Loading fips/fips.c +6 −2 Original line number Diff line number Diff line Loading @@ -277,7 +277,6 @@ int FIPS_mode_set(int onoff) if(onoff) { unsigned char buf[48]; fips_selftest_fail = 0; Loading Loading @@ -330,10 +329,11 @@ int FIPS_mode_set(int onoff) ret = 0; goto end; } #if 0 /* automagically seed PRNG if not already seeded */ if(!FIPS_rand_status()) { unsigned char buf[48]; if(RAND_bytes(buf,sizeof buf) <= 0) { fips_selftest_fail = 1; Loading @@ -347,6 +347,10 @@ int FIPS_mode_set(int onoff) /* now switch into FIPS mode */ fips_set_rand_check(FIPS_rand_method()); RAND_set_rand_method(FIPS_rand_method()); #else fips_set_rand_check(FIPS_drbg_method()); RAND_set_rand_method(FIPS_drbg_method()); #endif if(FIPS_selftest()) fips_set_mode(1); else Loading fips/fips_test_suite.c +1 −1 Original line number Diff line number Diff line Loading @@ -673,7 +673,7 @@ int main(int argc,char **argv) int do_rng_stick = 0; int no_exit = 0; fips_set_error_print(); fips_algtest_init_nofips(); printf("\tFIPS-mode test application\n\n"); Loading fips/fips_utl.h +24 −2 Original line number Diff line number Diff line Loading @@ -49,6 +49,9 @@ #define OPENSSL_FIPSAPI #include <openssl/fips_rand.h> #include <openssl/objects.h> int hex2bin(const char *in, unsigned char *out); unsigned char *hex2bin_m(const char *in, long *plen); int do_hex2bn(BIGNUM **pr, const char *in); Loading Loading @@ -93,14 +96,33 @@ static void add_err_cb(int num, va_list args) fputs("\n", stderr); } static void fips_set_error_print(void) /* Dummy Entropy to keep DRBG happy. WARNING: THIS IS TOTALLY BOGUS * HAS ZERO SECURITY AND MUST NOT BE USED IN REAL APPLICATIONS. */ static unsigned char dummy_entropy[1024]; static size_t dummy_cb(DRBG_CTX *ctx, unsigned char **pout, int entropy, size_t min_len, size_t max_len) { *pout = dummy_entropy; return min_len; } static void fips_algtest_init_nofips(void) { DRBG_CTX *ctx; FIPS_set_error_callbacks(put_err_cb, add_err_cb); OPENSSL_cleanse(dummy_entropy, 1024); ctx = FIPS_get_default_drbg(); FIPS_drbg_init(ctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF); FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, dummy_cb, 0); FIPS_drbg_instantiate(ctx, dummy_entropy, 10); } void fips_algtest_init(void) { fips_set_error_print(); fips_algtest_init_nofips(); if (!FIPS_mode_set(1)) { fprintf(stderr, "Error entering FIPS mode\n"); Loading fips/rand/fips_drbg_lib.c +12 −8 Original line number Diff line number Diff line Loading @@ -274,6 +274,17 @@ static int fips_drbg_generate_internal(DRBG_CTX *dctx, const unsigned char *adin, size_t adinlen) { int r = 0; if (dctx->status != DRBG_STATUS_READY && dctx->status != DRBG_STATUS_RESEED) { if (dctx->status == DRBG_STATUS_ERROR) r = FIPS_R_IN_ERROR_STATE; else if(dctx->status == DRBG_STATUS_UNINITIALISED) r = FIPS_R_NOT_INSTANTIATED; goto end; } if (outlen > dctx->max_request) { r = FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG; Loading @@ -296,14 +307,7 @@ static int fips_drbg_generate_internal(DRBG_CTX *dctx, adin = NULL; adinlen = 0; } if (dctx->status != DRBG_STATUS_READY) { if (dctx->status == DRBG_STATUS_ERROR) r = FIPS_R_IN_ERROR_STATE; else if(dctx->status == DRBG_STATUS_UNINITIALISED) r = FIPS_R_NOT_INSTANTIATED; goto end; } if (!dctx->generate(dctx, out, outlen, adin, adinlen)) { r = FIPS_R_GENERATE_ERROR; Loading Loading
fips/fips.c +6 −2 Original line number Diff line number Diff line Loading @@ -277,7 +277,6 @@ int FIPS_mode_set(int onoff) if(onoff) { unsigned char buf[48]; fips_selftest_fail = 0; Loading Loading @@ -330,10 +329,11 @@ int FIPS_mode_set(int onoff) ret = 0; goto end; } #if 0 /* automagically seed PRNG if not already seeded */ if(!FIPS_rand_status()) { unsigned char buf[48]; if(RAND_bytes(buf,sizeof buf) <= 0) { fips_selftest_fail = 1; Loading @@ -347,6 +347,10 @@ int FIPS_mode_set(int onoff) /* now switch into FIPS mode */ fips_set_rand_check(FIPS_rand_method()); RAND_set_rand_method(FIPS_rand_method()); #else fips_set_rand_check(FIPS_drbg_method()); RAND_set_rand_method(FIPS_drbg_method()); #endif if(FIPS_selftest()) fips_set_mode(1); else Loading
fips/fips_test_suite.c +1 −1 Original line number Diff line number Diff line Loading @@ -673,7 +673,7 @@ int main(int argc,char **argv) int do_rng_stick = 0; int no_exit = 0; fips_set_error_print(); fips_algtest_init_nofips(); printf("\tFIPS-mode test application\n\n"); Loading
fips/fips_utl.h +24 −2 Original line number Diff line number Diff line Loading @@ -49,6 +49,9 @@ #define OPENSSL_FIPSAPI #include <openssl/fips_rand.h> #include <openssl/objects.h> int hex2bin(const char *in, unsigned char *out); unsigned char *hex2bin_m(const char *in, long *plen); int do_hex2bn(BIGNUM **pr, const char *in); Loading Loading @@ -93,14 +96,33 @@ static void add_err_cb(int num, va_list args) fputs("\n", stderr); } static void fips_set_error_print(void) /* Dummy Entropy to keep DRBG happy. WARNING: THIS IS TOTALLY BOGUS * HAS ZERO SECURITY AND MUST NOT BE USED IN REAL APPLICATIONS. */ static unsigned char dummy_entropy[1024]; static size_t dummy_cb(DRBG_CTX *ctx, unsigned char **pout, int entropy, size_t min_len, size_t max_len) { *pout = dummy_entropy; return min_len; } static void fips_algtest_init_nofips(void) { DRBG_CTX *ctx; FIPS_set_error_callbacks(put_err_cb, add_err_cb); OPENSSL_cleanse(dummy_entropy, 1024); ctx = FIPS_get_default_drbg(); FIPS_drbg_init(ctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF); FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, dummy_cb, 0); FIPS_drbg_instantiate(ctx, dummy_entropy, 10); } void fips_algtest_init(void) { fips_set_error_print(); fips_algtest_init_nofips(); if (!FIPS_mode_set(1)) { fprintf(stderr, "Error entering FIPS mode\n"); Loading
fips/rand/fips_drbg_lib.c +12 −8 Original line number Diff line number Diff line Loading @@ -274,6 +274,17 @@ static int fips_drbg_generate_internal(DRBG_CTX *dctx, const unsigned char *adin, size_t adinlen) { int r = 0; if (dctx->status != DRBG_STATUS_READY && dctx->status != DRBG_STATUS_RESEED) { if (dctx->status == DRBG_STATUS_ERROR) r = FIPS_R_IN_ERROR_STATE; else if(dctx->status == DRBG_STATUS_UNINITIALISED) r = FIPS_R_NOT_INSTANTIATED; goto end; } if (outlen > dctx->max_request) { r = FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG; Loading @@ -296,14 +307,7 @@ static int fips_drbg_generate_internal(DRBG_CTX *dctx, adin = NULL; adinlen = 0; } if (dctx->status != DRBG_STATUS_READY) { if (dctx->status == DRBG_STATUS_ERROR) r = FIPS_R_IN_ERROR_STATE; else if(dctx->status == DRBG_STATUS_UNINITIALISED) r = FIPS_R_NOT_INSTANTIATED; goto end; } if (!dctx->generate(dctx, out, outlen, adin, adinlen)) { r = FIPS_R_GENERATE_ERROR; Loading
