my $cross_compile_prefix="";
my $fipslibdir="/usr/local/ssl/fips-2.0/lib/";
my $nofipscanistercheck=0;
-my $fipscanisterinternal="n";
-my $fipscanisteronly = 0;
my $baseaddr="0xFB00000";
my $no_threads=0;
my $threads=0;
);
my @experimental = ();
-# If ssl directory missing assume truncated FIPS tarball
-if (!-d "ssl")
- {
- print STDERR "Auto Configuring fipsonly\n";
- $fips = 1;
- $nofipscanistercheck = 1;
- $fipslibdir="";
- $fipscanisterinternal="y";
- $fipscanisteronly = 2;
- if (! -f "crypto/bn/bn_gf2m.c" )
- {
- $disabled{ec2m} = "forced";
- }
- }
-
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
$fips = 1;
$nofipscanistercheck = 1;
}
- elsif (/^fipscheck$/)
- {
- if ($fipscanisteronly != 2)
- {
- print STDERR <<"EOF";
-ERROR: FIPS not autodetected. Not running from restricted tarball??
-EOF
- exit(1);
- }
- }
- elsif (/^fipscanisteronly$/)
- {
- $fips = 1;
- $nofipscanistercheck = 1;
- $fipslibdir="";
- $fipscanisterinternal="y";
- $fipscanisteronly = 1;
- }
- elsif (/^fipscanisterbuild$/)
- {
- $fips = 1;
- $nofipscanistercheck = 1;
- $fipslibdir="";
- $fipscanisterinternal="y";
- $fipscanisteronly = 1;
- }
elsif (/^[-+]/)
{
if (/^--prefix=(.*)$/)
if ($fips)
{
$openssl_other_defines.="#define OPENSSL_FIPS\n";
- if ($fipscanisterinternal eq "y")
- {
- $openssl_other_defines.="#define OPENSSL_FIPSCANISTER\n";
- $cflags = "-DOPENSSL_FIPSCANISTER $cflags";
- }
}
$cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
# aes-xts.o indicates presence of AES_xts_[en|de]crypt...
$cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//);
$aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2);
- $aes_obj =~ s/\s*(vp|bs)aes-\w*\.o//g if ($fipscanisterinternal eq "y");
$cflags.=" -DVPAES_ASM" if ($aes_obj =~ m/vpaes/);
$cflags.=" -DBSAES_ASM" if ($aes_obj =~ m/bsaes/);
}
}
}
-if ($fipscanisterinternal eq "y")
- {
- open(IN,"<fips/fips_auth.in") || die "can't open fips_auth.in";
- open(OUT,">fips/fips_auth.h") || die "can't open fips_auth.h";
- while(<IN>)
- {
- s/FIPS_AUTH_KEY.*$/FIPS_AUTH_KEY $fips_auth_key/ if defined $fips_auth_key;
- s/FIPS_AUTH_CRYPTO_OFFICER.*$/FIPS_AUTH_CRYPTO_OFFICER $fips_auth_officer/ if defined $fips_auth_officer;
- s/FIPS_AUTH_CRYPTO_USER.*$/FIPS_AUTH_CRYPTO_USER $fips_auth_user/ if defined $fips_auth_user;
- print OUT $_;
- }
- close IN;
- close OUT;
- }
-
-my $mforg = $fipscanisteronly ? "Makefile.fips" : "Makefile.org";
-
-open(IN,"<$mforg") || die "unable to read $mforg:$!\n";
+open(IN,"<Makefile.org") || die "unable to read Makefile.org:$!\n";
unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-print OUT "### Generated automatically from $mforg by Configure.\n\n";
+print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
my $sdirs=0;
-if ($fipscanisteronly)
- {
- $aes_obj =~ s/aesni-sha1-x86_64.o//;
- $bn_obj =~ s/modexp512-x86_64.o//;
- }
-
while (<IN>)
{
chomp;
s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
s/^SHARED_FIPS=.*/SHARED_FIPS=/;
s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/;
- s/^FIPSCANISTERINTERNAL=.*/FIPSCANISTERINTERNAL=$fipscanisterinternal/;
s/^BASEADDR=.*/BASEADDR=$baseaddr/;
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
}
s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
- if ($fipscanisteronly && exists $disabled{"ec2m"})
- {
- next if (/ec2_/ || /bn_gf2m/);
- }
print OUT $_."\n";
}
close(IN);
$make_targets .= " gentests" if $symlink;
(system $make_command.$make_targets) == 0 or die "make $make_targets failed"
if $make_targets ne "";
- if ( $fipscanisteronly )
- {}
- elsif ( $perl =~ m@^/@) {
+ if ( $perl =~ m@^/@) {
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
&dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
} else {
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
- if ($depflags ne $default_depflags && !$make_depend && !$fipscanisteronly) {
+ if ($depflags ne $default_depflags && !$make_depend) {
print <<EOF;
Since you've disabled or enabled at least one algorithm, you need to do
(but please first make sure you have tried with a current version of OpenSSL).
EOF
-print <<\EOF if ($fipscanisterinternal eq "y");
-
-WARNING: OpenSSL has been configured using unsupported option(s) to internally
-generate a fipscanister.o object module for TESTING PURPOSES ONLY; that
-compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the
-OpenSSL FIPS Object Module as identified by the CMVP
-(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS
-140-2 validated software.
-
-This is a test OpenSSL 2.0 FIPS module.
-
-See the file README.FIPS for details of how to build a test library.
-
-EOF
-
exit(0);
sub usage
+++ /dev/null
-##
-## Makefile for OpenSSL: fipscanister.o only
-##
-
-VERSION=fips-2.0-test
-MAJOR=
-MINOR=
-SHLIB_VERSION_NUMBER=
-SHLIB_VERSION_HISTORY=
-SHLIB_MAJOR=
-SHLIB_MINOR=
-SHLIB_EXT=
-PLATFORM=dist
-OPTIONS=
-CONFIGURE_ARGS=
-SHLIB_TARGET=
-
-# HERE indicates where this Makefile lives. This can be used to indicate
-# where sub-Makefiles are expected to be. Currently has very limited usage,
-# and should probably not be bothered with at all.
-HERE=.
-
-# INSTALL_PREFIX is for package builders so that they can configure
-# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
-# Normally it is left empty.
-INSTALL_PREFIX=
-INSTALLTOP=/usr/local/ssl
-
-# Do not edit this manually. Use Configure --openssldir=DIR do change this!
-OPENSSLDIR=/usr/local/ssl
-
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4 - Define to build without the RC4 algorithm
-# NO_RC2 - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-# one. 32 bytes will be read from this when the random
-# number generator is initalised.
-# SSL_FORBID_ENULL - define if you want the server to be not able to use the
-# NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# REF_PRINT - prints some stuff on structure free.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-# call application defined callbacks via CRYPTO_set_mem_functions()
-# MD5_ASM needs to be defined to use the x86 assembler for MD5
-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
-# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
-# equal 4.
-# PKCS1_CHECK - pkcs1 tests.
-
-CC= cc
-CFLAG= -O
-DEPFLAG=
-PEX_LIBS=
-EX_LIBS=
-EXE_EXT=
-ARFLAGS=
-AR=ar $(ARFLAGS) r
-RANLIB= ranlib
-NM= nm
-PERL= perl
-TAR= tar
-TARFLAGS= --no-recursion
-MAKEDEPPROG=makedepend
-LIBDIR=lib
-
-# We let the C compiler driver to take care of .s files. This is done in
-# order to be excused from maintaining a separate set of architecture
-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
-# gcc, then the driver will automatically translate it to -xarch=v8plus
-# and pass it down to assembler.
-#AS=$(CC) -c
-ASFLAG=$(CFLAG)
-
-# For x86 assembler: Set PROCESSOR to 386 if you want to support
-# the 80386.
-PROCESSOR=
-
-# CPUID module collects small commonly used assembler snippets
-CPUID_OBJ=
-BN_ASM= bn_asm.o
-DES_ENC= des_enc.o fcrypt_b.o
-AES_ENC= aes_core.o aes_cbc.o
-BF_ENC= bf_enc.o
-CAST_ENC= c_enc.o
-RC4_ENC= rc4_enc.o
-RC5_ENC= rc5_enc.o
-MD5_ASM_OBJ=
-SHA1_ASM_OBJ=
-RMD160_ASM_OBJ=
-WP_ASM_OBJ=
-CMLL_ENC=
-MODES_ASM_OBJ=
-PERLASM_SCHEME=
-
-# KRB5 stuff
-KRB5_INCLUDES=
-LIBKRB5=
-
-# Zlib stuff
-ZLIB_INCLUDE=
-LIBZLIB=
-
-# This is the location of fipscanister.o and friends.
-# The FIPS module build will place it $(INSTALLTOP)/lib
-# but since $(INSTALLTOP) can only take the default value
-# when the module is built it will be in /usr/local/ssl/lib
-# $(INSTALLTOP) for this build may be different so hard
-# code the path.
-
-FIPSLIBDIR=/usr/local/ssl/$(LIBDIR)/
-
-# This is set to "y" if fipscanister.o is compiled internally as
-# opposed to coming from an external validated location.
-
-FIPSCANISTERINTERNAL=n
-
-# This is set if we only build fipscanister.o
-
-FIPSCANISTERONLY=y
-
-# The location of the library which contains fipscanister.o
-# normally it will be libcrypto unless fipsdso is set in which
-# case it will be libfips. If not compiling in FIPS mode at all
-# this is empty making it a useful test for a FIPS compile.
-
-FIPSCANLIB=
-
-# Shared library base address. Currently only used on Windows.
-#
-
-BASEADDR=
-
-DIRS= crypto fips test
-ENGDIRS= ccgost
-SHLIBDIRS= crypto
-
-# dirs in crypto to build
-SDIRS= \
- sha hmac des aes modes \
- bn ec rsa dsa ecdsa dh \
- buffer evp ecdh cmac
-# keep in mind that the above list is adjusted by ./Configure
-# according to no-xxx arguments...
-
-LINKDIRS= \
- objects sha hmac des aes modes \
- bn ec rsa dsa ecdh cmac ecdsa dh engine \
- buffer bio stack lhash rand err \
- evp asn1 ui
-
-# tests to perform. "alltests" is a special word indicating that all tests
-# should be performed.
-TESTS = alltests
-
-MAKEFILE= Makefile
-
-MANDIR=$(OPENSSLDIR)/man
-MAN1=1
-MAN3=3
-MANSUFFIX=
-HTMLSUFFIX=html
-HTMLDIR=$(OPENSSLDIR)/html
-SHELL=/bin/sh
-
-TOP= .
-ONEDIRS=out tmp
-EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
-WDIRS= windows
-LIBS=
-SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=
-SHARED_LDFLAGS=
-
-GENERAL= Makefile
-BASENAME= openssl
-NAME= $(BASENAME)-$(VERSION)
-TARFILE= openssl-fips-2.0-test.tar
-WTARFILE= $(NAME)-win.tar
-EXHEADER= e_os2.h
-HEADER= e_os.h
-
-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
-
-# as we stick to -e, CLEARENV ensures that local variables in lower
-# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-# shell, which [annoyingly enough] terminates unset with error if VAR
-# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
-# which terminates unset with error if no variable was present:-(
-CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
- $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
- $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
- $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
- $${EXHEADER+EXHEADER} $${HEADER+HEADER} \
- $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
- $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
- $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
- $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
- $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
-
-BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
- CC='$(CC)' CFLAG='$(CFLAG)' \
- ASFLAG='$(CFLAG) -c' \
- AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
- CROSS_COMPILE='$(CROSS_COMPILE)' \
- PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
- SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
- INSTALL_PREFIX='$(INSTALL_PREFIX)' \
- INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \
- LIBDIR='$(LIBDIR)' \
- MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
- DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
- MAKEDEPPROG='$(MAKEDEPPROG)' \
- SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
- KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
- ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
- EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
- SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
- PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
- CPUID_OBJ='$(CPUID_OBJ)' \
- BN_ASM='$(BN_ASM)' DES_ENC='$(DES_ENC)' \
- AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \
- BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \
- RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \
- SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \
- MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \
- RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \
- WP_ASM_OBJ='$(WP_ASM_OBJ)' \
- MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \
- PERLASM_SCHEME='$(PERLASM_SCHEME)' \
- FIPSLIBDIR='${FIPSLIBDIR}' \
- FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
- FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \
- FIPSCANISTERONLY='${FIPSCANISTERONLY}' \
- FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
- THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
-# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
-# which in turn eliminates ambiguities in variable treatment with -e.
-
-# BUILD_CMD is a generic macro to build a given target in a given
-# subdirectory. The target must be given through the shell variable
-# `target' and the subdirectory to build in must be given through `dir'.
-# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
-# BUILD_ONE_CMD instead.
-#
-# BUILD_ONE_CMD is a macro to build a given target in a given
-# subdirectory if that subdirectory is part of $(DIRS). It requires
-# exactly the same shell variables as BUILD_CMD.
-#
-# RECURSIVE_BUILD_CMD is a macro to build a given target in all
-# subdirectories defined in $(DIRS). It requires that the target
-# is given through the shell variable `target'.
-BUILD_CMD= if [ -d "$$dir" ]; then \
- ( cd $$dir && echo "making $$target in $$dir..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
- ) || exit 1; \
- fi
-RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
-BUILD_ONE_CMD=\
- if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
- $(BUILD_CMD); \
- fi
-
-reflect:
- @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-
-FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
- ../crypto/aes/aes_ecb.o \
- ../crypto/aes/aes_ofb.o \
- ../crypto/bn/bn_add.o \
- ../crypto/bn/bn_blind.o \
- ../crypto/bn/bn_ctx.o \
- ../crypto/bn/bn_div.o \
- ../crypto/bn/bn_exp2.o \
- ../crypto/bn/bn_exp.o \
- ../crypto/bn/bn_gcd.o \
- ../crypto/bn/bn_gf2m.o \
- ../crypto/bn/bn_lib.o \
- ../crypto/bn/bn_mod.o \
- ../crypto/bn/bn_mont.o \
- ../crypto/bn/bn_mul.o \
- ../crypto/bn/bn_nist.o \
- ../crypto/bn/bn_prime.o \
- ../crypto/bn/bn_rand.o \
- ../crypto/bn/bn_recp.o \
- ../crypto/bn/bn_shift.o \
- ../crypto/bn/bn_sqr.o \
- ../crypto/bn/bn_word.o \
- ../crypto/bn/bn_x931p.o \
- ../crypto/buffer/buf_str.o \
- ../crypto/cmac/cmac.o \
- ../crypto/cryptlib.o \
- ../crypto/des/cfb64ede.o \
- ../crypto/des/cfb64enc.o \
- ../crypto/des/cfb_enc.o \
- ../crypto/des/ecb3_enc.o \
- ../crypto/des/ofb64ede.o \
- ../crypto/des/fcrypt.o \
- ../crypto/des/set_key.o \
- ../crypto/dh/dh_check.o \
- ../crypto/dh/dh_gen.o \
- ../crypto/dh/dh_key.o \
- ../crypto/dsa/dsa_gen.o \
- ../crypto/dsa/dsa_key.o \
- ../crypto/dsa/dsa_ossl.o \
- ../crypto/ec/ec_curve.o \
- ../crypto/ec/ec_cvt.o \
- ../crypto/ec/ec_key.o \
- ../crypto/ec/ec_lib.o \
- ../crypto/ec/ecp_mont.o \
- ../crypto/ec/ec_mult.o \
- ../crypto/ec/ecp_nist.o \
- ../crypto/ec/ecp_smpl.o \
- ../crypto/ec/ec2_mult.o \
- ../crypto/ec/ec2_smpl.o \
- ../crypto/ecdh/ech_key.o \
- ../crypto/ecdh/ech_ossl.o \
- ../crypto/ecdsa/ecs_ossl.o \
- ../crypto/evp/e_aes.o \
- ../crypto/evp/e_des3.o \
- ../crypto/evp/e_null.o \
- ../crypto/evp/m_sha1.o \
- ../crypto/evp/m_dss1.o \
- ../crypto/evp/m_dss.o \
- ../crypto/evp/m_ecdsa.o \
- ../crypto/hmac/hmac.o \
- ../crypto/modes/cbc128.o \
- ../crypto/modes/ccm128.o \
- ../crypto/modes/cfb128.o \
- ../crypto/modes/ctr128.o \
- ../crypto/modes/gcm128.o \
- ../crypto/modes/ofb128.o \
- ../crypto/modes/xts128.o \
- ../crypto/rsa/rsa_eay.o \
- ../crypto/rsa/rsa_gen.o \
- ../crypto/rsa/rsa_crpt.o \
- ../crypto/rsa/rsa_none.o \
- ../crypto/rsa/rsa_oaep.o \
- ../crypto/rsa/rsa_pk1.o \
- ../crypto/rsa/rsa_pss.o \
- ../crypto/rsa/rsa_ssl.o \
- ../crypto/rsa/rsa_x931.o \
- ../crypto/rsa/rsa_x931g.o \
- ../crypto/sha/sha1dgst.o \
- ../crypto/sha/sha256.o \
- ../crypto/sha/sha512.o \
- ../crypto/thr_id.o \
- ../crypto/uid.o
-
-sub_all: build_all
-build_all: build_libs
-
-build_libs: build_crypto build_fips
-
-build_fips:
- @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
-
-build_crypto:
- if [ -n "$(FIPSCANLIB)" ]; then \
- EXCL_OBJ='$(AES_ENC) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(MODES_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
- ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
- else \
- ARX='${AR}' ; \
- fi ; export ARX ; \
- if [ $(FIPSCANISTERINTERNAL) = "y" ]; then \
- AS='$(PERL) $${TOP}/util/fipsas.pl $${TOP} $${<} $(CC)' ; \
- else \
- AS='$(CC) -c' ; \
- fi ; export AS ; \
- dir=crypto; target=fips; $(BUILD_ONE_CMD)
-build_ssl:
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines:
- @dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps:
- @dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests:
- @dir=test; target=fipsexe; $(BUILD_ONE_CMD)
-build_algvs:
- @dir=test; target=fipsalgvs; $(BUILD_ONE_CMD)
-build_tools:
- @dir=tools; target=all; $(BUILD_ONE_CMD)
-
-all_testapps: build_libs build_testapps
-build_testapps:
- @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-
-libcrypto$(SHLIB_EXT): libcrypto.a build_fips
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
- if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
- FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
- export CC FIPSLD_CC; \
- fi; \
- $(MAKE) SHLIBDIRS=crypto build-shared; \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
- exit 1; \
- fi
-
-libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
- exit 1; \
- fi
-
-clean-shared:
- @set -e; for i in $(SHLIBDIRS); do \
- if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
- tmp="$(SHARED_LIBS_LINK_EXTS)"; \
- for j in $${tmp:-x}; do \
- ( set -x; rm -f lib$$i$$j ); \
- done; \
- fi; \
- ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
- if [ "$(PLATFORM)" = "Cygwin" ]; then \
- ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
- fi; \
- done
-
-link-shared:
- @ set -e; for i in $(SHLIBDIRS); do \
- $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
- LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
- symlink.$(SHLIB_TARGET); \
- libs="$$libs -l$$i"; \
- done
-
-build-shared: do_$(SHLIB_TARGET) link-shared
-
-do_$(SHLIB_TARGET):
- @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
- if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
- LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
- LIBDEPS="$$libs $(EX_LIBS)" \
- link_a.$(SHLIB_TARGET); \
- libs="-l$$i $$libs"; \
- done
-
-libcrypto.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL-libcrypto'; \
- echo 'Description: OpenSSL cryptography library'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
-
-libssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL'; \
- echo 'Description: Secure Sockets Layer and cryptography libraries'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
-
-openssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL'; \
- echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
-
-Makefile: Makefile.fips Configure config
- @echo "Makefile is older than Makefile.org, Configure or config."
- @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
- @false
-
-libclean:
- rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
-
-clean: libclean
- rm -f shlib/*.o *.o core a.out fluff testlog make.log cctest cctest.c
- @set -e; target=clean; $(RECURSIVE_BUILD_CMD)
- rm -f $(LIBS)
- rm -f openssl.pc libssl.pc libcrypto.pc
- rm -f speed.* .pure
- rm -f $(TARFILE)
- @set -e; for i in $(ONEDIRS) ;\
- do \
- rm -fr $$i/*; \
- done
-
-makefile.one: files
- $(PERL) util/mk1mf.pl >makefile.one; \
- sh util/do_ms.sh
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
- @set -e; target=files; $(RECURSIVE_BUILD_CMD)
-
-links:
- @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
- @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
- @set -e; dir=fips target=links; $(RECURSIVE_BUILD_CMD)
- @(cd crypto ; SDIRS='$(LINKDIRS)' $(MAKE) -e links)
-
-gentests:
- @(cd test && echo "generating dummy tests (if needed)..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
-
-dclean:
- rm -rf *.bak include/openssl certs/.0
- @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
-
-test: tests
-
-tests:
- @echo "Not implemented in FIPS build" ; false
-
-report:
- @$(PERL) util/selftest.pl
-
-depend:
- @echo make depend not supported ; false
-
-lint:
- @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-
-tags:
- rm -f TAGS
- find . -name '[^.]*.[ch]' | xargs etags -a
-
-errors:
- $(PERL) util/mkerr.pl -recurse -write
- (cd engines; $(MAKE) PERL=$(PERL) errors)
- $(PERL) util/ck_errf.pl -strict */*.c */*/*.c
-
-stacks:
- $(PERL) util/mkstack.pl -write
-
-util/libeay.num::
- $(PERL) util/mkdef.pl crypto update
-
-util/ssleay.num::
- $(PERL) util/mkdef.pl ssl update
-
-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
- $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
- $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
-crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
- $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
-
-apps/openssl-vms.cnf: apps/openssl.cnf
- $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
-
-crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
- $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
-
-
-TABLE: Configure
- (echo 'Output of `Configure TABLE'"':"; \
- $(PERL) Configure TABLE) > TABLE
-
-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
-
-# Build distribution tar-file. As the list of files returned by "find" is
-# pretty long, on several platforms a "too many arguments" error or similar
-# would occur. Therefore the list of files is temporarily stored into a file
-# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
-# tar does not support the --files-from option.
-tar:
- find . -type d -print | xargs chmod 755
- find . -type f -print | xargs chmod a+r
- find . -type f -perm -0100 -print | xargs chmod a+x
- find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | $(BUILDENV) LINKDIRS='$(LINKDIRS)' $(PERL) util/fipsdist.pl | sort > ../$(TARFILE).list; \
- $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
- tardy --user_number=0 --user_name=openssl \
- --group_number=0 --group_name=openssl \
- --prefix=openssl-$(VERSION) - |\
- gzip --best >../$(TARFILE).gz; \
- rm -f ../$(TARFILE).list; \
- ls -l ../$(TARFILE).gz
-
-tar-snap:
- @$(TAR) $(TARFLAGS) -cvf - \
- `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
- tardy --user_number=0 --user_name=openssl \
- --group_number=0 --group_name=openssl \
- --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
- ls -l ../$(TARFILE)
-
-dist:
- $(PERL) Configure dist fipscanisteronly
- @$(MAKE) dist_pem_h
- @$(MAKE) SDIRS='$(SDIRS)' clean
- @$(MAKE) -f Makefile.fips TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
-
-dist_pem_h:
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-
-install: all install_sw
-
-install_sw:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
- $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl
- @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
+++ /dev/null
-#
-# OpenSSL/crypto/Makefile
-#
-
-DIR= fips
-TOP= ..
-CC= cc
-INCLUDE= -I. -I$(TOP) -I../include
-# INCLUDES targets sudbirs!
-INCLUDES= -I.. -I../.. -I../../include
-CFLAG= -g
-MAKEDEPPROG= makedepend
-MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE= Makefile
-RM= rm -f
-AR= ar r
-ARD= ar d
-TEST= fips_test_suite.c
-FIPS_TVDIR= testvectors
-FIPS_TVOK= $$HOME/fips/tv.ok
-
-FIPSCANLOC= $(FIPSLIBDIR)fipscanister.o
-
-RECURSIVE_MAKE= [ -n "$(FDIRS)" ] && for i in $(FDIRS) ; do \
- (cd $$i && echo "making $$target in $(DIR)/$$i..." && \
- $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \
- done;
-
-PEX_LIBS=
-EX_LIBS=
-
-CFLAGS= $(INCLUDE) $(CFLAG) -DHMAC_EXT=\"$${HMAC_EXT:-sha1}\"
-ASFLAGS= $(INCLUDE) $(ASFLAG)
-AFLAGS=$(ASFLAGS)
-
-LIBS=
-
-FDIRS=sha rand des aes dsa ecdh ecdsa rsa dh cmac hmac utl
-
-GENERAL=Makefile README fips-lib.com install.com
-
-LIB= $(TOP)/libcrypto.a
-SHARED_LIB= $(FIPSCANLIB)$(SHLIB_EXT)
-LIBSRC=fips.c fips_post.c
-LIBOBJ=fips.o fips_post.o
-
-FIPS_OBJ_LISTS=sha/lib hmac/lib rand/lib des/lib aes/lib dsa/lib rsa/lib \
- dh/lib utl/lib ecdsa/lib ecdh/lib cmac/lib
-
-SRC= $(LIBSRC)
-
-EXHEADER=fips.h fipssyms.h
-HEADER=$(EXHEADER) fips_utl.h fips_locl.h fips_auth.h
-EXE=fipsld fips_standalone_sha1
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- @(cd ..; $(MAKE) DIRS=$(DIR) all)
-
-testapps:
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
-all:
- @if [ -n "$(FIPSCANISTERONLY)" ]; then \
- $(MAKE) -e subdirs lib ; \
- elif [ -z "$(FIPSLIBDIR)" ]; then \
- $(MAKE) -e subdirs lib fips_premain_dso$(EXE_EXT); \
- else \
- $(MAKE) -e lib fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT); \
- fi
-
-# Idea behind fipscanister.o is to "seize" the sequestered code between
-# known symbols for fingerprinting purposes, which would be commonly
-# done with ld -r start.o ... end.o. The latter however presents a minor
-# challenge on multi-ABI platforms. As just implied, we'd rather use ld,
-# but the trouble is that we don't generally know how ABI-selection
-# compiler flag is translated to corresponding linker flag. All compiler
-# drivers seem to recognize -r flag and pass it down to linker, but some
-# of them, including gcc, erroneously add -lc, as well as run-time
-# components, such as crt1.o and alike. Fortunately among those vendor
-# compilers which were observed to misinterpret -r flag multi-ABI ones
-# are equipped with smart linkers, which don't require any ABI-selection
-# flag and simply assume that all objects are of the same type as first
-# one in command line. So the idea is to identify gcc and deficient
-# vendor compiler drivers...
-
-fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o
- FIPS_ASM=""; \
- list="$(BN_ASM)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/bn/$$i" ; done; \
- list="$(AES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/aes/$$i" ; done; \
- list="$(DES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/des/$$i" ; done; \
- list="$(SHA1_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/sha/$$i" ; done; \
- list="$(MODES_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/modes/$$i" ; done; \
- CPUID=""; \
- list="$(CPUID_OBJ)"; for i in $$list; do CPUID="$$CPUID ../crypto/$$i" ; done; \
- objs="fips_start.o $(LIBOBJ) $(FIPS_EX_OBJ) $$CPUID $$FIPS_ASM"; \
- for i in $(FIPS_OBJ_LISTS); do \
- dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \
- objs="$$objs `sed "$$script" $$i`"; \
- done; \
- objs="$$objs fips_end.o" ; \
- os="`(uname -s) 2>/dev/null`"; cflags="$(CFLAGS)"; \
- case "$$os" in \
- AIX) cflags="$$cflags -Wl,-bnoobjreorder" ;; \
- HP-UX) cflags="$$cflags -Wl,+sectionmerge" ;; \
- esac; \
- if [ -n "${FIPS_SITE_LD}" ]; then \
- set -x; ${FIPS_SITE_LD} -r -o $@ $$objs; \
- elif $(CC) -dumpversion >/dev/null 2>&1; then \
- set -x; $(CC) $$cflags -r -nostdlib -o $@ $$objs ; \
- else case "$$os" in \
- OSF1|SunOS) set -x; /usr/ccs/bin/ld -r -o $@ $$objs ;; \
- *) set -x; $(CC) $$cflags -r -o $@ $$objs ;; \
- esac fi
- ./fips_standalone_sha1$(EXE_EXT) fipscanister.o > fipscanister.o.sha1
-
-# If another exception is immediately required, assign approprite
-# site-specific ld command to FIPS_SITE_LD environment variable.
-
-fips_start.o: fips_canister.c
- $(CC) $(CFLAGS) -DFIPS_START -c -o $@ fips_canister.c
-fips_end.o: fips_canister.c
- $(CC) $(CFLAGS) -DFIPS_END -c -o $@ fips_canister.c
-fips_premain_dso$(EXE_EXT): fips_premain.c
- $(CC) $(CFLAGS) -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ fips_premain.c \
- $(FIPSLIBDIR)fipscanister.o ../libcrypto.a $(EX_LIBS)
-# this is executed only when linking with external fipscanister.o
-fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c
- if [ -z "$(HOSTCC)" ] ; then \
- $(CC) $(CFLAGS) -DFIPSCANISTER_O -o $@ sha/fips_standalone_sha1.c $(FIPSLIBDIR)fipscanister.o $(EX_LIBS) ; \
- else \
- $(HOSTCC) $(HOSTCFLAGS) -o $ $@ -I../include -I../crypto sha/fips_standalone_sha1.c ../crypto/sha/sha1dgst.c ; \
- fi
-
-subdirs:
- @target=all; $(RECURSIVE_MAKE)
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
- @target=files; $(RECURSIVE_MAKE)
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
- @target=links; $(RECURSIVE_MAKE)
-
-# lib: and $(LIB): are splitted to avoid end-less loop
-lib: $(LIB)
- if [ "$(FIPSCANISTERINTERNAL)" = "n" -a -n "$(FIPSCANLOC)" ]; then $(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC); fi
- @touch lib
-
-$(LIB): $(FIPSLIBDIR)fipscanister.o
- $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
- $(RANLIB) $(LIB) || echo Never mind.
-
-$(FIPSCANLIB): $(FIPSCANLOC)
- $(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC)
- if [ "$(FIPSCANLIB)" = "libfips" ]; then \
- $(AR) $(LIB) $(FIPSCANLOC) ; \
- $(RANLIB) $(LIB) || echo Never Mind. ; \
- fi
- $(RANLIB) ../$(FIPSCANLIB).a || echo Never mind.
- @touch lib
-
-shared: lib subdirs fips_premain_dso$(EXE_EXT)
-
-libs:
- @target=lib; $(RECURSIVE_MAKE)
-
-fips_test: top
- @target=fips_test; $(RECURSIVE_MAKE)
-
-fips_test_diff:
- @if diff -b -B -I '^\#' -cr -X fips-nodiff.txt $(FIPS_TVDIR) $(FIPS_TVOK) ; then \
- echo "FIPS diff OK" ; \
- else \
- echo "***FIPS DIFF ERROR***" ; exit 1 ; \
- fi
-
-
-install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- @headerlist="$(EXHEADER)"; for i in $$headerlist ;\
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
- @target=install; $(RECURSIVE_MAKE)
- for i in $(EXE) ; \
- do \
- echo "installing $$i"; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
- done
- cp -p -f $(FIPSLIBDIR)fipscanister.o $(FIPSLIBDIR)fipscanister.o.sha1 \
- $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fips_premain.c.sha1 \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/; \
- chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/fips*
-
-lint:
- @target=lint; $(RECURSIVE_MAKE)
-
-depend:
- @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
- @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
-clean:
- rm -f fipscanister.o.sha1 fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT) \
- *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
- @target=clean; $(RECURSIVE_MAKE)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
- @target=dclean; $(RECURSIVE_MAKE)
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips.o: ../include/openssl/aes.h ../include/openssl/asn1.h
-fips.o: ../include/openssl/bio.h ../include/openssl/crypto.h
-fips.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-fips.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
-fips.o: ../include/openssl/err.h ../include/openssl/evp.h
-fips.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
-fips.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-fips.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
-fips.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h fips.c
-fips.o: fips_locl.h
-fips_post.o: ../include/openssl/aes.h ../include/openssl/asn1.h
-fips_post.o: ../include/openssl/bio.h ../include/openssl/crypto.h
-fips_post.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-fips_post.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
-fips_post.o: ../include/openssl/err.h ../include/openssl/evp.h
-fips_post.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
-fips_post.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-fips_post.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips_post.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_post.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
-fips_post.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-fips_post.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-fips_post.o: fips_locl.h fips_post.c
+++ /dev/null
-#
-# OpenSSL/fips/aes/Makefile
-#
-
-DIR= aes
-TOP= ../..
-CC= cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR= /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG= makedepend
-MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE= Makefile
-AR= ar r
-
-ASFLAGS= $(INCLUDES) $(ASFLAG)
-AFLAGS= $(ASFLAGS)
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=fips_aesavs.c fips_gcmtest.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_aes_selftest.c
-LIBOBJ=fips_aes_selftest.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER=
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all: lib
-
-lib: $(LIBOBJ)
- @echo $(LIBOBJ) > lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
- @headerlist="$(EXHEADER)"; for i in $$headerlist; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done
-
-tags:
- ctags $(SRC)
-
-tests:
-
-fips_test:
- -find ../testvectors/aes/req -name '*.req' > testlist
- -rm -rf ../testvectors/aes/rsp
- mkdir ../testvectors/aes/rsp
- if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_aesavs -d testlist; fi
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) \
- $(SRC) $(TEST)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff testlist
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_aes_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_aes_selftest.o: ../../include/openssl/crypto.h
-fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_aes_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_aes_selftest.o: ../../include/openssl/lhash.h
-fips_aes_selftest.o: ../../include/openssl/obj_mac.h
-fips_aes_selftest.o: ../../include/openssl/objects.h
-fips_aes_selftest.o: ../../include/openssl/opensslconf.h
-fips_aes_selftest.o: ../../include/openssl/opensslv.h
-fips_aes_selftest.o: ../../include/openssl/ossl_typ.h
-fips_aes_selftest.o: ../../include/openssl/safestack.h
-fips_aes_selftest.o: ../../include/openssl/stack.h
-fips_aes_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
-fips_aes_selftest.o: fips_aes_selftest.c
-fips_aesavs.o: ../../e_os.h ../../include/openssl/aes.h
-fips_aesavs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_aesavs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_aesavs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_aesavs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_aesavs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_aesavs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_aesavs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_aesavs.o: ../../include/openssl/opensslconf.h
-fips_aesavs.o: ../../include/openssl/opensslv.h
-fips_aesavs.o: ../../include/openssl/ossl_typ.h
-fips_aesavs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_aesavs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_aesavs.c
-fips_gcmtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_gcmtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_gcmtest.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-fips_gcmtest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_gcmtest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_gcmtest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_gcmtest.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_gcmtest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_gcmtest.o: ../../include/openssl/opensslconf.h
-fips_gcmtest.o: ../../include/openssl/opensslv.h
-fips_gcmtest.o: ../../include/openssl/ossl_typ.h
-fips_gcmtest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_gcmtest.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_gcmtest.c
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/evp.h>
-#include "fips_locl.h"
-
-#ifdef OPENSSL_FIPS
-__fips_constseg
-static const struct
- {
- const unsigned char key[16];
- const unsigned char plaintext[16];
- const unsigned char ciphertext[16];
- } tests[]=
- {
- {
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
- { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
- 0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF },
- { 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30,
- 0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A },
- },
- };
-
-int FIPS_selftest_aes()
- {
- int n;
- int ret = 0;
- EVP_CIPHER_CTX ctx;
- FIPS_cipher_ctx_init(&ctx);
-
- for(n=0 ; n < 1 ; ++n)
- {
- if (fips_cipher_test(FIPS_TEST_CIPHER, &ctx, EVP_aes_128_ecb(),
- tests[n].key, NULL,
- tests[n].plaintext,
- tests[n].ciphertext,
- 16) <= 0)
- goto err;
- }
- ret = 1;
- err:
- FIPS_cipher_ctx_cleanup(&ctx);
- if (ret == 0)
- FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
- return ret;
- }
-
-/* AES-CCM test data from NIST public test vectors */
-
-__fips_constseg
-static const unsigned char ccm_key[] = {
- 0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6,
- 0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe8
-};
-__fips_constseg
-static const unsigned char ccm_nonce[] = {
- 0x76,0x40,0x43,0xc4,0x94,0x60,0xb7
-};
-__fips_constseg
-static const unsigned char ccm_adata[] = {
- 0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7,
- 0x5f,0x10,0xbd,0xe7,0x8c,0x23,0xfa,0x0e,0xb8,0xf9,0xaa,0xa5,
- 0x3a,0xde,0xfb,0xf4,0xcb,0xf7,0x8f,0xe4
-};
-__fips_constseg
-static const unsigned char ccm_pt[] = {
- 0xc8,0xd2,0x75,0xf9,0x19,0xe1,0x7d,0x7f,0xe6,0x9c,0x2a,0x1f,
- 0x58,0x93,0x9d,0xfe,0x4d,0x40,0x37,0x91,0xb5,0xdf,0x13,0x10
-};
-__fips_constseg
-static const unsigned char ccm_ct[] = {
- 0x8a,0x0f,0x3d,0x82,0x29,0xe4,0x8e,0x74,0x87,0xfd,0x95,0xa2,
- 0x8a,0xd3,0x92,0xc8,0x0b,0x36,0x81,0xd4,0xfb,0xc7,0xbb,0xfd
-};
-__fips_constseg
-static const unsigned char ccm_tag[] = {
- 0x2d,0xd6,0xef,0x1c,0x45,0xd4,0xcc,0xb7,0x23,0xdc,0x07,0x44,
- 0x14,0xdb,0x50,0x6d
-};
-
-int FIPS_selftest_aes_ccm(void)
- {
- int ret = 0, do_corrupt = 0;
- unsigned char out[128], tag[16];
- EVP_CIPHER_CTX ctx;
- FIPS_cipher_ctx_init(&ctx);
- memset(out, 0, sizeof(out));
- if (!fips_post_started(FIPS_TEST_CCM, 0, 0))
- return 1;
- if (!fips_post_corrupt(FIPS_TEST_CCM, 0, NULL))
- do_corrupt = 1;
- if (!FIPS_cipherinit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 1))
- goto err;
- if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
- sizeof(ccm_nonce), NULL))
- goto err;
- if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
- sizeof(ccm_tag), NULL))
- goto err;
- if (!FIPS_cipherinit(&ctx, NULL, ccm_key, ccm_nonce, 1))
- goto err;
- if (FIPS_cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt))
- goto err;
- if (FIPS_cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
- goto err;
- if (FIPS_cipher(&ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct))
- goto err;
-
- if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, 16, tag))
- goto err;
- if (memcmp(tag, ccm_tag, sizeof(ccm_tag))
- || memcmp(out, ccm_ct, sizeof(ccm_ct)))
- goto err;
-
- memset(out, 0, sizeof(out));
-
- /* Modify expected tag value */
- if (do_corrupt)
- tag[0]++;
-
- if (!FIPS_cipherinit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 0))
- goto err;
- if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
- sizeof(ccm_nonce), NULL))
- goto err;
- if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag))
- goto err;
- if (!FIPS_cipherinit(&ctx, NULL, ccm_key, ccm_nonce, 0))
- goto err;
- if (FIPS_cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct))
- goto err;
- if (FIPS_cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
- goto err;
- if (FIPS_cipher(&ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt))
- goto err;
-
- if (memcmp(out, ccm_pt, sizeof(ccm_pt)))
- goto err;
-
- ret = 1;
-
- err:
- FIPS_cipher_ctx_cleanup(&ctx);
-
- if (ret == 0)
- {
- fips_post_failed(FIPS_TEST_CCM, 0, NULL);
- FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM,FIPS_R_SELFTEST_FAILED);
- return 0;
- }
- else
- return fips_post_success(FIPS_TEST_CCM, 0, NULL);
-
- }
-
-/* AES-GCM test data from NIST public test vectors */
-
-__fips_constseg
-static const unsigned char gcm_key[] = {
- 0xee,0xbc,0x1f,0x57,0x48,0x7f,0x51,0x92,0x1c,0x04,0x65,0x66,
- 0x5f,0x8a,0xe6,0xd1,0x65,0x8b,0xb2,0x6d,0xe6,0xf8,0xa0,0x69,
- 0xa3,0x52,0x02,0x93,0xa5,0x72,0x07,0x8f
-};
-__fips_constseg
-static const unsigned char gcm_iv[] = {
- 0x99,0xaa,0x3e,0x68,0xed,0x81,0x73,0xa0,0xee,0xd0,0x66,0x84
-};
-__fips_constseg
-static const unsigned char gcm_pt[] = {
- 0xf5,0x6e,0x87,0x05,0x5b,0xc3,0x2d,0x0e,0xeb,0x31,0xb2,0xea,
- 0xcc,0x2b,0xf2,0xa5
-};
-__fips_constseg
-static const unsigned char gcm_aad[] = {
- 0x4d,0x23,0xc3,0xce,0xc3,0x34,0xb4,0x9b,0xdb,0x37,0x0c,0x43,
- 0x7f,0xec,0x78,0xde
-};
-__fips_constseg
-static const unsigned char gcm_ct[] = {
- 0xf7,0x26,0x44,0x13,0xa8,0x4c,0x0e,0x7c,0xd5,0x36,0x86,0x7e,
- 0xb9,0xf2,0x17,0x36
-};
-__fips_constseg
-static const unsigned char gcm_tag[] = {
- 0x67,0xba,0x05,0x10,0x26,0x2a,0xe4,0x87,0xd7,0x37,0xee,0x62,
- 0x98,0xf7,0x7e,0x0c
-};
-
-int FIPS_selftest_aes_gcm(void)
- {
- int ret = 0, do_corrupt = 0;
- unsigned char out[128], tag[16];
- EVP_CIPHER_CTX ctx;
- FIPS_cipher_ctx_init(&ctx);
- memset(out, 0, sizeof(out));
- memset(tag, 0, sizeof(tag));
- if (!fips_post_started(FIPS_TEST_GCM, 0, 0))
- return 1;
- if (!fips_post_corrupt(FIPS_TEST_GCM, 0, NULL))
- do_corrupt = 1;
- if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
- goto err;
- if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
- sizeof(gcm_iv), NULL))
- goto err;
- if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 1))
- goto err;
- if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
- goto err;
- if (FIPS_cipher(&ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct))
- goto err;
- if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
- goto err;
-
- if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
- goto err;
-
- if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
- goto err;
-
- memset(out, 0, sizeof(out));
-
- /* Modify expected tag value */
- if (do_corrupt)
- tag[0]++;
-
- if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0))
- goto err;
- if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
- sizeof(gcm_iv), NULL))
- goto err;
- if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
- goto err;
- if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 0))
- goto err;
- if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
- goto err;
- if (FIPS_cipher(&ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt))
- goto err;
- if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
- goto err;
-
- if (memcmp(out, gcm_pt, 16))
- goto err;
-
- ret = 1;
-
- err:
- FIPS_cipher_ctx_cleanup(&ctx);
-
- if (ret == 0)
- {
- fips_post_failed(FIPS_TEST_GCM, 0, NULL);
- FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED);
- return 0;
- }
- else
- return fips_post_success(FIPS_TEST_GCM, 0, NULL);
-
- }
-
-
-__fips_constseg
-static const unsigned char XTS_128_key[] = {
- 0xa1,0xb9,0x0c,0xba,0x3f,0x06,0xac,0x35,0x3b,0x2c,0x34,0x38,
- 0x76,0x08,0x17,0x62,0x09,0x09,0x23,0x02,0x6e,0x91,0x77,0x18,
- 0x15,0xf2,0x9d,0xab,0x01,0x93,0x2f,0x2f
-};
-__fips_constseg
-static const unsigned char XTS_128_i[] = {
- 0x4f,0xae,0xf7,0x11,0x7c,0xda,0x59,0xc6,0x6e,0x4b,0x92,0x01,
- 0x3e,0x76,0x8a,0xd5
-};
-__fips_constseg
-static const unsigned char XTS_128_pt[] = {
- 0xeb,0xab,0xce,0x95,0xb1,0x4d,0x3c,0x8d,0x6f,0xb3,0x50,0x39,
- 0x07,0x90,0x31,0x1c
-};
-__fips_constseg
-static const unsigned char XTS_128_ct[] = {
- 0x77,0x8a,0xe8,0xb4,0x3c,0xb9,0x8d,0x5a,0x82,0x50,0x81,0xd5,
- 0xbe,0x47,0x1c,0x63
-};
-
-__fips_constseg
-static const unsigned char XTS_256_key[] = {
- 0x1e,0xa6,0x61,0xc5,0x8d,0x94,0x3a,0x0e,0x48,0x01,0xe4,0x2f,
- 0x4b,0x09,0x47,0x14,0x9e,0x7f,0x9f,0x8e,0x3e,0x68,0xd0,0xc7,
- 0x50,0x52,0x10,0xbd,0x31,0x1a,0x0e,0x7c,0xd6,0xe1,0x3f,0xfd,
- 0xf2,0x41,0x8d,0x8d,0x19,0x11,0xc0,0x04,0xcd,0xa5,0x8d,0xa3,
- 0xd6,0x19,0xb7,0xe2,0xb9,0x14,0x1e,0x58,0x31,0x8e,0xea,0x39,
- 0x2c,0xf4,0x1b,0x08
-};
-__fips_constseg
-static const unsigned char XTS_256_i[] = {
- 0xad,0xf8,0xd9,0x26,0x27,0x46,0x4a,0xd2,0xf0,0x42,0x8e,0x84,
- 0xa9,0xf8,0x75,0x64
-};
-__fips_constseg
-static const unsigned char XTS_256_pt[] = {
- 0x2e,0xed,0xea,0x52,0xcd,0x82,0x15,0xe1,0xac,0xc6,0x47,0xe8,
- 0x10,0xbb,0xc3,0x64,0x2e,0x87,0x28,0x7f,0x8d,0x2e,0x57,0xe3,
- 0x6c,0x0a,0x24,0xfb,0xc1,0x2a,0x20,0x2e
-};
-__fips_constseg
-static const unsigned char XTS_256_ct[] = {
- 0xcb,0xaa,0xd0,0xe2,0xf6,0xce,0xa3,0xf5,0x0b,0x37,0xf9,0x34,
- 0xd4,0x6a,0x9b,0x13,0x0b,0x9d,0x54,0xf0,0x7e,0x34,0xf3,0x6a,
- 0xf7,0x93,0xe8,0x6f,0x73,0xc6,0xd7,0xdb
-};
-
-int FIPS_selftest_aes_xts()
- {
- int ret = 1;
- EVP_CIPHER_CTX ctx;
- FIPS_cipher_ctx_init(&ctx);
-
- if (fips_cipher_test(FIPS_TEST_XTS, &ctx, EVP_aes_128_xts(),
- XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct,
- sizeof(XTS_128_pt)) <= 0)
- ret = 0;
-
- if (fips_cipher_test(FIPS_TEST_XTS, &ctx, EVP_aes_256_xts(),
- XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct,
- sizeof(XTS_256_pt)) <= 0)
- ret = 0;
-
- FIPS_cipher_ctx_cleanup(&ctx);
- if (ret == 0)
- FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS,FIPS_R_SELFTEST_FAILED);
- return ret;
- }
-
-#endif
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-/*---------------------------------------------
- NIST AES Algorithm Validation Suite
- Test Program
-
- Donated to OpenSSL by:
- V-ONE Corporation
- 20250 Century Blvd, Suite 300
- Germantown, MD 20874
- U.S.A.
- ----------------------------------------------*/
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <assert.h>
-#include <ctype.h>
-#include <openssl/aes.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-
-#include <openssl/err.h>
-#include "e_os.h"
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
- printf("No FIPS AES support\n");
- return(0);
-}
-
-#else
-
-#include <openssl/fips.h>
-#include "fips_utl.h"
-
-#define AES_BLOCK_SIZE 16
-
-#define VERBOSE 0
-
-/*-----------------------------------------------*/
-
-static int AESTest(EVP_CIPHER_CTX *ctx,
- char *amode, int akeysz, unsigned char *aKey,
- unsigned char *iVec,
- int dir, /* 0 = decrypt, 1 = encrypt */
- unsigned char *plaintext, unsigned char *ciphertext, int len)
- {
- const EVP_CIPHER *cipher = NULL;
-
- if (strcasecmp(amode, "CBC") == 0)
- {
- switch (akeysz)
- {
- case 128:
- cipher = EVP_aes_128_cbc();
- break;
-
- case 192:
- cipher = EVP_aes_192_cbc();
- break;
-
- case 256:
- cipher = EVP_aes_256_cbc();
- break;
- }
-
- }
- else if (strcasecmp(amode, "ECB") == 0)
- {
- switch (akeysz)
- {
- case 128:
- cipher = EVP_aes_128_ecb();
- break;
-
- case 192:
- cipher = EVP_aes_192_ecb();
- break;
-
- case 256:
- cipher = EVP_aes_256_ecb();
- break;
- }
- }
- else if (strcasecmp(amode, "CFB128") == 0)
- {
- switch (akeysz)
- {
- case 128:
- cipher = EVP_aes_128_cfb128();
- break;
-
- case 192:
- cipher = EVP_aes_192_cfb128();
- break;
-
- case 256:
- cipher = EVP_aes_256_cfb128();
- break;
- }
-
- }
- else if (fips_strncasecmp(amode, "OFB", 3) == 0)
- {
- switch (akeysz)
- {
- case 128:
- cipher = EVP_aes_128_ofb();
- break;
-
- case 192:
- cipher = EVP_aes_192_ofb();
- break;
-
- case 256:
- cipher = EVP_aes_256_ofb();
- break;
- }
- }
- else if(!strcasecmp(amode,"CFB1"))
- {
- switch (akeysz)
- {
- case 128:
- cipher = EVP_aes_128_cfb1();
- break;
-
- case 192:
- cipher = EVP_aes_192_cfb1();
- break;
-
- case 256:
- cipher = EVP_aes_256_cfb1();
- break;
- }
- }
- else if(!strcasecmp(amode,"CFB8"))
- {
- switch (akeysz)
- {
- case 128:
- cipher = EVP_aes_128_cfb8();
- break;
-
- case 192:
- cipher = EVP_aes_192_cfb8();
- break;
-
- case 256:
- cipher = EVP_aes_256_cfb8();
- break;
- }
- }
- else
- {
- printf("Unknown mode: %s\n", amode);
- return 0;
- }
- if (!cipher)
- {
- printf("Invalid key size: %d\n", akeysz);
- return 0;
- }
- if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0)
- return 0;
- if(!strcasecmp(amode,"CFB1"))
- M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
- if (dir)
- FIPS_cipher(ctx, ciphertext, plaintext, len);
- else
- FIPS_cipher(ctx, plaintext, ciphertext, len);
- return 1;
- }
-
-/*-----------------------------------------------*/
-char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
-char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"};
-enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128};
-enum XCrypt {XDECRYPT, XENCRYPT};
-
-/*=============================*/
-/* Monte Carlo Tests */
-/*-----------------------------*/
-
-/*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/
-/*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/
-
-#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
-#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
-
-static int do_mct(char *amode,
- int akeysz, unsigned char *aKey,unsigned char *iVec,
- int dir, unsigned char *text, int len,
- FILE *rfp)
- {
- int ret = 0;
- unsigned char key[101][32];
- unsigned char iv[101][AES_BLOCK_SIZE];
- unsigned char ptext[1001][32];
- unsigned char ctext[1001][32];
- unsigned char ciphertext[64+4];
- int i, j, n, n1, n2;
- int imode = 0, nkeysz = akeysz/8;
- EVP_CIPHER_CTX ctx;
- FIPS_cipher_ctx_init(&ctx);
-
- if (len > 32)
- {
- printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n",
- amode, akeysz);
- return -1;
- }
- for (imode = 0; imode < 6; ++imode)
- if (strcmp(amode, t_mode[imode]) == 0)
- break;
- if (imode == 6)
- {
- printf("Unrecognized mode: %s\n", amode);
- return -1;
- }
-
- memcpy(key[0], aKey, nkeysz);
- if (iVec)
- memcpy(iv[0], iVec, AES_BLOCK_SIZE);
- if (dir == XENCRYPT)
- memcpy(ptext[0], text, len);
- else
- memcpy(ctext[0], text, len);
- for (i = 0; i < 100; ++i)
- {
- /* printf("Iteration %d\n", i); */
- if (i > 0)
- {
- fprintf(rfp,"COUNT = %d" RESP_EOL ,i);
- OutputValue("KEY",key[i],nkeysz,rfp,0);
- if (imode != ECB) /* ECB */
- OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0);
- /* Output Ciphertext | Plaintext */
- OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp,
- imode == CFB1);
- }
- for (j = 0; j < 1000; ++j)
- {
- switch (imode)
- {
- case ECB:
- if (j == 0)
- { /* set up encryption */
- ret = AESTest(&ctx, amode, akeysz, key[i], NULL,
- dir, /* 0 = decrypt, 1 = encrypt */
- ptext[j], ctext[j], len);
- if (dir == XENCRYPT)
- memcpy(ptext[j+1], ctext[j], len);
- else
- memcpy(ctext[j+1], ptext[j], len);
- }
- else
- {
- if (dir == XENCRYPT)
- {
- FIPS_cipher(&ctx, ctext[j], ptext[j], len);
- memcpy(ptext[j+1], ctext[j], len);
- }
- else
- {
- FIPS_cipher(&ctx, ptext[j], ctext[j], len);
- memcpy(ctext[j+1], ptext[j], len);
- }
- }
- break;
-
- case CBC:
- case OFB:
- case CFB128:
- if (j == 0)
- {
- ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
- dir, /* 0 = decrypt, 1 = encrypt */
- ptext[j], ctext[j], len);
- if (dir == XENCRYPT)
- memcpy(ptext[j+1], iv[i], len);
- else
- memcpy(ctext[j+1], iv[i], len);
- }
- else
- {
- if (dir == XENCRYPT)
- {
- FIPS_cipher(&ctx, ctext[j], ptext[j], len);
- memcpy(ptext[j+1], ctext[j-1], len);
- }
- else
- {
- FIPS_cipher(&ctx, ptext[j], ctext[j], len);
- memcpy(ctext[j+1], ptext[j-1], len);
- }
- }
- break;
-
- case CFB8:
- if (j == 0)
- {
- ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
- dir, /* 0 = decrypt, 1 = encrypt */
- ptext[j], ctext[j], len);
- }
- else
- {
- if (dir == XENCRYPT)
- FIPS_cipher(&ctx, ctext[j], ptext[j], len);
- else
- FIPS_cipher(&ctx, ptext[j], ctext[j], len);
- }
- if (dir == XENCRYPT)
- {
- if (j < 16)
- memcpy(ptext[j+1], &iv[i][j], len);
- else
- memcpy(ptext[j+1], ctext[j-16], len);
- }
- else
- {
- if (j < 16)
- memcpy(ctext[j+1], &iv[i][j], len);
- else
- memcpy(ctext[j+1], ptext[j-16], len);
- }
- break;
-
- case CFB1:
- if(j == 0)
- {
-#if 0
- /* compensate for wrong endianness of input file */
- if(i == 0)
- ptext[0][0]<<=7;
-#endif
- ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
- ptext[j], ctext[j], len);
- }
- else
- {
- if (dir == XENCRYPT)
- FIPS_cipher(&ctx, ctext[j], ptext[j], len);
- else
- FIPS_cipher(&ctx, ptext[j], ctext[j], len);
-
- }
- if(dir == XENCRYPT)
- {
- if(j < 128)
- sb(ptext[j+1],0,gb(iv[i],j));
- else
- sb(ptext[j+1],0,gb(ctext[j-128],0));
- }
- else
- {
- if(j < 128)
- sb(ctext[j+1],0,gb(iv[i],j));
- else
- sb(ctext[j+1],0,gb(ptext[j-128],0));
- }
- break;
- }
- }
- --j; /* reset to last of range */
- /* Output Ciphertext | Plaintext */
- OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp,
- imode == CFB1);
- fprintf(rfp, RESP_EOL); /* add separator */
-
- /* Compute next KEY */
- if (dir == XENCRYPT)
- {
- if (imode == CFB8)
- { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
- for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
- ciphertext[n1] = ctext[j-n2][0];
- }
- else if(imode == CFB1)
- {
- for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
- sb(ciphertext,n1,gb(ctext[j-n2],0));
- }
- else
- switch (akeysz)
- {
- case 128:
- memcpy(ciphertext, ctext[j], 16);
- break;
- case 192:
- memcpy(ciphertext, ctext[j-1]+8, 8);
- memcpy(ciphertext+8, ctext[j], 16);
- break;
- case 256:
- memcpy(ciphertext, ctext[j-1], 16);
- memcpy(ciphertext+16, ctext[j], 16);
- break;
- }
- }
- else
- {
- if (imode == CFB8)
- { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
- for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
- ciphertext[n1] = ptext[j-n2][0];
- }
- else if(imode == CFB1)
- {
- for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
- sb(ciphertext,n1,gb(ptext[j-n2],0));
- }
- else
- switch (akeysz)
- {
- case 128:
- memcpy(ciphertext, ptext[j], 16);
- break;
- case 192:
- memcpy(ciphertext, ptext[j-1]+8, 8);
- memcpy(ciphertext+8, ptext[j], 16);
- break;
- case 256:
- memcpy(ciphertext, ptext[j-1], 16);
- memcpy(ciphertext+16, ptext[j], 16);
- break;
- }
- }
- /* Compute next key: Key[i+1] = Key[i] xor ct */
- for (n = 0; n < nkeysz; ++n)
- key[i+1][n] = key[i][n] ^ ciphertext[n];
-
- /* Compute next IV and text */
- if (dir == XENCRYPT)
- {
- switch (imode)
- {
- case ECB:
- memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE);
- break;
- case CBC:
- case OFB:
- case CFB128:
- memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE);
- memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE);
- break;
- case CFB8:
- /* IV[i+1] = ct */
- for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
- iv[i+1][n1] = ctext[j-n2][0];
- ptext[0][0] = ctext[j-16][0];
- break;
- case CFB1:
- for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
- sb(iv[i+1],n1,gb(ctext[j-n2],0));
- ptext[0][0]=ctext[j-128][0]&0x80;
- break;
- }
- }
- else
- {
- switch (imode)
- {
- case ECB:
- memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE);
- break;
- case CBC:
- case OFB:
- case CFB128:
- memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE);
- memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE);
- break;
- case CFB8:
- for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
- iv[i+1][n1] = ptext[j-n2][0];
- ctext[0][0] = ptext[j-16][0];
- break;
- case CFB1:
- for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
- sb(iv[i+1],n1,gb(ptext[j-n2],0));
- ctext[0][0]=ptext[j-128][0]&0x80;
- break;
- }
- }
- }
- FIPS_cipher_ctx_cleanup(&ctx);
- return ret;
- }
-
-/*================================================*/
-/*----------------------------
- # Config info for v-one
- # AESVS MMT test data for ECB
- # State : Encrypt and Decrypt
- # Key Length : 256
- # Fri Aug 30 04:07:22 PM
- ----------------------------*/
-
-static int proc_file(char *rqfile, char *rspfile)
- {
- char afn[256], rfn[256];
- FILE *afp = NULL, *rfp = NULL;
- char ibuf[2048];
- char tbuf[2048];
- int len;
- char algo[8] = "";
- char amode[8] = "";
- char atest[8] = "";
- int akeysz = 0;
- unsigned char iVec[20], aKey[40];
- int dir = -1, err = 0, step = 0;
- unsigned char plaintext[2048];
- unsigned char ciphertext[2048];
- char *rp;
- EVP_CIPHER_CTX ctx;
- FIPS_cipher_ctx_init(&ctx);
-
- if (!rqfile || !(*rqfile))
- {
- printf("No req file\n");
- return -1;
- }
- strcpy(afn, rqfile);
-
- if ((afp = fopen(afn, "r")) == NULL)
- {
- printf("Cannot open file: %s, %s\n",
- afn, strerror(errno));
- return -1;
- }
- if (!rspfile)
- {
- strcpy(rfn,afn);
- rp=strstr(rfn,"req/");
-#ifdef OPENSSL_SYS_WIN32
- if (!rp)
- rp=strstr(rfn,"req\\");
-#endif
- assert(rp);
- memcpy(rp,"rsp",3);
- rp = strstr(rfn, ".req");
- memcpy(rp, ".rsp", 4);
- rspfile = rfn;
- }
- if ((rfp = fopen(rspfile, "w")) == NULL)
- {
- printf("Cannot open file: %s, %s\n",
- rfn, strerror(errno));
- fclose(afp);
- afp = NULL;
- return -1;
- }
- while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
- {
- tidy_line(tbuf, ibuf);
- /* printf("step=%d ibuf=%s",step,ibuf); */
- switch (step)
- {
- case 0: /* read preamble */
- if (ibuf[0] == '\n')
- { /* end of preamble */
- if ((*algo == '\0') ||
- (*amode == '\0') ||
- (akeysz == 0))
- {
- printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n",
- algo,amode,akeysz);
- err = 1;
- }
- else
- {
- copy_line(ibuf, rfp);
- ++ step;
- }
- }
- else if (ibuf[0] != '#')
- {
- printf("Invalid preamble item: %s\n", ibuf);
- err = 1;
- }
- else
- { /* process preamble */
- char *xp, *pp = ibuf+2;
- int n;
- if (akeysz)
- { /* insert current time & date */
- time_t rtim = time(0);
- fputs("# ", rfp);
- copy_line(ctime(&rtim), rfp);
- }
- else
- {
- copy_line(ibuf, rfp);
- if (strncmp(pp, "AESVS ", 6) == 0)
- {
- strcpy(algo, "AES");
- /* get test type */
- pp += 6;
- xp = strchr(pp, ' ');
- n = xp-pp;
- strncpy(atest, pp, n);
- atest[n] = '\0';
- /* get mode */
- xp = strrchr(pp, ' '); /* get mode" */
- n = strlen(xp+1)-1;
- strncpy(amode, xp+1, n);
- amode[n] = '\0';
- /* amode[3] = '\0'; */
- if (VERBOSE)
- printf("Test = %s, Mode = %s\n", atest, amode);
- }
- else if (fips_strncasecmp(pp, "Key Length : ", 13) == 0)
- {
- akeysz = atoi(pp+13);
- if (VERBOSE)
- printf("Key size = %d\n", akeysz);
- }
- }
- }
- break;
-
- case 1: /* [ENCRYPT] | [DECRYPT] */
- if (ibuf[0] == '[')
- {
- copy_line(ibuf, rfp);
- ++step;
- if (fips_strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
- dir = 1;
- else if (fips_strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
- dir = 0;
- else
- {
- printf("Invalid keyword: %s\n", ibuf);
- err = 1;
- }
- break;
- }
- else if (dir == -1)
- {
- err = 1;
- printf("Missing ENCRYPT/DECRYPT keyword\n");
- break;
- }
- else
- step = 2;
-
- case 2: /* KEY = xxxx */
- copy_line(ibuf, rfp);
- if(*ibuf == '\n')
- break;
- if(!fips_strncasecmp(ibuf,"COUNT = ",8))
- break;
-
- if (fips_strncasecmp(ibuf, "KEY = ", 6) != 0)
- {
- printf("Missing KEY\n");
- err = 1;
- }
- else
- {
- len = hex2bin((char*)ibuf+6, aKey);
- if (len < 0)
- {
- printf("Invalid KEY\n");
- err =1;
- break;
- }
- PrintValue("KEY", aKey, len);
- if (strcmp(amode, "ECB") == 0)
- {
- memset(iVec, 0, sizeof(iVec));
- step = (dir)? 4: 5; /* no ivec for ECB */
- }
- else
- ++step;
- }
- break;
-
- case 3: /* IV = xxxx */
- copy_line(ibuf, rfp);
- if (fips_strncasecmp(ibuf, "IV = ", 5) != 0)
- {
- printf("Missing IV\n");
- err = 1;
- }
- else
- {
- len = hex2bin((char*)ibuf+5, iVec);
- if (len < 0)
- {
- printf("Invalid IV\n");
- err =1;
- break;
- }
- PrintValue("IV", iVec, len);
- step = (dir)? 4: 5;
- }
- break;
-
- case 4: /* PLAINTEXT = xxxx */
- copy_line(ibuf, rfp);
- if (fips_strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
- {
- printf("Missing PLAINTEXT\n");
- err = 1;
- }
- else
- {
- int nn = strlen(ibuf+12);
- if(!strcmp(amode,"CFB1"))
- len=bint2bin(ibuf+12,nn-1,plaintext);
- else
- len=hex2bin(ibuf+12, plaintext);
- if (len < 0)
- {
- printf("Invalid PLAINTEXT: %s", ibuf+12);
- err =1;
- break;
- }
- if (len >= (int)sizeof(plaintext))
- {
- printf("Buffer overflow\n");
- }
- PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
- if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
- {
- if(do_mct(amode, akeysz, aKey, iVec,
- dir, (unsigned char*)plaintext, len,
- rfp) < 0)
- err = 1;
- }
- else
- {
- AESTest(&ctx, amode, akeysz, aKey, iVec,
- dir, /* 0 = decrypt, 1 = encrypt */
- plaintext, ciphertext, len);
- OutputValue("CIPHERTEXT",ciphertext,len,rfp,
- !strcmp(amode,"CFB1"));
- }
- step = 6;
- }
- break;
-
- case 5: /* CIPHERTEXT = xxxx */
- copy_line(ibuf, rfp);
- if (fips_strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
- {
- printf("Missing KEY\n");
- err = 1;
- }
- else
- {
- if(!strcmp(amode,"CFB1"))
- len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
- else
- len = hex2bin(ibuf+13,ciphertext);
- if (len < 0)
- {
- printf("Invalid CIPHERTEXT\n");
- err =1;
- break;
- }
-
- PrintValue("CIPHERTEXT", ciphertext, len);
- if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
- {
- do_mct(amode, akeysz, aKey, iVec,
- dir, ciphertext, len, rfp);
- }
- else
- {
- AESTest(&ctx, amode, akeysz, aKey, iVec,
- dir, /* 0 = decrypt, 1 = encrypt */
- plaintext, ciphertext, len);
- OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
- !strcmp(amode,"CFB1"));
- }
- step = 6;
- }
- break;
-
- case 6:
- if (ibuf[0] != '\n')
- {
- err = 1;
- printf("Missing terminator\n");
- }
- else if (strcmp(atest, "MCT") != 0)
- { /* MCT already added terminating nl */
- copy_line(ibuf, rfp);
- }
- step = 1;
- break;
- }
- }
- if (rfp)
- fclose(rfp);
- if (afp)
- fclose(afp);
- FIPS_cipher_ctx_cleanup(&ctx);
- return err;
- }
-
-/*--------------------------------------------------
- Processes either a single file or
- a set of files whose names are passed in a file.
- A single file is specified as:
- aes_test -f xxx.req
- A set of files is specified as:
- aes_test -d xxxxx.xxx
- The default is: -d req.txt
---------------------------------------------------*/
-#ifdef FIPS_ALGVS
-int fips_aesavs_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
- {
- char *rqlist = "req.txt", *rspfile = NULL;
- FILE *fp = NULL;
- char fn[250] = "", rfn[256] = "";
- int d_opt = 1;
- fips_algtest_init();
-
- if (argc > 1)
- {
- if (strcasecmp(argv[1], "-d") == 0)
- {
- d_opt = 1;
- }
- else if (strcasecmp(argv[1], "-f") == 0)
- {
- d_opt = 0;
- }
- else
- {
- printf("Invalid parameter: %s\n", argv[1]);
- return 0;
- }
- if (argc < 3)
- {
- printf("Missing parameter\n");
- return 0;
- }
- if (d_opt)
- rqlist = argv[2];
- else
- {
- strcpy(fn, argv[2]);
- rspfile = argv[3];
- }
- }
- if (d_opt)
- { /* list of files (directory) */
- if (!(fp = fopen(rqlist, "r")))
- {
- printf("Cannot open req list file\n");
- return -1;
- }
- while (fgets(fn, sizeof(fn), fp))
- {
- strtok(fn, "\r\n");
- strcpy(rfn, fn);
- if (VERBOSE)
- printf("Processing: %s\n", rfn);
- if (proc_file(rfn, rspfile))
- {
- printf(">>> Processing failed for: %s <<<\n", rfn);
- return 1;
- }
- }
- fclose(fp);
- }
- else /* single file */
- {
- if (VERBOSE)
- printf("Processing: %s\n", fn);
- if (proc_file(fn, rspfile))
- {
- printf(">>> Processing failed for: %s <<<\n", fn);
- }
- }
- return 0;
- }
-
-#endif
+++ /dev/null
-/* fips/aes/fips_gcmtest.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#define OPENSSL_FIPSAPI
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-#include <stdio.h>
-
-int main(int argc, char **argv)
-{
- printf("No FIPS GCM support\n");
- return(0);
-}
-#else
-
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <string.h>
-#include <ctype.h>
-
-#include "fips_utl.h"
-
-static void gcmtest(FILE *in, FILE *out, int encrypt)
- {
- char buf[2048];
- char lbuf[2048];
- char *keyword, *value;
- int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1;
- int rv;
- long l;
- unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL;
- unsigned char *ct = NULL, *pt = NULL;
- EVP_CIPHER_CTX ctx;
- const EVP_CIPHER *gcm = NULL;
- FIPS_cipher_ctx_init(&ctx);
-
- while(fgets(buf,sizeof buf,in) != NULL)
- {
- fputs(buf,out);
- if (!parse_line(&keyword, &value, lbuf, buf))
- continue;
- if(!strcmp(keyword,"[Keylen"))
- {
- keylen = atoi(value);
- if (keylen == 128)
- gcm = EVP_aes_128_gcm();
- else if (keylen == 192)
- gcm = EVP_aes_192_gcm();
- else if (keylen == 256)
- gcm = EVP_aes_256_gcm();
- else
- {
- fprintf(stderr, "Unsupported keylen %d\n",
- keylen);
- }
- keylen >>= 3;
- }
- else if (!strcmp(keyword, "[IVlen"))
- ivlen = atoi(value) >> 3;
- else if (!strcmp(keyword, "[AADlen"))
- aadlen = atoi(value) >> 3;
- else if (!strcmp(keyword, "[Taglen"))
- taglen = atoi(value) >> 3;
- else if (!strcmp(keyword, "[PTlen"))
- ptlen = atoi(value) >> 3;
- else if(!strcmp(keyword,"Key"))
- {
- key = hex2bin_m(value, &l);
- if (l != keylen)
- {
- fprintf(stderr, "Inconsistent Key length\n");
- exit(1);
- }
- }
- else if(!strcmp(keyword,"IV"))
- {
- iv = hex2bin_m(value, &l);
- if (l != ivlen)
- {
- fprintf(stderr, "Inconsistent IV length\n");
- exit(1);
- }
- }
- else if(!strcmp(keyword,"PT"))
- {
- pt = hex2bin_m(value, &l);
- if (l != ptlen)
- {
- fprintf(stderr, "Inconsistent PT length\n");
- exit(1);
- }
- }
- else if(!strcmp(keyword,"CT"))
- {
- ct = hex2bin_m(value, &l);
- if (l != ptlen)
- {
- fprintf(stderr, "Inconsistent CT length\n");
- exit(1);
- }
- }
- else if(!strcmp(keyword,"AAD"))
- {
- aad = hex2bin_m(value, &l);
- if (l != aadlen)
- {
- fprintf(stderr, "Inconsistent AAD length\n");
- exit(1);
- }
- }
- else if(!strcmp(keyword,"Tag"))
- {
- tag = hex2bin_m(value, &l);
- if (l != taglen)
- {
- fprintf(stderr, "Inconsistent Tag length\n");
- exit(1);
- }
- }
- if (encrypt && pt && aad && (iv || encrypt==1))
- {
- tag = OPENSSL_malloc(taglen);
- FIPS_cipherinit(&ctx, gcm, NULL, NULL, 1);
- /* Relax FIPS constraints for testing */
- M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
- FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
- if (encrypt == 1)
- {
- static unsigned char iv_fixed[4] = {1,2,3,4};
- if (!iv)
- iv = OPENSSL_malloc(ivlen);
- FIPS_cipherinit(&ctx, NULL, key, NULL, 1);
- FIPS_cipher_ctx_ctrl(&ctx,
- EVP_CTRL_GCM_SET_IV_FIXED,
- 4, iv_fixed);
- if (!FIPS_cipher_ctx_ctrl(&ctx,
- EVP_CTRL_GCM_IV_GEN, 0, iv))
- {
- fprintf(stderr, "IV gen error\n");
- exit(1);
- }
- OutputValue("IV", iv, ivlen, out, 0);
- }
- else
- FIPS_cipherinit(&ctx, NULL, key, iv, 1);
-
-
- if (aadlen)
- FIPS_cipher(&ctx, NULL, aad, aadlen);
- if (ptlen)
- {
- ct = OPENSSL_malloc(ptlen);
- rv = FIPS_cipher(&ctx, ct, pt, ptlen);
- }
- FIPS_cipher(&ctx, NULL, NULL, 0);
- FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG,
- taglen, tag);
- OutputValue("CT", ct, ptlen, out, 0);
- OutputValue("Tag", tag, taglen, out, 0);
- if (iv)
- OPENSSL_free(iv);
- if (aad)
- OPENSSL_free(aad);
- if (ct)
- OPENSSL_free(ct);
- if (pt)
- OPENSSL_free(pt);
- if (key)
- OPENSSL_free(key);
- if (tag)
- OPENSSL_free(tag);
- iv = aad = ct = pt = key = tag = NULL;
- }
- if (!encrypt && tag)
- {
- FIPS_cipherinit(&ctx, gcm, NULL, NULL, 0);
- /* Relax FIPS constraints for testing */
- M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
- FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
- FIPS_cipherinit(&ctx, NULL, key, iv, 0);
- FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag);
- if (aadlen)
- FIPS_cipher(&ctx, NULL, aad, aadlen);
- if (ptlen)
- {
- pt = OPENSSL_malloc(ptlen);
- rv = FIPS_cipher(&ctx, pt, ct, ptlen);
- }
- rv = FIPS_cipher(&ctx, NULL, NULL, 0);
- if (rv < 0)
- fprintf(out, "FAIL" RESP_EOL);
- else
- OutputValue("PT", pt, ptlen, out, 0);
- if (iv)
- OPENSSL_free(iv);
- if (aad)
- OPENSSL_free(aad);
- if (ct)
- OPENSSL_free(ct);
- if (pt)
- OPENSSL_free(pt);
- if (key)
- OPENSSL_free(key);
- if (tag)
- OPENSSL_free(tag);
- iv = aad = ct = pt = key = tag = NULL;
- }
- }
- FIPS_cipher_ctx_cleanup(&ctx);
- }
-
-static void xtstest(FILE *in, FILE *out)
- {
- char buf[204800];
- char lbuf[204800];
- char *keyword, *value;
- int inlen = 0;
- int encrypt = 0;
- long l;
- unsigned char *key = NULL, *iv = NULL;
- unsigned char *inbuf = NULL, *outbuf = NULL;
- EVP_CIPHER_CTX ctx;
- const EVP_CIPHER *xts = NULL;
- FIPS_cipher_ctx_init(&ctx);
-
- while(fgets(buf,sizeof buf,in) != NULL)
- {
- fputs(buf,out);
- if (buf[0] == '[' && strlen(buf) >= 9)
- {
- if(!strncmp(buf,"[ENCRYPT]", 9))
- encrypt = 1;
- else if(!strncmp(buf,"[DECRYPT]", 9))
- encrypt = 0;
- }
- if (!parse_line(&keyword, &value, lbuf, buf))
- continue;
- else if(!strcmp(keyword,"Key"))
- {
- key = hex2bin_m(value, &l);
- if (l == 32)
- xts = EVP_aes_128_xts();
- else if (l == 64)
- xts = EVP_aes_256_xts();
- else
- {
- fprintf(stderr, "Inconsistent Key length\n");
- exit(1);
- }
- }
- else if(!strcmp(keyword,"i"))
- {
- iv = hex2bin_m(value, &l);
- if (l != 16)
- {
- fprintf(stderr, "Inconsistent i length\n");
- exit(1);
- }
- }
- else if(encrypt && !strcmp(keyword,"PT"))
- {
- inbuf = hex2bin_m(value, &l);
- inlen = l;
- }
- else if(!encrypt && !strcmp(keyword,"CT"))
- {
- inbuf = hex2bin_m(value, &l);
- inlen = l;
- }
- if (inbuf)
- {
- FIPS_cipherinit(&ctx, xts, key, iv, encrypt);
- outbuf = OPENSSL_malloc(inlen);
- FIPS_cipher(&ctx, outbuf, inbuf, inlen);
- OutputValue(encrypt ? "CT":"PT", outbuf, inlen, out, 0);
- OPENSSL_free(inbuf);
- OPENSSL_free(outbuf);
- OPENSSL_free(key);
- OPENSSL_free(iv);
- iv = key = inbuf = outbuf = NULL;
- }
- }
- FIPS_cipher_ctx_cleanup(&ctx);
- }
-
-static void ccmtest(FILE *in, FILE *out)
- {
- char buf[200048];
- char lbuf[200048];
- char *keyword, *value;
- long l;
- unsigned char *Key = NULL, *Nonce = NULL;
- unsigned char *Adata = NULL, *Payload = NULL;
- unsigned char *CT = NULL;
- int Plen = -1, Nlen = -1, Tlen = -1, Alen = -1;
- int decr = 0;
- EVP_CIPHER_CTX ctx;
- const EVP_CIPHER *ccm = NULL;
- FIPS_cipher_ctx_init(&ctx);
-
- while(fgets(buf,sizeof buf,in) != NULL)
- {
- char *p;
- fputs(buf,out);
- redo:
- if (!parse_line(&keyword, &value, lbuf, buf))
- continue;
-
- /* If surrounded by square brackets zap them */
- if (keyword[0] == '[')
- {
- keyword++;
- p = strchr(value, ']');
- if (p)
- *p = 0;
- }
- /* See if we have a comma separated list of parameters
- * if so copy rest of line back to buffer and redo later.
- */
- p = strchr(value, ',');
- if (p)
- {
- *p = 0;
- strcpy(buf, p + 1);
- strcat(buf, "\n");
- decr = 1;
- }
- if (!strcmp(keyword,"Plen"))
- Plen = atoi(value);
- else if (!strcmp(keyword,"Nlen"))
- Nlen = atoi(value);
- else if (!strcmp(keyword,"Tlen"))
- Tlen = atoi(value);
- else if (!strcmp(keyword,"Alen"))
- Alen = atoi(value);
- if (p)
- goto redo;
- if (!strcmp(keyword,"Key"))
- {
- if (Key)
- OPENSSL_free(Key);
- Key = hex2bin_m(value, &l);
- if (l == 16)
- ccm = EVP_aes_128_ccm();
- else if (l == 24)
- ccm = EVP_aes_192_ccm();
- else if (l == 32)
- ccm = EVP_aes_256_ccm();
- else
- {
- fprintf(stderr, "Inconsistent Key length\n");
- exit(1);
- }
- }
- else if (!strcmp(keyword,"Nonce"))
- {
- if (Nonce)
- OPENSSL_free(Nonce);
- Nonce = hex2bin_m(value, &l);
- if (l != Nlen)
- {
- fprintf(stderr, "Inconsistent nonce length\n");
- exit(1);
- }
- }
- else if (!strcmp(keyword,"Payload") && !decr)
- {
- Payload = hex2bin_m(value, &l);
- if (Plen && l != Plen)
- {
- fprintf(stderr, "Inconsistent Payload length\n");
- exit(1);
- }
- }
- else if (!strcmp(keyword,"Adata"))
- {
- if (Adata)
- OPENSSL_free(Adata);
- Adata = hex2bin_m(value, &l);
- if (Alen && l != Alen)
- {
- fprintf(stderr, "Inconsistent Payload length\n");
- exit(1);
- }
- }
- else if (!strcmp(keyword,"CT") && decr)
- {
- CT = hex2bin_m(value, &l);
- if (l != (Plen + Tlen))
- {
- fprintf(stderr, "Inconsistent CT length\n");
- exit(1);
- }
- }
- if (Payload)
- {
- FIPS_cipherinit(&ctx, ccm, NULL, NULL, 1);
- FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
- FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, Tlen, 0);
- FIPS_cipherinit(&ctx, NULL, Key, Nonce, 1);
-
- FIPS_cipher(&ctx, NULL, NULL, Plen);
- FIPS_cipher(&ctx, NULL, Adata, Alen);
- CT = OPENSSL_malloc(Plen + Tlen);
- FIPS_cipher(&ctx, CT, Payload, Plen);
- FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, Tlen,
- CT + Plen);
- OutputValue("CT", CT, Plen + Tlen, out, 0);
- OPENSSL_free(CT);
- OPENSSL_free(Payload);
- CT = Payload = NULL;
- }
- if (CT)
- {
- int rv;
- int len = Plen == 0 ? 1: Plen;
- FIPS_cipherinit(&ctx, ccm, NULL, NULL, 0);
- FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
- FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
- Tlen, CT + Plen);
- FIPS_cipherinit(&ctx, NULL, Key, Nonce, 0);
- FIPS_cipher(&ctx, NULL, NULL, Plen);
- FIPS_cipher(&ctx, NULL, Adata, Alen);
- Payload = OPENSSL_malloc(len);
- rv = FIPS_cipher(&ctx, Payload, CT, Plen);
- if (rv >= 0)
- {
- if (rv == 0)
- Payload[0] = 0;
- fputs("Result = Pass" RESP_EOL, out);
- OutputValue("Payload", Payload, len, out, 0);
- }
- else
- fputs("Result = Fail" RESP_EOL, out);
- OPENSSL_free(CT);
- OPENSSL_free(Payload);
- CT = Payload = NULL;
- }
- }
- if (Key)
- OPENSSL_free(Key);
- if (Nonce)
- OPENSSL_free(Nonce);
- if (Adata)
- OPENSSL_free(Adata);
- FIPS_cipher_ctx_cleanup(&ctx);
- }
-
-#ifdef FIPS_ALGVS
-int fips_gcmtest_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
- {
- int encrypt;
- int xts = 0, ccm = 0;
- FILE *in, *out;
- if (argc == 4)
- {
- in = fopen(argv[2], "r");
- if (!in)
- {
- fprintf(stderr, "Error opening input file\n");
- exit(1);
- }
- out = fopen(argv[3], "w");
- if (!out)
- {
- fprintf(stderr, "Error opening output file\n");
- exit(1);
- }
- }
- else if (argc == 2)
- {
- in = stdin;
- out = stdout;
- }
- else
- {
- fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]);
- exit(1);
- }
- fips_algtest_init();
- if(!strcmp(argv[1],"-encrypt"))
- encrypt = 1;
- else if(!strcmp(argv[1],"-encryptIVext"))
- encrypt = 2;
- else if(!strcmp(argv[1],"-decrypt"))
- encrypt = 0;
- else if(!strcmp(argv[1],"-ccm"))
- ccm = 1;
- else if(!strcmp(argv[1],"-xts"))
- xts = 1;
- else
- {
- fprintf(stderr,"Don't know how to %s.\n",argv[1]);
- exit(1);
- }
-
- if (ccm)
- ccmtest(in, out);
- else if (xts)
- xtstest(in, out);
- else
- gcmtest(in, out, encrypt);
-
- if (argc == 4)
- {
- fclose(in);
- fclose(out);
- }
-
- return 0;
-}
-
-#endif
+++ /dev/null
-#
-# OpenSSL/fips/cmac/Makefile
-#
-
-DIR= cmac
-TOP= ../..
-CC= cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR= /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG= makedepend
-MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE= Makefile
-AR= ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=fips_cmactest.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_cmac_selftest.c
-LIBOBJ= fips_cmac_selftest.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER= $(EXHEADER)
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all: lib
-
-lib: $(LIBOBJ)
- @echo $(LIBOBJ) > lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
- @headerlist="$(EXHEADER)"; for i in $$headerlist; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done
-
-tags:
- ctags $(SRC)
-
-tests:
-
-Q=../testvectors/cmac/req
-A=../testvectors/cmac/rsp
-
-fips_test:
- -rm -rf $(A)
- mkdir $(A)
- if [ -f $(Q)/CMACGenAES256.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_cmactest -g < $(Q)/CMACGenAES256.req > $(A)/CMACGenAES256.rsp; fi
- if [ -f $(Q)/CMACVerAES256.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_cmactest -v < $(Q)/CMACVerAES256.req > $(A)/CMACVerAES256.rsp; fi
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_cmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_cmac_selftest.o: ../../include/openssl/cmac.h
-fips_cmac_selftest.o: ../../include/openssl/crypto.h
-fips_cmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_cmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_cmac_selftest.o: ../../include/openssl/lhash.h
-fips_cmac_selftest.o: ../../include/openssl/obj_mac.h
-fips_cmac_selftest.o: ../../include/openssl/objects.h
-fips_cmac_selftest.o: ../../include/openssl/opensslconf.h
-fips_cmac_selftest.o: ../../include/openssl/opensslv.h
-fips_cmac_selftest.o: ../../include/openssl/ossl_typ.h
-fips_cmac_selftest.o: ../../include/openssl/safestack.h
-fips_cmac_selftest.o: ../../include/openssl/stack.h
-fips_cmac_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
-fips_cmac_selftest.o: fips_cmac_selftest.c
-fips_cmactest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_cmactest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_cmactest.o: ../../include/openssl/cmac.h ../../include/openssl/crypto.h
-fips_cmactest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_cmactest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_cmactest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_cmactest.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_cmactest.o: ../../include/openssl/obj_mac.h
-fips_cmactest.o: ../../include/openssl/objects.h
-fips_cmactest.o: ../../include/openssl/opensslconf.h
-fips_cmactest.o: ../../include/openssl/opensslv.h
-fips_cmactest.o: ../../include/openssl/ossl_typ.h
-fips_cmactest.o: ../../include/openssl/safestack.h
-fips_cmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_cmactest.o: ../fips_utl.h fips_cmactest.c
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/cmac.h>
-#include "fips_locl.h"
-
-#ifdef OPENSSL_FIPS
-typedef struct {
- int nid;
- const unsigned char key[EVP_MAX_KEY_LENGTH]; size_t keysize;
- const unsigned char msg[64]; size_t msgsize;
- const unsigned char mac[32]; size_t macsize;
-} CMAC_KAT;
-
-/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */
-__fips_constseg
-static const CMAC_KAT vector[] = {
- { NID_aes_128_cbc, /* Count = 32 from CMACGenAES128.txt */
- { 0x77,0xa7,0x7f,0xaf, 0x29,0x0c,0x1f,0xa3,
- 0x0c,0x68,0x3d,0xf1, 0x6b,0xa7,0xa7,0x7b, }, 128,
- { 0x02,0x06,0x83,0xe1, 0xf0,0x39,0x2f,0x4c,
- 0xac,0x54,0x31,0x8b, 0x60,0x29,0x25,0x9e,
- 0x9c,0x55,0x3d,0xbc, 0x4b,0x6a,0xd9,0x98,
- 0xe6,0x4d,0x58,0xe4, 0xe7,0xdc,0x2e,0x13, }, 256,
- { 0xfb,0xfe,0xa4,0x1b, }, 32
- },
- { NID_aes_192_cbc, /* Count = 23 from CMACGenAES192.txt */
- { 0x7b,0x32,0x39,0x13, 0x69,0xaa,0x4c,0xa9,
- 0x75,0x58,0x09,0x5b, 0xe3,0xc3,0xec,0x86,
- 0x2b,0xd0,0x57,0xce, 0xf1,0xe3,0x2d,0x62, }, 192,
- { 0x0 }, 0,
- { 0xe4,0xd9,0x34,0x0b, 0x03,0xe6,0x7d,0xef,
- 0xd4,0x96,0x9c,0xc1, 0xed,0x37,0x35,0xe6, }, 128,
- },
- { NID_aes_256_cbc, /* Count = 33 from CMACGenAES256.txt */
- { 0x0b,0x12,0x2a,0xc8, 0xf3,0x4e,0xd1,0xfe,
- 0x08,0x2a,0x36,0x25, 0xd1,0x57,0x56,0x14,
- 0x54,0x16,0x7a,0xc1, 0x45,0xa1,0x0b,0xbf,
- 0x77,0xc6,0xa7,0x05, 0x96,0xd5,0x74,0xf1, }, 256,
- { 0x49,0x8b,0x53,0xfd, 0xec,0x87,0xed,0xcb,
- 0xf0,0x70,0x97,0xdc, 0xcd,0xe9,0x3a,0x08,
- 0x4b,0xad,0x75,0x01, 0xa2,0x24,0xe3,0x88,
- 0xdf,0x34,0x9c,0xe1, 0x89,0x59,0xfe,0x84,
- 0x85,0xf8,0xad,0x15, 0x37,0xf0,0xd8,0x96,
- 0xea,0x73,0xbe,0xdc, 0x72,0x14,0x71,0x3f, }, 384,
- { 0xf6,0x2c,0x46,0x32, 0x9b, }, 40,
- },
- { NID_des_ede3_cbc, /* Count = 41 from CMACGenTDES3.req */
- { 0x89,0xbc,0xd9,0x52, 0xa8,0xc8,0xab,0x37,
- 0x1a,0xf4,0x8a,0xc7, 0xd0,0x70,0x85,0xd5,
- 0xef,0xf7,0x02,0xe6, 0xd6,0x2c,0xdc,0x23, }, 192,
- { 0xfa,0x62,0x0c,0x1b, 0xbe,0x97,0x31,0x9e,
- 0x9a,0x0c,0xf0,0x49, 0x21,0x21,0xf7,0xa2,
- 0x0e,0xb0,0x8a,0x6a, 0x70,0x9d,0xcb,0xd0,
- 0x0a,0xaf,0x38,0xe4, 0xf9,0x9e,0x75,0x4e, }, 256,
- { 0x8f,0x49,0xa1,0xb7, 0xd6,0xaa,0x22,0x58, }, 64,
- },
-};
-
-int FIPS_selftest_cmac()
- {
- size_t n, outlen;
- unsigned char out[32];
- const EVP_CIPHER *cipher;
- CMAC_CTX *ctx = CMAC_CTX_new();
- const CMAC_KAT *t;
- int subid = -1, rv = 1;
-
- for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
- {
- cipher = FIPS_get_cipherbynid(t->nid);
- if (!cipher)
- {
- rv = -1;
- goto err;
- }
- subid = M_EVP_CIPHER_nid(cipher);
- if (!fips_post_started(FIPS_TEST_CMAC, subid, 0))
- continue;
- if (!CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0))
- {
- rv = -1;
- goto err;
- }
- if (!CMAC_Update(ctx, t->msg, t->msgsize/8))
- {
- rv = -1;
- goto err;
- }
-
- if (!fips_post_corrupt(FIPS_TEST_CMAC, subid, NULL))
- {
- if (!CMAC_Update(ctx, t->msg, 1))
- {
- rv = -1;
- goto err;
- }
- }
- if (!CMAC_Final(ctx, out, &outlen))
- {
- rv = -1;
- goto err;
- }
- CMAC_CTX_cleanup(ctx);
-
- if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))
- {
- fips_post_failed(FIPS_TEST_CMAC, subid, NULL);
- rv = 0;
- }
- else if (!fips_post_success(FIPS_TEST_CMAC, subid, NULL))
- {
- rv = 0;
- goto err;
- }
- }
-
- err:
- CMAC_CTX_free(ctx);
-
- if (rv == -1)
- {
- fips_post_failed(FIPS_TEST_CMAC, subid, NULL);
- rv = 0;
- }
- if (!rv)
- FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
-
- return rv;
- }
-#endif
+++ /dev/null
-/* fips_cmactest.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/cmac.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
- printf("No FIPS CMAC support\n");
- return(0);
-}
-
-#else
-
-#include <openssl/fips.h>
-#include "fips_utl.h"
-
-static int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
- int mode, int Klen_counts_keys, int known_keylen);
-static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
- unsigned char *Key, int Klen,
- unsigned char *Msg, int Msglen,
- int Tlen);
-static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
- unsigned char *Key, int Klen,
- unsigned char *Msg, int Msglen,
- unsigned char *Mac, int Maclen,
- int Tlen);
-
-#ifdef FIPS_ALGVS
-int fips_cmactest_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
- {
- FILE *in = NULL, *out = NULL;
- int mode = 0; /* 0 => Generate, 1 => Verify */
- int Klen_counts_keys = 0; /* 0 => Klen is size of one key
- 1 => Klen is amount of keys
- */
- int known_keylen = 0; /* Only set when Klen_counts_keys = 1 */
- const EVP_CIPHER *cipher = 0;
- int ret = 1;
- fips_algtest_init();
-
- while (argc > 1 && argv[1][0] == '-')
- {
- switch (argv[1][1])
- {
- case 'a':
- {
- char *p = &argv[1][2];
- if (*p == '\0')
- {
- if (argc <= 2)
- {
- fprintf(stderr, "Option %s needs a value\n", argv[1]);
- goto end;
- }
- argv++;
- argc--;
- p = &argv[1][0];
- }
- if (!strcmp(p, "aes128"))
- cipher = EVP_aes_128_cbc();
- else if (!strcmp(p, "aes192"))
- cipher = EVP_aes_192_cbc();
- else if (!strcmp(p, "aes256"))
- cipher = EVP_aes_256_cbc();
- else if (!strcmp(p, "tdea3") || !strcmp(p, "tdes3"))
- {
- cipher = EVP_des_ede3_cbc();
- Klen_counts_keys = 1;
- known_keylen = 8;
- }
- else
- {
- fprintf(stderr, "Unknown algorithm %s\n", p);
- goto end;
- }
- }
- break;
- case 'g':
- mode = 0;
- break;
- case 'v':
- mode = 1;
- break;
- default:
- fprintf(stderr, "Unknown option %s\n", argv[1]);
- goto end;
- }
- argv++;
- argc--;
- }
- if (argc == 1)
- in = stdin;
- else
- in = fopen(argv[1], "r");
-
- if (argc < 2)
- out = stdout;
- else
- out = fopen(argv[2], "w");
-
- if (!in)
- {
- fprintf(stderr, "FATAL input initialization error\n");
- goto end;
- }
-
- if (!out)
- {
- fprintf(stderr, "FATAL output initialization error\n");
- goto end;
- }
-
- if (!cmac_test(cipher, out, in, mode,
- Klen_counts_keys, known_keylen))
- {
- fprintf(stderr, "FATAL cmac file processing error\n");
- goto end;
- }
- else
- ret = 0;
-
- end:
-
- if (in && (in != stdin))
- fclose(in);
- if (out && (out != stdout))
- fclose(out);
-
- return ret;
-
- }
-
-#define CMAC_TEST_MAXLINELEN 150000
-
-int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
- int mode, int Klen_counts_keys, int known_keylen)
- {
- char *linebuf, *olinebuf, *p, *q;
- char *keyword, *value;
- unsigned char **Keys = NULL, *Msg = NULL, *Mac = NULL;
- unsigned char *Key = NULL;
- int Count, Klen, Mlen, Tlen;
- long Keylen, Msglen, Maclen;
- int ret = 0;
- int lnum = 0;
-
- olinebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
- linebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
-
- if (!linebuf || !olinebuf)
- goto error;
-
- Count = -1;
- Klen = -1;
- Mlen = -1;
- Tlen = -1;
-
- while (fgets(olinebuf, CMAC_TEST_MAXLINELEN, in))
- {
- lnum++;
- strcpy(linebuf, olinebuf);
- keyword = linebuf;
- /* Skip leading space */
- while (isspace((unsigned char)*keyword))
- keyword++;
-
- /* Skip comments */
- if (keyword[0] == '#')
- {
- if (fputs(olinebuf, out) < 0)
- goto error;
- continue;
- }
-
- /* Look for = sign */
- p = strchr(linebuf, '=');
-
- /* If no = or starts with [ (for [L=20] line) just copy */
- if (!p)
- {
- if (fputs(olinebuf, out) < 0)
- goto error;
- continue;
- }
-
- q = p - 1;
-
- /* Remove trailing space */
- while (isspace((unsigned char)*q))
- *q-- = 0;
-
- *p = 0;
- value = p + 1;
-
- /* Remove leading space from value */
- while (isspace((unsigned char)*value))
- value++;
-
- /* Remove trailing space from value */
- p = value + strlen(value) - 1;
-
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
-
- if (!strcmp(keyword, "Count"))
- {
- if (Count != -1)
- goto parse_error;
- Count = atoi(value);
- if (Count < 0)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Klen"))
- {
- if (Klen != -1)
- goto parse_error;
- Klen = atoi(value);
- if (Klen < 0)
- goto parse_error;
- if (Klen_counts_keys)
- {
- Keys = OPENSSL_malloc(sizeof(*Keys) * Klen);
- memset(Keys, '\0', sizeof(*Keys) * Klen);
- }
- else
- {
- Keys = OPENSSL_malloc(sizeof(*Keys));
- memset(Keys, '\0', sizeof(*Keys));
- }
- }
- else if (!strcmp(keyword, "Mlen"))
- {
- if (Mlen != -1)
- goto parse_error;
- Mlen = atoi(value);
- if (Mlen < 0)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Tlen"))
- {
- if (Tlen != -1)
- goto parse_error;
- Tlen = atoi(value);
- if (Tlen < 0)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Key") && !Klen_counts_keys)
- {
- if (Keys[0])
- goto parse_error;
- Keys[0] = hex2bin_m(value, &Keylen);
- if (!Keys[0])
- goto parse_error;
- }
- else if (!strncmp(keyword, "Key", 3) && Klen_counts_keys)
- {
- int keynum = atoi(keyword + 3);
- if (!keynum || keynum > Klen || Keys[keynum-1])
- goto parse_error;
- Keys[keynum-1] = hex2bin_m(value, &Keylen);
- if (!Keys[keynum-1])
- goto parse_error;
- }
- else if (!strcmp(keyword, "Msg"))
- {
- if (Msg)
- goto parse_error;
- Msg = hex2bin_m(value, &Msglen);
- if (!Msg)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Mac"))
- {
- if (mode == 0)
- continue;
- if (Mac)
- goto parse_error;
- Mac = hex2bin_m(value, &Maclen);
- if (!Mac)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Result"))
- {
- if (mode == 1)
- continue;
- goto parse_error;
- }
- else
- goto parse_error;
-
- fputs(olinebuf, out);
-
- if (Keys && Msg && (!mode || Mac) && (Tlen > 0) && (Klen > 0))
- {
- if (Klen_counts_keys)
- {
- int x;
- Key = OPENSSL_malloc(Klen * known_keylen);
- for (x = 0; x < Klen; x++)
- {
- memcpy(Key + x * known_keylen,
- Keys[x], known_keylen);
- OPENSSL_free(Keys[x]);
- }
- Klen *= known_keylen;
- }
- else
- {
- Key = OPENSSL_malloc(Klen);
- memcpy(Key, Keys[0], Klen);
- OPENSSL_free(Keys[0]);
- }
- OPENSSL_free(Keys);
-
- switch(mode)
- {
- case 0:
- if (!print_cmac_gen(cipher, out,
- Key, Klen,
- Msg, Mlen,
- Tlen))
- goto error;
- break;
- case 1:
- if (!print_cmac_ver(cipher, out,
- Key, Klen,
- Msg, Mlen,
- Mac, Maclen,
- Tlen))
- goto error;
- break;
- }
-
- OPENSSL_free(Key);
- Key = NULL;
- OPENSSL_free(Msg);
- Msg = NULL;
- OPENSSL_free(Mac);
- Mac = NULL;
- Klen = -1;
- Mlen = -1;
- Tlen = -1;
- Count = -1;
- }
- }
-
-
- ret = 1;
-
-
- error:
-
- if (olinebuf)
- OPENSSL_free(olinebuf);
- if (linebuf)
- OPENSSL_free(linebuf);
- if (Key)
- OPENSSL_free(Key);
- if (Msg)
- OPENSSL_free(Msg);
- if (Mac)
- OPENSSL_free(Mac);
-
- return ret;
-
- parse_error:
-
- fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
-
- goto error;
-
- }
-
-static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
- unsigned char *Key, int Klen,
- unsigned char *Msg, int Mlen,
- int Tlen)
- {
- int rc, i;
- size_t reslen;
- unsigned char res[128];
- CMAC_CTX *cmac_ctx = CMAC_CTX_new();
-
- CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
- CMAC_Update(cmac_ctx, Msg, Mlen);
- if (!CMAC_Final(cmac_ctx, res, &reslen))
- {
- fputs("Error calculating CMAC\n", stderr);
- rc = 0;
- }
- else if (Tlen > (int)reslen)
- {
- fputs("Parameter error, Tlen > CMAC length\n", stderr);
- rc = 0;
- }
- else
- {
- fputs("Mac = ", out);
- for (i = 0; i < Tlen; i++)
- fprintf(out, "%02x", res[i]);
- fputs(RESP_EOL, out);
- rc = 1;
- }
- CMAC_CTX_free(cmac_ctx);
- return rc;
- }
-
-static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
- unsigned char *Key, int Klen,
- unsigned char *Msg, int Mlen,
- unsigned char *Mac, int Maclen,
- int Tlen)
- {
- int rc = 1;
- size_t reslen;
- unsigned char res[128];
- CMAC_CTX *cmac_ctx = CMAC_CTX_new();
-
- CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
- CMAC_Update(cmac_ctx, Msg, Mlen);
- if (!CMAC_Final(cmac_ctx, res, &reslen))
- {
- fputs("Error calculating CMAC\n", stderr);
- rc = 0;
- }
- else if (Tlen > (int)reslen)
- {
- fputs("Parameter error, Tlen > CMAC length\n", stderr);
- rc = 0;
- }
- else if (Tlen != Maclen)
- {
- fputs("Parameter error, Tlen != resulting Mac length\n", stderr);
- rc = 0;
- }
- else
- {
- if (!memcmp(Mac, res, Maclen))
- fputs("Result = P" RESP_EOL, out);
- else
- fputs("Result = F" RESP_EOL, out);
- }
- CMAC_CTX_free(cmac_ctx);
- return rc;
- }
-
-#endif
+++ /dev/null
-#
-# OpenSSL/fips/des/Makefile
-#
-
-DIR= des
-TOP= ../..
-CC= cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR= /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG= makedepend
-MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE= Makefile
-AR= ar r
-
-ASFLAGS= $(INCLUDES) $(ASFLAG)
-AFLAGS= $(ASFLAGS)
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST= fips_desmovs.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_des_selftest.c
-LIBOBJ=fips_des_selftest.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER=
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all: lib
-
-lib: $(LIBOBJ)
- @echo $(LIBOBJ) > lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
- @headerlist="$(EXHEADER)"; for i in $$headerlist; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done
-
-tags:
- ctags $(SRC)
-
-tests:
-
-fips_test:
- -find ../testvectors/tdes/req -name '*.req' > testlist
- -rm -rf ../testvectors/tdes/rsp
- mkdir ../testvectors/tdes/rsp
- if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_desmovs -d testlist; fi
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) \
- $(SRC) $(TEST)
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff testlist
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_des_selftest.o: ../../include/openssl/crypto.h
-fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_des_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_des_selftest.o: ../../include/openssl/lhash.h
-fips_des_selftest.o: ../../include/openssl/obj_mac.h
-fips_des_selftest.o: ../../include/openssl/objects.h
-fips_des_selftest.o: ../../include/openssl/opensslconf.h
-fips_des_selftest.o: ../../include/openssl/opensslv.h
-fips_des_selftest.o: ../../include/openssl/ossl_typ.h
-fips_des_selftest.o: ../../include/openssl/safestack.h
-fips_des_selftest.o: ../../include/openssl/stack.h
-fips_des_selftest.o: ../../include/openssl/symhacks.h fips_des_selftest.c
-fips_desmovs.o: ../../e_os.h ../../include/openssl/aes.h
-fips_desmovs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_desmovs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_desmovs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-fips_desmovs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_desmovs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_desmovs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_desmovs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_desmovs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_desmovs.o: ../../include/openssl/opensslconf.h
-fips_desmovs.o: ../../include/openssl/opensslv.h
-fips_desmovs.o: ../../include/openssl/ossl_typ.h
-fips_desmovs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_desmovs.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-fips_desmovs.o: ../../include/openssl/ui_compat.h ../fips_utl.h fips_desmovs.c
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/evp.h>
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_FIPS
-
-__fips_constseg
-static const struct
- {
- const unsigned char key[24];
- const unsigned char plaintext[8];
- const unsigned char ciphertext[8];
- } tests3[]=
- {
- {
- { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
- 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 },
- { 0x8f,0x8f,0xbf,0x9b,0x5d,0x48,0xb4,0x1c },
- { 0x59,0x8c,0xe5,0xd3,0x6c,0xa2,0xea,0x1b },
- },
- {
- { 0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE,
- 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
- 0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
- { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
- { 0x11,0x25,0xb0,0x35,0xbe,0xa0,0x82,0x86 },
- },
- };
-
-int FIPS_selftest_des()
- {
- int n, ret = 0;
- EVP_CIPHER_CTX ctx;
- FIPS_cipher_ctx_init(&ctx);
-
- /* Encrypt/decrypt with 3DES and compare to known answers */
- for(n=0 ; n < 2 ; ++n)
- {
- if (!fips_cipher_test(FIPS_TEST_CIPHER, &ctx, EVP_des_ede3_ecb(),
- tests3[n].key, NULL,
- tests3[n].plaintext, tests3[n].ciphertext, 8))
- goto err;
- }
- ret = 1;
- err:
- FIPS_cipher_ctx_cleanup(&ctx);
- if (ret == 0)
- FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
-
- return ret;
- }
-#endif
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-/*---------------------------------------------
- NIST DES Modes of Operation Validation System
- Test Program
-
- Based on the AES Validation Suite, which was:
- Donated to OpenSSL by:
- V-ONE Corporation
- 20250 Century Blvd, Suite 300
- Germantown, MD 20874
- U.S.A.
- ----------------------------------------------*/
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <assert.h>
-#include <ctype.h>
-#include <openssl/crypto.h>
-#include <openssl/des.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-
-#include <openssl/err.h>
-#include "e_os.h"
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
- printf("No FIPS DES support\n");
- return(0);
-}
-
-#else
-
-#include "fips_utl.h"
-#include <openssl/fips.h>
-
-#define DES_BLOCK_SIZE 8
-
-#define VERBOSE 0
-
-static int DESTest(EVP_CIPHER_CTX *ctx,
- char *amode, int akeysz, unsigned char *aKey,
- unsigned char *iVec,
- int dir, /* 0 = decrypt, 1 = encrypt */
- unsigned char *out, unsigned char *in, int len)
- {
- const EVP_CIPHER *cipher = NULL;
-
- if (akeysz != 192)
- {
- printf("Invalid key size: %d\n", akeysz);
- return 0;
- }
-
- if (fips_strcasecmp(amode, "CBC") == 0)
- cipher = EVP_des_ede3_cbc();
- else if (fips_strcasecmp(amode, "ECB") == 0)
- cipher = EVP_des_ede3_ecb();
- else if (fips_strcasecmp(amode, "CFB64") == 0)
- cipher = EVP_des_ede3_cfb64();
- else if (fips_strncasecmp(amode, "OFB", 3) == 0)
- cipher = EVP_des_ede3_ofb();
- else if(!fips_strcasecmp(amode,"CFB8"))
- cipher = EVP_des_ede3_cfb8();
- else if(!fips_strcasecmp(amode,"CFB1"))
- cipher = EVP_des_ede3_cfb1();
- else
- {
- printf("Unknown mode: %s\n", amode);
- return 0;
- }
-
- if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0)
- return 0;
- if(!fips_strcasecmp(amode,"CFB1"))
- M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
- FIPS_cipher(ctx, out, in, len);
-
- return 1;
- }
-#if 0
-static void DebugValue(char *tag, unsigned char *val, int len)
- {
- char obuf[2048];
- int olen;
- olen = bin2hex(val, len, obuf);
- printf("%s = %.*s\n", tag, olen, obuf);
- }
-#endif
-static void shiftin(unsigned char *dst,unsigned char *src,int nbits)
- {
- int n;
-
- /* move the bytes... */
- memmove(dst,dst+nbits/8,3*8-nbits/8);
- /* append new data */
- memcpy(dst+3*8-nbits/8,src,(nbits+7)/8);
- /* left shift the bits */
- if(nbits%8)
- for(n=0 ; n < 3*8 ; ++n)
- dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8));
- }
-
-/*-----------------------------------------------*/
-char *tdes_t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
-char *tdes_t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
-enum tdes_Mode {TCBC, TECB, TOFB, TCFB1, TCFB8, TCFB64};
-int Sizes[6]={64,64,64,1,8,64};
-
-static int do_tmct(char *amode,
- int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec,
- int dir, unsigned char *text, int len,
- FILE *rfp)
- {
- int i,imode;
- unsigned char nk[4*8]; /* longest key+8 */
- unsigned char text0[8];
-
- for (imode=0 ; imode < 6 ; ++imode)
- if(!strcmp(amode,tdes_t_mode[imode]))
- break;
- if (imode == 6)
- {
- printf("Unrecognized mode: %s\n", amode);
- return 0;
- }
- for(i=0 ; i < 400 ; ++i)
- {
- int j;
- int n;
- int kp=akeysz/64;
- unsigned char old_iv[8];
- EVP_CIPHER_CTX ctx;
- FIPS_cipher_ctx_init(&ctx);
-
- fprintf(rfp,RESP_EOL "COUNT = %d" RESP_EOL,i);
- if(kp == 1)
- OutputValue("KEY",akey,8,rfp,0);
- else
- for(n=0 ; n < kp ; ++n)
- {
- fprintf(rfp,"KEY%d",n+1);
- OutputValue("",akey+n*8,8,rfp,0);
- }
-
- if(imode != TECB)
- OutputValue("IV",ivec,8,rfp,0);
- OutputValue(tdes_t_tag[dir^1],text,len,rfp,imode == TCFB1);
-#if 0
- /* compensate for endianness */
- if(imode == TCFB1)
- text[0]<<=7;
-#endif
- memcpy(text0,text,8);
-
- for(j=0 ; j < 10000 ; ++j)
- {
- unsigned char old_text[8];
-
- memcpy(old_text,text,8);
- if(j == 0)
- {
- memcpy(old_iv,ivec,8);
- DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len);
- }
- else
- {
- memcpy(old_iv,ctx.iv,8);
- FIPS_cipher(&ctx,text,text,len);
- }
- if(j == 9999)
- {
- OutputValue(tdes_t_tag[dir],text,len,rfp,imode == TCFB1);
- /* memcpy(ivec,text,8); */
- }
- /* DebugValue("iv",ctx.iv,8); */
- /* accumulate material for the next key */
- shiftin(nk,text,Sizes[imode]);
- /* DebugValue("nk",nk,24);*/
- if((dir && (imode == TCFB1 || imode == TCFB8
- || imode == TCFB64 || imode == TCBC)) || imode == TOFB)
- memcpy(text,old_iv,8);
-
- if(!dir && (imode == TCFB1 || imode == TCFB8 || imode == TCFB64))
- {
- /* the test specifies using the output of the raw DES operation
- which we don't have, so reconstruct it... */
- for(n=0 ; n < 8 ; ++n)
- text[n]^=old_text[n];
- }
- }
- for(n=0 ; n < 8 ; ++n)
- akey[n]^=nk[16+n];
- for(n=0 ; n < 8 ; ++n)
- akey[8+n]^=nk[8+n];
- for(n=0 ; n < 8 ; ++n)
- akey[16+n]^=nk[n];
- if(numkeys < 3)
- memcpy(&akey[2*8],akey,8);
- if(numkeys < 2)
- memcpy(&akey[8],akey,8);
- DES_set_odd_parity((DES_cblock *)akey);
- DES_set_odd_parity((DES_cblock *)(akey+8));
- DES_set_odd_parity((DES_cblock *)(akey+16));
- memcpy(ivec,ctx.iv,8);
-
- /* pointless exercise - the final text doesn't depend on the
- initial text in OFB mode, so who cares what it is? (Who
- designed these tests?) */
- if(imode == TOFB)
- for(n=0 ; n < 8 ; ++n)
- text[n]=text0[n]^old_iv[n];
- FIPS_cipher_ctx_cleanup(&ctx);
- }
- return 1;
- }
-
-static int tproc_file(char *rqfile, char *rspfile)
- {
- char afn[256], rfn[256];
- FILE *afp = NULL, *rfp = NULL;
- char ibuf[2048], tbuf[2048];
- int len;
- char amode[8] = "";
- char atest[100] = "";
- int akeysz=0;
- unsigned char iVec[20], aKey[40];
- int dir = -1, err = 0, step = 0, echo = 1;
- unsigned char plaintext[2048];
- unsigned char ciphertext[2048];
- char *rp;
- EVP_CIPHER_CTX ctx;
- int numkeys=1;
- FIPS_cipher_ctx_init(&ctx);
-
- if (!rqfile || !(*rqfile))
- {
- printf("No req file\n");
- return -1;
- }
- strcpy(afn, rqfile);
-
- if ((afp = fopen(afn, "r")) == NULL)
- {
- printf("Cannot open file: %s, %s\n",
- afn, strerror(errno));
- return -1;
- }
- if (!rspfile)
- {
- strcpy(rfn,afn);
- rp=strstr(rfn,"req/");
-#ifdef OPENSSL_SYS_WIN32
- if (!rp)
- rp=strstr(rfn,"req\\");
-#endif
- assert(rp);
- memcpy(rp,"rsp",3);
- rp = strstr(rfn, ".req");
- memcpy(rp, ".rsp", 4);
- rspfile = rfn;
- }
- if ((rfp = fopen(rspfile, "w")) == NULL)
- {
- printf("Cannot open file: %s, %s\n",
- rfn, strerror(errno));
- fclose(afp);
- afp = NULL;
- return -1;
- }
- while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
- {
- tidy_line(tbuf, ibuf);
- /* printf("step=%d ibuf=%s",step,ibuf);*/
- if(step == 3 && !strcmp(amode,"ECB"))
- {
- memset(iVec, 0, sizeof(iVec));
- step = (dir)? 4: 5; /* no ivec for ECB */
- }
- switch (step)
- {
- case 0: /* read preamble */
- if (ibuf[0] == '\n')
- { /* end of preamble */
- if (*amode == '\0')
- {
- printf("Missing Mode\n");
- err = 1;
- }
- else
- {
- copy_line(ibuf, rfp);
- ++ step;
- }
- }
- else if (ibuf[0] != '#')
- {
- printf("Invalid preamble item: %s\n", ibuf);
- err = 1;
- }
- else
- { /* process preamble */
- char *xp, *pp = ibuf+2;
- int n;
- if(*amode)
- { /* insert current time & date */
- time_t rtim = time(0);
- fputs("# ", rfp);
- copy_line(ctime(&rtim), rfp);
- }
- else
- {
- copy_line(ibuf, rfp);
- if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4)
- || !strncmp(pp,"TDES ",5)
- || !strncmp(pp,"PERMUTATION ",12)
- || !strncmp(pp,"SUBSTITUTION ",13)
- || !strncmp(pp,"VARIABLE ",9))
- {
- /* get test type */
- if(!strncmp(pp,"DES ",4))
- pp+=4;
- else if(!strncmp(pp,"TDES ",5))
- pp+=5;
- xp = strchr(pp, ' ');
- n = xp-pp;
- strncpy(atest, pp, n);
- atest[n] = '\0';
- /* get mode */
- xp = strrchr(pp, ' '); /* get mode" */
- n = strlen(xp+1)-1;
- strncpy(amode, xp+1, n);
- amode[n] = '\0';
- if (!strcmp(atest, "Monte"))
- echo = 0;
- /* amode[3] = '\0'; */
- if (VERBOSE)
- printf("Test=%s, Mode=%s\n",atest,amode);
- }
- }
- }
- break;
-
- case 1: /* [ENCRYPT] | [DECRYPT] */
- if(ibuf[0] == '\n')
- break;
- if (ibuf[0] == '[')
- {
- copy_line(ibuf, rfp);
- ++step;
- if (fips_strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
- dir = 1;
- else if (fips_strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
- dir = 0;
- else
- {
- printf("Invalid keyword: %s\n", ibuf);
- err = 1;
- }
- break;
- }
- else if (dir == -1)
- {
- err = 1;
- printf("Missing ENCRYPT/DECRYPT keyword\n");
- break;
- }
- else
- step = 2;
-
- case 2: /* KEY = xxxx */
- if(*ibuf == '\n')
- {
- copy_line(ibuf, rfp);
- break;
- }
- if(!fips_strncasecmp(ibuf,"COUNT = ",8))
- {
- copy_line(ibuf, rfp);
- break;
- }
- if(!fips_strncasecmp(ibuf,"COUNT=",6))
- {
- copy_line(ibuf, rfp);
- break;
- }
- if(!fips_strncasecmp(ibuf,"NumKeys = ",10))
- {
- numkeys=atoi(ibuf+10);
- break;
- }
- if (echo)
- copy_line(ibuf, rfp);
- if(!fips_strncasecmp(ibuf,"KEY = ",6))
- {
- akeysz=64;
- len = hex2bin((char*)ibuf+6, aKey);
- if (len < 0)
- {
- printf("Invalid KEY\n");
- err=1;
- break;
- }
- PrintValue("KEY", aKey, len);
- ++step;
- }
- else if(!fips_strncasecmp(ibuf,"KEYs = ",7))
- {
- akeysz=64*3;
- len=hex2bin(ibuf+7,aKey);
- if(len != 8)
- {
- printf("Invalid KEY\n");
- err=1;
- break;
- }
- memcpy(aKey+8,aKey,8);
- memcpy(aKey+16,aKey,8);
- ibuf[4]='\0';
- PrintValue("KEYs",aKey,len);
- ++step;
- }
- else if(!fips_strncasecmp(ibuf,"KEY",3))
- {
- int n=ibuf[3]-'1';
-
- akeysz=64*3;
- len=hex2bin(ibuf+7,aKey+n*8);
- if(len != 8)
- {
- printf("Invalid KEY\n");
- err=1;
- break;
- }
- ibuf[4]='\0';
- PrintValue(ibuf,aKey,len);
- if(n == 2)
- ++step;
- }
- else
- {
- printf("Missing KEY\n");
- err = 1;
- }
- break;
-
- case 3: /* IV = xxxx */
- if (echo)
- copy_line(ibuf, rfp);
- if (fips_strncasecmp(ibuf, "IV = ", 5) != 0)
- {
- printf("Missing IV\n");
- err = 1;
- }
- else
- {
- len = hex2bin((char*)ibuf+5, iVec);
- if (len < 0)
- {
- printf("Invalid IV\n");
- err =1;
- break;
- }
- PrintValue("IV", iVec, len);
- step = (dir)? 4: 5;
- }
- break;
-
- case 4: /* PLAINTEXT = xxxx */
- if (echo)
- copy_line(ibuf, rfp);
- if (fips_strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
- {
- printf("Missing PLAINTEXT\n");
- err = 1;
- }
- else
- {
- int nn = strlen(ibuf+12);
- if(!strcmp(amode,"CFB1"))
- len=bint2bin(ibuf+12,nn-1,plaintext);
- else
- len=hex2bin(ibuf+12, plaintext);
- if (len < 0)
- {
- printf("Invalid PLAINTEXT: %s", ibuf+12);
- err =1;
- break;
- }
- if (len >= (int)sizeof(plaintext))
- {
- printf("Buffer overflow\n");
- }
- PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
- if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
- {
- if (!do_tmct(amode,akeysz,numkeys,aKey,iVec,
- dir,plaintext,len,rfp))
- return -1;
- }
- else
- {
- assert(dir == 1);
- DESTest(&ctx, amode, akeysz, aKey, iVec,
- dir, /* 0 = decrypt, 1 = encrypt */
- ciphertext, plaintext, len);
- OutputValue("CIPHERTEXT",ciphertext,len,rfp,
- !strcmp(amode,"CFB1"));
- }
- step = 6;
- }
- break;
-
- case 5: /* CIPHERTEXT = xxxx */
- if (echo)
- copy_line(ibuf, rfp);
- if (fips_strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
- {
- printf("Missing KEY\n");
- err = 1;
- }
- else
- {
- if(!strcmp(amode,"CFB1"))
- len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
- else
- len = hex2bin(ibuf+13,ciphertext);
- if (len < 0)
- {
- printf("Invalid CIPHERTEXT\n");
- err =1;
- break;
- }
-
- PrintValue("CIPHERTEXT", ciphertext, len);
- if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
- {
- do_tmct(amode, akeysz, numkeys, aKey, iVec,
- dir, ciphertext, len, rfp);
- }
- else
- {
- assert(dir == 0);
- DESTest(&ctx, amode, akeysz, aKey, iVec,
- dir, /* 0 = decrypt, 1 = encrypt */
- plaintext, ciphertext, len);
- OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
- !strcmp(amode,"CFB1"));
- }
- step = 6;
- }
- break;
-
- case 6:
- if (ibuf[0] != '\n')
- {
- err = 1;
- printf("Missing terminator\n");
- }
- else if (strcmp(atest, "MCT") != 0)
- { /* MCT already added terminating nl */
- copy_line(ibuf, rfp);
- }
- step = 1;
- break;
- }
- }
- if (rfp)
- fclose(rfp);
- if (afp)
- fclose(afp);
- FIPS_cipher_ctx_cleanup(&ctx);
- return err;
- }
-
-/*--------------------------------------------------
- Processes either a single file or
- a set of files whose names are passed in a file.
- A single file is specified as:
- aes_test -f xxx.req
- A set of files is specified as:
- aes_test -d xxxxx.xxx
- The default is: -d req.txt
---------------------------------------------------*/
-#ifdef FIPS_ALGVS
-int fips_desmovs_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
- {
- char *rqlist = "req.txt", *rspfile = NULL;
- FILE *fp = NULL;
- char fn[250] = "", rfn[256] = "";
- int d_opt = 1;
-
- fips_algtest_init();
- if (argc > 1)
- {
- if (fips_strcasecmp(argv[1], "-d") == 0)
- {
- d_opt = 1;
- }
- else if (fips_strcasecmp(argv[1], "-f") == 0)
- {
- d_opt = 0;
- }
- else
- {
- printf("Invalid parameter: %s\n", argv[1]);
- return 0;
- }
- if (argc < 3)
- {
- printf("Missing parameter\n");
- return 0;
- }
- if (d_opt)
- rqlist = argv[2];
- else
- {
- strcpy(fn, argv[2]);
- rspfile = argv[3];
- }
- }
- if (d_opt)
- { /* list of files (directory) */
- if (!(fp = fopen(rqlist, "r")))
- {
- printf("Cannot open req list file\n");
- return -1;
- }
- while (fgets(fn, sizeof(fn), fp))
- {
- strtok(fn, "\r\n");
- strcpy(rfn, fn);
- printf("Processing: %s\n", rfn);
- if (tproc_file(rfn, rspfile))
- {
- printf(">>> Processing failed for: %s <<<\n", rfn);
- return -1;
- }
- }
- fclose(fp);
- }
- else /* single file */
- {
- if (VERBOSE)
- printf("Processing: %s\n", fn);
- if (tproc_file(fn, rspfile))
- {
- printf(">>> Processing failed for: %s <<<\n", fn);
- }
- }
- return 0;
- }
-
-#endif
+++ /dev/null
-#
-# OpenSSL/fips/dh/Makefile
-#
-
-DIR= dh
-TOP= ../..
-CC= cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR= /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG= makedepend
-MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE= Makefile
-AR= ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST= fips_dhvs.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_dh_lib.c
-LIBOBJ= fips_dh_lib.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER= $(EXHEADER)
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all: lib
-
-lib: $(LIBOBJ)
- @echo $(LIBOBJ) > lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
- @headerlist="$(EXHEADER)"; for i in $$headerlist; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done
-
-tags:
- ctags $(SRC)
-
-tests:
-
-fips_test:
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-fips_dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
-fips_dh_lib.o: ../../include/openssl/opensslconf.h
-fips_dh_lib.o: ../../include/openssl/opensslv.h
-fips_dh_lib.o: ../../include/openssl/ossl_typ.h
-fips_dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_dh_lib.o: ../../include/openssl/symhacks.h fips_dh_lib.c
-fips_dhvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_dhvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_dhvs.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-fips_dhvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_dhvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_dhvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_dhvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_dhvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_dhvs.o: ../../include/openssl/opensslconf.h
-fips_dhvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-fips_dhvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_dhvs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_dhvs.c
+++ /dev/null
-/* fips_dh_lib.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/fips.h>
-
-/* Minimal FIPS versions of FIPS_dh_new() and FIPS_dh_free(): to
- * reduce external dependencies.
- */
-
-DH *FIPS_dh_new(void)
- {
- DH *ret;
- ret = OPENSSL_malloc(sizeof(DH));
- if (!ret)
- return NULL;
- memset(ret, 0, sizeof(DH));
- ret->meth = DH_OpenSSL();
- if (ret->meth->init)
- ret->meth->init(ret);
- return ret;
- }
-
-void FIPS_dh_free(DH *r)
- {
- if (!r)
- return;
- if (r->meth->finish)
- r->meth->finish(r);
- if (r->p != NULL) BN_clear_free(r->p);
- if (r->g != NULL) BN_clear_free(r->g);
- if (r->q != NULL) BN_clear_free(r->q);
- if (r->j != NULL) BN_clear_free(r->j);
- if (r->seed) OPENSSL_free(r->seed);
- if (r->counter != NULL) BN_clear_free(r->counter);
- if (r->pub_key != NULL) BN_clear_free(r->pub_key);
- if (r->priv_key != NULL) BN_clear_free(r->priv_key);
- OPENSSL_free(r);
- }
+++ /dev/null
-/* fips/dh/fips_dhvs.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#define OPENSSL_FIPSAPI
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-#include <stdio.h>
-
-int main(int argc, char **argv)
-{
- printf("No FIPS DH support\n");
- return(0);
-}
-#else
-
-#include <openssl/crypto.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <string.h>
-#include <ctype.h>
-
-#include "fips_utl.h"
-
-static const EVP_MD *parse_md(char *line)
- {
- char *p;
- if (line[0] != '[' || line[1] != 'F')
- return NULL;
- p = strchr(line, '-');
- if (!p)
- return NULL;
- line = p + 1;
- p = strchr(line, ']');
- if (!p)
- return NULL;
- *p = 0;
- p = line;
- while(isspace(*p))
- p++;
- if (!strcmp(p, "SHA1"))
- return EVP_sha1();
- else if (!strcmp(p, "SHA224"))
- return EVP_sha224();
- else if (!strcmp(p, "SHA256"))
- return EVP_sha256();
- else if (!strcmp(p, "SHA384"))
- return EVP_sha384();
- else if (!strcmp(p, "SHA512"))
- return EVP_sha512();
- else
- return NULL;
- }
-
-static void output_Zhash(FILE *out, int exout,
- DH *dh, BIGNUM *peerkey, const EVP_MD *md,
- unsigned char *rhash, size_t rhashlen)
- {
- unsigned char *Z;
- unsigned char chash[EVP_MAX_MD_SIZE];
- int Zlen;
- if (rhash == NULL)
- {
- rhashlen = M_EVP_MD_size(md);
- if (!DH_generate_key(dh))
- exit (1);
- do_bn_print_name(out, "YephemIUT", dh->pub_key);
- if (exout)
- do_bn_print_name(out, "XephemIUT", dh->priv_key);
- }
- Z = OPENSSL_malloc(BN_num_bytes(dh->p));
- if (!Z)
- exit(1);
- Zlen = DH_compute_key_padded(Z, peerkey, dh);
- if (exout)
- OutputValue("Z", Z, Zlen, out, 0);
- FIPS_digest(Z, Zlen, chash, NULL, md);
- OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0);
- if (rhash)
- {
- fprintf(out, "Result = %s\n",
- memcmp(chash, rhash, rhashlen) ? "F" : "P");
- }
- else
- {
- BN_clear_free(dh->priv_key);
- BN_clear_free(dh->pub_key);
- dh->priv_key = NULL;
- dh->pub_key = NULL;
- }
- OPENSSL_cleanse(Z, Zlen);
- OPENSSL_free(Z);
- }
-
-#ifdef FIPS_ALGVS
-int fips_dhvs_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
- {
- char **args = argv + 1;
- int argn = argc - 1;
- FILE *in, *out;
- char buf[2048], lbuf[2048];
- unsigned char *rhash;
- long rhashlen;
- DH *dh = NULL;
- const EVP_MD *md = NULL;
- BIGNUM *peerkey = NULL;
- char *keyword = NULL, *value = NULL;
- int do_verify = -1, exout = 0;
-
- fips_algtest_init();
-
- if (argn && !strcmp(*args, "dhver"))
- {
- do_verify = 1;
- args++;
- argn--;
- }
- else if (argn && !strcmp(*args, "dhgen"))
- {
- do_verify = 0;
- args++;
- argn--;
- }
-
- if (argn && !strcmp(*args, "-exout"))
- {
- exout = 1;
- args++;
- argn--;
- }
-
- if (do_verify == -1)
- {
- fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
- exit(1);
- }
-
- if (argn == 2)
- {
- in = fopen(*args, "r");
- if (!in)
- {
- fprintf(stderr, "Error opening input file\n");
- exit(1);
- }
- out = fopen(args[1], "w");
- if (!out)
- {
- fprintf(stderr, "Error opening output file\n");
- exit(1);
- }
- }
- else if (argn == 0)
- {
- in = stdin;
- out = stdout;
- }
- else
- {
- fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
- exit(1);
- }
-
- dh = FIPS_dh_new();
-
- while (fgets(buf, sizeof(buf), in) != NULL)
- {
- fputs(buf, out);
- if (strlen(buf) > 6 && !strncmp(buf, "[F", 2))
- {
- md = parse_md(buf);
- if (md == NULL)
- goto parse_error;
- if (dh)
- FIPS_dh_free(dh);
- dh = FIPS_dh_new();
- continue;
- }
- if (!parse_line(&keyword, &value, lbuf, buf))
- continue;
- if (!strcmp(keyword, "P"))
- {
- if (!do_hex2bn(&dh->p, value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "Q"))
- {
- if (!do_hex2bn(&dh->q, value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "G"))
- {
- if (!do_hex2bn(&dh->g, value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "XephemIUT"))
- {
- if (!do_hex2bn(&dh->priv_key, value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "YephemIUT"))
- {
- if (!do_hex2bn(&dh->pub_key, value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "YephemCAVS"))
- {
- if (!do_hex2bn(&peerkey, value))
- goto parse_error;
- if (do_verify == 0)
- output_Zhash(out, exout, dh, peerkey, md,
- NULL, 0);
- }
- else if (!strcmp(keyword, "CAVSHashZZ"))
- {
- if (!md)
- goto parse_error;
- rhash = hex2bin_m(value, &rhashlen);
- if (!rhash || rhashlen != M_EVP_MD_size(md))
- goto parse_error;
- output_Zhash(out, exout, dh, peerkey, md,
- rhash, rhashlen);
- }
- }
- if (in && in != stdin)
- fclose(in);
- if (out && out != stdout)
- fclose(out);
- return 0;
- parse_error:
- fprintf(stderr, "Error Parsing request file\n");
- exit(1);
- }
-
-#endif
+++ /dev/null
-#
-# OpenSSL/fips/dsa/Makefile
-#
-
-DIR= dsa
-TOP= ../..
-CC= cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR= /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG= makedepend
-MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE= Makefile
-AR= ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=fips_dsatest.c fips_dssvs.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_dsa_selftest.c \
- fips_dsa_lib.c fips_dsa_sign.c
-LIBOBJ= fips_dsa_selftest.o \
- fips_dsa_lib.o fips_dsa_sign.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER= $(EXHEADER)
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all: lib
-
-lib: $(LIBOBJ)
- @echo $(LIBOBJ) > lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
- @headerlist="$(EXHEADER)"; for i in $$headerlist; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done
-
-tags:
- ctags $(SRC)
-
-tests:
-
-Q=../testvectors/dsa/req
-A=../testvectors/dsa/rsp
-
-fips_test:
- -rm -rf $A
- mkdir $A
- if [ -f $(Q)/PQGGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs pqg < $(Q)/PQGGen.req > $(A)/PQGGen.rsp; fi
- if [ -f $(Q)/KeyPair.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs keypair < $(Q)/KeyPair.req > $(A)/KeyPair.rsp; fi
- if [ -f $(Q)/SigGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs siggen < $(Q)/SigGen.req > $(A)/SigGen.rsp; fi
- if [ -f $(Q)/SigVer.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp; fi
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-fips_dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
-fips_dsa_lib.o: ../../include/openssl/opensslconf.h
-fips_dsa_lib.o: ../../include/openssl/opensslv.h
-fips_dsa_lib.o: ../../include/openssl/ossl_typ.h
-fips_dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_dsa_lib.o: ../../include/openssl/symhacks.h fips_dsa_lib.c
-fips_dsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_dsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_dsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-fips_dsa_selftest.o: ../../include/openssl/obj_mac.h
-fips_dsa_selftest.o: ../../include/openssl/objects.h
-fips_dsa_selftest.o: ../../include/openssl/opensslconf.h
-fips_dsa_selftest.o: ../../include/openssl/opensslv.h
-fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h
-fips_dsa_selftest.o: ../../include/openssl/safestack.h
-fips_dsa_selftest.o: ../../include/openssl/stack.h
-fips_dsa_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
-fips_dsa_selftest.o: fips_dsa_selftest.c
-fips_dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-fips_dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-fips_dsa_sign.o: ../../include/openssl/objects.h
-fips_dsa_sign.o: ../../include/openssl/opensslconf.h
-fips_dsa_sign.o: ../../include/openssl/opensslv.h
-fips_dsa_sign.o: ../../include/openssl/ossl_typ.h
-fips_dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-fips_dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_dsa_sign.o: fips_dsa_sign.c
-fips_dsatest.o: ../../e_os.h ../../include/openssl/aes.h
-fips_dsatest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_dsatest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_dsatest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-fips_dsatest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-fips_dsatest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_dsatest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
-fips_dsatest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-fips_dsatest.o: ../../include/openssl/objects.h
-fips_dsatest.o: ../../include/openssl/opensslconf.h
-fips_dsatest.o: ../../include/openssl/opensslv.h
-fips_dsatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-fips_dsatest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_dsatest.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_dsatest.c
-fips_dssvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_dssvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_dssvs.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-fips_dssvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_dssvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_dssvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_dssvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_dssvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_dssvs.o: ../../include/openssl/opensslconf.h
-fips_dssvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-fips_dssvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_dssvs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_dssvs.c
+++ /dev/null
-/* fips_dsa_lib.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/dsa.h>
-#include <openssl/bn.h>
-#include <openssl/fips.h>
-
-/* Minimal FIPS versions of FIPS_dsa_new() and FIPS_dsa_free: to
- * reduce external dependencies.
- */
-
-DSA *FIPS_dsa_new(void)
- {
- DSA *ret;
- ret = OPENSSL_malloc(sizeof(DSA));
- if (!ret)
- return NULL;
- memset(ret, 0, sizeof(DSA));
- ret->meth = DSA_OpenSSL();
- if (ret->meth->init)
- ret->meth->init(ret);
- return ret;
- }
-
-void FIPS_dsa_free(DSA *r)
- {
- if (!r)
- return;
- if (r->meth->finish)
- r->meth->finish(r);
- if (r->p != NULL) BN_clear_free(r->p);
- if (r->q != NULL) BN_clear_free(r->q);
- if (r->g != NULL) BN_clear_free(r->g);
- if (r->pub_key != NULL) BN_clear_free(r->pub_key);
- if (r->priv_key != NULL) BN_clear_free(r->priv_key);
- if (r->kinv != NULL) BN_clear_free(r->kinv);
- if (r->r != NULL) BN_clear_free(r->r);
- OPENSSL_free(r);
- }
-
-DSA_SIG *FIPS_dsa_sig_new(void)
- {
- DSA_SIG *sig;
- sig = OPENSSL_malloc(sizeof(DSA_SIG));
- if (!sig)
- return NULL;
- sig->r = NULL;
- sig->s = NULL;
- return sig;
- }
-
-void FIPS_dsa_sig_free(DSA_SIG *sig)
- {
- if (sig)
- {
- if (sig->r)
- BN_free(sig->r);
- if (sig->s)
- BN_free(sig->s);
- OPENSSL_free(sig);
- }
- }
-
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include "fips_locl.h"
-
-#ifdef OPENSSL_FIPS
-
-__fips_constseg
-static const unsigned char dsa_test_2048_p[] = {
- 0xa8,0x53,0x78,0xd8,0xfd,0x3f,0x8d,0x72,0xec,0x74,0x18,0x08,
- 0x0d,0xa2,0x13,0x17,0xe4,0x3e,0xc4,0xb6,0x2b,0xa8,0xc8,0x62,
- 0x3b,0x7e,0x4d,0x04,0x44,0x1d,0xd1,0xa0,0x65,0x86,0x62,0x59,
- 0x64,0x93,0xca,0x8e,0x9e,0x8f,0xbb,0x7e,0x34,0xaa,0xdd,0xb6,
- 0x2e,0x5d,0x67,0xb6,0xd0,0x9a,0x6e,0x61,0xb7,0x69,0xe7,0xc3,
- 0x52,0xaa,0x2b,0x10,0xe2,0x0c,0xa0,0x63,0x69,0x63,0xb5,0x52,
- 0x3e,0x86,0x47,0x0d,0xec,0xbb,0xed,0xa0,0x27,0xe7,0x97,0xe7,
- 0xb6,0x76,0x35,0xd4,0xd4,0x9c,0x30,0x70,0x0e,0x74,0xaf,0x8a,
- 0x0f,0xf1,0x56,0xa8,0x01,0xaf,0x57,0xa2,0x6e,0x70,0x78,0xf1,
- 0xd8,0x2f,0x74,0x90,0x8e,0xcb,0x6d,0x07,0xe7,0x0b,0x35,0x03,
- 0xee,0xd9,0x4f,0xa3,0x2c,0xf1,0x7a,0x7f,0xc3,0xd6,0xcf,0x40,
- 0xdc,0x7b,0x00,0x83,0x0e,0x6a,0x25,0x66,0xdc,0x07,0x3e,0x34,
- 0x33,0x12,0x51,0x7c,0x6a,0xa5,0x15,0x2b,0x4b,0xfe,0xcd,0x2e,
- 0x55,0x1f,0xee,0x34,0x63,0x18,0xa1,0x53,0x42,0x3c,0x99,0x6b,
- 0x0d,0x5d,0xcb,0x91,0x02,0xae,0xdd,0x38,0x79,0x86,0x16,0xf1,
- 0xf1,0xe0,0xd6,0xc4,0x03,0x52,0x5b,0x1f,0x9b,0x3d,0x4d,0xc7,
- 0x66,0xde,0x2d,0xfc,0x4a,0x56,0xd7,0xb8,0xba,0x59,0x63,0xd6,
- 0x0f,0x3e,0x16,0x31,0x88,0x70,0xad,0x43,0x69,0x52,0xe5,0x57,
- 0x65,0x37,0x4e,0xab,0x85,0xe8,0xec,0x17,0xd6,0xb9,0xa4,0x54,
- 0x7b,0x9b,0x5f,0x27,0x52,0xf3,0x10,0x5b,0xe8,0x09,0xb2,0x3a,
- 0x2c,0x8d,0x74,0x69,0xdb,0x02,0xe2,0x4d,0x59,0x23,0x94,0xa7,
- 0xdb,0xa0,0x69,0xe9
-};
-__fips_constseg
-static const unsigned char dsa_test_2048_q[] = {
- 0xd2,0x77,0x04,0x4e,0x50,0xf5,0xa4,0xe3,0xf5,0x10,0xa5,0x0a,
- 0x0b,0x84,0xfd,0xff,0xbc,0xa0,0x47,0xed,0x27,0x60,0x20,0x56,
- 0x74,0x41,0xa0,0xa5
-};
-__fips_constseg
-static const unsigned char dsa_test_2048_g[] = {
- 0x13,0xd7,0x54,0xe2,0x1f,0xd2,0x41,0x65,0x5d,0xa8,0x91,0xc5,
- 0x22,0xa6,0x5a,0x72,0xa8,0x9b,0xdc,0x64,0xec,0x9b,0x54,0xa8,
- 0x21,0xed,0x4a,0x89,0x8b,0x49,0x0e,0x0c,0x4f,0xcb,0x72,0x19,
- 0x2a,0x4a,0x20,0xf5,0x41,0xf3,0xf2,0x92,0x53,0x99,0xf0,0xba,
- 0xec,0xf9,0x29,0xaa,0xfb,0xf7,0x9d,0xfe,0x43,0x32,0x39,0x3b,
- 0x32,0xcd,0x2e,0x2f,0xcf,0x27,0x2f,0x32,0xa6,0x27,0x43,0x4a,
- 0x0d,0xf2,0x42,0xb7,0x5b,0x41,0x4d,0xf3,0x72,0x12,0x1e,0x53,
- 0xa5,0x53,0xf2,0x22,0xf8,0x36,0xb0,0x00,0xf0,0x16,0x48,0x5b,
- 0x6b,0xd0,0x89,0x84,0x51,0x80,0x1d,0xcd,0x8d,0xe6,0x4c,0xd5,
- 0x36,0x56,0x96,0xff,0xc5,0x32,0xd5,0x28,0xc5,0x06,0x62,0x0a,
- 0x94,0x2a,0x03,0x05,0x04,0x6d,0x8f,0x18,0x76,0x34,0x1f,0x1e,
- 0x57,0x0b,0xc3,0x97,0x4b,0xa6,0xb9,0xa4,0x38,0xe9,0x70,0x23,
- 0x02,0xa2,0xe6,0xe6,0x7b,0xfd,0x06,0xd3,0x2b,0xc6,0x79,0x96,
- 0x22,0x71,0xd7,0xb4,0x0c,0xd7,0x2f,0x38,0x6e,0x64,0xe0,0xd7,
- 0xef,0x86,0xca,0x8c,0xa5,0xd1,0x42,0x28,0xdc,0x2a,0x4f,0x16,
- 0xe3,0x18,0x98,0x86,0xb5,0x99,0x06,0x74,0xf4,0x20,0x0f,0x3a,
- 0x4c,0xf6,0x5a,0x3f,0x0d,0xdb,0xa1,0xfa,0x67,0x2d,0xff,0x2f,
- 0x5e,0x14,0x3d,0x10,0xe4,0xe9,0x7a,0xe8,0x4f,0x6d,0xa0,0x95,
- 0x35,0xd5,0xb9,0xdf,0x25,0x91,0x81,0xa7,0x9b,0x63,0xb0,0x69,
- 0xe9,0x49,0x97,0x2b,0x02,0xba,0x36,0xb3,0x58,0x6a,0xab,0x7e,
- 0x45,0xf3,0x22,0xf8,0x2e,0x4e,0x85,0xca,0x3a,0xb8,0x55,0x91,
- 0xb3,0xc2,0xa9,0x66
-};
-
-__fips_constseg
-static const unsigned char dsa_test_2048_pub_key[] = {
- 0x24,0x52,0xf3,0xcc,0xbe,0x9e,0xd5,0xca,0x7d,0xc7,0x4c,0x60,
- 0x2b,0x99,0x22,0x6e,0x8f,0x2f,0xab,0x38,0xe7,0xd7,0xdd,0xfb,
- 0x75,0x53,0x9b,0x17,0x15,0x5e,0x9f,0xcf,0xd1,0xab,0xa5,0x64,
- 0xeb,0x85,0x35,0xd8,0x12,0xc9,0xc2,0xdc,0xf9,0x72,0x84,0x44,
- 0x1b,0xc4,0x82,0x24,0x36,0x24,0xc7,0xf4,0x57,0x58,0x0c,0x1c,
- 0x38,0xa5,0x7c,0x46,0xc4,0x57,0x39,0x24,0x70,0xed,0xb5,0x2c,
- 0xb5,0xa6,0xe0,0x3f,0xe6,0x28,0x7b,0xb6,0xf4,0x9a,0x42,0xa2,
- 0x06,0x5a,0x05,0x4f,0x03,0x08,0x39,0xdf,0x1f,0xd3,0x14,0x9c,
- 0x4c,0xa0,0x53,0x1d,0xd8,0xca,0x8a,0xaa,0x9c,0xc7,0x33,0x71,
- 0x93,0x38,0x73,0x48,0x33,0x61,0x18,0x22,0x45,0x45,0xe8,0x8c,
- 0x80,0xff,0xd8,0x76,0x5d,0x74,0x36,0x03,0x33,0xcc,0xab,0x99,
- 0x72,0x77,0x9b,0x65,0x25,0xa6,0x5b,0xdd,0x0d,0x10,0xc6,0x75,
- 0xc1,0x09,0xbb,0xd3,0xe5,0xbe,0x4d,0x72,0xef,0x6e,0xba,0x6e,
- 0x43,0x8d,0x52,0x26,0x23,0x7d,0xb8,0x88,0x37,0x9c,0x5f,0xcc,
- 0x47,0xa3,0x84,0x7f,0xf6,0x37,0x11,0xba,0xed,0x6d,0x03,0xaf,
- 0xe8,0x1e,0x69,0x4a,0x41,0x3b,0x68,0x0b,0xd3,0x8a,0xb4,0x90,
- 0x3f,0x83,0x70,0xa7,0x07,0xef,0x55,0x1d,0x49,0x41,0x02,0x6d,
- 0x95,0x79,0xd6,0x91,0xde,0x8e,0xda,0xa1,0x61,0x05,0xeb,0x9d,
- 0xba,0x3c,0x2f,0x4c,0x1b,0xec,0x50,0x82,0x75,0xaa,0x02,0x07,
- 0xe2,0x51,0xb5,0xec,0xcb,0x28,0x6a,0x4b,0x01,0xd4,0x49,0xd3,
- 0x0a,0xcb,0x67,0x37,0x17,0xa0,0xd2,0xfb,0x3b,0x50,0xc8,0x93,
- 0xf7,0xda,0xb1,0x4f
-};
-__fips_constseg
-static const unsigned char dsa_test_2048_priv_key[] = {
- 0x0c,0x4b,0x30,0x89,0xd1,0xb8,0x62,0xcb,0x3c,0x43,0x64,0x91,
- 0xf0,0x91,0x54,0x70,0xc5,0x27,0x96,0xe3,0xac,0xbe,0xe8,0x00,
- 0xec,0x55,0xf6,0xcc
-};
-
-int FIPS_selftest_dsa()
- {
- DSA *dsa=NULL;
- EVP_PKEY pk;
- int ret = 0;
-
- dsa = FIPS_dsa_new();
-
- if(dsa == NULL)
- goto err;
-
- fips_load_key_component(dsa, p, dsa_test_2048);
- fips_load_key_component(dsa, q, dsa_test_2048);
- fips_load_key_component(dsa, g, dsa_test_2048);
- fips_load_key_component(dsa, pub_key, dsa_test_2048);
- fips_load_key_component(dsa, priv_key, dsa_test_2048);
-
- pk.type = EVP_PKEY_DSA;
- pk.pkey.dsa = dsa;
-
- if (!fips_pkey_signature_test(FIPS_TEST_SIGNATURE, &pk, NULL, 0,
- NULL, 0, EVP_sha384(), 0,
- "DSA SHA384"))
- goto err;
- ret = 1;
-
- err:
- if (dsa)
- FIPS_dsa_free(dsa);
- return ret;
- }
-#endif
+++ /dev/null
-/* fips_dsa_sign.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/evp.h>
-#include <openssl/dsa.h>
-#include <openssl/err.h>
-#include <openssl/sha.h>
-#include <openssl/bn.h>
-
-#ifdef OPENSSL_FIPS
-
-/* FIPS versions of DSA_sign() and DSA_verify().
- * Handle DSA_SIG structures to avoid need to handle ASN1.
- */
-
-DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx)
- {
- DSA_SIG *s;
- unsigned char dig[EVP_MAX_MD_SIZE];
- unsigned int dlen;
- FIPS_digestfinal(ctx, dig, &dlen);
- s = dsa->meth->dsa_do_sign(dig,dlen,dsa);
- OPENSSL_cleanse(dig, dlen);
- return s;
- }
-
-DSA_SIG * FIPS_dsa_sign_digest(DSA *dsa, const unsigned char *dig, int dlen)
- {
- if (FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_FIPS_DSA_SIGN_DIGEST, FIPS_R_SELFTEST_FAILED);
- return NULL;
- }
- return dsa->meth->dsa_do_sign(dig, dlen, dsa);
- }
-
-int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s)
- {
- int ret=-1;
- unsigned char dig[EVP_MAX_MD_SIZE];
- unsigned int dlen;
- FIPS_digestfinal(ctx, dig, &dlen);
- ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
- OPENSSL_cleanse(dig, dlen);
- return ret;
- }
-
-int FIPS_dsa_verify_digest(DSA *dsa,
- const unsigned char *dig, int dlen, DSA_SIG *s)
- {
- if (FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_FIPS_DSA_VERIFY_DIGEST, FIPS_R_SELFTEST_FAILED);
- return -1;
- }
- return dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
- }
-
-int FIPS_dsa_verify(DSA *dsa, const unsigned char *msg, size_t msglen,
- const EVP_MD *mhash, DSA_SIG *s)
- {
- int ret=-1;
- unsigned char dig[EVP_MAX_MD_SIZE];
- unsigned int dlen;
- FIPS_digest(msg, msglen, dig, &dlen, mhash);
- ret=FIPS_dsa_verify_digest(dsa, dig, dlen, s);
- OPENSSL_cleanse(dig, dlen);
- return ret;
- }
-
-DSA_SIG * FIPS_dsa_sign(DSA *dsa, const unsigned char *msg, size_t msglen,
- const EVP_MD *mhash)
- {
- DSA_SIG *s;
- unsigned char dig[EVP_MAX_MD_SIZE];
- unsigned int dlen;
- FIPS_digest(msg, msglen, dig, &dlen, mhash);
- s = FIPS_dsa_sign_digest(dsa, dig, dlen);
- OPENSSL_cleanse(dig, dlen);
- return s;
- }
-
-#endif
+++ /dev/null
-/* crypto/dsa/dsatest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include "e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-
-
-#if defined(OPENSSL_NO_DSA) || !defined(OPENSSL_FIPS)
-int main(int argc, char *argv[])
-{
- printf("No FIPS DSA support\n");
- return(0);
-}
-#else
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include <openssl/dsa.h>
-
-#ifdef OPENSSL_SYS_WIN16
-#define MS_CALLBACK _far _loadds
-#else
-#define MS_CALLBACK
-#endif
-
-#include "fips_utl.h"
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
-
-/* seed, out_p, out_q, out_g are taken from the earlier validation test
- * vectors.
- */
-
-static unsigned char seed[20] = {
- 0x1c, 0xfb, 0xa9, 0x6c, 0xf7, 0x95, 0xb3, 0x2e, 0x01, 0x01, 0x3c, 0x8d,
- 0x7f, 0x6e, 0xf4, 0x59, 0xcc, 0x2f, 0x19, 0x59
- };
-
-static unsigned char out_p[] = {
- 0xc2, 0x3c, 0x48, 0x31, 0x7e, 0x3b, 0x4e, 0x5d, 0x3c, 0x93, 0x78, 0x60,
- 0x5c, 0xf2, 0x60, 0xbb, 0x5a, 0xfa, 0x7f, 0x17, 0xf9, 0x26, 0x69, 0x46,
- 0xe7, 0x07, 0xbb, 0x3b, 0x2e, 0xc4, 0xb5, 0x66, 0xf7, 0x4d, 0xae, 0x9b,
- 0x8f, 0xf0, 0x42, 0xea, 0xb3, 0xa0, 0x7e, 0x81, 0x85, 0x89, 0xe6, 0xb0,
- 0x29, 0x03, 0x6b, 0xcc, 0xfb, 0x8e, 0x46, 0x15, 0x4d, 0xc1, 0x69, 0xd8,
- 0x2f, 0xef, 0x5c, 0x8b, 0x29, 0x32, 0x41, 0xbd, 0x13, 0x72, 0x3d, 0xac,
- 0x81, 0xcc, 0x86, 0x6c, 0x06, 0x5d, 0x51, 0xa1, 0xa5, 0x07, 0x0c, 0x3e,
- 0xbe, 0xdd, 0xf4, 0x6e, 0xa8, 0xed, 0xb4, 0x2f, 0xbd, 0x3e, 0x64, 0xea,
- 0xee, 0x92, 0xec, 0x51, 0xe1, 0x0d, 0xab, 0x25, 0x45, 0xae, 0x55, 0x21,
- 0x4d, 0xd6, 0x96, 0x6f, 0xe6, 0xaa, 0xd3, 0xca, 0x87, 0x92, 0xb1, 0x1c,
- 0x3c, 0xaf, 0x29, 0x09, 0x8b, 0xc6, 0xed, 0xe1
- };
-
-static unsigned char out_q[] = {
- 0xae, 0x0a, 0x8c, 0xfb, 0x80, 0xe1, 0xc6, 0xd1, 0x09, 0x0f, 0x26, 0xde,
- 0x91, 0x53, 0xc2, 0x8b, 0x2b, 0x0f, 0xde, 0x7f
- };
-
-static unsigned char out_g[] = {
- 0x0d, 0x7d, 0x92, 0x74, 0x10, 0xf6, 0xa4, 0x43, 0x86, 0x9a, 0xd1, 0xd9,
- 0x56, 0x00, 0xbc, 0x18, 0x97, 0x99, 0x4e, 0x9a, 0x93, 0xfb, 0x00, 0x3d,
- 0x6c, 0xa0, 0x1b, 0x95, 0x6b, 0xbd, 0xf7, 0x7a, 0xbc, 0x36, 0x3f, 0x3d,
- 0xb9, 0xbf, 0xf9, 0x91, 0x37, 0x68, 0xd1, 0xb9, 0x1e, 0xfe, 0x7f, 0x10,
- 0xc0, 0x6a, 0xcd, 0x5f, 0xc1, 0x65, 0x1a, 0xb8, 0xe7, 0xab, 0xb5, 0xc6,
- 0x8d, 0xb7, 0x86, 0xad, 0x3a, 0xbf, 0x6b, 0x7b, 0x0a, 0x66, 0xbe, 0xd5,
- 0x58, 0x23, 0x16, 0x48, 0x83, 0x29, 0xb6, 0xa7, 0x64, 0xc7, 0x08, 0xbe,
- 0x55, 0x4c, 0x6f, 0xcb, 0x34, 0xc1, 0x73, 0xb0, 0x39, 0x68, 0x52, 0xdf,
- 0x27, 0x7f, 0x32, 0xbc, 0x2b, 0x0d, 0x63, 0xed, 0x75, 0x3e, 0xb5, 0x54,
- 0xac, 0xc8, 0x20, 0x2a, 0x73, 0xe8, 0x29, 0x51, 0x03, 0x77, 0xe8, 0xc9,
- 0x61, 0x32, 0x25, 0xaf, 0x21, 0x5b, 0x6e, 0xda
- };
-
-
-__fips_constseg
-static const unsigned char str1[]="12345678901234567890";
-
-__fips_constseg
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-int main(int argc, char **argv)
- {
- DSA *dsa=NULL;
- DSA_SIG *sig = NULL;
- int counter,ret=0,i,j;
- unsigned char buf[256];
- unsigned long h;
- BN_GENCB cb;
- BN_GENCB_set(&cb, dsa_cb, stderr);
-
- fips_algtest_init();
-
- fprintf(stderr,"test generation of DSA parameters\n");
-
- dsa = FIPS_dsa_new();
- DSA_generate_parameters_ex(dsa, 1024,seed,20,&counter,&h,&cb);
-
- fprintf(stderr,"seed\n");
- for (i=0; i<20; i+=4)
- {
- fprintf(stderr,"%02X%02X%02X%02X ",
- seed[i],seed[i+1],seed[i+2],seed[i+3]);
- }
- fprintf(stderr,"\ncounter=%d h=%ld\n",counter,h);
-
- if (dsa == NULL) goto end;
- if (counter != 16)
- {
- fprintf(stderr,"counter should be 105\n");
- goto end;
- }
- if (h != 2)
- {
- fprintf(stderr,"h should be 2\n");
- goto end;
- }
-
- i=BN_bn2bin(dsa->q,buf);
- j=sizeof(out_q);
- if ((i != j) || (memcmp(buf,out_q,i) != 0))
- {
- fprintf(stderr,"q value is wrong\n");
- goto end;
- }
-
- i=BN_bn2bin(dsa->p,buf);
- j=sizeof(out_p);
- if ((i != j) || (memcmp(buf,out_p,i) != 0))
- {
- fprintf(stderr,"p value is wrong\n");
- goto end;
- }
-
- i=BN_bn2bin(dsa->g,buf);
- j=sizeof(out_g);
- if ((i != j) || (memcmp(buf,out_g,i) != 0))
- {
- fprintf(stderr,"g value is wrong\n");
- goto end;
- }
- DSA_generate_key(dsa);
-
- sig = FIPS_dsa_sign(dsa, str1, 20, EVP_sha1());
- if (!sig)
- goto end;
-
- if (FIPS_dsa_verify(dsa, str1, 20, EVP_sha1(), sig) != 1)
- goto end;
-
- ret = 1;
-
-end:
- if (sig)
- FIPS_dsa_sig_free(sig);
- if (dsa != NULL) FIPS_dsa_free(dsa);
-#if 0
- CRYPTO_mem_leaks(bio_err);
-#endif
- EXIT(!ret);
- return(!ret);
- }
-
-static int cb_exit(int ec)
- {
- EXIT(ec);
- return(0); /* To keep some compilers quiet */
- }
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
- {
- char c='*';
- static int ok=0,num=0;
-
- if (p == 0) { c='.'; num++; };
- if (p == 1) c='+';
- if (p == 2) { c='*'; ok++; }
- if (p == 3) c='\n';
- fwrite(&c,1, 1, cb->arg);
- fflush(cb->arg);
-
- if (!ok && (p == 0) && (num > 1))
- {
- fprintf(cb->arg,"error in dsatest\n");
- cb_exit(1);
- }
- return 1;
- }
-#endif
+++ /dev/null
-
-#define OPENSSL_FIPSAPI
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-#include <stdio.h>
-
-int main(int argc, char **argv)
-{
- printf("No FIPS DSA support\n");
- return(0);
-}
-#else
-
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <string.h>
-#include <ctype.h>
-
-#include "fips_utl.h"
-
-static int parse_mod(char *line, int *pdsa2, int *pL, int *pN,
- const EVP_MD **pmd)
- {
- char lbuf[10240];
- char *keyword, *value;
-
- char *p;
- p = strchr(line, ',');
- if (!p)
- {
- *pL = atoi(line);
- *pdsa2 = 0;
- *pN = 160;
- if (pmd)
- *pmd = EVP_sha1();
- return 1;
- }
- *pdsa2 = 1;
- *p = 0;
- if (!parse_line2(&keyword, &value, lbuf, line, 0))
- return 0;
- if (strcmp(keyword, "L"))
- return 0;
- *pL = atoi(value);
- strcpy(line, p + 1);
- if (pmd)
- p = strchr(line, ',');
- else
- p = strchr(line, ']');
- if (!p)
- return 0;
- *p = 0;
- if (!parse_line2(&keyword, &value, lbuf, line, 0))
- return 0;
- if (strcmp(keyword, "N"))
- return 0;
- *pN = atoi(value);
- if (!pmd)
- return 1;
- strcpy(line, p + 1);
- p = strchr(line, ']');
- if (!p)
- return 0;
- *p = 0;
- p = line;
- while(isspace(*p))
- p++;
- if (!strcmp(p, "SHA-1"))
- *pmd = EVP_sha1();
- else if (!strcmp(p, "SHA-224"))
- *pmd = EVP_sha224();
- else if (!strcmp(p, "SHA-256"))
- *pmd = EVP_sha256();
- else if (!strcmp(p, "SHA-384"))
- *pmd = EVP_sha384();
- else if (!strcmp(p, "SHA-512"))
- *pmd = EVP_sha512();
- else
- return 0;
- return 1;
- }
-
-static void primes(FILE *in, FILE *out)
- {
- char buf[10240];
- char lbuf[10240];
- char *keyword, *value;
-
- while(fgets(buf,sizeof buf,in) != NULL)
- {
- fputs(buf,out);
- if (!parse_line(&keyword, &value, lbuf, buf))
- continue;
- if(!strcmp(keyword,"Prime"))
- {
- BIGNUM *pp;
-
- pp=BN_new();
- do_hex2bn(&pp,value);
- fprintf(out, "result= %c" RESP_EOL,
- BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
- }
- }
- }
-
-int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
- const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
- unsigned char *seed_out,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
- const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
- int idx, unsigned char *seed_out,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-
-int dsa_paramgen_check_g(DSA *dsa);
-
-static void pqg(FILE *in, FILE *out)
- {
- char buf[1024];
- char lbuf[1024];
- char *keyword, *value;
- int dsa2, L, N;
- const EVP_MD *md = NULL;
- BIGNUM *p = NULL, *q = NULL;
- enum pqtype { PQG_NONE, PQG_PQ, PQG_G, PQG_GCANON}
- pqg_type = PQG_NONE;
- int seedlen=-1, idxlen, idx = -1;
- unsigned char seed[1024], idtmp[1024];
-
- while(fgets(buf,sizeof buf,in) != NULL)
- {
- if (buf[0] == '[')
- {
- if (strstr(buf, "Probable"))
- pqg_type = PQG_PQ;
- else if (strstr(buf, "Unverifiable"))
- pqg_type = PQG_G;
- else if (strstr(buf, "Canonical"))
- pqg_type = PQG_GCANON;
- }
- if (!parse_line(&keyword, &value, lbuf, buf))
- {
- fputs(buf,out);
- continue;
- }
- if (strcmp(keyword, "Num"))
- fputs(buf,out);
- if(!strcmp(keyword,"[mod"))
- {
- if (!parse_mod(value, &dsa2, &L, &N, &md))
- {
- fprintf(stderr, "Mod Parse Error\n");
- exit (1);
- }
- }
- else if(!strcmp(keyword,"N")
- || (!strcmp(keyword, "Num") && pqg_type == PQG_PQ))
- {
- int n=atoi(value);
-
- while(n--)
- {
- DSA *dsa;
- int counter;
- unsigned long h;
- dsa = FIPS_dsa_new();
-
- if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
- NULL, 0, seed,
- &counter, &h, NULL))
- {
- fprintf(stderr, "Parameter Generation error\n");
- exit(1);
- }
- if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
- NULL, 0, -1, seed,
- &counter, &h, NULL) <= 0)
- {
- fprintf(stderr, "Parameter Generation error\n");
- exit(1);
- }
-
- do_bn_print_name(out, "P",dsa->p);
- do_bn_print_name(out, "Q",dsa->q);
- if (!dsa2)
- do_bn_print_name(out, "G",dsa->g);
- OutputValue(dsa2 ? "domain_parameter_seed" : "Seed",
- seed, M_EVP_MD_size(md), out, 0);
- if (!dsa2)
- {
- fprintf(out, "c = %d" RESP_EOL, counter);
- fprintf(out, "H = %lx" RESP_EOL RESP_EOL,h);
- }
- else
- {
- fprintf(out, "counter = %d" RESP_EOL RESP_EOL, counter);
- }
- FIPS_dsa_free(dsa);
- }
- }
- else if(!strcmp(keyword,"P"))
- p=hex2bn(value);
- else if(!strcmp(keyword,"Q"))
- q=hex2bn(value);
- else if(!strcmp(keyword,"domain_parameter_seed"))
- seedlen = hex2bin(value, seed);
- else if(!strcmp(keyword,"firstseed"))
- seedlen = hex2bin(value, seed);
- else if(!strcmp(keyword,"pseed"))
- seedlen += hex2bin(value, seed + seedlen);
- else if(!strcmp(keyword,"qseed"))
- seedlen += hex2bin(value, seed + seedlen);
- else if(!strcmp(keyword,"index"))
- {
- idxlen = hex2bin(value, idtmp);
- if (idxlen != 1)
- {
- fprintf(stderr, "Index value error\n");
- exit (1);
- }
- idx = idtmp[0];
- }
- if ((idx >= 0 && pqg_type == PQG_GCANON) || (q && pqg_type == PQG_G))
- {
- DSA *dsa;
- dsa = FIPS_dsa_new();
- dsa->p = p;
- dsa->q = q;
- p = q = NULL;
- if (dsa_builtin_paramgen2(dsa, L, N, md,
- seed, seedlen, idx, NULL,
- NULL, NULL, NULL) <= 0)
- {
- fprintf(stderr, "Parameter Generation error\n");
- exit(1);
- }
- do_bn_print_name(out, "G",dsa->g);
- FIPS_dsa_free(dsa);
- idx = -1;
- }
- }
- }
-
-static void pqgver(FILE *in, FILE *out)
- {
- char buf[1024];
- char lbuf[1024];
- char *keyword, *value;
- BIGNUM *p = NULL, *q = NULL, *g = NULL;
- int counter=-1, counter2;
- unsigned long h=0, h2;
- DSA *dsa=NULL;
- int dsa2, L, N, part_test = 0;
- const EVP_MD *md = NULL;
- int seedlen=-1, idxlen, idx = -1;
- unsigned char seed[1024], idtmp[1024];
-
- while(fgets(buf,sizeof buf,in) != NULL)
- {
- if (!parse_line(&keyword, &value, lbuf, buf))
- {
- if (p && q)
- {
- part_test = 1;
- goto partial;
- }
- fputs(buf,out);
- continue;
- }
- fputs(buf, out);
- if(!strcmp(keyword,"[mod"))
- {
- if (!parse_mod(value, &dsa2, &L, &N, &md))
- {
- fprintf(stderr, "Mod Parse Error\n");
- exit (1);
- }
- }
- else if(!strcmp(keyword,"P"))
- p=hex2bn(value);
- else if(!strcmp(keyword,"Q"))
- q=hex2bn(value);
- else if(!strcmp(keyword,"G"))
- g=hex2bn(value);
- else if(!strcmp(keyword,"firstseed"))
- seedlen = hex2bin(value, seed);
- else if(!strcmp(keyword,"pseed"))
- seedlen += hex2bin(value, seed + seedlen);
- else if(!strcmp(keyword,"qseed"))
- seedlen += hex2bin(value, seed + seedlen);
- else if(!strcmp(keyword,"Seed")
- || !strcmp(keyword,"domain_parameter_seed"))
- {
- seedlen = hex2bin(value, seed);
- if (!dsa2 && seedlen != 20)
- {
- fprintf(stderr, "Seed parse length error\n");
- exit (1);
- }
- if (idx > 0)
- part_test = 1;
- }
- else if(!strcmp(keyword,"index"))
- {
- idxlen = hex2bin(value, idtmp);
- if (idxlen != 1)
- {
- fprintf(stderr, "Index value error\n");
- exit (1);
- }
- idx = idtmp[0];
- }
- else if(!strcmp(keyword,"c"))
- counter = atoi(buf+4);
- partial:
- if (part_test && idx < 0 && h == 0 && g)
- {
- dsa = FIPS_dsa_new();
- dsa->p = BN_dup(p);
- dsa->q = BN_dup(q);
- dsa->g = BN_dup(g);
- if (dsa_paramgen_check_g(dsa))
- fprintf(out, "Result = P" RESP_EOL);
- else
- fprintf(out, "Result = F" RESP_EOL);
- BN_free(p);
- BN_free(q);
- BN_free(g);
- p = NULL;
- q = NULL;
- g = NULL;
- FIPS_dsa_free(dsa);
- dsa = NULL;
- part_test = 0;
- }
- else if(!strcmp(keyword,"H") || part_test)
- {
- if (!part_test)
- h = atoi(value);
- if (!p || !q || (!g && !part_test))
- {
- fprintf(stderr, "Parse Error\n");
- exit (1);
- }
- dsa = FIPS_dsa_new();
- if (idx >= 0)
- {
- dsa->p = BN_dup(p);
- dsa->q = BN_dup(q);
- }
- no_err = 1;
- if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
- seed, seedlen, NULL,
- &counter2, &h2, NULL))
- {
- fprintf(stderr, "Parameter Generation error\n");
- exit(1);
- }
- if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
- seed, seedlen, idx, NULL,
- &counter2, &h2, NULL) < 0)
- {
- fprintf(stderr, "Parameter Generation error\n");
- exit(1);
- }
- no_err = 0;
- if (idx >= 0)
- {
- if (BN_cmp(dsa->g, g))
- fprintf(out, "Result = F" RESP_EOL);
- else
- fprintf(out, "Result = P" RESP_EOL);
- }
- else if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) ||
- (!part_test &&
- ((BN_cmp(dsa->g, g) || (counter != counter2) || (h != h2)))))
- fprintf(out, "Result = F" RESP_EOL);
- else
- fprintf(out, "Result = P" RESP_EOL);
- BN_free(p);
- BN_free(q);
- BN_free(g);
- p = NULL;
- q = NULL;
- g = NULL;
- FIPS_dsa_free(dsa);
- dsa = NULL;
- if (part_test)
- {
- if (idx == -1)
- fputs(buf,out);
- part_test = 0;
- }
- idx = -1;
- }
- }
- }
-
-/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
- * algorithm tests. It is an additional test to perform sanity checks on the
- * output of the KeyPair test.
- */
-
-static int dss_paramcheck(int L, int N, BIGNUM *p, BIGNUM *q, BIGNUM *g,
- BN_CTX *ctx)
- {
- BIGNUM *rem = NULL;
- if (BN_num_bits(p) != L)
- return 0;
- if (BN_num_bits(q) != N)
- return 0;
- if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
- return 0;
- if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
- return 0;
- rem = BN_new();
- if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
- || (BN_cmp(g, BN_value_one()) <= 0)
- || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
- {
- BN_free(rem);
- return 0;
- }
- /* Todo: check g */
- BN_free(rem);
- return 1;
- }
-
-static void keyver(FILE *in, FILE *out)
- {
- char buf[1024];
- char lbuf[1024];
- char *keyword, *value;
- BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
- BIGNUM *Y2;
- BN_CTX *ctx = NULL;
- int dsa2, L, N;
- int paramcheck = 0;
-
- ctx = BN_CTX_new();
- Y2 = BN_new();
-
- while(fgets(buf,sizeof buf,in) != NULL)
- {
- if (!parse_line(&keyword, &value, lbuf, buf))
- {
- fputs(buf,out);
- continue;
- }
- if(!strcmp(keyword,"[mod"))
- {
- if (p)
- BN_free(p);
- p = NULL;
- if (q)
- BN_free(q);
- q = NULL;
- if (g)
- BN_free(g);
- g = NULL;
- paramcheck = 0;
- if (!parse_mod(value, &dsa2, &L, &N, NULL))
- {
- fprintf(stderr, "Mod Parse Error\n");
- exit (1);
- }
- }
- else if(!strcmp(keyword,"P"))
- p=hex2bn(value);
- else if(!strcmp(keyword,"Q"))
- q=hex2bn(value);
- else if(!strcmp(keyword,"G"))
- g=hex2bn(value);
- else if(!strcmp(keyword,"X"))
- X=hex2bn(value);
- else if(!strcmp(keyword,"Y"))
- {
- Y=hex2bn(value);
- if (!p || !q || !g || !X || !Y)
- {
- fprintf(stderr, "Parse Error\n");
- exit (1);
- }
- do_bn_print_name(out, "P",p);
- do_bn_print_name(out, "Q",q);
- do_bn_print_name(out, "G",g);
- do_bn_print_name(out, "X",X);
- do_bn_print_name(out, "Y",Y);
- if (!paramcheck)
- {
- if (dss_paramcheck(L, N, p, q, g, ctx))
- paramcheck = 1;
- else
- paramcheck = -1;
- }
- if (paramcheck != 1)
- fprintf(out, "Result = F" RESP_EOL);
- else
- {
- if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
- fprintf(out, "Result = F" RESP_EOL);
- else
- fprintf(out, "Result = P" RESP_EOL);
- }
- BN_free(X);
- BN_free(Y);
- X = NULL;
- Y = NULL;
- }
- }
- if (p)
- BN_free(p);
- if (q)
- BN_free(q);
- if (g)
- BN_free(g);
- if (Y2)
- BN_free(Y2);
- if (ctx)
- BN_CTX_free(ctx);
- }
-
-static void keypair(FILE *in, FILE *out)
- {
- char buf[1024];
- char lbuf[1024];
- char *keyword, *value;
- int dsa2, L, N;
-
- while(fgets(buf,sizeof buf,in) != NULL)
- {
- if (!parse_line(&keyword, &value, lbuf, buf))
- {
- continue;
- }
- if(!strcmp(keyword,"[mod"))
- {
- if (!parse_mod(value, &dsa2, &L, &N, NULL))
- {
- fprintf(stderr, "Mod Parse Error\n");
- exit (1);
- }
- fputs(buf,out);
- }
- else if(!strcmp(keyword,"N"))
- {
- DSA *dsa;
- int n=atoi(value);
-
- dsa = FIPS_dsa_new();
- if (!dsa)
- {
- fprintf(stderr, "DSA allocation error\n");
- exit(1);
- }
- if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, NULL, NULL, 0,
- NULL, NULL, NULL, NULL))
- {
- fprintf(stderr, "Parameter Generation error\n");
- exit(1);
- }
- if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, NULL, NULL, 0, -1,
- NULL, NULL, NULL, NULL) <= 0)
- {
- fprintf(stderr, "Parameter Generation error\n");
- exit(1);
- }
- do_bn_print_name(out, "P",dsa->p);
- do_bn_print_name(out, "Q",dsa->q);
- do_bn_print_name(out, "G",dsa->g);
- fputs(RESP_EOL, out);
-
- while(n--)
- {
- if (!DSA_generate_key(dsa))
- exit(1);
-
- do_bn_print_name(out, "X",dsa->priv_key);
- do_bn_print_name(out, "Y",dsa->pub_key);
- fputs(RESP_EOL, out);
- }
- FIPS_dsa_free(dsa);
- }
- }
- }
-
-static void siggen(FILE *in, FILE *out)
- {
- char buf[1024];
- char lbuf[1024];
- char *keyword, *value;
- int dsa2, L, N;
- const EVP_MD *md = NULL;
- DSA *dsa=NULL;
-
- while(fgets(buf,sizeof buf,in) != NULL)
- {
- if (!parse_line(&keyword, &value, lbuf, buf))
- {
- fputs(buf,out);
- continue;
- }
- fputs(buf,out);
- if(!strcmp(keyword,"[mod"))
- {
- if (!parse_mod(value, &dsa2, &L, &N, &md))
- {
- fprintf(stderr, "Mod Parse Error\n");
- exit (1);
- }
- if (dsa)
- FIPS_dsa_free(dsa);
- dsa = FIPS_dsa_new();
- if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md, NULL, 0,
- NULL, NULL, NULL, NULL))
- {
- fprintf(stderr, "Parameter Generation error\n");
- exit(1);
- }
- if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, NULL, 0, -1,
- NULL, NULL, NULL, NULL) <= 0)
- {
- fprintf(stderr, "Parameter Generation error\n");
- exit(1);
- }
- do_bn_print_name(out, "P",dsa->p);
- do_bn_print_name(out, "Q",dsa->q);
- do_bn_print_name(out, "G",dsa->g);
- fputs(RESP_EOL, out);
- }
- else if(!strcmp(keyword,"Msg"))
- {
- unsigned char msg[1024];
- int n;
- DSA_SIG *sig;
-
- n=hex2bin(value,msg);
-
- if (!DSA_generate_key(dsa))
- exit(1);
- do_bn_print_name(out, "Y",dsa->pub_key);
-
- sig = FIPS_dsa_sign(dsa, msg, n, md);
-
- do_bn_print_name(out, "R",sig->r);
- do_bn_print_name(out, "S",sig->s);
- fputs(RESP_EOL, out);
- FIPS_dsa_sig_free(sig);
- }
- }
- if (dsa)
- FIPS_dsa_free(dsa);
- }
-
-static void sigver(FILE *in, FILE *out)
- {
- DSA *dsa=NULL;
- char buf[1024];
- char lbuf[1024];
- unsigned char msg[1024];
- char *keyword, *value;
- int n=0;
- int dsa2, L, N;
- const EVP_MD *md = NULL;
- DSA_SIG sg, *sig = &sg;
-
- sig->r = NULL;
- sig->s = NULL;
-
- while(fgets(buf,sizeof buf,in) != NULL)
- {
- if (!parse_line(&keyword, &value, lbuf, buf))
- {
- fputs(buf,out);
- continue;
- }
- fputs(buf,out);
- if(!strcmp(keyword,"[mod"))
- {
- if (!parse_mod(value, &dsa2, &L, &N, &md))
- {
- fprintf(stderr, "Mod Parse Error\n");
- exit (1);
- }
- if (dsa)
- FIPS_dsa_free(dsa);
- dsa = FIPS_dsa_new();
- }
- else if(!strcmp(keyword,"P"))
- do_hex2bn(&dsa->p, value);
- else if(!strcmp(keyword,"Q"))
- do_hex2bn(&dsa->q, value);
- else if(!strcmp(keyword,"G"))
- do_hex2bn(&dsa->g, value);
- else if(!strcmp(keyword,"Msg"))
- n=hex2bin(value,msg);
- else if(!strcmp(keyword,"Y"))
- do_hex2bn(&dsa->pub_key, value);
- else if(!strcmp(keyword,"R"))
- sig->r=hex2bn(value);
- else if(!strcmp(keyword,"S"))
- {
- int r;
- sig->s=hex2bn(value);
-
- no_err = 1;
- r = FIPS_dsa_verify(dsa, msg, n, md, sig);
- no_err = 0;
- if (sig->s)
- {
- BN_free(sig->s);
- sig->s = NULL;
- }
- if (sig->r)
- {
- BN_free(sig->r);
- sig->r = NULL;
- }
-
- fprintf(out, "Result = %c" RESP_EOL RESP_EOL, r == 1 ? 'P' : 'F');
- }
- }
- if (dsa)
- FIPS_dsa_free(dsa);
- }
-
-#ifdef FIPS_ALGVS
-int fips_dssvs_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
- {
- FILE *in, *out;
- if (argc == 4)
- {
- in = fopen(argv[2], "r");
- if (!in)
- {
- fprintf(stderr, "Error opening input file\n");
- exit(1);
- }
- out = fopen(argv[3], "w");
- if (!out)
- {
- fprintf(stderr, "Error opening output file\n");
- exit(1);
- }
- }
- else if (argc == 2)
- {
- in = stdin;
- out = stdout;
- }
- else
- {
- fprintf(stderr,"%s [prime|pqg|pqgver|keypair|keyver|siggen|sigver]\n",argv[0]);
- exit(1);
- }
- fips_algtest_init();
- if(!strcmp(argv[1],"prime"))
- primes(in, out);
- else if(!strcmp(argv[1],"pqg"))
- pqg(in, out);
- else if(!strcmp(argv[1],"pqgver"))
- pqgver(in, out);
- else if(!strcmp(argv[1],"keypair"))
- keypair(in, out);
- else if(!strcmp(argv[1],"keyver"))
- keyver(in, out);
- else if(!strcmp(argv[1],"siggen"))
- siggen(in, out);
- else if(!strcmp(argv[1],"sigver"))
- sigver(in, out);
- else
- {
- fprintf(stderr,"Don't know how to %s.\n",argv[1]);
- exit(1);
- }
-
- if (argc == 4)
- {
- fclose(in);
- fclose(out);
- }
-
- return 0;
- }
-
-#endif
+++ /dev/null
-#
-# OpenSSL/fips/ecdh/Makefile
-#
-
-DIR= ecdh
-TOP= ../..
-CC= cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR= /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG= makedepend
-MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE= Makefile
-AR= ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST= fips_ecdhvs.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_ecdh_selftest.c
-LIBOBJ= fips_ecdh_selftest.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER= $(EXHEADER)
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all: lib
-
-lib: $(LIBOBJ)
- @echo $(LIBOBJ) > lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
- @headerlist="$(EXHEADER)"; for i in $$headerlist; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done
-
-tags:
- ctags $(SRC)
-
-tests:
-
-fips_test:
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_ecdh_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_ecdh_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_ecdh_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_ecdh_selftest.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h
-fips_ecdh_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_ecdh_selftest.o: ../../include/openssl/lhash.h
-fips_ecdh_selftest.o: ../../include/openssl/obj_mac.h
-fips_ecdh_selftest.o: ../../include/openssl/objects.h
-fips_ecdh_selftest.o: ../../include/openssl/opensslconf.h
-fips_ecdh_selftest.o: ../../include/openssl/opensslv.h
-fips_ecdh_selftest.o: ../../include/openssl/ossl_typ.h
-fips_ecdh_selftest.o: ../../include/openssl/safestack.h
-fips_ecdh_selftest.o: ../../include/openssl/stack.h
-fips_ecdh_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
-fips_ecdh_selftest.o: fips_ecdh_selftest.c
-fips_ecdhvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_ecdhvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_ecdhvs.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_ecdhvs.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-fips_ecdhvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_ecdhvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_ecdhvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_ecdhvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_ecdhvs.o: ../../include/openssl/opensslconf.h
-fips_ecdhvs.o: ../../include/openssl/opensslv.h
-fips_ecdhvs.o: ../../include/openssl/ossl_typ.h
-fips_ecdhvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_ecdhvs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_ecdhvs.c
+++ /dev/null
-/* fips/ecdh/fips_ecdh_selftest.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2011.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/ec.h>
-#include <openssl/ecdh.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-
-#ifdef OPENSSL_FIPS
-
-#include "fips_locl.h"
-
-__fips_constseg
-static const unsigned char p224_qcavsx[] = {
- 0x3c,0x81,0x15,0x16,0xab,0xa6,0xad,0xd7,0xe5,0xf3,0xea,0x1f,
- 0x88,0x57,0x43,0x29,0x35,0x6f,0x0a,0xd2,0x38,0xc7,0x11,0x8a,
- 0x90,0xd1,0x46,0x63
-};
-__fips_constseg
-static const unsigned char p224_qcavsy[] = {
- 0x4a,0x87,0x54,0x7b,0x7d,0x69,0xdd,0xb8,0x48,0x73,0xb2,0x1e,
- 0x33,0xfa,0xf6,0x32,0xb4,0x25,0x73,0x55,0x87,0x08,0x16,0xd2,
- 0xdd,0xa6,0x77,0xcf
-};
-__fips_constseg
-static const unsigned char p224_qiutx[] = {
- 0x23,0xff,0x15,0x91,0x83,0xd6,0xad,0x98,0x93,0x98,0xbd,0x2e,
- 0x01,0xeb,0x5a,0x45,0xe2,0x2a,0xf9,0xc5,0x3b,0x37,0xe1,0x87,
- 0x32,0xa5,0x16,0x5f
-};
-__fips_constseg
-static const unsigned char p224_qiuty[] = {
- 0x5e,0x70,0xb7,0x9d,0x9e,0x55,0x2d,0x67,0x4e,0x29,0xa4,0x9d,
- 0x06,0x81,0x11,0xb4,0xb4,0xab,0xe2,0xdf,0xdc,0xe4,0xf1,0x69,
- 0x55,0x54,0xe3,0x37
-};
-__fips_constseg
-static const unsigned char p224_qiutd[] = {
- 0xd7,0xdc,0x9c,0x53,0x04,0x72,0x67,0x59,0x92,0x80,0x9e,0x6f,
- 0xdd,0xe6,0x0b,0x35,0x09,0xe0,0x95,0x45,0xe6,0x13,0x0e,0x22,
- 0x43,0x6a,0x63,0xef
-};
-__fips_constseg
-static const unsigned char p224_ziut[] = {
- 0x84,0x37,0xcf,0x6d,0xfa,0x58,0xbd,0x1f,0x47,0x15,0x45,0x1f,
- 0x2c,0x20,0x53,0x7a,0xf4,0xb0,0xe6,0x19,0xcc,0xa9,0x30,0xc6,
- 0x5c,0x1a,0xf2,0xdd
-};
-
-typedef struct
- {
- int curve;
- const unsigned char *x1;
- size_t x1len;
- const unsigned char *y1;
- size_t y1len;
- const unsigned char *d1;
- size_t d1len;
- const unsigned char *x2;
- size_t x2len;
- const unsigned char *y2;
- size_t y2len;
- const unsigned char *z;
- size_t zlen;
- } ECDH_SELFTEST_DATA;
-
-#define make_ecdh_test(nid, pr) { nid, \
- pr##_qiutx, sizeof(pr##_qiutx), \
- pr##_qiuty, sizeof(pr##_qiuty), \
- pr##_qiutd, sizeof(pr##_qiutd), \
- pr##_qcavsx, sizeof(pr##_qcavsx), \
- pr##_qcavsy, sizeof(pr##_qcavsy), \
- pr##_ziut, sizeof(pr##_ziut) }
-
-static ECDH_SELFTEST_DATA test_ecdh_data[] =
- {
- make_ecdh_test(NID_secp224r1, p224),
- };
-
-int FIPS_selftest_ecdh(void)
- {
- EC_KEY *ec1 = NULL, *ec2 = NULL;
- const EC_POINT *ecp = NULL;
- BIGNUM *x = NULL, *y = NULL, *d = NULL;
- unsigned char *ztmp = NULL;
- int rv = 1;
- size_t i;
-
- for (i = 0; i < sizeof(test_ecdh_data)/sizeof(ECDH_SELFTEST_DATA); i++)
- {
- ECDH_SELFTEST_DATA *ecd = test_ecdh_data + i;
- if (!fips_post_started(FIPS_TEST_ECDH, ecd->curve, 0))
- continue;
- ztmp = OPENSSL_malloc(ecd->zlen);
-
- x = BN_bin2bn(ecd->x1, ecd->x1len, x);
- y = BN_bin2bn(ecd->y1, ecd->y1len, y);
- d = BN_bin2bn(ecd->d1, ecd->d1len, d);
-
- if (!x || !y || !d || !ztmp)
- {
- rv = -1;
- goto err;
- }
-
- ec1 = EC_KEY_new_by_curve_name(ecd->curve);
- if (!ec1)
- {
- rv = -1;
- goto err;
- }
- EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
-
- if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y))
- {
- rv = -1;
- goto err;
- }
-
- if (!EC_KEY_set_private_key(ec1, d))
- {
- rv = -1;
- goto err;
- }
-
- x = BN_bin2bn(ecd->x2, ecd->x2len, x);
- y = BN_bin2bn(ecd->y2, ecd->y2len, y);
-
- if (!x || !y)
- {
- rv = -1;
- goto err;
- }
-
- ec2 = EC_KEY_new_by_curve_name(ecd->curve);
- if (!ec2)
- {
- rv = -1;
- goto err;
- }
- EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
-
- if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y))
- {
- rv = -1;
- goto err;
- }
-
- ecp = EC_KEY_get0_public_key(ec2);
- if (!ecp)
- {
- rv = -1;
- goto err;
- }
-
- if (!ECDH_compute_key(ztmp, ecd->zlen, ecp, ec1, 0))
- {
- rv = -1;
- goto err;
- }
-
- if (!fips_post_corrupt(FIPS_TEST_ECDH, ecd->curve, NULL))
- ztmp[0] ^= 0x1;
-
- if (memcmp(ztmp, ecd->z, ecd->zlen))
- {
- fips_post_failed(FIPS_TEST_ECDH, ecd->curve, 0);
- rv = 0;
- }
- else if (!fips_post_success(FIPS_TEST_ECDH, ecd->curve, 0))
- goto err;
-
- EC_KEY_free(ec1);
- ec1 = NULL;
- EC_KEY_free(ec2);
- ec2 = NULL;
- OPENSSL_free(ztmp);
- ztmp = NULL;
- }
-
- err:
-
- if (x)
- BN_clear_free(x);
- if (y)
- BN_clear_free(y);
- if (d)
- BN_clear_free(d);
- if (ec1)
- EC_KEY_free(ec1);
- if (ec2)
- EC_KEY_free(ec2);
- if (ztmp)
- OPENSSL_free(ztmp);
-
- return rv;
-
- }
-
-#endif
+++ /dev/null
-/* fips/ecdh/fips_ecdhvs.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#define OPENSSL_FIPSAPI
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-#include <stdio.h>
-
-int main(int argc, char **argv)
-{
- printf("No FIPS ECDH support\n");
- return(0);
-}
-#else
-
-#include <openssl/crypto.h>
-#include <openssl/bn.h>
-#include <openssl/ecdh.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <string.h>
-#include <ctype.h>
-
-#include "fips_utl.h"
-
-static const EVP_MD *eparse_md(char *line)
- {
- char *p;
- if (line[0] != '[' || line[1] != 'E')
- return NULL;
- p = strchr(line, '-');
- if (!p)
- return NULL;
- line = p + 1;
- p = strchr(line, ']');
- if (!p)
- return NULL;
- *p = 0;
- p = line;
- while(isspace(*p))
- p++;
- if (!strcmp(p, "SHA1"))
- return EVP_sha1();
- else if (!strcmp(p, "SHA224"))
- return EVP_sha224();
- else if (!strcmp(p, "SHA256"))
- return EVP_sha256();
- else if (!strcmp(p, "SHA384"))
- return EVP_sha384();
- else if (!strcmp(p, "SHA512"))
- return EVP_sha512();
- else
- return NULL;
- }
-
-static int lookup_curve2(char *cname)
- {
- char *p;
- p = strchr(cname, ']');
- if (!p)
- {
- fprintf(stderr, "Parse error: missing ]\n");
- return NID_undef;
- }
- *p = 0;
-
- if (!strcmp(cname, "B-163"))
- return NID_sect163r2;
- if (!strcmp(cname, "B-233"))
- return NID_sect233r1;
- if (!strcmp(cname, "B-283"))
- return NID_sect283r1;
- if (!strcmp(cname, "B-409"))
- return NID_sect409r1;
- if (!strcmp(cname, "B-571"))
- return NID_sect571r1;
- if (!strcmp(cname, "K-163"))
- return NID_sect163k1;
- if (!strcmp(cname, "K-233"))
- return NID_sect233k1;
- if (!strcmp(cname, "K-283"))
- return NID_sect283k1;
- if (!strcmp(cname, "K-409"))
- return NID_sect409k1;
- if (!strcmp(cname, "K-571"))
- return NID_sect571k1;
- if (!strcmp(cname, "P-192"))
- return NID_X9_62_prime192v1;
- if (!strcmp(cname, "P-224"))
- return NID_secp224r1;
- if (!strcmp(cname, "P-256"))
- return NID_X9_62_prime256v1;
- if (!strcmp(cname, "P-384"))
- return NID_secp384r1;
- if (!strcmp(cname, "P-521"))
- return NID_secp521r1;
-
- fprintf(stderr, "Unknown Curve name %s\n", cname);
- return NID_undef;
- }
-
-static int lookup_curve(char *cname)
- {
- char *p;
- p = strchr(cname, ':');
- if (!p)
- {
- fprintf(stderr, "Parse error: missing :\n");
- return NID_undef;
- }
- cname = p + 1;
- while(isspace(*cname))
- cname++;
- return lookup_curve2(cname);
- }
-
-static EC_POINT *make_peer(EC_GROUP *group, BIGNUM *x, BIGNUM *y)
- {
- EC_POINT *peer;
- int rv;
- BN_CTX *c;
- peer = EC_POINT_new(group);
- if (!peer)
- return NULL;
- c = BN_CTX_new();
- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
- == NID_X9_62_prime_field)
- rv = EC_POINT_set_affine_coordinates_GFp(group, peer, x, y, c);
- else
-#ifdef OPENSSL_NO_EC2M
- {
- fprintf(stderr, "ERROR: GF2m not supported\n");
- exit(1);
- }
-#else
- rv = EC_POINT_set_affine_coordinates_GF2m(group, peer, x, y, c);
-#endif
-
- BN_CTX_free(c);
- if (rv)
- return peer;
- EC_POINT_free(peer);
- return NULL;
- }
-
-static int ec_print_key(FILE *out, EC_KEY *key, int add_e, int exout)
- {
- const EC_POINT *pt;
- const EC_GROUP *grp;
- const EC_METHOD *meth;
- int rv;
- BIGNUM *tx, *ty;
- const BIGNUM *d = NULL;
- BN_CTX *ctx;
- ctx = BN_CTX_new();
- if (!ctx)
- return 0;
- tx = BN_CTX_get(ctx);
- ty = BN_CTX_get(ctx);
- if (!tx || !ty)
- return 0;
- grp = EC_KEY_get0_group(key);
- pt = EC_KEY_get0_public_key(key);
- if (exout)
- d = EC_KEY_get0_private_key(key);
- meth = EC_GROUP_method_of(grp);
- if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
- rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, tx, ty, ctx);
- else
-#ifdef OPENSSL_NO_EC2M
- {
- fprintf(stderr, "ERROR: GF2m not supported\n");
- exit(1);
- }
-#else
- rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, tx, ty, ctx);
-#endif
-
- if (add_e)
- {
- do_bn_print_name(out, "QeIUTx", tx);
- do_bn_print_name(out, "QeIUTy", ty);
- if (d)
- do_bn_print_name(out, "QeIUTd", d);
- }
- else
- {
- do_bn_print_name(out, "QIUTx", tx);
- do_bn_print_name(out, "QIUTy", ty);
- if (d)
- do_bn_print_name(out, "QIUTd", d);
- }
-
- BN_CTX_free(ctx);
-
- return rv;
-
- }
-
-static void ec_output_Zhash(FILE *out, int exout, EC_GROUP *group,
- BIGNUM *ix, BIGNUM *iy, BIGNUM *id, BIGNUM *cx,
- BIGNUM *cy, const EVP_MD *md,
- unsigned char *rhash, size_t rhashlen)
- {
- EC_KEY *ec = NULL;
- EC_POINT *peerkey = NULL;
- unsigned char *Z;
- unsigned char chash[EVP_MAX_MD_SIZE];
- int Zlen;
- ec = EC_KEY_new();
- EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH);
- EC_KEY_set_group(ec, group);
- peerkey = make_peer(group, cx, cy);
- if (rhash == NULL)
- {
- if (md)
- rhashlen = M_EVP_MD_size(md);
- EC_KEY_generate_key(ec);
- ec_print_key(out, ec, md ? 1 : 0, exout);
- }
- else
- {
- EC_KEY_set_public_key_affine_coordinates(ec, ix, iy);
- EC_KEY_set_private_key(ec, id);
- }
- Zlen = (EC_GROUP_get_degree(group) + 7)/8;
- Z = OPENSSL_malloc(Zlen);
- if (!Z)
- exit(1);
- ECDH_compute_key(Z, Zlen, peerkey, ec, 0);
- if (md)
- {
- if (exout)
- OutputValue("Z", Z, Zlen, out, 0);
- FIPS_digest(Z, Zlen, chash, NULL, md);
- OutputValue(rhash ? "IUTHashZZ" : "HashZZ",
- chash, rhashlen, out, 0);
- if (rhash)
- {
- fprintf(out, "Result = %s\n",
- memcmp(chash, rhash, rhashlen) ? "F" : "P");
- }
- }
- else
- OutputValue("ZIUT", Z, Zlen, out, 0);
- OPENSSL_cleanse(Z, Zlen);
- OPENSSL_free(Z);
- EC_KEY_free(ec);
- EC_POINT_free(peerkey);
- }
-
-#ifdef FIPS_ALGVS
-int fips_ecdhvs_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
- {
- char **args = argv + 1;
- int argn = argc - 1;
- FILE *in, *out;
- char buf[2048], lbuf[2048];
- unsigned char *rhash = NULL;
- long rhashlen;
- BIGNUM *cx = NULL, *cy = NULL;
- BIGNUM *id = NULL, *ix = NULL, *iy = NULL;
- const EVP_MD *md = NULL;
- EC_GROUP *group = NULL;
- char *keyword = NULL, *value = NULL;
- int do_verify = -1, exout = 0;
- int rv = 1;
-
- int curve_nids[5] = {0,0,0,0,0};
- int param_set = -1;
-
- fips_algtest_init();
-
- if (argn && !strcmp(*args, "ecdhver"))
- {
- do_verify = 1;
- args++;
- argn--;
- }
- else if (argn && !strcmp(*args, "ecdhgen"))
- {
- do_verify = 0;
- args++;
- argn--;
- }
-
- if (argn && !strcmp(*args, "-exout"))
- {
- exout = 1;
- args++;
- argn--;
- }
-
- if (do_verify == -1)
- {
- fprintf(stderr,"%s [ecdhver|ecdhgen|] [-exout] (infile outfile)\n",argv[0]);
- exit(1);
- }
-
- if (argn == 2)
- {
- in = fopen(*args, "r");
- if (!in)
- {
- fprintf(stderr, "Error opening input file\n");
- exit(1);
- }
- out = fopen(args[1], "w");
- if (!out)
- {
- fprintf(stderr, "Error opening output file\n");
- exit(1);
- }
- }
- else if (argn == 0)
- {
- in = stdin;
- out = stdout;
- }
- else
- {
- fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
- exit(1);
- }
-
- while (fgets(buf, sizeof(buf), in) != NULL)
- {
- fputs(buf, out);
- if (buf[0] == '[' && buf[1] == 'E')
- {
- int c = buf[2];
- if (c < 'A' || c > 'E')
- goto parse_error;
- param_set = c - 'A';
- /* If just [E?] then initial paramset */
- if (buf[3] == ']')
- continue;
- if (group)
- EC_GROUP_free(group);
- group = EC_GROUP_new_by_curve_name(curve_nids[c - 'A']);
- }
- if (strlen(buf) > 10 && !strncmp(buf, "[Curve", 6))
- {
- int nid;
- if (param_set == -1)
- goto parse_error;
- nid = lookup_curve(buf);
- if (nid == NID_undef)
- goto parse_error;
- curve_nids[param_set] = nid;
- }
-
- if (strlen(buf) > 4 && buf[0] == '[' && buf[2] == '-')
- {
- int nid = lookup_curve2(buf + 1);
- if (nid == NID_undef)
- goto parse_error;
- if (group)
- EC_GROUP_free(group);
- group = EC_GROUP_new_by_curve_name(nid);
- if (!group)
- {
- fprintf(stderr, "ERROR: unsupported curve %s\n", buf + 1);
- return 1;
- }
- }
-
- if (strlen(buf) > 6 && !strncmp(buf, "[E", 2))
- {
- md = eparse_md(buf);
- if (md == NULL)
- goto parse_error;
- continue;
- }
- if (!parse_line(&keyword, &value, lbuf, buf))
- continue;
- if (!strcmp(keyword, "QeCAVSx") || !strcmp(keyword, "QCAVSx"))
- {
- if (!do_hex2bn(&cx, value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "QeCAVSy") || !strcmp(keyword, "QCAVSy"))
- {
- if (!do_hex2bn(&cy, value))
- goto parse_error;
- if (do_verify == 0)
- ec_output_Zhash(out, exout, group,
- NULL, NULL, NULL,
- cx, cy, md, rhash, rhashlen);
- }
- else if (!strcmp(keyword, "deIUT"))
- {
- if (!do_hex2bn(&id, value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "QeIUTx"))
- {
- if (!do_hex2bn(&ix, value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "QeIUTy"))
- {
- if (!do_hex2bn(&iy, value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "CAVSHashZZ"))
- {
- if (!md)
- goto parse_error;
- rhash = hex2bin_m(value, &rhashlen);
- if (!rhash || rhashlen != M_EVP_MD_size(md))
- goto parse_error;
- ec_output_Zhash(out, exout, group, ix, iy, id, cx, cy,
- md, rhash, rhashlen);
- }
- }
- rv = 0;
- parse_error:
- if (id)
- BN_free(id);
- if (ix)
- BN_free(ix);
- if (iy)
- BN_free(iy);
- if (cx)
- BN_free(cx);
- if (cy)
- BN_free(cy);
- if (group)
- EC_GROUP_free(group);
- if (in && in != stdin)
- fclose(in);
- if (out && out != stdout)
- fclose(out);
- if (rv)
- fprintf(stderr, "Error Parsing request file\n");
- return rv;
- }
-
-#endif
+++ /dev/null
-#
-# OpenSSL/fips/ecdsa/Makefile
-#
-
-DIR= ecdsa
-TOP= ../..
-CC= cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR= /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG= makedepend
-MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE= Makefile
-AR= ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST= fips_ecdsavs.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_ecdsa_lib.c fips_ecdsa_sign.c fips_ecdsa_selftest.c
-LIBOBJ= fips_ecdsa_lib.o fips_ecdsa_sign.o fips_ecdsa_selftest.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER= $(EXHEADER)
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all: lib
-
-lib: $(LIBOBJ)
- @echo $(LIBOBJ) > lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
- @headerlist="$(EXHEADER)"; for i in $$headerlist; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done
-
-tags:
- ctags $(SRC)
-
-tests:
-
-fips_test:
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_ecdsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_ecdsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_ecdsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_ecdsa_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/fips.h
-fips_ecdsa_lib.o: ../../include/openssl/opensslconf.h
-fips_ecdsa_lib.o: ../../include/openssl/opensslv.h
-fips_ecdsa_lib.o: ../../include/openssl/ossl_typ.h
-fips_ecdsa_lib.o: ../../include/openssl/safestack.h
-fips_ecdsa_lib.o: ../../include/openssl/stack.h
-fips_ecdsa_lib.o: ../../include/openssl/symhacks.h fips_ecdsa_lib.c
-fips_ecdsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_ecdsa_selftest.o: ../../include/openssl/bn.h
-fips_ecdsa_selftest.o: ../../include/openssl/crypto.h
-fips_ecdsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_ecdsa_selftest.o: ../../include/openssl/ecdsa.h
-fips_ecdsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_ecdsa_selftest.o: ../../include/openssl/fips.h
-fips_ecdsa_selftest.o: ../../include/openssl/lhash.h
-fips_ecdsa_selftest.o: ../../include/openssl/obj_mac.h
-fips_ecdsa_selftest.o: ../../include/openssl/objects.h
-fips_ecdsa_selftest.o: ../../include/openssl/opensslconf.h
-fips_ecdsa_selftest.o: ../../include/openssl/opensslv.h
-fips_ecdsa_selftest.o: ../../include/openssl/ossl_typ.h
-fips_ecdsa_selftest.o: ../../include/openssl/safestack.h
-fips_ecdsa_selftest.o: ../../include/openssl/stack.h
-fips_ecdsa_selftest.o: ../../include/openssl/symhacks.h fips_ecdsa_selftest.c
-fips_ecdsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_ecdsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_ecdsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_ecdsa_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-fips_ecdsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-fips_ecdsa_sign.o: ../../include/openssl/obj_mac.h
-fips_ecdsa_sign.o: ../../include/openssl/objects.h
-fips_ecdsa_sign.o: ../../include/openssl/opensslconf.h
-fips_ecdsa_sign.o: ../../include/openssl/opensslv.h
-fips_ecdsa_sign.o: ../../include/openssl/ossl_typ.h
-fips_ecdsa_sign.o: ../../include/openssl/safestack.h
-fips_ecdsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-fips_ecdsa_sign.o: ../../include/openssl/symhacks.h fips_ecdsa_sign.c
-fips_ecdsavs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_ecdsavs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_ecdsavs.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_ecdsavs.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-fips_ecdsavs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_ecdsavs.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
-fips_ecdsavs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-fips_ecdsavs.o: ../../include/openssl/objects.h
-fips_ecdsavs.o: ../../include/openssl/opensslconf.h
-fips_ecdsavs.o: ../../include/openssl/opensslv.h
-fips_ecdsavs.o: ../../include/openssl/ossl_typ.h
-fips_ecdsavs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_ecdsavs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_ecdsavs.c
+++ /dev/null
-/* fips_dsa_lib.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/ecdsa.h>
-#include <openssl/bn.h>
-#include <openssl/fips.h>
-
-ECDSA_SIG *FIPS_ecdsa_sig_new(void)
- {
- ECDSA_SIG *sig;
- sig = OPENSSL_malloc(sizeof(ECDSA_SIG));
- if (!sig)
- return NULL;
- sig->r = BN_new();
- sig->s = BN_new();
- if (!sig->r || !sig->s)
- {
- FIPS_ecdsa_sig_free(sig);
- return NULL;
- }
- return sig;
- }
-
-void FIPS_ecdsa_sig_free(ECDSA_SIG *sig)
- {
- if (sig)
- {
- if (sig->r)
- BN_free(sig->r);
- if (sig->s)
- BN_free(sig->s);
- OPENSSL_free(sig);
- }
- }
-
+++ /dev/null
-/* fips/ecdsa/fips_ecdsa_selftest.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2011.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/ec.h>
-#include <openssl/ecdsa.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-
-#ifdef OPENSSL_FIPS
-
-__fips_constseg
-static const char P_224_name[] = "ECDSA P-224";
-
-__fips_constseg
-static const unsigned char P_224_d[] = {
- 0x98,0x1f,0xb5,0xf1,0xfc,0x87,0x1d,0x7d,0xde,0x1e,0x01,0x64,
- 0x09,0x9b,0xe7,0x1b,0x9f,0xad,0x63,0xdd,0x33,0x01,0xd1,0x50,
- 0x80,0x93,0x50,0x30
-};
-__fips_constseg
-static const unsigned char P_224_qx[] = {
- 0x95,0x47,0x99,0x44,0x29,0x8f,0x51,0x39,0xe2,0x53,0xec,0x79,
- 0xb0,0x4d,0xde,0x87,0x1a,0x76,0x54,0xd5,0x96,0xb8,0x7a,0x6d,
- 0xf4,0x1c,0x2c,0x87
-};
-__fips_constseg
-static const unsigned char P_224_qy[] = {
- 0x91,0x5f,0xd5,0x31,0xdd,0x24,0xe5,0x78,0xd9,0x08,0x24,0x8a,
- 0x49,0x99,0xec,0x55,0xf2,0x82,0xb3,0xc4,0xb7,0x33,0x68,0xe4,
- 0x24,0xa9,0x12,0x82
-};
-
-#ifndef OPENSSL_NO_EC2M
-
-__fips_constseg
-static const char K_233_name[] = "ECDSA K-233";
-
-__fips_constseg
-static const unsigned char K_233_d[] = {
- 0x10,0x0a,0xe0,0xae,0xcf,0x1b,0xa4,0x55,0x1a,0xd4,0xc8,0x3f,
- 0xc3,0x7e,0xdc,0x97,0x40,0x2c,0x6a,0xc8,0xe2,0x50,0x09,0xf8,
- 0x1c,0x70,0x23,0xcb,0xde
-};
-__fips_constseg
-static const unsigned char K_233_qx[] = {
- 0x01,0xa6,0xbf,0x38,0x32,0xe2,0xd7,0x15,0x4a,0xc8,0xaa,0x1f,
- 0x9d,0xdb,0xb8,0x8f,0x9a,0x9b,0xc0,0xb4,0xc1,0xb6,0xa5,0x5c,
- 0x93,0xb9,0x8a,0x83,0x65,0xe9
-};
-__fips_constseg
-static const unsigned char K_233_qy[] = {
- 0x01,0x81,0x3d,0xfe,0x38,0x56,0x8f,0x3c,0x23,0x29,0xc6,0x59,
- 0xcb,0xa5,0x90,0x86,0xd1,0x8c,0xd8,0xb0,0xf2,0xd4,0x35,0x2b,
- 0x11,0x40,0x33,0x9a,0x88,0x10
-};
-
-#endif
-
-typedef struct
- {
- int curve;
- const char *name;
- const unsigned char *x;
- size_t xlen;
- const unsigned char *y;
- size_t ylen;
- const unsigned char *d;
- size_t dlen;
- } EC_SELFTEST_DATA;
-
-#define make_ecdsa_test(nid, pr) { nid, pr##_name, \
- pr##_qx, sizeof(pr##_qx), \
- pr##_qy, sizeof(pr##_qy), \
- pr##_d, sizeof(pr##_d)}
-
-static EC_SELFTEST_DATA test_ec_data[] =
- {
- make_ecdsa_test(NID_secp224r1, P_224),
-#ifndef OPENSSL_NO_EC2M
- make_ecdsa_test(NID_sect233k1, K_233)
-#endif
- };
-
-int FIPS_selftest_ecdsa()
- {
- EC_KEY *ec = NULL;
- BIGNUM *x = NULL, *y = NULL, *d = NULL;
- EVP_PKEY pk;
- int rv = 0;
- size_t i;
-
- for (i = 0; i < sizeof(test_ec_data)/sizeof(EC_SELFTEST_DATA); i++)
- {
- EC_SELFTEST_DATA *ecd = test_ec_data + i;
-
- x = BN_bin2bn(ecd->x, ecd->xlen, x);
- y = BN_bin2bn(ecd->y, ecd->ylen, y);
- d = BN_bin2bn(ecd->d, ecd->dlen, d);
-
- if (!x || !y || !d)
- goto err;
-
- ec = EC_KEY_new_by_curve_name(ecd->curve);
- if (!ec)
- goto err;
-
- if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y))
- goto err;
-
- if (!EC_KEY_set_private_key(ec, d))
- goto err;
-
- pk.type = EVP_PKEY_EC;
- pk.pkey.ec = ec;
-
- if (!fips_pkey_signature_test(FIPS_TEST_SIGNATURE, &pk, NULL, 0,
- NULL, 0, EVP_sha512(), 0,
- ecd->name))
- goto err;
- EC_KEY_free(ec);
- ec = NULL;
- }
-
- rv = 1;
-
- err:
-
- if (x)
- BN_clear_free(x);
- if (y)
- BN_clear_free(y);
- if (d)
- BN_clear_free(d);
- if (ec)
- EC_KEY_free(ec);
-
- return rv;
-
- }
-
-#endif
+++ /dev/null
-/* fips_ecdsa_sign.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2011.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/evp.h>
-#include <openssl/ecdsa.h>
-#include <openssl/err.h>
-#include <openssl/sha.h>
-#include <openssl/bn.h>
-
-ECDSA_SIG * FIPS_ecdsa_sign_ctx(EC_KEY *key, EVP_MD_CTX *ctx)
- {
- ECDSA_SIG *s;
- unsigned char dig[EVP_MAX_MD_SIZE];
- unsigned int dlen;
- FIPS_digestfinal(ctx, dig, &dlen);
- s = FIPS_ecdsa_sign_digest(key, dig, dlen);
- OPENSSL_cleanse(dig, dlen);
- return s;
- }
-
-int FIPS_ecdsa_verify_ctx(EC_KEY *key, EVP_MD_CTX *ctx, ECDSA_SIG *s)
- {
- int ret=-1;
- unsigned char dig[EVP_MAX_MD_SIZE];
- unsigned int dlen;
- FIPS_digestfinal(ctx, dig, &dlen);
- ret = FIPS_ecdsa_verify_digest(key, dig, dlen, s);
- OPENSSL_cleanse(dig, dlen);
- return ret;
- }
-
-int FIPS_ecdsa_verify(EC_KEY *key, const unsigned char *msg, size_t msglen,
- const EVP_MD *mhash, ECDSA_SIG *s)
- {
- int ret=-1;
- unsigned char dig[EVP_MAX_MD_SIZE];
- unsigned int dlen;
- FIPS_digest(msg, msglen, dig, &dlen, mhash);
- ret=FIPS_ecdsa_verify_digest(key, dig, dlen, s);
- OPENSSL_cleanse(dig, dlen);
- return ret;
- }
-
-ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key,
- const unsigned char *msg, size_t msglen,
- const EVP_MD *mhash)
- {
- ECDSA_SIG *s;
- unsigned char dig[EVP_MAX_MD_SIZE];
- unsigned int dlen;
- FIPS_digest(msg, msglen, dig, &dlen, mhash);
- s = FIPS_ecdsa_sign_digest(key, dig, dlen);
- OPENSSL_cleanse(dig, dlen);
- return s;
- }
-
+++ /dev/null
-/* fips/ecdsa/fips_ecdsavs.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#define OPENSSL_FIPSAPI
-#include <openssl/opensslconf.h>
-#include <stdio.h>
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char **argv)
-{
- printf("No FIPS ECDSA support\n");
- return(0);
-}
-#else
-
-#include <string.h>
-#include <ctype.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/ecdsa.h>
-#include <openssl/evp.h>
-#include "fips_utl.h"
-
-#include <openssl/objects.h>
-
-
-static int elookup_curve(char *in, char *curve_name, const EVP_MD **pmd)
- {
- char *cname, *p;
- /* Copy buffer as we will change it */
- strcpy(curve_name, in);
- cname = curve_name + 1;
- p = strchr(cname, ']');
- if (!p)
- {
- fprintf(stderr, "Parse error: missing ]\n");
- return NID_undef;
- }
- *p = 0;
- p = strchr(cname, ',');
- if (p)
- {
- if (!pmd)
- {
- fprintf(stderr, "Parse error: unexpected digest\n");
- return NID_undef;
- }
- *p = 0;
- p++;
-
- if (!strcmp(p, "SHA-1"))
- *pmd = EVP_sha1();
- else if (!strcmp(p, "SHA-224"))
- *pmd = EVP_sha224();
- else if (!strcmp(p, "SHA-256"))
- *pmd = EVP_sha256();
- else if (!strcmp(p, "SHA-384"))
- *pmd = EVP_sha384();
- else if (!strcmp(p, "SHA-512"))
- *pmd = EVP_sha512();
- else
- {
- fprintf(stderr, "Unknown digest %s\n", p);
- return NID_undef;
- }
- }
- else if(pmd)
- *pmd = EVP_sha1();
-
- if (!strcmp(cname, "B-163"))
- return NID_sect163r2;
- if (!strcmp(cname, "B-233"))
- return NID_sect233r1;
- if (!strcmp(cname, "B-283"))
- return NID_sect283r1;
- if (!strcmp(cname, "B-409"))
- return NID_sect409r1;
- if (!strcmp(cname, "B-571"))
- return NID_sect571r1;
- if (!strcmp(cname, "K-163"))
- return NID_sect163k1;
- if (!strcmp(cname, "K-233"))
- return NID_sect233k1;
- if (!strcmp(cname, "K-283"))
- return NID_sect283k1;
- if (!strcmp(cname, "K-409"))
- return NID_sect409k1;
- if (!strcmp(cname, "K-571"))
- return NID_sect571k1;
- if (!strcmp(cname, "P-192"))
- return NID_X9_62_prime192v1;
- if (!strcmp(cname, "P-224"))
- return NID_secp224r1;
- if (!strcmp(cname, "P-256"))
- return NID_X9_62_prime256v1;
- if (!strcmp(cname, "P-384"))
- return NID_secp384r1;
- if (!strcmp(cname, "P-521"))
- return NID_secp521r1;
-
- fprintf(stderr, "Unknown Curve name %s\n", cname);
- return NID_undef;
- }
-
-static int ec_get_pubkey(EC_KEY *key, BIGNUM *x, BIGNUM *y)
- {
- const EC_POINT *pt;
- const EC_GROUP *grp;
- const EC_METHOD *meth;
- int rv;
- BN_CTX *ctx;
- ctx = BN_CTX_new();
- if (!ctx)
- return 0;
- grp = EC_KEY_get0_group(key);
- pt = EC_KEY_get0_public_key(key);
- meth = EC_GROUP_method_of(grp);
- if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
- rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, x, y, ctx);
- else
-#ifdef OPENSSL_NO_EC2M
- {
- fprintf(stderr, "ERROR: GF2m not supported\n");
- exit(1);
- }
-#else
- rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, x, y, ctx);
-#endif
-
- BN_CTX_free(ctx);
-
- return rv;
-
- }
-
-static int KeyPair(FILE *in, FILE *out)
- {
- char buf[2048], lbuf[2048];
- char *keyword, *value;
- int curve_nid = NID_undef;
- int i, count;
- BIGNUM *Qx = NULL, *Qy = NULL;
- const BIGNUM *d = NULL;
- EC_KEY *key = NULL;
- Qx = BN_new();
- Qy = BN_new();
- while(fgets(buf, sizeof buf, in) != NULL)
- {
- if (*buf == '[' && buf[2] == '-')
- {
- if (buf[2] == '-')
- curve_nid = elookup_curve(buf, lbuf, NULL);
- fputs(buf, out);
- continue;
- }
- if (!parse_line(&keyword, &value, lbuf, buf))
- {
- fputs(buf, out);
- continue;
- }
- if (!strcmp(keyword, "N"))
- {
- count = atoi(value);
-
- for (i = 0; i < count; i++)
- {
-
- key = EC_KEY_new_by_curve_name(curve_nid);
- if (!EC_KEY_generate_key(key))
- {
- fprintf(stderr, "Error generating key\n");
- return 0;
- }
-
- if (!ec_get_pubkey(key, Qx, Qy))
- {
- fprintf(stderr, "Error getting public key\n");
- return 0;
- }
-
- d = EC_KEY_get0_private_key(key);
-
- do_bn_print_name(out, "d", d);
- do_bn_print_name(out, "Qx", Qx);
- do_bn_print_name(out, "Qy", Qy);
- fputs(RESP_EOL, out);
- EC_KEY_free(key);
-
- }
-
- }
-
- }
- BN_free(Qx);
- BN_free(Qy);
- return 1;
- }
-
-static int PKV(FILE *in, FILE *out)
- {
-
- char buf[2048], lbuf[2048];
- char *keyword, *value;
- int curve_nid = NID_undef;
- BIGNUM *Qx = NULL, *Qy = NULL;
- EC_KEY *key = NULL;
- while(fgets(buf, sizeof buf, in) != NULL)
- {
- fputs(buf, out);
- if (*buf == '[' && buf[2] == '-')
- {
- curve_nid = elookup_curve(buf, lbuf, NULL);
- if (curve_nid == NID_undef)
- return 0;
-
- }
- if (!parse_line(&keyword, &value, lbuf, buf))
- continue;
- if (!strcmp(keyword, "Qx"))
- {
- if (!do_hex2bn(&Qx, value))
- {
- fprintf(stderr, "Invalid Qx value\n");
- return 0;
- }
- }
- if (!strcmp(keyword, "Qy"))
- {
- int rv;
- if (!do_hex2bn(&Qy, value))
- {
- fprintf(stderr, "Invalid Qy value\n");
- return 0;
- }
- key = EC_KEY_new_by_curve_name(curve_nid);
- no_err = 1;
- rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
- no_err = 0;
- EC_KEY_free(key);
- fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F");
- }
-
- }
- BN_free(Qx);
- BN_free(Qy);
- return 1;
- }
-
-static int SigGen(FILE *in, FILE *out)
- {
- char buf[2048], lbuf[2048];
- char *keyword, *value;
- unsigned char *msg;
- int curve_nid = NID_undef;
- long mlen;
- BIGNUM *Qx = NULL, *Qy = NULL;
- EC_KEY *key = NULL;
- ECDSA_SIG *sig = NULL;
- const EVP_MD *digest = NULL;
- Qx = BN_new();
- Qy = BN_new();
- while(fgets(buf, sizeof buf, in) != NULL)
- {
- fputs(buf, out);
- if (*buf == '[')
- {
- curve_nid = elookup_curve(buf, lbuf, &digest);
- if (curve_nid == NID_undef)
- return 0;
- }
- if (!parse_line(&keyword, &value, lbuf, buf))
- continue;
- if (!strcmp(keyword, "Msg"))
- {
- msg = hex2bin_m(value, &mlen);
- if (!msg)
- {
- fprintf(stderr, "Invalid Message\n");
- return 0;
- }
-
- key = EC_KEY_new_by_curve_name(curve_nid);
- if (!EC_KEY_generate_key(key))
- {
- fprintf(stderr, "Error generating key\n");
- return 0;
- }
-
- if (!ec_get_pubkey(key, Qx, Qy))
- {
- fprintf(stderr, "Error getting public key\n");
- return 0;
- }
-
- sig = FIPS_ecdsa_sign(key, msg, mlen, digest);
-
- if (!sig)
- {
- fprintf(stderr, "Error signing message\n");
- return 0;
- }
-
- do_bn_print_name(out, "Qx", Qx);
- do_bn_print_name(out, "Qy", Qy);
- do_bn_print_name(out, "R", sig->r);
- do_bn_print_name(out, "S", sig->s);
-
- EC_KEY_free(key);
- OPENSSL_free(msg);
- FIPS_ecdsa_sig_free(sig);
-
- }
-
- }
- BN_free(Qx);
- BN_free(Qy);
- return 1;
- }
-
-static int SigVer(FILE *in, FILE *out)
- {
- char buf[2048], lbuf[2048];
- char *keyword, *value;
- unsigned char *msg = NULL;
- int curve_nid = NID_undef;
- long mlen;
- BIGNUM *Qx = NULL, *Qy = NULL;
- EC_KEY *key = NULL;
- ECDSA_SIG sg, *sig = &sg;
- const EVP_MD *digest = NULL;
- sig->r = NULL;
- sig->s = NULL;
- while(fgets(buf, sizeof buf, in) != NULL)
- {
- fputs(buf, out);
- if (*buf == '[')
- {
- curve_nid = elookup_curve(buf, lbuf, &digest);
- if (curve_nid == NID_undef)
- return 0;
- }
- if (!parse_line(&keyword, &value, lbuf, buf))
- continue;
- if (!strcmp(keyword, "Msg"))
- {
- msg = hex2bin_m(value, &mlen);
- if (!msg)
- {
- fprintf(stderr, "Invalid Message\n");
- return 0;
- }
- }
-
- if (!strcmp(keyword, "Qx"))
- {
- if (!do_hex2bn(&Qx, value))
- {
- fprintf(stderr, "Invalid Qx value\n");
- return 0;
- }
- }
- if (!strcmp(keyword, "Qy"))
- {
- if (!do_hex2bn(&Qy, value))
- {
- fprintf(stderr, "Invalid Qy value\n");
- return 0;
- }
- }
- if (!strcmp(keyword, "R"))
- {
- if (!do_hex2bn(&sig->r, value))
- {
- fprintf(stderr, "Invalid R value\n");
- return 0;
- }
- }
- if (!strcmp(keyword, "S"))
- {
- int rv;
- if (!do_hex2bn(&sig->s, value))
- {
- fprintf(stderr, "Invalid S value\n");
- return 0;
- }
- key = EC_KEY_new_by_curve_name(curve_nid);
- rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
-
- if (rv != 1)
- {
- fprintf(stderr, "Error setting public key\n");
- return 0;
- }
-
- no_err = 1;
- rv = FIPS_ecdsa_verify(key, msg, mlen, digest, sig);
- EC_KEY_free(key);
- if (msg)
- OPENSSL_free(msg);
- no_err = 0;
-
- fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F");
- }
-
- }
- if (sig->r)
- BN_free(sig->r);
- if (sig->s)
- BN_free(sig->s);
- if (Qx)
- BN_free(Qx);
- if (Qy)
- BN_free(Qy);
- return 1;
- }
-#ifdef FIPS_ALGVS
-int fips_ecdsavs_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
- {
- FILE *in = NULL, *out = NULL;
- const char *cmd = argv[1];
- int rv = 0;
- fips_algtest_init();
-
- if (argc == 4)
- {
- in = fopen(argv[2], "r");
- if (!in)
- {
- fprintf(stderr, "Error opening input file\n");
- exit(1);
- }
- out = fopen(argv[3], "w");
- if (!out)
- {
- fprintf(stderr, "Error opening output file\n");
- exit(1);
- }
- }
- else if (argc == 2)
- {
- in = stdin;
- out = stdout;
- }
-
- if (!cmd)
- {
- fprintf(stderr, "fips_ecdsavs [KeyPair|PKV|SigGen|SigVer]\n");
- return 1;
- }
- if (!strcmp(cmd, "KeyPair"))
- rv = KeyPair(in, out);
- else if (!strcmp(cmd, "PKV"))
- rv = PKV(in, out);
- else if (!strcmp(cmd, "SigVer"))
- rv = SigVer(in, out);
- else if (!strcmp(cmd, "SigGen"))
- rv = SigGen(in, out);
- else
- {
- fprintf(stderr, "Unknown command %s\n", cmd);
- return 1;
- }
-
- if (argc == 4)
- {
- fclose(in);
- fclose(out);
- }
-
- if (rv <= 0)
- {
- fprintf(stderr, "Error running %s\n", cmd);
- return 1;
- }
-
- return 0;
- }
-
-#endif
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/fips_rand.h>
-#include <openssl/err.h>
-#include <openssl/bio.h>
-#include <openssl/hmac.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/ecdsa.h>
-#include <string.h>
-#include <limits.h>
-#include "fips_locl.h"
-#include "fips_auth.h"
-
-#ifdef OPENSSL_FIPS
-
-#include <openssl/fips.h>
-
-#ifndef PATH_MAX
-#define PATH_MAX 1024
-#endif
-
-#define atox(c) ((c)>='a'?((c)-'a'+10):((c)>='A'?(c)-'A'+10:(c)-'0'))
-
-static int fips_selftest_fail = 0;
-static int fips_auth_fail = 0;
-static int fips_mode = 0;
-static int fips_started = 0;
-
-static int fips_is_owning_thread(void);
-static int fips_set_owning_thread(void);
-static int fips_clear_owning_thread(void);
-static unsigned char *fips_signature_witness(void);
-
-#define fips_w_lock() CRYPTO_w_lock(CRYPTO_LOCK_FIPS)
-#define fips_w_unlock() CRYPTO_w_unlock(CRYPTO_LOCK_FIPS)
-#define fips_r_lock() CRYPTO_r_lock(CRYPTO_LOCK_FIPS)
-#define fips_r_unlock() CRYPTO_r_unlock(CRYPTO_LOCK_FIPS)
-
-static void fips_set_mode(int onoff)
- {
- int owning_thread = fips_is_owning_thread();
-
- if (fips_started)
- {
- if (!owning_thread) fips_w_lock();
- fips_mode = onoff;
- if (!owning_thread) fips_w_unlock();
- }
- }
-
-int FIPS_module_mode(void)
- {
- int ret = 0;
- int owning_thread = fips_is_owning_thread();
-
- if (fips_started)
- {
- if (!owning_thread) fips_r_lock();
- ret = fips_mode;
- if (!owning_thread) fips_r_unlock();
- }
- return ret;
- }
-
-int FIPS_selftest_failed(void)
- {
- int ret = 0;
- if (fips_started)
- {
- int owning_thread = fips_is_owning_thread();
-
- if (!owning_thread) fips_r_lock();
- ret = fips_selftest_fail;
- if (!owning_thread) fips_r_unlock();
- }
- return ret;
- }
-
-/* Selftest failure fatal exit routine. This will be called
- * during *any* cryptographic operation. It has the minimum
- * overhead possible to avoid too big a performance hit.
- */
-
-void FIPS_selftest_check(void)
- {
- if (fips_selftest_fail)
- {
- OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
- }
- }
-
-void fips_set_selftest_fail(void)
- {
- fips_selftest_fail = 1;
- }
-
-extern const void *FIPS_text_start(), *FIPS_text_end();
-extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
-unsigned char FIPS_signature [20] = { 0 };
-__fips_constseg
-static const char FIPS_hmac_key[]="etaonrishdlcupfm";
-
-unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len)
- {
- const unsigned char *p1 = FIPS_text_start();
- const unsigned char *p2 = FIPS_text_end();
- const unsigned char *p3 = FIPS_rodata_start;
- const unsigned char *p4 = FIPS_rodata_end;
- HMAC_CTX c;
-
- HMAC_CTX_init(&c);
- HMAC_Init(&c,FIPS_hmac_key,strlen(FIPS_hmac_key),EVP_sha1());
-
- /* detect overlapping regions */
- if (p1<=p3 && p2>=p3)
- p3=p1, p4=p2>p4?p2:p4, p1=NULL, p2=NULL;
- else if (p3<=p1 && p4>=p1)
- p3=p3, p4=p2>p4?p2:p4, p1=NULL, p2=NULL;
-
- if (p1)
- HMAC_Update(&c,p1,(size_t)p2-(size_t)p1);
-
- if (FIPS_signature>=p3 && FIPS_signature<p4)
- {
- /* "punch" hole */
- HMAC_Update(&c,p3,(size_t)FIPS_signature-(size_t)p3);
- p3 = FIPS_signature+sizeof(FIPS_signature);
- if (p3<p4)
- HMAC_Update(&c,p3,(size_t)p4-(size_t)p3);
- }
- else
- HMAC_Update(&c,p3,(size_t)p4-(size_t)p3);
-
- if (!fips_post_corrupt(FIPS_TEST_INTEGRITY, 0, NULL))
- HMAC_Update(&c, (unsigned char *)FIPS_hmac_key, 1);
-
- HMAC_Final(&c,sig,&len);
- HMAC_CTX_cleanup(&c);
-
- return len;
- }
-
-int FIPS_check_incore_fingerprint(void)
- {
- unsigned char sig[EVP_MAX_MD_SIZE];
- unsigned int len;
- int rv = 0;
-#if defined(__sgi) && (defined(__mips) || defined(mips))
- extern int __dso_displacement[];
-#else
- extern int OPENSSL_NONPIC_relocated;
-#endif
-
- if (!fips_post_started(FIPS_TEST_INTEGRITY, 0, NULL))
- return 1;
-
- if (FIPS_text_start()==NULL)
- {
- FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_UNSUPPORTED_PLATFORM);
- goto err;
- }
-
- len=FIPS_incore_fingerprint(sig,sizeof(sig));
-
- if (len!=sizeof(FIPS_signature) ||
- memcmp(FIPS_signature,sig,sizeof(FIPS_signature)))
- {
- if (FIPS_signature>=FIPS_rodata_start && FIPS_signature<FIPS_rodata_end)
- FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING);
-#if defined(__sgi) && (defined(__mips) || defined(mips))
- else if (__dso_displacement!=NULL)
-#else
- else if (OPENSSL_NONPIC_relocated)
-#endif
- FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED);
- else
- FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
-#ifdef OPENSSL_FIPS_DEBUGGER
- rv = 1;
-#endif
- goto err;
- }
- rv = 1;
- err:
- if (rv == 0)
- fips_post_failed(FIPS_TEST_INTEGRITY, 0, NULL);
- else
- if (!fips_post_success(FIPS_TEST_INTEGRITY, 0, NULL))
- return 0;
- return rv;
- }
-
-static int fips_asc_check(const unsigned char *sig, const char *asc_sig)
- {
- char tsig[20];
- const char *p;
- int i;
- if (strlen(asc_sig) != 40)
- return 0;
- for (i = 0, p = asc_sig; i < 20; i++, p += 2)
- tsig[i] = (atox(p[0]) << 4) | atox(p[1]);
- if (memcmp(tsig, sig, 20))
- return 0;
- return 1;
- }
-
-static int fips_check_auth(const char *auth)
- {
- unsigned char auth_hmac[20];
- unsigned int hmac_len;
- if (fips_auth_fail)
- return 0;
- if (strlen(auth) < FIPS_AUTH_MIN_LEN)
- return 0;
- if (!HMAC(EVP_sha1(), FIPS_AUTH_KEY, strlen(FIPS_AUTH_KEY),
- (unsigned char *)auth, strlen(auth), auth_hmac, &hmac_len))
- return 0;
- if (hmac_len != sizeof(auth_hmac))
- return 0;
-
- if (fips_asc_check(auth_hmac, FIPS_AUTH_CRYPTO_OFFICER))
- return 1;
-
- if (fips_asc_check(auth_hmac, FIPS_AUTH_CRYPTO_USER))
- return 1;
-
- return 0;
- }
-
-
-
-int FIPS_module_mode_set(int onoff, const char *auth)
- {
- int ret = 0;
-
- fips_w_lock();
- fips_started = 1;
- fips_set_owning_thread();
-
- if(onoff)
- {
-
- fips_selftest_fail = 0;
- if (!fips_check_auth(auth))
- {
- fips_auth_fail = 1;
- fips_selftest_fail = 1;
- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_AUTHENTICATION_FAILURE);
- return 0;
- }
-
- /* Don't go into FIPS mode twice, just so we can do automagic
- seeding */
- if(FIPS_module_mode())
- {
- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET);
- fips_selftest_fail = 1;
- ret = 0;
- goto end;
- }
-
-#ifdef OPENSSL_IA32_SSE2
- {
- extern unsigned int OPENSSL_ia32cap_P[2];
- if ((OPENSSL_ia32cap_P[0] & (1<<25|1<<26)) != (1<<25|1<<26))
- {
- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_UNSUPPORTED_PLATFORM);
- fips_selftest_fail = 1;
- ret = 0;
- goto end;
- }
- OPENSSL_ia32cap_P[0] |= (1<<28); /* set "shared cache" */
- OPENSSL_ia32cap_P[1] &= ~(1<<(60-32)); /* clear AVX */
- }
-#endif
-
- if(fips_signature_witness() != FIPS_signature)
- {
- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_CONTRADICTING_EVIDENCE);
- fips_selftest_fail = 1;
- ret = 0;
- goto end;
- }
-
- if(FIPS_selftest())
- fips_set_mode(onoff);
- else
- {
- fips_selftest_fail = 1;
- ret = 0;
- goto end;
- }
- ret = 1;
- goto end;
- }
- fips_set_mode(0);
- fips_selftest_fail = 0;
- ret = 1;
-end:
- fips_clear_owning_thread();
- fips_w_unlock();
- return ret;
- }
-
-static CRYPTO_THREADID fips_thread;
-static int fips_thread_set = 0;
-
-static int fips_is_owning_thread(void)
- {
- int ret = 0;
-
- if (fips_started)
- {
- CRYPTO_r_lock(CRYPTO_LOCK_FIPS2);
- if (fips_thread_set)
- {
- CRYPTO_THREADID cur;
- CRYPTO_THREADID_current(&cur);
- if (!CRYPTO_THREADID_cmp(&cur, &fips_thread))
- ret = 1;
- }
- CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2);
- }
- return ret;
- }
-
-int fips_set_owning_thread(void)
- {
- int ret = 0;
-
- if (fips_started)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
- if (!fips_thread_set)
- {
- CRYPTO_THREADID_current(&fips_thread);
- ret = 1;
- fips_thread_set = 1;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
- }
- return ret;
- }
-
-int fips_clear_owning_thread(void)
- {
- int ret = 0;
-
- if (fips_started)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
- if (fips_thread_set)
- {
- CRYPTO_THREADID cur;
- CRYPTO_THREADID_current(&cur);
- if (!CRYPTO_THREADID_cmp(&cur, &fips_thread))
- fips_thread_set = 0;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
- }
- return ret;
- }
-
-unsigned char *fips_signature_witness(void)
- {
- extern unsigned char FIPS_signature[];
- return FIPS_signature;
- }
-
-unsigned long FIPS_module_version(void)
- {
- return FIPS_MODULE_VERSION_NUMBER;
- }
-
-const char *FIPS_module_version_text(void)
- {
- return FIPS_MODULE_VERSION_TEXT;
- }
-
-#if 0
-/* The purpose of this is to ensure the error code exists and the function
- * name is to keep the error checking script quiet
- */
-void hash_final(void)
- {
- FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);
- }
-#endif
-
-
-#endif
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <openssl/opensslconf.h>
-#include <stdarg.h>
-
-#ifndef OPENSSL_FIPS
-#error FIPS is disabled.
-#endif
-
-#ifdef OPENSSL_FIPS
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef OPENSSL_FIPSCANISTER
-#define OPENSSL_FIPSCAPABLE
-#endif
-
-struct dsa_st;
-struct ec_key_st;
-struct rsa_st;
-struct evp_pkey_st;
-struct env_md_st;
-struct env_md_ctx_st;
-struct evp_cipher_st;
-struct evp_cipher_ctx_st;
-struct ec_method_st;
-struct ecdsa_method;
-struct dh_method;
-struct CMAC_CTX_st;
-struct hmac_ctx_st;
-
-unsigned long FIPS_module_version(void);
-const char *FIPS_module_version_text(void);
-
-int FIPS_module_mode_set(int onoff, const char *auth);
-int FIPS_module_mode(void);
-const void *FIPS_rand_check(void);
-int FIPS_selftest(void);
-int FIPS_selftest_failed(void);
-void FIPS_selftest_check(void);
-int FIPS_selftest_sha1(void);
-int FIPS_selftest_aes_ccm(void);
-int FIPS_selftest_aes_gcm(void);
-int FIPS_selftest_aes_xts(void);
-int FIPS_selftest_aes(void);
-int FIPS_selftest_des(void);
-int FIPS_selftest_rsa(void);
-int FIPS_selftest_dsa(void);
-int FIPS_selftest_ecdsa(void);
-int FIPS_selftest_ecdh(void);
-void FIPS_x931_stick(int onoff);
-void FIPS_drbg_stick(int onoff);
-int FIPS_selftest_x931(void);
-int FIPS_selftest_hmac(void);
-int FIPS_selftest_drbg(void);
-int FIPS_selftest_drbg_all(void);
-int FIPS_selftest_cmac(void);
-
-unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len);
-int FIPS_check_incore_fingerprint(void);
-
-void fips_set_selftest_fail(void);
-int fips_check_rsa(struct rsa_st *rsa);
-int fips_check_rsa_prng(struct rsa_st *rsa, int bits);
-int fips_check_dsa_prng(struct dsa_st *dsa, size_t L, size_t N);
-int fips_check_ec_prng(struct ec_key_st *ec);
-
-void FIPS_set_locking_callbacks(void (*func)(int mode, int type,
- const char *file,int line),
- int (*add_cb)(int *pointer, int amount,
- int type, const char *file, int line));
-
-void FIPS_set_error_callbacks(
- void (*put_cb)(int lib, int func,int reason,const char *file,int line),
- void (*add_cb)(int num, va_list args) );
-
-void FIPS_set_malloc_callbacks(
- void *(*malloc_cb)(int num, const char *file, int line),
- void (*free_cb)(void *));
-
-void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
-
-/* POST callback operation value: */
-/* All tests started */
-#define FIPS_POST_BEGIN 1
-/* All tests end: result in id */
-#define FIPS_POST_END 2
-/* One individual test started */
-#define FIPS_POST_STARTED 3
-/* Individual test success */
-#define FIPS_POST_SUCCESS 4
-/* Individual test failure */
-#define FIPS_POST_FAIL 5
-/* Induce failure in test if zero return */
-#define FIPS_POST_CORRUPT 6
-
-/* Test IDs */
-/* HMAC integrity test */
-#define FIPS_TEST_INTEGRITY 1
-/* Digest test */
-#define FIPS_TEST_DIGEST 2
-/* Symmetric cipher test */
-#define FIPS_TEST_CIPHER 3
-/* Public key signature test */
-#define FIPS_TEST_SIGNATURE 4
-/* HMAC test */
-#define FIPS_TEST_HMAC 5
-/* CMAC test */
-#define FIPS_TEST_CMAC 6
-/* GCM test */
-#define FIPS_TEST_GCM 7
-/* CCM test */
-#define FIPS_TEST_CCM 8
-/* XTS test */
-#define FIPS_TEST_XTS 9
-/* X9.31 PRNG */
-#define FIPS_TEST_X931 10
-/* DRNB */
-#define FIPS_TEST_DRBG 11
-/* Keygen pairwise consistency test */
-#define FIPS_TEST_PAIRWISE 12
-/* Continuous PRNG test */
-#define FIPS_TEST_CONTINUOUS 13
-/* ECDH test */
-#define FIPS_TEST_ECDH 14
-
-/* Minimum authorisation string length */
-#define FIPS_AUTH_MIN_LEN 16
-
-void FIPS_post_set_callback(
- int (*post_cb)(int op, int id, int subid, void *ex));
-
-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
- alg " previous FIPS forbidden algorithm error ignored");
-
-int fips_pkey_signature_test(int id, struct evp_pkey_st *pkey,
- const unsigned char *tbs, size_t tbslen,
- const unsigned char *kat, size_t katlen,
- const struct env_md_st *digest, int pad_mode,
- const char *fail_str);
-
-int fips_cipher_test(int id, struct evp_cipher_ctx_st *ctx,
- const struct evp_cipher_st *cipher,
- const unsigned char *key,
- const unsigned char *iv,
- const unsigned char *plaintext,
- const unsigned char *ciphertext,
- int len);
-
-const struct env_md_st *FIPS_get_digestbynid(int nid);
-
-const struct evp_cipher_st *FIPS_get_cipherbynid(int nid);
-
-struct rsa_st *FIPS_rsa_new(void);
-void FIPS_rsa_free(struct rsa_st *r);
-int FIPS_rsa_sign_ctx(struct rsa_st *rsa, struct env_md_ctx_st *ctx,
- int rsa_pad_mode, int saltlen,
- const struct env_md_st *mgf1Hash,
- unsigned char *sigret, unsigned int *siglen);
-int FIPS_rsa_sign_digest(struct rsa_st *rsa,
- const unsigned char *md, int md_len,
- const struct env_md_st *mhash,
- int rsa_pad_mode, int saltlen,
- const struct env_md_st *mgf1Hash,
- unsigned char *sigret, unsigned int *siglen);
-int FIPS_rsa_verify_ctx(struct rsa_st *rsa, struct env_md_ctx_st *ctx,
- int rsa_pad_mode, int saltlen,
- const struct env_md_st *mgf1Hash,
- const unsigned char *sigbuf, unsigned int siglen);
-int FIPS_rsa_verify_digest(struct rsa_st *rsa,
- const unsigned char *dig, int diglen,
- const struct env_md_st *mhash,
- int rsa_pad_mode, int saltlen,
- const struct env_md_st *mgf1Hash,
- const unsigned char *sigbuf, unsigned int siglen);
-
-int FIPS_rsa_sign(struct rsa_st *rsa, const unsigned char *msg, int msglen,
- const struct env_md_st *mhash, int rsa_pad_mode,
- int saltlen, const struct env_md_st *mgf1Hash,
- unsigned char *sigret, unsigned int *siglen);
-
-int FIPS_rsa_verify(struct rsa_st *rsa, const unsigned char *msg, int msglen,
- const struct env_md_st *mhash, int rsa_pad_mode,
- int saltlen, const struct env_md_st *mgf1Hash,
- const unsigned char *sigbuf, unsigned int siglen);
-
-#ifdef OPENSSL_FIPSCAPABLE
-
-int FIPS_digestinit(EVP_MD_CTX *ctx, const EVP_MD *type);
-int FIPS_digestupdate(EVP_MD_CTX *ctx, const void *data, size_t count);
-int FIPS_digestfinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size);
-int FIPS_md_ctx_cleanup(EVP_MD_CTX *ctx);
-
-int FIPS_cipherinit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
- const unsigned char *key, const unsigned char *iv, int enc);
-int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl);
-int FIPS_cipher_ctx_cleanup(EVP_CIPHER_CTX *c);
-
-const EVP_CIPHER *FIPS_evp_aes_128_cbc(void);
-const EVP_CIPHER *FIPS_evp_aes_128_ccm(void);
-const EVP_CIPHER *FIPS_evp_aes_128_cfb1(void);
-const EVP_CIPHER *FIPS_evp_aes_128_cfb128(void);
-const EVP_CIPHER *FIPS_evp_aes_128_cfb8(void);
-const EVP_CIPHER *FIPS_evp_aes_128_ctr(void);
-const EVP_CIPHER *FIPS_evp_aes_128_ecb(void);
-const EVP_CIPHER *FIPS_evp_aes_128_gcm(void);
-const EVP_CIPHER *FIPS_evp_aes_128_ofb(void);
-const EVP_CIPHER *FIPS_evp_aes_128_xts(void);
-const EVP_CIPHER *FIPS_evp_aes_192_cbc(void);
-const EVP_CIPHER *FIPS_evp_aes_192_ccm(void);
-const EVP_CIPHER *FIPS_evp_aes_192_cfb1(void);
-const EVP_CIPHER *FIPS_evp_aes_192_cfb128(void);
-const EVP_CIPHER *FIPS_evp_aes_192_cfb8(void);
-const EVP_CIPHER *FIPS_evp_aes_192_ctr(void);
-const EVP_CIPHER *FIPS_evp_aes_192_ecb(void);
-const EVP_CIPHER *FIPS_evp_aes_192_gcm(void);
-const EVP_CIPHER *FIPS_evp_aes_192_ofb(void);
-const EVP_CIPHER *FIPS_evp_aes_256_cbc(void);
-const EVP_CIPHER *FIPS_evp_aes_256_ccm(void);
-const EVP_CIPHER *FIPS_evp_aes_256_cfb1(void);
-const EVP_CIPHER *FIPS_evp_aes_256_cfb128(void);
-const EVP_CIPHER *FIPS_evp_aes_256_cfb8(void);
-const EVP_CIPHER *FIPS_evp_aes_256_ctr(void);
-const EVP_CIPHER *FIPS_evp_aes_256_ecb(void);
-const EVP_CIPHER *FIPS_evp_aes_256_gcm(void);
-const EVP_CIPHER *FIPS_evp_aes_256_ofb(void);
-const EVP_CIPHER *FIPS_evp_aes_256_xts(void);
-const EVP_CIPHER *FIPS_evp_des_ede(void);
-const EVP_CIPHER *FIPS_evp_des_ede3(void);
-const EVP_CIPHER *FIPS_evp_des_ede3_cbc(void);
-const EVP_CIPHER *FIPS_evp_des_ede3_cfb1(void);
-const EVP_CIPHER *FIPS_evp_des_ede3_cfb64(void);
-const EVP_CIPHER *FIPS_evp_des_ede3_cfb8(void);
-const EVP_CIPHER *FIPS_evp_des_ede3_ecb(void);
-const EVP_CIPHER *FIPS_evp_des_ede3_ofb(void);
-const EVP_CIPHER *FIPS_evp_des_ede_cbc(void);
-const EVP_CIPHER *FIPS_evp_des_ede_cfb64(void);
-const EVP_CIPHER *FIPS_evp_des_ede_ecb(void);
-const EVP_CIPHER *FIPS_evp_des_ede_ofb(void);
-const EVP_CIPHER *FIPS_evp_enc_null(void);
-const EVP_MD *FIPS_evp_sha1(void);
-const EVP_MD *FIPS_evp_sha224(void);
-const EVP_MD *FIPS_evp_sha256(void);
-const EVP_MD *FIPS_evp_sha384(void);
-const EVP_MD *FIPS_evp_sha512(void);
-const EVP_MD *FIPS_evp_dss1(void);
-const EVP_MD *FIPS_evp_dss(void);
-const EVP_MD *FIPS_evp_ecdsa(void);
-
-const RSA_METHOD *FIPS_rsa_pkcs1_ssleay(void);
-int FIPS_rsa_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-
-const struct dsa_method *FIPS_dsa_openssl(void);
-int FIPS_dsa_generate_key(DSA *dsa);
-int FIPS_dsa_generate_parameters_ex(DSA *dsa, int bits,
- const unsigned char *seed,int seed_len,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-
-int fips_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
- const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
- unsigned char *seed_out,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-
-const struct ec_method_st *fips_ec_gf2m_simple_method(void);
-const struct ec_method_st *fips_ec_gfp_simple_method(void);
-const struct ec_method_st *fips_ec_gfp_mont_method(void);
-const struct ec_method_st *fips_ec_gfp_nist_method(void);
-
-const struct ecdsa_method *FIPS_ecdsa_openssl(void);
-const struct ecdh_method *FIPS_ecdh_openssl(void);
-
-int FIPS_ec_key_generate_key(struct ec_key_st *key);
-
-const struct dh_method *FIPS_dh_openssl(void);
-int FIPS_dh_generate_parameters_ex(DH *dh, int prime_len,
- int generator, BN_GENCB *cb);
-
-int FIPS_cmac_init(struct CMAC_CTX_st *ctx, const void *key, size_t keylen,
- const EVP_CIPHER *cipher, ENGINE *impl);
-int FIPS_cmac_update(struct CMAC_CTX_st *ctx, const void *in, size_t dlen);
-int FIPS_cmac_final(struct CMAC_CTX_st *ctx, unsigned char *out,
- size_t *poutlen);
-void FIPS_cmac_ctx_cleanup(struct CMAC_CTX_st *ctx);
-
-void FIPS_hmac_ctx_cleanup(struct hmac_ctx_st *ctx);
-int FIPS_hmac_init_ex(struct hmac_ctx_st *ctx, const void *key, int len,
- const EVP_MD *md, ENGINE *impl);
-int FIPS_hmac_update(struct hmac_ctx_st *ctx,
- const unsigned char *data, size_t len);
-int FIPS_hmac_final(struct hmac_ctx_st *ctx,
- unsigned char *md, unsigned int *len);
-
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_FIPS_strings(void);
-
-/* Error codes for the FIPS functions. */
-
-/* Function codes. */
-#define FIPS_F_DH_BUILTIN_GENPARAMS 100
-#define FIPS_F_DH_INIT 148
-#define FIPS_F_DRBG_RESEED 162
-#define FIPS_F_DSA_BUILTIN_PARAMGEN 101
-#define FIPS_F_DSA_BUILTIN_PARAMGEN2 102
-#define FIPS_F_DSA_DO_SIGN 103
-#define FIPS_F_DSA_DO_VERIFY 104
-#define FIPS_F_ECDH_COMPUTE_KEY 163
-#define FIPS_F_ECDSA_DO_SIGN 164
-#define FIPS_F_ECDSA_DO_VERIFY 165
-#define FIPS_F_EC_KEY_GENERATE_KEY 166
-#define FIPS_F_FIPS_CHECK_DSA 105
-#define FIPS_F_FIPS_CHECK_DSA_PRNG 151
-#define FIPS_F_FIPS_CHECK_EC 106
-#define FIPS_F_FIPS_CHECK_EC_PRNG 152
-#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 107
-#define FIPS_F_FIPS_CHECK_RSA 108
-#define FIPS_F_FIPS_CHECK_RSA_PRNG 150
-#define FIPS_F_FIPS_CIPHER 160
-#define FIPS_F_FIPS_CIPHERINIT 109
-#define FIPS_F_FIPS_CIPHER_CTX_CTRL 161
-#define FIPS_F_FIPS_DIGESTFINAL 158
-#define FIPS_F_FIPS_DIGESTINIT 110
-#define FIPS_F_FIPS_DIGESTUPDATE 159
-#define FIPS_F_FIPS_DRBG_BYTES 111
-#define FIPS_F_FIPS_DRBG_CHECK 146
-#define FIPS_F_FIPS_DRBG_CPRNG_TEST 112
-#define FIPS_F_FIPS_DRBG_ERROR_CHECK 114
-#define FIPS_F_FIPS_DRBG_GENERATE 113
-#define FIPS_F_FIPS_DRBG_INIT 115
-#define FIPS_F_FIPS_DRBG_INSTANTIATE 116
-#define FIPS_F_FIPS_DRBG_NEW 117
-#define FIPS_F_FIPS_DRBG_RESEED 118
-#define FIPS_F_FIPS_DRBG_SINGLE_KAT 119
-#define FIPS_F_FIPS_DSA_SIGN_DIGEST 154
-#define FIPS_F_FIPS_DSA_VERIFY_DIGEST 155
-#define FIPS_F_FIPS_GET_ENTROPY 147
-#define FIPS_F_FIPS_MODULE_MODE_SET 120
-#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 121
-#define FIPS_F_FIPS_RAND_ADD 122
-#define FIPS_F_FIPS_RAND_BYTES 123
-#define FIPS_F_FIPS_RAND_PSEUDO_BYTES 124
-#define FIPS_F_FIPS_RAND_SEED 125
-#define FIPS_F_FIPS_RAND_SET_METHOD 126
-#define FIPS_F_FIPS_RAND_STATUS 127
-#define FIPS_F_FIPS_RSA_SIGN_DIGEST 156
-#define FIPS_F_FIPS_RSA_VERIFY_DIGEST 157
-#define FIPS_F_FIPS_SELFTEST_AES 128
-#define FIPS_F_FIPS_SELFTEST_AES_CCM 145
-#define FIPS_F_FIPS_SELFTEST_AES_GCM 129
-#define FIPS_F_FIPS_SELFTEST_AES_XTS 144
-#define FIPS_F_FIPS_SELFTEST_CMAC 130
-#define FIPS_F_FIPS_SELFTEST_DES 131
-#define FIPS_F_FIPS_SELFTEST_DSA 132
-#define FIPS_F_FIPS_SELFTEST_ECDSA 133
-#define FIPS_F_FIPS_SELFTEST_HMAC 134
-#define FIPS_F_FIPS_SELFTEST_SHA1 135
-#define FIPS_F_FIPS_SELFTEST_X931 136
-#define FIPS_F_FIPS_SET_PRNG_KEY 153
-#define FIPS_F_HASH_FINAL 137
-#define FIPS_F_RSA_BUILTIN_KEYGEN 138
-#define FIPS_F_RSA_EAY_INIT 149
-#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 139
-#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 140
-#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 141
-#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 142
-#define FIPS_F_RSA_X931_GENERATE_KEY_EX 143
-
-/* Reason codes. */
-#define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED 150
-#define FIPS_R_ADDITIONAL_INPUT_TOO_LONG 100
-#define FIPS_R_ALREADY_INSTANTIATED 101
-#define FIPS_R_AUTHENTICATION_FAILURE 151
-#define FIPS_R_CONTRADICTING_EVIDENCE 102
-#define FIPS_R_DRBG_NOT_INITIALISED 152
-#define FIPS_R_DRBG_STUCK 103
-#define FIPS_R_ENTROPY_ERROR_UNDETECTED 104
-#define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105
-#define FIPS_R_ENTROPY_SOURCE_STUCK 142
-#define FIPS_R_ERROR_INITIALISING_DRBG 106
-#define FIPS_R_ERROR_INSTANTIATING_DRBG 107
-#define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 108
-#define FIPS_R_ERROR_RETRIEVING_ENTROPY 109
-#define FIPS_R_ERROR_RETRIEVING_NONCE 110
-#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 111
-#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 112
-#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 113
-#define FIPS_R_FIPS_MODE_ALREADY_SET 114
-#define FIPS_R_FIPS_SELFTEST_FAILED 115
-#define FIPS_R_FUNCTION_ERROR 116
-#define FIPS_R_GENERATE_ERROR 117
-#define FIPS_R_GENERATE_ERROR_UNDETECTED 118
-#define FIPS_R_INSTANTIATE_ERROR 119
-#define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 120
-#define FIPS_R_INTERNAL_ERROR 121
-#define FIPS_R_INVALID_KEY_LENGTH 122
-#define FIPS_R_INVALID_PARAMETERS 144
-#define FIPS_R_IN_ERROR_STATE 123
-#define FIPS_R_KEY_TOO_SHORT 124
-#define FIPS_R_NONCE_ERROR_UNDETECTED 149
-#define FIPS_R_NON_FIPS_METHOD 125
-#define FIPS_R_NOPR_TEST1_FAILURE 145
-#define FIPS_R_NOPR_TEST2_FAILURE 146
-#define FIPS_R_NOT_INSTANTIATED 126
-#define FIPS_R_PAIRWISE_TEST_FAILED 127
-#define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 128
-#define FIPS_R_PERSONALISATION_STRING_TOO_LONG 129
-#define FIPS_R_PRNG_STRENGTH_TOO_LOW 143
-#define FIPS_R_PR_TEST1_FAILURE 147
-#define FIPS_R_PR_TEST2_FAILURE 148
-#define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 130
-#define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 131
-#define FIPS_R_RESEED_COUNTER_ERROR 132
-#define FIPS_R_RESEED_ERROR 133
-#define FIPS_R_SELFTEST_FAILED 134
-#define FIPS_R_SELFTEST_FAILURE 135
-#define FIPS_R_STRENGTH_ERROR_UNDETECTED 136
-#define FIPS_R_TEST_FAILURE 137
-#define FIPS_R_UNINSTANTIATE_ERROR 141
-#define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138
-#define FIPS_R_UNSUPPORTED_DRBG_TYPE 139
-#define FIPS_R_UNSUPPORTED_PLATFORM 140
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define FIPS_AUTH_KEY "etaonrishdlcupfm"
-#define FIPS_AUTH_CRYPTO_OFFICER "7f92562d409c903322c0f94a1188ae8178339a4f"
-#define FIPS_AUTH_CRYPTO_USER "cb6cbdaad26cd210a8b31a5d56a876ee1d51a96c"
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
- * and usage in source and binary forms are granted according to the
- * OpenSSL license.
- */
-
-#include <stdio.h>
-#if defined(__DECC)
-# include <c_asm.h>
-# pragma __nostandard
-#endif
-
-const void *FIPS_text_start(void);
-const void *FIPS_text_end(void);
-
-#include "e_os.h"
-
-#if !defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
-# if (defined(__sun) && (defined(__sparc) || defined(__sparcv9))) || \
- (defined(__sgi) && (defined(__mips) || defined(mips))) || \
- (defined(__osf__) && defined(__alpha)) || \
- (defined(__linux) && (defined(__arm) || defined(__arm__))) || \
- (defined(__i386) || defined(__i386__)) || \
- (defined(__x86_64) || defined(__x86_64__)) || \
- (defined(vax) || defined(__vax__))
-# define POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION
-# endif
-#endif
-
-#if !defined(FIPS_REF_POINT_IS_CROSS_COMPILER_AWARE)
-# if (defined(__ANDROID__) && (defined(__arm__) || defined(__arm) || \
- defined(__i386__)|| defined(__i386))) || \
- (defined(__vxworks) && (defined(__ppc__) || defined(__ppc) || \
- defined(__mips__)|| defined(__mips))) || \
- (defined(__linux) && ((defined(__PPC__) && !defined(__PPC64__)) || \
- defined(__arm__) || defined(__arm))) || \
- (defined(__APPLE__) /* verified on all MacOS X & iOS flavors */)|| \
- (defined(_WIN32) && defined(_MSC_VER))
-# define FIPS_REF_POINT_IS_CROSS_COMPILER_AWARE
-# endif
-#endif
-
-#if defined(__xlC__) && __xlC__>=0x600 && (defined(_POWER) || defined(_ARCH_PPC))
-static void *instruction_pointer_xlc(void);
-# pragma mc_func instruction_pointer_xlc {\
- "7c0802a6" /* mflr r0 */ \
- "48000005" /* bl $+4 */ \
- "7c6802a6" /* mflr r3 */ \
- "7c0803a6" /* mtlr r0 */ }
-# pragma reg_killed_by instruction_pointer_xlc gr0 gr3
-# define INSTRUCTION_POINTER_IMPLEMENTED(ret) (ret=instruction_pointer_xlc());
-#endif
-
-#ifdef FIPS_START
-# define FIPS_ref_point FIPS_text_start
-# ifdef FIPS_REF_POINT_IS_CROSS_COMPILER_AWARE
-# define instruction_pointer FIPS_text_startX
-# endif
-/* Some compilers put string literals into a separate segment. As we
- * are mostly interested to hash AES tables in .rodata, we declare
- * reference points accordingly. In case you wonder, the values are
- * big-endian encoded variable names, just to prevent these arrays
- * from being merged by linker. */
-# if defined(_MSC_VER)
-# pragma code_seg("fipstx")
-# pragma code_seg()
- __declspec(allocate("fipstx"))
-const unsigned int FIPS_text_startX[]=
- { 0x46495053, 0x5f746578, 0x745f7374, 0x61727458 };
-# pragma const_seg("fipsro$a")
-# pragma const_seg()
- __declspec(allocate("fipsro$a"))
-# endif
-const unsigned int FIPS_rodata_start[]=
- { 0x46495053, 0x5f726f64, 0x6174615f, 0x73746172 };
-#else
-# define FIPS_ref_point FIPS_text_end
-# ifdef FIPS_REF_POINT_IS_CROSS_COMPILER_AWARE
-# define instruction_pointer FIPS_text_endX
-# endif
-# if defined(_MSC_VER)
-# pragma code_seg("fipstx$z")
-# pragma code_seg()
- __declspec(allocate("fipstx$z"))
-const unsigned int FIPS_text_endX[]=
- { 0x46495053, 0x5f746578, 0x745f656e, 0x64585b5d };
-# pragma const_seg("fipsro$z")
-# pragma const_seg()
- __declspec(allocate("fipsro$z"))
-# endif
-const unsigned int FIPS_rodata_end[]=
- { 0x46495053, 0x5f726f64, 0x6174615f, 0x656e645b };
-#endif
-
-#if !defined(_MSC_VER) || !defined(instruction_pointer)
-/*
- * I declare reference function as static in order to avoid certain
- * pitfalls in -dynamic linker behaviour...
- */
-static void *instruction_pointer(void)
-{ void *ret=NULL;
-/* These are ABI-neutral CPU-specific snippets. ABI-neutrality means
- * that they are designed to work under any OS running on particular
- * CPU, which is why you don't find any #ifdef THIS_OR_THAT_OS in
- * this function. */
-#if defined(INSTRUCTION_POINTER_IMPLEMENTED)
- INSTRUCTION_POINTER_IMPLEMENTED(ret);
-#elif defined(__GNUC__) && __GNUC__>=2
-# if defined(__alpha) || defined(__alpha__)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- __asm __volatile ( "br %0,1f\n1:" : "=r"(ret) );
-# elif defined(__i386) || defined(__i386__)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- __asm __volatile ( "call 1f\n1: popl %0" : "=r"(ret) );
- ret = (void *)((size_t)ret&~3UL); /* align for better performance */
-# elif defined(__ia64) || defined(__ia64__)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- __asm __volatile ( "mov %0=ip" : "=r"(ret) );
-# elif defined(__hppa) || defined(__hppa__) || defined(__pa_risc)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- __asm __volatile ( "blr %%r0,%0\n\tnop" : "=r"(ret) );
- ret = (void *)((size_t)ret&~3UL); /* mask privilege level */
-# elif defined(__mips) || defined(__mips__)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- void *scratch;
- __asm __volatile ( "move %1,$31\n\t" /* save ra */
- "bal .+8; nop\n\t"
- "move %0,$31\n\t"
- "move $31,%1" /* restore ra */
- : "=r"(ret),"=r"(scratch) );
-# elif defined(__ppc__) || defined(__ppc) || \
- defined(__powerpc) || defined(__powerpc__) || \
- defined(__POWERPC__) || defined(_POWER) || defined(__PPC__) || \
- defined(__PPC64__) || defined(__ppc64__) || defined(__powerpc64__)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- void *scratch;
- __asm __volatile ( "mfspr %1,8\n\t" /* save lr */
- "bl $+4\n\t"
- "mfspr %0,8\n\t" /* mflr ret */
- "mtspr 8,%1" /* restore lr */
- : "=r"(ret),"=r"(scratch) );
-# elif defined(__s390__) || defined(__s390x__)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- __asm __volatile ( "bras %0,1f\n1:" : "=r"(ret) );
- ret = (void *)((size_t)ret&~3UL);
-# elif defined(__sparc) || defined(__sparc__) || defined(__sparcv9)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- void *scratch;
- __asm __volatile ( "mov %%o7,%1\n\t"
- "call .+8; nop\n\t"
- "mov %%o7,%0\n\t"
- "mov %1,%%o7"
- : "=r"(ret),"=r"(scratch) );
-# elif defined(__x86_64) || defined(__x86_64__)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- __asm __volatile ( "leaq 0(%%rip),%0" : "=r"(ret) );
- ret = (void *)((size_t)ret&~3UL); /* align for better performance */
-# elif defined(__arm) || defined(__arm__)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- __asm __volatile ( "sub %0,pc,#8" : "=r"(ret) );
-# endif
-#elif defined(__DECC) && defined(__alpha)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- ret = (void *)(size_t)asm("br %v0,1f\n1:");
-#elif defined(_MSC_VER) && defined(_M_IX86)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- void *scratch;
- _asm {
- call self
- self: pop eax
- mov scratch,eax
- }
- ret = (void *)((size_t)scratch&~3UL);
-#endif
- return ret;
-}
-#endif
-
-/*
- * This function returns pointer to an instruction in the vicinity of
- * its entry point, but not outside this object module. This guarantees
- * that sequestered code is covered...
- */
-const void *FIPS_ref_point()
-{
-#if defined(FIPS_REF_POINT_IS_CROSS_COMPILER_AWARE)
-# if defined(__thumb__) || defined(__thumb)
- return (void *)((size_t)instruction_pointer&~1);
-# else
- return (void *)instruction_pointer;
-# endif
-#elif defined(INSTRUCTION_POINTER_IMPLEMENTED)
- return instruction_pointer();
-/* Below we essentially cover vendor compilers which do not support
- * inline assembler... */
-#elif defined(_AIX)
- struct { void *ip,*gp,*env; } *p = (void *)instruction_pointer;
- return p->ip;
-#elif defined(_HPUX_SOURCE)
-# if defined(__hppa) || defined(__hppa__)
- struct { void *i[4]; } *p = (void *)FIPS_ref_point;
-
- if (sizeof(p) == 8) /* 64-bit */
- return p->i[2];
- else if ((size_t)p & 2)
- { p = (void *)((size_t)p&~3UL);
- return p->i[0];
- }
- else
- return (void *)p;
-# elif defined(__ia64) || defined(__ia64__)
- struct { unsigned long long ip,gp; } *p=(void *)instruction_pointer;
- return (void *)(size_t)p->ip;
-# endif
-#elif (defined(__VMS) || defined(VMS)) && !(defined(vax) || defined(__vax__))
- /* applies to both alpha and ia64 */
- struct { unsigned __int64 opaque,ip; } *p=(void *)instruction_pointer;
- return (void *)(size_t)p->ip;
-#elif defined(__VOS__)
- /* applies to both pa-risc and ia32 */
- struct { void *dp,*ip,*gp; } *p = (void *)instruction_pointer;
- return p->ip;
-#elif defined(_WIN32)
-# if defined(_WIN64) && defined(_M_IA64)
- struct { void *ip,*gp; } *p = (void *)FIPS_ref_point;
- return p->ip;
-# else
- return (void *)FIPS_ref_point;
-# endif
-/*
- * In case you wonder why there is no #ifdef __linux. All Linux targets
- * are GCC-based and therefore are covered by instruction_pointer above
- * [well, some are covered by by the one below]...
- */
-#elif defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
- return (void *)instruction_pointer;
-#else
- return NULL;
-#endif
-}
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#ifdef OPENSSL_FIPS
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define FIPS_MAX_CIPHER_TEST_SIZE 32
-#define fips_load_key_component(key, comp, pre) \
- key->comp = BN_bin2bn(pre##_##comp, sizeof(pre##_##comp), key->comp); \
- if (!key->comp) \
- goto err
-
-int fips_post_begin(void);
-void fips_post_end(void);
-int fips_post_started(int id, int subid, void *ex);
-int fips_post_success(int id, int subid, void *ex);
-int fips_post_failed(int id, int subid, void *ex);
-int fips_post_corrupt(int id, int subid, void *ex);
-int fips_post_status(void);
-
-#define FIPS_MODULE_VERSION_NUMBER 0x20000000L
-#define FIPS_MODULE_VERSION_TEXT "FIPS 2.0-dev unvalidated test module xx XXX xxxx"
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/fips_rand.h>
-#include <openssl/err.h>
-#include <openssl/bio.h>
-#include <openssl/hmac.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/ecdsa.h>
-#include <string.h>
-#include <limits.h>
-
-#ifdef OPENSSL_FIPS
-
-/* Power on self test (POST) support functions */
-
-#include <openssl/fips.h>
-#include "fips_locl.h"
-
-/* POST notification callback */
-
-int (*fips_post_cb)(int op, int id, int subid, void *ex);
-
-void FIPS_post_set_callback(
- int (*post_cb)(int op, int id, int subid, void *ex))
- {
- fips_post_cb = post_cb;
- }
-
-/* POST status: i.e. status of all tests */
-#define FIPS_POST_STATUS_NOT_STARTED 0
-#define FIPS_POST_STATUS_OK 1
-#define FIPS_POST_STATUS_RUNNING 2
-#define FIPS_POST_STATUS_FAILED -1
-static int post_status = 0;
-/* Set to 1 if any test failed */
-static int post_failure = 0;
-
-/* All tests started */
-
-int fips_post_begin(void)
- {
- post_failure = 0;
- post_status = FIPS_POST_STATUS_NOT_STARTED;
- if (fips_post_cb)
- if (!fips_post_cb(FIPS_POST_BEGIN, 0, 0, NULL))
- return 0;
- post_status = FIPS_POST_STATUS_RUNNING;
- return 1;
- }
-
-void fips_post_end(void)
- {
- if (post_failure)
- {
- post_status = FIPS_POST_STATUS_FAILED;
- if(fips_post_cb)
- fips_post_cb(FIPS_POST_END, 0, 0, NULL);
- }
- else
- {
- post_status = FIPS_POST_STATUS_OK;
- if (fips_post_cb)
- fips_post_cb(FIPS_POST_END, 1, 0, NULL);
- }
- }
-
-/* A self test started */
-int fips_post_started(int id, int subid, void *ex)
- {
- if (fips_post_cb)
- return fips_post_cb(FIPS_POST_STARTED, id, subid, ex);
- return 1;
- }
-/* A self test passed successfully */
-int fips_post_success(int id, int subid, void *ex)
- {
- if (fips_post_cb)
- return fips_post_cb(FIPS_POST_SUCCESS, id, subid, ex);
- return 1;
- }
-/* A self test failed */
-int fips_post_failed(int id, int subid, void *ex)
- {
- post_failure = 1;
- if (fips_post_cb)
- return fips_post_cb(FIPS_POST_FAIL, id, subid, ex);
- return 1;
- }
-/* Indicate if a self test failure should be induced */
-int fips_post_corrupt(int id, int subid, void *ex)
- {
- if (fips_post_cb)
- return fips_post_cb(FIPS_POST_CORRUPT, id, subid, ex);
- return 1;
- }
-/* Note: if selftests running return status OK so their operation is
- * not interrupted. This will only happen while selftests are actually
- * running so will not interfere with normal operation.
- */
-int fips_post_status(void)
- {
- return post_status > 0 ? 1 : 0;
- }
-/* Run all selftests */
-int FIPS_selftest(void)
- {
- int rv = 1;
- fips_post_begin();
- if(!FIPS_check_incore_fingerprint())
- rv = 0;
- if (!FIPS_selftest_drbg())
- rv = 0;
- if (!FIPS_selftest_x931())
- rv = 0;
- if (!FIPS_selftest_sha1())
- rv = 0;
- if (!FIPS_selftest_hmac())
- rv = 0;
- if (!FIPS_selftest_cmac())
- rv = 0;
- if (!FIPS_selftest_aes())
- rv = 0;
- if (!FIPS_selftest_aes_ccm())
- rv = 0;
- if (!FIPS_selftest_aes_gcm())
- rv = 0;
- if (!FIPS_selftest_aes_xts())
- rv = 0;
- if (!FIPS_selftest_des())
- rv = 0;
- if (!FIPS_selftest_rsa())
- rv = 0;
- if (!FIPS_selftest_ecdsa())
- rv = 0;
- if (!FIPS_selftest_dsa())
- rv = 0;
- if (!FIPS_selftest_ecdh())
- rv = 0;
- fips_post_end();
- return rv;
- }
-
-/* Generalized public key test routine. Signs and verifies the data
- * supplied in tbs using mesage digest md and setting RSA padding mode
- * pad_mode. If the 'kat' parameter is not NULL it will
- * additionally check the signature matches it: a known answer test
- * The string "fail_str" is used for identification purposes in case
- * of failure. If "pkey" is NULL just perform a message digest check.
- */
-
-int fips_pkey_signature_test(int id, EVP_PKEY *pkey,
- const unsigned char *tbs, size_t tbslen,
- const unsigned char *kat, size_t katlen,
- const EVP_MD *digest, int pad_mode,
- const char *fail_str)
- {
- int subid;
- int ret = 0;
- unsigned char *sig = NULL;
- unsigned int siglen;
- __fips_constseg
- static const unsigned char str1[]="12345678901234567890";
- DSA_SIG *dsig = NULL;
- ECDSA_SIG *esig = NULL;
- EVP_MD_CTX mctx;
- FIPS_md_ctx_init(&mctx);
-
- if (tbs == NULL)
- tbs = str1;
-
- if (tbslen == 0)
- tbslen = strlen((char *)tbs);
-
- if (digest == NULL)
- digest = EVP_sha256();
-
- subid = M_EVP_MD_type(digest);
-
-
- if (!fips_post_started(id, subid, pkey))
- return 1;
-
- if (!pkey || pkey->type == EVP_PKEY_RSA)
- {
- size_t sigsize;
- if (!pkey)
- sigsize = EVP_MAX_MD_SIZE;
- else
- sigsize = RSA_size(pkey->pkey.rsa);
-
- sig = OPENSSL_malloc(sigsize);
- if (!sig)
- {
- FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,ERR_R_MALLOC_FAILURE);
- goto error;
- }
- }
-
- if (!FIPS_digestinit(&mctx, digest))
- goto error;
- if (!FIPS_digestupdate(&mctx, tbs, tbslen))
- goto error;
-
- if (!fips_post_corrupt(id, subid, pkey))
- {
- if (!FIPS_digestupdate(&mctx, tbs, 1))
- goto error;
- }
-
- if (pkey == NULL)
- {
- if (!FIPS_digestfinal(&mctx, sig, &siglen))
- goto error;
- }
- else if (pkey->type == EVP_PKEY_RSA)
- {
- if (!FIPS_rsa_sign_ctx(pkey->pkey.rsa, &mctx,
- pad_mode, 0, NULL, sig, &siglen))
- goto error;
- }
- else if (pkey->type == EVP_PKEY_DSA)
- {
- dsig = FIPS_dsa_sign_ctx(pkey->pkey.dsa, &mctx);
- if (!dsig)
- goto error;
- }
- else if (pkey->type == EVP_PKEY_EC)
- {
- esig = FIPS_ecdsa_sign_ctx(pkey->pkey.ec, &mctx);
- if (!esig)
- goto error;
- }
-
- if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen)))
- goto error;
-#if 0
- {
- /* Debug code to print out self test KAT discrepancies */
- unsigned int i;
- fprintf(stderr, "%s=", fail_str);
- for (i = 0; i < siglen; i++)
- fprintf(stderr, "%02X", sig[i]);
- fprintf(stderr, "\n");
- goto error;
- }
-#endif
- /* If just digest test we've finished */
- if (pkey == NULL)
- {
- ret = 1;
- /* Well actually success as we've set ret to 1 */
- goto error;
- }
- if (!FIPS_digestinit(&mctx, digest))
- goto error;
- if (!FIPS_digestupdate(&mctx, tbs, tbslen))
- goto error;
- if (pkey->type == EVP_PKEY_RSA)
- {
- ret = FIPS_rsa_verify_ctx(pkey->pkey.rsa, &mctx,
- pad_mode, 0, NULL, sig, siglen);
- }
- else if (pkey->type == EVP_PKEY_DSA)
- {
- ret = FIPS_dsa_verify_ctx(pkey->pkey.dsa, &mctx, dsig);
- }
- else if (pkey->type == EVP_PKEY_EC)
- {
- ret = FIPS_ecdsa_verify_ctx(pkey->pkey.ec, &mctx, esig);
- }
-
- error:
- if (dsig != NULL)
- FIPS_dsa_sig_free(dsig);
- if (esig != NULL)
- FIPS_ecdsa_sig_free(esig);
- if (sig)
- OPENSSL_free(sig);
- FIPS_md_ctx_cleanup(&mctx);
- if (ret != 1)
- {
- FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,FIPS_R_TEST_FAILURE);
- if (fail_str)
- FIPS_add_error_data(2, "Type=", fail_str);
- fips_post_failed(id, subid, pkey);
- return 0;
- }
- return fips_post_success(id, subid, pkey);
- }
-
-/* Generalized symmetric cipher test routine. Encrypt data, verify result
- * against known answer, decrypt and compare with original plaintext.
- */
-
-int fips_cipher_test(int id, EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
- const unsigned char *key,
- const unsigned char *iv,
- const unsigned char *plaintext,
- const unsigned char *ciphertext,
- int len)
- {
- unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
- unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
- int subid = M_EVP_CIPHER_nid(cipher);
- int rv = 0;
- OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
- memset(pltmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
- memset(citmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
-
- if (!fips_post_started(id, subid, NULL))
- return 1;
- if (FIPS_cipherinit(ctx, cipher, key, iv, 1) <= 0)
- goto error;
- if (!FIPS_cipher(ctx, citmp, plaintext, len))
- goto error;
- if (memcmp(citmp, ciphertext, len))
- goto error;
- if (!fips_post_corrupt(id, subid, NULL))
- citmp[0] ^= 0x1;
- if (FIPS_cipherinit(ctx, cipher, key, iv, 0) <= 0)
- goto error;
- FIPS_cipher(ctx, pltmp, citmp, len);
- if (memcmp(pltmp, plaintext, len))
- goto error;
- rv = 1;
- error:
- if (rv == 0)
- {
- fips_post_failed(id, subid, NULL);
- return 0;
- }
- return fips_post_success(id, subid, NULL);
- }
-
-#endif
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
- * and usage in source and binary forms are granted according to the
- * OpenSSL license.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#if defined(__unix) || defined(__unix__) || defined(__vxworks) || defined(__ANDROID__) || defined(__APPLE__)
-#include <unistd.h>
-#endif
-
-#ifndef FINGERPRINT_PREMAIN_DSO_LOAD
-
-#if defined(__GNUC__) && __GNUC__>=2
- void FINGERPRINT_premain(void) __attribute__((constructor));
- /* Most commonly this results in pointer to premain to be dropped
- * to .ctors segment, which is traversed by GCC crtbegin.o upon
- * program startup. Except on a.out OpenBSD where it results in
- * _GLOBAL_$I$premain() {premain();} being auto-generated by
- * compiler... But one way or another this is believed to cover
- * *all* GCC targets. */
-#elif defined(_MSC_VER)
-# ifdef _WINDLL
- __declspec(dllexport) /* this is essentially cosmetics... */
-# endif
- void FINGERPRINT_premain(void);
- static int premain_wrapper(void) { FINGERPRINT_premain(); return 0; }
-# ifdef _WIN64
-# pragma section(".CRT$XCU",read)
- __declspec(allocate(".CRT$XCU"))
-# else
-# pragma data_seg(".CRT$XCU")
-# endif
- static int (*p)(void) = premain_wrapper;
- /* This results in pointer to premain to appear in .CRT segment,
- * which is traversed by Visual C run-time initialization code.
- * This applies to both Win32 and [all flavors of] Win64. */
-# pragma data_seg()
-#elif defined(__SUNPRO_C)
- void FINGERPRINT_premain(void);
-# pragma init(FINGERPRINT_premain)
- /* This results in a call to premain to appear in .init segment. */
-#elif defined(__DECC) && (defined(__VMS) || defined(VMS))
- void FINGERPRINT_premain(void);
-# pragma __nostandard
- globaldef { "LIB$INITIALIZ" } readonly _align (LONGWORD)
- int spare[8] = {0};
- globaldef { "LIB$INITIALIZE" } readonly _align (LONGWORD)
- void (*x_FINGERPRINT_premain)(void) = FINGERPRINT_premain;
- /* Refer to LIB$INITIALIZE to ensure it exists in the image. */
- int lib$initialize();
- globaldef int (*lib_init_ref)() = lib$initialize;
-# pragma __standard
-#elif 0
- The rest has to be taken care of through command line:
-
- -Wl,-init,FINGERPRINT_premain on OSF1 and IRIX
- -Wl,+init,FINGERPRINT_premain on HP-UX
- -Wl,-binitfini:FINGERPRINT_premain on AIX
-
- On ELF platforms this results in a call to premain to appear in
- .init segment...
-#endif
-
-#ifndef HMAC_SHA1_SIG
-#define HMAC_SHA1_SIG "?have to make sure this string is unique"
-#endif
-
-#if defined(_MSC_VER)
-# pragma const_seg("fipsro")
-# pragma const_seg()
- __declspec(allocate("fipsro"))
-#endif
-static const unsigned char FINGERPRINT_ascii_value[41] = HMAC_SHA1_SIG;
-
-#define atox(c) ((c)>='a'?((c)-'a'+10):((c)>='A'?(c)-'A'+10:(c)-'0'))
-
-extern const void *FIPS_text_start(), *FIPS_text_end();
-extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
-extern unsigned char FIPS_signature[20];
-extern unsigned int FIPS_incore_fingerprint(unsigned char *,unsigned int);
-
-/*
- * As name suggests this code is executed prior main(). We use this
- * opportunity to fingerprint sequestered code in virtual address
- * space of target application.
- */
-void FINGERPRINT_premain(void)
-{ unsigned char sig[sizeof(FIPS_signature)];
- const unsigned char * volatile p=FINGERPRINT_ascii_value;
- unsigned int len=sizeof(sig),i;
-
- /* "volatilization" is done to disengage unwanted optimization... */
- if (*((volatile unsigned char *)p)=='?')
- { if (FIPS_text_start()==NULL)
- { fprintf(stderr,"FIPS_text_start() returns NULL\n");
- _exit(1);
- }
-#if defined(DEBUG_FINGERPRINT_PREMAIN)
- fprintf(stderr,".text:%p+%d=%p\n",FIPS_text_start(),
- (int)((size_t)FIPS_text_end()-(size_t)FIPS_text_start()),
- FIPS_text_end());
- fprintf(stderr,".rodata:%p+%d=%p\n",FIPS_rodata_start,
- (int)((size_t)FIPS_rodata_end-(size_t)FIPS_rodata_start),
- FIPS_rodata_end);
-#endif
-
- len=FIPS_incore_fingerprint(sig,sizeof(sig));
-
- if (len!=sizeof(sig))
- { fprintf(stderr,"fingerprint length mismatch: %u\n",len);
- _exit(1);
- }
-
- for (i=0;i<len;i++) printf("%02x",sig[i]);
- printf("\n");
- fflush(stdout);
- _exit(0);
- }
- else if (FIPS_signature[0]=='\0') do
- { for (i=0;i<sizeof(FIPS_signature);i++,p+=2)
- FIPS_signature[i] = (atox(p[0])<<4)|atox(p[1]);
-
-#if defined(DEBUG_FINGERPRINT_PREMAIN)
- if (getenv("OPENSSL_FIPS")==NULL) break;
-
- len=FIPS_incore_fingerprint(sig,sizeof(sig));
-
- if (memcmp(FIPS_signature,sig,sizeof(FIPS_signature)))
- { fprintf(stderr,"FINGERPRINT_premain: FIPS_signature mismatch\n");
- _exit(1);
- }
-#endif
- } while(0);
-}
-
-#else
-
-#include <openssl/bio.h>
-#include <openssl/dso.h>
-#include <openssl/err.h>
-
-int main(int argc,char *argv[])
-{ DSO *dso;
- DSO_FUNC_TYPE func;
- BIO *bio_err;
-
- if (argc < 2)
- { fprintf (stderr,"usage: %s libcrypto.dso\n",argv[0]);
- return 1;
- }
-
- if ((bio_err=BIO_new(BIO_s_file())) == NULL)
- { fprintf (stderr,"unable to allocate BIO\n");
- return 1;
- }
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
- ERR_load_crypto_strings();
-
- dso = DSO_load(NULL,argv[1],NULL,DSO_FLAG_NO_NAME_TRANSLATION);
- if (dso == NULL)
- { ERR_print_errors(bio_err);
- return 1;
- }
-
- /* This is not normally reached, because FINGERPRINT_premain should
- * have executed and terminated application already upon DSO_load... */
- func = DSO_bind_func(dso,"FINGERPRINT_premain");
- if (func == NULL)
- { ERR_print_errors(bio_err);
- return 1;
- }
-
- (*func)();
-
- return 0;
-}
-
-#endif
+++ /dev/null
-HMAC-SHA1(fips_premain.c)= 1eaf66f76187877ff403708a2948d240f92736a0
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- *
- * This command is intended as a test driver for the FIPS-140 testing
- * lab performing FIPS-140 validation. It demonstrates the use of the
- * OpenSSL library ito perform a variety of common cryptographic
- * functions. A power-up self test is demonstrated by deliberately
- * pointing to an invalid executable hash
- *
- * Contributed by Steve Marquess.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <assert.h>
-#include <ctype.h>
-#include <string.h>
-#include <stdlib.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/cmac.h>
-#include <openssl/sha.h>
-#include <openssl/err.h>
-
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-
-#ifndef OPENSSL_FIPS
-int main(int argc, char *argv[])
- {
- printf("No FIPS support\n");
- return(0);
- }
-#else
-
-#define ERR_clear_error() while(0)
-
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/dh.h>
-
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include "fips_utl.h"
-
-/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
-*/
-static int FIPS_aes_test(void)
- {
- int ret = 0;
- unsigned char pltmp[16];
- unsigned char citmp[16];
- unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
- unsigned char plaintext[16] = "etaonrishdlcu";
- EVP_CIPHER_CTX ctx;
- FIPS_cipher_ctx_init(&ctx);
- if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1) <= 0)
- goto err;
- FIPS_cipher(&ctx, citmp, plaintext, 16);
- if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 0) <= 0)
- goto err;
- FIPS_cipher(&ctx, pltmp, citmp, 16);
- if (memcmp(pltmp, plaintext, 16))
- goto err;
- ret = 1;
- err:
- FIPS_cipher_ctx_cleanup(&ctx);
- return ret;
- }
-
-static int FIPS_aes_gcm_test(void)
- {
- int ret = 0;
- unsigned char pltmp[16];
- unsigned char citmp[16];
- unsigned char tagtmp[16];
- unsigned char key[16] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
- unsigned char iv[16] = {21,22,23,24,25,26,27,28,29,30,31,32};
- unsigned char aad[] = "Some text AAD";
- unsigned char plaintext[16] = "etaonrishdlcu";
- EVP_CIPHER_CTX ctx;
- FIPS_cipher_ctx_init(&ctx);
- if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 1) <= 0)
- goto err;
- FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
- FIPS_cipher(&ctx, citmp, plaintext, 16);
- FIPS_cipher(&ctx, NULL, NULL, 0);
- if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tagtmp))
- goto err;
-
- if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 0) <= 0)
- goto err;
- if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tagtmp))
- goto err;
-
- FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
-
- FIPS_cipher(&ctx, pltmp, citmp, 16);
-
- if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
- goto err;
-
- if (memcmp(pltmp, plaintext, 16))
- goto err;
-
- ret = 1;
- err:
- FIPS_cipher_ctx_cleanup(&ctx);
- return ret;
- }
-
-static int FIPS_des3_test(void)
- {
- int ret = 0;
- unsigned char pltmp[8];
- unsigned char citmp[8];
- unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
- 19,20,21,22,23,24};
- unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
- EVP_CIPHER_CTX ctx;
- FIPS_cipher_ctx_init(&ctx);
- if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 1) <= 0)
- goto err;
- FIPS_cipher(&ctx, citmp, plaintext, 8);
- if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 0) <= 0)
- goto err;
- FIPS_cipher(&ctx, pltmp, citmp, 8);
- if (memcmp(pltmp, plaintext, 8))
- goto err;
- ret = 1;
- err:
- FIPS_cipher_ctx_cleanup(&ctx);
- return ret;
- }
-
-/*
- * DSA: generate keys and sign, verify input plaintext.
- */
-static int FIPS_dsa_test(int bad)
- {
- DSA *dsa = NULL;
- unsigned char dgst[] = "etaonrishdlc";
- int r = 0;
- DSA_SIG *sig = NULL;
-
- ERR_clear_error();
- dsa = FIPS_dsa_new();
- if (!dsa)
- goto end;
- if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
- goto end;
- if (!DSA_generate_key(dsa))
- goto end;
- if (bad)
- BN_add_word(dsa->pub_key, 1);
-
- sig = FIPS_dsa_sign(dsa, dgst, sizeof(dgst) -1, EVP_sha256());
- if (!sig)
- goto end;
-
- r = FIPS_dsa_verify(dsa, dgst, sizeof(dgst) -1, EVP_sha256(), sig);
- end:
- if (sig)
- FIPS_dsa_sig_free(sig);
- if (dsa)
- FIPS_dsa_free(dsa);
- if (r != 1)
- return 0;
- return 1;
- }
-
-/*
- * RSA: generate keys and sign, verify input plaintext.
- */
-static int FIPS_rsa_test(int bad)
- {
- RSA *key;
- unsigned char input_ptext[] = "etaonrishdlc";
- unsigned char buf[256];
- unsigned int slen;
- BIGNUM *bn;
- int r = 0;
-
- ERR_clear_error();
- key = FIPS_rsa_new();
- bn = BN_new();
- if (!key || !bn)
- return 0;
- BN_set_word(bn, 65537);
- if (!RSA_generate_key_ex(key, 2048,bn,NULL))
- return 0;
- BN_free(bn);
- if (bad)
- BN_add_word(key->n, 1);
-
- if (!FIPS_rsa_sign(key, input_ptext, sizeof(input_ptext) - 1, EVP_sha256(),
- RSA_PKCS1_PADDING, 0, NULL, buf, &slen))
- goto end;
-
- r = FIPS_rsa_verify(key, input_ptext, sizeof(input_ptext) - 1, EVP_sha256(),
- RSA_PKCS1_PADDING, 0, NULL, buf, slen);
- end:
- if (key)
- FIPS_rsa_free(key);
- if (r != 1)
- return 0;
- return 1;
- }
-
-/* SHA1: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_sha1_test()
- {
- unsigned char digest[SHA_DIGEST_LENGTH] =
- { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
- unsigned char str[] = "etaonrishd";
-
- unsigned char md[SHA_DIGEST_LENGTH];
-
- ERR_clear_error();
- if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha1())) return 0;
- if (memcmp(md,digest,sizeof(md)))
- return 0;
- return 1;
- }
-
-/* SHA256: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_sha256_test()
- {
- unsigned char digest[SHA256_DIGEST_LENGTH] =
- {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
- 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
- unsigned char str[] = "etaonrishd";
-
- unsigned char md[SHA256_DIGEST_LENGTH];
-
- ERR_clear_error();
- if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha256())) return 0;
- if (memcmp(md,digest,sizeof(md)))
- return 0;
- return 1;
- }
-
-/* SHA512: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_sha512_test()
- {
- unsigned char digest[SHA512_DIGEST_LENGTH] =
- {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
- 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
- 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
- 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
- unsigned char str[] = "etaonrishd";
-
- unsigned char md[SHA512_DIGEST_LENGTH];
-
- ERR_clear_error();
- if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha512())) return 0;
- if (memcmp(md,digest,sizeof(md)))
- return 0;
- return 1;
- }
-
-/* HMAC-SHA1: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_hmac_sha1_test()
- {
- unsigned char key[] = "etaonrishd";
- unsigned char iv[] = "Sample text";
- unsigned char kaval[EVP_MAX_MD_SIZE] =
- {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
- 0xb2, 0xfb, 0xec, 0xc6};
-
- unsigned char out[EVP_MAX_MD_SIZE];
- unsigned int outlen;
-
- ERR_clear_error();
- if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
- if (memcmp(out,kaval,outlen))
- return 0;
- return 1;
- }
-
-/* HMAC-SHA224: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_hmac_sha224_test()
- {
- unsigned char key[] = "etaonrishd";
- unsigned char iv[] = "Sample text";
- unsigned char kaval[EVP_MAX_MD_SIZE] =
- {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
- 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
-
- unsigned char out[EVP_MAX_MD_SIZE];
- unsigned int outlen;
-
- ERR_clear_error();
- if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
- if (memcmp(out,kaval,outlen))
- return 0;
- return 1;
- }
-
-/* HMAC-SHA256: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_hmac_sha256_test()
- {
- unsigned char key[] = "etaonrishd";
- unsigned char iv[] = "Sample text";
- unsigned char kaval[EVP_MAX_MD_SIZE] =
- {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
- 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
-
- unsigned char out[EVP_MAX_MD_SIZE];
- unsigned int outlen;
-
- ERR_clear_error();
- if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
- if (memcmp(out,kaval,outlen))
- return 0;
- return 1;
- }
-
-/* HMAC-SHA384: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_hmac_sha384_test()
- {
- unsigned char key[] = "etaonrishd";
- unsigned char iv[] = "Sample text";
- unsigned char kaval[EVP_MAX_MD_SIZE] =
- {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
- 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
- 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
-
- unsigned char out[EVP_MAX_MD_SIZE];
- unsigned int outlen;
-
- ERR_clear_error();
- if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
- if (memcmp(out,kaval,outlen))
- return 0;
- return 1;
- }
-
-/* HMAC-SHA512: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_hmac_sha512_test()
- {
- unsigned char key[] = "etaonrishd";
- unsigned char iv[] = "Sample text";
- unsigned char kaval[EVP_MAX_MD_SIZE] =
- {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
- 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
- 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
- 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
-
- unsigned char out[EVP_MAX_MD_SIZE];
- unsigned int outlen;
-
- ERR_clear_error();
- if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
- if (memcmp(out,kaval,outlen))
- return 0;
- return 1;
- }
-
-/* CMAC-AES128: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_cmac_aes128_test()
- {
- unsigned char key[16] = { 0x2b,0x7e,0x15,0x16, 0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88, 0x09,0xcf,0x4f,0x3c, };
- unsigned char data[] = "Sample text";
- unsigned char kaval[EVP_MAX_MD_SIZE] =
- { 0x16,0x83,0xfe,0xac, 0x52,0x9b,0xae,0x23,
- 0xd7,0xd5,0x66,0xf5, 0xd2,0x8d,0xbd,0x2a, };
-
- unsigned char *out = NULL;
- size_t outlen;
- CMAC_CTX *ctx = CMAC_CTX_new();
- int r = 0;
-
- ERR_clear_error();
-
- if (!ctx)
- goto end;
- if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_128_cbc(),NULL))
- goto end;
- if (!CMAC_Update(ctx,data,sizeof(data)-1))
- goto end;
- /* This should return 1. If not, there's a programming error... */
- if (!CMAC_Final(ctx, out, &outlen))
- goto end;
- out = OPENSSL_malloc(outlen);
- if (!CMAC_Final(ctx, out, &outlen))
- goto end;
-#if 0
- {
- char *hexout = OPENSSL_malloc(outlen * 2 + 1);
- bin2hex(out, outlen, hexout);
- printf("CMAC-AES128: res = %s\n", hexout);
- OPENSSL_free(hexout);
- }
- r = 1;
-#else
- if (!memcmp(out,kaval,outlen))
- r = 1;
-#endif
- end:
- CMAC_CTX_free(ctx);
- if (out)
- OPENSSL_free(out);
- return r;
- }
-
-/* CMAC-AES192: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_cmac_aes192_test()
- {
- unsigned char key[] = { 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, };
- unsigned char data[] = "Sample text";
- unsigned char kaval[] =
- { 0xd6,0x99,0x19,0x25, 0xe5,0x1d,0x95,0x48,
- 0xb1,0x4a,0x0b,0xf2, 0xc6,0x3c,0x47,0x1f, };
-
- unsigned char *out = NULL;
- size_t outlen;
- CMAC_CTX *ctx = CMAC_CTX_new();
- int r = 0;
-
- ERR_clear_error();
-
- if (!ctx)
- goto end;
- if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_192_cbc(),NULL))
- goto end;
- if (!CMAC_Update(ctx,data,sizeof(data)-1))
- goto end;
- /* This should return 1. If not, there's a programming error... */
- if (!CMAC_Final(ctx, out, &outlen))
- goto end;
- out = OPENSSL_malloc(outlen);
- if (!CMAC_Final(ctx, out, &outlen))
- goto end;
-#if 0
- {
- char *hexout = OPENSSL_malloc(outlen * 2 + 1);
- bin2hex(out, outlen, hexout);
- printf("CMAC-AES192: res = %s\n", hexout);
- OPENSSL_free(hexout);
- }
- r = 1;
-#else
- if (!memcmp(out,kaval,outlen))
- r = 1;
-#endif
- end:
- CMAC_CTX_free(ctx);
- if (out)
- OPENSSL_free(out);
- return r;
- }
-
-/* CMAC-AES256: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_cmac_aes256_test()
- {
- unsigned char key[] = { 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, };
- unsigned char data[] = "Sample text";
- unsigned char kaval[] =
- { 0xec,0xc2,0xcf,0x63, 0xc7,0xce,0xfc,0xa4,
- 0xb0,0x86,0x37,0x5f, 0x15,0x60,0xba,0x1f, };
-
- unsigned char *out = NULL;
- size_t outlen;
- CMAC_CTX *ctx = CMAC_CTX_new();
- int r = 0;
-
- ERR_clear_error();
-
- if (!ctx)
- goto end;
- if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_256_cbc(),NULL))
- goto end;
- if (!CMAC_Update(ctx,data,sizeof(data)-1))
- goto end;
- /* This should return 1. If not, there's a programming error... */
- if (!CMAC_Final(ctx, out, &outlen))
- goto end;
- out = OPENSSL_malloc(outlen);
- if (!CMAC_Final(ctx, out, &outlen))
- goto end;
-#if 0
- {
- char *hexout = OPENSSL_malloc(outlen * 2 + 1);
- bin2hex(out, outlen, hexout);
- printf("CMAC-AES256: res = %s\n", hexout);
- OPENSSL_free(hexout);
- }
- r = 1;
-#else
- if (!memcmp(out,kaval,outlen))
- r = 1;
-#endif
- end:
- CMAC_CTX_free(ctx);
- if (out)
- OPENSSL_free(out);
- return r;
- }
-
-/* CMAC-TDEA3: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_cmac_tdea3_test()
- {
- unsigned char key[] = { 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62,
- 0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58,
- 0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, };
- unsigned char data[] = "Sample text";
- unsigned char kaval[EVP_MAX_MD_SIZE] =
- { 0xb4,0x06,0x4e,0xbf, 0x59,0x89,0xba,0x68, };
-
- unsigned char *out = NULL;
- size_t outlen;
- CMAC_CTX *ctx = CMAC_CTX_new();
- int r = 0;
-
- ERR_clear_error();
-
- if (!ctx)
- goto end;
- if (!CMAC_Init(ctx,key,sizeof(key),EVP_des_ede3_cbc(),NULL))
- goto end;
- if (!CMAC_Update(ctx,data,sizeof(data)-1))
- goto end;
- /* This should return 1. If not, there's a programming error... */
- if (!CMAC_Final(ctx, out, &outlen))
- goto end;
- out = OPENSSL_malloc(outlen);
- if (!CMAC_Final(ctx, out, &outlen))
- goto end;
-#if 0
- {
- char *hexout = OPENSSL_malloc(outlen * 2 + 1);
- bin2hex(out, outlen, hexout);
- printf("CMAC-TDEA3: res = %s\n", hexout);
- OPENSSL_free(hexout);
- }
- r = 1;
-#else
- if (!memcmp(out,kaval,outlen))
- r = 1;
-#endif
- end:
- CMAC_CTX_free(ctx);
- if (out)
- OPENSSL_free(out);
- return r;
- }
-
-
-/* DH: generate shared parameters
-*/
-static int dh_test()
- {
- DH *dh;
- ERR_clear_error();
- dh = FIPS_dh_new();
- if (!dh)
- return 0;
- if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
- return 0;
- FIPS_dh_free(dh);
- return 1;
- }
-
-/* Zeroize
-*/
-static int Zeroize()
- {
- RSA *key;
- BIGNUM *bn;
- unsigned char userkey[16] =
- { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
- size_t i;
- int n;
-
- key = FIPS_rsa_new();
- bn = BN_new();
- if (!key || !bn)
- return 0;
- BN_set_word(bn, 65537);
- if (!RSA_generate_key_ex(key, 1024,bn,NULL))
- return 0;
- BN_free(bn);
-
- n = BN_num_bytes(key->d);
- printf(" Generated %d byte RSA private key\n", n);
- printf("\tBN key before overwriting:\n");
- do_bn_print(stdout, key->d);
- BN_rand(key->d,n*8,-1,0);
- printf("\tBN key after overwriting:\n");
- do_bn_print(stdout, key->d);
-
- printf("\tchar buffer key before overwriting: \n\t\t");
- for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
- printf("\n");
- RAND_bytes(userkey, sizeof userkey);
- printf("\tchar buffer key after overwriting: \n\t\t");
- for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
- printf("\n");
-
- FIPS_rsa_free(key);
-
- return 1;
- }
-
-/* Dummy Entropy for DRBG tests. WARNING: THIS IS TOTALLY BOGUS
- * HAS ZERO SECURITY AND MUST NOT BE USED IN REAL APPLICATIONS.
- */
-
-static unsigned char dummy_drbg_entropy[1024];
-
-static size_t drbg_test_cb(DRBG_CTX *ctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len)
- {
- *pout = dummy_drbg_entropy;
- /* Round up to multiple of block size */
- return (min_len + 0xf) & ~0xf;
- }
-
-/* Callback which returns 0 to indicate entropy source failure */
-static size_t drbg_fail_cb(DRBG_CTX *ctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len)
- {
- return 0;
- }
-
-/* DRBG test: just generate lots of data and trigger health checks */
-
-static int do_drbg_test(int type, int flags)
- {
- DRBG_CTX *dctx;
- int rv = 0;
- size_t i;
- unsigned char randout[1024];
- dctx = FIPS_drbg_new(type, flags);
- if (!dctx)
- return 0;
- FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0);
- for (i = 0; i < sizeof(dummy_drbg_entropy); i++)
- {
- dummy_drbg_entropy[i] = i & 0xff;
- }
- if (!FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10))
- goto err;
- FIPS_drbg_set_check_interval(dctx, 10);
- for (i = 0; i < 32; i++)
- {
- if (!FIPS_drbg_generate(dctx, randout, sizeof(randout), 0, NULL, 0))
- goto err;
- if (!FIPS_drbg_generate(dctx, randout, sizeof(randout), 0, dummy_drbg_entropy, 1))
- goto err;
- }
- rv = 1;
- err:
- FIPS_drbg_free(dctx);
- return rv;
- }
-
-typedef struct
- {
- int type, flags;
- } DRBG_LIST;
-
-static int do_drbg_all(void)
- {
- static DRBG_LIST drbg_types[] =
- {
- {NID_sha1, 0},
- {NID_sha224, 0},
- {NID_sha256, 0},
- {NID_sha384, 0},
- {NID_sha512, 0},
- {NID_hmacWithSHA1, 0},
- {NID_hmacWithSHA224, 0},
- {NID_hmacWithSHA256, 0},
- {NID_hmacWithSHA384, 0},
- {NID_hmacWithSHA512, 0},
- {NID_aes_128_ctr, 0},
- {NID_aes_192_ctr, 0},
- {NID_aes_256_ctr, 0},
- {NID_aes_128_ctr, DRBG_FLAG_CTR_USE_DF},
- {NID_aes_192_ctr, DRBG_FLAG_CTR_USE_DF},
- {NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF},
- {(NID_X9_62_prime256v1 << 16)|NID_sha1, 0},
- {(NID_X9_62_prime256v1 << 16)|NID_sha224, 0},
- {(NID_X9_62_prime256v1 << 16)|NID_sha256, 0},
- {(NID_X9_62_prime256v1 << 16)|NID_sha384, 0},
- {(NID_X9_62_prime256v1 << 16)|NID_sha512, 0},
- {(NID_secp384r1 << 16)|NID_sha224, 0},
- {(NID_secp384r1 << 16)|NID_sha256, 0},
- {(NID_secp384r1 << 16)|NID_sha384, 0},
- {(NID_secp384r1 << 16)|NID_sha512, 0},
- {(NID_secp521r1 << 16)|NID_sha256, 0},
- {(NID_secp521r1 << 16)|NID_sha384, 0},
- {(NID_secp521r1 << 16)|NID_sha512, 0},
- {0, 0}
- };
- DRBG_LIST *lst;
- int rv = 1;
- for (lst = drbg_types;; lst++)
- {
- if (lst->type == 0)
- break;
- if (!do_drbg_test(lst->type, lst->flags))
- rv = 0;
- }
- return rv;
- }
-
-static int Error;
-static const char * Fail(const char *msg)
- {
- Error++;
- return msg;
- }
-
-static void test_msg(const char *msg, int result)
- {
- printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
- }
-
-/* Table of IDs for POST translating between NIDs and names */
-
-typedef struct
- {
- int id;
- const char *name;
- } POST_ID;
-
-POST_ID id_list[] = {
- {NID_sha1, "SHA1"},
- {NID_sha224, "SHA224"},
- {NID_sha256, "SHA256"},
- {NID_sha384, "SHA384"},
- {NID_sha512, "SHA512"},
- {NID_hmacWithSHA1, "HMAC-SHA1"},
- {NID_hmacWithSHA224, "HMAC-SHA224"},
- {NID_hmacWithSHA256, "HMAC-SHA256"},
- {NID_hmacWithSHA384, "HMAC-SHA384"},
- {NID_hmacWithSHA512, "HMAC-SHA512"},
- {EVP_PKEY_RSA, "RSA"},
- {EVP_PKEY_DSA, "DSA"},
- {EVP_PKEY_EC, "ECDSA"},
- {NID_aes_128_cbc, "AES-128-CBC"},
- {NID_aes_192_cbc, "AES-192-CBC"},
- {NID_aes_256_cbc, "AES-256-CBC"},
- {NID_aes_128_ctr, "AES-128-CTR"},
- {NID_aes_192_ctr, "AES-192-CTR"},
- {NID_aes_256_ctr, "AES-256-CTR"},
- {NID_aes_128_ecb, "AES-128-ECB"},
- {NID_aes_128_xts, "AES-128-XTS"},
- {NID_aes_256_xts, "AES-256-XTS"},
- {NID_des_ede3_cbc, "DES-EDE3-CBC"},
- {NID_des_ede3_ecb, "DES-EDE3-ECB"},
- {NID_secp224r1, "P-224"},
- {NID_sect233r1, "B-233"},
- {NID_sect233k1, "K-233"},
- {NID_X9_62_prime256v1, "P-256"},
- {NID_secp384r1, "P-384"},
- {NID_secp521r1, "P-521"},
- {0, NULL}
-};
-
-static const char *lookup_id(int id)
- {
- POST_ID *n;
- static char out[40];
- for (n = id_list; n->name; n++)
- {
- if (n->id == id)
- return n->name;
- }
- sprintf(out, "ID=%d", id);
- return out;
- }
-
-static int fail_id = -1;
-static int fail_sub = -1;
-static int fail_key = -1;
-
-static int st_err, post_quiet = 0;
-
-static int post_cb(int op, int id, int subid, void *ex)
- {
- const char *idstr, *exstr = "";
- char asctmp[20];
- int keytype = -1;
- int exp_fail = 0;
-#ifdef FIPS_POST_TIME
- static struct timespec start, end, tstart, tend;
-#endif
- switch(id)
- {
- case FIPS_TEST_INTEGRITY:
- idstr = "Integrity";
- break;
-
- case FIPS_TEST_DIGEST:
- idstr = "Digest";
- exstr = lookup_id(subid);
- break;
-
- case FIPS_TEST_CIPHER:
- exstr = lookup_id(subid);
- idstr = "Cipher";
- break;
-
- case FIPS_TEST_SIGNATURE:
- if (ex)
- {
- EVP_PKEY *pkey = ex;
- keytype = pkey->type;
- if (keytype == EVP_PKEY_EC)
- {
- const EC_GROUP *grp;
- int cnid;
- grp = EC_KEY_get0_group(pkey->pkey.ec);
- cnid = EC_GROUP_get_curve_name(grp);
- sprintf(asctmp, "ECDSA %s", lookup_id(cnid));
- exstr = asctmp;
- }
- else
- exstr = lookup_id(keytype);
- }
- idstr = "Signature";
- break;
-
- case FIPS_TEST_HMAC:
- exstr = lookup_id(subid);
- idstr = "HMAC";
- break;
-
- case FIPS_TEST_CMAC:
- idstr = "CMAC";
- exstr = lookup_id(subid);
- break;
-
- case FIPS_TEST_GCM:
- idstr = "GCM";
- break;
-
- case FIPS_TEST_XTS:
- idstr = "XTS";
- exstr = lookup_id(subid);
- break;
-
- case FIPS_TEST_CCM:
- idstr = "CCM";
- break;
-
- case FIPS_TEST_X931:
- idstr = "X9.31 PRNG";
- sprintf(asctmp, "keylen=%d", subid);
- exstr = asctmp;
- break;
-
- case FIPS_TEST_DRBG:
- idstr = "DRBG";
- if (*(int *)ex & DRBG_FLAG_CTR_USE_DF)
- {
- sprintf(asctmp, "%s DF", lookup_id(subid));
- exstr = asctmp;
- }
- else if (subid >> 16)
- {
- sprintf(asctmp, "%s %s",
- lookup_id(subid >> 16),
- lookup_id(subid & 0xFFFF));
- exstr = asctmp;
- }
- else
- exstr = lookup_id(subid);
- break;
-
- case FIPS_TEST_PAIRWISE:
- if (ex)
- {
- EVP_PKEY *pkey = ex;
- keytype = pkey->type;
- exstr = lookup_id(keytype);
- }
- idstr = "Pairwise Consistency";
- break;
-
- case FIPS_TEST_CONTINUOUS:
- idstr = "Continuous PRNG";
- break;
-
- case FIPS_TEST_ECDH:
- idstr = "ECDH";
- exstr = lookup_id(subid);
- break;
-
- default:
- idstr = "Unknown";
- break;
-
- }
-
- if (fail_id == id
- && (fail_key == -1 || fail_key == keytype)
- && (fail_sub == -1 || fail_sub == subid))
- exp_fail = 1;
-
- switch(op)
- {
- case FIPS_POST_BEGIN:
-#ifdef FIPS_POST_TIME
- clock_getres(CLOCK_REALTIME, &tstart);
- printf("\tTimer resolution %ld s, %ld ns\n",
- (long)tstart.tv_sec, (long)tstart.tv_nsec);
- clock_gettime(CLOCK_REALTIME, &tstart);
-#endif
- printf("\tPOST started\n");
- break;
-
- case FIPS_POST_END:
- printf("\tPOST %s\n", id ? "Success" : "Failed");
-#ifdef FIPS_POST_TIME
- clock_gettime(CLOCK_REALTIME, &tend);
- printf("\t\tTook %f seconds\n",
- (double)((tend.tv_sec+tend.tv_nsec*1e-9)
- - (tstart.tv_sec+tstart.tv_nsec*1e-9)));
-#endif
- break;
-
- case FIPS_POST_STARTED:
- if (!post_quiet && !exp_fail)
- printf("\t\t%s %s test started\n", idstr, exstr);
-#ifdef FIPS_POST_TIME
- clock_gettime(CLOCK_REALTIME, &start);
-#endif
- break;
-
- case FIPS_POST_SUCCESS:
- if (exp_fail)
- {
- printf("\t\t%s %s test OK but should've failed\n",
- idstr, exstr);
- st_err++;
- }
- else if (!post_quiet)
- printf("\t\t%s %s test OK\n", idstr, exstr);
-#ifdef FIPS_POST_TIME
- clock_gettime(CLOCK_REALTIME, &end);
- printf("\t\t\tTook %f seconds\n",
- (double)((end.tv_sec+end.tv_nsec*1e-9)
- - (start.tv_sec+start.tv_nsec*1e-9)));
-#endif
- break;
-
- case FIPS_POST_FAIL:
- if (exp_fail)
- {
- printf("\t\t%s %s test failed as expected\n",
- idstr, exstr);
- }
- else
- {
- printf("\t\t%s %s test Failed Incorrectly!!\n",
- idstr, exstr);
- st_err++;
- }
- break;
-
- case FIPS_POST_CORRUPT:
- if (exp_fail)
- {
- printf("\t\t%s %s test failure induced\n", idstr, exstr);
- return 0;
- }
- break;
-
- }
- return 1;
- }
-
-/* Test POST induced failures */
-
-typedef struct
- {
- const char *name;
- int id, subid, keyid;
- } fail_list;
-
-static fail_list flist[] =
- {
- {"Integrity", FIPS_TEST_INTEGRITY, -1, -1},
- {"AES", FIPS_TEST_CIPHER, NID_aes_128_ecb, -1},
- {"DES3", FIPS_TEST_CIPHER, NID_des_ede3_ecb, -1},
- {"AES-GCM", FIPS_TEST_GCM, -1, -1},
- {"AES-CCM", FIPS_TEST_CCM, -1, -1},
- {"AES-XTS", FIPS_TEST_XTS, -1, -1},
- {"Digest", FIPS_TEST_DIGEST, -1, -1},
- {"HMAC", FIPS_TEST_HMAC, -1, -1},
- {"CMAC", FIPS_TEST_CMAC, -1, -1},
- {"DRBG", FIPS_TEST_DRBG, -1, -1},
- {"X9.31 PRNG", FIPS_TEST_X931, -1, -1},
- {"RSA", FIPS_TEST_SIGNATURE, -1, EVP_PKEY_RSA},
- {"DSA", FIPS_TEST_SIGNATURE, -1, EVP_PKEY_DSA},
- {"ECDSA", FIPS_TEST_SIGNATURE, -1, EVP_PKEY_EC},
- {"ECDH", FIPS_TEST_ECDH, -1, -1},
- {NULL, -1, -1, -1}
- };
-
-static int do_fail_all(int fullpost, int fullerr)
- {
- fail_list *ftmp;
- int rv;
- size_t i;
- RSA *rsa = NULL;
- DSA *dsa = NULL;
- DRBG_CTX *dctx = NULL, *defctx = NULL;
- EC_KEY *ec = NULL;
- BIGNUM *bn = NULL;
- unsigned char out[10];
- if (!fullpost)
- post_quiet = 1;
- if (!fullerr)
- no_err = 1;
- FIPS_module_mode_set(0, NULL);
- for (ftmp = flist; ftmp->name; ftmp++)
- {
- printf(" Testing induced failure of %s test\n", ftmp->name);
- fail_id = ftmp->id;
- fail_sub = ftmp->subid;
- fail_key = ftmp->keyid;
- rv = FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS);
- if (rv)
- {
- printf("\tFIPS mode incorrectly successful!!\n");
- st_err++;
- }
- }
- printf(" Testing induced failure of RSA keygen test\n");
- /* NB POST will succeed with a pairwise test failures as
- * it is not used during POST.
- */
- fail_id = FIPS_TEST_PAIRWISE;
- fail_key = EVP_PKEY_RSA;
- /* Now enter FIPS mode successfully */
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
- {
- printf("\tError entering FIPS mode\n");
- st_err++;
- }
-
- rsa = FIPS_rsa_new();
- bn = BN_new();
- if (!rsa || !bn)
- return 0;
- BN_set_word(bn, 65537);
- if (RSA_generate_key_ex(rsa, 2048,bn,NULL))
- {
- printf("\tRSA key generated OK incorrectly!!\n");
- st_err++;
- }
- else
- printf("\tRSA key generation failed as expected.\n");
-
- /* Leave FIPS mode to clear error */
- FIPS_module_mode_set(0, NULL);
-
- printf(" Testing induced failure of DSA keygen test\n");
- fail_key = EVP_PKEY_DSA;
- /* Enter FIPS mode successfully */
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
- {
- printf("\tError entering FIPS mode\n");
- st_err++;
- }
- dsa = FIPS_dsa_new();
- if (!dsa)
- return 0;
- if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
- return 0;
- if (DSA_generate_key(dsa))
- {
- printf("\tDSA key generated OK incorrectly!!\n");
- st_err++;
- }
- else
- printf("\tDSA key generation failed as expected.\n");
-
- /* Leave FIPS mode to clear error */
- FIPS_module_mode_set(0, NULL);
- /* Enter FIPS mode successfully */
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
- {
- printf("\tError entering FIPS mode\n");
- st_err++;
- }
-
- printf(" Testing induced failure of ECDSA keygen test\n");
- fail_key = EVP_PKEY_EC;
-
- ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-
- if (!ec)
- return 0;
-
- if (EC_KEY_generate_key(ec))
- {
- printf("\tECDSA key generated OK incorrectly!!\n");
- st_err++;
- }
- else
- printf("\tECDSA key generation failed as expected.\n");
-
- FIPS_ec_key_free(ec);
- ec = NULL;
-
- fail_id = -1;
- fail_sub = -1;
- fail_key = -1;
- /* Leave FIPS mode to clear error */
- FIPS_module_mode_set(0, NULL);
- /* Enter FIPS mode successfully */
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
- {
- printf("\tError entering FIPS mode\n");
- st_err++;
- }
- /* Induce continuous PRNG failure for DRBG */
- printf(" Testing induced failure of DRBG CPRNG test\n");
- FIPS_drbg_stick(1);
-
- /* Initialise a DRBG context */
- dctx = FIPS_drbg_new(NID_sha1, 0);
- if (!dctx)
- return 0;
- for (i = 0; i < sizeof(dummy_drbg_entropy); i++)
- {
- dummy_drbg_entropy[i] = i & 0xff;
- }
- FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0);
- if (!FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10))
- {
- printf("\tDRBG instantiate error!!\n");
- st_err++;
- }
- if (FIPS_drbg_generate(dctx, out, sizeof(out), 0, NULL, 0))
- {
- printf("\tDRBG continuous PRNG OK incorrectly!!\n");
- st_err++;
- }
- else
- printf("\tDRBG continuous PRNG failed as expected\n");
- FIPS_drbg_stick(0);
-
- /* Leave FIPS mode to clear error */
- FIPS_module_mode_set(0, NULL);
- /* Enter FIPS mode successfully */
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
- {
- printf("\tError entering FIPS mode\n");
- st_err++;
- }
-
- FIPS_drbg_free(dctx);
-
- /* Induce continuous PRNG failure for DRBG entropy source*/
- printf(" Testing induced failure of DRBG entropy CPRNG test\n");
-
- /* Initialise a DRBG context */
- dctx = FIPS_drbg_new(NID_sha1, 0);
- if (!dctx)
- return 0;
- for (i = 0; i < sizeof(dummy_drbg_entropy); i++)
- {
- dummy_drbg_entropy[i] = i & 0xf;
- }
- FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0);
- if (FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10))
- {
- printf("\tDRBG continuous PRNG entropy OK incorrectly!!\n");
- st_err++;
- }
- else
- printf("\tDRBG continuous PRNG entropy failed as expected\n");
- /* Leave FIPS mode to clear error */
- FIPS_module_mode_set(0, NULL);
- /* Enter FIPS mode successfully */
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
- {
- printf("\tError entering FIPS mode\n");
- st_err++;
- }
- FIPS_drbg_free(dctx);
-
- /* Leave FIPS mode to clear error */
- FIPS_module_mode_set(0, NULL);
- /* Enter FIPS mode successfully */
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
- {
- printf("\tError entering FIPS mode\n");
- st_err++;
- }
-
- printf(" Testing induced failure of X9.31 CPRNG test\n");
- FIPS_x931_stick(1);
- if (!FIPS_x931_set_key(dummy_drbg_entropy, 32))
- {
- printf("\tError initialiasing X9.31 PRNG\n");
- st_err++;
- }
- if (!FIPS_x931_seed(dummy_drbg_entropy + 32, 16))
- {
- printf("\tError seeding X9.31 PRNG\n");
- st_err++;
- }
- if (FIPS_x931_bytes(out, 10) > 0)
- {
- printf("\tX9.31 continuous PRNG failure OK incorrectly!!\n");
- st_err++;
- }
- else
- printf("\tX9.31 continuous PRNG failed as expected\n");
- FIPS_x931_stick(0);
-
- /* Leave FIPS mode to clear error */
- FIPS_module_mode_set(0, NULL);
- /* Enter FIPS mode successfully */
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
- {
- printf("\tError entering FIPS mode\n");
- st_err++;
- }
-
- printf(" Testing operation failure with DRBG entropy failure\n");
-
- /* Generate DSA key for later use */
- if (DSA_generate_key(dsa))
- printf("\tDSA key generated OK as expected.\n");
- else
- {
- printf("\tDSA key generation FAILED!!\n");
- st_err++;
- }
-
- /* Initialise default DRBG context */
- defctx = FIPS_get_default_drbg();
- if (!defctx)
- return 0;
- if (!FIPS_drbg_init(defctx, NID_sha512, 0))
- return 0;
- /* Set entropy failure callback */
- FIPS_drbg_set_callbacks(defctx, drbg_fail_cb, 0, 0x10, drbg_test_cb, 0);
- if (FIPS_drbg_instantiate(defctx, dummy_drbg_entropy, 10))
- {
- printf("\tDRBG entropy fail OK incorrectly!!\n");
- st_err++;
- }
- else
- printf("\tDRBG entropy fail failed as expected\n");
-
- if (FIPS_dsa_sign(dsa, dummy_drbg_entropy, 5, EVP_sha256()))
- {
- printf("\tDSA signing OK incorrectly!!\n");
- st_err++;
- }
- else
- printf("\tDSA signing failed as expected\n");
-
- ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-
- if (!ec)
- return 0;
-
- if (EC_KEY_generate_key(ec))
- {
- printf("\tECDSA key generated OK incorrectly!!\n");
- st_err++;
- }
- else
- printf("\tECDSA key generation failed as expected.\n");
-
- printf(" Induced failure test completed with %d errors\n", st_err);
- post_quiet = 0;
- no_err = 0;
- BN_free(bn);
- FIPS_rsa_free(rsa);
- FIPS_dsa_free(dsa);
- FIPS_ec_key_free(ec);
- if (st_err)
- return 0;
- return 1;
- }
-
-#ifdef FIPS_ALGVS
-int fips_test_suite_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
- {
- char **args = argv + 1;
- int bad_rsa = 0, bad_dsa = 0;
- int do_rng_stick = 0;
- int do_drbg_stick = 0;
- int no_exit = 0;
- int no_dh = 0, no_drbg = 0;
- char *pass = FIPS_AUTH_USER_PASS;
- int fullpost = 0, fullerr = 0;
-
- FIPS_post_set_callback(post_cb);
-
- printf("\tFIPS-mode test application\n");
-
- printf("\t%s\n\n", FIPS_module_version_text());
-
- while(*args) {
- /* Corrupted KAT tests */
- if (!strcmp(*args, "integrity")) {
- fail_id = FIPS_TEST_INTEGRITY;
- } else if (!strcmp(*args, "aes")) {
- fail_id = FIPS_TEST_CIPHER;
- fail_sub = NID_aes_128_ecb;
- } else if (!strcmp(*args, "aes-ccm")) {
- fail_id = FIPS_TEST_CCM;
- } else if (!strcmp(*args, "aes-gcm")) {
- fail_id = FIPS_TEST_GCM;
- } else if (!strcmp(*args, "aes-xts")) {
- fail_id = FIPS_TEST_XTS;
- } else if (!strcmp(*args, "des")) {
- fail_id = FIPS_TEST_CIPHER;
- fail_sub = NID_des_ede3_ecb;
- } else if (!strcmp(*args, "dsa")) {
- fail_id = FIPS_TEST_SIGNATURE;
- fail_key = EVP_PKEY_DSA;
- } else if (!strcmp(argv[1], "ecdh")) {
- fail_id = FIPS_TEST_ECDH;
- } else if (!strcmp(*args, "ecdsa")) {
- fail_id = FIPS_TEST_SIGNATURE;
- fail_key = EVP_PKEY_EC;
- } else if (!strcmp(*args, "rsa")) {
- fail_id = FIPS_TEST_SIGNATURE;
- fail_key = EVP_PKEY_RSA;
- } else if (!strcmp(*args, "rsakey")) {
- printf("RSA key generation and signature validation with corrupted key...\n");
- bad_rsa = 1;
- no_exit = 1;
- } else if (!strcmp(*args, "rsakeygen")) {
- fail_id = FIPS_TEST_PAIRWISE;
- fail_key = EVP_PKEY_RSA;
- no_exit = 1;
- } else if (!strcmp(*args, "dsakey")) {
- printf("DSA key generation and signature validation with corrupted key...\n");
- bad_dsa = 1;
- no_exit = 1;
- } else if (!strcmp(*args, "dsakeygen")) {
- fail_id = FIPS_TEST_PAIRWISE;
- fail_key = EVP_PKEY_DSA;
- no_exit = 1;
- } else if (!strcmp(*args, "sha1")) {
- fail_id = FIPS_TEST_DIGEST;
- } else if (!strcmp(*args, "hmac")) {
- fail_id = FIPS_TEST_HMAC;
- } else if (!strcmp(*args, "cmac")) {
- fail_id = FIPS_TEST_CMAC;
- } else if (!strcmp(*args, "drbg")) {
- fail_id = FIPS_TEST_DRBG;
- } else if (!strcmp(argv[1], "rng")) {
- fail_id = FIPS_TEST_X931;
- } else if (!strcmp(*args, "nodrbg")) {
- no_drbg = 1;
- no_exit = 1;
- } else if (!strcmp(*args, "nodh")) {
- no_dh = 1;
- no_exit = 1;
- } else if (!strcmp(*args, "post")) {
- fail_id = -1;
- } else if (!strcmp(*args, "rngstick")) {
- do_rng_stick = 1;
- no_exit = 1;
- printf("RNG test with stuck continuous test...\n");
- } else if (!strcmp(*args, "drbgentstick")) {
- do_entropy_stick();
- } else if (!strcmp(*args, "drbgstick")) {
- do_drbg_stick = 1;
- no_exit = 1;
- printf("DRBG test with stuck continuous test...\n");
- } else if (!strcmp(*args, "user")) {
- pass = FIPS_AUTH_USER_PASS;
- } else if (!strcmp(*args, "officer")) {
- pass = FIPS_AUTH_OFFICER_PASS;
- } else if (!strcmp(*args, "badpass")) {
- pass = "bad invalid password";
- } else if (!strcmp(*args, "nopass")) {
- pass = "";
- } else if (!strcmp(*args, "fullpost")) {
- fullpost = 1;
- no_exit = 1;
- } else if (!strcmp(*args, "fullerr")) {
- fullerr = 1;
- no_exit = 1;
- } else {
- printf("Bad argument \"%s\"\n", *args);
- return 1;
- }
- args++;
- }
-
- if ((argc != 1) && !no_exit) {
- fips_algtest_init_nofips();
- if (!FIPS_module_mode_set(1, pass)) {
- printf("Power-up self test failed\n");
- return 1;
- }
- printf("Power-up self test successful\n");
- return 0;
- }
-
- fips_algtest_init_nofips();
-
- /* Non-Approved cryptographic operation
- */
- printf("1. Non-Approved cryptographic operation test...\n");
- if (no_dh)
- printf("\t D-H test skipped\n");
- else
- test_msg("\ta. Included algorithm (D-H)...", dh_test());
-
- /* Power-up self test
- */
- ERR_clear_error();
- test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1, pass));
- if (!FIPS_module_mode())
- return 1;
- if (do_drbg_stick)
- FIPS_drbg_stick(1);
- if (do_rng_stick)
- FIPS_x931_stick(1);
-
- /* AES encryption/decryption
- */
- test_msg("3a. AES encryption/decryption", FIPS_aes_test());
- /* AES GCM encryption/decryption
- */
- test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test());
-
- /* RSA key generation and encryption/decryption
- */
- test_msg("4. RSA key generation and encryption/decryption",
- FIPS_rsa_test(bad_rsa));
-
- /* DES-CBC encryption/decryption
- */
- test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test());
-
- /* DSA key generation and signature validation
- */
- test_msg("6. DSA key generation and signature validation",
- FIPS_dsa_test(bad_dsa));
-
- /* SHA-1 hash
- */
- test_msg("7a. SHA-1 hash", FIPS_sha1_test());
-
- /* SHA-256 hash
- */
- test_msg("7b. SHA-256 hash", FIPS_sha256_test());
-
- /* SHA-512 hash
- */
- test_msg("7c. SHA-512 hash", FIPS_sha512_test());
-
- /* HMAC-SHA-1 hash
- */
- test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test());
-
- /* HMAC-SHA-224 hash
- */
- test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test());
-
- /* HMAC-SHA-256 hash
- */
- test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test());
-
- /* HMAC-SHA-384 hash
- */
- test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test());
-
- /* HMAC-SHA-512 hash
- */
- test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test());
-
- /* CMAC-AES-128 hash
- */
- test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test());
-
- /* CMAC-AES-192 hash
- */
- test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test());
-
- /* CMAC-AES-256 hash
- */
- test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test());
-
-# if 0 /* Not a FIPS algorithm */
- /* CMAC-TDEA-2 hash
- */
- test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test());
-#endif
-
- /* CMAC-TDEA-3 hash
- */
- test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test());
-
- /* Non-Approved cryptographic operation
- */
- printf("9. Non-Approved cryptographic operation test...\n");
- printf("\ta. Included algorithm (D-H)...%s\n",
- no_dh ? "skipped" :
- dh_test() ? "successful as expected"
- : Fail("failed INCORRECTLY!") );
-
- /* Zeroization
- */
- printf("10. Zero-ization...\n\t%s\n",
- Zeroize() ? "successful as expected"
- : Fail("failed INCORRECTLY!") );
-
- printf("11. Complete DRBG health check...\n");
- printf("\t%s\n", FIPS_selftest_drbg_all() ? "successful as expected"
- : Fail("failed INCORRECTLY!") );
-
- printf("12. DRBG generation check...\n");
- if (no_drbg)
- printf("\tskipped\n");
- else
- printf("\t%s\n", do_drbg_all() ? "successful as expected"
- : Fail("failed INCORRECTLY!") );
-
- printf("13. Induced test failure check...\n");
- printf("\t%s\n", do_fail_all(fullpost, fullerr) ? "successful as expected"
- : Fail("failed INCORRECTLY!") );
- printf("\nAll tests completed with %d errors\n", Error);
- return Error ? 1 : 0;
- }
-
-#endif
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#ifndef FIPS_UTL_H
-#define FIPS_UTL_H
-
-#define OPENSSL_FIPSAPI
-
-#include <openssl/fips_rand.h>
-#include <openssl/objects.h>
-
-#ifdef OPENSSL_SYS_WIN32
-#define RESP_EOL "\n"
-#else
-#define RESP_EOL "\r\n"
-#endif
-
-#ifndef FIPS_AUTH_OFFICER_PASS
-#define FIPS_AUTH_OFFICER_PASS "Default FIPS Crypto Officer Password"
-#endif
-
-#ifndef FIPS_AUTH_USER_PASS
-#define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password"
-#endif
-
-
-int hex2bin(const char *in, unsigned char *out);
-unsigned char *hex2bin_m(const char *in, long *plen);
-int do_hex2bn(BIGNUM **pr, const char *in);
-int do_bn_print(FILE *out, const BIGNUM *bn);
-int do_bn_print_name(FILE *out, const char *name, const BIGNUM *bn);
-int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf);
-int parse_line2(char **pkw, char **pval, char *linebuf, char *olinebuf, int eol);
-BIGNUM *hex2bn(const char *in);
-int tidy_line(char *linebuf, char *olinebuf);
-int copy_line(const char *in, FILE *ofp);
-int bint2bin(const char *in, int len, unsigned char *out);
-int bin2bint(const unsigned char *in,int len,char *out);
-void PrintValue(char *tag, unsigned char *val, int len);
-void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode);
-void fips_algtest_init(void);
-void do_entropy_stick(void);
-int fips_strncasecmp(const char *str1, const char *str2, size_t n);
-int fips_strcasecmp(const char *str1, const char *str2);
-
-static int no_err;
-
-static void put_err_cb(int lib, int func,int reason,const char *file,int line)
- {
- if (no_err)
- return;
- fprintf(stderr, "ERROR:%08lX:lib=%d,func=%d,reason=%d"
- ":file=%s:line=%d\n",
- ERR_PACK(lib, func, reason),
- lib, func, reason, file, line);
- }
-
-static void add_err_cb(int num, va_list args)
- {
- int i;
- char *str;
- if (no_err)
- return;
- fputs("\t", stderr);
- for (i = 0; i < num; i++)
- {
- str = va_arg(args, char *);
- if (str)
- fputs(str, stderr);
- }
- fputs("\n", stderr);
- }
-
-/* Dummy Entropy to keep DRBG happy. WARNING: THIS IS TOTALLY BOGUS
- * HAS ZERO SECURITY AND MUST NOT BE USED IN REAL APPLICATIONS.
- */
-
-static unsigned char dummy_entropy[1024];
-
-static size_t dummy_cb(DRBG_CTX *ctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len)
- {
- *pout = dummy_entropy;
- return min_len;
- }
-
-static int entropy_stick = 0;
-
-static void fips_algtest_init_nofips(void)
- {
- DRBG_CTX *ctx;
- size_t i;
- FIPS_set_error_callbacks(put_err_cb, add_err_cb);
- for (i = 0; i < sizeof(dummy_entropy); i++)
- dummy_entropy[i] = i & 0xff;
- if (entropy_stick)
- memcpy(dummy_entropy + 32, dummy_entropy + 16, 16);
- ctx = FIPS_get_default_drbg();
- FIPS_drbg_init(ctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF);
- FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, 16, dummy_cb, 0);
- FIPS_drbg_instantiate(ctx, dummy_entropy, 10);
- FIPS_rand_set_method(FIPS_drbg_method());
- }
-
-void do_entropy_stick(void)
- {
- entropy_stick = 1;
- }
-
-void fips_algtest_init(void)
- {
- fips_algtest_init_nofips();
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
- {
- fprintf(stderr, "Error entering FIPS mode\n");
- exit(1);
- }
- }
-
-int hex2bin(const char *in, unsigned char *out)
- {
- int n1, n2, isodd = 0;
- unsigned char ch;
-
- n1 = strlen(in);
- if (in[n1 - 1] == '\n')
- n1--;
-
- if (n1 & 1)
- isodd = 1;
-
- for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
- { /* first byte */
- if ((in[n1] >= '0') && (in[n1] <= '9'))
- ch = in[n1++] - '0';
- else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
- ch = in[n1++] - 'A' + 10;
- else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
- ch = in[n1++] - 'a' + 10;
- else
- return -1;
- if(!in[n1])
- {
- out[n2++]=ch;
- break;
- }
- /* If input is odd length first digit is least significant: assumes
- * all digits valid hex and null terminated which is true for the
- * strings we pass.
- */
- if (n1 == 1 && isodd)
- {
- out[n2++] = ch;
- continue;
- }
- out[n2] = ch << 4;
- /* second byte */
- if ((in[n1] >= '0') && (in[n1] <= '9'))
- ch = in[n1++] - '0';
- else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
- ch = in[n1++] - 'A' + 10;
- else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
- ch = in[n1++] - 'a' + 10;
- else
- return -1;
- out[n2++] |= ch;
- }
- return n2;
- }
-
-unsigned char *hex2bin_m(const char *in, long *plen)
- {
- unsigned char *p;
- if (strlen(in) == 0)
- {
- *plen = 0;
- return OPENSSL_malloc(1);
- }
- p = OPENSSL_malloc((strlen(in) + 1)/2);
- *plen = hex2bin(in, p);
- return p;
- }
-
-int do_hex2bn(BIGNUM **pr, const char *in)
- {
- unsigned char *p;
- long plen;
- int r = 0;
- p = hex2bin_m(in, &plen);
- if (!p)
- return 0;
- if (!*pr)
- *pr = BN_new();
- if (!*pr)
- return 0;
- if (BN_bin2bn(p, plen, *pr))
- r = 1;
- OPENSSL_free(p);
- return r;
- }
-
-int do_bn_print(FILE *out, const BIGNUM *bn)
- {
- int len, i;
- unsigned char *tmp;
- len = BN_num_bytes(bn);
- if (len == 0)
- {
- fputs("00", out);
- return 1;
- }
-
- tmp = OPENSSL_malloc(len);
- if (!tmp)
- {
- fprintf(stderr, "Memory allocation error\n");
- return 0;
- }
- BN_bn2bin(bn, tmp);
- for (i = 0; i < len; i++)
- fprintf(out, "%02x", tmp[i]);
- OPENSSL_free(tmp);
- return 1;
- }
-
-int do_bn_print_name(FILE *out, const char *name, const BIGNUM *bn)
- {
- int r;
- fprintf(out, "%s = ", name);
- r = do_bn_print(out, bn);
- if (!r)
- return 0;
- fputs(RESP_EOL, out);
- return 1;
- }
-
-int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf)
- {
- return parse_line2(pkw, pval, linebuf, olinebuf, 1);
- }
-
-int parse_line2(char **pkw, char **pval, char *linebuf, char *olinebuf, int eol)
- {
- char *keyword, *value, *p, *q;
- strcpy(linebuf, olinebuf);
- keyword = linebuf;
- /* Skip leading space */
- while (isspace((unsigned char)*keyword))
- keyword++;
-
- /* Look for = sign */
- p = strchr(linebuf, '=');
-
- /* If no '=' exit */
- if (!p)
- return 0;
-
- q = p - 1;
-
- /* Remove trailing space */
- while (isspace((unsigned char)*q))
- *q-- = 0;
-
- *p = 0;
- value = p + 1;
-
- /* Remove leading space from value */
- while (isspace((unsigned char)*value))
- value++;
-
- /* Remove trailing space from value */
- p = value + strlen(value) - 1;
-
- if (eol && *p != '\n')
- fprintf(stderr, "Warning: missing EOL\n");
-
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
-
- *pkw = keyword;
- *pval = value;
- return 1;
- }
-
-BIGNUM *hex2bn(const char *in)
- {
- BIGNUM *p=NULL;
-
- if (!do_hex2bn(&p, in))
- return NULL;
-
- return p;
- }
-
-/* To avoid extensive changes to test program at this stage just convert
- * the input line into an acceptable form. Keyword lines converted to form
- * "keyword = value\n" no matter what white space present, all other lines
- * just have leading and trailing space removed.
- */
-
-int tidy_line(char *linebuf, char *olinebuf)
- {
- char *keyword, *value, *p, *q;
- strcpy(linebuf, olinebuf);
- keyword = linebuf;
- /* Skip leading space */
- while (isspace((unsigned char)*keyword))
- keyword++;
- /* Look for = sign */
- p = strchr(linebuf, '=');
-
- /* If no '=' just chop leading, trailing ws */
- if (!p)
- {
- p = keyword + strlen(keyword) - 1;
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
- strcpy(olinebuf, keyword);
- strcat(olinebuf, "\n");
- return 1;
- }
-
- q = p - 1;
-
- /* Remove trailing space */
- while (isspace((unsigned char)*q))
- *q-- = 0;
-
- *p = 0;
- value = p + 1;
-
- /* Remove leading space from value */
- while (isspace((unsigned char)*value))
- value++;
-
- /* Remove trailing space from value */
- p = value + strlen(value) - 1;
-
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
-
- strcpy(olinebuf, keyword);
- strcat(olinebuf, " = ");
- strcat(olinebuf, value);
- strcat(olinebuf, "\n");
-
- return 1;
- }
-/* Copy supplied line to ofp replacing \n with \r\n */
-int copy_line(const char *in, FILE *ofp)
- {
- const char *p;
- p = strchr(in, '\n');
- if (p)
- {
- fwrite(in, 1, (size_t)(p - in), ofp);
- fputs(RESP_EOL, ofp);
- }
- else
- fputs(in, ofp);
- return 1;
- }
-
-/* NB: this return the number of _bits_ read */
-int bint2bin(const char *in, int len, unsigned char *out)
- {
- int n;
-
- memset(out,0,len);
- for(n=0 ; n < len ; ++n)
- if(in[n] == '1')
- out[n/8]|=(0x80 >> (n%8));
- return len;
- }
-
-int bin2bint(const unsigned char *in,int len,char *out)
- {
- int n;
-
- for(n=0 ; n < len ; ++n)
- out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
- return n;
- }
-
-/*-----------------------------------------------*/
-
-void PrintValue(char *tag, unsigned char *val, int len)
-{
-#ifdef VERBOSE
- OutputValue(tag, val, len, stdout, 0);
-#endif
-}
-
-void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
- {
- char obuf[2048];
- int olen;
-
- if(bitmode)
- {
- olen=bin2bint(val,len,obuf);
- fprintf(rfp, "%s = %.*s" RESP_EOL, tag, olen, obuf);
- }
- else
- {
- int i;
- fprintf(rfp, "%s = ", tag);
- for (i = 0; i < len; i++)
- fprintf(rfp, "%02x", val[i]);
- fputs(RESP_EOL, rfp);
- }
-
-#if VERBOSE
- printf("%s = %.*s\n", tag, olen, obuf);
-#endif
- }
-
-/* Not all platforms support strcasecmp and strncasecmp: implement versions
- * in here to avoid need to include them in the validated module. Taken
- * from crypto/o_str.c written by Richard Levitte (richard@levitte.org)
- */
-
-int fips_strncasecmp(const char *str1, const char *str2, size_t n)
- {
- while (*str1 && *str2 && n)
- {
- int res = toupper(*str1) - toupper(*str2);
- if (res) return res < 0 ? -1 : 1;
- str1++;
- str2++;
- n--;
- }
- if (n == 0)
- return 0;
- if (*str1)
- return 1;
- if (*str2)
- return -1;
- return 0;
- }
-
-int fips_strcasecmp(const char *str1, const char *str2)
- {
- return fips_strncasecmp(str1, str2, (size_t)-1);
- }
-
-
-#endif
+++ /dev/null
-#!/usr/bin/perl -w
-# Perl utility to run or verify FIPS 140-2 CAVP algorithm tests based on the
-# pathnames of input algorithm test files actually present (the unqualified
-# file names are consistent but the pathnames are not).
-#
-
-# FIPS test definitions
-# List of all the unqualified file names we expect and command lines to run
-
-# DSA tests
-my @fips_dsa_test_list = (
-
- "DSA",
-
- [ "PQGGen", "fips_dssvs pqg", "path:[^C]DSA/.*PQGGen" ],
- [ "KeyPair", "fips_dssvs keypair", "path:[^C]DSA/.*KeyPair" ],
- [ "SigGen", "fips_dssvs siggen", "path:[^C]DSA/.*SigGen" ],
- [ "SigVer", "fips_dssvs sigver", "path:[^C]DSA/.*SigVer" ]
-
-);
-
-my @fips_dsa_pqgver_test_list = (
-
- [ "PQGVer", "fips_dssvs pqgver", "path:[^C]DSA/.*PQGVer" ]
-
-);
-
-# DSA2 tests
-my @fips_dsa2_test_list = (
-
- "DSA2",
-
- [ "PQGGen", "fips_dssvs pqg", "path:[^C]DSA2/.*PQGGen" ],
- [ "KeyPair", "fips_dssvs keypair", "path:[^C]DSA2/.*KeyPair" ],
- [ "SigGen", "fips_dssvs siggen", "path:[^C]DSA2/.*SigGen" ],
- [ "SigVer", "fips_dssvs sigver", "path:[^C]DSA2/.*SigVer" ],
- [ "PQGVer", "fips_dssvs pqgver", "path:[^C]DSA2/.*PQGVer" ]
-
-);
-
-# ECDSA and ECDSA2 tests
-my @fips_ecdsa_test_list = (
-
- "ECDSA",
-
- [ "KeyPair", "fips_ecdsavs KeyPair", "path:/ECDSA/.*KeyPair" ],
- [ "PKV", "fips_ecdsavs PKV", "path:/ECDSA/.*PKV" ],
- [ "SigGen", "fips_ecdsavs SigGen", "path:/ECDSA/.*SigGen" ],
- [ "SigVer", "fips_ecdsavs SigVer", "path:/ECDSA/.*SigVer" ],
-
- "ECDSA2",
-
- [ "KeyPair", "fips_ecdsavs KeyPair", "path:/ECDSA2/.*KeyPair" ],
- [ "PKV", "fips_ecdsavs PKV", "path:/ECDSA2/.*PKV" ],
- [ "SigGen", "fips_ecdsavs SigGen", "path:/ECDSA2/.*SigGen" ],
- [ "SigVer", "fips_ecdsavs SigVer", "path:/ECDSA2/.*SigVer" ],
-
-);
-
-# RSA tests
-
-my @fips_rsa_test_list = (
-
- "RSA",
-
- [ "SigGen15", "fips_rsastest" ],
- [ "SigVer15", "fips_rsavtest" ],
- [ "SigVerRSA", "fips_rsavtest -x931" ],
- [ "KeyGenRSA", "fips_rsagtest" ],
- [ "SigGenRSA", "fips_rsastest -x931" ]
-
-);
-
-# Special cases for PSS. The filename itself is
-# not sufficient to determine the test. Addditionally we
-# need to examine the file contents to determine the salt length
-# In these cases the test filename has (saltlen) appended.
-
-# RSA PSS salt length 0 tests
-
-my @fips_rsa_pss0_test_list = (
-
- [ "SigGenPSS(0)", "fips_rsastest -saltlen 0",
- 'file:^\s*#\s*salt\s+len:\s+0\s*$' ],
- [ "SigVerPSS(0)", "fips_rsavtest -saltlen 0",
- 'file:^\s*#\s*salt\s+len:\s+0\s*$' ],
-
-);
-
-# RSA PSS salt length 62 tests
-
-my @fips_rsa_pss62_test_list = (
- [ "SigGenPSS(62)", "fips_rsastest -saltlen 62",
- 'file:^\s*#\s*salt\s+len:\s+62\s*$' ],
- [ "SigVerPSS(62)", "fips_rsavtest -saltlen 62",
- 'file:^\s*#\s*salt\s+len:\s+62\s*$' ],
-);
-
-# SHA tests
-
-my @fips_sha_test_list = (
-
- "SHA",
-
- [ "SHA1LongMsg", "fips_shatest" ],
- [ "SHA1Monte", "fips_shatest" ],
- [ "SHA1ShortMsg", "fips_shatest" ],
- [ "SHA224LongMsg", "fips_shatest" ],
- [ "SHA224Monte", "fips_shatest" ],
- [ "SHA224ShortMsg", "fips_shatest" ],
- [ "SHA256LongMsg", "fips_shatest" ],
- [ "SHA256Monte", "fips_shatest" ],
- [ "SHA256ShortMsg", "fips_shatest" ],
- [ "SHA384LongMsg", "fips_shatest" ],
- [ "SHA384Monte", "fips_shatest" ],
- [ "SHA384ShortMsg", "fips_shatest" ],
- [ "SHA512LongMsg", "fips_shatest" ],
- [ "SHA512Monte", "fips_shatest" ],
- [ "SHA512ShortMsg", "fips_shatest" ]
-
-);
-
-# HMAC
-
-my @fips_hmac_test_list = (
-
- "HMAC",
-
- [ "HMAC", "fips_hmactest" ]
-
-);
-
-# CMAC
-
-my @fips_cmac_test_list = (
-
- "CMAC",
-
- [ "CMACGenAES128", "fips_cmactest -a aes128 -g" ],
- [ "CMACVerAES128", "fips_cmactest -a aes128 -v" ],
- [ "CMACGenAES192", "fips_cmactest -a aes192 -g" ],
- [ "CMACVerAES192", "fips_cmactest -a aes192 -v" ],
- [ "CMACGenAES256", "fips_cmactest -a aes256 -g" ],
- [ "CMACVerAES256", "fips_cmactest -a aes256 -v" ],
- [ "CMACGenTDES3", "fips_cmactest -a tdes3 -g" ],
- [ "CMACVerTDES3", "fips_cmactest -a tdes3 -v" ],
-
-);
-
-# RAND tests, AES version
-
-my @fips_rand_aes_test_list = (
-
- "RAND (AES)",
-
- [ "ANSI931_AES128MCT", "fips_rngvs mct" ],
- [ "ANSI931_AES192MCT", "fips_rngvs mct" ],
- [ "ANSI931_AES256MCT", "fips_rngvs mct" ],
- [ "ANSI931_AES128VST", "fips_rngvs vst" ],
- [ "ANSI931_AES192VST", "fips_rngvs vst" ],
- [ "ANSI931_AES256VST", "fips_rngvs vst" ]
-
-);
-
-# RAND tests, DES2 version
-
-my @fips_rand_des2_test_list = (
-
- "RAND (DES2)",
-
- [ "ANSI931_TDES2MCT", "fips_rngvs mct" ],
- [ "ANSI931_TDES2VST", "fips_rngvs vst" ]
-
-);
-
-# AES tests
-
-my @fips_aes_test_list = (
-
- "AES",
-
- [ "CBCGFSbox128", "fips_aesavs -f" ],
- [ "CBCGFSbox192", "fips_aesavs -f" ],
- [ "CBCGFSbox256", "fips_aesavs -f" ],
- [ "CBCKeySbox128", "fips_aesavs -f" ],
- [ "CBCKeySbox192", "fips_aesavs -f" ],
- [ "CBCKeySbox256", "fips_aesavs -f" ],
- [ "CBCMCT128", "fips_aesavs -f" ],
- [ "CBCMCT192", "fips_aesavs -f" ],
- [ "CBCMCT256", "fips_aesavs -f" ],
- [ "CBCMMT128", "fips_aesavs -f" ],
- [ "CBCMMT192", "fips_aesavs -f" ],
- [ "CBCMMT256", "fips_aesavs -f" ],
- [ "CBCVarKey128", "fips_aesavs -f" ],
- [ "CBCVarKey192", "fips_aesavs -f" ],
- [ "CBCVarKey256", "fips_aesavs -f" ],
- [ "CBCVarTxt128", "fips_aesavs -f" ],
- [ "CBCVarTxt192", "fips_aesavs -f" ],
- [ "CBCVarTxt256", "fips_aesavs -f" ],
- [ "CFB128GFSbox128", "fips_aesavs -f" ],
- [ "CFB128GFSbox192", "fips_aesavs -f" ],
- [ "CFB128GFSbox256", "fips_aesavs -f" ],
- [ "CFB128KeySbox128", "fips_aesavs -f" ],
- [ "CFB128KeySbox192", "fips_aesavs -f" ],
- [ "CFB128KeySbox256", "fips_aesavs -f" ],
- [ "CFB128MCT128", "fips_aesavs -f" ],
- [ "CFB128MCT192", "fips_aesavs -f" ],
- [ "CFB128MCT256", "fips_aesavs -f" ],
- [ "CFB128MMT128", "fips_aesavs -f" ],
- [ "CFB128MMT192", "fips_aesavs -f" ],
- [ "CFB128MMT256", "fips_aesavs -f" ],
- [ "CFB128VarKey128", "fips_aesavs -f" ],
- [ "CFB128VarKey192", "fips_aesavs -f" ],
- [ "CFB128VarKey256", "fips_aesavs -f" ],
- [ "CFB128VarTxt128", "fips_aesavs -f" ],
- [ "CFB128VarTxt192", "fips_aesavs -f" ],
- [ "CFB128VarTxt256", "fips_aesavs -f" ],
- [ "CFB8GFSbox128", "fips_aesavs -f" ],
- [ "CFB8GFSbox192", "fips_aesavs -f" ],
- [ "CFB8GFSbox256", "fips_aesavs -f" ],
- [ "CFB8KeySbox128", "fips_aesavs -f" ],
- [ "CFB8KeySbox192", "fips_aesavs -f" ],
- [ "CFB8KeySbox256", "fips_aesavs -f" ],
- [ "CFB8MCT128", "fips_aesavs -f" ],
- [ "CFB8MCT192", "fips_aesavs -f" ],
- [ "CFB8MCT256", "fips_aesavs -f" ],
- [ "CFB8MMT128", "fips_aesavs -f" ],
- [ "CFB8MMT192", "fips_aesavs -f" ],
- [ "CFB8MMT256", "fips_aesavs -f" ],
- [ "CFB8VarKey128", "fips_aesavs -f" ],
- [ "CFB8VarKey192", "fips_aesavs -f" ],
- [ "CFB8VarKey256", "fips_aesavs -f" ],
- [ "CFB8VarTxt128", "fips_aesavs -f" ],
- [ "CFB8VarTxt192", "fips_aesavs -f" ],
- [ "CFB8VarTxt256", "fips_aesavs -f" ],
-
- [ "ECBGFSbox128", "fips_aesavs -f" ],
- [ "ECBGFSbox192", "fips_aesavs -f" ],
- [ "ECBGFSbox256", "fips_aesavs -f" ],
- [ "ECBKeySbox128", "fips_aesavs -f" ],
- [ "ECBKeySbox192", "fips_aesavs -f" ],
- [ "ECBKeySbox256", "fips_aesavs -f" ],
- [ "ECBMCT128", "fips_aesavs -f" ],
- [ "ECBMCT192", "fips_aesavs -f" ],
- [ "ECBMCT256", "fips_aesavs -f" ],
- [ "ECBMMT128", "fips_aesavs -f" ],
- [ "ECBMMT192", "fips_aesavs -f" ],
- [ "ECBMMT256", "fips_aesavs -f" ],
- [ "ECBVarKey128", "fips_aesavs -f" ],
- [ "ECBVarKey192", "fips_aesavs -f" ],
- [ "ECBVarKey256", "fips_aesavs -f" ],
- [ "ECBVarTxt128", "fips_aesavs -f" ],
- [ "ECBVarTxt192", "fips_aesavs -f" ],
- [ "ECBVarTxt256", "fips_aesavs -f" ],
- [ "OFBGFSbox128", "fips_aesavs -f" ],
- [ "OFBGFSbox192", "fips_aesavs -f" ],
- [ "OFBGFSbox256", "fips_aesavs -f" ],
- [ "OFBKeySbox128", "fips_aesavs -f" ],
- [ "OFBKeySbox192", "fips_aesavs -f" ],
- [ "OFBKeySbox256", "fips_aesavs -f" ],
- [ "OFBMCT128", "fips_aesavs -f" ],
- [ "OFBMCT192", "fips_aesavs -f" ],
- [ "OFBMCT256", "fips_aesavs -f" ],
- [ "OFBMMT128", "fips_aesavs -f" ],
- [ "OFBMMT192", "fips_aesavs -f" ],
- [ "OFBMMT256", "fips_aesavs -f" ],
- [ "OFBVarKey128", "fips_aesavs -f" ],
- [ "OFBVarKey192", "fips_aesavs -f" ],
- [ "OFBVarKey256", "fips_aesavs -f" ],
- [ "OFBVarTxt128", "fips_aesavs -f" ],
- [ "OFBVarTxt192", "fips_aesavs -f" ],
- [ "OFBVarTxt256", "fips_aesavs -f" ]
-
-);
-
-my @fips_aes_cfb1_test_list = (
-
- # AES CFB1 tests
-
- [ "CFB1GFSbox128", "fips_aesavs -f" ],
- [ "CFB1GFSbox192", "fips_aesavs -f" ],
- [ "CFB1GFSbox256", "fips_aesavs -f" ],
- [ "CFB1KeySbox128", "fips_aesavs -f" ],
- [ "CFB1KeySbox192", "fips_aesavs -f" ],
- [ "CFB1KeySbox256", "fips_aesavs -f" ],
- [ "CFB1MCT128", "fips_aesavs -f" ],
- [ "CFB1MCT192", "fips_aesavs -f" ],
- [ "CFB1MCT256", "fips_aesavs -f" ],
- [ "CFB1MMT128", "fips_aesavs -f" ],
- [ "CFB1MMT192", "fips_aesavs -f" ],
- [ "CFB1MMT256", "fips_aesavs -f" ],
- [ "CFB1VarKey128", "fips_aesavs -f" ],
- [ "CFB1VarKey192", "fips_aesavs -f" ],
- [ "CFB1VarKey256", "fips_aesavs -f" ],
- [ "CFB1VarTxt128", "fips_aesavs -f" ],
- [ "CFB1VarTxt192", "fips_aesavs -f" ],
- [ "CFB1VarTxt256", "fips_aesavs -f" ]
-
-);
-
-my @fips_aes_ccm_test_list = (
-
- # AES CCM tests
-
- "AES CCM",
-
- [ "DVPT128", "fips_gcmtest -ccm" ],
- [ "DVPT192", "fips_gcmtest -ccm" ],
- [ "DVPT256", "fips_gcmtest -ccm" ],
- [ "VADT128", "fips_gcmtest -ccm" ],
- [ "VADT192", "fips_gcmtest -ccm" ],
- [ "VADT256", "fips_gcmtest -ccm" ],
- [ "VNT128", "fips_gcmtest -ccm" ],
- [ "VNT192", "fips_gcmtest -ccm" ],
- [ "VNT256", "fips_gcmtest -ccm" ],
- [ "VPT128", "fips_gcmtest -ccm" ],
- [ "VPT192", "fips_gcmtest -ccm" ],
- [ "VPT256", "fips_gcmtest -ccm" ],
- [ "VTT128", "fips_gcmtest -ccm" ],
- [ "VTT192", "fips_gcmtest -ccm" ],
- [ "VTT256", "fips_gcmtest -ccm" ]
-
-);
-
-my @fips_aes_gcm_test_list = (
-
- # AES GCM tests
-
- "AES GCM",
-
- [ "gcmDecrypt128", "fips_gcmtest -decrypt" ],
- [ "gcmDecrypt192", "fips_gcmtest -decrypt" ],
- [ "gcmDecrypt256", "fips_gcmtest -decrypt" ],
- [ "gcmEncryptIntIV128", "fips_gcmtest -encrypt" ],
- [ "gcmEncryptIntIV192", "fips_gcmtest -encrypt" ],
- [ "gcmEncryptIntIV256", "fips_gcmtest -encrypt" ],
-
-);
-
-my @fips_aes_xts_test_list = (
- # AES XTS tests
-
- "AES XTS",
-
- [ "XTSGenAES128", "fips_gcmtest -xts" ],
- [ "XTSGenAES256", "fips_gcmtest -xts" ],
-
-);
-
-# Triple DES tests
-
-my @fips_des3_test_list = (
-
- "Triple DES",
-
- [ "TCBCinvperm", "fips_desmovs -f" ],
- [ "TCBCMMT1", "fips_desmovs -f" ],
- [ "TCBCMMT2", "fips_desmovs -f" ],
- [ "TCBCMMT3", "fips_desmovs -f" ],
- [ "TCBCMonte1", "fips_desmovs -f" ],
- [ "TCBCMonte2", "fips_desmovs -f" ],
- [ "TCBCMonte3", "fips_desmovs -f" ],
- [ "TCBCpermop", "fips_desmovs -f" ],
- [ "TCBCsubtab", "fips_desmovs -f" ],
- [ "TCBCvarkey", "fips_desmovs -f" ],
- [ "TCBCvartext", "fips_desmovs -f" ],
- [ "TCFB64invperm", "fips_desmovs -f" ],
- [ "TCFB64MMT1", "fips_desmovs -f" ],
- [ "TCFB64MMT2", "fips_desmovs -f" ],
- [ "TCFB64MMT3", "fips_desmovs -f" ],
- [ "TCFB64Monte1", "fips_desmovs -f" ],
- [ "TCFB64Monte2", "fips_desmovs -f" ],
- [ "TCFB64Monte3", "fips_desmovs -f" ],
- [ "TCFB64permop", "fips_desmovs -f" ],
- [ "TCFB64subtab", "fips_desmovs -f" ],
- [ "TCFB64varkey", "fips_desmovs -f" ],
- [ "TCFB64vartext", "fips_desmovs -f" ],
- [ "TCFB8invperm", "fips_desmovs -f" ],
- [ "TCFB8MMT1", "fips_desmovs -f" ],
- [ "TCFB8MMT2", "fips_desmovs -f" ],
- [ "TCFB8MMT3", "fips_desmovs -f" ],
- [ "TCFB8Monte1", "fips_desmovs -f" ],
- [ "TCFB8Monte2", "fips_desmovs -f" ],
- [ "TCFB8Monte3", "fips_desmovs -f" ],
- [ "TCFB8permop", "fips_desmovs -f" ],
- [ "TCFB8subtab", "fips_desmovs -f" ],
- [ "TCFB8varkey", "fips_desmovs -f" ],
- [ "TCFB8vartext", "fips_desmovs -f" ],
- [ "TECBinvperm", "fips_desmovs -f" ],
- [ "TECBMMT1", "fips_desmovs -f" ],
- [ "TECBMMT2", "fips_desmovs -f" ],
- [ "TECBMMT3", "fips_desmovs -f" ],
- [ "TECBMonte1", "fips_desmovs -f" ],
- [ "TECBMonte2", "fips_desmovs -f" ],
- [ "TECBMonte3", "fips_desmovs -f" ],
- [ "TECBpermop", "fips_desmovs -f" ],
- [ "TECBsubtab", "fips_desmovs -f" ],
- [ "TECBvarkey", "fips_desmovs -f" ],
- [ "TECBvartext", "fips_desmovs -f" ],
- [ "TOFBinvperm", "fips_desmovs -f" ],
- [ "TOFBMMT1", "fips_desmovs -f" ],
- [ "TOFBMMT2", "fips_desmovs -f" ],
- [ "TOFBMMT3", "fips_desmovs -f" ],
- [ "TOFBMonte1", "fips_desmovs -f" ],
- [ "TOFBMonte2", "fips_desmovs -f" ],
- [ "TOFBMonte3", "fips_desmovs -f" ],
- [ "TOFBpermop", "fips_desmovs -f" ],
- [ "TOFBsubtab", "fips_desmovs -f" ],
- [ "TOFBvarkey", "fips_desmovs -f" ],
- [ "TOFBvartext", "fips_desmovs -f" ]
-
-);
-
-my @fips_des3_cfb1_test_list = (
-
- # DES3 CFB1 tests
-
- [ "TCFB1invperm", "fips_desmovs -f" ],
- [ "TCFB1MMT1", "fips_desmovs -f" ],
- [ "TCFB1MMT2", "fips_desmovs -f" ],
- [ "TCFB1MMT3", "fips_desmovs -f" ],
- [ "TCFB1Monte1", "fips_desmovs -f" ],
- [ "TCFB1Monte2", "fips_desmovs -f" ],
- [ "TCFB1Monte3", "fips_desmovs -f" ],
- [ "TCFB1permop", "fips_desmovs -f" ],
- [ "TCFB1subtab", "fips_desmovs -f" ],
- [ "TCFB1varkey", "fips_desmovs -f" ],
- [ "TCFB1vartext", "fips_desmovs -f" ],
-
-);
-
-my @fips_drbg_test_list = (
-
- # SP800-90 DRBG tests
- "SP800-90 DRBG",
- [ "CTR_DRBG", "fips_drbgvs" ],
- [ "Dual_EC_DRBG", "fips_drbgvs" ],
- [ "Hash_DRBG", "fips_drbgvs" ],
- [ "HMAC_DRBG", "fips_drbgvs" ]
-
-);
-
-my @fips_dh_test_list = (
-
- # DH
- "DH Ephemeral Primitives Only",
- [ "KASValidityTest_FFCEphem_NOKC_ZZOnly_init", "fips_dhvs dhver" ],
- [ "KASValidityTest_FFCEphem_NOKC_ZZOnly_resp", "fips_dhvs dhver" ],
-
-);
-
-my @fips_ecdh_test_list = (
-
- # ECDH
- "ECDH Ephemeral Primitives Only",
- [ "KAS_ECC_CDH_PrimitiveTest", "fips_ecdhvs ecdhgen" ],
-# [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_init",
-# "fips_ecdhvs ecdhver" ],
-# [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_resp",
-# "fips_ecdhvs ecdhver" ],
-
-);
-
-
-# Verification special cases.
-# In most cases the output of a test is deterministic and
-# it can be compared to a known good result. A few involve
-# the genration and use of random keys and the output will
-# be different each time. In thoses cases we perform special tests
-# to simply check their consistency. For example signature generation
-# output will be run through signature verification to see if all outputs
-# show as valid.
-#
-
-my %verify_special = (
- "DSA:PQGGen" => "fips_dssvs pqgver",
- "DSA:KeyPair" => "fips_dssvs keyver",
- "DSA:SigGen" => "fips_dssvs sigver",
- "DSA2:PQGGen" => "fips_dssvs pqgver",
- "DSA2:KeyPair" => "fips_dssvs keyver",
- "DSA2:SigGen" => "fips_dssvs sigver",
- "ECDSA:KeyPair" => "fips_ecdsavs PKV",
- "ECDSA:SigGen" => "fips_ecdsavs SigVer",
- "ECDSA2:KeyPair" => "fips_ecdsavs PKV",
- "ECDSA2:SigGen" => "fips_ecdsavs SigVer",
- "RSA:SigGen15" => "fips_rsavtest",
- "RSA:SigGenRSA" => "fips_rsavtest -x931",
- "RSA:SigGenPSS(0)" => "fips_rsavtest -saltlen 0",
- "RSA:SigGenPSS(62)" => "fips_rsavtest -saltlen 62",
- "ECDH Ephemeral Primitives Only:KAS_ECC_CDH_PrimitiveTest" => "skip"
-);
-
-my $win32 = $^O =~ m/mswin/i;
-my $onedir = 0;
-my $filter = "";
-my $tvdir;
-my $tprefix;
-my $debug = 0;
-my $quiet = 0;
-my $notest = 0;
-my $verify = 1;
-my $rspdir = "resp";
-my $ignore_missing = 0;
-my $ignore_bogus = 0;
-my $bufout = '';
-my $list_tests = 0;
-my $minimal_script = 0;
-my $outfile = '';
-my $no_warn_missing = 0;
-my $no_warn_bogus = 0;
-my $rmcmd = "rm -rf";
-my $mkcmd = "mkdir";
-my $cmpall = 0;
-
-my %fips_enabled = (
- "dsa" => 1,
- "dsa2" => 2,
- "dsa-pqgver" => 2,
- "ecdsa" => 2,
- "rsa" => 1,
- "rsa-pss0" => 2,
- "rsa-pss62" => 1,
- "sha" => 1,
- "hmac" => 1,
- "cmac" => 2,
- "rand-aes" => 1,
- "rand-des2" => 0,
- "aes" => 1,
- "aes-cfb1" => 2,
- "des3" => 1,
- "des3-cfb1" => 2,
- "drbg" => 2,
- "aes-ccm" => 2,
- "aes-xts" => 2,
- "aes-gcm" => 2,
- "dh" => 0,
- "ecdh" => 2,
- "v2" => 1,
-);
-
-foreach (@ARGV) {
- if ( $_ eq "--win32" ) {
- $win32 = 1;
- }
- elsif ( $_ eq "--onedir" ) {
- $onedir = 1;
- }
- elsif ( $_ eq "--debug" ) {
- $debug = 1;
- }
- elsif ( $_ eq "--quiet-missing" ) {
- $ignore_missing = 1;
- $no_warn_missing = 1;
- }
- elsif ( $_ eq "--ignore-missing" ) {
- $ignore_missing = 1;
- }
- elsif ( $_ eq "--quiet-bogus" ) {
- $ignore_bogus = 1;
- $no_warn_bogus = 1;
- }
- elsif ( $_ eq "--ignore-bogus" ) {
- $ignore_bogus = 1;
- }
- elsif ( $_ eq "--minimal-script" ) {
- $minimal_script = 1;
- }
- elsif (/--generate-script=(.*)$/) {
- $outfile = $1;
- $verify = 0;
- } elsif ( $_ eq "--generate" ) {
- $verify = 0;
- }
- elsif ( $_ eq "--compare-all" ) {
- $cmpall = 1;
- }
- elsif ( $_ eq "--notest" ) {
- $notest = 1;
- }
- elsif ( $_ eq "--quiet" ) {
- $quiet = 1;
- }
- elsif (/--dir=(.*)$/) {
- $tvdir = $1;
- }
- elsif (/--rspdir=(.*)$/) {
- $rspdir = $1;
- }
- elsif (/--tprefix=(.*)$/) {
- $tprefix = $1;
- }
- elsif (/^--disable-all$/) {
- foreach (keys %fips_enabled) {
- $fips_enabled{$_} = 0;
- }
- }
- elsif (/^--(enable|disable)-(.*)$/) {
- if ( !exists $fips_enabled{$2} ) {
- print STDERR "Unknown test $2\n";
- exit(1);
- }
- if ( $1 eq "enable" ) {
- $fips_enabled{$2} = 1;
- }
- else {
- $fips_enabled{$2} = 0;
- }
- }
- elsif (/--filter=(.*)$/) {
- $filter = $1;
- }
- elsif (/--rm=(.*)$/) {
- $rmcmd = $1;
- }
- elsif (/--script-tprefix=(.*)$/) {
- $stprefix = $1;
- }
- elsif (/--mkdir=(.*)$/) {
- $mkcmd = $1;
- }
- elsif (/^--list-tests$/) {
- $list_tests = 1;
- }
- else {
- Help();
- exit(1);
- }
-}
-
-my @fips_test_list;
-
-
-if (!$fips_enabled{"v2"}) {
- foreach (keys %fips_enabled) {
- $fips_enabled{$_} = 0 if $fips_enabled{$_} == 2;
- }
-}
-
-push @fips_test_list, @fips_dsa_test_list if $fips_enabled{"dsa"};
-push @fips_test_list, @fips_dsa_pqgver_test_list if $fips_enabled{"dsa-pqgver"};
-push @fips_test_list, @fips_dsa2_test_list if $fips_enabled{"dsa2"};
-push @fips_test_list, @fips_ecdsa_test_list if $fips_enabled{"ecdsa"};
-push @fips_test_list, @fips_rsa_test_list if $fips_enabled{"rsa"};
-push @fips_test_list, @fips_rsa_pss0_test_list if $fips_enabled{"rsa-pss0"};
-push @fips_test_list, @fips_rsa_pss62_test_list if $fips_enabled{"rsa-pss62"};
-push @fips_test_list, @fips_sha_test_list if $fips_enabled{"sha"};
-push @fips_test_list, @fips_hmac_test_list if $fips_enabled{"hmac"};
-push @fips_test_list, @fips_cmac_test_list if $fips_enabled{"cmac"};
-push @fips_test_list, @fips_rand_aes_test_list if $fips_enabled{"rand-aes"};
-push @fips_test_list, @fips_rand_des2_test_list if $fips_enabled{"rand-des2"};
-push @fips_test_list, @fips_aes_test_list if $fips_enabled{"aes"};
-push @fips_test_list, @fips_aes_cfb1_test_list if $fips_enabled{"aes-cfb1"};
-push @fips_test_list, @fips_des3_test_list if $fips_enabled{"des3"};
-push @fips_test_list, @fips_des3_cfb1_test_list if $fips_enabled{"des3-cfb1"};
-push @fips_test_list, @fips_drbg_test_list if $fips_enabled{"drbg"};
-push @fips_test_list, @fips_aes_ccm_test_list if $fips_enabled{"aes-ccm"};
-push @fips_test_list, @fips_aes_gcm_test_list if $fips_enabled{"aes-gcm"};
-push @fips_test_list, @fips_aes_xts_test_list if $fips_enabled{"aes-xts"};
-push @fips_test_list, @fips_dh_test_list if $fips_enabled{"dh"};
-push @fips_test_list, @fips_ecdh_test_list if $fips_enabled{"ecdh"};
-
-if ($list_tests) {
- my ( $test, $en );
- print "=====TEST LIST=====\n";
- foreach $test ( sort keys %fips_enabled ) {
- $en = $fips_enabled{$test};
- $test =~ tr/[a-z]/[A-Z]/;
- printf "%-10s %s\n", $test, $en ? "enabled" : "disabled";
- }
- exit(0);
-}
-
-foreach (@fips_test_list) {
- next unless ref($_);
- my $nm = $$_[0];
- $$_[3] = "";
- $$_[4] = "";
-}
-
-$tvdir = "." unless defined $tvdir;
-
-if ($win32) {
- if ( !defined $tprefix ) {
- if ($onedir) {
- $tprefix = ".\\";
- }
- else {
- $tprefix = "..\\out32dll\\";
- }
- }
-}
-else {
- if ($onedir) {
- $tprefix = "./" unless defined $tprefix;
- }
- else {
- $tprefix = "../test/" unless defined $tprefix;
- }
-}
-
-sanity_check_exe( $win32, $tprefix) if $outfile eq "";
-
-find_files( $filter, $tvdir );
-
-sanity_check_files();
-
-my ( $runerr, $cmperr, $cmpok, $scheckrunerr, $scheckerr, $scheckok, $skipcnt )
- = ( 0, 0, 0, 0, 0, 0, 0 );
-
-exit(0) if $notest;
-print "Outputting commands to $outfile\n" if $outfile ne "";
-run_tests( $verify, $win32, $tprefix, $filter, $tvdir, $outfile );
-
-if ($verify) {
- print "ALGORITHM TEST VERIFY SUMMARY REPORT:\n";
- print "Tests skipped due to missing files: $skipcnt\n";
- print "Algorithm test program execution failures: $runerr\n";
- print "Test comparisons successful: $cmpok\n";
- print "Test comparisons failed: $cmperr\n";
- print "Test sanity checks successful: $scheckok\n";
- print "Test sanity checks failed: $scheckerr\n";
- print "Sanity check program execution failures: $scheckrunerr\n";
-
- if ( $runerr || $cmperr || $scheckrunerr || $scheckerr ) {
- print "***TEST FAILURE***\n";
- }
- else {
- print "***ALL TESTS SUCCESSFUL***\n";
- }
-}
-elsif ($outfile eq "") {
- print "ALGORITHM TEST SUMMARY REPORT:\n";
- print "Tests skipped due to missing files: $skipcnt\n";
- print "Algorithm test program execution failures: $runerr\n";
-
- if ($runerr) {
- print "***TEST FAILURE***\n";
- }
- else {
- print "***ALL TESTS SUCCESSFUL***\n";
- }
-}
-
-#--------------------------------
-sub Help {
- ( my $cmd ) = ( $0 =~ m#([^/]+)$# );
- print <<EOF;
-$cmd: generate run CAVP algorithm tests
- --debug Enable debug output
- --dir=<dirname> Optional root for *.req file search
- --filter=<regexp> Regex for input files of interest
- --onedir <dirname> Assume all components in current directory
- --rspdir=<dirname> Name of subdirectories containing *.rsp files, default "resp"
- --tprefix=<prefix> Pathname prefix for directory containing test programs
- --ignore-bogus Ignore duplicate or bogus files
- --ignore-missing Ignore missing test files
- --quiet Shhh....
- --quiet-bogus Skip unrecognized file warnings
- --quiet-missing Skip missing request file warnings
- --generate Generate algorithm test output
- --generate-script=<filename> Generate script to call algorithm programs
- --minimal-script Simplest possible output for --generate-script
- --win32 Win32 environment
- --compare-all Verify unconditionally for all tests
- --list-tests Show individual tests
- --mkdir=<cmd> Specify "mkdir" command
- --notest Exit before running tests
- --rm=<cmd> Specify "rm" command
- --script-tprefix Pathname prefix for --generate-script output
- --enable-<alg> Enable algorithm set <alg>.
- --disable-<alg> Disable algorithm set <alg>.
- Where <alg> can be one of:
-EOF
-
-while (my ($key, $value) = each %fips_enabled)
- {
- printf "\t\t%-20s(%s by default)\n", $key ,
- $value == 1 ? "enabled" : "disabled";
- }
-}
-
-# Sanity check to see if all necessary executables exist
-
-sub sanity_check_exe {
- my ( $win32, $tprefix, ) = @_;
- my %exe_list;
- my $bad = 0;
- foreach (@fips_test_list) {
- next unless ref($_);
- my $cmd = $_->[1];
- $cmd =~ s/ .*$//;
- $cmd = $tprefix . $cmd;
- $cmd .= ".exe" if $win32;
- $exe_list{$cmd} = 1;
- }
-
- foreach ( sort keys %exe_list ) {
- if ( !-f $_ ) {
- print STDERR "ERROR: can't find executable $_\n";
- $bad = 1;
- }
- }
- if ($bad) {
- print STDERR "FATAL ERROR: executables missing\n";
- exit(1);
- }
- elsif ($debug) {
- print STDERR "Executable sanity check passed OK\n";
- }
-}
-
-# Search for all request and response files
-
-sub find_files {
- my ( $filter, $dir ) = @_;
- my ( $dirh, $testname, $tref );
- opendir( $dirh, $dir );
- while ( $_ = readdir($dirh) ) {
- next if ( $_ eq "." || $_ eq ".." );
- $_ = "$dir/$_";
- if ( -f "$_" ) {
- if (/\/([^\/]*)\.rsp$/) {
- $tref = find_test($1, $_);
- if ( defined $tref ) {
- $testname = $$tref[0];
- if ( $$tref[4] eq "" ) {
- $$tref[4] = $_;
- }
- else {
- print STDERR
-"WARNING: duplicate response file $_ for test $testname\n";
- $nbogus++;
- }
- }
- else {
- print STDERR "WARNING: bogus file $_\n" unless $no_warn_bogus;
- $nbogus++;
- }
- }
- next unless /$filter.*\.req$/i;
- if (/\/([^\/]*)\.req$/) {
- $tref = find_test($1, $_);
- if ( defined $tref ) {
- $testname = $$tref[0];
- if ( $$tref[3] eq "" ) {
- $$tref[3] = $_;
- }
- else {
- print STDERR
-"WARNING: duplicate request file $_ for test $testname\n";
- $nbogus++;
- }
-
- }
- elsif ( !/SHAmix\.req$/ ) {
- print STDERR "WARNING: unrecognized filename $_\n" unless $no_warn_bogus;
- $nbogus++;
- }
- }
- }
- elsif ( -d "$_" ) {
- find_files( $filter, $_ );
- }
- }
- closedir($dirh);
-}
-#
-# Find test based on filename.
-# In ambiguous cases search file contents for a match
-#
-
-sub find_test {
- my ( $test, $path ) = @_;
- foreach $tref (@fips_test_list) {
- next unless ref($tref);
- my ( $tst, $cmd, $excmd, $req, $resp ) = @$tref;
- my $regexp;
- $tst =~ s/\(.*$//;
- $test =~ s/_186-2//;
- if (defined $excmd) {
- if ($excmd =~ /^path:(.*)$/) {
- my $fmatch = $1;
- return $tref if ($path =~ /$fmatch/);
- next;
- }
- elsif ($excmd =~ /^file:(.*)$/) {
- $regexp = $1;
- }
- }
- if ($test eq $tst) {
- return $tref if (!defined $regexp);
- my $found = 0;
- my $line;
- open( IN, $path ) || die "Can't Open File $path";
- while ($line = <IN>) {
- if ($line =~ /$regexp/i) {
- $found = 1;
- last;
- }
- }
- close IN;
- return $tref if $found == 1;
- }
- }
- return undef;
-}
-
-sub sanity_check_files {
- my $bad = 0;
- foreach (@fips_test_list) {
- next unless ref($_);
- my ( $tst, $cmd, $regexp, $req, $resp ) = @$_;
-
- #print STDERR "FILES $tst, $cmd, $req, $resp\n";
- if ( $req eq "" ) {
- print STDERR "WARNING: missing request file for $tst\n" unless $no_warn_missing;
- $bad = 1;
- next;
- }
- if ( $verify && $resp eq "" ) {
- print STDERR "WARNING: no response file for test $tst\n";
- $bad = 1;
- }
- elsif ( !$verify && $resp ne "" ) {
- print STDERR "WARNING: response file $resp will be overwritten\n";
- }
- }
- if ($bad) {
- print STDERR "ERROR: test vector file set not complete\n";
- exit(1) unless $ignore_missing;
- }
- if ($nbogus) {
- print STDERR
- "ERROR: $nbogus bogus or duplicate request and response files\n";
- exit(1) unless $ignore_bogus;
- }
- if ( $debug && !$nbogus && !$bad ) {
- print STDERR "test vector file set complete\n";
- }
-}
-
-sub run_tests {
- my ( $verify, $win32, $tprefix, $filter, $tvdir, $outfile ) = @_;
- my ( $tname, $tref );
- my $bad = 0;
- my $lastdir = "";
- $stprefix = $tprefix unless defined $stprefix;
- if ($outfile ne "") {
- open OUT, ">$outfile" || die "Can't open $outfile";
- }
- if ($outfile ne "" && !$minimal_script) {
- if ($win32) {
- print OUT <<\END;
-@echo off
-rem Test vector run script
-rem Auto generated by fipsalgtest.pl script
-rem Do not edit
-
-echo Running Algorithm Tests
-
-END
- } else {
- print OUT <<END;
-#!/bin/sh
-
-# Test vector run script
-# Auto generated by fipsalgtest.pl script
-# Do not edit
-
-echo Running Algorithm Tests
-
-RM="$rmcmd";
-MKDIR="$mkcmd";
-TPREFIX=$stprefix
-
-END
- }
-
- }
-
- my $ttype = "";
-
- foreach (@fips_test_list) {
- if ( !ref($_) ) {
- if ($outfile ne "") {
- print "Generating script for $_ tests\n";
- print OUT "\n\n\necho \"Running $_ tests\"\n" unless $minimal_script;
- } else {
- print "Running $_ tests\n" unless $quiet;
- }
- $ttype = $_;
- next;
- }
- my ( $tname, $tcmd, $regexp, $req, $rsp ) = @$_;
- my $out = $rsp;
- if ($verify) {
- $out =~ s/\.rsp$/.tst/;
- }
- if ( $req eq "" ) {
- print STDERR
- "WARNING: Request file for $tname missing: test skipped\n" unless $no_warn_missing;
- $skipcnt++;
- next;
- }
- if ( $verify && $rsp eq "" ) {
- print STDERR
- "WARNING: Response file for $tname missing: test skipped\n";
- $skipcnt++;
- next;
- }
- elsif ( !$verify ) {
- if ( $rsp ne "" ) {
- print STDERR "WARNING: Response file for $tname deleted\n";
- unlink $rsp;
- }
- $out = $req;
- $out =~ s|/req/(\S+)\.req|/$rspdir/$1.rsp|;
- my $outdir = $out;
- $outdir =~ s|/[^/]*$||;
- if ($outfile ne "") {
- if ($win32) {
- $outdir =~ tr|/|\\|;
- $req =~ tr|/|\\|;
- $out =~ tr|/|\\|;
- }
- if ($outdir ne $lastdir && !$minimal_script) {
- if ($win32) {
- print OUT <<END
-if exist \"$outdir\" rd /s /q "$outdir"
-md \"$outdir\"
-
-END
- } else {
- print OUT <<END
-\$RM \"$outdir\"
-\$MKDIR \"$outdir\"
-
-END
- }
- $lastdir = $outdir;
- }
- } elsif ( !-d $outdir ) {
- print STDERR "DEBUG: Creating directory $outdir\n" if $debug;
- mkdir($outdir) || die "Can't create directory $outdir";
- }
- }
- my $cmd = "$tcmd \"$req\" \"$out\"";
- print STDERR "DEBUG: running test $tname\n" if ( $debug && !$verify );
- if ($outfile ne "") {
- if ($minimal_script) {
- print OUT "$stprefix$cmd\n";
- } else {
- print OUT "echo \" running $tname test\"\n" unless $minimal_script;
- print OUT "\${TPREFIX}$cmd\n";
- }
- } else {
- $cmd = "$tprefix$cmd";
- system($cmd);
- if ( $? != 0 ) {
- print STDERR
- "WARNING: error executing test $tname for command: $cmd\n";
- $runerr++;
- next;
- }
- }
- if ($verify) {
- if ( exists $verify_special{"$ttype:$tname"} && !$cmpall) {
- my $vout = $rsp;
- $vout =~ s/\.rsp$/.ver/;
- $tcmd = $verify_special{"$ttype:$tname"};
- if ($tcmd eq "skip") {
- print STDERR "DEBUG: No verify possible: skipped.\n" if $debug;
- $scheckok++;
- next;
- }
- $cmd = "$tprefix$tcmd ";
- $cmd .= "\"$out\" \"$vout\"";
- system($cmd);
- if ( $? != 0 ) {
- print STDERR
- "WARNING: error executing verify test $tname $cmd\n";
- $scheckrunerr++;
- next;
- }
- my ( $fcount, $pcount ) = ( 0, 0 );
- open VER, "$vout";
- while (<VER>) {
- if (/^Result\s*=\s*(\S*)\s*$/i)
-
- {
- if ( $1 eq "F" ) {
- $fcount++;
- }
- else {
- $pcount++;
- }
- }
- }
- close VER;
-
- unlink $vout;
- if ( $fcount || $debug ) {
- print STDERR "DEBUG: $tname, Pass=$pcount, Fail=$fcount\n";
- }
- if ( $fcount || !$pcount ) {
- $scheckerr++;
- }
- else {
- $scheckok++;
- }
-
- }
- elsif ( !cmp_file( $tname, $rsp, $out ) ) {
- $cmperr++;
- }
- else {
- $cmpok++;
- }
- unlink $out;
- }
- }
- if ($outfile ne "") {
- print OUT "\n\necho All Tests Completed\n" unless $minimal_script;
- close OUT;
- }
-}
-
-sub cmp_file {
- my ( $tname, $rsp, $tst ) = @_;
- my ( $rspf, $tstf );
- my ( $rspline, $tstline );
- my $monte = 0;
- if ( !open( $rspf, $rsp ) ) {
- print STDERR "ERROR: can't open request file $rsp\n";
- return 0;
- }
- if ( !open( $tstf, $tst ) ) {
- print STDERR "ERROR: can't open output file $tst\n";
- return 0;
- }
- $monte = 1 if ($rsp =~ /Monte[123]/);
- for ( ; ; ) {
- $rspline = next_line($rspf);
- $tstline = next_line($tstf);
- if ( !defined($rspline) && !defined($tstline) ) {
- print STDERR "DEBUG: $tname file comparison OK\n" if $debug;
- return 1;
- }
- # Workaround for old broken DES3 MCT format which added bogus
- # extra lines: after [ENCRYPT] or [DECRYPT] skip until first
- # COUNT line.
- if ($monte) {
- if ($rspline =~ /CRYPT/) {
- do {
- $rspline = next_line($rspf);
- } while (defined($rspline) && $rspline !~ /COUNT/);
- }
- if ($tstline =~ /CRYPT/) {
- do {
- $tstline = next_line($tstf);
- } while (defined($tstline) && $tstline !~ /COUNT/);
- }
- }
- if ( !defined($rspline) ) {
- print STDERR "ERROR: $tname EOF on $rsp\n";
- return 0;
- }
- if ( !defined($tstline) ) {
- print STDERR "ERROR: $tname EOF on $tst\n";
- return 0;
- }
-
- # Workaround for bug in RAND des2 test output */
- if ( $tstline =~ /^Key2 =/ && $rspline =~ /^Key1 =/ ) {
- $rspline =~ s/^Key1/Key2/;
- }
-
- if ( $tstline ne $rspline ) {
- print STDERR "ERROR: $tname mismatch:\n";
- print STDERR "\t \"$tstline\" != \"$rspline\"\n";
- return 0;
- }
- }
- return 1;
-}
-
-sub next_line {
- my ($in) = @_;
-
- while (<$in>) {
- chomp;
-
- # Delete comments
- s/#.*$//;
-
- # Ignore blank lines
- next if (/^\s*$/);
-
- # Translate multiple space into one
- s/\s+/ /g;
- # Delete trailing whitespace
- s/\s+$//;
- # Remove leading zeroes
- s/= 00/= /;
- # Translate to upper case
- return uc $_;
- }
- return undef;
-}
+++ /dev/null
-#!/bin/sh -e
-#
-# Copyright (c) 2005-2011 The OpenSSL Project.
-#
-# Depending on output file name, the script either embeds fingerprint
-# into libcrypto.so or static application. "Static" refers to static
-# libcrypto.a, not [necessarily] application per se.
-#
-# Even though this script is called fipsld, it expects C compiler
-# command line syntax and $FIPSLD_CC or $CC environment variable set
-# and can even be used to compile source files.
-
-#set -x
-
-CC=${FIPSLD_CC:-${CC}}
-[ -n "${CC}" ] || { echo '$CC is not defined'; exit 1; }
-
-# Initially -c wasn't intended to be interpreted here, but it might
-# make life easier for those who want to build FIPS-ified applications
-# with minimal [if any] modifications to their Makefiles...
-( while [ "x$1" != "x" -a "x$1" != "x-c" -a "x$1" != "x-E" ]; do shift; done;
- [ $# -ge 1 ]
-) && exec ${CC} "$@"
-
-TARGET=`(while [ "x$1" != "x" -a "x$1" != "x-o" ]; do shift; done; echo $2)`
-
-# If using an auto-tooled (autoconf/automake/libtool) project,
-# configure will fail when testing the compiler or even performing
-# simple checks. Pass-through to compiler directly if application is
-# is not being linked with libcrypto, allowing auto-tooled applications
-# to utilize fipsld (e.g. CC=/usr/local/ssl/bin/fipsld FIPSLD_CC=gcc
-# ./configure && make). But keep in mind[!] that if certified code
-# resides in a shared library, then fipsld *may not* be used and
-# end-developer should not modify application configuration and build
-# procedures. This is because in-core fingerprint and associated
-# procedures are already embedded into and executed in shared library
-# context.
-case `basename "${TARGET}"` in
-libcrypto*|libfips*|*.dll) ;;
-*) case "$*" in
- *libcrypto.a*|*-lcrypto*|*fipscanister.o*) ;;
- *) exec ${CC} "$@" ;;
- esac
-esac
-
-[ -n "${TARGET}" ] || { echo 'no -o specified'; exit 1; }
-
-# Turn on debugging output?
-( while [ "x$1" != "x" -a "x$1" != "x-DDEBUG_FINGERPRINT_PREMAIN" ]; do shift; done;
- [ $# -ge 1 ]
-) && set -x
-
-THERE="`echo $0 | sed -e 's|[^/]*$||'`"..
-
-# fipscanister.o can appear in command line
-CANISTER_O=`(while [ "x$1" != "x" ]; do case "$1" in *fipscanister.o) echo $1; exit;; esac; shift; done)`
-if [ -z "${CANISTER_O}" ]; then
- # If set, FIPSLIBDIR is location of installed validated FIPS module
- if [ -n "${FIPSLIBDIR}" ]; then
- CANISTER_O="${FIPSLIBDIR}/fipscanister.o"
- elif [ -f "${THERE}/fips/fipscanister.o" ]; then
- CANISTER_O="${THERE}/fips/fipscanister.o"
- elif [ -f "${THERE}/lib/fipscanister.o" ]; then
- CANISTER_O="${THERE}/lib/fipscanister.o"
- fi
- CANISTER_O_CMD="${CANISTER_O}"
-fi
-[ -f ${CANISTER_O} ] || { echo "unable to find ${CANISTER_O}"; exit 1; }
-
-PREMAIN_C=`dirname "${CANISTER_O}"`/fips_premain.c
-
-HMAC_KEY="etaonrishdlcupfm"
-
-case "${CROSS_COMPILE:-`(uname -s) 2>/dev/null`}" in
-OSF1|IRIX*) _WL_PREMAIN="-Wl,-init,FINGERPRINT_premain" ;;
-HP-UX) _WL_PREMAIN="-Wl,+init,FINGERPRINT_premain" ;;
-AIX) _WL_PREMAIN="-Wl,-binitfini:FINGERPRINT_premain,-bnoobjreorder";;
-Darwin) ( while [ "x$1" != "x" -a "x$1" != "x-dynamiclib" ]; do shift; done;
- [ $# -ge 1 ]
- ) && _WL_PREMAIN="-Wl,-init,_FINGERPRINT_premain" ;;
-esac
-
-case "${TARGET}" in
-[!/]*) TARGET=./${TARGET} ;;
-esac
-
-case `basename "${TARGET}"` in
-lib*|*.dll) # must be linking a shared lib...
- # Shared lib creation can be taking place in the source
- # directory only, but fipscanister.o can reside elsewhere...
-
- if [ -x "${THERE}/fips/fips_standalone_sha1" ]; then
- FINGERTYPE="${THERE}/fips/fips_standalone_sha1"
- PREMAIN_DSO="${THERE}/fips/fips_premain_dso"
- elif [ -x "${THERE}/bin/fips_standalone_sha1" ]; then
- FINGERTYPE="${THERE}/bin/fips_standalone_sha1"
- PREMAIN_DSO="./fips_premain_dso"
- fi
-
- # verify fipspremain.c against its detached signature...
- ${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
- diff -w "${PREMAIN_C}.sha1" - || \
- { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
- # verify fipscanister.o against its detached signature...
- ${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
- diff -w "${CANISTER_O}.sha1" - || \
- { echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
-
- [ -z "${FIPSLD_LIBCRYPTO}" -a -f "${THERE}/libcrypto.a" ] && \
- FIPSLD_LIBCRYPTO="${THERE}/libcrypto.a"
-
-
- # Temporarily remove fipscanister.o from libcrypto.a!
- # We are required to use the standalone copy...
- if [ -n "${FIPSLD_LIBCRYPTO}" ]; then
- if ${CROSS_COMPILE}ar d "${FIPSLD_LIBCRYPTO}" fipscanister.o; then
- (${CROSS_COMPILE}ranlib "${FIPSLD_LIBCRYPTO}") 2>/dev/null || :
- trap '${CROSS_COMPILE}ar r "${FIPSLD_LIBCRYPTO}" "${CANISTER_O}";
- (${CROSS_COMPILE}ranlib "${FIPSLD_LIBCRYPTO}") 2>/dev/null || :;
- sleep 1;
- touch -c "${TARGET}"' 0
- fi
- fi
-
- /bin/rm -f "${TARGET}"
- ${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
- "${PREMAIN_C}" \
- ${_WL_PREMAIN} "$@"
-
- if [ "x${FIPS_SIG}" != "x" ]; then
- # embed signature
- "${FIPS_SIG}" "${TARGET}"
- [ $? -ne 42 ] && exit $?
- fi
-
- # generate signature...
- SIG=`"${PREMAIN_DSO}" "${TARGET}"`
-
- /bin/rm -f "${TARGET}"
- if [ -z "${SIG}" ]; then
- echo "unable to collect signature"; exit 1
- fi
-
- # recompile with signature...
- ${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
- -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
- ${_WL_PREMAIN} "$@"
- ;;
-
-*) # must be linking statically...
- # Static linking can be taking place either in the source
- # directory or off the installed binary target destination.
- if [ -x "${THERE}/fips/fips_standalone_sha1" ]; then
- FINGERTYPE="${THERE}/fips/fips_standalone_sha1"
- elif [ -x "${THERE}/bin/fips_standalone_sha1" ]; then
- FINGERTYPE="${THERE}/bin/fips_standalone_sha1"
- else # Installed tree is expected to contain
- # lib/fipscanister.o, lib/fipscanister.o.sha1 and
- # lib/fips_premain.c [not to mention bin/openssl].
- FINGERTYPE="${THERE}/bin/openssl sha1 -hmac ${HMAC_KEY}"
- fi
-
- # verify fipscanister.o against its detached signature...
- ${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
- diff -w "${CANISTER_O}.sha1" - || \
- { echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
-
- # verify fips_premain.c against its detached signature...
- ${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
- diff -w "${PREMAIN_C}.sha1" - || \
- { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
-
- /bin/rm -f "${TARGET}"
- ${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
- "${PREMAIN_C}" \
- ${_WL_PREMAIN} "$@"
-
- if [ "x${FIPS_SIG}" != "x" ]; then
- # embed signature
- "${FIPS_SIG}" "${TARGET}"
- [ $? -ne 42 ] && exit $?
- fi
-
- # generate signature...
- SIG=`"${TARGET}"`
-
- /bin/rm -f "${TARGET}"
- if [ -z "${SIG}" ]; then
- echo "unable to collect signature"; exit 1
- fi
-
- # recompile with signature...
- ${CC} ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
- -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
- ${_WL_PREMAIN} "$@"
- ;;
-esac
+++ /dev/null
-
-/* Where necessary redirect standard OpenSSL APIs to FIPS versions */
-
-#define CRYPTO_lock FIPS_lock
-#define CRYPTO_add_lock FIPS_add_lock
-#define CRYPTO_malloc FIPS_malloc
-#define CRYPTO_free FIPS_free
-
-#define ERR_put_error FIPS_put_error
-#define ERR_add_error_data FIPS_add_error_data
-
-#define EVP_MD_CTX_init FIPS_md_ctx_init
-#define EVP_MD_CTX_cleanup FIPS_md_ctx_cleanup
-#define EVP_MD_CTX_create FIPS_md_ctx_create
-#define EVP_MD_CTX_destroy FIPS_md_ctx_destroy
-#define EVP_DigestInit_ex(ctx, type, impl) FIPS_digestinit(ctx, type)
-#define EVP_DigestInit FIPS_digestinit
-#define EVP_DigestUpdate FIPS_digestupdate
-#define EVP_Digest(data, count, md, size, type, impl) \
- FIPS_digest(data, count, md, size, type)
-#define EVP_DigestFinal_ex FIPS_digestfinal
-#define EVP_MD_CTX_copy_ex FIPS_md_ctx_copy
-
-#define EVP_CipherInit_ex(ctx, cipher, impl, key, iv, enc) \
- FIPS_cipherinit(ctx, cipher, key, iv, enc)
-
-#define EVP_CipherInit FIPS_cipherinit
-
-#define EVP_CIPHER_CTX_init FIPS_cipher_ctx_init
-#define EVP_CIPHER_CTX_cleanup FIPS_cipher_ctx_cleanup
-#define EVP_Cipher FIPS_cipher
-#define EVP_CIPHER_CTX_ctrl FIPS_cipher_ctx_ctrl
-#define EVP_CIPHER_CTX_new FIPS_cipher_ctx_new
-#define EVP_CIPHER_CTX_free FIPS_cipher_ctx_free
-#define EVP_CIPHER_CTX_copy FIPS_cipher_ctx_copy
-#define EVP_CIPHER_CTX_set_key_length FIPS_cipher_ctx_set_key_length
-
-#define DSA_SIG_new FIPS_dsa_sig_new
-#define DSA_SIG_free FIPS_dsa_sig_free
-
-#define ECDSA_SIG_new FIPS_ecdsa_sig_new
-#define ECDSA_SIG_free FIPS_ecdsa_sig_free
-
-#define ecdsa_check fips_ecdsa_check
-#define ecdh_check fips_ecdh_check
-
-#define RAND_bytes FIPS_rand_bytes
-#define RAND_pseudo_bytes FIPS_rand_pseudo_bytes
-#define RAND_add FIPS_rand_add
-#define RAND_seed FIPS_rand_seed
-#define RAND_status FIPS_rand_status
-
-/* Rename symbols so they don't clash with standard OpenSSL */
-
-#define AES_cfb128_encrypt fips_aes_cfb128_encrypt
-#define AES_cfb1_encrypt fips_aes_cfb1_encrypt
-#define AES_cfb8_encrypt fips_aes_cfb8_encrypt
-#define AES_ecb_encrypt fips_aes_ecb_encrypt
-#define AES_ofb128_encrypt fips_aes_ofb128_encrypt
-#define BN_BLINDING_convert fips_bn_blinding_convert
-#define BN_BLINDING_convert_ex fips_bn_blinding_convert_ex
-#define BN_BLINDING_create_param fips_bn_blinding_create_param
-#define BN_BLINDING_free fips_bn_blinding_free
-#define BN_BLINDING_get_flags fips_bn_blinding_get_flags
-#define BN_BLINDING_invert fips_bn_blinding_invert
-#define BN_BLINDING_invert_ex fips_bn_blinding_invert_ex
-#define BN_BLINDING_new fips_bn_blinding_new
-#define BN_BLINDING_set_flags fips_bn_blinding_set_flags
-#define BN_BLINDING_thread_id fips_bn_blinding_thread_id
-#define BN_BLINDING_update fips_bn_blinding_update
-#define BN_BLINDING_get_thread_id fips_bn_blinding_get_thread_id
-#define BN_BLINDING_set_thread_id fips_bn_blinding_set_thread_id
-#define BN_CTX_end fips_bn_ctx_end
-#define BN_CTX_init fips_bn_ctx_init
-#define BN_CTX_free fips_bn_ctx_free
-#define BN_CTX_get fips_bn_ctx_get
-#define BN_CTX_new fips_bn_ctx_new
-#define BN_CTX_start fips_bn_ctx_start
-#define BN_GENCB_call fips_bn_gencb_call
-#define BN_GF2m_add fips_bn_gf2m_add
-#define BN_GF2m_arr2poly fips_bn_gf2m_arr2poly
-#define BN_GF2m_mod fips_bn_gf2m_mod
-#define BN_GF2m_mod_arr fips_bn_gf2m_mod_arr
-#define BN_GF2m_mod_div fips_bn_gf2m_mod_div
-#define BN_GF2m_mod_div_arr fips_bn_gf2m_mod_div_arr
-#define BN_GF2m_mod_exp fips_bn_gf2m_mod_exp
-#define BN_GF2m_mod_exp_arr fips_bn_gf2m_mod_exp_arr
-#define BN_GF2m_mod_inv fips_bn_gf2m_mod_inv
-#define BN_GF2m_mod_inv_arr fips_bn_gf2m_mod_inv_arr
-#define BN_GF2m_mod_mul fips_bn_gf2m_mod_mul
-#define BN_GF2m_mod_mul_arr fips_bn_gf2m_mod_mul_arr
-#define BN_GF2m_mod_solve_quad fips_bn_gf2m_mod_solve_quad
-#define BN_GF2m_mod_solve_quad_arr fips_bn_gf2m_mod_solve_quad_arr
-#define BN_GF2m_mod_sqr fips_bn_gf2m_mod_sqr
-#define BN_GF2m_mod_sqr_arr fips_bn_gf2m_mod_sqr_arr
-#define BN_GF2m_mod_sqrt fips_bn_gf2m_mod_sqrt
-#define BN_GF2m_mod_sqrt_arr fips_bn_gf2m_mod_sqrt_arr
-#define BN_GF2m_poly2arr fips_bn_gf2m_poly2arr
-#define BN_MONT_CTX_copy fips_bn_mont_ctx_copy
-#define BN_MONT_CTX_free fips_bn_mont_ctx_free
-#define BN_MONT_CTX_init fips_bn_mont_ctx_init
-#define BN_MONT_CTX_new fips_bn_mont_ctx_new
-#define BN_MONT_CTX_set fips_bn_mont_ctx_set
-#define BN_MONT_CTX_set_locked fips_bn_mont_ctx_set_locked
-#define BN_RECP_CTX_free fips_bn_recp_ctx_free
-#define BN_RECP_CTX_init fips_bn_recp_ctx_init
-#define BN_RECP_CTX_new fips_bn_recp_ctx_new
-#define BN_RECP_CTX_set fips_bn_recp_ctx_set
-#define BN_X931_derive_prime_ex FIPS_bn_x931_derive_prime_ex
-#define BN_X931_generate_Xpq FIPS_bn_x931_generate_xpq
-#define BN_X931_generate_prime_ex FIPS_bn_x931_generate_prime_ex
-#define BN_add fips_bn_add
-#define BN_add_word fips_bn_add_word
-#define BN_bin2bn FIPS_bn_bin2bn
-#define BN_bn2bin FIPS_bn_bn2bin
-#define BN_bntest_rand fips_bn_bntest_rand
-#define BN_clear FIPS_bn_clear
-#define BN_clear_bit fips_bn_clear_bit
-#define BN_clear_free FIPS_bn_clear_free
-#define BN_cmp fips_bn_cmp
-#define BN_copy fips_bn_copy
-#define BN_div fips_bn_div
-#define BN_div_recp fips_bn_div_recp
-#define BN_div_word fips_bn_div_word
-#define BN_dup fips_bn_dup
-#define BN_exp fips_bn_exp
-#define BN_free FIPS_bn_free
-#define BN_gcd fips_bn_gcd
-#define BN_generate_prime_ex FIPS_bn_generate_prime_ex
-#define BN_get0_nist_prime_192 fips_bn_get0_nist_prime_192
-#define BN_get0_nist_prime_224 fips_bn_get0_nist_prime_224
-#define BN_get0_nist_prime_256 fips_bn_get0_nist_prime_256
-#define BN_get0_nist_prime_384 fips_bn_get0_nist_prime_384
-#define BN_get0_nist_prime_521 fips_bn_get0_nist_prime_521
-#define BN_get_word FIPS_bn_get_word
-#define BN_init fips_bn_init
-#define BN_is_bit_set FIPS_bn_is_bit_set
-#define BN_is_prime_ex FIPS_bn_is_prime_ex
-#define BN_is_prime_fasttest_ex FIPS_bn_is_prime_fasttest_ex
-#define BN_lshift fips_bn_lshift
-#define BN_lshift1 fips_bn_lshift1
-#define BN_mask_bits fips_bn_mask_bits
-#define BN_mod_add fips_bn_mod_add
-#define BN_mod_add_quick fips_bn_mod_add_quick
-#define BN_mod_exp fips_bn_mod_exp
-#define BN_mod_exp2_mont fips_bn_mod_exp2_mont
-#define BN_mod_exp_mont fips_bn_mod_exp_mont
-#define BN_mod_exp_mont_consttime fips_bn_mod_exp_mont_consttime
-#define BN_mod_exp_mont_word fips_bn_mod_exp_mont_word
-#define BN_mod_exp_recp fips_bn_mod_exp_recp
-#define BN_mod_exp_simple fips_bn_mod_exp_simple
-#define BN_mod_inverse fips_bn_mod_inverse
-#define BN_mod_lshift fips_bn_mod_lshift
-#define BN_mod_lshift1 fips_bn_mod_lshift1
-#define BN_mod_lshift1_quick fips_bn_mod_lshift1_quick
-#define BN_mod_lshift_quick fips_bn_mod_lshift_quick
-#define BN_mod_mul fips_bn_mod_mul
-#define BN_mod_mul_montgomery fips_bn_mod_mul_montgomery
-#define BN_mod_mul_reciprocal fips_bn_mod_mul_reciprocal
-#define BN_mod_sqr fips_bn_mod_sqr
-#define BN_mod_sub fips_bn_mod_sub
-#define BN_mod_sub_quick fips_bn_mod_sub_quick
-#define BN_mod_word fips_bn_mod_word
-#define BN_mul fips_bn_mul
-#define BN_mul_word fips_bn_mul_word
-#define BN_new FIPS_bn_new
-#define BN_nist_mod_192 fips_bn_nist_mod_192
-#define BN_nist_mod_224 fips_bn_nist_mod_224
-#define BN_nist_mod_256 fips_bn_nist_mod_256
-#define BN_nist_mod_384 fips_bn_nist_mod_384
-#define BN_nist_mod_521 fips_bn_nist_mod_521
-#define BN_nist_mod_func fips_bn_nist_mod_func
-#define BN_nnmod fips_bn_nnmod
-#define BN_num_bits FIPS_bn_num_bits
-#define BN_pseudo_rand FIPS_bn_pseudo_rand
-#define BN_pseudo_rand_range FIPS_bn_pseudo_rand_range
-#define BN_rand FIPS_bn_rand
-#define BN_rand_range FIPS_bn_rand_range
-#define BN_reciprocal fips_bn_reciprocal
-#define BN_rshift fips_bn_rshift
-#define BN_rshift1 fips_bn_rshift1
-#define BN_set_bit FIPS_bn_set_bit
-#define BN_set_negative fips_bn_set_negative
-#define BN_set_word fips_bn_set_word
-#define BN_sqr fips_bn_sqr
-#define BN_sub fips_bn_sub
-#define BN_sub_word fips_bn_sub_word
-#define BN_swap fips_bn_swap
-#define BN_uadd fips_bn_uadd
-#define BN_ucmp fips_bn_ucmp
-#define BN_usub fips_bn_usub
-#define BN_value_one fips_bn_value_one
-#define BN_set_params fips_bn_set_params
-#define BN_get_params fips_bn_get_params
-#define BN_version FIPS_bn_version
-#define BUF_memdup fips_buf_memdup
-#define BUF_strdup fips_buf_strdup
-#define BUF_strlcat fips_buf_strlcat
-#define BUF_strlcpy fips_buf_strlcpy
-#define BUF_strndup fips_buf_strndup
-#define DllMain fips_dllmain
-#define CRYPTO_THREADID_cmp fips_crypto_threadid_cmp
-#define CRYPTO_THREADID_cpy fips_crypto_threadid_cpy
-#define CRYPTO_THREADID_current fips_crypto_threadid_current
-#define CRYPTO_THREADID_get_callback FIPS_crypto_threadid_get_callback
-#define CRYPTO_THREADID_hash FIPS_crypto_threadid_hash
-#define CRYPTO_THREADID_set_callback FIPS_crypto_threadid_set_callback
-#define CRYPTO_THREADID_set_numeric FIPS_crypto_threadid_set_numeric
-#define CRYPTO_THREADID_set_pointer FIPS_crypto_threadid_set_pointer
-#define CRYPTO_get_id_callback FIPS_crypto_get_id_callback
-#define CRYPTO_set_id_callback FIPS_crypto_set_id_callback
-#define CRYPTO_thread_id FIPS_crypto_thread_id
-#define CRYPTO_ccm128_aad fips_crypto_ccm128_aad
-#define CRYPTO_ccm128_decrypt fips_crypto_ccm128_decrypt
-#define CRYPTO_ccm128_decrypt_ccm64 fips_crypto_ccm128_decrypt_ccm64
-#define CRYPTO_ccm128_encrypt fips_crypto_ccm128_encrypt
-#define CRYPTO_ccm128_encrypt_ccm64 fips_crypto_ccm128_encrypt_ccm64
-#define CRYPTO_ccm128_init fips_crypto_ccm128_init
-#define CRYPTO_ccm128_setiv fips_crypto_ccm128_setiv
-#define CRYPTO_ccm128_tag fips_crypto_ccm128_tag
-#define CRYPTO_cbc128_decrypt fips_crypto_cbc128_decrypt
-#define CRYPTO_cbc128_encrypt fips_crypto_cbc128_encrypt
-#define CRYPTO_cfb128_1_encrypt fips_crypto_cfb128_1_encrypt
-#define CRYPTO_cfb128_8_encrypt fips_crypto_cfb128_8_encrypt
-#define CRYPTO_cfb128_encrypt fips_crypto_cfb128_encrypt
-#define CRYPTO_ctr128_encrypt fips_crypto_ctr128_encrypt
-#define CRYPTO_ctr128_encrypt_ctr32 fips_crypto_ctr128_encrypt_ctr32
-#define CRYPTO_gcm128_aad fips_crypto_gcm128_aad
-#define CRYPTO_gcm128_decrypt fips_crypto_gcm128_decrypt
-#define CRYPTO_gcm128_decrypt_ctr32 fips_crypto_gcm128_decrypt_ctr32
-#define CRYPTO_gcm128_encrypt fips_crypto_gcm128_encrypt
-#define CRYPTO_gcm128_encrypt_ctr32 fips_crypto_gcm128_encrypt_ctr32
-#define CRYPTO_gcm128_finish fips_crypto_gcm128_finish
-#define CRYPTO_gcm128_init fips_crypto_gcm128_init
-#define CRYPTO_gcm128_new fips_crypto_gcm128_new
-#define CRYPTO_gcm128_release fips_crypto_gcm128_release
-#define CRYPTO_gcm128_setiv fips_crypto_gcm128_setiv
-#define CRYPTO_gcm128_tag fips_crypto_gcm128_tag
-#define CRYPTO_ofb128_encrypt fips_crypto_ofb128_encrypt
-#define CRYPTO_xts128_encrypt fips_crypto_xts128_encrypt
-#define DES_cfb64_encrypt fips_des_cfb64_encrypt
-#define DES_cfb_encrypt fips_des_cfb_encrypt
-#define DES_check_key_parity FIPS_des_check_key_parity
-#define DES_crypt fips_des_crypt
-#define DES_ecb3_encrypt fips_des_ecb3_encrypt
-#define DES_ede3_cfb64_encrypt fips_des_ede3_cfb64_encrypt
-#define DES_ede3_cfb_encrypt fips_des_ede3_cfb_encrypt
-#define DES_ede3_ofb64_encrypt fips_des_ede3_ofb64_encrypt
-#define DES_fcrypt fips_des_fcrypt
-#define DES_is_weak_key fips_des_is_weak_key
-#define DES_key_sched fips_des_key_sched
-#define DES_set_key fips_des_set_key
-#define DES_set_key_checked fips_des_set_key_checked
-#define DES_set_key_unchecked fips_des_set_key_unchecked
-#define DES_set_odd_parity fips_des_set_odd_parity
-#define DH_OpenSSL FIPS_dh_openssl
-#define DH_check FIPS_dh_check
-#define DH_check_pub_key FIPS_dh_check_pub_key
-#define DH_compute_key FIPS_dh_compute_key
-#define DH_generate_key FIPS_dh_generate_key
-#define DH_generate_parameters_ex FIPS_dh_generate_parameters_ex
-#define DSA_OpenSSL FIPS_dsa_openssl
-#define DSA_generate_key FIPS_dsa_generate_key
-#define DSA_generate_parameters_ex FIPS_dsa_generate_parameters_ex
-#define ECDSA_OpenSSL FIPS_ecdsa_openssl
-#define EC_EX_DATA_clear_free_all_data fips_ec_ex_data_clear_free_all_data
-#define EC_EX_DATA_clear_free_data fips_ec_ex_data_clear_free_data
-#define EC_EX_DATA_free_all_data fips_ec_ex_data_free_all_data
-#define EC_EX_DATA_free_data fips_ec_ex_data_free_data
-#define EC_EX_DATA_get_data fips_ec_ex_data_get_data
-#define EC_EX_DATA_set_data fips_ec_ex_data_set_data
-#define EC_GF2m_simple_method fips_ec_gf2m_simple_method
-#define EC_GFp_mont_method fips_ec_gfp_mont_method
-#define EC_GFp_nist_method fips_ec_gfp_nist_method
-#define EC_GFp_simple_method fips_ec_gfp_simple_method
-#define EC_GROUP_check_discriminant fips_ec_group_check_discriminant
-#define EC_GROUP_clear_free FIPS_ec_group_clear_free
-#define EC_GROUP_cmp fips_ec_group_cmp
-#define EC_GROUP_copy fips_ec_group_copy
-#define EC_GROUP_dup fips_ec_group_dup
-#define EC_GROUP_free fips_ec_group_free
-#define EC_GROUP_get0_generator FIPS_ec_group_get0_generator
-#define EC_GROUP_get0_seed FIPS_ec_group_get0_seed
-#define EC_GROUP_get_asn1_flag FIPS_ec_group_get_asn1_flag
-#define EC_GROUP_get_cofactor FIPS_ec_group_get_cofactor
-#define EC_GROUP_get_curve_GF2m FIPS_ec_group_get_curve_gf2m
-#define EC_GROUP_get_curve_GFp FIPS_ec_group_get_curve_gfp
-#define EC_GROUP_get_curve_name FIPS_ec_group_get_curve_name
-#define EC_GROUP_get_degree FIPS_ec_group_get_degree
-#define EC_GROUP_get_order FIPS_ec_group_get_order
-#define EC_GROUP_get_point_conversion_form fips_ec_group_get_point_conversion_form
-#define EC_GROUP_get_seed_len fips_ec_group_get_seed_len
-#define EC_GROUP_have_precompute_mult fips_ec_group_have_precompute_mult
-#define EC_GROUP_method_of FIPS_ec_group_method_of
-#define EC_GROUP_new FIPS_ec_group_new
-#define EC_GROUP_new_by_curve_name FIPS_ec_group_new_by_curve_name
-#define EC_GROUP_new_curve_GF2m FIPS_ec_group_new_curve_gf2m
-#define EC_GROUP_new_curve_GFp FIPS_ec_group_new_curve_gfp
-#define EC_GROUP_precompute_mult FIPS_ec_group_precompute_mult
-#define EC_GROUP_set_asn1_flag FIPS_ec_group_set_asn1_flag
-#define EC_GROUP_set_curve_GF2m FIPS_ec_group_set_curve_gf2m
-#define EC_GROUP_set_curve_GFp FIPS_ec_group_set_curve_gfp
-#define EC_GROUP_set_curve_name FIPS_ec_group_set_curve_name
-#define EC_GROUP_set_generator FIPS_ec_group_set_generator
-#define EC_GROUP_set_point_conversion_form FIPS_ec_group_set_point_conversion_form
-#define EC_GROUP_set_seed fips_ec_group_set_seed
-#define EC_KEY_check_key FIPS_ec_key_check_key
-#define EC_KEY_copy FIPS_ec_key_copy
-#define EC_KEY_dup FIPS_ec_key_dup
-#define EC_KEY_free FIPS_ec_key_free
-#define EC_KEY_generate_key FIPS_ec_key_generate_key
-#define EC_KEY_get0_group FIPS_ec_key_get0_group
-#define EC_KEY_get0_private_key FIPS_ec_key_get0_private_key
-#define EC_KEY_get0_public_key FIPS_ec_key_get0_public_key
-#define EC_KEY_get_conv_form FIPS_ec_key_get_conv_form
-#define EC_KEY_get_enc_flags FIPS_ec_key_get_enc_flags
-#define EC_KEY_get_key_method_data FIPS_ec_key_get_key_method_data
-#define EC_KEY_insert_key_method_data FIPS_ec_key_insert_key_method_data
-#define EC_KEY_new FIPS_ec_key_new
-#define EC_KEY_new_by_curve_name FIPS_ec_key_new_by_curve_name
-#define EC_KEY_precompute_mult FIPS_ec_key_precompute_mult
-#define EC_KEY_set_asn1_flag FIPS_ec_key_set_asn1_flag
-#define EC_KEY_set_conv_form FIPS_ec_key_set_conv_form
-#define EC_KEY_set_enc_flags FIPS_ec_key_set_enc_flags
-#define EC_KEY_set_flags FIPS_ec_key_set_flags
-#define EC_KEY_clear_flags FIPS_ec_key_clear_flags
-#define EC_KEY_get_flags FIPS_ec_key_get_flags
-#define EC_KEY_set_group FIPS_ec_key_set_group
-#define EC_KEY_set_private_key FIPS_ec_key_set_private_key
-#define EC_KEY_set_public_key FIPS_ec_key_set_public_key
-#define EC_KEY_set_public_key_affine_coordinates FIPS_ec_key_set_public_key_affine_coordinates
-#define EC_KEY_up_ref FIPS_ec_key_up_ref
-#define EC_METHOD_get_field_type FIPS_ec_method_get_field_type
-#define EC_POINT_add fips_ec_point_add
-#define EC_POINT_clear_free FIPS_ec_point_clear_free
-#define EC_POINT_cmp fips_ec_point_cmp
-#define EC_POINT_copy fips_ec_point_copy
-#define EC_POINT_dbl fips_ec_point_dbl
-#define EC_POINT_dup fips_ec_point_dup
-#define EC_POINT_free FIPS_ec_point_free
-#define EC_POINT_get_Jprojective_coordinates_GFp FIPS_ec_point_get_jprojective_coordinates_gfp
-#define EC_POINT_get_affine_coordinates_GF2m FIPS_ec_point_get_affine_coordinates_gf2m
-#define EC_POINT_get_affine_coordinates_GFp FIPS_ec_point_get_affine_coordinates_gfp
-#define EC_POINT_invert fips_ec_point_invert
-#define EC_POINT_is_at_infinity FIPS_ec_point_is_at_infinity
-#define EC_POINT_is_on_curve FIPS_ec_point_is_on_curve
-#define EC_POINT_make_affine FIPS_ec_point_make_affine
-#define EC_POINT_method_of FIPS_ec_point_method_of
-#define EC_POINT_mul FIPS_ec_point_mul
-#define EC_POINT_new FIPS_ec_point_new
-#define EC_POINT_set_Jprojective_coordinates_GFp fips_ec_point_set_jprojective_coordinates_gfp
-#define EC_POINT_set_affine_coordinates_GF2m fips_ec_point_set_affine_coordinates_gf2m
-#define EC_POINT_set_affine_coordinates_GFp fips_ec_point_set_affine_coordinates_gfp
-#define EC_POINT_set_to_infinity FIPS_ec_point_set_to_infinity
-#define EC_POINTs_make_affine FIPS_ec_points_make_affine
-#define EC_POINTs_mul fips_ec_points_mul
-#define EC_get_builtin_curves FIPS_ec_get_builtin_curves
-#define EVP_aes_128_cbc FIPS_evp_aes_128_cbc
-#define EVP_aes_128_ccm FIPS_evp_aes_128_ccm
-#define EVP_aes_128_cfb1 FIPS_evp_aes_128_cfb1
-#define EVP_aes_128_cfb128 FIPS_evp_aes_128_cfb128
-#define EVP_aes_128_cfb8 FIPS_evp_aes_128_cfb8
-#define EVP_aes_128_ctr FIPS_evp_aes_128_ctr
-#define EVP_aes_128_ecb FIPS_evp_aes_128_ecb
-#define EVP_aes_128_gcm FIPS_evp_aes_128_gcm
-#define EVP_aes_128_ofb FIPS_evp_aes_128_ofb
-#define EVP_aes_128_xts FIPS_evp_aes_128_xts
-#define EVP_aes_192_cbc FIPS_evp_aes_192_cbc
-#define EVP_aes_192_ccm FIPS_evp_aes_192_ccm
-#define EVP_aes_192_cfb1 FIPS_evp_aes_192_cfb1
-#define EVP_aes_192_cfb128 FIPS_evp_aes_192_cfb128
-#define EVP_aes_192_cfb8 FIPS_evp_aes_192_cfb8
-#define EVP_aes_192_ctr FIPS_evp_aes_192_ctr
-#define EVP_aes_192_ecb FIPS_evp_aes_192_ecb
-#define EVP_aes_192_gcm FIPS_evp_aes_192_gcm
-#define EVP_aes_192_ofb FIPS_evp_aes_192_ofb
-#define EVP_aes_256_cbc FIPS_evp_aes_256_cbc
-#define EVP_aes_256_ccm FIPS_evp_aes_256_ccm
-#define EVP_aes_256_cfb1 FIPS_evp_aes_256_cfb1
-#define EVP_aes_256_cfb128 FIPS_evp_aes_256_cfb128
-#define EVP_aes_256_cfb8 FIPS_evp_aes_256_cfb8
-#define EVP_aes_256_ctr FIPS_evp_aes_256_ctr
-#define EVP_aes_256_ecb FIPS_evp_aes_256_ecb
-#define EVP_aes_256_gcm FIPS_evp_aes_256_gcm
-#define EVP_aes_256_ofb FIPS_evp_aes_256_ofb
-#define EVP_aes_256_xts FIPS_evp_aes_256_xts
-#define EVP_des_ede FIPS_evp_des_ede
-#define EVP_des_ede3 FIPS_evp_des_ede3
-#define EVP_des_ede3_cbc FIPS_evp_des_ede3_cbc
-#define EVP_des_ede3_cfb1 FIPS_evp_des_ede3_cfb1
-#define EVP_des_ede3_cfb64 FIPS_evp_des_ede3_cfb64
-#define EVP_des_ede3_cfb8 FIPS_evp_des_ede3_cfb8
-#define EVP_des_ede3_ecb FIPS_evp_des_ede3_ecb
-#define EVP_des_ede3_ofb FIPS_evp_des_ede3_ofb
-#define EVP_des_ede_cbc FIPS_evp_des_ede_cbc
-#define EVP_des_ede_cfb64 FIPS_evp_des_ede_cfb64
-#define EVP_des_ede_ecb FIPS_evp_des_ede_ecb
-#define EVP_des_ede_ofb FIPS_evp_des_ede_ofb
-#define EVP_enc_null FIPS_evp_enc_null
-#define EVP_sha1 FIPS_evp_sha1
-#define EVP_dss FIPS_evp_dss
-#define EVP_dss1 FIPS_evp_dss1
-#define EVP_ecdsa FIPS_evp_ecdsa
-#define EVP_sha224 FIPS_evp_sha224
-#define EVP_sha256 FIPS_evp_sha256
-#define EVP_sha384 FIPS_evp_sha384
-#define EVP_sha512 FIPS_evp_sha512
-#define HMAC FIPS_hmac
-#define HMAC_CTX_cleanup FIPS_hmac_ctx_cleanup
-#define HMAC_CTX_copy FIPS_hmac_ctx_copy
-#define HMAC_CTX_init FIPS_hmac_ctx_init
-#define HMAC_CTX_set_flags FIPS_hmac_ctx_set_flags
-#define HMAC_Final FIPS_hmac_final
-#define HMAC_Init FIPS_hmac_init
-#define HMAC_Init_ex FIPS_hmac_init_ex
-#define HMAC_Update FIPS_hmac_update
-#define OPENSSL_NONPIC_relocated fips_openssl_nonpic_relocated
-#define OPENSSL_ia32cap_loc fips_openssl_ia32cap_loc
-#define OPENSSL_isservice fips_openssl_isservice
-#define OPENSSL_issetugid fips_openssl_issetugid
-#define OPENSSL_showfatal FIPS_openssl_showfatal
-#define OPENSSL_stderr FIPS_openssl_stderr
-#define OpenSSLDie FIPS_openssldie
-#define PKCS1_MGF1 fips_pkcs1_mgf1
-#define RSA_PKCS1_SSLeay FIPS_rsa_pkcs1_ssleay
-#define RSA_X931_derive_ex FIPS_rsa_x931_derive_ex
-#define RSA_X931_generate_key_ex FIPS_rsa_x931_generate_key_ex
-#define RSA_X931_hash_id fips_rsa_x931_hash_id
-#define RSA_blinding_off FIPS_rsa_blinding_off
-#define RSA_blinding_on FIPS_rsa_blinding_on
-#define RSA_flags FIPS_rsa_flags
-#define RSA_generate_key_ex FIPS_rsa_generate_key_ex
-#define RSA_padding_add_PKCS1_OAEP fips_rsa_padding_add_pkcs1_oaep
-#define RSA_padding_add_PKCS1_PSS fips_rsa_padding_add_pkcs1_pss
-#define RSA_padding_add_PKCS1_PSS_mgf1 fips_rsa_padding_add_pkcs1_pss_mgf1
-#define RSA_padding_add_PKCS1_type_1 fips_rsa_padding_add_pkcs1_type_1
-#define RSA_padding_add_PKCS1_type_2 fips_rsa_padding_add_pkcs1_type_2
-#define RSA_padding_add_SSLv23 fips_rsa_padding_add_sslv23
-#define RSA_padding_add_X931 fips_rsa_padding_add_x931
-#define RSA_padding_add_none fips_rsa_padding_add_none
-#define RSA_padding_check_PKCS1_OAEP fips_rsa_padding_check_pkcs1_oaep
-#define RSA_padding_check_PKCS1_type_1 fips_rsa_padding_check_pkcs1_type_1
-#define RSA_padding_check_PKCS1_type_2 fips_rsa_padding_check_pkcs1_type_2
-#define RSA_padding_check_SSLv23 fips_rsa_padding_check_sslv23
-#define RSA_padding_check_X931 fips_rsa_padding_check_x931
-#define RSA_padding_check_none fips_rsa_padding_check_none
-#define RSA_private_decrypt FIPS_rsa_private_decrypt
-#define RSA_private_encrypt FIPS_rsa_private_encrypt
-#define RSA_public_decrypt FIPS_rsa_public_decrypt
-#define RSA_public_encrypt FIPS_rsa_public_encrypt
-#define RSA_setup_blinding fips_rsa_setup_blinding
-#define RSA_size FIPS_rsa_size
-#define RSA_verify_PKCS1_PSS fips_rsa_verify_pkcs1_pss
-#define RSA_verify_PKCS1_PSS_mgf1 fips_rsa_verify_pkcs1_pss_mgf1
-#define SHA1_Final fips_sha1_final
-#define SHA1_Init fips_sha1_init
-#define SHA1_Transform fips_sha1_transform
-#define SHA1_Update fips_sha1_update
-#define SHA1_version fips_sha1_version
-#define SHA224 fips_sha224
-#define SHA224_Final fips_sha224_final
-#define SHA224_Init fips_sha224_init
-#define SHA224_Update fips_sha224_update
-#define SHA256_Final fips_sha256_final
-#define SHA256_Init fips_sha256_init
-#define SHA256_Transform fips_sha256_transform
-#define SHA256_Update fips_sha256_update
-#define SHA256_version fips_sha256_version
-#define SHA384 fips_sha384
-#define SHA384_Final fips_sha384_final
-#define SHA384_Init fips_sha384_init
-#define SHA384_Update fips_sha384_update
-#define SHA512_Final fips_sha512_final
-#define SHA512_Init fips_sha512_init
-#define SHA512_Transform fips_sha512_transform
-#define SHA512_Update fips_sha512_update
-#define SHA512_version fips_sha512_version
-#define _shadow_DES_check_key fips__shadow_des_check_key
-#define bn_add_part_words fips_bn_add_part_words
-#define bn_cmp_part_words fips_bn_cmp_part_words
-#define bn_cmp_words fips_bn_cmp_words
-#define bn_dup_expand fips_bn_dup_expand
-#define bn_expand2 fips_bn_expand2
-#define bn_mul_high fips_bn_mul_high
-#define bn_mul_low_normal fips_bn_mul_low_normal
-#define bn_mul_low_recursive fips_bn_mul_low_recursive
-#define bn_mul_normal fips_bn_mul_normal
-#define bn_mul_part_recursive fips_bn_mul_part_recursive
-#define bn_mul_recursive fips_bn_mul_recursive
-#define bn_sqr_normal fips_bn_sqr_normal
-#define bn_sqr_recursive fips_bn_sqr_recursive
-#define dsa_builtin_paramgen fips_dsa_builtin_paramgen
-#define dsa_builtin_paramgen2 fips_dsa_builtin_paramgen2
-#define dsa_paramgen_check_g fips_dsa_paramgen_check_g
-#define ec_GF2m_have_precompute_mult fips_ec_gf2m_have_precompute_mult
-#define ec_GF2m_precompute_mult fips_ec_gf2m_precompute_mult
-#define ec_GF2m_simple_add fips_ec_gf2m_simple_add
-#define ec_GF2m_simple_cmp fips_ec_gf2m_simple_cmp
-#define ec_GF2m_simple_dbl fips_ec_gf2m_simple_dbl
-#define ec_GF2m_simple_field_div fips_ec_gf2m_simple_field_div
-#define ec_GF2m_simple_field_mul fips_ec_gf2m_simple_field_mul
-#define ec_GF2m_simple_field_sqr fips_ec_gf2m_simple_field_sqr
-#define ec_GF2m_simple_group_check_discriminant fips_ec_gf2m_simple_group_check_discriminant
-#define ec_GF2m_simple_group_clear_finish fips_ec_gf2m_simple_group_clear_finish
-#define ec_GF2m_simple_group_copy fips_ec_gf2m_simple_group_copy
-#define ec_GF2m_simple_group_finish fips_ec_gf2m_simple_group_finish
-#define ec_GF2m_simple_group_get_curve fips_ec_gf2m_simple_group_get_curve
-#define ec_GF2m_simple_group_get_degree fips_ec_gf2m_simple_group_get_degree
-#define ec_GF2m_simple_group_init fips_ec_gf2m_simple_group_init
-#define ec_GF2m_simple_group_set_curve fips_ec_gf2m_simple_group_set_curve
-#define ec_GF2m_simple_invert fips_ec_gf2m_simple_invert
-#define ec_GF2m_simple_is_at_infinity fips_ec_gf2m_simple_is_at_infinity
-#define ec_GF2m_simple_is_on_curve fips_ec_gf2m_simple_is_on_curve
-#define ec_GF2m_simple_make_affine fips_ec_gf2m_simple_make_affine
-#define ec_GF2m_simple_mul fips_ec_gf2m_simple_mul
-#define ec_GF2m_simple_point_clear_finish fips_ec_gf2m_simple_point_clear_finish
-#define ec_GF2m_simple_point_copy fips_ec_gf2m_simple_point_copy
-#define ec_GF2m_simple_point_finish fips_ec_gf2m_simple_point_finish
-#define ec_GF2m_simple_point_get_affine_coordinates fips_ec_gf2m_simple_point_get_affine_coordinates
-#define ec_GF2m_simple_point_init fips_ec_gf2m_simple_point_init
-#define ec_GF2m_simple_point_set_affine_coordinates fips_ec_gf2m_simple_point_set_affine_coordinates
-#define ec_GF2m_simple_point_set_to_infinity fips_ec_gf2m_simple_point_set_to_infinity
-#define ec_GF2m_simple_points_make_affine fips_ec_gf2m_simple_points_make_affine
-#define ec_GFp_mont_field_decode fips_ec_gfp_mont_field_decode
-#define ec_GFp_mont_field_encode fips_ec_gfp_mont_field_encode
-#define ec_GFp_mont_field_mul fips_ec_gfp_mont_field_mul
-#define ec_GFp_mont_field_set_to_one fips_ec_gfp_mont_field_set_to_one
-#define ec_GFp_mont_field_sqr fips_ec_gfp_mont_field_sqr
-#define ec_GFp_mont_group_clear_finish fips_ec_gfp_mont_group_clear_finish
-#define ec_GFp_mont_group_copy fips_ec_gfp_mont_group_copy
-#define ec_GFp_mont_group_finish fips_ec_gfp_mont_group_finish
-#define ec_GFp_mont_group_init fips_ec_gfp_mont_group_init
-#define ec_GFp_mont_group_set_curve fips_ec_gfp_mont_group_set_curve
-#define ec_GFp_nist_field_mul fips_ec_gfp_nist_field_mul
-#define ec_GFp_nist_field_sqr fips_ec_gfp_nist_field_sqr
-#define ec_GFp_nist_group_copy fips_ec_gfp_nist_group_copy
-#define ec_GFp_nist_group_set_curve fips_ec_gfp_nist_group_set_curve
-#define ec_GFp_simple_add fips_ec_gfp_simple_add
-#define ec_GFp_simple_cmp fips_ec_gfp_simple_cmp
-#define ec_GFp_simple_dbl fips_ec_gfp_simple_dbl
-#define ec_GFp_simple_field_mul fips_ec_gfp_simple_field_mul
-#define ec_GFp_simple_field_sqr fips_ec_gfp_simple_field_sqr
-#define ec_GFp_simple_get_Jprojective_coordinates_GFp fips_ec_gfp_simple_get_jprojective_coordinates_gfp
-#define ec_GFp_simple_group_check_discriminant fips_ec_gfp_simple_group_check_discriminant
-#define ec_GFp_simple_group_clear_finish fips_ec_gfp_simple_group_clear_finish
-#define ec_GFp_simple_group_copy fips_ec_gfp_simple_group_copy
-#define ec_GFp_simple_group_finish fips_ec_gfp_simple_group_finish
-#define ec_GFp_simple_group_get_curve fips_ec_gfp_simple_group_get_curve
-#define ec_GFp_simple_group_get_degree fips_ec_gfp_simple_group_get_degree
-#define ec_GFp_simple_group_init fips_ec_gfp_simple_group_init
-#define ec_GFp_simple_group_set_curve fips_ec_gfp_simple_group_set_curve
-#define ec_GFp_simple_invert fips_ec_gfp_simple_invert
-#define ec_GFp_simple_is_at_infinity fips_ec_gfp_simple_is_at_infinity
-#define ec_GFp_simple_is_on_curve fips_ec_gfp_simple_is_on_curve
-#define ec_GFp_simple_make_affine fips_ec_gfp_simple_make_affine
-#define ec_GFp_simple_point_clear_finish fips_ec_gfp_simple_point_clear_finish
-#define ec_GFp_simple_point_copy fips_ec_gfp_simple_point_copy
-#define ec_GFp_simple_point_finish fips_ec_gfp_simple_point_finish
-#define ec_GFp_simple_point_get_affine_coordinates fips_ec_gfp_simple_point_get_affine_coordinates
-#define ec_GFp_simple_point_init fips_ec_gfp_simple_point_init
-#define ec_GFp_simple_point_set_affine_coordinates fips_ec_gfp_simple_point_set_affine_coordinates
-#define ec_GFp_simple_point_set_to_infinity fips_ec_gfp_simple_point_set_to_infinity
-#define ec_GFp_simple_points_make_affine fips_ec_gfp_simple_points_make_affine
-#define ec_GFp_simple_set_Jprojective_coordinates_GFp fips_ec_gfp_simple_set_jprojective_coordinates_gfp
-#define ec_wNAF_have_precompute_mult fips_ec_wnaf_have_precompute_mult
-#define ec_wNAF_mul fips_ec_wnaf_mul
-#define ec_wNAF_precompute_mult fips_ec_wnaf_precompute_mult
-#define int_bn_mod_inverse fips_int_bn_mod_inverse
-#define cleanse_ctr fips_cleanse_ctr
-#define DH_compute_key_padded FIPS_dh_compute_key_padded
-#define ECDH_OpenSSL FIPS_ecdh_openssl
-#define ECDH_compute_key FIPS_ecdh_compute_key
-
-#define CMAC_CTX_cleanup FIPS_cmac_ctx_cleanup
-#define CMAC_CTX_copy FIPS_cmac_ctx_copy
-#define CMAC_CTX_free FIPS_cmac_ctx_free
-#define CMAC_CTX_get0_cipher_ctx FIPS_cmac_ctx_get0_cipher_ctx
-#define CMAC_CTX_new FIPS_cmac_ctx_new
-#define CMAC_Init FIPS_cmac_init
-#define CMAC_Update FIPS_cmac_update
-#define CMAC_Final FIPS_cmac_final
-#define CMAC_resume FIPS_cmac_resume
-
-/* assembler symbols */
-#define gcm_gmult_4bit_x86 fips_gcm_gmult_4bit_x86
-#define gcm_ghash_4bit_x86 fips_gcm_ghash_4bit_x86
-#define AES_cbc_encrypt fips_aes_cbc_encrypt
-#define AES_decrypt fips_aes_decrypt
-#define AES_encrypt fips_aes_encrypt
-#define AES_set_decrypt_key fips_aes_set_decrypt_key
-#define AES_set_encrypt_key fips_aes_set_encrypt_key
-#define BN_from_montgomery fips_bn_from_montgomery
-#define BN_num_bits_word FIPS_bn_num_bits_word
-#define DES_SPtrans fips_des_sptrans
-#define DES_decrypt3 fips_des_decrypt3
-#define DES_ede3_cbc_encrypt fips_des_ede3_cbc_encrypt
-#define DES_encrypt1 fips_des_encrypt1
-#define DES_encrypt2 fips_des_encrypt2
-#define DES_encrypt3 fips_des_encrypt3
-#define DES_ncbc_encrypt fips_des_ncbc_encrypt
-#define OPENSSL_altivec_probe fips_openssl_altivec_probe
-#define OPENSSL_atomic_add fips_openssl_atomic_add
-#define OPENSSL_cleanse FIPS_openssl_cleanse
-#define OPENSSL_cpuid_setup fips_openssl_cpuid_setup
-#define OPENSSL_ia32_cpuid fips_openssl_ia32_cpuid
-#define OPENSSL_ia32cap_P fips_openssl_ia32cap_p
-#define OPENSSL_instrument_bus fips_openssl_instrument_bus
-#define OPENSSL_instrument_bus2 fips_openssl_instrument_bus2
-#define OPENSSL_ppc64_probe fips_openssl_ppc64_probe
-#define OPENSSL_rdtsc fips_openssl_rdtsc
-#define OPENSSL_wipe_cpu fips_openssl_wipe_cpu
-#define SHA256 fips_sha256
-#define SHA512 fips_sha512
-#define aesni_ccm64_decrypt_blocks fips_aesni_ccm64_decrypt_blocks
-#define aesni_ccm64_encrypt_blocks fips_aesni_ccm64_encrypt_blocks
-#define aesni_ctr32_encrypt_blocks fips_aesni_ctr32_encrypt_blocks
-#define aesni_ecb_encrypt fips_aesni_ecb_encrypt
-#define aesni_encrypt fips_aesni_encrypt
-#define bn_add_words fips_bn_add_words
-#define bn_div_words fips_bn_div_words
-#define bn_mul_add_words fips_bn_mul_add_words
-#define bn_mul_comba4 fips_bn_mul_comba4
-#define bn_mul_comba8 fips_bn_mul_comba8
-#define bn_mul_mont fips_bn_mul_mont
-#define bn_sqr_mont fips_bn_sqr_mont
-#define bn_mul_mont_fpu64 fips_bn_mul_mont_fpu64
-#define bn_mul_mont_int fips_bn_mul_mont_int
-#define bn_mul_words fips_bn_mul_words
-#define bn_sqr_comba4 fips_bn_sqr_comba4
-#define bn_sqr_comba8 fips_bn_sqr_comba8
-#define bn_sqr_words fips_bn_sqr_words
-#define bn_sub_part_words fips_bn_sub_part_words
-#define bn_sub_words fips_bn_sub_words
-#define fcrypt_body fips_fcrypt_body
-#define gcm_ghash_4bit fips_gcm_ghash_4bit
-#define gcm_ghash_clmul fips_gcm_ghash_clmul
-#define gcm_gmult_4bit fips_gcm_gmult_4bit
-#define gcm_gmult_clmul fips_gcm_gmult_clmul
-#define gcm_init_clmul fips_gcm_init_clmul
-#define sha1_block_data_order fips_sha1_block_data_order
-#define sha256_block_data_order fips_sha256_block_data_order
-#define sha512_block_data_order fips_sha512_block_data_order
-#define gcm_gmult_4bit_mmx fips_gcm_gmult_4bit_mmx
-#define gcm_ghash_4bit_mmx fips_gcm_ghash_4bit_mmx
-#define OPENSSL_far_spin fips_openssl_far_spin
-#define OPENSSL_indirect_call fips_openssl_indirect_call
-#define OPENSSL_instrument_halt fips_openssl_instrument_halt
-#define OPENSSL_armcap fips_openssl_armcap
-#define aesni_cbc_encrypt fips_aesni_cbc_encrypt
-#define aesni_decrypt fips_aesni_decrypt
-#define aesni_set_decrypt_key fips_aesni_set_decrypt_key
-#define aesni_set_encrypt_key fips_aesni_set_encrypt_key
-#define bn_GF2m_mul_2x2 fips_bn_GF2m_mul_2x2
-#define gcm_ghash_neon fips_gcm_ghash_neon
-#define gcm_gmult_neon fips_gcm_gmult_neon
-#define aesni_xts_decrypt fips_aesni_xts_decrypt
-#define aesni_xts_encrypt fips_aesni_xts_encrypt
-#define OPENSSL_ia32_rdrand fips_openssl_ia32_rdrand
-#define OPENSSL_armcap_P fips_openssl_armcap_P
-#define _armv7_neon_probe _fips_armv7_neon_probe
-#define _armv7_tick _fips_armv7_tick
-#define _sparcv9_rdtick _fips_sparcv9_rdtick
-#define _sparcv9_vis1_probe _fips_sparcv9_vis1_probe
-#define _sparcv9_vis2_probe _fips_sparcv9_vis2_probe
-#define _sparcv9_fmadd_probe _fips_sparcv9_fmadd_probe
-#define _sparcv9_vis1_instrument _fips_sparcv9_vis1_instrument
-#define bn_mul_mont_gather5 fips_bn_mul_mont_gather5
-#define bn_scatter5 fips_bn_scatter5
-#define bn_gather5 fips_bn_gather5
-
-#if defined(_MSC_VER)
-# pragma const_seg("fipsro$b")
-# pragma const_seg()
-# define __fips_constseg __declspec(allocate("fipsro$b"))
-#else
-# define __fips_constseg
-#endif
+++ /dev/null
-#
-# OpenSSL/fips/hmac/Makefile
-#
-
-DIR= hmac
-TOP= ../..
-CC= cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR= /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG= makedepend
-MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE= Makefile
-AR= ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=fips_hmactest.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_hmac_selftest.c
-LIBOBJ= fips_hmac_selftest.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER= $(EXHEADER)
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all: lib
-
-lib: $(LIBOBJ)
- @echo $(LIBOBJ) > lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
- @headerlist="$(EXHEADER)"; for i in $$headerlist; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done
-
-tags:
- ctags $(SRC)
-
-tests:
-
-Q=../testvectors/hmac/req
-A=../testvectors/hmac/rsp
-
-fips_test:
- -rm -rf $(A)
- mkdir $(A)
- if [ -f $(Q)/HMAC.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_hmactest < $(Q)/HMAC.req > $(A)/HMAC.rsp; fi
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_hmac_selftest.o: ../../include/openssl/crypto.h
-fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_hmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_hmac_selftest.o: ../../include/openssl/hmac.h
-fips_hmac_selftest.o: ../../include/openssl/lhash.h
-fips_hmac_selftest.o: ../../include/openssl/obj_mac.h
-fips_hmac_selftest.o: ../../include/openssl/objects.h
-fips_hmac_selftest.o: ../../include/openssl/opensslconf.h
-fips_hmac_selftest.o: ../../include/openssl/opensslv.h
-fips_hmac_selftest.o: ../../include/openssl/ossl_typ.h
-fips_hmac_selftest.o: ../../include/openssl/safestack.h
-fips_hmac_selftest.o: ../../include/openssl/stack.h
-fips_hmac_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
-fips_hmac_selftest.o: fips_hmac_selftest.c
-fips_hmactest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_hmactest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_hmactest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_hmactest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-fips_hmactest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_hmactest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
-fips_hmactest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-fips_hmactest.o: ../../include/openssl/objects.h
-fips_hmactest.o: ../../include/openssl/opensslconf.h
-fips_hmactest.o: ../../include/openssl/opensslv.h
-fips_hmactest.o: ../../include/openssl/ossl_typ.h
-fips_hmactest.o: ../../include/openssl/safestack.h
-fips_hmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_hmactest.o: ../fips_utl.h fips_hmactest.c
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/hmac.h>
-#include "fips_locl.h"
-
-#ifdef OPENSSL_FIPS
-typedef struct {
- int nid;
- const unsigned char kaval[EVP_MAX_MD_SIZE];
-} HMAC_KAT;
-
-/* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */
-/* "0123456789:;<=>?@ABC" */
-__fips_constseg
-static const unsigned char hmac_kat_key[] = {
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a,
- 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43
- };
-/* "Sample #2" */
-__fips_constseg
-static const unsigned char hmac_kat_data[] = {
- 0x53, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x20, 0x23, 0x32
- };
-
-__fips_constseg
-static const HMAC_KAT vector[] = {
- { NID_sha1,
- { 0x09,0x22,0xd3,0x40,0x5f,0xaa,0x3d,0x19,
- 0x4f,0x82,0xa4,0x58,0x30,0x73,0x7d,0x5c,
- 0xc6,0xc7,0x5d,0x24 }
- },
- { NID_sha224,
- { 0xdd,0xef,0x0a,0x40,0xcb,0x7d,0x50,0xfb,
- 0x6e,0xe6,0xce,0xa1,0x20,0xba,0x26,0xaa,
- 0x08,0xf3,0x07,0x75,0x87,0xb8,0xad,0x1b,
- 0x8c,0x8d,0x12,0xc7 }
- },
- { NID_sha256,
- { 0xb8,0xf2,0x0d,0xb5,0x41,0xea,0x43,0x09,
- 0xca,0x4e,0xa9,0x38,0x0c,0xd0,0xe8,0x34,
- 0xf7,0x1f,0xbe,0x91,0x74,0xa2,0x61,0x38,
- 0x0d,0xc1,0x7e,0xae,0x6a,0x34,0x51,0xd9 }
- },
- { NID_sha384,
- { 0x08,0xbc,0xb0,0xda,0x49,0x1e,0x87,0xad,
- 0x9a,0x1d,0x6a,0xce,0x23,0xc5,0x0b,0xf6,
- 0xb7,0x18,0x06,0xa5,0x77,0xcd,0x49,0x04,
- 0x89,0xf1,0xe6,0x23,0x44,0x51,0x51,0x9f,
- 0x85,0x56,0x80,0x79,0x0c,0xbd,0x4d,0x50,
- 0xa4,0x5f,0x29,0xe3,0x93,0xf0,0xe8,0x7f }
- },
- { NID_sha512,
- { 0x80,0x9d,0x44,0x05,0x7c,0x5b,0x95,0x41,
- 0x05,0xbd,0x04,0x13,0x16,0xdb,0x0f,0xac,
- 0x44,0xd5,0xa4,0xd5,0xd0,0x89,0x2b,0xd0,
- 0x4e,0x86,0x64,0x12,0xc0,0x90,0x77,0x68,
- 0xf1,0x87,0xb7,0x7c,0x4f,0xae,0x2c,0x2f,
- 0x21,0xa5,0xb5,0x65,0x9a,0x4f,0x4b,0xa7,
- 0x47,0x02,0xa3,0xde,0x9b,0x51,0xf1,0x45,
- 0xbd,0x4f,0x25,0x27,0x42,0x98,0x99,0x05 }
- },
-};
-
-int FIPS_selftest_hmac()
- {
- size_t n;
- unsigned int outlen;
- unsigned char out[EVP_MAX_MD_SIZE];
- const EVP_MD *md;
- const HMAC_KAT *t;
- int rv = 1, subid = -1;
- HMAC_CTX c;
- HMAC_CTX_init(&c);
-
-
- for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
- {
- md = FIPS_get_digestbynid(t->nid);
- if (!md)
- {
- rv = -1;
- goto err;
- }
- subid = M_EVP_MD_type(md);
- if (!fips_post_started(FIPS_TEST_HMAC, subid, 0))
- continue;
- if (!HMAC_Init_ex(&c, hmac_kat_key, sizeof(hmac_kat_key),
- md, NULL))
- {
- rv = -1;
- goto err;
- }
- if (!HMAC_Update(&c, hmac_kat_data, sizeof(hmac_kat_data)))
- {
- rv = -1;
- goto err;
- }
- if (!fips_post_corrupt(FIPS_TEST_HMAC, subid, NULL))
- {
- if (!HMAC_Update(&c, hmac_kat_data, 1))
- {
- rv = -1;
- goto err;
- }
- }
- if (!HMAC_Final(&c, out, &outlen))
- {
- rv = -1;
- goto err;
- }
-
- if(memcmp(out,t->kaval,outlen))
- {
- fips_post_failed(FIPS_TEST_HMAC, subid, NULL);
- rv = 0;
- }
- else if (!fips_post_success(FIPS_TEST_HMAC, subid, NULL))
- goto err;
- }
-
- err:
- HMAC_CTX_cleanup(&c);
- if (rv == -1)
- {
- fips_post_failed(FIPS_TEST_HMAC, subid, NULL);
- rv = 0;
- }
- if (!rv)
- FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
- return rv;
- }
-#endif
+++ /dev/null
-/* fips_hmactest.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
- printf("No FIPS HMAC support\n");
- return(0);
-}
-
-#else
-
-#include <openssl/fips.h>
-#include "fips_utl.h"
-
-static int hmac_test(const EVP_MD *md, FILE *out, FILE *in);
-static int print_hmac(const EVP_MD *md, FILE *out,
- unsigned char *Key, int Klen,
- unsigned char *Msg, int Msglen, int Tlen);
-
-#ifdef FIPS_ALGVS
-int fips_hmactest_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
- {
- FILE *in = NULL, *out = NULL;
-
- int ret = 1;
- fips_algtest_init();
-
- if (argc == 1)
- in = stdin;
- else
- in = fopen(argv[1], "r");
-
- if (argc < 2)
- out = stdout;
- else
- out = fopen(argv[2], "w");
-
- if (!in)
- {
- fprintf(stderr, "FATAL input initialization error\n");
- goto end;
- }
-
- if (!out)
- {
- fprintf(stderr, "FATAL output initialization error\n");
- goto end;
- }
-
- if (!hmac_test(EVP_sha1(), out, in))
- {
- fprintf(stderr, "FATAL hmac file processing error\n");
- goto end;
- }
- else
- ret = 0;
-
- end:
-
- if (in && (in != stdin))
- fclose(in);
- if (out && (out != stdout))
- fclose(out);
-
- return ret;
-
- }
-
-#define HMAC_TEST_MAXLINELEN 1024
-
-int hmac_test(const EVP_MD *md, FILE *out, FILE *in)
- {
- char *linebuf, *olinebuf, *p, *q;
- char *keyword, *value;
- unsigned char *Key = NULL, *Msg = NULL;
- int Count, Klen, Tlen;
- long Keylen, Msglen;
- int ret = 0;
- int lnum = 0;
-
- olinebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN);
- linebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN);
-
- if (!linebuf || !olinebuf)
- goto error;
-
- Count = -1;
- Klen = -1;
- Tlen = -1;
-
- while (fgets(olinebuf, HMAC_TEST_MAXLINELEN, in))
- {
- lnum++;
- strcpy(linebuf, olinebuf);
- keyword = linebuf;
- /* Skip leading space */
- while (isspace((unsigned char)*keyword))
- keyword++;
-
- /* Look for = sign */
- p = strchr(linebuf, '=');
-
- /* If no = or starts with [ (for [L=20] line) just copy */
- if (!p)
- {
- if (fputs(olinebuf, out) < 0)
- goto error;
- continue;
- }
-
- q = p - 1;
-
- /* Remove trailing space */
- while (isspace((unsigned char)*q))
- *q-- = 0;
-
- *p = 0;
- value = p + 1;
-
- /* Remove leading space from value */
- while (isspace((unsigned char)*value))
- value++;
-
- /* Remove trailing space from value */
- p = value + strlen(value) - 1;
-
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
-
- if (!strcmp(keyword,"[L") && *p==']')
- {
- switch (atoi(value))
- {
- case 20: md=EVP_sha1(); break;
- case 28: md=EVP_sha224(); break;
- case 32: md=EVP_sha256(); break;
- case 48: md=EVP_sha384(); break;
- case 64: md=EVP_sha512(); break;
- default: goto parse_error;
- }
- }
- else if (!strcmp(keyword, "Count"))
- {
- if (Count != -1)
- goto parse_error;
- Count = atoi(value);
- if (Count < 0)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Klen"))
- {
- if (Klen != -1)
- goto parse_error;
- Klen = atoi(value);
- if (Klen < 0)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Tlen"))
- {
- if (Tlen != -1)
- goto parse_error;
- Tlen = atoi(value);
- if (Tlen < 0)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Msg"))
- {
- if (Msg)
- goto parse_error;
- Msg = hex2bin_m(value, &Msglen);
- if (!Msg)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Key"))
- {
- if (Key)
- goto parse_error;
- Key = hex2bin_m(value, &Keylen);
- if (!Key)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Mac"))
- continue;
- else
- goto parse_error;
-
- fputs(olinebuf, out);
-
- if (Key && Msg && (Tlen > 0) && (Klen > 0))
- {
- if (!print_hmac(md, out, Key, Klen, Msg, Msglen, Tlen))
- goto error;
- OPENSSL_free(Key);
- Key = NULL;
- OPENSSL_free(Msg);
- Msg = NULL;
- Klen = -1;
- Tlen = -1;
- Count = -1;
- }
-
- }
-
-
- ret = 1;
-
-
- error:
-
- if (olinebuf)
- OPENSSL_free(olinebuf);
- if (linebuf)
- OPENSSL_free(linebuf);
- if (Key)
- OPENSSL_free(Key);
- if (Msg)
- OPENSSL_free(Msg);
-
- return ret;
-
- parse_error:
-
- fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
-
- goto error;
-
- }
-
-static int print_hmac(const EVP_MD *emd, FILE *out,
- unsigned char *Key, int Klen,
- unsigned char *Msg, int Msglen, int Tlen)
- {
- int i, mdlen;
- unsigned char md[EVP_MAX_MD_SIZE];
- if (!HMAC(emd, Key, Klen, Msg, Msglen, md,
- (unsigned int *)&mdlen))
- {
- fputs("Error calculating HMAC\n", stderr);
- return 0;
- }
- if (Tlen > mdlen)
- {
- fputs("Parameter error, Tlen > HMAC length\n", stderr);
- return 0;
- }
- fputs("Mac = ", out);
- for (i = 0; i < Tlen; i++)
- fprintf(out, "%02x", md[i]);
- fputs(RESP_EOL, out);
- return 1;
- }
-
-#endif
+++ /dev/null
-#!/usr/local/bin/perl -w
-# Quick & dirty utility to generate a script for executing the
-# FIPS 140-2 CMVP algorithm tests based on the pathnames of
-# input algorithm test files actually present (the unqualified
-# file names are consistent but the pathnames are not).
-#
-
-# List of all the unqualified file names we expect.
-my %fips_tests = (
-
-# FIPS test definitions
-
-# DSA tests
-
-"PQGGen" => "fips_dssvs pqg",
-"KeyPair" => "fips_dssvs keypair",
-"SigGen" => "fips_dssvs siggen",
-"SigVer" => "fips_dssvs sigver",
-
-# SHA tests
-
-"SHA1LongMsg" => "fips_shatest",
-"SHA1Monte" => "fips_shatest",
-"SHA1ShortMsg" => "fips_shatest",
-"SHA224LongMsg" => "fips_shatest",
-"SHA224Monte" => "fips_shatest",
-"SHA224ShortMsg" => "fips_shatest",
-"SHA256LongMsg" => "fips_shatest",
-"SHA256Monte" => "fips_shatest",
-"SHA256ShortMsg" => "fips_shatest",
-"SHA384LongMsg" => "fips_shatest",
-"SHA384Monte" => "fips_shatest",
-"SHA384ShortMsg" => "fips_shatest",
-"SHA512LongMsg" => "fips_shatest",
-"SHA512Monte" => "fips_shatest",
-"SHA512ShortMsg" => "fips_shatest",
-
-# HMAC
-
-"HMAC" => "fips_hmactest",
-
-# RAND tests
-
-"ANSI931_AES128MCT" => "fips_rngvs mct",
-"ANSI931_AES192MCT" => "fips_rngvs mct",
-"ANSI931_AES256MCT" => "fips_rngvs mct",
-"ANSI931_AES128VST" => "fips_rngvs vst",
-"ANSI931_AES192VST" => "fips_rngvs vst",
-"ANSI931_AES256VST" => "fips_rngvs vst",
-
-# RSA tests
-
-"SigGen15" => "fips_rsastest",
-"SigVer15" => "fips_rsavtest",
-"SigGenPSS" => "fips_rsastest -saltlen SALT",
-"SigVerPSS" => "fips_rsavtest -saltlen SALT",
-"SigGenRSA" => "fips_rsastest -x931",
-"SigVerRSA" => "fips_rsavtest -x931",
-"KeyGenRSA" => "fips_rsagtest",
-
-# AES tests
-
-"CBCGFSbox128" => "fips_aesavs -f",
-"CBCGFSbox192" => "fips_aesavs -f",
-"CBCGFSbox256" => "fips_aesavs -f",
-"CBCKeySbox128" => "fips_aesavs -f",
-"CBCKeySbox192" => "fips_aesavs -f",
-"CBCKeySbox256" => "fips_aesavs -f",
-"CBCMCT128" => "fips_aesavs -f",
-"CBCMCT192" => "fips_aesavs -f",
-"CBCMCT256" => "fips_aesavs -f",
-"CBCMMT128" => "fips_aesavs -f",
-"CBCMMT192" => "fips_aesavs -f",
-"CBCMMT256" => "fips_aesavs -f",
-"CBCVarKey128" => "fips_aesavs -f",
-"CBCVarKey192" => "fips_aesavs -f",
-"CBCVarKey256" => "fips_aesavs -f",
-"CBCVarTxt128" => "fips_aesavs -f",
-"CBCVarTxt192" => "fips_aesavs -f",
-"CBCVarTxt256" => "fips_aesavs -f",
-"CFB128GFSbox128" => "fips_aesavs -f",
-"CFB128GFSbox192" => "fips_aesavs -f",
-"CFB128GFSbox256" => "fips_aesavs -f",
-"CFB128KeySbox128" => "fips_aesavs -f",
-"CFB128KeySbox192" => "fips_aesavs -f",
-"CFB128KeySbox256" => "fips_aesavs -f",
-"CFB128MCT128" => "fips_aesavs -f",
-"CFB128MCT192" => "fips_aesavs -f",
-"CFB128MCT256" => "fips_aesavs -f",
-"CFB128MMT128" => "fips_aesavs -f",
-"CFB128MMT192" => "fips_aesavs -f",
-"CFB128MMT256" => "fips_aesavs -f",
-"CFB128VarKey128" => "fips_aesavs -f",
-"CFB128VarKey192" => "fips_aesavs -f",
-"CFB128VarKey256" => "fips_aesavs -f",
-"CFB128VarTxt128" => "fips_aesavs -f",
-"CFB128VarTxt192" => "fips_aesavs -f",
-"CFB128VarTxt256" => "fips_aesavs -f",
-"CFB8GFSbox128" => "fips_aesavs -f",
-"CFB8GFSbox192" => "fips_aesavs -f",
-"CFB8GFSbox256" => "fips_aesavs -f",
-"CFB8KeySbox128" => "fips_aesavs -f",
-"CFB8KeySbox192" => "fips_aesavs -f",
-"CFB8KeySbox256" => "fips_aesavs -f",
-"CFB8MCT128" => "fips_aesavs -f",
-"CFB8MCT192" => "fips_aesavs -f",
-"CFB8MCT256" => "fips_aesavs -f",
-"CFB8MMT128" => "fips_aesavs -f",
-"CFB8MMT192" => "fips_aesavs -f",
-"CFB8MMT256" => "fips_aesavs -f",
-"CFB8VarKey128" => "fips_aesavs -f",
-"CFB8VarKey192" => "fips_aesavs -f",
-"CFB8VarKey256" => "fips_aesavs -f",
-"CFB8VarTxt128" => "fips_aesavs -f",
-"CFB8VarTxt192" => "fips_aesavs -f",
-"CFB8VarTxt256" => "fips_aesavs -f",
-#"CFB1GFSbox128" => "fips_aesavs -f",
-#"CFB1GFSbox192" => "fips_aesavs -f",
-#"CFB1GFSbox256" => "fips_aesavs -f",
-#"CFB1KeySbox128" => "fips_aesavs -f",
-#"CFB1KeySbox192" => "fips_aesavs -f",
-#"CFB1KeySbox256" => "fips_aesavs -f",
-#"CFB1MCT128" => "fips_aesavs -f",
-#"CFB1MCT192" => "fips_aesavs -f",
-#"CFB1MCT256" => "fips_aesavs -f",
-#"CFB1MMT128" => "fips_aesavs -f",
-#"CFB1MMT192" => "fips_aesavs -f",
-#"CFB1MMT256" => "fips_aesavs -f",
-#"CFB1VarKey128" => "fips_aesavs -f",
-#"CFB1VarKey192" => "fips_aesavs -f",
-#"CFB1VarKey256" => "fips_aesavs -f",
-#"CFB1VarTxt128" => "fips_aesavs -f",
-#"CFB1VarTxt192" => "fips_aesavs -f",
-#"CFB1VarTxt256" => "fips_aesavs -f",
-"ECBGFSbox128" => "fips_aesavs -f",
-"ECBGFSbox192" => "fips_aesavs -f",
-"ECBGFSbox256" => "fips_aesavs -f",
-"ECBKeySbox128" => "fips_aesavs -f",
-"ECBKeySbox192" => "fips_aesavs -f",
-"ECBKeySbox256" => "fips_aesavs -f",
-"ECBMCT128" => "fips_aesavs -f",
-"ECBMCT192" => "fips_aesavs -f",
-"ECBMCT256" => "fips_aesavs -f",
-"ECBMMT128" => "fips_aesavs -f",
-"ECBMMT192" => "fips_aesavs -f",
-"ECBMMT256" => "fips_aesavs -f",
-"ECBVarKey128" => "fips_aesavs -f",
-"ECBVarKey192" => "fips_aesavs -f",
-"ECBVarKey256" => "fips_aesavs -f",
-"ECBVarTxt128" => "fips_aesavs -f",
-"ECBVarTxt192" => "fips_aesavs -f",
-"ECBVarTxt256" => "fips_aesavs -f",
-"OFBGFSbox128" => "fips_aesavs -f",
-"OFBGFSbox192" => "fips_aesavs -f",
-"OFBGFSbox256" => "fips_aesavs -f",
-"OFBKeySbox128" => "fips_aesavs -f",
-"OFBKeySbox192" => "fips_aesavs -f",
-"OFBKeySbox256" => "fips_aesavs -f",
-"OFBMCT128" => "fips_aesavs -f",
-"OFBMCT192" => "fips_aesavs -f",
-"OFBMCT256" => "fips_aesavs -f",
-"OFBMMT128" => "fips_aesavs -f",
-"OFBMMT192" => "fips_aesavs -f",
-"OFBMMT256" => "fips_aesavs -f",
-"OFBVarKey128" => "fips_aesavs -f",
-"OFBVarKey192" => "fips_aesavs -f",
-"OFBVarKey256" => "fips_aesavs -f",
-"OFBVarTxt128" => "fips_aesavs -f",
-"OFBVarTxt192" => "fips_aesavs -f",
-"OFBVarTxt256" => "fips_aesavs -f",
-
-# Triple DES tests
-
-"TCBCinvperm" => "fips_desmovs -f",
-"TCBCMMT1" => "fips_desmovs -f",
-"TCBCMMT2" => "fips_desmovs -f",
-"TCBCMMT3" => "fips_desmovs -f",
-"TCBCMonte1" => "fips_desmovs -f",
-"TCBCMonte2" => "fips_desmovs -f",
-"TCBCMonte3" => "fips_desmovs -f",
-"TCBCpermop" => "fips_desmovs -f",
-"TCBCsubtab" => "fips_desmovs -f",
-"TCBCvarkey" => "fips_desmovs -f",
-"TCBCvartext" => "fips_desmovs -f",
-"TCFB64invperm" => "fips_desmovs -f",
-"TCFB64MMT1" => "fips_desmovs -f",
-"TCFB64MMT2" => "fips_desmovs -f",
-"TCFB64MMT3" => "fips_desmovs -f",
-"TCFB64Monte1" => "fips_desmovs -f",
-"TCFB64Monte2" => "fips_desmovs -f",
-"TCFB64Monte3" => "fips_desmovs -f",
-"TCFB64permop" => "fips_desmovs -f",
-"TCFB64subtab" => "fips_desmovs -f",
-"TCFB64varkey" => "fips_desmovs -f",
-"TCFB64vartext" => "fips_desmovs -f",
-"TCFB8invperm" => "fips_desmovs -f",
-"TCFB8MMT1" => "fips_desmovs -f",
-"TCFB8MMT2" => "fips_desmovs -f",
-"TCFB8MMT3" => "fips_desmovs -f",
-"TCFB8Monte1" => "fips_desmovs -f",
-"TCFB8Monte2" => "fips_desmovs -f",
-"TCFB8Monte3" => "fips_desmovs -f",
-"TCFB8permop" => "fips_desmovs -f",
-"TCFB8subtab" => "fips_desmovs -f",
-"TCFB8varkey" => "fips_desmovs -f",
-"TCFB8vartext" => "fips_desmovs -f",
-"TECBinvperm" => "fips_desmovs -f",
-"TECBMMT1" => "fips_desmovs -f",
-"TECBMMT2" => "fips_desmovs -f",
-"TECBMMT3" => "fips_desmovs -f",
-"TECBMonte1" => "fips_desmovs -f",
-"TECBMonte2" => "fips_desmovs -f",
-"TECBMonte3" => "fips_desmovs -f",
-"TECBpermop" => "fips_desmovs -f",
-"TECBsubtab" => "fips_desmovs -f",
-"TECBvarkey" => "fips_desmovs -f",
-"TECBvartext" => "fips_desmovs -f",
-"TOFBinvperm" => "fips_desmovs -f",
-"TOFBMMT1" => "fips_desmovs -f",
-"TOFBMMT2" => "fips_desmovs -f",
-"TOFBMMT3" => "fips_desmovs -f",
-"TOFBMonte1" => "fips_desmovs -f",
-"TOFBMonte2" => "fips_desmovs -f",
-"TOFBMonte3" => "fips_desmovs -f",
-"TOFBpermop" => "fips_desmovs -f",
-"TOFBsubtab" => "fips_desmovs -f",
-"TOFBvarkey" => "fips_desmovs -f",
-"TOFBvartext" => "fips_desmovs -f",
-"TCBCinvperm" => "fips_desmovs -f",
-"TCBCMMT1" => "fips_desmovs -f",
-"TCBCMMT2" => "fips_desmovs -f",
-"TCBCMMT3" => "fips_desmovs -f",
-"TCBCMonte1" => "fips_desmovs -f",
-"TCBCMonte2" => "fips_desmovs -f",
-"TCBCMonte3" => "fips_desmovs -f",
-"TCBCpermop" => "fips_desmovs -f",
-"TCBCsubtab" => "fips_desmovs -f",
-"TCBCvarkey" => "fips_desmovs -f",
-"TCBCvartext" => "fips_desmovs -f",
-"TCFB64invperm" => "fips_desmovs -f",
-"TCFB64MMT1" => "fips_desmovs -f",
-"TCFB64MMT2" => "fips_desmovs -f",
-"TCFB64MMT3" => "fips_desmovs -f",
-"TCFB64Monte1" => "fips_desmovs -f",
-"TCFB64Monte2" => "fips_desmovs -f",
-"TCFB64Monte3" => "fips_desmovs -f",
-"TCFB64permop" => "fips_desmovs -f",
-"TCFB64subtab" => "fips_desmovs -f",
-"TCFB64varkey" => "fips_desmovs -f",
-"TCFB64vartext" => "fips_desmovs -f",
-"TCFB8invperm" => "fips_desmovs -f",
-"TCFB8MMT1" => "fips_desmovs -f",
-"TCFB8MMT2" => "fips_desmovs -f",
-"TCFB8MMT3" => "fips_desmovs -f",
-"TCFB8Monte1" => "fips_desmovs -f",
-"TCFB8Monte2" => "fips_desmovs -f",
-"TCFB8Monte3" => "fips_desmovs -f",
-"TCFB8permop" => "fips_desmovs -f",
-"TCFB8subtab" => "fips_desmovs -f",
-"TCFB8varkey" => "fips_desmovs -f",
-"TCFB8vartext" => "fips_desmovs -f",
-"TECBinvperm" => "fips_desmovs -f",
-"TECBMMT1" => "fips_desmovs -f",
-"TECBMMT2" => "fips_desmovs -f",
-"TECBMMT3" => "fips_desmovs -f",
-"TECBMonte1" => "fips_desmovs -f",
-"TECBMonte2" => "fips_desmovs -f",
-"TECBMonte3" => "fips_desmovs -f",
-"TECBpermop" => "fips_desmovs -f",
-"TECBsubtab" => "fips_desmovs -f",
-"TECBvarkey" => "fips_desmovs -f",
-"TECBvartext" => "fips_desmovs -f",
-"TOFBinvperm" => "fips_desmovs -f",
-"TOFBMMT1" => "fips_desmovs -f",
-"TOFBMMT2" => "fips_desmovs -f",
-"TOFBMMT3" => "fips_desmovs -f",
-"TOFBMonte1" => "fips_desmovs -f",
-"TOFBMonte2" => "fips_desmovs -f",
-"TOFBMonte3" => "fips_desmovs -f",
-"TOFBpermop" => "fips_desmovs -f",
-"TOFBsubtab" => "fips_desmovs -f",
-"TOFBvarkey" => "fips_desmovs -f",
-"TOFBvartext" => "fips_desmovs -f"
-
-);
-my %salt_names = (
-"SigVerPSS (salt 0)" => "SigVerPSS",
-"SigVerPSS (salt 62)" => "SigVerPSS",
-"SigGenPSS (salt 0)" => "SigGenPSS",
-"SigGenPSS (salt 62)" => "SigGenPSS",
-);
-
-
-my $win32 = $^O =~ m/mswin/i;
-my $onedir = 0;
-my $filter = "";
-my $tvdir;
-my $tprefix;
-my $shwrap_prefix;
-my $shwrap;
-my $rmcmd = "rm -rf";
-my $mkcmd = "mkdir";
-my $debug = 0;
-my $quiet = 0;
-my $rspdir = "rsp";
-my $rspignore = 0;
-my @bogus = (); # list of unmatched *.rsp files
-my $bufout = '';
-my $bufdir = '';
-my %_programs = (); # list of external programs to check
-
-foreach (@ARGV)
- {
- if ($_ eq "--win32")
- {
- $win32 = 1;
- }
- elsif ($_ eq "--onedir")
- {
- $onedir = 1;
- }
- elsif ($_ eq "--debug")
- {
- $debug = 1;
- }
- elsif ($_ eq "--quiet")
- {
- $quiet = 1;
- }
- elsif (/--dir=(.*)$/)
- {
- $tvdir = $1;
- }
- elsif (/--rspdir=(.*)$/)
- {
- $rspdir = $1;
- }
- elsif (/--noshwrap$/)
- {
- $shwrap = "";
- }
- elsif (/--rspignore$/)
- {
- $rspignore = 1;
- }
- elsif (/--tprefix=(.*)$/)
- {
- $tprefix = $1;
- }
- elsif (/--shwrap_prefix=(.*)$/)
- {
- $shwrap_prefix = $1;
- }
- elsif (/--filter=(.*)$/)
- {
- $filter = $1;
- }
- elsif (/--mkdir=(.*)$/)
- {
- $mkcmd = $1;
- }
- elsif (/--rm=(.*)$/)
- {
- $rmcmd = $1;
- }
- elsif (/--outfile=(.*)$/)
- {
- $outfile = $1;
- }
- else
- {
- &Help();
- exit(1);
- }
- }
-
-$tvdir = "." unless defined $tvdir;
-
-if ($win32)
- {
- if (!defined $tprefix)
- {
- if ($onedir)
- {
- $tprefix = ".\\";
- }
- else
- {
- $tprefix = "..\\out32dll\\";
- }
- }
-
- $bufinit .= <<END;
-\@echo off
-rem Test vector run script
-rem Auto generated by mkfipsscr.pl script
-rem Do not edit
-
-END
-
- }
-else
- {
- if ($onedir)
- {
- $tprefix = "./" unless defined $tprefix;
- $shwrap_prefix = "./" unless defined $shwrap_prefix;
- }
- else
- {
- $tprefix = "../test/" unless defined $tprefix;
- $shwrap_prefix = "../util/" unless defined $shwrap_prefix;
- }
-
- $shwrap = "${shwrap_prefix}shlib_wrap.sh " unless defined $shwrap;
-
- $bufinit .= <<END;
-#!/bin/sh
-
-# Test vector run script
-# Auto generated by mkfipsscr.pl script
-# Do not edit
-
-RM="$rmcmd"
-MKDIR="$mkcmd"
-TPREFIX=$tprefix
-END
-
- }
-my %fips_found;
-foreach (keys %fips_tests)
- {
- $fips_found{$_} = 0;
- }
-my %saltPSS;
-for (keys %salt_names)
- {
- $salt_found{$_} = 0;
- }
-
-recurse_test($win32, $tprefix, $filter, $tvdir);
-
-while (($key, $value) = each %salt_found)
- {
- &countentry($key, $value);
- delete $fips_found{$salt_names{$key}};
- }
-while (($key, $value) = each %fips_found)
- {
- &countentry($key, $value);
- }
-
-# If no fatal errors write out the script file
- $outfile = "fipstests.sh" unless defined $outfile;
- open(OUT, ">$outfile") || die "Error opening $outfile: $!";
- print OUT $bufinit;
- if (!$rspignore && @bogus)
- {
- print STDERR "ERROR: please remove bogus *.rsp files\n";
- print OUT <<EOF;
-echo $outfile generation failed due to presence of bogus *.rsp files
-EOF
- }
- else
- {
- print OUT $bufout;
- }
- close OUT;
-
-# Check for external programs
- for (keys %_programs)
- {
- s/ .*$//;
- -x $_ || print STDERR "WARNING: program $_ not found\n";
- }
-
-#--------------------------------
-sub Help {
-(my $cmd) = ($0 =~ m#([^/]+)$#);
- print <<EOF;
-$cmd: generate script for CMVP algorithm tests
- --debug Enable debug output
- --dir=<dirname> Optional root for *.req file search
- --filter=<regexp>
- --onedir <dirname> Assume all components in current directory
- --outfile=<filename> Optional name of output script, default fipstests.{sh|bat}
- --rspdir=<dirname> Name of subdirectories containing *.rsp files, default "resp"
- --rspignore Ignore any bogus *.rsp files
- --shwrap_prefix=<prefix>
- --tprefix=<prefix>
- --quiet Shhh....
- --win32 Generate script for Win32 environment
-EOF
-}
-
-#--------------------------------
-sub countentry {
- my ($key,$value) = @_;
- if ($value == 0)
- {
- print STDERR "WARNING: test file $key not found\n" unless $quiet;
- }
- elsif ($value > 1)
- {
- print STDERR "WARNING: test file $key found $value times\n" unless $quiet;
- }
- else
- {
- print STDERR "Found test file $key\n" if $debug;
- }
- }
-
-#--------------------------------
-sub recurse_test
- {
- my ($win32, $tprefix, $filter, $dir) = @_;
- my $dirh;
- opendir($dirh, $dir);
- while ($_ = readdir($dirh))
- {
- next if ($_ eq "." || $_ eq "..");
- $_ = "$dir/$_";
- if (-f "$_")
- {
- if (/\/([^\/]*)\.rsp$/)
- {
- if (exists $fips_tests{$1})
- {
- $debug && print "DEBUG: $1 found, will be overwritten\n";
- }
- else
- {
- print STDERR "ERROR: bogus file $_\n";
- push @bogus, $_;
- }
- }
- next unless /$filter.*\.req$/i;
- if (/\/([^\/]*)\.req$/ && exists $fips_tests{$1})
- {
- $fips_found{$1}++;
- test_line($win32, $_, $tprefix, $1);
- }
- elsif (! /SHAmix\.req$/)
- {
- print STDERR "WARNING: unrecognized filename $_\n";
- }
- }
- elsif (-d "$_")
- {
- if (/$filter.*req$/i)
- {
- test_dir($win32, $_);
- }
- recurse_test($win32, $tprefix, $filter, $_);
- }
- }
- closedir($dirh);
- }
-
-#--------------------------------
-sub test_dir
- {
- my ($win32, $req) = @_;
- my $rsp = $req;
- $rsp =~ s/req$/$rspdir/;
- if ($win32)
- {
- $rsp =~ tr|/|\\|;
- $req =~ tr|/|\\|;
- $bufdir = <<END;
-
-echo Running tests in $req
-if exist "$rsp" rd /s /q "$rsp"
-md "$rsp"
-END
- }
- else
- {
- $bufdir = <<END;
-
-echo Running tests in "$req"
-\$RM "$rsp"
-\$MKDIR "$rsp"
-
-END
- }
- }
-
-#--------------------------------
-sub test_line
- {
- my ($win32, $req, $tprefix, $tnam) = @_;
- my $rsp = $req;
- my $tcmd = $fips_tests{$tnam};
-
- $bufout .= $bufdir;
- $bufdir = "";
-
- $rsp =~ s/req\/([^\/]*).req$/$rspdir\/$1.rsp/;
- if ($tcmd =~ /-f$/)
- {
- if ($win32)
- {
- $req =~ tr|/|\\|;
- $rsp =~ tr|/|\\|;
- $bufout .= "$tprefix$tcmd \"$req\" \"$rsp\"\n";
- $_programs{"$tprefix$tcmd.exe"} = 1;
- }
- else
- {
- $bufout .= <<END;
-${shwrap}\${TPREFIX}$tcmd "$req" "$rsp" || { echo "$req failure" ; exit 1
-}
-END
- $_programs{"${shwrap_prefix}shlib_wrap.sh"} = 1;
- $_programs{"$tprefix$tcmd"} = 1;
- }
- return;
- }
- if ($tcmd =~ /SALT$/)
- {
- open (IN, $req) || die "Can't Open File $req";
- my $saltlen;
- while (<IN>)
- {
- if (/^\s*#\s*salt\s+len:\s+(\d+)\s*$/i)
- {
- my $sl = $1;
- print STDERR "$req salt length $sl\n" if $debug;
- $tcmd =~ s/SALT$/$sl/;
- $salt_found{"$tnam (salt $sl)"}++;
- last;
- }
- }
- close IN;
- if ($tcmd =~ /SALT$/)
- {
- die "Can't detect salt length for $req";
- }
- }
-
- if ($win32)
- {
- $req =~ tr|/|\\|;
- $rsp =~ tr|/|\\|;
- $bufout .= "$tprefix$tcmd < \"$req\" > \"$rsp\"\n";
- $_programs{"$tprefix$tcmd.exe"} = 1;
- }
- else
- {
- $bufout .= <<END;
-${shwrap}\${TPREFIX}$tcmd < "$req" > "$rsp" || { echo "$req failure" ; exit 1; }
-END
- $_programs{"$tprefix$tcmd"} = 1;
- }
- }
-
+++ /dev/null
-#
-# OpenSSL/fips/rand/Makefile
-#
-
-DIR= rand
-TOP= ../..
-CC= cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR= /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG= makedepend
-MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE= Makefile
-AR= ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST= fips_randtest.c fips_rngvs.c fips_drbgvs.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_rand.c fips_rand_selftest.c fips_drbg_lib.c \
- fips_drbg_hash.c fips_drbg_hmac.c fips_drbg_ctr.c fips_drbg_ec.c \
- fips_drbg_selftest.c fips_drbg_rand.c fips_rand_lib.c
-LIBOBJ= fips_rand.o fips_rand_selftest.o fips_drbg_lib.o \
- fips_drbg_hash.o fips_drbg_hmac.o fips_drbg_ctr.o fips_drbg_ec.o \
- fips_drbg_selftest.o fips_drbg_rand.o fips_rand_lib.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= fips_rand.h
-HEADER= $(EXHEADER) fips_rand_lcl.h fips_drbg_selftest.h
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd $(TOP); $(MAKE) DIRS=fips SDIRS=$(DIR) sub_all)
-
-all: lib
-
-lib: $(LIBOBJ)
- @echo $(LIBOBJ) > lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
- @headerlist="$(EXHEADER)"; for i in $$headerlist; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done
-
-tags:
- ctags $(SRC)
-
-tests:
-
-Q=../testvectors/rng/req
-A=../testvectors/rng/rsp
-
-fips_test:
- -rm -rf $(A)
- mkdir $(A)
- if [ -f $(Q)/ANSI931_AES128MCT.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs mct < $(Q)/ANSI931_AES128MCT.req > $(A)/ANSI931_AES128MCT.rsp; fi
- if [ -f $(Q)/ANSI931_AES192MCT.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs mct < $(Q)/ANSI931_AES192MCT.req > $(A)/ANSI931_AES192MCT.rsp; fi
- if [ -f $(Q)/ANSI931_AES256MCT.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs mct < $(Q)/ANSI931_AES256MCT.req > $(A)/ANSI931_AES256MCT.rsp; fi
- if [ -f $(Q)/ANSI931_AES128VST.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs vst < $(Q)/ANSI931_AES128VST.req > $(A)/ANSI931_AES128VST.rsp; fi
- if [ -f $(Q)/ANSI931_AES192VST.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs vst < $(Q)/ANSI931_AES192VST.req > $(A)/ANSI931_AES192VST.rsp; fi
- if [ -f $(Q)/ANSI931_AES256VST.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs vst < $(Q)/ANSI931_AES256VST.req > $(A)/ANSI931_AES256VST.rsp; fi
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_drbg_ctr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_drbg_ctr.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-fips_drbg_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_drbg_ctr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_drbg_ctr.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
-fips_drbg_ctr.o: ../../include/openssl/obj_mac.h
-fips_drbg_ctr.o: ../../include/openssl/objects.h
-fips_drbg_ctr.o: ../../include/openssl/opensslconf.h
-fips_drbg_ctr.o: ../../include/openssl/opensslv.h
-fips_drbg_ctr.o: ../../include/openssl/ossl_typ.h
-fips_drbg_ctr.o: ../../include/openssl/safestack.h
-fips_drbg_ctr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_drbg_ctr.o: fips_drbg_ctr.c fips_rand_lcl.h
-fips_drbg_ec.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_drbg_ec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_drbg_ec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_drbg_ec.o: ../../include/openssl/ec.h ../../include/openssl/evp.h
-fips_drbg_ec.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_drbg_ec.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
-fips_drbg_ec.o: ../../include/openssl/objects.h
-fips_drbg_ec.o: ../../include/openssl/opensslconf.h
-fips_drbg_ec.o: ../../include/openssl/opensslv.h
-fips_drbg_ec.o: ../../include/openssl/ossl_typ.h
-fips_drbg_ec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_drbg_ec.o: ../../include/openssl/symhacks.h fips_drbg_ec.c fips_rand_lcl.h
-fips_drbg_hash.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_drbg_hash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-fips_drbg_hash.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_drbg_hash.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_drbg_hash.o: ../../include/openssl/fips_rand.h
-fips_drbg_hash.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
-fips_drbg_hash.o: ../../include/openssl/objects.h
-fips_drbg_hash.o: ../../include/openssl/opensslconf.h
-fips_drbg_hash.o: ../../include/openssl/opensslv.h
-fips_drbg_hash.o: ../../include/openssl/ossl_typ.h
-fips_drbg_hash.o: ../../include/openssl/safestack.h
-fips_drbg_hash.o: ../../include/openssl/stack.h
-fips_drbg_hash.o: ../../include/openssl/symhacks.h fips_drbg_hash.c
-fips_drbg_hash.o: fips_rand_lcl.h
-fips_drbg_hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_drbg_hmac.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-fips_drbg_hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_drbg_hmac.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_drbg_hmac.o: ../../include/openssl/fips_rand.h
-fips_drbg_hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
-fips_drbg_hmac.o: ../../include/openssl/objects.h
-fips_drbg_hmac.o: ../../include/openssl/opensslconf.h
-fips_drbg_hmac.o: ../../include/openssl/opensslv.h
-fips_drbg_hmac.o: ../../include/openssl/ossl_typ.h
-fips_drbg_hmac.o: ../../include/openssl/safestack.h
-fips_drbg_hmac.o: ../../include/openssl/stack.h
-fips_drbg_hmac.o: ../../include/openssl/symhacks.h fips_drbg_hmac.c
-fips_drbg_hmac.o: fips_rand_lcl.h
-fips_drbg_lib.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_drbg_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-fips_drbg_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_drbg_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_drbg_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
-fips_drbg_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-fips_drbg_lib.o: ../../include/openssl/objects.h
-fips_drbg_lib.o: ../../include/openssl/opensslconf.h
-fips_drbg_lib.o: ../../include/openssl/opensslv.h
-fips_drbg_lib.o: ../../include/openssl/ossl_typ.h
-fips_drbg_lib.o: ../../include/openssl/safestack.h
-fips_drbg_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_drbg_lib.o: fips_drbg_lib.c fips_rand_lcl.h
-fips_drbg_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_drbg_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-fips_drbg_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_drbg_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_drbg_rand.o: ../../include/openssl/fips_rand.h
-fips_drbg_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_drbg_rand.o: ../../include/openssl/obj_mac.h
-fips_drbg_rand.o: ../../include/openssl/objects.h
-fips_drbg_rand.o: ../../include/openssl/opensslconf.h
-fips_drbg_rand.o: ../../include/openssl/opensslv.h
-fips_drbg_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-fips_drbg_rand.o: ../../include/openssl/safestack.h
-fips_drbg_rand.o: ../../include/openssl/stack.h
-fips_drbg_rand.o: ../../include/openssl/symhacks.h fips_drbg_rand.c
-fips_drbg_rand.o: fips_rand_lcl.h
-fips_drbg_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_drbg_selftest.o: ../../include/openssl/bio.h
-fips_drbg_selftest.o: ../../include/openssl/crypto.h
-fips_drbg_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_drbg_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_drbg_selftest.o: ../../include/openssl/fips_rand.h
-fips_drbg_selftest.o: ../../include/openssl/hmac.h
-fips_drbg_selftest.o: ../../include/openssl/lhash.h
-fips_drbg_selftest.o: ../../include/openssl/obj_mac.h
-fips_drbg_selftest.o: ../../include/openssl/objects.h
-fips_drbg_selftest.o: ../../include/openssl/opensslconf.h
-fips_drbg_selftest.o: ../../include/openssl/opensslv.h
-fips_drbg_selftest.o: ../../include/openssl/ossl_typ.h
-fips_drbg_selftest.o: ../../include/openssl/safestack.h
-fips_drbg_selftest.o: ../../include/openssl/stack.h
-fips_drbg_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
-fips_drbg_selftest.o: fips_drbg_selftest.c fips_drbg_selftest.h fips_rand_lcl.h
-fips_drbgvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_drbgvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_drbgvs.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-fips_drbgvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_drbgvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_drbgvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_drbgvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_drbgvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_drbgvs.o: ../../include/openssl/opensslconf.h
-fips_drbgvs.o: ../../include/openssl/opensslv.h
-fips_drbgvs.o: ../../include/openssl/ossl_typ.h
-fips_drbgvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_drbgvs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_drbgvs.c
-fips_rand.o: ../../e_os.h ../../include/openssl/aes.h
-fips_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_rand.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-fips_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_rand.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
-fips_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-fips_rand.o: ../../include/openssl/objects.h
-fips_rand.o: ../../include/openssl/opensslconf.h
-fips_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-fips_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-fips_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_rand.o: ../fips_locl.h fips_rand.c
-fips_rand_lib.o: ../../e_os.h ../../include/openssl/aes.h
-fips_rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-fips_rand_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_rand_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
-fips_rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-fips_rand_lib.o: ../../include/openssl/objects.h
-fips_rand_lib.o: ../../include/openssl/opensslconf.h
-fips_rand_lib.o: ../../include/openssl/opensslv.h
-fips_rand_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-fips_rand_lib.o: ../../include/openssl/safestack.h
-fips_rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_rand_lib.o: fips_rand_lib.c
-fips_rand_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_rand_selftest.o: ../../include/openssl/bio.h
-fips_rand_selftest.o: ../../include/openssl/crypto.h
-fips_rand_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_rand_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_rand_selftest.o: ../../include/openssl/fips.h
-fips_rand_selftest.o: ../../include/openssl/fips_rand.h
-fips_rand_selftest.o: ../../include/openssl/hmac.h
-fips_rand_selftest.o: ../../include/openssl/lhash.h
-fips_rand_selftest.o: ../../include/openssl/obj_mac.h
-fips_rand_selftest.o: ../../include/openssl/objects.h
-fips_rand_selftest.o: ../../include/openssl/opensslconf.h
-fips_rand_selftest.o: ../../include/openssl/opensslv.h
-fips_rand_selftest.o: ../../include/openssl/ossl_typ.h
-fips_rand_selftest.o: ../../include/openssl/rand.h
-fips_rand_selftest.o: ../../include/openssl/safestack.h
-fips_rand_selftest.o: ../../include/openssl/stack.h
-fips_rand_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
-fips_rand_selftest.o: fips_rand_selftest.c
-fips_randtest.o: ../../e_os.h ../../include/openssl/aes.h
-fips_randtest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_randtest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_randtest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_randtest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_randtest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_randtest.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_randtest.o: ../../include/openssl/obj_mac.h
-fips_randtest.o: ../../include/openssl/objects.h
-fips_randtest.o: ../../include/openssl/opensslconf.h
-fips_randtest.o: ../../include/openssl/opensslv.h
-fips_randtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-fips_randtest.o: ../../include/openssl/safestack.h
-fips_randtest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_randtest.o: ../fips_utl.h fips_randtest.c
-fips_rngvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_rngvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_rngvs.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-fips_rngvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_rngvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_rngvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_rngvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_rngvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_rngvs.o: ../../include/openssl/opensslconf.h
-fips_rngvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-fips_rngvs.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-fips_rngvs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_rngvs.o: ../fips_utl.h fips_rngvs.c
+++ /dev/null
-/* fips/rand/fips_drbg_ctr.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include "fips_rand_lcl.h"
-
-static void inc_128(DRBG_CTR_CTX *cctx)
- {
- int i;
- unsigned char c;
- unsigned char *p = cctx->V + 15;
- for (i = 0; i < 16; i++)
- {
- c = *p;
- c++;
- *p = c;
- if (c)
- return;
- p--;
- }
- }
-
-static void ctr_XOR(DRBG_CTR_CTX *cctx, const unsigned char *in, size_t inlen)
- {
- size_t i, n;
- /* Any zero padding will have no effect on the result as we
- * are XORing. So just process however much input we have.
- */
-
- if (!in || !inlen)
- return;
-
- if (inlen < cctx->keylen)
- n = inlen;
- else
- n = cctx->keylen;
-
- for (i = 0; i < n; i++)
- cctx->K[i] ^= in[i];
- if (inlen <= cctx->keylen)
- return;
-
- n = inlen - cctx->keylen;
- /* Should never happen */
- if (n > 16)
- n = 16;
- for (i = 0; i < 16; i++)
- cctx->V[i] ^= in[i + cctx->keylen];
- }
-
-/* Process a complete block using BCC algorithm of SPP 800-90 10.4.3 */
-
-static void ctr_BCC_block(DRBG_CTR_CTX *cctx, unsigned char *out,
- const unsigned char *in)
- {
- int i;
- for (i = 0; i < 16; i++)
- out[i] ^= in[i];
- AES_encrypt(out, out, &cctx->df_ks);
-#if 0
-fprintf(stderr, "BCC in+out\n");
-BIO_dump_fp(stderr, in, 16);
-BIO_dump_fp(stderr, out, 16);
-#endif
- }
-
-/* Handle several BCC operations for as much data as we need for K and X */
-static void ctr_BCC_blocks(DRBG_CTR_CTX *cctx, const unsigned char *in)
- {
- ctr_BCC_block(cctx, cctx->KX, in);
- ctr_BCC_block(cctx, cctx->KX + 16, in);
- if (cctx->keylen != 16)
- ctr_BCC_block(cctx, cctx->KX + 32, in);
- }
-/* Initialise BCC blocks: these have the value 0,1,2 in leftmost positions:
- * see 10.4.2 stage 7.
- */
-static void ctr_BCC_init(DRBG_CTR_CTX *cctx)
- {
- memset(cctx->KX, 0, 48);
- memset(cctx->bltmp, 0, 16);
- ctr_BCC_block(cctx, cctx->KX, cctx->bltmp);
- cctx->bltmp[3] = 1;
- ctr_BCC_block(cctx, cctx->KX + 16, cctx->bltmp);
- if (cctx->keylen != 16)
- {
- cctx->bltmp[3] = 2;
- ctr_BCC_block(cctx, cctx->KX + 32, cctx->bltmp);
- }
- }
-
-/* Process several blocks into BCC algorithm, some possibly partial */
-static void ctr_BCC_update(DRBG_CTR_CTX *cctx,
- const unsigned char *in, size_t inlen)
- {
- if (!in || !inlen)
- return;
- /* If we have partial block handle it first */
- if (cctx->bltmp_pos)
- {
- size_t left = 16 - cctx->bltmp_pos;
- /* If we now have a complete block process it */
- if (inlen >= left)
- {
- memcpy(cctx->bltmp + cctx->bltmp_pos, in, left);
- ctr_BCC_blocks(cctx, cctx->bltmp);
- cctx->bltmp_pos = 0;
- inlen -= left;
- in += left;
- }
- }
- /* Process zero or more complete blocks */
- while (inlen >= 16)
- {
- ctr_BCC_blocks(cctx, in);
- in += 16;
- inlen -= 16;
- }
- /* Copy any remaining partial block to the temporary buffer */
- if (inlen > 0)
- {
- memcpy(cctx->bltmp + cctx->bltmp_pos, in, inlen);
- cctx->bltmp_pos += inlen;
- }
- }
-
-static void ctr_BCC_final(DRBG_CTR_CTX *cctx)
- {
- if (cctx->bltmp_pos)
- {
- memset(cctx->bltmp + cctx->bltmp_pos, 0, 16 - cctx->bltmp_pos);
- ctr_BCC_blocks(cctx, cctx->bltmp);
- }
- }
-
-static void ctr_df(DRBG_CTR_CTX *cctx,
- const unsigned char *in1, size_t in1len,
- const unsigned char *in2, size_t in2len,
- const unsigned char *in3, size_t in3len)
- {
- size_t inlen;
- unsigned char *p = cctx->bltmp;
- static unsigned char c80 = 0x80;
-
- ctr_BCC_init(cctx);
- if (!in1)
- in1len = 0;
- if (!in2)
- in2len = 0;
- if (!in3)
- in3len = 0;
- inlen = in1len + in2len + in3len;
- /* Initialise L||N in temporary block */
- *p++ = (inlen >> 24) & 0xff;
- *p++ = (inlen >> 16) & 0xff;
- *p++ = (inlen >> 8) & 0xff;
- *p++ = inlen & 0xff;
- /* NB keylen is at most 32 bytes */
- *p++ = 0;
- *p++ = 0;
- *p++ = 0;
- *p = (unsigned char)((cctx->keylen + 16) & 0xff);
- cctx->bltmp_pos = 8;
- ctr_BCC_update(cctx, in1, in1len);
- ctr_BCC_update(cctx, in2, in2len);
- ctr_BCC_update(cctx, in3, in3len);
- ctr_BCC_update(cctx, &c80, 1);
- ctr_BCC_final(cctx);
- /* Set up key K */
- AES_set_encrypt_key(cctx->KX, cctx->keylen * 8, &cctx->df_kxks);
- /* X follows key K */
- AES_encrypt(cctx->KX + cctx->keylen, cctx->KX, &cctx->df_kxks);
- AES_encrypt(cctx->KX, cctx->KX + 16, &cctx->df_kxks);
- if (cctx->keylen != 16)
- AES_encrypt(cctx->KX + 16, cctx->KX + 32, &cctx->df_kxks);
-#if 0
-fprintf(stderr, "Output of ctr_df:\n");
-BIO_dump_fp(stderr, cctx->KX, cctx->keylen + 16);
-#endif
- }
-
-/* NB the no-df Update in SP800-90 specifies a constant input length
- * of seedlen, however other uses of this algorithm pad the input with
- * zeroes if necessary and have up to two parameters XORed together,
- * handle both cases in this function instead.
- */
-
-static void ctr_Update(DRBG_CTX *dctx,
- const unsigned char *in1, size_t in1len,
- const unsigned char *in2, size_t in2len,
- const unsigned char *nonce, size_t noncelen)
- {
- DRBG_CTR_CTX *cctx = &dctx->d.ctr;
- /* ks is already setup for correct key */
- inc_128(cctx);
- AES_encrypt(cctx->V, cctx->K, &cctx->ks);
- /* If keylen longer than 128 bits need extra encrypt */
- if (cctx->keylen != 16)
- {
- inc_128(cctx);
- AES_encrypt(cctx->V, cctx->K + 16, &cctx->ks);
- }
- inc_128(cctx);
- AES_encrypt(cctx->V, cctx->V, &cctx->ks);
- /* If 192 bit key part of V is on end of K */
- if (cctx->keylen == 24)
- {
- memcpy(cctx->V + 8, cctx->V, 8);
- memcpy(cctx->V, cctx->K + 24, 8);
- }
-
- if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
- {
- /* If no input reuse existing derived value */
- if (in1 || nonce || in2)
- ctr_df(cctx, in1, in1len, nonce, noncelen, in2, in2len);
- /* If this a reuse input in1len != 0 */
- if (in1len)
- ctr_XOR(cctx, cctx->KX, dctx->seedlen);
- }
- else
- {
- ctr_XOR(cctx, in1, in1len);
- ctr_XOR(cctx, in2, in2len);
- }
-
- AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
-#if 0
-fprintf(stderr, "K+V after update is:\n");
-BIO_dump_fp(stderr, cctx->K, cctx->keylen);
-BIO_dump_fp(stderr, cctx->V, 16);
-#endif
- }
-
-static int drbg_ctr_instantiate(DRBG_CTX *dctx,
- const unsigned char *ent, size_t entlen,
- const unsigned char *nonce, size_t noncelen,
- const unsigned char *pers, size_t perslen)
- {
- DRBG_CTR_CTX *cctx = &dctx->d.ctr;
- memset(cctx->K, 0, sizeof(cctx->K));
- memset(cctx->V, 0, sizeof(cctx->V));
- AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
- ctr_Update(dctx, ent, entlen, pers, perslen, nonce, noncelen);
- return 1;
- }
-
-static int drbg_ctr_reseed(DRBG_CTX *dctx,
- const unsigned char *ent, size_t entlen,
- const unsigned char *adin, size_t adinlen)
- {
- ctr_Update(dctx, ent, entlen, adin, adinlen, NULL, 0);
- return 1;
- }
-
-static int drbg_ctr_generate(DRBG_CTX *dctx,
- unsigned char *out, size_t outlen,
- const unsigned char *adin, size_t adinlen)
- {
- DRBG_CTR_CTX *cctx = &dctx->d.ctr;
- if (adin && adinlen)
- {
- ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
- /* This means we reuse derived value */
- if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
- {
- adin = NULL;
- adinlen = 1;
- }
- }
- else
- adinlen = 0;
-
- for (;;)
- {
- inc_128(cctx);
- if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
- {
- AES_encrypt(cctx->V, dctx->lb, &cctx->ks);
- dctx->lb_valid = 1;
- continue;
- }
- if (outlen < 16)
- {
- /* Use K as temp space as it will be updated */
- AES_encrypt(cctx->V, cctx->K, &cctx->ks);
- if (!fips_drbg_cprng_test(dctx, cctx->K))
- return 0;
- memcpy(out, cctx->K, outlen);
- break;
- }
- AES_encrypt(cctx->V, out, &cctx->ks);
- if (!fips_drbg_cprng_test(dctx, out))
- return 0;
- out += 16;
- outlen -= 16;
- if (outlen == 0)
- break;
- }
-
- ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
-
- return 1;
-
- }
-
-static int drbg_ctr_uninstantiate(DRBG_CTX *dctx)
- {
- memset(&dctx->d.ctr, 0, sizeof(DRBG_CTR_CTX));
- return 1;
- }
-
-int fips_drbg_ctr_init(DRBG_CTX *dctx)
- {
- DRBG_CTR_CTX *cctx = &dctx->d.ctr;
-
- size_t keylen;
-
- switch (dctx->type)
- {
- case NID_aes_128_ctr:
- keylen = 16;
- break;
-
- case NID_aes_192_ctr:
- keylen = 24;
- break;
-
- case NID_aes_256_ctr:
- keylen = 32;
- break;
-
- default:
- return -2;
- }
-
- dctx->instantiate = drbg_ctr_instantiate;
- dctx->reseed = drbg_ctr_reseed;
- dctx->generate = drbg_ctr_generate;
- dctx->uninstantiate = drbg_ctr_uninstantiate;
-
- cctx->keylen = keylen;
- dctx->strength = keylen * 8;
- dctx->blocklength = 16;
- dctx->seedlen = keylen + 16;
-
- if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
- {
- /* df initialisation */
- static unsigned char df_key[32] =
- {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
- 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
- 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f
- };
- /* Set key schedule for df_key */
- AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks);
-
- dctx->min_entropy = cctx->keylen;
- dctx->max_entropy = DRBG_MAX_LENGTH;
- dctx->min_nonce = dctx->min_entropy / 2;
- dctx->max_nonce = DRBG_MAX_LENGTH;
- dctx->max_pers = DRBG_MAX_LENGTH;
- dctx->max_adin = DRBG_MAX_LENGTH;
- }
- else
- {
- dctx->min_entropy = dctx->seedlen;
- dctx->max_entropy = dctx->seedlen;
- /* Nonce not used */
- dctx->min_nonce = 0;
- dctx->max_nonce = 0;
- dctx->max_pers = dctx->seedlen;
- dctx->max_adin = dctx->seedlen;
- }
-
- dctx->max_request = 1<<16;
- dctx->reseed_interval = 1<<24;
-
- return 1;
- }
+++ /dev/null
-/* fips/rand/fips_drbg_ec.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include <openssl/bn.h>
-#include "fips_rand_lcl.h"
-
-/*#define EC_DRBG_TRACE*/
-
-#ifdef EC_DRBG_TRACE
-static void hexprint(FILE *out, const unsigned char *buf, int buflen)
- {
- int i;
- fprintf(out, "\t");
- for (i = 0; i < buflen; i++)
- fprintf(out, "%02X", buf[i]);
- fprintf(out, "\n");
- }
-static void bnprint(FILE *out, const char *name, const BIGNUM *b)
- {
- unsigned char *tmp;
- int len;
- len = BN_num_bytes(b);
- tmp = OPENSSL_malloc(len);
- BN_bn2bin(b, tmp);
- fprintf(out, "%s\n", name);
- hexprint(out, tmp, len);
- OPENSSL_free(tmp);
- }
-#if 0
-static void ecprint(FILE *out, EC_GROUP *grp, EC_POINT *pt)
- {
- BIGNUM *x, *y;
- x = BN_new();
- y = BN_new();
- EC_POINT_get_affine_coordinates_GFp(grp, pt, x, y, NULL);
- bnprint(out, "\tPoint X: ", x);
- bnprint(out, "\tPoint Y: ", y);
- BN_free(x);
- BN_free(y);
- }
-#endif
-#endif
-
-/* This is Hash_df from SP 800-90 10.4.1 */
-
-static int hash_df(DRBG_CTX *dctx, unsigned char *out,
- const unsigned char *in1, size_t in1len,
- const unsigned char *in2, size_t in2len,
- const unsigned char *in3, size_t in3len)
- {
- DRBG_EC_CTX *ectx = &dctx->d.ec;
- EVP_MD_CTX *mctx = &ectx->mctx;
- unsigned char *vtmp = ectx->vtmp;
- unsigned char tmp[6];
- size_t mdlen = M_EVP_MD_size(ectx->md);
- /* Standard only ever needs seedlen bytes which is always less than
- * maximum permitted so no need to check length.
- */
- size_t outlen = dctx->seedlen;
- size_t nbits = (outlen << 3) - ectx->exbits;
- tmp[0] = 1;
- tmp[1] = (nbits >> 24) & 0xff;
- tmp[2] = (nbits >> 16) & 0xff;
- tmp[3] = (nbits >> 8) & 0xff;
- tmp[4] = nbits & 0xff;
- if (!in1)
- {
- tmp[5] = (unsigned char)in1len;
- in1 = tmp + 5;
- in1len = 1;
- }
- for (;;)
- {
- if (!FIPS_digestinit(mctx, ectx->md))
- return 0;
- if (!FIPS_digestupdate(mctx, tmp, 5))
- return 0;
- if (in1 && !FIPS_digestupdate(mctx, in1, in1len))
- return 0;
- if (in2 && !FIPS_digestupdate(mctx, in2, in2len))
- return 0;
- if (in3 && !FIPS_digestupdate(mctx, in3, in3len))
- return 0;
- if (outlen < mdlen)
- {
- if (!FIPS_digestfinal(mctx, vtmp, NULL))
- return 0;
- memcpy(out, vtmp, outlen);
- OPENSSL_cleanse(vtmp, mdlen);
- return 1;
- }
- else if(!FIPS_digestfinal(mctx, out, NULL))
- return 0;
-
- outlen -= mdlen;
- if (outlen == 0)
- return 1;
- tmp[0]++;
- out += mdlen;
- }
- }
-
-static int bn2binpad(unsigned char *to, size_t tolen, BIGNUM *b)
- {
- size_t blen;
- blen = BN_num_bytes(b);
- /* If BIGNUM length greater than buffer, mask to get rightmost
- * bytes. NB: modifies b but this doesn't matter for our purposes.
- */
- if (blen > tolen)
- {
- BN_mask_bits(b, tolen << 3);
- /* Update length because mask operation might create leading
- * zeroes.
- */
- blen = BN_num_bytes(b);
- }
- /* If b length smaller than buffer pad with zeroes */
- if (blen < tolen)
- {
- memset(to, 0, tolen - blen);
- to += tolen - blen;
- }
-
- /* This call cannot fail */
- BN_bn2bin(b, to);
- return 1;
- }
-/* Convert buffer to a BIGNUM discarding extra bits if necessary */
-static int bin2bnbits(DRBG_CTX *dctx, BIGNUM *r, const unsigned char *buf)
- {
- DRBG_EC_CTX *ectx = &dctx->d.ec;
- if (!BN_bin2bn(buf, dctx->seedlen, r))
- return 0;
- /* If we have extra bits right shift off the end of r */
- if (ectx->exbits)
- {
- if (!BN_rshift(r, r, ectx->exbits))
- return 0;
- }
- return 1;
- }
-
-/* Calculate r = phi(s * P) or r= phi(s * Q) */
-
-static int drbg_ec_mul(DRBG_EC_CTX *ectx, BIGNUM *r, const BIGNUM *s, int use_q)
- {
- if (use_q)
- {
- if (!EC_POINT_mul(ectx->curve, ectx->ptmp,
- NULL, ectx->Q, s, ectx->bctx))
- return 0;
- }
- else
- {
- if (!EC_POINT_mul(ectx->curve, ectx->ptmp,
- s, NULL, NULL, ectx->bctx))
- return 0;
- }
- /* Get x coordinate of result */
- if (!EC_POINT_get_affine_coordinates_GFp(ectx->curve, ectx->ptmp, r,
- NULL, ectx->bctx))
- return 0;
- return 1;
- }
-
-static int drbg_ec_instantiate(DRBG_CTX *dctx,
- const unsigned char *ent, size_t ent_len,
- const unsigned char *nonce, size_t nonce_len,
- const unsigned char *pstr, size_t pstr_len)
- {
- DRBG_EC_CTX *ectx = &dctx->d.ec;
- if (!hash_df(dctx, ectx->sbuf,
- ent, ent_len, nonce, nonce_len, pstr, pstr_len))
- return 0;
- if (!bin2bnbits(dctx, ectx->s, ectx->sbuf))
- return 0;
- return 1;
- }
-
-
-static int drbg_ec_reseed(DRBG_CTX *dctx,
- const unsigned char *ent, size_t ent_len,
- const unsigned char *adin, size_t adin_len)
- {
- DRBG_EC_CTX *ectx = &dctx->d.ec;
- /* Convert s value to a binary buffer. Save it to tbuf as we are
- * about to overwrite it.
- */
- if (ectx->exbits)
- BN_lshift(ectx->s, ectx->s, ectx->exbits);
- bn2binpad(ectx->tbuf, dctx->seedlen, ectx->s);
- if (!hash_df(dctx, ectx->sbuf, ectx->tbuf, dctx->seedlen,
- ent, ent_len, adin, adin_len))
- return 0;
- if (!bin2bnbits(dctx, ectx->s, ectx->sbuf))
- return 0;
- dctx->reseed_counter = 0;
- return 1;
- }
-
-static int drbg_ec_generate(DRBG_CTX *dctx,
- unsigned char *out, size_t outlen,
- const unsigned char *adin, size_t adin_len)
- {
- DRBG_EC_CTX *ectx = &dctx->d.ec;
- BIGNUM *t, *r;
- BIGNUM *s = ectx->s;
- /* special case: check reseed interval */
- if (out == NULL)
- {
- size_t nb = (outlen + dctx->blocklength - 1)/dctx->blocklength;
- if (dctx->reseed_counter + nb > dctx->reseed_interval)
- dctx->status = DRBG_STATUS_RESEED;
- return 1;
- }
-
- BN_CTX_start(ectx->bctx);
- r = BN_CTX_get(ectx->bctx);
- if (!r)
- goto err;
- if (adin && adin_len)
- {
- size_t i;
- t = BN_CTX_get(ectx->bctx);
- if (!t)
- goto err;
- /* Convert s to buffer */
- if (ectx->exbits)
- BN_lshift(s, s, ectx->exbits);
- bn2binpad(ectx->sbuf, dctx->seedlen, s);
- /* Step 2 */
- if (!hash_df(dctx, ectx->tbuf, adin, adin_len,
- NULL, 0, NULL, 0))
- goto err;
- /* Step 5 */
- for (i = 0; i < dctx->seedlen; i++)
- ectx->tbuf[i] ^= ectx->sbuf[i];
- if (!bin2bnbits(dctx, t, ectx->tbuf))
- return 0;
- }
- else
- /* Note if no additional input the algorithm never
- * needs separate values for t and s.
- */
- t = s;
-
-#ifdef EC_DRBG_TRACE
- bnprint(stderr, "s at start of generate: ", s);
-#endif
-
- for (;;)
- {
- /* Step #6, calculate s = t * P */
- if (!drbg_ec_mul(ectx, s, t, 0))
- goto err;
-#ifdef EC_DRBG_TRACE
- bnprint(stderr, "s in generate: ", ectx->s);
-#endif
- /* Step #7, calculate r = s * Q */
- if (!drbg_ec_mul(ectx, r, s, 1))
- goto err;
-#ifdef EC_DRBG_TRACE
- bnprint(stderr, "r in generate is: ", r);
-#endif
- dctx->reseed_counter++;
- /* Get rightmost bits of r to output buffer */
-
- if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
- {
- if (!bn2binpad(dctx->lb, dctx->blocklength, r))
- goto err;
- dctx->lb_valid = 1;
- continue;
- }
- if (outlen < dctx->blocklength)
- {
- if (!bn2binpad(ectx->vtmp, dctx->blocklength, r))
- goto err;
- if (!fips_drbg_cprng_test(dctx, ectx->vtmp))
- goto err;
- memcpy(out, ectx->vtmp, outlen);
- break;
- }
- else
- {
- if (!bn2binpad(out, dctx->blocklength, r))
- goto err;
- if (!fips_drbg_cprng_test(dctx, out))
- goto err;
- }
- outlen -= dctx->blocklength;
- if (!outlen)
- break;
- out += dctx->blocklength;
- /* Step #5 after first pass */
- t = s;
-#ifdef EC_DRBG_TRACE
- fprintf(stderr, "Random bits written:\n");
- hexprint(stderr, out, dctx->blocklength);
-#endif
- }
- if (!drbg_ec_mul(ectx, ectx->s, ectx->s, 0))
- return 0;
-#ifdef EC_DRBG_TRACE
- bnprint(stderr, "s after generate is: ", s);
-#endif
- BN_CTX_end(ectx->bctx);
- return 1;
- err:
- BN_CTX_end(ectx->bctx);
- return 0;
- }
-
-static int drbg_ec_uninstantiate(DRBG_CTX *dctx)
- {
- DRBG_EC_CTX *ectx = &dctx->d.ec;
- EVP_MD_CTX_cleanup(&ectx->mctx);
- EC_GROUP_free(ectx->curve);
- EC_POINT_free(ectx->Q);
- EC_POINT_free(ectx->ptmp);
- BN_clear_free(ectx->s);
- BN_CTX_free(ectx->bctx);
- OPENSSL_cleanse(&dctx->d.ec, sizeof(DRBG_EC_CTX));
- return 1;
- }
-
-/* Q points from SP 800-90 A.1, P is generator */
-
-__fips_constseg
-static const unsigned char p_256_qx[] = {
- 0xc9,0x74,0x45,0xf4,0x5c,0xde,0xf9,0xf0,0xd3,0xe0,0x5e,0x1e,
- 0x58,0x5f,0xc2,0x97,0x23,0x5b,0x82,0xb5,0xbe,0x8f,0xf3,0xef,
- 0xca,0x67,0xc5,0x98,0x52,0x01,0x81,0x92
-};
-__fips_constseg
-static const unsigned char p_256_qy[] = {
- 0xb2,0x8e,0xf5,0x57,0xba,0x31,0xdf,0xcb,0xdd,0x21,0xac,0x46,
- 0xe2,0xa9,0x1e,0x3c,0x30,0x4f,0x44,0xcb,0x87,0x05,0x8a,0xda,
- 0x2c,0xb8,0x15,0x15,0x1e,0x61,0x00,0x46
-};
-
-__fips_constseg
-static const unsigned char p_384_qx[] = {
- 0x8e,0x72,0x2d,0xe3,0x12,0x5b,0xdd,0xb0,0x55,0x80,0x16,0x4b,
- 0xfe,0x20,0xb8,0xb4,0x32,0x21,0x6a,0x62,0x92,0x6c,0x57,0x50,
- 0x2c,0xee,0xde,0x31,0xc4,0x78,0x16,0xed,0xd1,0xe8,0x97,0x69,
- 0x12,0x41,0x79,0xd0,0xb6,0x95,0x10,0x64,0x28,0x81,0x50,0x65
-};
-__fips_constseg
-static const unsigned char p_384_qy[] = {
- 0x02,0x3b,0x16,0x60,0xdd,0x70,0x1d,0x08,0x39,0xfd,0x45,0xee,
- 0xc3,0x6f,0x9e,0xe7,0xb3,0x2e,0x13,0xb3,0x15,0xdc,0x02,0x61,
- 0x0a,0xa1,0xb6,0x36,0xe3,0x46,0xdf,0x67,0x1f,0x79,0x0f,0x84,
- 0xc5,0xe0,0x9b,0x05,0x67,0x4d,0xbb,0x7e,0x45,0xc8,0x03,0xdd
-};
-
-__fips_constseg
-static const unsigned char p_521_qx[] = {
- 0x01,0xb9,0xfa,0x3e,0x51,0x8d,0x68,0x3c,0x6b,0x65,0x76,0x36,
- 0x94,0xac,0x8e,0xfb,0xae,0xc6,0xfa,0xb4,0x4f,0x22,0x76,0x17,
- 0x1a,0x42,0x72,0x65,0x07,0xdd,0x08,0xad,0xd4,0xc3,0xb3,0xf4,
- 0xc1,0xeb,0xc5,0xb1,0x22,0x2d,0xdb,0xa0,0x77,0xf7,0x22,0x94,
- 0x3b,0x24,0xc3,0xed,0xfa,0x0f,0x85,0xfe,0x24,0xd0,0xc8,0xc0,
- 0x15,0x91,0xf0,0xbe,0x6f,0x63
-};
-__fips_constseg
-static const unsigned char p_521_qy[] = {
- 0x01,0xf3,0xbd,0xba,0x58,0x52,0x95,0xd9,0xa1,0x11,0x0d,0x1d,
- 0xf1,0xf9,0x43,0x0e,0xf8,0x44,0x2c,0x50,0x18,0x97,0x6f,0xf3,
- 0x43,0x7e,0xf9,0x1b,0x81,0xdc,0x0b,0x81,0x32,0xc8,0xd5,0xc3,
- 0x9c,0x32,0xd0,0xe0,0x04,0xa3,0x09,0x2b,0x7d,0x32,0x7c,0x0e,
- 0x7a,0x4d,0x26,0xd2,0xc7,0xb6,0x9b,0x58,0xf9,0x06,0x66,0x52,
- 0x91,0x1e,0x45,0x77,0x79,0xde
-};
-
-int fips_drbg_ec_init(DRBG_CTX *dctx)
- {
- const EVP_MD *md;
- const unsigned char *Q_x, *Q_y;
- BIGNUM *x, *y;
- size_t ptlen;
- int md_nid = dctx->type & 0xffff;
- int curve_nid = dctx->type >> 16;
- DRBG_EC_CTX *ectx = &dctx->d.ec;
- md = FIPS_get_digestbynid(md_nid);
- if (!md)
- return -2;
-
- /* These are taken from SP 800-90 10.3.1 table 4 */
- switch (curve_nid)
- {
- case NID_X9_62_prime256v1:
- dctx->strength = 128;
- dctx->seedlen = 32;
- dctx->blocklength = 30;
- ectx->exbits = 0;
- Q_x = p_256_qx;
- Q_y = p_256_qy;
- ptlen = sizeof(p_256_qx);
- break;
-
- case NID_secp384r1:
- if (md_nid == NID_sha1)
- return -2;
- dctx->strength = 192;
- dctx->seedlen = 48;
- dctx->blocklength = 46;
- ectx->exbits = 0;
- Q_x = p_384_qx;
- Q_y = p_384_qy;
- ptlen = sizeof(p_384_qx);
- break;
-
- case NID_secp521r1:
- if (md_nid == NID_sha1 || md_nid == NID_sha224)
- return -2;
- dctx->strength = 256;
- dctx->seedlen = 66;
- dctx->blocklength = 63;
- ectx->exbits = 7;
- Q_x = p_521_qx;
- Q_y = p_521_qy;
- ptlen = sizeof(p_521_qx);
- break;
-
- default:
- return -2;
- }
-
- dctx->iflags |= DRBG_CUSTOM_RESEED;
- dctx->reseed_counter = 0;
- dctx->instantiate = drbg_ec_instantiate;
- dctx->reseed = drbg_ec_reseed;
- dctx->generate = drbg_ec_generate;
- dctx->uninstantiate = drbg_ec_uninstantiate;
-
- ectx->md = md;
- EVP_MD_CTX_init(&ectx->mctx);
-
- dctx->min_entropy = dctx->strength / 8;
- dctx->max_entropy = 2 << 10;
-
- dctx->min_nonce = dctx->min_entropy / 2;
- dctx->max_nonce = 2 << 10;
-
- dctx->max_pers = 2 << 10;
- dctx->max_adin = 2 << 10;
-
- dctx->reseed_interval = 1<<24;
- dctx->max_request = dctx->reseed_interval * dctx->blocklength;
-
- /* Setup internal structures */
- ectx->bctx = BN_CTX_new();
- if (!ectx->bctx)
- return 0;
- BN_CTX_start(ectx->bctx);
-
- ectx->s = BN_new();
-
- ectx->curve = EC_GROUP_new_by_curve_name(curve_nid);
-
- ectx->Q = EC_POINT_new(ectx->curve);
- ectx->ptmp = EC_POINT_new(ectx->curve);
-
- x = BN_CTX_get(ectx->bctx);
- y = BN_CTX_get(ectx->bctx);
-
- if (!ectx->s || !ectx->curve || !ectx->Q || !y)
- goto err;
-
- if (!BN_bin2bn(Q_x, ptlen, x) || !BN_bin2bn(Q_y, ptlen, y))
- goto err;
- if (!EC_POINT_set_affine_coordinates_GFp(ectx->curve, ectx->Q,
- x, y, ectx->bctx))
- goto err;
-
- BN_CTX_end(ectx->bctx);
-
- return 1;
- err:
- BN_CTX_end(ectx->bctx);
- drbg_ec_uninstantiate(dctx);
- return 0;
- }
+++ /dev/null
-/* fips/rand/fips_drbg_hash.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include "fips_rand_lcl.h"
-
-/* This is Hash_df from SP 800-90 10.4.1 */
-
-static int hash_df(DRBG_CTX *dctx, unsigned char *out,
- const unsigned char *in1, size_t in1len,
- const unsigned char *in2, size_t in2len,
- const unsigned char *in3, size_t in3len,
- const unsigned char *in4, size_t in4len)
- {
- EVP_MD_CTX *mctx = &dctx->d.hash.mctx;
- unsigned char *vtmp = dctx->d.hash.vtmp;
- unsigned char tmp[6];
- /* Standard only ever needs seedlen bytes which is always less than
- * maximum permitted so no need to check length.
- */
- size_t outlen = dctx->seedlen;
- tmp[0] = 1;
- tmp[1] = ((outlen * 8) >> 24) & 0xff;
- tmp[2] = ((outlen * 8) >> 16) & 0xff;
- tmp[3] = ((outlen * 8) >> 8) & 0xff;
- tmp[4] = (outlen * 8) & 0xff;
- if (!in1)
- {
- tmp[5] = (unsigned char)in1len;
- in1 = tmp + 5;
- in1len = 1;
- }
- for (;;)
- {
- if (!FIPS_digestinit(mctx, dctx->d.hash.md))
- return 0;
- if (!FIPS_digestupdate(mctx, tmp, 5))
- return 0;
- if (in1 && !FIPS_digestupdate(mctx, in1, in1len))
- return 0;
- if (in2 && !FIPS_digestupdate(mctx, in2, in2len))
- return 0;
- if (in3 && !FIPS_digestupdate(mctx, in3, in3len))
- return 0;
- if (in4 && !FIPS_digestupdate(mctx, in4, in4len))
- return 0;
- if (outlen < dctx->blocklength)
- {
- if (!FIPS_digestfinal(mctx, vtmp, NULL))
- return 0;
- memcpy(out, vtmp, outlen);
- OPENSSL_cleanse(vtmp, dctx->blocklength);
- return 1;
- }
- else if(!FIPS_digestfinal(mctx, out, NULL))
- return 0;
-
- outlen -= dctx->blocklength;
- if (outlen == 0)
- return 1;
- tmp[0]++;
- out += dctx->blocklength;
- }
- }
-
-
-/* Add an unsigned buffer to the buf value, storing the result in buf. For
- * this algorithm the length of input never exceeds the seed length.
- */
-
-static void ctx_add_buf(DRBG_CTX *dctx, unsigned char *buf,
- unsigned char *in, size_t inlen)
- {
- size_t i = inlen;
- const unsigned char *q;
- unsigned char c, *p;
- p = buf + dctx->seedlen;
- q = in + inlen;
-
- OPENSSL_assert(i <= dctx->seedlen);
-
- /* Special case: zero length, just increment buffer */
- if (i)
- c = 0;
- else
- c = 1;
-
- while (i)
- {
- int r;
- p--;
- q--;
- r = *p + *q + c;
- /* Carry */
- if (r > 0xff)
- c = 1;
- else
- c = 0;
- *p = r & 0xff;
- i--;
- }
-
- i = dctx->seedlen - inlen;
-
- /* If not adding whole buffer handle final carries */
- if (c && i)
- {
- do
- {
- p--;
- c = *p;
- c++;
- *p = c;
- if(c)
- return;
- } while(i--);
- }
- }
-
-/* Finalise and add hash to V */
-
-static int ctx_add_md(DRBG_CTX *dctx)
- {
- if (!FIPS_digestfinal(&dctx->d.hash.mctx, dctx->d.hash.vtmp, NULL))
- return 0;
- ctx_add_buf(dctx, dctx->d.hash.V, dctx->d.hash.vtmp, dctx->blocklength);
- return 1;
- }
-
-static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
- {
- DRBG_HASH_CTX *hctx = &dctx->d.hash;
- if (outlen == 0)
- return 1;
- memcpy(hctx->vtmp, hctx->V, dctx->seedlen);
- for(;;)
- {
- FIPS_digestinit(&hctx->mctx, hctx->md);
- FIPS_digestupdate(&hctx->mctx, hctx->vtmp, dctx->seedlen);
- if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
- {
- FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL);
- dctx->lb_valid = 1;
- }
- else if (outlen < dctx->blocklength)
- {
- FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL);
- if (!fips_drbg_cprng_test(dctx, hctx->vtmp))
- return 0;
- memcpy(out, hctx->vtmp, outlen);
- return 1;
- }
- else
- {
- FIPS_digestfinal(&hctx->mctx, out, NULL);
- if (!fips_drbg_cprng_test(dctx, out))
- return 0;
- outlen -= dctx->blocklength;
- if (outlen == 0)
- return 1;
- out += dctx->blocklength;
- }
- ctx_add_buf(dctx, hctx->vtmp, NULL, 0);
- }
- }
-
-static int drbg_hash_instantiate(DRBG_CTX *dctx,
- const unsigned char *ent, size_t ent_len,
- const unsigned char *nonce, size_t nonce_len,
- const unsigned char *pstr, size_t pstr_len)
- {
- DRBG_HASH_CTX *hctx = &dctx->d.hash;
- if (!hash_df(dctx, hctx->V,
- ent, ent_len, nonce, nonce_len, pstr, pstr_len,
- NULL, 0))
- return 0;
- if (!hash_df(dctx, hctx->C,
- NULL, 0, hctx->V, dctx->seedlen,
- NULL, 0, NULL, 0))
- return 0;
-
-#ifdef HASH_DRBG_TRACE
- fprintf(stderr, "V+C after instantiate:\n");
- hexprint(stderr, hctx->V, dctx->seedlen);
- hexprint(stderr, hctx->C, dctx->seedlen);
-#endif
- return 1;
- }
-
-
-static int drbg_hash_reseed(DRBG_CTX *dctx,
- const unsigned char *ent, size_t ent_len,
- const unsigned char *adin, size_t adin_len)
- {
- DRBG_HASH_CTX *hctx = &dctx->d.hash;
- /* V about to be updated so use C as output instead */
- if (!hash_df(dctx, hctx->C,
- NULL, 1, hctx->V, dctx->seedlen,
- ent, ent_len, adin, adin_len))
- return 0;
- memcpy(hctx->V, hctx->C, dctx->seedlen);
- if (!hash_df(dctx, hctx->C, NULL, 0,
- hctx->V, dctx->seedlen, NULL, 0, NULL, 0))
- return 0;
-#ifdef HASH_DRBG_TRACE
- fprintf(stderr, "V+C after reseed:\n");
- hexprint(stderr, hctx->V, dctx->seedlen);
- hexprint(stderr, hctx->C, dctx->seedlen);
-#endif
- return 1;
- }
-
-static int drbg_hash_generate(DRBG_CTX *dctx,
- unsigned char *out, size_t outlen,
- const unsigned char *adin, size_t adin_len)
- {
- DRBG_HASH_CTX *hctx = &dctx->d.hash;
- EVP_MD_CTX *mctx = &hctx->mctx;
- unsigned char tmp[4];
- if (adin && adin_len)
- {
- tmp[0] = 2;
- if (!FIPS_digestinit(mctx, hctx->md))
- return 0;
- if (!EVP_DigestUpdate(mctx, tmp, 1))
- return 0;
- if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
- return 0;
- if (!EVP_DigestUpdate(mctx, adin, adin_len))
- return 0;
- if (!ctx_add_md(dctx))
- return 0;
- }
- if (!hash_gen(dctx, out, outlen))
- return 0;
-
- tmp[0] = 3;
- if (!FIPS_digestinit(mctx, hctx->md))
- return 0;
- if (!EVP_DigestUpdate(mctx, tmp, 1))
- return 0;
- if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
- return 0;
-
- if (!ctx_add_md(dctx))
- return 0;
-
- ctx_add_buf(dctx, hctx->V, hctx->C, dctx->seedlen);
-
- tmp[0] = (dctx->reseed_counter >> 24) & 0xff;
- tmp[1] = (dctx->reseed_counter >> 16) & 0xff;
- tmp[2] = (dctx->reseed_counter >> 8) & 0xff;
- tmp[3] = dctx->reseed_counter & 0xff;
- ctx_add_buf(dctx, hctx->V, tmp, 4);
-#ifdef HASH_DRBG_TRACE
- fprintf(stderr, "V+C after generate:\n");
- hexprint(stderr, hctx->V, dctx->seedlen);
- hexprint(stderr, hctx->C, dctx->seedlen);
-#endif
- return 1;
- }
-
-static int drbg_hash_uninstantiate(DRBG_CTX *dctx)
- {
- EVP_MD_CTX_cleanup(&dctx->d.hash.mctx);
- OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX));
- return 1;
- }
-
-int fips_drbg_hash_init(DRBG_CTX *dctx)
- {
- const EVP_MD *md;
- DRBG_HASH_CTX *hctx = &dctx->d.hash;
- md = FIPS_get_digestbynid(dctx->type);
- if (!md)
- return -2;
- switch (dctx->type)
- {
- case NID_sha1:
- dctx->strength = 128;
- break;
-
- case NID_sha224:
- dctx->strength = 192;
- break;
-
- default:
- dctx->strength = 256;
- break;
- }
-
- dctx->instantiate = drbg_hash_instantiate;
- dctx->reseed = drbg_hash_reseed;
- dctx->generate = drbg_hash_generate;
- dctx->uninstantiate = drbg_hash_uninstantiate;
-
- dctx->d.hash.md = md;
- EVP_MD_CTX_init(&hctx->mctx);
-
- /* These are taken from SP 800-90 10.1 table 2 */
-
- dctx->blocklength = M_EVP_MD_size(md);
- if (dctx->blocklength > 32)
- dctx->seedlen = 111;
- else
- dctx->seedlen = 55;
-
-
- dctx->min_entropy = dctx->strength / 8;
- dctx->max_entropy = DRBG_MAX_LENGTH;
-
- dctx->min_nonce = dctx->min_entropy / 2;
- dctx->max_nonce = DRBG_MAX_LENGTH;
-
- dctx->max_pers = DRBG_MAX_LENGTH;
- dctx->max_adin = DRBG_MAX_LENGTH;
-
- dctx->max_request = 1<<16;
- dctx->reseed_interval = 1<<24;
-
- return 1;
- }
+++ /dev/null
-/* fips/rand/fips_drbg_hmac.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/aes.h>
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include "fips_rand_lcl.h"
-
-static int drbg_hmac_update(DRBG_CTX *dctx,
- const unsigned char *in1, size_t in1len,
- const unsigned char *in2, size_t in2len,
- const unsigned char *in3, size_t in3len
- )
- {
- static unsigned char c0 = 0, c1 = 1;
- DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
- HMAC_CTX *hctx = &hmac->hctx;
-
- if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
- return 0;
- if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
- return 0;
- if (!HMAC_Update(hctx, &c0, 1))
- return 0;
- if (in1len && !HMAC_Update(hctx, in1, in1len))
- return 0;
- if (in2len && !HMAC_Update(hctx, in2, in2len))
- return 0;
- if (in3len && !HMAC_Update(hctx, in3, in3len))
- return 0;
-
- if (!HMAC_Final(hctx, hmac->K, NULL))
- return 0;
-
- if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
- return 0;
- if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
- return 0;
-
- if (!HMAC_Final(hctx, hmac->V, NULL))
- return 0;
-
- if (!in1len && !in2len && !in3len)
- return 1;
-
- if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
- return 0;
- if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
- return 0;
- if (!HMAC_Update(hctx, &c1, 1))
- return 0;
- if (in1len && !HMAC_Update(hctx, in1, in1len))
- return 0;
- if (in2len && !HMAC_Update(hctx, in2, in2len))
- return 0;
- if (in3len && !HMAC_Update(hctx, in3, in3len))
- return 0;
-
- if (!HMAC_Final(hctx, hmac->K, NULL))
- return 0;
-
- if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
- return 0;
- if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
- return 0;
-
- if (!HMAC_Final(hctx, hmac->V, NULL))
- return 0;
-
- return 1;
-
- }
-
-static int drbg_hmac_instantiate(DRBG_CTX *dctx,
- const unsigned char *ent, size_t ent_len,
- const unsigned char *nonce, size_t nonce_len,
- const unsigned char *pstr, size_t pstr_len)
- {
- DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
- memset(hmac->K, 0, dctx->blocklength);
- memset(hmac->V, 1, dctx->blocklength);
- if (!drbg_hmac_update(dctx,
- ent, ent_len, nonce, nonce_len, pstr, pstr_len))
- return 0;
-
-#ifdef HMAC_DRBG_TRACE
- fprintf(stderr, "K+V after instantiate:\n");
- hexprint(stderr, hmac->K, hmac->blocklength);
- hexprint(stderr, hmac->V, hmac->blocklength);
-#endif
- return 1;
- }
-
-static int drbg_hmac_reseed(DRBG_CTX *dctx,
- const unsigned char *ent, size_t ent_len,
- const unsigned char *adin, size_t adin_len)
- {
- if (!drbg_hmac_update(dctx,
- ent, ent_len, adin, adin_len, NULL, 0))
- return 0;
-
-#ifdef HMAC_DRBG_TRACE
- {
- DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
- fprintf(stderr, "K+V after reseed:\n");
- hexprint(stderr, hmac->K, hmac->blocklength);
- hexprint(stderr, hmac->V, hmac->blocklength);
- }
-#endif
- return 1;
- }
-
-static int drbg_hmac_generate(DRBG_CTX *dctx,
- unsigned char *out, size_t outlen,
- const unsigned char *adin, size_t adin_len)
- {
- DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
- HMAC_CTX *hctx = &hmac->hctx;
- const unsigned char *Vtmp = hmac->V;
- if (adin_len && !drbg_hmac_update(dctx, adin, adin_len,
- NULL, 0, NULL, 0))
- return 0;
- for (;;)
- {
- if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength,
- hmac->md, NULL))
- return 0;
- if (!HMAC_Update(hctx, Vtmp, dctx->blocklength))
- return 0;
- if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
- {
- if (!HMAC_Final(hctx, dctx->lb, NULL))
- return 0;
- dctx->lb_valid = 1;
- Vtmp = dctx->lb;
- continue;
- }
- else if (outlen > dctx->blocklength)
- {
- if (!HMAC_Final(hctx, out, NULL))
- return 0;
- if (!fips_drbg_cprng_test(dctx, out))
- return 0;
- Vtmp = out;
- }
- else
- {
- if (!HMAC_Final(hctx, hmac->V, NULL))
- return 0;
- if (!fips_drbg_cprng_test(dctx, hmac->V))
- return 0;
- memcpy(out, hmac->V, outlen);
- break;
- }
- out += dctx->blocklength;
- outlen -= dctx->blocklength;
- }
- if (!drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0))
- return 0;
-
- return 1;
- }
-
-static int drbg_hmac_uninstantiate(DRBG_CTX *dctx)
- {
- HMAC_CTX_cleanup(&dctx->d.hmac.hctx);
- OPENSSL_cleanse(&dctx->d.hmac, sizeof(DRBG_HMAC_CTX));
- return 1;
- }
-
-int fips_drbg_hmac_init(DRBG_CTX *dctx)
- {
- const EVP_MD *md = NULL;
- DRBG_HMAC_CTX *hctx = &dctx->d.hmac;
- dctx->strength = 256;
- switch (dctx->type)
- {
- case NID_hmacWithSHA1:
- md = EVP_sha1();
- dctx->strength = 128;
- break;
-
- case NID_hmacWithSHA224:
- md = EVP_sha224();
- dctx->strength = 192;
- break;
-
- case NID_hmacWithSHA256:
- md = EVP_sha256();
- break;
-
- case NID_hmacWithSHA384:
- md = EVP_sha384();
- break;
-
- case NID_hmacWithSHA512:
- md = EVP_sha512();
- break;
-
- default:
- dctx->strength = 0;
- return -2;
- }
- dctx->instantiate = drbg_hmac_instantiate;
- dctx->reseed = drbg_hmac_reseed;
- dctx->generate = drbg_hmac_generate;
- dctx->uninstantiate = drbg_hmac_uninstantiate;
- HMAC_CTX_init(&hctx->hctx);
- hctx->md = md;
- dctx->blocklength = M_EVP_MD_size(md);
- dctx->seedlen = M_EVP_MD_size(md);
-
- dctx->min_entropy = dctx->strength / 8;
- dctx->max_entropy = DRBG_MAX_LENGTH;
-
- dctx->min_nonce = dctx->min_entropy / 2;
- dctx->max_nonce = DRBG_MAX_LENGTH;
-
- dctx->max_pers = DRBG_MAX_LENGTH;
- dctx->max_adin = DRBG_MAX_LENGTH;
-
- dctx->max_request = 1<<16;
- dctx->reseed_interval = 1<<24;
-
- return 1;
- }
+++ /dev/null
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/fips_rand.h>
-#include "fips_rand_lcl.h"
-
-/* Support framework for SP800-90 DRBGs */
-
-int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
- {
- int rv;
- memset(dctx, 0, sizeof(DRBG_CTX));
- dctx->status = DRBG_STATUS_UNINITIALISED;
- dctx->xflags = flags;
- dctx->type = type;
-
- dctx->iflags = 0;
- dctx->entropy_blocklen = 0;
- dctx->health_check_cnt = 0;
- dctx->health_check_interval = DRBG_HEALTH_INTERVAL;
-
- rv = fips_drbg_hash_init(dctx);
-
- if (rv == -2)
- rv = fips_drbg_ctr_init(dctx);
- if (rv == -2)
- rv = fips_drbg_hmac_init(dctx);
- if (rv == -2)
- rv = fips_drbg_ec_init(dctx);
-
- if (rv <= 0)
- {
- if (rv == -2)
- FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_UNSUPPORTED_DRBG_TYPE);
- else
- FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_ERROR_INITIALISING_DRBG);
- }
-
- /* If not in test mode run selftests on DRBG of the same type */
-
- if (!(dctx->xflags & DRBG_FLAG_TEST))
- {
- if (!FIPS_drbg_health_check(dctx))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);
- return 0;
- }
- }
-
- return rv;
- }
-
-DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
- {
- DRBG_CTX *dctx;
- dctx = OPENSSL_malloc(sizeof(DRBG_CTX));
- if (!dctx)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_NEW, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- if (type == 0)
- {
- memset(dctx, 0, sizeof(DRBG_CTX));
- dctx->type = 0;
- dctx->status = DRBG_STATUS_UNINITIALISED;
- return dctx;
- }
-
- if (FIPS_drbg_init(dctx, type, flags) <= 0)
- {
- OPENSSL_free(dctx);
- return NULL;
- }
-
- return dctx;
- }
-
-void FIPS_drbg_free(DRBG_CTX *dctx)
- {
- if (dctx->uninstantiate)
- dctx->uninstantiate(dctx);
- /* Don't free up default DRBG */
- if (dctx == FIPS_get_default_drbg())
- {
- memset(dctx, 0, sizeof(DRBG_CTX));
- dctx->type = 0;
- dctx->status = DRBG_STATUS_UNINITIALISED;
- }
- else
- {
- OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
- OPENSSL_free(dctx);
- }
- }
-
-static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len)
- {
- unsigned char *tout, *p;
- size_t bl = dctx->entropy_blocklen, rv;
- if (!dctx->get_entropy)
- return 0;
- if (dctx->xflags & DRBG_FLAG_TEST || !bl)
- return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
- rv = dctx->get_entropy(dctx, &tout, entropy + bl,
- min_len + bl, max_len + bl);
- *pout = tout + bl;
- if (rv < (min_len + bl) || (rv % bl))
- return 0;
- /* Compare consecutive blocks for continuous PRNG test */
- for (p = tout; p < tout + rv - bl; p += bl)
- {
- if (!memcmp(p, p + bl, bl))
- {
- FIPSerr(FIPS_F_FIPS_GET_ENTROPY, FIPS_R_ENTROPY_SOURCE_STUCK);
- return 0;
- }
- }
- rv -= bl;
- if (rv > max_len)
- return max_len;
- return rv;
- }
-
-static void fips_cleanup_entropy(DRBG_CTX *dctx,
- unsigned char *out, size_t olen)
- {
- size_t bl;
- if (dctx->xflags & DRBG_FLAG_TEST)
- bl = 0;
- else
- bl = dctx->entropy_blocklen;
- /* Call cleanup with original arguments */
- dctx->cleanup_entropy(dctx, out - bl, olen + bl);
- }
-
-
-int FIPS_drbg_instantiate(DRBG_CTX *dctx,
- const unsigned char *pers, size_t perslen)
- {
- size_t entlen = 0, noncelen = 0;
- unsigned char *nonce = NULL, *entropy = NULL;
-
-#if 0
- /* Put here so error script picks them up */
- FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE,
- FIPS_R_PERSONALISATION_STRING_TOO_LONG);
- FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_IN_ERROR_STATE);
- FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ALREADY_INSTANTIATED);
- FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY);
- FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE);
- FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR);
- FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED);
-#endif
-
- int r = 0;
-
- if (perslen > dctx->max_pers)
- {
- r = FIPS_R_PERSONALISATION_STRING_TOO_LONG;
- goto end;
- }
-
- if (!dctx->instantiate)
- {
- r = FIPS_R_DRBG_NOT_INITIALISED;
- goto end;
- }
-
- if (dctx->status != DRBG_STATUS_UNINITIALISED)
- {
- if (dctx->status == DRBG_STATUS_ERROR)
- r = FIPS_R_IN_ERROR_STATE;
- else
- r = FIPS_R_ALREADY_INSTANTIATED;
- goto end;
- }
-
- dctx->status = DRBG_STATUS_ERROR;
-
- entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
- dctx->min_entropy, dctx->max_entropy);
-
- if (entlen < dctx->min_entropy || entlen > dctx->max_entropy)
- {
- r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
- goto end;
- }
-
- if (dctx->max_nonce > 0 && dctx->get_nonce)
- {
- noncelen = dctx->get_nonce(dctx, &nonce,
- dctx->strength / 2,
- dctx->min_nonce, dctx->max_nonce);
-
- if (noncelen < dctx->min_nonce || noncelen > dctx->max_nonce)
- {
- r = FIPS_R_ERROR_RETRIEVING_NONCE;
- goto end;
- }
-
- }
-
- if (!dctx->instantiate(dctx,
- entropy, entlen,
- nonce, noncelen,
- pers, perslen))
- {
- r = FIPS_R_ERROR_INSTANTIATING_DRBG;
- goto end;
- }
-
-
- dctx->status = DRBG_STATUS_READY;
- if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
- dctx->reseed_counter = 1;
-
- end:
-
- if (entropy && dctx->cleanup_entropy)
- fips_cleanup_entropy(dctx, entropy, entlen);
-
- if (nonce && dctx->cleanup_nonce)
- dctx->cleanup_nonce(dctx, nonce, noncelen);
-
- if (dctx->status == DRBG_STATUS_READY)
- return 1;
-
- if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
- FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, r);
-
- return 0;
-
- }
-
-static int drbg_reseed(DRBG_CTX *dctx,
- const unsigned char *adin, size_t adinlen, int hcheck)
- {
- unsigned char *entropy = NULL;
- size_t entlen = 0;
- int r = 0;
-
-#if 0
- FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_NOT_INSTANTIATED);
- FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
-#endif
- if (dctx->status != DRBG_STATUS_READY
- && dctx->status != DRBG_STATUS_RESEED)
- {
- if (dctx->status == DRBG_STATUS_ERROR)
- r = FIPS_R_IN_ERROR_STATE;
- else if(dctx->status == DRBG_STATUS_UNINITIALISED)
- r = FIPS_R_NOT_INSTANTIATED;
- goto end;
- }
-
- if (!adin)
- adinlen = 0;
- else if (adinlen > dctx->max_adin)
- {
- r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
- goto end;
- }
-
- dctx->status = DRBG_STATUS_ERROR;
- /* Peform health check on all reseed operations if not a prediction
- * resistance request and not in test mode.
- */
- if (hcheck && !(dctx->xflags & DRBG_FLAG_TEST))
- {
- if (!FIPS_drbg_health_check(dctx))
- {
- r = FIPS_R_SELFTEST_FAILURE;
- goto end;
- }
- }
-
- entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
- dctx->min_entropy, dctx->max_entropy);
-
- if (entlen < dctx->min_entropy || entlen > dctx->max_entropy)
- {
- r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
- goto end;
- }
-
- if (!dctx->reseed(dctx, entropy, entlen, adin, adinlen))
- goto end;
-
- dctx->status = DRBG_STATUS_READY;
- if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
- dctx->reseed_counter = 1;
- end:
-
- if (entropy && dctx->cleanup_entropy)
- fips_cleanup_entropy(dctx, entropy, entlen);
-
- if (dctx->status == DRBG_STATUS_READY)
- return 1;
-
- if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
- FIPSerr(FIPS_F_DRBG_RESEED, r);
-
- return 0;
- }
-
-int FIPS_drbg_reseed(DRBG_CTX *dctx,
- const unsigned char *adin, size_t adinlen)
- {
- return drbg_reseed(dctx, adin, adinlen, 1);
- }
-
-static int fips_drbg_check(DRBG_CTX *dctx)
- {
- if (dctx->xflags & DRBG_FLAG_TEST)
- return 1;
- dctx->health_check_cnt++;
- if (dctx->health_check_cnt >= dctx->health_check_interval)
- {
- if (!FIPS_drbg_health_check(dctx))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE);
- return 0;
- }
- }
- return 1;
- }
-
-int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
- int prediction_resistance,
- const unsigned char *adin, size_t adinlen)
- {
- int r = 0;
-
- if (FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED);
- return 0;
- }
-
- if (!fips_drbg_check(dctx))
- return 0;
-
- if (dctx->status != DRBG_STATUS_READY
- && dctx->status != DRBG_STATUS_RESEED)
- {
- if (dctx->status == DRBG_STATUS_ERROR)
- r = FIPS_R_IN_ERROR_STATE;
- else if(dctx->status == DRBG_STATUS_UNINITIALISED)
- r = FIPS_R_NOT_INSTANTIATED;
- goto end;
- }
-
- if (outlen > dctx->max_request)
- {
- r = FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG;
- return 0;
- }
-
- if (adinlen > dctx->max_adin)
- {
- r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
- goto end;
- }
-
- if (dctx->iflags & DRBG_CUSTOM_RESEED)
- dctx->generate(dctx, NULL, outlen, NULL, 0);
- else if (dctx->reseed_counter >= dctx->reseed_interval)
- dctx->status = DRBG_STATUS_RESEED;
-
- if (dctx->status == DRBG_STATUS_RESEED || prediction_resistance)
- {
- /* If prediction resistance request don't do health check */
- int hcheck = prediction_resistance ? 0 : 1;
-
- if (!drbg_reseed(dctx, adin, adinlen, hcheck))
- {
- r = FIPS_R_RESEED_ERROR;
- goto end;
- }
- adin = NULL;
- adinlen = 0;
- }
-
- if (!dctx->generate(dctx, out, outlen, adin, adinlen))
- {
- r = FIPS_R_GENERATE_ERROR;
- dctx->status = DRBG_STATUS_ERROR;
- goto end;
- }
- if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
- {
- if (dctx->reseed_counter >= dctx->reseed_interval)
- dctx->status = DRBG_STATUS_RESEED;
- else
- dctx->reseed_counter++;
- }
-
- end:
- if (r)
- {
- if (!(dctx->iflags & DRBG_FLAG_NOERR))
- FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, r);
- return 0;
- }
-
- return 1;
- }
-
-int FIPS_drbg_uninstantiate(DRBG_CTX *dctx)
- {
- int rv;
- if (!dctx->uninstantiate)
- rv = 1;
- else
- rv = dctx->uninstantiate(dctx);
- /* Although we'd like to cleanse here we can't because we have to
- * test the uninstantiate really zeroes the data.
- */
- memset(&dctx->d, 0, sizeof(dctx->d));
- dctx->status = DRBG_STATUS_UNINITIALISED;
- /* If method has problems uninstantiating, return error */
- return rv;
- }
-
-int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
- size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len),
- void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
- size_t entropy_blocklen,
- size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len),
- void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen))
- {
- if (dctx->status != DRBG_STATUS_UNINITIALISED)
- return 0;
- dctx->entropy_blocklen = entropy_blocklen;
- dctx->get_entropy = get_entropy;
- dctx->cleanup_entropy = cleanup_entropy;
- dctx->get_nonce = get_nonce;
- dctx->cleanup_nonce = cleanup_nonce;
- return 1;
- }
-
-int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
- size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout),
- void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
- int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num),
- int (*rand_add_cb)(DRBG_CTX *ctx,
- const void *buf, int num, double entropy))
- {
- if (dctx->status != DRBG_STATUS_UNINITIALISED)
- return 0;
- dctx->get_adin = get_adin;
- dctx->cleanup_adin = cleanup_adin;
- dctx->rand_seed_cb = rand_seed_cb;
- dctx->rand_add_cb = rand_add_cb;
- return 1;
- }
-
-void *FIPS_drbg_get_app_data(DRBG_CTX *dctx)
- {
- return dctx->app_data;
- }
-
-void FIPS_drbg_set_app_data(DRBG_CTX *dctx, void *app_data)
- {
- dctx->app_data = app_data;
- }
-
-size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx)
- {
- return dctx->blocklength;
- }
-
-int FIPS_drbg_get_strength(DRBG_CTX *dctx)
- {
- return dctx->strength;
- }
-
-void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval)
- {
- dctx->health_check_interval = interval;
- }
-
-void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval)
- {
- dctx->reseed_interval = interval;
- }
-
-static int drbg_stick = 0;
-
-void FIPS_drbg_stick(int onoff)
- {
- drbg_stick = onoff;
- }
-
-/* Continuous DRBG utility function */
-int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out)
- {
- /* No CPRNG in test mode */
- if (dctx->xflags & DRBG_FLAG_TEST)
- return 1;
- /* Check block is valid: should never happen */
- if (dctx->lb_valid == 0)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_INTERNAL_ERROR);
- fips_set_selftest_fail();
- return 0;
- }
- if (drbg_stick)
- memcpy(dctx->lb, out, dctx->blocklength);
- /* Check against last block: fail if match */
- if (!memcmp(dctx->lb, out, dctx->blocklength))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_DRBG_STUCK);
- fips_set_selftest_fail();
- return 0;
- }
- /* Save last block for next comparison */
- memcpy(dctx->lb, out, dctx->blocklength);
- return 1;
- }
+++ /dev/null
-/* fips/rand/fips_drbg_rand.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/fips_rand.h>
-#include "fips_rand_lcl.h"
-
-/* Mapping of SP800-90 DRBGs to OpenSSL RAND_METHOD */
-
-/* Since we only have one global PRNG used at any time in OpenSSL use a global
- * variable to store context.
- */
-
-static DRBG_CTX ossl_dctx;
-
-DRBG_CTX *FIPS_get_default_drbg(void)
- {
- return &ossl_dctx;
- }
-
-static int fips_drbg_bytes(unsigned char *out, int count)
- {
- DRBG_CTX *dctx = &ossl_dctx;
- int rv = 0;
- unsigned char *adin = NULL;
- size_t adinlen = 0;
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- do
- {
- size_t rcnt;
- if (count > (int)dctx->max_request)
- rcnt = dctx->max_request;
- else
- rcnt = count;
- if (dctx->get_adin)
- {
- adinlen = dctx->get_adin(dctx, &adin);
- if (adinlen && !adin)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_BYTES, FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT);
- goto err;
- }
- }
- rv = FIPS_drbg_generate(dctx, out, rcnt, 0, adin, adinlen);
- if (adin)
- {
- if (dctx->cleanup_adin)
- dctx->cleanup_adin(dctx, adin, adinlen);
- adin = NULL;
- }
- if (!rv)
- goto err;
- out += rcnt;
- count -= rcnt;
- }
- while (count);
- rv = 1;
- err:
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- return rv;
- }
-
-static int fips_drbg_pseudo(unsigned char *out, int count)
- {
- if (fips_drbg_bytes(out, count) <= 0)
- return -1;
- return 1;
- }
-
-static int fips_drbg_status(void)
- {
- DRBG_CTX *dctx = &ossl_dctx;
- int rv;
- CRYPTO_r_lock(CRYPTO_LOCK_RAND);
- rv = dctx->status == DRBG_STATUS_READY ? 1 : 0;
- CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
- return rv;
- }
-
-static void fips_drbg_cleanup(void)
- {
- DRBG_CTX *dctx = &ossl_dctx;
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- FIPS_drbg_uninstantiate(dctx);
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- }
-
-static int fips_drbg_seed(const void *seed, int seedlen)
- {
- DRBG_CTX *dctx = &ossl_dctx;
- if (dctx->rand_seed_cb)
- return dctx->rand_seed_cb(dctx, seed, seedlen);
- return 1;
- }
-
-static int fips_drbg_add(const void *seed, int seedlen,
- double add_entropy)
- {
- DRBG_CTX *dctx = &ossl_dctx;
- if (dctx->rand_add_cb)
- return dctx->rand_add_cb(dctx, seed, seedlen, add_entropy);
- return 1;
- }
-
-static const RAND_METHOD rand_drbg_meth =
- {
- fips_drbg_seed,
- fips_drbg_bytes,
- fips_drbg_cleanup,
- fips_drbg_add,
- fips_drbg_pseudo,
- fips_drbg_status
- };
-
-const RAND_METHOD *FIPS_drbg_method(void)
- {
- return &rand_drbg_meth;
- }
-
+++ /dev/null
-/* fips/rand/fips_drbg_selftest.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/fips_rand.h>
-#include "fips_rand_lcl.h"
-#include "fips_locl.h"
-
-#include "fips_drbg_selftest.h"
-
-typedef struct {
- int post;
- int nid;
- unsigned int flags;
-
- /* KAT data for no PR */
- const unsigned char *ent;
- size_t entlen;
- const unsigned char *nonce;
- size_t noncelen;
- const unsigned char *pers;
- size_t perslen;
- const unsigned char *adin;
- size_t adinlen;
- const unsigned char *entreseed;
- size_t entreseedlen;
- const unsigned char *adinreseed;
- size_t adinreseedlen;
- const unsigned char *adin2;
- size_t adin2len;
- const unsigned char *kat;
- size_t katlen;
- const unsigned char *kat2;
- size_t kat2len;
-
- /* KAT data for PR */
- const unsigned char *ent_pr;
- size_t entlen_pr;
- const unsigned char *nonce_pr;
- size_t noncelen_pr;
- const unsigned char *pers_pr;
- size_t perslen_pr;
- const unsigned char *adin_pr;
- size_t adinlen_pr;
- const unsigned char *entpr_pr;
- size_t entprlen_pr;
- const unsigned char *ading_pr;
- size_t adinglen_pr;
- const unsigned char *entg_pr;
- size_t entglen_pr;
- const unsigned char *kat_pr;
- size_t katlen_pr;
- const unsigned char *kat2_pr;
- size_t kat2len_pr;
-
- } DRBG_SELFTEST_DATA;
-
-#define make_drbg_test_data(nid, flag, pr, p) {p, nid, flag | DRBG_FLAG_TEST, \
- pr##_entropyinput, sizeof(pr##_entropyinput), \
- pr##_nonce, sizeof(pr##_nonce), \
- pr##_personalizationstring, sizeof(pr##_personalizationstring), \
- pr##_additionalinput, sizeof(pr##_additionalinput), \
- pr##_entropyinputreseed, sizeof(pr##_entropyinputreseed), \
- pr##_additionalinputreseed, sizeof(pr##_additionalinputreseed), \
- pr##_additionalinput2, sizeof(pr##_additionalinput2), \
- pr##_int_returnedbits, sizeof(pr##_int_returnedbits), \
- pr##_returnedbits, sizeof(pr##_returnedbits), \
- pr##_pr_entropyinput, sizeof(pr##_pr_entropyinput), \
- pr##_pr_nonce, sizeof(pr##_pr_nonce), \
- pr##_pr_personalizationstring, sizeof(pr##_pr_personalizationstring), \
- pr##_pr_additionalinput, sizeof(pr##_pr_additionalinput), \
- pr##_pr_entropyinputpr, sizeof(pr##_pr_entropyinputpr), \
- pr##_pr_additionalinput2, sizeof(pr##_pr_additionalinput2), \
- pr##_pr_entropyinputpr2, sizeof(pr##_pr_entropyinputpr2), \
- pr##_pr_int_returnedbits, sizeof(pr##_pr_int_returnedbits), \
- pr##_pr_returnedbits, sizeof(pr##_pr_returnedbits), \
- }
-
-#define make_drbg_test_data_df(nid, pr, p) \
- make_drbg_test_data(nid, DRBG_FLAG_CTR_USE_DF, pr, p)
-
-#define make_drbg_test_data_ec(curve, md, pr, p) \
- make_drbg_test_data((curve << 16) | md , 0, pr, p)
-
-static DRBG_SELFTEST_DATA drbg_test[] = {
- make_drbg_test_data_df(NID_aes_128_ctr, aes_128_use_df, 0),
- make_drbg_test_data_df(NID_aes_192_ctr, aes_192_use_df, 0),
- make_drbg_test_data_df(NID_aes_256_ctr, aes_256_use_df, 1),
- make_drbg_test_data(NID_aes_128_ctr, 0, aes_128_no_df, 0),
- make_drbg_test_data(NID_aes_192_ctr, 0, aes_192_no_df, 0),
- make_drbg_test_data(NID_aes_256_ctr, 0, aes_256_no_df, 1),
- make_drbg_test_data(NID_sha1, 0, sha1, 0),
- make_drbg_test_data(NID_sha224, 0, sha224, 0),
- make_drbg_test_data(NID_sha256, 0, sha256, 1),
- make_drbg_test_data(NID_sha384, 0, sha384, 0),
- make_drbg_test_data(NID_sha512, 0, sha512, 0),
- make_drbg_test_data(NID_hmacWithSHA1, 0, hmac_sha1, 0),
- make_drbg_test_data(NID_hmacWithSHA224, 0, hmac_sha224, 0),
- make_drbg_test_data(NID_hmacWithSHA256, 0, hmac_sha256, 1),
- make_drbg_test_data(NID_hmacWithSHA384, 0, hmac_sha384, 0),
- make_drbg_test_data(NID_hmacWithSHA512, 0, hmac_sha512, 0),
- make_drbg_test_data_ec(NID_X9_62_prime256v1, NID_sha1, p_256_sha1, 0),
- make_drbg_test_data_ec(NID_X9_62_prime256v1, NID_sha224, p_256_sha224, 0),
- make_drbg_test_data_ec(NID_X9_62_prime256v1, NID_sha256, p_256_sha256, 1),
- make_drbg_test_data_ec(NID_X9_62_prime256v1, NID_sha384, p_256_sha384, 0),
- make_drbg_test_data_ec(NID_X9_62_prime256v1, NID_sha512, p_256_sha512, 0),
- make_drbg_test_data_ec(NID_secp384r1, NID_sha224, p_384_sha224, 0),
- make_drbg_test_data_ec(NID_secp384r1, NID_sha256, p_384_sha256, 0),
- make_drbg_test_data_ec(NID_secp384r1, NID_sha384, p_384_sha384, 0),
- make_drbg_test_data_ec(NID_secp384r1, NID_sha512, p_384_sha512, 0),
- make_drbg_test_data_ec(NID_secp521r1, NID_sha256, p_521_sha256, 0),
- make_drbg_test_data_ec(NID_secp521r1, NID_sha384, p_521_sha384, 0),
- make_drbg_test_data_ec(NID_secp521r1, NID_sha512, p_521_sha512, 0),
- {0,0,0}
- };
-
-typedef struct
- {
- const unsigned char *ent;
- size_t entlen;
- int entcnt;
- const unsigned char *nonce;
- size_t noncelen;
- int noncecnt;
- } TEST_ENT;
-
-static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len)
- {
- TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
- *pout = (unsigned char *)t->ent;
- t->entcnt++;
- return t->entlen;
- }
-
-static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len)
- {
- TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
- *pout = (unsigned char *)t->nonce;
- t->noncecnt++;
- return t->noncelen;
- }
-
-static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
- int quick)
- {
- TEST_ENT t;
- int rv = 0;
- size_t adinlen;
- unsigned char randout[1024];
-
- /* Initial test without PR */
-
- /* Instantiate DRBG with test entropy, nonce and personalisation
- * string.
- */
-
- if (!FIPS_drbg_init(dctx, td->nid, td->flags))
- return 0;
- if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
- return 0;
-
- FIPS_drbg_set_app_data(dctx, &t);
-
- t.ent = td->ent;
- t.entlen = td->entlen;
- t.nonce = td->nonce;
- t.noncelen = td->noncelen;
- t.entcnt = 0;
- t.noncecnt = 0;
-
- if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
- goto err;
-
- /* Note for CTR without DF some additional input values
- * ignore bytes after the keylength: so reduce adinlen
- * to half to ensure invalid data is fed in.
- */
- if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
- adinlen = td->adinlen / 2;
- else
- adinlen = td->adinlen;
-
- /* Generate with no PR and verify output matches expected data */
- if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
- td->adin, adinlen))
- goto err;
-
- if (memcmp(randout, td->kat, td->katlen))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST1_FAILURE);
- goto err2;
- }
- /* If abbreviated POST end of test */
- if (quick)
- {
- rv = 1;
- goto err;
- }
- /* Reseed DRBG with test entropy and additional input */
- t.ent = td->entreseed;
- t.entlen = td->entreseedlen;
-
- if (!FIPS_drbg_reseed(dctx, td->adinreseed, td->adinreseedlen))
- goto err;
-
- /* Generate with no PR and verify output matches expected data */
- if (!FIPS_drbg_generate(dctx, randout, td->kat2len, 0,
- td->adin2, td->adin2len))
- goto err;
-
- if (memcmp(randout, td->kat2, td->kat2len))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST2_FAILURE);
- goto err2;
- }
-
- FIPS_drbg_uninstantiate(dctx);
-
- /* Now test with PR */
-
- /* Instantiate DRBG with test entropy, nonce and personalisation
- * string.
- */
- if (!FIPS_drbg_init(dctx, td->nid, td->flags))
- return 0;
- if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
- return 0;
-
- FIPS_drbg_set_app_data(dctx, &t);
-
- t.ent = td->ent_pr;
- t.entlen = td->entlen_pr;
- t.nonce = td->nonce_pr;
- t.noncelen = td->noncelen_pr;
- t.entcnt = 0;
- t.noncecnt = 0;
-
- if (!FIPS_drbg_instantiate(dctx, td->pers_pr, td->perslen_pr))
- goto err;
-
- /* Now generate with PR: we need to supply entropy as this will
- * perform a reseed operation. Check output matches expected value.
- */
-
- t.ent = td->entpr_pr;
- t.entlen = td->entprlen_pr;
-
- /* Note for CTR without DF some additional input values
- * ignore bytes after the keylength: so reduce adinlen
- * to half to ensure invalid data is fed in.
- */
- if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
- adinlen = td->adinlen_pr / 2;
- else
- adinlen = td->adinlen_pr;
- if (!FIPS_drbg_generate(dctx, randout, td->katlen_pr, 1,
- td->adin_pr, adinlen))
- goto err;
-
- if (memcmp(randout, td->kat_pr, td->katlen_pr))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST1_FAILURE);
- goto err2;
- }
-
- /* Now generate again with PR: supply new entropy again.
- * Check output matches expected value.
- */
-
- t.ent = td->entg_pr;
- t.entlen = td->entglen_pr;
-
- if (!FIPS_drbg_generate(dctx, randout, td->kat2len_pr, 1,
- td->ading_pr, td->adinglen_pr))
- goto err;
-
- if (memcmp(randout, td->kat2_pr, td->kat2len_pr))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST2_FAILURE);
- goto err2;
- }
- /* All OK, test complete */
- rv = 1;
-
- err:
- if (rv == 0)
- FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED);
- err2:
- FIPS_drbg_uninstantiate(dctx);
-
- return rv;
-
- }
-
-/* Initialise a DRBG based on selftest data */
-
-static int do_drbg_init(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td, TEST_ENT *t)
- {
-
- if (!FIPS_drbg_init(dctx, td->nid, td->flags))
- return 0;
-
- if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
- return 0;
-
- FIPS_drbg_set_app_data(dctx, t);
-
- t->ent = td->ent;
- t->entlen = td->entlen;
- t->nonce = td->nonce;
- t->noncelen = td->noncelen;
- t->entcnt = 0;
- t->noncecnt = 0;
- return 1;
- }
-
-/* Initialise and instantiate DRBG based on selftest data */
-static int do_drbg_instantiate(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
- TEST_ENT *t)
- {
- if (!do_drbg_init(dctx, td, t))
- return 0;
- if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
- return 0;
-
- return 1;
- }
-
-/* This function performs extensive error checking as required by SP800-90.
- * Induce several failure modes and check an error condition is set.
- * This function along with fips_drbg_single_kat peforms the health checking
- * operation.
- */
-
-static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
- {
- unsigned char randout[1024];
- TEST_ENT t;
- size_t i;
- unsigned int reseed_counter_tmp;
- unsigned char *p = (unsigned char *)dctx;
-
- /* Initialise DRBG */
-
- if (!do_drbg_init(dctx, td, &t))
- goto err;
-
- /* Don't report induced errors */
- dctx->iflags |= DRBG_FLAG_NOERR;
-
- /* Personalisation string tests */
-
- /* Test detection of too large personlisation string */
-
- if (FIPS_drbg_instantiate(dctx, td->pers, dctx->max_pers + 1) > 0)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_PERSONALISATION_ERROR_UNDETECTED);
- goto err;
- }
-
- /* Entropy source tests */
-
- /* Test entropy source failure detecion: i.e. returns no data */
-
- t.entlen = 0;
-
- if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
- goto err;
- }
-
- /* Try to generate output from uninstantiated DRBG */
- if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
- td->adin, td->adinlen))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_GENERATE_ERROR_UNDETECTED);
- goto err;
- }
-
- dctx->iflags &= ~DRBG_FLAG_NOERR;
- if (!FIPS_drbg_uninstantiate(dctx))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
- goto err;
- }
-
- if (!do_drbg_init(dctx, td, &t))
- goto err;
-
- dctx->iflags |= DRBG_FLAG_NOERR;
-
- /* Test insufficient entropy */
-
- t.entlen = dctx->min_entropy - 1;
-
- if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
- goto err;
- }
-
- dctx->iflags &= ~DRBG_FLAG_NOERR;
- if (!FIPS_drbg_uninstantiate(dctx))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
- goto err;
- }
-
- /* Test too much entropy */
-
- if (!do_drbg_init(dctx, td, &t))
- goto err;
-
- dctx->iflags |= DRBG_FLAG_NOERR;
-
- t.entlen = dctx->max_entropy + 1;
-
- if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
- goto err;
- }
-
- dctx->iflags &= ~DRBG_FLAG_NOERR;
- if (!FIPS_drbg_uninstantiate(dctx))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
- goto err;
- }
-
- /* Nonce tests */
-
- /* Test too small nonce */
-
- if (dctx->min_nonce)
- {
-
- if (!do_drbg_init(dctx, td, &t))
- goto err;
-
- dctx->iflags |= DRBG_FLAG_NOERR;
-
- t.noncelen = dctx->min_nonce - 1;
-
- if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_NONCE_ERROR_UNDETECTED);
- goto err;
- }
-
- dctx->iflags &= ~DRBG_FLAG_NOERR;
- if (!FIPS_drbg_uninstantiate(dctx))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
- goto err;
- }
-
- }
-
- /* Test too large nonce */
-
- if (dctx->max_nonce)
- {
-
- if (!do_drbg_init(dctx, td, &t))
- goto err;
-
- dctx->iflags |= DRBG_FLAG_NOERR;
-
- t.noncelen = dctx->max_nonce + 1;
-
- if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_NONCE_ERROR_UNDETECTED);
- goto err;
- }
-
- dctx->iflags &= ~DRBG_FLAG_NOERR;
- if (!FIPS_drbg_uninstantiate(dctx))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
- goto err;
- }
-
- }
-
- /* Instantiate with valid data. */
- if (!do_drbg_instantiate(dctx, td, &t))
- goto err;
-
- /* Check generation is now OK */
- if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
- td->adin, td->adinlen))
- goto err;
-
- dctx->iflags |= DRBG_FLAG_NOERR;
-
- /* Request too much data for one request */
- if (FIPS_drbg_generate(dctx, randout, dctx->max_request + 1, 0,
- td->adin, td->adinlen))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED);
- goto err;
- }
-
- /* Try too large additional input */
- if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
- td->adin, dctx->max_adin + 1))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
- goto err;
- }
-
- /* Check prediction resistance request fails if entropy source
- * failure.
- */
-
- t.entlen = 0;
-
- if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
- td->adin, td->adinlen))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
- goto err;
- }
-
- dctx->iflags &= ~DRBG_FLAG_NOERR;
- if (!FIPS_drbg_uninstantiate(dctx))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
- goto err;
- }
-
-
- /* Instantiate again with valid data */
-
- if (!do_drbg_instantiate(dctx, td, &t))
- goto err;
- /* Test reseed counter works */
- /* Save initial reseed counter */
- reseed_counter_tmp = dctx->reseed_counter;
- /* Set reseed counter to beyond interval */
- dctx->reseed_counter = dctx->reseed_interval;
-
- /* Generate output and check entropy has been requested for reseed */
- t.entcnt = 0;
- if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
- td->adin, td->adinlen))
- goto err;
- if (t.entcnt != 1)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
- goto err;
- }
- /* Check reseed counter has been reset */
- if (dctx->reseed_counter != reseed_counter_tmp + 1)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
- goto err;
- }
-
- dctx->iflags &= ~DRBG_FLAG_NOERR;
- if (!FIPS_drbg_uninstantiate(dctx))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
- goto err;
- }
-
- /* Check prediction resistance request fails if entropy source
- * failure.
- */
-
- t.entlen = 0;
-
- dctx->iflags |= DRBG_FLAG_NOERR;
- if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
- td->adin, td->adinlen))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
- goto err;
- }
-
- dctx->iflags &= ~DRBG_FLAG_NOERR;
-
- if (!FIPS_drbg_uninstantiate(dctx))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
- goto err;
- }
-
-
- if (!do_drbg_instantiate(dctx, td, &t))
- goto err;
- /* Test reseed counter works */
- /* Save initial reseed counter */
- reseed_counter_tmp = dctx->reseed_counter;
- /* Set reseed counter to beyond interval */
- dctx->reseed_counter = dctx->reseed_interval;
-
- /* Generate output and check entropy has been requested for reseed */
- t.entcnt = 0;
- if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
- td->adin, td->adinlen))
- goto err;
- if (t.entcnt != 1)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
- goto err;
- }
- /* Check reseed counter has been reset */
- if (dctx->reseed_counter != reseed_counter_tmp + 1)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
- goto err;
- }
-
- dctx->iflags &= ~DRBG_FLAG_NOERR;
- if (!FIPS_drbg_uninstantiate(dctx))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
- goto err;
- }
-
- /* Explicit reseed tests */
-
- /* Test explicit reseed with too large additional input */
- if (!do_drbg_init(dctx, td, &t))
- goto err;
-
- dctx->iflags |= DRBG_FLAG_NOERR;
-
- if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
- goto err;
- }
-
- /* Test explicit reseed with entropy source failure */
-
- t.entlen = 0;
-
- if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
- goto err;
- }
-
- if (!FIPS_drbg_uninstantiate(dctx))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
- goto err;
- }
-
- /* Test explicit reseed with too much entropy */
-
- if (!do_drbg_init(dctx, td, &t))
- goto err;
-
- dctx->iflags |= DRBG_FLAG_NOERR;
-
- t.entlen = dctx->max_entropy + 1;
-
- if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
- goto err;
- }
-
- if (!FIPS_drbg_uninstantiate(dctx))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
- goto err;
- }
-
- /* Test explicit reseed with too little entropy */
-
- if (!do_drbg_init(dctx, td, &t))
- goto err;
-
- dctx->iflags |= DRBG_FLAG_NOERR;
-
- t.entlen = dctx->min_entropy - 1;
-
- if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
- goto err;
- }
-
- if (!FIPS_drbg_uninstantiate(dctx))
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
- goto err;
- }
-
- p = (unsigned char *)&dctx->d;
- /* Standard says we have to check uninstantiate really zeroes
- * the data...
- */
- for (i = 0; i < sizeof(dctx->d); i++)
- {
- if (*p != 0)
- {
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ZEROISE_ERROR);
- goto err;
- }
- p++;
- }
-
- return 1;
-
- err:
- /* A real error as opposed to an induced one: underlying function will
- * indicate the error.
- */
- if (!(dctx->iflags & DRBG_FLAG_NOERR))
- FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_FUNCTION_ERROR);
- FIPS_drbg_uninstantiate(dctx);
- return 0;
-
- }
-
-int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags)
- {
- DRBG_SELFTEST_DATA *td;
- flags |= DRBG_FLAG_TEST;
- for (td = drbg_test; td->nid != 0; td++)
- {
- if (td->nid == nid && td->flags == flags)
- {
- if (!fips_drbg_single_kat(dctx, td, 0))
- return 0;
- return fips_drbg_error_check(dctx, td);
- }
- }
- return 0;
- }
-
-int FIPS_drbg_health_check(DRBG_CTX *dctx)
- {
- int rv;
- DRBG_CTX *tctx = NULL;
- tctx = FIPS_drbg_new(0, 0);
- fips_post_started(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
- if (!tctx)
- return 0;
- rv = fips_drbg_kat(tctx, dctx->type, dctx->xflags);
- if (tctx)
- FIPS_drbg_free(tctx);
- if (rv)
- fips_post_success(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
- else
- fips_post_failed(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
- if (!rv)
- dctx->status = DRBG_STATUS_ERROR;
- else
- dctx->health_check_cnt = 0;
- return rv;
- }
-
-int FIPS_selftest_drbg(void)
- {
- DRBG_CTX *dctx;
- DRBG_SELFTEST_DATA *td;
- int rv = 1;
- dctx = FIPS_drbg_new(0, 0);
- if (!dctx)
- return 0;
- for (td = drbg_test; td->nid != 0; td++)
- {
- if (td->post != 1)
- continue;
- if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
- return 1;
- if (!fips_drbg_single_kat(dctx, td, 1))
- {
- fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
- rv = 0;
- continue;
- }
- if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
- return 0;
- }
- FIPS_drbg_free(dctx);
- return rv;
- }
-
-
-int FIPS_selftest_drbg_all(void)
- {
- DRBG_CTX *dctx;
- DRBG_SELFTEST_DATA *td;
- int rv = 1;
- dctx = FIPS_drbg_new(0, 0);
- if (!dctx)
- return 0;
- for (td = drbg_test; td->nid != 0; td++)
- {
- if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
- return 1;
- if (!fips_drbg_single_kat(dctx, td, 0))
- {
- fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
- rv = 0;
- continue;
- }
- if (!fips_drbg_error_check(dctx, td))
- {
- fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
- rv = 0;
- continue;
- }
- if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
- return 0;
- }
- FIPS_drbg_free(dctx);
- return rv;
- }
-
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-/* Selftest and health check data for the SP800-90 DRBG */
-
-
-/* AES-128 use df PR */
-__fips_constseg
-static const unsigned char aes_128_use_df_pr_entropyinput[] =
- {
- 0x61,0x52,0x7c,0xe3,0x23,0x7d,0x0a,0x07,0x10,0x0c,0x50,0x33,
- 0xc8,0xdb,0xff,0x12
- };
-
-__fips_constseg
-static const unsigned char aes_128_use_df_pr_nonce[] =
- {
- 0x51,0x0d,0x85,0x77,0xed,0x22,0x97,0x28
- };
-
-__fips_constseg
-static const unsigned char aes_128_use_df_pr_personalizationstring[] =
- {
- 0x59,0x9f,0xbb,0xcd,0xd5,0x25,0x69,0xb5,0xcb,0xb5,0x03,0xfe,
- 0xd7,0xd7,0x01,0x67
- };
-
-__fips_constseg
-static const unsigned char aes_128_use_df_pr_additionalinput[] =
- {
- 0xef,0x88,0x76,0x01,0xaf,0x3c,0xfe,0x8b,0xaf,0x26,0x06,0x9e,
- 0x9a,0x47,0x08,0x76
- };
-
-__fips_constseg
-static const unsigned char aes_128_use_df_pr_entropyinputpr[] =
- {
- 0xe2,0x76,0xf9,0xf6,0x3a,0xba,0x10,0x9f,0xbf,0x47,0x0e,0x51,
- 0x09,0xfb,0xa3,0xb6
- };
-
-__fips_constseg
-static const unsigned char aes_128_use_df_pr_int_returnedbits[] =
- {
- 0xd4,0x98,0x8a,0x46,0x80,0x4c,0xdb,0xa3,0x59,0x02,0x57,0x52,
- 0x66,0x1c,0xea,0x5b
- };
-
-__fips_constseg
-static const unsigned char aes_128_use_df_pr_additionalinput2[] =
- {
- 0x88,0x8c,0x91,0xd6,0xbe,0x56,0x6e,0x08,0x9a,0x62,0x2b,0x11,
- 0x3f,0x5e,0x31,0x06
- };
-
-__fips_constseg
-static const unsigned char aes_128_use_df_pr_entropyinputpr2[] =
- {
- 0xc0,0x5c,0x6b,0x98,0x01,0x0d,0x58,0x18,0x51,0x18,0x96,0xae,
- 0xa7,0xe3,0xa8,0x67
- };
-
-__fips_constseg
-static const unsigned char aes_128_use_df_pr_returnedbits[] =
- {
- 0xcf,0x01,0xac,0x22,0x31,0x06,0x8e,0xfc,0xce,0x56,0xea,0x24,
- 0x0f,0x38,0x43,0xc6
- };
-
-
-/* AES-128 use df No PR */
-__fips_constseg
-static const unsigned char aes_128_use_df_entropyinput[] =
- {
- 0x1f,0x8e,0x34,0x82,0x0c,0xb7,0xbe,0xc5,0x01,0x3e,0xd0,0xa3,
- 0x9d,0x7d,0x1c,0x9b
- };
-
-__fips_constseg
-static const unsigned char aes_128_use_df_nonce[] =
- {
- 0xd5,0x4d,0xbd,0x4a,0x93,0x7f,0xb8,0x96
- };
-
-__fips_constseg
-static const unsigned char aes_128_use_df_personalizationstring[] =
- {
- 0xab,0xd6,0x3f,0x04,0xfe,0x27,0x6b,0x2d,0xd7,0xc3,0x1c,0xf3,
- 0x38,0x66,0xba,0x1b
- };
-
-__fips_constseg
-static const unsigned char aes_128_use_df_additionalinput[] =
- {
- 0xfe,0xf4,0x09,0xa8,0xb7,0x73,0x27,0x9c,0x5f,0xa7,0xea,0x46,
- 0xb5,0xe2,0xb2,0x41
- };
-
-__fips_constseg
-static const unsigned char aes_128_use_df_int_returnedbits[] =
- {
- 0x42,0xe4,0x4e,0x7b,0x27,0xdd,0xcb,0xbc,0x0a,0xcf,0xa6,0x67,
- 0xe7,0x57,0x11,0xb4
- };
-
-__fips_constseg
-static const unsigned char aes_128_use_df_entropyinputreseed[] =
- {
- 0x14,0x26,0x69,0xd9,0xf3,0x65,0x03,0xd6,0x6b,0xb9,0x44,0x0b,
- 0xc7,0xc4,0x9e,0x39
- };
-
-__fips_constseg
-static const unsigned char aes_128_use_df_additionalinputreseed[] =
- {
- 0x55,0x2e,0x60,0x9a,0x05,0x72,0x8a,0xa8,0xef,0x22,0x81,0x5a,
- 0xc8,0x93,0xfa,0x84
- };
-
-__fips_constseg
-static const unsigned char aes_128_use_df_additionalinput2[] =
- {
- 0x3c,0x40,0xc8,0xc4,0x16,0x0c,0x21,0xa4,0x37,0x2c,0x8f,0xa5,
- 0x06,0x0c,0x15,0x2c
- };
-
-__fips_constseg
-static const unsigned char aes_128_use_df_returnedbits[] =
- {
- 0xe1,0x3e,0x99,0x98,0x86,0x67,0x0b,0x63,0x7b,0xbe,0x3f,0x88,
- 0x46,0x81,0xc7,0x19
- };
-
-
-/* AES-192 use df PR */
-__fips_constseg
-static const unsigned char aes_192_use_df_pr_entropyinput[] =
- {
- 0x2b,0x4e,0x8b,0xe1,0xf1,0x34,0x80,0x56,0x81,0xf9,0x74,0xec,
- 0x17,0x44,0x2a,0xf1,0x14,0xb0,0xbf,0x97,0x39,0xb7,0x04,0x7d
- };
-
-__fips_constseg
-static const unsigned char aes_192_use_df_pr_nonce[] =
- {
- 0xd6,0x9d,0xeb,0x14,0x4e,0x6c,0x30,0x1e,0x39,0x55,0x73,0xd0,
- 0xd1,0x80,0x78,0xfa
- };
-
-__fips_constseg
-static const unsigned char aes_192_use_df_pr_personalizationstring[] =
- {
- 0xfc,0x43,0x4a,0xf8,0x9a,0x55,0xb3,0x53,0x83,0xe2,0x18,0x16,
- 0x0c,0xdc,0xcd,0x5e,0x4f,0xa0,0x03,0x01,0x2b,0x9f,0xe4,0xd5,
- 0x7d,0x49,0xf0,0x41,0x9e,0x3d,0x99,0x04
- };
-
-__fips_constseg
-static const unsigned char aes_192_use_df_pr_additionalinput[] =
- {
- 0x5e,0x9f,0x49,0x6f,0x21,0x8b,0x1d,0x32,0xd5,0x84,0x5c,0xac,
- 0xaf,0xdf,0xe4,0x79,0x9e,0xaf,0xa9,0x82,0xd0,0xf8,0x4f,0xcb,
- 0x69,0x10,0x0a,0x7e,0x81,0x57,0xb5,0x36
- };
-
-__fips_constseg
-static const unsigned char aes_192_use_df_pr_entropyinputpr[] =
- {
- 0xd4,0x81,0x0c,0xd7,0x66,0x39,0xec,0x42,0x53,0x87,0x41,0xa5,
- 0x1e,0x7d,0x80,0x91,0x8e,0xbb,0xed,0xac,0x14,0x02,0x1a,0xd5
- };
-
-__fips_constseg
-static const unsigned char aes_192_use_df_pr_int_returnedbits[] =
- {
- 0xdf,0x1d,0x39,0x45,0x7c,0x9b,0xc6,0x2b,0x7d,0x8c,0x93,0xe9,
- 0x19,0x30,0x6b,0x67
- };
-
-__fips_constseg
-static const unsigned char aes_192_use_df_pr_additionalinput2[] =
- {
- 0x00,0x71,0x27,0x4e,0xd3,0x14,0xf1,0x20,0x7f,0x4a,0x41,0x32,
- 0x2a,0x97,0x11,0x43,0x8f,0x4a,0x15,0x7b,0x9b,0x51,0x79,0xda,
- 0x49,0x3d,0xde,0xe8,0xbc,0x93,0x91,0x99
- };
-
-__fips_constseg
-static const unsigned char aes_192_use_df_pr_entropyinputpr2[] =
- {
- 0x90,0xee,0x76,0xa1,0x45,0x8d,0xb7,0x40,0xb0,0x11,0xbf,0xd0,
- 0x65,0xd7,0x3c,0x7c,0x4f,0x20,0x3f,0x4e,0x11,0x9d,0xb3,0x5e
- };
-
-__fips_constseg
-static const unsigned char aes_192_use_df_pr_returnedbits[] =
- {
- 0x24,0x3b,0x20,0xa4,0x37,0x66,0xba,0x72,0x39,0x3f,0xcf,0x3c,
- 0x7e,0x1a,0x2b,0x83
- };
-
-
-/* AES-192 use df No PR */
-__fips_constseg
-static const unsigned char aes_192_use_df_entropyinput[] =
- {
- 0x8d,0x74,0xa4,0x50,0x1a,0x02,0x68,0x0c,0x2a,0x69,0xc4,0x82,
- 0x3b,0xbb,0xda,0x0e,0x7f,0x77,0xa3,0x17,0x78,0x57,0xb2,0x7b
- };
-
-__fips_constseg
-static const unsigned char aes_192_use_df_nonce[] =
- {
- 0x75,0xd5,0x1f,0xac,0xa4,0x8d,0x42,0x78,0xd7,0x69,0x86,0x9d,
- 0x77,0xd7,0x41,0x0e
- };
-
-__fips_constseg
-static const unsigned char aes_192_use_df_personalizationstring[] =
- {
- 0x4e,0x33,0x41,0x3c,0x9c,0xc2,0xd2,0x53,0xaf,0x90,0xea,0xcf,
- 0x19,0x50,0x1e,0xe6,0x6f,0x63,0xc8,0x32,0x22,0xdc,0x07,0x65,
- 0x9c,0xd3,0xf8,0x30,0x9e,0xed,0x35,0x70
- };
-
-__fips_constseg
-static const unsigned char aes_192_use_df_additionalinput[] =
- {
- 0x5d,0x8b,0x8c,0xc1,0xdf,0x0e,0x02,0x78,0xfb,0x19,0xb8,0x69,
- 0x78,0x4e,0x9c,0x52,0xbc,0xc7,0x20,0xc9,0xe6,0x5e,0x77,0x22,
- 0x28,0x3d,0x0c,0x9e,0x68,0xa8,0x45,0xd7
- };
-
-__fips_constseg
-static const unsigned char aes_192_use_df_int_returnedbits[] =
- {
- 0xd5,0xe7,0x08,0xc5,0x19,0x99,0xd5,0x31,0x03,0x0a,0x74,0xb6,
- 0xb7,0xed,0xe9,0xea
- };
-
-__fips_constseg
-static const unsigned char aes_192_use_df_entropyinputreseed[] =
- {
- 0x9c,0x26,0xda,0xf1,0xac,0xd9,0x5a,0xd6,0xa8,0x65,0xf5,0x02,
- 0x8f,0xdc,0xa2,0x09,0x54,0xa6,0xe2,0xa4,0xde,0x32,0xe0,0x01
- };
-
-__fips_constseg
-static const unsigned char aes_192_use_df_additionalinputreseed[] =
- {
- 0x9b,0x90,0xb0,0x3a,0x0e,0x3a,0x80,0x07,0x4a,0xf4,0xda,0x76,
- 0x28,0x30,0x3c,0xee,0x54,0x1b,0x94,0x59,0x51,0x43,0x56,0x77,
- 0xaf,0x88,0xdd,0x63,0x89,0x47,0x06,0x65
- };
-
-__fips_constseg
-static const unsigned char aes_192_use_df_additionalinput2[] =
- {
- 0x3c,0x11,0x64,0x7a,0x96,0xf5,0xd8,0xb8,0xae,0xd6,0x70,0x4e,
- 0x16,0x96,0xde,0xe9,0x62,0xbc,0xee,0x28,0x2f,0x26,0xa6,0xf0,
- 0x56,0xef,0xa3,0xf1,0x6b,0xa1,0xb1,0x77
- };
-
-__fips_constseg
-static const unsigned char aes_192_use_df_returnedbits[] =
- {
- 0x0b,0xe2,0x56,0x03,0x1e,0xdb,0x2c,0x6d,0x7f,0x1b,0x15,0x58,
- 0x1a,0xf9,0x13,0x28
- };
-
-
-/* AES-256 use df PR */
-__fips_constseg
-static const unsigned char aes_256_use_df_pr_entropyinput[] =
- {
- 0x61,0x68,0xfc,0x1a,0xf0,0xb5,0x95,0x6b,0x85,0x09,0x9b,0x74,
- 0x3f,0x13,0x78,0x49,0x3b,0x85,0xec,0x93,0x13,0x3b,0xa9,0x4f,
- 0x96,0xab,0x2c,0xe4,0xc8,0x8f,0xdd,0x6a
- };
-
-__fips_constseg
-static const unsigned char aes_256_use_df_pr_nonce[] =
- {
- 0xad,0xd2,0xbb,0xba,0xb7,0x65,0x89,0xc3,0x21,0x6c,0x55,0x33,
- 0x2b,0x36,0xff,0xa4
- };
-
-__fips_constseg
-static const unsigned char aes_256_use_df_pr_personalizationstring[] =
- {
- 0x6e,0xca,0xe7,0x20,0x72,0xd3,0x84,0x5a,0x32,0xd3,0x4b,0x24,
- 0x72,0xc4,0x63,0x2b,0x9d,0x12,0x24,0x0c,0x23,0x26,0x8e,0x83,
- 0x16,0x37,0x0b,0xd1,0x06,0x4f,0x68,0x6d
- };
-
-__fips_constseg
-static const unsigned char aes_256_use_df_pr_additionalinput[] =
- {
- 0x7e,0x08,0x4a,0xbb,0xe3,0x21,0x7c,0xc9,0x23,0xd2,0xf8,0xb0,
- 0x73,0x98,0xba,0x84,0x74,0x23,0xab,0x06,0x8a,0xe2,0x22,0xd3,
- 0x7b,0xce,0x9b,0xd2,0x4a,0x76,0xb8,0xde
- };
-
-__fips_constseg
-static const unsigned char aes_256_use_df_pr_entropyinputpr[] =
- {
- 0x0b,0x23,0xaf,0xdf,0xf1,0x62,0xd7,0xd3,0x43,0x97,0xf8,0x77,
- 0x04,0xa8,0x42,0x20,0xbd,0xf6,0x0f,0xc1,0x17,0x2f,0x9f,0x54,
- 0xbb,0x56,0x17,0x86,0x68,0x0e,0xba,0xa9
- };
-
-__fips_constseg
-static const unsigned char aes_256_use_df_pr_int_returnedbits[] =
- {
- 0x31,0x8e,0xad,0xaf,0x40,0xeb,0x6b,0x74,0x31,0x46,0x80,0xc7,
- 0x17,0xab,0x3c,0x7a
- };
-
-__fips_constseg
-static const unsigned char aes_256_use_df_pr_additionalinput2[] =
- {
- 0x94,0x6b,0xc9,0x9f,0xab,0x8d,0xc5,0xec,0x71,0x88,0x1d,0x00,
- 0x8c,0x89,0x68,0xe4,0xc8,0x07,0x77,0x36,0x17,0x6d,0x79,0x78,
- 0xc7,0x06,0x4e,0x99,0x04,0x28,0x29,0xc3
- };
-
-__fips_constseg
-static const unsigned char aes_256_use_df_pr_entropyinputpr2[] =
- {
- 0xbf,0x6c,0x59,0x2a,0x0d,0x44,0x0f,0xae,0x9a,0x5e,0x03,0x73,
- 0xd8,0xa6,0xe1,0xcf,0x25,0x61,0x38,0x24,0x86,0x9e,0x53,0xe8,
- 0xa4,0xdf,0x56,0xf4,0x06,0x07,0x9c,0x0f
- };
-
-__fips_constseg
-static const unsigned char aes_256_use_df_pr_returnedbits[] =
- {
- 0x22,0x4a,0xb4,0xb8,0xb6,0xee,0x7d,0xb1,0x9e,0xc9,0xf9,0xa0,
- 0xd9,0xe2,0x97,0x00
- };
-
-
-/* AES-256 use df No PR */
-__fips_constseg
-static const unsigned char aes_256_use_df_entropyinput[] =
- {
- 0xa5,0x3e,0x37,0x10,0x17,0x43,0x91,0x93,0x59,0x1e,0x47,0x50,
- 0x87,0xaa,0xdd,0xd5,0xc1,0xc3,0x86,0xcd,0xca,0x0d,0xdb,0x68,
- 0xe0,0x02,0xd8,0x0f,0xdc,0x40,0x1a,0x47
- };
-
-__fips_constseg
-static const unsigned char aes_256_use_df_nonce[] =
- {
- 0xa9,0x4d,0xa5,0x5a,0xfd,0xc5,0x0c,0xe5,0x1c,0x9a,0x3b,0x8a,
- 0x4c,0x44,0x84,0x40
- };
-
-__fips_constseg
-static const unsigned char aes_256_use_df_personalizationstring[] =
- {
- 0x8b,0x52,0xa2,0x4a,0x93,0xc3,0x4e,0xa7,0x1e,0x1c,0xa7,0x05,
- 0xeb,0x82,0x9b,0xa6,0x5d,0xe4,0xd4,0xe0,0x7f,0xa3,0xd8,0x6b,
- 0x37,0x84,0x5f,0xf1,0xc7,0xd5,0xf6,0xd2
- };
-
-__fips_constseg
-static const unsigned char aes_256_use_df_additionalinput[] =
- {
- 0x20,0xf4,0x22,0xed,0xf8,0x5c,0xa1,0x6a,0x01,0xcf,0xbe,0x5f,
- 0x8d,0x6c,0x94,0x7f,0xae,0x12,0xa8,0x57,0xdb,0x2a,0xa9,0xbf,
- 0xc7,0xb3,0x65,0x81,0x80,0x8d,0x0d,0x46
- };
-
-__fips_constseg
-static const unsigned char aes_256_use_df_int_returnedbits[] =
- {
- 0x4e,0x44,0xfd,0xf3,0x9e,0x29,0xa2,0xb8,0x0f,0x5d,0x6c,0xe1,
- 0x28,0x0c,0x3b,0xc1
- };
-
-__fips_constseg
-static const unsigned char aes_256_use_df_entropyinputreseed[] =
- {
- 0xdd,0x40,0xe5,0x98,0x7b,0x27,0x16,0x73,0x15,0x68,0xd2,0x76,
- 0xbf,0x0c,0x67,0x15,0x75,0x79,0x03,0xd3,0xde,0xde,0x91,0x46,
- 0x42,0xdd,0xd4,0x67,0xc8,0x79,0xc8,0x1e
- };
-
-__fips_constseg
-static const unsigned char aes_256_use_df_additionalinputreseed[] =
- {
- 0x7f,0xd8,0x1f,0xbd,0x2a,0xb5,0x1c,0x11,0x5d,0x83,0x4e,0x99,
- 0xf6,0x5c,0xa5,0x40,0x20,0xed,0x38,0x8e,0xd5,0x9e,0xe0,0x75,
- 0x93,0xfe,0x12,0x5e,0x5d,0x73,0xfb,0x75
- };
-
-__fips_constseg
-static const unsigned char aes_256_use_df_additionalinput2[] =
- {
- 0xcd,0x2c,0xff,0x14,0x69,0x3e,0x4c,0x9e,0xfd,0xfe,0x26,0x0d,
- 0xe9,0x86,0x00,0x49,0x30,0xba,0xb1,0xc6,0x50,0x57,0x77,0x2a,
- 0x62,0x39,0x2c,0x3b,0x74,0xeb,0xc9,0x0d
- };
-
-__fips_constseg
-static const unsigned char aes_256_use_df_returnedbits[] =
- {
- 0x4f,0x78,0xbe,0xb9,0x4d,0x97,0x8c,0xe9,0xd0,0x97,0xfe,0xad,
- 0xfa,0xfd,0x35,0x5e
- };
-
-
-/* AES-128 no df PR */
-__fips_constseg
-static const unsigned char aes_128_no_df_pr_entropyinput[] =
- {
- 0x9a,0x25,0x65,0x10,0x67,0xd5,0xb6,0x6b,0x70,0xa1,0xb3,0xa4,
- 0x43,0x95,0x80,0xc0,0x84,0x0a,0x79,0xb0,0x88,0x74,0xf2,0xbf,
- 0x31,0x6c,0x33,0x38,0x0b,0x00,0xb2,0x5a
- };
-
-__fips_constseg
-static const unsigned char aes_128_no_df_pr_nonce[] =
- {
- 0x78,0x47,0x6b,0xf7,0x90,0x8e,0x87,0xf1
- };
-
-__fips_constseg
-static const unsigned char aes_128_no_df_pr_personalizationstring[] =
- {
- 0xf7,0x22,0x1d,0x3a,0xbe,0x1d,0xca,0x32,0x1b,0xbd,0x87,0x0c,
- 0x51,0x24,0x19,0xee,0xa3,0x23,0x09,0x63,0x33,0x3d,0xa8,0x0c,
- 0x1c,0xfa,0x42,0x89,0xcc,0x6f,0xa0,0xa8
- };
-
-__fips_constseg
-static const unsigned char aes_128_no_df_pr_additionalinput[] =
- {
- 0xc9,0xe0,0x80,0xbf,0x8c,0x45,0x58,0x39,0xff,0x00,0xab,0x02,
- 0x4c,0x3e,0x3a,0x95,0x9b,0x80,0xa8,0x21,0x2a,0xee,0xba,0x73,
- 0xb1,0xd9,0xcf,0x28,0xf6,0x8f,0x9b,0x12
- };
-
-__fips_constseg
-static const unsigned char aes_128_no_df_pr_entropyinputpr[] =
- {
- 0x4c,0xa8,0xc5,0xf0,0x59,0x9e,0xa6,0x8d,0x26,0x53,0xd7,0x8a,
- 0xa9,0xd8,0xf7,0xed,0xb2,0xf9,0x12,0x42,0xe1,0xe5,0xbd,0xe7,
- 0xe7,0x1d,0x74,0x99,0x00,0x9d,0x31,0x3e
- };
-
-__fips_constseg
-static const unsigned char aes_128_no_df_pr_int_returnedbits[] =
- {
- 0xe2,0xac,0x20,0xf0,0x80,0xe7,0xbc,0x7e,0x9c,0x7b,0x65,0x71,
- 0xaf,0x19,0x32,0x16
- };
-
-__fips_constseg
-static const unsigned char aes_128_no_df_pr_additionalinput2[] =
- {
- 0x32,0x7f,0x38,0x8b,0x73,0x0a,0x78,0x83,0xdc,0x30,0xbe,0x9f,
- 0x10,0x1f,0xf5,0x1f,0xca,0x00,0xb5,0x0d,0xd6,0x9d,0x60,0x83,
- 0x51,0x54,0x7d,0x38,0x23,0x3a,0x52,0x50
- };
-
-__fips_constseg
-static const unsigned char aes_128_no_df_pr_entropyinputpr2[] =
- {
- 0x18,0x61,0x53,0x56,0xed,0xed,0xd7,0x20,0xfb,0x71,0x04,0x7a,
- 0xb2,0xac,0xc1,0x28,0xcd,0xf2,0xc2,0xfc,0xaa,0xb1,0x06,0x07,
- 0xe9,0x46,0x95,0x02,0x48,0x01,0x78,0xf9
- };
-
-__fips_constseg
-static const unsigned char aes_128_no_df_pr_returnedbits[] =
- {
- 0x29,0xc8,0x1b,0x15,0xb1,0xd1,0xc2,0xf6,0x71,0x86,0x68,0x33,
- 0x57,0x82,0x33,0xaf
- };
-
-
-/* AES-128 no df No PR */
-__fips_constseg
-static const unsigned char aes_128_no_df_entropyinput[] =
- {
- 0xc9,0xc5,0x79,0xbc,0xe8,0xc5,0x19,0xd8,0xbc,0x66,0x73,0x67,
- 0xf6,0xd3,0x72,0xaa,0xa6,0x16,0xb8,0x50,0xb7,0x47,0x3a,0x42,
- 0xab,0xf4,0x16,0xb2,0x96,0xd2,0xb6,0x60
- };
-
-__fips_constseg
-static const unsigned char aes_128_no_df_nonce[] =
- {
- 0x5f,0xbf,0x97,0x0c,0x4b,0xa4,0x87,0x13
- };
-
-__fips_constseg
-static const unsigned char aes_128_no_df_personalizationstring[] =
- {
- 0xce,0xfb,0x7b,0x3f,0xd4,0x6b,0x29,0x0d,0x69,0x06,0xff,0xbb,
- 0xf2,0xe5,0xc6,0x6c,0x0a,0x10,0xa0,0xcf,0x1a,0x48,0xc7,0x8b,
- 0x3c,0x16,0x88,0xed,0x50,0x13,0x81,0xce
- };
-
-__fips_constseg
-static const unsigned char aes_128_no_df_additionalinput[] =
- {
- 0x4b,0x22,0x46,0x18,0x02,0x7b,0xd2,0x1b,0x22,0x42,0x7c,0x37,
- 0xd9,0xf6,0xe8,0x9b,0x12,0x30,0x5f,0xe9,0x90,0xe8,0x08,0x24,
- 0x4f,0x06,0x66,0xdb,0x19,0x2b,0x13,0x95
- };
-
-__fips_constseg
-static const unsigned char aes_128_no_df_int_returnedbits[] =
- {
- 0x2e,0x96,0x70,0x64,0xfa,0xdf,0xdf,0x57,0xb5,0x82,0xee,0xd6,
- 0xed,0x3e,0x65,0xc2
- };
-
-__fips_constseg
-static const unsigned char aes_128_no_df_entropyinputreseed[] =
- {
- 0x26,0xc0,0x72,0x16,0x3a,0x4b,0xb7,0x99,0xd4,0x07,0xaf,0x66,
- 0x62,0x36,0x96,0xa4,0x51,0x17,0xfa,0x07,0x8b,0x17,0x5e,0xa1,
- 0x2f,0x3c,0x10,0xe7,0x90,0xd0,0x46,0x00
- };
-
-__fips_constseg
-static const unsigned char aes_128_no_df_additionalinputreseed[] =
- {
- 0x83,0x39,0x37,0x7b,0x02,0x06,0xd2,0x12,0x13,0x8d,0x8b,0xf2,
- 0xf0,0xf6,0x26,0xeb,0xa4,0x22,0x7b,0xc2,0xe7,0xba,0x79,0xe4,
- 0x3b,0x77,0x5d,0x4d,0x47,0xb2,0x2d,0xb4
- };
-
-__fips_constseg
-static const unsigned char aes_128_no_df_additionalinput2[] =
- {
- 0x0b,0xb9,0x67,0x37,0xdb,0x83,0xdf,0xca,0x81,0x8b,0xf9,0x3f,
- 0xf1,0x11,0x1b,0x2f,0xf0,0x61,0xa6,0xdf,0xba,0xa3,0xb1,0xac,
- 0xd3,0xe6,0x09,0xb8,0x2c,0x6a,0x67,0xd6
- };
-
-__fips_constseg
-static const unsigned char aes_128_no_df_returnedbits[] =
- {
- 0x1e,0xa7,0xa4,0xe4,0xe1,0xa6,0x7c,0x69,0x9a,0x44,0x6c,0x36,
- 0x81,0x37,0x19,0xd4
- };
-
-
-/* AES-192 no df PR */
-__fips_constseg
-static const unsigned char aes_192_no_df_pr_entropyinput[] =
- {
- 0x9d,0x2c,0xd2,0x55,0x66,0xea,0xe0,0xbe,0x18,0xb7,0x76,0xe7,
- 0x73,0x35,0xd8,0x1f,0xad,0x3a,0xe3,0x81,0x0e,0x92,0xd0,0x61,
- 0xc9,0x12,0x26,0xf6,0x1c,0xdf,0xfe,0x47,0xaa,0xfe,0x7d,0x5a,
- 0x17,0x1f,0x8d,0x9a
- };
-
-__fips_constseg
-static const unsigned char aes_192_no_df_pr_nonce[] =
- {
- 0x44,0x82,0xed,0xe8,0x4c,0x28,0x5a,0x14,0xff,0x88,0x8d,0x19,
- 0x61,0x5c,0xee,0x0f
- };
-
-__fips_constseg
-static const unsigned char aes_192_no_df_pr_personalizationstring[] =
- {
- 0x47,0xd7,0x9b,0x99,0xaa,0xcb,0xe7,0xd2,0x57,0x66,0x2c,0xe1,
- 0x78,0xd6,0x2c,0xea,0xa3,0x23,0x5f,0x2a,0xc1,0x3a,0xf0,0xa4,
- 0x20,0x3b,0xfa,0x07,0xd5,0x05,0x02,0xe4,0x57,0x01,0xb6,0x10,
- 0x57,0x2e,0xe7,0x55
- };
-
-__fips_constseg
-static const unsigned char aes_192_no_df_pr_additionalinput[] =
- {
- 0x4b,0x74,0x0b,0x40,0xce,0x6b,0xc2,0x6a,0x24,0xb4,0xf3,0xad,
- 0x7a,0xa5,0x7a,0xa2,0x15,0xe2,0xc8,0x61,0x15,0xc6,0xb7,0x85,
- 0x69,0x11,0xad,0x7b,0x14,0xd2,0xf6,0x12,0xa1,0x95,0x5d,0x3f,
- 0xe2,0xd0,0x0c,0x2f
- };
-
-__fips_constseg
-static const unsigned char aes_192_no_df_pr_entropyinputpr[] =
- {
- 0x0c,0x9c,0xad,0x05,0xee,0xae,0x48,0x23,0x89,0x59,0xa1,0x94,
- 0xd7,0xd8,0x75,0xd5,0x54,0x93,0xc7,0x4a,0xd9,0x26,0xde,0xeb,
- 0xba,0xb0,0x7e,0x30,0x1d,0x5f,0x69,0x40,0x9c,0x3b,0x17,0x58,
- 0x1d,0x30,0xb3,0x78
- };
-
-__fips_constseg
-static const unsigned char aes_192_no_df_pr_int_returnedbits[] =
- {
- 0xf7,0x93,0xb0,0x6d,0x77,0x83,0xd5,0x38,0x01,0xe1,0x52,0x40,
- 0x7e,0x3e,0x0c,0x26
- };
-
-__fips_constseg
-static const unsigned char aes_192_no_df_pr_additionalinput2[] =
- {
- 0xbc,0x4b,0x37,0x44,0x1c,0xc5,0x45,0x5f,0x8f,0x51,0x62,0x8a,
- 0x85,0x30,0x1d,0x7c,0xe4,0xcf,0xf7,0x44,0xce,0x32,0x3e,0x57,
- 0x95,0xa4,0x2a,0xdf,0xfd,0x9e,0x38,0x41,0xb3,0xf6,0xc5,0xee,
- 0x0c,0x4b,0xee,0x6e
- };
-
-__fips_constseg
-static const unsigned char aes_192_no_df_pr_entropyinputpr2[] =
- {
- 0xec,0xaf,0xf6,0x4f,0xb1,0xa0,0x54,0xb5,0x5b,0xe3,0x46,0xb0,
- 0x76,0x5a,0x7c,0x3f,0x7b,0x94,0x69,0x21,0x51,0x02,0xe5,0x9f,
- 0x04,0x59,0x02,0x98,0xc6,0x43,0x2c,0xcc,0x26,0x4c,0x87,0x6b,
- 0x8e,0x0a,0x83,0xdf
- };
-
-__fips_constseg
-static const unsigned char aes_192_no_df_pr_returnedbits[] =
- {
- 0x74,0x45,0xfb,0x53,0x84,0x96,0xbe,0xff,0x15,0xcc,0x41,0x91,
- 0xb9,0xa1,0x21,0x68
- };
-
-
-/* AES-192 no df No PR */
-__fips_constseg
-static const unsigned char aes_192_no_df_entropyinput[] =
- {
- 0x3c,0x7d,0xb5,0xe0,0x54,0xd9,0x6e,0x8c,0xa9,0x86,0xce,0x4e,
- 0x6b,0xaf,0xeb,0x2f,0xe7,0x75,0xe0,0x8b,0xa4,0x3b,0x07,0xfe,
- 0xbe,0x33,0x75,0x93,0x80,0x27,0xb5,0x29,0x47,0x8b,0xc7,0x28,
- 0x94,0xc3,0x59,0x63
- };
-
-__fips_constseg
-static const unsigned char aes_192_no_df_nonce[] =
- {
- 0x43,0xf1,0x7d,0xb8,0xc3,0xfe,0xd0,0x23,0x6b,0xb4,0x92,0xdb,
- 0x29,0xfd,0x45,0x71
- };
-
-__fips_constseg
-static const unsigned char aes_192_no_df_personalizationstring[] =
- {
- 0x9f,0x24,0x29,0x99,0x9e,0x01,0xab,0xe9,0x19,0xd8,0x23,0x08,
- 0xb7,0xd6,0x7e,0x8c,0xc0,0x9e,0x7f,0x6e,0x5b,0x33,0x20,0x96,
- 0x0b,0x23,0x2c,0xa5,0x6a,0xf8,0x1b,0x04,0x26,0xdb,0x2e,0x2b,
- 0x3b,0x88,0xce,0x35
- };
-
-__fips_constseg
-static const unsigned char aes_192_no_df_additionalinput[] =
- {
- 0x94,0xe9,0x7c,0x3d,0xa7,0xdb,0x60,0x83,0x1f,0x98,0x3f,0x0b,
- 0x88,0x59,0x57,0x51,0x88,0x9f,0x76,0x49,0x9f,0xa6,0xda,0x71,
- 0x1d,0x0d,0x47,0x16,0x63,0xc5,0x68,0xe4,0x5d,0x39,0x69,0xb3,
- 0x3e,0xbe,0xd4,0x8e
- };
-
-__fips_constseg
-static const unsigned char aes_192_no_df_int_returnedbits[] =
- {
- 0xf9,0xd7,0xad,0x69,0xab,0x8f,0x23,0x56,0x70,0x17,0x4f,0x2a,
- 0x45,0xe7,0x4a,0xc5
- };
-
-__fips_constseg
-static const unsigned char aes_192_no_df_entropyinputreseed[] =
- {
- 0xa6,0x71,0x6a,0x3d,0xba,0xd1,0xe8,0x66,0xa6,0xef,0xb2,0x0e,
- 0xa8,0x9c,0xaa,0x4e,0xaf,0x17,0x89,0x50,0x00,0xda,0xa1,0xb1,
- 0x0b,0xa4,0xd9,0x35,0x89,0xc8,0xe5,0xb0,0xd9,0xb7,0xc4,0x33,
- 0x9b,0xcb,0x7e,0x75
- };
-
-__fips_constseg
-static const unsigned char aes_192_no_df_additionalinputreseed[] =
- {
- 0x27,0x21,0xfc,0xc2,0xbd,0xf3,0x3c,0xce,0xc3,0xca,0xc1,0x01,
- 0xe0,0xff,0x93,0x12,0x7d,0x54,0x42,0xe3,0x9f,0x03,0xdf,0x27,
- 0x04,0x07,0x3c,0x53,0x7f,0xa8,0x66,0xc8,0x97,0x4b,0x61,0x40,
- 0x5d,0x7a,0x25,0x79
- };
-
-__fips_constseg
-static const unsigned char aes_192_no_df_additionalinput2[] =
- {
- 0x2d,0x8e,0x16,0x5d,0x0b,0x9f,0xeb,0xaa,0xd6,0xec,0x28,0x71,
- 0x7c,0x0b,0xc1,0x1d,0xd4,0x44,0x19,0x47,0xfd,0x1d,0x7c,0xe5,
- 0xf3,0x27,0xe1,0xb6,0x72,0x0a,0xe0,0xec,0x0e,0xcd,0xef,0x1a,
- 0x91,0x6a,0xe3,0x5f
- };
-
-__fips_constseg
-static const unsigned char aes_192_no_df_returnedbits[] =
- {
- 0xe5,0xda,0xb8,0xe0,0x63,0x59,0x5a,0xcc,0x3d,0xdc,0x9f,0xe8,
- 0x66,0x67,0x2c,0x92
- };
-
-
-/* AES-256 no df PR */
-__fips_constseg
-static const unsigned char aes_256_no_df_pr_entropyinput[] =
- {
- 0x15,0xc7,0x5d,0xcb,0x41,0x4b,0x16,0x01,0x3a,0xd1,0x44,0xe8,
- 0x22,0x32,0xc6,0x9c,0x3f,0xe7,0x43,0xf5,0x9a,0xd3,0xea,0xf2,
- 0xd7,0x4e,0x6e,0x6a,0x55,0x73,0x40,0xef,0x89,0xad,0x0d,0x03,
- 0x96,0x7e,0x78,0x81,0x2f,0x91,0x1b,0x44,0xb0,0x02,0xba,0x1c
- };
-
-__fips_constseg
-static const unsigned char aes_256_no_df_pr_nonce[] =
- {
- 0xdc,0xe4,0xd4,0x27,0x7a,0x90,0xd7,0x99,0x43,0xa1,0x3c,0x30,
- 0xcc,0x4b,0xee,0x2e
- };
-
-__fips_constseg
-static const unsigned char aes_256_no_df_pr_personalizationstring[] =
- {
- 0xe3,0xe6,0xb9,0x11,0xe4,0x7a,0xa4,0x40,0x6b,0xf8,0x73,0xf7,
- 0x7e,0xec,0xc7,0xb9,0x97,0xbf,0xf8,0x25,0x7b,0xbe,0x11,0x9b,
- 0x5b,0x6a,0x0c,0x2e,0x2b,0x01,0x51,0xcd,0x41,0x4b,0x6b,0xac,
- 0x31,0xa8,0x0b,0xf7,0xe6,0x59,0x42,0xb8,0x03,0x0c,0xf8,0x06
- };
-
-__fips_constseg
-static const unsigned char aes_256_no_df_pr_additionalinput[] =
- {
- 0x6a,0x9f,0x00,0x91,0xae,0xfe,0xcf,0x84,0x99,0xce,0xb1,0x40,
- 0x6d,0x5d,0x33,0x28,0x84,0xf4,0x8c,0x63,0x4c,0x7e,0xbd,0x2c,
- 0x80,0x76,0xee,0x5a,0xaa,0x15,0x07,0x31,0xd8,0xbb,0x8c,0x69,
- 0x9d,0x9d,0xbc,0x7e,0x49,0xae,0xec,0x39,0x6b,0xd1,0x1f,0x7e
- };
-
-__fips_constseg
-static const unsigned char aes_256_no_df_pr_entropyinputpr[] =
- {
- 0xf3,0xb9,0x75,0x9c,0xbd,0x88,0xea,0xa2,0x50,0xad,0xd6,0x16,
- 0x1a,0x12,0x3c,0x86,0x68,0xaf,0x6f,0xbe,0x19,0xf2,0xee,0xcc,
- 0xa5,0x70,0x84,0x53,0x50,0xcb,0x9f,0x14,0xa9,0xe5,0xee,0xb9,
- 0x48,0x45,0x40,0xe2,0xc7,0xc9,0x9a,0x74,0xff,0x8c,0x99,0x1f
- };
-
-__fips_constseg
-static const unsigned char aes_256_no_df_pr_int_returnedbits[] =
- {
- 0x2e,0xf2,0x45,0x4c,0x62,0x2e,0x0a,0xb9,0x6b,0xa2,0xfd,0x56,
- 0x79,0x60,0x93,0xcf
- };
-
-__fips_constseg
-static const unsigned char aes_256_no_df_pr_additionalinput2[] =
- {
- 0xaf,0x69,0x20,0xe9,0x3b,0x37,0x9d,0x3f,0xb4,0x80,0x02,0x7a,
- 0x25,0x7d,0xb8,0xde,0x71,0xc5,0x06,0x0c,0xb4,0xe2,0x8f,0x35,
- 0xd8,0x14,0x0d,0x7f,0x76,0x63,0x4e,0xb5,0xee,0xe9,0x6f,0x34,
- 0xc7,0x5f,0x56,0x14,0x4a,0xe8,0x73,0x95,0x5b,0x1c,0xb9,0xcb
- };
-
-__fips_constseg
-static const unsigned char aes_256_no_df_pr_entropyinputpr2[] =
- {
- 0xe5,0xb0,0x2e,0x7e,0x52,0x30,0xe3,0x63,0x82,0xb6,0x44,0xd3,
- 0x25,0x19,0x05,0x24,0x9a,0x9f,0x5f,0x27,0x6a,0x29,0xab,0xfa,
- 0x07,0xa2,0x42,0x0f,0xc5,0xa8,0x94,0x7c,0x17,0x7b,0x85,0x83,
- 0x0c,0x25,0x0e,0x63,0x0b,0xe9,0x12,0x60,0xcd,0xef,0x80,0x0f
- };
-
-__fips_constseg
-static const unsigned char aes_256_no_df_pr_returnedbits[] =
- {
- 0x5e,0xf2,0x26,0xef,0x9f,0x58,0x5d,0xd5,0x4a,0x10,0xfe,0xa7,
- 0x2d,0x5f,0x4a,0x46
- };
-
-
-/* AES-256 no df No PR */
-__fips_constseg
-static const unsigned char aes_256_no_df_entropyinput[] =
- {
- 0xfb,0xcf,0x1b,0x61,0x16,0x89,0x78,0x23,0xf5,0xd8,0x96,0xe3,
- 0x4e,0x64,0x0b,0x29,0x9a,0x3f,0xf8,0xa5,0xed,0xf2,0xfe,0xdb,
- 0x16,0xca,0x7f,0x10,0xfa,0x5e,0x18,0x76,0x2c,0x63,0x5e,0x96,
- 0xcf,0xb3,0xd6,0xfc,0xaf,0x99,0x39,0x28,0x9c,0x61,0xe8,0xb3
- };
-
-__fips_constseg
-static const unsigned char aes_256_no_df_nonce[] =
- {
- 0x12,0x96,0xf0,0x52,0xf3,0x8d,0x81,0xcf,0xde,0x86,0xf2,0x99,
- 0x43,0x96,0xb9,0xf0
- };
-
-__fips_constseg
-static const unsigned char aes_256_no_df_personalizationstring[] =
- {
- 0x63,0x0d,0x78,0xf5,0x90,0x8e,0x32,0x47,0xb0,0x4d,0x37,0x60,
- 0x09,0x96,0xbc,0xbf,0x97,0x7a,0x62,0x14,0x45,0xbd,0x8d,0xcc,
- 0x69,0xfb,0x03,0xe1,0x80,0x1c,0xc7,0xe2,0x2a,0xf9,0x37,0x3f,
- 0x66,0x4d,0x62,0xd9,0x10,0xe0,0xad,0xc8,0x9a,0xf0,0xa8,0x6d
- };
-
-__fips_constseg
-static const unsigned char aes_256_no_df_additionalinput[] =
- {
- 0x36,0xc6,0x13,0x60,0xbb,0x14,0xad,0x22,0xb0,0x38,0xac,0xa6,
- 0x18,0x16,0x93,0x25,0x86,0xb7,0xdc,0xdc,0x36,0x98,0x2b,0xf9,
- 0x68,0x33,0xd3,0xc6,0xff,0xce,0x8d,0x15,0x59,0x82,0x76,0xed,
- 0x6f,0x8d,0x49,0x74,0x2f,0xda,0xdc,0x1f,0x17,0xd0,0xde,0x17
- };
-
-__fips_constseg
-static const unsigned char aes_256_no_df_int_returnedbits[] =
- {
- 0x16,0x2f,0x8e,0x3f,0x21,0x7a,0x1c,0x20,0x56,0xd1,0x92,0xf6,
- 0xd2,0x25,0x75,0x0e
- };
-
-__fips_constseg
-static const unsigned char aes_256_no_df_entropyinputreseed[] =
- {
- 0x91,0x79,0x76,0xee,0xe0,0xcf,0x9e,0xc2,0xd5,0xd4,0x23,0x9b,
- 0x12,0x8c,0x7e,0x0a,0xb7,0xd2,0x8b,0xd6,0x7c,0xa3,0xc6,0xe5,
- 0x0e,0xaa,0xc7,0x6b,0xae,0x0d,0xfa,0x53,0x06,0x79,0xa1,0xed,
- 0x4d,0x6a,0x0e,0xd8,0x9d,0xbe,0x1b,0x31,0x93,0x7b,0xec,0xfb
- };
-
-__fips_constseg
-static const unsigned char aes_256_no_df_additionalinputreseed[] =
- {
- 0xd2,0x46,0x50,0x22,0x10,0x14,0x63,0xf7,0xea,0x0f,0xb9,0x7e,
- 0x0d,0xe1,0x94,0x07,0xaf,0x09,0x44,0x31,0xea,0x64,0xa4,0x18,
- 0x5b,0xf9,0xd8,0xc2,0xfa,0x03,0x47,0xc5,0x39,0x43,0xd5,0x3b,
- 0x62,0x86,0x64,0xea,0x2c,0x73,0x8c,0xae,0x9d,0x98,0x98,0x29
- };
-
-__fips_constseg
-static const unsigned char aes_256_no_df_additionalinput2[] =
- {
- 0x8c,0xab,0x18,0xf8,0xc3,0xec,0x18,0x5c,0xb3,0x1e,0x9d,0xbe,
- 0x3f,0x03,0xb4,0x00,0x98,0x9d,0xae,0xeb,0xf4,0x94,0xf8,0x42,
- 0x8f,0xe3,0x39,0x07,0xe1,0xc9,0xad,0x0b,0x1f,0xed,0xc0,0xba,
- 0xf6,0xd1,0xec,0x27,0x86,0x7b,0xd6,0x55,0x9b,0x60,0xa5,0xc6
- };
-
-__fips_constseg
-static const unsigned char aes_256_no_df_returnedbits[] =
- {
- 0xef,0xd2,0xd8,0x5c,0xdc,0x62,0x25,0x9f,0xaa,0x1e,0x2c,0x67,
- 0xf6,0x02,0x32,0xe2
- };
-
-
-/* SHA-1 PR */
-__fips_constseg
-static const unsigned char sha1_pr_entropyinput[] =
- {
- 0xd2,0x36,0xa5,0x27,0x31,0x73,0xdd,0x11,0x4f,0x93,0xbd,0xe2,
- 0x31,0xa5,0x91,0x13
- };
-
-__fips_constseg
-static const unsigned char sha1_pr_nonce[] =
- {
- 0xb5,0xb3,0x60,0xef,0xf7,0x63,0x31,0xf3
- };
-
-__fips_constseg
-static const unsigned char sha1_pr_personalizationstring[] =
- {
- 0xd4,0xbb,0x02,0x10,0xb2,0x71,0xdb,0x81,0xd6,0xf0,0x42,0x60,
- 0xda,0xea,0x77,0x52
- };
-
-__fips_constseg
-static const unsigned char sha1_pr_additionalinput[] =
- {
- 0x4d,0xd2,0x6c,0x87,0xfb,0x2c,0x4f,0xa6,0x8d,0x16,0x63,0x22,
- 0x6a,0x51,0xe3,0xf8
- };
-
-__fips_constseg
-static const unsigned char sha1_pr_entropyinputpr[] =
- {
- 0xc9,0x83,0x9e,0x16,0xf6,0x1c,0x0f,0xb2,0xec,0x60,0x31,0xa9,
- 0xcb,0xa9,0x36,0x7a
- };
-
-__fips_constseg
-static const unsigned char sha1_pr_int_returnedbits[] =
- {
- 0xa8,0x13,0x4f,0xf4,0x31,0x02,0x44,0xe3,0xd3,0x3d,0x61,0x9e,
- 0xe5,0xc6,0x3e,0x89,0xb5,0x9b,0x0f,0x35
- };
-
-__fips_constseg
-static const unsigned char sha1_pr_additionalinput2[] =
- {
- 0xf9,0xe8,0xd2,0x72,0x13,0x34,0x95,0x6f,0x15,0x49,0x47,0x99,
- 0x16,0x03,0x19,0x47
- };
-
-__fips_constseg
-static const unsigned char sha1_pr_entropyinputpr2[] =
- {
- 0x4e,0x8c,0x49,0x9b,0x4a,0x5c,0x9b,0x9c,0x3a,0xee,0xfb,0xd2,
- 0xae,0xcd,0x8c,0xc4
- };
-
-__fips_constseg
-static const unsigned char sha1_pr_returnedbits[] =
- {
- 0x50,0xb4,0xb4,0xcd,0x68,0x57,0xfc,0x2e,0xc1,0x52,0xcc,0xf6,
- 0x68,0xa4,0x81,0xed,0x7e,0xe4,0x1d,0x87
- };
-
-
-/* SHA-1 No PR */
-__fips_constseg
-static const unsigned char sha1_entropyinput[] =
- {
- 0xa9,0x47,0x1b,0x29,0x2d,0x1c,0x05,0xdf,0x76,0xd0,0x62,0xf9,
- 0xe2,0x7f,0x4c,0x7b
- };
-
-__fips_constseg
-static const unsigned char sha1_nonce[] =
- {
- 0x53,0x23,0x24,0xe3,0xec,0x0c,0x54,0x14
- };
-
-__fips_constseg
-static const unsigned char sha1_personalizationstring[] =
- {
- 0x7a,0x87,0xa1,0xac,0x1c,0xfd,0xab,0xae,0xf7,0xd6,0xfb,0x76,
- 0x28,0xec,0x6d,0xca
- };
-
-__fips_constseg
-static const unsigned char sha1_additionalinput[] =
- {
- 0xfc,0x92,0x35,0xd6,0x7e,0xb7,0x24,0x65,0xfd,0x12,0x27,0x35,
- 0xc0,0x72,0xca,0x28
- };
-
-__fips_constseg
-static const unsigned char sha1_int_returnedbits[] =
- {
- 0x57,0x88,0x82,0xe5,0x25,0xa5,0x2c,0x4a,0x06,0x20,0x6c,0x72,
- 0x55,0x61,0xdd,0x90,0x71,0x9f,0x95,0xea
- };
-
-__fips_constseg
-static const unsigned char sha1_entropyinputreseed[] =
- {
- 0x69,0xa5,0x40,0x62,0x98,0x47,0x56,0x73,0x4a,0x8f,0x60,0x96,
- 0xd6,0x99,0x27,0xed
- };
-
-__fips_constseg
-static const unsigned char sha1_additionalinputreseed[] =
- {
- 0xe5,0x40,0x4e,0xbd,0x50,0x00,0xf5,0x15,0xa6,0xee,0x45,0xda,
- 0x84,0x3d,0xd4,0xc0
- };
-
-__fips_constseg
-static const unsigned char sha1_additionalinput2[] =
- {
- 0x11,0x51,0x14,0xf0,0x09,0x1b,0x4e,0x56,0x0d,0xe9,0xf6,0x1e,
- 0x52,0x65,0xcd,0x96
- };
-
-__fips_constseg
-static const unsigned char sha1_returnedbits[] =
- {
- 0xa1,0x9c,0x94,0x6e,0x29,0xe1,0x33,0x0d,0x32,0xd6,0xaa,0xce,
- 0x71,0x3f,0x52,0x72,0x8b,0x42,0xa8,0xd7
- };
-
-
-/* SHA-224 PR */
-__fips_constseg
-static const unsigned char sha224_pr_entropyinput[] =
- {
- 0x12,0x69,0x32,0x4f,0x83,0xa6,0xf5,0x14,0xe3,0x49,0x3e,0x75,
- 0x3e,0xde,0xad,0xa1,0x29,0xc3,0xf3,0x19,0x20,0xb5,0x4c,0xd9
- };
-
-__fips_constseg
-static const unsigned char sha224_pr_nonce[] =
- {
- 0x6a,0x78,0xd0,0xeb,0xbb,0x5a,0xf0,0xee,0xe8,0xc3,0xba,0x71
- };
-
-__fips_constseg
-static const unsigned char sha224_pr_personalizationstring[] =
- {
- 0xd5,0xb8,0xb6,0xbc,0xc1,0x5b,0x60,0x31,0x3c,0xf5,0xe5,0xc0,
- 0x8e,0x52,0x7a,0xbd,0xea,0x47,0xa9,0x5f,0x8f,0xf9,0x8b,0xae
- };
-
-__fips_constseg
-static const unsigned char sha224_pr_additionalinput[] =
- {
- 0x1f,0x55,0xec,0xae,0x16,0x12,0x84,0xba,0x84,0x16,0x19,0x88,
- 0x8e,0xb8,0x33,0x25,0x54,0xff,0xca,0x79,0xaf,0x07,0x25,0x50
- };
-
-__fips_constseg
-static const unsigned char sha224_pr_entropyinputpr[] =
- {
- 0x92,0xa3,0x32,0xa8,0x9a,0x0a,0x58,0x7c,0x1d,0x5a,0x7e,0xe1,
- 0xb2,0x73,0xab,0x0e,0x16,0x79,0x23,0xd3,0x29,0x89,0x81,0xe1
- };
-
-__fips_constseg
-static const unsigned char sha224_pr_int_returnedbits[] =
- {
- 0xf3,0x38,0x91,0x40,0x37,0x7a,0x51,0x72,0x42,0x74,0x78,0x0a,
- 0x69,0xfd,0xa6,0x44,0x43,0x45,0x6c,0x0c,0x5a,0x19,0xff,0xf1,
- 0x54,0x60,0xee,0x6a
- };
-
-__fips_constseg
-static const unsigned char sha224_pr_additionalinput2[] =
- {
- 0x75,0xf3,0x04,0x25,0xdd,0x36,0xa8,0x37,0x46,0xae,0x0c,0x52,
- 0x05,0x79,0x4c,0x26,0xdb,0xe9,0x71,0x16,0x4c,0x0a,0xf2,0x60
- };
-
-__fips_constseg
-static const unsigned char sha224_pr_entropyinputpr2[] =
- {
- 0xea,0xc5,0x03,0x0a,0x4f,0xb0,0x38,0x8d,0x23,0xd4,0xc8,0x77,
- 0xe2,0x6d,0x9c,0x0b,0x44,0xf7,0x2d,0x5b,0xbf,0x5d,0x2a,0x11
- };
-
-__fips_constseg
-static const unsigned char sha224_pr_returnedbits[] =
- {
- 0x60,0x50,0x2b,0xe7,0x86,0xd8,0x26,0x73,0xe3,0x1d,0x95,0x20,
- 0xb3,0x2c,0x32,0x1c,0xf5,0xce,0x57,0xa6,0x67,0x2b,0xdc,0x4e,
- 0xdd,0x11,0x4c,0xc4
- };
-
-
-/* SHA-224 No PR */
-__fips_constseg
-static const unsigned char sha224_entropyinput[] =
- {
- 0xb2,0x1c,0x77,0x4d,0xf6,0xd3,0xb6,0x40,0xb7,0x30,0x3e,0x29,
- 0xb0,0x85,0x1c,0xbe,0x4a,0xea,0x6b,0x5a,0xb5,0x8a,0x97,0xeb
- };
-
-__fips_constseg
-static const unsigned char sha224_nonce[] =
- {
- 0x42,0x02,0x0a,0x1c,0x98,0x9a,0x77,0x9e,0x9f,0x80,0xba,0xe0
- };
-
-__fips_constseg
-static const unsigned char sha224_personalizationstring[] =
- {
- 0x98,0xb8,0x04,0x41,0xfc,0xc1,0x5d,0xc5,0xe9,0xb9,0x08,0xda,
- 0xf9,0xfa,0x0d,0x90,0xce,0xdf,0x1d,0x10,0xa9,0x8d,0x50,0x0c
- };
-
-__fips_constseg
-static const unsigned char sha224_additionalinput[] =
- {
- 0x9a,0x8d,0x39,0x49,0x42,0xd5,0x0b,0xae,0xe1,0xaf,0xb7,0x00,
- 0x02,0xfa,0x96,0xb1,0xa5,0x1d,0x2d,0x25,0x78,0xee,0x83,0x3f
- };
-
-__fips_constseg
-static const unsigned char sha224_int_returnedbits[] =
- {
- 0xe4,0xf5,0x53,0x79,0x5a,0x97,0x58,0x06,0x08,0xba,0x7b,0xfa,
- 0xf0,0x83,0x05,0x8c,0x22,0xc0,0xc9,0xdb,0x15,0xe7,0xde,0x20,
- 0x55,0x22,0x9a,0xad
- };
-
-__fips_constseg
-static const unsigned char sha224_entropyinputreseed[] =
- {
- 0x67,0x09,0x48,0xaa,0x07,0x16,0x99,0x89,0x7f,0x6d,0xa0,0xe5,
- 0x8f,0xdf,0xbc,0xdb,0xfe,0xe5,0x6c,0x7a,0x95,0x4a,0x66,0x17
- };
-
-__fips_constseg
-static const unsigned char sha224_additionalinputreseed[] =
- {
- 0x0f,0x4b,0x1c,0x6f,0xb7,0xe3,0x47,0xe5,0x5d,0x7d,0x38,0xd6,
- 0x28,0x9b,0xeb,0x55,0x63,0x09,0x3e,0x7c,0x56,0xea,0xf8,0x19
- };
-
-__fips_constseg
-static const unsigned char sha224_additionalinput2[] =
- {
- 0x2d,0x26,0x7c,0x37,0xe4,0x7a,0x28,0x5e,0x5a,0x3c,0xaf,0x3d,
- 0x5a,0x8e,0x55,0xa2,0x1a,0x6e,0xc0,0xe5,0xf6,0x21,0xd3,0xf6
- };
-
-__fips_constseg
-static const unsigned char sha224_returnedbits[] =
- {
- 0x4d,0x83,0x35,0xdf,0x67,0xa9,0xfc,0x17,0xda,0x70,0xcc,0x8b,
- 0x7f,0x77,0xae,0xa2,0x5f,0xb9,0x7e,0x74,0x4c,0x26,0xc1,0x7a,
- 0x3b,0xa7,0x5c,0x93
- };
-
-
-/* SHA-256 PR */
-__fips_constseg
-static const unsigned char sha256_pr_entropyinput[] =
- {
- 0xce,0x49,0x00,0x7a,0x56,0xe3,0x67,0x8f,0xe1,0xb6,0xa7,0xd4,
- 0x4f,0x08,0x7a,0x1b,0x01,0xf4,0xfa,0x6b,0xef,0xb7,0xe5,0xeb,
- 0x07,0x3d,0x11,0x0d,0xc8,0xea,0x2b,0xfe
- };
-
-__fips_constseg
-static const unsigned char sha256_pr_nonce[] =
- {
- 0x73,0x41,0xc8,0x92,0x94,0xe2,0xc5,0x5f,0x93,0xfd,0x39,0x5d,
- 0x2b,0x91,0x4d,0x38
- };
-
-__fips_constseg
-static const unsigned char sha256_pr_personalizationstring[] =
- {
- 0x50,0x6d,0x01,0x01,0x07,0x5a,0x80,0x35,0x7a,0x56,0x1a,0x56,
- 0x2f,0x9a,0x0b,0x35,0xb2,0xb1,0xc9,0xe5,0xca,0x69,0x61,0x48,
- 0xff,0xfb,0x0f,0xd9,0x4b,0x79,0x1d,0xba
- };
-
-__fips_constseg
-static const unsigned char sha256_pr_additionalinput[] =
- {
- 0x20,0xb8,0xdf,0x44,0x77,0x5a,0xb8,0xd3,0xbf,0xf6,0xcf,0xac,
- 0x5e,0xa6,0x96,0x62,0x73,0x44,0x40,0x4a,0x30,0xfb,0x38,0xa5,
- 0x7b,0x0d,0xe4,0x0d,0xc6,0xe4,0x9a,0x1f
- };
-
-__fips_constseg
-static const unsigned char sha256_pr_entropyinputpr[] =
- {
- 0x04,0xc4,0x65,0xf4,0xd3,0xbf,0x83,0x4b,0xab,0xc8,0x41,0xa8,
- 0xc2,0xe0,0x44,0x63,0x77,0x4c,0x6f,0x6c,0x49,0x46,0xff,0x94,
- 0x17,0xea,0xe6,0x1a,0x9d,0x5e,0x66,0x78
- };
-
-__fips_constseg
-static const unsigned char sha256_pr_int_returnedbits[] =
- {
- 0x07,0x4d,0xac,0x9b,0x86,0xca,0x4a,0xaa,0x6e,0x7a,0x03,0xa2,
- 0x5d,0x10,0xea,0x0b,0xf9,0x83,0xcc,0xd1,0xfc,0xe2,0x07,0xc7,
- 0x06,0x34,0x60,0x6f,0x83,0x94,0x99,0x76
- };
-
-__fips_constseg
-static const unsigned char sha256_pr_additionalinput2[] =
- {
- 0x89,0x4e,0x45,0x8c,0x11,0xf9,0xbc,0x5b,0xac,0x74,0x8b,0x4b,
- 0x5f,0xf7,0x19,0xf3,0xf5,0x24,0x54,0x14,0xd1,0x15,0xb1,0x43,
- 0x12,0xa4,0x5f,0xd4,0xec,0xfc,0xcd,0x09
- };
-
-__fips_constseg
-static const unsigned char sha256_pr_entropyinputpr2[] =
- {
- 0x0e,0xeb,0x1f,0xd7,0xfc,0xd1,0x9d,0xd4,0x05,0x36,0x8b,0xb2,
- 0xfb,0xe4,0xf4,0x51,0x0c,0x87,0x9b,0x02,0x44,0xd5,0x92,0x4d,
- 0x44,0xfe,0x1a,0x03,0x43,0x56,0xbd,0x86
- };
-
-__fips_constseg
-static const unsigned char sha256_pr_returnedbits[] =
- {
- 0x02,0xaa,0xb6,0x1d,0x7e,0x2a,0x40,0x03,0x69,0x2d,0x49,0xa3,
- 0x41,0xe7,0x44,0x0b,0xaf,0x7b,0x85,0xe4,0x5f,0x53,0x3b,0x64,
- 0xbc,0x89,0xc8,0x82,0xd4,0x78,0x37,0xa2
- };
-
-
-/* SHA-256 No PR */
-__fips_constseg
-static const unsigned char sha256_entropyinput[] =
- {
- 0x5b,0x1b,0xec,0x4d,0xa9,0x38,0x74,0x5a,0x34,0x0b,0x7b,0xc5,
- 0xe5,0xd7,0x66,0x7c,0xbc,0x82,0xb9,0x0e,0x2d,0x1f,0x92,0xd7,
- 0xc1,0xbc,0x67,0x69,0xec,0x6b,0x03,0x3c
- };
-
-__fips_constseg
-static const unsigned char sha256_nonce[] =
- {
- 0xa4,0x0c,0xd8,0x9c,0x61,0xd8,0xc3,0x54,0xfe,0x53,0xc9,0xe5,
- 0x5d,0x6f,0x6d,0x35
- };
-
-__fips_constseg
-static const unsigned char sha256_personalizationstring[] =
- {
- 0x22,0x5e,0x62,0x93,0x42,0x83,0x78,0x24,0xd8,0x40,0x8c,0xde,
- 0x6f,0xf9,0xa4,0x7a,0xc5,0xa7,0x3b,0x88,0xa3,0xee,0x42,0x20,
- 0xfd,0x61,0x56,0xc6,0x4c,0x13,0x41,0x9c
- };
-
-__fips_constseg
-static const unsigned char sha256_additionalinput[] =
- {
- 0xbf,0x74,0x5b,0xf6,0xc5,0x64,0x5e,0x99,0x34,0x8f,0xbc,0xa4,
- 0xe2,0xbd,0xd8,0x85,0x26,0x37,0xea,0xba,0x4f,0xf2,0x9a,0x9a,
- 0x66,0xfc,0xdf,0x63,0x26,0x26,0x19,0x87
- };
-
-__fips_constseg
-static const unsigned char sha256_int_returnedbits[] =
- {
- 0xb3,0xc6,0x07,0x07,0xd6,0x75,0xf6,0x2b,0xd6,0x21,0x96,0xf1,
- 0xae,0xdb,0x2b,0xac,0x25,0x2a,0xae,0xae,0x41,0x72,0x03,0x5e,
- 0xbf,0xd3,0x64,0xbc,0x59,0xf9,0xc0,0x76
- };
-
-__fips_constseg
-static const unsigned char sha256_entropyinputreseed[] =
- {
- 0xbf,0x20,0x33,0x56,0x29,0xa8,0x37,0x04,0x1f,0x78,0x34,0x3d,
- 0x81,0x2a,0xc9,0x86,0xc6,0x7a,0x2f,0x88,0x5e,0xd5,0xbe,0x34,
- 0x46,0x20,0xa4,0x35,0xeb,0xc7,0xe2,0x9d
- };
-
-__fips_constseg
-static const unsigned char sha256_additionalinputreseed[] =
- {
- 0x9b,0xae,0x2d,0x2d,0x61,0xa4,0x89,0xeb,0x43,0x46,0xa7,0xda,
- 0xef,0x40,0xca,0x4a,0x99,0x11,0x41,0xdc,0x5c,0x94,0xe9,0xac,
- 0xd4,0xd0,0xe6,0xbd,0xfb,0x03,0x9c,0xa8
- };
-
-__fips_constseg
-static const unsigned char sha256_additionalinput2[] =
- {
- 0x23,0xaa,0x0c,0xbd,0x28,0x33,0xe2,0x51,0xfc,0x71,0xd2,0x15,
- 0x1f,0x76,0xfd,0x0d,0xe0,0xb7,0xb5,0x84,0x75,0x5b,0xbe,0xf3,
- 0x5c,0xca,0xc5,0x30,0xf2,0x75,0x1f,0xda
- };
-
-__fips_constseg
-static const unsigned char sha256_returnedbits[] =
- {
- 0x90,0x3c,0xc1,0x10,0x8c,0x12,0x01,0xc6,0xa6,0x3a,0x0f,0x4d,
- 0xb6,0x3a,0x4f,0x41,0x9c,0x61,0x75,0x84,0xe9,0x74,0x75,0xfd,
- 0xfe,0xf2,0x1f,0x43,0xd8,0x5e,0x24,0xa3
- };
-
-
-/* SHA-384 PR */
-__fips_constseg
-static const unsigned char sha384_pr_entropyinput[] =
- {
- 0x71,0x9d,0xb2,0x5a,0x71,0x6d,0x04,0xe9,0x1e,0xc7,0x92,0x24,
- 0x6e,0x12,0x33,0xa9,0x52,0x64,0x31,0xef,0x71,0xeb,0x22,0x55,
- 0x28,0x97,0x06,0x6a,0xc0,0x0c,0xa0,0x7e
- };
-
-__fips_constseg
-static const unsigned char sha384_pr_nonce[] =
- {
- 0xf5,0x0d,0xfa,0xb0,0xec,0x6a,0x7c,0xd6,0xbd,0x9b,0x05,0xfd,
- 0x38,0x3e,0x2e,0x56
- };
-
-__fips_constseg
-static const unsigned char sha384_pr_personalizationstring[] =
- {
- 0x74,0xac,0x7e,0x6d,0xb1,0xa4,0xe7,0x21,0xd1,0x1e,0x6e,0x96,
- 0x6d,0x4d,0x53,0x46,0x82,0x96,0x6e,0xcf,0xaa,0x81,0x8d,0x7d,
- 0x9e,0xe1,0x0f,0x15,0xea,0x41,0xbf,0xe3
- };
-
-__fips_constseg
-static const unsigned char sha384_pr_additionalinput[] =
- {
- 0xda,0x95,0xd4,0xd0,0xb8,0x11,0xd3,0x49,0x27,0x5d,0xa9,0x39,
- 0x68,0xf3,0xa8,0xe9,0x5d,0x19,0x8a,0x2b,0x66,0xe8,0x69,0x06,
- 0x7c,0x9e,0x03,0xa1,0x8b,0x26,0x2d,0x6e
- };
-
-__fips_constseg
-static const unsigned char sha384_pr_entropyinputpr[] =
- {
- 0x49,0xdf,0x44,0x00,0xe4,0x1c,0x75,0x0b,0x26,0x5a,0x59,0x64,
- 0x1f,0x4e,0xb1,0xb2,0x13,0xf1,0x22,0x4e,0xb4,0x6d,0x9a,0xcc,
- 0xa0,0x48,0xe6,0xcf,0x1d,0xd1,0x92,0x0d
- };
-
-__fips_constseg
-static const unsigned char sha384_pr_int_returnedbits[] =
- {
- 0xc8,0x52,0xae,0xbf,0x04,0x3c,0x27,0xb7,0x78,0x18,0xaa,0x8f,
- 0xff,0xcf,0xa4,0xf1,0xcc,0xe7,0x68,0xfa,0x22,0xa2,0x13,0x45,
- 0xe8,0xdd,0x87,0xe6,0xf2,0x6e,0xdd,0xc7,0x52,0x90,0x9f,0x7b,
- 0xfa,0x61,0x2d,0x9d,0x9e,0xcf,0x98,0xac,0x52,0x40,0xce,0xaf
- };
-
-__fips_constseg
-static const unsigned char sha384_pr_additionalinput2[] =
- {
- 0x61,0x7c,0x03,0x9a,0x3e,0x50,0x57,0x60,0xc5,0x83,0xc9,0xb2,
- 0xd1,0x87,0x85,0x66,0x92,0x5d,0x84,0x0e,0x53,0xfb,0x70,0x03,
- 0x72,0xfd,0xba,0xae,0x9c,0x8f,0xf8,0x18
- };
-
-__fips_constseg
-static const unsigned char sha384_pr_entropyinputpr2[] =
- {
- 0xf8,0xeb,0x89,0xb1,0x8d,0x78,0xbe,0x21,0xe0,0xbb,0x9d,0xb7,
- 0x95,0x0e,0xd9,0x46,0x0c,0x8c,0xe2,0x63,0xb7,0x9d,0x67,0x90,
- 0xbd,0xc7,0x0b,0xa5,0xce,0xb2,0x65,0x81
- };
-
-__fips_constseg
-static const unsigned char sha384_pr_returnedbits[] =
- {
- 0xe6,0x9f,0xfe,0x68,0xd6,0xb5,0x79,0xf1,0x06,0x5f,0xa3,0xbb,
- 0x23,0x85,0xd8,0xf0,0x29,0x5a,0x68,0x9e,0xf5,0xf4,0xa6,0x12,
- 0xe0,0x9a,0xe2,0xac,0x00,0x1d,0x98,0x26,0xfc,0x53,0x95,0x53,
- 0xe4,0x3e,0x17,0xd5,0x08,0x0b,0x70,0x3d,0x67,0x99,0xac,0x66
- };
-
-
-/* SHA-384 No PR */
-__fips_constseg
-static const unsigned char sha384_entropyinput[] =
- {
- 0x07,0x15,0x27,0x2a,0xaf,0x74,0x24,0x37,0xbc,0xd5,0x14,0x69,
- 0xce,0x11,0xff,0xa2,0x6b,0xb8,0x05,0x67,0x34,0xf8,0xbd,0x6d,
- 0x6a,0xcc,0xcd,0x60,0xa3,0x68,0xca,0xf4
- };
-
-__fips_constseg
-static const unsigned char sha384_nonce[] =
- {
- 0x70,0x17,0xc2,0x5b,0x5d,0x22,0x0b,0x06,0x15,0x54,0x78,0x77,
- 0x44,0xaf,0x2f,0x09
- };
-
-__fips_constseg
-static const unsigned char sha384_personalizationstring[] =
- {
- 0x89,0x39,0x28,0xb0,0x60,0xeb,0x3d,0xdc,0x55,0x75,0x86,0xeb,
- 0xae,0xa2,0x8f,0xbc,0x1b,0x75,0xd4,0xe1,0x0f,0xaa,0x38,0xca,
- 0x62,0x8b,0xcb,0x2c,0x26,0xf6,0xbc,0xb1
- };
-
-__fips_constseg
-static const unsigned char sha384_additionalinput[] =
- {
- 0x30,0x2b,0x42,0x35,0xef,0xda,0x40,0x55,0x28,0xc6,0x95,0xfb,
- 0x54,0x01,0x62,0xd7,0x87,0x14,0x48,0x6d,0x90,0x4c,0xa9,0x02,
- 0x54,0x40,0x22,0xc8,0x66,0xa5,0x48,0x48
- };
-
-__fips_constseg
-static const unsigned char sha384_int_returnedbits[] =
- {
- 0x82,0xc4,0xa1,0x9c,0x21,0xd2,0xe7,0xa5,0xa6,0xf6,0x5f,0x04,
- 0x5c,0xc7,0x31,0x9d,0x8d,0x59,0x74,0x50,0x19,0x89,0x2f,0x63,
- 0xd5,0xb7,0x7e,0xeb,0x15,0xe3,0x70,0x83,0xa1,0x24,0x59,0xfa,
- 0x2c,0x56,0xf6,0x88,0x3a,0x92,0x93,0xa1,0xfb,0x79,0xc1,0x7a
- };
-
-__fips_constseg
-static const unsigned char sha384_entropyinputreseed[] =
- {
- 0x39,0xa6,0xe8,0x5c,0x82,0x17,0x71,0x26,0x57,0x4f,0x9f,0xc2,
- 0x55,0xff,0x5c,0x9b,0x53,0x1a,0xd1,0x5f,0xbc,0x62,0xe4,0x27,
- 0x2d,0x32,0xf0,0xe4,0x52,0x8c,0xc5,0x0c
- };
-
-__fips_constseg
-static const unsigned char sha384_additionalinputreseed[] =
- {
- 0x8d,0xcb,0x8d,0xce,0x08,0xea,0x80,0xe8,0x9b,0x61,0xa8,0x0f,
- 0xaf,0x49,0x20,0x9e,0x74,0xcb,0x57,0x80,0x42,0xb0,0x84,0x5e,
- 0x30,0x2a,0x67,0x08,0xf4,0xe3,0x40,0x22
- };
-
-__fips_constseg
-static const unsigned char sha384_additionalinput2[] =
- {
- 0x7c,0x8f,0xc2,0xae,0x22,0x4a,0xd6,0xf6,0x05,0xa4,0x7a,0xea,
- 0xbb,0x25,0xd0,0xb7,0x5a,0xd6,0xcf,0x9d,0xf3,0x6c,0xe2,0xb2,
- 0x4e,0xb4,0xbd,0xf4,0xe5,0x40,0x80,0x94
- };
-
-__fips_constseg
-static const unsigned char sha384_returnedbits[] =
- {
- 0x9e,0x7e,0xfb,0x59,0xbb,0xaa,0x3c,0xf7,0xe1,0xf8,0x76,0xdd,
- 0x63,0x5f,0xaf,0x23,0xd6,0x64,0x61,0xc0,0x9a,0x09,0x47,0xc9,
- 0x33,0xdf,0x6d,0x55,0x91,0x34,0x79,0x70,0xc4,0x99,0x6e,0x54,
- 0x09,0x64,0x21,0x1a,0xbd,0x1e,0x80,0x40,0x34,0xad,0xfa,0xd7
- };
-
-
-/* SHA-512 PR */
-__fips_constseg
-static const unsigned char sha512_pr_entropyinput[] =
- {
- 0x13,0xf7,0x61,0x75,0x65,0x28,0xa2,0x59,0x13,0x5a,0x4a,0x4f,
- 0x56,0x60,0x8c,0x53,0x7d,0xb0,0xbd,0x06,0x4f,0xed,0xcc,0xd2,
- 0xa2,0xb5,0xfd,0x5b,0x3a,0xab,0xec,0x28
- };
-
-__fips_constseg
-static const unsigned char sha512_pr_nonce[] =
- {
- 0xbe,0xa3,0x91,0x93,0x1d,0xc3,0x31,0x3a,0x23,0x33,0x50,0x67,
- 0x88,0xc7,0xa2,0xc4
- };
-
-__fips_constseg
-static const unsigned char sha512_pr_personalizationstring[] =
- {
- 0x1f,0x59,0x4d,0x7b,0xe6,0x46,0x91,0x48,0xc1,0x25,0xfa,0xff,
- 0x89,0x12,0x77,0x35,0xdf,0x3e,0xf4,0x80,0x5f,0xd9,0xb0,0x07,
- 0x22,0x41,0xdd,0x48,0x78,0x6b,0x77,0x2b
- };
-
-__fips_constseg
-static const unsigned char sha512_pr_additionalinput[] =
- {
- 0x30,0xff,0x63,0x6f,0xac,0xd9,0x84,0x39,0x6f,0xe4,0x99,0xce,
- 0x91,0x7d,0x7e,0xc8,0x58,0xf2,0x12,0xc3,0xb6,0xad,0xda,0x22,
- 0x04,0xa0,0xd2,0x21,0xfe,0xf2,0x95,0x1d
- };
-
-__fips_constseg
-static const unsigned char sha512_pr_entropyinputpr[] =
- {
- 0x64,0x54,0x13,0xec,0x4f,0x77,0xda,0xb2,0x92,0x2e,0x52,0x80,
- 0x11,0x10,0xc2,0xf8,0xe6,0xa7,0xcd,0x4b,0xfc,0x32,0x2e,0x9e,
- 0xeb,0xbb,0xb1,0xbf,0x15,0x5c,0x73,0x08
- };
-
-__fips_constseg
-static const unsigned char sha512_pr_int_returnedbits[] =
- {
- 0xef,0x1e,0xdc,0x0a,0xa4,0x36,0x91,0x9c,0x3d,0x27,0x97,0x50,
- 0x8d,0x36,0x29,0x8d,0xce,0x6a,0x0c,0xf7,0x21,0xc0,0x91,0xae,
- 0x0c,0x96,0x72,0xbd,0x52,0x81,0x58,0xfc,0x6d,0xe5,0xf7,0xa5,
- 0xfd,0x5d,0xa7,0x58,0x68,0xc8,0x99,0x58,0x8e,0xc8,0xce,0x95,
- 0x01,0x7d,0xff,0xa4,0xc8,0xf7,0x63,0xfe,0x5f,0x69,0x83,0x53,
- 0xe2,0xc6,0x8b,0xc3
- };
-
-__fips_constseg
-static const unsigned char sha512_pr_additionalinput2[] =
- {
- 0xe6,0x9b,0xc4,0x88,0x34,0xca,0xea,0x29,0x2f,0x98,0x05,0xa4,
- 0xd3,0xc0,0x7b,0x11,0xe8,0xbb,0x75,0xf2,0xbd,0x29,0xb7,0x40,
- 0x25,0x7f,0xc1,0xb7,0xb1,0xf1,0x25,0x61
- };
-
-__fips_constseg
-static const unsigned char sha512_pr_entropyinputpr2[] =
- {
- 0x23,0x6d,0xff,0xde,0xfb,0xd1,0xba,0x33,0x18,0xe6,0xbe,0xb5,
- 0x48,0x77,0x6d,0x7f,0xa7,0xe1,0x4d,0x48,0x1e,0x3c,0xa7,0x34,
- 0x1a,0xc8,0x60,0xdb,0x8f,0x99,0x15,0x99
- };
-
-__fips_constseg
-static const unsigned char sha512_pr_returnedbits[] =
- {
- 0x70,0x27,0x31,0xdb,0x92,0x70,0x21,0xfe,0x16,0xb6,0xc8,0x51,
- 0x34,0x87,0x65,0xd0,0x4e,0xfd,0xfe,0x68,0xec,0xac,0xdc,0x93,
- 0x41,0x38,0x92,0x90,0xb4,0x94,0xf9,0x0d,0xa4,0xf7,0x4e,0x80,
- 0x92,0x67,0x48,0x40,0xa7,0x08,0xc7,0xbc,0x66,0x00,0xfd,0xf7,
- 0x4c,0x8b,0x17,0x6e,0xd1,0x8f,0x9b,0xf3,0x6f,0xf6,0x34,0xdd,
- 0x67,0xf7,0x68,0xdd
- };
-
-
-/* SHA-512 No PR */
-__fips_constseg
-static const unsigned char sha512_entropyinput[] =
- {
- 0xb6,0x0b,0xb7,0xbc,0x84,0x56,0xf6,0x12,0xaf,0x45,0x67,0x17,
- 0x7c,0xd1,0xb2,0x78,0x2b,0xa0,0xf2,0xbe,0xb6,0x6d,0x8b,0x56,
- 0xc6,0xbc,0x4d,0xe1,0xf7,0xbe,0xce,0xbd
- };
-
-__fips_constseg
-static const unsigned char sha512_nonce[] =
- {
- 0x9d,0xed,0xc0,0xe5,0x5a,0x98,0x6a,0xcb,0x51,0x7d,0x76,0x31,
- 0x5a,0x64,0xf0,0xf7
- };
-
-__fips_constseg
-static const unsigned char sha512_personalizationstring[] =
- {
- 0xc2,0x6d,0xa3,0xc3,0x06,0x74,0xe5,0x01,0x5c,0x10,0x17,0xc7,
- 0xaf,0x83,0x9d,0x59,0x8d,0x2d,0x29,0x38,0xc5,0x59,0x70,0x8b,
- 0x46,0x48,0x2d,0xcf,0x36,0x7d,0x59,0xc0
- };
-
-__fips_constseg
-static const unsigned char sha512_additionalinput[] =
- {
- 0xec,0x8c,0xd4,0xf7,0x61,0x6e,0x0d,0x95,0x79,0xb7,0x28,0xad,
- 0x5f,0x69,0x74,0x5f,0x2d,0x36,0x06,0x8a,0x6b,0xac,0x54,0x97,
- 0xc4,0xa1,0x12,0x85,0x0a,0xdf,0x4b,0x34
- };
-
-__fips_constseg
-static const unsigned char sha512_int_returnedbits[] =
- {
- 0x84,0x2f,0x1f,0x68,0x6a,0xa3,0xad,0x1e,0xfb,0xf4,0x15,0xbd,
- 0xde,0x38,0xd4,0x30,0x80,0x51,0xe9,0xd3,0xc7,0x20,0x88,0xe9,
- 0xf5,0xcc,0xdf,0x57,0x5c,0x47,0x2f,0x57,0x3c,0x5f,0x13,0x56,
- 0xcc,0xc5,0x4f,0x84,0xf8,0x10,0x41,0xd5,0x7e,0x58,0x6e,0x19,
- 0x19,0x9e,0xaf,0xc2,0x22,0x58,0x41,0x50,0x79,0xc2,0xd8,0x04,
- 0x28,0xd4,0x39,0x9a
- };
-
-__fips_constseg
-static const unsigned char sha512_entropyinputreseed[] =
- {
- 0xfa,0x7f,0x46,0x51,0x83,0x62,0x98,0x16,0x9a,0x19,0xa2,0x49,
- 0xa9,0xe6,0x4a,0xd8,0x85,0xe7,0xd4,0x3b,0x2c,0x82,0xc5,0x82,
- 0xbf,0x11,0xf9,0x9e,0xbc,0xd0,0x01,0xee
- };
-
-__fips_constseg
-static const unsigned char sha512_additionalinputreseed[] =
- {
- 0xb9,0x12,0xe0,0x4f,0xf7,0xa7,0xc4,0xd8,0xd0,0x8e,0x99,0x29,
- 0x7c,0x9a,0xe9,0xcf,0xc4,0x6c,0xf8,0xc3,0xa7,0x41,0x83,0xd6,
- 0x2e,0xfa,0xb8,0x5e,0x8e,0x6b,0x78,0x20
- };
-
-__fips_constseg
-static const unsigned char sha512_additionalinput2[] =
- {
- 0xd7,0x07,0x52,0xb9,0x83,0x2c,0x03,0x71,0xee,0xc9,0xc0,0x85,
- 0xe1,0x57,0xb2,0xcd,0x3a,0xf0,0xc9,0x34,0x24,0x41,0x1c,0x42,
- 0x99,0xb2,0x84,0xe9,0x17,0xd2,0x76,0x92
- };
-
-__fips_constseg
-static const unsigned char sha512_returnedbits[] =
- {
- 0x36,0x17,0x5d,0x98,0x2b,0x65,0x25,0x8e,0xc8,0x29,0xdf,0x27,
- 0x05,0x36,0x26,0x12,0x8a,0x68,0x74,0x27,0x37,0xd4,0x7f,0x32,
- 0xb1,0x12,0xd6,0x85,0x83,0xeb,0x2e,0xa0,0xed,0x4b,0xb5,0x7b,
- 0x6f,0x39,0x3c,0x71,0x77,0x02,0x12,0xcc,0x2c,0x3a,0x8e,0x63,
- 0xdf,0x4a,0xbd,0x6f,0x6e,0x2e,0xed,0x0a,0x85,0xa5,0x2f,0xa2,
- 0x68,0xde,0x42,0xb5
- };
-
-
-/* HMAC SHA-1 PR */
-__fips_constseg
-static const unsigned char hmac_sha1_pr_entropyinput[] =
- {
- 0x26,0x5f,0x36,0x14,0xff,0x3d,0x83,0xfa,0x73,0x5e,0x75,0xdc,
- 0x2c,0x18,0x17,0x1b
- };
-
-__fips_constseg
-static const unsigned char hmac_sha1_pr_nonce[] =
- {
- 0xc8,0xe3,0x57,0xa5,0x7b,0x74,0x86,0x6e
- };
-
-__fips_constseg
-static const unsigned char hmac_sha1_pr_personalizationstring[] =
- {
- 0x6e,0xdb,0x0d,0xfe,0x7d,0xac,0x79,0xd0,0xa5,0x3a,0x48,0x85,
- 0x80,0xe2,0x7f,0x2a
- };
-
-__fips_constseg
-static const unsigned char hmac_sha1_pr_additionalinput[] =
- {
- 0x31,0xcd,0x5e,0x43,0xdc,0xfb,0x7a,0x79,0xca,0x88,0xde,0x1f,
- 0xd7,0xbb,0x42,0x09
- };
-
-__fips_constseg
-static const unsigned char hmac_sha1_pr_entropyinputpr[] =
- {
- 0x7c,0x23,0x95,0x38,0x00,0x95,0xc1,0x78,0x1f,0x8f,0xd7,0x63,
- 0x23,0x87,0x2a,0xed
- };
-
-__fips_constseg
-static const unsigned char hmac_sha1_pr_int_returnedbits[] =
- {
- 0xbb,0x34,0xe7,0x93,0xa3,0x02,0x2c,0x4a,0xd0,0x89,0xda,0x7f,
- 0xed,0xf4,0x4c,0xde,0x17,0xec,0xe5,0x6c
- };
-
-__fips_constseg
-static const unsigned char hmac_sha1_pr_additionalinput2[] =
- {
- 0x49,0xbc,0x2d,0x2c,0xb7,0x32,0xcb,0x20,0xdf,0xf5,0x77,0x58,
- 0xa0,0x4b,0x93,0x6e
- };
-
-__fips_constseg
-static const unsigned char hmac_sha1_pr_entropyinputpr2[] =
- {
- 0x3c,0xaa,0xb0,0x21,0x42,0xb0,0xdd,0x34,0xf0,0x16,0x7f,0x0c,
- 0x0f,0xff,0x2e,0xaf
- };
-
-__fips_constseg
-static const unsigned char hmac_sha1_pr_returnedbits[] =
- {
- 0x8e,0xcb,0xa3,0x64,0xb2,0xb8,0x33,0x6c,0x64,0x3b,0x78,0x16,
- 0x99,0x35,0xc8,0x30,0xcb,0x3e,0xa0,0xd8
- };
-
-
-/* HMAC SHA-1 No PR */
-__fips_constseg
-static const unsigned char hmac_sha1_entropyinput[] =
- {
- 0x32,0x9a,0x2a,0x87,0x7b,0x89,0x7c,0xf6,0xcb,0x95,0xd5,0x40,
- 0x17,0xfe,0x47,0x70
- };
-
-__fips_constseg
-static const unsigned char hmac_sha1_nonce[] =
- {
- 0x16,0xd8,0xe0,0xc7,0x52,0xcf,0x4a,0x25
- };
-
-__fips_constseg
-static const unsigned char hmac_sha1_personalizationstring[] =
- {
- 0x35,0x35,0xa9,0xa5,0x40,0xbe,0x9b,0xd1,0x56,0xdd,0x44,0x00,
- 0x72,0xf7,0xd3,0x5e
- };
-
-__fips_constseg
-static const unsigned char hmac_sha1_additionalinput[] =
- {
- 0x1b,0x2c,0x84,0x2d,0x4a,0x89,0x8f,0x69,0x19,0xf1,0xf3,0xdb,
- 0xbb,0xe3,0xaa,0xea
- };
-
-__fips_constseg
-static const unsigned char hmac_sha1_int_returnedbits[] =
- {
- 0xcf,0xfa,0x7d,0x72,0x0f,0xe6,0xc7,0x96,0xa0,0x69,0x31,0x11,
- 0x9b,0x0b,0x1a,0x20,0x1f,0x3f,0xaa,0xd1
- };
-
-__fips_constseg
-static const unsigned char hmac_sha1_entropyinputreseed[] =
- {
- 0x90,0x75,0x15,0x04,0x95,0xf1,0xba,0x81,0x0c,0x37,0x94,0x6f,
- 0x86,0x52,0x6d,0x9c
- };
-
-__fips_constseg
-static const unsigned char hmac_sha1_additionalinputreseed[] =
- {
- 0x5b,0x40,0xba,0x5f,0x17,0x70,0xf0,0x4b,0xdf,0xc9,0x97,0x92,
- 0x79,0xc5,0x82,0x28
- };
-
-__fips_constseg
-static const unsigned char hmac_sha1_additionalinput2[] =
- {
- 0x97,0xc8,0x80,0x90,0xb3,0xaa,0x6e,0x60,0xea,0x83,0x7a,0xe3,
- 0x8a,0xca,0xa4,0x7f
- };
-
-__fips_constseg
-static const unsigned char hmac_sha1_returnedbits[] =
- {
- 0x90,0xbd,0x05,0x56,0x6d,0xb5,0x22,0xd5,0xb9,0x5a,0x29,0x2d,
- 0xe9,0x0b,0xe1,0xac,0xde,0x27,0x0b,0xb0
- };
-
-
-/* HMAC SHA-224 PR */
-__fips_constseg
-static const unsigned char hmac_sha224_pr_entropyinput[] =
- {
- 0x17,0x32,0x2b,0x2e,0x6f,0x1b,0x9c,0x6d,0x31,0xe0,0x34,0x07,
- 0xcf,0xed,0xf6,0xb6,0x5a,0x76,0x4c,0xbc,0x62,0x85,0x01,0x90
- };
-
-__fips_constseg
-static const unsigned char hmac_sha224_pr_nonce[] =
- {
- 0x38,0xbf,0x5f,0x20,0xb3,0x68,0x2f,0x43,0x61,0x05,0x8f,0x23
- };
-
-__fips_constseg
-static const unsigned char hmac_sha224_pr_personalizationstring[] =
- {
- 0xc0,0xc9,0x45,0xac,0x8d,0x27,0x77,0x08,0x0b,0x17,0x6d,0xed,
- 0xc1,0x7d,0xd5,0x07,0x9d,0x6e,0xf8,0x23,0x2a,0x22,0x13,0xbd
- };
-
-__fips_constseg
-static const unsigned char hmac_sha224_pr_additionalinput[] =
- {
- 0xa4,0x3c,0xe7,0x3b,0xea,0x19,0x45,0x32,0xc2,0x83,0x6d,0x21,
- 0x8a,0xc0,0xee,0x67,0x45,0xde,0x13,0x7d,0x9d,0x61,0x00,0x3b
- };
-
-__fips_constseg
-static const unsigned char hmac_sha224_pr_entropyinputpr[] =
- {
- 0x15,0x05,0x74,0x4a,0x7f,0x8d,0x5c,0x60,0x16,0xe5,0x7b,0xad,
- 0xf5,0x41,0x8f,0x55,0x60,0xc4,0x09,0xee,0x1e,0x11,0x81,0xab
- };
-
-__fips_constseg
-static const unsigned char hmac_sha224_pr_int_returnedbits[] =
- {
- 0x6f,0xf5,0x9a,0xe2,0x54,0x53,0x30,0x3d,0x5a,0x27,0x29,0x38,
- 0x27,0xf2,0x0d,0x05,0xe9,0x26,0xcb,0x16,0xc3,0x51,0x5f,0x13,
- 0x41,0xfe,0x99,0xf2
- };
-
-__fips_constseg
-static const unsigned char hmac_sha224_pr_additionalinput2[] =
- {
- 0x73,0x81,0x88,0x84,0x8f,0xed,0x6f,0x10,0x9f,0x93,0xbf,0x17,
- 0x35,0x7c,0xef,0xd5,0x8d,0x26,0xa6,0x7a,0xe8,0x09,0x36,0x4f
- };
-
-__fips_constseg
-static const unsigned char hmac_sha224_pr_entropyinputpr2[] =
- {
- 0xe6,0xcf,0xcf,0x7e,0x12,0xe5,0x43,0xd2,0x38,0xd8,0x24,0x6f,
- 0x5a,0x37,0x68,0xbf,0x4f,0xa0,0xff,0xd5,0x61,0x8a,0x93,0xe0
- };
-
-__fips_constseg
-static const unsigned char hmac_sha224_pr_returnedbits[] =
- {
- 0xaf,0xf9,0xd8,0x19,0x91,0x30,0x82,0x6f,0xa9,0x1e,0x9d,0xd7,
- 0xf3,0x50,0xe0,0xc7,0xd5,0x64,0x96,0x7d,0x4c,0x4d,0x78,0x03,
- 0x6d,0xd8,0x9e,0x72
- };
-
-
-/* HMAC SHA-224 No PR */
-__fips_constseg
-static const unsigned char hmac_sha224_entropyinput[] =
- {
- 0x11,0x82,0xfd,0xd9,0x42,0xf4,0xfa,0xc8,0xf2,0x41,0xe6,0x54,
- 0x01,0xae,0x22,0x6e,0xc6,0xaf,0xaf,0xd0,0xa6,0xb2,0xe2,0x6d
- };
-
-__fips_constseg
-static const unsigned char hmac_sha224_nonce[] =
- {
- 0xa9,0x48,0xd7,0x92,0x39,0x7e,0x2a,0xdc,0x30,0x1f,0x0e,0x2b
- };
-
-__fips_constseg
-static const unsigned char hmac_sha224_personalizationstring[] =
- {
- 0x11,0xd5,0xf4,0xbd,0x67,0x8c,0x31,0xcf,0xa3,0x3f,0x1e,0x6b,
- 0xa8,0x07,0x02,0x0b,0xc8,0x2e,0x6c,0x64,0x41,0x5b,0xc8,0x37
- };
-
-__fips_constseg
-static const unsigned char hmac_sha224_additionalinput[] =
- {
- 0x68,0x18,0xc2,0x06,0xeb,0x3e,0x04,0x95,0x44,0x5e,0xfb,0xe6,
- 0x41,0xc1,0x5c,0xcc,0x40,0x2f,0xb7,0xd2,0x0f,0xf3,0x6b,0xe7
- };
-
-__fips_constseg
-static const unsigned char hmac_sha224_int_returnedbits[] =
- {
- 0x7f,0x45,0xc7,0x5d,0x32,0xe6,0x17,0x60,0xba,0xdc,0xb8,0x42,
- 0x1b,0x9c,0xf1,0xfa,0x3b,0x4d,0x29,0x54,0xc6,0x90,0xff,0x5c,
- 0xcd,0xd6,0xa9,0xcc
- };
-
-__fips_constseg
-static const unsigned char hmac_sha224_entropyinputreseed[] =
- {
- 0xc4,0x8e,0x37,0x95,0x69,0x53,0x28,0xd7,0x37,0xbb,0x70,0x95,
- 0x1c,0x07,0x1d,0xd9,0xb7,0xe6,0x1b,0xbb,0xfe,0x41,0xeb,0xc9
- };
-
-__fips_constseg
-static const unsigned char hmac_sha224_additionalinputreseed[] =
- {
- 0x53,0x17,0xa1,0x6a,0xfa,0x77,0x47,0xb0,0x95,0x56,0x9a,0x20,
- 0x57,0xde,0x5c,0x89,0x9f,0x7f,0xe2,0xde,0x17,0x3a,0x50,0x23
- };
-
-__fips_constseg
-static const unsigned char hmac_sha224_additionalinput2[] =
- {
- 0x3a,0x32,0xf9,0x85,0x0c,0xc1,0xed,0x76,0x2d,0xdf,0x40,0xc3,
- 0x06,0x22,0x66,0xd4,0x9a,0x9a,0xff,0x5a,0x7e,0x7a,0xf3,0x96
- };
-
-__fips_constseg
-static const unsigned char hmac_sha224_returnedbits[] =
- {
- 0x43,0xb4,0x57,0x5c,0x38,0x25,0x9d,0xae,0xec,0x96,0xd1,0x85,
- 0x3a,0x84,0x8d,0xfe,0x68,0xd5,0x0e,0x5c,0x8f,0x65,0xa5,0x4e,
- 0x45,0x84,0xa8,0x94
- };
-
-
-/* HMAC SHA-256 PR */
-__fips_constseg
-static const unsigned char hmac_sha256_pr_entropyinput[] =
- {
- 0x4d,0xb0,0x43,0xd8,0x34,0x4b,0x10,0x70,0xb1,0x8b,0xed,0xea,
- 0x07,0x92,0x9f,0x6c,0x79,0x31,0xaf,0x81,0x29,0xeb,0x6e,0xca,
- 0x32,0x48,0x28,0xe7,0x02,0x5d,0xa6,0xa6
- };
-
-__fips_constseg
-static const unsigned char hmac_sha256_pr_nonce[] =
- {
- 0x3a,0xae,0x15,0xa9,0x99,0xdc,0xe4,0x67,0x34,0x3b,0x70,0x15,
- 0xaa,0xd3,0x30,0x9a
- };
-
-__fips_constseg
-static const unsigned char hmac_sha256_pr_personalizationstring[] =
- {
- 0x13,0x1d,0x24,0x04,0xb0,0x18,0x81,0x15,0x21,0x51,0x2a,0x24,
- 0x52,0x61,0xbe,0x64,0x82,0x6b,0x55,0x2f,0xe2,0xf1,0x40,0x7d,
- 0x71,0xd8,0x01,0x86,0x15,0xb7,0x8b,0xb5
- };
-
-__fips_constseg
-static const unsigned char hmac_sha256_pr_additionalinput[] =
- {
- 0x8f,0xa6,0x54,0x5f,0xb1,0xd0,0xd8,0xc3,0xe7,0x0c,0x15,0xa9,
- 0x23,0x6e,0xfe,0xfb,0x93,0xf7,0x3a,0xbd,0x59,0x01,0xfa,0x18,
- 0x8e,0xe9,0x1a,0xa9,0x78,0xfc,0x79,0x0b
- };
-
-__fips_constseg
-static const unsigned char hmac_sha256_pr_entropyinputpr[] =
- {
- 0xcf,0x24,0xb9,0xeb,0xb3,0xd4,0xcd,0x17,0x37,0x38,0x75,0x79,
- 0x15,0xcb,0x2d,0x75,0x51,0xf1,0xcc,0xaa,0x32,0xa4,0xa7,0x36,
- 0x7c,0x5c,0xe4,0x47,0xf1,0x3e,0x1d,0xe5
- };
-
-__fips_constseg
-static const unsigned char hmac_sha256_pr_int_returnedbits[] =
- {
- 0x52,0x42,0xfa,0xeb,0x85,0xe0,0x30,0x22,0x79,0x00,0x16,0xb2,
- 0x88,0x2f,0x14,0x6a,0xb7,0xfc,0xb7,0x53,0xdc,0x4a,0x12,0xef,
- 0x54,0xd6,0x33,0xe9,0x20,0xd6,0xfd,0x56
- };
-
-__fips_constseg
-static const unsigned char hmac_sha256_pr_additionalinput2[] =
- {
- 0xf4,0xf6,0x49,0xa1,0x2d,0x64,0x2b,0x30,0x58,0xf8,0xbd,0xb8,
- 0x75,0xeb,0xbb,0x5e,0x1c,0x9b,0x81,0x6a,0xda,0x14,0x86,0x6e,
- 0xd0,0xda,0x18,0xb7,0x88,0xfb,0x59,0xf3
- };
-
-__fips_constseg
-static const unsigned char hmac_sha256_pr_entropyinputpr2[] =
- {
- 0x21,0xcd,0x6e,0x46,0xad,0x99,0x07,0x17,0xb4,0x3d,0x76,0x0a,
- 0xff,0x5b,0x52,0x50,0x78,0xdf,0x1f,0x24,0x06,0x0d,0x3f,0x74,
- 0xa9,0xc9,0x37,0xcf,0xd8,0x26,0x25,0x91
- };
-
-__fips_constseg
-static const unsigned char hmac_sha256_pr_returnedbits[] =
- {
- 0xa7,0xaf,0x2f,0x29,0xe0,0x3a,0x72,0x95,0x96,0x1c,0xa9,0xf0,
- 0x4a,0x17,0x4d,0x66,0x06,0x10,0xbf,0x39,0x89,0x88,0xb8,0x91,
- 0x37,0x18,0x99,0xcf,0x8c,0x53,0x3b,0x7e
- };
-
-
-/* HMAC SHA-256 No PR */
-__fips_constseg
-static const unsigned char hmac_sha256_entropyinput[] =
- {
- 0x96,0xb7,0x53,0x22,0x1e,0x52,0x2a,0x96,0xb1,0x15,0x3c,0x35,
- 0x5a,0x8b,0xd3,0x4a,0xa6,0x6c,0x83,0x0a,0x7d,0xa3,0x23,0x3d,
- 0x43,0xa1,0x07,0x2c,0x2d,0xe3,0x81,0xcc
- };
-
-__fips_constseg
-static const unsigned char hmac_sha256_nonce[] =
- {
- 0xf1,0xac,0x97,0xcb,0x5e,0x06,0x48,0xd2,0x94,0xbe,0x15,0x2e,
- 0xc7,0xfc,0xc2,0x01
- };
-
-__fips_constseg
-static const unsigned char hmac_sha256_personalizationstring[] =
- {
- 0x98,0xc5,0x1e,0x35,0x5e,0x89,0x0d,0xce,0x64,0x6d,0x18,0xa7,
- 0x5a,0xc6,0xf3,0xe7,0xd6,0x9e,0xc0,0xea,0xb7,0x3a,0x8d,0x65,
- 0xb8,0xeb,0x10,0xd7,0x57,0x18,0xa0,0x32
- };
-
-__fips_constseg
-static const unsigned char hmac_sha256_additionalinput[] =
- {
- 0x1b,0x10,0xaf,0xac,0xd0,0x65,0x95,0xad,0x04,0xad,0x03,0x1c,
- 0xe0,0x40,0xd6,0x3e,0x1c,0x46,0x53,0x39,0x7c,0xe2,0xbc,0xda,
- 0x8c,0xa2,0x33,0xa7,0x9a,0x26,0xd3,0x27
- };
-
-__fips_constseg
-static const unsigned char hmac_sha256_int_returnedbits[] =
- {
- 0xba,0x61,0x0e,0x55,0xfe,0x11,0x8a,0x9e,0x0f,0x80,0xdf,0x1d,
- 0x03,0x0a,0xfe,0x15,0x94,0x28,0x4b,0xba,0xf4,0x9f,0x51,0x25,
- 0x88,0xe5,0x4e,0xfb,0xaf,0xce,0x69,0x90
- };
-
-__fips_constseg
-static const unsigned char hmac_sha256_entropyinputreseed[] =
- {
- 0x62,0x7f,0x1e,0x6b,0xe8,0x8e,0xe1,0x35,0x7d,0x9b,0x4f,0xc7,
- 0xec,0xc8,0xac,0xef,0x6b,0x13,0x9e,0x05,0x56,0xc1,0x08,0xf9,
- 0x2f,0x0f,0x27,0x9c,0xd4,0x15,0xed,0x2d
- };
-
-__fips_constseg
-static const unsigned char hmac_sha256_additionalinputreseed[] =
- {
- 0xc7,0x76,0x6e,0xa9,0xd2,0xb2,0x76,0x40,0x82,0x25,0x2c,0xb3,
- 0x6f,0xac,0xe9,0x74,0xef,0x8f,0x3c,0x8e,0xcd,0xf1,0xbf,0xb3,
- 0x49,0x77,0x34,0x88,0x52,0x36,0xe6,0x2e
- };
-
-__fips_constseg
-static const unsigned char hmac_sha256_additionalinput2[] =
- {
- 0x8d,0xb8,0x0c,0xd1,0xbf,0x70,0xf6,0x19,0xc3,0x41,0x80,0x9f,
- 0xe1,0xa5,0xa4,0x1f,0x2c,0x26,0xb1,0xe5,0xd8,0xeb,0xbe,0xf8,
- 0xdf,0x88,0x6a,0x89,0xd6,0x05,0xd8,0x9d
- };
-
-__fips_constseg
-static const unsigned char hmac_sha256_returnedbits[] =
- {
- 0x43,0x12,0x2a,0x2c,0x40,0x53,0x2e,0x7c,0x66,0x34,0xac,0xc3,
- 0x43,0xe3,0xe0,0x6a,0xfc,0xfa,0xea,0x87,0x21,0x1f,0xe2,0x26,
- 0xc4,0xf9,0x09,0x9a,0x0d,0x6e,0x7f,0xe0
- };
-
-
-/* HMAC SHA-384 PR */
-__fips_constseg
-static const unsigned char hmac_sha384_pr_entropyinput[] =
- {
- 0x69,0x81,0x98,0x88,0x44,0xf5,0xd6,0x2e,0x00,0x08,0x3b,0xc5,
- 0xfb,0xd7,0x8e,0x6f,0x23,0xf8,0x6d,0x09,0xd6,0x85,0x49,0xd1,
- 0xf8,0x6d,0xa4,0x58,0x54,0xfd,0x88,0xa9
- };
-
-__fips_constseg
-static const unsigned char hmac_sha384_pr_nonce[] =
- {
- 0x6e,0x38,0x81,0xca,0xb7,0xe8,0x6e,0x66,0x49,0x8a,0xb2,0x59,
- 0xee,0x16,0xc9,0xde
- };
-
-__fips_constseg
-static const unsigned char hmac_sha384_pr_personalizationstring[] =
- {
- 0xfe,0x4c,0xd9,0xf4,0x78,0x3b,0x08,0x41,0x8d,0x8f,0x55,0xc4,
- 0x43,0x56,0xb6,0x12,0x36,0x6b,0x30,0xb7,0x5e,0xe1,0xb9,0x47,
- 0x04,0xb1,0x4e,0xa9,0x00,0xa1,0x52,0xa1
- };
-
-__fips_constseg
-static const unsigned char hmac_sha384_pr_additionalinput[] =
- {
- 0x89,0xe9,0xcc,0x8f,0x27,0x3c,0x26,0xd1,0x95,0xc8,0x7d,0x0f,
- 0x5b,0x1a,0xf0,0x78,0x39,0x56,0x6f,0xa4,0x23,0xe7,0xd1,0xda,
- 0x7c,0x66,0x33,0xa0,0x90,0xc9,0x92,0x88
- };
-
-__fips_constseg
-static const unsigned char hmac_sha384_pr_entropyinputpr[] =
- {
- 0xbe,0x3d,0x7c,0x0d,0xca,0xda,0x7c,0x49,0xb8,0x12,0x36,0xc0,
- 0xdb,0xad,0x35,0xa8,0xc7,0x0b,0x2a,0x2c,0x69,0x6d,0x25,0x56,
- 0x63,0x82,0x11,0x3e,0xa7,0x33,0x70,0x72
- };
-
-__fips_constseg
-static const unsigned char hmac_sha384_pr_int_returnedbits[] =
- {
- 0x82,0x3d,0xe6,0x54,0x80,0x42,0xf8,0xba,0x90,0x4f,0x06,0xa6,
- 0xd2,0x7f,0xbf,0x79,0x7c,0x12,0x7d,0xa6,0xa2,0x66,0xe8,0xa6,
- 0xc0,0xd6,0x4a,0x55,0xbf,0xd8,0x0a,0xc5,0xf8,0x03,0x88,0xdd,
- 0x8e,0x87,0xd1,0x5a,0x48,0x26,0x72,0x2a,0x8e,0xcf,0xee,0xba
- };
-
-__fips_constseg
-static const unsigned char hmac_sha384_pr_additionalinput2[] =
- {
- 0x8f,0xff,0xd9,0x84,0xbb,0x85,0x3a,0x66,0xa1,0x21,0xce,0xb2,
- 0x3a,0x3a,0x17,0x22,0x19,0xae,0xc7,0xb6,0x63,0x81,0xd5,0xff,
- 0x0d,0xc8,0xe1,0xaf,0x57,0xd2,0xcb,0x60
- };
-
-__fips_constseg
-static const unsigned char hmac_sha384_pr_entropyinputpr2[] =
- {
- 0xd7,0xfb,0xc9,0xe8,0xe2,0xf2,0xaa,0x4c,0xb8,0x51,0x2f,0xe1,
- 0x22,0xba,0xf3,0xda,0x0a,0x19,0x76,0x71,0x57,0xb2,0x1d,0x94,
- 0x09,0x69,0x6c,0xd3,0x97,0x51,0x81,0x87
- };
-
-__fips_constseg
-static const unsigned char hmac_sha384_pr_returnedbits[] =
- {
- 0xe6,0x19,0x28,0xa8,0x21,0xce,0x5e,0xdb,0x24,0x79,0x8c,0x76,
- 0x5d,0x73,0xb2,0xdf,0xac,0xef,0x85,0xa7,0x3b,0x19,0x09,0x8b,
- 0x7f,0x98,0x28,0xa9,0x93,0xd8,0x7a,0xad,0x55,0x8b,0x24,0x9d,
- 0xe6,0x98,0xfe,0x47,0xd5,0x48,0xc1,0x23,0xd8,0x1d,0x62,0x75
- };
-
-
-/* HMAC SHA-384 No PR */
-__fips_constseg
-static const unsigned char hmac_sha384_entropyinput[] =
- {
- 0xc3,0x56,0x2b,0x1d,0xc2,0xbb,0xa8,0xf0,0xae,0x1b,0x0d,0xd3,
- 0x5a,0x6c,0xda,0x57,0x8e,0xa5,0x8a,0x0d,0x6c,0x4b,0x18,0xb1,
- 0x04,0x3e,0xb4,0x99,0x35,0xc4,0xc0,0x5f
- };
-
-__fips_constseg
-static const unsigned char hmac_sha384_nonce[] =
- {
- 0xc5,0x49,0x1e,0x66,0x27,0x92,0xbe,0xec,0xb5,0x1e,0x4b,0xb1,
- 0x38,0xe3,0xeb,0x62
- };
-
-__fips_constseg
-static const unsigned char hmac_sha384_personalizationstring[] =
- {
- 0xbe,0xe7,0x6b,0x57,0xde,0x88,0x11,0x96,0x9b,0x6e,0xea,0xe5,
- 0x63,0x83,0x4c,0xb6,0x8d,0x66,0xaa,0x1f,0x8b,0x54,0xe7,0x62,
- 0x6d,0x5a,0xfc,0xbf,0x97,0xba,0xcd,0x77
- };
-
-__fips_constseg
-static const unsigned char hmac_sha384_additionalinput[] =
- {
- 0xe5,0x28,0x5f,0x43,0xf5,0x83,0x6e,0x0a,0x83,0x5c,0xe3,0x81,
- 0x03,0xf2,0xf8,0x78,0x00,0x7c,0x95,0x87,0x16,0xd6,0x6c,0x58,
- 0x33,0x6c,0x53,0x35,0x0d,0x66,0xe3,0xce
- };
-
-__fips_constseg
-static const unsigned char hmac_sha384_int_returnedbits[] =
- {
- 0xe2,0x1f,0xf3,0xda,0x0d,0x19,0x99,0x87,0xc4,0x90,0xa2,0x31,
- 0xca,0x2a,0x89,0x58,0x43,0x44,0xb8,0xde,0xcf,0xa4,0xbe,0x3b,
- 0x53,0x26,0x22,0x31,0x76,0x41,0x22,0xb5,0xa8,0x70,0x2f,0x4b,
- 0x64,0x95,0x4d,0x48,0x96,0x35,0xe6,0xbd,0x3c,0x34,0xdb,0x1b
- };
-
-__fips_constseg
-static const unsigned char hmac_sha384_entropyinputreseed[] =
- {
- 0x77,0x61,0xba,0xbc,0xf2,0xc1,0xf3,0x4b,0x86,0x65,0xfd,0x48,
- 0x0e,0x3c,0x02,0x5e,0xa2,0x7a,0x6b,0x7c,0xed,0x21,0x5e,0xf9,
- 0xcd,0xcd,0x77,0x07,0x2b,0xbe,0xc5,0x5c
- };
-
-__fips_constseg
-static const unsigned char hmac_sha384_additionalinputreseed[] =
- {
- 0x18,0x24,0x5f,0xc6,0x84,0xd1,0x67,0xc3,0x9a,0x11,0xa5,0x8c,
- 0x07,0x39,0x21,0x83,0x4d,0x04,0xc4,0x6a,0x28,0x19,0xcf,0x92,
- 0x21,0xd9,0x9e,0x41,0x72,0x6c,0x9e,0x63
- };
-
-__fips_constseg
-static const unsigned char hmac_sha384_additionalinput2[] =
- {
- 0x96,0x67,0x41,0x28,0x9b,0xb7,0x92,0x8d,0x64,0x3b,0xe4,0xcf,
- 0x7e,0xaa,0x1e,0xb1,0x4b,0x1d,0x09,0x56,0x67,0x9c,0xc6,0x6d,
- 0x3b,0xe8,0x91,0x9d,0xe1,0x8a,0xb7,0x32
- };
-
-__fips_constseg
-static const unsigned char hmac_sha384_returnedbits[] =
- {
- 0xe3,0x59,0x61,0x38,0x92,0xec,0xe2,0x3c,0xff,0xb7,0xdb,0x19,
- 0x0f,0x5b,0x93,0x68,0x0d,0xa4,0x94,0x40,0x72,0x0b,0xe0,0xed,
- 0x4d,0xcd,0x68,0xa0,0x1e,0xfe,0x67,0xb2,0xfa,0x21,0x56,0x74,
- 0xa4,0xad,0xcf,0xb7,0x60,0x66,0x2e,0x40,0xde,0x82,0xca,0xfb
- };
-
-
-/* HMAC SHA-512 PR */
-__fips_constseg
-static const unsigned char hmac_sha512_pr_entropyinput[] =
- {
- 0xaa,0x9e,0x45,0x67,0x0e,0x00,0x2a,0x67,0x98,0xd6,0xda,0x0b,
- 0x0f,0x17,0x7e,0xac,0xfd,0x27,0xc4,0xca,0x84,0xdf,0xde,0xba,
- 0x85,0xd9,0xbe,0x8f,0xf3,0xff,0x91,0x4d
- };
-
-__fips_constseg
-static const unsigned char hmac_sha512_pr_nonce[] =
- {
- 0x8c,0x49,0x2f,0x58,0x1e,0x7a,0xda,0x4b,0x7e,0x8a,0x30,0x7b,
- 0x86,0xea,0xaf,0xa2
- };
-
-__fips_constseg
-static const unsigned char hmac_sha512_pr_personalizationstring[] =
- {
- 0x71,0xe1,0xbb,0xad,0xa7,0x4b,0x2e,0x31,0x3b,0x0b,0xec,0x24,
- 0x99,0x38,0xbc,0xaa,0x05,0x4c,0x46,0x44,0xfa,0xad,0x8e,0x02,
- 0xc1,0x7e,0xad,0xec,0x54,0xa6,0xd0,0xad
- };
-
-__fips_constseg
-static const unsigned char hmac_sha512_pr_additionalinput[] =
- {
- 0x3d,0x6e,0xa6,0xa8,0x29,0x2a,0xb2,0xf5,0x98,0x42,0xe4,0x92,
- 0x78,0x22,0x67,0xfd,0x1b,0x15,0x1e,0x29,0xaa,0x71,0x3c,0x3c,
- 0xe7,0x05,0x20,0xa9,0x29,0xc6,0x75,0x71
- };
-
-__fips_constseg
-static const unsigned char hmac_sha512_pr_entropyinputpr[] =
- {
- 0xab,0xb9,0x16,0xd8,0x55,0x35,0x54,0xb7,0x97,0x3f,0x94,0xbc,
- 0x2f,0x7c,0x70,0xc7,0xd0,0xed,0xb7,0x4b,0xf7,0xf6,0x6c,0x03,
- 0x0c,0xb0,0x03,0xd8,0xbb,0x71,0xd9,0x10
- };
-
-__fips_constseg
-static const unsigned char hmac_sha512_pr_int_returnedbits[] =
- {
- 0x8e,0xd3,0xfd,0x52,0x9e,0x83,0x08,0x49,0x18,0x6e,0x23,0x56,
- 0x5c,0x45,0x93,0x34,0x05,0xe2,0x98,0x8f,0x0c,0xd4,0x32,0x0c,
- 0xfd,0xda,0x5f,0x92,0x3a,0x8c,0x81,0xbd,0xf6,0x6c,0x55,0xfd,
- 0xb8,0x20,0xce,0x8d,0x97,0x27,0xe8,0xe8,0xe0,0xb3,0x85,0x50,
- 0xa2,0xc2,0xb2,0x95,0x1d,0x48,0xd3,0x7b,0x4b,0x78,0x13,0x35,
- 0x05,0x17,0xbe,0x0d
- };
-
-__fips_constseg
-static const unsigned char hmac_sha512_pr_additionalinput2[] =
- {
- 0xc3,0xfc,0x95,0xaa,0x69,0x06,0xae,0x59,0x41,0xce,0x26,0x08,
- 0x29,0x6d,0x45,0xda,0xe8,0xb3,0x6c,0x95,0x60,0x0f,0x70,0x2c,
- 0x10,0xba,0x38,0x8c,0xcf,0x29,0x99,0xaa
- };
-
-__fips_constseg
-static const unsigned char hmac_sha512_pr_entropyinputpr2[] =
- {
- 0x3b,0x9a,0x25,0xce,0xd7,0xf9,0x5c,0xd1,0x3a,0x3e,0xaa,0x71,
- 0x14,0x3e,0x19,0xe8,0xce,0xe6,0xfe,0x51,0x84,0xe9,0x1b,0xfe,
- 0x3f,0xa7,0xf2,0xfd,0x76,0x5f,0x6a,0xe7
- };
-
-__fips_constseg
-static const unsigned char hmac_sha512_pr_returnedbits[] =
- {
- 0xb7,0x82,0xa9,0x57,0x81,0x67,0x53,0xb5,0xa1,0xe9,0x3d,0x35,
- 0xf9,0xe4,0x97,0xbe,0xa6,0xca,0xf1,0x01,0x13,0x09,0xe7,0x21,
- 0xc0,0xed,0x93,0x5d,0x4b,0xf4,0xeb,0x8d,0x53,0x25,0x8a,0xc4,
- 0xb1,0x6f,0x6e,0x37,0xcd,0x2e,0xac,0x39,0xb2,0xb6,0x99,0xa3,
- 0x82,0x00,0xb0,0x21,0xf0,0xc7,0x2f,0x4c,0x73,0x92,0xfd,0x00,
- 0xb6,0xaf,0xbc,0xd3
- };
-
-
-/* HMAC SHA-512 No PR */
-__fips_constseg
-static const unsigned char hmac_sha512_entropyinput[] =
- {
- 0x6e,0x85,0xe6,0x25,0x96,0x29,0xa7,0x52,0x5b,0x60,0xba,0xaa,
- 0xde,0xdb,0x36,0x0a,0x51,0x9a,0x15,0xae,0x6e,0x18,0xd3,0xfe,
- 0x39,0xb9,0x4a,0x96,0xf8,0x77,0xcb,0x95
- };
-
-__fips_constseg
-static const unsigned char hmac_sha512_nonce[] =
- {
- 0xe0,0xa6,0x5d,0x08,0xc3,0x7c,0xae,0x25,0x2e,0x80,0xd1,0x3e,
- 0xd9,0xaf,0x43,0x3c
- };
-
-__fips_constseg
-static const unsigned char hmac_sha512_personalizationstring[] =
- {
- 0x53,0x99,0x52,0x5f,0x11,0xa9,0x64,0x66,0x20,0x5e,0x1b,0x5f,
- 0x42,0xb3,0xf4,0xda,0xed,0xbb,0x63,0xc1,0x23,0xaf,0xd0,0x01,
- 0x90,0x3b,0xd0,0x78,0xe4,0x0b,0xa7,0x20
- };
-
-__fips_constseg
-static const unsigned char hmac_sha512_additionalinput[] =
- {
- 0x85,0x90,0x80,0xd3,0x98,0xf1,0x53,0x6d,0x68,0x15,0x8f,0xe5,
- 0x60,0x3f,0x17,0x29,0x55,0x8d,0x33,0xb1,0x45,0x64,0x64,0x8d,
- 0x50,0x21,0x89,0xae,0xf6,0xfd,0x32,0x73
- };
-
-__fips_constseg
-static const unsigned char hmac_sha512_int_returnedbits[] =
- {
- 0x28,0x56,0x30,0x6f,0xf4,0xa1,0x48,0xe0,0xc9,0xf5,0x75,0x90,
- 0xcc,0xfb,0xdf,0xdf,0x71,0x3d,0x0a,0x9a,0x03,0x65,0x3b,0x18,
- 0x61,0xe3,0xd1,0xda,0xcc,0x4a,0xfe,0x55,0x38,0xf8,0x21,0x6b,
- 0xfa,0x18,0x01,0x42,0x39,0x2f,0x99,0x53,0x38,0x15,0x82,0x34,
- 0xc5,0x93,0x92,0xbc,0x4d,0x75,0x1a,0x5f,0x21,0x27,0xcc,0xa1,
- 0xb1,0x57,0x69,0xe8
- };
-
-__fips_constseg
-static const unsigned char hmac_sha512_entropyinputreseed[] =
- {
- 0x8c,0x52,0x7e,0x77,0x72,0x3f,0xa3,0x04,0x97,0x10,0x9b,0x41,
- 0xbd,0xe8,0xff,0x89,0xed,0x80,0xe3,0xbd,0xaa,0x12,0x2d,0xca,
- 0x75,0x82,0x36,0x77,0x88,0xcd,0xa6,0x73
- };
-
-__fips_constseg
-static const unsigned char hmac_sha512_additionalinputreseed[] =
- {
- 0x7e,0x32,0xe3,0x69,0x69,0x07,0x34,0xa2,0x16,0xa2,0x5d,0x1a,
- 0x10,0x91,0xd3,0xe2,0x21,0xa2,0xa3,0xdd,0xcd,0x0c,0x09,0x86,
- 0x11,0xe1,0x50,0xff,0x5c,0xb7,0xeb,0x5c
- };
-
-__fips_constseg
-static const unsigned char hmac_sha512_additionalinput2[] =
- {
- 0x7f,0x78,0x66,0xd8,0xfb,0x67,0xcf,0x8d,0x8c,0x08,0x30,0xa5,
- 0xf8,0x7d,0xcf,0x44,0x59,0xce,0xf8,0xdf,0x58,0xd3,0x60,0xcb,
- 0xa8,0x60,0xb9,0x07,0xc4,0xb1,0x95,0x48
- };
-
-__fips_constseg
-static const unsigned char hmac_sha512_returnedbits[] =
- {
- 0xdf,0xa7,0x36,0xd4,0xdc,0x5d,0x4d,0x31,0xad,0x69,0x46,0x9f,
- 0xf1,0x7c,0xd7,0x3b,0x4f,0x55,0xf2,0xd7,0xb9,0x9d,0xad,0x7a,
- 0x79,0x08,0x59,0xa5,0xdc,0x74,0xf5,0x9b,0x73,0xd2,0x13,0x25,
- 0x0b,0x81,0x08,0x08,0x25,0xfb,0x39,0xf2,0xf0,0xa3,0xa4,0x8d,
- 0xef,0x05,0x9e,0xb8,0xc7,0x52,0xe4,0x0e,0x42,0xaa,0x7c,0x79,
- 0xc2,0xd6,0xfd,0xa5
- };
-
-
-/* P-256 SHA-1 PR */
-__fips_constseg
-static const unsigned char p_256_sha1_pr_entropyinput[] =
- {
- 0xb7,0xd4,0x38,0x90,0x9a,0xa8,0xfc,0xb6,0xd6,0x3c,0xc5,0x35,
- 0x2b,0x0b,0x0e,0x1f
- };
-
-__fips_constseg
-static const unsigned char p_256_sha1_pr_nonce[] =
- {
- 0xd9,0xae,0xf5,0xe8,0xd5,0x10,0x1f,0x82
- };
-
-__fips_constseg
-static const unsigned char p_256_sha1_pr_personalizationstring[] =
- {
- 0x88,0xe8,0x77,0xab,0x01,0x19,0x5e,0xaf,0x50,0x6c,0x89,0x2d,
- 0x0c,0x12,0xe2,0x11
- };
-
-__fips_constseg
-static const unsigned char p_256_sha1_pr_additionalinput[] =
- {
- 0xd1,0x46,0xa6,0xb0,0x6e,0xc5,0xaa,0x7b,0x6d,0x1a,0xf9,0x36,
- 0x8c,0x95,0x9c,0xed
- };
-
-__fips_constseg
-static const unsigned char p_256_sha1_pr_entropyinputpr[] =
- {
- 0xb0,0x97,0xa8,0x3e,0xd3,0x28,0x3d,0x36,0xdd,0xfe,0x89,0x00,
- 0x63,0x4f,0x21,0xfc
- };
-
-__fips_constseg
-static const unsigned char p_256_sha1_pr_int_returnedbits[] =
- {
- 0x9f,0x66,0x6a,0x38,0x57,0x49,0x15,0xcd,0x5a,0x85,0x03,0x97,
- 0x67,0xc3,0x62,0x46,0xb7,0x3a,0xd2,0x08,0x86,0x40,0x4e,0x6d,
- 0x67,0xf4,0x19,0x68,0x92,0x63
- };
-
-__fips_constseg
-static const unsigned char p_256_sha1_pr_additionalinput2[] =
- {
- 0x0c,0xb6,0x1c,0xc7,0x52,0x47,0xe4,0xf1,0xa7,0x75,0x60,0x3d,
- 0x60,0x07,0x72,0x6f
- };
-
-__fips_constseg
-static const unsigned char p_256_sha1_pr_entropyinputpr2[] =
- {
- 0x39,0x37,0xb6,0x55,0x82,0x71,0x0e,0xd4,0x8f,0x8c,0x10,0xe5,
- 0x7c,0x8f,0x5e,0x37
- };
-
-__fips_constseg
-static const unsigned char p_256_sha1_pr_returnedbits[] =
- {
- 0x37,0x6c,0x94,0x02,0xbe,0x28,0x42,0xd5,0xe7,0x4d,0x1a,0x6e,
- 0xa8,0x5a,0x90,0x9a,0x31,0xa8,0x84,0x16,0xbc,0xe9,0x18,0xa4,
- 0xe1,0xa1,0x05,0xf0,0x2a,0xe3
- };
-
-
-/* P-256 SHA-1 No PR */
-__fips_constseg
-static const unsigned char p_256_sha1_entropyinput[] =
- {
- 0xac,0x08,0x45,0x86,0x79,0xfc,0x4b,0xb4,0x8b,0xe4,0xfd,0x1d,
- 0x0e,0xeb,0x1b,0x8f
- };
-
-__fips_constseg
-static const unsigned char p_256_sha1_nonce[] =
- {
- 0x5e,0xf4,0xe9,0xc5,0x04,0xee,0xb7,0x8a
- };
-
-__fips_constseg
-static const unsigned char p_256_sha1_personalizationstring[] =
- {
- 0x55,0x0f,0xca,0x3b,0x1c,0xa6,0xf3,0xce,0xcb,0x6f,0xa7,0xc7,
- 0x26,0x65,0x0f,0x7c
- };
-
-__fips_constseg
-static const unsigned char p_256_sha1_additionalinput[] =
- {
- 0x74,0x51,0x73,0xa9,0xee,0x2e,0x21,0xf9,0xba,0x07,0xe4,0xad,
- 0x97,0xae,0x1c,0x8b
- };
-
-__fips_constseg
-static const unsigned char p_256_sha1_int_returnedbits[] =
- {
- 0x8d,0x45,0x11,0xa9,0x74,0x14,0x05,0x94,0x97,0x66,0x71,0xe2,
- 0x9b,0x61,0x22,0x85,0xa5,0xaa,0x09,0x01,0x75,0xb5,0xab,0x3a,
- 0x3a,0x6e,0x69,0xd3,0xc8,0xc4
- };
-
-__fips_constseg
-static const unsigned char p_256_sha1_entropyinputreseed[] =
- {
- 0x34,0xd9,0x8b,0x67,0x82,0xaf,0x97,0x95,0xe9,0x25,0xa7,0x93,
- 0x37,0x06,0x73,0x5c
- };
-
-__fips_constseg
-static const unsigned char p_256_sha1_additionalinputreseed[] =
- {
- 0x39,0x21,0x24,0x27,0x67,0xa1,0xc3,0xc4,0x90,0xc2,0x68,0x68,
- 0x26,0x9b,0x32,0xc2
- };
-
-__fips_constseg
-static const unsigned char p_256_sha1_additionalinput2[] =
- {
- 0x84,0xa8,0x10,0xe5,0x71,0x0c,0x1e,0x74,0x42,0x6a,0xa5,0x09,
- 0x90,0x74,0x39,0xd7
- };
-
-__fips_constseg
-static const unsigned char p_256_sha1_returnedbits[] =
- {
- 0x1e,0x0b,0x5c,0x41,0xcd,0xab,0x07,0xbd,0xdc,0x53,0xa7,0x62,
- 0xd1,0xd0,0xca,0x19,0xe6,0xbb,0x8e,0xcf,0x1e,0x0a,0x4c,0xc0,
- 0x2d,0x8c,0xe2,0xa4,0x89,0x2c
- };
-
-
-/* P-256 SHA-224 PR */
-__fips_constseg
-static const unsigned char p_256_sha224_pr_entropyinput[] =
- {
- 0x92,0x05,0xf0,0x1e,0xc4,0xc4,0x9e,0xab,0x85,0x10,0x16,0xda,
- 0xa6,0xb4,0xba,0x6f
- };
-
-__fips_constseg
-static const unsigned char p_256_sha224_pr_nonce[] =
- {
- 0xa3,0x5e,0xde,0x12,0xdc,0xa7,0x67,0xfd
- };
-
-__fips_constseg
-static const unsigned char p_256_sha224_pr_personalizationstring[] =
- {
- 0x76,0xa0,0x8d,0x6c,0x0d,0x19,0x5d,0x94,0x9b,0x92,0x67,0x78,
- 0x6c,0x02,0xfe,0xe4
- };
-
-__fips_constseg
-static const unsigned char p_256_sha224_pr_additionalinput[] =
- {
- 0xe2,0x05,0xcf,0x63,0x0f,0xf1,0xd0,0x41,0xc9,0xe3,0xf6,0xb0,
- 0x57,0xaa,0xcd,0x92
- };
-
-__fips_constseg
-static const unsigned char p_256_sha224_pr_entropyinputpr[] =
- {
- 0x1a,0xd5,0xa9,0x25,0x52,0xa8,0xba,0x51,0x81,0x99,0x62,0x4d,
- 0xbf,0x30,0x44,0xf3
- };
-
-__fips_constseg
-static const unsigned char p_256_sha224_pr_int_returnedbits[] =
- {
- 0xbf,0x9e,0x45,0x73,0x67,0x4b,0x25,0xa5,0x58,0x23,0x31,0xd8,
- 0x0f,0xf3,0xe5,0x5d,0x0e,0x2d,0x9b,0x4a,0x5f,0x93,0x9c,0xad,
- 0x6a,0xc5,0x70,0x4e,0x5e,0x58
- };
-
-__fips_constseg
-static const unsigned char p_256_sha224_pr_additionalinput2[] =
- {
- 0x4a,0x85,0x19,0xb2,0x61,0x5d,0xd5,0xc0,0x1f,0x47,0x72,0x8b,
- 0x62,0x35,0x19,0xc1
- };
-
-__fips_constseg
-static const unsigned char p_256_sha224_pr_entropyinputpr2[] =
- {
- 0xda,0xa7,0x84,0x3f,0xfa,0xf9,0xd1,0x51,0x17,0xf8,0xe3,0x77,
- 0xf5,0x20,0x37,0x17
- };
-
-__fips_constseg
-static const unsigned char p_256_sha224_pr_returnedbits[] =
- {
- 0x15,0xa4,0xa1,0x53,0x4f,0x63,0x06,0xfe,0x28,0xfd,0x58,0xa9,
- 0xac,0x9c,0x83,0xb7,0x3a,0x86,0x82,0x92,0x96,0x89,0xea,0x3d,
- 0xbd,0x83,0x3a,0x06,0x2a,0x7d
- };
-
-
-/* P-256 SHA-224 No PR */
-__fips_constseg
-static const unsigned char p_256_sha224_entropyinput[] =
- {
- 0xec,0x5b,0x46,0x4a,0xe1,0xe1,0xcb,0x31,0x86,0xa7,0x11,0x3a,
- 0xff,0x87,0x4a,0x66
- };
-
-__fips_constseg
-static const unsigned char p_256_sha224_nonce[] =
- {
- 0xd1,0x6c,0x33,0x3c,0x37,0xc9,0xc6,0xac
- };
-
-__fips_constseg
-static const unsigned char p_256_sha224_personalizationstring[] =
- {
- 0x8b,0xfe,0x68,0x96,0x2d,0xc5,0x91,0xb3,0xf2,0xaa,0x15,0xad,
- 0x1a,0x50,0x0c,0x0a
- };
-
-__fips_constseg
-static const unsigned char p_256_sha224_additionalinput[] =
- {
- 0xd4,0x48,0xfd,0x16,0x41,0xea,0xef,0x06,0x7f,0x4a,0xa2,0x60,
- 0x60,0x31,0x20,0x5d
- };
-
-__fips_constseg
-static const unsigned char p_256_sha224_int_returnedbits[] =
- {
- 0x68,0x64,0x67,0x0c,0x73,0x08,0x00,0x60,0x5a,0xa6,0x9a,0x27,
- 0x01,0x81,0xae,0x2e,0x1d,0xa6,0x0a,0x86,0x77,0xef,0x05,0x3f,
- 0x42,0xbe,0x46,0x73,0x40,0x1c
- };
-
-__fips_constseg
-static const unsigned char p_256_sha224_entropyinputreseed[] =
- {
- 0x9c,0xde,0x86,0x11,0x55,0x9a,0xb4,0x2b,0x70,0xf0,0xc6,0x9d,
- 0x8d,0x3a,0xc3,0x1e
- };
-
-__fips_constseg
-static const unsigned char p_256_sha224_additionalinputreseed[] =
- {
- 0x5d,0x5b,0xeb,0x38,0xc5,0x8b,0x2b,0xc8,0x73,0xe3,0x0e,0xca,
- 0x35,0xb0,0x4d,0x11
- };
-
-__fips_constseg
-static const unsigned char p_256_sha224_additionalinput2[] =
- {
- 0xf7,0xa3,0x79,0x4b,0xb0,0x2c,0x1e,0xc6,0x61,0x69,0x14,0x6a,
- 0xed,0xf1,0xa2,0xd8
- };
-
-__fips_constseg
-static const unsigned char p_256_sha224_returnedbits[] =
- {
- 0x89,0x75,0x1b,0x89,0x20,0xcc,0xe2,0xaf,0xae,0x5e,0xc1,0xa9,
- 0xde,0xc0,0x35,0x0b,0xf6,0x4e,0x04,0xfc,0xa7,0xe6,0x35,0xf9,
- 0x16,0x8a,0xc6,0x0c,0x63,0x6b
- };
-
-
-/* P-256 SHA-256 PR */
-__fips_constseg
-static const unsigned char p_256_sha256_pr_entropyinput[] =
- {
- 0x22,0xe4,0x4c,0x01,0x94,0x59,0xce,0x08,0xb3,0x92,0x48,0xe2,
- 0x0d,0x1a,0x32,0x4d
- };
-
-__fips_constseg
-static const unsigned char p_256_sha256_pr_nonce[] =
- {
- 0x8d,0xf9,0x20,0x8a,0x65,0xf4,0x93,0x37
- };
-
-__fips_constseg
-static const unsigned char p_256_sha256_pr_personalizationstring[] =
- {
- 0x06,0x7e,0xe8,0x4f,0xdd,0xae,0x8d,0xf1,0xc9,0x13,0x9a,0x81,
- 0xd3,0x68,0x76,0xc1
- };
-
-__fips_constseg
-static const unsigned char p_256_sha256_pr_additionalinput[] =
- {
- 0xfa,0x8e,0xea,0xf3,0xcf,0xda,0x7c,0x11,0x88,0xaa,0xb9,0x02,
- 0x84,0xc4,0x30,0x54
- };
-
-__fips_constseg
-static const unsigned char p_256_sha256_pr_entropyinputpr[] =
- {
- 0xbb,0x21,0x72,0x4f,0x83,0x03,0x14,0x18,0x8e,0x88,0xec,0x73,
- 0xde,0xed,0x60,0xf7
- };
-
-__fips_constseg
-static const unsigned char p_256_sha256_pr_int_returnedbits[] =
- {
- 0xdc,0x40,0x73,0x5e,0x1d,0x21,0x35,0x8c,0xcf,0xa4,0x50,0x05,
- 0x5e,0x73,0xbd,0xde,0x5e,0x58,0xcc,0xc0,0x6f,0xd9,0xca,0x8d,
- 0x48,0x9d,0x84,0x77,0xc2,0x8e
- };
-
-__fips_constseg
-static const unsigned char p_256_sha256_pr_additionalinput2[] =
- {
- 0x0e,0xa7,0x4d,0x4f,0x19,0x94,0x34,0x05,0x46,0x3e,0x0c,0x05,
- 0x27,0x85,0xd9,0xdf
- };
-
-__fips_constseg
-static const unsigned char p_256_sha256_pr_entropyinputpr2[] =
- {
- 0x4f,0xae,0x44,0x10,0x2b,0xa1,0xbc,0xd7,0xcb,0xa7,0x49,0x55,
- 0x27,0x54,0x36,0x2b
- };
-
-__fips_constseg
-static const unsigned char p_256_sha256_pr_returnedbits[] =
- {
- 0x1c,0x16,0xf7,0x2b,0xd0,0xb7,0x54,0x5a,0xa5,0x85,0x14,0x63,
- 0xd4,0x96,0x81,0x5a,0x6b,0xa4,0xde,0x57,0xbf,0xf3,0x81,0xc7,
- 0xf5,0xbc,0xeb,0x4e,0x49,0xdf
- };
-
-
-/* P-256 SHA-256 No PR */
-__fips_constseg
-static const unsigned char p_256_sha256_entropyinput[] =
- {
- 0xa7,0x0b,0x6b,0xf7,0xfb,0x40,0x1a,0xca,0xa9,0x1f,0x16,0xc9,
- 0x6a,0xd0,0x4a,0x8c
- };
-
-__fips_constseg
-static const unsigned char p_256_sha256_nonce[] =
- {
- 0x97,0x8e,0xb1,0x72,0xe8,0x30,0xfc,0x43
- };
-
-__fips_constseg
-static const unsigned char p_256_sha256_personalizationstring[] =
- {
- 0x6c,0x90,0x00,0x41,0x84,0x7c,0x58,0x56,0x48,0xf0,0x60,0x04,
- 0xe9,0xc0,0xa0,0xd8
- };
-
-__fips_constseg
-static const unsigned char p_256_sha256_additionalinput[] =
- {
- 0x69,0xad,0xd7,0x7c,0xbd,0x90,0xa1,0x63,0xcd,0x64,0x7c,0xb3,
- 0xce,0xff,0xf2,0xf7
- };
-
-__fips_constseg
-static const unsigned char p_256_sha256_int_returnedbits[] =
- {
- 0xe8,0x5a,0x4f,0x5d,0xab,0xc7,0xd2,0x94,0x4d,0xbf,0x02,0x57,
- 0xa1,0x89,0x73,0xa1,0xc2,0xca,0xfb,0x46,0x11,0x41,0x47,0x8e,
- 0x32,0x45,0xd7,0x8a,0x8a,0x38
- };
-
-__fips_constseg
-static const unsigned char p_256_sha256_entropyinputreseed[] =
- {
- 0x5c,0xb4,0x82,0x38,0xa2,0x2d,0x78,0x63,0x2a,0x38,0x77,0x5b,
- 0x9a,0x59,0x4d,0x17
- };
-
-__fips_constseg
-static const unsigned char p_256_sha256_additionalinputreseed[] =
- {
- 0x43,0x28,0x7f,0x91,0x92,0xad,0x88,0x75,0x64,0xe5,0xef,0x95,
- 0x59,0xa9,0x11,0x61
- };
-
-__fips_constseg
-static const unsigned char p_256_sha256_additionalinput2[] =
- {
- 0x77,0xee,0xfc,0x84,0x5b,0x69,0xdf,0x9f,0x7e,0xf2,0xb1,0x35,
- 0x34,0x28,0x8f,0xcd
- };
-
-__fips_constseg
-static const unsigned char p_256_sha256_returnedbits[] =
- {
- 0x2d,0x45,0x00,0x60,0x87,0x6c,0xfa,0x69,0x06,0x9e,0x99,0xf9,
- 0xf6,0xb6,0x1e,0xf6,0xfb,0x6b,0x54,0x68,0x1a,0xd3,0xda,0x31,
- 0x3e,0x60,0x4a,0x31,0x7d,0x41
- };
-
-
-/* P-256 SHA-384 PR */
-__fips_constseg
-static const unsigned char p_256_sha384_pr_entropyinput[] =
- {
- 0xb3,0x6a,0x1b,0x68,0xe3,0x8a,0xa4,0xad,0x2d,0xa0,0x6a,0xae,
- 0x10,0xe5,0x55,0x58
- };
-
-__fips_constseg
-static const unsigned char p_256_sha384_pr_nonce[] =
- {
- 0xe2,0xe8,0xd4,0x8d,0xc8,0x47,0xad,0x79
- };
-
-__fips_constseg
-static const unsigned char p_256_sha384_pr_personalizationstring[] =
- {
- 0xf9,0xbb,0xac,0xe9,0xd9,0x8a,0x58,0xae,0x58,0xa6,0x68,0xd2,
- 0xff,0x49,0x71,0x08
- };
-
-__fips_constseg
-static const unsigned char p_256_sha384_pr_additionalinput[] =
- {
- 0xa7,0xa3,0xcc,0xc1,0xbf,0xa7,0x32,0xe8,0xcb,0x21,0xf4,0x35,
- 0x42,0xa6,0xdd,0x4b
- };
-
-__fips_constseg
-static const unsigned char p_256_sha384_pr_entropyinputpr[] =
- {
- 0x37,0xdb,0x5a,0x83,0x9c,0x7a,0x50,0xe3,0xc7,0xbd,0x50,0x63,
- 0x88,0x44,0xa1,0x50
- };
-
-__fips_constseg
-static const unsigned char p_256_sha384_pr_int_returnedbits[] =
- {
- 0x65,0x3a,0xdd,0x95,0x3a,0x52,0xd7,0x7f,0x8d,0x81,0x1b,0x53,
- 0x4e,0xa9,0x5b,0x80,0xa2,0x08,0x1e,0xf5,0x7f,0xac,0x62,0x28,
- 0xbc,0x1c,0x02,0xd2,0xe9,0x1e
- };
-
-__fips_constseg
-static const unsigned char p_256_sha384_pr_additionalinput2[] =
- {
- 0xb3,0xff,0xbc,0x54,0x38,0x49,0x1f,0xad,0x3f,0x33,0x5f,0x45,
- 0x21,0x2f,0xcf,0xba
- };
-
-__fips_constseg
-static const unsigned char p_256_sha384_pr_entropyinputpr2[] =
- {
- 0x43,0x37,0x4a,0x16,0x15,0x1d,0x3d,0xa9,0x3b,0xcf,0xbb,0x73,
- 0x67,0xce,0x93,0xbf
- };
-
-__fips_constseg
-static const unsigned char p_256_sha384_pr_returnedbits[] =
- {
- 0x1e,0x1b,0x69,0x67,0xb8,0xd7,0xb4,0x18,0xb8,0xa0,0x11,0xc7,
- 0x5f,0xd7,0x14,0xb7,0x24,0xae,0xa5,0x35,0x06,0xa0,0xd0,0x7f,
- 0xcd,0x9b,0x20,0x03,0x66,0xc0
- };
-
-
-/* P-256 SHA-384 No PR */
-__fips_constseg
-static const unsigned char p_256_sha384_entropyinput[] =
- {
- 0x1c,0x0d,0xa7,0x27,0x1f,0xb4,0xa2,0x4a,0xe5,0x25,0x00,0xbe,
- 0xbe,0x80,0x88,0xa8
- };
-
-__fips_constseg
-static const unsigned char p_256_sha384_nonce[] =
- {
- 0x2c,0x7e,0x21,0x02,0x46,0x9e,0xe5,0xae
- };
-
-__fips_constseg
-static const unsigned char p_256_sha384_personalizationstring[] =
- {
- 0x0a,0xf6,0x83,0xa9,0x7b,0x97,0x20,0x60,0xcc,0x46,0x0e,0x52,
- 0xd0,0xcb,0x57,0xb5
- };
-
-__fips_constseg
-static const unsigned char p_256_sha384_additionalinput[] =
- {
- 0xac,0xd8,0x25,0xef,0x85,0xa8,0x5e,0x55,0x89,0x5b,0x6e,0xf6,
- 0x4d,0x4d,0x05,0x53
- };
-
-__fips_constseg
-static const unsigned char p_256_sha384_int_returnedbits[] =
- {
- 0x5c,0x71,0x32,0x2f,0x34,0x09,0x99,0x6a,0x4e,0x55,0xaf,0x4b,
- 0x73,0x32,0xb5,0xad,0x52,0x4c,0x54,0xa0,0x25,0x3b,0xd9,0x70,
- 0xe5,0xe4,0x6f,0x61,0xab,0x8c
- };
-
-__fips_constseg
-static const unsigned char p_256_sha384_entropyinputreseed[] =
- {
- 0x4b,0x0d,0xa9,0x66,0xc3,0x64,0xe9,0xd5,0x87,0xb1,0x98,0xc2,
- 0xeb,0x14,0xd2,0x8a
- };
-
-__fips_constseg
-static const unsigned char p_256_sha384_additionalinputreseed[] =
- {
- 0x1f,0x11,0x6b,0xc0,0x15,0x38,0xbd,0x62,0x27,0xf7,0x6d,0x97,
- 0x77,0xd1,0xcc,0x00
- };
-
-__fips_constseg
-static const unsigned char p_256_sha384_additionalinput2[] =
- {
- 0x1d,0x9a,0xe5,0xfc,0xed,0x93,0x3d,0xbb,0x08,0xf3,0xba,0x01,
- 0x6f,0x9f,0xdf,0xb1
- };
-
-__fips_constseg
-static const unsigned char p_256_sha384_returnedbits[] =
- {
- 0x4a,0xd5,0xd3,0x62,0xbb,0x6e,0x6c,0xb2,0x1c,0x0e,0xf6,0x97,
- 0xd3,0x15,0x18,0xb5,0x42,0x59,0xc4,0xf6,0xa9,0x8f,0x1b,0xff,
- 0xaa,0xf8,0xf9,0x9c,0xba,0x47
- };
-
-
-/* P-256 SHA-512 PR */
-__fips_constseg
-static const unsigned char p_256_sha512_pr_entropyinput[] =
- {
- 0x73,0x83,0x07,0x93,0x85,0x39,0x2f,0x96,0xcd,0x74,0x32,0x4d,
- 0x68,0x0e,0x97,0x9d
- };
-
-__fips_constseg
-static const unsigned char p_256_sha512_pr_nonce[] =
- {
- 0xab,0xc6,0xf4,0x38,0x72,0x9b,0x9f,0x36
- };
-
-__fips_constseg
-static const unsigned char p_256_sha512_pr_personalizationstring[] =
- {
- 0x88,0x8e,0xc1,0xaf,0xe9,0x1b,0x8a,0xf5,0xf2,0x23,0x44,0x71,
- 0xf5,0x9a,0xed,0x5e
- };
-
-__fips_constseg
-static const unsigned char p_256_sha512_pr_additionalinput[] =
- {
- 0x38,0xf7,0x2b,0x11,0x7b,0xd6,0xfa,0xbd,0x07,0x42,0x46,0x77,
- 0xed,0x1b,0x3f,0x95
- };
-
-__fips_constseg
-static const unsigned char p_256_sha512_pr_entropyinputpr[] =
- {
- 0x52,0xf2,0x68,0x6d,0xc9,0x1b,0xc7,0xb0,0x52,0x07,0x69,0x79,
- 0x25,0x5d,0xbb,0xdb
- };
-
-__fips_constseg
-static const unsigned char p_256_sha512_pr_int_returnedbits[] =
- {
- 0x23,0xa6,0x84,0x48,0x4f,0xd3,0x1f,0x56,0x57,0xae,0x50,0xea,
- 0x9f,0x2b,0x47,0x80,0x6a,0x46,0x10,0x54,0x1d,0x77,0x67,0x79,
- 0x45,0xbb,0x1d,0x90,0x2c,0xce
- };
-
-__fips_constseg
-static const unsigned char p_256_sha512_pr_additionalinput2[] =
- {
- 0x9c,0x46,0x61,0x85,0x2c,0x9e,0x2c,0xd0,0x4d,0xcd,0x73,0x78,
- 0x08,0x8d,0x49,0x5b
- };
-
-__fips_constseg
-static const unsigned char p_256_sha512_pr_entropyinputpr2[] =
- {
- 0x71,0x60,0x46,0x14,0xc1,0xaa,0x21,0xc8,0xf1,0xfe,0x32,0x90,
- 0x46,0xfd,0xe9,0x80
- };
-
-__fips_constseg
-static const unsigned char p_256_sha512_pr_returnedbits[] =
- {
- 0x7a,0x30,0x7d,0x6e,0xb1,0x22,0xb9,0x68,0x7d,0x00,0x14,0x63,
- 0xca,0xe2,0x06,0x03,0xe0,0x94,0xbb,0x45,0x14,0x2d,0xd2,0xd1,
- 0xfb,0x35,0xfd,0xe6,0xf1,0x81
- };
-
-
-/* P-256 SHA-512 No PR */
-__fips_constseg
-static const unsigned char p_256_sha512_entropyinput[] =
- {
- 0x55,0xd0,0x7f,0xb7,0x23,0x81,0x95,0x38,0xa7,0xbf,0x01,0x8d,
- 0x06,0x8b,0xbc,0x47
- };
-
-__fips_constseg
-static const unsigned char p_256_sha512_nonce[] =
- {
- 0x96,0xab,0x85,0xba,0x88,0x7b,0xf5,0x6e
- };
-
-__fips_constseg
-static const unsigned char p_256_sha512_personalizationstring[] =
- {
- 0xea,0x25,0x60,0xd0,0x5d,0xd8,0x9c,0x8d,0x43,0x23,0x49,0x0a,
- 0xd5,0x57,0xf3,0x54
- };
-
-__fips_constseg
-static const unsigned char p_256_sha512_additionalinput[] =
- {
- 0x8e,0xe8,0xfd,0x2e,0xcd,0x27,0xc6,0x7e,0x7a,0xf8,0xe7,0x11,
- 0xb8,0x0d,0x20,0x36
- };
-
-__fips_constseg
-static const unsigned char p_256_sha512_int_returnedbits[] =
- {
- 0x57,0x18,0x20,0x51,0xd7,0x57,0x13,0xb0,0xa0,0x8f,0x92,0xd2,
- 0xf5,0xa0,0x85,0xf3,0xac,0x64,0xb7,0x6b,0x94,0xde,0x9f,0xda,
- 0x0a,0x04,0x11,0xdf,0x52,0x27
- };
-
-__fips_constseg
-static const unsigned char p_256_sha512_entropyinputreseed[] =
- {
- 0x89,0x1d,0x17,0x0c,0xe4,0x82,0x34,0xe7,0x81,0x6c,0x47,0x47,
- 0xc6,0x49,0x50,0x3e
- };
-
-__fips_constseg
-static const unsigned char p_256_sha512_additionalinputreseed[] =
- {
- 0xe7,0xe4,0x88,0x00,0xa7,0xc9,0xb7,0x6b,0x70,0xda,0xe3,0xf0,
- 0x44,0xa9,0x02,0xf6
- };
-
-__fips_constseg
-static const unsigned char p_256_sha512_additionalinput2[] =
- {
- 0x09,0x9f,0xd2,0xe8,0xb2,0x0e,0x6e,0x89,0xf5,0x73,0x1c,0x1f,
- 0x93,0xf2,0x76,0xb2
- };
-
-__fips_constseg
-static const unsigned char p_256_sha512_returnedbits[] =
- {
- 0xdd,0x42,0x2a,0x7b,0x4f,0x84,0x07,0xfa,0x4d,0x17,0x9a,0x2e,
- 0x48,0xba,0xbf,0xc5,0x1c,0x42,0xc7,0xc3,0x63,0x4f,0x79,0xb0,
- 0xc1,0x54,0x1d,0xa6,0x0a,0x1c
- };
-
-
-/* P-384 SHA-224 PR */
-__fips_constseg
-static const unsigned char p_384_sha224_pr_entropyinput[] =
- {
- 0x34,0xf0,0x89,0xac,0x46,0x33,0xe2,0x7f,0x8c,0x02,0x65,0x09,
- 0xe1,0xcf,0x93,0x5b,0x10,0xbc,0xb0,0x43,0x4f,0xc7,0x62,0x19
- };
-
-__fips_constseg
-static const unsigned char p_384_sha224_pr_nonce[] =
- {
- 0x55,0x30,0xdf,0xa9,0xfb,0xbe,0x4a,0x2e,0x1d,0x03,0xf5,0x91
- };
-
-__fips_constseg
-static const unsigned char p_384_sha224_pr_personalizationstring[] =
- {
- 0x35,0xc7,0x3a,0x7b,0x5a,0x4e,0xd4,0x1a,0x82,0xe2,0xf5,0xed,
- 0x40,0x61,0x4b,0xf4,0xb9,0xcf,0xd0,0xc1,0xe2,0x41,0x23,0x04
- };
-
-__fips_constseg
-static const unsigned char p_384_sha224_pr_additionalinput[] =
- {
- 0xec,0xef,0x64,0xfb,0x92,0xbb,0xdf,0x8b,0xc8,0xf2,0xad,0xd8,
- 0x93,0x21,0x6f,0x11,0xde,0x37,0x52,0xe3,0x16,0x49,0xc7,0xe1
- };
-
-__fips_constseg
-static const unsigned char p_384_sha224_pr_entropyinputpr[] =
- {
- 0x59,0xb0,0x7e,0x34,0x49,0x29,0x7e,0x91,0x92,0x91,0x0c,0xca,
- 0x8e,0x31,0x62,0x06,0xab,0xf4,0x81,0x80,0xa4,0x55,0x8f,0x0f
- };
-
-__fips_constseg
-static const unsigned char p_384_sha224_pr_int_returnedbits[] =
- {
- 0x29,0xd9,0x3a,0x95,0xb1,0x34,0xff,0x73,0x06,0x1e,0x08,0x43,
- 0xd7,0x1d,0x53,0xd1,0xcf,0x09,0xd2,0x83,0x04,0x44,0x29,0x9d,
- 0x0d,0x18,0x76,0x94,0xa8,0x98,0xb4,0xc1,0xb0,0x31,0xbc,0xe6,
- 0xf0,0xc7,0x57,0x35,0x5d,0x32,0x78,0x9e,0x1d,0x2a
- };
-
-__fips_constseg
-static const unsigned char p_384_sha224_pr_additionalinput2[] =
- {
- 0x56,0x8c,0x6f,0x29,0xd6,0x25,0x9f,0xb8,0x6a,0x1d,0x70,0x5f,
- 0x6a,0xe7,0xe2,0x2e,0xcc,0x6b,0x78,0x0a,0x3f,0x54,0x73,0x97
- };
-
-__fips_constseg
-static const unsigned char p_384_sha224_pr_entropyinputpr2[] =
- {
- 0xe3,0x91,0x20,0x13,0x78,0xc6,0x01,0xfd,0x82,0xd7,0x43,0x1e,
- 0xed,0x85,0x4a,0xe2,0x0c,0x6f,0xdc,0x43,0x5f,0x7c,0xfd,0xd0
- };
-
-__fips_constseg
-static const unsigned char p_384_sha224_pr_returnedbits[] =
- {
- 0x89,0xa9,0x17,0xd8,0xcb,0x73,0x17,0x69,0x78,0x69,0x50,0x58,
- 0x74,0xe4,0x8c,0x6f,0x5c,0xfa,0x6e,0x01,0xb3,0xf0,0xce,0xa9,
- 0xd0,0xc0,0x40,0xb3,0x20,0x78,0xe2,0xdb,0xec,0x1f,0x73,0xea,
- 0x2e,0xa6,0xf1,0xc8,0xfe,0x7c,0xe7,0x68,0xf7,0x86
- };
-
-
-/* P-384 SHA-224 No PR */
-__fips_constseg
-static const unsigned char p_384_sha224_entropyinput[] =
- {
- 0x44,0x2c,0xc3,0xc6,0x20,0xe6,0x61,0xec,0xd1,0x2b,0xdf,0x18,
- 0x2e,0xc5,0x4a,0xd4,0x80,0x55,0xbd,0x54,0x89,0x01,0x7b,0xbb
- };
-
-__fips_constseg
-static const unsigned char p_384_sha224_nonce[] =
- {
- 0x16,0x27,0x4b,0xb3,0x0f,0x01,0xd0,0xe6,0x9f,0x5c,0x44,0xa4
- };
-
-__fips_constseg
-static const unsigned char p_384_sha224_personalizationstring[] =
- {
- 0x55,0x26,0x3e,0xee,0xaa,0x1b,0x35,0x27,0xef,0x18,0x28,0x62,
- 0x51,0x1e,0xbc,0x4c,0x64,0x0d,0xf8,0x20,0xe6,0x0a,0x1d,0xaa
- };
-
-__fips_constseg
-static const unsigned char p_384_sha224_additionalinput[] =
- {
- 0x27,0x08,0x22,0x32,0x4a,0xd6,0xc6,0x51,0xff,0xc5,0xb7,0x8f,
- 0xb4,0x3e,0xa0,0x6e,0xe2,0x55,0xa1,0xf1,0x2e,0x0d,0x89,0x91
- };
-
-__fips_constseg
-static const unsigned char p_384_sha224_int_returnedbits[] =
- {
- 0x85,0x0e,0xe3,0xde,0xed,0x40,0xdc,0xec,0x9a,0x2d,0x65,0x24,
- 0x2b,0x56,0xd6,0xce,0x7c,0x40,0x07,0xe5,0x61,0x64,0xe5,0xac,
- 0x6e,0x48,0xa3,0xda,0x7d,0x4c,0xd6,0x7d,0xd0,0x69,0xa8,0x93,
- 0xa7,0xb1,0x91,0xba,0x0d,0x81,0x8f,0x04,0xaf,0x91
- };
-
-__fips_constseg
-static const unsigned char p_384_sha224_entropyinputreseed[] =
- {
- 0x27,0x57,0xc2,0x22,0xa6,0x70,0xb9,0x74,0x86,0x59,0x8c,0xff,
- 0x7d,0x10,0x0c,0xe3,0x24,0xf1,0x95,0xbd,0x99,0x84,0xca,0x11
- };
-
-__fips_constseg
-static const unsigned char p_384_sha224_additionalinputreseed[] =
- {
- 0x5a,0xc3,0x47,0x2c,0x9c,0x1d,0xe0,0x43,0x3b,0x1b,0x01,0xed,
- 0x86,0x5d,0x1b,0x3f,0x45,0xb1,0x8e,0xa9,0x79,0x7b,0x88,0x01
- };
-
-__fips_constseg
-static const unsigned char p_384_sha224_additionalinput2[] =
- {
- 0x7d,0x48,0x91,0xda,0x00,0x60,0x33,0x2c,0x22,0xe4,0x42,0x61,
- 0xbc,0x70,0x05,0x73,0x22,0x23,0x42,0xda,0x7a,0x2b,0xba,0xbb
- };
-
-__fips_constseg
-static const unsigned char p_384_sha224_returnedbits[] =
- {
- 0xfa,0x7d,0x7b,0x35,0x32,0xbe,0x44,0x91,0x90,0xd2,0x69,0x9a,
- 0x06,0xb8,0x52,0x3e,0x3b,0xcf,0x1e,0x81,0xd3,0x20,0x5f,0x5b,
- 0x55,0xb6,0xb3,0xc9,0x6b,0xc7,0x0c,0xf1,0xa7,0xbd,0x4a,0x83,
- 0x25,0x50,0xc3,0x78,0x3f,0x4e,0xe9,0xed,0x6c,0x4c
- };
-
-
-/* P-384 SHA-256 PR */
-__fips_constseg
-static const unsigned char p_384_sha256_pr_entropyinput[] =
- {
- 0xc6,0xd0,0xc7,0xa3,0x7e,0x2b,0x8c,0xd6,0x23,0xe9,0x9e,0x1f,
- 0x77,0x30,0xed,0x6a,0xfc,0xe4,0x7b,0xf0,0x6f,0xd6,0xfe,0x05
- };
-
-__fips_constseg
-static const unsigned char p_384_sha256_pr_nonce[] =
- {
- 0x67,0x91,0xca,0x93,0xc8,0x1e,0x93,0x13,0x00,0x72,0x4e,0xa2
- };
-
-__fips_constseg
-static const unsigned char p_384_sha256_pr_personalizationstring[] =
- {
- 0xa5,0x5b,0x6e,0xeb,0xc9,0x0d,0x42,0x0b,0x41,0xec,0x0b,0x9e,
- 0xde,0xc1,0x80,0x4d,0xe3,0x86,0xa0,0xfe,0x7e,0x92,0x47,0xa3
- };
-
-__fips_constseg
-static const unsigned char p_384_sha256_pr_additionalinput[] =
- {
- 0x9a,0x04,0xa9,0x78,0x48,0xa8,0x77,0x0f,0x38,0x2a,0x54,0x66,
- 0x34,0xaa,0x31,0xbd,0xf6,0xfb,0xc1,0x14,0xa5,0xcb,0x1c,0xf2
- };
-
-__fips_constseg
-static const unsigned char p_384_sha256_pr_entropyinputpr[] =
- {
- 0x19,0x6c,0x48,0xf5,0x64,0xb3,0xb4,0x49,0x6e,0xb8,0xc4,0x8b,
- 0xab,0xba,0xb5,0x8e,0xa3,0xf1,0x6e,0xe9,0xf6,0x37,0xa1,0x46
- };
-
-__fips_constseg
-static const unsigned char p_384_sha256_pr_int_returnedbits[] =
- {
- 0xfd,0x04,0x26,0x4f,0xbd,0x84,0xe3,0x54,0xb2,0x9b,0xb1,0x84,
- 0x66,0x5f,0x02,0xc0,0xcc,0x69,0x7e,0x4d,0x4f,0xc4,0x00,0x8e,
- 0x13,0x5d,0xe9,0x0f,0x98,0x71,0xe8,0x7f,0x50,0xd1,0x49,0xc8,
- 0xae,0x71,0xe9,0x60,0x94,0x90,0xce,0x6d,0xba,0xab
- };
-
-__fips_constseg
-static const unsigned char p_384_sha256_pr_additionalinput2[] =
- {
- 0x4d,0x27,0x90,0x17,0x81,0x74,0x4f,0xa4,0x40,0xdf,0x42,0x29,
- 0xc5,0x37,0xf1,0x31,0x89,0x90,0x27,0x8a,0x96,0xcc,0x68,0x6e
- };
-
-__fips_constseg
-static const unsigned char p_384_sha256_pr_entropyinputpr2[] =
- {
- 0x1d,0xbe,0xdf,0x39,0xd8,0x82,0xb2,0x8f,0x7f,0x90,0xac,0x19,
- 0xc8,0x65,0xf2,0x5a,0xff,0x4e,0xbb,0xcf,0xcd,0xce,0x2c,0xfd
- };
-
-__fips_constseg
-static const unsigned char p_384_sha256_pr_returnedbits[] =
- {
- 0x45,0x63,0xac,0xb5,0x1e,0x49,0x99,0x67,0x89,0xd4,0x9c,0xa9,
- 0xf8,0x5a,0x05,0x0d,0xeb,0xe6,0xc7,0x78,0x8e,0xf1,0xec,0xe3,
- 0xc8,0x52,0xf1,0xfa,0x0f,0xd0,0xd7,0xbe,0x8a,0x34,0x0a,0x1f,
- 0x38,0x42,0xc6,0xac,0x61,0xd4,0x32,0xc5,0xd2,0x15
- };
-
-
-/* P-384 SHA-256 No PR */
-__fips_constseg
-static const unsigned char p_384_sha256_entropyinput[] =
- {
- 0x52,0x92,0xc4,0xac,0xce,0xf5,0x35,0xa4,0x15,0xdb,0xa9,0xe1,
- 0xbc,0x7b,0x08,0xa5,0x27,0x16,0xe3,0x50,0x08,0x2d,0x09,0x2d
- };
-
-__fips_constseg
-static const unsigned char p_384_sha256_nonce[] =
- {
- 0xe8,0x14,0x2b,0xee,0xba,0xac,0xe0,0x25,0xd0,0x3b,0x78,0xc5
- };
-
-__fips_constseg
-static const unsigned char p_384_sha256_personalizationstring[] =
- {
- 0x28,0x0c,0x86,0x48,0x5e,0xca,0xfa,0x89,0x1f,0x58,0xb8,0x2c,
- 0x41,0x28,0x3f,0x98,0x71,0x66,0x7b,0xb7,0x32,0xa2,0xe1,0x49
- };
-
-__fips_constseg
-static const unsigned char p_384_sha256_additionalinput[] =
- {
- 0xdc,0x59,0xb1,0x23,0x39,0x75,0x1b,0x27,0x24,0x5f,0x7a,0x55,
- 0x82,0xdc,0xdc,0xe2,0x12,0x65,0xbf,0x8a,0x65,0xdb,0x27,0xdb
- };
-
-__fips_constseg
-static const unsigned char p_384_sha256_int_returnedbits[] =
- {
- 0xc0,0x86,0xd8,0x67,0xdd,0xe4,0xce,0x15,0x60,0xad,0x45,0x60,
- 0x80,0x8b,0x5a,0xb6,0x85,0x6d,0x4a,0xdf,0x8e,0xc0,0x2d,0xbf,
- 0xa9,0x8c,0x9b,0x8d,0x03,0xca,0xbf,0x3b,0x1f,0xdc,0xc1,0xac,
- 0xa8,0x0f,0x45,0xd6,0x2e,0xd1,0xe6,0x29,0xb5,0x1c
- };
-
-__fips_constseg
-static const unsigned char p_384_sha256_entropyinputreseed[] =
- {
- 0x9f,0x19,0x9f,0xc8,0x18,0x43,0xfc,0x9a,0x97,0xed,0x20,0x13,
- 0xad,0xc9,0xa0,0x65,0xef,0x38,0xd6,0x2e,0xce,0x4d,0xe1,0x1d
- };
-
-__fips_constseg
-static const unsigned char p_384_sha256_additionalinputreseed[] =
- {
- 0xa6,0x27,0x35,0x9f,0x8a,0xaa,0xf5,0xb3,0x60,0x4b,0x16,0x68,
- 0xdd,0x32,0x2e,0x1b,0xb1,0x34,0x47,0x03,0x45,0x3f,0xb6,0x3e
- };
-
-__fips_constseg
-static const unsigned char p_384_sha256_additionalinput2[] =
- {
- 0x76,0x4e,0x5c,0x75,0x33,0xa5,0x94,0x95,0xf4,0x36,0xa5,0x39,
- 0x28,0xc1,0x74,0xd1,0xfa,0x1d,0x8a,0x40,0x6e,0x84,0x4e,0xc7
- };
-
-__fips_constseg
-static const unsigned char p_384_sha256_returnedbits[] =
- {
- 0x50,0x15,0xc9,0x98,0x73,0x71,0x55,0xb7,0x7a,0xf4,0xa5,0xe7,
- 0xb3,0xe2,0x24,0x2e,0x96,0x5b,0xd1,0xab,0xe8,0x51,0x1f,0xbe,
- 0x3b,0x1e,0x1f,0xd4,0x18,0x2d,0x99,0xda,0xb8,0xa5,0x98,0x65,
- 0x1d,0xaa,0x1e,0x46,0x8f,0x6b,0x4f,0xa2,0xd5,0xdf
- };
-
-
-/* P-384 SHA-384 PR */
-__fips_constseg
-static const unsigned char p_384_sha384_pr_entropyinput[] =
- {
- 0x3b,0x40,0x57,0x65,0x46,0x14,0xa5,0xf6,0x63,0x21,0xe7,0x33,
- 0xd7,0x38,0xa7,0x54,0x33,0x62,0x08,0x08,0x37,0xef,0xbf,0x22
- };
-
-__fips_constseg
-static const unsigned char p_384_sha384_pr_nonce[] =
- {
- 0xf4,0xd4,0x11,0x0a,0x4a,0xdb,0xfc,0xbb,0x08,0x7a,0x20,0x51
- };
-
-__fips_constseg
-static const unsigned char p_384_sha384_pr_personalizationstring[] =
- {
- 0x5d,0x5b,0x9d,0xe5,0x45,0x62,0x5b,0xd0,0xa8,0x1b,0xea,0xe3,
- 0xbd,0x59,0xd4,0xab,0x50,0xbe,0x5d,0x21,0x5d,0x85,0x42,0x16
- };
-
-__fips_constseg
-static const unsigned char p_384_sha384_pr_additionalinput[] =
- {
- 0xd9,0xac,0x4b,0x76,0x18,0x46,0xba,0x30,0x88,0xdf,0x41,0xdb,
- 0x72,0x9b,0x4d,0xb7,0xbb,0x12,0xd2,0xd8,0x00,0xa0,0x81,0x14
- };
-
-__fips_constseg
-static const unsigned char p_384_sha384_pr_entropyinputpr[] =
- {
- 0x46,0x6d,0x66,0xaf,0xcf,0xb3,0x59,0x37,0x52,0x7e,0xa0,0xce,
- 0x6d,0xaa,0x40,0xac,0x87,0xce,0x01,0x76,0x8f,0xac,0x49,0x42
- };
-
-__fips_constseg
-static const unsigned char p_384_sha384_pr_int_returnedbits[] =
- {
- 0xe1,0xea,0x43,0x73,0x35,0xf8,0x1f,0x2d,0xab,0x82,0x82,0x7f,
- 0x82,0xca,0x78,0xb4,0x9b,0xfd,0x89,0xbc,0x83,0xcb,0x8d,0x09,
- 0x44,0xb6,0xd6,0x0c,0xd9,0x43,0x97,0x5c,0xf8,0x51,0x5d,0xe3,
- 0x0c,0x36,0xe1,0xaf,0xd3,0xbd,0x43,0x08,0xb8,0x65
- };
-
-__fips_constseg
-static const unsigned char p_384_sha384_pr_additionalinput2[] =
- {
- 0x6f,0xe5,0x27,0xa8,0x0c,0x4b,0xad,0x03,0xba,0xaa,0x70,0xc5,
- 0xc6,0x4c,0xa6,0x6b,0xd9,0xb4,0x74,0x7a,0xea,0x4b,0x07,0xc8
- };
-
-__fips_constseg
-static const unsigned char p_384_sha384_pr_entropyinputpr2[] =
- {
- 0xec,0xc8,0x0c,0x3a,0x39,0xd3,0x2e,0xa9,0xab,0x57,0x89,0x1d,
- 0x85,0x23,0x54,0x40,0xdf,0x15,0xbd,0x65,0x41,0xe5,0xaf,0xfb
- };
-
-__fips_constseg
-static const unsigned char p_384_sha384_pr_returnedbits[] =
- {
- 0x3f,0xe0,0xa9,0x90,0x8e,0x27,0x2c,0xbe,0xfe,0xdd,0x35,0x67,
- 0x4e,0x9b,0x9b,0x54,0xf3,0xb9,0x53,0xf4,0x62,0x8a,0xad,0x67,
- 0x3e,0x68,0x92,0xd5,0xdb,0xd7,0x8f,0xb1,0xf7,0x10,0x5e,0xc6,
- 0xc3,0xe8,0x45,0x60,0xde,0x05,0x4e,0x94,0xbc,0x43
- };
-
-
-/* P-384 SHA-384 No PR */
-__fips_constseg
-static const unsigned char p_384_sha384_entropyinput[] =
- {
- 0x52,0x51,0xd7,0x2a,0x26,0xda,0xeb,0x5c,0xfb,0x23,0x47,0x49,
- 0xf7,0x04,0xc6,0x62,0xed,0x72,0x3e,0x70,0x41,0x87,0x75,0x42
- };
-
-__fips_constseg
-static const unsigned char p_384_sha384_nonce[] =
- {
- 0x63,0x66,0x35,0x65,0x9b,0xe5,0xd3,0xcb,0x94,0x82,0x81,0x05
- };
-
-__fips_constseg
-static const unsigned char p_384_sha384_personalizationstring[] =
- {
- 0x52,0xa4,0xce,0x0e,0x4b,0x72,0x21,0x63,0xad,0x21,0x7f,0x60,
- 0x9e,0x5d,0xa7,0xff,0xef,0xf1,0xfb,0x04,0xdb,0x30,0x5a,0x0c
- };
-
-__fips_constseg
-static const unsigned char p_384_sha384_additionalinput[] =
- {
- 0xd7,0xde,0x8e,0xc4,0xeb,0x69,0xd2,0x2b,0xed,0x00,0x4a,0x6e,
- 0x3a,0x13,0xf5,0x48,0xe4,0x83,0xad,0x81,0x4d,0x68,0xe5,0x57
- };
-
-__fips_constseg
-static const unsigned char p_384_sha384_int_returnedbits[] =
- {
- 0xbc,0x2d,0x9b,0x3b,0xbb,0x75,0xf4,0xdf,0xda,0x0f,0x10,0x88,
- 0xb4,0x95,0x4c,0xf3,0xfa,0xff,0x3d,0x30,0x53,0x0b,0xa7,0xb9,
- 0x95,0x27,0xc3,0x11,0xc9,0xef,0xd4,0xfe,0x84,0x9d,0xe0,0x76,
- 0xcc,0x39,0x83,0xab,0x3f,0x31,0xe7,0x6d,0x44,0x0f
- };
-
-__fips_constseg
-static const unsigned char p_384_sha384_entropyinputreseed[] =
- {
- 0xef,0x0f,0xa7,0x4e,0x90,0xe1,0x57,0x9e,0xce,0x52,0xe1,0xa0,
- 0xd3,0x0f,0x06,0xa4,0xfe,0x5d,0x55,0x60,0xe2,0xc5,0x45,0x3b
- };
-
-__fips_constseg
-static const unsigned char p_384_sha384_additionalinputreseed[] =
- {
- 0xec,0x87,0x9e,0x8e,0x58,0xb8,0xa3,0xd3,0x3e,0x49,0x22,0xf5,
- 0x68,0x5b,0x60,0x6e,0x7b,0x73,0xd5,0xa4,0x7c,0x9e,0xcd,0xba
- };
-
-__fips_constseg
-static const unsigned char p_384_sha384_additionalinput2[] =
- {
- 0x1c,0xd2,0xce,0x30,0x31,0x8b,0xbb,0xaf,0xbb,0xa8,0xae,0x20,
- 0xa3,0x6b,0xb5,0x37,0xfe,0x09,0x91,0x1a,0x63,0x33,0x29,0x8c
- };
-
-__fips_constseg
-static const unsigned char p_384_sha384_returnedbits[] =
- {
- 0xd7,0x36,0x7b,0x33,0x50,0x6a,0x59,0xb0,0x7c,0xb3,0xc4,0xe9,
- 0xc2,0x16,0x41,0x7b,0xe4,0x4c,0xd8,0x7c,0x6b,0x74,0x00,0x31,
- 0xd1,0x97,0x2d,0x7a,0x97,0x22,0x45,0xe6,0xf0,0xcd,0x8e,0xa5,
- 0xeb,0xab,0x37,0xd6,0xb7,0xb1,0x9c,0x42,0xfb,0xcf
- };
-
-
-/* P-384 SHA-512 PR */
-__fips_constseg
-static const unsigned char p_384_sha512_pr_entropyinput[] =
- {
- 0x14,0xdf,0x91,0xdb,0xad,0xe2,0x22,0xe5,0x56,0xa1,0x88,0xbd,
- 0x42,0x73,0xf7,0x8d,0xdc,0x99,0x54,0x99,0x8a,0xab,0x11,0x4b
- };
-
-__fips_constseg
-static const unsigned char p_384_sha512_pr_nonce[] =
- {
- 0x10,0x49,0x5d,0xf6,0x5d,0x17,0xa7,0xa6,0xd8,0xc7,0xc8,0xe7
- };
-
-__fips_constseg
-static const unsigned char p_384_sha512_pr_personalizationstring[] =
- {
- 0x61,0x59,0xc5,0x8e,0x30,0x77,0x05,0x75,0x87,0xff,0x0b,0x06,
- 0x03,0x79,0xa5,0x8b,0x59,0xb8,0x32,0xc9,0x19,0x47,0x7d,0x0e
- };
-
-__fips_constseg
-static const unsigned char p_384_sha512_pr_additionalinput[] =
- {
- 0x41,0xd5,0x73,0x17,0x13,0x4c,0xe8,0x7c,0x83,0x45,0x84,0xf1,
- 0x72,0xae,0x1d,0xea,0x08,0x0a,0x56,0xec,0x16,0xf9,0x1f,0xb6
- };
-
-__fips_constseg
-static const unsigned char p_384_sha512_pr_entropyinputpr[] =
- {
- 0xa6,0x85,0xa8,0xa4,0x0f,0xad,0x96,0x32,0x39,0x5e,0x86,0xb0,
- 0x8b,0xda,0xb2,0xf0,0x38,0x75,0xf8,0xe2,0xc0,0xbf,0x77,0x62
- };
-
-__fips_constseg
-static const unsigned char p_384_sha512_pr_int_returnedbits[] =
- {
- 0xc8,0xf2,0x0c,0x8a,0xe7,0x72,0xe2,0xa3,0x5e,0x0a,0xaa,0x21,
- 0x3a,0x92,0x08,0x70,0xaf,0xc2,0x1e,0xed,0xd1,0x2c,0xa0,0xbc,
- 0xcb,0x0e,0x46,0xb9,0x34,0x97,0x62,0x03,0x4a,0x93,0xe3,0x6f,
- 0x92,0x08,0x71,0x16,0xce,0x3e,0x5b,0x6b,0x9a,0x52
- };
-
-__fips_constseg
-static const unsigned char p_384_sha512_pr_additionalinput2[] =
- {
- 0x72,0x72,0xb3,0x26,0x05,0x49,0xf0,0x34,0xb6,0x04,0x75,0x6a,
- 0x0a,0x86,0x9c,0x8f,0xe5,0x3d,0x90,0x26,0x42,0x92,0x2a,0x77
- };
-
-__fips_constseg
-static const unsigned char p_384_sha512_pr_entropyinputpr2[] =
- {
- 0xf1,0xda,0x51,0xa2,0x21,0x54,0x2d,0x6d,0xec,0x92,0xe5,0x8f,
- 0x81,0x96,0x21,0x60,0x93,0x33,0x3d,0xfb,0x92,0xfe,0xae,0xcb
- };
-
-__fips_constseg
-static const unsigned char p_384_sha512_pr_returnedbits[] =
- {
- 0x12,0x87,0x30,0xc4,0x87,0x61,0x58,0xab,0x79,0x05,0xb4,0xfd,
- 0x47,0x95,0x86,0x4c,0x24,0x45,0xb0,0x4b,0x23,0x9a,0xe6,0x72,
- 0x03,0xd8,0xc1,0x8a,0xbc,0xd0,0x3b,0xb5,0x8e,0x84,0x9f,0x2d,
- 0xa4,0xf6,0x9b,0x89,0xd6,0x92,0x72,0x70,0x63,0xb9
- };
-
-
-/* P-384 SHA-512 No PR */
-__fips_constseg
-static const unsigned char p_384_sha512_entropyinput[] =
- {
- 0xc7,0x7b,0x0e,0xe1,0x06,0x66,0x63,0x87,0x15,0x09,0x0a,0xe2,
- 0xbe,0xdc,0xd5,0x3c,0x65,0xce,0xc5,0x25,0xfd,0xf2,0x23,0xbe
- };
-
-__fips_constseg
-static const unsigned char p_384_sha512_nonce[] =
- {
- 0x5c,0xe8,0xa7,0x7d,0x45,0x8d,0x89,0xcd,0xb7,0xa3,0x4a,0x98
- };
-
-__fips_constseg
-static const unsigned char p_384_sha512_personalizationstring[] =
- {
- 0xa9,0x0e,0x29,0xff,0x2f,0x4e,0x92,0xe3,0xbd,0xcf,0x25,0xfa,
- 0x96,0xdf,0x18,0x16,0x9a,0x99,0xb0,0x07,0xfe,0x51,0x24,0x9e
- };
-
-__fips_constseg
-static const unsigned char p_384_sha512_additionalinput[] =
- {
- 0x1a,0x19,0xdf,0x08,0x35,0x94,0x83,0x30,0xab,0x01,0x98,0x2b,
- 0xa5,0xe2,0x6d,0x99,0xe7,0x30,0xd5,0xef,0xf1,0xa7,0x61,0x61
- };
-
-__fips_constseg
-static const unsigned char p_384_sha512_int_returnedbits[] =
- {
- 0xa2,0x80,0xdb,0xa3,0x6c,0x7b,0x74,0x57,0x65,0x9d,0x32,0x53,
- 0xaf,0xcc,0x91,0x21,0x59,0x3c,0xf2,0xf7,0xf7,0x06,0x29,0xee,
- 0xce,0x1f,0x3d,0xdb,0x2c,0x9c,0xb9,0xfb,0xf1,0xe1,0xf1,0xac,
- 0x90,0xcd,0x6e,0xc5,0x97,0x1e,0xa2,0x90,0x2b,0x7e
- };
-
-__fips_constseg
-static const unsigned char p_384_sha512_entropyinputreseed[] =
- {
- 0xf4,0x57,0x3d,0xc5,0x13,0x99,0xb2,0x4d,0xdd,0xdf,0xf3,0xa0,
- 0x7b,0x82,0x8a,0x22,0x9a,0x02,0x9c,0xac,0x6f,0xb4,0x07,0xd8
- };
-
-__fips_constseg
-static const unsigned char p_384_sha512_additionalinputreseed[] =
- {
- 0x12,0x98,0x84,0xa1,0xb5,0x26,0x7e,0x55,0xe1,0xd1,0x00,0x8f,
- 0x50,0x96,0x30,0xa7,0x33,0xf5,0xb4,0x76,0x93,0x7a,0x2d,0x82
- };
-
-__fips_constseg
-static const unsigned char p_384_sha512_additionalinput2[] =
- {
- 0xfd,0x4c,0x76,0x61,0x48,0x40,0xa7,0x1e,0xa1,0xe9,0x25,0xcc,
- 0xa6,0x21,0x4e,0x87,0xc9,0x27,0x06,0x3e,0x89,0x8b,0x18,0x3c
- };
-
-__fips_constseg
-static const unsigned char p_384_sha512_returnedbits[] =
- {
- 0x90,0xa9,0xd4,0x1a,0x7f,0xb5,0xdd,0x66,0x5f,0xa7,0xc9,0x53,
- 0x57,0xfc,0xc1,0x42,0x93,0x09,0xb4,0xf6,0x6c,0x7a,0xce,0x16,
- 0x5e,0xed,0xad,0xea,0x0e,0x34,0x06,0xbb,0x80,0x89,0xba,0xd3,
- 0xfe,0x49,0x21,0x4e,0x28,0xa7,0xfe,0xdb,0x27,0xfe
- };
-
-
-/* P-521 SHA-256 PR */
-__fips_constseg
-static const unsigned char p_521_sha256_pr_entropyinput[] =
- {
- 0x1a,0xb3,0x78,0x1e,0x14,0x19,0x83,0x05,0xac,0xb0,0x95,0xe1,
- 0x10,0xa3,0xc4,0xbc,0x8e,0x13,0x2c,0xf2,0xad,0x63,0x25,0x1f,
- 0x88,0xc4,0xc4,0x4e,0x6d,0x03,0x96,0x5e
- };
-
-__fips_constseg
-static const unsigned char p_521_sha256_pr_nonce[] =
- {
- 0xd8,0x3d,0x1c,0x7e,0x4a,0x8e,0x28,0x4a,0xd6,0xf7,0xe8,0x0c,
- 0x54,0x69,0x31,0xe4
- };
-
-__fips_constseg
-static const unsigned char p_521_sha256_pr_personalizationstring[] =
- {
- 0xc7,0xa6,0xb8,0xc0,0x25,0xaa,0x88,0xf5,0xc7,0x6a,0xd2,0xfc,
- 0x7a,0x07,0xdd,0xf9,0x02,0xfb,0x79,0x36,0x17,0xc3,0x23,0x6e,
- 0x9e,0xcd,0x5c,0x5d,0x2b,0xa3,0x45,0x86
- };
-
-__fips_constseg
-static const unsigned char p_521_sha256_pr_additionalinput[] =
- {
- 0xde,0xc5,0x1d,0x59,0x4d,0x25,0x3c,0x4f,0xbb,0x81,0xb3,0x61,
- 0xd4,0x84,0x6e,0x4e,0x52,0x80,0xcd,0x5d,0x1a,0xb9,0xdf,0x44,
- 0x94,0xf2,0xde,0x54,0x49,0x37,0xea,0xe8
- };
-
-__fips_constseg
-static const unsigned char p_521_sha256_pr_entropyinputpr[] =
- {
- 0x4e,0xe6,0x23,0xa4,0x97,0xaf,0x70,0x36,0xed,0xed,0x37,0x6b,
- 0xc9,0x31,0x95,0x1e,0x07,0x42,0x42,0x4b,0x24,0x06,0xee,0xa0,
- 0xb5,0xb1,0xd7,0x40,0x29,0x2e,0xa8,0xd8
- };
-
-__fips_constseg
-static const unsigned char p_521_sha256_pr_int_returnedbits[] =
- {
- 0x7d,0x64,0x63,0x00,0xa5,0x98,0x9b,0xf3,0xf4,0x09,0x44,0x64,
- 0xcc,0xa8,0x99,0xbc,0x6e,0xac,0x67,0xb9,0xb1,0xb5,0x3b,0xe8,
- 0x99,0xde,0x91,0xe8,0x8b,0x95,0x09,0xcc,0x35,0xde,0xd7,0x78,
- 0x97,0x47,0x7d,0xa0,0x5f,0xe4,0x48,0x1e,0x5f,0x14,0xa0,0xda,
- 0xd6,0xac,0x59,0xf0,0x31,0xc6,0xb4,0x78,0x70,0x32,0x87,0xd8,
- 0xbb,0xe1,0x8e
- };
-
-__fips_constseg
-static const unsigned char p_521_sha256_pr_additionalinput2[] =
- {
- 0xda,0x8a,0xbb,0x5e,0x1f,0xc7,0x4b,0x7e,0x2b,0x09,0xdd,0x64,
- 0x42,0x4b,0x19,0x66,0x16,0xb6,0xec,0x1c,0x46,0xd1,0x23,0x26,
- 0x16,0xe9,0x4a,0x3b,0x6e,0xc1,0xc6,0x74
- };
-
-__fips_constseg
-static const unsigned char p_521_sha256_pr_entropyinputpr2[] =
- {
- 0x7b,0x4d,0x60,0x68,0xb1,0xd7,0xbe,0xf7,0x40,0xb5,0x84,0xa8,
- 0x3b,0x49,0x38,0x8a,0xc2,0x40,0x44,0x0b,0x80,0xc8,0x94,0xbf,
- 0x6a,0xf5,0x72,0x74,0xb5,0x6f,0x9f,0x7a
- };
-
-__fips_constseg
-static const unsigned char p_521_sha256_pr_returnedbits[] =
- {
- 0xb2,0x4e,0x40,0x75,0xaf,0xcf,0x93,0x13,0xaf,0x97,0x49,0x49,
- 0x5f,0xdf,0x5d,0x21,0x2f,0x99,0x7d,0xe9,0xb8,0x98,0x3e,0x1f,
- 0x06,0xcc,0xca,0xb6,0xcf,0x6d,0xd2,0xd9,0x85,0x45,0x1a,0xd5,
- 0x39,0x6a,0x26,0x6c,0x7b,0x7b,0x72,0x18,0xa2,0xf1,0x99,0x7e,
- 0xe1,0xa0,0xa6,0x54,0xe4,0x0f,0x73,0x48,0xc2,0x54,0xc2,0xc3,
- 0x4f,0x53,0xb3
- };
-
-
-/* P-521 SHA-256 No PR */
-__fips_constseg
-static const unsigned char p_521_sha256_entropyinput[] =
- {
- 0x69,0x5d,0x57,0x6d,0xe8,0xb1,0x0a,0x01,0xf8,0x1d,0xb9,0x5d,
- 0xbd,0xfb,0xec,0x38,0xc9,0xd3,0x70,0x88,0x9a,0x8d,0xf2,0x4e,
- 0x55,0xd6,0xde,0xa2,0xc4,0xd2,0x78,0xfb
- };
-
-__fips_constseg
-static const unsigned char p_521_sha256_nonce[] =
- {
- 0x12,0xd2,0x1a,0xac,0xaf,0x49,0xb2,0xa4,0x9c,0x33,0x2e,0xdb,
- 0x46,0xd1,0xc7,0x23
- };
-
-__fips_constseg
-static const unsigned char p_521_sha256_personalizationstring[] =
- {
- 0xb7,0xe2,0xeb,0xa9,0x88,0xb5,0x24,0xf3,0x82,0xc6,0x83,0xe3,
- 0x5e,0x12,0x32,0xd1,0x50,0x16,0xd4,0x96,0x5e,0x62,0x0b,0xb8,
- 0x02,0x5b,0x2e,0xd2,0x01,0x52,0x4a,0x48
- };
-
-__fips_constseg
-static const unsigned char p_521_sha256_additionalinput[] =
- {
- 0xf4,0xa2,0xfa,0xae,0x18,0x94,0xdb,0x12,0x0b,0xa8,0x1e,0x4e,
- 0x7f,0xdb,0x3d,0x9e,0x06,0xe2,0x77,0x53,0x2b,0x76,0x0a,0xbd,
- 0xcc,0xdb,0xae,0x5a,0xbc,0xb0,0x53,0x3f
- };
-
-__fips_constseg
-static const unsigned char p_521_sha256_int_returnedbits[] =
- {
- 0xbd,0x16,0xe4,0x4d,0x62,0xa1,0xb4,0x4f,0x3f,0xba,0x27,0x58,
- 0xa3,0xa1,0x6f,0x92,0xe9,0xe9,0x48,0xd0,0x64,0xba,0xb2,0x17,
- 0x54,0x9a,0xcc,0x8d,0xae,0x2e,0x68,0x62,0x42,0xab,0x55,0x24,
- 0x47,0x0f,0x71,0xd2,0xa8,0x78,0xf0,0x5b,0x76,0xd0,0x01,0xd7,
- 0x86,0xca,0xe5,0xa4,0x41,0x82,0x73,0x51,0x5e,0xa4,0x12,0xa4,
- 0xe1,0xea,0xbd
- };
-
-__fips_constseg
-static const unsigned char p_521_sha256_entropyinputreseed[] =
- {
- 0xda,0x4e,0x7f,0xf0,0x7d,0x4d,0xd8,0x74,0xa2,0x74,0x08,0x82,
- 0x1b,0xe2,0xab,0xc9,0xd2,0xae,0x07,0xc3,0xc5,0x94,0x2f,0xfa,
- 0x40,0xe0,0x5a,0x95,0x5b,0x99,0x7f,0x28
- };
-
-__fips_constseg
-static const unsigned char p_521_sha256_additionalinputreseed[] =
- {
- 0xf3,0x7d,0x64,0xae,0x7a,0xb3,0x9c,0xee,0x0a,0xd3,0x1a,0x56,
- 0x3d,0x65,0xac,0x33,0xcc,0x3c,0xb0,0x4a,0x43,0xe3,0xf4,0xe7,
- 0x05,0x49,0xcc,0x28,0x81,0xaf,0x73,0x8a
- };
-
-__fips_constseg
-static const unsigned char p_521_sha256_additionalinput2[] =
- {
- 0x80,0xf2,0xdc,0xd2,0x0e,0x77,0x89,0xd7,0x46,0x67,0x31,0x28,
- 0xf6,0xe1,0x1a,0x3f,0x70,0xdb,0x42,0x57,0xc7,0x0a,0xbd,0xf9,
- 0x46,0x0e,0x50,0xc8,0x32,0xe0,0x4d,0x8f
- };
-
-__fips_constseg
-static const unsigned char p_521_sha256_returnedbits[] =
- {
- 0x04,0xce,0x3f,0x47,0x4b,0x90,0x0e,0x0b,0x5d,0x61,0xd2,0xe4,
- 0xca,0x19,0x98,0x3e,0xda,0xbb,0xe0,0x68,0x42,0x16,0x3c,0x25,
- 0x69,0xb2,0x62,0x3f,0x57,0x84,0x22,0xc5,0x27,0x94,0xcb,0x2a,
- 0x6c,0xe4,0xe5,0x3a,0x4d,0xfe,0x23,0xeb,0x81,0x09,0x8a,0xa4,
- 0x57,0x8d,0x38,0x26,0x36,0x83,0xc7,0xfa,0xbd,0x1e,0xab,0x50,
- 0xfe,0xae,0x42
- };
-
-
-/* P-521 SHA-384 PR */
-__fips_constseg
-static const unsigned char p_521_sha384_pr_entropyinput[] =
- {
- 0xd7,0xc3,0x75,0xc9,0xdc,0xd6,0x28,0x49,0x6c,0x0c,0x26,0xe8,
- 0x50,0x5a,0x98,0x53,0xa0,0xa1,0x59,0xfc,0xd9,0xef,0x34,0x05,
- 0x42,0x12,0x5f,0x6c,0x80,0x65,0x37,0x77
- };
-
-__fips_constseg
-static const unsigned char p_521_sha384_pr_nonce[] =
- {
- 0x07,0x8a,0xc4,0xbb,0x27,0x54,0x33,0xe2,0xfa,0x4a,0xe2,0x84,
- 0xe5,0x5b,0x27,0x69
- };
-
-__fips_constseg
-static const unsigned char p_521_sha384_pr_personalizationstring[] =
- {
- 0x69,0x90,0xea,0xac,0x46,0x2f,0x9a,0x3a,0xcc,0xdb,0xbc,0x26,
- 0x5d,0xae,0x6d,0xca,0x80,0x62,0x95,0x3f,0x7c,0x17,0xa3,0xc5,
- 0x36,0x69,0x8a,0x70,0x4e,0xb0,0xfb,0x16
- };
-
-__fips_constseg
-static const unsigned char p_521_sha384_pr_additionalinput[] =
- {
- 0xc7,0x82,0x8d,0xac,0x49,0xed,0x4d,0xe0,0x5f,0x26,0xe4,0xdf,
- 0xd6,0x26,0xd0,0x90,0x5b,0xeb,0x36,0xa1,0x5a,0x8d,0xe0,0x33,
- 0x18,0x86,0x73,0xcb,0x0d,0x3c,0xf4,0x76
- };
-
-__fips_constseg
-static const unsigned char p_521_sha384_pr_entropyinputpr[] =
- {
- 0x88,0xeb,0xbc,0xc4,0xdb,0xb0,0x0c,0xc7,0xc9,0x0a,0xae,0x9f,
- 0xe7,0x2c,0x8d,0x8e,0x9a,0x5b,0x37,0xf4,0x91,0x15,0x7c,0x1c,
- 0x84,0x84,0x48,0x47,0x2d,0x24,0xc4,0xf8
- };
-
-__fips_constseg
-static const unsigned char p_521_sha384_pr_int_returnedbits[] =
- {
- 0xf1,0x8a,0x43,0xec,0x2b,0x3f,0x74,0x05,0xae,0x4f,0x96,0xbb,
- 0x90,0xba,0x55,0x23,0xb5,0x07,0xc9,0xfc,0x53,0x36,0x02,0x1d,
- 0xb5,0xf4,0x8a,0x8c,0x71,0xb0,0xb2,0x35,0x2e,0xc1,0x91,0xbb,
- 0x78,0xf1,0x5f,0x1d,0x1b,0xa3,0xa3,0x4d,0x93,0x76,0x36,0xbe,
- 0xb2,0x83,0x6e,0xe1,0x00,0xe3,0x58,0x98,0x84,0x1a,0x4d,0x77,
- 0x1c,0x3a,0x5f
- };
-
-__fips_constseg
-static const unsigned char p_521_sha384_pr_additionalinput2[] =
- {
- 0x1e,0xbd,0x75,0x87,0x28,0x2e,0x05,0xbe,0xb3,0xa8,0x81,0x57,
- 0x00,0x24,0xe5,0xe2,0xad,0x7d,0xe5,0x60,0x36,0x9b,0x82,0x09,
- 0xac,0xdd,0xec,0x5e,0xb6,0xc6,0x9e,0x72
- };
-
-__fips_constseg
-static const unsigned char p_521_sha384_pr_entropyinputpr2[] =
- {
- 0xa4,0x30,0xe4,0xec,0x31,0x84,0x79,0x5c,0x40,0xd8,0x54,0x9d,
- 0xd9,0x64,0xdf,0x46,0xc4,0xca,0x08,0x19,0x65,0x24,0x41,0xa8,
- 0xdb,0x4c,0xbd,0x4a,0x5a,0x6c,0xe7,0x40
- };
-
-__fips_constseg
-static const unsigned char p_521_sha384_pr_returnedbits[] =
- {
- 0x15,0x44,0x90,0x6e,0x56,0xc1,0x51,0x2a,0x0d,0x3a,0x2f,0x1a,
- 0x2d,0x0e,0xf8,0x32,0x05,0xe0,0xd7,0x77,0xd4,0x82,0x31,0x11,
- 0x4e,0x70,0x50,0x76,0x5a,0x42,0x56,0x0a,0xeb,0x27,0x63,0x74,
- 0xe5,0xc4,0x83,0x31,0x25,0x14,0xc4,0x5e,0x6e,0xc7,0xec,0x57,
- 0x4b,0xaf,0x17,0xd9,0x43,0x61,0xfb,0xf6,0xc1,0x18,0xc3,0x41,
- 0x3a,0xae,0x81
- };
-
-
-/* P-521 SHA-384 No PR */
-__fips_constseg
-static const unsigned char p_521_sha384_entropyinput[] =
- {
- 0xd2,0x5e,0x8a,0xdf,0x9d,0x50,0x3e,0xb8,0x0e,0x01,0x7b,0x02,
- 0x95,0xb4,0x26,0x59,0x25,0x7c,0xdf,0x15,0x6f,0x2f,0x59,0xe2,
- 0x60,0x8d,0xf8,0x83,0xdc,0xaf,0xb0,0xe1
- };
-
-__fips_constseg
-static const unsigned char p_521_sha384_nonce[] =
- {
- 0x03,0xb8,0xbe,0x6f,0x90,0x5a,0xca,0x32,0xcd,0x86,0x9f,0x0a,
- 0x01,0xb6,0x8f,0x41
- };
-
-__fips_constseg
-static const unsigned char p_521_sha384_personalizationstring[] =
- {
- 0x39,0x5d,0xc0,0xa6,0xa7,0x8f,0xc4,0x5e,0xec,0xb7,0x45,0xa7,
- 0x18,0x35,0x73,0xac,0x41,0x12,0x9c,0x8e,0x83,0xaa,0x45,0xb0,
- 0x35,0x9a,0x8a,0x44,0x6f,0xea,0xb8,0x15
- };
-
-__fips_constseg
-static const unsigned char p_521_sha384_additionalinput[] =
- {
- 0xac,0x37,0xb4,0x53,0x39,0xd7,0xdd,0xad,0x63,0x8d,0xe6,0x1a,
- 0x4c,0xdf,0x1d,0x3a,0x0c,0x54,0xcf,0xb0,0x15,0x01,0xc5,0x46,
- 0xc7,0x56,0xff,0x64,0x50,0x29,0xb2,0xb2
- };
-
-__fips_constseg
-static const unsigned char p_521_sha384_int_returnedbits[] =
- {
- 0x16,0xf7,0x2a,0xa2,0x12,0x41,0xb9,0x58,0xac,0x9c,0x99,0xaa,
- 0x9b,0xbd,0xcd,0x2c,0x18,0x0d,0xf6,0x5a,0x52,0xd8,0x26,0x4e,
- 0xd0,0x7a,0xc1,0xe5,0x67,0x54,0x7f,0x65,0x63,0x2a,0xd1,0xef,
- 0xf0,0x8f,0xb9,0x2e,0xb0,0xdb,0xc7,0x03,0xc8,0xe1,0x58,0xaa,
- 0xdb,0x7c,0x67,0xf6,0xf4,0x4d,0x33,0x0d,0xf0,0x6c,0xd9,0xdd,
- 0xd4,0x2c,0xa1
- };
-
-__fips_constseg
-static const unsigned char p_521_sha384_entropyinputreseed[] =
- {
- 0x38,0xae,0xd1,0xbd,0xde,0xcc,0x88,0xc7,0x2d,0x39,0x68,0x1e,
- 0xef,0x19,0xb6,0x3c,0xcc,0xed,0xec,0x87,0xc5,0xc5,0x56,0x22,
- 0xf6,0xa9,0xea,0xf4,0x8b,0x43,0x6b,0xf7
- };
-
-__fips_constseg
-static const unsigned char p_521_sha384_additionalinputreseed[] =
- {
- 0x6f,0xd8,0x16,0x55,0x9f,0xe8,0x71,0x65,0x83,0xf2,0xf5,0xaf,
- 0xad,0xff,0x19,0x72,0x59,0x8c,0x84,0xdb,0xc7,0x14,0x88,0x34,
- 0xda,0xda,0xde,0x4f,0xf0,0xfa,0xa3,0x33
- };
-
-__fips_constseg
-static const unsigned char p_521_sha384_additionalinput2[] =
- {
- 0xd9,0xe2,0x19,0x2e,0x78,0x71,0x2f,0xec,0x45,0xcc,0x63,0x0e,
- 0x5b,0x7a,0x02,0x34,0x29,0x90,0xd5,0x2c,0x10,0x7e,0xdd,0x5a,
- 0x3e,0x1a,0x4c,0x69,0xcb,0xec,0xc6,0x33
- };
-
-__fips_constseg
-static const unsigned char p_521_sha384_returnedbits[] =
- {
- 0x88,0x53,0x0c,0xa7,0x5c,0x3f,0x56,0x6a,0x0a,0x10,0xa5,0xac,
- 0x41,0x60,0x2a,0xa2,0x29,0x35,0x4c,0xc8,0x24,0xd1,0x75,0xc9,
- 0xcc,0xb8,0x87,0x46,0xcc,0xf2,0x72,0x05,0x7f,0x39,0xf0,0x0f,
- 0x4d,0x26,0xac,0x8c,0xa4,0x9a,0x87,0xe1,0x16,0xb3,0xc1,0x95,
- 0xba,0x0e,0x7b,0x96,0xa9,0x91,0x15,0x9c,0x54,0x16,0x73,0x3b,
- 0xce,0x2a,0xfd
- };
-
-
-/* P-521 SHA-512 PR */
-__fips_constseg
-static const unsigned char p_521_sha512_pr_entropyinput[] =
- {
- 0xb7,0x8e,0x4a,0x70,0x59,0xf4,0xb4,0xfa,0x94,0xef,0xc7,0xe7,
- 0x7b,0xde,0x06,0x46,0x2e,0x71,0xde,0x82,0x59,0xd5,0x3a,0x32,
- 0xee,0x1e,0x64,0x24,0x25,0xf4,0x1d,0xa6
- };
-
-__fips_constseg
-static const unsigned char p_521_sha512_pr_nonce[] =
- {
- 0x46,0x15,0x8e,0x0c,0x97,0x3c,0x81,0x7b,0x2b,0x38,0xde,0x1a,
- 0x93,0x68,0x00,0x30
- };
-
-__fips_constseg
-static const unsigned char p_521_sha512_pr_personalizationstring[] =
- {
- 0x05,0x12,0xdf,0xac,0xf9,0xf8,0xce,0xec,0x1e,0x98,0x91,0x6d,
- 0x1d,0xf5,0x4c,0xdf,0xb5,0xb4,0x43,0x90,0x1d,0xaa,0x53,0x9c,
- 0x9a,0xa3,0xb5,0x54,0x63,0x74,0xf0,0xf2
- };
-
-__fips_constseg
-static const unsigned char p_521_sha512_pr_additionalinput[] =
- {
- 0x04,0x8d,0xfc,0x7a,0xa2,0x25,0x99,0x6a,0xb0,0x17,0x7e,0xe8,
- 0x3b,0xc1,0x2f,0x59,0x48,0xde,0xbe,0x44,0xcc,0x2c,0xe6,0xa8,
- 0xf0,0x57,0x69,0x7e,0x85,0x2a,0xa8,0x8b
- };
-
-__fips_constseg
-static const unsigned char p_521_sha512_pr_entropyinputpr[] =
- {
- 0xbb,0xa2,0x0b,0x9f,0xf2,0x01,0x4c,0x9a,0x20,0x87,0x75,0x69,
- 0x18,0x51,0x21,0x12,0x55,0xf3,0xc4,0xfe,0x2c,0x5e,0x08,0x85,
- 0x52,0x12,0x68,0xb8,0x90,0x87,0x0c,0x6f
- };
-
-__fips_constseg
-static const unsigned char p_521_sha512_pr_int_returnedbits[] =
- {
- 0x81,0x79,0xde,0xe3,0xe0,0x72,0xd8,0x86,0x39,0x42,0x4b,0x86,
- 0xf0,0x4b,0xf2,0xa2,0x56,0xc1,0x67,0x41,0x12,0x2e,0x33,0x2d,
- 0x48,0x80,0x91,0x40,0xef,0x3d,0x47,0xf1,0x9b,0xea,0x55,0x2e,
- 0x78,0xa1,0x22,0x24,0x5b,0x0c,0xea,0x35,0xba,0xb5,0x0c,0x74,
- 0x17,0x1a,0x07,0xe6,0x0b,0x51,0xb5,0x9b,0xbf,0xdb,0xa8,0x05,
- 0xe4,0x7a,0x01
- };
-
-__fips_constseg
-static const unsigned char p_521_sha512_pr_additionalinput2[] =
- {
- 0x9d,0x9c,0xbd,0x7e,0x2d,0x33,0x41,0x63,0xb7,0x44,0x91,0xd0,
- 0xd1,0xaf,0x07,0x8a,0xb2,0xc4,0xd9,0xbc,0x72,0x37,0x70,0x7d,
- 0x85,0x47,0x06,0x9e,0x73,0x2b,0x85,0xb7
- };
-
-__fips_constseg
-static const unsigned char p_521_sha512_pr_entropyinputpr2[] =
- {
- 0xcd,0x1e,0x0c,0x58,0xe9,0x65,0x44,0x95,0x7a,0x68,0xf1,0xe1,
- 0xd7,0xc5,0xdb,0x89,0x0d,0xdc,0x30,0x0e,0x16,0xc1,0xe5,0xad,
- 0x57,0x60,0x50,0x31,0x5f,0xf0,0x05,0xf7
- };
-
-__fips_constseg
-static const unsigned char p_521_sha512_pr_returnedbits[] =
- {
- 0x5b,0x24,0x8e,0xab,0x1b,0x1b,0x86,0xe0,0x65,0x11,0x84,0x75,
- 0xbf,0x5b,0x00,0x0b,0xd8,0x08,0x7d,0x3f,0xfa,0x70,0xe7,0x65,
- 0xe3,0x68,0xe8,0x1f,0x78,0x68,0x49,0x5d,0x06,0x3f,0x7b,0x9b,
- 0xc2,0xc9,0x06,0x48,0xbd,0x3d,0x27,0x6c,0x36,0xc3,0xfb,0x57,
- 0x89,0x8a,0x90,0x92,0x1c,0xc0,0xda,0x58,0xd8,0x0e,0x81,0x70,
- 0x6d,0xd4,0x34
- };
-
-
-/* P-521 SHA-512 No PR */
-__fips_constseg
-static const unsigned char p_521_sha512_entropyinput[] =
- {
- 0x3d,0x1f,0x10,0x75,0x3c,0x9f,0x09,0xf2,0xe2,0x38,0x50,0x8e,
- 0x88,0xb1,0x1f,0x45,0xd3,0xb9,0x60,0xd9,0xd4,0x2f,0xed,0xbb,
- 0x5f,0xb2,0x0e,0x3b,0xaa,0x6b,0x2e,0xee
- };
-
-__fips_constseg
-static const unsigned char p_521_sha512_nonce[] =
- {
- 0x9d,0x59,0xbf,0xcb,0xcf,0x3f,0xe0,0xb1,0x2b,0x6f,0x3d,0xd8,
- 0x38,0x77,0xf6,0x1c
- };
-
-__fips_constseg
-static const unsigned char p_521_sha512_personalizationstring[] =
- {
- 0xf2,0x91,0xdb,0xef,0x70,0x9a,0x87,0x74,0xc4,0xf6,0x8e,0x09,
- 0xe8,0x39,0xe5,0xc0,0x79,0x12,0xcb,0xeb,0x58,0x1c,0x88,0x81,
- 0x83,0xe8,0x66,0xd0,0x2f,0x49,0xef,0x63
- };
-
-__fips_constseg
-static const unsigned char p_521_sha512_additionalinput[] =
- {
- 0x38,0x7c,0xdd,0x33,0xcd,0x09,0x12,0xc0,0xb8,0x73,0x72,0xdf,
- 0xad,0xe1,0xe9,0xd2,0x69,0xd0,0xa0,0x1a,0xe5,0xfc,0x51,0x0a,
- 0xd5,0x90,0xe9,0x8c,0x66,0x8c,0x63,0x35
- };
-
-__fips_constseg
-static const unsigned char p_521_sha512_int_returnedbits[] =
- {
- 0x7c,0xd6,0xd8,0xbb,0x12,0x5d,0xaf,0x65,0x65,0xd2,0x20,0x58,
- 0x82,0x17,0xbb,0xd6,0x37,0x24,0x23,0xe2,0x49,0xe3,0x13,0x74,
- 0x66,0x7a,0xaf,0x35,0x8f,0x18,0x88,0xa8,0xb8,0xc3,0x84,0xb1,
- 0xb5,0xfa,0xf2,0x46,0x49,0x91,0x95,0x06,0x1a,0x8c,0xb3,0x94,
- 0x78,0x11,0x73,0x9d,0xeb,0x07,0xc6,0x20,0x52,0x89,0xf1,0xaf,
- 0xb2,0x66,0xba
- };
-
-__fips_constseg
-static const unsigned char p_521_sha512_entropyinputreseed[] =
- {
- 0xd5,0x51,0xf0,0x88,0xb6,0xa5,0x26,0x8c,0x34,0x82,0xd3,0xa4,
- 0xee,0x6e,0xc4,0x70,0x27,0xb8,0x85,0xa7,0xca,0x22,0x7b,0x62,
- 0x9c,0xcf,0x3e,0xa9,0xc2,0x6e,0x3a,0x3e
- };
-
-__fips_constseg
-static const unsigned char p_521_sha512_additionalinputreseed[] =
- {
- 0x22,0xce,0x9f,0x3b,0x36,0x8d,0x4e,0xe2,0xe5,0xff,0xaf,0x72,
- 0x90,0xe8,0xfa,0x3b,0x16,0xe2,0xcb,0xc6,0xf1,0xac,0x5e,0xb8,
- 0x8e,0xb0,0x0a,0x05,0xeb,0xd4,0xfd,0x58
- };
-
-__fips_constseg
-static const unsigned char p_521_sha512_additionalinput2[] =
- {
- 0x2f,0x55,0x03,0xe2,0x5f,0x58,0xf4,0xc8,0xf9,0x98,0x79,0x9a,
- 0x1e,0x44,0xa5,0x0d,0x38,0x20,0x5e,0xe4,0x54,0x0a,0xd4,0x1f,
- 0xc3,0xcf,0x3e,0x66,0xf2,0x2f,0xd5,0xb6
- };
-
-__fips_constseg
-static const unsigned char p_521_sha512_returnedbits[] =
- {
- 0x2e,0xbf,0x98,0xf9,0x85,0x27,0x8b,0xff,0x36,0xb9,0x40,0x0b,
- 0xc0,0xa1,0xa0,0x13,0x20,0x06,0xcc,0xe6,0x2a,0x03,0x77,0x7d,
- 0xee,0xde,0xcc,0x34,0xe3,0xcd,0x77,0xea,0xd0,0x3e,0xbe,0xdd,
- 0xf6,0x15,0xfb,0xa7,0xd7,0x8e,0xd0,0x2e,0x2f,0x82,0x4c,0xc7,
- 0x87,0xb1,0x6f,0xc5,0xf8,0x5c,0x78,0xde,0x77,0x9b,0x15,0x9a,
- 0xb9,0x3c,0x38
- };
-
+++ /dev/null
-/* fips/rand/fips_drbgvs.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#define OPENSSL_FIPSAPI
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-#include <stdio.h>
-
-int main(int argc, char **argv)
-{
- printf("No FIPS DRBG support\n");
- return(0);
-}
-#else
-
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <string.h>
-#include <ctype.h>
-
-#include "fips_utl.h"
-
-static int dparse_md(char *str)
- {
- switch(atoi(str + 5))
- {
- case 1:
- return NID_sha1;
-
- case 224:
- return NID_sha224;
-
- case 256:
- return NID_sha256;
-
- case 384:
- return NID_sha384;
-
- case 512:
- return NID_sha512;
-
- }
-
- return NID_undef;
- }
-
-static int parse_ec(char *str)
- {
- int curve_nid, md_nid;
- char *md;
- md = strchr(str, ' ');
- if (!md)
- return NID_undef;
- if (!strncmp(str, "[P-256", 6))
- curve_nid = NID_X9_62_prime256v1;
- else if (!strncmp(str, "[P-384", 6))
- curve_nid = NID_secp384r1;
- else if (!strncmp(str, "[P-521", 6))
- curve_nid = NID_secp521r1;
- else
- return NID_undef;
- md_nid = dparse_md(md);
- if (md_nid == NID_undef)
- return NID_undef;
- return (curve_nid << 16) | md_nid;
- }
-
-static int parse_aes(char *str, int *pdf)
- {
-
- if (!strncmp(str + 9, "no", 2))
- *pdf = 0;
- else
- *pdf = DRBG_FLAG_CTR_USE_DF;
-
- switch(atoi(str + 5))
- {
- case 128:
- return NID_aes_128_ctr;
-
- case 192:
- return NID_aes_192_ctr;
-
- case 256:
- return NID_aes_256_ctr;
-
- default:
- return NID_undef;
-
- }
- }
-
-typedef struct
- {
- unsigned char *ent;
- size_t entlen;
- unsigned char *nonce;
- size_t noncelen;
- } TEST_ENT;
-
-static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len)
- {
- TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
- *pout = (unsigned char *)t->ent;
- return t->entlen;
- }
-
-static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len)
- {
- TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
- *pout = (unsigned char *)t->nonce;
- return t->noncelen;
- }
-
-#ifdef FIPS_ALGVS
-int fips_drbgvs_main(int argc,char **argv)
-#else
-int main(int argc,char **argv)
-#endif
- {
- FILE *in = NULL, *out = NULL;
- DRBG_CTX *dctx = NULL;
- TEST_ENT t;
- int r, nid = 0;
- int pr = 0;
- char buf[2048], lbuf[2048];
- unsigned char randout[2048];
- char *keyword = NULL, *value = NULL;
-
- unsigned char *ent = NULL, *nonce = NULL, *pers = NULL, *adin = NULL;
- long entlen, noncelen, perslen, adinlen;
- int df = 0;
-
- enum dtype { DRBG_NONE, DRBG_CTR, DRBG_HASH, DRBG_HMAC, DRBG_DUAL_EC }
- drbg_type = DRBG_NONE;
-
- int randoutlen = 0;
-
- int gen = 0;
-
- fips_algtest_init();
-
- if (argc == 3)
- {
- in = fopen(argv[1], "r");
- if (!in)
- {
- fprintf(stderr, "Error opening input file\n");
- exit(1);
- }
- out = fopen(argv[2], "w");
- if (!out)
- {
- fprintf(stderr, "Error opening output file\n");
- exit(1);
- }
- }
- else if (argc == 1)
- {
- in = stdin;
- out = stdout;
- }
- else
- {
- fprintf(stderr,"%s (infile outfile)\n",argv[0]);
- exit(1);
- }
-
- while (fgets(buf, sizeof(buf), in) != NULL)
- {
- fputs(buf, out);
- if (drbg_type == DRBG_NONE)
- {
- if (strstr(buf, "CTR_DRBG"))
- drbg_type = DRBG_CTR;
- else if (strstr(buf, "Hash_DRBG"))
- drbg_type = DRBG_HASH;
- else if (strstr(buf, "HMAC_DRBG"))
- drbg_type = DRBG_HMAC;
- else if (strstr(buf, "Dual_EC_DRBG"))
- drbg_type = DRBG_DUAL_EC;
- else
- continue;
- }
- if (strlen(buf) > 4 && !strncmp(buf, "[SHA-", 5))
- {
- nid = dparse_md(buf);
- if (nid == NID_undef)
- exit(1);
- if (drbg_type == DRBG_HMAC)
- {
- switch (nid)
- {
- case NID_sha1:
- nid = NID_hmacWithSHA1;
- break;
-
- case NID_sha224:
- nid = NID_hmacWithSHA224;
- break;
-
- case NID_sha256:
- nid = NID_hmacWithSHA256;
- break;
-
- case NID_sha384:
- nid = NID_hmacWithSHA384;
- break;
-
- case NID_sha512:
- nid = NID_hmacWithSHA512;
- break;
-
- default:
- exit(1);
- }
- }
- }
- if (strlen(buf) > 12 && !strncmp(buf, "[AES-", 5))
- {
- nid = parse_aes(buf, &df);
- if (nid == NID_undef)
- exit(1);
- }
- if (strlen(buf) > 12 && !strncmp(buf, "[P-", 3))
- {
- nid = parse_ec(buf);
- if (nid == NID_undef)
- exit(1);
- }
- if (!parse_line(&keyword, &value, lbuf, buf))
- continue;
-
- if (!strcmp(keyword, "[PredictionResistance"))
- {
- if (!strcmp(value, "True]"))
- pr = 1;
- else if (!strcmp(value, "False]"))
- pr = 0;
- else
- exit(1);
- }
-
- if (!strcmp(keyword, "EntropyInput"))
- {
- ent = hex2bin_m(value, &entlen);
- t.ent = ent;
- t.entlen = entlen;
- }
-
- if (!strcmp(keyword, "Nonce"))
- {
- nonce = hex2bin_m(value, &noncelen);
- t.nonce = nonce;
- t.noncelen = noncelen;
- }
-
- if (!strcmp(keyword, "PersonalizationString"))
- {
- pers = hex2bin_m(value, &perslen);
- if (nid == 0)
- {
- fprintf(stderr, "DRBG type not recognised!\n");
- exit (1);
- }
- dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST);
- if (!dctx)
- exit (1);
- FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0,
- test_nonce, 0);
- FIPS_drbg_set_app_data(dctx, &t);
- randoutlen = (int)FIPS_drbg_get_blocklength(dctx);
- r = FIPS_drbg_instantiate(dctx, pers, perslen);
- if (!r)
- {
- fprintf(stderr, "Error instantiating DRBG\n");
- exit(1);
- }
- OPENSSL_free(pers);
- OPENSSL_free(ent);
- OPENSSL_free(nonce);
- ent = nonce = pers = NULL;
- gen = 0;
- }
-
- if (!strcmp(keyword, "AdditionalInput"))
- {
- adin = hex2bin_m(value, &adinlen);
- if (pr)
- continue;
- r = FIPS_drbg_generate(dctx, randout, randoutlen, 0,
- adin, adinlen);
- if (!r)
- {
- fprintf(stderr, "Error generating DRBG bits\n");
- exit(1);
- }
- if (!r)
- exit(1);
- OPENSSL_free(adin);
- adin = NULL;
- gen++;
- }
-
- if (pr)
- {
- if (!strcmp(keyword, "EntropyInputPR"))
- {
- ent = hex2bin_m(value, &entlen);
- t.ent = ent;
- t.entlen = entlen;
- r = FIPS_drbg_generate(dctx,
- randout, randoutlen,
- 1, adin, adinlen);
- if (!r)
- {
- fprintf(stderr,
- "Error generating DRBG bits\n");
- exit(1);
- }
- OPENSSL_free(adin);
- OPENSSL_free(ent);
- adin = ent = NULL;
- gen++;
- }
- }
- if (!strcmp(keyword, "EntropyInputReseed"))
- {
- ent = hex2bin_m(value, &entlen);
- t.ent = ent;
- t.entlen = entlen;
- }
- if (!strcmp(keyword, "AdditionalInputReseed"))
- {
- adin = hex2bin_m(value, &adinlen);
- FIPS_drbg_reseed(dctx, adin, adinlen);
- OPENSSL_free(ent);
- OPENSSL_free(adin);
- ent = adin = NULL;
- }
- if (gen == 2)
- {
- OutputValue("ReturnedBits", randout, randoutlen,
- out, 0);
- FIPS_drbg_free(dctx);
- dctx = NULL;
- gen = 0;
- }
-
- }
- if (in && in != stdin)
- fclose(in);
- if (out && out != stdout)
- fclose(out);
- return 0;
- }
-
-#endif
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-/*
- * This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4.
- */
-#include <openssl/crypto.h>
-#include "e_os.h"
-
-/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't
- be defined and gettimeofday() won't be declared with strict compilers
- like DEC C in ANSI C mode. */
-#ifndef _XOPEN_SOURCE_EXTENDED
-#define _XOPEN_SOURCE_EXTENDED 1
-#endif
-
-#include <openssl/rand.h>
-#include <openssl/aes.h>
-#include <openssl/err.h>
-#include <openssl/fips_rand.h>
-#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS))
-# include <sys/time.h>
-#endif
-#if defined(OPENSSL_SYS_VXWORKS)
-# include <time.h>
-#endif
-#include <assert.h>
-#ifndef OPENSSL_SYS_WIN32
-# ifdef OPENSSL_UNISTD
-# include OPENSSL_UNISTD
-# else
-# include <unistd.h>
-# endif
-#endif
-#include <string.h>
-#include <openssl/fips.h>
-#include "fips_locl.h"
-
-#ifdef OPENSSL_FIPS
-
-void *OPENSSL_stderr(void);
-
-#define AES_BLOCK_LENGTH 16
-
-
-/* AES FIPS PRNG implementation */
-
-typedef struct
- {
- int seeded;
- int keyed;
- int test_mode;
- int second;
- int error;
- unsigned long counter;
- AES_KEY ks;
- int vpos;
- /* Temporary storage for key if it equals seed length */
- unsigned char tmp_key[AES_BLOCK_LENGTH];
- unsigned char V[AES_BLOCK_LENGTH];
- unsigned char DT[AES_BLOCK_LENGTH];
- unsigned char last[AES_BLOCK_LENGTH];
- } FIPS_PRNG_CTX;
-
-static FIPS_PRNG_CTX sctx;
-
-static int fips_prng_fail = 0;
-
-void FIPS_x931_stick(int onoff)
- {
- fips_prng_fail = onoff;
- }
-
-static void fips_rand_prng_reset(FIPS_PRNG_CTX *ctx)
- {
- ctx->seeded = 0;
- ctx->keyed = 0;
- ctx->test_mode = 0;
- ctx->counter = 0;
- ctx->second = 0;
- ctx->error = 0;
- ctx->vpos = 0;
- OPENSSL_cleanse(ctx->V, AES_BLOCK_LENGTH);
- OPENSSL_cleanse(&ctx->ks, sizeof(AES_KEY));
- }
-
-
-static int fips_set_prng_key(FIPS_PRNG_CTX *ctx,
- const unsigned char *key, unsigned int keylen)
- {
- if (FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_FIPS_SET_PRNG_KEY, FIPS_R_SELFTEST_FAILED);
- return 0;
- }
- if (keylen != 16 && keylen != 24 && keylen != 32)
- {
- /* error: invalid key size */
- return 0;
- }
- AES_set_encrypt_key(key, keylen << 3, &ctx->ks);
- if (keylen == 16)
- {
- memcpy(ctx->tmp_key, key, 16);
- ctx->keyed = 2;
- }
- else
- ctx->keyed = 1;
- ctx->seeded = 0;
- ctx->second = 0;
- return 1;
- }
-
-static int fips_set_prng_seed(FIPS_PRNG_CTX *ctx,
- const unsigned char *seed, unsigned int seedlen)
- {
- unsigned int i;
- if (!ctx->keyed)
- return 0;
- /* In test mode seed is just supplied data */
- if (ctx->test_mode)
- {
- if (seedlen != AES_BLOCK_LENGTH)
- return 0;
- memcpy(ctx->V, seed, AES_BLOCK_LENGTH);
- ctx->seeded = 1;
- return 1;
- }
- /* Outside test mode XOR supplied data with existing seed */
- for (i = 0; i < seedlen; i++)
- {
- ctx->V[ctx->vpos++] ^= seed[i];
- if (ctx->vpos == AES_BLOCK_LENGTH)
- {
- ctx->vpos = 0;
- /* Special case if first seed and key length equals
- * block size check key and seed do not match.
- */
- if (ctx->keyed == 2)
- {
- if (!memcmp(ctx->tmp_key, ctx->V, 16))
- {
- RANDerr(RAND_F_FIPS_SET_PRNG_SEED,
- RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY);
- return 0;
- }
- OPENSSL_cleanse(ctx->tmp_key, 16);
- ctx->keyed = 1;
- }
- ctx->seeded = 1;
- }
- }
- return 1;
- }
-
-static int fips_set_test_mode(FIPS_PRNG_CTX *ctx)
- {
- if (ctx->keyed)
- {
- RANDerr(RAND_F_FIPS_SET_TEST_MODE,RAND_R_PRNG_KEYED);
- return 0;
- }
- ctx->test_mode = 1;
- return 1;
- }
-
-int FIPS_x931_test_mode(void)
- {
- return fips_set_test_mode(&sctx);
- }
-
-int FIPS_x931_set_dt(unsigned char *dt)
- {
- if (!sctx.test_mode)
- {
- RANDerr(RAND_F_FIPS_X931_SET_DT,RAND_R_NOT_IN_TEST_MODE);
- return 0;
- }
- memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
- return 1;
- }
-
-void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr)
- {
-#ifdef OPENSSL_SYS_WIN32
- FILETIME ft;
-#elif defined(OPENSSL_SYS_VXWORKS)
- struct timespec ts;
-#else
- struct timeval tv;
-#endif
-
-#ifndef GETPID_IS_MEANINGLESS
- unsigned long pid;
-#endif
-
-#ifdef OPENSSL_SYS_WIN32
- GetSystemTimeAsFileTime(&ft);
- buf[0] = (unsigned char) (ft.dwHighDateTime & 0xff);
- buf[1] = (unsigned char) ((ft.dwHighDateTime >> 8) & 0xff);
- buf[2] = (unsigned char) ((ft.dwHighDateTime >> 16) & 0xff);
- buf[3] = (unsigned char) ((ft.dwHighDateTime >> 24) & 0xff);
- buf[4] = (unsigned char) (ft.dwLowDateTime & 0xff);
- buf[5] = (unsigned char) ((ft.dwLowDateTime >> 8) & 0xff);
- buf[6] = (unsigned char) ((ft.dwLowDateTime >> 16) & 0xff);
- buf[7] = (unsigned char) ((ft.dwLowDateTime >> 24) & 0xff);
-#elif defined(OPENSSL_SYS_VXWORKS)
- clock_gettime(CLOCK_REALTIME, &ts);
- buf[0] = (unsigned char) (ts.tv_sec & 0xff);
- buf[1] = (unsigned char) ((ts.tv_sec >> 8) & 0xff);
- buf[2] = (unsigned char) ((ts.tv_sec >> 16) & 0xff);
- buf[3] = (unsigned char) ((ts.tv_sec >> 24) & 0xff);
- buf[4] = (unsigned char) (ts.tv_nsec & 0xff);
- buf[5] = (unsigned char) ((ts.tv_nsec >> 8) & 0xff);
- buf[6] = (unsigned char) ((ts.tv_nsec >> 16) & 0xff);
- buf[7] = (unsigned char) ((ts.tv_nsec >> 24) & 0xff);
-#else
- gettimeofday(&tv,NULL);
- buf[0] = (unsigned char) (tv.tv_sec & 0xff);
- buf[1] = (unsigned char) ((tv.tv_sec >> 8) & 0xff);
- buf[2] = (unsigned char) ((tv.tv_sec >> 16) & 0xff);
- buf[3] = (unsigned char) ((tv.tv_sec >> 24) & 0xff);
- buf[4] = (unsigned char) (tv.tv_usec & 0xff);
- buf[5] = (unsigned char) ((tv.tv_usec >> 8) & 0xff);
- buf[6] = (unsigned char) ((tv.tv_usec >> 16) & 0xff);
- buf[7] = (unsigned char) ((tv.tv_usec >> 24) & 0xff);
-#endif
- buf[8] = (unsigned char) (*pctr & 0xff);
- buf[9] = (unsigned char) ((*pctr >> 8) & 0xff);
- buf[10] = (unsigned char) ((*pctr >> 16) & 0xff);
- buf[11] = (unsigned char) ((*pctr >> 24) & 0xff);
-
- (*pctr)++;
-
-
-#ifndef GETPID_IS_MEANINGLESS
- pid=(unsigned long)getpid();
- buf[12] = (unsigned char) (pid & 0xff);
- buf[13] = (unsigned char) ((pid >> 8) & 0xff);
- buf[14] = (unsigned char) ((pid >> 16) & 0xff);
- buf[15] = (unsigned char) ((pid >> 24) & 0xff);
-#endif
- }
-
-static int fips_rand(FIPS_PRNG_CTX *ctx,
- unsigned char *out, unsigned int outlen)
- {
- unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH];
- unsigned char tmp[AES_BLOCK_LENGTH];
- int i;
- if (ctx->error)
- {
- RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_ERROR);
- return 0;
- }
- if (!ctx->keyed)
- {
- RANDerr(RAND_F_FIPS_RAND,RAND_R_NO_KEY_SET);
- return 0;
- }
- if (!ctx->seeded)
- {
- RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_NOT_SEEDED);
- return 0;
- }
- for (;;)
- {
- if (!ctx->test_mode)
- FIPS_get_timevec(ctx->DT, &ctx->counter);
- AES_encrypt(ctx->DT, I, &ctx->ks);
- for (i = 0; i < AES_BLOCK_LENGTH; i++)
- tmp[i] = I[i] ^ ctx->V[i];
- AES_encrypt(tmp, R, &ctx->ks);
- for (i = 0; i < AES_BLOCK_LENGTH; i++)
- tmp[i] = R[i] ^ I[i];
- AES_encrypt(tmp, ctx->V, &ctx->ks);
- /* Continuous PRNG test */
- if (ctx->second)
- {
- if (fips_prng_fail)
- memcpy(ctx->last, R, AES_BLOCK_LENGTH);
- if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH))
- {
- RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_STUCK);
- ctx->error = 1;
- fips_set_selftest_fail();
- return 0;
- }
- }
- memcpy(ctx->last, R, AES_BLOCK_LENGTH);
- if (!ctx->second)
- {
- ctx->second = 1;
- if (!ctx->test_mode)
- continue;
- }
-
- if (outlen <= AES_BLOCK_LENGTH)
- {
- memcpy(out, R, outlen);
- break;
- }
-
- memcpy(out, R, AES_BLOCK_LENGTH);
- out += AES_BLOCK_LENGTH;
- outlen -= AES_BLOCK_LENGTH;
- }
- return 1;
- }
-
-
-int FIPS_x931_set_key(const unsigned char *key, int keylen)
- {
- int ret;
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- ret = fips_set_prng_key(&sctx, key, keylen);
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- return ret;
- }
-
-int FIPS_x931_seed(const void *seed, int seedlen)
- {
- int ret;
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- ret = fips_set_prng_seed(&sctx, seed, seedlen);
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- return ret;
- }
-
-
-int FIPS_x931_bytes(unsigned char *out, int count)
- {
- int ret;
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- ret = fips_rand(&sctx, out, count);
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- return ret;
- }
-
-int FIPS_x931_status(void)
- {
- int ret;
- CRYPTO_r_lock(CRYPTO_LOCK_RAND);
- ret = sctx.seeded;
- CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
- return ret;
- }
-
-void FIPS_x931_reset(void)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- fips_rand_prng_reset(&sctx);
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- }
-
-static int fips_do_rand_seed(const void *seed, int seedlen)
- {
- FIPS_x931_seed(seed, seedlen);
- return 1;
- }
-
-static int fips_do_rand_add(const void *seed, int seedlen,
- double add_entropy)
- {
- FIPS_x931_seed(seed, seedlen);
- return 1;
- }
-
-static const RAND_METHOD rand_x931_meth=
- {
- fips_do_rand_seed,
- FIPS_x931_bytes,
- FIPS_x931_reset,
- fips_do_rand_add,
- FIPS_x931_bytes,
- FIPS_x931_status
- };
-
-const RAND_METHOD *FIPS_x931_method(void)
-{
- return &rand_x931_meth;
-}
-
-#endif
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#ifndef HEADER_FIPS_RAND_H
-#define HEADER_FIPS_RAND_H
-
-#include <openssl/aes.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/ec.h>
-
-#ifdef OPENSSL_FIPS
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-int FIPS_x931_set_key(const unsigned char *key, int keylen);
-int FIPS_x931_seed(const void *buf, int num);
-int FIPS_x931_bytes(unsigned char *out, int outlen);
-
-int FIPS_x931_test_mode(void);
-void FIPS_x931_reset(void);
-int FIPS_x931_set_dt(unsigned char *dt);
-
-int FIPS_x931_status(void);
-
-const RAND_METHOD *FIPS_x931_method(void);
-
-typedef struct drbg_ctx_st DRBG_CTX;
-/* DRBG external flags */
-/* Flag for CTR mode only: use derivation function ctr_df */
-#define DRBG_FLAG_CTR_USE_DF 0x1
-/* PRNG is in test state */
-#define DRBG_FLAG_TEST 0x2
-
-DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags);
-int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags);
-int FIPS_drbg_instantiate(DRBG_CTX *dctx,
- const unsigned char *pers, size_t perslen);
-int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin, size_t adinlen);
-int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
- int prediction_resistance,
- const unsigned char *adin, size_t adinlen);
-
-int FIPS_drbg_uninstantiate(DRBG_CTX *dctx);
-void FIPS_drbg_free(DRBG_CTX *dctx);
-
-int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
- size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len),
- void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
- size_t entropy_blocklen,
- size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len),
- void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen));
-
-int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
- size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout),
- void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
- int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num),
- int (*rand_add_cb)(DRBG_CTX *ctx,
- const void *buf, int num, double entropy));
-
-void *FIPS_drbg_get_app_data(DRBG_CTX *ctx);
-void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data);
-size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx);
-int FIPS_drbg_get_strength(DRBG_CTX *dctx);
-void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval);
-void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval);
-
-int FIPS_drbg_health_check(DRBG_CTX *dctx);
-
-DRBG_CTX *FIPS_get_default_drbg(void);
-const RAND_METHOD *FIPS_drbg_method(void);
-
-
-int FIPS_rand_set_method(const RAND_METHOD *meth);
-const RAND_METHOD *FIPS_rand_get_method(void);
-
-void FIPS_rand_set_bits(int nbits);
-
-int FIPS_rand_strength(void);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-#endif
+++ /dev/null
-/* fips/rand/fips_rand_lcl.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-typedef struct drbg_hash_ctx_st DRBG_HASH_CTX;
-typedef struct drbg_hmac_ctx_st DRBG_HMAC_CTX;
-typedef struct drbg_ctr_ctx_st DRBG_CTR_CTX;
-typedef struct drbg_ec_ctx_st DRBG_EC_CTX;
-
-/* 888 bits from 10.1 table 2 */
-#define HASH_PRNG_MAX_SEEDLEN 111
-
-struct drbg_hash_ctx_st
- {
- const EVP_MD *md;
- EVP_MD_CTX mctx;
- unsigned char V[HASH_PRNG_MAX_SEEDLEN];
- unsigned char C[HASH_PRNG_MAX_SEEDLEN];
- /* Temporary value storage: should always exceed max digest length */
- unsigned char vtmp[HASH_PRNG_MAX_SEEDLEN];
- };
-
-struct drbg_hmac_ctx_st
- {
- const EVP_MD *md;
- HMAC_CTX hctx;
- unsigned char K[EVP_MAX_MD_SIZE];
- unsigned char V[EVP_MAX_MD_SIZE];
- };
-
-struct drbg_ctr_ctx_st
- {
- AES_KEY ks;
- size_t keylen;
- unsigned char K[32];
- unsigned char V[16];
- /* Temp variables used by derivation function */
- AES_KEY df_ks;
- AES_KEY df_kxks;
- /* Temporary block storage used by ctr_df */
- unsigned char bltmp[16];
- size_t bltmp_pos;
- unsigned char KX[48];
- };
-
-/* Maximum seed length */
-#define EC_PRNG_MAX_SEEDLEN 66
-
-struct drbg_ec_ctx_st
- {
- /* Message digest to use */
- const EVP_MD *md;
- /* Curve to use: generator is point P */
- EC_GROUP *curve;
- /* Point Q */
- EC_POINT *Q;
- /* Temporary point */
- EC_POINT *ptmp;
- size_t exbits;
- /* Secret s value */
- BIGNUM *s;
- /* Buffer to store byte version of s value */
- unsigned char sbuf[EC_PRNG_MAX_SEEDLEN];
- /* Buffer to store byte version of t value */
- unsigned char tbuf[EC_PRNG_MAX_SEEDLEN];
- /* Digest context */
- EVP_MD_CTX mctx;
- /* Temporary value storage: should always exceed max digest length */
- unsigned char vtmp[EC_PRNG_MAX_SEEDLEN];
- /* Temp BN context */
- BN_CTX *bctx;
- };
-
-/* DRBG internal flags */
-
-/* Functions shouldn't call err library */
-#define DRBG_FLAG_NOERR 0x1
-/* Custom reseed checking */
-#define DRBG_CUSTOM_RESEED 0x2
-
-/* DRBG status values */
-/* not initialised */
-#define DRBG_STATUS_UNINITIALISED 0
-/* ok and ready to generate random bits */
-#define DRBG_STATUS_READY 1
-/* reseed required */
-#define DRBG_STATUS_RESEED 2
-/* fatal error condition */
-#define DRBG_STATUS_ERROR 3
-
-/* A default maximum length: larger than any reasonable value used in pratice */
-
-#define DRBG_MAX_LENGTH 0x7ffffff0
-/* Maximum DRBG block length: all md sizes are bigger than cipher blocks sizes
- * so use max digest length.
- */
-#define DRBG_MAX_BLOCK EVP_MAX_MD_SIZE
-
-#define DRBG_HEALTH_INTERVAL (1 << 24)
-
-/* DRBG context structure */
-
-struct drbg_ctx_st
- {
- /* First types common to all implementations */
- /* DRBG type: a NID for the underlying algorithm */
- int type;
- /* Various external flags */
- unsigned int xflags;
- /* Various internal use only flags */
- unsigned int iflags;
- /* Used for periodic health checks */
- int health_check_cnt, health_check_interval;
-
- /* The following parameters are setup by mechanism drbg_init() call */
- int strength;
- size_t blocklength;
- size_t max_request;
-
- size_t min_entropy, max_entropy;
- size_t min_nonce, max_nonce;
- size_t max_pers, max_adin;
- unsigned int reseed_counter;
- unsigned int reseed_interval;
- size_t seedlen;
- int status;
- /* Application data: typically used by test get_entropy */
- void *app_data;
- /* Implementation specific structures */
- union
- {
- DRBG_HASH_CTX hash;
- DRBG_HMAC_CTX hmac;
- DRBG_CTR_CTX ctr;
- DRBG_EC_CTX ec;
- } d;
- /* Initialiase PRNG and setup callbacks below */
- int (*init)(DRBG_CTX *ctx, int nid, int security, unsigned int flags);
- /* Intantiate PRNG */
- int (*instantiate)(DRBG_CTX *ctx,
- const unsigned char *ent, size_t entlen,
- const unsigned char *nonce, size_t noncelen,
- const unsigned char *pers, size_t perslen);
- /* reseed */
- int (*reseed)(DRBG_CTX *ctx,
- const unsigned char *ent, size_t entlen,
- const unsigned char *adin, size_t adinlen);
- /* generat output */
- int (*generate)(DRBG_CTX *ctx,
- unsigned char *out, size_t outlen,
- const unsigned char *adin, size_t adinlen);
- /* uninstantiate */
- int (*uninstantiate)(DRBG_CTX *ctx);
-
- /* Entropy source block length */
- size_t entropy_blocklen;
-
- /* entropy gathering function */
- size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len);
- /* Indicates we have finished with entropy buffer */
- void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
-
- /* nonce gathering function */
- size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
- int entropy, size_t min_len, size_t max_len);
- /* Indicates we have finished with nonce buffer */
- void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
-
- /* Continuous random number test temporary area */
- /* Last block */
- unsigned char lb[EVP_MAX_MD_SIZE];
- /* set if lb is valid */
- int lb_valid;
-
- /* Callbacks used when called through RAND interface */
- /* Get any additional input for generate */
- size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout);
- void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
- /* Callback for RAND_seed(), RAND_add() */
- int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num);
- int (*rand_add_cb)(DRBG_CTX *ctx,
- const void *buf, int num, double entropy);
- };
-
-
-int fips_drbg_ctr_init(DRBG_CTX *dctx);
-int fips_drbg_hash_init(DRBG_CTX *dctx);
-int fips_drbg_hmac_init(DRBG_CTX *dctx);
-int fips_drbg_ec_init(DRBG_CTX *dctx);
-int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags);
-int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out);
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include "e_os.h"
-
-/* FIPS API for PRNG use. Similar to RAND functionality but without
- * ENGINE and additional checking for non-FIPS rand methods.
- */
-
-static const RAND_METHOD *fips_rand_meth = NULL;
-static int fips_approved_rand_meth = 0;
-static int fips_rand_bits = 0;
-
-/* Allows application to override number of bits and uses non-FIPS methods */
-void FIPS_rand_set_bits(int nbits)
- {
- fips_rand_bits = nbits;
- }
-
-int FIPS_rand_set_method(const RAND_METHOD *meth)
- {
- if (!fips_rand_bits)
- {
- if (meth == FIPS_drbg_method())
- fips_approved_rand_meth = 1;
- else if (meth == FIPS_x931_method())
- fips_approved_rand_meth = 2;
- else
- {
- fips_approved_rand_meth = 0;
- if (FIPS_module_mode())
- {
- FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD,
- FIPS_R_NON_FIPS_METHOD);
- return 0;
- }
- }
- }
- fips_rand_meth = meth;
- return 1;
- }
-
-const RAND_METHOD *FIPS_rand_get_method(void)
- {
- return fips_rand_meth;
- }
-
-void FIPS_rand_seed(const void *buf, int num)
- {
- if (!fips_approved_rand_meth && FIPS_module_mode())
- {
- FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
- return;
- }
- if (fips_rand_meth && fips_rand_meth->seed)
- fips_rand_meth->seed(buf,num);
- }
-
-void FIPS_rand_add(const void *buf, int num, double entropy)
- {
- if (!fips_approved_rand_meth && FIPS_module_mode())
- {
- FIPSerr(FIPS_F_FIPS_RAND_ADD, FIPS_R_NON_FIPS_METHOD);
- return;
- }
- if (fips_rand_meth && fips_rand_meth->add)
- fips_rand_meth->add(buf,num,entropy);
- }
-
-int FIPS_rand_bytes(unsigned char *buf, int num)
- {
- if (!fips_approved_rand_meth && FIPS_module_mode())
- {
- FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
- return 0;
- }
- if (fips_rand_meth && fips_rand_meth->bytes)
- return fips_rand_meth->bytes(buf,num);
- return 0;
- }
-
-int FIPS_rand_pseudo_bytes(unsigned char *buf, int num)
- {
- if (!fips_approved_rand_meth && FIPS_module_mode())
- {
- FIPSerr(FIPS_F_FIPS_RAND_PSEUDO_BYTES, FIPS_R_NON_FIPS_METHOD);
- return 0;
- }
- if (fips_rand_meth && fips_rand_meth->pseudorand)
- return fips_rand_meth->pseudorand(buf,num);
- return -1;
- }
-
-int FIPS_rand_status(void)
- {
- if (!fips_approved_rand_meth && FIPS_module_mode())
- {
- FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
- return 0;
- }
- if (fips_rand_meth && fips_rand_meth->status)
- return fips_rand_meth->status();
- return 0;
- }
-
-/* Return instantiated strength of PRNG. For DRBG this is an internal
- * parameter. For X9.31 PRNG it is 80 bits (from SP800-131). Any other
- * type of PRNG is not approved and returns 0 in FIPS mode and maximum
- * 256 outside FIPS mode.
- */
-
-int FIPS_rand_strength(void)
- {
- if (fips_rand_bits)
- return fips_rand_bits;
- if (fips_approved_rand_meth == 1)
- return FIPS_drbg_get_strength(FIPS_get_default_drbg());
- else if (fips_approved_rand_meth == 2)
- return 80;
- else if (fips_approved_rand_meth == 0)
- {
- if (FIPS_module_mode())
- return 0;
- else
- return 256;
- }
- return 0;
- }
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/rand.h>
-#include <openssl/fips_rand.h>
-#include "fips_locl.h"
-
-#ifdef OPENSSL_FIPS
-
-
-
-typedef struct
- {
- unsigned char DT[16];
- unsigned char V[16];
- unsigned char R[16];
- } AES_PRNG_TV;
-
-/* The following test vectors are taken directly from the RGNVS spec */
-
-static unsigned char aes_128_key[16] =
- {0xf3,0xb1,0x66,0x6d,0x13,0x60,0x72,0x42,
- 0xed,0x06,0x1c,0xab,0xb8,0xd4,0x62,0x02};
-
-static AES_PRNG_TV aes_128_tv =
- {
- /* DT */
- {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
- 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xf9},
- /* V */
- {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0x59,0x53,0x1e,0xd1,0x3b,0xb0,0xc0,0x55,
- 0x84,0x79,0x66,0x85,0xc1,0x2f,0x76,0x41}
- };
-
-static unsigned char aes_192_key[24] =
- {0x15,0xd8,0x78,0x0d,0x62,0xd3,0x25,0x6e,
- 0x44,0x64,0x10,0x13,0x60,0x2b,0xa9,0xbc,
- 0x4a,0xfb,0xca,0xeb,0x4c,0x8b,0x99,0x3b};
-
-static AES_PRNG_TV aes_192_tv =
- {
- /* DT */
- {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
- 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4b},
- /* V */
- {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0x17,0x07,0xd5,0x28,0x19,0x79,0x1e,0xef,
- 0xa5,0x0c,0xbf,0x25,0xe5,0x56,0xb4,0x93}
- };
-
-static unsigned char aes_256_key[32] =
- {0x6d,0x14,0x06,0x6c,0xb6,0xd8,0x21,0x2d,
- 0x82,0x8d,0xfa,0xf2,0x7a,0x03,0xb7,0x9f,
- 0x0c,0xc7,0x3e,0xcd,0x76,0xeb,0xee,0xb5,
- 0x21,0x05,0x8c,0x4f,0x31,0x7a,0x80,0xbb};
-
-static AES_PRNG_TV aes_256_tv =
- {
- /* DT */
- {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
- 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x88},
- /* V */
- {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0x35,0xc7,0xef,0xa7,0x78,0x4d,0x29,0xbc,
- 0x82,0x79,0x99,0xfb,0xd0,0xb3,0x3b,0x72}
- };
-
-#define fips_x931_test(key, tv) \
- do_x931_test(key, sizeof key, &tv)
-
-static int do_x931_test(unsigned char *key, int keylen,
- AES_PRNG_TV *tv)
- {
- unsigned char R[16], V[16];
- int rv = 1;
- memcpy(V, tv->V, sizeof(V));
- if (!FIPS_x931_set_key(key, keylen))
- return 0;
- if (!fips_post_started(FIPS_TEST_X931, keylen, NULL))
- return 1;
- if (!fips_post_corrupt(FIPS_TEST_X931, keylen, NULL))
- V[0]++;
- FIPS_x931_seed(V, 16);
- FIPS_x931_set_dt(tv->DT);
- FIPS_x931_bytes(R, 16);
- if (memcmp(R, tv->R, 16))
- {
- fips_post_failed(FIPS_TEST_X931, keylen, NULL);
- rv = 0;
- }
- else if (!fips_post_success(FIPS_TEST_X931, keylen, NULL))
- return 0;
- return rv;
- }
-
-int FIPS_selftest_x931()
- {
- int rv = 1;
- FIPS_x931_reset();
- if (!FIPS_x931_test_mode())
- {
- FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
- return 0;
- }
- if (!fips_x931_test(aes_128_key,aes_128_tv))
- rv = 0;
- if (!fips_x931_test(aes_192_key, aes_192_tv))
- rv = 0;
- if (!fips_x931_test(aes_256_key, aes_256_tv))
- rv = 0;
- FIPS_x931_reset();
- if (!rv)
- FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
- return rv;
- }
-
-#endif
+++ /dev/null
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-#include "e_os.h"
-
-#ifndef OPENSSL_FIPS
-int main(int argc, char *argv[])
-{
- printf("No FIPS RAND support\n");
- return(0);
-}
-
-#else
-
-#define OPENSSL_FIPSAPI
-
-#include "fips_utl.h"
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-
-typedef struct
- {
- unsigned char DT[16];
- unsigned char V[16];
- unsigned char R[16];
- } AES_PRNG_MCT;
-
-__fips_constseg
-static const unsigned char aes_128_mct_key[16] =
- {0x9f,0x5b,0x51,0x20,0x0b,0xf3,0x34,0xb5,
- 0xd8,0x2b,0xe8,0xc3,0x72,0x55,0xc8,0x48};
-
-__fips_constseg
-static const AES_PRNG_MCT aes_128_mct_tv = {
- /* DT */
- {0x63,0x76,0xbb,0xe5,0x29,0x02,0xba,0x3b,
- 0x67,0xc9,0x25,0xfa,0x70,0x1f,0x11,0xac},
- /* V */
- {0x57,0x2c,0x8e,0x76,0x87,0x26,0x47,0x97,
- 0x7e,0x74,0xfb,0xdd,0xc4,0x95,0x01,0xd1},
- /* R */
- {0x48,0xe9,0xbd,0x0d,0x06,0xee,0x18,0xfb,
- 0xe4,0x57,0x90,0xd5,0xc3,0xfc,0x9b,0x73}
-};
-
-__fips_constseg
-static const unsigned char aes_192_mct_key[24] =
- {0xb7,0x6c,0x34,0xd1,0x09,0x67,0xab,0x73,
- 0x4d,0x5a,0xd5,0x34,0x98,0x16,0x0b,0x91,
- 0xbc,0x35,0x51,0x16,0x6b,0xae,0x93,0x8a};
-
-__fips_constseg
-static const AES_PRNG_MCT aes_192_mct_tv = {
- /* DT */
- {0x84,0xce,0x22,0x7d,0x91,0x5a,0xa3,0xc9,
- 0x84,0x3c,0x0a,0xb3,0xa9,0x63,0x15,0x52},
- /* V */
- {0xb6,0xaf,0xe6,0x8f,0x99,0x9e,0x90,0x64,
- 0xdd,0xc7,0x7a,0xc1,0xbb,0x90,0x3a,0x6d},
- /* R */
- {0xfc,0x85,0x60,0x9a,0x29,0x6f,0xef,0x21,
- 0xdd,0x86,0x20,0x32,0x8a,0x29,0x6f,0x47}
-};
-
-__fips_constseg
-static const unsigned char aes_256_mct_key[32] =
- {0x9b,0x05,0xc8,0x68,0xff,0x47,0xf8,0x3a,
- 0xa6,0x3a,0xa8,0xcb,0x4e,0x71,0xb2,0xe0,
- 0xb8,0x7e,0xf1,0x37,0xb6,0xb4,0xf6,0x6d,
- 0x86,0x32,0xfc,0x1f,0x5e,0x1d,0x1e,0x50};
-
-__fips_constseg
-static const AES_PRNG_MCT aes_256_mct_tv = {
- /* DT */
- {0x31,0x6e,0x35,0x9a,0xb1,0x44,0xf0,0xee,
- 0x62,0x6d,0x04,0x46,0xe0,0xa3,0x92,0x4c},
- /* V */
- {0x4f,0xcd,0xc1,0x87,0x82,0x1f,0x4d,0xa1,
- 0x3e,0x0e,0x56,0x44,0x59,0xe8,0x83,0xca},
- /* R */
- {0xc8,0x87,0xc2,0x61,0x5b,0xd0,0xb9,0xe1,
- 0xe7,0xf3,0x8b,0xd7,0x5b,0xd5,0xf1,0x8d}
-};
-
-static void dump(const unsigned char *b,int n)
- {
- while(n-- > 0)
- {
- printf(" %02x",*b++);
- }
- }
-
-static void compare(const unsigned char *result,const unsigned char *expected,
- int n)
- {
- int i;
-
- for(i=0 ; i < n ; ++i)
- if(result[i] != expected[i])
- {
- puts("Random test failed, got:");
- dump(result,n);
- puts("\n expected:");
- dump(expected,n);
- putchar('\n');
- EXIT(1);
- }
- }
-
-
-static void run_test(const unsigned char *key, int keylen,
- const AES_PRNG_MCT *tv)
- {
- unsigned char buf[16], dt[16];
- int i, j;
- FIPS_x931_reset();
- FIPS_x931_test_mode();
- FIPS_x931_set_key(key, keylen);
- FIPS_x931_seed(tv->V, 16);
- memcpy(dt, tv->DT, 16);
- for (i = 0; i < 10000; i++)
- {
- FIPS_x931_set_dt(dt);
- FIPS_x931_bytes(buf, 16);
- /* Increment DT */
- for (j = 15; j >= 0; j--)
- {
- dt[j]++;
- if (dt[j])
- break;
- }
- }
-
- compare(buf,tv->R, 16);
- }
-
-int main()
- {
- fips_algtest_init();
- run_test(aes_128_mct_key, 16, &aes_128_mct_tv);
- printf("FIPS PRNG test 1 done\n");
- run_test(aes_192_mct_key, 24, &aes_192_mct_tv);
- printf("FIPS PRNG test 2 done\n");
- run_test(aes_256_mct_key, 32, &aes_256_mct_tv);
- printf("FIPS PRNG test 3 done\n");
- return 0;
- }
-
-#endif
+++ /dev/null
-/*
- * Crude test driver for processing the VST and MCT testvector files
- * generated by the CMVP RNGVS product.
- *
- * Note the input files are assumed to have a _very_ specific format
- * as described in the NIST document "The Random Number Generator
- * Validation System (RNGVS)", May 25, 2004.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-#include <stdio.h>
-
-int main(int argc, char **argv)
-{
- printf("No FIPS RNG support\n");
- return 0;
-}
-#else
-
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/fips_rand.h>
-#include <string.h>
-#include <ctype.h>
-
-#include "fips_utl.h"
-
-static void vst(FILE *in, FILE *out)
- {
- unsigned char *key = NULL;
- unsigned char *v = NULL;
- unsigned char *dt = NULL;
- unsigned char ret[16];
- char buf[1024];
- char lbuf[1024];
- char *keyword, *value;
- long i, keylen;
-
- keylen = 0;
-
- while(fgets(buf,sizeof buf,in) != NULL)
- {
- fputs(buf,out);
- if(!strncmp(buf,"[AES 128-Key]", 13))
- keylen = 16;
- else if(!strncmp(buf,"[AES 192-Key]", 13))
- keylen = 24;
- else if(!strncmp(buf,"[AES 256-Key]", 13))
- keylen = 32;
- if (!parse_line(&keyword, &value, lbuf, buf))
- continue;
- if(!strcmp(keyword,"Key"))
- {
- key=hex2bin_m(value,&i);
- if (i != keylen)
- {
- fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
- return;
- }
- }
- else if(!strcmp(keyword,"DT"))
- {
- dt=hex2bin_m(value,&i);
- if (i != 16)
- {
- fprintf(stderr, "Invalid DT length\n");
- return;
- }
- }
- else if(!strcmp(keyword,"V"))
- {
- v=hex2bin_m(value,&i);
- if (i != 16)
- {
- fprintf(stderr, "Invalid V length\n");
- return;
- }
-
- if (!key || !dt)
- {
- fprintf(stderr, "Missing key or DT\n");
- return;
- }
-
- FIPS_x931_set_key(key, keylen);
- FIPS_x931_seed(v,16);
- FIPS_x931_set_dt(dt);
- if (FIPS_x931_bytes(ret,16) <= 0)
- {
- fprintf(stderr, "Error getting PRNG value\n");
- return;
- }
-
- OutputValue("R", ret, 16, out, 0);
- OPENSSL_free(key);
- key = NULL;
- OPENSSL_free(dt);
- dt = NULL;
- OPENSSL_free(v);
- v = NULL;
- }
- }
- }
-
-static void mct(FILE *in, FILE *out)
- {
- unsigned char *key = NULL;
- unsigned char *v = NULL;
- unsigned char *dt = NULL;
- unsigned char ret[16];
- char buf[1024];
- char lbuf[1024];
- char *keyword, *value;
- long i, keylen;
- int j;
-
- keylen = 0;
-
- while(fgets(buf,sizeof buf,in) != NULL)
- {
- fputs(buf,out);
- if(!strncmp(buf,"[AES 128-Key]", 13))
- keylen = 16;
- else if(!strncmp(buf,"[AES 192-Key]", 13))
- keylen = 24;
- else if(!strncmp(buf,"[AES 256-Key]", 13))
- keylen = 32;
- if (!parse_line(&keyword, &value, lbuf, buf))
- continue;
- if(!strcmp(keyword,"Key"))
- {
- key=hex2bin_m(value,&i);
- if (i != keylen)
- {
- fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
- return;
- }
- }
- else if(!strcmp(keyword,"DT"))
- {
- dt=hex2bin_m(value,&i);
- if (i != 16)
- {
- fprintf(stderr, "Invalid DT length\n");
- return;
- }
- }
- else if(!strcmp(keyword,"V"))
- {
- v=hex2bin_m(value,&i);
- if (i != 16)
- {
- fprintf(stderr, "Invalid V length\n");
- return;
- }
-
- if (!key || !dt)
- {
- fprintf(stderr, "Missing key or DT\n");
- return;
- }
-
- FIPS_x931_set_key(key, keylen);
- FIPS_x931_seed(v,16);
- for (i = 0; i < 10000; i++)
- {
- FIPS_x931_set_dt(dt);
- if (FIPS_x931_bytes(ret,16) <= 0)
- {
- fprintf(stderr, "Error getting PRNG value\n");
- return;
- }
- /* Increment DT */
- for (j = 15; j >= 0; j--)
- {
- dt[j]++;
- if (dt[j])
- break;
- }
- }
-
- OutputValue("R", ret, 16, out, 0);
- OPENSSL_free(key);
- key = NULL;
- OPENSSL_free(dt);
- dt = NULL;
- OPENSSL_free(v);
- v = NULL;
- }
- }
- }
-
-#ifdef FIPS_ALGVS
-int fips_rngvs_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
- {
- FILE *in, *out;
- if (argc == 4)
- {
- in = fopen(argv[2], "r");
- if (!in)
- {
- fprintf(stderr, "Error opening input file\n");
- exit(1);
- }
- out = fopen(argv[3], "w");
- if (!out)
- {
- fprintf(stderr, "Error opening output file\n");
- exit(1);
- }
- }
- else if (argc == 2)
- {
- in = stdin;
- out = stdout;
- }
- else
- {
- fprintf(stderr,"%s [mct|vst]\n",argv[0]);
- exit(1);
- }
- fips_algtest_init();
- FIPS_x931_reset();
- if (!FIPS_x931_test_mode())
- {
- fprintf(stderr, "Error setting PRNG test mode\n");
- exit(1);
- }
- if(!strcmp(argv[1],"mct"))
- mct(in, out);
- else if(!strcmp(argv[1],"vst"))
- vst(in, out);
- else
- {
- fprintf(stderr,"Don't know how to %s.\n",argv[1]);
- exit(1);
- }
-
- if (argc == 4)
- {
- fclose(in);
- fclose(out);
- }
-
- return 0;
- }
-#endif
+++ /dev/null
-#
-# OpenSSL/fips/rsa/Makefile
-#
-
-DIR= rsa
-TOP= ../..
-CC= cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR= /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG= makedepend
-MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE= Makefile
-AR= ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST= fips_rsavtest.c fips_rsastest.c fips_rsagtest.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_rsa_selftest.c fips_rsa_sign.c fips_rsa_lib.c
-LIBOBJ= fips_rsa_selftest.o fips_rsa_sign.o fips_rsa_lib.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER= $(EXHEADER)
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all: lib
-
-lib: $(LIBOBJ)
- @echo $(LIBOBJ) > lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
- @headerlist="$(EXHEADER)"; for i in $$headerlist; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done
-
-tags:
- ctags $(SRC)
-
-tests:
-
-Q=../testvectors/rsa/req
-A=../testvectors/rsa/rsp
-Q62=../testvectors/rsa_salt_62/req
-A62=../testvectors/rsa_salt_62/rsp
-
-fips_test:
- -rm -rf $(A) $(A62)
- mkdir $(A) $(A62)
- if [ -f $(Q)/SigGen15.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest < $(Q)/SigGen15.req > $(A)/SigGen15.rsp; fi
- if [ -f $(Q)/SigVer15.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest < $(Q)/SigVer15.req > $(A)/SigVer15.rsp; fi
- if [ -f $(Q)/SigGenPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -saltlen 0 < $(Q)/SigGenPSS.req > $(A)/SigGenPSS.rsp; fi
- if [ -f $(Q)/SigVerPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -saltlen 0 < $(Q)/SigVerPSS.req > $(A)/SigVerPSS.rsp; fi
- if [ -f $(Q)/SigGenRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -x931 < $(Q)/SigGenRSA.req > $(A)/SigGenRSA.rsp; fi
- if [ -f $(Q)/SigVerRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -x931 < $(Q)/SigVerRSA.req > $(A)/SigVerRSA.rsp; fi
- if [ -f $(Q62)/SigGenPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -saltlen 62 < $(Q62)/SigGenPSS.req >$(A62)/SigGenPSS.rsp; fi
- if [ -f $(Q62)/SigVerPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -saltlen 62 <$(Q62)/SigVerPSS.req >$(A62)/SigVerPSS.rsp; fi
- if [ -f $(Q)/KeyGenRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsagtest < $(Q)/KeyGenRSA.req > $(A)/KeyGenRSA.rsp; fi
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_rsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_rsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-fips_rsa_lib.o: ../../include/openssl/objects.h
-fips_rsa_lib.o: ../../include/openssl/opensslconf.h
-fips_rsa_lib.o: ../../include/openssl/opensslv.h
-fips_rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
-fips_rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_rsa_lib.o: ../../include/openssl/symhacks.h fips_rsa_lib.c
-fips_rsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_rsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_rsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_rsa_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_rsa_selftest.o: ../../include/openssl/lhash.h
-fips_rsa_selftest.o: ../../include/openssl/obj_mac.h
-fips_rsa_selftest.o: ../../include/openssl/objects.h
-fips_rsa_selftest.o: ../../include/openssl/opensslconf.h
-fips_rsa_selftest.o: ../../include/openssl/opensslv.h
-fips_rsa_selftest.o: ../../include/openssl/ossl_typ.h
-fips_rsa_selftest.o: ../../include/openssl/rsa.h
-fips_rsa_selftest.o: ../../include/openssl/safestack.h
-fips_rsa_selftest.o: ../../include/openssl/stack.h
-fips_rsa_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
-fips_rsa_selftest.o: fips_rsa_selftest.c
-fips_rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_rsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-fips_rsa_sign.o: ../../include/openssl/obj_mac.h
-fips_rsa_sign.o: ../../include/openssl/objects.h
-fips_rsa_sign.o: ../../include/openssl/opensslconf.h
-fips_rsa_sign.o: ../../include/openssl/opensslv.h
-fips_rsa_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
-fips_rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-fips_rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_rsa_sign.o: fips_rsa_sign.c
-fips_rsagtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_rsagtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_rsagtest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_rsagtest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-fips_rsagtest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_rsagtest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
-fips_rsagtest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-fips_rsagtest.o: ../../include/openssl/objects.h
-fips_rsagtest.o: ../../include/openssl/opensslconf.h
-fips_rsagtest.o: ../../include/openssl/opensslv.h
-fips_rsagtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
-fips_rsagtest.o: ../../include/openssl/safestack.h
-fips_rsagtest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_rsagtest.o: ../fips_utl.h fips_rsagtest.c
-fips_rsastest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_rsastest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_rsastest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_rsastest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-fips_rsastest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_rsastest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
-fips_rsastest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-fips_rsastest.o: ../../include/openssl/objects.h
-fips_rsastest.o: ../../include/openssl/opensslconf.h
-fips_rsastest.o: ../../include/openssl/opensslv.h
-fips_rsastest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
-fips_rsastest.o: ../../include/openssl/safestack.h
-fips_rsastest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_rsastest.o: ../fips_utl.h fips_rsastest.c
-fips_rsavtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_rsavtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_rsavtest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_rsavtest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-fips_rsavtest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_rsavtest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
-fips_rsavtest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-fips_rsavtest.o: ../../include/openssl/objects.h
-fips_rsavtest.o: ../../include/openssl/opensslconf.h
-fips_rsavtest.o: ../../include/openssl/opensslv.h
-fips_rsavtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
-fips_rsavtest.o: ../../include/openssl/safestack.h
-fips_rsavtest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_rsavtest.o: ../fips_utl.h fips_rsavtest.c
+++ /dev/null
-/* fips_rsa_sign.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/evp.h>
-#include <openssl/rsa.h>
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-
-/* Minimal FIPS versions of FIPS_rsa_new() and FIPS_rsa_free: to
- * reduce external dependencies.
- */
-
-RSA *FIPS_rsa_new(void)
- {
- RSA *ret;
- ret = OPENSSL_malloc(sizeof(RSA));
- if (!ret)
- return NULL;
- memset(ret, 0, sizeof(RSA));
- ret->meth = RSA_PKCS1_SSLeay();
- if (ret->meth->init)
- ret->meth->init(ret);
- return ret;
- }
-
-void FIPS_rsa_free(RSA *r)
- {
- if (!r)
- return;
- if (r->meth->finish)
- r->meth->finish(r);
- if (r->n != NULL) BN_clear_free(r->n);
- if (r->e != NULL) BN_clear_free(r->e);
- if (r->d != NULL) BN_clear_free(r->d);
- if (r->p != NULL) BN_clear_free(r->p);
- if (r->q != NULL) BN_clear_free(r->q);
- if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
- if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
- if (r->iqmp != NULL) BN_clear_free(r->iqmp);
- if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
- if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
- OPENSSL_free(r);
- }
-
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2003-2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/opensslconf.h>
-
-#include "fips_locl.h"
-
-#ifdef OPENSSL_FIPS
-
-__fips_constseg
-static const unsigned char rsa_test_2048_n[] = {
- 0xDB,0x10,0x1A,0xC2,0xA3,0xF1,0xDC,0xFF,0x13,0x6B,0xED,0x44,
- 0xDF,0xF0,0x02,0x6D,0x13,0xC7,0x88,0xDA,0x70,0x6B,0x54,0xF1,
- 0xE8,0x27,0xDC,0xC3,0x0F,0x99,0x6A,0xFA,0xC6,0x67,0xFF,0x1D,
- 0x1E,0x3C,0x1D,0xC1,0xB5,0x5F,0x6C,0xC0,0xB2,0x07,0x3A,0x6D,
- 0x41,0xE4,0x25,0x99,0xAC,0xFC,0xD2,0x0F,0x02,0xD3,0xD1,0x54,
- 0x06,0x1A,0x51,0x77,0xBD,0xB6,0xBF,0xEA,0xA7,0x5C,0x06,0xA9,
- 0x5D,0x69,0x84,0x45,0xD7,0xF5,0x05,0xBA,0x47,0xF0,0x1B,0xD7,
- 0x2B,0x24,0xEC,0xCB,0x9B,0x1B,0x10,0x8D,0x81,0xA0,0xBE,0xB1,
- 0x8C,0x33,0xE4,0x36,0xB8,0x43,0xEB,0x19,0x2A,0x81,0x8D,0xDE,
- 0x81,0x0A,0x99,0x48,0xB6,0xF6,0xBC,0xCD,0x49,0x34,0x3A,0x8F,
- 0x26,0x94,0xE3,0x28,0x82,0x1A,0x7C,0x8F,0x59,0x9F,0x45,0xE8,
- 0x5D,0x1A,0x45,0x76,0x04,0x56,0x05,0xA1,0xD0,0x1B,0x8C,0x77,
- 0x6D,0xAF,0x53,0xFA,0x71,0xE2,0x67,0xE0,0x9A,0xFE,0x03,0xA9,
- 0x85,0xD2,0xC9,0xAA,0xBA,0x2A,0xBC,0xF4,0xA0,0x08,0xF5,0x13,
- 0x98,0x13,0x5D,0xF0,0xD9,0x33,0x34,0x2A,0x61,0xC3,0x89,0x55,
- 0xF0,0xAE,0x1A,0x9C,0x22,0xEE,0x19,0x05,0x8D,0x32,0xFE,0xEC,
- 0x9C,0x84,0xBA,0xB7,0xF9,0x6C,0x3A,0x4F,0x07,0xFC,0x45,0xEB,
- 0x12,0xE5,0x7B,0xFD,0x55,0xE6,0x29,0x69,0xD1,0xC2,0xE8,0xB9,
- 0x78,0x59,0xF6,0x79,0x10,0xC6,0x4E,0xEB,0x6A,0x5E,0xB9,0x9A,
- 0xC7,0xC4,0x5B,0x63,0xDA,0xA3,0x3F,0x5E,0x92,0x7A,0x81,0x5E,
- 0xD6,0xB0,0xE2,0x62,0x8F,0x74,0x26,0xC2,0x0C,0xD3,0x9A,0x17,
- 0x47,0xE6,0x8E,0xAB
-};
-__fips_constseg
-static const unsigned char rsa_test_2048_e[] = {
- 0x01,0x00,0x01
-};
-__fips_constseg
-static const unsigned char rsa_test_2048_d[] = {
- 0x52,0x41,0xF4,0xDA,0x7B,0xB7,0x59,0x55,0xCA,0xD4,0x2F,0x0F,
- 0x3A,0xCB,0xA4,0x0D,0x93,0x6C,0xCC,0x9D,0xC1,0xB2,0xFB,0xFD,
- 0xAE,0x40,0x31,0xAC,0x69,0x52,0x21,0x92,0xB3,0x27,0xDF,0xEA,
- 0xEE,0x2C,0x82,0xBB,0xF7,0x40,0x32,0xD5,0x14,0xC4,0x94,0x12,
- 0xEC,0xB8,0x1F,0xCA,0x59,0xE3,0xC1,0x78,0xF3,0x85,0xD8,0x47,
- 0xA5,0xD7,0x02,0x1A,0x65,0x79,0x97,0x0D,0x24,0xF4,0xF0,0x67,
- 0x6E,0x75,0x2D,0xBF,0x10,0x3D,0xA8,0x7D,0xEF,0x7F,0x60,0xE4,
- 0xE6,0x05,0x82,0x89,0x5D,0xDF,0xC6,0xD2,0x6C,0x07,0x91,0x33,
- 0x98,0x42,0xF0,0x02,0x00,0x25,0x38,0xC5,0x85,0x69,0x8A,0x7D,
- 0x2F,0x95,0x6C,0x43,0x9A,0xB8,0x81,0xE2,0xD0,0x07,0x35,0xAA,
- 0x05,0x41,0xC9,0x1E,0xAF,0xE4,0x04,0x3B,0x19,0xB8,0x73,0xA2,
- 0xAC,0x4B,0x1E,0x66,0x48,0xD8,0x72,0x1F,0xAC,0xF6,0xCB,0xBC,
- 0x90,0x09,0xCA,0xEC,0x0C,0xDC,0xF9,0x2C,0xD7,0xEB,0xAE,0xA3,
- 0xA4,0x47,0xD7,0x33,0x2F,0x8A,0xCA,0xBC,0x5E,0xF0,0x77,0xE4,
- 0x97,0x98,0x97,0xC7,0x10,0x91,0x7D,0x2A,0xA6,0xFF,0x46,0x83,
- 0x97,0xDE,0xE9,0xE2,0x17,0x03,0x06,0x14,0xE2,0xD7,0xB1,0x1D,
- 0x77,0xAF,0x51,0x27,0x5B,0x5E,0x69,0xB8,0x81,0xE6,0x11,0xC5,
- 0x43,0x23,0x81,0x04,0x62,0xFF,0xE9,0x46,0xB8,0xD8,0x44,0xDB,
- 0xA5,0xCC,0x31,0x54,0x34,0xCE,0x3E,0x82,0xD6,0xBF,0x7A,0x0B,
- 0x64,0x21,0x6D,0x88,0x7E,0x5B,0x45,0x12,0x1E,0x63,0x8D,0x49,
- 0xA7,0x1D,0xD9,0x1E,0x06,0xCD,0xE8,0xBA,0x2C,0x8C,0x69,0x32,
- 0xEA,0xBE,0x60,0x71
-};
-__fips_constseg
-static const unsigned char rsa_test_2048_p[] = {
- 0xFA,0xAC,0xE1,0x37,0x5E,0x32,0x11,0x34,0xC6,0x72,0x58,0x2D,
- 0x91,0x06,0x3E,0x77,0xE7,0x11,0x21,0xCD,0x4A,0xF8,0xA4,0x3F,
- 0x0F,0xEF,0x31,0xE3,0xF3,0x55,0xA0,0xB9,0xAC,0xB6,0xCB,0xBB,
- 0x41,0xD0,0x32,0x81,0x9A,0x8F,0x7A,0x99,0x30,0x77,0x6C,0x68,
- 0x27,0xE2,0x96,0xB5,0x72,0xC9,0xC3,0xD4,0x42,0xAA,0xAA,0xCA,
- 0x95,0x8F,0xFF,0xC9,0x9B,0x52,0x34,0x30,0x1D,0xCF,0xFE,0xCF,
- 0x3C,0x56,0x68,0x6E,0xEF,0xE7,0x6C,0xD7,0xFB,0x99,0xF5,0x4A,
- 0xA5,0x21,0x1F,0x2B,0xEA,0x93,0xE8,0x98,0x26,0xC4,0x6E,0x42,
- 0x21,0x5E,0xA0,0xA1,0x2A,0x58,0x35,0xBB,0x10,0xE7,0xBA,0x27,
- 0x0A,0x3B,0xB3,0xAF,0xE2,0x75,0x36,0x04,0xAC,0x56,0xA0,0xAB,
- 0x52,0xDE,0xCE,0xDD,0x2C,0x28,0x77,0x03
-};
-__fips_constseg
-static const unsigned char rsa_test_2048_q[] = {
- 0xDF,0xB7,0x52,0xB6,0xD7,0xC0,0xE2,0x96,0xE7,0xC9,0xFE,0x5D,
- 0x71,0x5A,0xC4,0x40,0x96,0x2F,0xE5,0x87,0xEA,0xF3,0xA5,0x77,
- 0x11,0x67,0x3C,0x8D,0x56,0x08,0xA7,0xB5,0x67,0xFA,0x37,0xA8,
- 0xB8,0xCF,0x61,0xE8,0x63,0xD8,0x38,0x06,0x21,0x2B,0x92,0x09,
- 0xA6,0x39,0x3A,0xEA,0xA8,0xB4,0x45,0x4B,0x36,0x10,0x4C,0xE4,
- 0x00,0x66,0x71,0x65,0xF8,0x0B,0x94,0x59,0x4F,0x8C,0xFD,0xD5,
- 0x34,0xA2,0xE7,0x62,0x84,0x0A,0xA7,0xBB,0xDB,0xD9,0x8A,0xCD,
- 0x05,0xE1,0xCC,0x57,0x7B,0xF1,0xF1,0x1F,0x11,0x9D,0xBA,0x3E,
- 0x45,0x18,0x99,0x1B,0x41,0x64,0x43,0xEE,0x97,0x5D,0x77,0x13,
- 0x5B,0x74,0x69,0x73,0x87,0x95,0x05,0x07,0xBE,0x45,0x07,0x17,
- 0x7E,0x4A,0x69,0x22,0xF3,0xDB,0x05,0x39
-};
-__fips_constseg
-static const unsigned char rsa_test_2048_dmp1[] = {
- 0x5E,0xD8,0xDC,0xDA,0x53,0x44,0xC4,0x67,0xE0,0x92,0x51,0x34,
- 0xE4,0x83,0xA5,0x4D,0x3E,0xDB,0xA7,0x9B,0x82,0xBB,0x73,0x81,
- 0xFC,0xE8,0x77,0x4B,0x15,0xBE,0x17,0x73,0x49,0x9B,0x5C,0x98,
- 0xBC,0xBD,0x26,0xEF,0x0C,0xE9,0x2E,0xED,0x19,0x7E,0x86,0x41,
- 0x1E,0x9E,0x48,0x81,0xDD,0x2D,0xE4,0x6F,0xC2,0xCD,0xCA,0x93,
- 0x9E,0x65,0x7E,0xD5,0xEC,0x73,0xFD,0x15,0x1B,0xA2,0xA0,0x7A,
- 0x0F,0x0D,0x6E,0xB4,0x53,0x07,0x90,0x92,0x64,0x3B,0x8B,0xA9,
- 0x33,0xB3,0xC5,0x94,0x9B,0x4C,0x5D,0x9C,0x7C,0x46,0xA4,0xA5,
- 0x56,0xF4,0xF3,0xF8,0x27,0x0A,0x7B,0x42,0x0D,0x92,0x70,0x47,
- 0xE7,0x42,0x51,0xA9,0xC2,0x18,0xB1,0x58,0xB1,0x50,0x91,0xB8,
- 0x61,0x41,0xB6,0xA9,0xCE,0xD4,0x7C,0xBB
-};
-__fips_constseg
-static const unsigned char rsa_test_2048_dmq1[] = {
- 0x54,0x09,0x1F,0x0F,0x03,0xD8,0xB6,0xC5,0x0C,0xE8,0xB9,0x9E,
- 0x0C,0x38,0x96,0x43,0xD4,0xA6,0xC5,0x47,0xDB,0x20,0x0E,0xE5,
- 0xBD,0x29,0xD4,0x7B,0x1A,0xF8,0x41,0x57,0x49,0x69,0x9A,0x82,
- 0xCC,0x79,0x4A,0x43,0xEB,0x4D,0x8B,0x2D,0xF2,0x43,0xD5,0xA5,
- 0xBE,0x44,0xFD,0x36,0xAC,0x8C,0x9B,0x02,0xF7,0x9A,0x03,0xE8,
- 0x19,0xA6,0x61,0xAE,0x76,0x10,0x93,0x77,0x41,0x04,0xAB,0x4C,
- 0xED,0x6A,0xCC,0x14,0x1B,0x99,0x8D,0x0C,0x6A,0x37,0x3B,0x86,
- 0x6C,0x51,0x37,0x5B,0x1D,0x79,0xF2,0xA3,0x43,0x10,0xC6,0xA7,
- 0x21,0x79,0x6D,0xF9,0xE9,0x04,0x6A,0xE8,0x32,0xFF,0xAE,0xFD,
- 0x1C,0x7B,0x8C,0x29,0x13,0xA3,0x0C,0xB2,0xAD,0xEC,0x6C,0x0F,
- 0x8D,0x27,0x12,0x7B,0x48,0xB2,0xDB,0x31
-};
-__fips_constseg
-static const unsigned char rsa_test_2048_iqmp[] = {
- 0x8D,0x1B,0x05,0xCA,0x24,0x1F,0x0C,0x53,0x19,0x52,0x74,0x63,
- 0x21,0xFA,0x78,0x46,0x79,0xAF,0x5C,0xDE,0x30,0xA4,0x6C,0x20,
- 0x38,0xE6,0x97,0x39,0xB8,0x7A,0x70,0x0D,0x8B,0x6C,0x6D,0x13,
- 0x74,0xD5,0x1C,0xDE,0xA9,0xF4,0x60,0x37,0xFE,0x68,0x77,0x5E,
- 0x0B,0x4E,0x5E,0x03,0x31,0x30,0xDF,0xD6,0xAE,0x85,0xD0,0x81,
- 0xBB,0x61,0xC7,0xB1,0x04,0x5A,0xC4,0x6D,0x56,0x1C,0xD9,0x64,
- 0xE7,0x85,0x7F,0x88,0x91,0xC9,0x60,0x28,0x05,0xE2,0xC6,0x24,
- 0x8F,0xDD,0x61,0x64,0xD8,0x09,0xDE,0x7E,0xD3,0x4A,0x61,0x1A,
- 0xD3,0x73,0x58,0x4B,0xD8,0xA0,0x54,0x25,0x48,0x83,0x6F,0x82,
- 0x6C,0xAF,0x36,0x51,0x2A,0x5D,0x14,0x2F,0x41,0x25,0x00,0xDD,
- 0xF8,0xF3,0x95,0xFE,0x31,0x25,0x50,0x12
-};
-
-static int setrsakey(RSA *k)
- {
- fips_load_key_component(k, n, rsa_test_2048);
- fips_load_key_component(k, e, rsa_test_2048);
- fips_load_key_component(k, d, rsa_test_2048);
- fips_load_key_component(k, p, rsa_test_2048);
- fips_load_key_component(k, q, rsa_test_2048);
- fips_load_key_component(k, dmp1, rsa_test_2048);
- fips_load_key_component(k, dmq1, rsa_test_2048);
- fips_load_key_component(k, iqmp, rsa_test_2048);
- return 1;
- err:
- return 0;
- }
-
-/* Known Answer Test (KAT) data for the above RSA private key signing
- * kat_tbs.
- */
-
-__fips_constseg
-static const unsigned char kat_tbs[] = "OpenSSL FIPS 140-2 Public Key RSA KAT";
-
-__fips_constseg
-static const unsigned char kat_RSA_PSS_SHA256[] = {
- 0x51,0x4F,0x0B,0x8A,0xE6,0x7F,0xF0,0x39,0x9B,0x5F,0x21,0x26,
- 0x99,0x71,0xDC,0x64,0x5A,0x60,0x9B,0xFB,0xB9,0x48,0xE3,0xD4,
- 0xDE,0xAE,0x2D,0x87,0x72,0x14,0x2A,0x01,0x4C,0xC7,0x5C,0x00,
- 0x15,0xAE,0x23,0x09,0x5F,0xD5,0xB5,0x6F,0x94,0x59,0x76,0xEA,
- 0x8C,0x28,0x90,0xC4,0xCD,0xB9,0xD7,0xB5,0x82,0x9D,0x4E,0x37,
- 0xE0,0x79,0x03,0x88,0x9F,0x31,0x71,0x70,0x80,0xD6,0x99,0x49,
- 0x20,0x09,0x30,0x64,0x52,0xCD,0x5C,0x10,0x72,0x29,0x4D,0x33,
- 0x10,0xF6,0xEB,0xB7,0x27,0x95,0x55,0x48,0xBE,0x5A,0xBE,0xA7,
- 0x74,0xCF,0x0E,0x95,0x28,0xF4,0x05,0x98,0x86,0xBA,0x36,0x5C,
- 0x91,0x8F,0x5D,0xC1,0xBD,0xBE,0x74,0xD9,0x74,0x7B,0xEC,0xD1,
- 0x4E,0x79,0x66,0x14,0x24,0x21,0x27,0x2D,0xCF,0x93,0xC0,0xE1,
- 0x92,0x79,0xE0,0x4D,0x65,0xE2,0xA4,0xBA,0x1F,0x96,0x16,0xB1,
- 0x90,0xE1,0x50,0xDE,0x2F,0xB0,0x07,0xAF,0x84,0xCC,0x81,0x1C,
- 0x42,0xA9,0x1B,0xF6,0x25,0xDF,0x6F,0xEB,0x9A,0xF0,0x93,0xF3,
- 0x66,0xE7,0x88,0x7B,0xF9,0xA5,0x92,0xA9,0xD5,0x35,0xAA,0x33,
- 0x8F,0xEA,0x68,0xDB,0x82,0xE5,0x69,0xBB,0x95,0x31,0xC3,0x4F,
- 0x0A,0x68,0x15,0x8A,0x93,0x91,0xE2,0x3B,0xDC,0xA4,0x94,0x2F,
- 0x34,0xBC,0xCE,0xC9,0xA6,0xF0,0x49,0x33,0x5B,0x8F,0xDB,0x60,
- 0xE8,0x37,0x8C,0x97,0xF9,0xFB,0x28,0x0A,0xF1,0xAD,0x4D,0x9D,
- 0xC0,0x57,0x4D,0xD0,0x26,0x76,0x36,0x21,0x67,0x97,0x73,0xCD,
- 0x26,0x3A,0xCD,0x44,0x77,0xF2,0x59,0xBB,0xDF,0x77,0x3B,0x98,
- 0xC5,0x57,0xB7,0x5D
-};
-
-int FIPS_selftest_rsa()
- {
- int ret = 0;
- RSA *key = NULL;
- EVP_PKEY pk;
- key=FIPS_rsa_new();
- setrsakey(key);
- pk.type = EVP_PKEY_RSA;
- pk.pkey.rsa = key;
-
- if (!fips_pkey_signature_test(FIPS_TEST_SIGNATURE,
- &pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_PSS_SHA256, sizeof(kat_RSA_PSS_SHA256),
- EVP_sha256(), RSA_PKCS1_PSS_PADDING,
- "RSA SHA256 PSS"))
- goto err;
-
- ret = 1;
-
- err:
- FIPS_rsa_free(key);
- return ret;
- }
-
-#endif /* def OPENSSL_FIPS */
+++ /dev/null
-/* fips_rsa_sign.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/evp.h>
-#include <openssl/rsa.h>
-#include <openssl/err.h>
-#include <openssl/sha.h>
-#include <openssl/fips.h>
-
-#ifdef OPENSSL_FIPS
-
-/* FIPS versions of RSA_sign() and RSA_verify().
- * These will only have to deal with SHA* signatures and by including
- * pregenerated encodings all ASN1 dependencies can be avoided
- */
-
-/* Standard encodings including NULL parameter */
-
-__fips_constseg
-static const unsigned char sha1_bin[] = {
- 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
- 0x00, 0x04, 0x14
-};
-
-__fips_constseg
-static const unsigned char sha224_bin[] = {
- 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c
-};
-
-__fips_constseg
-static const unsigned char sha256_bin[] = {
- 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
-};
-
-__fips_constseg
-static const unsigned char sha384_bin[] = {
- 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30
-};
-
-__fips_constseg
-static const unsigned char sha512_bin[] = {
- 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
-};
-
-/* Alternate encodings with absent parameters. We don't generate signature
- * using this format but do tolerate received signatures of this form.
- */
-
-__fips_constseg
-static const unsigned char sha1_nn_bin[] = {
- 0x30, 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04,
- 0x14
-};
-
-__fips_constseg
-static const unsigned char sha224_nn_bin[] = {
- 0x30, 0x2b, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x04, 0x04, 0x1c
-};
-
-__fips_constseg
-static const unsigned char sha256_nn_bin[] = {
- 0x30, 0x2f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x01, 0x04, 0x20
-};
-
-__fips_constseg
-static const unsigned char sha384_nn_bin[] = {
- 0x30, 0x3f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x02, 0x04, 0x30
-};
-
-__fips_constseg
-static const unsigned char sha512_nn_bin[] = {
- 0x30, 0x4f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x03, 0x04, 0x40
-};
-
-
-static const unsigned char *fips_digestinfo_encoding(int nid, unsigned int *len)
- {
- switch (nid)
- {
-
- case NID_sha1:
- *len = sizeof(sha1_bin);
- return sha1_bin;
-
- case NID_sha224:
- *len = sizeof(sha224_bin);
- return sha224_bin;
-
- case NID_sha256:
- *len = sizeof(sha256_bin);
- return sha256_bin;
-
- case NID_sha384:
- *len = sizeof(sha384_bin);
- return sha384_bin;
-
- case NID_sha512:
- *len = sizeof(sha512_bin);
- return sha512_bin;
-
- default:
- return NULL;
-
- }
- }
-
-static const unsigned char *fips_digestinfo_nn_encoding(int nid, unsigned int *len)
- {
- switch (nid)
- {
-
- case NID_sha1:
- *len = sizeof(sha1_nn_bin);
- return sha1_nn_bin;
-
- case NID_sha224:
- *len = sizeof(sha224_nn_bin);
- return sha224_nn_bin;
-
- case NID_sha256:
- *len = sizeof(sha256_nn_bin);
- return sha256_nn_bin;
-
- case NID_sha384:
- *len = sizeof(sha384_nn_bin);
- return sha384_nn_bin;
-
- case NID_sha512:
- *len = sizeof(sha512_nn_bin);
- return sha512_nn_bin;
-
- default:
- return NULL;
-
- }
- }
-
-int FIPS_rsa_sign_ctx(RSA *rsa, EVP_MD_CTX *ctx,
- int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash,
- unsigned char *sigret, unsigned int *siglen)
- {
- unsigned int md_len, rv;
- unsigned char md[EVP_MAX_MD_SIZE];
- FIPS_digestfinal(ctx, md, &md_len);
- rv = FIPS_rsa_sign_digest(rsa, md, md_len,
- M_EVP_MD_CTX_md(ctx),
- rsa_pad_mode, saltlen,
- mgf1Hash, sigret, siglen);
- OPENSSL_cleanse(md, md_len);
- return rv;
- }
-
-
-int FIPS_rsa_sign_digest(RSA *rsa, const unsigned char *md, int md_len,
- const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
- const EVP_MD *mgf1Hash,
- unsigned char *sigret, unsigned int *siglen)
- {
- int i=0,j,ret=0;
- unsigned int dlen;
- const unsigned char *der;
- int md_type;
- /* Largest DigestInfo: 19 (max encoding) + max MD */
- unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
-
- if (FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_FIPS_RSA_SIGN_DIGEST, FIPS_R_SELFTEST_FAILED);
- return 0;
- }
- if (!mhash && rsa_pad_mode == RSA_PKCS1_PADDING)
- md_type = saltlen;
- else
- md_type = M_EVP_MD_type(mhash);
-
- if (rsa_pad_mode == RSA_X931_PADDING)
- {
- int hash_id;
- memcpy(tmpdinfo, md, md_len);
- hash_id = RSA_X931_hash_id(md_type);
- if (hash_id == -1)
- {
- RSAerr(RSA_F_FIPS_RSA_SIGN_DIGEST,RSA_R_UNKNOWN_ALGORITHM_TYPE);
- return 0;
- }
- tmpdinfo[md_len] = (unsigned char)hash_id;
- i = md_len + 1;
- }
- else if (rsa_pad_mode == RSA_PKCS1_PADDING)
- {
-
- der = fips_digestinfo_encoding(md_type, &dlen);
-
- if (!der)
- {
- RSAerr(RSA_F_FIPS_RSA_SIGN_DIGEST,RSA_R_UNKNOWN_ALGORITHM_TYPE);
- return 0;
- }
- memcpy(tmpdinfo, der, dlen);
- memcpy(tmpdinfo + dlen, md, md_len);
-
- i = dlen + md_len;
-
- }
- else if (rsa_pad_mode == RSA_PKCS1_PSS_PADDING)
- {
- unsigned char *sbuf;
- i = RSA_size(rsa);
- sbuf = OPENSSL_malloc(RSA_size(rsa));
- if (!sbuf)
- {
- RSAerr(RSA_F_FIPS_RSA_SIGN_DIGEST,ERR_R_MALLOC_FAILURE);
- goto psserr;
- }
- if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, sbuf, md, mhash,
- mgf1Hash, saltlen))
- goto psserr;
- j=rsa->meth->rsa_priv_enc(i,sbuf,sigret,rsa,RSA_NO_PADDING);
- if (j > 0)
- {
- ret=1;
- *siglen=j;
- }
- psserr:
- OPENSSL_cleanse(sbuf, i);
- OPENSSL_free(sbuf);
- return ret;
- }
-
- j=RSA_size(rsa);
- if (i > (j-RSA_PKCS1_PADDING_SIZE))
- {
- RSAerr(RSA_F_FIPS_RSA_SIGN_DIGEST,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
- goto done;
- }
- /* NB: call underlying method directly to avoid FIPS blocking */
- j=rsa->meth->rsa_priv_enc(i,tmpdinfo,sigret,rsa,rsa_pad_mode);
- if (j > 0)
- {
- ret=1;
- *siglen=j;
- }
-
- done:
- OPENSSL_cleanse(tmpdinfo,i);
- return ret;
- }
-
-int FIPS_rsa_verify_ctx(RSA *rsa, EVP_MD_CTX *ctx,
- int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash,
- const unsigned char *sigbuf, unsigned int siglen)
- {
- unsigned int md_len, rv;
- unsigned char md[EVP_MAX_MD_SIZE];
- FIPS_digestfinal(ctx, md, &md_len);
- rv = FIPS_rsa_verify_digest(rsa, md, md_len, M_EVP_MD_CTX_md(ctx),
- rsa_pad_mode, saltlen, mgf1Hash,
- sigbuf, siglen);
- OPENSSL_cleanse(md, md_len);
- return rv;
- }
-
-int FIPS_rsa_verify_digest(RSA *rsa, const unsigned char *dig, int diglen,
- const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
- const EVP_MD *mgf1Hash,
- const unsigned char *sigbuf, unsigned int siglen)
- {
- int i,ret=0;
- unsigned int dlen;
- unsigned char *s;
- const unsigned char *der;
- int md_type;
- int rsa_dec_pad_mode;
-
- if (FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_FIPS_RSA_VERIFY_DIGEST, FIPS_R_SELFTEST_FAILED);
- return 0;
- }
-
- if (siglen != (unsigned int)RSA_size(rsa))
- {
- RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_WRONG_SIGNATURE_LENGTH);
- return(0);
- }
-
- if (!mhash && rsa_pad_mode == RSA_PKCS1_PADDING)
- md_type = saltlen;
- else
- md_type = M_EVP_MD_type(mhash);
-
- s= OPENSSL_malloc((unsigned int)siglen);
- if (s == NULL)
- {
- RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (rsa_pad_mode == RSA_PKCS1_PSS_PADDING)
- rsa_dec_pad_mode = RSA_NO_PADDING;
- else
- rsa_dec_pad_mode = rsa_pad_mode;
-
- /* NB: call underlying method directly to avoid FIPS blocking */
- i=rsa->meth->rsa_pub_dec((int)siglen,sigbuf,s, rsa, rsa_dec_pad_mode);
-
- if (i <= 0) goto err;
-
- if (rsa_pad_mode == RSA_X931_PADDING)
- {
- int hash_id;
- if (i != (int)(diglen + 1))
- {
- RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_BAD_SIGNATURE);
- goto err;
- }
- hash_id = RSA_X931_hash_id(md_type);
- if (hash_id == -1)
- {
- RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_UNKNOWN_ALGORITHM_TYPE);
- goto err;
- }
- if (s[diglen] != (unsigned char)hash_id)
- {
- RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_BAD_SIGNATURE);
- goto err;
- }
- if (memcmp(s, dig, diglen))
- {
- RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_BAD_SIGNATURE);
- goto err;
- }
- ret = 1;
- }
- else if (rsa_pad_mode == RSA_PKCS1_PADDING)
- {
-
- der = fips_digestinfo_encoding(md_type, &dlen);
-
- if (!der)
- {
- RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_UNKNOWN_ALGORITHM_TYPE);
- return(0);
- }
-
- /* Compare, DigestInfo length, DigestInfo header and finally
- * digest value itself
- */
-
- /* If length mismatch try alternate encoding */
- if (i != (int)(dlen + diglen))
- der = fips_digestinfo_nn_encoding(md_type, &dlen);
-
- if ((i != (int)(dlen + diglen)) || memcmp(der, s, dlen)
- || memcmp(s + dlen, dig, diglen))
- {
- RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_BAD_SIGNATURE);
- goto err;
- }
- ret = 1;
-
- }
- else if (rsa_pad_mode == RSA_PKCS1_PSS_PADDING)
- {
- ret = RSA_verify_PKCS1_PSS_mgf1(rsa, dig, mhash, mgf1Hash,
- s, saltlen);
- if (ret < 0)
- ret = 0;
- }
-err:
- if (s != NULL)
- {
- OPENSSL_cleanse(s, siglen);
- OPENSSL_free(s);
- }
- return(ret);
- }
-
-int FIPS_rsa_sign(RSA *rsa, const unsigned char *msg, int msglen,
- const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
- const EVP_MD *mgf1Hash,
- unsigned char *sigret, unsigned int *siglen)
- {
- unsigned int md_len, rv;
- unsigned char md[EVP_MAX_MD_SIZE];
- FIPS_digest(msg, msglen, md, &md_len, mhash);
- rv = FIPS_rsa_sign_digest(rsa, md, md_len, mhash, rsa_pad_mode,
- saltlen, mgf1Hash, sigret, siglen);
- OPENSSL_cleanse(md, md_len);
- return rv;
- }
-
-
-int FIPS_rsa_verify(RSA *rsa, const unsigned char *msg, int msglen,
- const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
- const EVP_MD *mgf1Hash,
- const unsigned char *sigbuf, unsigned int siglen)
- {
- unsigned int md_len, rv;
- unsigned char md[EVP_MAX_MD_SIZE];
- FIPS_digest(msg, msglen, md, &md_len, mhash);
- rv = FIPS_rsa_verify_digest(rsa, md, md_len, mhash, rsa_pad_mode,
- saltlen, mgf1Hash, sigbuf, siglen);
- OPENSSL_cleanse(md, md_len);
- return rv;
- }
-
-#endif
+++ /dev/null
-/* fips_rsagtest.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005,2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
- printf("No FIPS RSA support\n");
- return(0);
-}
-
-#else
-
-#include <openssl/rsa.h>
-#include <openssl/fips.h>
-#include "fips_utl.h"
-
-int rsa_test(FILE *out, FILE *in);
-static int rsa_printkey1(FILE *out, RSA *rsa,
- BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
- BIGNUM *e);
-static int rsa_printkey2(FILE *out, RSA *rsa,
- BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq);
-
-#ifdef FIPS_ALGVS
-int fips_rsagtest_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
- {
- FILE *in = NULL, *out = NULL;
-
- int ret = 1;
-
- fips_algtest_init();
-
- if (argc == 1)
- in = stdin;
- else
- in = fopen(argv[1], "r");
-
- if (argc < 2)
- out = stdout;
- else
- out = fopen(argv[2], "w");
-
- if (!in)
- {
- fprintf(stderr, "FATAL input initialization error\n");
- goto end;
- }
-
- if (!out)
- {
- fprintf(stderr, "FATAL output initialization error\n");
- goto end;
- }
-
- if (!rsa_test(out, in))
- {
- fprintf(stderr, "FATAL RSAGTEST file processing error\n");
- goto end;
- }
- else
- ret = 0;
-
- end:
-
- if (in && (in != stdin))
- fclose(in);
- if (out && (out != stdout))
- fclose(out);
-
- return ret;
-
- }
-
-#define RSA_TEST_MAXLINELEN 10240
-
-int rsa_test(FILE *out, FILE *in)
- {
- char *linebuf, *olinebuf, *p, *q;
- char *keyword, *value;
- RSA *rsa = NULL;
- BIGNUM *Xp1 = NULL, *Xp2 = NULL, *Xp = NULL;
- BIGNUM *Xq1 = NULL, *Xq2 = NULL, *Xq = NULL;
- BIGNUM *e = NULL;
- int ret = 0;
- int lnum = 0;
-
- olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
- linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
-
- if (!linebuf || !olinebuf)
- goto error;
-
- while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
- {
- lnum++;
- strcpy(linebuf, olinebuf);
- keyword = linebuf;
- /* Skip leading space */
- while (isspace((unsigned char)*keyword))
- keyword++;
-
- /* Look for = sign */
- p = strchr(linebuf, '=');
-
- /* If no = or starts with [ (for [foo = bar] line) just copy */
- if (!p || *keyword=='[')
- {
- if (fputs(olinebuf, out) < 0)
- goto error;
- continue;
- }
-
- q = p - 1;
-
- /* Remove trailing space */
- while (isspace((unsigned char)*q))
- *q-- = 0;
-
- *p = 0;
- value = p + 1;
-
- /* Remove leading space from value */
- while (isspace((unsigned char)*value))
- value++;
-
- /* Remove trailing space from value */
- p = value + strlen(value) - 1;
-
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
-
- if (!strcmp(keyword, "xp1"))
- {
- if (Xp1 || !do_hex2bn(&Xp1,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "xp2"))
- {
- if (Xp2 || !do_hex2bn(&Xp2,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "Xp"))
- {
- if (Xp || !do_hex2bn(&Xp,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "xq1"))
- {
- if (Xq1 || !do_hex2bn(&Xq1,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "xq2"))
- {
- if (Xq2 || !do_hex2bn(&Xq2,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "Xq"))
- {
- if (Xq || !do_hex2bn(&Xq,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "e"))
- {
- if (e || !do_hex2bn(&e,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "p1"))
- continue;
- else if (!strcmp(keyword, "p2"))
- continue;
- else if (!strcmp(keyword, "p"))
- continue;
- else if (!strcmp(keyword, "q1"))
- continue;
- else if (!strcmp(keyword, "q2"))
- continue;
- else if (!strcmp(keyword, "q"))
- continue;
- else if (!strcmp(keyword, "n"))
- continue;
- else if (!strcmp(keyword, "d"))
- continue;
- else
- goto parse_error;
-
- fputs(olinebuf, out);
-
- if (e && Xp1 && Xp2 && Xp)
- {
- rsa = FIPS_rsa_new();
- if (!rsa)
- goto error;
- if (!rsa_printkey1(out, rsa, Xp1, Xp2, Xp, e))
- goto error;
- BN_free(Xp1);
- Xp1 = NULL;
- BN_free(Xp2);
- Xp2 = NULL;
- BN_free(Xp);
- Xp = NULL;
- BN_free(e);
- e = NULL;
- }
-
- if (rsa && Xq1 && Xq2 && Xq)
- {
- if (!rsa_printkey2(out, rsa, Xq1, Xq2, Xq))
- goto error;
- BN_free(Xq1);
- Xq1 = NULL;
- BN_free(Xq2);
- Xq2 = NULL;
- BN_free(Xq);
- Xq = NULL;
- FIPS_rsa_free(rsa);
- rsa = NULL;
- }
- }
-
- ret = 1;
-
- error:
-
- if (olinebuf)
- OPENSSL_free(olinebuf);
- if (linebuf)
- OPENSSL_free(linebuf);
-
- if (Xp1)
- BN_free(Xp1);
- if (Xp2)
- BN_free(Xp2);
- if (Xp)
- BN_free(Xp);
- if (Xq1)
- BN_free(Xq1);
- if (Xq1)
- BN_free(Xq1);
- if (Xq2)
- BN_free(Xq2);
- if (Xq)
- BN_free(Xq);
- if (e)
- BN_free(e);
- if (rsa)
- FIPS_rsa_free(rsa);
-
- return ret;
-
- parse_error:
-
- fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
-
- goto error;
-
- }
-
-static int rsa_printkey1(FILE *out, RSA *rsa,
- BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
- BIGNUM *e)
- {
- int ret = 0;
- BIGNUM *p1 = NULL, *p2 = NULL;
- p1 = BN_new();
- p2 = BN_new();
- if (!p1 || !p2)
- goto error;
-
- if (!RSA_X931_derive_ex(rsa, p1, p2, NULL, NULL, Xp1, Xp2, Xp,
- NULL, NULL, NULL, e, NULL))
- goto error;
-
- do_bn_print_name(out, "p1", p1);
- do_bn_print_name(out, "p2", p2);
- do_bn_print_name(out, "p", rsa->p);
-
- ret = 1;
-
- error:
- if (p1)
- BN_free(p1);
- if (p2)
- BN_free(p2);
-
- return ret;
- }
-
-static int rsa_printkey2(FILE *out, RSA *rsa,
- BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq)
- {
- int ret = 0;
- BIGNUM *q1 = NULL, *q2 = NULL;
- q1 = BN_new();
- q2 = BN_new();
- if (!q1 || !q2)
- goto error;
-
- if (!RSA_X931_derive_ex(rsa, NULL, NULL, q1, q2, NULL, NULL, NULL,
- Xq1, Xq2, Xq, NULL, NULL))
- goto error;
-
- do_bn_print_name(out, "q1", q1);
- do_bn_print_name(out, "q2", q2);
- do_bn_print_name(out, "q", rsa->q);
- do_bn_print_name(out, "n", rsa->n);
- do_bn_print_name(out, "d", rsa->d);
-
- ret = 1;
-
- error:
- if (q1)
- BN_free(q1);
- if (q2)
- BN_free(q2);
-
- return ret;
- }
-
-#endif
+++ /dev/null
-/* fips_rsastest.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
- printf("No FIPS RSA support\n");
- return(0);
-}
-
-#else
-
-#include <openssl/rsa.h>
-#include <openssl/fips.h>
-#include "fips_utl.h"
-
-static int rsa_stest(FILE *out, FILE *in, int Saltlen);
-static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
- unsigned char *Msg, long Msglen, int Saltlen);
-
-#ifdef FIPS_ALGVS
-int fips_rsastest_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
- {
- FILE *in = NULL, *out = NULL;
-
- int ret = 1, Saltlen = -1;
-
- fips_algtest_init();
-
- if ((argc > 2) && !strcmp("-saltlen", argv[1]))
- {
- Saltlen = atoi(argv[2]);
- if (Saltlen < 0)
- {
- fprintf(stderr, "FATAL: Invalid salt length\n");
- goto end;
- }
- argc -= 2;
- argv += 2;
- }
- else if ((argc > 1) && !strcmp("-x931", argv[1]))
- {
- Saltlen = -2;
- argc--;
- argv++;
- }
-
- if (argc == 1)
- in = stdin;
- else
- in = fopen(argv[1], "r");
-
- if (argc < 2)
- out = stdout;
- else
- out = fopen(argv[2], "w");
-
- if (!in)
- {
- fprintf(stderr, "FATAL input initialization error\n");
- goto end;
- }
-
- if (!out)
- {
- fprintf(stderr, "FATAL output initialization error\n");
- goto end;
- }
-
- if (!rsa_stest(out, in, Saltlen))
- {
- fprintf(stderr, "FATAL RSASTEST file processing error\n");
- goto end;
- }
- else
- ret = 0;
-
- end:
-
- if (in && (in != stdin))
- fclose(in);
- if (out && (out != stdout))
- fclose(out);
-
- return ret;
-
- }
-
-#define RSA_TEST_MAXLINELEN 10240
-
-int rsa_stest(FILE *out, FILE *in, int Saltlen)
- {
- char *linebuf, *olinebuf, *p, *q;
- char *keyword, *value;
- RSA *rsa = NULL;
- const EVP_MD *dgst = NULL;
- unsigned char *Msg = NULL;
- long Msglen = -1;
- int keylen = -1, current_keylen = -1;
- int ret = 0;
- int lnum = 0;
-
- olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
- linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
-
- if (!linebuf || !olinebuf)
- goto error;
-
- while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
- {
- lnum++;
- strcpy(linebuf, olinebuf);
- keyword = linebuf;
- /* Skip leading space */
- while (isspace((unsigned char)*keyword))
- keyword++;
-
- /* Look for = sign */
- p = strchr(linebuf, '=');
-
- /* If no = just copy */
- if (!p)
- {
- if (fputs(olinebuf, out) < 0)
- goto error;
- continue;
- }
-
- q = p - 1;
-
- /* Remove trailing space */
- while (isspace((unsigned char)*q))
- *q-- = 0;
-
- *p = 0;
- value = p + 1;
-
- /* Remove leading space from value */
- while (isspace((unsigned char)*value))
- value++;
-
- /* Remove trailing space from value */
- p = value + strlen(value) - 1;
-
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
-
- /* Look for [mod = XXX] for key length */
-
- if (!strcmp(keyword, "[mod"))
- {
- p = value + strlen(value) - 1;
- if (*p != ']')
- goto parse_error;
- *p = 0;
- keylen = atoi(value);
- if (keylen < 0)
- goto parse_error;
- }
- else if (!strcmp(keyword, "SHAAlg"))
- {
- if (!strcmp(value, "SHA1"))
- dgst = EVP_sha1();
- else if (!strcmp(value, "SHA224"))
- dgst = EVP_sha224();
- else if (!strcmp(value, "SHA256"))
- dgst = EVP_sha256();
- else if (!strcmp(value, "SHA384"))
- dgst = EVP_sha384();
- else if (!strcmp(value, "SHA512"))
- dgst = EVP_sha512();
- else
- {
- fprintf(stderr,
- "FATAL: unsupported algorithm \"%s\"\n",
- value);
- goto parse_error;
- }
- }
- else if (!strcmp(keyword, "Msg"))
- {
- if (Msg)
- goto parse_error;
- if (strlen(value) & 1)
- *(--value) = '0';
- Msg = hex2bin_m(value, &Msglen);
- if (!Msg)
- goto parse_error;
- }
-
- fputs(olinebuf, out);
-
- /* If key length has changed, generate and output public
- * key components of new RSA private key.
- */
-
- if (keylen != current_keylen)
- {
- BIGNUM *bn_e;
- if (rsa)
- FIPS_rsa_free(rsa);
- rsa = FIPS_rsa_new();
- if (!rsa)
- goto error;
- bn_e = BN_new();
- if (!bn_e || !BN_set_word(bn_e, 0x1001))
- goto error;
- if (!RSA_X931_generate_key_ex(rsa, keylen, bn_e, NULL))
- goto error;
- BN_free(bn_e);
- fputs("n = ", out);
- do_bn_print(out, rsa->n);
- fputs(RESP_EOL "e = ", out);
- do_bn_print(out, rsa->e);
- fputs(RESP_EOL, out);
- current_keylen = keylen;
- }
-
- if (Msg && dgst)
- {
- if (!rsa_printsig(out, rsa, dgst, Msg, Msglen,
- Saltlen))
- goto error;
- OPENSSL_free(Msg);
- Msg = NULL;
- }
-
- }
-
- ret = 1;
-
- error:
-
- if (olinebuf)
- OPENSSL_free(olinebuf);
- if (linebuf)
- OPENSSL_free(linebuf);
- if (rsa)
- FIPS_rsa_free(rsa);
-
- return ret;
-
- parse_error:
-
- fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
-
- goto error;
-
- }
-
-static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
- unsigned char *Msg, long Msglen, int Saltlen)
- {
- int ret = 0;
- unsigned char *sigbuf = NULL;
- int i, siglen, pad_mode;
- /* EVP_PKEY structure */
-
- siglen = RSA_size(rsa);
- sigbuf = OPENSSL_malloc(siglen);
- if (!sigbuf)
- goto error;
-
- if (Saltlen >= 0)
- pad_mode = RSA_PKCS1_PSS_PADDING;
- else if (Saltlen == -2)
- pad_mode = RSA_X931_PADDING;
- else
- pad_mode = RSA_PKCS1_PADDING;
-
- if (!FIPS_rsa_sign(rsa, Msg, Msglen, dgst, pad_mode, Saltlen, NULL,
- sigbuf, (unsigned int *)&siglen))
- goto error;
-
- fputs("S = ", out);
-
- for (i = 0; i < siglen; i++)
- fprintf(out, "%02X", sigbuf[i]);
-
- fputs(RESP_EOL, out);
-
- ret = 1;
-
- error:
-
- if (sigbuf)
- OPENSSL_free(sigbuf);
-
- return ret;
- }
-#endif
+++ /dev/null
-/* fips_rsavtest.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
- printf("No FIPS RSA support\n");
- return(0);
-}
-
-#else
-
-#include <openssl/rsa.h>
-#include <openssl/fips.h>
-
-#include "fips_utl.h"
-
-int rsa_vtest(FILE *out, FILE *in, int saltlen);
-static int rsa_printver(FILE *out,
- BIGNUM *n, BIGNUM *e,
- const EVP_MD *dgst,
- unsigned char *Msg, long Msglen,
- unsigned char *S, long Slen, int Saltlen);
-
-#ifdef FIPS_ALGVS
-int fips_rsavtest_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
- {
- FILE *in = NULL, *out = NULL;
-
- int ret = 1;
- int Saltlen = -1;
-
- fips_algtest_init();
-
- if ((argc > 2) && !strcmp("-saltlen", argv[1]))
- {
- Saltlen = atoi(argv[2]);
- if (Saltlen < 0)
- {
- fprintf(stderr, "FATAL: Invalid salt length\n");
- goto end;
- }
- argc -= 2;
- argv += 2;
- }
- else if ((argc > 1) && !strcmp("-x931", argv[1]))
- {
- Saltlen = -2;
- argc--;
- argv++;
- }
-
- if (argc == 1)
- in = stdin;
- else
- in = fopen(argv[1], "r");
-
- if (argc < 2)
- out = stdout;
- else
- out = fopen(argv[2], "w");
-
- if (!in)
- {
- fprintf(stderr, "FATAL input initialization error\n");
- goto end;
- }
-
- if (!out)
- {
- fprintf(stderr, "FATAL output initialization error\n");
- goto end;
- }
-
- if (!rsa_vtest(out, in, Saltlen))
- {
- fprintf(stderr, "FATAL RSAVTEST file processing error\n");
- goto end;
- }
- else
- ret = 0;
-
- end:
-
- if (in && (in != stdin))
- fclose(in);
- if (out && (out != stdout))
- fclose(out);
-
- return ret;
-
- }
-
-#define RSA_TEST_MAXLINELEN 10240
-
-int rsa_vtest(FILE *out, FILE *in, int Saltlen)
- {
- char *linebuf, *olinebuf, *p, *q;
- char *keyword, *value;
- const EVP_MD *dgst = NULL;
- BIGNUM *n = NULL, *e = NULL;
- unsigned char *Msg = NULL, *S = NULL;
- long Msglen, Slen;
- int ret = 0;
- int lnum = 0;
-
- olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
- linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
-
- if (!linebuf || !olinebuf)
- goto error;
-
- while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
- {
- lnum++;
- strcpy(linebuf, olinebuf);
- keyword = linebuf;
- /* Skip leading space */
- while (isspace((unsigned char)*keyword))
- keyword++;
-
- /* Look for = sign */
- p = strchr(linebuf, '=');
-
- /* If no = or starts with [ (for [foo = bar] line) just copy */
- if (!p || *keyword=='[')
- {
- if (fputs(olinebuf, out) < 0)
- goto error;
- continue;
- }
-
- q = p - 1;
-
- /* Remove trailing space */
- while (isspace((unsigned char)*q))
- *q-- = 0;
-
- *p = 0;
- value = p + 1;
-
- /* Remove leading space from value */
- while (isspace((unsigned char)*value))
- value++;
-
- /* Remove trailing space from value */
- p = value + strlen(value) - 1;
-
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
-
- if (!strcmp(keyword, "n"))
- {
- if (!do_hex2bn(&n,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "e"))
- {
- if (!do_hex2bn(&e,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "SHAAlg"))
- {
- if (!strcmp(value, "SHA1"))
- dgst = EVP_sha1();
- else if (!strcmp(value, "SHA224"))
- dgst = EVP_sha224();
- else if (!strcmp(value, "SHA256"))
- dgst = EVP_sha256();
- else if (!strcmp(value, "SHA384"))
- dgst = EVP_sha384();
- else if (!strcmp(value, "SHA512"))
- dgst = EVP_sha512();
- else
- {
- fprintf(stderr,
- "FATAL: unsupported algorithm \"%s\"\n",
- value);
- goto parse_error;
- }
- }
- else if (!strcmp(keyword, "Msg"))
- {
- if (Msg)
- goto parse_error;
- if (strlen(value) & 1)
- *(--value) = '0';
- Msg = hex2bin_m(value, &Msglen);
- if (!Msg)
- goto parse_error;
- }
- else if (!strcmp(keyword, "S"))
- {
- if (S)
- goto parse_error;
- if (strlen(value) & 1)
- *(--value) = '0';
- S = hex2bin_m(value, &Slen);
- if (!S)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Result"))
- continue;
- else
- goto parse_error;
-
- fputs(olinebuf, out);
-
- if (n && e && Msg && S && dgst)
- {
- if (!rsa_printver(out, n, e, dgst,
- Msg, Msglen, S, Slen, Saltlen))
- goto error;
- OPENSSL_free(Msg);
- Msg = NULL;
- OPENSSL_free(S);
- S = NULL;
- }
-
- }
-
-
- ret = 1;
-
-
- error:
-
- if (olinebuf)
- OPENSSL_free(olinebuf);
- if (linebuf)
- OPENSSL_free(linebuf);
- if (n)
- BN_free(n);
- if (e)
- BN_free(e);
-
- return ret;
-
- parse_error:
-
- fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
-
- goto error;
-
- }
-
-static int rsa_printver(FILE *out,
- BIGNUM *n, BIGNUM *e,
- const EVP_MD *dgst,
- unsigned char *Msg, long Msglen,
- unsigned char *S, long Slen, int Saltlen)
- {
- int ret = 0, r, pad_mode;
- /* Setup RSA and EVP_PKEY structures */
- RSA *rsa_pubkey = NULL;
- unsigned char *buf = NULL;
- rsa_pubkey = FIPS_rsa_new();
- if (!rsa_pubkey)
- goto error;
- rsa_pubkey->n = BN_dup(n);
- rsa_pubkey->e = BN_dup(e);
- if (!rsa_pubkey->n || !rsa_pubkey->e)
- goto error;
-
- if (Saltlen >= 0)
- pad_mode = RSA_PKCS1_PSS_PADDING;
- else if (Saltlen == -2)
- pad_mode = RSA_X931_PADDING;
- else
- pad_mode = RSA_PKCS1_PADDING;
-
- no_err = 1;
- r = FIPS_rsa_verify(rsa_pubkey, Msg, Msglen, dgst,
- pad_mode, Saltlen, NULL, S, Slen);
- no_err = 0;
-
- if (r < 0)
- goto error;
-
- if (r == 0)
- fputs("Result = F" RESP_EOL, out);
- else
- fputs("Result = P" RESP_EOL, out);
-
- ret = 1;
-
- error:
- if (rsa_pubkey)
- FIPS_rsa_free(rsa_pubkey);
- if (buf)
- OPENSSL_free(buf);
-
- return ret;
- }
-#endif
+++ /dev/null
-#
-# OpenSSL/fips/sha/Makefile
-#
-
-DIR= sha
-TOP= ../..
-CC= cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR= /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG= makedepend
-MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE= Makefile
-AR= ar r
-EXE_EXT=
-
-ASFLAGS= $(INCLUDES) $(ASFLAG)
-AFLAGS= $(ASFLAGS)
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST= fips_shatest.c
-APPS=
-EXE= fips_standalone_sha1$(EXE_EXT)
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_sha1_selftest.c
-LIBOBJ=fips_sha1_selftest.o
-
-SRC= $(LIBSRC)
-PROGS= fips_standalone_sha1.c
-
-EXHEADER=
-HEADER=
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd $(TOP); $(MAKE) DIRS=fips SDIRS=$(DIR) sub_all)
-
-all: ../fips_standalone_sha1$(EXE_EXT) lib
-
-lib: $(LIBOBJ)
- @echo $(LIBOBJ) > lib
-
-../fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o
- if [ -z "$(HOSTCC)" ] ; then \
- FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha1dgst.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
- $(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM ; \
- else \
- $(HOSTCC) $(HOSTCFLAGS) -o $ $@ -I../../include -I../../crypto fips_standalone_sha1.c ../../crypto/sha/sha1dgst.c ; \
- fi
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
- @headerlist="$(EXHEADER)"; for i in $$headerlist; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done
-
-tags:
- ctags $(SRC)
-
-tests:
-
-Q=../testvectors/sha/req
-A=../testvectors/sha/rsp
-
-VECTORS = SHA1LongMsg \
- SHA1Monte \
- SHA1ShortMsg \
- SHA224LongMsg \
- SHA224Monte \
- SHA224ShortMsg \
- SHA256LongMsg \
- SHA256Monte \
- SHA256ShortMsg \
- SHA384LongMsg \
- SHA384Monte \
- SHA384ShortMsg \
- SHA512LongMsg \
- SHA512Monte \
- SHA512ShortMsg
-
-fips_test:
- -rm -rf $(A)
- mkdir $(A)
- for file in $(VECTORS); do \
- if [ -f $(Q)/$$file.req ]; then \
- $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_shatest $(Q)/$$file.req $(A)/$$file.rsp; \
- fi; \
- done
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_sha1_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_sha1_selftest.o: ../../include/openssl/crypto.h
-fips_sha1_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_sha1_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_sha1_selftest.o: ../../include/openssl/lhash.h
-fips_sha1_selftest.o: ../../include/openssl/obj_mac.h
-fips_sha1_selftest.o: ../../include/openssl/objects.h
-fips_sha1_selftest.o: ../../include/openssl/opensslconf.h
-fips_sha1_selftest.o: ../../include/openssl/opensslv.h
-fips_sha1_selftest.o: ../../include/openssl/ossl_typ.h
-fips_sha1_selftest.o: ../../include/openssl/safestack.h
-fips_sha1_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-fips_sha1_selftest.o: ../../include/openssl/symhacks.h fips_sha1_selftest.c
-fips_shatest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_shatest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_shatest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_shatest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-fips_shatest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_shatest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
-fips_shatest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-fips_shatest.o: ../../include/openssl/objects.h
-fips_shatest.o: ../../include/openssl/opensslconf.h
-fips_shatest.o: ../../include/openssl/opensslv.h
-fips_shatest.o: ../../include/openssl/ossl_typ.h
-fips_shatest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_shatest.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_shatest.c
-fips_standalone_sha1.o: ../../include/openssl/asn1.h
-fips_standalone_sha1.o: ../../include/openssl/bio.h
-fips_standalone_sha1.o: ../../include/openssl/crypto.h
-fips_standalone_sha1.o: ../../include/openssl/e_os2.h
-fips_standalone_sha1.o: ../../include/openssl/evp.h
-fips_standalone_sha1.o: ../../include/openssl/fips.h
-fips_standalone_sha1.o: ../../include/openssl/hmac.h
-fips_standalone_sha1.o: ../../include/openssl/obj_mac.h
-fips_standalone_sha1.o: ../../include/openssl/objects.h
-fips_standalone_sha1.o: ../../include/openssl/opensslconf.h
-fips_standalone_sha1.o: ../../include/openssl/opensslv.h
-fips_standalone_sha1.o: ../../include/openssl/ossl_typ.h
-fips_standalone_sha1.o: ../../include/openssl/safestack.h
-fips_standalone_sha1.o: ../../include/openssl/sha.h
-fips_standalone_sha1.o: ../../include/openssl/stack.h
-fips_standalone_sha1.o: ../../include/openssl/symhacks.h fips_standalone_sha1.c
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/evp.h>
-#include <openssl/sha.h>
-
-#ifdef OPENSSL_FIPS
-static const unsigned char test[][60]=
- {
- "",
- "abc",
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
- };
-
-__fips_constseg
-static const unsigned char ret[][SHA_DIGEST_LENGTH]=
- {
- { 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55,
- 0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 },
- { 0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
- 0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d },
- { 0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
- 0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 },
- };
-
-int FIPS_selftest_sha1()
- {
- int rv = 1;
- size_t i;
-
- for(i=0 ; i <sizeof(test)/sizeof(test[0]) ; i++)
- {
- if (!fips_pkey_signature_test(FIPS_TEST_DIGEST, NULL,
- test[i], 0,
- ret[i], 20,
- EVP_sha1(), 0,
- "SHA1 Digest"))
- rv = 0;
- }
- return rv;
- }
-
-#endif
+++ /dev/null
-/* fips_shatest.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
- printf("No FIPS SHAXXX support\n");
- return(0);
-}
-
-#else
-
-#include <openssl/fips.h>
-
-#include "fips_utl.h"
-
-static int dgst_test(FILE *out, FILE *in);
-static int print_dgst(const EVP_MD *md, FILE *out,
- unsigned char *Msg, int Msglen);
-static int print_monte(const EVP_MD *md, FILE *out,
- unsigned char *Seed, int SeedLen);
-
-#ifdef FIPS_ALGVS
-int fips_shatest_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
- {
- FILE *in = NULL, *out = NULL;
-
- int ret = 1;
- fips_algtest_init();
-
- if (argc == 1)
- in = stdin;
- else
- in = fopen(argv[1], "r");
-
- if (argc < 2)
- out = stdout;
- else
- out = fopen(argv[2], "w");
-
- if (!in)
- {
- fprintf(stderr, "FATAL input initialization error\n");
- goto end;
- }
-
- if (!out)
- {
- fprintf(stderr, "FATAL output initialization error\n");
- goto end;
- }
-
- if (!dgst_test(out, in))
- {
- fprintf(stderr, "FATAL digest file processing error\n");
- goto end;
- }
- else
- ret = 0;
-
- end:
-
- if (in && (in != stdin))
- fclose(in);
- if (out && (out != stdout))
- fclose(out);
-
- return ret;
-
- }
-
-#define SHA_TEST_MAX_BITS 102400
-#define SHA_TEST_MAXLINELEN (((SHA_TEST_MAX_BITS >> 3) * 2) + 100)
-
-int dgst_test(FILE *out, FILE *in)
- {
- const EVP_MD *md = NULL;
- char *linebuf, *olinebuf, *p, *q;
- char *keyword, *value;
- unsigned char *Msg = NULL, *Seed = NULL;
- long MsgLen = -1, Len = -1, SeedLen = -1;
- int ret = 0;
- int lnum = 0;
-
- olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
- linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
-
- if (!linebuf || !olinebuf)
- goto error;
-
-
- while (fgets(olinebuf, SHA_TEST_MAXLINELEN, in))
- {
- lnum++;
- strcpy(linebuf, olinebuf);
- keyword = linebuf;
- /* Skip leading space */
- while (isspace((unsigned char)*keyword))
- keyword++;
-
- /* Look for = sign */
- p = strchr(linebuf, '=');
-
- /* If no = or starts with [ (for [L=20] line) just copy */
- if (!p)
- {
- fputs(olinebuf, out);
- continue;
- }
-
- q = p - 1;
-
- /* Remove trailing space */
- while (isspace((unsigned char)*q))
- *q-- = 0;
-
- *p = 0;
- value = p + 1;
-
- /* Remove leading space from value */
- while (isspace((unsigned char)*value))
- value++;
-
- /* Remove trailing space from value */
- p = value + strlen(value) - 1;
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
-
- if (!strcmp(keyword,"[L") && *p==']')
- {
- switch (atoi(value))
- {
- case 20: md=EVP_sha1(); break;
- case 28: md=EVP_sha224(); break;
- case 32: md=EVP_sha256(); break;
- case 48: md=EVP_sha384(); break;
- case 64: md=EVP_sha512(); break;
- default: goto parse_error;
- }
- }
- else if (!strcmp(keyword, "Len"))
- {
- if (Len != -1)
- goto parse_error;
- Len = atoi(value);
- if (Len < 0)
- goto parse_error;
- /* Only handle multiples of 8 bits */
- if (Len & 0x7)
- goto parse_error;
- if (Len > SHA_TEST_MAX_BITS)
- goto parse_error;
- MsgLen = Len >> 3;
- }
-
- else if (!strcmp(keyword, "Msg"))
- {
- long tmplen;
- if (strlen(value) & 1)
- *(--value) = '0';
- if (Msg)
- goto parse_error;
- Msg = hex2bin_m(value, &tmplen);
- if (!Msg)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Seed"))
- {
- if (strlen(value) & 1)
- *(--value) = '0';
- if (Seed)
- goto parse_error;
- Seed = hex2bin_m(value, &SeedLen);
- if (!Seed)
- goto parse_error;
- }
- else if (!strcmp(keyword, "MD"))
- continue;
- else
- goto parse_error;
-
- fputs(olinebuf, out);
-
- if (md && Msg && (MsgLen >= 0))
- {
- if (!print_dgst(md, out, Msg, MsgLen))
- goto error;
- OPENSSL_free(Msg);
- Msg = NULL;
- MsgLen = -1;
- Len = -1;
- }
- else if (md && Seed && (SeedLen > 0))
- {
- if (!print_monte(md, out, Seed, SeedLen))
- goto error;
- OPENSSL_free(Seed);
- Seed = NULL;
- SeedLen = -1;
- }
-
-
- }
-
-
- ret = 1;
-
-
- error:
-
- if (olinebuf)
- OPENSSL_free(olinebuf);
- if (linebuf)
- OPENSSL_free(linebuf);
- if (Msg)
- OPENSSL_free(Msg);
- if (Seed)
- OPENSSL_free(Seed);
-
- return ret;
-
- parse_error:
-
- fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
-
- goto error;
-
- }
-
-static int print_dgst(const EVP_MD *emd, FILE *out,
- unsigned char *Msg, int Msglen)
- {
- int i, mdlen;
- unsigned char md[EVP_MAX_MD_SIZE];
- if (!FIPS_digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd))
- {
- fputs("Error calculating HASH\n", stderr);
- return 0;
- }
- fputs("MD = ", out);
- for (i = 0; i < mdlen; i++)
- fprintf(out, "%02x", md[i]);
- fputs(RESP_EOL, out);
- return 1;
- }
-
-static int print_monte(const EVP_MD *md, FILE *out,
- unsigned char *Seed, int SeedLen)
- {
- unsigned int i, j, k;
- int ret = 0;
- EVP_MD_CTX ctx;
- unsigned char *m1, *m2, *m3, *p;
- unsigned int mlen, m1len, m2len, m3len;
-
- FIPS_md_ctx_init(&ctx);
-
- if (SeedLen > EVP_MAX_MD_SIZE)
- mlen = SeedLen;
- else
- mlen = EVP_MAX_MD_SIZE;
-
- m1 = OPENSSL_malloc(mlen);
- m2 = OPENSSL_malloc(mlen);
- m3 = OPENSSL_malloc(mlen);
-
- if (!m1 || !m2 || !m3)
- goto mc_error;
-
- m1len = m2len = m3len = SeedLen;
- memcpy(m1, Seed, SeedLen);
- memcpy(m2, Seed, SeedLen);
- memcpy(m3, Seed, SeedLen);
-
- fputs(RESP_EOL, out);
-
- for (j = 0; j < 100; j++)
- {
- for (i = 0; i < 1000; i++)
- {
- FIPS_digestinit(&ctx, md);
- FIPS_digestupdate(&ctx, m1, m1len);
- FIPS_digestupdate(&ctx, m2, m2len);
- FIPS_digestupdate(&ctx, m3, m3len);
- p = m1;
- m1 = m2;
- m1len = m2len;
- m2 = m3;
- m2len = m3len;
- m3 = p;
- FIPS_digestfinal(&ctx, m3, &m3len);
- }
- fprintf(out, "COUNT = %d" RESP_EOL, j);
- fputs("MD = ", out);
- for (k = 0; k < m3len; k++)
- fprintf(out, "%02x", m3[k]);
- fputs(RESP_EOL RESP_EOL, out);
- memcpy(m1, m3, m3len);
- memcpy(m2, m3, m3len);
- m1len = m2len = m3len;
- }
-
- ret = 1;
-
- mc_error:
- if (m1)
- OPENSSL_free(m1);
- if (m2)
- OPENSSL_free(m2);
- if (m3)
- OPENSSL_free(m3);
-
- FIPS_md_ctx_cleanup(&ctx);
-
- return ret;
- }
-
-#endif
+++ /dev/null
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/sha.h>
-#include <openssl/hmac.h>
-#include <openssl/fips.h>
-
-#ifndef FIPSCANISTER_O
-int FIPS_selftest_failed() { return 0; }
-void FIPS_selftest_check() {}
-void OPENSSL_cleanse(void *p,size_t len) {}
-unsigned int OPENSSL_ia32cap_P[2];
-#endif
-
-#ifdef OPENSSL_FIPS
-
-static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
- const char *key)
- {
- size_t len=strlen(key);
- int i;
- unsigned char keymd[HMAC_MAX_MD_CBLOCK];
- unsigned char pad[HMAC_MAX_MD_CBLOCK];
-
- if (len > SHA_CBLOCK)
- {
- SHA1_Init(md_ctx);
- SHA1_Update(md_ctx,key,len);
- SHA1_Final(keymd,md_ctx);
- len=20;
- }
- else
- memcpy(keymd,key,len);
- memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len);
-
- for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
- pad[i]=0x36^keymd[i];
- SHA1_Init(md_ctx);
- SHA1_Update(md_ctx,pad,SHA_CBLOCK);
-
- for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
- pad[i]=0x5c^keymd[i];
- SHA1_Init(o_ctx);
- SHA1_Update(o_ctx,pad,SHA_CBLOCK);
- }
-
-static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
- {
- unsigned char buf[20];
-
- SHA1_Final(buf,md_ctx);
- SHA1_Update(o_ctx,buf,sizeof buf);
- SHA1_Final(md,o_ctx);
- }
-
-#endif
-
-int main(int argc,char **argv)
- {
-#ifdef OPENSSL_FIPS
- static char key[]="etaonrishdlcupfm";
- int n,binary=0;
-
- if(argc < 2)
- {
- fprintf(stderr,"%s [<file>]+\n",argv[0]);
- exit(1);
- }
-
- n=1;
- if (!strcmp(argv[n],"-binary"))
- {
- n++;
- binary=1; /* emit binary fingerprint... */
- }
-
- for(; n < argc ; ++n)
- {
- FILE *f=fopen(argv[n],"rb");
- SHA_CTX md_ctx,o_ctx;
- unsigned char md[20];
- int i;
-
- if(!f)
- {
- perror(argv[n]);
- exit(2);
- }
-
- hmac_init(&md_ctx,&o_ctx,key);
- for( ; ; )
- {
- char buf[1024];
- size_t l=fread(buf,1,sizeof buf,f);
-
- if(l == 0)
- {
- if(ferror(f))
- {
- perror(argv[n]);
- exit(3);
- }
- else
- break;
- }
- SHA1_Update(&md_ctx,buf,l);
- }
- hmac_final(md,&md_ctx,&o_ctx);
-
- if (binary)
- {
- fwrite(md,20,1,stdout);
- break; /* ... for single(!) file */
- }
-
- printf("HMAC-SHA1(%s)= ",argv[n]);
- for(i=0 ; i < 20 ; ++i)
- printf("%02x",md[i]);
- printf("\n");
- }
-#endif
- return 0;
- }
-
-
+++ /dev/null
-FIPS tools explained
-====================
-
-api_list.pl
- a script to produce an API description, saying what parameters are
- for input, output or both.
-
- Most often, the direction of a parameter is determined automatically.
- However, quite a number of them are educated guesses. Either way,
- the information is stored in the file declarations.dat in this
- directory, and can be manually corrected; simply go through
- declarations.dat, look for any value with the key 'direction'
- where the value contains a question mark. Those should be changed
- to whatever is true, and the values should be one of the
- following:
-
- <- output
- -> input
- <-> both
-
-api_fns.pm
- a module that helps api_list.pl do its job.
-
-declarations.dat
- a file of information about public fips symbols. See api_list.pl
- above.
+++ /dev/null
-package api_data;
-use strict;
-
-use Data::Dumper;
-use File::Slurp;
-
-# The basic data store for a declaration is a hash holding the following
-# information (let's simply call this structure "declaration"):
-# sym => string (the symbol of the declaration)
-# symcomment=> string (if there's a comment about this symbol) or undef
-# type => string (type definition text, with a '?' where the symbol should be
-# kind => 0 (variable)
-# 1 (function)
-# params => list reference (list of declarations, one for each parameter)
-# [only exists when kind = 1]
-# direction => 0 (input)
-# 1 (output)
-# 2 (input and output)
-# 3 (output or input and output)
-# +4 (guess)
-# [only exists when this symbol is a parameter to a function]
-
-# Constructor
-sub new {
- my $class = shift;
- my $self = {};
- $self->{DECLARATIONS} = {};
- bless($self, $class);
- return $self;
-}
-
-sub read_declaration_db {
- my $self = shift;
- my $declaration_file = shift;
- my $buf = read_file($declaration_file);
- $self->{DECLARATIONS} = eval $buf;
- die $@ if $@;
-}
-
-sub write_declaration_db {
- my $self = shift;
- my $declaration_file = shift;
-
- $Data::Dumper::Purity = 1;
- open FILE,">".$declaration_file ||
- die "Can't open '$declaration_file': $!\n";
- print FILE "my ",Data::Dumper->Dump([ $self->{DECLARATIONS} ], [qw(declaration_db)]);
- close FILE;
-}
-
-sub insert_declaration {
- my $self = shift;
- my %decl = @_;
- my $sym = $decl{sym};
-
- if ($self->{DECLARATIONS}->{$sym}) {
- foreach my $k (('sym', 'symcomment','oldsym','objfile','kind')) {
- $self->{DECLARATIONS}->{$sym}->{$k} = $decl{$k};
- }
- if ($self->{DECLARATIONS}->{$sym}->{kind} == 1) {
- # Replace parameters only if the kind or type has changed
- my $oldp = $self->{DECLARATIONS}->{$sym}->{params};
- my $newp = $decl{params};
- my $l = scalar(@{$oldp});
- for my $pn (0..($l - 1)) {
- if ($oldp->[$pn]->{kind} != $newp->[$pn]->{kind}
- || $oldp->[$pn]->{type} ne $newp->[$pn]->{type}) {
- $self->{DECLARATIONS}->{$sym}->{params} = $newp;
- }
- }
- }
- } else {
- $self->{DECLARATIONS}->{$decl{sym}} = { %decl };
- }
-}
-
-# Input is a simple C declaration, output is a declaration structure
-sub _parse_declaration {
- my $decl = shift;
- my $newname = shift;
- my $objfile = shift;
- my $namecomment = shift;
- my %parsed_decl = ();
-
- my $debug = 0;
-
- print "DEBUG: going to parse: $decl\n" if $debug;
-
- # Start with changing all parens to { and } except the outermost
- # Within these, convert all commas to semi-colons
- my $s = "";
- do {
- print "DEBUG: decl: $decl\n" if $debug;
- $s = $decl;
- if ($decl =~ m/
- \(
- ([^\(\)]*)
- \(
- ([^\(\)]*)
- \)
- /x) {
- print "DEBUG: \`: $`\n" if $debug;
- print "DEBUG: 1: $1\n" if $debug;
- print "DEBUG: 2: $2\n" if $debug;
- print "DEBUG: \': $'\n" if $debug;
-
- my $a = "$`"."("."$1";
- my $b = "{"."$2"."}";
- my $c = "$'";
- print "DEBUG: a: $a\n" if $debug;
- print "DEBUG: b: $b\n" if $debug;
- print "DEBUG: c: $c\n" if $debug;
- $b =~ s/,/;/g;
- print "DEBUG: b: $b\n" if $debug;
-
- $decl = $a.$b.$c;
- }
- } while ($s ne $decl);
-
- # There are types that we look for. The first is the function pointer
- # T (*X)(...)
- if ($decl =~ m/
- ^\s*
- ([^\(]+) # Return type of the function pointed at
- \(
- \s*\*\s*
- ([^\)]*) # Function returning or variable holding fn ptr
- \)
- \s*
- \(
- ([^\)]*) # Parameter for the function pointed at
- \)
- \s*$
- /x) {
- print "DEBUG: function pointer variable or function\n" if $debug;
- print "DEBUG: 1: $1\n" if $debug;
- print "DEBUG: 2: $2\n" if $debug;
- print "DEBUG: 3: $3\n" if $debug;
-
- my $tmp1 = $1 . "(*?)" . "(" . $3 . ")";
- my $tmp2 = $2;
-
- $tmp1 =~ tr/\{\}\;/(),/; # Convert all braces and semi-colons
- # back to parens and commas
-
- $tmp2 =~ tr/\{\}\;/(),/; # Convert all braces and semi-colons
- # back to parens and commas
-
- # Parse the symbol part with a fake type. This will determine if
- # it's a variable or a function.
- my $subdeclaration = _parse_declaration("int " . $tmp2, $newname);
- map { $parsed_decl{$_} = $subdeclaration->{$_} } ( "sym",
- "kind",
- "params" );
- $parsed_decl{symcomment} = $namecomment if $namecomment;
- $parsed_decl{type} = $tmp1;
- }
- # If that wasn't it, check for the simple function declaration
- # T X(...)
- elsif ($decl =~ m/^\s*(.*?\W)(\w+)\s*\(\s*(.*)\s*\)\s*$/) {
- print "DEBUG: function\n" if $debug;
- print "DEBUG: 1: $1\n" if $debug;
- print "DEBUG: 2: $2\n" if $debug;
- print "DEBUG: 3: $3\n" if $debug;
-
- $parsed_decl{kind} = 1;
- $parsed_decl{type} = $1."?";
- $parsed_decl{sym} = $newname ? $newname : $2;
- $parsed_decl{symcomment} = $namecomment if $namecomment;
- $parsed_decl{oldsym} = $newname ? $2 : undef;
- $parsed_decl{params} = [
- map { tr/\{\}\;/(),/; _parse_declaration($_,undef,undef,undef) }
- grep { !/^\s*void\s*$/ }
- split(/\s*,\s*/, $3)
- ];
- }
- # If that wasn't it either, try to get a variable
- # T X or T X[...]
- elsif ($decl =~ m/^\s*(.*\W)(\w+)(\s*\[.*\])?\s*$/) {
- print "DEBUG: variable\n" if $debug;
- print "DEBUG: 1: $1\n" if $debug;
- print "DEBUG: 2: $2\n" if $debug;
-
- $parsed_decl{kind} = 0;
- $parsed_decl{type} = $1."?";
- $parsed_decl{sym} = $newname ? $newname : $2;
- $parsed_decl{symcomment} = $namecomment if $namecomment;
- $parsed_decl{oldsym} = $newname ? $2 : undef;
- }
- # Special for the parameter "..."
- elsif ($decl =~ m/^\s*\.\.\.\s*$/) {
- %parsed_decl = ( kind => 0, type => "?", sym => "..." );
- }
- # Otherwise, we got something weird
- else {
- print "Warning: weird declaration: $decl\n";
- %parsed_decl = ( kind => -1, decl => $decl );
- }
- $parsed_decl{objfile} = $objfile;
-
- print Dumper({ %parsed_decl }) if $debug;
- return { %parsed_decl };
-}
-
-sub add_declaration {
- my $self = shift;
- my $parsed = _parse_declaration(@_);
- $self->insert_declaration( %{$parsed} );
-}
-
-sub complete_directions {
- my $self = shift;
- foreach my $sym (keys %{$self->{DECLARATIONS}}) {
- if ($self->{DECLARATIONS}->{$sym}->{kind} == 1) {
- map {
- if (!$_->{direction} || $_->{direction} =~ m/\?/) {
- if ($_->{type} =~ m/const/) {
- $_->{direction} = '->'; # Input
- } elsif ($_->{sym} =~ m/ctx/ || $_->{type} =~ m/ctx/i) {
- $_->{direction} = '<-?'; # Guess output
- } elsif ($_->{type} =~ m/\*/) {
- if ($_->{type} =~ m/(short|int|char|size_t)/) {
- $_->{direction} = '<-?'; # Guess output
- } else {
- $_->{direction} = '<-? <->?'; # Guess output or input/output
- }
- } else {
- $_->{direction} = '->'; # Input
- }
- }
- } @{$self->{DECLARATIONS}->{$sym}->{params}};
- }
- }
-}
-
-sub on_all_declarations {
- my $self = shift;
- my $fn = shift;
- foreach my $sym (sort keys %{$self->{DECLARATIONS}}) {
- &$fn($self->{DECLARATIONS}->{$sym});
- }
-}
-
-sub get_function_declaration_strings_from_file {
- my $fn = shift;
- my %declarations = ();
- my $line = "";
- my $cppline = "";
-
- my $debug = 0;
-
- foreach my $headerline (`cat $fn`) {
- chomp $headerline;
- print STDERR "DEBUG0: $headerline\n" if $debug;
- # First, treat the line at a CPP level; remove comments, add on more
- # lines if there's an ending backslash or an incomplete comment.
- # If none of that is true, then remove all comments and check if the
- # line starts with a #, skip if it does, otherwise continue.
- if ($cppline && $headerline) { $cppline .= " "; }
- $cppline .= $headerline;
- $cppline =~ s^\"(.|\\\")*\"^@@^g; # Collapse strings
- $cppline =~ s^/\*.*?\*/^^g; # Remove all complete comments
- print STDERR "DEBUG1: $cppline\n" if $debug;
- if ($cppline =~ m/\\$/) { # Keep on reading if the current line ends
- # with a backslash
- $cppline = $`;
- next;
- }
- next if $cppline =~ m/\/\*/; # Keep on reading if there remains the
- # start of a comment
- next if $cppline =~ m/"/; # Keep on reading if there remains the
- # start of a string
- if ($cppline =~ m/^\#/) {
- $cppline = "";
- next;
- }
-
- # Done with the preprocessor part, add the resulting line to the
- # line we're putting together to get a statement.
- if ($line && $cppline) { $line .= " "; }
- $line .= $cppline;
- $cppline = "";
- $line =~ s%extern\s+\@\@\s+\{%%g; # Remove 'extern "C" {'
- $line =~ s%\{[^\{\}]*\}%\$\$%g; # Collapse any compound structure
- print STDERR "DEBUG2: $line\n" if $debug;
- next if $line =~ m%\{%; # If there is any compound structure start,
- # we are not quite done reading.
- $line =~ s%\}%%; # Remove a lonely }, it's probably a rest
- # from 'extern "C" {'
- $line =~ s%^\s+%%; # Remove beginning blanks
- $line =~ s%\s+$%%; # Remove trailing blanks
- $line =~ s%\s+% %g; # Collapse multiple blanks to one.
- if ($line =~ m/;/) {
- print STDERR "DEBUG3: $`\n" if $debug;
- my $decl = $`; #`; # (emacs is stupid that way)
- $line = $'; #'; # (emacs is stupid that way)
-
- # Find the symbol by taking the declaration and fiddling with it:
- # (remember, we're just extracting the symbol, so we're allowed
- # to cheat here ;-))
- # 1. Remove all paired parenthesies, innermost first. While doing
- # this, if something like "(* foo)(" is found, this is a
- # function pointer; change it to "foo("
- # 2. Remove all paired square parenthesies.
- # 3. Remove any $$ with surrounding spaces.
- # 4. Pick the last word, that's the symbol.
- my $tmp;
- my $sym = $decl;
- print STDERR "DEBUG3.1: $sym\n" if $debug;
- do {
- $tmp = $sym;
- # NOTE: The order of these two is important, and it's also
- # important not to use the g modifier.
- $sym =~ s/\(\s*\*\s*(\w+)\s*\)\s*\(/$1(/;
- $sym =~ s/\([^\(\)]*\)//;
- print STDERR "DEBUG3.2: $sym\n" if $debug;
- } while ($tmp ne $sym);
- do {
- $tmp = $sym;
- $sym =~ s/\[[^\[\]]*\]//g;
- } while ($tmp ne $sym);
- $sym =~ s/\s*\$\$\s*//g;
- $sym =~ s/.*[\s\*](\w+)\s*$/$1/;
- print STDERR "DEBUG4: $sym\n" if $debug;
- if ($sym =~ m/\W/) {
- print STDERR "Warning[$fn]: didn't find proper symbol in declaration:\n";
- print STDERR " decl: $decl\n";
- print STDERR " sym: $sym\n";
- }
- $declarations{$sym} = $decl;
- }
- }
- return %declarations;
-}
-
-1;
+++ /dev/null
-#!/bin/env perl
-#
-# Quick and dirty utility to help assemble the mandated (but otherwise
-# useless) API documentation. We get the list of external function
-# symbols from fipscanister.o, pair those with the source file names
-# (from ./fips/fipssyms.h), and map to the object file name containing
-# them.
-#
-# Requires the "nm" and "find" utilities.
-# Execure from the root of the FIPS module source code workarea
-
-use HTML::Entities;
-use File::Basename;
-
-$here = dirname($0);
-require "$here/api_fns.pm";
-
-$_direction_question = ''; # Set to '?' to show "<-?", "<->?" for uncertain directions
-
-print STDERR "Info: finding FIPS renames and reimplementations of OpenSSL symbols\n";
-# Get mapping of old (source code) to new (live as renamed) symbols
-foreach $file ("./fips/fipssyms.h") {
- open(IN, $file) || die "Error opening $file";
- # grab pairs until assembler symbols
- my $buf = '';
- my $reimplementations = 1; # When 1, we're looking at reimplementations
- # (not renames) of OpenSSL functions. They
- # still have to be saved to get the API.
- while (<IN>) {
- $reimplementations = 0 if m|^\s*/\*\sRename\ssymbols\s|;
-
- if ($buf) {
- $_ = $buf . $_;
- $buf = '';
- }
- if (s/\\\n$//) {
- $buf = $_;
- next;
- }
- if (m/\(/) {
- ($oldname, $newname) = m/#define\s+(\S+)\(.*\)\s+(\S+)\(.*\)/;
- } else {
- ($oldname, $newname) = m/#define\s+(\S+)\s+(\S+)/;
- }
-
- $oldname || next;
- if (!$reimplementations) {
- $oldname{$newname} = $oldname;
- }
- $oldimpl{$newname} = $oldname;
- last if (/assembler/)
- }
- close(IN);
- # %oldname is the mapping of new function names to old
- print "<!-- Total of ", scalar(keys %oldname), " mapped symbols in $file -->\n";
-}
-
-print STDERR "Info: finding FIPS symbols in object files\n";
-# generate list of external function names in fipscanister.o
-$file = "./fips/fipscanister.o";
-for (`nm -g --defined-only -p -o $file`) {
- chomp;
- s/^\S+ T // || next;
- m/^fips_/ && next;
- $fipssyms{$_}++;
- $objname =~ s/\.o$/\.\[o\|c\]/;
- $objname{$symname} = $objname;
-}
-# keys %fipssyms is the list of module functions
-print "<!-- Total of ", scalar(keys %fipssyms), " functions in $file -->\n";
-
-# grab filename to symbol name mapping, each line is of the format
-# ./fips/sha/fips_sha1_selftest.o:00000000 T FIPS_selftest_sha1
-# discard the offset and type ":00000000 T".
-for (`find . -name '*.o' \\! -name 'fipscanister.o' -exec nm -g --defined-only -p -o {} \\;`) {
- ($objname, $symname) = m/^(\S+):\S+\s+T+\s+(\S+)/;
- $objname || next;
-# $fipssyms{$symname} || next;
- $objname =~ s/\.o$/\.\[o\|c\]/;
- $objname{$symname} = $objname;
- }
-# %objname is the mapping of new symbol name to (source/object) file name
-print "<!-- Total of ", scalar(keys %objname), " functions found in files -->\n";
-
-print STDERR "Info: finding declarations in header files\n";
-
-# grab filenames in include/openssl, run each of them through
-# get_function_declarations_from_file (defined in api_fns.pl)
-# and collect the result.
-%declarations = ();
-while (<include/openssl/*.h ./crypto/cryptlib.h>) {
- my %decls = api_data::get_function_declaration_strings_from_file($_);
- map { $declarations{$_} = $decls{$_} } keys %decls;
-}
-# %declarations is the mapping of old symbol name to their declaration
-print "<!-- Total of ", scalar(keys %declarations), " declarations found in header files -->\n";
-
-# Add the markers FIPS_text_start and FIPS_text_end
-$declarations{FIPS_text_start} = "void *FIPS_text_start()";
-$declarations{FIPS_text_end} = "void *FIPS_text_end()";
-
-
-# Read list of API names obtained from edited "nm -g fipscanister.o"
-$spill = 0;
-sub printer {
- foreach (@_) {
- if ($_->{kind} >= 0) {
- if ($spill) {
- print " " x $indent;
- print "kind: ",$_->{kind} ? "function" : "variable","\n";
- print " " x $indent;
- print "sym: ",$_->{sym},"\n";
- print " " x $indent;
- print "type: ",$_->{type},"\n";
- }
- if ($_->{kind}) {
- $c = 0;
- map {
- if ($spill) {
- print " " x $indent;
- printf "param %d:\n", ++$c;
- }
- $indent += 2;
- printer($_);
- my $direction = $_->{direction};
- if (!$_direction_question) {
- $direction =~ s/<-\? <->\?/<->/;
- $direction =~ s/\?//g;
- }
- print " " x $indent,$direction," ",$_->{sym},"\n";
- $indent -= 2;
- } @{$_->{params}};
- if ($_->{type} !~ m/^\s*void\s*$/) {
- print " " x $indent;
- print "<- Return\n";
- }
- }
- } else {
- if ($spill) {
- print " " x $indent;
- print "decl: ",$_->{decl},"\n";
- }
- }
- }
-}
-
-sub html_printer {
- my $print_mode = shift; # 0 = print declaration with symbol in bold,
- # call recursively with 1 for each parameter,
- # call recursively with 2 for each parameter
- # 1 = print declaration with sym grey background,
- # call recursivelt with 3 for each parameter
- # 2 = just print declaration
- my $d = shift; # Parsed declaration
- my $s = '';
-
- if ($print_mode == 0) {
- $d->{sym} || return $s;
- my $h = "<hr><br />\n";
- $h .= $d->{sym} . ($d->{symcomment} ? " " . $d->{symcomment} : "");
- $h .= " in file " . $d->{objfile} . "<br />\n<br />\n";
-
- $s .= '<b>' . $d->{sym} . '</b>';
- if ($d->{kind} == 1) {
- $s .= '(';
- $s .= join(', ',
- map {
- html_printer(1,$_);
- } @{$d->{params}});
- $s .= ')';
- }
- my $t = $d->{type};
- $t =~ s/\?/$s/;
- $s = $t;
- if ($d->{kind} == 1) {
- map {
- my $direction = $_->{direction};
- if (!$_direction_question) {
- $direction =~ s/<-\? <->\?/<->/;
- $direction =~ s/\?//g;
- }
- $s .= "<br />\n";
- $s .= encode_entities($direction
- . "\xA0" x (9 - length($direction)));
- $s .= $_->{sym};
- } @{$d->{params}};
- }
- if ($d->{type} !~ m/^\s*void\s*\?$/) {
- $s .= "<br />\n";
- $s .= encode_entities('<-'.("\xA0" x 7).'Return');
- }
- $s = $h . $s;
- } elsif ($print_mode == 1) {
- $s .= '<span style="background: #c0c0c0">' . $d->{sym} . '</span>';
- if ($d->{kind} == 1) {
- $s .= '(';
- $s .= join(', ',
- map {
- html_printer(3,$_);
- } @{$d->{params}});
- $s .= ')';
- }
- my $t = $d->{type};
- $t =~ s/\?/$s/;
- $s = $t;
- } elsif ($print_mode == 2) {
- $s .= $d->{sym};
- if ($d->{kind} == 1) {
- $s .= '(';
- $s .= join(', ',
- map {
- html_printer(2,$_);
- } @{$d->{params}});
- $s .= ')';
- }
- my $t = $d->{type};
- $t =~ s/\?/$s/;
- $s = $t;
- }
- return $s;
-}
-
-print STDERR "Info: building/updating symbol information database\n";
-
-$d = api_data->new();
-if (-s "$here/declarations.dat") {
- $d->read_declaration_db("$here/declarations.dat");
-} else {
- print STDERR "Warning: there was no file '$here/declarations.dat'. A new one will be created\n";
-}
-
-for (sort keys %fipssyms) {
- $newname = $_;
- $namecomment = undef;
- if ($oldname{$newname}) {
- $oldname = $oldname{$newname};
- $objname = $objname{$oldname} ? $objname{$oldname} : $objname{$newname};
- $namecomment = "(renames $oldname)";
- } else {
- $objname = $objname{$newname};
- }
- if ($oldimpl{$newname}) {
- $apisym = $oldimpl{$newname};
- $namecomment = "(reimplements $apisym)" if !$namecomment;
- } else {
- $apisym = $newname;
- }
- $declaration = $declarations{$apisym};
- print "<!--\n";
- print "$newname\t\t$namecomment\tin file $objname:\n";
- print " ",$declaration,"\n ";
- $d->add_declaration($declaration,$newname,$objname,$namecomment);
- print "-->\n";
-}
-
-$d->complete_directions();
-$d->write_declaration_db("$here/declarations.dat");
-
-print STDERR "Info: printing output\n";
-
-$d->on_all_declarations(
- sub {
- my $decl = shift;
- #$indent = 2;
- #print printer($decl);
- print "<p>",html_printer(0,$decl),"</p>\n";
- });
+++ /dev/null
-my $declaration_db = {
- '' => {
- 'objfile' => './fips/fipscanister.[o|c]',
- 'kind' => -1,
- 'decl' => undef,
- 'sym' => undef,
- 'oldsym' => undef
- },
- 'FIPS_rand_strength' => {
- 'params' => [],
- 'objfile' => './fips/rand/fips_rand_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_rand_strength',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_rand_strength'
- },
- 'FIPS_selftest' => {
- 'params' => [],
- 'objfile' => './fips/fips_post.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_selftest',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_selftest'
- },
- 'FIPS_ec_group_set_asn1_flag' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'flag',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_set_asn1_flag)',
- 'sym' => 'FIPS_ec_group_set_asn1_flag',
- 'type' => 'void ?',
- 'oldsym' => 'EC_GROUP_set_asn1_flag'
- },
- 'FIPS_drbg_reseed' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dctx',
- 'type' => 'DRBG_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'adin',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'adinlen',
- 'type' => 'size_t ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_drbg_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_drbg_reseed',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_drbg_reseed'
- },
- 'FIPS_evp_aes_256_ofb' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_256_ofb)',
- 'sym' => 'FIPS_evp_aes_256_ofb',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_256_ofb'
- },
- 'FIPS_evp_aes_256_ecb' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_256_ecb)',
- 'sym' => 'FIPS_evp_aes_256_ecb',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_256_ecb'
- },
- 'FIPS_rsa_new' => {
- 'params' => [],
- 'objfile' => './fips/rsa/fips_rsa_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_rsa_new',
- 'type' => 'struct rsa_st *?',
- 'oldsym' => 'FIPS_rsa_new'
- },
- 'FIPS_x931_reset' => {
- 'params' => [],
- 'objfile' => './fips/rand/fips_rand.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_x931_reset',
- 'type' => 'void ?',
- 'oldsym' => 'FIPS_x931_reset'
- },
- 'FIPS_set_malloc_callbacks' => {
- 'params' => [
- {
- 'direction' => '->',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'malloc_cb',
- 'type' => 'void *(*?)(int num, const char *file, int line)'
- },
- {
- 'direction' => '<-? <->?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'free_cb',
- 'type' => 'void (*?)(void *)'
- }
- ],
- 'objfile' => './fips/utl/fips_mem.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_set_malloc_callbacks',
- 'type' => 'void ?',
- 'oldsym' => 'FIPS_set_malloc_callbacks'
- },
- 'FIPS_digest' => {
- 'objfile' => './fips/utl/fips_md.[o|c]',
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'data',
- 'type' => 'const void *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'count',
- 'type' => 'size_t ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'md',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'size',
- 'type' => 'unsigned int *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'type',
- 'type' => 'const EVP_MD *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'impl',
- 'type' => 'ENGINE *?',
- 'oldsym' => undef
- }
- ],
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_Digest)',
- 'sym' => 'FIPS_digest',
- 'oldsym' => 'EVP_Digest',
- 'type' => '__owur int ?'
- },
- 'FIPS_evp_aes_128_ctr' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_128_ctr)',
- 'sym' => 'FIPS_evp_aes_128_ctr',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_128_ctr'
- },
- 'FIPS_rsa_flags' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'r',
- 'type' => 'const RSA *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/rsa/rsa_crpt.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames RSA_flags)',
- 'sym' => 'FIPS_rsa_flags',
- 'type' => 'int ?',
- 'oldsym' => 'RSA_flags'
- },
- 'FIPS_set_error_callbacks' => {
- 'params' => [
- {
- 'direction' => '->',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'put_cb',
- 'type' => 'void (*?)(int lib, int func,int reason,const char *file,int line)'
- },
- {
- 'direction' => '<-?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'add_cb',
- 'type' => 'void (*?)(int num, va_list args)'
- }
- ],
- 'objfile' => './fips/utl/fips_err.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_set_error_callbacks',
- 'type' => 'void ?',
- 'oldsym' => 'FIPS_set_error_callbacks'
- },
- 'FIPS_rsa_private_encrypt' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'flen',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'from',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'to',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa',
- 'type' => 'RSA *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'padding',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/rsa/rsa_crpt.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames RSA_private_encrypt)',
- 'sym' => 'FIPS_rsa_private_encrypt',
- 'type' => 'int ?',
- 'oldsym' => 'RSA_private_encrypt'
- },
- 'FIPS_x931_method' => {
- 'params' => [],
- 'objfile' => './fips/rand/fips_rand.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_x931_method',
- 'type' => 'const RAND_METHOD *?',
- 'oldsym' => 'FIPS_x931_method'
- },
- 'FIPS_bn_pseudo_rand_range' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rnd',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'range',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_rand.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_pseudo_rand_range)',
- 'sym' => 'FIPS_bn_pseudo_rand_range',
- 'type' => 'int ?',
- 'oldsym' => 'BN_pseudo_rand_range'
- },
- 'FIPS_evp_aes_128_gcm' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_128_gcm)',
- 'sym' => 'FIPS_evp_aes_128_gcm',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_128_gcm'
- },
- 'FIPS_evp_aes_192_cbc' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_192_cbc)',
- 'sym' => 'FIPS_evp_aes_192_cbc',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_192_cbc'
- },
- 'FIPS_evp_ecdsa' => {
- 'params' => [],
- 'objfile' => './crypto/evp/m_ecdsa.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_ecdsa)',
- 'sym' => 'FIPS_evp_ecdsa',
- 'type' => 'const EVP_MD *?',
- 'oldsym' => 'EVP_ecdsa'
- },
- 'FIPS_crypto_set_id_callback' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'func',
- 'type' => 'unsigned long (*?)(void)'
- }
- ],
- 'objfile' => './crypto/thr_id.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CRYPTO_set_id_callback)',
- 'sym' => 'FIPS_crypto_set_id_callback',
- 'type' => 'void ?',
- 'oldsym' => 'CRYPTO_set_id_callback'
- },
- 'FIPS_bn_free' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_free)',
- 'sym' => 'FIPS_bn_free',
- 'type' => 'void ?',
- 'oldsym' => 'BN_free'
- },
- 'FIPS_ec_key_clear_flags' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'flags',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_clear_flags)',
- 'sym' => 'FIPS_ec_key_clear_flags',
- 'type' => 'void ?',
- 'oldsym' => 'EC_KEY_clear_flags'
- },
- 'FIPS_cipher_ctx_new' => {
- 'params' => [],
- 'objfile' => './fips/utl/fips_enc.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_CIPHER_CTX_new)',
- 'sym' => 'FIPS_cipher_ctx_new',
- 'type' => 'EVP_CIPHER_CTX *?',
- 'oldsym' => 'EVP_CIPHER_CTX_new'
- },
- 'FIPS_bn_clear' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_clear)',
- 'sym' => 'FIPS_bn_clear',
- 'type' => 'void ?',
- 'oldsym' => 'BN_clear'
- },
- 'FIPS_dh_compute_key' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'pub_key',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dh',
- 'type' => 'DH *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/dh/dh_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames DH_compute_key)',
- 'sym' => 'FIPS_dh_compute_key',
- 'type' => 'int ?',
- 'oldsym' => 'DH_compute_key'
- },
- 'FIPS_evp_des_ede_ecb' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_des3.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_des_ede_ecb)',
- 'sym' => 'FIPS_evp_des_ede_ecb',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_des_ede_ecb'
- },
- 'FIPS_ec_group_method_of' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_method_of)',
- 'sym' => 'FIPS_ec_group_method_of',
- 'type' => 'const EC_METHOD *?',
- 'oldsym' => 'EC_GROUP_method_of'
- },
- 'FIPS_ec_key_set_private_key' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'prv',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_set_private_key)',
- 'sym' => 'FIPS_ec_key_set_private_key',
- 'type' => 'int ?',
- 'oldsym' => 'EC_KEY_set_private_key'
- },
- 'FIPS_ec_key_precompute_mult' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_precompute_mult)',
- 'sym' => 'FIPS_ec_key_precompute_mult',
- 'type' => 'int ?',
- 'oldsym' => 'EC_KEY_precompute_mult'
- },
- 'FIPS_add_error_data' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'num',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => '...',
- 'type' => '?'
- }
- ],
- 'objfile' => './fips/utl/fips_err.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements ERR_add_error_data)',
- 'sym' => 'FIPS_add_error_data',
- 'type' => 'void ?',
- 'oldsym' => 'ERR_add_error_data'
- },
- 'FIPS_drbg_uninstantiate' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dctx',
- 'type' => 'DRBG_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_drbg_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_drbg_uninstantiate',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_drbg_uninstantiate'
- },
- 'FIPS_dh_generate_key' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dh',
- 'type' => 'DH *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/dh/dh_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames DH_generate_key)',
- 'sym' => 'FIPS_dh_generate_key',
- 'type' => 'int ?',
- 'oldsym' => 'DH_generate_key'
- },
- 'FIPS_bn_num_bits_word' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'l',
- 'type' => 'BN_ULONG ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_num_bits_word)',
- 'sym' => 'FIPS_bn_num_bits_word',
- 'type' => 'int ?',
- 'oldsym' => 'BN_num_bits_word'
- },
- 'FIPS_cmac_final' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'CMAC_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'out',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'poutlen',
- 'type' => 'size_t *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/cmac/cmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CMAC_Final)',
- 'sym' => 'FIPS_cmac_final',
- 'type' => 'int ?',
- 'oldsym' => 'CMAC_Final'
- },
- 'FIPS_bn_set_bit' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'n',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_set_bit)',
- 'sym' => 'FIPS_bn_set_bit',
- 'type' => 'int ?',
- 'oldsym' => 'BN_set_bit'
- },
- 'FIPS_selftest_des' => {
- 'params' => [],
- 'objfile' => './fips/des/fips_des_selftest.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_selftest_des',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_selftest_des'
- },
- 'FIPS_cipher_ctx_init' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'EVP_CIPHER_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_enc.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_CIPHER_CTX_init)',
- 'sym' => 'FIPS_cipher_ctx_init',
- 'type' => 'void ?',
- 'oldsym' => 'EVP_CIPHER_CTX_init'
- },
- 'FIPS_ec_point_get_affine_coordinates_gf2m' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p',
- 'type' => 'const EC_POINT *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'x',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'y',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_POINT_get_affine_coordinates_GF2m)',
- 'sym' => 'FIPS_ec_point_get_affine_coordinates_gf2m',
- 'type' => 'int ?',
- 'oldsym' => 'EC_POINT_get_affine_coordinates_GF2m'
- },
- 'FIPS_dh_generate_parameters_ex' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dh',
- 'type' => 'DH *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'prime_len',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'generator',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cb',
- 'type' => 'BN_GENCB *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/dh/dh_gen.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames DH_generate_parameters_ex)',
- 'sym' => 'FIPS_dh_generate_parameters_ex',
- 'type' => 'int ?',
- 'oldsym' => 'DH_generate_parameters_ex'
- },
- 'FIPS_evp_aes_256_xts' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_256_xts)',
- 'sym' => 'FIPS_evp_aes_256_xts',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_256_xts'
- },
- 'FIPS_drbg_instantiate' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dctx',
- 'type' => 'DRBG_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'pers',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'perslen',
- 'type' => 'size_t ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_drbg_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_drbg_instantiate',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_drbg_instantiate'
- },
- 'FIPS_dsa_sign_digest' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dsa',
- 'type' => 'DSA *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dig',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dlen',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/dsa/fips_dsa_sign.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_dsa_sign_digest',
- 'type' => 'DSA_SIG * ?',
- 'oldsym' => 'FIPS_dsa_sign_digest'
- },
- 'FIPS_drbg_init' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dctx',
- 'type' => 'DRBG_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'type',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'flags',
- 'type' => 'unsigned int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_drbg_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_drbg_init',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_drbg_init'
- },
- 'FIPS_x931_seed' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'buf',
- 'type' => 'const void *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'num',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_rand.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_x931_seed',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_x931_seed'
- },
- 'FIPS_drbg_set_check_interval' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dctx',
- 'type' => 'DRBG_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'interval',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_drbg_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_drbg_set_check_interval',
- 'type' => 'void ?',
- 'oldsym' => 'FIPS_drbg_set_check_interval'
- },
- 'FIPS_module_mode_set' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'onoff',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/fips.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_module_mode_set',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_module_mode_set'
- },
- 'FIPS_cipher_ctx_set_key_length' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'x',
- 'type' => 'EVP_CIPHER_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'keylen',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_enc.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_CIPHER_CTX_set_key_length)',
- 'sym' => 'FIPS_cipher_ctx_set_key_length',
- 'type' => 'int ?',
- 'oldsym' => 'EVP_CIPHER_CTX_set_key_length'
- },
- 'FIPS_rand_set_method' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'meth',
- 'type' => 'const RAND_METHOD *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_rand_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_rand_set_method',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_rand_set_method'
- },
- 'FIPS_post_set_callback' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'post_cb',
- 'type' => 'int (*?)(int op, int id, int subid, void *ex)'
- }
- ],
- 'objfile' => './fips/fips_post.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_post_set_callback',
- 'type' => 'void ?',
- 'oldsym' => 'FIPS_post_set_callback'
- },
- 'FIPS_crypto_threadid_hash' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'id',
- 'type' => 'const CRYPTO_THREADID *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/thr_id.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CRYPTO_THREADID_hash)',
- 'sym' => 'FIPS_crypto_threadid_hash',
- 'type' => 'unsigned long ?',
- 'oldsym' => 'CRYPTO_THREADID_hash'
- },
- 'FIPS_ecdsa_sig_free' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'sig',
- 'type' => 'ECDSA_SIG *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/ecdsa/fips_ecdsa_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements ECDSA_SIG_free)',
- 'sym' => 'FIPS_ecdsa_sig_free',
- 'type' => 'void ?',
- 'oldsym' => 'ECDSA_SIG_free'
- },
- 'FIPS_bn_rand' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rnd',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'bits',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'top',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'bottom',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_rand.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_rand)',
- 'sym' => 'FIPS_bn_rand',
- 'type' => 'int ?',
- 'oldsym' => 'BN_rand'
- },
- 'FIPS_evp_des_ede3_cfb8' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_des3.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_des_ede3_cfb8)',
- 'sym' => 'FIPS_evp_des_ede3_cfb8',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_des_ede3_cfb8'
- },
- 'FIPS_hmac_final' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'HMAC_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'md',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'len',
- 'type' => 'unsigned int *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/hmac/hmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames HMAC_Final)',
- 'sym' => 'FIPS_hmac_final',
- 'type' => '__owur int ?',
- 'oldsym' => 'HMAC_Final'
- },
- 'FIPS_bn_bn2bin' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'to',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_bn2bin)',
- 'sym' => 'FIPS_bn_bn2bin',
- 'type' => 'int ?',
- 'oldsym' => 'BN_bn2bin'
- },
- 'FIPS_bn_bin2bn' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 's',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'len',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ret',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_bin2bn)',
- 'sym' => 'FIPS_bn_bin2bn',
- 'type' => 'BIGNUM *?',
- 'oldsym' => 'BN_bin2bn'
- },
- 'FIPS_evp_aes_192_cfb128' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_192_cfb128)',
- 'sym' => 'FIPS_evp_aes_192_cfb128',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_192_cfb128'
- },
- 'FIPS_ec_group_set_curve_name' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'nid',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_set_curve_name)',
- 'sym' => 'FIPS_ec_group_set_curve_name',
- 'type' => 'void ?',
- 'oldsym' => 'EC_GROUP_set_curve_name'
- },
- 'FIPS_ec_group_new' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'meth',
- 'type' => 'const EC_METHOD *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_new)',
- 'sym' => 'FIPS_ec_group_new',
- 'type' => 'EC_GROUP *?',
- 'oldsym' => 'EC_GROUP_new'
- },
- 'FIPS_rand_pseudo_bytes' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'buf',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'num',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_rand_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements RAND_pseudo_bytes)',
- 'sym' => 'FIPS_rand_pseudo_bytes',
- 'type' => 'int ?',
- 'oldsym' => 'RAND_pseudo_bytes'
- },
- 'FIPS_evp_aes_192_ofb' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_192_ofb)',
- 'sym' => 'FIPS_evp_aes_192_ofb',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_192_ofb'
- },
- 'FIPS_selftest_sha1' => {
- 'params' => [],
- 'objfile' => './fips/sha/fips_sha1_selftest.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_selftest_sha1',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_selftest_sha1'
- },
- 'FIPS_bn_num_bits' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_num_bits)',
- 'sym' => 'FIPS_bn_num_bits',
- 'type' => 'int ?',
- 'oldsym' => 'BN_num_bits'
- },
- 'FIPS_selftest_aes_gcm' => {
- 'params' => [],
- 'objfile' => './fips/aes/fips_aes_selftest.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_selftest_aes_gcm',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_selftest_aes_gcm'
- },
- 'FIPS_ecdsa_verify_ctx' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'EVP_MD_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 's',
- 'type' => 'ECDSA_SIG *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/ecdsa/fips_ecdsa_sign.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_ecdsa_verify_ctx',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_ecdsa_verify_ctx'
- },
- 'FIPS_ec_group_new_curve_gf2m' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'b',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_cvt.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_new_curve_GF2m)',
- 'sym' => 'FIPS_ec_group_new_curve_gf2m',
- 'type' => 'EC_GROUP *?',
- 'oldsym' => 'EC_GROUP_new_curve_GF2m'
- },
- 'FIPS_evp_sha224' => {
- 'params' => [],
- 'objfile' => './crypto/evp/m_sha1.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_sha224)',
- 'sym' => 'FIPS_evp_sha224',
- 'type' => 'const EVP_MD *?',
- 'oldsym' => 'EVP_sha224'
- },
- 'FIPS_malloc' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'num',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'file',
- 'type' => 'const char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'line',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_mem.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements CRYPTO_malloc)',
- 'sym' => 'FIPS_malloc',
- 'type' => 'void *?',
- 'oldsym' => 'CRYPTO_malloc'
- },
- 'FIPS_dsa_sig_new' => {
- 'params' => [],
- 'objfile' => './fips/dsa/fips_dsa_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements DSA_SIG_new)',
- 'sym' => 'FIPS_dsa_sig_new',
- 'type' => 'DSA_SIG * ?',
- 'oldsym' => 'DSA_SIG_new'
- },
- 'FIPS_evp_aes_192_ctr' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_192_ctr)',
- 'sym' => 'FIPS_evp_aes_192_ctr',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_192_ctr'
- },
- 'FIPS_x931_bytes' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'out',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'outlen',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_rand.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_x931_bytes',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_x931_bytes'
- },
- 'FIPS_evp_des_ede_cbc' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_des3.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_des_ede_cbc)',
- 'sym' => 'FIPS_evp_des_ede_cbc',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_des_ede_cbc'
- },
- 'FIPS_selftest_aes_ccm' => {
- 'params' => [],
- 'objfile' => './fips/aes/fips_aes_selftest.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_selftest_aes_ccm',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_selftest_aes_ccm'
- },
- 'FIPS_md_ctx_destroy' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'EVP_MD_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_md.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_MD_CTX_destroy)',
- 'sym' => 'FIPS_md_ctx_destroy',
- 'type' => 'void ?',
- 'oldsym' => 'EVP_MD_CTX_destroy'
- },
- 'FIPS_ec_group_get_curve_gf2m' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'b',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_get_curve_GF2m)',
- 'sym' => 'FIPS_ec_group_get_curve_gf2m',
- 'type' => 'int ?',
- 'oldsym' => 'EC_GROUP_get_curve_GF2m'
- },
- 'FIPS_ec_group_get_curve_name' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_get_curve_name)',
- 'sym' => 'FIPS_ec_group_get_curve_name',
- 'type' => 'int ?',
- 'oldsym' => 'EC_GROUP_get_curve_name'
- },
- 'FIPS_ec_group_set_curve_gf2m' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'b',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_set_curve_GF2m)',
- 'sym' => 'FIPS_ec_group_set_curve_gf2m',
- 'type' => 'int ?',
- 'oldsym' => 'EC_GROUP_set_curve_GF2m'
- },
- 'FIPS_cipher_ctx_copy' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'out',
- 'type' => 'EVP_CIPHER_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'in',
- 'type' => 'const EVP_CIPHER_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_enc.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_CIPHER_CTX_copy)',
- 'sym' => 'FIPS_cipher_ctx_copy',
- 'type' => 'int ?',
- 'oldsym' => 'EVP_CIPHER_CTX_copy'
- },
- 'FIPS_drbg_set_rand_callbacks' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dctx',
- 'type' => 'DRBG_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'get_adin',
- 'type' => 'size_t (*?)(DRBG_CTX *ctx, unsigned char **pout)'
- },
- {
- 'direction' => '<-?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cleanup_adin',
- 'type' => 'void (*?)(DRBG_CTX *ctx, unsigned char *out, size_t olen)'
- },
- {
- 'direction' => '->',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rand_seed_cb',
- 'type' => 'int (*?)(DRBG_CTX *ctx, const void *buf, int num)'
- },
- {
- 'direction' => '->',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rand_add_cb',
- 'type' => 'int (*?)(DRBG_CTX *ctx, const void *buf, int num, double entropy)'
- }
- ],
- 'objfile' => './fips/rand/fips_drbg_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_drbg_set_rand_callbacks',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_drbg_set_rand_callbacks'
- },
- 'FIPS_selftest_rsa' => {
- 'params' => [],
- 'objfile' => './fips/rsa/fips_rsa_selftest.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_selftest_rsa',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_selftest_rsa'
- },
- 'FIPS_ec_group_get_curve_gfp' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'b',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_get_curve_GFp)',
- 'sym' => 'FIPS_ec_group_get_curve_gfp',
- 'type' => 'int ?',
- 'oldsym' => 'EC_GROUP_get_curve_GFp'
- },
- 'FIPS_bn_rand_range' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rnd',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'range',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_rand.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_rand_range)',
- 'sym' => 'FIPS_bn_rand_range',
- 'type' => 'int ?',
- 'oldsym' => 'BN_rand_range'
- },
- 'FIPS_dsa_generate_parameters_ex' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dsa',
- 'type' => 'DSA *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'bits',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'seed',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'seed_len',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'counter_ret',
- 'type' => 'int *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'h_ret',
- 'type' => 'unsigned long *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cb',
- 'type' => 'BN_GENCB *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/dsa/dsa_gen.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames DSA_generate_parameters_ex)',
- 'sym' => 'FIPS_dsa_generate_parameters_ex',
- 'type' => 'int ?',
- 'oldsym' => 'DSA_generate_parameters_ex'
- },
- 'FIPS_rand_get_method' => {
- 'params' => [],
- 'objfile' => './fips/rand/fips_rand_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_rand_get_method',
- 'type' => 'const RAND_METHOD *?',
- 'oldsym' => 'FIPS_rand_get_method'
- },
- 'FIPS_rsa_x931_generate_key_ex' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa',
- 'type' => 'RSA *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'bits',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'e',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cb',
- 'type' => 'BN_GENCB *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/rsa/rsa_x931g.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames RSA_X931_generate_key_ex)',
- 'sym' => 'FIPS_rsa_x931_generate_key_ex',
- 'type' => 'int ?',
- 'oldsym' => 'RSA_X931_generate_key_ex'
- },
- 'FIPS_ec_key_set_asn1_flag' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'eckey',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'asn1_flag',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_set_asn1_flag)',
- 'sym' => 'FIPS_ec_key_set_asn1_flag',
- 'type' => 'void ?',
- 'oldsym' => 'EC_KEY_set_asn1_flag'
- },
- 'FIPS_ec_key_free' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_free)',
- 'sym' => 'FIPS_ec_key_free',
- 'type' => 'void ?',
- 'oldsym' => 'EC_KEY_free'
- },
- 'FIPS_put_error' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'lib',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'func',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'reason',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'file',
- 'type' => 'const char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'line',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_err.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements ERR_put_error)',
- 'sym' => 'FIPS_put_error',
- 'type' => 'void ?',
- 'oldsym' => 'ERR_put_error'
- },
- 'FIPS_get_timevec' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'buf',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'pctr',
- 'type' => 'unsigned long *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_rand.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_get_timevec',
- 'type' => 'void ?',
- 'oldsym' => 'FIPS_get_timevec'
- },
- 'FIPS_dsa_verify_ctx' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dsa',
- 'type' => 'DSA *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'EVP_MD_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 's',
- 'type' => 'DSA_SIG *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/dsa/fips_dsa_sign.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_dsa_verify_ctx',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_dsa_verify_ctx'
- },
- 'FIPS_cmac_update' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'CMAC_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'data',
- 'type' => 'const void *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dlen',
- 'type' => 'size_t ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/cmac/cmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CMAC_Update)',
- 'sym' => 'FIPS_cmac_update',
- 'type' => 'int ?',
- 'oldsym' => 'CMAC_Update'
- },
- 'FIPS_ec_key_set_flags' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'flags',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_set_flags)',
- 'sym' => 'FIPS_ec_key_set_flags',
- 'type' => 'void ?',
- 'oldsym' => 'EC_KEY_set_flags'
- },
- 'FIPS_set_locking_callbacks' => {
- 'params' => [
- {
- 'direction' => '->',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'func',
- 'type' => 'void (*?)(int mode, int type, const char *file,int line)'
- },
- {
- 'direction' => '->',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'add_cb',
- 'type' => 'int (*?)(int *pointer, int amount, int type, const char *file, int line)'
- }
- ],
- 'objfile' => './fips/utl/fips_lck.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_set_locking_callbacks',
- 'type' => 'void ?',
- 'oldsym' => 'FIPS_set_locking_callbacks'
- },
- 'FIPS_crypto_threadid_get_callback' => {
- 'params' => [],
- 'objfile' => './crypto/thr_id.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CRYPTO_THREADID_get_callback)',
- 'sym' => 'FIPS_crypto_threadid_get_callback',
- 'type' => 'void (*?)(CRYPTO_THREADID *)',
- 'oldsym' => undef
- },
- 'FIPS_ec_key_up_ref' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_up_ref)',
- 'sym' => 'FIPS_ec_key_up_ref',
- 'type' => 'int ?',
- 'oldsym' => 'EC_KEY_up_ref'
- },
- 'FIPS_evp_sha1' => {
- 'params' => [],
- 'objfile' => './crypto/evp/m_sha1.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_sha1)',
- 'sym' => 'FIPS_evp_sha1',
- 'type' => 'const EVP_MD *?',
- 'oldsym' => 'EVP_sha1'
- },
- 'FIPS_hmac_ctx_copy' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dctx',
- 'type' => 'HMAC_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'sctx',
- 'type' => 'HMAC_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/hmac/hmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames HMAC_CTX_copy)',
- 'sym' => 'FIPS_hmac_ctx_copy',
- 'type' => '__owur int ?',
- 'oldsym' => 'HMAC_CTX_copy'
- },
- 'FIPS_rsa_free' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'r',
- 'type' => 'struct rsa_st *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rsa/fips_rsa_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_rsa_free',
- 'type' => 'void ?',
- 'oldsym' => 'FIPS_rsa_free'
- },
- 'FIPS_ecdh_openssl' => {
- 'params' => [],
- 'objfile' => './crypto/ecdh/ech_ossl.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames ECDH_OpenSSL)',
- 'sym' => 'FIPS_ecdh_openssl',
- 'type' => 'const ECDH_METHOD *?',
- 'oldsym' => 'ECDH_OpenSSL'
- },
- 'FIPS_bn_get_word' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_get_word)',
- 'sym' => 'FIPS_bn_get_word',
- 'type' => 'BN_ULONG ?',
- 'oldsym' => 'BN_get_word'
- },
- 'FIPS_ec_point_get_affine_coordinates_gfp' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p',
- 'type' => 'const EC_POINT *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'x',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'y',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_POINT_get_affine_coordinates_GFp)',
- 'sym' => 'FIPS_ec_point_get_affine_coordinates_gfp',
- 'type' => 'int ?',
- 'oldsym' => 'EC_POINT_get_affine_coordinates_GFp'
- },
- 'FIPS_crypto_thread_id' => {
- 'params' => [],
- 'objfile' => './crypto/thr_id.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CRYPTO_thread_id)',
- 'sym' => 'FIPS_crypto_thread_id',
- 'type' => 'unsigned long ?',
- 'oldsym' => 'CRYPTO_thread_id'
- },
- 'FIPS_ec_group_set_generator' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'generator',
- 'type' => 'const EC_POINT *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'order',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cofactor',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_set_generator)',
- 'sym' => 'FIPS_ec_group_set_generator',
- 'type' => 'int ?',
- 'oldsym' => 'EC_GROUP_set_generator'
- },
- 'FIPS_ec_key_get_flags' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'const EC_KEY *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_get_flags)',
- 'sym' => 'FIPS_ec_key_get_flags',
- 'type' => 'int ?',
- 'oldsym' => 'EC_KEY_get_flags'
- },
- 'FIPS_rsa_verify_digest' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa',
- 'type' => 'struct rsa_st *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dig',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'diglen',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'mhash',
- 'type' => 'const struct env_md_st *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa_pad_mode',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'saltlen',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'mgf1Hash',
- 'type' => 'const struct env_md_st *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'sigbuf',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'siglen',
- 'type' => 'unsigned int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rsa/fips_rsa_sign.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_rsa_verify_digest',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_rsa_verify_digest'
- },
- 'FIPS_digestupdate' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'EVP_MD_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'd',
- 'type' => 'const void *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cnt',
- 'type' => 'size_t ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_md.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_DigestUpdate)',
- 'sym' => 'FIPS_digestupdate',
- 'type' => '__owur int ?',
- 'oldsym' => 'EVP_DigestUpdate'
- },
- 'FIPS_rsa_public_encrypt' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'flen',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'from',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'to',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa',
- 'type' => 'RSA *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'padding',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/rsa/rsa_crpt.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames RSA_public_encrypt)',
- 'sym' => 'FIPS_rsa_public_encrypt',
- 'type' => 'int ?',
- 'oldsym' => 'RSA_public_encrypt'
- },
- 'FIPS_ec_key_new' => {
- 'params' => [],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_new)',
- 'sym' => 'FIPS_ec_key_new',
- 'type' => 'EC_KEY *?',
- 'oldsym' => 'EC_KEY_new'
- },
- 'FIPS_ec_group_get_degree' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_get_degree)',
- 'sym' => 'FIPS_ec_group_get_degree',
- 'type' => 'int ?',
- 'oldsym' => 'EC_GROUP_get_degree'
- },
- 'FIPS_rand_bytes' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'buf',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'num',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_rand_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements RAND_bytes)',
- 'sym' => 'FIPS_rand_bytes',
- 'type' => 'int ?',
- 'oldsym' => 'RAND_bytes'
- },
- 'FIPS_evp_des_ede_ofb' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_des3.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_des_ede_ofb)',
- 'sym' => 'FIPS_evp_des_ede_ofb',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_des_ede_ofb'
- },
- 'FIPS_bn_x931_generate_xpq' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'Xp',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'Xq',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'nbits',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_x931p.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_X931_generate_Xpq)',
- 'sym' => 'FIPS_bn_x931_generate_xpq',
- 'type' => 'int ?',
- 'oldsym' => 'BN_X931_generate_Xpq'
- },
- 'FIPS_x931_test_mode' => {
- 'params' => [],
- 'objfile' => './fips/rand/fips_rand.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_x931_test_mode',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_x931_test_mode'
- },
- 'FIPS_md_ctx_init' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'EVP_MD_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_md.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_MD_CTX_init)',
- 'sym' => 'FIPS_md_ctx_init',
- 'type' => 'void ?',
- 'oldsym' => 'EVP_MD_CTX_init'
- },
- 'FIPS_selftest_check' => {
- 'params' => [],
- 'objfile' => './fips/fips.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_selftest_check',
- 'type' => 'void ?',
- 'oldsym' => 'FIPS_selftest_check'
- },
- 'FIPS_text_start' => {
- 'params' => [],
- 'objfile' => './fips/fips_start.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_text_start',
- 'type' => 'void *?',
- 'oldsym' => 'FIPS_text_start'
- },
- 'FIPS_rsa_private_decrypt' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'flen',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'from',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'to',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa',
- 'type' => 'RSA *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'padding',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/rsa/rsa_crpt.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames RSA_private_decrypt)',
- 'sym' => 'FIPS_rsa_private_decrypt',
- 'type' => 'int ?',
- 'oldsym' => 'RSA_private_decrypt'
- },
- 'FIPS_evp_des_ede_cfb64' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_des3.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_des_ede_cfb64)',
- 'sym' => 'FIPS_evp_des_ede_cfb64',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_des_ede_cfb64'
- },
- 'FIPS_des_check_key_parity' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'const_DES_cblock *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/des/set_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames DES_check_key_parity)',
- 'sym' => 'FIPS_des_check_key_parity',
- 'type' => 'int ?',
- 'oldsym' => 'DES_check_key_parity'
- },
- 'FIPS_dh_check_pub_key' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dh',
- 'type' => 'const DH *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'pub_key',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'codes',
- 'type' => 'int *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/dh/dh_check.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames DH_check_pub_key)',
- 'sym' => 'FIPS_dh_check_pub_key',
- 'type' => 'int ?',
- 'oldsym' => 'DH_check_pub_key'
- },
- 'FIPS_cmac_resume' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'CMAC_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/cmac/cmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CMAC_resume)',
- 'sym' => 'FIPS_cmac_resume',
- 'type' => 'int ?',
- 'oldsym' => 'CMAC_resume'
- },
- 'FIPS_evp_des_ede' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_des3.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_des_ede)',
- 'sym' => 'FIPS_evp_des_ede',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_des_ede'
- },
- 'FIPS_evp_aes_192_gcm' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_192_gcm)',
- 'sym' => 'FIPS_evp_aes_192_gcm',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_192_gcm'
- },
- 'FIPS_evp_aes_128_cbc' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_128_cbc)',
- 'sym' => 'FIPS_evp_aes_128_cbc',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_128_cbc'
- },
- 'FIPS_ec_key_get0_public_key' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'const EC_KEY *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_get0_public_key)',
- 'sym' => 'FIPS_ec_key_get0_public_key',
- 'type' => 'const EC_POINT *?',
- 'oldsym' => 'EC_KEY_get0_public_key'
- },
- 'FIPS_cmac_ctx_new' => {
- 'params' => [],
- 'objfile' => './crypto/cmac/cmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CMAC_CTX_new)',
- 'sym' => 'FIPS_cmac_ctx_new',
- 'type' => 'CMAC_CTX *?',
- 'oldsym' => 'CMAC_CTX_new'
- },
- 'FIPS_ec_group_new_by_curve_name' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'nid',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_curve.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_new_by_curve_name)',
- 'sym' => 'FIPS_ec_group_new_by_curve_name',
- 'type' => 'EC_GROUP *?',
- 'oldsym' => 'EC_GROUP_new_by_curve_name'
- },
- 'FIPS_ec_point_get_jprojective_coordinates_gfp' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p',
- 'type' => 'const EC_POINT *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'x',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'y',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'z',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_POINT_get_Jprojective_coordinates_GFp)',
- 'sym' => 'FIPS_ec_point_get_jprojective_coordinates_gfp',
- 'type' => 'int ?',
- 'oldsym' => 'EC_POINT_get_Jprojective_coordinates_GFp'
- },
- 'FIPS_rsa_blinding_on' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa',
- 'type' => 'RSA *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/rsa/rsa_crpt.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames RSA_blinding_on)',
- 'sym' => 'FIPS_rsa_blinding_on',
- 'type' => 'int ?',
- 'oldsym' => 'RSA_blinding_on'
- },
- 'FIPS_ec_key_set_group' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_set_group)',
- 'sym' => 'FIPS_ec_key_set_group',
- 'type' => 'int ?',
- 'oldsym' => 'EC_KEY_set_group'
- },
- 'FIPS_openssl_showfatal' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'fmta',
- 'type' => 'const char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => '...',
- 'type' => '?'
- }
- ],
- 'objfile' => './crypto/cryptlib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames OPENSSL_showfatal)',
- 'sym' => 'FIPS_openssl_showfatal',
- 'type' => 'void ?',
- 'oldsym' => 'OPENSSL_showfatal'
- },
- 'FIPS_dsa_generate_key' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'DSA *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/dsa/dsa_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames DSA_generate_key)',
- 'sym' => 'FIPS_dsa_generate_key',
- 'type' => 'int ?',
- 'oldsym' => 'DSA_generate_key'
- },
- 'FIPS_crypto_threadid_set_callback' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'threadid_func',
- 'type' => 'void (*?)(CRYPTO_THREADID *)'
- }
- ],
- 'objfile' => './crypto/thr_id.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CRYPTO_THREADID_set_callback)',
- 'sym' => 'FIPS_crypto_threadid_set_callback',
- 'type' => 'int ?',
- 'oldsym' => 'CRYPTO_THREADID_set_callback'
- },
- 'FIPS_selftest_x931' => {
- 'params' => [],
- 'objfile' => './fips/rand/fips_rand_selftest.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_selftest_x931',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_selftest_x931'
- },
- 'FIPS_bn_is_prime_ex' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'nchecks',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cb',
- 'type' => 'BN_GENCB *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_prime.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_is_prime_ex)',
- 'sym' => 'FIPS_bn_is_prime_ex',
- 'type' => 'int ?',
- 'oldsym' => 'BN_is_prime_ex'
- },
- 'FIPS_rsa_public_decrypt' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'flen',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'from',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'to',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa',
- 'type' => 'RSA *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'padding',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/rsa/rsa_crpt.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames RSA_public_decrypt)',
- 'sym' => 'FIPS_rsa_public_decrypt',
- 'type' => 'int ?',
- 'oldsym' => 'RSA_public_decrypt'
- },
- 'FIPS_openssldie' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'file',
- 'type' => 'const char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'line',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'assertion',
- 'type' => 'const char *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/cryptlib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames OpenSSLDie)',
- 'sym' => 'FIPS_openssldie',
- 'type' => 'void ?',
- 'oldsym' => 'OpenSSLDie'
- },
- 'FIPS_dh_compute_key_padded' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'pub_key',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dh',
- 'type' => 'DH *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/dh/dh_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames DH_compute_key_padded)',
- 'sym' => 'FIPS_dh_compute_key_padded',
- 'type' => 'int ?',
- 'oldsym' => 'DH_compute_key_padded'
- },
- 'FIPS_evp_aes_128_cfb128' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_128_cfb128)',
- 'sym' => 'FIPS_evp_aes_128_cfb128',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_128_cfb128'
- },
- 'FIPS_bn_is_bit_set' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'n',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_is_bit_set)',
- 'sym' => 'FIPS_bn_is_bit_set',
- 'type' => 'int ?',
- 'oldsym' => 'BN_is_bit_set'
- },
- 'FIPS_ec_point_clear_free' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'point',
- 'type' => 'EC_POINT *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_POINT_clear_free)',
- 'sym' => 'FIPS_ec_point_clear_free',
- 'type' => 'void ?',
- 'oldsym' => 'EC_POINT_clear_free'
- },
- 'FIPS_evp_des_ede3_cfb64' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_des3.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_des_ede3_cfb64)',
- 'sym' => 'FIPS_evp_des_ede3_cfb64',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_des_ede3_cfb64'
- },
- 'FIPS_rsa_x931_derive_ex' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa',
- 'type' => 'RSA *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p1',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p2',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'q1',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'q2',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'Xp1',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'Xp2',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'Xp',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'Xq1',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'Xq2',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'Xq',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'e',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cb',
- 'type' => 'BN_GENCB *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/rsa/rsa_x931g.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames RSA_X931_derive_ex)',
- 'sym' => 'FIPS_rsa_x931_derive_ex',
- 'type' => 'int ?',
- 'oldsym' => 'RSA_X931_derive_ex'
- },
- 'FIPS_ec_method_get_field_type' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'meth',
- 'type' => 'const EC_METHOD *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_METHOD_get_field_type)',
- 'sym' => 'FIPS_ec_method_get_field_type',
- 'type' => 'int ?',
- 'oldsym' => 'EC_METHOD_get_field_type'
- },
- 'FIPS_evp_sha384' => {
- 'params' => [],
- 'objfile' => './crypto/evp/m_sha1.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_sha384)',
- 'sym' => 'FIPS_evp_sha384',
- 'type' => 'const EVP_MD *?',
- 'oldsym' => 'EVP_sha384'
- },
- 'FIPS_dh_new' => {
- 'params' => [],
- 'objfile' => './fips/dh/fips_dh_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_dh_new',
- 'type' => 'DH * ?',
- 'oldsym' => 'FIPS_dh_new'
- },
- 'FIPS_ec_group_get0_generator' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_get0_generator)',
- 'sym' => 'FIPS_ec_group_get0_generator',
- 'type' => 'const EC_POINT *?',
- 'oldsym' => 'EC_GROUP_get0_generator'
- },
- 'FIPS_hmac_ctx_init' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'HMAC_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/hmac/hmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames HMAC_CTX_init)',
- 'sym' => 'FIPS_hmac_ctx_init',
- 'type' => 'void ?',
- 'oldsym' => 'HMAC_CTX_init'
- },
- 'FIPS_cipher_ctx_free' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'EVP_CIPHER_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_enc.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_CIPHER_CTX_free)',
- 'sym' => 'FIPS_cipher_ctx_free',
- 'type' => 'void ?',
- 'oldsym' => 'EVP_CIPHER_CTX_free'
- },
- 'FIPS_ec_key_get0_group' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'const EC_KEY *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_get0_group)',
- 'sym' => 'FIPS_ec_key_get0_group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => 'EC_KEY_get0_group'
- },
- 'FIPS_crypto_threadid_set_numeric' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'id',
- 'type' => 'CRYPTO_THREADID *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'val',
- 'type' => 'unsigned long ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/thr_id.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CRYPTO_THREADID_set_numeric)',
- 'sym' => 'FIPS_crypto_threadid_set_numeric',
- 'type' => 'void ?',
- 'oldsym' => 'CRYPTO_THREADID_set_numeric'
- },
- 'FIPS_evp_dss1' => {
- 'params' => [],
- 'objfile' => './crypto/evp/m_dss1.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_dss1)',
- 'sym' => 'FIPS_evp_dss1',
- 'type' => 'const EVP_MD *?',
- 'oldsym' => 'EVP_dss1'
- },
- 'FIPS_ec_point_is_at_infinity' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p',
- 'type' => 'const EC_POINT *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_POINT_is_at_infinity)',
- 'sym' => 'FIPS_ec_point_is_at_infinity',
- 'type' => 'int ?',
- 'oldsym' => 'EC_POINT_is_at_infinity'
- },
- 'FIPS_ec_key_set_public_key' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'pub',
- 'type' => 'const EC_POINT *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_set_public_key)',
- 'sym' => 'FIPS_ec_key_set_public_key',
- 'type' => 'int ?',
- 'oldsym' => 'EC_KEY_set_public_key'
- },
- 'FIPS_ec_group_get_cofactor' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cofactor',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_get_cofactor)',
- 'sym' => 'FIPS_ec_group_get_cofactor',
- 'type' => 'int ?',
- 'oldsym' => 'EC_GROUP_get_cofactor'
- },
- 'FIPS_evp_aes_256_gcm' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_256_gcm)',
- 'sym' => 'FIPS_evp_aes_256_gcm',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_256_gcm'
- },
- 'FIPS_evp_aes_128_ccm' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_128_ccm)',
- 'sym' => 'FIPS_evp_aes_128_ccm',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_128_ccm'
- },
- 'FIPS_ec_group_get0_seed' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'x',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_get0_seed)',
- 'sym' => 'FIPS_ec_group_get0_seed',
- 'type' => 'unsigned char *?',
- 'oldsym' => 'EC_GROUP_get0_seed'
- },
- 'FIPS_selftest_aes' => {
- 'params' => [],
- 'objfile' => './fips/aes/fips_aes_selftest.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_selftest_aes',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_selftest_aes'
- },
- 'FIPS_drbg_get_strength' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dctx',
- 'type' => 'DRBG_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_drbg_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_drbg_get_strength',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_drbg_get_strength'
- },
- 'FIPS_drbg_get_blocklength' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dctx',
- 'type' => 'DRBG_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_drbg_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_drbg_get_blocklength',
- 'type' => 'size_t ?',
- 'oldsym' => 'FIPS_drbg_get_blocklength'
- },
- 'FIPS_rsa_sign_digest' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa',
- 'type' => 'struct rsa_st *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'md',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'md_len',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'mhash',
- 'type' => 'const struct env_md_st *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa_pad_mode',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'saltlen',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'mgf1Hash',
- 'type' => 'const struct env_md_st *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'sigret',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'siglen',
- 'type' => 'unsigned int *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rsa/fips_rsa_sign.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_rsa_sign_digest',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_rsa_sign_digest'
- },
- 'FIPS_ec_key_set_public_key_affine_coordinates' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'x',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'y',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_set_public_key_affine_coordinates)',
- 'sym' => 'FIPS_ec_key_set_public_key_affine_coordinates',
- 'type' => 'int ?',
- 'oldsym' => 'EC_KEY_set_public_key_affine_coordinates'
- },
- 'FIPS_selftest_hmac' => {
- 'params' => [],
- 'objfile' => './fips/hmac/fips_hmac_selftest.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_selftest_hmac',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_selftest_hmac'
- },
- 'FIPS_evp_des_ede3' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_des3.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_des_ede3)',
- 'sym' => 'FIPS_evp_des_ede3',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_des_ede3'
- },
- 'FIPS_ecdsa_openssl' => {
- 'params' => [],
- 'objfile' => './crypto/ecdsa/ecs_ossl.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames ECDSA_OpenSSL)',
- 'sym' => 'FIPS_ecdsa_openssl',
- 'type' => 'const ECDSA_METHOD *?',
- 'oldsym' => 'ECDSA_OpenSSL'
- },
- 'FIPS_ec_get_builtin_curves' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'r',
- 'type' => 'EC_builtin_curve *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'nitems',
- 'type' => 'size_t ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_curve.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_get_builtin_curves)',
- 'sym' => 'FIPS_ec_get_builtin_curves',
- 'type' => 'size_t ?',
- 'oldsym' => 'EC_get_builtin_curves'
- },
- 'FIPS_module_version' => {
- 'params' => [],
- 'objfile' => './fips/fips.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_module_version',
- 'type' => 'unsigned long ?',
- 'oldsym' => 'FIPS_module_version'
- },
- 'FIPS_free' => {
- 'params' => [
- {
- 'objfile' => undef,
- 'direction' => '<-? <->?',
- 'kind' => 0,
- 'sym' => 'ptr',
- 'oldsym' => undef,
- 'type' => 'void *?'
- }
- ],
- 'objfile' => './fips/utl/fips_mem.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements CRYPTO_free)',
- 'sym' => 'FIPS_free',
- 'type' => 'void ?',
- 'oldsym' => 'CRYPTO_free'
- },
- 'FIPS_rand_status' => {
- 'params' => [],
- 'objfile' => './fips/rand/fips_rand_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements RAND_status)',
- 'sym' => 'FIPS_rand_status',
- 'type' => 'int ?',
- 'oldsym' => 'RAND_status'
- },
- 'FIPS_bn_x931_derive_prime_ex' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p1',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p2',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'Xp',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'Xp1',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'Xp2',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'e',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cb',
- 'type' => 'BN_GENCB *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_x931p.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_X931_derive_prime_ex)',
- 'sym' => 'FIPS_bn_x931_derive_prime_ex',
- 'type' => 'int ?',
- 'oldsym' => 'BN_X931_derive_prime_ex'
- },
- 'FIPS_ecdsa_sig_new' => {
- 'params' => [],
- 'objfile' => './fips/ecdsa/fips_ecdsa_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements ECDSA_SIG_new)',
- 'sym' => 'FIPS_ecdsa_sig_new',
- 'type' => 'ECDSA_SIG *?',
- 'oldsym' => 'ECDSA_SIG_new'
- },
- 'FIPS_ecdsa_verify_digest' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dig',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dlen',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 's',
- 'type' => 'ECDSA_SIG *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ecdsa/ecs_ossl.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_ecdsa_verify_digest',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_ecdsa_verify_digest'
- },
- 'FIPS_cmac_init' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'CMAC_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'const void *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'keylen',
- 'type' => 'size_t ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cipher',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'impl',
- 'type' => 'ENGINE *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/cmac/cmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CMAC_Init)',
- 'sym' => 'FIPS_cmac_init',
- 'type' => 'int ?',
- 'oldsym' => 'CMAC_Init'
- },
- 'FIPS_ec_key_dup' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'src',
- 'type' => 'const EC_KEY *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_dup)',
- 'sym' => 'FIPS_ec_key_dup',
- 'type' => 'EC_KEY *?',
- 'oldsym' => 'EC_KEY_dup'
- },
- 'FIPS_dh_openssl' => {
- 'params' => [],
- 'objfile' => './crypto/dh/dh_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames DH_OpenSSL)',
- 'sym' => 'FIPS_dh_openssl',
- 'type' => 'const DH_METHOD *?',
- 'oldsym' => 'DH_OpenSSL'
- },
- 'FIPS_hmac_init_ex' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'HMAC_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'const void *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'len',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'md',
- 'type' => 'const EVP_MD *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'impl',
- 'type' => 'ENGINE *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/hmac/hmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames HMAC_Init_ex)',
- 'sym' => 'FIPS_hmac_init_ex',
- 'type' => '__owur int ?',
- 'oldsym' => 'HMAC_Init_ex'
- },
- 'FIPS_evp_des_ede3_cbc' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_des3.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_des_ede3_cbc)',
- 'sym' => 'FIPS_evp_des_ede3_cbc',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_des_ede3_cbc'
- },
- 'FIPS_rand_seed' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'buf',
- 'type' => 'const void *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'num',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_rand_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements RAND_seed)',
- 'sym' => 'FIPS_rand_seed',
- 'type' => 'void ?',
- 'oldsym' => 'RAND_seed'
- },
- 'FIPS_md_ctx_create' => {
- 'params' => [],
- 'objfile' => './fips/utl/fips_md.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_MD_CTX_create)',
- 'sym' => 'FIPS_md_ctx_create',
- 'type' => 'EVP_MD_CTX *?',
- 'oldsym' => 'EVP_MD_CTX_create'
- },
- 'FIPS_cipherinit' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'EVP_CIPHER_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cipher',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'iv',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'enc',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_enc.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_CipherInit)',
- 'sym' => 'FIPS_cipherinit',
- 'type' => '__owur int ?',
- 'oldsym' => 'EVP_CipherInit'
- },
- 'FIPS_check_incore_fingerprint' => {
- 'params' => [],
- 'objfile' => './fips/fips.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_check_incore_fingerprint',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_check_incore_fingerprint'
- },
- 'FIPS_evp_sha512' => {
- 'params' => [],
- 'objfile' => './crypto/evp/m_sha1.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_sha512)',
- 'sym' => 'FIPS_evp_sha512',
- 'type' => 'const EVP_MD *?',
- 'oldsym' => 'EVP_sha512'
- },
- 'FIPS_ec_key_insert_key_method_data' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'data',
- 'type' => 'void *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dup_func',
- 'type' => 'void *(*?)(void *)'
- },
- {
- 'direction' => '<-? <->?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'free_func',
- 'type' => 'void (*?)(void *)'
- },
- {
- 'direction' => '<-? <->?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'clear_free_func',
- 'type' => 'void (*?)(void *)'
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_insert_key_method_data)',
- 'sym' => 'FIPS_ec_key_insert_key_method_data',
- 'type' => 'void ?',
- 'oldsym' => 'EC_KEY_insert_key_method_data'
- },
- 'FIPS_hmac_ctx_cleanup' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'HMAC_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/hmac/hmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames HMAC_CTX_cleanup)',
- 'sym' => 'FIPS_hmac_ctx_cleanup',
- 'type' => 'void ?',
- 'oldsym' => 'HMAC_CTX_cleanup'
- },
- 'FIPS_drbg_set_callbacks' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dctx',
- 'type' => 'DRBG_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'get_entropy',
- 'type' => 'size_t (*?)(DRBG_CTX *ctx, unsigned char **pout, int entropy, size_t min_len, size_t max_len)'
- },
- {
- 'direction' => '<-?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cleanup_entropy',
- 'type' => 'void (*?)(DRBG_CTX *ctx, unsigned char *out, size_t olen)'
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'entropy_blocklen',
- 'type' => 'size_t ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'get_nonce',
- 'type' => 'size_t (*?)(DRBG_CTX *ctx, unsigned char **pout, int entropy, size_t min_len, size_t max_len)'
- },
- {
- 'direction' => '<-?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cleanup_nonce',
- 'type' => 'void (*?)(DRBG_CTX *ctx, unsigned char *out, size_t olen)'
- }
- ],
- 'objfile' => './fips/rand/fips_drbg_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_drbg_set_callbacks',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_drbg_set_callbacks'
- },
- 'FIPS_ec_group_new_curve_gfp' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'b',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_cvt.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_new_curve_GFp)',
- 'sym' => 'FIPS_ec_group_new_curve_gfp',
- 'type' => 'EC_GROUP *?',
- 'oldsym' => 'EC_GROUP_new_curve_GFp'
- },
- 'FIPS_ec_point_is_on_curve' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'point',
- 'type' => 'const EC_POINT *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_POINT_is_on_curve)',
- 'sym' => 'FIPS_ec_point_is_on_curve',
- 'type' => 'int ?',
- 'oldsym' => 'EC_POINT_is_on_curve'
- },
- 'FIPS_hmac_update' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'HMAC_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'data',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'len',
- 'type' => 'size_t ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/hmac/hmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames HMAC_Update)',
- 'sym' => 'FIPS_hmac_update',
- 'type' => '__owur int ?',
- 'oldsym' => 'HMAC_Update'
- },
- 'FIPS_cmac_ctx_copy' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'out',
- 'type' => 'CMAC_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'in',
- 'type' => 'const CMAC_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/cmac/cmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CMAC_CTX_copy)',
- 'sym' => 'FIPS_cmac_ctx_copy',
- 'type' => 'int ?',
- 'oldsym' => 'CMAC_CTX_copy'
- },
- 'FIPS_get_digestbynid' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'nid',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_md.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_get_digestbynid',
- 'type' => 'const struct env_md_st *?',
- 'oldsym' => 'FIPS_get_digestbynid'
- },
- 'FIPS_ec_point_new' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_POINT_new)',
- 'sym' => 'FIPS_ec_point_new',
- 'type' => 'EC_POINT *?',
- 'oldsym' => 'EC_POINT_new'
- },
- 'FIPS_evp_aes_256_cfb128' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_256_cfb128)',
- 'sym' => 'FIPS_evp_aes_256_cfb128',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_256_cfb128'
- },
- 'FIPS_evp_aes_192_cfb1' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_192_cfb1)',
- 'sym' => 'FIPS_evp_aes_192_cfb1',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_192_cfb1'
- },
- 'FIPS_evp_des_ede3_cfb1' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_des3.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_des_ede3_cfb1)',
- 'sym' => 'FIPS_evp_des_ede3_cfb1',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_des_ede3_cfb1'
- },
- 'FIPS_dsa_openssl' => {
- 'params' => [],
- 'objfile' => './crypto/dsa/dsa_ossl.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames DSA_OpenSSL)',
- 'sym' => 'FIPS_dsa_openssl',
- 'type' => 'const DSA_METHOD *?',
- 'oldsym' => 'DSA_OpenSSL'
- },
- 'FIPS_drbg_get_app_data' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'DRBG_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_drbg_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_drbg_get_app_data',
- 'type' => 'void *?',
- 'oldsym' => 'FIPS_drbg_get_app_data'
- },
- 'FIPS_ec_key_check_key' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'const EC_KEY *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_check_key)',
- 'sym' => 'FIPS_ec_key_check_key',
- 'type' => 'int ?',
- 'oldsym' => 'EC_KEY_check_key'
- },
- 'FIPS_drbg_new' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'type',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'flags',
- 'type' => 'unsigned int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_drbg_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_drbg_new',
- 'type' => 'DRBG_CTX *?',
- 'oldsym' => 'FIPS_drbg_new'
- },
- 'FIPS_dsa_verify_digest' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dsa',
- 'type' => 'DSA *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dig',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dlen',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 's',
- 'type' => 'DSA_SIG *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/dsa/fips_dsa_sign.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_dsa_verify_digest',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_dsa_verify_digest'
- },
- 'FIPS_module_version_text' => {
- 'params' => [],
- 'objfile' => './fips/fips.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_module_version_text',
- 'type' => 'const char *?',
- 'oldsym' => 'FIPS_module_version_text'
- },
- 'FIPS_evp_aes_128_ecb' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_128_ecb)',
- 'sym' => 'FIPS_evp_aes_128_ecb',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_128_ecb'
- },
- 'FIPS_ec_points_make_affine' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'num',
- 'type' => 'size_t ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'points',
- 'type' => 'EC_POINT *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_POINTs_make_affine)',
- 'sym' => 'FIPS_ec_points_make_affine',
- 'type' => 'int ?',
- 'oldsym' => 'EC_POINTs_make_affine'
- },
- 'FIPS_cmac_ctx_cleanup' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'CMAC_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/cmac/cmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CMAC_CTX_cleanup)',
- 'sym' => 'FIPS_cmac_ctx_cleanup',
- 'type' => 'void ?',
- 'oldsym' => 'CMAC_CTX_cleanup'
- },
- 'FIPS_ec_group_get_order' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'order',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_get_order)',
- 'sym' => 'FIPS_ec_group_get_order',
- 'type' => 'int ?',
- 'oldsym' => 'EC_GROUP_get_order'
- },
- 'FIPS_hmac_init' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'HMAC_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'const void *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'len',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'md',
- 'type' => 'const EVP_MD *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/hmac/hmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames HMAC_Init)',
- 'sym' => 'FIPS_hmac_init',
- 'type' => '__owur int ?',
- 'oldsym' => 'HMAC_Init'
- },
- 'FIPS_evp_des_ede3_ecb' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_des3.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_des_ede3_ecb)',
- 'sym' => 'FIPS_evp_des_ede3_ecb',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_des_ede3_ecb'
- },
- 'FIPS_cmac_ctx_free' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'CMAC_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/cmac/cmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CMAC_CTX_free)',
- 'sym' => 'FIPS_cmac_ctx_free',
- 'type' => 'void ?',
- 'oldsym' => 'CMAC_CTX_free'
- },
- 'FIPS_rsa_sign_ctx' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa',
- 'type' => 'struct rsa_st *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'struct env_md_ctx_st *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa_pad_mode',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'saltlen',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'mgf1Hash',
- 'type' => 'const struct env_md_st *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'sigret',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'siglen',
- 'type' => 'unsigned int *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rsa/fips_rsa_sign.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_rsa_sign_ctx',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_rsa_sign_ctx'
- },
- 'FIPS_ec_key_get_enc_flags' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'const EC_KEY *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_get_enc_flags)',
- 'sym' => 'FIPS_ec_key_get_enc_flags',
- 'type' => 'unsigned ?',
- 'oldsym' => 'EC_KEY_get_enc_flags'
- },
- 'FIPS_rsa_verify_ctx' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa',
- 'type' => 'struct rsa_st *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'struct env_md_ctx_st *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa_pad_mode',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'saltlen',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'mgf1Hash',
- 'type' => 'const struct env_md_st *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'sigbuf',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'siglen',
- 'type' => 'unsigned int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rsa/fips_rsa_sign.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_rsa_verify_ctx',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_rsa_verify_ctx'
- },
- 'FIPS_get_default_drbg' => {
- 'params' => [],
- 'objfile' => './fips/rand/fips_drbg_rand.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_get_default_drbg',
- 'type' => 'DRBG_CTX *?',
- 'oldsym' => 'FIPS_get_default_drbg'
- },
- 'FIPS_dsa_new' => {
- 'params' => [],
- 'objfile' => './fips/dsa/fips_dsa_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_dsa_new',
- 'type' => 'DSA * ?',
- 'oldsym' => 'FIPS_dsa_new'
- },
- 'FIPS_x931_set_dt' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dt',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_rand.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_x931_set_dt',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_x931_set_dt'
- },
- 'FIPS_drbg_set_app_data' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'DRBG_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'app_data',
- 'type' => 'void *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_drbg_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_drbg_set_app_data',
- 'type' => 'void ?',
- 'oldsym' => 'FIPS_drbg_set_app_data'
- },
- 'FIPS_evp_dss' => {
- 'params' => [],
- 'objfile' => './crypto/evp/m_dss.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_dss)',
- 'sym' => 'FIPS_evp_dss',
- 'type' => 'const EVP_MD *?',
- 'oldsym' => 'EVP_dss'
- },
- 'FIPS_ec_key_set_conv_form' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'eckey',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cform',
- 'type' => 'point_conversion_form_t ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_set_conv_form)',
- 'sym' => 'FIPS_ec_key_set_conv_form',
- 'type' => 'void ?',
- 'oldsym' => 'EC_KEY_set_conv_form'
- },
- 'FIPS_drbg_free' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dctx',
- 'type' => 'DRBG_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_drbg_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_drbg_free',
- 'type' => 'void ?',
- 'oldsym' => 'FIPS_drbg_free'
- },
- 'FIPS_x931_stick' => {
- 'params' => [],
- 'objfile' => './fips/rand/fips_rand.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_x931_stick',
- 'type' => 'void ?',
- 'oldsym' => 'FIPS_x931_stick'
- },
- 'FIPS_selftest_failed' => {
- 'params' => [],
- 'objfile' => './fips/fips.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_selftest_failed',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_selftest_failed'
- },
- 'FIPS_rsa_size' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa',
- 'type' => 'const RSA *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/rsa/rsa_crpt.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames RSA_size)',
- 'sym' => 'FIPS_rsa_size',
- 'type' => 'int ?',
- 'oldsym' => 'RSA_size'
- },
- 'FIPS_ecdh_compute_key' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'out',
- 'type' => 'void *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'outlen',
- 'type' => 'size_t ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'pub_key',
- 'type' => 'const EC_POINT *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ecdh',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'KDF',
- 'type' => 'void *(*?)(const void *in, size_t inlen, void *out, size_t *outlen)'
- }
- ],
- 'objfile' => './crypto/ecdh/ech_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames ECDH_compute_key)',
- 'sym' => 'FIPS_ecdh_compute_key',
- 'type' => 'int ?',
- 'oldsym' => 'ECDH_compute_key'
- },
- 'FIPS_dh_free' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dh',
- 'type' => 'DH *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/dh/fips_dh_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_dh_free',
- 'type' => 'void ?',
- 'oldsym' => 'FIPS_dh_free'
- },
- 'FIPS_bn_clear_free' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_clear_free)',
- 'sym' => 'FIPS_bn_clear_free',
- 'type' => 'void ?',
- 'oldsym' => 'BN_clear_free'
- },
- 'FIPS_rsa_generate_key_ex' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa',
- 'type' => 'RSA *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'bits',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'e',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cb',
- 'type' => 'BN_GENCB *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/rsa/rsa_gen.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames RSA_generate_key_ex)',
- 'sym' => 'FIPS_rsa_generate_key_ex',
- 'type' => 'int ?',
- 'oldsym' => 'RSA_generate_key_ex'
- },
- 'FIPS_rand_set_bits' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'nbits',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_rand_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_rand_set_bits',
- 'type' => 'void ?',
- 'oldsym' => 'FIPS_rand_set_bits'
- },
- 'FIPS_bn_generate_prime_ex' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ret',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'bits',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'safe',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'add',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rem',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cb',
- 'type' => 'BN_GENCB *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_prime.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_generate_prime_ex)',
- 'sym' => 'FIPS_bn_generate_prime_ex',
- 'type' => 'int ?',
- 'oldsym' => 'BN_generate_prime_ex'
- },
- 'FIPS_evp_des_ede3_ofb' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_des3.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_des_ede3_ofb)',
- 'sym' => 'FIPS_evp_des_ede3_ofb',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_des_ede3_ofb'
- },
- 'FIPS_ec_group_precompute_mult' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_precompute_mult)',
- 'sym' => 'FIPS_ec_group_precompute_mult',
- 'type' => 'int ?',
- 'oldsym' => 'EC_GROUP_precompute_mult'
- },
- 'FIPS_rsa_blinding_off' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rsa',
- 'type' => 'RSA *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/rsa/rsa_crpt.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames RSA_blinding_off)',
- 'sym' => 'FIPS_rsa_blinding_off',
- 'type' => 'void ?',
- 'oldsym' => 'RSA_blinding_off'
- },
- 'FIPS_selftest_dsa' => {
- 'params' => [],
- 'objfile' => './fips/dsa/fips_dsa_selftest.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_selftest_dsa',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_selftest_dsa'
- },
- 'FIPS_crypto_get_id_callback' => {
- 'params' => [],
- 'objfile' => './crypto/thr_id.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CRYPTO_get_id_callback)',
- 'sym' => 'FIPS_crypto_get_id_callback',
- 'type' => 'unsigned long (*?)(void)',
- 'oldsym' => undef
- },
- 'FIPS_hmac_ctx_set_flags' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'HMAC_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'flags',
- 'type' => 'unsigned long ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/hmac/hmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames HMAC_CTX_set_flags)',
- 'sym' => 'FIPS_hmac_ctx_set_flags',
- 'type' => 'void ?',
- 'oldsym' => 'HMAC_CTX_set_flags'
- },
- 'FIPS_evp_aes_256_cfb1' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_256_cfb1)',
- 'sym' => 'FIPS_evp_aes_256_cfb1',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_256_cfb1'
- },
- 'FIPS_evp_enc_null' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_null.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_enc_null)',
- 'sym' => 'FIPS_evp_enc_null',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_enc_null'
- },
- 'FIPS_ecdsa_sign_ctx' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'EVP_MD_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/ecdsa/fips_ecdsa_sign.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_ecdsa_sign_ctx',
- 'type' => 'ECDSA_SIG * ?',
- 'oldsym' => 'FIPS_ecdsa_sign_ctx'
- },
- 'FIPS_bn_new' => {
- 'params' => [],
- 'objfile' => './crypto/bn/bn_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_new)',
- 'sym' => 'FIPS_bn_new',
- 'type' => 'BIGNUM *?',
- 'oldsym' => 'BN_new'
- },
- 'FIPS_dh_check' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dh',
- 'type' => 'const DH *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'codes',
- 'type' => 'int *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/dh/dh_check.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames DH_check)',
- 'sym' => 'FIPS_dh_check',
- 'type' => 'int ?',
- 'oldsym' => 'DH_check'
- },
- 'FIPS_drbg_stick' => {
- 'params' => [],
- 'objfile' => './fips/rand/fips_drbg_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_drbg_stick',
- 'type' => 'void ?',
- 'oldsym' => 'FIPS_drbg_stick'
- },
- 'FIPS_ecdsa_sign_digest' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dig',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dlen',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ecdsa/ecs_ossl.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_ecdsa_sign_digest',
- 'type' => 'ECDSA_SIG * ?',
- 'oldsym' => 'FIPS_ecdsa_sign_digest'
- },
- 'FIPS_evp_aes_128_xts' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_128_xts)',
- 'sym' => 'FIPS_evp_aes_128_xts',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_128_xts'
- },
- 'FIPS_bn_is_prime_fasttest_ex' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'nchecks',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'do_trial_division',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cb',
- 'type' => 'BN_GENCB *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_prime.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_is_prime_fasttest_ex)',
- 'sym' => 'FIPS_bn_is_prime_fasttest_ex',
- 'type' => 'int ?',
- 'oldsym' => 'BN_is_prime_fasttest_ex'
- },
- 'FIPS_ec_point_make_affine' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'point',
- 'type' => 'EC_POINT *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_POINT_make_affine)',
- 'sym' => 'FIPS_ec_point_make_affine',
- 'type' => 'int ?',
- 'oldsym' => 'EC_POINT_make_affine'
- },
- 'FIPS_ec_key_get_key_method_data' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dup_func',
- 'type' => 'void *(*?)(void *)'
- },
- {
- 'direction' => '<-? <->?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'free_func',
- 'type' => 'void (*?)(void *)'
- },
- {
- 'direction' => '<-? <->?',
- 'params' => undef,
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'clear_free_func',
- 'type' => 'void (*?)(void *)'
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_get_key_method_data)',
- 'sym' => 'FIPS_ec_key_get_key_method_data',
- 'type' => 'void *?',
- 'oldsym' => 'EC_KEY_get_key_method_data'
- },
- 'FIPS_dsa_sign_ctx' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dsa',
- 'type' => 'DSA *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'EVP_MD_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/dsa/fips_dsa_sign.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_dsa_sign_ctx',
- 'type' => 'DSA_SIG * ?',
- 'oldsym' => 'FIPS_dsa_sign_ctx'
- },
- 'FIPS_ec_key_get_conv_form' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'const EC_KEY *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_get_conv_form)',
- 'sym' => 'FIPS_ec_key_get_conv_form',
- 'type' => 'point_conversion_form_t ?',
- 'oldsym' => 'EC_KEY_get_conv_form'
- },
- 'FIPS_x931_set_key' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'keylen',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_rand.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_x931_set_key',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_x931_set_key'
- },
- 'FIPS_ec_point_method_of' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'point',
- 'type' => 'const EC_POINT *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_POINT_method_of)',
- 'sym' => 'FIPS_ec_point_method_of',
- 'type' => 'const EC_METHOD *?',
- 'oldsym' => 'EC_POINT_method_of'
- },
- 'FIPS_rand_add' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'buf',
- 'type' => 'const void *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'num',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'entropy',
- 'type' => 'double ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_rand_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements RAND_add)',
- 'sym' => 'FIPS_rand_add',
- 'type' => 'void ?',
- 'oldsym' => 'RAND_add'
- },
- 'FIPS_dsa_free' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'r',
- 'type' => 'DSA *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/dsa/fips_dsa_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_dsa_free',
- 'type' => 'void ?',
- 'oldsym' => 'FIPS_dsa_free'
- },
- 'FIPS_evp_aes_128_cfb1' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_128_cfb1)',
- 'sym' => 'FIPS_evp_aes_128_cfb1',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_128_cfb1'
- },
- 'FIPS_openssl_stderr' => {
- 'params' => [],
- 'objfile' => './crypto/cryptlib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames OPENSSL_stderr)',
- 'sym' => 'FIPS_openssl_stderr',
- 'type' => 'void *?',
- 'oldsym' => 'OPENSSL_stderr'
- },
- 'FIPS_drbg_method' => {
- 'params' => [],
- 'objfile' => './fips/rand/fips_drbg_rand.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_drbg_method',
- 'type' => 'const RAND_METHOD *?',
- 'oldsym' => 'FIPS_drbg_method'
- },
- 'FIPS_cipher_ctx_cleanup' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'EVP_CIPHER_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_enc.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_CIPHER_CTX_cleanup)',
- 'sym' => 'FIPS_cipher_ctx_cleanup',
- 'type' => 'int ?',
- 'oldsym' => 'EVP_CIPHER_CTX_cleanup'
- },
- 'FIPS_ec_key_new_by_curve_name' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'nid',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_new_by_curve_name)',
- 'sym' => 'FIPS_ec_key_new_by_curve_name',
- 'type' => 'EC_KEY *?',
- 'oldsym' => 'EC_KEY_new_by_curve_name'
- },
- 'FIPS_crypto_threadid_set_pointer' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'id',
- 'type' => 'CRYPTO_THREADID *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ptr',
- 'type' => 'void *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/thr_id.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CRYPTO_THREADID_set_pointer)',
- 'sym' => 'FIPS_crypto_threadid_set_pointer',
- 'type' => 'void ?',
- 'oldsym' => 'CRYPTO_THREADID_set_pointer'
- },
- 'FIPS_module_mode' => {
- 'params' => [],
- 'objfile' => './fips/fips.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_module_mode',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_module_mode'
- },
- 'FIPS_evp_aes_256_cbc' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_256_cbc)',
- 'sym' => 'FIPS_evp_aes_256_cbc',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_256_cbc'
- },
- 'FIPS_evp_aes_128_cfb8' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_128_cfb8)',
- 'sym' => 'FIPS_evp_aes_128_cfb8',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_128_cfb8'
- },
- 'FIPS_evp_aes_256_ccm' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_256_ccm)',
- 'sym' => 'FIPS_evp_aes_256_ccm',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_256_ccm'
- },
- 'FIPS_lock' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'mode',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'type',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'file',
- 'type' => 'const char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'line',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_lck.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements CRYPTO_lock)',
- 'sym' => 'FIPS_lock',
- 'type' => 'void ?',
- 'oldsym' => 'CRYPTO_lock'
- },
- 'FIPS_bn_pseudo_rand' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'rnd',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'bits',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'top',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'bottom',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_rand.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_pseudo_rand)',
- 'sym' => 'FIPS_bn_pseudo_rand',
- 'type' => 'int ?',
- 'oldsym' => 'BN_pseudo_rand'
- },
- 'FIPS_drbg_generate' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dctx',
- 'type' => 'DRBG_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'out',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'outlen',
- 'type' => 'size_t ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'strength',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'prediction_resistance',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'adin',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'adinlen',
- 'type' => 'size_t ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/rand/fips_drbg_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_drbg_generate',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_drbg_generate'
- },
- 'FIPS_ec_group_get_asn1_flag' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_get_asn1_flag)',
- 'sym' => 'FIPS_ec_group_get_asn1_flag',
- 'type' => 'int ?',
- 'oldsym' => 'EC_GROUP_get_asn1_flag'
- },
- 'FIPS_evp_aes_192_cfb8' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_192_cfb8)',
- 'sym' => 'FIPS_evp_aes_192_cfb8',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_192_cfb8'
- },
- 'FIPS_ec_point_free' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'point',
- 'type' => 'EC_POINT *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_POINT_free)',
- 'sym' => 'FIPS_ec_point_free',
- 'type' => 'void ?',
- 'oldsym' => 'EC_POINT_free'
- },
- 'FIPS_ec_key_get0_private_key' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'const EC_KEY *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_get0_private_key)',
- 'sym' => 'FIPS_ec_key_get0_private_key',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => 'EC_KEY_get0_private_key'
- },
- 'FIPS_selftest_ecdsa' => {
- 'params' => [],
- 'objfile' => './fips/ecdsa/fips_ecdsa_selftest.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_selftest_ecdsa',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_selftest_ecdsa'
- },
- 'FIPS_cipher' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'c',
- 'type' => 'EVP_CIPHER_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'out',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'in',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'inl',
- 'type' => 'unsigned int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_enc.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_Cipher)',
- 'sym' => 'FIPS_cipher',
- 'type' => '__owur int ?',
- 'oldsym' => 'EVP_Cipher'
- },
- 'FIPS_evp_aes_128_ofb' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_128_ofb)',
- 'sym' => 'FIPS_evp_aes_128_ofb',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_128_ofb'
- },
- 'FIPS_selftest_cmac' => {
- 'params' => [],
- 'objfile' => './fips/cmac/fips_cmac_selftest.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_selftest_cmac',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_selftest_cmac'
- },
- 'FIPS_cipher_ctx_ctrl' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'EVP_CIPHER_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'type',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'arg',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ptr',
- 'type' => 'void *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_enc.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_CIPHER_CTX_ctrl)',
- 'sym' => 'FIPS_cipher_ctx_ctrl',
- 'type' => 'int ?',
- 'oldsym' => 'EVP_CIPHER_CTX_ctrl'
- },
- 'FIPS_selftest_drbg' => {
- 'params' => [],
- 'objfile' => './fips/rand/fips_drbg_selftest.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_selftest_drbg',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_selftest_drbg'
- },
- 'FIPS_rsa_pkcs1_ssleay' => {
- 'params' => [],
- 'objfile' => './crypto/rsa/rsa_eay.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames RSA_PKCS1_SSLeay)',
- 'sym' => 'FIPS_rsa_pkcs1_ssleay',
- 'type' => 'const RSA_METHOD *?',
- 'oldsym' => 'RSA_PKCS1_SSLeay'
- },
- 'FIPS_selftest_aes_xts' => {
- 'params' => [],
- 'objfile' => './fips/aes/fips_aes_selftest.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_selftest_aes_xts',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_selftest_aes_xts'
- },
- 'FIPS_digestinit' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'EVP_MD_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'type',
- 'type' => 'const EVP_MD *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_md.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_DigestInit)',
- 'sym' => 'FIPS_digestinit',
- 'type' => '__owur int ?',
- 'oldsym' => 'EVP_DigestInit'
- },
- 'FIPS_cmac_ctx_get0_cipher_ctx' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'CMAC_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/cmac/cmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames CMAC_CTX_get0_cipher_ctx)',
- 'sym' => 'FIPS_cmac_ctx_get0_cipher_ctx',
- 'type' => 'EVP_CIPHER_CTX *?',
- 'oldsym' => 'CMAC_CTX_get0_cipher_ctx'
- },
- 'FIPS_ec_group_clear_free' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'EC_GROUP *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_clear_free)',
- 'sym' => 'FIPS_ec_group_clear_free',
- 'type' => 'void ?',
- 'oldsym' => 'EC_GROUP_clear_free'
- },
- 'FIPS_bn_x931_generate_prime_ex' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p1',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p2',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'Xp1',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'Xp2',
- 'type' => 'BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'Xp',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'e',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'cb',
- 'type' => 'BN_GENCB *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/bn/bn_x931p.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames BN_X931_generate_prime_ex)',
- 'sym' => 'FIPS_bn_x931_generate_prime_ex',
- 'type' => 'int ?',
- 'oldsym' => 'BN_X931_generate_prime_ex'
- },
- 'FIPS_ec_key_set_enc_flags' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'eckey',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'flags',
- 'type' => 'unsigned int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_set_enc_flags)',
- 'sym' => 'FIPS_ec_key_set_enc_flags',
- 'type' => 'void ?',
- 'oldsym' => 'EC_KEY_set_enc_flags'
- },
- 'FIPS_openssl_cleanse' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ptr',
- 'type' => 'void *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'len',
- 'type' => 'size_t ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/sha/fips_standalone_sha1.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames OPENSSL_cleanse)',
- 'sym' => 'FIPS_openssl_cleanse',
- 'type' => 'void ?',
- 'oldsym' => 'OPENSSL_cleanse'
- },
- 'FIPS_evp_aes_256_cfb8' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_256_cfb8)',
- 'sym' => 'FIPS_evp_aes_256_cfb8',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_256_cfb8'
- },
- 'FIPS_ec_point_set_to_infinity' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'point',
- 'type' => 'EC_POINT *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_POINT_set_to_infinity)',
- 'sym' => 'FIPS_ec_point_set_to_infinity',
- 'type' => 'int ?',
- 'oldsym' => 'EC_POINT_set_to_infinity'
- },
- 'FIPS_dsa_sig_free' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'DSA_SIG *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/dsa/fips_dsa_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements DSA_SIG_free)',
- 'sym' => 'FIPS_dsa_sig_free',
- 'type' => 'void ?',
- 'oldsym' => 'DSA_SIG_free'
- },
- 'FIPS_ec_group_set_curve_gfp' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'p',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'a',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'b',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_set_curve_GFp)',
- 'sym' => 'FIPS_ec_group_set_curve_gfp',
- 'type' => 'int ?',
- 'oldsym' => 'EC_GROUP_set_curve_GFp'
- },
- 'FIPS_ec_key_generate_key' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_generate_key)',
- 'sym' => 'FIPS_ec_key_generate_key',
- 'type' => 'int ?',
- 'oldsym' => 'EC_KEY_generate_key'
- },
- 'FIPS_evp_aes_192_ecb' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_192_ecb)',
- 'sym' => 'FIPS_evp_aes_192_ecb',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_192_ecb'
- },
- 'FIPS_hmac' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'evp_md',
- 'type' => 'const EVP_MD *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key',
- 'type' => 'const void *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'key_len',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'd',
- 'type' => 'const unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'n',
- 'type' => 'size_t ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'md',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'md_len',
- 'type' => 'unsigned int *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/hmac/hmac.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames HMAC)',
- 'sym' => 'FIPS_hmac',
- 'type' => 'unsigned char *?',
- 'oldsym' => 'HMAC'
- },
- 'FIPS_digestfinal' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'EVP_MD_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'md',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 's',
- 'type' => 'unsigned int *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_md.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_DigestFinal_ex)',
- 'sym' => 'FIPS_digestfinal',
- 'type' => '__owur int ?',
- 'oldsym' => 'EVP_DigestFinal_ex'
- },
- 'FIPS_incore_fingerprint' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'sig',
- 'type' => 'unsigned char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'len',
- 'type' => 'unsigned int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/fips.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_incore_fingerprint',
- 'type' => 'unsigned int ?',
- 'oldsym' => 'FIPS_incore_fingerprint'
- },
- 'FIPS_md_ctx_cleanup' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'EVP_MD_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_md.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_MD_CTX_cleanup)',
- 'sym' => 'FIPS_md_ctx_cleanup',
- 'type' => 'int ?',
- 'oldsym' => 'EVP_MD_CTX_cleanup'
- },
- 'FIPS_ec_group_set_point_conversion_form' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'form',
- 'type' => 'point_conversion_form_t ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_GROUP_set_point_conversion_form)',
- 'sym' => 'FIPS_ec_group_set_point_conversion_form',
- 'type' => 'void ?',
- 'oldsym' => 'EC_GROUP_set_point_conversion_form'
- },
- 'FIPS_ec_point_mul' => {
- 'params' => [
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'group',
- 'type' => 'const EC_GROUP *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'r',
- 'type' => 'EC_POINT *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'n',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'q',
- 'type' => 'const EC_POINT *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'm',
- 'type' => 'const BIGNUM *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'ctx',
- 'type' => 'BN_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_lib.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_POINT_mul)',
- 'sym' => 'FIPS_ec_point_mul',
- 'type' => 'int ?',
- 'oldsym' => 'EC_POINT_mul'
- },
- 'FIPS_add_lock' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'pointer',
- 'type' => 'int *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'amount',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'type',
- 'type' => 'int ?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'file',
- 'type' => 'const char *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'line',
- 'type' => 'int ?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_lck.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements CRYPTO_add_lock)',
- 'sym' => 'FIPS_add_lock',
- 'type' => 'int ?',
- 'oldsym' => 'CRYPTO_add_lock'
- },
- 'FIPS_evp_sha256' => {
- 'params' => [],
- 'objfile' => './crypto/evp/m_sha1.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_sha256)',
- 'sym' => 'FIPS_evp_sha256',
- 'type' => 'const EVP_MD *?',
- 'oldsym' => 'EVP_sha256'
- },
- 'FIPS_md_ctx_copy' => {
- 'params' => [
- {
- 'direction' => '<-?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'out',
- 'type' => 'EVP_MD_CTX *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'in',
- 'type' => 'const EVP_MD_CTX *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './fips/utl/fips_md.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(reimplements EVP_MD_CTX_copy_ex)',
- 'sym' => 'FIPS_md_ctx_copy',
- 'type' => '__owur int ?',
- 'oldsym' => 'EVP_MD_CTX_copy_ex'
- },
- 'FIPS_ec_key_copy' => {
- 'params' => [
- {
- 'direction' => '<-? <->?',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'dst',
- 'type' => 'EC_KEY *?',
- 'oldsym' => undef
- },
- {
- 'direction' => '->',
- 'objfile' => undef,
- 'kind' => 0,
- 'sym' => 'src',
- 'type' => 'const EC_KEY *?',
- 'oldsym' => undef
- }
- ],
- 'objfile' => './crypto/ec/ec_key.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EC_KEY_copy)',
- 'sym' => 'FIPS_ec_key_copy',
- 'type' => 'EC_KEY *?',
- 'oldsym' => 'EC_KEY_copy'
- },
- 'FIPS_x931_status' => {
- 'params' => [],
- 'objfile' => './fips/rand/fips_rand.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_x931_status',
- 'type' => 'int ?',
- 'oldsym' => 'FIPS_x931_status'
- },
- 'FIPS_text_end' => {
- 'params' => [],
- 'objfile' => './fips/fips_end.[o|c]',
- 'kind' => 1,
- 'symcomment' => undef,
- 'sym' => 'FIPS_text_end',
- 'type' => 'void *?',
- 'oldsym' => 'FIPS_text_end'
- },
- 'FIPS_evp_aes_192_ccm' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_192_ccm)',
- 'sym' => 'FIPS_evp_aes_192_ccm',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_192_ccm'
- },
- 'FIPS_evp_aes_256_ctr' => {
- 'params' => [],
- 'objfile' => './crypto/evp/e_aes.[o|c]',
- 'kind' => 1,
- 'symcomment' => '(renames EVP_aes_256_ctr)',
- 'sym' => 'FIPS_evp_aes_256_ctr',
- 'type' => 'const EVP_CIPHER *?',
- 'oldsym' => 'EVP_aes_256_ctr'
- }
- };
+++ /dev/null
-#
-# OpenSSL/fips/utl/Makefile
-#
-
-DIR= utl
-TOP= ../..
-CC= cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR= /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG= makedepend
-MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE= Makefile
-AR= ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_err.c fips_md.c fips_enc.c fips_lck.c fips_mem.c
-LIBOBJ= fips_err.o fips_md.o fips_enc.o fips_lck.o fips_mem.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER= $(EXHEADER)
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all: lib
-
-lib: $(LIBOBJ)
- @echo $(LIBOBJ) > lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
- @headerlist="$(EXHEADER)"; for i in $$headerlist; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done
-
-tags:
- ctags $(SRC)
-
-tests:
-
-depend:
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-fips_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_enc.o: ../../include/openssl/opensslconf.h
-fips_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-fips_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_enc.o: ../../include/openssl/symhacks.h fips_enc.c
-fips_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-fips_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-fips_err.o: ../../include/openssl/opensslconf.h
-fips_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-fips_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_err.o: ../../include/openssl/symhacks.h fips_err.c
-fips_lck.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_lck.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_lck.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_lck.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_lck.o: ../../include/openssl/opensslconf.h
-fips_lck.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-fips_lck.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_lck.o: ../../include/openssl/symhacks.h fips_lck.c
-fips_md.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_md.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_md.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-fips_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-fips_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-fips_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_md.o: fips_md.c
-fips_mem.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-fips_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_mem.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-fips_mem.o: ../../include/openssl/opensslconf.h
-fips_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-fips_mem.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_mem.o: ../../include/openssl/symhacks.h fips_mem.c
+++ /dev/null
-/* fipe/evp/fips_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-
-void FIPS_cipher_ctx_init(EVP_CIPHER_CTX *ctx)
- {
- memset(ctx,0,sizeof(EVP_CIPHER_CTX));
- /* ctx->cipher=NULL; */
- }
-
-EVP_CIPHER_CTX *FIPS_cipher_ctx_new(void)
- {
- EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
- if (ctx)
- FIPS_cipher_ctx_init(ctx);
- return ctx;
- }
-
-/* The purpose of these is to trap programs that attempt to use non FIPS
- * algorithms in FIPS mode and ignore the errors.
- */
-
-static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
-
-static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t inl)
- { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
-
-/* NB: no cleanup because it is allowed after failed init */
-
-static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
- { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
-static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
- { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
-static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
- { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
-
-static const EVP_CIPHER bad_cipher =
- {
- 0,
- 1,
- 0,
- 0,
- 0,
- bad_init,
- bad_do_cipher,
- NULL,
- 0,
- bad_set_asn1,
- bad_get_asn1,
- bad_ctrl,
- NULL
- };
-
-int FIPS_cipherinit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
- const unsigned char *key, const unsigned char *iv, int enc)
- {
- if(FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_FIPS_CIPHERINIT,FIPS_R_FIPS_SELFTEST_FAILED);
- ctx->cipher = &bad_cipher;
- return 0;
- }
- if (enc == -1)
- enc = ctx->encrypt;
- else
- {
- if (enc)
- enc = 1;
- ctx->encrypt = enc;
- }
- if (cipher)
- {
- /* Only FIPS ciphers allowed */
- if (FIPS_module_mode() && !(cipher->flags & EVP_CIPH_FLAG_FIPS) &&
- !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
- {
- EVPerr(EVP_F_FIPS_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
- ctx->cipher = &bad_cipher;
- return 0;
- }
- /* Ensure a context left lying around from last time is cleared
- * (the previous check attempted to avoid this if the same
- * ENGINE and EVP_CIPHER could be used). */
- FIPS_cipher_ctx_cleanup(ctx);
-
- /* Restore encrypt field: it is zeroed by cleanup */
- ctx->encrypt = enc;
-
- ctx->cipher=cipher;
- if (ctx->cipher->ctx_size)
- {
- ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
- if (!ctx->cipher_data)
- {
- EVPerr(EVP_F_FIPS_CIPHERINIT, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- else
- {
- ctx->cipher_data = NULL;
- }
- ctx->key_len = cipher->key_len;
- ctx->flags = 0;
- if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
- {
- if(!FIPS_cipher_ctx_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
- {
- EVPerr(EVP_F_FIPS_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- }
- }
- else if(!ctx->cipher)
- {
- EVPerr(EVP_F_FIPS_CIPHERINIT, EVP_R_NO_CIPHER_SET);
- return 0;
- }
- /* we assume block size is a power of 2 in *cryptUpdate */
- OPENSSL_assert(ctx->cipher->block_size == 1
- || ctx->cipher->block_size == 8
- || ctx->cipher->block_size == 16);
-
- if(!(M_EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
- switch(M_EVP_CIPHER_CTX_mode(ctx)) {
-
- case EVP_CIPH_STREAM_CIPHER:
- case EVP_CIPH_ECB_MODE:
- break;
-
- case EVP_CIPH_CFB_MODE:
- case EVP_CIPH_OFB_MODE:
-
- ctx->num = 0;
- /* fall-through */
-
- case EVP_CIPH_CBC_MODE:
-
- OPENSSL_assert(M_EVP_CIPHER_CTX_iv_length(ctx) <=
- (int)sizeof(ctx->iv));
- if(iv) memcpy(ctx->oiv, iv, M_EVP_CIPHER_CTX_iv_length(ctx));
- memcpy(ctx->iv, ctx->oiv, M_EVP_CIPHER_CTX_iv_length(ctx));
- break;
-
- case EVP_CIPH_CTR_MODE:
- /* Don't reuse IV for CTR mode */
- if(iv)
- memcpy(ctx->iv, iv, M_EVP_CIPHER_CTX_iv_length(ctx));
- break;
-
- default:
- return 0;
- break;
- }
- }
-
- if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
- if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
- }
- ctx->buf_len=0;
- ctx->final_used=0;
- ctx->block_mask=ctx->cipher->block_size-1;
- return 1;
- }
-
-void FIPS_cipher_ctx_free(EVP_CIPHER_CTX *ctx)
- {
- if (ctx)
- {
- FIPS_cipher_ctx_cleanup(ctx);
- OPENSSL_free(ctx);
- }
- }
-
-int FIPS_cipher_ctx_cleanup(EVP_CIPHER_CTX *c)
- {
- if (c->cipher != NULL)
- {
- if(c->cipher->cleanup && !c->cipher->cleanup(c))
- return 0;
- /* Cleanse cipher context data */
- if (c->cipher_data)
- OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
- }
- if (c->cipher_data)
- OPENSSL_free(c->cipher_data);
- memset(c,0,sizeof(EVP_CIPHER_CTX));
- return 1;
- }
-
-int FIPS_cipher_ctx_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
-{
- int ret;
- if (FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_FIPS_CIPHER_CTX_CTRL, FIPS_R_SELFTEST_FAILED);
- return 0;
- }
- if(!ctx->cipher) {
- EVPerr(EVP_F_FIPS_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
- return 0;
- }
-
- if(!ctx->cipher->ctrl) {
- EVPerr(EVP_F_FIPS_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
- return 0;
- }
-
- ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
- if(ret == -1) {
- EVPerr(EVP_F_FIPS_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
- return 0;
- }
- return ret;
-}
-
-int FIPS_cipher_ctx_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
- {
- if ((in == NULL) || (in->cipher == NULL))
- {
- EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
- return 0;
- }
-
- /* Only FIPS ciphers allowed */
- if (FIPS_module_mode() && !(in->cipher->flags & EVP_CIPH_FLAG_FIPS) &&
- !(out->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
- {
- EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY, EVP_R_DISABLED_FOR_FIPS);
- out->cipher = &bad_cipher;
- return 0;
- }
-
- FIPS_cipher_ctx_cleanup(out);
- memcpy(out,in,sizeof *out);
-
- if (in->cipher_data && in->cipher->ctx_size)
- {
- out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size);
- if (!out->cipher_data)
- {
- EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size);
- }
-
- if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
- return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
- return 1;
- }
-
-/* You can't really set the key length with FIPS, so just check that the
- caller sets the length the context already has. */
-int FIPS_cipher_ctx_set_key_length(EVP_CIPHER_CTX *ctx, int keylen)
- {
- if (ctx->key_len == keylen)
- return 1;
-
- EVPerr(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH);
- return 0;
- }
-
-
-
-int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
- {
- if (FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_FIPS_CIPHER, FIPS_R_SELFTEST_FAILED);
- return -1;
- }
- return ctx->cipher->do_cipher(ctx,out,in,inl);
- }
-
-const EVP_CIPHER *FIPS_get_cipherbynid(int nid)
- {
- switch (nid)
- {
- case NID_aes_128_cbc:
- return FIPS_evp_aes_128_cbc();
-
- case NID_aes_128_ccm:
- return FIPS_evp_aes_128_ccm();
-
- case NID_aes_128_cfb1:
- return FIPS_evp_aes_128_cfb1();
-
- case NID_aes_128_cfb128:
- return FIPS_evp_aes_128_cfb128();
-
- case NID_aes_128_cfb8:
- return FIPS_evp_aes_128_cfb8();
-
- case NID_aes_128_ctr:
- return FIPS_evp_aes_128_ctr();
-
- case NID_aes_128_ecb:
- return FIPS_evp_aes_128_ecb();
-
- case NID_aes_128_gcm:
- return FIPS_evp_aes_128_gcm();
-
- case NID_aes_128_ofb128:
- return FIPS_evp_aes_128_ofb();
-
- case NID_aes_128_xts:
- return FIPS_evp_aes_128_xts();
-
- case NID_aes_192_cbc:
- return FIPS_evp_aes_192_cbc();
-
- case NID_aes_192_ccm:
- return FIPS_evp_aes_192_ccm();
-
- case NID_aes_192_cfb1:
- return FIPS_evp_aes_192_cfb1();
-
- case NID_aes_192_cfb128:
- return FIPS_evp_aes_192_cfb128();
-
- case NID_aes_192_cfb8:
- return FIPS_evp_aes_192_cfb8();
-
- case NID_aes_192_ctr:
- return FIPS_evp_aes_192_ctr();
-
- case NID_aes_192_ecb:
- return FIPS_evp_aes_192_ecb();
-
- case NID_aes_192_gcm:
- return FIPS_evp_aes_192_gcm();
-
- case NID_aes_192_ofb128:
- return FIPS_evp_aes_192_ofb();
-
- case NID_aes_256_cbc:
- return FIPS_evp_aes_256_cbc();
-
- case NID_aes_256_ccm:
- return FIPS_evp_aes_256_ccm();
-
- case NID_aes_256_cfb1:
- return FIPS_evp_aes_256_cfb1();
-
- case NID_aes_256_cfb128:
- return FIPS_evp_aes_256_cfb128();
-
- case NID_aes_256_cfb8:
- return FIPS_evp_aes_256_cfb8();
-
- case NID_aes_256_ctr:
- return FIPS_evp_aes_256_ctr();
-
- case NID_aes_256_ecb:
- return FIPS_evp_aes_256_ecb();
-
- case NID_aes_256_gcm:
- return FIPS_evp_aes_256_gcm();
-
- case NID_aes_256_ofb128:
- return FIPS_evp_aes_256_ofb();
-
- case NID_aes_256_xts:
- return FIPS_evp_aes_256_xts();
-
- case NID_des_ede_ecb:
- return FIPS_evp_des_ede();
-
- case NID_des_ede3_ecb:
- return FIPS_evp_des_ede3();
-
- case NID_des_ede3_cbc:
- return FIPS_evp_des_ede3_cbc();
-
- case NID_des_ede3_cfb1:
- return FIPS_evp_des_ede3_cfb1();
-
- case NID_des_ede3_cfb64:
- return FIPS_evp_des_ede3_cfb64();
-
- case NID_des_ede3_cfb8:
- return FIPS_evp_des_ede3_cfb8();
-
- case NID_des_ede3_ofb64:
- return FIPS_evp_des_ede3_ofb();
-
- case NID_des_ede_cbc:
- return FIPS_evp_des_ede_cbc();
-
- case NID_des_ede_cfb64:
- return FIPS_evp_des_ede_cfb64();
-
- case NID_des_ede_ofb64:
- return FIPS_evp_des_ede_ofb();
-
- default:
- return NULL;
-
- }
- }
-
+++ /dev/null
-/* fips/utl/fips_err.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <openssl/err.h>
-#include <openssl/fips.h>
-
-/* FIPS error callbacks */
-
-static void (*fips_put_error_cb)(int lib, int func,int reason,const char *file,int line) = 0;
-static void (*fips_add_error_vdata)(int num, va_list args) = 0;
-
-void FIPS_put_error(int lib, int func,int reason,const char *file,int line)
- {
- if (fips_put_error_cb)
- fips_put_error_cb(lib, func, reason, file, line);
- }
-
-void FIPS_add_error_data(int num, ...)
- {
- if (fips_add_error_vdata)
- {
- va_list args;
- va_start(args, num);
- fips_add_error_vdata(num, args);
- va_end(args);
- }
- }
-
-void FIPS_set_error_callbacks(
- void (*put_cb)(int lib, int func,int reason,const char *file,int line),
- void (*add_cb)(int num, va_list args) )
- {
- fips_put_error_cb = put_cb;
- fips_add_error_vdata = add_cb;
- }
-
-
+++ /dev/null
-/* fips/utl/fips_lck.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <openssl/evp.h>
-#include <openssl/fips.h>
-
-/* FIPS locking callbacks */
-
-static void (*fips_lck_cb)(int mode, int type,const char *file,int line) = 0;
-static int (*fips_add_cb)(int *pointer, int amount, int type, const char *file,
- int line);
-
-void FIPS_lock(int mode, int type,const char *file,int line)
- {
- if (fips_lck_cb)
- fips_lck_cb(mode, type, file, line);
- }
-
-void FIPS_set_locking_callbacks(void (*func)(int mode, int type,
- const char *file,int line),
- int (*add_cb)(int *pointer, int amount,
- int type, const char *file, int line))
- {
- fips_lck_cb = func;
- fips_add_cb = add_cb;
- }
-
-int FIPS_add_lock(int *pointer, int amount, int type, const char *file,
- int line)
- {
- if (fips_add_cb)
- return fips_add_cb(pointer, amount, type, file, line);
- *pointer += amount;
- return *pointer;
- }
+++ /dev/null
-/* fips/evp/fips_md.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Minimal standalone FIPS versions of Digest operations */
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-
-void FIPS_md_ctx_init(EVP_MD_CTX *ctx)
- {
- memset(ctx,'\0',sizeof *ctx);
- }
-
-EVP_MD_CTX *FIPS_md_ctx_create(void)
- {
- EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
-
- if (ctx)
- FIPS_md_ctx_init(ctx);
-
- return ctx;
- }
-
-/* The purpose of these is to trap programs that attempt to use non FIPS
- * algorithms in FIPS mode and ignore the errors.
- */
-
-static int bad_init(EVP_MD_CTX *ctx)
- { FIPS_ERROR_IGNORED("Digest init"); return 0;}
-
-static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count)
- { FIPS_ERROR_IGNORED("Digest update"); return 0;}
-
-static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
- { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
-
-static const EVP_MD bad_md =
- {
- 0,
- 0,
- 0,
- 0,
- bad_init,
- bad_update,
- bad_final,
- NULL,
- NULL,
- NULL,
- 0,
- {0,0,0,0},
- };
-
-int FIPS_digestinit(EVP_MD_CTX *ctx, const EVP_MD *type)
- {
- M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
- if(FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_FIPS_DIGESTINIT,FIPS_R_FIPS_SELFTEST_FAILED);
- ctx->digest = &bad_md;
- ctx->update = bad_update;
- return 0;
- }
- if(FIPS_module_mode() && !(type->flags & EVP_MD_FLAG_FIPS) &&
- !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
- {
- EVPerr(EVP_F_FIPS_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS);
- ctx->digest = &bad_md;
- ctx->update = bad_update;
- return 0;
- }
- if (ctx->digest != type)
- {
- if (ctx->digest && ctx->digest->ctx_size)
- OPENSSL_free(ctx->md_data);
- ctx->digest=type;
- if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size)
- {
- ctx->update = type->update;
- ctx->md_data=OPENSSL_malloc(type->ctx_size);
- if (ctx->md_data == NULL)
- {
- EVPerr(EVP_F_FIPS_DIGESTINIT,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- }
- if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
- return 1;
- return ctx->digest->init(ctx);
- }
-
-int FIPS_digestupdate(EVP_MD_CTX *ctx, const void *data, size_t count)
- {
- if (FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_FIPS_DIGESTUPDATE, FIPS_R_SELFTEST_FAILED);
- return 0;
- }
- return ctx->update(ctx,data,count);
- }
-
-/* The caller can assume that this removes any secret data from the context */
-int FIPS_digestfinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
- {
- int ret;
-
- if (FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_FIPS_DIGESTFINAL, FIPS_R_SELFTEST_FAILED);
- return 0;
- }
-
- OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
- ret=ctx->digest->final(ctx,md);
- if (size != NULL)
- *size=ctx->digest->md_size;
- if (ctx->digest->cleanup)
- {
- ctx->digest->cleanup(ctx);
- M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
- }
- memset(ctx->md_data,0,ctx->digest->ctx_size);
- return ret;
- }
-
-int FIPS_digest(const void *data, size_t count,
- unsigned char *md, unsigned int *size, const EVP_MD *type)
- {
- EVP_MD_CTX ctx;
- int ret;
-
- FIPS_md_ctx_init(&ctx);
- M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
- ret=FIPS_digestinit(&ctx, type)
- && FIPS_digestupdate(&ctx, data, count)
- && FIPS_digestfinal(&ctx, md, size);
- FIPS_md_ctx_cleanup(&ctx);
-
- return ret;
- }
-
-void FIPS_md_ctx_destroy(EVP_MD_CTX *ctx)
- {
- FIPS_md_ctx_cleanup(ctx);
- OPENSSL_free(ctx);
- }
-
-/* This call frees resources associated with the context */
-int FIPS_md_ctx_cleanup(EVP_MD_CTX *ctx)
- {
- /* Don't assume ctx->md_data was cleaned in FIPS_digest_Final,
- * because sometimes only copies of the context are ever finalised.
- */
- if (ctx->digest && ctx->digest->cleanup
- && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
- ctx->digest->cleanup(ctx);
- if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
- && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
- {
- OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
- OPENSSL_free(ctx->md_data);
- }
- memset(ctx,'\0',sizeof *ctx);
-
- return 1;
- }
-
-int FIPS_md_ctx_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
- {
- unsigned char *tmp_buf;
- if ((in == NULL) || (in->digest == NULL))
- {
- EVPerr(EVP_F_FIPS_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
- return 0;
- }
-
- if (out->digest == in->digest)
- {
- tmp_buf = out->md_data;
- M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
- }
- else tmp_buf = NULL;
- FIPS_md_ctx_cleanup(out);
- memcpy(out,in,sizeof *out);
-
- if (in->md_data && out->digest->ctx_size)
- {
- if (tmp_buf)
- out->md_data = tmp_buf;
- else
- {
- out->md_data=OPENSSL_malloc(out->digest->ctx_size);
- if (!out->md_data)
- {
- EVPerr(EVP_F_FIPS_MD_CTX_COPY,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- memcpy(out->md_data,in->md_data,out->digest->ctx_size);
- }
-
- out->update = in->update;
-
- if (out->digest->copy)
- return out->digest->copy(out,in);
-
- return 1;
- }
-
-const EVP_MD *FIPS_get_digestbynid(int nid)
- {
- switch (nid)
- {
- case NID_sha1:
- return EVP_sha1();
-
- case NID_sha224:
- return EVP_sha224();
-
- case NID_sha256:
- return EVP_sha256();
-
- case NID_sha384:
- return EVP_sha384();
-
- case NID_sha512:
- return EVP_sha512();
-
- default:
- return NULL;
- }
- }
+++ /dev/null
-/* fips/utl/fips_mem.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <openssl/err.h>
-#include <openssl/fips.h>
-
-/* Default malloc implementations */
-
-static void *fips_malloc_def(int num, const char *file, int line)
- {
- return malloc(num);
- }
-
-static void fips_free_def(void *x)
- {
- free(x);
- }
-
-/* FIPS memory allocation callbacks */
-
-static void *(*fips_malloc_cb)(int num, const char *file, int line) =
- fips_malloc_def;
-static void (*fips_free_cb)(void *) =
- fips_free_def;
-
-void *FIPS_malloc(int num, const char *file, int line)
- {
- return fips_malloc_cb(num, file, line);
- }
-
-void FIPS_free(void *x)
- {
- fips_free_cb(x);
- }
-
-void FIPS_set_malloc_callbacks(
- void *(*malloc_cb)(int num, const char *file, int line),
- void (*free_cb)(void *))
- {
- fips_malloc_cb = malloc_cb;
- fips_free_cb = free_cb;
- }
+++ /dev/null
-#!/bin/perl
-
-# Simple perl script to wrap round "ar" program and exclude any
-# object files in the environment variable EXCL_OBJ
-
-map { s/^.*\/([^\/]*)$/$1/ ; $EXCL{$_} = 1} split(' ', $ENV{EXCL_OBJ});
-
-#my @ks = keys %EXCL;
-#print STDERR "Excluding: @ks \n";
-
-my @ARGS = grep { !exists $EXCL{$_} } @ARGV;
-
-system @ARGS;
-
-exit $? >> 8;
+++ /dev/null
-
-# FIPS assembly language preprocessor
-# Renames all symbols in the file to
-# their modified fips versions.
-
-
-my @ARGS = @ARGV;
-
-my $top = shift @ARGS;
-my $target = shift @ARGS;
-my $tmptarg = $target;
-
-$tmptarg =~ s/\.[^\\\/\.]+$/.tmp/;
-
-my $runasm = 1;
-
-if ($ARGS[0] eq "norunasm")
- {
- $runasm = 0;
- shift @ARGS;
- }
-
-my $enabled = 0;
-
-$enabled = 1 if $ENV{FIPSCANISTERINTERNAL} eq "y";
-
-if ($enabled == 0 && $runasm)
- {
- system @ARGS;
- exit $?
- }
-
-
-# Open symbol rename file.
-open(IN, "$top/fips/fipssyms.h") || die "Can't open fipssyms.h";
-
-# Skip to assembler symbols
-while (<IN>)
- {
- last if (/assembler/)
- }
-
-# Store all renames.
-while (<IN>)
- {
- if (/^#define\s+(\w+)\s+(\w+)\b/)
- {
- $edits{$1} = $2;
- }
- }
-
-my ($from, $to);
-
-#delete any temp file lying around
-
-unlink $tmptarg;
-
-#rename target temporarily
-rename($target, $tmptarg) || die "Can't rename $target";
-
-#edit target
-open(IN,$tmptarg) || die "Can't open temporary file";
-open(OUT, ">$target") || die "Can't open output file $target";
-
-while (<IN>)
-{
- while (($from, $to) = each %edits)
- {
- s/(\b_*)$from(\b)/$1$to$2/g;
- }
- print OUT $_;
-}
-
-close OUT;
-
-if ($runasm)
- {
- # run assembler
- system @ARGS;
-
- my $rv = $?;
-
- # restore target
- unlink $target;
- rename $tmptarg, $target;
-
- die "Error executing assembler!" if $rv != 0;
- }
-else
- {
- # Don't care about target
- unlink $tmptarg;
- }
projects / openssl / commitdiff