summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2006-06-27 05:05:41 +0000
committercvs2svn <admin@example.com>2006-06-27 05:05:41 +0000
commitf99818624a550de2de83858db24e9e9ddb1c552b (patch)
tree39016da40af35b8885fe81fa5c837078fd5b7935
parent4f828b924f54507141fb95ebe49dfcd261945e85 (diff)
downloadopenbsd-f99818624a550de2de83858db24e9e9ddb1c552b.tar.gz
openbsd-f99818624a550de2de83858db24e9e9ddb1c552b.tar.bz2
openbsd-f99818624a550de2de83858db24e9e9ddb1c552b.zip
This commit was manufactured by cvs2git to create tag 'openssl_0_9_7j'.openssl_0_9_7j
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_x931p.c282
-rwxr-xr-xsrc/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl150
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa_pss.c261
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa_x931.c177
-rw-r--r--src/lib/libssl/src/fips/Makefile199
-rw-r--r--src/lib/libssl/src/fips/aes/Makefile131
-rw-r--r--src/lib/libssl/src/fips/aes/fips_aes_selftest.c112
-rw-r--r--src/lib/libssl/src/fips/aes/fips_aesavs.c1005
-rw-r--r--src/lib/libssl/src/fips/des/Makefile155
-rw-r--r--src/lib/libssl/src/fips/des/fips_des_selftest.c200
-rw-r--r--src/lib/libssl/src/fips/des/fips_desmovs.c833
-rw-r--r--src/lib/libssl/src/fips/dh/Makefile109
-rw-r--r--src/lib/libssl/src/fips/dh/fips_dh_check.c125
-rw-r--r--src/lib/libssl/src/fips/dh/fips_dh_gen.c186
-rw-r--r--src/lib/libssl/src/fips/dh/fips_dh_key.c230
-rw-r--r--src/lib/libssl/src/fips/dsa/Makefile158
-rw-r--r--src/lib/libssl/src/fips/dsa/fips_dsa_gen.c374
-rw-r--r--src/lib/libssl/src/fips/dsa/fips_dsa_ossl.c387
-rw-r--r--src/lib/libssl/src/fips/dsa/fips_dsa_selftest.c168
-rw-r--r--src/lib/libssl/src/fips/dsa/fips_dsatest.c257
-rw-r--r--src/lib/libssl/src/fips/dsa/fips_dssvs.c306
-rw-r--r--src/lib/libssl/src/fips/fips-lib.com1180
-rw-r--r--src/lib/libssl/src/fips/fips.c260
-rw-r--r--src/lib/libssl/src/fips/fips.h125
-rw-r--r--src/lib/libssl/src/fips/fips_locl.h67
-rw-r--r--src/lib/libssl/src/fips/fips_test_suite.c341
-rw-r--r--src/lib/libssl/src/fips/install.com55
-rwxr-xr-xsrc/lib/libssl/src/fips/openssl_fips_fingerprint30
-rw-r--r--src/lib/libssl/src/fips/rand/Makefile104
-rw-r--r--src/lib/libssl/src/fips/rand/fips_rand.c355
-rw-r--r--src/lib/libssl/src/fips/rand/fips_rand.h73
-rw-r--r--src/lib/libssl/src/fips/rand/fips_randtest.c369
-rw-r--r--src/lib/libssl/src/fips/rsa/Makefile111
-rw-r--r--src/lib/libssl/src/fips/rsa/fips_rsa_eay.c735
-rw-r--r--src/lib/libssl/src/fips/rsa/fips_rsa_gen.c249
-rw-r--r--src/lib/libssl/src/fips/rsa/fips_rsa_selftest.c251
36 files changed, 870 insertions, 9240 deletions
diff --git a/src/lib/libssl/src/crypto/bn/bn_x931p.c b/src/lib/libssl/src/crypto/bn/bn_x931p.c
new file mode 100644
index 0000000000..c64410dd3a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_x931p.c
@@ -0,0 +1,282 @@
1/* bn_x931p.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2005.
4 */
5/* ====================================================================
6 * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <openssl/bn.h>
61
62#ifdef OPENSSL_FIPS
63
64/* X9.31 routines for prime derivation */
65
66
67/* X9.31 prime derivation. This is used to generate the primes pi
68 * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd
69 * integers.
70 */
71
72static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
73 void (*cb)(int, int, void *), void *cb_arg)
74 {
75 int i = 0;
76 if (!BN_copy(pi, Xpi))
77 return 0;
78 if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
79 return 0;
80 for(;;)
81 {
82 i++;
83 if (cb)
84 cb(0, i, cb_arg);
85 /* NB 27 MR is specificed in X9.31 */
86 if (BN_is_prime_fasttest(pi, 27, cb, ctx, cb_arg, 1))
87 break;
88 if (!BN_add_word(pi, 2))
89 return 0;
90 }
91 if (cb)
92 cb(2, i, cb_arg);
93 return 1;
94 }
95
96/* This is the main X9.31 prime derivation function. From parameters
97 * Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are
98 * not NULL they will be returned too: this is needed for testing.
99 */
100
101int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
102 void (*cb)(int, int, void *), void *cb_arg,
103 const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
104 const BIGNUM *e, BN_CTX *ctx)
105 {
106 int ret = 0;
107
108 BIGNUM *t, *p1p2, *pm1;
109
110 /* Only even e supported */
111 if (!BN_is_odd(e))
112 return 0;
113
114 BN_CTX_start(ctx);
115 if (!p1)
116 p1 = BN_CTX_get(ctx);
117
118 if (!p2)
119 p2 = BN_CTX_get(ctx);
120
121 t = BN_CTX_get(ctx);
122
123 p1p2 = BN_CTX_get(ctx);
124
125 pm1 = BN_CTX_get(ctx);
126
127 if (!bn_x931_derive_pi(p1, Xp1, ctx, cb, cb_arg))
128 goto err;
129
130 if (!bn_x931_derive_pi(p2, Xp2, ctx, cb, cb_arg))
131 goto err;
132
133 if (!BN_mul(p1p2, p1, p2, ctx))
134 goto err;
135
136 /* First set p to value of Rp */
137
138 if (!BN_mod_inverse(p, p2, p1, ctx))
139 goto err;
140
141 if (!BN_mul(p, p, p2, ctx))
142 goto err;
143
144 if (!BN_mod_inverse(t, p1, p2, ctx))
145 goto err;
146
147 if (!BN_mul(t, t, p1, ctx))
148 goto err;
149
150 if (!BN_sub(p, p, t))
151 goto err;
152
153 if (p->neg && !BN_add(p, p, p1p2))
154 goto err;
155
156 /* p now equals Rp */
157
158 if (!BN_mod_sub(p, p, Xp, p1p2, ctx))
159 goto err;
160
161 if (!BN_add(p, p, Xp))
162 goto err;
163
164 /* p now equals Yp0 */
165
166 for (;;)
167 {
168 int i = 1;
169 if (cb)
170 cb(0, i++, cb_arg);
171 if (!BN_copy(pm1, p))
172 goto err;
173 if (!BN_sub_word(pm1, 1))
174 goto err;
175 if (!BN_gcd(t, pm1, e, ctx))
176 goto err;
177 if (BN_is_one(t)
178 /* X9.31 specifies 8 MR and 1 Lucas test or any prime test
179 * offering similar or better guarantees 50 MR is considerably
180 * better.
181 */
182 && BN_is_prime_fasttest(p, 50, cb, ctx, cb_arg, 1))
183 break;
184 if (!BN_add(p, p, p1p2))
185 goto err;
186 }
187
188 if (cb)
189 cb(3, 0, cb_arg);
190
191 ret = 1;
192
193 err:
194
195 BN_CTX_end(ctx);
196
197 return ret;
198 }
199
200/* Generate pair of paramters Xp, Xq for X9.31 prime generation.
201 * Note: nbits paramter is sum of number of bits in both.
202 */
203
204int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
205 {
206 BIGNUM *t;
207 int i;
208 /* Number of bits for each prime is of the form
209 * 512+128s for s = 0, 1, ...
210 */
211 if ((nbits < 1024) || (nbits & 0xff))
212 return 0;
213 nbits >>= 1;
214 /* The random value Xp must be between sqrt(2) * 2^(nbits-1) and
215 * 2^nbits - 1. By setting the top two bits we ensure that the lower
216 * bound is exceeded.
217 */
218 if (!BN_rand(Xp, nbits, 1, 0))
219 return 0;
220
221 BN_CTX_start(ctx);
222 t = BN_CTX_get(ctx);
223
224 for (i = 0; i < 1000; i++)
225 {
226 if (!BN_rand(Xq, nbits, 1, 0))
227 return 0;
228 /* Check that |Xp - Xq| > 2^(nbits - 100) */
229 BN_sub(t, Xp, Xq);
230 if (BN_num_bits(t) > (nbits - 100))
231 break;
232 }
233
234 BN_CTX_end(ctx);
235
236 if (i < 1000)
237 return 1;
238
239 return 0;
240
241 }
242
243/* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1
244 * and Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL
245 * the relevant parameter will be stored in it.
246 *
247 * Due to the fact that |Xp - Xq| > 2^(nbits - 100) must be satisfied Xp and Xq
248 * are generated using the previous function and supplied as input.
249 */
250
251int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
252 BIGNUM *Xp1, BIGNUM *Xp2,
253 const BIGNUM *Xp,
254 const BIGNUM *e, BN_CTX *ctx,
255 void (*cb)(int, int, void *), void *cb_arg)
256 {
257 int ret = 0;
258
259 BN_CTX_start(ctx);
260 if (!Xp1)
261 Xp1 = BN_CTX_get(ctx);
262 if (!Xp2)
263 Xp2 = BN_CTX_get(ctx);
264
265 if (!BN_rand(Xp1, 101, 0, 0))
266 goto error;
267 if (!BN_rand(Xp2, 101, 0, 0))
268 goto error;
269 if (!BN_X931_derive_prime(p, p1, p2, cb, cb_arg,
270 Xp, Xp1, Xp2, e, ctx))
271 goto error;
272
273 ret = 1;
274
275 error:
276 BN_CTX_end(ctx);
277
278 return ret;
279
280 }
281
282#endif
diff --git a/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl b/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl
new file mode 100755
index 0000000000..b628daca70
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl
@@ -0,0 +1,150 @@
1#!/usr/bin/env perl
2#
3# ====================================================================
4# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
5# project. Rights for redistribution and usage in source and binary
6# forms are granted according to the OpenSSL license.
7# ====================================================================
8#
9# Unlike 0.9.7f this code expects RC4_CHAR back in config line! See
10# commentary section in corresponding script in development branch
11# for background information about this option carousel. For those
12# who don't have energy to figure out these gory details, here is
13# basis in form of performance matrix relative to the original
14# 0.9.7e C code-base:
15#
16# 0.9.7e 0.9.7f this
17# AMD64 1x 3.3x 2.4x
18# EM64T 1x 0.8x 1.5x
19#
20# In other words idea is to trade -25% AMD64 performance to compensate
21# for deterioration and gain +90% on EM64T core. Development branch
22# maintains best performance for either target, i.e. 3.3x for AMD64
23# and 1.5x for EM64T.
24
25$output=shift;
26
27open STDOUT,">$output" || die "can't open $output: $!";
28
29$dat="%rdi"; # arg1
30$len="%rsi"; # arg2
31$inp="%rdx"; # arg3
32$out="%rcx"; # arg4
33
34@XX=("%r8","%r10");
35@TX=("%r9","%r11");
36$YY="%r12";
37$TY="%r13";
38
39$code=<<___;;
40.text
41
42.globl RC4
43.type RC4,\@function
44.align 16
45RC4: or $len,$len
46 jne .Lentry
47 repret
48.Lentry:
49 push %r12
50 push %r13
51
52 add \$2,$dat
53 movzb -2($dat),$XX[0]#d
54 movzb -1($dat),$YY#d
55
56 add \$1,$XX[0]#b
57 movzb ($dat,$XX[0]),$TX[0]#d
58 test \$-8,$len
59 jz .Lcloop1
60 push %rbx
61.align 16 # incidentally aligned already
62.Lcloop8:
63 mov ($inp),%eax
64 mov 4($inp),%ebx
65___
66# unroll 2x4-wise, because 64-bit rotates kill Intel P4...
67for ($i=0;$i<4;$i++) {
68$code.=<<___;
69 add $TX[0]#b,$YY#b
70 lea 1($XX[0]),$XX[1]
71 movzb ($dat,$YY),$TY#d
72 movzb $XX[1]#b,$XX[1]#d
73 movzb ($dat,$XX[1]),$TX[1]#d
74 movb $TX[0]#b,($dat,$YY)
75 cmp $XX[1],$YY
76 movb $TY#b,($dat,$XX[0])
77 jne .Lcmov$i # Intel cmov is sloooow...
78 mov $TX[0],$TX[1]
79.Lcmov$i:
80 add $TX[0]#b,$TY#b
81 xor ($dat,$TY),%al
82 ror \$8,%eax
83___
84push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers
85}
86for ($i=4;$i<8;$i++) {
87$code.=<<___;
88 add $TX[0]#b,$YY#b
89 lea 1($XX[0]),$XX[1]
90 movzb ($dat,$YY),$TY#d
91 movzb $XX[1]#b,$XX[1]#d
92 movzb ($dat,$XX[1]),$TX[1]#d
93 movb $TX[0]#b,($dat,$YY)
94 cmp $XX[1],$YY
95 movb $TY#b,($dat,$XX[0])
96 jne .Lcmov$i # Intel cmov is sloooow...
97 mov $TX[0],$TX[1]
98.Lcmov$i:
99 add $TX[0]#b,$TY#b
100 xor ($dat,$TY),%bl
101 ror \$8,%ebx
102___
103push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers
104}
105$code.=<<___;
106 lea -8($len),$len
107 mov %eax,($out)
108 lea 8($inp),$inp
109 mov %ebx,4($out)
110 lea 8($out),$out
111
112 test \$-8,$len
113 jnz .Lcloop8
114 pop %rbx
115 cmp \$0,$len
116 jne .Lcloop1
117.Lexit:
118 sub \$1,$XX[0]#b
119 movb $XX[0]#b,-2($dat)
120 movb $YY#b,-1($dat)
121
122 pop %r13
123 pop %r12
124 repret
125
126.align 16
127.Lcloop1:
128 add $TX[0]#b,$YY#b
129 movzb ($dat,$YY),$TY#d
130 movb $TX[0]#b,($dat,$YY)
131 movb $TY#b,($dat,$XX[0])
132 add $TX[0]#b,$TY#b
133 add \$1,$XX[0]#b
134 movzb ($dat,$TY),$TY#d
135 movzb ($dat,$XX[0]),$TX[0]#d
136 xorb ($inp),$TY#b
137 lea 1($inp),$inp
138 movb $TY#b,($out)
139 lea 1($out),$out
140 sub \$1,$len
141 jnz .Lcloop1
142 jmp .Lexit
143.size RC4,.-RC4
144___
145
146$code =~ s/#([bwd])/$1/gm;
147
148$code =~ s/repret/.byte\t0xF3,0xC3/gm;
149
150print $code;
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pss.c b/src/lib/libssl/src/crypto/rsa/rsa_pss.c
new file mode 100644
index 0000000000..2815628f5f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rsa/rsa_pss.c
@@ -0,0 +1,261 @@
1/* rsa_pss.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2005.
4 */
5/* ====================================================================
6 * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/rsa.h>
63#include <openssl/evp.h>
64#include <openssl/rand.h>
65#include <openssl/sha.h>
66
67const static unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
68
69int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
70 const EVP_MD *Hash, const unsigned char *EM, int sLen)
71 {
72 int i;
73 int ret = 0;
74 int hLen, maskedDBLen, MSBits, emLen;
75 const unsigned char *H;
76 unsigned char *DB = NULL;
77 EVP_MD_CTX ctx;
78 unsigned char H_[EVP_MAX_MD_SIZE];
79
80 hLen = EVP_MD_size(Hash);
81 /*
82 * Negative sLen has special meanings:
83 * -1 sLen == hLen
84 * -2 salt length is autorecovered from signature
85 * -N reserved
86 */
87 if (sLen == -1) sLen = hLen;
88 else if (sLen == -2) sLen = -2;
89 else if (sLen < -2)
90 {
91 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
92 goto err;
93 }
94
95 MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
96 emLen = RSA_size(rsa);
97 if (EM[0] & (0xFF << MSBits))
98 {
99 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID);
100 goto err;
101 }
102 if (MSBits == 0)
103 {
104 EM++;
105 emLen--;
106 }
107 if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */
108 {
109 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE);
110 goto err;
111 }
112 if (EM[emLen - 1] != 0xbc)
113 {
114 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
115 goto err;
116 }
117 maskedDBLen = emLen - hLen - 1;
118 H = EM + maskedDBLen;
119 DB = OPENSSL_malloc(maskedDBLen);
120 if (!DB)
121 {
122 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
123 goto err;
124 }
125 PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash);
126 for (i = 0; i < maskedDBLen; i++)
127 DB[i] ^= EM[i];
128 if (MSBits)
129 DB[0] &= 0xFF >> (8 - MSBits);
130 for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ;
131 if (DB[i++] != 0x1)
132 {
133 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED);
134 goto err;
135 }
136 if (sLen >= 0 && (maskedDBLen - i) != sLen)
137 {
138 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
139 goto err;
140 }
141 EVP_MD_CTX_init(&ctx);
142 EVP_DigestInit_ex(&ctx, Hash, NULL);
143 EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
144 EVP_DigestUpdate(&ctx, mHash, hLen);
145 if (maskedDBLen - i)
146 EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i);
147 EVP_DigestFinal(&ctx, H_, NULL);
148 EVP_MD_CTX_cleanup(&ctx);
149 if (memcmp(H_, H, hLen))
150 {
151 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE);
152 ret = 0;
153 }
154 else
155 ret = 1;
156
157 err:
158 if (DB)
159 OPENSSL_free(DB);
160
161 return ret;
162
163 }
164
165int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
166 const unsigned char *mHash,
167 const EVP_MD *Hash, int sLen)
168 {
169 int i;
170 int ret = 0;
171 int hLen, maskedDBLen, MSBits, emLen;
172 unsigned char *H, *salt = NULL, *p;
173 EVP_MD_CTX ctx;
174
175 hLen = EVP_MD_size(Hash);
176 /*
177 * Negative sLen has special meanings:
178 * -1 sLen == hLen
179 * -2 salt length is maximized
180 * -N reserved
181 */
182 if (sLen == -1) sLen = hLen;
183 else if (sLen == -2) sLen = -2;
184 else if (sLen < -2)
185 {
186 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
187 goto err;
188 }
189
190 MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
191 emLen = RSA_size(rsa);
192 if (MSBits == 0)
193 {
194 *EM++ = 0;
195 emLen--;
196 }
197 if (sLen == -2)
198 {
199 sLen = emLen - hLen - 2;
200 }
201 else if (emLen < (hLen + sLen + 2))
202 {
203 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
204 RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
205 goto err;
206 }
207 if (sLen > 0)
208 {
209 salt = OPENSSL_malloc(sLen);
210 if (!salt)
211 {
212 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
213 ERR_R_MALLOC_FAILURE);
214 goto err;
215 }
216 if (!RAND_bytes(salt, sLen))
217 goto err;
218 }
219 maskedDBLen = emLen - hLen - 1;
220 H = EM + maskedDBLen;
221 EVP_MD_CTX_init(&ctx);
222 EVP_DigestInit_ex(&ctx, Hash, NULL);
223 EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
224 EVP_DigestUpdate(&ctx, mHash, hLen);
225 if (sLen)
226 EVP_DigestUpdate(&ctx, salt, sLen);
227 EVP_DigestFinal(&ctx, H, NULL);
228 EVP_MD_CTX_cleanup(&ctx);
229
230 /* Generate dbMask in place then perform XOR on it */
231 PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash);
232
233 p = EM;
234
235 /* Initial PS XORs with all zeroes which is a NOP so just update
236 * pointer. Note from a test above this value is guaranteed to
237 * be non-negative.
238 */
239 p += emLen - sLen - hLen - 2;
240 *p++ ^= 0x1;
241 if (sLen > 0)
242 {
243 for (i = 0; i < sLen; i++)
244 *p++ ^= salt[i];
245 }
246 if (MSBits)
247 EM[0] &= 0xFF >> (8 - MSBits);
248
249 /* H is already in place so just set final 0xbc */
250
251 EM[emLen - 1] = 0xbc;
252
253 ret = 1;
254
255 err:
256 if (salt)
257 OPENSSL_free(salt);
258
259 return ret;
260
261 }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_x931.c b/src/lib/libssl/src/crypto/rsa/rsa_x931.c
new file mode 100644
index 0000000000..df3c45f802
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rsa/rsa_x931.c
@@ -0,0 +1,177 @@
1/* rsa_x931.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2005.
4 */
5/* ====================================================================
6 * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/rsa.h>
63#include <openssl/rand.h>
64#include <openssl/objects.h>
65
66int RSA_padding_add_X931(unsigned char *to, int tlen,
67 const unsigned char *from, int flen)
68 {
69 int j;
70 unsigned char *p;
71
72 /* Absolute minimum amount of padding is 1 header nibble, 1 padding
73 * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
74 */
75
76 j = tlen - flen - 2;
77
78 if (j < 0)
79 {
80 RSAerr(RSA_F_RSA_PADDING_ADD_X931,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
81 return -1;
82 }
83
84 p=(unsigned char *)to;
85
86 /* If no padding start and end nibbles are in one byte */
87 if (j == 0)
88 *p++ = 0x6A;
89 else
90 {
91 *p++ = 0x6B;
92 if (j > 1)
93 {
94 memset(p, 0xBB, j - 1);
95 p += j - 1;
96 }
97 *p++ = 0xBA;
98 }
99 memcpy(p,from,(unsigned int)flen);
100 p += flen;
101 *p = 0xCC;
102 return(1);
103 }
104
105int RSA_padding_check_X931(unsigned char *to, int tlen,
106 const unsigned char *from, int flen, int num)
107 {
108 int i,j;
109 const unsigned char *p;
110
111 p=from;
112 if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B)))
113 {
114 RSAerr(RSA_F_RSA_PADDING_CHECK_X931,RSA_R_INVALID_HEADER);
115 return -1;
116 }
117
118 if (*p++ == 0x6B)
119 {
120 j=flen-3;
121 for (i = 0; i < j; i++)
122 {
123 unsigned char c = *p++;
124 if (c == 0xBA)
125 break;
126 if (c != 0xBB)
127 {
128 RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
129 RSA_R_INVALID_PADDING);
130 return -1;
131 }
132 }
133
134 j -= i;
135
136 if (i == 0)
137 {
138 RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
139 return -1;
140 }
141
142 }
143 else j = flen - 2;
144
145 if (p[j] != 0xCC)
146 {
147 RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
148 return -1;
149 }
150
151 memcpy(to,p,(unsigned int)j);
152
153 return(j);
154 }
155
156/* Translate between X931 hash ids and NIDs */
157
158int RSA_X931_hash_id(int nid)
159 {
160 switch (nid)
161 {
162 case NID_sha1:
163 return 0x33;
164
165 case NID_sha256:
166 return 0x34;
167
168 case NID_sha384:
169 return 0x36;
170
171 case NID_sha512:
172 return 0x35;
173
174 }
175 return -1;
176 }
177
diff --git a/src/lib/libssl/src/fips/Makefile b/src/lib/libssl/src/fips/Makefile
deleted file mode 100644
index 63e4cf82be..0000000000
--- a/src/lib/libssl/src/fips/Makefile
+++ /dev/null
@@ -1,199 +0,0 @@
1#
2# SSLeay/fips/Makefile
3#
4
5DIR= fips
6TOP= ..
7CC= cc
8INCLUDE= -I. -I$(TOP) -I../include
9INCLUDES= -I.. -I../.. -I../../include
10CFLAG= -g
11INSTALL_PREFIX=
12OPENSSLDIR= /usr/local/ssl
13INSTALLTOP= /usr/local/ssl
14MAKEDEPPROG= makedepend
15MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
16MAKEFILE= Makefile
17RM= rm -f
18AR= ar r
19
20PEX_LIBS=
21EX_LIBS=
22
23CFLAGS= $(INCLUDE) $(CFLAG)
24
25
26LIBS=
27
28FDIRS=sha1 rand des aes dsa rsa dh
29
30GENERAL=Makefile README fips-lib.com install.com
31
32LIB= $(TOP)/libcrypto.a
33SHARED_LIB= libcrypto$(SHLIB_EXT)
34LIBSRC=fips.c fips_err_wrapper.c
35LIBOBJ=fips.o fips_err_wrapper.o
36
37SRC= $(LIBSRC)
38
39EXHEADER=fips.h
40HEADER=$(EXHEADER) fips_err.h
41EXE=openssl_fips_fingerprint
42
43ALL= $(GENERAL) $(SRC) $(HEADER)
44
45top:
46 @(cd ..; $(MAKE) DIRS=$(DIR) all)
47
48all:
49 @if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
50 $(MAKE) -e subdirs check lib shared; \
51 fi
52
53check:
54 TOP=`pwd`/$(TOP) ./fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
55
56subdirs:
57 @for i in $(FDIRS) ;\
58 do \
59 (cd $$i && echo "making all in fips/$$i..." && \
60 $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
61 done;
62
63sub_target:
64 @for i in $(FDIRS) ;\
65 do \
66 (cd $$i && echo "making $(TARGET) in fips/$$i..." && \
67 $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' $(TARGET) ) || exit 1; \
68 done;
69
70files:
71 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
72 @for i in $(FDIRS) ;\
73 do \
74 (cd $$i && echo "making 'files' in fips/$$i..." && \
75 $(MAKE) PERL='${PERL}' files ); \
76 done;
77
78links:
79 @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
80 @for i in $(FDIRS); do \
81 (cd $$i && echo "making links in fips/$$i..." && \
82 $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
83 done;
84
85lib: $(LIBOBJ)
86 $(AR) $(LIB) $(LIBOBJ)
87 $(RANLIB) $(LIB) || echo Never mind.
88 @touch lib
89
90shared:
91 if [ -n "$(SHARED_LIBS)" ]; then \
92 (cd ..; $(MAKE) $(SHARED_LIB)); \
93 fi
94
95libs:
96 @for i in $(FDIRS) ;\
97 do \
98 (cd $$i && echo "making libs in fips/$$i..." && \
99 $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
100 done;
101
102tests:
103 @for i in $(FDIRS) ;\
104 do \
105 (cd $$i && echo "making tests in fips/$$i..." && \
106 $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
107 done;
108
109top_fips_test_suite:
110 (cd $(TOP); $(MAKE) DIRS=fips FDIRS=. TARGET=fips_test_suite sub_target)
111
112fips_test_suite: fips_test_suite.o $(TOP)/libcrypto.a
113 $(CC) $(CFLAGS) -o fips_test_suite fips_test_suite.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
114 TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_test_suite || { rm fips_test_suite; false; }
115
116fips_test: top top_fips_test_suite
117 cd testvectors && perl -p -i -e 's/COUNT=/COUNT = /' des[23]/req/*.req
118 @for i in dsa sha1 aes des ; \
119 do \
120 (cd $$i && echo "making fips_test in fips/$$i..." && $(MAKE) fips_test) \
121 done;
122
123install:
124 @headerlist="$(EXHEADER)"; for i in $$headerlist ;\
125 do \
126 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
127 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
128 done;
129 @for i in $(FDIRS) ;\
130 do \
131 (cd $$i && echo "making install in fips/$$i..." && \
132 $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
133 done;
134 @for i in $(EXE) ; \
135 do \
136 echo "installing $$i"; \
137 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
138 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
139 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
140 done
141
142lint:
143 @for i in $(FDIRS) ;\
144 do \
145 (cd $$i && echo "making lint in fips/$$i..." && \
146 $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
147 done;
148
149depend:
150 if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
151 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(SRC)
152 if [ ! -s buildinf.h ]; then rm buildinf.h; fi
153 @for i in $(FDIRS) ;\
154 do \
155 (cd $$i && echo "making depend in fips/$$i..." && \
156 $(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ); \
157 done;
158
159clean:
160 rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
161 @for i in $(FDIRS) ;\
162 do \
163 (cd $$i && echo "making clean in fips/$$i..." && \
164 $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
165 done;
166
167dclean:
168 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
169 mv -f Makefile.new $(MAKEFILE)
170 @for i in $(FDIRS) ;\
171 do \
172 (cd $$i && echo "making dclean in fips/$$i..." && \
173 $(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
174 done;
175
176# DO NOT DELETE THIS LINE -- make depend depends on it.
177
178fips.o: ../include/openssl/aes.h ../include/openssl/asn1.h
179fips.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
180fips.o: ../include/openssl/bn.h ../include/openssl/cast.h
181fips.o: ../include/openssl/crypto.h ../include/openssl/des.h
182fips.o: ../include/openssl/des_old.h ../include/openssl/dh.h
183fips.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
184fips.o: ../include/openssl/err.h ../include/openssl/evp.h
185fips.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
186fips.o: ../include/openssl/hmac.h ../include/openssl/idea.h
187fips.o: ../include/openssl/lhash.h ../include/openssl/md2.h
188fips.o: ../include/openssl/md4.h ../include/openssl/md5.h
189fips.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
190fips.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
191fips.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
192fips.o: ../include/openssl/rand.h ../include/openssl/rc2.h
193fips.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
194fips.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
195fips.o: ../include/openssl/safestack.h ../include/openssl/sha.h
196fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
197fips.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h fips.c
198fips.o: fips_locl.h
199fips_err_wrapper.o: ../include/openssl/opensslconf.h fips_err_wrapper.c
diff --git a/src/lib/libssl/src/fips/aes/Makefile b/src/lib/libssl/src/fips/aes/Makefile
deleted file mode 100644
index fce5eeb5f7..0000000000
--- a/src/lib/libssl/src/fips/aes/Makefile
+++ /dev/null
@@ -1,131 +0,0 @@
1#
2# SSLeay/fips/aes/Makefile
3#
4
5DIR= aes
6TOP= ../..
7CC= cc
8INCLUDES=
9CFLAG=-g
10INSTALL_PREFIX=
11OPENSSLDIR= /usr/local/ssl
12INSTALLTOP=/usr/local/ssl
13MAKEDEPPROG= makedepend
14MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
15MAKEFILE= Makefile
16AR= ar r
17
18CFLAGS= $(INCLUDES) $(CFLAG)
19
20GENERAL=Makefile
21TEST=fips_aesavs.c
22TESTDATA=fips_aes_data
23APPS=
24
25LIB=$(TOP)/libcrypto.a
26LIBSRC=fips_aes_core.c fips_aes_selftest.c
27LIBOBJ=fips_aes_core.o fips_aes_selftest.o
28
29SRC= $(LIBSRC)
30
31EXHEADER=
32HEADER= $(EXHEADER) fips_aes_locl.h
33
34ALL= $(GENERAL) $(SRC) $(HEADER)
35
36top:
37 (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
38
39all: check lib
40
41check:
42 TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
43
44lib: $(LIBOBJ)
45 $(AR) $(LIB) $(LIBOBJ)
46 $(RANLIB) $(LIB) || echo Never mind.
47 @sleep 2; touch lib
48
49files:
50 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
51
52links:
53 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
54 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
55 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TESTDATA)
56 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
57
58install:
59 @headerlist="$(EXHEADER)"; for i in $$headerlist; \
60 do \
61 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
62 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
63 done
64
65tags:
66 ctags $(SRC)
67
68tests:
69
70top_fips_aesavs:
71 (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_aesavs sub_target)
72
73fips_aesavs: fips_aesavs.o $(TOP)/libcrypto.a
74 $(CC) $(CFLAGS) -o fips_aesavs fips_aesavs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
75 TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_aesavs
76
77fips_test: top top_fips_aesavs
78 find ../testvectors/aes/req -name '*.req' > testlist
79 -rm -rf ../testvectors/aes/rsp
80 mkdir ../testvectors/aes/rsp
81 ./fips_aesavs -d testlist
82
83lint:
84 lint -DLINT $(INCLUDES) $(SRC)>fluff
85
86depend:
87 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) \
88 $(SRC) $(TEST)
89
90dclean:
91 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
92 mv -f Makefile.new $(MAKEFILE)
93
94clean:
95 rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
96# DO NOT DELETE THIS LINE -- make depend depends on it.
97
98fips_aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
99fips_aes_core.o: ../../include/openssl/fips.h
100fips_aes_core.o: ../../include/openssl/opensslconf.h fips_aes_core.c
101fips_aes_core.o: fips_aes_locl.h
102fips_aes_selftest.o: ../../include/openssl/aes.h ../../include/openssl/bio.h
103fips_aes_selftest.o: ../../include/openssl/crypto.h
104fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
105fips_aes_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
106fips_aes_selftest.o: ../../include/openssl/opensslconf.h
107fips_aes_selftest.o: ../../include/openssl/opensslv.h
108fips_aes_selftest.o: ../../include/openssl/safestack.h
109fips_aes_selftest.o: ../../include/openssl/stack.h
110fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c
111fips_aesavs.o: ../../e_os.h ../../include/openssl/aes.h
112fips_aesavs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
113fips_aesavs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
114fips_aesavs.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
115fips_aesavs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
116fips_aesavs.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
117fips_aesavs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
118fips_aesavs.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
119fips_aesavs.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
120fips_aesavs.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
121fips_aesavs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
122fips_aesavs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
123fips_aesavs.o: ../../include/openssl/opensslconf.h
124fips_aesavs.o: ../../include/openssl/opensslv.h
125fips_aesavs.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
126fips_aesavs.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
127fips_aesavs.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
128fips_aesavs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
129fips_aesavs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
130fips_aesavs.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
131fips_aesavs.o: fips_aesavs.c
diff --git a/src/lib/libssl/src/fips/aes/fips_aes_selftest.c b/src/lib/libssl/src/fips/aes/fips_aes_selftest.c
deleted file mode 100644
index 0e53d21bd0..0000000000
--- a/src/lib/libssl/src/fips/aes/fips_aes_selftest.c
+++ /dev/null
@@ -1,112 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 *
48 */
49
50#include <string.h>
51#include <openssl/err.h>
52#include <openssl/fips.h>
53#include <openssl/aes.h>
54
55#ifdef OPENSSL_FIPS
56static struct
57 {
58 unsigned char key[16];
59 unsigned char plaintext[16];
60 unsigned char ciphertext[16];
61 } tests[]=
62 {
63 {
64 { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
65 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
66 { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
67 0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF },
68 { 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30,
69 0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A },
70 },
71 };
72
73void FIPS_corrupt_aes()
74 {
75 tests[0].key[0]++;
76 }
77
78int FIPS_selftest_aes()
79 {
80 int n;
81
82 /* Encrypt and check against known ciphertext */
83 for(n=0 ; n < 1 ; ++n)
84 {
85 AES_KEY key;
86 unsigned char buf[16];
87
88 AES_set_encrypt_key(tests[n].key,128,&key);
89 AES_encrypt(tests[n].plaintext,buf,&key);
90 if(memcmp(buf,tests[n].ciphertext,sizeof buf))
91 {
92 FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
93 return 0;
94 }
95 }
96 /* Decrypt and check against known plaintext */
97 for(n=0 ; n < 1 ; ++n)
98 {
99 AES_KEY key;
100 unsigned char buf[16];
101
102 AES_set_decrypt_key(tests[n].key,128,&key);
103 AES_decrypt(tests[n].ciphertext,buf,&key);
104 if(memcmp(buf,tests[n].plaintext,sizeof buf))
105 {
106 FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
107 return 0;
108 }
109 }
110 return 1;
111 }
112#endif
diff --git a/src/lib/libssl/src/fips/aes/fips_aesavs.c b/src/lib/libssl/src/fips/aes/fips_aesavs.c
deleted file mode 100644
index 5fc2879067..0000000000
--- a/src/lib/libssl/src/fips/aes/fips_aesavs.c
+++ /dev/null
@@ -1,1005 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 *
48 */
49/*---------------------------------------------
50 NIST AES Algorithm Validation Suite
51 Test Program
52
53 Donated to OpenSSL by:
54 V-ONE Corporation
55 20250 Century Blvd, Suite 300
56 Germantown, MD 20874
57 U.S.A.
58 ----------------------------------------------*/
59
60#include <stdio.h>
61#include <stdlib.h>
62#include <string.h>
63#include <errno.h>
64#include <assert.h>
65
66#include <openssl/aes.h>
67#include <openssl/evp.h>
68#include <openssl/fips.h>
69#include <openssl/err.h>
70#include "e_os.h"
71
72#define AES_BLOCK_SIZE 16
73
74#define VERBOSE 1
75
76/*-----------------------------------------------*/
77
78int AESTest(EVP_CIPHER_CTX *ctx,
79 char *amode, int akeysz, unsigned char *aKey,
80 unsigned char *iVec,
81 int dir, /* 0 = decrypt, 1 = encrypt */
82 unsigned char *plaintext, unsigned char *ciphertext, int len)
83 {
84 const EVP_CIPHER *cipher = NULL;
85 int ret = 1;
86 int kt = 0;
87
88 if (ctx)
89 memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
90
91 if (strcasecmp(amode, "CBC") == 0)
92 kt = 1000;
93 else if (strcasecmp(amode, "ECB") == 0)
94 kt = 2000;
95 else if (strcasecmp(amode, "CFB128") == 0)
96 kt = 3000;
97 else if (strncasecmp(amode, "OFB", 3) == 0)
98 kt = 4000;
99 else if(!strcasecmp(amode,"CFB1"))
100 kt=5000;
101 else if(!strcasecmp(amode,"CFB8"))
102 kt=6000;
103 else
104 {
105 printf("Unknown mode: %s\n", amode);
106 EXIT(1);
107 }
108 if (ret)
109 {
110 if ((akeysz != 128) && (akeysz != 192) && (akeysz != 256))
111 {
112 printf("Invalid key size: %d\n", akeysz);
113 ret = 0;
114 }
115 else
116 {
117 kt += akeysz;
118 switch (kt)
119 {
120 case 1128: /* CBC 128 */
121 cipher = EVP_aes_128_cbc();
122 break;
123 case 1192: /* CBC 192 */
124 cipher = EVP_aes_192_cbc();
125 break;
126 case 1256: /* CBC 256 */
127 cipher = EVP_aes_256_cbc();
128 break;
129 case 2128: /* ECB 128 */
130 cipher = EVP_aes_128_ecb();
131 break;
132 case 2192: /* ECB 192 */
133 cipher = EVP_aes_192_ecb();
134 break;
135 case 2256: /* ECB 256 */
136 cipher = EVP_aes_256_ecb();
137 break;
138 case 3128: /* CFB 128 */
139 cipher = EVP_aes_128_cfb();
140 break;
141 case 3192: /* CFB 192 */
142 cipher = EVP_aes_192_cfb();
143 break;
144 case 3256: /* CFB 256 */
145 cipher = EVP_aes_256_cfb();
146 break;
147 case 4128: /* OFB 128 */
148 cipher = EVP_aes_128_ofb();
149 break;
150 case 4192: /* OFB 192 */
151 cipher = EVP_aes_192_ofb();
152 break;
153 case 4256: /* OFB 256 */
154 cipher = EVP_aes_256_ofb();
155 break;
156 case 5128:
157 cipher=EVP_aes_128_cfb1();
158 break;
159 case 5192:
160 cipher=EVP_aes_192_cfb1();
161 break;
162 case 5256:
163 cipher=EVP_aes_256_cfb1();
164 break;
165 case 6128:
166 cipher=EVP_aes_128_cfb8();
167 break;
168 case 6192:
169 cipher=EVP_aes_192_cfb8();
170 break;
171 case 6256:
172 cipher=EVP_aes_256_cfb8();
173 break;
174 default:
175 printf("Didn't handle mode %d\n",kt);
176 EXIT(1);
177 }
178 if (dir)
179 { /* encrypt */
180 if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_ENCRYPT))
181 {
182 ERR_print_errors_fp(stderr);
183 EXIT(1);
184 }
185
186 EVP_Cipher(ctx, ciphertext, (unsigned char*)plaintext, len);
187 }
188 else
189 { /* decrypt */
190 if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_DECRYPT))
191 {
192 ERR_print_errors_fp(stderr);
193 EXIT(1);
194 }
195 EVP_Cipher(ctx, (unsigned char*)plaintext, ciphertext, len);
196 }
197 }
198 }
199 return ret;
200 }
201
202/*-----------------------------------------------*/
203
204int hex2bin(char *in, int len, unsigned char *out)
205{
206 int n1, n2;
207 unsigned char ch;
208
209 for (n1 = 0, n2 = 0; n1 < len; )
210 { /* first byte */
211 if ((in[n1] >= '0') && (in[n1] <= '9'))
212 ch = in[n1++] - '0';
213 else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
214 ch = in[n1++] - 'A' + 10;
215 else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
216 ch = in[n1++] - 'a' + 10;
217 else
218 return -1;
219 if(len == 1)
220 {
221 out[n2++]=ch;
222 break;
223 }
224 out[n2] = ch << 4;
225 /* second byte */
226 if ((in[n1] >= '0') && (in[n1] <= '9'))
227 ch = in[n1++] - '0';
228 else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
229 ch = in[n1++] - 'A' + 10;
230 else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
231 ch = in[n1++] - 'a' + 10;
232 else
233 return -1;
234 out[n2++] |= ch;
235 }
236 return n2;
237}
238
239/*-----------------------------------------------*/
240
241int bin2hex(unsigned char *in, int len, char *out)
242{
243 int n1, n2;
244 unsigned char ch;
245
246 for (n1 = 0, n2 = 0; n1 < len; ++n1)
247 {
248 /* first nibble */
249 ch = in[n1] >> 4;
250 if (ch <= 0x09)
251 out[n2++] = ch + '0';
252 else
253 out[n2++] = ch - 10 + 'a';
254 /* second nibble */
255 ch = in[n1] & 0x0f;
256 if (ch <= 0x09)
257 out[n2++] = ch + '0';
258 else
259 out[n2++] = ch - 10 + 'a';
260 }
261 return n2;
262}
263
264/* NB: this return the number of _bits_ read */
265int bint2bin(const char *in, int len, unsigned char *out)
266 {
267 int n;
268
269 memset(out,0,len);
270 for(n=0 ; n < len ; ++n)
271 if(in[n] == '1')
272 out[n/8]|=(0x80 >> (n%8));
273 return len;
274 }
275
276int bin2bint(const unsigned char *in,int len,char *out)
277 {
278 int n;
279
280 for(n=0 ; n < len ; ++n)
281 out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
282 return n;
283 }
284
285/*-----------------------------------------------*/
286
287void PrintValue(char *tag, unsigned char *val, int len)
288{
289#if VERBOSE
290 char obuf[2048];
291 int olen;
292 olen = bin2hex(val, len, obuf);
293 printf("%s = %.*s\n", tag, olen, obuf);
294#endif
295}
296
297void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
298 {
299 char obuf[2048];
300 int olen;
301
302 if(bitmode)
303 olen=bin2bint(val,len,obuf);
304 else
305 olen=bin2hex(val,len,obuf);
306
307 fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
308#if VERBOSE
309 printf("%s = %.*s\n", tag, olen, obuf);
310#endif
311 }
312
313/*-----------------------------------------------*/
314char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
315char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"};
316enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128};
317enum XCrypt {XDECRYPT, XENCRYPT};
318
319/*=============================*/
320/* Monte Carlo Tests */
321/*-----------------------------*/
322
323/*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/
324/*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/
325
326#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
327#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
328
329int do_mct(char *amode,
330 int akeysz, unsigned char *aKey,unsigned char *iVec,
331 int dir, unsigned char *text, int len,
332 FILE *rfp)
333 {
334 int ret = 0;
335 unsigned char key[101][32];
336 unsigned char iv[101][AES_BLOCK_SIZE];
337 unsigned char ptext[1001][32];
338 unsigned char ctext[1001][32];
339 unsigned char ciphertext[64+4];
340 int i, j, n, n1, n2;
341 int imode = 0, nkeysz = akeysz/8;
342 EVP_CIPHER_CTX ctx;
343
344 if (len > 32)
345 {
346 printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n",
347 amode, akeysz);
348 return -1;
349 }
350 for (imode = 0; imode < 6; ++imode)
351 if (strcmp(amode, t_mode[imode]) == 0)
352 break;
353 if (imode == 6)
354 {
355 printf("Unrecognized mode: %s\n", amode);
356 return -1;
357 }
358
359 memcpy(key[0], aKey, nkeysz);
360 if (iVec)
361 memcpy(iv[0], iVec, AES_BLOCK_SIZE);
362 if (dir == XENCRYPT)
363 memcpy(ptext[0], text, len);
364 else
365 memcpy(ctext[0], text, len);
366 for (i = 0; i < 100; ++i)
367 {
368 /* printf("Iteration %d\n", i); */
369 if (i > 0)
370 {
371 fprintf(rfp,"COUNT = %d\n",i);
372 OutputValue("KEY",key[i],nkeysz,rfp,0);
373 if (imode != ECB) /* ECB */
374 OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0);
375 /* Output Ciphertext | Plaintext */
376 OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp,
377 imode == CFB1);
378 }
379 for (j = 0; j < 1000; ++j)
380 {
381 switch (imode)
382 {
383 case ECB:
384 if (j == 0)
385 { /* set up encryption */
386 ret = AESTest(&ctx, amode, akeysz, key[i], NULL,
387 dir, /* 0 = decrypt, 1 = encrypt */
388 ptext[j], ctext[j], len);
389 if (dir == XENCRYPT)
390 memcpy(ptext[j+1], ctext[j], len);
391 else
392 memcpy(ctext[j+1], ptext[j], len);
393 }
394 else
395 {
396 if (dir == XENCRYPT)
397 {
398 EVP_Cipher(&ctx, ctext[j], ptext[j], len);
399 memcpy(ptext[j+1], ctext[j], len);
400 }
401 else
402 {
403 EVP_Cipher(&ctx, ptext[j], ctext[j], len);
404 memcpy(ctext[j+1], ptext[j], len);
405 }
406 }
407 break;
408
409 case CBC:
410 case OFB:
411 case CFB128:
412 if (j == 0)
413 {
414 ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
415 dir, /* 0 = decrypt, 1 = encrypt */
416 ptext[j], ctext[j], len);
417 if (dir == XENCRYPT)
418 memcpy(ptext[j+1], iv[i], len);
419 else
420 memcpy(ctext[j+1], iv[i], len);
421 }
422 else
423 {
424 if (dir == XENCRYPT)
425 {
426 EVP_Cipher(&ctx, ctext[j], ptext[j], len);
427 memcpy(ptext[j+1], ctext[j-1], len);
428 }
429 else
430 {
431 EVP_Cipher(&ctx, ptext[j], ctext[j], len);
432 memcpy(ctext[j+1], ptext[j-1], len);
433 }
434 }
435 break;
436
437 case CFB8:
438 if (j == 0)
439 {
440 ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
441 dir, /* 0 = decrypt, 1 = encrypt */
442 ptext[j], ctext[j], len);
443 }
444 else
445 {
446 if (dir == XENCRYPT)
447 EVP_Cipher(&ctx, ctext[j], ptext[j], len);
448 else
449 EVP_Cipher(&ctx, ptext[j], ctext[j], len);
450 }
451 if (dir == XENCRYPT)
452 {
453 if (j < 16)
454 memcpy(ptext[j+1], &iv[i][j], len);
455 else
456 memcpy(ptext[j+1], ctext[j-16], len);
457 }
458 else
459 {
460 if (j < 16)
461 memcpy(ctext[j+1], &iv[i][j], len);
462 else
463 memcpy(ctext[j+1], ptext[j-16], len);
464 }
465 break;
466
467 case CFB1:
468 if(j == 0)
469 {
470 /* compensate for wrong endianness of input file */
471 if(i == 0)
472 ptext[0][0]<<=7;
473 ret=AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
474 ptext[j], ctext[j], len);
475 }
476 else
477 {
478 if (dir == XENCRYPT)
479 EVP_Cipher(&ctx, ctext[j], ptext[j], len);
480 else
481 EVP_Cipher(&ctx, ptext[j], ctext[j], len);
482
483 }
484 if(dir == XENCRYPT)
485 {
486 if(j < 128)
487 sb(ptext[j+1],0,gb(iv[i],j));
488 else
489 sb(ptext[j+1],0,gb(ctext[j-128],0));
490 }
491 else
492 {
493 if(j < 128)
494 sb(ctext[j+1],0,gb(iv[i],j));
495 else
496 sb(ctext[j+1],0,gb(ptext[j-128],0));
497 }
498 break;
499 }
500 }
501 --j; /* reset to last of range */
502 /* Output Ciphertext | Plaintext */
503 OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp,
504 imode == CFB1);
505 fprintf(rfp, "\n"); /* add separator */
506
507 /* Compute next KEY */
508 if (dir == XENCRYPT)
509 {
510 if (imode == CFB8)
511 { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
512 for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
513 ciphertext[n1] = ctext[j-n2][0];
514 }
515 else if(imode == CFB1)
516 {
517 for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
518 sb(ciphertext,n1,gb(ctext[j-n2],0));
519 }
520 else
521 switch (akeysz)
522 {
523 case 128:
524 memcpy(ciphertext, ctext[j], 16);
525 break;
526 case 192:
527 memcpy(ciphertext, ctext[j-1]+8, 8);
528 memcpy(ciphertext+8, ctext[j], 16);
529 break;
530 case 256:
531 memcpy(ciphertext, ctext[j-1], 16);
532 memcpy(ciphertext+16, ctext[j], 16);
533 break;
534 }
535 }
536 else
537 {
538 if (imode == CFB8)
539 { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
540 for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
541 ciphertext[n1] = ptext[j-n2][0];
542 }
543 else if(imode == CFB1)
544 {
545 for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
546 sb(ciphertext,n1,gb(ptext[j-n2],0));
547 }
548 else
549 switch (akeysz)
550 {
551 case 128:
552 memcpy(ciphertext, ptext[j], 16);
553 break;
554 case 192:
555 memcpy(ciphertext, ptext[j-1]+8, 8);
556 memcpy(ciphertext+8, ptext[j], 16);
557 break;
558 case 256:
559 memcpy(ciphertext, ptext[j-1], 16);
560 memcpy(ciphertext+16, ptext[j], 16);
561 break;
562 }
563 }
564 /* Compute next key: Key[i+1] = Key[i] xor ct */
565 for (n = 0; n < nkeysz; ++n)
566 key[i+1][n] = key[i][n] ^ ciphertext[n];
567
568 /* Compute next IV and text */
569 if (dir == XENCRYPT)
570 {
571 switch (imode)
572 {
573 case ECB:
574 memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE);
575 break;
576 case CBC:
577 case OFB:
578 case CFB128:
579 memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE);
580 memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE);
581 break;
582 case CFB8:
583 /* IV[i+1] = ct */
584 for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
585 iv[i+1][n1] = ctext[j-n2][0];
586 ptext[0][0] = ctext[j-16][0];
587 break;
588 case CFB1:
589 for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
590 sb(iv[i+1],n1,gb(ctext[j-n2],0));
591 ptext[0][0]=ctext[j-128][0]&0x80;
592 break;
593 }
594 }
595 else
596 {
597 switch (imode)
598 {
599 case ECB:
600 memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE);
601 break;
602 case CBC:
603 case OFB:
604 case CFB128:
605 memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE);
606 memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE);
607 break;
608 case CFB8:
609 for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
610 iv[i+1][n1] = ptext[j-n2][0];
611 ctext[0][0] = ptext[j-16][0];
612 break;
613 case CFB1:
614 for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
615 sb(iv[i+1],n1,gb(ptext[j-n2],0));
616 ctext[0][0]=ptext[j-128][0]&0x80;
617 break;
618 }
619 }
620 }
621
622 return ret;
623 }
624
625/*================================================*/
626/*----------------------------
627 # Config info for v-one
628 # AESVS MMT test data for ECB
629 # State : Encrypt and Decrypt
630 # Key Length : 256
631 # Fri Aug 30 04:07:22 PM
632 ----------------------------*/
633
634int proc_file(char *rqfile)
635 {
636 char afn[256], rfn[256];
637 FILE *afp = NULL, *rfp = NULL;
638 char ibuf[2048];
639 int ilen, len, ret = 0;
640 char algo[8] = "";
641 char amode[8] = "";
642 char atest[8] = "";
643 int akeysz = 0;
644 unsigned char iVec[20], aKey[40];
645 int dir = -1, err = 0, step = 0;
646 unsigned char plaintext[2048];
647 unsigned char ciphertext[2048];
648 char *rp;
649 EVP_CIPHER_CTX ctx;
650
651 if (!rqfile || !(*rqfile))
652 {
653 printf("No req file\n");
654 return -1;
655 }
656 strcpy(afn, rqfile);
657
658 if ((afp = fopen(afn, "r")) == NULL)
659 {
660 printf("Cannot open file: %s, %s\n",
661 afn, strerror(errno));
662 return -1;
663 }
664 strcpy(rfn,afn);
665 rp=strstr(rfn,"req/");
666 assert(rp);
667 memcpy(rp,"rsp",3);
668 rp = strstr(rfn, ".req");
669 memcpy(rp, ".rsp", 4);
670 if ((rfp = fopen(rfn, "w")) == NULL)
671 {
672 printf("Cannot open file: %s, %s\n",
673 rfn, strerror(errno));
674 fclose(afp);
675 afp = NULL;
676 return -1;
677 }
678 while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
679 {
680 ilen = strlen(ibuf);
681 /* printf("step=%d ibuf=%s",step,ibuf); */
682 switch (step)
683 {
684 case 0: /* read preamble */
685 if (ibuf[0] == '\n')
686 { /* end of preamble */
687 if ((*algo == '\0') ||
688 (*amode == '\0') ||
689 (akeysz == 0))
690 {
691 printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n",
692 algo,amode,akeysz);
693 err = 1;
694 }
695 else
696 {
697 fputs(ibuf, rfp);
698 ++ step;
699 }
700 }
701 else if (ibuf[0] != '#')
702 {
703 printf("Invalid preamble item: %s\n", ibuf);
704 err = 1;
705 }
706 else
707 { /* process preamble */
708 char *xp, *pp = ibuf+2;
709 int n;
710 if (akeysz)
711 { /* insert current time & date */
712 time_t rtim = time(0);
713 fprintf(rfp, "# %s", ctime(&rtim));
714 }
715 else
716 {
717 fputs(ibuf, rfp);
718 if (strncmp(pp, "AESVS ", 6) == 0)
719 {
720 strcpy(algo, "AES");
721 /* get test type */
722 pp += 6;
723 xp = strchr(pp, ' ');
724 n = xp-pp;
725 strncpy(atest, pp, n);
726 atest[n] = '\0';
727 /* get mode */
728 xp = strrchr(pp, ' '); /* get mode" */
729 n = strlen(xp+1)-1;
730 strncpy(amode, xp+1, n);
731 amode[n] = '\0';
732 /* amode[3] = '\0'; */
733 printf("Test = %s, Mode = %s\n", atest, amode);
734 }
735 else if (strncasecmp(pp, "Key Length : ", 13) == 0)
736 {
737 akeysz = atoi(pp+13);
738 printf("Key size = %d\n", akeysz);
739 }
740 }
741 }
742 break;
743
744 case 1: /* [ENCRYPT] | [DECRYPT] */
745 if (ibuf[0] == '[')
746 {
747 fputs(ibuf, rfp);
748 ++step;
749 if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
750 dir = 1;
751 else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
752 dir = 0;
753 else
754 {
755 printf("Invalid keyword: %s\n", ibuf);
756 err = 1;
757 }
758 break;
759 }
760 else if (dir == -1)
761 {
762 err = 1;
763 printf("Missing ENCRYPT/DECRYPT keyword\n");
764 break;
765 }
766 else
767 step = 2;
768
769 case 2: /* KEY = xxxx */
770 fputs(ibuf, rfp);
771 if(*ibuf == '\n')
772 break;
773 if(!strncasecmp(ibuf,"COUNT = ",8))
774 break;
775
776 if (strncasecmp(ibuf, "KEY = ", 6) != 0)
777 {
778 printf("Missing KEY\n");
779 err = 1;
780 }
781 else
782 {
783 len = hex2bin((char*)ibuf+6, strlen(ibuf+6)-1, aKey);
784 if (len < 0)
785 {
786 printf("Invalid KEY\n");
787 err =1;
788 break;
789 }
790 PrintValue("KEY", aKey, len);
791 if (strcmp(amode, "ECB") == 0)
792 {
793 memset(iVec, 0, sizeof(iVec));
794 step = (dir)? 4: 5; /* no ivec for ECB */
795 }
796 else
797 ++step;
798 }
799 break;
800
801 case 3: /* IV = xxxx */
802 fputs(ibuf, rfp);
803 if (strncasecmp(ibuf, "IV = ", 5) != 0)
804 {
805 printf("Missing IV\n");
806 err = 1;
807 }
808 else
809 {
810 len = hex2bin((char*)ibuf+5, strlen(ibuf+5)-1, iVec);
811 if (len < 0)
812 {
813 printf("Invalid IV\n");
814 err =1;
815 break;
816 }
817 PrintValue("IV", iVec, len);
818 step = (dir)? 4: 5;
819 }
820 break;
821
822 case 4: /* PLAINTEXT = xxxx */
823 fputs(ibuf, rfp);
824 if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
825 {
826 printf("Missing PLAINTEXT\n");
827 err = 1;
828 }
829 else
830 {
831 int nn = strlen(ibuf+12);
832 if(!strcmp(amode,"CFB1"))
833 len=bint2bin(ibuf+12,nn-1,plaintext);
834 else
835 len=hex2bin(ibuf+12, nn-1,plaintext);
836 if (len < 0)
837 {
838 printf("Invalid PLAINTEXT: %s", ibuf+12);
839 err =1;
840 break;
841 }
842 if (len >= sizeof(plaintext))
843 {
844 printf("Buffer overflow\n");
845 }
846 PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
847 if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
848 {
849 if(do_mct(amode, akeysz, aKey, iVec,
850 dir, (unsigned char*)plaintext, len,
851 rfp) < 0)
852 EXIT(1);
853 }
854 else
855 {
856 ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
857 dir, /* 0 = decrypt, 1 = encrypt */
858 plaintext, ciphertext, len);
859 OutputValue("CIPHERTEXT",ciphertext,len,rfp,
860 !strcmp(amode,"CFB1"));
861 }
862 step = 6;
863 }
864 break;
865
866 case 5: /* CIPHERTEXT = xxxx */
867 fputs(ibuf, rfp);
868 if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
869 {
870 printf("Missing KEY\n");
871 err = 1;
872 }
873 else
874 {
875 if(!strcmp(amode,"CFB1"))
876 len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
877 else
878 len = hex2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
879 if (len < 0)
880 {
881 printf("Invalid CIPHERTEXT\n");
882 err =1;
883 break;
884 }
885
886 PrintValue("CIPHERTEXT", ciphertext, len);
887 if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
888 {
889 do_mct(amode, akeysz, aKey, iVec,
890 dir, ciphertext, len, rfp);
891 }
892 else
893 {
894 ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
895 dir, /* 0 = decrypt, 1 = encrypt */
896 plaintext, ciphertext, len);
897 OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
898 !strcmp(amode,"CFB1"));
899 }
900 step = 6;
901 }
902 break;
903
904 case 6:
905 if (ibuf[0] != '\n')
906 {
907 err = 1;
908 printf("Missing terminator\n");
909 }
910 else if (strcmp(atest, "MCT") != 0)
911 { /* MCT already added terminating nl */
912 fputs(ibuf, rfp);
913 }
914 step = 1;
915 break;
916 }
917 }
918 if (rfp)
919 fclose(rfp);
920 if (afp)
921 fclose(afp);
922 return err;
923 }
924
925/*--------------------------------------------------
926 Processes either a single file or
927 a set of files whose names are passed in a file.
928 A single file is specified as:
929 aes_test -f xxx.req
930 A set of files is specified as:
931 aes_test -d xxxxx.xxx
932 The default is: -d req.txt
933--------------------------------------------------*/
934int main(int argc, char **argv)
935 {
936 char *rqlist = "req.txt";
937 FILE *fp = NULL;
938 char fn[250] = "", rfn[256] = "";
939 int f_opt = 0, d_opt = 1;
940
941#ifdef OPENSSL_FIPS
942 if(!FIPS_mode_set(1,argv[0]))
943 {
944 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
945 EXIT(1);
946 }
947#endif
948 ERR_load_crypto_strings();
949 if (argc > 1)
950 {
951 if (strcasecmp(argv[1], "-d") == 0)
952 {
953 d_opt = 1;
954 }
955 else if (strcasecmp(argv[1], "-f") == 0)
956 {
957 f_opt = 1;
958 d_opt = 0;
959 }
960 else
961 {
962 printf("Invalid parameter: %s\n", argv[1]);
963 return 0;
964 }
965 if (argc < 3)
966 {
967 printf("Missing parameter\n");
968 return 0;
969 }
970 if (d_opt)
971 rqlist = argv[2];
972 else
973 strcpy(fn, argv[2]);
974 }
975 if (d_opt)
976 { /* list of files (directory) */
977 if (!(fp = fopen(rqlist, "r")))
978 {
979 printf("Cannot open req list file\n");
980 return -1;
981 }
982 while (fgets(fn, sizeof(fn), fp))
983 {
984 strtok(fn, "\r\n");
985 strcpy(rfn, fn);
986 printf("Processing: %s\n", rfn);
987 if (proc_file(rfn))
988 {
989 printf(">>> Processing failed for: %s <<<\n", rfn);
990 EXIT(1);
991 }
992 }
993 fclose(fp);
994 }
995 else /* single file */
996 {
997 printf("Processing: %s\n", fn);
998 if (proc_file(fn))
999 {
1000 printf(">>> Processing failed for: %s <<<\n", fn);
1001 }
1002 }
1003 EXIT(0);
1004 return 0;
1005 }
diff --git a/src/lib/libssl/src/fips/des/Makefile b/src/lib/libssl/src/fips/des/Makefile
deleted file mode 100644
index 87a5329d53..0000000000
--- a/src/lib/libssl/src/fips/des/Makefile
+++ /dev/null
@@ -1,155 +0,0 @@
1#
2# SSLeay/fips/des/Makefile
3#
4
5DIR= des
6TOP= ../..
7CC= cc
8INCLUDES=
9CFLAG=-g
10INSTALL_PREFIX=
11OPENSSLDIR= /usr/local/ssl
12INSTALLTOP=/usr/local/ssl
13MAKEDEPPROG= makedepend
14MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
15MAKEFILE= Makefile
16AR= ar r
17
18FIPS_DES_ENC=fips_des_enc.o
19
20CFLAGS= $(INCLUDES) $(CFLAG)
21
22GENERAL=Makefile
23TEST= fips_desmovs.c
24APPS=
25
26LIB=$(TOP)/libcrypto.a
27LIBSRC=fips_des_enc.c asm/fips-dx86-elf.s fips_des_selftest.c fips_set_key.c
28LIBOBJ=$(FIPS_DES_ENC) fips_des_selftest.o fips_set_key.o
29
30SRC= $(LIBSRC)
31
32EXHEADER=
33HEADER= $(EXHEADER) fips_des_locl.h
34
35ALL= $(GENERAL) $(SRC) $(HEADER)
36
37top:
38 (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
39
40all: check lib
41
42check:
43 TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
44
45lib: $(LIBOBJ)
46 $(AR) $(LIB) $(LIBOBJ)
47 $(RANLIB) $(LIB) || echo Never mind.
48 @sleep 2; touch lib
49
50files:
51 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
52
53links:
54 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
55 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
56 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
57
58install:
59 @headerlist="$(EXHEADER)"; for i in $$headerlist; \
60 do \
61 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
62 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
63 done
64
65tags:
66 ctags $(SRC)
67
68tests:
69
70top_fips_desmovs:
71 (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_desmovs sub_target)
72
73fips_desmovs: fips_desmovs.o $(TOP)/libcrypto.a
74 $(CC) $(CFLAGS) -o fips_desmovs fips_desmovs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
75 TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_desmovs
76
77fips_test: top_fips_desmovs
78 find ../testvectors/des/req -name '*.req' > testlist
79 -rm -rf ../testvectors/des/rsp
80 mkdir ../testvectors/des/rsp
81 ./fips_desmovs -d testlist
82 find ../testvectors/des2/req -name '*.req' > testlist
83 -rm -rf ../testvectors/des2/rsp
84 mkdir ../testvectors/des2/rsp
85 ./fips_desmovs -d testlist
86 find ../testvectors/des3/req -name '*.req' > testlist
87 -rm -rf ../testvectors/des3/rsp
88 mkdir ../testvectors/des3/rsp
89 ./fips_desmovs -d testlist
90
91lint:
92 lint -DLINT $(INCLUDES) $(SRC)>fluff
93
94depend:
95 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) \
96 $(SRC) $(TEST)
97dclean:
98 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
99 mv -f Makefile.new $(MAKEFILE)
100
101clean:
102 rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
103# DO NOT DELETE THIS LINE -- make depend depends on it.
104
105fips_des_enc.o: ../../e_os.h ../../include/openssl/crypto.h
106fips_des_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
107fips_des_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
108fips_des_enc.o: ../../include/openssl/opensslconf.h
109fips_des_enc.o: ../../include/openssl/opensslv.h
110fips_des_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
111fips_des_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
112fips_des_enc.o: ../../include/openssl/ui_compat.h fips_des_enc.c
113fips_des_enc.o: fips_des_locl.h
114fips_des_selftest.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
115fips_des_selftest.o: ../../include/openssl/des.h
116fips_des_selftest.o: ../../include/openssl/des_old.h
117fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
118fips_des_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
119fips_des_selftest.o: ../../include/openssl/opensslconf.h
120fips_des_selftest.o: ../../include/openssl/opensslv.h
121fips_des_selftest.o: ../../include/openssl/safestack.h
122fips_des_selftest.o: ../../include/openssl/stack.h
123fips_des_selftest.o: ../../include/openssl/symhacks.h
124fips_des_selftest.o: ../../include/openssl/ui.h
125fips_des_selftest.o: ../../include/openssl/ui_compat.h fips_des_selftest.c
126fips_desmovs.o: ../../e_os.h ../../include/openssl/aes.h
127fips_desmovs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
128fips_desmovs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
129fips_desmovs.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
130fips_desmovs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
131fips_desmovs.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
132fips_desmovs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
133fips_desmovs.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
134fips_desmovs.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
135fips_desmovs.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
136fips_desmovs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
137fips_desmovs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
138fips_desmovs.o: ../../include/openssl/opensslconf.h
139fips_desmovs.o: ../../include/openssl/opensslv.h
140fips_desmovs.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
141fips_desmovs.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
142fips_desmovs.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
143fips_desmovs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
144fips_desmovs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
145fips_desmovs.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
146fips_desmovs.o: fips_desmovs.c
147fips_set_key.o: ../../e_os.h ../../include/openssl/crypto.h
148fips_set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
149fips_set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
150fips_set_key.o: ../../include/openssl/opensslconf.h
151fips_set_key.o: ../../include/openssl/opensslv.h
152fips_set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
153fips_set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
154fips_set_key.o: ../../include/openssl/ui_compat.h fips_des_locl.h
155fips_set_key.o: fips_set_key.c
diff --git a/src/lib/libssl/src/fips/des/fips_des_selftest.c b/src/lib/libssl/src/fips/des/fips_des_selftest.c
deleted file mode 100644
index 3e0778eb5e..0000000000
--- a/src/lib/libssl/src/fips/des/fips_des_selftest.c
+++ /dev/null
@@ -1,200 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 *
48 */
49
50#include <string.h>
51#include <openssl/err.h>
52#include <openssl/fips.h>
53#include <openssl/des.h>
54#include <openssl/opensslconf.h>
55
56#ifdef OPENSSL_FIPS
57static struct
58 {
59 DES_cblock key;
60 unsigned char plaintext[8];
61 unsigned char ciphertext[8];
62 } tests[]=
63 {
64 {
65 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
66 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
67 { 0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7 }
68 },
69 {
70 { 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10 },
71 { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
72 { 0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
73 },
74 };
75
76static struct
77 {
78 DES_cblock key1;
79 DES_cblock key2;
80 unsigned char plaintext[8];
81 unsigned char ciphertext[8];
82 } tests2[]=
83 {
84 {
85 { 0x7c,0x4f,0x6e,0xf7,0xa2,0x04,0x16,0xec },
86 { 0x0b,0x6b,0x7c,0x9e,0x5e,0x19,0xa7,0xc4 },
87 { 0x06,0xa7,0xd8,0x79,0xaa,0xce,0x69,0xef },
88 { 0x4c,0x11,0x17,0x55,0xbf,0xc4,0x4e,0xfd }
89 },
90 {
91 { 0x5d,0x9e,0x01,0xd3,0x25,0xc7,0x3e,0x34 },
92 { 0x01,0x16,0x7c,0x85,0x23,0xdf,0xe0,0x68 },
93 { 0x9c,0x50,0x09,0x0f,0x5e,0x7d,0x69,0x7e },
94 { 0xd2,0x0b,0x18,0xdf,0xd9,0x0d,0x9e,0xff },
95 }
96 };
97
98static struct
99 {
100 DES_cblock key1;
101 DES_cblock key2;
102 DES_cblock key3;
103 unsigned char plaintext[8];
104 unsigned char ciphertext[8];
105 } tests3[]=
106 {
107 {
108 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
109 { 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10 },
110 { 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 },
111 { 0x8f,0x8f,0xbf,0x9b,0x5d,0x48,0xb4,0x1c},
112 { 0x59,0x8c,0xe5,0xd3,0x6c,0xa2,0xea,0x1b},
113 },
114 {
115 { 0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE },
116 { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
117 { 0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
118 { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
119 { 0x11,0x25,0xb0,0x35,0xbe,0xa0,0x82,0x86 },
120 },
121 };
122
123void FIPS_corrupt_des()
124 {
125 tests[0].plaintext[0]++;
126 }
127
128int FIPS_selftest_des()
129 {
130 int n;
131
132 /* Encrypt/decrypt with DES and compare to known answers */
133 for(n=0 ; n < 2 ; ++n)
134 {
135 DES_key_schedule key;
136 DES_cblock buf;
137
138 DES_set_key(&tests[n].key,&key);
139 DES_ecb_encrypt(&tests[n].plaintext,&buf,&key,1);
140 if(memcmp(buf,tests[n].ciphertext,sizeof buf))
141 {
142 FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
143 return 0;
144 }
145 DES_ecb_encrypt(&tests[n].ciphertext,&buf,&key,0);
146 if(memcmp(buf,tests[n].plaintext,sizeof buf))
147 {
148 FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
149 return 0;
150 }
151 }
152
153 /* Encrypt/decrypt with 2-key 3DES and compare to known answers */
154 for(n=0 ; n < 2 ; ++n)
155 {
156 DES_key_schedule key1, key2;
157 unsigned char buf[8];
158
159 DES_set_key(&tests2[n].key1,&key1);
160 DES_set_key(&tests2[n].key2,&key2);
161 DES_ecb2_encrypt(tests2[n].plaintext,buf,&key1,&key2,1);
162 if(memcmp(buf,tests2[n].ciphertext,sizeof buf))
163 {
164 FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
165 return 0;
166 }
167 DES_ecb2_encrypt(tests2[n].ciphertext,buf,&key1,&key2,0);
168 if(memcmp(buf,tests2[n].plaintext,sizeof buf))
169 {
170 FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
171 return 0;
172 }
173 }
174
175 /* Encrypt/decrypt with 3DES and compare to known answers */
176 for(n=0 ; n < 2 ; ++n)
177 {
178 DES_key_schedule key1, key2, key3;
179 unsigned char buf[8];
180
181 DES_set_key(&tests3[n].key1,&key1);
182 DES_set_key(&tests3[n].key2,&key2);
183 DES_set_key(&tests3[n].key3,&key3);
184 DES_ecb3_encrypt(tests3[n].plaintext,buf,&key1,&key2,&key3,1);
185 if(memcmp(buf,tests3[n].ciphertext,sizeof buf))
186 {
187 FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
188 return 0;
189 }
190 DES_ecb3_encrypt(tests3[n].ciphertext,buf,&key1,&key2,&key3,0);
191 if(memcmp(buf,tests3[n].plaintext,sizeof buf))
192 {
193 FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
194 return 0;
195 }
196 }
197
198 return 1;
199 }
200#endif
diff --git a/src/lib/libssl/src/fips/des/fips_desmovs.c b/src/lib/libssl/src/fips/des/fips_desmovs.c
deleted file mode 100644
index d1b60c1a40..0000000000
--- a/src/lib/libssl/src/fips/des/fips_desmovs.c
+++ /dev/null
@@ -1,833 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 *
48 */
49/*---------------------------------------------
50 NIST DES Modes of Operation Validation System
51 Test Program
52
53 Based on the AES Validation Suite, which was:
54 Donated to OpenSSL by:
55 V-ONE Corporation
56 20250 Century Blvd, Suite 300
57 Germantown, MD 20874
58 U.S.A.
59 ----------------------------------------------*/
60
61#include <stdio.h>
62#include <stdlib.h>
63#include <string.h>
64#include <errno.h>
65#include <assert.h>
66
67#include <openssl/des.h>
68#include <openssl/evp.h>
69#include <openssl/fips.h>
70#include <openssl/err.h>
71#include "e_os.h"
72
73/*#define AES_BLOCK_SIZE 16*/
74
75#define VERBOSE 0
76
77/*-----------------------------------------------*/
78
79int DESTest(EVP_CIPHER_CTX *ctx,
80 char *amode, int akeysz, unsigned char *aKey,
81 unsigned char *iVec,
82 int dir, /* 0 = decrypt, 1 = encrypt */
83 unsigned char *out, unsigned char *in, int len)
84 {
85 const EVP_CIPHER *cipher = NULL;
86 int kt = 0;
87
88 if (ctx)
89 memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
90
91 if (strcasecmp(amode, "CBC") == 0)
92 kt = 1000;
93 else if (strcasecmp(amode, "ECB") == 0)
94 kt = 2000;
95 else if (strcasecmp(amode, "CFB64") == 0)
96 kt = 3000;
97 else if (strncasecmp(amode, "OFB", 3) == 0)
98 kt = 4000;
99 else if(!strcasecmp(amode,"CFB1"))
100 kt=5000;
101 else if(!strcasecmp(amode,"CFB8"))
102 kt=6000;
103 else
104 {
105 printf("Unknown mode: %s\n", amode);
106 EXIT(1);
107 }
108 if (akeysz != 64 && akeysz != 192)
109 {
110 printf("Invalid key size: %d\n", akeysz);
111 EXIT(1);
112 }
113 else
114 {
115 kt += akeysz;
116 switch (kt)
117 {
118 case 1064:
119 cipher=EVP_des_cbc();
120 break;
121 case 1192:
122 cipher=EVP_des_ede3_cbc();
123 break;
124 case 2064:
125 cipher=EVP_des_ecb();
126 break;
127 case 2192:
128 cipher=EVP_des_ede3_ecb();
129 break;
130 case 3064:
131 cipher=EVP_des_cfb64();
132 break;
133 case 3192:
134 cipher=EVP_des_ede3_cfb64();
135 break;
136 case 4064:
137 cipher=EVP_des_ofb();
138 break;
139 case 4192:
140 cipher=EVP_des_ede3_ofb();
141 break;
142 case 5064:
143 cipher=EVP_des_cfb1();
144 break;
145 case 5192:
146 cipher=EVP_des_ede3_cfb1();
147 break;
148 case 6064:
149 cipher=EVP_des_cfb8();
150 break;
151 case 6192:
152 cipher=EVP_des_ede3_cfb8();
153 break;
154 default:
155 printf("Didn't handle mode %d\n",kt);
156 EXIT(1);
157 }
158 if(!EVP_CipherInit(ctx, cipher, aKey, iVec, dir))
159 {
160 ERR_print_errors_fp(stderr);
161 EXIT(1);
162 }
163 EVP_Cipher(ctx, out, in, len);
164 }
165 return 1;
166 }
167
168/*-----------------------------------------------*/
169
170int hex2bin(char *in, int len, unsigned char *out)
171 {
172 int n1, n2;
173 unsigned char ch;
174
175 for (n1 = 0, n2 = 0; n1 < len; )
176 { /* first byte */
177 if ((in[n1] >= '0') && (in[n1] <= '9'))
178 ch = in[n1++] - '0';
179 else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
180 ch = in[n1++] - 'A' + 10;
181 else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
182 ch = in[n1++] - 'a' + 10;
183 else
184 return -1;
185 if(len == 1)
186 {
187 out[n2++]=ch;
188 break;
189 }
190 out[n2] = ch << 4;
191 /* second byte */
192 if ((in[n1] >= '0') && (in[n1] <= '9'))
193 ch = in[n1++] - '0';
194 else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
195 ch = in[n1++] - 'A' + 10;
196 else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
197 ch = in[n1++] - 'a' + 10;
198 else
199 return -1;
200 out[n2++] |= ch;
201 }
202 return n2;
203 }
204
205/*-----------------------------------------------*/
206
207int bin2hex(unsigned char *in, int len, char *out)
208 {
209 int n1, n2;
210 unsigned char ch;
211
212 for (n1 = 0, n2 = 0; n1 < len; ++n1)
213 {
214 /* first nibble */
215 ch = in[n1] >> 4;
216 if (ch <= 0x09)
217 out[n2++] = ch + '0';
218 else
219 out[n2++] = ch - 10 + 'a';
220 /* second nibble */
221 ch = in[n1] & 0x0f;
222 if (ch <= 0x09)
223 out[n2++] = ch + '0';
224 else
225 out[n2++] = ch - 10 + 'a';
226 }
227 return n2;
228 }
229
230/* NB: this return the number of _bits_ read */
231int bint2bin(const char *in, int len, unsigned char *out)
232 {
233 int n;
234
235 memset(out,0,len);
236 for(n=0 ; n < len ; ++n)
237 if(in[n] == '1')
238 out[n/8]|=(0x80 >> (n%8));
239 return len;
240 }
241
242int bin2bint(const unsigned char *in,int len,char *out)
243 {
244 int n;
245
246 for(n=0 ; n < len ; ++n)
247 out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
248 return n;
249 }
250
251/*-----------------------------------------------*/
252
253void PrintValue(char *tag, unsigned char *val, int len)
254 {
255#if VERBOSE
256 char obuf[2048];
257 int olen;
258 olen = bin2hex(val, len, obuf);
259 printf("%s = %.*s\n", tag, olen, obuf);
260#endif
261 }
262
263void DebugValue(char *tag, unsigned char *val, int len)
264 {
265 char obuf[2048];
266 int olen;
267 olen = bin2hex(val, len, obuf);
268 printf("%s = %.*s\n", tag, olen, obuf);
269 }
270
271void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
272 {
273 char obuf[2048];
274 int olen;
275
276 if(bitmode)
277 olen=bin2bint(val,len,obuf);
278 else
279 olen=bin2hex(val,len,obuf);
280
281 fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
282#if VERBOSE
283 printf("%s = %.*s\n", tag, olen, obuf);
284#endif
285 }
286
287void shiftin(unsigned char *dst,unsigned char *src,int nbits)
288 {
289 int n;
290
291 /* move the bytes... */
292 memmove(dst,dst+nbits/8,3*8-nbits/8);
293 /* append new data */
294 memcpy(dst+3*8-nbits/8,src,(nbits+7)/8);
295 /* left shift the bits */
296 if(nbits%8)
297 for(n=0 ; n < 3*8 ; ++n)
298 dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8));
299 }
300
301/*-----------------------------------------------*/
302char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
303char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
304enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB64};
305int Sizes[6]={64,64,64,1,8,64};
306
307void do_mct(char *amode,
308 int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec,
309 int dir, unsigned char *text, int len,
310 FILE *rfp)
311 {
312 int i,imode;
313 unsigned char nk[4*8]; /* longest key+8 */
314 unsigned char text0[8];
315
316 for (imode=0 ; imode < 6 ; ++imode)
317 if(!strcmp(amode,t_mode[imode]))
318 break;
319 if (imode == 6)
320 {
321 printf("Unrecognized mode: %s\n", amode);
322 EXIT(1);
323 }
324
325 for(i=0 ; i < 400 ; ++i)
326 {
327 int j;
328 int n;
329 EVP_CIPHER_CTX ctx;
330 int kp=akeysz/64;
331 unsigned char old_iv[8];
332
333 fprintf(rfp,"\nCOUNT = %d\n",i);
334 if(kp == 1)
335 OutputValue("KEY",akey,8,rfp,0);
336 else
337 for(n=0 ; n < kp ; ++n)
338 {
339 fprintf(rfp,"KEY%d",n+1);
340 OutputValue("",akey+n*8,8,rfp,0);
341 }
342
343 if(imode != ECB)
344 OutputValue("IV",ivec,8,rfp,0);
345 OutputValue(t_tag[dir^1],text,len,rfp,imode == CFB1);
346
347 /* compensate for endianness */
348 if(imode == CFB1)
349 text[0]<<=7;
350
351 memcpy(text0,text,8);
352
353 for(j=0 ; j < 10000 ; ++j)
354 {
355 unsigned char old_text[8];
356
357 memcpy(old_text,text,8);
358 if(j == 0)
359 {
360 memcpy(old_iv,ivec,8);
361 DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len);
362 }
363 else
364 {
365 memcpy(old_iv,ctx.iv,8);
366 EVP_Cipher(&ctx,text,text,len);
367 }
368 if(j == 9999)
369 {
370 OutputValue(t_tag[dir],text,len,rfp,imode == CFB1);
371 /* memcpy(ivec,text,8); */
372 }
373 /* DebugValue("iv",ctx.iv,8); */
374 /* accumulate material for the next key */
375 shiftin(nk,text,Sizes[imode]);
376 /* DebugValue("nk",nk,24);*/
377 if((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64
378 || imode == CBC)) || imode == OFB)
379 memcpy(text,old_iv,8);
380
381 if(!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64))
382 {
383 /* the test specifies using the output of the raw DES operation
384 which we don't have, so reconstruct it... */
385 for(n=0 ; n < 8 ; ++n)
386 text[n]^=old_text[n];
387 }
388 }
389 for(n=0 ; n < 8 ; ++n)
390 akey[n]^=nk[16+n];
391 for(n=0 ; n < 8 ; ++n)
392 akey[8+n]^=nk[8+n];
393 for(n=0 ; n < 8 ; ++n)
394 akey[16+n]^=nk[n];
395 if(numkeys < 3)
396 memcpy(&akey[2*8],akey,8);
397 if(numkeys < 2)
398 memcpy(&akey[8],akey,8);
399 DES_set_odd_parity((DES_cblock *)akey);
400 DES_set_odd_parity((DES_cblock *)(akey+8));
401 DES_set_odd_parity((DES_cblock *)(akey+16));
402 memcpy(ivec,ctx.iv,8);
403
404 /* pointless exercise - the final text doesn't depend on the
405 initial text in OFB mode, so who cares what it is? (Who
406 designed these tests?) */
407 if(imode == OFB)
408 for(n=0 ; n < 8 ; ++n)
409 text[n]=text0[n]^old_iv[n];
410 }
411 }
412
413int proc_file(char *rqfile)
414 {
415 char afn[256], rfn[256];
416 FILE *afp = NULL, *rfp = NULL;
417 char ibuf[2048];
418 int ilen, len, ret = 0;
419 char amode[8] = "";
420 char atest[100] = "";
421 int akeysz=0;
422 unsigned char iVec[20], aKey[40];
423 int dir = -1, err = 0, step = 0;
424 unsigned char plaintext[2048];
425 unsigned char ciphertext[2048];
426 char *rp;
427 EVP_CIPHER_CTX ctx;
428 int numkeys=1;
429
430 if (!rqfile || !(*rqfile))
431 {
432 printf("No req file\n");
433 return -1;
434 }
435 strcpy(afn, rqfile);
436
437 if ((afp = fopen(afn, "r")) == NULL)
438 {
439 printf("Cannot open file: %s, %s\n",
440 afn, strerror(errno));
441 return -1;
442 }
443 strcpy(rfn,afn);
444 rp=strstr(rfn,"req/");
445 assert(rp);
446 memcpy(rp,"rsp",3);
447 rp = strstr(rfn, ".req");
448 memcpy(rp, ".rsp", 4);
449 if ((rfp = fopen(rfn, "w")) == NULL)
450 {
451 printf("Cannot open file: %s, %s\n",
452 rfn, strerror(errno));
453 fclose(afp);
454 afp = NULL;
455 return -1;
456 }
457 while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
458 {
459 ilen = strlen(ibuf);
460 /* printf("step=%d ibuf=%s",step,ibuf);*/
461 if(step == 3 && !strcmp(amode,"ECB"))
462 {
463 memset(iVec, 0, sizeof(iVec));
464 step = (dir)? 4: 5; /* no ivec for ECB */
465 }
466 switch (step)
467 {
468 case 0: /* read preamble */
469 if (ibuf[0] == '\n')
470 { /* end of preamble */
471 if (*amode == '\0')
472 {
473 printf("Missing Mode\n");
474 err = 1;
475 }
476 else
477 {
478 fputs(ibuf, rfp);
479 ++ step;
480 }
481 }
482 else if (ibuf[0] != '#')
483 {
484 printf("Invalid preamble item: %s\n", ibuf);
485 err = 1;
486 }
487 else
488 { /* process preamble */
489 char *xp, *pp = ibuf+2;
490 int n;
491 if(*amode)
492 { /* insert current time & date */
493 time_t rtim = time(0);
494 fprintf(rfp, "# %s", ctime(&rtim));
495 }
496 else
497 {
498 fputs(ibuf, rfp);
499 if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4)
500 || !strncmp(pp,"TDES ",5)
501 || !strncmp(pp,"PERMUTATION ",12)
502 || !strncmp(pp,"SUBSTITUTION ",13)
503 || !strncmp(pp,"VARIABLE ",9))
504 {
505 /* get test type */
506 if(!strncmp(pp,"DES ",4))
507 pp+=4;
508 else if(!strncmp(pp,"TDES ",5))
509 pp+=5;
510 xp = strchr(pp, ' ');
511 n = xp-pp;
512 strncpy(atest, pp, n);
513 atest[n] = '\0';
514 /* get mode */
515 xp = strrchr(pp, ' '); /* get mode" */
516 n = strlen(xp+1)-1;
517 strncpy(amode, xp+1, n);
518 amode[n] = '\0';
519 /* amode[3] = '\0'; */
520 printf("Test=%s, Mode=%s\n",atest,amode);
521 }
522 }
523 }
524 break;
525
526 case 1: /* [ENCRYPT] | [DECRYPT] */
527 if(ibuf[0] == '\n')
528 break;
529 if (ibuf[0] == '[')
530 {
531 fputs(ibuf, rfp);
532 ++step;
533 if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
534 dir = 1;
535 else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
536 dir = 0;
537 else
538 {
539 printf("Invalid keyword: %s\n", ibuf);
540 err = 1;
541 }
542 break;
543 }
544 else if (dir == -1)
545 {
546 err = 1;
547 printf("Missing ENCRYPT/DECRYPT keyword\n");
548 break;
549 }
550 else
551 step = 2;
552
553 case 2: /* KEY = xxxx */
554 if(*ibuf == '\n')
555 {
556 fputs(ibuf, rfp);
557 break;
558 }
559 if(!strncasecmp(ibuf,"COUNT = ",8))
560 {
561 fputs(ibuf, rfp);
562 break;
563 }
564 if(!strncasecmp(ibuf,"COUNT=",6))
565 {
566 fputs(ibuf, rfp);
567 break;
568 }
569 if(!strncasecmp(ibuf,"NumKeys = ",10))
570 {
571 numkeys=atoi(ibuf+10);
572 break;
573 }
574
575 fputs(ibuf, rfp);
576 if(!strncasecmp(ibuf,"KEY = ",6))
577 {
578 akeysz=64;
579 len = hex2bin((char*)ibuf+6, strlen(ibuf+6)-1, aKey);
580 if (len < 0)
581 {
582 printf("Invalid KEY\n");
583 err=1;
584 break;
585 }
586 PrintValue("KEY", aKey, len);
587 ++step;
588 }
589 else if(!strncasecmp(ibuf,"KEYs = ",7))
590 {
591 akeysz=64*3;
592 len=hex2bin(ibuf+7,strlen(ibuf+7)-1,aKey);
593 if(len != 8)
594 {
595 printf("Invalid KEY\n");
596 err=1;
597 break;
598 }
599 memcpy(aKey+8,aKey,8);
600 memcpy(aKey+16,aKey,8);
601 ibuf[4]='\0';
602 PrintValue("KEYs",aKey,len);
603 ++step;
604 }
605 else if(!strncasecmp(ibuf,"KEY",3))
606 {
607 int n=ibuf[3]-'1';
608
609 akeysz=64*3;
610 len=hex2bin(ibuf+7,strlen(ibuf+7)-1,aKey+n*8);
611 if(len != 8)
612 {
613 printf("Invalid KEY\n");
614 err=1;
615 break;
616 }
617 ibuf[4]='\0';
618 PrintValue(ibuf,aKey,len);
619 if(n == 2)
620 ++step;
621 }
622 else
623 {
624 printf("Missing KEY\n");
625 err = 1;
626 }
627 break;
628
629 case 3: /* IV = xxxx */
630 fputs(ibuf, rfp);
631 if (strncasecmp(ibuf, "IV = ", 5) != 0)
632 {
633 printf("Missing IV\n");
634 err = 1;
635 }
636 else
637 {
638 len = hex2bin((char*)ibuf+5, strlen(ibuf+5)-1, iVec);
639 if (len < 0)
640 {
641 printf("Invalid IV\n");
642 err =1;
643 break;
644 }
645 PrintValue("IV", iVec, len);
646 step = (dir)? 4: 5;
647 }
648 break;
649
650 case 4: /* PLAINTEXT = xxxx */
651 fputs(ibuf, rfp);
652 if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
653 {
654 printf("Missing PLAINTEXT\n");
655 err = 1;
656 }
657 else
658 {
659 int nn = strlen(ibuf+12);
660 if(!strcmp(amode,"CFB1"))
661 len=bint2bin(ibuf+12,nn-1,plaintext);
662 else
663 len=hex2bin(ibuf+12, nn-1,plaintext);
664 if (len < 0)
665 {
666 printf("Invalid PLAINTEXT: %s", ibuf+12);
667 err =1;
668 break;
669 }
670 if (len >= sizeof(plaintext))
671 {
672 printf("Buffer overflow\n");
673 }
674 PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
675 if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
676 {
677 do_mct(amode,akeysz,numkeys,aKey,iVec,dir,plaintext,len,rfp);
678 }
679 else
680 {
681 assert(dir == 1);
682 ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
683 dir, /* 0 = decrypt, 1 = encrypt */
684 ciphertext, plaintext, len);
685 OutputValue("CIPHERTEXT",ciphertext,len,rfp,
686 !strcmp(amode,"CFB1"));
687 }
688 step = 6;
689 }
690 break;
691
692 case 5: /* CIPHERTEXT = xxxx */
693 fputs(ibuf, rfp);
694 if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
695 {
696 printf("Missing KEY\n");
697 err = 1;
698 }
699 else
700 {
701 if(!strcmp(amode,"CFB1"))
702 len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
703 else
704 len = hex2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
705 if (len < 0)
706 {
707 printf("Invalid CIPHERTEXT\n");
708 err =1;
709 break;
710 }
711
712 PrintValue("CIPHERTEXT", ciphertext, len);
713 if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
714 {
715 do_mct(amode, akeysz, numkeys, aKey, iVec,
716 dir, ciphertext, len, rfp);
717 }
718 else
719 {
720 assert(dir == 0);
721 ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
722 dir, /* 0 = decrypt, 1 = encrypt */
723 plaintext, ciphertext, len);
724 OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
725 !strcmp(amode,"CFB1"));
726 }
727 step = 6;
728 }
729 break;
730
731 case 6:
732 if (ibuf[0] != '\n')
733 {
734 err = 1;
735 printf("Missing terminator\n");
736 }
737 else if (strcmp(atest, "MCT") != 0)
738 { /* MCT already added terminating nl */
739 fputs(ibuf, rfp);
740 }
741 step = 1;
742 break;
743 }
744 }
745 if (rfp)
746 fclose(rfp);
747 if (afp)
748 fclose(afp);
749 return err;
750 }
751
752/*--------------------------------------------------
753 Processes either a single file or
754 a set of files whose names are passed in a file.
755 A single file is specified as:
756 aes_test -f xxx.req
757 A set of files is specified as:
758 aes_test -d xxxxx.xxx
759 The default is: -d req.txt
760--------------------------------------------------*/
761int main(int argc, char **argv)
762 {
763 char *rqlist = "req.txt";
764 FILE *fp = NULL;
765 char fn[250] = "", rfn[256] = "";
766 int f_opt = 0, d_opt = 1;
767
768#ifdef OPENSSL_FIPS
769 if(!FIPS_mode_set(1,argv[0]))
770 {
771 ERR_load_crypto_strings();
772 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
773 EXIT(1);
774 }
775#endif
776 ERR_load_crypto_strings();
777 if (argc > 1)
778 {
779 if (strcasecmp(argv[1], "-d") == 0)
780 {
781 d_opt = 1;
782 }
783 else if (strcasecmp(argv[1], "-f") == 0)
784 {
785 f_opt = 1;
786 d_opt = 0;
787 }
788 else
789 {
790 printf("Invalid parameter: %s\n", argv[1]);
791 return 0;
792 }
793 if (argc < 3)
794 {
795 printf("Missing parameter\n");
796 return 0;
797 }
798 if (d_opt)
799 rqlist = argv[2];
800 else
801 strcpy(fn, argv[2]);
802 }
803 if (d_opt)
804 { /* list of files (directory) */
805 if (!(fp = fopen(rqlist, "r")))
806 {
807 printf("Cannot open req list file\n");
808 return -1;
809 }
810 while (fgets(fn, sizeof(fn), fp))
811 {
812 strtok(fn, "\r\n");
813 strcpy(rfn, fn);
814 printf("Processing: %s\n", rfn);
815 if (proc_file(rfn))
816 {
817 printf(">>> Processing failed for: %s <<<\n", rfn);
818 EXIT(1);
819 }
820 }
821 fclose(fp);
822 }
823 else /* single file */
824 {
825 printf("Processing: %s\n", fn);
826 if (proc_file(fn))
827 {
828 printf(">>> Processing failed for: %s <<<\n", fn);
829 }
830 }
831 EXIT(0);
832 return 0;
833 }
diff --git a/src/lib/libssl/src/fips/dh/Makefile b/src/lib/libssl/src/fips/dh/Makefile
deleted file mode 100644
index 10b40aa9f6..0000000000
--- a/src/lib/libssl/src/fips/dh/Makefile
+++ /dev/null
@@ -1,109 +0,0 @@
1#
2# SSLeay/fips/dh/Makefile
3#
4
5DIR= dh
6TOP= ../..
7CC= cc
8INCLUDES=
9CFLAG=-g
10INSTALL_PREFIX=
11OPENSSLDIR= /usr/local/ssl
12INSTALLTOP=/usr/local/ssl
13MAKEDEPPROG= makedepend
14MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
15MAKEFILE= Makefile
16AR= ar r
17
18CFLAGS= $(INCLUDES) $(CFLAG)
19
20GENERAL=Makefile
21TEST=
22APPS=
23
24LIB=$(TOP)/libcrypto.a
25LIBSRC=fips_dh_check.c fips_dh_gen.c fips_dh_key.c
26LIBOBJ=fips_dh_check.o fips_dh_gen.o fips_dh_key.o
27
28SRC= $(LIBSRC)
29
30EXHEADER=
31HEADER= $(EXHEADER)
32
33ALL= $(GENERAL) $(SRC) $(HEADER)
34
35top:
36 (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
37
38all: check lib
39
40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) || echo Never mind.
43 @sleep 2; touch lib
44
45check:
46 TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
47
48files:
49 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
50
51links:
52 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
53 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
54 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
55
56install:
57 @headerlist="$(EXHEADER)"; for i in $$headerlist; \
58 do \
59 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
60 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
61 done
62
63tags:
64 ctags $(SRC)
65
66tests:
67
68lint:
69 lint -DLINT $(INCLUDES) $(SRC)>fluff
70
71depend:
72 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
73
74dclean:
75 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
76 mv -f Makefile.new $(MAKEFILE)
77
78clean:
79 rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
80
81# DO NOT DELETE THIS LINE -- make depend depends on it.
82
83fips_dh_check.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
84fips_dh_check.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
85fips_dh_check.o: ../../include/openssl/e_os2.h
86fips_dh_check.o: ../../include/openssl/opensslconf.h
87fips_dh_check.o: ../../include/openssl/opensslv.h
88fips_dh_check.o: ../../include/openssl/ossl_typ.h
89fips_dh_check.o: ../../include/openssl/safestack.h
90fips_dh_check.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
91fips_dh_check.o: fips_dh_check.c
92fips_dh_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
93fips_dh_gen.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
94fips_dh_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
95fips_dh_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
96fips_dh_gen.o: ../../include/openssl/opensslconf.h
97fips_dh_gen.o: ../../include/openssl/opensslv.h
98fips_dh_gen.o: ../../include/openssl/ossl_typ.h
99fips_dh_gen.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
100fips_dh_gen.o: ../../include/openssl/symhacks.h fips_dh_gen.c
101fips_dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
102fips_dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
103fips_dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
104fips_dh_key.o: ../../include/openssl/lhash.h
105fips_dh_key.o: ../../include/openssl/opensslconf.h
106fips_dh_key.o: ../../include/openssl/opensslv.h
107fips_dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
108fips_dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
109fips_dh_key.o: ../../include/openssl/symhacks.h fips_dh_key.c
diff --git a/src/lib/libssl/src/fips/dh/fips_dh_check.c b/src/lib/libssl/src/fips/dh/fips_dh_check.c
deleted file mode 100644
index 874920b466..0000000000
--- a/src/lib/libssl/src/fips/dh/fips_dh_check.c
+++ /dev/null
@@ -1,125 +0,0 @@
1/* crypto/dh/dh_check.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/bn.h>
61#ifndef OPENSSL_NO_DH
62#include <openssl/dh.h>
63
64#ifdef OPENSSL_FIPS
65
66/* Check that p is a safe prime and
67 * if g is 2, 3 or 5, check that is is a suitable generator
68 * where
69 * for 2, p mod 24 == 11
70 * for 3, p mod 12 == 5
71 * for 5, p mod 10 == 3 or 7
72 * should hold.
73 */
74
75int DH_check(const DH *dh, int *ret)
76 {
77 int ok=0;
78 BN_CTX *ctx=NULL;
79 BN_ULONG l;
80 BIGNUM *q=NULL;
81
82 *ret=0;
83 ctx=BN_CTX_new();
84 if (ctx == NULL) goto err;
85 q=BN_new();
86 if (q == NULL) goto err;
87
88 if (BN_is_word(dh->g,DH_GENERATOR_2))
89 {
90 l=BN_mod_word(dh->p,24);
91 if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
92 }
93#if 0
94 else if (BN_is_word(dh->g,DH_GENERATOR_3))
95 {
96 l=BN_mod_word(dh->p,12);
97 if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
98 }
99#endif
100 else if (BN_is_word(dh->g,DH_GENERATOR_5))
101 {
102 l=BN_mod_word(dh->p,10);
103 if ((l != 3) && (l != 7))
104 *ret|=DH_NOT_SUITABLE_GENERATOR;
105 }
106 else
107 *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
108
109 if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
110 *ret|=DH_CHECK_P_NOT_PRIME;
111 else
112 {
113 if (!BN_rshift1(q,dh->p)) goto err;
114 if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
115 *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
116 }
117 ok=1;
118err:
119 if (ctx != NULL) BN_CTX_free(ctx);
120 if (q != NULL) BN_free(q);
121 return(ok);
122 }
123
124#endif
125#endif
diff --git a/src/lib/libssl/src/fips/dh/fips_dh_gen.c b/src/lib/libssl/src/fips/dh/fips_dh_gen.c
deleted file mode 100644
index b569e3912d..0000000000
--- a/src/lib/libssl/src/fips/dh/fips_dh_gen.c
+++ /dev/null
@@ -1,186 +0,0 @@
1/* crypto/dh/dh_gen.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <openssl/err.h>
62#include <openssl/bn.h>
63#ifndef OPENSSL_NO_DH
64#include <openssl/dh.h>
65#endif
66#include <openssl/fips.h>
67
68#ifndef OPENSSL_NO_DH
69#ifdef OPENSSL_FIPS
70
71/* We generate DH parameters as follows
72 * find a prime q which is prime_len/2 bits long.
73 * p=(2*q)+1 or (p-1)/2 = q
74 * For this case, g is a generator if
75 * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
76 * Since the factors of p-1 are q and 2, we just need to check
77 * g^2 mod p != 1 and g^q mod p != 1.
78 *
79 * Having said all that,
80 * there is another special case method for the generators 2, 3 and 5.
81 * for 2, p mod 24 == 11
82 * for 3, p mod 12 == 5 <<<<< does not work for safe primes.
83 * for 5, p mod 10 == 3 or 7
84 *
85 * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
86 * special generators and for answering some of my questions.
87 *
88 * I've implemented the second simple method :-).
89 * Since DH should be using a safe prime (both p and q are prime),
90 * this generator function can take a very very long time to run.
91 */
92/* Actually there is no reason to insist that 'generator' be a generator.
93 * It's just as OK (and in some sense better) to use a generator of the
94 * order-q subgroup.
95 */
96
97DH *DH_generate_parameters(int prime_len, int generator,
98 void (*callback)(int,int,void *), void *cb_arg)
99 {
100 BIGNUM *p=NULL,*t1,*t2;
101 DH *ret=NULL;
102 int g,ok= -1;
103 BN_CTX *ctx=NULL;
104
105 if(FIPS_selftest_failed())
106 {
107 FIPSerr(FIPS_F_DH_GENERATE_PARAMETERS,FIPS_R_FIPS_SELFTEST_FAILED);
108 return NULL;
109 }
110
111 ret=DH_new();
112 if (ret == NULL) goto err;
113 ctx=BN_CTX_new();
114 if (ctx == NULL) goto err;
115 BN_CTX_start(ctx);
116 t1 = BN_CTX_get(ctx);
117 t2 = BN_CTX_get(ctx);
118 if (t1 == NULL || t2 == NULL) goto err;
119
120 if (generator <= 1)
121 {
122 DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
123 goto err;
124 }
125 if (generator == DH_GENERATOR_2)
126 {
127 if (!BN_set_word(t1,24)) goto err;
128 if (!BN_set_word(t2,11)) goto err;
129 g=2;
130 }
131#if 0 /* does not work for safe primes */
132 else if (generator == DH_GENERATOR_3)
133 {
134 if (!BN_set_word(t1,12)) goto err;
135 if (!BN_set_word(t2,5)) goto err;
136 g=3;
137 }
138#endif
139 else if (generator == DH_GENERATOR_5)
140 {
141 if (!BN_set_word(t1,10)) goto err;
142 if (!BN_set_word(t2,3)) goto err;
143 /* BN_set_word(t3,7); just have to miss
144 * out on these ones :-( */
145 g=5;
146 }
147 else
148 {
149 /* in the general case, don't worry if 'generator' is a
150 * generator or not: since we are using safe primes,
151 * it will generate either an order-q or an order-2q group,
152 * which both is OK */
153 if (!BN_set_word(t1,2)) goto err;
154 if (!BN_set_word(t2,1)) goto err;
155 g=generator;
156 }
157
158 p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
159 if (p == NULL) goto err;
160 if (callback != NULL) callback(3,0,cb_arg);
161 ret->p=p;
162 ret->g=BN_new();
163 if (!BN_set_word(ret->g,g)) goto err;
164 ok=1;
165err:
166 if (ok == -1)
167 {
168 DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB);
169 ok=0;
170 }
171
172 if (ctx != NULL)
173 {
174 BN_CTX_end(ctx);
175 BN_CTX_free(ctx);
176 }
177 if (!ok && (ret != NULL))
178 {
179 DH_free(ret);
180 ret=NULL;
181 }
182 return(ret);
183 }
184
185#endif
186#endif
diff --git a/src/lib/libssl/src/fips/dh/fips_dh_key.c b/src/lib/libssl/src/fips/dh/fips_dh_key.c
deleted file mode 100644
index 41e3a661c0..0000000000
--- a/src/lib/libssl/src/fips/dh/fips_dh_key.c
+++ /dev/null
@@ -1,230 +0,0 @@
1/* crypto/dh/dh_key.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/err.h>
61#include <openssl/bn.h>
62#ifndef OPENSSL_NO_RAND
63#include <openssl/rand.h>
64#endif
65#ifndef OPENSSL_NO_DH
66#include <openssl/dh.h>
67
68#ifdef OPENSSL_FIPS
69
70static int generate_key(DH *dh);
71static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
72static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
73 const BIGNUM *a, const BIGNUM *p,
74 const BIGNUM *m, BN_CTX *ctx,
75 BN_MONT_CTX *m_ctx);
76static int dh_init(DH *dh);
77static int dh_finish(DH *dh);
78
79int DH_generate_key(DH *dh)
80 {
81 return dh->meth->generate_key(dh);
82 }
83
84int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
85 {
86 return dh->meth->compute_key(key, pub_key, dh);
87 }
88
89static DH_METHOD dh_ossl = {
90"OpenSSL DH Method",
91generate_key,
92compute_key,
93dh_bn_mod_exp,
94dh_init,
95dh_finish,
960,
97NULL
98};
99
100const DH_METHOD *DH_OpenSSL(void)
101{
102 return &dh_ossl;
103}
104
105static int generate_key(DH *dh)
106 {
107 int ok=0;
108 int generate_new_key=0;
109 unsigned l;
110 BN_CTX *ctx;
111 BN_MONT_CTX *mont;
112 BIGNUM *pub_key=NULL,*priv_key=NULL;
113
114 ctx = BN_CTX_new();
115 if (ctx == NULL) goto err;
116
117 if (dh->priv_key == NULL)
118 {
119 priv_key=BN_new();
120 if (priv_key == NULL) goto err;
121 generate_new_key=1;
122 }
123 else
124 priv_key=dh->priv_key;
125
126 if (dh->pub_key == NULL)
127 {
128 pub_key=BN_new();
129 if (pub_key == NULL) goto err;
130 }
131 else
132 pub_key=dh->pub_key;
133
134 if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
135 {
136 if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
137 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
138 dh->p,ctx)) goto err;
139 }
140 mont=(BN_MONT_CTX *)dh->method_mont_p;
141
142 if (generate_new_key)
143 {
144 l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
145 if (!BN_rand(priv_key, l, 0, 0)) goto err;
146 }
147 if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))
148 goto err;
149
150 dh->pub_key=pub_key;
151 dh->priv_key=priv_key;
152 ok=1;
153err:
154 if (ok != 1)
155 DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB);
156
157 if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key);
158 if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
159 BN_CTX_free(ctx);
160 return(ok);
161 }
162
163static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
164 {
165 BN_CTX *ctx;
166 BN_MONT_CTX *mont;
167 BIGNUM *tmp;
168 int ret= -1;
169
170 ctx = BN_CTX_new();
171 if (ctx == NULL) goto err;
172 BN_CTX_start(ctx);
173 tmp = BN_CTX_get(ctx);
174
175 if (dh->priv_key == NULL)
176 {
177 DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
178 goto err;
179 }
180 if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
181 {
182 if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
183 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
184 dh->p,ctx)) goto err;
185 }
186
187 mont=(BN_MONT_CTX *)dh->method_mont_p;
188 if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
189 {
190 DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
191 goto err;
192 }
193
194 ret=BN_bn2bin(tmp,key);
195err:
196 BN_CTX_end(ctx);
197 BN_CTX_free(ctx);
198 return(ret);
199 }
200
201static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
202 const BIGNUM *a, const BIGNUM *p,
203 const BIGNUM *m, BN_CTX *ctx,
204 BN_MONT_CTX *m_ctx)
205 {
206 if (a->top == 1)
207 {
208 BN_ULONG A = a->d[0];
209 return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
210 }
211 else
212 return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
213 }
214
215
216static int dh_init(DH *dh)
217 {
218 dh->flags |= DH_FLAG_CACHE_MONT_P;
219 return(1);
220 }
221
222static int dh_finish(DH *dh)
223 {
224 if(dh->method_mont_p)
225 BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p);
226 return(1);
227 }
228
229#endif
230#endif
diff --git a/src/lib/libssl/src/fips/dsa/Makefile b/src/lib/libssl/src/fips/dsa/Makefile
deleted file mode 100644
index 0cc5704ed1..0000000000
--- a/src/lib/libssl/src/fips/dsa/Makefile
+++ /dev/null
@@ -1,158 +0,0 @@
1#
2# SSLeay/fips/dsa/Makefile
3#
4
5DIR= dsa
6TOP= ../..
7CC= cc
8INCLUDES=
9CFLAG=-g
10INSTALL_PREFIX=
11OPENSSLDIR= /usr/local/ssl
12INSTALLTOP=/usr/local/ssl
13MAKEDEPPROG= makedepend
14MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
15MAKEFILE= Makefile
16AR= ar r
17
18CFLAGS= $(INCLUDES) $(CFLAG)
19
20GENERAL=Makefile
21TEST=fips_dsatest.c
22APPS=
23
24LIB=$(TOP)/libcrypto.a
25LIBSRC=fips_dsa_ossl.c fips_dsa_gen.c fips_dsa_selftest.c
26LIBOBJ=fips_dsa_ossl.o fips_dsa_gen.o fips_dsa_selftest.o
27
28SRC= $(LIBSRC)
29
30EXHEADER=
31HEADER= $(EXHEADER)
32
33ALL= $(GENERAL) $(SRC) $(HEADER)
34
35top:
36 (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
37
38all: check lib
39
40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) || echo Never mind.
43 @sleep 2; touch lib
44
45check:
46 TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
47
48files:
49 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
50
51links:
52 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
53 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
54 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
55
56install:
57 @headerlist="$(EXHEADER)"; for i in $$headerlist; \
58 do \
59 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
60 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
61 done
62
63tags:
64 ctags $(SRC)
65
66tests:
67
68top_fips_dssvs:
69 (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_dssvs sub_target)
70
71fips_dssvs: fips_dssvs.o $(TOP)/libcrypto.a
72 $(CC) $(CFLAGS) -o fips_dssvs fips_dssvs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
73 TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_dssvs
74
75Q=../testvectors/dsa/req
76A=../testvectors/dsa/rsp
77
78fips_test: top_fips_dssvs
79 -rm -rf $A
80 mkdir $A
81 ./fips_dssvs pqg < $Q/PQGGen.req > $A/PQGGen.rsp
82 ./fips_dssvs keypair < $Q/KeyPair.req > $A/KeyPair.rsp
83 ./fips_dssvs siggen < $Q/SigGen.req > $A/SigGen.rsp
84 ./fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp
85
86lint:
87 lint -DLINT $(INCLUDES) $(SRC)>fluff
88
89depend:
90 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
91
92dclean:
93 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
94 mv -f Makefile.new $(MAKEFILE)
95
96clean:
97 rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
98# DO NOT DELETE THIS LINE -- make depend depends on it.
99
100fips_dsa_gen.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
101fips_dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
102fips_dsa_gen.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
103fips_dsa_gen.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
104fips_dsa_gen.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
105fips_dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
106fips_dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
107fips_dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/idea.h
108fips_dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
109fips_dsa_gen.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
110fips_dsa_gen.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
111fips_dsa_gen.o: ../../include/openssl/objects.h
112fips_dsa_gen.o: ../../include/openssl/opensslconf.h
113fips_dsa_gen.o: ../../include/openssl/opensslv.h
114fips_dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
115fips_dsa_gen.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
116fips_dsa_gen.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
117fips_dsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
118fips_dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
119fips_dsa_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
120fips_dsa_gen.o: ../../include/openssl/ui_compat.h fips_dsa_gen.c
121fips_dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
122fips_dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
123fips_dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
124fips_dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
125fips_dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/fips.h
126fips_dsa_ossl.o: ../../include/openssl/lhash.h
127fips_dsa_ossl.o: ../../include/openssl/opensslconf.h
128fips_dsa_ossl.o: ../../include/openssl/opensslv.h
129fips_dsa_ossl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
130fips_dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
131fips_dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
132fips_dsa_ossl.o: ../../include/openssl/ui.h fips_dsa_ossl.c
133fips_dsa_selftest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
134fips_dsa_selftest.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
135fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
136fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/fips.h
137fips_dsa_selftest.o: ../../include/openssl/lhash.h
138fips_dsa_selftest.o: ../../include/openssl/opensslconf.h
139fips_dsa_selftest.o: ../../include/openssl/opensslv.h
140fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h
141fips_dsa_selftest.o: ../../include/openssl/safestack.h
142fips_dsa_selftest.o: ../../include/openssl/stack.h
143fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
144fips_dsatest.o: ../../e_os.h ../../include/openssl/asn1.h
145fips_dsatest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
146fips_dsatest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
147fips_dsatest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
148fips_dsatest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
149fips_dsatest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
150fips_dsatest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
151fips_dsatest.o: ../../include/openssl/lhash.h
152fips_dsatest.o: ../../include/openssl/opensslconf.h
153fips_dsatest.o: ../../include/openssl/opensslv.h
154fips_dsatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
155fips_dsatest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
156fips_dsatest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
157fips_dsatest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
158fips_dsatest.o: fips_dsatest.c
diff --git a/src/lib/libssl/src/fips/dsa/fips_dsa_gen.c b/src/lib/libssl/src/fips/dsa/fips_dsa_gen.c
deleted file mode 100644
index 21fa3d1783..0000000000
--- a/src/lib/libssl/src/fips/dsa/fips_dsa_gen.c
+++ /dev/null
@@ -1,374 +0,0 @@
1/* crypto/dsa/dsa_gen.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#undef GENUINE_DSA
60
61#ifdef GENUINE_DSA
62/* Parameter generation follows the original release of FIPS PUB 186,
63 * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
64#define HASH EVP_sha()
65#else
66/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
67 * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
68 * FIPS PUB 180-1) */
69#define HASH EVP_sha1()
70#endif
71
72#include <stdio.h>
73#include <string.h>
74#include <time.h>
75/*#include "cryptlib.h"*/
76#include <openssl/evp.h>
77#include <openssl/bn.h>
78#ifndef OPENSSL_NO_DSA
79#include <openssl/dsa.h>
80#endif
81#ifndef OPENSSL_NO_RAND
82#include <openssl/rand.h>
83#endif
84#ifndef OPENSSL_NO_SHA
85#include <openssl/sha.h>
86#endif
87#include <openssl/fips.h>
88#include <openssl/err.h>
89
90#ifndef OPENSSL_NO_DSA
91#ifdef OPENSSL_FIPS
92
93static int fips_check_dsa(DSA *dsa)
94 {
95 static const unsigned char str1[]="12345678901234567890";
96 unsigned char sig[256];
97 unsigned int siglen;
98
99 DSA_sign(0, str1, 20, sig, &siglen, dsa);
100 if(DSA_verify(0, str1, 20, sig, siglen, dsa) != 1)
101 {
102 FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
103 return 0;
104 }
105 return 1;
106 }
107
108DSA *DSA_generate_parameters(FIPS_DSA_SIZE_T bits,
109 unsigned char *seed_in, FIPS_DSA_SIZE_T seed_len,
110 int *counter_ret, unsigned long *h_ret,
111 void (*callback)(int, int, void *),
112 void *cb_arg)
113 {
114 int ok=0;
115 unsigned char seed[SHA_DIGEST_LENGTH];
116 unsigned char md[SHA_DIGEST_LENGTH];
117 unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
118 BIGNUM *r0,*W,*X,*c,*test;
119 BIGNUM *g=NULL,*q=NULL,*p=NULL;
120 BN_MONT_CTX *mont=NULL;
121 int k,n=0,i,b,m=0;
122 int counter=0;
123 int r=0;
124 BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL;
125 unsigned int h=2;
126 DSA *ret=NULL;
127 unsigned char *seed_out=seed_in;
128
129 if(FIPS_selftest_failed())
130 {
131 FIPSerr(FIPS_F_DSA_GENERATE_PARAMETERS,
132 FIPS_R_FIPS_SELFTEST_FAILED);
133 goto err;
134 }
135
136 if (bits < 512) bits=512;
137 bits=(bits+63)/64*64;
138
139 if (seed_len < 20)
140 seed_in = NULL; /* seed buffer too small -- ignore */
141 if (seed_len > 20)
142 seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
143 * but our internal buffers are restricted to 160 bits*/
144 if ((seed_in != NULL) && (seed_len == 20))
145 memcpy(seed,seed_in,seed_len);
146
147 if ((ctx=BN_CTX_new()) == NULL) goto err;
148 if ((ctx2=BN_CTX_new()) == NULL) goto err;
149 if ((ctx3=BN_CTX_new()) == NULL) goto err;
150 if ((ret=DSA_new()) == NULL) goto err;
151
152 if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
153
154 BN_CTX_start(ctx2);
155 r0 = BN_CTX_get(ctx2);
156 g = BN_CTX_get(ctx2);
157 W = BN_CTX_get(ctx2);
158 q = BN_CTX_get(ctx2);
159 X = BN_CTX_get(ctx2);
160 c = BN_CTX_get(ctx2);
161 p = BN_CTX_get(ctx2);
162 test = BN_CTX_get(ctx2);
163
164 BN_lshift(test,BN_value_one(),bits-1);
165
166 for (;;)
167 {
168 for (;;) /* find q */
169 {
170 int seed_is_random;
171
172 /* step 1 */
173 if (callback != NULL) callback(0,m++,cb_arg);
174
175 if (!seed_len)
176 {
177 if(RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH) < 0)
178 goto err;
179 seed_is_random = 1;
180 }
181 else
182 {
183 seed_is_random = 0;
184 seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
185 }
186 memcpy(buf,seed,SHA_DIGEST_LENGTH);
187 memcpy(buf2,seed,SHA_DIGEST_LENGTH);
188 /* precompute "SEED + 1" for step 7: */
189 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
190 {
191 buf[i]++;
192 if (buf[i] != 0) break;
193 }
194
195 /* step 2 */
196 EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
197 EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
198 for (i=0; i<SHA_DIGEST_LENGTH; i++)
199 md[i]^=buf2[i];
200
201 /* step 3 */
202 md[0]|=0x80;
203 md[SHA_DIGEST_LENGTH-1]|=0x01;
204 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
205
206 /* step 4 */
207 r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random);
208 if (r > 0)
209 break;
210 if (r != 0)
211 goto err;
212
213 /* do a callback call */
214 /* step 5 */
215 }
216
217 if (callback != NULL) callback(2,0,cb_arg);
218 if (callback != NULL) callback(3,0,cb_arg);
219
220 /* step 6 */
221 counter=0;
222 /* "offset = 2" */
223
224 n=(bits-1)/160;
225 b=(bits-1)-n*160;
226
227 for (;;)
228 {
229 if (callback != NULL && counter != 0)
230 callback(0,counter,cb_arg);
231
232 /* step 7 */
233 BN_zero(W);
234 /* now 'buf' contains "SEED + offset - 1" */
235 for (k=0; k<=n; k++)
236 {
237 /* obtain "SEED + offset + k" by incrementing: */
238 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
239 {
240 buf[i]++;
241 if (buf[i] != 0) break;
242 }
243
244 EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
245
246 /* step 8 */
247 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
248 goto err;
249 BN_lshift(r0,r0,160*k);
250 BN_add(W,W,r0);
251 }
252
253 /* more of step 8 */
254 BN_mask_bits(W,bits-1);
255 BN_copy(X,W); /* this should be ok */
256 BN_add(X,X,test); /* this should be ok */
257
258 /* step 9 */
259 BN_lshift1(r0,q);
260 BN_mod(c,X,r0,ctx);
261 BN_sub(r0,c,BN_value_one());
262 BN_sub(p,X,r0);
263
264 /* step 10 */
265 if (BN_cmp(p,test) >= 0)
266 {
267 /* step 11 */
268 r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1);
269 if (r > 0)
270 goto end; /* found it */
271 if (r != 0)
272 goto err;
273 }
274
275 /* step 13 */
276 counter++;
277 /* "offset = offset + n + 1" */
278
279 /* step 14 */
280 if (counter >= 4096) break;
281 }
282 }
283end:
284 if (callback != NULL) callback(2,1,cb_arg);
285
286 /* We now need to generate g */
287 /* Set r0=(p-1)/q */
288 BN_sub(test,p,BN_value_one());
289 BN_div(r0,NULL,test,q,ctx);
290
291 BN_set_word(test,h);
292 BN_MONT_CTX_set(mont,p,ctx);
293
294 for (;;)
295 {
296 /* g=test^r0%p */
297 BN_mod_exp_mont(g,test,r0,p,ctx,mont);
298 if (!BN_is_one(g)) break;
299 BN_add(test,test,BN_value_one());
300 h++;
301 }
302
303 if (callback != NULL) callback(3,1,cb_arg);
304
305 ok=1;
306err:
307 if (!ok)
308 {
309 if (ret != NULL) DSA_free(ret);
310 }
311 else
312 {
313 ret->p=BN_dup(p);
314 ret->q=BN_dup(q);
315 ret->g=BN_dup(g);
316 if(seed_out != NULL) memcpy(seed_out,seed,20);
317 if (counter_ret != NULL) *counter_ret=counter;
318 if (h_ret != NULL) *h_ret=h;
319 }
320 if (ctx != NULL) BN_CTX_free(ctx);
321 if (ctx2 != NULL)
322 {
323 BN_CTX_end(ctx2);
324 BN_CTX_free(ctx2);
325 }
326 if (ctx3 != NULL) BN_CTX_free(ctx3);
327 if (mont != NULL) BN_MONT_CTX_free(mont);
328 return(ok?ret:NULL);
329 }
330
331int DSA_generate_key(DSA *dsa)
332 {
333 int ok=0;
334 BN_CTX *ctx=NULL;
335 BIGNUM *pub_key=NULL,*priv_key=NULL;
336
337 if ((ctx=BN_CTX_new()) == NULL) goto err;
338
339 if (dsa->priv_key == NULL)
340 {
341 if ((priv_key=BN_new()) == NULL) goto err;
342 }
343 else
344 priv_key=dsa->priv_key;
345
346 do
347 if (!BN_rand_range(priv_key,dsa->q)) goto err;
348 while (BN_is_zero(priv_key));
349
350 if (dsa->pub_key == NULL)
351 {
352 if ((pub_key=BN_new()) == NULL) goto err;
353 }
354 else
355 pub_key=dsa->pub_key;
356
357 if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err;
358
359 dsa->priv_key=priv_key;
360 dsa->pub_key=pub_key;
361
362 if(!fips_check_dsa(dsa))
363 goto err;
364
365 ok=1;
366
367err:
368 if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
369 if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
370 if (ctx != NULL) BN_CTX_free(ctx);
371 return(ok);
372 }
373#endif
374#endif
diff --git a/src/lib/libssl/src/fips/dsa/fips_dsa_ossl.c b/src/lib/libssl/src/fips/dsa/fips_dsa_ossl.c
deleted file mode 100644
index 0ae5eb4b9e..0000000000
--- a/src/lib/libssl/src/fips/dsa/fips_dsa_ossl.c
+++ /dev/null
@@ -1,387 +0,0 @@
1/* crypto/dsa/dsa_ossl.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h>
62#include <openssl/bn.h>
63#include <openssl/dsa.h>
64#include <openssl/rand.h>
65#include <openssl/asn1.h>
66#ifndef OPENSSL_NO_ENGINE
67#include <openssl/engine.h>
68#endif
69#include <openssl/fips.h>
70
71#ifdef OPENSSL_FIPS
72
73static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA *dsa);
74static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
75static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DSA_SIG *sig,
76 DSA *dsa);
77static int dsa_init(DSA *dsa);
78static int dsa_finish(DSA *dsa);
79static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
80 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
81 BN_MONT_CTX *in_mont);
82static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
83 const BIGNUM *m, BN_CTX *ctx,
84 BN_MONT_CTX *m_ctx);
85
86static DSA_METHOD openssl_dsa_meth = {
87"OpenSSL FIPS DSA method",
88dsa_do_sign,
89dsa_sign_setup,
90dsa_do_verify,
91dsa_mod_exp,
92dsa_bn_mod_exp,
93dsa_init,
94dsa_finish,
950,
96NULL
97};
98
99int FIPS_dsa_check(struct dsa_st *dsa)
100 {
101 if(dsa->meth != &openssl_dsa_meth || dsa->meth->dsa_do_sign != dsa_do_sign
102 || dsa->meth->dsa_sign_setup != dsa_sign_setup
103 || dsa->meth->dsa_mod_exp != dsa_mod_exp
104 || dsa->meth->bn_mod_exp != dsa_bn_mod_exp
105 || dsa->meth->init != dsa_init
106 || dsa->meth->finish != dsa_finish)
107 {
108 FIPSerr(FIPS_F_FIPS_DSA_CHECK,FIPS_R_NON_FIPS_METHOD);
109 return 0;
110 }
111 return 1;
112 }
113
114const DSA_METHOD *DSA_OpenSSL(void)
115{
116 return &openssl_dsa_meth;
117}
118
119static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA *dsa)
120 {
121 BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
122 BIGNUM m;
123 BIGNUM xr;
124 BN_CTX *ctx=NULL;
125 int i,reason=ERR_R_BN_LIB;
126 DSA_SIG *ret=NULL;
127
128 if(FIPS_selftest_failed())
129 {
130 FIPSerr(FIPS_F_DSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
131 return NULL;
132 }
133
134 BN_init(&m);
135 BN_init(&xr);
136
137 if (!dsa->p || !dsa->q || !dsa->g)
138 {
139 reason=DSA_R_MISSING_PARAMETERS;
140 goto err;
141 }
142
143 s=BN_new();
144 if (s == NULL) goto err;
145
146 i=BN_num_bytes(dsa->q); /* should be 20 */
147 if ((dlen > i) || (dlen > 50))
148 {
149 reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
150 goto err;
151 }
152
153 ctx=BN_CTX_new();
154 if (ctx == NULL) goto err;
155
156 if ((dsa->kinv == NULL) || (dsa->r == NULL))
157 {
158 if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
159 }
160 else
161 {
162 kinv=dsa->kinv;
163 dsa->kinv=NULL;
164 r=dsa->r;
165 dsa->r=NULL;
166 }
167
168 if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
169
170 /* Compute s = inv(k) (m + xr) mod q */
171 if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
172 if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
173 if (BN_cmp(s,dsa->q) > 0)
174 BN_sub(s,s,dsa->q);
175 if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
176
177 ret=DSA_SIG_new();
178 if (ret == NULL) goto err;
179 ret->r = r;
180 ret->s = s;
181
182err:
183 if (!ret)
184 {
185 DSAerr(DSA_F_DSA_DO_SIGN,reason);
186 BN_free(r);
187 BN_free(s);
188 }
189 if (ctx != NULL) BN_CTX_free(ctx);
190 BN_clear_free(&m);
191 BN_clear_free(&xr);
192 if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
193 BN_clear_free(kinv);
194 return(ret);
195 }
196
197static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
198 {
199 BN_CTX *ctx;
200 BIGNUM k,*kinv=NULL,*r=NULL;
201 int ret=0;
202
203 if (!dsa->p || !dsa->q || !dsa->g)
204 {
205 DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
206 return 0;
207 }
208
209 BN_init(&k);
210
211 if (ctx_in == NULL)
212 {
213 if ((ctx=BN_CTX_new()) == NULL) goto err;
214 }
215 else
216 ctx=ctx_in;
217
218 if ((r=BN_new()) == NULL) goto err;
219 kinv=NULL;
220
221 /* Get random k */
222 do
223 if (!BN_rand_range(&k, dsa->q)) goto err;
224 while (BN_is_zero(&k));
225
226 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
227 {
228 if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
229 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
230 dsa->p,ctx)) goto err;
231 }
232
233 /* Compute r = (g^k mod p) mod q */
234 if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
235 (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
236 if (!BN_mod(r,r,dsa->q,ctx)) goto err;
237
238 /* Compute part of 's = inv(k) (m + xr) mod q' */
239 if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
240
241 if (*kinvp != NULL) BN_clear_free(*kinvp);
242 *kinvp=kinv;
243 kinv=NULL;
244 if (*rp != NULL) BN_clear_free(*rp);
245 *rp=r;
246 ret=1;
247err:
248 if (!ret)
249 {
250 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
251 if (kinv != NULL) BN_clear_free(kinv);
252 if (r != NULL) BN_clear_free(r);
253 }
254 if (ctx_in == NULL) BN_CTX_free(ctx);
255 if (kinv != NULL) BN_clear_free(kinv);
256 BN_clear_free(&k);
257 return(ret);
258 }
259
260static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DSA_SIG *sig,
261 DSA *dsa)
262 {
263 BN_CTX *ctx;
264 BIGNUM u1,u2,t1;
265 BN_MONT_CTX *mont=NULL;
266 int ret = -1;
267
268 if (!dsa->p || !dsa->q || !dsa->g)
269 {
270 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
271 return -1;
272 }
273
274 if(FIPS_selftest_failed())
275 {
276 FIPSerr(FIPS_F_DSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
277 return -1;
278 }
279
280 BN_init(&u1);
281 BN_init(&u2);
282 BN_init(&t1);
283
284 if ((ctx=BN_CTX_new()) == NULL) goto err;
285
286 if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
287 {
288 ret = 0;
289 goto err;
290 }
291 if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
292 {
293 ret = 0;
294 goto err;
295 }
296
297 /* Calculate W = inv(S) mod Q
298 * save W in u2 */
299 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
300
301 /* save M in u1 */
302 if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
303
304 /* u1 = M * w mod q */
305 if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
306
307 /* u2 = r * w mod q */
308 if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
309
310 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
311 {
312 if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
313 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
314 dsa->p,ctx)) goto err;
315 }
316 mont=(BN_MONT_CTX *)dsa->method_mont_p;
317
318#if 0
319 {
320 BIGNUM t2;
321
322 BN_init(&t2);
323 /* v = ( g^u1 * y^u2 mod p ) mod q */
324 /* let t1 = g ^ u1 mod p */
325 if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
326 /* let t2 = y ^ u2 mod p */
327 if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
328 /* let u1 = t1 * t2 mod p */
329 if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
330 BN_free(&t2);
331 }
332 /* let u1 = u1 mod q */
333 if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
334#else
335 {
336 if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
337 dsa->p,ctx,mont)) goto err;
338 /* BN_copy(&u1,&t1); */
339 /* let u1 = u1 mod q */
340 if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
341 }
342#endif
343 /* V is now in u1. If the signature is correct, it will be
344 * equal to R. */
345 ret=(BN_ucmp(&u1, sig->r) == 0);
346
347 err:
348 if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
349 if (ctx != NULL) BN_CTX_free(ctx);
350 BN_free(&u1);
351 BN_free(&u2);
352 BN_free(&t1);
353 return(ret);
354 }
355
356static int dsa_init(DSA *dsa)
357{
358 dsa->flags|=DSA_FLAG_CACHE_MONT_P;
359 return(1);
360}
361
362static int dsa_finish(DSA *dsa)
363{
364 if(dsa->method_mont_p)
365 BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
366 return(1);
367}
368
369static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
370 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
371 BN_MONT_CTX *in_mont)
372{
373 return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
374}
375
376static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
377 const BIGNUM *m, BN_CTX *ctx,
378 BN_MONT_CTX *m_ctx)
379{
380 return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
381}
382
383#else /* ndef OPENSSL_FIPS */
384
385static void *dummy=&dummy;
386
387#endif /* ndef OPENSSL_FIPS */
diff --git a/src/lib/libssl/src/fips/dsa/fips_dsa_selftest.c b/src/lib/libssl/src/fips/dsa/fips_dsa_selftest.c
deleted file mode 100644
index 2c88f0af44..0000000000
--- a/src/lib/libssl/src/fips/dsa/fips_dsa_selftest.c
+++ /dev/null
@@ -1,168 +0,0 @@
1/* crypto/dsa/dsatest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <string.h>
60#include <openssl/crypto.h>
61#include <openssl/dsa.h>
62#include <openssl/fips.h>
63#include <openssl/err.h>
64
65#ifdef OPENSSL_FIPS
66
67/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
68 * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
69static unsigned char seed[20]={
70 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
71 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
72 };
73
74static unsigned char out_p[]={
75 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
76 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
77 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
78 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
79 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
80 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
81 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
82 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
83 };
84
85static unsigned char out_q[]={
86 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
87 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
88 0xda,0xce,0x91,0x5f,
89 };
90
91static unsigned char out_g[]={
92 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
93 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
94 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
95 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
96 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
97 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
98 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
99 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
100 };
101
102static const unsigned char str1[]="12345678901234567890";
103
104void FIPS_corrupt_dsa()
105 {
106 ++seed[0];
107 }
108
109int FIPS_selftest_dsa()
110 {
111 DSA *dsa=NULL;
112 int counter,i,j;
113 unsigned char buf[256];
114 unsigned long h;
115 unsigned char sig[256];
116 unsigned int siglen;
117
118 dsa=DSA_generate_parameters(512,seed,20,&counter,&h,NULL,NULL);
119
120 if(dsa == NULL)
121 {
122 FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
123 return 0;
124 }
125 if (counter != 105)
126 {
127 FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
128 return 0;
129 }
130 if (h != 2)
131 {
132 FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
133 return 0;
134 }
135 i=BN_bn2bin(dsa->q,buf);
136 j=sizeof(out_q);
137 if (i != j || memcmp(buf,out_q,i) != 0)
138 {
139 FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
140 return 0;
141 }
142
143 i=BN_bn2bin(dsa->p,buf);
144 j=sizeof(out_p);
145 if (i != j || memcmp(buf,out_p,i) != 0)
146 {
147 FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
148 return 0;
149 }
150
151 i=BN_bn2bin(dsa->g,buf);
152 j=sizeof(out_g);
153 if (i != j || memcmp(buf,out_g,i) != 0)
154 {
155 FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
156 return 0;
157 }
158 DSA_generate_key(dsa);
159 DSA_sign(0, str1, 20, sig, &siglen, dsa);
160 if(DSA_verify(0, str1, 20, sig, siglen, dsa) != 1)
161 {
162 FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
163 return 0;
164 }
165 DSA_free(dsa);
166 return 1;
167 }
168#endif
diff --git a/src/lib/libssl/src/fips/dsa/fips_dsatest.c b/src/lib/libssl/src/fips/dsa/fips_dsatest.c
deleted file mode 100644
index 7215940ede..0000000000
--- a/src/lib/libssl/src/fips/dsa/fips_dsatest.c
+++ /dev/null
@@ -1,257 +0,0 @@
1/* crypto/dsa/dsatest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <sys/types.h>
63#include <sys/stat.h>
64
65#include "e_os.h"
66
67#include <openssl/crypto.h>
68#include <openssl/rand.h>
69#include <openssl/bio.h>
70#include <openssl/err.h>
71#ifndef OPENSSL_NO_ENGINE
72#include <openssl/engine.h>
73#endif
74#include <openssl/fips.h>
75#include <openssl/fips_rand.h>
76
77#if defined(OPENSSL_NO_DSA) || !defined(OPENSSL_FIPS)
78int main(int argc, char *argv[])
79{
80 printf("No FIPS DSA support\n");
81 return(0);
82}
83#else
84#include <openssl/dsa.h>
85
86#ifdef OPENSSL_SYS_WIN16
87#define MS_CALLBACK _far _loadds
88#else
89#define MS_CALLBACK
90#endif
91
92static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
93
94/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
95 * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
96static unsigned char seed[20]={
97 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
98 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
99 };
100
101static unsigned char out_p[]={
102 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
103 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
104 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
105 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
106 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
107 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
108 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
109 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
110 };
111
112static unsigned char out_q[]={
113 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
114 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
115 0xda,0xce,0x91,0x5f,
116 };
117
118static unsigned char out_g[]={
119 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
120 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
121 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
122 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
123 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
124 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
125 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
126 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
127 };
128
129static const unsigned char str1[]="12345678901234567890";
130
131static const char rnd_seed[] = "string to make the random number generator think it has entropy";
132static const unsigned char rnd_key1[]="12345678";
133static const unsigned char rnd_key2[]="abcdefgh";
134
135static BIO *bio_err=NULL;
136
137int main(int argc, char **argv)
138 {
139 DSA *dsa=NULL;
140 int counter,ret=0,i,j;
141 unsigned char buf[256];
142 unsigned long h;
143 unsigned char sig[256];
144 unsigned int siglen;
145
146 if (bio_err == NULL)
147 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
148
149#ifdef OPENSSL_FIPS
150 if(!FIPS_mode_set(1,argv[0]))
151 {
152 ERR_print_errors(bio_err);
153 EXIT(1);
154 }
155#endif
156 CRYPTO_malloc_debug_init();
157 CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
158 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
159
160 ERR_load_crypto_strings();
161 FIPS_set_prng_key(rnd_key1,rnd_key2);
162 RAND_seed(rnd_seed, sizeof rnd_seed);
163
164 BIO_printf(bio_err,"test generation of DSA parameters\n");
165
166 dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
167
168 BIO_printf(bio_err,"seed\n");
169 for (i=0; i<20; i+=4)
170 {
171 BIO_printf(bio_err,"%02X%02X%02X%02X ",
172 seed[i],seed[i+1],seed[i+2],seed[i+3]);
173 }
174 BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h);
175
176 if (dsa == NULL) goto end;
177 DSA_print(bio_err,dsa,0);
178 if (counter != 105)
179 {
180 BIO_printf(bio_err,"counter should be 105\n");
181 goto end;
182 }
183 if (h != 2)
184 {
185 BIO_printf(bio_err,"h should be 2\n");
186 goto end;
187 }
188
189 i=BN_bn2bin(dsa->q,buf);
190 j=sizeof(out_q);
191 if ((i != j) || (memcmp(buf,out_q,i) != 0))
192 {
193 BIO_printf(bio_err,"q value is wrong\n");
194 goto end;
195 }
196
197 i=BN_bn2bin(dsa->p,buf);
198 j=sizeof(out_p);
199 if ((i != j) || (memcmp(buf,out_p,i) != 0))
200 {
201 BIO_printf(bio_err,"p value is wrong\n");
202 goto end;
203 }
204
205 i=BN_bn2bin(dsa->g,buf);
206 j=sizeof(out_g);
207 if ((i != j) || (memcmp(buf,out_g,i) != 0))
208 {
209 BIO_printf(bio_err,"g value is wrong\n");
210 goto end;
211 }
212 DSA_generate_key(dsa);
213 DSA_sign(0, str1, 20, sig, &siglen, dsa);
214 if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
215 ret=1;
216end:
217 if (!ret)
218 ERR_print_errors(bio_err);
219 if (dsa != NULL) DSA_free(dsa);
220 CRYPTO_cleanup_all_ex_data();
221 ERR_remove_state(0);
222 ERR_free_strings();
223 CRYPTO_mem_leaks(bio_err);
224 if (bio_err != NULL)
225 {
226 BIO_free(bio_err);
227 bio_err = NULL;
228 }
229 EXIT(!ret);
230 return(!ret);
231 }
232
233static int cb_exit(int ec)
234 {
235 EXIT(ec);
236 return(0); /* To keep some compilers quiet */
237 }
238
239static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
240 {
241 char c='*';
242 static int ok=0,num=0;
243
244 if (p == 0) { c='.'; num++; };
245 if (p == 1) c='+';
246 if (p == 2) { c='*'; ok++; }
247 if (p == 3) c='\n';
248 BIO_write(arg,&c,1);
249 (void)BIO_flush(arg);
250
251 if (!ok && (p == 0) && (num > 1))
252 {
253 BIO_printf((BIO *)arg,"error in dsatest\n");
254 cb_exit(1);
255 }
256 }
257#endif
diff --git a/src/lib/libssl/src/fips/dsa/fips_dssvs.c b/src/lib/libssl/src/fips/dsa/fips_dssvs.c
deleted file mode 100644
index 50a4d96986..0000000000
--- a/src/lib/libssl/src/fips/dsa/fips_dssvs.c
+++ /dev/null
@@ -1,306 +0,0 @@
1#include <openssl/bn.h>
2#include <openssl/dsa.h>
3#include <openssl/fips.h>
4#include <openssl/err.h>
5#include <openssl/sha.h>
6#include <string.h>
7
8int hex2bin(const char *in, unsigned char *out)
9 {
10 int n1, n2;
11 unsigned char ch;
12
13 for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
14 { /* first byte */
15 if ((in[n1] >= '0') && (in[n1] <= '9'))
16 ch = in[n1++] - '0';
17 else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
18 ch = in[n1++] - 'A' + 10;
19 else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
20 ch = in[n1++] - 'a' + 10;
21 else
22 return -1;
23 if(!in[n1])
24 {
25 out[n2++]=ch;
26 break;
27 }
28 out[n2] = ch << 4;
29 /* second byte */
30 if ((in[n1] >= '0') && (in[n1] <= '9'))
31 ch = in[n1++] - '0';
32 else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
33 ch = in[n1++] - 'A' + 10;
34 else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
35 ch = in[n1++] - 'a' + 10;
36 else
37 return -1;
38 out[n2++] |= ch;
39 }
40 return n2;
41 }
42
43BIGNUM *hex2bn(const char *in)
44 {
45 BIGNUM *p=BN_new();
46
47 BN_hex2bn(&p,in);
48
49 return p;
50 }
51
52int bin2hex(const unsigned char *in,int len,char *out)
53 {
54 int n1, n2;
55 unsigned char ch;
56
57 for (n1=0,n2=0 ; n1 < len ; ++n1)
58 {
59 ch=in[n1] >> 4;
60 if (ch <= 0x09)
61 out[n2++]=ch+'0';
62 else
63 out[n2++]=ch-10+'a';
64 ch=in[n1] & 0x0f;
65 if(ch <= 0x09)
66 out[n2++]=ch+'0';
67 else
68 out[n2++]=ch-10+'a';
69 }
70 out[n2]='\0';
71 return n2;
72 }
73
74void pv(const char *tag,const unsigned char *val,int len)
75 {
76 char obuf[2048];
77
78 bin2hex(val,len,obuf);
79 printf("%s = %s\n",tag,obuf);
80 }
81
82void pbn(const char *tag,const BIGNUM *val)
83 {
84 printf("%s = %s\n",tag,BN_bn2hex(val));
85 }
86
87void primes()
88 {
89 char buf[10240];
90
91 while(fgets(buf,sizeof buf,stdin) != NULL)
92 {
93 fputs(buf,stdout);
94 if(!strncmp(buf,"Prime= ",7))
95 {
96 BIGNUM *pp;
97
98 pp=BN_new();
99 BN_hex2bn(&pp,buf+7);
100 printf("result= %c\n",
101 BN_is_prime(pp,20,NULL,NULL,NULL) ? 'P' : 'F');
102 }
103 }
104 }
105
106void pqg()
107 {
108 char buf[1024];
109 int nmod=0;
110
111 while(fgets(buf,sizeof buf,stdin) != NULL)
112 {
113 if(!strncmp(buf,"[mod = ",7))
114 nmod=atoi(buf+7);
115 else if(!strncmp(buf,"N = ",4))
116 {
117 int n=atoi(buf+4);
118
119 printf("[mod = %d]\n\n",nmod);
120
121 while(n--)
122 {
123 unsigned char seed[20];
124 DSA *dsa;
125 int counter;
126 unsigned long h;
127
128 dsa=DSA_generate_parameters(nmod,seed,0,&counter,&h,NULL,NULL);
129 printf("P = %s\n",BN_bn2hex(dsa->p));
130 printf("Q = %s\n",BN_bn2hex(dsa->q));
131 printf("G = %s\n",BN_bn2hex(dsa->g));
132 pv("Seed",seed,20);
133 printf("c = %d\n",counter);
134 printf("H = %lx\n",h);
135 putc('\n',stdout);
136 }
137 }
138 else
139 fputs(buf,stdout);
140 }
141 }
142
143void keypair()
144 {
145 char buf[1024];
146 int nmod=0;
147
148 while(fgets(buf,sizeof buf,stdin) != NULL)
149 {
150 if(!strncmp(buf,"[mod = ",7))
151 nmod=atoi(buf+7);
152 else if(!strncmp(buf,"N = ",4))
153 {
154 DSA *dsa;
155 int n=atoi(buf+4);
156
157 printf("[mod = %d]\n\n",nmod);
158
159 dsa=DSA_generate_parameters(nmod,NULL,0,NULL,NULL,NULL,NULL);
160 pbn("P",dsa->p);
161 pbn("Q",dsa->q);
162 pbn("G",dsa->g);
163 putc('\n',stdout);
164
165 while(n--)
166 {
167 DSA_generate_key(dsa);
168
169 pbn("X",dsa->priv_key);
170 pbn("Y",dsa->pub_key);
171 putc('\n',stdout);
172 }
173 }
174 }
175 }
176
177void siggen()
178 {
179 char buf[1024];
180 int nmod=0;
181 DSA *dsa=NULL;
182
183 while(fgets(buf,sizeof buf,stdin) != NULL)
184 {
185 if(!strncmp(buf,"[mod = ",7))
186 {
187 nmod=atoi(buf+7);
188 printf("[mod = %d]\n\n",nmod);
189
190 dsa=DSA_generate_parameters(nmod,NULL,0,NULL,NULL,NULL,NULL);
191 pbn("P",dsa->p);
192 pbn("Q",dsa->q);
193 pbn("G",dsa->g);
194 putc('\n',stdout);
195 }
196 else if(!strncmp(buf,"Msg = ",6))
197 {
198 unsigned char msg[1024];
199 unsigned char hash[20];
200 int n;
201 DSA_SIG *sig;
202
203 n=hex2bin(buf+6,msg);
204 pv("Msg",msg,n);
205
206 DSA_generate_key(dsa);
207 pbn("Y",dsa->pub_key);
208
209 SHA1(msg,n,hash);
210 sig=DSA_do_sign(hash,sizeof hash,dsa);
211 pbn("R",sig->r);
212 pbn("S",sig->s);
213 putc('\n',stdout);
214 }
215 }
216 }
217
218void sigver()
219 {
220 DSA *dsa=NULL;
221 char buf[1024];
222 int nmod=0;
223 unsigned char hash[20];
224 DSA_SIG *sig=DSA_SIG_new();
225
226 while(fgets(buf,sizeof buf,stdin) != NULL)
227 {
228 if(!strncmp(buf,"[mod = ",7))
229 {
230 nmod=atoi(buf+7);
231 if(dsa)
232 DSA_free(dsa);
233 dsa=DSA_new();
234 }
235 else if(!strncmp(buf,"P = ",4))
236 dsa->p=hex2bn(buf+4);
237 else if(!strncmp(buf,"Q = ",4))
238 dsa->q=hex2bn(buf+4);
239 else if(!strncmp(buf,"G = ",4))
240 {
241 dsa->g=hex2bn(buf+4);
242
243 printf("[mod = %d]\n\n",nmod);
244 pbn("P",dsa->p);
245 pbn("Q",dsa->q);
246 pbn("G",dsa->g);
247 putc('\n',stdout);
248 }
249 else if(!strncmp(buf,"Msg = ",6))
250 {
251 unsigned char msg[1024];
252 int n;
253
254 n=hex2bin(buf+6,msg);
255 pv("Msg",msg,n);
256 SHA1(msg,n,hash);
257 }
258 else if(!strncmp(buf,"Y = ",4))
259 dsa->pub_key=hex2bn(buf+4);
260 else if(!strncmp(buf,"R = ",4))
261 sig->r=hex2bn(buf+4);
262 else if(!strncmp(buf,"S = ",4))
263 {
264 sig->s=hex2bn(buf+4);
265
266 pbn("Y",dsa->pub_key);
267 pbn("R",sig->r);
268 pbn("S",sig->s);
269 printf("Result = %c\n",DSA_do_verify(hash,sizeof hash,sig,dsa)
270 ? 'P' : 'F');
271 putc('\n',stdout);
272 }
273 }
274 }
275
276int main(int argc,char **argv)
277 {
278 if(argc != 2)
279 {
280 fprintf(stderr,"%s [prime|pqg]\n",argv[0]);
281 exit(1);
282 }
283 if(!FIPS_mode_set(1,argv[0]))
284 {
285 ERR_load_crypto_strings();
286 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
287 exit(1);
288 }
289 if(!strcmp(argv[1],"prime"))
290 primes();
291 else if(!strcmp(argv[1],"pqg"))
292 pqg();
293 else if(!strcmp(argv[1],"keypair"))
294 keypair();
295 else if(!strcmp(argv[1],"siggen"))
296 siggen();
297 else if(!strcmp(argv[1],"sigver"))
298 sigver();
299 else
300 {
301 fprintf(stderr,"Don't know how to %s.\n",argv[1]);
302 exit(1);
303 }
304
305 return 0;
306 }
diff --git a/src/lib/libssl/src/fips/fips-lib.com b/src/lib/libssl/src/fips/fips-lib.com
deleted file mode 100644
index f3571bf845..0000000000
--- a/src/lib/libssl/src/fips/fips-lib.com
+++ /dev/null
@@ -1,1180 +0,0 @@
1$!
2$! FIPS-LIB.COM
3$! Written By: Robert Byer
4$! Vice-President
5$! A-Com Computing, Inc.
6$! byer@mail.all-net.net
7$!
8$! Changes by Richard Levitte <richard@levitte.org>
9$!
10$! This command files compiles and creates the FIPS parts of the
11$! "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library for OpenSSL. The "xxx"
12$! denotes the machine architecture of AXP or VAX.
13$!
14$! It was re-written so it would try to determine what "C" compiler to use
15$! or you can specify which "C" compiler to use.
16$!
17$! Specify the following as P1 to build just that part or ALL to just
18$! build everything.
19$!
20$! LIBRARY To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
21$! APPS To just compile the [.xxx.EXE.CRYPTO]*.EXE
22$! ALL To do both LIBRARY and APPS
23$!
24$! Specify DEBUG or NODEBUG as P2 to compile with or without debugger
25$! information.
26$!
27$! Specify which compiler at P3 to try to compile under.
28$!
29$! VAXC For VAX C.
30$! DECC For DEC C.
31$! GNUC For GNU C.
32$!
33$! If you don't speficy a compiler, it will try to determine which
34$! "C" compiler to use.
35$!
36$! P4, if defined, sets a TCP/IP library to use, through one of the following
37$! keywords:
38$!
39$! UCX for UCX
40$! TCPIP for TCPIP (post UCX)
41$! SOCKETSHR for SOCKETSHR+NETLIB
42$!
43$! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
44$!
45$! P6, if defined, sets a choice of crypto methods to compile.
46$! WARNING: this should only be done to recompile some part of an already
47$! fully compiled library.
48$!
49$!
50$! Define A TCP/IP Library That We Will Need To Link To.
51$! (That Is, If We Need To Link To One.)
52$!
53$ TCPIP_LIB = ""
54$!
55$! Check Which Architecture We Are Using.
56$!
57$ IF (F$GETSYI("CPU").GE.128)
58$ THEN
59$!
60$! The Architecture Is AXP
61$!
62$ ARCH := AXP
63$!
64$! Else...
65$!
66$ ELSE
67$!
68$! The Architecture Is VAX.
69$!
70$ ARCH := VAX
71$!
72$! End The Architecture Check.
73$!
74$ ENDIF
75$!
76$! Define The Different Encryption Types.
77$!
78$ ENCRYPT_TYPES = "Basic,SHA1,RAND,DES,AES,DSA,RSA,DH"
79$!
80$! Check To Make Sure We Have Valid Command Line Parameters.
81$!
82$ GOSUB CHECK_OPTIONS
83$!
84$! Initialise logical names and such
85$!
86$ GOSUB INITIALISE
87$!
88$! Tell The User What Kind of Machine We Run On.
89$!
90$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
91$!
92$! Define The OBJ Directory.
93$!
94$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO]
95$!
96$! Check To See If The Architecture Specific OBJ Directory Exists.
97$!
98$ IF (F$PARSE(OBJ_DIR).EQS."")
99$ THEN
100$!
101$! It Dosen't Exist, So Create It.
102$!
103$ CREATE/DIR 'OBJ_DIR'
104$!
105$! End The Architecture Specific OBJ Directory Check.
106$!
107$ ENDIF
108$!
109$! Define The EXE Directory.
110$!
111$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]
112$!
113$! Check To See If The Architecture Specific Directory Exists.
114$!
115$ IF (F$PARSE(EXE_DIR).EQS."")
116$ THEN
117$!
118$! It Dosen't Exist, So Create It.
119$!
120$ CREATE/DIRECTORY 'EXE_DIR'
121$!
122$! End The Architecture Specific Directory Check.
123$!
124$ ENDIF
125$!
126$! Define The Library Name.
127$!
128$ LIB_NAME := 'EXE_DIR'LIBCRYPTO.OLB
129$!
130$! Define The CRYPTO-LIB We Are To Use.
131$!
132$ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO.OLB
133$!
134$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library...
135$!
136$ IF (F$SEARCH(LIB_NAME).EQS."")
137$ THEN
138$!
139$! Guess Not, Create The Library.
140$!
141$ LIBRARY/CREATE/OBJECT 'LIB_NAME'
142$!
143$! End The Library Check.
144$!
145$ ENDIF
146$!
147$! Build our options file for the application
148$!
149$ GOSUB CHECK_OPT_FILE
150$!
151$! Define The Different Encryption "library" Strings.
152$!
153$ LIB_ = "fips,fips_err_wrapper"
154$ LIB_SHA1 = "fips_sha1dgst,fips_sha1_selftest"
155$ LIB_RAND = "fips_rand"
156$ LIB_DES = "fips_des_enc,fips_des_selftest,fips_set_key"
157$ LIB_AES = "fips_aes_core,fips_aes_selftest"
158$ LIB_DSA = "fips_dsa_ossl,fips_dsa_gen,fips_dsa_selftest"
159$ LIB_RSA = "fips_rsa_eay,fips_rsa_gen,fips_rsa_selftest"
160$ LIB_DH = "fips_dh_check,fips_dh_gen,fips_dh_key"
161$!
162$! Setup exceptional compilations
163$!
164$ COMPILEWITH_CC3 = ",bss_rtcp,"
165$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,"
166$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
167 "sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
168$!
169$! Figure Out What Other Modules We Are To Build.
170$!
171$ BUILD_SET:
172$!
173$! Define A Module Counter.
174$!
175$ MODULE_COUNTER = 0
176$!
177$! Top Of The Loop.
178$!
179$ MODULE_NEXT:
180$!
181$! Extract The Module Name From The Encryption List.
182$!
183$ MODULE_NAME = F$ELEMENT(MODULE_COUNTER,",",ENCRYPT_TYPES)
184$ IF MODULE_NAME.EQS."Basic" THEN MODULE_NAME = ""
185$ MODULE_NAME1 = MODULE_NAME
186$!
187$! Check To See If We Are At The End Of The Module List.
188$!
189$ IF (MODULE_NAME.EQS.",")
190$ THEN
191$!
192$! We Are At The End Of The Module List, Go To MODULE_DONE.
193$!
194$ GOTO MODULE_DONE
195$!
196$! End The Module List Check.
197$!
198$ ENDIF
199$!
200$! Increment The Moudle Counter.
201$!
202$ MODULE_COUNTER = MODULE_COUNTER + 1
203$!
204$! Create The Library and Apps Module Names.
205$!
206$ LIB_MODULE = "LIB_" + MODULE_NAME
207$ APPS_MODULE = "APPS_" + MODULE_NAME
208$ IF (MODULE_NAME.EQS."ASN1_2")
209$ THEN
210$ MODULE_NAME = "ASN1"
211$ ENDIF
212$ IF (MODULE_NAME.EQS."EVP_2")
213$ THEN
214$ MODULE_NAME = "EVP"
215$ ENDIF
216$!
217$! Set state (can be LIB and APPS)
218$!
219$ STATE = "LIB"
220$ IF BUILDALL .EQS. "APPS" THEN STATE = "APPS"
221$!
222$! Check if the library module name actually is defined
223$!
224$ IF F$TYPE('LIB_MODULE') .EQS. ""
225$ THEN
226$ WRITE SYS$ERROR ""
227$ WRITE SYS$ERROR "The module ",MODULE_NAME," does not exist. Continuing..."
228$ WRITE SYS$ERROR ""
229$ GOTO MODULE_NEXT
230$ ENDIF
231$!
232$! Top Of The Module Loop.
233$!
234$ MODULE_AGAIN:
235$!
236$! Tell The User What Module We Are Building.
237$!
238$ IF (MODULE_NAME1.NES."")
239$ THEN
240$ IF STATE .EQS. "LIB"
241$ THEN
242$ WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Library Files. (",BUILDALL,",",STATE,")"
243$ ELSE IF F$TYPE('APPS_MODULE') .NES. ""
244$ THEN
245$ WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Applications. (",BUILDALL,",",STATE,")"
246$ ENDIF
247$ ENDIF
248$ ENDIF
249$!
250$! Define A File Counter And Set It To "0".
251$!
252$ FILE_COUNTER = 0
253$ APPLICATION = ""
254$ APPLICATION_COUNTER = 0
255$!
256$! Top Of The File Loop.
257$!
258$ NEXT_FILE:
259$!
260$! Look in the LIB_MODULE is we're in state LIB
261$!
262$ IF STATE .EQS. "LIB"
263$ THEN
264$!
265$! O.K, Extract The File Name From The File List.
266$!
267$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE')
268$!
269$! else
270$!
271$ ELSE
272$ FILE_NAME = ","
273$!
274$ IF F$TYPE('APPS_MODULE') .NES. ""
275$ THEN
276$!
277$! Extract The File Name From The File List.
278$! This part is a bit more complicated.
279$!
280$ IF APPLICATION .EQS. ""
281$ THEN
282$ APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
283$ APPLICATION_COUNTER = APPLICATION_COUNTER + 1
284$ APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
285$ APPLICATION = F$ELEMENT(0,"/",APPLICATION)
286$ FILE_COUNTER = 0
287$ ENDIF
288$
289$! WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
290$! SHOW SYMBOL APPLICATION*
291$!
292$ IF APPLICATION .NES. ";"
293$ THEN
294$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",APPLICATION_OBJECTS)
295$ IF FILE_NAME .EQS. ","
296$ THEN
297$ APPLICATION = ""
298$ GOTO NEXT_FILE
299$ ENDIF
300$ ENDIF
301$ ENDIF
302$ ENDIF
303$!
304$! Check To See If We Are At The End Of The File List.
305$!
306$ IF (FILE_NAME.EQS.",")
307$ THEN
308$!
309$! We Are At The End Of The File List, Change State Or Goto FILE_DONE.
310$!
311$ IF STATE .EQS. "LIB" .AND. BUILDALL .NES. "LIBRARY"
312$ THEN
313$ STATE = "APPS"
314$ GOTO MODULE_AGAIN
315$ ELSE
316$ GOTO FILE_DONE
317$ ENDIF
318$!
319$! End The File List Check.
320$!
321$ ENDIF
322$!
323$! Increment The Counter.
324$!
325$ FILE_COUNTER = FILE_COUNTER + 1
326$!
327$! Create The Source File Name.
328$!
329$ TMP_FILE_NAME = F$ELEMENT(1,"]",FILE_NAME)
330$ IF TMP_FILE_NAME .EQS. "]" THEN TMP_FILE_NAME = FILE_NAME
331$ IF F$ELEMENT(0,".",TMP_FILE_NAME) .EQS. TMP_FILE_NAME THEN -
332 FILE_NAME = FILE_NAME + ".c"
333$ IF (MODULE_NAME.NES."")
334$ THEN
335$ SOURCE_FILE = "SYS$DISK:[." + MODULE_NAME+ "]" + FILE_NAME
336$ ELSE
337$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME
338$ ENDIF
339$ SOURCE_FILE = SOURCE_FILE - "]["
340$!
341$! Create The Object File Name.
342$!
343$ OBJECT_FILE = OBJ_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".OBJ"
344$ ON WARNING THEN GOTO NEXT_FILE
345$!
346$! Check To See If The File We Want To Compile Is Actually There.
347$!
348$ IF (F$SEARCH(SOURCE_FILE).EQS."")
349$ THEN
350$!
351$! Tell The User That The File Doesn't Exist.
352$!
353$ WRITE SYS$OUTPUT ""
354$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Doesn't Exist."
355$ WRITE SYS$OUTPUT ""
356$!
357$! Exit The Build.
358$!
359$ GOTO EXIT
360$!
361$! End The File Exist Check.
362$!
363$ ENDIF
364$!
365$! Tell The User We Are Compiling The File.
366$!
367$ IF (MODULE_NAME.EQS."")
368$ THEN
369$ WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File. (",BUILDALL,",",STATE,")"
370$ ENDIF
371$ IF (MODULE_NAME.NES."")
372$ THEN
373$ WRITE SYS$OUTPUT " ",FILE_NAME,""
374$ ENDIF
375$!
376$! Compile The File.
377$!
378$ ON ERROR THEN GOTO NEXT_FILE
379$ FILE_NAME0 = F$ELEMENT(0,".",FILE_NAME)
380$ IF FILE_NAME - ".mar" .NES. FILE_NAME
381$ THEN
382$ MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
383$ ELSE
384$ IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3
385$ THEN
386$ CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
387$ ELSE
388$ IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4
389$ THEN
390$ CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
391$ ELSE
392$ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
393$ THEN
394$ CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
395$ ELSE
396$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
397$ ENDIF
398$ ENDIF
399$ ENDIF
400$ ENDIF
401$ IF STATE .EQS. "LIB"
402$ THEN
403$!
404$! Add It To The Library.
405$!
406$ LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE'
407$!
408$! Time To Clean Up The Object File.
409$!
410$ DELETE 'OBJECT_FILE';*
411$ ENDIF
412$!
413$! Go Back And Do It Again.
414$!
415$ GOTO NEXT_FILE
416$!
417$! All Done With This Library Part.
418$!
419$ FILE_DONE:
420$!
421$! Time To Build Some Applications
422$!
423$ IF F$TYPE('APPS_MODULE') .NES. "" .AND. BUILDALL .NES. "LIBRARY"
424$ THEN
425$ APPLICATION_COUNTER = 0
426$ NEXT_APPLICATION:
427$ APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
428$ IF APPLICATION .EQS. ";" THEN GOTO APPLICATION_DONE
429$
430$ APPLICATION_COUNTER = APPLICATION_COUNTER + 1
431$ APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
432$ APPLICATION = F$ELEMENT(0,"/",APPLICATION)
433$
434$! WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
435$! SHOW SYMBOL APPLICATION*
436$!
437$! Tell the user what happens
438$!
439$ WRITE SYS$OUTPUT " ",APPLICATION,".exe"
440$!
441$! Link The Program.
442$!
443$ ON ERROR THEN GOTO NEXT_APPLICATION
444$!
445$! Check To See If We Are To Link With A Specific TCP/IP Library.
446$!
447$ IF (TCPIP_LIB.NES."")
448$ THEN
449$!
450$! Link With A TCP/IP Library.
451$!
452$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE -
453 'OBJ_DIR''APPLICATION_OBJECTS', -
454 'CRYPTO_LIB'/LIBRARY, -
455 'TCPIP_LIB','OPT_FILE'/OPTION
456$!
457$! Else...
458$!
459$ ELSE
460$!
461$! Don't Link With A TCP/IP Library.
462$!
463$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE -
464 'OBJ_DIR''APPLICATION_OBJECTS',-
465 'CRYPTO_LIB'/LIBRARY, -
466 'OPT_FILE'/OPTION
467$!
468$! End The TCP/IP Library Check.
469$!
470$ ENDIF
471$ GOTO NEXT_APPLICATION
472$ APPLICATION_DONE:
473$ ENDIF
474$!
475$! Go Back And Get The Next Module.
476$!
477$ GOTO MODULE_NEXT
478$!
479$! All Done With This Module.
480$!
481$ MODULE_DONE:
482$!
483$! Tell The User That We Are All Done.
484$!
485$ WRITE SYS$OUTPUT "All Done..."
486$ EXIT:
487$ GOSUB CLEANUP
488$ EXIT
489$!
490$! Check For The Link Option FIle.
491$!
492$ CHECK_OPT_FILE:
493$!
494$! Check To See If We Need To Make A VAX C Option File.
495$!
496$ IF (COMPILER.EQS."VAXC")
497$ THEN
498$!
499$! Check To See If We Already Have A VAX C Linker Option File.
500$!
501$ IF (F$SEARCH(OPT_FILE).EQS."")
502$ THEN
503$!
504$! We Need A VAX C Linker Option File.
505$!
506$ CREATE 'OPT_FILE'
507$DECK
508!
509! Default System Options File To Link Agianst
510! The Sharable VAX C Runtime Library.
511!
512SYS$SHARE:VAXCRTL.EXE/SHARE
513$EOD
514$!
515$! End The Option File Check.
516$!
517$ ENDIF
518$!
519$! End The VAXC Check.
520$!
521$ ENDIF
522$!
523$! Check To See If We Need A GNU C Option File.
524$!
525$ IF (COMPILER.EQS."GNUC")
526$ THEN
527$!
528$! Check To See If We Already Have A GNU C Linker Option File.
529$!
530$ IF (F$SEARCH(OPT_FILE).EQS."")
531$ THEN
532$!
533$! We Need A GNU C Linker Option File.
534$!
535$ CREATE 'OPT_FILE'
536$DECK
537!
538! Default System Options File To Link Agianst
539! The Sharable C Runtime Library.
540!
541GNU_CC:[000000]GCCLIB/LIBRARY
542SYS$SHARE:VAXCRTL/SHARE
543$EOD
544$!
545$! End The Option File Check.
546$!
547$ ENDIF
548$!
549$! End The GNU C Check.
550$!
551$ ENDIF
552$!
553$! Check To See If We Need A DEC C Option File.
554$!
555$ IF (COMPILER.EQS."DECC")
556$ THEN
557$!
558$! Check To See If We Already Have A DEC C Linker Option File.
559$!
560$ IF (F$SEARCH(OPT_FILE).EQS."")
561$ THEN
562$!
563$! Figure Out If We Need An AXP Or A VAX Linker Option File.
564$!
565$ IF ARCH .EQS. "VAX"
566$ THEN
567$!
568$! We Need A DEC C Linker Option File For VAX.
569$!
570$ CREATE 'OPT_FILE'
571$DECK
572!
573! Default System Options File To Link Agianst
574! The Sharable DEC C Runtime Library.
575!
576SYS$SHARE:DECC$SHR.EXE/SHARE
577$EOD
578$!
579$! Else...
580$!
581$ ELSE
582$!
583$! Create The AXP Linker Option File.
584$!
585$ CREATE 'OPT_FILE'
586$DECK
587!
588! Default System Options File For AXP To Link Agianst
589! The Sharable C Runtime Library.
590!
591SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
592SYS$SHARE:CMA$OPEN_RTL/SHARE
593$EOD
594$!
595$! End The VAX/AXP DEC C Option File Check.
596$!
597$ ENDIF
598$!
599$! End The Option File Search.
600$!
601$ ENDIF
602$!
603$! End The DEC C Check.
604$!
605$ ENDIF
606$!
607$! Tell The User What Linker Option File We Are Using.
608$!
609$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."
610$!
611$! Time To RETURN.
612$!
613$ RETURN
614$!
615$! Check The User's Options.
616$!
617$ CHECK_OPTIONS:
618$!
619$! Check To See If P1 Is Blank.
620$!
621$ IF (P1.EQS."ALL")
622$ THEN
623$!
624$! P1 Is Blank, So Build Everything.
625$!
626$ BUILDALL = "TRUE"
627$!
628$! Else...
629$!
630$ ELSE
631$!
632$! Else, Check To See If P1 Has A Valid Arguement.
633$!
634$ IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS")
635$ THEN
636$!
637$! A Valid Arguement.
638$!
639$ BUILDALL = P1
640$!
641$! Else...
642$!
643$ ELSE
644$!
645$! Tell The User We Don't Know What They Want.
646$!
647$ WRITE SYS$OUTPUT ""
648$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:"
649$ WRITE SYS$OUTPUT ""
650$ WRITE SYS$OUTPUT " ALL : Just Build Everything."
651$ WRITE SYS$OUTPUT " LIBRARY : To Compile Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
652$ WRITE SYS$OUTPUT " APPS : To Compile Just The [.xxx.EXE.CRYPTO]*.EXE Programs."
653$ WRITE SYS$OUTPUT ""
654$ WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
655$ WRITE SYS$OUTPUT ""
656$ WRITE SYS$OUTPUT " AXP : Alpha Architecture."
657$ WRITE SYS$OUTPUT " VAX : VAX Architecture."
658$ WRITE SYS$OUTPUT ""
659$!
660$! Time To EXIT.
661$!
662$ EXIT
663$!
664$! End The Valid Arguement Check.
665$!
666$ ENDIF
667$!
668$! End The P1 Check.
669$!
670$ ENDIF
671$!
672$! Check To See If P2 Is Blank.
673$!
674$ IF (P2.EQS."NODEBUG")
675$ THEN
676$!
677$! P2 Is NODEBUG, So Compile Without The Debugger Information.
678$!
679$ DEBUGGER = "NODEBUG"
680$ TRACEBACK = "NOTRACEBACK"
681$ GCC_OPTIMIZE = "OPTIMIZE"
682$ CC_OPTIMIZE = "OPTIMIZE"
683$ MACRO_OPTIMIZE = "OPTIMIZE"
684$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
685$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
686$ ELSE
687$!
688$! Check To See If We Are To Compile With Debugger Information.
689$!
690$ IF (P2.EQS."DEBUG")
691$ THEN
692$!
693$! Compile With Debugger Information.
694$!
695$ DEBUGGER = "DEBUG"
696$ TRACEBACK = "TRACEBACK"
697$ GCC_OPTIMIZE = "NOOPTIMIZE"
698$ CC_OPTIMIZE = "NOOPTIMIZE"
699$ MACRO_OPTIMIZE = "NOOPTIMIZE"
700$ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
701$ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
702$ ELSE
703$!
704$! They Entered An Invalid Option..
705$!
706$ WRITE SYS$OUTPUT ""
707$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:"
708$ WRITE SYS$OUTPUT ""
709$ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information."
710$ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information."
711$ WRITE SYS$OUTPUT ""
712$!
713$! Time To EXIT.
714$!
715$ EXIT
716$!
717$! End The Valid Arguement Check.
718$!
719$ ENDIF
720$!
721$! End The P2 Check.
722$!
723$ ENDIF
724$!
725$! Special Threads For OpenVMS v7.1 Or Later
726$!
727$! Written By: Richard Levitte
728$! richard@levitte.org
729$!
730$!
731$! Check To See If We Have A Option For P5.
732$!
733$ IF (P5.EQS."")
734$ THEN
735$!
736$! Get The Version Of VMS We Are Using.
737$!
738$ ISSEVEN :=
739$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
740$ TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
741$!
742$! Check To See If The VMS Version Is v7.1 Or Later.
743$!
744$ IF (TMP.GE.71)
745$ THEN
746$!
747$! We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
748$!
749$ ISSEVEN := ,PTHREAD_USE_D4
750$!
751$! End The VMS Version Check.
752$!
753$ ENDIF
754$!
755$! End The P5 Check.
756$!
757$ ENDIF
758$!
759$! Check To See If P3 Is Blank.
760$!
761$ IF (P3.EQS."")
762$ THEN
763$!
764$! O.K., The User Didn't Specify A Compiler, Let's Try To
765$! Find Out Which One To Use.
766$!
767$! Check To See If We Have GNU C.
768$!
769$ IF (F$TRNLNM("GNU_CC").NES."")
770$ THEN
771$!
772$! Looks Like GNUC, Set To Use GNUC.
773$!
774$ P3 = "GNUC"
775$!
776$! Else...
777$!
778$ ELSE
779$!
780$! Check To See If We Have VAXC Or DECC.
781$!
782$ IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
783$ THEN
784$!
785$! Looks Like DECC, Set To Use DECC.
786$!
787$ P3 = "DECC"
788$!
789$! Else...
790$!
791$ ELSE
792$!
793$! Looks Like VAXC, Set To Use VAXC.
794$!
795$ P3 = "VAXC"
796$!
797$! End The VAXC Compiler Check.
798$!
799$ ENDIF
800$!
801$! End The DECC & VAXC Compiler Check.
802$!
803$ ENDIF
804$!
805$! End The Compiler Check.
806$!
807$ ENDIF
808$!
809$! Check To See If We Have A Option For P4.
810$!
811$ IF (P4.EQS."")
812$ THEN
813$!
814$! Find out what socket library we have available
815$!
816$ IF F$PARSE("SOCKETSHR:") .NES. ""
817$ THEN
818$!
819$! We have SOCKETSHR, and it is my opinion that it's the best to use.
820$!
821$ P4 = "SOCKETSHR"
822$!
823$! Tell the user
824$!
825$ WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
826$!
827$! Else, let's look for something else
828$!
829$ ELSE
830$!
831$! Like UCX (the reason to do this before Multinet is that the UCX
832$! emulation is easier to use...)
833$!
834$ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
835 .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
836 .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
837$ THEN
838$!
839$! Last resort: a UCX or UCX-compatible library
840$!
841$ P4 = "UCX"
842$!
843$! Tell the user
844$!
845$ WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
846$!
847$! That was all...
848$!
849$ ENDIF
850$ ENDIF
851$ ENDIF
852$!
853$! Set Up Initial CC Definitions, Possibly With User Ones
854$!
855$ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
856$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
857$ CCEXTRAFLAGS = ""
858$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
859$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
860$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
861 CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
862$!
863$! Check To See If The User Entered A Valid Paramter.
864$!
865$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
866$ THEN
867$!
868$! Check To See If The User Wanted DECC.
869$!
870$ IF (P3.EQS."DECC")
871$ THEN
872$!
873$! Looks Like DECC, Set To Use DECC.
874$!
875$ COMPILER = "DECC"
876$!
877$! Tell The User We Are Using DECC.
878$!
879$ WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
880$!
881$! Use DECC...
882$!
883$ CC = "CC"
884$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
885 THEN CC = "CC/DECC"
886$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
887 "/NOLIST/PREFIX=ALL" + -
888 "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + -
889 CCEXTRAFLAGS
890$!
891$! Define The Linker Options File Name.
892$!
893$ OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
894$!
895$! End DECC Check.
896$!
897$ ENDIF
898$!
899$! Check To See If We Are To Use VAXC.
900$!
901$ IF (P3.EQS."VAXC")
902$ THEN
903$!
904$! Looks Like VAXC, Set To Use VAXC.
905$!
906$ COMPILER = "VAXC"
907$!
908$! Tell The User We Are Using VAX C.
909$!
910$ WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
911$!
912$! Compile Using VAXC.
913$!
914$ CC = "CC"
915$ IF ARCH.EQS."AXP"
916$ THEN
917$ WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
918$ EXIT
919$ ENDIF
920$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
921$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
922 "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + -
923 CCEXTRAFLAGS
924$ CCDEFS = """VAXC""," + CCDEFS
925$!
926$! Define <sys> As SYS$COMMON:[SYSLIB]
927$!
928$ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
929$!
930$! Define The Linker Options File Name.
931$!
932$ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
933$!
934$! End VAXC Check
935$!
936$ ENDIF
937$!
938$! Check To See If We Are To Use GNU C.
939$!
940$ IF (P3.EQS."GNUC")
941$ THEN
942$!
943$! Looks Like GNUC, Set To Use GNUC.
944$!
945$ COMPILER = "GNUC"
946$!
947$! Tell The User We Are Using GNUC.
948$!
949$ WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
950$!
951$! Use GNU C...
952$!
953$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
954 "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + -
955 CCEXTRAFLAGS
956$!
957$! Define The Linker Options File Name.
958$!
959$ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
960$!
961$! End The GNU C Check.
962$!
963$ ENDIF
964$!
965$! Set up default defines
966$!
967$ CCDEFS = """FLAT_INC=1""," + CCDEFS
968$!
969$! Finish up the definition of CC.
970$!
971$ IF COMPILER .EQS. "DECC"
972$ THEN
973$ IF CCDISABLEWARNINGS .EQS. ""
974$ THEN
975$ CC4DISABLEWARNINGS = "DOLLARID"
976$ ELSE
977$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
978$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
979$ ENDIF
980$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
981$ ELSE
982$ CCDISABLEWARNINGS = ""
983$ CC4DISABLEWARNINGS = ""
984$ ENDIF
985$ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
986$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
987$ IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG"
988$ THEN
989$ CC5 = CC + "/OPTIMIZE=NODISJOINT"
990$ ELSE
991$ CC5 = CC + "/NOOPTIMIZE"
992$ ENDIF
993$ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
994$!
995$! Show user the result
996$!
997$ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
998$!
999$! Else The User Entered An Invalid Arguement.
1000$!
1001$ ELSE
1002$!
1003$! Tell The User We Don't Know What They Want.
1004$!
1005$ WRITE SYS$OUTPUT ""
1006$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:"
1007$ WRITE SYS$OUTPUT ""
1008$ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C."
1009$ WRITE SYS$OUTPUT " DECC : To Compile With DEC C."
1010$ WRITE SYS$OUTPUT " GNUC : To Compile With GNU C."
1011$ WRITE SYS$OUTPUT ""
1012$!
1013$! Time To EXIT.
1014$!
1015$ EXIT
1016$!
1017$! End The Valid Arguement Check.
1018$!
1019$ ENDIF
1020$!
1021$! Build a MACRO command for the architecture at hand
1022$!
1023$ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'"
1024$ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
1025$!
1026$! Show user the result
1027$!
1028$ WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
1029$!
1030$! Time to check the contents, and to make sure we get the correct library.
1031$!
1032$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" -
1033 .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
1034$ THEN
1035$!
1036$! Check to see if SOCKETSHR was chosen
1037$!
1038$ IF P4.EQS."SOCKETSHR"
1039$ THEN
1040$!
1041$! Set the library to use SOCKETSHR
1042$!
1043$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
1044$!
1045$! Done with SOCKETSHR
1046$!
1047$ ENDIF
1048$!
1049$! Check to see if MULTINET was chosen
1050$!
1051$ IF P4.EQS."MULTINET"
1052$ THEN
1053$!
1054$! Set the library to use UCX emulation.
1055$!
1056$ P4 = "UCX"
1057$!
1058$! Done with MULTINET
1059$!
1060$ ENDIF
1061$!
1062$! Check to see if UCX was chosen
1063$!
1064$ IF P4.EQS."UCX"
1065$ THEN
1066$!
1067$! Set the library to use UCX.
1068$!
1069$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
1070$ IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
1071$ THEN
1072$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
1073$ ELSE
1074$ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
1075 TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
1076$ ENDIF
1077$!
1078$! Done with UCX
1079$!
1080$ ENDIF
1081$!
1082$! Check to see if TCPIP was chosen
1083$!
1084$ IF P4.EQS."TCPIP"
1085$ THEN
1086$!
1087$! Set the library to use TCPIP (post UCX).
1088$!
1089$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
1090$!
1091$! Done with TCPIP
1092$!
1093$ ENDIF
1094$!
1095$! Check to see if NONE was chosen
1096$!
1097$ IF P4.EQS."NONE"
1098$ THEN
1099$!
1100$! Do not use a TCPIP library.
1101$!
1102$ TCPIP_LIB = ""
1103$!
1104$! Done with TCPIP
1105$!
1106$ ENDIF
1107$!
1108$! Print info
1109$!
1110$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
1111$!
1112$! Else The User Entered An Invalid Arguement.
1113$!
1114$ ELSE
1115$!
1116$! Tell The User We Don't Know What They Want.
1117$!
1118$ WRITE SYS$OUTPUT ""
1119$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:"
1120$ WRITE SYS$OUTPUT ""
1121$ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library."
1122$ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library."
1123$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library."
1124$ WRITE SYS$OUTPUT ""
1125$!
1126$! Time To EXIT.
1127$!
1128$ EXIT
1129$!
1130$! Done with TCP/IP libraries
1131$!
1132$ ENDIF
1133$!
1134$! Check if the user wanted to compile just a subset of all the encryption
1135$! methods.
1136$!
1137$ IF P6 .NES. ""
1138$ THEN
1139$ ENCRYPT_TYPES = P6
1140$ ENDIF
1141$!
1142$! Time To RETURN...
1143$!
1144$ RETURN
1145$!
1146$ INITIALISE:
1147$!
1148$! Save old value of the logical name OPENSSL
1149$!
1150$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
1151$!
1152$! Save directory information
1153$!
1154$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
1155$ __HERE = F$EDIT(__HERE,"UPCASE")
1156$ __TOP = __HERE - "FIPS]"
1157$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
1158$!
1159$! Set up the logical name OPENSSL to point at the include directory
1160$!
1161$ DEFINE OPENSSL/NOLOG '__INCLUDE'
1162$!
1163$! Done
1164$!
1165$ RETURN
1166$!
1167$ CLEANUP:
1168$!
1169$! Restore the logical name OPENSSL if it had a value
1170$!
1171$ IF __SAVE_OPENSSL .EQS. ""
1172$ THEN
1173$ DEASSIGN OPENSSL
1174$ ELSE
1175$ DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
1176$ ENDIF
1177$!
1178$! Done
1179$!
1180$ RETURN
diff --git a/src/lib/libssl/src/fips/fips.c b/src/lib/libssl/src/fips/fips.c
deleted file mode 100644
index 7ecba57f70..0000000000
--- a/src/lib/libssl/src/fips/fips.c
+++ /dev/null
@@ -1,260 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 *
48 */
49
50#include <openssl/fips.h>
51#include <openssl/rand.h>
52#include <openssl/fips_rand.h>
53#include <openssl/err.h>
54#include <openssl/bio.h>
55#include <openssl/hmac.h>
56#include <string.h>
57#include <limits.h>
58#include "fips_locl.h"
59
60#ifdef OPENSSL_FIPS
61
62#ifndef PATH_MAX
63#define PATH_MAX 1024
64#endif
65
66static int fips_md5_allowed = 0;
67static int fips_selftest_fail = 0;
68
69void FIPS_allow_md5(int onoff)
70 {
71 if (fips_is_started())
72 {
73 int owning_thread = fips_is_owning_thread();
74
75 if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
76 fips_md5_allowed = onoff;
77 if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
78 }
79 }
80
81int FIPS_md5_allowed(void)
82 {
83 int ret = 1;
84 if (fips_is_started())
85 {
86 int owning_thread = fips_is_owning_thread();
87
88 if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
89 ret = fips_md5_allowed;
90 if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
91 }
92 return ret;
93 }
94
95int FIPS_selftest_failed(void)
96 {
97 int ret = 0;
98 if (fips_is_started())
99 {
100 int owning_thread = fips_is_owning_thread();
101
102 if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
103 ret = fips_selftest_fail;
104 if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
105 }
106 return ret;
107 }
108
109int FIPS_selftest()
110 {
111 ERR_load_crypto_strings();
112
113 return FIPS_selftest_sha1()
114 && FIPS_selftest_aes()
115 && FIPS_selftest_des()
116 && FIPS_selftest_rsa()
117 && FIPS_selftest_dsa();
118 }
119
120static int FIPS_check_exe(const char *path)
121 {
122 unsigned char buf[1024];
123 char p2[PATH_MAX];
124 unsigned int n;
125 unsigned char mdbuf[EVP_MAX_MD_SIZE];
126 FILE *f;
127 static char key[]="etaonrishdlcupfm";
128 HMAC_CTX hmac;
129 const char *sha1_fmt="%s.sha1";
130
131 f=fopen(path,"rb");
132#ifdef __CYGWIN32__
133 /* cygwin scrupulously strips .exe extentions:-( as of now it's
134 actually no point to attempt above fopen, but we keep the call
135 just in case the behavior changes in the future... */
136 if (!f)
137 {
138 sha1_fmt="%s.exe.sha1";
139 BIO_snprintf(p2,sizeof p2,"%s.exe",path);
140 f=fopen(p2,"rb");
141 }
142#endif
143 if(!f)
144 {
145 FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
146 return 0;
147 }
148 HMAC_Init(&hmac,key,strlen(key),EVP_sha1());
149 while(!feof(f))
150 {
151 n=fread(buf,1,sizeof buf,f);
152 if(ferror(f))
153 {
154 clearerr(f);
155 fclose(f);
156 FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
157 return 0;
158 }
159 if (n) HMAC_Update(&hmac,buf,n);
160 }
161 fclose(f);
162 HMAC_Final(&hmac,mdbuf,&n);
163 HMAC_CTX_cleanup(&hmac);
164 BIO_snprintf(p2,sizeof p2,sha1_fmt,path);
165 f=fopen(p2,"rb");
166 if(!f || fread(buf,1,20,f) != 20)
167 {
168 if (f) fclose(f);
169 FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE_DIGEST);
170 return 0;
171 }
172 fclose(f);
173 if(memcmp(buf,mdbuf,20))
174 {
175 FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_EXE_DIGEST_DOES_NOT_MATCH);
176 return 0;
177 }
178 return 1;
179 }
180
181int FIPS_mode_set(int onoff,const char *path)
182 {
183 void fips_set_mode(int _onoff);
184 int fips_set_owning_thread();
185 int fips_clear_owning_thread();
186 int ret = 0;
187
188 CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
189 fips_set_started();
190 fips_set_owning_thread();
191
192 if(onoff)
193 {
194 unsigned char buf[24];
195
196 fips_selftest_fail = 0;
197
198 /* Don't go into FIPS mode twice, just so we can do automagic
199 seeding */
200 if(FIPS_mode())
201 {
202 FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET);
203 fips_selftest_fail = 1;
204 ret = 0;
205 goto end;
206 }
207
208 if(!FIPS_check_exe(path))
209 {
210 fips_selftest_fail = 1;
211 ret = 0;
212 goto end;
213 }
214
215 /* automagically seed PRNG if not already seeded */
216 if(!FIPS_rand_seeded())
217 {
218 if(RAND_bytes(buf,sizeof buf) <= 0)
219 {
220 fips_selftest_fail = 1;
221 ret = 0;
222 goto end;
223 }
224 FIPS_set_prng_key(buf,buf+8);
225 FIPS_rand_seed(buf+16,8);
226 }
227
228 /* now switch into FIPS mode */
229 fips_set_rand_check(FIPS_rand_method());
230 RAND_set_rand_method(FIPS_rand_method());
231 if(FIPS_selftest())
232 fips_set_mode(1);
233 else
234 {
235 fips_selftest_fail = 1;
236 ret = 0;
237 goto end;
238 }
239 ret = 1;
240 goto end;
241 }
242 fips_set_mode(0);
243 fips_selftest_fail = 0;
244 ret = 1;
245end:
246 fips_clear_owning_thread();
247 CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
248 return ret;
249 }
250
251#if 0
252/* here just to cause error codes to exist */
253static void dummy()
254 {
255 FIPSerr(FIPS_F_HASH_FINAL,FIPS_F_NON_FIPS_METHOD);
256 FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_FIPS_SELFTEST_FAILED);
257 }
258#endif
259
260#endif
diff --git a/src/lib/libssl/src/fips/fips.h b/src/lib/libssl/src/fips/fips.h
deleted file mode 100644
index a4df06b148..0000000000
--- a/src/lib/libssl/src/fips/fips.h
+++ /dev/null
@@ -1,125 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 *
48 */
49
50#include <openssl/opensslconf.h>
51
52#ifdef OPENSSL_FIPS
53
54#ifdef __cplusplus
55extern "C" {
56#endif
57
58/* Note that these are defined in crypto/cryptlib.c so they're
59 * available even without -lfips.
60 */
61struct dsa_st;
62
63int FIPS_mode_set(int onoff,const char *path);
64void FIPS_allow_md5(int onoff);
65int FIPS_md5_allowed(void);
66int FIPS_selftest_failed(void);
67int FIPS_dsa_check(struct dsa_st *dsa);
68void FIPS_corrupt_sha1(void);
69int FIPS_selftest_sha1(void);
70void FIPS_corrupt_aes(void);
71int FIPS_selftest_aes(void);
72void FIPS_corrupt_des(void);
73int FIPS_selftest_des(void);
74void FIPS_corrupt_rsa(void);
75int FIPS_selftest_rsa(void);
76void FIPS_corrupt_dsa(void);
77int FIPS_selftest_dsa(void);
78
79/* The following lines are auto generated by the script mkerr.pl. Any changes
80 * made after this point may be overwritten when the script is next run.
81 */
82void ERR_load_FIPS_strings(void);
83
84/* BEGIN ERROR CODES */
85/* The following lines are auto generated by the script mkerr.pl. Any changes
86 * made after this point may be overwritten when the script is next run.
87 */
88void ERR_load_FIPS_strings(void);
89
90/* Error codes for the FIPS functions. */
91
92/* Function codes. */
93#define FIPS_F_DSA_DO_SIGN 111
94#define FIPS_F_DSA_DO_VERIFY 112
95#define FIPS_F_DSA_GENERATE_PARAMETERS 110
96#define FIPS_F_FIPS_CHECK_DSA 116
97#define FIPS_F_FIPS_CHECK_EXE 106
98#define FIPS_F_FIPS_CHECK_RSA 115
99#define FIPS_F_FIPS_DSA_CHECK 102
100#define FIPS_F_FIPS_MODE_SET 105
101#define FIPS_F_FIPS_SELFTEST_AES 104
102#define FIPS_F_FIPS_SELFTEST_DES 107
103#define FIPS_F_FIPS_SELFTEST_DSA 109
104#define FIPS_F_FIPS_SELFTEST_RSA 108
105#define FIPS_F_FIPS_SELFTEST_SHA1 103
106#define FIPS_F_HASH_FINAL 100
107#define FIPS_F_DH_GENERATE_PARAMETERS 117
108#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 114
109#define FIPS_F_RSA_GENERATE_KEY 113
110#define FIPS_F_SSLEAY_RAND_BYTES 101
111
112/* Reason codes. */
113#define FIPS_R_CANNOT_READ_EXE 103
114#define FIPS_R_CANNOT_READ_EXE_DIGEST 104
115#define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH 105
116#define FIPS_R_FIPS_MODE_ALREADY_SET 102
117#define FIPS_R_FIPS_SELFTEST_FAILED 106
118#define FIPS_R_NON_FIPS_METHOD 100
119#define FIPS_R_PAIRWISE_TEST_FAILED 107
120#define FIPS_R_SELFTEST_FAILED 101
121
122#ifdef __cplusplus
123}
124#endif
125#endif
diff --git a/src/lib/libssl/src/fips/fips_locl.h b/src/lib/libssl/src/fips/fips_locl.h
deleted file mode 100644
index 215e382549..0000000000
--- a/src/lib/libssl/src/fips/fips_locl.h
+++ /dev/null
@@ -1,67 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 *
48 */
49
50#ifdef OPENSSL_FIPS
51
52#ifdef __cplusplus
53extern "C" {
54#endif
55
56/* These are really defined in crypto/cryptlib.c */
57void fips_set_started(void);
58int fips_is_started(void);
59int fips_is_owning_thread(void);
60int fips_set_owning_thread(void);
61int fips_clear_owning_thread(void);
62void fips_set_rand_check(void *rand_check);
63
64#ifdef __cplusplus
65}
66#endif
67#endif
diff --git a/src/lib/libssl/src/fips/fips_test_suite.c b/src/lib/libssl/src/fips/fips_test_suite.c
deleted file mode 100644
index 60ee8d856b..0000000000
--- a/src/lib/libssl/src/fips/fips_test_suite.c
+++ /dev/null
@@ -1,341 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
3 *
4 *
5 * This command is intended as a test driver for the FIPS-140 testing
6 * lab performing FIPS-140 validation. It demonstrates the use of the
7 * OpenSSL library ito perform a variety of common cryptographic
8 * functions. A power-up self test is demonstrated by deliberately
9 * pointing to an invalid executable hash
10 *
11 * Contributed by Steve Marquess.
12 *
13 */
14#include <stdio.h>
15#include <assert.h>
16#include <ctype.h>
17#include <string.h>
18#include <stdlib.h>
19#include <openssl/aes.h>
20#include <openssl/des.h>
21#include <openssl/rsa.h>
22#include <openssl/dsa.h>
23#include <openssl/sha.h>
24#include <openssl/md5.h>
25#include <openssl/err.h>
26#include <openssl/fips.h>
27#include <openssl/bn.h>
28#include <openssl/rand.h>
29#ifndef OPENSSL_FIPS
30int main(int argc, char *argv[])
31 {
32 printf("No FIPS support\n");
33 return(0);
34 }
35#else
36
37/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
38*/
39static int FIPS_aes_test()
40 {
41 unsigned char userkey[16] = { 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xf0, 0x0d };
42 unsigned char plaintext[16] = "etaonrishdlcu";
43 unsigned char ciphertext[16];
44 unsigned char buf[16];
45 AES_KEY key;
46 AES_KEY dkey;
47
48 ERR_clear_error();
49 if (AES_set_encrypt_key( userkey, 128, &key ))
50 return 0;
51 AES_encrypt( plaintext, ciphertext, &key);
52 if (AES_set_decrypt_key( userkey, 128, &dkey ))
53 return 0;
54 AES_decrypt( ciphertext, buf, &dkey);
55 if (memcmp(buf, plaintext, sizeof(buf)))
56 return 0;
57 return 1;
58 }
59
60/* DES: encrypt and decrypt known plaintext, verify result matches original plaintext
61*/
62static int FIPS_des_test()
63 {
64 DES_cblock userkey = { 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xf0, 0x0d };
65 DES_cblock plaintext = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
66
67 DES_key_schedule key;
68 DES_cblock ciphertext;
69 DES_cblock buf;
70
71 ERR_clear_error();
72 if (DES_set_key(&userkey, &key) < 0)
73 return 0;
74 DES_ecb_encrypt( &plaintext, &ciphertext, &key, 1);
75 DES_ecb_encrypt( &ciphertext, &buf, &key, 0);
76 if (memcmp(buf, plaintext, sizeof(buf)))
77 return 0;
78 return 1;
79 }
80
81/* DSA: generate key and sign a known digest, then verify the signature
82 * against the digest
83*/
84static int FIPS_dsa_test()
85 {
86 DSA *dsa = NULL;
87 unsigned char dgst[] = "etaonrishdlc";
88 unsigned char sig[256];
89 unsigned int siglen;
90
91 ERR_clear_error();
92 dsa = DSA_generate_parameters(512,NULL,0,NULL,NULL,NULL,NULL);
93 if (!dsa)
94 return 0;
95 if (!DSA_generate_key(dsa))
96 return 0;
97 if ( DSA_sign(0,dgst,sizeof(dgst) - 1,sig,&siglen,dsa) != 1 )
98 return 0;
99 if ( DSA_verify(0,dgst,sizeof(dgst) - 1,sig,siglen,dsa) != 1 )
100 return 0;
101 DSA_free(dsa);
102 return 1;
103 }
104
105/* RSA: generate keys and encrypt and decrypt known plaintext, verify result
106 * matches the original plaintext
107*/
108static int FIPS_rsa_test()
109 {
110 RSA *key;
111 unsigned char input_ptext[] = "etaonrishdlc";
112 unsigned char ctext[256];
113 unsigned char ptext[256];
114 int n;
115
116 ERR_clear_error();
117 key = RSA_generate_key(1024,65537,NULL,NULL);
118 if (!key)
119 return 0;
120 n = RSA_size(key);
121 n = RSA_public_encrypt(sizeof(input_ptext) - 1,input_ptext,ctext,key,RSA_PKCS1_PADDING);
122 if (n < 0)
123 return 0;
124 n = RSA_private_decrypt(n,ctext,ptext,key,RSA_PKCS1_PADDING);
125 if (n < 0)
126 return 0;
127 RSA_free(key);
128 if (memcmp(input_ptext,ptext,sizeof(input_ptext) - 1))
129 return 0;
130 return 1;
131 }
132
133/* SHA1: generate hash of known digest value and compare to known
134 precomputed correct hash
135*/
136static int FIPS_sha1_test()
137 {
138 unsigned char digest[SHA_DIGEST_LENGTH] =
139 { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
140 unsigned char str[] = "etaonrishd";
141
142 unsigned char md[SHA_DIGEST_LENGTH];
143
144 ERR_clear_error();
145 if (!SHA1(str,sizeof(str) - 1,md)) return 0;
146 if (memcmp(md,digest,sizeof(md)))
147 return 0;
148 return 1;
149 }
150
151/* MD5: generate hash of known digest value and compare to known
152 precomputed correct hash
153*/
154static int md5_test()
155 {
156 unsigned char digest[MD5_DIGEST_LENGTH] =
157 { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
158 unsigned char str[] = "etaonrishd";
159
160 unsigned char md[MD5_DIGEST_LENGTH];
161
162 ERR_clear_error();
163 if (!MD5(str,sizeof(str) - 1,md))
164 return 0;
165 if (memcmp(md,digest,sizeof(md)))
166 return 0;
167 return 1;
168 }
169
170/* DH: generate shared parameters
171*/
172static int dh_test()
173 {
174 DH *dh;
175
176 ERR_clear_error();
177 dh = DH_generate_parameters(256, 2, NULL, NULL);
178 if (dh)
179 return 1;
180 return 0;
181 }
182
183/* Zeroize
184*/
185static int Zeroize()
186 {
187 RSA *key;
188 unsigned char userkey[16] =
189 { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
190 int i, n;
191
192 key = RSA_generate_key(1024,65537,NULL,NULL);
193 if (!key)
194 return 0;
195 n = BN_num_bytes(key->d);
196 printf(" Generated %d byte RSA private key\n", n);
197 printf("\tBN key before overwriting:\n%s\n", BN_bn2hex(key->d));
198 BN_rand(key->d,n*8,-1,0);
199 printf("\tBN key after overwriting:\n%s\n", BN_bn2hex(key->d));
200
201 printf("\tchar buffer key before overwriting: \n\t\t");
202 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
203 printf("\n");
204 RAND_bytes(userkey, sizeof userkey);
205 printf("\tchar buffer key after overwriting: \n\t\t");
206 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
207 printf("\n");
208
209 return 1;
210 }
211
212static int Error;
213const char * Fail(const char *msg)
214 {
215 Error++;
216 return msg;
217 }
218
219int main(int argc,char **argv)
220 {
221
222 printf("\tFIPS-mode test application\n\n");
223
224 /* Load entropy from external file, if any */
225 RAND_load_file(".rnd", 1024);
226
227 if (argv[1]) {
228 /* Corrupted KAT tests */
229 if (!strcmp(argv[1], "aes")) {
230 FIPS_corrupt_aes();
231 printf("3. AES encryption/decryption with corrupted KAT...\n");
232 } else if (!strcmp(argv[1], "des")) {
233 FIPS_corrupt_des();
234 printf("5. DES-ECB encryption/decryption with corrupted KAT...\n");
235 } else if (!strcmp(argv[1], "dsa")) {
236 FIPS_corrupt_dsa();
237 printf("6. DSA key generation and signature validation with corrupted KAT...\n");
238 } else if (!strcmp(argv[1], "rsa")) {
239 FIPS_corrupt_rsa();
240 printf("4. RSA key generation and encryption/decryption with corrupted KAT...\n");
241 } else if (!strcmp(argv[1], "sha1")) {
242 FIPS_corrupt_sha1();
243 printf("7. SHA-1 hash with corrupted KAT...\n");
244 } else {
245 printf("Bad argument \"%s\"\n", argv[1]);
246 exit(1);
247 }
248 if (!FIPS_mode_set(1,argv[0]))
249 {
250 ERR_load_crypto_strings();
251 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
252 printf("Power-up self test failed\n");
253 exit(1);
254 }
255 printf("Power-up self test successful\n");
256 exit(0);
257 }
258
259 /* Non-Approved cryptographic operation
260 */
261 printf("0. Non-Approved cryptographic operation test...\n");
262 printf("\ta. Excluded algorithm (MD5)...");
263 printf( md5_test() ? "successful\n" : Fail("FAILED!\n") );
264 printf("\tb. Included algorithm (D-H)...");
265 printf( dh_test() ? "successful\n" : Fail("FAILED!\n") );
266
267 /* Power-up self test failure
268 */
269 printf("1. Automatic power-up self test...");
270 printf( FIPS_mode_set(1,"/dev/null") ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" );
271
272 /* Algorithm call when uninitialized failure
273 */
274 printf("\ta. AES API failure on failed power-up self test...");
275 printf( FIPS_aes_test() ? Fail("passed INCORRECTLY!\n") :"failed as expected\n" );
276 printf("\tb. RSA API failure on failed power-up self test...");
277 printf( FIPS_rsa_test() ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" );
278 printf("\tc. DES API failure on failed power-up self test...");
279 printf( FIPS_des_test() ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" );
280 printf("\td. DSA API failure on failed power-up self test...");
281 printf( FIPS_dsa_test() ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" );
282 printf("\te. SHA1 API failure on failed power-up self test...");
283 printf( FIPS_sha1_test() ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" );
284
285 /* Power-up self test retry
286 */
287 ERR_clear_error();
288 printf("2. Automatic power-up self test retry...");
289 if (!FIPS_mode_set(1,argv[0]))
290 {
291 ERR_load_crypto_strings();
292 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
293 printf(Fail("FAILED!\n"));
294 exit(1);
295 }
296 printf("successful\n");
297
298 /* AES encryption/decryption
299 */
300 printf("3. AES encryption/decryption...");
301 printf( FIPS_aes_test() ? "successful\n" : Fail("FAILED!\n") );
302
303 /* RSA key generation and encryption/decryption
304 */
305 printf("4. RSA key generation and encryption/decryption...");
306 printf( FIPS_rsa_test() ? "successful\n" : Fail("FAILED!\n") );
307
308 /* DES-CBC encryption/decryption
309 */
310 printf("5. DES-ECB encryption/decryption...");
311 printf( FIPS_des_test() ? "successful\n" : Fail("FAILED!\n") );
312
313 /* DSA key generation and signature validation
314 */
315 printf("6. DSA key generation and signature validation...");
316 printf( FIPS_dsa_test() ? "successful\n" : Fail("FAILED!\n") );
317
318 /* SHA-1 hash
319 */
320 printf("7. SHA-1 hash...");
321 printf( FIPS_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
322
323 /* Non-Approved cryptographic operation
324 */
325 printf("8. Non-Approved cryptographic operation test...\n");
326 printf("\ta. Excluded algorithm (MD5)...");
327 printf( md5_test() ? Fail("passed INCORRECTLY!\n")
328 : "failed as expected\n" );
329 printf("\tb. Included algorithm (D-H)...");
330 printf( dh_test() ? "successful as expected\n"
331 : Fail("failed INCORRECTLY!\n") );
332
333 /* Zeroization
334 */
335 printf("9. Zero-ization...\n");
336 Zeroize();
337
338 printf("\nAll tests completed with %d errors\n", Error);
339 return 0;
340 }
341#endif
diff --git a/src/lib/libssl/src/fips/install.com b/src/lib/libssl/src/fips/install.com
deleted file mode 100644
index aa19f0599d..0000000000
--- a/src/lib/libssl/src/fips/install.com
+++ /dev/null
@@ -1,55 +0,0 @@
1$! INSTALL.COM -- Installs the files in a given directory tree
2$!
3$! Author: Richard Levitte <richard@levitte.org>
4$! Time of creation: 27-MAY-2004 11:47
5$!
6$! P1 root of the directory tree
7$!
8$ IF P1 .EQS. ""
9$ THEN
10$ WRITE SYS$OUTPUT "First argument missing."
11$ WRITE SYS$OUTPUT "Should be the directory where you want things installed."
12$ EXIT
13$ ENDIF
14$
15$ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
16$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
17$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
18 - "[000000." - "][" - "[" - "]"
19$ ROOT = ROOT_DEV + "[" + ROOT_DIR
20$
21$ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
22$ DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
23$
24$ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
25 CREATE/DIR/LOG WRK_SSLROOT:[000000]
26$ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
27 CREATE/DIR/LOG WRK_SSLINCLUDE:
28$
29$ FDIRS := ,RAND,SHA1,DES,AES,DSA,RSA
30$ EXHEADER_ := fips.h
31$ EXHEADER_SHA1 :=
32$ EXHEADER_RAND := fips_rand.h
33$ EXHEADER_DES :=
34$ EXHEADER_AES :=
35$ EXHEADER_DSA :=
36$ EXHEADER_RSA :=
37$
38$ I = 0
39$ LOOP_FDIRS:
40$ D = F$EDIT(F$ELEMENT(I, ",", FDIRS),"TRIM")
41$ I = I + 1
42$ IF D .EQS. "," THEN GOTO LOOP_FDIRS_END
43$ tmp = EXHEADER_'D'
44$ IF tmp .EQS. "" THEN GOTO LOOP_FDIRS
45$ IF D .EQS. ""
46$ THEN
47$ COPY 'tmp' WRK_SSLINCLUDE: /LOG
48$ ELSE
49$ COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
50$ ENDIF
51$ SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp'
52$ GOTO LOOP_FDIRS
53$ LOOP_FDIRS_END:
54$
55$ EXIT
diff --git a/src/lib/libssl/src/fips/openssl_fips_fingerprint b/src/lib/libssl/src/fips/openssl_fips_fingerprint
deleted file mode 100755
index d3dfb7eb61..0000000000
--- a/src/lib/libssl/src/fips/openssl_fips_fingerprint
+++ /dev/null
@@ -1,30 +0,0 @@
1#!/bin/sh
2#
3# Check the library fingerprint and generate an executable fingerprint, or
4# return an error
5
6lib=$1
7exe=$2
8
9# deal with the case where we're run from within the build and OpenSSL is
10# not yet installed. Also, make sure LD_LIBRARY_PATH is properly set in
11# case shared libraries are built.
12if [ "X$TOP" != "X" ]
13then
14 if test "$OSTYPE" = msdosdjgpp; then
15 PATH="$TOP/apps;$TOP;$PATH"
16 else
17 PATH="$TOP/apps:$TOP:$PATH"
18 fi
19 LD_LIBRARY_PATH=$TOP; export LD_LIBRARY_PATH
20else
21 LD_LIBRARY_PATH=.; export LD_LIBRARY_PATH
22fi
23
24echo "Checking library fingerprint for $lib"
25openssl sha1 -hmac etaonrishdlcupfm $lib | sed "s/(.*\//(/" | diff -w $lib.sha1 - || { echo "$libs fingerprint mismatch"; exit 1; }
26
27[ -x $exe.exe ] && exe=$exe.exe
28
29echo "Making fingerprint for $exe"
30openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.sha1 || rm $exe.sha1
diff --git a/src/lib/libssl/src/fips/rand/Makefile b/src/lib/libssl/src/fips/rand/Makefile
deleted file mode 100644
index c8922abc77..0000000000
--- a/src/lib/libssl/src/fips/rand/Makefile
+++ /dev/null
@@ -1,104 +0,0 @@
1#
2# SSLeay/fips/rand/Makefile
3#
4
5DIR= rand
6TOP= ../..
7CC= cc
8INCLUDES=
9CFLAG=-g
10INSTALL_PREFIX=
11OPENSSLDIR= /usr/local/ssl
12INSTALLTOP=/usr/local/ssl
13MAKEDEPPROG= makedepend
14MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
15MAKEFILE= Makefile
16AR= ar r
17
18CFLAGS= $(INCLUDES) $(CFLAG)
19
20GENERAL=Makefile
21TEST= fips_randtest.c
22APPS=
23
24LIB=$(TOP)/libcrypto.a
25LIBSRC=fips_rand.c
26LIBOBJ=fips_rand.o
27
28SRC= $(LIBSRC)
29
30EXHEADER= fips_rand.h
31HEADER= $(EXHEADER)
32
33ALL= $(GENERAL) $(SRC) $(HEADER)
34
35top:
36 (cd $(TOP); $(MAKE) DIRS=fips SDIRS=$(DIR) sub_all)
37
38all: check lib
39
40check:
41 TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
42
43lib: $(LIBOBJ)
44 $(AR) $(LIB) $(LIBOBJ)
45 $(RANLIB) $(LIB) || echo Never mind.
46 @sleep 2; touch lib
47
48files:
49 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
50
51links:
52 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
53 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
54 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
55
56install:
57 @headerlist="$(EXHEADER)"; for i in $$headerlist; \
58 do \
59 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
60 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
61 done
62
63tags:
64 ctags $(SRC)
65
66tests:
67
68lint:
69 lint -DLINT $(INCLUDES) $(SRC)>fluff
70
71depend:
72 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
73
74dclean:
75 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
76 mv -f Makefile.new $(MAKEFILE)
77
78clean:
79 rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
80
81# DO NOT DELETE THIS LINE -- make depend depends on it.
82
83fips_rand.o: ../../e_os.h ../../include/openssl/bio.h
84fips_rand.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
85fips_rand.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
86fips_rand.o: ../../include/openssl/err.h ../../include/openssl/fips_rand.h
87fips_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
88fips_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
89fips_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
90fips_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
91fips_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
92fips_rand.o: fips_rand.c
93fips_randtest.o: ../../e_os.h ../../include/openssl/bio.h
94fips_randtest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
95fips_randtest.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
96fips_randtest.o: ../../include/openssl/err.h ../../include/openssl/fips_rand.h
97fips_randtest.o: ../../include/openssl/lhash.h
98fips_randtest.o: ../../include/openssl/opensslconf.h
99fips_randtest.o: ../../include/openssl/opensslv.h
100fips_randtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
101fips_randtest.o: ../../include/openssl/safestack.h
102fips_randtest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
103fips_randtest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
104fips_randtest.o: fips_randtest.c
diff --git a/src/lib/libssl/src/fips/rand/fips_rand.c b/src/lib/libssl/src/fips/rand/fips_rand.c
deleted file mode 100644
index cc2f12deb9..0000000000
--- a/src/lib/libssl/src/fips/rand/fips_rand.c
+++ /dev/null
@@ -1,355 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 *
48 */
49
50/*
51 * This is a FIPS approved PRNG, ANSI X9.31 A.2.4.
52 */
53
54#include "e_os.h"
55
56/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't
57 be defined and gettimeofday() won't be declared with strict compilers
58 like DEC C in ANSI C mode. */
59#ifndef _XOPEN_SOURCE_EXTENDED
60#define _XOPEN_SOURCE_EXTENDED 1
61#endif
62
63#include <openssl/des.h>
64#include <openssl/rand.h>
65#include <openssl/err.h>
66#include <openssl/fips_rand.h>
67#ifndef OPENSSL_SYS_WIN32
68#include <sys/time.h>
69#endif
70#include <assert.h>
71#ifndef OPENSSL_SYS_WIN32
72# ifdef OPENSSL_UNISTD
73# include OPENSSL_UNISTD
74# else
75# include <unistd.h>
76# endif
77#endif
78#include <string.h>
79
80#ifdef OPENSSL_FIPS
81
82#define SEED_SIZE 8
83
84static unsigned char seed[SEED_SIZE];
85static FIPS_RAND_SIZE_T n_seed;
86static FIPS_RAND_SIZE_T o_seed;
87static DES_cblock key1;
88static DES_cblock key2;
89static DES_key_schedule ks1,ks2;
90static int key_set;
91static int test_mode;
92static unsigned char test_faketime[8];
93
94#ifndef GETPID_IS_MEANINGLESS
95static int seed_pid;
96static int key_pid;
97#endif
98
99static void fips_rand_cleanup(void);
100static void fips_rand_add(const void *buf, FIPS_RAND_SIZE_T num, double add_entropy);
101static int fips_rand_bytes(unsigned char *buf, FIPS_RAND_SIZE_T num);
102static int fips_rand_status(void);
103
104static RAND_METHOD rand_fips_meth=
105 {
106 FIPS_rand_seed,
107 fips_rand_bytes,
108 fips_rand_cleanup,
109 fips_rand_add,
110 fips_rand_bytes,
111 fips_rand_status
112 };
113
114static int second;
115
116RAND_METHOD *FIPS_rand_method(void)
117{
118 return &rand_fips_meth;
119}
120
121void FIPS_set_prng_key(const unsigned char k1[8],const unsigned char k2[8])
122 {
123 memcpy(&key1,k1,sizeof key1);
124 memcpy(&key2,k2,sizeof key2);
125 key_set=1;
126#ifndef GETPID_IS_MEANINGLESS
127 key_pid=getpid();
128#endif
129 second=0;
130 }
131
132void FIPS_test_mode(int test,const unsigned char faketime[8])
133 {
134 test_mode=test;
135 if(!test_mode)
136 return;
137 memcpy(test_faketime,faketime,sizeof test_faketime);
138 }
139
140/* NB: this returns true if _partially_ seeded */
141int FIPS_rand_seeded()
142 { return key_set || n_seed; }
143
144static void fips_gettime(unsigned char buf[8])
145 {
146#ifdef OPENSSL_SYS_WIN32
147 FILETIME ft;
148#else
149 struct timeval tv;
150#endif
151
152 if(test_mode)
153 {
154 fprintf(stderr,"WARNING!!! PRNG IN TEST MODE!!!\n");
155 memcpy(buf,test_faketime,sizeof test_faketime);
156 return;
157 }
158#ifdef OPENSSL_SYS_WIN32
159 GetSystemTimeAsFileTime(&ft);
160 buf[0] = (unsigned char) (ft.dwHighDateTime & 0xff);
161 buf[1] = (unsigned char) ((ft.dwHighDateTime >> 8) & 0xff);
162 buf[2] = (unsigned char) ((ft.dwHighDateTime >> 16) & 0xff);
163 buf[3] = (unsigned char) ((ft.dwHighDateTime >> 24) & 0xff);
164 buf[4] = (unsigned char) (ft.dwLowDateTime & 0xff);
165 buf[5] = (unsigned char) ((ft.dwLowDateTime >> 8) & 0xff);
166 buf[6] = (unsigned char) ((ft.dwLowDateTime >> 16) & 0xff);
167 buf[7] = (unsigned char) ((ft.dwLowDateTime >> 24) & 0xff);
168#else
169 gettimeofday(&tv,NULL);
170 buf[0] = (unsigned char) (tv.tv_sec & 0xff);
171 buf[1] = (unsigned char) ((tv.tv_sec >> 8) & 0xff);
172 buf[2] = (unsigned char) ((tv.tv_sec >> 16) & 0xff);
173 buf[3] = (unsigned char) ((tv.tv_sec >> 24) & 0xff);
174 buf[4] = (unsigned char) (tv.tv_usec & 0xff);
175 buf[5] = (unsigned char) ((tv.tv_usec >> 8) & 0xff);
176 buf[6] = (unsigned char) ((tv.tv_usec >> 16) & 0xff);
177 buf[7] = (unsigned char) ((tv.tv_usec >> 24) & 0xff);
178#endif
179
180#if 0 /* This eminently sensible strategy is not acceptable to NIST. Sigh. */
181#ifndef GETPID_IS_MEANINGLESS
182 /* we mix in the PID to ensure that after a fork the children don't give
183 * the same results as each other
184 */
185 pid=getpid();
186 /* make sure we shift the pid to the MSB */
187 if((pid&0xffff0000) == 0)
188 pid<<=16;
189 *(long *)&buf[0]^=pid;
190#endif
191#endif
192 }
193
194static void fips_rand_encrypt(unsigned char *out,const unsigned char *in)
195 {
196 DES_ecb2_encrypt(in,out,&ks1,&ks2,1);
197 }
198
199static void fips_rand_cleanup(void)
200 {
201 OPENSSL_cleanse(seed,sizeof seed);
202 n_seed=0;
203 }
204
205void FIPS_rand_seed(const void *buf_, FIPS_RAND_SIZE_T num)
206 {
207 const char *buf=buf_;
208 FIPS_RAND_SIZE_T n;
209 static int init;
210
211 /* If the key hasn't been set, we can't seed! */
212 if(!key_set)
213 return;
214
215 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
216 if(!init)
217 {
218 init=1;
219 DES_set_key(&key1,&ks1);
220 DES_set_key(&key2,&ks2);
221 }
222
223 /*
224 * This algorithm only uses 64 bits of seed, so ensure that we use
225 * the most recent 64 bits.
226 */
227 for(n=0 ; n < num ; )
228 {
229 FIPS_RAND_SIZE_T t=num-n;
230
231 if(o_seed+t > sizeof seed)
232 t=sizeof seed-o_seed;
233 memcpy(seed+o_seed,buf+n,t);
234 n+=t;
235 o_seed+=t;
236 if(o_seed == sizeof seed)
237 o_seed=0;
238 if(n_seed < sizeof seed)
239 n_seed+=t;
240 }
241
242#ifndef GETPID_IS_MEANINGLESS
243 seed_pid=getpid();
244#endif
245
246 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
247 }
248
249static void fips_rand_add(const void *buf, FIPS_RAND_SIZE_T num, double add_entropy)
250 {
251 FIPS_rand_seed(buf,num);
252 }
253
254static int fips_rand_bytes(unsigned char *buf,FIPS_RAND_SIZE_T num)
255 {
256 FIPS_RAND_SIZE_T n;
257 unsigned char timeseed[8];
258 unsigned char intermediate[SEED_SIZE];
259 unsigned char output[SEED_SIZE];
260 static unsigned char previous[SEED_SIZE];
261#ifndef GETPID_IS_MEANINGLESS
262 int pid;
263#endif
264
265 if(n_seed < sizeof seed)
266 {
267 RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);
268 return 0;
269 }
270
271#ifdef FIPS_RAND_MAX_SIZE_T
272 if (num > FIPS_RAND_MAX_SIZE_T)
273 {
274#ifdef RAND_R_PRNG_ASKING_FOR_TOO_MUCH
275 RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_ASKING_FOR_TOO_MUCH);
276 return 0;
277#else
278 return -1; /* signal "not supported" condition */
279#endif
280 }
281#endif
282
283#ifndef GETPID_IS_MEANINGLESS
284 pid=getpid();
285 if(pid != seed_pid)
286 {
287 RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_NOT_RESEEDED);
288 return 0;
289 }
290 if(pid != key_pid)
291 {
292 RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_NOT_REKEYED);
293 return 0;
294 }
295#endif
296
297 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
298
299 for(n=0 ; n < num ; )
300 {
301 unsigned char t[SEED_SIZE];
302 FIPS_RAND_SIZE_T l;
303
304 /* ANS X9.31 A.2.4: I = ede*K(DT)
305 timeseed == DT
306 intermediate == I
307 */
308 fips_gettime(timeseed);
309 fips_rand_encrypt(intermediate,timeseed);
310
311 /* ANS X9.31 A.2.4: R = ede*K(I^V)
312 intermediate == I
313 seed == V
314 output == R
315 */
316 for(l=0 ; l < sizeof t ; ++l)
317 t[l]=intermediate[l]^seed[l];
318 fips_rand_encrypt(output,t);
319
320 /* ANS X9.31 A.2.4: V = ede*K(R^I)
321 output == R
322 intermediate == I
323 seed == V
324 */
325 for(l=0 ; l < sizeof t ; ++l)
326 t[l]=output[l]^intermediate[l];
327 fips_rand_encrypt(seed,t);
328
329 if(second && !memcmp(output,previous,sizeof previous))
330 {
331 RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_STUCK);
332 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
333 return 0;
334 }
335 memcpy(previous,output,sizeof previous);
336 second=1;
337
338 /* Successive values of R may be concatenated to produce a
339 pseudo random number of the desired length */
340 l=SEED_SIZE < num-n ? SEED_SIZE : num-n;
341 memcpy(buf+n,output,l);
342 n+=l;
343 }
344
345 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
346
347 return 1;
348 }
349
350static int fips_rand_status(void)
351 {
352 return n_seed == sizeof seed;
353 }
354
355#endif /* OPENSSL_FIPS */
diff --git a/src/lib/libssl/src/fips/rand/fips_rand.h b/src/lib/libssl/src/fips/rand/fips_rand.h
deleted file mode 100644
index 1286b63ab2..0000000000
--- a/src/lib/libssl/src/fips/rand/fips_rand.h
+++ /dev/null
@@ -1,73 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 *
48 */
49
50#ifndef HEADER_FIPS_RAND_H
51#define HEADER_FIPS_RAND_H
52
53#include "des.h"
54
55#ifdef OPENSSL_FIPS
56
57#ifdef __cplusplus
58extern "C" {
59#endif
60
61void FIPS_set_prng_key(const unsigned char k1[8],const unsigned char k2[8]);
62void FIPS_test_mode(int test,const unsigned char faketime[8]);
63void FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num);
64/* NB: this returns true if _partially_ seeded */
65int FIPS_rand_seeded(void);
66
67RAND_METHOD *FIPS_rand_method(void);
68
69#ifdef __cplusplus
70}
71#endif
72#endif
73#endif
diff --git a/src/lib/libssl/src/fips/rand/fips_randtest.c b/src/lib/libssl/src/fips/rand/fips_randtest.c
deleted file mode 100644
index 6165944e56..0000000000
--- a/src/lib/libssl/src/fips/rand/fips_randtest.c
+++ /dev/null
@@ -1,369 +0,0 @@
1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57/* ====================================================================
58 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 *
104 */
105
106#include <stdio.h>
107#include <stdlib.h>
108#include <openssl/rand.h>
109#include <openssl/fips_rand.h>
110#include <openssl/err.h>
111
112#include "e_os.h"
113
114#ifndef OPENSSL_FIPS
115int main(int argc, char *argv[])
116{
117 printf("No FIPS RAND support\n");
118 return(0);
119}
120
121#else
122
123/* some FIPS 140-1 random number test */
124/* some simple tests */
125
126static DES_cblock prng_key1={0x21,0x58,0x47,0xb7,0xc2,0x97,0x5a,0x8e};
127static DES_cblock prng_key2={0x61,0x23,0x05,0x96,0x18,0x91,0x86,0xac};
128static unsigned char prng_seed[8]={0x6b,0xa3,0x4f,0x07,0xe4,0x2a,0xb0,0xc};
129
130typedef struct
131 {
132 DES_cblock keys[2];
133 const unsigned char time[8];
134 const unsigned char seed[8];
135 const unsigned char block1[8];
136 const unsigned char block100[8];
137 } PRNGtest;
138
139/* FIXME: these test vectors are made up! */
140static PRNGtest t1=
141 {
142 { { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 },
143 { 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f },
144 },
145 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
146 { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
147 { 0x33,0xc3,0xdf,0xfe,0x60,0x60,0x49,0x9e },
148 { 0xcd,0x2b,0x41,0xaf,0x80,0x51,0x37,0xd8 }
149 };
150static PRNGtest t2=
151 {
152 { { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff },
153 { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff } },
154 { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff },
155 { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff },
156 { 0x65,0xf1,0xa4,0x07,0x42,0x38,0xd5,0x25 },
157 { 0xbb,0x75,0x84,0x20,0x7a,0x44,0xf0,0xa0 }
158 };
159
160static void dump(const unsigned char *b,int n)
161 {
162 while(n-- > 0)
163 {
164 printf(" %02x",*b++);
165 }
166 }
167
168static void compare(const unsigned char *result,const unsigned char *expected,
169 int n)
170 {
171 int i;
172
173 for(i=0 ; i < n ; ++i)
174 if(result[i] != expected[i])
175 {
176 puts("Random test failed, got:");
177 dump(result,8);
178 puts("\n expected:");
179 dump(expected,8);
180 putchar('\n');
181 EXIT(1);
182 }
183 }
184
185static void run_test(const PRNGtest *t)
186 {
187 unsigned char buf[8];
188 int n;
189
190 FIPS_set_prng_key(t->keys[0],t->keys[1]);
191 FIPS_test_mode(1,t->time);
192 RAND_seed(t->seed,sizeof t->seed);
193
194 if(RAND_bytes(buf,8) <= 0)
195 {
196 ERR_print_errors_fp(stderr);
197 EXIT(2);
198 }
199 compare(buf,t->block1,8);
200 for(n=0 ; n < 99 ; ++n)
201 if(RAND_bytes(buf,8) <= 0)
202 {
203 ERR_print_errors_fp(stderr);
204 EXIT(2);
205 }
206 compare(buf,t->block100,8);
207 FIPS_test_mode(0,NULL);
208 }
209
210int main()
211 {
212 unsigned char buf[2500];
213 int i,j,k,s,sign,nsign,err=0;
214 unsigned long n1;
215 unsigned long n2[16];
216 unsigned long runs[2][34];
217 /*double d; */
218 long d;
219
220 ERR_load_crypto_strings();
221 RAND_set_rand_method(FIPS_rand_method());
222
223 run_test(&t1);
224 run_test(&t2);
225
226 FIPS_set_prng_key(prng_key1,prng_key2);
227 RAND_seed(prng_seed,sizeof prng_seed);
228
229 i = RAND_pseudo_bytes(buf,2500);
230 if (i <= 0)
231 {
232 printf ("init failed, the rand method is not properly installed\n");
233 err++;
234 goto err;
235 }
236
237 n1=0;
238 for (i=0; i<16; i++) n2[i]=0;
239 for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0;
240
241 /* test 1 and 2 */
242 sign=0;
243 nsign=0;
244 for (i=0; i<2500; i++)
245 {
246 j=buf[i];
247
248 n2[j&0x0f]++;
249 n2[(j>>4)&0x0f]++;
250
251 for (k=0; k<8; k++)
252 {
253 s=(j&0x01);
254 if (s == sign)
255 nsign++;
256 else
257 {
258 if (nsign > 34) nsign=34;
259 if (nsign != 0)
260 {
261 runs[sign][nsign-1]++;
262 if (nsign > 6)
263 runs[sign][5]++;
264 }
265 sign=s;
266 nsign=1;
267 }
268
269 if (s) n1++;
270 j>>=1;
271 }
272 }
273 if (nsign > 34) nsign=34;
274 if (nsign != 0) runs[sign][nsign-1]++;
275
276 /* test 1 */
277 if (!((9654 < n1) && (n1 < 10346)))
278 {
279 printf("test 1 failed, X=%lu\n",n1);
280 err++;
281 }
282 printf("test 1 done\n");
283
284 /* test 2 */
285#ifdef undef
286 d=0;
287 for (i=0; i<16; i++)
288 d+=n2[i]*n2[i];
289 d=d*16.0/5000.0-5000.0;
290 if (!((1.03 < d) && (d < 57.4)))
291 {
292 printf("test 2 failed, X=%.2f\n",d);
293 err++;
294 }
295#endif
296 d=0;
297 for (i=0; i<16; i++)
298 d+=n2[i]*n2[i];
299 d=(d*8)/25-500000;
300 if (!((103 < d) && (d < 5740)))
301 {
302 printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L);
303 err++;
304 }
305 printf("test 2 done\n");
306
307 /* test 3 */
308 for (i=0; i<2; i++)
309 {
310 if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))
311 {
312 printf("test 3 failed, bit=%d run=%d num=%lu\n",
313 i,1,runs[i][0]);
314 err++;
315 }
316 if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))
317 {
318 printf("test 3 failed, bit=%d run=%d num=%lu\n",
319 i,2,runs[i][1]);
320 err++;
321 }
322 if (!(( 502 < runs[i][2]) && (runs[i][2] < 748)))
323 {
324 printf("test 3 failed, bit=%d run=%d num=%lu\n",
325 i,3,runs[i][2]);
326 err++;
327 }
328 if (!(( 223 < runs[i][3]) && (runs[i][3] < 402)))
329 {
330 printf("test 3 failed, bit=%d run=%d num=%lu\n",
331 i,4,runs[i][3]);
332 err++;
333 }
334 if (!(( 90 < runs[i][4]) && (runs[i][4] < 223)))
335 {
336 printf("test 3 failed, bit=%d run=%d num=%lu\n",
337 i,5,runs[i][4]);
338 err++;
339 }
340 if (!(( 90 < runs[i][5]) && (runs[i][5] < 223)))
341 {
342 printf("test 3 failed, bit=%d run=%d num=%lu\n",
343 i,6,runs[i][5]);
344 err++;
345 }
346 }
347 printf("test 3 done\n");
348
349 /* test 4 */
350 if (runs[0][33] != 0)
351 {
352 printf("test 4 failed, bit=%d run=%d num=%lu\n",
353 0,34,runs[0][33]);
354 err++;
355 }
356 if (runs[1][33] != 0)
357 {
358 printf("test 4 failed, bit=%d run=%d num=%lu\n",
359 1,34,runs[1][33]);
360 err++;
361 }
362 printf("test 4 done\n");
363 err:
364 err=((err)?1:0);
365 EXIT(err);
366 return(err);
367 }
368
369#endif
diff --git a/src/lib/libssl/src/fips/rsa/Makefile b/src/lib/libssl/src/fips/rsa/Makefile
deleted file mode 100644
index bb20f86442..0000000000
--- a/src/lib/libssl/src/fips/rsa/Makefile
+++ /dev/null
@@ -1,111 +0,0 @@
1#
2# SSLeay/fips/rsa/Makefile
3#
4
5DIR= rsa
6TOP= ../..
7CC= cc
8INCLUDES=
9CFLAG=-g
10INSTALL_PREFIX=
11OPENSSLDIR= /usr/local/ssl
12INSTALLTOP=/usr/local/ssl
13MAKEDEPPROG= makedepend
14MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
15MAKEFILE= Makefile
16AR= ar r
17
18CFLAGS= $(INCLUDES) $(CFLAG)
19
20GENERAL=Makefile
21TEST=
22APPS=
23
24LIB=$(TOP)/libcrypto.a
25LIBSRC=fips_rsa_eay.c fips_rsa_gen.c fips_rsa_selftest.c
26LIBOBJ=fips_rsa_eay.o fips_rsa_gen.o fips_rsa_selftest.o
27
28SRC= $(LIBSRC)
29
30EXHEADER=
31HEADER= $(EXHEADER)
32
33ALL= $(GENERAL) $(SRC) $(HEADER)
34
35top:
36 (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
37
38all: check lib
39
40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) || echo Never mind.
43 @sleep 2; touch lib
44
45check:
46 TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
47
48files:
49 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
50
51links:
52 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
53 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
54 @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
55
56install:
57 @headerlist="$(EXHEADER)"; for i in $$headerlist; \
58 do \
59 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
60 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
61 done
62
63tags:
64 ctags $(SRC)
65
66tests:
67
68lint:
69 lint -DLINT $(INCLUDES) $(SRC)>fluff
70
71depend:
72 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
73
74dclean:
75 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
76 mv -f Makefile.new $(MAKEFILE)
77
78clean:
79 rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
80# DO NOT DELETE THIS LINE -- make depend depends on it.
81
82fips_rsa_eay.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
83fips_rsa_eay.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
84fips_rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
85fips_rsa_eay.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
86fips_rsa_eay.o: ../../include/openssl/opensslconf.h
87fips_rsa_eay.o: ../../include/openssl/opensslv.h
88fips_rsa_eay.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
89fips_rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
90fips_rsa_eay.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
91fips_rsa_eay.o: fips_rsa_eay.c
92fips_rsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
93fips_rsa_gen.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
94fips_rsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
95fips_rsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
96fips_rsa_gen.o: ../../include/openssl/opensslconf.h
97fips_rsa_gen.o: ../../include/openssl/opensslv.h
98fips_rsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
99fips_rsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
100fips_rsa_gen.o: ../../include/openssl/symhacks.h fips_rsa_gen.c
101fips_rsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
102fips_rsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
103fips_rsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
104fips_rsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
105fips_rsa_selftest.o: ../../include/openssl/opensslconf.h
106fips_rsa_selftest.o: ../../include/openssl/opensslv.h
107fips_rsa_selftest.o: ../../include/openssl/ossl_typ.h
108fips_rsa_selftest.o: ../../include/openssl/rsa.h
109fips_rsa_selftest.o: ../../include/openssl/safestack.h
110fips_rsa_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
111fips_rsa_selftest.o: ../../include/openssl/symhacks.h fips_rsa_selftest.c
diff --git a/src/lib/libssl/src/fips/rsa/fips_rsa_eay.c b/src/lib/libssl/src/fips/rsa/fips_rsa_eay.c
deleted file mode 100644
index c571e2b1bf..0000000000
--- a/src/lib/libssl/src/fips/rsa/fips_rsa_eay.c
+++ /dev/null
@@ -1,735 +0,0 @@
1/* crypto/rsa/rsa_eay.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/err.h>
61#include <openssl/bn.h>
62#include <openssl/rsa.h>
63#include <openssl/rand.h>
64#include <openssl/fips.h>
65
66#if !defined(RSA_NULL) && defined(OPENSSL_FIPS)
67
68static int RSA_eay_public_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
69 unsigned char *to, RSA *rsa,int padding);
70static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
71 unsigned char *to, RSA *rsa,int padding);
72static int RSA_eay_public_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
73 unsigned char *to, RSA *rsa,int padding);
74static int RSA_eay_private_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
75 unsigned char *to, RSA *rsa,int padding);
76static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa);
77static int RSA_eay_init(RSA *rsa);
78static int RSA_eay_finish(RSA *rsa);
79static RSA_METHOD rsa_pkcs1_eay_meth={
80 "Eric Young's PKCS#1 RSA",
81 RSA_eay_public_encrypt,
82 RSA_eay_public_decrypt, /* signature verification */
83 RSA_eay_private_encrypt, /* signing */
84 RSA_eay_private_decrypt,
85 RSA_eay_mod_exp,
86 BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */
87 RSA_eay_init,
88 RSA_eay_finish,
89 0, /* flags */
90 NULL,
91 0, /* rsa_sign */
92 0 /* rsa_verify */
93 };
94
95const RSA_METHOD *RSA_PKCS1_SSLeay(void)
96 {
97 return(&rsa_pkcs1_eay_meth);
98 }
99
100static int RSA_eay_public_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
101 unsigned char *to, RSA *rsa, int padding)
102 {
103 BIGNUM f,ret;
104 int i,j,k,num=0,r= -1;
105 unsigned char *buf=NULL;
106 BN_CTX *ctx=NULL;
107
108 BN_init(&f);
109 BN_init(&ret);
110
111 if(FIPS_selftest_failed())
112 {
113 FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
114 goto err;
115 }
116
117 if ((ctx=BN_CTX_new()) == NULL) goto err;
118 num=BN_num_bytes(rsa->n);
119 if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
120 {
121 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
122 goto err;
123 }
124
125 switch (padding)
126 {
127 case RSA_PKCS1_PADDING:
128 i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
129 break;
130#ifndef OPENSSL_NO_SHA
131 case RSA_PKCS1_OAEP_PADDING:
132 i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
133 break;
134#endif
135 case RSA_SSLV23_PADDING:
136 i=RSA_padding_add_SSLv23(buf,num,from,flen);
137 break;
138 case RSA_NO_PADDING:
139 i=RSA_padding_add_none(buf,num,from,flen);
140 break;
141 default:
142 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
143 goto err;
144 }
145 if (i <= 0) goto err;
146
147 if (BN_bin2bn(buf,num,&f) == NULL) goto err;
148
149 if (BN_ucmp(&f, rsa->n) >= 0)
150 {
151 /* usually the padding functions would catch this */
152 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
153 goto err;
154 }
155
156 if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
157 {
158 BN_MONT_CTX* bn_mont_ctx;
159 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
160 goto err;
161 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
162 {
163 BN_MONT_CTX_free(bn_mont_ctx);
164 goto err;
165 }
166 if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
167 {
168 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
169 if (rsa->_method_mod_n == NULL)
170 {
171 rsa->_method_mod_n = bn_mont_ctx;
172 bn_mont_ctx = NULL;
173 }
174 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
175 }
176 if (bn_mont_ctx)
177 BN_MONT_CTX_free(bn_mont_ctx);
178 }
179
180 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
181 rsa->_method_mod_n)) goto err;
182
183 /* put in leading 0 bytes if the number is less than the
184 * length of the modulus */
185 j=BN_num_bytes(&ret);
186 i=BN_bn2bin(&ret,&(to[num-j]));
187 for (k=0; k<(num-i); k++)
188 to[k]=0;
189
190 r=num;
191err:
192 if (ctx != NULL) BN_CTX_free(ctx);
193 BN_clear_free(&f);
194 BN_clear_free(&ret);
195 if (buf != NULL)
196 {
197 OPENSSL_cleanse(buf,num);
198 OPENSSL_free(buf);
199 }
200 return(r);
201 }
202
203static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
204 {
205 int ret = 1;
206 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
207 /* Check again inside the lock - the macro's check is racey */
208 if(rsa->blinding == NULL)
209 ret = RSA_blinding_on(rsa, ctx);
210 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
211 return ret;
212 }
213
214#define BLINDING_HELPER(rsa, ctx, err_instr) \
215 do { \
216 if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \
217 ((rsa)->blinding == NULL) && \
218 !rsa_eay_blinding(rsa, ctx)) \
219 err_instr \
220 } while(0)
221
222static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx)
223 {
224 BIGNUM *A, *Ai;
225 BN_BLINDING *ret = NULL;
226
227 /* added in OpenSSL 0.9.6j and 0.9.7b */
228
229 /* NB: similar code appears in RSA_blinding_on (rsa_lib.c);
230 * this should be placed in a new function of its own, but for reasons
231 * of binary compatibility can't */
232
233 BN_CTX_start(ctx);
234 A = BN_CTX_get(ctx);
235 if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
236 {
237 /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
238 RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
239 if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
240 }
241 else
242 {
243 if (!BN_rand_range(A,rsa->n)) goto err;
244 }
245 if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
246
247 if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
248 goto err;
249 ret = BN_BLINDING_new(A,Ai,rsa->n);
250 BN_free(Ai);
251err:
252 BN_CTX_end(ctx);
253 return ret;
254 }
255
256/* signing */
257static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
258 unsigned char *to, RSA *rsa, int padding)
259 {
260 BIGNUM f,ret;
261 int i,j,k,num=0,r= -1;
262 unsigned char *buf=NULL;
263 BN_CTX *ctx=NULL;
264 int local_blinding = 0;
265 BN_BLINDING *blinding = NULL;
266
267 BN_init(&f);
268 BN_init(&ret);
269
270 if ((ctx=BN_CTX_new()) == NULL) goto err;
271 num=BN_num_bytes(rsa->n);
272 if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
273 {
274 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
275 goto err;
276 }
277
278 switch (padding)
279 {
280 case RSA_PKCS1_PADDING:
281 i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
282 break;
283 case RSA_NO_PADDING:
284 i=RSA_padding_add_none(buf,num,from,flen);
285 break;
286 case RSA_SSLV23_PADDING:
287 default:
288 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
289 goto err;
290 }
291 if (i <= 0) goto err;
292
293 if (BN_bin2bn(buf,num,&f) == NULL) goto err;
294
295 if (BN_ucmp(&f, rsa->n) >= 0)
296 {
297 /* usually the padding functions would catch this */
298 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
299 goto err;
300 }
301
302 BLINDING_HELPER(rsa, ctx, goto err;);
303 blinding = rsa->blinding;
304
305 /* Now unless blinding is disabled, 'blinding' is non-NULL.
306 * But the BN_BLINDING object may be owned by some other thread
307 * (we don't want to keep it constant and we don't want to use
308 * lots of locking to avoid race conditions, so only a single
309 * thread can use it; other threads have to use local blinding
310 * factors) */
311 if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
312 {
313 if (blinding == NULL)
314 {
315 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
316 goto err;
317 }
318 }
319
320 if (blinding != NULL)
321 {
322 if (blinding->thread_id != CRYPTO_thread_id())
323 {
324 /* we need a local one-time blinding factor */
325
326 blinding = setup_blinding(rsa, ctx);
327 if (blinding == NULL)
328 goto err;
329 local_blinding = 1;
330 }
331 }
332
333 if (blinding)
334 if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
335
336 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
337 ((rsa->p != NULL) &&
338 (rsa->q != NULL) &&
339 (rsa->dmp1 != NULL) &&
340 (rsa->dmq1 != NULL) &&
341 (rsa->iqmp != NULL)) )
342 { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
343 else
344 {
345 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
346 }
347
348 if (blinding)
349 if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
350
351 /* put in leading 0 bytes if the number is less than the
352 * length of the modulus */
353 j=BN_num_bytes(&ret);
354 i=BN_bn2bin(&ret,&(to[num-j]));
355 for (k=0; k<(num-i); k++)
356 to[k]=0;
357
358 r=num;
359err:
360 if (ctx != NULL) BN_CTX_free(ctx);
361 BN_clear_free(&ret);
362 BN_clear_free(&f);
363 if (local_blinding)
364 BN_BLINDING_free(blinding);
365 if (buf != NULL)
366 {
367 OPENSSL_cleanse(buf,num);
368 OPENSSL_free(buf);
369 }
370 return(r);
371 }
372
373static int RSA_eay_private_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
374 unsigned char *to, RSA *rsa, int padding)
375 {
376 BIGNUM f,ret;
377 int j,num=0,r= -1;
378 unsigned char *p;
379 unsigned char *buf=NULL;
380 BN_CTX *ctx=NULL;
381 int local_blinding = 0;
382 BN_BLINDING *blinding = NULL;
383
384 BN_init(&f);
385 BN_init(&ret);
386 ctx=BN_CTX_new();
387 if (ctx == NULL) goto err;
388
389 num=BN_num_bytes(rsa->n);
390
391 if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
392 {
393 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
394 goto err;
395 }
396
397 /* This check was for equality but PGP does evil things
398 * and chops off the top '0' bytes */
399 if (flen > num)
400 {
401 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
402 goto err;
403 }
404
405 /* make data into a big number */
406 if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
407
408 if (BN_ucmp(&f, rsa->n) >= 0)
409 {
410 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
411 goto err;
412 }
413
414 BLINDING_HELPER(rsa, ctx, goto err;);
415 blinding = rsa->blinding;
416
417 /* Now unless blinding is disabled, 'blinding' is non-NULL.
418 * But the BN_BLINDING object may be owned by some other thread
419 * (we don't want to keep it constant and we don't want to use
420 * lots of locking to avoid race conditions, so only a single
421 * thread can use it; other threads have to use local blinding
422 * factors) */
423 if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
424 {
425 if (blinding == NULL)
426 {
427 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
428 goto err;
429 }
430 }
431
432 if (blinding != NULL)
433 {
434 if (blinding->thread_id != CRYPTO_thread_id())
435 {
436 /* we need a local one-time blinding factor */
437
438 blinding = setup_blinding(rsa, ctx);
439 if (blinding == NULL)
440 goto err;
441 local_blinding = 1;
442 }
443 }
444
445 if (blinding)
446 if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
447
448 /* do the decrypt */
449 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
450 ((rsa->p != NULL) &&
451 (rsa->q != NULL) &&
452 (rsa->dmp1 != NULL) &&
453 (rsa->dmq1 != NULL) &&
454 (rsa->iqmp != NULL)) )
455 { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
456 else
457 {
458 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
459 goto err;
460 }
461
462 if (blinding)
463 if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
464
465 p=buf;
466 j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
467
468 switch (padding)
469 {
470 case RSA_PKCS1_PADDING:
471 r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
472 break;
473#ifndef OPENSSL_NO_SHA
474 case RSA_PKCS1_OAEP_PADDING:
475 r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
476 break;
477#endif
478 case RSA_SSLV23_PADDING:
479 r=RSA_padding_check_SSLv23(to,num,buf,j,num);
480 break;
481 case RSA_NO_PADDING:
482 r=RSA_padding_check_none(to,num,buf,j,num);
483 break;
484 default:
485 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
486 goto err;
487 }
488 if (r < 0)
489 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
490
491err:
492 if (ctx != NULL) BN_CTX_free(ctx);
493 BN_clear_free(&f);
494 BN_clear_free(&ret);
495 if (local_blinding)
496 BN_BLINDING_free(blinding);
497 if (buf != NULL)
498 {
499 OPENSSL_cleanse(buf,num);
500 OPENSSL_free(buf);
501 }
502 return(r);
503 }
504
505/* signature verification */
506static int RSA_eay_public_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
507 unsigned char *to, RSA *rsa, int padding)
508 {
509 BIGNUM f,ret;
510 int i,num=0,r= -1;
511 unsigned char *p;
512 unsigned char *buf=NULL;
513 BN_CTX *ctx=NULL;
514
515 BN_init(&f);
516 BN_init(&ret);
517 ctx=BN_CTX_new();
518 if (ctx == NULL) goto err;
519
520 num=BN_num_bytes(rsa->n);
521 buf=(unsigned char *)OPENSSL_malloc(num);
522 if (buf == NULL)
523 {
524 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
525 goto err;
526 }
527
528 /* This check was for equality but PGP does evil things
529 * and chops off the top '0' bytes */
530 if (flen > num)
531 {
532 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
533 goto err;
534 }
535
536 if (BN_bin2bn(from,flen,&f) == NULL) goto err;
537
538 if (BN_ucmp(&f, rsa->n) >= 0)
539 {
540 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
541 goto err;
542 }
543
544 /* do the decrypt */
545 if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
546 {
547 BN_MONT_CTX* bn_mont_ctx;
548 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
549 goto err;
550 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
551 {
552 BN_MONT_CTX_free(bn_mont_ctx);
553 goto err;
554 }
555 if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
556 {
557 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
558 if (rsa->_method_mod_n == NULL)
559 {
560 rsa->_method_mod_n = bn_mont_ctx;
561 bn_mont_ctx = NULL;
562 }
563 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
564 }
565 if (bn_mont_ctx)
566 BN_MONT_CTX_free(bn_mont_ctx);
567 }
568
569 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
570 rsa->_method_mod_n)) goto err;
571
572 p=buf;
573 i=BN_bn2bin(&ret,p);
574
575 switch (padding)
576 {
577 case RSA_PKCS1_PADDING:
578 r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
579 break;
580 case RSA_NO_PADDING:
581 r=RSA_padding_check_none(to,num,buf,i,num);
582 break;
583 default:
584 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
585 goto err;
586 }
587 if (r < 0)
588 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
589
590err:
591 if (ctx != NULL) BN_CTX_free(ctx);
592 BN_clear_free(&f);
593 BN_clear_free(&ret);
594 if (buf != NULL)
595 {
596 OPENSSL_cleanse(buf,num);
597 OPENSSL_free(buf);
598 }
599 return(r);
600 }
601
602static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
603 {
604 BIGNUM r1,m1,vrfy;
605 int ret=0;
606 BN_CTX *ctx;
607
608 BN_init(&m1);
609 BN_init(&r1);
610 BN_init(&vrfy);
611 if ((ctx=BN_CTX_new()) == NULL) goto err;
612
613 if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
614 {
615 if (rsa->_method_mod_p == NULL)
616 {
617 BN_MONT_CTX* bn_mont_ctx;
618 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
619 goto err;
620 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx))
621 {
622 BN_MONT_CTX_free(bn_mont_ctx);
623 goto err;
624 }
625 if (rsa->_method_mod_p == NULL) /* other thread may have finished first */
626 {
627 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
628 if (rsa->_method_mod_p == NULL)
629 {
630 rsa->_method_mod_p = bn_mont_ctx;
631 bn_mont_ctx = NULL;
632 }
633 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
634 }
635 if (bn_mont_ctx)
636 BN_MONT_CTX_free(bn_mont_ctx);
637 }
638
639 if (rsa->_method_mod_q == NULL)
640 {
641 BN_MONT_CTX* bn_mont_ctx;
642 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
643 goto err;
644 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
645 {
646 BN_MONT_CTX_free(bn_mont_ctx);
647 goto err;
648 }
649 if (rsa->_method_mod_q == NULL) /* other thread may have finished first */
650 {
651 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
652 if (rsa->_method_mod_q == NULL)
653 {
654 rsa->_method_mod_q = bn_mont_ctx;
655 bn_mont_ctx = NULL;
656 }
657 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
658 }
659 if (bn_mont_ctx)
660 BN_MONT_CTX_free(bn_mont_ctx);
661 }
662 }
663
664 if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
665 if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
666 rsa->_method_mod_q)) goto err;
667
668 if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
669 if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
670 rsa->_method_mod_p)) goto err;
671
672 if (!BN_sub(r0,r0,&m1)) goto err;
673 /* This will help stop the size of r0 increasing, which does
674 * affect the multiply if it optimised for a power of 2 size */
675 if (r0->neg)
676 if (!BN_add(r0,r0,rsa->p)) goto err;
677
678 if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
679 if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
680 /* If p < q it is occasionally possible for the correction of
681 * adding 'p' if r0 is negative above to leave the result still
682 * negative. This can break the private key operations: the following
683 * second correction should *always* correct this rare occurrence.
684 * This will *never* happen with OpenSSL generated keys because
685 * they ensure p > q [steve]
686 */
687 if (r0->neg)
688 if (!BN_add(r0,r0,rsa->p)) goto err;
689 if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
690 if (!BN_add(r0,&r1,&m1)) goto err;
691
692 if (rsa->e && rsa->n)
693 {
694 if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
695 /* If 'I' was greater than (or equal to) rsa->n, the operation
696 * will be equivalent to using 'I mod n'. However, the result of
697 * the verify will *always* be less than 'n' so we don't check
698 * for absolute equality, just congruency. */
699 if (!BN_sub(&vrfy, &vrfy, I)) goto err;
700 if (!BN_mod(&vrfy, &vrfy, rsa->n, ctx)) goto err;
701 if (vrfy.neg)
702 if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err;
703 if (!BN_is_zero(&vrfy))
704 /* 'I' and 'vrfy' aren't congruent mod n. Don't leak
705 * miscalculated CRT output, just do a raw (slower)
706 * mod_exp and return that instead. */
707 if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
708 }
709 ret=1;
710err:
711 BN_clear_free(&m1);
712 BN_clear_free(&r1);
713 BN_clear_free(&vrfy);
714 BN_CTX_free(ctx);
715 return(ret);
716 }
717
718static int RSA_eay_init(RSA *rsa)
719 {
720 rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
721 return(1);
722 }
723
724static int RSA_eay_finish(RSA *rsa)
725 {
726 if (rsa->_method_mod_n != NULL)
727 BN_MONT_CTX_free(rsa->_method_mod_n);
728 if (rsa->_method_mod_p != NULL)
729 BN_MONT_CTX_free(rsa->_method_mod_p);
730 if (rsa->_method_mod_q != NULL)
731 BN_MONT_CTX_free(rsa->_method_mod_q);
732 return(1);
733 }
734
735#endif
diff --git a/src/lib/libssl/src/fips/rsa/fips_rsa_gen.c b/src/lib/libssl/src/fips/rsa/fips_rsa_gen.c
deleted file mode 100644
index 2c92112477..0000000000
--- a/src/lib/libssl/src/fips/rsa/fips_rsa_gen.c
+++ /dev/null
@@ -1,249 +0,0 @@
1/* crypto/rsa/rsa_gen.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <time.h>
62#include <openssl/err.h>
63#include <openssl/bn.h>
64#include <openssl/rsa.h>
65#include <openssl/fips.h>
66
67#ifdef OPENSSL_FIPS
68
69static int fips_check_rsa(RSA *rsa)
70 {
71 int n;
72 unsigned char ctext[256];
73 unsigned char ptext[256];
74 /* The longest we can have with OAEP padding and a 512 bit key */
75 static unsigned char original_ptext[] =
76 "\x01\x23\x45\x67\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0"
77 "\x23\x45\x67\x89\xab\xcd";
78
79 /* this will fail for keys shorter than 512 bits */
80 n=RSA_public_encrypt(sizeof(original_ptext)-1,original_ptext,ctext,rsa,
81 RSA_PKCS1_OAEP_PADDING);
82 if(n < 0)
83 {
84 ERR_print_errors_fp(stderr);
85 exit(1);
86 }
87 if(!memcmp(ctext,original_ptext,n))
88 {
89 FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
90 return 0;
91 }
92 n=RSA_private_decrypt(n,ctext,ptext,rsa,RSA_PKCS1_OAEP_PADDING);
93 if(n < 0)
94 {
95 ERR_print_errors_fp(stderr);
96 exit(1);
97 }
98 if(n != sizeof(original_ptext)-1 || memcmp(ptext,original_ptext,n))
99 {
100 FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
101 return 0;
102 }
103
104 return 1;
105 }
106
107RSA *RSA_generate_key(FIPS_RSA_SIZE_T bits, unsigned long e_value,
108 void (*callback)(int,int,void *), void *cb_arg)
109 {
110 RSA *rsa=NULL;
111 BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
112 int bitsp,bitsq,ok= -1,n=0,i;
113 BN_CTX *ctx=NULL,*ctx2=NULL;
114
115 if(FIPS_selftest_failed())
116 {
117 FIPSerr(FIPS_F_RSA_GENERATE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);
118 return NULL;
119 }
120
121 ctx=BN_CTX_new();
122 if (ctx == NULL) goto err;
123 ctx2=BN_CTX_new();
124 if (ctx2 == NULL) goto err;
125 BN_CTX_start(ctx);
126 r0 = BN_CTX_get(ctx);
127 r1 = BN_CTX_get(ctx);
128 r2 = BN_CTX_get(ctx);
129 r3 = BN_CTX_get(ctx);
130 if (r3 == NULL) goto err;
131
132 bitsp=(bits+1)/2;
133 bitsq=bits-bitsp;
134 rsa=RSA_new();
135 if (rsa == NULL) goto err;
136
137 /* set e */
138 rsa->e=BN_new();
139 if (rsa->e == NULL) goto err;
140
141#if 1
142 /* The problem is when building with 8, 16, or 32 BN_ULONG,
143 * unsigned long can be larger */
144 for (i=0; i<sizeof(unsigned long)*8; i++)
145 {
146 if (e_value & (1UL<<i))
147 BN_set_bit(rsa->e,i);
148 }
149#else
150 if (!BN_set_word(rsa->e,e_value)) goto err;
151#endif
152
153 /* generate p and q */
154 for (;;)
155 {
156 rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg);
157 if (rsa->p == NULL) goto err;
158 if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
159 if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
160 if (BN_is_one(r1)) break;
161 if (callback != NULL) callback(2,n++,cb_arg);
162 BN_free(rsa->p);
163 }
164 if (callback != NULL) callback(3,0,cb_arg);
165 for (;;)
166 {
167 rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg);
168 if (rsa->q == NULL) goto err;
169 if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
170 if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
171 if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0))
172 break;
173 if (callback != NULL) callback(2,n++,cb_arg);
174 BN_free(rsa->q);
175 }
176 if (callback != NULL) callback(3,1,cb_arg);
177 if (BN_cmp(rsa->p,rsa->q) < 0)
178 {
179 tmp=rsa->p;
180 rsa->p=rsa->q;
181 rsa->q=tmp;
182 }
183
184 /* calculate n */
185 rsa->n=BN_new();
186 if (rsa->n == NULL) goto err;
187 if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
188
189 /* calculate d */
190 if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */
191 if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */
192 if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */
193
194/* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */
195/* for (;;)
196 {
197 if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err;
198 if (BN_is_one(r3)) break;
199
200 if (1)
201 {
202 if (!BN_add_word(rsa->e,2L)) goto err;
203 continue;
204 }
205 RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE);
206 goto err;
207 }
208*/
209 rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */
210 if (rsa->d == NULL) goto err;
211
212 /* calculate d mod (p-1) */
213 rsa->dmp1=BN_new();
214 if (rsa->dmp1 == NULL) goto err;
215 if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err;
216
217 /* calculate d mod (q-1) */
218 rsa->dmq1=BN_new();
219 if (rsa->dmq1 == NULL) goto err;
220 if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err;
221
222 /* calculate inverse of q mod p */
223 rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
224 if (rsa->iqmp == NULL) goto err;
225
226 if(!fips_check_rsa(rsa))
227 goto err;
228
229 ok=1;
230err:
231 if (ok == -1)
232 {
233 RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN);
234 ok=0;
235 }
236 BN_CTX_end(ctx);
237 BN_CTX_free(ctx);
238 BN_CTX_free(ctx2);
239
240 if (!ok)
241 {
242 if (rsa != NULL) RSA_free(rsa);
243 return(NULL);
244 }
245 else
246 return(rsa);
247 }
248
249#endif
diff --git a/src/lib/libssl/src/fips/rsa/fips_rsa_selftest.c b/src/lib/libssl/src/fips/rsa/fips_rsa_selftest.c
deleted file mode 100644
index 4e3b9445fc..0000000000
--- a/src/lib/libssl/src/fips/rsa/fips_rsa_selftest.c
+++ /dev/null
@@ -1,251 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 *
48 */
49
50#include <string.h>
51#include <openssl/err.h>
52#include <openssl/fips.h>
53#include <openssl/rsa.h>
54#include <openssl/sha.h>
55#include <openssl/opensslconf.h>
56
57#ifdef OPENSSL_FIPS
58#define SetKey \
59 key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
60 key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
61 key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
62 key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
63 key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
64 key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
65 key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
66 key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
67 memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
68 return (sizeof(ctext_ex) - 1);
69
70static unsigned char n[] =
71"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
72"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
73"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
74"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
75"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
76"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
77"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
78"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
79"\xCB";
80
81
82static int setrsakey(RSA *key, unsigned char *c)
83 {
84 static unsigned char e[] = "\x11";
85
86 static unsigned char d[] =
87"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
88"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
89"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
90"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
91"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
92"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
93"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
94"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
95"\xC1";
96
97 static unsigned char p[] =
98"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
99"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
100"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
101"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
102"\x99";
103
104 static unsigned char q[] =
105"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
106"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
107"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
108"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
109"\x03";
110
111 static unsigned char dmp1[] =
112"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
113"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
114"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
115"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
116
117 static unsigned char dmq1[] =
118"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
119"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
120"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
121"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
122
123 static unsigned char iqmp[] =
124"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
125"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
126"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
127"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
128"\xF7";
129
130 static unsigned char ctext_ex[] =
131"\x42\x4b\xc9\x51\x61\xd4\xca\xa0\x18\x6c\x4d\xca\x61\x8f\x2d\x07"
132"\x8c\x63\xc5\x6b\xa2\x4c\x32\xb1\xda\xb7\xdd\x32\xb6\x51\x68\xc3"
133"\x6e\x98\x46\xd6\xbb\x1a\xd5\x99\x05\x92\x7c\xd7\xbc\x08\x9e\xe4"
134"\xc3\x70\x4d\xe6\x99\x7e\x61\x31\x07\x7a\x19\xdb\x3e\x11\xfa\x3d"
135"\x7c\x61\xd7\x78\x14\x3f\x05\x16\xa0\xc4\xbf\xcd\xee\xca\x67\x4c"
136"\x80\x4e\xca\x43\x2f\x35\x43\x58\xa7\x50\x7e\x3e\x52\x82\xab\xac"
137"\xa6\x50\xe8\x39\x9f\xe0\x7f\x58\x1d\x1b\x90\x93\x04\xec\xb3\xf9"
138"\x24\xd3\x75\x3e\x39\xd1\x14\xc6\x33\xce\xd6\xee\x20\x47\xec\xe4";
139
140 SetKey;
141 }
142
143void FIPS_corrupt_rsa()
144 {
145 n[0]++;
146 }
147
148int FIPS_selftest_rsa()
149 {
150 int clen;
151 RSA *key;
152 unsigned char expected_ctext[256];
153 unsigned char ctext[256];
154 unsigned char ptext[256];
155 static unsigned char original_ptext[] =
156 "\x01\x23\x45\x67\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0"
157 "\x23\x45\x67\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12"
158 "\x45\x67\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34"
159 "\x67\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56"
160 "\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56\x78"
161 "\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56\x78\x9a"
162 "\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56\x78\x9a\xbc"
163 "\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56\x78\x9a\xbc\xde"
164 "\xf0\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56\x78\x9a\xbc\xde";
165 unsigned char md[SHA_DIGEST_LENGTH];
166 unsigned char mdkat[SHA_DIGEST_LENGTH] =
167 "\x2d\x57\x1d\x6f\x5c\x37\xf9\xf0\x3b\xb4\x3c\xe8\x2c\x4c\xb3\x04"
168 "\x75\xa2\x0e\xfb";
169 unsigned char ctextkat[] =
170 "\x3e\xc5\x0a\xbe\x29\xa2\xca\x9a\x35\x14\x17\x26\xa4\x0f\xa3\x03"
171 "\x65\xb5\x37\xf5\x6a\xaa\xb\xf\x2c\x0d\x8\xc0\x73\x8\x3c\x88\x85"
172 "\x36\x68\x16\xfe\x2f\x59\x77\x7e\x2a\x76\x9a\xc7\x27\x19\x9b\x54"
173 "\x14\x87\xf3\xe0\xce\x1e\x68\x10\x40\x14\xac\xbc\xe6\x6f\x26\x1f"
174 "\x55\xd1\x15\x81\x48\x10\xf4\x89\xe5\x67\x52\x42\x87\x04\x74\x4e"
175 "\x96\x14\x7c\x53\xc9\x1e\x84\x11\x7d\x7d\x23\xbd\xff\x6c\xcb\x00"
176 "\x96\x2e\x7d\xfb\x47\xea\x78\xcd\xd8\x04\x3a\x98\x06\x13\x68\x39"
177 "\xa1\xe2\xbc\x9f\x64\xc7\x62\xf0\x74\x4d\x42\xe0\x0b\xcf\x24\x48";
178 int i;
179
180 /* Perform pairwise consistency test by: ... */
181
182 key=RSA_new();
183 clen=setrsakey(key,expected_ctext);
184 /* ...1) apply public key to plaintext, resulting ciphertext must be
185 * different
186 */
187 i=RSA_public_encrypt(128,original_ptext,ctext,key,
188 RSA_NO_PADDING);
189 if(i != clen || memcmp(ctext,expected_ctext,i))
190 {
191 FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
192 return 0;
193 }
194 if(!memcmp(ctext,original_ptext,i))
195 {
196 FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
197 return 0;
198 }
199 /* ...2) apply private key to ciphertext and compare result to
200 * original plaintext; results must be equal
201 */
202 i=RSA_private_decrypt(i,ctext,ptext,key,RSA_NO_PADDING);
203 if(i != 128 || memcmp(ptext,original_ptext,i))
204 {
205 FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
206 return 0;
207 }
208
209 /* Perform sign and verify Known Answer Test by... */
210
211 /* ...1) using the same RSA key to encrypt the SHA-1 hash of a
212 * plaintext value larger than the RSA key size
213 */
214 if (RSA_size(key) >= sizeof(original_ptext) - 1)
215 {
216 FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
217 return 0;
218 }
219 /* ...2) then generate the SHA-1 digest of plaintext, and compare the
220 * digest to the Known Answer (note here we duplicate the SHA-1 KAT)
221 */
222 SHA1(original_ptext,sizeof(original_ptext) - 1,md);
223 if(memcmp(md,mdkat,SHA_DIGEST_LENGTH))
224 {
225 FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED);
226 return 0;
227 }
228 /* ...3) then encrypt the digest, and compare the ciphertext
229 * to the Known Answer
230 */
231 i=RSA_private_encrypt(sizeof(md),md,ctext,key,RSA_PKCS1_PADDING);
232 if(i != clen || memcmp(ctextkat,ctext,i))
233 {
234 FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
235 return 0;
236 }
237 /* ...4) and finally decrypt the signed digest and compare with
238 * the original Known Answer
239 */
240 i=RSA_public_decrypt(i,ctext,md,key,RSA_PKCS1_PADDING);
241 if(i != sizeof(md) || memcmp(mdkat,md,i))
242 {
243 FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
244 return 0;
245 }
246
247 RSA_free(key);
248 return 1;
249 }
250
251#endif /* def OPENSSL_FIPS */