]> granicus.if.org Git - openssl/commitdiff
Backport SHA-[224|256|384|512] from HEAD to FIPS.
authorAndy Polyakov <appro@openssl.org>
Sat, 7 May 2005 17:21:34 +0000 (17:21 +0000)
committerAndy Polyakov <appro@openssl.org>
Sat, 7 May 2005 17:21:34 +0000 (17:21 +0000)
24 files changed:
crypto/evp/c_alld.c
crypto/evp/evp.h
crypto/evp/m_sha.c
crypto/evp/m_sha1.c
crypto/hmac/hmac.h
crypto/objects/obj_dat.h
crypto/objects/obj_mac.h
crypto/objects/obj_mac.num
crypto/objects/objects.txt
crypto/sha/sha1_one.c
fips/dsa/fips_dsa_gen.c
fips/dsa/fips_dssvs.c
fips/fipshashes.c
fips/rsa/fips_rsa_selftest.c
fips/sha1/Makefile
fips/sha1/fips_md32_common.h
fips/sha1/fips_sha.h [new file with mode: 0644]
fips/sha1/fips_sha1_selftest.c
fips/sha1/fips_sha1dgst.c
fips/sha1/fips_sha1test.c
fips/sha1/fips_sha256.c [new file with mode: 0644]
fips/sha1/fips_sha512.c [new file with mode: 0644]
fips/sha1/fips_sha_locl.h
fips/sha1/fips_standalone_sha1.c

index aae7bf7482a34065f74e366616a102238c8766df..929ea56a3ebbe092ecb8548fb3acd2dabe5482fe 100644 (file)
@@ -99,5 +99,15 @@ void OpenSSL_add_all_digests(void)
        EVP_add_digest(EVP_ripemd160());
        EVP_add_digest_alias(SN_ripemd160,"ripemd");
        EVP_add_digest_alias(SN_ripemd160,"rmd160");
+#endif
+#ifdef OPENSSL_FIPS
+#ifndef OPENSSL_NO_SHA256
+       EVP_add_digest(EVP_sha224());
+       EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+       EVP_add_digest(EVP_sha384());
+       EVP_add_digest(EVP_sha512());
+#endif
 #endif
        }
index 5cde88ae76ba31f9eb574e352e6feb9f6681c5b0..4c165f8ddfdd512f1dc9452be66b54d76a987b3f 100644 (file)
 #include <openssl/md5.h>
 #endif
 #ifndef OPENSSL_NO_SHA
+#ifndef OPENSSL_FIPS
 #include <openssl/sha.h>
+#else
+#include <openssl/fips_sha.h>
+#endif
 #endif
 #ifndef OPENSSL_NO_RIPEMD
 #include <openssl/ripemd.h>
 #define EVP_CAST5_KEY_SIZE             16
 #define EVP_RC5_32_12_16_KEY_SIZE      16
 */
-#define EVP_MAX_MD_SIZE                        (16+20) /* The SSLv3 md5+sha1 type */
+#define EVP_MAX_MD_SIZE                        64      /* longest known SHA512 */
 #define EVP_MAX_KEY_LENGTH             32
 #define EVP_MAX_IV_LENGTH              16
 #define EVP_MAX_BLOCK_LENGTH           32
@@ -642,6 +646,14 @@ const EVP_MD *EVP_sha(void);
 const EVP_MD *EVP_sha1(void);
 const EVP_MD *EVP_dss(void);
 const EVP_MD *EVP_dss1(void);
+#ifndef OPENSSL_NO_SHA256
+const EVP_MD *EVP_sha224(void);
+const EVP_MD *EVP_sha256(void);
+#endif
+#ifndef OPENSSL_NO_SHA512
+const EVP_MD *EVP_sha384(void);
+const EVP_MD *EVP_sha512(void);
+#endif
 #endif
 #ifndef OPENSSL_NO_MDC2
 const EVP_MD *EVP_mdc2(void);
index d1785e5f745d938ca169ea97d6a06e70b59004e6..ed54909b16275d1da73781ec299e5a7dc2b3f586 100644 (file)
@@ -59,6 +59,9 @@
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
 #include <stdio.h>
 #include "cryptlib.h"
+/* Including sha.h prior evp.h masks FIPS SHA declarations, but that's
+ * exactly what we want to achieve here... */
+#include <openssl/sha.h>
 #include <openssl/evp.h>
 #include "evp_locl.h"
 #include <openssl/objects.h>
index fe4402389aeae4f104a917a65038d12cb08e8bd9..60da93873c2fad4c7bc331bf7edd1e82c3518c6d 100644 (file)
@@ -67,7 +67,14 @@ static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
 
 static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+#ifndef OPENSSL_FIPS
        { return SHA1_Update(ctx->md_data,data,count); }
+#else
+       {
+       OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+       return SHA1_Update(ctx->md_data,data,count);
+       }
+#endif
 
 static int final(EVP_MD_CTX *ctx,unsigned char *md)
        { return SHA1_Final(md,ctx->md_data); }
@@ -93,3 +100,115 @@ const EVP_MD *EVP_sha1(void)
        return(&sha1_md);
        }
 #endif
+
+#ifdef OPENSSL_FIPS
+#ifndef OPENSSL_NO_SHA256
+static int init224(EVP_MD_CTX *ctx)
+       { return SHA224_Init(ctx->md_data); }
+static int init256(EVP_MD_CTX *ctx)
+       { return SHA256_Init(ctx->md_data); }
+/*
+ * Even though there're separate SHA224_[Update|Final], we call
+ * SHA256 functions even in SHA224 context. This is what happens
+ * there anyway, so we can spare few CPU cycles:-)
+ */
+static int update256(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+       {
+       OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+       return SHA256_Update(ctx->md_data,data,count);
+       }
+static int final256(EVP_MD_CTX *ctx,unsigned char *md)
+       { return SHA256_Final(md,ctx->md_data); }
+
+static const EVP_MD sha224_md=
+       {
+       NID_sha224,
+       NID_sha224WithRSAEncryption,
+       SHA224_DIGEST_LENGTH,
+       EVP_MD_FLAG_FIPS,
+       init224,
+       update256,
+       final256,
+       NULL,
+       NULL,
+       EVP_PKEY_RSA_method,
+       SHA256_CBLOCK,
+       sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+       };
+
+const EVP_MD *EVP_sha224(void)
+       { return(&sha224_md); }
+
+static const EVP_MD sha256_md=
+       {
+       NID_sha256,
+       NID_sha256WithRSAEncryption,
+       SHA256_DIGEST_LENGTH,
+       EVP_MD_FLAG_FIPS,
+       init256,
+       update256,
+       final256,
+       NULL,
+       NULL,
+       EVP_PKEY_RSA_method,
+       SHA256_CBLOCK,
+       sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+       };
+
+const EVP_MD *EVP_sha256(void)
+       { return(&sha256_md); }
+#endif /* ifndef OPENSSL_NO_SHA256 */
+
+#ifndef OPENSSL_NO_SHA512
+static int init384(EVP_MD_CTX *ctx)
+       { return SHA384_Init(ctx->md_data); }
+static int init512(EVP_MD_CTX *ctx)
+       { return SHA512_Init(ctx->md_data); }
+/* See comment in SHA224/256 section */
+static int update512(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+       {
+       OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+       return SHA512_Update(ctx->md_data,data,count);
+       }
+static int final512(EVP_MD_CTX *ctx,unsigned char *md)
+       { return SHA512_Final(md,ctx->md_data); }
+
+static const EVP_MD sha384_md=
+       {
+       NID_sha384,
+       NID_sha384WithRSAEncryption,
+       SHA384_DIGEST_LENGTH,
+       EVP_MD_FLAG_FIPS,
+       init384,
+       update512,
+       final512,
+       NULL,
+       NULL,
+       EVP_PKEY_RSA_method,
+       SHA512_CBLOCK,
+       sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+       };
+
+const EVP_MD *EVP_sha384(void)
+       { return(&sha384_md); }
+
+static const EVP_MD sha512_md=
+       {
+       NID_sha512,
+       NID_sha512WithRSAEncryption,
+       SHA512_DIGEST_LENGTH,
+       EVP_MD_FLAG_FIPS,
+       init512,
+       update512,
+       final512,
+       NULL,
+       NULL,
+       EVP_PKEY_RSA_method,
+       SHA512_CBLOCK,
+       sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+       };
+
+const EVP_MD *EVP_sha512(void)
+       { return(&sha512_md); }
+#endif /* ifndef OPENSSL_NO_SHA512 */
+#endif /* ifdef OPENSSL_FIPS */
index 294ab3b36a01060d1f604c904bff70494dccb8b2..8f3d7e54faca6847e4a0f66a19eff0cc51fe80e2 100644 (file)
@@ -64,7 +64,7 @@
 
 #include <openssl/evp.h>
 
-#define HMAC_MAX_MD_CBLOCK     64
+#define HMAC_MAX_MD_CBLOCK     128
 
 #ifdef  __cplusplus
 extern "C" {
index 87851270555de35a190edf4aabb108ccb02e9502..0a7702499dcc78cb10e933e53fbe59be0f5b083a 100644 (file)
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 668
-#define NUM_SN 660
-#define NUM_LN 660
-#define NUM_OBJ 624
+#define NUM_NID 676
+#define NUM_SN 668
+#define NUM_LN 668
+#define NUM_OBJ 632
 
-static unsigned char lvalues[4500]={
+static unsigned char lvalues[4572]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -692,6 +692,14 @@ static unsigned char lvalues[4500]={
 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00,     /* [4475] OBJ_id_ppl_anyLanguage */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01,     /* [4483] OBJ_id_ppl_inheritAll */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,     /* [4491] OBJ_Independent */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4499] OBJ_sha256WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4508] OBJ_sha384WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4517] OBJ_sha512WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4526] OBJ_sha224WithRSAEncryption */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4535] OBJ_sha256 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4544] OBJ_sha384 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4553] OBJ_sha512 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4562] OBJ_sha224 */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -1756,6 +1764,18 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
        &(lvalues[4483]),0},
 {NULL,NULL,NID_undef,0,NULL},
 {"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4491]),0},
+{"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9,
+       &(lvalues[4499]),0},
+{"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9,
+       &(lvalues[4508]),0},
+{"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9,
+       &(lvalues[4517]),0},
+{"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9,
+       &(lvalues[4526]),0},
+{"SHA256","sha256",NID_sha256,9,&(lvalues[4535]),0},
+{"SHA384","sha384",NID_sha384,9,&(lvalues[4544]),0},
+{"SHA512","sha512",NID_sha512,9,&(lvalues[4553]),0},
+{"SHA224","sha224",NID_sha224,9,&(lvalues[4562]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -1881,8 +1901,16 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[42]),/* "RSA-SHA" */
 &(nid_objs[65]),/* "RSA-SHA1" */
 &(nid_objs[115]),/* "RSA-SHA1-2" */
+&(nid_objs[671]),/* "RSA-SHA224" */
+&(nid_objs[668]),/* "RSA-SHA256" */
+&(nid_objs[669]),/* "RSA-SHA384" */
+&(nid_objs[670]),/* "RSA-SHA512" */
 &(nid_objs[41]),/* "SHA" */
 &(nid_objs[64]),/* "SHA1" */
+&(nid_objs[675]),/* "SHA224" */
+&(nid_objs[672]),/* "SHA256" */
+&(nid_objs[673]),/* "SHA384" */
+&(nid_objs[674]),/* "SHA512" */
 &(nid_objs[188]),/* "SMIME" */
 &(nid_objs[167]),/* "SMIME-CAPS" */
 &(nid_objs[100]),/* "SN" */
@@ -3059,6 +3087,14 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[64]),/* "sha1" */
 &(nid_objs[115]),/* "sha1WithRSA" */
 &(nid_objs[65]),/* "sha1WithRSAEncryption" */
+&(nid_objs[675]),/* "sha224" */
+&(nid_objs[671]),/* "sha224WithRSAEncryption" */
+&(nid_objs[672]),/* "sha256" */
+&(nid_objs[668]),/* "sha256WithRSAEncryption" */
+&(nid_objs[673]),/* "sha384" */
+&(nid_objs[669]),/* "sha384WithRSAEncryption" */
+&(nid_objs[674]),/* "sha512" */
+&(nid_objs[670]),/* "sha512WithRSAEncryption" */
 &(nid_objs[42]),/* "shaWithRSAEncryption" */
 &(nid_objs[52]),/* "signingTime" */
 &(nid_objs[454]),/* "simpleSecurityObject" */
@@ -3480,6 +3516,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
 &(nid_objs[65]),/* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
 &(nid_objs[644]),/* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
+&(nid_objs[668]),/* OBJ_sha256WithRSAEncryption      1 2 840 113549 1 1 11 */
+&(nid_objs[669]),/* OBJ_sha384WithRSAEncryption      1 2 840 113549 1 1 12 */
+&(nid_objs[670]),/* OBJ_sha512WithRSAEncryption      1 2 840 113549 1 1 13 */
+&(nid_objs[671]),/* OBJ_sha224WithRSAEncryption      1 2 840 113549 1 1 14 */
 &(nid_objs[28]),/* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
 &(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
 &(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
@@ -3544,6 +3584,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[427]),/* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
 &(nid_objs[428]),/* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
 &(nid_objs[429]),/* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
+&(nid_objs[672]),/* OBJ_sha256                       2 16 840 1 101 3 4 2 1 */
+&(nid_objs[673]),/* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
+&(nid_objs[674]),/* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
+&(nid_objs[675]),/* OBJ_sha224                       2 16 840 1 101 3 4 2 4 */
 &(nid_objs[71]),/* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
 &(nid_objs[72]),/* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
 &(nid_objs[73]),/* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
index d28894cf418bb0b443dacf456bac2b8ba864cb1d..635f39541781a3291af35d011cbf9e9ed6c2bdb0 100644 (file)
 #define NID_sha1WithRSAEncryption              65
 #define OBJ_sha1WithRSAEncryption              OBJ_pkcs1,5L
 
+#define SN_sha256WithRSAEncryption             "RSA-SHA256"
+#define LN_sha256WithRSAEncryption             "sha256WithRSAEncryption"
+#define NID_sha256WithRSAEncryption            668
+#define OBJ_sha256WithRSAEncryption            OBJ_pkcs1,11L
+
+#define SN_sha384WithRSAEncryption             "RSA-SHA384"
+#define LN_sha384WithRSAEncryption             "sha384WithRSAEncryption"
+#define NID_sha384WithRSAEncryption            669
+#define OBJ_sha384WithRSAEncryption            OBJ_pkcs1,12L
+
+#define SN_sha512WithRSAEncryption             "RSA-SHA512"
+#define LN_sha512WithRSAEncryption             "sha512WithRSAEncryption"
+#define NID_sha512WithRSAEncryption            670
+#define OBJ_sha512WithRSAEncryption            OBJ_pkcs1,13L
+
+#define SN_sha224WithRSAEncryption             "RSA-SHA224"
+#define LN_sha224WithRSAEncryption             "sha224WithRSAEncryption"
+#define NID_sha224WithRSAEncryption            671
+#define OBJ_sha224WithRSAEncryption            OBJ_pkcs1,14L
+
 #define SN_pkcs3               "pkcs3"
 #define NID_pkcs3              27
 #define OBJ_pkcs3              OBJ_pkcs,3L
 #define LN_des_ede3_cfb8               "des-ede3-cfb8"
 #define NID_des_ede3_cfb8              659
 
+#define OBJ_nist_hashalgs              OBJ_nistAlgorithms,2L
+
+#define SN_sha256              "SHA256"
+#define LN_sha256              "sha256"
+#define NID_sha256             672
+#define OBJ_sha256             OBJ_nist_hashalgs,1L
+
+#define SN_sha384              "SHA384"
+#define LN_sha384              "sha384"
+#define NID_sha384             673
+#define OBJ_sha384             OBJ_nist_hashalgs,2L
+
+#define SN_sha512              "SHA512"
+#define LN_sha512              "sha512"
+#define NID_sha512             674
+#define OBJ_sha512             OBJ_nist_hashalgs,3L
+
+#define SN_sha224              "SHA224"
+#define LN_sha224              "sha224"
+#define NID_sha224             675
+#define OBJ_sha224             OBJ_nist_hashalgs,4L
+
 #define SN_hold_instruction_code               "holdInstructionCode"
 #define LN_hold_instruction_code               "Hold Instruction Code"
 #define NID_hold_instruction_code              430
index 0e64a929bab3435be1124548981d651498d95ec7..3076c89429dae0c0e77f5c5a079fd0ee70d26bfe 100644 (file)
@@ -665,3 +665,11 @@ id_ppl_anyLanguage         664
 id_ppl_inheritAll              665
 id_ppl_independent             666
 Independent            667
+sha256WithRSAEncryption                668
+sha384WithRSAEncryption                669
+sha512WithRSAEncryption                670
+sha224WithRSAEncryption                671
+sha256         672
+sha384         673
+sha512         674
+sha224         675
index 50e9031e61ebc5f79179e923d713bae75761dbfa..e6f3350015c85c3c9a5d33456eccbd555ee076c9 100644 (file)
@@ -63,6 +63,11 @@ pkcs1 2                      : RSA-MD2               : md2WithRSAEncryption
 pkcs1 3                        : RSA-MD4               : md4WithRSAEncryption
 pkcs1 4                        : RSA-MD5               : md5WithRSAEncryption
 pkcs1 5                        : RSA-SHA1              : sha1WithRSAEncryption
+# According to PKCS #1 version 2.1
+pkcs1 11               : RSA-SHA256            : sha256WithRSAEncryption
+pkcs1 12               : RSA-SHA384            : sha384WithRSAEncryption
+pkcs1 13               : RSA-SHA512            : sha512WithRSAEncryption
+pkcs1 14               : RSA-SHA224            : sha224WithRSAEncryption
 
 pkcs 3                 : pkcs3
 pkcs3 1                        :                       : dhKeyAgreement
@@ -703,6 +708,13 @@ aes 44                     : AES-256-CFB           : aes-256-cfb
                        : DES-EDE3-CFB1         : des-ede3-cfb1
                        : DES-EDE3-CFB8         : des-ede3-cfb8
 
+# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
+!Alias nist_hashalgs nistAlgorithms 2
+nist_hashalgs 1                : SHA256                : sha256
+nist_hashalgs 2                : SHA384                : sha384
+nist_hashalgs 3                : SHA512                : sha512
+nist_hashalgs 4                : SHA224                : sha224
+
 # Hold instruction CRL entry extension
 !Cname hold-instruction-code
 id-ce 23               : holdInstructionCode   : Hold Instruction Code
index e6d225216f488bf6ed046f65d90984a8ee8505b3..f4694b701b28a78e190e8fdca652f8a4cbba0e6e 100644 (file)
@@ -61,7 +61,7 @@
 #include <openssl/sha.h>
 #include <openssl/crypto.h>
 
-#ifndef OPENSSL_NO_SHA1
+#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_FIPS)
 unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
        {
        SHA_CTX c;
index 21fa3d1783cd43c3d99fbb090f3290e97944a70e..8ed1de01959138012f4d1aab1f3190585fd5d21b 100644 (file)
@@ -82,7 +82,7 @@
 #include <openssl/rand.h>
 #endif
 #ifndef OPENSSL_NO_SHA
-#include <openssl/sha.h>
+#include <openssl/fips_sha.h>
 #endif
 #include <openssl/fips.h>
 #include <openssl/err.h>
index 50a4d96986592e50a2ab732aa5fba57e0abe9ad1..5c751669817091ac19ddc9c5e638d50b15094c63 100644 (file)
@@ -2,7 +2,7 @@
 #include <openssl/dsa.h>
 #include <openssl/fips.h>
 #include <openssl/err.h>
-#include <openssl/sha.h>
+#include <openssl/fips_sha.h>
 #include <string.h>
 
 int hex2bin(const char *in, unsigned char *out)
index 9add95ef6bf10f9c13b901faaccf5531e6c34bcc..9a0f0752506e8a9a59f0a01e5b6c5f159ac679c7 100644 (file)
@@ -16,18 +16,21 @@ const char * const FIPS_source_hashes[] = {
 "HMAC-SHA1(dh/fips_dh_gen.c)= 93fe69b758ca9d70d70cda1c57fff4eb5c668e85",
 "HMAC-SHA1(dh/fips_dh_key.c)= 0b810d411090abd6b676a7ca730c35362fbd04a4",
 "HMAC-SHA1(dsa/fips_dsa_ossl.c)= 8bb943c0fd1adf04f6a845f4d1727c5472697e93",
-"HMAC-SHA1(dsa/fips_dsa_gen.c)= c252db14699f3ff641db052311da7d7521569c53",
+"HMAC-SHA1(dsa/fips_dsa_gen.c)= 78c879484fd849312ca4828b957df3842b70efc0",
 "HMAC-SHA1(dsa/fips_dsa_selftest.c)= 7c2ba8d82feda2aadc8b769a3b6c4c25a6356e01",
 "HMAC-SHA1(rand/fips_rand.c)= 29139e29f56f3ecd99f527af8742d5afb12f409a",
 "HMAC-SHA1(rand/fips_rand.h)= bf009ea8963e79b1e414442ede9ae7010a03160b",
 "HMAC-SHA1(rsa/fips_rsa_eay.c)= 2596773a7af8f037427217b79f56858296961d66",
 "HMAC-SHA1(rsa/fips_rsa_gen.c)= 713d2e0d7a1a682b1794f1224b7afe01272ba755",
-"HMAC-SHA1(rsa/fips_rsa_selftest.c)= 8c915b5a4e354dcede93ba08c42858d4dd884e67",
-"HMAC-SHA1(sha1/fips_sha1dgst.c)= 867e990149be16fe9e758b916b5ffc9d9fa61afb",
-"HMAC-SHA1(sha1/fips_standalone_sha1.c)= 93203c569097189b47a0085bc9fc55193867d4ce",
-"HMAC-SHA1(sha1/fips_sha1_selftest.c)= bd5c6ece3ef96237440bb0c51c7cf2bd42d39483",
+"HMAC-SHA1(rsa/fips_rsa_selftest.c)= dcd0970a4de2d7f0d2333d6a3efb1ae350209b57",
+"HMAC-SHA1(sha1/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
+"HMAC-SHA1(sha1/fips_standalone_sha1.c)= faae95bc36cc80f5be6a0cde02ebab0f63d4fd97",
+"HMAC-SHA1(sha1/fips_sha1_selftest.c)= e4a50c88af171121f5f84476f33efb7d12c2e917",
 "HMAC-SHA1(sha1/asm/fips-sx86-elf.s)= ae66fb23ab8e1a2287e87a0a2dd30a4b9039fe63",
-"HMAC-SHA1(sha1/fips_sha_locl.h)= c1b4c82eec5f0ee119658456690f3ea9d77ed1c5",
-"HMAC-SHA1(sha1/fips_md32_common.h)= 08a057a7b94acf5df4301ea6c894ce14082e1ec4",
+"HMAC-SHA1(sha1/fips_sha_locl.h)= 30b6d6bdbdc9db0d66dc89010c1f4fe1c7b60574",
+"HMAC-SHA1(sha1/fips_md32_common.h)= c34d8b7785d3194ff968cf6d3efdd2bfcaec1fad",
+"HMAC-SHA1(sha1/fips_sha.h)= cbe98c211cff1684adfa3fe6e6225e92a0a25f6c",
+"HMAC-SHA1(sha1/fips_sha256.c)= 826e768677e67b7c87dfc9e084245b619804d01c",
+"HMAC-SHA1(sha1/fips_sha512.c)= 2df9a994290d0f3e6eb621c981bfc4af78a15988",
 "HMAC-SHA1(hmac/fips_hmac.c)= a477cec1da76c0092979c4a875b6469339bff7ef",
 };
index 90f12ff3e9043f405952669e34f1b0755b4b5723..0da4905374dd92530e8365cc749e7c9d651f29be 100644 (file)
@@ -51,7 +51,7 @@
 #include <openssl/err.h>
 #include <openssl/fips.h>
 #include <openssl/rsa.h>
-#include <openssl/sha.h>
+#include <openssl/fips_sha.h>
 #include <openssl/opensslconf.h>
 
 #ifdef OPENSSL_FIPS
index 96de60a91e1a3cee84ed2dcf9404cb9fac7723b9..e6a53e32dcd809d1a22f8b729d5022dbe1d6d408 100644 (file)
@@ -25,12 +25,14 @@ APPS=
 EXE= fips_standalone_sha1$(EXE_EXT)
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_sha1dgst.c fips_sha1_selftest.c asm/fips-sx86-elf.s
-LIBOBJ=fips_sha1dgst.o fips_sha1_selftest.o $(FIPS_SHA1_ASM_OBJ)
+LIBSRC=fips_sha1dgst.c fips_sha1_selftest.c asm/fips-sx86-elf.s \
+       fips_sha256.c fips_sha512.c
+LIBOBJ=fips_sha1dgst.o fips_sha1_selftest.o $(FIPS_SHA1_ASM_OBJ) \
+       fips_sha256.o fips_sha512.o
 
 SRC= $(LIBSRC) fips_standalone_sha1.c
 
-EXHEADER=
+EXHEADER=fips_sha.h
 HEADER=        $(EXHEADER) fips_sha_locl.h fips_md32_common.h
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
index cf1110e8970969fafac05eaeebc3f16cf544845e..b5ad231e3a0c8c89438c3e6270d397e99248ca9f 100644 (file)
                                : "cc");                \
                           ret;                         \
                        })
-#  elif defined(__powerpc) || defined(__ppc)
+#  elif defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
 #   define ROTATE(a,n) ({ register unsigned int ret;   \
                                asm (                   \
                                "rlwinm %0,%1,%2,0,31"  \
  * Time for some action:-)
  */
 
-int HASH_UPDATE (HASH_CTX *c, const void *data_, FIPS_SHA_SIZE_T len)
+int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
        {
        const unsigned char *data=data_;
        register HASH_LONG * p;
diff --git a/fips/sha1/fips_sha.h b/fips/sha1/fips_sha.h
new file mode 100644 (file)
index 0000000..4520b06
--- /dev/null
@@ -0,0 +1,186 @@
+/* fips/sha1/fips_sha.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_SHA_H
+#define HEADER_SHA_H
+
+#include <openssl/e_os2.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
+#error SHA is disabled.
+#endif
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! SHA_LONG_LOG2 has to be defined along.                        !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#define SHA_LONG unsigned long
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+#define SHA_LONG unsigned long
+#define SHA_LONG_LOG2 3
+#else
+#define SHA_LONG unsigned int
+#endif
+
+#define SHA_LBLOCK     16
+#define SHA_CBLOCK     (SHA_LBLOCK*4)  /* SHA treats input data as a
+                                        * contiguous array of 32 bit
+                                        * wide big-endian values. */
+#define SHA_LAST_BLOCK  (SHA_CBLOCK-8)
+#define SHA_DIGEST_LENGTH 20
+
+typedef struct SHAstate_st
+       {
+       SHA_LONG h0,h1,h2,h3,h4;
+       SHA_LONG Nl,Nh;
+       SHA_LONG data[SHA_LBLOCK];
+       unsigned int num;
+       } SHA_CTX;
+
+#ifndef OPENSSL_NO_SHA1
+int SHA1_Init(SHA_CTX *c);
+int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+int SHA1_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
+void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
+#endif
+
+#define SHA256_CBLOCK  (SHA_LBLOCK*4)  /* SHA-256 treats input data as a
+                                        * contiguous array of 32 bit
+                                        * wide big-endian values. */
+#define SHA224_DIGEST_LENGTH   28
+#define SHA256_DIGEST_LENGTH   32
+
+typedef struct SHA256state_st
+       {
+       SHA_LONG h[8];
+       SHA_LONG Nl,Nh;
+       SHA_LONG data[SHA_LBLOCK];
+       unsigned int num,md_len;
+       } SHA256_CTX;
+
+#ifndef OPENSSL_NO_SHA256
+int SHA224_Init(SHA256_CTX *c);
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md);
+int SHA256_Init(SHA256_CTX *c);
+int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md);
+void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
+#endif
+
+#define SHA384_DIGEST_LENGTH   48
+#define SHA512_DIGEST_LENGTH   64
+
+/*
+ * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
+ * being exactly 64-bit wide. See Implementation Notes in sha512.c
+ * for further details.
+ */
+#define SHA512_CBLOCK  (SHA_LBLOCK*8)  /* SHA-512 treats input data as a
+                                        * contiguous array of 64 bit
+                                        * wide big-endian values. */
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#define SHA_LONG64 unsigned __int64
+#define U64(C)     C##UI64
+#elif defined(__arch64__)
+#define SHA_LONG64 unsigned long
+#define U64(C)     C##UL
+#else
+#define SHA_LONG64 unsigned long long
+#define U64(C)     C##ULL
+#endif
+
+typedef struct SHA512state_st
+       {
+       SHA_LONG64 h[8];
+       SHA_LONG64 Nl,Nh;
+       union {
+               SHA_LONG64      d[SHA_LBLOCK];
+               unsigned char   p[SHA512_CBLOCK];
+       } u;
+       unsigned int num,md_len;
+       } SHA512_CTX;
+
+#ifndef OPENSSL_NO_SHA512
+int SHA384_Init(SHA512_CTX *c);
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md);
+int SHA512_Init(SHA512_CTX *c);
+int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA512_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md);
+void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
index 0dd26c5564430f29ebdc055d6fe328dda6f7f3aa..6c89c9ec462e3f0bb8c49bf2cb7292c5e0fd2805 100644 (file)
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/fips.h>
-#include <openssl/sha.h>
+#include <openssl/fips_sha.h>
 
 #ifdef OPENSSL_FIPS
-static const char * const test[]=
+static char *test[]=
     {
     "",
     "abc",
@@ -61,7 +61,7 @@ static const char * const test[]=
     NULL,
     };
 
-static unsigned char ret[][SHA_DIGEST_LENGTH]=
+static const unsigned char ret[][SHA_DIGEST_LENGTH]=
     {
     { 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55,
       0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 },
@@ -73,7 +73,7 @@ static unsigned char ret[][SHA_DIGEST_LENGTH]=
 
 void FIPS_corrupt_sha1()
     {
-    ret[0][0]++;
+    test[2][0]++;
     }
 
 int FIPS_selftest_sha1()
index fe4ebcb31c5ee53167bea8cb16c0da1496818bc4..fb9e15453c05ac527fc75e42b3fa0702b5b08e95 100644 (file)
@@ -63,6 +63,7 @@
 
 #include <openssl/opensslv.h>
 #include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
 
 #ifdef OPENSSL_FIPS
 const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
@@ -70,6 +71,21 @@ const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
 /* The implementation is in fips_md32_common.h */
 #include "fips_sha_locl.h"
 
+unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
+       {
+       SHA_CTX c;
+       static unsigned char m[SHA_DIGEST_LENGTH];
+
+       OPENSSL_assert(sizeof(unsigned long)<=sizeof(size_t));
+       if (md == NULL) md=m;
+       if (!SHA1_Init(&c))
+               return NULL;
+       SHA1_Update(&c,d,n);
+       SHA1_Final(md,&c);
+       OPENSSL_cleanse(&c,sizeof(c));
+       return(md);
+       }
+
 #else /* ndef OPENSSL_FIPS */
 
 static void *dummy=&dummy;
index 176d6009bbb14fa32e230c4a84be33d03f2db4aa..eca78d32ae86f7d2964a797f07c59fb41faf5e83 100644 (file)
@@ -3,7 +3,7 @@
 #include <ctype.h>
 #include <string.h>
 #include <stdlib.h>
-#include <openssl/sha.h>
+#include <openssl/fips_sha.h>
 #include <openssl/err.h>
 #include <openssl/fips.h>
 #ifdef FLAT_INC
diff --git a/fips/sha1/fips_sha256.c b/fips/sha1/fips_sha256.c
new file mode 100644 (file)
index 0000000..203e559
--- /dev/null
@@ -0,0 +1,320 @@
+/* crypto/sha/sha256.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved
+ * according to the OpenSSL license [found in ../../LICENSE].
+ * ====================================================================
+ */
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/fips_sha.h>
+#include <openssl/fips.h>
+#include <openssl/opensslv.h>
+
+const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
+
+int SHA224_Init (SHA256_CTX *c)
+       {
+       c->h[0]=0xc1059ed8UL;   c->h[1]=0x367cd507UL;
+       c->h[2]=0x3070dd17UL;   c->h[3]=0xf70e5939UL;
+       c->h[4]=0xffc00b31UL;   c->h[5]=0x68581511UL;
+       c->h[6]=0x64f98fa7UL;   c->h[7]=0xbefa4fa4UL;
+       c->Nl=0;        c->Nh=0;
+       c->num=0;       c->md_len=SHA224_DIGEST_LENGTH;
+       return 1;
+       }
+
+int SHA256_Init (SHA256_CTX *c)
+       {
+       c->h[0]=0x6a09e667UL;   c->h[1]=0xbb67ae85UL;
+       c->h[2]=0x3c6ef372UL;   c->h[3]=0xa54ff53aUL;
+       c->h[4]=0x510e527fUL;   c->h[5]=0x9b05688cUL;
+       c->h[6]=0x1f83d9abUL;   c->h[7]=0x5be0cd19UL;
+       c->Nl=0;        c->Nh=0;
+       c->num=0;       c->md_len=SHA256_DIGEST_LENGTH;
+       return 1;
+       }
+
+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
+       {
+       SHA256_CTX c;
+       static unsigned char m[SHA224_DIGEST_LENGTH];
+
+       if (md == NULL) md=m;
+       SHA224_Init(&c);
+       SHA256_Update(&c,d,n);
+       SHA256_Final(md,&c);
+       OPENSSL_cleanse(&c,sizeof(c));
+       return(md);
+       }
+
+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
+       {
+       SHA256_CTX c;
+       static unsigned char m[SHA256_DIGEST_LENGTH];
+
+       if (md == NULL) md=m;
+       SHA256_Init(&c);
+       SHA256_Update(&c,d,n);
+       SHA256_Final(md,&c);
+       OPENSSL_cleanse(&c,sizeof(c));
+       return(md);
+       }
+
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
+{   return SHA256_Update (c,data,len);   }
+int SHA224_Final (unsigned char *md, SHA256_CTX *c)
+{   return SHA256_Final (md,c);   }
+
+#ifndef        SHA_LONG_LOG2
+#define        SHA_LONG_LOG2   2       /* default to 32 bits */
+#endif
+
+#define        DATA_ORDER_IS_BIG_ENDIAN
+
+#define        HASH_LONG               SHA_LONG
+#define        HASH_LONG_LOG2          SHA_LONG_LOG2
+#define        HASH_CTX                SHA256_CTX
+#define        HASH_CBLOCK             SHA_CBLOCK
+#define        HASH_LBLOCK             SHA_LBLOCK
+/*
+ * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
+ * default: case below covers for it. It's not clear however if it's
+ * permitted to truncate to amount of bytes not divisible by 4. I bet not,
+ * but if it is, then default: case shall be extended. For reference.
+ * Idea behind separate cases for pre-defined lenghts is to let the
+ * compiler decide if it's appropriate to unroll small loops.
+ */
+#define        HASH_MAKE_STRING(c,s)   do {    \
+       unsigned long ll;               \
+       unsigned int  n;                \
+       switch ((c)->md_len)            \
+       {   case SHA224_DIGEST_LENGTH:  \
+               for (n=0;n<SHA224_DIGEST_LENGTH/4;n++)  \
+               {   ll=(c)->h[n]; HOST_l2c(ll,(s));   } \
+               break;                  \
+           case SHA256_DIGEST_LENGTH:  \
+               for (n=0;n<SHA256_DIGEST_LENGTH/4;n++)  \
+               {   ll=(c)->h[n]; HOST_l2c(ll,(s));   } \
+               break;                  \
+           default:                    \
+               if ((c)->md_len > SHA256_DIGEST_LENGTH) \
+                   return 0;                           \
+               for (n=0;n<(c)->md_len/4;n++)           \
+               {   ll=(c)->h[n]; HOST_l2c(ll,(s));   } \
+               break;                  \
+       }                               \
+       } while (0)
+
+#define        HASH_UPDATE             SHA256_Update
+#define        HASH_TRANSFORM          SHA256_Transform
+#define        HASH_FINAL              SHA256_Final
+#define        HASH_BLOCK_HOST_ORDER   sha256_block_host_order
+#define        HASH_BLOCK_DATA_ORDER   sha256_block_data_order
+void sha256_block_host_order (SHA256_CTX *ctx, const void *in, size_t num);
+void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num);
+
+#include "fips_md32_common.h"
+
+#ifdef SHA256_ASM
+void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host);
+#else
+static const SHA_LONG K256[64] = {
+       0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL,
+       0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL,
+       0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL,
+       0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL,
+       0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL,
+       0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL,
+       0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL,
+       0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL,
+       0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL,
+       0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL,
+       0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL,
+       0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL,
+       0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL,
+       0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL,
+       0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL,
+       0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL };
+
+/*
+ * FIPS specification refers to right rotations, while our ROTATE macro
+ * is left one. This is why you might notice that rotation coefficients
+ * differ from those observed in FIPS document by 32-N...
+ */
+#define Sigma0(x)      (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
+#define Sigma1(x)      (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
+#define sigma0(x)      (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
+#define sigma1(x)      (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
+
+#define Ch(x,y,z)      (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z)     (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#ifdef OPENSSL_SMALL_FOOTPRINT
+
+static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
+       {
+       unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2;
+       SHA_LONG        X[16];
+       int i;
+       const unsigned char *data=in;
+
+                       while (num--) {
+
+       a = ctx->h[0];  b = ctx->h[1];  c = ctx->h[2];  d = ctx->h[3];
+       e = ctx->h[4];  f = ctx->h[5];  g = ctx->h[6];  h = ctx->h[7];
+
+       if (host)
+               {
+               const SHA_LONG *W=(const SHA_LONG *)data;
+
+               for (i=0;i<16;i++)
+                       {
+                       T1 = X[i] = W[i];
+                       T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
+                       T2 = Sigma0(a) + Maj(a,b,c);
+                       h = g;  g = f;  f = e;  e = d + T1;
+                       d = c;  c = b;  b = a;  a = T1 + T2;
+                       }
+
+               data += SHA256_CBLOCK;
+               }
+       else
+               {
+               SHA_LONG l;
+
+               for (i=0;i<16;i++)
+                       {
+                       HOST_c2l(data,l); T1 = X[i] = l;
+                       T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
+                       T2 = Sigma0(a) + Maj(a,b,c);
+                       h = g;  g = f;  f = e;  e = d + T1;
+                       d = c;  c = b;  b = a;  a = T1 + T2;
+                       }
+               }
+
+       for (;i<64;i++)
+               {
+               s0 = X[(i+1)&0x0f];     s0 = sigma0(s0);
+               s1 = X[(i+14)&0x0f];    s1 = sigma1(s1);
+
+               T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
+               T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
+               T2 = Sigma0(a) + Maj(a,b,c);
+               h = g;  g = f;  f = e;  e = d + T1;
+               d = c;  c = b;  b = a;  a = T1 + T2;
+               }
+
+       ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
+       ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
+
+                       }
+}
+
+#else
+
+#define        ROUND_00_15(i,a,b,c,d,e,f,g,h)          do {    \
+       T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];      \
+       h = Sigma0(a) + Maj(a,b,c);                     \
+       d += T1;        h += T1;                } while (0)
+
+#define        ROUND_16_63(i,a,b,c,d,e,f,g,h,X)        do {    \
+       s0 = X[(i+1)&0x0f];     s0 = sigma0(s0);        \
+       s1 = X[(i+14)&0x0f];    s1 = sigma1(s1);        \
+       T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];    \
+       ROUND_00_15(i,a,b,c,d,e,f,g,h);         } while (0)
+
+static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
+       {
+       unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1;
+       SHA_LONG        X[16];
+       int i;
+       const unsigned char *data=in;
+
+                       while (num--) {
+
+       a = ctx->h[0];  b = ctx->h[1];  c = ctx->h[2];  d = ctx->h[3];
+       e = ctx->h[4];  f = ctx->h[5];  g = ctx->h[6];  h = ctx->h[7];
+
+       if (host)
+               {
+               const SHA_LONG *W=(const SHA_LONG *)data;
+
+               T1 = X[0] = W[0];       ROUND_00_15(0,a,b,c,d,e,f,g,h);
+               T1 = X[1] = W[1];       ROUND_00_15(1,h,a,b,c,d,e,f,g);
+               T1 = X[2] = W[2];       ROUND_00_15(2,g,h,a,b,c,d,e,f);
+               T1 = X[3] = W[3];       ROUND_00_15(3,f,g,h,a,b,c,d,e);
+               T1 = X[4] = W[4];       ROUND_00_15(4,e,f,g,h,a,b,c,d);
+               T1 = X[5] = W[5];       ROUND_00_15(5,d,e,f,g,h,a,b,c);
+               T1 = X[6] = W[6];       ROUND_00_15(6,c,d,e,f,g,h,a,b);
+               T1 = X[7] = W[7];       ROUND_00_15(7,b,c,d,e,f,g,h,a);
+               T1 = X[8] = W[8];       ROUND_00_15(8,a,b,c,d,e,f,g,h);
+               T1 = X[9] = W[9];       ROUND_00_15(9,h,a,b,c,d,e,f,g);
+               T1 = X[10] = W[10];     ROUND_00_15(10,g,h,a,b,c,d,e,f);
+               T1 = X[11] = W[11];     ROUND_00_15(11,f,g,h,a,b,c,d,e);
+               T1 = X[12] = W[12];     ROUND_00_15(12,e,f,g,h,a,b,c,d);
+               T1 = X[13] = W[13];     ROUND_00_15(13,d,e,f,g,h,a,b,c);
+               T1 = X[14] = W[14];     ROUND_00_15(14,c,d,e,f,g,h,a,b);
+               T1 = X[15] = W[15];     ROUND_00_15(15,b,c,d,e,f,g,h,a);
+
+               data += SHA256_CBLOCK;
+               }
+       else
+               {
+               SHA_LONG l;
+
+               HOST_c2l(data,l); T1 = X[0] = l;  ROUND_00_15(0,a,b,c,d,e,f,g,h);
+               HOST_c2l(data,l); T1 = X[1] = l;  ROUND_00_15(1,h,a,b,c,d,e,f,g);
+               HOST_c2l(data,l); T1 = X[2] = l;  ROUND_00_15(2,g,h,a,b,c,d,e,f);
+               HOST_c2l(data,l); T1 = X[3] = l;  ROUND_00_15(3,f,g,h,a,b,c,d,e);
+               HOST_c2l(data,l); T1 = X[4] = l;  ROUND_00_15(4,e,f,g,h,a,b,c,d);
+               HOST_c2l(data,l); T1 = X[5] = l;  ROUND_00_15(5,d,e,f,g,h,a,b,c);
+               HOST_c2l(data,l); T1 = X[6] = l;  ROUND_00_15(6,c,d,e,f,g,h,a,b);
+               HOST_c2l(data,l); T1 = X[7] = l;  ROUND_00_15(7,b,c,d,e,f,g,h,a);
+               HOST_c2l(data,l); T1 = X[8] = l;  ROUND_00_15(8,a,b,c,d,e,f,g,h);
+               HOST_c2l(data,l); T1 = X[9] = l;  ROUND_00_15(9,h,a,b,c,d,e,f,g);
+               HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f);
+               HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e);
+               HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d);
+               HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c);
+               HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b);
+               HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a);
+               }
+
+       for (i=16;i<64;i+=8)
+               {
+               ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X);
+               ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X);
+               ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X);
+               ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X);
+               ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X);
+               ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X);
+               ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X);
+               ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X);
+               }
+
+       ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
+       ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
+
+                       }
+       }
+
+#endif
+#endif /* SHA256_ASM */
+
+/*
+ * Idea is to trade couple of cycles for some space. On IA-32 we save
+ * about 4K in "big footprint" case. In "small footprint" case any gain
+ * is appreciated:-)
+ */
+void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
+{   sha256_block (ctx,in,num,1);   }
+
+void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
+{   sha256_block (ctx,in,num,0);   }
+
+#endif /* OPENSSL_NO_SHA256 */
diff --git a/fips/sha1/fips_sha512.c b/fips/sha1/fips_sha512.c
new file mode 100644 (file)
index 0000000..ea12e8e
--- /dev/null
@@ -0,0 +1,498 @@
+/* crypto/sha/sha512.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved
+ * according to the OpenSSL license [found in ../../LICENSE].
+ * ====================================================================
+ */
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
+/*
+ * IMPLEMENTATION NOTES.
+ *
+ * As you might have noticed 32-bit hash algorithms:
+ *
+ * - permit SHA_LONG to be wider than 32-bit (case on CRAY);
+ * - optimized versions implement two transform functions: one operating
+ *   on [aligned] data in host byte order and one - on data in input
+ *   stream byte order;
+ * - share common byte-order neutral collector and padding function
+ *   implementations, ../md32_common.h;
+ *
+ * Neither of the above applies to this SHA-512 implementations. Reasons
+ * [in reverse order] are:
+ *
+ * - it's the only 64-bit hash algorithm for the moment of this writing,
+ *   there is no need for common collector/padding implementation [yet];
+ * - by supporting only one transform function [which operates on
+ *   *aligned* data in input stream byte order, big-endian in this case]
+ *   we minimize burden of maintenance in two ways: a) collector/padding
+ *   function is simpler; b) only one transform function to stare at;
+ * - SHA_LONG64 is required to be exactly 64-bit in order to be able to
+ *   apply a number of optimizations to mitigate potential performance
+ *   penalties caused by previous design decision;
+ *
+ * Caveat lector.
+ *
+ * Implementation relies on the fact that "long long" is 64-bit on
+ * both 32- and 64-bit platforms. If some compiler vendor comes up
+ * with 128-bit long long, adjustment to sha.h would be required.
+ * As this implementation relies on 64-bit integer type, it's totally
+ * inappropriate for platforms which don't support it, most notably
+ * 16-bit platforms.
+ *                                     <appro@fy.chalmers.se>
+ */
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/fips_sha.h>
+#include <openssl/fips.h>
+#include <openssl/opensslv.h>
+
+const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
+
+#if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64)
+#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+#endif
+
+int SHA384_Init (SHA512_CTX *c)
+       {
+       c->h[0]=U64(0xcbbb9d5dc1059ed8);
+       c->h[1]=U64(0x629a292a367cd507);
+       c->h[2]=U64(0x9159015a3070dd17);
+       c->h[3]=U64(0x152fecd8f70e5939);
+       c->h[4]=U64(0x67332667ffc00b31);
+       c->h[5]=U64(0x8eb44a8768581511);
+       c->h[6]=U64(0xdb0c2e0d64f98fa7);
+       c->h[7]=U64(0x47b5481dbefa4fa4);
+        c->Nl=0;        c->Nh=0;
+        c->num=0;       c->md_len=SHA384_DIGEST_LENGTH;
+        return 1;
+       }
+
+int SHA512_Init (SHA512_CTX *c)
+       {
+       c->h[0]=U64(0x6a09e667f3bcc908);
+       c->h[1]=U64(0xbb67ae8584caa73b);
+       c->h[2]=U64(0x3c6ef372fe94f82b);
+       c->h[3]=U64(0xa54ff53a5f1d36f1);
+       c->h[4]=U64(0x510e527fade682d1);
+       c->h[5]=U64(0x9b05688c2b3e6c1f);
+       c->h[6]=U64(0x1f83d9abfb41bd6b);
+       c->h[7]=U64(0x5be0cd19137e2179);
+        c->Nl=0;        c->Nh=0;
+        c->num=0;       c->md_len=SHA512_DIGEST_LENGTH;
+        return 1;
+       }
+
+#ifndef SHA512_ASM
+static
+#endif
+void sha512_block (SHA512_CTX *ctx, const void *in, size_t num);
+
+int SHA512_Final (unsigned char *md, SHA512_CTX *c)
+       {
+       unsigned char *p=(unsigned char *)c->u.p;
+       size_t n=c->num;
+
+       p[n]=0x80;      /* There always is a room for one */
+       n++;
+       if (n > (sizeof(c->u)-16))
+               memset (p+n,0,sizeof(c->u)-n), n=0,
+               sha512_block (c,p,1);
+
+       memset (p+n,0,sizeof(c->u)-16-n);
+#ifdef B_ENDIAN
+       c->u.d[SHA_LBLOCK-2] = c->Nh;
+       c->u.d[SHA_LBLOCK-1] = c->Nl;
+#else
+       p[sizeof(c->u)-1]  = (unsigned char)(c->Nl);
+       p[sizeof(c->u)-2]  = (unsigned char)(c->Nl>>8);
+       p[sizeof(c->u)-3]  = (unsigned char)(c->Nl>>16);
+       p[sizeof(c->u)-4]  = (unsigned char)(c->Nl>>24);
+       p[sizeof(c->u)-5]  = (unsigned char)(c->Nl>>32);
+       p[sizeof(c->u)-6]  = (unsigned char)(c->Nl>>40);
+       p[sizeof(c->u)-7]  = (unsigned char)(c->Nl>>48);
+       p[sizeof(c->u)-8]  = (unsigned char)(c->Nl>>56);
+       p[sizeof(c->u)-9]  = (unsigned char)(c->Nh);
+       p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8);
+       p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16);
+       p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24);
+       p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32);
+       p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40);
+       p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48);
+       p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56);
+#endif
+
+       sha512_block (c,p,1);
+
+       if (md==0) return 0;
+
+       switch (c->md_len)
+               {
+               /* Let compiler decide if it's appropriate to unroll... */
+               case SHA384_DIGEST_LENGTH:
+                       for (n=0;n<SHA384_DIGEST_LENGTH/8;n++)
+                               {
+                               SHA_LONG64 t = c->h[n];
+
+                               *(md++) = (unsigned char)(t>>56);
+                               *(md++) = (unsigned char)(t>>48);
+                               *(md++) = (unsigned char)(t>>40);
+                               *(md++) = (unsigned char)(t>>32);
+                               *(md++) = (unsigned char)(t>>24);
+                               *(md++) = (unsigned char)(t>>16);
+                               *(md++) = (unsigned char)(t>>8);
+                               *(md++) = (unsigned char)(t);
+                               }
+                       break;
+               case SHA512_DIGEST_LENGTH:
+                       for (n=0;n<SHA512_DIGEST_LENGTH/8;n++)
+                               {
+                               SHA_LONG64 t = c->h[n];
+
+                               *(md++) = (unsigned char)(t>>56);
+                               *(md++) = (unsigned char)(t>>48);
+                               *(md++) = (unsigned char)(t>>40);
+                               *(md++) = (unsigned char)(t>>32);
+                               *(md++) = (unsigned char)(t>>24);
+                               *(md++) = (unsigned char)(t>>16);
+                               *(md++) = (unsigned char)(t>>8);
+                               *(md++) = (unsigned char)(t);
+                               }
+                       break;
+               /* ... as well as make sure md_len is not abused. */
+               default:        return 0;
+               }
+
+       return 1;
+       }
+
+int SHA384_Final (unsigned char *md,SHA512_CTX *c)
+{   return SHA512_Final (md,c);   }
+
+int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)
+       {
+       SHA_LONG64      l;
+       unsigned char  *p=c->u.p;
+       const unsigned char *data=(const unsigned char *)_data;
+
+       if(FIPS_selftest_failed())
+               return 0;
+
+       if (len==0) return  1;
+
+       l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff);
+       if (l < c->Nl)          c->Nh++;
+       if (sizeof(len)>=8)     c->Nh+=(((SHA_LONG64)len)>>61);
+       c->Nl=l;
+
+       if (c->num != 0)
+               {
+               size_t n = sizeof(c->u) - c->num;
+
+               if (len < n)
+                       {
+                       memcpy (p+c->num,data,len), c->num += len;
+                       return 1;
+                       }
+               else    {
+                       memcpy (p+c->num,data,n), c->num = 0;
+                       len-=n, data+=n;
+                       sha512_block (c,p,1);
+                       }
+               }
+
+       if (len >= sizeof(c->u))
+               {
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+               if ((size_t)data%sizeof(c->u.d[0]) != 0)
+                       while (len >= sizeof(c->u))
+                               memcpy (p,data,sizeof(c->u)),
+                               sha512_block (c,p,1),
+                               len  -= sizeof(c->u),
+                               data += sizeof(c->u);
+               else
+#endif
+                       sha512_block (c,data,len/sizeof(c->u)),
+                       data += len,
+                       len  %= sizeof(c->u),
+                       data -= len;
+               }
+
+       if (len != 0)   memcpy (p,data,len), c->num = (int)len;
+
+       return 1;
+       }
+
+int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)
+{   return SHA512_Update (c,data,len);   }
+
+void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)
+{   sha512_block (c,data,1);  }
+
+unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
+       {
+       SHA512_CTX c;
+       static unsigned char m[SHA384_DIGEST_LENGTH];
+
+       if (md == NULL) md=m;
+       SHA384_Init(&c);
+       SHA512_Update(&c,d,n);
+       SHA512_Final(md,&c);
+       OPENSSL_cleanse(&c,sizeof(c));
+       return(md);
+       }
+
+unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
+       {
+       SHA512_CTX c;
+       static unsigned char m[SHA512_DIGEST_LENGTH];
+
+       if (md == NULL) md=m;
+       SHA512_Init(&c);
+       SHA512_Update(&c,d,n);
+       SHA512_Final(md,&c);
+       OPENSSL_cleanse(&c,sizeof(c));
+       return(md);
+       }
+
+#ifndef SHA512_ASM
+static const SHA_LONG64 K512[80] = {
+        U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd),
+        U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc),
+        U64(0x3956c25bf348b538),U64(0x59f111f1b605d019),
+        U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118),
+        U64(0xd807aa98a3030242),U64(0x12835b0145706fbe),
+        U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2),
+        U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1),
+        U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694),
+        U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3),
+        U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65),
+        U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483),
+        U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5),
+        U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210),
+        U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4),
+        U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725),
+        U64(0x06ca6351e003826f),U64(0x142929670a0e6e70),
+        U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926),
+        U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df),
+        U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8),
+        U64(0x81c2c92e47edaee6),U64(0x92722c851482353b),
+        U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001),
+        U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30),
+        U64(0xd192e819d6ef5218),U64(0xd69906245565a910),
+        U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8),
+        U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53),
+        U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8),
+        U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb),
+        U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3),
+        U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60),
+        U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec),
+        U64(0x90befffa23631e28),U64(0xa4506cebde82bde9),
+        U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b),
+        U64(0xca273eceea26619c),U64(0xd186b8c721c0c207),
+        U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178),
+        U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6),
+        U64(0x113f9804bef90dae),U64(0x1b710b35131c471b),
+        U64(0x28db77f523047d84),U64(0x32caab7b40c72493),
+        U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c),
+        U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a),
+        U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) };
+
+#ifndef PEDANTIC
+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+#  if defined(__x86_64) || defined(__x86_64__)
+#   define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x)));  \
+                               asm ("bswapq    %0"             \
+                               : "=r"(ret)                     \
+                               : "0"(ret)); ret;               })
+#  endif
+# endif
+#endif
+
+#ifndef PULL64
+#define B(x,j)    (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
+#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
+#endif
+
+#ifndef PEDANTIC
+# if defined(_MSC_VER)
+#  if defined(_WIN64)  /* applies to both IA-64 and AMD64 */
+#   define ROTR(a,n)   _rotr64((a),n)
+#  endif
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+#  if defined(__x86_64) || defined(__x86_64__)
+#   define ROTR(a,n)   ({ unsigned long ret;           \
+                               asm ("rorq %1,%0"       \
+                               : "=r"(ret)             \
+                               : "J"(n),"0"(a)         \
+                               : "cc"); ret;           })
+#  elif defined(_ARCH_PPC) && defined(__64BIT__)
+#   define ROTR(a,n)   ({ unsigned long ret;           \
+                               asm ("rotrdi %0,%1,%2"  \
+                               : "=r"(ret)             \
+                               : "r"(a),"K"(n)); ret;  })
+#  endif
+# endif
+#endif
+
+#ifndef ROTR
+#define ROTR(x,s)      (((x)>>s) | (x)<<(64-s))
+#endif
+
+#define Sigma0(x)      (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+#define Sigma1(x)      (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+#define sigma0(x)      (ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
+#define sigma1(x)      (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+
+#define Ch(x,y,z)      (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z)     (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
+#define        GO_FOR_SSE2(ctx,in,num)         do {            \
+       void    sha512_block_sse2(void *,const void *,size_t);  \
+       if (!(OPENSSL_ia32cap_P & (1<<26))) break;      \
+       sha512_block_sse2(ctx->h,in,num); return;       \
+                                       } while (0)
+#endif
+
+#ifdef OPENSSL_SMALL_FOOTPRINT
+
+static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
+       {
+       const SHA_LONG64 *W=in;
+       SHA_LONG64      a,b,c,d,e,f,g,h,s0,s1,T1,T2;
+       SHA_LONG64      X[16];
+       int i;
+
+#ifdef GO_FOR_SSE2
+       GO_FOR_SSE2(ctx,in,num);
+#endif
+
+                       while (num--) {
+
+       a = ctx->h[0];  b = ctx->h[1];  c = ctx->h[2];  d = ctx->h[3];
+       e = ctx->h[4];  f = ctx->h[5];  g = ctx->h[6];  h = ctx->h[7];
+
+       for (i=0;i<16;i++)
+               {
+#ifdef B_ENDIAN
+               T1 = X[i] = W[i];
+#else
+               T1 = X[i] = PULL64(W[i]);
+#endif
+               T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
+               T2 = Sigma0(a) + Maj(a,b,c);
+               h = g;  g = f;  f = e;  e = d + T1;
+               d = c;  c = b;  b = a;  a = T1 + T2;
+               }
+
+       for (;i<80;i++)
+               {
+               s0 = X[(i+1)&0x0f];     s0 = sigma0(s0);
+               s1 = X[(i+14)&0x0f];    s1 = sigma1(s1);
+
+               T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
+               T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
+               T2 = Sigma0(a) + Maj(a,b,c);
+               h = g;  g = f;  f = e;  e = d + T1;
+               d = c;  c = b;  b = a;  a = T1 + T2;
+               }
+
+       ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
+       ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
+
+                       W+=SHA_LBLOCK;
+                       }
+       }
+
+#else
+
+#define        ROUND_00_15(i,a,b,c,d,e,f,g,h)          do {    \
+       T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];      \
+       h = Sigma0(a) + Maj(a,b,c);                     \
+       d += T1;        h += T1;                } while (0)
+
+#define        ROUND_16_80(i,a,b,c,d,e,f,g,h,X)        do {    \
+       s0 = X[(i+1)&0x0f];     s0 = sigma0(s0);        \
+       s1 = X[(i+14)&0x0f];    s1 = sigma1(s1);        \
+       T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];    \
+       ROUND_00_15(i,a,b,c,d,e,f,g,h);         } while (0)
+
+static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
+       {
+       const SHA_LONG64 *W=in;
+       SHA_LONG64      a,b,c,d,e,f,g,h,s0,s1,T1;
+       SHA_LONG64      X[16];
+       int i;
+
+#ifdef GO_FOR_SSE2
+       GO_FOR_SSE2(ctx,in,num);
+#endif
+
+                       while (num--) {
+
+       a = ctx->h[0];  b = ctx->h[1];  c = ctx->h[2];  d = ctx->h[3];
+       e = ctx->h[4];  f = ctx->h[5];  g = ctx->h[6];  h = ctx->h[7];
+
+#ifdef B_ENDIAN
+       T1 = X[0] = W[0];       ROUND_00_15(0,a,b,c,d,e,f,g,h);
+       T1 = X[1] = W[1];       ROUND_00_15(1,h,a,b,c,d,e,f,g);
+       T1 = X[2] = W[2];       ROUND_00_15(2,g,h,a,b,c,d,e,f);
+       T1 = X[3] = W[3];       ROUND_00_15(3,f,g,h,a,b,c,d,e);
+       T1 = X[4] = W[4];       ROUND_00_15(4,e,f,g,h,a,b,c,d);
+       T1 = X[5] = W[5];       ROUND_00_15(5,d,e,f,g,h,a,b,c);
+       T1 = X[6] = W[6];       ROUND_00_15(6,c,d,e,f,g,h,a,b);
+       T1 = X[7] = W[7];       ROUND_00_15(7,b,c,d,e,f,g,h,a);
+       T1 = X[8] = W[8];       ROUND_00_15(8,a,b,c,d,e,f,g,h);
+       T1 = X[9] = W[9];       ROUND_00_15(9,h,a,b,c,d,e,f,g);
+       T1 = X[10] = W[10];     ROUND_00_15(10,g,h,a,b,c,d,e,f);
+       T1 = X[11] = W[11];     ROUND_00_15(11,f,g,h,a,b,c,d,e);
+       T1 = X[12] = W[12];     ROUND_00_15(12,e,f,g,h,a,b,c,d);
+       T1 = X[13] = W[13];     ROUND_00_15(13,d,e,f,g,h,a,b,c);
+       T1 = X[14] = W[14];     ROUND_00_15(14,c,d,e,f,g,h,a,b);
+       T1 = X[15] = W[15];     ROUND_00_15(15,b,c,d,e,f,g,h,a);
+#else
+       T1 = X[0]  = PULL64(W[0]);      ROUND_00_15(0,a,b,c,d,e,f,g,h);
+       T1 = X[1]  = PULL64(W[1]);      ROUND_00_15(1,h,a,b,c,d,e,f,g);
+       T1 = X[2]  = PULL64(W[2]);      ROUND_00_15(2,g,h,a,b,c,d,e,f);
+       T1 = X[3]  = PULL64(W[3]);      ROUND_00_15(3,f,g,h,a,b,c,d,e);
+       T1 = X[4]  = PULL64(W[4]);      ROUND_00_15(4,e,f,g,h,a,b,c,d);
+       T1 = X[5]  = PULL64(W[5]);      ROUND_00_15(5,d,e,f,g,h,a,b,c);
+       T1 = X[6]  = PULL64(W[6]);      ROUND_00_15(6,c,d,e,f,g,h,a,b);
+       T1 = X[7]  = PULL64(W[7]);      ROUND_00_15(7,b,c,d,e,f,g,h,a);
+       T1 = X[8]  = PULL64(W[8]);      ROUND_00_15(8,a,b,c,d,e,f,g,h);
+       T1 = X[9]  = PULL64(W[9]);      ROUND_00_15(9,h,a,b,c,d,e,f,g);
+       T1 = X[10] = PULL64(W[10]);     ROUND_00_15(10,g,h,a,b,c,d,e,f);
+       T1 = X[11] = PULL64(W[11]);     ROUND_00_15(11,f,g,h,a,b,c,d,e);
+       T1 = X[12] = PULL64(W[12]);     ROUND_00_15(12,e,f,g,h,a,b,c,d);
+       T1 = X[13] = PULL64(W[13]);     ROUND_00_15(13,d,e,f,g,h,a,b,c);
+       T1 = X[14] = PULL64(W[14]);     ROUND_00_15(14,c,d,e,f,g,h,a,b);
+       T1 = X[15] = PULL64(W[15]);     ROUND_00_15(15,b,c,d,e,f,g,h,a);
+#endif
+
+       for (i=16;i<80;i+=8)
+               {
+               ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X);
+               ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X);
+               ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X);
+               ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X);
+               ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X);
+               ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X);
+               ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X);
+               ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X);
+               }
+
+       ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
+       ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
+
+                       W+=SHA_LBLOCK;
+                       }
+       }
+
+#endif
+
+#endif /* SHA512_ASM */
+
+#endif /* OPENSSL_NO_SHA512 */
index 6146b07812e754a060fd4dbf1eb558c3b1f758af..bf31d3b845136d1dd1caec7671341f553b2f93a5 100644 (file)
@@ -60,7 +60,7 @@
 #include <string.h>
 
 #include <openssl/opensslconf.h>
-#include <openssl/sha.h>
+#include <openssl/fips_sha.h>
 #include <openssl/fips.h>
 
 #ifndef SHA_LONG_LOG2
@@ -93,8 +93,8 @@
 # define HASH_BLOCK_DATA_ORDER         sha_block_data_order
 # define Xupdate(a,ix,ia,ib,ic,id)     (ix=(a)=(ia^ib^ic^id))
 
-  void sha_block_host_order (SHA_CTX *c, const void *p,FIPS_SHA_SIZE_T num);
-  void sha_block_data_order (SHA_CTX *c, const void *p,FIPS_SHA_SIZE_T num);
+  void sha_block_host_order (SHA_CTX *c, const void *p,size_t num);
+  void sha_block_data_order (SHA_CTX *c, const void *p,size_t num);
 
 #elif defined(SHA_1)
 
 #   define HASH_BLOCK_DATA_ORDER_ALIGNED       sha1_block_asm_data_order
 #  endif
 # endif
-  void sha1_block_host_order (SHA_CTX *c, const void *p,FIPS_SHA_SIZE_T num);
-  void sha1_block_data_order (SHA_CTX *c, const void *p,FIPS_SHA_SIZE_T num);
+  void sha1_block_host_order (SHA_CTX *c, const void *p,size_t num);
+  void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
 
 #else
 # error "Either SHA_0 or SHA_1 must be defined."
 
 int HASH_INIT (SHA_CTX *c)
        {
+       /* This assert denotes binary compatibility in 0.9.7 context
+           and commonly optimized away by compiler. */
+       OPENSSL_assert(sizeof(unsigned long)<=sizeof(size_t));
        c->h0=INIT_DATA_h0;
        c->h1=INIT_DATA_h1;
        c->h2=INIT_DATA_h2;
@@ -222,7 +225,7 @@ int HASH_INIT (SHA_CTX *c)
 #endif
 
 #ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER
-void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, FIPS_SHA_SIZE_T num)
+void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num)
        {
        const SHA_LONG *W=d;
        register unsigned MD32_REG_T A,B,C,D,E,T;
@@ -350,7 +353,7 @@ void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, FIPS_SHA_SIZE_T num)
 #endif
 
 #ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER
-void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, FIPS_SHA_SIZE_T num)
+void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
        {
        const unsigned char *data=p;
        register unsigned MD32_REG_T A,B,C,D,E,T,l;
index 1c2ec469e9cf2253e1d66eead3c18100c75c741c..2ea3a41ce5aa2c8674fa48cad4f08771f713c4fc 100644 (file)
  *
  */
 
-#include <openssl/sha.h>
-#include <openssl/hmac.h>
-#include <openssl/opensslconf.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/fips_sha.h>
+#include <openssl/hmac.h>
 
 int FIPS_selftest_failed() { return 0; }
+void OPENSSL_cleanse(void *p,size_t len) {}
 
 #ifdef OPENSSL_FIPS