Loading fips/sha/.cvsignore 0 → 100644 +5 −0 Original line number Diff line number Diff line fips_standalone_sha1 lib Makefile.save *.flc semantic.cache fips/sha/fips_shatest.c 0 → 100644 +386 −0 Original line number Diff line number Diff line /* fips_shatest.c */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ /* ==================================================================== * Copyright (c) 2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * licensing@OpenSSL.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ #define OPENSSL_FIPSEVP #include <stdio.h> #include <ctype.h> #include <string.h> #include <openssl/bio.h> #include <openssl/evp.h> #include <openssl/err.h> #include <openssl/bn.h> #include <openssl/x509v3.h> #ifndef OPENSSL_FIPS int main(int argc, char *argv[]) { printf("No FIPS SHAXXX support\n"); return(0); } #else #include <openssl/fips.h> #include "fips_utl.h" static int dgst_test(FILE *out, FILE *in); static int print_dgst(const EVP_MD *md, FILE *out, unsigned char *Msg, int Msglen); static int print_monte(const EVP_MD *md, FILE *out, unsigned char *Seed, int SeedLen); int main(int argc, char **argv) { FILE *in = NULL, *out = NULL; int ret = 1; fips_set_error_print(); if(!FIPS_mode_set(1)) goto end; if (argc == 1) in = stdin; else in = fopen(argv[1], "r"); if (argc < 2) out = stdout; else out = fopen(argv[2], "w"); if (!in) { fprintf(stderr, "FATAL input initialization error\n"); goto end; } if (!out) { fprintf(stderr, "FATAL output initialization error\n"); goto end; } if (!dgst_test(out, in)) { fprintf(stderr, "FATAL digest file processing error\n"); goto end; } else ret = 0; end: if (in && (in != stdin)) fclose(in); if (out && (out != stdout)) fclose(out); return ret; } #define SHA_TEST_MAX_BITS 102400 #define SHA_TEST_MAXLINELEN (((SHA_TEST_MAX_BITS >> 3) * 2) + 100) int dgst_test(FILE *out, FILE *in) { const EVP_MD *md = NULL; char *linebuf, *olinebuf, *p, *q; char *keyword, *value; unsigned char *Msg = NULL, *Seed = NULL; long MsgLen = -1, Len = -1, SeedLen = -1; int ret = 0; int lnum = 0; olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN); linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN); if (!linebuf || !olinebuf) goto error; while (fgets(olinebuf, SHA_TEST_MAXLINELEN, in)) { lnum++; strcpy(linebuf, olinebuf); keyword = linebuf; /* Skip leading space */ while (isspace((unsigned char)*keyword)) keyword++; /* Look for = sign */ p = strchr(linebuf, '='); /* If no = or starts with [ (for [L=20] line) just copy */ if (!p) { fputs(olinebuf, out); continue; } q = p - 1; /* Remove trailing space */ while (isspace((unsigned char)*q)) *q-- = 0; *p = 0; value = p + 1; /* Remove leading space from value */ while (isspace((unsigned char)*value)) value++; /* Remove trailing space from value */ p = value + strlen(value) - 1; while (*p == '\n' || isspace((unsigned char)*p)) *p-- = 0; if (!strcmp(keyword,"[L") && *p==']') { switch (atoi(value)) { case 20: md=EVP_sha1(); break; case 28: md=EVP_sha224(); break; case 32: md=EVP_sha256(); break; case 48: md=EVP_sha384(); break; case 64: md=EVP_sha512(); break; default: goto parse_error; } } else if (!strcmp(keyword, "Len")) { if (Len != -1) goto parse_error; Len = atoi(value); if (Len < 0) goto parse_error; /* Only handle multiples of 8 bits */ if (Len & 0x7) goto parse_error; if (Len > SHA_TEST_MAX_BITS) goto parse_error; MsgLen = Len >> 3; } else if (!strcmp(keyword, "Msg")) { long tmplen; if (strlen(value) & 1) *(--value) = '0'; if (Msg) goto parse_error; Msg = hex2bin_m(value, &tmplen); if (!Msg) goto parse_error; } else if (!strcmp(keyword, "Seed")) { if (strlen(value) & 1) *(--value) = '0'; if (Seed) goto parse_error; Seed = hex2bin_m(value, &SeedLen); if (!Seed) goto parse_error; } else if (!strcmp(keyword, "MD")) continue; else goto parse_error; fputs(olinebuf, out); if (md && Msg && (MsgLen >= 0)) { if (!print_dgst(md, out, Msg, MsgLen)) goto error; OPENSSL_free(Msg); Msg = NULL; MsgLen = -1; Len = -1; } else if (md && Seed && (SeedLen > 0)) { if (!print_monte(md, out, Seed, SeedLen)) goto error; OPENSSL_free(Seed); Seed = NULL; SeedLen = -1; } } ret = 1; error: if (olinebuf) OPENSSL_free(olinebuf); if (linebuf) OPENSSL_free(linebuf); if (Msg) OPENSSL_free(Msg); if (Seed) OPENSSL_free(Seed); return ret; parse_error: fprintf(stderr, "FATAL parse error processing line %d\n", lnum); goto error; } static int print_dgst(const EVP_MD *emd, FILE *out, unsigned char *Msg, int Msglen) { int i, mdlen; unsigned char md[EVP_MAX_MD_SIZE]; if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL)) { fputs("Error calculating HASH\n", stderr); return 0; } fputs("MD = ", out); for (i = 0; i < mdlen; i++) fprintf(out, "%02x", md[i]); fputs("\n", out); return 1; } static int print_monte(const EVP_MD *md, FILE *out, unsigned char *Seed, int SeedLen) { unsigned int i, j, k; int ret = 0; EVP_MD_CTX ctx; unsigned char *m1, *m2, *m3, *p; unsigned int mlen, m1len, m2len, m3len; EVP_MD_CTX_init(&ctx); if (SeedLen > EVP_MAX_MD_SIZE) mlen = SeedLen; else mlen = EVP_MAX_MD_SIZE; m1 = OPENSSL_malloc(mlen); m2 = OPENSSL_malloc(mlen); m3 = OPENSSL_malloc(mlen); if (!m1 || !m2 || !m3) goto mc_error; m1len = m2len = m3len = SeedLen; memcpy(m1, Seed, SeedLen); memcpy(m2, Seed, SeedLen); memcpy(m3, Seed, SeedLen); fputs("\n", out); for (j = 0; j < 100; j++) { for (i = 0; i < 1000; i++) { EVP_DigestInit_ex(&ctx, md, NULL); EVP_DigestUpdate(&ctx, m1, m1len); EVP_DigestUpdate(&ctx, m2, m2len); EVP_DigestUpdate(&ctx, m3, m3len); p = m1; m1 = m2; m1len = m2len; m2 = m3; m2len = m3len; m3 = p; EVP_DigestFinal_ex(&ctx, m3, &m3len); } fprintf(out, "COUNT = %d\n", j); fputs("MD = ", out); for (k = 0; k < m3len; k++) fprintf(out, "%02x", m3[k]); fputs("\n\n", out); memcpy(m1, m3, m3len); memcpy(m2, m3, m3len); m1len = m2len = m3len; } ret = 1; mc_error: if (m1) OPENSSL_free(m1); if (m2) OPENSSL_free(m2); if (m3) OPENSSL_free(m3); EVP_MD_CTX_cleanup(&ctx); return ret; } #endif fips/sha/fips_standalone_sha1.c 0 → 100644 +174 −0 Original line number Diff line number Diff line /* ==================================================================== * Copyright (c) 2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <openssl/opensslconf.h> #include <openssl/sha.h> #include <openssl/hmac.h> #include <openssl/fips.h> #ifndef FIPSCANISTER_O int FIPS_selftest_failed() { return 0; } void FIPS_selftest_check() {} void OPENSSL_cleanse(void *p,size_t len) {} #endif #ifdef OPENSSL_FIPS static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx, const char *key) { size_t len=strlen(key); int i; unsigned char keymd[HMAC_MAX_MD_CBLOCK]; unsigned char pad[HMAC_MAX_MD_CBLOCK]; if (len > SHA_CBLOCK) { SHA1_Init(md_ctx); SHA1_Update(md_ctx,key,len); SHA1_Final(keymd,md_ctx); len=20; } else memcpy(keymd,key,len); memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len); for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++) pad[i]=0x36^keymd[i]; SHA1_Init(md_ctx); SHA1_Update(md_ctx,pad,SHA_CBLOCK); for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++) pad[i]=0x5c^keymd[i]; SHA1_Init(o_ctx); SHA1_Update(o_ctx,pad,SHA_CBLOCK); } static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx) { unsigned char buf[20]; SHA1_Final(buf,md_ctx); SHA1_Update(o_ctx,buf,sizeof buf); SHA1_Final(md,o_ctx); } #endif int main(int argc,char **argv) { #ifdef OPENSSL_FIPS static char key[]="etaonrishdlcupfm"; int n,binary=0; if(argc < 2) { fprintf(stderr,"%s [<file>]+\n",argv[0]); exit(1); } n=1; if (!strcmp(argv[n],"-binary")) { n++; binary=1; /* emit binary fingerprint... */ } for(; n < argc ; ++n) { FILE *f=fopen(argv[n],"rb"); SHA_CTX md_ctx,o_ctx; unsigned char md[20]; int i; if(!f) { perror(argv[n]); exit(2); } hmac_init(&md_ctx,&o_ctx,key); for( ; ; ) { char buf[1024]; size_t l=fread(buf,1,sizeof buf,f); if(l == 0) { if(ferror(f)) { perror(argv[n]); exit(3); } else break; } SHA1_Update(&md_ctx,buf,l); } hmac_final(md,&md_ctx,&o_ctx); if (binary) { fwrite(md,20,1,stdout); break; /* ... for single(!) file */ } printf("HMAC-SHA1(%s)= ",argv[n]); for(i=0 ; i < 20 ; ++i) printf("%02x",md[i]); printf("\n"); } #endif return 0; } Loading
fips/sha/.cvsignore 0 → 100644 +5 −0 Original line number Diff line number Diff line fips_standalone_sha1 lib Makefile.save *.flc semantic.cache
fips/sha/fips_shatest.c 0 → 100644 +386 −0 Original line number Diff line number Diff line /* fips_shatest.c */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ /* ==================================================================== * Copyright (c) 2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * licensing@OpenSSL.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ #define OPENSSL_FIPSEVP #include <stdio.h> #include <ctype.h> #include <string.h> #include <openssl/bio.h> #include <openssl/evp.h> #include <openssl/err.h> #include <openssl/bn.h> #include <openssl/x509v3.h> #ifndef OPENSSL_FIPS int main(int argc, char *argv[]) { printf("No FIPS SHAXXX support\n"); return(0); } #else #include <openssl/fips.h> #include "fips_utl.h" static int dgst_test(FILE *out, FILE *in); static int print_dgst(const EVP_MD *md, FILE *out, unsigned char *Msg, int Msglen); static int print_monte(const EVP_MD *md, FILE *out, unsigned char *Seed, int SeedLen); int main(int argc, char **argv) { FILE *in = NULL, *out = NULL; int ret = 1; fips_set_error_print(); if(!FIPS_mode_set(1)) goto end; if (argc == 1) in = stdin; else in = fopen(argv[1], "r"); if (argc < 2) out = stdout; else out = fopen(argv[2], "w"); if (!in) { fprintf(stderr, "FATAL input initialization error\n"); goto end; } if (!out) { fprintf(stderr, "FATAL output initialization error\n"); goto end; } if (!dgst_test(out, in)) { fprintf(stderr, "FATAL digest file processing error\n"); goto end; } else ret = 0; end: if (in && (in != stdin)) fclose(in); if (out && (out != stdout)) fclose(out); return ret; } #define SHA_TEST_MAX_BITS 102400 #define SHA_TEST_MAXLINELEN (((SHA_TEST_MAX_BITS >> 3) * 2) + 100) int dgst_test(FILE *out, FILE *in) { const EVP_MD *md = NULL; char *linebuf, *olinebuf, *p, *q; char *keyword, *value; unsigned char *Msg = NULL, *Seed = NULL; long MsgLen = -1, Len = -1, SeedLen = -1; int ret = 0; int lnum = 0; olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN); linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN); if (!linebuf || !olinebuf) goto error; while (fgets(olinebuf, SHA_TEST_MAXLINELEN, in)) { lnum++; strcpy(linebuf, olinebuf); keyword = linebuf; /* Skip leading space */ while (isspace((unsigned char)*keyword)) keyword++; /* Look for = sign */ p = strchr(linebuf, '='); /* If no = or starts with [ (for [L=20] line) just copy */ if (!p) { fputs(olinebuf, out); continue; } q = p - 1; /* Remove trailing space */ while (isspace((unsigned char)*q)) *q-- = 0; *p = 0; value = p + 1; /* Remove leading space from value */ while (isspace((unsigned char)*value)) value++; /* Remove trailing space from value */ p = value + strlen(value) - 1; while (*p == '\n' || isspace((unsigned char)*p)) *p-- = 0; if (!strcmp(keyword,"[L") && *p==']') { switch (atoi(value)) { case 20: md=EVP_sha1(); break; case 28: md=EVP_sha224(); break; case 32: md=EVP_sha256(); break; case 48: md=EVP_sha384(); break; case 64: md=EVP_sha512(); break; default: goto parse_error; } } else if (!strcmp(keyword, "Len")) { if (Len != -1) goto parse_error; Len = atoi(value); if (Len < 0) goto parse_error; /* Only handle multiples of 8 bits */ if (Len & 0x7) goto parse_error; if (Len > SHA_TEST_MAX_BITS) goto parse_error; MsgLen = Len >> 3; } else if (!strcmp(keyword, "Msg")) { long tmplen; if (strlen(value) & 1) *(--value) = '0'; if (Msg) goto parse_error; Msg = hex2bin_m(value, &tmplen); if (!Msg) goto parse_error; } else if (!strcmp(keyword, "Seed")) { if (strlen(value) & 1) *(--value) = '0'; if (Seed) goto parse_error; Seed = hex2bin_m(value, &SeedLen); if (!Seed) goto parse_error; } else if (!strcmp(keyword, "MD")) continue; else goto parse_error; fputs(olinebuf, out); if (md && Msg && (MsgLen >= 0)) { if (!print_dgst(md, out, Msg, MsgLen)) goto error; OPENSSL_free(Msg); Msg = NULL; MsgLen = -1; Len = -1; } else if (md && Seed && (SeedLen > 0)) { if (!print_monte(md, out, Seed, SeedLen)) goto error; OPENSSL_free(Seed); Seed = NULL; SeedLen = -1; } } ret = 1; error: if (olinebuf) OPENSSL_free(olinebuf); if (linebuf) OPENSSL_free(linebuf); if (Msg) OPENSSL_free(Msg); if (Seed) OPENSSL_free(Seed); return ret; parse_error: fprintf(stderr, "FATAL parse error processing line %d\n", lnum); goto error; } static int print_dgst(const EVP_MD *emd, FILE *out, unsigned char *Msg, int Msglen) { int i, mdlen; unsigned char md[EVP_MAX_MD_SIZE]; if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL)) { fputs("Error calculating HASH\n", stderr); return 0; } fputs("MD = ", out); for (i = 0; i < mdlen; i++) fprintf(out, "%02x", md[i]); fputs("\n", out); return 1; } static int print_monte(const EVP_MD *md, FILE *out, unsigned char *Seed, int SeedLen) { unsigned int i, j, k; int ret = 0; EVP_MD_CTX ctx; unsigned char *m1, *m2, *m3, *p; unsigned int mlen, m1len, m2len, m3len; EVP_MD_CTX_init(&ctx); if (SeedLen > EVP_MAX_MD_SIZE) mlen = SeedLen; else mlen = EVP_MAX_MD_SIZE; m1 = OPENSSL_malloc(mlen); m2 = OPENSSL_malloc(mlen); m3 = OPENSSL_malloc(mlen); if (!m1 || !m2 || !m3) goto mc_error; m1len = m2len = m3len = SeedLen; memcpy(m1, Seed, SeedLen); memcpy(m2, Seed, SeedLen); memcpy(m3, Seed, SeedLen); fputs("\n", out); for (j = 0; j < 100; j++) { for (i = 0; i < 1000; i++) { EVP_DigestInit_ex(&ctx, md, NULL); EVP_DigestUpdate(&ctx, m1, m1len); EVP_DigestUpdate(&ctx, m2, m2len); EVP_DigestUpdate(&ctx, m3, m3len); p = m1; m1 = m2; m1len = m2len; m2 = m3; m2len = m3len; m3 = p; EVP_DigestFinal_ex(&ctx, m3, &m3len); } fprintf(out, "COUNT = %d\n", j); fputs("MD = ", out); for (k = 0; k < m3len; k++) fprintf(out, "%02x", m3[k]); fputs("\n\n", out); memcpy(m1, m3, m3len); memcpy(m2, m3, m3len); m1len = m2len = m3len; } ret = 1; mc_error: if (m1) OPENSSL_free(m1); if (m2) OPENSSL_free(m2); if (m3) OPENSSL_free(m3); EVP_MD_CTX_cleanup(&ctx); return ret; } #endif
fips/sha/fips_standalone_sha1.c 0 → 100644 +174 −0 Original line number Diff line number Diff line /* ==================================================================== * Copyright (c) 2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <openssl/opensslconf.h> #include <openssl/sha.h> #include <openssl/hmac.h> #include <openssl/fips.h> #ifndef FIPSCANISTER_O int FIPS_selftest_failed() { return 0; } void FIPS_selftest_check() {} void OPENSSL_cleanse(void *p,size_t len) {} #endif #ifdef OPENSSL_FIPS static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx, const char *key) { size_t len=strlen(key); int i; unsigned char keymd[HMAC_MAX_MD_CBLOCK]; unsigned char pad[HMAC_MAX_MD_CBLOCK]; if (len > SHA_CBLOCK) { SHA1_Init(md_ctx); SHA1_Update(md_ctx,key,len); SHA1_Final(keymd,md_ctx); len=20; } else memcpy(keymd,key,len); memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len); for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++) pad[i]=0x36^keymd[i]; SHA1_Init(md_ctx); SHA1_Update(md_ctx,pad,SHA_CBLOCK); for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++) pad[i]=0x5c^keymd[i]; SHA1_Init(o_ctx); SHA1_Update(o_ctx,pad,SHA_CBLOCK); } static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx) { unsigned char buf[20]; SHA1_Final(buf,md_ctx); SHA1_Update(o_ctx,buf,sizeof buf); SHA1_Final(md,o_ctx); } #endif int main(int argc,char **argv) { #ifdef OPENSSL_FIPS static char key[]="etaonrishdlcupfm"; int n,binary=0; if(argc < 2) { fprintf(stderr,"%s [<file>]+\n",argv[0]); exit(1); } n=1; if (!strcmp(argv[n],"-binary")) { n++; binary=1; /* emit binary fingerprint... */ } for(; n < argc ; ++n) { FILE *f=fopen(argv[n],"rb"); SHA_CTX md_ctx,o_ctx; unsigned char md[20]; int i; if(!f) { perror(argv[n]); exit(2); } hmac_init(&md_ctx,&o_ctx,key); for( ; ; ) { char buf[1024]; size_t l=fread(buf,1,sizeof buf,f); if(l == 0) { if(ferror(f)) { perror(argv[n]); exit(3); } else break; } SHA1_Update(&md_ctx,buf,l); } hmac_final(md,&md_ctx,&o_ctx); if (binary) { fwrite(md,20,1,stdout); break; /* ... for single(!) file */ } printf("HMAC-SHA1(%s)= ",argv[n]); for(i=0 ; i < 20 ; ++i) printf("%02x",md[i]); printf("\n"); } #endif return 0; }
