Checked in the following released items:

xkeyboard-config-1.4.tar.gz
ttf-bitstream-vera-1.10.tar.gz
font-alias-1.0.1.tar.gz
font-sun-misc-1.0.0.tar.gz
font-sun-misc-1.0.0.tar.gz
font-sony-misc-1.0.0.tar.gz
font-schumacher-misc-1.0.0.tar.gz
font-mutt-misc-1.0.0.tar.gz
font-misc-misc-1.0.0.tar.gz
font-misc-meltho-1.0.0.tar.gz
font-micro-misc-1.0.0.tar.gz
font-jis-misc-1.0.0.tar.gz
font-isas-misc-1.0.0.tar.gz
font-dec-misc-1.0.0.tar.gz
font-daewoo-misc-1.0.0.tar.gz
font-cursor-misc-1.0.0.tar.gz
font-arabic-misc-1.0.0.tar.gz
font-winitzki-cyrillic-1.0.0.tar.gz
font-misc-cyrillic-1.0.0.tar.gz
font-cronyx-cyrillic-1.0.0.tar.gz
font-screen-cyrillic-1.0.1.tar.gz
font-xfree86-type1-1.0.1.tar.gz
font-adobe-utopia-type1-1.0.1.tar.gz
font-ibm-type1-1.0.0.tar.gz
font-bitstream-type1-1.0.0.tar.gz
font-bitstream-speedo-1.0.0.tar.gz
font-bh-ttf-1.0.0.tar.gz
font-bh-type1-1.0.0.tar.gz
font-bitstream-100dpi-1.0.0.tar.gz
font-bh-lucidatypewriter-100dpi-1.0.0.tar.gz
font-bh-100dpi-1.0.0.tar.gz
font-adobe-utopia-100dpi-1.0.1.tar.gz
font-adobe-100dpi-1.0.0.tar.gz
font-util-1.0.1.tar.gz
font-bitstream-75dpi-1.0.0.tar.gz
font-bh-lucidatypewriter-75dpi-1.0.0.tar.gz
font-adobe-utopia-75dpi-1.0.1.tar.gz
font-bh-75dpi-1.0.0.tar.gz
bdftopcf-1.0.1.tar.gz
font-adobe-75dpi-1.0.0.tar.gz
mkfontscale-1.0.6.tar.gz
openssl-0.9.8k.tar.gz
bigreqsproto-1.0.2.tar.gz
xtrans-1.2.2.tar.gz
resourceproto-1.0.2.tar.gz
inputproto-1.4.4.tar.gz
compositeproto-0.4.tar.gz
damageproto-1.1.0.tar.gz
zlib-1.2.3.tar.gz
xkbcomp-1.0.5.tar.gz
freetype-2.3.9.tar.gz
pthreads-w32-2-8-0-release.tar.gz
pixman-0.12.0.tar.gz
kbproto-1.0.3.tar.gz
evieext-1.0.2.tar.gz
fixesproto-4.0.tar.gz
recordproto-1.13.2.tar.gz
randrproto-1.2.2.tar.gz
scrnsaverproto-1.1.0.tar.gz
renderproto-0.9.3.tar.gz
xcmiscproto-1.1.2.tar.gz
fontsproto-2.0.2.tar.gz
xextproto-7.0.3.tar.gz
xproto-7.0.14.tar.gz
libXdmcp-1.0.2.tar.gz
libxkbfile-1.0.5.tar.gz
libfontenc-1.0.4.tar.gz
libXfont-1.3.4.tar.gz
libX11-1.1.5.tar.gz
libXau-1.0.4.tar.gz
libxcb-1.1.tar.gz
xorg-server-1.5.3.tar.gz

1 files changed, 554 insertions, 0 deletions

diff --git a/openssl/fips/rsa/fips_rsa_sign.c b/openssl/fips/rsa/fips_rsa_sign.c
new file mode 100644
index 000000000..37364621d
--- /dev/null
+++ b/openssl/fips/rsa/fips_rsa_sign.c
@@ -0,0 +1,554 @@
+/* fips_rsa_sign.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+#include <openssl/err.h>
+#include <openssl/sha.h>
+
+#ifdef OPENSSL_FIPS
+
+/* FIPS versions of RSA_sign() and RSA_verify().
+ * These will only have to deal with SHA* signatures and by including
+ * pregenerated encodings all ASN1 dependencies can be avoided
+ */
+
+/* Standard encodings including NULL parameter */
+
+static const unsigned char sha1_bin[] = {
+  0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
+  0x00, 0x04, 0x14
+};
+
+static const unsigned char sha224_bin[] = {
+  0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c
+};
+
+static const unsigned char sha256_bin[] = {
+  0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
+};
+
+static const unsigned char sha384_bin[] = {
+  0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30
+};
+
+static const unsigned char sha512_bin[] = {
+  0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
+};
+
+/* Alternate encodings with absent parameters. We don't generate signature
+ * using this format but do tolerate received signatures of this form.
+ */
+
+static unsigned char sha1_nn_bin[] = {
+  0x30, 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04,
+  0x14
+};
+
+static unsigned char sha224_nn_bin[] = {
+  0x30, 0x2b, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x04, 0x04, 0x1c
+};
+
+static unsigned char sha256_nn_bin[] = {
+  0x30, 0x2f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x01, 0x04, 0x20
+};
+
+static unsigned char sha384_nn_bin[] = {
+  0x30, 0x3f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x02, 0x04, 0x30
+};
+
+static unsigned char sha512_nn_bin[] = {
+  0x30, 0x4f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x03, 0x04, 0x40
+};
+
+
+static const unsigned char *fips_digestinfo_encoding(int nid, unsigned int *len)
+	{
+	switch (nid)
+		{
+
+		case NID_sha1:
+		*len = sizeof(sha1_bin);
+		return sha1_bin;
+
+		case NID_sha224:
+		*len = sizeof(sha224_bin);
+		return sha224_bin;
+
+		case NID_sha256:
+		*len = sizeof(sha256_bin);
+		return sha256_bin;
+
+		case NID_sha384:
+		*len = sizeof(sha384_bin);
+		return sha384_bin;
+
+		case NID_sha512:
+		*len = sizeof(sha512_bin);
+		return sha512_bin;
+
+		default:
+		return NULL;
+
+		}
+	}
+
+static const unsigned char *fips_digestinfo_nn_encoding(int nid, unsigned int *len)
+	{
+	switch (nid)
+		{
+
+		case NID_sha1:
+		*len = sizeof(sha1_nn_bin);
+		return sha1_nn_bin;
+
+		case NID_sha224:
+		*len = sizeof(sha224_nn_bin);
+		return sha224_nn_bin;
+
+		case NID_sha256:
+		*len = sizeof(sha256_nn_bin);
+		return sha256_nn_bin;
+
+		case NID_sha384:
+		*len = sizeof(sha384_nn_bin);
+		return sha384_nn_bin;
+
+		case NID_sha512:
+		*len = sizeof(sha512_nn_bin);
+		return sha512_nn_bin;
+
+		default:
+		return NULL;
+
+		}
+	}
+
+static int fips_rsa_sign(int type, const unsigned char *x, unsigned int y,
+	     unsigned char *sigret, unsigned int *siglen, EVP_MD_SVCTX *sv)
+	{
+	int i=0,j,ret=0;
+	unsigned int dlen;
+	const unsigned char *der;
+	unsigned int m_len;
+	int pad_mode = sv->mctx->flags & EVP_MD_CTX_FLAG_PAD_MASK;
+	int rsa_pad_mode = 0;
+	RSA *rsa = sv->key;
+	/* Largest DigestInfo: 19 (max encoding) + max MD */
+	unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
+	unsigned char md[EVP_MAX_MD_SIZE + 1];
+
+        EVP_DigestFinal_ex(sv->mctx, md, &m_len);
+
+	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
+		{
+		ret = rsa->meth->rsa_sign(type, md, m_len,
+			sigret, siglen, rsa);
+		goto done;
+		}
+
+	if (pad_mode == EVP_MD_CTX_FLAG_PAD_X931)
+		{
+		int hash_id;
+		memcpy(tmpdinfo, md, m_len);
+		hash_id = RSA_X931_hash_id(M_EVP_MD_CTX_type(sv->mctx));
+		if (hash_id == -1)
+			{
+			RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+			return 0;
+			}
+		tmpdinfo[m_len] = (unsigned char)hash_id;
+		i = m_len + 1;
+		rsa_pad_mode = RSA_X931_PADDING;
+		}
+	else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PKCS1)
+		{
+
+		der = fips_digestinfo_encoding(type, &dlen);
+		
+		if (!der)
+			{
+			RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+			return 0;
+			}
+		memcpy(tmpdinfo, der, dlen);
+		memcpy(tmpdinfo + dlen, md, m_len);
+
+		i = dlen + m_len;
+		rsa_pad_mode = RSA_PKCS1_PADDING;
+
+		}
+	else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PSS)
+		{
+		unsigned char *sbuf;
+		int saltlen;
+		i = RSA_size(rsa);
+		sbuf = OPENSSL_malloc(RSA_size(rsa));
+		saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(sv->mctx);
+		if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
+			saltlen = -1;
+		else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
+			saltlen = -2;
+		if (!sbuf)
+			{
+			RSAerr(RSA_F_FIPS_RSA_SIGN,ERR_R_MALLOC_FAILURE);
+			goto psserr;
+			}
+		if (!RSA_padding_add_PKCS1_PSS(rsa, sbuf, md,
+					M_EVP_MD_CTX_md(sv->mctx), saltlen))
+			goto psserr;
+		j=rsa->meth->rsa_priv_enc(i,sbuf,sigret,rsa,RSA_NO_PADDING);
+		if (j > 0)
+			{
+			ret=1;
+			*siglen=j;
+			}
+		psserr:
+		OPENSSL_cleanse(md,m_len);
+		OPENSSL_cleanse(sbuf, i);
+		OPENSSL_free(sbuf);
+		return ret;
+		}
+
+	j=RSA_size(rsa);
+	if (i > (j-RSA_PKCS1_PADDING_SIZE))
+		{
+		RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+		goto done;
+		}
+	/* NB: call underlying method directly to avoid FIPS blocking */
+	j=rsa->meth->rsa_priv_enc(i,tmpdinfo,sigret,rsa,rsa_pad_mode);
+	if (j > 0)
+		{
+		ret=1;
+		*siglen=j;
+		}
+
+	done:
+	OPENSSL_cleanse(tmpdinfo,i);
+	OPENSSL_cleanse(md,m_len);
+	return ret;
+	}
+
+static int fips_rsa_verify(int dtype,
+		const unsigned char *x, unsigned int y,
+		unsigned char *sigbuf, unsigned int siglen, EVP_MD_SVCTX *sv)
+	{
+	int i,ret=0;
+	unsigned int dlen, diglen;
+	int pad_mode = sv->mctx->flags & EVP_MD_CTX_FLAG_PAD_MASK;
+	int rsa_pad_mode = 0;
+	unsigned char *s;
+	const unsigned char *der;
+	unsigned char dig[EVP_MAX_MD_SIZE];
+	RSA *rsa = sv->key;
+
+	if (siglen != (unsigned int)RSA_size(sv->key))
+		{
+		RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
+		return(0);
+		}
+
+        EVP_DigestFinal_ex(sv->mctx, dig, &diglen);
+
+	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
+		{
+		return rsa->meth->rsa_verify(dtype, dig, diglen,
+			sigbuf, siglen, rsa);
+		}
+
+
+	s= OPENSSL_malloc((unsigned int)siglen);
+	if (s == NULL)
+		{
+		RSAerr(RSA_F_FIPS_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	if (pad_mode == EVP_MD_CTX_FLAG_PAD_X931)
+		rsa_pad_mode = RSA_X931_PADDING;
+	else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PKCS1)
+		rsa_pad_mode = RSA_PKCS1_PADDING;
+	else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PSS)
+		rsa_pad_mode = RSA_NO_PADDING;
+
+	/* NB: call underlying method directly to avoid FIPS blocking */
+	i=rsa->meth->rsa_pub_dec((int)siglen,sigbuf,s, rsa, rsa_pad_mode);
+
+	if (i <= 0) goto err;
+
+	if (pad_mode == EVP_MD_CTX_FLAG_PAD_X931)
+		{
+		int hash_id;
+		if (i != (int)(diglen + 1))
+			{
+			RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+			goto err;
+			}
+		hash_id = RSA_X931_hash_id(M_EVP_MD_CTX_type(sv->mctx));
+		if (hash_id == -1)
+			{
+			RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+			goto err;
+			}
+		if (s[diglen] != (unsigned char)hash_id)
+			{
+			RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+			goto err;
+			}
+		if (memcmp(s, dig, diglen))
+			{
+			RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+			goto err;
+			}
+		ret = 1;
+		}
+	else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PKCS1)
+		{
+
+		der = fips_digestinfo_encoding(dtype, &dlen);
+		
+		if (!der)
+			{
+			RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+			return(0);
+			}
+
+		/* Compare, DigestInfo length, DigestInfo header and finally
+		 * digest value itself
+		 */
+
+		/* If length mismatch try alternate encoding */
+		if (i != (int)(dlen + diglen))
+			der = fips_digestinfo_nn_encoding(dtype, &dlen);
+
+		if ((i != (int)(dlen + diglen)) || memcmp(der, s, dlen)
+			|| memcmp(s + dlen, dig, diglen))
+			{
+			RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+			goto err;
+			}
+		ret = 1;
+
+		}
+	else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PSS)
+		{
+		int saltlen;
+		saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(sv->mctx);
+		if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
+			saltlen = -1;
+		else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
+			saltlen = -2;
+		ret = RSA_verify_PKCS1_PSS(rsa, dig, M_EVP_MD_CTX_md(sv->mctx),
+						s, saltlen);
+		if (ret < 0)
+			ret = 0;
+		}
+err:
+	if (s != NULL)
+		{
+		OPENSSL_cleanse(s, siglen);
+		OPENSSL_free(s);
+		}
+	return(ret);
+	}
+
+#define EVP_PKEY_RSA_fips_method \
+				(evp_sign_method *)fips_rsa_sign, \
+				(evp_verify_method *)fips_rsa_verify, \
+				{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
+
+static int init(EVP_MD_CTX *ctx)
+	{ return SHA1_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
+	{ return SHA1_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return SHA1_Final(md,ctx->md_data); }
+
+static const EVP_MD sha1_md=
+	{
+	NID_sha1,
+	NID_sha1WithRSAEncryption,
+	SHA_DIGEST_LENGTH,
+	EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
+	EVP_PKEY_RSA_fips_method,
+	SHA_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(SHA_CTX),
+	};
+
+const EVP_MD *EVP_sha1(void)
+	{
+	return(&sha1_md);
+	}
+
+static int init224(EVP_MD_CTX *ctx)
+	{ return SHA224_Init(ctx->md_data); }
+static int init256(EVP_MD_CTX *ctx)
+	{ return SHA256_Init(ctx->md_data); }
+/*
+ * Even though there're separate SHA224_[Update|Final], we call
+ * SHA256 functions even in SHA224 context. This is what happens
+ * there anyway, so we can spare few CPU cycles:-)
+ */
+static int update256(EVP_MD_CTX *ctx,const void *data,size_t count)
+	{ return SHA256_Update(ctx->md_data,data,count); }
+static int final256(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return SHA256_Final(md,ctx->md_data); }
+
+static const EVP_MD sha224_md=
+	{
+	NID_sha224,
+	NID_sha224WithRSAEncryption,
+	SHA224_DIGEST_LENGTH,
+	EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
+	init224,
+	update256,
+	final256,
+	NULL,
+	NULL,
+	EVP_PKEY_RSA_fips_method,
+	SHA256_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+	};
+
+const EVP_MD *EVP_sha224(void)
+	{ return(&sha224_md); }
+
+static const EVP_MD sha256_md=
+	{
+	NID_sha256,
+	NID_sha256WithRSAEncryption,
+	SHA256_DIGEST_LENGTH,
+	EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
+	init256,
+	update256,
+	final256,
+	NULL,
+	NULL,
+	EVP_PKEY_RSA_fips_method,
+	SHA256_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+	};
+
+const EVP_MD *EVP_sha256(void)
+	{ return(&sha256_md); }
+
+static int init384(EVP_MD_CTX *ctx)
+	{ return SHA384_Init(ctx->md_data); }
+static int init512(EVP_MD_CTX *ctx)
+	{ return SHA512_Init(ctx->md_data); }
+/* See comment in SHA224/256 section */
+static int update512(EVP_MD_CTX *ctx,const void *data,size_t count)
+	{ return SHA512_Update(ctx->md_data,data,count); }
+static int final512(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return SHA512_Final(md,ctx->md_data); }
+
+static const EVP_MD sha384_md=
+	{
+	NID_sha384,
+	NID_sha384WithRSAEncryption,
+	SHA384_DIGEST_LENGTH,
+	EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
+	init384,
+	update512,
+	final512,
+	NULL,
+	NULL,
+	EVP_PKEY_RSA_fips_method,
+	SHA512_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+	};
+
+const EVP_MD *EVP_sha384(void)
+	{ return(&sha384_md); }
+
+static const EVP_MD sha512_md=
+	{
+	NID_sha512,
+	NID_sha512WithRSAEncryption,
+	SHA512_DIGEST_LENGTH,
+	EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
+	init512,
+	update512,
+	final512,
+	NULL,
+	NULL,
+	EVP_PKEY_RSA_fips_method,
+	SHA512_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+	};
+
+const EVP_MD *EVP_sha512(void)
+	{ return(&sha512_md); }
+
+#endif