aboutsummaryrefslogtreecommitdiff
path: root/openssl/fips/sha
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/fips/sha')
-rw-r--r--openssl/fips/sha/Makefile158
-rw-r--r--openssl/fips/sha/fips_sha1_selftest.c97
-rw-r--r--openssl/fips/sha/fips_shatest.c388
-rw-r--r--openssl/fips/sha/fips_standalone_sha1.c173
4 files changed, 816 insertions, 0 deletions
diff --git a/openssl/fips/sha/Makefile b/openssl/fips/sha/Makefile
new file mode 100644
index 000000000..a661640bc
--- /dev/null
+++ b/openssl/fips/sha/Makefile
@@ -0,0 +1,158 @@
+#
+# OpenSSL/fips/sha/Makefile
+#
+
+DIR= sha
+TOP= ../..
+CC= cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE= Makefile
+AR= ar r
+EXE_EXT=
+
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= fips_shatest.c
+APPS=
+EXE= fips_standalone_sha1$(EXE_EXT)
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=fips_sha1_selftest.c
+LIBOBJ=fips_sha1_selftest.o
+
+SRC= $(LIBSRC) fips_standalone_sha1.c
+
+EXHEADER=
+HEADER=
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd $(TOP); $(MAKE) DIRS=fips SDIRS=$(DIR) sub_all)
+
+all: ../fips_standalone_sha1$(EXE_EXT) lib
+
+lib: $(LIBOBJ)
+ @echo $(LIBOBJ) > lib
+
+../fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o
+ FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha1dgst.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
+ $(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+Q=../testvectors/sha/req
+A=../testvectors/sha/rsp
+
+VECTORS = SHA1LongMsg \
+ SHA1Monte \
+ SHA1ShortMsg \
+ SHA224LongMsg \
+ SHA224Monte \
+ SHA224ShortMsg \
+ SHA256LongMsg \
+ SHA256Monte \
+ SHA256ShortMsg \
+ SHA384LongMsg \
+ SHA384Monte \
+ SHA384ShortMsg \
+ SHA512LongMsg \
+ SHA512Monte \
+ SHA512ShortMsg
+
+fips_test:
+ -rm -rf $(A)
+ mkdir $(A)
+ for file in $(VECTORS); do \
+ if [ -f $(Q)/$$file.req ]; then \
+ $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_shatest $(Q)/$$file.req $(A)/$$file.rsp; \
+ fi; \
+ done
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_sha1_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_sha1_selftest.o: ../../include/openssl/crypto.h
+fips_sha1_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_sha1_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_sha1_selftest.o: ../../include/openssl/lhash.h
+fips_sha1_selftest.o: ../../include/openssl/obj_mac.h
+fips_sha1_selftest.o: ../../include/openssl/objects.h
+fips_sha1_selftest.o: ../../include/openssl/opensslconf.h
+fips_sha1_selftest.o: ../../include/openssl/opensslv.h
+fips_sha1_selftest.o: ../../include/openssl/ossl_typ.h
+fips_sha1_selftest.o: ../../include/openssl/safestack.h
+fips_sha1_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_sha1_selftest.o: ../../include/openssl/symhacks.h fips_sha1_selftest.c
+fips_shatest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_shatest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_shatest.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+fips_shatest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_shatest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+fips_shatest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_shatest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_shatest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_shatest.o: ../../include/openssl/opensslconf.h
+fips_shatest.o: ../../include/openssl/opensslv.h
+fips_shatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_shatest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_shatest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_shatest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+fips_shatest.o: ../../include/openssl/x509v3.h ../fips_utl.h fips_shatest.c
+fips_standalone_sha1.o: ../../include/openssl/asn1.h
+fips_standalone_sha1.o: ../../include/openssl/bio.h
+fips_standalone_sha1.o: ../../include/openssl/crypto.h
+fips_standalone_sha1.o: ../../include/openssl/e_os2.h
+fips_standalone_sha1.o: ../../include/openssl/evp.h
+fips_standalone_sha1.o: ../../include/openssl/fips.h
+fips_standalone_sha1.o: ../../include/openssl/hmac.h
+fips_standalone_sha1.o: ../../include/openssl/obj_mac.h
+fips_standalone_sha1.o: ../../include/openssl/objects.h
+fips_standalone_sha1.o: ../../include/openssl/opensslconf.h
+fips_standalone_sha1.o: ../../include/openssl/opensslv.h
+fips_standalone_sha1.o: ../../include/openssl/ossl_typ.h
+fips_standalone_sha1.o: ../../include/openssl/safestack.h
+fips_standalone_sha1.o: ../../include/openssl/sha.h
+fips_standalone_sha1.o: ../../include/openssl/stack.h
+fips_standalone_sha1.o: ../../include/openssl/symhacks.h fips_standalone_sha1.c
diff --git a/openssl/fips/sha/fips_sha1_selftest.c b/openssl/fips/sha/fips_sha1_selftest.c
new file mode 100644
index 000000000..ba6a29ed9
--- /dev/null
+++ b/openssl/fips/sha/fips_sha1_selftest.c
@@ -0,0 +1,97 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+
+#ifdef OPENSSL_FIPS
+static char test[][60]=
+ {
+ "",
+ "abc",
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ };
+
+static const unsigned char ret[][SHA_DIGEST_LENGTH]=
+ {
+ { 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55,
+ 0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 },
+ { 0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
+ 0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d },
+ { 0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
+ 0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 },
+ };
+
+void FIPS_corrupt_sha1()
+ {
+ test[2][0]++;
+ }
+
+int FIPS_selftest_sha1()
+ {
+ int n;
+
+ for(n=0 ; n<sizeof(test)/sizeof(test[0]) ; ++n)
+ {
+ unsigned char md[SHA_DIGEST_LENGTH];
+
+ EVP_Digest(test[n],strlen(test[n]),md, NULL, EVP_sha1(), NULL);
+ if(memcmp(md,ret[n],sizeof md))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ }
+ return 1;
+ }
+
+#endif
diff --git a/openssl/fips/sha/fips_shatest.c b/openssl/fips/sha/fips_shatest.c
new file mode 100644
index 000000000..ae5ecdd2b
--- /dev/null
+++ b/openssl/fips/sha/fips_shatest.c
@@ -0,0 +1,388 @@
+/* fips_shatest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+ printf("No FIPS SHAXXX support\n");
+ return(0);
+}
+
+#else
+
+#include "fips_utl.h"
+
+static int dgst_test(FILE *out, FILE *in);
+static int print_dgst(const EVP_MD *md, FILE *out,
+ unsigned char *Msg, int Msglen);
+static int print_monte(const EVP_MD *md, FILE *out,
+ unsigned char *Seed, int SeedLen);
+
+int main(int argc, char **argv)
+ {
+ FILE *in = NULL, *out = NULL;
+
+ int ret = 1;
+
+ if(!FIPS_mode_set(1))
+ {
+ do_print_errors();
+ goto end;
+ }
+
+ if (argc == 1)
+ in = stdin;
+ else
+ in = fopen(argv[1], "r");
+
+ if (argc < 2)
+ out = stdout;
+ else
+ out = fopen(argv[2], "w");
+
+ if (!in)
+ {
+ fprintf(stderr, "FATAL input initialization error\n");
+ goto end;
+ }
+
+ if (!out)
+ {
+ fprintf(stderr, "FATAL output initialization error\n");
+ goto end;
+ }
+
+ if (!dgst_test(out, in))
+ {
+ fprintf(stderr, "FATAL digest file processing error\n");
+ goto end;
+ }
+ else
+ ret = 0;
+
+ end:
+
+ if (ret)
+ do_print_errors();
+
+ if (in && (in != stdin))
+ fclose(in);
+ if (out && (out != stdout))
+ fclose(out);
+
+ return ret;
+
+ }
+
+#define SHA_TEST_MAX_BITS 102400
+#define SHA_TEST_MAXLINELEN (((SHA_TEST_MAX_BITS >> 3) * 2) + 100)
+
+int dgst_test(FILE *out, FILE *in)
+ {
+ const EVP_MD *md = NULL;
+ char *linebuf, *olinebuf, *p, *q;
+ char *keyword, *value;
+ unsigned char *Msg = NULL, *Seed = NULL;
+ long MsgLen = -1, Len = -1, SeedLen = -1;
+ int ret = 0;
+ int lnum = 0;
+
+ olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
+ linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
+
+ if (!linebuf || !olinebuf)
+ goto error;
+
+
+ while (fgets(olinebuf, SHA_TEST_MAXLINELEN, in))
+ {
+ lnum++;
+ strcpy(linebuf, olinebuf);
+ keyword = linebuf;
+ /* Skip leading space */
+ while (isspace((unsigned char)*keyword))
+ keyword++;
+
+ /* Look for = sign */
+ p = strchr(linebuf, '=');
+
+ /* If no = or starts with [ (for [L=20] line) just copy */
+ if (!p)
+ {
+ fputs(olinebuf, out);
+ continue;
+ }
+
+ q = p - 1;
+
+ /* Remove trailing space */
+ while (isspace((unsigned char)*q))
+ *q-- = 0;
+
+ *p = 0;
+ value = p + 1;
+
+ /* Remove leading space from value */
+ while (isspace((unsigned char)*value))
+ value++;
+
+ /* Remove trailing space from value */
+ p = value + strlen(value) - 1;
+ while (*p == '\n' || isspace((unsigned char)*p))
+ *p-- = 0;
+
+ if (!strcmp(keyword,"[L") && *p==']')
+ {
+ switch (atoi(value))
+ {
+ case 20: md=EVP_sha1(); break;
+ case 28: md=EVP_sha224(); break;
+ case 32: md=EVP_sha256(); break;
+ case 48: md=EVP_sha384(); break;
+ case 64: md=EVP_sha512(); break;
+ default: goto parse_error;
+ }
+ }
+ else if (!strcmp(keyword, "Len"))
+ {
+ if (Len != -1)
+ goto parse_error;
+ Len = atoi(value);
+ if (Len < 0)
+ goto parse_error;
+ /* Only handle multiples of 8 bits */
+ if (Len & 0x7)
+ goto parse_error;
+ if (Len > SHA_TEST_MAX_BITS)
+ goto parse_error;
+ MsgLen = Len >> 3;
+ }
+
+ else if (!strcmp(keyword, "Msg"))
+ {
+ long tmplen;
+ if (strlen(value) & 1)
+ *(--value) = '0';
+ if (Msg)
+ goto parse_error;
+ Msg = hex2bin_m(value, &tmplen);
+ if (!Msg)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "Seed"))
+ {
+ if (strlen(value) & 1)
+ *(--value) = '0';
+ if (Seed)
+ goto parse_error;
+ Seed = hex2bin_m(value, &SeedLen);
+ if (!Seed)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "MD"))
+ continue;
+ else
+ goto parse_error;
+
+ fputs(olinebuf, out);
+
+ if (md && Msg && (MsgLen >= 0))
+ {
+ if (!print_dgst(md, out, Msg, MsgLen))
+ goto error;
+ OPENSSL_free(Msg);
+ Msg = NULL;
+ MsgLen = -1;
+ Len = -1;
+ }
+ else if (md && Seed && (SeedLen > 0))
+ {
+ if (!print_monte(md, out, Seed, SeedLen))
+ goto error;
+ OPENSSL_free(Seed);
+ Seed = NULL;
+ SeedLen = -1;
+ }
+
+
+ }
+
+
+ ret = 1;
+
+
+ error:
+
+ if (olinebuf)
+ OPENSSL_free(olinebuf);
+ if (linebuf)
+ OPENSSL_free(linebuf);
+ if (Msg)
+ OPENSSL_free(Msg);
+ if (Seed)
+ OPENSSL_free(Seed);
+
+ return ret;
+
+ parse_error:
+
+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+ goto error;
+
+ }
+
+static int print_dgst(const EVP_MD *emd, FILE *out,
+ unsigned char *Msg, int Msglen)
+ {
+ int i, mdlen;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL))
+ {
+ fputs("Error calculating HASH\n", stderr);
+ return 0;
+ }
+ fputs("MD = ", out);
+ for (i = 0; i < mdlen; i++)
+ fprintf(out, "%02x", md[i]);
+ fputs("\n", out);
+ return 1;
+ }
+
+static int print_monte(const EVP_MD *md, FILE *out,
+ unsigned char *Seed, int SeedLen)
+ {
+ unsigned int i, j, k;
+ int ret = 0;
+ EVP_MD_CTX ctx;
+ unsigned char *m1, *m2, *m3, *p;
+ unsigned int mlen, m1len, m2len, m3len;
+
+ EVP_MD_CTX_init(&ctx);
+
+ if (SeedLen > EVP_MAX_MD_SIZE)
+ mlen = SeedLen;
+ else
+ mlen = EVP_MAX_MD_SIZE;
+
+ m1 = OPENSSL_malloc(mlen);
+ m2 = OPENSSL_malloc(mlen);
+ m3 = OPENSSL_malloc(mlen);
+
+ if (!m1 || !m2 || !m3)
+ goto mc_error;
+
+ m1len = m2len = m3len = SeedLen;
+ memcpy(m1, Seed, SeedLen);
+ memcpy(m2, Seed, SeedLen);
+ memcpy(m3, Seed, SeedLen);
+
+ fputs("\n", out);
+
+ for (j = 0; j < 100; j++)
+ {
+ for (i = 0; i < 1000; i++)
+ {
+ EVP_DigestInit_ex(&ctx, md, NULL);
+ EVP_DigestUpdate(&ctx, m1, m1len);
+ EVP_DigestUpdate(&ctx, m2, m2len);
+ EVP_DigestUpdate(&ctx, m3, m3len);
+ p = m1;
+ m1 = m2;
+ m1len = m2len;
+ m2 = m3;
+ m2len = m3len;
+ m3 = p;
+ EVP_DigestFinal_ex(&ctx, m3, &m3len);
+ }
+ fprintf(out, "COUNT = %d\n", j);
+ fputs("MD = ", out);
+ for (k = 0; k < m3len; k++)
+ fprintf(out, "%02x", m3[k]);
+ fputs("\n\n", out);
+ memcpy(m1, m3, m3len);
+ memcpy(m2, m3, m3len);
+ m1len = m2len = m3len;
+ }
+
+ ret = 1;
+
+ mc_error:
+ if (m1)
+ OPENSSL_free(m1);
+ if (m2)
+ OPENSSL_free(m2);
+ if (m3)
+ OPENSSL_free(m3);
+
+ EVP_MD_CTX_cleanup(&ctx);
+
+ return ret;
+ }
+
+#endif
diff --git a/openssl/fips/sha/fips_standalone_sha1.c b/openssl/fips/sha/fips_standalone_sha1.c
new file mode 100644
index 000000000..eec65dc39
--- /dev/null
+++ b/openssl/fips/sha/fips_standalone_sha1.c
@@ -0,0 +1,173 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/sha.h>
+#include <openssl/hmac.h>
+
+#ifndef FIPSCANISTER_O
+int FIPS_selftest_failed() { return 0; }
+void FIPS_selftest_check() {}
+void OPENSSL_cleanse(void *p,size_t len) {}
+#endif
+
+#ifdef OPENSSL_FIPS
+
+static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
+ const char *key)
+ {
+ size_t len=strlen(key);
+ int i;
+ unsigned char keymd[HMAC_MAX_MD_CBLOCK];
+ unsigned char pad[HMAC_MAX_MD_CBLOCK];
+
+ if (len > SHA_CBLOCK)
+ {
+ SHA1_Init(md_ctx);
+ SHA1_Update(md_ctx,key,len);
+ SHA1_Final(keymd,md_ctx);
+ len=20;
+ }
+ else
+ memcpy(keymd,key,len);
+ memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len);
+
+ for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
+ pad[i]=0x36^keymd[i];
+ SHA1_Init(md_ctx);
+ SHA1_Update(md_ctx,pad,SHA_CBLOCK);
+
+ for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
+ pad[i]=0x5c^keymd[i];
+ SHA1_Init(o_ctx);
+ SHA1_Update(o_ctx,pad,SHA_CBLOCK);
+ }
+
+static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
+ {
+ unsigned char buf[20];
+
+ SHA1_Final(buf,md_ctx);
+ SHA1_Update(o_ctx,buf,sizeof buf);
+ SHA1_Final(md,o_ctx);
+ }
+
+#endif
+
+int main(int argc,char **argv)
+ {
+#ifdef OPENSSL_FIPS
+ static char key[]="etaonrishdlcupfm";
+ int n,binary=0;
+
+ if(argc < 2)
+ {
+ fprintf(stderr,"%s [<file>]+\n",argv[0]);
+ exit(1);
+ }
+
+ n=1;
+ if (!strcmp(argv[n],"-binary"))
+ {
+ n++;
+ binary=1; /* emit binary fingerprint... */
+ }
+
+ for(; n < argc ; ++n)
+ {
+ FILE *f=fopen(argv[n],"rb");
+ SHA_CTX md_ctx,o_ctx;
+ unsigned char md[20];
+ int i;
+
+ if(!f)
+ {
+ perror(argv[n]);
+ exit(2);
+ }
+
+ hmac_init(&md_ctx,&o_ctx,key);
+ for( ; ; )
+ {
+ char buf[1024];
+ size_t l=fread(buf,1,sizeof buf,f);
+
+ if(l == 0)
+ {
+ if(ferror(f))
+ {
+ perror(argv[n]);
+ exit(3);
+ }
+ else
+ break;
+ }
+ SHA1_Update(&md_ctx,buf,l);
+ }
+ hmac_final(md,&md_ctx,&o_ctx);
+
+ if (binary)
+ {
+ fwrite(md,20,1,stdout);
+ break; /* ... for single(!) file */
+ }
+
+ printf("HMAC-SHA1(%s)= ",argv[n]);
+ for(i=0 ; i < 20 ; ++i)
+ printf("%02x",md[i]);
+ printf("\n");
+ }
+#endif
+ return 0;
+ }
+
+