf4,0xe5,0x40,0x80,0x94
13610 + };
13611 +
13612 +__fips_constseg
13613 +static const unsigned char sha384_returnedbits[] =
13614 + {
13615 + 0x9e,0x7e,0xfb,0x59,0xbb,0xaa,0x3c,0xf7,0xe1,0xf8,0x76,0xdd,
13616 + 0x63,0x5f,0xaf,0x23,0xd6,0x64,0x61,0xc0,0x9a,0x09,0x47,0xc9,
13617 + 0x33,0xdf,0x6d,0x55,0x91,0x34,0x79,0x70,0xc4,0x99,0x6e,0x54,
13618 + 0x09,0x64,0x21,0x1a,0xbd,0x1e,0x80,0x40,0x34,0xad,0xfa,0xd7
13619 + };
13620 +
13621 +
13622 +/* SHA-512 PR */
13623 +__fips_constseg
13624 +static const unsigned char sha512_pr_entropyinput[] =
13625 + {
13626 + 0x13,0xf7,0x61,0x75,0x65,0x28,0xa2,0x59,0x13,0x5a,0x4a,0x4f,
13627 + 0x56,0x60,0x8c,0x53,0x7d,0xb0,0xbd,0x06,0x4f,0xed,0xcc,0xd2,
13628 + 0xa2,0xb5,0xfd,0x5b,0x3a,0xab,0xec,0x28
13629 + };
13630 +
13631 +__fips_constseg
13632 +static const unsigned char sha512_pr_nonce[] =
13633 + {
13634 + 0xbe,0xa3,0x91,0x93,0x1d,0xc3,0x31,0x3a,0x23,0x33,0x50,0x67,
13635 + 0x88,0xc7,0xa2,0xc4
13636 + };
13637 +
13638 +__fips_constseg
13639 +static const unsigned char sha512_pr_personalizationstring[] =
13640 + {
13641 + 0x1f,0x59,0x4d,0x7b,0xe6,0x46,0x91,0x48,0xc1,0x25,0xfa,0xff,
13642 + 0x89,0x12,0x77,0x35,0xdf,0x3e,0xf4,0x80,0x5f,0xd9,0xb0,0x07,
13643 + 0x22,0x41,0xdd,0x48,0x78,0x6b,0x77,0x2b
13644 + };
13645 +
13646 +__fips_constseg
13647 +static const unsigned char sha512_pr_additionalinput[] =
13648 + {
13649 + 0x30,0xff,0x63,0x6f,0xac,0xd9,0x84,0x39,0x6f,0xe4,0x99,0xce,
13650 + 0x91,0x7d,0x7e,0xc8,0x58,0xf2,0x12,0xc3,0xb6,0xad,0xda,0x22,
13651 + 0x04,0xa0,0xd2,0x21,0xfe,0xf2,0x95,0x1d
13652 + };
13653 +
13654 +__fips_constseg
13655 +static const unsigned char sha512_pr_entropyinputpr[] =
13656 + {
13657 + 0x64,0x54,0x13,0xec,0x4f,0x77,0xda,0xb2,0x92,0x2e,0x52,0x80,
13658 + 0x11,0x10,0xc2,0xf8,0xe6,0xa7,0xcd,0x4b,0xfc,0x32,0x2e,0x9e,
13659 + 0xeb,0xbb,0xb1,0xbf,0x15,0x5c,0x73,0x08
13660 + };
13661 +
13662 +__fips_constseg
13663 +static const unsigned char sha512_pr_int_returnedbits[] =
13664 + {
13665 + 0xef,0x1e,0xdc,0x0a,0xa4,0x36,0x91,0x9c,0x3d,0x27,0x97,0x50,
13666 + 0x8d,0x36,0x29,0x8d,0xce,0x6a,0x0c,0xf7,0x21,0xc0,0x91,0xae,
13667 + 0x0c,0x96,0x72,0xbd,0x52,0x81,0x58,0xfc,0x6d,0xe5,0xf7,0xa5,
13668 + 0xfd,0x5d,0xa7,0x58,0x68,0xc8,0x99,0x58,0x8e,0xc8,0xce,0x95,
13669 + 0x01,0x7d,0xff,0xa4,0xc8,0xf7,0x63,0xfe,0x5f,0x69,0x83,0x53,
13670 + 0xe2,0xc6,0x8b,0xc3
13671 + };
13672 +
13673 +__fips_constseg
13674 +static const unsigned char sha512_pr_additionalinput2[] =
13675 + {
13676 + 0xe6,0x9b,0xc4,0x88,0x34,0xca,0xea,0x29,0x2f,0x98,0x05,0xa4,
13677 + 0xd3,0xc0,0x7b,0x11,0xe8,0xbb,0x75,0xf2,0xbd,0x29,0xb7,0x40,
13678 + 0x25,0x7f,0xc1,0xb7,0xb1,0xf1,0x25,0x61
13679 + };
13680 +
13681 +__fips_constseg
13682 +static const unsigned char sha512_pr_entropyinputpr2[] =
13683 + {
13684 + 0x23,0x6d,0xff,0xde,0xfb,0xd1,0xba,0x33,0x18,0xe6,0xbe,0xb5,
13685 + 0x48,0x77,0x6d,0x7f,0xa7,0xe1,0x4d,0x48,0x1e,0x3c,0xa7,0x34,
13686 + 0x1a,0xc8,0x60,0xdb,0x8f,0x99,0x15,0x99
13687 + };
13688 +
13689 +__fips_constseg
13690 +static const unsigned char sha512_pr_returnedbits[] =
13691 + {
13692 + 0x70,0x27,0x31,0xdb,0x92,0x70,0x21,0xfe,0x16,0xb6,0xc8,0x51,
13693 + 0x34,0x87,0x65,0xd0,0x4e,0xfd,0xfe,0x68,0xec,0xac,0xdc,0x93,
13694 + 0x41,0x38,0x92,0x90,0xb4,0x94,0xf9,0x0d,0xa4,0xf7,0x4e,0x80,
13695 + 0x92,0x67,0x48,0x40,0xa7,0x08,0xc7,0xbc,0x66,0x00,0xfd,0xf7,
13696 + 0x4c,0x8b,0x17,0x6e,0xd1,0x8f,0x9b,0xf3,0x6f,0xf6,0x34,0xdd,
13697 + 0x67,0xf7,0x68,0xdd
13698 + };
13699 +
13700 +
13701 +/* SHA-512 No PR */
13702 +__fips_constseg
13703 +static const unsigned char sha512_entropyinput[] =
13704 + {
13705 + 0xb6,0x0b,0xb7,0xbc,0x84,0x56,0xf6,0x12,0xaf,0x45,0x67,0x17,
13706 + 0x7c,0xd1,0xb2,0x78,0x2b,0xa0,0xf2,0xbe,0xb6,0x6d,0x8b,0x56,
13707 + 0xc6,0xbc,0x4d,0xe1,0xf7,0xbe,0xce,0xbd
13708 + };
13709 +
13710 +__fips_constseg
13711 +static const unsigned char sha512_nonce[] =
13712 + {
13713 + 0x9d,0xed,0xc0,0xe5,0x5a,0x98,0x6a,0xcb,0x51,0x7d,0x76,0x31,
13714 + 0x5a,0x64,0xf0,0xf7
13715 + };
13716 +
13717 +__fips_constseg
13718 +static const unsigned char sha512_personalizationstring[] =
13719 + {
13720 + 0xc2,0x6d,0xa3,0xc3,0x06,0x74,0xe5,0x01,0x5c,0x10,0x17,0xc7,
13721 + 0xaf,0x83,0x9d,0x59,0x8d,0x2d,0x29,0x38,0xc5,0x59,0x70,0x8b,
13722 + 0x46,0x48,0x2d,0xcf,0x36,0x7d,0x59,0xc0
13723 + };
13724 +
13725 +__fips_constseg
13726 +static const unsigned char sha512_additionalinput[] =
13727 + {
13728 + 0xec,0x8c,0xd4,0xf7,0x61,0x6e,0x0d,0x95,0x79,0xb7,0x28,0xad,
13729 + 0x5f,0x69,0x74,0x5f,0x2d,0x36,0x06,0x8a,0x6b,0xac,0x54,0x97,
13730 + 0xc4,0xa1,0x12,0x85,0x0a,0xdf,0x4b,0x34
13731 + };
13732 +
13733 +__fips_constseg
13734 +static const unsigned char sha512_int_returnedbits[] =
13735 + {
13736 + 0x84,0x2f,0x1f,0x68,0x6a,0xa3,0xad,0x1e,0xfb,0xf4,0x15,0xbd,
13737 + 0xde,0x38,0xd4,0x30,0x80,0x51,0xe9,0xd3,0xc7,0x20,0x88,0xe9,
13738 + 0xf5,0xcc,0xdf,0x57,0x5c,0x47,0x2f,0x57,0x3c,0x5f,0x13,0x56,
13739 + 0xcc,0xc5,0x4f,0x84,0xf8,0x10,0x41,0xd5,0x7e,0x58,0x6e,0x19,
13740 + 0x19,0x9e,0xaf,0xc2,0x22,0x58,0x41,0x50,0x79,0xc2,0xd8,0x04,
13741 + 0x28,0xd4,0x39,0x9a
13742 + };
13743 +
13744 +__fips_constseg
13745 +static const unsigned char sha512_entropyinputreseed[] =
13746 + {
13747 + 0xfa,0x7f,0x46,0x51,0x83,0x62,0x98,0x16,0x9a,0x19,0xa2,0x49,
13748 + 0xa9,0xe6,0x4a,0xd8,0x85,0xe7,0xd4,0x3b,0x2c,0x82,0xc5,0x82,
13749 + 0xbf,0x11,0xf9,0x9e,0xbc,0xd0,0x01,0xee
13750 + };
13751 +
13752 +__fips_constseg
13753 +static const unsigned char sha512_additionalinputreseed[] =
13754 + {
13755 + 0xb9,0x12,0xe0,0x4f,0xf7,0xa7,0xc4,0xd8,0xd0,0x8e,0x99,0x29,
13756 + 0x7c,0x9a,0xe9,0xcf,0xc4,0x6c,0xf8,0xc3,0xa7,0x41,0x83,0xd6,
13757 + 0x2e,0xfa,0xb8,0x5e,0x8e,0x6b,0x78,0x20
13758 + };
13759 +
13760 +__fips_constseg
13761 +static const unsigned char sha512_additionalinput2[] =
13762 + {
13763 + 0xd7,0x07,0x52,0xb9,0x83,0x2c,0x03,0x71,0xee,0xc9,0xc0,0x85,
13764 + 0xe1,0x57,0xb2,0xcd,0x3a,0xf0,0xc9,0x34,0x24,0x41,0x1c,0x42,
13765 + 0x99,0xb2,0x84,0xe9,0x17,0xd2,0x76,0x92
13766 + };
13767 +
13768 +__fips_constseg
13769 +static const unsigned char sha512_returnedbits[] =
13770 + {
13771 + 0x36,0x17,0x5d,0x98,0x2b,0x65,0x25,0x8e,0xc8,0x29,0xdf,0x27,
13772 + 0x05,0x36,0x26,0x12,0x8a,0x68,0x74,0x27,0x37,0xd4,0x7f,0x32,
13773 + 0xb1,0x12,0xd6,0x85,0x83,0xeb,0x2e,0xa0,0xed,0x4b,0xb5,0x7b,
13774 + 0x6f,0x39,0x3c,0x71,0x77,0x02,0x12,0xcc,0x2c,0x3a,0x8e,0x63,
13775 + 0xdf,0x4a,0xbd,0x6f,0x6e,0x2e,0xed,0x0a,0x85,0xa5,0x2f,0xa2,
13776 + 0x68,0xde,0x42,0xb5
13777 + };
13778 +
13779 +
13780 +/* HMAC SHA-1 PR */
13781 +__fips_constseg
13782 +static const unsigned char hmac_sha1_pr_entropyinput[] =
13783 + {
13784 + 0x26,0x5f,0x36,0x14,0xff,0x3d,0x83,0xfa,0x73,0x5e,0x75,0xdc,
13785 + 0x2c,0x18,0x17,0x1b
13786 + };
13787 +
13788 +__fips_constseg
13789 +static const unsigned char hmac_sha1_pr_nonce[] =
13790 + {
13791 + 0xc8,0xe3,0x57,0xa5,0x7b,0x74,0x86,0x6e
13792 + };
13793 +
13794 +__fips_constseg
13795 +static const unsigned char hmac_sha1_pr_personalizationstring[] =
13796 + {
13797 + 0x6e,0xdb,0x0d,0xfe,0x7d,0xac,0x79,0xd0,0xa5,0x3a,0x48,0x85,
13798 + 0x80,0xe2,0x7f,0x2a
13799 + };
13800 +
13801 +__fips_constseg
13802 +static const unsigned char hmac_sha1_pr_additionalinput[] =
13803 + {
13804 + 0x31,0xcd,0x5e,0x43,0xdc,0xfb,0x7a,0x79,0xca,0x88,0xde,0x1f,
13805 + 0xd7,0xbb,0x42,0x09
13806 + };
13807 +
13808 +__fips_constseg
13809 +static const unsigned char hmac_sha1_pr_entropyinputpr[] =
13810 + {
13811 + 0x7c,0x23,0x95,0x38,0x00,0x95,0xc1,0x78,0x1f,0x8f,0xd7,0x63,
13812 + 0x23,0x87,0x2a,0xed
13813 + };
13814 +
13815 +__fips_constseg
13816 +static const unsigned char hmac_sha1_pr_int_returnedbits[] =
13817 + {
13818 + 0xbb,0x34,0xe7,0x93,0xa3,0x02,0x2c,0x4a,0xd0,0x89,0xda,0x7f,
13819 + 0xed,0xf4,0x4c,0xde,0x17,0xec,0xe5,0x6c
13820 + };
13821 +
13822 +__fips_constseg
13823 +static const unsigned char hmac_sha1_pr_additionalinput2[] =
13824 + {
13825 + 0x49,0xbc,0x2d,0x2c,0xb7,0x32,0xcb,0x20,0xdf,0xf5,0x77,0x58,
13826 + 0xa0,0x4b,0x93,0x6e
13827 + };
13828 +
13829 +__fips_constseg
13830 +static const unsigned char hmac_sha1_pr_entropyinputpr2[] =
13831 + {
13832 + 0x3c,0xaa,0xb0,0x21,0x42,0xb0,0xdd,0x34,0xf0,0x16,0x7f,0x0c,
13833 + 0x0f,0xff,0x2e,0xaf
13834 + };
13835 +
13836 +__fips_constseg
13837 +static const unsigned char hmac_sha1_pr_returnedbits[] =
13838 + {
13839 + 0x8e,0xcb,0xa3,0x64,0xb2,0xb8,0x33,0x6c,0x64,0x3b,0x78,0x16,
13840 + 0x99,0x35,0xc8,0x30,0xcb,0x3e,0xa0,0xd8
13841 + };
13842 +
13843 +
13844 +/* HMAC SHA-1 No PR */
13845 +__fips_constseg
13846 +static const unsigned char hmac_sha1_entropyinput[] =
13847 + {
13848 + 0x32,0x9a,0x2a,0x87,0x7b,0x89,0x7c,0xf6,0xcb,0x95,0xd5,0x40,
13849 + 0x17,0xfe,0x47,0x70
13850 + };
13851 +
13852 +__fips_constseg
13853 +static const unsigned char hmac_sha1_nonce[] =
13854 + {
13855 + 0x16,0xd8,0xe0,0xc7,0x52,0xcf,0x4a,0x25
13856 + };
13857 +
13858 +__fips_constseg
13859 +static const unsigned char hmac_sha1_personalizationstring[] =
13860 + {
13861 + 0x35,0x35,0xa9,0xa5,0x40,0xbe,0x9b,0xd1,0x56,0xdd,0x44,0x00,
13862 + 0x72,0xf7,0xd3,0x5e
13863 + };
13864 +
13865 +__fips_constseg
13866 +static const unsigned char hmac_sha1_additionalinput[] =
13867 + {
13868 + 0x1b,0x2c,0x84,0x2d,0x4a,0x89,0x8f,0x69,0x19,0xf1,0xf3,0xdb,
13869 + 0xbb,0xe3,0xaa,0xea
13870 + };
13871 +
13872 +__fips_constseg
13873 +static const unsigned char hmac_sha1_int_returnedbits[] =
13874 + {
13875 + 0xcf,0xfa,0x7d,0x72,0x0f,0xe6,0xc7,0x96,0xa0,0x69,0x31,0x11,
13876 + 0x9b,0x0b,0x1a,0x20,0x1f,0x3f,0xaa,0xd1
13877 + };
13878 +
13879 +__fips_constseg
13880 +static const unsigned char hmac_sha1_entropyinputreseed[] =
13881 + {
13882 + 0x90,0x75,0x15,0x04,0x95,0xf1,0xba,0x81,0x0c,0x37,0x94,0x6f,
13883 + 0x86,0x52,0x6d,0x9c
13884 + };
13885 +
13886 +__fips_constseg
13887 +static const unsigned char hmac_sha1_additionalinputreseed[] =
13888 + {
13889 + 0x5b,0x40,0xba,0x5f,0x17,0x70,0xf0,0x4b,0xdf,0xc9,0x97,0x92,
13890 + 0x79,0xc5,0x82,0x28
13891 + };
13892 +
13893 +__fips_constseg
13894 +static const unsigned char hmac_sha1_additionalinput2[] =
13895 + {
13896 + 0x97,0xc8,0x80,0x90,0xb3,0xaa,0x6e,0x60,0xea,0x83,0x7a,0xe3,
13897 + 0x8a,0xca,0xa4,0x7f
13898 + };
13899 +
13900 +__fips_constseg
13901 +static const unsigned char hmac_sha1_returnedbits[] =
13902 + {
13903 + 0x90,0xbd,0x05,0x56,0x6d,0xb5,0x22,0xd5,0xb9,0x5a,0x29,0x2d,
13904 + 0xe9,0x0b,0xe1,0xac,0xde,0x27,0x0b,0xb0
13905 + };
13906 +
13907 +
13908 +/* HMAC SHA-224 PR */
13909 +__fips_constseg
13910 +static const unsigned char hmac_sha224_pr_entropyinput[] =
13911 + {
13912 + 0x17,0x32,0x2b,0x2e,0x6f,0x1b,0x9c,0x6d,0x31,0xe0,0x34,0x07,
13913 + 0xcf,0xed,0xf6,0xb6,0x5a,0x76,0x4c,0xbc,0x62,0x85,0x01,0x90
13914 + };
13915 +
13916 +__fips_constseg
13917 +static const unsigned char hmac_sha224_pr_nonce[] =
13918 + {
13919 + 0x38,0xbf,0x5f,0x20,0xb3,0x68,0x2f,0x43,0x61,0x05,0x8f,0x23
13920 + };
13921 +
13922 +__fips_constseg
13923 +static const unsigned char hmac_sha224_pr_personalizationstring[] =
13924 + {
13925 + 0xc0,0xc9,0x45,0xac,0x8d,0x27,0x77,0x08,0x0b,0x17,0x6d,0xed,
13926 + 0xc1,0x7d,0xd5,0x07,0x9d,0x6e,0xf8,0x23,0x2a,0x22,0x13,0xbd
13927 + };
13928 +
13929 +__fips_constseg
13930 +static const unsigned char hmac_sha224_pr_additionalinput[] =
13931 + {
13932 + 0xa4,0x3c,0xe7,0x3b,0xea,0x19,0x45,0x32,0xc2,0x83,0x6d,0x21,
13933 + 0x8a,0xc0,0xee,0x67,0x45,0xde,0x13,0x7d,0x9d,0x61,0x00,0x3b
13934 + };
13935 +
13936 +__fips_constseg
13937 +static const unsigned char hmac_sha224_pr_entropyinputpr[] =
13938 + {
13939 + 0x15,0x05,0x74,0x4a,0x7f,0x8d,0x5c,0x60,0x16,0xe5,0x7b,0xad,
13940 + 0xf5,0x41,0x8f,0x55,0x60,0xc4,0x09,0xee,0x1e,0x11,0x81,0xab
13941 + };
13942 +
13943 +__fips_constseg
13944 +static const unsigned char hmac_sha224_pr_int_returnedbits[] =
13945 + {
13946 + 0x6f,0xf5,0x9a,0xe2,0x54,0x53,0x30,0x3d,0x5a,0x27,0x29,0x38,
13947 + 0x27,0xf2,0x0d,0x05,0xe9,0x26,0xcb,0x16,0xc3,0x51,0x5f,0x13,
13948 + 0x41,0xfe,0x99,0xf2
13949 + };
13950 +
13951 +__fips_constseg
13952 +static const unsigned char hmac_sha224_pr_additionalinput2[] =
13953 + {
13954 + 0x73,0x81,0x88,0x84,0x8f,0xed,0x6f,0x10,0x9f,0x93,0xbf,0x17,
13955 + 0x35,0x7c,0xef,0xd5,0x8d,0x26,0xa6,0x7a,0xe8,0x09,0x36,0x4f
13956 + };
13957 +
13958 +__fips_constseg
13959 +static const unsigned char hmac_sha224_pr_entropyinputpr2[] =
13960 + {
13961 + 0xe6,0xcf,0xcf,0x7e,0x12,0xe5,0x43,0xd2,0x38,0xd8,0x24,0x6f,
13962 + 0x5a,0x37,0x68,0xbf,0x4f,0xa0,0xff,0xd5,0x61,0x8a,0x93,0xe0
13963 + };
13964 +
13965 +__fips_constseg
13966 +static const unsigned char hmac_sha224_pr_returnedbits[] =
13967 + {
13968 + 0xaf,0xf9,0xd8,0x19,0x91,0x30,0x82,0x6f,0xa9,0x1e,0x9d,0xd7,
13969 + 0xf3,0x50,0xe0,0xc7,0xd5,0x64,0x96,0x7d,0x4c,0x4d,0x78,0x03,
13970 + 0x6d,0xd8,0x9e,0x72
13971 + };
13972 +
13973 +
13974 +/* HMAC SHA-224 No PR */
13975 +__fips_constseg
13976 +static const unsigned char hmac_sha224_entropyinput[] =
13977 + {
13978 + 0x11,0x82,0xfd,0xd9,0x42,0xf4,0xfa,0xc8,0xf2,0x41,0xe6,0x54,
13979 + 0x01,0xae,0x22,0x6e,0xc6,0xaf,0xaf,0xd0,0xa6,0xb2,0xe2,0x6d
13980 + };
13981 +
13982 +__fips_constseg
13983 +static const unsigned char hmac_sha224_nonce[] =
13984 + {
13985 + 0xa9,0x48,0xd7,0x92,0x39,0x7e,0x2a,0xdc,0x30,0x1f,0x0e,0x2b
13986 + };
13987 +
13988 +__fips_constseg
13989 +static const unsigned char hmac_sha224_personalizationstring[] =
13990 + {
13991 + 0x11,0xd5,0xf4,0xbd,0x67,0x8c,0x31,0xcf,0xa3,0x3f,0x1e,0x6b,
13992 + 0xa8,0x07,0x02,0x0b,0xc8,0x2e,0x6c,0x64,0x41,0x5b,0xc8,0x37
13993 + };
13994 +
13995 +__fips_constseg
13996 +static const unsigned char hmac_sha224_additionalinput[] =
13997 + {
13998 + 0x68,0x18,0xc2,0x06,0xeb,0x3e,0x04,0x95,0x44,0x5e,0xfb,0xe6,
13999 + 0x41,0xc1,0x5c,0xcc,0x40,0x2f,0xb7,0xd2,0x0f,0xf3,0x6b,0xe7
14000 + };
14001 +
14002 +__fips_constseg
14003 +static const unsigned char hmac_sha224_int_returnedbits[] =
14004 + {
14005 + 0x7f,0x45,0xc7,0x5d,0x32,0xe6,0x17,0x60,0xba,0xdc,0xb8,0x42,
14006 + 0x1b,0x9c,0xf1,0xfa,0x3b,0x4d,0x29,0x54,0xc6,0x90,0xff,0x5c,
14007 + 0xcd,0xd6,0xa9,0xcc
14008 + };
14009 +
14010 +__fips_constseg
14011 +static const unsigned char hmac_sha224_entropyinputreseed[] =
14012 + {
14013 + 0xc4,0x8e,0x37,0x95,0x69,0x53,0x28,0xd7,0x37,0xbb,0x70,0x95,
14014 + 0x1c,0x07,0x1d,0xd9,0xb7,0xe6,0x1b,0xbb,0xfe,0x41,0xeb,0xc9
14015 + };
14016 +
14017 +__fips_constseg
14018 +static const unsigned char hmac_sha224_additionalinputreseed[] =
14019 + {
14020 + 0x53,0x17,0xa1,0x6a,0xfa,0x77,0x47,0xb0,0x95,0x56,0x9a,0x20,
14021 + 0x57,0xde,0x5c,0x89,0x9f,0x7f,0xe2,0xde,0x17,0x3a,0x50,0x23
14022 + };
14023 +
14024 +__fips_constseg
14025 +static const unsigned char hmac_sha224_additionalinput2[] =
14026 + {
14027 + 0x3a,0x32,0xf9,0x85,0x0c,0xc1,0xed,0x76,0x2d,0xdf,0x40,0xc3,
14028 + 0x06,0x22,0x66,0xd4,0x9a,0x9a,0xff,0x5a,0x7e,0x7a,0xf3,0x96
14029 + };
14030 +
14031 +__fips_constseg
14032 +static const unsigned char hmac_sha224_returnedbits[] =
14033 + {
14034 + 0x43,0xb4,0x57,0x5c,0x38,0x25,0x9d,0xae,0xec,0x96,0xd1,0x85,
14035 + 0x3a,0x84,0x8d,0xfe,0x68,0xd5,0x0e,0x5c,0x8f,0x65,0xa5,0x4e,
14036 + 0x45,0x84,0xa8,0x94
14037 + };
14038 +
14039 +
14040 +/* HMAC SHA-256 PR */
14041 +__fips_constseg
14042 +static const unsigned char hmac_sha256_pr_entropyinput[] =
14043 + {
14044 + 0x4d,0xb0,0x43,0xd8,0x34,0x4b,0x10,0x70,0xb1,0x8b,0xed,0xea,
14045 + 0x07,0x92,0x9f,0x6c,0x79,0x31,0xaf,0x81,0x29,0xeb,0x6e,0xca,
14046 + 0x32,0x48,0x28,0xe7,0x02,0x5d,0xa6,0xa6
14047 + };
14048 +
14049 +__fips_constseg
14050 +static const unsigned char hmac_sha256_pr_nonce[] =
14051 + {
14052 + 0x3a,0xae,0x15,0xa9,0x99,0xdc,0xe4,0x67,0x34,0x3b,0x70,0x15,
14053 + 0xaa,0xd3,0x30,0x9a
14054 + };
14055 +
14056 +__fips_constseg
14057 +static const unsigned char hmac_sha256_pr_personalizationstring[] =
14058 + {
14059 + 0x13,0x1d,0x24,0x04,0xb0,0x18,0x81,0x15,0x21,0x51,0x2a,0x24,
14060 + 0x52,0x61,0xbe,0x64,0x82,0x6b,0x55,0x2f,0xe2,0xf1,0x40,0x7d,
14061 + 0x71,0xd8,0x01,0x86,0x15,0xb7,0x8b,0xb5
14062 + };
14063 +
14064 +__fips_constseg
14065 +static const unsigned char hmac_sha256_pr_additionalinput[] =
14066 + {
14067 + 0x8f,0xa6,0x54,0x5f,0xb1,0xd0,0xd8,0xc3,0xe7,0x0c,0x15,0xa9,
14068 + 0x23,0x6e,0xfe,0xfb,0x93,0xf7,0x3a,0xbd,0x59,0x01,0xfa,0x18,
14069 + 0x8e,0xe9,0x1a,0xa9,0x78,0xfc,0x79,0x0b
14070 + };
14071 +
14072 +__fips_constseg
14073 +static const unsigned char hmac_sha256_pr_entropyinputpr[] =
14074 + {
14075 + 0xcf,0x24,0xb9,0xeb,0xb3,0xd4,0xcd,0x17,0x37,0x38,0x75,0x79,
14076 + 0x15,0xcb,0x2d,0x75,0x51,0xf1,0xcc,0xaa,0x32,0xa4,0xa7,0x36,
14077 + 0x7c,0x5c,0xe4,0x47,0xf1,0x3e,0x1d,0xe5
14078 + };
14079 +
14080 +__fips_constseg
14081 +static const unsigned char hmac_sha256_pr_int_returnedbits[] =
14082 + {
14083 + 0x52,0x42,0xfa,0xeb,0x85,0xe0,0x30,0x22,0x79,0x00,0x16,0xb2,
14084 + 0x88,0x2f,0x14,0x6a,0xb7,0xfc,0xb7,0x53,0xdc,0x4a,0x12,0xef,
14085 + 0x54,0xd6,0x33,0xe9,0x20,0xd6,0xfd,0x56
14086 + };
14087 +
14088 +__fips_constseg
14089 +static const unsigned char hmac_sha256_pr_additionalinput2[] =
14090 + {
14091 + 0xf4,0xf6,0x49,0xa1,0x2d,0x64,0x2b,0x30,0x58,0xf8,0xbd,0xb8,
14092 + 0x75,0xeb,0xbb,0x5e,0x1c,0x9b,0x81,0x6a,0xda,0x14,0x86,0x6e,
14093 + 0xd0,0xda,0x18,0xb7,0x88,0xfb,0x59,0xf3
14094 + };
14095 +
14096 +__fips_constseg
14097 +static const unsigned char hmac_sha256_pr_entropyinputpr2[] =
14098 + {
14099 + 0x21,0xcd,0x6e,0x46,0xad,0x99,0x07,0x17,0xb4,0x3d,0x76,0x0a,
14100 + 0xff,0x5b,0x52,0x50,0x78,0xdf,0x1f,0x24,0x06,0x0d,0x3f,0x74,
14101 + 0xa9,0xc9,0x37,0xcf,0xd8,0x26,0x25,0x91
14102 + };
14103 +
14104 +__fips_constseg
14105 +static const unsigned char hmac_sha256_pr_returnedbits[] =
14106 + {
14107 + 0xa7,0xaf,0x2f,0x29,0xe0,0x3a,0x72,0x95,0x96,0x1c,0xa9,0xf0,
14108 + 0x4a,0x17,0x4d,0x66,0x06,0x10,0xbf,0x39,0x89,0x88,0xb8,0x91,
14109 + 0x37,0x18,0x99,0xcf,0x8c,0x53,0x3b,0x7e
14110 + };
14111 +
14112 +
14113 +/* HMAC SHA-256 No PR */
14114 +__fips_constseg
14115 +static const unsigned char hmac_sha256_entropyinput[] =
14116 + {
14117 + 0x96,0xb7,0x53,0x22,0x1e,0x52,0x2a,0x96,0xb1,0x15,0x3c,0x35,
14118 + 0x5a,0x8b,0xd3,0x4a,0xa6,0x6c,0x83,0x0a,0x7d,0xa3,0x23,0x3d,
14119 + 0x43,0xa1,0x07,0x2c,0x2d,0xe3,0x81,0xcc
14120 + };
14121 +
14122 +__fips_constseg
14123 +static const unsigned char hmac_sha256_nonce[] =
14124 + {
14125 + 0xf1,0xac,0x97,0xcb,0x5e,0x06,0x48,0xd2,0x94,0xbe,0x15,0x2e,
14126 + 0xc7,0xfc,0xc2,0x01
14127 + };
14128 +
14129 +__fips_constseg
14130 +static const unsigned char hmac_sha256_personalizationstring[] =
14131 + {
14132 + 0x98,0xc5,0x1e,0x35,0x5e,0x89,0x0d,0xce,0x64,0x6d,0x18,0xa7,
14133 + 0x5a,0xc6,0xf3,0xe7,0xd6,0x9e,0xc0,0xea,0xb7,0x3a,0x8d,0x65,
14134 + 0xb8,0xeb,0x10,0xd7,0x57,0x18,0xa0,0x32
14135 + };
14136 +
14137 +__fips_constseg
14138 +static const unsigned char hmac_sha256_additionalinput[] =
14139 + {
14140 + 0x1b,0x10,0xaf,0xac,0xd0,0x65,0x95,0xad,0x04,0xad,0x03,0x1c,
14141 + 0xe0,0x40,0xd6,0x3e,0x1c,0x46,0x53,0x39,0x7c,0xe2,0xbc,0xda,
14142 + 0x8c,0xa2,0x33,0xa7,0x9a,0x26,0xd3,0x27
14143 + };
14144 +
14145 +__fips_constseg
14146 +static const unsigned char hmac_sha256_int_returnedbits[] =
14147 + {
14148 + 0xba,0x61,0x0e,0x55,0xfe,0x11,0x8a,0x9e,0x0f,0x80,0xdf,0x1d,
14149 + 0x03,0x0a,0xfe,0x15,0x94,0x28,0x4b,0xba,0xf4,0x9f,0x51,0x25,
14150 + 0x88,0xe5,0x4e,0xfb,0xaf,0xce,0x69,0x90
14151 + };
14152 +
14153 +__fips_constseg
14154 +static const unsigned char hmac_sha256_entropyinputreseed[] =
14155 + {
14156 + 0x62,0x7f,0x1e,0x6b,0xe8,0x8e,0xe1,0x35,0x7d,0x9b,0x4f,0xc7,
14157 + 0xec,0xc8,0xac,0xef,0x6b,0x13,0x9e,0x05,0x56,0xc1,0x08,0xf9,
14158 + 0x2f,0x0f,0x27,0x9c,0xd4,0x15,0xed,0x2d
14159 + };
14160 +
14161 +__fips_constseg
14162 +static const unsigned char hmac_sha256_additionalinputreseed[] =
14163 + {
14164 + 0xc7,0x76,0x6e,0xa9,0xd2,0xb2,0x76,0x40,0x82,0x25,0x2c,0xb3,
14165 + 0x6f,0xac,0xe9,0x74,0xef,0x8f,0x3c,0x8e,0xcd,0xf1,0xbf,0xb3,
14166 + 0x49,0x77,0x34,0x88,0x52,0x36,0xe6,0x2e
14167 + };
14168 +
14169 +__fips_constseg
14170 +static const unsigned char hmac_sha256_additionalinput2[] =
14171 + {
14172 + 0x8d,0xb8,0x0c,0xd1,0xbf,0x70,0xf6,0x19,0xc3,0x41,0x80,0x9f,
14173 + 0xe1,0xa5,0xa4,0x1f,0x2c,0x26,0xb1,0xe5,0xd8,0xeb,0xbe,0xf8,
14174 + 0xdf,0x88,0x6a,0x89,0xd6,0x05,0xd8,0x9d
14175 + };
14176 +
14177 +__fips_constseg
14178 +static const unsigned char hmac_sha256_returnedbits[] =
14179 + {
14180 + 0x43,0x12,0x2a,0x2c,0x40,0x53,0x2e,0x7c,0x66,0x34,0xac,0xc3,
14181 + 0x43,0xe3,0xe0,0x6a,0xfc,0xfa,0xea,0x87,0x21,0x1f,0xe2,0x26,
14182 + 0xc4,0xf9,0x09,0x9a,0x0d,0x6e,0x7f,0xe0
14183 + };
14184 +
14185 +
14186 +/* HMAC SHA-384 PR */
14187 +__fips_constseg
14188 +static const unsigned char hmac_sha384_pr_entropyinput[] =
14189 + {
14190 + 0x69,0x81,0x98,0x88,0x44,0xf5,0xd6,0x2e,0x00,0x08,0x3b,0xc5,
14191 + 0xfb,0xd7,0x8e,0x6f,0x23,0xf8,0x6d,0x09,0xd6,0x85,0x49,0xd1,
14192 + 0xf8,0x6d,0xa4,0x58,0x54,0xfd,0x88,0xa9
14193 + };
14194 +
14195 +__fips_constseg
14196 +static const unsigned char hmac_sha384_pr_nonce[] =
14197 + {
14198 + 0x6e,0x38,0x81,0xca,0xb7,0xe8,0x6e,0x66,0x49,0x8a,0xb2,0x59,
14199 + 0xee,0x16,0xc9,0xde
14200 + };
14201 +
14202 +__fips_constseg
14203 +static const unsigned char hmac_sha384_pr_personalizationstring[] =
14204 + {
14205 + 0xfe,0x4c,0xd9,0xf4,0x78,0x3b,0x08,0x41,0x8d,0x8f,0x55,0xc4,
14206 + 0x43,0x56,0xb6,0x12,0x36,0x6b,0x30,0xb7,0x5e,0xe1,0xb9,0x47,
14207 + 0x04,0xb1,0x4e,0xa9,0x00,0xa1,0x52,0xa1
14208 + };
14209 +
14210 +__fips_constseg
14211 +static const unsigned char hmac_sha384_pr_additionalinput[] =
14212 + {
14213 + 0x89,0xe9,0xcc,0x8f,0x27,0x3c,0x26,0xd1,0x95,0xc8,0x7d,0x0f,
14214 + 0x5b,0x1a,0xf0,0x78,0x39,0x56,0x6f,0xa4,0x23,0xe7,0xd1,0xda,
14215 + 0x7c,0x66,0x33,0xa0,0x90,0xc9,0x92,0x88
14216 + };
14217 +
14218 +__fips_constseg
14219 +static const unsigned char hmac_sha384_pr_entropyinputpr[] =
14220 + {
14221 + 0xbe,0x3d,0x7c,0x0d,0xca,0xda,0x7c,0x49,0xb8,0x12,0x36,0xc0,
14222 + 0xdb,0xad,0x35,0xa8,0xc7,0x0b,0x2a,0x2c,0x69,0x6d,0x25,0x56,
14223 + 0x63,0x82,0x11,0x3e,0xa7,0x33,0x70,0x72
14224 + };
14225 +
14226 +__fips_constseg
14227 +static const unsigned char hmac_sha384_pr_int_returnedbits[] =
14228 + {
14229 + 0x82,0x3d,0xe6,0x54,0x80,0x42,0xf8,0xba,0x90,0x4f,0x06,0xa6,
14230 + 0xd2,0x7f,0xbf,0x79,0x7c,0x12,0x7d,0xa6,0xa2,0x66,0xe8,0xa6,
14231 + 0xc0,0xd6,0x4a,0x55,0xbf,0xd8,0x0a,0xc5,0xf8,0x03,0x88,0xdd,
14232 + 0x8e,0x87,0xd1,0x5a,0x48,0x26,0x72,0x2a,0x8e,0xcf,0xee,0xba
14233 + };
14234 +
14235 +__fips_constseg
14236 +static const unsigned char hmac_sha384_pr_additionalinput2[] =
14237 + {
14238 + 0x8f,0xff,0xd9,0x84,0xbb,0x85,0x3a,0x66,0xa1,0x21,0xce,0xb2,
14239 + 0x3a,0x3a,0x17,0x22,0x19,0xae,0xc7,0xb6,0x63,0x81,0xd5,0xff,
14240 + 0x0d,0xc8,0xe1,0xaf,0x57,0xd2,0xcb,0x60
14241 + };
14242 +
14243 +__fips_constseg
14244 +static const unsigned char hmac_sha384_pr_entropyinputpr2[] =
14245 + {
14246 + 0xd7,0xfb,0xc9,0xe8,0xe2,0xf2,0xaa,0x4c,0xb8,0x51,0x2f,0xe1,
14247 + 0x22,0xba,0xf3,0xda,0x0a,0x19,0x76,0x71,0x57,0xb2,0x1d,0x94,
14248 + 0x09,0x69,0x6c,0xd3,0x97,0x51,0x81,0x87
14249 + };
14250 +
14251 +__fips_constseg
14252 +static const unsigned char hmac_sha384_pr_returnedbits[] =
14253 + {
14254 + 0xe6,0x19,0x28,0xa8,0x21,0xce,0x5e,0xdb,0x24,0x79,0x8c,0x76,
14255 + 0x5d,0x73,0xb2,0xdf,0xac,0xef,0x85,0xa7,0x3b,0x19,0x09,0x8b,
14256 + 0x7f,0x98,0x28,0xa9,0x93,0xd8,0x7a,0xad,0x55,0x8b,0x24,0x9d,
14257 + 0xe6,0x98,0xfe,0x47,0xd5,0x48,0xc1,0x23,0xd8,0x1d,0x62,0x75
14258 + };
14259 +
14260 +
14261 +/* HMAC SHA-384 No PR */
14262 +__fips_constseg
14263 +static const unsigned char hmac_sha384_entropyinput[] =
14264 + {
14265 + 0xc3,0x56,0x2b,0x1d,0xc2,0xbb,0xa8,0xf0,0xae,0x1b,0x0d,0xd3,
14266 + 0x5a,0x6c,0xda,0x57,0x8e,0xa5,0x8a,0x0d,0x6c,0x4b,0x18,0xb1,
14267 + 0x04,0x3e,0xb4,0x99,0x35,0xc4,0xc0,0x5f
14268 + };
14269 +
14270 +__fips_constseg
14271 +static const unsigned char hmac_sha384_nonce[] =
14272 + {
14273 + 0xc5,0x49,0x1e,0x66,0x27,0x92,0xbe,0xec,0xb5,0x1e,0x4b,0xb1,
14274 + 0x38,0xe3,0xeb,0x62
14275 + };
14276 +
14277 +__fips_constseg
14278 +static const unsigned char hmac_sha384_personalizationstring[] =
14279 + {
14280 + 0xbe,0xe7,0x6b,0x57,0xde,0x88,0x11,0x96,0x9b,0x6e,0xea,0xe5,
14281 + 0x63,0x83,0x4c,0xb6,0x8d,0x66,0xaa,0x1f,0x8b,0x54,0xe7,0x62,
14282 + 0x6d,0x5a,0xfc,0xbf,0x97,0xba,0xcd,0x77
14283 + };
14284 +
14285 +__fips_constseg
14286 +static const unsigned char hmac_sha384_additionalinput[] =
14287 + {
14288 + 0xe5,0x28,0x5f,0x43,0xf5,0x83,0x6e,0x0a,0x83,0x5c,0xe3,0x81,
14289 + 0x03,0xf2,0xf8,0x78,0x00,0x7c,0x95,0x87,0x16,0xd6,0x6c,0x58,
14290 + 0x33,0x6c,0x53,0x35,0x0d,0x66,0xe3,0xce
14291 + };
14292 +
14293 +__fips_constseg
14294 +static const unsigned char hmac_sha384_int_returnedbits[] =
14295 + {
14296 + 0xe2,0x1f,0xf3,0xda,0x0d,0x19,0x99,0x87,0xc4,0x90,0xa2,0x31,
14297 + 0xca,0x2a,0x89,0x58,0x43,0x44,0xb8,0xde,0xcf,0xa4,0xbe,0x3b,
14298 + 0x53,0x26,0x22,0x31,0x76,0x41,0x22,0xb5,0xa8,0x70,0x2f,0x4b,
14299 + 0x64,0x95,0x4d,0x48,0x96,0x35,0xe6,0xbd,0x3c,0x34,0xdb,0x1b
14300 + };
14301 +
14302 +__fips_constseg
14303 +static const unsigned char hmac_sha384_entropyinputreseed[] =
14304 + {
14305 + 0x77,0x61,0xba,0xbc,0xf2,0xc1,0xf3,0x4b,0x86,0x65,0xfd,0x48,
14306 + 0x0e,0x3c,0x02,0x5e,0xa2,0x7a,0x6b,0x7c,0xed,0x21,0x5e,0xf9,
14307 + 0xcd,0xcd,0x77,0x07,0x2b,0xbe,0xc5,0x5c
14308 + };
14309 +
14310 +__fips_constseg
14311 +static const unsigned char hmac_sha384_additionalinputreseed[] =
14312 + {
14313 + 0x18,0x24,0x5f,0xc6,0x84,0xd1,0x67,0xc3,0x9a,0x11,0xa5,0x8c,
14314 + 0x07,0x39,0x21,0x83,0x4d,0x04,0xc4,0x6a,0x28,0x19,0xcf,0x92,
14315 + 0x21,0xd9,0x9e,0x41,0x72,0x6c,0x9e,0x63
14316 + };
14317 +
14318 +__fips_constseg
14319 +static const unsigned char hmac_sha384_additionalinput2[] =
14320 + {
14321 + 0x96,0x67,0x41,0x28,0x9b,0xb7,0x92,0x8d,0x64,0x3b,0xe4,0xcf,
14322 + 0x7e,0xaa,0x1e,0xb1,0x4b,0x1d,0x09,0x56,0x67,0x9c,0xc6,0x6d,
14323 + 0x3b,0xe8,0x91,0x9d,0xe1,0x8a,0xb7,0x32
14324 + };
14325 +
14326 +__fips_constseg
14327 +static const unsigned char hmac_sha384_returnedbits[] =
14328 + {
14329 + 0xe3,0x59,0x61,0x38,0x92,0xec,0xe2,0x3c,0xff,0xb7,0xdb,0x19,
14330 + 0x0f,0x5b,0x93,0x68,0x0d,0xa4,0x94,0x40,0x72,0x0b,0xe0,0xed,
14331 + 0x4d,0xcd,0x68,0xa0,0x1e,0xfe,0x67,0xb2,0xfa,0x21,0x56,0x74,
14332 + 0xa4,0xad,0xcf,0xb7,0x60,0x66,0x2e,0x40,0xde,0x82,0xca,0xfb
14333 + };
14334 +
14335 +
14336 +/* HMAC SHA-512 PR */
14337 +__fips_constseg
14338 +static const unsigned char hmac_sha512_pr_entropyinput[] =
14339 + {
14340 + 0xaa,0x9e,0x45,0x67,0x0e,0x00,0x2a,0x67,0x98,0xd6,0xda,0x0b,
14341 + 0x0f,0x17,0x7e,0xac,0xfd,0x27,0xc4,0xca,0x84,0xdf,0xde,0xba,
14342 + 0x85,0xd9,0xbe,0x8f,0xf3,0xff,0x91,0x4d
14343 + };
14344 +
14345 +__fips_constseg
14346 +static const unsigned char hmac_sha512_pr_nonce[] =
14347 + {
14348 + 0x8c,0x49,0x2f,0x58,0x1e,0x7a,0xda,0x4b,0x7e,0x8a,0x30,0x7b,
14349 + 0x86,0xea,0xaf,0xa2
14350 + };
14351 +
14352 +__fips_constseg
14353 +static const unsigned char hmac_sha512_pr_personalizationstring[] =
14354 + {
14355 + 0x71,0xe1,0xbb,0xad,0xa7,0x4b,0x2e,0x31,0x3b,0x0b,0xec,0x24,
14356 + 0x99,0x38,0xbc,0xaa,0x05,0x4c,0x46,0x44,0xfa,0xad,0x8e,0x02,
14357 + 0xc1,0x7e,0xad,0xec,0x54,0xa6,0xd0,0xad
14358 + };
14359 +
14360 +__fips_constseg
14361 +static const unsigned char hmac_sha512_pr_additionalinput[] =
14362 + {
14363 + 0x3d,0x6e,0xa6,0xa8,0x29,0x2a,0xb2,0xf5,0x98,0x42,0xe4,0x92,
14364 + 0x78,0x22,0x67,0xfd,0x1b,0x15,0x1e,0x29,0xaa,0x71,0x3c,0x3c,
14365 + 0xe7,0x05,0x20,0xa9,0x29,0xc6,0x75,0x71
14366 + };
14367 +
14368 +__fips_constseg
14369 +static const unsigned char hmac_sha512_pr_entropyinputpr[] =
14370 + {
14371 + 0xab,0xb9,0x16,0xd8,0x55,0x35,0x54,0xb7,0x97,0x3f,0x94,0xbc,
14372 + 0x2f,0x7c,0x70,0xc7,0xd0,0xed,0xb7,0x4b,0xf7,0xf6,0x6c,0x03,
14373 + 0x0c,0xb0,0x03,0xd8,0xbb,0x71,0xd9,0x10
14374 + };
14375 +
14376 +__fips_constseg
14377 +static const unsigned char hmac_sha512_pr_int_returnedbits[] =
14378 + {
14379 + 0x8e,0xd3,0xfd,0x52,0x9e,0x83,0x08,0x49,0x18,0x6e,0x23,0x56,
14380 + 0x5c,0x45,0x93,0x34,0x05,0xe2,0x98,0x8f,0x0c,0xd4,0x32,0x0c,
14381 + 0xfd,0xda,0x5f,0x92,0x3a,0x8c,0x81,0xbd,0xf6,0x6c,0x55,0xfd,
14382 + 0xb8,0x20,0xce,0x8d,0x97,0x27,0xe8,0xe8,0xe0,0xb3,0x85,0x50,
14383 + 0xa2,0xc2,0xb2,0x95,0x1d,0x48,0xd3,0x7b,0x4b,0x78,0x13,0x35,
14384 + 0x05,0x17,0xbe,0x0d
14385 + };
14386 +
14387 +__fips_constseg
14388 +static const unsigned char hmac_sha512_pr_additionalinput2[] =
14389 + {
14390 + 0xc3,0xfc,0x95,0xaa,0x69,0x06,0xae,0x59,0x41,0xce,0x26,0x08,
14391 + 0x29,0x6d,0x45,0xda,0xe8,0xb3,0x6c,0x95,0x60,0x0f,0x70,0x2c,
14392 + 0x10,0xba,0x38,0x8c,0xcf,0x29,0x99,0xaa
14393 + };
14394 +
14395 +__fips_constseg
14396 +static const unsigned char hmac_sha512_pr_entropyinputpr2[] =
14397 + {
14398 + 0x3b,0x9a,0x25,0xce,0xd7,0xf9,0x5c,0xd1,0x3a,0x3e,0xaa,0x71,
14399 + 0x14,0x3e,0x19,0xe8,0xce,0xe6,0xfe,0x51,0x84,0xe9,0x1b,0xfe,
14400 + 0x3f,0xa7,0xf2,0xfd,0x76,0x5f,0x6a,0xe7
14401 + };
14402 +
14403 +__fips_constseg
14404 +static const unsigned char hmac_sha512_pr_returnedbits[] =
14405 + {
14406 + 0xb7,0x82,0xa9,0x57,0x81,0x67,0x53,0xb5,0xa1,0xe9,0x3d,0x35,
14407 + 0xf9,0xe4,0x97,0xbe,0xa6,0xca,0xf1,0x01,0x13,0x09,0xe7,0x21,
14408 + 0xc0,0xed,0x93,0x5d,0x4b,0xf4,0xeb,0x8d,0x53,0x25,0x8a,0xc4,
14409 + 0xb1,0x6f,0x6e,0x37,0xcd,0x2e,0xac,0x39,0xb2,0xb6,0x99,0xa3,
14410 + 0x82,0x00,0xb0,0x21,0xf0,0xc7,0x2f,0x4c,0x73,0x92,0xfd,0x00,
14411 + 0xb6,0xaf,0xbc,0xd3
14412 + };
14413 +
14414 +
14415 +/* HMAC SHA-512 No PR */
14416 +__fips_constseg
14417 +static const unsigned char hmac_sha512_entropyinput[] =
14418 + {
14419 + 0x6e,0x85,0xe6,0x25,0x96,0x29,0xa7,0x52,0x5b,0x60,0xba,0xaa,
14420 + 0xde,0xdb,0x36,0x0a,0x51,0x9a,0x15,0xae,0x6e,0x18,0xd3,0xfe,
14421 + 0x39,0xb9,0x4a,0x96,0xf8,0x77,0xcb,0x95
14422 + };
14423 +
14424 +__fips_constseg
14425 +static const unsigned char hmac_sha512_nonce[] =
14426 + {
14427 + 0xe0,0xa6,0x5d,0x08,0xc3,0x7c,0xae,0x25,0x2e,0x80,0xd1,0x3e,
14428 + 0xd9,0xaf,0x43,0x3c
14429 + };
14430 +
14431 +__fips_constseg
14432 +static const unsigned char hmac_sha512_personalizationstring[] =
14433 + {
14434 + 0x53,0x99,0x52,0x5f,0x11,0xa9,0x64,0x66,0x20,0x5e,0x1b,0x5f,
14435 + 0x42,0xb3,0xf4,0xda,0xed,0xbb,0x63,0xc1,0x23,0xaf,0xd0,0x01,
14436 + 0x90,0x3b,0xd0,0x78,0xe4,0x0b,0xa7,0x20
14437 + };
14438 +
14439 +__fips_constseg
14440 +static const unsigned char hmac_sha512_additionalinput[] =
14441 + {
14442 + 0x85,0x90,0x80,0xd3,0x98,0xf1,0x53,0x6d,0x68,0x15,0x8f,0xe5,
14443 + 0x60,0x3f,0x17,0x29,0x55,0x8d,0x33,0xb1,0x45,0x64,0x64,0x8d,
14444 + 0x50,0x21,0x89,0xae,0xf6,0xfd,0x32,0x73
14445 + };
14446 +
14447 +__fips_constseg
14448 +static const unsigned char hmac_sha512_int_returnedbits[] =
14449 + {
14450 + 0x28,0x56,0x30,0x6f,0xf4,0xa1,0x48,0xe0,0xc9,0xf5,0x75,0x90,
14451 + 0xcc,0xfb,0xdf,0xdf,0x71,0x3d,0x0a,0x9a,0x03,0x65,0x3b,0x18,
14452 + 0x61,0xe3,0xd1,0xda,0xcc,0x4a,0xfe,0x55,0x38,0xf8,0x21,0x6b,
14453 + 0xfa,0x18,0x01,0x42,0x39,0x2f,0x99,0x53,0x38,0x15,0x82,0x34,
14454 + 0xc5,0x93,0x92,0xbc,0x4d,0x75,0x1a,0x5f,0x21,0x27,0xcc,0xa1,
14455 + 0xb1,0x57,0x69,0xe8
14456 + };
14457 +
14458 +__fips_constseg
14459 +static const unsigned char hmac_sha512_entropyinputreseed[] =
14460 + {
14461 + 0x8c,0x52,0x7e,0x77,0x72,0x3f,0xa3,0x04,0x97,0x10,0x9b,0x41,
14462 + 0xbd,0xe8,0xff,0x89,0xed,0x80,0xe3,0xbd,0xaa,0x12,0x2d,0xca,
14463 + 0x75,0x82,0x36,0x77,0x88,0xcd,0xa6,0x73
14464 + };
14465 +
14466 +__fips_constseg
14467 +static const unsigned char hmac_sha512_additionalinputreseed[] =
14468 + {
14469 + 0x7e,0x32,0xe3,0x69,0x69,0x07,0x34,0xa2,0x16,0xa2,0x5d,0x1a,
14470 + 0x10,0x91,0xd3,0xe2,0x21,0xa2,0xa3,0xdd,0xcd,0x0c,0x09,0x86,
14471 + 0x11,0xe1,0x50,0xff,0x5c,0xb7,0xeb,0x5c
14472 + };
14473 +
14474 +__fips_constseg
14475 +static const unsigned char hmac_sha512_additionalinput2[] =
14476 + {
14477 + 0x7f,0x78,0x66,0xd8,0xfb,0x67,0xcf,0x8d,0x8c,0x08,0x30,0xa5,
14478 + 0xf8,0x7d,0xcf,0x44,0x59,0xce,0xf8,0xdf,0x58,0xd3,0x60,0xcb,
14479 + 0xa8,0x60,0xb9,0x07,0xc4,0xb1,0x95,0x48
14480 + };
14481 +
14482 +__fips_constseg
14483 +static const unsigned char hmac_sha512_returnedbits[] =
14484 + {
14485 + 0xdf,0xa7,0x36,0xd4,0xdc,0x5d,0x4d,0x31,0xad,0x69,0x46,0x9f,
14486 + 0xf1,0x7c,0xd7,0x3b,0x4f,0x55,0xf2,0xd7,0xb9,0x9d,0xad,0x7a,
14487 + 0x79,0x08,0x59,0xa5,0xdc,0x74,0xf5,0x9b,0x73,0xd2,0x13,0x25,
14488 + 0x0b,0x81,0x08,0x08,0x25,0xfb,0x39,0xf2,0xf0,0xa3,0xa4,0x8d,
14489 + 0xef,0x05,0x9e,0xb8,0xc7,0x52,0xe4,0x0e,0x42,0xaa,0x7c,0x79,
14490 + 0xc2,0xd6,0xfd,0xa5
14491 + };
14492 +
14493 diff -up openssl-1.0.1b/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_dsa_selftest.c
14494 --- openssl-1.0.1b/crypto/fips/fips_dsa_selftest.c.fips 2012-04-26 18:00:51.404769387 +0200
14495 +++ openssl-1.0.1b/crypto/fips/fips_dsa_selftest.c 2012-04-26 18:00:51.404769387 +0200
14496 @@ -0,0 +1,193 @@
14497 +/* ====================================================================
14498 + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
14499 + *
14500 + * Redistribution and use in source and binary forms, with or without
14501 + * modification, are permitted provided that the following conditions
14502 + * are met:
14503 + *
14504 + * 1. Redistributions of source code must retain the above copyright
14505 + * notice, this list of conditions and the following disclaimer.
14506 + *
14507 + * 2. Redistributions in binary form must reproduce the above copyright
14508 + * notice, this list of conditions and the following disclaimer in
14509 + * the documentation and/or other materials provided with the
14510 + * distribution.
14511 + *
14512 + * 3. All advertising materials mentioning features or use of this
14513 + * software must display the following acknowledgment:
14514 + * "This product includes software developed by the OpenSSL Project
14515 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
14516 + *
14517 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
14518 + * endorse or promote products derived from this software without
14519 + * prior written permission. For written permission, please contact
14520 + * openssl-core@openssl.org.
14521 + *
14522 + * 5. Products derived from this software may not be called "OpenSSL"
14523 + * nor may "OpenSSL" appear in their names without prior written
14524 + * permission of the OpenSSL Project.
14525 + *
14526 + * 6. Redistributions of any form whatsoever must retain the following
14527 + * acknowledgment:
14528 + * "This product includes software developed by the OpenSSL Project
14529 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
14530 + *
14531 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
14532 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
14533 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
14534 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
14535 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
14536 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
14537 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
14538 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
14539 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
14540 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
14541 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
14542 + * OF THE POSSIBILITY OF SUCH DAMAGE.
14543 + *
14544 + */
14545 +
14546 +#include <string.h>
14547 +#include <openssl/crypto.h>
14548 +#include <openssl/dsa.h>
14549 +#include <openssl/fips.h>
14550 +#include <openssl/err.h>
14551 +#include <openssl/evp.h>
14552 +#include <openssl/bn.h>
14553 +#include "fips_locl.h"
14554 +
14555 +#ifdef OPENSSL_FIPS
14556 +
14557 +static const unsigned char dsa_test_2048_p[] = {
14558 + 0xa8,0x53,0x78,0xd8,0xfd,0x3f,0x8d,0x72,0xec,0x74,0x18,0x08,
14559 + 0x0d,0xa2,0x13,0x17,0xe4,0x3e,0xc4,0xb6,0x2b,0xa8,0xc8,0x62,
14560 + 0x3b,0x7e,0x4d,0x04,0x44,0x1d,0xd1,0xa0,0x65,0x86,0x62,0x59,
14561 + 0x64,0x93,0xca,0x8e,0x9e,0x8f,0xbb,0x7e,0x34,0xaa,0xdd,0xb6,
14562 + 0x2e,0x5d,0x67,0xb6,0xd0,0x9a,0x6e,0x61,0xb7,0x69,0xe7,0xc3,
14563 + 0x52,0xaa,0x2b,0x10,0xe2,0x0c,0xa0,0x63,0x69,0x63,0xb5,0x52,
14564 + 0x3e,0x86,0x47,0x0d,0xec,0xbb,0xed,0xa0,0x27,0xe7,0x97,0xe7,
14565 + 0xb6,0x76,0x35,0xd4,0xd4,0x9c,0x30,0x70,0x0e,0x74,0xaf,0x8a,
14566 + 0x0f,0xf1,0x56,0xa8,0x01,0xaf,0x57,0xa2,0x6e,0x70,0x78,0xf1,
14567 + 0xd8,0x2f,0x74,0x90,0x8e,0xcb,0x6d,0x07,0xe7,0x0b,0x35,0x03,
14568 + 0xee,0xd9,0x4f,0xa3,0x2c,0xf1,0x7a,0x7f,0xc3,0xd6,0xcf,0x40,
14569 + 0xdc,0x7b,0x00,0x83,0x0e,0x6a,0x25,0x66,0xdc,0x07,0x3e,0x34,
14570 + 0x33,0x12,0x51,0x7c,0x6a,0xa5,0x15,0x2b,0x4b,0xfe,0xcd,0x2e,
14571 + 0x55,0x1f,0xee,0x34,0x63,0x18,0xa1,0x53,0x42,0x3c,0x99,0x6b,
14572 + 0x0d,0x5d,0xcb,0x91,0x02,0xae,0xdd,0x38,0x79,0x86,0x16,0xf1,
14573 + 0xf1,0xe0,0xd6,0xc4,0x03,0x52,0x5b,0x1f,0x9b,0x3d,0x4d,0xc7,
14574 + 0x66,0xde,0x2d,0xfc,0x4a,0x56,0xd7,0xb8,0xba,0x59,0x63,0xd6,
14575 + 0x0f,0x3e,0x16,0x31,0x88,0x70,0xad,0x43,0x69,0x52,0xe5,0x57,
14576 + 0x65,0x37,0x4e,0xab,0x85,0xe8,0xec,0x17,0xd6,0xb9,0xa4,0x54,
14577 + 0x7b,0x9b,0x5f,0x27,0x52,0xf3,0x10,0x5b,0xe8,0x09,0xb2,0x3a,
14578 + 0x2c,0x8d,0x74,0x69,0xdb,0x02,0xe2,0x4d,0x59,0x23,0x94,0xa7,
14579 + 0xdb,0xa0,0x69,0xe9
14580 +};
14581 +
14582 +static const unsigned char dsa_test_2048_q[] = {
14583 + 0xd2,0x77,0x04,0x4e,0x50,0xf5,0xa4,0xe3,0xf5,0x10,0xa5,0x0a,
14584 + 0x0b,0x84,0xfd,0xff,0xbc,0xa0,0x47,0xed,0x27,0x60,0x20,0x56,
14585 + 0x74,0x41,0xa0,0xa5
14586 +};
14587 +
14588 +static const unsigned char dsa_test_2048_g[] = {
14589 + 0x13,0xd7,0x54,0xe2,0x1f,0xd2,0x41,0x65,0x5d,0xa8,0x91,0xc5,
14590 + 0x22,0xa6,0x5a,0x72,0xa8,0x9b,0xdc,0x64,0xec,0x9b,0x54,0xa8,
14591 + 0x21,0xed,0x4a,0x89,0x8b,0x49,0x0e,0x0c,0x4f,0xcb,0x72,0x19,
14592 + 0x2a,0x4a,0x20,0xf5,0x41,0xf3,0xf2,0x92,0x53,0x99,0xf0,0xba,
14593 + 0xec,0xf9,0x29,0xaa,0xfb,0xf7,0x9d,0xfe,0x43,0x32,0x39,0x3b,
14594 + 0x32,0xcd,0x2e,0x2f,0xcf,0x27,0x2f,0x32,0xa6,0x27,0x43,0x4a,
14595 + 0x0d,0xf2,0x42,0xb7,0x5b,0x41,0x4d,0xf3,0x72,0x12,0x1e,0x53,
14596 + 0xa5,0x53,0xf2,0x22,0xf8,0x36,0xb0,0x00,0xf0,0x16,0x48,0x5b,
14597 + 0x6b,0xd0,0x89,0x84,0x51,0x80,0x1d,0xcd,0x8d,0xe6,0x4c,0xd5,
14598 + 0x36,0x56,0x96,0xff,0xc5,0x32,0xd5,0x28,0xc5,0x06,0x62,0x0a,
14599 + 0x94,0x2a,0x03,0x05,0x04,0x6d,0x8f,0x18,0x76,0x34,0x1f,0x1e,
14600 + 0x57,0x0b,0xc3,0x97,0x4b,0xa6,0xb9,0xa4,0x38,0xe9,0x70,0x23,
14601 + 0x02,0xa2,0xe6,0xe6,0x7b,0xfd,0x06,0xd3,0x2b,0xc6,0x79,0x96,
14602 + 0x22,0x71,0xd7,0xb4,0x0c,0xd7,0x2f,0x38,0x6e,0x64,0xe0,0xd7,
14603 + 0xef,0x86,0xca,0x8c,0xa5,0xd1,0x42,0x28,0xdc,0x2a,0x4f,0x16,
14604 + 0xe3,0x18,0x98,0x86,0xb5,0x99,0x06,0x74,0xf4,0x20,0x0f,0x3a,
14605 + 0x4c,0xf6,0x5a,0x3f,0x0d,0xdb,0xa1,0xfa,0x67,0x2d,0xff,0x2f,
14606 + 0x5e,0x14,0x3d,0x10,0xe4,0xe9,0x7a,0xe8,0x4f,0x6d,0xa0,0x95,
14607 + 0x35,0xd5,0xb9,0xdf,0x25,0x91,0x81,0xa7,0x9b,0x63,0xb0,0x69,
14608 + 0xe9,0x49,0x97,0x2b,0x02,0xba,0x36,0xb3,0x58,0x6a,0xab,0x7e,
14609 + 0x45,0xf3,0x22,0xf8,0x2e,0x4e,0x85,0xca,0x3a,0xb8,0x55,0x91,
14610 + 0xb3,0xc2,0xa9,0x66
14611 +};
14612 +
14613 +static const unsigned char dsa_test_2048_pub_key[] = {
14614 + 0x24,0x52,0xf3,0xcc,0xbe,0x9e,0xd5,0xca,0x7d,0xc7,0x4c,0x60,
14615 + 0x2b,0x99,0x22,0x6e,0x8f,0x2f,0xab,0x38,0xe7,0xd7,0xdd,0xfb,
14616 + 0x75,0x53,0x9b,0x17,0x15,0x5e,0x9f,0xcf,0xd1,0xab,0xa5,0x64,
14617 + 0xeb,0x85,0x35,0xd8,0x12,0xc9,0xc2,0xdc,0xf9,0x72,0x84,0x44,
14618 + 0x1b,0xc4,0x82,0x24,0x36,0x24,0xc7,0xf4,0x57,0x58,0x0c,0x1c,
14619 + 0x38,0xa5,0x7c,0x46,0xc4,0x57,0x39,0x24,0x70,0xed,0xb5,0x2c,
14620 + 0xb5,0xa6,0xe0,0x3f,0xe6,0x28,0x7b,0xb6,0xf4,0x9a,0x42,0xa2,
14621 + 0x06,0x5a,0x05,0x4f,0x03,0x08,0x39,0xdf,0x1f,0xd3,0x14,0x9c,
14622 + 0x4c,0xa0,0x53,0x1d,0xd8,0xca,0x8a,0xaa,0x9c,0xc7,0x33,0x71,
14623 + 0x93,0x38,0x73,0x48,0x33,0x61,0x18,0x22,0x45,0x45,0xe8,0x8c,
14624 + 0x80,0xff,0xd8,0x76,0x5d,0x74,0x36,0x03,0x33,0xcc,0xab,0x99,
14625 + 0x72,0x77,0x9b,0x65,0x25,0xa6,0x5b,0xdd,0x0d,0x10,0xc6,0x75,
14626 + 0xc1,0x09,0xbb,0xd3,0xe5,0xbe,0x4d,0x72,0xef,0x6e,0xba,0x6e,
14627 + 0x43,0x8d,0x52,0x26,0x23,0x7d,0xb8,0x88,0x37,0x9c,0x5f,0xcc,
14628 + 0x47,0xa3,0x84,0x7f,0xf6,0x37,0x11,0xba,0xed,0x6d,0x03,0xaf,
14629 + 0xe8,0x1e,0x69,0x4a,0x41,0x3b,0x68,0x0b,0xd3,0x8a,0xb4,0x90,
14630 + 0x3f,0x83,0x70,0xa7,0x07,0xef,0x55,0x1d,0x49,0x41,0x02,0x6d,
14631 + 0x95,0x79,0xd6,0x91,0xde,0x8e,0xda,0xa1,0x61,0x05,0xeb,0x9d,
14632 + 0xba,0x3c,0x2f,0x4c,0x1b,0xec,0x50,0x82,0x75,0xaa,0x02,0x07,
14633 + 0xe2,0x51,0xb5,0xec,0xcb,0x28,0x6a,0x4b,0x01,0xd4,0x49,0xd3,
14634 + 0x0a,0xcb,0x67,0x37,0x17,0xa0,0xd2,0xfb,0x3b,0x50,0xc8,0x93,
14635 + 0xf7,0xda,0xb1,0x4f
14636 +};
14637 +
14638 +static const unsigned char dsa_test_2048_priv_key[] = {
14639 + 0x0c,0x4b,0x30,0x89,0xd1,0xb8,0x62,0xcb,0x3c,0x43,0x64,0x91,
14640 + 0xf0,0x91,0x54,0x70,0xc5,0x27,0x96,0xe3,0xac,0xbe,0xe8,0x00,
14641 + 0xec,0x55,0xf6,0xcc
14642 +};
14643 +
14644 +static int corrupt_dsa;
14645 +
14646 +void FIPS_corrupt_dsa()
14647 + {
14648 + corrupt_dsa = 1;
14649 + }
14650 +
14651 +int FIPS_selftest_dsa()
14652 + {
14653 + DSA *dsa = NULL;
14654 + EVP_PKEY *pk = NULL;
14655 + int ret = 0;
14656 +
14657 + dsa = DSA_new();
14658 +
14659 + if(dsa == NULL)
14660 + goto err;
14661 +
14662 + fips_load_key_component(dsa, p, dsa_test_2048);
14663 + fips_load_key_component(dsa, q, dsa_test_2048);
14664 + fips_load_key_component(dsa, g, dsa_test_2048);
14665 + fips_load_key_component(dsa, pub_key, dsa_test_2048);
14666 + fips_load_key_component(dsa, priv_key, dsa_test_2048);
14667 +
14668 + if (corrupt_dsa)
14669 + BN_set_bit(dsa->pub_key, 2047);
14670 +
14671 + if ((pk=EVP_PKEY_new()) == NULL)
14672 + goto err;
14673 +
14674 + EVP_PKEY_assign_DSA(pk, dsa);
14675 +
14676 + if (!fips_pkey_signature_test(pk, NULL, 0,
14677 + NULL, 0, EVP_sha256(), 0,
14678 + "DSA SHA256"))
14679 + goto err;
14680 + ret = 1;
14681 +
14682 + err:
14683 + if (pk)
14684 + EVP_PKEY_free(pk);
14685 + else if (dsa)
14686 + DSA_free(dsa);
14687 + return ret;
14688 + }
14689 +#endif
14690 diff -up openssl-1.0.1b/crypto/fips/fips_enc.c.fips openssl-1.0.1b/crypto/fips/fips_enc.c
14691 --- openssl-1.0.1b/crypto/fips/fips_enc.c.fips 2012-04-26 18:00:51.405769408 +0200
14692 +++ openssl-1.0.1b/crypto/fips/fips_enc.c 2012-04-26 18:00:51.405769408 +0200
14693 @@ -0,0 +1,191 @@
14694 +/* fipe/evp/fips_enc.c */
14695 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
14696 + * All rights reserved.
14697 + *
14698 + * This package is an SSL implementation written
14699 + * by Eric Young (eay@cryptsoft.com).
14700 + * The implementation was written so as to conform with Netscapes SSL.
14701 + *
14702 + * This library is free for commercial and non-commercial use as long as
14703 + * the following conditions are aheared to. The following conditions
14704 + * apply to all code found in this distribution, be it the RC4, RSA,
14705 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
14706 + * included with this distribution is covered by the same copyright terms
14707 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14708 + *
14709 + * Copyright remains Eric Young's, and as such any Copyright notices in
14710 + * the code are not to be removed.
14711 + * If this package is used in a product, Eric Young should be given attribution
14712 + * as the author of the parts of the library used.
14713 + * This can be in the form of a textual message at program startup or
14714 + * in documentation (online or textual) provided with the package.
14715 + *
14716 + * Redistribution and use in source and binary forms, with or without
14717 + * modification, are permitted provided that the following conditions
14718 + * are met:
14719 + * 1. Redistributions of source code must retain the copyright
14720 + * notice, this list of conditions and the following disclaimer.
14721 + * 2. Redistributions in binary form must reproduce the above copyright
14722 + * notice, this list of conditions and the following disclaimer in the
14723 + * documentation and/or other materials provided with the distribution.
14724 + * 3. All advertising materials mentioning features or use of this software
14725 + * must display the following acknowledgement:
14726 + * "This product includes cryptographic software written by
14727 + * Eric Young (eay@cryptsoft.com)"
14728 + * The word 'cryptographic' can be left out if the rouines from the library
14729 + * being used are not cryptographic related :-).
14730 + * 4. If you include any Windows specific code (or a derivative thereof) from
14731 + * the apps directory (application code) you must include an acknowledgement:
14732 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
14733 + *
14734 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
14735 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
14736 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
14737 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
14738 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
14739 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
14740 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
14741 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
14742 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
14743 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
14744 + * SUCH DAMAGE.
14745 + *
14746 + * The licence and distribution terms for any publically available version or
14747 + * derivative of this code cannot be changed. i.e. this code cannot simply be
14748 + * copied and put under another distribution licence
14749 + * [including the GNU Public Licence.]
14750 + */
14751 +
14752 +#include <stdio.h>
14753 +#include <string.h>
14754 +#include <openssl/evp.h>
14755 +#include <openssl/err.h>
14756 +#include <openssl/fips.h>
14757 +
14758 +const EVP_CIPHER *FIPS_get_cipherbynid(int nid)
14759 + {
14760 + switch (nid)
14761 + {
14762 + case NID_aes_128_cbc:
14763 + return EVP_aes_128_cbc();
14764 +
14765 + case NID_aes_128_ccm:
14766 + return EVP_aes_128_ccm();
14767 +
14768 + case NID_aes_128_cfb1:
14769 + return EVP_aes_128_cfb1();
14770 +
14771 + case NID_aes_128_cfb128:
14772 + return EVP_aes_128_cfb128();
14773 +
14774 + case NID_aes_128_cfb8:
14775 + return EVP_aes_128_cfb8();
14776 +
14777 + case NID_aes_128_ctr:
14778 + return EVP_aes_128_ctr();
14779 +
14780 + case NID_aes_128_ecb:
14781 + return EVP_aes_128_ecb();
14782 +
14783 + case NID_aes_128_gcm:
14784 + return EVP_aes_128_gcm();
14785 +
14786 + case NID_aes_128_ofb128:
14787 + return EVP_aes_128_ofb();
14788 +
14789 + case NID_aes_128_xts:
14790 + return EVP_aes_128_xts();
14791 +
14792 + case NID_aes_192_cbc:
14793 + return EVP_aes_192_cbc();
14794 +
14795 + case NID_aes_192_ccm:
14796 + return EVP_aes_192_ccm();
14797 +
14798 + case NID_aes_192_cfb1:
14799 + return EVP_aes_192_cfb1();
14800 +
14801 + case NID_aes_192_cfb128:
14802 + return EVP_aes_192_cfb128();
14803 +
14804 + case NID_aes_192_cfb8:
14805 + return EVP_aes_192_cfb8();
14806 +
14807 + case NID_aes_192_ctr:
14808 + return EVP_aes_192_ctr();
14809 +
14810 + case NID_aes_192_ecb:
14811 + return EVP_aes_192_ecb();
14812 +
14813 + case NID_aes_192_gcm:
14814 + return EVP_aes_192_gcm();
14815 +
14816 + case NID_aes_192_ofb128:
14817 + return EVP_aes_192_ofb();
14818 +
14819 + case NID_aes_256_cbc:
14820 + return EVP_aes_256_cbc();
14821 +
14822 + case NID_aes_256_ccm:
14823 + return EVP_aes_256_ccm();
14824 +
14825 + case NID_aes_256_cfb1:
14826 + return EVP_aes_256_cfb1();
14827 +
14828 + case NID_aes_256_cfb128:
14829 + return EVP_aes_256_cfb128();
14830 +
14831 + case NID_aes_256_cfb8:
14832 + return EVP_aes_256_cfb8();
14833 +
14834 + case NID_aes_256_ctr:
14835 + return EVP_aes_256_ctr();
14836 +
14837 + case NID_aes_256_ecb:
14838 + return EVP_aes_256_ecb();
14839 +
14840 + case NID_aes_256_gcm:
14841 + return EVP_aes_256_gcm();
14842 +
14843 + case NID_aes_256_ofb128:
14844 + return EVP_aes_256_ofb();
14845 +
14846 + case NID_aes_256_xts:
14847 + return EVP_aes_256_xts();
14848 +
14849 + case NID_des_ede_ecb:
14850 + return EVP_des_ede();
14851 +
14852 + case NID_des_ede3_ecb:
14853 + return EVP_des_ede3();
14854 +
14855 + case NID_des_ede3_cbc:
14856 + return EVP_des_ede3_cbc();
14857 +
14858 + case NID_des_ede3_cfb1:
14859 + return EVP_des_ede3_cfb1();
14860 +
14861 + case NID_des_ede3_cfb64:
14862 + return EVP_des_ede3_cfb64();
14863 +
14864 + case NID_des_ede3_cfb8:
14865 + return EVP_des_ede3_cfb8();
14866 +
14867 + case NID_des_ede3_ofb64:
14868 + return EVP_des_ede3_ofb();
14869 +
14870 + case NID_des_ede_cbc:
14871 + return EVP_des_ede_cbc();
14872 +
14873 + case NID_des_ede_cfb64:
14874 + return EVP_des_ede_cfb64();
14875 +
14876 + case NID_des_ede_ofb64:
14877 + return EVP_des_ede_ofb();
14878 +
14879 + default:
14880 + return NULL;
14881 +
14882 + }
14883 + }
14884 +
14885 diff -up openssl-1.0.1b/crypto/fips/fips.h.fips openssl-1.0.1b/crypto/fips/fips.h
14886 --- openssl-1.0.1b/crypto/fips/fips.h.fips 2012-04-26 18:00:51.405769408 +0200
14887 +++ openssl-1.0.1b/crypto/fips/fips.h 2012-04-26 18:00:51.405769408 +0200
14888 @@ -0,0 +1,279 @@
14889 +/* ====================================================================
14890 + * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
14891 + *
14892 + * Redistribution and use in source and binary forms, with or without
14893 + * modification, are permitted provided that the following conditions
14894 + * are met:
14895 + *
14896 + * 1. Redistributions of source code must retain the above copyright
14897 + * notice, this list of conditions and the following disclaimer.
14898 + *
14899 + * 2. Redistributions in binary form must reproduce the above copyright
14900 + * notice, this list of conditions and the following disclaimer in
14901 + * the documentation and/or other materials provided with the
14902 + * distribution.
14903 + *
14904 + * 3. All advertising materials mentioning features or use of this
14905 + * software must display the following acknowledgment:
14906 + * "This product includes software developed by the OpenSSL Project
14907 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
14908 + *
14909 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
14910 + * endorse or promote products derived from this software without
14911 + * prior written permission. For written permission, please contact
14912 + * openssl-core@openssl.org.
14913 + *
14914 + * 5. Products derived from this software may not be called "OpenSSL"
14915 + * nor may "OpenSSL" appear in their names without prior written
14916 + * permission of the OpenSSL Project.
14917 + *
14918 + * 6. Redistributions of any form whatsoever must retain the following
14919 + * acknowledgment:
14920 + * "This product includes software developed by the OpenSSL Project
14921 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
14922 + *
14923 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
14924 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
14925 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
14926 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
14927 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
14928 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
14929 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
14930 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
14931 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
14932 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
14933 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
14934 + * OF THE POSSIBILITY OF SUCH DAMAGE.
14935 + *
14936 + */
14937 +
14938 +#include <openssl/opensslconf.h>
14939 +#include <openssl/crypto.h>
14940 +#include <stdarg.h>
14941 +
14942 +#ifndef OPENSSL_FIPS
14943 +#error FIPS is disabled.
14944 +#endif
14945 +
14946 +#ifdef OPENSSL_FIPS
14947 +
14948 +#ifdef __cplusplus
14949 +extern "C" {
14950 +#endif
14951 +
14952 +struct dsa_st;
14953 +struct rsa_st;
14954 +struct evp_pkey_st;
14955 +struct env_md_st;
14956 +struct env_md_ctx_st;
14957 +struct evp_cipher_st;
14958 +struct evp_cipher_ctx_st;
14959 +struct dh_method;
14960 +struct CMAC_CTX_st;
14961 +struct hmac_ctx_st;
14962 +
14963 +int FIPS_module_mode_set(int onoff, const char *auth);
14964 +int FIPS_module_mode(void);
14965 +const void *FIPS_rand_check(void);
14966 +int FIPS_selftest(void);
14967 +int FIPS_selftest_failed(void);
14968 +void FIPS_corrupt_sha1(void);
14969 +int FIPS_selftest_sha1(void);
14970 +int FIPS_selftest_sha2(void);
14971 +void FIPS_corrupt_aes(void);
14972 +int FIPS_selftest_aes_ccm(void);
14973 +int FIPS_selftest_aes_gcm(void);
14974 +int FIPS_selftest_aes_xts(void);
14975 +int FIPS_selftest_aes(void);
14976 +void FIPS_corrupt_des(void);
14977 +int FIPS_selftest_des(void);
14978 +void FIPS_corrupt_rsa(void);
14979 +void FIPS_corrupt_rsa_keygen(void);
14980 +int FIPS_selftest_rsa(void);
14981 +void FIPS_corrupt_dsa(void);
14982 +void FIPS_corrupt_dsa_keygen(void);
14983 +int FIPS_selftest_dsa(void);
14984 +void FIPS_corrupt_rng(void);
14985 +void FIPS_rng_stick(void);
14986 +void FIPS_x931_stick(int onoff);
14987 +void FIPS_drbg_stick(int onoff);
14988 +int FIPS_selftest_rng(void);
14989 +int FIPS_selftest_x931(void);
14990 +int FIPS_selftest_hmac(void);
14991 +int FIPS_selftest_drbg(void);
14992 +int FIPS_selftest_drbg_all(void);
14993 +int FIPS_selftest_cmac(void);
14994 +
14995 +void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
14996 +
14997 +#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
14998 + alg " previous FIPS forbidden algorithm error ignored");
14999 +
15000 +int fips_pkey_signature_test(struct evp_pkey_st *pkey,
15001 + const unsigned char *tbs, int tbslen,
15002 + const unsigned char *kat, unsigned int katlen,
15003 + const struct env_md_st *digest, unsigned int md_flags,
15004 + const char *fail_str);
15005 +
15006 +int fips_cipher_test(struct evp_cipher_ctx_st *ctx,
15007 + const struct evp_cipher_st *cipher,
15008 + const unsigned char *key,
15009 + const unsigned char *iv,
15010 + const unsigned char *plaintext,
15011 + const unsigned char *ciphertext,
15012 + int len);
15013 +
15014 +void fips_set_selftest_fail(void);
15015 +
15016 +const struct env_md_st *FIPS_get_digestbynid(int nid);
15017 +
15018 +const struct evp_cipher_st *FIPS_get_cipherbynid(int nid);
15019 +
15020 +
15021 +/* BEGIN ERROR CODES */
15022 +/* The following lines are auto generated by the script mkerr.pl. Any changes
15023 + * made after this point may be overwritten when the script is next run.
15024 + */
15025 +void ERR_load_FIPS_strings(void);
15026 +
15027 +/* Error codes for the FIPS functions. */
15028 +
15029 +/* Function codes. */
15030 +#define FIPS_F_DH_BUILTIN_GENPARAMS 100
15031 +#define FIPS_F_DH_INIT 148
15032 +#define FIPS_F_DRBG_RESEED 162
15033 +#define FIPS_F_DSA_BUILTIN_PARAMGEN 101
15034 +#define FIPS_F_DSA_BUILTIN_PARAMGEN2 107
15035 +#define FIPS_F_DSA_DO_SIGN 102
15036 +#define FIPS_F_DSA_DO_VERIFY 103
15037 +#define FIPS_F_ECDH_COMPUTE_KEY 163
15038 +#define FIPS_F_ECDSA_DO_SIGN 164
15039 +#define FIPS_F_ECDSA_DO_VERIFY 165
15040 +#define FIPS_F_EC_KEY_GENERATE_KEY 166
15041 +#define FIPS_F_EVP_CIPHERINIT_EX 124
15042 +#define FIPS_F_EVP_DIGESTINIT_EX 125
15043 +#define FIPS_F_FIPS_CHECK_DSA 104
15044 +#define FIPS_F_FIPS_CHECK_DSA_PRNG 151
15045 +#define FIPS_F_FIPS_CHECK_EC 142
15046 +#define FIPS_F_FIPS_CHECK_EC_PRNG 152
15047 +#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105
15048 +#define FIPS_F_FIPS_CHECK_RSA 106
15049 +#define FIPS_F_FIPS_CHECK_RSA_PRNG 150
15050 +#define FIPS_F_FIPS_CIPHER 160
15051 +#define FIPS_F_FIPS_CIPHERINIT 143
15052 +#define FIPS_F_FIPS_CIPHER_CTX_CTRL 161
15053 +#define FIPS_F_FIPS_DIGESTFINAL 158
15054 +#define FIPS_F_FIPS_DIGESTINIT 128
15055 +#define FIPS_F_FIPS_DIGESTUPDATE 159
15056 +#define FIPS_F_FIPS_DRBG_BYTES 131
15057 +#define FIPS_F_FIPS_DRBG_CHECK 146
15058 +#define FIPS_F_FIPS_DRBG_CPRNG_TEST 132
15059 +#define FIPS_F_FIPS_DRBG_ERROR_CHECK 136
15060 +#define FIPS_F_FIPS_DRBG_GENERATE 134
15061 +#define FIPS_F_FIPS_DRBG_INIT 135
15062 +#define FIPS_F_FIPS_DRBG_INSTANTIATE 138
15063 +#define FIPS_F_FIPS_DRBG_NEW 139
15064 +#define FIPS_F_FIPS_DRBG_RESEED 140
15065 +#define FIPS_F_FIPS_DRBG_SINGLE_KAT 141
15066 +#define FIPS_F_FIPS_DSA_CHECK /* unused */ 107
15067 +#define FIPS_F_FIPS_DSA_SIGN_DIGEST 154
15068 +#define FIPS_F_FIPS_DSA_VERIFY_DIGEST 155
15069 +#define FIPS_F_FIPS_GET_ENTROPY 147
15070 +#define FIPS_F_FIPS_MODE_SET /* unused */ 108
15071 +#define FIPS_F_FIPS_MODULE_MODE_SET 108
15072 +#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109
15073 +#define FIPS_F_FIPS_RAND_ADD 137
15074 +#define FIPS_F_FIPS_RAND_BYTES 122
15075 +#define FIPS_F_FIPS_RAND_PSEUDO_BYTES 167
15076 +#define FIPS_F_FIPS_RAND_SEED 168
15077 +#define FIPS_F_FIPS_RAND_SET_METHOD 126
15078 +#define FIPS_F_FIPS_RAND_STATUS 127
15079 +#define FIPS_F_FIPS_RSA_SIGN_DIGEST 156
15080 +#define FIPS_F_FIPS_RSA_VERIFY_DIGEST 157
15081 +#define FIPS_F_FIPS_SELFTEST_AES 110
15082 +#define FIPS_F_FIPS_SELFTEST_AES_CCM 145
15083 +#define FIPS_F_FIPS_SELFTEST_AES_GCM 129
15084 +#define FIPS_F_FIPS_SELFTEST_AES_XTS 144
15085 +#define FIPS_F_FIPS_SELFTEST_CMAC 130
15086 +#define FIPS_F_FIPS_SELFTEST_DES 111
15087 +#define FIPS_F_FIPS_SELFTEST_DSA 112
15088 +#define FIPS_F_FIPS_SELFTEST_ECDSA 133
15089 +#define FIPS_F_FIPS_SELFTEST_HMAC 113
15090 +#define FIPS_F_FIPS_SELFTEST_RNG /* unused */ 114
15091 +#define FIPS_F_FIPS_SELFTEST_SHA1 115
15092 +#define FIPS_F_FIPS_SELFTEST_X931 114
15093 +#define FIPS_F_FIPS_SET_PRNG_KEY 153
15094 +#define FIPS_F_HASH_FINAL 123
15095 +#define FIPS_F_RSA_BUILTIN_KEYGEN 116
15096 +#define FIPS_F_RSA_EAY_INIT 149
15097 +#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 117
15098 +#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 118
15099 +#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 119
15100 +#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 120
15101 +#define FIPS_F_RSA_X931_GENERATE_KEY_EX 121
15102 +#define FIPS_F_SSLEAY_RAND_BYTES /* unused */ 122
15103 +
15104 +/* Reason codes. */
15105 +#define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED 150
15106 +#define FIPS_R_ADDITIONAL_INPUT_TOO_LONG 125
15107 +#define FIPS_R_ALREADY_INSTANTIATED 134
15108 +#define FIPS_R_AUTHENTICATION_FAILURE 151
15109 +#define FIPS_R_CANNOT_READ_EXE /* unused */ 103
15110 +#define FIPS_R_CANNOT_READ_EXE_DIGEST /* unused */ 104
15111 +#define FIPS_R_CONTRADICTING_EVIDENCE 114
15112 +#define FIPS_R_DRBG_NOT_INITIALISED 152
15113 +#define FIPS_R_DRBG_STUCK 103
15114 +#define FIPS_R_ENTROPY_ERROR_UNDETECTED 104
15115 +#define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105
15116 +#define FIPS_R_ENTROPY_SOURCE_STUCK 142
15117 +#define FIPS_R_ERROR_INITIALISING_DRBG 115
15118 +#define FIPS_R_ERROR_INSTANTIATING_DRBG 127
15119 +#define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 124
15120 +#define FIPS_R_ERROR_RETRIEVING_ENTROPY 122
15121 +#define FIPS_R_ERROR_RETRIEVING_NONCE 140
15122 +#define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH /* unused */ 105
15123 +#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110
15124 +#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111
15125 +#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112
15126 +#define FIPS_R_FIPS_MODE_ALREADY_SET 102
15127 +#define FIPS_R_FIPS_SELFTEST_FAILED 106
15128 +#define FIPS_R_FUNCTION_ERROR 116
15129 +#define FIPS_R_GENERATE_ERROR 137
15130 +#define FIPS_R_GENERATE_ERROR_UNDETECTED 118
15131 +#define FIPS_R_INSTANTIATE_ERROR 119
15132 +#define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 120
15133 +#define FIPS_R_INTERNAL_ERROR 121
15134 +#define FIPS_R_INVALID_KEY_LENGTH 109
15135 +#define FIPS_R_INVALID_PARAMETERS 144
15136 +#define FIPS_R_IN_ERROR_STATE 123
15137 +#define FIPS_R_KEY_TOO_SHORT 108
15138 +#define FIPS_R_NONCE_ERROR_UNDETECTED 149
15139 +#define FIPS_R_NON_FIPS_METHOD 100
15140 +#define FIPS_R_NOPR_TEST1_FAILURE 145
15141 +#define FIPS_R_NOPR_TEST2_FAILURE 146
15142 +#define FIPS_R_NOT_INSTANTIATED 126
15143 +#define FIPS_R_PAIRWISE_TEST_FAILED 107
15144 +#define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 128
15145 +#define FIPS_R_PERSONALISATION_STRING_TOO_LONG 129
15146 +#define FIPS_R_PRNG_STRENGTH_TOO_LOW 143
15147 +#define FIPS_R_PR_TEST1_FAILURE 147
15148 +#define FIPS_R_PR_TEST2_FAILURE 148
15149 +#define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 130
15150 +#define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 131
15151 +#define FIPS_R_RESEED_COUNTER_ERROR 132
15152 +#define FIPS_R_RESEED_ERROR 133
15153 +#define FIPS_R_RSA_DECRYPT_ERROR /* unused */ 115
15154 +#define FIPS_R_RSA_ENCRYPT_ERROR /* unused */ 116
15155 +#define FIPS_R_SELFTEST_FAILED 101
15156 +#define FIPS_R_SELFTEST_FAILURE 135
15157 +#define FIPS_R_STRENGTH_ERROR_UNDETECTED 136
15158 +#define FIPS_R_TEST_FAILURE 117
15159 +#define FIPS_R_UNINSTANTIATE_ERROR 141
15160 +#define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138
15161 +#define FIPS_R_UNSUPPORTED_DRBG_TYPE 139
15162 +#define FIPS_R_UNSUPPORTED_PLATFORM 113
15163 +
15164 +#ifdef __cplusplus
15165 +}
15166 +#endif
15167 +#endif
15168 diff -up openssl-1.0.1b/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_hmac_selftest.c
15169 --- openssl-1.0.1b/crypto/fips/fips_hmac_selftest.c.fips 2012-04-26 18:00:51.405769408 +0200
15170 +++ openssl-1.0.1b/crypto/fips/fips_hmac_selftest.c 2012-04-26 18:00:51.405769408 +0200
15171 @@ -0,0 +1,137 @@
15172 +/* ====================================================================
15173 + * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
15174 + *
15175 + * Redistribution and use in source and binary forms, with or without
15176 + * modification, are permitted provided that the following conditions
15177 + * are met:
15178 + *
15179 + * 1. Redistributions of source code must retain the above copyright
15180 + * notice, this list of conditions and the following disclaimer.
15181 + *
15182 + * 2. Redistributions in binary form must reproduce the above copyright
15183 + * notice, this list of conditions and the following disclaimer in
15184 + * the documentation and/or other materials provided with the
15185 + * distribution.
15186 + *
15187 + * 3. All advertising materials mentioning features or use of this
15188 + * software must display the following acknowledgment:
15189 + * "This product includes software developed by the OpenSSL Project
15190 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
15191 + *
15192 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
15193 + * endorse or promote products derived from this software without
15194 + * prior written permission. For written permission, please contact
15195 + * openssl-core@openssl.org.
15196 + *
15197 + * 5. Products derived from this software may not be called "OpenSSL"
15198 + * nor may "OpenSSL" appear in their names without prior written
15199 + * permission of the OpenSSL Project.
15200 + *
15201 + * 6. Redistributions of any form whatsoever must retain the following
15202 + * acknowledgment:
15203 + * "This product includes software developed by the OpenSSL Project
15204 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
15205 + *
15206 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
15207 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15208 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15209 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
15210 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15211 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
15212 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
15213 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15214 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
15215 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
15216 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
15217 + * OF THE POSSIBILITY OF SUCH DAMAGE.
15218 + *
15219 + */
15220 +
15221 +#include <string.h>
15222 +#include <openssl/err.h>
15223 +#ifdef OPENSSL_FIPS
15224 +#include <openssl/fips.h>
15225 +#endif
15226 +#include <openssl/hmac.h>
15227 +
15228 +#ifdef OPENSSL_FIPS
15229 +typedef struct {
15230 + const EVP_MD *(*alg)(void);
15231 + const char *key, *iv;
15232 + unsigned char kaval[EVP_MAX_MD_SIZE];
15233 +} HMAC_KAT;
15234 +
15235 +static const HMAC_KAT vector[] = {
15236 + { EVP_sha1,
15237 + /* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */
15238 + "0123456789:;<=>?@ABC",
15239 + "Sample #2",
15240 + { 0x09,0x22,0xd3,0x40,0x5f,0xaa,0x3d,0x19,
15241 + 0x4f,0x82,0xa4,0x58,0x30,0x73,0x7d,0x5c,
15242 + 0xc6,0xc7,0x5d,0x24 }
15243 + },
15244 + { EVP_sha224,
15245 + /* just keep extending the above... */
15246 + "0123456789:;<=>?@ABC",
15247 + "Sample #2",
15248 + { 0xdd,0xef,0x0a,0x40,0xcb,0x7d,0x50,0xfb,
15249 + 0x6e,0xe6,0xce,0xa1,0x20,0xba,0x26,0xaa,
15250 + 0x08,0xf3,0x07,0x75,0x87,0xb8,0xad,0x1b,
15251 + 0x8c,0x8d,0x12,0xc7 }
15252 + },
15253 + { EVP_sha256,
15254 + "0123456789:;<=>?@ABC",
15255 + "Sample #2",
15256 + { 0xb8,0xf2,0x0d,0xb5,0x41,0xea,0x43,0x09,
15257 + 0xca,0x4e,0xa9,0x38,0x0c,0xd0,0xe8,0x34,
15258 + 0xf7,0x1f,0xbe,0x91,0x74,0xa2,0x61,0x38,
15259 + 0x0d,0xc1,0x7e,0xae,0x6a,0x34,0x51,0xd9 }
15260 + },
15261 + { EVP_sha384,
15262 + "0123456789:;<=>?@ABC",
15263 + "Sample #2",
15264 + { 0x08,0xbc,0xb0,0xda,0x49,0x1e,0x87,0xad,
15265 + 0x9a,0x1d,0x6a,0xce,0x23,0xc5,0x0b,0xf6,
15266 + 0xb7,0x18,0x06,0xa5,0x77,0xcd,0x49,0x04,
15267 + 0x89,0xf1,0xe6,0x23,0x44,0x51,0x51,0x9f,
15268 + 0x85,0x56,0x80,0x79,0x0c,0xbd,0x4d,0x50,
15269 + 0xa4,0x5f,0x29,0xe3,0x93,0xf0,0xe8,0x7f }
15270 + },
15271 + { EVP_sha512,
15272 + "0123456789:;<=>?@ABC",
15273 + "Sample #2",
15274 + { 0x80,0x9d,0x44,0x05,0x7c,0x5b,0x95,0x41,
15275 + 0x05,0xbd,0x04,0x13,0x16,0xdb,0x0f,0xac,
15276 + 0x44,0xd5,0xa4,0xd5,0xd0,0x89,0x2b,0xd0,
15277 + 0x4e,0x86,0x64,0x12,0xc0,0x90,0x77,0x68,
15278 + 0xf1,0x87,0xb7,0x7c,0x4f,0xae,0x2c,0x2f,
15279 + 0x21,0xa5,0xb5,0x65,0x9a,0x4f,0x4b,0xa7,
15280 + 0x47,0x02,0xa3,0xde,0x9b,0x51,0xf1,0x45,
15281 + 0xbd,0x4f,0x25,0x27,0x42,0x98,0x99,0x05 }
15282 + },
15283 +};
15284 +
15285 +int FIPS_selftest_hmac()
15286 + {
15287 + int n;
15288 + unsigned int outlen;
15289 + unsigned char out[EVP_MAX_MD_SIZE];
15290 + const EVP_MD *md;
15291 + const HMAC_KAT *t;
15292 +
15293 + for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
15294 + {
15295 + md = (*t->alg)();
15296 + HMAC(md,t->key,strlen(t->key),
15297 + (const unsigned char *)t->iv,strlen(t->iv),
15298 + out,&outlen);
15299 +
15300 + if(memcmp(out,t->kaval,outlen))
15301 + {
15302 + FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
15303 + return 0;
15304 + }
15305 + }
15306 + return 1;
15307 + }
15308 +#endif
15309 diff -up openssl-1.0.1b/crypto/fips/fips_locl.h.fips openssl-1.0.1b/crypto/fips/fips_locl.h
15310 --- openssl-1.0.1b/crypto/fips/fips_locl.h.fips 2012-04-26 18:00:51.405769408 +0200
15311 +++ openssl-1.0.1b/crypto/fips/fips_locl.h 2012-04-26 18:00:51.405769408 +0200
15312 @@ -0,0 +1,71 @@
15313 +/* ====================================================================
15314 + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
15315 + *
15316 + * Redistribution and use in source and binary forms, with or without
15317 + * modification, are permitted provided that the following conditions
15318 + * are met:
15319 + *
15320 + * 1. Redistributions of source code must retain the above copyright
15321 + * notice, this list of conditions and the following disclaimer.
15322 + *
15323 + * 2. Redistributions in binary form must reproduce the above copyright
15324 + * notice, this list of conditions and the following disclaimer in
15325 + * the documentation and/or other materials provided with the
15326 + * distribution.
15327 + *
15328 + * 3. All advertising materials mentioning features or use of this
15329 + * software must display the following acknowledgment:
15330 + * "This product includes software developed by the OpenSSL Project
15331 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
15332 + *
15333 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
15334 + * endorse or promote products derived from this software without
15335 + * prior written permission. For written permission, please contact
15336 + * openssl-core@openssl.org.
15337 + *
15338 + * 5. Products derived from this software may not be called "OpenSSL"
15339 + * nor may "OpenSSL" appear in their names without prior written
15340 + * permission of the OpenSSL Project.
15341 + *
15342 + * 6. Redistributions of any form whatsoever must retain the following
15343 + * acknowledgment:
15344 + * "This product includes software developed by the OpenSSL Project
15345 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
15346 + *
15347 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
15348 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15349 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15350 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
15351 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15352 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
15353 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
15354 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15355 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
15356 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
15357 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
15358 + * OF THE POSSIBILITY OF SUCH DAMAGE.
15359 + *
15360 + */
15361 +
15362 +#ifdef OPENSSL_FIPS
15363 +
15364 +#ifdef __cplusplus
15365 +extern "C" {
15366 +#endif
15367 +
15368 +#define FIPS_MAX_CIPHER_TEST_SIZE 32
15369 +#define fips_load_key_component(key, comp, pre) \
15370 + key->comp = BN_bin2bn(pre##_##comp, sizeof(pre##_##comp), key->comp); \
15371 + if (!key->comp) \
15372 + goto err
15373 +
15374 +#define fips_post_started(id, subid, ex) 1
15375 +#define fips_post_success(id, subid, ex) 1
15376 +#define fips_post_failed(id, subid, ex) 1
15377 +#define fips_post_corrupt(id, subid, ex) 1
15378 +#define fips_post_status() 1
15379 +
15380 +#ifdef __cplusplus
15381 +}
15382 +#endif
15383 +#endif
15384 diff -up openssl-1.0.1b/crypto/fips/fips_md.c.fips openssl-1.0.1b/crypto/fips/fips_md.c
15385 --- openssl-1.0.1b/crypto/fips/fips_md.c.fips 2012-04-26 18:00:51.405769408 +0200
15386 +++ openssl-1.0.1b/crypto/fips/fips_md.c 2012-04-26 18:00:51.405769408 +0200
15387 @@ -0,0 +1,145 @@
15388 +/* fips/evp/fips_md.c */
15389 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
15390 + * All rights reserved.
15391 + *
15392 + * This package is an SSL implementation written
15393 + * by Eric Young (eay@cryptsoft.com).
15394 + * The implementation was written so as to conform with Netscapes SSL.
15395 + *
15396 + * This library is free for commercial and non-commercial use as long as
15397 + * the following conditions are aheared to. The following conditions
15398 + * apply to all code found in this distribution, be it the RC4, RSA,
15399 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
15400 + * included with this distribution is covered by the same copyright terms
15401 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15402 + *
15403 + * Copyright remains Eric Young's, and as such any Copyright notices in
15404 + * the code are not to be removed.
15405 + * If this package is used in a product, Eric Young should be given attribution
15406 + * as the author of the parts of the library used.
15407 + * This can be in the form of a textual message at program startup or
15408 + * in documentation (online or textual) provided with the package.
15409 + *
15410 + * Redistribution and use in source and binary forms, with or without
15411 + * modification, are permitted provided that the following conditions
15412 + * are met:
15413 + * 1. Redistributions of source code must retain the copyright
15414 + * notice, this list of conditions and the following disclaimer.
15415 + * 2. Redistributions in binary form must reproduce the above copyright
15416 + * notice, this list of conditions and the following disclaimer in the
15417 + * documentation and/or other materials provided with the distribution.
15418 + * 3. All advertising materials mentioning features or use of this software
15419 + * must display the following acknowledgement:
15420 + * "This product includes cryptographic software written by
15421 + * Eric Young (eay@cryptsoft.com)"
15422 + * The word 'cryptographic' can be left out if the rouines from the library
15423 + * being used are not cryptographic related :-).
15424 + * 4. If you include any Windows specific code (or a derivative thereof) from
15425 + * the apps directory (application code) you must include an acknowledgement:
15426 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
15427 + *
15428 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
15429 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15430 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
15431 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
15432 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
15433 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
15434 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15435 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
15436 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
15437 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
15438 + * SUCH DAMAGE.
15439 + *
15440 + * The licence and distribution terms for any publically available version or
15441 + * derivative of this code cannot be changed. i.e. this code cannot simply be
15442 + * copied and put under another distribution licence
15443 + * [including the GNU Public Licence.]
15444 + */
15445 +/* ====================================================================
15446 + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
15447 + *
15448 + * Redistribution and use in source and binary forms, with or without
15449 + * modification, are permitted provided that the following conditions
15450 + * are met:
15451 + *
15452 + * 1. Redistributions of source code must retain the above copyright
15453 + * notice, this list of conditions and the following disclaimer.
15454 + *
15455 + * 2. Redistributions in binary form must reproduce the above copyright
15456 + * notice, this list of conditions and the following disclaimer in
15457 + * the documentation and/or other materials provided with the
15458 + * distribution.
15459 + *
15460 + * 3. All advertising materials mentioning features or use of this
15461 + * software must display the following acknowledgment:
15462 + * "This product includes software developed by the OpenSSL Project
15463 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
15464 + *
15465 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
15466 + * endorse or promote products derived from this software without
15467 + * prior written permission. For written permission, please contact
15468 + * openssl-core@openssl.org.
15469 + *
15470 + * 5. Products derived from this software may not be called "OpenSSL"
15471 + * nor may "OpenSSL" appear in their names without prior written
15472 + * permission of the OpenSSL Project.
15473 + *
15474 + * 6. Redistributions of any form whatsoever must retain the following
15475 + * acknowledgment:
15476 + * "This product includes software developed by the OpenSSL Project
15477 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
15478 + *
15479 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
15480 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15481 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15482 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
15483 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15484 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
15485 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
15486 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15487 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
15488 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
15489 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
15490 + * OF THE POSSIBILITY OF SUCH DAMAGE.
15491 + * ====================================================================
15492 + *
15493 + * This product includes cryptographic software written by Eric Young
15494 + * (eay@cryptsoft.com). This product includes software written by Tim
15495 + * Hudson (tjh@cryptsoft.com).
15496 + *
15497 + */
15498 +
15499 +/* Minimal standalone FIPS versions of Digest operations */
15500 +
15501 +#define OPENSSL_FIPSAPI
15502 +
15503 +#include <stdio.h>
15504 +#include <string.h>
15505 +#include <openssl/objects.h>
15506 +#include <openssl/evp.h>
15507 +#include <openssl/err.h>
15508 +#include <openssl/fips.h>
15509 +
15510 +const EVP_MD *FIPS_get_digestbynid(int nid)
15511 + {
15512 + switch (nid)
15513 + {
15514 + case NID_sha1:
15515 + return EVP_sha1();
15516 +
15517 + case NID_sha224:
15518 + return EVP_sha224();
15519 +
15520 + case NID_sha256:
15521 + return EVP_sha256();
15522 +
15523 + case NID_sha384:
15524 + return EVP_sha384();
15525 +
15526 + case NID_sha512:
15527 + return EVP_sha512();
15528 +
15529 + default:
15530 + return NULL;
15531 + }
15532 + }
15533 diff -up openssl-1.0.1b/crypto/fips/fips_post.c.fips openssl-1.0.1b/crypto/fips/fips_post.c
15534 --- openssl-1.0.1b/crypto/fips/fips_post.c.fips 2012-04-26 18:00:51.406769429 +0200
15535 +++ openssl-1.0.1b/crypto/fips/fips_post.c 2012-04-26 18:00:51.406769429 +0200
15536 @@ -0,0 +1,205 @@
15537 +/* ====================================================================
15538 + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
15539 + *
15540 + * Redistribution and use in source and binary forms, with or without
15541 + * modification, are permitted provided that the following conditions
15542 + * are met:
15543 + *
15544 + * 1. Redistributions of source code must retain the above copyright
15545 + * notice, this list of conditions and the following disclaimer.
15546 + *
15547 + * 2. Redistributions in binary form must reproduce the above copyright
15548 + * notice, this list of conditions and the following disclaimer in
15549 + * the documentation and/or other materials provided with the
15550 + * distribution.
15551 + *
15552 + * 3. All advertising materials mentioning features or use of this
15553 + * software must display the following acknowledgment:
15554 + * "This product includes software developed by the OpenSSL Project
15555 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
15556 + *
15557 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
15558 + * endorse or promote products derived from this software without
15559 + * prior written permission. For written permission, please contact
15560 + * openssl-core@openssl.org.
15561 + *
15562 + * 5. Products derived from this software may not be called "OpenSSL"
15563 + * nor may "OpenSSL" appear in their names without prior written
15564 + * permission of the OpenSSL Project.
15565 + *
15566 + * 6. Redistributions of any form whatsoever must retain the following
15567 + * acknowledgment:
15568 + * "This product includes software developed by the OpenSSL Project
15569 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
15570 + *
15571 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
15572 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15573 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15574 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
15575 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15576 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
15577 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
15578 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15579 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
15580 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
15581 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
15582 + * OF THE POSSIBILITY OF SUCH DAMAGE.
15583 + *
15584 + */
15585 +
15586 +#define OPENSSL_FIPSAPI
15587 +
15588 +#include <openssl/crypto.h>
15589 +#include <openssl/rand.h>
15590 +#include <openssl/fips_rand.h>
15591 +#include <openssl/err.h>
15592 +#include <openssl/bio.h>
15593 +#include <openssl/hmac.h>
15594 +#include <openssl/rsa.h>
15595 +#include <openssl/dsa.h>
15596 +#include <string.h>
15597 +#include <limits.h>
15598 +
15599 +#ifdef OPENSSL_FIPS
15600 +
15601 +/* Power on self test (POST) support functions */
15602 +
15603 +#include <openssl/fips.h>
15604 +#include "fips_locl.h"
15605 +
15606 +/* Run all selftests */
15607 +int FIPS_selftest(void)
15608 + {
15609 + int rv = 1;
15610 + if (!FIPS_selftest_drbg())
15611 + rv = 0;
15612 + if (!FIPS_selftest_x931())
15613 + rv = 0;
15614 + if (!FIPS_selftest_sha1())
15615 + rv = 0;
15616 + if (!FIPS_selftest_sha2())
15617 + rv = 0;
15618 + if (!FIPS_selftest_hmac())
15619 + rv = 0;
15620 + if (!FIPS_selftest_cmac())
15621 + rv = 0;
15622 + if (!FIPS_selftest_aes())
15623 + rv = 0;
15624 + if (!FIPS_selftest_aes_ccm())
15625 + rv = 0;
15626 + if (!FIPS_selftest_aes_gcm())
15627 + rv = 0;
15628 + if (!FIPS_selftest_aes_xts())
15629 + rv = 0;
15630 + if (!FIPS_selftest_des())
15631 + rv = 0;
15632 + if (!FIPS_selftest_rsa())
15633 + rv = 0;
15634 + if (!FIPS_selftest_dsa())
15635 + rv = 0;
15636 + return rv;
15637 + }
15638 +
15639 +/* Generalized public key test routine. Signs and verifies the data
15640 + * supplied in tbs using mesage digest md and setting option digest
15641 + * flags md_flags. If the 'kat' parameter is not NULL it will
15642 + * additionally check the signature matches it: a known answer test
15643 + * The string "fail_str" is used for identification purposes in case
15644 + * of failure. If "pkey" is NULL just perform a message digest check.
15645 + */
15646 +
15647 +int fips_pkey_signature_test(EVP_PKEY *pkey,
15648 + const unsigned char *tbs, int tbslen,
15649 + const unsigned char *kat, unsigned int katlen,
15650 + const EVP_MD *digest, unsigned int md_flags,
15651 + const char *fail_str)
15652 + {
15653 + int ret = 0;
15654 + unsigned char sigtmp[256], *sig = sigtmp;
15655 + unsigned int siglen;
15656 + EVP_MD_CTX mctx;
15657 + EVP_MD_CTX_init(&mctx);
15658 +
15659 + if (digest == NULL)
15660 + digest = EVP_sha256();
15661 +
15662 + if ((pkey->type == EVP_PKEY_RSA)
15663 + && (RSA_size(pkey->pkey.rsa) > sizeof(sigtmp)))
15664 + {
15665 + sig = OPENSSL_malloc(RSA_size(pkey->pkey.rsa));
15666 + if (!sig)
15667 + {
15668 + FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,ERR_R_MALLOC_FAILURE);
15669 + return 0;
15670 + }
15671 + }
15672 +
15673 + if (tbslen == -1)
15674 + tbslen = strlen((char *)tbs);
15675 +
15676 + if (md_flags)
15677 + EVP_MD_CTX_set_flags(&mctx, md_flags);
15678 +
15679 + if (!EVP_SignInit_ex(&mctx, digest, NULL))
15680 + goto error;
15681 + if (!EVP_SignUpdate(&mctx, tbs, tbslen))
15682 + goto error;
15683 + if (!EVP_SignFinal(&mctx, sig, &siglen, pkey))
15684 + goto error;
15685 +
15686 + if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen)))
15687 + goto error;
15688 +
15689 + if (!EVP_VerifyInit_ex(&mctx, digest, NULL))
15690 + goto error;
15691 + if (!EVP_VerifyUpdate(&mctx, tbs, tbslen))
15692 + goto error;
15693 + ret = EVP_VerifyFinal(&mctx, sig, siglen, pkey);
15694 +
15695 + error:
15696 + if (sig != sigtmp)
15697 + OPENSSL_free(sig);
15698 + EVP_MD_CTX_cleanup(&mctx);
15699 + if (ret != 1)
15700 + {
15701 + FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,FIPS_R_TEST_FAILURE);
15702 + if (fail_str)
15703 + ERR_add_error_data(2, "Type=", fail_str);
15704 + return 0;
15705 + }
15706 + return 1;
15707 + }
15708 +
15709 +/* Generalized symmetric cipher test routine. Encrypt data, verify result
15710 + * against known answer, decrypt and compare with original plaintext.
15711 + */
15712 +
15713 +int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
15714 + const unsigned char *key,
15715 + const unsigned char *iv,
15716 + const unsigned char *plaintext,
15717 + const unsigned char *ciphertext,
15718 + int len)
15719 + {
15720 + unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
15721 + unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
15722 +
15723 + OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
15724 + memset(pltmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
15725 + memset(citmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
15726 +
15727 + if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0)
15728 + return 0;
15729 + if (EVP_Cipher(ctx, citmp, plaintext, len) <= 0)
15730 + return 0;
15731 + if (memcmp(citmp, ciphertext, len))
15732 + return 0;
15733 + if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0)
15734 + return 0;
15735 + if (EVP_Cipher(ctx, pltmp, citmp, len) <= 0)
15736 + return 0;
15737 + if (memcmp(pltmp, plaintext, len))
15738 + return 0;
15739 + return 1;
15740 + }
15741 +#endif
15742 diff -up openssl-1.0.1b/crypto/fips/fips_rand.c.fips openssl-1.0.1b/crypto/fips/fips_rand.c
15743 --- openssl-1.0.1b/crypto/fips/fips_rand.c.fips 2012-04-26 18:00:51.406769429 +0200
15744 +++ openssl-1.0.1b/crypto/fips/fips_rand.c 2012-04-26 18:00:51.406769429 +0200
15745 @@ -0,0 +1,457 @@
15746 +/* ====================================================================
15747 + * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
15748 + *
15749 + * Redistribution and use in source and binary forms, with or without
15750 + * modification, are permitted provided that the following conditions
15751 + * are met:
15752 + *
15753 + * 1. Redistributions of source code must retain the above copyright
15754 + * notice, this list of conditions and the following disclaimer.
15755 + *
15756 + * 2. Redistributions in binary form must reproduce the above copyright
15757 + * notice, this list of conditions and the following disclaimer in
15758 + * the documentation and/or other materials provided with the
15759 + * distribution.
15760 + *
15761 + * 3. All advertising materials mentioning features or use of this
15762 + * software must display the following acknowledgment:
15763 + * "This product includes software developed by the OpenSSL Project
15764 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
15765 + *
15766 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
15767 + * endorse or promote products derived from this software without
15768 + * prior written permission. For written permission, please contact
15769 + * openssl-core@openssl.org.
15770 + *
15771 + * 5. Products derived from this software may not be called "OpenSSL"
15772 + * nor may "OpenSSL" appear in their names without prior written
15773 + * permission of the OpenSSL Project.
15774 + *
15775 + * 6. Redistributions of any form whatsoever must retain the following
15776 + * acknowledgment:
15777 + * "This product includes software developed by the OpenSSL Project
15778 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
15779 + *
15780 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
15781 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15782 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
15783 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
15784 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
15785 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
15786 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
15787 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
15788 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
15789 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
15790 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
15791 + * OF THE POSSIBILITY OF SUCH DAMAGE.
15792 + *
15793 + */
15794 +
15795 +/*
15796 + * This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4.
15797 + */
15798 +#include <openssl/crypto.h>
15799 +#include "e_os.h"
15800 +
15801 +/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't
15802 + be defined and gettimeofday() won't be declared with strict compilers
15803 + like DEC C in ANSI C mode. */
15804 +#ifndef _XOPEN_SOURCE_EXTENDED
15805 +#define _XOPEN_SOURCE_EXTENDED 1
15806 +#endif
15807 +
15808 +#include <openssl/rand.h>
15809 +#include <openssl/aes.h>
15810 +#include <openssl/err.h>
15811 +#include <openssl/fips_rand.h>
15812 +#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS))
15813 +# include <sys/time.h>
15814 +#endif
15815 +#if defined(OPENSSL_SYS_VXWORKS)
15816 +# include <time.h>
15817 +#endif
15818 +#include <assert.h>
15819 +#ifndef OPENSSL_SYS_WIN32
15820 +# ifdef OPENSSL_UNISTD
15821 +# include OPENSSL_UNISTD
15822 +# else
15823 +# include <unistd.h>
15824 +# endif
15825 +#endif
15826 +#include <string.h>
15827 +#include <openssl/fips.h>
15828 +#include "fips_locl.h"
15829 +
15830 +#ifdef OPENSSL_FIPS
15831 +
15832 +void *OPENSSL_stderr(void);
15833 +
15834 +#define AES_BLOCK_LENGTH 16
15835 +
15836 +
15837 +/* AES FIPS PRNG implementation */
15838 +
15839 +typedef struct
15840 + {
15841 + int seeded;
15842 + int keyed;
15843 + int test_mode;
15844 + int second;
15845 + int error;
15846 + unsigned long counter;
15847 + AES_KEY ks;
15848 + int vpos;
15849 + /* Temporary storage for key if it equals seed length */
15850 + unsigned char tmp_key[AES_BLOCK_LENGTH];
15851 + unsigned char V[AES_BLOCK_LENGTH];
15852 + unsigned char DT[AES_BLOCK_LENGTH];
15853 + unsigned char last[AES_BLOCK_LENGTH];
15854 + } FIPS_PRNG_CTX;
15855 +
15856 +static FIPS_PRNG_CTX sctx;
15857 +
15858 +static int fips_prng_fail = 0;
15859 +
15860 +void FIPS_x931_stick(int onoff)
15861 + {
15862 + fips_prng_fail = onoff;
15863 + }
15864 +
15865 +void FIPS_rng_stick(void)
15866 + {
15867 + FIPS_x931_stick(1);
15868 + }
15869 +
15870 +static void fips_rand_prng_reset(FIPS_PRNG_CTX *ctx)
15871 + {
15872 + ctx->seeded = 0;
15873 + ctx->keyed = 0;
15874 + ctx->test_mode = 0;
15875 + ctx->counter = 0;
15876 + ctx->second = 0;
15877 + ctx->error = 0;
15878 + ctx->vpos = 0;
15879 + OPENSSL_cleanse(ctx->V, AES_BLOCK_LENGTH);
15880 + OPENSSL_cleanse(&ctx->ks, sizeof(AES_KEY));
15881 + }
15882 +
15883 +
15884 +static int fips_set_prng_key(FIPS_PRNG_CTX *ctx,
15885 + const unsigned char *key, unsigned int keylen)
15886 + {
15887 + if (FIPS_selftest_failed())
15888 + {
15889 + FIPSerr(FIPS_F_FIPS_SET_PRNG_KEY, FIPS_R_SELFTEST_FAILED);
15890 + return 0;
15891 + }
15892 + if (keylen != 16 && keylen != 24 && keylen != 32)
15893 + {
15894 + /* error: invalid key size */
15895 + return 0;
15896 + }
15897 + AES_set_encrypt_key(key, keylen << 3, &ctx->ks);
15898 + if (keylen == 16)
15899 + {
15900 + memcpy(ctx->tmp_key, key, 16);
15901 + ctx->keyed = 2;
15902 + }
15903 + else
15904 + ctx->keyed = 1;
15905 + ctx->seeded = 0;
15906 + ctx->second = 0;
15907 + return 1;
15908 + }
15909 +
15910 +static int fips_set_prng_seed(FIPS_PRNG_CTX *ctx,
15911 + const unsigned char *seed, unsigned int seedlen)
15912 + {
15913 + unsigned int i;
15914 + if (!ctx->keyed)
15915 + return 0;
15916 + /* In test mode seed is just supplied data */
15917 + if (ctx->test_mode)
15918 + {
15919 + if (seedlen != AES_BLOCK_LENGTH)
15920 + return 0;
15921 + memcpy(ctx->V, seed, AES_BLOCK_LENGTH);
15922 + ctx->seeded = 1;
15923 + return 1;
15924 + }
15925 + /* Outside test mode XOR supplied data with existing seed */
15926 + for (i = 0; i < seedlen; i++)
15927 + {
15928 + ctx->V[ctx->vpos++] ^= seed[i];
15929 + if (ctx->vpos == AES_BLOCK_LENGTH)
15930 + {
15931 + ctx->vpos = 0;
15932 + /* Special case if first seed and key length equals
15933 + * block size check key and seed do not match.
15934 + */
15935 + if (ctx->keyed == 2)
15936 + {
15937 + if (!memcmp(ctx->tmp_key, ctx->V, 16))
15938 + {
15939 + RANDerr(RAND_F_FIPS_SET_PRNG_SEED,
15940 + RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY);
15941 + return 0;
15942 + }
15943 + OPENSSL_cleanse(ctx->tmp_key, 16);
15944 + ctx->keyed = 1;
15945 + }
15946 + ctx->seeded = 1;
15947 + }
15948 + }
15949 + return 1;
15950 + }
15951 +
15952 +static int fips_set_test_mode(FIPS_PRNG_CTX *ctx)
15953 + {
15954 + if (ctx->keyed)
15955 + {
15956 + RANDerr(RAND_F_FIPS_SET_TEST_MODE,RAND_R_PRNG_KEYED);
15957 + return 0;
15958 + }
15959 + ctx->test_mode = 1;
15960 + return 1;
15961 + }
15962 +
15963 +int FIPS_x931_test_mode(void)
15964 + {
15965 + return fips_set_test_mode(&sctx);
15966 + }
15967 +
15968 +int FIPS_rand_test_mode(void)
15969 + {
15970 + return fips_set_test_mode(&sctx);
15971 + }
15972 +
15973 +
15974 +int FIPS_x931_set_dt(unsigned char *dt)
15975 + {
15976 + if (!sctx.test_mode)
15977 + {
15978 + RANDerr(RAND_F_FIPS_X931_SET_DT,RAND_R_NOT_IN_TEST_MODE);
15979 + return 0;
15980 + }
15981 + memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
15982 + return 1;
15983 + }
15984 +
15985 +int FIPS_rand_set_dt(unsigned char *dt)
15986 + {
15987 + if (!sctx.test_mode)
15988 + {
15989 + RANDerr(RAND_F_FIPS_RAND_SET_DT,RAND_R_NOT_IN_TEST_MODE);
15990 + return 0;
15991 + }
15992 + memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
15993 + return 1;
15994 + }
15995 +
15996 +void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr)
15997 + {
15998 +#ifdef OPENSSL_SYS_WIN32
15999 + FILETIME ft;
16000 +#elif defined(OPENSSL_SYS_VXWORKS)
16001 + struct timespec ts;
16002 +#else
16003 + struct timeval tv;
16004 +#endif
16005 +
16006 +#ifndef GETPID_IS_MEANINGLESS
16007 + unsigned long pid;
16008 +#endif
16009 +
16010 +#ifdef OPENSSL_SYS_WIN32
16011 + GetSystemTimeAsFileTime(&ft);
16012 + buf[0] = (unsigned char) (ft.dwHighDateTime & 0xff);
16013 + buf[1] = (unsigned char) ((ft.dwHighDateTime >> 8) & 0xff);
16014 + buf[2] = (unsigned char) ((ft.dwHighDateTime >> 16) & 0xff);
16015 + buf[3] = (unsigned char) ((ft.dwHighDateTime >> 24) & 0xff);
16016 + buf[4] = (unsigned char) (ft.dwLowDateTime & 0xff);
16017 + buf[5] = (unsigned char) ((ft.dwLowDateTime >> 8) & 0xff);
16018 + buf[6] = (unsigned char) ((ft.dwLowDateTime >> 16) & 0xff);
16019 + buf[7] = (unsigned char) ((ft.dwLowDateTime >> 24) & 0xff);
16020 +#elif defined(OPENSSL_SYS_VXWORKS)
16021 + clock_gettime(CLOCK_REALTIME, &ts);
16022 + buf[0] = (unsigned char) (ts.tv_sec & 0xff);
16023 + buf[1] = (unsigned char) ((ts.tv_sec >> 8) & 0xff);
16024 + buf[2] = (unsigned char) ((ts.tv_sec >> 16) & 0xff);
16025 + buf[3] = (unsigned char) ((ts.tv_sec >> 24) & 0xff);
16026 + buf[4] = (unsigned char) (ts.tv_nsec & 0xff);
16027 + buf[5] = (unsigned char) ((ts.tv_nsec >> 8) & 0xff);
16028 + buf[6] = (unsigned char) ((ts.tv_nsec >> 16) & 0xff);
16029 + buf[7] = (unsigned char) ((ts.tv_nsec >> 24) & 0xff);
16030 +#else
16031 + gettimeofday(&tv,NULL);
16032 + buf[0] = (unsigned char) (tv.tv_sec & 0xff);
16033 + buf[1] = (unsigned char) ((tv.tv_sec >> 8) & 0xff);
16034 + buf[2] = (unsigned char) ((tv.tv_sec >> 16) & 0xff);
16035 + buf[3] = (unsigned char) ((tv.tv_sec >> 24) & 0xff);
16036 + buf[4] = (unsigned char) (tv.tv_usec & 0xff);
16037 + buf[5] = (unsigned char) ((tv.tv_usec >> 8) & 0xff);
16038 + buf[6] = (unsigned char) ((tv.tv_usec >> 16) & 0xff);
16039 + buf[7] = (unsigned char) ((tv.tv_usec >> 24) & 0xff);
16040 +#endif
16041 + buf[8] = (unsigned char) (*pctr & 0xff);
16042 + buf[9] = (unsigned char) ((*pctr >> 8) & 0xff);
16043 + buf[10] = (unsigned char) ((*pctr >> 16) & 0xff);
16044 + buf[11] = (unsigned char) ((*pctr >> 24) & 0xff);
16045 +
16046 + (*pctr)++;
16047 +
16048 +
16049 +#ifndef GETPID_IS_MEANINGLESS
16050 + pid=(unsigned long)getpid();
16051 + buf[12] = (unsigned char) (pid & 0xff);
16052 + buf[13] = (unsigned char) ((pid >> 8) & 0xff);
16053 + buf[14] = (unsigned char) ((pid >> 16) & 0xff);
16054 + buf[15] = (unsigned char) ((pid >> 24) & 0xff);
16055 +#endif
16056 + }
16057 +
16058 +static int fips_rand(FIPS_PRNG_CTX *ctx,
16059 + unsigned char *out, unsigned int outlen)
16060 + {
16061 + unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH];
16062 + unsigned char tmp[AES_BLOCK_LENGTH];
16063 + int i;
16064 + if (ctx->error)
16065 + {
16066 + RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_ERROR);
16067 + return 0;
16068 + }
16069 + if (!ctx->keyed)
16070 + {
16071 + RANDerr(RAND_F_FIPS_RAND,RAND_R_NO_KEY_SET);
16072 + return 0;
16073 + }
16074 + if (!ctx->seeded)
16075 + {
16076 + RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_NOT_SEEDED);
16077 + return 0;
16078 + }
16079 + for (;;)
16080 + {
16081 + if (!ctx->test_mode)
16082 + FIPS_get_timevec(ctx->DT, &ctx->counter);
16083 + AES_encrypt(ctx->DT, I, &ctx->ks);
16084 + for (i = 0; i < AES_BLOCK_LENGTH; i++)
16085 + tmp[i] = I[i] ^ ctx->V[i];
16086 + AES_encrypt(tmp, R, &ctx->ks);
16087 + for (i = 0; i < AES_BLOCK_LENGTH; i++)
16088 + tmp[i] = R[i] ^ I[i];
16089 + AES_encrypt(tmp, ctx->V, &ctx->ks);
16090 + /* Continuous PRNG test */
16091 + if (ctx->second)
16092 + {
16093 + if (fips_prng_fail)
16094 + memcpy(ctx->last, R, AES_BLOCK_LENGTH);
16095 + if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH))
16096 + {
16097 + RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_STUCK);
16098 + ctx->error = 1;
16099 + fips_set_selftest_fail();
16100 + return 0;
16101 + }
16102 + }
16103 + memcpy(ctx->last, R, AES_BLOCK_LENGTH);
16104 + if (!ctx->second)
16105 + {
16106 + ctx->second = 1;
16107 + if (!ctx->test_mode)
16108 + continue;
16109 + }
16110 +
16111 + if (outlen <= AES_BLOCK_LENGTH)
16112 + {
16113 + memcpy(out, R, outlen);
16114 + break;
16115 + }
16116 +
16117 + memcpy(out, R, AES_BLOCK_LENGTH);
16118 + out += AES_BLOCK_LENGTH;
16119 + outlen -= AES_BLOCK_LENGTH;
16120 + }
16121 + return 1;
16122 + }
16123 +
16124 +
16125 +int FIPS_x931_set_key(const unsigned char *key, int keylen)
16126 + {
16127 + int ret;
16128 + CRYPTO_w_lock(CRYPTO_LOCK_RAND);
16129 + ret = fips_set_prng_key(&sctx, key, keylen);
16130 + CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
16131 + return ret;
16132 + }
16133 +
16134 +int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen)
16135 + {
16136 + return FIPS_x931_set_key(key, keylen);
16137 + }
16138 +
16139 +int FIPS_x931_seed(const void *seed, int seedlen)
16140 + {
16141 + int ret;
16142 + CRYPTO_w_lock(CRYPTO_LOCK_RAND);
16143 + ret = fips_set_prng_seed(&sctx, seed, seedlen);
16144 + CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
16145 + return ret;
16146 + }
16147 +
16148 +
16149 +int FIPS_x931_bytes(unsigned char *out, int count)
16150 + {
16151 + int ret;
16152 + CRYPTO_w_lock(CRYPTO_LOCK_RAND);
16153 + ret = fips_rand(&sctx, out, count);
16154 + CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
16155 + return ret;
16156 + }
16157 +
16158 +int FIPS_x931_status(void)
16159 + {
16160 + int ret;
16161 + CRYPTO_r_lock(CRYPTO_LOCK_RAND);
16162 + ret = sctx.seeded;
16163 + CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
16164 + return ret;
16165 + }
16166 +
16167 +void FIPS_x931_reset(void)
16168 + {
16169 + CRYPTO_w_lock(CRYPTO_LOCK_RAND);
16170 + fips_rand_prng_reset(&sctx);
16171 + CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
16172 + }
16173 +
16174 +static int fips_do_rand_seed(const void *seed, int seedlen)
16175 + {
16176 + FIPS_x931_seed(seed, seedlen);
16177 + return 1;
16178 + }
16179 +
16180 +static int fips_do_rand_add(const void *seed, int seedlen,
16181 + double add_entropy)
16182 + {
16183 + FIPS_x931_seed(seed, seedlen);
16184 + return 1;
16185 + }
16186 +
16187 +static const RAND_METHOD rand_x931_meth=
16188 + {
16189 + fips_do_rand_seed,
16190 + FIPS_x931_bytes,
16191 + FIPS_x931_reset,
16192 + fips_do_rand_add,
16193 + FIPS_x931_bytes,
16194 + FIPS_x931_status
16195 + };
16196 +
16197 +const RAND_METHOD *FIPS_x931_method(void)
16198 +{
16199 + return &rand_x931_meth;
16200 +}
16201 +
16202 +#endif
16203 diff -up openssl-1.0.1b/crypto/fips/fips_rand.h.fips openssl-1.0.1b/crypto/fips/fips_rand.h
16204 --- openssl-1.0.1b/crypto/fips/fips_rand.h.fips 2012-04-26 18:00:51.406769429 +0200
16205 +++ openssl-1.0.1b/crypto/fips/fips_rand.h 2012-04-26 18:00:51.406769429 +0200
16206 @@ -0,0 +1,145 @@
16207 +/* ====================================================================
16208 + * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
16209 + *
16210 + * Redistribution and use in source and binary forms, with or without
16211 + * modification, are permitted provided that the following conditions
16212 + * are met:
16213 + *
16214 + * 1. Redistributions of source code must retain the above copyright
16215 + * notice, this list of conditions and the following disclaimer.
16216 + *
16217 + * 2. Redistributions in binary form must reproduce the above copyright
16218 + * notice, this list of conditions and the following disclaimer in
16219 + * the documentation and/or other materials provided with the
16220 + * distribution.
16221 + *
16222 + * 3. All advertising materials mentioning features or use of this
16223 + * software must display the following acknowledgment:
16224 + * "This product includes software developed by the OpenSSL Project
16225 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
16226 + *
16227 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
16228 + * endorse or promote products derived from this software without
16229 + * prior written permission. For written permission, please contact
16230 + * openssl-core@openssl.org.
16231 + *
16232 + * 5. Products derived from this software may not be called "OpenSSL"
16233 + * nor may "OpenSSL" appear in their names without prior written
16234 + * permission of the OpenSSL Project.
16235 + *
16236 + * 6. Redistributions of any form whatsoever must retain the following
16237 + * acknowledgment:
16238 + * "This product includes software developed by the OpenSSL Project
16239 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
16240 + *
16241 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
16242 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16243 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16244 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
16245 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
16246 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
16247 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
16248 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
16249 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16250 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
16251 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
16252 + * OF THE POSSIBILITY OF SUCH DAMAGE.
16253 + *
16254 + */
16255 +
16256 +#ifndef HEADER_FIPS_RAND_H
16257 +#define HEADER_FIPS_RAND_H
16258 +
16259 +#include <openssl/aes.h>
16260 +#include <openssl/evp.h>
16261 +#include <openssl/hmac.h>
16262 +#include <openssl/rand.h>
16263 +
16264 +#ifdef OPENSSL_FIPS
16265 +
16266 +#ifdef __cplusplus
16267 +extern "C" {
16268 +#endif
16269 +
16270 +int FIPS_x931_set_key(const unsigned char *key, int keylen);
16271 +int FIPS_x931_seed(const void *buf, int num);
16272 +int FIPS_x931_bytes(unsigned char *out, int outlen);
16273 +
16274 +int FIPS_x931_test_mode(void);
16275 +void FIPS_x931_reset(void);
16276 +int FIPS_x931_set_dt(unsigned char *dt);
16277 +
16278 +int FIPS_x931_status(void);
16279 +
16280 +const RAND_METHOD *FIPS_x931_method(void);
16281 +
16282 +typedef struct drbg_ctx_st DRBG_CTX;
16283 +/* DRBG external flags */
16284 +/* Flag for CTR mode only: use derivation function ctr_df */
16285 +#define DRBG_FLAG_CTR_USE_DF 0x1
16286 +/* PRNG is in test state */
16287 +#define DRBG_FLAG_TEST 0x2
16288 +
16289 +DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags);
16290 +int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags);
16291 +int FIPS_drbg_instantiate(DRBG_CTX *dctx,
16292 + const unsigned char *pers, size_t perslen);
16293 +int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin, size_t adinlen);
16294 +int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
16295 + int prediction_resistance,
16296 + const unsigned char *adin, size_t adinlen);
16297 +
16298 +int FIPS_drbg_uninstantiate(DRBG_CTX *dctx);
16299 +void FIPS_drbg_free(DRBG_CTX *dctx);
16300 +
16301 +int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
16302 + size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
16303 + int entropy, size_t min_len, size_t max_len),
16304 + void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
16305 + size_t entropy_blocklen,
16306 + size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
16307 + int entropy, size_t min_len, size_t max_len),
16308 + void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen));
16309 +
16310 +int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
16311 + size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout),
16312 + void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
16313 + int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num),
16314 + int (*rand_add_cb)(DRBG_CTX *ctx,
16315 + const void *buf, int num, double entropy));
16316 +
16317 +void *FIPS_drbg_get_app_data(DRBG_CTX *ctx);
16318 +void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data);
16319 +size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx);
16320 +int FIPS_drbg_get_strength(DRBG_CTX *dctx);
16321 +void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval);
16322 +void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval);
16323 +
16324 +int FIPS_drbg_health_check(DRBG_CTX *dctx);
16325 +
16326 +DRBG_CTX *FIPS_get_default_drbg(void);
16327 +const RAND_METHOD *FIPS_drbg_method(void);
16328 +
16329 +
16330 +int FIPS_rand_set_method(const RAND_METHOD *meth);
16331 +const RAND_METHOD *FIPS_rand_get_method(void);
16332 +
16333 +void FIPS_rand_set_bits(int nbits);
16334 +
16335 +int FIPS_rand_strength(void);
16336 +
16337 +/* 1.0.0 compat functions */
16338 +int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen);
16339 +int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num);
16340 +int FIPS_rand_bytes(unsigned char *out, FIPS_RAND_SIZE_T outlen);
16341 +int FIPS_rand_test_mode(void);
16342 +void FIPS_rand_reset(void);
16343 +int FIPS_rand_set_dt(unsigned char *dt);
16344 +int FIPS_rand_status(void);
16345 +const RAND_METHOD *FIPS_rand_method(void);
16346 +
16347 +#ifdef __cplusplus
16348 +}
16349 +#endif
16350 +#endif
16351 +#endif
16352 diff -up openssl-1.0.1b/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1b/crypto/fips/fips_rand_lcl.h
16353 --- openssl-1.0.1b/crypto/fips/fips_rand_lcl.h.fips 2012-04-26 18:00:51.406769429 +0200
16354 +++ openssl-1.0.1b/crypto/fips/fips_rand_lcl.h 2012-04-26 18:00:51.406769429 +0200
16355 @@ -0,0 +1,219 @@
16356 +/* fips/rand/fips_rand_lcl.h */
16357 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
16358 + * project.
16359 + */
16360 +/* ====================================================================
16361 + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
16362 + *
16363 + * Redistribution and use in source and binary forms, with or without
16364 + * modification, are permitted provided that the following conditions
16365 + * are met:
16366 + *
16367 + * 1. Redistributions of source code must retain the above copyright
16368 + * notice, this list of conditions and the following disclaimer.
16369 + *
16370 + * 2. Redistributions in binary form must reproduce the above copyright
16371 + * notice, this list of conditions and the following disclaimer in
16372 + * the documentation and/or other materials provided with the
16373 + * distribution.
16374 + *
16375 + * 3. All advertising materials mentioning features or use of this
16376 + * software must display the following acknowledgment:
16377 + * "This product includes software developed by the OpenSSL Project
16378 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
16379 + *
16380 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
16381 + * endorse or promote products derived from this software without
16382 + * prior written permission. For written permission, please contact
16383 + * licensing@OpenSSL.org.
16384 + *
16385 + * 5. Products derived from this software may not be called "OpenSSL"
16386 + * nor may "OpenSSL" appear in their names without prior written
16387 + * permission of the OpenSSL Project.
16388 + *
16389 + * 6. Redistributions of any form whatsoever must retain the following
16390 + * acknowledgment:
16391 + * "This product includes software developed by the OpenSSL Project
16392 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
16393 + *
16394 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
16395 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16396 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16397 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
16398 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
16399 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
16400 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
16401 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
16402 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16403 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
16404 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
16405 + * OF THE POSSIBILITY OF SUCH DAMAGE.
16406 + * ====================================================================
16407 + */
16408 +
16409 +typedef struct drbg_hash_ctx_st DRBG_HASH_CTX;
16410 +typedef struct drbg_hmac_ctx_st DRBG_HMAC_CTX;
16411 +typedef struct drbg_ctr_ctx_st DRBG_CTR_CTX;
16412 +
16413 +/* 888 bits from 10.1 table 2 */
16414 +#define HASH_PRNG_MAX_SEEDLEN 111
16415 +
16416 +struct drbg_hash_ctx_st
16417 + {
16418 + const EVP_MD *md;
16419 + EVP_MD_CTX mctx;
16420 + unsigned char V[HASH_PRNG_MAX_SEEDLEN];
16421 + unsigned char C[HASH_PRNG_MAX_SEEDLEN];
16422 + /* Temporary value storage: should always exceed max digest length */
16423 + unsigned char vtmp[HASH_PRNG_MAX_SEEDLEN];
16424 + };
16425 +
16426 +struct drbg_hmac_ctx_st
16427 + {
16428 + const EVP_MD *md;
16429 + HMAC_CTX hctx;
16430 + unsigned char K[EVP_MAX_MD_SIZE];
16431 + unsigned char V[EVP_MAX_MD_SIZE];
16432 + };
16433 +
16434 +struct drbg_ctr_ctx_st
16435 + {
16436 + AES_KEY ks;
16437 + size_t keylen;
16438 + unsigned char K[32];
16439 + unsigned char V[16];
16440 + /* Temp variables used by derivation function */
16441 + AES_KEY df_ks;
16442 + AES_KEY df_kxks;
16443 + /* Temporary block storage used by ctr_df */
16444 + unsigned char bltmp[16];
16445 + size_t bltmp_pos;
16446 + unsigned char KX[48];
16447 + };
16448 +
16449 +/* DRBG internal flags */
16450 +
16451 +/* Functions shouldn't call err library */
16452 +#define DRBG_FLAG_NOERR 0x1
16453 +/* Custom reseed checking */
16454 +#define DRBG_CUSTOM_RESEED 0x2
16455 +
16456 +/* DRBG status values */
16457 +/* not initialised */
16458 +#define DRBG_STATUS_UNINITIALISED 0
16459 +/* ok and ready to generate random bits */
16460 +#define DRBG_STATUS_READY 1
16461 +/* reseed required */
16462 +#define DRBG_STATUS_RESEED 2
16463 +/* fatal error condition */
16464 +#define DRBG_STATUS_ERROR 3
16465 +
16466 +/* A default maximum length: larger than any reasonable value used in pratice */
16467 +
16468 +#define DRBG_MAX_LENGTH 0x7ffffff0
16469 +/* Maximum DRBG block length: all md sizes are bigger than cipher blocks sizes
16470 + * so use max digest length.
16471 + */
16472 +#define DRBG_MAX_BLOCK EVP_MAX_MD_SIZE
16473 +
16474 +#define DRBG_HEALTH_INTERVAL (1 << 24)
16475 +
16476 +/* DRBG context structure */
16477 +
16478 +struct drbg_ctx_st
16479 + {
16480 + /* First types common to all implementations */
16481 + /* DRBG type: a NID for the underlying algorithm */
16482 + int type;
16483 + /* Various external flags */
16484 + unsigned int xflags;
16485 + /* Various internal use only flags */
16486 + unsigned int iflags;
16487 + /* Used for periodic health checks */
16488 + int health_check_cnt, health_check_interval;
16489 +
16490 + /* The following parameters are setup by mechanism drbg_init() call */
16491 + int strength;
16492 + size_t blocklength;
16493 + size_t max_request;
16494 +
16495 + size_t min_entropy, max_entropy;
16496 + size_t min_nonce, max_nonce;
16497 + size_t max_pers, max_adin;
16498 + unsigned int reseed_counter;
16499 + unsigned int reseed_interval;
16500 + size_t seedlen;
16501 + int status;
16502 + /* Application data: typically used by test get_entropy */
16503 + void *app_data;
16504 + /* Implementation specific structures */
16505 + union
16506 + {
16507 + DRBG_HASH_CTX hash;
16508 + DRBG_HMAC_CTX hmac;
16509 + DRBG_CTR_CTX ctr;
16510 + } d;
16511 + /* Initialiase PRNG and setup callbacks below */
16512 + int (*init)(DRBG_CTX *ctx, int nid, int security, unsigned int flags);
16513 + /* Intantiate PRNG */
16514 + int (*instantiate)(DRBG_CTX *ctx,
16515 + const unsigned char *ent, size_t entlen,
16516 + const unsigned char *nonce, size_t noncelen,
16517 + const unsigned char *pers, size_t perslen);
16518 + /* reseed */
16519 + int (*reseed)(DRBG_CTX *ctx,
16520 + const unsigned char *ent, size_t entlen,
16521 + const unsigned char *adin, size_t adinlen);
16522 + /* generat output */
16523 + int (*generate)(DRBG_CTX *ctx,
16524 + unsigned char *out, size_t outlen,
16525 + const unsigned char *adin, size_t adinlen);
16526 + /* uninstantiate */
16527 + int (*uninstantiate)(DRBG_CTX *ctx);
16528 +
16529 + /* Entropy source block length */
16530 + size_t entropy_blocklen;
16531 +
16532 + /* entropy gathering function */
16533 + size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
16534 + int entropy, size_t min_len, size_t max_len);
16535 + /* Indicates we have finished with entropy buffer */
16536 + void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
16537 +
16538 + /* nonce gathering function */
16539 + size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
16540 + int entropy, size_t min_len, size_t max_len);
16541 + /* Indicates we have finished with nonce buffer */
16542 + void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
16543 +
16544 + /* Continuous random number test temporary area */
16545 + /* Last block */
16546 + unsigned char lb[EVP_MAX_MD_SIZE];
16547 + /* set if lb is valid */
16548 + int lb_valid;
16549 +
16550 + /* Callbacks used when called through RAND interface */
16551 + /* Get any additional input for generate */
16552 + size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout);
16553 + void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
16554 + /* Callback for RAND_seed(), RAND_add() */
16555 + int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num);
16556 + int (*rand_add_cb)(DRBG_CTX *ctx,
16557 + const void *buf, int num, double entropy);
16558 + };
16559 +
16560 +
16561 +int fips_drbg_ctr_init(DRBG_CTX *dctx);
16562 +int fips_drbg_hash_init(DRBG_CTX *dctx);
16563 +int fips_drbg_hmac_init(DRBG_CTX *dctx);
16564 +int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags);
16565 +int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out);
16566 +
16567 +const struct env_md_st *FIPS_get_digestbynid(int nid);
16568 +
16569 +const struct evp_cipher_st *FIPS_get_cipherbynid(int nid);
16570 +
16571 +#define FIPS_digestinit EVP_DigestInit
16572 +#define FIPS_digestupdate EVP_DigestUpdate
16573 +#define FIPS_digestfinal EVP_DigestFinal
16574 +#define M_EVP_MD_size EVP_MD_size
16575 diff -up openssl-1.0.1b/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1b/crypto/fips/fips_rand_lib.c
16576 --- openssl-1.0.1b/crypto/fips/fips_rand_lib.c.fips 2012-04-26 18:00:51.407769451 +0200
16577 +++ openssl-1.0.1b/crypto/fips/fips_rand_lib.c 2012-04-26 18:00:51.407769451 +0200
16578 @@ -0,0 +1,191 @@
16579 +/* ====================================================================
16580 + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
16581 + *
16582 + * Redistribution and use in source and binary forms, with or without
16583 + * modification, are permitted provided that the following conditions
16584 + * are met:
16585 + *
16586 + * 1. Redistributions of source code must retain the above copyright
16587 + * notice, this list of conditions and the following disclaimer.
16588 + *
16589 + * 2. Redistributions in binary form must reproduce the above copyright
16590 + * notice, this list of conditions and the following disclaimer in
16591 + * the documentation and/or other materials provided with the
16592 + * distribution.
16593 + *
16594 + * 3. All advertising materials mentioning features or use of this
16595 + * software must display the following acknowledgment:
16596 + * "This product includes software developed by the OpenSSL Project
16597 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
16598 + *
16599 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
16600 + * endorse or promote products derived from this software without
16601 + * prior written permission. For written permission, please contact
16602 + * openssl-core@openssl.org.
16603 + *
16604 + * 5. Products derived from this software may not be called "OpenSSL"
16605 + * nor may "OpenSSL" appear in their names without prior written
16606 + * permission of the OpenSSL Project.
16607 + *
16608 + * 6. Redistributions of any form whatsoever must retain the following
16609 + * acknowledgment:
16610 + * "This product includes software developed by the OpenSSL Project
16611 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
16612 + *
16613 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
16614 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16615 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16616 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
16617 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
16618 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
16619 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
16620 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
16621 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16622 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
16623 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
16624 + * OF THE POSSIBILITY OF SUCH DAMAGE.
16625 + *
16626 + */
16627 +
16628 +#include <openssl/crypto.h>
16629 +#include <openssl/rand.h>
16630 +#include <openssl/err.h>
16631 +#include <openssl/fips.h>
16632 +#include <openssl/fips_rand.h>
16633 +#include "e_os.h"
16634 +
16635 +/* FIPS API for PRNG use. Similar to RAND functionality but without
16636 + * ENGINE and additional checking for non-FIPS rand methods.
16637 + */
16638 +
16639 +static const RAND_METHOD *fips_rand_meth = NULL;
16640 +static int fips_approved_rand_meth = 0;
16641 +static int fips_rand_bits = 0;
16642 +
16643 +/* Allows application to override number of bits and uses non-FIPS methods */
16644 +void FIPS_rand_set_bits(int nbits)
16645 + {
16646 + fips_rand_bits = nbits;
16647 + }
16648 +
16649 +int FIPS_rand_set_method(const RAND_METHOD *meth)
16650 + {
16651 + if (!fips_rand_bits)
16652 + {
16653 + if (meth == FIPS_drbg_method())
16654 + fips_approved_rand_meth = 1;
16655 + else if (meth == FIPS_x931_method())
16656 + fips_approved_rand_meth = 2;
16657 + else
16658 + {
16659 + fips_approved_rand_meth = 0;
16660 + if (FIPS_module_mode())
16661 + {
16662 + FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD,
16663 + FIPS_R_NON_FIPS_METHOD);
16664 + return 0;
16665 + }
16666 + }
16667 + }
16668 + fips_rand_meth = meth;
16669 + return 1;
16670 + }
16671 +
16672 +const RAND_METHOD *FIPS_rand_get_method(void)
16673 + {
16674 + return fips_rand_meth;
16675 + }
16676 +
16677 +const RAND_METHOD *FIPS_rand_method(void)
16678 + {
16679 + return FIPS_rand_get_method();
16680 + }
16681 +
16682 +void FIPS_rand_reset(void)
16683 + {
16684 + if (fips_rand_meth && fips_rand_meth->cleanup)
16685 + fips_rand_meth->cleanup();
16686 + }
16687 +
16688 +int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num)
16689 + {
16690 + if (!fips_approved_rand_meth && FIPS_module_mode())
16691 + {
16692 + FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
16693 + return 0;
16694 + }
16695 + if (fips_rand_meth && fips_rand_meth->seed)
16696 + fips_rand_meth->seed(buf,num);
16697 + return 1;
16698 + }
16699 +
16700 +void FIPS_rand_add(const void *buf, int num, double entropy)
16701 + {
16702 + if (!fips_approved_rand_meth && FIPS_module_mode())
16703 + {
16704 + FIPSerr(FIPS_F_FIPS_RAND_ADD, FIPS_R_NON_FIPS_METHOD);
16705 + return;
16706 + }
16707 + if (fips_rand_meth && fips_rand_meth->add)
16708 + fips_rand_meth->add(buf,num,entropy);
16709 + }
16710 +
16711 +int FIPS_rand_bytes(unsigned char *buf, FIPS_RAND_SIZE_T num)
16712 + {
16713 + if (!fips_approved_rand_meth && FIPS_module_mode())
16714 + {
16715 + FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
16716 + return 0;
16717 + }
16718 + if (fips_rand_meth && fips_rand_meth->bytes)
16719 + return fips_rand_meth->bytes(buf,num);
16720 + return 0;
16721 + }
16722 +
16723 +int FIPS_rand_pseudo_bytes(unsigned char *buf, int num)
16724 + {
16725 + if (!fips_approved_rand_meth && FIPS_module_mode())
16726 + {
16727 + FIPSerr(FIPS_F_FIPS_RAND_PSEUDO_BYTES, FIPS_R_NON_FIPS_METHOD);
16728 + return 0;
16729 + }
16730 + if (fips_rand_meth && fips_rand_meth->pseudorand)
16731 + return fips_rand_meth->pseudorand(buf,num);
16732 + return -1;
16733 + }
16734 +
16735 +int FIPS_rand_status(void)
16736 + {
16737 + if (!fips_approved_rand_meth && FIPS_module_mode())
16738 + {
16739 + FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
16740 + return 0;
16741 + }
16742 + if (fips_rand_meth && fips_rand_meth->status)
16743 + return fips_rand_meth->status();
16744 + return 0;
16745 + }
16746 +
16747 +/* Return instantiated strength of PRNG. For DRBG this is an internal
16748 + * parameter. For X9.31 PRNG it is 80 bits (from SP800-131). Any other
16749 + * type of PRNG is not approved and returns 0 in FIPS mode and maximum
16750 + * 256 outside FIPS mode.
16751 + */
16752 +
16753 +int FIPS_rand_strength(void)
16754 + {
16755 + if (fips_rand_bits)
16756 + return fips_rand_bits;
16757 + if (fips_approved_rand_meth == 1)
16758 + return FIPS_drbg_get_strength(FIPS_get_default_drbg());
16759 + else if (fips_approved_rand_meth == 2)
16760 + return 80;
16761 + else if (fips_approved_rand_meth == 0)
16762 + {
16763 + if (FIPS_module_mode())
16764 + return 0;
16765 + else
16766 + return 256;
16767 + }
16768 + return 0;
16769 + }
16770 diff -up openssl-1.0.1b/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_rand_selftest.c
16771 --- openssl-1.0.1b/crypto/fips/fips_rand_selftest.c.fips 2012-04-26 18:00:51.407769451 +0200
16772 +++ openssl-1.0.1b/crypto/fips/fips_rand_selftest.c 2012-04-26 18:00:51.407769451 +0200
16773 @@ -0,0 +1,183 @@
16774 +/* ====================================================================
16775 + * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
16776 + *
16777 + * Redistribution and use in source and binary forms, with or without
16778 + * modification, are permitted provided that the following conditions
16779 + * are met:
16780 + *
16781 + * 1. Redistributions of source code must retain the above copyright
16782 + * notice, this list of conditions and the following disclaimer.
16783 + *
16784 + * 2. Redistributions in binary form must reproduce the above copyright
16785 + * notice, this list of conditions and the following disclaimer in
16786 + * the documentation and/or other materials provided with the
16787 + * distribution.
16788 + *
16789 + * 3. All advertising materials mentioning features or use of this
16790 + * software must display the following acknowledgment:
16791 + * "This product includes software developed by the OpenSSL Project
16792 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
16793 + *
16794 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
16795 + * endorse or promote products derived from this software without
16796 + * prior written permission. For written permission, please contact
16797 + * openssl-core@openssl.org.
16798 + *
16799 + * 5. Products derived from this software may not be called "OpenSSL"
16800 + * nor may "OpenSSL" appear in their names without prior written
16801 + * permission of the OpenSSL Project.
16802 + *
16803 + * 6. Redistributions of any form whatsoever must retain the following
16804 + * acknowledgment:
16805 + * "This product includes software developed by the OpenSSL Project
16806 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
16807 + *
16808 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
16809 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16810 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16811 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
16812 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
16813 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
16814 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
16815 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
16816 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
16817 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
16818 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
16819 + * OF THE POSSIBILITY OF SUCH DAMAGE.
16820 + *
16821 + */
16822 +
16823 +#include <string.h>
16824 +#include <openssl/err.h>
16825 +#include <openssl/fips.h>
16826 +#include <openssl/rand.h>
16827 +#include <openssl/fips_rand.h>
16828 +#include "fips_locl.h"
16829 +
16830 +#ifdef OPENSSL_FIPS
16831 +
16832 +
16833 +
16834 +typedef struct
16835 + {
16836 + unsigned char DT[16];
16837 + unsigned char V[16];
16838 + unsigned char R[16];
16839 + } AES_PRNG_TV;
16840 +
16841 +/* The following test vectors are taken directly from the RGNVS spec */
16842 +
16843 +static unsigned char aes_128_key[16] =
16844 + {0xf3,0xb1,0x66,0x6d,0x13,0x60,0x72,0x42,
16845 + 0xed,0x06,0x1c,0xab,0xb8,0xd4,0x62,0x02};
16846 +
16847 +static AES_PRNG_TV aes_128_tv =
16848 + {
16849 + /* DT */
16850 + {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
16851 + 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xf9},
16852 + /* V */
16853 + {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
16854 + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
16855 + /* R */
16856 + {0x59,0x53,0x1e,0xd1,0x3b,0xb0,0xc0,0x55,
16857 + 0x84,0x79,0x66,0x85,0xc1,0x2f,0x76,0x41}
16858 + };
16859 +
16860 +static unsigned char aes_192_key[24] =
16861 + {0x15,0xd8,0x78,0x0d,0x62,0xd3,0x25,0x6e,
16862 + 0x44,0x64,0x10,0x13,0x60,0x2b,0xa9,0xbc,
16863 + 0x4a,0xfb,0xca,0xeb,0x4c,0x8b,0x99,0x3b};
16864 +
16865 +static AES_PRNG_TV aes_192_tv =
16866 + {
16867 + /* DT */
16868 + {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
16869 + 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4b},
16870 + /* V */
16871 + {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
16872 + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
16873 + /* R */
16874 + {0x17,0x07,0xd5,0x28,0x19,0x79,0x1e,0xef,
16875 + 0xa5,0x0c,0xbf,0x25,0xe5,0x56,0xb4,0x93}
16876 + };
16877 +
16878 +static unsigned char aes_256_key[32] =
16879 + {0x6d,0x14,0x06,0x6c,0xb6,0xd8,0x21,0x2d,
16880 + 0x82,0x8d,0xfa,0xf2,0x7a,0x03,0xb7,0x9f,
16881 + 0x0c,0xc7,0x3e,0xcd,0x76,0xeb,0xee,0xb5,
16882 + 0x21,0x05,0x8c,0x4f,0x31,0x7a,0x80,0xbb};
16883 +
16884 +static AES_PRNG_TV aes_256_tv =
16885 + {
16886 + /* DT */
16887 + {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
16888 + 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x88},
16889 + /* V */
16890 + {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
16891 + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
16892 + /* R */
16893 + {0x35,0xc7,0xef,0xa7,0x78,0x4d,0x29,0xbc,
16894 + 0x82,0x79,0x99,0xfb,0xd0,0xb3,0x3b,0x72}
16895 + };
16896 +
16897 +void FIPS_corrupt_rng()
16898 + {
16899 + aes_192_tv.V[0]++;
16900 + }
16901 +
16902 +#define fips_x931_test(key, tv) \
16903 + do_x931_test(key, sizeof key, &tv)
16904 +
16905 +static int do_x931_test(unsigned char *key, int keylen,
16906 + AES_PRNG_TV *tv)
16907 + {
16908 + unsigned char R[16], V[16];
16909 + int rv = 1;
16910 + memcpy(V, tv->V, sizeof(V));
16911 + if (!FIPS_x931_set_key(key, keylen))
16912 + return 0;
16913 + if (!fips_post_started(FIPS_TEST_X931, keylen, NULL))
16914 + return 1;
16915 + if (!fips_post_corrupt(FIPS_TEST_X931, keylen, NULL))
16916 + V[0]++;
16917 + FIPS_x931_seed(V, 16);
16918 + FIPS_x931_set_dt(tv->DT);
16919 + FIPS_x931_bytes(R, 16);
16920 + if (memcmp(R, tv->R, 16))
16921 + {
16922 + fips_post_failed(FIPS_TEST_X931, keylen, NULL);
16923 + rv = 0;
16924 + }
16925 + else if (!fips_post_success(FIPS_TEST_X931, keylen, NULL))
16926 + return 0;
16927 + return rv;
16928 + }
16929 +
16930 +int FIPS_selftest_x931()
16931 + {
16932 + int rv = 1;
16933 + FIPS_x931_reset();
16934 + if (!FIPS_x931_test_mode())
16935 + {
16936 + FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
16937 + return 0;
16938 + }
16939 + if (!fips_x931_test(aes_128_key,aes_128_tv))
16940 + rv = 0;
16941 + if (!fips_x931_test(aes_192_key, aes_192_tv))
16942 + rv = 0;
16943 + if (!fips_x931_test(aes_256_key, aes_256_tv))
16944 + rv = 0;
16945 + FIPS_x931_reset();
16946 + if (!rv)
16947 + FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
16948 + return rv;
16949 + }
16950 +
16951 +int FIPS_selftest_rng(void)
16952 + {
16953 + return FIPS_selftest_x931();
16954 + }
16955 +
16956 +#endif
16957 diff -up openssl-1.0.1b/crypto/fips/fips_randtest.c.fips openssl-1.0.1b/crypto/fips/fips_randtest.c
16958 --- openssl-1.0.1b/crypto/fips/fips_randtest.c.fips 2012-04-26 18:00:51.407769451 +0200
16959 +++ openssl-1.0.1b/crypto/fips/fips_randtest.c 2012-04-26 18:00:51.407769451 +0200
16960 @@ -0,0 +1,250 @@
16961 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
16962 + * All rights reserved.
16963 + *
16964 + * This package is an SSL implementation written
16965 + * by Eric Young (eay@cryptsoft.com).
16966 + * The implementation was written so as to conform with Netscapes SSL.
16967 + *
16968 + * This library is free for commercial and non-commercial use as long as
16969 + * the following conditions are aheared to. The following conditions
16970 + * apply to all code found in this distribution, be it the RC4, RSA,
16971 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
16972 + * included with this distribution is covered by the same copyright terms
16973 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16974 + *
16975 + * Copyright remains Eric Young's, and as such any Copyright notices in
16976 + * the code are not to be removed.
16977 + * If this package is used in a product, Eric Young should be given attribution
16978 + * as the author of the parts of the library used.
16979 + * This can be in the form of a textual message at program startup or
16980 + * in documentation (online or textual) provided with the package.
16981 + *
16982 + * Redistribution and use in source and binary forms, with or without
16983 + * modification, are permitted provided that the following conditions
16984 + * are met:
16985 + * 1. Redistributions of source code must retain the copyright
16986 + * notice, this list of conditions and the following disclaimer.
16987 + * 2. Redistributions in binary form must reproduce the above copyright
16988 + * notice, this list of conditions and the following disclaimer in the
16989 + * documentation and/or other materials provided with the distribution.
16990 + * 3. All advertising materials mentioning features or use of this software
16991 + * must display the following acknowledgement:
16992 + * "This product includes cryptographic software written by
16993 + * Eric Young (eay@cryptsoft.com)"
16994 + * The word 'cryptographic' can be left out if the rouines from the library
16995 + * being used are not cryptographic related :-).
16996 + * 4. If you include any Windows specific code (or a derivative thereof) from
16997 + * the apps directory (application code) you must include an acknowledgement:
16998 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
16999 + *
17000 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
17001 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17002 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17003 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17004 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
17005 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
17006 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17007 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
17008 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
17009 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
17010 + * SUCH DAMAGE.
17011 + *
17012 + * The licence and distribution terms for any publically available version or
17013 + * derivative of this code cannot be changed. i.e. this code cannot simply be
17014 + * copied and put under another distribution licence
17015 + * [including the GNU Public Licence.]
17016 + */
17017 +/* ====================================================================
17018 + * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
17019 + *
17020 + * Redistribution and use in source and binary forms, with or without
17021 + * modification, are permitted provided that the following conditions
17022 + * are met:
17023 + *
17024 + * 1. Redistributions of source code must retain the above copyright
17025 + * notice, this list of conditions and the following disclaimer.
17026 + *
17027 + * 2. Redistributions in binary form must reproduce the above copyright
17028 + * notice, this list of conditions and the following disclaimer in
17029 + * the documentation and/or other materials provided with the
17030 + * distribution.
17031 + *
17032 + * 3. All advertising materials mentioning features or use of this
17033 + * software must display the following acknowledgment:
17034 + * "This product includes software developed by the OpenSSL Project
17035 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
17036 + *
17037 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
17038 + * endorse or promote products derived from this software without
17039 + * prior written permission. For written permission, please contact
17040 + * openssl-core@openssl.org.
17041 + *
17042 + * 5. Products derived from this software may not be called "OpenSSL"
17043 + * nor may "OpenSSL" appear in their names without prior written
17044 + * permission of the OpenSSL Project.
17045 + *
17046 + * 6. Redistributions of any form whatsoever must retain the following
17047 + * acknowledgment:
17048 + * "This product includes software developed by the OpenSSL Project
17049 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
17050 + *
17051 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
17052 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17053 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
17054 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
17055 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
17056 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
17057 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
17058 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17059 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
17060 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
17061 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
17062 + * OF THE POSSIBILITY OF SUCH DAMAGE.
17063 + *
17064 + */
17065 +
17066 +#include <stdio.h>
17067 +#include <stdlib.h>
17068 +#include <string.h>
17069 +#include <ctype.h>
17070 +#include <openssl/rand.h>
17071 +#include <openssl/fips_rand.h>
17072 +#include <openssl/err.h>
17073 +#include <openssl/bn.h>
17074 +
17075 +#include "e_os.h"
17076 +
17077 +#ifndef OPENSSL_FIPS
17078 +int main(int argc, char *argv[])
17079 +{
17080 + printf("No FIPS RAND support\n");
17081 + return(0);
17082 +}
17083 +
17084 +#else
17085 +
17086 +#include "fips_utl.h"
17087 +#include <openssl/fips.h>
17088 +
17089 +typedef struct
17090 + {
17091 + unsigned char DT[16];
17092 + unsigned char V[16];
17093 + unsigned char R[16];
17094 + } AES_PRNG_MCT;
17095 +
17096 +static const unsigned char aes_128_mct_key[16] =
17097 + {0x9f,0x5b,0x51,0x20,0x0b,0xf3,0x34,0xb5,
17098 + 0xd8,0x2b,0xe8,0xc3,0x72,0x55,0xc8,0x48};
17099 +
17100 +static const AES_PRNG_MCT aes_128_mct_tv = {
17101 + /* DT */
17102 + {0x63,0x76,0xbb,0xe5,0x29,0x02,0xba,0x3b,
17103 + 0x67,0xc9,0x25,0xfa,0x70,0x1f,0x11,0xac},
17104 + /* V */
17105 + {0x57,0x2c,0x8e,0x76,0x87,0x26,0x47,0x97,
17106 + 0x7e,0x74,0xfb,0xdd,0xc4,0x95,0x01,0xd1},
17107 + /* R */
17108 + {0x48,0xe9,0xbd,0x0d,0x06,0xee,0x18,0xfb,
17109 + 0xe4,0x57,0x90,0xd5,0xc3,0xfc,0x9b,0x73}
17110 +};
17111 +
17112 +static const unsigned char aes_192_mct_key[24] =
17113 + {0xb7,0x6c,0x34,0xd1,0x09,0x67,0xab,0x73,
17114 + 0x4d,0x5a,0xd5,0x34,0x98,0x16,0x0b,0x91,
17115 + 0xbc,0x35,0x51,0x16,0x6b,0xae,0x93,0x8a};
17116 +
17117 +static const AES_PRNG_MCT aes_192_mct_tv = {
17118 + /* DT */
17119 + {0x84,0xce,0x22,0x7d,0x91,0x5a,0xa3,0xc9,
17120 + 0x84,0x3c,0x0a,0xb3,0xa9,0x63,0x15,0x52},
17121 + /* V */
17122 + {0xb6,0xaf,0xe6,0x8f,0x99,0x9e,0x90,0x64,
17123 + 0xdd,0xc7,0x7a,0xc1,0xbb,0x90,0x3a,0x6d},
17124 + /* R */
17125 + {0xfc,0x85,0x60,0x9a,0x29,0x6f,0xef,0x21,
17126 + 0xdd,0x86,0x20,0x32,0x8a,0x29,0x6f,0x47}
17127 +};
17128 +
17129 +static const unsigned char aes_256_mct_key[32] =
17130 + {0x9b,0x05,0xc8,0x68,0xff,0x47,0xf8,0x3a,
17131 + 0xa6,0x3a,0xa8,0xcb,0x4e,0x71,0xb2,0xe0,
17132 + 0xb8,0x7e,0xf1,0x37,0xb6,0xb4,0xf6,0x6d,
17133 + 0x86,0x32,0xfc,0x1f,0x5e,0x1d,0x1e,0x50};
17134 +
17135 +static const AES_PRNG_MCT aes_256_mct_tv = {
17136 + /* DT */
17137 + {0x31,0x6e,0x35,0x9a,0xb1,0x44,0xf0,0xee,
17138 + 0x62,0x6d,0x04,0x46,0xe0,0xa3,0x92,0x4c},
17139 + /* V */
17140 + {0x4f,0xcd,0xc1,0x87,0x82,0x1f,0x4d,0xa1,
17141 + 0x3e,0x0e,0x56,0x44,0x59,0xe8,0x83,0xca},
17142 + /* R */
17143 + {0xc8,0x87,0xc2,0x61,0x5b,0xd0,0xb9,0xe1,
17144 + 0xe7,0xf3,0x8b,0xd7,0x5b,0xd5,0xf1,0x8d}
17145 +};
17146 +
17147 +static void dump(const unsigned char *b,int n)
17148 + {
17149 + while(n-- > 0)
17150 + {
17151 + printf(" %02x",*b++);
17152 + }
17153 + }
17154 +
17155 +static void compare(const unsigned char *result,const unsigned char *expected,
17156 + int n)
17157 + {
17158 + int i;
17159 +
17160 + for(i=0 ; i < n ; ++i)
17161 + if(result[i] != expected[i])
17162 + {
17163 + puts("Random test failed, got:");
17164 + dump(result,n);
17165 + puts("\n expected:");
17166 + dump(expected,n);
17167 + putchar('\n');
17168 + EXIT(1);
17169 + }
17170 + }
17171 +
17172 +
17173 +static void run_test(const unsigned char *key, int keylen,
17174 + const AES_PRNG_MCT *tv)
17175 + {
17176 + unsigned char buf[16], dt[16];
17177 + int i, j;
17178 + FIPS_x931_reset();
17179 + FIPS_x931_test_mode();
17180 + FIPS_x931_set_key(key, keylen);
17181 + FIPS_x931_seed(tv->V, 16);
17182 + memcpy(dt, tv->DT, 16);
17183 + for (i = 0; i < 10000; i++)
17184 + {
17185 + FIPS_x931_set_dt(dt);
17186 + FIPS_x931_bytes(buf, 16);
17187 + /* Increment DT */
17188 + for (j = 15; j >= 0; j--)
17189 + {
17190 + dt[j]++;
17191 + if (dt[j])
17192 + break;
17193 + }
17194 + }
17195 +
17196 + compare(buf,tv->R, 16);
17197 + }
17198 +
17199 +int main()
17200 + {
17201 + run_test(aes_128_mct_key, 16, &aes_128_mct_tv);
17202 + printf("FIPS PRNG test 1 done\n");
17203 + run_test(aes_192_mct_key, 24, &aes_192_mct_tv);
17204 + printf("FIPS PRNG test 2 done\n");
17205 + run_test(aes_256_mct_key, 32, &aes_256_mct_tv);
17206 + printf("FIPS PRNG test 3 done\n");
17207 + return 0;
17208 + }
17209 +
17210 +#endif
17211 diff -up openssl-1.0.1b/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_rsa_selftest.c
17212 --- openssl-1.0.1b/crypto/fips/fips_rsa_selftest.c.fips 2012-04-26 18:00:51.407769451 +0200
17213 +++ openssl-1.0.1b/crypto/fips/fips_rsa_selftest.c 2012-04-26 18:00:51.407769451 +0200
17214 @@ -0,0 +1,444 @@
17215 +/* ====================================================================
17216 + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
17217 + *
17218 + * Redistribution and use in source and binary forms, with or without
17219 + * modification, are permitted provided that the following conditions
17220 + * are met:
17221 + *
17222 + * 1. Redistributions of source code must retain the above copyright
17223 + * notice, this list of conditions and the following disclaimer.
17224 + *
17225 + * 2. Redistributions in binary form must reproduce the above copyright
17226 + * notice, this list of conditions and the following disclaimer in
17227 + * the documentation and/or other materials provided with the
17228 + * distribution.
17229 + *
17230 + * 3. All advertising materials mentioning features or use of this
17231 + * software must display the following acknowledgment:
17232 + * "This product includes software developed by the OpenSSL Project
17233 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
17234 + *
17235 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
17236 + * endorse or promote products derived from this software without
17237 + * prior written permission. For written permission, please contact
17238 + * openssl-core@openssl.org.
17239 + *
17240 + * 5. Products derived from this software may not be called "OpenSSL"
17241 + * nor may "OpenSSL" appear in their names without prior written
17242 + * permission of the OpenSSL Project.
17243 + *
17244 + * 6. Redistributions of any form whatsoever must retain the following
17245 + * acknowledgment:
17246 + * "This product includes software developed by the OpenSSL Project
17247 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
17248 + *
17249 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
17250 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17251 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
17252 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
17253 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
17254 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
17255 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
17256 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17257 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
17258 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
17259 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
17260 + * OF THE POSSIBILITY OF SUCH DAMAGE.
17261 + *
17262 + */
17263 +
17264 +#include <string.h>
17265 +#include <openssl/err.h>
17266 +#ifdef OPENSSL_FIPS
17267 +#include <openssl/fips.h>
17268 +#endif
17269 +#include <openssl/rsa.h>
17270 +#include <openssl/evp.h>
17271 +#include <openssl/bn.h>
17272 +#include <openssl/opensslconf.h>
17273 +
17274 +#ifdef OPENSSL_FIPS
17275 +
17276 +static const unsigned char n[] =
17277 +"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
17278 +"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
17279 +"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
17280 +"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
17281 +"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
17282 +"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
17283 +"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
17284 +"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
17285 +"\xCB";
17286 +
17287 +static int corrupt_rsa;
17288 +
17289 +static int setrsakey(RSA *key)
17290 + {
17291 + static const unsigned char e[] = "\x11";
17292 +
17293 + static const unsigned char d[] =
17294 +"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
17295 +"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
17296 +"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
17297 +"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
17298 +"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
17299 +"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
17300 +"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
17301 +"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
17302 +"\xC1";
17303 +
17304 + static const unsigned char p[] =
17305 +"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
17306 +"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
17307 +"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
17308 +"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
17309 +"\x99";
17310 +
17311 + static const unsigned char q[] =
17312 +"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
17313 +"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
17314 +"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
17315 +"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
17316 +"\x03";
17317 +
17318 + static const unsigned char dmp1[] =
17319 +"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
17320 +"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
17321 +"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
17322 +"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
17323 +
17324 + static const unsigned char dmq1[] =
17325 +"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
17326 +"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
17327 +"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
17328 +"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
17329 +
17330 + static const unsigned char iqmp[] =
17331 +"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
17332 +"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
17333 +"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
17334 +"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
17335 +"\xF7";
17336 +
17337 + key->n = BN_bin2bn(n, sizeof(n)-1, key->n);
17338 + if (corrupt_rsa)
17339 + BN_set_bit(key->n, 1024);
17340 + key->e = BN_bin2bn(e, sizeof(e)-1, key->e);
17341 + key->d = BN_bin2bn(d, sizeof(d)-1, key->d);
17342 + key->p = BN_bin2bn(p, sizeof(p)-1, key->p);
17343 + key->q = BN_bin2bn(q, sizeof(q)-1, key->q);
17344 + key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1);
17345 + key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1);
17346 + key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp);
17347 + return 1;
17348 + }
17349 +
17350 +void FIPS_corrupt_rsa()
17351 + {
17352 + corrupt_rsa = 1;
17353 + }
17354 +
17355 +/* Known Answer Test (KAT) data for the above RSA private key signing
17356 + * kat_tbs.
17357 + */
17358 +
17359 +static const unsigned char kat_tbs[] = "OpenSSL FIPS 140-2 Public Key RSA KAT";
17360 +
17361 +static const unsigned char kat_RSA_PSS_SHA1[] = {
17362 + 0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9, 0x46, 0xDA, 0x0F,
17363 + 0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D, 0xD2, 0x90, 0xBB,
17364 + 0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C, 0xB7, 0xF8, 0xD3,
17365 + 0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7, 0x83, 0xD5, 0x4C,
17366 + 0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51, 0x60, 0xD0, 0xA7,
17367 + 0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E, 0x3F, 0x9B, 0xF5,
17368 + 0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47, 0xF0, 0xC5, 0x45,
17369 + 0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F, 0xF8, 0xB7, 0x31,
17370 + 0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB, 0x9F, 0xBA, 0xE8,
17371 + 0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E, 0x20, 0x25, 0x84,
17372 + 0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9
17373 +};
17374 +
17375 +static const unsigned char kat_RSA_PSS_SHA224[] = {
17376 + 0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF, 0xC5, 0x58, 0xA7,
17377 + 0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98, 0x08, 0x95, 0xFA,
17378 + 0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87, 0x7B, 0x1F, 0x57,
17379 + 0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55, 0x54, 0x1C, 0x89,
17380 + 0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC, 0x86, 0x05, 0xEE,
17381 + 0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64, 0x0B, 0xAB, 0x22,
17382 + 0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64, 0x62, 0xD1, 0xB5,
17383 + 0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA, 0x38, 0x24, 0x49,
17384 + 0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5, 0x03, 0xEA, 0x2D,
17385 + 0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF, 0x95, 0xC0, 0x00,
17386 + 0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0
17387 +};
17388 +
17389 +static const unsigned char kat_RSA_PSS_SHA256[] = {
17390 + 0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0, 0x31, 0xE3, 0x89,
17391 + 0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25, 0x9A, 0xF3, 0x8F,
17392 + 0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D, 0x7D, 0x73, 0x28,
17393 + 0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3, 0x96, 0x73, 0x4E,
17394 + 0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D, 0x49, 0x47, 0x05,
17395 + 0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D, 0x6D, 0x26, 0xBA,
17396 + 0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A, 0xF3, 0xDA, 0xB6,
17397 + 0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F, 0x56, 0xCD, 0x9F,
17398 + 0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47, 0x12, 0xE4, 0x6D,
17399 + 0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E, 0x49, 0xB9, 0xF6,
17400 + 0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C
17401 +};
17402 +
17403 +static const unsigned char kat_RSA_PSS_SHA384[] = {
17404 + 0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4, 0x31, 0xA8, 0xF2,
17405 + 0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57, 0x45, 0xCD, 0x5E,
17406 + 0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71, 0x44, 0x9A, 0xCD,
17407 + 0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F, 0x78, 0x23, 0x7F,
17408 + 0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31, 0xDC, 0x42, 0x6C,
17409 + 0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3, 0xAC, 0x4F, 0xFB,
17410 + 0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF, 0xD9, 0x3D, 0x2F,
17411 + 0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32, 0xAD, 0x42, 0x89,
17412 + 0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87, 0x1F, 0xCA, 0x6F,
17413 + 0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E, 0x60, 0xF4, 0x55,
17414 + 0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1
17415 +};
17416 +
17417 +static const unsigned char kat_RSA_PSS_SHA512[] = {
17418 + 0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57, 0xAE, 0x63, 0x8C,
17419 + 0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F, 0x12, 0x53, 0x9A,
17420 + 0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51, 0xED, 0x9E, 0xDD,
17421 + 0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60, 0x79, 0x23, 0x39,
17422 + 0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67, 0x5F, 0xFE, 0xD7,
17423 + 0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D, 0x78, 0x55, 0x61,
17424 + 0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20, 0xB0, 0x85, 0x13,
17425 + 0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A, 0x6A, 0x39, 0x63,
17426 + 0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF, 0xF4, 0xA8, 0xFE,
17427 + 0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F, 0x80, 0xC2, 0x88,
17428 + 0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B
17429 +};
17430 +
17431 +static const unsigned char kat_RSA_SHA1[] = {
17432 + 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C,
17433 + 0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B,
17434 + 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55, 0x77, 0x90, 0xCF,
17435 + 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8,
17436 + 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1,
17437 + 0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA,
17438 + 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E, 0xCA, 0x2E, 0x4E,
17439 + 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F,
17440 + 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F,
17441 + 0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95,
17442 + 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4
17443 +};
17444 +
17445 +static const unsigned char kat_RSA_SHA224[] = {
17446 + 0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB, 0xB7, 0x15, 0xF9,
17447 + 0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0, 0xA9, 0x18, 0x8D,
17448 + 0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5, 0x1A, 0xC5, 0x89,
17449 + 0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30, 0x2C, 0x9E, 0xCD,
17450 + 0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6, 0x45, 0x41, 0xE5,
17451 + 0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E, 0x0B, 0xA9, 0xCC,
17452 + 0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84, 0x02, 0xC6, 0x3B,
17453 + 0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91, 0x28, 0x3E, 0xB2,
17454 + 0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0, 0x66, 0xE6, 0x35,
17455 + 0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77, 0x82, 0xE6, 0xDC,
17456 + 0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D
17457 +};
17458 +
17459 +static const unsigned char kat_RSA_SHA256[] = {
17460 + 0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05, 0x17, 0xA5, 0x23,
17461 + 0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20, 0x7B, 0xAA, 0x23,
17462 + 0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE, 0xAD, 0x6F, 0x35,
17463 + 0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17, 0x58, 0xB2, 0x6E,
17464 + 0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A, 0x90, 0x2D, 0x18,
17465 + 0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58, 0x7A, 0x91, 0x30,
17466 + 0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF, 0xE2, 0x80, 0x3A,
17467 + 0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE, 0x81, 0xA6, 0x38,
17468 + 0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C, 0xEE, 0xD1, 0xDA,
17469 + 0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1, 0x90, 0x27, 0x90,
17470 + 0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A
17471 +};
17472 +
17473 +static const unsigned char kat_RSA_SHA384[] = {
17474 + 0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27, 0xEF, 0xE6, 0x1F,
17475 + 0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63, 0x56, 0x47, 0xC7,
17476 + 0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA, 0xFA, 0x5D, 0x5C,
17477 + 0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D, 0xA9, 0xA6, 0x55,
17478 + 0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28, 0x7F, 0xB6, 0xCF,
17479 + 0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19, 0x2B, 0x30, 0xC2,
17480 + 0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2, 0x7D, 0xEB, 0x8C,
17481 + 0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F, 0x8B, 0x9C, 0xCD,
17482 + 0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0, 0x8F, 0x99, 0xF1,
17483 + 0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E, 0x37, 0xDC, 0x04,
17484 + 0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF
17485 +};
17486 +
17487 +static const unsigned char kat_RSA_SHA512[] = {
17488 + 0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16, 0x51, 0x5D, 0xCF,
17489 + 0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40, 0xF8, 0xB2, 0x9A,
17490 + 0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82, 0x6B, 0x32, 0xF1,
17491 + 0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C, 0x54, 0x9F, 0xD8,
17492 + 0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6, 0x53, 0x62, 0xB5,
17493 + 0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4, 0x75, 0x92, 0x6B,
17494 + 0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B, 0x1D, 0x47, 0xE6,
17495 + 0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16, 0x63, 0x84, 0x05,
17496 + 0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64, 0x71, 0xE0, 0x2D,
17497 + 0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB, 0x98, 0x65, 0x91,
17498 + 0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84
17499 +};
17500 +
17501 +static const unsigned char kat_RSA_X931_SHA1[] = {
17502 + 0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42, 0x45, 0x4D, 0xDF,
17503 + 0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD, 0xC4, 0xB2, 0x75,
17504 + 0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E, 0x14, 0xB8, 0xAC,
17505 + 0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04, 0xEE, 0xA9, 0x97,
17506 + 0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B, 0x38, 0xBE, 0xD6,
17507 + 0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1, 0x1A, 0x11, 0x19,
17508 + 0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63, 0x0C, 0x59, 0xD7,
17509 + 0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D, 0x24, 0x1C, 0x99,
17510 + 0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB, 0xEA, 0xED, 0x76,
17511 + 0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84, 0x1C, 0xB3, 0x67,
17512 + 0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49
17513 +};
17514 +
17515 +static const unsigned char kat_RSA_X931_SHA256[] = {
17516 + 0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F, 0x64, 0x54, 0x89,
17517 + 0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58, 0x92, 0x1C, 0xDD,
17518 + 0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05, 0x95, 0x73, 0xCF,
17519 + 0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8, 0x7B, 0xC8, 0x9B,
17520 + 0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13, 0xB8, 0xF0, 0x4B,
17521 + 0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4, 0x38, 0x0E, 0x98,
17522 + 0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E, 0x59, 0x01, 0xEC,
17523 + 0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46, 0x8D, 0xA0, 0x8C,
17524 + 0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35, 0xA1, 0x42, 0xBD,
17525 + 0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86, 0xF0, 0x5B, 0xDC,
17526 + 0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80
17527 +};
17528 +
17529 +static const unsigned char kat_RSA_X931_SHA384[] = {
17530 + 0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB, 0x7B, 0xEC, 0x7B,
17531 + 0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7, 0x39, 0x37, 0xCB,
17532 + 0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9, 0xBE, 0x2E, 0xE3,
17533 + 0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7, 0x4A, 0x63, 0xF6,
17534 + 0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99, 0x66, 0xEE, 0x31,
17535 + 0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E, 0x6D, 0x8D, 0xF1,
17536 + 0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0, 0x60, 0x41, 0x79,
17537 + 0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34, 0xD5, 0x7C, 0xFF,
17538 + 0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5, 0x12, 0x44, 0x35,
17539 + 0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5, 0xDC, 0xC6, 0x6D,
17540 + 0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28
17541 +};
17542 +
17543 +static const unsigned char kat_RSA_X931_SHA512[] = {
17544 + 0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64, 0x3A, 0xC1, 0x63,
17545 + 0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1, 0xD9, 0xDA, 0xAC,
17546 + 0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05, 0x9E, 0x77, 0xD7,
17547 + 0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E, 0xF9, 0x14, 0x28,
17548 + 0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA, 0xC7, 0xF8, 0xC5,
17549 + 0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34, 0x53, 0xD2, 0xAF,
17550 + 0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10, 0xE0, 0xF6, 0xD0,
17551 + 0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F, 0x46, 0x5F, 0x09,
17552 + 0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04, 0x2D, 0xFB, 0x7C,
17553 + 0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11, 0x30, 0x71, 0x1B,
17554 + 0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
17555 +};
17556 +
17557 +
17558 +int FIPS_selftest_rsa()
17559 + {
17560 + int ret = 0;
17561 + RSA *key;
17562 + EVP_PKEY *pk = NULL;
17563 +
17564 + if ((key=RSA_new()) == NULL)
17565 + goto err;
17566 + setrsakey(key);
17567 + if ((pk=EVP_PKEY_new()) == NULL)
17568 + goto err;
17569 +
17570 + EVP_PKEY_assign_RSA(pk, key);
17571 +
17572 + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17573 + kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
17574 + EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1,
17575 + "RSA SHA1 PKCS#1"))
17576 + goto err;
17577 + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17578 + kat_RSA_SHA224, sizeof(kat_RSA_SHA224),
17579 + EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PKCS1,
17580 + "RSA SHA224 PKCS#1"))
17581 + goto err;
17582 + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17583 + kat_RSA_SHA256, sizeof(kat_RSA_SHA256),
17584 + EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PKCS1,
17585 + "RSA SHA256 PKCS#1"))
17586 + goto err;
17587 + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17588 + kat_RSA_SHA384, sizeof(kat_RSA_SHA384),
17589 + EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PKCS1,
17590 + "RSA SHA384 PKCS#1"))
17591 + goto err;
17592 + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17593 + kat_RSA_SHA512, sizeof(kat_RSA_SHA512),
17594 + EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PKCS1,
17595 + "RSA SHA512 PKCS#1"))
17596 + goto err;
17597 +
17598 + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17599 + kat_RSA_PSS_SHA1, sizeof(kat_RSA_PSS_SHA1),
17600 + EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS,
17601 + "RSA SHA1 PSS"))
17602 + goto err;
17603 + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17604 + kat_RSA_PSS_SHA224, sizeof(kat_RSA_PSS_SHA224),
17605 + EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PSS,
17606 + "RSA SHA224 PSS"))
17607 + goto err;
17608 + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17609 + kat_RSA_PSS_SHA256, sizeof(kat_RSA_PSS_SHA256),
17610 + EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PSS,
17611 + "RSA SHA256 PSS"))
17612 + goto err;
17613 + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17614 + kat_RSA_PSS_SHA384, sizeof(kat_RSA_PSS_SHA384),
17615 + EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PSS,
17616 + "RSA SHA384 PSS"))
17617 + goto err;
17618 + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17619 + kat_RSA_PSS_SHA512, sizeof(kat_RSA_PSS_SHA512),
17620 + EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PSS,
17621 + "RSA SHA512 PSS"))
17622 + goto err;
17623 +
17624 +
17625 + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17626 + kat_RSA_X931_SHA1, sizeof(kat_RSA_X931_SHA1),
17627 + EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931,
17628 + "RSA SHA1 X931"))
17629 + goto err;
17630 + /* NB: SHA224 not supported in X9.31 */
17631 + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17632 + kat_RSA_X931_SHA256, sizeof(kat_RSA_X931_SHA256),
17633 + EVP_sha256(), EVP_MD_CTX_FLAG_PAD_X931,
17634 + "RSA SHA256 X931"))
17635 + goto err;
17636 + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17637 + kat_RSA_X931_SHA384, sizeof(kat_RSA_X931_SHA384),
17638 + EVP_sha384(), EVP_MD_CTX_FLAG_PAD_X931,
17639 + "RSA SHA384 X931"))
17640 + goto err;
17641 + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
17642 + kat_RSA_X931_SHA512, sizeof(kat_RSA_X931_SHA512),
17643 + EVP_sha512(), EVP_MD_CTX_FLAG_PAD_X931,
17644 + "RSA SHA512 X931"))
17645 + goto err;
17646 +
17647 +
17648 + ret = 1;
17649 +
17650 + err:
17651 + if (pk)
17652 + EVP_PKEY_free(pk);
17653 + else if (key)
17654 + RSA_free(key);
17655 + return ret;
17656 + }
17657 +
17658 +#endif /* def OPENSSL_FIPS */
17659 diff -up openssl-1.0.1b/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1b/crypto/fips/fips_rsa_x931g.c
17660 --- openssl-1.0.1b/crypto/fips/fips_rsa_x931g.c.fips 2012-04-26 18:00:51.408769474 +0200
17661 +++ openssl-1.0.1b/crypto/fips/fips_rsa_x931g.c 2012-04-26 18:00:51.408769474 +0200
17662 @@ -0,0 +1,282 @@
17663 +/* crypto/rsa/rsa_gen.c */
17664 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
17665 + * All rights reserved.
17666 + *
17667 + * This package is an SSL implementation written
17668 + * by Eric Young (eay@cryptsoft.com).
17669 + * The implementation was written so as to conform with Netscapes SSL.
17670 + *
17671 + * This library is free for commercial and non-commercial use as long as
17672 + * the following conditions are aheared to. The following conditions
17673 + * apply to all code found in this distribution, be it the RC4, RSA,
17674 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
17675 + * included with this distribution is covered by the same copyright terms
17676 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
17677 + *
17678 + * Copyright remains Eric Young's, and as such any Copyright notices in
17679 + * the code are not to be removed.
17680 + * If this package is used in a product, Eric Young should be given attribution
17681 + * as the author of the parts of the library used.
17682 + * This can be in the form of a textual message at program startup or
17683 + * in documentation (online or textual) provided with the package.
17684 + *
17685 + * Redistribution and use in source and binary forms, with or without
17686 + * modification, are permitted provided that the following conditions
17687 + * are met:
17688 + * 1. Redistributions of source code must retain the copyright
17689 + * notice, this list of conditions and the following disclaimer.
17690 + * 2. Redistributions in binary form must reproduce the above copyright
17691 + * notice, this list of conditions and the following disclaimer in the
17692 + * documentation and/or other materials provided with the distribution.
17693 + * 3. All advertising materials mentioning features or use of this software
17694 + * must display the following acknowledgement:
17695 + * "This product includes cryptographic software written by
17696 + * Eric Young (eay@cryptsoft.com)"
17697 + * The word 'cryptographic' can be left out if the rouines from the library
17698 + * being used are not cryptographic related :-).
17699 + * 4. If you include any Windows specific code (or a derivative thereof) from
17700 + * the apps directory (application code) you must include an acknowledgement:
17701 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
17702 + *
17703 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
17704 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17705 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17706 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17707 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
17708 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
17709 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17710 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
17711 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
17712 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
17713 + * SUCH DAMAGE.
17714 + *
17715 + * The licence and distribution terms for any publically available version or
17716 + * derivative of this code cannot be changed. i.e. this code cannot simply be
17717 + * copied and put under another distribution licence
17718 + * [including the GNU Public Licence.]
17719 + */
17720 +
17721 +#include <stdio.h>
17722 +#include <string.h>
17723 +#include <time.h>
17724 +#include <openssl/err.h>
17725 +#include <openssl/bn.h>
17726 +#include <openssl/rsa.h>
17727 +#ifdef OPENSSL_FIPS
17728 +#include <openssl/fips.h>
17729 +
17730 +extern int fips_check_rsa(RSA *rsa);
17731 +#endif
17732 +
17733 +/* X9.31 RSA key derivation and generation */
17734 +
17735 +int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
17736 + const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
17737 + const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
17738 + const BIGNUM *e, BN_GENCB *cb)
17739 + {
17740 + BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL;
17741 + BN_CTX *ctx=NULL,*ctx2=NULL;
17742 +
17743 + if (!rsa)
17744 + goto err;
17745 +
17746 + ctx = BN_CTX_new();
17747 + if (!ctx)
17748 + goto err;
17749 + BN_CTX_start(ctx);
17750 +
17751 + r0 = BN_CTX_get(ctx);
17752 + r1 = BN_CTX_get(ctx);
17753 + r2 = BN_CTX_get(ctx);
17754 + r3 = BN_CTX_get(ctx);
17755 +
17756 + if (r3 == NULL)
17757 + goto err;
17758 + if (!rsa->e)
17759 + {
17760 + rsa->e = BN_dup(e);
17761 + if (!rsa->e)
17762 + goto err;
17763 + }
17764 + else
17765 + e = rsa->e;
17766 +
17767 + /* If not all parameters present only calculate what we can.
17768 + * This allows test programs to output selective parameters.
17769 + */
17770 +
17771 + if (Xp && !rsa->p)
17772 + {
17773 + rsa->p = BN_new();
17774 + if (!rsa->p)
17775 + goto err;
17776 +
17777 + if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
17778 + Xp, Xp1, Xp2, e, ctx, cb))
17779 + goto err;
17780 + }
17781 +
17782 + if (Xq && !rsa->q)
17783 + {
17784 + rsa->q = BN_new();
17785 + if (!rsa->q)
17786 + goto err;
17787 + if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
17788 + Xq, Xq1, Xq2, e, ctx, cb))
17789 + goto err;
17790 + }
17791 +
17792 + if (!rsa->p || !rsa->q)
17793 + {
17794 + BN_CTX_end(ctx);
17795 + BN_CTX_free(ctx);
17796 + return 2;
17797 + }
17798 +
17799 + /* Since both primes are set we can now calculate all remaining
17800 + * components.
17801 + */
17802 +
17803 + /* calculate n */
17804 + rsa->n=BN_new();
17805 + if (rsa->n == NULL)
17806 + goto err;
17807 + if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx))
17808 + goto err;
17809 +
17810 + /* calculate d */
17811 + if (!BN_sub(r1,rsa->p,BN_value_one()))
17812 + goto err; /* p-1 */
17813 + if (!BN_sub(r2,rsa->q,BN_value_one()))
17814 + goto err; /* q-1 */
17815 + if (!BN_mul(r0,r1,r2,ctx))
17816 + goto err; /* (p-1)(q-1) */
17817 +
17818 + if (!BN_gcd(r3, r1, r2, ctx))
17819 + goto err;
17820 +
17821 + if (!BN_div(r0, NULL, r0, r3, ctx))
17822 + goto err; /* LCM((p-1)(q-1)) */
17823 +
17824 + ctx2 = BN_CTX_new();
17825 + if (!ctx2)
17826 + goto err;
17827 +
17828 + rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */
17829 + if (rsa->d == NULL)
17830 + goto err;
17831 +
17832 + /* calculate d mod (p-1) */
17833 + rsa->dmp1=BN_new();
17834 + if (rsa->dmp1 == NULL)
17835 + goto err;
17836 + if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx))
17837 + goto err;
17838 +
17839 + /* calculate d mod (q-1) */
17840 + rsa->dmq1=BN_new();
17841 + if (rsa->dmq1 == NULL)
17842 + goto err;
17843 + if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx))
17844 + goto err;
17845 +
17846 + /* calculate inverse of q mod p */
17847 + rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
17848 +
17849 + err:
17850 + if (ctx)
17851 + {
17852 + BN_CTX_end(ctx);
17853 + BN_CTX_free(ctx);
17854 + }
17855 + if (ctx2)
17856 + BN_CTX_free(ctx2);
17857 + /* If this is set all calls successful */
17858 + if (rsa && rsa->iqmp != NULL)
17859 + return 1;
17860 +
17861 + return 0;
17862 +
17863 + }
17864 +
17865 +int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
17866 + {
17867 + int ok = 0;
17868 + BIGNUM *Xp = NULL, *Xq = NULL;
17869 + BN_CTX *ctx = NULL;
17870 +
17871 +#ifdef OPENSSL_FIPS
17872 + if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) &&
17873 + (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
17874 + {
17875 + FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT);
17876 + return 0;
17877 + }
17878 +
17879 + if (bits & 0xff)
17880 + {
17881 + FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_INVALID_KEY_LENGTH);
17882 + return 0;
17883 + }
17884 +
17885 + if(FIPS_selftest_failed())
17886 + {
17887 + FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST_FAILED);
17888 + return 0;
17889 + }
17890 +#endif
17891 +
17892 + ctx = BN_CTX_new();
17893 + if (!ctx)
17894 + goto error;
17895 +
17896 + BN_CTX_start(ctx);
17897 + Xp = BN_CTX_get(ctx);
17898 + Xq = BN_CTX_get(ctx);
17899 + if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
17900 + goto error;
17901 +
17902 + rsa->p = BN_new();
17903 + rsa->q = BN_new();
17904 + if (!rsa->p || !rsa->q)
17905 + goto error;
17906 +
17907 + /* Generate two primes from Xp, Xq */
17908 +
17909 + if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
17910 + e, ctx, cb))
17911 + goto error;
17912 +
17913 + if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
17914 + e, ctx, cb))
17915 + goto error;
17916 +
17917 + /* Since rsa->p and rsa->q are valid this call will just derive
17918 + * remaining RSA components.
17919 + */
17920 +
17921 + if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
17922 + NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
17923 + goto error;
17924 +
17925 +#ifdef OPENSSL_FIPS
17926 + if(!fips_check_rsa(rsa))
17927 + goto error;
17928 +#endif
17929 +
17930 + ok = 1;
17931 +
17932 + error:
17933 + if (ctx)
17934 + {
17935 + BN_CTX_end(ctx);
17936 + BN_CTX_free(ctx);
17937 + }
17938 +
17939 + if (ok)
17940 + return 1;
17941 +
17942 + return 0;
17943 +
17944 + }
17945 diff -up openssl-1.0.1b/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1b/crypto/fips/fips_sha_selftest.c
17946 --- openssl-1.0.1b/crypto/fips/fips_sha_selftest.c.fips 2012-04-26 18:00:51.408769474 +0200
17947 +++ openssl-1.0.1b/crypto/fips/fips_sha_selftest.c 2012-04-26 18:00:51.408769474 +0200
17948 @@ -0,0 +1,140 @@
17949 +/* ====================================================================
17950 + * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
17951 + *
17952 + * Redistribution and use in source and binary forms, with or without
17953 + * modification, are permitted provided that the following conditions
17954 + * are met:
17955 + *
17956 + * 1. Redistributions of source code must retain the above copyright
17957 + * notice, this list of conditions and the following disclaimer.
17958 + *
17959 + * 2. Redistributions in binary form must reproduce the above copyright
17960 + * notice, this list of conditions and the following disclaimer in
17961 + * the documentation and/or other materials provided with the
17962 + * distribution.
17963 + *
17964 + * 3. All advertising materials mentioning features or use of this
17965 + * software must display the following acknowledgment:
17966 + * "This product includes software developed by the OpenSSL Project
17967 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
17968 + *
17969 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
17970 + * endorse or promote products derived from this software without
17971 + * prior written permission. For written permission, please contact
17972 + * openssl-core@openssl.org.
17973 + *
17974 + * 5. Products derived from this software may not be called "OpenSSL"
17975 + * nor may "OpenSSL" appear in their names without prior written
17976 + * permission of the OpenSSL Project.
17977 + *
17978 + * 6. Redistributions of any form whatsoever must retain the following
17979 + * acknowledgment:
17980 + * "This product includes software developed by the OpenSSL Project
17981 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
17982 + *
17983 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
17984 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17985 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
17986 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
17987 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
17988 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
17989 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
17990 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17991 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
17992 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
17993 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
17994 + * OF THE POSSIBILITY OF SUCH DAMAGE.
17995 + *
17996 + */
17997 +
17998 +#include <string.h>
17999 +#include <openssl/err.h>
18000 +#ifdef OPENSSL_FIPS
18001 +#include <openssl/fips.h>
18002 +#endif
18003 +#include <openssl/evp.h>
18004 +#include <openssl/sha.h>
18005 +
18006 +#ifdef OPENSSL_FIPS
18007 +static const char test[][60]=
18008 + {
18009 + "",
18010 + "abc",
18011 + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
18012 + };
18013 +
18014 +static const unsigned char ret[][SHA_DIGEST_LENGTH]=
18015 + {
18016 + { 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55,
18017 + 0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 },
18018 + { 0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
18019 + 0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d },
18020 + { 0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
18021 + 0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 },
18022 + };
18023 +
18024 +static int corrupt_sha;
18025 +
18026 +void FIPS_corrupt_sha1()
18027 + {
18028 + corrupt_sha = 1;
18029 + }
18030 +
18031 +int FIPS_selftest_sha1()
18032 + {
18033 + int n;
18034 +
18035 + for(n=0 ; n<sizeof(test)/sizeof(test[0]) ; ++n)
18036 + {
18037 + unsigned char md[SHA_DIGEST_LENGTH];
18038 +
18039 + EVP_Digest(test[n],strlen(test[n])+corrupt_sha,md, NULL, EVP_sha1(), NULL);
18040 + if(memcmp(md,ret[n],sizeof md))
18041 + {
18042 + FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED);
18043 + return 0;
18044 + }
18045 + }
18046 + return 1;
18047 + }
18048 +
18049 +static const unsigned char msg_sha256[] = { 0xfa, 0x48, 0x59, 0x2a, 0xe1, 0xae, 0x1f, 0x30,
18050 + 0xfc };
18051 +static const unsigned char dig_sha256[] = { 0xf7, 0x26, 0xd8, 0x98, 0x47, 0x91, 0x68, 0x5b,
18052 + 0x9e, 0x39, 0xb2, 0x58, 0xbb, 0x75, 0xbf, 0x01,
18053 + 0x17, 0x0c, 0x84, 0x00, 0x01, 0x7a, 0x94, 0x83,
18054 + 0xf3, 0x0b, 0x15, 0x84, 0x4b, 0x69, 0x88, 0x8a };
18055 +
18056 +static const unsigned char msg_sha512[] = { 0x37, 0xd1, 0x35, 0x9d, 0x18, 0x41, 0xe9, 0xb7,
18057 + 0x6d, 0x9a, 0x13, 0xda, 0x5f, 0xf3, 0xbd };
18058 +static const unsigned char dig_sha512[] = { 0x11, 0x13, 0xc4, 0x19, 0xed, 0x2b, 0x1d, 0x16,
18059 + 0x11, 0xeb, 0x9b, 0xbe, 0xf0, 0x7f, 0xcf, 0x44,
18060 + 0x8b, 0xd7, 0x57, 0xbd, 0x8d, 0xa9, 0x25, 0xb0,
18061 + 0x47, 0x25, 0xd6, 0x6c, 0x9a, 0x54, 0x7f, 0x8f,
18062 + 0x0b, 0x53, 0x1a, 0x10, 0x68, 0x32, 0x03, 0x38,
18063 + 0x82, 0xc4, 0x87, 0xc4, 0xea, 0x0e, 0xd1, 0x04,
18064 + 0xa9, 0x98, 0xc1, 0x05, 0xa3, 0xf3, 0xf8, 0xb1,
18065 + 0xaf, 0xbc, 0xd9, 0x78, 0x7e, 0xee, 0x3d, 0x43 };
18066 +
18067 +int FIPS_selftest_sha2(void)
18068 + {
18069 + unsigned char md[SHA512_DIGEST_LENGTH];
18070 +
18071 + EVP_Digest(msg_sha256, sizeof(msg_sha256), md, NULL, EVP_sha256(), NULL);
18072 + if(memcmp(dig_sha256, md, sizeof(dig_sha256)))
18073 + {
18074 + FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED);
18075 + return 0;
18076 + }
18077 +
18078 + EVP_Digest(msg_sha512, sizeof(msg_sha512), md, NULL, EVP_sha512(), NULL);
18079 + if(memcmp(dig_sha512, md, sizeof(dig_sha512)))
18080 + {
18081 + FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED);
18082 + return 0;
18083 + }
18084 +
18085 + return 1;
18086 + }
18087 +
18088 +#endif
18089 diff -up openssl-1.0.1b/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1b/crypto/fips/fips_standalone_hmac.c
18090 --- openssl-1.0.1b/crypto/fips/fips_standalone_hmac.c.fips 2012-04-26 18:00:51.408769474 +0200
18091 +++ openssl-1.0.1b/crypto/fips/fips_standalone_hmac.c 2012-04-26 18:00:51.408769474 +0200
18092 @@ -0,0 +1,180 @@
18093 +/* ====================================================================
18094 + * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
18095 + *
18096 + * Redistribution and use in source and binary forms, with or without
18097 + * modification, are permitted provided that the following conditions
18098 + * are met:
18099 + *
18100 + * 1. Redistributions of source code must retain the above copyright
18101 + * notice, this list of conditions and the following disclaimer.
18102 + *
18103 + * 2. Redistributions in binary form must reproduce the above copyright
18104 + * notice, this list of conditions and the following disclaimer in
18105 + * the documentation and/or other materials provided with the
18106 + * distribution.
18107 + *
18108 + * 3. All advertising materials mentioning features or use of this
18109 + * software must display the following acknowledgment:
18110 + * "This product includes software developed by the OpenSSL Project
18111 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
18112 + *
18113 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
18114 + * endorse or promote products derived from this software without
18115 + * prior written permission. For written permission, please contact
18116 + * openssl-core@openssl.org.
18117 + *
18118 + * 5. Products derived from this software may not be called "OpenSSL"
18119 + * nor may "OpenSSL" appear in their names without prior written
18120 + * permission of the OpenSSL Project.
18121 + *
18122 + * 6. Redistributions of any form whatsoever must retain the following
18123 + * acknowledgment:
18124 + * "This product includes software developed by the OpenSSL Project
18125 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
18126 + *
18127 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
18128 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18129 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18130 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
18131 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
18132 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18133 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
18134 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
18135 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
18136 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
18137 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
18138 + * OF THE POSSIBILITY OF SUCH DAMAGE.
18139 + *
18140 + */
18141 +
18142 +#include <stdio.h>
18143 +#include <stdlib.h>
18144 +#include <string.h>
18145 +#include <openssl/opensslconf.h>
18146 +#include <openssl/sha.h>
18147 +#include <openssl/hmac.h>
18148 +
18149 +#ifndef FIPSCANISTER_O
18150 +int FIPS_selftest_failed() { return 0; }
18151 +void FIPS_selftest_check() {}
18152 +void OPENSSL_cleanse(void *p,size_t len) {}
18153 +#endif
18154 +
18155 +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
18156 + defined(__INTEL__) || \
18157 + defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
18158 +
18159 +unsigned int OPENSSL_ia32cap_P[2];
18160 +#endif
18161 +
18162 +#ifdef OPENSSL_FIPS
18163 +
18164 +static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
18165 + const char *key)
18166 + {
18167 + size_t len=strlen(key);
18168 + int i;
18169 + unsigned char keymd[HMAC_MAX_MD_CBLOCK];
18170 + unsigned char pad[HMAC_MAX_MD_CBLOCK];
18171 +
18172 + if (len > SHA_CBLOCK)
18173 + {
18174 + SHA256_Init(md_ctx);
18175 + SHA256_Update(md_ctx,key,len);
18176 + SHA256_Final(keymd,md_ctx);
18177 + len=SHA256_DIGEST_LENGTH;
18178 + }
18179 + else
18180 + memcpy(keymd,key,len);
18181 + memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len);
18182 +
18183 + for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
18184 + pad[i]=0x36^keymd[i];
18185 + SHA256_Init(md_ctx);
18186 + SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
18187 +
18188 + for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
18189 + pad[i]=0x5c^keymd[i];
18190 + SHA256_Init(o_ctx);
18191 + SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
18192 + }
18193 +
18194 +static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
18195 + {
18196 + unsigned char buf[SHA256_DIGEST_LENGTH];
18197 +
18198 + SHA256_Final(buf,md_ctx);
18199 + SHA256_Update(o_ctx,buf,sizeof buf);
18200 + SHA256_Final(md,o_ctx);
18201 + }
18202 +
18203 +#endif
18204 +
18205 +int main(int argc,char **argv)
18206 + {
18207 +#ifdef OPENSSL_FIPS
18208 + static char key[]="orboDeJITITejsirpADONivirpUkvarP";
18209 + int n,binary=0;
18210 +
18211 + if(argc < 2)
18212 + {
18213 + fprintf(stderr,"%s [<file>]+\n",argv[0]);
18214 + exit(1);
18215 + }
18216 +
18217 + n=1;
18218 + if (!strcmp(argv[n],"-binary"))
18219 + {
18220 + n++;
18221 + binary=1; /* emit binary fingerprint... */
18222 + }
18223 +
18224 + for(; n < argc ; ++n)
18225 + {
18226 + FILE *f=fopen(argv[n],"rb");
18227 + SHA256_CTX md_ctx,o_ctx;
18228 + unsigned char md[SHA256_DIGEST_LENGTH];
18229 + int i;
18230 +
18231 + if(!f)
18232 + {
18233 + perror(argv[n]);
18234 + exit(2);
18235 + }
18236 +
18237 + hmac_init(&md_ctx,&o_ctx,key);
18238 + for( ; ; )
18239 + {
18240 + char buf[1024];
18241 + size_t l=fread(buf,1,sizeof buf,f);
18242 +
18243 + if(l == 0)
18244 + {
18245 + if(ferror(f))
18246 + {
18247 + perror(argv[n]);
18248 + exit(3);
18249 + }
18250 + else
18251 + break;
18252 + }
18253 + SHA256_Update(&md_ctx,buf,l);
18254 + }
18255 + hmac_final(md,&md_ctx,&o_ctx);
18256 +
18257 + if (binary)
18258 + {
18259 + fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
18260 + break; /* ... for single(!) file */
18261 + }
18262 +
18263 +/* printf("HMAC-SHA1(%s)= ",argv[n]); */
18264 + for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
18265 + printf("%02x",md[i]);
18266 + printf("\n");
18267 + }
18268 +#endif
18269 + return 0;
18270 + }
18271 +
18272 +
18273 diff -up openssl-1.0.1b/crypto/fips/fips_test_suite.c.fips openssl-1.0.1b/crypto/fips/fips_test_suite.c
18274 --- openssl-1.0.1b/crypto/fips/fips_test_suite.c.fips 2012-04-26 18:00:51.408769474 +0200
18275 +++ openssl-1.0.1b/crypto/fips/fips_test_suite.c 2012-04-26 18:00:51.408769474 +0200
18276 @@ -0,0 +1,588 @@
18277 +/* ====================================================================
18278 + * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
18279 + *
18280 + *
18281 + * This command is intended as a test driver for the FIPS-140 testing
18282 + * lab performing FIPS-140 validation. It demonstrates the use of the
18283 + * OpenSSL library ito perform a variety of common cryptographic
18284 + * functions. A power-up self test is demonstrated by deliberately
18285 + * pointing to an invalid executable hash
18286 + *
18287 + * Contributed by Steve Marquess.
18288 + *
18289 + */
18290 +#include <stdio.h>
18291 +#include <assert.h>
18292 +#include <ctype.h>
18293 +#include <string.h>
18294 +#include <stdlib.h>
18295 +#include <openssl/aes.h>
18296 +#include <openssl/des.h>
18297 +#include <openssl/rsa.h>
18298 +#include <openssl/dsa.h>
18299 +#include <openssl/dh.h>
18300 +#include <openssl/hmac.h>
18301 +#include <openssl/err.h>
18302 +
18303 +#include <openssl/bn.h>
18304 +#include <openssl/rand.h>
18305 +#include <openssl/sha.h>
18306 +
18307 +
18308 +#ifndef OPENSSL_FIPS
18309 +int main(int argc, char *argv[])
18310 + {
18311 + printf("No FIPS support\n");
18312 + return(0);
18313 + }
18314 +#else
18315 +
18316 +#include <openssl/fips.h>
18317 +#include "fips_utl.h"
18318 +
18319 +/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
18320 +*/
18321 +static int FIPS_aes_test(void)
18322 + {
18323 + int ret = 0;
18324 + unsigned char pltmp[16];
18325 + unsigned char citmp[16];
18326 + unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
18327 + unsigned char plaintext[16] = "etaonrishdlcu";
18328 + EVP_CIPHER_CTX ctx;
18329 + EVP_CIPHER_CTX_init(&ctx);
18330 + if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0)
18331 + goto err;
18332 + EVP_Cipher(&ctx, citmp, plaintext, 16);
18333 + if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0)
18334 + goto err;
18335 + EVP_Cipher(&ctx, pltmp, citmp, 16);
18336 + if (memcmp(pltmp, plaintext, 16))
18337 + goto err;
18338 + ret = 1;
18339 + err:
18340 + EVP_CIPHER_CTX_cleanup(&ctx);
18341 + return ret;
18342 + }
18343 +
18344 +static int FIPS_des3_test(void)
18345 + {
18346 + int ret = 0;
18347 + unsigned char pltmp[8];
18348 + unsigned char citmp[8];
18349 + unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
18350 + 19,20,21,22,23,24};
18351 + unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
18352 + EVP_CIPHER_CTX ctx;
18353 + EVP_CIPHER_CTX_init(&ctx);
18354 + if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 1) <= 0)
18355 + goto err;
18356 + EVP_Cipher(&ctx, citmp, plaintext, 8);
18357 + if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 0) <= 0)
18358 + goto err;
18359 + EVP_Cipher(&ctx, pltmp, citmp, 8);
18360 + if (memcmp(pltmp, plaintext, 8))
18361 + goto err;
18362 + ret = 1;
18363 + err:
18364 + EVP_CIPHER_CTX_cleanup(&ctx);
18365 + return ret;
18366 + }
18367 +
18368 +/*
18369 + * DSA: generate keys and sign, verify input plaintext.
18370 + */
18371 +static int FIPS_dsa_test(int bad)
18372 + {
18373 + DSA *dsa = NULL;
18374 + EVP_PKEY pk;
18375 + unsigned char dgst[] = "etaonrishdlc";
18376 + unsigned char buf[60];
18377 + unsigned int slen;
18378 + int r = 0;
18379 + EVP_MD_CTX mctx;
18380 +
18381 + ERR_clear_error();
18382 + EVP_MD_CTX_init(&mctx);
18383 + dsa = DSA_new();
18384 + if (!dsa)
18385 + goto end;
18386 + if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
18387 + goto end;
18388 + if (!DSA_generate_key(dsa))
18389 + goto end;
18390 + if (bad)
18391 + BN_add_word(dsa->pub_key, 1);
18392 +
18393 + pk.type = EVP_PKEY_DSA;
18394 + pk.pkey.dsa = dsa;
18395 +
18396 + if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
18397 + goto end;
18398 + if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))
18399 + goto end;
18400 + if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
18401 + goto end;
18402 +
18403 + if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
18404 + goto end;
18405 + if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))
18406 + goto end;
18407 + r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
18408 + end:
18409 + EVP_MD_CTX_cleanup(&mctx);
18410 + if (dsa)
18411 + DSA_free(dsa);
18412 + if (r != 1)
18413 + return 0;
18414 + return 1;
18415 + }
18416 +
18417 +/*
18418 + * RSA: generate keys and sign, verify input plaintext.
18419 + */
18420 +static int FIPS_rsa_test(int bad)
18421 + {
18422 + RSA *key;
18423 + unsigned char input_ptext[] = "etaonrishdlc";
18424 + unsigned char buf[256];
18425 + unsigned int slen;
18426 + BIGNUM *bn;
18427 + EVP_MD_CTX mctx;
18428 + EVP_PKEY pk;
18429 + int r = 0;
18430 +
18431 + ERR_clear_error();
18432 + EVP_MD_CTX_init(&mctx);
18433 + key = RSA_new();
18434 + bn = BN_new();
18435 + if (!key || !bn)
18436 + return 0;
18437 + BN_set_word(bn, 65537);
18438 + if (!RSA_generate_key_ex(key, 1024,bn,NULL))
18439 + return 0;
18440 + BN_free(bn);
18441 + if (bad)
18442 + BN_add_word(key->n, 1);
18443 +
18444 + pk.type = EVP_PKEY_RSA;
18445 + pk.pkey.rsa = key;
18446 +
18447 + if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))
18448 + goto end;
18449 + if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
18450 + goto end;
18451 + if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
18452 + goto end;
18453 +
18454 + if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))
18455 + goto end;
18456 + if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
18457 + goto end;
18458 + r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
18459 + end:
18460 + EVP_MD_CTX_cleanup(&mctx);
18461 + if (key)
18462 + RSA_free(key);
18463 + if (r != 1)
18464 + return 0;
18465 + return 1;
18466 + }
18467 +
18468 +/* SHA1: generate hash of known digest value and compare to known
18469 + precomputed correct hash
18470 +*/
18471 +static int FIPS_sha1_test()
18472 + {
18473 + unsigned char digest[SHA_DIGEST_LENGTH] =
18474 + { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
18475 + unsigned char str[] = "etaonrishd";
18476 +
18477 + unsigned char md[SHA_DIGEST_LENGTH];
18478 +
18479 + ERR_clear_error();
18480 + if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0;
18481 + if (memcmp(md,digest,sizeof(md)))
18482 + return 0;
18483 + return 1;
18484 + }
18485 +
18486 +/* SHA256: generate hash of known digest value and compare to known
18487 + precomputed correct hash
18488 +*/
18489 +static int FIPS_sha256_test()
18490 + {
18491 + unsigned char digest[SHA256_DIGEST_LENGTH] =
18492 + {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
18493 + 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
18494 + unsigned char str[] = "etaonrishd";
18495 +
18496 + unsigned char md[SHA256_DIGEST_LENGTH];
18497 +
18498 + ERR_clear_error();
18499 + if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha256(), NULL)) return 0;
18500 + if (memcmp(md,digest,sizeof(md)))
18501 + return 0;
18502 + return 1;
18503 + }
18504 +
18505 +/* SHA512: generate hash of known digest value and compare to known
18506 + precomputed correct hash
18507 +*/
18508 +static int FIPS_sha512_test()
18509 + {
18510 + unsigned char digest[SHA512_DIGEST_LENGTH] =
18511 + {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
18512 + 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
18513 + 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
18514 + 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
18515 + unsigned char str[] = "etaonrishd";
18516 +
18517 + unsigned char md[SHA512_DIGEST_LENGTH];
18518 +
18519 + ERR_clear_error();
18520 + if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha512(), NULL)) return 0;
18521 + if (memcmp(md,digest,sizeof(md)))
18522 + return 0;
18523 + return 1;
18524 + }
18525 +
18526 +/* HMAC-SHA1: generate hash of known digest value and compare to known
18527 + precomputed correct hash
18528 +*/
18529 +static int FIPS_hmac_sha1_test()
18530 + {
18531 + unsigned char key[] = "etaonrishd";
18532 + unsigned char iv[] = "Sample text";
18533 + unsigned char kaval[EVP_MAX_MD_SIZE] =
18534 + {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
18535 + 0xb2, 0xfb, 0xec, 0xc6};
18536 +
18537 + unsigned char out[EVP_MAX_MD_SIZE];
18538 + unsigned int outlen;
18539 +
18540 + ERR_clear_error();
18541 + if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
18542 + if (memcmp(out,kaval,outlen))
18543 + return 0;
18544 + return 1;
18545 + }
18546 +
18547 +/* HMAC-SHA224: generate hash of known digest value and compare to known
18548 + precomputed correct hash
18549 +*/
18550 +static int FIPS_hmac_sha224_test()
18551 + {
18552 + unsigned char key[] = "etaonrishd";
18553 + unsigned char iv[] = "Sample text";
18554 + unsigned char kaval[EVP_MAX_MD_SIZE] =
18555 + {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
18556 + 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
18557 +
18558 + unsigned char out[EVP_MAX_MD_SIZE];
18559 + unsigned int outlen;
18560 +
18561 + ERR_clear_error();
18562 + if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
18563 + if (memcmp(out,kaval,outlen))
18564 + return 0;
18565 + return 1;
18566 + }
18567 +
18568 +/* HMAC-SHA256: generate hash of known digest value and compare to known
18569 + precomputed correct hash
18570 +*/
18571 +static int FIPS_hmac_sha256_test()
18572 + {
18573 + unsigned char key[] = "etaonrishd";
18574 + unsigned char iv[] = "Sample text";
18575 + unsigned char kaval[EVP_MAX_MD_SIZE] =
18576 + {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
18577 + 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
18578 +
18579 + unsigned char out[EVP_MAX_MD_SIZE];
18580 + unsigned int outlen;
18581 +
18582 + ERR_clear_error();
18583 + if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
18584 + if (memcmp(out,kaval,outlen))
18585 + return 0;
18586 + return 1;
18587 + }
18588 +
18589 +/* HMAC-SHA384: generate hash of known digest value and compare to known
18590 + precomputed correct hash
18591 +*/
18592 +static int FIPS_hmac_sha384_test()
18593 + {
18594 + unsigned char key[] = "etaonrishd";
18595 + unsigned char iv[] = "Sample text";
18596 + unsigned char kaval[EVP_MAX_MD_SIZE] =
18597 + {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
18598 + 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
18599 + 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
18600 +
18601 + unsigned char out[EVP_MAX_MD_SIZE];
18602 + unsigned int outlen;
18603 +
18604 + ERR_clear_error();
18605 + if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
18606 + if (memcmp(out,kaval,outlen))
18607 + return 0;
18608 + return 1;
18609 + }
18610 +
18611 +/* HMAC-SHA512: generate hash of known digest value and compare to known
18612 + precomputed correct hash
18613 +*/
18614 +static int FIPS_hmac_sha512_test()
18615 + {
18616 + unsigned char key[] = "etaonrishd";
18617 + unsigned char iv[] = "Sample text";
18618 + unsigned char kaval[EVP_MAX_MD_SIZE] =
18619 + {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
18620 + 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
18621 + 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
18622 + 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
18623 +
18624 + unsigned char out[EVP_MAX_MD_SIZE];
18625 + unsigned int outlen;
18626 +
18627 + ERR_clear_error();
18628 + if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
18629 + if (memcmp(out,kaval,outlen))
18630 + return 0;
18631 + return 1;
18632 + }
18633 +
18634 +
18635 +/* DH: generate shared parameters
18636 +*/
18637 +static int dh_test()
18638 + {
18639 + DH *dh;
18640 + ERR_clear_error();
18641 + dh = FIPS_dh_new();
18642 + if (!dh)
18643 + return 0;
18644 + if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
18645 + return 0;
18646 + FIPS_dh_free(dh);
18647 + return 1;
18648 + }
18649 +
18650 +/* Zeroize
18651 +*/
18652 +static int Zeroize()
18653 + {
18654 + RSA *key;
18655 + BIGNUM *bn;
18656 + unsigned char userkey[16] =
18657 + { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
18658 + int i, n;
18659 +
18660 + key = FIPS_rsa_new();
18661 + bn = BN_new();
18662 + if (!key || !bn)
18663 + return 0;
18664 + BN_set_word(bn, 65537);
18665 + if (!RSA_generate_key_ex(key, 1024,bn,NULL))
18666 + return 0;
18667 + BN_free(bn);
18668 +
18669 + n = BN_num_bytes(key->d);
18670 + printf(" Generated %d byte RSA private key\n", n);
18671 + printf("\tBN key before overwriting:\n");
18672 + do_bn_print(stdout, key->d);
18673 + BN_rand(key->d,n*8,-1,0);
18674 + printf("\tBN key after overwriting:\n");
18675 + do_bn_print(stdout, key->d);
18676 +
18677 + printf("\tchar buffer key before overwriting: \n\t\t");
18678 + for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
18679 + printf("\n");
18680 + RAND_bytes(userkey, sizeof userkey);
18681 + printf("\tchar buffer key after overwriting: \n\t\t");
18682 + for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
18683 + printf("\n");
18684 +
18685 + return 1;
18686 + }
18687 +
18688 +static int Error;
18689 +const char * Fail(const char *msg)
18690 + {
18691 + do_print_errors();
18692 + Error++;
18693 + return msg;
18694 + }
18695 +
18696 +int main(int argc,char **argv)
18697 + {
18698 +
18699 + int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
18700 + int bad_rsa = 0, bad_dsa = 0;
18701 + int do_rng_stick = 0;
18702 + int no_exit = 0;
18703 +
18704 + printf("\tFIPS-mode test application\n\n");
18705 +
18706 + /* Load entropy from external file, if any */
18707 + RAND_load_file(".rnd", 1024);
18708 +
18709 + if (argv[1]) {
18710 + /* Corrupted KAT tests */
18711 + if (!strcmp(argv[1], "aes")) {
18712 + FIPS_corrupt_aes();
18713 + printf("AES encryption/decryption with corrupted KAT...\n");
18714 + } else if (!strcmp(argv[1], "des")) {
18715 + FIPS_corrupt_des();
18716 + printf("DES3-ECB encryption/decryption with corrupted KAT...\n");
18717 + } else if (!strcmp(argv[1], "dsa")) {
18718 + FIPS_corrupt_dsa();
18719 + printf("DSA key generation and signature validation with corrupted KAT...\n");
18720 + } else if (!strcmp(argv[1], "rsa")) {
18721 + FIPS_corrupt_rsa();
18722 + printf("RSA key generation and signature validation with corrupted KAT...\n");
18723 + } else if (!strcmp(argv[1], "rsakey")) {
18724 + printf("RSA key generation and signature validation with corrupted key...\n");
18725 + bad_rsa = 1;
18726 + no_exit = 1;
18727 + } else if (!strcmp(argv[1], "rsakeygen")) {
18728 + do_corrupt_rsa_keygen = 1;
18729 + no_exit = 1;
18730 + printf("RSA key generation and signature validation with corrupted keygen...\n");
18731 + } else if (!strcmp(argv[1], "dsakey")) {
18732 + printf("DSA key generation and signature validation with corrupted key...\n");
18733 + bad_dsa = 1;
18734 + no_exit = 1;
18735 + } else if (!strcmp(argv[1], "dsakeygen")) {
18736 + do_corrupt_dsa_keygen = 1;
18737 + no_exit = 1;
18738 + printf("DSA key generation and signature validation with corrupted keygen...\n");
18739 + } else if (!strcmp(argv[1], "sha1")) {
18740 + FIPS_corrupt_sha1();
18741 + printf("SHA-1 hash with corrupted KAT...\n");
18742 + } else if (!strcmp(argv[1], "rng")) {
18743 + FIPS_corrupt_rng();
18744 + } else if (!strcmp(argv[1], "rngstick")) {
18745 + do_rng_stick = 1;
18746 + no_exit = 1;
18747 + printf("RNG test with stuck continuous test...\n");
18748 + } else {
18749 + printf("Bad argument \"%s\"\n", argv[1]);
18750 + exit(1);
18751 + }
18752 + if (!no_exit) {
18753 + if (!FIPS_mode_set(1)) {
18754 + do_print_errors();
18755 + printf("Power-up self test failed\n");
18756 + exit(1);
18757 + }
18758 + printf("Power-up self test successful\n");
18759 + exit(0);
18760 + }
18761 + }
18762 +
18763 + /* Non-Approved cryptographic operation
18764 + */
18765 + printf("1. Non-Approved cryptographic operation test...\n");
18766 + printf("\ta. Included algorithm (D-H)...");
18767 + printf( dh_test() ? "successful\n" : Fail("FAILED!\n") );
18768 +
18769 + /* Power-up self test
18770 + */
18771 + ERR_clear_error();
18772 + printf("2. Automatic power-up self test...");
18773 + if (!FIPS_mode_set(1))
18774 + {
18775 + do_print_errors();
18776 + printf(Fail("FAILED!\n"));
18777 + exit(1);
18778 + }
18779 + printf("successful\n");
18780 + if (do_corrupt_dsa_keygen)
18781 + FIPS_corrupt_dsa_keygen();
18782 + if (do_corrupt_rsa_keygen)
18783 + FIPS_corrupt_rsa_keygen();
18784 + if (do_rng_stick)
18785 + FIPS_rng_stick();
18786 +
18787 + /* AES encryption/decryption
18788 + */
18789 + printf("3. AES encryption/decryption...");
18790 + printf( FIPS_aes_test() ? "successful\n" : Fail("FAILED!\n") );
18791 +
18792 + /* RSA key generation and encryption/decryption
18793 + */
18794 + printf("4. RSA key generation and encryption/decryption...");
18795 + printf( FIPS_rsa_test(bad_rsa) ? "successful\n" : Fail("FAILED!\n") );
18796 +
18797 + /* DES-CBC encryption/decryption
18798 + */
18799 + printf("5. DES-ECB encryption/decryption...");
18800 + printf( FIPS_des3_test() ? "successful\n" : Fail("FAILED!\n") );
18801 +
18802 + /* DSA key generation and signature validation
18803 + */
18804 + printf("6. DSA key generation and signature validation...");
18805 + printf( FIPS_dsa_test(bad_dsa) ? "successful\n" : Fail("FAILED!\n") );
18806 +
18807 + /* SHA-1 hash
18808 + */
18809 + printf("7a. SHA-1 hash...");
18810 + printf( FIPS_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
18811 +
18812 + /* SHA-256 hash
18813 + */
18814 + printf("7b. SHA-256 hash...");
18815 + printf( FIPS_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
18816 +
18817 + /* SHA-512 hash
18818 + */
18819 + printf("7c. SHA-512 hash...");
18820 + printf( FIPS_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
18821 +
18822 + /* HMAC-SHA-1 hash
18823 + */
18824 + printf("7d. HMAC-SHA-1 hash...");
18825 + printf( FIPS_hmac_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
18826 +
18827 + /* HMAC-SHA-224 hash
18828 + */
18829 + printf("7e. HMAC-SHA-224 hash...");
18830 + printf( FIPS_hmac_sha224_test() ? "successful\n" : Fail("FAILED!\n") );
18831 +
18832 + /* HMAC-SHA-256 hash
18833 + */
18834 + printf("7f. HMAC-SHA-256 hash...");
18835 + printf( FIPS_hmac_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
18836 +
18837 + /* HMAC-SHA-384 hash
18838 + */
18839 + printf("7g. HMAC-SHA-384 hash...");
18840 + printf( FIPS_hmac_sha384_test() ? "successful\n" : Fail("FAILED!\n") );
18841 +
18842 + /* HMAC-SHA-512 hash
18843 + */
18844 + printf("7h. HMAC-SHA-512 hash...");
18845 + printf( FIPS_hmac_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
18846 +
18847 + /* Non-Approved cryptographic operation
18848 + */
18849 + printf("8. Non-Approved cryptographic operation test...\n");
18850 + printf("\ta. Included algorithm (D-H)...");
18851 + printf( dh_test() ? "successful as expected\n"
18852 + : Fail("failed INCORRECTLY!\n") );
18853 +
18854 + /* Zeroization
18855 + */
18856 + printf("9. Zero-ization...\n");
18857 + printf( Zeroize() ? "\tsuccessful as expected\n"
18858 + : Fail("\tfailed INCORRECTLY!\n") );
18859 +
18860 + printf("\nAll tests completed with %d errors\n", Error);
18861 + return Error ? 1 : 0;
18862 + }
18863 +
18864 +#endif
18865 diff -up openssl-1.0.1b/crypto/fips/Makefile.fips openssl-1.0.1b/crypto/fips/Makefile
18866 --- openssl-1.0.1b/crypto/fips/Makefile.fips 2012-04-26 18:00:51.409769496 +0200
18867 +++ openssl-1.0.1b/crypto/fips/Makefile 2012-04-26 18:00:51.409769496 +0200
18868 @@ -0,0 +1,340 @@
18869 +#
18870 +# OpenSSL/crypto/fips/Makefile
18871 +#
18872 +
18873 +DIR= fips
18874 +TOP= ../..
18875 +CC= cc
18876 +INCLUDES=
18877 +CFLAG=-g
18878 +MAKEFILE= Makefile
18879 +AR= ar r
18880 +
18881 +CFLAGS= $(INCLUDES) $(CFLAG)
18882 +
18883 +GENERAL=Makefile
18884 +TEST=fips_test_suite.c fips_randtest.c
18885 +APPS=
18886 +
18887 +PROGRAM= fips_standalone_hmac
18888 +EXE= $(PROGRAM)$(EXE_EXT)
18889 +
18890 +LIB=$(TOP)/libcrypto.a
18891 +LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c \
18892 + fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
18893 + fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
18894 + fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
18895 + fips_cmac_selftest.c fips_enc.c fips_md.c
18896 +
18897 +LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \
18898 + fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \
18899 + fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
18900 + fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
18901 + fips_cmac_selftest.o fips_enc.o fips_md.o
18902 +
18903 +LIBCRYPTO=-L.. -lcrypto
18904 +
18905 +SRC= $(LIBSRC) fips_standalone_hmac.c
18906 +
18907 +EXHEADER= fips.h fips_rand.h
18908 +HEADER= $(EXHEADER)
18909 +
18910 +ALL= $(GENERAL) $(SRC) $(HEADER)
18911 +
18912 +top:
18913 + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
18914 +
18915 +all: lib exe
18916 +
18917 +lib: $(LIBOBJ)
18918 + $(AR) $(LIB) $(LIBOBJ)
18919 + $(RANLIB) $(LIB) || echo Never mind.
18920 + @touch lib
18921 +
18922 +exe: $(EXE)
18923 +
18924 +files:
18925 + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
18926 +
18927 +links:
18928 + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
18929 + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
18930 + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
18931 +
18932 +install:
18933 + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
18934 + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
18935 + do \
18936 + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
18937 + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
18938 + done;
18939 +
18940 +tags:
18941 + ctags $(SRC)
18942 +
18943 +tests:
18944 +
18945 +lint:
18946 + lint -DLINT $(INCLUDES) $(SRC)>fluff
18947 +
18948 +depend:
18949 + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
18950 + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
18951 +
18952 +dclean:
18953 + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
18954 + mv -f Makefile.new $(MAKEFILE)
18955 +
18956 +clean:
18957 + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
18958 +
18959 +$(EXE): $(PROGRAM).o
18960 + FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../sha/$$i" ; done; \
18961 + $(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM
18962 +
18963 +# DO NOT DELETE THIS LINE -- make depend depends on it.
18964 +
18965 +fips.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
18966 +fips.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
18967 +fips.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
18968 +fips.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
18969 +fips.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
18970 +fips.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
18971 +fips.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
18972 +fips.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
18973 +fips.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
18974 +fips.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
18975 +fips.o: ../../include/openssl/symhacks.h fips.c fips_locl.h
18976 +fips_aes_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
18977 +fips_aes_selftest.o: ../../include/openssl/crypto.h
18978 +fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
18979 +fips_aes_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
18980 +fips_aes_selftest.o: ../../include/openssl/lhash.h
18981 +fips_aes_selftest.o: ../../include/openssl/obj_mac.h
18982 +fips_aes_selftest.o: ../../include/openssl/objects.h
18983 +fips_aes_selftest.o: ../../include/openssl/opensslconf.h
18984 +fips_aes_selftest.o: ../../include/openssl/opensslv.h
18985 +fips_aes_selftest.o: ../../include/openssl/ossl_typ.h
18986 +fips_aes_selftest.o: ../../include/openssl/safestack.h
18987 +fips_aes_selftest.o: ../../include/openssl/stack.h
18988 +fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c
18989 +fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
18990 +fips_des_selftest.o: ../../include/openssl/crypto.h
18991 +fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
18992 +fips_des_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
18993 +fips_des_selftest.o: ../../include/openssl/lhash.h
18994 +fips_des_selftest.o: ../../include/openssl/obj_mac.h
18995 +fips_des_selftest.o: ../../include/openssl/objects.h
18996 +fips_des_selftest.o: ../../include/openssl/opensslconf.h
18997 +fips_des_selftest.o: ../../include/openssl/opensslv.h
18998 +fips_des_selftest.o: ../../include/openssl/ossl_typ.h
18999 +fips_des_selftest.o: ../../include/openssl/safestack.h
19000 +fips_des_selftest.o: ../../include/openssl/stack.h
19001 +fips_des_selftest.o: ../../include/openssl/symhacks.h fips_des_selftest.c
19002 +fips_drbg_ctr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19003 +fips_drbg_ctr.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19004 +fips_drbg_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
19005 +fips_drbg_ctr.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
19006 +fips_drbg_ctr.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
19007 +fips_drbg_ctr.o: ../../include/openssl/objects.h
19008 +fips_drbg_ctr.o: ../../include/openssl/opensslconf.h
19009 +fips_drbg_ctr.o: ../../include/openssl/opensslv.h
19010 +fips_drbg_ctr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19011 +fips_drbg_ctr.o: ../../include/openssl/safestack.h
19012 +fips_drbg_ctr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
19013 +fips_drbg_ctr.o: fips_drbg_ctr.c fips_rand_lcl.h
19014 +fips_drbg_hash.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19015 +fips_drbg_hash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19016 +fips_drbg_hash.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
19017 +fips_drbg_hash.o: ../../include/openssl/fips.h
19018 +fips_drbg_hash.o: ../../include/openssl/fips_rand.h
19019 +fips_drbg_hash.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
19020 +fips_drbg_hash.o: ../../include/openssl/objects.h
19021 +fips_drbg_hash.o: ../../include/openssl/opensslconf.h
19022 +fips_drbg_hash.o: ../../include/openssl/opensslv.h
19023 +fips_drbg_hash.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19024 +fips_drbg_hash.o: ../../include/openssl/safestack.h
19025 +fips_drbg_hash.o: ../../include/openssl/stack.h
19026 +fips_drbg_hash.o: ../../include/openssl/symhacks.h fips_drbg_hash.c
19027 +fips_drbg_hash.o: fips_rand_lcl.h
19028 +fips_drbg_hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19029 +fips_drbg_hmac.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19030 +fips_drbg_hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
19031 +fips_drbg_hmac.o: ../../include/openssl/fips.h
19032 +fips_drbg_hmac.o: ../../include/openssl/fips_rand.h
19033 +fips_drbg_hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
19034 +fips_drbg_hmac.o: ../../include/openssl/objects.h
19035 +fips_drbg_hmac.o: ../../include/openssl/opensslconf.h
19036 +fips_drbg_hmac.o: ../../include/openssl/opensslv.h
19037 +fips_drbg_hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19038 +fips_drbg_hmac.o: ../../include/openssl/safestack.h
19039 +fips_drbg_hmac.o: ../../include/openssl/stack.h
19040 +fips_drbg_hmac.o: ../../include/openssl/symhacks.h fips_drbg_hmac.c
19041 +fips_drbg_hmac.o: fips_rand_lcl.h
19042 +fips_drbg_lib.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19043 +fips_drbg_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19044 +fips_drbg_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19045 +fips_drbg_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19046 +fips_drbg_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
19047 +fips_drbg_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
19048 +fips_drbg_lib.o: ../../include/openssl/objects.h
19049 +fips_drbg_lib.o: ../../include/openssl/opensslconf.h
19050 +fips_drbg_lib.o: ../../include/openssl/opensslv.h
19051 +fips_drbg_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19052 +fips_drbg_lib.o: ../../include/openssl/safestack.h
19053 +fips_drbg_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
19054 +fips_drbg_lib.o: fips_drbg_lib.c fips_locl.h fips_rand_lcl.h
19055 +fips_drbg_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19056 +fips_drbg_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19057 +fips_drbg_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19058 +fips_drbg_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19059 +fips_drbg_rand.o: ../../include/openssl/fips_rand.h
19060 +fips_drbg_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
19061 +fips_drbg_rand.o: ../../include/openssl/obj_mac.h
19062 +fips_drbg_rand.o: ../../include/openssl/objects.h
19063 +fips_drbg_rand.o: ../../include/openssl/opensslconf.h
19064 +fips_drbg_rand.o: ../../include/openssl/opensslv.h
19065 +fips_drbg_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19066 +fips_drbg_rand.o: ../../include/openssl/safestack.h
19067 +fips_drbg_rand.o: ../../include/openssl/stack.h
19068 +fips_drbg_rand.o: ../../include/openssl/symhacks.h fips_drbg_rand.c
19069 +fips_drbg_rand.o: fips_rand_lcl.h
19070 +fips_drbg_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19071 +fips_drbg_selftest.o: ../../include/openssl/bio.h
19072 +fips_drbg_selftest.o: ../../include/openssl/crypto.h
19073 +fips_drbg_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19074 +fips_drbg_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19075 +fips_drbg_selftest.o: ../../include/openssl/fips_rand.h
19076 +fips_drbg_selftest.o: ../../include/openssl/hmac.h
19077 +fips_drbg_selftest.o: ../../include/openssl/lhash.h
19078 +fips_drbg_selftest.o: ../../include/openssl/obj_mac.h
19079 +fips_drbg_selftest.o: ../../include/openssl/objects.h
19080 +fips_drbg_selftest.o: ../../include/openssl/opensslconf.h
19081 +fips_drbg_selftest.o: ../../include/openssl/opensslv.h
19082 +fips_drbg_selftest.o: ../../include/openssl/ossl_typ.h
19083 +fips_drbg_selftest.o: ../../include/openssl/rand.h
19084 +fips_drbg_selftest.o: ../../include/openssl/safestack.h
19085 +fips_drbg_selftest.o: ../../include/openssl/stack.h
19086 +fips_drbg_selftest.o: ../../include/openssl/symhacks.h fips_drbg_selftest.c
19087 +fips_drbg_selftest.o: fips_drbg_selftest.h fips_locl.h fips_rand_lcl.h
19088 +fips_dsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19089 +fips_dsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
19090 +fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
19091 +fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
19092 +fips_dsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
19093 +fips_dsa_selftest.o: ../../include/openssl/obj_mac.h
19094 +fips_dsa_selftest.o: ../../include/openssl/objects.h
19095 +fips_dsa_selftest.o: ../../include/openssl/opensslconf.h
19096 +fips_dsa_selftest.o: ../../include/openssl/opensslv.h
19097 +fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h
19098 +fips_dsa_selftest.o: ../../include/openssl/safestack.h
19099 +fips_dsa_selftest.o: ../../include/openssl/stack.h
19100 +fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
19101 +fips_dsa_selftest.o: fips_locl.h
19102 +fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19103 +fips_hmac_selftest.o: ../../include/openssl/crypto.h
19104 +fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19105 +fips_hmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19106 +fips_hmac_selftest.o: ../../include/openssl/hmac.h
19107 +fips_hmac_selftest.o: ../../include/openssl/lhash.h
19108 +fips_hmac_selftest.o: ../../include/openssl/obj_mac.h
19109 +fips_hmac_selftest.o: ../../include/openssl/objects.h
19110 +fips_hmac_selftest.o: ../../include/openssl/opensslconf.h
19111 +fips_hmac_selftest.o: ../../include/openssl/opensslv.h
19112 +fips_hmac_selftest.o: ../../include/openssl/ossl_typ.h
19113 +fips_hmac_selftest.o: ../../include/openssl/safestack.h
19114 +fips_hmac_selftest.o: ../../include/openssl/stack.h
19115 +fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c
19116 +fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19117 +fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
19118 +fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
19119 +fips_post.o: ../../include/openssl/err.h ../../include/openssl/evp.h
19120 +fips_post.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
19121 +fips_post.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
19122 +fips_post.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
19123 +fips_post.o: ../../include/openssl/opensslconf.h
19124 +fips_post.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
19125 +fips_post.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
19126 +fips_post.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
19127 +fips_post.o: ../../include/openssl/symhacks.h fips_locl.h fips_post.c
19128 +fips_rand.o: ../../e_os.h ../../include/openssl/aes.h
19129 +fips_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19130 +fips_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
19131 +fips_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h
19132 +fips_rand.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
19133 +fips_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
19134 +fips_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
19135 +fips_rand.o: ../../include/openssl/opensslconf.h
19136 +fips_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
19137 +fips_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
19138 +fips_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
19139 +fips_rand.o: fips_locl.h fips_rand.c
19140 +fips_rand_lib.o: ../../e_os.h ../../include/openssl/aes.h
19141 +fips_rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19142 +fips_rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
19143 +fips_rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
19144 +fips_rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
19145 +fips_rand_lib.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
19146 +fips_rand_lib.o: ../../include/openssl/obj_mac.h
19147 +fips_rand_lib.o: ../../include/openssl/objects.h
19148 +fips_rand_lib.o: ../../include/openssl/opensslconf.h
19149 +fips_rand_lib.o: ../../include/openssl/opensslv.h
19150 +fips_rand_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
19151 +fips_rand_lib.o: ../../include/openssl/safestack.h
19152 +fips_rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
19153 +fips_rand_lib.o: fips_rand_lib.c
19154 +fips_rand_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
19155 +fips_rand_selftest.o: ../../include/openssl/bio.h
19156 +fips_rand_selftest.o: ../../include/openssl/crypto.h
19157 +fips_rand_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19158 +fips_rand_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19159 +fips_rand_selftest.o: ../../include/openssl/fips_rand.h
19160 +fips_rand_selftest.o: ../../include/openssl/hmac.h
19161 +fips_rand_selftest.o: ../../include/openssl/lhash.h
19162 +fips_rand_selftest.o: ../../include/openssl/obj_mac.h
19163 +fips_rand_selftest.o: ../../include/openssl/objects.h
19164 +fips_rand_selftest.o: ../../include/openssl/opensslconf.h
19165 +fips_rand_selftest.o: ../../include/openssl/opensslv.h
19166 +fips_rand_selftest.o: ../../include/openssl/ossl_typ.h
19167 +fips_rand_selftest.o: ../../include/openssl/rand.h
19168 +fips_rand_selftest.o: ../../include/openssl/safestack.h
19169 +fips_rand_selftest.o: ../../include/openssl/stack.h
19170 +fips_rand_selftest.o: ../../include/openssl/symhacks.h fips_locl.h
19171 +fips_rand_selftest.o: fips_rand_selftest.c
19172 +fips_rsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19173 +fips_rsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
19174 +fips_rsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19175 +fips_rsa_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19176 +fips_rsa_selftest.o: ../../include/openssl/lhash.h
19177 +fips_rsa_selftest.o: ../../include/openssl/obj_mac.h
19178 +fips_rsa_selftest.o: ../../include/openssl/objects.h
19179 +fips_rsa_selftest.o: ../../include/openssl/opensslconf.h
19180 +fips_rsa_selftest.o: ../../include/openssl/opensslv.h
19181 +fips_rsa_selftest.o: ../../include/openssl/ossl_typ.h
19182 +fips_rsa_selftest.o: ../../include/openssl/rsa.h
19183 +fips_rsa_selftest.o: ../../include/openssl/safestack.h
19184 +fips_rsa_selftest.o: ../../include/openssl/stack.h
19185 +fips_rsa_selftest.o: ../../include/openssl/symhacks.h fips_rsa_selftest.c
19186 +fips_rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19187 +fips_rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
19188 +fips_rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19189 +fips_rsa_x931g.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
19190 +fips_rsa_x931g.o: ../../include/openssl/opensslconf.h
19191 +fips_rsa_x931g.o: ../../include/openssl/opensslv.h
19192 +fips_rsa_x931g.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
19193 +fips_rsa_x931g.o: ../../include/openssl/safestack.h
19194 +fips_rsa_x931g.o: ../../include/openssl/stack.h
19195 +fips_rsa_x931g.o: ../../include/openssl/symhacks.h fips_rsa_x931g.c
19196 +fips_sha_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
19197 +fips_sha_selftest.o: ../../include/openssl/crypto.h
19198 +fips_sha_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
19199 +fips_sha_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
19200 +fips_sha_selftest.o: ../../include/openssl/lhash.h
19201 +fips_sha_selftest.o: ../../include/openssl/obj_mac.h
19202 +fips_sha_selftest.o: ../../include/openssl/objects.h
19203 +fips_sha_selftest.o: ../../include/openssl/opensslconf.h
19204 +fips_sha_selftest.o: ../../include/openssl/opensslv.h
19205 +fips_sha_selftest.o: ../../include/openssl/ossl_typ.h
19206 +fips_sha_selftest.o: ../../include/openssl/safestack.h
19207 +fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
19208 +fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c
19209 diff -up openssl-1.0.1b/crypto/hmac/hmac.c.fips openssl-1.0.1b/crypto/hmac/hmac.c
19210 --- openssl-1.0.1b/crypto/hmac/hmac.c.fips 2011-06-12 17:07:26.000000000 +0200
19211 +++ openssl-1.0.1b/crypto/hmac/hmac.c 2012-04-26 18:00:51.409769496 +0200
19212 @@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
19213 EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
19214 return 0;
19215 }
19216 - /* Other algorithm blocking will be done in FIPS_cmac_init,
19217 - * via FIPS_hmac_init_ex().
19218 - */
19219 - if (!impl && !ctx->i_ctx.engine)
19220 - return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
19221 }
19222 #endif
19223
19224 @@ -99,6 +94,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
19225
19226 if (key != NULL)
19227 {
19228 +#ifdef OPENSSL_FIPS
19229 + if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
19230 + && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
19231 + || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
19232 + || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
19233 + goto err;
19234 +#endif
19235 reset=1;
19236 j=EVP_MD_block_size(md);
19237 OPENSSL_assert(j <= (int)sizeof(ctx->key));
19238 @@ -155,10 +157,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void
19239
19240 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
19241 {
19242 -#ifdef OPENSSL_FIPS
19243 - if (FIPS_mode() && !ctx->i_ctx.engine)
19244 - return FIPS_hmac_update(ctx, data, len);
19245 -#endif
19246 return EVP_DigestUpdate(&ctx->md_ctx,data,len);
19247 }
19248
19249 @@ -166,10 +164,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned c
19250 {
19251 unsigned int i;
19252 unsigned char buf[EVP_MAX_MD_SIZE];
19253 -#ifdef OPENSSL_FIPS
19254 - if (FIPS_mode() && !ctx->i_ctx.engine)
19255 - return FIPS_hmac_final(ctx, md, len);
19256 -#endif
19257
19258 if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
19259 goto err;
19260 @@ -209,13 +203,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_C
19261
19262 void HMAC_CTX_cleanup(HMAC_CTX *ctx)
19263 {
19264 -#ifdef OPENSSL_FIPS
19265 - if (FIPS_mode() && !ctx->i_ctx.engine)
19266 - {
19267 - FIPS_hmac_ctx_cleanup(ctx);
19268 - return;
19269 - }
19270 -#endif
19271 EVP_MD_CTX_cleanup(&ctx->i_ctx);
19272 EVP_MD_CTX_cleanup(&ctx->o_ctx);
19273 EVP_MD_CTX_cleanup(&ctx->md_ctx);
19274 diff -up openssl-1.0.1b/crypto/md2/md2_dgst.c.fips openssl-1.0.1b/crypto/md2/md2_dgst.c
19275 --- openssl-1.0.1b/crypto/md2/md2_dgst.c.fips 2011-06-01 15:39:43.000000000 +0200
19276 +++ openssl-1.0.1b/crypto/md2/md2_dgst.c 2012-04-26 18:00:51.409769496 +0200
19277 @@ -62,6 +62,11 @@
19278 #include <openssl/md2.h>
19279 #include <openssl/opensslv.h>
19280 #include <openssl/crypto.h>
19281 +#ifdef OPENSSL_FIPS
19282 +#include <openssl/fips.h>
19283 +#endif
19284 +
19285 +#include <openssl/err.h>
19286
19287 const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;
19288
19289 @@ -116,7 +121,7 @@ const char *MD2_options(void)
19290 return("md2(int)");
19291 }
19292
19293 -fips_md_init(MD2)
19294 +nonfips_md_init(MD2)
19295 {
19296 c->num=0;
19297 memset(c->state,0,sizeof c->state);
19298 diff -up openssl-1.0.1b/crypto/md4/md4_dgst.c.fips openssl-1.0.1b/crypto/md4/md4_dgst.c
19299 --- openssl-1.0.1b/crypto/md4/md4_dgst.c.fips 2011-06-01 15:39:43.000000000 +0200
19300 +++ openssl-1.0.1b/crypto/md4/md4_dgst.c 2012-04-26 18:00:51.409769496 +0200
19301 @@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V
19302 #define INIT_DATA_C (unsigned long)0x98badcfeL
19303 #define INIT_DATA_D (unsigned long)0x10325476L
19304
19305 -fips_md_init(MD4)
19306 +nonfips_md_init(MD4)
19307 {
19308 memset (c,0,sizeof(*c));
19309 c->A=INIT_DATA_A;
19310 diff -up openssl-1.0.1b/crypto/md5/md5_dgst.c.fips openssl-1.0.1b/crypto/md5/md5_dgst.c
19311 --- openssl-1.0.1b/crypto/md5/md5_dgst.c.fips 2011-06-01 15:39:43.000000000 +0200
19312 +++ openssl-1.0.1b/crypto/md5/md5_dgst.c 2012-04-26 18:00:51.409769496 +0200
19313 @@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V
19314 #define INIT_DATA_C (unsigned long)0x98badcfeL
19315 #define INIT_DATA_D (unsigned long)0x10325476L
19316
19317 -fips_md_init(MD5)
19318 +nonfips_md_init(MD5)
19319 {
19320 memset (c,0,sizeof(*c));
19321 c->A=INIT_DATA_A;
19322 diff -up openssl-1.0.1b/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1b/crypto/mdc2/mdc2dgst.c
19323 --- openssl-1.0.1b/crypto/mdc2/mdc2dgst.c.fips 2011-06-01 15:39:44.000000000 +0200
19324 +++ openssl-1.0.1b/crypto/mdc2/mdc2dgst.c 2012-04-26 18:00:51.691775656 +0200
19325 @@ -76,7 +76,7 @@
19326 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
19327
19328 static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
19329 -fips_md_init(MDC2)
19330 +nonfips_md_init(MDC2)
19331 {
19332 c->num=0;
19333 c->pad_type=1;
19334 diff -up openssl-1.0.1b/crypto/o_init.c.fips openssl-1.0.1b/crypto/o_init.c
19335 --- openssl-1.0.1b/crypto/o_init.c.fips 2011-05-26 16:19:19.000000000 +0200
19336 +++ openssl-1.0.1b/crypto/o_init.c 2012-04-26 18:00:51.696775766 +0200
19337 @@ -55,28 +55,63 @@
19338 #include <e_os.h>
19339 #include <openssl/err.h>
19340 #ifdef OPENSSL_FIPS
19341 +#include <sys/types.h>
19342 +#include <sys/stat.h>
19343 +#include <fcntl.h>
19344 +#include <unistd.h>
19345 +#include <errno.h>
19346 +#include <stdlib.h>
19347 #include <openssl/fips.h>
19348 #include <openssl/rand.h>
19349 +
19350 +#define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
19351 +
19352 +static void init_fips_mode(void)
19353 + {
19354 + char buf[2] = "0";
19355 + int fd;
19356 +
19357 + if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
19358 + {
19359 + buf[0] = '1';
19360 + }
19361 + else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0)
19362 + {
19363 + while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
19364 + close(fd);
19365 + }
19366 + /* Failure reading the fips mode switch file means just not
19367 + * switching into FIPS mode. We would break too many things
19368 + * otherwise.
19369 + */
19370 +
19371 + if (buf[0] == '1')
19372 + {
19373 + FIPS_mode_set(1);
19374 + }
19375 + }
19376 #endif
19377
19378 /* Perform any essential OpenSSL initialization operations.
19379 * Currently only sets FIPS callbacks
19380 */
19381
19382 -void OPENSSL_init(void)
19383 +void OPENSSL_init_library(void)
19384 {
19385 static int done = 0;
19386 if (done)
19387 return;
19388 done = 1;
19389 #ifdef OPENSSL_FIPS
19390 - FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
19391 - FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
19392 - FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
19393 RAND_init_fips();
19394 + init_fips_mode();
19395 #endif
19396 #if 0
19397 fprintf(stderr, "Called OPENSSL_init\n");
19398 #endif
19399 }
19400
19401 +void OPENSSL_init(void)
19402 + {
19403 + OPENSSL_init_library();
19404 + }
19405 diff -up openssl-1.0.1b/crypto/opensslconf.h.in.fips openssl-1.0.1b/crypto/opensslconf.h.in
19406 --- openssl-1.0.1b/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100
19407 +++ openssl-1.0.1b/crypto/opensslconf.h.in 2012-04-26 18:00:51.702775897 +0200
19408 @@ -1,5 +1,20 @@
19409 /* crypto/opensslconf.h.in */
19410
19411 +#ifdef OPENSSL_DOING_MAKEDEPEND
19412 +
19413 +/* Include any symbols here that have to be explicitly set to enable a feature
19414 + * that should be visible to makedepend.
19415 + *
19416 + * [Our "make depend" doesn't actually look at this, we use actual build settings
19417 + * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
19418 + */
19419 +
19420 +#ifndef OPENSSL_FIPS
19421 +#define OPENSSL_FIPS
19422 +#endif
19423 +
19424 +#endif
19425 +
19426 /* Generate 80386 code? */
19427 #undef I386_ONLY
19428
19429 diff -up openssl-1.0.1b/crypto/pkcs12/p12_crt.c.fips openssl-1.0.1b/crypto/pkcs12/p12_crt.c
19430 --- openssl-1.0.1b/crypto/pkcs12/p12_crt.c.fips 2009-03-09 14:08:04.000000000 +0100
19431 +++ openssl-1.0.1b/crypto/pkcs12/p12_crt.c 2012-04-26 18:00:51.708776028 +0200
19432 @@ -59,6 +59,10 @@
19433 #include <stdio.h>
19434 #include "cryptlib.h"
19435 #include <openssl/pkcs12.h>
19436 +#ifdef OPENSSL_FIPS
19437 +#include <openssl/fips.h>
19438 +#endif
19439 +
19440
19441
19442 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
19443 @@ -90,7 +94,14 @@ PKCS12 *PKCS12_create(char *pass, char *
19444
19445 /* Set defaults */
19446 if (!nid_cert)
19447 + {
19448 +#ifdef OPENSSL_FIPS
19449 + if (FIPS_mode())
19450 + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
19451 + else
19452 +#endif
19453 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
19454 + }
19455 if (!nid_key)
19456 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
19457 if (!iter)
19458 diff -up openssl-1.0.1b/crypto/rand/md_rand.c.fips openssl-1.0.1b/crypto/rand/md_rand.c
19459 --- openssl-1.0.1b/crypto/rand/md_rand.c.fips 2011-01-26 15:55:23.000000000 +0100
19460 +++ openssl-1.0.1b/crypto/rand/md_rand.c 2012-04-26 18:00:51.713776137 +0200
19461 @@ -389,7 +389,10 @@ static int ssleay_rand_bytes(unsigned ch
19462 CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
19463 crypto_lock_rand = 1;
19464
19465 - if (!initialized)
19466 + /* always poll for external entropy in FIPS mode, drbg provides the
19467 + * expansion
19468 + */
19469 + if (!initialized || FIPS_module_mode())
19470 {
19471 RAND_poll();
19472 initialized = 1;
19473 diff -up openssl-1.0.1b/crypto/rand/rand.h.fips openssl-1.0.1b/crypto/rand/rand.h
19474 --- openssl-1.0.1b/crypto/rand/rand.h.fips 2012-04-26 18:00:50.809756388 +0200
19475 +++ openssl-1.0.1b/crypto/rand/rand.h 2012-04-26 18:00:51.714776159 +0200
19476 @@ -133,15 +133,33 @@ void ERR_load_RAND_strings(void);
19477 /* Error codes for the RAND functions. */
19478
19479 /* Function codes. */
19480 +#define RAND_F_ENG_RAND_GET_RAND_METHOD 108
19481 +#define RAND_F_FIPS_RAND 103
19482 +#define RAND_F_FIPS_RAND_BYTES 102
19483 +#define RAND_F_FIPS_RAND_SET_DT 106
19484 +#define RAND_F_FIPS_X931_SET_DT 106
19485 +#define RAND_F_FIPS_SET_DT 104
19486 +#define RAND_F_FIPS_SET_PRNG_SEED 107
19487 +#define RAND_F_FIPS_SET_TEST_MODE 105
19488 #define RAND_F_RAND_GET_RAND_METHOD 101
19489 -#define RAND_F_RAND_INIT_FIPS 102
19490 +#define RAND_F_RAND_INIT_FIPS 109
19491 #define RAND_F_SSLEAY_RAND_BYTES 100
19492
19493 /* Reason codes. */
19494 -#define RAND_R_ERROR_INITIALISING_DRBG 102
19495 -#define RAND_R_ERROR_INSTANTIATING_DRBG 103
19496 -#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101
19497 +#define RAND_R_ERROR_INITIALISING_DRBG 112
19498 +#define RAND_R_ERROR_INSTANTIATING_DRBG 113
19499 +#define RAND_R_NON_FIPS_METHOD 105
19500 +#define RAND_R_NOT_IN_TEST_MODE 106
19501 +#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 111
19502 +#define RAND_R_NO_KEY_SET 107
19503 +#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101
19504 +#define RAND_R_PRNG_ERROR 108
19505 +#define RAND_R_PRNG_KEYED 109
19506 +#define RAND_R_PRNG_NOT_REKEYED 102
19507 +#define RAND_R_PRNG_NOT_RESEEDED 103
19508 #define RAND_R_PRNG_NOT_SEEDED 100
19509 +#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110
19510 +#define RAND_R_PRNG_STUCK 104
19511
19512 #ifdef __cplusplus
19513 }
19514 diff -up openssl-1.0.1b/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1b/crypto/ripemd/rmd_dgst.c
19515 --- openssl-1.0.1b/crypto/ripemd/rmd_dgst.c.fips 2011-06-01 15:39:44.000000000 +0200
19516 +++ openssl-1.0.1b/crypto/ripemd/rmd_dgst.c 2012-04-26 18:00:51.715776181 +0200
19517 @@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160"
19518 void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
19519 # endif
19520
19521 -fips_md_init(RIPEMD160)
19522 +nonfips_md_init(RIPEMD160)
19523 {
19524 memset (c,0,sizeof(*c));
19525 c->A=RIPEMD160_A;
19526 diff -up openssl-1.0.1b/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1b/crypto/rsa/rsa_crpt.c
19527 --- openssl-1.0.1b/crypto/rsa/rsa_crpt.c.fips 2011-06-02 20:22:42.000000000 +0200
19528 +++ openssl-1.0.1b/crypto/rsa/rsa_crpt.c 2012-04-26 18:00:51.715776181 +0200
19529 @@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const
19530 RSA *rsa, int padding)
19531 {
19532 #ifdef OPENSSL_FIPS
19533 - if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
19534 - && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
19535 + if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
19536 {
19537 - RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
19538 + RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
19539 return -1;
19540 }
19541 #endif
19542 @@ -118,10 +117,9 @@ int RSA_public_decrypt(int flen, const u
19543 RSA *rsa, int padding)
19544 {
19545 #ifdef OPENSSL_FIPS
19546 - if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
19547 - && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
19548 + if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
19549 {
19550 - RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
19551 + RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
19552 return -1;
19553 }
19554 #endif
19555 diff -up openssl-1.0.1b/crypto/rsa/rsa_eay.c.fips openssl-1.0.1b/crypto/rsa/rsa_eay.c
19556 --- openssl-1.0.1b/crypto/rsa/rsa_eay.c.fips 2011-10-19 16:58:59.000000000 +0200
19557 +++ openssl-1.0.1b/crypto/rsa/rsa_eay.c 2012-04-26 18:00:51.716776203 +0200
19558 @@ -114,6 +114,10 @@
19559 #include <openssl/bn.h>
19560 #include <openssl/rsa.h>
19561 #include <openssl/rand.h>
19562 +#include <openssl/err.h>
19563 +#ifdef OPENSSL_FIPS
19564 +#include <openssl/fips.h>
19565 +#endif
19566
19567 #ifndef RSA_NULL
19568
19569 @@ -138,7 +142,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth={
19570 BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */
19571 RSA_eay_init,
19572 RSA_eay_finish,
19573 - 0, /* flags */
19574 + RSA_FLAG_FIPS_METHOD, /* flags */
19575 NULL,
19576 0, /* rsa_sign */
19577 0, /* rsa_verify */
19578 @@ -158,6 +162,24 @@ static int RSA_eay_public_encrypt(int fl
19579 unsigned char *buf=NULL;
19580 BN_CTX *ctx=NULL;
19581
19582 +#ifdef OPENSSL_FIPS
19583 + if(FIPS_mode())
19584 + {
19585 + if (FIPS_selftest_failed())
19586 + {
19587 + FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
19588 + goto err;
19589 + }
19590 +
19591 + if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
19592 + && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
19593 + {
19594 + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
19595 + return -1;
19596 + }
19597 + }
19598 +#endif
19599 +
19600 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
19601 {
19602 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
19603 @@ -361,6 +383,24 @@ static int RSA_eay_private_encrypt(int f
19604 BIGNUM *unblind = NULL;
19605 BN_BLINDING *blinding = NULL;
19606
19607 +#ifdef OPENSSL_FIPS
19608 + if (FIPS_mode())
19609 + {
19610 + if(FIPS_selftest_failed())
19611 + {
19612 + FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
19613 + return -1;
19614 + }
19615 +
19616 + if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
19617 + && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
19618 + {
19619 + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
19620 + return -1;
19621 + }
19622 + }
19623 +#endif
19624 +
19625 if ((ctx=BN_CTX_new()) == NULL) goto err;
19626 BN_CTX_start(ctx);
19627 f = BN_CTX_get(ctx);
19628 @@ -504,6 +544,24 @@ static int RSA_eay_private_decrypt(int f
19629 BIGNUM *unblind = NULL;
19630 BN_BLINDING *blinding = NULL;
19631
19632 +#ifdef OPENSSL_FIPS
19633 + if (FIPS_mode())
19634 + {
19635 + if(FIPS_selftest_failed())
19636 + {
19637 + FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
19638 + return -1;
19639 + }
19640 +
19641 + if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
19642 + && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
19643 + {
19644 + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
19645 + return -1;
19646 + }
19647 + }
19648 +#endif
19649 +
19650 if((ctx = BN_CTX_new()) == NULL) goto err;
19651 BN_CTX_start(ctx);
19652 f = BN_CTX_get(ctx);
19653 @@ -639,6 +697,24 @@ static int RSA_eay_public_decrypt(int fl
19654 unsigned char *buf=NULL;
19655 BN_CTX *ctx=NULL;
19656
19657 +#ifdef OPENSSL_FIPS
19658 + if (FIPS_mode())
19659 + {
19660 + if(FIPS_selftest_failed())
19661 + {
19662 + FIPSerr(FIPS_F_RSA_EAY_PUBLIC_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
19663 + goto err;
19664 + }
19665 +
19666 + if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
19667 + && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
19668 + {
19669 + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
19670 + return -1;
19671 + }
19672 + }
19673 +#endif
19674 +
19675 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
19676 {
19677 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
19678 @@ -847,12 +923,12 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c
19679 if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
19680
19681 /* If p < q it is occasionally possible for the correction of
19682 - * adding 'p' if r0 is negative above to leave the result still
19683 + * adding 'p' if r0 is negative above to leave the result still
19684 * negative. This can break the private key operations: the following
19685 * second correction should *always* correct this rare occurrence.
19686 * This will *never* happen with OpenSSL generated keys because
19687 - * they ensure p > q [steve]
19688 - */
19689 + * they ensure p > q [steve]
19690 + */
19691 if (BN_is_negative(r0))
19692 if (!BN_add(r0,r0,rsa->p)) goto err;
19693 if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
19694 @@ -897,6 +973,9 @@ err:
19695
19696 static int RSA_eay_init(RSA *rsa)
19697 {
19698 +#ifdef OPENSSL_FIPS
19699 + FIPS_selftest_check();
19700 +#endif
19701 rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
19702 return(1);
19703 }
19704 diff -up openssl-1.0.1b/crypto/rsa/rsa_err.c.fips openssl-1.0.1b/crypto/rsa/rsa_err.c
19705 --- openssl-1.0.1b/crypto/rsa/rsa_err.c.fips 2011-10-10 01:13:50.000000000 +0200
19706 +++ openssl-1.0.1b/crypto/rsa/rsa_err.c 2012-04-26 18:00:51.717776225 +0200
19707 @@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]=
19708 {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"},
19709 {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
19710 {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
19711 +{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"},
19712 +{ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"},
19713 {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
19714 {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
19715 {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
19716 diff -up openssl-1.0.1b/crypto/rsa/rsa_gen.c.fips openssl-1.0.1b/crypto/rsa/rsa_gen.c
19717 --- openssl-1.0.1b/crypto/rsa/rsa_gen.c.fips 2011-06-09 15:18:07.000000000 +0200
19718 +++ openssl-1.0.1b/crypto/rsa/rsa_gen.c 2012-04-26 18:00:51.718776246 +0200
19719 @@ -69,6 +69,78 @@
19720 #include <openssl/rsa.h>
19721 #ifdef OPENSSL_FIPS
19722 #include <openssl/fips.h>
19723 +#include <openssl/err.h>
19724 +#include <openssl/evp.h>
19725 +
19726 +static int fips_rsa_pairwise_fail = 0;
19727 +
19728 +void FIPS_corrupt_rsa_keygen(void)
19729 + {
19730 + fips_rsa_pairwise_fail = 1;
19731 + }
19732 +
19733 +int fips_check_rsa(RSA *rsa)
19734 + {
19735 + const unsigned char tbs[] = "RSA Pairwise Check Data";
19736 + unsigned char *ctbuf = NULL, *ptbuf = NULL;
19737 + int len, ret = 0;
19738 + EVP_PKEY *pk;
19739 +
19740 + if ((pk=EVP_PKEY_new()) == NULL)
19741 + goto err;
19742 +
19743 + EVP_PKEY_set1_RSA(pk, rsa);
19744 +
19745 + /* Perform pairwise consistency signature test */
19746 + if (!fips_pkey_signature_test(pk, tbs, -1,
19747 + NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
19748 + || !fips_pkey_signature_test(pk, tbs, -1,
19749 + NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, NULL)
19750 + || !fips_pkey_signature_test(pk, tbs, -1,
19751 + NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, NULL))
19752 + goto err;
19753 + /* Now perform pairwise consistency encrypt/decrypt test */
19754 + ctbuf = OPENSSL_malloc(RSA_size(rsa));
19755 + if (!ctbuf)
19756 + goto err;
19757 +
19758 + len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING);
19759 + if (len <= 0)
19760 + goto err;
19761 + /* Check ciphertext doesn't match plaintext */
19762 + if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
19763 + goto err;
19764 + ptbuf = OPENSSL_malloc(RSA_size(rsa));
19765 +
19766 + if (!ptbuf)
19767 + goto err;
19768 + len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
19769 + if (len != (sizeof(tbs) - 1))
19770 + goto err;
19771 + if (memcmp(ptbuf, tbs, len))
19772 + goto err;
19773 +
19774 + ret = 1;
19775 +
19776 + if (!ptbuf)
19777 + goto err;
19778 +
19779 + err:
19780 + if (ret == 0)
19781 + {
19782 + fips_set_selftest_fail();
19783 + FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
19784 + }
19785 +
19786 + if (ctbuf)
19787 + OPENSSL_free(ctbuf);
19788 + if (ptbuf)
19789 + OPENSSL_free(ptbuf);
19790 + if (pk)
19791 + EVP_PKEY_free(pk);
19792 +
19793 + return ret;
19794 + }
19795 #endif
19796
19797 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
19798 @@ -81,7 +153,7 @@ static int rsa_builtin_keygen(RSA *rsa,
19799 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
19800 {
19801 #ifdef OPENSSL_FIPS
19802 - if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
19803 + if (FIPS_module_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
19804 && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
19805 {
19806 RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
19807 @@ -90,10 +162,6 @@ int RSA_generate_key_ex(RSA *rsa, int bi
19808 #endif
19809 if(rsa->meth->rsa_keygen)
19810 return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
19811 -#ifdef OPENSSL_FIPS
19812 - if (FIPS_mode())
19813 - return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
19814 -#endif
19815 return rsa_builtin_keygen(rsa, bits, e_value, cb);
19816 }
19817
19818 @@ -105,6 +173,23 @@ static int rsa_builtin_keygen(RSA *rsa,
19819 int bitsp,bitsq,ok= -1,n=0;
19820 BN_CTX *ctx=NULL;
19821
19822 +#ifdef OPENSSL_FIPS
19823 + if (FIPS_module_mode())
19824 + {
19825 + if(FIPS_selftest_failed())
19826 + {
19827 + FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED);
19828 + return 0;
19829 + }
19830 +
19831 + if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
19832 + {
19833 + FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
19834 + return 0;
19835 + }
19836 + }
19837 +#endif
19838 +
19839 ctx=BN_CTX_new();
19840 if (ctx == NULL) goto err;
19841 BN_CTX_start(ctx);
19842 @@ -216,6 +301,17 @@ static int rsa_builtin_keygen(RSA *rsa,
19843 p = rsa->p;
19844 if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
19845
19846 +#ifdef OPENSSL_FIPS
19847 + if (FIPS_module_mode())
19848 + {
19849 + if (fips_rsa_pairwise_fail)
19850 + BN_add_word(rsa->n, 1);
19851 +
19852 + if(!fips_check_rsa(rsa))
19853 + goto err;
19854 + }
19855 +#endif
19856 +
19857 ok=1;
19858 err:
19859 if (ok == -1)
19860 diff -up openssl-1.0.1b/crypto/rsa/rsa.h.fips openssl-1.0.1b/crypto/rsa/rsa.h
19861 --- openssl-1.0.1b/crypto/rsa/rsa.h.fips 2012-04-26 18:00:51.140763619 +0200
19862 +++ openssl-1.0.1b/crypto/rsa/rsa.h 2012-04-26 18:00:51.718776246 +0200
19863 @@ -164,6 +164,8 @@ struct rsa_st
19864 # define OPENSSL_RSA_MAX_MODULUS_BITS 16384
19865 #endif
19866
19867 +#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
19868 +
19869 #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
19870 # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
19871 #endif
19872 @@ -290,6 +292,11 @@ RSA * RSA_generate_key(int bits, unsigne
19873
19874 /* New version */
19875 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
19876 +int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
19877 + const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
19878 + const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
19879 + const BIGNUM *e, BN_GENCB *cb);
19880 +int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb);
19881
19882 int RSA_check_key(const RSA *);
19883 /* next 4 return -1 on error */
19884 @@ -487,7 +494,7 @@ void ERR_load_RSA_strings(void);
19885 #define RSA_F_RSA_PADDING_ADD_NONE 107
19886 #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
19887 #define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125
19888 -#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148
19889 +#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 158
19890 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
19891 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
19892 #define RSA_F_RSA_PADDING_ADD_SSLV23 110
19893 @@ -500,20 +507,22 @@ void ERR_load_RSA_strings(void);
19894 #define RSA_F_RSA_PADDING_CHECK_X931 128
19895 #define RSA_F_RSA_PRINT 115
19896 #define RSA_F_RSA_PRINT_FP 116
19897 -#define RSA_F_RSA_PRIVATE_DECRYPT 150
19898 -#define RSA_F_RSA_PRIVATE_ENCRYPT 151
19899 +#define RSA_F_RSA_PRIVATE_DECRYPT 157
19900 +#define RSA_F_RSA_PRIVATE_ENCRYPT 148
19901 #define RSA_F_RSA_PRIV_DECODE 137
19902 #define RSA_F_RSA_PRIV_ENCODE 138
19903 -#define RSA_F_RSA_PUBLIC_DECRYPT 152
19904 +#define RSA_F_RSA_PUBLIC_DECRYPT 149
19905 #define RSA_F_RSA_PUBLIC_ENCRYPT 153
19906 #define RSA_F_RSA_PUB_DECODE 139
19907 #define RSA_F_RSA_SETUP_BLINDING 136
19908 +#define RSA_F_RSA_SET_DEFAULT_METHOD 150
19909 +#define RSA_F_RSA_SET_METHOD 151
19910 #define RSA_F_RSA_SIGN 117
19911 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
19912 #define RSA_F_RSA_VERIFY 119
19913 #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
19914 #define RSA_F_RSA_VERIFY_PKCS1_PSS 126
19915 -#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149
19916 +#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 152
19917
19918 /* Reason codes. */
19919 #define RSA_R_ALGORITHM_MISMATCH 100
19920 @@ -542,21 +551,22 @@ void ERR_load_RSA_strings(void);
19921 #define RSA_R_INVALID_MGF1_MD 156
19922 #define RSA_R_INVALID_PADDING 138
19923 #define RSA_R_INVALID_PADDING_MODE 141
19924 -#define RSA_R_INVALID_PSS_PARAMETERS 149
19925 +#define RSA_R_INVALID_PSS_PARAMETERS 157
19926 #define RSA_R_INVALID_PSS_SALTLEN 146
19927 -#define RSA_R_INVALID_SALT_LENGTH 150
19928 +#define RSA_R_INVALID_SALT_LENGTH 158
19929 #define RSA_R_INVALID_TRAILER 139
19930 #define RSA_R_INVALID_X931_DIGEST 142
19931 #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
19932 #define RSA_R_KEY_SIZE_TOO_SMALL 120
19933 #define RSA_R_LAST_OCTET_INVALID 134
19934 #define RSA_R_MODULUS_TOO_LARGE 105
19935 -#define RSA_R_NON_FIPS_RSA_METHOD 157
19936 +#define RSA_R_NON_FIPS_RSA_METHOD 149
19937 +#define RSA_R_NON_FIPS_METHOD 149
19938 #define RSA_R_NO_PUBLIC_EXPONENT 140
19939 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
19940 #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
19941 #define RSA_R_OAEP_DECODING_ERROR 121
19942 -#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158
19943 +#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 150
19944 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
19945 #define RSA_R_PADDING_CHECK_FAILED 114
19946 #define RSA_R_P_NOT_PRIME 128
19947 diff -up openssl-1.0.1b/crypto/rsa/rsa_lib.c.fips openssl-1.0.1b/crypto/rsa/rsa_lib.c
19948 --- openssl-1.0.1b/crypto/rsa/rsa_lib.c.fips 2011-06-20 21:41:13.000000000 +0200
19949 +++ openssl-1.0.1b/crypto/rsa/rsa_lib.c 2012-04-26 18:00:51.719776267 +0200
19950 @@ -84,6 +84,13 @@ RSA *RSA_new(void)
19951
19952 void RSA_set_default_method(const RSA_METHOD *meth)
19953 {
19954 +#ifdef OPENSSL_FIPS
19955 + if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
19956 + {
19957 + RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
19958 + return;
19959 + }
19960 +#endif
19961 default_RSA_meth = meth;
19962 }
19963
19964 @@ -91,18 +98,11 @@ const RSA_METHOD *RSA_get_default_method
19965 {
19966 if (default_RSA_meth == NULL)
19967 {
19968 -#ifdef OPENSSL_FIPS
19969 - if (FIPS_mode())
19970 - return FIPS_rsa_pkcs1_ssleay();
19971 - else
19972 - return RSA_PKCS1_SSLeay();
19973 -#else
19974 #ifdef RSA_NULL
19975 default_RSA_meth=RSA_null_method();
19976 #else
19977 default_RSA_meth=RSA_PKCS1_SSLeay();
19978 #endif
19979 -#endif
19980 }
19981
19982 return default_RSA_meth;
19983 @@ -118,6 +118,13 @@ int RSA_set_method(RSA *rsa, const RSA_M
19984 /* NB: The caller is specifically setting a method, so it's not up to us
19985 * to deal with which ENGINE it comes from. */
19986 const RSA_METHOD *mtmp;
19987 +#ifdef OPENSSL_FIPS
19988 + if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
19989 + {
19990 + RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
19991 + return 0;
19992 + }
19993 +#endif
19994 mtmp = rsa->meth;
19995 if (mtmp->finish) mtmp->finish(rsa);
19996 #ifndef OPENSSL_NO_ENGINE
19997 @@ -170,6 +177,18 @@ RSA *RSA_new_method(ENGINE *engine)
19998 }
19999 }
20000 #endif
20001 +#ifdef OPENSSL_FIPS
20002 + if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD))
20003 + {
20004 + RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
20005 +#ifndef OPENSSL_NO_ENGINE
20006 + if (ret->engine)
20007 + ENGINE_finish(ret->engine);
20008 +#endif
20009 + OPENSSL_free(ret);
20010 + return NULL;
20011 + }
20012 +#endif
20013
20014 ret->pad=0;
20015 ret->version=0;
20016 @@ -188,7 +207,7 @@ RSA *RSA_new_method(ENGINE *engine)
20017 ret->blinding=NULL;
20018 ret->mt_blinding=NULL;
20019 ret->bignum_data=NULL;
20020 - ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
20021 + ret->flags=ret->meth->flags;
20022 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
20023 {
20024 #ifndef OPENSSL_NO_ENGINE
20025 diff -up openssl-1.0.1b/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1b/crypto/rsa/rsa_pmeth.c
20026 --- openssl-1.0.1b/crypto/rsa/rsa_pmeth.c.fips 2012-02-15 15:14:01.000000000 +0100
20027 +++ openssl-1.0.1b/crypto/rsa/rsa_pmeth.c 2012-04-26 18:00:51.720776289 +0200
20028 @@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c
20029 RSA_R_INVALID_DIGEST_LENGTH);
20030 return -1;
20031 }
20032 -#ifdef OPENSSL_FIPS
20033 - if (ret > 0)
20034 - {
20035 - unsigned int slen;
20036 - ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
20037 - rctx->pad_mode,
20038 - rctx->saltlen,
20039 - rctx->mgf1md,
20040 - sig, &slen);
20041 - if (ret > 0)
20042 - *siglen = slen;
20043 - else
20044 - *siglen = 0;
20045 - return ret;
20046 - }
20047 -#endif
20048
20049 if (EVP_MD_type(rctx->md) == NID_mdc2)
20050 {
20051 @@ -354,19 +338,6 @@ static int pkey_rsa_verify(EVP_PKEY_CTX
20052 #endif
20053 if (rctx->md)
20054 {
20055 -#ifdef OPENSSL_FIPS
20056 - if (rv > 0)
20057 - {
20058 - return FIPS_rsa_verify_digest(rsa,
20059 - tbs, tbslen,
20060 - rctx->md,
20061 - rctx->pad_mode,
20062 - rctx->saltlen,
20063 - rctx->mgf1md,
20064 - sig, siglen);
20065 -
20066 - }
20067 -#endif
20068 if (rctx->pad_mode == RSA_PKCS1_PADDING)
20069 return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
20070 sig, siglen, rsa);
20071 diff -up openssl-1.0.1b/crypto/rsa/rsa_sign.c.fips openssl-1.0.1b/crypto/rsa/rsa_sign.c
20072 --- openssl-1.0.1b/crypto/rsa/rsa_sign.c.fips 2012-02-15 15:00:09.000000000 +0100
20073 +++ openssl-1.0.1b/crypto/rsa/rsa_sign.c 2012-04-26 18:00:51.720776289 +0200
20074 @@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch
20075 i2d_X509_SIG(&sig,&p);
20076 s=tmps;
20077 }
20078 - i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
20079 + /* NB: call underlying method directly to avoid FIPS blocking */
20080 + i = rsa->meth->rsa_priv_enc ? rsa->meth->rsa_priv_enc(i,s,sigret,rsa,RSA_PKCS1_PADDING) : 0;
20081 if (i <= 0)
20082 ret=0;
20083 else
20084 @@ -178,8 +179,8 @@ int int_rsa_verify(int dtype, const unsi
20085
20086 if((dtype == NID_md5_sha1) && rm)
20087 {
20088 - i = RSA_public_decrypt((int)siglen,
20089 - sigbuf,rm,rsa,RSA_PKCS1_PADDING);
20090 + i = rsa->meth->rsa_pub_dec ? rsa->meth->rsa_pub_dec((int)siglen,
20091 + sigbuf,rm,rsa,RSA_PKCS1_PADDING) : 0;
20092 if (i <= 0)
20093 return 0;
20094 *prm_len = i;
20095 @@ -196,7 +197,8 @@ int int_rsa_verify(int dtype, const unsi
20096 RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
20097 goto err;
20098 }
20099 - i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
20100 + /* NB: call underlying method directly to avoid FIPS blocking */
20101 + i = rsa->meth->rsa_pub_dec ? rsa->meth->rsa_pub_dec((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING) : 0;
20102
20103 if (i <= 0) goto err;
20104 /* Oddball MDC2 case: signature can be OCTET STRING.
20105 diff -up openssl-1.0.1b/crypto/sha/sha256.c.fips openssl-1.0.1b/crypto/sha/sha256.c
20106 --- openssl-1.0.1b/crypto/sha/sha256.c.fips 2011-06-01 15:39:44.000000000 +0200
20107 +++ openssl-1.0.1b/crypto/sha/sha256.c 2012-04-26 18:00:51.721776312 +0200
20108 @@ -12,12 +12,19 @@
20109
20110 #include <openssl/crypto.h>
20111 #include <openssl/sha.h>
20112 +#ifdef OPENSSL_FIPS
20113 +#include <openssl/fips.h>
20114 +#endif
20115 +
20116 #include <openssl/opensslv.h>
20117
20118 const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
20119
20120 fips_md_init_ctx(SHA224, SHA256)
20121 {
20122 +#ifdef OPENSSL_FIPS
20123 + FIPS_selftest_check();
20124 +#endif
20125 memset (c,0,sizeof(*c));
20126 c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL;
20127 c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL;
20128 @@ -29,6 +36,9 @@ fips_md_init_ctx(SHA224, SHA256)
20129
20130 fips_md_init(SHA256)
20131 {
20132 +#ifdef OPENSSL_FIPS
20133 + FIPS_selftest_check();
20134 +#endif
20135 memset (c,0,sizeof(*c));
20136 c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL;
20137 c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
20138 diff -up openssl-1.0.1b/crypto/sha/sha512.c.fips openssl-1.0.1b/crypto/sha/sha512.c
20139 --- openssl-1.0.1b/crypto/sha/sha512.c.fips 2011-11-14 21:58:01.000000000 +0100
20140 +++ openssl-1.0.1b/crypto/sha/sha512.c 2012-04-26 18:00:51.722776334 +0200
20141 @@ -5,6 +5,10 @@
20142 * ====================================================================
20143 */
20144 #include <openssl/opensslconf.h>
20145 +#ifdef OPENSSL_FIPS
20146 +#include <openssl/fips.h>
20147 +#endif
20148 +
20149 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
20150 /*
20151 * IMPLEMENTATION NOTES.
20152 @@ -61,6 +65,9 @@ const char SHA512_version[]="SHA-512" OP
20153
20154 fips_md_init_ctx(SHA384, SHA512)
20155 {
20156 +#ifdef OPENSSL_FIPS
20157 + FIPS_selftest_check();
20158 +#endif
20159 c->h[0]=U64(0xcbbb9d5dc1059ed8);
20160 c->h[1]=U64(0x629a292a367cd507);
20161 c->h[2]=U64(0x9159015a3070dd17);
20162 @@ -77,6 +84,9 @@ fips_md_init_ctx(SHA384, SHA512)
20163
20164 fips_md_init(SHA512)
20165 {
20166 +#ifdef OPENSSL_FIPS
20167 + FIPS_selftest_check();
20168 +#endif
20169 c->h[0]=U64(0x6a09e667f3bcc908);
20170 c->h[1]=U64(0xbb67ae8584caa73b);
20171 c->h[2]=U64(0x3c6ef372fe94f82b);
20172 diff -up openssl-1.0.1b/crypto/sha/sha.h.fips openssl-1.0.1b/crypto/sha/sha.h
20173 --- openssl-1.0.1b/crypto/sha/sha.h.fips 2012-04-26 18:00:50.616752170 +0200
20174 +++ openssl-1.0.1b/crypto/sha/sha.h 2012-04-26 18:00:51.722776334 +0200
20175 @@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char *
20176 void SHA_Transform(SHA_CTX *c, const unsigned char *data);
20177 #endif
20178 #ifndef OPENSSL_NO_SHA1
20179 -#ifdef OPENSSL_FIPS
20180 -int private_SHA1_Init(SHA_CTX *c);
20181 -#endif
20182 int SHA1_Init(SHA_CTX *c);
20183 int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
20184 int SHA1_Final(unsigned char *md, SHA_CTX *c);
20185 @@ -141,10 +138,6 @@ typedef struct SHA256state_st
20186 } SHA256_CTX;
20187
20188 #ifndef OPENSSL_NO_SHA256
20189 -#ifdef OPENSSL_FIPS
20190 -int private_SHA224_Init(SHA256_CTX *c);
20191 -int private_SHA256_Init(SHA256_CTX *c);
20192 -#endif
20193 int SHA224_Init(SHA256_CTX *c);
20194 int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
20195 int SHA224_Final(unsigned char *md, SHA256_CTX *c);
20196 @@ -192,10 +185,6 @@ typedef struct SHA512state_st
20197 #endif
20198
20199 #ifndef OPENSSL_NO_SHA512
20200 -#ifdef OPENSSL_FIPS
20201 -int private_SHA384_Init(SHA512_CTX *c);
20202 -int private_SHA512_Init(SHA512_CTX *c);
20203 -#endif
20204 int SHA384_Init(SHA512_CTX *c);
20205 int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
20206 int SHA384_Final(unsigned char *md, SHA512_CTX *c);
20207 diff -up openssl-1.0.1b/crypto/sha/sha_locl.h.fips openssl-1.0.1b/crypto/sha/sha_locl.h
20208 --- openssl-1.0.1b/crypto/sha/sha_locl.h.fips 2012-04-26 18:00:50.622752302 +0200
20209 +++ openssl-1.0.1b/crypto/sha/sha_locl.h 2012-04-26 18:00:51.723776356 +0200
20210 @@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c,
20211 #define INIT_DATA_h4 0xc3d2e1f0UL
20212
20213 #ifdef SHA_0
20214 -fips_md_init(SHA)
20215 +nonfips_md_init(SHA)
20216 #else
20217 fips_md_init_ctx(SHA1, SHA)
20218 #endif
20219 {
20220 +#if defined(SHA_1) && defined(OPENSSL_FIPS)
20221 + FIPS_selftest_check();
20222 +#endif
20223 memset (c,0,sizeof(*c));
20224 c->h0=INIT_DATA_h0;
20225 c->h1=INIT_DATA_h1;
20226 diff -up openssl-1.0.1b/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1b/crypto/whrlpool/wp_dgst.c
20227 --- openssl-1.0.1b/crypto/whrlpool/wp_dgst.c.fips 2011-06-01 15:39:45.000000000 +0200
20228 +++ openssl-1.0.1b/crypto/whrlpool/wp_dgst.c 2012-04-26 18:00:51.724776378 +0200
20229 @@ -55,7 +55,7 @@
20230 #include <openssl/crypto.h>
20231 #include <string.h>
20232
20233 -fips_md_init(WHIRLPOOL)
20234 +nonfips_md_init(WHIRLPOOL)
20235 {
20236 memset (c,0,sizeof(*c));
20237 return(1);
20238 diff -up openssl-1.0.1b/Makefile.org.fips openssl-1.0.1b/Makefile.org
20239 --- openssl-1.0.1b/Makefile.org.fips 2012-04-26 18:00:51.350768207 +0200
20240 +++ openssl-1.0.1b/Makefile.org 2012-04-26 18:00:51.724776378 +0200
20241 @@ -136,6 +136,9 @@ FIPSCANLIB=
20242
20243 BASEADDR=
20244
20245 +# Non-empty if FIPS enabled
20246 +FIPS=
20247 +
20248 DIRS= crypto ssl engines apps test tools
20249 ENGDIRS= ccgost
20250 SHLIBDIRS= crypto ssl
20251 @@ -148,7 +151,7 @@ SDIRS= \
20252 bn ec rsa dsa ecdsa dh ecdh dso engine \
20253 buffer bio stack lhash rand err \
20254 evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
20255 - cms pqueue ts jpake srp store cmac
20256 + cms pqueue ts jpake srp store cmac fips
20257 # keep in mind that the above list is adjusted by ./Configure
20258 # according to no-xxx arguments...
20259
20260 @@ -237,6 +240,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESS
20261 FIPSLIBDIR='${FIPSLIBDIR}' \
20262 FIPSDIR='${FIPSDIR}' \
20263 FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
20264 + FIPS="$${FIPS:-$(FIPS)}" \
20265 THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
20266 # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
20267 # which in turn eliminates ambiguities in variable treatment with -e.
20268 diff -up openssl-1.0.1b/ssl/ssl_algs.c.fips openssl-1.0.1b/ssl/ssl_algs.c
20269 --- openssl-1.0.1b/ssl/ssl_algs.c.fips 2012-01-15 14:42:50.000000000 +0100
20270 +++ openssl-1.0.1b/ssl/ssl_algs.c 2012-04-26 18:00:51.725776399 +0200
20271 @@ -64,6 +64,12 @@
20272 int SSL_library_init(void)
20273 {
20274
20275 +#ifdef OPENSSL_FIPS
20276 + OPENSSL_init_library();
20277 + if (!FIPS_mode())
20278 + {
20279 +#endif
20280 +
20281 #ifndef OPENSSL_NO_DES
20282 EVP_add_cipher(EVP_des_cbc());
20283 EVP_add_cipher(EVP_des_ede3_cbc());
20284 @@ -136,6 +142,50 @@ int SSL_library_init(void)
20285 EVP_add_digest(EVP_sha());
20286 EVP_add_digest(EVP_dss());
20287 #endif
20288 +#ifdef OPENSSL_FIPS
20289 + }
20290 + else
20291 + {
20292 +#ifndef OPENSSL_NO_DES
20293 + EVP_add_cipher(EVP_des_ede3_cbc());
20294 +#endif
20295 +#ifndef OPENSSL_NO_AES
20296 + EVP_add_cipher(EVP_aes_128_cbc());
20297 + EVP_add_cipher(EVP_aes_192_cbc());
20298 + EVP_add_cipher(EVP_aes_256_cbc());
20299 + EVP_add_cipher(EVP_aes_128_gcm());
20300 + EVP_add_cipher(EVP_aes_256_gcm());
20301 +#endif
20302 +#ifndef OPENSSL_NO_MD5
20303 + /* needed even in the FIPS mode for TLS MAC */
20304 + EVP_add_digest(EVP_md5());
20305 + EVP_add_digest_alias(SN_md5,"ssl2-md5");
20306 + EVP_add_digest_alias(SN_md5,"ssl3-md5");
20307 +#endif
20308 +#ifndef OPENSSL_NO_SHA
20309 + EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
20310 + EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
20311 + EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
20312 +#endif
20313 +#ifndef OPENSSL_NO_SHA256
20314 + EVP_add_digest(EVP_sha224());
20315 + EVP_add_digest(EVP_sha256());
20316 +#endif
20317 +#ifndef OPENSSL_NO_SHA512
20318 + EVP_add_digest(EVP_sha384());
20319 + EVP_add_digest(EVP_sha512());
20320 +#endif
20321 +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
20322 + EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
20323 + EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
20324 + EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
20325 + EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
20326 +#endif
20327 +#ifndef OPENSSL_NO_ECDSA
20328 + EVP_add_digest(EVP_ecdsa());
20329 +#endif
20330 + }
20331 +#endif
20332 #ifndef OPENSSL_NO_COMP
20333 /* This will initialise the built-in compression algorithms.
20334 The value returned is a STACK_OF(SSL_COMP), but that can
Alex's tree of IPFire 3.x