Loading crypto/fips_err.h +2 −0 Original line number Diff line number Diff line Loading @@ -71,6 +71,7 @@ static ERR_STRING_DATA FIPS_str_functs[]= { {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, {ERR_FUNC(FIPS_F_DRBG_CPRNG_TEST), "DRBG_CPRNG_TEST"}, {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2), "DSA_BUILTIN_PARAMGEN2"}, {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"}, Loading Loading @@ -139,6 +140,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]= {ERR_REASON(FIPS_R_GENERATE_ERROR_UNDETECTED),"generate error undetected"}, {ERR_REASON(FIPS_R_INSTANTIATE_ERROR) ,"instantiate error"}, {ERR_REASON(FIPS_R_INSUFFICIENT_SECURITY_STRENGTH),"insufficient security strength"}, {ERR_REASON(FIPS_R_INTERNAL_ERROR) ,"internal error"}, {ERR_REASON(FIPS_R_INVALID_KEY_LENGTH) ,"invalid key length"}, {ERR_REASON(FIPS_R_IN_ERROR_STATE) ,"in error state"}, {ERR_REASON(FIPS_R_KEY_TOO_SHORT) ,"key too short"}, Loading fips/fips.h +3 −0 Original line number Diff line number Diff line Loading @@ -92,6 +92,7 @@ void FIPS_corrupt_ec_keygen(void); void FIPS_corrupt_rng(void); void FIPS_corrupt_drbg(void); void FIPS_rng_stick(void); void FIPS_drbg_stick(void); int FIPS_selftest_rng(void); int FIPS_selftest_hmac(void); int FIPS_selftest_drbg(void); Loading Loading @@ -188,6 +189,7 @@ void ERR_load_FIPS_strings(void); /* Function codes. */ #define FIPS_F_DH_BUILTIN_GENPARAMS 100 #define FIPS_F_DRBG_CPRNG_TEST 141 #define FIPS_F_DSA_BUILTIN_PARAMGEN 101 #define FIPS_F_DSA_BUILTIN_PARAMGEN2 126 #define FIPS_F_DSA_DO_SIGN 102 Loading Loading @@ -253,6 +255,7 @@ void ERR_load_FIPS_strings(void); #define FIPS_R_GENERATE_ERROR_UNDETECTED 136 #define FIPS_R_INSTANTIATE_ERROR 125 #define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 132 #define FIPS_R_INTERNAL_ERROR 143 #define FIPS_R_INVALID_KEY_LENGTH 109 #define FIPS_R_IN_ERROR_STATE 126 #define FIPS_R_KEY_TOO_SHORT 108 Loading fips/fips_test_suite.c +7 −0 Original line number Diff line number Diff line Loading @@ -671,6 +671,7 @@ int main(int argc,char **argv) int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0; int bad_rsa = 0, bad_dsa = 0; int do_rng_stick = 0; int do_drbg_stick = 0; int no_exit = 0; fips_algtest_init_nofips(); Loading Loading @@ -727,6 +728,10 @@ int main(int argc,char **argv) do_rng_stick = 1; no_exit = 1; printf("RNG test with stuck continuous test...\n"); } else if (!strcmp(argv[1], "drbgstick")) { do_drbg_stick = 1; no_exit = 1; printf("DRBG test with stuck continuous test...\n"); } else { printf("Bad argument \"%s\"\n", argv[1]); exit(1); Loading Loading @@ -756,6 +761,8 @@ int main(int argc,char **argv) FIPS_corrupt_dsa_keygen(); if (do_corrupt_rsa_keygen) FIPS_corrupt_rsa_keygen(); if (do_drbg_stick) FIPS_drbg_stick(); if (do_rng_stick) FIPS_rng_stick(); Loading fips/rand/fips_drbg_ctr.c +10 −0 Original line number Diff line number Diff line Loading @@ -330,14 +330,24 @@ static int drbg_ctr_generate(DRBG_CTX *dctx, for (;;) { inc_128(cctx); if (!(dctx->flags & DRBG_FLAG_TEST) && !dctx->lb_valid) { AES_encrypt(cctx->V, dctx->lb, &cctx->ks); dctx->lb_valid = 1; continue; } if (outlen < 16) { /* Use K as temp space as it will be updated */ AES_encrypt(cctx->V, cctx->K, &cctx->ks); if (!drbg_cprng_test(dctx, cctx->K)) return 0; memcpy(out, cctx->K, outlen); break; } AES_encrypt(cctx->V, out, &cctx->ks); if (!drbg_cprng_test(dctx, out)) return 0; out += 16; outlen -= 16; if (outlen == 0) Loading fips/rand/fips_drbg_hash.c +10 −0 Original line number Diff line number Diff line Loading @@ -195,13 +195,23 @@ static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen) { FIPS_digestinit(&hctx->mctx, hctx->md); FIPS_digestupdate(&hctx->mctx, hctx->vtmp, dctx->seedlen); if (!(dctx->flags & DRBG_FLAG_TEST) && !dctx->lb_valid) { FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL); dctx->lb_valid = 1; continue; } if (outlen < dctx->blocklength) { FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL); if (!drbg_cprng_test(dctx, hctx->vtmp)) return 0; memcpy(out, hctx->vtmp, outlen); return 1; } FIPS_digestfinal(&hctx->mctx, out, NULL); if (!drbg_cprng_test(dctx, out)) return 0; outlen -= dctx->blocklength; if (outlen == 0) return 1; Loading Loading
crypto/fips_err.h +2 −0 Original line number Diff line number Diff line Loading @@ -71,6 +71,7 @@ static ERR_STRING_DATA FIPS_str_functs[]= { {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, {ERR_FUNC(FIPS_F_DRBG_CPRNG_TEST), "DRBG_CPRNG_TEST"}, {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2), "DSA_BUILTIN_PARAMGEN2"}, {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"}, Loading Loading @@ -139,6 +140,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]= {ERR_REASON(FIPS_R_GENERATE_ERROR_UNDETECTED),"generate error undetected"}, {ERR_REASON(FIPS_R_INSTANTIATE_ERROR) ,"instantiate error"}, {ERR_REASON(FIPS_R_INSUFFICIENT_SECURITY_STRENGTH),"insufficient security strength"}, {ERR_REASON(FIPS_R_INTERNAL_ERROR) ,"internal error"}, {ERR_REASON(FIPS_R_INVALID_KEY_LENGTH) ,"invalid key length"}, {ERR_REASON(FIPS_R_IN_ERROR_STATE) ,"in error state"}, {ERR_REASON(FIPS_R_KEY_TOO_SHORT) ,"key too short"}, Loading
fips/fips.h +3 −0 Original line number Diff line number Diff line Loading @@ -92,6 +92,7 @@ void FIPS_corrupt_ec_keygen(void); void FIPS_corrupt_rng(void); void FIPS_corrupt_drbg(void); void FIPS_rng_stick(void); void FIPS_drbg_stick(void); int FIPS_selftest_rng(void); int FIPS_selftest_hmac(void); int FIPS_selftest_drbg(void); Loading Loading @@ -188,6 +189,7 @@ void ERR_load_FIPS_strings(void); /* Function codes. */ #define FIPS_F_DH_BUILTIN_GENPARAMS 100 #define FIPS_F_DRBG_CPRNG_TEST 141 #define FIPS_F_DSA_BUILTIN_PARAMGEN 101 #define FIPS_F_DSA_BUILTIN_PARAMGEN2 126 #define FIPS_F_DSA_DO_SIGN 102 Loading Loading @@ -253,6 +255,7 @@ void ERR_load_FIPS_strings(void); #define FIPS_R_GENERATE_ERROR_UNDETECTED 136 #define FIPS_R_INSTANTIATE_ERROR 125 #define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 132 #define FIPS_R_INTERNAL_ERROR 143 #define FIPS_R_INVALID_KEY_LENGTH 109 #define FIPS_R_IN_ERROR_STATE 126 #define FIPS_R_KEY_TOO_SHORT 108 Loading
fips/fips_test_suite.c +7 −0 Original line number Diff line number Diff line Loading @@ -671,6 +671,7 @@ int main(int argc,char **argv) int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0; int bad_rsa = 0, bad_dsa = 0; int do_rng_stick = 0; int do_drbg_stick = 0; int no_exit = 0; fips_algtest_init_nofips(); Loading Loading @@ -727,6 +728,10 @@ int main(int argc,char **argv) do_rng_stick = 1; no_exit = 1; printf("RNG test with stuck continuous test...\n"); } else if (!strcmp(argv[1], "drbgstick")) { do_drbg_stick = 1; no_exit = 1; printf("DRBG test with stuck continuous test...\n"); } else { printf("Bad argument \"%s\"\n", argv[1]); exit(1); Loading Loading @@ -756,6 +761,8 @@ int main(int argc,char **argv) FIPS_corrupt_dsa_keygen(); if (do_corrupt_rsa_keygen) FIPS_corrupt_rsa_keygen(); if (do_drbg_stick) FIPS_drbg_stick(); if (do_rng_stick) FIPS_rng_stick(); Loading
fips/rand/fips_drbg_ctr.c +10 −0 Original line number Diff line number Diff line Loading @@ -330,14 +330,24 @@ static int drbg_ctr_generate(DRBG_CTX *dctx, for (;;) { inc_128(cctx); if (!(dctx->flags & DRBG_FLAG_TEST) && !dctx->lb_valid) { AES_encrypt(cctx->V, dctx->lb, &cctx->ks); dctx->lb_valid = 1; continue; } if (outlen < 16) { /* Use K as temp space as it will be updated */ AES_encrypt(cctx->V, cctx->K, &cctx->ks); if (!drbg_cprng_test(dctx, cctx->K)) return 0; memcpy(out, cctx->K, outlen); break; } AES_encrypt(cctx->V, out, &cctx->ks); if (!drbg_cprng_test(dctx, out)) return 0; out += 16; outlen -= 16; if (outlen == 0) Loading
fips/rand/fips_drbg_hash.c +10 −0 Original line number Diff line number Diff line Loading @@ -195,13 +195,23 @@ static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen) { FIPS_digestinit(&hctx->mctx, hctx->md); FIPS_digestupdate(&hctx->mctx, hctx->vtmp, dctx->seedlen); if (!(dctx->flags & DRBG_FLAG_TEST) && !dctx->lb_valid) { FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL); dctx->lb_valid = 1; continue; } if (outlen < dctx->blocklength) { FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL); if (!drbg_cprng_test(dctx, hctx->vtmp)) return 0; memcpy(out, hctx->vtmp, outlen); return 1; } FIPS_digestfinal(&hctx->mctx, out, NULL); if (!drbg_cprng_test(dctx, out)) return 0; outlen -= dctx->blocklength; if (outlen == 0) return 1; Loading
