generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove fipscanister from Configure, delete fips directory

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2014-10-18 23:46:00 +01:00
parent 00b4ee7664
commit 78c990c156
87 changed files with 4 additions and 37786 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
Configure
View File

@ -703,8 +703,6 @@ my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
my $cross_compile_prefix="";
my $fipslibdir="/usr/local/ssl/fips-2.0/lib/";
my $nofipscanistercheck=0;
my $fipscanisterinternal="n";
my $fipscanisteronly = 0;
my $baseaddr="0xFB00000";
my $no_threads=0;
my $threads=0;
@ -761,21 +759,6 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental
);
my @experimental = ();
# If ssl directory missing assume truncated FIPS tarball
if (!-d "ssl")
{
print STDERR "Auto Configuring fipsonly\n";
$fips = 1;
$nofipscanistercheck = 1;
$fipslibdir="";
$fipscanisterinternal="y";
$fipscanisteronly = 2;
if (! -f "crypto/bn/bn_gf2m.c" )
{
$disabled{ec2m} = "forced";
}
}
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
@ -925,32 +908,6 @@ PROCESS_ARGS:
$fips = 1;
$nofipscanistercheck = 1;
}
elsif (/^fipscheck$/)
{
if ($fipscanisteronly != 2)
{
print STDERR <<"EOF";
ERROR: FIPS not autodetected. Not running from restricted tarball??
EOF
exit(1);
}
}
elsif (/^fipscanisteronly$/)
{
$fips = 1;
$nofipscanistercheck = 1;
$fipslibdir="";
$fipscanisterinternal="y";
$fipscanisteronly = 1;
}
elsif (/^fipscanisterbuild$/)
{
$fips = 1;
$nofipscanistercheck = 1;
$fipslibdir="";
$fipscanisterinternal="y";
$fipscanisteronly = 1;
}
elsif (/^[-+]/)
{
if (/^--prefix=(.*)$/)
@ -1574,11 +1531,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($bn_obj =~ /-gf2m/);
if ($fips)
{
$openssl_other_defines.="#define OPENSSL_FIPS\n";
if ($fipscanisterinternal eq "y")
{
$openssl_other_defines.="#define OPENSSL_FIPSCANISTER\n";
$cflags = "-DOPENSSL_FIPSCANISTER $cflags";
}
}
$cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
@ -1619,7 +1571,6 @@ if ($aes_obj =~ /\.o$/)
# aes-xts.o indicates presence of AES_xts_[en|de]crypt...
$cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//);
$aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2);
$aes_obj =~ s/\s*(vp|bs)aes-\w*\.o//g if ($fipscanisterinternal eq "y");
$cflags.=" -DVPAES_ASM" if ($aes_obj =~ m/vpaes/);
$cflags.=" -DBSAES_ASM" if ($aes_obj =~ m/bsaes/);
}
@ -1690,35 +1641,12 @@ if ($strict_warnings)
}
}
if ($fipscanisterinternal eq "y")
{
open(IN,"<fips/fips_auth.in") || die "can't open fips_auth.in";
open(OUT,">fips/fips_auth.h") || die "can't open fips_auth.h";
while(<IN>)
{
s/FIPS_AUTH_KEY.*$/FIPS_AUTH_KEY $fips_auth_key/ if defined $fips_auth_key;
s/FIPS_AUTH_CRYPTO_OFFICER.*$/FIPS_AUTH_CRYPTO_OFFICER $fips_auth_officer/ if defined $fips_auth_officer;
s/FIPS_AUTH_CRYPTO_USER.*$/FIPS_AUTH_CRYPTO_USER $fips_auth_user/ if defined $fips_auth_user;
print OUT $_;
}
close IN;
close OUT;
}
my $mforg = $fipscanisteronly ? "Makefile.fips" : "Makefile.org";
open(IN,"<$mforg") || die "unable to read $mforg:$!\n";
open(IN,"<Makefile.org") || die "unable to read Makefile.org:$!\n";
unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
print OUT "### Generated automatically from $mforg by Configure.\n\n";
print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
my $sdirs=0;
if ($fipscanisteronly)
{
$aes_obj =~ s/aesni-sha1-x86_64.o//;
$bn_obj =~ s/modexp512-x86_64.o//;
}
while (<IN>)
{
chomp;
@ -1797,7 +1725,6 @@ while (<IN>)
s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
s/^SHARED_FIPS=.*/SHARED_FIPS=/;
s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/;
s/^FIPSCANISTERINTERNAL=.*/FIPSCANISTERINTERNAL=$fipscanisterinternal/;
s/^BASEADDR=.*/BASEADDR=$baseaddr/;
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
@ -1821,10 +1748,6 @@ while (<IN>)
s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
}
s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
if ($fipscanisteronly && exists $disabled{"ec2m"})
{
next if (/ec2_/ || /bn_gf2m/);
}
print OUT $_."\n";
}
close(IN);
@ -2070,9 +1993,7 @@ EOF
$make_targets .= " gentests" if $symlink;
(system $make_command.$make_targets) == 0 or die "make $make_targets failed"
if $make_targets ne "";
if ( $fipscanisteronly )
{}
elsif ( $perl =~ m@^/@) {
if ( $perl =~ m@^/@) {
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
&dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
} else {
@ -2080,7 +2001,7 @@ EOF
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
if ($depflags ne $default_depflags && !$make_depend && !$fipscanisteronly) {
if ($depflags ne $default_depflags && !$make_depend) {
print <<EOF;
Since you've disabled or enabled at least one algorithm, you need to do
@ -2185,21 +2106,6 @@ libraries on this platform, they will at least look at it and try their best
(but please first make sure you have tried with a current version of OpenSSL).
EOF
print <<\EOF if ($fipscanisterinternal eq "y");
WARNING: OpenSSL has been configured using unsupported option(s) to internally
generate a fipscanister.o object module for TESTING PURPOSES ONLY; that
compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the
OpenSSL FIPS Object Module as identified by the CMVP
(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS
140-2 validated software.
This is a test OpenSSL 2.0 FIPS module.
See the file README.FIPS for details of how to build a test library.
EOF
exit(0);
sub usage

638
Makefile.fips
View File

@ -1,638 +0,0 @@
##
## Makefile for OpenSSL: fipscanister.o only
##
VERSION=fips-2.0-test
MAJOR=
MINOR=
SHLIB_VERSION_NUMBER=
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=
SHLIB_MINOR=
SHLIB_EXT=
PLATFORM=dist
OPTIONS=
CONFIGURE_ARGS=
SHLIB_TARGET=
# HERE indicates where this Makefile lives. This can be used to indicate
# where sub-Makefiles are expected to be. Currently has very limited usage,
# and should probably not be bothered with at all.
HERE=.
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
INSTALL_PREFIX=
INSTALLTOP=/usr/local/ssl
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
OPENSSLDIR=/usr/local/ssl
# NO_IDEA - Define to build without the IDEA algorithm
# NO_RC4 - Define to build without the RC4 algorithm
# NO_RC2 - Define to build without the RC2 algorithm
# THREADS - Define when building with threads, you will probably also need any
# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
# DEVRANDOM - Give this the value of the 'random device' if your OS supports
# one. 32 bytes will be read from this when the random
# number generator is initalised.
# SSL_FORBID_ENULL - define if you want the server to be not able to use the
# NULL encryption ciphers.
#
# LOCK_DEBUG - turns on lots of lock debug output :-)
# REF_CHECK - turn on some xyz_free() assertions.
# REF_PRINT - prints some stuff on structure free.
# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
# MFUNC - Make all Malloc/Free/Realloc calls call
# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
# call application defined callbacks via CRYPTO_set_mem_functions()
# MD5_ASM needs to be defined to use the x86 assembler for MD5
# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
# equal 4.
# PKCS1_CHECK - pkcs1 tests.
CC= cc
CFLAG= -O
DEPFLAG=
PEX_LIBS=
EX_LIBS=
EXE_EXT=
ARFLAGS=
AR=ar $(ARFLAGS) r
RANLIB= ranlib
NM= nm
PERL= perl
TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
LIBDIR=lib
# We let the C compiler driver to take care of .s files. This is done in
# order to be excused from maintaining a separate set of architecture
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
# gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler.
#AS=$(CC) -c
ASFLAG=$(CFLAG)
# For x86 assembler: Set PROCESSOR to 386 if you want to support
# the 80386.
PROCESSOR=
# CPUID module collects small commonly used assembler snippets
CPUID_OBJ=
BN_ASM= bn_asm.o
DES_ENC= des_enc.o fcrypt_b.o
AES_ENC= aes_core.o aes_cbc.o
BF_ENC= bf_enc.o
CAST_ENC= c_enc.o
RC4_ENC= rc4_enc.o
RC5_ENC= rc5_enc.o
MD5_ASM_OBJ=
SHA1_ASM_OBJ=
RMD160_ASM_OBJ=
WP_ASM_OBJ=
CMLL_ENC=
MODES_ASM_OBJ=
PERLASM_SCHEME=
# KRB5 stuff
KRB5_INCLUDES=
LIBKRB5=
# Zlib stuff
ZLIB_INCLUDE=
LIBZLIB=
# This is the location of fipscanister.o and friends.
# The FIPS module build will place it $(INSTALLTOP)/lib
# but since $(INSTALLTOP) can only take the default value
# when the module is built it will be in /usr/local/ssl/lib
# $(INSTALLTOP) for this build may be different so hard
# code the path.
FIPSLIBDIR=/usr/local/ssl/$(LIBDIR)/
# This is set to "y" if fipscanister.o is compiled internally as
# opposed to coming from an external validated location.
FIPSCANISTERINTERNAL=n
# This is set if we only build fipscanister.o
FIPSCANISTERONLY=y
# The location of the library which contains fipscanister.o
# normally it will be libcrypto unless fipsdso is set in which
# case it will be libfips. If not compiling in FIPS mode at all
# this is empty making it a useful test for a FIPS compile.
FIPSCANLIB=
# Shared library base address. Currently only used on Windows.
#
BASEADDR=
DIRS= crypto fips test
ENGDIRS= ccgost
SHLIBDIRS= crypto
# dirs in crypto to build
SDIRS= \
sha hmac des aes modes \
bn ec rsa dsa ecdsa dh \
buffer evp ecdh cmac
# keep in mind that the above list is adjusted by ./Configure
# according to no-xxx arguments...
LINKDIRS= \
objects sha hmac des aes modes \
bn ec rsa dsa ecdh cmac ecdsa dh engine \
buffer bio stack lhash rand err \
evp asn1 ui
# tests to perform. "alltests" is a special word indicating that all tests
# should be performed.
TESTS = alltests
MAKEFILE= Makefile
MANDIR=$(OPENSSLDIR)/man
MAN1=1
MAN3=3
MANSUFFIX=
HTMLSUFFIX=html
HTMLDIR=$(OPENSSLDIR)/html
SHELL=/bin/sh
TOP= .
ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS=
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
SHARED_LIBS_LINK_EXTS=
SHARED_LDFLAGS=
GENERAL= Makefile
BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
TARFILE= openssl-fips-2.0-test.tar
WTARFILE= $(NAME)-win.tar
EXHEADER= e_os2.h
HEADER= e_os.h
all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
# as we stick to -e, CLEARENV ensures that local variables in lower
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
# shell, which [annoyingly enough] terminates unset with error if VAR
# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
# which terminates unset with error if no variable was present:-(
CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
$${EXHEADER+EXHEADER} $${HEADER+HEADER} \
$${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
CC='$(CC)' CFLAG='$(CFLAG)' \
ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
CROSS_COMPILE='$(CROSS_COMPILE)' \
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
INSTALL_PREFIX='$(INSTALL_PREFIX)' \
INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \
LIBDIR='$(LIBDIR)' \
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
MAKEDEPPROG='$(MAKEDEPPROG)' \
SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
CPUID_OBJ='$(CPUID_OBJ)' \
BN_ASM='$(BN_ASM)' DES_ENC='$(DES_ENC)' \
AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \
BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \
RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \
SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \
MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \
RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \
WP_ASM_OBJ='$(WP_ASM_OBJ)' \
MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \
PERLASM_SCHEME='$(PERLASM_SCHEME)' \
FIPSLIBDIR='${FIPSLIBDIR}' \
FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \
FIPSCANISTERONLY='${FIPSCANISTERONLY}' \
FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
# BUILD_CMD is a generic macro to build a given target in a given
# subdirectory. The target must be given through the shell variable
# `target' and the subdirectory to build in must be given through `dir'.
# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
# BUILD_ONE_CMD instead.
#
# BUILD_ONE_CMD is a macro to build a given target in a given
# subdirectory if that subdirectory is part of $(DIRS). It requires
# exactly the same shell variables as BUILD_CMD.
#
# RECURSIVE_BUILD_CMD is a macro to build a given target in all
# subdirectories defined in $(DIRS). It requires that the target
# is given through the shell variable `target'.
BUILD_CMD= if [ -d "$$dir" ]; then \
( cd $$dir && echo "making $$target in $$dir..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
) || exit 1; \
fi
RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
BUILD_ONE_CMD=\
if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
$(BUILD_CMD); \
fi
reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
../crypto/aes/aes_ecb.o \
../crypto/aes/aes_ofb.o \
../crypto/bn/bn_add.o \
../crypto/bn/bn_blind.o \
../crypto/bn/bn_ctx.o \
../crypto/bn/bn_div.o \
../crypto/bn/bn_exp2.o \
../crypto/bn/bn_exp.o \
../crypto/bn/bn_gcd.o \
../crypto/bn/bn_gf2m.o \
../crypto/bn/bn_lib.o \
../crypto/bn/bn_mod.o \
../crypto/bn/bn_mont.o \
../crypto/bn/bn_mul.o \
../crypto/bn/bn_nist.o \
../crypto/bn/bn_prime.o \
../crypto/bn/bn_rand.o \
../crypto/bn/bn_recp.o \
../crypto/bn/bn_shift.o \
../crypto/bn/bn_sqr.o \
../crypto/bn/bn_word.o \
../crypto/bn/bn_x931p.o \
../crypto/buffer/buf_str.o \
../crypto/cmac/cmac.o \
../crypto/cryptlib.o \
../crypto/des/cfb64ede.o \
../crypto/des/cfb64enc.o \
../crypto/des/cfb_enc.o \
../crypto/des/ecb3_enc.o \
../crypto/des/ofb64ede.o \
../crypto/des/fcrypt.o \
../crypto/des/set_key.o \
../crypto/dh/dh_check.o \
../crypto/dh/dh_gen.o \
../crypto/dh/dh_key.o \
../crypto/dsa/dsa_gen.o \
../crypto/dsa/dsa_key.o \
../crypto/dsa/dsa_ossl.o \
../crypto/ec/ec_curve.o \
../crypto/ec/ec_cvt.o \
../crypto/ec/ec_key.o \
../crypto/ec/ec_lib.o \
../crypto/ec/ecp_mont.o \
../crypto/ec/ec_mult.o \
../crypto/ec/ecp_nist.o \
../crypto/ec/ecp_smpl.o \
../crypto/ec/ec2_mult.o \
../crypto/ec/ec2_smpl.o \
../crypto/ecdh/ech_key.o \
../crypto/ecdh/ech_ossl.o \
../crypto/ecdsa/ecs_ossl.o \
../crypto/evp/e_aes.o \
../crypto/evp/e_des3.o \
../crypto/evp/e_null.o \
../crypto/evp/m_sha1.o \
../crypto/evp/m_dss1.o \
../crypto/evp/m_dss.o \
../crypto/evp/m_ecdsa.o \
../crypto/hmac/hmac.o \
../crypto/modes/cbc128.o \
../crypto/modes/ccm128.o \
../crypto/modes/cfb128.o \
../crypto/modes/ctr128.o \
../crypto/modes/gcm128.o \
../crypto/modes/ofb128.o \
../crypto/modes/xts128.o \
../crypto/rsa/rsa_eay.o \
../crypto/rsa/rsa_gen.o \
../crypto/rsa/rsa_crpt.o \
../crypto/rsa/rsa_none.o \
../crypto/rsa/rsa_oaep.o \
../crypto/rsa/rsa_pk1.o \
../crypto/rsa/rsa_pss.o \
../crypto/rsa/rsa_ssl.o \
../crypto/rsa/rsa_x931.o \
../crypto/rsa/rsa_x931g.o \
../crypto/sha/sha1dgst.o \
../crypto/sha/sha256.o \
../crypto/sha/sha512.o \
../crypto/thr_id.o \
../crypto/uid.o
sub_all: build_all
build_all: build_libs
build_libs: build_crypto build_fips
build_fips:
@dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
build_crypto:
if [ -n "$(FIPSCANLIB)" ]; then \
EXCL_OBJ='$(AES_ENC) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(MODES_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
else \
ARX='${AR}' ; \
fi ; export ARX ; \
if [ $(FIPSCANISTERINTERNAL) = "y" ]; then \
AS='$(PERL) $${TOP}/util/fipsas.pl $${TOP} $${<} $(CC)' ; \
else \
AS='$(CC) -c' ; \
fi ; export AS ; \
dir=crypto; target=fips; $(BUILD_ONE_CMD)
build_ssl:
@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines:
@dir=engines; target=all; $(BUILD_ONE_CMD)
build_apps:
@dir=apps; target=all; $(BUILD_ONE_CMD)
build_tests:
@dir=test; target=fipsexe; $(BUILD_ONE_CMD)
build_algvs:
@dir=test; target=fipsalgvs; $(BUILD_ONE_CMD)
build_tools:
@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
build_testapps:
@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
libcrypto$(SHLIB_EXT): libcrypto.a build_fips
@if [ "$(SHLIB_TARGET)" != "" ]; then \
if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
export CC FIPSLD_CC; \
fi; \
$(MAKE) SHLIBDIRS=crypto build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
clean-shared:
@set -e; for i in $(SHLIBDIRS); do \
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
for j in $${tmp:-x}; do \
( set -x; rm -f lib$$i$$j ); \
done; \
fi; \
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
if [ "$(PLATFORM)" = "Cygwin" ]; then \
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
fi; \
done
link-shared:
@ set -e; for i in $(SHLIBDIRS); do \
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
symlink.$(SHLIB_TARGET); \
libs="$$libs -l$$i"; \
done
build-shared: do_$(SHLIB_TARGET) link-shared
do_$(SHLIB_TARGET):
@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
LIBDEPS="$$libs $(EX_LIBS)" \
link_a.$(SHLIB_TARGET); \
libs="-l$$i $$libs"; \
done
libcrypto.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
Makefile: Makefile.fips Configure config
@echo "Makefile is older than Makefile.org, Configure or config."
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
@false
libclean:
rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
clean: libclean
rm -f shlib/*.o *.o core a.out fluff testlog make.log cctest cctest.c
@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
rm -f $(LIBS)
rm -f openssl.pc libssl.pc libcrypto.pc
rm -f speed.* .pure
rm -f $(TARFILE)
@set -e; for i in $(ONEDIRS) ;\
do \
rm -fr $$i/*; \
done
makefile.one: files
$(PERL) util/mk1mf.pl >makefile.one; \
sh util/do_ms.sh
files:
$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
@set -e; target=files; $(RECURSIVE_BUILD_CMD)
links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@set -e; dir=fips target=links; $(RECURSIVE_BUILD_CMD)
@(cd crypto ; SDIRS='$(LINKDIRS)' $(MAKE) -e links)
gentests:
@(cd test && echo "generating dummy tests (if needed)..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
dclean:
rm -rf *.bak include/openssl certs/.0
@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
test: tests
tests:
@echo "Not implemented in FIPS build" ; false
report:
@$(PERL) util/selftest.pl
depend:
@echo make depend not supported ; false
lint:
@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
tags:
rm -f TAGS
find . -name '[^.]*.[ch]' | xargs etags -a
errors:
$(PERL) util/mkerr.pl -recurse -write
(cd engines; $(MAKE) PERL=$(PERL) errors)
$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
stacks:
$(PERL) util/mkstack.pl -write
util/libeay.num::
$(PERL) util/mkdef.pl crypto update
util/ssleay.num::
$(PERL) util/mkdef.pl ssl update
crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
$(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
apps/openssl-vms.cnf: apps/openssl.cnf
$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
tar:
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | $(BUILDENV) LINKDIRS='$(LINKDIRS)' $(PERL) util/fipsdist.pl | sort > ../$(TARFILE).list; \
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
tardy --user_number=0 --user_name=openssl \
--group_number=0 --group_name=openssl \
--prefix=openssl-$(VERSION) - |\
gzip --best >../$(TARFILE).gz; \
rm -f ../$(TARFILE).list; \
ls -l ../$(TARFILE).gz
tar-snap:
@$(TAR) $(TARFLAGS) -cvf - \
`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
tardy --user_number=0 --user_name=openssl \
--group_number=0 --group_name=openssl \
--prefix=openssl-$(VERSION) - > ../$(TARFILE);\
ls -l ../$(TARFILE)
dist:
$(PERL) Configure dist fipscanisteronly
@$(MAKE) dist_pem_h
@$(MAKE) SDIRS='$(SDIRS)' clean
@$(MAKE) -f Makefile.fips TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
install: all install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
@set -e; target=install; $(RECURSIVE_BUILD_CMD)
# DO NOT DELETE THIS LINE -- make depend depends on it.

247
fips/Makefile
View File

@ -1,247 +0,0 @@
#
# OpenSSL/crypto/Makefile
#
DIR= fips
TOP= ..
CC= cc
INCLUDE= -I. -I$(TOP) -I../include
# INCLUDES targets sudbirs!
INCLUDES= -I.. -I../.. -I../../include
CFLAG= -g
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
RM= rm -f
AR= ar r
ARD= ar d
TEST= fips_test_suite.c
FIPS_TVDIR= testvectors
FIPS_TVOK= $$HOME/fips/tv.ok
FIPSCANLOC= $(FIPSLIBDIR)fipscanister.o
RECURSIVE_MAKE= [ -n "$(FDIRS)" ] && for i in $(FDIRS) ; do \
(cd $$i && echo "making $$target in $(DIR)/$$i..." && \
$(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \
done;
PEX_LIBS=
EX_LIBS=
CFLAGS= $(INCLUDE) $(CFLAG) -DHMAC_EXT=\"$${HMAC_EXT:-sha1}\"
ASFLAGS= $(INCLUDE) $(ASFLAG)
AFLAGS=$(ASFLAGS)
LIBS=
FDIRS=sha rand des aes dsa ecdh ecdsa rsa dh cmac hmac utl
GENERAL=Makefile README fips-lib.com install.com
LIB= $(TOP)/libcrypto.a
SHARED_LIB= $(FIPSCANLIB)$(SHLIB_EXT)
LIBSRC=fips.c fips_post.c
LIBOBJ=fips.o fips_post.o
FIPS_OBJ_LISTS=sha/lib hmac/lib rand/lib des/lib aes/lib dsa/lib rsa/lib \
dh/lib utl/lib ecdsa/lib ecdh/lib cmac/lib
SRC= $(LIBSRC)
EXHEADER=fips.h fipssyms.h
HEADER=$(EXHEADER) fips_utl.h fips_locl.h fips_auth.h
EXE=fipsld fips_standalone_sha1
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
@(cd ..; $(MAKE) DIRS=$(DIR) all)
testapps:
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
all:
@if [ -n "$(FIPSCANISTERONLY)" ]; then \
$(MAKE) -e subdirs lib ; \
elif [ -z "$(FIPSLIBDIR)" ]; then \
$(MAKE) -e subdirs lib fips_premain_dso$(EXE_EXT); \
else \
$(MAKE) -e lib fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT); \
fi
# Idea behind fipscanister.o is to "seize" the sequestered code between
# known symbols for fingerprinting purposes, which would be commonly
# done with ld -r start.o ... end.o. The latter however presents a minor
# challenge on multi-ABI platforms. As just implied, we'd rather use ld,
# but the trouble is that we don't generally know how ABI-selection
# compiler flag is translated to corresponding linker flag. All compiler
# drivers seem to recognize -r flag and pass it down to linker, but some
# of them, including gcc, erroneously add -lc, as well as run-time
# components, such as crt1.o and alike. Fortunately among those vendor
# compilers which were observed to misinterpret -r flag multi-ABI ones
# are equipped with smart linkers, which don't require any ABI-selection
# flag and simply assume that all objects are of the same type as first
# one in command line. So the idea is to identify gcc and deficient
# vendor compiler drivers...
fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o
FIPS_ASM=""; \
list="$(BN_ASM)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/bn/$$i" ; done; \
list="$(AES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/aes/$$i" ; done; \
list="$(DES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/des/$$i" ; done; \
list="$(SHA1_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/sha/$$i" ; done; \
list="$(MODES_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/modes/$$i" ; done; \
CPUID=""; \
list="$(CPUID_OBJ)"; for i in $$list; do CPUID="$$CPUID ../crypto/$$i" ; done; \
objs="fips_start.o $(LIBOBJ) $(FIPS_EX_OBJ) $$CPUID $$FIPS_ASM"; \
for i in $(FIPS_OBJ_LISTS); do \
dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \
objs="$$objs `sed "$$script" $$i`"; \
done; \
objs="$$objs fips_end.o" ; \
os="`(uname -s) 2>/dev/null`"; cflags="$(CFLAGS)"; \
case "$$os" in \
AIX) cflags="$$cflags -Wl,-bnoobjreorder" ;; \
HP-UX) cflags="$$cflags -Wl,+sectionmerge" ;; \
esac; \
if [ -n "${FIPS_SITE_LD}" ]; then \
set -x; ${FIPS_SITE_LD} -r -o $@ $$objs; \
elif $(CC) -dumpversion >/dev/null 2>&1; then \
set -x; $(CC) $$cflags -r -nostdlib -o $@ $$objs ; \
else case "$$os" in \
OSF1|SunOS) set -x; /usr/ccs/bin/ld -r -o $@ $$objs ;; \
*) set -x; $(CC) $$cflags -r -o $@ $$objs ;; \
esac fi
./fips_standalone_sha1$(EXE_EXT) fipscanister.o > fipscanister.o.sha1
# If another exception is immediately required, assign approprite
# site-specific ld command to FIPS_SITE_LD environment variable.
fips_start.o: fips_canister.c
$(CC) $(CFLAGS) -DFIPS_START -c -o $@ fips_canister.c
fips_end.o: fips_canister.c
$(CC) $(CFLAGS) -DFIPS_END -c -o $@ fips_canister.c
fips_premain_dso$(EXE_EXT): fips_premain.c
$(CC) $(CFLAGS) -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ fips_premain.c \
$(FIPSLIBDIR)fipscanister.o ../libcrypto.a $(EX_LIBS)
# this is executed only when linking with external fipscanister.o
fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c
if [ -z "$(HOSTCC)" ] ; then \
$(CC) $(CFLAGS) -DFIPSCANISTER_O -o $@ sha/fips_standalone_sha1.c $(FIPSLIBDIR)fipscanister.o $(EX_LIBS) ; \
else \
$(HOSTCC) $(HOSTCFLAGS) -o $ $@ -I../include -I../crypto sha/fips_standalone_sha1.c ../crypto/sha/sha1dgst.c ; \
fi
subdirs:
@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@target=files; $(RECURSIVE_MAKE)
links:
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
@target=links; $(RECURSIVE_MAKE)
# lib: and $(LIB): are splitted to avoid end-less loop
lib: $(LIB)
if [ "$(FIPSCANISTERINTERNAL)" = "n" -a -n "$(FIPSCANLOC)" ]; then $(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC); fi
@touch lib
$(LIB): $(FIPSLIBDIR)fipscanister.o
$(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
$(RANLIB) $(LIB) || echo Never mind.
$(FIPSCANLIB): $(FIPSCANLOC)
$(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC)
if [ "$(FIPSCANLIB)" = "libfips" ]; then \
$(AR) $(LIB) $(FIPSCANLOC) ; \
$(RANLIB) $(LIB) || echo Never Mind. ; \
fi
$(RANLIB) ../$(FIPSCANLIB).a || echo Never mind.
@touch lib
shared: lib subdirs fips_premain_dso$(EXE_EXT)
libs:
@target=lib; $(RECURSIVE_MAKE)
fips_test: top
@target=fips_test; $(RECURSIVE_MAKE)
fips_test_diff:
@if diff -b -B -I '^\#' -cr -X fips-nodiff.txt $(FIPS_TVDIR) $(FIPS_TVOK) ; then \
echo "FIPS diff OK" ; \
else \
echo "***FIPS DIFF ERROR***" ; exit 1 ; \
fi
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@headerlist="$(EXHEADER)"; for i in $$headerlist ;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
@target=install; $(RECURSIVE_MAKE)
for i in $(EXE) ; \
do \
echo "installing $$i"; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
done
cp -p -f $(FIPSLIBDIR)fipscanister.o $(FIPSLIBDIR)fipscanister.o.sha1 \
$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fips_premain.c.sha1 \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/; \
chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/fips*
lint:
@target=lint; $(RECURSIVE_MAKE)
depend:
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
clean:
rm -f fipscanister.o.sha1 fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT) \
*.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
@target=clean; $(RECURSIVE_MAKE)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
@target=dclean; $(RECURSIVE_MAKE)
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips.o: ../include/openssl/aes.h ../include/openssl/asn1.h
fips.o: ../include/openssl/bio.h ../include/openssl/crypto.h
fips.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
fips.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
fips.o: ../include/openssl/err.h ../include/openssl/evp.h
fips.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
fips.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
fips.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
fips.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
fips.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
fips.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h fips.c
fips.o: fips_locl.h
fips_post.o: ../include/openssl/aes.h ../include/openssl/asn1.h
fips_post.o: ../include/openssl/bio.h ../include/openssl/crypto.h
fips_post.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
fips_post.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
fips_post.o: ../include/openssl/err.h ../include/openssl/evp.h
fips_post.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
fips_post.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
fips_post.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
fips_post.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
fips_post.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
fips_post.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
fips_post.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
fips_post.o: fips_locl.h fips_post.c

126
fips/aes/Makefile
View File

@ -1,126 +0,0 @@
#
# OpenSSL/fips/aes/Makefile
#
DIR= aes
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
ASFLAGS= $(INCLUDES) $(ASFLAG)
AFLAGS= $(ASFLAGS)
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST=fips_aesavs.c fips_gcmtest.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC=fips_aes_selftest.c
LIBOBJ=fips_aes_selftest.o
SRC= $(LIBSRC)
EXHEADER=
HEADER=
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
install:
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done
tags:
ctags $(SRC)
tests:
fips_test:
-find ../testvectors/aes/req -name '*.req' > testlist
-rm -rf ../testvectors/aes/rsp
mkdir ../testvectors/aes/rsp
if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_aesavs -d testlist; fi
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) \
$(SRC) $(TEST)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff testlist
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips_aes_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_aes_selftest.o: ../../include/openssl/crypto.h
fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
fips_aes_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_aes_selftest.o: ../../include/openssl/lhash.h
fips_aes_selftest.o: ../../include/openssl/obj_mac.h
fips_aes_selftest.o: ../../include/openssl/objects.h
fips_aes_selftest.o: ../../include/openssl/opensslconf.h
fips_aes_selftest.o: ../../include/openssl/opensslv.h
fips_aes_selftest.o: ../../include/openssl/ossl_typ.h
fips_aes_selftest.o: ../../include/openssl/safestack.h
fips_aes_selftest.o: ../../include/openssl/stack.h
fips_aes_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
fips_aes_selftest.o: fips_aes_selftest.c
fips_aesavs.o: ../../e_os.h ../../include/openssl/aes.h
fips_aesavs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_aesavs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
fips_aesavs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_aesavs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_aesavs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
fips_aesavs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
fips_aesavs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
fips_aesavs.o: ../../include/openssl/opensslconf.h
fips_aesavs.o: ../../include/openssl/opensslv.h
fips_aesavs.o: ../../include/openssl/ossl_typ.h
fips_aesavs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_aesavs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_aesavs.c
fips_gcmtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_gcmtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_gcmtest.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
fips_gcmtest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_gcmtest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_gcmtest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
fips_gcmtest.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
fips_gcmtest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
fips_gcmtest.o: ../../include/openssl/opensslconf.h
fips_gcmtest.o: ../../include/openssl/opensslv.h
fips_gcmtest.o: ../../include/openssl/ossl_typ.h
fips_gcmtest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_gcmtest.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_gcmtest.c

387
fips/aes/fips_aes_selftest.c
View File

@ -1,387 +0,0 @@
/* ====================================================================
* Copyright (c) 2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/evp.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS
__fips_constseg
static const struct
{
const unsigned char key[16];
const unsigned char plaintext[16];
const unsigned char ciphertext[16];
} tests[]=
{
{
{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
{ 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF },
{ 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30,
0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A },
},
};
int FIPS_selftest_aes()
{
int n;
int ret = 0;
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
for(n=0 ; n < 1 ; ++n)
{
if (fips_cipher_test(FIPS_TEST_CIPHER, &ctx, EVP_aes_128_ecb(),
tests[n].key, NULL,
tests[n].plaintext,
tests[n].ciphertext,
16) <= 0)
goto err;
}
ret = 1;
err:
FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0)
FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
return ret;
}
/* AES-CCM test data from NIST public test vectors */
__fips_constseg
static const unsigned char ccm_key[] = {
0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6,
0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe8
};
__fips_constseg
static const unsigned char ccm_nonce[] = {
0x76,0x40,0x43,0xc4,0x94,0x60,0xb7
};
__fips_constseg
static const unsigned char ccm_adata[] = {
0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7,
0x5f,0x10,0xbd,0xe7,0x8c,0x23,0xfa,0x0e,0xb8,0xf9,0xaa,0xa5,
0x3a,0xde,0xfb,0xf4,0xcb,0xf7,0x8f,0xe4
};
__fips_constseg
static const unsigned char ccm_pt[] = {
0xc8,0xd2,0x75,0xf9,0x19,0xe1,0x7d,0x7f,0xe6,0x9c,0x2a,0x1f,
0x58,0x93,0x9d,0xfe,0x4d,0x40,0x37,0x91,0xb5,0xdf,0x13,0x10
};
__fips_constseg
static const unsigned char ccm_ct[] = {
0x8a,0x0f,0x3d,0x82,0x29,0xe4,0x8e,0x74,0x87,0xfd,0x95,0xa2,
0x8a,0xd3,0x92,0xc8,0x0b,0x36,0x81,0xd4,0xfb,0xc7,0xbb,0xfd
};
__fips_constseg
static const unsigned char ccm_tag[] = {
0x2d,0xd6,0xef,0x1c,0x45,0xd4,0xcc,0xb7,0x23,0xdc,0x07,0x44,
0x14,0xdb,0x50,0x6d
};
int FIPS_selftest_aes_ccm(void)
{
int ret = 0, do_corrupt = 0;
unsigned char out[128], tag[16];
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
memset(out, 0, sizeof(out));
if (!fips_post_started(FIPS_TEST_CCM, 0, 0))
return 1;
if (!fips_post_corrupt(FIPS_TEST_CCM, 0, NULL))
do_corrupt = 1;
if (!FIPS_cipherinit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 1))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
sizeof(ccm_nonce), NULL))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
sizeof(ccm_tag), NULL))
goto err;
if (!FIPS_cipherinit(&ctx, NULL, ccm_key, ccm_nonce, 1))
goto err;
if (FIPS_cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt))
goto err;
if (FIPS_cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
goto err;
if (FIPS_cipher(&ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, 16, tag))
goto err;
if (memcmp(tag, ccm_tag, sizeof(ccm_tag))
|| memcmp(out, ccm_ct, sizeof(ccm_ct)))
goto err;
memset(out, 0, sizeof(out));
/* Modify expected tag value */
if (do_corrupt)
tag[0]++;
if (!FIPS_cipherinit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 0))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
sizeof(ccm_nonce), NULL))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag))
goto err;
if (!FIPS_cipherinit(&ctx, NULL, ccm_key, ccm_nonce, 0))
goto err;
if (FIPS_cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct))
goto err;
if (FIPS_cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
goto err;
if (FIPS_cipher(&ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt))
goto err;
if (memcmp(out, ccm_pt, sizeof(ccm_pt)))
goto err;
ret = 1;
err:
FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0)
{
fips_post_failed(FIPS_TEST_CCM, 0, NULL);
FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM,FIPS_R_SELFTEST_FAILED);
return 0;
}
else
return fips_post_success(FIPS_TEST_CCM, 0, NULL);
}
/* AES-GCM test data from NIST public test vectors */
__fips_constseg
static const unsigned char gcm_key[] = {
0xee,0xbc,0x1f,0x57,0x48,0x7f,0x51,0x92,0x1c,0x04,0x65,0x66,
0x5f,0x8a,0xe6,0xd1,0x65,0x8b,0xb2,0x6d,0xe6,0xf8,0xa0,0x69,
0xa3,0x52,0x02,0x93,0xa5,0x72,0x07,0x8f
};
__fips_constseg
static const unsigned char gcm_iv[] = {
0x99,0xaa,0x3e,0x68,0xed,0x81,0x73,0xa0,0xee,0xd0,0x66,0x84
};
__fips_constseg
static const unsigned char gcm_pt[] = {
0xf5,0x6e,0x87,0x05,0x5b,0xc3,0x2d,0x0e,0xeb,0x31,0xb2,0xea,
0xcc,0x2b,0xf2,0xa5
};
__fips_constseg
static const unsigned char gcm_aad[] = {
0x4d,0x23,0xc3,0xce,0xc3,0x34,0xb4,0x9b,0xdb,0x37,0x0c,0x43,
0x7f,0xec,0x78,0xde
};
__fips_constseg
static const unsigned char gcm_ct[] = {
0xf7,0x26,0x44,0x13,0xa8,0x4c,0x0e,0x7c,0xd5,0x36,0x86,0x7e,
0xb9,0xf2,0x17,0x36
};
__fips_constseg
static const unsigned char gcm_tag[] = {
0x67,0xba,0x05,0x10,0x26,0x2a,0xe4,0x87,0xd7,0x37,0xee,0x62,
0x98,0xf7,0x7e,0x0c
};
int FIPS_selftest_aes_gcm(void)
{
int ret = 0, do_corrupt = 0;
unsigned char out[128], tag[16];
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
memset(out, 0, sizeof(out));
memset(tag, 0, sizeof(tag));
if (!fips_post_started(FIPS_TEST_GCM, 0, 0))
return 1;
if (!fips_post_corrupt(FIPS_TEST_GCM, 0, NULL))
do_corrupt = 1;
if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
sizeof(gcm_iv), NULL))
goto err;
if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 1))
goto err;
if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
goto err;
if (FIPS_cipher(&ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct))
goto err;
if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
goto err;
if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
goto err;
memset(out, 0, sizeof(out));
/* Modify expected tag value */
if (do_corrupt)
tag[0]++;
if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
sizeof(gcm_iv), NULL))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
goto err;
if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 0))
goto err;
if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
goto err;
if (FIPS_cipher(&ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt))
goto err;
if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
goto err;
if (memcmp(out, gcm_pt, 16))
goto err;
ret = 1;
err:
FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0)
{
fips_post_failed(FIPS_TEST_GCM, 0, NULL);
FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED);
return 0;
}
else
return fips_post_success(FIPS_TEST_GCM, 0, NULL);
}
__fips_constseg
static const unsigned char XTS_128_key[] = {
0xa1,0xb9,0x0c,0xba,0x3f,0x06,0xac,0x35,0x3b,0x2c,0x34,0x38,
0x76,0x08,0x17,0x62,0x09,0x09,0x23,0x02,0x6e,0x91,0x77,0x18,
0x15,0xf2,0x9d,0xab,0x01,0x93,0x2f,0x2f
};
__fips_constseg
static const unsigned char XTS_128_i[] = {
0x4f,0xae,0xf7,0x11,0x7c,0xda,0x59,0xc6,0x6e,0x4b,0x92,0x01,
0x3e,0x76,0x8a,0xd5
};
__fips_constseg
static const unsigned char XTS_128_pt[] = {
0xeb,0xab,0xce,0x95,0xb1,0x4d,0x3c,0x8d,0x6f,0xb3,0x50,0x39,
0x07,0x90,0x31,0x1c
};
__fips_constseg
static const unsigned char XTS_128_ct[] = {
0x77,0x8a,0xe8,0xb4,0x3c,0xb9,0x8d,0x5a,0x82,0x50,0x81,0xd5,
0xbe,0x47,0x1c,0x63
};
__fips_constseg
static const unsigned char XTS_256_key[] = {
0x1e,0xa6,0x61,0xc5,0x8d,0x94,0x3a,0x0e,0x48,0x01,0xe4,0x2f,
0x4b,0x09,0x47,0x14,0x9e,0x7f,0x9f,0x8e,0x3e,0x68,0xd0,0xc7,
0x50,0x52,0x10,0xbd,0x31,0x1a,0x0e,0x7c,0xd6,0xe1,0x3f,0xfd,
0xf2,0x41,0x8d,0x8d,0x19,0x11,0xc0,0x04,0xcd,0xa5,0x8d,0xa3,
0xd6,0x19,0xb7,0xe2,0xb9,0x14,0x1e,0x58,0x31,0x8e,0xea,0x39,
0x2c,0xf4,0x1b,0x08
};
__fips_constseg
static const unsigned char XTS_256_i[] = {
0xad,0xf8,0xd9,0x26,0x27,0x46,0x4a,0xd2,0xf0,0x42,0x8e,0x84,
0xa9,0xf8,0x75,0x64
};
__fips_constseg
static const unsigned char XTS_256_pt[] = {
0x2e,0xed,0xea,0x52,0xcd,0x82,0x15,0xe1,0xac,0xc6,0x47,0xe8,
0x10,0xbb,0xc3,0x64,0x2e,0x87,0x28,0x7f,0x8d,0x2e,0x57,0xe3,
0x6c,0x0a,0x24,0xfb,0xc1,0x2a,0x20,0x2e
};
__fips_constseg
static const unsigned char XTS_256_ct[] = {
0xcb,0xaa,0xd0,0xe2,0xf6,0xce,0xa3,0xf5,0x0b,0x37,0xf9,0x34,
0xd4,0x6a,0x9b,0x13,0x0b,0x9d,0x54,0xf0,0x7e,0x34,0xf3,0x6a,
0xf7,0x93,0xe8,0x6f,0x73,0xc6,0xd7,0xdb
};
int FIPS_selftest_aes_xts()
{
int ret = 1;
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
if (fips_cipher_test(FIPS_TEST_XTS, &ctx, EVP_aes_128_xts(),
XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct,
sizeof(XTS_128_pt)) <= 0)
ret = 0;
if (fips_cipher_test(FIPS_TEST_XTS, &ctx, EVP_aes_256_xts(),
XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct,
sizeof(XTS_256_pt)) <= 0)
ret = 0;
FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0)
FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS,FIPS_R_SELFTEST_FAILED);
return ret;
}
#endif

938
fips/aes/fips_aesavs.c
View File

@ -1,938 +0,0 @@
/* ====================================================================
* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/*---------------------------------------------
NIST AES Algorithm Validation Suite
Test Program
Donated to OpenSSL by:
V-ONE Corporation
20250 Century Blvd, Suite 300
Germantown, MD 20874
U.S.A.
----------------------------------------------*/
#define OPENSSL_FIPSAPI
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
#include <ctype.h>
#include <openssl/aes.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include "e_os.h"
#ifndef OPENSSL_FIPS
int main(int argc, char *argv[])
{
printf("No FIPS AES support\n");
return(0);
}
#else
#include <openssl/fips.h>
#include "fips_utl.h"
#define AES_BLOCK_SIZE 16
#define VERBOSE 0
/*-----------------------------------------------*/
static int AESTest(EVP_CIPHER_CTX *ctx,
char *amode, int akeysz, unsigned char *aKey,
unsigned char *iVec,
int dir, /* 0 = decrypt, 1 = encrypt */
unsigned char *plaintext, unsigned char *ciphertext, int len)
{
const EVP_CIPHER *cipher = NULL;
if (strcasecmp(amode, "CBC") == 0)
{
switch (akeysz)
{
case 128:
cipher = EVP_aes_128_cbc();
break;
case 192:
cipher = EVP_aes_192_cbc();
break;
case 256:
cipher = EVP_aes_256_cbc();
break;
}
}
else if (strcasecmp(amode, "ECB") == 0)
{
switch (akeysz)
{
case 128:
cipher = EVP_aes_128_ecb();
break;
case 192:
cipher = EVP_aes_192_ecb();
break;
case 256:
cipher = EVP_aes_256_ecb();
break;
}
}
else if (strcasecmp(amode, "CFB128") == 0)
{
switch (akeysz)
{
case 128:
cipher = EVP_aes_128_cfb128();
break;
case 192:
cipher = EVP_aes_192_cfb128();
break;
case 256:
cipher = EVP_aes_256_cfb128();
break;
}
}
else if (fips_strncasecmp(amode, "OFB", 3) == 0)
{
switch (akeysz)
{
case 128:
cipher = EVP_aes_128_ofb();
break;
case 192:
cipher = EVP_aes_192_ofb();
break;
case 256:
cipher = EVP_aes_256_ofb();
break;
}
}
else if(!strcasecmp(amode,"CFB1"))
{
switch (akeysz)
{
case 128:
cipher = EVP_aes_128_cfb1();
break;
case 192:
cipher = EVP_aes_192_cfb1();
break;
case 256:
cipher = EVP_aes_256_cfb1();
break;
}
}
else if(!strcasecmp(amode,"CFB8"))
{
switch (akeysz)
{
case 128:
cipher = EVP_aes_128_cfb8();
break;
case 192:
cipher = EVP_aes_192_cfb8();
break;
case 256:
cipher = EVP_aes_256_cfb8();
break;
}
}
else
{
printf("Unknown mode: %s\n", amode);
return 0;
}
if (!cipher)
{
printf("Invalid key size: %d\n", akeysz);
return 0;
}
if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0)
return 0;
if(!strcasecmp(amode,"CFB1"))
M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
if (dir)
FIPS_cipher(ctx, ciphertext, plaintext, len);
else
FIPS_cipher(ctx, plaintext, ciphertext, len);
return 1;
}
/*-----------------------------------------------*/
char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"};
enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128};
enum XCrypt {XDECRYPT, XENCRYPT};
/*=============================*/
/* Monte Carlo Tests */
/*-----------------------------*/
/*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/
/*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/
#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
static int do_mct(char *amode,
int akeysz, unsigned char *aKey,unsigned char *iVec,
int dir, unsigned char *text, int len,
FILE *rfp)
{
int ret = 0;
unsigned char key[101][32];
unsigned char iv[101][AES_BLOCK_SIZE];
unsigned char ptext[1001][32];
unsigned char ctext[1001][32];
unsigned char ciphertext[64+4];
int i, j, n, n1, n2;
int imode = 0, nkeysz = akeysz/8;
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
if (len > 32)
{
printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n",
amode, akeysz);
return -1;
}
for (imode = 0; imode < 6; ++imode)
if (strcmp(amode, t_mode[imode]) == 0)
break;
if (imode == 6)
{
printf("Unrecognized mode: %s\n", amode);
return -1;
}
memcpy(key[0], aKey, nkeysz);
if (iVec)
memcpy(iv[0], iVec, AES_BLOCK_SIZE);
if (dir == XENCRYPT)
memcpy(ptext[0], text, len);
else
memcpy(ctext[0], text, len);
for (i = 0; i < 100; ++i)
{
/* printf("Iteration %d\n", i); */
if (i > 0)
{
fprintf(rfp,"COUNT = %d" RESP_EOL ,i);
OutputValue("KEY",key[i],nkeysz,rfp,0);
if (imode != ECB) /* ECB */
OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0);
/* Output Ciphertext | Plaintext */
OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp,
imode == CFB1);
}
for (j = 0; j < 1000; ++j)
{
switch (imode)
{
case ECB:
if (j == 0)
{ /* set up encryption */
ret = AESTest(&ctx, amode, akeysz, key[i], NULL,
dir, /* 0 = decrypt, 1 = encrypt */
ptext[j], ctext[j], len);
if (dir == XENCRYPT)
memcpy(ptext[j+1], ctext[j], len);
else
memcpy(ctext[j+1], ptext[j], len);
}
else
{
if (dir == XENCRYPT)
{
FIPS_cipher(&ctx, ctext[j], ptext[j], len);
memcpy(ptext[j+1], ctext[j], len);
}
else
{
FIPS_cipher(&ctx, ptext[j], ctext[j], len);
memcpy(ctext[j+1], ptext[j], len);
}
}
break;
case CBC:
case OFB:
case CFB128:
if (j == 0)
{
ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
dir, /* 0 = decrypt, 1 = encrypt */
ptext[j], ctext[j], len);
if (dir == XENCRYPT)
memcpy(ptext[j+1], iv[i], len);
else
memcpy(ctext[j+1], iv[i], len);
}
else
{
if (dir == XENCRYPT)
{
FIPS_cipher(&ctx, ctext[j], ptext[j], len);
memcpy(ptext[j+1], ctext[j-1], len);
}
else
{
FIPS_cipher(&ctx, ptext[j], ctext[j], len);
memcpy(ctext[j+1], ptext[j-1], len);
}
}
break;
case CFB8:
if (j == 0)
{
ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
dir, /* 0 = decrypt, 1 = encrypt */
ptext[j], ctext[j], len);
}
else
{
if (dir == XENCRYPT)
FIPS_cipher(&ctx, ctext[j], ptext[j], len);
else
FIPS_cipher(&ctx, ptext[j], ctext[j], len);
}
if (dir == XENCRYPT)
{
if (j < 16)
memcpy(ptext[j+1], &iv[i][j], len);
else
memcpy(ptext[j+1], ctext[j-16], len);
}
else
{
if (j < 16)
memcpy(ctext[j+1], &iv[i][j], len);
else
memcpy(ctext[j+1], ptext[j-16], len);
}
break;
case CFB1:
if(j == 0)
{
#if 0
/* compensate for wrong endianness of input file */
if(i == 0)
ptext[0][0]<<=7;
#endif
ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
ptext[j], ctext[j], len);
}
else
{
if (dir == XENCRYPT)
FIPS_cipher(&ctx, ctext[j], ptext[j], len);
else
FIPS_cipher(&ctx, ptext[j], ctext[j], len);
}
if(dir == XENCRYPT)
{
if(j < 128)
sb(ptext[j+1],0,gb(iv[i],j));
else
sb(ptext[j+1],0,gb(ctext[j-128],0));
}
else
{
if(j < 128)
sb(ctext[j+1],0,gb(iv[i],j));
else
sb(ctext[j+1],0,gb(ptext[j-128],0));
}
break;
}
}
--j; /* reset to last of range */
/* Output Ciphertext | Plaintext */
OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp,
imode == CFB1);
fprintf(rfp, RESP_EOL); /* add separator */
/* Compute next KEY */
if (dir == XENCRYPT)
{
if (imode == CFB8)
{ /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
ciphertext[n1] = ctext[j-n2][0];
}
else if(imode == CFB1)
{
for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
sb(ciphertext,n1,gb(ctext[j-n2],0));
}
else
switch (akeysz)
{
case 128:
memcpy(ciphertext, ctext[j], 16);
break;
case 192:
memcpy(ciphertext, ctext[j-1]+8, 8);
memcpy(ciphertext+8, ctext[j], 16);
break;
case 256:
memcpy(ciphertext, ctext[j-1], 16);
memcpy(ciphertext+16, ctext[j], 16);
break;
}
}
else
{
if (imode == CFB8)
{ /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
ciphertext[n1] = ptext[j-n2][0];
}
else if(imode == CFB1)
{
for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
sb(ciphertext,n1,gb(ptext[j-n2],0));
}
else
switch (akeysz)
{
case 128:
memcpy(ciphertext, ptext[j], 16);
break;
case 192:
memcpy(ciphertext, ptext[j-1]+8, 8);
memcpy(ciphertext+8, ptext[j], 16);
break;
case 256:
memcpy(ciphertext, ptext[j-1], 16);
memcpy(ciphertext+16, ptext[j], 16);
break;
}
}
/* Compute next key: Key[i+1] = Key[i] xor ct */
for (n = 0; n < nkeysz; ++n)
key[i+1][n] = key[i][n] ^ ciphertext[n];
/* Compute next IV and text */
if (dir == XENCRYPT)
{
switch (imode)
{
case ECB:
memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE);
break;
case CBC:
case OFB:
case CFB128:
memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE);
memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE);
break;
case CFB8:
/* IV[i+1] = ct */
for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
iv[i+1][n1] = ctext[j-n2][0];
ptext[0][0] = ctext[j-16][0];
break;
case CFB1:
for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
sb(iv[i+1],n1,gb(ctext[j-n2],0));
ptext[0][0]=ctext[j-128][0]&0x80;
break;
}
}
else
{
switch (imode)
{
case ECB:
memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE);
break;
case CBC:
case OFB:
case CFB128:
memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE);
memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE);
break;
case CFB8:
for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
iv[i+1][n1] = ptext[j-n2][0];
ctext[0][0] = ptext[j-16][0];
break;
case CFB1:
for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
sb(iv[i+1],n1,gb(ptext[j-n2],0));
ctext[0][0]=ptext[j-128][0]&0x80;
break;
}
}
}
FIPS_cipher_ctx_cleanup(&ctx);
return ret;
}
/*================================================*/
/*----------------------------
# Config info for v-one
# AESVS MMT test data for ECB
# State : Encrypt and Decrypt
# Key Length : 256
# Fri Aug 30 04:07:22 PM
----------------------------*/
static int proc_file(char *rqfile, char *rspfile)
{
char afn[256], rfn[256];
FILE *afp = NULL, *rfp = NULL;
char ibuf[2048];
char tbuf[2048];
int len;
char algo[8] = "";
char amode[8] = "";
char atest[8] = "";
int akeysz = 0;
unsigned char iVec[20], aKey[40];
int dir = -1, err = 0, step = 0;
unsigned char plaintext[2048];
unsigned char ciphertext[2048];
char *rp;
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
if (!rqfile || !(*rqfile))
{
printf("No req file\n");
return -1;
}
strcpy(afn, rqfile);
if ((afp = fopen(afn, "r")) == NULL)
{
printf("Cannot open file: %s, %s\n",
afn, strerror(errno));
return -1;
}
if (!rspfile)
{
strcpy(rfn,afn);
rp=strstr(rfn,"req/");
#ifdef OPENSSL_SYS_WIN32
if (!rp)
rp=strstr(rfn,"req\\");
#endif
assert(rp);
memcpy(rp,"rsp",3);
rp = strstr(rfn, ".req");
memcpy(rp, ".rsp", 4);
rspfile = rfn;
}
if ((rfp = fopen(rspfile, "w")) == NULL)
{
printf("Cannot open file: %s, %s\n",
rfn, strerror(errno));
fclose(afp);
afp = NULL;
return -1;
}
while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
{
tidy_line(tbuf, ibuf);
/* printf("step=%d ibuf=%s",step,ibuf); */
switch (step)
{
case 0: /* read preamble */
if (ibuf[0] == '\n')
{ /* end of preamble */
if ((*algo == '\0') ||
(*amode == '\0') ||
(akeysz == 0))
{
printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n",
algo,amode,akeysz);
err = 1;
}
else
{
copy_line(ibuf, rfp);
++ step;
}
}
else if (ibuf[0] != '#')
{
printf("Invalid preamble item: %s\n", ibuf);
err = 1;
}
else
{ /* process preamble */
char *xp, *pp = ibuf+2;
int n;
if (akeysz)
{ /* insert current time & date */
time_t rtim = time(0);
fputs("# ", rfp);
copy_line(ctime(&rtim), rfp);
}
else
{
copy_line(ibuf, rfp);
if (strncmp(pp, "AESVS ", 6) == 0)
{
strcpy(algo, "AES");
/* get test type */
pp += 6;
xp = strchr(pp, ' ');
n = xp-pp;
strncpy(atest, pp, n);
atest[n] = '\0';
/* get mode */
xp = strrchr(pp, ' '); /* get mode" */
n = strlen(xp+1)-1;
strncpy(amode, xp+1, n);
amode[n] = '\0';
/* amode[3] = '\0'; */
if (VERBOSE)
printf("Test = %s, Mode = %s\n", atest, amode);
}
else if (fips_strncasecmp(pp, "Key Length : ", 13) == 0)
{
akeysz = atoi(pp+13);
if (VERBOSE)
printf("Key size = %d\n", akeysz);
}
}
}
break;
case 1: /* [ENCRYPT] | [DECRYPT] */
if (ibuf[0] == '[')
{
copy_line(ibuf, rfp);
++step;
if (fips_strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
dir = 1;
else if (fips_strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
dir = 0;
else
{
printf("Invalid keyword: %s\n", ibuf);
err = 1;
}
break;
}
else if (dir == -1)
{
err = 1;
printf("Missing ENCRYPT/DECRYPT keyword\n");
break;
}
else
step = 2;
case 2: /* KEY = xxxx */
copy_line(ibuf, rfp);
if(*ibuf == '\n')
break;
if(!fips_strncasecmp(ibuf,"COUNT = ",8))
break;
if (fips_strncasecmp(ibuf, "KEY = ", 6) != 0)
{
printf("Missing KEY\n");
err = 1;
}
else
{
len = hex2bin((char*)ibuf+6, aKey);
if (len < 0)
{
printf("Invalid KEY\n");
err =1;
break;
}
PrintValue("KEY", aKey, len);
if (strcmp(amode, "ECB") == 0)
{
memset(iVec, 0, sizeof(iVec));
step = (dir)? 4: 5; /* no ivec for ECB */
}
else
++step;
}
break;
case 3: /* IV = xxxx */
copy_line(ibuf, rfp);
if (fips_strncasecmp(ibuf, "IV = ", 5) != 0)
{
printf("Missing IV\n");
err = 1;
}
else
{
len = hex2bin((char*)ibuf+5, iVec);
if (len < 0)
{
printf("Invalid IV\n");
err =1;
break;
}
PrintValue("IV", iVec, len);
step = (dir)? 4: 5;
}
break;
case 4: /* PLAINTEXT = xxxx */
copy_line(ibuf, rfp);
if (fips_strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
{
printf("Missing PLAINTEXT\n");
err = 1;
}
else
{
int nn = strlen(ibuf+12);
if(!strcmp(amode,"CFB1"))
len=bint2bin(ibuf+12,nn-1,plaintext);
else
len=hex2bin(ibuf+12, plaintext);
if (len < 0)
{
printf("Invalid PLAINTEXT: %s", ibuf+12);
err =1;
break;
}
if (len >= (int)sizeof(plaintext))
{
printf("Buffer overflow\n");
}
PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
{
if(do_mct(amode, akeysz, aKey, iVec,
dir, (unsigned char*)plaintext, len,
rfp) < 0)
err = 1;
}
else
{
AESTest(&ctx, amode, akeysz, aKey, iVec,
dir, /* 0 = decrypt, 1 = encrypt */
plaintext, ciphertext, len);
OutputValue("CIPHERTEXT",ciphertext,len,rfp,
!strcmp(amode,"CFB1"));
}
step = 6;
}
break;
case 5: /* CIPHERTEXT = xxxx */
copy_line(ibuf, rfp);
if (fips_strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
{
printf("Missing KEY\n");
err = 1;
}
else
{
if(!strcmp(amode,"CFB1"))
len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
else
len = hex2bin(ibuf+13,ciphertext);
if (len < 0)
{
printf("Invalid CIPHERTEXT\n");
err =1;
break;
}
PrintValue("CIPHERTEXT", ciphertext, len);
if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
{
do_mct(amode, akeysz, aKey, iVec,
dir, ciphertext, len, rfp);
}
else
{
AESTest(&ctx, amode, akeysz, aKey, iVec,
dir, /* 0 = decrypt, 1 = encrypt */
plaintext, ciphertext, len);
OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
!strcmp(amode,"CFB1"));
}
step = 6;
}
break;
case 6:
if (ibuf[0] != '\n')
{
err = 1;
printf("Missing terminator\n");
}
else if (strcmp(atest, "MCT") != 0)
{ /* MCT already added terminating nl */
copy_line(ibuf, rfp);
}
step = 1;
break;
}
}
if (rfp)
fclose(rfp);
if (afp)
fclose(afp);
FIPS_cipher_ctx_cleanup(&ctx);
return err;
}
/*--------------------------------------------------
Processes either a single file or
a set of files whose names are passed in a file.
A single file is specified as:
aes_test -f xxx.req
A set of files is specified as:
aes_test -d xxxxx.xxx
The default is: -d req.txt
--------------------------------------------------*/
#ifdef FIPS_ALGVS
int fips_aesavs_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
char *rqlist = "req.txt", *rspfile = NULL;
FILE *fp = NULL;
char fn[250] = "", rfn[256] = "";
int d_opt = 1;
fips_algtest_init();
if (argc > 1)
{
if (strcasecmp(argv[1], "-d") == 0)
{
d_opt = 1;
}
else if (strcasecmp(argv[1], "-f") == 0)
{
d_opt = 0;
}
else
{
printf("Invalid parameter: %s\n", argv[1]);
return 0;
}
if (argc < 3)
{
printf("Missing parameter\n");
return 0;
}
if (d_opt)
rqlist = argv[2];
else
{
strcpy(fn, argv[2]);
rspfile = argv[3];
}
}
if (d_opt)
{ /* list of files (directory) */
if (!(fp = fopen(rqlist, "r")))
{
printf("Cannot open req list file\n");
return -1;
}
while (fgets(fn, sizeof(fn), fp))
{
strtok(fn, "\r\n");
strcpy(rfn, fn);
if (VERBOSE)
printf("Processing: %s\n", rfn);
if (proc_file(rfn, rspfile))
{
printf(">>> Processing failed for: %s <<<\n", rfn);
return 1;
}
}
fclose(fp);
}
else /* single file */
{
if (VERBOSE)
printf("Processing: %s\n", fn);
if (proc_file(fn, rspfile))
{
printf(">>> Processing failed for: %s <<<\n", fn);
}
}
return 0;
}
#endif

571
fips/aes/fips_gcmtest.c
View File

@ -1,571 +0,0 @@
/* fips/aes/fips_gcmtest.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include <openssl/opensslconf.h>
#ifndef OPENSSL_FIPS
#include <stdio.h>
int main(int argc, char **argv)
{
printf("No FIPS GCM support\n");
return(0);
}
#else
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/fips.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <string.h>
#include <ctype.h>
#include "fips_utl.h"
static void gcmtest(FILE *in, FILE *out, int encrypt)
{
char buf[2048];
char lbuf[2048];
char *keyword, *value;
int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1;
int rv;
long l;
unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL;
unsigned char *ct = NULL, *pt = NULL;
EVP_CIPHER_CTX ctx;
const EVP_CIPHER *gcm = NULL;
FIPS_cipher_ctx_init(&ctx);
while(fgets(buf,sizeof buf,in) != NULL)
{
fputs(buf,out);
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
if(!strcmp(keyword,"[Keylen"))
{
keylen = atoi(value);
if (keylen == 128)
gcm = EVP_aes_128_gcm();
else if (keylen == 192)
gcm = EVP_aes_192_gcm();
else if (keylen == 256)
gcm = EVP_aes_256_gcm();
else
{
fprintf(stderr, "Unsupported keylen %d\n",
keylen);
}
keylen >>= 3;
}
else if (!strcmp(keyword, "[IVlen"))
ivlen = atoi(value) >> 3;
else if (!strcmp(keyword, "[AADlen"))
aadlen = atoi(value) >> 3;
else if (!strcmp(keyword, "[Taglen"))
taglen = atoi(value) >> 3;
else if (!strcmp(keyword, "[PTlen"))
ptlen = atoi(value) >> 3;
else if(!strcmp(keyword,"Key"))
{
key = hex2bin_m(value, &l);
if (l != keylen)
{
fprintf(stderr, "Inconsistent Key length\n");
exit(1);
}
}
else if(!strcmp(keyword,"IV"))
{
iv = hex2bin_m(value, &l);
if (l != ivlen)
{
fprintf(stderr, "Inconsistent IV length\n");
exit(1);
}
}
else if(!strcmp(keyword,"PT"))
{
pt = hex2bin_m(value, &l);
if (l != ptlen)
{
fprintf(stderr, "Inconsistent PT length\n");
exit(1);
}
}
else if(!strcmp(keyword,"CT"))
{
ct = hex2bin_m(value, &l);
if (l != ptlen)
{
fprintf(stderr, "Inconsistent CT length\n");
exit(1);
}
}
else if(!strcmp(keyword,"AAD"))
{
aad = hex2bin_m(value, &l);
if (l != aadlen)
{
fprintf(stderr, "Inconsistent AAD length\n");
exit(1);
}
}
else if(!strcmp(keyword,"Tag"))
{
tag = hex2bin_m(value, &l);
if (l != taglen)
{
fprintf(stderr, "Inconsistent Tag length\n");
exit(1);
}
}
if (encrypt && pt && aad && (iv || encrypt==1))
{
tag = OPENSSL_malloc(taglen);
FIPS_cipherinit(&ctx, gcm, NULL, NULL, 1);
/* Relax FIPS constraints for testing */
M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
if (encrypt == 1)
{
static unsigned char iv_fixed[4] = {1,2,3,4};
if (!iv)
iv = OPENSSL_malloc(ivlen);
FIPS_cipherinit(&ctx, NULL, key, NULL, 1);
FIPS_cipher_ctx_ctrl(&ctx,
EVP_CTRL_GCM_SET_IV_FIXED,
4, iv_fixed);
if (!FIPS_cipher_ctx_ctrl(&ctx,
EVP_CTRL_GCM_IV_GEN, 0, iv))
{
fprintf(stderr, "IV gen error\n");
exit(1);
}
OutputValue("IV", iv, ivlen, out, 0);
}
else
FIPS_cipherinit(&ctx, NULL, key, iv, 1);
if (aadlen)
FIPS_cipher(&ctx, NULL, aad, aadlen);
if (ptlen)
{
ct = OPENSSL_malloc(ptlen);
rv = FIPS_cipher(&ctx, ct, pt, ptlen);
}
FIPS_cipher(&ctx, NULL, NULL, 0);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG,
taglen, tag);
OutputValue("CT", ct, ptlen, out, 0);
OutputValue("Tag", tag, taglen, out, 0);
if (iv)
OPENSSL_free(iv);
if (aad)
OPENSSL_free(aad);
if (ct)
OPENSSL_free(ct);
if (pt)
OPENSSL_free(pt);
if (key)
OPENSSL_free(key);
if (tag)
OPENSSL_free(tag);
iv = aad = ct = pt = key = tag = NULL;
}
if (!encrypt && tag)
{
FIPS_cipherinit(&ctx, gcm, NULL, NULL, 0);
/* Relax FIPS constraints for testing */
M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
FIPS_cipherinit(&ctx, NULL, key, iv, 0);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag);
if (aadlen)
FIPS_cipher(&ctx, NULL, aad, aadlen);
if (ptlen)
{
pt = OPENSSL_malloc(ptlen);
rv = FIPS_cipher(&ctx, pt, ct, ptlen);
}
rv = FIPS_cipher(&ctx, NULL, NULL, 0);
if (rv < 0)
fprintf(out, "FAIL" RESP_EOL);
else
OutputValue("PT", pt, ptlen, out, 0);
if (iv)
OPENSSL_free(iv);
if (aad)
OPENSSL_free(aad);
if (ct)
OPENSSL_free(ct);
if (pt)
OPENSSL_free(pt);
if (key)
OPENSSL_free(key);
if (tag)
OPENSSL_free(tag);
iv = aad = ct = pt = key = tag = NULL;
}
}
FIPS_cipher_ctx_cleanup(&ctx);
}
static void xtstest(FILE *in, FILE *out)
{
char buf[204800];
char lbuf[204800];
char *keyword, *value;
int inlen = 0;
int encrypt = 0;
long l;
unsigned char *key = NULL, *iv = NULL;
unsigned char *inbuf = NULL, *outbuf = NULL;
EVP_CIPHER_CTX ctx;
const EVP_CIPHER *xts = NULL;
FIPS_cipher_ctx_init(&ctx);
while(fgets(buf,sizeof buf,in) != NULL)
{
fputs(buf,out);
if (buf[0] == '[' && strlen(buf) >= 9)
{
if(!strncmp(buf,"[ENCRYPT]", 9))
encrypt = 1;
else if(!strncmp(buf,"[DECRYPT]", 9))
encrypt = 0;
}
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
else if(!strcmp(keyword,"Key"))
{
key = hex2bin_m(value, &l);
if (l == 32)
xts = EVP_aes_128_xts();
else if (l == 64)
xts = EVP_aes_256_xts();
else
{
fprintf(stderr, "Inconsistent Key length\n");
exit(1);
}
}
else if(!strcmp(keyword,"i"))
{
iv = hex2bin_m(value, &l);
if (l != 16)
{
fprintf(stderr, "Inconsistent i length\n");
exit(1);
}
}
else if(encrypt && !strcmp(keyword,"PT"))
{
inbuf = hex2bin_m(value, &l);
inlen = l;
}
else if(!encrypt && !strcmp(keyword,"CT"))
{
inbuf = hex2bin_m(value, &l);
inlen = l;
}
if (inbuf)
{
FIPS_cipherinit(&ctx, xts, key, iv, encrypt);
outbuf = OPENSSL_malloc(inlen);
FIPS_cipher(&ctx, outbuf, inbuf, inlen);
OutputValue(encrypt ? "CT":"PT", outbuf, inlen, out, 0);
OPENSSL_free(inbuf);
OPENSSL_free(outbuf);
OPENSSL_free(key);
OPENSSL_free(iv);
iv = key = inbuf = outbuf = NULL;
}
}
FIPS_cipher_ctx_cleanup(&ctx);
}
static void ccmtest(FILE *in, FILE *out)
{
char buf[200048];
char lbuf[200048];
char *keyword, *value;
long l;
unsigned char *Key = NULL, *Nonce = NULL;
unsigned char *Adata = NULL, *Payload = NULL;
unsigned char *CT = NULL;
int Plen = -1, Nlen = -1, Tlen = -1, Alen = -1;
int decr = 0;
EVP_CIPHER_CTX ctx;
const EVP_CIPHER *ccm = NULL;
FIPS_cipher_ctx_init(&ctx);
while(fgets(buf,sizeof buf,in) != NULL)
{
char *p;
fputs(buf,out);
redo:
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
/* If surrounded by square brackets zap them */
if (keyword[0] == '[')
{
keyword++;
p = strchr(value, ']');
if (p)
*p = 0;
}
/* See if we have a comma separated list of parameters
* if so copy rest of line back to buffer and redo later.
*/
p = strchr(value, ',');
if (p)
{
*p = 0;
strcpy(buf, p + 1);
strcat(buf, "\n");
decr = 1;
}
if (!strcmp(keyword,"Plen"))
Plen = atoi(value);
else if (!strcmp(keyword,"Nlen"))
Nlen = atoi(value);
else if (!strcmp(keyword,"Tlen"))
Tlen = atoi(value);
else if (!strcmp(keyword,"Alen"))
Alen = atoi(value);
if (p)
goto redo;
if (!strcmp(keyword,"Key"))
{
if (Key)
OPENSSL_free(Key);
Key = hex2bin_m(value, &l);
if (l == 16)
ccm = EVP_aes_128_ccm();
else if (l == 24)
ccm = EVP_aes_192_ccm();
else if (l == 32)
ccm = EVP_aes_256_ccm();
else
{
fprintf(stderr, "Inconsistent Key length\n");
exit(1);
}
}
else if (!strcmp(keyword,"Nonce"))
{
if (Nonce)
OPENSSL_free(Nonce);
Nonce = hex2bin_m(value, &l);
if (l != Nlen)
{
fprintf(stderr, "Inconsistent nonce length\n");
exit(1);
}
}
else if (!strcmp(keyword,"Payload") && !decr)
{
Payload = hex2bin_m(value, &l);
if (Plen && l != Plen)
{
fprintf(stderr, "Inconsistent Payload length\n");
exit(1);
}
}
else if (!strcmp(keyword,"Adata"))
{
if (Adata)
OPENSSL_free(Adata);
Adata = hex2bin_m(value, &l);
if (Alen && l != Alen)
{
fprintf(stderr, "Inconsistent Payload length\n");
exit(1);
}
}
else if (!strcmp(keyword,"CT") && decr)
{
CT = hex2bin_m(value, &l);
if (l != (Plen + Tlen))
{
fprintf(stderr, "Inconsistent CT length\n");
exit(1);
}
}
if (Payload)
{
FIPS_cipherinit(&ctx, ccm, NULL, NULL, 1);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, Tlen, 0);
FIPS_cipherinit(&ctx, NULL, Key, Nonce, 1);
FIPS_cipher(&ctx, NULL, NULL, Plen);
FIPS_cipher(&ctx, NULL, Adata, Alen);
CT = OPENSSL_malloc(Plen + Tlen);
FIPS_cipher(&ctx, CT, Payload, Plen);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, Tlen,
CT + Plen);
OutputValue("CT", CT, Plen + Tlen, out, 0);
OPENSSL_free(CT);
OPENSSL_free(Payload);
CT = Payload = NULL;
}
if (CT)
{
int rv;
int len = Plen == 0 ? 1: Plen;
FIPS_cipherinit(&ctx, ccm, NULL, NULL, 0);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
Tlen, CT + Plen);
FIPS_cipherinit(&ctx, NULL, Key, Nonce, 0);
FIPS_cipher(&ctx, NULL, NULL, Plen);
FIPS_cipher(&ctx, NULL, Adata, Alen);
Payload = OPENSSL_malloc(len);
rv = FIPS_cipher(&ctx, Payload, CT, Plen);
if (rv >= 0)
{
if (rv == 0)
Payload[0] = 0;
fputs("Result = Pass" RESP_EOL, out);
OutputValue("Payload", Payload, len, out, 0);
}
else
fputs("Result = Fail" RESP_EOL, out);
OPENSSL_free(CT);
OPENSSL_free(Payload);
CT = Payload = NULL;
}
}
if (Key)
OPENSSL_free(Key);
if (Nonce)
OPENSSL_free(Nonce);
if (Adata)
OPENSSL_free(Adata);
FIPS_cipher_ctx_cleanup(&ctx);
}
#ifdef FIPS_ALGVS
int fips_gcmtest_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
int encrypt;
int xts = 0, ccm = 0;
FILE *in, *out;
if (argc == 4)
{
in = fopen(argv[2], "r");
if (!in)
{
fprintf(stderr, "Error opening input file\n");
exit(1);
}
out = fopen(argv[3], "w");
if (!out)
{
fprintf(stderr, "Error opening output file\n");
exit(1);
}
}
else if (argc == 2)
{
in = stdin;
out = stdout;
}
else
{
fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]);
exit(1);
}
fips_algtest_init();
if(!strcmp(argv[1],"-encrypt"))
encrypt = 1;
else if(!strcmp(argv[1],"-encryptIVext"))
encrypt = 2;
else if(!strcmp(argv[1],"-decrypt"))
encrypt = 0;
else if(!strcmp(argv[1],"-ccm"))
ccm = 1;
else if(!strcmp(argv[1],"-xts"))
xts = 1;
else
{
fprintf(stderr,"Don't know how to %s.\n",argv[1]);
exit(1);
}
if (ccm)
ccmtest(in, out);
else if (xts)
xtstest(in, out);
else
gcmtest(in, out, encrypt);
if (argc == 4)
{
fclose(in);
fclose(out);
}
return 0;
}
#endif

115
fips/cmac/Makefile
View File

@ -1,115 +0,0 @@
#
# OpenSSL/fips/cmac/Makefile
#
DIR= cmac
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST=fips_cmactest.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= fips_cmac_selftest.c
LIBOBJ= fips_cmac_selftest.o
SRC= $(LIBSRC)
EXHEADER=
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
install:
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done
tags:
ctags $(SRC)
tests:
Q=../testvectors/cmac/req
A=../testvectors/cmac/rsp
fips_test:
-rm -rf $(A)
mkdir $(A)
if [ -f $(Q)/CMACGenAES256.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_cmactest -g < $(Q)/CMACGenAES256.req > $(A)/CMACGenAES256.rsp; fi
if [ -f $(Q)/CMACVerAES256.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_cmactest -v < $(Q)/CMACVerAES256.req > $(A)/CMACVerAES256.rsp; fi
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips_cmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_cmac_selftest.o: ../../include/openssl/cmac.h
fips_cmac_selftest.o: ../../include/openssl/crypto.h
fips_cmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
fips_cmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_cmac_selftest.o: ../../include/openssl/lhash.h
fips_cmac_selftest.o: ../../include/openssl/obj_mac.h
fips_cmac_selftest.o: ../../include/openssl/objects.h
fips_cmac_selftest.o: ../../include/openssl/opensslconf.h
fips_cmac_selftest.o: ../../include/openssl/opensslv.h
fips_cmac_selftest.o: ../../include/openssl/ossl_typ.h
fips_cmac_selftest.o: ../../include/openssl/safestack.h
fips_cmac_selftest.o: ../../include/openssl/stack.h
fips_cmac_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
fips_cmac_selftest.o: fips_cmac_selftest.c
fips_cmactest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_cmactest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_cmactest.o: ../../include/openssl/cmac.h ../../include/openssl/crypto.h
fips_cmactest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_cmactest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_cmactest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
fips_cmactest.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
fips_cmactest.o: ../../include/openssl/obj_mac.h
fips_cmactest.o: ../../include/openssl/objects.h
fips_cmactest.o: ../../include/openssl/opensslconf.h
fips_cmactest.o: ../../include/openssl/opensslv.h
fips_cmactest.o: ../../include/openssl/ossl_typ.h
fips_cmactest.o: ../../include/openssl/safestack.h
fips_cmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fips_cmactest.o: ../fips_utl.h fips_cmactest.c

182
fips/cmac/fips_cmac_selftest.c
View File

@ -1,182 +0,0 @@
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/cmac.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS
typedef struct {
int nid;
const unsigned char key[EVP_MAX_KEY_LENGTH]; size_t keysize;
const unsigned char msg[64]; size_t msgsize;
const unsigned char mac[32]; size_t macsize;
} CMAC_KAT;
/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */
__fips_constseg
static const CMAC_KAT vector[] = {
{ NID_aes_128_cbc, /* Count = 32 from CMACGenAES128.txt */
{ 0x77,0xa7,0x7f,0xaf, 0x29,0x0c,0x1f,0xa3,
0x0c,0x68,0x3d,0xf1, 0x6b,0xa7,0xa7,0x7b, }, 128,
{ 0x02,0x06,0x83,0xe1, 0xf0,0x39,0x2f,0x4c,
0xac,0x54,0x31,0x8b, 0x60,0x29,0x25,0x9e,
0x9c,0x55,0x3d,0xbc, 0x4b,0x6a,0xd9,0x98,
0xe6,0x4d,0x58,0xe4, 0xe7,0xdc,0x2e,0x13, }, 256,
{ 0xfb,0xfe,0xa4,0x1b, }, 32
},
{ NID_aes_192_cbc, /* Count = 23 from CMACGenAES192.txt */
{ 0x7b,0x32,0x39,0x13, 0x69,0xaa,0x4c,0xa9,
0x75,0x58,0x09,0x5b, 0xe3,0xc3,0xec,0x86,
0x2b,0xd0,0x57,0xce, 0xf1,0xe3,0x2d,0x62, }, 192,
{ 0x0 }, 0,
{ 0xe4,0xd9,0x34,0x0b, 0x03,0xe6,0x7d,0xef,
0xd4,0x96,0x9c,0xc1, 0xed,0x37,0x35,0xe6, }, 128,
},
{ NID_aes_256_cbc, /* Count = 33 from CMACGenAES256.txt */
{ 0x0b,0x12,0x2a,0xc8, 0xf3,0x4e,0xd1,0xfe,
0x08,0x2a,0x36,0x25, 0xd1,0x57,0x56,0x14,
0x54,0x16,0x7a,0xc1, 0x45,0xa1,0x0b,0xbf,
0x77,0xc6,0xa7,0x05, 0x96,0xd5,0x74,0xf1, }, 256,
{ 0x49,0x8b,0x53,0xfd, 0xec,0x87,0xed,0xcb,
0xf0,0x70,0x97,0xdc, 0xcd,0xe9,0x3a,0x08,
0x4b,0xad,0x75,0x01, 0xa2,0x24,0xe3,0x88,
0xdf,0x34,0x9c,0xe1, 0x89,0x59,0xfe,0x84,
0x85,0xf8,0xad,0x15, 0x37,0xf0,0xd8,0x96,
0xea,0x73,0xbe,0xdc, 0x72,0x14,0x71,0x3f, }, 384,
{ 0xf6,0x2c,0x46,0x32, 0x9b, }, 40,
},
{ NID_des_ede3_cbc, /* Count = 41 from CMACGenTDES3.req */
{ 0x89,0xbc,0xd9,0x52, 0xa8,0xc8,0xab,0x37,
0x1a,0xf4,0x8a,0xc7, 0xd0,0x70,0x85,0xd5,
0xef,0xf7,0x02,0xe6, 0xd6,0x2c,0xdc,0x23, }, 192,
{ 0xfa,0x62,0x0c,0x1b, 0xbe,0x97,0x31,0x9e,
0x9a,0x0c,0xf0,0x49, 0x21,0x21,0xf7,0xa2,
0x0e,0xb0,0x8a,0x6a, 0x70,0x9d,0xcb,0xd0,
0x0a,0xaf,0x38,0xe4, 0xf9,0x9e,0x75,0x4e, }, 256,
{ 0x8f,0x49,0xa1,0xb7, 0xd6,0xaa,0x22,0x58, }, 64,
},
};
int FIPS_selftest_cmac()
{
size_t n, outlen;
unsigned char out[32];
const EVP_CIPHER *cipher;
CMAC_CTX *ctx = CMAC_CTX_new();
const CMAC_KAT *t;
int subid = -1, rv = 1;
for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
{
cipher = FIPS_get_cipherbynid(t->nid);
if (!cipher)
{
rv = -1;
goto err;
}
subid = M_EVP_CIPHER_nid(cipher);
if (!fips_post_started(FIPS_TEST_CMAC, subid, 0))
continue;
if (!CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0))
{
rv = -1;
goto err;
}
if (!CMAC_Update(ctx, t->msg, t->msgsize/8))
{
rv = -1;
goto err;
}
if (!fips_post_corrupt(FIPS_TEST_CMAC, subid, NULL))
{
if (!CMAC_Update(ctx, t->msg, 1))
{
rv = -1;
goto err;
}
}
if (!CMAC_Final(ctx, out, &outlen))
{
rv = -1;
goto err;
}
CMAC_CTX_cleanup(ctx);
if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))
{
fips_post_failed(FIPS_TEST_CMAC, subid, NULL);
rv = 0;
}
else if (!fips_post_success(FIPS_TEST_CMAC, subid, NULL))
{
rv = 0;
goto err;
}
}
err:
CMAC_CTX_free(ctx);
if (rv == -1)
{
fips_post_failed(FIPS_TEST_CMAC, subid, NULL);
rv = 0;
}
if (!rv)
FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
return rv;
}
#endif

517
fips/cmac/fips_cmactest.c
View File

@ -1,517 +0,0 @@
/* fips_cmactest.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2005.
*/
/* ====================================================================
* Copyright (c) 2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define OPENSSL_FIPSAPI
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/cmac.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#ifndef OPENSSL_FIPS
int main(int argc, char *argv[])
{
printf("No FIPS CMAC support\n");
return(0);
}
#else
#include <openssl/fips.h>
#include "fips_utl.h"
static int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
int mode, int Klen_counts_keys, int known_keylen);
static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
unsigned char *Key, int Klen,
unsigned char *Msg, int Msglen,
int Tlen);
static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
unsigned char *Key, int Klen,
unsigned char *Msg, int Msglen,
unsigned char *Mac, int Maclen,
int Tlen);
#ifdef FIPS_ALGVS
int fips_cmactest_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
FILE *in = NULL, *out = NULL;
int mode = 0; /* 0 => Generate, 1 => Verify */
int Klen_counts_keys = 0; /* 0 => Klen is size of one key
1 => Klen is amount of keys
*/
int known_keylen = 0; /* Only set when Klen_counts_keys = 1 */
const EVP_CIPHER *cipher = 0;
int ret = 1;
fips_algtest_init();
while (argc > 1 && argv[1][0] == '-')
{
switch (argv[1][1])
{
case 'a':
{
char *p = &argv[1][2];
if (*p == '\0')
{
if (argc <= 2)
{
fprintf(stderr, "Option %s needs a value\n", argv[1]);
goto end;
}
argv++;
argc--;
p = &argv[1][0];
}
if (!strcmp(p, "aes128"))
cipher = EVP_aes_128_cbc();
else if (!strcmp(p, "aes192"))
cipher = EVP_aes_192_cbc();
else if (!strcmp(p, "aes256"))
cipher = EVP_aes_256_cbc();
else if (!strcmp(p, "tdea3") || !strcmp(p, "tdes3"))
{
cipher = EVP_des_ede3_cbc();
Klen_counts_keys = 1;
known_keylen = 8;
}
else
{
fprintf(stderr, "Unknown algorithm %s\n", p);
goto end;
}
}
break;
case 'g':
mode = 0;
break;
case 'v':
mode = 1;
break;
default:
fprintf(stderr, "Unknown option %s\n", argv[1]);
goto end;
}
argv++;
argc--;
}
if (argc == 1)
in = stdin;
else
in = fopen(argv[1], "r");
if (argc < 2)
out = stdout;
else
out = fopen(argv[2], "w");
if (!in)
{
fprintf(stderr, "FATAL input initialization error\n");
goto end;
}
if (!out)
{
fprintf(stderr, "FATAL output initialization error\n");
goto end;
}
if (!cmac_test(cipher, out, in, mode,
Klen_counts_keys, known_keylen))
{
fprintf(stderr, "FATAL cmac file processing error\n");
goto end;
}
else
ret = 0;
end:
if (in && (in != stdin))
fclose(in);
if (out && (out != stdout))
fclose(out);
return ret;
}
#define CMAC_TEST_MAXLINELEN 150000
int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
int mode, int Klen_counts_keys, int known_keylen)
{
char *linebuf, *olinebuf, *p, *q;
char *keyword, *value;
unsigned char **Keys = NULL, *Msg = NULL, *Mac = NULL;
unsigned char *Key = NULL;
int Count, Klen, Mlen, Tlen;
long Keylen, Msglen, Maclen;
int ret = 0;
int lnum = 0;
olinebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
linebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
if (!linebuf || !olinebuf)
goto error;
Count = -1;
Klen = -1;
Mlen = -1;
Tlen = -1;
while (fgets(olinebuf, CMAC_TEST_MAXLINELEN, in))
{
lnum++;
strcpy(linebuf, olinebuf);
keyword = linebuf;
/* Skip leading space */
while (isspace((unsigned char)*keyword))
keyword++;
/* Skip comments */
if (keyword[0] == '#')
{
if (fputs(olinebuf, out) < 0)
goto error;
continue;
}
/* Look for = sign */
p = strchr(linebuf, '=');
/* If no = or starts with [ (for [L=20] line) just copy */
if (!p)
{
if (fputs(olinebuf, out) < 0)
goto error;
continue;
}
q = p - 1;
/* Remove trailing space */
while (isspace((unsigned char)*q))
*q-- = 0;
*p = 0;
value = p + 1;
/* Remove leading space from value */
while (isspace((unsigned char)*value))
value++;
/* Remove trailing space from value */
p = value + strlen(value) - 1;
while (*p == '\n' || isspace((unsigned char)*p))
*p-- = 0;
if (!strcmp(keyword, "Count"))
{
if (Count != -1)
goto parse_error;
Count = atoi(value);
if (Count < 0)
goto parse_error;
}
else if (!strcmp(keyword, "Klen"))
{
if (Klen != -1)
goto parse_error;
Klen = atoi(value);
if (Klen < 0)
goto parse_error;
if (Klen_counts_keys)
{
Keys = OPENSSL_malloc(sizeof(*Keys) * Klen);
memset(Keys, '\0', sizeof(*Keys) * Klen);
}
else
{
Keys = OPENSSL_malloc(sizeof(*Keys));
memset(Keys, '\0', sizeof(*Keys));
}
}
else if (!strcmp(keyword, "Mlen"))
{
if (Mlen != -1)
goto parse_error;
Mlen = atoi(value);
if (Mlen < 0)
goto parse_error;
}
else if (!strcmp(keyword, "Tlen"))
{
if (Tlen != -1)
goto parse_error;
Tlen = atoi(value);
if (Tlen < 0)
goto parse_error;
}
else if (!strcmp(keyword, "Key") && !Klen_counts_keys)
{
if (Keys[0])
goto parse_error;
Keys[0] = hex2bin_m(value, &Keylen);
if (!Keys[0])
goto parse_error;
}
else if (!strncmp(keyword, "Key", 3) && Klen_counts_keys)
{
int keynum = atoi(keyword + 3);
if (!keynum || keynum > Klen || Keys[keynum-1])
goto parse_error;
Keys[keynum-1] = hex2bin_m(value, &Keylen);
if (!Keys[keynum-1])
goto parse_error;
}
else if (!strcmp(keyword, "Msg"))
{
if (Msg)
goto parse_error;
Msg = hex2bin_m(value, &Msglen);
if (!Msg)
goto parse_error;
}
else if (!strcmp(keyword, "Mac"))
{
if (mode == 0)
continue;
if (Mac)
goto parse_error;
Mac = hex2bin_m(value, &Maclen);
if (!Mac)
goto parse_error;
}
else if (!strcmp(keyword, "Result"))
{
if (mode == 1)
continue;
goto parse_error;
}
else
goto parse_error;
fputs(olinebuf, out);
if (Keys && Msg && (!mode || Mac) && (Tlen > 0) && (Klen > 0))
{
if (Klen_counts_keys)
{
int x;
Key = OPENSSL_malloc(Klen * known_keylen);
for (x = 0; x < Klen; x++)
{
memcpy(Key + x * known_keylen,
Keys[x], known_keylen);
OPENSSL_free(Keys[x]);
}
Klen *= known_keylen;
}
else
{
Key = OPENSSL_malloc(Klen);
memcpy(Key, Keys[0], Klen);
OPENSSL_free(Keys[0]);
}
OPENSSL_free(Keys);
switch(mode)
{
case 0:
if (!print_cmac_gen(cipher, out,
Key, Klen,
Msg, Mlen,
Tlen))
goto error;
break;
case 1:
if (!print_cmac_ver(cipher, out,
Key, Klen,
Msg, Mlen,
Mac, Maclen,
Tlen))
goto error;
break;
}
OPENSSL_free(Key);
Key = NULL;
OPENSSL_free(Msg);
Msg = NULL;
OPENSSL_free(Mac);
Mac = NULL;
Klen = -1;
Mlen = -1;
Tlen = -1;
Count = -1;
}
}
ret = 1;
error:
if (olinebuf)
OPENSSL_free(olinebuf);
if (linebuf)
OPENSSL_free(linebuf);
if (Key)
OPENSSL_free(Key);
if (Msg)
OPENSSL_free(Msg);
if (Mac)
OPENSSL_free(Mac);
return ret;
parse_error:
fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
goto error;
}
static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
unsigned char *Key, int Klen,
unsigned char *Msg, int Mlen,
int Tlen)
{
int rc, i;
size_t reslen;
unsigned char res[128];
CMAC_CTX *cmac_ctx = CMAC_CTX_new();
CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
CMAC_Update(cmac_ctx, Msg, Mlen);
if (!CMAC_Final(cmac_ctx, res, &reslen))
{
fputs("Error calculating CMAC\n", stderr);
rc = 0;
}
else if (Tlen > (int)reslen)
{
fputs("Parameter error, Tlen > CMAC length\n", stderr);
rc = 0;
}
else
{
fputs("Mac = ", out);
for (i = 0; i < Tlen; i++)
fprintf(out, "%02x", res[i]);
fputs(RESP_EOL, out);
rc = 1;
}
CMAC_CTX_free(cmac_ctx);
return rc;
}
static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
unsigned char *Key, int Klen,
unsigned char *Msg, int Mlen,
unsigned char *Mac, int Maclen,
int Tlen)
{
int rc = 1;
size_t reslen;
unsigned char res[128];
CMAC_CTX *cmac_ctx = CMAC_CTX_new();
CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
CMAC_Update(cmac_ctx, Msg, Mlen);
if (!CMAC_Final(cmac_ctx, res, &reslen))
{
fputs("Error calculating CMAC\n", stderr);
rc = 0;
}
else if (Tlen > (int)reslen)
{
fputs("Parameter error, Tlen > CMAC length\n", stderr);
rc = 0;
}
else if (Tlen != Maclen)
{
fputs("Parameter error, Tlen != resulting Mac length\n", stderr);
rc = 0;
}
else
{
if (!memcmp(Mac, res, Maclen))
fputs("Result = P" RESP_EOL, out);
else
fputs("Result = F" RESP_EOL, out);
}
CMAC_CTX_free(cmac_ctx);
return rc;
}
#endif

113
fips/des/Makefile
View File

@ -1,113 +0,0 @@
#
# OpenSSL/fips/des/Makefile
#
DIR= des
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
ASFLAGS= $(INCLUDES) $(ASFLAG)
AFLAGS= $(ASFLAGS)
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST= fips_desmovs.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC=fips_des_selftest.c
LIBOBJ=fips_des_selftest.o
SRC= $(LIBSRC)
EXHEADER=
HEADER=
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
install:
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done
tags:
ctags $(SRC)
tests:
fips_test:
-find ../testvectors/tdes/req -name '*.req' > testlist
-rm -rf ../testvectors/tdes/rsp
mkdir ../testvectors/tdes/rsp
if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_desmovs -d testlist; fi
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) \
$(SRC) $(TEST)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff testlist
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_des_selftest.o: ../../include/openssl/crypto.h
fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
fips_des_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_des_selftest.o: ../../include/openssl/lhash.h
fips_des_selftest.o: ../../include/openssl/obj_mac.h
fips_des_selftest.o: ../../include/openssl/objects.h
fips_des_selftest.o: ../../include/openssl/opensslconf.h
fips_des_selftest.o: ../../include/openssl/opensslv.h
fips_des_selftest.o: ../../include/openssl/ossl_typ.h
fips_des_selftest.o: ../../include/openssl/safestack.h
fips_des_selftest.o: ../../include/openssl/stack.h
fips_des_selftest.o: ../../include/openssl/symhacks.h fips_des_selftest.c
fips_desmovs.o: ../../e_os.h ../../include/openssl/aes.h
fips_desmovs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_desmovs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
fips_desmovs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
fips_desmovs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_desmovs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_desmovs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
fips_desmovs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
fips_desmovs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
fips_desmovs.o: ../../include/openssl/opensslconf.h
fips_desmovs.o: ../../include/openssl/opensslv.h
fips_desmovs.o: ../../include/openssl/ossl_typ.h
fips_desmovs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_desmovs.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
fips_desmovs.o: ../../include/openssl/ui_compat.h ../fips_utl.h fips_desmovs.c

106
fips/des/fips_des_selftest.c
View File

@ -1,106 +0,0 @@
/* ====================================================================
* Copyright (c) 2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/evp.h>
#include <openssl/opensslconf.h>
#ifdef OPENSSL_FIPS
__fips_constseg
static const struct
{
const unsigned char key[24];
const unsigned char plaintext[8];
const unsigned char ciphertext[8];
} tests3[]=
{
{
{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 },
{ 0x8f,0x8f,0xbf,0x9b,0x5d,0x48,0xb4,0x1c },
{ 0x59,0x8c,0xe5,0xd3,0x6c,0xa2,0xea,0x1b },
},
{
{ 0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE,
0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
{ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
{ 0x11,0x25,0xb0,0x35,0xbe,0xa0,0x82,0x86 },
},
};
int FIPS_selftest_des()
{
int n, ret = 0;
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
/* Encrypt/decrypt with 3DES and compare to known answers */
for(n=0 ; n < 2 ; ++n)
{
if (!fips_cipher_test(FIPS_TEST_CIPHER, &ctx, EVP_des_ede3_ecb(),
tests3[n].key, NULL,
tests3[n].plaintext, tests3[n].ciphertext, 8))
goto err;
}
ret = 1;
err:
FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0)
FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
return ret;
}
#endif

710
fips/des/fips_desmovs.c
View File

@ -1,710 +0,0 @@
/* ====================================================================
* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/*---------------------------------------------
NIST DES Modes of Operation Validation System
Test Program
Based on the AES Validation Suite, which was:
Donated to OpenSSL by:
V-ONE Corporation
20250 Century Blvd, Suite 300
Germantown, MD 20874
U.S.A.
----------------------------------------------*/
#define OPENSSL_FIPSAPI
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
#include <ctype.h>
#include <openssl/crypto.h>
#include <openssl/des.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include "e_os.h"
#ifndef OPENSSL_FIPS
int main(int argc, char *argv[])
{
printf("No FIPS DES support\n");
return(0);
}
#else
#include "fips_utl.h"
#include <openssl/fips.h>
#define DES_BLOCK_SIZE 8
#define VERBOSE 0
static int DESTest(EVP_CIPHER_CTX *ctx,
char *amode, int akeysz, unsigned char *aKey,
unsigned char *iVec,
int dir, /* 0 = decrypt, 1 = encrypt */
unsigned char *out, unsigned char *in, int len)
{
const EVP_CIPHER *cipher = NULL;
if (akeysz != 192)
{
printf("Invalid key size: %d\n", akeysz);
return 0;
}
if (fips_strcasecmp(amode, "CBC") == 0)
cipher = EVP_des_ede3_cbc();
else if (fips_strcasecmp(amode, "ECB") == 0)
cipher = EVP_des_ede3_ecb();
else if (fips_strcasecmp(amode, "CFB64") == 0)
cipher = EVP_des_ede3_cfb64();
else if (fips_strncasecmp(amode, "OFB", 3) == 0)
cipher = EVP_des_ede3_ofb();
else if(!fips_strcasecmp(amode,"CFB8"))
cipher = EVP_des_ede3_cfb8();
else if(!fips_strcasecmp(amode,"CFB1"))
cipher = EVP_des_ede3_cfb1();
else
{
printf("Unknown mode: %s\n", amode);
return 0;
}
if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0)
return 0;
if(!fips_strcasecmp(amode,"CFB1"))
M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
FIPS_cipher(ctx, out, in, len);
return 1;
}
#if 0
static void DebugValue(char *tag, unsigned char *val, int len)
{
char obuf[2048];
int olen;
olen = bin2hex(val, len, obuf);
printf("%s = %.*s\n", tag, olen, obuf);
}
#endif
static void shiftin(unsigned char *dst,unsigned char *src,int nbits)
{
int n;
/* move the bytes... */
memmove(dst,dst+nbits/8,3*8-nbits/8);
/* append new data */
memcpy(dst+3*8-nbits/8,src,(nbits+7)/8);
/* left shift the bits */
if(nbits%8)
for(n=0 ; n < 3*8 ; ++n)
dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8));
}
/*-----------------------------------------------*/
char *tdes_t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
char *tdes_t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
enum tdes_Mode {TCBC, TECB, TOFB, TCFB1, TCFB8, TCFB64};
int Sizes[6]={64,64,64,1,8,64};
static int do_tmct(char *amode,
int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec,
int dir, unsigned char *text, int len,
FILE *rfp)
{
int i,imode;
unsigned char nk[4*8]; /* longest key+8 */
unsigned char text0[8];
for (imode=0 ; imode < 6 ; ++imode)
if(!strcmp(amode,tdes_t_mode[imode]))
break;
if (imode == 6)
{
printf("Unrecognized mode: %s\n", amode);
return 0;
}
for(i=0 ; i < 400 ; ++i)
{
int j;
int n;
int kp=akeysz/64;
unsigned char old_iv[8];
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
fprintf(rfp,RESP_EOL "COUNT = %d" RESP_EOL,i);
if(kp == 1)
OutputValue("KEY",akey,8,rfp,0);
else
for(n=0 ; n < kp ; ++n)
{
fprintf(rfp,"KEY%d",n+1);
OutputValue("",akey+n*8,8,rfp,0);
}
if(imode != TECB)
OutputValue("IV",ivec,8,rfp,0);
OutputValue(tdes_t_tag[dir^1],text,len,rfp,imode == TCFB1);
#if 0
/* compensate for endianness */
if(imode == TCFB1)
text[0]<<=7;
#endif
memcpy(text0,text,8);
for(j=0 ; j < 10000 ; ++j)
{
unsigned char old_text[8];
memcpy(old_text,text,8);
if(j == 0)
{
memcpy(old_iv,ivec,8);
DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len);
}
else
{
memcpy(old_iv,ctx.iv,8);
FIPS_cipher(&ctx,text,text,len);
}
if(j == 9999)
{
OutputValue(tdes_t_tag[dir],text,len,rfp,imode == TCFB1);
/* memcpy(ivec,text,8); */
}
/* DebugValue("iv",ctx.iv,8); */
/* accumulate material for the next key */
shiftin(nk,text,Sizes[imode]);
/* DebugValue("nk",nk,24);*/
if((dir && (imode == TCFB1 || imode == TCFB8
|| imode == TCFB64 || imode == TCBC)) || imode == TOFB)
memcpy(text,old_iv,8);
if(!dir && (imode == TCFB1 || imode == TCFB8 || imode == TCFB64))
{
/* the test specifies using the output of the raw DES operation
which we don't have, so reconstruct it... */
for(n=0 ; n < 8 ; ++n)
text[n]^=old_text[n];
}
}
for(n=0 ; n < 8 ; ++n)
akey[n]^=nk[16+n];
for(n=0 ; n < 8 ; ++n)
akey[8+n]^=nk[8+n];
for(n=0 ; n < 8 ; ++n)
akey[16+n]^=nk[n];
if(numkeys < 3)
memcpy(&akey[2*8],akey,8);
if(numkeys < 2)
memcpy(&akey[8],akey,8);
DES_set_odd_parity((DES_cblock *)akey);
DES_set_odd_parity((DES_cblock *)(akey+8));
DES_set_odd_parity((DES_cblock *)(akey+16));
memcpy(ivec,ctx.iv,8);
/* pointless exercise - the final text doesn't depend on the
initial text in OFB mode, so who cares what it is? (Who
designed these tests?) */
if(imode == TOFB)
for(n=0 ; n < 8 ; ++n)
text[n]=text0[n]^old_iv[n];
FIPS_cipher_ctx_cleanup(&ctx);
}
return 1;
}
static int tproc_file(char *rqfile, char *rspfile)
{
char afn[256], rfn[256];
FILE *afp = NULL, *rfp = NULL;
char ibuf[2048], tbuf[2048];
int len;
char amode[8] = "";
char atest[100] = "";
int akeysz=0;
unsigned char iVec[20], aKey[40];
int dir = -1, err = 0, step = 0, echo = 1;
unsigned char plaintext[2048];
unsigned char ciphertext[2048];
char *rp;
EVP_CIPHER_CTX ctx;
int numkeys=1;
FIPS_cipher_ctx_init(&ctx);
if (!rqfile || !(*rqfile))
{
printf("No req file\n");
return -1;
}
strcpy(afn, rqfile);
if ((afp = fopen(afn, "r")) == NULL)
{
printf("Cannot open file: %s, %s\n",
afn, strerror(errno));
return -1;
}
if (!rspfile)
{
strcpy(rfn,afn);
rp=strstr(rfn,"req/");
#ifdef OPENSSL_SYS_WIN32
if (!rp)
rp=strstr(rfn,"req\\");
#endif
assert(rp);
memcpy(rp,"rsp",3);
rp = strstr(rfn, ".req");
memcpy(rp, ".rsp", 4);
rspfile = rfn;
}
if ((rfp = fopen(rspfile, "w")) == NULL)
{
printf("Cannot open file: %s, %s\n",
rfn, strerror(errno));
fclose(afp);
afp = NULL;
return -1;
}
while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
{
tidy_line(tbuf, ibuf);
/* printf("step=%d ibuf=%s",step,ibuf);*/
if(step == 3 && !strcmp(amode,"ECB"))
{
memset(iVec, 0, sizeof(iVec));
step = (dir)? 4: 5; /* no ivec for ECB */
}
switch (step)
{
case 0: /* read preamble */
if (ibuf[0] == '\n')
{ /* end of preamble */
if (*amode == '\0')
{
printf("Missing Mode\n");
err = 1;
}
else
{
copy_line(ibuf, rfp);
++ step;
}
}
else if (ibuf[0] != '#')
{
printf("Invalid preamble item: %s\n", ibuf);
err = 1;
}
else
{ /* process preamble */
char *xp, *pp = ibuf+2;
int n;
if(*amode)
{ /* insert current time & date */
time_t rtim = time(0);
fputs("# ", rfp);
copy_line(ctime(&rtim), rfp);
}
else
{
copy_line(ibuf, rfp);
if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4)
|| !strncmp(pp,"TDES ",5)
|| !strncmp(pp,"PERMUTATION ",12)
|| !strncmp(pp,"SUBSTITUTION ",13)
|| !strncmp(pp,"VARIABLE ",9))
{
/* get test type */
if(!strncmp(pp,"DES ",4))
pp+=4;
else if(!strncmp(pp,"TDES ",5))
pp+=5;
xp = strchr(pp, ' ');
n = xp-pp;
strncpy(atest, pp, n);
atest[n] = '\0';
/* get mode */
xp = strrchr(pp, ' '); /* get mode" */
n = strlen(xp+1)-1;
strncpy(amode, xp+1, n);
amode[n] = '\0';
if (!strcmp(atest, "Monte"))
echo = 0;
/* amode[3] = '\0'; */
if (VERBOSE)
printf("Test=%s, Mode=%s\n",atest,amode);
}
}
}
break;
case 1: /* [ENCRYPT] | [DECRYPT] */
if(ibuf[0] == '\n')
break;
if (ibuf[0] == '[')
{
copy_line(ibuf, rfp);
++step;
if (fips_strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
dir = 1;
else if (fips_strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
dir = 0;
else
{
printf("Invalid keyword: %s\n", ibuf);
err = 1;
}
break;
}
else if (dir == -1)
{
err = 1;
printf("Missing ENCRYPT/DECRYPT keyword\n");
break;
}
else
step = 2;
case 2: /* KEY = xxxx */
if(*ibuf == '\n')
{
copy_line(ibuf, rfp);
break;
}
if(!fips_strncasecmp(ibuf,"COUNT = ",8))
{
copy_line(ibuf, rfp);
break;
}
if(!fips_strncasecmp(ibuf,"COUNT=",6))
{
copy_line(ibuf, rfp);
break;
}
if(!fips_strncasecmp(ibuf,"NumKeys = ",10))
{
numkeys=atoi(ibuf+10);
break;
}
if (echo)
copy_line(ibuf, rfp);
if(!fips_strncasecmp(ibuf,"KEY = ",6))
{
akeysz=64;
len = hex2bin((char*)ibuf+6, aKey);
if (len < 0)
{
printf("Invalid KEY\n");
err=1;
break;
}
PrintValue("KEY", aKey, len);
++step;
}
else if(!fips_strncasecmp(ibuf,"KEYs = ",7))
{
akeysz=64*3;
len=hex2bin(ibuf+7,aKey);
if(len != 8)
{
printf("Invalid KEY\n");
err=1;
break;
}
memcpy(aKey+8,aKey,8);
memcpy(aKey+16,aKey,8);
ibuf[4]='\0';
PrintValue("KEYs",aKey,len);
++step;
}
else if(!fips_strncasecmp(ibuf,"KEY",3))
{
int n=ibuf[3]-'1';
akeysz=64*3;
len=hex2bin(ibuf+7,aKey+n*8);
if(len != 8)
{
printf("Invalid KEY\n");
err=1;
break;
}
ibuf[4]='\0';
PrintValue(ibuf,aKey,len);
if(n == 2)
++step;
}
else
{
printf("Missing KEY\n");
err = 1;
}
break;
case 3: /* IV = xxxx */
if (echo)
copy_line(ibuf, rfp);
if (fips_strncasecmp(ibuf, "IV = ", 5) != 0)
{
printf("Missing IV\n");
err = 1;
}
else
{
len = hex2bin((char*)ibuf+5, iVec);
if (len < 0)
{
printf("Invalid IV\n");
err =1;
break;
}
PrintValue("IV", iVec, len);
step = (dir)? 4: 5;
}
break;
case 4: /* PLAINTEXT = xxxx */
if (echo)
copy_line(ibuf, rfp);
if (fips_strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
{
printf("Missing PLAINTEXT\n");
err = 1;
}
else
{
int nn = strlen(ibuf+12);
if(!strcmp(amode,"CFB1"))
len=bint2bin(ibuf+12,nn-1,plaintext);
else
len=hex2bin(ibuf+12, plaintext);
if (len < 0)
{
printf("Invalid PLAINTEXT: %s", ibuf+12);
err =1;
break;
}
if (len >= (int)sizeof(plaintext))
{
printf("Buffer overflow\n");
}
PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
{
if (!do_tmct(amode,akeysz,numkeys,aKey,iVec,
dir,plaintext,len,rfp))
return -1;
}
else
{
assert(dir == 1);
DESTest(&ctx, amode, akeysz, aKey, iVec,
dir, /* 0 = decrypt, 1 = encrypt */
ciphertext, plaintext, len);
OutputValue("CIPHERTEXT",ciphertext,len,rfp,
!strcmp(amode,"CFB1"));
}
step = 6;
}
break;
case 5: /* CIPHERTEXT = xxxx */
if (echo)
copy_line(ibuf, rfp);
if (fips_strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
{
printf("Missing KEY\n");
err = 1;
}
else
{
if(!strcmp(amode,"CFB1"))
len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
else
len = hex2bin(ibuf+13,ciphertext);
if (len < 0)
{
printf("Invalid CIPHERTEXT\n");
err =1;
break;
}
PrintValue("CIPHERTEXT", ciphertext, len);
if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
{
do_tmct(amode, akeysz, numkeys, aKey, iVec,
dir, ciphertext, len, rfp);
}
else
{
assert(dir == 0);
DESTest(&ctx, amode, akeysz, aKey, iVec,
dir, /* 0 = decrypt, 1 = encrypt */
plaintext, ciphertext, len);
OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
!strcmp(amode,"CFB1"));
}
step = 6;
}
break;
case 6:
if (ibuf[0] != '\n')
{
err = 1;
printf("Missing terminator\n");
}
else if (strcmp(atest, "MCT") != 0)
{ /* MCT already added terminating nl */
copy_line(ibuf, rfp);
}
step = 1;
break;
}
}
if (rfp)
fclose(rfp);
if (afp)
fclose(afp);
FIPS_cipher_ctx_cleanup(&ctx);
return err;
}
/*--------------------------------------------------
Processes either a single file or
a set of files whose names are passed in a file.
A single file is specified as:
aes_test -f xxx.req
A set of files is specified as:
aes_test -d xxxxx.xxx
The default is: -d req.txt
--------------------------------------------------*/
#ifdef FIPS_ALGVS
int fips_desmovs_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
char *rqlist = "req.txt", *rspfile = NULL;
FILE *fp = NULL;
char fn[250] = "", rfn[256] = "";
int d_opt = 1;
fips_algtest_init();
if (argc > 1)
{
if (fips_strcasecmp(argv[1], "-d") == 0)
{
d_opt = 1;
}
else if (fips_strcasecmp(argv[1], "-f") == 0)
{
d_opt = 0;
}
else
{
printf("Invalid parameter: %s\n", argv[1]);
return 0;
}
if (argc < 3)
{
printf("Missing parameter\n");
return 0;
}
if (d_opt)
rqlist = argv[2];
else
{
strcpy(fn, argv[2]);
rspfile = argv[3];
}
}
if (d_opt)
{ /* list of files (directory) */
if (!(fp = fopen(rqlist, "r")))
{
printf("Cannot open req list file\n");
return -1;
}
while (fgets(fn, sizeof(fn), fp))
{
strtok(fn, "\r\n");
strcpy(rfn, fn);
printf("Processing: %s\n", rfn);
if (tproc_file(rfn, rspfile))
{
printf(">>> Processing failed for: %s <<<\n", rfn);
return -1;
}
}
fclose(fp);
}
else /* single file */
{
if (VERBOSE)
printf("Processing: %s\n", fn);
if (tproc_file(fn, rspfile))
{
printf(">>> Processing failed for: %s <<<\n", fn);
}
}
return 0;
}
#endif

99
fips/dh/Makefile
View File

@ -1,99 +0,0 @@
#
# OpenSSL/fips/dh/Makefile
#
DIR= dh
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST= fips_dhvs.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= fips_dh_lib.c
LIBOBJ= fips_dh_lib.o
SRC= $(LIBSRC)
EXHEADER=
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
install:
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done
tags:
ctags $(SRC)
tests:
fips_test:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips_dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
fips_dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
fips_dh_lib.o: ../../include/openssl/opensslconf.h
fips_dh_lib.o: ../../include/openssl/opensslv.h
fips_dh_lib.o: ../../include/openssl/ossl_typ.h
fips_dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_dh_lib.o: ../../include/openssl/symhacks.h fips_dh_lib.c
fips_dhvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_dhvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_dhvs.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
fips_dhvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_dhvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_dhvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
fips_dhvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
fips_dhvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
fips_dhvs.o: ../../include/openssl/opensslconf.h
fips_dhvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
fips_dhvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_dhvs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_dhvs.c

98
fips/dh/fips_dh_lib.c
View File

@ -1,98 +0,0 @@
/* fips_dh_lib.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2007.
*/
/* ====================================================================
* Copyright (c) 2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/fips.h>
/* Minimal FIPS versions of FIPS_dh_new() and FIPS_dh_free(): to
* reduce external dependencies.
*/
DH *FIPS_dh_new(void)
{
DH *ret;
ret = OPENSSL_malloc(sizeof(DH));
if (!ret)
return NULL;
memset(ret, 0, sizeof(DH));
ret->meth = DH_OpenSSL();
if (ret->meth->init)
ret->meth->init(ret);
return ret;
}
void FIPS_dh_free(DH *r)
{
if (!r)
return;
if (r->meth->finish)
r->meth->finish(r);
if (r->p != NULL) BN_clear_free(r->p);
if (r->g != NULL) BN_clear_free(r->g);
if (r->q != NULL) BN_clear_free(r->q);
if (r->j != NULL) BN_clear_free(r->j);
if (r->seed) OPENSSL_free(r->seed);
if (r->counter != NULL) BN_clear_free(r->counter);
if (r->pub_key != NULL) BN_clear_free(r->pub_key);
if (r->priv_key != NULL) BN_clear_free(r->priv_key);
OPENSSL_free(r);
}

292
fips/dh/fips_dhvs.c
View File

@ -1,292 +0,0 @@
/* fips/dh/fips_dhvs.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include <openssl/opensslconf.h>
#ifndef OPENSSL_FIPS
#include <stdio.h>
int main(int argc, char **argv)
{
printf("No FIPS DH support\n");
return(0);
}
#else
#include <openssl/crypto.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/fips.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <string.h>
#include <ctype.h>
#include "fips_utl.h"
static const EVP_MD *parse_md(char *line)
{
char *p;
if (line[0] != '[' || line[1] != 'F')
return NULL;
p = strchr(line, '-');
if (!p)
return NULL;
line = p + 1;
p = strchr(line, ']');
if (!p)
return NULL;
*p = 0;
p = line;
while(isspace(*p))
p++;
if (!strcmp(p, "SHA1"))
return EVP_sha1();
else if (!strcmp(p, "SHA224"))
return EVP_sha224();
else if (!strcmp(p, "SHA256"))
return EVP_sha256();
else if (!strcmp(p, "SHA384"))
return EVP_sha384();
else if (!strcmp(p, "SHA512"))
return EVP_sha512();
else
return NULL;
}
static void output_Zhash(FILE *out, int exout,
DH *dh, BIGNUM *peerkey, const EVP_MD *md,
unsigned char *rhash, size_t rhashlen)
{
unsigned char *Z;
unsigned char chash[EVP_MAX_MD_SIZE];
int Zlen;
if (rhash == NULL)
{
rhashlen = M_EVP_MD_size(md);
if (!DH_generate_key(dh))
exit (1);
do_bn_print_name(out, "YephemIUT", dh->pub_key);
if (exout)
do_bn_print_name(out, "XephemIUT", dh->priv_key);
}
Z = OPENSSL_malloc(BN_num_bytes(dh->p));
if (!Z)
exit(1);
Zlen = DH_compute_key_padded(Z, peerkey, dh);
if (exout)
OutputValue("Z", Z, Zlen, out, 0);
FIPS_digest(Z, Zlen, chash, NULL, md);
OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0);
if (rhash)
{
fprintf(out, "Result = %s\n",
memcmp(chash, rhash, rhashlen) ? "F" : "P");
}
else
{
BN_clear_free(dh->priv_key);
BN_clear_free(dh->pub_key);
dh->priv_key = NULL;
dh->pub_key = NULL;
}
OPENSSL_cleanse(Z, Zlen);
OPENSSL_free(Z);
}
#ifdef FIPS_ALGVS
int fips_dhvs_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
char **args = argv + 1;
int argn = argc - 1;
FILE *in, *out;
char buf[2048], lbuf[2048];
unsigned char *rhash;
long rhashlen;
DH *dh = NULL;
const EVP_MD *md = NULL;
BIGNUM *peerkey = NULL;
char *keyword = NULL, *value = NULL;
int do_verify = -1, exout = 0;
fips_algtest_init();
if (argn && !strcmp(*args, "dhver"))
{
do_verify = 1;
args++;
argn--;
}
else if (argn && !strcmp(*args, "dhgen"))
{
do_verify = 0;
args++;
argn--;
}
if (argn && !strcmp(*args, "-exout"))
{
exout = 1;
args++;
argn--;
}
if (do_verify == -1)
{
fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
exit(1);
}
if (argn == 2)
{
in = fopen(*args, "r");
if (!in)
{
fprintf(stderr, "Error opening input file\n");
exit(1);
}
out = fopen(args[1], "w");
if (!out)
{
fprintf(stderr, "Error opening output file\n");
exit(1);
}
}
else if (argn == 0)
{
in = stdin;
out = stdout;
}
else
{
fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
exit(1);
}
dh = FIPS_dh_new();
while (fgets(buf, sizeof(buf), in) != NULL)
{
fputs(buf, out);
if (strlen(buf) > 6 && !strncmp(buf, "[F", 2))
{
md = parse_md(buf);
if (md == NULL)
goto parse_error;
if (dh)
FIPS_dh_free(dh);
dh = FIPS_dh_new();
continue;
}
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
if (!strcmp(keyword, "P"))
{
if (!do_hex2bn(&dh->p, value))
goto parse_error;
}
else if (!strcmp(keyword, "Q"))
{
if (!do_hex2bn(&dh->q, value))
goto parse_error;
}
else if (!strcmp(keyword, "G"))
{
if (!do_hex2bn(&dh->g, value))
goto parse_error;
}
else if (!strcmp(keyword, "XephemIUT"))
{
if (!do_hex2bn(&dh->priv_key, value))
goto parse_error;
}
else if (!strcmp(keyword, "YephemIUT"))
{
if (!do_hex2bn(&dh->pub_key, value))
goto parse_error;
}
else if (!strcmp(keyword, "YephemCAVS"))
{
if (!do_hex2bn(&peerkey, value))
goto parse_error;
if (do_verify == 0)
output_Zhash(out, exout, dh, peerkey, md,
NULL, 0);
}
else if (!strcmp(keyword, "CAVSHashZZ"))
{
if (!md)
goto parse_error;
rhash = hex2bin_m(value, &rhashlen);
if (!rhash || rhashlen != M_EVP_MD_size(md))
goto parse_error;
output_Zhash(out, exout, dh, peerkey, md,
rhash, rhashlen);
}
}
if (in && in != stdin)
fclose(in);
if (out && out != stdout)
fclose(out);
return 0;
parse_error:
fprintf(stderr, "Error Parsing request file\n");
exit(1);
}
#endif

149
fips/dsa/Makefile
View File

@ -1,149 +0,0 @@
#
# OpenSSL/fips/dsa/Makefile
#
DIR= dsa
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST=fips_dsatest.c fips_dssvs.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= fips_dsa_selftest.c \
fips_dsa_lib.c fips_dsa_sign.c
LIBOBJ= fips_dsa_selftest.o \
fips_dsa_lib.o fips_dsa_sign.o
SRC= $(LIBSRC)
EXHEADER=
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
install:
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done
tags:
ctags $(SRC)
tests:
Q=../testvectors/dsa/req
A=../testvectors/dsa/rsp
fips_test:
-rm -rf $A
mkdir $A
if [ -f $(Q)/PQGGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs pqg < $(Q)/PQGGen.req > $(A)/PQGGen.rsp; fi
if [ -f $(Q)/KeyPair.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs keypair < $(Q)/KeyPair.req > $(A)/KeyPair.rsp; fi
if [ -f $(Q)/SigGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs siggen < $(Q)/SigGen.req > $(A)/SigGen.rsp; fi
if [ -f $(Q)/SigVer.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp; fi
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips_dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
fips_dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
fips_dsa_lib.o: ../../include/openssl/opensslconf.h
fips_dsa_lib.o: ../../include/openssl/opensslv.h
fips_dsa_lib.o: ../../include/openssl/ossl_typ.h
fips_dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_dsa_lib.o: ../../include/openssl/symhacks.h fips_dsa_lib.c
fips_dsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_dsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_dsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
fips_dsa_selftest.o: ../../include/openssl/obj_mac.h
fips_dsa_selftest.o: ../../include/openssl/objects.h
fips_dsa_selftest.o: ../../include/openssl/opensslconf.h
fips_dsa_selftest.o: ../../include/openssl/opensslv.h
fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h
fips_dsa_selftest.o: ../../include/openssl/safestack.h
fips_dsa_selftest.o: ../../include/openssl/stack.h
fips_dsa_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
fips_dsa_selftest.o: fips_dsa_selftest.c
fips_dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
fips_dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
fips_dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
fips_dsa_sign.o: ../../include/openssl/objects.h
fips_dsa_sign.o: ../../include/openssl/opensslconf.h
fips_dsa_sign.o: ../../include/openssl/opensslv.h
fips_dsa_sign.o: ../../include/openssl/ossl_typ.h
fips_dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
fips_dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fips_dsa_sign.o: fips_dsa_sign.c
fips_dsatest.o: ../../e_os.h ../../include/openssl/aes.h
fips_dsatest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_dsatest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
fips_dsatest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
fips_dsatest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
fips_dsatest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_dsatest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
fips_dsatest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
fips_dsatest.o: ../../include/openssl/objects.h
fips_dsatest.o: ../../include/openssl/opensslconf.h
fips_dsatest.o: ../../include/openssl/opensslv.h
fips_dsatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
fips_dsatest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_dsatest.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_dsatest.c
fips_dssvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_dssvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_dssvs.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
fips_dssvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_dssvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_dssvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
fips_dssvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
fips_dssvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
fips_dssvs.o: ../../include/openssl/opensslconf.h
fips_dssvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
fips_dssvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_dssvs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_dssvs.c

121
fips/dsa/fips_dsa_lib.c
View File

@ -1,121 +0,0 @@
/* fips_dsa_lib.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2007.
*/
/* ====================================================================
* Copyright (c) 2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/dsa.h>
#include <openssl/bn.h>
#include <openssl/fips.h>
/* Minimal FIPS versions of FIPS_dsa_new() and FIPS_dsa_free: to
* reduce external dependencies.
*/
DSA *FIPS_dsa_new(void)
{
DSA *ret;
ret = OPENSSL_malloc(sizeof(DSA));
if (!ret)
return NULL;
memset(ret, 0, sizeof(DSA));
ret->meth = DSA_OpenSSL();
if (ret->meth->init)
ret->meth->init(ret);
return ret;
}
void FIPS_dsa_free(DSA *r)
{
if (!r)
return;
if (r->meth->finish)
r->meth->finish(r);
if (r->p != NULL) BN_clear_free(r->p);
if (r->q != NULL) BN_clear_free(r->q);
if (r->g != NULL) BN_clear_free(r->g);
if (r->pub_key != NULL) BN_clear_free(r->pub_key);
if (r->priv_key != NULL) BN_clear_free(r->priv_key);
if (r->kinv != NULL) BN_clear_free(r->kinv);
if (r->r != NULL) BN_clear_free(r->r);
OPENSSL_free(r);
}
DSA_SIG *FIPS_dsa_sig_new(void)
{
DSA_SIG *sig;
sig = OPENSSL_malloc(sizeof(DSA_SIG));
if (!sig)
return NULL;
sig->r = NULL;
sig->s = NULL;
return sig;
}
void FIPS_dsa_sig_free(DSA_SIG *sig)
{
if (sig)
{
if (sig->r)
BN_free(sig->r);
if (sig->s)
BN_free(sig->s);
OPENSSL_free(sig);
}
}

183
fips/dsa/fips_dsa_selftest.c
View File

@ -1,183 +0,0 @@
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/dsa.h>
#include <openssl/fips.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS
__fips_constseg
static const unsigned char dsa_test_2048_p[] = {
0xa8,0x53,0x78,0xd8,0xfd,0x3f,0x8d,0x72,0xec,0x74,0x18,0x08,
0x0d,0xa2,0x13,0x17,0xe4,0x3e,0xc4,0xb6,0x2b,0xa8,0xc8,0x62,
0x3b,0x7e,0x4d,0x04,0x44,0x1d,0xd1,0xa0,0x65,0x86,0x62,0x59,
0x64,0x93,0xca,0x8e,0x9e,0x8f,0xbb,0x7e,0x34,0xaa,0xdd,0xb6,
0x2e,0x5d,0x67,0xb6,0xd0,0x9a,0x6e,0x61,0xb7,0x69,0xe7,0xc3,
0x52,0xaa,0x2b,0x10,0xe2,0x0c,0xa0,0x63,0x69,0x63,0xb5,0x52,
0x3e,0x86,0x47,0x0d,0xec,0xbb,0xed,0xa0,0x27,0xe7,0x97,0xe7,
0xb6,0x76,0x35,0xd4,0xd4,0x9c,0x30,0x70,0x0e,0x74,0xaf,0x8a,
0x0f,0xf1,0x56,0xa8,0x01,0xaf,0x57,0xa2,0x6e,0x70,0x78,0xf1,
0xd8,0x2f,0x74,0x90,0x8e,0xcb,0x6d,0x07,0xe7,0x0b,0x35,0x03,
0xee,0xd9,0x4f,0xa3,0x2c,0xf1,0x7a,0x7f,0xc3,0xd6,0xcf,0x40,
0xdc,0x7b,0x00,0x83,0x0e,0x6a,0x25,0x66,0xdc,0x07,0x3e,0x34,
0x33,0x12,0x51,0x7c,0x6a,0xa5,0x15,0x2b,0x4b,0xfe,0xcd,0x2e,
0x55,0x1f,0xee,0x34,0x63,0x18,0xa1,0x53,0x42,0x3c,0x99,0x6b,
0x0d,0x5d,0xcb,0x91,0x02,0xae,0xdd,0x38,0x79,0x86,0x16,0xf1,
0xf1,0xe0,0xd6,0xc4,0x03,0x52,0x5b,0x1f,0x9b,0x3d,0x4d,0xc7,
0x66,0xde,0x2d,0xfc,0x4a,0x56,0xd7,0xb8,0xba,0x59,0x63,0xd6,
0x0f,0x3e,0x16,0x31,0x88,0x70,0xad,0x43,0x69,0x52,0xe5,0x57,
0x65,0x37,0x4e,0xab,0x85,0xe8,0xec,0x17,0xd6,0xb9,0xa4,0x54,
0x7b,0x9b,0x5f,0x27,0x52,0xf3,0x10,0x5b,0xe8,0x09,0xb2,0x3a,
0x2c,0x8d,0x74,0x69,0xdb,0x02,0xe2,0x4d,0x59,0x23,0x94,0xa7,
0xdb,0xa0,0x69,0xe9
};
__fips_constseg
static const unsigned char dsa_test_2048_q[] = {
0xd2,0x77,0x04,0x4e,0x50,0xf5,0xa4,0xe3,0xf5,0x10,0xa5,0x0a,
0x0b,0x84,0xfd,0xff,0xbc,0xa0,0x47,0xed,0x27,0x60,0x20,0x56,
0x74,0x41,0xa0,0xa5
};
__fips_constseg
static const unsigned char dsa_test_2048_g[] = {
0x13,0xd7,0x54,0xe2,0x1f,0xd2,0x41,0x65,0x5d,0xa8,0x91,0xc5,
0x22,0xa6,0x5a,0x72,0xa8,0x9b,0xdc,0x64,0xec,0x9b,0x54,0xa8,
0x21,0xed,0x4a,0x89,0x8b,0x49,0x0e,0x0c,0x4f,0xcb,0x72,0x19,
0x2a,0x4a,0x20,0xf5,0x41,0xf3,0xf2,0x92,0x53,0x99,0xf0,0xba,
0xec,0xf9,0x29,0xaa,0xfb,0xf7,0x9d,0xfe,0x43,0x32,0x39,0x3b,
0x32,0xcd,0x2e,0x2f,0xcf,0x27,0x2f,0x32,0xa6,0x27,0x43,0x4a,
0x0d,0xf2,0x42,0xb7,0x5b,0x41,0x4d,0xf3,0x72,0x12,0x1e,0x53,
0xa5,0x53,0xf2,0x22,0xf8,0x36,0xb0,0x00,0xf0,0x16,0x48,0x5b,
0x6b,0xd0,0x89,0x84,0x51,0x80,0x1d,0xcd,0x8d,0xe6,0x4c,0xd5,
0x36,0x56,0x96,0xff,0xc5,0x32,0xd5,0x28,0xc5,0x06,0x62,0x0a,
0x94,0x2a,0x03,0x05,0x04,0x6d,0x8f,0x18,0x76,0x34,0x1f,0x1e,
0x57,0x0b,0xc3,0x97,0x4b,0xa6,0xb9,0xa4,0x38,0xe9,0x70,0x23,
0x02,0xa2,0xe6,0xe6,0x7b,0xfd,0x06,0xd3,0x2b,0xc6,0x79,0x96,
0x22,0x71,0xd7,0xb4,0x0c,0xd7,0x2f,0x38,0x6e,0x64,0xe0,0xd7,
0xef,0x86,0xca,0x8c,0xa5,0xd1,0x42,0x28,0xdc,0x2a,0x4f,0x16,
0xe3,0x18,0x98,0x86,0xb5,0x99,0x06,0x74,0xf4,0x20,0x0f,0x3a,
0x4c,0xf6,0x5a,0x3f,0x0d,0xdb,0xa1,0xfa,0x67,0x2d,0xff,0x2f,
0x5e,0x14,0x3d,0x10,0xe4,0xe9,0x7a,0xe8,0x4f,0x6d,0xa0,0x95,
0x35,0xd5,0xb9,0xdf,0x25,0x91,0x81,0xa7,0x9b,0x63,0xb0,0x69,
0xe9,0x49,0x97,0x2b,0x02,0xba,0x36,0xb3,0x58,0x6a,0xab,0x7e,
0x45,0xf3,0x22,0xf8,0x2e,0x4e,0x85,0xca,0x3a,0xb8,0x55,0x91,
0xb3,0xc2,0xa9,0x66
};
__fips_constseg
static const unsigned char dsa_test_2048_pub_key[] = {
0x24,0x52,0xf3,0xcc,0xbe,0x9e,0xd5,0xca,0x7d,0xc7,0x4c,0x60,
0x2b,0x99,0x22,0x6e,0x8f,0x2f,0xab,0x38,0xe7,0xd7,0xdd,0xfb,
0x75,0x53,0x9b,0x17,0x15,0x5e,0x9f,0xcf,0xd1,0xab,0xa5,0x64,
0xeb,0x85,0x35,0xd8,0x12,0xc9,0xc2,0xdc,0xf9,0x72,0x84,0x44,
0x1b,0xc4,0x82,0x24,0x36,0x24,0xc7,0xf4,0x57,0x58,0x0c,0x1c,
0x38,0xa5,0x7c,0x46,0xc4,0x57,0x39,0x24,0x70,0xed,0xb5,0x2c,
0xb5,0xa6,0xe0,0x3f,0xe6,0x28,0x7b,0xb6,0xf4,0x9a,0x42,0xa2,
0x06,0x5a,0x05,0x4f,0x03,0x08,0x39,0xdf,0x1f,0xd3,0x14,0x9c,
0x4c,0xa0,0x53,0x1d,0xd8,0xca,0x8a,0xaa,0x9c,0xc7,0x33,0x71,
0x93,0x38,0x73,0x48,0x33,0x61,0x18,0x22,0x45,0x45,0xe8,0x8c,
0x80,0xff,0xd8,0x76,0x5d,0x74,0x36,0x03,0x33,0xcc,0xab,0x99,
0x72,0x77,0x9b,0x65,0x25,0xa6,0x5b,0xdd,0x0d,0x10,0xc6,0x75,
0xc1,0x09,0xbb,0xd3,0xe5,0xbe,0x4d,0x72,0xef,0x6e,0xba,0x6e,
0x43,0x8d,0x52,0x26,0x23,0x7d,0xb8,0x88,0x37,0x9c,0x5f,0xcc,
0x47,0xa3,0x84,0x7f,0xf6,0x37,0x11,0xba,0xed,0x6d,0x03,0xaf,
0xe8,0x1e,0x69,0x4a,0x41,0x3b,0x68,0x0b,0xd3,0x8a,0xb4,0x90,
0x3f,0x83,0x70,0xa7,0x07,0xef,0x55,0x1d,0x49,0x41,0x02,0x6d,
0x95,0x79,0xd6,0x91,0xde,0x8e,0xda,0xa1,0x61,0x05,0xeb,0x9d,
0xba,0x3c,0x2f,0x4c,0x1b,0xec,0x50,0x82,0x75,0xaa,0x02,0x07,
0xe2,0x51,0xb5,0xec,0xcb,0x28,0x6a,0x4b,0x01,0xd4,0x49,0xd3,
0x0a,0xcb,0x67,0x37,0x17,0xa0,0xd2,0xfb,0x3b,0x50,0xc8,0x93,
0xf7,0xda,0xb1,0x4f
};
__fips_constseg
static const unsigned char dsa_test_2048_priv_key[] = {
0x0c,0x4b,0x30,0x89,0xd1,0xb8,0x62,0xcb,0x3c,0x43,0x64,0x91,
0xf0,0x91,0x54,0x70,0xc5,0x27,0x96,0xe3,0xac,0xbe,0xe8,0x00,
0xec,0x55,0xf6,0xcc
};
int FIPS_selftest_dsa()
{
DSA *dsa=NULL;
EVP_PKEY pk;
int ret = 0;
dsa = FIPS_dsa_new();
if(dsa == NULL)
goto err;
fips_load_key_component(dsa, p, dsa_test_2048);
fips_load_key_component(dsa, q, dsa_test_2048);
fips_load_key_component(dsa, g, dsa_test_2048);
fips_load_key_component(dsa, pub_key, dsa_test_2048);
fips_load_key_component(dsa, priv_key, dsa_test_2048);
pk.type = EVP_PKEY_DSA;
pk.pkey.dsa = dsa;
if (!fips_pkey_signature_test(FIPS_TEST_SIGNATURE, &pk, NULL, 0,
NULL, 0, EVP_sha384(), 0,
"DSA SHA384"))
goto err;
ret = 1;
err:
if (dsa)
FIPS_dsa_free(dsa);
return ret;
}
#endif

141
fips/dsa/fips_dsa_sign.c
View File

@ -1,141 +0,0 @@
/* fips_dsa_sign.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2007.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/evp.h>
#include <openssl/dsa.h>
#include <openssl/err.h>
#include <openssl/sha.h>
#include <openssl/bn.h>
#ifdef OPENSSL_FIPS
/* FIPS versions of DSA_sign() and DSA_verify().
* Handle DSA_SIG structures to avoid need to handle ASN1.
*/
DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx)
{
DSA_SIG *s;
unsigned char dig[EVP_MAX_MD_SIZE];
unsigned int dlen;
FIPS_digestfinal(ctx, dig, &dlen);
s = dsa->meth->dsa_do_sign(dig,dlen,dsa);
OPENSSL_cleanse(dig, dlen);
return s;
}
DSA_SIG * FIPS_dsa_sign_digest(DSA *dsa, const unsigned char *dig, int dlen)
{
if (FIPS_selftest_failed())
{
FIPSerr(FIPS_F_FIPS_DSA_SIGN_DIGEST, FIPS_R_SELFTEST_FAILED);
return NULL;
}
return dsa->meth->dsa_do_sign(dig, dlen, dsa);
}
int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s)
{
int ret=-1;
unsigned char dig[EVP_MAX_MD_SIZE];
unsigned int dlen;
FIPS_digestfinal(ctx, dig, &dlen);
ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
OPENSSL_cleanse(dig, dlen);
return ret;
}
int FIPS_dsa_verify_digest(DSA *dsa,
const unsigned char *dig, int dlen, DSA_SIG *s)
{
if (FIPS_selftest_failed())
{
FIPSerr(FIPS_F_FIPS_DSA_VERIFY_DIGEST, FIPS_R_SELFTEST_FAILED);
return -1;
}
return dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
}
int FIPS_dsa_verify(DSA *dsa, const unsigned char *msg, size_t msglen,
const EVP_MD *mhash, DSA_SIG *s)
{
int ret=-1;
unsigned char dig[EVP_MAX_MD_SIZE];
unsigned int dlen;
FIPS_digest(msg, msglen, dig, &dlen, mhash);
ret=FIPS_dsa_verify_digest(dsa, dig, dlen, s);
OPENSSL_cleanse(dig, dlen);
return ret;
}
DSA_SIG * FIPS_dsa_sign(DSA *dsa, const unsigned char *msg, size_t msglen,
const EVP_MD *mhash)
{
DSA_SIG *s;
unsigned char dig[EVP_MAX_MD_SIZE];
unsigned int dlen;
FIPS_digest(msg, msglen, dig, &dlen, mhash);
s = FIPS_dsa_sign_digest(dsa, dig, dlen);
OPENSSL_cleanse(dig, dlen);
return s;
}
#endif

256
fips/dsa/fips_dsatest.c
View File

@ -1,256 +0,0 @@
/* crypto/dsa/dsatest.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#define OPENSSL_FIPSAPI
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "e_os.h"
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#if defined(OPENSSL_NO_DSA) || !defined(OPENSSL_FIPS)
int main(int argc, char *argv[])
{
printf("No FIPS DSA support\n");
return(0);
}
#else
#include <openssl/dsa.h>
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include <openssl/dsa.h>
#ifdef OPENSSL_SYS_WIN16
#define MS_CALLBACK _far _loadds
#else
#define MS_CALLBACK
#endif
#include "fips_utl.h"
static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
/* seed, out_p, out_q, out_g are taken from the earlier validation test
* vectors.
*/
static unsigned char seed[20] = {
0x1c, 0xfb, 0xa9, 0x6c, 0xf7, 0x95, 0xb3, 0x2e, 0x01, 0x01, 0x3c, 0x8d,
0x7f, 0x6e, 0xf4, 0x59, 0xcc, 0x2f, 0x19, 0x59
};
static unsigned char out_p[] = {
0xc2, 0x3c, 0x48, 0x31, 0x7e, 0x3b, 0x4e, 0x5d, 0x3c, 0x93, 0x78, 0x60,
0x5c, 0xf2, 0x60, 0xbb, 0x5a, 0xfa, 0x7f, 0x17, 0xf9, 0x26, 0x69, 0x46,
0xe7, 0x07, 0xbb, 0x3b, 0x2e, 0xc4, 0xb5, 0x66, 0xf7, 0x4d, 0xae, 0x9b,
0x8f, 0xf0, 0x42, 0xea, 0xb3, 0xa0, 0x7e, 0x81, 0x85, 0x89, 0xe6, 0xb0,
0x29, 0x03, 0x6b, 0xcc, 0xfb, 0x8e, 0x46, 0x15, 0x4d, 0xc1, 0x69, 0xd8,
0x2f, 0xef, 0x5c, 0x8b, 0x29, 0x32, 0x41, 0xbd, 0x13, 0x72, 0x3d, 0xac,
0x81, 0xcc, 0x86, 0x6c, 0x06, 0x5d, 0x51, 0xa1, 0xa5, 0x07, 0x0c, 0x3e,
0xbe, 0xdd, 0xf4, 0x6e, 0xa8, 0xed, 0xb4, 0x2f, 0xbd, 0x3e, 0x64, 0xea,
0xee, 0x92, 0xec, 0x51, 0xe1, 0x0d, 0xab, 0x25, 0x45, 0xae, 0x55, 0x21,
0x4d, 0xd6, 0x96, 0x6f, 0xe6, 0xaa, 0xd3, 0xca, 0x87, 0x92, 0xb1, 0x1c,
0x3c, 0xaf, 0x29, 0x09, 0x8b, 0xc6, 0xed, 0xe1
};
static unsigned char out_q[] = {
0xae, 0x0a, 0x8c, 0xfb, 0x80, 0xe1, 0xc6, 0xd1, 0x09, 0x0f, 0x26, 0xde,
0x91, 0x53, 0xc2, 0x8b, 0x2b, 0x0f, 0xde, 0x7f
};
static unsigned char out_g[] = {
0x0d, 0x7d, 0x92, 0x74, 0x10, 0xf6, 0xa4, 0x43, 0x86, 0x9a, 0xd1, 0xd9,
0x56, 0x00, 0xbc, 0x18, 0x97, 0x99, 0x4e, 0x9a, 0x93, 0xfb, 0x00, 0x3d,
0x6c, 0xa0, 0x1b, 0x95, 0x6b, 0xbd, 0xf7, 0x7a, 0xbc, 0x36, 0x3f, 0x3d,
0xb9, 0xbf, 0xf9, 0x91, 0x37, 0x68, 0xd1, 0xb9, 0x1e, 0xfe, 0x7f, 0x10,
0xc0, 0x6a, 0xcd, 0x5f, 0xc1, 0x65, 0x1a, 0xb8, 0xe7, 0xab, 0xb5, 0xc6,
0x8d, 0xb7, 0x86, 0xad, 0x3a, 0xbf, 0x6b, 0x7b, 0x0a, 0x66, 0xbe, 0xd5,
0x58, 0x23, 0x16, 0x48, 0x83, 0x29, 0xb6, 0xa7, 0x64, 0xc7, 0x08, 0xbe,
0x55, 0x4c, 0x6f, 0xcb, 0x34, 0xc1, 0x73, 0xb0, 0x39, 0x68, 0x52, 0xdf,
0x27, 0x7f, 0x32, 0xbc, 0x2b, 0x0d, 0x63, 0xed, 0x75, 0x3e, 0xb5, 0x54,
0xac, 0xc8, 0x20, 0x2a, 0x73, 0xe8, 0x29, 0x51, 0x03, 0x77, 0xe8, 0xc9,
0x61, 0x32, 0x25, 0xaf, 0x21, 0x5b, 0x6e, 0xda
};
__fips_constseg
static const unsigned char str1[]="12345678901234567890";
__fips_constseg
static const char rnd_seed[] = "string to make the random number generator think it has entropy";
int main(int argc, char **argv)
{
DSA *dsa=NULL;
DSA_SIG *sig = NULL;
int counter,ret=0,i,j;
unsigned char buf[256];
unsigned long h;
BN_GENCB cb;
BN_GENCB_set(&cb, dsa_cb, stderr);
fips_algtest_init();
fprintf(stderr,"test generation of DSA parameters\n");
dsa = FIPS_dsa_new();
DSA_generate_parameters_ex(dsa, 1024,seed,20,&counter,&h,&cb);
fprintf(stderr,"seed\n");
for (i=0; i<20; i+=4)
{
fprintf(stderr,"%02X%02X%02X%02X ",
seed[i],seed[i+1],seed[i+2],seed[i+3]);
}
fprintf(stderr,"\ncounter=%d h=%ld\n",counter,h);
if (dsa == NULL) goto end;
if (counter != 16)
{
fprintf(stderr,"counter should be 105\n");
goto end;
}
if (h != 2)
{
fprintf(stderr,"h should be 2\n");
goto end;
}
i=BN_bn2bin(dsa->q,buf);
j=sizeof(out_q);
if ((i != j) || (memcmp(buf,out_q,i) != 0))
{
fprintf(stderr,"q value is wrong\n");
goto end;
}
i=BN_bn2bin(dsa->p,buf);
j=sizeof(out_p);
if ((i != j) || (memcmp(buf,out_p,i) != 0))
{
fprintf(stderr,"p value is wrong\n");
goto end;
}
i=BN_bn2bin(dsa->g,buf);
j=sizeof(out_g);
if ((i != j) || (memcmp(buf,out_g,i) != 0))
{
fprintf(stderr,"g value is wrong\n");
goto end;
}
DSA_generate_key(dsa);
sig = FIPS_dsa_sign(dsa, str1, 20, EVP_sha1());
if (!sig)
goto end;
if (FIPS_dsa_verify(dsa, str1, 20, EVP_sha1(), sig) != 1)
goto end;
ret = 1;
end:
if (sig)
FIPS_dsa_sig_free(sig);
if (dsa != NULL) FIPS_dsa_free(dsa);
#if 0
CRYPTO_mem_leaks(bio_err);
#endif
EXIT(!ret);
return(!ret);
}
static int cb_exit(int ec)
{
EXIT(ec);
return(0); /* To keep some compilers quiet */
}
static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
{
char c='*';
static int ok=0,num=0;
if (p == 0) { c='.'; num++; };
if (p == 1) c='+';
if (p == 2) { c='*'; ok++; }
if (p == 3) c='\n';
fwrite(&c,1, 1, cb->arg);
fflush(cb->arg);
if (!ok && (p == 0) && (num > 1))
{
fprintf(cb->arg,"error in dsatest\n");
cb_exit(1);
}
return 1;
}
#endif

793
fips/dsa/fips_dssvs.c
View File

@ -1,793 +0,0 @@
#define OPENSSL_FIPSAPI
#include <openssl/opensslconf.h>
#ifndef OPENSSL_FIPS
#include <stdio.h>
int main(int argc, char **argv)
{
printf("No FIPS DSA support\n");
return(0);
}
#else
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/fips.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <string.h>
#include <ctype.h>
#include "fips_utl.h"
static int parse_mod(char *line, int *pdsa2, int *pL, int *pN,
const EVP_MD **pmd)
{
char lbuf[10240];
char *keyword, *value;
char *p;
p = strchr(line, ',');
if (!p)
{
*pL = atoi(line);
*pdsa2 = 0;
*pN = 160;
if (pmd)
*pmd = EVP_sha1();
return 1;
}
*pdsa2 = 1;
*p = 0;
if (!parse_line2(&keyword, &value, lbuf, line, 0))
return 0;
if (strcmp(keyword, "L"))
return 0;
*pL = atoi(value);
strcpy(line, p + 1);
if (pmd)
p = strchr(line, ',');
else
p = strchr(line, ']');
if (!p)
return 0;
*p = 0;
if (!parse_line2(&keyword, &value, lbuf, line, 0))
return 0;
if (strcmp(keyword, "N"))
return 0;
*pN = atoi(value);
if (!pmd)
return 1;
strcpy(line, p + 1);
p = strchr(line, ']');
if (!p)
return 0;
*p = 0;
p = line;
while(isspace(*p))
p++;
if (!strcmp(p, "SHA-1"))
*pmd = EVP_sha1();
else if (!strcmp(p, "SHA-224"))
*pmd = EVP_sha224();
else if (!strcmp(p, "SHA-256"))
*pmd = EVP_sha256();
else if (!strcmp(p, "SHA-384"))
*pmd = EVP_sha384();
else if (!strcmp(p, "SHA-512"))
*pmd = EVP_sha512();
else
return 0;
return 1;
}
static void primes(FILE *in, FILE *out)
{
char buf[10240];
char lbuf[10240];
char *keyword, *value;
while(fgets(buf,sizeof buf,in) != NULL)
{
fputs(buf,out);
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
if(!strcmp(keyword,"Prime"))
{
BIGNUM *pp;
pp=BN_new();
do_hex2bn(&pp,value);
fprintf(out, "result= %c" RESP_EOL,
BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
}
}
}
int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
unsigned char *seed_out,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
int idx, unsigned char *seed_out,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
int dsa_paramgen_check_g(DSA *dsa);
static void pqg(FILE *in, FILE *out)
{
char buf[1024];
char lbuf[1024];
char *keyword, *value;
int dsa2, L, N;
const EVP_MD *md = NULL;
BIGNUM *p = NULL, *q = NULL;
enum pqtype { PQG_NONE, PQG_PQ, PQG_G, PQG_GCANON}
pqg_type = PQG_NONE;
int seedlen=-1, idxlen, idx = -1;
unsigned char seed[1024], idtmp[1024];
while(fgets(buf,sizeof buf,in) != NULL)
{
if (buf[0] == '[')
{
if (strstr(buf, "Probable"))
pqg_type = PQG_PQ;
else if (strstr(buf, "Unverifiable"))
pqg_type = PQG_G;
else if (strstr(buf, "Canonical"))
pqg_type = PQG_GCANON;
}
if (!parse_line(&keyword, &value, lbuf, buf))
{
fputs(buf,out);
continue;
}
if (strcmp(keyword, "Num"))
fputs(buf,out);
if(!strcmp(keyword,"[mod"))
{
if (!parse_mod(value, &dsa2, &L, &N, &md))
{
fprintf(stderr, "Mod Parse Error\n");
exit (1);
}
}
else if(!strcmp(keyword,"N")
|| (!strcmp(keyword, "Num") && pqg_type == PQG_PQ))
{
int n=atoi(value);
while(n--)
{
DSA *dsa;
int counter;
unsigned long h;
dsa = FIPS_dsa_new();
if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
NULL, 0, seed,
&counter, &h, NULL))
{
fprintf(stderr, "Parameter Generation error\n");
exit(1);
}
if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
NULL, 0, -1, seed,
&counter, &h, NULL) <= 0)
{
fprintf(stderr, "Parameter Generation error\n");
exit(1);
}
do_bn_print_name(out, "P",dsa->p);
do_bn_print_name(out, "Q",dsa->q);
if (!dsa2)
do_bn_print_name(out, "G",dsa->g);
OutputValue(dsa2 ? "domain_parameter_seed" : "Seed",
seed, M_EVP_MD_size(md), out, 0);
if (!dsa2)
{
fprintf(out, "c = %d" RESP_EOL, counter);
fprintf(out, "H = %lx" RESP_EOL RESP_EOL,h);
}
else
{
fprintf(out, "counter = %d" RESP_EOL RESP_EOL, counter);
}
FIPS_dsa_free(dsa);
}
}
else if(!strcmp(keyword,"P"))
p=hex2bn(value);
else if(!strcmp(keyword,"Q"))
q=hex2bn(value);
else if(!strcmp(keyword,"domain_parameter_seed"))
seedlen = hex2bin(value, seed);
else if(!strcmp(keyword,"firstseed"))
seedlen = hex2bin(value, seed);
else if(!strcmp(keyword,"pseed"))
seedlen += hex2bin(value, seed + seedlen);
else if(!strcmp(keyword,"qseed"))
seedlen += hex2bin(value, seed + seedlen);
else if(!strcmp(keyword,"index"))
{
idxlen = hex2bin(value, idtmp);
if (idxlen != 1)
{
fprintf(stderr, "Index value error\n");
exit (1);
}
idx = idtmp[0];
}
if ((idx >= 0 && pqg_type == PQG_GCANON) || (q && pqg_type == PQG_G))
{
DSA *dsa;
dsa = FIPS_dsa_new();
dsa->p = p;
dsa->q = q;
p = q = NULL;
if (dsa_builtin_paramgen2(dsa, L, N, md,
seed, seedlen, idx, NULL,
NULL, NULL, NULL) <= 0)
{
fprintf(stderr, "Parameter Generation error\n");
exit(1);
}
do_bn_print_name(out, "G",dsa->g);
FIPS_dsa_free(dsa);
idx = -1;
}
}
}
static void pqgver(FILE *in, FILE *out)
{
char buf[1024];
char lbuf[1024];
char *keyword, *value;
BIGNUM *p = NULL, *q = NULL, *g = NULL;
int counter=-1, counter2;
unsigned long h=0, h2;
DSA *dsa=NULL;
int dsa2, L, N, part_test = 0;
const EVP_MD *md = NULL;
int seedlen=-1, idxlen, idx = -1;
unsigned char seed[1024], idtmp[1024];
while(fgets(buf,sizeof buf,in) != NULL)
{
if (!parse_line(&keyword, &value, lbuf, buf))
{
if (p && q)
{
part_test = 1;
goto partial;
}
fputs(buf,out);
continue;
}
fputs(buf, out);
if(!strcmp(keyword,"[mod"))
{
if (!parse_mod(value, &dsa2, &L, &N, &md))
{
fprintf(stderr, "Mod Parse Error\n");
exit (1);
}
}
else if(!strcmp(keyword,"P"))
p=hex2bn(value);
else if(!strcmp(keyword,"Q"))
q=hex2bn(value);
else if(!strcmp(keyword,"G"))
g=hex2bn(value);
else if(!strcmp(keyword,"firstseed"))
seedlen = hex2bin(value, seed);
else if(!strcmp(keyword,"pseed"))
seedlen += hex2bin(value, seed + seedlen);
else if(!strcmp(keyword,"qseed"))
seedlen += hex2bin(value, seed + seedlen);
else if(!strcmp(keyword,"Seed")
|| !strcmp(keyword,"domain_parameter_seed"))
{
seedlen = hex2bin(value, seed);
if (!dsa2 && seedlen != 20)
{
fprintf(stderr, "Seed parse length error\n");
exit (1);
}
if (idx > 0)
part_test = 1;
}
else if(!strcmp(keyword,"index"))
{
idxlen = hex2bin(value, idtmp);
if (idxlen != 1)
{
fprintf(stderr, "Index value error\n");
exit (1);
}
idx = idtmp[0];
}
else if(!strcmp(keyword,"c"))
counter = atoi(buf+4);
partial:
if (part_test && idx < 0 && h == 0 && g)
{
dsa = FIPS_dsa_new();
dsa->p = BN_dup(p);
dsa->q = BN_dup(q);
dsa->g = BN_dup(g);
if (dsa_paramgen_check_g(dsa))
fprintf(out, "Result = P" RESP_EOL);
else
fprintf(out, "Result = F" RESP_EOL);
BN_free(p);
BN_free(q);
BN_free(g);
p = NULL;
q = NULL;
g = NULL;
FIPS_dsa_free(dsa);
dsa = NULL;
part_test = 0;
}
else if(!strcmp(keyword,"H") || part_test)
{
if (!part_test)
h = atoi(value);
if (!p || !q || (!g && !part_test))
{
fprintf(stderr, "Parse Error\n");
exit (1);
}
dsa = FIPS_dsa_new();
if (idx >= 0)
{
dsa->p = BN_dup(p);
dsa->q = BN_dup(q);
}
no_err = 1;
if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
seed, seedlen, NULL,
&counter2, &h2, NULL))
{
fprintf(stderr, "Parameter Generation error\n");
exit(1);
}
if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
seed, seedlen, idx, NULL,
&counter2, &h2, NULL) < 0)
{
fprintf(stderr, "Parameter Generation error\n");
exit(1);
}
no_err = 0;
if (idx >= 0)
{
if (BN_cmp(dsa->g, g))
fprintf(out, "Result = F" RESP_EOL);
else
fprintf(out, "Result = P" RESP_EOL);
}
else if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) ||
(!part_test &&
((BN_cmp(dsa->g, g) || (counter != counter2) || (h != h2)))))
fprintf(out, "Result = F" RESP_EOL);
else
fprintf(out, "Result = P" RESP_EOL);
BN_free(p);
BN_free(q);
BN_free(g);
p = NULL;
q = NULL;
g = NULL;
FIPS_dsa_free(dsa);
dsa = NULL;
if (part_test)
{
if (idx == -1)
fputs(buf,out);
part_test = 0;
}
idx = -1;
}
}
}
/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
* algorithm tests. It is an additional test to perform sanity checks on the
* output of the KeyPair test.
*/
static int dss_paramcheck(int L, int N, BIGNUM *p, BIGNUM *q, BIGNUM *g,
BN_CTX *ctx)
{
BIGNUM *rem = NULL;
if (BN_num_bits(p) != L)
return 0;
if (BN_num_bits(q) != N)
return 0;
if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
return 0;
if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
return 0;
rem = BN_new();
if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
|| (BN_cmp(g, BN_value_one()) <= 0)
|| !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
{
BN_free(rem);
return 0;
}
/* Todo: check g */
BN_free(rem);
return 1;
}
static void keyver(FILE *in, FILE *out)
{
char buf[1024];
char lbuf[1024];
char *keyword, *value;
BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
BIGNUM *Y2;
BN_CTX *ctx = NULL;
int dsa2, L, N;
int paramcheck = 0;
ctx = BN_CTX_new();
Y2 = BN_new();
while(fgets(buf,sizeof buf,in) != NULL)
{
if (!parse_line(&keyword, &value, lbuf, buf))
{
fputs(buf,out);
continue;
}
if(!strcmp(keyword,"[mod"))
{
if (p)
BN_free(p);
p = NULL;
if (q)
BN_free(q);
q = NULL;
if (g)
BN_free(g);
g = NULL;
paramcheck = 0;
if (!parse_mod(value, &dsa2, &L, &N, NULL))
{
fprintf(stderr, "Mod Parse Error\n");
exit (1);
}
}
else if(!strcmp(keyword,"P"))
p=hex2bn(value);
else if(!strcmp(keyword,"Q"))
q=hex2bn(value);
else if(!strcmp(keyword,"G"))
g=hex2bn(value);
else if(!strcmp(keyword,"X"))
X=hex2bn(value);
else if(!strcmp(keyword,"Y"))
{
Y=hex2bn(value);
if (!p || !q || !g || !X || !Y)
{
fprintf(stderr, "Parse Error\n");
exit (1);
}
do_bn_print_name(out, "P",p);
do_bn_print_name(out, "Q",q);
do_bn_print_name(out, "G",g);
do_bn_print_name(out, "X",X);
do_bn_print_name(out, "Y",Y);
if (!paramcheck)
{
if (dss_paramcheck(L, N, p, q, g, ctx))
paramcheck = 1;
else
paramcheck = -1;
}
if (paramcheck != 1)
fprintf(out, "Result = F" RESP_EOL);
else
{
if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
fprintf(out, "Result = F" RESP_EOL);
else
fprintf(out, "Result = P" RESP_EOL);
}
BN_free(X);
BN_free(Y);
X = NULL;
Y = NULL;
}
}
if (p)
BN_free(p);
if (q)
BN_free(q);
if (g)
BN_free(g);
if (Y2)
BN_free(Y2);
if (ctx)
BN_CTX_free(ctx);
}
static void keypair(FILE *in, FILE *out)
{
char buf[1024];
char lbuf[1024];
char *keyword, *value;
int dsa2, L, N;
while(fgets(buf,sizeof buf,in) != NULL)
{
if (!parse_line(&keyword, &value, lbuf, buf))
{
continue;
}
if(!strcmp(keyword,"[mod"))
{
if (!parse_mod(value, &dsa2, &L, &N, NULL))
{
fprintf(stderr, "Mod Parse Error\n");
exit (1);
}
fputs(buf,out);
}
else if(!strcmp(keyword,"N"))
{
DSA *dsa;
int n=atoi(value);
dsa = FIPS_dsa_new();
if (!dsa)
{
fprintf(stderr, "DSA allocation error\n");
exit(1);
}
if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, NULL, NULL, 0,
NULL, NULL, NULL, NULL))
{
fprintf(stderr, "Parameter Generation error\n");
exit(1);
}
if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, NULL, NULL, 0, -1,
NULL, NULL, NULL, NULL) <= 0)
{
fprintf(stderr, "Parameter Generation error\n");
exit(1);
}
do_bn_print_name(out, "P",dsa->p);
do_bn_print_name(out, "Q",dsa->q);
do_bn_print_name(out, "G",dsa->g);
fputs(RESP_EOL, out);
while(n--)
{
if (!DSA_generate_key(dsa))
exit(1);
do_bn_print_name(out, "X",dsa->priv_key);
do_bn_print_name(out, "Y",dsa->pub_key);
fputs(RESP_EOL, out);
}
FIPS_dsa_free(dsa);
}
}
}
static void siggen(FILE *in, FILE *out)
{
char buf[1024];
char lbuf[1024];
char *keyword, *value;
int dsa2, L, N;
const EVP_MD *md = NULL;
DSA *dsa=NULL;
while(fgets(buf,sizeof buf,in) != NULL)
{
if (!parse_line(&keyword, &value, lbuf, buf))
{
fputs(buf,out);
continue;
}
fputs(buf,out);
if(!strcmp(keyword,"[mod"))
{
if (!parse_mod(value, &dsa2, &L, &N, &md))
{
fprintf(stderr, "Mod Parse Error\n");
exit (1);
}
if (dsa)
FIPS_dsa_free(dsa);
dsa = FIPS_dsa_new();
if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md, NULL, 0,
NULL, NULL, NULL, NULL))
{
fprintf(stderr, "Parameter Generation error\n");
exit(1);
}
if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, NULL, 0, -1,
NULL, NULL, NULL, NULL) <= 0)
{
fprintf(stderr, "Parameter Generation error\n");
exit(1);
}
do_bn_print_name(out, "P",dsa->p);
do_bn_print_name(out, "Q",dsa->q);
do_bn_print_name(out, "G",dsa->g);
fputs(RESP_EOL, out);
}
else if(!strcmp(keyword,"Msg"))
{
unsigned char msg[1024];
int n;
DSA_SIG *sig;
n=hex2bin(value,msg);
if (!DSA_generate_key(dsa))
exit(1);
do_bn_print_name(out, "Y",dsa->pub_key);
sig = FIPS_dsa_sign(dsa, msg, n, md);
do_bn_print_name(out, "R",sig->r);
do_bn_print_name(out, "S",sig->s);
fputs(RESP_EOL, out);
FIPS_dsa_sig_free(sig);
}
}
if (dsa)
FIPS_dsa_free(dsa);
}
static void sigver(FILE *in, FILE *out)
{
DSA *dsa=NULL;
char buf[1024];
char lbuf[1024];
unsigned char msg[1024];
char *keyword, *value;
int n=0;
int dsa2, L, N;
const EVP_MD *md = NULL;
DSA_SIG sg, *sig = &sg;
sig->r = NULL;
sig->s = NULL;
while(fgets(buf,sizeof buf,in) != NULL)
{
if (!parse_line(&keyword, &value, lbuf, buf))
{
fputs(buf,out);
continue;
}
fputs(buf,out);
if(!strcmp(keyword,"[mod"))
{
if (!parse_mod(value, &dsa2, &L, &N, &md))
{
fprintf(stderr, "Mod Parse Error\n");
exit (1);
}
if (dsa)
FIPS_dsa_free(dsa);
dsa = FIPS_dsa_new();
}
else if(!strcmp(keyword,"P"))
do_hex2bn(&dsa->p, value);
else if(!strcmp(keyword,"Q"))
do_hex2bn(&dsa->q, value);
else if(!strcmp(keyword,"G"))
do_hex2bn(&dsa->g, value);
else if(!strcmp(keyword,"Msg"))
n=hex2bin(value,msg);
else if(!strcmp(keyword,"Y"))
do_hex2bn(&dsa->pub_key, value);
else if(!strcmp(keyword,"R"))
sig->r=hex2bn(value);
else if(!strcmp(keyword,"S"))
{
int r;
sig->s=hex2bn(value);
no_err = 1;
r = FIPS_dsa_verify(dsa, msg, n, md, sig);
no_err = 0;
if (sig->s)
{
BN_free(sig->s);
sig->s = NULL;
}
if (sig->r)
{
BN_free(sig->r);
sig->r = NULL;
}
fprintf(out, "Result = %c" RESP_EOL RESP_EOL, r == 1 ? 'P' : 'F');
}
}
if (dsa)
FIPS_dsa_free(dsa);
}
#ifdef FIPS_ALGVS
int fips_dssvs_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
FILE *in, *out;
if (argc == 4)
{
in = fopen(argv[2], "r");
if (!in)
{
fprintf(stderr, "Error opening input file\n");
exit(1);
}
out = fopen(argv[3], "w");
if (!out)
{
fprintf(stderr, "Error opening output file\n");
exit(1);
}
}
else if (argc == 2)
{
in = stdin;
out = stdout;
}
else
{
fprintf(stderr,"%s [prime|pqg|pqgver|keypair|keyver|siggen|sigver]\n",argv[0]);
exit(1);
}
fips_algtest_init();
if(!strcmp(argv[1],"prime"))
primes(in, out);
else if(!strcmp(argv[1],"pqg"))
pqg(in, out);
else if(!strcmp(argv[1],"pqgver"))
pqgver(in, out);
else if(!strcmp(argv[1],"keypair"))
keypair(in, out);
else if(!strcmp(argv[1],"keyver"))
keyver(in, out);
else if(!strcmp(argv[1],"siggen"))
siggen(in, out);
else if(!strcmp(argv[1],"sigver"))
sigver(in, out);
else
{
fprintf(stderr,"Don't know how to %s.\n",argv[1]);
exit(1);
}
if (argc == 4)
{
fclose(in);
fclose(out);
}
return 0;
}
#endif

106
fips/ecdh/Makefile
View File

@ -1,106 +0,0 @@
#
# OpenSSL/fips/ecdh/Makefile
#
DIR= ecdh
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST= fips_ecdhvs.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= fips_ecdh_selftest.c
LIBOBJ= fips_ecdh_selftest.o
SRC= $(LIBSRC)
EXHEADER=
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
install:
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done
tags:
ctags $(SRC)
tests:
fips_test:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips_ecdh_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_ecdh_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
fips_ecdh_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_ecdh_selftest.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h
fips_ecdh_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_ecdh_selftest.o: ../../include/openssl/lhash.h
fips_ecdh_selftest.o: ../../include/openssl/obj_mac.h
fips_ecdh_selftest.o: ../../include/openssl/objects.h
fips_ecdh_selftest.o: ../../include/openssl/opensslconf.h
fips_ecdh_selftest.o: ../../include/openssl/opensslv.h
fips_ecdh_selftest.o: ../../include/openssl/ossl_typ.h
fips_ecdh_selftest.o: ../../include/openssl/safestack.h
fips_ecdh_selftest.o: ../../include/openssl/stack.h
fips_ecdh_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
fips_ecdh_selftest.o: fips_ecdh_selftest.c
fips_ecdhvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_ecdhvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_ecdhvs.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
fips_ecdhvs.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
fips_ecdhvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_ecdhvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
fips_ecdhvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
fips_ecdhvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
fips_ecdhvs.o: ../../include/openssl/opensslconf.h
fips_ecdhvs.o: ../../include/openssl/opensslv.h
fips_ecdhvs.o: ../../include/openssl/ossl_typ.h
fips_ecdhvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_ecdhvs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_ecdhvs.c

257
fips/ecdh/fips_ecdh_selftest.c
View File

@ -1,257 +0,0 @@
/* fips/ecdh/fips_ecdh_selftest.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2011.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/ec.h>
#include <openssl/ecdh.h>
#include <openssl/fips.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#ifdef OPENSSL_FIPS
#include "fips_locl.h"
__fips_constseg
static const unsigned char p224_qcavsx[] = {
0x3c,0x81,0x15,0x16,0xab,0xa6,0xad,0xd7,0xe5,0xf3,0xea,0x1f,
0x88,0x57,0x43,0x29,0x35,0x6f,0x0a,0xd2,0x38,0xc7,0x11,0x8a,
0x90,0xd1,0x46,0x63
};
__fips_constseg
static const unsigned char p224_qcavsy[] = {
0x4a,0x87,0x54,0x7b,0x7d,0x69,0xdd,0xb8,0x48,0x73,0xb2,0x1e,
0x33,0xfa,0xf6,0x32,0xb4,0x25,0x73,0x55,0x87,0x08,0x16,0xd2,
0xdd,0xa6,0x77,0xcf
};
__fips_constseg
static const unsigned char p224_qiutx[] = {
0x23,0xff,0x15,0x91,0x83,0xd6,0xad,0x98,0x93,0x98,0xbd,0x2e,
0x01,0xeb,0x5a,0x45,0xe2,0x2a,0xf9,0xc5,0x3b,0x37,0xe1,0x87,
0x32,0xa5,0x16,0x5f
};
__fips_constseg
static const unsigned char p224_qiuty[] = {
0x5e,0x70,0xb7,0x9d,0x9e,0x55,0x2d,0x67,0x4e,0x29,0xa4,0x9d,
0x06,0x81,0x11,0xb4,0xb4,0xab,0xe2,0xdf,0xdc,0xe4,0xf1,0x69,
0x55,0x54,0xe3,0x37
};
__fips_constseg
static const unsigned char p224_qiutd[] = {
0xd7,0xdc,0x9c,0x53,0x04,0x72,0x67,0x59,0x92,0x80,0x9e,0x6f,
0xdd,0xe6,0x0b,0x35,0x09,0xe0,0x95,0x45,0xe6,0x13,0x0e,0x22,
0x43,0x6a,0x63,0xef
};
__fips_constseg
static const unsigned char p224_ziut[] = {
0x84,0x37,0xcf,0x6d,0xfa,0x58,0xbd,0x1f,0x47,0x15,0x45,0x1f,
0x2c,0x20,0x53,0x7a,0xf4,0xb0,0xe6,0x19,0xcc,0xa9,0x30,0xc6,
0x5c,0x1a,0xf2,0xdd
};
typedef struct
{
int curve;
const unsigned char *x1;
size_t x1len;
const unsigned char *y1;
size_t y1len;
const unsigned char *d1;
size_t d1len;
const unsigned char *x2;
size_t x2len;
const unsigned char *y2;
size_t y2len;
const unsigned char *z;
size_t zlen;
} ECDH_SELFTEST_DATA;
#define make_ecdh_test(nid, pr) { nid, \
pr##_qiutx, sizeof(pr##_qiutx), \
pr##_qiuty, sizeof(pr##_qiuty), \
pr##_qiutd, sizeof(pr##_qiutd), \
pr##_qcavsx, sizeof(pr##_qcavsx), \
pr##_qcavsy, sizeof(pr##_qcavsy), \
pr##_ziut, sizeof(pr##_ziut) }
static ECDH_SELFTEST_DATA test_ecdh_data[] =
{
make_ecdh_test(NID_secp224r1, p224),
};
int FIPS_selftest_ecdh(void)
{
EC_KEY *ec1 = NULL, *ec2 = NULL;
const EC_POINT *ecp = NULL;
BIGNUM *x = NULL, *y = NULL, *d = NULL;
unsigned char *ztmp = NULL;
int rv = 1;
size_t i;
for (i = 0; i < sizeof(test_ecdh_data)/sizeof(ECDH_SELFTEST_DATA); i++)
{
ECDH_SELFTEST_DATA *ecd = test_ecdh_data + i;
if (!fips_post_started(FIPS_TEST_ECDH, ecd->curve, 0))
continue;
ztmp = OPENSSL_malloc(ecd->zlen);
x = BN_bin2bn(ecd->x1, ecd->x1len, x);
y = BN_bin2bn(ecd->y1, ecd->y1len, y);
d = BN_bin2bn(ecd->d1, ecd->d1len, d);
if (!x || !y || !d || !ztmp)
{
rv = -1;
goto err;
}
ec1 = EC_KEY_new_by_curve_name(ecd->curve);
if (!ec1)
{
rv = -1;
goto err;
}
EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y))
{
rv = -1;
goto err;
}
if (!EC_KEY_set_private_key(ec1, d))
{
rv = -1;
goto err;
}
x = BN_bin2bn(ecd->x2, ecd->x2len, x);
y = BN_bin2bn(ecd->y2, ecd->y2len, y);
if (!x || !y)
{
rv = -1;
goto err;
}
ec2 = EC_KEY_new_by_curve_name(ecd->curve);
if (!ec2)
{
rv = -1;
goto err;
}
EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y))
{
rv = -1;
goto err;
}
ecp = EC_KEY_get0_public_key(ec2);
if (!ecp)
{
rv = -1;
goto err;
}
if (!ECDH_compute_key(ztmp, ecd->zlen, ecp, ec1, 0))
{
rv = -1;
goto err;
}
if (!fips_post_corrupt(FIPS_TEST_ECDH, ecd->curve, NULL))
ztmp[0] ^= 0x1;
if (memcmp(ztmp, ecd->z, ecd->zlen))
{
fips_post_failed(FIPS_TEST_ECDH, ecd->curve, 0);
rv = 0;
}
else if (!fips_post_success(FIPS_TEST_ECDH, ecd->curve, 0))
goto err;
EC_KEY_free(ec1);
ec1 = NULL;
EC_KEY_free(ec2);
ec2 = NULL;
OPENSSL_free(ztmp);
ztmp = NULL;
}
err:
if (x)
BN_clear_free(x);
if (y)
BN_clear_free(y);
if (d)
BN_clear_free(d);
if (ec1)
EC_KEY_free(ec1);
if (ec2)
EC_KEY_free(ec2);
if (ztmp)
OPENSSL_free(ztmp);
return rv;
}
#endif

496
fips/ecdh/fips_ecdhvs.c
View File

@ -1,496 +0,0 @@
/* fips/ecdh/fips_ecdhvs.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include <openssl/opensslconf.h>
#ifndef OPENSSL_FIPS
#include <stdio.h>
int main(int argc, char **argv)
{
printf("No FIPS ECDH support\n");
return(0);
}
#else
#include <openssl/crypto.h>
#include <openssl/bn.h>
#include <openssl/ecdh.h>
#include <openssl/fips.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <string.h>
#include <ctype.h>
#include "fips_utl.h"
static const EVP_MD *eparse_md(char *line)
{
char *p;
if (line[0] != '[' || line[1] != 'E')
return NULL;
p = strchr(line, '-');
if (!p)
return NULL;
line = p + 1;
p = strchr(line, ']');
if (!p)
return NULL;
*p = 0;
p = line;
while(isspace(*p))
p++;
if (!strcmp(p, "SHA1"))
return EVP_sha1();
else if (!strcmp(p, "SHA224"))
return EVP_sha224();
else if (!strcmp(p, "SHA256"))
return EVP_sha256();
else if (!strcmp(p, "SHA384"))
return EVP_sha384();
else if (!strcmp(p, "SHA512"))
return EVP_sha512();
else
return NULL;
}
static int lookup_curve2(char *cname)
{
char *p;
p = strchr(cname, ']');
if (!p)
{
fprintf(stderr, "Parse error: missing ]\n");
return NID_undef;
}
*p = 0;
if (!strcmp(cname, "B-163"))
return NID_sect163r2;
if (!strcmp(cname, "B-233"))
return NID_sect233r1;
if (!strcmp(cname, "B-283"))
return NID_sect283r1;
if (!strcmp(cname, "B-409"))
return NID_sect409r1;
if (!strcmp(cname, "B-571"))
return NID_sect571r1;
if (!strcmp(cname, "K-163"))
return NID_sect163k1;
if (!strcmp(cname, "K-233"))
return NID_sect233k1;
if (!strcmp(cname, "K-283"))
return NID_sect283k1;
if (!strcmp(cname, "K-409"))
return NID_sect409k1;
if (!strcmp(cname, "K-571"))
return NID_sect571k1;
if (!strcmp(cname, "P-192"))
return NID_X9_62_prime192v1;
if (!strcmp(cname, "P-224"))
return NID_secp224r1;
if (!strcmp(cname, "P-256"))
return NID_X9_62_prime256v1;
if (!strcmp(cname, "P-384"))
return NID_secp384r1;
if (!strcmp(cname, "P-521"))
return NID_secp521r1;
fprintf(stderr, "Unknown Curve name %s\n", cname);
return NID_undef;
}
static int lookup_curve(char *cname)
{
char *p;
p = strchr(cname, ':');
if (!p)
{
fprintf(stderr, "Parse error: missing :\n");
return NID_undef;
}
cname = p + 1;
while(isspace(*cname))
cname++;
return lookup_curve2(cname);
}
static EC_POINT *make_peer(EC_GROUP *group, BIGNUM *x, BIGNUM *y)
{
EC_POINT *peer;
int rv;
BN_CTX *c;
peer = EC_POINT_new(group);
if (!peer)
return NULL;
c = BN_CTX_new();
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
== NID_X9_62_prime_field)
rv = EC_POINT_set_affine_coordinates_GFp(group, peer, x, y, c);
else
#ifdef OPENSSL_NO_EC2M
{
fprintf(stderr, "ERROR: GF2m not supported\n");
exit(1);
}
#else
rv = EC_POINT_set_affine_coordinates_GF2m(group, peer, x, y, c);
#endif
BN_CTX_free(c);
if (rv)
return peer;
EC_POINT_free(peer);
return NULL;
}
static int ec_print_key(FILE *out, EC_KEY *key, int add_e, int exout)
{
const EC_POINT *pt;
const EC_GROUP *grp;
const EC_METHOD *meth;
int rv;
BIGNUM *tx, *ty;
const BIGNUM *d = NULL;
BN_CTX *ctx;
ctx = BN_CTX_new();
if (!ctx)
return 0;
tx = BN_CTX_get(ctx);
ty = BN_CTX_get(ctx);
if (!tx || !ty)
return 0;
grp = EC_KEY_get0_group(key);
pt = EC_KEY_get0_public_key(key);
if (exout)
d = EC_KEY_get0_private_key(key);
meth = EC_GROUP_method_of(grp);
if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, tx, ty, ctx);
else
#ifdef OPENSSL_NO_EC2M
{
fprintf(stderr, "ERROR: GF2m not supported\n");
exit(1);
}
#else
rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, tx, ty, ctx);
#endif
if (add_e)
{
do_bn_print_name(out, "QeIUTx", tx);
do_bn_print_name(out, "QeIUTy", ty);
if (d)
do_bn_print_name(out, "QeIUTd", d);
}
else
{
do_bn_print_name(out, "QIUTx", tx);
do_bn_print_name(out, "QIUTy", ty);
if (d)
do_bn_print_name(out, "QIUTd", d);
}
BN_CTX_free(ctx);
return rv;
}
static void ec_output_Zhash(FILE *out, int exout, EC_GROUP *group,
BIGNUM *ix, BIGNUM *iy, BIGNUM *id, BIGNUM *cx,
BIGNUM *cy, const EVP_MD *md,
unsigned char *rhash, size_t rhashlen)
{
EC_KEY *ec = NULL;
EC_POINT *peerkey = NULL;
unsigned char *Z;
unsigned char chash[EVP_MAX_MD_SIZE];
int Zlen;
ec = EC_KEY_new();
EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH);
EC_KEY_set_group(ec, group);
peerkey = make_peer(group, cx, cy);
if (rhash == NULL)
{
if (md)
rhashlen = M_EVP_MD_size(md);
EC_KEY_generate_key(ec);
ec_print_key(out, ec, md ? 1 : 0, exout);
}
else
{
EC_KEY_set_public_key_affine_coordinates(ec, ix, iy);
EC_KEY_set_private_key(ec, id);
}
Zlen = (EC_GROUP_get_degree(group) + 7)/8;
Z = OPENSSL_malloc(Zlen);
if (!Z)
exit(1);
ECDH_compute_key(Z, Zlen, peerkey, ec, 0);
if (md)
{
if (exout)
OutputValue("Z", Z, Zlen, out, 0);
FIPS_digest(Z, Zlen, chash, NULL, md);
OutputValue(rhash ? "IUTHashZZ" : "HashZZ",
chash, rhashlen, out, 0);
if (rhash)
{
fprintf(out, "Result = %s\n",
memcmp(chash, rhash, rhashlen) ? "F" : "P");
}
}
else
OutputValue("ZIUT", Z, Zlen, out, 0);
OPENSSL_cleanse(Z, Zlen);
OPENSSL_free(Z);
EC_KEY_free(ec);
EC_POINT_free(peerkey);
}
#ifdef FIPS_ALGVS
int fips_ecdhvs_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
char **args = argv + 1;
int argn = argc - 1;
FILE *in, *out;
char buf[2048], lbuf[2048];
unsigned char *rhash = NULL;
long rhashlen;
BIGNUM *cx = NULL, *cy = NULL;
BIGNUM *id = NULL, *ix = NULL, *iy = NULL;
const EVP_MD *md = NULL;
EC_GROUP *group = NULL;
char *keyword = NULL, *value = NULL;
int do_verify = -1, exout = 0;
int rv = 1;
int curve_nids[5] = {0,0,0,0,0};
int param_set = -1;
fips_algtest_init();
if (argn && !strcmp(*args, "ecdhver"))
{
do_verify = 1;
args++;
argn--;
}
else if (argn && !strcmp(*args, "ecdhgen"))
{
do_verify = 0;
args++;
argn--;
}
if (argn && !strcmp(*args, "-exout"))
{
exout = 1;
args++;
argn--;
}
if (do_verify == -1)
{
fprintf(stderr,"%s [ecdhver|ecdhgen|] [-exout] (infile outfile)\n",argv[0]);
exit(1);
}
if (argn == 2)
{
in = fopen(*args, "r");
if (!in)
{
fprintf(stderr, "Error opening input file\n");
exit(1);
}
out = fopen(args[1], "w");
if (!out)
{
fprintf(stderr, "Error opening output file\n");
exit(1);
}
}
else if (argn == 0)
{
in = stdin;
out = stdout;
}
else
{
fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
exit(1);
}
while (fgets(buf, sizeof(buf), in) != NULL)
{
fputs(buf, out);
if (buf[0] == '[' && buf[1] == 'E')
{
int c = buf[2];
if (c < 'A' || c > 'E')
goto parse_error;
param_set = c - 'A';
/* If just [E?] then initial paramset */
if (buf[3] == ']')
continue;
if (group)
EC_GROUP_free(group);
group = EC_GROUP_new_by_curve_name(curve_nids[c - 'A']);
}
if (strlen(buf) > 10 && !strncmp(buf, "[Curve", 6))
{
int nid;
if (param_set == -1)
goto parse_error;
nid = lookup_curve(buf);
if (nid == NID_undef)
goto parse_error;
curve_nids[param_set] = nid;
}
if (strlen(buf) > 4 && buf[0] == '[' && buf[2] == '-')
{
int nid = lookup_curve2(buf + 1);
if (nid == NID_undef)
goto parse_error;
if (group)
EC_GROUP_free(group);
group = EC_GROUP_new_by_curve_name(nid);
if (!group)
{
fprintf(stderr, "ERROR: unsupported curve %s\n", buf + 1);
return 1;
}
}
if (strlen(buf) > 6 && !strncmp(buf, "[E", 2))
{
md = eparse_md(buf);
if (md == NULL)
goto parse_error;
continue;
}
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
if (!strcmp(keyword, "QeCAVSx") || !strcmp(keyword, "QCAVSx"))
{
if (!do_hex2bn(&cx, value))
goto parse_error;
}
else if (!strcmp(keyword, "QeCAVSy") || !strcmp(keyword, "QCAVSy"))
{
if (!do_hex2bn(&cy, value))
goto parse_error;
if (do_verify == 0)
ec_output_Zhash(out, exout, group,
NULL, NULL, NULL,
cx, cy, md, rhash, rhashlen);
}
else if (!strcmp(keyword, "deIUT"))
{
if (!do_hex2bn(&id, value))
goto parse_error;
}
else if (!strcmp(keyword, "QeIUTx"))
{
if (!do_hex2bn(&ix, value))
goto parse_error;
}
else if (!strcmp(keyword, "QeIUTy"))
{
if (!do_hex2bn(&iy, value))
goto parse_error;
}
else if (!strcmp(keyword, "CAVSHashZZ"))
{
if (!md)
goto parse_error;
rhash = hex2bin_m(value, &rhashlen);
if (!rhash || rhashlen != M_EVP_MD_size(md))
goto parse_error;
ec_output_Zhash(out, exout, group, ix, iy, id, cx, cy,
md, rhash, rhashlen);
}
}
rv = 0;
parse_error:
if (id)
BN_free(id);
if (ix)
BN_free(ix);
if (iy)
BN_free(iy);
if (cx)
BN_free(cx);
if (cy)
BN_free(cy);
if (group)
EC_GROUP_free(group);
if (in && in != stdin)
fclose(in);
if (out && out != stdout)
fclose(out);
if (rv)
fprintf(stderr, "Error Parsing request file\n");
return rv;
}
#endif

130
fips/ecdsa/Makefile
View File

@ -1,130 +0,0 @@
#
# OpenSSL/fips/ecdsa/Makefile
#
DIR= ecdsa
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST= fips_ecdsavs.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= fips_ecdsa_lib.c fips_ecdsa_sign.c fips_ecdsa_selftest.c
LIBOBJ= fips_ecdsa_lib.o fips_ecdsa_sign.o fips_ecdsa_selftest.o
SRC= $(LIBSRC)
EXHEADER=
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
install:
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done
tags:
ctags $(SRC)
tests:
fips_test:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips_ecdsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_ecdsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
fips_ecdsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_ecdsa_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/fips.h
fips_ecdsa_lib.o: ../../include/openssl/opensslconf.h
fips_ecdsa_lib.o: ../../include/openssl/opensslv.h
fips_ecdsa_lib.o: ../../include/openssl/ossl_typ.h
fips_ecdsa_lib.o: ../../include/openssl/safestack.h
fips_ecdsa_lib.o: ../../include/openssl/stack.h
fips_ecdsa_lib.o: ../../include/openssl/symhacks.h fips_ecdsa_lib.c
fips_ecdsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_ecdsa_selftest.o: ../../include/openssl/bn.h
fips_ecdsa_selftest.o: ../../include/openssl/crypto.h
fips_ecdsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_ecdsa_selftest.o: ../../include/openssl/ecdsa.h
fips_ecdsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_ecdsa_selftest.o: ../../include/openssl/fips.h
fips_ecdsa_selftest.o: ../../include/openssl/lhash.h
fips_ecdsa_selftest.o: ../../include/openssl/obj_mac.h
fips_ecdsa_selftest.o: ../../include/openssl/objects.h
fips_ecdsa_selftest.o: ../../include/openssl/opensslconf.h
fips_ecdsa_selftest.o: ../../include/openssl/opensslv.h
fips_ecdsa_selftest.o: ../../include/openssl/ossl_typ.h
fips_ecdsa_selftest.o: ../../include/openssl/safestack.h
fips_ecdsa_selftest.o: ../../include/openssl/stack.h
fips_ecdsa_selftest.o: ../../include/openssl/symhacks.h fips_ecdsa_selftest.c
fips_ecdsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_ecdsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
fips_ecdsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_ecdsa_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
fips_ecdsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
fips_ecdsa_sign.o: ../../include/openssl/obj_mac.h
fips_ecdsa_sign.o: ../../include/openssl/objects.h
fips_ecdsa_sign.o: ../../include/openssl/opensslconf.h
fips_ecdsa_sign.o: ../../include/openssl/opensslv.h
fips_ecdsa_sign.o: ../../include/openssl/ossl_typ.h
fips_ecdsa_sign.o: ../../include/openssl/safestack.h
fips_ecdsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
fips_ecdsa_sign.o: ../../include/openssl/symhacks.h fips_ecdsa_sign.c
fips_ecdsavs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_ecdsavs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_ecdsavs.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
fips_ecdsavs.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
fips_ecdsavs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_ecdsavs.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
fips_ecdsavs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
fips_ecdsavs.o: ../../include/openssl/objects.h
fips_ecdsavs.o: ../../include/openssl/opensslconf.h
fips_ecdsavs.o: ../../include/openssl/opensslv.h
fips_ecdsavs.o: ../../include/openssl/ossl_typ.h
fips_ecdsavs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_ecdsavs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_ecdsavs.c

93
fips/ecdsa/fips_ecdsa_lib.c
View File

@ -1,93 +0,0 @@
/* fips_dsa_lib.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2007.
*/
/* ====================================================================
* Copyright (c) 2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/ecdsa.h>
#include <openssl/bn.h>
#include <openssl/fips.h>
ECDSA_SIG *FIPS_ecdsa_sig_new(void)
{
ECDSA_SIG *sig;
sig = OPENSSL_malloc(sizeof(ECDSA_SIG));
if (!sig)
return NULL;
sig->r = BN_new();
sig->s = BN_new();
if (!sig->r || !sig->s)
{
FIPS_ecdsa_sig_free(sig);
return NULL;
}
return sig;
}
void FIPS_ecdsa_sig_free(ECDSA_SIG *sig)
{
if (sig)
{
if (sig->r)
BN_free(sig->r);
if (sig->s)
BN_free(sig->s);
OPENSSL_free(sig);
}
}

198
fips/ecdsa/fips_ecdsa_selftest.c
View File

@ -1,198 +0,0 @@
/* fips/ecdsa/fips_ecdsa_selftest.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2011.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#include <openssl/fips.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#ifdef OPENSSL_FIPS
__fips_constseg
static const char P_224_name[] = "ECDSA P-224";
__fips_constseg
static const unsigned char P_224_d[] = {
0x98,0x1f,0xb5,0xf1,0xfc,0x87,0x1d,0x7d,0xde,0x1e,0x01,0x64,
0x09,0x9b,0xe7,0x1b,0x9f,0xad,0x63,0xdd,0x33,0x01,0xd1,0x50,
0x80,0x93,0x50,0x30
};
__fips_constseg
static const unsigned char P_224_qx[] = {
0x95,0x47,0x99,0x44,0x29,0x8f,0x51,0x39,0xe2,0x53,0xec,0x79,
0xb0,0x4d,0xde,0x87,0x1a,0x76,0x54,0xd5,0x96,0xb8,0x7a,0x6d,
0xf4,0x1c,0x2c,0x87
};
__fips_constseg
static const unsigned char P_224_qy[] = {
0x91,0x5f,0xd5,0x31,0xdd,0x24,0xe5,0x78,0xd9,0x08,0x24,0x8a,
0x49,0x99,0xec,0x55,0xf2,0x82,0xb3,0xc4,0xb7,0x33,0x68,0xe4,
0x24,0xa9,0x12,0x82
};
#ifndef OPENSSL_NO_EC2M
__fips_constseg
static const char K_233_name[] = "ECDSA K-233";
__fips_constseg
static const unsigned char K_233_d[] = {
0x10,0x0a,0xe0,0xae,0xcf,0x1b,0xa4,0x55,0x1a,0xd4,0xc8,0x3f,
0xc3,0x7e,0xdc,0x97,0x40,0x2c,0x6a,0xc8,0xe2,0x50,0x09,0xf8,
0x1c,0x70,0x23,0xcb,0xde
};
__fips_constseg
static const unsigned char K_233_qx[] = {
0x01,0xa6,0xbf,0x38,0x32,0xe2,0xd7,0x15,0x4a,0xc8,0xaa,0x1f,
0x9d,0xdb,0xb8,0x8f,0x9a,0x9b,0xc0,0xb4,0xc1,0xb6,0xa5,0x5c,
0x93,0xb9,0x8a,0x83,0x65,0xe9
};
__fips_constseg
static const unsigned char K_233_qy[] = {
0x01,0x81,0x3d,0xfe,0x38,0x56,0x8f,0x3c,0x23,0x29,0xc6,0x59,
0xcb,0xa5,0x90,0x86,0xd1,0x8c,0xd8,0xb0,0xf2,0xd4,0x35,0x2b,
0x11,0x40,0x33,0x9a,0x88,0x10
};
#endif
typedef struct
{
int curve;
const char *name;
const unsigned char *x;
size_t xlen;
const unsigned char *y;
size_t ylen;
const unsigned char *d;
size_t dlen;
} EC_SELFTEST_DATA;
#define make_ecdsa_test(nid, pr) { nid, pr##_name, \
pr##_qx, sizeof(pr##_qx), \
pr##_qy, sizeof(pr##_qy), \
pr##_d, sizeof(pr##_d)}
static EC_SELFTEST_DATA test_ec_data[] =
{
make_ecdsa_test(NID_secp224r1, P_224),
#ifndef OPENSSL_NO_EC2M
make_ecdsa_test(NID_sect233k1, K_233)
#endif
};
int FIPS_selftest_ecdsa()
{
EC_KEY *ec = NULL;
BIGNUM *x = NULL, *y = NULL, *d = NULL;
EVP_PKEY pk;
int rv = 0;
size_t i;
for (i = 0; i < sizeof(test_ec_data)/sizeof(EC_SELFTEST_DATA); i++)
{
EC_SELFTEST_DATA *ecd = test_ec_data + i;
x = BN_bin2bn(ecd->x, ecd->xlen, x);
y = BN_bin2bn(ecd->y, ecd->ylen, y);
d = BN_bin2bn(ecd->d, ecd->dlen, d);
if (!x || !y || !d)
goto err;
ec = EC_KEY_new_by_curve_name(ecd->curve);
if (!ec)
goto err;
if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y))
goto err;
if (!EC_KEY_set_private_key(ec, d))
goto err;
pk.type = EVP_PKEY_EC;
pk.pkey.ec = ec;
if (!fips_pkey_signature_test(FIPS_TEST_SIGNATURE, &pk, NULL, 0,
NULL, 0, EVP_sha512(), 0,
ecd->name))
goto err;
EC_KEY_free(ec);
ec = NULL;
}
rv = 1;
err:
if (x)
BN_clear_free(x);
if (y)
BN_clear_free(y);
if (d)
BN_clear_free(d);
if (ec)
EC_KEY_free(ec);
return rv;
}
#endif

114
fips/ecdsa/fips_ecdsa_sign.c
View File

@ -1,114 +0,0 @@
/* fips_ecdsa_sign.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2011.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/evp.h>
#include <openssl/ecdsa.h>
#include <openssl/err.h>
#include <openssl/sha.h>
#include <openssl/bn.h>
ECDSA_SIG * FIPS_ecdsa_sign_ctx(EC_KEY *key, EVP_MD_CTX *ctx)
{
ECDSA_SIG *s;
unsigned char dig[EVP_MAX_MD_SIZE];
unsigned int dlen;
FIPS_digestfinal(ctx, dig, &dlen);
s = FIPS_ecdsa_sign_digest(key, dig, dlen);
OPENSSL_cleanse(dig, dlen);
return s;
}
int FIPS_ecdsa_verify_ctx(EC_KEY *key, EVP_MD_CTX *ctx, ECDSA_SIG *s)
{
int ret=-1;
unsigned char dig[EVP_MAX_MD_SIZE];
unsigned int dlen;
FIPS_digestfinal(ctx, dig, &dlen);
ret = FIPS_ecdsa_verify_digest(key, dig, dlen, s);
OPENSSL_cleanse(dig, dlen);
return ret;
}
int FIPS_ecdsa_verify(EC_KEY *key, const unsigned char *msg, size_t msglen,
const EVP_MD *mhash, ECDSA_SIG *s)
{
int ret=-1;
unsigned char dig[EVP_MAX_MD_SIZE];
unsigned int dlen;
FIPS_digest(msg, msglen, dig, &dlen, mhash);
ret=FIPS_ecdsa_verify_digest(key, dig, dlen, s);
OPENSSL_cleanse(dig, dlen);
return ret;
}
ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key,
const unsigned char *msg, size_t msglen,
const EVP_MD *mhash)
{
ECDSA_SIG *s;
unsigned char dig[EVP_MAX_MD_SIZE];
unsigned int dlen;
FIPS_digest(msg, msglen, dig, &dlen, mhash);
s = FIPS_ecdsa_sign_digest(key, dig, dlen);
OPENSSL_cleanse(dig, dlen);
return s;
}

533
fips/ecdsa/fips_ecdsavs.c
View File

@ -1,533 +0,0 @@
/* fips/ecdsa/fips_ecdsavs.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include <openssl/opensslconf.h>
#include <stdio.h>
#ifndef OPENSSL_FIPS
int main(int argc, char **argv)
{
printf("No FIPS ECDSA support\n");
return(0);
}
#else
#include <string.h>
#include <ctype.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/ecdsa.h>
#include <openssl/evp.h>
#include "fips_utl.h"
#include <openssl/objects.h>
static int elookup_curve(char *in, char *curve_name, const EVP_MD **pmd)
{
char *cname, *p;
/* Copy buffer as we will change it */
strcpy(curve_name, in);
cname = curve_name + 1;
p = strchr(cname, ']');
if (!p)
{
fprintf(stderr, "Parse error: missing ]\n");
return NID_undef;
}
*p = 0;
p = strchr(cname, ',');
if (p)
{
if (!pmd)
{
fprintf(stderr, "Parse error: unexpected digest\n");
return NID_undef;
}
*p = 0;
p++;
if (!strcmp(p, "SHA-1"))
*pmd = EVP_sha1();
else if (!strcmp(p, "SHA-224"))
*pmd = EVP_sha224();
else if (!strcmp(p, "SHA-256"))
*pmd = EVP_sha256();
else if (!strcmp(p, "SHA-384"))
*pmd = EVP_sha384();
else if (!strcmp(p, "SHA-512"))
*pmd = EVP_sha512();
else
{
fprintf(stderr, "Unknown digest %s\n", p);
return NID_undef;
}
}
else if(pmd)
*pmd = EVP_sha1();
if (!strcmp(cname, "B-163"))
return NID_sect163r2;
if (!strcmp(cname, "B-233"))
return NID_sect233r1;
if (!strcmp(cname, "B-283"))
return NID_sect283r1;
if (!strcmp(cname, "B-409"))
return NID_sect409r1;
if (!strcmp(cname, "B-571"))
return NID_sect571r1;
if (!strcmp(cname, "K-163"))
return NID_sect163k1;
if (!strcmp(cname, "K-233"))
return NID_sect233k1;
if (!strcmp(cname, "K-283"))
return NID_sect283k1;
if (!strcmp(cname, "K-409"))
return NID_sect409k1;
if (!strcmp(cname, "K-571"))
return NID_sect571k1;
if (!strcmp(cname, "P-192"))
return NID_X9_62_prime192v1;
if (!strcmp(cname, "P-224"))
return NID_secp224r1;
if (!strcmp(cname, "P-256"))
return NID_X9_62_prime256v1;
if (!strcmp(cname, "P-384"))
return NID_secp384r1;
if (!strcmp(cname, "P-521"))
return NID_secp521r1;
fprintf(stderr, "Unknown Curve name %s\n", cname);
return NID_undef;
}
static int ec_get_pubkey(EC_KEY *key, BIGNUM *x, BIGNUM *y)
{
const EC_POINT *pt;
const EC_GROUP *grp;
const EC_METHOD *meth;
int rv;
BN_CTX *ctx;
ctx = BN_CTX_new();
if (!ctx)
return 0;
grp = EC_KEY_get0_group(key);
pt = EC_KEY_get0_public_key(key);
meth = EC_GROUP_method_of(grp);
if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, x, y, ctx);
else
#ifdef OPENSSL_NO_EC2M
{
fprintf(stderr, "ERROR: GF2m not supported\n");
exit(1);
}
#else
rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, x, y, ctx);
#endif
BN_CTX_free(ctx);
return rv;
}
static int KeyPair(FILE *in, FILE *out)
{
char buf[2048], lbuf[2048];
char *keyword, *value;
int curve_nid = NID_undef;
int i, count;
BIGNUM *Qx = NULL, *Qy = NULL;
const BIGNUM *d = NULL;
EC_KEY *key = NULL;
Qx = BN_new();
Qy = BN_new();
while(fgets(buf, sizeof buf, in) != NULL)
{
if (*buf == '[' && buf[2] == '-')
{
if (buf[2] == '-')
curve_nid = elookup_curve(buf, lbuf, NULL);
fputs(buf, out);
continue;
}
if (!parse_line(&keyword, &value, lbuf, buf))
{
fputs(buf, out);
continue;
}
if (!strcmp(keyword, "N"))
{
count = atoi(value);
for (i = 0; i < count; i++)
{
key = EC_KEY_new_by_curve_name(curve_nid);
if (!EC_KEY_generate_key(key))
{
fprintf(stderr, "Error generating key\n");
return 0;
}
if (!ec_get_pubkey(key, Qx, Qy))
{
fprintf(stderr, "Error getting public key\n");
return 0;
}
d = EC_KEY_get0_private_key(key);
do_bn_print_name(out, "d", d);
do_bn_print_name(out, "Qx", Qx);
do_bn_print_name(out, "Qy", Qy);
fputs(RESP_EOL, out);
EC_KEY_free(key);
}
}
}
BN_free(Qx);
BN_free(Qy);
return 1;
}
static int PKV(FILE *in, FILE *out)
{
char buf[2048], lbuf[2048];
char *keyword, *value;
int curve_nid = NID_undef;
BIGNUM *Qx = NULL, *Qy = NULL;
EC_KEY *key = NULL;
while(fgets(buf, sizeof buf, in) != NULL)
{
fputs(buf, out);
if (*buf == '[' && buf[2] == '-')
{
curve_nid = elookup_curve(buf, lbuf, NULL);
if (curve_nid == NID_undef)
return 0;
}
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
if (!strcmp(keyword, "Qx"))
{
if (!do_hex2bn(&Qx, value))
{
fprintf(stderr, "Invalid Qx value\n");
return 0;
}
}
if (!strcmp(keyword, "Qy"))
{
int rv;
if (!do_hex2bn(&Qy, value))
{
fprintf(stderr, "Invalid Qy value\n");
return 0;
}
key = EC_KEY_new_by_curve_name(curve_nid);
no_err = 1;
rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
no_err = 0;
EC_KEY_free(key);
fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F");
}
}
BN_free(Qx);
BN_free(Qy);
return 1;
}
static int SigGen(FILE *in, FILE *out)
{
char buf[2048], lbuf[2048];
char *keyword, *value;
unsigned char *msg;
int curve_nid = NID_undef;
long mlen;
BIGNUM *Qx = NULL, *Qy = NULL;
EC_KEY *key = NULL;
ECDSA_SIG *sig = NULL;
const EVP_MD *digest = NULL;
Qx = BN_new();
Qy = BN_new();
while(fgets(buf, sizeof buf, in) != NULL)
{
fputs(buf, out);
if (*buf == '[')
{
curve_nid = elookup_curve(buf, lbuf, &digest);
if (curve_nid == NID_undef)
return 0;
}
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
if (!strcmp(keyword, "Msg"))
{
msg = hex2bin_m(value, &mlen);
if (!msg)
{
fprintf(stderr, "Invalid Message\n");
return 0;
}
key = EC_KEY_new_by_curve_name(curve_nid);
if (!EC_KEY_generate_key(key))
{
fprintf(stderr, "Error generating key\n");
return 0;
}
if (!ec_get_pubkey(key, Qx, Qy))
{
fprintf(stderr, "Error getting public key\n");
return 0;
}
sig = FIPS_ecdsa_sign(key, msg, mlen, digest);
if (!sig)
{
fprintf(stderr, "Error signing message\n");
return 0;
}
do_bn_print_name(out, "Qx", Qx);
do_bn_print_name(out, "Qy", Qy);
do_bn_print_name(out, "R", sig->r);
do_bn_print_name(out, "S", sig->s);
EC_KEY_free(key);
OPENSSL_free(msg);
FIPS_ecdsa_sig_free(sig);
}
}
BN_free(Qx);
BN_free(Qy);
return 1;
}
static int SigVer(FILE *in, FILE *out)
{
char buf[2048], lbuf[2048];
char *keyword, *value;
unsigned char *msg = NULL;
int curve_nid = NID_undef;
long mlen;
BIGNUM *Qx = NULL, *Qy = NULL;
EC_KEY *key = NULL;
ECDSA_SIG sg, *sig = &sg;
const EVP_MD *digest = NULL;
sig->r = NULL;
sig->s = NULL;
while(fgets(buf, sizeof buf, in) != NULL)
{
fputs(buf, out);
if (*buf == '[')
{
curve_nid = elookup_curve(buf, lbuf, &digest);
if (curve_nid == NID_undef)
return 0;
}
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
if (!strcmp(keyword, "Msg"))
{
msg = hex2bin_m(value, &mlen);
if (!msg)
{
fprintf(stderr, "Invalid Message\n");
return 0;
}
}
if (!strcmp(keyword, "Qx"))
{
if (!do_hex2bn(&Qx, value))
{
fprintf(stderr, "Invalid Qx value\n");
return 0;
}
}
if (!strcmp(keyword, "Qy"))
{
if (!do_hex2bn(&Qy, value))
{
fprintf(stderr, "Invalid Qy value\n");
return 0;
}
}
if (!strcmp(keyword, "R"))
{
if (!do_hex2bn(&sig->r, value))
{
fprintf(stderr, "Invalid R value\n");
return 0;
}
}
if (!strcmp(keyword, "S"))
{
int rv;
if (!do_hex2bn(&sig->s, value))
{
fprintf(stderr, "Invalid S value\n");
return 0;
}
key = EC_KEY_new_by_curve_name(curve_nid);
rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
if (rv != 1)
{
fprintf(stderr, "Error setting public key\n");
return 0;
}
no_err = 1;
rv = FIPS_ecdsa_verify(key, msg, mlen, digest, sig);
EC_KEY_free(key);
if (msg)
OPENSSL_free(msg);
no_err = 0;
fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F");
}
}
if (sig->r)
BN_free(sig->r);
if (sig->s)
BN_free(sig->s);
if (Qx)
BN_free(Qx);
if (Qy)
BN_free(Qy);
return 1;
}
#ifdef FIPS_ALGVS
int fips_ecdsavs_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
FILE *in = NULL, *out = NULL;
const char *cmd = argv[1];
int rv = 0;
fips_algtest_init();
if (argc == 4)
{
in = fopen(argv[2], "r");
if (!in)
{
fprintf(stderr, "Error opening input file\n");
exit(1);
}
out = fopen(argv[3], "w");
if (!out)
{
fprintf(stderr, "Error opening output file\n");
exit(1);
}
}
else if (argc == 2)
{
in = stdin;
out = stdout;
}
if (!cmd)
{
fprintf(stderr, "fips_ecdsavs [KeyPair|PKV|SigGen|SigVer]\n");
return 1;
}
if (!strcmp(cmd, "KeyPair"))
rv = KeyPair(in, out);
else if (!strcmp(cmd, "PKV"))
rv = PKV(in, out);
else if (!strcmp(cmd, "SigVer"))
rv = SigVer(in, out);
else if (!strcmp(cmd, "SigGen"))
rv = SigGen(in, out);
else
{
fprintf(stderr, "Unknown command %s\n", cmd);
return 1;
}
if (argc == 4)
{
fclose(in);
fclose(out);
}
if (rv <= 0)
{
fprintf(stderr, "Error running %s\n", cmd);
return 1;
}
return 0;
}
#endif

443
fips/fips.c
View File

@ -1,443 +0,0 @@
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define OPENSSL_FIPSAPI
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/fips_rand.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#include <openssl/hmac.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/ecdsa.h>
#include <string.h>
#include <limits.h>
#include "fips_locl.h"
#include "fips_auth.h"
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#ifndef PATH_MAX
#define PATH_MAX 1024
#endif
#define atox(c) ((c)>='a'?((c)-'a'+10):((c)>='A'?(c)-'A'+10:(c)-'0'))
static int fips_selftest_fail = 0;
static int fips_auth_fail = 0;
static int fips_mode = 0;
static int fips_started = 0;
static int fips_is_owning_thread(void);
static int fips_set_owning_thread(void);
static int fips_clear_owning_thread(void);
static unsigned char *fips_signature_witness(void);
#define fips_w_lock() CRYPTO_w_lock(CRYPTO_LOCK_FIPS)
#define fips_w_unlock() CRYPTO_w_unlock(CRYPTO_LOCK_FIPS)
#define fips_r_lock() CRYPTO_r_lock(CRYPTO_LOCK_FIPS)
#define fips_r_unlock() CRYPTO_r_unlock(CRYPTO_LOCK_FIPS)
static void fips_set_mode(int onoff)
{
int owning_thread = fips_is_owning_thread();
if (fips_started)
{
if (!owning_thread) fips_w_lock();
fips_mode = onoff;
if (!owning_thread) fips_w_unlock();
}
}
int FIPS_module_mode(void)
{
int ret = 0;
int owning_thread = fips_is_owning_thread();
if (fips_started)
{
if (!owning_thread) fips_r_lock();
ret = fips_mode;
if (!owning_thread) fips_r_unlock();
}
return ret;
}
int FIPS_selftest_failed(void)
{
int ret = 0;
if (fips_started)
{
int owning_thread = fips_is_owning_thread();
if (!owning_thread) fips_r_lock();
ret = fips_selftest_fail;
if (!owning_thread) fips_r_unlock();
}
return ret;
}
/* Selftest failure fatal exit routine. This will be called
* during *any* cryptographic operation. It has the minimum
* overhead possible to avoid too big a performance hit.
*/
void FIPS_selftest_check(void)
{
if (fips_selftest_fail)
{
OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
}
}
void fips_set_selftest_fail(void)
{
fips_selftest_fail = 1;
}
extern const void *FIPS_text_start(), *FIPS_text_end();
extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
unsigned char FIPS_signature [20] = { 0 };
__fips_constseg
static const char FIPS_hmac_key[]="etaonrishdlcupfm";
unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len)
{
const unsigned char *p1 = FIPS_text_start();
const unsigned char *p2 = FIPS_text_end();
const unsigned char *p3 = FIPS_rodata_start;
const unsigned char *p4 = FIPS_rodata_end;
HMAC_CTX c;
HMAC_CTX_init(&c);
HMAC_Init(&c,FIPS_hmac_key,strlen(FIPS_hmac_key),EVP_sha1());
/* detect overlapping regions */
if (p1<=p3 && p2>=p3)
p3=p1, p4=p2>p4?p2:p4, p1=NULL, p2=NULL;
else if (p3<=p1 && p4>=p1)
p3=p3, p4=p2>p4?p2:p4, p1=NULL, p2=NULL;
if (p1)
HMAC_Update(&c,p1,(size_t)p2-(size_t)p1);
if (FIPS_signature>=p3 && FIPS_signature<p4)
{
/* "punch" hole */
HMAC_Update(&c,p3,(size_t)FIPS_signature-(size_t)p3);
p3 = FIPS_signature+sizeof(FIPS_signature);
if (p3<p4)
HMAC_Update(&c,p3,(size_t)p4-(size_t)p3);
}
else
HMAC_Update(&c,p3,(size_t)p4-(size_t)p3);
if (!fips_post_corrupt(FIPS_TEST_INTEGRITY, 0, NULL))
HMAC_Update(&c, (unsigned char *)FIPS_hmac_key, 1);
HMAC_Final(&c,sig,&len);
HMAC_CTX_cleanup(&c);
return len;
}
int FIPS_check_incore_fingerprint(void)
{
unsigned char sig[EVP_MAX_MD_SIZE];
unsigned int len;
int rv = 0;
#if defined(__sgi) && (defined(__mips) || defined(mips))
extern int __dso_displacement[];
#else
extern int OPENSSL_NONPIC_relocated;
#endif
if (!fips_post_started(FIPS_TEST_INTEGRITY, 0, NULL))
return 1;
if (FIPS_text_start()==NULL)
{
FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_UNSUPPORTED_PLATFORM);
goto err;
}
len=FIPS_incore_fingerprint(sig,sizeof(sig));
if (len!=sizeof(FIPS_signature) ||
memcmp(FIPS_signature,sig,sizeof(FIPS_signature)))
{
if (FIPS_signature>=FIPS_rodata_start && FIPS_signature<FIPS_rodata_end)
FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING);
#if defined(__sgi) && (defined(__mips) || defined(mips))
else if (__dso_displacement!=NULL)
#else
else if (OPENSSL_NONPIC_relocated)
#endif
FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED);
else
FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
#ifdef OPENSSL_FIPS_DEBUGGER
rv = 1;
#endif
goto err;
}
rv = 1;
err:
if (rv == 0)
fips_post_failed(FIPS_TEST_INTEGRITY, 0, NULL);
else
if (!fips_post_success(FIPS_TEST_INTEGRITY, 0, NULL))
return 0;
return rv;
}
static int fips_asc_check(const unsigned char *sig, const char *asc_sig)
{
char tsig[20];
const char *p;
int i;
if (strlen(asc_sig) != 40)
return 0;
for (i = 0, p = asc_sig; i < 20; i++, p += 2)
tsig[i] = (atox(p[0]) << 4) | atox(p[1]);
if (memcmp(tsig, sig, 20))
return 0;
return 1;
}
static int fips_check_auth(const char *auth)
{
unsigned char auth_hmac[20];
unsigned int hmac_len;
if (fips_auth_fail)
return 0;
if (strlen(auth) < FIPS_AUTH_MIN_LEN)
return 0;
if (!HMAC(EVP_sha1(), FIPS_AUTH_KEY, strlen(FIPS_AUTH_KEY),
(unsigned char *)auth, strlen(auth), auth_hmac, &hmac_len))
return 0;
if (hmac_len != sizeof(auth_hmac))
return 0;
if (fips_asc_check(auth_hmac, FIPS_AUTH_CRYPTO_OFFICER))
return 1;
if (fips_asc_check(auth_hmac, FIPS_AUTH_CRYPTO_USER))
return 1;
return 0;
}
int FIPS_module_mode_set(int onoff, const char *auth)
{
int ret = 0;
fips_w_lock();
fips_started = 1;
fips_set_owning_thread();
if(onoff)
{
fips_selftest_fail = 0;
if (!fips_check_auth(auth))
{
fips_auth_fail = 1;
fips_selftest_fail = 1;
FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_AUTHENTICATION_FAILURE);
return 0;
}
/* Don't go into FIPS mode twice, just so we can do automagic
seeding */
if(FIPS_module_mode())
{
FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET);
fips_selftest_fail = 1;
ret = 0;
goto end;
}
#ifdef OPENSSL_IA32_SSE2
{
extern unsigned int OPENSSL_ia32cap_P[2];
if ((OPENSSL_ia32cap_P[0] & (1<<25|1<<26)) != (1<<25|1<<26))
{
FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_UNSUPPORTED_PLATFORM);
fips_selftest_fail = 1;
ret = 0;
goto end;
}
OPENSSL_ia32cap_P[0] |= (1<<28); /* set "shared cache" */
OPENSSL_ia32cap_P[1] &= ~(1<<(60-32)); /* clear AVX */
}
#endif
if(fips_signature_witness() != FIPS_signature)
{
FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_CONTRADICTING_EVIDENCE);
fips_selftest_fail = 1;
ret = 0;
goto end;
}
if(FIPS_selftest())
fips_set_mode(onoff);
else
{
fips_selftest_fail = 1;
ret = 0;
goto end;
}
ret = 1;
goto end;
}
fips_set_mode(0);
fips_selftest_fail = 0;
ret = 1;
end:
fips_clear_owning_thread();
fips_w_unlock();
return ret;
}
static CRYPTO_THREADID fips_thread;
static int fips_thread_set = 0;
static int fips_is_owning_thread(void)
{
int ret = 0;
if (fips_started)
{
CRYPTO_r_lock(CRYPTO_LOCK_FIPS2);
if (fips_thread_set)
{
CRYPTO_THREADID cur;
CRYPTO_THREADID_current(&cur);
if (!CRYPTO_THREADID_cmp(&cur, &fips_thread))
ret = 1;
}
CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2);
}
return ret;
}
int fips_set_owning_thread(void)
{
int ret = 0;
if (fips_started)
{
CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
if (!fips_thread_set)
{
CRYPTO_THREADID_current(&fips_thread);
ret = 1;
fips_thread_set = 1;
}
CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
}
return ret;
}
int fips_clear_owning_thread(void)
{
int ret = 0;
if (fips_started)
{
CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
if (fips_thread_set)
{
CRYPTO_THREADID cur;
CRYPTO_THREADID_current(&cur);
if (!CRYPTO_THREADID_cmp(&cur, &fips_thread))
fips_thread_set = 0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
}
return ret;
}
unsigned char *fips_signature_witness(void)
{
extern unsigned char FIPS_signature[];
return FIPS_signature;
}
unsigned long FIPS_module_version(void)
{
return FIPS_MODULE_VERSION_NUMBER;
}
const char *FIPS_module_version_text(void)
{
return FIPS_MODULE_VERSION_TEXT;
}
#if 0
/* The purpose of this is to ensure the error code exists and the function
* name is to keep the error checking script quiet
*/
void hash_final(void)
{
FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);
}
#endif
#endif

480
fips/fips.h
View File

@ -1,480 +0,0 @@
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <openssl/opensslconf.h>
#include <stdarg.h>
#ifndef OPENSSL_FIPS
#error FIPS is disabled.
#endif
#ifdef OPENSSL_FIPS
#ifdef __cplusplus
extern "C" {
#endif
#ifndef OPENSSL_FIPSCANISTER
#define OPENSSL_FIPSCAPABLE
#endif
struct dsa_st;
struct ec_key_st;
struct rsa_st;
struct evp_pkey_st;
struct env_md_st;
struct env_md_ctx_st;
struct evp_cipher_st;
struct evp_cipher_ctx_st;
struct ec_method_st;
struct ecdsa_method;
struct dh_method;
struct CMAC_CTX_st;
struct hmac_ctx_st;
unsigned long FIPS_module_version(void);
const char *FIPS_module_version_text(void);
int FIPS_module_mode_set(int onoff, const char *auth);
int FIPS_module_mode(void);
const void *FIPS_rand_check(void);
int FIPS_selftest(void);
int FIPS_selftest_failed(void);
void FIPS_selftest_check(void);
int FIPS_selftest_sha1(void);
int FIPS_selftest_aes_ccm(void);
int FIPS_selftest_aes_gcm(void);
int FIPS_selftest_aes_xts(void);
int FIPS_selftest_aes(void);
int FIPS_selftest_des(void);
int FIPS_selftest_rsa(void);
int FIPS_selftest_dsa(void);
int FIPS_selftest_ecdsa(void);
int FIPS_selftest_ecdh(void);
void FIPS_x931_stick(int onoff);
void FIPS_drbg_stick(int onoff);
int FIPS_selftest_x931(void);
int FIPS_selftest_hmac(void);
int FIPS_selftest_drbg(void);
int FIPS_selftest_drbg_all(void);
int FIPS_selftest_cmac(void);
unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len);
int FIPS_check_incore_fingerprint(void);
void fips_set_selftest_fail(void);
int fips_check_rsa(struct rsa_st *rsa);
int fips_check_rsa_prng(struct rsa_st *rsa, int bits);
int fips_check_dsa_prng(struct dsa_st *dsa, size_t L, size_t N);
int fips_check_ec_prng(struct ec_key_st *ec);
void FIPS_set_locking_callbacks(void (*func)(int mode, int type,
const char *file,int line),
int (*add_cb)(int *pointer, int amount,
int type, const char *file, int line));
void FIPS_set_error_callbacks(
void (*put_cb)(int lib, int func,int reason,const char *file,int line),
void (*add_cb)(int num, va_list args) );
void FIPS_set_malloc_callbacks(
void *(*malloc_cb)(int num, const char *file, int line),
void (*free_cb)(void *));
void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
/* POST callback operation value: */
/* All tests started */
#define FIPS_POST_BEGIN 1
/* All tests end: result in id */
#define FIPS_POST_END 2
/* One individual test started */
#define FIPS_POST_STARTED 3
/* Individual test success */
#define FIPS_POST_SUCCESS 4
/* Individual test failure */
#define FIPS_POST_FAIL 5
/* Induce failure in test if zero return */
#define FIPS_POST_CORRUPT 6
/* Test IDs */
/* HMAC integrity test */
#define FIPS_TEST_INTEGRITY 1
/* Digest test */
#define FIPS_TEST_DIGEST 2
/* Symmetric cipher test */
#define FIPS_TEST_CIPHER 3
/* Public key signature test */
#define FIPS_TEST_SIGNATURE 4
/* HMAC test */
#define FIPS_TEST_HMAC 5
/* CMAC test */
#define FIPS_TEST_CMAC 6
/* GCM test */
#define FIPS_TEST_GCM 7
/* CCM test */
#define FIPS_TEST_CCM 8
/* XTS test */
#define FIPS_TEST_XTS 9
/* X9.31 PRNG */
#define FIPS_TEST_X931 10
/* DRNB */
#define FIPS_TEST_DRBG 11
/* Keygen pairwise consistency test */
#define FIPS_TEST_PAIRWISE 12
/* Continuous PRNG test */
#define FIPS_TEST_CONTINUOUS 13
/* ECDH test */
#define FIPS_TEST_ECDH 14
/* Minimum authorisation string length */
#define FIPS_AUTH_MIN_LEN 16
void FIPS_post_set_callback(
int (*post_cb)(int op, int id, int subid, void *ex));
#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
alg " previous FIPS forbidden algorithm error ignored");
int fips_pkey_signature_test(int id, struct evp_pkey_st *pkey,
const unsigned char *tbs, size_t tbslen,
const unsigned char *kat, size_t katlen,
const struct env_md_st *digest, int pad_mode,
const char *fail_str);
int fips_cipher_test(int id, struct evp_cipher_ctx_st *ctx,
const struct evp_cipher_st *cipher,
const unsigned char *key,
const unsigned char *iv,
const unsigned char *plaintext,
const unsigned char *ciphertext,
int len);
const struct env_md_st *FIPS_get_digestbynid(int nid);
const struct evp_cipher_st *FIPS_get_cipherbynid(int nid);
struct rsa_st *FIPS_rsa_new(void);
void FIPS_rsa_free(struct rsa_st *r);
int FIPS_rsa_sign_ctx(struct rsa_st *rsa, struct env_md_ctx_st *ctx,
int rsa_pad_mode, int saltlen,
const struct env_md_st *mgf1Hash,
unsigned char *sigret, unsigned int *siglen);
int FIPS_rsa_sign_digest(struct rsa_st *rsa,
const unsigned char *md, int md_len,
const struct env_md_st *mhash,
int rsa_pad_mode, int saltlen,
const struct env_md_st *mgf1Hash,
unsigned char *sigret, unsigned int *siglen);
int FIPS_rsa_verify_ctx(struct rsa_st *rsa, struct env_md_ctx_st *ctx,
int rsa_pad_mode, int saltlen,
const struct env_md_st *mgf1Hash,
const unsigned char *sigbuf, unsigned int siglen);
int FIPS_rsa_verify_digest(struct rsa_st *rsa,
const unsigned char *dig, int diglen,
const struct env_md_st *mhash,
int rsa_pad_mode, int saltlen,
const struct env_md_st *mgf1Hash,
const unsigned char *sigbuf, unsigned int siglen);
int FIPS_rsa_sign(struct rsa_st *rsa, const unsigned char *msg, int msglen,
const struct env_md_st *mhash, int rsa_pad_mode,
int saltlen, const struct env_md_st *mgf1Hash,
unsigned char *sigret, unsigned int *siglen);
int FIPS_rsa_verify(struct rsa_st *rsa, const unsigned char *msg, int msglen,
const struct env_md_st *mhash, int rsa_pad_mode,
int saltlen, const struct env_md_st *mgf1Hash,
const unsigned char *sigbuf, unsigned int siglen);
#ifdef OPENSSL_FIPSCAPABLE
int FIPS_digestinit(EVP_MD_CTX *ctx, const EVP_MD *type);
int FIPS_digestupdate(EVP_MD_CTX *ctx, const void *data, size_t count);
int FIPS_digestfinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size);
int FIPS_md_ctx_cleanup(EVP_MD_CTX *ctx);
int FIPS_cipherinit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv, int enc);
int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl);
int FIPS_cipher_ctx_cleanup(EVP_CIPHER_CTX *c);
const EVP_CIPHER *FIPS_evp_aes_128_cbc(void);
const EVP_CIPHER *FIPS_evp_aes_128_ccm(void);
const EVP_CIPHER *FIPS_evp_aes_128_cfb1(void);
const EVP_CIPHER *FIPS_evp_aes_128_cfb128(void);
const EVP_CIPHER *FIPS_evp_aes_128_cfb8(void);
const EVP_CIPHER *FIPS_evp_aes_128_ctr(void);
const EVP_CIPHER *FIPS_evp_aes_128_ecb(void);
const EVP_CIPHER *FIPS_evp_aes_128_gcm(void);
const EVP_CIPHER *FIPS_evp_aes_128_ofb(void);
const EVP_CIPHER *FIPS_evp_aes_128_xts(void);
const EVP_CIPHER *FIPS_evp_aes_192_cbc(void);
const EVP_CIPHER *FIPS_evp_aes_192_ccm(void);
const EVP_CIPHER *FIPS_evp_aes_192_cfb1(void);
const EVP_CIPHER *FIPS_evp_aes_192_cfb128(void);
const EVP_CIPHER *FIPS_evp_aes_192_cfb8(void);
const EVP_CIPHER *FIPS_evp_aes_192_ctr(void);
const EVP_CIPHER *FIPS_evp_aes_192_ecb(void);
const EVP_CIPHER *FIPS_evp_aes_192_gcm(void);
const EVP_CIPHER *FIPS_evp_aes_192_ofb(void);
const EVP_CIPHER *FIPS_evp_aes_256_cbc(void);
const EVP_CIPHER *FIPS_evp_aes_256_ccm(void);
const EVP_CIPHER *FIPS_evp_aes_256_cfb1(void);
const EVP_CIPHER *FIPS_evp_aes_256_cfb128(void);
const EVP_CIPHER *FIPS_evp_aes_256_cfb8(void);
const EVP_CIPHER *FIPS_evp_aes_256_ctr(void);
const EVP_CIPHER *FIPS_evp_aes_256_ecb(void);
const EVP_CIPHER *FIPS_evp_aes_256_gcm(void);
const EVP_CIPHER *FIPS_evp_aes_256_ofb(void);
const EVP_CIPHER *FIPS_evp_aes_256_xts(void);
const EVP_CIPHER *FIPS_evp_des_ede(void);
const EVP_CIPHER *FIPS_evp_des_ede3(void);
const EVP_CIPHER *FIPS_evp_des_ede3_cbc(void);
const EVP_CIPHER *FIPS_evp_des_ede3_cfb1(void);
const EVP_CIPHER *FIPS_evp_des_ede3_cfb64(void);
const EVP_CIPHER *FIPS_evp_des_ede3_cfb8(void);
const EVP_CIPHER *FIPS_evp_des_ede3_ecb(void);
const EVP_CIPHER *FIPS_evp_des_ede3_ofb(void);
const EVP_CIPHER *FIPS_evp_des_ede_cbc(void);
const EVP_CIPHER *FIPS_evp_des_ede_cfb64(void);
const EVP_CIPHER *FIPS_evp_des_ede_ecb(void);
const EVP_CIPHER *FIPS_evp_des_ede_ofb(void);
const EVP_CIPHER *FIPS_evp_enc_null(void);
const EVP_MD *FIPS_evp_sha1(void);
const EVP_MD *FIPS_evp_sha224(void);
const EVP_MD *FIPS_evp_sha256(void);
const EVP_MD *FIPS_evp_sha384(void);
const EVP_MD *FIPS_evp_sha512(void);
const EVP_MD *FIPS_evp_dss1(void);
const EVP_MD *FIPS_evp_dss(void);
const EVP_MD *FIPS_evp_ecdsa(void);
const RSA_METHOD *FIPS_rsa_pkcs1_ssleay(void);
int FIPS_rsa_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
const struct dsa_method *FIPS_dsa_openssl(void);
int FIPS_dsa_generate_key(DSA *dsa);
int FIPS_dsa_generate_parameters_ex(DSA *dsa, int bits,
const unsigned char *seed,int seed_len,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
int fips_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
unsigned char *seed_out,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
const struct ec_method_st *fips_ec_gf2m_simple_method(void);
const struct ec_method_st *fips_ec_gfp_simple_method(void);
const struct ec_method_st *fips_ec_gfp_mont_method(void);
const struct ec_method_st *fips_ec_gfp_nist_method(void);
const struct ecdsa_method *FIPS_ecdsa_openssl(void);
const struct ecdh_method *FIPS_ecdh_openssl(void);
int FIPS_ec_key_generate_key(struct ec_key_st *key);
const struct dh_method *FIPS_dh_openssl(void);
int FIPS_dh_generate_parameters_ex(DH *dh, int prime_len,
int generator, BN_GENCB *cb);
int FIPS_cmac_init(struct CMAC_CTX_st *ctx, const void *key, size_t keylen,
const EVP_CIPHER *cipher, ENGINE *impl);
int FIPS_cmac_update(struct CMAC_CTX_st *ctx, const void *in, size_t dlen);
int FIPS_cmac_final(struct CMAC_CTX_st *ctx, unsigned char *out,
size_t *poutlen);
void FIPS_cmac_ctx_cleanup(struct CMAC_CTX_st *ctx);
void FIPS_hmac_ctx_cleanup(struct hmac_ctx_st *ctx);
int FIPS_hmac_init_ex(struct hmac_ctx_st *ctx, const void *key, int len,
const EVP_MD *md, ENGINE *impl);
int FIPS_hmac_update(struct hmac_ctx_st *ctx,
const unsigned char *data, size_t len);
int FIPS_hmac_final(struct hmac_ctx_st *ctx,
unsigned char *md, unsigned int *len);
#endif
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_FIPS_strings(void);
/* Error codes for the FIPS functions. */
/* Function codes. */
#define FIPS_F_DH_BUILTIN_GENPARAMS 100
#define FIPS_F_DH_INIT 148
#define FIPS_F_DRBG_RESEED 162
#define FIPS_F_DSA_BUILTIN_PARAMGEN 101
#define FIPS_F_DSA_BUILTIN_PARAMGEN2 102
#define FIPS_F_DSA_DO_SIGN 103
#define FIPS_F_DSA_DO_VERIFY 104
#define FIPS_F_ECDH_COMPUTE_KEY 163
#define FIPS_F_ECDSA_DO_SIGN 164
#define FIPS_F_ECDSA_DO_VERIFY 165
#define FIPS_F_EC_KEY_GENERATE_KEY 166
#define FIPS_F_FIPS_CHECK_DSA 105
#define FIPS_F_FIPS_CHECK_DSA_PRNG 151
#define FIPS_F_FIPS_CHECK_EC 106
#define FIPS_F_FIPS_CHECK_EC_PRNG 152
#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 107
#define FIPS_F_FIPS_CHECK_RSA 108
#define FIPS_F_FIPS_CHECK_RSA_PRNG 150
#define FIPS_F_FIPS_CIPHER 160
#define FIPS_F_FIPS_CIPHERINIT 109
#define FIPS_F_FIPS_CIPHER_CTX_CTRL 161
#define FIPS_F_FIPS_DIGESTFINAL 158
#define FIPS_F_FIPS_DIGESTINIT 110
#define FIPS_F_FIPS_DIGESTUPDATE 159
#define FIPS_F_FIPS_DRBG_BYTES 111
#define FIPS_F_FIPS_DRBG_CHECK 146
#define FIPS_F_FIPS_DRBG_CPRNG_TEST 112
#define FIPS_F_FIPS_DRBG_ERROR_CHECK 114
#define FIPS_F_FIPS_DRBG_GENERATE 113
#define FIPS_F_FIPS_DRBG_INIT 115
#define FIPS_F_FIPS_DRBG_INSTANTIATE 116
#define FIPS_F_FIPS_DRBG_NEW 117
#define FIPS_F_FIPS_DRBG_RESEED 118
#define FIPS_F_FIPS_DRBG_SINGLE_KAT 119
#define FIPS_F_FIPS_DSA_SIGN_DIGEST 154
#define FIPS_F_FIPS_DSA_VERIFY_DIGEST 155
#define FIPS_F_FIPS_GET_ENTROPY 147
#define FIPS_F_FIPS_MODULE_MODE_SET 120
#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 121
#define FIPS_F_FIPS_RAND_ADD 122
#define FIPS_F_FIPS_RAND_BYTES 123
#define FIPS_F_FIPS_RAND_PSEUDO_BYTES 124
#define FIPS_F_FIPS_RAND_SEED 125
#define FIPS_F_FIPS_RAND_SET_METHOD 126
#define FIPS_F_FIPS_RAND_STATUS 127
#define FIPS_F_FIPS_RSA_SIGN_DIGEST 156
#define FIPS_F_FIPS_RSA_VERIFY_DIGEST 157
#define FIPS_F_FIPS_SELFTEST_AES 128
#define FIPS_F_FIPS_SELFTEST_AES_CCM 145
#define FIPS_F_FIPS_SELFTEST_AES_GCM 129
#define FIPS_F_FIPS_SELFTEST_AES_XTS 144
#define FIPS_F_FIPS_SELFTEST_CMAC 130
#define FIPS_F_FIPS_SELFTEST_DES 131
#define FIPS_F_FIPS_SELFTEST_DSA 132
#define FIPS_F_FIPS_SELFTEST_ECDSA 133
#define FIPS_F_FIPS_SELFTEST_HMAC 134
#define FIPS_F_FIPS_SELFTEST_SHA1 135
#define FIPS_F_FIPS_SELFTEST_X931 136
#define FIPS_F_FIPS_SET_PRNG_KEY 153
#define FIPS_F_HASH_FINAL 137
#define FIPS_F_RSA_BUILTIN_KEYGEN 138
#define FIPS_F_RSA_EAY_INIT 149
#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 139
#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 140
#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 141
#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 142
#define FIPS_F_RSA_X931_GENERATE_KEY_EX 143
/* Reason codes. */
#define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED 150
#define FIPS_R_ADDITIONAL_INPUT_TOO_LONG 100
#define FIPS_R_ALREADY_INSTANTIATED 101
#define FIPS_R_AUTHENTICATION_FAILURE 151
#define FIPS_R_CONTRADICTING_EVIDENCE 102
#define FIPS_R_DRBG_NOT_INITIALISED 152
#define FIPS_R_DRBG_STUCK 103
#define FIPS_R_ENTROPY_ERROR_UNDETECTED 104
#define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105
#define FIPS_R_ENTROPY_SOURCE_STUCK 142
#define FIPS_R_ERROR_INITIALISING_DRBG 106
#define FIPS_R_ERROR_INSTANTIATING_DRBG 107
#define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 108
#define FIPS_R_ERROR_RETRIEVING_ENTROPY 109
#define FIPS_R_ERROR_RETRIEVING_NONCE 110
#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 111
#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 112
#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 113
#define FIPS_R_FIPS_MODE_ALREADY_SET 114
#define FIPS_R_FIPS_SELFTEST_FAILED 115
#define FIPS_R_FUNCTION_ERROR 116
#define FIPS_R_GENERATE_ERROR 117
#define FIPS_R_GENERATE_ERROR_UNDETECTED 118
#define FIPS_R_INSTANTIATE_ERROR 119
#define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 120
#define FIPS_R_INTERNAL_ERROR 121
#define FIPS_R_INVALID_KEY_LENGTH 122
#define FIPS_R_INVALID_PARAMETERS 144
#define FIPS_R_IN_ERROR_STATE 123
#define FIPS_R_KEY_TOO_SHORT 124
#define FIPS_R_NONCE_ERROR_UNDETECTED 149
#define FIPS_R_NON_FIPS_METHOD 125
#define FIPS_R_NOPR_TEST1_FAILURE 145
#define FIPS_R_NOPR_TEST2_FAILURE 146
#define FIPS_R_NOT_INSTANTIATED 126
#define FIPS_R_PAIRWISE_TEST_FAILED 127
#define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 128
#define FIPS_R_PERSONALISATION_STRING_TOO_LONG 129
#define FIPS_R_PRNG_STRENGTH_TOO_LOW 143
#define FIPS_R_PR_TEST1_FAILURE 147
#define FIPS_R_PR_TEST2_FAILURE 148
#define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 130
#define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 131
#define FIPS_R_RESEED_COUNTER_ERROR 132
#define FIPS_R_RESEED_ERROR 133
#define FIPS_R_SELFTEST_FAILED 134
#define FIPS_R_SELFTEST_FAILURE 135
#define FIPS_R_STRENGTH_ERROR_UNDETECTED 136
#define FIPS_R_TEST_FAILURE 137
#define FIPS_R_UNINSTANTIATE_ERROR 141
#define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138
#define FIPS_R_UNSUPPORTED_DRBG_TYPE 139
#define FIPS_R_UNSUPPORTED_PLATFORM 140
#ifdef __cplusplus
}
#endif
#endif

52
fips/fips_auth.in
View File

@ -1,52 +0,0 @@
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define FIPS_AUTH_KEY "etaonrishdlcupfm"
#define FIPS_AUTH_CRYPTO_OFFICER "7f92562d409c903322c0f94a1188ae8178339a4f"
#define FIPS_AUTH_CRYPTO_USER "cb6cbdaad26cd210a8b31a5d56a876ee1d51a96c"

240
fips/fips_canister.c
View File

@ -1,240 +0,0 @@
/* ====================================================================
* Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
* and usage in source and binary forms are granted according to the
* OpenSSL license.
*/
#include <stdio.h>
#if defined(__DECC)
# include <c_asm.h>
# pragma __nostandard
#endif
const void *FIPS_text_start(void);
const void *FIPS_text_end(void);
#include "e_os.h"
#if !defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
# if (defined(__sun) && (defined(__sparc) || defined(__sparcv9))) || \
(defined(__sgi) && (defined(__mips) || defined(mips))) || \
(defined(__osf__) && defined(__alpha)) || \
(defined(__linux) && (defined(__arm) || defined(__arm__))) || \
(defined(__i386) || defined(__i386__)) || \
(defined(__x86_64) || defined(__x86_64__)) || \
(defined(vax) || defined(__vax__))
# define POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION
# endif
#endif
#if !defined(FIPS_REF_POINT_IS_CROSS_COMPILER_AWARE)
# if (defined(__ANDROID__) && (defined(__arm__) || defined(__arm) || \
defined(__i386__)|| defined(__i386))) || \
(defined(__vxworks) && (defined(__ppc__) || defined(__ppc) || \
defined(__mips__)|| defined(__mips))) || \
(defined(__linux) && ((defined(__PPC__) && !defined(__PPC64__)) || \
defined(__arm__) || defined(__arm))) || \
(defined(__APPLE__) /* verified on all MacOS X & iOS flavors */)|| \
(defined(_WIN32) && defined(_MSC_VER))
# define FIPS_REF_POINT_IS_CROSS_COMPILER_AWARE
# endif
#endif
#if defined(__xlC__) && __xlC__>=0x600 && (defined(_POWER) || defined(_ARCH_PPC))
static void *instruction_pointer_xlc(void);
# pragma mc_func instruction_pointer_xlc {\
"7c0802a6" /* mflr r0 */ \
"48000005" /* bl $+4 */ \
"7c6802a6" /* mflr r3 */ \
"7c0803a6" /* mtlr r0 */ }
# pragma reg_killed_by instruction_pointer_xlc gr0 gr3
# define INSTRUCTION_POINTER_IMPLEMENTED(ret) (ret=instruction_pointer_xlc());
#endif
#ifdef FIPS_START
# define FIPS_ref_point FIPS_text_start
# ifdef FIPS_REF_POINT_IS_CROSS_COMPILER_AWARE
# define instruction_pointer FIPS_text_startX
# endif
/* Some compilers put string literals into a separate segment. As we
* are mostly interested to hash AES tables in .rodata, we declare
* reference points accordingly. In case you wonder, the values are
* big-endian encoded variable names, just to prevent these arrays
* from being merged by linker. */
# if defined(_MSC_VER)
# pragma code_seg("fipstx")
# pragma code_seg()
__declspec(allocate("fipstx"))
const unsigned int FIPS_text_startX[]=
{ 0x46495053, 0x5f746578, 0x745f7374, 0x61727458 };
# pragma const_seg("fipsro$a")
# pragma const_seg()
__declspec(allocate("fipsro$a"))
# endif
const unsigned int FIPS_rodata_start[]=
{ 0x46495053, 0x5f726f64, 0x6174615f, 0x73746172 };
#else
# define FIPS_ref_point FIPS_text_end
# ifdef FIPS_REF_POINT_IS_CROSS_COMPILER_AWARE
# define instruction_pointer FIPS_text_endX
# endif
# if defined(_MSC_VER)
# pragma code_seg("fipstx$z")
# pragma code_seg()
__declspec(allocate("fipstx$z"))
const unsigned int FIPS_text_endX[]=
{ 0x46495053, 0x5f746578, 0x745f656e, 0x64585b5d };
# pragma const_seg("fipsro$z")
# pragma const_seg()
__declspec(allocate("fipsro$z"))
# endif
const unsigned int FIPS_rodata_end[]=
{ 0x46495053, 0x5f726f64, 0x6174615f, 0x656e645b };
#endif
#if !defined(_MSC_VER) || !defined(instruction_pointer)
/*
* I declare reference function as static in order to avoid certain
* pitfalls in -dynamic linker behaviour...
*/
static void *instruction_pointer(void)
{ void *ret=NULL;
/* These are ABI-neutral CPU-specific snippets. ABI-neutrality means
* that they are designed to work under any OS running on particular
* CPU, which is why you don't find any #ifdef THIS_OR_THAT_OS in
* this function. */
#if defined(INSTRUCTION_POINTER_IMPLEMENTED)
INSTRUCTION_POINTER_IMPLEMENTED(ret);
#elif defined(__GNUC__) && __GNUC__>=2
# if defined(__alpha) || defined(__alpha__)
# define INSTRUCTION_POINTER_IMPLEMENTED
__asm __volatile ( "br %0,1f\n1:" : "=r"(ret) );
# elif defined(__i386) || defined(__i386__)
# define INSTRUCTION_POINTER_IMPLEMENTED
__asm __volatile ( "call 1f\n1: popl %0" : "=r"(ret) );
ret = (void *)((size_t)ret&~3UL); /* align for better performance */
# elif defined(__ia64) || defined(__ia64__)
# define INSTRUCTION_POINTER_IMPLEMENTED
__asm __volatile ( "mov %0=ip" : "=r"(ret) );
# elif defined(__hppa) || defined(__hppa__) || defined(__pa_risc)
# define INSTRUCTION_POINTER_IMPLEMENTED
__asm __volatile ( "blr %%r0,%0\n\tnop" : "=r"(ret) );
ret = (void *)((size_t)ret&~3UL); /* mask privilege level */
# elif defined(__mips) || defined(__mips__)
# define INSTRUCTION_POINTER_IMPLEMENTED
void *scratch;
__asm __volatile ( "move %1,$31\n\t" /* save ra */
"bal .+8; nop\n\t"
"move %0,$31\n\t"
"move $31,%1" /* restore ra */
: "=r"(ret),"=r"(scratch) );
# elif defined(__ppc__) || defined(__ppc) || \
defined(__powerpc) || defined(__powerpc__) || \
defined(__POWERPC__) || defined(_POWER) || defined(__PPC__) || \
defined(__PPC64__) || defined(__ppc64__) || defined(__powerpc64__)
# define INSTRUCTION_POINTER_IMPLEMENTED
void *scratch;
__asm __volatile ( "mfspr %1,8\n\t" /* save lr */
"bl $+4\n\t"
"mfspr %0,8\n\t" /* mflr ret */
"mtspr 8,%1" /* restore lr */
: "=r"(ret),"=r"(scratch) );
# elif defined(__s390__) || defined(__s390x__)
# define INSTRUCTION_POINTER_IMPLEMENTED
__asm __volatile ( "bras %0,1f\n1:" : "=r"(ret) );
ret = (void *)((size_t)ret&~3UL);
# elif defined(__sparc) || defined(__sparc__) || defined(__sparcv9)
# define INSTRUCTION_POINTER_IMPLEMENTED
void *scratch;
__asm __volatile ( "mov %%o7,%1\n\t"
"call .+8; nop\n\t"
"mov %%o7,%0\n\t"
"mov %1,%%o7"
: "=r"(ret),"=r"(scratch) );
# elif defined(__x86_64) || defined(__x86_64__)
# define INSTRUCTION_POINTER_IMPLEMENTED
__asm __volatile ( "leaq 0(%%rip),%0" : "=r"(ret) );
ret = (void *)((size_t)ret&~3UL); /* align for better performance */
# elif defined(__arm) || defined(__arm__)
# define INSTRUCTION_POINTER_IMPLEMENTED
__asm __volatile ( "sub %0,pc,#8" : "=r"(ret) );
# endif
#elif defined(__DECC) && defined(__alpha)
# define INSTRUCTION_POINTER_IMPLEMENTED
ret = (void *)(size_t)asm("br %v0,1f\n1:");
#elif defined(_MSC_VER) && defined(_M_IX86)
# define INSTRUCTION_POINTER_IMPLEMENTED
void *scratch;
_asm {
call self
self: pop eax
mov scratch,eax
}
ret = (void *)((size_t)scratch&~3UL);
#endif
return ret;
}
#endif
/*
* This function returns pointer to an instruction in the vicinity of
* its entry point, but not outside this object module. This guarantees
* that sequestered code is covered...
*/
const void *FIPS_ref_point()
{
#if defined(FIPS_REF_POINT_IS_CROSS_COMPILER_AWARE)
# if defined(__thumb__) || defined(__thumb)
return (void *)((size_t)instruction_pointer&~1);
# else
return (void *)instruction_pointer;
# endif
#elif defined(INSTRUCTION_POINTER_IMPLEMENTED)
return instruction_pointer();
/* Below we essentially cover vendor compilers which do not support
* inline assembler... */
#elif defined(_AIX)
struct { void *ip,*gp,*env; } *p = (void *)instruction_pointer;
return p->ip;
#elif defined(_HPUX_SOURCE)
# if defined(__hppa) || defined(__hppa__)
struct { void *i[4]; } *p = (void *)FIPS_ref_point;
if (sizeof(p) == 8) /* 64-bit */
return p->i[2];
else if ((size_t)p & 2)
{ p = (void *)((size_t)p&~3UL);
return p->i[0];
}
else
return (void *)p;
# elif defined(__ia64) || defined(__ia64__)
struct { unsigned long long ip,gp; } *p=(void *)instruction_pointer;
return (void *)(size_t)p->ip;
# endif
#elif (defined(__VMS) || defined(VMS)) && !(defined(vax) || defined(__vax__))
/* applies to both alpha and ia64 */
struct { unsigned __int64 opaque,ip; } *p=(void *)instruction_pointer;
return (void *)(size_t)p->ip;
#elif defined(__VOS__)
/* applies to both pa-risc and ia32 */
struct { void *dp,*ip,*gp; } *p = (void *)instruction_pointer;
return p->ip;
#elif defined(_WIN32)
# if defined(_WIN64) && defined(_M_IA64)
struct { void *ip,*gp; } *p = (void *)FIPS_ref_point;
return p->ip;
# else
return (void *)FIPS_ref_point;
# endif
/*
* In case you wonder why there is no #ifdef __linux. All Linux targets
* are GCC-based and therefore are covered by instruction_pointer above
* [well, some are covered by by the one below]...
*/
#elif defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
return (void *)instruction_pointer;
#else
return NULL;
#endif
}

76
fips/fips_locl.h
View File

@ -1,76 +0,0 @@
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifdef OPENSSL_FIPS
#ifdef __cplusplus
extern "C" {
#endif
#define FIPS_MAX_CIPHER_TEST_SIZE 32
#define fips_load_key_component(key, comp, pre) \
key->comp = BN_bin2bn(pre##_##comp, sizeof(pre##_##comp), key->comp); \
if (!key->comp) \
goto err
int fips_post_begin(void);
void fips_post_end(void);
int fips_post_started(int id, int subid, void *ex);
int fips_post_success(int id, int subid, void *ex);
int fips_post_failed(int id, int subid, void *ex);
int fips_post_corrupt(int id, int subid, void *ex);
int fips_post_status(void);
#define FIPS_MODULE_VERSION_NUMBER 0x20000000L
#define FIPS_MODULE_VERSION_TEXT "FIPS 2.0-dev unvalidated test module xx XXX xxxx"
#ifdef __cplusplus
}
#endif
#endif

387
fips/fips_post.c
View File

@ -1,387 +0,0 @@
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define OPENSSL_FIPSAPI
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/fips_rand.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#include <openssl/hmac.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/ecdsa.h>
#include <string.h>
#include <limits.h>
#ifdef OPENSSL_FIPS
/* Power on self test (POST) support functions */
#include <openssl/fips.h>
#include "fips_locl.h"
/* POST notification callback */
int (*fips_post_cb)(int op, int id, int subid, void *ex);
void FIPS_post_set_callback(
int (*post_cb)(int op, int id, int subid, void *ex))
{
fips_post_cb = post_cb;
}
/* POST status: i.e. status of all tests */
#define FIPS_POST_STATUS_NOT_STARTED 0
#define FIPS_POST_STATUS_OK 1
#define FIPS_POST_STATUS_RUNNING 2
#define FIPS_POST_STATUS_FAILED -1
static int post_status = 0;
/* Set to 1 if any test failed */
static int post_failure = 0;
/* All tests started */
int fips_post_begin(void)
{
post_failure = 0;
post_status = FIPS_POST_STATUS_NOT_STARTED;
if (fips_post_cb)
if (!fips_post_cb(FIPS_POST_BEGIN, 0, 0, NULL))
return 0;
post_status = FIPS_POST_STATUS_RUNNING;
return 1;
}
void fips_post_end(void)
{
if (post_failure)
{
post_status = FIPS_POST_STATUS_FAILED;
if(fips_post_cb)
fips_post_cb(FIPS_POST_END, 0, 0, NULL);
}
else
{
post_status = FIPS_POST_STATUS_OK;
if (fips_post_cb)
fips_post_cb(FIPS_POST_END, 1, 0, NULL);
}
}
/* A self test started */
int fips_post_started(int id, int subid, void *ex)
{
if (fips_post_cb)
return fips_post_cb(FIPS_POST_STARTED, id, subid, ex);
return 1;
}
/* A self test passed successfully */
int fips_post_success(int id, int subid, void *ex)
{
if (fips_post_cb)
return fips_post_cb(FIPS_POST_SUCCESS, id, subid, ex);
return 1;
}
/* A self test failed */
int fips_post_failed(int id, int subid, void *ex)
{
post_failure = 1;
if (fips_post_cb)
return fips_post_cb(FIPS_POST_FAIL, id, subid, ex);
return 1;
}
/* Indicate if a self test failure should be induced */
int fips_post_corrupt(int id, int subid, void *ex)
{
if (fips_post_cb)
return fips_post_cb(FIPS_POST_CORRUPT, id, subid, ex);
return 1;
}
/* Note: if selftests running return status OK so their operation is
* not interrupted. This will only happen while selftests are actually
* running so will not interfere with normal operation.
*/
int fips_post_status(void)
{
return post_status > 0 ? 1 : 0;
}
/* Run all selftests */
int FIPS_selftest(void)
{
int rv = 1;
fips_post_begin();
if(!FIPS_check_incore_fingerprint())
rv = 0;
if (!FIPS_selftest_drbg())
rv = 0;
if (!FIPS_selftest_x931())
rv = 0;
if (!FIPS_selftest_sha1())
rv = 0;
if (!FIPS_selftest_hmac())
rv = 0;
if (!FIPS_selftest_cmac())
rv = 0;
if (!FIPS_selftest_aes())
rv = 0;
if (!FIPS_selftest_aes_ccm())
rv = 0;
if (!FIPS_selftest_aes_gcm())
rv = 0;
if (!FIPS_selftest_aes_xts())
rv = 0;
if (!FIPS_selftest_des())
rv = 0;
if (!FIPS_selftest_rsa())
rv = 0;
if (!FIPS_selftest_ecdsa())
rv = 0;
if (!FIPS_selftest_dsa())
rv = 0;
if (!FIPS_selftest_ecdh())
rv = 0;
fips_post_end();
return rv;
}
/* Generalized public key test routine. Signs and verifies the data
* supplied in tbs using mesage digest md and setting RSA padding mode
* pad_mode. If the 'kat' parameter is not NULL it will
* additionally check the signature matches it: a known answer test
* The string "fail_str" is used for identification purposes in case
* of failure. If "pkey" is NULL just perform a message digest check.
*/
int fips_pkey_signature_test(int id, EVP_PKEY *pkey,
const unsigned char *tbs, size_t tbslen,
const unsigned char *kat, size_t katlen,
const EVP_MD *digest, int pad_mode,
const char *fail_str)
{
int subid;
int ret = 0;
unsigned char *sig = NULL;
unsigned int siglen;
__fips_constseg
static const unsigned char str1[]="12345678901234567890";
DSA_SIG *dsig = NULL;
ECDSA_SIG *esig = NULL;
EVP_MD_CTX mctx;
FIPS_md_ctx_init(&mctx);
if (tbs == NULL)
tbs = str1;
if (tbslen == 0)
tbslen = strlen((char *)tbs);
if (digest == NULL)
digest = EVP_sha256();
subid = M_EVP_MD_type(digest);
if (!fips_post_started(id, subid, pkey))
return 1;
if (!pkey || pkey->type == EVP_PKEY_RSA)
{
size_t sigsize;
if (!pkey)
sigsize = EVP_MAX_MD_SIZE;
else
sigsize = RSA_size(pkey->pkey.rsa);
sig = OPENSSL_malloc(sigsize);
if (!sig)
{
FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,ERR_R_MALLOC_FAILURE);
goto error;
}
}
if (!FIPS_digestinit(&mctx, digest))
goto error;
if (!FIPS_digestupdate(&mctx, tbs, tbslen))
goto error;
if (!fips_post_corrupt(id, subid, pkey))
{
if (!FIPS_digestupdate(&mctx, tbs, 1))
goto error;
}
if (pkey == NULL)
{
if (!FIPS_digestfinal(&mctx, sig, &siglen))
goto error;
}
else if (pkey->type == EVP_PKEY_RSA)
{
if (!FIPS_rsa_sign_ctx(pkey->pkey.rsa, &mctx,
pad_mode, 0, NULL, sig, &siglen))
goto error;
}
else if (pkey->type == EVP_PKEY_DSA)
{
dsig = FIPS_dsa_sign_ctx(pkey->pkey.dsa, &mctx);
if (!dsig)
goto error;
}
else if (pkey->type == EVP_PKEY_EC)
{
esig = FIPS_ecdsa_sign_ctx(pkey->pkey.ec, &mctx);
if (!esig)
goto error;
}
if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen)))
goto error;
#if 0
{
/* Debug code to print out self test KAT discrepancies */
unsigned int i;
fprintf(stderr, "%s=", fail_str);
for (i = 0; i < siglen; i++)
fprintf(stderr, "%02X", sig[i]);
fprintf(stderr, "\n");
goto error;
}
#endif
/* If just digest test we've finished */
if (pkey == NULL)
{
ret = 1;
/* Well actually success as we've set ret to 1 */
goto error;
}
if (!FIPS_digestinit(&mctx, digest))
goto error;
if (!FIPS_digestupdate(&mctx, tbs, tbslen))
goto error;
if (pkey->type == EVP_PKEY_RSA)
{
ret = FIPS_rsa_verify_ctx(pkey->pkey.rsa, &mctx,
pad_mode, 0, NULL, sig, siglen);
}
else if (pkey->type == EVP_PKEY_DSA)
{
ret = FIPS_dsa_verify_ctx(pkey->pkey.dsa, &mctx, dsig);
}
else if (pkey->type == EVP_PKEY_EC)
{
ret = FIPS_ecdsa_verify_ctx(pkey->pkey.ec, &mctx, esig);
}
error:
if (dsig != NULL)
FIPS_dsa_sig_free(dsig);
if (esig != NULL)
FIPS_ecdsa_sig_free(esig);
if (sig)
OPENSSL_free(sig);
FIPS_md_ctx_cleanup(&mctx);
if (ret != 1)
{
FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,FIPS_R_TEST_FAILURE);
if (fail_str)
FIPS_add_error_data(2, "Type=", fail_str);
fips_post_failed(id, subid, pkey);
return 0;
}
return fips_post_success(id, subid, pkey);
}
/* Generalized symmetric cipher test routine. Encrypt data, verify result
* against known answer, decrypt and compare with original plaintext.
*/
int fips_cipher_test(int id, EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
const unsigned char *key,
const unsigned char *iv,
const unsigned char *plaintext,
const unsigned char *ciphertext,
int len)
{
unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
int subid = M_EVP_CIPHER_nid(cipher);
int rv = 0;
OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
memset(pltmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
memset(citmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
if (!fips_post_started(id, subid, NULL))
return 1;
if (FIPS_cipherinit(ctx, cipher, key, iv, 1) <= 0)
goto error;
if (!FIPS_cipher(ctx, citmp, plaintext, len))
goto error;
if (memcmp(citmp, ciphertext, len))
goto error;
if (!fips_post_corrupt(id, subid, NULL))
citmp[0] ^= 0x1;
if (FIPS_cipherinit(ctx, cipher, key, iv, 0) <= 0)
goto error;
FIPS_cipher(ctx, pltmp, citmp, len);
if (memcmp(pltmp, plaintext, len))
goto error;
rv = 1;
error:
if (rv == 0)
{
fips_post_failed(id, subid, NULL);
return 0;
}
return fips_post_success(id, subid, NULL);
}
#endif

181
fips/fips_premain.c
View File

@ -1,181 +0,0 @@
/* ====================================================================
* Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
* and usage in source and binary forms are granted according to the
* OpenSSL license.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#if defined(__unix) || defined(__unix__) || defined(__vxworks) || defined(__ANDROID__) || defined(__APPLE__)
#include <unistd.h>
#endif
#ifndef FINGERPRINT_PREMAIN_DSO_LOAD
#if defined(__GNUC__) && __GNUC__>=2
void FINGERPRINT_premain(void) __attribute__((constructor));
/* Most commonly this results in pointer to premain to be dropped
* to .ctors segment, which is traversed by GCC crtbegin.o upon
* program startup. Except on a.out OpenBSD where it results in
* _GLOBAL_$I$premain() {premain();} being auto-generated by
* compiler... But one way or another this is believed to cover
* *all* GCC targets. */
#elif defined(_MSC_VER)
# ifdef _WINDLL
__declspec(dllexport) /* this is essentially cosmetics... */
# endif
void FINGERPRINT_premain(void);
static int premain_wrapper(void) { FINGERPRINT_premain(); return 0; }
# ifdef _WIN64
# pragma section(".CRT$XCU",read)
__declspec(allocate(".CRT$XCU"))
# else
# pragma data_seg(".CRT$XCU")
# endif
static int (*p)(void) = premain_wrapper;
/* This results in pointer to premain to appear in .CRT segment,
* which is traversed by Visual C run-time initialization code.
* This applies to both Win32 and [all flavors of] Win64. */
# pragma data_seg()
#elif defined(__SUNPRO_C)
void FINGERPRINT_premain(void);
# pragma init(FINGERPRINT_premain)
/* This results in a call to premain to appear in .init segment. */
#elif defined(__DECC) && (defined(__VMS) || defined(VMS))
void FINGERPRINT_premain(void);
# pragma __nostandard
globaldef { "LIB$INITIALIZ" } readonly _align (LONGWORD)
int spare[8] = {0};
globaldef { "LIB$INITIALIZE" } readonly _align (LONGWORD)
void (*x_FINGERPRINT_premain)(void) = FINGERPRINT_premain;
/* Refer to LIB$INITIALIZE to ensure it exists in the image. */
int lib$initialize();
globaldef int (*lib_init_ref)() = lib$initialize;
# pragma __standard
#elif 0
The rest has to be taken care of through command line:
-Wl,-init,FINGERPRINT_premain on OSF1 and IRIX
-Wl,+init,FINGERPRINT_premain on HP-UX
-Wl,-binitfini:FINGERPRINT_premain on AIX
On ELF platforms this results in a call to premain to appear in
.init segment...
#endif
#ifndef HMAC_SHA1_SIG
#define HMAC_SHA1_SIG "?have to make sure this string is unique"
#endif
#if defined(_MSC_VER)
# pragma const_seg("fipsro")
# pragma const_seg()
__declspec(allocate("fipsro"))
#endif
static const unsigned char FINGERPRINT_ascii_value[41] = HMAC_SHA1_SIG;
#define atox(c) ((c)>='a'?((c)-'a'+10):((c)>='A'?(c)-'A'+10:(c)-'0'))
extern const void *FIPS_text_start(), *FIPS_text_end();
extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
extern unsigned char FIPS_signature[20];
extern unsigned int FIPS_incore_fingerprint(unsigned char *,unsigned int);
/*
* As name suggests this code is executed prior main(). We use this
* opportunity to fingerprint sequestered code in virtual address
* space of target application.
*/
void FINGERPRINT_premain(void)
{ unsigned char sig[sizeof(FIPS_signature)];
const unsigned char * volatile p=FINGERPRINT_ascii_value;
unsigned int len=sizeof(sig),i;
/* "volatilization" is done to disengage unwanted optimization... */
if (*((volatile unsigned char *)p)=='?')
{ if (FIPS_text_start()==NULL)
{ fprintf(stderr,"FIPS_text_start() returns NULL\n");
_exit(1);
}
#if defined(DEBUG_FINGERPRINT_PREMAIN)
fprintf(stderr,".text:%p+%d=%p\n",FIPS_text_start(),
(int)((size_t)FIPS_text_end()-(size_t)FIPS_text_start()),
FIPS_text_end());
fprintf(stderr,".rodata:%p+%d=%p\n",FIPS_rodata_start,
(int)((size_t)FIPS_rodata_end-(size_t)FIPS_rodata_start),
FIPS_rodata_end);
#endif
len=FIPS_incore_fingerprint(sig,sizeof(sig));
if (len!=sizeof(sig))
{ fprintf(stderr,"fingerprint length mismatch: %u\n",len);
_exit(1);
}
for (i=0;i<len;i++) printf("%02x",sig[i]);
printf("\n");
fflush(stdout);
_exit(0);
}
else if (FIPS_signature[0]=='\0') do
{ for (i=0;i<sizeof(FIPS_signature);i++,p+=2)
FIPS_signature[i] = (atox(p[0])<<4)|atox(p[1]);
#if defined(DEBUG_FINGERPRINT_PREMAIN)
if (getenv("OPENSSL_FIPS")==NULL) break;
len=FIPS_incore_fingerprint(sig,sizeof(sig));
if (memcmp(FIPS_signature,sig,sizeof(FIPS_signature)))
{ fprintf(stderr,"FINGERPRINT_premain: FIPS_signature mismatch\n");
_exit(1);
}
#endif
} while(0);
}
#else
#include <openssl/bio.h>
#include <openssl/dso.h>
#include <openssl/err.h>
int main(int argc,char *argv[])
{ DSO *dso;
DSO_FUNC_TYPE func;
BIO *bio_err;
if (argc < 2)
{ fprintf (stderr,"usage: %s libcrypto.dso\n",argv[0]);
return 1;
}
if ((bio_err=BIO_new(BIO_s_file())) == NULL)
{ fprintf (stderr,"unable to allocate BIO\n");
return 1;
}
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
ERR_load_crypto_strings();
dso = DSO_load(NULL,argv[1],NULL,DSO_FLAG_NO_NAME_TRANSLATION);
if (dso == NULL)
{ ERR_print_errors(bio_err);
return 1;
}
/* This is not normally reached, because FINGERPRINT_premain should
* have executed and terminated application already upon DSO_load... */
func = DSO_bind_func(dso,"FINGERPRINT_premain");
if (func == NULL)
{ ERR_print_errors(bio_err);
return 1;
}
(*func)();
return 0;
}
#endif

1
fips/fips_premain.c.sha1
View File

@ -1 +0,0 @@
HMAC-SHA1(fips_premain.c)= 1eaf66f76187877ff403708a2948d240f92736a0

1574
fips/fips_test_suite.c
View File

File diff suppressed because it is too large Load Diff

494
fips/fips_utl.h
View File

@ -1,494 +0,0 @@
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef FIPS_UTL_H
#define FIPS_UTL_H
#define OPENSSL_FIPSAPI
#include <openssl/fips_rand.h>
#include <openssl/objects.h>
#ifdef OPENSSL_SYS_WIN32
#define RESP_EOL "\n"
#else
#define RESP_EOL "\r\n"
#endif
#ifndef FIPS_AUTH_OFFICER_PASS
#define FIPS_AUTH_OFFICER_PASS "Default FIPS Crypto Officer Password"
#endif
#ifndef FIPS_AUTH_USER_PASS
#define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password"
#endif
int hex2bin(const char *in, unsigned char *out);
unsigned char *hex2bin_m(const char *in, long *plen);
int do_hex2bn(BIGNUM **pr, const char *in);
int do_bn_print(FILE *out, const BIGNUM *bn);
int do_bn_print_name(FILE *out, const char *name, const BIGNUM *bn);
int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf);
int parse_line2(char **pkw, char **pval, char *linebuf, char *olinebuf, int eol);
BIGNUM *hex2bn(const char *in);
int tidy_line(char *linebuf, char *olinebuf);
int copy_line(const char *in, FILE *ofp);
int bint2bin(const char *in, int len, unsigned char *out);
int bin2bint(const unsigned char *in,int len,char *out);
void PrintValue(char *tag, unsigned char *val, int len);
void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode);
void fips_algtest_init(void);
void do_entropy_stick(void);
int fips_strncasecmp(const char *str1, const char *str2, size_t n);
int fips_strcasecmp(const char *str1, const char *str2);
static int no_err;
static void put_err_cb(int lib, int func,int reason,const char *file,int line)
{
if (no_err)
return;
fprintf(stderr, "ERROR:%08lX:lib=%d,func=%d,reason=%d"
":file=%s:line=%d\n",
ERR_PACK(lib, func, reason),
lib, func, reason, file, line);
}
static void add_err_cb(int num, va_list args)
{
int i;
char *str;
if (no_err)
return;
fputs("\t", stderr);
for (i = 0; i < num; i++)
{
str = va_arg(args, char *);
if (str)
fputs(str, stderr);
}
fputs("\n", stderr);
}
/* Dummy Entropy to keep DRBG happy. WARNING: THIS IS TOTALLY BOGUS
* HAS ZERO SECURITY AND MUST NOT BE USED IN REAL APPLICATIONS.
*/
static unsigned char dummy_entropy[1024];
static size_t dummy_cb(DRBG_CTX *ctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len)
{
*pout = dummy_entropy;
return min_len;
}
static int entropy_stick = 0;
static void fips_algtest_init_nofips(void)
{
DRBG_CTX *ctx;
size_t i;
FIPS_set_error_callbacks(put_err_cb, add_err_cb);
for (i = 0; i < sizeof(dummy_entropy); i++)
dummy_entropy[i] = i & 0xff;
if (entropy_stick)
memcpy(dummy_entropy + 32, dummy_entropy + 16, 16);
ctx = FIPS_get_default_drbg();
FIPS_drbg_init(ctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF);
FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, 16, dummy_cb, 0);
FIPS_drbg_instantiate(ctx, dummy_entropy, 10);
FIPS_rand_set_method(FIPS_drbg_method());
}
void do_entropy_stick(void)
{
entropy_stick = 1;
}
void fips_algtest_init(void)
{
fips_algtest_init_nofips();
if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
{
fprintf(stderr, "Error entering FIPS mode\n");
exit(1);
}
}
int hex2bin(const char *in, unsigned char *out)
{
int n1, n2, isodd = 0;
unsigned char ch;
n1 = strlen(in);
if (in[n1 - 1] == '\n')
n1--;
if (n1 & 1)
isodd = 1;
for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
{ /* first byte */
if ((in[n1] >= '0') && (in[n1] <= '9'))
ch = in[n1++] - '0';
else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
ch = in[n1++] - 'A' + 10;
else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
ch = in[n1++] - 'a' + 10;
else
return -1;
if(!in[n1])
{
out[n2++]=ch;
break;
}
/* If input is odd length first digit is least significant: assumes
* all digits valid hex and null terminated which is true for the
* strings we pass.
*/
if (n1 == 1 && isodd)
{
out[n2++] = ch;
continue;
}
out[n2] = ch << 4;
/* second byte */
if ((in[n1] >= '0') && (in[n1] <= '9'))
ch = in[n1++] - '0';
else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
ch = in[n1++] - 'A' + 10;
else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
ch = in[n1++] - 'a' + 10;
else
return -1;
out[n2++] |= ch;
}
return n2;
}
unsigned char *hex2bin_m(const char *in, long *plen)
{
unsigned char *p;
if (strlen(in) == 0)
{
*plen = 0;
return OPENSSL_malloc(1);
}
p = OPENSSL_malloc((strlen(in) + 1)/2);
*plen = hex2bin(in, p);
return p;
}
int do_hex2bn(BIGNUM **pr, const char *in)
{
unsigned char *p;
long plen;
int r = 0;
p = hex2bin_m(in, &plen);
if (!p)
return 0;
if (!*pr)
*pr = BN_new();
if (!*pr)
return 0;
if (BN_bin2bn(p, plen, *pr))
r = 1;
OPENSSL_free(p);
return r;
}
int do_bn_print(FILE *out, const BIGNUM *bn)
{
int len, i;
unsigned char *tmp;
len = BN_num_bytes(bn);
if (len == 0)
{
fputs("00", out);
return 1;
}
tmp = OPENSSL_malloc(len);
if (!tmp)
{
fprintf(stderr, "Memory allocation error\n");
return 0;
}
BN_bn2bin(bn, tmp);
for (i = 0; i < len; i++)
fprintf(out, "%02x", tmp[i]);
OPENSSL_free(tmp);
return 1;
}
int do_bn_print_name(FILE *out, const char *name, const BIGNUM *bn)
{
int r;
fprintf(out, "%s = ", name);
r = do_bn_print(out, bn);
if (!r)
return 0;
fputs(RESP_EOL, out);
return 1;
}
int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf)
{
return parse_line2(pkw, pval, linebuf, olinebuf, 1);
}
int parse_line2(char **pkw, char **pval, char *linebuf, char *olinebuf, int eol)
{
char *keyword, *value, *p, *q;
strcpy(linebuf, olinebuf);
keyword = linebuf;
/* Skip leading space */
while (isspace((unsigned char)*keyword))
keyword++;
/* Look for = sign */
p = strchr(linebuf, '=');
/* If no '=' exit */
if (!p)
return 0;
q = p - 1;
/* Remove trailing space */
while (isspace((unsigned char)*q))
*q-- = 0;
*p = 0;
value = p + 1;
/* Remove leading space from value */
while (isspace((unsigned char)*value))
value++;
/* Remove trailing space from value */
p = value + strlen(value) - 1;
if (eol && *p != '\n')
fprintf(stderr, "Warning: missing EOL\n");
while (*p == '\n' || isspace((unsigned char)*p))
*p-- = 0;
*pkw = keyword;
*pval = value;
return 1;
}
BIGNUM *hex2bn(const char *in)
{
BIGNUM *p=NULL;
if (!do_hex2bn(&p, in))
return NULL;
return p;
}
/* To avoid extensive changes to test program at this stage just convert
* the input line into an acceptable form. Keyword lines converted to form
* "keyword = value\n" no matter what white space present, all other lines
* just have leading and trailing space removed.
*/
int tidy_line(char *linebuf, char *olinebuf)
{
char *keyword, *value, *p, *q;
strcpy(linebuf, olinebuf);
keyword = linebuf;
/* Skip leading space */
while (isspace((unsigned char)*keyword))
keyword++;
/* Look for = sign */
p = strchr(linebuf, '=');
/* If no '=' just chop leading, trailing ws */
if (!p)
{
p = keyword + strlen(keyword) - 1;
while (*p == '\n' || isspace((unsigned char)*p))
*p-- = 0;
strcpy(olinebuf, keyword);
strcat(olinebuf, "\n");
return 1;
}
q = p - 1;
/* Remove trailing space */
while (isspace((unsigned char)*q))
*q-- = 0;
*p = 0;
value = p + 1;
/* Remove leading space from value */
while (isspace((unsigned char)*value))
value++;
/* Remove trailing space from value */
p = value + strlen(value) - 1;
while (*p == '\n' || isspace((unsigned char)*p))
*p-- = 0;
strcpy(olinebuf, keyword);
strcat(olinebuf, " = ");
strcat(olinebuf, value);
strcat(olinebuf, "\n");
return 1;
}
/* Copy supplied line to ofp replacing \n with \r\n */
int copy_line(const char *in, FILE *ofp)
{
const char *p;
p = strchr(in, '\n');
if (p)
{
fwrite(in, 1, (size_t)(p - in), ofp);
fputs(RESP_EOL, ofp);
}
else
fputs(in, ofp);
return 1;
}
/* NB: this return the number of _bits_ read */
int bint2bin(const char *in, int len, unsigned char *out)
{
int n;
memset(out,0,len);
for(n=0 ; n < len ; ++n)
if(in[n] == '1')
out[n/8]|=(0x80 >> (n%8));
return len;
}
int bin2bint(const unsigned char *in,int len,char *out)
{
int n;
for(n=0 ; n < len ; ++n)
out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
return n;
}
/*-----------------------------------------------*/
void PrintValue(char *tag, unsigned char *val, int len)
{
#ifdef VERBOSE
OutputValue(tag, val, len, stdout, 0);
#endif
}
void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
{
char obuf[2048];
int olen;
if(bitmode)
{
olen=bin2bint(val,len,obuf);
fprintf(rfp, "%s = %.*s" RESP_EOL, tag, olen, obuf);
}
else
{
int i;
fprintf(rfp, "%s = ", tag);
for (i = 0; i < len; i++)
fprintf(rfp, "%02x", val[i]);
fputs(RESP_EOL, rfp);
}
#if VERBOSE
printf("%s = %.*s\n", tag, olen, obuf);
#endif
}
/* Not all platforms support strcasecmp and strncasecmp: implement versions
* in here to avoid need to include them in the validated module. Taken
* from crypto/o_str.c written by Richard Levitte (richard@levitte.org)
*/
int fips_strncasecmp(const char *str1, const char *str2, size_t n)
{
while (*str1 && *str2 && n)
{
int res = toupper(*str1) - toupper(*str2);
if (res) return res < 0 ? -1 : 1;
str1++;
str2++;
n--;
}
if (n == 0)
return 0;
if (*str1)
return 1;
if (*str2)
return -1;
return 0;
}
int fips_strcasecmp(const char *str1, const char *str2)
{
return fips_strncasecmp(str1, str2, (size_t)-1);
}
#endif

1209
fips/fipsalgtest.pl
View File

File diff suppressed because it is too large Load Diff

197
fips/fipsld
View File

@ -1,197 +0,0 @@
#!/bin/sh -e
#
# Copyright (c) 2005-2011 The OpenSSL Project.
#
# Depending on output file name, the script either embeds fingerprint
# into libcrypto.so or static application. "Static" refers to static
# libcrypto.a, not [necessarily] application per se.
#
# Even though this script is called fipsld, it expects C compiler
# command line syntax and $FIPSLD_CC or $CC environment variable set
# and can even be used to compile source files.
#set -x
CC=${FIPSLD_CC:-${CC}}
[ -n "${CC}" ] || { echo '$CC is not defined'; exit 1; }
# Initially -c wasn't intended to be interpreted here, but it might
# make life easier for those who want to build FIPS-ified applications
# with minimal [if any] modifications to their Makefiles...
( while [ "x$1" != "x" -a "x$1" != "x-c" -a "x$1" != "x-E" ]; do shift; done;
[ $# -ge 1 ]
) && exec ${CC} "$@"
TARGET=`(while [ "x$1" != "x" -a "x$1" != "x-o" ]; do shift; done; echo $2)`
# If using an auto-tooled (autoconf/automake/libtool) project,
# configure will fail when testing the compiler or even performing
# simple checks. Pass-through to compiler directly if application is
# is not being linked with libcrypto, allowing auto-tooled applications
# to utilize fipsld (e.g. CC=/usr/local/ssl/bin/fipsld FIPSLD_CC=gcc
# ./configure && make). But keep in mind[!] that if certified code
# resides in a shared library, then fipsld *may not* be used and
# end-developer should not modify application configuration and build
# procedures. This is because in-core fingerprint and associated
# procedures are already embedded into and executed in shared library
# context.
case `basename "${TARGET}"` in
libcrypto*|libfips*|*.dll) ;;
*) case "$*" in
*libcrypto.a*|*-lcrypto*|*fipscanister.o*) ;;
*) exec ${CC} "$@" ;;
esac
esac
[ -n "${TARGET}" ] || { echo 'no -o specified'; exit 1; }
# Turn on debugging output?
( while [ "x$1" != "x" -a "x$1" != "x-DDEBUG_FINGERPRINT_PREMAIN" ]; do shift; done;
[ $# -ge 1 ]
) && set -x
THERE="`echo $0 | sed -e 's|[^/]*$||'`"..
# fipscanister.o can appear in command line
CANISTER_O=`(while [ "x$1" != "x" ]; do case "$1" in *fipscanister.o) echo $1; exit;; esac; shift; done)`
if [ -z "${CANISTER_O}" ]; then
# If set, FIPSLIBDIR is location of installed validated FIPS module
if [ -n "${FIPSLIBDIR}" ]; then
CANISTER_O="${FIPSLIBDIR}/fipscanister.o"
elif [ -f "${THERE}/fips/fipscanister.o" ]; then
CANISTER_O="${THERE}/fips/fipscanister.o"
elif [ -f "${THERE}/lib/fipscanister.o" ]; then
CANISTER_O="${THERE}/lib/fipscanister.o"
fi
CANISTER_O_CMD="${CANISTER_O}"
fi
[ -f ${CANISTER_O} ] || { echo "unable to find ${CANISTER_O}"; exit 1; }
PREMAIN_C=`dirname "${CANISTER_O}"`/fips_premain.c
HMAC_KEY="etaonrishdlcupfm"
case "${CROSS_COMPILE:-`(uname -s) 2>/dev/null`}" in
OSF1|IRIX*) _WL_PREMAIN="-Wl,-init,FINGERPRINT_premain" ;;
HP-UX) _WL_PREMAIN="-Wl,+init,FINGERPRINT_premain" ;;
AIX) _WL_PREMAIN="-Wl,-binitfini:FINGERPRINT_premain,-bnoobjreorder";;
Darwin) ( while [ "x$1" != "x" -a "x$1" != "x-dynamiclib" ]; do shift; done;
[ $# -ge 1 ]
) && _WL_PREMAIN="-Wl,-init,_FINGERPRINT_premain" ;;
esac
case "${TARGET}" in
[!/]*) TARGET=./${TARGET} ;;
esac
case `basename "${TARGET}"` in
lib*|*.dll) # must be linking a shared lib...
# Shared lib creation can be taking place in the source
# directory only, but fipscanister.o can reside elsewhere...
if [ -x "${THERE}/fips/fips_standalone_sha1" ]; then
FINGERTYPE="${THERE}/fips/fips_standalone_sha1"
PREMAIN_DSO="${THERE}/fips/fips_premain_dso"
elif [ -x "${THERE}/bin/fips_standalone_sha1" ]; then
FINGERTYPE="${THERE}/bin/fips_standalone_sha1"
PREMAIN_DSO="./fips_premain_dso"
fi
# verify fipspremain.c against its detached signature...
${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
diff -w "${PREMAIN_C}.sha1" - || \
{ echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
# verify fipscanister.o against its detached signature...
${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
diff -w "${CANISTER_O}.sha1" - || \
{ echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
[ -z "${FIPSLD_LIBCRYPTO}" -a -f "${THERE}/libcrypto.a" ] && \
FIPSLD_LIBCRYPTO="${THERE}/libcrypto.a"
# Temporarily remove fipscanister.o from libcrypto.a!
# We are required to use the standalone copy...
if [ -n "${FIPSLD_LIBCRYPTO}" ]; then
if ${CROSS_COMPILE}ar d "${FIPSLD_LIBCRYPTO}" fipscanister.o; then
(${CROSS_COMPILE}ranlib "${FIPSLD_LIBCRYPTO}") 2>/dev/null || :
trap '${CROSS_COMPILE}ar r "${FIPSLD_LIBCRYPTO}" "${CANISTER_O}";
(${CROSS_COMPILE}ranlib "${FIPSLD_LIBCRYPTO}") 2>/dev/null || :;
sleep 1;
touch -c "${TARGET}"' 0
fi
fi
/bin/rm -f "${TARGET}"
${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
"${PREMAIN_C}" \
${_WL_PREMAIN} "$@"
if [ "x${FIPS_SIG}" != "x" ]; then
# embed signature
"${FIPS_SIG}" "${TARGET}"
[ $? -ne 42 ] && exit $?
fi
# generate signature...
SIG=`"${PREMAIN_DSO}" "${TARGET}"`
/bin/rm -f "${TARGET}"
if [ -z "${SIG}" ]; then
echo "unable to collect signature"; exit 1
fi
# recompile with signature...
${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
-DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
${_WL_PREMAIN} "$@"
;;
*) # must be linking statically...
# Static linking can be taking place either in the source
# directory or off the installed binary target destination.
if [ -x "${THERE}/fips/fips_standalone_sha1" ]; then
FINGERTYPE="${THERE}/fips/fips_standalone_sha1"
elif [ -x "${THERE}/bin/fips_standalone_sha1" ]; then
FINGERTYPE="${THERE}/bin/fips_standalone_sha1"
else # Installed tree is expected to contain
# lib/fipscanister.o, lib/fipscanister.o.sha1 and
# lib/fips_premain.c [not to mention bin/openssl].
FINGERTYPE="${THERE}/bin/openssl sha1 -hmac ${HMAC_KEY}"
fi
# verify fipscanister.o against its detached signature...
${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
diff -w "${CANISTER_O}.sha1" - || \
{ echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
# verify fips_premain.c against its detached signature...
${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
diff -w "${PREMAIN_C}.sha1" - || \
{ echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
/bin/rm -f "${TARGET}"
${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
"${PREMAIN_C}" \
${_WL_PREMAIN} "$@"
if [ "x${FIPS_SIG}" != "x" ]; then
# embed signature
"${FIPS_SIG}" "${TARGET}"
[ $? -ne 42 ] && exit $?
fi
# generate signature...
SIG=`"${TARGET}"`
/bin/rm -f "${TARGET}"
if [ -z "${SIG}" ]; then
echo "unable to collect signature"; exit 1
fi
# recompile with signature...
${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
-DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
${_WL_PREMAIN} "$@"
;;
esac

677
fips/fipssyms.h
View File

@ -1,677 +0,0 @@
/* Where necessary redirect standard OpenSSL APIs to FIPS versions */
#define CRYPTO_lock FIPS_lock
#define CRYPTO_add_lock FIPS_add_lock
#define CRYPTO_malloc FIPS_malloc
#define CRYPTO_free FIPS_free
#define ERR_put_error FIPS_put_error
#define ERR_add_error_data FIPS_add_error_data
#define EVP_MD_CTX_init FIPS_md_ctx_init
#define EVP_MD_CTX_cleanup FIPS_md_ctx_cleanup
#define EVP_MD_CTX_create FIPS_md_ctx_create
#define EVP_MD_CTX_destroy FIPS_md_ctx_destroy
#define EVP_DigestInit_ex(ctx, type, impl) FIPS_digestinit(ctx, type)
#define EVP_DigestInit FIPS_digestinit
#define EVP_DigestUpdate FIPS_digestupdate
#define EVP_Digest(data, count, md, size, type, impl) \
FIPS_digest(data, count, md, size, type)
#define EVP_DigestFinal_ex FIPS_digestfinal
#define EVP_MD_CTX_copy_ex FIPS_md_ctx_copy
#define EVP_CipherInit_ex(ctx, cipher, impl, key, iv, enc) \
FIPS_cipherinit(ctx, cipher, key, iv, enc)
#define EVP_CipherInit FIPS_cipherinit
#define EVP_CIPHER_CTX_init FIPS_cipher_ctx_init
#define EVP_CIPHER_CTX_cleanup FIPS_cipher_ctx_cleanup
#define EVP_Cipher FIPS_cipher
#define EVP_CIPHER_CTX_ctrl FIPS_cipher_ctx_ctrl
#define EVP_CIPHER_CTX_new FIPS_cipher_ctx_new
#define EVP_CIPHER_CTX_free FIPS_cipher_ctx_free
#define EVP_CIPHER_CTX_copy FIPS_cipher_ctx_copy
#define EVP_CIPHER_CTX_set_key_length FIPS_cipher_ctx_set_key_length
#define DSA_SIG_new FIPS_dsa_sig_new
#define DSA_SIG_free FIPS_dsa_sig_free
#define ECDSA_SIG_new FIPS_ecdsa_sig_new
#define ECDSA_SIG_free FIPS_ecdsa_sig_free
#define ecdsa_check fips_ecdsa_check
#define ecdh_check fips_ecdh_check
#define RAND_bytes FIPS_rand_bytes
#define RAND_pseudo_bytes FIPS_rand_pseudo_bytes
#define RAND_add FIPS_rand_add
#define RAND_seed FIPS_rand_seed
#define RAND_status FIPS_rand_status
/* Rename symbols so they don't clash with standard OpenSSL */
#define AES_cfb128_encrypt fips_aes_cfb128_encrypt
#define AES_cfb1_encrypt fips_aes_cfb1_encrypt
#define AES_cfb8_encrypt fips_aes_cfb8_encrypt
#define AES_ecb_encrypt fips_aes_ecb_encrypt
#define AES_ofb128_encrypt fips_aes_ofb128_encrypt
#define BN_BLINDING_convert fips_bn_blinding_convert
#define BN_BLINDING_convert_ex fips_bn_blinding_convert_ex
#define BN_BLINDING_create_param fips_bn_blinding_create_param
#define BN_BLINDING_free fips_bn_blinding_free
#define BN_BLINDING_get_flags fips_bn_blinding_get_flags
#define BN_BLINDING_invert fips_bn_blinding_invert
#define BN_BLINDING_invert_ex fips_bn_blinding_invert_ex
#define BN_BLINDING_new fips_bn_blinding_new
#define BN_BLINDING_set_flags fips_bn_blinding_set_flags
#define BN_BLINDING_thread_id fips_bn_blinding_thread_id
#define BN_BLINDING_update fips_bn_blinding_update
#define BN_BLINDING_get_thread_id fips_bn_blinding_get_thread_id
#define BN_BLINDING_set_thread_id fips_bn_blinding_set_thread_id
#define BN_CTX_end fips_bn_ctx_end
#define BN_CTX_init fips_bn_ctx_init
#define BN_CTX_free fips_bn_ctx_free
#define BN_CTX_get fips_bn_ctx_get
#define BN_CTX_new fips_bn_ctx_new
#define BN_CTX_start fips_bn_ctx_start
#define BN_GENCB_call fips_bn_gencb_call
#define BN_GF2m_add fips_bn_gf2m_add
#define BN_GF2m_arr2poly fips_bn_gf2m_arr2poly
#define BN_GF2m_mod fips_bn_gf2m_mod
#define BN_GF2m_mod_arr fips_bn_gf2m_mod_arr
#define BN_GF2m_mod_div fips_bn_gf2m_mod_div
#define BN_GF2m_mod_div_arr fips_bn_gf2m_mod_div_arr
#define BN_GF2m_mod_exp fips_bn_gf2m_mod_exp
#define BN_GF2m_mod_exp_arr fips_bn_gf2m_mod_exp_arr
#define BN_GF2m_mod_inv fips_bn_gf2m_mod_inv
#define BN_GF2m_mod_inv_arr fips_bn_gf2m_mod_inv_arr
#define BN_GF2m_mod_mul fips_bn_gf2m_mod_mul
#define BN_GF2m_mod_mul_arr fips_bn_gf2m_mod_mul_arr
#define BN_GF2m_mod_solve_quad fips_bn_gf2m_mod_solve_quad
#define BN_GF2m_mod_solve_quad_arr fips_bn_gf2m_mod_solve_quad_arr
#define BN_GF2m_mod_sqr fips_bn_gf2m_mod_sqr
#define BN_GF2m_mod_sqr_arr fips_bn_gf2m_mod_sqr_arr
#define BN_GF2m_mod_sqrt fips_bn_gf2m_mod_sqrt
#define BN_GF2m_mod_sqrt_arr fips_bn_gf2m_mod_sqrt_arr
#define BN_GF2m_poly2arr fips_bn_gf2m_poly2arr
#define BN_MONT_CTX_copy fips_bn_mont_ctx_copy
#define BN_MONT_CTX_free fips_bn_mont_ctx_free
#define BN_MONT_CTX_init fips_bn_mont_ctx_init
#define BN_MONT_CTX_new fips_bn_mont_ctx_new
#define BN_MONT_CTX_set fips_bn_mont_ctx_set
#define BN_MONT_CTX_set_locked fips_bn_mont_ctx_set_locked
#define BN_RECP_CTX_free fips_bn_recp_ctx_free
#define BN_RECP_CTX_init fips_bn_recp_ctx_init
#define BN_RECP_CTX_new fips_bn_recp_ctx_new
#define BN_RECP_CTX_set fips_bn_recp_ctx_set
#define BN_X931_derive_prime_ex FIPS_bn_x931_derive_prime_ex
#define BN_X931_generate_Xpq FIPS_bn_x931_generate_xpq
#define BN_X931_generate_prime_ex FIPS_bn_x931_generate_prime_ex
#define BN_add fips_bn_add
#define BN_add_word fips_bn_add_word
#define BN_bin2bn FIPS_bn_bin2bn
#define BN_bn2bin FIPS_bn_bn2bin
#define BN_bntest_rand fips_bn_bntest_rand
#define BN_clear FIPS_bn_clear
#define BN_clear_bit fips_bn_clear_bit
#define BN_clear_free FIPS_bn_clear_free
#define BN_cmp fips_bn_cmp
#define BN_copy fips_bn_copy
#define BN_div fips_bn_div
#define BN_div_recp fips_bn_div_recp
#define BN_div_word fips_bn_div_word
#define BN_dup fips_bn_dup
#define BN_exp fips_bn_exp
#define BN_free FIPS_bn_free
#define BN_gcd fips_bn_gcd
#define BN_generate_prime_ex FIPS_bn_generate_prime_ex
#define BN_get0_nist_prime_192 fips_bn_get0_nist_prime_192
#define BN_get0_nist_prime_224 fips_bn_get0_nist_prime_224
#define BN_get0_nist_prime_256 fips_bn_get0_nist_prime_256
#define BN_get0_nist_prime_384 fips_bn_get0_nist_prime_384
#define BN_get0_nist_prime_521 fips_bn_get0_nist_prime_521
#define BN_get_word FIPS_bn_get_word
#define BN_init fips_bn_init
#define BN_is_bit_set FIPS_bn_is_bit_set
#define BN_is_prime_ex FIPS_bn_is_prime_ex
#define BN_is_prime_fasttest_ex FIPS_bn_is_prime_fasttest_ex
#define BN_lshift fips_bn_lshift
#define BN_lshift1 fips_bn_lshift1
#define BN_mask_bits fips_bn_mask_bits
#define BN_mod_add fips_bn_mod_add
#define BN_mod_add_quick fips_bn_mod_add_quick
#define BN_mod_exp fips_bn_mod_exp
#define BN_mod_exp2_mont fips_bn_mod_exp2_mont
#define BN_mod_exp_mont fips_bn_mod_exp_mont
#define BN_mod_exp_mont_consttime fips_bn_mod_exp_mont_consttime
#define BN_mod_exp_mont_word fips_bn_mod_exp_mont_word
#define BN_mod_exp_recp fips_bn_mod_exp_recp
#define BN_mod_exp_simple fips_bn_mod_exp_simple
#define BN_mod_inverse fips_bn_mod_inverse
#define BN_mod_lshift fips_bn_mod_lshift
#define BN_mod_lshift1 fips_bn_mod_lshift1
#define BN_mod_lshift1_quick fips_bn_mod_lshift1_quick
#define BN_mod_lshift_quick fips_bn_mod_lshift_quick
#define BN_mod_mul fips_bn_mod_mul
#define BN_mod_mul_montgomery fips_bn_mod_mul_montgomery
#define BN_mod_mul_reciprocal fips_bn_mod_mul_reciprocal
#define BN_mod_sqr fips_bn_mod_sqr
#define BN_mod_sub fips_bn_mod_sub
#define BN_mod_sub_quick fips_bn_mod_sub_quick
#define BN_mod_word fips_bn_mod_word
#define BN_mul fips_bn_mul
#define BN_mul_word fips_bn_mul_word
#define BN_new FIPS_bn_new
#define BN_nist_mod_192 fips_bn_nist_mod_192
#define BN_nist_mod_224 fips_bn_nist_mod_224
#define BN_nist_mod_256 fips_bn_nist_mod_256
#define BN_nist_mod_384 fips_bn_nist_mod_384
#define BN_nist_mod_521 fips_bn_nist_mod_521
#define BN_nist_mod_func fips_bn_nist_mod_func
#define BN_nnmod fips_bn_nnmod
#define BN_num_bits FIPS_bn_num_bits
#define BN_pseudo_rand FIPS_bn_pseudo_rand
#define BN_pseudo_rand_range FIPS_bn_pseudo_rand_range
#define BN_rand FIPS_bn_rand
#define BN_rand_range FIPS_bn_rand_range
#define BN_reciprocal fips_bn_reciprocal
#define BN_rshift fips_bn_rshift
#define BN_rshift1 fips_bn_rshift1
#define BN_set_bit FIPS_bn_set_bit
#define BN_set_negative fips_bn_set_negative
#define BN_set_word fips_bn_set_word
#define BN_sqr fips_bn_sqr
#define BN_sub fips_bn_sub
#define BN_sub_word fips_bn_sub_word
#define BN_swap fips_bn_swap
#define BN_uadd fips_bn_uadd
#define BN_ucmp fips_bn_ucmp
#define BN_usub fips_bn_usub
#define BN_value_one fips_bn_value_one
#define BN_set_params fips_bn_set_params
#define BN_get_params fips_bn_get_params
#define BN_version FIPS_bn_version
#define BUF_memdup fips_buf_memdup
#define BUF_strdup fips_buf_strdup
#define BUF_strlcat fips_buf_strlcat
#define BUF_strlcpy fips_buf_strlcpy
#define BUF_strndup fips_buf_strndup
#define DllMain fips_dllmain
#define CRYPTO_THREADID_cmp fips_crypto_threadid_cmp
#define CRYPTO_THREADID_cpy fips_crypto_threadid_cpy
#define CRYPTO_THREADID_current fips_crypto_threadid_current
#define CRYPTO_THREADID_get_callback FIPS_crypto_threadid_get_callback
#define CRYPTO_THREADID_hash FIPS_crypto_threadid_hash
#define CRYPTO_THREADID_set_callback FIPS_crypto_threadid_set_callback
#define CRYPTO_THREADID_set_numeric FIPS_crypto_threadid_set_numeric
#define CRYPTO_THREADID_set_pointer FIPS_crypto_threadid_set_pointer
#define CRYPTO_get_id_callback FIPS_crypto_get_id_callback
#define CRYPTO_set_id_callback FIPS_crypto_set_id_callback
#define CRYPTO_thread_id FIPS_crypto_thread_id
#define CRYPTO_ccm128_aad fips_crypto_ccm128_aad
#define CRYPTO_ccm128_decrypt fips_crypto_ccm128_decrypt
#define CRYPTO_ccm128_decrypt_ccm64 fips_crypto_ccm128_decrypt_ccm64
#define CRYPTO_ccm128_encrypt fips_crypto_ccm128_encrypt
#define CRYPTO_ccm128_encrypt_ccm64 fips_crypto_ccm128_encrypt_ccm64
#define CRYPTO_ccm128_init fips_crypto_ccm128_init
#define CRYPTO_ccm128_setiv fips_crypto_ccm128_setiv
#define CRYPTO_ccm128_tag fips_crypto_ccm128_tag
#define CRYPTO_cbc128_decrypt fips_crypto_cbc128_decrypt
#define CRYPTO_cbc128_encrypt fips_crypto_cbc128_encrypt
#define CRYPTO_cfb128_1_encrypt fips_crypto_cfb128_1_encrypt
#define CRYPTO_cfb128_8_encrypt fips_crypto_cfb128_8_encrypt
#define CRYPTO_cfb128_encrypt fips_crypto_cfb128_encrypt
#define CRYPTO_ctr128_encrypt fips_crypto_ctr128_encrypt
#define CRYPTO_ctr128_encrypt_ctr32 fips_crypto_ctr128_encrypt_ctr32
#define CRYPTO_gcm128_aad fips_crypto_gcm128_aad
#define CRYPTO_gcm128_decrypt fips_crypto_gcm128_decrypt
#define CRYPTO_gcm128_decrypt_ctr32 fips_crypto_gcm128_decrypt_ctr32
#define CRYPTO_gcm128_encrypt fips_crypto_gcm128_encrypt
#define CRYPTO_gcm128_encrypt_ctr32 fips_crypto_gcm128_encrypt_ctr32
#define CRYPTO_gcm128_finish fips_crypto_gcm128_finish
#define CRYPTO_gcm128_init fips_crypto_gcm128_init
#define CRYPTO_gcm128_new fips_crypto_gcm128_new
#define CRYPTO_gcm128_release fips_crypto_gcm128_release
#define CRYPTO_gcm128_setiv fips_crypto_gcm128_setiv
#define CRYPTO_gcm128_tag fips_crypto_gcm128_tag
#define CRYPTO_ofb128_encrypt fips_crypto_ofb128_encrypt
#define CRYPTO_xts128_encrypt fips_crypto_xts128_encrypt
#define DES_cfb64_encrypt fips_des_cfb64_encrypt
#define DES_cfb_encrypt fips_des_cfb_encrypt
#define DES_check_key_parity FIPS_des_check_key_parity
#define DES_crypt fips_des_crypt
#define DES_ecb3_encrypt fips_des_ecb3_encrypt
#define DES_ede3_cfb64_encrypt fips_des_ede3_cfb64_encrypt
#define DES_ede3_cfb_encrypt fips_des_ede3_cfb_encrypt
#define DES_ede3_ofb64_encrypt fips_des_ede3_ofb64_encrypt
#define DES_fcrypt fips_des_fcrypt
#define DES_is_weak_key fips_des_is_weak_key
#define DES_key_sched fips_des_key_sched
#define DES_set_key fips_des_set_key
#define DES_set_key_checked fips_des_set_key_checked
#define DES_set_key_unchecked fips_des_set_key_unchecked
#define DES_set_odd_parity fips_des_set_odd_parity
#define DH_OpenSSL FIPS_dh_openssl
#define DH_check FIPS_dh_check
#define DH_check_pub_key FIPS_dh_check_pub_key
#define DH_compute_key FIPS_dh_compute_key
#define DH_generate_key FIPS_dh_generate_key
#define DH_generate_parameters_ex FIPS_dh_generate_parameters_ex
#define DSA_OpenSSL FIPS_dsa_openssl
#define DSA_generate_key FIPS_dsa_generate_key
#define DSA_generate_parameters_ex FIPS_dsa_generate_parameters_ex
#define ECDSA_OpenSSL FIPS_ecdsa_openssl
#define EC_EX_DATA_clear_free_all_data fips_ec_ex_data_clear_free_all_data
#define EC_EX_DATA_clear_free_data fips_ec_ex_data_clear_free_data
#define EC_EX_DATA_free_all_data fips_ec_ex_data_free_all_data
#define EC_EX_DATA_free_data fips_ec_ex_data_free_data
#define EC_EX_DATA_get_data fips_ec_ex_data_get_data
#define EC_EX_DATA_set_data fips_ec_ex_data_set_data
#define EC_GF2m_simple_method fips_ec_gf2m_simple_method
#define EC_GFp_mont_method fips_ec_gfp_mont_method
#define EC_GFp_nist_method fips_ec_gfp_nist_method
#define EC_GFp_simple_method fips_ec_gfp_simple_method
#define EC_GROUP_check_discriminant fips_ec_group_check_discriminant
#define EC_GROUP_clear_free FIPS_ec_group_clear_free
#define EC_GROUP_cmp fips_ec_group_cmp
#define EC_GROUP_copy fips_ec_group_copy
#define EC_GROUP_dup fips_ec_group_dup
#define EC_GROUP_free fips_ec_group_free
#define EC_GROUP_get0_generator FIPS_ec_group_get0_generator
#define EC_GROUP_get0_seed FIPS_ec_group_get0_seed
#define EC_GROUP_get_asn1_flag FIPS_ec_group_get_asn1_flag
#define EC_GROUP_get_cofactor FIPS_ec_group_get_cofactor
#define EC_GROUP_get_curve_GF2m FIPS_ec_group_get_curve_gf2m
#define EC_GROUP_get_curve_GFp FIPS_ec_group_get_curve_gfp
#define EC_GROUP_get_curve_name FIPS_ec_group_get_curve_name
#define EC_GROUP_get_degree FIPS_ec_group_get_degree
#define EC_GROUP_get_order FIPS_ec_group_get_order
#define EC_GROUP_get_point_conversion_form fips_ec_group_get_point_conversion_form
#define EC_GROUP_get_seed_len fips_ec_group_get_seed_len
#define EC_GROUP_have_precompute_mult fips_ec_group_have_precompute_mult
#define EC_GROUP_method_of FIPS_ec_group_method_of
#define EC_GROUP_new FIPS_ec_group_new
#define EC_GROUP_new_by_curve_name FIPS_ec_group_new_by_curve_name
#define EC_GROUP_new_curve_GF2m FIPS_ec_group_new_curve_gf2m
#define EC_GROUP_new_curve_GFp FIPS_ec_group_new_curve_gfp
#define EC_GROUP_precompute_mult FIPS_ec_group_precompute_mult
#define EC_GROUP_set_asn1_flag FIPS_ec_group_set_asn1_flag
#define EC_GROUP_set_curve_GF2m FIPS_ec_group_set_curve_gf2m
#define EC_GROUP_set_curve_GFp FIPS_ec_group_set_curve_gfp
#define EC_GROUP_set_curve_name FIPS_ec_group_set_curve_name
#define EC_GROUP_set_generator FIPS_ec_group_set_generator
#define EC_GROUP_set_point_conversion_form FIPS_ec_group_set_point_conversion_form
#define EC_GROUP_set_seed fips_ec_group_set_seed
#define EC_KEY_check_key FIPS_ec_key_check_key
#define EC_KEY_copy FIPS_ec_key_copy
#define EC_KEY_dup FIPS_ec_key_dup
#define EC_KEY_free FIPS_ec_key_free
#define EC_KEY_generate_key FIPS_ec_key_generate_key
#define EC_KEY_get0_group FIPS_ec_key_get0_group
#define EC_KEY_get0_private_key FIPS_ec_key_get0_private_key
#define EC_KEY_get0_public_key FIPS_ec_key_get0_public_key
#define EC_KEY_get_conv_form FIPS_ec_key_get_conv_form
#define EC_KEY_get_enc_flags FIPS_ec_key_get_enc_flags
#define EC_KEY_get_key_method_data FIPS_ec_key_get_key_method_data
#define EC_KEY_insert_key_method_data FIPS_ec_key_insert_key_method_data
#define EC_KEY_new FIPS_ec_key_new
#define EC_KEY_new_by_curve_name FIPS_ec_key_new_by_curve_name
#define EC_KEY_precompute_mult FIPS_ec_key_precompute_mult
#define EC_KEY_set_asn1_flag FIPS_ec_key_set_asn1_flag
#define EC_KEY_set_conv_form FIPS_ec_key_set_conv_form
#define EC_KEY_set_enc_flags FIPS_ec_key_set_enc_flags
#define EC_KEY_set_flags FIPS_ec_key_set_flags
#define EC_KEY_clear_flags FIPS_ec_key_clear_flags
#define EC_KEY_get_flags FIPS_ec_key_get_flags
#define EC_KEY_set_group FIPS_ec_key_set_group
#define EC_KEY_set_private_key FIPS_ec_key_set_private_key
#define EC_KEY_set_public_key FIPS_ec_key_set_public_key
#define EC_KEY_set_public_key_affine_coordinates FIPS_ec_key_set_public_key_affine_coordinates
#define EC_KEY_up_ref FIPS_ec_key_up_ref
#define EC_METHOD_get_field_type FIPS_ec_method_get_field_type
#define EC_POINT_add fips_ec_point_add
#define EC_POINT_clear_free FIPS_ec_point_clear_free
#define EC_POINT_cmp fips_ec_point_cmp
#define EC_POINT_copy fips_ec_point_copy
#define EC_POINT_dbl fips_ec_point_dbl
#define EC_POINT_dup fips_ec_point_dup
#define EC_POINT_free FIPS_ec_point_free
#define EC_POINT_get_Jprojective_coordinates_GFp FIPS_ec_point_get_jprojective_coordinates_gfp
#define EC_POINT_get_affine_coordinates_GF2m FIPS_ec_point_get_affine_coordinates_gf2m
#define EC_POINT_get_affine_coordinates_GFp FIPS_ec_point_get_affine_coordinates_gfp
#define EC_POINT_invert fips_ec_point_invert
#define EC_POINT_is_at_infinity FIPS_ec_point_is_at_infinity
#define EC_POINT_is_on_curve FIPS_ec_point_is_on_curve
#define EC_POINT_make_affine FIPS_ec_point_make_affine
#define EC_POINT_method_of FIPS_ec_point_method_of
#define EC_POINT_mul FIPS_ec_point_mul
#define EC_POINT_new FIPS_ec_point_new
#define EC_POINT_set_Jprojective_coordinates_GFp fips_ec_point_set_jprojective_coordinates_gfp
#define EC_POINT_set_affine_coordinates_GF2m fips_ec_point_set_affine_coordinates_gf2m
#define EC_POINT_set_affine_coordinates_GFp fips_ec_point_set_affine_coordinates_gfp
#define EC_POINT_set_to_infinity FIPS_ec_point_set_to_infinity
#define EC_POINTs_make_affine FIPS_ec_points_make_affine
#define EC_POINTs_mul fips_ec_points_mul
#define EC_get_builtin_curves FIPS_ec_get_builtin_curves
#define EVP_aes_128_cbc FIPS_evp_aes_128_cbc
#define EVP_aes_128_ccm FIPS_evp_aes_128_ccm
#define EVP_aes_128_cfb1 FIPS_evp_aes_128_cfb1
#define EVP_aes_128_cfb128 FIPS_evp_aes_128_cfb128
#define EVP_aes_128_cfb8 FIPS_evp_aes_128_cfb8
#define EVP_aes_128_ctr FIPS_evp_aes_128_ctr
#define EVP_aes_128_ecb FIPS_evp_aes_128_ecb
#define EVP_aes_128_gcm FIPS_evp_aes_128_gcm
#define EVP_aes_128_ofb FIPS_evp_aes_128_ofb
#define EVP_aes_128_xts FIPS_evp_aes_128_xts
#define EVP_aes_192_cbc FIPS_evp_aes_192_cbc
#define EVP_aes_192_ccm FIPS_evp_aes_192_ccm
#define EVP_aes_192_cfb1 FIPS_evp_aes_192_cfb1
#define EVP_aes_192_cfb128 FIPS_evp_aes_192_cfb128
#define EVP_aes_192_cfb8 FIPS_evp_aes_192_cfb8
#define EVP_aes_192_ctr FIPS_evp_aes_192_ctr
#define EVP_aes_192_ecb FIPS_evp_aes_192_ecb
#define EVP_aes_192_gcm FIPS_evp_aes_192_gcm
#define EVP_aes_192_ofb FIPS_evp_aes_192_ofb
#define EVP_aes_256_cbc FIPS_evp_aes_256_cbc
#define EVP_aes_256_ccm FIPS_evp_aes_256_ccm
#define EVP_aes_256_cfb1 FIPS_evp_aes_256_cfb1
#define EVP_aes_256_cfb128 FIPS_evp_aes_256_cfb128
#define EVP_aes_256_cfb8 FIPS_evp_aes_256_cfb8
#define EVP_aes_256_ctr FIPS_evp_aes_256_ctr
#define EVP_aes_256_ecb FIPS_evp_aes_256_ecb
#define EVP_aes_256_gcm FIPS_evp_aes_256_gcm
#define EVP_aes_256_ofb FIPS_evp_aes_256_ofb
#define EVP_aes_256_xts FIPS_evp_aes_256_xts
#define EVP_des_ede FIPS_evp_des_ede
#define EVP_des_ede3 FIPS_evp_des_ede3
#define EVP_des_ede3_cbc FIPS_evp_des_ede3_cbc
#define EVP_des_ede3_cfb1 FIPS_evp_des_ede3_cfb1
#define EVP_des_ede3_cfb64 FIPS_evp_des_ede3_cfb64
#define EVP_des_ede3_cfb8 FIPS_evp_des_ede3_cfb8
#define EVP_des_ede3_ecb FIPS_evp_des_ede3_ecb
#define EVP_des_ede3_ofb FIPS_evp_des_ede3_ofb
#define EVP_des_ede_cbc FIPS_evp_des_ede_cbc
#define EVP_des_ede_cfb64 FIPS_evp_des_ede_cfb64
#define EVP_des_ede_ecb FIPS_evp_des_ede_ecb
#define EVP_des_ede_ofb FIPS_evp_des_ede_ofb
#define EVP_enc_null FIPS_evp_enc_null
#define EVP_sha1 FIPS_evp_sha1
#define EVP_dss FIPS_evp_dss
#define EVP_dss1 FIPS_evp_dss1
#define EVP_ecdsa FIPS_evp_ecdsa
#define EVP_sha224 FIPS_evp_sha224
#define EVP_sha256 FIPS_evp_sha256
#define EVP_sha384 FIPS_evp_sha384
#define EVP_sha512 FIPS_evp_sha512
#define HMAC FIPS_hmac
#define HMAC_CTX_cleanup FIPS_hmac_ctx_cleanup
#define HMAC_CTX_copy FIPS_hmac_ctx_copy
#define HMAC_CTX_init FIPS_hmac_ctx_init
#define HMAC_CTX_set_flags FIPS_hmac_ctx_set_flags
#define HMAC_Final FIPS_hmac_final
#define HMAC_Init FIPS_hmac_init
#define HMAC_Init_ex FIPS_hmac_init_ex
#define HMAC_Update FIPS_hmac_update
#define OPENSSL_NONPIC_relocated fips_openssl_nonpic_relocated
#define OPENSSL_ia32cap_loc fips_openssl_ia32cap_loc
#define OPENSSL_isservice fips_openssl_isservice
#define OPENSSL_issetugid fips_openssl_issetugid
#define OPENSSL_showfatal FIPS_openssl_showfatal
#define OPENSSL_stderr FIPS_openssl_stderr
#define OpenSSLDie FIPS_openssldie
#define PKCS1_MGF1 fips_pkcs1_mgf1
#define RSA_PKCS1_SSLeay FIPS_rsa_pkcs1_ssleay
#define RSA_X931_derive_ex FIPS_rsa_x931_derive_ex
#define RSA_X931_generate_key_ex FIPS_rsa_x931_generate_key_ex
#define RSA_X931_hash_id fips_rsa_x931_hash_id
#define RSA_blinding_off FIPS_rsa_blinding_off
#define RSA_blinding_on FIPS_rsa_blinding_on
#define RSA_flags FIPS_rsa_flags
#define RSA_generate_key_ex FIPS_rsa_generate_key_ex
#define RSA_padding_add_PKCS1_OAEP fips_rsa_padding_add_pkcs1_oaep
#define RSA_padding_add_PKCS1_PSS fips_rsa_padding_add_pkcs1_pss
#define RSA_padding_add_PKCS1_PSS_mgf1 fips_rsa_padding_add_pkcs1_pss_mgf1
#define RSA_padding_add_PKCS1_type_1 fips_rsa_padding_add_pkcs1_type_1
#define RSA_padding_add_PKCS1_type_2 fips_rsa_padding_add_pkcs1_type_2
#define RSA_padding_add_SSLv23 fips_rsa_padding_add_sslv23
#define RSA_padding_add_X931 fips_rsa_padding_add_x931
#define RSA_padding_add_none fips_rsa_padding_add_none
#define RSA_padding_check_PKCS1_OAEP fips_rsa_padding_check_pkcs1_oaep
#define RSA_padding_check_PKCS1_type_1 fips_rsa_padding_check_pkcs1_type_1
#define RSA_padding_check_PKCS1_type_2 fips_rsa_padding_check_pkcs1_type_2
#define RSA_padding_check_SSLv23 fips_rsa_padding_check_sslv23
#define RSA_padding_check_X931 fips_rsa_padding_check_x931
#define RSA_padding_check_none fips_rsa_padding_check_none
#define RSA_private_decrypt FIPS_rsa_private_decrypt
#define RSA_private_encrypt FIPS_rsa_private_encrypt
#define RSA_public_decrypt FIPS_rsa_public_decrypt
#define RSA_public_encrypt FIPS_rsa_public_encrypt
#define RSA_setup_blinding fips_rsa_setup_blinding
#define RSA_size FIPS_rsa_size
#define RSA_verify_PKCS1_PSS fips_rsa_verify_pkcs1_pss
#define RSA_verify_PKCS1_PSS_mgf1 fips_rsa_verify_pkcs1_pss_mgf1
#define SHA1_Final fips_sha1_final
#define SHA1_Init fips_sha1_init
#define SHA1_Transform fips_sha1_transform
#define SHA1_Update fips_sha1_update
#define SHA1_version fips_sha1_version
#define SHA224 fips_sha224
#define SHA224_Final fips_sha224_final
#define SHA224_Init fips_sha224_init
#define SHA224_Update fips_sha224_update
#define SHA256_Final fips_sha256_final
#define SHA256_Init fips_sha256_init
#define SHA256_Transform fips_sha256_transform
#define SHA256_Update fips_sha256_update
#define SHA256_version fips_sha256_version
#define SHA384 fips_sha384
#define SHA384_Final fips_sha384_final
#define SHA384_Init fips_sha384_init
#define SHA384_Update fips_sha384_update
#define SHA512_Final fips_sha512_final
#define SHA512_Init fips_sha512_init
#define SHA512_Transform fips_sha512_transform
#define SHA512_Update fips_sha512_update
#define SHA512_version fips_sha512_version
#define _shadow_DES_check_key fips__shadow_des_check_key
#define bn_add_part_words fips_bn_add_part_words
#define bn_cmp_part_words fips_bn_cmp_part_words
#define bn_cmp_words fips_bn_cmp_words
#define bn_dup_expand fips_bn_dup_expand
#define bn_expand2 fips_bn_expand2
#define bn_mul_high fips_bn_mul_high
#define bn_mul_low_normal fips_bn_mul_low_normal
#define bn_mul_low_recursive fips_bn_mul_low_recursive
#define bn_mul_normal fips_bn_mul_normal
#define bn_mul_part_recursive fips_bn_mul_part_recursive
#define bn_mul_recursive fips_bn_mul_recursive
#define bn_sqr_normal fips_bn_sqr_normal
#define bn_sqr_recursive fips_bn_sqr_recursive
#define dsa_builtin_paramgen fips_dsa_builtin_paramgen
#define dsa_builtin_paramgen2 fips_dsa_builtin_paramgen2
#define dsa_paramgen_check_g fips_dsa_paramgen_check_g
#define ec_GF2m_have_precompute_mult fips_ec_gf2m_have_precompute_mult
#define ec_GF2m_precompute_mult fips_ec_gf2m_precompute_mult
#define ec_GF2m_simple_add fips_ec_gf2m_simple_add
#define ec_GF2m_simple_cmp fips_ec_gf2m_simple_cmp
#define ec_GF2m_simple_dbl fips_ec_gf2m_simple_dbl
#define ec_GF2m_simple_field_div fips_ec_gf2m_simple_field_div
#define ec_GF2m_simple_field_mul fips_ec_gf2m_simple_field_mul
#define ec_GF2m_simple_field_sqr fips_ec_gf2m_simple_field_sqr
#define ec_GF2m_simple_group_check_discriminant fips_ec_gf2m_simple_group_check_discriminant
#define ec_GF2m_simple_group_clear_finish fips_ec_gf2m_simple_group_clear_finish
#define ec_GF2m_simple_group_copy fips_ec_gf2m_simple_group_copy
#define ec_GF2m_simple_group_finish fips_ec_gf2m_simple_group_finish
#define ec_GF2m_simple_group_get_curve fips_ec_gf2m_simple_group_get_curve
#define ec_GF2m_simple_group_get_degree fips_ec_gf2m_simple_group_get_degree
#define ec_GF2m_simple_group_init fips_ec_gf2m_simple_group_init
#define ec_GF2m_simple_group_set_curve fips_ec_gf2m_simple_group_set_curve
#define ec_GF2m_simple_invert fips_ec_gf2m_simple_invert
#define ec_GF2m_simple_is_at_infinity fips_ec_gf2m_simple_is_at_infinity
#define ec_GF2m_simple_is_on_curve fips_ec_gf2m_simple_is_on_curve
#define ec_GF2m_simple_make_affine fips_ec_gf2m_simple_make_affine
#define ec_GF2m_simple_mul fips_ec_gf2m_simple_mul
#define ec_GF2m_simple_point_clear_finish fips_ec_gf2m_simple_point_clear_finish
#define ec_GF2m_simple_point_copy fips_ec_gf2m_simple_point_copy
#define ec_GF2m_simple_point_finish fips_ec_gf2m_simple_point_finish
#define ec_GF2m_simple_point_get_affine_coordinates fips_ec_gf2m_simple_point_get_affine_coordinates
#define ec_GF2m_simple_point_init fips_ec_gf2m_simple_point_init
#define ec_GF2m_simple_point_set_affine_coordinates fips_ec_gf2m_simple_point_set_affine_coordinates
#define ec_GF2m_simple_point_set_to_infinity fips_ec_gf2m_simple_point_set_to_infinity
#define ec_GF2m_simple_points_make_affine fips_ec_gf2m_simple_points_make_affine
#define ec_GFp_mont_field_decode fips_ec_gfp_mont_field_decode
#define ec_GFp_mont_field_encode fips_ec_gfp_mont_field_encode
#define ec_GFp_mont_field_mul fips_ec_gfp_mont_field_mul
#define ec_GFp_mont_field_set_to_one fips_ec_gfp_mont_field_set_to_one
#define ec_GFp_mont_field_sqr fips_ec_gfp_mont_field_sqr
#define ec_GFp_mont_group_clear_finish fips_ec_gfp_mont_group_clear_finish
#define ec_GFp_mont_group_copy fips_ec_gfp_mont_group_copy
#define ec_GFp_mont_group_finish fips_ec_gfp_mont_group_finish
#define ec_GFp_mont_group_init fips_ec_gfp_mont_group_init
#define ec_GFp_mont_group_set_curve fips_ec_gfp_mont_group_set_curve
#define ec_GFp_nist_field_mul fips_ec_gfp_nist_field_mul
#define ec_GFp_nist_field_sqr fips_ec_gfp_nist_field_sqr
#define ec_GFp_nist_group_copy fips_ec_gfp_nist_group_copy
#define ec_GFp_nist_group_set_curve fips_ec_gfp_nist_group_set_curve
#define ec_GFp_simple_add fips_ec_gfp_simple_add
#define ec_GFp_simple_cmp fips_ec_gfp_simple_cmp
#define ec_GFp_simple_dbl fips_ec_gfp_simple_dbl
#define ec_GFp_simple_field_mul fips_ec_gfp_simple_field_mul
#define ec_GFp_simple_field_sqr fips_ec_gfp_simple_field_sqr
#define ec_GFp_simple_get_Jprojective_coordinates_GFp fips_ec_gfp_simple_get_jprojective_coordinates_gfp
#define ec_GFp_simple_group_check_discriminant fips_ec_gfp_simple_group_check_discriminant
#define ec_GFp_simple_group_clear_finish fips_ec_gfp_simple_group_clear_finish
#define ec_GFp_simple_group_copy fips_ec_gfp_simple_group_copy
#define ec_GFp_simple_group_finish fips_ec_gfp_simple_group_finish
#define ec_GFp_simple_group_get_curve fips_ec_gfp_simple_group_get_curve
#define ec_GFp_simple_group_get_degree fips_ec_gfp_simple_group_get_degree
#define ec_GFp_simple_group_init fips_ec_gfp_simple_group_init
#define ec_GFp_simple_group_set_curve fips_ec_gfp_simple_group_set_curve
#define ec_GFp_simple_invert fips_ec_gfp_simple_invert
#define ec_GFp_simple_is_at_infinity fips_ec_gfp_simple_is_at_infinity
#define ec_GFp_simple_is_on_curve fips_ec_gfp_simple_is_on_curve
#define ec_GFp_simple_make_affine fips_ec_gfp_simple_make_affine
#define ec_GFp_simple_point_clear_finish fips_ec_gfp_simple_point_clear_finish
#define ec_GFp_simple_point_copy fips_ec_gfp_simple_point_copy
#define ec_GFp_simple_point_finish fips_ec_gfp_simple_point_finish
#define ec_GFp_simple_point_get_affine_coordinates fips_ec_gfp_simple_point_get_affine_coordinates
#define ec_GFp_simple_point_init fips_ec_gfp_simple_point_init
#define ec_GFp_simple_point_set_affine_coordinates fips_ec_gfp_simple_point_set_affine_coordinates
#define ec_GFp_simple_point_set_to_infinity fips_ec_gfp_simple_point_set_to_infinity
#define ec_GFp_simple_points_make_affine fips_ec_gfp_simple_points_make_affine
#define ec_GFp_simple_set_Jprojective_coordinates_GFp fips_ec_gfp_simple_set_jprojective_coordinates_gfp
#define ec_wNAF_have_precompute_mult fips_ec_wnaf_have_precompute_mult
#define ec_wNAF_mul fips_ec_wnaf_mul
#define ec_wNAF_precompute_mult fips_ec_wnaf_precompute_mult
#define int_bn_mod_inverse fips_int_bn_mod_inverse
#define cleanse_ctr fips_cleanse_ctr
#define DH_compute_key_padded FIPS_dh_compute_key_padded
#define ECDH_OpenSSL FIPS_ecdh_openssl
#define ECDH_compute_key FIPS_ecdh_compute_key
#define CMAC_CTX_cleanup FIPS_cmac_ctx_cleanup
#define CMAC_CTX_copy FIPS_cmac_ctx_copy
#define CMAC_CTX_free FIPS_cmac_ctx_free
#define CMAC_CTX_get0_cipher_ctx FIPS_cmac_ctx_get0_cipher_ctx
#define CMAC_CTX_new FIPS_cmac_ctx_new
#define CMAC_Init FIPS_cmac_init
#define CMAC_Update FIPS_cmac_update
#define CMAC_Final FIPS_cmac_final
#define CMAC_resume FIPS_cmac_resume
/* assembler symbols */
#define gcm_gmult_4bit_x86 fips_gcm_gmult_4bit_x86
#define gcm_ghash_4bit_x86 fips_gcm_ghash_4bit_x86
#define AES_cbc_encrypt fips_aes_cbc_encrypt
#define AES_decrypt fips_aes_decrypt
#define AES_encrypt fips_aes_encrypt
#define AES_set_decrypt_key fips_aes_set_decrypt_key
#define AES_set_encrypt_key fips_aes_set_encrypt_key
#define BN_from_montgomery fips_bn_from_montgomery
#define BN_num_bits_word FIPS_bn_num_bits_word
#define DES_SPtrans fips_des_sptrans
#define DES_decrypt3 fips_des_decrypt3
#define DES_ede3_cbc_encrypt fips_des_ede3_cbc_encrypt
#define DES_encrypt1 fips_des_encrypt1
#define DES_encrypt2 fips_des_encrypt2
#define DES_encrypt3 fips_des_encrypt3
#define DES_ncbc_encrypt fips_des_ncbc_encrypt
#define OPENSSL_altivec_probe fips_openssl_altivec_probe
#define OPENSSL_atomic_add fips_openssl_atomic_add
#define OPENSSL_cleanse FIPS_openssl_cleanse
#define OPENSSL_cpuid_setup fips_openssl_cpuid_setup
#define OPENSSL_ia32_cpuid fips_openssl_ia32_cpuid
#define OPENSSL_ia32cap_P fips_openssl_ia32cap_p
#define OPENSSL_instrument_bus fips_openssl_instrument_bus
#define OPENSSL_instrument_bus2 fips_openssl_instrument_bus2
#define OPENSSL_ppc64_probe fips_openssl_ppc64_probe
#define OPENSSL_rdtsc fips_openssl_rdtsc
#define OPENSSL_wipe_cpu fips_openssl_wipe_cpu
#define SHA256 fips_sha256
#define SHA512 fips_sha512
#define aesni_ccm64_decrypt_blocks fips_aesni_ccm64_decrypt_blocks
#define aesni_ccm64_encrypt_blocks fips_aesni_ccm64_encrypt_blocks
#define aesni_ctr32_encrypt_blocks fips_aesni_ctr32_encrypt_blocks
#define aesni_ecb_encrypt fips_aesni_ecb_encrypt
#define aesni_encrypt fips_aesni_encrypt
#define bn_add_words fips_bn_add_words
#define bn_div_words fips_bn_div_words
#define bn_mul_add_words fips_bn_mul_add_words
#define bn_mul_comba4 fips_bn_mul_comba4
#define bn_mul_comba8 fips_bn_mul_comba8
#define bn_mul_mont fips_bn_mul_mont
#define bn_sqr_mont fips_bn_sqr_mont
#define bn_mul_mont_fpu64 fips_bn_mul_mont_fpu64
#define bn_mul_mont_int fips_bn_mul_mont_int
#define bn_mul_words fips_bn_mul_words
#define bn_sqr_comba4 fips_bn_sqr_comba4
#define bn_sqr_comba8 fips_bn_sqr_comba8
#define bn_sqr_words fips_bn_sqr_words
#define bn_sub_part_words fips_bn_sub_part_words
#define bn_sub_words fips_bn_sub_words
#define fcrypt_body fips_fcrypt_body
#define gcm_ghash_4bit fips_gcm_ghash_4bit
#define gcm_ghash_clmul fips_gcm_ghash_clmul
#define gcm_gmult_4bit fips_gcm_gmult_4bit
#define gcm_gmult_clmul fips_gcm_gmult_clmul
#define gcm_init_clmul fips_gcm_init_clmul
#define sha1_block_data_order fips_sha1_block_data_order
#define sha256_block_data_order fips_sha256_block_data_order
#define sha512_block_data_order fips_sha512_block_data_order
#define gcm_gmult_4bit_mmx fips_gcm_gmult_4bit_mmx
#define gcm_ghash_4bit_mmx fips_gcm_ghash_4bit_mmx
#define OPENSSL_far_spin fips_openssl_far_spin
#define OPENSSL_indirect_call fips_openssl_indirect_call
#define OPENSSL_instrument_halt fips_openssl_instrument_halt
#define OPENSSL_armcap fips_openssl_armcap
#define aesni_cbc_encrypt fips_aesni_cbc_encrypt
#define aesni_decrypt fips_aesni_decrypt
#define aesni_set_decrypt_key fips_aesni_set_decrypt_key
#define aesni_set_encrypt_key fips_aesni_set_encrypt_key
#define bn_GF2m_mul_2x2 fips_bn_GF2m_mul_2x2
#define gcm_ghash_neon fips_gcm_ghash_neon
#define gcm_gmult_neon fips_gcm_gmult_neon
#define aesni_xts_decrypt fips_aesni_xts_decrypt
#define aesni_xts_encrypt fips_aesni_xts_encrypt
#define OPENSSL_ia32_rdrand fips_openssl_ia32_rdrand
#define OPENSSL_armcap_P fips_openssl_armcap_P
#define _armv7_neon_probe _fips_armv7_neon_probe
#define _armv7_tick _fips_armv7_tick
#define _sparcv9_rdtick _fips_sparcv9_rdtick
#define _sparcv9_vis1_probe _fips_sparcv9_vis1_probe
#define _sparcv9_vis2_probe _fips_sparcv9_vis2_probe
#define _sparcv9_fmadd_probe _fips_sparcv9_fmadd_probe
#define _sparcv9_vis1_instrument _fips_sparcv9_vis1_instrument
#define bn_mul_mont_gather5 fips_bn_mul_mont_gather5
#define bn_scatter5 fips_bn_scatter5
#define bn_gather5 fips_bn_gather5
#if defined(_MSC_VER)
# pragma const_seg("fipsro$b")
# pragma const_seg()
# define __fips_constseg __declspec(allocate("fipsro$b"))
#else
# define __fips_constseg
#endif

113
fips/hmac/Makefile
View File

@ -1,113 +0,0 @@
#
# OpenSSL/fips/hmac/Makefile
#
DIR= hmac
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST=fips_hmactest.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= fips_hmac_selftest.c
LIBOBJ= fips_hmac_selftest.o
SRC= $(LIBSRC)
EXHEADER=
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
install:
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done
tags:
ctags $(SRC)
tests:
Q=../testvectors/hmac/req
A=../testvectors/hmac/rsp
fips_test:
-rm -rf $(A)
mkdir $(A)
if [ -f $(Q)/HMAC.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_hmactest < $(Q)/HMAC.req > $(A)/HMAC.rsp; fi
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_hmac_selftest.o: ../../include/openssl/crypto.h
fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
fips_hmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_hmac_selftest.o: ../../include/openssl/hmac.h
fips_hmac_selftest.o: ../../include/openssl/lhash.h
fips_hmac_selftest.o: ../../include/openssl/obj_mac.h
fips_hmac_selftest.o: ../../include/openssl/objects.h
fips_hmac_selftest.o: ../../include/openssl/opensslconf.h
fips_hmac_selftest.o: ../../include/openssl/opensslv.h
fips_hmac_selftest.o: ../../include/openssl/ossl_typ.h
fips_hmac_selftest.o: ../../include/openssl/safestack.h
fips_hmac_selftest.o: ../../include/openssl/stack.h
fips_hmac_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
fips_hmac_selftest.o: fips_hmac_selftest.c
fips_hmactest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_hmactest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_hmactest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
fips_hmactest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
fips_hmactest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_hmactest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
fips_hmactest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
fips_hmactest.o: ../../include/openssl/objects.h
fips_hmactest.o: ../../include/openssl/opensslconf.h
fips_hmactest.o: ../../include/openssl/opensslv.h
fips_hmactest.o: ../../include/openssl/ossl_typ.h
fips_hmactest.o: ../../include/openssl/safestack.h
fips_hmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fips_hmactest.o: ../fips_utl.h fips_hmactest.c

184
fips/hmac/fips_hmac_selftest.c
View File

@ -1,184 +0,0 @@
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/hmac.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS
typedef struct {
int nid;
const unsigned char kaval[EVP_MAX_MD_SIZE];
} HMAC_KAT;
/* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */
/* "0123456789:;<=>?@ABC" */
__fips_constseg
static const unsigned char hmac_kat_key[] = {
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a,
0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43
};
/* "Sample #2" */
__fips_constseg
static const unsigned char hmac_kat_data[] = {
0x53, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x23, 0x32
};
__fips_constseg
static const HMAC_KAT vector[] = {
{ NID_sha1,
{ 0x09,0x22,0xd3,0x40,0x5f,0xaa,0x3d,0x19,
0x4f,0x82,0xa4,0x58,0x30,0x73,0x7d,0x5c,
0xc6,0xc7,0x5d,0x24 }
},
{ NID_sha224,
{ 0xdd,0xef,0x0a,0x40,0xcb,0x7d,0x50,0xfb,
0x6e,0xe6,0xce,0xa1,0x20,0xba,0x26,0xaa,
0x08,0xf3,0x07,0x75,0x87,0xb8,0xad,0x1b,
0x8c,0x8d,0x12,0xc7 }
},
{ NID_sha256,
{ 0xb8,0xf2,0x0d,0xb5,0x41,0xea,0x43,0x09,
0xca,0x4e,0xa9,0x38,0x0c,0xd0,0xe8,0x34,
0xf7,0x1f,0xbe,0x91,0x74,0xa2,0x61,0x38,
0x0d,0xc1,0x7e,0xae,0x6a,0x34,0x51,0xd9 }
},
{ NID_sha384,
{ 0x08,0xbc,0xb0,0xda,0x49,0x1e,0x87,0xad,
0x9a,0x1d,0x6a,0xce,0x23,0xc5,0x0b,0xf6,
0xb7,0x18,0x06,0xa5,0x77,0xcd,0x49,0x04,
0x89,0xf1,0xe6,0x23,0x44,0x51,0x51,0x9f,
0x85,0x56,0x80,0x79,0x0c,0xbd,0x4d,0x50,
0xa4,0x5f,0x29,0xe3,0x93,0xf0,0xe8,0x7f }
},
{ NID_sha512,
{ 0x80,0x9d,0x44,0x05,0x7c,0x5b,0x95,0x41,
0x05,0xbd,0x04,0x13,0x16,0xdb,0x0f,0xac,
0x44,0xd5,0xa4,0xd5,0xd0,0x89,0x2b,0xd0,
0x4e,0x86,0x64,0x12,0xc0,0x90,0x77,0x68,
0xf1,0x87,0xb7,0x7c,0x4f,0xae,0x2c,0x2f,
0x21,0xa5,0xb5,0x65,0x9a,0x4f,0x4b,0xa7,
0x47,0x02,0xa3,0xde,0x9b,0x51,0xf1,0x45,
0xbd,0x4f,0x25,0x27,0x42,0x98,0x99,0x05 }
},
};
int FIPS_selftest_hmac()
{
size_t n;
unsigned int outlen;
unsigned char out[EVP_MAX_MD_SIZE];
const EVP_MD *md;
const HMAC_KAT *t;
int rv = 1, subid = -1;
HMAC_CTX c;
HMAC_CTX_init(&c);
for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
{
md = FIPS_get_digestbynid(t->nid);
if (!md)
{
rv = -1;
goto err;
}
subid = M_EVP_MD_type(md);
if (!fips_post_started(FIPS_TEST_HMAC, subid, 0))
continue;
if (!HMAC_Init_ex(&c, hmac_kat_key, sizeof(hmac_kat_key),
md, NULL))
{
rv = -1;
goto err;
}
if (!HMAC_Update(&c, hmac_kat_data, sizeof(hmac_kat_data)))
{
rv = -1;
goto err;
}
if (!fips_post_corrupt(FIPS_TEST_HMAC, subid, NULL))
{
if (!HMAC_Update(&c, hmac_kat_data, 1))
{
rv = -1;
goto err;
}
}
if (!HMAC_Final(&c, out, &outlen))
{
rv = -1;
goto err;
}
if(memcmp(out,t->kaval,outlen))
{
fips_post_failed(FIPS_TEST_HMAC, subid, NULL);
rv = 0;
}
else if (!fips_post_success(FIPS_TEST_HMAC, subid, NULL))
goto err;
}
err:
HMAC_CTX_cleanup(&c);
if (rv == -1)
{
fips_post_failed(FIPS_TEST_HMAC, subid, NULL);
rv = 0;
}
if (!rv)
FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
return rv;
}
#endif

324
fips/hmac/fips_hmactest.c
View File

@ -1,324 +0,0 @@
/* fips_hmactest.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2005.
*/
/* ====================================================================
* Copyright (c) 2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define OPENSSL_FIPSAPI
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#ifndef OPENSSL_FIPS
int main(int argc, char *argv[])
{
printf("No FIPS HMAC support\n");
return(0);
}
#else
#include <openssl/fips.h>
#include "fips_utl.h"
static int hmac_test(const EVP_MD *md, FILE *out, FILE *in);
static int print_hmac(const EVP_MD *md, FILE *out,
unsigned char *Key, int Klen,
unsigned char *Msg, int Msglen, int Tlen);
#ifdef FIPS_ALGVS
int fips_hmactest_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
FILE *in = NULL, *out = NULL;
int ret = 1;
fips_algtest_init();
if (argc == 1)
in = stdin;
else
in = fopen(argv[1], "r");
if (argc < 2)
out = stdout;
else
out = fopen(argv[2], "w");
if (!in)
{
fprintf(stderr, "FATAL input initialization error\n");
goto end;
}
if (!out)
{
fprintf(stderr, "FATAL output initialization error\n");
goto end;
}
if (!hmac_test(EVP_sha1(), out, in))
{
fprintf(stderr, "FATAL hmac file processing error\n");
goto end;
}
else
ret = 0;
end:
if (in && (in != stdin))
fclose(in);
if (out && (out != stdout))
fclose(out);
return ret;
}
#define HMAC_TEST_MAXLINELEN 1024
int hmac_test(const EVP_MD *md, FILE *out, FILE *in)
{
char *linebuf, *olinebuf, *p, *q;
char *keyword, *value;
unsigned char *Key = NULL, *Msg = NULL;
int Count, Klen, Tlen;
long Keylen, Msglen;
int ret = 0;
int lnum = 0;
olinebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN);
linebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN);
if (!linebuf || !olinebuf)
goto error;
Count = -1;
Klen = -1;
Tlen = -1;
while (fgets(olinebuf, HMAC_TEST_MAXLINELEN, in))
{
lnum++;
strcpy(linebuf, olinebuf);
keyword = linebuf;
/* Skip leading space */
while (isspace((unsigned char)*keyword))
keyword++;
/* Look for = sign */
p = strchr(linebuf, '=');
/* If no = or starts with [ (for [L=20] line) just copy */
if (!p)
{
if (fputs(olinebuf, out) < 0)
goto error;
continue;
}
q = p - 1;
/* Remove trailing space */
while (isspace((unsigned char)*q))
*q-- = 0;
*p = 0;
value = p + 1;
/* Remove leading space from value */
while (isspace((unsigned char)*value))
value++;
/* Remove trailing space from value */
p = value + strlen(value) - 1;
while (*p == '\n' || isspace((unsigned char)*p))
*p-- = 0;
if (!strcmp(keyword,"[L") && *p==']')
{
switch (atoi(value))
{
case 20: md=EVP_sha1(); break;
case 28: md=EVP_sha224(); break;
case 32: md=EVP_sha256(); break;
case 48: md=EVP_sha384(); break;
case 64: md=EVP_sha512(); break;
default: goto parse_error;
}
}
else if (!strcmp(keyword, "Count"))
{
if (Count != -1)
goto parse_error;
Count = atoi(value);
if (Count < 0)
goto parse_error;
}
else if (!strcmp(keyword, "Klen"))
{
if (Klen != -1)
goto parse_error;
Klen = atoi(value);
if (Klen < 0)
goto parse_error;
}
else if (!strcmp(keyword, "Tlen"))
{
if (Tlen != -1)
goto parse_error;
Tlen = atoi(value);
if (Tlen < 0)
goto parse_error;
}
else if (!strcmp(keyword, "Msg"))
{
if (Msg)
goto parse_error;
Msg = hex2bin_m(value, &Msglen);
if (!Msg)
goto parse_error;
}
else if (!strcmp(keyword, "Key"))
{
if (Key)
goto parse_error;
Key = hex2bin_m(value, &Keylen);
if (!Key)
goto parse_error;
}
else if (!strcmp(keyword, "Mac"))
continue;
else
goto parse_error;
fputs(olinebuf, out);
if (Key && Msg && (Tlen > 0) && (Klen > 0))
{
if (!print_hmac(md, out, Key, Klen, Msg, Msglen, Tlen))
goto error;
OPENSSL_free(Key);
Key = NULL;
OPENSSL_free(Msg);
Msg = NULL;
Klen = -1;
Tlen = -1;
Count = -1;
}
}
ret = 1;
error:
if (olinebuf)
OPENSSL_free(olinebuf);
if (linebuf)
OPENSSL_free(linebuf);
if (Key)
OPENSSL_free(Key);
if (Msg)
OPENSSL_free(Msg);
return ret;
parse_error:
fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
goto error;
}
static int print_hmac(const EVP_MD *emd, FILE *out,
unsigned char *Key, int Klen,
unsigned char *Msg, int Msglen, int Tlen)
{
int i, mdlen;
unsigned char md[EVP_MAX_MD_SIZE];
if (!HMAC(emd, Key, Klen, Msg, Msglen, md,
(unsigned int *)&mdlen))
{
fputs("Error calculating HMAC\n", stderr);
return 0;
}
if (Tlen > mdlen)
{
fputs("Parameter error, Tlen > HMAC length\n", stderr);
return 0;
}
fputs("Mac = ", out);
for (i = 0; i < Tlen; i++)
fprintf(out, "%02x", md[i]);
fputs(RESP_EOL, out);
return 1;
}
#endif

657
fips/mkfipsscr.pl
View File

@ -1,657 +0,0 @@
#!/usr/local/bin/perl -w
# Quick & dirty utility to generate a script for executing the
# FIPS 140-2 CMVP algorithm tests based on the pathnames of
# input algorithm test files actually present (the unqualified
# file names are consistent but the pathnames are not).
#
# List of all the unqualified file names we expect.
my %fips_tests = (
# FIPS test definitions
# DSA tests
"PQGGen" => "fips_dssvs pqg",
"KeyPair" => "fips_dssvs keypair",
"SigGen" => "fips_dssvs siggen",
"SigVer" => "fips_dssvs sigver",
# SHA tests
"SHA1LongMsg" => "fips_shatest",
"SHA1Monte" => "fips_shatest",
"SHA1ShortMsg" => "fips_shatest",
"SHA224LongMsg" => "fips_shatest",
"SHA224Monte" => "fips_shatest",
"SHA224ShortMsg" => "fips_shatest",
"SHA256LongMsg" => "fips_shatest",
"SHA256Monte" => "fips_shatest",
"SHA256ShortMsg" => "fips_shatest",
"SHA384LongMsg" => "fips_shatest",
"SHA384Monte" => "fips_shatest",
"SHA384ShortMsg" => "fips_shatest",
"SHA512LongMsg" => "fips_shatest",
"SHA512Monte" => "fips_shatest",
"SHA512ShortMsg" => "fips_shatest",
# HMAC
"HMAC" => "fips_hmactest",
# RAND tests
"ANSI931_AES128MCT" => "fips_rngvs mct",
"ANSI931_AES192MCT" => "fips_rngvs mct",
"ANSI931_AES256MCT" => "fips_rngvs mct",
"ANSI931_AES128VST" => "fips_rngvs vst",
"ANSI931_AES192VST" => "fips_rngvs vst",
"ANSI931_AES256VST" => "fips_rngvs vst",
# RSA tests
"SigGen15" => "fips_rsastest",
"SigVer15" => "fips_rsavtest",
"SigGenPSS" => "fips_rsastest -saltlen SALT",
"SigVerPSS" => "fips_rsavtest -saltlen SALT",
"SigGenRSA" => "fips_rsastest -x931",
"SigVerRSA" => "fips_rsavtest -x931",
"KeyGenRSA" => "fips_rsagtest",
# AES tests
"CBCGFSbox128" => "fips_aesavs -f",
"CBCGFSbox192" => "fips_aesavs -f",
"CBCGFSbox256" => "fips_aesavs -f",
"CBCKeySbox128" => "fips_aesavs -f",
"CBCKeySbox192" => "fips_aesavs -f",
"CBCKeySbox256" => "fips_aesavs -f",
"CBCMCT128" => "fips_aesavs -f",
"CBCMCT192" => "fips_aesavs -f",
"CBCMCT256" => "fips_aesavs -f",
"CBCMMT128" => "fips_aesavs -f",
"CBCMMT192" => "fips_aesavs -f",
"CBCMMT256" => "fips_aesavs -f",
"CBCVarKey128" => "fips_aesavs -f",
"CBCVarKey192" => "fips_aesavs -f",
"CBCVarKey256" => "fips_aesavs -f",
"CBCVarTxt128" => "fips_aesavs -f",
"CBCVarTxt192" => "fips_aesavs -f",
"CBCVarTxt256" => "fips_aesavs -f",
"CFB128GFSbox128" => "fips_aesavs -f",
"CFB128GFSbox192" => "fips_aesavs -f",
"CFB128GFSbox256" => "fips_aesavs -f",
"CFB128KeySbox128" => "fips_aesavs -f",
"CFB128KeySbox192" => "fips_aesavs -f",
"CFB128KeySbox256" => "fips_aesavs -f",
"CFB128MCT128" => "fips_aesavs -f",
"CFB128MCT192" => "fips_aesavs -f",
"CFB128MCT256" => "fips_aesavs -f",
"CFB128MMT128" => "fips_aesavs -f",
"CFB128MMT192" => "fips_aesavs -f",
"CFB128MMT256" => "fips_aesavs -f",
"CFB128VarKey128" => "fips_aesavs -f",
"CFB128VarKey192" => "fips_aesavs -f",
"CFB128VarKey256" => "fips_aesavs -f",
"CFB128VarTxt128" => "fips_aesavs -f",
"CFB128VarTxt192" => "fips_aesavs -f",
"CFB128VarTxt256" => "fips_aesavs -f",
"CFB8GFSbox128" => "fips_aesavs -f",
"CFB8GFSbox192" => "fips_aesavs -f",
"CFB8GFSbox256" => "fips_aesavs -f",
"CFB8KeySbox128" => "fips_aesavs -f",
"CFB8KeySbox192" => "fips_aesavs -f",
"CFB8KeySbox256" => "fips_aesavs -f",
"CFB8MCT128" => "fips_aesavs -f",
"CFB8MCT192" => "fips_aesavs -f",
"CFB8MCT256" => "fips_aesavs -f",
"CFB8MMT128" => "fips_aesavs -f",
"CFB8MMT192" => "fips_aesavs -f",
"CFB8MMT256" => "fips_aesavs -f",
"CFB8VarKey128" => "fips_aesavs -f",
"CFB8VarKey192" => "fips_aesavs -f",
"CFB8VarKey256" => "fips_aesavs -f",
"CFB8VarTxt128" => "fips_aesavs -f",
"CFB8VarTxt192" => "fips_aesavs -f",
"CFB8VarTxt256" => "fips_aesavs -f",
#"CFB1GFSbox128" => "fips_aesavs -f",
#"CFB1GFSbox192" => "fips_aesavs -f",
#"CFB1GFSbox256" => "fips_aesavs -f",
#"CFB1KeySbox128" => "fips_aesavs -f",
#"CFB1KeySbox192" => "fips_aesavs -f",
#"CFB1KeySbox256" => "fips_aesavs -f",
#"CFB1MCT128" => "fips_aesavs -f",
#"CFB1MCT192" => "fips_aesavs -f",
#"CFB1MCT256" => "fips_aesavs -f",
#"CFB1MMT128" => "fips_aesavs -f",
#"CFB1MMT192" => "fips_aesavs -f",
#"CFB1MMT256" => "fips_aesavs -f",
#"CFB1VarKey128" => "fips_aesavs -f",
#"CFB1VarKey192" => "fips_aesavs -f",
#"CFB1VarKey256" => "fips_aesavs -f",
#"CFB1VarTxt128" => "fips_aesavs -f",
#"CFB1VarTxt192" => "fips_aesavs -f",
#"CFB1VarTxt256" => "fips_aesavs -f",
"ECBGFSbox128" => "fips_aesavs -f",
"ECBGFSbox192" => "fips_aesavs -f",
"ECBGFSbox256" => "fips_aesavs -f",
"ECBKeySbox128" => "fips_aesavs -f",
"ECBKeySbox192" => "fips_aesavs -f",
"ECBKeySbox256" => "fips_aesavs -f",
"ECBMCT128" => "fips_aesavs -f",
"ECBMCT192" => "fips_aesavs -f",
"ECBMCT256" => "fips_aesavs -f",
"ECBMMT128" => "fips_aesavs -f",
"ECBMMT192" => "fips_aesavs -f",
"ECBMMT256" => "fips_aesavs -f",
"ECBVarKey128" => "fips_aesavs -f",
"ECBVarKey192" => "fips_aesavs -f",
"ECBVarKey256" => "fips_aesavs -f",
"ECBVarTxt128" => "fips_aesavs -f",
"ECBVarTxt192" => "fips_aesavs -f",
"ECBVarTxt256" => "fips_aesavs -f",
"OFBGFSbox128" => "fips_aesavs -f",
"OFBGFSbox192" => "fips_aesavs -f",
"OFBGFSbox256" => "fips_aesavs -f",
"OFBKeySbox128" => "fips_aesavs -f",
"OFBKeySbox192" => "fips_aesavs -f",
"OFBKeySbox256" => "fips_aesavs -f",
"OFBMCT128" => "fips_aesavs -f",
"OFBMCT192" => "fips_aesavs -f",
"OFBMCT256" => "fips_aesavs -f",
"OFBMMT128" => "fips_aesavs -f",
"OFBMMT192" => "fips_aesavs -f",
"OFBMMT256" => "fips_aesavs -f",
"OFBVarKey128" => "fips_aesavs -f",
"OFBVarKey192" => "fips_aesavs -f",
"OFBVarKey256" => "fips_aesavs -f",
"OFBVarTxt128" => "fips_aesavs -f",
"OFBVarTxt192" => "fips_aesavs -f",
"OFBVarTxt256" => "fips_aesavs -f",
# Triple DES tests
"TCBCinvperm" => "fips_desmovs -f",
"TCBCMMT1" => "fips_desmovs -f",
"TCBCMMT2" => "fips_desmovs -f",
"TCBCMMT3" => "fips_desmovs -f",
"TCBCMonte1" => "fips_desmovs -f",
"TCBCMonte2" => "fips_desmovs -f",
"TCBCMonte3" => "fips_desmovs -f",
"TCBCpermop" => "fips_desmovs -f",
"TCBCsubtab" => "fips_desmovs -f",
"TCBCvarkey" => "fips_desmovs -f",
"TCBCvartext" => "fips_desmovs -f",
"TCFB64invperm" => "fips_desmovs -f",
"TCFB64MMT1" => "fips_desmovs -f",
"TCFB64MMT2" => "fips_desmovs -f",
"TCFB64MMT3" => "fips_desmovs -f",
"TCFB64Monte1" => "fips_desmovs -f",
"TCFB64Monte2" => "fips_desmovs -f",
"TCFB64Monte3" => "fips_desmovs -f",
"TCFB64permop" => "fips_desmovs -f",
"TCFB64subtab" => "fips_desmovs -f",
"TCFB64varkey" => "fips_desmovs -f",
"TCFB64vartext" => "fips_desmovs -f",
"TCFB8invperm" => "fips_desmovs -f",
"TCFB8MMT1" => "fips_desmovs -f",
"TCFB8MMT2" => "fips_desmovs -f",
"TCFB8MMT3" => "fips_desmovs -f",
"TCFB8Monte1" => "fips_desmovs -f",
"TCFB8Monte2" => "fips_desmovs -f",
"TCFB8Monte3" => "fips_desmovs -f",
"TCFB8permop" => "fips_desmovs -f",
"TCFB8subtab" => "fips_desmovs -f",
"TCFB8varkey" => "fips_desmovs -f",
"TCFB8vartext" => "fips_desmovs -f",
"TECBinvperm" => "fips_desmovs -f",
"TECBMMT1" => "fips_desmovs -f",
"TECBMMT2" => "fips_desmovs -f",
"TECBMMT3" => "fips_desmovs -f",
"TECBMonte1" => "fips_desmovs -f",
"TECBMonte2" => "fips_desmovs -f",
"TECBMonte3" => "fips_desmovs -f",
"TECBpermop" => "fips_desmovs -f",
"TECBsubtab" => "fips_desmovs -f",
"TECBvarkey" => "fips_desmovs -f",
"TECBvartext" => "fips_desmovs -f",
"TOFBinvperm" => "fips_desmovs -f",
"TOFBMMT1" => "fips_desmovs -f",
"TOFBMMT2" => "fips_desmovs -f",
"TOFBMMT3" => "fips_desmovs -f",
"TOFBMonte1" => "fips_desmovs -f",
"TOFBMonte2" => "fips_desmovs -f",
"TOFBMonte3" => "fips_desmovs -f",
"TOFBpermop" => "fips_desmovs -f",
"TOFBsubtab" => "fips_desmovs -f",
"TOFBvarkey" => "fips_desmovs -f",
"TOFBvartext" => "fips_desmovs -f",
"TCBCinvperm" => "fips_desmovs -f",
"TCBCMMT1" => "fips_desmovs -f",
"TCBCMMT2" => "fips_desmovs -f",
"TCBCMMT3" => "fips_desmovs -f",
"TCBCMonte1" => "fips_desmovs -f",
"TCBCMonte2" => "fips_desmovs -f",
"TCBCMonte3" => "fips_desmovs -f",
"TCBCpermop" => "fips_desmovs -f",
"TCBCsubtab" => "fips_desmovs -f",
"TCBCvarkey" => "fips_desmovs -f",
"TCBCvartext" => "fips_desmovs -f",
"TCFB64invperm" => "fips_desmovs -f",
"TCFB64MMT1" => "fips_desmovs -f",
"TCFB64MMT2" => "fips_desmovs -f",
"TCFB64MMT3" => "fips_desmovs -f",
"TCFB64Monte1" => "fips_desmovs -f",
"TCFB64Monte2" => "fips_desmovs -f",
"TCFB64Monte3" => "fips_desmovs -f",
"TCFB64permop" => "fips_desmovs -f",
"TCFB64subtab" => "fips_desmovs -f",
"TCFB64varkey" => "fips_desmovs -f",
"TCFB64vartext" => "fips_desmovs -f",
"TCFB8invperm" => "fips_desmovs -f",
"TCFB8MMT1" => "fips_desmovs -f",
"TCFB8MMT2" => "fips_desmovs -f",
"TCFB8MMT3" => "fips_desmovs -f",
"TCFB8Monte1" => "fips_desmovs -f",
"TCFB8Monte2" => "fips_desmovs -f",
"TCFB8Monte3" => "fips_desmovs -f",
"TCFB8permop" => "fips_desmovs -f",
"TCFB8subtab" => "fips_desmovs -f",
"TCFB8varkey" => "fips_desmovs -f",
"TCFB8vartext" => "fips_desmovs -f",
"TECBinvperm" => "fips_desmovs -f",
"TECBMMT1" => "fips_desmovs -f",
"TECBMMT2" => "fips_desmovs -f",
"TECBMMT3" => "fips_desmovs -f",
"TECBMonte1" => "fips_desmovs -f",
"TECBMonte2" => "fips_desmovs -f",
"TECBMonte3" => "fips_desmovs -f",
"TECBpermop" => "fips_desmovs -f",
"TECBsubtab" => "fips_desmovs -f",
"TECBvarkey" => "fips_desmovs -f",
"TECBvartext" => "fips_desmovs -f",
"TOFBinvperm" => "fips_desmovs -f",
"TOFBMMT1" => "fips_desmovs -f",
"TOFBMMT2" => "fips_desmovs -f",
"TOFBMMT3" => "fips_desmovs -f",
"TOFBMonte1" => "fips_desmovs -f",
"TOFBMonte2" => "fips_desmovs -f",
"TOFBMonte3" => "fips_desmovs -f",
"TOFBpermop" => "fips_desmovs -f",
"TOFBsubtab" => "fips_desmovs -f",
"TOFBvarkey" => "fips_desmovs -f",
"TOFBvartext" => "fips_desmovs -f"
);
my %salt_names = (
"SigVerPSS (salt 0)" => "SigVerPSS",
"SigVerPSS (salt 62)" => "SigVerPSS",
"SigGenPSS (salt 0)" => "SigGenPSS",
"SigGenPSS (salt 62)" => "SigGenPSS",
);
my $win32 = $^O =~ m/mswin/i;
my $onedir = 0;
my $filter = "";
my $tvdir;
my $tprefix;
my $shwrap_prefix;
my $shwrap;
my $rmcmd = "rm -rf";
my $mkcmd = "mkdir";
my $debug = 0;
my $quiet = 0;
my $rspdir = "rsp";
my $rspignore = 0;
my @bogus = (); # list of unmatched *.rsp files
my $bufout = '';
my $bufdir = '';
my %_programs = (); # list of external programs to check
foreach (@ARGV)
{
if ($_ eq "--win32")
{
$win32 = 1;
}
elsif ($_ eq "--onedir")
{
$onedir = 1;
}
elsif ($_ eq "--debug")
{
$debug = 1;
}
elsif ($_ eq "--quiet")
{
$quiet = 1;
}
elsif (/--dir=(.*)$/)
{
$tvdir = $1;
}
elsif (/--rspdir=(.*)$/)
{
$rspdir = $1;
}
elsif (/--noshwrap$/)
{
$shwrap = "";
}
elsif (/--rspignore$/)
{
$rspignore = 1;
}
elsif (/--tprefix=(.*)$/)
{
$tprefix = $1;
}
elsif (/--shwrap_prefix=(.*)$/)
{
$shwrap_prefix = $1;
}
elsif (/--filter=(.*)$/)
{
$filter = $1;
}
elsif (/--mkdir=(.*)$/)
{
$mkcmd = $1;
}
elsif (/--rm=(.*)$/)
{
$rmcmd = $1;
}
elsif (/--outfile=(.*)$/)
{
$outfile = $1;
}
else
{
&Help();
exit(1);
}
}
$tvdir = "." unless defined $tvdir;
if ($win32)
{
if (!defined $tprefix)
{
if ($onedir)
{
$tprefix = ".\\";
}
else
{
$tprefix = "..\\out32dll\\";
}
}
$bufinit .= <<END;
\@echo off
rem Test vector run script
rem Auto generated by mkfipsscr.pl script
rem Do not edit
END
}
else
{
if ($onedir)
{
$tprefix = "./" unless defined $tprefix;
$shwrap_prefix = "./" unless defined $shwrap_prefix;
}
else
{
$tprefix = "../test/" unless defined $tprefix;
$shwrap_prefix = "../util/" unless defined $shwrap_prefix;
}
$shwrap = "${shwrap_prefix}shlib_wrap.sh " unless defined $shwrap;
$bufinit .= <<END;
#!/bin/sh
# Test vector run script
# Auto generated by mkfipsscr.pl script
# Do not edit
RM="$rmcmd"
MKDIR="$mkcmd"
TPREFIX=$tprefix
END
}
my %fips_found;
foreach (keys %fips_tests)
{
$fips_found{$_} = 0;
}
my %saltPSS;
for (keys %salt_names)
{
$salt_found{$_} = 0;
}
recurse_test($win32, $tprefix, $filter, $tvdir);
while (($key, $value) = each %salt_found)
{
&countentry($key, $value);
delete $fips_found{$salt_names{$key}};
}
while (($key, $value) = each %fips_found)
{
&countentry($key, $value);
}
# If no fatal errors write out the script file
$outfile = "fipstests.sh" unless defined $outfile;
open(OUT, ">$outfile") || die "Error opening $outfile: $!";
print OUT $bufinit;
if (!$rspignore && @bogus)
{
print STDERR "ERROR: please remove bogus *.rsp files\n";
print OUT <<EOF;
echo $outfile generation failed due to presence of bogus *.rsp files
EOF
}
else
{
print OUT $bufout;
}
close OUT;
# Check for external programs
for (keys %_programs)
{
s/ .*$//;
-x $_ || print STDERR "WARNING: program $_ not found\n";
}
#--------------------------------
sub Help {
(my $cmd) = ($0 =~ m#([^/]+)$#);
print <<EOF;
$cmd: generate script for CMVP algorithm tests
--debug Enable debug output
--dir=<dirname> Optional root for *.req file search
--filter=<regexp>
--onedir <dirname> Assume all components in current directory
--outfile=<filename> Optional name of output script, default fipstests.{sh|bat}
--rspdir=<dirname> Name of subdirectories containing *.rsp files, default "resp"
--rspignore Ignore any bogus *.rsp files
--shwrap_prefix=<prefix>
--tprefix=<prefix>
--quiet Shhh....
--win32 Generate script for Win32 environment
EOF
}
#--------------------------------
sub countentry {
my ($key,$value) = @_;
if ($value == 0)
{
print STDERR "WARNING: test file $key not found\n" unless $quiet;
}
elsif ($value > 1)
{
print STDERR "WARNING: test file $key found $value times\n" unless $quiet;
}
else
{
print STDERR "Found test file $key\n" if $debug;
}
}
#--------------------------------
sub recurse_test
{
my ($win32, $tprefix, $filter, $dir) = @_;
my $dirh;
opendir($dirh, $dir);
while ($_ = readdir($dirh))
{
next if ($_ eq "." || $_ eq "..");
$_ = "$dir/$_";
if (-f "$_")
{
if (/\/([^\/]*)\.rsp$/)
{
if (exists $fips_tests{$1})
{
$debug && print "DEBUG: $1 found, will be overwritten\n";
}
else
{
print STDERR "ERROR: bogus file $_\n";
push @bogus, $_;
}
}
next unless /$filter.*\.req$/i;
if (/\/([^\/]*)\.req$/ && exists $fips_tests{$1})
{
$fips_found{$1}++;
test_line($win32, $_, $tprefix, $1);
}
elsif (! /SHAmix\.req$/)
{
print STDERR "WARNING: unrecognized filename $_\n";
}
}
elsif (-d "$_")
{
if (/$filter.*req$/i)
{
test_dir($win32, $_);
}
recurse_test($win32, $tprefix, $filter, $_);
}
}
closedir($dirh);
}
#--------------------------------
sub test_dir
{
my ($win32, $req) = @_;
my $rsp = $req;
$rsp =~ s/req$/$rspdir/;
if ($win32)
{
$rsp =~ tr|/|\\|;
$req =~ tr|/|\\|;
$bufdir = <<END;
echo Running tests in $req
if exist "$rsp" rd /s /q "$rsp"
md "$rsp"
END
}
else
{
$bufdir = <<END;
echo Running tests in "$req"
\$RM "$rsp"
\$MKDIR "$rsp"
END
}
}
#--------------------------------
sub test_line
{
my ($win32, $req, $tprefix, $tnam) = @_;
my $rsp = $req;
my $tcmd = $fips_tests{$tnam};
$bufout .= $bufdir;
$bufdir = "";
$rsp =~ s/req\/([^\/]*).req$/$rspdir\/$1.rsp/;
if ($tcmd =~ /-f$/)
{
if ($win32)
{
$req =~ tr|/|\\|;
$rsp =~ tr|/|\\|;
$bufout .= "$tprefix$tcmd \"$req\" \"$rsp\"\n";
$_programs{"$tprefix$tcmd.exe"} = 1;
}
else
{
$bufout .= <<END;
${shwrap}\${TPREFIX}$tcmd "$req" "$rsp" || { echo "$req failure" ; exit 1
}
END
$_programs{"${shwrap_prefix}shlib_wrap.sh"} = 1;
$_programs{"$tprefix$tcmd"} = 1;
}
return;
}
if ($tcmd =~ /SALT$/)
{
open (IN, $req) || die "Can't Open File $req";
my $saltlen;
while (<IN>)
{
if (/^\s*#\s*salt\s+len:\s+(\d+)\s*$/i)
{
my $sl = $1;
print STDERR "$req salt length $sl\n" if $debug;
$tcmd =~ s/SALT$/$sl/;
$salt_found{"$tnam (salt $sl)"}++;
last;
}
}
close IN;
if ($tcmd =~ /SALT$/)
{
die "Can't detect salt length for $req";
}
}
if ($win32)
{
$req =~ tr|/|\\|;
$rsp =~ tr|/|\\|;
$bufout .= "$tprefix$tcmd < \"$req\" > \"$rsp\"\n";
$_programs{"$tprefix$tcmd.exe"} = 1;
}
else
{
$bufout .= <<END;
${shwrap}\${TPREFIX}$tcmd < "$req" > "$rsp" || { echo "$req failure" ; exit 1; }
END
$_programs{"$tprefix$tcmd"} = 1;
}
}

279
fips/rand/Makefile
View File

@ -1,279 +0,0 @@
#
# OpenSSL/fips/rand/Makefile
#
DIR= rand
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST= fips_randtest.c fips_rngvs.c fips_drbgvs.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= fips_rand.c fips_rand_selftest.c fips_drbg_lib.c \
fips_drbg_hash.c fips_drbg_hmac.c fips_drbg_ctr.c fips_drbg_ec.c \
fips_drbg_selftest.c fips_drbg_rand.c fips_rand_lib.c
LIBOBJ= fips_rand.o fips_rand_selftest.o fips_drbg_lib.o \
fips_drbg_hash.o fips_drbg_hmac.o fips_drbg_ctr.o fips_drbg_ec.o \
fips_drbg_selftest.o fips_drbg_rand.o fips_rand_lib.o
SRC= $(LIBSRC)
EXHEADER= fips_rand.h
HEADER= $(EXHEADER) fips_rand_lcl.h fips_drbg_selftest.h
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd $(TOP); $(MAKE) DIRS=fips SDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
install:
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done
tags:
ctags $(SRC)
tests:
Q=../testvectors/rng/req
A=../testvectors/rng/rsp
fips_test:
-rm -rf $(A)
mkdir $(A)
if [ -f $(Q)/ANSI931_AES128MCT.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs mct < $(Q)/ANSI931_AES128MCT.req > $(A)/ANSI931_AES128MCT.rsp; fi
if [ -f $(Q)/ANSI931_AES192MCT.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs mct < $(Q)/ANSI931_AES192MCT.req > $(A)/ANSI931_AES192MCT.rsp; fi
if [ -f $(Q)/ANSI931_AES256MCT.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs mct < $(Q)/ANSI931_AES256MCT.req > $(A)/ANSI931_AES256MCT.rsp; fi
if [ -f $(Q)/ANSI931_AES128VST.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs vst < $(Q)/ANSI931_AES128VST.req > $(A)/ANSI931_AES128VST.rsp; fi
if [ -f $(Q)/ANSI931_AES192VST.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs vst < $(Q)/ANSI931_AES192VST.req > $(A)/ANSI931_AES192VST.rsp; fi
if [ -f $(Q)/ANSI931_AES256VST.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs vst < $(Q)/ANSI931_AES256VST.req > $(A)/ANSI931_AES256VST.rsp; fi
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips_drbg_ctr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_drbg_ctr.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
fips_drbg_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_drbg_ctr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_drbg_ctr.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
fips_drbg_ctr.o: ../../include/openssl/obj_mac.h
fips_drbg_ctr.o: ../../include/openssl/objects.h
fips_drbg_ctr.o: ../../include/openssl/opensslconf.h
fips_drbg_ctr.o: ../../include/openssl/opensslv.h
fips_drbg_ctr.o: ../../include/openssl/ossl_typ.h
fips_drbg_ctr.o: ../../include/openssl/safestack.h
fips_drbg_ctr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fips_drbg_ctr.o: fips_drbg_ctr.c fips_rand_lcl.h
fips_drbg_ec.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_drbg_ec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_drbg_ec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
fips_drbg_ec.o: ../../include/openssl/ec.h ../../include/openssl/evp.h
fips_drbg_ec.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
fips_drbg_ec.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
fips_drbg_ec.o: ../../include/openssl/objects.h
fips_drbg_ec.o: ../../include/openssl/opensslconf.h
fips_drbg_ec.o: ../../include/openssl/opensslv.h
fips_drbg_ec.o: ../../include/openssl/ossl_typ.h
fips_drbg_ec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_drbg_ec.o: ../../include/openssl/symhacks.h fips_drbg_ec.c fips_rand_lcl.h
fips_drbg_hash.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_drbg_hash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
fips_drbg_hash.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_drbg_hash.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_drbg_hash.o: ../../include/openssl/fips_rand.h
fips_drbg_hash.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
fips_drbg_hash.o: ../../include/openssl/objects.h
fips_drbg_hash.o: ../../include/openssl/opensslconf.h
fips_drbg_hash.o: ../../include/openssl/opensslv.h
fips_drbg_hash.o: ../../include/openssl/ossl_typ.h
fips_drbg_hash.o: ../../include/openssl/safestack.h
fips_drbg_hash.o: ../../include/openssl/stack.h
fips_drbg_hash.o: ../../include/openssl/symhacks.h fips_drbg_hash.c
fips_drbg_hash.o: fips_rand_lcl.h
fips_drbg_hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_drbg_hmac.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
fips_drbg_hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_drbg_hmac.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_drbg_hmac.o: ../../include/openssl/fips_rand.h
fips_drbg_hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
fips_drbg_hmac.o: ../../include/openssl/objects.h
fips_drbg_hmac.o: ../../include/openssl/opensslconf.h
fips_drbg_hmac.o: ../../include/openssl/opensslv.h
fips_drbg_hmac.o: ../../include/openssl/ossl_typ.h
fips_drbg_hmac.o: ../../include/openssl/safestack.h
fips_drbg_hmac.o: ../../include/openssl/stack.h
fips_drbg_hmac.o: ../../include/openssl/symhacks.h fips_drbg_hmac.c
fips_drbg_hmac.o: fips_rand_lcl.h
fips_drbg_lib.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_drbg_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
fips_drbg_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_drbg_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_drbg_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
fips_drbg_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
fips_drbg_lib.o: ../../include/openssl/objects.h
fips_drbg_lib.o: ../../include/openssl/opensslconf.h
fips_drbg_lib.o: ../../include/openssl/opensslv.h
fips_drbg_lib.o: ../../include/openssl/ossl_typ.h
fips_drbg_lib.o: ../../include/openssl/safestack.h
fips_drbg_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fips_drbg_lib.o: fips_drbg_lib.c fips_rand_lcl.h
fips_drbg_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_drbg_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
fips_drbg_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_drbg_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_drbg_rand.o: ../../include/openssl/fips_rand.h
fips_drbg_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
fips_drbg_rand.o: ../../include/openssl/obj_mac.h
fips_drbg_rand.o: ../../include/openssl/objects.h
fips_drbg_rand.o: ../../include/openssl/opensslconf.h
fips_drbg_rand.o: ../../include/openssl/opensslv.h
fips_drbg_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
fips_drbg_rand.o: ../../include/openssl/safestack.h
fips_drbg_rand.o: ../../include/openssl/stack.h
fips_drbg_rand.o: ../../include/openssl/symhacks.h fips_drbg_rand.c
fips_drbg_rand.o: fips_rand_lcl.h
fips_drbg_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_drbg_selftest.o: ../../include/openssl/bio.h
fips_drbg_selftest.o: ../../include/openssl/crypto.h
fips_drbg_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_drbg_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_drbg_selftest.o: ../../include/openssl/fips_rand.h
fips_drbg_selftest.o: ../../include/openssl/hmac.h
fips_drbg_selftest.o: ../../include/openssl/lhash.h
fips_drbg_selftest.o: ../../include/openssl/obj_mac.h
fips_drbg_selftest.o: ../../include/openssl/objects.h
fips_drbg_selftest.o: ../../include/openssl/opensslconf.h
fips_drbg_selftest.o: ../../include/openssl/opensslv.h
fips_drbg_selftest.o: ../../include/openssl/ossl_typ.h
fips_drbg_selftest.o: ../../include/openssl/safestack.h
fips_drbg_selftest.o: ../../include/openssl/stack.h
fips_drbg_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
fips_drbg_selftest.o: fips_drbg_selftest.c fips_drbg_selftest.h fips_rand_lcl.h
fips_drbgvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_drbgvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_drbgvs.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
fips_drbgvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_drbgvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_drbgvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
fips_drbgvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
fips_drbgvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
fips_drbgvs.o: ../../include/openssl/opensslconf.h
fips_drbgvs.o: ../../include/openssl/opensslv.h
fips_drbgvs.o: ../../include/openssl/ossl_typ.h
fips_drbgvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_drbgvs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_drbgvs.c
fips_rand.o: ../../e_os.h ../../include/openssl/aes.h
fips_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
fips_rand.o: ../../include/openssl/ec.h ../../include/openssl/err.h
fips_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_rand.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
fips_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
fips_rand.o: ../../include/openssl/objects.h
fips_rand.o: ../../include/openssl/opensslconf.h
fips_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
fips_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
fips_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fips_rand.o: ../fips_locl.h fips_rand.c
fips_rand_lib.o: ../../e_os.h ../../include/openssl/aes.h
fips_rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
fips_rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/err.h
fips_rand_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_rand_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
fips_rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
fips_rand_lib.o: ../../include/openssl/objects.h
fips_rand_lib.o: ../../include/openssl/opensslconf.h
fips_rand_lib.o: ../../include/openssl/opensslv.h
fips_rand_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
fips_rand_lib.o: ../../include/openssl/safestack.h
fips_rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fips_rand_lib.o: fips_rand_lib.c
fips_rand_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_rand_selftest.o: ../../include/openssl/bio.h
fips_rand_selftest.o: ../../include/openssl/crypto.h
fips_rand_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_rand_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_rand_selftest.o: ../../include/openssl/fips.h
fips_rand_selftest.o: ../../include/openssl/fips_rand.h
fips_rand_selftest.o: ../../include/openssl/hmac.h
fips_rand_selftest.o: ../../include/openssl/lhash.h
fips_rand_selftest.o: ../../include/openssl/obj_mac.h
fips_rand_selftest.o: ../../include/openssl/objects.h
fips_rand_selftest.o: ../../include/openssl/opensslconf.h
fips_rand_selftest.o: ../../include/openssl/opensslv.h
fips_rand_selftest.o: ../../include/openssl/ossl_typ.h
fips_rand_selftest.o: ../../include/openssl/rand.h
fips_rand_selftest.o: ../../include/openssl/safestack.h
fips_rand_selftest.o: ../../include/openssl/stack.h
fips_rand_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
fips_rand_selftest.o: fips_rand_selftest.c
fips_randtest.o: ../../e_os.h ../../include/openssl/aes.h
fips_randtest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_randtest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
fips_randtest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_randtest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_randtest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
fips_randtest.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
fips_randtest.o: ../../include/openssl/obj_mac.h
fips_randtest.o: ../../include/openssl/objects.h
fips_randtest.o: ../../include/openssl/opensslconf.h
fips_randtest.o: ../../include/openssl/opensslv.h
fips_randtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
fips_randtest.o: ../../include/openssl/safestack.h
fips_randtest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fips_randtest.o: ../fips_utl.h fips_randtest.c
fips_rngvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_rngvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_rngvs.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
fips_rngvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_rngvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_rngvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
fips_rngvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
fips_rngvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
fips_rngvs.o: ../../include/openssl/opensslconf.h
fips_rngvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
fips_rngvs.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
fips_rngvs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fips_rngvs.o: ../fips_utl.h fips_rngvs.c

436
fips/rand/fips_drbg_ctr.c
View File

@ -1,436 +0,0 @@
/* fips/rand/fips_drbg_ctr.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdlib.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
static void inc_128(DRBG_CTR_CTX *cctx)
{
int i;
unsigned char c;
unsigned char *p = cctx->V + 15;
for (i = 0; i < 16; i++)
{
c = *p;
c++;
*p = c;
if (c)
return;
p--;
}
}
static void ctr_XOR(DRBG_CTR_CTX *cctx, const unsigned char *in, size_t inlen)
{
size_t i, n;
/* Any zero padding will have no effect on the result as we
* are XORing. So just process however much input we have.
*/
if (!in || !inlen)
return;
if (inlen < cctx->keylen)
n = inlen;
else
n = cctx->keylen;
for (i = 0; i < n; i++)
cctx->K[i] ^= in[i];
if (inlen <= cctx->keylen)
return;
n = inlen - cctx->keylen;
/* Should never happen */
if (n > 16)
n = 16;
for (i = 0; i < 16; i++)
cctx->V[i] ^= in[i + cctx->keylen];
}
/* Process a complete block using BCC algorithm of SPP 800-90 10.4.3 */
static void ctr_BCC_block(DRBG_CTR_CTX *cctx, unsigned char *out,
const unsigned char *in)
{
int i;
for (i = 0; i < 16; i++)
out[i] ^= in[i];
AES_encrypt(out, out, &cctx->df_ks);
#if 0
fprintf(stderr, "BCC in+out\n");
BIO_dump_fp(stderr, in, 16);
BIO_dump_fp(stderr, out, 16);
#endif
}
/* Handle several BCC operations for as much data as we need for K and X */
static void ctr_BCC_blocks(DRBG_CTR_CTX *cctx, const unsigned char *in)
{
ctr_BCC_block(cctx, cctx->KX, in);
ctr_BCC_block(cctx, cctx->KX + 16, in);
if (cctx->keylen != 16)
ctr_BCC_block(cctx, cctx->KX + 32, in);
}
/* Initialise BCC blocks: these have the value 0,1,2 in leftmost positions:
* see 10.4.2 stage 7.
*/
static void ctr_BCC_init(DRBG_CTR_CTX *cctx)
{
memset(cctx->KX, 0, 48);
memset(cctx->bltmp, 0, 16);
ctr_BCC_block(cctx, cctx->KX, cctx->bltmp);
cctx->bltmp[3] = 1;
ctr_BCC_block(cctx, cctx->KX + 16, cctx->bltmp);
if (cctx->keylen != 16)
{
cctx->bltmp[3] = 2;
ctr_BCC_block(cctx, cctx->KX + 32, cctx->bltmp);
}
}
/* Process several blocks into BCC algorithm, some possibly partial */
static void ctr_BCC_update(DRBG_CTR_CTX *cctx,
const unsigned char *in, size_t inlen)
{
if (!in || !inlen)
return;
/* If we have partial block handle it first */
if (cctx->bltmp_pos)
{
size_t left = 16 - cctx->bltmp_pos;
/* If we now have a complete block process it */
if (inlen >= left)
{
memcpy(cctx->bltmp + cctx->bltmp_pos, in, left);
ctr_BCC_blocks(cctx, cctx->bltmp);
cctx->bltmp_pos = 0;
inlen -= left;
in += left;
}
}
/* Process zero or more complete blocks */
while (inlen >= 16)
{
ctr_BCC_blocks(cctx, in);
in += 16;
inlen -= 16;
}
/* Copy any remaining partial block to the temporary buffer */
if (inlen > 0)
{
memcpy(cctx->bltmp + cctx->bltmp_pos, in, inlen);
cctx->bltmp_pos += inlen;
}
}
static void ctr_BCC_final(DRBG_CTR_CTX *cctx)
{
if (cctx->bltmp_pos)
{
memset(cctx->bltmp + cctx->bltmp_pos, 0, 16 - cctx->bltmp_pos);
ctr_BCC_blocks(cctx, cctx->bltmp);
}
}
static void ctr_df(DRBG_CTR_CTX *cctx,
const unsigned char *in1, size_t in1len,
const unsigned char *in2, size_t in2len,
const unsigned char *in3, size_t in3len)
{
size_t inlen;
unsigned char *p = cctx->bltmp;
static unsigned char c80 = 0x80;
ctr_BCC_init(cctx);
if (!in1)
in1len = 0;
if (!in2)
in2len = 0;
if (!in3)
in3len = 0;
inlen = in1len + in2len + in3len;
/* Initialise L||N in temporary block */
*p++ = (inlen >> 24) & 0xff;
*p++ = (inlen >> 16) & 0xff;
*p++ = (inlen >> 8) & 0xff;
*p++ = inlen & 0xff;
/* NB keylen is at most 32 bytes */
*p++ = 0;
*p++ = 0;
*p++ = 0;
*p = (unsigned char)((cctx->keylen + 16) & 0xff);
cctx->bltmp_pos = 8;
ctr_BCC_update(cctx, in1, in1len);
ctr_BCC_update(cctx, in2, in2len);
ctr_BCC_update(cctx, in3, in3len);
ctr_BCC_update(cctx, &c80, 1);
ctr_BCC_final(cctx);
/* Set up key K */
AES_set_encrypt_key(cctx->KX, cctx->keylen * 8, &cctx->df_kxks);
/* X follows key K */
AES_encrypt(cctx->KX + cctx->keylen, cctx->KX, &cctx->df_kxks);
AES_encrypt(cctx->KX, cctx->KX + 16, &cctx->df_kxks);
if (cctx->keylen != 16)
AES_encrypt(cctx->KX + 16, cctx->KX + 32, &cctx->df_kxks);
#if 0
fprintf(stderr, "Output of ctr_df:\n");
BIO_dump_fp(stderr, cctx->KX, cctx->keylen + 16);
#endif
}
/* NB the no-df Update in SP800-90 specifies a constant input length
* of seedlen, however other uses of this algorithm pad the input with
* zeroes if necessary and have up to two parameters XORed together,
* handle both cases in this function instead.
*/
static void ctr_Update(DRBG_CTX *dctx,
const unsigned char *in1, size_t in1len,
const unsigned char *in2, size_t in2len,
const unsigned char *nonce, size_t noncelen)
{
DRBG_CTR_CTX *cctx = &dctx->d.ctr;
/* ks is already setup for correct key */
inc_128(cctx);
AES_encrypt(cctx->V, cctx->K, &cctx->ks);
/* If keylen longer than 128 bits need extra encrypt */
if (cctx->keylen != 16)
{
inc_128(cctx);
AES_encrypt(cctx->V, cctx->K + 16, &cctx->ks);
}
inc_128(cctx);
AES_encrypt(cctx->V, cctx->V, &cctx->ks);
/* If 192 bit key part of V is on end of K */
if (cctx->keylen == 24)
{
memcpy(cctx->V + 8, cctx->V, 8);
memcpy(cctx->V, cctx->K + 24, 8);
}
if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
{
/* If no input reuse existing derived value */
if (in1 || nonce || in2)
ctr_df(cctx, in1, in1len, nonce, noncelen, in2, in2len);
/* If this a reuse input in1len != 0 */
if (in1len)
ctr_XOR(cctx, cctx->KX, dctx->seedlen);
}
else
{
ctr_XOR(cctx, in1, in1len);
ctr_XOR(cctx, in2, in2len);
}
AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
#if 0
fprintf(stderr, "K+V after update is:\n");
BIO_dump_fp(stderr, cctx->K, cctx->keylen);
BIO_dump_fp(stderr, cctx->V, 16);
#endif
}
static int drbg_ctr_instantiate(DRBG_CTX *dctx,
const unsigned char *ent, size_t entlen,
const unsigned char *nonce, size_t noncelen,
const unsigned char *pers, size_t perslen)
{
DRBG_CTR_CTX *cctx = &dctx->d.ctr;
memset(cctx->K, 0, sizeof(cctx->K));
memset(cctx->V, 0, sizeof(cctx->V));
AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
ctr_Update(dctx, ent, entlen, pers, perslen, nonce, noncelen);
return 1;
}
static int drbg_ctr_reseed(DRBG_CTX *dctx,
const unsigned char *ent, size_t entlen,
const unsigned char *adin, size_t adinlen)
{
ctr_Update(dctx, ent, entlen, adin, adinlen, NULL, 0);
return 1;
}
static int drbg_ctr_generate(DRBG_CTX *dctx,
unsigned char *out, size_t outlen,
const unsigned char *adin, size_t adinlen)
{
DRBG_CTR_CTX *cctx = &dctx->d.ctr;
if (adin && adinlen)
{
ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
/* This means we reuse derived value */
if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
{
adin = NULL;
adinlen = 1;
}
}
else
adinlen = 0;
for (;;)
{
inc_128(cctx);
if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
{
AES_encrypt(cctx->V, dctx->lb, &cctx->ks);
dctx->lb_valid = 1;
continue;
}
if (outlen < 16)
{
/* Use K as temp space as it will be updated */
AES_encrypt(cctx->V, cctx->K, &cctx->ks);
if (!fips_drbg_cprng_test(dctx, cctx->K))
return 0;
memcpy(out, cctx->K, outlen);
break;
}
AES_encrypt(cctx->V, out, &cctx->ks);
if (!fips_drbg_cprng_test(dctx, out))
return 0;
out += 16;
outlen -= 16;
if (outlen == 0)
break;
}
ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
return 1;
}
static int drbg_ctr_uninstantiate(DRBG_CTX *dctx)
{
memset(&dctx->d.ctr, 0, sizeof(DRBG_CTR_CTX));
return 1;
}
int fips_drbg_ctr_init(DRBG_CTX *dctx)
{
DRBG_CTR_CTX *cctx = &dctx->d.ctr;
size_t keylen;
switch (dctx->type)
{
case NID_aes_128_ctr:
keylen = 16;
break;
case NID_aes_192_ctr:
keylen = 24;
break;
case NID_aes_256_ctr:
keylen = 32;
break;
default:
return -2;
}
dctx->instantiate = drbg_ctr_instantiate;
dctx->reseed = drbg_ctr_reseed;
dctx->generate = drbg_ctr_generate;
dctx->uninstantiate = drbg_ctr_uninstantiate;
cctx->keylen = keylen;
dctx->strength = keylen * 8;
dctx->blocklength = 16;
dctx->seedlen = keylen + 16;
if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
{
/* df initialisation */
static unsigned char df_key[32] =
{
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f
};
/* Set key schedule for df_key */
AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks);
dctx->min_entropy = cctx->keylen;
dctx->max_entropy = DRBG_MAX_LENGTH;
dctx->min_nonce = dctx->min_entropy / 2;
dctx->max_nonce = DRBG_MAX_LENGTH;
dctx->max_pers = DRBG_MAX_LENGTH;
dctx->max_adin = DRBG_MAX_LENGTH;
}
else
{
dctx->min_entropy = dctx->seedlen;
dctx->max_entropy = dctx->seedlen;
/* Nonce not used */
dctx->min_nonce = 0;
dctx->max_nonce = 0;
dctx->max_pers = dctx->seedlen;
dctx->max_adin = dctx->seedlen;
}
dctx->max_request = 1<<16;
dctx->reseed_interval = 1<<24;
return 1;
}

542
fips/rand/fips_drbg_ec.c
View File

@ -1,542 +0,0 @@
/* fips/rand/fips_drbg_ec.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include <stdlib.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include <openssl/bn.h>
#include "fips_rand_lcl.h"
/*#define EC_DRBG_TRACE*/
#ifdef EC_DRBG_TRACE
static void hexprint(FILE *out, const unsigned char *buf, int buflen)
{
int i;
fprintf(out, "\t");
for (i = 0; i < buflen; i++)
fprintf(out, "%02X", buf[i]);
fprintf(out, "\n");
}
static void bnprint(FILE *out, const char *name, const BIGNUM *b)
{
unsigned char *tmp;
int len;
len = BN_num_bytes(b);
tmp = OPENSSL_malloc(len);
BN_bn2bin(b, tmp);
fprintf(out, "%s\n", name);
hexprint(out, tmp, len);
OPENSSL_free(tmp);
}
#if 0
static void ecprint(FILE *out, EC_GROUP *grp, EC_POINT *pt)
{
BIGNUM *x, *y;
x = BN_new();
y = BN_new();
EC_POINT_get_affine_coordinates_GFp(grp, pt, x, y, NULL);
bnprint(out, "\tPoint X: ", x);
bnprint(out, "\tPoint Y: ", y);
BN_free(x);
BN_free(y);
}
#endif
#endif
/* This is Hash_df from SP 800-90 10.4.1 */
static int hash_df(DRBG_CTX *dctx, unsigned char *out,
const unsigned char *in1, size_t in1len,
const unsigned char *in2, size_t in2len,
const unsigned char *in3, size_t in3len)
{
DRBG_EC_CTX *ectx = &dctx->d.ec;
EVP_MD_CTX *mctx = &ectx->mctx;
unsigned char *vtmp = ectx->vtmp;
unsigned char tmp[6];
size_t mdlen = M_EVP_MD_size(ectx->md);
/* Standard only ever needs seedlen bytes which is always less than
* maximum permitted so no need to check length.
*/
size_t outlen = dctx->seedlen;
size_t nbits = (outlen << 3) - ectx->exbits;
tmp[0] = 1;
tmp[1] = (nbits >> 24) & 0xff;
tmp[2] = (nbits >> 16) & 0xff;
tmp[3] = (nbits >> 8) & 0xff;
tmp[4] = nbits & 0xff;
if (!in1)
{
tmp[5] = (unsigned char)in1len;
in1 = tmp + 5;
in1len = 1;
}
for (;;)
{
if (!FIPS_digestinit(mctx, ectx->md))
return 0;
if (!FIPS_digestupdate(mctx, tmp, 5))
return 0;
if (in1 && !FIPS_digestupdate(mctx, in1, in1len))
return 0;
if (in2 && !FIPS_digestupdate(mctx, in2, in2len))
return 0;
if (in3 && !FIPS_digestupdate(mctx, in3, in3len))
return 0;
if (outlen < mdlen)
{
if (!FIPS_digestfinal(mctx, vtmp, NULL))
return 0;
memcpy(out, vtmp, outlen);
OPENSSL_cleanse(vtmp, mdlen);
return 1;
}
else if(!FIPS_digestfinal(mctx, out, NULL))
return 0;
outlen -= mdlen;
if (outlen == 0)
return 1;
tmp[0]++;
out += mdlen;
}
}
static int bn2binpad(unsigned char *to, size_t tolen, BIGNUM *b)
{
size_t blen;
blen = BN_num_bytes(b);
/* If BIGNUM length greater than buffer, mask to get rightmost
* bytes. NB: modifies b but this doesn't matter for our purposes.
*/
if (blen > tolen)
{
BN_mask_bits(b, tolen << 3);
/* Update length because mask operation might create leading
* zeroes.
*/
blen = BN_num_bytes(b);
}
/* If b length smaller than buffer pad with zeroes */
if (blen < tolen)
{
memset(to, 0, tolen - blen);
to += tolen - blen;
}
/* This call cannot fail */
BN_bn2bin(b, to);
return 1;
}
/* Convert buffer to a BIGNUM discarding extra bits if necessary */
static int bin2bnbits(DRBG_CTX *dctx, BIGNUM *r, const unsigned char *buf)
{
DRBG_EC_CTX *ectx = &dctx->d.ec;
if (!BN_bin2bn(buf, dctx->seedlen, r))
return 0;
/* If we have extra bits right shift off the end of r */
if (ectx->exbits)
{
if (!BN_rshift(r, r, ectx->exbits))
return 0;
}
return 1;
}
/* Calculate r = phi(s * P) or r= phi(s * Q) */
static int drbg_ec_mul(DRBG_EC_CTX *ectx, BIGNUM *r, const BIGNUM *s, int use_q)
{
if (use_q)
{
if (!EC_POINT_mul(ectx->curve, ectx->ptmp,
NULL, ectx->Q, s, ectx->bctx))
return 0;
}
else
{
if (!EC_POINT_mul(ectx->curve, ectx->ptmp,
s, NULL, NULL, ectx->bctx))
return 0;
}
/* Get x coordinate of result */
if (!EC_POINT_get_affine_coordinates_GFp(ectx->curve, ectx->ptmp, r,
NULL, ectx->bctx))
return 0;
return 1;
}
static int drbg_ec_instantiate(DRBG_CTX *dctx,
const unsigned char *ent, size_t ent_len,
const unsigned char *nonce, size_t nonce_len,
const unsigned char *pstr, size_t pstr_len)
{
DRBG_EC_CTX *ectx = &dctx->d.ec;
if (!hash_df(dctx, ectx->sbuf,
ent, ent_len, nonce, nonce_len, pstr, pstr_len))
return 0;
if (!bin2bnbits(dctx, ectx->s, ectx->sbuf))
return 0;
return 1;
}
static int drbg_ec_reseed(DRBG_CTX *dctx,
const unsigned char *ent, size_t ent_len,
const unsigned char *adin, size_t adin_len)
{
DRBG_EC_CTX *ectx = &dctx->d.ec;
/* Convert s value to a binary buffer. Save it to tbuf as we are
* about to overwrite it.
*/
if (ectx->exbits)
BN_lshift(ectx->s, ectx->s, ectx->exbits);
bn2binpad(ectx->tbuf, dctx->seedlen, ectx->s);
if (!hash_df(dctx, ectx->sbuf, ectx->tbuf, dctx->seedlen,
ent, ent_len, adin, adin_len))
return 0;
if (!bin2bnbits(dctx, ectx->s, ectx->sbuf))
return 0;
dctx->reseed_counter = 0;
return 1;
}
static int drbg_ec_generate(DRBG_CTX *dctx,
unsigned char *out, size_t outlen,
const unsigned char *adin, size_t adin_len)
{
DRBG_EC_CTX *ectx = &dctx->d.ec;
BIGNUM *t, *r;
BIGNUM *s = ectx->s;
/* special case: check reseed interval */
if (out == NULL)
{
size_t nb = (outlen + dctx->blocklength - 1)/dctx->blocklength;
if (dctx->reseed_counter + nb > dctx->reseed_interval)
dctx->status = DRBG_STATUS_RESEED;
return 1;
}
BN_CTX_start(ectx->bctx);
r = BN_CTX_get(ectx->bctx);
if (!r)
goto err;
if (adin && adin_len)
{
size_t i;
t = BN_CTX_get(ectx->bctx);
if (!t)
goto err;
/* Convert s to buffer */
if (ectx->exbits)
BN_lshift(s, s, ectx->exbits);
bn2binpad(ectx->sbuf, dctx->seedlen, s);
/* Step 2 */
if (!hash_df(dctx, ectx->tbuf, adin, adin_len,
NULL, 0, NULL, 0))
goto err;
/* Step 5 */
for (i = 0; i < dctx->seedlen; i++)
ectx->tbuf[i] ^= ectx->sbuf[i];
if (!bin2bnbits(dctx, t, ectx->tbuf))
return 0;
}
else
/* Note if no additional input the algorithm never
* needs separate values for t and s.
*/
t = s;
#ifdef EC_DRBG_TRACE
bnprint(stderr, "s at start of generate: ", s);
#endif
for (;;)
{
/* Step #6, calculate s = t * P */
if (!drbg_ec_mul(ectx, s, t, 0))
goto err;
#ifdef EC_DRBG_TRACE
bnprint(stderr, "s in generate: ", ectx->s);
#endif
/* Step #7, calculate r = s * Q */
if (!drbg_ec_mul(ectx, r, s, 1))
goto err;
#ifdef EC_DRBG_TRACE
bnprint(stderr, "r in generate is: ", r);
#endif
dctx->reseed_counter++;
/* Get rightmost bits of r to output buffer */
if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
{
if (!bn2binpad(dctx->lb, dctx->blocklength, r))
goto err;
dctx->lb_valid = 1;
continue;
}
if (outlen < dctx->blocklength)
{
if (!bn2binpad(ectx->vtmp, dctx->blocklength, r))
goto err;
if (!fips_drbg_cprng_test(dctx, ectx->vtmp))
goto err;
memcpy(out, ectx->vtmp, outlen);
break;
}
else
{
if (!bn2binpad(out, dctx->blocklength, r))
goto err;
if (!fips_drbg_cprng_test(dctx, out))
goto err;
}
outlen -= dctx->blocklength;
if (!outlen)
break;
out += dctx->blocklength;
/* Step #5 after first pass */
t = s;
#ifdef EC_DRBG_TRACE
fprintf(stderr, "Random bits written:\n");
hexprint(stderr, out, dctx->blocklength);
#endif
}
if (!drbg_ec_mul(ectx, ectx->s, ectx->s, 0))
return 0;
#ifdef EC_DRBG_TRACE
bnprint(stderr, "s after generate is: ", s);
#endif
BN_CTX_end(ectx->bctx);
return 1;
err:
BN_CTX_end(ectx->bctx);
return 0;
}
static int drbg_ec_uninstantiate(DRBG_CTX *dctx)
{
DRBG_EC_CTX *ectx = &dctx->d.ec;
EVP_MD_CTX_cleanup(&ectx->mctx);
EC_GROUP_free(ectx->curve);
EC_POINT_free(ectx->Q);
EC_POINT_free(ectx->ptmp);
BN_clear_free(ectx->s);
BN_CTX_free(ectx->bctx);
OPENSSL_cleanse(&dctx->d.ec, sizeof(DRBG_EC_CTX));
return 1;
}
/* Q points from SP 800-90 A.1, P is generator */
__fips_constseg
static const unsigned char p_256_qx[] = {
0xc9,0x74,0x45,0xf4,0x5c,0xde,0xf9,0xf0,0xd3,0xe0,0x5e,0x1e,
0x58,0x5f,0xc2,0x97,0x23,0x5b,0x82,0xb5,0xbe,0x8f,0xf3,0xef,
0xca,0x67,0xc5,0x98,0x52,0x01,0x81,0x92
};
__fips_constseg
static const unsigned char p_256_qy[] = {
0xb2,0x8e,0xf5,0x57,0xba,0x31,0xdf,0xcb,0xdd,0x21,0xac,0x46,
0xe2,0xa9,0x1e,0x3c,0x30,0x4f,0x44,0xcb,0x87,0x05,0x8a,0xda,
0x2c,0xb8,0x15,0x15,0x1e,0x61,0x00,0x46
};
__fips_constseg
static const unsigned char p_384_qx[] = {
0x8e,0x72,0x2d,0xe3,0x12,0x5b,0xdd,0xb0,0x55,0x80,0x16,0x4b,
0xfe,0x20,0xb8,0xb4,0x32,0x21,0x6a,0x62,0x92,0x6c,0x57,0x50,
0x2c,0xee,0xde,0x31,0xc4,0x78,0x16,0xed,0xd1,0xe8,0x97,0x69,
0x12,0x41,0x79,0xd0,0xb6,0x95,0x10,0x64,0x28,0x81,0x50,0x65
};
__fips_constseg
static const unsigned char p_384_qy[] = {
0x02,0x3b,0x16,0x60,0xdd,0x70,0x1d,0x08,0x39,0xfd,0x45,0xee,
0xc3,0x6f,0x9e,0xe7,0xb3,0x2e,0x13,0xb3,0x15,0xdc,0x02,0x61,
0x0a,0xa1,0xb6,0x36,0xe3,0x46,0xdf,0x67,0x1f,0x79,0x0f,0x84,
0xc5,0xe0,0x9b,0x05,0x67,0x4d,0xbb,0x7e,0x45,0xc8,0x03,0xdd
};
__fips_constseg
static const unsigned char p_521_qx[] = {
0x01,0xb9,0xfa,0x3e,0x51,0x8d,0x68,0x3c,0x6b,0x65,0x76,0x36,
0x94,0xac,0x8e,0xfb,0xae,0xc6,0xfa,0xb4,0x4f,0x22,0x76,0x17,
0x1a,0x42,0x72,0x65,0x07,0xdd,0x08,0xad,0xd4,0xc3,0xb3,0xf4,
0xc1,0xeb,0xc5,0xb1,0x22,0x2d,0xdb,0xa0,0x77,0xf7,0x22,0x94,
0x3b,0x24,0xc3,0xed,0xfa,0x0f,0x85,0xfe,0x24,0xd0,0xc8,0xc0,
0x15,0x91,0xf0,0xbe,0x6f,0x63
};
__fips_constseg
static const unsigned char p_521_qy[] = {
0x01,0xf3,0xbd,0xba,0x58,0x52,0x95,0xd9,0xa1,0x11,0x0d,0x1d,
0xf1,0xf9,0x43,0x0e,0xf8,0x44,0x2c,0x50,0x18,0x97,0x6f,0xf3,
0x43,0x7e,0xf9,0x1b,0x81,0xdc,0x0b,0x81,0x32,0xc8,0xd5,0xc3,
0x9c,0x32,0xd0,0xe0,0x04,0xa3,0x09,0x2b,0x7d,0x32,0x7c,0x0e,
0x7a,0x4d,0x26,0xd2,0xc7,0xb6,0x9b,0x58,0xf9,0x06,0x66,0x52,
0x91,0x1e,0x45,0x77,0x79,0xde
};
int fips_drbg_ec_init(DRBG_CTX *dctx)
{
const EVP_MD *md;
const unsigned char *Q_x, *Q_y;
BIGNUM *x, *y;
size_t ptlen;
int md_nid = dctx->type & 0xffff;
int curve_nid = dctx->type >> 16;
DRBG_EC_CTX *ectx = &dctx->d.ec;
md = FIPS_get_digestbynid(md_nid);
if (!md)
return -2;
/* These are taken from SP 800-90 10.3.1 table 4 */
switch (curve_nid)
{
case NID_X9_62_prime256v1:
dctx->strength = 128;
dctx->seedlen = 32;
dctx->blocklength = 30;
ectx->exbits = 0;
Q_x = p_256_qx;
Q_y = p_256_qy;
ptlen = sizeof(p_256_qx);
break;
case NID_secp384r1:
if (md_nid == NID_sha1)
return -2;
dctx->strength = 192;
dctx->seedlen = 48;
dctx->blocklength = 46;
ectx->exbits = 0;
Q_x = p_384_qx;
Q_y = p_384_qy;
ptlen = sizeof(p_384_qx);
break;
case NID_secp521r1:
if (md_nid == NID_sha1 || md_nid == NID_sha224)
return -2;
dctx->strength = 256;
dctx->seedlen = 66;
dctx->blocklength = 63;
ectx->exbits = 7;
Q_x = p_521_qx;
Q_y = p_521_qy;
ptlen = sizeof(p_521_qx);
break;
default:
return -2;
}
dctx->iflags |= DRBG_CUSTOM_RESEED;
dctx->reseed_counter = 0;
dctx->instantiate = drbg_ec_instantiate;
dctx->reseed = drbg_ec_reseed;
dctx->generate = drbg_ec_generate;
dctx->uninstantiate = drbg_ec_uninstantiate;
ectx->md = md;
EVP_MD_CTX_init(&ectx->mctx);
dctx->min_entropy = dctx->strength / 8;
dctx->max_entropy = 2 << 10;
dctx->min_nonce = dctx->min_entropy / 2;
dctx->max_nonce = 2 << 10;
dctx->max_pers = 2 << 10;
dctx->max_adin = 2 << 10;
dctx->reseed_interval = 1<<24;
dctx->max_request = dctx->reseed_interval * dctx->blocklength;
/* Setup internal structures */
ectx->bctx = BN_CTX_new();
if (!ectx->bctx)
return 0;
BN_CTX_start(ectx->bctx);
ectx->s = BN_new();
ectx->curve = EC_GROUP_new_by_curve_name(curve_nid);
ectx->Q = EC_POINT_new(ectx->curve);
ectx->ptmp = EC_POINT_new(ectx->curve);
x = BN_CTX_get(ectx->bctx);
y = BN_CTX_get(ectx->bctx);
if (!ectx->s || !ectx->curve || !ectx->Q || !y)
goto err;
if (!BN_bin2bn(Q_x, ptlen, x) || !BN_bin2bn(Q_y, ptlen, y))
goto err;
if (!EC_POINT_set_affine_coordinates_GFp(ectx->curve, ectx->Q,
x, y, ectx->bctx))
goto err;
BN_CTX_end(ectx->bctx);
return 1;
err:
BN_CTX_end(ectx->bctx);
drbg_ec_uninstantiate(dctx);
return 0;
}

378
fips/rand/fips_drbg_hash.c
View File

@ -1,378 +0,0 @@
/* fips/rand/fips_drbg_hash.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include <stdlib.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
/* This is Hash_df from SP 800-90 10.4.1 */
static int hash_df(DRBG_CTX *dctx, unsigned char *out,
const unsigned char *in1, size_t in1len,
const unsigned char *in2, size_t in2len,
const unsigned char *in3, size_t in3len,
const unsigned char *in4, size_t in4len)
{
EVP_MD_CTX *mctx = &dctx->d.hash.mctx;
unsigned char *vtmp = dctx->d.hash.vtmp;
unsigned char tmp[6];
/* Standard only ever needs seedlen bytes which is always less than
* maximum permitted so no need to check length.
*/
size_t outlen = dctx->seedlen;
tmp[0] = 1;
tmp[1] = ((outlen * 8) >> 24) & 0xff;
tmp[2] = ((outlen * 8) >> 16) & 0xff;
tmp[3] = ((outlen * 8) >> 8) & 0xff;
tmp[4] = (outlen * 8) & 0xff;
if (!in1)
{
tmp[5] = (unsigned char)in1len;
in1 = tmp + 5;
in1len = 1;
}
for (;;)
{
if (!FIPS_digestinit(mctx, dctx->d.hash.md))
return 0;
if (!FIPS_digestupdate(mctx, tmp, 5))
return 0;
if (in1 && !FIPS_digestupdate(mctx, in1, in1len))
return 0;
if (in2 && !FIPS_digestupdate(mctx, in2, in2len))
return 0;
if (in3 && !FIPS_digestupdate(mctx, in3, in3len))
return 0;
if (in4 && !FIPS_digestupdate(mctx, in4, in4len))
return 0;
if (outlen < dctx->blocklength)
{
if (!FIPS_digestfinal(mctx, vtmp, NULL))
return 0;
memcpy(out, vtmp, outlen);
OPENSSL_cleanse(vtmp, dctx->blocklength);
return 1;
}
else if(!FIPS_digestfinal(mctx, out, NULL))
return 0;
outlen -= dctx->blocklength;
if (outlen == 0)
return 1;
tmp[0]++;
out += dctx->blocklength;
}
}
/* Add an unsigned buffer to the buf value, storing the result in buf. For
* this algorithm the length of input never exceeds the seed length.
*/
static void ctx_add_buf(DRBG_CTX *dctx, unsigned char *buf,
unsigned char *in, size_t inlen)
{
size_t i = inlen;
const unsigned char *q;
unsigned char c, *p;
p = buf + dctx->seedlen;
q = in + inlen;
OPENSSL_assert(i <= dctx->seedlen);
/* Special case: zero length, just increment buffer */
if (i)
c = 0;
else
c = 1;
while (i)
{
int r;
p--;
q--;
r = *p + *q + c;
/* Carry */
if (r > 0xff)
c = 1;
else
c = 0;
*p = r & 0xff;
i--;
}
i = dctx->seedlen - inlen;
/* If not adding whole buffer handle final carries */
if (c && i)
{
do
{
p--;
c = *p;
c++;
*p = c;
if(c)
return;
} while(i--);
}
}
/* Finalise and add hash to V */
static int ctx_add_md(DRBG_CTX *dctx)
{
if (!FIPS_digestfinal(&dctx->d.hash.mctx, dctx->d.hash.vtmp, NULL))
return 0;
ctx_add_buf(dctx, dctx->d.hash.V, dctx->d.hash.vtmp, dctx->blocklength);
return 1;
}
static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
{
DRBG_HASH_CTX *hctx = &dctx->d.hash;
if (outlen == 0)
return 1;
memcpy(hctx->vtmp, hctx->V, dctx->seedlen);
for(;;)
{
FIPS_digestinit(&hctx->mctx, hctx->md);
FIPS_digestupdate(&hctx->mctx, hctx->vtmp, dctx->seedlen);
if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
{
FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL);
dctx->lb_valid = 1;
}
else if (outlen < dctx->blocklength)
{
FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL);
if (!fips_drbg_cprng_test(dctx, hctx->vtmp))
return 0;
memcpy(out, hctx->vtmp, outlen);
return 1;
}
else
{
FIPS_digestfinal(&hctx->mctx, out, NULL);
if (!fips_drbg_cprng_test(dctx, out))
return 0;
outlen -= dctx->blocklength;
if (outlen == 0)
return 1;
out += dctx->blocklength;
}
ctx_add_buf(dctx, hctx->vtmp, NULL, 0);
}
}
static int drbg_hash_instantiate(DRBG_CTX *dctx,
const unsigned char *ent, size_t ent_len,
const unsigned char *nonce, size_t nonce_len,
const unsigned char *pstr, size_t pstr_len)
{
DRBG_HASH_CTX *hctx = &dctx->d.hash;
if (!hash_df(dctx, hctx->V,
ent, ent_len, nonce, nonce_len, pstr, pstr_len,
NULL, 0))
return 0;
if (!hash_df(dctx, hctx->C,
NULL, 0, hctx->V, dctx->seedlen,
NULL, 0, NULL, 0))
return 0;
#ifdef HASH_DRBG_TRACE
fprintf(stderr, "V+C after instantiate:\n");
hexprint(stderr, hctx->V, dctx->seedlen);
hexprint(stderr, hctx->C, dctx->seedlen);
#endif
return 1;
}
static int drbg_hash_reseed(DRBG_CTX *dctx,
const unsigned char *ent, size_t ent_len,
const unsigned char *adin, size_t adin_len)
{
DRBG_HASH_CTX *hctx = &dctx->d.hash;
/* V about to be updated so use C as output instead */
if (!hash_df(dctx, hctx->C,
NULL, 1, hctx->V, dctx->seedlen,
ent, ent_len, adin, adin_len))
return 0;
memcpy(hctx->V, hctx->C, dctx->seedlen);
if (!hash_df(dctx, hctx->C, NULL, 0,
hctx->V, dctx->seedlen, NULL, 0, NULL, 0))
return 0;
#ifdef HASH_DRBG_TRACE
fprintf(stderr, "V+C after reseed:\n");
hexprint(stderr, hctx->V, dctx->seedlen);
hexprint(stderr, hctx->C, dctx->seedlen);
#endif
return 1;
}
static int drbg_hash_generate(DRBG_CTX *dctx,
unsigned char *out, size_t outlen,
const unsigned char *adin, size_t adin_len)
{
DRBG_HASH_CTX *hctx = &dctx->d.hash;
EVP_MD_CTX *mctx = &hctx->mctx;
unsigned char tmp[4];
if (adin && adin_len)
{
tmp[0] = 2;
if (!FIPS_digestinit(mctx, hctx->md))
return 0;
if (!EVP_DigestUpdate(mctx, tmp, 1))
return 0;
if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
return 0;
if (!EVP_DigestUpdate(mctx, adin, adin_len))
return 0;
if (!ctx_add_md(dctx))
return 0;
}
if (!hash_gen(dctx, out, outlen))
return 0;
tmp[0] = 3;
if (!FIPS_digestinit(mctx, hctx->md))
return 0;
if (!EVP_DigestUpdate(mctx, tmp, 1))
return 0;
if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
return 0;
if (!ctx_add_md(dctx))
return 0;
ctx_add_buf(dctx, hctx->V, hctx->C, dctx->seedlen);
tmp[0] = (dctx->reseed_counter >> 24) & 0xff;
tmp[1] = (dctx->reseed_counter >> 16) & 0xff;
tmp[2] = (dctx->reseed_counter >> 8) & 0xff;
tmp[3] = dctx->reseed_counter & 0xff;
ctx_add_buf(dctx, hctx->V, tmp, 4);
#ifdef HASH_DRBG_TRACE
fprintf(stderr, "V+C after generate:\n");
hexprint(stderr, hctx->V, dctx->seedlen);
hexprint(stderr, hctx->C, dctx->seedlen);
#endif
return 1;
}
static int drbg_hash_uninstantiate(DRBG_CTX *dctx)
{
EVP_MD_CTX_cleanup(&dctx->d.hash.mctx);
OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX));
return 1;
}
int fips_drbg_hash_init(DRBG_CTX *dctx)
{
const EVP_MD *md;
DRBG_HASH_CTX *hctx = &dctx->d.hash;
md = FIPS_get_digestbynid(dctx->type);
if (!md)
return -2;
switch (dctx->type)
{
case NID_sha1:
dctx->strength = 128;
break;
case NID_sha224:
dctx->strength = 192;
break;
default:
dctx->strength = 256;
break;
}
dctx->instantiate = drbg_hash_instantiate;
dctx->reseed = drbg_hash_reseed;
dctx->generate = drbg_hash_generate;
dctx->uninstantiate = drbg_hash_uninstantiate;
dctx->d.hash.md = md;
EVP_MD_CTX_init(&hctx->mctx);
/* These are taken from SP 800-90 10.1 table 2 */
dctx->blocklength = M_EVP_MD_size(md);
if (dctx->blocklength > 32)
dctx->seedlen = 111;
else
dctx->seedlen = 55;
dctx->min_entropy = dctx->strength / 8;
dctx->max_entropy = DRBG_MAX_LENGTH;
dctx->min_nonce = dctx->min_entropy / 2;
dctx->max_nonce = DRBG_MAX_LENGTH;
dctx->max_pers = DRBG_MAX_LENGTH;
dctx->max_adin = DRBG_MAX_LENGTH;
dctx->max_request = 1<<16;
dctx->reseed_interval = 1<<24;
return 1;
}

281
fips/rand/fips_drbg_hmac.c
View File

@ -1,281 +0,0 @@
/* fips/rand/fips_drbg_hmac.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdlib.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/aes.h>
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
static int drbg_hmac_update(DRBG_CTX *dctx,
const unsigned char *in1, size_t in1len,
const unsigned char *in2, size_t in2len,
const unsigned char *in3, size_t in3len
)
{
static unsigned char c0 = 0, c1 = 1;
DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
HMAC_CTX *hctx = &hmac->hctx;
if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
return 0;
if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
return 0;
if (!HMAC_Update(hctx, &c0, 1))
return 0;
if (in1len && !HMAC_Update(hctx, in1, in1len))
return 0;
if (in2len && !HMAC_Update(hctx, in2, in2len))
return 0;
if (in3len && !HMAC_Update(hctx, in3, in3len))
return 0;
if (!HMAC_Final(hctx, hmac->K, NULL))
return 0;
if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
return 0;
if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
return 0;
if (!HMAC_Final(hctx, hmac->V, NULL))
return 0;
if (!in1len && !in2len && !in3len)
return 1;
if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
return 0;
if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
return 0;
if (!HMAC_Update(hctx, &c1, 1))
return 0;
if (in1len && !HMAC_Update(hctx, in1, in1len))
return 0;
if (in2len && !HMAC_Update(hctx, in2, in2len))
return 0;
if (in3len && !HMAC_Update(hctx, in3, in3len))
return 0;
if (!HMAC_Final(hctx, hmac->K, NULL))
return 0;
if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
return 0;
if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
return 0;
if (!HMAC_Final(hctx, hmac->V, NULL))
return 0;
return 1;
}
static int drbg_hmac_instantiate(DRBG_CTX *dctx,
const unsigned char *ent, size_t ent_len,
const unsigned char *nonce, size_t nonce_len,
const unsigned char *pstr, size_t pstr_len)
{
DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
memset(hmac->K, 0, dctx->blocklength);
memset(hmac->V, 1, dctx->blocklength);
if (!drbg_hmac_update(dctx,
ent, ent_len, nonce, nonce_len, pstr, pstr_len))
return 0;
#ifdef HMAC_DRBG_TRACE
fprintf(stderr, "K+V after instantiate:\n");
hexprint(stderr, hmac->K, hmac->blocklength);
hexprint(stderr, hmac->V, hmac->blocklength);
#endif
return 1;
}
static int drbg_hmac_reseed(DRBG_CTX *dctx,
const unsigned char *ent, size_t ent_len,
const unsigned char *adin, size_t adin_len)
{
if (!drbg_hmac_update(dctx,
ent, ent_len, adin, adin_len, NULL, 0))
return 0;
#ifdef HMAC_DRBG_TRACE
{
DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
fprintf(stderr, "K+V after reseed:\n");
hexprint(stderr, hmac->K, hmac->blocklength);
hexprint(stderr, hmac->V, hmac->blocklength);
}
#endif
return 1;
}
static int drbg_hmac_generate(DRBG_CTX *dctx,
unsigned char *out, size_t outlen,
const unsigned char *adin, size_t adin_len)
{
DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
HMAC_CTX *hctx = &hmac->hctx;
const unsigned char *Vtmp = hmac->V;
if (adin_len && !drbg_hmac_update(dctx, adin, adin_len,
NULL, 0, NULL, 0))
return 0;
for (;;)
{
if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength,
hmac->md, NULL))
return 0;
if (!HMAC_Update(hctx, Vtmp, dctx->blocklength))
return 0;
if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
{
if (!HMAC_Final(hctx, dctx->lb, NULL))
return 0;
dctx->lb_valid = 1;
Vtmp = dctx->lb;
continue;
}
else if (outlen > dctx->blocklength)
{
if (!HMAC_Final(hctx, out, NULL))
return 0;
if (!fips_drbg_cprng_test(dctx, out))
return 0;
Vtmp = out;
}
else
{
if (!HMAC_Final(hctx, hmac->V, NULL))
return 0;
if (!fips_drbg_cprng_test(dctx, hmac->V))
return 0;
memcpy(out, hmac->V, outlen);
break;
}
out += dctx->blocklength;
outlen -= dctx->blocklength;
}
if (!drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0))
return 0;
return 1;
}
static int drbg_hmac_uninstantiate(DRBG_CTX *dctx)
{
HMAC_CTX_cleanup(&dctx->d.hmac.hctx);
OPENSSL_cleanse(&dctx->d.hmac, sizeof(DRBG_HMAC_CTX));
return 1;
}
int fips_drbg_hmac_init(DRBG_CTX *dctx)
{
const EVP_MD *md = NULL;
DRBG_HMAC_CTX *hctx = &dctx->d.hmac;
dctx->strength = 256;
switch (dctx->type)
{
case NID_hmacWithSHA1:
md = EVP_sha1();
dctx->strength = 128;
break;
case NID_hmacWithSHA224:
md = EVP_sha224();
dctx->strength = 192;
break;
case NID_hmacWithSHA256:
md = EVP_sha256();
break;
case NID_hmacWithSHA384:
md = EVP_sha384();
break;
case NID_hmacWithSHA512:
md = EVP_sha512();
break;
default:
dctx->strength = 0;
return -2;
}
dctx->instantiate = drbg_hmac_instantiate;
dctx->reseed = drbg_hmac_reseed;
dctx->generate = drbg_hmac_generate;
dctx->uninstantiate = drbg_hmac_uninstantiate;
HMAC_CTX_init(&hctx->hctx);
hctx->md = md;
dctx->blocklength = M_EVP_MD_size(md);
dctx->seedlen = M_EVP_MD_size(md);
dctx->min_entropy = dctx->strength / 8;
dctx->max_entropy = DRBG_MAX_LENGTH;
dctx->min_nonce = dctx->min_entropy / 2;
dctx->max_nonce = DRBG_MAX_LENGTH;
dctx->max_pers = DRBG_MAX_LENGTH;
dctx->max_adin = DRBG_MAX_LENGTH;
dctx->max_request = 1<<16;
dctx->reseed_interval = 1<<24;
return 1;
}

579
fips/rand/fips_drbg_lib.c
View File

@ -1,579 +0,0 @@
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
/* Support framework for SP800-90 DRBGs */
int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
{
int rv;
memset(dctx, 0, sizeof(DRBG_CTX));
dctx->status = DRBG_STATUS_UNINITIALISED;
dctx->xflags = flags;
dctx->type = type;
dctx->iflags = 0;
dctx->entropy_blocklen = 0;
dctx->health_check_cnt = 0;
dctx->health_check_interval = DRBG_HEALTH_INTERVAL;
rv = fips_drbg_hash_init(dctx);
if (rv == -2)
rv = fips_drbg_ctr_init(dctx);
if (rv == -2)
rv = fips_drbg_hmac_init(dctx);
if (rv == -2)
rv = fips_drbg_ec_init(dctx);
if (rv <= 0)
{
if (rv == -2)
FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_UNSUPPORTED_DRBG_TYPE);
else
FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_ERROR_INITIALISING_DRBG);
}
/* If not in test mode run selftests on DRBG of the same type */
if (!(dctx->xflags & DRBG_FLAG_TEST))
{
if (!FIPS_drbg_health_check(dctx))
{
FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);
return 0;
}
}
return rv;
}
DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
{
DRBG_CTX *dctx;
dctx = OPENSSL_malloc(sizeof(DRBG_CTX));
if (!dctx)
{
FIPSerr(FIPS_F_FIPS_DRBG_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (type == 0)
{
memset(dctx, 0, sizeof(DRBG_CTX));
dctx->type = 0;
dctx->status = DRBG_STATUS_UNINITIALISED;
return dctx;
}
if (FIPS_drbg_init(dctx, type, flags) <= 0)
{
OPENSSL_free(dctx);
return NULL;
}
return dctx;
}
void FIPS_drbg_free(DRBG_CTX *dctx)
{
if (dctx->uninstantiate)
dctx->uninstantiate(dctx);
/* Don't free up default DRBG */
if (dctx == FIPS_get_default_drbg())
{
memset(dctx, 0, sizeof(DRBG_CTX));
dctx->type = 0;
dctx->status = DRBG_STATUS_UNINITIALISED;
}
else
{
OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
OPENSSL_free(dctx);
}
}
static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len)
{
unsigned char *tout, *p;
size_t bl = dctx->entropy_blocklen, rv;
if (!dctx->get_entropy)
return 0;
if (dctx->xflags & DRBG_FLAG_TEST || !bl)
return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
rv = dctx->get_entropy(dctx, &tout, entropy + bl,
min_len + bl, max_len + bl);
*pout = tout + bl;
if (rv < (min_len + bl) || (rv % bl))
return 0;
/* Compare consecutive blocks for continuous PRNG test */
for (p = tout; p < tout + rv - bl; p += bl)
{
if (!memcmp(p, p + bl, bl))
{
FIPSerr(FIPS_F_FIPS_GET_ENTROPY, FIPS_R_ENTROPY_SOURCE_STUCK);
return 0;
}
}
rv -= bl;
if (rv > max_len)
return max_len;
return rv;
}
static void fips_cleanup_entropy(DRBG_CTX *dctx,
unsigned char *out, size_t olen)
{
size_t bl;
if (dctx->xflags & DRBG_FLAG_TEST)
bl = 0;
else
bl = dctx->entropy_blocklen;
/* Call cleanup with original arguments */
dctx->cleanup_entropy(dctx, out - bl, olen + bl);
}
int FIPS_drbg_instantiate(DRBG_CTX *dctx,
const unsigned char *pers, size_t perslen)
{
size_t entlen = 0, noncelen = 0;
unsigned char *nonce = NULL, *entropy = NULL;
#if 0
/* Put here so error script picks them up */
FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE,
FIPS_R_PERSONALISATION_STRING_TOO_LONG);
FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_IN_ERROR_STATE);
FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ALREADY_INSTANTIATED);
FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY);
FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE);
FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR);
FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED);
#endif
int r = 0;
if (perslen > dctx->max_pers)
{
r = FIPS_R_PERSONALISATION_STRING_TOO_LONG;
goto end;
}
if (!dctx->instantiate)
{
r = FIPS_R_DRBG_NOT_INITIALISED;
goto end;
}
if (dctx->status != DRBG_STATUS_UNINITIALISED)
{
if (dctx->status == DRBG_STATUS_ERROR)
r = FIPS_R_IN_ERROR_STATE;
else
r = FIPS_R_ALREADY_INSTANTIATED;
goto end;
}
dctx->status = DRBG_STATUS_ERROR;
entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
dctx->min_entropy, dctx->max_entropy);
if (entlen < dctx->min_entropy || entlen > dctx->max_entropy)
{
r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
goto end;
}
if (dctx->max_nonce > 0 && dctx->get_nonce)
{
noncelen = dctx->get_nonce(dctx, &nonce,
dctx->strength / 2,
dctx->min_nonce, dctx->max_nonce);
if (noncelen < dctx->min_nonce || noncelen > dctx->max_nonce)
{
r = FIPS_R_ERROR_RETRIEVING_NONCE;
goto end;
}
}
if (!dctx->instantiate(dctx,
entropy, entlen,
nonce, noncelen,
pers, perslen))
{
r = FIPS_R_ERROR_INSTANTIATING_DRBG;
goto end;
}
dctx->status = DRBG_STATUS_READY;
if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
dctx->reseed_counter = 1;
end:
if (entropy && dctx->cleanup_entropy)
fips_cleanup_entropy(dctx, entropy, entlen);
if (nonce && dctx->cleanup_nonce)
dctx->cleanup_nonce(dctx, nonce, noncelen);
if (dctx->status == DRBG_STATUS_READY)
return 1;
if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, r);
return 0;
}
static int drbg_reseed(DRBG_CTX *dctx,
const unsigned char *adin, size_t adinlen, int hcheck)
{
unsigned char *entropy = NULL;
size_t entlen = 0;
int r = 0;
#if 0
FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_NOT_INSTANTIATED);
FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
#endif
if (dctx->status != DRBG_STATUS_READY
&& dctx->status != DRBG_STATUS_RESEED)
{
if (dctx->status == DRBG_STATUS_ERROR)
r = FIPS_R_IN_ERROR_STATE;
else if(dctx->status == DRBG_STATUS_UNINITIALISED)
r = FIPS_R_NOT_INSTANTIATED;
goto end;
}
if (!adin)
adinlen = 0;
else if (adinlen > dctx->max_adin)
{
r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
goto end;
}
dctx->status = DRBG_STATUS_ERROR;
/* Peform health check on all reseed operations if not a prediction
* resistance request and not in test mode.
*/
if (hcheck && !(dctx->xflags & DRBG_FLAG_TEST))
{
if (!FIPS_drbg_health_check(dctx))
{
r = FIPS_R_SELFTEST_FAILURE;
goto end;
}
}
entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
dctx->min_entropy, dctx->max_entropy);
if (entlen < dctx->min_entropy || entlen > dctx->max_entropy)
{
r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
goto end;
}
if (!dctx->reseed(dctx, entropy, entlen, adin, adinlen))
goto end;
dctx->status = DRBG_STATUS_READY;
if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
dctx->reseed_counter = 1;
end:
if (entropy && dctx->cleanup_entropy)
fips_cleanup_entropy(dctx, entropy, entlen);
if (dctx->status == DRBG_STATUS_READY)
return 1;
if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
FIPSerr(FIPS_F_DRBG_RESEED, r);
return 0;
}
int FIPS_drbg_reseed(DRBG_CTX *dctx,
const unsigned char *adin, size_t adinlen)
{
return drbg_reseed(dctx, adin, adinlen, 1);
}
static int fips_drbg_check(DRBG_CTX *dctx)
{
if (dctx->xflags & DRBG_FLAG_TEST)
return 1;
dctx->health_check_cnt++;
if (dctx->health_check_cnt >= dctx->health_check_interval)
{
if (!FIPS_drbg_health_check(dctx))
{
FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE);
return 0;
}
}
return 1;
}
int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
int prediction_resistance,
const unsigned char *adin, size_t adinlen)
{
int r = 0;
if (FIPS_selftest_failed())
{
FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED);
return 0;
}
if (!fips_drbg_check(dctx))
return 0;
if (dctx->status != DRBG_STATUS_READY
&& dctx->status != DRBG_STATUS_RESEED)
{
if (dctx->status == DRBG_STATUS_ERROR)
r = FIPS_R_IN_ERROR_STATE;
else if(dctx->status == DRBG_STATUS_UNINITIALISED)
r = FIPS_R_NOT_INSTANTIATED;
goto end;
}
if (outlen > dctx->max_request)
{
r = FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG;
return 0;
}
if (adinlen > dctx->max_adin)
{
r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
goto end;
}
if (dctx->iflags & DRBG_CUSTOM_RESEED)
dctx->generate(dctx, NULL, outlen, NULL, 0);
else if (dctx->reseed_counter >= dctx->reseed_interval)
dctx->status = DRBG_STATUS_RESEED;
if (dctx->status == DRBG_STATUS_RESEED || prediction_resistance)
{
/* If prediction resistance request don't do health check */
int hcheck = prediction_resistance ? 0 : 1;
if (!drbg_reseed(dctx, adin, adinlen, hcheck))
{
r = FIPS_R_RESEED_ERROR;
goto end;
}
adin = NULL;
adinlen = 0;
}
if (!dctx->generate(dctx, out, outlen, adin, adinlen))
{
r = FIPS_R_GENERATE_ERROR;
dctx->status = DRBG_STATUS_ERROR;
goto end;
}
if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
{
if (dctx->reseed_counter >= dctx->reseed_interval)
dctx->status = DRBG_STATUS_RESEED;
else
dctx->reseed_counter++;
}
end:
if (r)
{
if (!(dctx->iflags & DRBG_FLAG_NOERR))
FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, r);
return 0;
}
return 1;
}
int FIPS_drbg_uninstantiate(DRBG_CTX *dctx)
{
int rv;
if (!dctx->uninstantiate)
rv = 1;
else
rv = dctx->uninstantiate(dctx);
/* Although we'd like to cleanse here we can't because we have to
* test the uninstantiate really zeroes the data.
*/
memset(&dctx->d, 0, sizeof(dctx->d));
dctx->status = DRBG_STATUS_UNINITIALISED;
/* If method has problems uninstantiating, return error */
return rv;
}
int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len),
void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
size_t entropy_blocklen,
size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len),
void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen))
{
if (dctx->status != DRBG_STATUS_UNINITIALISED)
return 0;
dctx->entropy_blocklen = entropy_blocklen;
dctx->get_entropy = get_entropy;
dctx->cleanup_entropy = cleanup_entropy;
dctx->get_nonce = get_nonce;
dctx->cleanup_nonce = cleanup_nonce;
return 1;
}
int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout),
void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num),
int (*rand_add_cb)(DRBG_CTX *ctx,
const void *buf, int num, double entropy))
{
if (dctx->status != DRBG_STATUS_UNINITIALISED)
return 0;
dctx->get_adin = get_adin;
dctx->cleanup_adin = cleanup_adin;
dctx->rand_seed_cb = rand_seed_cb;
dctx->rand_add_cb = rand_add_cb;
return 1;
}
void *FIPS_drbg_get_app_data(DRBG_CTX *dctx)
{
return dctx->app_data;
}
void FIPS_drbg_set_app_data(DRBG_CTX *dctx, void *app_data)
{
dctx->app_data = app_data;
}
size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx)
{
return dctx->blocklength;
}
int FIPS_drbg_get_strength(DRBG_CTX *dctx)
{
return dctx->strength;
}
void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval)
{
dctx->health_check_interval = interval;
}
void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval)
{
dctx->reseed_interval = interval;
}
static int drbg_stick = 0;
void FIPS_drbg_stick(int onoff)
{
drbg_stick = onoff;
}
/* Continuous DRBG utility function */
int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out)
{
/* No CPRNG in test mode */
if (dctx->xflags & DRBG_FLAG_TEST)
return 1;
/* Check block is valid: should never happen */
if (dctx->lb_valid == 0)
{
FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_INTERNAL_ERROR);
fips_set_selftest_fail();
return 0;
}
if (drbg_stick)
memcpy(dctx->lb, out, dctx->blocklength);
/* Check against last block: fail if match */
if (!memcmp(dctx->lb, out, dctx->blocklength))
{
FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_DRBG_STUCK);
fips_set_selftest_fail();
return 0;
}
/* Save last block for next comparison */
memcpy(dctx->lb, out, dctx->blocklength);
return 1;
}

174
fips/rand/fips_drbg_rand.c
View File

@ -1,174 +0,0 @@
/* fips/rand/fips_drbg_rand.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
/* Mapping of SP800-90 DRBGs to OpenSSL RAND_METHOD */
/* Since we only have one global PRNG used at any time in OpenSSL use a global
* variable to store context.
*/
static DRBG_CTX ossl_dctx;
DRBG_CTX *FIPS_get_default_drbg(void)
{
return &ossl_dctx;
}
static int fips_drbg_bytes(unsigned char *out, int count)
{
DRBG_CTX *dctx = &ossl_dctx;
int rv = 0;
unsigned char *adin = NULL;
size_t adinlen = 0;
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
do
{
size_t rcnt;
if (count > (int)dctx->max_request)
rcnt = dctx->max_request;
else
rcnt = count;
if (dctx->get_adin)
{
adinlen = dctx->get_adin(dctx, &adin);
if (adinlen && !adin)
{
FIPSerr(FIPS_F_FIPS_DRBG_BYTES, FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT);
goto err;
}
}
rv = FIPS_drbg_generate(dctx, out, rcnt, 0, adin, adinlen);
if (adin)
{
if (dctx->cleanup_adin)
dctx->cleanup_adin(dctx, adin, adinlen);
adin = NULL;
}
if (!rv)
goto err;
out += rcnt;
count -= rcnt;
}
while (count);
rv = 1;
err:
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
return rv;
}
static int fips_drbg_pseudo(unsigned char *out, int count)
{
if (fips_drbg_bytes(out, count) <= 0)
return -1;
return 1;
}
static int fips_drbg_status(void)
{
DRBG_CTX *dctx = &ossl_dctx;
int rv;
CRYPTO_r_lock(CRYPTO_LOCK_RAND);
rv = dctx->status == DRBG_STATUS_READY ? 1 : 0;
CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
return rv;
}
static void fips_drbg_cleanup(void)
{
DRBG_CTX *dctx = &ossl_dctx;
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
FIPS_drbg_uninstantiate(dctx);
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
}
static int fips_drbg_seed(const void *seed, int seedlen)
{
DRBG_CTX *dctx = &ossl_dctx;
if (dctx->rand_seed_cb)
return dctx->rand_seed_cb(dctx, seed, seedlen);
return 1;
}
static int fips_drbg_add(const void *seed, int seedlen,
double add_entropy)
{
DRBG_CTX *dctx = &ossl_dctx;
if (dctx->rand_add_cb)
return dctx->rand_add_cb(dctx, seed, seedlen, add_entropy);
return 1;
}
static const RAND_METHOD rand_drbg_meth =
{
fips_drbg_seed,
fips_drbg_bytes,
fips_drbg_cleanup,
fips_drbg_add,
fips_drbg_pseudo,
fips_drbg_status
};
const RAND_METHOD *FIPS_drbg_method(void)
{
return &rand_drbg_meth;
}

876
fips/rand/fips_drbg_selftest.c
View File

@ -1,876 +0,0 @@
/* fips/rand/fips_drbg_selftest.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
#include "fips_locl.h"
#include "fips_drbg_selftest.h"
typedef struct {
int post;
int nid;
unsigned int flags;
/* KAT data for no PR */
const unsigned char *ent;
size_t entlen;
const unsigned char *nonce;
size_t noncelen;
const unsigned char *pers;
size_t perslen;
const unsigned char *adin;
size_t adinlen;
const unsigned char *entreseed;
size_t entreseedlen;
const unsigned char *adinreseed;
size_t adinreseedlen;
const unsigned char *adin2;
size_t adin2len;
const unsigned char *kat;
size_t katlen;
const unsigned char *kat2;
size_t kat2len;
/* KAT data for PR */
const unsigned char *ent_pr;
size_t entlen_pr;
const unsigned char *nonce_pr;
size_t noncelen_pr;
const unsigned char *pers_pr;
size_t perslen_pr;
const unsigned char *adin_pr;
size_t adinlen_pr;
const unsigned char *entpr_pr;
size_t entprlen_pr;
const unsigned char *ading_pr;
size_t adinglen_pr;
const unsigned char *entg_pr;
size_t entglen_pr;
const unsigned char *kat_pr;
size_t katlen_pr;
const unsigned char *kat2_pr;
size_t kat2len_pr;
} DRBG_SELFTEST_DATA;
#define make_drbg_test_data(nid, flag, pr, p) {p, nid, flag | DRBG_FLAG_TEST, \
pr##_entropyinput, sizeof(pr##_entropyinput), \
pr##_nonce, sizeof(pr##_nonce), \
pr##_personalizationstring, sizeof(pr##_personalizationstring), \
pr##_additionalinput, sizeof(pr##_additionalinput), \
pr##_entropyinputreseed, sizeof(pr##_entropyinputreseed), \
pr##_additionalinputreseed, sizeof(pr##_additionalinputreseed), \
pr##_additionalinput2, sizeof(pr##_additionalinput2), \
pr##_int_returnedbits, sizeof(pr##_int_returnedbits), \
pr##_returnedbits, sizeof(pr##_returnedbits), \
pr##_pr_entropyinput, sizeof(pr##_pr_entropyinput), \
pr##_pr_nonce, sizeof(pr##_pr_nonce), \
pr##_pr_personalizationstring, sizeof(pr##_pr_personalizationstring), \
pr##_pr_additionalinput, sizeof(pr##_pr_additionalinput), \
pr##_pr_entropyinputpr, sizeof(pr##_pr_entropyinputpr), \
pr##_pr_additionalinput2, sizeof(pr##_pr_additionalinput2), \
pr##_pr_entropyinputpr2, sizeof(pr##_pr_entropyinputpr2), \
pr##_pr_int_returnedbits, sizeof(pr##_pr_int_returnedbits), \
pr##_pr_returnedbits, sizeof(pr##_pr_returnedbits), \
}
#define make_drbg_test_data_df(nid, pr, p) \
make_drbg_test_data(nid, DRBG_FLAG_CTR_USE_DF, pr, p)
#define make_drbg_test_data_ec(curve, md, pr, p) \
make_drbg_test_data((curve << 16) | md , 0, pr, p)
static DRBG_SELFTEST_DATA drbg_test[] = {
make_drbg_test_data_df(NID_aes_128_ctr, aes_128_use_df, 0),
make_drbg_test_data_df(NID_aes_192_ctr, aes_192_use_df, 0),
make_drbg_test_data_df(NID_aes_256_ctr, aes_256_use_df, 1),
make_drbg_test_data(NID_aes_128_ctr, 0, aes_128_no_df, 0),
make_drbg_test_data(NID_aes_192_ctr, 0, aes_192_no_df, 0),
make_drbg_test_data(NID_aes_256_ctr, 0, aes_256_no_df, 1),
make_drbg_test_data(NID_sha1, 0, sha1, 0),
make_drbg_test_data(NID_sha224, 0, sha224, 0),
make_drbg_test_data(NID_sha256, 0, sha256, 1),
make_drbg_test_data(NID_sha384, 0, sha384, 0),
make_drbg_test_data(NID_sha512, 0, sha512, 0),
make_drbg_test_data(NID_hmacWithSHA1, 0, hmac_sha1, 0),
make_drbg_test_data(NID_hmacWithSHA224, 0, hmac_sha224, 0),
make_drbg_test_data(NID_hmacWithSHA256, 0, hmac_sha256, 1),
make_drbg_test_data(NID_hmacWithSHA384, 0, hmac_sha384, 0),
make_drbg_test_data(NID_hmacWithSHA512, 0, hmac_sha512, 0),
make_drbg_test_data_ec(NID_X9_62_prime256v1, NID_sha1, p_256_sha1, 0),
make_drbg_test_data_ec(NID_X9_62_prime256v1, NID_sha224, p_256_sha224, 0),
make_drbg_test_data_ec(NID_X9_62_prime256v1, NID_sha256, p_256_sha256, 1),
make_drbg_test_data_ec(NID_X9_62_prime256v1, NID_sha384, p_256_sha384, 0),
make_drbg_test_data_ec(NID_X9_62_prime256v1, NID_sha512, p_256_sha512, 0),
make_drbg_test_data_ec(NID_secp384r1, NID_sha224, p_384_sha224, 0),
make_drbg_test_data_ec(NID_secp384r1, NID_sha256, p_384_sha256, 0),
make_drbg_test_data_ec(NID_secp384r1, NID_sha384, p_384_sha384, 0),
make_drbg_test_data_ec(NID_secp384r1, NID_sha512, p_384_sha512, 0),
make_drbg_test_data_ec(NID_secp521r1, NID_sha256, p_521_sha256, 0),
make_drbg_test_data_ec(NID_secp521r1, NID_sha384, p_521_sha384, 0),
make_drbg_test_data_ec(NID_secp521r1, NID_sha512, p_521_sha512, 0),
{0,0,0}
};
typedef struct
{
const unsigned char *ent;
size_t entlen;
int entcnt;
const unsigned char *nonce;
size_t noncelen;
int noncecnt;
} TEST_ENT;
static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len)
{
TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
*pout = (unsigned char *)t->ent;
t->entcnt++;
return t->entlen;
}
static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len)
{
TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
*pout = (unsigned char *)t->nonce;
t->noncecnt++;
return t->noncelen;
}
static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
int quick)
{
TEST_ENT t;
int rv = 0;
size_t adinlen;
unsigned char randout[1024];
/* Initial test without PR */
/* Instantiate DRBG with test entropy, nonce and personalisation
* string.
*/
if (!FIPS_drbg_init(dctx, td->nid, td->flags))
return 0;
if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
return 0;
FIPS_drbg_set_app_data(dctx, &t);
t.ent = td->ent;
t.entlen = td->entlen;
t.nonce = td->nonce;
t.noncelen = td->noncelen;
t.entcnt = 0;
t.noncecnt = 0;
if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
goto err;
/* Note for CTR without DF some additional input values
* ignore bytes after the keylength: so reduce adinlen
* to half to ensure invalid data is fed in.
*/
if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
adinlen = td->adinlen / 2;
else
adinlen = td->adinlen;
/* Generate with no PR and verify output matches expected data */
if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
td->adin, adinlen))
goto err;
if (memcmp(randout, td->kat, td->katlen))
{
FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST1_FAILURE);
goto err2;
}
/* If abbreviated POST end of test */
if (quick)
{
rv = 1;
goto err;
}
/* Reseed DRBG with test entropy and additional input */
t.ent = td->entreseed;
t.entlen = td->entreseedlen;
if (!FIPS_drbg_reseed(dctx, td->adinreseed, td->adinreseedlen))
goto err;
/* Generate with no PR and verify output matches expected data */
if (!FIPS_drbg_generate(dctx, randout, td->kat2len, 0,
td->adin2, td->adin2len))
goto err;
if (memcmp(randout, td->kat2, td->kat2len))
{
FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST2_FAILURE);
goto err2;
}
FIPS_drbg_uninstantiate(dctx);
/* Now test with PR */
/* Instantiate DRBG with test entropy, nonce and personalisation
* string.
*/
if (!FIPS_drbg_init(dctx, td->nid, td->flags))
return 0;
if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
return 0;
FIPS_drbg_set_app_data(dctx, &t);
t.ent = td->ent_pr;
t.entlen = td->entlen_pr;
t.nonce = td->nonce_pr;
t.noncelen = td->noncelen_pr;
t.entcnt = 0;
t.noncecnt = 0;
if (!FIPS_drbg_instantiate(dctx, td->pers_pr, td->perslen_pr))
goto err;
/* Now generate with PR: we need to supply entropy as this will
* perform a reseed operation. Check output matches expected value.
*/
t.ent = td->entpr_pr;
t.entlen = td->entprlen_pr;
/* Note for CTR without DF some additional input values
* ignore bytes after the keylength: so reduce adinlen
* to half to ensure invalid data is fed in.
*/
if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
adinlen = td->adinlen_pr / 2;
else
adinlen = td->adinlen_pr;
if (!FIPS_drbg_generate(dctx, randout, td->katlen_pr, 1,
td->adin_pr, adinlen))
goto err;
if (memcmp(randout, td->kat_pr, td->katlen_pr))
{
FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST1_FAILURE);
goto err2;
}
/* Now generate again with PR: supply new entropy again.
* Check output matches expected value.
*/
t.ent = td->entg_pr;
t.entlen = td->entglen_pr;
if (!FIPS_drbg_generate(dctx, randout, td->kat2len_pr, 1,
td->ading_pr, td->adinglen_pr))
goto err;
if (memcmp(randout, td->kat2_pr, td->kat2len_pr))
{
FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST2_FAILURE);
goto err2;
}
/* All OK, test complete */
rv = 1;
err:
if (rv == 0)
FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED);
err2:
FIPS_drbg_uninstantiate(dctx);
return rv;
}
/* Initialise a DRBG based on selftest data */
static int do_drbg_init(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td, TEST_ENT *t)
{
if (!FIPS_drbg_init(dctx, td->nid, td->flags))
return 0;
if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
return 0;
FIPS_drbg_set_app_data(dctx, t);
t->ent = td->ent;
t->entlen = td->entlen;
t->nonce = td->nonce;
t->noncelen = td->noncelen;
t->entcnt = 0;
t->noncecnt = 0;
return 1;
}
/* Initialise and instantiate DRBG based on selftest data */
static int do_drbg_instantiate(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
TEST_ENT *t)
{
if (!do_drbg_init(dctx, td, t))
return 0;
if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
return 0;
return 1;
}
/* This function performs extensive error checking as required by SP800-90.
* Induce several failure modes and check an error condition is set.
* This function along with fips_drbg_single_kat peforms the health checking
* operation.
*/
static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
{
unsigned char randout[1024];
TEST_ENT t;
size_t i;
unsigned int reseed_counter_tmp;
unsigned char *p = (unsigned char *)dctx;
/* Initialise DRBG */
if (!do_drbg_init(dctx, td, &t))
goto err;
/* Don't report induced errors */
dctx->iflags |= DRBG_FLAG_NOERR;
/* Personalisation string tests */
/* Test detection of too large personlisation string */
if (FIPS_drbg_instantiate(dctx, td->pers, dctx->max_pers + 1) > 0)
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_PERSONALISATION_ERROR_UNDETECTED);
goto err;
}
/* Entropy source tests */
/* Test entropy source failure detecion: i.e. returns no data */
t.entlen = 0;
if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
goto err;
}
/* Try to generate output from uninstantiated DRBG */
if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
td->adin, td->adinlen))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_GENERATE_ERROR_UNDETECTED);
goto err;
}
dctx->iflags &= ~DRBG_FLAG_NOERR;
if (!FIPS_drbg_uninstantiate(dctx))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
if (!do_drbg_init(dctx, td, &t))
goto err;
dctx->iflags |= DRBG_FLAG_NOERR;
/* Test insufficient entropy */
t.entlen = dctx->min_entropy - 1;
if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
goto err;
}
dctx->iflags &= ~DRBG_FLAG_NOERR;
if (!FIPS_drbg_uninstantiate(dctx))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
/* Test too much entropy */
if (!do_drbg_init(dctx, td, &t))
goto err;
dctx->iflags |= DRBG_FLAG_NOERR;
t.entlen = dctx->max_entropy + 1;
if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
goto err;
}
dctx->iflags &= ~DRBG_FLAG_NOERR;
if (!FIPS_drbg_uninstantiate(dctx))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
/* Nonce tests */
/* Test too small nonce */
if (dctx->min_nonce)
{
if (!do_drbg_init(dctx, td, &t))
goto err;
dctx->iflags |= DRBG_FLAG_NOERR;
t.noncelen = dctx->min_nonce - 1;
if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_NONCE_ERROR_UNDETECTED);
goto err;
}
dctx->iflags &= ~DRBG_FLAG_NOERR;
if (!FIPS_drbg_uninstantiate(dctx))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
}
/* Test too large nonce */
if (dctx->max_nonce)
{
if (!do_drbg_init(dctx, td, &t))
goto err;
dctx->iflags |= DRBG_FLAG_NOERR;
t.noncelen = dctx->max_nonce + 1;
if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_NONCE_ERROR_UNDETECTED);
goto err;
}
dctx->iflags &= ~DRBG_FLAG_NOERR;
if (!FIPS_drbg_uninstantiate(dctx))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
}
/* Instantiate with valid data. */
if (!do_drbg_instantiate(dctx, td, &t))
goto err;
/* Check generation is now OK */
if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
td->adin, td->adinlen))
goto err;
dctx->iflags |= DRBG_FLAG_NOERR;
/* Request too much data for one request */
if (FIPS_drbg_generate(dctx, randout, dctx->max_request + 1, 0,
td->adin, td->adinlen))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED);
goto err;
}
/* Try too large additional input */
if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
td->adin, dctx->max_adin + 1))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
goto err;
}
/* Check prediction resistance request fails if entropy source
* failure.
*/
t.entlen = 0;
if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
td->adin, td->adinlen))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
goto err;
}
dctx->iflags &= ~DRBG_FLAG_NOERR;
if (!FIPS_drbg_uninstantiate(dctx))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
/* Instantiate again with valid data */
if (!do_drbg_instantiate(dctx, td, &t))
goto err;
/* Test reseed counter works */
/* Save initial reseed counter */
reseed_counter_tmp = dctx->reseed_counter;
/* Set reseed counter to beyond interval */
dctx->reseed_counter = dctx->reseed_interval;
/* Generate output and check entropy has been requested for reseed */
t.entcnt = 0;
if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
td->adin, td->adinlen))
goto err;
if (t.entcnt != 1)
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
goto err;
}
/* Check reseed counter has been reset */
if (dctx->reseed_counter != reseed_counter_tmp + 1)
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
goto err;
}
dctx->iflags &= ~DRBG_FLAG_NOERR;
if (!FIPS_drbg_uninstantiate(dctx))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
/* Check prediction resistance request fails if entropy source
* failure.
*/
t.entlen = 0;
dctx->iflags |= DRBG_FLAG_NOERR;
if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
td->adin, td->adinlen))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
goto err;
}
dctx->iflags &= ~DRBG_FLAG_NOERR;
if (!FIPS_drbg_uninstantiate(dctx))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
if (!do_drbg_instantiate(dctx, td, &t))
goto err;
/* Test reseed counter works */
/* Save initial reseed counter */
reseed_counter_tmp = dctx->reseed_counter;
/* Set reseed counter to beyond interval */
dctx->reseed_counter = dctx->reseed_interval;
/* Generate output and check entropy has been requested for reseed */
t.entcnt = 0;
if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
td->adin, td->adinlen))
goto err;
if (t.entcnt != 1)
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
goto err;
}
/* Check reseed counter has been reset */
if (dctx->reseed_counter != reseed_counter_tmp + 1)
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
goto err;
}
dctx->iflags &= ~DRBG_FLAG_NOERR;
if (!FIPS_drbg_uninstantiate(dctx))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
/* Explicit reseed tests */
/* Test explicit reseed with too large additional input */
if (!do_drbg_init(dctx, td, &t))
goto err;
dctx->iflags |= DRBG_FLAG_NOERR;
if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0)
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
goto err;
}
/* Test explicit reseed with entropy source failure */
t.entlen = 0;
if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
goto err;
}
if (!FIPS_drbg_uninstantiate(dctx))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
/* Test explicit reseed with too much entropy */
if (!do_drbg_init(dctx, td, &t))
goto err;
dctx->iflags |= DRBG_FLAG_NOERR;
t.entlen = dctx->max_entropy + 1;
if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
goto err;
}
if (!FIPS_drbg_uninstantiate(dctx))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
/* Test explicit reseed with too little entropy */
if (!do_drbg_init(dctx, td, &t))
goto err;
dctx->iflags |= DRBG_FLAG_NOERR;
t.entlen = dctx->min_entropy - 1;
if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
goto err;
}
if (!FIPS_drbg_uninstantiate(dctx))
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
goto err;
}
p = (unsigned char *)&dctx->d;
/* Standard says we have to check uninstantiate really zeroes
* the data...
*/
for (i = 0; i < sizeof(dctx->d); i++)
{
if (*p != 0)
{
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ZEROISE_ERROR);
goto err;
}
p++;
}
return 1;
err:
/* A real error as opposed to an induced one: underlying function will
* indicate the error.
*/
if (!(dctx->iflags & DRBG_FLAG_NOERR))
FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_FUNCTION_ERROR);
FIPS_drbg_uninstantiate(dctx);
return 0;
}
int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags)
{
DRBG_SELFTEST_DATA *td;
flags |= DRBG_FLAG_TEST;
for (td = drbg_test; td->nid != 0; td++)
{
if (td->nid == nid && td->flags == flags)
{
if (!fips_drbg_single_kat(dctx, td, 0))
return 0;
return fips_drbg_error_check(dctx, td);
}
}
return 0;
}
int FIPS_drbg_health_check(DRBG_CTX *dctx)
{
int rv;
DRBG_CTX *tctx = NULL;
tctx = FIPS_drbg_new(0, 0);
fips_post_started(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
if (!tctx)
return 0;
rv = fips_drbg_kat(tctx, dctx->type, dctx->xflags);
if (tctx)
FIPS_drbg_free(tctx);
if (rv)
fips_post_success(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
else
fips_post_failed(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
if (!rv)
dctx->status = DRBG_STATUS_ERROR;
else
dctx->health_check_cnt = 0;
return rv;
}
int FIPS_selftest_drbg(void)
{
DRBG_CTX *dctx;
DRBG_SELFTEST_DATA *td;
int rv = 1;
dctx = FIPS_drbg_new(0, 0);
if (!dctx)
return 0;
for (td = drbg_test; td->nid != 0; td++)
{
if (td->post != 1)
continue;
if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
return 1;
if (!fips_drbg_single_kat(dctx, td, 1))
{
fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
rv = 0;
continue;
}
if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
return 0;
}
FIPS_drbg_free(dctx);
return rv;
}
int FIPS_selftest_drbg_all(void)
{
DRBG_CTX *dctx;
DRBG_SELFTEST_DATA *td;
int rv = 1;
dctx = FIPS_drbg_new(0, 0);
if (!dctx)
return 0;
for (td = drbg_test; td->nid != 0; td++)
{
if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
return 1;
if (!fips_drbg_single_kat(dctx, td, 0))
{
fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
rv = 0;
continue;
}
if (!fips_drbg_error_check(dctx, td))
{
fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
rv = 0;
continue;
}
if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
return 0;
}
FIPS_drbg_free(dctx);
return rv;
}

4012
fips/rand/fips_drbg_selftest.h
View File

File diff suppressed because it is too large Load Diff

416
fips/rand/fips_drbgvs.c
View File

@ -1,416 +0,0 @@
/* fips/rand/fips_drbgvs.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include <openssl/opensslconf.h>
#ifndef OPENSSL_FIPS
#include <stdio.h>
int main(int argc, char **argv)
{
printf("No FIPS DRBG support\n");
return(0);
}
#else
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <string.h>
#include <ctype.h>
#include "fips_utl.h"
static int dparse_md(char *str)
{
switch(atoi(str + 5))
{
case 1:
return NID_sha1;
case 224:
return NID_sha224;
case 256:
return NID_sha256;
case 384:
return NID_sha384;
case 512:
return NID_sha512;
}
return NID_undef;
}
static int parse_ec(char *str)
{
int curve_nid, md_nid;
char *md;
md = strchr(str, ' ');
if (!md)
return NID_undef;
if (!strncmp(str, "[P-256", 6))
curve_nid = NID_X9_62_prime256v1;
else if (!strncmp(str, "[P-384", 6))
curve_nid = NID_secp384r1;
else if (!strncmp(str, "[P-521", 6))
curve_nid = NID_secp521r1;
else
return NID_undef;
md_nid = dparse_md(md);
if (md_nid == NID_undef)
return NID_undef;
return (curve_nid << 16) | md_nid;
}
static int parse_aes(char *str, int *pdf)
{
if (!strncmp(str + 9, "no", 2))
*pdf = 0;
else
*pdf = DRBG_FLAG_CTR_USE_DF;
switch(atoi(str + 5))
{
case 128:
return NID_aes_128_ctr;
case 192:
return NID_aes_192_ctr;
case 256:
return NID_aes_256_ctr;
default:
return NID_undef;
}
}
typedef struct
{
unsigned char *ent;
size_t entlen;
unsigned char *nonce;
size_t noncelen;
} TEST_ENT;
static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len)
{
TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
*pout = (unsigned char *)t->ent;
return t->entlen;
}
static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len)
{
TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
*pout = (unsigned char *)t->nonce;
return t->noncelen;
}
#ifdef FIPS_ALGVS
int fips_drbgvs_main(int argc,char **argv)
#else
int main(int argc,char **argv)
#endif
{
FILE *in = NULL, *out = NULL;
DRBG_CTX *dctx = NULL;
TEST_ENT t;
int r, nid = 0;
int pr = 0;
char buf[2048], lbuf[2048];
unsigned char randout[2048];
char *keyword = NULL, *value = NULL;
unsigned char *ent = NULL, *nonce = NULL, *pers = NULL, *adin = NULL;
long entlen, noncelen, perslen, adinlen;
int df = 0;
enum dtype { DRBG_NONE, DRBG_CTR, DRBG_HASH, DRBG_HMAC, DRBG_DUAL_EC }
drbg_type = DRBG_NONE;
int randoutlen = 0;
int gen = 0;
fips_algtest_init();
if (argc == 3)
{
in = fopen(argv[1], "r");
if (!in)
{
fprintf(stderr, "Error opening input file\n");
exit(1);
}
out = fopen(argv[2], "w");
if (!out)
{
fprintf(stderr, "Error opening output file\n");
exit(1);
}
}
else if (argc == 1)
{
in = stdin;
out = stdout;
}
else
{
fprintf(stderr,"%s (infile outfile)\n",argv[0]);
exit(1);
}
while (fgets(buf, sizeof(buf), in) != NULL)
{
fputs(buf, out);
if (drbg_type == DRBG_NONE)
{
if (strstr(buf, "CTR_DRBG"))
drbg_type = DRBG_CTR;
else if (strstr(buf, "Hash_DRBG"))
drbg_type = DRBG_HASH;
else if (strstr(buf, "HMAC_DRBG"))
drbg_type = DRBG_HMAC;
else if (strstr(buf, "Dual_EC_DRBG"))
drbg_type = DRBG_DUAL_EC;
else
continue;
}
if (strlen(buf) > 4 && !strncmp(buf, "[SHA-", 5))
{
nid = dparse_md(buf);
if (nid == NID_undef)
exit(1);
if (drbg_type == DRBG_HMAC)
{
switch (nid)
{
case NID_sha1:
nid = NID_hmacWithSHA1;
break;
case NID_sha224:
nid = NID_hmacWithSHA224;
break;
case NID_sha256:
nid = NID_hmacWithSHA256;
break;
case NID_sha384:
nid = NID_hmacWithSHA384;
break;
case NID_sha512:
nid = NID_hmacWithSHA512;
break;
default:
exit(1);
}
}
}
if (strlen(buf) > 12 && !strncmp(buf, "[AES-", 5))
{
nid = parse_aes(buf, &df);
if (nid == NID_undef)
exit(1);
}
if (strlen(buf) > 12 && !strncmp(buf, "[P-", 3))
{
nid = parse_ec(buf);
if (nid == NID_undef)
exit(1);
}
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
if (!strcmp(keyword, "[PredictionResistance"))
{
if (!strcmp(value, "True]"))
pr = 1;
else if (!strcmp(value, "False]"))
pr = 0;
else
exit(1);
}
if (!strcmp(keyword, "EntropyInput"))
{
ent = hex2bin_m(value, &entlen);
t.ent = ent;
t.entlen = entlen;
}
if (!strcmp(keyword, "Nonce"))
{
nonce = hex2bin_m(value, &noncelen);
t.nonce = nonce;
t.noncelen = noncelen;
}
if (!strcmp(keyword, "PersonalizationString"))
{
pers = hex2bin_m(value, &perslen);
if (nid == 0)
{
fprintf(stderr, "DRBG type not recognised!\n");
exit (1);
}
dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST);
if (!dctx)
exit (1);
FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0,
test_nonce, 0);
FIPS_drbg_set_app_data(dctx, &t);
randoutlen = (int)FIPS_drbg_get_blocklength(dctx);
r = FIPS_drbg_instantiate(dctx, pers, perslen);
if (!r)
{
fprintf(stderr, "Error instantiating DRBG\n");
exit(1);
}
OPENSSL_free(pers);
OPENSSL_free(ent);
OPENSSL_free(nonce);
ent = nonce = pers = NULL;
gen = 0;
}
if (!strcmp(keyword, "AdditionalInput"))
{
adin = hex2bin_m(value, &adinlen);
if (pr)
continue;
r = FIPS_drbg_generate(dctx, randout, randoutlen, 0,
adin, adinlen);
if (!r)
{
fprintf(stderr, "Error generating DRBG bits\n");
exit(1);
}
if (!r)
exit(1);
OPENSSL_free(adin);
adin = NULL;
gen++;
}
if (pr)
{
if (!strcmp(keyword, "EntropyInputPR"))
{
ent = hex2bin_m(value, &entlen);
t.ent = ent;
t.entlen = entlen;
r = FIPS_drbg_generate(dctx,
randout, randoutlen,
1, adin, adinlen);
if (!r)
{
fprintf(stderr,
"Error generating DRBG bits\n");
exit(1);
}
OPENSSL_free(adin);
OPENSSL_free(ent);
adin = ent = NULL;
gen++;
}
}
if (!strcmp(keyword, "EntropyInputReseed"))
{
ent = hex2bin_m(value, &entlen);
t.ent = ent;
t.entlen = entlen;
}
if (!strcmp(keyword, "AdditionalInputReseed"))
{
adin = hex2bin_m(value, &adinlen);
FIPS_drbg_reseed(dctx, adin, adinlen);
OPENSSL_free(ent);
OPENSSL_free(adin);
ent = adin = NULL;
}
if (gen == 2)
{
OutputValue("ReturnedBits", randout, randoutlen,
out, 0);
FIPS_drbg_free(dctx);
dctx = NULL;
gen = 0;
}
}
if (in && in != stdin)
fclose(in);
if (out && out != stdout)
fclose(out);
return 0;
}
#endif

432
fips/rand/fips_rand.c
View File

@ -1,432 +0,0 @@
/* ====================================================================
* Copyright (c) 2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define OPENSSL_FIPSAPI
/*
* This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4.
*/
#include <openssl/crypto.h>
#include "e_os.h"
/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't
be defined and gettimeofday() won't be declared with strict compilers
like DEC C in ANSI C mode. */
#ifndef _XOPEN_SOURCE_EXTENDED
#define _XOPEN_SOURCE_EXTENDED 1
#endif
#include <openssl/rand.h>
#include <openssl/aes.h>
#include <openssl/err.h>
#include <openssl/fips_rand.h>
#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS))
# include <sys/time.h>
#endif
#if defined(OPENSSL_SYS_VXWORKS)
# include <time.h>
#endif
#include <assert.h>
#ifndef OPENSSL_SYS_WIN32
# ifdef OPENSSL_UNISTD
# include OPENSSL_UNISTD
# else
# include <unistd.h>
# endif
#endif
#include <string.h>
#include <openssl/fips.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS
void *OPENSSL_stderr(void);
#define AES_BLOCK_LENGTH 16
/* AES FIPS PRNG implementation */
typedef struct
{
int seeded;
int keyed;
int test_mode;
int second;
int error;
unsigned long counter;
AES_KEY ks;
int vpos;
/* Temporary storage for key if it equals seed length */
unsigned char tmp_key[AES_BLOCK_LENGTH];
unsigned char V[AES_BLOCK_LENGTH];
unsigned char DT[AES_BLOCK_LENGTH];
unsigned char last[AES_BLOCK_LENGTH];
} FIPS_PRNG_CTX;
static FIPS_PRNG_CTX sctx;
static int fips_prng_fail = 0;
void FIPS_x931_stick(int onoff)
{
fips_prng_fail = onoff;
}
static void fips_rand_prng_reset(FIPS_PRNG_CTX *ctx)
{
ctx->seeded = 0;
ctx->keyed = 0;
ctx->test_mode = 0;
ctx->counter = 0;
ctx->second = 0;
ctx->error = 0;
ctx->vpos = 0;
OPENSSL_cleanse(ctx->V, AES_BLOCK_LENGTH);
OPENSSL_cleanse(&ctx->ks, sizeof(AES_KEY));
}
static int fips_set_prng_key(FIPS_PRNG_CTX *ctx,
const unsigned char *key, unsigned int keylen)
{
if (FIPS_selftest_failed())
{
FIPSerr(FIPS_F_FIPS_SET_PRNG_KEY, FIPS_R_SELFTEST_FAILED);
return 0;
}
if (keylen != 16 && keylen != 24 && keylen != 32)
{
/* error: invalid key size */
return 0;
}
AES_set_encrypt_key(key, keylen << 3, &ctx->ks);
if (keylen == 16)
{
memcpy(ctx->tmp_key, key, 16);
ctx->keyed = 2;
}
else
ctx->keyed = 1;
ctx->seeded = 0;
ctx->second = 0;
return 1;
}
static int fips_set_prng_seed(FIPS_PRNG_CTX *ctx,
const unsigned char *seed, unsigned int seedlen)
{
unsigned int i;
if (!ctx->keyed)
return 0;
/* In test mode seed is just supplied data */
if (ctx->test_mode)
{
if (seedlen != AES_BLOCK_LENGTH)
return 0;
memcpy(ctx->V, seed, AES_BLOCK_LENGTH);
ctx->seeded = 1;
return 1;
}
/* Outside test mode XOR supplied data with existing seed */
for (i = 0; i < seedlen; i++)
{
ctx->V[ctx->vpos++] ^= seed[i];
if (ctx->vpos == AES_BLOCK_LENGTH)
{
ctx->vpos = 0;
/* Special case if first seed and key length equals
* block size check key and seed do not match.
*/
if (ctx->keyed == 2)
{
if (!memcmp(ctx->tmp_key, ctx->V, 16))
{
RANDerr(RAND_F_FIPS_SET_PRNG_SEED,
RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY);
return 0;
}
OPENSSL_cleanse(ctx->tmp_key, 16);
ctx->keyed = 1;
}
ctx->seeded = 1;
}
}
return 1;
}
static int fips_set_test_mode(FIPS_PRNG_CTX *ctx)
{
if (ctx->keyed)
{
RANDerr(RAND_F_FIPS_SET_TEST_MODE,RAND_R_PRNG_KEYED);
return 0;
}
ctx->test_mode = 1;
return 1;
}
int FIPS_x931_test_mode(void)
{
return fips_set_test_mode(&sctx);
}
int FIPS_x931_set_dt(unsigned char *dt)
{
if (!sctx.test_mode)
{
RANDerr(RAND_F_FIPS_X931_SET_DT,RAND_R_NOT_IN_TEST_MODE);
return 0;
}
memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
return 1;
}
void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr)
{
#ifdef OPENSSL_SYS_WIN32
FILETIME ft;
#elif defined(OPENSSL_SYS_VXWORKS)
struct timespec ts;
#else
struct timeval tv;
#endif
#ifndef GETPID_IS_MEANINGLESS
unsigned long pid;
#endif
#ifdef OPENSSL_SYS_WIN32
GetSystemTimeAsFileTime(&ft);
buf[0] = (unsigned char) (ft.dwHighDateTime & 0xff);
buf[1] = (unsigned char) ((ft.dwHighDateTime >> 8) & 0xff);
buf[2] = (unsigned char) ((ft.dwHighDateTime >> 16) & 0xff);
buf[3] = (unsigned char) ((ft.dwHighDateTime >> 24) & 0xff);
buf[4] = (unsigned char) (ft.dwLowDateTime & 0xff);
buf[5] = (unsigned char) ((ft.dwLowDateTime >> 8) & 0xff);
buf[6] = (unsigned char) ((ft.dwLowDateTime >> 16) & 0xff);
buf[7] = (unsigned char) ((ft.dwLowDateTime >> 24) & 0xff);
#elif defined(OPENSSL_SYS_VXWORKS)
clock_gettime(CLOCK_REALTIME, &ts);
buf[0] = (unsigned char) (ts.tv_sec & 0xff);
buf[1] = (unsigned char) ((ts.tv_sec >> 8) & 0xff);
buf[2] = (unsigned char) ((ts.tv_sec >> 16) & 0xff);
buf[3] = (unsigned char) ((ts.tv_sec >> 24) & 0xff);
buf[4] = (unsigned char) (ts.tv_nsec & 0xff);
buf[5] = (unsigned char) ((ts.tv_nsec >> 8) & 0xff);
buf[6] = (unsigned char) ((ts.tv_nsec >> 16) & 0xff);
buf[7] = (unsigned char) ((ts.tv_nsec >> 24) & 0xff);
#else
gettimeofday(&tv,NULL);
buf[0] = (unsigned char) (tv.tv_sec & 0xff);
buf[1] = (unsigned char) ((tv.tv_sec >> 8) & 0xff);
buf[2] = (unsigned char) ((tv.tv_sec >> 16) & 0xff);
buf[3] = (unsigned char) ((tv.tv_sec >> 24) & 0xff);
buf[4] = (unsigned char) (tv.tv_usec & 0xff);
buf[5] = (unsigned char) ((tv.tv_usec >> 8) & 0xff);
buf[6] = (unsigned char) ((tv.tv_usec >> 16) & 0xff);
buf[7] = (unsigned char) ((tv.tv_usec >> 24) & 0xff);
#endif
buf[8] = (unsigned char) (*pctr & 0xff);
buf[9] = (unsigned char) ((*pctr >> 8) & 0xff);
buf[10] = (unsigned char) ((*pctr >> 16) & 0xff);
buf[11] = (unsigned char) ((*pctr >> 24) & 0xff);
(*pctr)++;
#ifndef GETPID_IS_MEANINGLESS
pid=(unsigned long)getpid();
buf[12] = (unsigned char) (pid & 0xff);
buf[13] = (unsigned char) ((pid >> 8) & 0xff);
buf[14] = (unsigned char) ((pid >> 16) & 0xff);
buf[15] = (unsigned char) ((pid >> 24) & 0xff);
#endif
}
static int fips_rand(FIPS_PRNG_CTX *ctx,
unsigned char *out, unsigned int outlen)
{
unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH];
unsigned char tmp[AES_BLOCK_LENGTH];
int i;
if (ctx->error)
{
RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_ERROR);
return 0;
}
if (!ctx->keyed)
{
RANDerr(RAND_F_FIPS_RAND,RAND_R_NO_KEY_SET);
return 0;
}
if (!ctx->seeded)
{
RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_NOT_SEEDED);
return 0;
}
for (;;)
{
if (!ctx->test_mode)
FIPS_get_timevec(ctx->DT, &ctx->counter);
AES_encrypt(ctx->DT, I, &ctx->ks);
for (i = 0; i < AES_BLOCK_LENGTH; i++)
tmp[i] = I[i] ^ ctx->V[i];
AES_encrypt(tmp, R, &ctx->ks);
for (i = 0; i < AES_BLOCK_LENGTH; i++)
tmp[i] = R[i] ^ I[i];
AES_encrypt(tmp, ctx->V, &ctx->ks);
/* Continuous PRNG test */
if (ctx->second)
{
if (fips_prng_fail)
memcpy(ctx->last, R, AES_BLOCK_LENGTH);
if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH))
{
RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_STUCK);
ctx->error = 1;
fips_set_selftest_fail();
return 0;
}
}
memcpy(ctx->last, R, AES_BLOCK_LENGTH);
if (!ctx->second)
{
ctx->second = 1;
if (!ctx->test_mode)
continue;
}
if (outlen <= AES_BLOCK_LENGTH)
{
memcpy(out, R, outlen);
break;
}
memcpy(out, R, AES_BLOCK_LENGTH);
out += AES_BLOCK_LENGTH;
outlen -= AES_BLOCK_LENGTH;
}
return 1;
}
int FIPS_x931_set_key(const unsigned char *key, int keylen)
{
int ret;
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
ret = fips_set_prng_key(&sctx, key, keylen);
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
return ret;
}
int FIPS_x931_seed(const void *seed, int seedlen)
{
int ret;
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
ret = fips_set_prng_seed(&sctx, seed, seedlen);
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
return ret;
}
int FIPS_x931_bytes(unsigned char *out, int count)
{
int ret;
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
ret = fips_rand(&sctx, out, count);
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
return ret;
}
int FIPS_x931_status(void)
{
int ret;
CRYPTO_r_lock(CRYPTO_LOCK_RAND);
ret = sctx.seeded;
CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
return ret;
}
void FIPS_x931_reset(void)
{
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
fips_rand_prng_reset(&sctx);
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
}
static int fips_do_rand_seed(const void *seed, int seedlen)
{
FIPS_x931_seed(seed, seedlen);
return 1;
}
static int fips_do_rand_add(const void *seed, int seedlen,
double add_entropy)
{
FIPS_x931_seed(seed, seedlen);
return 1;
}
static const RAND_METHOD rand_x931_meth=
{
fips_do_rand_seed,
FIPS_x931_bytes,
FIPS_x931_reset,
fips_do_rand_add,
FIPS_x931_bytes,
FIPS_x931_status
};
const RAND_METHOD *FIPS_x931_method(void)
{
return &rand_x931_meth;
}
#endif

135
fips/rand/fips_rand.h
View File

@ -1,135 +0,0 @@
/* ====================================================================
* Copyright (c) 2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef HEADER_FIPS_RAND_H
#define HEADER_FIPS_RAND_H
#include <openssl/aes.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/ec.h>
#ifdef OPENSSL_FIPS
#ifdef __cplusplus
extern "C" {
#endif
int FIPS_x931_set_key(const unsigned char *key, int keylen);
int FIPS_x931_seed(const void *buf, int num);
int FIPS_x931_bytes(unsigned char *out, int outlen);
int FIPS_x931_test_mode(void);
void FIPS_x931_reset(void);
int FIPS_x931_set_dt(unsigned char *dt);
int FIPS_x931_status(void);
const RAND_METHOD *FIPS_x931_method(void);
typedef struct drbg_ctx_st DRBG_CTX;
/* DRBG external flags */
/* Flag for CTR mode only: use derivation function ctr_df */
#define DRBG_FLAG_CTR_USE_DF 0x1
/* PRNG is in test state */
#define DRBG_FLAG_TEST 0x2
DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags);
int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags);
int FIPS_drbg_instantiate(DRBG_CTX *dctx,
const unsigned char *pers, size_t perslen);
int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin, size_t adinlen);
int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
int prediction_resistance,
const unsigned char *adin, size_t adinlen);
int FIPS_drbg_uninstantiate(DRBG_CTX *dctx);
void FIPS_drbg_free(DRBG_CTX *dctx);
int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len),
void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
size_t entropy_blocklen,
size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len),
void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen));
int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout),
void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num),
int (*rand_add_cb)(DRBG_CTX *ctx,
const void *buf, int num, double entropy));
void *FIPS_drbg_get_app_data(DRBG_CTX *ctx);
void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data);
size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx);
int FIPS_drbg_get_strength(DRBG_CTX *dctx);
void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval);
void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval);
int FIPS_drbg_health_check(DRBG_CTX *dctx);
DRBG_CTX *FIPS_get_default_drbg(void);
const RAND_METHOD *FIPS_drbg_method(void);
int FIPS_rand_set_method(const RAND_METHOD *meth);
const RAND_METHOD *FIPS_rand_get_method(void);
void FIPS_rand_set_bits(int nbits);
int FIPS_rand_strength(void);
#ifdef __cplusplus
}
#endif
#endif
#endif

241
fips/rand/fips_rand_lcl.h
View File

@ -1,241 +0,0 @@
/* fips/rand/fips_rand_lcl.h */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
typedef struct drbg_hash_ctx_st DRBG_HASH_CTX;
typedef struct drbg_hmac_ctx_st DRBG_HMAC_CTX;
typedef struct drbg_ctr_ctx_st DRBG_CTR_CTX;
typedef struct drbg_ec_ctx_st DRBG_EC_CTX;
/* 888 bits from 10.1 table 2 */
#define HASH_PRNG_MAX_SEEDLEN 111
struct drbg_hash_ctx_st
{
const EVP_MD *md;
EVP_MD_CTX mctx;
unsigned char V[HASH_PRNG_MAX_SEEDLEN];
unsigned char C[HASH_PRNG_MAX_SEEDLEN];
/* Temporary value storage: should always exceed max digest length */
unsigned char vtmp[HASH_PRNG_MAX_SEEDLEN];
};
struct drbg_hmac_ctx_st
{
const EVP_MD *md;
HMAC_CTX hctx;
unsigned char K[EVP_MAX_MD_SIZE];
unsigned char V[EVP_MAX_MD_SIZE];
};
struct drbg_ctr_ctx_st
{
AES_KEY ks;
size_t keylen;
unsigned char K[32];
unsigned char V[16];
/* Temp variables used by derivation function */
AES_KEY df_ks;
AES_KEY df_kxks;
/* Temporary block storage used by ctr_df */
unsigned char bltmp[16];
size_t bltmp_pos;
unsigned char KX[48];
};
/* Maximum seed length */
#define EC_PRNG_MAX_SEEDLEN 66
struct drbg_ec_ctx_st
{
/* Message digest to use */
const EVP_MD *md;
/* Curve to use: generator is point P */
EC_GROUP *curve;
/* Point Q */
EC_POINT *Q;
/* Temporary point */
EC_POINT *ptmp;
size_t exbits;
/* Secret s value */
BIGNUM *s;
/* Buffer to store byte version of s value */
unsigned char sbuf[EC_PRNG_MAX_SEEDLEN];
/* Buffer to store byte version of t value */
unsigned char tbuf[EC_PRNG_MAX_SEEDLEN];
/* Digest context */
EVP_MD_CTX mctx;
/* Temporary value storage: should always exceed max digest length */
unsigned char vtmp[EC_PRNG_MAX_SEEDLEN];
/* Temp BN context */
BN_CTX *bctx;
};
/* DRBG internal flags */
/* Functions shouldn't call err library */
#define DRBG_FLAG_NOERR 0x1
/* Custom reseed checking */
#define DRBG_CUSTOM_RESEED 0x2
/* DRBG status values */
/* not initialised */
#define DRBG_STATUS_UNINITIALISED 0
/* ok and ready to generate random bits */
#define DRBG_STATUS_READY 1
/* reseed required */
#define DRBG_STATUS_RESEED 2
/* fatal error condition */
#define DRBG_STATUS_ERROR 3
/* A default maximum length: larger than any reasonable value used in pratice */
#define DRBG_MAX_LENGTH 0x7ffffff0
/* Maximum DRBG block length: all md sizes are bigger than cipher blocks sizes
* so use max digest length.
*/
#define DRBG_MAX_BLOCK EVP_MAX_MD_SIZE
#define DRBG_HEALTH_INTERVAL (1 << 24)
/* DRBG context structure */
struct drbg_ctx_st
{
/* First types common to all implementations */
/* DRBG type: a NID for the underlying algorithm */
int type;
/* Various external flags */
unsigned int xflags;
/* Various internal use only flags */
unsigned int iflags;
/* Used for periodic health checks */
int health_check_cnt, health_check_interval;
/* The following parameters are setup by mechanism drbg_init() call */
int strength;
size_t blocklength;
size_t max_request;
size_t min_entropy, max_entropy;
size_t min_nonce, max_nonce;
size_t max_pers, max_adin;
unsigned int reseed_counter;
unsigned int reseed_interval;
size_t seedlen;
int status;
/* Application data: typically used by test get_entropy */
void *app_data;
/* Implementation specific structures */
union
{
DRBG_HASH_CTX hash;
DRBG_HMAC_CTX hmac;
DRBG_CTR_CTX ctr;
DRBG_EC_CTX ec;
} d;
/* Initialiase PRNG and setup callbacks below */
int (*init)(DRBG_CTX *ctx, int nid, int security, unsigned int flags);
/* Intantiate PRNG */
int (*instantiate)(DRBG_CTX *ctx,
const unsigned char *ent, size_t entlen,
const unsigned char *nonce, size_t noncelen,
const unsigned char *pers, size_t perslen);
/* reseed */
int (*reseed)(DRBG_CTX *ctx,
const unsigned char *ent, size_t entlen,
const unsigned char *adin, size_t adinlen);
/* generat output */
int (*generate)(DRBG_CTX *ctx,
unsigned char *out, size_t outlen,
const unsigned char *adin, size_t adinlen);
/* uninstantiate */
int (*uninstantiate)(DRBG_CTX *ctx);
/* Entropy source block length */
size_t entropy_blocklen;
/* entropy gathering function */
size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len);
/* Indicates we have finished with entropy buffer */
void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
/* nonce gathering function */
size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len);
/* Indicates we have finished with nonce buffer */
void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
/* Continuous random number test temporary area */
/* Last block */
unsigned char lb[EVP_MAX_MD_SIZE];
/* set if lb is valid */
int lb_valid;
/* Callbacks used when called through RAND interface */
/* Get any additional input for generate */
size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout);
void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
/* Callback for RAND_seed(), RAND_add() */
int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num);
int (*rand_add_cb)(DRBG_CTX *ctx,
const void *buf, int num, double entropy);
};
int fips_drbg_ctr_init(DRBG_CTX *dctx);
int fips_drbg_hash_init(DRBG_CTX *dctx);
int fips_drbg_hmac_init(DRBG_CTX *dctx);
int fips_drbg_ec_init(DRBG_CTX *dctx);
int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags);
int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out);

181
fips/rand/fips_rand_lib.c
View File

@ -1,181 +0,0 @@
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define OPENSSL_FIPSAPI
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include "e_os.h"
/* FIPS API for PRNG use. Similar to RAND functionality but without
* ENGINE and additional checking for non-FIPS rand methods.
*/
static const RAND_METHOD *fips_rand_meth = NULL;
static int fips_approved_rand_meth = 0;
static int fips_rand_bits = 0;
/* Allows application to override number of bits and uses non-FIPS methods */
void FIPS_rand_set_bits(int nbits)
{
fips_rand_bits = nbits;
}
int FIPS_rand_set_method(const RAND_METHOD *meth)
{
if (!fips_rand_bits)
{
if (meth == FIPS_drbg_method())
fips_approved_rand_meth = 1;
else if (meth == FIPS_x931_method())
fips_approved_rand_meth = 2;
else
{
fips_approved_rand_meth = 0;
if (FIPS_module_mode())
{
FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD,
FIPS_R_NON_FIPS_METHOD);
return 0;
}
}
}
fips_rand_meth = meth;
return 1;
}
const RAND_METHOD *FIPS_rand_get_method(void)
{
return fips_rand_meth;
}
void FIPS_rand_seed(const void *buf, int num)
{
if (!fips_approved_rand_meth && FIPS_module_mode())
{
FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
return;
}
if (fips_rand_meth && fips_rand_meth->seed)
fips_rand_meth->seed(buf,num);
}
void FIPS_rand_add(const void *buf, int num, double entropy)
{
if (!fips_approved_rand_meth && FIPS_module_mode())
{
FIPSerr(FIPS_F_FIPS_RAND_ADD, FIPS_R_NON_FIPS_METHOD);
return;
}
if (fips_rand_meth && fips_rand_meth->add)
fips_rand_meth->add(buf,num,entropy);
}
int FIPS_rand_bytes(unsigned char *buf, int num)
{
if (!fips_approved_rand_meth && FIPS_module_mode())
{
FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
return 0;
}
if (fips_rand_meth && fips_rand_meth->bytes)
return fips_rand_meth->bytes(buf,num);
return 0;
}
int FIPS_rand_pseudo_bytes(unsigned char *buf, int num)
{
if (!fips_approved_rand_meth && FIPS_module_mode())
{
FIPSerr(FIPS_F_FIPS_RAND_PSEUDO_BYTES, FIPS_R_NON_FIPS_METHOD);
return 0;
}
if (fips_rand_meth && fips_rand_meth->pseudorand)
return fips_rand_meth->pseudorand(buf,num);
return -1;
}
int FIPS_rand_status(void)
{
if (!fips_approved_rand_meth && FIPS_module_mode())
{
FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
return 0;
}
if (fips_rand_meth && fips_rand_meth->status)
return fips_rand_meth->status();
return 0;
}
/* Return instantiated strength of PRNG. For DRBG this is an internal
* parameter. For X9.31 PRNG it is 80 bits (from SP800-131). Any other
* type of PRNG is not approved and returns 0 in FIPS mode and maximum
* 256 outside FIPS mode.
*/
int FIPS_rand_strength(void)
{
if (fips_rand_bits)
return fips_rand_bits;
if (fips_approved_rand_meth == 1)
return FIPS_drbg_get_strength(FIPS_get_default_drbg());
else if (fips_approved_rand_meth == 2)
return 80;
else if (fips_approved_rand_meth == 0)
{
if (FIPS_module_mode())
return 0;
else
return 256;
}
return 0;
}

175
fips/rand/fips_rand_selftest.c
View File

@ -1,175 +0,0 @@
/* ====================================================================
* Copyright (c) 2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/rand.h>
#include <openssl/fips_rand.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS
typedef struct
{
unsigned char DT[16];
unsigned char V[16];
unsigned char R[16];
} AES_PRNG_TV;
/* The following test vectors are taken directly from the RGNVS spec */
static unsigned char aes_128_key[16] =
{0xf3,0xb1,0x66,0x6d,0x13,0x60,0x72,0x42,
0xed,0x06,0x1c,0xab,0xb8,0xd4,0x62,0x02};
static AES_PRNG_TV aes_128_tv =
{
/* DT */
{0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xf9},
/* V */
{0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
/* R */
{0x59,0x53,0x1e,0xd1,0x3b,0xb0,0xc0,0x55,
0x84,0x79,0x66,0x85,0xc1,0x2f,0x76,0x41}
};
static unsigned char aes_192_key[24] =
{0x15,0xd8,0x78,0x0d,0x62,0xd3,0x25,0x6e,
0x44,0x64,0x10,0x13,0x60,0x2b,0xa9,0xbc,
0x4a,0xfb,0xca,0xeb,0x4c,0x8b,0x99,0x3b};
static AES_PRNG_TV aes_192_tv =
{
/* DT */
{0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4b},
/* V */
{0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
/* R */
{0x17,0x07,0xd5,0x28,0x19,0x79,0x1e,0xef,
0xa5,0x0c,0xbf,0x25,0xe5,0x56,0xb4,0x93}
};
static unsigned char aes_256_key[32] =
{0x6d,0x14,0x06,0x6c,0xb6,0xd8,0x21,0x2d,
0x82,0x8d,0xfa,0xf2,0x7a,0x03,0xb7,0x9f,
0x0c,0xc7,0x3e,0xcd,0x76,0xeb,0xee,0xb5,
0x21,0x05,0x8c,0x4f,0x31,0x7a,0x80,0xbb};
static AES_PRNG_TV aes_256_tv =
{
/* DT */
{0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x88},
/* V */
{0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
/* R */
{0x35,0xc7,0xef,0xa7,0x78,0x4d,0x29,0xbc,
0x82,0x79,0x99,0xfb,0xd0,0xb3,0x3b,0x72}
};
#define fips_x931_test(key, tv) \
do_x931_test(key, sizeof key, &tv)
static int do_x931_test(unsigned char *key, int keylen,
AES_PRNG_TV *tv)
{
unsigned char R[16], V[16];
int rv = 1;
memcpy(V, tv->V, sizeof(V));
if (!FIPS_x931_set_key(key, keylen))
return 0;
if (!fips_post_started(FIPS_TEST_X931, keylen, NULL))
return 1;
if (!fips_post_corrupt(FIPS_TEST_X931, keylen, NULL))
V[0]++;
FIPS_x931_seed(V, 16);
FIPS_x931_set_dt(tv->DT);
FIPS_x931_bytes(R, 16);
if (memcmp(R, tv->R, 16))
{
fips_post_failed(FIPS_TEST_X931, keylen, NULL);
rv = 0;
}
else if (!fips_post_success(FIPS_TEST_X931, keylen, NULL))
return 0;
return rv;
}
int FIPS_selftest_x931()
{
int rv = 1;
FIPS_x931_reset();
if (!FIPS_x931_test_mode())
{
FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
return 0;
}
if (!fips_x931_test(aes_128_key,aes_128_tv))
rv = 0;
if (!fips_x931_test(aes_192_key, aes_192_tv))
rv = 0;
if (!fips_x931_test(aes_256_key, aes_256_tv))
rv = 0;
FIPS_x931_reset();
if (!rv)
FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
return rv;
}
#endif

261
fips/rand/fips_randtest.c
View File

@ -1,261 +0,0 @@
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define OPENSSL_FIPSAPI
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include "e_os.h"
#ifndef OPENSSL_FIPS
int main(int argc, char *argv[])
{
printf("No FIPS RAND support\n");
return(0);
}
#else
#define OPENSSL_FIPSAPI
#include "fips_utl.h"
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
typedef struct
{
unsigned char DT[16];
unsigned char V[16];
unsigned char R[16];
} AES_PRNG_MCT;
__fips_constseg
static const unsigned char aes_128_mct_key[16] =
{0x9f,0x5b,0x51,0x20,0x0b,0xf3,0x34,0xb5,
0xd8,0x2b,0xe8,0xc3,0x72,0x55,0xc8,0x48};
__fips_constseg
static const AES_PRNG_MCT aes_128_mct_tv = {
/* DT */
{0x63,0x76,0xbb,0xe5,0x29,0x02,0xba,0x3b,
0x67,0xc9,0x25,0xfa,0x70,0x1f,0x11,0xac},
/* V */
{0x57,0x2c,0x8e,0x76,0x87,0x26,0x47,0x97,
0x7e,0x74,0xfb,0xdd,0xc4,0x95,0x01,0xd1},
/* R */
{0x48,0xe9,0xbd,0x0d,0x06,0xee,0x18,0xfb,
0xe4,0x57,0x90,0xd5,0xc3,0xfc,0x9b,0x73}
};
__fips_constseg
static const unsigned char aes_192_mct_key[24] =
{0xb7,0x6c,0x34,0xd1,0x09,0x67,0xab,0x73,
0x4d,0x5a,0xd5,0x34,0x98,0x16,0x0b,0x91,
0xbc,0x35,0x51,0x16,0x6b,0xae,0x93,0x8a};
__fips_constseg
static const AES_PRNG_MCT aes_192_mct_tv = {
/* DT */
{0x84,0xce,0x22,0x7d,0x91,0x5a,0xa3,0xc9,
0x84,0x3c,0x0a,0xb3,0xa9,0x63,0x15,0x52},
/* V */
{0xb6,0xaf,0xe6,0x8f,0x99,0x9e,0x90,0x64,
0xdd,0xc7,0x7a,0xc1,0xbb,0x90,0x3a,0x6d},
/* R */
{0xfc,0x85,0x60,0x9a,0x29,0x6f,0xef,0x21,
0xdd,0x86,0x20,0x32,0x8a,0x29,0x6f,0x47}
};
__fips_constseg
static const unsigned char aes_256_mct_key[32] =
{0x9b,0x05,0xc8,0x68,0xff,0x47,0xf8,0x3a,
0xa6,0x3a,0xa8,0xcb,0x4e,0x71,0xb2,0xe0,
0xb8,0x7e,0xf1,0x37,0xb6,0xb4,0xf6,0x6d,
0x86,0x32,0xfc,0x1f,0x5e,0x1d,0x1e,0x50};
__fips_constseg
static const AES_PRNG_MCT aes_256_mct_tv = {
/* DT */
{0x31,0x6e,0x35,0x9a,0xb1,0x44,0xf0,0xee,
0x62,0x6d,0x04,0x46,0xe0,0xa3,0x92,0x4c},
/* V */
{0x4f,0xcd,0xc1,0x87,0x82,0x1f,0x4d,0xa1,
0x3e,0x0e,0x56,0x44,0x59,0xe8,0x83,0xca},
/* R */
{0xc8,0x87,0xc2,0x61,0x5b,0xd0,0xb9,0xe1,
0xe7,0xf3,0x8b,0xd7,0x5b,0xd5,0xf1,0x8d}
};
static void dump(const unsigned char *b,int n)
{
while(n-- > 0)
{
printf(" %02x",*b++);
}
}
static void compare(const unsigned char *result,const unsigned char *expected,
int n)
{
int i;
for(i=0 ; i < n ; ++i)
if(result[i] != expected[i])
{
puts("Random test failed, got:");
dump(result,n);
puts("\n expected:");
dump(expected,n);
putchar('\n');
EXIT(1);
}
}
static void run_test(const unsigned char *key, int keylen,
const AES_PRNG_MCT *tv)
{
unsigned char buf[16], dt[16];
int i, j;
FIPS_x931_reset();
FIPS_x931_test_mode();
FIPS_x931_set_key(key, keylen);
FIPS_x931_seed(tv->V, 16);
memcpy(dt, tv->DT, 16);
for (i = 0; i < 10000; i++)
{
FIPS_x931_set_dt(dt);
FIPS_x931_bytes(buf, 16);
/* Increment DT */
for (j = 15; j >= 0; j--)
{
dt[j]++;
if (dt[j])
break;
}
}
compare(buf,tv->R, 16);
}
int main()
{
fips_algtest_init();
run_test(aes_128_mct_key, 16, &aes_128_mct_tv);
printf("FIPS PRNG test 1 done\n");
run_test(aes_192_mct_key, 24, &aes_192_mct_tv);
printf("FIPS PRNG test 2 done\n");
run_test(aes_256_mct_key, 32, &aes_256_mct_tv);
printf("FIPS PRNG test 3 done\n");
return 0;
}
#endif

258
fips/rand/fips_rngvs.c
View File

@ -1,258 +0,0 @@
/*
* Crude test driver for processing the VST and MCT testvector files
* generated by the CMVP RNGVS product.
*
* Note the input files are assumed to have a _very_ specific format
* as described in the NIST document "The Random Number Generator
* Validation System (RNGVS)", May 25, 2004.
*
*/
#define OPENSSL_FIPSAPI
#include <openssl/opensslconf.h>
#ifndef OPENSSL_FIPS
#include <stdio.h>
int main(int argc, char **argv)
{
printf("No FIPS RNG support\n");
return 0;
}
#else
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/fips.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/fips_rand.h>
#include <string.h>
#include <ctype.h>
#include "fips_utl.h"
static void vst(FILE *in, FILE *out)
{
unsigned char *key = NULL;
unsigned char *v = NULL;
unsigned char *dt = NULL;
unsigned char ret[16];
char buf[1024];
char lbuf[1024];
char *keyword, *value;
long i, keylen;
keylen = 0;
while(fgets(buf,sizeof buf,in) != NULL)
{
fputs(buf,out);
if(!strncmp(buf,"[AES 128-Key]", 13))
keylen = 16;
else if(!strncmp(buf,"[AES 192-Key]", 13))
keylen = 24;
else if(!strncmp(buf,"[AES 256-Key]", 13))
keylen = 32;
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
if(!strcmp(keyword,"Key"))
{
key=hex2bin_m(value,&i);
if (i != keylen)
{
fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
return;
}
}
else if(!strcmp(keyword,"DT"))
{
dt=hex2bin_m(value,&i);
if (i != 16)
{
fprintf(stderr, "Invalid DT length\n");
return;
}
}
else if(!strcmp(keyword,"V"))
{
v=hex2bin_m(value,&i);
if (i != 16)
{
fprintf(stderr, "Invalid V length\n");
return;
}
if (!key || !dt)
{
fprintf(stderr, "Missing key or DT\n");
return;
}
FIPS_x931_set_key(key, keylen);
FIPS_x931_seed(v,16);
FIPS_x931_set_dt(dt);
if (FIPS_x931_bytes(ret,16) <= 0)
{
fprintf(stderr, "Error getting PRNG value\n");
return;
}
OutputValue("R", ret, 16, out, 0);
OPENSSL_free(key);
key = NULL;
OPENSSL_free(dt);
dt = NULL;
OPENSSL_free(v);
v = NULL;
}
}
}
static void mct(FILE *in, FILE *out)
{
unsigned char *key = NULL;
unsigned char *v = NULL;
unsigned char *dt = NULL;
unsigned char ret[16];
char buf[1024];
char lbuf[1024];
char *keyword, *value;
long i, keylen;
int j;
keylen = 0;
while(fgets(buf,sizeof buf,in) != NULL)
{
fputs(buf,out);
if(!strncmp(buf,"[AES 128-Key]", 13))
keylen = 16;
else if(!strncmp(buf,"[AES 192-Key]", 13))
keylen = 24;
else if(!strncmp(buf,"[AES 256-Key]", 13))
keylen = 32;
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
if(!strcmp(keyword,"Key"))
{
key=hex2bin_m(value,&i);
if (i != keylen)
{
fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
return;
}
}
else if(!strcmp(keyword,"DT"))
{
dt=hex2bin_m(value,&i);
if (i != 16)
{
fprintf(stderr, "Invalid DT length\n");
return;
}
}
else if(!strcmp(keyword,"V"))
{
v=hex2bin_m(value,&i);
if (i != 16)
{
fprintf(stderr, "Invalid V length\n");
return;
}
if (!key || !dt)
{
fprintf(stderr, "Missing key or DT\n");
return;
}
FIPS_x931_set_key(key, keylen);
FIPS_x931_seed(v,16);
for (i = 0; i < 10000; i++)
{
FIPS_x931_set_dt(dt);
if (FIPS_x931_bytes(ret,16) <= 0)
{
fprintf(stderr, "Error getting PRNG value\n");
return;
}
/* Increment DT */
for (j = 15; j >= 0; j--)
{
dt[j]++;
if (dt[j])
break;
}
}
OutputValue("R", ret, 16, out, 0);
OPENSSL_free(key);
key = NULL;
OPENSSL_free(dt);
dt = NULL;
OPENSSL_free(v);
v = NULL;
}
}
}
#ifdef FIPS_ALGVS
int fips_rngvs_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
FILE *in, *out;
if (argc == 4)
{
in = fopen(argv[2], "r");
if (!in)
{
fprintf(stderr, "Error opening input file\n");
exit(1);
}
out = fopen(argv[3], "w");
if (!out)
{
fprintf(stderr, "Error opening output file\n");
exit(1);
}
}
else if (argc == 2)
{
in = stdin;
out = stdout;
}
else
{
fprintf(stderr,"%s [mct|vst]\n",argv[0]);
exit(1);
}
fips_algtest_init();
FIPS_x931_reset();
if (!FIPS_x931_test_mode())
{
fprintf(stderr, "Error setting PRNG test mode\n");
exit(1);
}
if(!strcmp(argv[1],"mct"))
mct(in, out);
else if(!strcmp(argv[1],"vst"))
vst(in, out);
else
{
fprintf(stderr,"Don't know how to %s.\n",argv[1]);
exit(1);
}
if (argc == 4)
{
fclose(in);
fclose(out);
}
return 0;
}
#endif

174
fips/rsa/Makefile
View File

@ -1,174 +0,0 @@
#
# OpenSSL/fips/rsa/Makefile
#
DIR= rsa
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST= fips_rsavtest.c fips_rsastest.c fips_rsagtest.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= fips_rsa_selftest.c fips_rsa_sign.c fips_rsa_lib.c
LIBOBJ= fips_rsa_selftest.o fips_rsa_sign.o fips_rsa_lib.o
SRC= $(LIBSRC)
EXHEADER=
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
install:
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done
tags:
ctags $(SRC)
tests:
Q=../testvectors/rsa/req
A=../testvectors/rsa/rsp
Q62=../testvectors/rsa_salt_62/req
A62=../testvectors/rsa_salt_62/rsp
fips_test:
-rm -rf $(A) $(A62)
mkdir $(A) $(A62)
if [ -f $(Q)/SigGen15.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest < $(Q)/SigGen15.req > $(A)/SigGen15.rsp; fi
if [ -f $(Q)/SigVer15.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest < $(Q)/SigVer15.req > $(A)/SigVer15.rsp; fi
if [ -f $(Q)/SigGenPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -saltlen 0 < $(Q)/SigGenPSS.req > $(A)/SigGenPSS.rsp; fi
if [ -f $(Q)/SigVerPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -saltlen 0 < $(Q)/SigVerPSS.req > $(A)/SigVerPSS.rsp; fi
if [ -f $(Q)/SigGenRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -x931 < $(Q)/SigGenRSA.req > $(A)/SigGenRSA.rsp; fi
if [ -f $(Q)/SigVerRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -x931 < $(Q)/SigVerRSA.req > $(A)/SigVerRSA.rsp; fi
if [ -f $(Q62)/SigGenPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -saltlen 62 < $(Q62)/SigGenPSS.req >$(A62)/SigGenPSS.rsp; fi
if [ -f $(Q62)/SigVerPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -saltlen 62 <$(Q62)/SigVerPSS.req >$(A62)/SigVerPSS.rsp; fi
if [ -f $(Q)/KeyGenRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsagtest < $(Q)/KeyGenRSA.req > $(A)/KeyGenRSA.rsp; fi
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips_rsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_rsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
fips_rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
fips_rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
fips_rsa_lib.o: ../../include/openssl/objects.h
fips_rsa_lib.o: ../../include/openssl/opensslconf.h
fips_rsa_lib.o: ../../include/openssl/opensslv.h
fips_rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
fips_rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_rsa_lib.o: ../../include/openssl/symhacks.h fips_rsa_lib.c
fips_rsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_rsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
fips_rsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
fips_rsa_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_rsa_selftest.o: ../../include/openssl/lhash.h
fips_rsa_selftest.o: ../../include/openssl/obj_mac.h
fips_rsa_selftest.o: ../../include/openssl/objects.h
fips_rsa_selftest.o: ../../include/openssl/opensslconf.h
fips_rsa_selftest.o: ../../include/openssl/opensslv.h
fips_rsa_selftest.o: ../../include/openssl/ossl_typ.h
fips_rsa_selftest.o: ../../include/openssl/rsa.h
fips_rsa_selftest.o: ../../include/openssl/safestack.h
fips_rsa_selftest.o: ../../include/openssl/stack.h
fips_rsa_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
fips_rsa_selftest.o: fips_rsa_selftest.c
fips_rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
fips_rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_rsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
fips_rsa_sign.o: ../../include/openssl/obj_mac.h
fips_rsa_sign.o: ../../include/openssl/objects.h
fips_rsa_sign.o: ../../include/openssl/opensslconf.h
fips_rsa_sign.o: ../../include/openssl/opensslv.h
fips_rsa_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
fips_rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
fips_rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fips_rsa_sign.o: fips_rsa_sign.c
fips_rsagtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_rsagtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_rsagtest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
fips_rsagtest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
fips_rsagtest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_rsagtest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
fips_rsagtest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
fips_rsagtest.o: ../../include/openssl/objects.h
fips_rsagtest.o: ../../include/openssl/opensslconf.h
fips_rsagtest.o: ../../include/openssl/opensslv.h
fips_rsagtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
fips_rsagtest.o: ../../include/openssl/safestack.h
fips_rsagtest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fips_rsagtest.o: ../fips_utl.h fips_rsagtest.c
fips_rsastest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_rsastest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_rsastest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
fips_rsastest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
fips_rsastest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_rsastest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
fips_rsastest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
fips_rsastest.o: ../../include/openssl/objects.h
fips_rsastest.o: ../../include/openssl/opensslconf.h
fips_rsastest.o: ../../include/openssl/opensslv.h
fips_rsastest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
fips_rsastest.o: ../../include/openssl/safestack.h
fips_rsastest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fips_rsastest.o: ../fips_utl.h fips_rsastest.c
fips_rsavtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_rsavtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_rsavtest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
fips_rsavtest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
fips_rsavtest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_rsavtest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
fips_rsavtest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
fips_rsavtest.o: ../../include/openssl/objects.h
fips_rsavtest.o: ../../include/openssl/opensslconf.h
fips_rsavtest.o: ../../include/openssl/opensslv.h
fips_rsavtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
fips_rsavtest.o: ../../include/openssl/safestack.h
fips_rsavtest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fips_rsavtest.o: ../fips_utl.h fips_rsavtest.c

103
fips/rsa/fips_rsa_lib.c
View File

@ -1,103 +0,0 @@
/* fips_rsa_sign.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2007.
*/
/* ====================================================================
* Copyright (c) 2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/fips.h>
/* Minimal FIPS versions of FIPS_rsa_new() and FIPS_rsa_free: to
* reduce external dependencies.
*/
RSA *FIPS_rsa_new(void)
{
RSA *ret;
ret = OPENSSL_malloc(sizeof(RSA));
if (!ret)
return NULL;
memset(ret, 0, sizeof(RSA));
ret->meth = RSA_PKCS1_SSLeay();
if (ret->meth->init)
ret->meth->init(ret);
return ret;
}
void FIPS_rsa_free(RSA *r)
{
if (!r)
return;
if (r->meth->finish)
r->meth->finish(r);
if (r->n != NULL) BN_clear_free(r->n);
if (r->e != NULL) BN_clear_free(r->e);
if (r->d != NULL) BN_clear_free(r->d);
if (r->p != NULL) BN_clear_free(r->p);
if (r->q != NULL) BN_clear_free(r->q);
if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
if (r->iqmp != NULL) BN_clear_free(r->iqmp);
if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
OPENSSL_free(r);
}

261
fips/rsa/fips_rsa_selftest.c
View File

@ -1,261 +0,0 @@
/* ====================================================================
* Copyright (c) 2003-2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <openssl/opensslconf.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS
__fips_constseg
static const unsigned char rsa_test_2048_n[] = {
0xDB,0x10,0x1A,0xC2,0xA3,0xF1,0xDC,0xFF,0x13,0x6B,0xED,0x44,
0xDF,0xF0,0x02,0x6D,0x13,0xC7,0x88,0xDA,0x70,0x6B,0x54,0xF1,
0xE8,0x27,0xDC,0xC3,0x0F,0x99,0x6A,0xFA,0xC6,0x67,0xFF,0x1D,
0x1E,0x3C,0x1D,0xC1,0xB5,0x5F,0x6C,0xC0,0xB2,0x07,0x3A,0x6D,
0x41,0xE4,0x25,0x99,0xAC,0xFC,0xD2,0x0F,0x02,0xD3,0xD1,0x54,
0x06,0x1A,0x51,0x77,0xBD,0xB6,0xBF,0xEA,0xA7,0x5C,0x06,0xA9,
0x5D,0x69,0x84,0x45,0xD7,0xF5,0x05,0xBA,0x47,0xF0,0x1B,0xD7,
0x2B,0x24,0xEC,0xCB,0x9B,0x1B,0x10,0x8D,0x81,0xA0,0xBE,0xB1,
0x8C,0x33,0xE4,0x36,0xB8,0x43,0xEB,0x19,0x2A,0x81,0x8D,0xDE,
0x81,0x0A,0x99,0x48,0xB6,0xF6,0xBC,0xCD,0x49,0x34,0x3A,0x8F,
0x26,0x94,0xE3,0x28,0x82,0x1A,0x7C,0x8F,0x59,0x9F,0x45,0xE8,
0x5D,0x1A,0x45,0x76,0x04,0x56,0x05,0xA1,0xD0,0x1B,0x8C,0x77,
0x6D,0xAF,0x53,0xFA,0x71,0xE2,0x67,0xE0,0x9A,0xFE,0x03,0xA9,
0x85,0xD2,0xC9,0xAA,0xBA,0x2A,0xBC,0xF4,0xA0,0x08,0xF5,0x13,
0x98,0x13,0x5D,0xF0,0xD9,0x33,0x34,0x2A,0x61,0xC3,0x89,0x55,
0xF0,0xAE,0x1A,0x9C,0x22,0xEE,0x19,0x05,0x8D,0x32,0xFE,0xEC,
0x9C,0x84,0xBA,0xB7,0xF9,0x6C,0x3A,0x4F,0x07,0xFC,0x45,0xEB,
0x12,0xE5,0x7B,0xFD,0x55,0xE6,0x29,0x69,0xD1,0xC2,0xE8,0xB9,
0x78,0x59,0xF6,0x79,0x10,0xC6,0x4E,0xEB,0x6A,0x5E,0xB9,0x9A,
0xC7,0xC4,0x5B,0x63,0xDA,0xA3,0x3F,0x5E,0x92,0x7A,0x81,0x5E,
0xD6,0xB0,0xE2,0x62,0x8F,0x74,0x26,0xC2,0x0C,0xD3,0x9A,0x17,
0x47,0xE6,0x8E,0xAB
};
__fips_constseg
static const unsigned char rsa_test_2048_e[] = {
0x01,0x00,0x01
};
__fips_constseg
static const unsigned char rsa_test_2048_d[] = {
0x52,0x41,0xF4,0xDA,0x7B,0xB7,0x59,0x55,0xCA,0xD4,0x2F,0x0F,
0x3A,0xCB,0xA4,0x0D,0x93,0x6C,0xCC,0x9D,0xC1,0xB2,0xFB,0xFD,
0xAE,0x40,0x31,0xAC,0x69,0x52,0x21,0x92,0xB3,0x27,0xDF,0xEA,
0xEE,0x2C,0x82,0xBB,0xF7,0x40,0x32,0xD5,0x14,0xC4,0x94,0x12,
0xEC,0xB8,0x1F,0xCA,0x59,0xE3,0xC1,0x78,0xF3,0x85,0xD8,0x47,
0xA5,0xD7,0x02,0x1A,0x65,0x79,0x97,0x0D,0x24,0xF4,0xF0,0x67,
0x6E,0x75,0x2D,0xBF,0x10,0x3D,0xA8,0x7D,0xEF,0x7F,0x60,0xE4,
0xE6,0x05,0x82,0x89,0x5D,0xDF,0xC6,0xD2,0x6C,0x07,0x91,0x33,
0x98,0x42,0xF0,0x02,0x00,0x25,0x38,0xC5,0x85,0x69,0x8A,0x7D,
0x2F,0x95,0x6C,0x43,0x9A,0xB8,0x81,0xE2,0xD0,0x07,0x35,0xAA,
0x05,0x41,0xC9,0x1E,0xAF,0xE4,0x04,0x3B,0x19,0xB8,0x73,0xA2,
0xAC,0x4B,0x1E,0x66,0x48,0xD8,0x72,0x1F,0xAC,0xF6,0xCB,0xBC,
0x90,0x09,0xCA,0xEC,0x0C,0xDC,0xF9,0x2C,0xD7,0xEB,0xAE,0xA3,
0xA4,0x47,0xD7,0x33,0x2F,0x8A,0xCA,0xBC,0x5E,0xF0,0x77,0xE4,
0x97,0x98,0x97,0xC7,0x10,0x91,0x7D,0x2A,0xA6,0xFF,0x46,0x83,
0x97,0xDE,0xE9,0xE2,0x17,0x03,0x06,0x14,0xE2,0xD7,0xB1,0x1D,
0x77,0xAF,0x51,0x27,0x5B,0x5E,0x69,0xB8,0x81,0xE6,0x11,0xC5,
0x43,0x23,0x81,0x04,0x62,0xFF,0xE9,0x46,0xB8,0xD8,0x44,0xDB,
0xA5,0xCC,0x31,0x54,0x34,0xCE,0x3E,0x82,0xD6,0xBF,0x7A,0x0B,
0x64,0x21,0x6D,0x88,0x7E,0x5B,0x45,0x12,0x1E,0x63,0x8D,0x49,
0xA7,0x1D,0xD9,0x1E,0x06,0xCD,0xE8,0xBA,0x2C,0x8C,0x69,0x32,
0xEA,0xBE,0x60,0x71
};
__fips_constseg
static const unsigned char rsa_test_2048_p[] = {
0xFA,0xAC,0xE1,0x37,0x5E,0x32,0x11,0x34,0xC6,0x72,0x58,0x2D,
0x91,0x06,0x3E,0x77,0xE7,0x11,0x21,0xCD,0x4A,0xF8,0xA4,0x3F,
0x0F,0xEF,0x31,0xE3,0xF3,0x55,0xA0,0xB9,0xAC,0xB6,0xCB,0xBB,
0x41,0xD0,0x32,0x81,0x9A,0x8F,0x7A,0x99,0x30,0x77,0x6C,0x68,
0x27,0xE2,0x96,0xB5,0x72,0xC9,0xC3,0xD4,0x42,0xAA,0xAA,0xCA,
0x95,0x8F,0xFF,0xC9,0x9B,0x52,0x34,0x30,0x1D,0xCF,0xFE,0xCF,
0x3C,0x56,0x68,0x6E,0xEF,0xE7,0x6C,0xD7,0xFB,0x99,0xF5,0x4A,
0xA5,0x21,0x1F,0x2B,0xEA,0x93,0xE8,0x98,0x26,0xC4,0x6E,0x42,
0x21,0x5E,0xA0,0xA1,0x2A,0x58,0x35,0xBB,0x10,0xE7,0xBA,0x27,
0x0A,0x3B,0xB3,0xAF,0xE2,0x75,0x36,0x04,0xAC,0x56,0xA0,0xAB,
0x52,0xDE,0xCE,0xDD,0x2C,0x28,0x77,0x03
};
__fips_constseg
static const unsigned char rsa_test_2048_q[] = {
0xDF,0xB7,0x52,0xB6,0xD7,0xC0,0xE2,0x96,0xE7,0xC9,0xFE,0x5D,
0x71,0x5A,0xC4,0x40,0x96,0x2F,0xE5,0x87,0xEA,0xF3,0xA5,0x77,
0x11,0x67,0x3C,0x8D,0x56,0x08,0xA7,0xB5,0x67,0xFA,0x37,0xA8,
0xB8,0xCF,0x61,0xE8,0x63,0xD8,0x38,0x06,0x21,0x2B,0x92,0x09,
0xA6,0x39,0x3A,0xEA,0xA8,0xB4,0x45,0x4B,0x36,0x10,0x4C,0xE4,
0x00,0x66,0x71,0x65,0xF8,0x0B,0x94,0x59,0x4F,0x8C,0xFD,0xD5,
0x34,0xA2,0xE7,0x62,0x84,0x0A,0xA7,0xBB,0xDB,0xD9,0x8A,0xCD,
0x05,0xE1,0xCC,0x57,0x7B,0xF1,0xF1,0x1F,0x11,0x9D,0xBA,0x3E,
0x45,0x18,0x99,0x1B,0x41,0x64,0x43,0xEE,0x97,0x5D,0x77,0x13,
0x5B,0x74,0x69,0x73,0x87,0x95,0x05,0x07,0xBE,0x45,0x07,0x17,
0x7E,0x4A,0x69,0x22,0xF3,0xDB,0x05,0x39
};
__fips_constseg
static const unsigned char rsa_test_2048_dmp1[] = {
0x5E,0xD8,0xDC,0xDA,0x53,0x44,0xC4,0x67,0xE0,0x92,0x51,0x34,
0xE4,0x83,0xA5,0x4D,0x3E,0xDB,0xA7,0x9B,0x82,0xBB,0x73,0x81,
0xFC,0xE8,0x77,0x4B,0x15,0xBE,0x17,0x73,0x49,0x9B,0x5C,0x98,
0xBC,0xBD,0x26,0xEF,0x0C,0xE9,0x2E,0xED,0x19,0x7E,0x86,0x41,
0x1E,0x9E,0x48,0x81,0xDD,0x2D,0xE4,0x6F,0xC2,0xCD,0xCA,0x93,
0x9E,0x65,0x7E,0xD5,0xEC,0x73,0xFD,0x15,0x1B,0xA2,0xA0,0x7A,
0x0F,0x0D,0x6E,0xB4,0x53,0x07,0x90,0x92,0x64,0x3B,0x8B,0xA9,
0x33,0xB3,0xC5,0x94,0x9B,0x4C,0x5D,0x9C,0x7C,0x46,0xA4,0xA5,
0x56,0xF4,0xF3,0xF8,0x27,0x0A,0x7B,0x42,0x0D,0x92,0x70,0x47,
0xE7,0x42,0x51,0xA9,0xC2,0x18,0xB1,0x58,0xB1,0x50,0x91,0xB8,
0x61,0x41,0xB6,0xA9,0xCE,0xD4,0x7C,0xBB
};
__fips_constseg
static const unsigned char rsa_test_2048_dmq1[] = {
0x54,0x09,0x1F,0x0F,0x03,0xD8,0xB6,0xC5,0x0C,0xE8,0xB9,0x9E,
0x0C,0x38,0x96,0x43,0xD4,0xA6,0xC5,0x47,0xDB,0x20,0x0E,0xE5,
0xBD,0x29,0xD4,0x7B,0x1A,0xF8,0x41,0x57,0x49,0x69,0x9A,0x82,
0xCC,0x79,0x4A,0x43,0xEB,0x4D,0x8B,0x2D,0xF2,0x43,0xD5,0xA5,
0xBE,0x44,0xFD,0x36,0xAC,0x8C,0x9B,0x02,0xF7,0x9A,0x03,0xE8,
0x19,0xA6,0x61,0xAE,0x76,0x10,0x93,0x77,0x41,0x04,0xAB,0x4C,
0xED,0x6A,0xCC,0x14,0x1B,0x99,0x8D,0x0C,0x6A,0x37,0x3B,0x86,
0x6C,0x51,0x37,0x5B,0x1D,0x79,0xF2,0xA3,0x43,0x10,0xC6,0xA7,
0x21,0x79,0x6D,0xF9,0xE9,0x04,0x6A,0xE8,0x32,0xFF,0xAE,0xFD,
0x1C,0x7B,0x8C,0x29,0x13,0xA3,0x0C,0xB2,0xAD,0xEC,0x6C,0x0F,
0x8D,0x27,0x12,0x7B,0x48,0xB2,0xDB,0x31
};
__fips_constseg
static const unsigned char rsa_test_2048_iqmp[] = {
0x8D,0x1B,0x05,0xCA,0x24,0x1F,0x0C,0x53,0x19,0x52,0x74,0x63,
0x21,0xFA,0x78,0x46,0x79,0xAF,0x5C,0xDE,0x30,0xA4,0x6C,0x20,
0x38,0xE6,0x97,0x39,0xB8,0x7A,0x70,0x0D,0x8B,0x6C,0x6D,0x13,
0x74,0xD5,0x1C,0xDE,0xA9,0xF4,0x60,0x37,0xFE,0x68,0x77,0x5E,
0x0B,0x4E,0x5E,0x03,0x31,0x30,0xDF,0xD6,0xAE,0x85,0xD0,0x81,
0xBB,0x61,0xC7,0xB1,0x04,0x5A,0xC4,0x6D,0x56,0x1C,0xD9,0x64,
0xE7,0x85,0x7F,0x88,0x91,0xC9,0x60,0x28,0x05,0xE2,0xC6,0x24,
0x8F,0xDD,0x61,0x64,0xD8,0x09,0xDE,0x7E,0xD3,0x4A,0x61,0x1A,
0xD3,0x73,0x58,0x4B,0xD8,0xA0,0x54,0x25,0x48,0x83,0x6F,0x82,
0x6C,0xAF,0x36,0x51,0x2A,0x5D,0x14,0x2F,0x41,0x25,0x00,0xDD,
0xF8,0xF3,0x95,0xFE,0x31,0x25,0x50,0x12
};
static int setrsakey(RSA *k)
{
fips_load_key_component(k, n, rsa_test_2048);
fips_load_key_component(k, e, rsa_test_2048);
fips_load_key_component(k, d, rsa_test_2048);
fips_load_key_component(k, p, rsa_test_2048);
fips_load_key_component(k, q, rsa_test_2048);
fips_load_key_component(k, dmp1, rsa_test_2048);
fips_load_key_component(k, dmq1, rsa_test_2048);
fips_load_key_component(k, iqmp, rsa_test_2048);
return 1;
err:
return 0;
}
/* Known Answer Test (KAT) data for the above RSA private key signing
* kat_tbs.
*/
__fips_constseg
static const unsigned char kat_tbs[] = "OpenSSL FIPS 140-2 Public Key RSA KAT";
__fips_constseg
static const unsigned char kat_RSA_PSS_SHA256[] = {
0x51,0x4F,0x0B,0x8A,0xE6,0x7F,0xF0,0x39,0x9B,0x5F,0x21,0x26,
0x99,0x71,0xDC,0x64,0x5A,0x60,0x9B,0xFB,0xB9,0x48,0xE3,0xD4,
0xDE,0xAE,0x2D,0x87,0x72,0x14,0x2A,0x01,0x4C,0xC7,0x5C,0x00,
0x15,0xAE,0x23,0x09,0x5F,0xD5,0xB5,0x6F,0x94,0x59,0x76,0xEA,
0x8C,0x28,0x90,0xC4,0xCD,0xB9,0xD7,0xB5,0x82,0x9D,0x4E,0x37,
0xE0,0x79,0x03,0x88,0x9F,0x31,0x71,0x70,0x80,0xD6,0x99,0x49,
0x20,0x09,0x30,0x64,0x52,0xCD,0x5C,0x10,0x72,0x29,0x4D,0x33,
0x10,0xF6,0xEB,0xB7,0x27,0x95,0x55,0x48,0xBE,0x5A,0xBE,0xA7,
0x74,0xCF,0x0E,0x95,0x28,0xF4,0x05,0x98,0x86,0xBA,0x36,0x5C,
0x91,0x8F,0x5D,0xC1,0xBD,0xBE,0x74,0xD9,0x74,0x7B,0xEC,0xD1,
0x4E,0x79,0x66,0x14,0x24,0x21,0x27,0x2D,0xCF,0x93,0xC0,0xE1,
0x92,0x79,0xE0,0x4D,0x65,0xE2,0xA4,0xBA,0x1F,0x96,0x16,0xB1,
0x90,0xE1,0x50,0xDE,0x2F,0xB0,0x07,0xAF,0x84,0xCC,0x81,0x1C,
0x42,0xA9,0x1B,0xF6,0x25,0xDF,0x6F,0xEB,0x9A,0xF0,0x93,0xF3,
0x66,0xE7,0x88,0x7B,0xF9,0xA5,0x92,0xA9,0xD5,0x35,0xAA,0x33,
0x8F,0xEA,0x68,0xDB,0x82,0xE5,0x69,0xBB,0x95,0x31,0xC3,0x4F,
0x0A,0x68,0x15,0x8A,0x93,0x91,0xE2,0x3B,0xDC,0xA4,0x94,0x2F,
0x34,0xBC,0xCE,0xC9,0xA6,0xF0,0x49,0x33,0x5B,0x8F,0xDB,0x60,
0xE8,0x37,0x8C,0x97,0xF9,0xFB,0x28,0x0A,0xF1,0xAD,0x4D,0x9D,
0xC0,0x57,0x4D,0xD0,0x26,0x76,0x36,0x21,0x67,0x97,0x73,0xCD,
0x26,0x3A,0xCD,0x44,0x77,0xF2,0x59,0xBB,0xDF,0x77,0x3B,0x98,
0xC5,0x57,0xB7,0x5D
};
int FIPS_selftest_rsa()
{
int ret = 0;
RSA *key = NULL;
EVP_PKEY pk;
key=FIPS_rsa_new();
setrsakey(key);
pk.type = EVP_PKEY_RSA;
pk.pkey.rsa = key;
if (!fips_pkey_signature_test(FIPS_TEST_SIGNATURE,
&pk, kat_tbs, sizeof(kat_tbs) - 1,
kat_RSA_PSS_SHA256, sizeof(kat_RSA_PSS_SHA256),
EVP_sha256(), RSA_PKCS1_PSS_PADDING,
"RSA SHA256 PSS"))
goto err;
ret = 1;
err:
FIPS_rsa_free(key);
return ret;
}
#endif /* def OPENSSL_FIPS */

474
fips/rsa/fips_rsa_sign.c
View File

@ -1,474 +0,0 @@
/* fips_rsa_sign.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2007.
*/
/* ====================================================================
* Copyright (c) 2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/err.h>
#include <openssl/sha.h>
#include <openssl/fips.h>
#ifdef OPENSSL_FIPS
/* FIPS versions of RSA_sign() and RSA_verify().
* These will only have to deal with SHA* signatures and by including
* pregenerated encodings all ASN1 dependencies can be avoided
*/
/* Standard encodings including NULL parameter */
__fips_constseg
static const unsigned char sha1_bin[] = {
0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
0x00, 0x04, 0x14
};
__fips_constseg
static const unsigned char sha224_bin[] = {
0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c
};
__fips_constseg
static const unsigned char sha256_bin[] = {
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
};
__fips_constseg
static const unsigned char sha384_bin[] = {
0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30
};
__fips_constseg
static const unsigned char sha512_bin[] = {
0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
};
/* Alternate encodings with absent parameters. We don't generate signature
* using this format but do tolerate received signatures of this form.
*/
__fips_constseg
static const unsigned char sha1_nn_bin[] = {
0x30, 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04,
0x14
};
__fips_constseg
static const unsigned char sha224_nn_bin[] = {
0x30, 0x2b, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x04, 0x04, 0x1c
};
__fips_constseg
static const unsigned char sha256_nn_bin[] = {
0x30, 0x2f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x01, 0x04, 0x20
};
__fips_constseg
static const unsigned char sha384_nn_bin[] = {
0x30, 0x3f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x02, 0x04, 0x30
};
__fips_constseg
static const unsigned char sha512_nn_bin[] = {
0x30, 0x4f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x03, 0x04, 0x40
};
static const unsigned char *fips_digestinfo_encoding(int nid, unsigned int *len)
{
switch (nid)
{
case NID_sha1:
*len = sizeof(sha1_bin);
return sha1_bin;
case NID_sha224:
*len = sizeof(sha224_bin);
return sha224_bin;
case NID_sha256:
*len = sizeof(sha256_bin);
return sha256_bin;
case NID_sha384:
*len = sizeof(sha384_bin);
return sha384_bin;
case NID_sha512:
*len = sizeof(sha512_bin);
return sha512_bin;
default:
return NULL;
}
}
static const unsigned char *fips_digestinfo_nn_encoding(int nid, unsigned int *len)
{
switch (nid)
{
case NID_sha1:
*len = sizeof(sha1_nn_bin);
return sha1_nn_bin;
case NID_sha224:
*len = sizeof(sha224_nn_bin);
return sha224_nn_bin;
case NID_sha256:
*len = sizeof(sha256_nn_bin);
return sha256_nn_bin;
case NID_sha384:
*len = sizeof(sha384_nn_bin);
return sha384_nn_bin;
case NID_sha512:
*len = sizeof(sha512_nn_bin);
return sha512_nn_bin;
default:
return NULL;
}
}
int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx,
int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash,
unsigned char *sigret, unsigned int *siglen)
{
unsigned int md_len, rv;
unsigned char md[EVP_MAX_MD_SIZE];
FIPS_digestfinal(ctx, md, &md_len);
rv = FIPS_rsa_sign_digest(rsa, md, md_len,
M_EVP_MD_CTX_md(ctx),
rsa_pad_mode, saltlen,
mgf1Hash, sigret, siglen);
OPENSSL_cleanse(md, md_len);
return rv;
}
int FIPS_rsa_sign_digest(RSA *rsa, const unsigned char *md, int md_len,
const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
const EVP_MD *mgf1Hash,
unsigned char *sigret, unsigned int *siglen)
{
int i=0,j,ret=0;
unsigned int dlen;
const unsigned char *der;
int md_type;
/* Largest DigestInfo: 19 (max encoding) + max MD */
unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
if (FIPS_selftest_failed())
{
FIPSerr(FIPS_F_FIPS_RSA_SIGN_DIGEST, FIPS_R_SELFTEST_FAILED);
return 0;
}
if (!mhash && rsa_pad_mode == RSA_PKCS1_PADDING)
md_type = saltlen;
else
md_type = M_EVP_MD_type(mhash);
if (rsa_pad_mode == RSA_X931_PADDING)
{
int hash_id;
memcpy(tmpdinfo, md, md_len);
hash_id = RSA_X931_hash_id(md_type);
if (hash_id == -1)
{
RSAerr(RSA_F_FIPS_RSA_SIGN_DIGEST,RSA_R_UNKNOWN_ALGORITHM_TYPE);
return 0;
}
tmpdinfo[md_len] = (unsigned char)hash_id;
i = md_len + 1;
}
else if (rsa_pad_mode == RSA_PKCS1_PADDING)
{
der = fips_digestinfo_encoding(md_type, &dlen);
if (!der)
{
RSAerr(RSA_F_FIPS_RSA_SIGN_DIGEST,RSA_R_UNKNOWN_ALGORITHM_TYPE);
return 0;
}
memcpy(tmpdinfo, der, dlen);
memcpy(tmpdinfo + dlen, md, md_len);
i = dlen + md_len;
}
else if (rsa_pad_mode == RSA_PKCS1_PSS_PADDING)
{
unsigned char *sbuf;
i = RSA_size(rsa);
sbuf = OPENSSL_malloc(RSA_size(rsa));
if (!sbuf)
{
RSAerr(RSA_F_FIPS_RSA_SIGN_DIGEST,ERR_R_MALLOC_FAILURE);
goto psserr;
}
if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, sbuf, md, mhash,
mgf1Hash, saltlen))
goto psserr;
j=rsa->meth->rsa_priv_enc(i,sbuf,sigret,rsa,RSA_NO_PADDING);
if (j > 0)
{
ret=1;
*siglen=j;
}
psserr:
OPENSSL_cleanse(sbuf, i);
OPENSSL_free(sbuf);
return ret;
}
j=RSA_size(rsa);
if (i > (j-RSA_PKCS1_PADDING_SIZE))
{
RSAerr(RSA_F_FIPS_RSA_SIGN_DIGEST,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
goto done;
}
/* NB: call underlying method directly to avoid FIPS blocking */
j=rsa->meth->rsa_priv_enc(i,tmpdinfo,sigret,rsa,rsa_pad_mode);
if (j > 0)
{
ret=1;
*siglen=j;
}
done:
OPENSSL_cleanse(tmpdinfo,i);
return ret;
}
int FIPS_rsa_verify_ctx(RSA *rsa, EVP_MD_CTX *ctx,
int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash,
const unsigned char *sigbuf, unsigned int siglen)
{
unsigned int md_len, rv;
unsigned char md[EVP_MAX_MD_SIZE];
FIPS_digestfinal(ctx, md, &md_len);
rv = FIPS_rsa_verify_digest(rsa, md, md_len, M_EVP_MD_CTX_md(ctx),
rsa_pad_mode, saltlen, mgf1Hash,
sigbuf, siglen);
OPENSSL_cleanse(md, md_len);
return rv;
}
int FIPS_rsa_verify_digest(RSA *rsa, const unsigned char *dig, int diglen,
const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
const EVP_MD *mgf1Hash,
const unsigned char *sigbuf, unsigned int siglen)
{
int i,ret=0;
unsigned int dlen;
unsigned char *s;
const unsigned char *der;
int md_type;
int rsa_dec_pad_mode;
if (FIPS_selftest_failed())
{
FIPSerr(FIPS_F_FIPS_RSA_VERIFY_DIGEST, FIPS_R_SELFTEST_FAILED);
return 0;
}
if (siglen != (unsigned int)RSA_size(rsa))
{
RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_WRONG_SIGNATURE_LENGTH);
return(0);
}
if (!mhash && rsa_pad_mode == RSA_PKCS1_PADDING)
md_type = saltlen;
else
md_type = M_EVP_MD_type(mhash);
s= OPENSSL_malloc((unsigned int)siglen);
if (s == NULL)
{
RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,ERR_R_MALLOC_FAILURE);
goto err;
}
if (rsa_pad_mode == RSA_PKCS1_PSS_PADDING)
rsa_dec_pad_mode = RSA_NO_PADDING;
else
rsa_dec_pad_mode = rsa_pad_mode;
/* NB: call underlying method directly to avoid FIPS blocking */
i=rsa->meth->rsa_pub_dec((int)siglen,sigbuf,s, rsa, rsa_dec_pad_mode);
if (i <= 0) goto err;
if (rsa_pad_mode == RSA_X931_PADDING)
{
int hash_id;
if (i != (int)(diglen + 1))
{
RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_BAD_SIGNATURE);
goto err;
}
hash_id = RSA_X931_hash_id(md_type);
if (hash_id == -1)
{
RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_UNKNOWN_ALGORITHM_TYPE);
goto err;
}
if (s[diglen] != (unsigned char)hash_id)
{
RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_BAD_SIGNATURE);
goto err;
}
if (memcmp(s, dig, diglen))
{
RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_BAD_SIGNATURE);
goto err;
}
ret = 1;
}
else if (rsa_pad_mode == RSA_PKCS1_PADDING)
{
der = fips_digestinfo_encoding(md_type, &dlen);
if (!der)
{
RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_UNKNOWN_ALGORITHM_TYPE);
return(0);
}
/* Compare, DigestInfo length, DigestInfo header and finally
* digest value itself
*/
/* If length mismatch try alternate encoding */
if (i != (int)(dlen + diglen))
der = fips_digestinfo_nn_encoding(md_type, &dlen);
if ((i != (int)(dlen + diglen)) || memcmp(der, s, dlen)
|| memcmp(s + dlen, dig, diglen))
{
RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_BAD_SIGNATURE);
goto err;
}
ret = 1;
}
else if (rsa_pad_mode == RSA_PKCS1_PSS_PADDING)
{
ret = RSA_verify_PKCS1_PSS_mgf1(rsa, dig, mhash, mgf1Hash,
s, saltlen);
if (ret < 0)
ret = 0;
}
err:
if (s != NULL)
{
OPENSSL_cleanse(s, siglen);
OPENSSL_free(s);
}
return(ret);
}
int FIPS_rsa_sign(RSA *rsa, const unsigned char *msg, int msglen,
const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
const EVP_MD *mgf1Hash,
unsigned char *sigret, unsigned int *siglen)
{
unsigned int md_len, rv;
unsigned char md[EVP_MAX_MD_SIZE];
FIPS_digest(msg, msglen, md, &md_len, mhash);
rv = FIPS_rsa_sign_digest(rsa, md, md_len, mhash, rsa_pad_mode,
saltlen, mgf1Hash, sigret, siglen);
OPENSSL_cleanse(md, md_len);
return rv;
}
int FIPS_rsa_verify(RSA *rsa, const unsigned char *msg, int msglen,
const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
const EVP_MD *mgf1Hash,
const unsigned char *sigbuf, unsigned int siglen)
{
unsigned int md_len, rv;
unsigned char md[EVP_MAX_MD_SIZE];
FIPS_digest(msg, msglen, md, &md_len, mhash);
rv = FIPS_rsa_verify_digest(rsa, md, md_len, mhash, rsa_pad_mode,
saltlen, mgf1Hash, sigbuf, siglen);
OPENSSL_cleanse(md, md_len);
return rv;
}
#endif

389
fips/rsa/fips_rsagtest.c
View File

@ -1,389 +0,0 @@
/* fips_rsagtest.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2005.
*/
/* ====================================================================
* Copyright (c) 2005,2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define OPENSSL_FIPSAPI
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#ifndef OPENSSL_FIPS
int main(int argc, char *argv[])
{
printf("No FIPS RSA support\n");
return(0);
}
#else
#include <openssl/rsa.h>
#include <openssl/fips.h>
#include "fips_utl.h"
int rsa_test(FILE *out, FILE *in);
static int rsa_printkey1(FILE *out, RSA *rsa,
BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
BIGNUM *e);
static int rsa_printkey2(FILE *out, RSA *rsa,
BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq);
#ifdef FIPS_ALGVS
int fips_rsagtest_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
FILE *in = NULL, *out = NULL;
int ret = 1;
fips_algtest_init();
if (argc == 1)
in = stdin;
else
in = fopen(argv[1], "r");
if (argc < 2)
out = stdout;
else
out = fopen(argv[2], "w");
if (!in)
{
fprintf(stderr, "FATAL input initialization error\n");
goto end;
}
if (!out)
{
fprintf(stderr, "FATAL output initialization error\n");
goto end;
}
if (!rsa_test(out, in))
{
fprintf(stderr, "FATAL RSAGTEST file processing error\n");
goto end;
}
else
ret = 0;
end:
if (in && (in != stdin))
fclose(in);
if (out && (out != stdout))
fclose(out);
return ret;
}
#define RSA_TEST_MAXLINELEN 10240
int rsa_test(FILE *out, FILE *in)
{
char *linebuf, *olinebuf, *p, *q;
char *keyword, *value;
RSA *rsa = NULL;
BIGNUM *Xp1 = NULL, *Xp2 = NULL, *Xp = NULL;
BIGNUM *Xq1 = NULL, *Xq2 = NULL, *Xq = NULL;
BIGNUM *e = NULL;
int ret = 0;
int lnum = 0;
olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
if (!linebuf || !olinebuf)
goto error;
while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
{
lnum++;
strcpy(linebuf, olinebuf);
keyword = linebuf;
/* Skip leading space */
while (isspace((unsigned char)*keyword))
keyword++;
/* Look for = sign */
p = strchr(linebuf, '=');
/* If no = or starts with [ (for [foo = bar] line) just copy */
if (!p || *keyword=='[')
{
if (fputs(olinebuf, out) < 0)
goto error;
continue;
}
q = p - 1;
/* Remove trailing space */
while (isspace((unsigned char)*q))
*q-- = 0;
*p = 0;
value = p + 1;
/* Remove leading space from value */
while (isspace((unsigned char)*value))
value++;
/* Remove trailing space from value */
p = value + strlen(value) - 1;
while (*p == '\n' || isspace((unsigned char)*p))
*p-- = 0;
if (!strcmp(keyword, "xp1"))
{
if (Xp1 || !do_hex2bn(&Xp1,value))
goto parse_error;
}
else if (!strcmp(keyword, "xp2"))
{
if (Xp2 || !do_hex2bn(&Xp2,value))
goto parse_error;
}
else if (!strcmp(keyword, "Xp"))
{
if (Xp || !do_hex2bn(&Xp,value))
goto parse_error;
}
else if (!strcmp(keyword, "xq1"))
{
if (Xq1 || !do_hex2bn(&Xq1,value))
goto parse_error;
}
else if (!strcmp(keyword, "xq2"))
{
if (Xq2 || !do_hex2bn(&Xq2,value))
goto parse_error;
}
else if (!strcmp(keyword, "Xq"))
{
if (Xq || !do_hex2bn(&Xq,value))
goto parse_error;
}
else if (!strcmp(keyword, "e"))
{
if (e || !do_hex2bn(&e,value))
goto parse_error;
}
else if (!strcmp(keyword, "p1"))
continue;
else if (!strcmp(keyword, "p2"))
continue;
else if (!strcmp(keyword, "p"))
continue;
else if (!strcmp(keyword, "q1"))
continue;
else if (!strcmp(keyword, "q2"))
continue;
else if (!strcmp(keyword, "q"))
continue;
else if (!strcmp(keyword, "n"))
continue;
else if (!strcmp(keyword, "d"))
continue;
else
goto parse_error;
fputs(olinebuf, out);
if (e && Xp1 && Xp2 && Xp)
{
rsa = FIPS_rsa_new();
if (!rsa)
goto error;
if (!rsa_printkey1(out, rsa, Xp1, Xp2, Xp, e))
goto error;
BN_free(Xp1);
Xp1 = NULL;
BN_free(Xp2);
Xp2 = NULL;
BN_free(Xp);
Xp = NULL;
BN_free(e);
e = NULL;
}
if (rsa && Xq1 && Xq2 && Xq)
{
if (!rsa_printkey2(out, rsa, Xq1, Xq2, Xq))
goto error;
BN_free(Xq1);
Xq1 = NULL;
BN_free(Xq2);
Xq2 = NULL;
BN_free(Xq);
Xq = NULL;
FIPS_rsa_free(rsa);
rsa = NULL;
}
}
ret = 1;
error:
if (olinebuf)
OPENSSL_free(olinebuf);
if (linebuf)
OPENSSL_free(linebuf);
if (Xp1)
BN_free(Xp1);
if (Xp2)
BN_free(Xp2);
if (Xp)
BN_free(Xp);
if (Xq1)
BN_free(Xq1);
if (Xq1)
BN_free(Xq1);
if (Xq2)
BN_free(Xq2);
if (Xq)
BN_free(Xq);
if (e)
BN_free(e);
if (rsa)
FIPS_rsa_free(rsa);
return ret;
parse_error:
fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
goto error;
}
static int rsa_printkey1(FILE *out, RSA *rsa,
BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
BIGNUM *e)
{
int ret = 0;
BIGNUM *p1 = NULL, *p2 = NULL;
p1 = BN_new();
p2 = BN_new();
if (!p1 || !p2)
goto error;
if (!RSA_X931_derive_ex(rsa, p1, p2, NULL, NULL, Xp1, Xp2, Xp,
NULL, NULL, NULL, e, NULL))
goto error;
do_bn_print_name(out, "p1", p1);
do_bn_print_name(out, "p2", p2);
do_bn_print_name(out, "p", rsa->p);
ret = 1;
error:
if (p1)
BN_free(p1);
if (p2)
BN_free(p2);
return ret;
}
static int rsa_printkey2(FILE *out, RSA *rsa,
BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq)
{
int ret = 0;
BIGNUM *q1 = NULL, *q2 = NULL;
q1 = BN_new();
q2 = BN_new();
if (!q1 || !q2)
goto error;
if (!RSA_X931_derive_ex(rsa, NULL, NULL, q1, q2, NULL, NULL, NULL,
Xq1, Xq2, Xq, NULL, NULL))
goto error;
do_bn_print_name(out, "q1", q1);
do_bn_print_name(out, "q2", q2);
do_bn_print_name(out, "q", rsa->q);
do_bn_print_name(out, "n", rsa->n);
do_bn_print_name(out, "d", rsa->d);
ret = 1;
error:
if (q1)
BN_free(q1);
if (q2)
BN_free(q2);
return ret;
}
#endif

361
fips/rsa/fips_rsastest.c
View File

@ -1,361 +0,0 @@
/* fips_rsastest.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2005.
*/
/* ====================================================================
* Copyright (c) 2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define OPENSSL_FIPSAPI
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#ifndef OPENSSL_FIPS
int main(int argc, char *argv[])
{
printf("No FIPS RSA support\n");
return(0);
}
#else
#include <openssl/rsa.h>
#include <openssl/fips.h>
#include "fips_utl.h"
static int rsa_stest(FILE *out, FILE *in, int Saltlen);
static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
unsigned char *Msg, long Msglen, int Saltlen);
#ifdef FIPS_ALGVS
int fips_rsastest_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
FILE *in = NULL, *out = NULL;
int ret = 1, Saltlen = -1;
fips_algtest_init();
if ((argc > 2) && !strcmp("-saltlen", argv[1]))
{
Saltlen = atoi(argv[2]);
if (Saltlen < 0)
{
fprintf(stderr, "FATAL: Invalid salt length\n");
goto end;
}
argc -= 2;
argv += 2;
}
else if ((argc > 1) && !strcmp("-x931", argv[1]))
{
Saltlen = -2;
argc--;
argv++;
}
if (argc == 1)
in = stdin;
else
in = fopen(argv[1], "r");
if (argc < 2)
out = stdout;
else
out = fopen(argv[2], "w");
if (!in)
{
fprintf(stderr, "FATAL input initialization error\n");
goto end;
}
if (!out)
{
fprintf(stderr, "FATAL output initialization error\n");
goto end;
}
if (!rsa_stest(out, in, Saltlen))
{
fprintf(stderr, "FATAL RSASTEST file processing error\n");
goto end;
}
else
ret = 0;
end:
if (in && (in != stdin))
fclose(in);
if (out && (out != stdout))
fclose(out);
return ret;
}
#define RSA_TEST_MAXLINELEN 10240
int rsa_stest(FILE *out, FILE *in, int Saltlen)
{
char *linebuf, *olinebuf, *p, *q;
char *keyword, *value;
RSA *rsa = NULL;
const EVP_MD *dgst = NULL;
unsigned char *Msg = NULL;
long Msglen = -1;
int keylen = -1, current_keylen = -1;
int ret = 0;
int lnum = 0;
olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
if (!linebuf || !olinebuf)
goto error;
while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
{
lnum++;
strcpy(linebuf, olinebuf);
keyword = linebuf;
/* Skip leading space */
while (isspace((unsigned char)*keyword))
keyword++;
/* Look for = sign */
p = strchr(linebuf, '=');
/* If no = just copy */
if (!p)
{
if (fputs(olinebuf, out) < 0)
goto error;
continue;
}
q = p - 1;
/* Remove trailing space */
while (isspace((unsigned char)*q))
*q-- = 0;
*p = 0;
value = p + 1;
/* Remove leading space from value */
while (isspace((unsigned char)*value))
value++;
/* Remove trailing space from value */
p = value + strlen(value) - 1;
while (*p == '\n' || isspace((unsigned char)*p))
*p-- = 0;
/* Look for [mod = XXX] for key length */
if (!strcmp(keyword, "[mod"))
{
p = value + strlen(value) - 1;
if (*p != ']')
goto parse_error;
*p = 0;
keylen = atoi(value);
if (keylen < 0)
goto parse_error;
}
else if (!strcmp(keyword, "SHAAlg"))
{
if (!strcmp(value, "SHA1"))
dgst = EVP_sha1();
else if (!strcmp(value, "SHA224"))
dgst = EVP_sha224();
else if (!strcmp(value, "SHA256"))
dgst = EVP_sha256();
else if (!strcmp(value, "SHA384"))
dgst = EVP_sha384();
else if (!strcmp(value, "SHA512"))
dgst = EVP_sha512();
else
{
fprintf(stderr,
"FATAL: unsupported algorithm \"%s\"\n",
value);
goto parse_error;
}
}
else if (!strcmp(keyword, "Msg"))
{
if (Msg)
goto parse_error;
if (strlen(value) & 1)
*(--value) = '0';
Msg = hex2bin_m(value, &Msglen);
if (!Msg)
goto parse_error;
}
fputs(olinebuf, out);
/* If key length has changed, generate and output public
* key components of new RSA private key.
*/
if (keylen != current_keylen)
{
BIGNUM *bn_e;
if (rsa)
FIPS_rsa_free(rsa);
rsa = FIPS_rsa_new();
if (!rsa)
goto error;
bn_e = BN_new();
if (!bn_e || !BN_set_word(bn_e, 0x1001))
goto error;
if (!RSA_X931_generate_key_ex(rsa, keylen, bn_e, NULL))
goto error;
BN_free(bn_e);
fputs("n = ", out);
do_bn_print(out, rsa->n);
fputs(RESP_EOL "e = ", out);
do_bn_print(out, rsa->e);
fputs(RESP_EOL, out);
current_keylen = keylen;
}
if (Msg && dgst)
{
if (!rsa_printsig(out, rsa, dgst, Msg, Msglen,
Saltlen))
goto error;
OPENSSL_free(Msg);
Msg = NULL;
}
}
ret = 1;
error:
if (olinebuf)
OPENSSL_free(olinebuf);
if (linebuf)
OPENSSL_free(linebuf);
if (rsa)
FIPS_rsa_free(rsa);
return ret;
parse_error:
fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
goto error;
}
static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
unsigned char *Msg, long Msglen, int Saltlen)
{
int ret = 0;
unsigned char *sigbuf = NULL;
int i, siglen, pad_mode;
/* EVP_PKEY structure */
siglen = RSA_size(rsa);
sigbuf = OPENSSL_malloc(siglen);
if (!sigbuf)
goto error;
if (Saltlen >= 0)
pad_mode = RSA_PKCS1_PSS_PADDING;
else if (Saltlen == -2)
pad_mode = RSA_X931_PADDING;
else
pad_mode = RSA_PKCS1_PADDING;
if (!FIPS_rsa_sign(rsa, Msg, Msglen, dgst, pad_mode, Saltlen, NULL,
sigbuf, (unsigned int *)&siglen))
goto error;
fputs("S = ", out);
for (i = 0; i < siglen; i++)
fprintf(out, "%02X", sigbuf[i]);
fputs(RESP_EOL, out);
ret = 1;
error:
if (sigbuf)
OPENSSL_free(sigbuf);
return ret;
}
#endif

365
fips/rsa/fips_rsavtest.c
View File

@ -1,365 +0,0 @@
/* fips_rsavtest.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2005.
*/
/* ====================================================================
* Copyright (c) 2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define OPENSSL_FIPSAPI
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#ifndef OPENSSL_FIPS
int main(int argc, char *argv[])
{
printf("No FIPS RSA support\n");
return(0);
}
#else
#include <openssl/rsa.h>
#include <openssl/fips.h>
#include "fips_utl.h"
int rsa_vtest(FILE *out, FILE *in, int saltlen);
static int rsa_printver(FILE *out,
BIGNUM *n, BIGNUM *e,
const EVP_MD *dgst,
unsigned char *Msg, long Msglen,
unsigned char *S, long Slen, int Saltlen);
#ifdef FIPS_ALGVS
int fips_rsavtest_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
FILE *in = NULL, *out = NULL;
int ret = 1;
int Saltlen = -1;
fips_algtest_init();
if ((argc > 2) && !strcmp("-saltlen", argv[1]))
{
Saltlen = atoi(argv[2]);
if (Saltlen < 0)
{
fprintf(stderr, "FATAL: Invalid salt length\n");
goto end;
}
argc -= 2;
argv += 2;
}
else if ((argc > 1) && !strcmp("-x931", argv[1]))
{
Saltlen = -2;
argc--;
argv++;
}
if (argc == 1)
in = stdin;
else
in = fopen(argv[1], "r");
if (argc < 2)
out = stdout;
else
out = fopen(argv[2], "w");
if (!in)
{
fprintf(stderr, "FATAL input initialization error\n");
goto end;
}
if (!out)
{
fprintf(stderr, "FATAL output initialization error\n");
goto end;
}
if (!rsa_vtest(out, in, Saltlen))
{
fprintf(stderr, "FATAL RSAVTEST file processing error\n");
goto end;
}
else
ret = 0;
end:
if (in && (in != stdin))
fclose(in);
if (out && (out != stdout))
fclose(out);
return ret;
}
#define RSA_TEST_MAXLINELEN 10240
int rsa_vtest(FILE *out, FILE *in, int Saltlen)
{
char *linebuf, *olinebuf, *p, *q;
char *keyword, *value;
const EVP_MD *dgst = NULL;
BIGNUM *n = NULL, *e = NULL;
unsigned char *Msg = NULL, *S = NULL;
long Msglen, Slen;
int ret = 0;
int lnum = 0;
olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
if (!linebuf || !olinebuf)
goto error;
while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
{
lnum++;
strcpy(linebuf, olinebuf);
keyword = linebuf;
/* Skip leading space */
while (isspace((unsigned char)*keyword))
keyword++;
/* Look for = sign */
p = strchr(linebuf, '=');
/* If no = or starts with [ (for [foo = bar] line) just copy */
if (!p || *keyword=='[')
{
if (fputs(olinebuf, out) < 0)
goto error;
continue;
}
q = p - 1;
/* Remove trailing space */
while (isspace((unsigned char)*q))
*q-- = 0;
*p = 0;
value = p + 1;
/* Remove leading space from value */
while (isspace((unsigned char)*value))
value++;
/* Remove trailing space from value */
p = value + strlen(value) - 1;
while (*p == '\n' || isspace((unsigned char)*p))
*p-- = 0;
if (!strcmp(keyword, "n"))
{
if (!do_hex2bn(&n,value))
goto parse_error;
}
else if (!strcmp(keyword, "e"))
{
if (!do_hex2bn(&e,value))
goto parse_error;
}
else if (!strcmp(keyword, "SHAAlg"))
{
if (!strcmp(value, "SHA1"))
dgst = EVP_sha1();
else if (!strcmp(value, "SHA224"))
dgst = EVP_sha224();
else if (!strcmp(value, "SHA256"))
dgst = EVP_sha256();
else if (!strcmp(value, "SHA384"))
dgst = EVP_sha384();
else if (!strcmp(value, "SHA512"))
dgst = EVP_sha512();
else
{
fprintf(stderr,
"FATAL: unsupported algorithm \"%s\"\n",
value);
goto parse_error;
}
}
else if (!strcmp(keyword, "Msg"))
{
if (Msg)
goto parse_error;
if (strlen(value) & 1)
*(--value) = '0';
Msg = hex2bin_m(value, &Msglen);
if (!Msg)
goto parse_error;
}
else if (!strcmp(keyword, "S"))
{
if (S)
goto parse_error;
if (strlen(value) & 1)
*(--value) = '0';
S = hex2bin_m(value, &Slen);
if (!S)
goto parse_error;
}
else if (!strcmp(keyword, "Result"))
continue;
else
goto parse_error;
fputs(olinebuf, out);
if (n && e && Msg && S && dgst)
{
if (!rsa_printver(out, n, e, dgst,
Msg, Msglen, S, Slen, Saltlen))
goto error;
OPENSSL_free(Msg);
Msg = NULL;
OPENSSL_free(S);
S = NULL;
}
}
ret = 1;
error:
if (olinebuf)
OPENSSL_free(olinebuf);
if (linebuf)
OPENSSL_free(linebuf);
if (n)
BN_free(n);
if (e)
BN_free(e);
return ret;
parse_error:
fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
goto error;
}
static int rsa_printver(FILE *out,
BIGNUM *n, BIGNUM *e,
const EVP_MD *dgst,
unsigned char *Msg, long Msglen,
unsigned char *S, long Slen, int Saltlen)
{
int ret = 0, r, pad_mode;
/* Setup RSA and EVP_PKEY structures */
RSA *rsa_pubkey = NULL;
unsigned char *buf = NULL;
rsa_pubkey = FIPS_rsa_new();
if (!rsa_pubkey)
goto error;
rsa_pubkey->n = BN_dup(n);
rsa_pubkey->e = BN_dup(e);
if (!rsa_pubkey->n || !rsa_pubkey->e)
goto error;
if (Saltlen >= 0)
pad_mode = RSA_PKCS1_PSS_PADDING;
else if (Saltlen == -2)
pad_mode = RSA_X931_PADDING;
else
pad_mode = RSA_PKCS1_PADDING;
no_err = 1;
r = FIPS_rsa_verify(rsa_pubkey, Msg, Msglen, dgst,
pad_mode, Saltlen, NULL, S, Slen);
no_err = 0;
if (r < 0)
goto error;
if (r == 0)
fputs("Result = F" RESP_EOL, out);
else
fputs("Result = P" RESP_EOL, out);
ret = 1;
error:
if (rsa_pubkey)
FIPS_rsa_free(rsa_pubkey);
if (buf)
OPENSSL_free(buf);
return ret;
}
#endif

161
fips/sha/Makefile
View File

@ -1,161 +0,0 @@
#
# OpenSSL/fips/sha/Makefile
#
DIR= sha
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
EXE_EXT=
ASFLAGS= $(INCLUDES) $(ASFLAG)
AFLAGS= $(ASFLAGS)
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST= fips_shatest.c
APPS=
EXE= fips_standalone_sha1$(EXE_EXT)
LIB=$(TOP)/libcrypto.a
LIBSRC=fips_sha1_selftest.c
LIBOBJ=fips_sha1_selftest.o
SRC= $(LIBSRC)
PROGS= fips_standalone_sha1.c
EXHEADER=
HEADER=
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd $(TOP); $(MAKE) DIRS=fips SDIRS=$(DIR) sub_all)
all: ../fips_standalone_sha1$(EXE_EXT) lib
lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib
../fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o
if [ -z "$(HOSTCC)" ] ; then \
FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha1dgst.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
$(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM ; \
else \
$(HOSTCC) $(HOSTCFLAGS) -o $ $@ -I../../include -I../../crypto fips_standalone_sha1.c ../../crypto/sha/sha1dgst.c ; \
fi
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
install:
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done
tags:
ctags $(SRC)
tests:
Q=../testvectors/sha/req
A=../testvectors/sha/rsp
VECTORS = SHA1LongMsg \
SHA1Monte \
SHA1ShortMsg \
SHA224LongMsg \
SHA224Monte \
SHA224ShortMsg \
SHA256LongMsg \
SHA256Monte \
SHA256ShortMsg \
SHA384LongMsg \
SHA384Monte \
SHA384ShortMsg \
SHA512LongMsg \
SHA512Monte \
SHA512ShortMsg
fips_test:
-rm -rf $(A)
mkdir $(A)
for file in $(VECTORS); do \
if [ -f $(Q)/$$file.req ]; then \
$(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_shatest $(Q)/$$file.req $(A)/$$file.rsp; \
fi; \
done
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips_sha1_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_sha1_selftest.o: ../../include/openssl/crypto.h
fips_sha1_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
fips_sha1_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_sha1_selftest.o: ../../include/openssl/lhash.h
fips_sha1_selftest.o: ../../include/openssl/obj_mac.h
fips_sha1_selftest.o: ../../include/openssl/objects.h
fips_sha1_selftest.o: ../../include/openssl/opensslconf.h
fips_sha1_selftest.o: ../../include/openssl/opensslv.h
fips_sha1_selftest.o: ../../include/openssl/ossl_typ.h
fips_sha1_selftest.o: ../../include/openssl/safestack.h
fips_sha1_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
fips_sha1_selftest.o: ../../include/openssl/symhacks.h fips_sha1_selftest.c
fips_shatest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_shatest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_shatest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
fips_shatest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
fips_shatest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_shatest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
fips_shatest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
fips_shatest.o: ../../include/openssl/objects.h
fips_shatest.o: ../../include/openssl/opensslconf.h
fips_shatest.o: ../../include/openssl/opensslv.h
fips_shatest.o: ../../include/openssl/ossl_typ.h
fips_shatest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_shatest.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_shatest.c
fips_standalone_sha1.o: ../../include/openssl/asn1.h
fips_standalone_sha1.o: ../../include/openssl/bio.h
fips_standalone_sha1.o: ../../include/openssl/crypto.h
fips_standalone_sha1.o: ../../include/openssl/e_os2.h
fips_standalone_sha1.o: ../../include/openssl/evp.h
fips_standalone_sha1.o: ../../include/openssl/fips.h
fips_standalone_sha1.o: ../../include/openssl/hmac.h
fips_standalone_sha1.o: ../../include/openssl/obj_mac.h
fips_standalone_sha1.o: ../../include/openssl/objects.h
fips_standalone_sha1.o: ../../include/openssl/opensslconf.h
fips_standalone_sha1.o: ../../include/openssl/opensslv.h
fips_standalone_sha1.o: ../../include/openssl/ossl_typ.h
fips_standalone_sha1.o: ../../include/openssl/safestack.h
fips_standalone_sha1.o: ../../include/openssl/sha.h
fips_standalone_sha1.o: ../../include/openssl/stack.h
fips_standalone_sha1.o: ../../include/openssl/symhacks.h fips_standalone_sha1.c

94
fips/sha/fips_sha1_selftest.c
View File

@ -1,94 +0,0 @@
/* ====================================================================
* Copyright (c) 2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/evp.h>
#include <openssl/sha.h>
#ifdef OPENSSL_FIPS
static const unsigned char test[][60]=
{
"",
"abc",
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
};
__fips_constseg
static const unsigned char ret[][SHA_DIGEST_LENGTH]=
{
{ 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55,
0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 },
{ 0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d },
{ 0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 },
};
int FIPS_selftest_sha1()
{
int rv = 1;
size_t i;
for(i=0 ; i <sizeof(test)/sizeof(test[0]) ; i++)
{
if (!fips_pkey_signature_test(FIPS_TEST_DIGEST, NULL,
test[i], 0,
ret[i], 20,
EVP_sha1(), 0,
"SHA1 Digest"))
rv = 0;
}
return rv;
}
#endif

387
fips/sha/fips_shatest.c
View File

@ -1,387 +0,0 @@
/* fips_shatest.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2005.
*/
/* ====================================================================
* Copyright (c) 2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define OPENSSL_FIPSAPI
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#ifndef OPENSSL_FIPS
int main(int argc, char *argv[])
{
printf("No FIPS SHAXXX support\n");
return(0);
}
#else
#include <openssl/fips.h>
#include "fips_utl.h"
static int dgst_test(FILE *out, FILE *in);
static int print_dgst(const EVP_MD *md, FILE *out,
unsigned char *Msg, int Msglen);
static int print_monte(const EVP_MD *md, FILE *out,
unsigned char *Seed, int SeedLen);
#ifdef FIPS_ALGVS
int fips_shatest_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
FILE *in = NULL, *out = NULL;
int ret = 1;
fips_algtest_init();
if (argc == 1)
in = stdin;
else
in = fopen(argv[1], "r");
if (argc < 2)
out = stdout;
else
out = fopen(argv[2], "w");
if (!in)
{
fprintf(stderr, "FATAL input initialization error\n");
goto end;
}
if (!out)
{
fprintf(stderr, "FATAL output initialization error\n");
goto end;
}
if (!dgst_test(out, in))
{
fprintf(stderr, "FATAL digest file processing error\n");
goto end;
}
else
ret = 0;
end:
if (in && (in != stdin))
fclose(in);
if (out && (out != stdout))
fclose(out);
return ret;
}
#define SHA_TEST_MAX_BITS 102400
#define SHA_TEST_MAXLINELEN (((SHA_TEST_MAX_BITS >> 3) * 2) + 100)
int dgst_test(FILE *out, FILE *in)
{
const EVP_MD *md = NULL;
char *linebuf, *olinebuf, *p, *q;
char *keyword, *value;
unsigned char *Msg = NULL, *Seed = NULL;
long MsgLen = -1, Len = -1, SeedLen = -1;
int ret = 0;
int lnum = 0;
olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
if (!linebuf || !olinebuf)
goto error;
while (fgets(olinebuf, SHA_TEST_MAXLINELEN, in))
{
lnum++;
strcpy(linebuf, olinebuf);
keyword = linebuf;
/* Skip leading space */
while (isspace((unsigned char)*keyword))
keyword++;
/* Look for = sign */
p = strchr(linebuf, '=');
/* If no = or starts with [ (for [L=20] line) just copy */
if (!p)
{
fputs(olinebuf, out);
continue;
}
q = p - 1;
/* Remove trailing space */
while (isspace((unsigned char)*q))
*q-- = 0;
*p = 0;
value = p + 1;
/* Remove leading space from value */
while (isspace((unsigned char)*value))
value++;
/* Remove trailing space from value */
p = value + strlen(value) - 1;
while (*p == '\n' || isspace((unsigned char)*p))
*p-- = 0;
if (!strcmp(keyword,"[L") && *p==']')
{
switch (atoi(value))
{
case 20: md=EVP_sha1(); break;
case 28: md=EVP_sha224(); break;
case 32: md=EVP_sha256(); break;
case 48: md=EVP_sha384(); break;
case 64: md=EVP_sha512(); break;
default: goto parse_error;
}
}
else if (!strcmp(keyword, "Len"))
{
if (Len != -1)
goto parse_error;
Len = atoi(value);
if (Len < 0)
goto parse_error;
/* Only handle multiples of 8 bits */
if (Len & 0x7)
goto parse_error;
if (Len > SHA_TEST_MAX_BITS)
goto parse_error;
MsgLen = Len >> 3;
}
else if (!strcmp(keyword, "Msg"))
{
long tmplen;
if (strlen(value) & 1)
*(--value) = '0';
if (Msg)
goto parse_error;
Msg = hex2bin_m(value, &tmplen);
if (!Msg)
goto parse_error;
}
else if (!strcmp(keyword, "Seed"))
{
if (strlen(value) & 1)
*(--value) = '0';
if (Seed)
goto parse_error;
Seed = hex2bin_m(value, &SeedLen);
if (!Seed)
goto parse_error;
}
else if (!strcmp(keyword, "MD"))
continue;
else
goto parse_error;
fputs(olinebuf, out);
if (md && Msg && (MsgLen >= 0))
{
if (!print_dgst(md, out, Msg, MsgLen))
goto error;
OPENSSL_free(Msg);
Msg = NULL;
MsgLen = -1;
Len = -1;
}
else if (md && Seed && (SeedLen > 0))
{
if (!print_monte(md, out, Seed, SeedLen))
goto error;
OPENSSL_free(Seed);
Seed = NULL;
SeedLen = -1;
}
}
ret = 1;
error:
if (olinebuf)
OPENSSL_free(olinebuf);
if (linebuf)
OPENSSL_free(linebuf);
if (Msg)
OPENSSL_free(Msg);
if (Seed)
OPENSSL_free(Seed);
return ret;
parse_error:
fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
goto error;
}
static int print_dgst(const EVP_MD *emd, FILE *out,
unsigned char *Msg, int Msglen)
{
int i, mdlen;
unsigned char md[EVP_MAX_MD_SIZE];
if (!FIPS_digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd))
{
fputs("Error calculating HASH\n", stderr);
return 0;
}
fputs("MD = ", out);
for (i = 0; i < mdlen; i++)
fprintf(out, "%02x", md[i]);
fputs(RESP_EOL, out);
return 1;
}
static int print_monte(const EVP_MD *md, FILE *out,
unsigned char *Seed, int SeedLen)
{
unsigned int i, j, k;
int ret = 0;
EVP_MD_CTX ctx;
unsigned char *m1, *m2, *m3, *p;
unsigned int mlen, m1len, m2len, m3len;
FIPS_md_ctx_init(&ctx);
if (SeedLen > EVP_MAX_MD_SIZE)
mlen = SeedLen;
else
mlen = EVP_MAX_MD_SIZE;
m1 = OPENSSL_malloc(mlen);
m2 = OPENSSL_malloc(mlen);
m3 = OPENSSL_malloc(mlen);
if (!m1 || !m2 || !m3)
goto mc_error;
m1len = m2len = m3len = SeedLen;
memcpy(m1, Seed, SeedLen);
memcpy(m2, Seed, SeedLen);
memcpy(m3, Seed, SeedLen);
fputs(RESP_EOL, out);
for (j = 0; j < 100; j++)
{
for (i = 0; i < 1000; i++)
{
FIPS_digestinit(&ctx, md);
FIPS_digestupdate(&ctx, m1, m1len);
FIPS_digestupdate(&ctx, m2, m2len);
FIPS_digestupdate(&ctx, m3, m3len);
p = m1;
m1 = m2;
m1len = m2len;
m2 = m3;
m2len = m3len;
m3 = p;
FIPS_digestfinal(&ctx, m3, &m3len);
}
fprintf(out, "COUNT = %d" RESP_EOL, j);
fputs("MD = ", out);
for (k = 0; k < m3len; k++)
fprintf(out, "%02x", m3[k]);
fputs(RESP_EOL RESP_EOL, out);
memcpy(m1, m3, m3len);
memcpy(m2, m3, m3len);
m1len = m2len = m3len;
}
ret = 1;
mc_error:
if (m1)
OPENSSL_free(m1);
if (m2)
OPENSSL_free(m2);
if (m3)
OPENSSL_free(m3);
FIPS_md_ctx_cleanup(&ctx);
return ret;
}
#endif

175
fips/sha/fips_standalone_sha1.c
View File

@ -1,175 +0,0 @@
/* ====================================================================
* Copyright (c) 2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <openssl/fips.h>
#ifndef FIPSCANISTER_O
int FIPS_selftest_failed() { return 0; }
void FIPS_selftest_check() {}
void OPENSSL_cleanse(void *p,size_t len) {}
unsigned int OPENSSL_ia32cap_P[2];
#endif
#ifdef OPENSSL_FIPS
static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
const char *key)
{
size_t len=strlen(key);
int i;
unsigned char keymd[HMAC_MAX_MD_CBLOCK];
unsigned char pad[HMAC_MAX_MD_CBLOCK];
if (len > SHA_CBLOCK)
{
SHA1_Init(md_ctx);
SHA1_Update(md_ctx,key,len);
SHA1_Final(keymd,md_ctx);
len=20;
}
else
memcpy(keymd,key,len);
memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len);
for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
pad[i]=0x36^keymd[i];
SHA1_Init(md_ctx);
SHA1_Update(md_ctx,pad,SHA_CBLOCK);
for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
pad[i]=0x5c^keymd[i];
SHA1_Init(o_ctx);
SHA1_Update(o_ctx,pad,SHA_CBLOCK);
}
static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
{
unsigned char buf[20];
SHA1_Final(buf,md_ctx);
SHA1_Update(o_ctx,buf,sizeof buf);
SHA1_Final(md,o_ctx);
}
#endif
int main(int argc,char **argv)
{
#ifdef OPENSSL_FIPS
static char key[]="etaonrishdlcupfm";
int n,binary=0;
if(argc < 2)
{
fprintf(stderr,"%s [<file>]+\n",argv[0]);
exit(1);
}
n=1;
if (!strcmp(argv[n],"-binary"))
{
n++;
binary=1; /* emit binary fingerprint... */
}
for(; n < argc ; ++n)
{
FILE *f=fopen(argv[n],"rb");
SHA_CTX md_ctx,o_ctx;
unsigned char md[20];
int i;
if(!f)
{
perror(argv[n]);
exit(2);
}
hmac_init(&md_ctx,&o_ctx,key);
for( ; ; )
{
char buf[1024];
size_t l=fread(buf,1,sizeof buf,f);
if(l == 0)
{
if(ferror(f))
{
perror(argv[n]);
exit(3);
}
else
break;
}
SHA1_Update(&md_ctx,buf,l);
}
hmac_final(md,&md_ctx,&o_ctx);
if (binary)
{
fwrite(md,20,1,stdout);
break; /* ... for single(!) file */
}
printf("HMAC-SHA1(%s)= ",argv[n]);
for(i=0 ; i < 20 ; ++i)
printf("%02x",md[i]);
printf("\n");
}
#endif
return 0;
}

26
fips/tools/README
View File

@ -1,26 +0,0 @@
FIPS tools explained
====================
api_list.pl
a script to produce an API description, saying what parameters are
for input, output or both.
Most often, the direction of a parameter is determined automatically.
However, quite a number of them are educated guesses. Either way,
the information is stored in the file declarations.dat in this
directory, and can be manually corrected; simply go through
declarations.dat, look for any value with the key 'direction'
where the value contains a question mark. Those should be changed
to whatever is true, and the values should be one of the
following:
<- output
-> input
<-> both
api_fns.pm
a module that helps api_list.pl do its job.
declarations.dat
a file of information about public fips symbols. See api_list.pl
above.

336
fips/tools/api_fns.pm
View File

@ -1,336 +0,0 @@
package api_data;
use strict;
use Data::Dumper;
use File::Slurp;
# The basic data store for a declaration is a hash holding the following
# information (let's simply call this structure "declaration"):
# sym => string (the symbol of the declaration)
# symcomment=> string (if there's a comment about this symbol) or undef
# type => string (type definition text, with a '?' where the symbol should be
# kind => 0 (variable)
# 1 (function)
# params => list reference (list of declarations, one for each parameter)
# [only exists when kind = 1]
# direction => 0 (input)
# 1 (output)
# 2 (input and output)
# 3 (output or input and output)
# +4 (guess)
# [only exists when this symbol is a parameter to a function]
# Constructor
sub new {
my $class = shift;
my $self = {};
$self->{DECLARATIONS} = {};
bless($self, $class);
return $self;
}
sub read_declaration_db {
my $self = shift;
my $declaration_file = shift;
my $buf = read_file($declaration_file);
$self->{DECLARATIONS} = eval $buf;
die $@ if $@;
}
sub write_declaration_db {
my $self = shift;
my $declaration_file = shift;
$Data::Dumper::Purity = 1;
open FILE,">".$declaration_file ||
die "Can't open '$declaration_file': $!\n";
print FILE "my ",Data::Dumper->Dump([ $self->{DECLARATIONS} ], [qw(declaration_db)]);
close FILE;
}
sub insert_declaration {
my $self = shift;
my %decl = @_;
my $sym = $decl{sym};
if ($self->{DECLARATIONS}->{$sym}) {
foreach my $k (('sym', 'symcomment','oldsym','objfile','kind')) {
$self->{DECLARATIONS}->{$sym}->{$k} = $decl{$k};
}
if ($self->{DECLARATIONS}->{$sym}->{kind} == 1) {
# Replace parameters only if the kind or type has changed
my $oldp = $self->{DECLARATIONS}->{$sym}->{params};
my $newp = $decl{params};
my $l = scalar(@{$oldp});
for my $pn (0..($l - 1)) {
if ($oldp->[$pn]->{kind} != $newp->[$pn]->{kind}
|| $oldp->[$pn]->{type} ne $newp->[$pn]->{type}) {
$self->{DECLARATIONS}->{$sym}->{params} = $newp;
}
}
}
} else {
$self->{DECLARATIONS}->{$decl{sym}} = { %decl };
}
}
# Input is a simple C declaration, output is a declaration structure
sub _parse_declaration {
my $decl = shift;
my $newname = shift;
my $objfile = shift;
my $namecomment = shift;
my %parsed_decl = ();
my $debug = 0;
print "DEBUG: going to parse: $decl\n" if $debug;
# Start with changing all parens to { and } except the outermost
# Within these, convert all commas to semi-colons
my $s = "";
do {
print "DEBUG: decl: $decl\n" if $debug;
$s = $decl;
if ($decl =~ m/
\(
([^\(\)]*)
\(
([^\(\)]*)
\)
/x) {
print "DEBUG: \`: $`\n" if $debug;
print "DEBUG: 1: $1\n" if $debug;
print "DEBUG: 2: $2\n" if $debug;
print "DEBUG: \': $'\n" if $debug;
my $a = "$`"."("."$1";
my $b = "{"."$2"."}";
my $c = "$'";
print "DEBUG: a: $a\n" if $debug;
print "DEBUG: b: $b\n" if $debug;
print "DEBUG: c: $c\n" if $debug;
$b =~ s/,/;/g;
print "DEBUG: b: $b\n" if $debug;
$decl = $a.$b.$c;
}
} while ($s ne $decl);
# There are types that we look for. The first is the function pointer
# T (*X)(...)
if ($decl =~ m/
^\s*
([^\(]+) # Return type of the function pointed at
\(
\s*\*\s*
([^\)]*) # Function returning or variable holding fn ptr
\)
\s*
\(
([^\)]*) # Parameter for the function pointed at
\)
\s*$
/x) {
print "DEBUG: function pointer variable or function\n" if $debug;
print "DEBUG: 1: $1\n" if $debug;
print "DEBUG: 2: $2\n" if $debug;
print "DEBUG: 3: $3\n" if $debug;
my $tmp1 = $1 . "(*?)" . "(" . $3 . ")";
my $tmp2 = $2;
$tmp1 =~ tr/\{\}\;/(),/; # Convert all braces and semi-colons
# back to parens and commas
$tmp2 =~ tr/\{\}\;/(),/; # Convert all braces and semi-colons
# back to parens and commas
# Parse the symbol part with a fake type. This will determine if
# it's a variable or a function.
my $subdeclaration = _parse_declaration("int " . $tmp2, $newname);
map { $parsed_decl{$_} = $subdeclaration->{$_} } ( "sym",
"kind",
"params" );
$parsed_decl{symcomment} = $namecomment if $namecomment;
$parsed_decl{type} = $tmp1;
}
# If that wasn't it, check for the simple function declaration
# T X(...)
elsif ($decl =~ m/^\s*(.*?\W)(\w+)\s*\(\s*(.*)\s*\)\s*$/) {
print "DEBUG: function\n" if $debug;
print "DEBUG: 1: $1\n" if $debug;
print "DEBUG: 2: $2\n" if $debug;
print "DEBUG: 3: $3\n" if $debug;
$parsed_decl{kind} = 1;
$parsed_decl{type} = $1."?";
$parsed_decl{sym} = $newname ? $newname : $2;
$parsed_decl{symcomment} = $namecomment if $namecomment;
$parsed_decl{oldsym} = $newname ? $2 : undef;
$parsed_decl{params} = [
map { tr/\{\}\;/(),/; _parse_declaration($_,undef,undef,undef) }
grep { !/^\s*void\s*$/ }
split(/\s*,\s*/, $3)
];
}
# If that wasn't it either, try to get a variable
# T X or T X[...]
elsif ($decl =~ m/^\s*(.*\W)(\w+)(\s*\[.*\])?\s*$/) {
print "DEBUG: variable\n" if $debug;
print "DEBUG: 1: $1\n" if $debug;
print "DEBUG: 2: $2\n" if $debug;
$parsed_decl{kind} = 0;
$parsed_decl{type} = $1."?";
$parsed_decl{sym} = $newname ? $newname : $2;
$parsed_decl{symcomment} = $namecomment if $namecomment;
$parsed_decl{oldsym} = $newname ? $2 : undef;
}
# Special for the parameter "..."
elsif ($decl =~ m/^\s*\.\.\.\s*$/) {
%parsed_decl = ( kind => 0, type => "?", sym => "..." );
}
# Otherwise, we got something weird
else {
print "Warning: weird declaration: $decl\n";
%parsed_decl = ( kind => -1, decl => $decl );
}
$parsed_decl{objfile} = $objfile;
print Dumper({ %parsed_decl }) if $debug;
return { %parsed_decl };
}
sub add_declaration {
my $self = shift;
my $parsed = _parse_declaration(@_);
$self->insert_declaration( %{$parsed} );
}
sub complete_directions {
my $self = shift;
foreach my $sym (keys %{$self->{DECLARATIONS}}) {
if ($self->{DECLARATIONS}->{$sym}->{kind} == 1) {
map {
if (!$_->{direction} || $_->{direction} =~ m/\?/) {
if ($_->{type} =~ m/const/) {
$_->{direction} = '->'; # Input
} elsif ($_->{sym} =~ m/ctx/ || $_->{type} =~ m/ctx/i) {
$_->{direction} = '<-?'; # Guess output
} elsif ($_->{type} =~ m/\*/) {
if ($_->{type} =~ m/(short|int|char|size_t)/) {
$_->{direction} = '<-?'; # Guess output
} else {
$_->{direction} = '<-? <->?'; # Guess output or input/output
}
} else {
$_->{direction} = '->'; # Input
}
}
} @{$self->{DECLARATIONS}->{$sym}->{params}};
}
}
}
sub on_all_declarations {
my $self = shift;
my $fn = shift;
foreach my $sym (sort keys %{$self->{DECLARATIONS}}) {
&$fn($self->{DECLARATIONS}->{$sym});
}
}
sub get_function_declaration_strings_from_file {
my $fn = shift;
my %declarations = ();
my $line = "";
my $cppline = "";
my $debug = 0;
foreach my $headerline (`cat $fn`) {
chomp $headerline;
print STDERR "DEBUG0: $headerline\n" if $debug;
# First, treat the line at a CPP level; remove comments, add on more
# lines if there's an ending backslash or an incomplete comment.
# If none of that is true, then remove all comments and check if the
# line starts with a #, skip if it does, otherwise continue.
if ($cppline && $headerline) { $cppline .= " "; }
$cppline .= $headerline;
$cppline =~ s^\"(.|\\\")*\"^@@^g; # Collapse strings
$cppline =~ s^/\*.*?\*/^^g; # Remove all complete comments
print STDERR "DEBUG1: $cppline\n" if $debug;
if ($cppline =~ m/\\$/) { # Keep on reading if the current line ends
# with a backslash
$cppline = $`;
next;
}
next if $cppline =~ m/\/\*/; # Keep on reading if there remains the
# start of a comment
next if $cppline =~ m/"/; # Keep on reading if there remains the
# start of a string
if ($cppline =~ m/^\#/) {
$cppline = "";
next;
}
# Done with the preprocessor part, add the resulting line to the
# line we're putting together to get a statement.
if ($line && $cppline) { $line .= " "; }
$line .= $cppline;
$cppline = "";
$line =~ s%extern\s+\@\@\s+\{%%g; # Remove 'extern "C" {'
$line =~ s%\{[^\{\}]*\}%\$\$%g; # Collapse any compound structure
print STDERR "DEBUG2: $line\n" if $debug;
next if $line =~ m%\{%; # If there is any compound structure start,
# we are not quite done reading.
$line =~ s%\}%%; # Remove a lonely }, it's probably a rest
# from 'extern "C" {'
$line =~ s%^\s+%%; # Remove beginning blanks
$line =~ s%\s+$%%; # Remove trailing blanks
$line =~ s%\s+% %g; # Collapse multiple blanks to one.
if ($line =~ m/;/) {
print STDERR "DEBUG3: $`\n" if $debug;
my $decl = $`; #`; # (emacs is stupid that way)
$line = $'; #'; # (emacs is stupid that way)
# Find the symbol by taking the declaration and fiddling with it:
# (remember, we're just extracting the symbol, so we're allowed
# to cheat here ;-))
# 1. Remove all paired parenthesies, innermost first. While doing
# this, if something like "(* foo)(" is found, this is a
# function pointer; change it to "foo("
# 2. Remove all paired square parenthesies.
# 3. Remove any $$ with surrounding spaces.
# 4. Pick the last word, that's the symbol.
my $tmp;
my $sym = $decl;
print STDERR "DEBUG3.1: $sym\n" if $debug;
do {
$tmp = $sym;
# NOTE: The order of these two is important, and it's also
# important not to use the g modifier.
$sym =~ s/\(\s*\*\s*(\w+)\s*\)\s*\(/$1(/;
$sym =~ s/\([^\(\)]*\)//;
print STDERR "DEBUG3.2: $sym\n" if $debug;
} while ($tmp ne $sym);
do {
$tmp = $sym;
$sym =~ s/\[[^\[\]]*\]//g;
} while ($tmp ne $sym);
$sym =~ s/\s*\$\$\s*//g;
$sym =~ s/.*[\s\*](\w+)\s*$/$1/;
print STDERR "DEBUG4: $sym\n" if $debug;
if ($sym =~ m/\W/) {
print STDERR "Warning[$fn]: didn't find proper symbol in declaration:\n";
print STDERR " decl: $decl\n";
print STDERR " sym: $sym\n";
}
$declarations{$sym} = $decl;
}
}
return %declarations;
}
1;

267
fips/tools/api_list.pl
View File

@ -1,267 +0,0 @@
#!/bin/env perl
#
# Quick and dirty utility to help assemble the mandated (but otherwise
# useless) API documentation. We get the list of external function
# symbols from fipscanister.o, pair those with the source file names
# (from ./fips/fipssyms.h), and map to the object file name containing
# them.
#
# Requires the "nm" and "find" utilities.
# Execure from the root of the FIPS module source code workarea
use HTML::Entities;
use File::Basename;
$here = dirname($0);
require "$here/api_fns.pm";
$_direction_question = ''; # Set to '?' to show "<-?", "<->?" for uncertain directions
print STDERR "Info: finding FIPS renames and reimplementations of OpenSSL symbols\n";
# Get mapping of old (source code) to new (live as renamed) symbols
foreach $file ("./fips/fipssyms.h") {
open(IN, $file) || die "Error opening $file";
# grab pairs until assembler symbols
my $buf = '';
my $reimplementations = 1; # When 1, we're looking at reimplementations
# (not renames) of OpenSSL functions. They
# still have to be saved to get the API.
while (<IN>) {
$reimplementations = 0 if m|^\s*/\*\sRename\ssymbols\s|;
if ($buf) {
$_ = $buf . $_;
$buf = '';
}
if (s/\\\n$//) {
$buf = $_;
next;
}
if (m/\(/) {
($oldname, $newname) = m/#define\s+(\S+)\(.*\)\s+(\S+)\(.*\)/;
} else {
($oldname, $newname) = m/#define\s+(\S+)\s+(\S+)/;
}
$oldname || next;
if (!$reimplementations) {
$oldname{$newname} = $oldname;
}
$oldimpl{$newname} = $oldname;
last if (/assembler/)
}
close(IN);
# %oldname is the mapping of new function names to old
print "<!-- Total of ", scalar(keys %oldname), " mapped symbols in $file -->\n";
}
print STDERR "Info: finding FIPS symbols in object files\n";
# generate list of external function names in fipscanister.o
$file = "./fips/fipscanister.o";
for (`nm -g --defined-only -p -o $file`) {
chomp;
s/^\S+ T // || next;
m/^fips_/ && next;
$fipssyms{$_}++;
$objname =~ s/\.o$/\.\[o\|c\]/;
$objname{$symname} = $objname;
}
# keys %fipssyms is the list of module functions
print "<!-- Total of ", scalar(keys %fipssyms), " functions in $file -->\n";
# grab filename to symbol name mapping, each line is of the format
# ./fips/sha/fips_sha1_selftest.o:00000000 T FIPS_selftest_sha1
# discard the offset and type ":00000000 T".
for (`find . -name '*.o' \\! -name 'fipscanister.o' -exec nm -g --defined-only -p -o {} \\;`) {
($objname, $symname) = m/^(\S+):\S+\s+T+\s+(\S+)/;
$objname || next;
# $fipssyms{$symname} || next;
$objname =~ s/\.o$/\.\[o\|c\]/;
$objname{$symname} = $objname;
}
# %objname is the mapping of new symbol name to (source/object) file name
print "<!-- Total of ", scalar(keys %objname), " functions found in files -->\n";
print STDERR "Info: finding declarations in header files\n";
# grab filenames in include/openssl, run each of them through
# get_function_declarations_from_file (defined in api_fns.pl)
# and collect the result.
%declarations = ();
while (<include/openssl/*.h ./crypto/cryptlib.h>) {
my %decls = api_data::get_function_declaration_strings_from_file($_);
map { $declarations{$_} = $decls{$_} } keys %decls;
}
# %declarations is the mapping of old symbol name to their declaration
print "<!-- Total of ", scalar(keys %declarations), " declarations found in header files -->\n";
# Add the markers FIPS_text_start and FIPS_text_end
$declarations{FIPS_text_start} = "void *FIPS_text_start()";
$declarations{FIPS_text_end} = "void *FIPS_text_end()";
# Read list of API names obtained from edited "nm -g fipscanister.o"
$spill = 0;
sub printer {
foreach (@_) {
if ($_->{kind} >= 0) {
if ($spill) {
print " " x $indent;
print "kind: ",$_->{kind} ? "function" : "variable","\n";
print " " x $indent;
print "sym: ",$_->{sym},"\n";
print " " x $indent;
print "type: ",$_->{type},"\n";
}
if ($_->{kind}) {
$c = 0;
map {
if ($spill) {
print " " x $indent;
printf "param %d:\n", ++$c;
}
$indent += 2;
printer($_);
my $direction = $_->{direction};
if (!$_direction_question) {
$direction =~ s/<-\? <->\?/<->/;
$direction =~ s/\?//g;
}
print " " x $indent,$direction," ",$_->{sym},"\n";
$indent -= 2;
} @{$_->{params}};
if ($_->{type} !~ m/^\s*void\s*$/) {
print " " x $indent;
print "<- Return\n";
}
}
} else {
if ($spill) {
print " " x $indent;
print "decl: ",$_->{decl},"\n";
}
}
}
}
sub html_printer {
my $print_mode = shift; # 0 = print declaration with symbol in bold,
# call recursively with 1 for each parameter,
# call recursively with 2 for each parameter
# 1 = print declaration with sym grey background,
# call recursivelt with 3 for each parameter
# 2 = just print declaration
my $d = shift; # Parsed declaration
my $s = '';
if ($print_mode == 0) {
$d->{sym} || return $s;
my $h = "<hr><br />\n";
$h .= $d->{sym} . ($d->{symcomment} ? " " . $d->{symcomment} : "");
$h .= " in file " . $d->{objfile} . "<br />\n<br />\n";
$s .= '<b>' . $d->{sym} . '</b>';
if ($d->{kind} == 1) {
$s .= '(';
$s .= join(', ',
map {
html_printer(1,$_);
} @{$d->{params}});
$s .= ')';
}
my $t = $d->{type};
$t =~ s/\?/$s/;
$s = $t;
if ($d->{kind} == 1) {
map {
my $direction = $_->{direction};
if (!$_direction_question) {
$direction =~ s/<-\? <->\?/<->/;
$direction =~ s/\?//g;
}
$s .= "<br />\n";
$s .= encode_entities($direction
. "\xA0" x (9 - length($direction)));
$s .= $_->{sym};
} @{$d->{params}};
}
if ($d->{type} !~ m/^\s*void\s*\?$/) {
$s .= "<br />\n";
$s .= encode_entities('<-'.("\xA0" x 7).'Return');
}
$s = $h . $s;
} elsif ($print_mode == 1) {
$s .= '<span style="background: #c0c0c0">' . $d->{sym} . '</span>';
if ($d->{kind} == 1) {
$s .= '(';
$s .= join(', ',
map {
html_printer(3,$_);
} @{$d->{params}});
$s .= ')';
}
my $t = $d->{type};
$t =~ s/\?/$s/;
$s = $t;
} elsif ($print_mode == 2) {
$s .= $d->{sym};
if ($d->{kind} == 1) {
$s .= '(';
$s .= join(', ',
map {
html_printer(2,$_);
} @{$d->{params}});
$s .= ')';
}
my $t = $d->{type};
$t =~ s/\?/$s/;
$s = $t;
}
return $s;
}
print STDERR "Info: building/updating symbol information database\n";
$d = api_data->new();
if (-s "$here/declarations.dat") {
$d->read_declaration_db("$here/declarations.dat");
} else {
print STDERR "Warning: there was no file '$here/declarations.dat'. A new one will be created\n";
}
for (sort keys %fipssyms) {
$newname = $_;
$namecomment = undef;
if ($oldname{$newname}) {
$oldname = $oldname{$newname};
$objname = $objname{$oldname} ? $objname{$oldname} : $objname{$newname};
$namecomment = "(renames $oldname)";
} else {
$objname = $objname{$newname};
}
if ($oldimpl{$newname}) {
$apisym = $oldimpl{$newname};
$namecomment = "(reimplements $apisym)" if !$namecomment;
} else {
$apisym = $newname;
}
$declaration = $declarations{$apisym};
print "<!--\n";
print "$newname\t\t$namecomment\tin file $objname:\n";
print " ",$declaration,"\n ";
$d->add_declaration($declaration,$newname,$objname,$namecomment);
print "-->\n";
}
$d->complete_directions();
$d->write_declaration_db("$here/declarations.dat");
print STDERR "Info: printing output\n";
$d->on_all_declarations(
sub {
my $decl = shift;
#$indent = 2;
#print printer($decl);
print "<p>",html_printer(0,$decl),"</p>\n";
});

7155
fips/tools/declarations.dat
View File

File diff suppressed because it is too large Load Diff

113
fips/utl/Makefile
View File

@ -1,113 +0,0 @@
#
# OpenSSL/fips/utl/Makefile
#
DIR= utl
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST=
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= fips_err.c fips_md.c fips_enc.c fips_lck.c fips_mem.c
LIBOBJ= fips_err.o fips_md.o fips_enc.o fips_lck.o fips_mem.o
SRC= $(LIBSRC)
EXHEADER=
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
install:
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done
tags:
ctags $(SRC)
tests:
depend:
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
fips_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
fips_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
fips_enc.o: ../../include/openssl/opensslconf.h
fips_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
fips_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_enc.o: ../../include/openssl/symhacks.h fips_enc.c
fips_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
fips_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
fips_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
fips_err.o: ../../include/openssl/opensslconf.h
fips_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
fips_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_err.o: ../../include/openssl/symhacks.h fips_err.c
fips_lck.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_lck.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
fips_lck.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_lck.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
fips_lck.o: ../../include/openssl/opensslconf.h
fips_lck.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
fips_lck.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_lck.o: ../../include/openssl/symhacks.h fips_lck.c
fips_md.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_md.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
fips_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_md.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
fips_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
fips_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
fips_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
fips_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fips_md.o: fips_md.c
fips_mem.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
fips_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
fips_mem.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
fips_mem.o: ../../include/openssl/opensslconf.h
fips_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
fips_mem.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_mem.o: ../../include/openssl/symhacks.h fips_mem.c

468
fips/utl/fips_enc.c
View File

@ -1,468 +0,0 @@
/* fipe/evp/fips_enc.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#define OPENSSL_FIPSAPI
#include <stdio.h>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/fips.h>
void FIPS_cipher_ctx_init(EVP_CIPHER_CTX *ctx)
{
memset(ctx,0,sizeof(EVP_CIPHER_CTX));
/* ctx->cipher=NULL; */
}
EVP_CIPHER_CTX *FIPS_cipher_ctx_new(void)
{
EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
if (ctx)
FIPS_cipher_ctx_init(ctx);
return ctx;
}
/* The purpose of these is to trap programs that attempt to use non FIPS
* algorithms in FIPS mode and ignore the errors.
*/
static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{ FIPS_ERROR_IGNORED("Cipher init"); return 0;}
static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{ FIPS_ERROR_IGNORED("Cipher update"); return 0;}
/* NB: no cleanup because it is allowed after failed init */
static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
{ FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
{ FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
{ FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
static const EVP_CIPHER bad_cipher =
{
0,
1,
0,
0,
0,
bad_init,
bad_do_cipher,
NULL,
0,
bad_set_asn1,
bad_get_asn1,
bad_ctrl,
NULL
};
int FIPS_cipherinit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv, int enc)
{
if(FIPS_selftest_failed())
{
FIPSerr(FIPS_F_FIPS_CIPHERINIT,FIPS_R_FIPS_SELFTEST_FAILED);
ctx->cipher = &bad_cipher;
return 0;
}
if (enc == -1)
enc = ctx->encrypt;
else
{
if (enc)
enc = 1;
ctx->encrypt = enc;
}
if (cipher)
{
/* Only FIPS ciphers allowed */
if (FIPS_module_mode() && !(cipher->flags & EVP_CIPH_FLAG_FIPS) &&
!(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
{
EVPerr(EVP_F_FIPS_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
ctx->cipher = &bad_cipher;
return 0;
}
/* Ensure a context left lying around from last time is cleared
* (the previous check attempted to avoid this if the same
* ENGINE and EVP_CIPHER could be used). */
FIPS_cipher_ctx_cleanup(ctx);
/* Restore encrypt field: it is zeroed by cleanup */
ctx->encrypt = enc;
ctx->cipher=cipher;
if (ctx->cipher->ctx_size)
{
ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
if (!ctx->cipher_data)
{
EVPerr(EVP_F_FIPS_CIPHERINIT, ERR_R_MALLOC_FAILURE);
return 0;
}
}
else
{
ctx->cipher_data = NULL;
}
ctx->key_len = cipher->key_len;
ctx->flags = 0;
if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
{
if(!FIPS_cipher_ctx_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
{
EVPerr(EVP_F_FIPS_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
return 0;
}
}
}
else if(!ctx->cipher)
{
EVPerr(EVP_F_FIPS_CIPHERINIT, EVP_R_NO_CIPHER_SET);
return 0;
}
/* we assume block size is a power of 2 in *cryptUpdate */
OPENSSL_assert(ctx->cipher->block_size == 1
|| ctx->cipher->block_size == 8
|| ctx->cipher->block_size == 16);
if(!(M_EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
switch(M_EVP_CIPHER_CTX_mode(ctx)) {
case EVP_CIPH_STREAM_CIPHER:
case EVP_CIPH_ECB_MODE:
break;
case EVP_CIPH_CFB_MODE:
case EVP_CIPH_OFB_MODE:
ctx->num = 0;
/* fall-through */
case EVP_CIPH_CBC_MODE:
OPENSSL_assert(M_EVP_CIPHER_CTX_iv_length(ctx) <=
(int)sizeof(ctx->iv));
if(iv) memcpy(ctx->oiv, iv, M_EVP_CIPHER_CTX_iv_length(ctx));
memcpy(ctx->iv, ctx->oiv, M_EVP_CIPHER_CTX_iv_length(ctx));
break;
case EVP_CIPH_CTR_MODE:
/* Don't reuse IV for CTR mode */
if(iv)
memcpy(ctx->iv, iv, M_EVP_CIPHER_CTX_iv_length(ctx));
break;
default:
return 0;
break;
}
}
if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
}
ctx->buf_len=0;
ctx->final_used=0;
ctx->block_mask=ctx->cipher->block_size-1;
return 1;
}
void FIPS_cipher_ctx_free(EVP_CIPHER_CTX *ctx)
{
if (ctx)
{
FIPS_cipher_ctx_cleanup(ctx);
OPENSSL_free(ctx);
}
}
int FIPS_cipher_ctx_cleanup(EVP_CIPHER_CTX *c)
{
if (c->cipher != NULL)
{
if(c->cipher->cleanup && !c->cipher->cleanup(c))
return 0;
/* Cleanse cipher context data */
if (c->cipher_data)
OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
}
if (c->cipher_data)
OPENSSL_free(c->cipher_data);
memset(c,0,sizeof(EVP_CIPHER_CTX));
return 1;
}
int FIPS_cipher_ctx_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
{
int ret;
if (FIPS_selftest_failed())
{
FIPSerr(FIPS_F_FIPS_CIPHER_CTX_CTRL, FIPS_R_SELFTEST_FAILED);
return 0;
}
if(!ctx->cipher) {
EVPerr(EVP_F_FIPS_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
return 0;
}
if(!ctx->cipher->ctrl) {
EVPerr(EVP_F_FIPS_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
return 0;
}
ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
if(ret == -1) {
EVPerr(EVP_F_FIPS_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
return 0;
}
return ret;
}
int FIPS_cipher_ctx_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
{
if ((in == NULL) || (in->cipher == NULL))
{
EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
return 0;
}
/* Only FIPS ciphers allowed */
if (FIPS_module_mode() && !(in->cipher->flags & EVP_CIPH_FLAG_FIPS) &&
!(out->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
{
EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY, EVP_R_DISABLED_FOR_FIPS);
out->cipher = &bad_cipher;
return 0;
}
FIPS_cipher_ctx_cleanup(out);
memcpy(out,in,sizeof *out);
if (in->cipher_data && in->cipher->ctx_size)
{
out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size);
if (!out->cipher_data)
{
EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE);
return 0;
}
memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size);
}
if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
return 1;
}
/* You can't really set the key length with FIPS, so just check that the
caller sets the length the context already has. */
int FIPS_cipher_ctx_set_key_length(EVP_CIPHER_CTX *ctx, int keylen)
{
if (ctx->key_len == keylen)
return 1;
EVPerr(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH);
return 0;
}
int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl)
{
if (FIPS_selftest_failed())
{
FIPSerr(FIPS_F_FIPS_CIPHER, FIPS_R_SELFTEST_FAILED);
return -1;
}
return ctx->cipher->do_cipher(ctx,out,in,inl);
}
const EVP_CIPHER *FIPS_get_cipherbynid(int nid)
{
switch (nid)
{
case NID_aes_128_cbc:
return FIPS_evp_aes_128_cbc();
case NID_aes_128_ccm:
return FIPS_evp_aes_128_ccm();
case NID_aes_128_cfb1:
return FIPS_evp_aes_128_cfb1();
case NID_aes_128_cfb128:
return FIPS_evp_aes_128_cfb128();
case NID_aes_128_cfb8:
return FIPS_evp_aes_128_cfb8();
case NID_aes_128_ctr:
return FIPS_evp_aes_128_ctr();
case NID_aes_128_ecb:
return FIPS_evp_aes_128_ecb();
case NID_aes_128_gcm:
return FIPS_evp_aes_128_gcm();
case NID_aes_128_ofb128:
return FIPS_evp_aes_128_ofb();
case NID_aes_128_xts:
return FIPS_evp_aes_128_xts();
case NID_aes_192_cbc:
return FIPS_evp_aes_192_cbc();
case NID_aes_192_ccm:
return FIPS_evp_aes_192_ccm();
case NID_aes_192_cfb1:
return FIPS_evp_aes_192_cfb1();
case NID_aes_192_cfb128:
return FIPS_evp_aes_192_cfb128();
case NID_aes_192_cfb8:
return FIPS_evp_aes_192_cfb8();
case NID_aes_192_ctr:
return FIPS_evp_aes_192_ctr();
case NID_aes_192_ecb:
return FIPS_evp_aes_192_ecb();
case NID_aes_192_gcm:
return FIPS_evp_aes_192_gcm();
case NID_aes_192_ofb128:
return FIPS_evp_aes_192_ofb();
case NID_aes_256_cbc:
return FIPS_evp_aes_256_cbc();
case NID_aes_256_ccm:
return FIPS_evp_aes_256_ccm();
case NID_aes_256_cfb1:
return FIPS_evp_aes_256_cfb1();
case NID_aes_256_cfb128:
return FIPS_evp_aes_256_cfb128();
case NID_aes_256_cfb8:
return FIPS_evp_aes_256_cfb8();
case NID_aes_256_ctr:
return FIPS_evp_aes_256_ctr();
case NID_aes_256_ecb:
return FIPS_evp_aes_256_ecb();
case NID_aes_256_gcm:
return FIPS_evp_aes_256_gcm();
case NID_aes_256_ofb128:
return FIPS_evp_aes_256_ofb();
case NID_aes_256_xts:
return FIPS_evp_aes_256_xts();
case NID_des_ede_ecb:
return FIPS_evp_des_ede();
case NID_des_ede3_ecb:
return FIPS_evp_des_ede3();
case NID_des_ede3_cbc:
return FIPS_evp_des_ede3_cbc();
case NID_des_ede3_cfb1:
return FIPS_evp_des_ede3_cfb1();
case NID_des_ede3_cfb64:
return FIPS_evp_des_ede3_cfb64();
case NID_des_ede3_cfb8:
return FIPS_evp_des_ede3_cfb8();
case NID_des_ede3_ofb64:
return FIPS_evp_des_ede3_ofb();
case NID_des_ede_cbc:
return FIPS_evp_des_ede_cbc();
case NID_des_ede_cfb64:
return FIPS_evp_des_ede_cfb64();
case NID_des_ede_ofb64:
return FIPS_evp_des_ede_ofb();
default:
return NULL;
}
}

89
fips/utl/fips_err.c
View File

@ -1,89 +0,0 @@
/* fips/utl/fips_err.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2010 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include <openssl/err.h>
#include <openssl/fips.h>
/* FIPS error callbacks */
static void (*fips_put_error_cb)(int lib, int func,int reason,const char *file,int line) = 0;
static void (*fips_add_error_vdata)(int num, va_list args) = 0;
void FIPS_put_error(int lib, int func,int reason,const char *file,int line)
{
if (fips_put_error_cb)
fips_put_error_cb(lib, func, reason, file, line);
}
void FIPS_add_error_data(int num, ...)
{
if (fips_add_error_vdata)
{
va_list args;
va_start(args, num);
fips_add_error_vdata(num, args);
va_end(args);
}
}
void FIPS_set_error_callbacks(
void (*put_cb)(int lib, int func,int reason,const char *file,int line),
void (*add_cb)(int num, va_list args) )
{
fips_put_error_cb = put_cb;
fips_add_error_vdata = add_cb;
}

87
fips/utl/fips_lck.c
View File

@ -1,87 +0,0 @@
/* fips/utl/fips_lck.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include <openssl/evp.h>
#include <openssl/fips.h>
/* FIPS locking callbacks */
static void (*fips_lck_cb)(int mode, int type,const char *file,int line) = 0;
static int (*fips_add_cb)(int *pointer, int amount, int type, const char *file,
int line);
void FIPS_lock(int mode, int type,const char *file,int line)
{
if (fips_lck_cb)
fips_lck_cb(mode, type, file, line);
}
void FIPS_set_locking_callbacks(void (*func)(int mode, int type,
const char *file,int line),
int (*add_cb)(int *pointer, int amount,
int type, const char *file, int line))
{
fips_lck_cb = func;
fips_add_cb = add_cb;
}
int FIPS_add_lock(int *pointer, int amount, int type, const char *file,
int line)
{
if (fips_add_cb)
return fips_add_cb(pointer, amount, type, file, line);
*pointer += amount;
return *pointer;
}

347
fips/utl/fips_md.c
View File

@ -1,347 +0,0 @@
/* fips/evp/fips_md.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* Minimal standalone FIPS versions of Digest operations */
#define OPENSSL_FIPSAPI
#include <stdio.h>
#include <string.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/fips.h>
void FIPS_md_ctx_init(EVP_MD_CTX *ctx)
{
memset(ctx,'\0',sizeof *ctx);
}
EVP_MD_CTX *FIPS_md_ctx_create(void)
{
EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
if (ctx)
FIPS_md_ctx_init(ctx);
return ctx;
}
/* The purpose of these is to trap programs that attempt to use non FIPS
* algorithms in FIPS mode and ignore the errors.
*/
static int bad_init(EVP_MD_CTX *ctx)
{ FIPS_ERROR_IGNORED("Digest init"); return 0;}
static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count)
{ FIPS_ERROR_IGNORED("Digest update"); return 0;}
static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
{ FIPS_ERROR_IGNORED("Digest Final"); return 0;}
static const EVP_MD bad_md =
{
0,
0,
0,
0,
bad_init,
bad_update,
bad_final,
NULL,
NULL,
NULL,
0,
{0,0,0,0},
};
int FIPS_digestinit(EVP_MD_CTX *ctx, const EVP_MD *type)
{
M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
if(FIPS_selftest_failed())
{
FIPSerr(FIPS_F_FIPS_DIGESTINIT,FIPS_R_FIPS_SELFTEST_FAILED);
ctx->digest = &bad_md;
ctx->update = bad_update;
return 0;
}
if(FIPS_module_mode() && !(type->flags & EVP_MD_FLAG_FIPS) &&
!(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
{
EVPerr(EVP_F_FIPS_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS);
ctx->digest = &bad_md;
ctx->update = bad_update;
return 0;
}
if (ctx->digest != type)
{
if (ctx->digest && ctx->digest->ctx_size)
OPENSSL_free(ctx->md_data);
ctx->digest=type;
if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size)
{
ctx->update = type->update;
ctx->md_data=OPENSSL_malloc(type->ctx_size);
if (ctx->md_data == NULL)
{
EVPerr(EVP_F_FIPS_DIGESTINIT,
ERR_R_MALLOC_FAILURE);
return 0;
}
}
}
if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
return 1;
return ctx->digest->init(ctx);
}
int FIPS_digestupdate(EVP_MD_CTX *ctx, const void *data, size_t count)
{
if (FIPS_selftest_failed())
{
FIPSerr(FIPS_F_FIPS_DIGESTUPDATE, FIPS_R_SELFTEST_FAILED);
return 0;
}
return ctx->update(ctx,data,count);
}
/* The caller can assume that this removes any secret data from the context */
int FIPS_digestfinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
{
int ret;
if (FIPS_selftest_failed())
{
FIPSerr(FIPS_F_FIPS_DIGESTFINAL, FIPS_R_SELFTEST_FAILED);
return 0;
}
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret=ctx->digest->final(ctx,md);
if (size != NULL)
*size=ctx->digest->md_size;
if (ctx->digest->cleanup)
{
ctx->digest->cleanup(ctx);
M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
}
memset(ctx->md_data,0,ctx->digest->ctx_size);
return ret;
}
int FIPS_digest(const void *data, size_t count,
unsigned char *md, unsigned int *size, const EVP_MD *type)
{
EVP_MD_CTX ctx;
int ret;
FIPS_md_ctx_init(&ctx);
M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
ret=FIPS_digestinit(&ctx, type)
&& FIPS_digestupdate(&ctx, data, count)
&& FIPS_digestfinal(&ctx, md, size);
FIPS_md_ctx_cleanup(&ctx);
return ret;
}
void FIPS_md_ctx_destroy(EVP_MD_CTX *ctx)
{
FIPS_md_ctx_cleanup(ctx);
OPENSSL_free(ctx);
}
/* This call frees resources associated with the context */
int FIPS_md_ctx_cleanup(EVP_MD_CTX *ctx)
{
/* Don't assume ctx->md_data was cleaned in FIPS_digest_Final,
* because sometimes only copies of the context are ever finalised.
*/
if (ctx->digest && ctx->digest->cleanup
&& !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
ctx->digest->cleanup(ctx);
if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
&& !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
{
OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
OPENSSL_free(ctx->md_data);
}
memset(ctx,'\0',sizeof *ctx);
return 1;
}
int FIPS_md_ctx_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
{
unsigned char *tmp_buf;
if ((in == NULL) || (in->digest == NULL))
{
EVPerr(EVP_F_FIPS_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
return 0;
}
if (out->digest == in->digest)
{
tmp_buf = out->md_data;
M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
}
else tmp_buf = NULL;
FIPS_md_ctx_cleanup(out);
memcpy(out,in,sizeof *out);
if (in->md_data && out->digest->ctx_size)
{
if (tmp_buf)
out->md_data = tmp_buf;
else
{
out->md_data=OPENSSL_malloc(out->digest->ctx_size);
if (!out->md_data)
{
EVPerr(EVP_F_FIPS_MD_CTX_COPY,ERR_R_MALLOC_FAILURE);
return 0;
}
}
memcpy(out->md_data,in->md_data,out->digest->ctx_size);
}
out->update = in->update;
if (out->digest->copy)
return out->digest->copy(out,in);
return 1;
}
const EVP_MD *FIPS_get_digestbynid(int nid)
{
switch (nid)
{
case NID_sha1:
return EVP_sha1();
case NID_sha224:
return EVP_sha224();
case NID_sha256:
return EVP_sha256();
case NID_sha384:
return EVP_sha384();
case NID_sha512:
return EVP_sha512();
default:
return NULL;
}
}

94
fips/utl/fips_mem.c
View File

@ -1,94 +0,0 @@
/* fips/utl/fips_mem.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2010 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include <openssl/err.h>
#include <openssl/fips.h>
/* Default malloc implementations */
static void *fips_malloc_def(int num, const char *file, int line)
{
return malloc(num);
}
static void fips_free_def(void *x)
{
free(x);
}
/* FIPS memory allocation callbacks */
static void *(*fips_malloc_cb)(int num, const char *file, int line) =
fips_malloc_def;
static void (*fips_free_cb)(void *) =
fips_free_def;
void *FIPS_malloc(int num, const char *file, int line)
{
return fips_malloc_cb(num, file, line);
}
void FIPS_free(void *x)
{
fips_free_cb(x);
}
void FIPS_set_malloc_callbacks(
void *(*malloc_cb)(int num, const char *file, int line),
void (*free_cb)(void *))
{
fips_malloc_cb = malloc_cb;
fips_free_cb = free_cb;
}

15
util/arx.pl
View File

@ -1,15 +0,0 @@
#!/bin/perl
# Simple perl script to wrap round "ar" program and exclude any
# object files in the environment variable EXCL_OBJ
map { s/^.*\/([^\/]*)$/$1/ ; $EXCL{$_} = 1} split(' ', $ENV{EXCL_OBJ});
#my @ks = keys %EXCL;
#print STDERR "Excluding: @ks \n";
my @ARGS = grep { !exists $EXCL{$_} } @ARGV;
system @ARGS;
exit $? >> 8;

93
util/fipsas.pl
View File

@ -1,93 +0,0 @@
# FIPS assembly language preprocessor
# Renames all symbols in the file to
# their modified fips versions.
my @ARGS = @ARGV;
my $top = shift @ARGS;
my $target = shift @ARGS;
my $tmptarg = $target;
$tmptarg =~ s/\.[^\\\/\.]+$/.tmp/;
my $runasm = 1;
if ($ARGS[0] eq "norunasm")
{
$runasm = 0;
shift @ARGS;
}
my $enabled = 0;
$enabled = 1 if $ENV{FIPSCANISTERINTERNAL} eq "y";
if ($enabled == 0 && $runasm)
{
system @ARGS;
exit $?
}
# Open symbol rename file.
open(IN, "$top/fips/fipssyms.h") || die "Can't open fipssyms.h";
# Skip to assembler symbols
while (<IN>)
{
last if (/assembler/)
}
# Store all renames.
while (<IN>)
{
if (/^#define\s+(\w+)\s+(\w+)\b/)
{
$edits{$1} = $2;
}
}
my ($from, $to);
#delete any temp file lying around
unlink $tmptarg;
#rename target temporarily
rename($target, $tmptarg) || die "Can't rename $target";
#edit target
open(IN,$tmptarg) || die "Can't open temporary file";
open(OUT, ">$target") || die "Can't open output file $target";
while (<IN>)
{
while (($from, $to) = each %edits)
{
s/(\b_*)$from(\b)/$1$to$2/g;
}
print OUT $_;
}
close OUT;
if ($runasm)
{
# run assembler
system @ARGS;
my $rv = $?;
# restore target
unlink $target;
rename $tmptarg, $target;
die "Error executing assembler!" if $rv != 0;
}
else
{
# Don't care about target
unlink $tmptarg;
}