/[pkgs]/devel/openssl/openssl-1.0.0-beta3-fips.patch
ViewVC logotype

Contents of /devel/openssl/openssl-1.0.0-beta3-fips.patch

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.5 - (show annotations) (download) (as text)
Wed Sep 30 18:18:48 2009 UTC (7 weeks, 4 days ago) by tmraz
Branch: MAIN
CVS Tags: openssl-1_0_0-0_8_beta3_fc13, openssl-1_0_0-0_9_beta3_fc13, openssl-1_0_0-0_10_beta3_fc13
Changes since 1.4: +552 -444 lines
File MIME type: text/x-patch 
* Wed Sep 30 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.8.beta3
- fix RSA and DSA FIPS selftests
- reenable fixed x86_64 camellia assembler code (#521127)
1 diff -up openssl-1.0.0-beta3/Configure.fips openssl-1.0.0-beta3/Configure
2 --- openssl-1.0.0-beta3/Configure.fips 2009-09-30 13:25:57.000000000 +0200
3 +++ openssl-1.0.0-beta3/Configure 2009-09-30 13:25:58.000000000 +0200
4 @@ -654,6 +654,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml
5 my $processor="";
6 my $default_ranlib;
7 my $perl;
8 +my $fips=0;
9
10
11 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
12 @@ -797,6 +798,10 @@ PROCESS_ARGS:
13 }
14 elsif (/^386$/)
15 { $processor=386; }
16 + elsif (/^fips$/)
17 + {
18 + $fips=1;
19 + }
20 elsif (/^rsaref$/)
21 {
22 # No RSAref support any more since it's not needed.
23 @@ -1349,6 +1354,11 @@ $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no
24
25 $cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/);
26
27 +if ($fips)
28 + {
29 + $openssl_other_defines.="#define OPENSSL_FIPS\n";
30 + }
31 +
32 $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
33 $des_obj=$des_enc unless ($des_obj =~ /\.o$/);
34 $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
35 @@ -1504,6 +1514,10 @@ while (<IN>)
36 s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
37 s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
38 s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
39 + if ($fips)
40 + {
41 + s/^FIPS=.*/FIPS=yes/;
42 + }
43 s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
44 s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
45 s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
46 diff -up openssl-1.0.0-beta3/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta3/crypto/bf/bf_skey.c
47 --- openssl-1.0.0-beta3/crypto/bf/bf_skey.c.fips 2008-11-12 04:57:52.000000000 +0100
48 +++ openssl-1.0.0-beta3/crypto/bf/bf_skey.c 2009-09-30 13:25:58.000000000 +0200
49 @@ -59,10 +59,15 @@
50 #include <stdio.h>
51 #include <string.h>
52 #include <openssl/blowfish.h>
53 +#include <openssl/crypto.h>
54 +#ifdef OPENSSL_FIPS
55 +#include <openssl/fips.h>
56 +#endif
57 +
58 #include "bf_locl.h"
59 #include "bf_pi.h"
60
61 -void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
62 +FIPS_NON_FIPS_VCIPHER_Init(BF)
63 {
64 int i;
65 BF_LONG *p,ri,in[2];
66 diff -up openssl-1.0.0-beta3/crypto/bf/blowfish.h.fips openssl-1.0.0-beta3/crypto/bf/blowfish.h
67 --- openssl-1.0.0-beta3/crypto/bf/blowfish.h.fips 2009-09-30 13:25:57.000000000 +0200
68 +++ openssl-1.0.0-beta3/crypto/bf/blowfish.h 2009-09-30 13:25:58.000000000 +0200
69 @@ -104,7 +104,9 @@ typedef struct bf_key_st
70 BF_LONG S[4*256];
71 } BF_KEY;
72
73 -
74 +#ifdef OPENSSL_FIPS
75 +void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
76 +#endif
77 void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
78
79 void BF_encrypt(BF_LONG *data,const BF_KEY *key);
80 diff -up openssl-1.0.0-beta3/crypto/bn/bn.h.fips openssl-1.0.0-beta3/crypto/bn/bn.h
81 --- openssl-1.0.0-beta3/crypto/bn/bn.h.fips 2009-09-30 13:25:57.000000000 +0200
82 +++ openssl-1.0.0-beta3/crypto/bn/bn.h 2009-09-30 13:25:58.000000000 +0200
83 @@ -540,6 +540,17 @@ int BN_is_prime_ex(const BIGNUM *p,int n
84 int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
85 int do_trial_division, BN_GENCB *cb);
86
87 +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
88 +
89 +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
90 + const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
91 + const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
92 +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
93 + BIGNUM *Xp1, BIGNUM *Xp2,
94 + const BIGNUM *Xp,
95 + const BIGNUM *e, BN_CTX *ctx,
96 + BN_GENCB *cb);
97 +
98 BN_MONT_CTX *BN_MONT_CTX_new(void );
99 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
100 int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
101 diff -up /dev/null openssl-1.0.0-beta3/crypto/bn/bn_x931p.c
102 --- /dev/null 2009-09-23 10:56:02.148001752 +0200
103 +++ openssl-1.0.0-beta3/crypto/bn/bn_x931p.c 2009-09-30 13:25:58.000000000 +0200
104 @@ -0,0 +1,272 @@
105 +/* bn_x931p.c */
106 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
107 + * project 2005.
108 + */
109 +/* ====================================================================
110 + * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
111 + *
112 + * Redistribution and use in source and binary forms, with or without
113 + * modification, are permitted provided that the following conditions
114 + * are met:
115 + *
116 + * 1. Redistributions of source code must retain the above copyright
117 + * notice, this list of conditions and the following disclaimer.
118 + *
119 + * 2. Redistributions in binary form must reproduce the above copyright
120 + * notice, this list of conditions and the following disclaimer in
121 + * the documentation and/or other materials provided with the
122 + * distribution.
123 + *
124 + * 3. All advertising materials mentioning features or use of this
125 + * software must display the following acknowledgment:
126 + * "This product includes software developed by the OpenSSL Project
127 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
128 + *
129 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
130 + * endorse or promote products derived from this software without
131 + * prior written permission. For written permission, please contact
132 + * licensing@OpenSSL.org.
133 + *
134 + * 5. Products derived from this software may not be called "OpenSSL"
135 + * nor may "OpenSSL" appear in their names without prior written
136 + * permission of the OpenSSL Project.
137 + *
138 + * 6. Redistributions of any form whatsoever must retain the following
139 + * acknowledgment:
140 + * "This product includes software developed by the OpenSSL Project
141 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
142 + *
143 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
144 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
145 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
146 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
147 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
148 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
149 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
150 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
151 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
152 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
153 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
154 + * OF THE POSSIBILITY OF SUCH DAMAGE.
155 + * ====================================================================
156 + *
157 + * This product includes cryptographic software written by Eric Young
158 + * (eay@cryptsoft.com). This product includes software written by Tim
159 + * Hudson (tjh@cryptsoft.com).
160 + *
161 + */
162 +
163 +#include <stdio.h>
164 +#include <openssl/bn.h>
165 +
166 +/* X9.31 routines for prime derivation */
167 +
168 +/* X9.31 prime derivation. This is used to generate the primes pi
169 + * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd
170 + * integers.
171 + */
172 +
173 +static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
174 + BN_GENCB *cb)
175 + {
176 + int i = 0;
177 + if (!BN_copy(pi, Xpi))
178 + return 0;
179 + if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
180 + return 0;
181 + for(;;)
182 + {
183 + i++;
184 + BN_GENCB_call(cb, 0, i);
185 + /* NB 27 MR is specificed in X9.31 */
186 + if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))
187 + break;
188 + if (!BN_add_word(pi, 2))
189 + return 0;
190 + }
191 + BN_GENCB_call(cb, 2, i);
192 + return 1;
193 + }
194 +
195 +/* This is the main X9.31 prime derivation function. From parameters
196 + * Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are
197 + * not NULL they will be returned too: this is needed for testing.
198 + */
199 +
200 +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
201 + const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
202 + const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
203 + {
204 + int ret = 0;
205 +
206 + BIGNUM *t, *p1p2, *pm1;
207 +
208 + /* Only even e supported */
209 + if (!BN_is_odd(e))
210 + return 0;
211 +
212 + BN_CTX_start(ctx);
213 + if (!p1)
214 + p1 = BN_CTX_get(ctx);
215 +
216 + if (!p2)
217 + p2 = BN_CTX_get(ctx);
218 +
219 + t = BN_CTX_get(ctx);
220 +
221 + p1p2 = BN_CTX_get(ctx);
222 +
223 + pm1 = BN_CTX_get(ctx);
224 +
225 + if (!bn_x931_derive_pi(p1, Xp1, ctx, cb))
226 + goto err;
227 +
228 + if (!bn_x931_derive_pi(p2, Xp2, ctx, cb))
229 + goto err;
230 +
231 + if (!BN_mul(p1p2, p1, p2, ctx))
232 + goto err;
233 +
234 + /* First set p to value of Rp */
235 +
236 + if (!BN_mod_inverse(p, p2, p1, ctx))
237 + goto err;
238 +
239 + if (!BN_mul(p, p, p2, ctx))
240 + goto err;
241 +
242 + if (!BN_mod_inverse(t, p1, p2, ctx))
243 + goto err;
244 +
245 + if (!BN_mul(t, t, p1, ctx))
246 + goto err;
247 +
248 + if (!BN_sub(p, p, t))
249 + goto err;
250 +
251 + if (p->neg && !BN_add(p, p, p1p2))
252 + goto err;
253 +
254 + /* p now equals Rp */
255 +
256 + if (!BN_mod_sub(p, p, Xp, p1p2, ctx))
257 + goto err;
258 +
259 + if (!BN_add(p, p, Xp))
260 + goto err;
261 +
262 + /* p now equals Yp0 */
263 +
264 + for (;;)
265 + {
266 + int i = 1;
267 + BN_GENCB_call(cb, 0, i++);
268 + if (!BN_copy(pm1, p))
269 + goto err;
270 + if (!BN_sub_word(pm1, 1))
271 + goto err;
272 + if (!BN_gcd(t, pm1, e, ctx))
273 + goto err;
274 + if (BN_is_one(t)
275 + /* X9.31 specifies 8 MR and 1 Lucas test or any prime test
276 + * offering similar or better guarantees 50 MR is considerably
277 + * better.
278 + */
279 + && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
280 + break;
281 + if (!BN_add(p, p, p1p2))
282 + goto err;
283 + }
284 +
285 + BN_GENCB_call(cb, 3, 0);
286 +
287 + ret = 1;
288 +
289 + err:
290 +
291 + BN_CTX_end(ctx);
292 +
293 + return ret;
294 + }
295 +
296 +/* Generate pair of paramters Xp, Xq for X9.31 prime generation.
297 + * Note: nbits paramter is sum of number of bits in both.
298 + */
299 +
300 +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
301 + {
302 + BIGNUM *t;
303 + int i;
304 + /* Number of bits for each prime is of the form
305 + * 512+128s for s = 0, 1, ...
306 + */
307 + if ((nbits < 1024) || (nbits & 0xff))
308 + return 0;
309 + nbits >>= 1;
310 + /* The random value Xp must be between sqrt(2) * 2^(nbits-1) and
311 + * 2^nbits - 1. By setting the top two bits we ensure that the lower
312 + * bound is exceeded.
313 + */
314 + if (!BN_rand(Xp, nbits, 1, 0))
315 + return 0;
316 +
317 + BN_CTX_start(ctx);
318 + t = BN_CTX_get(ctx);
319 +
320 + for (i = 0; i < 1000; i++)
321 + {
322 + if (!BN_rand(Xq, nbits, 1, 0))
323 + return 0;
324 + /* Check that |Xp - Xq| > 2^(nbits - 100) */
325 + BN_sub(t, Xp, Xq);
326 + if (BN_num_bits(t) > (nbits - 100))
327 + break;
328 + }
329 +
330 + BN_CTX_end(ctx);
331 +
332 + if (i < 1000)
333 + return 1;
334 +
335 + return 0;
336 +
337 + }
338 +
339 +/* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1
340 + * and Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL
341 + * the relevant parameter will be stored in it.
342 + *
343 + * Due to the fact that |Xp - Xq| > 2^(nbits - 100) must be satisfied Xp and Xq
344 + * are generated using the previous function and supplied as input.
345 + */
346 +
347 +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
348 + BIGNUM *Xp1, BIGNUM *Xp2,
349 + const BIGNUM *Xp,
350 + const BIGNUM *e, BN_CTX *ctx,
351 + BN_GENCB *cb)
352 + {
353 + int ret = 0;
354 +
355 + BN_CTX_start(ctx);
356 + if (!Xp1)
357 + Xp1 = BN_CTX_get(ctx);
358 + if (!Xp2)
359 + Xp2 = BN_CTX_get(ctx);
360 +
361 + if (!BN_rand(Xp1, 101, 0, 0))
362 + goto error;
363 + if (!BN_rand(Xp2, 101, 0, 0))
364 + goto error;
365 + if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
366 + goto error;
367 +
368 + ret = 1;
369 +
370 + error:
371 + BN_CTX_end(ctx);
372 +
373 + return ret;
374 +
375 + }
376 +
377 diff -up openssl-1.0.0-beta3/crypto/bn/Makefile.fips openssl-1.0.0-beta3/crypto/bn/Makefile
378 --- openssl-1.0.0-beta3/crypto/bn/Makefile.fips 2008-11-12 09:19:02.000000000 +0100
379 +++ openssl-1.0.0-beta3/crypto/bn/Makefile 2009-09-30 13:25:58.000000000 +0200
380 @@ -26,13 +26,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_li
381 bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
382 bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
383 bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
384 - bn_depr.c bn_const.c
385 + bn_depr.c bn_const.c bn_x931p.c
386
387 LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
388 bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
389 bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
390 bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \
391 - bn_depr.o bn_const.o
392 + bn_depr.o bn_const.o bn_x931p.o
393
394 SRC= $(LIBSRC)
395
396 diff -up openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl
397 --- openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl.fips 2009-04-06 16:25:02.000000000 +0200
398 +++ openssl-1.0.0-beta3/crypto/camellia/asm/cmll-x86.pl 2009-09-30 13:25:58.000000000 +0200
399 @@ -722,12 +722,15 @@ my $bias=int(@T[0])?shift(@T):0;
400 }
401 &function_end("Camellia_Ekeygen");
402
403 +$setkeyfunc = "Camellia_set_key";
404 +$setkeyfunc = "private_Camellia_set_key" if ($ENV{FIPS} ne "");
405 +
406 if ($OPENSSL) {
407 # int Camellia_set_key (
408 # const unsigned char *userKey,
409 # int bits,
410 # CAMELLIA_KEY *key)
411 -&function_begin_B("Camellia_set_key");
412 +&function_begin_B($setkeyfunc);
413 &push ("ebx");
414 &mov ("ecx",&wparam(0)); # pull arguments
415 &mov ("ebx",&wparam(1));
416 @@ -760,7 +763,7 @@ if ($OPENSSL) {
417 &set_label("done",4);
418 &pop ("ebx");
419 &ret ();
420 -&function_end_B("Camellia_set_key");
421 +&function_end_B($setkeyfunc);
422 }
423
424 @SBOX=(
425 diff -up openssl-1.0.0-beta3/crypto/camellia/camellia.h.fips openssl-1.0.0-beta3/crypto/camellia/camellia.h
426 --- openssl-1.0.0-beta3/crypto/camellia/camellia.h.fips 2009-09-30 13:25:56.000000000 +0200
427 +++ openssl-1.0.0-beta3/crypto/camellia/camellia.h 2009-09-30 13:25:58.000000000 +0200
428 @@ -88,6 +88,11 @@ struct camellia_key_st
429 };
430 typedef struct camellia_key_st CAMELLIA_KEY;
431
432 +#ifdef OPENSSL_FIPS
433 +int private_Camellia_set_key(const unsigned char *userKey, const int bits,
434 + CAMELLIA_KEY *key);
435 +#endif
436 +
437 int Camellia_set_key(const unsigned char *userKey, const int bits,
438 CAMELLIA_KEY *key);
439
440 diff -up /dev/null openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c
441 --- /dev/null 2009-09-23 10:56:02.148001752 +0200
442 +++ openssl-1.0.0-beta3/crypto/camellia/cmll_fblk.c 2009-09-30 13:25:58.000000000 +0200
443 @@ -0,0 +1,68 @@
444 +/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */
445 +/* ====================================================================
446 + * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
447 + *
448 + * Redistribution and use in source and binary forms, with or without
449 + * modification, are permitted provided that the following conditions
450 + * are met:
451 + *
452 + * 1. Redistributions of source code must retain the above copyright
453 + * notice, this list of conditions and the following disclaimer.
454 + *
455 + * 2. Redistributions in binary form must reproduce the above copyright
456 + * notice, this list of conditions and the following disclaimer in
457 + * the documentation and/or other materials provided with the
458 + * distribution.
459 + *
460 + * 3. All advertising materials mentioning features or use of this
461 + * software must display the following acknowledgment:
462 + * "This product includes software developed by the OpenSSL Project
463 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
464 + *
465 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
466 + * endorse or promote products derived from this software without
467 + * prior written permission. For written permission, please contact
468 + * openssl-core@openssl.org.
469 + *
470 + * 5. Products derived from this software may not be called "OpenSSL"
471 + * nor may "OpenSSL" appear in their names without prior written
472 + * permission of the OpenSSL Project.
473 + *
474 + * 6. Redistributions of any form whatsoever must retain the following
475 + * acknowledgment:
476 + * "This product includes software developed by the OpenSSL Project
477 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
478 + *
479 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
480 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
481 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
482 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
483 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
484 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
485 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
486 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
487 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
488 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
489 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
490 + * OF THE POSSIBILITY OF SUCH DAMAGE.
491 + * ====================================================================
492 + *
493 + */
494 +
495 +#include <openssl/opensslv.h>
496 +#include <openssl/camellia.h>
497 +#include "cmll_locl.h"
498 +#include <openssl/crypto.h>
499 +#ifdef OPENSSL_FIPS
500 +#include <openssl/fips.h>
501 +#endif
502 +
503 +#ifdef OPENSSL_FIPS
504 +int Camellia_set_key(const unsigned char *userKey, const int bits,
505 + CAMELLIA_KEY *key)
506 + {
507 + if (FIPS_mode())
508 + FIPS_BAD_ABORT(CAMELLIA)
509 + return private_Camellia_set_key(userKey, bits, key);
510 + }
511 +#endif
512 diff -up openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c
513 --- openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c.fips 2008-10-28 13:13:52.000000000 +0100
514 +++ openssl-1.0.0-beta3/crypto/camellia/cmll_misc.c 2009-09-30 13:25:58.000000000 +0200
515 @@ -52,11 +52,20 @@
516 #include <openssl/opensslv.h>
517 #include <openssl/camellia.h>
518 #include "cmll_locl.h"
519 +#include <openssl/crypto.h>
520 +#ifdef OPENSSL_FIPS
521 +#include <openssl/fips.h>
522 +#endif
523
524 const char CAMELLIA_version[]="CAMELLIA" OPENSSL_VERSION_PTEXT;
525
526 +#ifdef OPENSSL_FIPS
527 +int private_Camellia_set_key(const unsigned char *userKey, const int bits,
528 + CAMELLIA_KEY *key)
529 +#else
530 int Camellia_set_key(const unsigned char *userKey, const int bits,
531 CAMELLIA_KEY *key)
532 +#endif
533 {
534 if(!userKey || !key)
535 return -1;
536 diff -up openssl-1.0.0-beta3/crypto/camellia/Makefile.fips openssl-1.0.0-beta3/crypto/camellia/Makefile
537 --- openssl-1.0.0-beta3/crypto/camellia/Makefile.fips 2008-12-23 12:33:00.000000000 +0100
538 +++ openssl-1.0.0-beta3/crypto/camellia/Makefile 2009-09-30 13:25:58.000000000 +0200
539 @@ -23,9 +23,9 @@ APPS=
540
541 LIB=$(TOP)/libcrypto.a
542 LIBSRC=camellia.c cmll_misc.c cmll_ecb.c cmll_cbc.c cmll_ofb.c \
543 - cmll_cfb.c cmll_ctr.c
544 + cmll_cfb.c cmll_ctr.c cmll_fblk.c
545
546 -LIBOBJ= cmll_ecb.o cmll_ofb.o cmll_cfb.o cmll_ctr.o $(CMLL_ENC)
547 +LIBOBJ= cmll_ecb.o cmll_ofb.o cmll_cfb.o cmll_ctr.o $(CMLL_ENC) cmll_fblk.o
548
549 SRC= $(LIBSRC)
550
551 diff -up openssl-1.0.0-beta3/crypto/cast/cast.h.fips openssl-1.0.0-beta3/crypto/cast/cast.h
552 --- openssl-1.0.0-beta3/crypto/cast/cast.h.fips 2009-09-30 13:25:57.000000000 +0200
553 +++ openssl-1.0.0-beta3/crypto/cast/cast.h 2009-09-30 13:25:58.000000000 +0200
554 @@ -83,7 +83,9 @@ typedef struct cast_key_st
555 int short_key; /* Use reduced rounds for short key */
556 } CAST_KEY;
557
558 -
559 +#ifdef OPENSSL_FIPS
560 +void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
561 +#endif
562 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
563 void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
564 int enc);
565 diff -up openssl-1.0.0-beta3/crypto/cast/c_skey.c.fips openssl-1.0.0-beta3/crypto/cast/c_skey.c
566 --- openssl-1.0.0-beta3/crypto/cast/c_skey.c.fips 2000-06-03 16:13:35.000000000 +0200
567 +++ openssl-1.0.0-beta3/crypto/cast/c_skey.c 2009-09-30 13:25:58.000000000 +0200
568 @@ -57,6 +57,11 @@
569 */
570
571 #include <openssl/cast.h>
572 +#include <openssl/crypto.h>
573 +#ifdef OPENSSL_FIPS
574 +#include <openssl/fips.h>
575 +#endif
576 +
577 #include "cast_lcl.h"
578 #include "cast_s.h"
579
580 @@ -72,7 +77,7 @@
581 #define S6 CAST_S_table6
582 #define S7 CAST_S_table7
583
584 -void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
585 +FIPS_NON_FIPS_VCIPHER_Init(CAST)
586 {
587 CAST_LONG x[16];
588 CAST_LONG z[16];
589 diff -up openssl-1.0.0-beta3/crypto/crypto.h.fips openssl-1.0.0-beta3/crypto/crypto.h
590 --- openssl-1.0.0-beta3/crypto/crypto.h.fips 2009-09-30 13:25:57.000000000 +0200
591 +++ openssl-1.0.0-beta3/crypto/crypto.h 2009-09-30 13:25:58.000000000 +0200
592 @@ -546,12 +546,69 @@ void OpenSSLDie(const char *file,int lin
593 unsigned long *OPENSSL_ia32cap_loc(void);
594 #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
595
596 +#ifdef OPENSSL_FIPS
597 +#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
598 + alg " previous FIPS forbidden algorithm error ignored");
599 +
600 +#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
601 + #alg " Algorithm forbidden in FIPS mode");
602 +
603 +#ifdef OPENSSL_FIPS_STRICT
604 +#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg)
605 +#else
606 +#define FIPS_BAD_ALGORITHM(alg) \
607 + { \
608 + FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \
609 + ERR_add_error_data(2, "Algorithm=", #alg); \
610 + return 0; \
611 + }
612 +#endif
613 +
614 +/* Low level digest API blocking macro */
615 +
616 +#define FIPS_NON_FIPS_MD_Init(alg) \
617 + int alg##_Init(alg##_CTX *c) \
618 + { \
619 + if (FIPS_mode()) \
620 + FIPS_BAD_ALGORITHM(alg) \
621 + return private_##alg##_Init(c); \
622 + } \
623 + int private_##alg##_Init(alg##_CTX *c)
624 +
625 +/* For ciphers the API often varies from cipher to cipher and each needs to
626 + * be treated as a special case. Variable key length ciphers (Blowfish, RC4,
627 + * CAST) however are very similar and can use a blocking macro.
628 + */
629 +
630 +#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
631 + void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \
632 + { \
633 + if (FIPS_mode()) \
634 + FIPS_BAD_ABORT(alg) \
635 + private_##alg##_set_key(key, len, data); \
636 + } \
637 + void private_##alg##_set_key(alg##_KEY *key, int len, \
638 + const unsigned char *data)
639 +
640 +#else
641 +
642 +#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
643 + void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data)
644 +
645 +#define FIPS_NON_FIPS_MD_Init(alg) \
646 + int alg##_Init(alg##_CTX *c)
647 +
648 +#endif /* def OPENSSL_FIPS */
649 +
650 /* BEGIN ERROR CODES */
651 /* The following lines are auto generated by the script mkerr.pl. Any changes
652 * made after this point may be overwritten when the script is next run.
653 */
654 void ERR_load_CRYPTO_strings(void);
655
656 +#define OPENSSL_HAVE_INIT 1
657 +void OPENSSL_init_library(void);
658 +
659 /* Error codes for the CRYPTO functions. */
660
661 /* Function codes. */
662 diff -up openssl-1.0.0-beta3/crypto/dh/dh_err.c.fips openssl-1.0.0-beta3/crypto/dh/dh_err.c
663 --- openssl-1.0.0-beta3/crypto/dh/dh_err.c.fips 2006-11-21 22:29:37.000000000 +0100
664 +++ openssl-1.0.0-beta3/crypto/dh/dh_err.c 2009-09-30 13:25:58.000000000 +0200
665 @@ -73,6 +73,8 @@ static ERR_STRING_DATA DH_str_functs[]=
666 {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"},
667 {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
668 {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
669 +{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
670 +{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"},
671 {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
672 {ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"},
673 {ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"},
674 @@ -94,6 +96,7 @@ static ERR_STRING_DATA DH_str_reasons[]=
675 {ERR_REASON(DH_R_BN_ERROR) ,"bn error"},
676 {ERR_REASON(DH_R_DECODE_ERROR) ,"decode error"},
677 {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
678 +{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
679 {ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"},
680 {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
681 {ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"},
682 diff -up openssl-1.0.0-beta3/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta3/crypto/dh/dh_gen.c
683 --- openssl-1.0.0-beta3/crypto/dh/dh_gen.c.fips 2005-04-26 20:53:15.000000000 +0200
684 +++ openssl-1.0.0-beta3/crypto/dh/dh_gen.c 2009-09-30 13:25:58.000000000 +0200
685 @@ -65,6 +65,10 @@
686 #include "cryptlib.h"
687 #include <openssl/bn.h>
688 #include <openssl/dh.h>
689 +#include <openssl/err.h>
690 +#ifdef OPENSSL_FIPS
691 +#include <openssl/fips.h>
692 +#endif
693
694 static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
695
696 @@ -106,6 +110,20 @@ static int dh_builtin_genparams(DH *ret,
697 int g,ok= -1;
698 BN_CTX *ctx=NULL;
699
700 +#ifdef OPENSSL_FIPS
701 + if(FIPS_selftest_failed())
702 + {
703 + FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS,FIPS_R_FIPS_SELFTEST_FAILED);
704 + return 0;
705 + }
706 +
707 + if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
708 + {
709 + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
710 + goto err;
711 + }
712 +#endif
713 +
714 ctx=BN_CTX_new();
715 if (ctx == NULL) goto err;
716 BN_CTX_start(ctx);
717 diff -up openssl-1.0.0-beta3/crypto/dh/dh.h.fips openssl-1.0.0-beta3/crypto/dh/dh.h
718 --- openssl-1.0.0-beta3/crypto/dh/dh.h.fips 2009-09-30 13:25:57.000000000 +0200
719 +++ openssl-1.0.0-beta3/crypto/dh/dh.h 2009-09-30 13:25:58.000000000 +0200
720 @@ -77,6 +77,8 @@
721 # define OPENSSL_DH_MAX_MODULUS_BITS 10000
722 #endif
723
724 +#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
725 +
726 #define DH_FLAG_CACHE_MONT_P 0x01
727 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
728 * implementation now uses constant time
729 @@ -240,6 +242,8 @@ void ERR_load_DH_strings(void);
730 #define DH_F_GENERATE_PARAMETERS 104
731 #define DH_F_PKEY_DH_DERIVE 112
732 #define DH_F_PKEY_DH_KEYGEN 113
733 +#define DH_F_DH_COMPUTE_KEY 114
734 +#define DH_F_DH_GENERATE_KEY 115
735
736 /* Reason codes. */
737 #define DH_R_BAD_GENERATOR 101
738 @@ -252,6 +256,7 @@ void ERR_load_DH_strings(void);
739 #define DH_R_NO_PARAMETERS_SET 107
740 #define DH_R_NO_PRIVATE_VALUE 100
741 #define DH_R_PARAMETER_ENCODING_ERROR 105
742 +#define DH_R_KEY_SIZE_TOO_SMALL 110
743
744 #ifdef __cplusplus
745 }
746 diff -up openssl-1.0.0-beta3/crypto/dh/dh_key.c.fips openssl-1.0.0-beta3/crypto/dh/dh_key.c
747 --- openssl-1.0.0-beta3/crypto/dh/dh_key.c.fips 2007-03-28 02:15:23.000000000 +0200
748 +++ openssl-1.0.0-beta3/crypto/dh/dh_key.c 2009-09-30 13:25:58.000000000 +0200
749 @@ -61,6 +61,9 @@
750 #include <openssl/bn.h>
751 #include <openssl/rand.h>
752 #include <openssl/dh.h>
753 +#ifdef OPENSSL_FIPS
754 +#include <openssl/fips.h>
755 +#endif
756
757 static int generate_key(DH *dh);
758 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
759 @@ -107,6 +110,14 @@ static int generate_key(DH *dh)
760 BN_MONT_CTX *mont=NULL;
761 BIGNUM *pub_key=NULL,*priv_key=NULL;
762
763 +#ifdef OPENSSL_FIPS
764 + if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
765 + {
766 + DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
767 + return 0;
768 + }
769 +#endif
770 +
771 ctx = BN_CTX_new();
772 if (ctx == NULL) goto err;
773
774 @@ -184,6 +195,13 @@ static int compute_key(unsigned char *ke
775 DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
776 goto err;
777 }
778 +#ifdef OPENSSL_FIPS
779 + if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
780 + {
781 + DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
782 + goto err;
783 + }
784 +#endif
785
786 ctx = BN_CTX_new();
787 if (ctx == NULL) goto err;
788 @@ -251,6 +269,9 @@ static int dh_bn_mod_exp(const DH *dh, B
789
790 static int dh_init(DH *dh)
791 {
792 +#ifdef OPENSSL_FIPS
793 + FIPS_selftest_check();
794 +#endif
795 dh->flags |= DH_FLAG_CACHE_MONT_P;
796 return(1);
797 }
798 diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c
799 --- openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c.fips 2008-12-26 18:17:21.000000000 +0100
800 +++ openssl-1.0.0-beta3/crypto/dsa/dsa_gen.c 2009-09-30 13:25:58.000000000 +0200
801 @@ -77,8 +77,12 @@
802 #include "cryptlib.h"
803 #include <openssl/evp.h>
804 #include <openssl/bn.h>
805 +#include <openssl/dsa.h>
806 #include <openssl/rand.h>
807 #include <openssl/sha.h>
808 +#ifdef OPENSSL_FIPS
809 +#include <openssl/fips.h>
810 +#endif
811 #include "dsa_locl.h"
812
813 int DSA_generate_parameters_ex(DSA *ret, int bits,
814 @@ -126,6 +130,21 @@ int dsa_builtin_paramgen(DSA *ret, size_
815 BN_CTX *ctx=NULL;
816 unsigned int h=2;
817
818 +#ifdef OPENSSL_FIPS
819 + if(FIPS_selftest_failed())
820 + {
821 + FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN,
822 + FIPS_R_FIPS_SELFTEST_FAILED);
823 + goto err;
824 + }
825 +
826 + if (FIPS_mode() && (bits < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
827 + {
828 + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_TOO_SMALL);
829 + goto err;
830 + }
831 +#endif
832 +
833 if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
834 qsize != SHA256_DIGEST_LENGTH)
835 /* invalid q size */
836 diff -up openssl-1.0.0-beta3/crypto/dsa/dsa.h.fips openssl-1.0.0-beta3/crypto/dsa/dsa.h
837 --- openssl-1.0.0-beta3/crypto/dsa/dsa.h.fips 2009-09-30 13:25:57.000000000 +0200
838 +++ openssl-1.0.0-beta3/crypto/dsa/dsa.h 2009-09-30 13:25:58.000000000 +0200
839 @@ -88,6 +88,8 @@
840 # define OPENSSL_DSA_MAX_MODULUS_BITS 10000
841 #endif
842
843 +#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
844 +
845 #define DSA_FLAG_CACHE_MONT_P 0x01
846 #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
847 * implementation now uses constant time
848 @@ -97,6 +99,21 @@
849 * be used for all exponents.
850 */
851
852 +/* If this flag is set the DSA method is FIPS compliant and can be used
853 + * in FIPS mode. This is set in the validated module method. If an
854 + * application sets this flag in its own methods it is its reposibility
855 + * to ensure the result is compliant.
856 + */
857 +
858 +#define DSA_FLAG_FIPS_METHOD 0x0400
859 +
860 +/* If this flag is set the operations normally disabled in FIPS mode are
861 + * permitted it is then the applications responsibility to ensure that the
862 + * usage is compliant.
863 + */
864 +
865 +#define DSA_FLAG_NON_FIPS_ALLOW 0x0400
866 +
867 #ifdef __cplusplus
868 extern "C" {
869 #endif
870 @@ -270,8 +287,11 @@ void ERR_load_DSA_strings(void);
871 #define DSA_F_DO_DSA_PRINT 104
872 #define DSA_F_DSAPARAMS_PRINT 100
873 #define DSA_F_DSAPARAMS_PRINT_FP 101
874 +#define DSA_F_DSA_BUILTIN_KEYGEN 124
875 +#define DSA_F_DSA_BUILTIN_PARAMGEN 123
876 #define DSA_F_DSA_DO_SIGN 112
877 #define DSA_F_DSA_DO_VERIFY 113
878 +#define DSA_F_DSA_GENERATE_PARAMETERS 125
879 #define DSA_F_DSA_NEW_METHOD 103
880 #define DSA_F_DSA_PARAM_DECODE 119
881 #define DSA_F_DSA_PRINT_FP 105
882 @@ -296,9 +316,12 @@ void ERR_load_DSA_strings(void);
883 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
884 #define DSA_R_DECODE_ERROR 104
885 #define DSA_R_INVALID_DIGEST_TYPE 106
886 +#define DSA_R_KEY_SIZE_TOO_SMALL 110
887 #define DSA_R_MISSING_PARAMETERS 101
888 #define DSA_R_MODULUS_TOO_LARGE 103
889 +#define DSA_R_NON_FIPS_METHOD 111
890 #define DSA_R_NO_PARAMETERS_SET 107
891 +#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 112
892 #define DSA_R_PARAMETER_ENCODING_ERROR 105
893
894 #ifdef __cplusplus
895 diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta3/crypto/dsa/dsa_key.c
896 --- openssl-1.0.0-beta3/crypto/dsa/dsa_key.c.fips 2007-03-28 02:15:25.000000000 +0200
897 +++ openssl-1.0.0-beta3/crypto/dsa/dsa_key.c 2009-09-30 17:01:34.000000000 +0200
898 @@ -63,9 +63,53 @@
899 #include <openssl/bn.h>
900 #include <openssl/dsa.h>
901 #include <openssl/rand.h>
902 +#include <openssl/err.h>
903 +#include <openssl/evp.h>
904 +#include <openssl/fips.h>
905 +#include "fips_locl.h"
906
907 static int dsa_builtin_keygen(DSA *dsa);
908
909 +#ifdef OPENSSL_FIPS
910 +
911 +static int fips_dsa_pairwise_fail = 0;
912 +
913 +void FIPS_corrupt_dsa_keygen(void)
914 + {
915 + fips_dsa_pairwise_fail = 1;
916 + }
917 +
918 +int fips_check_dsa(DSA *dsa)
919 + {
920 + EVP_PKEY *pk;
921 + unsigned char tbs[] = "DSA Pairwise Check Data";
922 + int ret = 0;
923 +
924 + if ((pk=EVP_PKEY_new()) == NULL)
925 + goto err;
926 +
927 + EVP_PKEY_set1_DSA(pk, dsa);
928 +
929 + if (!fips_pkey_signature_test(pk, tbs, -1,
930 + NULL, 0, EVP_sha1(), 0, NULL))
931 + goto err;
932 +
933 + ret = 1;
934 +
935 +err:
936 + if (ret == 0)
937 + {
938 + fips_set_selftest_fail();
939 + FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
940 + }
941 +
942 + if (pk)
943 + EVP_PKEY_free(pk);
944 +
945 + return ret;
946 + }
947 +#endif
948 +
949 int DSA_generate_key(DSA *dsa)
950 {
951 if(dsa->meth->dsa_keygen)
952 @@ -79,6 +123,14 @@ static int dsa_builtin_keygen(DSA *dsa)
953 BN_CTX *ctx=NULL;
954 BIGNUM *pub_key=NULL,*priv_key=NULL;
955
956 +#ifdef OPENSSL_FIPS
957 + if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
958 + {
959 + DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
960 + goto err;
961 + }
962 +#endif
963 +
964 if ((ctx=BN_CTX_new()) == NULL) goto err;
965
966 if (dsa->priv_key == NULL)
967 @@ -117,6 +169,15 @@ static int dsa_builtin_keygen(DSA *dsa)
968
969 dsa->priv_key=priv_key;
970 dsa->pub_key=pub_key;
971 +#ifdef OPENSSL_FIPS
972 + if (FIPS_mode())
973 + {
974 + if (fips_dsa_pairwise_fail)
975 + BN_add_word(dsa->pub_key, 1);
976 + if(!fips_check_dsa(dsa))
977 + goto err;
978 + }
979 +#endif
980 ok=1;
981
982 err:
983 diff -up openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c
984 --- openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c.fips 2007-03-28 02:15:26.000000000 +0200
985 +++ openssl-1.0.0-beta3/crypto/dsa/dsa_ossl.c 2009-09-30 13:25:58.000000000 +0200
986 @@ -65,6 +65,9 @@
987 #include <openssl/dsa.h>
988 #include <openssl/rand.h>
989 #include <openssl/asn1.h>
990 +#ifdef OPENSSL_FIPS
991 +#include <openssl/fips.h>
992 +#endif
993
994 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
995 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
996 @@ -82,7 +85,7 @@ NULL, /* dsa_mod_exp, */
997 NULL, /* dsa_bn_mod_exp, */
998 dsa_init,
999 dsa_finish,
1000 -0,
1001 +DSA_FLAG_FIPS_METHOD,
1002 NULL,
1003 NULL,
1004 NULL
1005 @@ -137,6 +140,20 @@ static DSA_SIG *dsa_do_sign(const unsign
1006 int reason=ERR_R_BN_LIB;
1007 DSA_SIG *ret=NULL;
1008
1009 +#ifdef OPENSSL_FIPS
1010 + if(FIPS_selftest_failed())
1011 + {
1012 + FIPSerr(FIPS_F_DSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
1013 + return NULL;
1014 + }
1015 +
1016 + if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
1017 + {
1018 + DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
1019 + return NULL;
1020 + }
1021 +#endif
1022 +
1023 BN_init(&m);
1024 BN_init(&xr);
1025
1026 @@ -312,6 +329,20 @@ static int dsa_do_verify(const unsigned
1027 return -1;
1028 }
1029
1030 +#ifdef OPENSSL_FIPS
1031 + if(FIPS_selftest_failed())
1032 + {
1033 + FIPSerr(FIPS_F_DSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
1034 + return -1;
1035 + }
1036 +
1037 + if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
1038 + {
1039 + DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);
1040 + return -1;
1041 + }
1042 +#endif
1043 +
1044 i = BN_num_bits(dsa->q);
1045 /* fips 186-3 allows only different sizes for q */
1046 if (i != 160 && i != 224 && i != 256)
1047 @@ -403,6 +434,9 @@ static int dsa_do_verify(const unsigned
1048
1049 static int dsa_init(DSA *dsa)
1050 {
1051 +#ifdef OPENSSL_FIPS
1052 + FIPS_selftest_check();
1053 +#endif
1054 dsa->flags|=DSA_FLAG_CACHE_MONT_P;
1055 return(1);
1056 }
1057 diff -up openssl-1.0.0-beta3/crypto/err/err_all.c.fips openssl-1.0.0-beta3/crypto/err/err_all.c
1058 --- openssl-1.0.0-beta3/crypto/err/err_all.c.fips 2008-11-24 18:27:06.000000000 +0100
1059 +++ openssl-1.0.0-beta3/crypto/err/err_all.c 2009-09-30 13:25:58.000000000 +0200
1060 @@ -96,6 +96,9 @@
1061 #include <openssl/ocsp.h>
1062 #include <openssl/err.h>
1063 #include <openssl/ts.h>
1064 +#ifdef OPENSSL_FIPS
1065 +#include <openssl/fips.h>
1066 +#endif
1067 #ifndef OPENSSL_NO_CMS
1068 #include <openssl/cms.h>
1069 #endif
1070 @@ -148,6 +151,9 @@ void ERR_load_crypto_strings(void)
1071 #endif
1072 ERR_load_OCSP_strings();
1073 ERR_load_UI_strings();
1074 +#ifdef OPENSSL_FIPS
1075 + ERR_load_FIPS_strings();
1076 +#endif
1077 #ifndef OPENSSL_NO_CMS
1078 ERR_load_CMS_strings();
1079 #endif
1080 diff -up openssl-1.0.0-beta3/crypto/evp/digest.c.fips openssl-1.0.0-beta3/crypto/evp/digest.c
1081 --- openssl-1.0.0-beta3/crypto/evp/digest.c.fips 2008-11-04 13:06:09.000000000 +0100
1082 +++ openssl-1.0.0-beta3/crypto/evp/digest.c 2009-09-30 13:25:58.000000000 +0200
1083 @@ -116,6 +116,7 @@
1084 #ifndef OPENSSL_NO_ENGINE
1085 #include <openssl/engine.h>
1086 #endif
1087 +#include "evp_locl.h"
1088
1089 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
1090 {
1091 @@ -137,9 +138,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
1092 return EVP_DigestInit_ex(ctx, type, NULL);
1093 }
1094
1095 +#ifdef OPENSSL_FIPS
1096 +
1097 +/* The purpose of these is to trap programs that attempt to use non FIPS
1098 + * algorithms in FIPS mode and ignore the errors.
1099 + */
1100 +
1101 +static int bad_init(EVP_MD_CTX *ctx)
1102 + { FIPS_ERROR_IGNORED("Digest init"); return 0;}
1103 +
1104 +static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count)
1105 + { FIPS_ERROR_IGNORED("Digest update"); return 0;}
1106 +
1107 +static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
1108 + { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
1109 +
1110 +static const EVP_MD bad_md =
1111 + {
1112 + 0,
1113 + 0,
1114 + 0,
1115 + 0,
1116 + bad_init,
1117 + bad_update,
1118 + bad_final,
1119 + NULL,
1120 + NULL,
1121 + NULL,
1122 + 0,
1123 + {0,0,0,0},
1124 + };
1125 +
1126 +#endif
1127 +
1128 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
1129 {
1130 EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
1131 +#ifdef OPENSSL_FIPS
1132 + if(FIPS_selftest_failed())
1133 + {
1134 + FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
1135 + ctx->digest = &bad_md;
1136 + return 0;
1137 + }
1138 +#endif
1139 #ifndef OPENSSL_NO_ENGINE
1140 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
1141 * so this context may already have an ENGINE! Try to avoid releasing
1142 @@ -195,6 +237,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
1143 #endif
1144 if (ctx->digest != type)
1145 {
1146 +#ifdef OPENSSL_FIPS
1147 + if (FIPS_mode())
1148 + {
1149 + if (!(type->flags & EVP_MD_FLAG_FIPS)
1150 + && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
1151 + {
1152 + EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
1153 + ctx->digest = &bad_md;
1154 + return 0;
1155 + }
1156 + }
1157 +#endif
1158 if (ctx->digest && ctx->digest->ctx_size)
1159 OPENSSL_free(ctx->md_data);
1160 ctx->digest=type;
1161 @@ -222,6 +276,9 @@ skip_to_init:
1162
1163 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
1164 {
1165 +#ifdef OPENSSL_FIPS
1166 + FIPS_selftest_check();
1167 +#endif
1168 return ctx->update(ctx,data,count);
1169 }
1170
1171 @@ -238,6 +295,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns
1172 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
1173 {
1174 int ret;
1175 +#ifdef OPENSSL_FIPS
1176 + FIPS_selftest_check();
1177 +#endif
1178
1179 OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
1180 ret=ctx->digest->final(ctx,md);
1181 diff -up openssl-1.0.0-beta3/crypto/evp/e_aes.c.fips openssl-1.0.0-beta3/crypto/evp/e_aes.c
1182 --- openssl-1.0.0-beta3/crypto/evp/e_aes.c.fips 2004-01-28 20:05:33.000000000 +0100
1183 +++ openssl-1.0.0-beta3/crypto/evp/e_aes.c 2009-09-30 13:25:58.000000000 +0200
1184 @@ -69,32 +69,29 @@ typedef struct
1185
1186 IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
1187 NID_aes_128, 16, 16, 16, 128,
1188 - 0, aes_init_key, NULL,
1189 - EVP_CIPHER_set_asn1_iv,
1190 - EVP_CIPHER_get_asn1_iv,
1191 - NULL)
1192 + EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1193 + aes_init_key,
1194 + NULL, NULL, NULL, NULL)
1195 IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
1196 NID_aes_192, 16, 24, 16, 128,
1197 - 0, aes_init_key, NULL,
1198 - EVP_CIPHER_set_asn1_iv,
1199 - EVP_CIPHER_get_asn1_iv,
1200 - NULL)
1201 + EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1202 + aes_init_key,
1203 + NULL, NULL, NULL, NULL)
1204 IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
1205 NID_aes_256, 16, 32, 16, 128,
1206 - 0, aes_init_key, NULL,
1207 - EVP_CIPHER_set_asn1_iv,
1208 - EVP_CIPHER_get_asn1_iv,
1209 - NULL)
1210 -
1211 -#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16)
1212 -
1213 -IMPLEMENT_AES_CFBR(128,1)
1214 -IMPLEMENT_AES_CFBR(192,1)
1215 -IMPLEMENT_AES_CFBR(256,1)
1216 -
1217 -IMPLEMENT_AES_CFBR(128,8)
1218 -IMPLEMENT_AES_CFBR(192,8)
1219 -IMPLEMENT_AES_CFBR(256,8)
1220 + EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1221 + aes_init_key,
1222 + NULL, NULL, NULL, NULL)
1223 +
1224 +#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
1225 +
1226 +IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS)
1227 +IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS)
1228 +IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS)
1229 +
1230 +IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
1231 +IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
1232 +IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS)
1233
1234 static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1235 const unsigned char *iv, int enc)
1236 diff -up openssl-1.0.0-beta3/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta3/crypto/evp/e_camellia.c
1237 --- openssl-1.0.0-beta3/crypto/evp/e_camellia.c.fips 2006-08-31 22:56:20.000000000 +0200
1238 +++ openssl-1.0.0-beta3/crypto/evp/e_camellia.c 2009-09-30 13:25:58.000000000 +0200
1239 @@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks,
1240 EVP_CIPHER_get_asn1_iv,
1241 NULL)
1242
1243 -#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16)
1244 +#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16,0)
1245
1246 IMPLEMENT_CAMELLIA_CFBR(128,1)
1247 IMPLEMENT_CAMELLIA_CFBR(192,1)
1248 diff -up openssl-1.0.0-beta3/crypto/evp/e_des3.c.fips openssl-1.0.0-beta3/crypto/evp/e_des3.c
1249 --- openssl-1.0.0-beta3/crypto/evp/e_des3.c.fips 2008-12-29 13:35:47.000000000 +0100
1250 +++ openssl-1.0.0-beta3/crypto/evp/e_des3.c 2009-09-30 13:25:58.000000000 +0200
1251 @@ -206,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH
1252 }
1253
1254 BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
1255 - EVP_CIPH_RAND_KEY, des_ede_init_key, NULL,
1256 - EVP_CIPHER_set_asn1_iv,
1257 - EVP_CIPHER_get_asn1_iv,
1258 + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1259 + des_ede_init_key,
1260 + NULL, NULL, NULL,
1261 des3_ctrl)
1262
1263 #define des_ede3_cfb64_cipher des_ede_cfb64_cipher
1264 @@ -217,21 +217,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY,
1265 #define des_ede3_ecb_cipher des_ede_ecb_cipher
1266
1267 BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
1268 - EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
1269 - EVP_CIPHER_set_asn1_iv,
1270 - EVP_CIPHER_get_asn1_iv,
1271 + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1272 + des_ede3_init_key,
1273 + NULL, NULL, NULL,
1274 des3_ctrl)
1275
1276 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
1277 - EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
1278 - EVP_CIPHER_set_asn1_iv,
1279 - EVP_CIPHER_get_asn1_iv,
1280 + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1281 + des_ede3_init_key,
1282 + NULL, NULL, NULL,
1283 des3_ctrl)
1284
1285 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
1286 - EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
1287 - EVP_CIPHER_set_asn1_iv,
1288 - EVP_CIPHER_get_asn1_iv,
1289 + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
1290 + des_ede3_init_key,
1291 + NULL, NULL, NULL,
1292 des3_ctrl)
1293
1294 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1295 diff -up openssl-1.0.0-beta3/crypto/evp/e_null.c.fips openssl-1.0.0-beta3/crypto/evp/e_null.c
1296 --- openssl-1.0.0-beta3/crypto/evp/e_null.c.fips 2008-10-31 20:48:24.000000000 +0100
1297 +++ openssl-1.0.0-beta3/crypto/evp/e_null.c 2009-09-30 13:25:58.000000000 +0200
1298 @@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher=
1299 {
1300 NID_undef,
1301 1,0,0,
1302 - 0,
1303 + EVP_CIPH_FLAG_FIPS,
1304 null_init_key,
1305 null_cipher,
1306 NULL,
1307 diff -up openssl-1.0.0-beta3/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta3/crypto/evp/evp_enc.c
1308 --- openssl-1.0.0-beta3/crypto/evp/evp_enc.c.fips 2008-11-12 04:58:00.000000000 +0100
1309 +++ openssl-1.0.0-beta3/crypto/evp/evp_enc.c 2009-09-30 13:25:58.000000000 +0200
1310 @@ -68,8 +68,53 @@
1311
1312 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
1313
1314 +#ifdef OPENSSL_FIPS
1315 +
1316 +/* The purpose of these is to trap programs that attempt to use non FIPS
1317 + * algorithms in FIPS mode and ignore the errors.
1318 + */
1319 +
1320 +static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
1321 + const unsigned char *iv, int enc)
1322 + { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
1323 +
1324 +static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
1325 + const unsigned char *in, unsigned int inl)
1326 + { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
1327 +
1328 +/* NB: no cleanup because it is allowed after failed init */
1329 +
1330 +static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
1331 + { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
1332 +static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
1333 + { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
1334 +static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
1335 + { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
1336 +
1337 +static const EVP_CIPHER bad_cipher =
1338 + {
1339 + 0,
1340 + 0,
1341 + 0,
1342 + 0,
1343 + 0,
1344 + bad_init,
1345 + bad_do_cipher,
1346 + NULL,
1347 + 0,
1348 + bad_set_asn1,
1349 + bad_get_asn1,
1350 + bad_ctrl,
1351 + NULL
1352 + };
1353 +
1354 +#endif
1355 +
1356 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
1357 {
1358 +#ifdef OPENSSL_FIPS
1359 + FIPS_selftest_check();
1360 +#endif
1361 memset(ctx,0,sizeof(EVP_CIPHER_CTX));
1362 /* ctx->cipher=NULL; */
1363 }
1364 @@ -101,6 +146,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
1365 enc = 1;
1366 ctx->encrypt = enc;
1367 }
1368 +#ifdef OPENSSL_FIPS
1369 + if(FIPS_selftest_failed())
1370 + {
1371 + FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
1372 + ctx->cipher = &bad_cipher;
1373 + return 0;
1374 + }
1375 +#endif
1376 #ifndef OPENSSL_NO_ENGINE
1377 /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
1378 * so this context may already have an ENGINE! Try to avoid releasing
1379 @@ -219,6 +272,22 @@ skip_to_init:
1380 }
1381 }
1382
1383 +#ifdef OPENSSL_FIPS
1384 + /* After 'key' is set no further parameters changes are permissible.
1385 + * So only check for non FIPS enabling at this point.
1386 + */
1387 + if (key && FIPS_mode())
1388 + {
1389 + if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
1390 + & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
1391 + {
1392 + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS);
1393 + ctx->cipher = &bad_cipher;
1394 + return 0;
1395 + }
1396 + }
1397 +#endif
1398 +
1399 if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
1400 if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
1401 }
1402 diff -up openssl-1.0.0-beta3/crypto/evp/evp_err.c.fips openssl-1.0.0-beta3/crypto/evp/evp_err.c
1403 --- openssl-1.0.0-beta3/crypto/evp/evp_err.c.fips 2008-12-29 17:11:54.000000000 +0100
1404 +++ openssl-1.0.0-beta3/crypto/evp/evp_err.c 2009-09-30 13:25:58.000000000 +0200
1405 @@ -154,6 +154,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
1406 {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"},
1407 {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"},
1408 {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS) ,"different parameters"},
1409 +{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"},
1410 {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"},
1411 {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
1412 {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"},
1413 diff -up openssl-1.0.0-beta3/crypto/evp/evp.h.fips openssl-1.0.0-beta3/crypto/evp/evp.h
1414 --- openssl-1.0.0-beta3/crypto/evp/evp.h.fips 2009-09-30 13:25:57.000000000 +0200
1415 +++ openssl-1.0.0-beta3/crypto/evp/evp.h 2009-09-30 14:40:54.000000000 +0200
1416 @@ -75,6 +75,10 @@
1417 #include <openssl/bio.h>
1418 #endif
1419
1420 +#ifdef OPENSSL_FIPS
1421 +#include <openssl/fips.h>
1422 +#endif
1423 +
1424 /*
1425 #define EVP_RC2_KEY_SIZE 16
1426 #define EVP_RC4_KEY_SIZE 16
1427 @@ -197,6 +201,8 @@ typedef int evp_verify_method(int type,c
1428
1429 #define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004
1430
1431 +#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */
1432 +
1433 /* DigestAlgorithmIdentifier flags... */
1434
1435 #define EVP_MD_FLAG_DIGALGID_MASK 0x0018
1436 @@ -269,10 +275,6 @@ struct env_md_ctx_st
1437 * cleaned */
1438 #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
1439 * in EVP_MD_CTX_cleanup */
1440 -/* FIPS and pad options are ignored in 1.0.0, definitions are here
1441 - * so we don't accidentally reuse the values for other purposes.
1442 - */
1443 -
1444 #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
1445 * in FIPS mode */
1446
1447 @@ -284,6 +286,10 @@ struct env_md_ctx_st
1448 #define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */
1449 #define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */
1450 #define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */
1451 +#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \
1452 + ((ctx->flags>>16) &0xFFFF) /* seed length */
1453 +#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */
1454 +#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */
1455
1456 #define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */
1457
1458 @@ -330,6 +336,14 @@ struct evp_cipher_st
1459 #define EVP_CIPH_NO_PADDING 0x100
1460 /* cipher handles random key generation */
1461 #define EVP_CIPH_RAND_KEY 0x200
1462 +/* Note if suitable for use in FIPS mode */
1463 +#define EVP_CIPH_FLAG_FIPS 0x400
1464 +/* Allow non FIPS cipher in FIPS mode */
1465 +#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
1466 +/* Allow use default ASN1 get/set iv */
1467 +#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
1468 +/* Buffer length in bits not bytes: CFB1 mode only */
1469 +#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
1470
1471 /* ctrl() values */
1472
1473 @@ -507,6 +521,10 @@ int EVP_BytesToKey(const EVP_CIPHER *typ
1474 const unsigned char *salt, const unsigned char *data,
1475 int datal, int count, unsigned char *key,unsigned char *iv);
1476
1477 +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
1478 +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
1479 +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags);
1480 +
1481 int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
1482 const unsigned char *key, const unsigned char *iv);
1483 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
1484 @@ -1225,6 +1243,7 @@ void ERR_load_EVP_strings(void);
1485 #define EVP_R_DECODE_ERROR 114
1486 #define EVP_R_DIFFERENT_KEY_TYPES 101
1487 #define EVP_R_DIFFERENT_PARAMETERS 153
1488 +#define EVP_R_DISABLED_FOR_FIPS 160
1489 #define EVP_R_ENCODE_ERROR 115
1490 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
1491 #define EVP_R_EXPECTING_AN_RSA_KEY 127
1492 diff -up openssl-1.0.0-beta3/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta3/crypto/evp/evp_lib.c
1493 --- openssl-1.0.0-beta3/crypto/evp/evp_lib.c.fips 2009-04-10 12:30:27.000000000 +0200
1494 +++ openssl-1.0.0-beta3/crypto/evp/evp_lib.c 2009-09-30 13:25:58.000000000 +0200
1495 @@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_
1496
1497 if (c->cipher->set_asn1_parameters != NULL)
1498 ret=c->cipher->set_asn1_parameters(c,type);
1499 + else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
1500 + ret=EVP_CIPHER_set_asn1_iv(c, type);
1501 else
1502 ret=-1;
1503 return(ret);
1504 @@ -78,6 +80,8 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_
1505
1506 if (c->cipher->get_asn1_parameters != NULL)
1507 ret=c->cipher->get_asn1_parameters(c,type);
1508 + else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
1509 + ret=EVP_CIPHER_get_asn1_iv(c, type);
1510 else
1511 ret=-1;
1512 return(ret);
1513 @@ -180,6 +184,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_
1514
1515 int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
1516 {
1517 +#ifdef OPENSSL_FIPS
1518 + FIPS_selftest_check();
1519 +#endif
1520 return ctx->cipher->do_cipher(ctx,out,in,inl);
1521 }
1522
1523 @@ -289,3 +296,18 @@ int EVP_MD_CTX_test_flags(const EVP_MD_C
1524 {
1525 return (ctx->flags & flags);
1526 }
1527 +
1528 +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
1529 + {
1530 + ctx->flags |= flags;
1531 + }
1532 +
1533 +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
1534 + {
1535 + ctx->flags &= ~flags;
1536 + }
1537 +
1538 +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
1539 + {
1540 + return (ctx->flags & flags);
1541 + }
1542 diff -up openssl-1.0.0-beta3/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta3/crypto/evp/evp_locl.h
1543 --- openssl-1.0.0-beta3/crypto/evp/evp_locl.h.fips 2009-09-30 13:25:57.000000000 +0200
1544 +++ openssl-1.0.0-beta3/crypto/evp/evp_locl.h 2009-09-30 13:25:58.000000000 +0200
1545 @@ -111,11 +111,11 @@ static int cname##_cbc_cipher(EVP_CIPHER
1546 static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
1547 {\
1548 size_t chunk=EVP_MAXCHUNK;\
1549 - if (cbits==1) chunk>>=3;\
1550 + if (cbits==1 && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS)) chunk>>=3;\
1551 if (inl<chunk) chunk=inl;\
1552 while(inl && inl>=chunk)\
1553 {\
1554 - cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
1555 + cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1 && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS)?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
1556 inl-=chunk;\
1557 in +=chunk;\
1558 out+=chunk;\
1559 @@ -254,14 +254,29 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
1560
1561 #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data)
1562
1563 -#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \
1564 +#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \
1565 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
1566 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
1567 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
1568 - 0, cipher##_init_key, NULL, \
1569 - EVP_CIPHER_set_asn1_iv, \
1570 - EVP_CIPHER_get_asn1_iv, \
1571 - NULL)
1572 + (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
1573 + cipher##_init_key, NULL, NULL, NULL, NULL)
1574 +
1575 +#ifdef OPENSSL_FIPS
1576 +#define RC2_set_key private_RC2_set_key
1577 +#define RC4_set_key private_RC4_set_key
1578 +#define CAST_set_key private_CAST_set_key
1579 +#define RC5_32_set_key private_RC5_32_set_key
1580 +#define BF_set_key private_BF_set_key
1581 +#define Camellia_set_key private_Camellia_set_key
1582 +#define idea_set_encrypt_key private_idea_set_encrypt_key
1583 +
1584 +#define MD5_Init private_MD5_Init
1585 +#define MD4_Init private_MD4_Init
1586 +#define MD2_Init private_MD2_Init
1587 +#define MDC2_Init private_MDC2_Init
1588 +#define SHA_Init private_SHA_Init
1589 +
1590 +#endif
1591
1592 struct evp_pkey_ctx_st
1593 {
1594 diff -up openssl-1.0.0-beta3/crypto/evp/m_dss.c.fips openssl-1.0.0-beta3/crypto/evp/m_dss.c
1595 --- openssl-1.0.0-beta3/crypto/evp/m_dss.c.fips 2006-04-19 19:05:57.000000000 +0200
1596 +++ openssl-1.0.0-beta3/crypto/evp/m_dss.c 2009-09-30 13:25:58.000000000 +0200
1597 @@ -81,7 +81,7 @@ static const EVP_MD dsa_md=
1598 NID_dsaWithSHA,
1599 NID_dsaWithSHA,
1600 SHA_DIGEST_LENGTH,
1601 - EVP_MD_FLAG_PKEY_DIGEST,
1602 + EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
1603 init,
1604 update,
1605 final,
1606 diff -up openssl-1.0.0-beta3/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta3/crypto/evp/m_dss1.c
1607 --- openssl-1.0.0-beta3/crypto/evp/m_dss1.c.fips 2006-04-19 19:05:57.000000000 +0200
1608 +++ openssl-1.0.0-beta3/crypto/evp/m_dss1.c 2009-09-30 13:25:58.000000000 +0200
1609 @@ -82,7 +82,7 @@ static const EVP_MD dss1_md=
1610 NID_dsa,
1611 NID_dsaWithSHA1,
1612 SHA_DIGEST_LENGTH,
1613 - EVP_MD_FLAG_PKEY_DIGEST,
1614 + EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
1615 init,
1616 update,
1617 final,
1618 diff -up openssl-1.0.0-beta3/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta3/crypto/evp/m_sha1.c
1619 --- openssl-1.0.0-beta3/crypto/evp/m_sha1.c.fips 2008-03-12 22:14:24.000000000 +0100
1620 +++ openssl-1.0.0-beta3/crypto/evp/m_sha1.c 2009-09-30 13:25:58.000000000 +0200
1621 @@ -82,7 +82,8 @@ static const EVP_MD sha1_md=
1622 NID_sha1,
1623 NID_sha1WithRSAEncryption,
1624 SHA_DIGEST_LENGTH,
1625 - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
1626 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
1627 + EVP_MD_FLAG_FIPS,
1628 init,
1629 update,
1630 final,
1631 @@ -119,7 +120,8 @@ static const EVP_MD sha224_md=
1632 NID_sha224,
1633 NID_sha224WithRSAEncryption,
1634 SHA224_DIGEST_LENGTH,
1635 - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
1636 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
1637 + EVP_MD_FLAG_FIPS,
1638 init224,
1639 update256,
1640 final256,
1641 @@ -138,7 +140,8 @@ static const EVP_MD sha256_md=
1642 NID_sha256,
1643 NID_sha256WithRSAEncryption,
1644 SHA256_DIGEST_LENGTH,
1645 - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
1646 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
1647 + EVP_MD_FLAG_FIPS,
1648 init256,
1649 update256,
1650 final256,
1651 @@ -169,7 +172,8 @@ static const EVP_MD sha384_md=
1652 NID_sha384,
1653 NID_sha384WithRSAEncryption,
1654 SHA384_DIGEST_LENGTH,
1655 - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
1656 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
1657 + EVP_MD_FLAG_FIPS,
1658 init384,
1659 update512,
1660 final512,
1661 @@ -188,7 +192,8 @@ static const EVP_MD sha512_md=
1662 NID_sha512,
1663 NID_sha512WithRSAEncryption,
1664 SHA512_DIGEST_LENGTH,
1665 - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
1666 + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
1667 + EVP_MD_FLAG_FIPS,
1668 init512,
1669 update512,
1670 final512,
1671 diff -up openssl-1.0.0-beta3/crypto/evp/names.c.fips openssl-1.0.0-beta3/crypto/evp/names.c
1672 --- openssl-1.0.0-beta3/crypto/evp/names.c.fips 2009-04-10 12:30:27.000000000 +0200
1673 +++ openssl-1.0.0-beta3/crypto/evp/names.c 2009-09-30 13:25:58.000000000 +0200
1674 @@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c)
1675 {
1676 int r;
1677
1678 +#ifdef OPENSSL_FIPS
1679 + OPENSSL_init_library();
1680 +#endif
1681 +
1682 r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
1683 if (r == 0) return(0);
1684 check_defer(c->nid);
1685 @@ -79,6 +83,10 @@ int EVP_add_digest(const EVP_MD *md)
1686 int r;
1687 const char *name;
1688
1689 +#ifdef OPENSSL_FIPS
1690 + OPENSSL_init_library();
1691 +#endif
1692 +
1693 name=OBJ_nid2sn(md->type);
1694 r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
1695 if (r == 0) return(0);
1696 diff -up openssl-1.0.0-beta3/crypto/evp/p_sign.c.fips openssl-1.0.0-beta3/crypto/evp/p_sign.c
1697 --- openssl-1.0.0-beta3/crypto/evp/p_sign.c.fips 2006-05-24 15:29:30.000000000 +0200
1698 +++ openssl-1.0.0-beta3/crypto/evp/p_sign.c 2009-09-30 15:07:14.000000000 +0200
1699 @@ -61,6 +61,7 @@
1700 #include <openssl/evp.h>
1701 #include <openssl/objects.h>
1702 #include <openssl/x509.h>
1703 +#include <openssl/rsa.h>
1704
1705 #ifdef undef
1706 void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
1707 @@ -101,6 +102,22 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsig
1708 goto err;
1709 if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
1710 goto err;
1711 + if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931)
1712 + if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0)
1713 + goto err;
1714 + if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS)
1715 + {
1716 + int saltlen;
1717 + if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
1718 + goto err;
1719 + saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx);
1720 + if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
1721 + saltlen = -1;
1722 + else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
1723 + saltlen = -2;
1724 + if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
1725 + goto err;
1726 + }
1727 if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
1728 goto err;
1729 *siglen = sltmp;
1730 diff -up openssl-1.0.0-beta3/crypto/evp/p_verify.c.fips openssl-1.0.0-beta3/crypto/evp/p_verify.c
1731 --- openssl-1.0.0-beta3/crypto/evp/p_verify.c.fips 2008-11-12 04:58:01.000000000 +0100
1732 +++ openssl-1.0.0-beta3/crypto/evp/p_verify.c 2009-09-30 15:07:27.000000000 +0200
1733 @@ -61,6 +61,7 @@
1734 #include <openssl/evp.h>
1735 #include <openssl/objects.h>
1736 #include <openssl/x509.h>
1737 +#include <openssl/rsa.h>
1738
1739 int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
1740 unsigned int siglen, EVP_PKEY *pkey)
1741 @@ -86,6 +87,22 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, con
1742 goto err;
1743 if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
1744 goto err;
1745 + if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931)
1746 + if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0)
1747 + goto err;
1748 + if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS)
1749 + {
1750 + int saltlen;
1751 + if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
1752 + goto err;
1753 + saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx);
1754 + if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
1755 + saltlen = -1;
1756 + else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
1757 + saltlen = -2;
1758 + if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
1759 + goto err;
1760 + }
1761 i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
1762 err:
1763 EVP_PKEY_CTX_free(pkctx);
1764 diff -up /dev/null openssl-1.0.0-beta3/crypto/fips/cavs/fips_aesavs.c
1765 --- /dev/null 2009-09-23 10:56:02.148001752 +0200
1766 +++ openssl-1.0.0-beta3/crypto/fips/cavs/fips_aesavs.c 2009-09-30 13:25:58.000000000 +0200
1767 @@ -0,0 +1,939 @@
1768 +/* ====================================================================
1769 + * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
1770 + *
1771 + * Redistribution and use in source and binary forms, with or without
1772 + * modification, are permitted provided that the following conditions
1773 + * are met:
1774 + *
1775 + * 1. Redistributions of source code must retain the above copyright
1776 + * notice, this list of conditions and the following disclaimer.
1777 + *
1778 + * 2. Redistributions in binary form must reproduce the above copyright
1779 + * notice, this list of conditions and the following disclaimer in
1780 + * the documentation and/or other materials provided with the
1781 + * distribution.
1782 + *
1783 + * 3. All advertising materials mentioning features or use of this
1784 + * software must display the following acknowledgment:
1785 + * "This product includes software developed by the OpenSSL Project
1786 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
1787 + *
1788 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1789 + * endorse or promote products derived from this software without
1790 + * prior written permission. For written permission, please contact
1791 + * openssl-core@openssl.org.
1792 + *
1793 + * 5. Products derived from this software may not be called "OpenSSL"
1794 + * nor may "OpenSSL" appear in their names without prior written
1795 + * permission of the OpenSSL Project.
1796 + *
1797 + * 6. Redistributions of any form whatsoever must retain the following
1798 + * acknowledgment:
1799 + * "This product includes software developed by the OpenSSL Project
1800 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
1801 + *
1802 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1803 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1804 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1805 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
1806 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1807 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1808 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1809 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1810 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1811 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1812 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1813 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1814 + *
1815 + */
1816 +/*---------------------------------------------
1817 + NIST AES Algorithm Validation Suite
1818 + Test Program
1819 +
1820 + Donated to OpenSSL by:
1821 + V-ONE Corporation
1822 + 20250 Century Blvd, Suite 300
1823 + Germantown, MD 20874
1824 + U.S.A.
1825 + ----------------------------------------------*/
1826 +
1827 +#include <stdio.h>
1828 +#include <stdlib.h>
1829 +#include <string.h>
1830 +#include <errno.h>
1831 +#include <assert.h>
1832 +#include <ctype.h>
1833 +#include <openssl/aes.h>
1834 +#include <openssl/evp.h>
1835 +#include <openssl/bn.h>
1836 +
1837 +#include <openssl/err.h>
1838 +#include "e_os.h"
1839 +
1840 +#ifndef OPENSSL_FIPS
1841 +
1842 +int main(int argc, char *argv[])
1843 +{
1844 + printf("No FIPS AES support\n");
1845 + return(0);
1846 +}
1847 +
1848 +#else
1849 +
1850 +#include <openssl/fips.h>
1851 +#include "fips_utl.h"
1852 +
1853 +#define AES_BLOCK_SIZE 16
1854 +
1855 +#define VERBOSE 0
1856 +
1857 +/*-----------------------------------------------*/
1858 +
1859 +int AESTest(EVP_CIPHER_CTX *ctx,
1860 + char *amode, int akeysz, unsigned char *aKey,
1861 + unsigned char *iVec,
1862 + int dir, /* 0 = decrypt, 1 = encrypt */
1863 + unsigned char *plaintext, unsigned char *ciphertext, int len)
1864 + {
1865 + const EVP_CIPHER *cipher = NULL;
1866 +
1867 + if (strcasecmp(amode, "CBC") == 0)
1868 + {
1869 + switch (akeysz)
1870 + {
1871 + case 128:
1872 + cipher = EVP_aes_128_cbc();
1873 + break;
1874 +
1875 + case 192:
1876 + cipher = EVP_aes_192_cbc();
1877 + break;
1878 +
1879 + case 256:
1880 + cipher = EVP_aes_256_cbc();
1881 + break;
1882 + }
1883 +
1884 + }
1885 + else if (strcasecmp(amode, "ECB") == 0)
1886 + {
1887 + switch (akeysz)
1888 + {
1889 + case 128:
1890 + cipher = EVP_aes_128_ecb();
1891 + break;
1892 +
1893 + case 192:
1894 + cipher = EVP_aes_192_ecb();
1895 + break;
1896 +
1897 + case 256:
1898 + cipher = EVP_aes_256_ecb();
1899 + break;
1900 + }
1901 + }
1902 + else if (strcasecmp(amode, "CFB128") == 0)
1903 + {
1904 + switch (akeysz)
1905 + {
1906 + case 128:
1907 + cipher = EVP_aes_128_cfb128();
1908 + break;
1909 +
1910 + case 192:
1911 + cipher = EVP_aes_192_cfb128();
1912 + break;
1913 +
1914 + case 256:
1915 + cipher = EVP_aes_256_cfb128();
1916 + break;
1917 + }
1918 +
1919 + }
1920 + else if (strncasecmp(amode, "OFB", 3) == 0)
1921 + {
1922 + switch (akeysz)
1923 + {
1924 + case 128:
1925 + cipher = EVP_aes_128_ofb();
1926 + break;
1927 +
1928 + case 192:
1929 + cipher = EVP_aes_192_ofb();
1930 + break;
1931 +
1932 + case 256:
1933 + cipher = EVP_aes_256_ofb();
1934 + break;
1935 + }
1936 + }
1937 + else if(!strcasecmp(amode,"CFB1"))
1938 + {
1939 + switch (akeysz)
1940 + {
1941 + case 128:
1942 + cipher = EVP_aes_128_cfb1();
1943 + break;
1944 +
1945 + case 192:
1946 + cipher = EVP_aes_192_cfb1();
1947 + break;
1948 +
1949 + case 256:
1950 + cipher = EVP_aes_256_cfb1();
1951 + break;
1952 + }
1953 + }
1954 + else if(!strcasecmp(amode,"CFB8"))
1955 + {
1956 + switch (akeysz)
1957 + {
1958 + case 128:
1959 + cipher = EVP_aes_128_cfb8();
1960 + break;
1961 +
1962 + case 192:
1963 + cipher = EVP_aes_192_cfb8();
1964 + break;
1965 +
1966 + case 256:
1967 + cipher = EVP_aes_256_cfb8();
1968 + break;
1969 + }
1970 + }
1971 + else
1972 + {
1973 + printf("Unknown mode: %s\n", amode);
1974 + return 0;
1975 + }
1976 + if (!cipher)
1977 + {
1978 + printf("Invalid key size: %d\n", akeysz);
1979 + return 0;
1980 + }
1981 + if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
1982 + return 0;
1983 + if(!strcasecmp(amode,"CFB1"))
1984 + M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
1985 + if (dir)
1986 + EVP_Cipher(ctx, ciphertext, plaintext, len);
1987 + else
1988 + EVP_Cipher(ctx, plaintext, ciphertext, len);
1989 + return 1;
1990 + }
1991 +
1992 +/*-----------------------------------------------*/
1993 +char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
1994 +char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"};
1995 +enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128};
1996 +enum XCrypt {XDECRYPT, XENCRYPT};
1997 +
1998 +/*=============================*/
1999 +/* Monte Carlo Tests */
2000 +/*-----------------------------*/
2001 +
2002 +/*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/
2003 +/*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/
2004 +
2005 +#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
2006 +#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
2007 +
2008 +int do_mct(char *amode,
2009 + int akeysz, unsigned char *aKey,unsigned char *iVec,
2010 + int dir, unsigned char *text, int len,
2011 + FILE *rfp)
2012 + {
2013 + int ret = 0;
2014 + unsigned char key[101][32];
2015 + unsigned char iv[101][AES_BLOCK_SIZE];
2016 + unsigned char ptext[1001][32];
2017 + unsigned char ctext[1001][32];
2018 + unsigned char ciphertext[64+4];
2019 + int i, j, n, n1, n2;
2020 + int imode = 0, nkeysz = akeysz/8;
2021 + EVP_CIPHER_CTX ctx;
2022 + EVP_CIPHER_CTX_init(&ctx);
2023 +
2024 + if (len > 32)
2025 + {
2026 + printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n",
2027 + amode, akeysz);