Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
compat-openssl098.2467
openssl-fips__0230_sha256_sha512_selftests.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-fips__0230_sha256_sha512_selftests.diff of Package compat-openssl098.2467
diff -rNU 20 ../openssl-0.9.8j-o/crypto/fips_err.h ./crypto/fips_err.h --- ../openssl-0.9.8j-o/crypto/fips_err.h 2008-09-17 00:48:18.000000000 +0200 +++ ./crypto/fips_err.h 2011-11-01 00:01:16.000000000 +0100 @@ -71,40 +71,42 @@ static ERR_STRING_DATA FIPS_str_functs[]= { {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"}, {ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"}, {ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, {ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "FIPS_CHECK_DSA"}, {ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT), "FIPS_CHECK_INCORE_FINGERPRINT"}, {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "FIPS_CHECK_RSA"}, {ERR_FUNC(FIPS_F_FIPS_DSA_CHECK), "FIPS_DSA_CHECK"}, {ERR_FUNC(FIPS_F_FIPS_MODE_SET), "FIPS_mode_set"}, {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey_signature_test"}, {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES), "FIPS_selftest_aes"}, {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des"}, {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"}, {ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"}, {ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG), "FIPS_selftest_rng"}, {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"}, +{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA256), "FIPS_selftest_sha256"}, +{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA512), "FIPS_selftest_sha512"}, {ERR_FUNC(FIPS_F_HASH_FINAL), "HASH_FINAL"}, {ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, {ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY_EX), "RSA_X931_generate_key_ex"}, {ERR_FUNC(FIPS_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, {0,NULL} }; static ERR_STRING_DATA FIPS_str_reasons[]= { {ERR_REASON(FIPS_R_CANNOT_READ_EXE) ,"cannot read exe"}, {ERR_REASON(FIPS_R_CANNOT_READ_EXE_DIGEST),"cannot read exe digest"}, {ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"contradicting evidence"}, {ERR_REASON(FIPS_R_EXE_DIGEST_DOES_NOT_MATCH),"exe digest does not match"}, {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH),"fingerprint does not match"}, {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED),"fingerprint does not match nonpic relocated"}, {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING),"fingerprint does not match segment aliasing"}, diff -rNU 20 ../openssl-0.9.8j-o/fips/fips.c ./fips/fips.c --- ../openssl-0.9.8j-o/fips/fips.c 2011-10-28 13:43:36.000000000 +0200 +++ ./fips/fips.c 2011-11-01 00:53:09.000000000 +0100 @@ -147,40 +147,42 @@ * overhead possible to avoid too big a performance hit. */ void FIPS_selftest_check(void) { if (fips_selftest_fail) { OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE"); } } void fips_set_selftest_fail(void) { fips_selftest_fail = 1; } int FIPS_selftest() { return FIPS_selftest_sha1() + && FIPS_selftest_sha256() + && FIPS_selftest_sha512() && FIPS_selftest_hmac() && FIPS_selftest_aes() && FIPS_selftest_des() && FIPS_selftest_rsa() && FIPS_selftest_dsa(); } #if 0 extern const void *FIPS_text_start(), *FIPS_text_end(); extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[]; unsigned char FIPS_signature [20] = { 0 }; static const char FIPS_hmac_key[]="etaonrishdlcupfm"; unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len) { const unsigned char *p1 = FIPS_text_start(); const unsigned char *p2 = FIPS_text_end(); const unsigned char *p3 = FIPS_rodata_start; const unsigned char *p4 = FIPS_rodata_end; HMAC_CTX c; diff -rNU 20 ../openssl-0.9.8j-o/fips/fips.h ./fips/fips.h --- ../openssl-0.9.8j-o/fips/fips.h 2008-09-16 12:12:09.000000000 +0200 +++ ./fips/fips.h 2011-11-01 00:51:48.000000000 +0100 @@ -55,40 +55,44 @@ #ifdef OPENSSL_FIPS #ifdef __cplusplus extern "C" { #endif struct dsa_st; struct evp_pkey_st; struct env_md_st; struct evp_cipher_st; struct evp_cipher_ctx_st; int FIPS_mode_set(int onoff); int FIPS_mode(void); const void *FIPS_rand_check(void); int FIPS_selftest_failed(void); void FIPS_selftest_check(void); void FIPS_corrupt_sha1(void); int FIPS_selftest_sha1(void); +void FIPS_corrupt_sha256(void); +int FIPS_selftest_sha256(void); +void FIPS_corrupt_sha512(void); +int FIPS_selftest_sha512(void); void FIPS_corrupt_aes(void); int FIPS_selftest_aes(void); void FIPS_corrupt_des(void); int FIPS_selftest_des(void); void FIPS_corrupt_rsa(void); void FIPS_corrupt_rsa_keygen(void); int FIPS_selftest_rsa(void); void FIPS_corrupt_dsa(void); void FIPS_corrupt_dsa_keygen(void); int FIPS_selftest_dsa(void); void FIPS_corrupt_rng(void); void FIPS_rng_stick(void); int FIPS_selftest_rng(void); int FIPS_selftest_hmac(void); int fips_pkey_signature_test(struct evp_pkey_st *pkey, const unsigned char *tbs, int tbslen, const unsigned char *kat, unsigned int katlen, const struct env_md_st *digest, unsigned int md_flags, const char *fail_str); @@ -120,40 +124,44 @@ #define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105 #define FIPS_F_FIPS_CHECK_RSA 106 #define FIPS_F_FIPS_DSA_CHECK 107 #define FIPS_F_FIPS_MODE_SET 108 #define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109 #define FIPS_F_FIPS_SELFTEST_AES 110 #define FIPS_F_FIPS_SELFTEST_DES 111 #define FIPS_F_FIPS_SELFTEST_DSA 112 #define FIPS_F_FIPS_SELFTEST_HMAC 113 #define FIPS_F_FIPS_SELFTEST_RNG 114 #define FIPS_F_FIPS_SELFTEST_SHA1 115 #define FIPS_F_HASH_FINAL 123 #define FIPS_F_RSA_BUILTIN_KEYGEN 116 #define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 117 #define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 118 #define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 119 #define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 120 #define FIPS_F_RSA_X931_GENERATE_KEY_EX 121 #define FIPS_F_SSLEAY_RAND_BYTES 122 +#define FIPS_F_FIPS_SELFTEST_SHA256 130 +#define FIPS_F_FIPS_SELFTEST_SHA512 131 + + /* Reason codes. */ #define FIPS_R_CANNOT_READ_EXE 103 #define FIPS_R_CANNOT_READ_EXE_DIGEST 104 #define FIPS_R_CONTRADICTING_EVIDENCE 114 #define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH 105 #define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110 #define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111 #define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112 #define FIPS_R_FIPS_MODE_ALREADY_SET 102 #define FIPS_R_FIPS_SELFTEST_FAILED 106 #define FIPS_R_INVALID_KEY_LENGTH 109 #define FIPS_R_KEY_TOO_SHORT 108 #define FIPS_R_NON_FIPS_METHOD 100 #define FIPS_R_PAIRWISE_TEST_FAILED 107 #define FIPS_R_RSA_DECRYPT_ERROR 115 #define FIPS_R_RSA_ENCRYPT_ERROR 116 #define FIPS_R_SELFTEST_FAILED 101 #define FIPS_R_TEST_FAILURE 117 #define FIPS_R_UNSUPPORTED_PLATFORM 113 diff -rNU 20 ../openssl-0.9.8j-o/fips/sha/fips_sha1_selftest.c ./fips/sha/fips_sha1_selftest.c --- ../openssl-0.9.8j-o/fips/sha/fips_sha1_selftest.c 2008-09-16 12:12:23.000000000 +0200 +++ ./fips/sha/fips_sha1_selftest.c 2011-11-01 00:51:57.000000000 +0100 @@ -44,54 +44,145 @@ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include <string.h> #include <openssl/err.h> #include <openssl/fips.h> #include <openssl/evp.h> #include <openssl/sha.h> #ifdef OPENSSL_FIPS static char test[][60]= { "", "abc", "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }; +static char test256[][60]= + { + "", + "abc", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + }; + +static char test512[][60]= + { + "", + "abc", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + }; + + static const unsigned char ret[][SHA_DIGEST_LENGTH]= { { 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55, 0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 }, { 0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e, 0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d }, { 0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae, 0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 }, }; + +static const unsigned char ret256[][SHA256_DIGEST_LENGTH]= + { + { 0xe3,0xb0,0xc4,0x42,0x98,0xfc,0x1c,0x14,0x9a,0xfb,0xf4,0xc8,0x99,0x6f,0xb9,0x24, + 0x27,0xae,0x41,0xe4,0x64,0x9b,0x93,0x4c,0xa4,0x95,0x99,0x1b,0x78,0x52,0xb8,0x55 }, + { 0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea,0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23, + 0xb0,0x03,0x61,0xa3,0x96,0x17,0x7a,0x9c,0xb4,0x10,0xff,0x61,0xf2,0x00,0x15,0xad }, + { 0x24,0x8d,0x6a,0x61,0xd2,0x06,0x38,0xb8,0xe5,0xc0,0x26,0x93,0x0c,0x3e,0x60,0x39, + 0xa3,0x3c,0xe4,0x59,0x64,0xff,0x21,0x67,0xf6,0xec,0xed,0xd4,0x19,0xdb,0x06,0xc1 }, + }; + +static const unsigned char ret512[][SHA512_DIGEST_LENGTH]= + { + { 0xcf,0x83,0xe1,0x35,0x7e,0xef,0xb8,0xbd,0xf1,0x54,0x28,0x50,0xd6,0x6d,0x80,0x07, + 0xd6,0x20,0xe4,0x05,0x0b,0x57,0x15,0xdc,0x83,0xf4,0xa9,0x21,0xd3,0x6c,0xe9,0xce, + 0x47,0xd0,0xd1,0x3c,0x5d,0x85,0xf2,0xb0,0xff,0x83,0x18,0xd2,0x87,0x7e,0xec,0x2f, + 0x63,0xb9,0x31,0xbd,0x47,0x41,0x7a,0x81,0xa5,0x38,0x32,0x7a,0xf9,0x27,0xda,0x3e }, + { 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, + 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, + 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, + 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f }, + { 0x20,0x4a,0x8f,0xc6,0xdd,0xa8,0x2f,0x0a,0x0c,0xed,0x7b,0xeb,0x8e,0x08,0xa4,0x16, + 0x57,0xc1,0x6e,0xf4,0x68,0xb2,0x28,0xa8,0x27,0x9b,0xe3,0x31,0xa7,0x03,0xc3,0x35, + 0x96,0xfd,0x15,0xc1,0x3b,0x1b,0x07,0xf9,0xaa,0x1d,0x3b,0xea,0x57,0x78,0x9c,0xa0, + 0x31,0xad,0x85,0xc7,0xa7,0x1d,0xd7,0x03,0x54,0xec,0x63,0x12,0x38,0xca,0x34,0x45 }, + }; + + void FIPS_corrupt_sha1() { test[2][0]++; } int FIPS_selftest_sha1() { int n; for(n=0 ; n<sizeof(test)/sizeof(test[0]) ; ++n) { unsigned char md[SHA_DIGEST_LENGTH]; EVP_Digest(test[n],strlen(test[n]),md, NULL, EVP_sha1(), NULL); if(memcmp(md,ret[n],sizeof md)) { FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED); return 0; } } return 1; } +void FIPS_corrupt_sha256() + { + test256[2][0]++; + } + +int FIPS_selftest_sha256() + { + int n; + + for(n=0 ; n<sizeof(test256)/sizeof(test256[0]) ; ++n) + { + unsigned char md[SHA256_DIGEST_LENGTH]; + + EVP_Digest(test256[n],strlen(test256[n]),md, NULL, EVP_sha256(), NULL); + if(memcmp(md,ret256[n],sizeof md)) + { + FIPSerr(FIPS_F_FIPS_SELFTEST_SHA256,FIPS_R_SELFTEST_FAILED); + return 0; + } + } + return 1; + } + + +void FIPS_corrupt_sha512() + { + test512[2][0]++; + } + +int FIPS_selftest_sha512() + { + int n; + + for(n=0 ; n<sizeof(test512)/sizeof(test512[0]) ; ++n) + { + unsigned char md[SHA512_DIGEST_LENGTH]; + + EVP_Digest(test512[n],strlen(test512[n]),md, NULL, EVP_sha512(), NULL); + if(memcmp(md,ret512[n],sizeof md)) + { + FIPSerr(FIPS_F_FIPS_SELFTEST_SHA512,FIPS_R_SELFTEST_FAILED); + return 0; + } + } + return 1; + } + #endif +
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor