Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
openssl-1_0_0.10508
openssl-fips_add_cavs_tests.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-fips_add_cavs_tests.patch of Package openssl-1_0_0.10508
Index: openssl-1.0.2j/crypto/fips/Makefile =================================================================== --- openssl-1.0.2j.orig/crypto/fips/Makefile 2017-03-16 17:27:29.296989039 +0100 +++ openssl-1.0.2j/crypto/fips/Makefile 2017-03-16 17:32:20.165572290 +0100 @@ -19,7 +19,20 @@ APPS= PROGRAM= fips_standalone_hmac EXE= $(PROGRAM)$(EXE_EXT) +CAVS_PROGRAMS= fips_aesavs fips_cmactest fips_desmovs fips_dhvs fips_drbgvs \ +fips_ecdhvs fips_ecdsavs fips_rngvs fips_rsagtest fips_rsastest \ +fips_rsavtest fips_shatest fips_gcmtest fips_dssvs fips_tlsvs fips_hmactest + +CAVS_SRC= fips_aesavs.c fips_cmactest.c fips_desmovs.c fips_dhvs.c fips_drbgvs.c fips_dssvs.c \ +fips_ecdhvs.c fips_ecdsavs.c fips_gcmtest.c fips_rngvs.c fips_rsagtest.c fips_rsastest.c \ +fips_rsavtest.c fips_shatest.c fips_tlsvs.c fips_hmactest.c + +CAVS_OBJ= fips_aesavs.o fips_cmactest.o fips_desmovs.o fips_dhvs.o fips_drbgvs.o \ +fips_ecdhvs.o fips_ecdsavs.o fips_gcmtest.o fips_rngvs.o fips_rsagtest.o fips_rsastest.o \ +fips_rsavtest.o fips_shatest.o fips_dssvs.o fips_tlsvs.o fips_hmactest.o + LIB=$(TOP)/libcrypto.a +SSLLIB=$(TOP)/libssl.a LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c \ fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ @@ -34,19 +47,21 @@ LIBOBJ=fips_aes_selftest.o fips_des_self fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o \ fips_dh_selftest.o -LIBCRYPTO=-L.. -lcrypto +SRC= $(LIBSRC) fips_standalone_hmac.c fips_err.c $(CAVS_SRC) -SRC= $(LIBSRC) fips_standalone_hmac.c EXHEADER= fips.h fips_rand.h HEADER= $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) +$(SSLLIB): + (cd ../..; $(MAKE) DIRS=ssl all) + top: (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) -all: lib exe +all: lib exe $(CAVS_PROGRAMS) lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) @@ -95,7 +110,8 @@ $(EXE): $(PROGRAM).o for i in $(CPUID_OBJ); do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../$$i" ; done; \ $(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM -# DO NOT DELETE THIS LINE -- make depend depends on it. +$(CAVS_PROGRAMS): $(CAVS_OBJ) fips_ecdsa_lib.o fips_rsa_lib.o fips_dsa_lib.o fips_dsa_sign.o fips_err.o $(SSLLIB) $(LIB) + $(CC) -o $@ $(CFLAGS) $@.o fips_rsa_lib.o fips_ecdsa_lib.o fips_dsa_lib.o fips_dsa_sign.o fips_err.o $(SSLLIB) $(LIB) -ldl -lz fips.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h fips.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h @@ -280,6 +296,26 @@ fips_ecdsa_selftest.o: ../../include/ope fips_ecdsa_selftest.o: ../../include/openssl/safestack.h fips_ecdsa_selftest.o: ../../include/openssl/stack.h fips_ecdsa_selftest.o: ../../include/openssl/symhacks.h fips_ecdsa_selftest.c +fips_dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +fips_dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h +fips_dsa_lib.o: ../../include/openssl/opensslconf.h +fips_dsa_lib.o: ../../include/openssl/opensslv.h +fips_dsa_lib.o: ../../include/openssl/ossl_typ.h +fips_dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_dsa_lib.o: ../../include/openssl/symhacks.h fips_dsa_lib.c +fips_dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +fips_dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +fips_dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +fips_dsa_sign.o: ../../include/openssl/objects.h +fips_dsa_sign.o: ../../include/openssl/opensslconf.h +fips_dsa_sign.o: ../../include/openssl/opensslv.h +fips_dsa_sign.o: ../../include/openssl/ossl_typ.h +fips_dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +fips_dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_dsa_sign.o: fips_dsa_sign.c fips_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h fips_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h fips_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h @@ -405,3 +441,450 @@ fips_sha_selftest.o: ../../include/opens fips_sha_selftest.o: ../../include/openssl/safestack.h fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c +fips_aesavs.o: ../../e_os.h ../../include/openssl/aes.h +fips_aesavs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_aesavs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +fips_aesavs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_aesavs.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_aesavs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h +fips_aesavs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +fips_aesavs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +fips_aesavs.o: ../../include/openssl/opensslconf.h +fips_aesavs.o: ../../include/openssl/opensslv.h +fips_aesavs.o: ../../include/openssl/ossl_typ.h +fips_aesavs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_aesavs.o: ../../include/openssl/symhacks.h fips_utl.h fips_aesavs.c +fips_gcmtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_gcmtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_gcmtest.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +fips_gcmtest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_gcmtest.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_gcmtest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h +fips_gcmtest.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +fips_gcmtest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +fips_gcmtest.o: ../../include/openssl/opensslconf.h +fips_gcmtest.o: ../../include/openssl/opensslv.h +fips_gcmtest.o: ../../include/openssl/ossl_typ.h +fips_gcmtest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_gcmtest.o: ../../include/openssl/symhacks.h fips_utl.h fips_gcmtest.c +fips_cmactest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_cmactest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_cmactest.o: ../../include/openssl/cmac.h ../../include/openssl/crypto.h +fips_cmactest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_cmactest.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_cmactest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h +fips_cmactest.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +fips_cmactest.o: ../../include/openssl/obj_mac.h +fips_cmactest.o: ../../include/openssl/objects.h +fips_cmactest.o: ../../include/openssl/opensslconf.h +fips_cmactest.o: ../../include/openssl/opensslv.h +fips_cmactest.o: ../../include/openssl/ossl_typ.h +fips_cmactest.o: ../../include/openssl/safestack.h +fips_cmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_cmactest.o: fips_utl.h fips_cmactest.c +fips_hmactest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_hmactest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_hmactest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_hmactest.o: ../../include/openssl/ec.h ../../include/openssl/err.h +fips_hmactest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_hmactest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h +fips_hmactest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +fips_hmactest.o: ../../include/openssl/objects.h +fips_hmactest.o: ../../include/openssl/opensslconf.h +fips_hmactest.o: ../../include/openssl/opensslv.h +fips_hmactest.o: ../../include/openssl/ossl_typ.h +fips_hmactest.o: ../../include/openssl/safestack.h +fips_hmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_hmactest.o: fips_utl.h fips_hmactest.c +fips_desmovs.o: ../../e_os.h ../../include/openssl/aes.h +fips_desmovs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_desmovs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +fips_desmovs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +fips_desmovs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_desmovs.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_desmovs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h +fips_desmovs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +fips_desmovs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +fips_desmovs.o: ../../include/openssl/opensslconf.h +fips_desmovs.o: ../../include/openssl/opensslv.h +fips_desmovs.o: ../../include/openssl/ossl_typ.h +fips_desmovs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_desmovs.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +fips_desmovs.o: ../../include/openssl/ui_compat.h fips_utl.h fips_desmovs.c +fips_dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +fips_dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h +fips_dh_lib.o: ../../include/openssl/opensslconf.h +fips_dh_lib.o: ../../include/openssl/opensslv.h +fips_dh_lib.o: ../../include/openssl/ossl_typ.h +fips_dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_dh_lib.o: ../../include/openssl/symhacks.h fips_dh_lib.c +fips_dhvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_dhvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_dhvs.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +fips_dhvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_dhvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_dhvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h +fips_dhvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +fips_dhvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +fips_dhvs.o: ../../include/openssl/opensslconf.h +fips_dhvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +fips_dhvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_dhvs.o: ../../include/openssl/symhacks.h fips_utl.h fips_dhvs.c +fips_dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +fips_dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h +fips_dsa_lib.o: ../../include/openssl/opensslconf.h +fips_dsa_lib.o: ../../include/openssl/opensslv.h +fips_dsa_lib.o: ../../include/openssl/ossl_typ.h +fips_dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_dsa_lib.o: ../../include/openssl/symhacks.h fips_dsa_lib.c +fips_dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +fips_dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +fips_dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +fips_dsa_sign.o: ../../include/openssl/objects.h +fips_dsa_sign.o: ../../include/openssl/opensslconf.h +fips_dsa_sign.o: ../../include/openssl/opensslv.h +fips_dsa_sign.o: ../../include/openssl/ossl_typ.h +fips_dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +fips_dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_dsa_sign.o: fips_dsa_sign.c +fips_dsatest.o: ../../e_os.h ../../include/openssl/aes.h +fips_dsatest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_dsatest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +fips_dsatest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +fips_dsatest.o: ../../include/openssl/ec.h ../../include/openssl/err.h +fips_dsatest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_dsatest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h +fips_dsatest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +fips_dsatest.o: ../../include/openssl/objects.h +fips_dsatest.o: ../../include/openssl/opensslconf.h +fips_dsatest.o: ../../include/openssl/opensslv.h +fips_dsatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +fips_dsatest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_dsatest.o: ../../include/openssl/symhacks.h fips_utl.h fips_dsatest.c +fips_dssvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_dssvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_dssvs.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +fips_dssvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_dssvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_dssvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h +fips_dssvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +fips_dssvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +fips_dssvs.o: ../../include/openssl/opensslconf.h +fips_dssvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +fips_dssvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_dssvs.o: ../../include/openssl/symhacks.h fips_utl.h fips_dssvs.c +fips_ecdhvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_ecdhvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_ecdhvs.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_ecdhvs.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +fips_ecdhvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_ecdhvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h +fips_ecdhvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +fips_ecdhvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +fips_ecdhvs.o: ../../include/openssl/opensslconf.h +fips_ecdhvs.o: ../../include/openssl/opensslv.h +fips_ecdhvs.o: ../../include/openssl/ossl_typ.h +fips_ecdhvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_ecdhvs.o: ../../include/openssl/symhacks.h fips_utl.h fips_ecdhvs.c +fips_ecdsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_ecdsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +fips_ecdsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_ecdsa_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/fips.h +fips_ecdsa_lib.o: ../../include/openssl/opensslconf.h +fips_ecdsa_lib.o: ../../include/openssl/opensslv.h +fips_ecdsa_lib.o: ../../include/openssl/ossl_typ.h +fips_ecdsa_lib.o: ../../include/openssl/safestack.h +fips_ecdsa_lib.o: ../../include/openssl/stack.h +fips_ecdsa_lib.o: ../../include/openssl/symhacks.h fips_ecdsa_lib.c +fips_ecdsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_ecdsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +fips_ecdsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_ecdsa_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +fips_ecdsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +fips_ecdsa_sign.o: ../../include/openssl/obj_mac.h +fips_ecdsa_sign.o: ../../include/openssl/objects.h +fips_ecdsa_sign.o: ../../include/openssl/opensslconf.h +fips_ecdsa_sign.o: ../../include/openssl/opensslv.h +fips_ecdsa_sign.o: ../../include/openssl/ossl_typ.h +fips_ecdsa_sign.o: ../../include/openssl/safestack.h +fips_ecdsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +fips_ecdsa_sign.o: ../../include/openssl/symhacks.h fips_ecdsa_sign.c +fips_ecdsavs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_ecdsavs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_ecdsavs.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_ecdsavs.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h +fips_ecdsavs.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_ecdsavs.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h +fips_ecdsavs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +fips_ecdsavs.o: ../../include/openssl/objects.h +fips_ecdsavs.o: ../../include/openssl/opensslconf.h +fips_ecdsavs.o: ../../include/openssl/opensslv.h +fips_ecdsavs.o: ../../include/openssl/ossl_typ.h +fips_ecdsavs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_ecdsavs.o: ../../include/openssl/symhacks.h fips_utl.h fips_ecdsavs.c +fips_hmactest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_hmactest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_hmactest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_hmactest.o: ../../include/openssl/ec.h ../../include/openssl/err.h +fips_hmactest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_hmactest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h +fips_hmactest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +fips_hmactest.o: ../../include/openssl/objects.h +fips_hmactest.o: ../../include/openssl/opensslconf.h +fips_hmactest.o: ../../include/openssl/opensslv.h +fips_hmactest.o: ../../include/openssl/ossl_typ.h +fips_hmactest.o: ../../include/openssl/safestack.h +fips_hmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_hmactest.o: fips_utl.h fips_hmactest.c +fips_drbg_ctr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_drbg_ctr.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +fips_drbg_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_drbg_ctr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_drbg_ctr.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h +fips_drbg_ctr.o: ../../include/openssl/obj_mac.h +fips_drbg_ctr.o: ../../include/openssl/objects.h +fips_drbg_ctr.o: ../../include/openssl/opensslconf.h +fips_drbg_ctr.o: ../../include/openssl/opensslv.h +fips_drbg_ctr.o: ../../include/openssl/ossl_typ.h +fips_drbg_ctr.o: ../../include/openssl/safestack.h +fips_drbg_ctr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_drbg_ctr.o: fips_drbg_ctr.c fips_rand_lcl.h +fips_drbg_ec.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_drbg_ec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_drbg_ec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_drbg_ec.o: ../../include/openssl/ec.h ../../include/openssl/evp.h +fips_drbg_ec.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h +fips_drbg_ec.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h +fips_drbg_ec.o: ../../include/openssl/objects.h +fips_drbg_ec.o: ../../include/openssl/opensslconf.h +fips_drbg_ec.o: ../../include/openssl/opensslv.h +fips_drbg_ec.o: ../../include/openssl/ossl_typ.h +fips_drbg_ec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_drbg_ec.o: ../../include/openssl/symhacks.h fips_drbg_ec.c fips_rand_lcl.h +fips_drbg_hash.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_drbg_hash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +fips_drbg_hash.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_drbg_hash.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_drbg_hash.o: ../../include/openssl/fips_rand.h +fips_drbg_hash.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h +fips_drbg_hash.o: ../../include/openssl/objects.h +fips_drbg_hash.o: ../../include/openssl/opensslconf.h +fips_drbg_hash.o: ../../include/openssl/opensslv.h +fips_drbg_hash.o: ../../include/openssl/ossl_typ.h +fips_drbg_hash.o: ../../include/openssl/safestack.h +fips_drbg_hash.o: ../../include/openssl/stack.h +fips_drbg_hash.o: ../../include/openssl/symhacks.h fips_drbg_hash.c +fips_drbg_hash.o: fips_rand_lcl.h +fips_drbg_hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_drbg_hmac.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +fips_drbg_hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_drbg_hmac.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_drbg_hmac.o: ../../include/openssl/fips_rand.h +fips_drbg_hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h +fips_drbg_hmac.o: ../../include/openssl/objects.h +fips_drbg_hmac.o: ../../include/openssl/opensslconf.h +fips_drbg_hmac.o: ../../include/openssl/opensslv.h +fips_drbg_hmac.o: ../../include/openssl/ossl_typ.h +fips_drbg_hmac.o: ../../include/openssl/safestack.h +fips_drbg_hmac.o: ../../include/openssl/stack.h +fips_drbg_hmac.o: ../../include/openssl/symhacks.h fips_drbg_hmac.c +fips_drbg_hmac.o: fips_rand_lcl.h +fips_drbg_lib.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_drbg_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +fips_drbg_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_drbg_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_drbg_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h +fips_drbg_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +fips_drbg_lib.o: ../../include/openssl/objects.h +fips_drbg_lib.o: ../../include/openssl/opensslconf.h +fips_drbg_lib.o: ../../include/openssl/opensslv.h +fips_drbg_lib.o: ../../include/openssl/ossl_typ.h +fips_drbg_lib.o: ../../include/openssl/safestack.h +fips_drbg_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_drbg_lib.o: fips_drbg_lib.c fips_rand_lcl.h +fips_drbg_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_drbg_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +fips_drbg_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_drbg_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_drbg_rand.o: ../../include/openssl/fips_rand.h +fips_drbg_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +fips_drbg_rand.o: ../../include/openssl/obj_mac.h +fips_drbg_rand.o: ../../include/openssl/objects.h +fips_drbg_rand.o: ../../include/openssl/opensslconf.h +fips_drbg_rand.o: ../../include/openssl/opensslv.h +fips_drbg_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +fips_drbg_rand.o: ../../include/openssl/safestack.h +fips_drbg_rand.o: ../../include/openssl/stack.h +fips_drbg_rand.o: ../../include/openssl/symhacks.h fips_drbg_rand.c +fips_drbg_rand.o: fips_rand_lcl.h +fips_drbgvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_drbgvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_drbgvs.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +fips_drbgvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_drbgvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_drbgvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h +fips_drbgvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +fips_drbgvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +fips_drbgvs.o: ../../include/openssl/opensslconf.h +fips_drbgvs.o: ../../include/openssl/opensslv.h +fips_drbgvs.o: ../../include/openssl/ossl_typ.h +fips_drbgvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_drbgvs.o: ../../include/openssl/symhacks.h fips_utl.h fips_drbgvs.c +fips_rand_lib.o: ../../e_os.h ../../include/openssl/aes.h +fips_rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/err.h +fips_rand_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_rand_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h +fips_rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +fips_rand_lib.o: ../../include/openssl/objects.h +fips_rand_lib.o: ../../include/openssl/opensslconf.h +fips_rand_lib.o: ../../include/openssl/opensslv.h +fips_rand_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +fips_rand_lib.o: ../../include/openssl/safestack.h +fips_rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_rand_lib.o: fips_rand_lib.c +fips_randtest.o: ../../e_os.h ../../include/openssl/aes.h +fips_randtest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_randtest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +fips_randtest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_randtest.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_randtest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h +fips_randtest.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +fips_randtest.o: ../../include/openssl/obj_mac.h +fips_randtest.o: ../../include/openssl/objects.h +fips_randtest.o: ../../include/openssl/opensslconf.h +fips_randtest.o: ../../include/openssl/opensslv.h +fips_randtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +fips_randtest.o: ../../include/openssl/safestack.h +fips_randtest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_randtest.o: fips_utl.h fips_randtest.c +fips_rngvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_rngvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_rngvs.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +fips_rngvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_rngvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_rngvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h +fips_rngvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +fips_rngvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +fips_rngvs.o: ../../include/openssl/opensslconf.h +fips_rngvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +fips_rngvs.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +fips_rngvs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_rngvs.o: fips_utl.h fips_rngvs.c +fips_rsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_rsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +fips_rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +fips_rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +fips_rsa_lib.o: ../../include/openssl/objects.h +fips_rsa_lib.o: ../../include/openssl/opensslconf.h +fips_rsa_lib.o: ../../include/openssl/opensslv.h +fips_rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h +fips_rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_rsa_lib.o: ../../include/openssl/symhacks.h fips_rsa_lib.c +fips_rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_rsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +fips_rsa_sign.o: ../../include/openssl/obj_mac.h +fips_rsa_sign.o: ../../include/openssl/objects.h +fips_rsa_sign.o: ../../include/openssl/opensslconf.h +fips_rsa_sign.o: ../../include/openssl/opensslv.h +fips_rsa_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h +fips_rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +fips_rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_rsa_sign.o: fips_rsa_sign.c +fips_rsagtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_rsagtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_rsagtest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_rsagtest.o: ../../include/openssl/ec.h ../../include/openssl/err.h +fips_rsagtest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_rsagtest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h +fips_rsagtest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +fips_rsagtest.o: ../../include/openssl/objects.h +fips_rsagtest.o: ../../include/openssl/opensslconf.h +fips_rsagtest.o: ../../include/openssl/opensslv.h +fips_rsagtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h +fips_rsagtest.o: ../../include/openssl/safestack.h +fips_rsagtest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_rsagtest.o: fips_utl.h fips_rsagtest.c +fips_rsastest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_rsastest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_rsastest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_rsastest.o: ../../include/openssl/ec.h ../../include/openssl/err.h +fips_rsastest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_rsastest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h +fips_rsastest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +fips_rsastest.o: ../../include/openssl/objects.h +fips_rsastest.o: ../../include/openssl/opensslconf.h +fips_rsastest.o: ../../include/openssl/opensslv.h +fips_rsastest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h +fips_rsastest.o: ../../include/openssl/safestack.h +fips_rsastest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_rsastest.o: fips_utl.h fips_rsastest.c +fips_rsavtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_rsavtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_rsavtest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_rsavtest.o: ../../include/openssl/ec.h ../../include/openssl/err.h +fips_rsavtest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_rsavtest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h +fips_rsavtest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +fips_rsavtest.o: ../../include/openssl/objects.h +fips_rsavtest.o: ../../include/openssl/opensslconf.h +fips_rsavtest.o: ../../include/openssl/opensslv.h +fips_rsavtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h +fips_rsavtest.o: ../../include/openssl/safestack.h +fips_rsavtest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_rsavtest.o: fips_utl.h fips_rsavtest.c +fips_shatest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_shatest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_shatest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_shatest.o: ../../include/openssl/ec.h ../../include/openssl/err.h +fips_shatest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_shatest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h +fips_shatest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +fips_shatest.o: ../../include/openssl/objects.h +fips_shatest.o: ../../include/openssl/opensslconf.h +fips_shatest.o: ../../include/openssl/opensslv.h +fips_shatest.o: ../../include/openssl/ossl_typ.h +fips_shatest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_shatest.o: ../../include/openssl/symhacks.h fips_utl.h fips_shatest.c +fips_standalone_sha1.o: ../../include/openssl/asn1.h +fips_standalone_sha1.o: ../../include/openssl/bio.h +fips_standalone_sha1.o: ../../include/openssl/crypto.h +fips_standalone_sha1.o: ../../include/openssl/e_os2.h +fips_standalone_sha1.o: ../../include/openssl/evp.h +fips_standalone_sha1.o: ../../include/openssl/fips.h +fips_standalone_sha1.o: ../../include/openssl/hmac.h +fips_standalone_sha1.o: ../../include/openssl/obj_mac.h +fips_standalone_sha1.o: ../../include/openssl/objects.h +fips_standalone_sha1.o: ../../include/openssl/opensslconf.h +fips_standalone_sha1.o: ../../include/openssl/opensslv.h +fips_standalone_sha1.o: ../../include/openssl/ossl_typ.h +fips_standalone_sha1.o: ../../include/openssl/safestack.h +fips_standalone_sha1.o: ../../include/openssl/sha.h +fips_standalone_sha1.o: ../../include/openssl/stack.h +fips_standalone_sha1.o: ../../include/openssl/symhacks.h fips_standalone_sha1.c +fips_tlsvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +fips_tlsvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_tlsvs.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_tlsvs.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +fips_tlsvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_tlsvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h +fips_tlsvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +fips_tlsvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +fips_tlsvs.o: ../../include/openssl/opensslconf.h +fips_tlsvs.o: ../../include/openssl/opensslv.h +fips_tlsvs.o: ../../ssl/ssl.h +fips_tlsvs.o: ../../include/openssl/opensslv.h +fips_tlsvs.o: ../../include/openssl/ossl_typ.h +fips_tlsvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_tlsvs.o: ../../include/openssl/symhacks.h fips_utl.h fips_tlsvs.c + +# DO NOT DELETE THIS LINE -- make depend depends on it. + Index: openssl-1.0.2j/crypto/fips/fips_aesavs.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_aesavs.c 2017-03-16 17:50:12.010613586 +0100 @@ -0,0 +1,936 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +/*--------------------------------------------- + NIST AES Algorithm Validation Suite + Test Program + + Donated to OpenSSL by: + V-ONE Corporation + 20250 Century Blvd, Suite 300 + Germantown, MD 20874 + U.S.A. + ----------------------------------------------*/ + +#define OPENSSL_FIPSAPI + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <assert.h> +#include <ctype.h> +#include <openssl/aes.h> +#include <openssl/evp.h> +#include <openssl/bn.h> + +#include <openssl/err.h> +#include "e_os.h" + +#ifndef OPENSSL_FIPS + +int main(int argc, char *argv[]) +{ + printf("No FIPS AES support\n"); + return(0); +} + +#else + +#include <openssl/fips.h> +#include "fips_utl.h" + +#define AES_BLOCK_SIZE 16 + +#define VERBOSE 0 + +/*-----------------------------------------------*/ + +static int AESTest(EVP_CIPHER_CTX *ctx, + char *amode, int akeysz, unsigned char *aKey, + unsigned char *iVec, + int dir, /* 0 = decrypt, 1 = encrypt */ + unsigned char *plaintext, unsigned char *ciphertext, int len) + { + const EVP_CIPHER *cipher = NULL; + + if (fips_strcasecmp(amode, "CBC") == 0) + { + switch (akeysz) + { + case 128: + cipher = EVP_aes_128_cbc(); + break; + + case 192: + cipher = EVP_aes_192_cbc(); + break; + + case 256: + cipher = EVP_aes_256_cbc(); + break; + } + + } + else if (fips_strcasecmp(amode, "ECB") == 0) + { + switch (akeysz) + { + case 128: + cipher = EVP_aes_128_ecb(); + break; + + case 192: + cipher = EVP_aes_192_ecb(); + break; + + case 256: + cipher = EVP_aes_256_ecb(); + break; + } + } + else if (fips_strcasecmp(amode, "CFB128") == 0) + { + switch (akeysz) + { + case 128: + cipher = EVP_aes_128_cfb128(); + break; + + case 192: + cipher = EVP_aes_192_cfb128(); + break; + + case 256: + cipher = EVP_aes_256_cfb128(); + break; + } + + } + else if (fips_strncasecmp(amode, "OFB", 3) == 0) + { + switch (akeysz) + { + case 128: + cipher = EVP_aes_128_ofb(); + break; + + case 192: + cipher = EVP_aes_192_ofb(); + break; + + case 256: + cipher = EVP_aes_256_ofb(); + break; + } + } + else if(!fips_strcasecmp(amode,"CFB1")) + { + switch (akeysz) + { + case 128: + cipher = EVP_aes_128_cfb1(); + break; + + case 192: + cipher = EVP_aes_192_cfb1(); + break; + + case 256: + cipher = EVP_aes_256_cfb1(); + break; + } + } + else if(!fips_strcasecmp(amode,"CFB8")) + { + switch (akeysz) + { + case 128: + cipher = EVP_aes_128_cfb8(); + break; + + case 192: + cipher = EVP_aes_192_cfb8(); + break; + + case 256: + cipher = EVP_aes_256_cfb8(); + break; + } + } + else + { + printf("Unknown mode: %s\n", amode); + return 0; + } + if (!cipher) + { + printf("Invalid key size: %d\n", akeysz); + return 0; + } + if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0) + return 0; + if(!fips_strcasecmp(amode,"CFB1")) + M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS); + if (dir) + FIPS_cipher(ctx, ciphertext, plaintext, len); + else + FIPS_cipher(ctx, plaintext, ciphertext, len); + return 1; + } + +/*-----------------------------------------------*/ +char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"}; +char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"}; +enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128}; +enum XCrypt {XDECRYPT, XENCRYPT}; + +/*=============================*/ +/* Monte Carlo Tests */ +/*-----------------------------*/ + +/*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/ +/*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/ + +#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1) +#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8))) + +static int do_mct(char *amode, + int akeysz, unsigned char *aKey,unsigned char *iVec, + int dir, unsigned char *text, int len, + FILE *rfp) + { + int ret = 0; + unsigned char key[101][32]; + unsigned char iv[101][AES_BLOCK_SIZE]; + unsigned char ptext[1001][32]; + unsigned char ctext[1001][32]; + unsigned char ciphertext[64+4]; + int i, j, n, n1, n2; + int imode = 0, nkeysz = akeysz/8; + EVP_CIPHER_CTX ctx; + FIPS_cipher_ctx_init(&ctx); + + if (len > 32) + { + printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n", + amode, akeysz); + return -1; + } + for (imode = 0; imode < 6; ++imode) + if (strcmp(amode, t_mode[imode]) == 0) + break; + if (imode == 6) + { + printf("Unrecognized mode: %s\n", amode); + return -1; + } + + memcpy(key[0], aKey, nkeysz); + if (iVec) + memcpy(iv[0], iVec, AES_BLOCK_SIZE); + if (dir == XENCRYPT) + memcpy(ptext[0], text, len); + else + memcpy(ctext[0], text, len); + for (i = 0; i < 100; ++i) + { + /* printf("Iteration %d\n", i); */ + if (i > 0) + { + fprintf(rfp,"COUNT = %d" RESP_EOL ,i); + OutputValue("KEY",key[i],nkeysz,rfp,0); + if (imode != ECB) /* ECB */ + OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0); + /* Output Ciphertext | Plaintext */ + OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp, + imode == CFB1); + } + for (j = 0; j < 1000; ++j) + { + switch (imode) + { + case ECB: + if (j == 0) + { /* set up encryption */ + ret = AESTest(&ctx, amode, akeysz, key[i], NULL, + dir, /* 0 = decrypt, 1 = encrypt */ + ptext[j], ctext[j], len); + if (dir == XENCRYPT) + memcpy(ptext[j+1], ctext[j], len); + else + memcpy(ctext[j+1], ptext[j], len); + } + else + { + if (dir == XENCRYPT) + { + FIPS_cipher(&ctx, ctext[j], ptext[j], len); + memcpy(ptext[j+1], ctext[j], len); + } + else + { + FIPS_cipher(&ctx, ptext[j], ctext[j], len); + memcpy(ctext[j+1], ptext[j], len); + } + } + break; + + case CBC: + case OFB: + case CFB128: + if (j == 0) + { + ret = AESTest(&ctx, amode, akeysz, key[i], iv[i], + dir, /* 0 = decrypt, 1 = encrypt */ + ptext[j], ctext[j], len); + if (dir == XENCRYPT) + memcpy(ptext[j+1], iv[i], len); + else + memcpy(ctext[j+1], iv[i], len); + } + else + { + if (dir == XENCRYPT) + { + FIPS_cipher(&ctx, ctext[j], ptext[j], len); + memcpy(ptext[j+1], ctext[j-1], len); + } + else + { + FIPS_cipher(&ctx, ptext[j], ctext[j], len); + memcpy(ctext[j+1], ptext[j-1], len); + } + } + break; + + case CFB8: + if (j == 0) + { + ret = AESTest(&ctx, amode, akeysz, key[i], iv[i], + dir, /* 0 = decrypt, 1 = encrypt */ + ptext[j], ctext[j], len); + } + else + { + if (dir == XENCRYPT) + FIPS_cipher(&ctx, ctext[j], ptext[j], len); + else + FIPS_cipher(&ctx, ptext[j], ctext[j], len); + } + if (dir == XENCRYPT) + { + if (j < 16) + memcpy(ptext[j+1], &iv[i][j], len); + else + memcpy(ptext[j+1], ctext[j-16], len); + } + else + { + if (j < 16) + memcpy(ctext[j+1], &iv[i][j], len); + else + memcpy(ctext[j+1], ptext[j-16], len); + } + break; + + case CFB1: + if(j == 0) + { +#if 0 + /* compensate for wrong endianness of input file */ + if(i == 0) + ptext[0][0]<<=7; +#endif + ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir, + ptext[j], ctext[j], len); + } + else + { + if (dir == XENCRYPT) + FIPS_cipher(&ctx, ctext[j], ptext[j], len); + else + FIPS_cipher(&ctx, ptext[j], ctext[j], len); + + } + if(dir == XENCRYPT) + { + if(j < 128) + sb(ptext[j+1],0,gb(iv[i],j)); + else + sb(ptext[j+1],0,gb(ctext[j-128],0)); + } + else + { + if(j < 128) + sb(ctext[j+1],0,gb(iv[i],j)); + else + sb(ctext[j+1],0,gb(ptext[j-128],0)); + } + break; + } + } + --j; /* reset to last of range */ + /* Output Ciphertext | Plaintext */ + OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp, + imode == CFB1); + fprintf(rfp, RESP_EOL); /* add separator */ + + /* Compute next KEY */ + if (dir == XENCRYPT) + { + if (imode == CFB8) + { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */ + for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2) + ciphertext[n1] = ctext[j-n2][0]; + } + else if(imode == CFB1) + { + for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2) + sb(ciphertext,n1,gb(ctext[j-n2],0)); + } + else + switch (akeysz) + { + case 128: + memcpy(ciphertext, ctext[j], 16); + break; + case 192: + memcpy(ciphertext, ctext[j-1]+8, 8); + memcpy(ciphertext+8, ctext[j], 16); + break; + case 256: + memcpy(ciphertext, ctext[j-1], 16); + memcpy(ciphertext+16, ctext[j], 16); + break; + } + } + else + { + if (imode == CFB8) + { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */ + for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2) + ciphertext[n1] = ptext[j-n2][0]; + } + else if(imode == CFB1) + { + for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2) + sb(ciphertext,n1,gb(ptext[j-n2],0)); + } + else + switch (akeysz) + { + case 128: + memcpy(ciphertext, ptext[j], 16); + break; + case 192: + memcpy(ciphertext, ptext[j-1]+8, 8); + memcpy(ciphertext+8, ptext[j], 16); + break; + case 256: + memcpy(ciphertext, ptext[j-1], 16); + memcpy(ciphertext+16, ptext[j], 16); + break; + } + } + /* Compute next key: Key[i+1] = Key[i] xor ct */ + for (n = 0; n < nkeysz; ++n) + key[i+1][n] = key[i][n] ^ ciphertext[n]; + + /* Compute next IV and text */ + if (dir == XENCRYPT) + { + switch (imode) + { + case ECB: + memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE); + break; + case CBC: + case OFB: + case CFB128: + memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE); + memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE); + break; + case CFB8: + /* IV[i+1] = ct */ + for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2) + iv[i+1][n1] = ctext[j-n2][0]; + ptext[0][0] = ctext[j-16][0]; + break; + case CFB1: + for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2) + sb(iv[i+1],n1,gb(ctext[j-n2],0)); + ptext[0][0]=ctext[j-128][0]&0x80; + break; + } + } + else + { + switch (imode) + { + case ECB: + memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE); + break; + case CBC: + case OFB: + case CFB128: + memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE); + memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE); + break; + case CFB8: + for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2) + iv[i+1][n1] = ptext[j-n2][0]; + ctext[0][0] = ptext[j-16][0]; + break; + case CFB1: + for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2) + sb(iv[i+1],n1,gb(ptext[j-n2],0)); + ctext[0][0]=ptext[j-128][0]&0x80; + break; + } + } + } + FIPS_cipher_ctx_cleanup(&ctx); + return ret; + } + +/*================================================*/ +/*---------------------------- + # Config info for v-one + # AESVS MMT test data for ECB + # State : Encrypt and Decrypt + # Key Length : 256 + # Fri Aug 30 04:07:22 PM + ----------------------------*/ + +static int proc_file(char *rqfile, char *rspfile) + { + char afn[256], rfn[256]; + FILE *afp = NULL, *rfp = NULL; + char ibuf[2048]; + char tbuf[2048]; + int len; + char algo[8] = ""; + char amode[8] = ""; + char atest[8] = ""; + int akeysz = 0; + unsigned char iVec[20], aKey[40]; + int dir = -1, err = 0, step = 0; + unsigned char plaintext[2048]; + unsigned char ciphertext[2048]; + char *rp; + EVP_CIPHER_CTX ctx; + FIPS_cipher_ctx_init(&ctx); + + if (!rqfile || !(*rqfile)) + { + printf("No req file\n"); + return -1; + } + strcpy(afn, rqfile); + + if ((afp = fopen(afn, "r")) == NULL) + { + printf("Cannot open file: %s, %s\n", + afn, strerror(errno)); + return -1; + } + if (!rspfile) + { + strcpy(rfn,afn); + rp=strstr(rfn,"req/"); +#ifdef OPENSSL_SYS_WIN32 + if (!rp) + rp=strstr(rfn,"req\\"); +#endif + assert(rp); + memcpy(rp,"rsp",3); + rp = strstr(rfn, ".req"); + memcpy(rp, ".rsp", 4); + rspfile = rfn; + } + if ((rfp = fopen(rspfile, "w")) == NULL) + { + printf("Cannot open file: %s, %s\n", + rfn, strerror(errno)); + fclose(afp); + afp = NULL; + return -1; + } + while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL) + { + tidy_line(tbuf, ibuf); + /* printf("step=%d ibuf=%s",step,ibuf); */ + switch (step) + { + case 0: /* read preamble */ + if (ibuf[0] == '\n') + { /* end of preamble */ + if ((*algo == '\0') || + (*amode == '\0') || + (akeysz == 0)) + { + printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n", + algo,amode,akeysz); + err = 1; + } + else + { + copy_line(ibuf, rfp); + ++ step; + } + } + else if (ibuf[0] != '#') + { + printf("Invalid preamble item: %s\n", ibuf); + err = 1; + } + else + { /* process preamble */ + char *xp, *pp = ibuf+2; + int n; + if (akeysz) + { + copy_line(ibuf, rfp); + } + else + { + copy_line(ibuf, rfp); + if (strncmp(pp, "AESVS ", 6) == 0) + { + strcpy(algo, "AES"); + /* get test type */ + pp += 6; + xp = strchr(pp, ' '); + n = xp-pp; + strncpy(atest, pp, n); + atest[n] = '\0'; + /* get mode */ + xp = strrchr(pp, ' '); /* get mode" */ + n = strlen(xp+1)-1; + strncpy(amode, xp+1, n); + amode[n] = '\0'; + /* amode[3] = '\0'; */ + if (VERBOSE) + printf("Test = %s, Mode = %s\n", atest, amode); + } + else if (fips_strncasecmp(pp, "Key Length : ", 13) == 0) + { + akeysz = atoi(pp+13); + if (VERBOSE) + printf("Key size = %d\n", akeysz); + } + } + } + break; + + case 1: /* [ENCRYPT] | [DECRYPT] */ + if (ibuf[0] == '[') + { + copy_line(ibuf, rfp); + ++step; + if (fips_strncasecmp(ibuf, "[ENCRYPT]", 9) == 0) + dir = 1; + else if (fips_strncasecmp(ibuf, "[DECRYPT]", 9) == 0) + dir = 0; + else + { + printf("Invalid keyword: %s\n", ibuf); + err = 1; + } + break; + } + else if (dir == -1) + { + err = 1; + printf("Missing ENCRYPT/DECRYPT keyword\n"); + break; + } + else + step = 2; + + case 2: /* KEY = xxxx */ + copy_line(ibuf, rfp); + if(*ibuf == '\n') + break; + if(!fips_strncasecmp(ibuf,"COUNT = ",8)) + break; + + if (fips_strncasecmp(ibuf, "KEY = ", 6) != 0) + { + printf("Missing KEY\n"); + err = 1; + } + else + { + len = hex2bin((char*)ibuf+6, aKey); + if (len < 0) + { + printf("Invalid KEY\n"); + err =1; + break; + } + PrintValue("KEY", aKey, len); + if (strcmp(amode, "ECB") == 0) + { + memset(iVec, 0, sizeof(iVec)); + step = (dir)? 4: 5; /* no ivec for ECB */ + } + else + ++step; + } + break; + + case 3: /* IV = xxxx */ + copy_line(ibuf, rfp); + if (fips_strncasecmp(ibuf, "IV = ", 5) != 0) + { + printf("Missing IV\n"); + err = 1; + } + else + { + len = hex2bin((char*)ibuf+5, iVec); + if (len < 0) + { + printf("Invalid IV\n"); + err =1; + break; + } + PrintValue("IV", iVec, len); + step = (dir)? 4: 5; + } + break; + + case 4: /* PLAINTEXT = xxxx */ + copy_line(ibuf, rfp); + if (fips_strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0) + { + printf("Missing PLAINTEXT\n"); + err = 1; + } + else + { + int nn = strlen(ibuf+12); + if(!strcmp(amode,"CFB1")) + len=bint2bin(ibuf+12,nn-1,plaintext); + else + len=hex2bin(ibuf+12, plaintext); + if (len < 0) + { + printf("Invalid PLAINTEXT: %s", ibuf+12); + err =1; + break; + } + if (len >= (int)sizeof(plaintext)) + { + printf("Buffer overflow\n"); + } + PrintValue("PLAINTEXT", (unsigned char*)plaintext, len); + if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */ + { + if(do_mct(amode, akeysz, aKey, iVec, + dir, (unsigned char*)plaintext, len, + rfp) < 0) + err = 1; + } + else + { + AESTest(&ctx, amode, akeysz, aKey, iVec, + dir, /* 0 = decrypt, 1 = encrypt */ + plaintext, ciphertext, len); + OutputValue("CIPHERTEXT",ciphertext,len,rfp, + !strcmp(amode,"CFB1")); + } + step = 6; + } + break; + + case 5: /* CIPHERTEXT = xxxx */ + copy_line(ibuf, rfp); + if (fips_strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0) + { + printf("Missing KEY\n"); + err = 1; + } + else + { + if(!strcmp(amode,"CFB1")) + len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext); + else + len = hex2bin(ibuf+13,ciphertext); + if (len < 0) + { + printf("Invalid CIPHERTEXT\n"); + err =1; + break; + } + + PrintValue("CIPHERTEXT", ciphertext, len); + if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */ + { + do_mct(amode, akeysz, aKey, iVec, + dir, ciphertext, len, rfp); + } + else + { + AESTest(&ctx, amode, akeysz, aKey, iVec, + dir, /* 0 = decrypt, 1 = encrypt */ + plaintext, ciphertext, len); + OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp, + !strcmp(amode,"CFB1")); + } + step = 6; + } + break; + + case 6: + if (ibuf[0] != '\n') + { + err = 1; + printf("Missing terminator\n"); + } + else if (strcmp(atest, "MCT") != 0) + { /* MCT already added terminating nl */ + copy_line(ibuf, rfp); + } + step = 1; + break; + } + } + if (rfp) + fclose(rfp); + if (afp) + fclose(afp); + FIPS_cipher_ctx_cleanup(&ctx); + return err; + } + +/*-------------------------------------------------- + Processes either a single file or + a set of files whose names are passed in a file. + A single file is specified as: + aes_test -f xxx.req + A set of files is specified as: + aes_test -d xxxxx.xxx + The default is: -d req.txt +--------------------------------------------------*/ +#ifdef FIPS_ALGVS +int fips_aesavs_main(int argc, char **argv) +#else +int main(int argc, char **argv) +#endif + { + char *rqlist = "req.txt", *rspfile = NULL; + FILE *fp = NULL; + char fn[250] = "", rfn[256] = ""; + int d_opt = 1; + fips_algtest_init(); + + if (argc > 1) + { + if (fips_strcasecmp(argv[1], "-d") == 0) + { + d_opt = 1; + } + else if (fips_strcasecmp(argv[1], "-f") == 0) + { + d_opt = 0; + } + else + { + printf("Invalid parameter: %s\n", argv[1]); + return 0; + } + if (argc < 3) + { + printf("Missing parameter\n"); + return 0; + } + if (d_opt) + rqlist = argv[2]; + else + { + strcpy(fn, argv[2]); + rspfile = argv[3]; + } + } + if (d_opt) + { /* list of files (directory) */ + if (!(fp = fopen(rqlist, "r"))) + { + printf("Cannot open req list file\n"); + return -1; + } + while (fgets(fn, sizeof(fn), fp)) + { + strtok(fn, "\r\n"); + strcpy(rfn, fn); + if (VERBOSE) + printf("Processing: %s\n", rfn); + if (proc_file(rfn, rspfile)) + { + printf(">>> Processing failed for: %s <<<\n", rfn); + return 1; + } + } + fclose(fp); + } + else /* single file */ + { + if (VERBOSE) + printf("Processing: %s\n", fn); + if (proc_file(fn, rspfile)) + { + printf(">>> Processing failed for: %s <<<\n", fn); + } + } + return 0; + } + +#endif Index: openssl-1.0.2j/crypto/fips/fips_cmactest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_cmactest.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,522 @@ +/* fips_cmactest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#define OPENSSL_FIPSAPI + +#include <stdio.h> +#include <ctype.h> +#include <string.h> +#include <openssl/bio.h> +#include <openssl/evp.h> +#include <openssl/cmac.h> +#include <openssl/err.h> +#include <openssl/bn.h> + +#ifndef OPENSSL_FIPS + +int main(int argc, char *argv[]) +{ + printf("No FIPS CMAC support\n"); + return(0); +} + +#else + +#include <openssl/fips.h> +#include "fips_utl.h" + +static int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, + int mode, int Klen_counts_keys, int known_keylen); +static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out, + unsigned char *Key, int Klen, + unsigned char *Msg, int Msglen, + int Tlen); +static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out, + unsigned char *Key, int Klen, + unsigned char *Msg, int Msglen, + unsigned char *Mac, int Maclen, + int Tlen); + +#ifdef FIPS_ALGVS +int fips_cmactest_main(int argc, char **argv) +#else +int main(int argc, char **argv) +#endif + { + FILE *in = NULL, *out = NULL; + int mode = 0; /* 0 => Generate, 1 => Verify */ + int Klen_counts_keys = 0; /* 0 => Klen is size of one key + 1 => Klen is amount of keys + */ + int known_keylen = 0; /* Only set when Klen_counts_keys = 1 */ + const EVP_CIPHER *cipher = 0; + int ret = 1; + fips_algtest_init_nofips(); + if(!FIPS_mode_set(1)) { + fprintf(stderr, "Can't set FIPS mode\n"); + exit(1); + } + + + while (argc > 1 && argv[1][0] == '-') + { + switch (argv[1][1]) + { + case 'a': + { + char *p = &argv[1][2]; + if (*p == '\0') + { + if (argc <= 2) + { + fprintf(stderr, "Option %s needs a value\n", argv[1]); + goto end; + } + argv++; + argc--; + p = &argv[1][0]; + } + if (!strcmp(p, "aes128")) + cipher = EVP_aes_128_cbc(); + else if (!strcmp(p, "aes192")) + cipher = EVP_aes_192_cbc(); + else if (!strcmp(p, "aes256")) + cipher = EVP_aes_256_cbc(); + else if (!strcmp(p, "tdea3") || !strcmp(p, "tdes3")) + { + cipher = EVP_des_ede3_cbc(); + Klen_counts_keys = 1; + known_keylen = 8; + } + else + { + fprintf(stderr, "Unknown algorithm %s\n", p); + goto end; + } + } + break; + case 'g': + mode = 0; + break; + case 'v': + mode = 1; + break; + default: + fprintf(stderr, "Unknown option %s\n", argv[1]); + goto end; + } + argv++; + argc--; + } + if (argc == 1) + in = stdin; + else + in = fopen(argv[1], "r"); + + if (argc < 2) + out = stdout; + else + out = fopen(argv[2], "w"); + + if (!in) + { + fprintf(stderr, "FATAL input initialization error\n"); + goto end; + } + + if (!out) + { + fprintf(stderr, "FATAL output initialization error\n"); + goto end; + } + + if (!cmac_test(cipher, out, in, mode, + Klen_counts_keys, known_keylen)) + { + fprintf(stderr, "FATAL cmac file processing error\n"); + goto end; + } + else + ret = 0; + + end: + + if (in && (in != stdin)) + fclose(in); + if (out && (out != stdout)) + fclose(out); + + return ret; + + } + +#define CMAC_TEST_MAXLINELEN 150000 + +int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, + int mode, int Klen_counts_keys, int known_keylen) + { + char *linebuf, *olinebuf, *p, *q; + char *keyword, *value; + unsigned char **Keys = NULL, *Msg = NULL, *Mac = NULL; + unsigned char *Key = NULL; + int Count, Klen, Mlen, Tlen; + long Keylen, Msglen, Maclen; + int ret = 0; + int lnum = 0; + + olinebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN); + linebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN); + + if (!linebuf || !olinebuf) + goto error; + + Count = -1; + Klen = -1; + Mlen = -1; + Tlen = -1; + + while (fgets(olinebuf, CMAC_TEST_MAXLINELEN, in)) + { + lnum++; + strcpy(linebuf, olinebuf); + keyword = linebuf; + /* Skip leading space */ + while (isspace((unsigned char)*keyword)) + keyword++; + + /* Skip comments */ + if (keyword[0] == '#') + { + if (fputs(olinebuf, out) < 0) + goto error; + continue; + } + + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no = or starts with [ (for [L=20] line) just copy */ + if (!p) + { + if (fputs(olinebuf, out) < 0) + goto error; + continue; + } + + q = p - 1; + + /* Remove trailing space */ + while (isspace((unsigned char)*q)) + *q-- = 0; + + *p = 0; + value = p + 1; + + /* Remove leading space from value */ + while (isspace((unsigned char)*value)) + value++; + + /* Remove trailing space from value */ + p = value + strlen(value) - 1; + + while (*p == '\n' || isspace((unsigned char)*p)) + *p-- = 0; + + if (!strcmp(keyword, "Count")) + { + if (Count != -1) + goto parse_error; + Count = atoi(value); + if (Count < 0) + goto parse_error; + } + else if (!strcmp(keyword, "Klen")) + { + if (Klen != -1) + goto parse_error; + Klen = atoi(value); + if (Klen < 0) + goto parse_error; + if (Klen_counts_keys) + { + Keys = OPENSSL_malloc(sizeof(*Keys) * Klen); + memset(Keys, '\0', sizeof(*Keys) * Klen); + } + else + { + Keys = OPENSSL_malloc(sizeof(*Keys)); + memset(Keys, '\0', sizeof(*Keys)); + } + } + else if (!strcmp(keyword, "Mlen")) + { + if (Mlen != -1) + goto parse_error; + Mlen = atoi(value); + if (Mlen < 0) + goto parse_error; + } + else if (!strcmp(keyword, "Tlen")) + { + if (Tlen != -1) + goto parse_error; + Tlen = atoi(value); + if (Tlen < 0) + goto parse_error; + } + else if (!strcmp(keyword, "Key") && !Klen_counts_keys) + { + if (Keys[0]) + goto parse_error; + Keys[0] = hex2bin_m(value, &Keylen); + if (!Keys[0]) + goto parse_error; + } + else if (!strncmp(keyword, "Key", 3) && Klen_counts_keys) + { + int keynum = atoi(keyword + 3); + if (!keynum || keynum > Klen || Keys[keynum-1]) + goto parse_error; + Keys[keynum-1] = hex2bin_m(value, &Keylen); + if (!Keys[keynum-1]) + goto parse_error; + } + else if (!strcmp(keyword, "Msg")) + { + if (Msg) + goto parse_error; + Msg = hex2bin_m(value, &Msglen); + if (!Msg) + goto parse_error; + } + else if (!strcmp(keyword, "Mac")) + { + if (mode == 0) + continue; + if (Mac) + goto parse_error; + Mac = hex2bin_m(value, &Maclen); + if (!Mac) + goto parse_error; + } + else if (!strcmp(keyword, "Result")) + { + if (mode == 1) + continue; + goto parse_error; + } + else + goto parse_error; + + fputs(olinebuf, out); + + if (Keys && Msg && (!mode || Mac) && (Tlen > 0) && (Klen > 0)) + { + if (Klen_counts_keys) + { + int x; + Key = OPENSSL_malloc(Klen * known_keylen); + for (x = 0; x < Klen; x++) + { + memcpy(Key + x * known_keylen, + Keys[x], known_keylen); + OPENSSL_free(Keys[x]); + } + Klen *= known_keylen; + } + else + { + Key = OPENSSL_malloc(Klen); + memcpy(Key, Keys[0], Klen); + OPENSSL_free(Keys[0]); + } + OPENSSL_free(Keys); + + switch(mode) + { + case 0: + if (!print_cmac_gen(cipher, out, + Key, Klen, + Msg, Mlen, + Tlen)) + goto error; + break; + case 1: + if (!print_cmac_ver(cipher, out, + Key, Klen, + Msg, Mlen, + Mac, Maclen, + Tlen)) + goto error; + break; + } + + OPENSSL_free(Key); + Key = NULL; + OPENSSL_free(Msg); + Msg = NULL; + OPENSSL_free(Mac); + Mac = NULL; + Klen = -1; + Mlen = -1; + Tlen = -1; + Count = -1; + } + } + + + ret = 1; + + + error: + + if (olinebuf) + OPENSSL_free(olinebuf); + if (linebuf) + OPENSSL_free(linebuf); + if (Key) + OPENSSL_free(Key); + if (Msg) + OPENSSL_free(Msg); + if (Mac) + OPENSSL_free(Mac); + + return ret; + + parse_error: + + fprintf(stderr, "FATAL parse error processing line %d\n", lnum); + + goto error; + + } + +static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out, + unsigned char *Key, int Klen, + unsigned char *Msg, int Mlen, + int Tlen) + { + int rc, i; + size_t reslen; + unsigned char res[128]; + CMAC_CTX *cmac_ctx = CMAC_CTX_new(); + + CMAC_Init(cmac_ctx, Key, Klen, cipher, 0); + CMAC_Update(cmac_ctx, Msg, Mlen); + if (!CMAC_Final(cmac_ctx, res, &reslen)) + { + fputs("Error calculating CMAC\n", stderr); + rc = 0; + } + else if (Tlen > (int)reslen) + { + fputs("Parameter error, Tlen > CMAC length\n", stderr); + rc = 0; + } + else + { + fputs("Mac = ", out); + for (i = 0; i < Tlen; i++) + fprintf(out, "%02x", res[i]); + fputs(RESP_EOL, out); + rc = 1; + } + CMAC_CTX_free(cmac_ctx); + return rc; + } + +static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out, + unsigned char *Key, int Klen, + unsigned char *Msg, int Mlen, + unsigned char *Mac, int Maclen, + int Tlen) + { + int rc = 1; + size_t reslen; + unsigned char res[128]; + CMAC_CTX *cmac_ctx = CMAC_CTX_new(); + + CMAC_Init(cmac_ctx, Key, Klen, cipher, 0); + CMAC_Update(cmac_ctx, Msg, Mlen); + if (!CMAC_Final(cmac_ctx, res, &reslen)) + { + fputs("Error calculating CMAC\n", stderr); + rc = 0; + } + else if (Tlen > (int)reslen) + { + fputs("Parameter error, Tlen > CMAC length\n", stderr); + rc = 0; + } + else if (Tlen != Maclen) + { + fputs("Parameter error, Tlen != resulting Mac length\n", stderr); + rc = 0; + } + else + { + if (!memcmp(Mac, res, Maclen)) + fputs("Result = P" RESP_EOL, out); + else + fputs("Result = F" RESP_EOL, out); + } + CMAC_CTX_free(cmac_ctx); + return rc; + } + +#endif Index: openssl-1.0.2j/crypto/fips/fips_desmovs.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_desmovs.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,704 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +/*--------------------------------------------- + NIST DES Modes of Operation Validation System + Test Program + + Based on the AES Validation Suite, which was: + Donated to OpenSSL by: + V-ONE Corporation + 20250 Century Blvd, Suite 300 + Germantown, MD 20874 + U.S.A. + ----------------------------------------------*/ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <assert.h> +#include <ctype.h> +#include <openssl/des.h> +#include <openssl/evp.h> +#include <openssl/bn.h> + +#include <openssl/err.h> +#include "e_os.h" + +#ifndef OPENSSL_FIPS + +int main(int argc, char *argv[]) +{ + printf("No FIPS DES support\n"); + return(0); +} + +#else + +#include <openssl/fips.h> +#include "fips_utl.h" + +#define DES_BLOCK_SIZE 8 + +#define VERBOSE 0 + +int DESTest(EVP_CIPHER_CTX *ctx, + char *amode, int akeysz, unsigned char *aKey, + unsigned char *iVec, + int dir, /* 0 = decrypt, 1 = encrypt */ + unsigned char *out, unsigned char *in, int len) + { + const EVP_CIPHER *cipher = NULL; + + if (akeysz != 192) + { + printf("Invalid key size: %d\n", akeysz); + EXIT(1); + } + + if (strcasecmp(amode, "CBC") == 0) + cipher = EVP_des_ede3_cbc(); + else if (strcasecmp(amode, "ECB") == 0) + cipher = EVP_des_ede3_ecb(); + else if (strcasecmp(amode, "CFB64") == 0) + cipher = EVP_des_ede3_cfb64(); + else if (strncasecmp(amode, "OFB", 3) == 0) + cipher = EVP_des_ede3_ofb(); + else if(!strcasecmp(amode,"CFB8")) + cipher = EVP_des_ede3_cfb8(); + else if(!strcasecmp(amode,"CFB1")) + cipher = EVP_des_ede3_cfb1(); + else + { + printf("Unknown mode: %s\n", amode); + EXIT(1); + } + + if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0) + return 0; + if(!strcasecmp(amode,"CFB1")) + M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS); + EVP_Cipher(ctx, out, in, len); + + return 1; + } + +/* +void DebugValue(char *tag, unsigned char *val, int len) + { + char obuf[2048]; + int olen; + olen = bin2hex(val, len, obuf); + printf("%s = %.*s\n", tag, olen, obuf); + } +*/ + +void shiftin(unsigned char *dst,unsigned char *src,int nbits) + { + int n; + + /* move the bytes... */ + memmove(dst,dst+nbits/8,3*8-nbits/8); + /* append new data */ + memcpy(dst+3*8-nbits/8,src,(nbits+7)/8); + /* left shift the bits */ + if(nbits%8) + for(n=0 ; n < 3*8 ; ++n) + dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8)); + } + +/*-----------------------------------------------*/ +char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"}; +char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"}; +enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB64}; +int Sizes[6]={64,64,64,1,8,64}; + +void do_mct(char *amode, + int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec, + int dir, unsigned char *text, int len, + FILE *rfp) + { + int i,imode; + unsigned char nk[4*8]; /* longest key+8 */ + unsigned char text0[8]; + + for (imode=0 ; imode < 6 ; ++imode) + if(!strcmp(amode,t_mode[imode])) + break; + if (imode == 6) + { + printf("Unrecognized mode: %s\n", amode); + EXIT(1); + } + + for(i=0 ; i < 400 ; ++i) + { + int j; + int n; + int kp=akeysz/64; + unsigned char old_iv[8]; + EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX_init(&ctx); + + fprintf(rfp,"\nCOUNT = %d\n",i); + if(kp == 1) + OutputValue("KEY",akey,8,rfp,0); + else + for(n=0 ; n < kp ; ++n) + { + fprintf(rfp,"KEY%d",n+1); + OutputValue("",akey+n*8,8,rfp,0); + } + + if(imode != ECB) + OutputValue("IV",ivec,8,rfp,0); + OutputValue(t_tag[dir^1],text,len,rfp,imode == CFB1); +#if 0 + /* compensate for endianness */ + if(imode == CFB1) + text[0]<<=7; +#endif + memcpy(text0,text,8); + + for(j=0 ; j < 10000 ; ++j) + { + unsigned char old_text[8]; + + memcpy(old_text,text,8); + if(j == 0) + { + memcpy(old_iv,ivec,8); + DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len); + } + else + { + memcpy(old_iv,ctx.iv,8); + EVP_Cipher(&ctx,text,text,len); + } + if(j == 9999) + { + OutputValue(t_tag[dir],text,len,rfp,imode == CFB1); + /* memcpy(ivec,text,8); */ + } + /* DebugValue("iv",ctx.iv,8); */ + /* accumulate material for the next key */ + shiftin(nk,text,Sizes[imode]); + /* DebugValue("nk",nk,24);*/ + if((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64 + || imode == CBC)) || imode == OFB) + memcpy(text,old_iv,8); + + if(!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64)) + { + /* the test specifies using the output of the raw DES operation + which we don't have, so reconstruct it... */ + for(n=0 ; n < 8 ; ++n) + text[n]^=old_text[n]; + } + } + for(n=0 ; n < 8 ; ++n) + akey[n]^=nk[16+n]; + for(n=0 ; n < 8 ; ++n) + akey[8+n]^=nk[8+n]; + for(n=0 ; n < 8 ; ++n) + akey[16+n]^=nk[n]; + if(numkeys < 3) + memcpy(&akey[2*8],akey,8); + if(numkeys < 2) + memcpy(&akey[8],akey,8); + DES_set_odd_parity((DES_cblock *)akey); + DES_set_odd_parity((DES_cblock *)(akey+8)); + DES_set_odd_parity((DES_cblock *)(akey+16)); + memcpy(ivec,ctx.iv,8); + + /* pointless exercise - the final text doesn't depend on the + initial text in OFB mode, so who cares what it is? (Who + designed these tests?) */ + if(imode == OFB) + for(n=0 ; n < 8 ; ++n) + text[n]=text0[n]^old_iv[n]; + } + } + +int proc_file(char *rqfile, char *rspfile) + { + char afn[256], rfn[256]; + FILE *afp = NULL, *rfp = NULL; + char ibuf[2048], tbuf[2048]; + int ilen, len, ret = 0; + char amode[8] = ""; + char atest[100] = ""; + int akeysz=0; + unsigned char iVec[20], aKey[40]; + int dir = -1, err = 0, step = 0; + unsigned char plaintext[2048]; + unsigned char ciphertext[2048]; + char *rp; + EVP_CIPHER_CTX ctx; + int numkeys=1; + EVP_CIPHER_CTX_init(&ctx); + + if (!rqfile || !(*rqfile)) + { + printf("No req file\n"); + return -1; + } + strcpy(afn, rqfile); + + if ((afp = fopen(afn, "r")) == NULL) + { + printf("Cannot open file: %s, %s\n", + afn, strerror(errno)); + return -1; + } + if (!rspfile) + { + strcpy(rfn,afn); + rp=strstr(rfn,"req/"); +#ifdef OPENSSL_SYS_WIN32 + if (!rp) + rp=strstr(rfn,"req\\"); +#endif + assert(rp); + memcpy(rp,"rsp",3); + rp = strstr(rfn, ".req"); + memcpy(rp, ".rsp", 4); + rspfile = rfn; + } + if ((rfp = fopen(rspfile, "w")) == NULL) + { + printf("Cannot open file: %s, %s\n", + rfn, strerror(errno)); + fclose(afp); + afp = NULL; + return -1; + } + while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL) + { + tidy_line(tbuf, ibuf); + ilen = strlen(ibuf); + /* printf("step=%d ibuf=%s",step,ibuf);*/ + if(step == 3 && !strcmp(amode,"ECB")) + { + memset(iVec, 0, sizeof(iVec)); + step = (dir)? 4: 5; /* no ivec for ECB */ + } + switch (step) + { + case 0: /* read preamble */ + if (ibuf[0] == '\n') + { /* end of preamble */ + if (*amode == '\0') + { + printf("Missing Mode\n"); + err = 1; + } + else + { + fputs(ibuf, rfp); + ++ step; + } + } + else if (ibuf[0] != '#') + { + printf("Invalid preamble item: %s\n", ibuf); + err = 1; + } + else + { /* process preamble */ + char *xp, *pp = ibuf+2; + int n; + if(*amode) + { /* insert current time & date */ + time_t rtim = time(0); + fprintf(rfp, "# %s", ctime(&rtim)); + } + else + { + fputs(ibuf, rfp); + if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4) + || !strncmp(pp,"TDES ",5) + || !strncmp(pp,"PERMUTATION ",12) + || !strncmp(pp,"SUBSTITUTION ",13) + || !strncmp(pp,"VARIABLE ",9)) + { + /* get test type */ + if(!strncmp(pp,"DES ",4)) + pp+=4; + else if(!strncmp(pp,"TDES ",5)) + pp+=5; + xp = strchr(pp, ' '); + n = xp-pp; + strncpy(atest, pp, n); + atest[n] = '\0'; + /* get mode */ + xp = strrchr(pp, ' '); /* get mode" */ + n = strlen(xp+1)-1; + strncpy(amode, xp+1, n); + amode[n] = '\0'; + /* amode[3] = '\0'; */ + if (VERBOSE) + printf("Test=%s, Mode=%s\n",atest,amode); + } + } + } + break; + + case 1: /* [ENCRYPT] | [DECRYPT] */ + if(ibuf[0] == '\n') + break; + if (ibuf[0] == '[') + { + fputs(ibuf, rfp); + ++step; + if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0) + dir = 1; + else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0) + dir = 0; + else + { + printf("Invalid keyword: %s\n", ibuf); + err = 1; + } + break; + } + else if (dir == -1) + { + err = 1; + printf("Missing ENCRYPT/DECRYPT keyword\n"); + break; + } + else + step = 2; + + case 2: /* KEY = xxxx */ + if(*ibuf == '\n') + { + fputs(ibuf, rfp); + break; + } + if(!strncasecmp(ibuf,"COUNT = ",8)) + { + fputs(ibuf, rfp); + break; + } + if(!strncasecmp(ibuf,"COUNT=",6)) + { + fputs(ibuf, rfp); + break; + } + if(!strncasecmp(ibuf,"NumKeys = ",10)) + { + numkeys=atoi(ibuf+10); + break; + } + + fputs(ibuf, rfp); + if(!strncasecmp(ibuf,"KEY = ",6)) + { + akeysz=64; + len = hex2bin((char*)ibuf+6, aKey); + if (len < 0) + { + printf("Invalid KEY\n"); + err=1; + break; + } + PrintValue("KEY", aKey, len); + ++step; + } + else if(!strncasecmp(ibuf,"KEYs = ",7)) + { + akeysz=64*3; + len=hex2bin(ibuf+7,aKey); + if(len != 8) + { + printf("Invalid KEY\n"); + err=1; + break; + } + memcpy(aKey+8,aKey,8); + memcpy(aKey+16,aKey,8); + ibuf[4]='\0'; + PrintValue("KEYs",aKey,len); + ++step; + } + else if(!strncasecmp(ibuf,"KEY",3)) + { + int n=ibuf[3]-'1'; + + akeysz=64*3; + len=hex2bin(ibuf+7,aKey+n*8); + if(len != 8) + { + printf("Invalid KEY\n"); + err=1; + break; + } + ibuf[4]='\0'; + PrintValue(ibuf,aKey,len); + if(n == 2) + ++step; + } + else + { + printf("Missing KEY\n"); + err = 1; + } + break; + + case 3: /* IV = xxxx */ + fputs(ibuf, rfp); + if (strncasecmp(ibuf, "IV = ", 5) != 0) + { + printf("Missing IV\n"); + err = 1; + } + else + { + len = hex2bin((char*)ibuf+5, iVec); + if (len < 0) + { + printf("Invalid IV\n"); + err =1; + break; + } + PrintValue("IV", iVec, len); + step = (dir)? 4: 5; + } + break; + + case 4: /* PLAINTEXT = xxxx */ + fputs(ibuf, rfp); + if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0) + { + printf("Missing PLAINTEXT\n"); + err = 1; + } + else + { + int nn = strlen(ibuf+12); + if(!strcmp(amode,"CFB1")) + len=bint2bin(ibuf+12,nn-1,plaintext); + else + len=hex2bin(ibuf+12, plaintext); + if (len < 0) + { + printf("Invalid PLAINTEXT: %s", ibuf+12); + err =1; + break; + } + if (len >= sizeof(plaintext)) + { + printf("Buffer overflow\n"); + } + PrintValue("PLAINTEXT", (unsigned char*)plaintext, len); + if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */ + { + do_mct(amode,akeysz,numkeys,aKey,iVec,dir,plaintext,len,rfp); + } + else + { + assert(dir == 1); + ret = DESTest(&ctx, amode, akeysz, aKey, iVec, + dir, /* 0 = decrypt, 1 = encrypt */ + ciphertext, plaintext, len); + OutputValue("CIPHERTEXT",ciphertext,len,rfp, + !strcmp(amode,"CFB1")); + } + step = 6; + } + break; + + case 5: /* CIPHERTEXT = xxxx */ + fputs(ibuf, rfp); + if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0) + { + printf("Missing KEY\n"); + err = 1; + } + else + { + if(!strcmp(amode,"CFB1")) + len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext); + else + len = hex2bin(ibuf+13,ciphertext); + if (len < 0) + { + printf("Invalid CIPHERTEXT\n"); + err =1; + break; + } + + PrintValue("CIPHERTEXT", ciphertext, len); + if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */ + { + do_mct(amode, akeysz, numkeys, aKey, iVec, + dir, ciphertext, len, rfp); + } + else + { + assert(dir == 0); + ret = DESTest(&ctx, amode, akeysz, aKey, iVec, + dir, /* 0 = decrypt, 1 = encrypt */ + plaintext, ciphertext, len); + OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp, + !strcmp(amode,"CFB1")); + } + step = 6; + } + break; + + case 6: + if (ibuf[0] != '\n') + { + err = 1; + printf("Missing terminator\n"); + } + else if (strcmp(atest, "MCT") != 0) + { /* MCT already added terminating nl */ + fputs(ibuf, rfp); + } + step = 1; + break; + } + } + if (rfp) + fclose(rfp); + if (afp) + fclose(afp); + return err; + } + +/*-------------------------------------------------- + Processes either a single file or + a set of files whose names are passed in a file. + A single file is specified as: + aes_test -f xxx.req + A set of files is specified as: + aes_test -d xxxxx.xxx + The default is: -d req.txt +--------------------------------------------------*/ +int main(int argc, char **argv) + { + char *rqlist = "req.txt", *rspfile = NULL; + FILE *fp = NULL; + char fn[250] = "", rfn[256] = ""; + int f_opt = 0, d_opt = 1; + +#ifdef OPENSSL_FIPS + if(!FIPS_mode_set(1)) + { + do_print_errors(); + EXIT(1); + } +#endif + if (argc > 1) + { + if (strcasecmp(argv[1], "-d") == 0) + { + d_opt = 1; + } + else if (strcasecmp(argv[1], "-f") == 0) + { + f_opt = 1; + d_opt = 0; + } + else + { + printf("Invalid parameter: %s\n", argv[1]); + return 0; + } + if (argc < 3) + { + printf("Missing parameter\n"); + return 0; + } + if (d_opt) + rqlist = argv[2]; + else + { + strcpy(fn, argv[2]); + rspfile = argv[3]; + } + } + if (d_opt) + { /* list of files (directory) */ + if (!(fp = fopen(rqlist, "r"))) + { + printf("Cannot open req list file\n"); + return -1; + } + while (fgets(fn, sizeof(fn), fp)) + { + strtok(fn, "\r\n"); + strcpy(rfn, fn); + printf("Processing: %s\n", rfn); + if (proc_file(rfn, rspfile)) + { + printf(">>> Processing failed for: %s <<<\n", rfn); + EXIT(1); + } + } + fclose(fp); + } + else /* single file */ + { + if (VERBOSE) + printf("Processing: %s\n", fn); + if (proc_file(fn, rspfile)) + { + printf(">>> Processing failed for: %s <<<\n", fn); + } + } + EXIT(0); + return 0; + } + +#endif Index: openssl-1.0.2j/crypto/fips/fips_dhvs.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_dhvs.c 2017-03-17 14:15:25.151327074 +0100 @@ -0,0 +1,338 @@ +/* fips/dh/fips_dhvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + + +#define OPENSSL_FIPSAPI +#include <openssl/opensslconf.h> + +#ifndef OPENSSL_FIPS +#include <stdio.h> + +int main(int argc, char **argv) +{ + printf("No FIPS DH support\n"); + return(0); +} +#else + +#include <openssl/crypto.h> +#include <openssl/bn.h> +#include <openssl/dh.h> +#include <openssl/fips.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <string.h> +#include <ctype.h> + +#include "fips_utl.h" + +/* Minimal FIPS versions of FIPS_dh_new() and FIPS_dh_free(): to + * reduce external dependencies. + */ + +DH *FIPS_dh_new(void) + { + DH *ret; + ret = OPENSSL_malloc(sizeof(DH)); + if (!ret) + return NULL; + memset(ret, 0, sizeof(DH)); + ret->meth = DH_OpenSSL(); + if (ret->meth->init) + ret->meth->init(ret); + return ret; + } + +void FIPS_dh_free(DH *r) + { + if (!r) + return; + if (r->meth->finish) + r->meth->finish(r); + if (r->p != NULL) BN_clear_free(r->p); + if (r->g != NULL) BN_clear_free(r->g); + if (r->q != NULL) BN_clear_free(r->q); + if (r->j != NULL) BN_clear_free(r->j); + if (r->seed) OPENSSL_free(r->seed); + if (r->counter != NULL) BN_clear_free(r->counter); + if (r->pub_key != NULL) BN_clear_free(r->pub_key); + if (r->priv_key != NULL) BN_clear_free(r->priv_key); + OPENSSL_free(r); + } + +static const EVP_MD *parse_md(char *line) + { + char *p; + if (line[0] != '[' || line[1] != 'F') + return NULL; + p = strchr(line, '-'); + if (!p) + return NULL; + line = p + 1; + p = strchr(line, ']'); + if (!p) + return NULL; + *p = 0; + p = line; + while(isspace(*p)) + p++; + if (!strcmp(p, "SHA1")) + return EVP_sha1(); + else if (!strcmp(p, "SHA224")) + return EVP_sha224(); + else if (!strcmp(p, "SHA256")) + return EVP_sha256(); + else if (!strcmp(p, "SHA384")) + return EVP_sha384(); + else if (!strcmp(p, "SHA512")) + return EVP_sha512(); + else + return NULL; + } + +static void output_Zhash(FILE *out, int exout, + DH *dh, BIGNUM *peerkey, const EVP_MD *md, + unsigned char *rhash, size_t rhashlen) + { + unsigned char *Z; + unsigned char chash[EVP_MAX_MD_SIZE]; + int Zlen, hashlen; + if (rhash == NULL) + { + rhashlen = M_EVP_MD_size(md); + if (!DH_generate_key(dh)) + exit (1); + do_bn_print_name(out, "YephemIUT", dh->pub_key); + if (exout) + do_bn_print_name(out, "XephemIUT", dh->priv_key); + } + hashlen = BN_num_bytes(dh->p); + Z = OPENSSL_malloc(hashlen); + if (!Z) + exit(1); + Zlen = DH_compute_key_padded(Z, peerkey, dh); + + if (exout && Zlen >= 0) + OutputValue("Z", Z, Zlen, out, 0); + + if (Zlen > 0) { + FIPS_digest(Z, hashlen, chash, NULL, md); + } else { + /* even in failure, print out IUTHashZZ / HashZZ */ + if (rhash) memcpy(chash, rhash, rhashlen); + } + OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0); + if (rhash) + { + fprintf(out, "Result = %s\n", + (Zlen < 0) ? "F": (memcmp(chash, rhash, rhashlen) ? "F" : "P")); + } + else + { + BN_clear_free(dh->priv_key); + BN_clear_free(dh->pub_key); + dh->priv_key = NULL; + dh->pub_key = NULL; + } + OPENSSL_cleanse(Z, hashlen); + OPENSSL_free(Z); + } + +#ifdef FIPS_ALGVS +int fips_dhvs_main(int argc, char **argv) +#else +int main(int argc, char **argv) +#endif + { + char **args = argv + 1; + int argn = argc - 1; + FILE *in, *out; + char buf[2048], lbuf[2048]; + unsigned char *rhash; + long rhashlen; + DH *dh = NULL; + const EVP_MD *md = NULL; + BIGNUM *peerkey = NULL; + char *keyword = NULL, *value = NULL; + int do_verify = -1, exout = 0; + + fips_algtest_init_nofips(); + if(!FIPS_mode_set(1)) { + fprintf(stderr, "Can't set FIPS mode\n"); + exit(1); + } + + if (argn && !strcmp(*args, "dhver")) + { + do_verify = 1; + args++; + argn--; + } + else if (argn && !strcmp(*args, "dhgen")) + { + do_verify = 0; + args++; + argn--; + } + + if (argn && !strcmp(*args, "-exout")) + { + exout = 1; + args++; + argn--; + } + + if (do_verify == -1) + { + fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]); + exit(1); + } + + if (argn == 2) + { + in = fopen(*args, "r"); + if (!in) + { + fprintf(stderr, "Error opening input file\n"); + exit(1); + } + out = fopen(args[1], "w"); + if (!out) + { + fprintf(stderr, "Error opening output file\n"); + exit(1); + } + } + else if (argn == 0) + { + in = stdin; + out = stdout; + } + else + { + fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]); + exit(1); + } + + dh = FIPS_dh_new(); + + while (fgets(buf, sizeof(buf), in) != NULL) + { + fputs(buf, out); + if (strlen(buf) > 6 && !strncmp(buf, "[F", 2)) + { + md = parse_md(buf); + if (md == NULL) + goto parse_error; + if (dh) + FIPS_dh_free(dh); + dh = FIPS_dh_new(); + continue; + } + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + if (!strcmp(keyword, "P")) + { + if (!do_hex2bn(&dh->p, value)) + goto parse_error; + } + else if (!strcmp(keyword, "Q")) + { + if (!do_hex2bn(&dh->q, value)) + goto parse_error; + } + else if (!strcmp(keyword, "G")) + { + if (!do_hex2bn(&dh->g, value)) + goto parse_error; + } + else if (!strcmp(keyword, "XephemIUT")) + { + if (!do_hex2bn(&dh->priv_key, value)) + goto parse_error; + } + else if (!strcmp(keyword, "YephemIUT")) + { + if (!do_hex2bn(&dh->pub_key, value)) + goto parse_error; + } + else if (!strcmp(keyword, "YephemCAVS")) + { + if (!do_hex2bn(&peerkey, value)) + goto parse_error; + if (do_verify == 0) + output_Zhash(out, exout, dh, peerkey, md, + NULL, 0); + } + else if (!strcmp(keyword, "CAVSHashZZ")) + { + if (!md) + goto parse_error; + rhash = hex2bin_m(value, &rhashlen); + if (!rhash || rhashlen != M_EVP_MD_size(md)) + goto parse_error; + output_Zhash(out, exout, dh, peerkey, md, + rhash, rhashlen); + } + } + if (in && in != stdin) + fclose(in); + if (out && out != stdout) + fclose(out); + return 0; + parse_error: + fprintf(stderr, "Error Parsing request file\n"); + exit(1); + } + +#endif Index: openssl-1.0.2j/crypto/fips/fips_drbgvs.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_drbgvs.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,436 @@ +/* fips/rand/fips_drbgvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + + +#define OPENSSL_FIPSAPI +#include <openssl/opensslconf.h> + +#ifndef OPENSSL_FIPS +#include <stdio.h> + +int main(int argc, char **argv) +{ + printf("No FIPS DRBG support\n"); + return(0); +} +#else + +#include <openssl/bn.h> +#include <openssl/dsa.h> +#include <openssl/fips.h> +#include <openssl/fips_rand.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <string.h> +#include <ctype.h> +#include <errno.h> + +#include "fips_utl.h" + +static int dparse_md(char *str) + { + switch(atoi(str + 5)) + { + case 1: + return NID_sha1; + + case 224: + return NID_sha224; + + case 256: + return NID_sha256; + + case 384: + return NID_sha384; + + case 512: + return NID_sha512; + + } + + return NID_undef; + } + +static int parse_ec(char *str) + { + int curve_nid, md_nid; + char *md; + md = strchr(str, ' '); + if (!md) + return NID_undef; + if (!strncmp(str, "[P-256", 6)) + curve_nid = NID_X9_62_prime256v1; + else if (!strncmp(str, "[P-384", 6)) + curve_nid = NID_secp384r1; + else if (!strncmp(str, "[P-521", 6)) + curve_nid = NID_secp521r1; + else + return NID_undef; + md_nid = dparse_md(md); + if (md_nid == NID_undef) + return NID_undef; + return (curve_nid << 16) | md_nid; + } + +static int parse_aes(char *str, int *pdf) + { + + if (!strncmp(str + 9, "no", 2)) + *pdf = 0; + else + *pdf = DRBG_FLAG_CTR_USE_DF; + + switch(atoi(str + 5)) + { + case 128: + return NID_aes_128_ctr; + + case 192: + return NID_aes_192_ctr; + + case 256: + return NID_aes_256_ctr; + + default: + return NID_undef; + + } + } + +typedef struct + { + unsigned char *ent; + size_t entlen; + unsigned char *nonce; + size_t noncelen; + } TEST_ENT; + +static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout, + int entropy, size_t min_len, size_t max_len) + { + TEST_ENT *t = FIPS_drbg_get_app_data(dctx); + *pout = (unsigned char *)t->ent; + return t->entlen; + } + +static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout, + int entropy, size_t min_len, size_t max_len) + { + TEST_ENT *t = FIPS_drbg_get_app_data(dctx); + *pout = (unsigned char *)t->nonce; + return t->noncelen; + } + +#ifdef FIPS_ALGVS +int fips_drbgvs_main(int argc,char **argv) +#else +int main(int argc,char **argv) +#endif + { + FILE *in = NULL, *out = NULL; + DRBG_CTX *dctx = NULL; + TEST_ENT t; + int r, nid = 0; + int pr = 0; + char buf[2048], lbuf[2048]; + unsigned char randout[2048]; + char *keyword = NULL, *value = NULL; + + unsigned char *ent = NULL, *nonce = NULL, *pers = NULL, *adin = NULL; + long entlen, noncelen, perslen, adinlen; + int df = 0; + + enum dtype { DRBG_NONE, DRBG_CTR, DRBG_HASH, DRBG_HMAC, DRBG_DUAL_EC } + drbg_type = DRBG_NONE; + + int randoutlen = 0; + + int gen = 0; + + fips_algtest_init_nofips(); + if(!FIPS_mode_set(1)) { + fprintf(stderr, "Can't set FIPS mode\n"); + exit(1); + } + + if (argc == 3) + { + in = fopen(argv[1], "r"); + if (!in) + { + fprintf(stderr, "Error opening input file\n"); + exit(1); + } + out = fopen(argv[2], "w"); + if (!out) + { + fprintf(stderr, "Error opening output file\n"); + exit(1); + } + } + else if (argc == 1) + { + in = stdin; + out = stdout; + } + else + { + fprintf(stderr,"%s (infile outfile)\n",argv[0]); + exit(1); + } + + while (fgets(buf, sizeof(buf), in) != NULL) + { + fputs(buf, out); + if (drbg_type == DRBG_NONE) + { + if (strstr(buf, "CTR_DRBG")) + drbg_type = DRBG_CTR; + else if (strstr(buf, "Hash_DRBG")) + drbg_type = DRBG_HASH; + else if (strstr(buf, "HMAC_DRBG")) + drbg_type = DRBG_HMAC; + else if (strstr(buf, "Dual_EC_DRBG")) + drbg_type = DRBG_DUAL_EC; + else + continue; + } + if (strlen(buf) > 4 && !strncmp(buf, "[SHA-", 5)) + { + nid = dparse_md(buf); + if (nid == NID_undef) + exit(1); + if (drbg_type == DRBG_HMAC) + { + switch (nid) + { + case NID_sha1: + nid = NID_hmacWithSHA1; + break; + + case NID_sha224: + nid = NID_hmacWithSHA224; + break; + + case NID_sha256: + nid = NID_hmacWithSHA256; + break; + + case NID_sha384: + nid = NID_hmacWithSHA384; + break; + + case NID_sha512: + nid = NID_hmacWithSHA512; + break; + + default: + exit(1); + } + } + } + if (strlen(buf) > 12 && !strncmp(buf, "[AES-", 5)) + { + nid = parse_aes(buf, &df); + if (nid == NID_undef) + exit(1); + } + if (strlen(buf) > 12 && !strncmp(buf, "[P-", 3)) + { + nid = parse_ec(buf); + if (nid == NID_undef) + exit(1); + } + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + + if (!strcmp(keyword, "[PredictionResistance")) + { + if (!strcmp(value, "True]")) + pr = 1; + else if (!strcmp(value, "False]")) + pr = 0; + else + exit(1); + } + + if (!strcmp(keyword, "[ReturnedBitsLen")) + { + errno = 0; + randoutlen = strtol(value, NULL, 10); + if (errno || randoutlen % 8) + { + fprintf(stderr, "Invalid ReturnedBitsLen!\n"); + exit(1); + } + + /* ReturnedBitsLen is in bits */ + randoutlen /= 8; + } + + if (!strcmp(keyword, "EntropyInput")) + { + ent = hex2bin_m(value, &entlen); + t.ent = ent; + t.entlen = entlen; + } + + if (!strcmp(keyword, "Nonce")) + { + nonce = hex2bin_m(value, &noncelen); + t.nonce = nonce; + t.noncelen = noncelen; + } + + if (!strcmp(keyword, "PersonalizationString")) + { + pers = hex2bin_m(value, &perslen); + if (nid == 0) + { + fprintf(stderr, "DRBG type not recognised!\n"); + exit (1); + } + dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST); + if (!dctx) + exit (1); + FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, + test_nonce, 0); + FIPS_drbg_set_app_data(dctx, &t); + if (!randoutlen) + randoutlen = (int)FIPS_drbg_get_blocklength(dctx); + r = FIPS_drbg_instantiate(dctx, pers, perslen); + if (!r) + { + fprintf(stderr, "Error instantiating DRBG\n"); + exit(1); + } + OPENSSL_free(pers); + OPENSSL_free(ent); + OPENSSL_free(nonce); + ent = nonce = pers = NULL; + gen = 0; + } + + if (!strcmp(keyword, "AdditionalInput")) + { + adin = hex2bin_m(value, &adinlen); + if (pr) + continue; + r = FIPS_drbg_generate(dctx, randout, randoutlen, 0, + adin, adinlen); + if (!r) + { + fprintf(stderr, "Error generating DRBG bits\n"); + exit(1); + } + if (!r) + exit(1); + OPENSSL_free(adin); + adin = NULL; + gen++; + } + + if (pr) + { + if (!strcmp(keyword, "EntropyInputPR")) + { + ent = hex2bin_m(value, &entlen); + t.ent = ent; + t.entlen = entlen; + r = FIPS_drbg_generate(dctx, + randout, randoutlen, + 1, adin, adinlen); + if (!r) + { + fprintf(stderr, + "Error generating DRBG bits\n"); + exit(1); + } + OPENSSL_free(adin); + OPENSSL_free(ent); + adin = ent = NULL; + gen++; + } + } + if (!strcmp(keyword, "EntropyInputReseed")) + { + ent = hex2bin_m(value, &entlen); + t.ent = ent; + t.entlen = entlen; + } + if (!strcmp(keyword, "AdditionalInputReseed")) + { + adin = hex2bin_m(value, &adinlen); + FIPS_drbg_reseed(dctx, adin, adinlen); + OPENSSL_free(ent); + OPENSSL_free(adin); + ent = adin = NULL; + } + if (gen == 2) + { + OutputValue("ReturnedBits", randout, randoutlen, + out, 0); + FIPS_drbg_free(dctx); + dctx = NULL; + gen = 0; + } + + } + if (in && in != stdin) + fclose(in); + if (out && out != stdout) + fclose(out); + return 0; + } + +#endif Index: openssl-1.0.2j/crypto/fips/fips_dsa_lib.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_dsa_lib.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,129 @@ +/* fips_dsa_lib.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2007. + */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#define OPENSSL_FIPSAPI + +#include <string.h> +#include <openssl/dsa.h> +#include <openssl/bn.h> +#include <openssl/fips.h> + +/* Minimal FIPS versions of FIPS_dsa_new() and FIPS_dsa_free: to + * reduce external dependencies. + */ + +DSA *FIPS_dsa_new(void) + { + return DSA_new_method(NULL); +#if 0 + /* this is too minimalistic for the testcase */ + DSA *ret; + ret = OPENSSL_malloc(sizeof(DSA)); + if (!ret) + return NULL; + memset(ret, 0, sizeof(DSA)); + ret->meth = DSA_OpenSSL(); + if (ret->meth->init) + ret->meth->init(ret); + return ret; +#endif + } + +void FIPS_dsa_free(DSA *r) + { + if (!r) + return; + DSA_free(r); +#if 0 + /* this is too minimalistic for the testcase */ + if (r->meth->finish) + r->meth->finish(r); + if (r->p != NULL) BN_clear_free(r->p); + if (r->q != NULL) BN_clear_free(r->q); + if (r->g != NULL) BN_clear_free(r->g); + if (r->pub_key != NULL) BN_clear_free(r->pub_key); + if (r->priv_key != NULL) BN_clear_free(r->priv_key); + if (r->kinv != NULL) BN_clear_free(r->kinv); + if (r->r != NULL) BN_clear_free(r->r); + OPENSSL_free(r); +#endif + } + +DSA_SIG *FIPS_dsa_sig_new(void) + { + DSA_SIG *sig; + sig = OPENSSL_malloc(sizeof(DSA_SIG)); + if (!sig) + return NULL; + sig->r = NULL; + sig->s = NULL; + return sig; + } + +void FIPS_dsa_sig_free(DSA_SIG *sig) + { + if (sig) + { + if (sig->r) + BN_free(sig->r); + if (sig->s) + BN_free(sig->s); + OPENSSL_free(sig); + } + } + Index: openssl-1.0.2j/crypto/fips/fips_dsa_sign.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_dsa_sign.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,141 @@ +/* fips_dsa_sign.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2007. + */ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#define OPENSSL_FIPSAPI + +#include <string.h> +#include <openssl/evp.h> +#include <openssl/dsa.h> +#include <openssl/err.h> +#include <openssl/sha.h> +#include <openssl/bn.h> + +#ifdef OPENSSL_FIPS + +/* FIPS versions of DSA_sign() and DSA_verify(). + * Handle DSA_SIG structures to avoid need to handle ASN1. + */ + +DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx) + { + DSA_SIG *s; + unsigned char dig[EVP_MAX_MD_SIZE]; + unsigned int dlen; + FIPS_digestfinal(ctx, dig, &dlen); + s = dsa->meth->dsa_do_sign(dig,dlen,dsa); + OPENSSL_cleanse(dig, dlen); + return s; + } + +DSA_SIG * FIPS_dsa_sign_digest(DSA *dsa, const unsigned char *dig, int dlen) + { + if (FIPS_selftest_failed()) + { + FIPSerr(FIPS_F_FIPS_DSA_SIGN_DIGEST, FIPS_R_SELFTEST_FAILED); + return NULL; + } + return dsa->meth->dsa_do_sign(dig, dlen, dsa); + } + +int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s) + { + int ret=-1; + unsigned char dig[EVP_MAX_MD_SIZE]; + unsigned int dlen; + FIPS_digestfinal(ctx, dig, &dlen); + ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa); + OPENSSL_cleanse(dig, dlen); + return ret; + } + +int FIPS_dsa_verify_digest(DSA *dsa, + const unsigned char *dig, int dlen, DSA_SIG *s) + { + if (FIPS_selftest_failed()) + { + FIPSerr(FIPS_F_FIPS_DSA_VERIFY_DIGEST, FIPS_R_SELFTEST_FAILED); + return -1; + } + return dsa->meth->dsa_do_verify(dig,dlen,s,dsa); + } + +int FIPS_dsa_verify(DSA *dsa, const unsigned char *msg, size_t msglen, + const EVP_MD *mhash, DSA_SIG *s) + { + int ret=-1; + unsigned char dig[EVP_MAX_MD_SIZE]; + unsigned int dlen; + FIPS_digest(msg, msglen, dig, &dlen, mhash); + ret=FIPS_dsa_verify_digest(dsa, dig, dlen, s); + OPENSSL_cleanse(dig, dlen); + return ret; + } + +DSA_SIG * FIPS_dsa_sign(DSA *dsa, const unsigned char *msg, size_t msglen, + const EVP_MD *mhash) + { + DSA_SIG *s; + unsigned char dig[EVP_MAX_MD_SIZE]; + unsigned int dlen; + FIPS_digest(msg, msglen, dig, &dlen, mhash); + s = FIPS_dsa_sign_digest(dsa, dig, dlen); + OPENSSL_cleanse(dig, dlen); + return s; + } + +#endif Index: openssl-1.0.2j/crypto/fips/fips_dssvs.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_dssvs.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,805 @@ + +#define OPENSSL_FIPSAPI +#include <openssl/opensslconf.h> + +#ifndef OPENSSL_FIPS +#include <stdio.h> + +int main(int argc, char **argv) +{ + printf("No FIPS DSA support\n"); + return(0); +} +#else + +#include <openssl/bn.h> +#include <openssl/dsa.h> +#include <openssl/fips.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <string.h> +#include <ctype.h> + +#include "fips_utl.h" + +static int parse_mod(char *line, int *pdsa2, int *pL, int *pN, + const EVP_MD **pmd) + { + char lbuf[10240]; + char *keyword, *value; + + char *p; + p = strchr(line, ','); + if (!p) + { + *pL = atoi(line); + *pdsa2 = 0; + *pN = 160; + if (pmd) + *pmd = EVP_sha1(); + return 1; + } + *pdsa2 = 1; + *p = 0; + if (!parse_line2(&keyword, &value, lbuf, line, 0)) + return 0; + if (strcmp(keyword, "L")) + return 0; + *pL = atoi(value); + memmove(line, p + 1, strlen(p+1)+1); + if (pmd) + p = strchr(line, ','); + else + p = strchr(line, ']'); + if (!p) + return 0; + *p = 0; + if (!parse_line2(&keyword, &value, lbuf, line, 0)) + return 0; + if (strcmp(keyword, "N")) + return 0; + *pN = atoi(value); + if (!pmd) + return 1; + memmove(line, p + 1, strlen(p+1)+1); + p = strchr(line, ']'); + if (!p) + return 0; + *p = 0; + p = line; + while(isspace(*p)) + p++; + if (!strcmp(p, "SHA-1")) + *pmd = EVP_sha1(); + else if (!strcmp(p, "SHA-224")) + *pmd = EVP_sha224(); + else if (!strcmp(p, "SHA-256")) + *pmd = EVP_sha256(); + else if (!strcmp(p, "SHA-384")) + *pmd = EVP_sha384(); + else if (!strcmp(p, "SHA-512")) + *pmd = EVP_sha512(); + else + return 0; + return 1; + } + +static void primes(FILE *in, FILE *out) + { + char buf[10240]; + char lbuf[10240]; + char *keyword, *value; + + while(fgets(buf,sizeof buf,in) != NULL) + { + fputs(buf,out); + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + if(!strcmp(keyword,"Prime")) + { + BIGNUM *pp; + + pp=BN_new(); + do_hex2bn(&pp,value); + fprintf(out, "result= %c" RESP_EOL, + BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F'); + } + } + } + +int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, + const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, + unsigned char *seed_out, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); +int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, + const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, + int idx, unsigned char *seed_out, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + +int dsa_paramgen_check_g(DSA *dsa); + + +DSA *FIPS_dsa_new(void); +void FIPS_dsa_free(DSA *r); +DSA_SIG *FIPS_dsa_sig_new(void); +void FIPS_dsa_sig_free(DSA_SIG *sig); +int FIPS_dsa_verify(DSA *dsa, const unsigned char *msg, size_t msglen, const EVP_MD *mhash, DSA_SIG *s); +DSA_SIG * FIPS_dsa_sign(DSA *dsa, const unsigned char *msg, size_t msglen, const EVP_MD *mhash); + +static void pqg(FILE *in, FILE *out) + { + char buf[1024]; + char lbuf[1024]; + char *keyword, *value; + int dsa2, L, N; + const EVP_MD *md = NULL; + BIGNUM *p = NULL, *q = NULL; + enum pqtype { PQG_NONE, PQG_PQ, PQG_G, PQG_GCANON} + pqg_type = PQG_NONE; + int seedlen=-1, idxlen, idx = -1; + unsigned char seed[1024], idtmp[1024]; + + while(fgets(buf,sizeof buf,in) != NULL) + { + if (buf[0] == '[') + { + if (strstr(buf, "Probable")) + pqg_type = PQG_PQ; + else if (strstr(buf, "Unverifiable")) + pqg_type = PQG_G; + else if (strstr(buf, "Canonical")) + pqg_type = PQG_GCANON; + } + if (!parse_line(&keyword, &value, lbuf, buf)) + { + fputs(buf,out); + continue; + } + if (strcmp(keyword, "Num")) + fputs(buf,out); + if(!strcmp(keyword,"[mod")) + { + if (!parse_mod(value, &dsa2, &L, &N, &md)) + { + fprintf(stderr, "Mod Parse Error\n"); + exit (1); + } + } + else if(!strcmp(keyword,"N") + || (!strcmp(keyword, "Num") && pqg_type == PQG_PQ)) + { + int n=atoi(value); + + while(n--) + { + DSA *dsa; + int counter; + unsigned long h; + dsa = FIPS_dsa_new(); + + if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md, + NULL, 0, seed, + &counter, &h, NULL)) + { + fprintf(stderr, "Parameter Generation error\n"); + exit(1); + } + if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, + NULL, 0, -1, seed, + &counter, &h, NULL) <= 0) + { + fprintf(stderr, "Parameter Generation error\n"); + exit(1); + } + + do_bn_print_name(out, "P",dsa->p); + do_bn_print_name(out, "Q",dsa->q); + if (!dsa2) + do_bn_print_name(out, "G",dsa->g); + OutputValue(dsa2 ? "domain_parameter_seed" : "Seed", + seed, M_EVP_MD_size(md), out, 0); + if (!dsa2) + { + fprintf(out, "c = %d" RESP_EOL, counter); + fprintf(out, "H = %lx" RESP_EOL RESP_EOL,h); + } + else + { + fprintf(out, "counter = %d" RESP_EOL RESP_EOL, counter); + } + FIPS_dsa_free(dsa); + } + } + else if(!strcmp(keyword,"P")) + p=hex2bn(value); + else if(!strcmp(keyword,"Q")) + q=hex2bn(value); + else if(!strcmp(keyword,"domain_parameter_seed")) + seedlen = hex2bin(value, seed); + else if(!strcmp(keyword,"firstseed")) + seedlen = hex2bin(value, seed); + else if(!strcmp(keyword,"pseed")) + seedlen += hex2bin(value, seed + seedlen); + else if(!strcmp(keyword,"qseed")) + seedlen += hex2bin(value, seed + seedlen); + else if(!strcmp(keyword,"index")) + { + idxlen = hex2bin(value, idtmp); + if (idxlen != 1) + { + fprintf(stderr, "Index value error\n"); + exit (1); + } + idx = idtmp[0]; + } + if ((idx >= 0 && pqg_type == PQG_GCANON) || (q && pqg_type == PQG_G)) + { + DSA *dsa; + dsa = FIPS_dsa_new(); + dsa->p = p; + dsa->q = q; + p = q = NULL; + if (dsa_builtin_paramgen2(dsa, L, N, md, + seed, seedlen, idx, NULL, + NULL, NULL, NULL) <= 0) + { + fprintf(stderr, "Parameter Generation error\n"); + exit(1); + } + do_bn_print_name(out, "G",dsa->g); + FIPS_dsa_free(dsa); + idx = -1; + } + } + } + +static void pqgver(FILE *in, FILE *out) + { + char buf[1024]; + char lbuf[1024]; + char *keyword, *value; + BIGNUM *p = NULL, *q = NULL, *g = NULL; + int counter=-1, counter2; + unsigned long h=0, h2; + DSA *dsa=NULL; + int dsa2, L, N, part_test = 0; + const EVP_MD *md = NULL; + int seedlen=-1, idxlen, idx = -1; + unsigned char seed[1024], idtmp[1024]; + + while(fgets(buf,sizeof buf,in) != NULL) + { + if (!parse_line(&keyword, &value, lbuf, buf)) + { + if (p && q) + { + part_test = 1; + goto partial; + } + fputs(buf,out); + continue; + } + fputs(buf, out); + if(!strcmp(keyword,"[mod")) + { + if (!parse_mod(value, &dsa2, &L, &N, &md)) + { + fprintf(stderr, "Mod Parse Error\n"); + exit (1); + } + } + else if(!strcmp(keyword,"P")) + p=hex2bn(value); + else if(!strcmp(keyword,"Q")) + q=hex2bn(value); + else if(!strcmp(keyword,"G")) + g=hex2bn(value); + else if(!strcmp(keyword,"firstseed")) + seedlen = hex2bin(value, seed); + else if(!strcmp(keyword,"pseed")) + seedlen += hex2bin(value, seed + seedlen); + else if(!strcmp(keyword,"qseed")) + seedlen += hex2bin(value, seed + seedlen); + else if(!strcmp(keyword,"Seed") + || !strcmp(keyword,"domain_parameter_seed")) + { + seedlen = hex2bin(value, seed); + if (!dsa2 && seedlen != 20) + { + fprintf(stderr, "Seed parse length error\n"); + exit (1); + } + if (idx > 0) + part_test = 1; + } + else if(!strcmp(keyword,"index")) + { + idxlen = hex2bin(value, idtmp); + if (idxlen != 1) + { + fprintf(stderr, "Index value error\n"); + exit (1); + } + idx = idtmp[0]; + } + else if(!strcmp(keyword,"c")) + counter = atoi(buf+4); + partial: + if (part_test && idx < 0 && h == 0 && g) + { + dsa = FIPS_dsa_new(); + dsa->p = BN_dup(p); + dsa->q = BN_dup(q); + dsa->g = BN_dup(g); + if (dsa_paramgen_check_g(dsa)) + fprintf(out, "Result = P" RESP_EOL); + else + fprintf(out, "Result = F" RESP_EOL); + BN_free(p); + BN_free(q); + BN_free(g); + p = NULL; + q = NULL; + g = NULL; + FIPS_dsa_free(dsa); + dsa = NULL; + part_test = 0; + } + else if(!strcmp(keyword,"H") || part_test) + { + if (!part_test) + h = atoi(value); + if (!p || !q || (!g && !part_test)) + { + fprintf(stderr, "Parse Error\n"); + exit (1); + } + dsa = FIPS_dsa_new(); + if (idx >= 0) + { + dsa->p = BN_dup(p); + dsa->q = BN_dup(q); + } + no_err = 1; + if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md, + seed, seedlen, NULL, + &counter2, &h2, NULL)) + { + fprintf(stderr, "Parameter Generation error\n"); + exit(1); + } + if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, + seed, seedlen, idx, NULL, + &counter2, &h2, NULL) < 0) + { + fprintf(stderr, "Parameter Generation error\n"); + exit(1); + } + no_err = 0; + if (idx >= 0) + { + if (BN_cmp(dsa->g, g)) + fprintf(out, "Result = F" RESP_EOL); + else + fprintf(out, "Result = P" RESP_EOL); + } + else if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || + (!part_test && + ((BN_cmp(dsa->g, g) || (counter != counter2) || (h != h2))))) + fprintf(out, "Result = F" RESP_EOL); + else + fprintf(out, "Result = P" RESP_EOL); + BN_free(p); + BN_free(q); + BN_free(g); + p = NULL; + q = NULL; + g = NULL; + FIPS_dsa_free(dsa); + dsa = NULL; + if (part_test) + { + if (idx == -1) + fputs(buf,out); + part_test = 0; + } + idx = -1; + } + } + } + +/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2 + * algorithm tests. It is an additional test to perform sanity checks on the + * output of the KeyPair test. + */ + +static int dss_paramcheck(int L, int N, BIGNUM *p, BIGNUM *q, BIGNUM *g, + BN_CTX *ctx) + { + BIGNUM *rem = NULL; + if (BN_num_bits(p) != L) + return 0; + if (BN_num_bits(q) != N) + return 0; + if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1) + return 0; + if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1) + return 0; + rem = BN_new(); + if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem) + || (BN_cmp(g, BN_value_one()) <= 0) + || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem)) + { + BN_free(rem); + return 0; + } + /* Todo: check g */ + BN_free(rem); + return 1; + } + +static void keyver(FILE *in, FILE *out) + { + char buf[1024]; + char lbuf[1024]; + char *keyword, *value; + BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL; + BIGNUM *Y2; + BN_CTX *ctx = NULL; + int dsa2, L, N; + int paramcheck = 0; + + ctx = BN_CTX_new(); + Y2 = BN_new(); + + while(fgets(buf,sizeof buf,in) != NULL) + { + if (!parse_line(&keyword, &value, lbuf, buf)) + { + fputs(buf,out); + continue; + } + if(!strcmp(keyword,"[mod")) + { + if (p) + BN_free(p); + p = NULL; + if (q) + BN_free(q); + q = NULL; + if (g) + BN_free(g); + g = NULL; + paramcheck = 0; + if (!parse_mod(value, &dsa2, &L, &N, NULL)) + { + fprintf(stderr, "Mod Parse Error\n"); + exit (1); + } + } + else if(!strcmp(keyword,"P")) + p=hex2bn(value); + else if(!strcmp(keyword,"Q")) + q=hex2bn(value); + else if(!strcmp(keyword,"G")) + g=hex2bn(value); + else if(!strcmp(keyword,"X")) + X=hex2bn(value); + else if(!strcmp(keyword,"Y")) + { + Y=hex2bn(value); + if (!p || !q || !g || !X || !Y) + { + fprintf(stderr, "Parse Error\n"); + exit (1); + } + do_bn_print_name(out, "P",p); + do_bn_print_name(out, "Q",q); + do_bn_print_name(out, "G",g); + do_bn_print_name(out, "X",X); + do_bn_print_name(out, "Y",Y); + if (!paramcheck) + { + if (dss_paramcheck(L, N, p, q, g, ctx)) + paramcheck = 1; + else + paramcheck = -1; + } + if (paramcheck != 1) + fprintf(out, "Result = F" RESP_EOL); + else + { + if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y)) + fprintf(out, "Result = F" RESP_EOL); + else + fprintf(out, "Result = P" RESP_EOL); + } + BN_free(X); + BN_free(Y); + X = NULL; + Y = NULL; + } + } + if (p) + BN_free(p); + if (q) + BN_free(q); + if (g) + BN_free(g); + if (Y2) + BN_free(Y2); + if (ctx) + BN_CTX_free(ctx); + } + +static void keypair(FILE *in, FILE *out) + { + char buf[1024]; + char lbuf[1024]; + char *keyword, *value; + int dsa2, L, N; + + while(fgets(buf,sizeof buf,in) != NULL) + { + if (!parse_line(&keyword, &value, lbuf, buf)) + { + continue; + } + if(!strcmp(keyword,"[mod")) + { + if (!parse_mod(value, &dsa2, &L, &N, NULL)) + { + fprintf(stderr, "Mod Parse Error\n"); + exit (1); + } + fputs(buf,out); + } + else if(!strcmp(keyword,"N")) + { + DSA *dsa; + int n=atoi(value); + + dsa = FIPS_dsa_new(); + if (!dsa) + { + fprintf(stderr, "DSA allocation error\n"); + exit(1); + } + if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, NULL, NULL, 0, + NULL, NULL, NULL, NULL)) + { + fprintf(stderr, "Parameter Generation error\n"); + exit(1); + } + if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, NULL, NULL, 0, -1, + NULL, NULL, NULL, NULL) <= 0) + { + fprintf(stderr, "Parameter Generation error\n"); + exit(1); + } + do_bn_print_name(out, "P",dsa->p); + do_bn_print_name(out, "Q",dsa->q); + do_bn_print_name(out, "G",dsa->g); + fputs(RESP_EOL, out); + + while(n--) + { + if (!DSA_generate_key(dsa)) + exit(1); + + do_bn_print_name(out, "X",dsa->priv_key); + do_bn_print_name(out, "Y",dsa->pub_key); + fputs(RESP_EOL, out); + } + FIPS_dsa_free(dsa); + } + } + } + +static void siggen(FILE *in, FILE *out) + { + char buf[1024]; + char lbuf[1024]; + char *keyword, *value; + int dsa2, L, N; + const EVP_MD *md = NULL; + DSA *dsa=NULL; + + while(fgets(buf,sizeof buf,in) != NULL) + { + if (!parse_line(&keyword, &value, lbuf, buf)) + { + fputs(buf,out); + continue; + } + fputs(buf,out); + if(!strcmp(keyword,"[mod")) + { + if (!parse_mod(value, &dsa2, &L, &N, &md)) + { + fprintf(stderr, "Mod Parse Error\n"); + exit (1); + } + if (dsa) + FIPS_dsa_free(dsa); + dsa = FIPS_dsa_new(); + if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md, NULL, 0, + NULL, NULL, NULL, NULL)) + { + fprintf(stderr, "Parameter Generation error\n"); + exit(1); + } + if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, NULL, 0, -1, + NULL, NULL, NULL, NULL) <= 0) + { + fprintf(stderr, "Parameter Generation error\n"); + exit(1); + } + do_bn_print_name(out, "P",dsa->p); + do_bn_print_name(out, "Q",dsa->q); + do_bn_print_name(out, "G",dsa->g); + fputs(RESP_EOL, out); + } + else if(!strcmp(keyword,"Msg")) + { + unsigned char msg[1024]; + int n; + DSA_SIG *sig; + + n=hex2bin(value,msg); + + if (!DSA_generate_key(dsa)) + exit(1); + do_bn_print_name(out, "Y",dsa->pub_key); + + sig = FIPS_dsa_sign(dsa, msg, n, md); + + do_bn_print_name(out, "R",sig->r); + do_bn_print_name(out, "S",sig->s); + fputs(RESP_EOL, out); + FIPS_dsa_sig_free(sig); + } + } + if (dsa) + FIPS_dsa_free(dsa); + } + +static void sigver(FILE *in, FILE *out) + { + DSA *dsa=NULL; + char buf[1024]; + char lbuf[1024]; + unsigned char msg[1024]; + char *keyword, *value; + int n=0; + int dsa2, L, N; + const EVP_MD *md = NULL; + DSA_SIG sg, *sig = &sg; + + sig->r = NULL; + sig->s = NULL; + + while(fgets(buf,sizeof buf,in) != NULL) + { + if (!parse_line(&keyword, &value, lbuf, buf)) + { + fputs(buf,out); + continue; + } + fputs(buf,out); + if(!strcmp(keyword,"[mod")) + { + if (!parse_mod(value, &dsa2, &L, &N, &md)) + { + fprintf(stderr, "Mod Parse Error\n"); + exit (1); + } + if (dsa) + FIPS_dsa_free(dsa); + dsa = FIPS_dsa_new(); + } + else if(!strcmp(keyword,"P")) + do_hex2bn(&dsa->p, value); + else if(!strcmp(keyword,"Q")) + do_hex2bn(&dsa->q, value); + else if(!strcmp(keyword,"G")) + do_hex2bn(&dsa->g, value); + else if(!strcmp(keyword,"Msg")) + n=hex2bin(value,msg); + else if(!strcmp(keyword,"Y")) + do_hex2bn(&dsa->pub_key, value); + else if(!strcmp(keyword,"R")) + sig->r=hex2bn(value); + else if(!strcmp(keyword,"S")) + { + int r; + sig->s=hex2bn(value); + + no_err = 1; + r = FIPS_dsa_verify(dsa, msg, n, md, sig); + no_err = 0; + if (sig->s) + { + BN_free(sig->s); + sig->s = NULL; + } + if (sig->r) + { + BN_free(sig->r); + sig->r = NULL; + } + + fprintf(out, "Result = %c" RESP_EOL RESP_EOL, r == 1 ? 'P' : 'F'); + } + } + if (dsa) + FIPS_dsa_free(dsa); + } + +#ifdef FIPS_ALGVS +int fips_dssvs_main(int argc, char **argv) +#else +int main(int argc, char **argv) +#endif + { + FILE *in, *out; + if (argc == 4) + { + in = fopen(argv[2], "r"); + if (!in) + { + fprintf(stderr, "Error opening input file\n"); + exit(1); + } + out = fopen(argv[3], "w"); + if (!out) + { + fprintf(stderr, "Error opening output file\n"); + exit(1); + } + } + else if (argc == 2) + { + in = stdin; + out = stdout; + } + else + { + fprintf(stderr,"%s [prime|pqg|pqgver|keypair|keyver|siggen|sigver]\n",argv[0]); + exit(1); + } + fips_algtest_init_nofips(); + if(!FIPS_mode_set(1)) { + fprintf(stderr, "Can't set FIPS mode\n"); + exit(1); + } + if(!strcmp(argv[1],"prime")) + primes(in, out); + else if(!strcmp(argv[1],"pqg")) + pqg(in, out); + else if(!strcmp(argv[1],"pqgver")) + pqgver(in, out); + else if(!strcmp(argv[1],"keypair")) + keypair(in, out); + else if(!strcmp(argv[1],"keyver")) + keyver(in, out); + else if(!strcmp(argv[1],"siggen")) + siggen(in, out); + else if(!strcmp(argv[1],"sigver")) + sigver(in, out); + else + { + fprintf(stderr,"Don't know how to %s.\n",argv[1]); + exit(1); + } + + if (argc == 4) + { + fclose(in); + fclose(out); + } + + return 0; + } + +#endif Index: openssl-1.0.2j/crypto/fips/fips_ecdhvs.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_ecdhvs.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,500 @@ +/* fips/ecdh/fips_ecdhvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + + +#define OPENSSL_FIPSAPI +#include <openssl/opensslconf.h> + +#ifndef OPENSSL_FIPS +#include <stdio.h> + +int main(int argc, char **argv) +{ + printf("No FIPS ECDH support\n"); + return(0); +} +#else + +#include <openssl/crypto.h> +#include <openssl/bn.h> +#include <openssl/ecdh.h> +#include <openssl/fips.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <string.h> +#include <ctype.h> + +#include "fips_utl.h" + +static const EVP_MD *eparse_md(char *line) + { + char *p; + if (line[0] != '[' || line[1] != 'E') + return NULL; + p = strchr(line, '-'); + if (!p) + return NULL; + line = p + 1; + p = strchr(line, ']'); + if (!p) + return NULL; + *p = 0; + p = line; + while(isspace(*p)) + p++; + if (!strcmp(p, "SHA1")) + return EVP_sha1(); + else if (!strcmp(p, "SHA224")) + return EVP_sha224(); + else if (!strcmp(p, "SHA256")) + return EVP_sha256(); + else if (!strcmp(p, "SHA384")) + return EVP_sha384(); + else if (!strcmp(p, "SHA512")) + return EVP_sha512(); + else + return NULL; + } + +static int lookup_curve2(char *cname) + { + char *p; + p = strchr(cname, ']'); + if (!p) + { + fprintf(stderr, "Parse error: missing ]\n"); + return NID_undef; + } + *p = 0; + + if (!strcmp(cname, "B-163")) + return NID_sect163r2; + if (!strcmp(cname, "B-233")) + return NID_sect233r1; + if (!strcmp(cname, "B-283")) + return NID_sect283r1; + if (!strcmp(cname, "B-409")) + return NID_sect409r1; + if (!strcmp(cname, "B-571")) + return NID_sect571r1; + if (!strcmp(cname, "K-163")) + return NID_sect163k1; + if (!strcmp(cname, "K-233")) + return NID_sect233k1; + if (!strcmp(cname, "K-283")) + return NID_sect283k1; + if (!strcmp(cname, "K-409")) + return NID_sect409k1; + if (!strcmp(cname, "K-571")) + return NID_sect571k1; + if (!strcmp(cname, "P-192")) + return NID_X9_62_prime192v1; + if (!strcmp(cname, "P-224")) + return NID_secp224r1; + if (!strcmp(cname, "P-256")) + return NID_X9_62_prime256v1; + if (!strcmp(cname, "P-384")) + return NID_secp384r1; + if (!strcmp(cname, "P-521")) + return NID_secp521r1; + + fprintf(stderr, "Unknown Curve name %s\n", cname); + return NID_undef; + } + +static int lookup_curve(char *cname) + { + char *p; + p = strchr(cname, ':'); + if (!p) + { + fprintf(stderr, "Parse error: missing :\n"); + return NID_undef; + } + cname = p + 1; + while(isspace(*cname)) + cname++; + return lookup_curve2(cname); + } + +static EC_POINT *make_peer(EC_GROUP *group, BIGNUM *x, BIGNUM *y) + { + EC_POINT *peer; + int rv; + BN_CTX *c; + peer = EC_POINT_new(group); + if (!peer) + return NULL; + c = BN_CTX_new(); + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) + == NID_X9_62_prime_field) + rv = EC_POINT_set_affine_coordinates_GFp(group, peer, x, y, c); + else +#ifdef OPENSSL_NO_EC2M + { + fprintf(stderr, "ERROR: GF2m not supported\n"); + exit(1); + } +#else + rv = EC_POINT_set_affine_coordinates_GF2m(group, peer, x, y, c); +#endif + + BN_CTX_free(c); + if (rv) + return peer; + EC_POINT_free(peer); + return NULL; + } + +static int ec_print_key(FILE *out, EC_KEY *key, int add_e, int exout) + { + const EC_POINT *pt; + const EC_GROUP *grp; + const EC_METHOD *meth; + int rv; + BIGNUM *tx, *ty; + const BIGNUM *d = NULL; + BN_CTX *ctx; + ctx = BN_CTX_new(); + if (!ctx) + return 0; + tx = BN_CTX_get(ctx); + ty = BN_CTX_get(ctx); + if (!tx || !ty) + return 0; + grp = EC_KEY_get0_group(key); + pt = EC_KEY_get0_public_key(key); + if (exout) + d = EC_KEY_get0_private_key(key); + meth = EC_GROUP_method_of(grp); + if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field) + rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, tx, ty, ctx); + else +#ifdef OPENSSL_NO_EC2M + { + fprintf(stderr, "ERROR: GF2m not supported\n"); + exit(1); + } +#else + rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, tx, ty, ctx); +#endif + + if (add_e) + { + do_bn_print_name(out, "QeIUTx", tx); + do_bn_print_name(out, "QeIUTy", ty); + if (d) + do_bn_print_name(out, "QeIUTd", d); + } + else + { + do_bn_print_name(out, "QIUTx", tx); + do_bn_print_name(out, "QIUTy", ty); + if (d) + do_bn_print_name(out, "QIUTd", d); + } + + BN_CTX_free(ctx); + + return rv; + + } + +static void ec_output_Zhash(FILE *out, int exout, EC_GROUP *group, + BIGNUM *ix, BIGNUM *iy, BIGNUM *id, BIGNUM *cx, + BIGNUM *cy, const EVP_MD *md, + unsigned char *rhash, size_t rhashlen) + { + EC_KEY *ec = NULL; + EC_POINT *peerkey = NULL; + unsigned char *Z; + unsigned char chash[EVP_MAX_MD_SIZE]; + int Zlen; + ec = EC_KEY_new(); + EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH); + EC_KEY_set_group(ec, group); + peerkey = make_peer(group, cx, cy); + if (rhash == NULL) + { + if (md) + rhashlen = M_EVP_MD_size(md); + EC_KEY_generate_key(ec); + ec_print_key(out, ec, md ? 1 : 0, exout); + } + else + { + EC_KEY_set_public_key_affine_coordinates(ec, ix, iy); + EC_KEY_set_private_key(ec, id); + } + Zlen = (EC_GROUP_get_degree(group) + 7)/8; + Z = OPENSSL_malloc(Zlen); + if (!Z) + exit(1); + ECDH_compute_key(Z, Zlen, peerkey, ec, 0); + if (md) + { + if (exout) + OutputValue("Z", Z, Zlen, out, 0); + FIPS_digest(Z, Zlen, chash, NULL, md); + OutputValue(rhash ? "IUTHashZZ" : "HashZZ", + chash, rhashlen, out, 0); + if (rhash) + { + fprintf(out, "Result = %s\n", + memcmp(chash, rhash, rhashlen) ? "F" : "P"); + } + } + else + OutputValue("ZIUT", Z, Zlen, out, 0); + OPENSSL_cleanse(Z, Zlen); + OPENSSL_free(Z); + EC_KEY_free(ec); + EC_POINT_free(peerkey); + } + +#ifdef FIPS_ALGVS +int fips_ecdhvs_main(int argc, char **argv) +#else +int main(int argc, char **argv) +#endif + { + char **args = argv + 1; + int argn = argc - 1; + FILE *in, *out; + char buf[2048], lbuf[2048]; + unsigned char *rhash = NULL; + long rhashlen; + BIGNUM *cx = NULL, *cy = NULL; + BIGNUM *id = NULL, *ix = NULL, *iy = NULL; + const EVP_MD *md = NULL; + EC_GROUP *group = NULL; + char *keyword = NULL, *value = NULL; + int do_verify = -1, exout = 0; + int rv = 1; + + int curve_nids[5] = {0,0,0,0,0}; + int param_set = -1; + + fips_algtest_init_nofips(); + if(!FIPS_mode_set(1)) { + fprintf(stderr, "Can't set FIPS mode\n"); + exit(1); + } + + if (argn && !strcmp(*args, "ecdhver")) + { + do_verify = 1; + args++; + argn--; + } + else if (argn && !strcmp(*args, "ecdhgen")) + { + do_verify = 0; + args++; + argn--; + } + + if (argn && !strcmp(*args, "-exout")) + { + exout = 1; + args++; + argn--; + } + + if (do_verify == -1) + { + fprintf(stderr,"%s [ecdhver|ecdhgen|] [-exout] (infile outfile)\n",argv[0]); + exit(1); + } + + if (argn == 2) + { + in = fopen(*args, "r"); + if (!in) + { + fprintf(stderr, "Error opening input file\n"); + exit(1); + } + out = fopen(args[1], "w"); + if (!out) + { + fprintf(stderr, "Error opening output file\n"); + exit(1); + } + } + else if (argn == 0) + { + in = stdin; + out = stdout; + } + else + { + fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]); + exit(1); + } + + while (fgets(buf, sizeof(buf), in) != NULL) + { + fputs(buf, out); + if (buf[0] == '[' && buf[1] == 'E') + { + int c = buf[2]; + if (c < 'A' || c > 'E') + goto parse_error; + param_set = c - 'A'; + /* If just [E?] then initial paramset */ + if (buf[3] == ']') + continue; + if (group) + EC_GROUP_free(group); + group = EC_GROUP_new_by_curve_name(curve_nids[c - 'A']); + } + if (strlen(buf) > 10 && !strncmp(buf, "[Curve", 6)) + { + int nid; + if (param_set == -1) + goto parse_error; + nid = lookup_curve(buf); + if (nid == NID_undef) + goto parse_error; + curve_nids[param_set] = nid; + } + + if (strlen(buf) > 4 && buf[0] == '[' && buf[2] == '-') + { + int nid = lookup_curve2(buf + 1); + if (nid == NID_undef) + goto parse_error; + if (group) + EC_GROUP_free(group); + group = EC_GROUP_new_by_curve_name(nid); + if (!group) + { + fprintf(stderr, "ERROR: unsupported curve %s\n", buf + 1); + return 1; + } + } + + if (strlen(buf) > 6 && !strncmp(buf, "[E", 2)) + { + md = eparse_md(buf); + if (md == NULL) + goto parse_error; + continue; + } + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + if (!strcmp(keyword, "QeCAVSx") || !strcmp(keyword, "QCAVSx")) + { + if (!do_hex2bn(&cx, value)) + goto parse_error; + } + else if (!strcmp(keyword, "QeCAVSy") || !strcmp(keyword, "QCAVSy")) + { + if (!do_hex2bn(&cy, value)) + goto parse_error; + if (do_verify == 0) + ec_output_Zhash(out, exout, group, + NULL, NULL, NULL, + cx, cy, md, rhash, rhashlen); + } + else if (!strcmp(keyword, "deIUT")) + { + if (!do_hex2bn(&id, value)) + goto parse_error; + } + else if (!strcmp(keyword, "QeIUTx")) + { + if (!do_hex2bn(&ix, value)) + goto parse_error; + } + else if (!strcmp(keyword, "QeIUTy")) + { + if (!do_hex2bn(&iy, value)) + goto parse_error; + } + else if (!strcmp(keyword, "CAVSHashZZ")) + { + if (!md) + goto parse_error; + rhash = hex2bin_m(value, &rhashlen); + if (!rhash || rhashlen != M_EVP_MD_size(md)) + goto parse_error; + ec_output_Zhash(out, exout, group, ix, iy, id, cx, cy, + md, rhash, rhashlen); + } + } + rv = 0; + parse_error: + if (id) + BN_free(id); + if (ix) + BN_free(ix); + if (iy) + BN_free(iy); + if (cx) + BN_free(cx); + if (cy) + BN_free(cy); + if (group) + EC_GROUP_free(group); + if (in && in != stdin) + fclose(in); + if (out && out != stdout) + fclose(out); + if (rv) + fprintf(stderr, "Error Parsing request file\n"); + return rv; + } + +#endif Index: openssl-1.0.2j/crypto/fips/fips_ecdsa_lib.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_ecdsa_lib.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,93 @@ +/* fips_dsa_lib.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2007. + */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#define OPENSSL_FIPSAPI + +#include <string.h> +#include <openssl/ecdsa.h> +#include <openssl/bn.h> +#include <openssl/fips.h> + +ECDSA_SIG *FIPS_ecdsa_sig_new(void) + { + ECDSA_SIG *sig; + sig = OPENSSL_malloc(sizeof(ECDSA_SIG)); + if (!sig) + return NULL; + sig->r = BN_new(); + sig->s = BN_new(); + if (!sig->r || !sig->s) + { + FIPS_ecdsa_sig_free(sig); + return NULL; + } + return sig; + } + +void FIPS_ecdsa_sig_free(ECDSA_SIG *sig) + { + if (sig) + { + if (sig->r) + BN_free(sig->r); + if (sig->s) + BN_free(sig->s); + OPENSSL_free(sig); + } + } + Index: openssl-1.0.2j/crypto/fips/fips_ecdsavs.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_ecdsavs.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,585 @@ +/* fips/ecdsa/fips_ecdsavs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#define OPENSSL_FIPSAPI +#include <openssl/opensslconf.h> +#include <stdio.h> + +#ifndef OPENSSL_FIPS + +int main(int argc, char **argv) +{ + printf("No FIPS ECDSA support\n"); + return(0); +} +#else + +#include <string.h> +#include <ctype.h> +#include <openssl/err.h> +#include <openssl/bn.h> +#include <openssl/ecdsa.h> +#include <openssl/evp.h> +#include "fips_utl.h" +#include <openssl/sha.h> + +#include <openssl/objects.h> + +ECDSA_SIG * FIPS_ecdsa_sign_ctx(EC_KEY *key, EVP_MD_CTX *ctx) + { + ECDSA_SIG *s; + unsigned char dig[EVP_MAX_MD_SIZE]; + unsigned int dlen; + FIPS_digestfinal(ctx, dig, &dlen); + s = FIPS_ecdsa_sign_digest(key, dig, dlen); + OPENSSL_cleanse(dig, dlen); + return s; + } + +int FIPS_ecdsa_verify_ctx(EC_KEY *key, EVP_MD_CTX *ctx, ECDSA_SIG *s) + { + int ret=-1; + unsigned char dig[EVP_MAX_MD_SIZE]; + unsigned int dlen; + FIPS_digestfinal(ctx, dig, &dlen); + ret = FIPS_ecdsa_verify_digest(key, dig, dlen, s); + OPENSSL_cleanse(dig, dlen); + return ret; + } + +int FIPS_ecdsa_verify(EC_KEY *key, const unsigned char *msg, size_t msglen, + const EVP_MD *mhash, ECDSA_SIG *s) + { + int ret=-1; + unsigned char dig[EVP_MAX_MD_SIZE]; + unsigned int dlen; + FIPS_digest(msg, msglen, dig, &dlen, mhash); + ret=FIPS_ecdsa_verify_digest(key, dig, dlen, s); + OPENSSL_cleanse(dig, dlen); + return ret; + } + +ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key, + const unsigned char *msg, size_t msglen, + const EVP_MD *mhash) + { + ECDSA_SIG *s; + unsigned char dig[EVP_MAX_MD_SIZE]; + unsigned int dlen; + FIPS_digest(msg, msglen, dig, &dlen, mhash); + s = FIPS_ecdsa_sign_digest(key, dig, dlen); + OPENSSL_cleanse(dig, dlen); + return s; + } + +static int elookup_curve(char *in, char *curve_name, const EVP_MD **pmd) + { + char *cname, *p; + /* Copy buffer as we will change it */ + strcpy(curve_name, in); + cname = curve_name + 1; + p = strchr(cname, ']'); + if (!p) + { + fprintf(stderr, "Parse error: missing ]\n"); + return NID_undef; + } + *p = 0; + p = strchr(cname, ','); + if (p) + { + if (!pmd) + { + fprintf(stderr, "Parse error: unexpected digest\n"); + return NID_undef; + } + *p = 0; + p++; + + if (!strcmp(p, "SHA-1")) + *pmd = EVP_sha1(); + else if (!strcmp(p, "SHA-224")) + *pmd = EVP_sha224(); + else if (!strcmp(p, "SHA-256")) + *pmd = EVP_sha256(); + else if (!strcmp(p, "SHA-384")) + *pmd = EVP_sha384(); + else if (!strcmp(p, "SHA-512")) + *pmd = EVP_sha512(); + else + { + fprintf(stderr, "Unknown digest %s\n", p); + return NID_undef; + } + } + else if(pmd) + *pmd = EVP_sha1(); + + if (!strcmp(cname, "B-163")) + return NID_sect163r2; + if (!strcmp(cname, "B-233")) + return NID_sect233r1; + if (!strcmp(cname, "B-283")) + return NID_sect283r1; + if (!strcmp(cname, "B-409")) + return NID_sect409r1; + if (!strcmp(cname, "B-571")) + return NID_sect571r1; + if (!strcmp(cname, "K-163")) + return NID_sect163k1; + if (!strcmp(cname, "K-233")) + return NID_sect233k1; + if (!strcmp(cname, "K-283")) + return NID_sect283k1; + if (!strcmp(cname, "K-409")) + return NID_sect409k1; + if (!strcmp(cname, "K-571")) + return NID_sect571k1; + if (!strcmp(cname, "P-192")) + return NID_X9_62_prime192v1; + if (!strcmp(cname, "P-224")) + return NID_secp224r1; + if (!strcmp(cname, "P-256")) + return NID_X9_62_prime256v1; + if (!strcmp(cname, "P-384")) + return NID_secp384r1; + if (!strcmp(cname, "P-521")) + return NID_secp521r1; + + fprintf(stderr, "Unknown Curve name %s\n", cname); + return NID_undef; + } + +static int ec_get_pubkey(EC_KEY *key, BIGNUM *x, BIGNUM *y) + { + const EC_POINT *pt; + const EC_GROUP *grp; + const EC_METHOD *meth; + int rv; + BN_CTX *ctx; + ctx = BN_CTX_new(); + if (!ctx) + return 0; + grp = EC_KEY_get0_group(key); + pt = EC_KEY_get0_public_key(key); + meth = EC_GROUP_method_of(grp); + if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field) + rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, x, y, ctx); + else +#ifdef OPENSSL_NO_EC2M + { + fprintf(stderr, "ERROR: GF2m not supported\n"); + exit(1); + } +#else + rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, x, y, ctx); +#endif + + BN_CTX_free(ctx); + + return rv; + + } + +static int KeyPair(FILE *in, FILE *out) + { + char buf[2048], lbuf[2048]; + char *keyword, *value; + int curve_nid = NID_undef; + int i, count; + BIGNUM *Qx = NULL, *Qy = NULL; + const BIGNUM *d = NULL; + EC_KEY *key = NULL; + Qx = BN_new(); + Qy = BN_new(); + while(fgets(buf, sizeof buf, in) != NULL) + { + if (*buf == '[' && buf[2] == '-') + { + if (buf[2] == '-') + curve_nid = elookup_curve(buf, lbuf, NULL); + fputs(buf, out); + continue; + } + if (!parse_line(&keyword, &value, lbuf, buf)) + { + fputs(buf, out); + continue; + } + if (!strcmp(keyword, "N")) + { + count = atoi(value); + + for (i = 0; i < count; i++) + { + + key = EC_KEY_new_by_curve_name(curve_nid); + if (!EC_KEY_generate_key(key)) + { + fprintf(stderr, "Error generating key\n"); + return 0; + } + + if (!ec_get_pubkey(key, Qx, Qy)) + { + fprintf(stderr, "Error getting public key\n"); + return 0; + } + + d = EC_KEY_get0_private_key(key); + + do_bn_print_name(out, "d", d); + do_bn_print_name(out, "Qx", Qx); + do_bn_print_name(out, "Qy", Qy); + fputs(RESP_EOL, out); + EC_KEY_free(key); + + } + + } + + } + BN_free(Qx); + BN_free(Qy); + return 1; + } + +static int PKV(FILE *in, FILE *out) + { + + char buf[2048], lbuf[2048]; + char *keyword, *value; + int curve_nid = NID_undef; + BIGNUM *Qx = NULL, *Qy = NULL; + EC_KEY *key = NULL; + while(fgets(buf, sizeof buf, in) != NULL) + { + fputs(buf, out); + if (*buf == '[' && buf[2] == '-') + { + curve_nid = elookup_curve(buf, lbuf, NULL); + if (curve_nid == NID_undef) + return 0; + + } + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + if (!strcmp(keyword, "Qx")) + { + if (!do_hex2bn(&Qx, value)) + { + fprintf(stderr, "Invalid Qx value\n"); + return 0; + } + } + if (!strcmp(keyword, "Qy")) + { + int rv; + if (!do_hex2bn(&Qy, value)) + { + fprintf(stderr, "Invalid Qy value\n"); + return 0; + } + key = EC_KEY_new_by_curve_name(curve_nid); + no_err = 1; + rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy); + no_err = 0; + EC_KEY_free(key); + fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F"); + } + + } + BN_free(Qx); + BN_free(Qy); + return 1; + } + +static int SigGen(FILE *in, FILE *out) + { + char buf[2048], lbuf[2048]; + char *keyword, *value; + unsigned char *msg; + int curve_nid = NID_undef; + long mlen; + BIGNUM *Qx = NULL, *Qy = NULL; + EC_KEY *key = NULL; + ECDSA_SIG *sig = NULL; + const EVP_MD *digest = NULL; + Qx = BN_new(); + Qy = BN_new(); + while(fgets(buf, sizeof buf, in) != NULL) + { + fputs(buf, out); + if (*buf == '[') + { + curve_nid = elookup_curve(buf, lbuf, &digest); + if (curve_nid == NID_undef) + return 0; + } + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + if (!strcmp(keyword, "Msg")) + { + msg = hex2bin_m(value, &mlen); + if (!msg) + { + fprintf(stderr, "Invalid Message\n"); + return 0; + } + + key = EC_KEY_new_by_curve_name(curve_nid); + if (!EC_KEY_generate_key(key)) + { + fprintf(stderr, "Error generating key\n"); + return 0; + } + + if (!ec_get_pubkey(key, Qx, Qy)) + { + fprintf(stderr, "Error getting public key\n"); + return 0; + } + + sig = FIPS_ecdsa_sign(key, msg, mlen, digest); + + if (!sig) + { + fprintf(stderr, "Error signing message\n"); + return 0; + } + + do_bn_print_name(out, "Qx", Qx); + do_bn_print_name(out, "Qy", Qy); + do_bn_print_name(out, "R", sig->r); + do_bn_print_name(out, "S", sig->s); + + EC_KEY_free(key); + OPENSSL_free(msg); + FIPS_ecdsa_sig_free(sig); + + } + + } + BN_free(Qx); + BN_free(Qy); + return 1; + } + +static int SigVer(FILE *in, FILE *out) + { + char buf[2048], lbuf[2048]; + char *keyword, *value; + unsigned char *msg = NULL; + int curve_nid = NID_undef; + long mlen; + BIGNUM *Qx = NULL, *Qy = NULL; + EC_KEY *key = NULL; + ECDSA_SIG sg, *sig = &sg; + const EVP_MD *digest = NULL; + sig->r = NULL; + sig->s = NULL; + while(fgets(buf, sizeof buf, in) != NULL) + { + fputs(buf, out); + if (*buf == '[') + { + curve_nid = elookup_curve(buf, lbuf, &digest); + if (curve_nid == NID_undef) + return 0; + } + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + if (!strcmp(keyword, "Msg")) + { + msg = hex2bin_m(value, &mlen); + if (!msg) + { + fprintf(stderr, "Invalid Message\n"); + return 0; + } + } + + if (!strcmp(keyword, "Qx")) + { + if (!do_hex2bn(&Qx, value)) + { + fprintf(stderr, "Invalid Qx value\n"); + return 0; + } + } + if (!strcmp(keyword, "Qy")) + { + if (!do_hex2bn(&Qy, value)) + { + fprintf(stderr, "Invalid Qy value\n"); + return 0; + } + } + if (!strcmp(keyword, "R")) + { + if (!do_hex2bn(&sig->r, value)) + { + fprintf(stderr, "Invalid R value\n"); + return 0; + } + } + if (!strcmp(keyword, "S")) + { + int rv; + if (!do_hex2bn(&sig->s, value)) + { + fprintf(stderr, "Invalid S value\n"); + return 0; + } + key = EC_KEY_new_by_curve_name(curve_nid); + rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy); + + if (rv != 1) + { + fprintf(stderr, "Error setting public key\n"); + return 0; + } + + no_err = 1; + rv = FIPS_ecdsa_verify(key, msg, mlen, digest, sig); + EC_KEY_free(key); + if (msg) + OPENSSL_free(msg); + no_err = 0; + + fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F"); + } + + } + if (sig->r) + BN_free(sig->r); + if (sig->s) + BN_free(sig->s); + if (Qx) + BN_free(Qx); + if (Qy) + BN_free(Qy); + return 1; + } +#ifdef FIPS_ALGVS +int fips_ecdsavs_main(int argc, char **argv) +#else +int main(int argc, char **argv) +#endif + { + FILE *in = NULL, *out = NULL; + const char *cmd = argv[1]; + int rv = 0; + + fips_algtest_init_nofips(); + if(!FIPS_mode_set(1)) { + fprintf(stderr, "Can't set FIPS mode\n"); + exit(1); + } + + if (argc == 4) + { + in = fopen(argv[2], "r"); + if (!in) + { + fprintf(stderr, "Error opening input file\n"); + exit(1); + } + out = fopen(argv[3], "w"); + if (!out) + { + fprintf(stderr, "Error opening output file\n"); + exit(1); + } + } + else if (argc == 2) + { + in = stdin; + out = stdout; + } + + if (!cmd) + { + fprintf(stderr, "fips_ecdsavs [KeyPair|PKV|SigGen|SigVer]\n"); + return 1; + } + if (!strcmp(cmd, "KeyPair")) + rv = KeyPair(in, out); + else if (!strcmp(cmd, "PKV")) + rv = PKV(in, out); + else if (!strcmp(cmd, "SigVer")) + rv = SigVer(in, out); + else if (!strcmp(cmd, "SigGen")) + rv = SigGen(in, out); + else + { + fprintf(stderr, "Unknown command %s\n", cmd); + return 1; + } + + if (argc == 4) + { + fclose(in); + fclose(out); + } + + if (rv <= 0) + { + fprintf(stderr, "Error running %s\n", cmd); + return 1; + } + + return 0; + } + +#endif Index: openssl-1.0.2j/crypto/fips/fips_err.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_err.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,89 @@ +/* fips/utl/fips_err.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#define OPENSSL_FIPSAPI + +#include <openssl/err.h> +#include <openssl/fips.h> + +/* FIPS error callbacks */ + +static void (*fips_put_error_cb)(int lib, int func,int reason,const char *file,int line) = 0; +static void (*fips_add_error_vdata)(int num, va_list args) = 0; + +void FIPS_put_error(int lib, int func,int reason,const char *file,int line) + { + if (fips_put_error_cb) + fips_put_error_cb(lib, func, reason, file, line); + } + +void FIPS_add_error_data(int num, ...) + { + if (fips_add_error_vdata) + { + va_list args; + va_start(args, num); + fips_add_error_vdata(num, args); + va_end(args); + } + } + +void FIPS_set_error_callbacks( + void (*put_cb)(int lib, int func,int reason,const char *file,int line), + void (*add_cb)(int num, va_list args) ) + { + fips_put_error_cb = put_cb; + fips_add_error_vdata = add_cb; + } + + Index: openssl-1.0.2j/crypto/fips/fips_gcmtest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_gcmtest.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,575 @@ +/* fips/aes/fips_gcmtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + + +#define OPENSSL_FIPSAPI +#include <openssl/opensslconf.h> + +#ifndef OPENSSL_FIPS +#include <stdio.h> + +int main(int argc, char **argv) +{ + printf("No FIPS GCM support\n"); + return(0); +} +#else + +#include <openssl/bn.h> +#include <openssl/dsa.h> +#include <openssl/fips.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <string.h> +#include <ctype.h> + +#include "fips_utl.h" + +static void gcmtest(FILE *in, FILE *out, int encrypt) + { + char buf[2048]; + char lbuf[2048]; + char *keyword, *value; + int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1; + int rv; + long l; + unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL; + unsigned char *ct = NULL, *pt = NULL; + EVP_CIPHER_CTX ctx; + const EVP_CIPHER *gcm = NULL; + FIPS_cipher_ctx_init(&ctx); + + while(fgets(buf,sizeof buf,in) != NULL) + { + fputs(buf,out); + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + if(!strcmp(keyword,"[Keylen")) + { + keylen = atoi(value); + if (keylen == 128) + gcm = EVP_aes_128_gcm(); + else if (keylen == 192) + gcm = EVP_aes_192_gcm(); + else if (keylen == 256) + gcm = EVP_aes_256_gcm(); + else + { + fprintf(stderr, "Unsupported keylen %d\n", + keylen); + } + keylen >>= 3; + } + else if (!strcmp(keyword, "[IVlen")) + ivlen = atoi(value) >> 3; + else if (!strcmp(keyword, "[AADlen")) + aadlen = atoi(value) >> 3; + else if (!strcmp(keyword, "[Taglen")) + taglen = atoi(value) >> 3; + else if (!strcmp(keyword, "[PTlen")) + ptlen = atoi(value) >> 3; + else if(!strcmp(keyword,"Key")) + { + key = hex2bin_m(value, &l); + if (l != keylen) + { + fprintf(stderr, "Inconsistent Key length\n"); + exit(1); + } + } + else if(!strcmp(keyword,"IV")) + { + iv = hex2bin_m(value, &l); + if (l != ivlen) + { + fprintf(stderr, "Inconsistent IV length\n"); + exit(1); + } + } + else if(!strcmp(keyword,"PT")) + { + pt = hex2bin_m(value, &l); + if (l != ptlen) + { + fprintf(stderr, "Inconsistent PT length\n"); + exit(1); + } + } + else if(!strcmp(keyword,"CT")) + { + ct = hex2bin_m(value, &l); + if (l != ptlen) + { + fprintf(stderr, "Inconsistent CT length\n"); + exit(1); + } + } + else if(!strcmp(keyword,"AAD")) + { + aad = hex2bin_m(value, &l); + if (l != aadlen) + { + fprintf(stderr, "Inconsistent AAD length\n"); + exit(1); + } + } + else if(!strcmp(keyword,"Tag")) + { + tag = hex2bin_m(value, &l); + if (l != taglen) + { + fprintf(stderr, "Inconsistent Tag length\n"); + exit(1); + } + } + if (encrypt && pt && aad && (iv || encrypt==1)) + { + tag = OPENSSL_malloc(taglen); + FIPS_cipherinit(&ctx, gcm, NULL, NULL, 1); + /* Relax FIPS constraints for testing */ + M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0); + if (encrypt == 1) + { + static unsigned char iv_fixed[4] = {1,2,3,4}; + if (!iv) + iv = OPENSSL_malloc(ivlen); + FIPS_cipherinit(&ctx, NULL, key, NULL, 1); + FIPS_cipher_ctx_ctrl(&ctx, + EVP_CTRL_GCM_SET_IV_FIXED, + 4, iv_fixed); + if (!FIPS_cipher_ctx_ctrl(&ctx, + EVP_CTRL_GCM_IV_GEN, 0, iv)) + { + fprintf(stderr, "IV gen error\n"); + exit(1); + } + OutputValue("IV", iv, ivlen, out, 0); + } + else + FIPS_cipherinit(&ctx, NULL, key, iv, 1); + + + if (aadlen) + FIPS_cipher(&ctx, NULL, aad, aadlen); + if (ptlen) + { + ct = OPENSSL_malloc(ptlen); + rv = FIPS_cipher(&ctx, ct, pt, ptlen); + } + FIPS_cipher(&ctx, NULL, NULL, 0); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, + taglen, tag); + OutputValue("CT", ct, ptlen, out, 0); + OutputValue("Tag", tag, taglen, out, 0); + if (iv) + OPENSSL_free(iv); + if (aad) + OPENSSL_free(aad); + if (ct) + OPENSSL_free(ct); + if (pt) + OPENSSL_free(pt); + if (key) + OPENSSL_free(key); + if (tag) + OPENSSL_free(tag); + iv = aad = ct = pt = key = tag = NULL; + } + if (!encrypt && tag) + { + FIPS_cipherinit(&ctx, gcm, NULL, NULL, 0); + /* Relax FIPS constraints for testing */ + M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0); + FIPS_cipherinit(&ctx, NULL, key, iv, 0); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag); + if (aadlen) + FIPS_cipher(&ctx, NULL, aad, aadlen); + if (ptlen) + { + pt = OPENSSL_malloc(ptlen); + rv = FIPS_cipher(&ctx, pt, ct, ptlen); + } + rv = FIPS_cipher(&ctx, NULL, NULL, 0); + if (rv < 0) + fprintf(out, "FAIL" RESP_EOL); + else + OutputValue("PT", pt, ptlen, out, 0); + if (iv) + OPENSSL_free(iv); + if (aad) + OPENSSL_free(aad); + if (ct) + OPENSSL_free(ct); + if (pt) + OPENSSL_free(pt); + if (key) + OPENSSL_free(key); + if (tag) + OPENSSL_free(tag); + iv = aad = ct = pt = key = tag = NULL; + } + } + FIPS_cipher_ctx_cleanup(&ctx); + } + +static void xtstest(FILE *in, FILE *out) + { + char buf[204800]; + char lbuf[204800]; + char *keyword, *value; + int inlen = 0; + int encrypt = 0; + long l; + unsigned char *key = NULL, *iv = NULL; + unsigned char *inbuf = NULL, *outbuf = NULL; + EVP_CIPHER_CTX ctx; + const EVP_CIPHER *xts = NULL; + FIPS_cipher_ctx_init(&ctx); + + while(fgets(buf,sizeof buf,in) != NULL) + { + fputs(buf,out); + if (buf[0] == '[' && strlen(buf) >= 9) + { + if(!strncmp(buf,"[ENCRYPT]", 9)) + encrypt = 1; + else if(!strncmp(buf,"[DECRYPT]", 9)) + encrypt = 0; + } + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + else if(!strcmp(keyword,"Key")) + { + key = hex2bin_m(value, &l); + if (l == 32) + xts = EVP_aes_128_xts(); + else if (l == 64) + xts = EVP_aes_256_xts(); + else + { + fprintf(stderr, "Inconsistent Key length\n"); + exit(1); + } + } + else if(!strcmp(keyword,"i")) + { + iv = hex2bin_m(value, &l); + if (l != 16) + { + fprintf(stderr, "Inconsistent i length\n"); + exit(1); + } + } + else if(encrypt && !strcmp(keyword,"PT")) + { + inbuf = hex2bin_m(value, &l); + inlen = l; + } + else if(!encrypt && !strcmp(keyword,"CT")) + { + inbuf = hex2bin_m(value, &l); + inlen = l; + } + if (inbuf) + { + FIPS_cipherinit(&ctx, xts, key, iv, encrypt); + outbuf = OPENSSL_malloc(inlen); + FIPS_cipher(&ctx, outbuf, inbuf, inlen); + OutputValue(encrypt ? "CT":"PT", outbuf, inlen, out, 0); + OPENSSL_free(inbuf); + OPENSSL_free(outbuf); + OPENSSL_free(key); + OPENSSL_free(iv); + iv = key = inbuf = outbuf = NULL; + } + } + FIPS_cipher_ctx_cleanup(&ctx); + } + +static void ccmtest(FILE *in, FILE *out) + { + char buf[200048]; + char lbuf[200048]; + char *keyword, *value; + long l; + unsigned char *Key = NULL, *Nonce = NULL; + unsigned char *Adata = NULL, *Payload = NULL; + unsigned char *CT = NULL; + int Plen = -1, Nlen = -1, Tlen = -1, Alen = -1; + int decr = 0; + EVP_CIPHER_CTX ctx; + const EVP_CIPHER *ccm = NULL; + FIPS_cipher_ctx_init(&ctx); + + while(fgets(buf,sizeof buf,in) != NULL) + { + char *p; + fputs(buf,out); + redo: + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + + /* If surrounded by square brackets zap them */ + if (keyword[0] == '[') + { + keyword++; + p = strchr(value, ']'); + if (p) + *p = 0; + } + /* See if we have a comma separated list of parameters + * if so copy rest of line back to buffer and redo later. + */ + p = strchr(value, ','); + if (p) + { + *p = 0; + strcpy(buf, p + 1); + strcat(buf, "\n"); + decr = 1; + } + if (!strcmp(keyword,"Plen")) + Plen = atoi(value); + else if (!strcmp(keyword,"Nlen")) + Nlen = atoi(value); + else if (!strcmp(keyword,"Tlen")) + Tlen = atoi(value); + else if (!strcmp(keyword,"Alen")) + Alen = atoi(value); + if (p) + goto redo; + if (!strcmp(keyword,"Key")) + { + if (Key) + OPENSSL_free(Key); + Key = hex2bin_m(value, &l); + if (l == 16) + ccm = EVP_aes_128_ccm(); + else if (l == 24) + ccm = EVP_aes_192_ccm(); + else if (l == 32) + ccm = EVP_aes_256_ccm(); + else + { + fprintf(stderr, "Inconsistent Key length\n"); + exit(1); + } + } + else if (!strcmp(keyword,"Nonce")) + { + if (Nonce) + OPENSSL_free(Nonce); + Nonce = hex2bin_m(value, &l); + if (l != Nlen) + { + fprintf(stderr, "Inconsistent nonce length\n"); + exit(1); + } + } + else if (!strcmp(keyword,"Payload") && !decr) + { + Payload = hex2bin_m(value, &l); + if (Plen && l != Plen) + { + fprintf(stderr, "Inconsistent Payload length\n"); + exit(1); + } + } + else if (!strcmp(keyword,"Adata")) + { + if (Adata) + OPENSSL_free(Adata); + Adata = hex2bin_m(value, &l); + if (Alen && l != Alen) + { + fprintf(stderr, "Inconsistent Payload length\n"); + exit(1); + } + } + else if (!strcmp(keyword,"CT") && decr) + { + CT = hex2bin_m(value, &l); + if (l != (Plen + Tlen)) + { + fprintf(stderr, "Inconsistent CT length\n"); + exit(1); + } + } + if (Payload) + { + FIPS_cipherinit(&ctx, ccm, NULL, NULL, 1); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, Tlen, 0); + FIPS_cipherinit(&ctx, NULL, Key, Nonce, 1); + + FIPS_cipher(&ctx, NULL, NULL, Plen); + FIPS_cipher(&ctx, NULL, Adata, Alen); + CT = OPENSSL_malloc(Plen + Tlen); + FIPS_cipher(&ctx, CT, Payload, Plen); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, Tlen, + CT + Plen); + OutputValue("CT", CT, Plen + Tlen, out, 0); + OPENSSL_free(CT); + OPENSSL_free(Payload); + CT = Payload = NULL; + } + if (CT) + { + int rv; + int len = Plen == 0 ? 1: Plen; + FIPS_cipherinit(&ctx, ccm, NULL, NULL, 0); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, + Tlen, CT + Plen); + FIPS_cipherinit(&ctx, NULL, Key, Nonce, 0); + FIPS_cipher(&ctx, NULL, NULL, Plen); + FIPS_cipher(&ctx, NULL, Adata, Alen); + Payload = OPENSSL_malloc(len); + rv = FIPS_cipher(&ctx, Payload, CT, Plen); + if (rv >= 0) + { + if (rv == 0) + Payload[0] = 0; + fputs("Result = Pass" RESP_EOL, out); + OutputValue("Payload", Payload, len, out, 0); + } + else + fputs("Result = Fail" RESP_EOL, out); + OPENSSL_free(CT); + OPENSSL_free(Payload); + CT = Payload = NULL; + } + } + if (Key) + OPENSSL_free(Key); + if (Nonce) + OPENSSL_free(Nonce); + if (Adata) + OPENSSL_free(Adata); + FIPS_cipher_ctx_cleanup(&ctx); + } + +#ifdef FIPS_ALGVS +int fips_gcmtest_main(int argc, char **argv) +#else +int main(int argc, char **argv) +#endif + { + int encrypt; + int xts = 0, ccm = 0; + FILE *in, *out; + if (argc == 4) + { + in = fopen(argv[2], "r"); + if (!in) + { + fprintf(stderr, "Error opening input file\n"); + exit(1); + } + out = fopen(argv[3], "w"); + if (!out) + { + fprintf(stderr, "Error opening output file\n"); + exit(1); + } + } + else if (argc == 2) + { + in = stdin; + out = stdout; + } + else + { + fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]); + exit(1); + } + fips_algtest_init_nofips(); + if(!FIPS_mode_set(1)) { + fprintf(stderr, "Can't set FIPS mode\n"); + exit(1); + } + if(!strcmp(argv[1],"-encrypt")) + encrypt = 1; + else if(!strcmp(argv[1],"-encryptIVext")) + encrypt = 2; + else if(!strcmp(argv[1],"-decrypt")) + encrypt = 0; + else if(!strcmp(argv[1],"-ccm")) + ccm = 1; + else if(!strcmp(argv[1],"-xts")) + xts = 1; + else + { + fprintf(stderr,"Don't know how to %s.\n",argv[1]); + exit(1); + } + + if (ccm) + ccmtest(in, out); + else if (xts) + xtstest(in, out); + else + gcmtest(in, out, encrypt); + + if (argc == 4) + { + fclose(in); + fclose(out); + } + + return 0; +} + +#endif Index: openssl-1.0.2j/crypto/fips/fips_hmactest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_hmactest.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,328 @@ +/* fips_hmactest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#define OPENSSL_FIPSAPI + +#include <stdio.h> +#include <ctype.h> +#include <string.h> +#include <openssl/bio.h> +#include <openssl/evp.h> +#include <openssl/hmac.h> +#include <openssl/err.h> +#include <openssl/bn.h> + +#ifndef OPENSSL_FIPS + +int main(int argc, char *argv[]) +{ + printf("No FIPS HMAC support\n"); + return(0); +} + +#else + +#include <openssl/fips.h> +#include "fips_utl.h" + +static int hmac_test(const EVP_MD *md, FILE *out, FILE *in); +static int print_hmac(const EVP_MD *md, FILE *out, + unsigned char *Key, int Klen, + unsigned char *Msg, int Msglen, int Tlen); + +#ifdef FIPS_ALGVS +int fips_hmactest_main(int argc, char **argv) +#else +int main(int argc, char **argv) +#endif + { + FILE *in = NULL, *out = NULL; + + int ret = 1; + fips_algtest_init_nofips(); + if(!FIPS_mode_set(1)) { + fprintf(stderr, "Can't set FIPS mode\n"); + exit(1); + } + + if (argc == 1) + in = stdin; + else + in = fopen(argv[1], "r"); + + if (argc < 2) + out = stdout; + else + out = fopen(argv[2], "w"); + + if (!in) + { + fprintf(stderr, "FATAL input initialization error\n"); + goto end; + } + + if (!out) + { + fprintf(stderr, "FATAL output initialization error\n"); + goto end; + } + + if (!hmac_test(EVP_sha1(), out, in)) + { + fprintf(stderr, "FATAL hmac file processing error\n"); + goto end; + } + else + ret = 0; + + end: + + if (in && (in != stdin)) + fclose(in); + if (out && (out != stdout)) + fclose(out); + + return ret; + + } + +#define HMAC_TEST_MAXLINELEN 1024 + +int hmac_test(const EVP_MD *md, FILE *out, FILE *in) + { + char *linebuf, *olinebuf, *p, *q; + char *keyword, *value; + unsigned char *Key = NULL, *Msg = NULL; + int Count, Klen, Tlen; + long Keylen, Msglen; + int ret = 0; + int lnum = 0; + + olinebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN); + linebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN); + + if (!linebuf || !olinebuf) + goto error; + + Count = -1; + Klen = -1; + Tlen = -1; + + while (fgets(olinebuf, HMAC_TEST_MAXLINELEN, in)) + { + lnum++; + strcpy(linebuf, olinebuf); + keyword = linebuf; + /* Skip leading space */ + while (isspace((unsigned char)*keyword)) + keyword++; + + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no = or starts with [ (for [L=20] line) just copy */ + if (!p) + { + if (fputs(olinebuf, out) < 0) + goto error; + continue; + } + + q = p - 1; + + /* Remove trailing space */ + while (isspace((unsigned char)*q)) + *q-- = 0; + + *p = 0; + value = p + 1; + + /* Remove leading space from value */ + while (isspace((unsigned char)*value)) + value++; + + /* Remove trailing space from value */ + p = value + strlen(value) - 1; + + while (*p == '\n' || isspace((unsigned char)*p)) + *p-- = 0; + + if (!strcmp(keyword,"[L") && *p==']') + { + switch (atoi(value)) + { + case 20: md=EVP_sha1(); break; + case 28: md=EVP_sha224(); break; + case 32: md=EVP_sha256(); break; + case 48: md=EVP_sha384(); break; + case 64: md=EVP_sha512(); break; + default: goto parse_error; + } + } + else if (!strcmp(keyword, "Count")) + { + if (Count != -1) + goto parse_error; + Count = atoi(value); + if (Count < 0) + goto parse_error; + } + else if (!strcmp(keyword, "Klen")) + { + if (Klen != -1) + goto parse_error; + Klen = atoi(value); + if (Klen < 0) + goto parse_error; + } + else if (!strcmp(keyword, "Tlen")) + { + if (Tlen != -1) + goto parse_error; + Tlen = atoi(value); + if (Tlen < 0) + goto parse_error; + } + else if (!strcmp(keyword, "Msg")) + { + if (Msg) + goto parse_error; + Msg = hex2bin_m(value, &Msglen); + if (!Msg) + goto parse_error; + } + else if (!strcmp(keyword, "Key")) + { + if (Key) + goto parse_error; + Key = hex2bin_m(value, &Keylen); + if (!Key) + goto parse_error; + } + else if (!strcmp(keyword, "Mac")) + continue; + else + goto parse_error; + + fputs(olinebuf, out); + + if (Key && Msg && (Tlen > 0) && (Klen > 0)) + { + if (!print_hmac(md, out, Key, Klen, Msg, Msglen, Tlen)) + goto error; + OPENSSL_free(Key); + Key = NULL; + OPENSSL_free(Msg); + Msg = NULL; + Klen = -1; + Tlen = -1; + Count = -1; + } + + } + + + ret = 1; + + + error: + + if (olinebuf) + OPENSSL_free(olinebuf); + if (linebuf) + OPENSSL_free(linebuf); + if (Key) + OPENSSL_free(Key); + if (Msg) + OPENSSL_free(Msg); + + return ret; + + parse_error: + + fprintf(stderr, "FATAL parse error processing line %d\n", lnum); + + goto error; + + } + +static int print_hmac(const EVP_MD *emd, FILE *out, + unsigned char *Key, int Klen, + unsigned char *Msg, int Msglen, int Tlen) + { + int i, mdlen; + unsigned char md[EVP_MAX_MD_SIZE]; + if (!HMAC(emd, Key, Klen, Msg, Msglen, md, + (unsigned int *)&mdlen)) + { + fputs("Error calculating HMAC\n", stderr); + return 0; + } + if (Tlen > mdlen) + { + fputs("Parameter error, Tlen > HMAC length\n", stderr); + return 0; + } + fputs("Mac = ", out); + for (i = 0; i < Tlen; i++) + fprintf(out, "%02x", md[i]); + fputs(RESP_EOL, out); + return 1; + } + +#endif Index: openssl-1.0.2j/crypto/fips/fips_rngvs.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_rngvs.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,230 @@ +/* + * Crude test driver for processing the VST and MCT testvector files + * generated by the CMVP RNGVS product. + * + * Note the input files are assumed to have a _very_ specific format + * as described in the NIST document "The Random Number Generator + * Validation System (RNGVS)", May 25, 2004. + * + */ +#include <openssl/opensslconf.h> + +#ifndef OPENSSL_FIPS +#include <stdio.h> + +int main(int argc, char **argv) +{ + printf("No FIPS RNG support\n"); + return 0; +} +#else + +#include <openssl/bn.h> +#include <openssl/dsa.h> +#include <openssl/fips.h> +#include <openssl/err.h> +#include <openssl/rand.h> +#include <openssl/fips_rand.h> +#include <openssl/x509v3.h> +#include <string.h> +#include <ctype.h> + +#include "fips_utl.h" + +void vst() + { + unsigned char *key = NULL; + unsigned char *v = NULL; + unsigned char *dt = NULL; + unsigned char ret[16]; + char buf[1024]; + char lbuf[1024]; + char *keyword, *value; + long i, keylen; + + keylen = 0; + + while(fgets(buf,sizeof buf,stdin) != NULL) + { + fputs(buf,stdout); + if(!strncmp(buf,"[AES 128-Key]", 13)) + keylen = 16; + else if(!strncmp(buf,"[AES 192-Key]", 13)) + keylen = 24; + else if(!strncmp(buf,"[AES 256-Key]", 13)) + keylen = 32; + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + if(!strcmp(keyword,"Key")) + { + key=hex2bin_m(value,&i); + if (i != keylen) + { + fprintf(stderr, "Invalid key length, expecting %ld\n", keylen); + return; + } + } + else if(!strcmp(keyword,"DT")) + { + dt=hex2bin_m(value,&i); + if (i != 16) + { + fprintf(stderr, "Invalid DT length\n"); + return; + } + } + else if(!strcmp(keyword,"V")) + { + v=hex2bin_m(value,&i); + if (i != 16) + { + fprintf(stderr, "Invalid V length\n"); + return; + } + + if (!key || !dt) + { + fprintf(stderr, "Missing key or DT\n"); + return; + } + + FIPS_x931_set_key(key, keylen); + FIPS_x931_seed(v,16); + FIPS_x931_set_dt(dt); + if (FIPS_x931_bytes(ret,16) <= 0) + { + fprintf(stderr, "Error getting PRNG value\n"); + return; + } + + OutputValue("R", ret, 16, stdout, 0); + OPENSSL_free(key); + key = NULL; + OPENSSL_free(dt); + dt = NULL; + OPENSSL_free(v); + v = NULL; + } + } + } + +void mct() + { + unsigned char *key = NULL; + unsigned char *v = NULL; + unsigned char *dt = NULL; + unsigned char ret[16]; + char buf[1024]; + char lbuf[1024]; + char *keyword, *value; + long i, keylen; + int j; + + keylen = 0; + + while(fgets(buf,sizeof buf,stdin) != NULL) + { + fputs(buf,stdout); + if(!strncmp(buf,"[AES 128-Key]", 13)) + keylen = 16; + else if(!strncmp(buf,"[AES 192-Key]", 13)) + keylen = 24; + else if(!strncmp(buf,"[AES 256-Key]", 13)) + keylen = 32; + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + if(!strcmp(keyword,"Key")) + { + key=hex2bin_m(value,&i); + if (i != keylen) + { + fprintf(stderr, "Invalid key length, expecting %ld\n", keylen); + return; + } + } + else if(!strcmp(keyword,"DT")) + { + dt=hex2bin_m(value,&i); + if (i != 16) + { + fprintf(stderr, "Invalid DT length\n"); + return; + } + } + else if(!strcmp(keyword,"V")) + { + v=hex2bin_m(value,&i); + if (i != 16) + { + fprintf(stderr, "Invalid V length\n"); + return; + } + + if (!key || !dt) + { + fprintf(stderr, "Missing key or DT\n"); + return; + } + + FIPS_x931_set_key(key, keylen); + FIPS_x931_seed(v,16); + for (i = 0; i < 10000; i++) + { + FIPS_x931_set_dt(dt); + if (FIPS_x931_bytes(ret,16) <= 0) + { + fprintf(stderr, "Error getting PRNG value\n"); + return; + } + /* Increment DT */ + for (j = 15; j >= 0; j--) + { + dt[j]++; + if (dt[j]) + break; + } + } + + OutputValue("R", ret, 16, stdout, 0); + OPENSSL_free(key); + key = NULL; + OPENSSL_free(dt); + dt = NULL; + OPENSSL_free(v); + v = NULL; + } + } + } + +int main(int argc,char **argv) + { + if(argc != 2) + { + fprintf(stderr,"%s [mct|vst]\n",argv[0]); + exit(1); + } + if(!FIPS_mode_set(1)) + { + do_print_errors(); + exit(1); + } + FIPS_x931_reset(); + if (!FIPS_x931_test_mode()) + { + fprintf(stderr, "Error setting PRNG test mode\n"); + do_print_errors(); + exit(1); + } + if(!strcmp(argv[1],"mct")) + mct(); + else if(!strcmp(argv[1],"vst")) + vst(); + else + { + fprintf(stderr,"Don't know how to %s.\n",argv[1]); + exit(1); + } + + return 0; + } +#endif Index: openssl-1.0.2j/crypto/fips/fips_rsa_lib.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_rsa_lib.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,109 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2007. + */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#define OPENSSL_FIPSAPI + +#include <string.h> +#include <openssl/evp.h> +#include <openssl/rsa.h> +#include <openssl/bn.h> +#include <openssl/err.h> +#include <openssl/fips.h> + +/* Minimal FIPS versions of FIPS_rsa_new() and FIPS_rsa_free: to + * reduce external dependencies. + */ + +RSA *FIPS_rsa_new(void) + { + + return RSA_new_method(NULL); +#if 0 + RSA *ret; + ret = OPENSSL_malloc(sizeof(RSA)); + if (!ret) + return NULL; + memset(ret, 0, sizeof(RSA)); + ret->meth = RSA_PKCS1_SSLeay(); + if (ret->meth->init) + ret->meth->init(ret); + return ret; +#endif + } + +void FIPS_rsa_free(RSA *r) + { + if (!r) + return; + RSA_free(r); +#if 0 + if (r->meth->finish) + r->meth->finish(r); + if (r->n != NULL) BN_clear_free(r->n); + if (r->e != NULL) BN_clear_free(r->e); + if (r->d != NULL) BN_clear_free(r->d); + if (r->p != NULL) BN_clear_free(r->p); + if (r->q != NULL) BN_clear_free(r->q); + if (r->dmp1 != NULL) BN_clear_free(r->dmp1); + if (r->dmq1 != NULL) BN_clear_free(r->dmq1); + if (r->iqmp != NULL) BN_clear_free(r->iqmp); + if (r->blinding != NULL) BN_BLINDING_free(r->blinding); + if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding); + OPENSSL_free(r); +#endif + } + Index: openssl-1.0.2j/crypto/fips/fips_rsagtest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_rsagtest.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,683 @@ +/* fips_rsagtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005,2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <ctype.h> +#include <string.h> +#include <openssl/bio.h> +#include <openssl/evp.h> +#include <openssl/hmac.h> +#include <openssl/err.h> +#include <openssl/rsa.h> +#include <openssl/bn.h> +#include <openssl/x509v3.h> + +RSA *FIPS_rsa_new(void); +void FIPS_rsa_free(RSA *r); + +#ifndef OPENSSL_FIPS + +int main(int argc, char *argv[]) +{ + printf("No FIPS RSA support\n"); + return(0); +} + +#else + +#include "fips_utl.h" + +int rsa_KeyGen(FILE *out, FILE *in); +int rsa_PrimeKAT(FILE *out, FILE *in); +int rsa_PrimeGen(FILE *out, FILE *in); +static int rsa_printkey1(FILE *out, RSA *rsa, + BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp, + BIGNUM *e); +static int rsa_printkey2(FILE *out, RSA *rsa, + BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq); + +int main(int argc, char **argv) + { + FILE *in = NULL, *out = NULL; + const char *cmd = argv[1]; + + int ret = 1; + + if(!FIPS_mode_set(1)) + { + do_print_errors(); + goto end; + } + + if (!cmd) + { + fprintf(stderr, "fips_rsagtest [KeyGen|PrimeKAT|PrimeGen]\n"); + goto end; + } + + if (argc == 2) + in = stdin; + else + in = fopen(argv[2], "r"); + + if (argc <= 3) + out = stdout; + else + out = fopen(argv[3], "w"); + + if (!in) + { + fprintf(stderr, "FATAL input initialization error\n"); + goto end; + } + + if (!out) + { + fprintf(stderr, "FATAL output initialization error\n"); + goto end; + } + + if (!strcmp(cmd, "KeyGen")) + ret = rsa_KeyGen(out, in); + else if (!strcmp(cmd, "PrimeKAT")) + ret = rsa_PrimeKAT(out, in); + else if (!strcmp(cmd, "PrimeGen")) + ret = rsa_PrimeGen(out, in); + else + { + fprintf(stderr, "Unknown command %s\n", cmd); + goto end; + } + + if (!ret) + { + fprintf(stderr, "FATAL RSAGTEST file processing error in %s\n", cmd); + goto end; + } + + end: + + if (ret) + do_print_errors(); + + if (in && (in != stdin)) + fclose(in); + if (out && (out != stdout)) + fclose(out); + + return ret; + + } + +#define RSA_TEST_MAXLINELEN 10240 + +int rsa_KeyGen(FILE *out, FILE *in) + { + char *linebuf, *olinebuf, *p, *q; + char *keyword, *value; + RSA *rsa = NULL; + BIGNUM *Xp1 = NULL, *Xp2 = NULL, *Xp = NULL; + BIGNUM *Xq1 = NULL, *Xq2 = NULL, *Xq = NULL; + BIGNUM *e = NULL; + int ret = 0; + int lnum = 0; + + olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); + linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); + + if (!linebuf || !olinebuf) + goto error; + + while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in)) + { + /* Test tool emits a 0xff at the end of the file */ + if (((unsigned char*)olinebuf)[0] == 0xff) + break; + lnum++; + strcpy(linebuf, olinebuf); + keyword = linebuf; + /* Skip leading space */ + while (isspace((unsigned char)*keyword)) + keyword++; + + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no = or starts with [ (for [foo = bar] line) just copy */ + if (!p || *keyword=='[') + { + if (fputs(olinebuf, out) < 0) + goto error; + continue; + } + + q = p - 1; + + /* Remove trailing space */ + while (isspace((unsigned char)*q)) + *q-- = 0; + + *p = 0; + value = p + 1; + + /* Remove leading space from value */ + while (isspace((unsigned char)*value)) + value++; + + /* Remove trailing space from value */ + p = value + strlen(value) - 1; + + while (*p == '\n' || isspace((unsigned char)*p)) + *p-- = 0; + + if (!strcmp(keyword, "xp1")) + { + if (Xp1 || !do_hex2bn(&Xp1,value)) + goto parse_error; + } + else if (!strcmp(keyword, "xp2")) + { + if (Xp2 || !do_hex2bn(&Xp2,value)) + goto parse_error; + } + else if (!strcmp(keyword, "Xp")) + { + if (Xp || !do_hex2bn(&Xp,value)) + goto parse_error; + } + else if (!strcmp(keyword, "xq1")) + { + if (Xq1 || !do_hex2bn(&Xq1,value)) + goto parse_error; + } + else if (!strcmp(keyword, "xq2")) + { + if (Xq2 || !do_hex2bn(&Xq2,value)) + goto parse_error; + } + else if (!strcmp(keyword, "Xq")) + { + if (Xq || !do_hex2bn(&Xq,value)) + goto parse_error; + } + else if (!strcmp(keyword, "e")) + { + if (e || !do_hex2bn(&e,value)) + goto parse_error; + } + else if (!strcmp(keyword, "p1")) + continue; + else if (!strcmp(keyword, "p2")) + continue; + else if (!strcmp(keyword, "p")) + continue; + else if (!strcmp(keyword, "q1")) + continue; + else if (!strcmp(keyword, "q2")) + continue; + else if (!strcmp(keyword, "q")) + continue; + else if (!strcmp(keyword, "n")) + continue; + else if (!strcmp(keyword, "d")) + continue; + else + goto parse_error; + + fputs(olinebuf, out); + + if (e && Xp1 && Xp2 && Xp) + { + rsa = FIPS_rsa_new(); + if (!rsa) + goto error; + if (!rsa_printkey1(out, rsa, Xp1, Xp2, Xp, e)) + goto error; + BN_free(Xp1); + Xp1 = NULL; + BN_free(Xp2); + Xp2 = NULL; + BN_free(Xp); + Xp = NULL; + BN_free(e); + e = NULL; + } + + if (rsa && Xq1 && Xq2 && Xq) + { + if (!rsa_printkey2(out, rsa, Xq1, Xq2, Xq)) + goto error; + BN_free(Xq1); + Xq1 = NULL; + BN_free(Xq2); + Xq2 = NULL; + BN_free(Xq); + Xq = NULL; + FIPS_rsa_free(rsa); + rsa = NULL; + } + } + + ret = 1; + + error: + + if (olinebuf) + OPENSSL_free(olinebuf); + if (linebuf) + OPENSSL_free(linebuf); + + if (Xp1) + BN_free(Xp1); + if (Xp2) + BN_free(Xp2); + if (Xp) + BN_free(Xp); + if (Xq1) + BN_free(Xq1); + if (Xq1) + BN_free(Xq1); + if (Xq2) + BN_free(Xq2); + if (Xq) + BN_free(Xq); + if (e) + BN_free(e); + if (rsa) + FIPS_rsa_free(rsa); + + return ret; + + parse_error: + + fprintf(stderr, "FATAL parse error processing line %d\n", lnum); + + goto error; + + } + + +int do_prime_test(int mod, BIGNUM *e, BIGNUM *prandom, BIGNUM *qrandom) +{ + RSA *rsa = NULL; + int result; + + rsa = FIPS_rsa_new(); + if (!rsa) + return -1; + + if (!qrandom) + { + qrandom = BN_new(); + BN_one(qrandom); + } + + /* prandom and qrandom should be freed in FIPS_rsa_free */ + rsa->p = prandom; + rsa->q = qrandom; + + result = 1; + if (!RSA_generate_key_ex(rsa, mod, e, NULL)) + result = 0; + FIPS_rsa_free(rsa); + + if (!result) + do_print_errors(); + + return result; +} + + +int rsa_PrimeKAT(FILE *out, FILE *in) + { + char *linebuf, *olinebuf, *p, *q; + char *keyword, *value; + RSA *rsa = NULL; + BIGNUM *prandom = NULL, *qrandom = NULL; + BIGNUM *e = NULL; + int mod = 0; + int result = 0; + int ret = 0; + int lnum = 0; + + olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); + linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); + + if (!linebuf || !olinebuf) + goto error; + + while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in)) + { + /* Test tool emits a 0xff at the end of the file */ + if (((unsigned char*)olinebuf)[0] == 0xff) + break; + lnum++; + strcpy(linebuf, olinebuf); + keyword = linebuf; + /* Skip leading space */ + while (isspace((unsigned char)*keyword)) + keyword++; + + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no =, just copy */ + if (!p) + { + fputs(olinebuf, out); + continue; + } + + if (*keyword == '[') + keyword++; + + q = p - 1; + + /* Remove trailing space */ + while (isspace((unsigned char)*q)) + *q-- = 0; + + *p = 0; + value = p + 1; + + /* Remove leading space from value */ + while (isspace((unsigned char)*value)) + value++; + + /* Remove trailing space from value */ + p = value + strlen(value) - 1; + + while (*p == '\n' || isspace((unsigned char)*p)) + *p-- = 0; + /* For [things], remove trailing ] and whitespace */ + if (*linebuf == '[') + { + while (isspace((unsigned char)*p) || *p == ']') + *p-- = 0; + } + + /* collected e, prandom and next thing is not qrandom -> trigger test */ + if (e && prandom && (qrandom || strcmp(keyword, "qrandom"))) + { + result = do_prime_test(mod, e, prandom, qrandom); + BN_free(e); + prandom = NULL; + qrandom = NULL; + e = NULL; + if (result == -1) + goto error; + fprintf(out, "Result = %c\n\n", result ? 'P' : 'F'); + } + + if (!strcmp(keyword, "mod")) + { + mod = atoi(value); + if (!mod) + goto parse_error; + } + else if (!strcmp(keyword, "prandom")) + { + if (prandom || !do_hex2bn(&prandom,value)) + goto parse_error; + } + else if (!strcmp(keyword, "qrandom")) + { + if (qrandom || !do_hex2bn(&qrandom,value)) + goto parse_error; + } + else if (!strcmp(keyword, "e")) + { + if (!do_hex2bn(&e,value)) + goto parse_error; + } + else if (*linebuf == '[') + { + /* just copy */ + } + else + goto parse_error; + + fputs(olinebuf, out); + + } + + /* trigger last test -- the test should be abstracted out into a function */ + if (e && prandom) + { + result = do_prime_test(mod, e, prandom, qrandom); + BN_free(e); + prandom = NULL; + qrandom = NULL; + e = NULL; + if (result == -1) + goto error; + fprintf(out, "Result = %c\n\n", result ? 'P' : 'F'); + } + + ret = 1; + + error: + + if (olinebuf) + OPENSSL_free(olinebuf); + if (linebuf) + OPENSSL_free(linebuf); + + if (prandom) + BN_free(prandom); + if (qrandom) + BN_free(qrandom); + if (e) + BN_free(e); + if (rsa) + FIPS_rsa_free(rsa); + + return ret; + + parse_error: + + fprintf(stderr, "FATAL parse error processing line %d\n", lnum); + + goto error; + + } + +int rsa_PrimeGen(FILE *out, FILE *in) + { + char *linebuf; + RSA *rsa = NULL; + BIGNUM *e = NULL; + int mod = 0; + int N = 0; + int ret = 0; + int lnum = 0; + + linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); + e = BN_new(); + + if (!linebuf || !e) + goto error; + + BN_set_word(e, 65537); + + while (fgets(linebuf, RSA_TEST_MAXLINELEN, in)) + { + /* Test tool emits a 0xff at the end of the file */ + if (((unsigned char*)linebuf)[0] == 0xff) + break; + lnum++; + fputs(linebuf, out); + if (!strncmp(linebuf, "[mod = ", 7)) + { + mod = atoi(linebuf + 7); + if (!mod) + goto parse_error; + } + + if (!strncmp(linebuf, "N = ", 4)) + { + N = atoi(linebuf + 4); + for (int i = 0; i < N; i++) + { + rsa = FIPS_rsa_new(); + if (!RSA_generate_key_ex(rsa, mod, e, NULL)) { + fflush(out); + do_print_errors(); + goto error; + } + + do_bn_print_name(out, "e", rsa->e); + do_bn_print_name(out, "p", rsa->p); + do_bn_print_name(out, "q", rsa->q); + do_bn_print_name(out, "n", rsa->n); + do_bn_print_name(out, "d", rsa->d); + FIPS_rsa_free(rsa); + rsa = NULL; + } + } + } + + ret = 1; + + error: + + if (linebuf) + OPENSSL_free(linebuf); + if (rsa) + FIPS_rsa_free(rsa); + + return ret; + + parse_error: + + fprintf(stderr, "FATAL parse error processing line %d\n", lnum); + + goto error; + + return 0; + } + + +static int rsa_printkey1(FILE *out, RSA *rsa, + BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp, + BIGNUM *e) + { + int ret = 0; + BIGNUM *p1 = NULL, *p2 = NULL; + p1 = BN_new(); + p2 = BN_new(); + if (!p1 || !p2) + goto error; + + if (!RSA_X931_derive_ex(rsa, p1, p2, NULL, NULL, Xp1, Xp2, Xp, + NULL, NULL, NULL, e, NULL)) { + fflush(out); + do_print_errors(); + goto error; + } + + do_bn_print_name(out, "p1", p1); + do_bn_print_name(out, "p2", p2); + do_bn_print_name(out, "p", rsa->p); + + ret = 1; + + error: + if (p1) + BN_free(p1); + if (p2) + BN_free(p2); + + return ret; + } + +static int rsa_printkey2(FILE *out, RSA *rsa, + BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq) + { + int ret = 0; + BIGNUM *q1 = NULL, *q2 = NULL; + q1 = BN_new(); + q2 = BN_new(); + if (!q1 || !q2) + goto error; + + if (!RSA_X931_derive_ex(rsa, NULL, NULL, q1, q2, NULL, NULL, NULL, + Xq1, Xq2, Xq, NULL, NULL)) { + fflush(out); + do_print_errors(); + goto error; + } + + do_bn_print_name(out, "q1", q1); + do_bn_print_name(out, "q2", q2); + do_bn_print_name(out, "q", rsa->q); + do_bn_print_name(out, "n", rsa->n); + do_bn_print_name(out, "d", rsa->d); + + ret = 1; + + error: + if (q1) + BN_free(q1); + if (q2) + BN_free(q2); + + return ret; + } + +#endif Index: openssl-1.0.2j/crypto/fips/fips_rsastest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_rsastest.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,386 @@ +/* fips_rsastest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <ctype.h> +#include <string.h> +#include <openssl/bio.h> +#include <openssl/evp.h> +#include <openssl/hmac.h> +#include <openssl/err.h> +#include <openssl/rsa.h> +#include <openssl/bn.h> +#include <openssl/x509v3.h> + +RSA *FIPS_rsa_new(void); +void FIPS_rsa_free(RSA *r); + +#ifndef OPENSSL_FIPS + +int main(int argc, char *argv[]) +{ + printf("No FIPS RSA support\n"); + return(0); +} + +#else + +#include "fips_utl.h" + +static int rsa_stest(FILE *out, FILE *in, int Saltlen); +static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst, + unsigned char *Msg, long Msglen, int Saltlen); + +int main(int argc, char **argv) + { + FILE *in = NULL, *out = NULL; + + int ret = 1, Saltlen = -1; + + if(!FIPS_mode_set(1)) + { + do_print_errors(); + goto end; + } + + if ((argc > 2) && !strcmp("-saltlen", argv[1])) + { + Saltlen = atoi(argv[2]); + if (Saltlen < 0) + { + fprintf(stderr, "FATAL: Invalid salt length\n"); + goto end; + } + argc -= 2; + argv += 2; + } + else if ((argc > 1) && !strcmp("-x931", argv[1])) + { + Saltlen = -2; + argc--; + argv++; + } + + if (argc == 1) + in = stdin; + else + in = fopen(argv[1], "r"); + + if (argc < 2) + out = stdout; + else + out = fopen(argv[2], "w"); + + if (!in) + { + fprintf(stderr, "FATAL input initialization error\n"); + goto end; + } + + if (!out) + { + fprintf(stderr, "FATAL output initialization error\n"); + goto end; + } + + if (!rsa_stest(out, in, Saltlen)) + { + fprintf(stderr, "FATAL RSASTEST file processing error\n"); + goto end; + } + else + ret = 0; + + end: + + if (ret) + do_print_errors(); + + if (in && (in != stdin)) + fclose(in); + if (out && (out != stdout)) + fclose(out); + + return ret; + + } + +#define RSA_TEST_MAXLINELEN 10240 + +int rsa_stest(FILE *out, FILE *in, int Saltlen) + { + char *linebuf, *olinebuf, *p, *q; + char *keyword, *value; + RSA *rsa = NULL; + const EVP_MD *dgst = NULL; + unsigned char *Msg = NULL; + long Msglen = -1; + int keylen = -1, current_keylen = -1; + int ret = 0; + int lnum = 0; + + olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); + linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); + + if (!linebuf || !olinebuf) + goto error; + + while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in)) + { + lnum++; + strcpy(linebuf, olinebuf); + keyword = linebuf; + /* Skip leading space */ + while (isspace((unsigned char)*keyword)) + keyword++; + + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no = just copy */ + if (!p) + { + if (fputs(olinebuf, out) < 0) + goto error; + continue; + } + + q = p - 1; + + /* Remove trailing space */ + while (isspace((unsigned char)*q)) + *q-- = 0; + + *p = 0; + value = p + 1; + + /* Remove leading space from value */ + while (isspace((unsigned char)*value)) + value++; + + /* Remove trailing space from value */ + p = value + strlen(value) - 1; + + while (*p == '\n' || isspace((unsigned char)*p)) + *p-- = 0; + + /* Look for [mod = XXX] for key length */ + + if (!strcmp(keyword, "[mod")) + { + p = value + strlen(value) - 1; + if (*p != ']') + goto parse_error; + *p = 0; + keylen = atoi(value); + if (keylen < 0) + goto parse_error; + } + else if (!strcmp(keyword, "SHAAlg")) + { + if (!strcmp(value, "SHA1")) + dgst = EVP_sha1(); + else if (!strcmp(value, "SHA224")) + dgst = EVP_sha224(); + else if (!strcmp(value, "SHA256")) + dgst = EVP_sha256(); + else if (!strcmp(value, "SHA384")) + dgst = EVP_sha384(); + else if (!strcmp(value, "SHA512")) + dgst = EVP_sha512(); + else + { + fprintf(stderr, + "FATAL: unsupported algorithm \"%s\"\n", + value); + goto parse_error; + } + } + else if (!strcmp(keyword, "Msg")) + { + if (Msg) + goto parse_error; + if (strlen(value) & 1) + *(--value) = '0'; + Msg = hex2bin_m(value, &Msglen); + if (!Msg) + goto parse_error; + } + + fputs(olinebuf, out); + + /* If key length has changed, generate and output public + * key components of new RSA private key. + */ + + if (keylen != current_keylen) + { + BIGNUM *bn_e; + if (rsa) + FIPS_rsa_free(rsa); + rsa = FIPS_rsa_new(); + if (!rsa) + goto error; + bn_e = BN_new(); + if (!bn_e || !BN_set_word(bn_e, 0x1001)) + goto error; + if (!RSA_X931_generate_key_ex(rsa, keylen, bn_e, NULL)) { + fprintf(stderr,"X931 key generation failed!\n"); + goto error; + } + BN_free(bn_e); + fputs("n = ", out); + do_bn_print(out, rsa->n); + fputs("\ne = ", out); + do_bn_print(out, rsa->e); + fputs("\n", out); + current_keylen = keylen; + } + + if (Msg && dgst) + { + if (!rsa_printsig(out, rsa, dgst, Msg, Msglen, + Saltlen)) { + fprintf (stderr, "printsig failed\n"); + goto error; + } + OPENSSL_free(Msg); + Msg = NULL; + } + + } + + ret = 1; + + error: + do_print_errors(); + + if (olinebuf) + OPENSSL_free(olinebuf); + if (linebuf) + OPENSSL_free(linebuf); + if (rsa) + FIPS_rsa_free(rsa); + + return ret; + + parse_error: + + fprintf(stderr, "FATAL parse error processing line %d\n", lnum); + + goto error; + + } + +static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst, + unsigned char *Msg, long Msglen, int Saltlen) + { + int ret = 0; + unsigned char *sigbuf = NULL; + int i, siglen; + /* EVP_PKEY structure */ + EVP_PKEY *pk; + EVP_MD_CTX ctx; + + if ((pk=EVP_PKEY_new()) == NULL) + goto error; + EVP_PKEY_set1_RSA(pk, rsa); + + siglen = RSA_size(rsa); + sigbuf = OPENSSL_malloc(siglen); + if (!sigbuf) { + fprintf(stderr,"OPENSSL_malloc %d failed.\n", siglen); + goto error; + } + + EVP_MD_CTX_init(&ctx); + + if (Saltlen >= 0) + { + M_EVP_MD_CTX_set_flags(&ctx, + EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16)); + } + else if (Saltlen == -2) + M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931); + if (!EVP_SignInit_ex(&ctx, dgst, NULL)) { + fprintf(stderr,"EVP_SignInit_ex failed.\n"); + goto error; + } + if (!EVP_SignUpdate(&ctx, Msg, Msglen)) { + fprintf(stderr,"EVP_SignUpdate failed.\n"); + goto error; + } + if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, pk)) { + fprintf(stderr,"EVP_SignFinal failed.\n"); + goto error; + } + + EVP_MD_CTX_cleanup(&ctx); + + fputs("S = ", out); + for (i = 0; i < siglen; i++) + fprintf(out, "%02x", sigbuf[i]); + fputs("\n", out); + + ret = 1; + + error: + + return ret; + } +#endif Index: openssl-1.0.2j/crypto/fips/fips_rsavtest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_rsavtest.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,382 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <ctype.h> +#include <string.h> +#include <openssl/bio.h> +#include <openssl/evp.h> +#include <openssl/hmac.h> +#include <openssl/err.h> +#include <openssl/x509v3.h> +#include <openssl/bn.h> +#include <openssl/rsa.h> + +RSA *FIPS_rsa_new(void); +void FIPS_rsa_free(RSA *r); + +#ifndef OPENSSL_FIPS + +int main(int argc, char *argv[]) +{ + printf("No FIPS RSA support\n"); + return(0); +} + +#else + +#include "fips_utl.h" + +int rsa_test(FILE *out, FILE *in, int saltlen); +static int rsa_printver(FILE *out, + BIGNUM *n, BIGNUM *e, + const EVP_MD *dgst, + unsigned char *Msg, long Msglen, + unsigned char *S, long Slen, int Saltlen); + +int main(int argc, char **argv) + { + FILE *in = NULL, *out = NULL; + + int ret = 1; + int Saltlen = -1; + + if(!FIPS_mode_set(1)) + { + do_print_errors(); + goto end; + } + + if ((argc > 2) && !strcmp("-saltlen", argv[1])) + { + Saltlen = atoi(argv[2]); + if (Saltlen < 0) + { + fprintf(stderr, "FATAL: Invalid salt length\n"); + goto end; + } + argc -= 2; + argv += 2; + } + else if ((argc > 1) && !strcmp("-x931", argv[1])) + { + Saltlen = -2; + argc--; + argv++; + } + + if (argc == 1) + in = stdin; + else + in = fopen(argv[1], "r"); + + if (argc < 2) + out = stdout; + else + out = fopen(argv[2], "w"); + + if (!in) + { + fprintf(stderr, "FATAL input initialization error\n"); + goto end; + } + + if (!out) + { + fprintf(stderr, "FATAL output initialization error\n"); + goto end; + } + + if (!rsa_test(out, in, Saltlen)) + { + fprintf(stderr, "FATAL RSAVTEST file processing error\n"); + goto end; + } + else + ret = 0; + + end: + + if (ret) + do_print_errors(); + + if (in && (in != stdin)) + fclose(in); + if (out && (out != stdout)) + fclose(out); + + return ret; + + } + +#define RSA_TEST_MAXLINELEN 10240 + +int rsa_test(FILE *out, FILE *in, int Saltlen) + { + char *linebuf, *olinebuf, *p, *q; + char *keyword, *value; + const EVP_MD *dgst = NULL; + BIGNUM *n = NULL, *e = NULL; + unsigned char *Msg = NULL, *S = NULL; + long Msglen, Slen; + int ret = 0; + int lnum = 0; + + olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); + linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); + + if (!linebuf || !olinebuf) + goto error; + + while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in)) + { + lnum++; + strcpy(linebuf, olinebuf); + keyword = linebuf; + /* Skip leading space */ + while (isspace((unsigned char)*keyword)) + keyword++; + + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no = or starts with [ (for [foo = bar] line) just copy */ + if (!p || *keyword=='[') + { + if (fputs(olinebuf, out) < 0) + goto error; + continue; + } + + q = p - 1; + + /* Remove trailing space */ + while (isspace((unsigned char)*q)) + *q-- = 0; + + *p = 0; + value = p + 1; + + /* Remove leading space from value */ + while (isspace((unsigned char)*value)) + value++; + + /* Remove trailing space from value */ + p = value + strlen(value) - 1; + + while (*p == '\n' || isspace((unsigned char)*p)) + *p-- = 0; + + if (!strcmp(keyword, "n")) + { + if (!do_hex2bn(&n,value)) + goto parse_error; + } + else if (!strcmp(keyword, "e")) + { + if (!do_hex2bn(&e,value)) + goto parse_error; + } + else if (!strcmp(keyword, "SHAAlg")) + { + if (!strcmp(value, "SHA1")) + dgst = EVP_sha1(); + else if (!strcmp(value, "SHA224")) + dgst = EVP_sha224(); + else if (!strcmp(value, "SHA256")) + dgst = EVP_sha256(); + else if (!strcmp(value, "SHA384")) + dgst = EVP_sha384(); + else if (!strcmp(value, "SHA512")) + dgst = EVP_sha512(); + else + { + fprintf(stderr, + "FATAL: unsupported algorithm \"%s\"\n", + value); + goto parse_error; + } + } + else if (!strcmp(keyword, "Msg")) + { + if (Msg) + goto parse_error; + if (strlen(value) & 1) + *(--value) = '0'; + Msg = hex2bin_m(value, &Msglen); + if (!Msg) + goto parse_error; + } + else if (!strcmp(keyword, "S")) + { + if (S) + goto parse_error; + if (strlen(value) & 1) + *(--value) = '0'; + S = hex2bin_m(value, &Slen); + if (!S) + goto parse_error; + } + else if (!strcmp(keyword, "Result")) + continue; + else + goto parse_error; + + fputs(olinebuf, out); + + if (n && e && Msg && S && dgst) + { + if (!rsa_printver(out, n, e, dgst, + Msg, Msglen, S, Slen, Saltlen)) + goto error; + OPENSSL_free(Msg); + Msg = NULL; + OPENSSL_free(S); + S = NULL; + } + + } + + + ret = 1; + + + error: + + if (olinebuf) + OPENSSL_free(olinebuf); + if (linebuf) + OPENSSL_free(linebuf); + if (n) + BN_free(n); + if (e) + BN_free(e); + + return ret; + + parse_error: + + fprintf(stderr, "FATAL parse error processing line %d\n", lnum); + + goto error; + + } + +static int rsa_printver(FILE *out, + BIGNUM *n, BIGNUM *e, + const EVP_MD *dgst, + unsigned char *Msg, long Msglen, + unsigned char *S, long Slen, int Saltlen) + { + int ret = 0, r; + /* Setup RSA and EVP_PKEY structures */ + RSA *rsa_pubkey = NULL; + EVP_PKEY *pk; + EVP_MD_CTX ctx; + unsigned char *buf = NULL; + rsa_pubkey = FIPS_rsa_new(); + if (!rsa_pubkey) + goto error; + rsa_pubkey->n = BN_dup(n); + rsa_pubkey->e = BN_dup(e); + if (!rsa_pubkey->n || !rsa_pubkey->e) + goto error; + + if ((pk=EVP_PKEY_new()) == NULL) + goto error; + EVP_PKEY_set1_RSA(pk, rsa_pubkey); + + EVP_MD_CTX_init(&ctx); + + if (Saltlen >= 0) + { + M_EVP_MD_CTX_set_flags(&ctx, + EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16)); + } + else if (Saltlen == -2) + M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931); + if (!EVP_VerifyInit_ex(&ctx, dgst, NULL)) + goto error; + if (!EVP_VerifyUpdate(&ctx, Msg, Msglen)) + goto error; + + r = EVP_VerifyFinal(&ctx, S, Slen, pk); + + + EVP_MD_CTX_cleanup(&ctx); + + if (r < 0) + goto error; + ERR_clear_error(); + + if (r == 0) + fputs("Result = F\n", out); + else + fputs("Result = P\n", out); + + ret = 1; + + error: + if (rsa_pubkey) + FIPS_rsa_free(rsa_pubkey); + if (buf) + OPENSSL_free(buf); + + return ret; + } +#endif Index: openssl-1.0.2j/crypto/fips/fips_shatest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_shatest.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <ctype.h> +#include <string.h> +#include <openssl/bio.h> +#include <openssl/evp.h> +#include <openssl/err.h> +#include <openssl/bn.h> +#include <openssl/x509v3.h> + +#ifndef OPENSSL_FIPS + +int main(int argc, char *argv[]) +{ + printf("No FIPS SHAXXX support\n"); + return(0); +} + +#else + +#include "fips_utl.h" + +static int dgst_test(FILE *out, FILE *in); +static int print_dgst(const EVP_MD *md, FILE *out, + unsigned char *Msg, int Msglen); +static int print_monte(const EVP_MD *md, FILE *out, + unsigned char *Seed, int SeedLen); + +int main(int argc, char **argv) + { + FILE *in = NULL, *out = NULL; + + int ret = 1; + + if(!FIPS_mode_set(1)) + { + do_print_errors(); + goto end; + } + + if (argc == 1) + in = stdin; + else + in = fopen(argv[1], "r"); + + if (argc < 2) + out = stdout; + else + out = fopen(argv[2], "w"); + + if (!in) + { + fprintf(stderr, "FATAL input initialization error\n"); + goto end; + } + + if (!out) + { + fprintf(stderr, "FATAL output initialization error\n"); + goto end; + } + + if (!dgst_test(out, in)) + { + fprintf(stderr, "FATAL digest file processing error\n"); + goto end; + } + else + ret = 0; + + end: + + if (ret) + do_print_errors(); + + if (in && (in != stdin)) + fclose(in); + if (out && (out != stdout)) + fclose(out); + + return ret; + + } + +#define SHA_TEST_MAX_BITS 102400 +#define SHA_TEST_MAXLINELEN (((SHA_TEST_MAX_BITS >> 3) * 2) + 100) + +int dgst_test(FILE *out, FILE *in) + { + const EVP_MD *md = NULL; + char *linebuf, *olinebuf, *p, *q; + char *keyword, *value; + unsigned char *Msg = NULL, *Seed = NULL; + long MsgLen = -1, Len = -1, SeedLen = -1; + int ret = 0; + int lnum = 0; + + olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN); + linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN); + + if (!linebuf || !olinebuf) + goto error; + + + while (fgets(olinebuf, SHA_TEST_MAXLINELEN, in)) + { + lnum++; + strcpy(linebuf, olinebuf); + keyword = linebuf; + /* Skip leading space */ + while (isspace((unsigned char)*keyword)) + keyword++; + + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no = or starts with [ (for [L=20] line) just copy */ + if (!p) + { + fputs(olinebuf, out); + continue; + } + + q = p - 1; + + /* Remove trailing space */ + while (isspace((unsigned char)*q)) + *q-- = 0; + + *p = 0; + value = p + 1; + + /* Remove leading space from value */ + while (isspace((unsigned char)*value)) + value++; + + /* Remove trailing space from value */ + p = value + strlen(value) - 1; + while (*p == '\n' || isspace((unsigned char)*p)) + *p-- = 0; + + if (!strcmp(keyword,"[L") && *p==']') + { + switch (atoi(value)) + { + case 20: md=EVP_sha1(); break; + case 28: md=EVP_sha224(); break; + case 32: md=EVP_sha256(); break; + case 48: md=EVP_sha384(); break; + case 64: md=EVP_sha512(); break; + default: goto parse_error; + } + } + else if (!strcmp(keyword, "Len")) + { + if (Len != -1) + goto parse_error; + Len = atoi(value); + if (Len < 0) + goto parse_error; + /* Only handle multiples of 8 bits */ + if (Len & 0x7) + goto parse_error; + if (Len > SHA_TEST_MAX_BITS) + goto parse_error; + MsgLen = Len >> 3; + } + + else if (!strcmp(keyword, "Msg")) + { + long tmplen; + if (strlen(value) & 1) + *(--value) = '0'; + if (Msg) + goto parse_error; + Msg = hex2bin_m(value, &tmplen); + if (!Msg) + goto parse_error; + } + else if (!strcmp(keyword, "Seed")) + { + if (strlen(value) & 1) + *(--value) = '0'; + if (Seed) + goto parse_error; + Seed = hex2bin_m(value, &SeedLen); + if (!Seed) + goto parse_error; + } + else if (!strcmp(keyword, "MD")) + continue; + else + goto parse_error; + + fputs(olinebuf, out); + + if (md && Msg && (MsgLen >= 0)) + { + if (!print_dgst(md, out, Msg, MsgLen)) + goto error; + OPENSSL_free(Msg); + Msg = NULL; + MsgLen = -1; + Len = -1; + } + else if (md && Seed && (SeedLen > 0)) + { + if (!print_monte(md, out, Seed, SeedLen)) + goto error; + OPENSSL_free(Seed); + Seed = NULL; + SeedLen = -1; + } + + + } + + + ret = 1; + + + error: + + if (olinebuf) + OPENSSL_free(olinebuf); + if (linebuf) + OPENSSL_free(linebuf); + if (Msg) + OPENSSL_free(Msg); + if (Seed) + OPENSSL_free(Seed); + + return ret; + + parse_error: + + fprintf(stderr, "FATAL parse error processing line %d\n", lnum); + + goto error; + + } + +static int print_dgst(const EVP_MD *emd, FILE *out, + unsigned char *Msg, int Msglen) + { + int i, mdlen; + unsigned char md[EVP_MAX_MD_SIZE]; + if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL)) + { + fputs("Error calculating HASH\n", stderr); + return 0; + } + fputs("MD = ", out); + for (i = 0; i < mdlen; i++) + fprintf(out, "%02x", md[i]); + fputs("\n", out); + return 1; + } + +static int print_monte(const EVP_MD *md, FILE *out, + unsigned char *Seed, int SeedLen) + { + unsigned int i, j, k; + int ret = 0; + EVP_MD_CTX ctx; + unsigned char *m1, *m2, *m3, *p; + unsigned int mlen, m1len, m2len, m3len; + + EVP_MD_CTX_init(&ctx); + + if (SeedLen > EVP_MAX_MD_SIZE) + mlen = SeedLen; + else + mlen = EVP_MAX_MD_SIZE; + + m1 = OPENSSL_malloc(mlen); + m2 = OPENSSL_malloc(mlen); + m3 = OPENSSL_malloc(mlen); + + if (!m1 || !m2 || !m3) + goto mc_error; + + m1len = m2len = m3len = SeedLen; + memcpy(m1, Seed, SeedLen); + memcpy(m2, Seed, SeedLen); + memcpy(m3, Seed, SeedLen); + + fputs("\n", out); + + for (j = 0; j < 100; j++) + { + for (i = 0; i < 1000; i++) + { + EVP_DigestInit_ex(&ctx, md, NULL); + EVP_DigestUpdate(&ctx, m1, m1len); + EVP_DigestUpdate(&ctx, m2, m2len); + EVP_DigestUpdate(&ctx, m3, m3len); + p = m1; + m1 = m2; + m1len = m2len; + m2 = m3; + m2len = m3len; + m3 = p; + EVP_DigestFinal_ex(&ctx, m3, &m3len); + } + fprintf(out, "COUNT = %d\n", j); + fputs("MD = ", out); + for (k = 0; k < m3len; k++) + fprintf(out, "%02x", m3[k]); + fputs("\n\n", out); + memcpy(m1, m3, m3len); + memcpy(m2, m3, m3len); + m1len = m2len = m3len; + } + + ret = 1; + + mc_error: + if (m1) + OPENSSL_free(m1); + if (m2) + OPENSSL_free(m2); + if (m3) + OPENSSL_free(m3); + + EVP_MD_CTX_cleanup(&ctx); + + return ret; + } + +#endif Index: openssl-1.0.2j/crypto/fips/fips_tlsvs.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_tlsvs.c 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,539 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +/*--------------------------------------------- + TLS Algorithm Validation Suite + Test Program + + Donated to OpenSSL by: + SUSE LLC + ----------------------------------------------*/ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <assert.h> +#include <ctype.h> +#include <openssl/ssl.h> + +#include <openssl/err.h> +#include "e_os.h" + +extern int private_tls1_PRF(long digest_mask, + const void *seed1, int seed1_len, + const void *seed2, int seed2_len, + const void *seed3, int seed3_len, + const void *seed4, int seed4_len, + const void *seed5, int seed5_len, + const unsigned char *sec, int slen, + unsigned char *out1, + unsigned char *out2, int olen); + +#define SSL_HANDSHAKE_MAC_MD5 0x10 +#define SSL_HANDSHAKE_MAC_SHA 0x20 +#define SSL_HANDSHAKE_MAC_SHA256 0x80 +#define SSL_HANDSHAKE_MAC_SHA384 0x100 +#define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_DGST_SHIFT 10 +#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) + +#ifndef OPENSSL_FIPS + +int main(int argc, char *argv[]) +{ + printf("No FIPS TLS support\n"); + return(0); +} + +#else + +#include <openssl/fips.h> +#include "fips_utl.h" + +#define VERBOSE 0 + +/*-----------------------------------------------*/ + + +/*================================================*/ +/*---------------------------- + # CAVS 12.0 + # 'TLS' information for abc + # Cases tested: [TLS 1.0/1.1] [TLS 1.2, SHA-256], [TLS 1.2, SHA-384], [TLS 1.2, SHA-512] + # Generated on: Fri Aug 30 04:07:22 PM + ----------------------------*/ + +int proc_file(char *rqfile, char *rspfile) + { + char afn[256], rfn[256]; + FILE *afp = NULL, *rfp = NULL; + char ibuf[2048]; + char tbuf[2048]; + int len; + char amode[8] = ""; + char atest[8] = ""; + int akeysz = 0; + + /* TLS stuff */ + int shabits = 0, premasterlength = 0, tls = 0, keyblocklength = 0; + unsigned char *premastersecret = NULL; + unsigned char serverHello_random[2048]; + unsigned int serverhellorandomlen = 0; + unsigned char clientHello_random[2048]; + unsigned int clienthellorandomlen = 0; + unsigned char server_random[2048]; + unsigned int serverrandomlen = 0; + unsigned char client_random[2048]; + unsigned int clientrandomlen = 0; + unsigned char mastersecret[2048]; + unsigned int digest_mask = 0; + unsigned char seed[2048]; + unsigned char *keyblock = NULL; + unsigned char *keyblocktmp = NULL; + unsigned char tmpsecret[80]; + /* end of TLS stuff */ + + int err = 0, step = 0; + char *rp; + EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX_init(&ctx); + + if (!rqfile || !(*rqfile)) + { + printf("No req file\n"); + return -1; + } + strcpy(afn, rqfile); + + if ((afp = fopen(afn, "r")) == NULL) + { + printf("Cannot open file: %s, %s\n", + afn, strerror(errno)); + return -1; + } + if (!rspfile) + { + strcpy(rfn,afn); + rp=strstr(rfn,"req/"); +#ifdef OPENSSL_SYS_WIN32 + if (!rp) + rp=strstr(rfn,"req\\"); +#endif + assert(rp); + memcpy(rp,"rsp",3); + rp = strstr(rfn, ".req"); + memcpy(rp, ".rsp", 4); + rspfile = rfn; + } + if ((rfp = fopen(rspfile, "w")) == NULL) + { + printf("Cannot open file: %s, %s\n", + rfn, strerror(errno)); + fclose(afp); + afp = NULL; + return -1; + } + + + /* hey ho lets go */ + + while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL) + { + tidy_line(tbuf, ibuf); + printf("step=%d ibuf=%s",step,ibuf); + switch (step) + { + case 0: /* read preamble */ + if (ibuf[0] == '\n') + { /* end of preamble */ + /* not really anything mandatory, would need to check here */ + { + fputs(ibuf, rfp); + ++ step; + } + } + else if (ibuf[0] != '#') + { + printf("Invalid preamble item: %s\n", ibuf); + err = 1; + } + else + { /* process preamble */ + char *pp = ibuf+2; + if (akeysz) + { /* insert current time & date */ + time_t rtim = time(0); + fprintf(rfp, "# %s", ctime(&rtim)); + } + else + { + fputs(ibuf, rfp); + if (strncmp(pp, "'TLS' ", 5) == 0) + { + if (VERBOSE) + printf("Test = %s, Mode = %s\n", atest, amode); + } + else if (strncasecmp(pp, "Cases Tested: ", 14) == 0) + { + if (VERBOSE) + printf("Cases %s\n", pp+14); + } + } + } + break; + + case 1: /* [ENCRYPT] | [DECRYPT] */ + if (ibuf[0] == '[') + { + fputs(ibuf, rfp); + if (strncasecmp(ibuf, "[TLS 1.0/1.1]", 13 ) == 0) { + tls = 10; + shabits = 1; + printf("TLS 1.0/1.1\n"); + premasterlength = keyblocklength = 0; + } else + if (sscanf(ibuf, "[TLS 1.2, SHA-%d]", &shabits) == 1) { + tls = 12; + printf("TLS 1.2 shabits %d\n", shabits); + premasterlength = keyblocklength = 0; + } else if (sscanf(ibuf, "[pre-master secret length = %d]", &premasterlength) == 1) { + printf("premaster length %d\n", premasterlength); + if (premasterlength % 8) { + printf("premaster length not byte sized?? %d\n", premasterlength); + err = 1; + break; + } + premasterlength /= 8; + free(premastersecret); + premastersecret = malloc(premasterlength); + } else if (sscanf(ibuf, "[key block length = %d]", &keyblocklength) == 1) { + printf("key block length %d\n", keyblocklength); + if (keyblocklength % 8) { + printf("keyblock length not byte sized?? %d\n", keyblocklength); + err = 1; + break; + } + free(keyblock); + free(keyblocktmp); + keyblocklength /= 8; + keyblock = malloc(keyblocklength); + keyblocktmp = malloc(keyblocklength); + } else { + printf("Invalid keyword: %s\n", ibuf); + err = 1; + } + if (keyblocklength && premasterlength) + ++step; + break; + } + else if (strncasecmp(ibuf,"COUNT = ", 8) != 0) + { + err = 1; + printf("Missing new section or COUNT = keyword\n"); + break; + } + else + step = 2; + + case 2: /* COUNT = and pre_master_secret = xxxx */ + fputs(ibuf, rfp); + if(*ibuf == '\n') + break; + if(!strncasecmp(ibuf,"COUNT = ",8)) + break; + + if (strncasecmp(ibuf, "pre_master_secret = ", 20) != 0) { + printf("Missing pre_master_secret\n"); + err = 1; + } else { + len = hex2bin((char*)ibuf+20, premastersecret); + if (len < 0) { + printf("Invalid premastersecret\n"); + err =1; + break; + } + if (len != premasterlength) { + printf("Invalid len %d vs premasterlenght %d\n", len, premasterlength); + err =1; + break; + } + PrintValue("pre_master_secret", premastersecret, len); + step++; + } + break; + + case 3: /* serverHello_random= xxxx */ + fputs(ibuf, rfp); + if (strncasecmp(ibuf, "serverHello_random = ", 21) != 0) { + printf("Missing serverHello_random\n"); + err = 1; + } else { + len = hex2bin((char*)ibuf+21, serverHello_random); + if (len < 0 || len > sizeof(serverHello_random)) { + printf("Invalid serverHello_random %d vs %d\n", len, (int)sizeof(serverHello_random)); + err =1; + break; + } + PrintValue("serverHello_random", serverHello_random, len); + serverhellorandomlen = len; + step++; + } + break; + + case 4: /* clientHello_random = xxxx */ + fputs(ibuf, rfp); + if (strncasecmp(ibuf, "clientHello_random = ", 21) != 0) { + printf("Missing clientHello_random\n"); + err = 1; + } else { + len = hex2bin((char*)ibuf+21, clientHello_random); + if (len < 0 || len > sizeof(clientHello_random)) { + printf("Invalid clientHello_random %d vs %d\n", len, (int)sizeof(clientHello_random)); + err =1; + break; + } + clienthellorandomlen = len; + PrintValue("serverHello_random", clientHello_random, len); + step++; + } + break; + + case 5: /* server_random = xxxx */ + fputs(ibuf, rfp); + if (strncasecmp(ibuf, "server_random = ", 16) != 0) { + printf("Missing server_random\n"); + err = 1; + } else { + len = hex2bin((char*)ibuf+16, server_random); + if (len < 0 || len > sizeof(server_random)) { + printf("Invalid server_random %d vs %d\n", len, (int)sizeof(server_random)); + err =1; + break; + } + serverrandomlen = len; + PrintValue("server_random", server_random, len); + step++; + } + break; + + case 6: /* client_random = xxxx */ + fputs(ibuf, rfp); + if (strncasecmp(ibuf, "client_random = ", 16) != 0) { + printf("Missing client_random\n"); + err = 1; + break; + } + len = hex2bin((char*)ibuf+16, client_random); + if (len < 0 || len > sizeof(client_random)) { + printf("Invalid client_random %d vs %d\n", len, (int)sizeof(client_random)); + err =1; + break; + } + PrintValue("client_random", client_random, len); + clientrandomlen = len; + + /* shit->hit(fan) */ + + if ((tls != 10) && (tls != 12)) { + printf("bad tls version %d\n", tls); + err = 1; + break; + } + + if (tls == 10) + digest_mask = TLS1_PRF; + + if (tls == 12) { + switch (shabits) { + case 1: digest_mask = TLS1_PRF; break; + case 256:digest_mask = TLS1_PRF_SHA256; break; + case 384:digest_mask = TLS1_PRF_SHA384; break; + /*case 512: digest_mask = TLS1_PRF_SHA512; break; not in openssl */ + default: printf("bad shabits %d\n", shabits); + err=1; + break; + } + } + memcpy(seed, "master secret",strlen("master secret")); + memcpy(seed+strlen("master secret"), clientHello_random, clienthellorandomlen); + memcpy(seed+strlen("master secret")+clienthellorandomlen, serverHello_random, serverhellorandomlen); + + private_tls1_PRF(digest_mask, + seed, strlen("master secret")+clienthellorandomlen+serverhellorandomlen, + NULL, 0, + NULL, 0, + NULL, 0, + NULL, 0, + premastersecret, premasterlength, + mastersecret,tmpsecret,sizeof(tmpsecret)); + OutputValue("master_secret", mastersecret, premasterlength, rfp, 0); + + private_tls1_PRF(digest_mask, + "key expansion", strlen("key expansion"), + server_random, serverrandomlen, + client_random, clientrandomlen, + NULL, 0, NULL, 0, + mastersecret, premasterlength, + keyblock, keyblocktmp, keyblocklength + ); + OutputValue("key_block", keyblock, keyblocklength, rfp, 0); + + step++; + break; + + case 7: + if (ibuf[0] != '\n') + { + err = 1; + printf("Missing terminator\n"); + } + fputs(ibuf, rfp); + step = 1; + break; + } + } + if (rfp) + fclose(rfp); + if (afp) + fclose(afp); + return err; + } + +/*-------------------------------------------------- + Processes either a single file or + a set of files whose names are passed in a file. + A single file is specified as: + aes_test -f xxx.req + A set of files is specified as: + aes_test -d xxxxx.xxx + The default is: -d req.txt +--------------------------------------------------*/ +int main(int argc, char **argv) + { + char *rqlist = "req.txt", *rspfile = NULL; + FILE *fp = NULL; + char fn[250] = "", rfn[256] = ""; + int d_opt = 1; + +#ifdef OPENSSL_FIPS + if(!FIPS_mode_set(1)) + { + do_print_errors(); + EXIT(1); + } +#endif + SSL_library_init(); + if (argc > 1) + { + if (strcasecmp(argv[1], "-d") == 0) + { + d_opt = 1; + } + else if (strcasecmp(argv[1], "-f") == 0) + { + d_opt = 0; + } + else + { + printf("Invalid parameter: %s\n", argv[1]); + return 0; + } + if (argc < 3) + { + printf("Missing parameter\n"); + return 0; + } + if (d_opt) + rqlist = argv[2]; + else + { + strcpy(fn, argv[2]); + rspfile = argv[3]; + } + } + if (d_opt) + { /* list of files (directory) */ + if (!(fp = fopen(rqlist, "r"))) + { + printf("Cannot open req list file\n"); + return -1; + } + while (fgets(fn, sizeof(fn), fp)) + { + strtok(fn, "\r\n"); + strcpy(rfn, fn); + if (VERBOSE) + printf("Processing: %s\n", rfn); + if (proc_file(rfn, rspfile)) + { + printf(">>> Processing failed for: %s <<<\n", rfn); + EXIT(1); + } + } + fclose(fp); + } + else /* single file */ + { + if (VERBOSE) + printf("Processing: %s\n", fn); + if (proc_file(fn, rspfile)) + { + printf(">>> Processing failed for: %s <<<\n", fn); + } + } + EXIT(0); + return 0; + } + +#endif + Index: openssl-1.0.2j/crypto/fips/fips_utl.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/crypto/fips/fips_utl.h 2017-03-16 17:27:29.544992910 +0100 @@ -0,0 +1,508 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef FIPS_UTL_H +#define FIPS_UTL_H + +#define OPENSSL_FIPSAPI + +#include <openssl/fips_rand.h> +#include <openssl/objects.h> + +#ifdef OPENSSL_SYS_WIN32 +#define RESP_EOL "\n" +#else +#define RESP_EOL "\r\n" +#endif + +#ifndef FIPS_AUTH_OFFICER_PASS +#define FIPS_AUTH_OFFICER_PASS "Default FIPS Crypto Officer Password" +#endif + +#ifndef FIPS_AUTH_USER_PASS +#define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" +#endif + + +int hex2bin(const char *in, unsigned char *out); +unsigned char *hex2bin_m(const char *in, long *plen); +int do_hex2bn(BIGNUM **pr, const char *in); +int do_bn_print(FILE *out, const BIGNUM *bn); +int do_bn_print_name(FILE *out, const char *name, const BIGNUM *bn); +int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf); +int parse_line2(char **pkw, char **pval, char *linebuf, char *olinebuf, int eol); +BIGNUM *hex2bn(const char *in); +int tidy_line(char *linebuf, char *olinebuf); +int copy_line(const char *in, FILE *ofp); +int bint2bin(const char *in, int len, unsigned char *out); +int bin2bint(const unsigned char *in,int len,char *out); +void PrintValue(char *tag, unsigned char *val, int len); +void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode); +void fips_algtest_init(void); +void do_entropy_stick(void); +int fips_strncasecmp(const char *str1, const char *str2, size_t n); +int fips_strcasecmp(const char *str1, const char *str2); + +static int no_err; + +void do_print_errors(void) + { + const char *file, *data; + int line, flags; + unsigned long l; + while ((l = ERR_get_error_line_data(&file, &line, &data, &flags))) + { + fprintf(stderr, "ERROR:%lx:lib=%d,func=%d,reason=%d" + ":file=%s:line=%d:%s\n", + l, ERR_GET_LIB(l), ERR_GET_FUNC(l), ERR_GET_REASON(l), + file, line, flags & ERR_TXT_STRING ? data : ""); + } + } + +static void put_err_cb(int lib, int func,int reason,const char *file,int line) + { + if (no_err) + return; + fprintf(stderr, "ERROR:%08lX:lib=%d,func=%d,reason=%d" + ":file=%s:line=%d\n", + ERR_PACK(lib, func, reason), + lib, func, reason, file, line); + } + +static void add_err_cb(int num, va_list args) + { + int i; + char *str; + if (no_err) + return; + fputs("\t", stderr); + for (i = 0; i < num; i++) + { + str = va_arg(args, char *); + if (str) + fputs(str, stderr); + } + fputs("\n", stderr); + } + +/* Dummy Entropy to keep DRBG happy. WARNING: THIS IS TOTALLY BOGUS + * HAS ZERO SECURITY AND MUST NOT BE USED IN REAL APPLICATIONS. + */ + +static unsigned char dummy_entropy[1024]; + +static size_t dummy_cb(DRBG_CTX *ctx, unsigned char **pout, + int entropy, size_t min_len, size_t max_len) + { + *pout = dummy_entropy; + return min_len; + } + +static int entropy_stick = 0; + +static void fips_algtest_init_nofips(void) + { + DRBG_CTX *ctx; + size_t i; + FIPS_set_error_callbacks(put_err_cb, add_err_cb); + for (i = 0; i < sizeof(dummy_entropy); i++) + dummy_entropy[i] = i & 0xff; + if (entropy_stick) + memcpy(dummy_entropy + 32, dummy_entropy + 16, 16); + ctx = FIPS_get_default_drbg(); + FIPS_drbg_init(ctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF); + FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, 16, dummy_cb, 0); + FIPS_drbg_instantiate(ctx, dummy_entropy, 10); + FIPS_rand_set_method(FIPS_drbg_method()); + } + +void do_entropy_stick(void) + { + entropy_stick = 1; + } + +void fips_algtest_init(void) + { + fips_algtest_init_nofips(); + if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS)) + { + fprintf(stderr, "Error entering FIPS mode\n"); + exit(1); + } + } + +int hex2bin(const char *in, unsigned char *out) + { + int n1, n2, isodd = 0; + unsigned char ch; + + n1 = strlen(in); + if (in[n1 - 1] == '\n') + n1--; + + if (n1 & 1) + isodd = 1; + + for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; ) + { /* first byte */ + if ((in[n1] >= '0') && (in[n1] <= '9')) + ch = in[n1++] - '0'; + else if ((in[n1] >= 'A') && (in[n1] <= 'F')) + ch = in[n1++] - 'A' + 10; + else if ((in[n1] >= 'a') && (in[n1] <= 'f')) + ch = in[n1++] - 'a' + 10; + else + return -1; + if(!in[n1]) + { + out[n2++]=ch; + break; + } + /* If input is odd length first digit is least significant: assumes + * all digits valid hex and null terminated which is true for the + * strings we pass. + */ + if (n1 == 1 && isodd) + { + out[n2++] = ch; + continue; + } + out[n2] = ch << 4; + /* second byte */ + if ((in[n1] >= '0') && (in[n1] <= '9')) + ch = in[n1++] - '0'; + else if ((in[n1] >= 'A') && (in[n1] <= 'F')) + ch = in[n1++] - 'A' + 10; + else if ((in[n1] >= 'a') && (in[n1] <= 'f')) + ch = in[n1++] - 'a' + 10; + else + return -1; + out[n2++] |= ch; + } + return n2; + } + +unsigned char *hex2bin_m(const char *in, long *plen) + { + unsigned char *p; + if (strlen(in) == 0) + { + *plen = 0; + return OPENSSL_malloc(1); + } + p = OPENSSL_malloc((strlen(in) + 1)/2); + *plen = hex2bin(in, p); + return p; + } + +int do_hex2bn(BIGNUM **pr, const char *in) + { + unsigned char *p; + long plen; + int r = 0; + p = hex2bin_m(in, &plen); + if (!p) + return 0; + if (!*pr) + *pr = BN_new(); + if (!*pr) + return 0; + if (BN_bin2bn(p, plen, *pr)) + r = 1; + OPENSSL_free(p); + return r; + } + +int do_bn_print(FILE *out, const BIGNUM *bn) + { + int len, i; + unsigned char *tmp; + len = BN_num_bytes(bn); + if (len == 0) + { + fputs("00", out); + return 1; + } + + tmp = OPENSSL_malloc(len); + if (!tmp) + { + fprintf(stderr, "Memory allocation error\n"); + return 0; + } + BN_bn2bin(bn, tmp); + for (i = 0; i < len; i++) + fprintf(out, "%02x", tmp[i]); + OPENSSL_free(tmp); + return 1; + } + +int do_bn_print_name(FILE *out, const char *name, const BIGNUM *bn) + { + int r; + fprintf(out, "%s = ", name); + r = do_bn_print(out, bn); + if (!r) + return 0; + fputs(RESP_EOL, out); + return 1; + } + +int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf) + { + return parse_line2(pkw, pval, linebuf, olinebuf, 1); + } + +int parse_line2(char **pkw, char **pval, char *linebuf, char *olinebuf, int eol) + { + char *keyword, *value, *p, *q; + strcpy(linebuf, olinebuf); + keyword = linebuf; + /* Skip leading space */ + while (isspace((unsigned char)*keyword)) + keyword++; + + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no '=' exit */ + if (!p) + return 0; + + q = p - 1; + + /* Remove trailing space */ + while (isspace((unsigned char)*q)) + *q-- = 0; + + *p = 0; + value = p + 1; + + /* Remove leading space from value */ + while (isspace((unsigned char)*value)) + value++; + + /* Remove trailing space from value */ + p = value + strlen(value) - 1; + + if (eol && *p != '\n') + fprintf(stderr, "Warning: missing EOL\n"); + + while (*p == '\n' || isspace((unsigned char)*p)) + *p-- = 0; + + *pkw = keyword; + *pval = value; + return 1; + } + +BIGNUM *hex2bn(const char *in) + { + BIGNUM *p=NULL; + + if (!do_hex2bn(&p, in)) + return NULL; + + return p; + } + +/* To avoid extensive changes to test program at this stage just convert + * the input line into an acceptable form. Keyword lines converted to form + * "keyword = value\n" no matter what white space present, all other lines + * just have leading and trailing space removed. + */ + +int tidy_line(char *linebuf, char *olinebuf) + { + char *keyword, *value, *p, *q; + strcpy(linebuf, olinebuf); + keyword = linebuf; + /* Skip leading space */ + while (isspace((unsigned char)*keyword)) + keyword++; + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no '=' just chop leading, trailing ws */ + if (!p) + { + p = keyword + strlen(keyword) - 1; + while (*p == '\n' || isspace((unsigned char)*p)) + *p-- = 0; + strcpy(olinebuf, keyword); + strcat(olinebuf, "\n"); + return 1; + } + + q = p - 1; + + /* Remove trailing space */ + while (isspace((unsigned char)*q)) + *q-- = 0; + + *p = 0; + value = p + 1; + + /* Remove leading space from value */ + while (isspace((unsigned char)*value)) + value++; + + /* Remove trailing space from value */ + p = value + strlen(value) - 1; + + while (*p == '\n' || isspace((unsigned char)*p)) + *p-- = 0; + + strcpy(olinebuf, keyword); + strcat(olinebuf, " = "); + strcat(olinebuf, value); + strcat(olinebuf, "\n"); + + return 1; + } +/* Copy supplied line to ofp replacing \n with \r\n */ +int copy_line(const char *in, FILE *ofp) + { + const char *p; + p = strchr(in, '\n'); + if (p) + { + fwrite(in, 1, (size_t)(p - in), ofp); + fputs(RESP_EOL, ofp); + } + else + fputs(in, ofp); + return 1; + } + +/* NB: this return the number of _bits_ read */ +int bint2bin(const char *in, int len, unsigned char *out) + { + int n; + + memset(out,0,len); + for(n=0 ; n < len ; ++n) + if(in[n] == '1') + out[n/8]|=(0x80 >> (n%8)); + return len; + } + +int bin2bint(const unsigned char *in,int len,char *out) + { + int n; + + for(n=0 ; n < len ; ++n) + out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0'; + return n; + } + +/*-----------------------------------------------*/ + +void PrintValue(char *tag, unsigned char *val, int len) +{ +#ifdef VERBOSE + OutputValue(tag, val, len, stdout, 0); +#endif +} + +void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode) + { + char obuf[2048]; + int olen; + + if(bitmode) + { + olen=bin2bint(val,len,obuf); + fprintf(rfp, "%s = %.*s" RESP_EOL, tag, olen, obuf); + } + else + { + int i; + fprintf(rfp, "%s = ", tag); + for (i = 0; i < len; i++) + fprintf(rfp, "%02x", val[i]); + fputs(RESP_EOL, rfp); + } + +#if VERBOSE + printf("%s = %.*s\n", tag, olen, obuf); +#endif + } + +/* Not all platforms support strcasecmp and strncasecmp: implement versions + * in here to avoid need to include them in the validated module. Taken + * from crypto/o_str.c written by Richard Levitte (richard@levitte.org) + */ + +int fips_strncasecmp(const char *str1, const char *str2, size_t n) + { + while (*str1 && *str2 && n) + { + int res = toupper(*str1) - toupper(*str2); + if (res) return res < 0 ? -1 : 1; + str1++; + str2++; + n--; + } + if (n == 0) + return 0; + if (*str1) + return 1; + if (*str2) + return -1; + return 0; + } + +int fips_strcasecmp(const char *str1, const char *str2) + { + return fips_strncasecmp(str1, str2, (size_t)-1); + } + + +#endif Index: openssl-1.0.2j/crypto/evp/evp.h =================================================================== --- openssl-1.0.2j.orig/crypto/evp/evp.h 2017-03-17 14:04:48.141719095 +0100 +++ openssl-1.0.2j/crypto/evp/evp.h 2017-03-17 14:04:58.921880654 +0100 @@ -516,6 +516,34 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER # define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) # define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) +/* Macros to reduce FIPS dependencies: do NOT use in applications */ +#define M_EVP_MD_size(e) ((e)->md_size) +#define M_EVP_MD_block_size(e) ((e)->block_size) +#define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) +#define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) +#define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) +#define M_EVP_MD_type(e) ((e)->type) +#define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e)) +#define M_EVP_MD_CTX_md(e) ((e)->digest) + +#define M_EVP_CIPHER_nid(e) ((e)->nid) +#define M_EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) +#define M_EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) +#define M_EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) +#define M_EVP_CIPHER_CTX_cipher(e) ((e)->cipher) +#define M_EVP_CIPHER_CTX_mode(e) (M_EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) + +#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) + +#define M_EVP_EncryptInit(ctx,ciph,key,iv) \ + (EVP_CipherInit(ctx,ciph,key,iv,1)) +#define M_EVP_EncryptInit_ex(ctx,ciph,impl,key,iv) \ + (EVP_CipherInit_ex(ctx,ciph,impl,key,iv,1)) +#define M_EVP_DecryptInit(ctx,ciph,key,iv) \ + (EVP_CipherInit(ctx,ciph,key,iv,0)) +#define M_EVP_DecryptInit_ex(ctx,ciph,impl,key,iv) \ + (EVP_CipherInit_ex(ctx,ciph,impl,key,iv,0)) + int EVP_MD_type(const EVP_MD *md); # define EVP_MD_nid(e) EVP_MD_type(e) # define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) Index: openssl-1.0.2j/crypto/fips/fips_enc.c =================================================================== --- openssl-1.0.2j.orig/crypto/fips/fips_enc.c 2017-03-17 14:06:50.387553609 +0100 +++ openssl-1.0.2j/crypto/fips/fips_enc.c 2017-03-17 14:07:01.947727357 +0100 @@ -62,6 +62,281 @@ #include <openssl/err.h> #include <openssl/fips.h> +void FIPS_cipher_ctx_init(EVP_CIPHER_CTX *ctx) + { + memset(ctx,0,sizeof(EVP_CIPHER_CTX)); + /* ctx->cipher=NULL; */ + } + +EVP_CIPHER_CTX *FIPS_cipher_ctx_new(void) + { + EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx); + if (ctx) + FIPS_cipher_ctx_init(ctx); + return ctx; + } + +/* The purpose of these is to trap programs that attempt to use non FIPS + * algorithms in FIPS mode and ignore the errors. + */ + +static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { FIPS_ERROR_IGNORED("Cipher init"); return 0;} + +static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) + { FIPS_ERROR_IGNORED("Cipher update"); return 0;} + +/* NB: no cleanup because it is allowed after failed init */ + +static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) + { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;} +static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) + { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;} +static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) + { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;} + +static const EVP_CIPHER bad_cipher = + { + 0, + 1, + 0, + 0, + 0, + bad_init, + bad_do_cipher, + NULL, + 0, + bad_set_asn1, + bad_get_asn1, + bad_ctrl, + NULL + }; + +int FIPS_cipherinit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, int enc) + { + if(FIPS_selftest_failed()) + { + FIPSerr(FIPS_F_FIPS_CIPHERINIT,FIPS_R_FIPS_SELFTEST_FAILED); + ctx->cipher = &bad_cipher; + return 0; + } + if (enc == -1) + enc = ctx->encrypt; + else + { + if (enc) + enc = 1; + ctx->encrypt = enc; + } + if (cipher) + { + /* Only FIPS ciphers allowed */ + if (FIPS_module_mode() && !(cipher->flags & EVP_CIPH_FLAG_FIPS) && + !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) + { + EVPerr(EVP_F_FIPS_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS); + ctx->cipher = &bad_cipher; + return 0; + } + /* Ensure a context left lying around from last time is cleared + * (the previous check attempted to avoid this if the same + * ENGINE and EVP_CIPHER could be used). */ + FIPS_cipher_ctx_cleanup(ctx); + + /* Restore encrypt field: it is zeroed by cleanup */ + ctx->encrypt = enc; + + ctx->cipher=cipher; + if (ctx->cipher->ctx_size) + { + ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); + if (!ctx->cipher_data) + { + EVPerr(EVP_F_FIPS_CIPHERINIT, ERR_R_MALLOC_FAILURE); + return 0; + } + } + else + { + ctx->cipher_data = NULL; + } + ctx->key_len = cipher->key_len; + ctx->flags = 0; + if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) + { + if(!FIPS_cipher_ctx_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) + { + EVPerr(EVP_F_FIPS_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + return 0; + } + } + } + else if(!ctx->cipher) + { + EVPerr(EVP_F_FIPS_CIPHERINIT, EVP_R_NO_CIPHER_SET); + return 0; + } + /* we assume block size is a power of 2 in *cryptUpdate */ + OPENSSL_assert(ctx->cipher->block_size == 1 + || ctx->cipher->block_size == 8 + || ctx->cipher->block_size == 16); + + if(!(M_EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { + switch(M_EVP_CIPHER_CTX_mode(ctx)) { + + case EVP_CIPH_STREAM_CIPHER: + case EVP_CIPH_ECB_MODE: + break; + + case EVP_CIPH_CFB_MODE: + case EVP_CIPH_OFB_MODE: + + ctx->num = 0; + /* fall-through */ + + case EVP_CIPH_CBC_MODE: + + OPENSSL_assert(M_EVP_CIPHER_CTX_iv_length(ctx) <= + (int)sizeof(ctx->iv)); + if(iv) memcpy(ctx->oiv, iv, M_EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(ctx->iv, ctx->oiv, M_EVP_CIPHER_CTX_iv_length(ctx)); + break; + + case EVP_CIPH_CTR_MODE: + /* Don't reuse IV for CTR mode */ + if(iv) + memcpy(ctx->iv, iv, M_EVP_CIPHER_CTX_iv_length(ctx)); + break; + + default: + return 0; + break; + } + } + + if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { + if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; + } + ctx->buf_len=0; + ctx->final_used=0; + ctx->block_mask=ctx->cipher->block_size-1; + return 1; + } + +void FIPS_cipher_ctx_free(EVP_CIPHER_CTX *ctx) + { + if (ctx) + { + FIPS_cipher_ctx_cleanup(ctx); + OPENSSL_free(ctx); + } + } + +int FIPS_cipher_ctx_cleanup(EVP_CIPHER_CTX *c) + { + if (c->cipher != NULL) + { + if(c->cipher->cleanup && !c->cipher->cleanup(c)) + return 0; + /* Cleanse cipher context data */ + if (c->cipher_data) + OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); + } + if (c->cipher_data) + OPENSSL_free(c->cipher_data); + memset(c,0,sizeof(EVP_CIPHER_CTX)); + return 1; + } + +int FIPS_cipher_ctx_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +{ + int ret; + if (FIPS_selftest_failed()) + { + FIPSerr(FIPS_F_FIPS_CIPHER_CTX_CTRL, FIPS_R_SELFTEST_FAILED); + return 0; + } + if(!ctx->cipher) { + EVPerr(EVP_F_FIPS_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); + return 0; + } + + if(!ctx->cipher->ctrl) { + EVPerr(EVP_F_FIPS_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); + return 0; + } + + ret = ctx->cipher->ctrl(ctx, type, arg, ptr); + if(ret == -1) { + EVPerr(EVP_F_FIPS_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); + return 0; + } + return ret; +} + +int FIPS_cipher_ctx_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) + { + if ((in == NULL) || (in->cipher == NULL)) + { + EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); + return 0; + } + + /* Only FIPS ciphers allowed */ + if (FIPS_module_mode() && !(in->cipher->flags & EVP_CIPH_FLAG_FIPS) && + !(out->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) + { + EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY, EVP_R_DISABLED_FOR_FIPS); + out->cipher = &bad_cipher; + return 0; + } + + FIPS_cipher_ctx_cleanup(out); + memcpy(out,in,sizeof *out); + + if (in->cipher_data && in->cipher->ctx_size) + { + out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size); + if (!out->cipher_data) + { + EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size); + } + + if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) + return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); + return 1; + } + +/* You can't really set the key length with FIPS, so just check that the + caller sets the length the context already has. */ +int FIPS_cipher_ctx_set_key_length(EVP_CIPHER_CTX *ctx, int keylen) + { + if (ctx->key_len == keylen) + return 1; + + EVPerr(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH); + return 0; + } + + + +int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl) + { + if (FIPS_selftest_failed()) + { + FIPSerr(FIPS_F_FIPS_CIPHER, FIPS_R_SELFTEST_FAILED); + return -1; + } + return ctx->cipher->do_cipher(ctx,out,in,inl); + } + const EVP_CIPHER *FIPS_get_cipherbynid(int nid) { switch (nid) { Index: openssl-1.0.2j/crypto/fips/fips_md.c =================================================================== --- openssl-1.0.2j.orig/crypto/fips/fips_md.c 2017-03-16 17:27:29.252988353 +0100 +++ openssl-1.0.2j/crypto/fips/fips_md.c 2017-03-17 14:11:22.255650535 +0100 @@ -120,6 +120,208 @@ #include <openssl/err.h> #include <openssl/fips.h> +void FIPS_md_ctx_init(EVP_MD_CTX *ctx) + { + memset(ctx,'\0',sizeof *ctx); + } + +EVP_MD_CTX *FIPS_md_ctx_create(void) + { + EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx); + + if (ctx) + FIPS_md_ctx_init(ctx); + + return ctx; + } + +/* The purpose of these is to trap programs that attempt to use non FIPS + * algorithms in FIPS mode and ignore the errors. + */ + +static int bad_init(EVP_MD_CTX *ctx) + { FIPS_ERROR_IGNORED("Digest init"); return 0;} + +static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count) + { FIPS_ERROR_IGNORED("Digest update"); return 0;} + +static int bad_final(EVP_MD_CTX *ctx,unsigned char *md) + { FIPS_ERROR_IGNORED("Digest Final"); return 0;} + +static const EVP_MD bad_md = + { + 0, + 0, + 0, + 0, + bad_init, + bad_update, + bad_final, + NULL, + NULL, + NULL, + 0, + {0,0,0,0}, + }; + +int FIPS_digestinit(EVP_MD_CTX *ctx, const EVP_MD *type) + { + M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); + if(FIPS_selftest_failed()) + { + FIPSerr(FIPS_F_FIPS_DIGESTINIT,FIPS_R_FIPS_SELFTEST_FAILED); + ctx->digest = &bad_md; + ctx->update = bad_update; + return 0; + } + if(FIPS_module_mode() && !(type->flags & EVP_MD_FLAG_FIPS) && + !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) + { + EVPerr(EVP_F_FIPS_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS); + ctx->digest = &bad_md; + ctx->update = bad_update; + return 0; + } + if (ctx->digest != type) + { + if (ctx->digest && ctx->digest->ctx_size) + OPENSSL_free(ctx->md_data); + ctx->digest=type; + if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) + { + ctx->update = type->update; + ctx->md_data=OPENSSL_malloc(type->ctx_size); + if (ctx->md_data == NULL) + { + EVPerr(EVP_F_FIPS_DIGESTINIT, + ERR_R_MALLOC_FAILURE); + return 0; + } + } + } + if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) + return 1; + return ctx->digest->init(ctx); + } + +int FIPS_digestupdate(EVP_MD_CTX *ctx, const void *data, size_t count) + { + if (FIPS_selftest_failed()) + { + FIPSerr(FIPS_F_FIPS_DIGESTUPDATE, FIPS_R_SELFTEST_FAILED); + return 0; + } + return ctx->update(ctx,data,count); + } + +/* The caller can assume that this removes any secret data from the context */ +int FIPS_digestfinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) + { + int ret; + + if (FIPS_selftest_failed()) + { + FIPSerr(FIPS_F_FIPS_DIGESTFINAL, FIPS_R_SELFTEST_FAILED); + return 0; + } + + OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); + ret=ctx->digest->final(ctx,md); + if (size != NULL) + *size=ctx->digest->md_size; + if (ctx->digest->cleanup) + { + ctx->digest->cleanup(ctx); + M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); + } + memset(ctx->md_data,0,ctx->digest->ctx_size); + return ret; + } + +int FIPS_digest(const void *data, size_t count, + unsigned char *md, unsigned int *size, const EVP_MD *type) + { + EVP_MD_CTX ctx; + int ret; + + FIPS_md_ctx_init(&ctx); + M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); + ret=FIPS_digestinit(&ctx, type) + && FIPS_digestupdate(&ctx, data, count) + && FIPS_digestfinal(&ctx, md, size); + FIPS_md_ctx_cleanup(&ctx); + + return ret; + } + +void FIPS_md_ctx_destroy(EVP_MD_CTX *ctx) + { + FIPS_md_ctx_cleanup(ctx); + OPENSSL_free(ctx); + } + +/* This call frees resources associated with the context */ +int FIPS_md_ctx_cleanup(EVP_MD_CTX *ctx) + { + /* Don't assume ctx->md_data was cleaned in FIPS_digest_Final, + * because sometimes only copies of the context are ever finalised. + */ + if (ctx->digest && ctx->digest->cleanup + && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) + ctx->digest->cleanup(ctx); + if (ctx->digest && ctx->digest->ctx_size && ctx->md_data + && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) + { + OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); + OPENSSL_free(ctx->md_data); + } + memset(ctx,'\0',sizeof *ctx); + + return 1; + } + +int FIPS_md_ctx_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) + { + unsigned char *tmp_buf; + if ((in == NULL) || (in->digest == NULL)) + { + EVPerr(EVP_F_FIPS_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); + return 0; + } + + if (out->digest == in->digest) + { + tmp_buf = out->md_data; + M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE); + } + else tmp_buf = NULL; + FIPS_md_ctx_cleanup(out); + memcpy(out,in,sizeof *out); + + if (in->md_data && out->digest->ctx_size) + { + if (tmp_buf) + out->md_data = tmp_buf; + else + { + out->md_data=OPENSSL_malloc(out->digest->ctx_size); + if (!out->md_data) + { + EVPerr(EVP_F_FIPS_MD_CTX_COPY,ERR_R_MALLOC_FAILURE); + return 0; + } + } + memcpy(out->md_data,in->md_data,out->digest->ctx_size); + } + + out->update = in->update; + + if (out->digest->copy) + return out->digest->copy(out,in); + + return 1; + } + const EVP_MD *FIPS_get_digestbynid(int nid) { switch (nid) { Index: openssl-1.0.2j/crypto/ecdsa/ecs_ossl.c =================================================================== --- openssl-1.0.2j.orig/crypto/ecdsa/ecs_ossl.c 2017-03-16 17:27:29.272988665 +0100 +++ openssl-1.0.2j/crypto/ecdsa/ecs_ossl.c 2017-03-17 14:24:11.315328893 +0100 @@ -479,3 +479,31 @@ static int ecdsa_do_verify(const unsigne EC_POINT_free(point); return ret; } + +/* FIPS stanadlone version of ecdsa_check: just return FIPS method */ +ECDSA_DATA *fips_ecdsa_check(EC_KEY *key) + { + static ECDSA_DATA rv = { + 0,0,0, + &openssl_ecdsa_meth + }; + return &rv; + } + +/* Standalone digest sign and verify */ +int FIPS_ecdsa_verify_digest(EC_KEY *key, + const unsigned char *dig, int dlen, ECDSA_SIG *s) + { + ECDSA_DATA *ecdsa = ecdsa_check(key); + if (ecdsa == NULL) + return 0; + return ecdsa->meth->ecdsa_do_verify(dig, dlen, s, key); + } +ECDSA_SIG * FIPS_ecdsa_sign_digest(EC_KEY *key, + const unsigned char *dig, int dlen) + { + ECDSA_DATA *ecdsa = ecdsa_check(key); + if (ecdsa == NULL) + return NULL; + return ecdsa->meth->ecdsa_do_sign(dig, dlen, NULL, NULL, key); + } Index: openssl-1.0.2j/crypto/ecdsa/ecdsa.h =================================================================== --- openssl-1.0.2j.orig/crypto/ecdsa/ecdsa.h 2016-09-26 11:49:07.000000000 +0200 +++ openssl-1.0.2j/crypto/ecdsa/ecdsa.h 2017-03-17 14:35:10.121322408 +0100 @@ -228,6 +228,21 @@ int ECDSA_get_ex_new_index(long argl, vo int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); void *ECDSA_get_ex_data(EC_KEY *d, int idx); +#ifdef OPENSSL_FIPS +/* Standalone FIPS signature operations */ +ECDSA_SIG * FIPS_ecdsa_sign_digest(EC_KEY *key, + const unsigned char *dig, int dlen); +ECDSA_SIG * FIPS_ecdsa_sign_ctx(EC_KEY *key, EVP_MD_CTX *ctx); +int FIPS_ecdsa_verify_digest(EC_KEY *key, + const unsigned char *dig, int dlen, ECDSA_SIG *s); +int FIPS_ecdsa_verify_ctx(EC_KEY *key, EVP_MD_CTX *ctx, ECDSA_SIG *s); +int FIPS_ecdsa_verify(EC_KEY *key, const unsigned char *msg, size_t msglen, + const EVP_MD *mhash, ECDSA_SIG *s); +ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key, + const unsigned char *msg, size_t msglen, + const EVP_MD *mhash); +#endif + /** Allocates and initialize a ECDSA_METHOD structure * \param ecdsa_method pointer to ECDSA_METHOD to copy. (May be NULL) * \return pointer to a ECDSA_METHOD structure or NULL if an error occurred
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor