aboutsummaryrefslogtreecommitdiff
path: root/openssl/fips/hmac
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2009-06-28 22:07:26 +0000
committermarha <marha@users.sourceforge.net>2009-06-28 22:07:26 +0000
commit3562e78743202e43aec8727005182a2558117eca (patch)
tree8f9113a77d12470c5c851a2a8e4cb02e89df7d43 /openssl/fips/hmac
downloadvcxsrv-3562e78743202e43aec8727005182a2558117eca.tar.gz
vcxsrv-3562e78743202e43aec8727005182a2558117eca.tar.bz2
vcxsrv-3562e78743202e43aec8727005182a2558117eca.zip
Checked in the following released items:
xkeyboard-config-1.4.tar.gz ttf-bitstream-vera-1.10.tar.gz font-alias-1.0.1.tar.gz font-sun-misc-1.0.0.tar.gz font-sun-misc-1.0.0.tar.gz font-sony-misc-1.0.0.tar.gz font-schumacher-misc-1.0.0.tar.gz font-mutt-misc-1.0.0.tar.gz font-misc-misc-1.0.0.tar.gz font-misc-meltho-1.0.0.tar.gz font-micro-misc-1.0.0.tar.gz font-jis-misc-1.0.0.tar.gz font-isas-misc-1.0.0.tar.gz font-dec-misc-1.0.0.tar.gz font-daewoo-misc-1.0.0.tar.gz font-cursor-misc-1.0.0.tar.gz font-arabic-misc-1.0.0.tar.gz font-winitzki-cyrillic-1.0.0.tar.gz font-misc-cyrillic-1.0.0.tar.gz font-cronyx-cyrillic-1.0.0.tar.gz font-screen-cyrillic-1.0.1.tar.gz font-xfree86-type1-1.0.1.tar.gz font-adobe-utopia-type1-1.0.1.tar.gz font-ibm-type1-1.0.0.tar.gz font-bitstream-type1-1.0.0.tar.gz font-bitstream-speedo-1.0.0.tar.gz font-bh-ttf-1.0.0.tar.gz font-bh-type1-1.0.0.tar.gz font-bitstream-100dpi-1.0.0.tar.gz font-bh-lucidatypewriter-100dpi-1.0.0.tar.gz font-bh-100dpi-1.0.0.tar.gz font-adobe-utopia-100dpi-1.0.1.tar.gz font-adobe-100dpi-1.0.0.tar.gz font-util-1.0.1.tar.gz font-bitstream-75dpi-1.0.0.tar.gz font-bh-lucidatypewriter-75dpi-1.0.0.tar.gz font-adobe-utopia-75dpi-1.0.1.tar.gz font-bh-75dpi-1.0.0.tar.gz bdftopcf-1.0.1.tar.gz font-adobe-75dpi-1.0.0.tar.gz mkfontscale-1.0.6.tar.gz openssl-0.9.8k.tar.gz bigreqsproto-1.0.2.tar.gz xtrans-1.2.2.tar.gz resourceproto-1.0.2.tar.gz inputproto-1.4.4.tar.gz compositeproto-0.4.tar.gz damageproto-1.1.0.tar.gz zlib-1.2.3.tar.gz xkbcomp-1.0.5.tar.gz freetype-2.3.9.tar.gz pthreads-w32-2-8-0-release.tar.gz pixman-0.12.0.tar.gz kbproto-1.0.3.tar.gz evieext-1.0.2.tar.gz fixesproto-4.0.tar.gz recordproto-1.13.2.tar.gz randrproto-1.2.2.tar.gz scrnsaverproto-1.1.0.tar.gz renderproto-0.9.3.tar.gz xcmiscproto-1.1.2.tar.gz fontsproto-2.0.2.tar.gz xextproto-7.0.3.tar.gz xproto-7.0.14.tar.gz libXdmcp-1.0.2.tar.gz libxkbfile-1.0.5.tar.gz libfontenc-1.0.4.tar.gz libXfont-1.3.4.tar.gz libX11-1.1.5.tar.gz libXau-1.0.4.tar.gz libxcb-1.1.tar.gz xorg-server-1.5.3.tar.gz
Diffstat (limited to 'openssl/fips/hmac')
-rw-r--r--openssl/fips/hmac/Makefile123
-rw-r--r--openssl/fips/hmac/fips_hmac.c191
-rw-r--r--openssl/fips/hmac/fips_hmac_selftest.c135
-rw-r--r--openssl/fips/hmac/fips_hmactest.c328
4 files changed, 777 insertions, 0 deletions
diff --git a/openssl/fips/hmac/Makefile b/openssl/fips/hmac/Makefile
new file mode 100644
index 000000000..be230ade9
--- /dev/null
+++ b/openssl/fips/hmac/Makefile
@@ -0,0 +1,123 @@
+#
+# OpenSSL/fips/hmac/Makefile
+#
+
+DIR= hmac
+TOP= ../..
+CC= cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE= Makefile
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=fips_hmactest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=fips_hmac.c fips_hmac_selftest.c
+LIBOBJ=fips_hmac.o fips_hmac_selftest.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=
+HEADER= $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ @echo $(LIBOBJ) > lib
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+Q=../testvectors/hmac/req
+A=../testvectors/hmac/rsp
+
+fips_test:
+ -rm -rf $(A)
+ mkdir $(A)
+ if [ -f $(Q)/HMAC.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_hmactest < $(Q)/HMAC.req > $(A)/HMAC.rsp; fi
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_hmac.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_hmac.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_hmac.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
+fips_hmac.o: ../../include/openssl/objects.h
+fips_hmac.o: ../../include/openssl/opensslconf.h
+fips_hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+fips_hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_hmac.o: ../../include/openssl/symhacks.h fips_hmac.c
+fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_hmac_selftest.o: ../../include/openssl/crypto.h
+fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_hmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_hmac_selftest.o: ../../include/openssl/hmac.h
+fips_hmac_selftest.o: ../../include/openssl/lhash.h
+fips_hmac_selftest.o: ../../include/openssl/obj_mac.h
+fips_hmac_selftest.o: ../../include/openssl/objects.h
+fips_hmac_selftest.o: ../../include/openssl/opensslconf.h
+fips_hmac_selftest.o: ../../include/openssl/opensslv.h
+fips_hmac_selftest.o: ../../include/openssl/ossl_typ.h
+fips_hmac_selftest.o: ../../include/openssl/safestack.h
+fips_hmac_selftest.o: ../../include/openssl/stack.h
+fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c
+fips_hmactest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_hmactest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_hmactest.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+fips_hmactest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_hmactest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+fips_hmactest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_hmactest.o: ../../include/openssl/fips.h ../../include/openssl/hmac.h
+fips_hmactest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_hmactest.o: ../../include/openssl/objects.h
+fips_hmactest.o: ../../include/openssl/opensslconf.h
+fips_hmactest.o: ../../include/openssl/opensslv.h
+fips_hmactest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_hmactest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_hmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_hmactest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+fips_hmactest.o: ../../include/openssl/x509v3.h ../fips_utl.h fips_hmactest.c
diff --git a/openssl/fips/hmac/fips_hmac.c b/openssl/fips/hmac/fips_hmac.c
new file mode 100644
index 000000000..7c49c9882
--- /dev/null
+++ b/openssl/fips/hmac/fips_hmac.c
@@ -0,0 +1,191 @@
+/* crypto/hmac/hmac.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/hmac.h>
+#include <openssl/fips.h>
+
+#ifdef OPENSSL_FIPS
+
+void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+ const EVP_MD *md, ENGINE *impl)
+ {
+ int i,j,reset=0;
+ unsigned char pad[HMAC_MAX_MD_CBLOCK];
+
+ if (md != NULL)
+ {
+ reset=1;
+ ctx->md=md;
+ }
+ else
+ md=ctx->md;
+
+ if (key != NULL)
+ {
+ if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
+ && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+ || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+ || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
+ OpenSSLDie(__FILE__,__LINE__,
+ "HMAC: digest not allowed in FIPS mode");
+
+ reset=1;
+ j=M_EVP_MD_block_size(md);
+ OPENSSL_assert(j <= sizeof ctx->key);
+ if (j < len)
+ {
+ EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
+ EVP_DigestUpdate(&ctx->md_ctx,key,len);
+ EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
+ &ctx->key_length);
+ }
+ else
+ {
+ OPENSSL_assert(len <= sizeof ctx->key);
+ memcpy(ctx->key,key,len);
+ ctx->key_length=len;
+ }
+ if(ctx->key_length != HMAC_MAX_MD_CBLOCK)
+ memset(&ctx->key[ctx->key_length], 0,
+ HMAC_MAX_MD_CBLOCK - ctx->key_length);
+ }
+
+ if (reset)
+ {
+ for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
+ pad[i]=0x36^ctx->key[i];
+ EVP_DigestInit_ex(&ctx->i_ctx,md, impl);
+ EVP_DigestUpdate(&ctx->i_ctx,pad,M_EVP_MD_block_size(md));
+
+ for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
+ pad[i]=0x5c^ctx->key[i];
+ EVP_DigestInit_ex(&ctx->o_ctx,md, impl);
+ EVP_DigestUpdate(&ctx->o_ctx,pad,M_EVP_MD_block_size(md));
+ }
+ EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
+ }
+
+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+ const EVP_MD *md)
+ {
+ if(key && md)
+ HMAC_CTX_init(ctx);
+ HMAC_Init_ex(ctx,key,len,md, NULL);
+ }
+
+void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
+ {
+ EVP_DigestUpdate(&ctx->md_ctx,data,len);
+ }
+
+void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+ {
+ int j;
+ unsigned int i;
+ unsigned char buf[EVP_MAX_MD_SIZE];
+
+ j=M_EVP_MD_block_size(ctx->md);
+
+ EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
+ EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
+ EVP_DigestUpdate(&ctx->md_ctx,buf,i);
+ EVP_DigestFinal_ex(&ctx->md_ctx,md,len);
+ }
+
+void HMAC_CTX_init(HMAC_CTX *ctx)
+ {
+ EVP_MD_CTX_init(&ctx->i_ctx);
+ EVP_MD_CTX_init(&ctx->o_ctx);
+ EVP_MD_CTX_init(&ctx->md_ctx);
+ }
+
+void HMAC_CTX_cleanup(HMAC_CTX *ctx)
+ {
+ EVP_MD_CTX_cleanup(&ctx->i_ctx);
+ EVP_MD_CTX_cleanup(&ctx->o_ctx);
+ EVP_MD_CTX_cleanup(&ctx->md_ctx);
+ memset(ctx,0,sizeof *ctx);
+ }
+
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+ const unsigned char *d, size_t n, unsigned char *md,
+ unsigned int *md_len)
+ {
+ HMAC_CTX c;
+ static unsigned char m[EVP_MAX_MD_SIZE];
+
+ if (md == NULL) md=m;
+ HMAC_CTX_init(&c);
+ HMAC_Init(&c,key,key_len,evp_md);
+ HMAC_Update(&c,d,n);
+ HMAC_Final(&c,md,md_len);
+ HMAC_CTX_cleanup(&c);
+ return(md);
+ }
+
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
+ {
+ M_EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+ M_EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
+ M_EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
+ }
+
+#endif
+
diff --git a/openssl/fips/hmac/fips_hmac_selftest.c b/openssl/fips/hmac/fips_hmac_selftest.c
new file mode 100644
index 000000000..a69777073
--- /dev/null
+++ b/openssl/fips/hmac/fips_hmac_selftest.c
@@ -0,0 +1,135 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/hmac.h>
+
+#ifdef OPENSSL_FIPS
+typedef struct {
+ const EVP_MD *(*alg)(void);
+ const char *key, *iv;
+ unsigned char kaval[EVP_MAX_MD_SIZE];
+} HMAC_KAT;
+
+static const HMAC_KAT vector[] = {
+ { EVP_sha1,
+ /* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */
+ "0123456789:;<=>?@ABC",
+ "Sample #2",
+ { 0x09,0x22,0xd3,0x40,0x5f,0xaa,0x3d,0x19,
+ 0x4f,0x82,0xa4,0x58,0x30,0x73,0x7d,0x5c,
+ 0xc6,0xc7,0x5d,0x24 }
+ },
+ { EVP_sha224,
+ /* just keep extending the above... */
+ "0123456789:;<=>?@ABC",
+ "Sample #2",
+ { 0xdd,0xef,0x0a,0x40,0xcb,0x7d,0x50,0xfb,
+ 0x6e,0xe6,0xce,0xa1,0x20,0xba,0x26,0xaa,
+ 0x08,0xf3,0x07,0x75,0x87,0xb8,0xad,0x1b,
+ 0x8c,0x8d,0x12,0xc7 }
+ },
+ { EVP_sha256,
+ "0123456789:;<=>?@ABC",
+ "Sample #2",
+ { 0xb8,0xf2,0x0d,0xb5,0x41,0xea,0x43,0x09,
+ 0xca,0x4e,0xa9,0x38,0x0c,0xd0,0xe8,0x34,
+ 0xf7,0x1f,0xbe,0x91,0x74,0xa2,0x61,0x38,
+ 0x0d,0xc1,0x7e,0xae,0x6a,0x34,0x51,0xd9 }
+ },
+ { EVP_sha384,
+ "0123456789:;<=>?@ABC",
+ "Sample #2",
+ { 0x08,0xbc,0xb0,0xda,0x49,0x1e,0x87,0xad,
+ 0x9a,0x1d,0x6a,0xce,0x23,0xc5,0x0b,0xf6,
+ 0xb7,0x18,0x06,0xa5,0x77,0xcd,0x49,0x04,
+ 0x89,0xf1,0xe6,0x23,0x44,0x51,0x51,0x9f,
+ 0x85,0x56,0x80,0x79,0x0c,0xbd,0x4d,0x50,
+ 0xa4,0x5f,0x29,0xe3,0x93,0xf0,0xe8,0x7f }
+ },
+ { EVP_sha512,
+ "0123456789:;<=>?@ABC",
+ "Sample #2",
+ { 0x80,0x9d,0x44,0x05,0x7c,0x5b,0x95,0x41,
+ 0x05,0xbd,0x04,0x13,0x16,0xdb,0x0f,0xac,
+ 0x44,0xd5,0xa4,0xd5,0xd0,0x89,0x2b,0xd0,
+ 0x4e,0x86,0x64,0x12,0xc0,0x90,0x77,0x68,
+ 0xf1,0x87,0xb7,0x7c,0x4f,0xae,0x2c,0x2f,
+ 0x21,0xa5,0xb5,0x65,0x9a,0x4f,0x4b,0xa7,
+ 0x47,0x02,0xa3,0xde,0x9b,0x51,0xf1,0x45,
+ 0xbd,0x4f,0x25,0x27,0x42,0x98,0x99,0x05 }
+ },
+};
+
+int FIPS_selftest_hmac()
+ {
+ int n;
+ unsigned int outlen;
+ unsigned char out[EVP_MAX_MD_SIZE];
+ const EVP_MD *md;
+ const HMAC_KAT *t;
+
+ for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
+ {
+ md = (*t->alg)();
+ HMAC(md,t->key,strlen(t->key),
+ (const unsigned char *)t->iv,strlen(t->iv),
+ out,&outlen);
+
+ if(memcmp(out,t->kaval,outlen))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ }
+ return 1;
+ }
+#endif
diff --git a/openssl/fips/hmac/fips_hmactest.c b/openssl/fips/hmac/fips_hmactest.c
new file mode 100644
index 000000000..69ebf6862
--- /dev/null
+++ b/openssl/fips/hmac/fips_hmactest.c
@@ -0,0 +1,328 @@
+/* fips_hmactest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+ printf("No FIPS HMAC support\n");
+ return(0);
+}
+
+#else
+
+#include <openssl/fips.h>
+#include "fips_utl.h"
+
+static int hmac_test(const EVP_MD *md, FILE *out, FILE *in);
+static int print_hmac(const EVP_MD *md, FILE *out,
+ unsigned char *Key, int Klen,
+ unsigned char *Msg, int Msglen, int Tlen);
+
+int main(int argc, char **argv)
+ {
+ FILE *in = NULL, *out = NULL;
+
+ int ret = 1;
+
+ if(!FIPS_mode_set(1))
+ {
+ do_print_errors();
+ goto end;
+ }
+
+ if (argc == 1)
+ in = stdin;
+ else
+ in = fopen(argv[1], "r");
+
+ if (argc < 2)
+ out = stdout;
+ else
+ out = fopen(argv[2], "w");
+
+ if (!in)
+ {
+ fprintf(stderr, "FATAL input initialization error\n");
+ goto end;
+ }
+
+ if (!out)
+ {
+ fprintf(stderr, "FATAL output initialization error\n");
+ goto end;
+ }
+
+ if (!hmac_test(EVP_sha1(), out, in))
+ {
+ fprintf(stderr, "FATAL hmac file processing error\n");
+ goto end;
+ }
+ else
+ ret = 0;
+
+ end:
+
+ if (ret)
+ do_print_errors();
+
+ if (in && (in != stdin))
+ fclose(in);
+ if (out && (out != stdout))
+ fclose(out);
+
+ return ret;
+
+ }
+
+#define HMAC_TEST_MAXLINELEN 1024
+
+int hmac_test(const EVP_MD *md, FILE *out, FILE *in)
+ {
+ char *linebuf, *olinebuf, *p, *q;
+ char *keyword, *value;
+ unsigned char *Key = NULL, *Msg = NULL;
+ int Count, Klen, Tlen;
+ long Keylen, Msglen;
+ int ret = 0;
+ int lnum = 0;
+
+ olinebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN);
+ linebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN);
+
+ if (!linebuf || !olinebuf)
+ goto error;
+
+ Count = -1;
+ Klen = -1;
+ Tlen = -1;
+
+ while (fgets(olinebuf, HMAC_TEST_MAXLINELEN, in))
+ {
+ lnum++;
+ strcpy(linebuf, olinebuf);
+ keyword = linebuf;
+ /* Skip leading space */
+ while (isspace((unsigned char)*keyword))
+ keyword++;
+
+ /* Look for = sign */
+ p = strchr(linebuf, '=');
+
+ /* If no = or starts with [ (for [L=20] line) just copy */
+ if (!p)
+ {
+ if (fputs(olinebuf, out) < 0)
+ goto error;
+ continue;
+ }
+
+ q = p - 1;
+
+ /* Remove trailing space */
+ while (isspace((unsigned char)*q))
+ *q-- = 0;
+
+ *p = 0;
+ value = p + 1;
+
+ /* Remove leading space from value */
+ while (isspace((unsigned char)*value))
+ value++;
+
+ /* Remove trailing space from value */
+ p = value + strlen(value) - 1;
+
+ while (*p == '\n' || isspace((unsigned char)*p))
+ *p-- = 0;
+
+ if (!strcmp(keyword,"[L") && *p==']')
+ {
+ switch (atoi(value))
+ {
+ case 20: md=EVP_sha1(); break;
+ case 28: md=EVP_sha224(); break;
+ case 32: md=EVP_sha256(); break;
+ case 48: md=EVP_sha384(); break;
+ case 64: md=EVP_sha512(); break;
+ default: goto parse_error;
+ }
+ }
+ else if (!strcmp(keyword, "Count"))
+ {
+ if (Count != -1)
+ goto parse_error;
+ Count = atoi(value);
+ if (Count < 0)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "Klen"))
+ {
+ if (Klen != -1)
+ goto parse_error;
+ Klen = atoi(value);
+ if (Klen < 0)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "Tlen"))
+ {
+ if (Tlen != -1)
+ goto parse_error;
+ Tlen = atoi(value);
+ if (Tlen < 0)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "Msg"))
+ {
+ if (Msg)
+ goto parse_error;
+ Msg = hex2bin_m(value, &Msglen);
+ if (!Msg)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "Key"))
+ {
+ if (Key)
+ goto parse_error;
+ Key = hex2bin_m(value, &Keylen);
+ if (!Key)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "Mac"))
+ continue;
+ else
+ goto parse_error;
+
+ fputs(olinebuf, out);
+
+ if (Key && Msg && (Tlen > 0) && (Klen > 0))
+ {
+ if (!print_hmac(md, out, Key, Klen, Msg, Msglen, Tlen))
+ goto error;
+ OPENSSL_free(Key);
+ Key = NULL;
+ OPENSSL_free(Msg);
+ Msg = NULL;
+ Klen = -1;
+ Tlen = -1;
+ Count = -1;
+ }
+
+ }
+
+
+ ret = 1;
+
+
+ error:
+
+ if (olinebuf)
+ OPENSSL_free(olinebuf);
+ if (linebuf)
+ OPENSSL_free(linebuf);
+ if (Key)
+ OPENSSL_free(Key);
+ if (Msg)
+ OPENSSL_free(Msg);
+
+ return ret;
+
+ parse_error:
+
+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+ goto error;
+
+ }
+
+static int print_hmac(const EVP_MD *emd, FILE *out,
+ unsigned char *Key, int Klen,
+ unsigned char *Msg, int Msglen, int Tlen)
+ {
+ int i, mdlen;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ if (!HMAC(emd, Key, Klen, Msg, Msglen, md,
+ (unsigned int *)&mdlen))
+ {
+ fputs("Error calculating HMAC\n", stderr);
+ return 0;
+ }
+ if (Tlen > mdlen)
+ {
+ fputs("Parameter error, Tlen > HMAC length\n", stderr);
+ return 0;
+ }
+ fputs("Mac = ", out);
+ for (i = 0; i < Tlen; i++)
+ fprintf(out, "%02x", md[i]);
+ fputs("\n", out);
+ return 1;
+ }
+
+#endif