Test suite plus failure if selftest fails.

crypto/des/Makefile.ssl

@@ -158,12 +158,13 @@ cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 cfb64enc.o: cfb64enc.c des_locl.h
-cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
-cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h
+cfb_enc.o: ../../e_os.h ../../include/openssl/crypto.h
+cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cfb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb_enc.o: cfb_enc.c des_locl.h
 des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

crypto/des/set_key.c

@@ -65,6 +65,8 @@
  */
 #include "des_locl.h"
 
+#ifndef OPENSSL_FIPS
+
 OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key);	/* defaults to false */
 
 static const unsigned char odd_parity[256]={
@@ -405,3 +407,5 @@ void des_fixup_key_parity(des_cblock *key)
 	des_set_odd_parity(key);
 	}
 */
+
+#endif /* ndef OPENSSL_FIPS */

crypto/sha/Makefile.ssl

@@ -103,14 +103,8 @@ sha1_one.o: ../../include/openssl/opensslconf.h
 sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 sha1_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 sha1_one.o: ../../include/openssl/symhacks.h sha1_one.c
-sha1dgst.o: ../../fips/fips_locl.h ../../include/openssl/bio.h
-sha1dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-sha1dgst.o: ../../include/openssl/err.h ../../include/openssl/fips.h
-sha1dgst.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-sha1dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-sha1dgst.o: ../../include/openssl/symhacks.h ../md32_common.h sha1dgst.c
-sha1dgst.o: sha_locl.h
+sha1dgst.o: ../../include/openssl/opensslconf.h
+sha1dgst.o: ../../include/openssl/opensslv.h sha1dgst.c
 sha_dgst.o: ../../fips/fips_locl.h ../../include/openssl/bio.h
 sha_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 sha_dgst.o: ../../include/openssl/err.h ../../include/openssl/fips.h

fips/Makefile.ssl

@@ -105,7 +105,14 @@ tests:
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
 	done;
 
-fips_test:
+top_fips_test_suite:
+	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=. TARGET=fips_test_suite sub_target)
+
+fips_test_suite: fips_test_suite.o $(TOP)/libcrypto.a
+	$(CC) $(CFLAGS) -o fips_test_suite fips_test_suite.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
+	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_test_suite || { rm fips_test_suite; false; }
+
+fips_test: top top_fips_test_suite
 	@for i in dsa sha1 aes des ; \
 	do \
 		(cd $$i && echo "making fips_test in fips/$$i..." && make fips_test) \
@@ -186,4 +193,10 @@ fips.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 fips.o: ../include/openssl/sha.h ../include/openssl/stack.h
 fips.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
 fips.o: ../include/openssl/ui_compat.h fips.c fips_locl.h
-fips_err_wrapper.o: ../include/openssl/opensslconf.h fips_err_wrapper.c
+fips_err_wrapper.o: ../include/openssl/bio.h ../include/openssl/crypto.h
+fips_err_wrapper.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+fips_err_wrapper.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+fips_err_wrapper.o: ../include/openssl/opensslconf.h
+fips_err_wrapper.o: ../include/openssl/opensslv.h
+fips_err_wrapper.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+fips_err_wrapper.o: ../include/openssl/symhacks.h fips_err.h fips_err_wrapper.c

fips/aes/Makefile.ssl

@@ -98,6 +98,7 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
 fips_aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+fips_aes_core.o: ../../include/openssl/fips.h
 fips_aes_core.o: ../../include/openssl/opensslconf.h fips_aes_core.c
 fips_aes_core.o: fips_aes_locl.h
 fips_aes_selftest.o: ../../include/openssl/aes.h ../../include/openssl/bio.h

fips/aes/fingerprint.sha1

@@ -1,3 +1,3 @@
-SHA1(fips_aes_core.c)= 638c2707398fea4181243b0d7a2d6acd33084659
+SHA1(fips_aes_core.c)= 4cad001926dce3593181541ea19207256593171a
 SHA1(fips_aes_selftest.c)= b41f520aa90f813de815ee77ade4e7c73ef147b0
 SHA1(fips_aes_locl.h)= a3c01d9a4f9d5211e9e785852f6f1a2febfd73b6

fips/aes/fips_aes_core.c

@@ -38,6 +38,7 @@
 #include <stdlib.h>
 #include <openssl/aes.h>
 #include "fips_aes_locl.h"
+#include <openssl/fips.h>
 
 #ifdef OPENSSL_FIPS
 
@@ -737,6 +738,8 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 		return -1;
 	if (bits != 128 && bits != 192 && bits != 256)
 		return -2;
+	if(FIPS_selftest_fail)
+		return -3;
 
 	rk = key->rd_key;
 

fips/des/Makefile.ssl

@@ -23,8 +23,8 @@ TEST= fips_desmovs.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_des_enc.c fips_des_selftest.c
-LIBOBJ=fips_des_enc.o fips_des_selftest.o
+LIBSRC=fips_des_enc.c fips_des_selftest.c fips_set_key.c
+LIBOBJ=fips_des_enc.o fips_des_selftest.o fips_set_key.o
 
 SRC= $(LIBSRC)
 
@@ -104,7 +104,7 @@ clean:
 
 fips_des_enc.o: ../../e_os.h ../../include/openssl/crypto.h
 fips_des_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-fips_des_enc.o: ../../include/openssl/e_os2.h
+fips_des_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
 fips_des_enc.o: ../../include/openssl/opensslconf.h
 fips_des_enc.o: ../../include/openssl/opensslv.h
 fips_des_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
@@ -144,3 +144,12 @@ fips_desmovs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 fips_desmovs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 fips_desmovs.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 fips_desmovs.o: fips_desmovs.c
+fips_set_key.o: ../../e_os.h ../../include/openssl/crypto.h
+fips_set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+fips_set_key.o: ../../include/openssl/e_os2.h
+fips_set_key.o: ../../include/openssl/opensslconf.h
+fips_set_key.o: ../../include/openssl/opensslv.h
+fips_set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_set_key.o: ../../include/openssl/ui_compat.h ../fips.h fips_des_locl.h
+fips_set_key.o: fips_set_key.c

fips/des/fingerprint.sha1

@@ -1,3 +1,4 @@
-SHA1(fips_des_enc.c)= 75389f527cc456178e6a2e35f82bf49f98fe3e90
+SHA1(fips_des_enc.c)= 41388beadcafe125a8025968ff91b7dc60b96c49
 SHA1(fips_des_selftest.c)= d81ee4db762d89cca749138a99100d342f195665
+SHA1(fips_set_key.c)= 1e3dc1e0d02f0ab4d8fdd5e1f4db284cad1510f4
 SHA1(fips_des_locl.h)= a4cf60ca32476a2483b3e4460ec9a19c0444fd20

fips/des/fips_des_enc.c

@@ -57,6 +57,7 @@
  */
 
 #include "fips_des_locl.h"
+#include <openssl/fips.h>
 
 #ifdef OPENSSL_FIPS
 
@@ -71,6 +72,12 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
 #endif
 	register DES_LONG *s;
 
+	if(FIPS_selftest_fail)
+	    {
+	    data[0]=data[1]=0;
+	    return;
+	    }
+
 	r=data[0];
 	l=data[1];
 
@@ -169,6 +176,12 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
 #endif
 	register DES_LONG *s;
 
+	if(FIPS_selftest_fail)
+	    {
+	    data[0]=data[1]=0;
+	    return;
+	    }
+
 	r=data[0];
 	l=data[1];
 

fips/des/fips_set_key.c

@@ -0,0 +1,415 @@
+/* crypto/des/set_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ */
+#include "fips_des_locl.h"
+#include "../fips.h"
+
+#ifdef OPENSSL_FIPS
+
+OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key);	/* defaults to false */
+
+static const unsigned char odd_parity[256]={
+  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
+ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+ 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
+112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
+128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
+145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
+161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
+176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
+193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
+208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
+224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
+241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
+
+void DES_set_odd_parity(DES_cblock *key)
+	{
+	int i;
+
+	for (i=0; i<DES_KEY_SZ; i++)
+		(*key)[i]=odd_parity[(*key)[i]];
+	}
+
+int DES_check_key_parity(const_DES_cblock *key)
+	{
+	int i;
+
+	for (i=0; i<DES_KEY_SZ; i++)
+		{
+		if ((*key)[i] != odd_parity[(*key)[i]])
+			return(0);
+		}
+	return(1);
+	}
+
+/* Weak and semi week keys as take from
+ * %A D.W. Davies
+ * %A W.L. Price
+ * %T Security for Computer Networks
+ * %I John Wiley & Sons
+ * %D 1984
+ * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
+ * (and actual cblock values).
+ */
+#define NUM_WEAK_KEY	16
+static DES_cblock weak_keys[NUM_WEAK_KEY]={
+	/* weak keys */
+	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+	{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
+	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+	{0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},
+	/* semi-weak keys */
+	{0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
+	{0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
+	{0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
+	{0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
+	{0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
+	{0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
+	{0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
+	{0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
+	{0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
+	{0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
+	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+	{0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
+
+int DES_is_weak_key(const_DES_cblock *key)
+	{
+	int i;
+
+	for (i=0; i<NUM_WEAK_KEY; i++)
+		/* Added == 0 to comparison, I obviously don't run
+		 * this section very often :-(, thanks to
+		 * engineering@MorningStar.Com for the fix
+		 * eay 93/06/29
+		 * Another problem, I was comparing only the first 4
+		 * bytes, 97/03/18 */
+		if (memcmp(weak_keys[i],key,sizeof(DES_cblock)) == 0) return(1);
+	return(0);
+	}
+
+/* NOW DEFINED IN des_local.h
+ * See ecb_encrypt.c for a pseudo description of these macros. 
+ * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+ * 	(b)^=(t),\
+ * 	(a)=((a)^((t)<<(n))))
+ */
+
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+	(a)=(a)^(t)^(t>>(16-(n))))
+
+static const DES_LONG des_skb[8][64]={
+	{
+	/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+	0x00000000L,0x00000010L,0x20000000L,0x20000010L,
+	0x00010000L,0x00010010L,0x20010000L,0x20010010L,
+	0x00000800L,0x00000810L,0x20000800L,0x20000810L,
+	0x00010800L,0x00010810L,0x20010800L,0x20010810L,
+	0x00000020L,0x00000030L,0x20000020L,0x20000030L,
+	0x00010020L,0x00010030L,0x20010020L,0x20010030L,
+	0x00000820L,0x00000830L,0x20000820L,0x20000830L,
+	0x00010820L,0x00010830L,0x20010820L,0x20010830L,
+	0x00080000L,0x00080010L,0x20080000L,0x20080010L,
+	0x00090000L,0x00090010L,0x20090000L,0x20090010L,
+	0x00080800L,0x00080810L,0x20080800L,0x20080810L,
+	0x00090800L,0x00090810L,0x20090800L,0x20090810L,
+	0x00080020L,0x00080030L,0x20080020L,0x20080030L,
+	0x00090020L,0x00090030L,0x20090020L,0x20090030L,
+	0x00080820L,0x00080830L,0x20080820L,0x20080830L,
+	0x00090820L,0x00090830L,0x20090820L,0x20090830L,
+	},{
+	/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+	0x00000000L,0x02000000L,0x00002000L,0x02002000L,
+	0x00200000L,0x02200000L,0x00202000L,0x02202000L,
+	0x00000004L,0x02000004L,0x00002004L,0x02002004L,
+	0x00200004L,0x02200004L,0x00202004L,0x02202004L,
+	0x00000400L,0x02000400L,0x00002400L,0x02002400L,
+	0x00200400L,0x02200400L,0x00202400L,0x02202400L,
+	0x00000404L,0x02000404L,0x00002404L,0x02002404L,
+	0x00200404L,0x02200404L,0x00202404L,0x02202404L,
+	0x10000000L,0x12000000L,0x10002000L,0x12002000L,
+	0x10200000L,0x12200000L,0x10202000L,0x12202000L,
+	0x10000004L,0x12000004L,0x10002004L,0x12002004L,
+	0x10200004L,0x12200004L,0x10202004L,0x12202004L,
+	0x10000400L,0x12000400L,0x10002400L,0x12002400L,
+	0x10200400L,0x12200400L,0x10202400L,0x12202400L,
+	0x10000404L,0x12000404L,0x10002404L,0x12002404L,
+	0x10200404L,0x12200404L,0x10202404L,0x12202404L,
+	},{
+	/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+	0x00000000L,0x00000001L,0x00040000L,0x00040001L,
+	0x01000000L,0x01000001L,0x01040000L,0x01040001L,
+	0x00000002L,0x00000003L,0x00040002L,0x00040003L,
+	0x01000002L,0x01000003L,0x01040002L,0x01040003L,
+	0x00000200L,0x00000201L,0x00040200L,0x00040201L,
+	0x01000200L,0x01000201L,0x01040200L,0x01040201L,
+	0x00000202L,0x00000203L,0x00040202L,0x00040203L,
+	0x01000202L,0x01000203L,0x01040202L,0x01040203L,
+	0x08000000L,0x08000001L,0x08040000L,0x08040001L,
+	0x09000000L,0x09000001L,0x09040000L,0x09040001L,
+	0x08000002L,0x08000003L,0x08040002L,0x08040003L,
+	0x09000002L,0x09000003L,0x09040002L,0x09040003L,
+	0x08000200L,0x08000201L,0x08040200L,0x08040201L,
+	0x09000200L,0x09000201L,0x09040200L,0x09040201L,
+	0x08000202L,0x08000203L,0x08040202L,0x08040203L,
+	0x09000202L,0x09000203L,0x09040202L,0x09040203L,
+	},{
+	/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+	0x00000000L,0x00100000L,0x00000100L,0x00100100L,
+	0x00000008L,0x00100008L,0x00000108L,0x00100108L,
+	0x00001000L,0x00101000L,0x00001100L,0x00101100L,
+	0x00001008L,0x00101008L,0x00001108L,0x00101108L,
+	0x04000000L,0x04100000L,0x04000100L,0x04100100L,
+	0x04000008L,0x04100008L,0x04000108L,0x04100108L,
+	0x04001000L,0x04101000L,0x04001100L,0x04101100L,
+	0x04001008L,0x04101008L,0x04001108L,0x04101108L,
+	0x00020000L,0x00120000L,0x00020100L,0x00120100L,
+	0x00020008L,0x00120008L,0x00020108L,0x00120108L,
+	0x00021000L,0x00121000L,0x00021100L,0x00121100L,
+	0x00021008L,0x00121008L,0x00021108L,0x00121108L,
+	0x04020000L,0x04120000L,0x04020100L,0x04120100L,
+	0x04020008L,0x04120008L,0x04020108L,0x04120108L,
+	0x04021000L,0x04121000L,0x04021100L,0x04121100L,
+	0x04021008L,0x04121008L,0x04021108L,0x04121108L,
+	},{
+	/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+	0x00000000L,0x10000000L,0x00010000L,0x10010000L,
+	0x00000004L,0x10000004L,0x00010004L,0x10010004L,
+	0x20000000L,0x30000000L,0x20010000L,0x30010000L,
+	0x20000004L,0x30000004L,0x20010004L,0x30010004L,
+	0x00100000L,0x10100000L,0x00110000L,0x10110000L,
+	0x00100004L,0x10100004L,0x00110004L,0x10110004L,
+	0x20100000L,0x30100000L,0x20110000L,0x30110000L,
+	0x20100004L,0x30100004L,0x20110004L,0x30110004L,
+	0x00001000L,0x10001000L,0x00011000L,0x10011000L,
+	0x00001004L,0x10001004L,0x00011004L,0x10011004L,
+	0x20001000L,0x30001000L,0x20011000L,0x30011000L,
+	0x20001004L,0x30001004L,0x20011004L,0x30011004L,
+	0x00101000L,0x10101000L,0x00111000L,0x10111000L,
+	0x00101004L,0x10101004L,0x00111004L,0x10111004L,
+	0x20101000L,0x30101000L,0x20111000L,0x30111000L,
+	0x20101004L,0x30101004L,0x20111004L,0x30111004L,
+	},{
+	/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+	0x00000000L,0x08000000L,0x00000008L,0x08000008L,
+	0x00000400L,0x08000400L,0x00000408L,0x08000408L,
+	0x00020000L,0x08020000L,0x00020008L,0x08020008L,
+	0x00020400L,0x08020400L,0x00020408L,0x08020408L,
+	0x00000001L,0x08000001L,0x00000009L,0x08000009L,
+	0x00000401L,0x08000401L,0x00000409L,0x08000409L,
+	0x00020001L,0x08020001L,0x00020009L,0x08020009L,
+	0x00020401L,0x08020401L,0x00020409L,0x08020409L,
+	0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
+	0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
+	0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
+	0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
+	0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
+	0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
+	0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
+	0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
+	},{
+	/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+	0x00000000L,0x00000100L,0x00080000L,0x00080100L,
+	0x01000000L,0x01000100L,0x01080000L,0x01080100L,
+	0x00000010L,0x00000110L,0x00080010L,0x00080110L,
+	0x01000010L,0x01000110L,0x01080010L,0x01080110L,
+	0x00200000L,0x00200100L,0x00280000L,0x00280100L,
+	0x01200000L,0x01200100L,0x01280000L,0x01280100L,
+	0x00200010L,0x00200110L,0x00280010L,0x00280110L,
+	0x01200010L,0x01200110L,0x01280010L,0x01280110L,
+	0x00000200L,0x00000300L,0x00080200L,0x00080300L,
+	0x01000200L,0x01000300L,0x01080200L,0x01080300L,
+	0x00000210L,0x00000310L,0x00080210L,0x00080310L,
+	0x01000210L,0x01000310L,0x01080210L,0x01080310L,
+	0x00200200L,0x00200300L,0x00280200L,0x00280300L,
+	0x01200200L,0x01200300L,0x01280200L,0x01280300L,
+	0x00200210L,0x00200310L,0x00280210L,0x00280310L,
+	0x01200210L,0x01200310L,0x01280210L,0x01280310L,
+	},{
+	/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+	0x00000000L,0x04000000L,0x00040000L,0x04040000L,
+	0x00000002L,0x04000002L,0x00040002L,0x04040002L,
+	0x00002000L,0x04002000L,0x00042000L,0x04042000L,
+	0x00002002L,0x04002002L,0x00042002L,0x04042002L,
+	0x00000020L,0x04000020L,0x00040020L,0x04040020L,
+	0x00000022L,0x04000022L,0x00040022L,0x04040022L,
+	0x00002020L,0x04002020L,0x00042020L,0x04042020L,
+	0x00002022L,0x04002022L,0x00042022L,0x04042022L,
+	0x00000800L,0x04000800L,0x00040800L,0x04040800L,
+	0x00000802L,0x04000802L,0x00040802L,0x04040802L,
+	0x00002800L,0x04002800L,0x00042800L,0x04042800L,
+	0x00002802L,0x04002802L,0x00042802L,0x04042802L,
+	0x00000820L,0x04000820L,0x00040820L,0x04040820L,
+	0x00000822L,0x04000822L,0x00040822L,0x04040822L,
+	0x00002820L,0x04002820L,0x00042820L,0x04042820L,
+	0x00002822L,0x04002822L,0x00042822L,0x04042822L,
+	}};
+
+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
+	{
+	if (DES_check_key)
+		{
+		return DES_set_key_checked(key, schedule);
+		}
+	else
+		{
+		DES_set_key_unchecked(key, schedule);
+		return 0;
+		}
+	}
+
+/* return 0 if key parity is odd (correct),
+ * return -1 if key parity error,
+ * return -2 if illegal weak key.
+ */
+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
+	{
+	if (!DES_check_key_parity(key))
+		return(-1);
+	if (DES_is_weak_key(key))
+		return(-2);
+	if (FIPS_selftest_fail)
+		return -3;
+
+	DES_set_key_unchecked(key, schedule);
+	return 0;
+	}
+
+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
+	{
+	static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
+	register DES_LONG c,d,t,s,t2;
+	register const unsigned char *in;
+	register DES_LONG *k;
+	register int i;
+
+#ifdef OPENBSD_DEV_CRYPTO
+	memcpy(schedule->key,key,sizeof schedule->key);
+	schedule->session=NULL;
+#endif
+	k = &schedule->ks->deslong[0];
+	in = &(*key)[0];
+
+	c2l(in,c);
+	c2l(in,d);
+
+	/* do PC1 in 47 simple operations :-)
+	 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+	 * for the inspiration. :-) */
+	PERM_OP (d,c,t,4,0x0f0f0f0fL);
+	HPERM_OP(c,t,-2,0xcccc0000L);
+	HPERM_OP(d,t,-2,0xcccc0000L);
+	PERM_OP (d,c,t,1,0x55555555L);
+	PERM_OP (c,d,t,8,0x00ff00ffL);
+	PERM_OP (d,c,t,1,0x55555555L);
+	d=	(((d&0x000000ffL)<<16L)| (d&0x0000ff00L)     |
+		 ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));
+	c&=0x0fffffffL;
+
+	for (i=0; i<ITERATIONS; i++)
+		{
+		if (shifts2[i])
+			{ c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }
+		else
+			{ c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }
+		c&=0x0fffffffL;
+		d&=0x0fffffffL;
+		/* could be a few less shifts but I am to lazy at this
+		 * point in time to investigate */
+		s=	des_skb[0][ (c    )&0x3f                ]|
+			des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]|
+			des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]|
+			des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) |
+						  ((c>>22L)&0x38)];
+		t=	des_skb[4][ (d    )&0x3f                ]|
+			des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
+			des_skb[6][ (d>>15L)&0x3f                ]|
+			des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
+
+		/* table contained 0213 4657 */
+		t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;
+		*(k++)=ROTATE(t2,30)&0xffffffffL;
+
+		t2=((s>>16L)|(t&0xffff0000L));
+		*(k++)=ROTATE(t2,26)&0xffffffffL;
+		}
+	}
+
+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
+	{
+	return(DES_set_key(key,schedule));
+	}
+/*
+#undef des_fixup_key_parity
+void des_fixup_key_parity(des_cblock *key)
+	{
+	des_set_odd_parity(key);
+	}
+*/
+
+#endif /* def OPENSSL_FIPS */

fips/dsa/Makefile.ssl

@@ -103,10 +103,12 @@ fips_dsa_gen.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
 fips_dsa_gen.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 fips_dsa_gen.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
 fips_dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-fips_dsa_gen.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-fips_dsa_gen.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-fips_dsa_gen.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-fips_dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/idea.h
+fips_dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+fips_dsa_gen.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+fips_dsa_gen.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+fips_dsa_gen.o: ../../include/openssl/objects.h
 fips_dsa_gen.o: ../../include/openssl/opensslconf.h
 fips_dsa_gen.o: ../../include/openssl/opensslv.h
 fips_dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h

fips/dsa/fingerprint.sha1

@@ -1,3 +1,3 @@
-SHA1(fips_dsa_ossl.c)= 7902d159932771d749ecba2ebf78995240356990
-SHA1(fips_dsa_gen.c)= 37549c7769084e9989a3a26f7732557d3b691812
+SHA1(fips_dsa_ossl.c)= 592cd23f6e63bc08b9c960014d52aad05594f913
+SHA1(fips_dsa_gen.c)= 87e185e25c1d606922651ea264470cb93c04e6a8
 SHA1(fips_dsa_selftest.c)= d638e2d13912befe42e0ed6efa8a27719b6689d5

fips/dsa/fips_dsa_gen.c

@@ -83,6 +83,8 @@
 #endif
 #ifndef OPENSSL_NO_SHA
 #include <openssl/sha.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
 
 #ifdef OPENSSL_FIPS
 
@@ -107,6 +109,13 @@ DSA *DSA_generate_parameters(int bits,
 	DSA *ret=NULL;
 	unsigned char *seed_out=seed_in;
 
+	if(FIPS_selftest_fail)
+	    {
+	    FIPSerr(FIPS_F_DSA_GENERATE_PARAMETERS,
+		    FIPS_R_FIPS_SELFTEST_FAILED);
+	    goto err;
+	    }
+
 	if (bits < 512) bits=512;
 	bits=(bits+63)/64*64;
 

fips/dsa/fips_dsa_ossl.c

@@ -125,6 +125,12 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	int i,reason=ERR_R_BN_LIB;
 	DSA_SIG *ret=NULL;
 
+	if(FIPS_selftest_fail)
+	    {
+	    FIPSerr(FIPS_F_DSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
+	    return NULL;
+	    }
+
 	BN_init(&m);
 	BN_init(&xr);
 
@@ -258,12 +264,19 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 	BIGNUM u1,u2,t1;
 	BN_MONT_CTX *mont=NULL;
 	int ret = -1;
+
 	if (!dsa->p || !dsa->q || !dsa->g)
 		{
 		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
 		return -1;
 		}
 
+	if(FIPS_selftest_fail)
+	    {
+	    FIPSerr(FIPS_F_DSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
+	    return -1;
+	    }
+
 	BN_init(&u1);
 	BN_init(&u2);
 	BN_init(&t1);

fips/fingerprint.sha1

@@ -1,4 +1,4 @@
-SHA1(fips.c)= 6331570426ef9f1cd6622c3ae7f6db7326c8809c
+SHA1(fips.c)= 3ce5c4660e56e1a1c1ef177f3536b3098bb65290
 SHA1(fips_err_wrapper.c)= ad4a2ffa18743c83827de398c811eb6124ba0b27
-SHA1(fips.h)= cef56e132e951f416f598141e9b71f54a080b0b7
-SHA1(fips_err.h)= d56d682b246db2aa10cd51de8659bd06b1be78d9
+SHA1(fips.h)= a664b76451ff3d3674e7c79b6d56d547ffb9e5be
+SHA1(fips_err.h)= 54f9f9931fdef839dcfbf7807a1977199ad4b4f1

fips/fips.c

@@ -60,6 +60,7 @@
 #ifdef OPENSSL_FIPS
 
 int FIPS_md5_allowed;
+int FIPS_selftest_fail;
 
 int FIPS_selftest()
     {
@@ -124,13 +125,22 @@ int FIPS_mode_set(int onoff,const char *path)
 	{
 	unsigned char buf[24];
 
+	FIPS_selftest_fail=0;
+
 	/* Don't go into FIPS mode twice, just so we can do automagic
 	   seeding */
 	if(FIPS_mode)
+	    {
 	    FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET);
+	    FIPS_selftest_fail=1;
+	    return 0;
+	    }
 
 	if(!FIPS_check_exe(path))
+	    {
+	    FIPS_selftest_fail=1;
 	    return 0;
+	    }
 
 	/* automagically seed PRNG if not already seeded */
 	if(!FIPS_rand_seeded())
@@ -143,10 +153,17 @@ int FIPS_mode_set(int onoff,const char *path)
 	/* now switch into FIPS mode */
 	FIPS_rand_check=&rand_fips_meth;
 	RAND_set_rand_method(&rand_fips_meth);
-	FIPS_mode=onoff;
-	return FIPS_selftest();
+	if(FIPS_selftest())
+	    FIPS_mode=1;
+	else
+	    {
+	    FIPS_selftest_fail=1;
+	    return 0;
+	    }
+	return 1;
 	}
-    FIPS_mode=onoff;
+    FIPS_mode=0;
+    FIPS_selftest_fail=0;
     return 1;
     }
 
@@ -160,6 +177,7 @@ void FIPS_allow_md5(int onoff)
 static void dummy()
     {
     FIPSerr(FIPS_F_HASH_FINAL,FIPS_F_NON_FIPS_METHOD);
+    FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_FIPS_SELFTEST_FAILED);
     }
 #endif
 

fips/fips.h

@@ -54,6 +54,7 @@
  * available even without -lfips.
  */
 extern int FIPS_mode;
+extern int FIPS_selftest_fail;
 extern void *FIPS_rand_check;
 struct dsa_st;
 
@@ -79,6 +80,9 @@ void ERR_load_FIPS_strings(void);
 /* Error codes for the FIPS functions. */
 
 /* Function codes. */
+#define FIPS_F_DSA_DO_SIGN				 111
+#define FIPS_F_DSA_DO_VERIFY				 112
+#define FIPS_F_DSA_GENERATE_PARAMETERS			 110
 #define FIPS_F_FIPS_CHECK_EXE				 106
 #define FIPS_F_FIPS_DSA_CHECK				 102
 #define FIPS_F_FIPS_MODE_SET				 105
@@ -88,6 +92,8 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_F_FIPS_SELFTEST_RSA			 108
 #define FIPS_F_FIPS_SELFTEST_SHA1			 103
 #define FIPS_F_HASH_FINAL				 100
+#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT			 114
+#define FIPS_F_RSA_GENERATE_KEY				 113
 #define FIPS_F_SSLEAY_RAND_BYTES			 101
 
 /* Reason codes. */
@@ -95,6 +101,7 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_R_CANNOT_READ_EXE_DIGEST			 104
 #define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH		 105
 #define FIPS_R_FIPS_MODE_ALREADY_SET			 102
+#define FIPS_R_FIPS_SELFTEST_FAILED			 106
 #define FIPS_R_NON_FIPS_METHOD				 100
 #define FIPS_R_SELFTEST_FAILED				 101
 

fips/fips_err.h

@@ -66,15 +66,20 @@
 #ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA FIPS_str_functs[]=
 	{
+{ERR_PACK(0,FIPS_F_DSA_DO_SIGN,0),	"DSA_do_sign"},
+{ERR_PACK(0,FIPS_F_DSA_DO_VERIFY,0),	"DSA_do_verify"},
+{ERR_PACK(0,FIPS_F_DSA_GENERATE_PARAMETERS,0),	"DSA_generate_parameters"},
 {ERR_PACK(0,FIPS_F_FIPS_CHECK_EXE,0),	"FIPS_CHECK_EXE"},
 {ERR_PACK(0,FIPS_F_FIPS_DSA_CHECK,0),	"FIPS_dsa_check"},
 {ERR_PACK(0,FIPS_F_FIPS_MODE_SET,0),	"FIPS_mode_set"},
 {ERR_PACK(0,FIPS_F_FIPS_SELFTEST_AES,0),	"FIPS_selftest_aes"},
 {ERR_PACK(0,FIPS_F_FIPS_SELFTEST_DES,0),	"FIPS_selftest_des"},
-{ERR_PACK(0,FIPS_F_FIPS_SELFTEST_DSA,0),	"FIPS_SELFTEST_DSA"},
+{ERR_PACK(0,FIPS_F_FIPS_SELFTEST_DSA,0),	"FIPS_selftest_dsa"},
 {ERR_PACK(0,FIPS_F_FIPS_SELFTEST_RSA,0),	"FIPS_selftest_rsa"},
 {ERR_PACK(0,FIPS_F_FIPS_SELFTEST_SHA1,0),	"FIPS_selftest_sha1"},
 {ERR_PACK(0,FIPS_F_HASH_FINAL,0),	"HASH_FINAL"},
+{ERR_PACK(0,FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,0),	"RSA_EAY_PUBLIC_ENCRYPT"},
+{ERR_PACK(0,FIPS_F_RSA_GENERATE_KEY,0),	"RSA_generate_key"},
 {ERR_PACK(0,FIPS_F_SSLEAY_RAND_BYTES,0),	"SSLEAY_RAND_BYTES"},
 {0,NULL}
 	};
@@ -85,6 +90,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
 {FIPS_R_CANNOT_READ_EXE_DIGEST           ,"cannot read exe digest"},
 {FIPS_R_EXE_DIGEST_DOES_NOT_MATCH        ,"exe digest does not match"},
 {FIPS_R_FIPS_MODE_ALREADY_SET            ,"fips mode already set"},
+{FIPS_R_FIPS_SELFTEST_FAILED             ,"fips selftest failed"},
 {FIPS_R_NON_FIPS_METHOD                  ,"non fips method"},
 {FIPS_R_SELFTEST_FAILED                  ,"selftest failed"},
 {0,NULL}

fips/fips_make_sha1

@@ -21,7 +21,7 @@ cd ../dsa
 $S fips_dsa_ossl.c fips_dsa_gen.c fips_dsa_selftest.c > fingerprint.sha1
 
 cd ../des
-$S fips_des_enc.c fips_des_selftest.c fips_des_locl.h > fingerprint.sha1
+$S fips_des_enc.c fips_des_selftest.c fips_set_key.c fips_des_locl.h > fingerprint.sha1
 
 cd ../rsa
 $S fips_rsa_eay.c fips_rsa_gen.c fips_rsa_selftest.c > fingerprint.sha1

fips/fips_test_suite.c

@@ -0,0 +1,211 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ *
+ * This command is intended as a test driver for the FIPS-140 testing
+ * lab performing FIPS-140 validation.  It demonstrates the use of the
+ * OpenSSL library ito perform a variety of common cryptographic
+ * functions.  A power-up self test is demonstrated by deliberately
+ * pointing to an invalid executable hash
+ *
+ * Contributed by Steve Marquess.
+ *
+ */
+#include <stdio.h>
+#include <assert.h>
+#include <ctype.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/aes.h>
+#include <openssl/des.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/sha.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+
+#ifndef OPENSSL_FIPS
+int main(int argc, char *argv[])
+    {
+    printf("No FIPS support\n");
+    return(0);
+    }
+#else
+
+/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
+*/
+static int FIPS_aes_test()
+    {
+    unsigned char userkey[16] = { 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xf0, 0x0d };
+    unsigned char plaintext[16] = "etaonrishdlcu";
+    unsigned char ciphertext[16];
+    unsigned char buf[16];
+    AES_KEY key;
+    AES_KEY dkey;
+
+    if (AES_set_encrypt_key( userkey, 128, &key ))
+	return 0;
+    AES_encrypt( plaintext, ciphertext, &key);
+    AES_set_decrypt_key( userkey, 128, &dkey );
+    AES_decrypt( ciphertext, buf, &dkey);
+    if (memcmp(buf, plaintext, sizeof(buf)))
+        return 0;
+    return 1;
+
+    }
+
+/* DES: encrypt and decrypt known plaintext, verify result matches original plaintext
+*/
+static int FIPS_des_test()
+    {
+    DES_cblock userkey = { 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xf0, 0x0d };
+    DES_cblock plaintext = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
+
+    DES_key_schedule key;
+    DES_cblock ciphertext;
+    DES_cblock buf;
+
+    DES_set_key(&userkey, &key);
+    DES_ecb_encrypt( &plaintext, &ciphertext, &key, 1);
+    DES_ecb_encrypt( &ciphertext, &buf, &key, 0);
+    if (memcmp(buf, plaintext, sizeof(buf)))
+        return 0;
+    return 1;
+    }
+
+/* DSA: generate key and sign a known digest, then verify the signature
+ * against the digest
+*/
+static int FIPS_dsa_test()
+    {
+    DSA *dsa = NULL;
+    unsigned char dgst[] = "etaonrishdlc";
+    unsigned char sig[256];
+    unsigned int siglen;
+
+    dsa = DSA_generate_parameters(512,NULL,0,NULL,NULL,NULL,NULL);
+    if (!dsa)
+	return 0;
+    DSA_generate_key(dsa);
+    if ( DSA_sign(0,dgst,strlen(dgst),sig,&siglen,dsa) != 1 )
+	return 0;
+    if ( DSA_verify(0,dgst,strlen(dgst),sig,siglen,dsa) != 1 )
+	return 0;
+    DSA_free(dsa);
+    return 1;
+    }
+
+/* RSA: generate keys and encrypt and decrypt known plaintext, verify result
+ * matches the original plaintext
+*/
+static int FIPS_rsa_test()
+    {
+    RSA *key;
+    unsigned char input_ptext[] = "etaonrishdlc";
+    unsigned char ctext[256];
+    unsigned char ptext[256];
+    int n;
+
+    key = RSA_generate_key(1024,65537,NULL,NULL);
+    if (!key)
+	return 0;
+    n = RSA_size(key);
+    n = RSA_public_encrypt(strlen(input_ptext),input_ptext,ctext,key,RSA_PKCS1_PADDING);
+    if (n < 0)
+	return 0;
+    n = RSA_private_decrypt(n,ctext,ptext,key,RSA_PKCS1_PADDING);
+    if (n < 0)
+	return 0;
+    RSA_free(key);
+    if (memcmp(input_ptext,ptext,strlen(input_ptext)))
+        return 0;
+    return 1;
+    }
+
+/* SHA1: generate hash of known digest value and compate to known precomputed correct hash
+*/
+static int FIPS_sha1_test()
+    {
+    unsigned char digest[SHA_DIGEST_LENGTH] =
+        { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
+    char str[] = "etaonrishd";
+
+    unsigned char md[SHA_DIGEST_LENGTH];
+
+    if (!SHA1(str,strlen(str),md)) return 0;
+    if (memcmp(md,digest,sizeof(md)))
+        return 0;
+    return 1;
+    }
+
+static int Error;
+const char * Fail(const char *msg)
+    {
+    Error++;
+    return msg; 
+    }
+
+int main(int argc,char **argv)
+    {
+
+    printf("\tFIPS-mode test application\n\n");
+
+    /* Power-up self test failure
+    */
+    printf("1. Automatic power-up self test...");
+    printf( FIPS_mode_set(1,"/dev/null") ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" );
+
+    /* Algorithm call when uninitialized failure
+    */
+    printf("\ta. AES API failure on failed power-up self test...");
+    printf( FIPS_aes_test() ? Fail("passed INCORRECTLY!\n") :"failed as expected\n" );
+    printf("\tb. RSA API failure on failed power-up self test...");
+    printf( FIPS_rsa_test() ? Fail("passed INCORRECTLY!\n") :  "failed as expected\n" );
+    printf("\tc. DES API failure on failed power-up self test...");
+    printf( FIPS_des_test() ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" );
+    printf("\td. DSA API failure on failed power-up self test...");
+    printf( FIPS_dsa_test() ? Fail("passed INCORRECTLY!\n") :  "failed as expected\n" );
+    printf("\te. SHA1 API failure on failed power-up self test...");
+    printf( FIPS_sha1_test() ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" );
+
+    /* Power-up self test retry
+    */
+    printf("2. Automatic power-up self test retry...");
+    if(!FIPS_mode_set(1,argv[0]))
+	{
+	ERR_load_crypto_strings();
+	ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+        printf(Fail("FAILED!\n"));
+	exit(1);
+	}
+    printf("successful\n");
+
+    /* AES encryption/decryption
+    */
+    printf("3. AES encryption/decryption...");
+    printf( FIPS_aes_test() ? "successful\n" :  Fail("FAILED!\n") );
+
+    /* RSA key generation and encryption/decryption
+    */
+    printf("4. RSA key generation and encryption/decryption...");
+    printf( FIPS_rsa_test() ? "successful\n" :  Fail("FAILED!\n") );
+
+    /* DES-CBC encryption/decryption
+    */
+    printf("5. DES-ECB encryption/decryption...");
+    printf( FIPS_des_test() ? "successful\n" :  Fail("FAILED!\n") );
+
+    /* DSA key generation and signature validation
+    */
+    printf("6. DSA key generation and signature validation...");
+    printf( FIPS_dsa_test() ? "successful\n" :  Fail("FAILED!\n") );
+
+    /* SHA-1 hash
+    */
+    printf("7. SHA-1 hash...");
+    printf( FIPS_sha1_test() ? "successful\n" :  Fail("FAILED!\n") );
+
+    printf("\nAll tests completed with %d errors\n", Error);
+    return 0;
+    }
+#endif

fips/rand/fingerprint.sha1

@@ -1,2 +1,2 @@
-SHA1(fips_rand.c)= 76d532a78471404825bb7b718307dcc7cdfbf30f
+SHA1(fips_rand.c)= 2c86af552515bd1f58b3011d1958ea975afaa816
 SHA1(fips_rand.h)= da5ee76588070c97d47c939d069d250a1476a080

fips/rsa/Makefile.ssl

@@ -84,7 +84,7 @@ clean:
 fips_rsa_eay.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 fips_rsa_eay.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
 fips_rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_rsa_eay.o: ../../include/openssl/lhash.h
+fips_rsa_eay.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 fips_rsa_eay.o: ../../include/openssl/opensslconf.h
 fips_rsa_eay.o: ../../include/openssl/opensslv.h
 fips_rsa_eay.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
@@ -94,7 +94,7 @@ fips_rsa_eay.o: fips_rsa_eay.c
 fips_rsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 fips_rsa_gen.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
 fips_rsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_rsa_gen.o: ../../include/openssl/lhash.h
+fips_rsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 fips_rsa_gen.o: ../../include/openssl/opensslconf.h
 fips_rsa_gen.o: ../../include/openssl/opensslv.h
 fips_rsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h

fips/rsa/fingerprint.sha1

@@ -1,3 +1,3 @@
-SHA1(fips_rsa_eay.c)= 945cac757aecfad5a3c6bfcd4db7c384e51342f5
-SHA1(fips_rsa_gen.c)= 4367cb3840db0df5b50846a198c33911c28ab2f4
+SHA1(fips_rsa_eay.c)= eacbcc656f1f046509abb9cc0207880b58ae8b90
+SHA1(fips_rsa_gen.c)= bfc4d7204f714a354a2e652318c5e82518441427
 SHA1(fips_rsa_selftest.c)= f0a9683b29b3e231067f840424727413e811cbfc

fips/rsa/fips_rsa_eay.c

@@ -61,6 +61,7 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
+#include <openssl/fips.h>
 
 #if !defined(RSA_NULL) && defined(OPENSSL_FIPS)
 
@@ -106,6 +107,13 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
 
 	BN_init(&f);
 	BN_init(&ret);
+
+	if(FIPS_selftest_fail)
+		{
+		FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
+		goto err;
+		}
+
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
 	num=BN_num_bytes(rsa->n);
 	if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)

fips/rsa/fips_rsa_gen.c

@@ -61,6 +61,7 @@
 #include <openssl/err.h>
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
+#include <openssl/fips.h>
 
 #ifdef OPENSSL_FIPS
 
@@ -72,6 +73,12 @@ RSA *RSA_generate_key(int bits, unsigned long e_value,
 	int bitsp,bitsq,ok= -1,n=0,i;
 	BN_CTX *ctx=NULL,*ctx2=NULL;
 
+	if(FIPS_selftest_fail)
+	    {
+	    FIPSerr(FIPS_F_RSA_GENERATE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);
+	    return NULL;
+	    }
+	    
 	ctx=BN_CTX_new();
 	if (ctx == NULL) goto err;
 	ctx2=BN_CTX_new();

fips/sha1/Makefile.ssl

@@ -114,8 +114,10 @@ fips_sha1_selftest.o: ../../include/openssl/opensslv.h
 fips_sha1_selftest.o: ../../include/openssl/safestack.h
 fips_sha1_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 fips_sha1_selftest.o: ../../include/openssl/symhacks.h fips_sha1_selftest.c
+fips_sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
 fips_sha1dgst.o: ../../include/openssl/opensslconf.h
-fips_sha1dgst.o: ../../include/openssl/opensslv.h fips_sha1dgst.c
+fips_sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+fips_sha1dgst.o: fips_md32_common.h fips_sha1dgst.c fips_sha_locl.h
 fips_sha1test.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 fips_sha1test.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 fips_sha1test.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h

fips/sha1/fingerprint.sha1

@@ -1,4 +1,4 @@
 SHA1(fips_sha1dgst.c)= c197020b866c1ab32f1e30f5599592e14fcaa925
 SHA1(fips_sha1_selftest.c)= 55fef82fa5f4aec6b1359847fe50555ff77cec49
-SHA1(fips_sha_locl.h)= 677427c495b571991f013939ea7e5dea87828f8c
+SHA1(fips_sha_locl.h)= 623de315f9a7e320a19bce0fad25d4ca1ab085c3
 SHA1(fips_md32_common.h)= 4f41bcde24750b3b8c99a06bcba2fe06ff8db4d0

fips/sha1/fips_sha_locl.h

@@ -61,6 +61,7 @@
 
 #include <openssl/opensslconf.h>
 #include <openssl/sha.h>
+#include <openssl/fips.h>
 
 #ifndef SHA_LONG_LOG2
 #define SHA_LONG_LOG2	2	/* default to 32 bits */
@@ -232,6 +233,9 @@ void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num)
 	SHA_LONG	XX[16];
 #endif
 
+	if(FIPS_selftest_fail)
+	    return;
+
 	A=c->h0;
 	B=c->h1;
 	C=c->h2;
@@ -357,6 +361,9 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num)
 	SHA_LONG	XX[16];
 #endif
 
+	if(FIPS_selftest_fail)
+	    return;
+
 	A=c->h0;
 	B=c->h1;
 	C=c->h2;

fips/sha1/fips_standalone_sha1.c

@@ -52,6 +52,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 
+int FIPS_selftest_fail;
+
 int main(int argc,char **argv)
     {
 #ifdef OPENSSL_FIPS

fips/sha1/standalone.sha1

@@ -1,5 +1,5 @@
 SHA1(fips_sha1dgst.c)= c197020b866c1ab32f1e30f5599592e14fcaa925
 SHA1(fips_sha1_selftest.c)= 55fef82fa5f4aec6b1359847fe50555ff77cec49
-SHA1(fips_standalone_sha1.c)= cee2161ed76a5d5146ae2f2c28012d5764830d7f
-SHA1(fips_sha_locl.h)= 677427c495b571991f013939ea7e5dea87828f8c
+SHA1(fips_standalone_sha1.c)= 77a4d5f4a1b39f186cffc12342cc14eb80664acf
+SHA1(fips_sha_locl.h)= 623de315f9a7e320a19bce0fad25d4ca1ab085c3
 SHA1(fips_md32_common.h)= 4f41bcde24750b3b8c99a06bcba2fe06ff8db4d0