Loading crypto/fips_err.h +2 −0 Original line number Diff line number Diff line Loading @@ -91,6 +91,7 @@ static ERR_STRING_DATA FIPS_str_functs[]= {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_RESEED), "FIPS_drbg_reseed"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_SINGLE_KAT), "FIPS_DRBG_SINGLE_KAT"}, {ERR_FUNC(FIPS_F_FIPS_GET_ENTROPY), "FIPS_GET_ENTROPY"}, {ERR_FUNC(FIPS_F_FIPS_MODE_SET), "FIPS_mode_set"}, {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey_signature_test"}, {ERR_FUNC(FIPS_F_FIPS_RAND_ADD), "FIPS_rand_add"}, Loading Loading @@ -128,6 +129,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]= {ERR_REASON(FIPS_R_DRBG_STUCK) ,"drbg stuck"}, {ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED),"entropy error undetected"}, {ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),"entropy not requested for reseed"}, {ERR_REASON(FIPS_R_ENTROPY_SOURCE_STUCK) ,"entropy source stuck"}, {ERR_REASON(FIPS_R_ERROR_INITIALISING_DRBG),"error initialising drbg"}, {ERR_REASON(FIPS_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"}, {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),"error retrieving additional input"}, Loading crypto/rand/rand_lib.c +1 −1 Original line number Diff line number Diff line Loading @@ -253,7 +253,7 @@ int RAND_init_fips(void) dctx = FIPS_get_default_drbg(); FIPS_drbg_init(dctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF); FIPS_drbg_set_callbacks(dctx, drbg_get_entropy, drbg_free_entropy, drbg_get_entropy, drbg_free_entropy, 20, drbg_get_entropy, drbg_free_entropy); FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0, drbg_rand_seed, drbg_rand_add); Loading fips/fips.h +2 −0 Original line number Diff line number Diff line Loading @@ -253,6 +253,7 @@ void ERR_load_FIPS_strings(void); #define FIPS_F_FIPS_DRBG_NEW 117 #define FIPS_F_FIPS_DRBG_RESEED 118 #define FIPS_F_FIPS_DRBG_SINGLE_KAT 119 #define FIPS_F_FIPS_GET_ENTROPY 147 #define FIPS_F_FIPS_MODE_SET 120 #define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 121 #define FIPS_F_FIPS_RAND_ADD 122 Loading Loading @@ -287,6 +288,7 @@ void ERR_load_FIPS_strings(void); #define FIPS_R_DRBG_STUCK 103 #define FIPS_R_ENTROPY_ERROR_UNDETECTED 104 #define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105 #define FIPS_R_ENTROPY_SOURCE_STUCK 142 #define FIPS_R_ERROR_INITIALISING_DRBG 106 #define FIPS_R_ERROR_INSTANTIATING_DRBG 107 #define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 108 Loading fips/fips_test_suite.c +5 −1 Original line number Diff line number Diff line Loading @@ -847,7 +847,6 @@ int main(int argc,char **argv) int do_drbg_stick = 0; int no_exit = 0; fips_algtest_init_nofips(); FIPS_post_set_callback(post_cb); Loading Loading @@ -910,6 +909,8 @@ int main(int argc,char **argv) do_rng_stick = 1; no_exit = 1; printf("RNG test with stuck continuous test...\n"); } else if (!strcmp(argv[1], "drbgentstick")) { do_entropy_stick(); } else if (!strcmp(argv[1], "drbgstick")) { do_drbg_stick = 1; no_exit = 1; Loading @@ -919,6 +920,7 @@ int main(int argc,char **argv) exit(1); } if (!no_exit) { fips_algtest_init_nofips(); if (!FIPS_mode_set(1)) { printf("Power-up self test failed\n"); exit(1); Loading @@ -928,6 +930,8 @@ int main(int argc,char **argv) } } fips_algtest_init_nofips(); /* Non-Approved cryptographic operation */ printf("1. Non-Approved cryptographic operation test...\n"); Loading fips/fips_utl.h +14 −2 Original line number Diff line number Diff line Loading @@ -67,6 +67,7 @@ int bin2bint(const unsigned char *in,int len,char *out); void PrintValue(char *tag, unsigned char *val, int len); void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode); void fips_algtest_init(void); void do_entropy_stick(void); static int no_err; Loading Loading @@ -109,18 +110,29 @@ static size_t dummy_cb(DRBG_CTX *ctx, unsigned char **pout, return min_len; } static int entropy_stick = 0; static void fips_algtest_init_nofips(void) { DRBG_CTX *ctx; size_t i; FIPS_set_error_callbacks(put_err_cb, add_err_cb); OPENSSL_cleanse(dummy_entropy, 1024); for (i = 0; i < sizeof(dummy_entropy); i++) dummy_entropy[i] = i & 0xff; if (entropy_stick) memcpy(dummy_entropy + 32, dummy_entropy + 16, 16); ctx = FIPS_get_default_drbg(); FIPS_drbg_init(ctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF); FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, dummy_cb, 0); FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, 16, dummy_cb, 0); FIPS_drbg_instantiate(ctx, dummy_entropy, 10); FIPS_rand_set_method(FIPS_drbg_method()); } void do_entropy_stick(void) { entropy_stick = 1; } void fips_algtest_init(void) { fips_algtest_init_nofips(); Loading Loading
crypto/fips_err.h +2 −0 Original line number Diff line number Diff line Loading @@ -91,6 +91,7 @@ static ERR_STRING_DATA FIPS_str_functs[]= {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_RESEED), "FIPS_drbg_reseed"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_SINGLE_KAT), "FIPS_DRBG_SINGLE_KAT"}, {ERR_FUNC(FIPS_F_FIPS_GET_ENTROPY), "FIPS_GET_ENTROPY"}, {ERR_FUNC(FIPS_F_FIPS_MODE_SET), "FIPS_mode_set"}, {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey_signature_test"}, {ERR_FUNC(FIPS_F_FIPS_RAND_ADD), "FIPS_rand_add"}, Loading Loading @@ -128,6 +129,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]= {ERR_REASON(FIPS_R_DRBG_STUCK) ,"drbg stuck"}, {ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED),"entropy error undetected"}, {ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),"entropy not requested for reseed"}, {ERR_REASON(FIPS_R_ENTROPY_SOURCE_STUCK) ,"entropy source stuck"}, {ERR_REASON(FIPS_R_ERROR_INITIALISING_DRBG),"error initialising drbg"}, {ERR_REASON(FIPS_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"}, {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),"error retrieving additional input"}, Loading
crypto/rand/rand_lib.c +1 −1 Original line number Diff line number Diff line Loading @@ -253,7 +253,7 @@ int RAND_init_fips(void) dctx = FIPS_get_default_drbg(); FIPS_drbg_init(dctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF); FIPS_drbg_set_callbacks(dctx, drbg_get_entropy, drbg_free_entropy, drbg_get_entropy, drbg_free_entropy, 20, drbg_get_entropy, drbg_free_entropy); FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0, drbg_rand_seed, drbg_rand_add); Loading
fips/fips.h +2 −0 Original line number Diff line number Diff line Loading @@ -253,6 +253,7 @@ void ERR_load_FIPS_strings(void); #define FIPS_F_FIPS_DRBG_NEW 117 #define FIPS_F_FIPS_DRBG_RESEED 118 #define FIPS_F_FIPS_DRBG_SINGLE_KAT 119 #define FIPS_F_FIPS_GET_ENTROPY 147 #define FIPS_F_FIPS_MODE_SET 120 #define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 121 #define FIPS_F_FIPS_RAND_ADD 122 Loading Loading @@ -287,6 +288,7 @@ void ERR_load_FIPS_strings(void); #define FIPS_R_DRBG_STUCK 103 #define FIPS_R_ENTROPY_ERROR_UNDETECTED 104 #define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105 #define FIPS_R_ENTROPY_SOURCE_STUCK 142 #define FIPS_R_ERROR_INITIALISING_DRBG 106 #define FIPS_R_ERROR_INSTANTIATING_DRBG 107 #define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 108 Loading
fips/fips_test_suite.c +5 −1 Original line number Diff line number Diff line Loading @@ -847,7 +847,6 @@ int main(int argc,char **argv) int do_drbg_stick = 0; int no_exit = 0; fips_algtest_init_nofips(); FIPS_post_set_callback(post_cb); Loading Loading @@ -910,6 +909,8 @@ int main(int argc,char **argv) do_rng_stick = 1; no_exit = 1; printf("RNG test with stuck continuous test...\n"); } else if (!strcmp(argv[1], "drbgentstick")) { do_entropy_stick(); } else if (!strcmp(argv[1], "drbgstick")) { do_drbg_stick = 1; no_exit = 1; Loading @@ -919,6 +920,7 @@ int main(int argc,char **argv) exit(1); } if (!no_exit) { fips_algtest_init_nofips(); if (!FIPS_mode_set(1)) { printf("Power-up self test failed\n"); exit(1); Loading @@ -928,6 +930,8 @@ int main(int argc,char **argv) } } fips_algtest_init_nofips(); /* Non-Approved cryptographic operation */ printf("1. Non-Approved cryptographic operation test...\n"); Loading
fips/fips_utl.h +14 −2 Original line number Diff line number Diff line Loading @@ -67,6 +67,7 @@ int bin2bint(const unsigned char *in,int len,char *out); void PrintValue(char *tag, unsigned char *val, int len); void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode); void fips_algtest_init(void); void do_entropy_stick(void); static int no_err; Loading Loading @@ -109,18 +110,29 @@ static size_t dummy_cb(DRBG_CTX *ctx, unsigned char **pout, return min_len; } static int entropy_stick = 0; static void fips_algtest_init_nofips(void) { DRBG_CTX *ctx; size_t i; FIPS_set_error_callbacks(put_err_cb, add_err_cb); OPENSSL_cleanse(dummy_entropy, 1024); for (i = 0; i < sizeof(dummy_entropy); i++) dummy_entropy[i] = i & 0xff; if (entropy_stick) memcpy(dummy_entropy + 32, dummy_entropy + 16, 16); ctx = FIPS_get_default_drbg(); FIPS_drbg_init(ctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF); FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, dummy_cb, 0); FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, 16, dummy_cb, 0); FIPS_drbg_instantiate(ctx, dummy_entropy, 10); FIPS_rand_set_method(FIPS_drbg_method()); } void do_entropy_stick(void) { entropy_stick = 1; } void fips_algtest_init(void) { fips_algtest_init_nofips(); Loading
