generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use common source files for FIPS mode and utilize same optimizations.

Browse Source
This commit is contained in:
Dr. Stephen Henson
2007-07-10 21:24:32 +00:00
parent 218ba8cb9d
commit 475631c31a
18 changed files with 54 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@@ -4,6 +4,11 @@
Changes between 0.9.8e and 0.9.8f-fips [xx XXX xxxx] Changes between 0.9.8e and 0.9.8f-fips [xx XXX xxxx]
*) Use standard implementations of SHAx, DES, AES under crypto/ in FIPS
mode to avoid having to maintain two versions. This will also make use
of appropriate assembly language optimizations.
[Steve Henson]
*) Check for selftest status in all crypto operations and exit with a *) Check for selftest status in all crypto operations and exit with a
fatal error if selftest failed. fatal error if selftest failed.
[Steve Henson] [Steve Henson]

19
Configure
View File

@@ -1223,24 +1223,8 @@ $bn_obj = $bn_asm unless $bn_obj ne "";
$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/); $cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/);
$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/); $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/);
my $fips_des_obj;
my $fips_aes_obj;
my $fips_sha1_obj;
if ($fips) if ($fips)
{ {
if ($des_obj =~ /\-elf\.o$/)
{
$fips_des_obj='asm/fips-dx86-elf.o';
$openssl_other_defines.="#define OPENSSL_FIPS_DES_ASM\n";
$fips_aes_obj='asm/fips-ax86-elf.o';
$openssl_other_defines.="#define OPENSSL_FIPS_AES_ASM\n";
}
else {
$fips_des_obj=$fips_des_enc;
$fips_aes_obj='fips_aes_core.o';
}
$fips_sha1_obj='asm/fips-sx86-elf.o' if ($sha1_obj =~ /\-elf\.o$/);
$des_obj=$sha1_obj=$aes_obj="";
$openssl_other_defines.="#define OPENSSL_FIPS\n"; $openssl_other_defines.="#define OPENSSL_FIPS\n";
} }
@@ -1354,8 +1338,6 @@ while (<IN>)
s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/; s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/; s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
s/^BN_ASM=.*$/BN_ASM= $bn_obj/; s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
s/^FIPS_DES_ENC=.*$/FIPS_DES_ENC= $fips_des_obj/;
s/^FIPS_AES_ENC=.*$/FIPS_AES_ENC= $fips_aes_obj/;
s/^DES_ENC=.*$/DES_ENC= $des_obj/; s/^DES_ENC=.*$/DES_ENC= $des_obj/;
s/^AES_ASM_OBJ=.*$/AES_ASM_OBJ= $aes_obj/; s/^AES_ASM_OBJ=.*$/AES_ASM_OBJ= $aes_obj/;
s/^BF_ENC=.*$/BF_ENC= $bf_obj/; s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
@@ -1364,7 +1346,6 @@ while (<IN>)
s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/; s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/; s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/; s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
s/^FIPS_SHA1_ASM_OBJ=.*$/FIPS_SHA1_ASM_OBJ= $fips_sha1_obj/;
s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
s/^PROCESSOR=.*/PROCESSOR= $processor/; s/^PROCESSOR=.*/PROCESSOR= $processor/;
s/^RANLIB=.*/RANLIB= $ranlib/; s/^RANLIB=.*/RANLIB= $ranlib/;

17
Makefile.org
View File

@@ -87,8 +87,6 @@ PROCESSOR=
# CPUID module collects small commonly used assembler snippets # CPUID module collects small commonly used assembler snippets
CPUID_OBJ= CPUID_OBJ=
BN_ASM= bn_asm.o BN_ASM= bn_asm.o
FIPS_DES_ENC= des_enc.o fcrypt_b.o
FIPS_AES_ENC= fips_aes_core.o
DES_ENC= des_enc.o fcrypt_b.o DES_ENC= des_enc.o fcrypt_b.o
AES_ASM_OBJ=aes_core.o aes_cbc.o AES_ASM_OBJ=aes_core.o aes_cbc.o
BF_ENC= bf_enc.o BF_ENC= bf_enc.o
@@ -96,7 +94,6 @@ CAST_ENC= c_enc.o
RC4_ENC= rc4_enc.o RC4_ENC= rc4_enc.o
RC5_ENC= rc5_enc.o RC5_ENC= rc5_enc.o
MD5_ASM_OBJ= MD5_ASM_OBJ=
FIPS_SHA1_ASM_OBJ=
SHA1_ASM_OBJ= SHA1_ASM_OBJ=
RMD160_ASM_OBJ= RMD160_ASM_OBJ=
@@ -222,9 +219,6 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \ SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
MD5_ASM_OBJ='${MD5_ASM_OBJ}' \ MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \ RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' \
FIPS_DES_ENC='${FIPS_DES_ENC}' \
FIPS_AES_ENC='${FIPS_AES_ENC}' \
FIPSLIBDIR='${FIPSLIBDIR}' FIPSCANLIB='${FIPSCANLIB}' \ FIPSLIBDIR='${FIPSLIBDIR}' FIPSCANLIB='${FIPSCANLIB}' \
FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \ FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \
FIPS_EX_OBJ='${FIPS_EX_OBJ}' \ FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
@@ -259,8 +253,7 @@ BUILD_ONE_CMD=\
reflect: reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
../crypto/aes/aes_cfb.o \
../crypto/aes/aes_ecb.o \ ../crypto/aes/aes_ecb.o \
../crypto/aes/aes_ofb.o \ ../crypto/aes/aes_ofb.o \
../crypto/bn/bn_add.o \ ../crypto/bn/bn_add.o \
@@ -286,13 +279,12 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \
../crypto/des/cfb64ede.o \ ../crypto/des/cfb64ede.o \
../crypto/des/cfb64enc.o \ ../crypto/des/cfb64enc.o \
../crypto/des/cfb_enc.o \ ../crypto/des/cfb_enc.o \
../crypto/des/des_enc.o \
../crypto/des/ecb3_enc.o \ ../crypto/des/ecb3_enc.o \
../crypto/des/ecb_enc.o \ ../crypto/des/ecb_enc.o \
../crypto/des/ofb64ede.o \ ../crypto/des/ofb64ede.o \
../crypto/des/ofb64enc.o \ ../crypto/des/ofb64enc.o \
../crypto/des/fcrypt_b.o \
../crypto/des/fcrypt.o \ ../crypto/des/fcrypt.o \
../crypto/des/set_key.o \
../crypto/dsa/dsa_utl.o \ ../crypto/dsa/dsa_utl.o \
../crypto/dsa/dsa_sign.o \ ../crypto/dsa/dsa_sign.o \
../crypto/dsa/dsa_vrf.o \ ../crypto/dsa/dsa_vrf.o \
@@ -319,6 +311,9 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \
../crypto/rsa/rsa_pss.o \ ../crypto/rsa/rsa_pss.o \
../crypto/rsa/rsa_ssl.o \ ../crypto/rsa/rsa_ssl.o \
../crypto/rsa/rsa_x931.o \ ../crypto/rsa/rsa_x931.o \
../crypto/sha/sha1dgst.o \
../crypto/sha/sha256.o \
../crypto/sha/sha512.o \
../crypto/uid.o ../crypto/uid.o
sub_all: build_all sub_all: build_all
@@ -328,7 +323,7 @@ build_libs: build_crypto build_fips build_ssl build_engines
build_crypto: build_crypto:
if [ -n "$(FIPSCANLIB)" ]; then \ if [ -n "$(FIPSCANLIB)" ]; then \
EXCL_OBJ='$(BN_ASM) $(CPUID_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \ EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \ ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
else \ else \
ARX='${AR}' ; \ ARX='${AR}' ; \

8
crypto/aes/aes_core.c
View File

@@ -39,8 +39,6 @@
#include <openssl/aes.h> #include <openssl/aes.h>
#include "aes_locl.h" #include "aes_locl.h"
#ifndef OPENSSL_FIPS
/* /*
Te0[x] = S [x].[02, 01, 01, 03]; Te0[x] = S [x].[02, 01, 01, 03];
Te1[x] = S [x].[03, 02, 01, 01]; Te1[x] = S [x].[03, 02, 01, 01];
@@ -633,6 +631,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
int i = 0; int i = 0;
u32 temp; u32 temp;
#ifdef OPENSSL_FIPS
FIPS_selftest_check();
#endif
if (!userKey || !key) if (!userKey || !key)
return -1; return -1;
if (bits != 128 && bits != 192 && bits != 256) if (bits != 128 && bits != 192 && bits != 256)
@@ -1159,5 +1161,3 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
} }
#endif /* AES_ASM */ #endif /* AES_ASM */
#endif

4
crypto/des/des_enc.c
View File

@@ -58,8 +58,6 @@
#include "des_locl.h" #include "des_locl.h"
#ifndef OPENSSL_FIPS
void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
{ {
register DES_LONG l,r,t,u; register DES_LONG l,r,t,u;
@@ -289,8 +287,6 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
data[1]=r; data[1]=r;
} }
#endif
#ifndef DES_DEFAULT_OPTIONS #ifndef DES_DEFAULT_OPTIONS
#if !defined(OPENSSL_FIPS_DES_ASM) #if !defined(OPENSSL_FIPS_DES_ASM)

7
crypto/des/set_key.c
View File

@@ -65,8 +65,6 @@
*/ */
#include "des_locl.h" #include "des_locl.h"
#ifndef OPENSSL_FIPS
OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */ OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */
static const unsigned char odd_parity[256]={ static const unsigned char odd_parity[256]={
@@ -351,6 +349,10 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
k = &schedule->ks->deslong[0]; k = &schedule->ks->deslong[0];
in = &(*key)[0]; in = &(*key)[0];
#ifdef OPENSSL_FIPS
FIPS_selftest_check();
#endif
c2l(in,c); c2l(in,c);
c2l(in,d); c2l(in,d);
@@ -408,4 +410,3 @@ void des_fixup_key_parity(des_cblock *key)
} }
*/ */
#endif

2
crypto/sha/sha1_one.c
View File

@@ -61,7 +61,7 @@
#include <openssl/sha.h> #include <openssl/sha.h>
#include <openssl/crypto.h> #include <openssl/crypto.h>
#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_FIPS) #if !defined(OPENSSL_NO_SHA1)
unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
{ {
SHA_CTX c; SHA_CTX c;

7
crypto/sha/sha1dgst.c
View File

@@ -64,18 +64,11 @@
#include <openssl/opensslv.h> #include <openssl/opensslv.h>
#ifndef OPENSSL_FIPS
const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
/* The implementation is in ../md32_common.h */ /* The implementation is in ../md32_common.h */
#include "sha_locl.h" #include "sha_locl.h"
#else
static void *dummy=&dummy;
#endif
#endif #endif

10
crypto/sha/sha256.c
View File

@@ -15,12 +15,13 @@
#include <openssl/fips.h> #include <openssl/fips.h>
#include <openssl/opensslv.h> #include <openssl/opensslv.h>
#ifndef OPENSSL_FIPS
const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT; const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
int SHA224_Init (SHA256_CTX *c) int SHA224_Init (SHA256_CTX *c)
{ {
#ifdef OPENSSL_FIPS
FIPS_selftest_check();
#endif
c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL;
c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL; c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL;
c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL; c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL;
@@ -32,6 +33,9 @@ int SHA224_Init (SHA256_CTX *c)
int SHA256_Init (SHA256_CTX *c) int SHA256_Init (SHA256_CTX *c)
{ {
#ifdef OPENSSL_FIPS
FIPS_selftest_check();
#endif
c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL;
c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL; c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL;
@@ -320,5 +324,3 @@ void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
{ sha256_block (ctx,in,num,0); } { sha256_block (ctx,in,num,0); }
#endif /* OPENSSL_NO_SHA256 */ #endif /* OPENSSL_NO_SHA256 */
#endif

8
crypto/sha/sha512.c
View File

@@ -6,7 +6,7 @@
*/ */
#include <openssl/opensslconf.h> #include <openssl/opensslconf.h>
#include <openssl/fips.h> #include <openssl/fips.h>
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) && !defined(OPENSSL_FIPS) #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
/* /*
* IMPLEMENTATION NOTES. * IMPLEMENTATION NOTES.
* *
@@ -59,6 +59,9 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
int SHA384_Init (SHA512_CTX *c) int SHA384_Init (SHA512_CTX *c)
{ {
#ifdef OPENSSL_FIPS
FIPS_selftest_check();
#endif
c->h[0]=U64(0xcbbb9d5dc1059ed8); c->h[0]=U64(0xcbbb9d5dc1059ed8);
c->h[1]=U64(0x629a292a367cd507); c->h[1]=U64(0x629a292a367cd507);
c->h[2]=U64(0x9159015a3070dd17); c->h[2]=U64(0x9159015a3070dd17);
@@ -74,6 +77,9 @@ int SHA384_Init (SHA512_CTX *c)
int SHA512_Init (SHA512_CTX *c) int SHA512_Init (SHA512_CTX *c)
{ {
#ifdef OPENSSL_FIPS
FIPS_selftest_check();
#endif
c->h[0]=U64(0x6a09e667f3bcc908); c->h[0]=U64(0x6a09e667f3bcc908);
c->h[1]=U64(0xbb67ae8584caa73b); c->h[1]=U64(0xbb67ae8584caa73b);
c->h[2]=U64(0x3c6ef372fe94f82b); c->h[2]=U64(0x3c6ef372fe94f82b);

3
crypto/sha/sha_locl.h
View File

@@ -151,6 +151,9 @@ FIPS_NON_FIPS_MD_Init(SHA)
int HASH_INIT (SHA_CTX *c) int HASH_INIT (SHA_CTX *c)
#endif #endif
{ {
#if defined(SHA_1) && defined(OPENSSL_FIPS)
FIPS_selftest_check();
#endif
c->h0=INIT_DATA_h0; c->h0=INIT_DATA_h0;
c->h1=INIT_DATA_h1; c->h1=INIT_DATA_h1;
c->h2=INIT_DATA_h2; c->h2=INIT_DATA_h2;

7
fips-1.0/Makefile
View File

@@ -81,13 +81,16 @@ all:
# vendor compiler drivers... # vendor compiler drivers...
fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o
@FIPS_BN_ASM=""; for i in $(BN_ASM) ; do FIPS_BN_ASM="$$FIPS_BN_ASM ../crypto/bn/$$i" ; done; \ FIPS_ASM=""; for i in $(BN_ASM) ; do FIPS_ASM="$$FIPS_ASM ../crypto/bn/$$i" ; done; \
for i in $(AES_ASM_OBJ) ; do FIPS_ASM="$$FIPS_ASM ../crypto/aes/$$i" ; done; \
for i in $(DES_ENC) ; do FIPS_ASM="$$FIPS_ASM ../crypto/des/$$i" ; done; \
for i in $(SHA1_ASM_OBJ) ; do FIPS_ASM="$$FIPS_ASM ../crypto/sha/$$i" ; done; \
if [ -n "$(CPUID_OBJ)" ]; then \ if [ -n "$(CPUID_OBJ)" ]; then \
CPUID=../crypto/$(CPUID_OBJ) ; \ CPUID=../crypto/$(CPUID_OBJ) ; \
else \ else \
CPUID="" ; \ CPUID="" ; \
fi ; \ fi ; \
objs="fips_start.o $(LIBOBJ) $(FIPS_EX_OBJ) $$CPUID $$FIPS_BN_ASM"; \ objs="fips_start.o $(LIBOBJ) $(FIPS_EX_OBJ) $$CPUID $$FIPS_ASM"; \
for i in $(FIPS_OBJ_LISTS); do \ for i in $(FIPS_OBJ_LISTS); do \
dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \ dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \
objs="$$objs `sed "$$script" $$i`"; \ objs="$$objs `sed "$$script" $$i`"; \

7
fips-1.0/aes/Makefile
View File

@@ -15,8 +15,6 @@ MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile MAKEFILE= Makefile
AR= ar r AR= ar r
FIPS_AES_ENC=fips_aes_core.o
ASFLAGS= $(INCLUDES) $(ASFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG)
AFLAGS= $(ASFLAGS) AFLAGS= $(ASFLAGS)
@@ -28,8 +26,8 @@ TESTDATA=fips_aes_data
APPS= APPS=
LIB=$(TOP)/libcrypto.a LIB=$(TOP)/libcrypto.a
LIBSRC=fips_aes_core.c asm/fips-ax86-elf.s fips_aes_selftest.c LIBSRC=fips_aes_selftest.c
LIBOBJ=$(FIPS_AES_ENC) fips_aes_selftest.o LIBOBJ=fips_aes_selftest.o
SRC= $(LIBSRC) SRC= $(LIBSRC)
@@ -44,7 +42,6 @@ top:
all: lib all: lib
lib: $(LIBOBJ) lib: $(LIBOBJ)
echo FIPS_AES_ENC: $(FIPS_AES_ENC)
@echo $(LIBOBJ) > lib @echo $(LIBOBJ) > lib
files: files:

6
fips-1.0/des/Makefile
View File

@@ -18,8 +18,6 @@ AR= ar r
ASFLAGS= $(INCLUDES) $(ASFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG)
AFLAGS= $(ASFLAGS) AFLAGS= $(ASFLAGS)
FIPS_DES_ENC=fips_des_enc.o
CFLAGS= $(INCLUDES) $(CFLAG) CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile GENERAL=Makefile
@@ -27,8 +25,8 @@ TEST= fips_desmovs.c
APPS= APPS=
LIB=$(TOP)/libcrypto.a LIB=$(TOP)/libcrypto.a
LIBSRC=fips_des_enc.c asm/fips-dx86-elf.s fips_des_selftest.c fips_set_key.c LIBSRC=fips_des_selftest.c
LIBOBJ=$(FIPS_DES_ENC) fips_des_selftest.o fips_set_key.o LIBOBJ=fips_des_selftest.o
SRC= $(LIBSRC) SRC= $(LIBSRC)

3
fips-1.0/dsa/fips_dssvs.c
View File

@@ -230,7 +230,6 @@ void sigver()
int n; int n;
char *keyword, *value; char *keyword, *value;
int nmod=0; int nmod=0;
unsigned char hash[20];
DSA_SIG sg, *sig = &sg; DSA_SIG sg, *sig = &sg;
sig->r = NULL; sig->r = NULL;
@@ -266,10 +265,8 @@ void sigver()
} }
else if(!strcmp(keyword,"Msg")) else if(!strcmp(keyword,"Msg"))
{ {
n=hex2bin(value,msg); n=hex2bin(value,msg);
pv("Msg",msg,n); pv("Msg",msg,n);
SHA1(msg,n,hash);
} }
else if(!strcmp(keyword,"Y")) else if(!strcmp(keyword,"Y"))
dsa->pub_key=hex2bn(value); dsa->pub_key=hex2bn(value);

2
fips-1.0/fips_test_suite.c
View File

@@ -190,7 +190,7 @@ static int FIPS_sha1_test()
unsigned char md[SHA_DIGEST_LENGTH]; unsigned char md[SHA_DIGEST_LENGTH];
ERR_clear_error(); ERR_clear_error();
if (!SHA1(str,sizeof(str) - 1,md)) return 0; if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0;
if (memcmp(md,digest,sizeof(md))) if (memcmp(md,digest,sizeof(md)))
return 0; return 0;
return 1; return 1;

11
fips-1.0/sha/Makefile
View File

@@ -28,10 +28,8 @@ APPS=
EXE= fips_standalone_sha1$(EXE_EXT) EXE= fips_standalone_sha1$(EXE_EXT)
LIB=$(TOP)/libcrypto.a LIB=$(TOP)/libcrypto.a
LIBSRC=fips_sha1dgst.c fips_sha1_selftest.c asm/fips-sx86-elf.s \ LIBSRC=fips_sha1_selftest.c
fips_sha256.c fips_sha512.c LIBOBJ=fips_sha1_selftest.o
LIBOBJ=fips_sha1dgst.o fips_sha1_selftest.o $(FIPS_SHA1_ASM_OBJ) \
fips_sha256.o fips_sha512.o
SRC= $(LIBSRC) fips_standalone_sha1.c SRC= $(LIBSRC) fips_standalone_sha1.c
@@ -48,9 +46,10 @@ all: fips_standalone_sha1$(EXE_EXT) lib
lib: $(LIBOBJ) lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib @echo $(LIBOBJ) > lib
fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o fips_sha1dgst.o $(FIPS_SHA1_ASM_OBJ) fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o
FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
$(CC) -o fips_standalone_sha1$(EXE_EXT) $(CFLAGS) \ $(CC) -o fips_standalone_sha1$(EXE_EXT) $(CFLAGS) \
fips_standalone_sha1.o fips_sha1dgst.o $(FIPS_SHA1_ASM_OBJ) fips_standalone_sha1.o ../crypto/sha/sha1dgst.o $$FIPS_SHA_ASM
files: files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

5
fips-1.0/sha/fips_sha1_selftest.c
View File

@@ -50,7 +50,8 @@
#include <string.h> #include <string.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/fips.h> #include <openssl/fips.h>
#include <openssl/fips_sha.h> #include <openssl/evp.h>
#include <openssl/sha.h>
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
static char test[][60]= static char test[][60]=
@@ -83,7 +84,7 @@ int FIPS_selftest_sha1()
{ {
unsigned char md[SHA_DIGEST_LENGTH]; unsigned char md[SHA_DIGEST_LENGTH];
SHA1((unsigned char*)test[n],strlen(test[n]),md); EVP_Digest(test[n],strlen(test[n]),md, NULL, EVP_sha1(), NULL);
if(memcmp(md,ret[n],sizeof md)) if(memcmp(md,ret[n],sizeof md))
{ {
FIPSerr(FIPS_F_FIPS_SELFTEST_SHA,FIPS_R_SELFTEST_FAILED); FIPSerr(FIPS_F_FIPS_SELFTEST_SHA,FIPS_R_SELFTEST_FAILED);