From: Ben Laurie Date: Sat, 15 May 2004 17:51:26 +0000 (+0000) Subject: Fix self-tests, ban some things in FIPS mode, fix copyrights. X-Git-Tag: OpenSSL_0_9_7e~99 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9ac9a2940748ac38d71032980bd37c22c3bf13c3;p=openssl Fix self-tests, ban some things in FIPS mode, fix copyrights. --- diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 05851f8429..1f734dae24 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -199,6 +199,7 @@ void ERR_load_DH_strings(void); /* Reason codes. */ #define DH_R_BAD_GENERATOR 101 +#define DH_R_NOT_PERMITTED_IN_FIPS_MODE 102 #define DH_R_NO_PRIVATE_VALUE 100 #ifdef __cplusplus diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index d837950aec..17cf42d952 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -1,6 +1,6 @@ /* crypto/dh/dh_err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -78,6 +78,7 @@ static ERR_STRING_DATA DH_str_functs[]= static ERR_STRING_DATA DH_str_reasons[]= { {DH_R_BAD_GENERATOR ,"bad generator"}, +{DH_R_NOT_PERMITTED_IN_FIPS_MODE ,"not permitted in fips mode"}, {DH_R_NO_PRIVATE_VALUE ,"no private value"}, {0,NULL} }; diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 06f78b35ab..38675f2688 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -60,6 +60,7 @@ #include "cryptlib.h" #include #include +#include /* We generate DH parameters as follows * find a prime q which is prime_len/2 bits long. @@ -94,6 +95,14 @@ DH *DH_generate_parameters(int prime_len, int generator, int g,ok= -1; BN_CTX *ctx=NULL; +#ifdef OPENSSL_FIPS + if(FIPS_mode) + { + DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_NOT_PERMITTED_IN_FIPS_MODE); + return NULL; + } +#endif + ret=DH_new(); if (ret == NULL) goto err; ctx=BN_CTX_new(); diff --git a/fips/aes/fips_aesavs.c b/fips/aes/fips_aesavs.c index 29e97b0cf7..b1239291f8 100644 --- a/fips/aes/fips_aesavs.c +++ b/fips/aes/fips_aesavs.c @@ -1,8 +1,56 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ /*--------------------------------------------- NIST AES Algorithm Validation Suite Test Program - Copyright + Donated to OpenSSL by: V-ONE Corporation 20250 Century Blvd, Suite 300 Germantown, MD 20874 diff --git a/fips/des/fingerprint.sha1 b/fips/des/fingerprint.sha1 index 76caf96fb4..816714f5e0 100644 --- a/fips/des/fingerprint.sha1 +++ b/fips/des/fingerprint.sha1 @@ -1,5 +1,5 @@ HMAC-SHA1(fips_des_enc.c)= ea89417ba58c148c3d72d29438cd0bedc2315f7f HMAC-SHA1(asm/fips-dx86-elf.s)= 2f85e8e86806c92ee4c12cf5354e19eccf6ed47d HMAC-SHA1(fips_des_selftest.c)= 3bc574e51647c5f5ab45d1007b2cf461d67764a9 -HMAC-SHA1(fips_set_key.c)= e55cabd0cbe5cd17710e11270d9594c0d7237064 +HMAC-SHA1(fips_set_key.c)= dfe1bf8221a8cce7591ad33c9433271613332bd0 HMAC-SHA1(fips_des_locl.h)= 7053848e884df47f06de9f2248380b92e58ef4e5 diff --git a/fips/des/fips_desmovs.c b/fips/des/fips_desmovs.c index 3128a752be..08058940a5 100644 --- a/fips/des/fips_desmovs.c +++ b/fips/des/fips_desmovs.c @@ -1,9 +1,57 @@ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ /*--------------------------------------------- NIST DES Modes of Operation Validation System Test Program Based on the AES Validation Suite, which was: - Copyright + Donated to OpenSSL by: V-ONE Corporation 20250 Century Blvd, Suite 300 Germantown, MD 20874 diff --git a/fips/des/fips_set_key.c b/fips/des/fips_set_key.c index 1773c2684a..5ca00c15aa 100644 --- a/fips/des/fips_set_key.c +++ b/fips/des/fips_set_key.c @@ -312,6 +312,8 @@ static const DES_LONG des_skb[8][64]={ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule) { + if (FIPS_selftest_fail) + return -3; if (DES_check_key) { return DES_set_key_checked(key, schedule); diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index a2f3f13163..bafa11afc5 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -68,7 +68,7 @@ static int FIPS_des_test() DES_cblock buf; ERR_clear_error(); - if (DES_set_key(&userkey, &key)) + if (DES_set_key(&userkey, &key) < 0) return 0; DES_ecb_encrypt( &plaintext, &ciphertext, &key, 1); DES_ecb_encrypt( &ciphertext, &buf, &key, 0); @@ -172,10 +172,11 @@ static int dh_test() { DH *dh; + ERR_clear_error(); dh = DH_generate_parameters(256, 2, NULL, NULL); if (dh) - return 0; - return 1; + return 1; + return 0; } static int Error; diff --git a/fips/sha1/fingerprint.sha1 b/fips/sha1/fingerprint.sha1 index c7fd5fbe80..7e6d05e8e9 100644 --- a/fips/sha1/fingerprint.sha1 +++ b/fips/sha1/fingerprint.sha1 @@ -2,4 +2,4 @@ HMAC-SHA1(fips_sha1dgst.c)= 10575600a9540eb15188a7d3b0b031e60aedbc18 HMAC-SHA1(fips_sha1_selftest.c)= 98910a0c85eff1688bd7adb23e738dc75b39546e HMAC-SHA1(asm/sx86-elf.s)= 6286cba0ea3b071e67ab5c1e607d1387de6a871d HMAC-SHA1(fips_sha_locl.h)= 199ceca9016ba5514997ce1fcd22be7d4f66e9b5 -HMAC-SHA1(fips_md32_common.h)= 4dd5d27e9bedbbaab6c6c5536b254e040137471e +HMAC-SHA1(fips_md32_common.h)= 5bd82fd4f27c9c9f5164dafbb617272fa5c96521 diff --git a/fips/sha1/fips_md32_common.h b/fips/sha1/fips_md32_common.h index 573850b122..cf8d31f351 100644 --- a/fips/sha1/fips_md32_common.h +++ b/fips/sha1/fips_md32_common.h @@ -417,6 +417,9 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len) register unsigned long l; int sw,sc,ew,ec; + if(FIPS_selftest_fail) + return 0; + if (len==0) return 1; l=(c->Nl+(len<<3))&0xffffffffL; diff --git a/fips/sha1/standalone.sha1 b/fips/sha1/standalone.sha1 index 356b4009a5..3ce8151260 100644 --- a/fips/sha1/standalone.sha1 +++ b/fips/sha1/standalone.sha1 @@ -3,4 +3,4 @@ HMAC-SHA1(fips_sha1_selftest.c)= 98910a0c85eff1688bd7adb23e738dc75b39546e HMAC-SHA1(asm/sx86-elf.s)= 6286cba0ea3b071e67ab5c1e607d1387de6a871d HMAC-SHA1(fips_standalone_sha1.c)= c17f83ccfe601558b33b6df27d2d82887b8c9dc2 HMAC-SHA1(fips_sha_locl.h)= 199ceca9016ba5514997ce1fcd22be7d4f66e9b5 -HMAC-SHA1(fips_md32_common.h)= 4dd5d27e9bedbbaab6c6c5536b254e040137471e +HMAC-SHA1(fips_md32_common.h)= 5bd82fd4f27c9c9f5164dafbb617272fa5c96521