You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1695 lines
70 KiB
1695 lines
70 KiB
diff -up openssl-1.0.1e/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.1e/crypto/bn/bn_rand.c |
|
--- openssl-1.0.1e/crypto/bn/bn_rand.c.fips-reqs 2013-02-11 16:02:47.000000000 +0100 |
|
+++ openssl-1.0.1e/crypto/bn/bn_rand.c 2014-02-13 16:50:34.280893285 +0100 |
|
@@ -138,9 +138,12 @@ static int bnrand(int pseudorand, BIGNUM |
|
goto err; |
|
} |
|
|
|
- /* make a random number and set the top and bottom bits */ |
|
- time(&tim); |
|
- RAND_add(&tim,sizeof(tim),0.0); |
|
+ if (!FIPS_mode()) /* in FIPS mode the RNG is always properly seeded or the module fails */ |
|
+ { |
|
+ /* make a random number and set the top and bottom bits */ |
|
+ time(&tim); |
|
+ RAND_add(&tim,sizeof(tim),0.0); |
|
+ } |
|
|
|
if (pseudorand) |
|
{ |
|
diff -up openssl-1.0.1e/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.1e/crypto/dh/dh_gen.c |
|
--- openssl-1.0.1e/crypto/dh/dh_gen.c.fips-reqs 2013-12-18 12:17:09.748636614 +0100 |
|
+++ openssl-1.0.1e/crypto/dh/dh_gen.c 2013-12-18 12:17:09.798637687 +0100 |
|
@@ -125,7 +125,7 @@ static int dh_builtin_genparams(DH *ret, |
|
return 0; |
|
} |
|
|
|
- if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) |
|
+ if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN)) |
|
{ |
|
DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); |
|
goto err; |
|
diff -up openssl-1.0.1e/crypto/dh/dh.h.fips-reqs openssl-1.0.1e/crypto/dh/dh.h |
|
--- openssl-1.0.1e/crypto/dh/dh.h.fips-reqs 2013-12-18 12:17:09.748636614 +0100 |
|
+++ openssl-1.0.1e/crypto/dh/dh.h 2013-12-18 12:17:09.798637687 +0100 |
|
@@ -78,6 +78,7 @@ |
|
#endif |
|
|
|
#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 |
|
+#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN (getenv("OPENSSL_ENFORCE_MODULUS_BITS")?2048:1024) |
|
|
|
#define DH_FLAG_CACHE_MONT_P 0x01 |
|
#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH |
|
diff -up openssl-1.0.1e/crypto/dh/dh_check.c.fips-reqs openssl-1.0.1e/crypto/dh/dh_check.c |
|
--- openssl-1.0.1e/crypto/dh/dh_check.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100 |
|
+++ openssl-1.0.1e/crypto/dh/dh_check.c 2013-12-18 12:17:09.799637708 +0100 |
|
@@ -134,7 +134,33 @@ int DH_check_pub_key(const DH *dh, const |
|
BN_sub_word(q,1); |
|
if (BN_cmp(pub_key,q)>=0) |
|
*ret|=DH_CHECK_PUBKEY_TOO_LARGE; |
|
+#ifdef OPENSSL_FIPS |
|
+ if (FIPS_mode() && dh->q != NULL) |
|
+ { |
|
+ BN_CTX *ctx = NULL; |
|
|
|
+ ctx = BN_CTX_new(); |
|
+ if (ctx == NULL) |
|
+ goto err; |
|
+ |
|
+ if (BN_mod_exp_mont(q, pub_key, dh->q, dh->p, ctx, NULL) <= 0) |
|
+ { |
|
+ BN_CTX_free(ctx); |
|
+ goto err; |
|
+ } |
|
+ if (!BN_is_one(q)) |
|
+ { |
|
+ /* it would be more correct to add new return flag |
|
+ * for this test, but we do not want to do it |
|
+ * so just error out |
|
+ */ |
|
+ BN_CTX_free(ctx); |
|
+ goto err; |
|
+ } |
|
+ |
|
+ BN_CTX_free(ctx); |
|
+ } |
|
+#endif |
|
ok = 1; |
|
err: |
|
if (q != NULL) BN_free(q); |
|
diff -up openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.1e/crypto/dsa/dsa_gen.c |
|
--- openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips-reqs 2013-12-18 12:17:09.749636636 +0100 |
|
+++ openssl-1.0.1e/crypto/dsa/dsa_gen.c 2013-12-18 12:17:09.799637708 +0100 |
|
@@ -159,7 +159,7 @@ int dsa_builtin_paramgen(DSA *ret, size_ |
|
} |
|
|
|
if (FIPS_module_mode() && |
|
- (bits != 1024 || qbits != 160) && |
|
+ (getenv("OPENSSL_ENFORCE_MODULUS_BITS") || bits != 1024 || qbits != 160) && |
|
(bits != 2048 || qbits != 224) && |
|
(bits != 2048 || qbits != 256) && |
|
(bits != 3072 || qbits != 256)) |
|
diff -up openssl-1.0.1e/crypto/dsa/dsa.h.fips-reqs openssl-1.0.1e/crypto/dsa/dsa.h |
|
--- openssl-1.0.1e/crypto/dsa/dsa.h.fips-reqs 2013-12-18 12:17:09.749636636 +0100 |
|
+++ openssl-1.0.1e/crypto/dsa/dsa.h 2013-12-18 12:17:09.799637708 +0100 |
|
@@ -89,6 +89,7 @@ |
|
#endif |
|
|
|
#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 |
|
+#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN (getenv("OPENSSL_ENFORCE_MODULUS_BITS")?2048:1024) |
|
|
|
#define DSA_FLAG_CACHE_MONT_P 0x01 |
|
#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA |
|
@@ -254,9 +255,9 @@ int DSAparams_print_fp(FILE *fp, const D |
|
int DSA_print_fp(FILE *bp, const DSA *x, int off); |
|
#endif |
|
|
|
-#define DSS_prime_checks 50 |
|
-/* Primality test according to FIPS PUB 186[-1], Appendix 2.1: |
|
- * 50 rounds of Rabin-Miller */ |
|
+#define DSS_prime_checks 64 |
|
+/* Primality test according to FIPS PUB 186[-4], Appendix 2.1: |
|
+ * 64 rounds of Rabin-Miller */ |
|
#define DSA_is_prime(n, callback, cb_arg) \ |
|
BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) |
|
|
|
diff -up openssl-1.0.1e/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.1e/crypto/dsa/dsa_key.c |
|
--- openssl-1.0.1e/crypto/dsa/dsa_key.c.fips-reqs 2013-12-18 12:17:09.797637665 +0100 |
|
+++ openssl-1.0.1e/crypto/dsa/dsa_key.c 2013-12-18 12:17:09.799637708 +0100 |
|
@@ -127,7 +127,7 @@ static int dsa_builtin_keygen(DSA *dsa) |
|
|
|
#ifdef OPENSSL_FIPS |
|
if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) |
|
- && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) |
|
+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN)) |
|
{ |
|
DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL); |
|
goto err; |
|
diff -up openssl-1.0.1e/crypto/fips/fips.c.fips-reqs openssl-1.0.1e/crypto/fips/fips.c |
|
--- openssl-1.0.1e/crypto/fips/fips.c.fips-reqs 2014-09-24 16:38:43.000000000 +0200 |
|
+++ openssl-1.0.1e/crypto/fips/fips.c 2014-09-24 16:37:28.000000000 +0200 |
|
@@ -427,27 +427,25 @@ int FIPS_module_mode_set(int onoff, cons |
|
ret = 0; |
|
goto end; |
|
} |
|
- OPENSSL_ia32cap_P[0] |= (1<<28); /* set "shared cache" */ |
|
- OPENSSL_ia32cap_P[1] &= ~(1<<(60-32)); /* clear AVX */ |
|
} |
|
#endif |
|
|
|
- if(!verify_checksums()) |
|
+ if(!FIPS_selftest()) |
|
{ |
|
- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); |
|
fips_selftest_fail = 1; |
|
ret = 0; |
|
goto end; |
|
} |
|
|
|
- if(FIPS_selftest()) |
|
- fips_set_mode(onoff); |
|
- else |
|
+ if(!verify_checksums()) |
|
{ |
|
+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); |
|
fips_selftest_fail = 1; |
|
ret = 0; |
|
goto end; |
|
} |
|
+ |
|
+ fips_set_mode(onoff); |
|
ret = 1; |
|
goto end; |
|
} |
|
diff -up openssl-1.0.1e/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_dh_selftest.c |
|
--- openssl-1.0.1e/crypto/fips/fips_dh_selftest.c.fips-reqs 2013-12-18 17:06:36.575114314 +0100 |
|
+++ openssl-1.0.1e/crypto/fips/fips_dh_selftest.c 2013-12-18 17:26:14.409036334 +0100 |
|
@@ -0,0 +1,162 @@ |
|
+/* ==================================================================== |
|
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. |
|
+ * Copyright (c) 2013 Red Hat, Inc. |
|
+ * |
|
+ * Redistribution and use in source and binary forms, with or without |
|
+ * modification, are permitted provided that the following conditions |
|
+ * are met: |
|
+ * |
|
+ * 1. Redistributions of source code must retain the above copyright |
|
+ * notice, this list of conditions and the following disclaimer. |
|
+ * |
|
+ * 2. Redistributions in binary form must reproduce the above copyright |
|
+ * notice, this list of conditions and the following disclaimer in |
|
+ * the documentation and/or other materials provided with the |
|
+ * distribution. |
|
+ * |
|
+ * 3. All advertising materials mentioning features or use of this |
|
+ * software must display the following acknowledgment: |
|
+ * "This product includes software developed by the OpenSSL Project |
|
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
|
+ * |
|
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|
+ * endorse or promote products derived from this software without |
|
+ * prior written permission. For written permission, please contact |
|
+ * openssl-core@openssl.org. |
|
+ * |
|
+ * 5. Products derived from this software may not be called "OpenSSL" |
|
+ * nor may "OpenSSL" appear in their names without prior written |
|
+ * permission of the OpenSSL Project. |
|
+ * |
|
+ * 6. Redistributions of any form whatsoever must retain the following |
|
+ * acknowledgment: |
|
+ * "This product includes software developed by the OpenSSL Project |
|
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
|
+ * |
|
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
+ * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
+ * |
|
+ */ |
|
+ |
|
+#include <string.h> |
|
+#include <openssl/crypto.h> |
|
+#include <openssl/dh.h> |
|
+#include <openssl/fips.h> |
|
+#include <openssl/err.h> |
|
+#include <openssl/evp.h> |
|
+#include <openssl/bn.h> |
|
+#include "fips_locl.h" |
|
+ |
|
+#ifdef OPENSSL_FIPS |
|
+ |
|
+static const unsigned char dh_test_2048_p[] = { |
|
+ 0xAE,0xEC,0xEE,0x22,0xFA,0x3A,0xA5,0x22,0xC0,0xDE,0x0F,0x09, |
|
+ 0x7E,0x17,0xC0,0x05,0xF9,0xF1,0xE7,0xC6,0x87,0x14,0x6D,0x11, |
|
+ 0xE7,0xAE,0xED,0x2F,0x72,0x59,0xC5,0xA9,0x9B,0xB8,0x02,0xA5, |
|
+ 0xF3,0x69,0x70,0xD6,0xDD,0x90,0xF9,0x19,0x79,0xBE,0x60,0x8F, |
|
+ 0x25,0x92,0x30,0x1C,0x51,0x51,0x38,0x26,0x82,0x25,0xE6,0xFC, |
|
+ 0xED,0x65,0x96,0x8F,0x57,0xE5,0x53,0x8B,0x38,0x63,0xC7,0xCE, |
|
+ 0xBC,0x1B,0x4D,0x18,0x2A,0x5B,0x04,0x3F,0x6A,0x3C,0x94,0x39, |
|
+ 0xAE,0x36,0xD6,0x5E,0x0F,0xA2,0xCC,0xD0,0xD4,0xD5,0xC6,0x1E, |
|
+ 0xF6,0xA0,0xF5,0x89,0x4E,0xB4,0x0B,0xA4,0xB3,0x2B,0x3D,0xE2, |
|
+ 0x4E,0xE1,0x49,0x25,0x99,0x5F,0x32,0x16,0x33,0x32,0x1B,0x7A, |
|
+ 0xA5,0x5C,0x6B,0x34,0x0D,0x39,0x99,0xDC,0xF0,0x76,0xE5,0x5A, |
|
+ 0xD4,0x71,0x00,0xED,0x5A,0x73,0xFB,0xC8,0x01,0xAD,0x99,0xCF, |
|
+ 0x99,0x52,0x7C,0x9C,0x64,0xC6,0x76,0x40,0x57,0xAF,0x59,0xD7, |
|
+ 0x38,0x0B,0x40,0xDE,0x33,0x0D,0xB8,0x76,0xEC,0xA9,0xD8,0x73, |
|
+ 0xF8,0xEF,0x26,0x66,0x06,0x27,0xDD,0x7C,0xA4,0x10,0x9C,0xA6, |
|
+ 0xAA,0xF9,0x53,0x62,0x73,0x1D,0xBA,0x1C,0xF1,0x67,0xF4,0x35, |
|
+ 0xED,0x6F,0x37,0x92,0xE8,0x4F,0x6C,0xBA,0x52,0x6E,0xA1,0xED, |
|
+ 0xDA,0x9F,0x85,0x11,0x82,0x52,0x62,0x08,0x44,0xF1,0x30,0x03, |
|
+ 0xC3,0x38,0x2C,0x79,0xBD,0xD4,0x43,0x45,0xEE,0x8E,0x50,0xFC, |
|
+ 0x29,0x46,0x9A,0xFE,0x54,0x1A,0x19,0x8F,0x4B,0x84,0x08,0xDE, |
|
+ 0x20,0x62,0x73,0xCC,0xDD,0x7E,0xF0,0xEF,0xA2,0xFD,0x86,0x58, |
|
+ 0x4B,0xD8,0x37,0xEB |
|
+}; |
|
+ |
|
+static const unsigned char dh_test_2048_g[] = { |
|
+ 0x02 |
|
+}; |
|
+ |
|
+static const unsigned char dh_test_2048_pub_key[] = { |
|
+ 0xA0,0x39,0x11,0x77,0x9A,0xC1,0x30,0x1F,0xBE,0x48,0xA7,0xAA, |
|
+ 0xA0,0x84,0x54,0x64,0xAD,0x1B,0x70,0xFA,0x13,0x55,0x63,0xD2, |
|
+ 0x1F,0x62,0x32,0x93,0x8E,0xC9,0x3E,0x09,0xA7,0x64,0xE4,0x12, |
|
+ 0x6E,0x1B,0xF2,0x92,0x3B,0xB9,0xCB,0x56,0xEA,0x07,0x88,0xB5, |
|
+ 0xA6,0xBC,0x16,0x1F,0x27,0xFE,0xD8,0xAA,0x40,0xB2,0xB0,0x2D, |
|
+ 0x37,0x76,0xA6,0xA4,0x82,0x2C,0x0E,0x22,0x64,0x9D,0xCB,0xD1, |
|
+ 0x00,0xB7,0x89,0x14,0x72,0x4E,0xBE,0x48,0x41,0xF8,0xB2,0x51, |
|
+ 0x11,0x09,0x4B,0x22,0x01,0x23,0x39,0x96,0xE0,0x15,0xD7,0x9F, |
|
+ 0x60,0xD1,0xB7,0xAE,0xFE,0x5F,0xDB,0xE7,0x03,0x17,0x97,0xA6, |
|
+ 0x16,0x74,0xBD,0x53,0x81,0x19,0xC5,0x47,0x5E,0xCE,0x8D,0xED, |
|
+ 0x45,0x5D,0x3C,0x00,0xA0,0x0A,0x68,0x6A,0xE0,0x8E,0x06,0x46, |
|
+ 0x6F,0xD7,0xF9,0xDF,0x31,0x7E,0x77,0x44,0x0D,0x98,0xE0,0xCA, |
|
+ 0x98,0x09,0x52,0x04,0x90,0xEA,0x6D,0xF4,0x30,0x69,0x8F,0xB1, |
|
+ 0x9B,0xC1,0x43,0xDB,0xD5,0x8D,0xC8,0x8E,0xB6,0x0B,0x05,0xBE, |
|
+ 0x0E,0xC5,0x99,0xC8,0x6E,0x4E,0xF3,0xCB,0xC3,0x5E,0x9B,0x53, |
|
+ 0xF7,0x06,0x1C,0x4F,0xC7,0xB8,0x6E,0x30,0x18,0xCA,0x9B,0xB9, |
|
+ 0xBC,0x5F,0x17,0x72,0x29,0x5A,0xE5,0xD9,0x96,0xB7,0x0B,0xF3, |
|
+ 0x2D,0x8C,0xF1,0xE1,0x0E,0x0D,0x74,0xD5,0x9D,0xF0,0x06,0xA9, |
|
+ 0xB4,0x95,0x63,0x76,0x46,0x55,0x48,0x82,0x39,0x90,0xEF,0x56, |
|
+ 0x75,0x34,0xB8,0x34,0xC3,0x18,0x6E,0x1E,0xAD,0xE3,0x48,0x7E, |
|
+ 0x93,0x2C,0x23,0xE7,0xF8,0x90,0x73,0xB1,0x77,0x80,0x67,0xA9, |
|
+ 0x36,0x9E,0xDA,0xD2 |
|
+}; |
|
+ |
|
+static const unsigned char dh_test_2048_priv_key[] = { |
|
+ 0x0C,0x4B,0x30,0x89,0xD1,0xB8,0x62,0xCB,0x3C,0x43,0x64,0x91, |
|
+ 0xF0,0x91,0x54,0x70,0xC5,0x27,0x96,0xE3,0xAC,0xBE,0xE8,0x00, |
|
+ 0xEC,0x55,0xF6,0xCC |
|
+}; |
|
+ |
|
+int FIPS_selftest_dh() |
|
+ { |
|
+ DH *dh = NULL; |
|
+ int ret = 0; |
|
+ void *pub_key = NULL; |
|
+ int len; |
|
+ |
|
+ dh = DH_new(); |
|
+ |
|
+ if(dh == NULL) |
|
+ goto err; |
|
+ |
|
+ fips_load_key_component(dh, p, dh_test_2048); |
|
+ fips_load_key_component(dh, g, dh_test_2048); |
|
+ /* note that the private key is much shorter than normally used |
|
+ * but still g ** priv_key > p |
|
+ */ |
|
+ fips_load_key_component(dh, priv_key, dh_test_2048); |
|
+ |
|
+ if (DH_generate_key(dh) <= 0) |
|
+ goto err; |
|
+ |
|
+ len = BN_num_bytes(dh->pub_key); |
|
+ if ((pub_key = OPENSSL_malloc(len)) == NULL) |
|
+ goto err; |
|
+ BN_bn2bin(dh->pub_key, pub_key); |
|
+ |
|
+ if (len != sizeof(dh_test_2048_pub_key) || |
|
+ memcmp(pub_key, dh_test_2048_pub_key, len) != 0) |
|
+ goto err; |
|
+ |
|
+ ret = 1; |
|
+ |
|
+ err: |
|
+ if (dh) |
|
+ DH_free(dh); |
|
+ |
|
+ OPENSSL_free(pub_key); |
|
+ return ret; |
|
+ } |
|
+#endif |
|
diff -up openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_drbg_rand.c |
|
--- openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips-reqs 2013-12-18 12:17:09.757636808 +0100 |
|
+++ openssl-1.0.1e/crypto/fips/fips_drbg_rand.c 2013-12-18 18:53:33.263711297 +0100 |
|
@@ -77,7 +77,8 @@ static int fips_drbg_bytes(unsigned char |
|
int rv = 0; |
|
unsigned char *adin = NULL; |
|
size_t adinlen = 0; |
|
- CRYPTO_w_lock(CRYPTO_LOCK_RAND); |
|
+ int locked; |
|
+ locked = private_RAND_lock(1); |
|
do |
|
{ |
|
size_t rcnt; |
|
@@ -109,7 +110,8 @@ static int fips_drbg_bytes(unsigned char |
|
while (count); |
|
rv = 1; |
|
err: |
|
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); |
|
+ if (locked) |
|
+ private_RAND_lock(0); |
|
return rv; |
|
} |
|
|
|
@@ -124,35 +126,51 @@ static int fips_drbg_status(void) |
|
{ |
|
DRBG_CTX *dctx = &ossl_dctx; |
|
int rv; |
|
- CRYPTO_r_lock(CRYPTO_LOCK_RAND); |
|
+ int locked; |
|
+ locked = private_RAND_lock(1); |
|
rv = dctx->status == DRBG_STATUS_READY ? 1 : 0; |
|
- CRYPTO_r_unlock(CRYPTO_LOCK_RAND); |
|
+ if (locked) |
|
+ private_RAND_lock(0); |
|
return rv; |
|
} |
|
|
|
static void fips_drbg_cleanup(void) |
|
{ |
|
DRBG_CTX *dctx = &ossl_dctx; |
|
- CRYPTO_w_lock(CRYPTO_LOCK_RAND); |
|
+ int locked; |
|
+ locked = private_RAND_lock(1); |
|
FIPS_drbg_uninstantiate(dctx); |
|
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); |
|
+ if (locked) |
|
+ private_RAND_lock(0); |
|
} |
|
|
|
static int fips_drbg_seed(const void *seed, int seedlen) |
|
{ |
|
DRBG_CTX *dctx = &ossl_dctx; |
|
+ int locked; |
|
+ int ret = 1; |
|
+ |
|
+ locked = private_RAND_lock(1); |
|
if (dctx->rand_seed_cb) |
|
- return dctx->rand_seed_cb(dctx, seed, seedlen); |
|
- return 1; |
|
+ ret = dctx->rand_seed_cb(dctx, seed, seedlen); |
|
+ if (locked) |
|
+ private_RAND_lock(0); |
|
+ return ret; |
|
} |
|
|
|
static int fips_drbg_add(const void *seed, int seedlen, |
|
double add_entropy) |
|
{ |
|
DRBG_CTX *dctx = &ossl_dctx; |
|
+ int locked; |
|
+ int ret = 1; |
|
+ |
|
+ locked = private_RAND_lock(1); |
|
if (dctx->rand_add_cb) |
|
- return dctx->rand_add_cb(dctx, seed, seedlen, add_entropy); |
|
- return 1; |
|
+ ret = dctx->rand_add_cb(dctx, seed, seedlen, add_entropy); |
|
+ if (locked) |
|
+ private_RAND_lock(0); |
|
+ return ret; |
|
} |
|
|
|
static const RAND_METHOD rand_drbg_meth = |
|
diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-reqs openssl-1.0.1e/crypto/fips/fips.h |
|
--- openssl-1.0.1e/crypto/fips/fips.h.fips-reqs 2013-12-18 12:17:09.000000000 +0100 |
|
+++ openssl-1.0.1e/crypto/fips/fips.h 2013-12-18 17:13:00.928586689 +0100 |
|
@@ -96,6 +96,7 @@ void FIPS_corrupt_dsa_keygen(void); |
|
int FIPS_selftest_dsa(void); |
|
int FIPS_selftest_ecdsa(void); |
|
int FIPS_selftest_ecdh(void); |
|
+int FIPS_selftest_dh(void); |
|
void FIPS_corrupt_rng(void); |
|
void FIPS_rng_stick(void); |
|
void FIPS_x931_stick(int onoff); |
|
diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_post.c |
|
--- openssl-1.0.1e/crypto/fips/fips_post.c.fips-reqs 2013-12-18 12:17:09.000000000 +0100 |
|
+++ openssl-1.0.1e/crypto/fips/fips_post.c 2013-12-18 17:12:26.721832716 +0100 |
|
@@ -99,6 +99,8 @@ int FIPS_selftest(void) |
|
rv = 0; |
|
if (!FIPS_selftest_dsa()) |
|
rv = 0; |
|
+ if (!FIPS_selftest_dh()) |
|
+ rv = 0; |
|
if (!FIPS_selftest_ecdh()) |
|
rv = 0; |
|
return rv; |
|
diff -up openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c |
|
--- openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips-reqs 2014-03-14 14:47:18.809259727 +0100 |
|
+++ openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c 2014-03-14 15:37:26.295687852 +0100 |
|
@@ -60,69 +60,113 @@ |
|
#ifdef OPENSSL_FIPS |
|
|
|
static const unsigned char n[] = |
|
-"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" |
|
-"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" |
|
-"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" |
|
-"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" |
|
-"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" |
|
-"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" |
|
-"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" |
|
-"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" |
|
-"\xCB"; |
|
+"\x00\xc9\xd5\x6d\x9d\x90\xdb\x43\xd6\x02\xed\x96\x88\x13\x8a" |
|
+"\xb2\xbf\x6e\xa1\x06\x10\xb2\x78\x37\xa7\x14\xa8\xff\xdd\x00" |
|
+"\xdd\xb4\x93\xa0\x45\xcc\x96\x90\xed\xad\xa9\xdd\xc4\xd6\xca" |
|
+"\x0c\xf0\xed\x4f\x72\x5e\x21\x49\x9a\x18\x12\x15\x8f\x90\x5a" |
|
+"\xdb\xb6\x33\x99\xa3\xe6\xb4\xf0\xc4\x97\x21\x26\xbb\xe3\xba" |
|
+"\xf2\xff\xa0\x72\xda\x89\x63\x8e\x8b\x3e\x08\x9d\x92\x2a\xbe" |
|
+"\x16\xe1\x43\x15\xfc\x57\xc7\x1f\x09\x11\x67\x1c\xa9\x96\xd1" |
|
+"\x8b\x3e\x80\x93\xc1\x59\xd0\x6d\x39\xf2\xac\x95\xcc\x10\x75" |
|
+"\xe9\x31\x24\xd1\x43\xaf\x68\x52\x4b\xe7\x16\xd7\x49\x65\x6f" |
|
+"\x26\xc0\x86\xad\xc0\x07\x0a\xc1\xe1\x2f\x87\x85\x86\x3b\xdc" |
|
+"\x5a\x99\xbe\xe9\xf9\xb9\xe9\x82\x27\x51\x04\x15\xab\x06\x0e" |
|
+"\x76\x5a\x28\x8d\x92\xbd\xc5\xb5\x7b\xa8\xdf\x4e\x47\xa2\xc1" |
|
+"\xe7\x52\xbf\x47\xf7\x62\xe0\x3a\x6f\x4d\x6a\x4d\x4e\xd4\xb9" |
|
+"\x59\x69\xfa\xb2\x14\xc1\xee\xe6\x2f\x95\xcd\x94\x72\xae\xe4" |
|
+"\xdb\x18\x9a\xc4\xcd\x70\xbd\xee\x31\x16\xb7\x49\x65\xac\x40" |
|
+"\x19\x0e\xb5\x6d\x83\xf1\x36\xbb\x08\x2f\x2e\x4e\x92\x62\xa4" |
|
+"\xff\x50\xdb\x20\x45\xa2\xeb\x16\x7a\xf2\xd5\x28\xc1\xfd\x4e" |
|
+"\x03\x71"; |
|
+ |
|
|
|
static int corrupt_rsa; |
|
|
|
static int setrsakey(RSA *key) |
|
{ |
|
- static const unsigned char e[] = "\x11"; |
|
+ static const unsigned char e[] = "\x01\x00\x01"; |
|
|
|
static const unsigned char d[] = |
|
-"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" |
|
-"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" |
|
-"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" |
|
-"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" |
|
-"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" |
|
-"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" |
|
-"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" |
|
-"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" |
|
-"\xC1"; |
|
+"\x36\x27\x3d\xb1\xf9\x1b\xdb\xa7\xa0\x41\x7f\x12\x23\xac\x23" |
|
+"\x29\x99\xd5\x3a\x7b\x60\x67\x41\x07\x63\x53\xb4\xd2\xe7\x58" |
|
+"\x95\x0a\xc7\x05\xf3\x4e\xb2\xb4\x12\xd4\x70\xdc\x4f\x85\x06" |
|
+"\xd3\xdd\xd8\x63\x27\x3e\x67\x31\x21\x24\x39\x04\xbc\x06\xa4" |
|
+"\xcc\xce\x2b\x7a\xfe\x7b\xad\xde\x11\x6e\xa3\xa5\xe6\x04\x53" |
|
+"\x0e\xa3\x4e\x2d\xb4\x8f\x31\xbf\xca\x75\x25\x52\x02\x85\xde" |
|
+"\x3d\xb2\x72\x43\xb2\x89\x8a\x9a\x34\x41\x26\x3f\x9a\x67\xbe" |
|
+"\xa4\x96\x7b\x0e\x75\xba\xa6\x93\xd5\xb8\xd8\xb8\x57\xf2\x4b" |
|
+"\x0f\x14\x81\xd1\x57\x4e\xf6\x45\x4c\xa6\x3b\xd0\x70\xca\xd3" |
|
+"\x9d\x55\xde\x22\x05\xe7\x8e\x28\x4d\xee\x11\xcf\xb6\x67\x76" |
|
+"\x09\xd3\xe3\x3c\x13\xf9\x99\x34\x10\x7b\xec\x81\x38\xf0\xb6" |
|
+"\x34\x9c\x9b\x50\x6f\x0b\x91\x81\x4d\x89\x94\x04\x7b\xf0\x3c" |
|
+"\xf4\xb1\xb2\x00\x48\x8d\x5a\x8f\x88\x9e\xc5\xab\x3a\x9e\x44" |
|
+"\x3f\x54\xe7\xd9\x6e\x47\xaa\xa1\xbd\x40\x46\x31\xf9\xf0\x34" |
|
+"\xb6\x04\xe1\x2b\x5b\x73\x86\xdd\x3a\x92\x1b\x71\xc7\x3f\x32" |
|
+"\xe5\xc3\xc2\xab\xa1\x7e\xbf\xa4\x52\xa0\xb0\x68\x90\xd1\x20" |
|
+"\x12\x79\xe9\xd7\xc9\x40\xba\xf2\x19\xc7\xa5\x00\x92\x86\x0d" |
|
+"\x01"; |
|
|
|
static const unsigned char p[] = |
|
-"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" |
|
-"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" |
|
-"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" |
|
-"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" |
|
-"\x99"; |
|
+"\x00\xfc\x5c\x6e\x16\xce\x1f\x03\x7b\xcd\xf7\xb3\x72\xb2\x8f" |
|
+"\x16\x72\xb8\x56\xae\xf7\xcd\x67\xd8\x4e\x7d\x07\xaf\xd5\x43" |
|
+"\x26\xc3\x35\xbe\x43\x8f\x4e\x2f\x1c\x43\x4e\x6b\xd2\xb2\xec" |
|
+"\x52\x6d\x97\x52\x2b\xcc\x5c\x3a\x6b\xf4\x14\xc6\x74\xda\x66" |
|
+"\x38\x1c\x7a\x3f\x84\x2f\xe3\xf9\x5a\xb8\x65\x69\x46\x06\xa3" |
|
+"\x37\x79\xb2\xa1\x5b\x58\xed\x5e\xa7\x5f\x8c\x65\x66\xbb\xd1" |
|
+"\x24\x36\xe6\x37\xa7\x3d\x49\x77\x8a\x8c\x34\xd8\x69\x29\xf3" |
|
+"\x4d\x58\x22\xb0\x51\x24\xb6\x40\xa8\x86\x59\x0a\xb7\xba\x5c" |
|
+"\x97\xda\x57\xe8\x36\xda\x7a\x9c\xad"; |
|
|
|
static const unsigned char q[] = |
|
-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" |
|
-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" |
|
-"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" |
|
-"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" |
|
-"\x03"; |
|
+"\x00\xcc\xbe\x7b\x09\x69\x06\xee\x45\xbf\x88\x47\x38\xa8\xf8" |
|
+"\x17\xe5\xb6\xba\x67\x55\xe3\xe8\x05\x8b\xb8\xe2\x53\xd6\x8e" |
|
+"\xef\x2c\xe7\x4f\x4a\xf7\x4e\x26\x8d\x85\x0b\x3f\xec\xc3\x1c" |
|
+"\xd4\xeb\xec\x6a\xc8\x72\x2a\x25\x7d\xfd\xa6\x77\x96\xf0\x1e" |
|
+"\xcd\x28\x57\xf8\x37\x30\x75\x6b\xbd\xd4\x7b\x0c\x87\xc5\x6c" |
|
+"\x87\x40\xa5\xbb\x27\x2c\x78\xc9\x74\x5a\x54\x5b\x0b\x30\x6f" |
|
+"\x44\x4a\xfa\x71\xe4\x21\x61\x66\xf9\xee\x65\xde\x7c\x04\xd7" |
|
+"\xfd\xa9\x15\x5b\x7f\xe2\x7a\xba\x69\x86\x72\xa6\x06\x8d\x9b" |
|
+"\x90\x55\x60\x9e\x4c\x5d\xa9\xb6\x55"; |
|
+ |
|
|
|
static const unsigned char dmp1[] = |
|
-"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" |
|
-"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" |
|
-"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" |
|
-"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; |
|
+"\x7a\xd6\x12\xd0\x0e\xec\x91\xa9\x85\x8b\xf8\x50\xf0\x11\x2e" |
|
+"\x00\x11\x32\x40\x60\x66\x1f\x11\xee\xc2\x75\x27\x65\x4b\x16" |
|
+"\x67\x16\x95\xd2\x14\xc3\x1d\xb3\x48\x1f\xb7\xe4\x0b\x2b\x74" |
|
+"\xc3\xdb\x50\x27\xf9\x85\x3a\xfa\xa9\x08\x23\xc1\x65\x3d\x34" |
|
+"\x3a\xc8\x56\x7a\x65\x45\x36\x6e\xae\x2a\xce\x9f\x43\x43\xd7" |
|
+"\x10\xe9\x9e\x18\xf4\xa4\x35\xda\x8a\x6b\xb0\x3f\xdd\x53\xe3" |
|
+"\xa8\xc5\x4e\x79\x9d\x1f\x51\x8c\xa2\xca\x66\x3c\x6a\x2a\xff" |
|
+"\x8e\xd2\xf3\xb7\xcb\x82\xda\xde\x2c\xe6\xd2\x8c\xb3\xad\xb6" |
|
+"\x4c\x95\x55\x76\xbd\xc9\xc8\xd1"; |
|
+ |
|
|
|
static const unsigned char dmq1[] = |
|
-"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" |
|
-"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" |
|
-"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" |
|
-"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; |
|
- |
|
+"\x00\x83\x23\x1d\xbb\x11\x42\x17\x2b\x25\x5a\x2c\x03\xe6\x75" |
|
+"\xc1\x18\xa8\xc9\x0b\x96\xbf\xba\xc4\x92\x91\x80\xa5\x22\x2f" |
|
+"\xba\x91\x90\x36\x01\x56\x15\x00\x2c\x74\xa2\x97\xf7\x15\xa1" |
|
+"\x49\xdf\x32\x35\xd2\xdd\x0c\x91\xa6\xf8\xe7\xbe\x81\x36\x9b" |
|
+"\x03\xdc\x6b\x3b\xd8\x5d\x79\x57\xe0\xe6\x4f\x49\xdf\x4c\x5c" |
|
+"\x0e\xe5\x21\x41\x95\xfd\xad\xff\x9a\x3e\xa0\xf9\x0f\x59\x9e" |
|
+"\x6a\xa7\x7b\x71\xa7\x24\x9a\x36\x52\xae\x97\x20\xc1\x5e\x78" |
|
+"\xd9\x47\x8b\x1e\x67\xf2\xaf\x98\xe6\x2d\xef\x10\xd7\xf1\xab" |
|
+"\x49\xee\xe5\x4b\x7e\xae\x1f\x1d\x61"; |
|
+ |
|
+ |
|
static const unsigned char iqmp[] = |
|
-"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" |
|
-"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" |
|
-"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" |
|
-"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" |
|
-"\xF7"; |
|
+"\x23\x96\xc1\x91\x17\x5e\x0a\x83\xd2\xdc\x7b\x69\xb2\x59\x1d" |
|
+"\x33\x58\x52\x3f\x18\xc7\x09\x50\x1c\xb9\xa1\xbb\x4c\xa2\x38" |
|
+"\x40\x4c\x9a\x8e\xfe\x9c\x90\x92\xd0\x71\x9f\x89\x99\x50\x91" |
|
+"\x1f\x34\x8b\x74\x53\x11\x11\x4a\x70\xe2\xf7\x30\xd8\x8c\x80" |
|
+"\xe1\xcc\x9f\xf1\x63\x17\x1a\x7d\x67\x29\x4c\xcb\x4e\x74\x7b" |
|
+"\xe0\x3e\x9e\x2f\xf4\x67\x8f\xec\xb9\x5c\x00\x1e\x7e\xa2\x7b" |
|
+"\x92\xc9\x6f\x4c\xe4\x0e\xf9\x48\x63\xcd\x50\x22\x5d\xbf\xb6" |
|
+"\x9d\x01\x33\x6a\xf4\x50\xbe\x86\x98\x4f\xca\x3f\x3a\xfa\xcf" |
|
+"\x07\x40\xc4\xaa\xad\xae\xbe\xbf"; |
|
|
|
key->n = BN_bin2bn(n, sizeof(n)-1, key->n); |
|
if (corrupt_rsa) |
|
- BN_set_bit(key->n, 1024); |
|
+ BN_set_bit(key->n, 2048); |
|
key->e = BN_bin2bn(e, sizeof(e)-1, key->e); |
|
key->d = BN_bin2bn(d, sizeof(d)-1, key->d); |
|
key->p = BN_bin2bn(p, sizeof(p)-1, key->p); |
|
@@ -145,201 +189,291 @@ void FIPS_corrupt_rsa() |
|
static const unsigned char kat_tbs[] = "OpenSSL FIPS 140-2 Public Key RSA KAT"; |
|
|
|
static const unsigned char kat_RSA_PSS_SHA1[] = { |
|
- 0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9, 0x46, 0xDA, 0x0F, |
|
- 0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D, 0xD2, 0x90, 0xBB, |
|
- 0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C, 0xB7, 0xF8, 0xD3, |
|
- 0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7, 0x83, 0xD5, 0x4C, |
|
- 0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51, 0x60, 0xD0, 0xA7, |
|
- 0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E, 0x3F, 0x9B, 0xF5, |
|
- 0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47, 0xF0, 0xC5, 0x45, |
|
- 0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F, 0xF8, 0xB7, 0x31, |
|
- 0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB, 0x9F, 0xBA, 0xE8, |
|
- 0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E, 0x20, 0x25, 0x84, |
|
- 0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9 |
|
+ 0xC2, 0x80, 0x82, 0x56, 0xD8, 0xA7, 0xB2, 0x9C, 0xF5, 0xD6, 0x3C, 0xE3, |
|
+ 0xBF, 0xE9, 0x3A, 0x53, 0x40, 0xAE, 0xF2, 0xA9, 0x6A, 0x39, 0x49, 0x5B, |
|
+ 0x05, 0x7F, 0x67, 0x38, 0x2E, 0x1D, 0xE1, 0x93, 0x22, 0x65, 0x79, 0x84, |
|
+ 0x68, 0xFA, 0xD8, 0xAF, 0xA1, 0x98, 0x61, 0x6F, 0x44, 0x27, 0xA6, 0x8B, |
|
+ 0xCF, 0x0E, 0x13, 0xA9, 0xCE, 0xD7, 0x6C, 0xD2, 0x38, 0xB5, 0x16, 0xB9, |
|
+ 0x66, 0x94, 0x48, 0xDE, 0x9E, 0x19, 0x3D, 0x6F, 0xB3, 0xA1, 0x9A, 0x19, |
|
+ 0xDF, 0xFB, 0xAB, 0xA5, 0x9F, 0x38, 0xDA, 0xC9, 0x21, 0x8F, 0xCE, 0x98, |
|
+ 0x01, 0x3A, 0xC8, 0xE0, 0xDF, 0xDA, 0xFC, 0xF0, 0xA6, 0x86, 0x29, 0xB5, |
|
+ 0x7F, 0x61, 0xFB, 0xBA, 0xC5, 0x49, 0xB2, 0x7C, 0x6A, 0x26, 0x82, 0xC4, |
|
+ 0x8F, 0xAA, 0x5B, 0x10, 0xD5, 0xEE, 0xA0, 0x55, 0x42, 0xEF, 0x32, 0x5A, |
|
+ 0x3F, 0x55, 0xB3, 0x2C, 0x22, 0xE9, 0x65, 0xDA, 0x8D, 0x0A, 0xB9, 0x70, |
|
+ 0x43, 0xCC, 0x3F, 0x64, 0x9C, 0xB5, 0x65, 0x49, 0xBD, 0x7F, 0x35, 0xC1, |
|
+ 0x20, 0x85, 0x24, 0xFE, 0xAA, 0x6B, 0x37, 0x04, 0xA1, 0x0E, 0x9D, 0x5C, |
|
+ 0xBA, 0x7F, 0x14, 0x69, 0xC5, 0x93, 0xB2, 0x33, 0xC2, 0xC0, 0xC7, 0xDF, |
|
+ 0x7E, 0x9E, 0xA4, 0xB0, 0xA0, 0x64, 0xD2, 0xAC, 0xFC, 0xFD, 0xFD, 0x99, |
|
+ 0x8F, 0x6A, 0x40, 0x26, 0xC1, 0x2E, 0x4E, 0x8B, 0x33, 0xBE, 0xF1, 0x45, |
|
+ 0x59, 0x8F, 0x33, 0x40, 0x1D, 0x2A, 0xD2, 0xF7, 0x50, 0x83, 0x89, 0xCF, |
|
+ 0x94, 0xC6, 0xF8, 0x36, 0xF0, 0x84, 0x0B, 0x85, 0xA5, 0x02, 0xA9, 0x0F, |
|
+ 0x41, 0x7A, 0x77, 0xA3, 0x2F, 0x47, 0x1E, 0x1D, 0xEC, 0xE6, 0xD3, 0x01, |
|
+ 0x1E, 0x6F, 0x7A, 0x96, 0x50, 0x37, 0x37, 0x4B, 0x27, 0x52, 0x0B, 0xDC, |
|
+ 0xDB, 0xC7, 0xA9, 0x31, 0xB2, 0x40, 0xEE, 0x60, 0x41, 0x26, 0x6A, 0x05, |
|
+ 0xCE, 0x08, 0x1D, 0x89 |
|
}; |
|
|
|
static const unsigned char kat_RSA_PSS_SHA224[] = { |
|
- 0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF, 0xC5, 0x58, 0xA7, |
|
- 0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98, 0x08, 0x95, 0xFA, |
|
- 0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87, 0x7B, 0x1F, 0x57, |
|
- 0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55, 0x54, 0x1C, 0x89, |
|
- 0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC, 0x86, 0x05, 0xEE, |
|
- 0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64, 0x0B, 0xAB, 0x22, |
|
- 0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64, 0x62, 0xD1, 0xB5, |
|
- 0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA, 0x38, 0x24, 0x49, |
|
- 0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5, 0x03, 0xEA, 0x2D, |
|
- 0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF, 0x95, 0xC0, 0x00, |
|
- 0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0 |
|
+ 0xB4, 0x01, 0x93, 0x16, 0x05, 0xF6, 0xEB, 0xE2, 0xA4, 0xEB, 0x48, 0xAA, |
|
+ 0x00, 0xF4, 0xA1, 0x99, 0x0A, 0xB4, 0xB6, 0x63, 0xE9, 0x68, 0xCA, 0xB3, |
|
+ 0x13, 0xD7, 0x66, 0x6A, 0xCD, 0xCB, 0x33, 0x9F, 0xE5, 0x84, 0xE2, 0xC3, |
|
+ 0x0B, 0x53, 0xE5, 0x8B, 0x96, 0x4B, 0xDB, 0x2D, 0x80, 0xA4, 0x1D, 0xE3, |
|
+ 0x81, 0xDC, 0x52, 0x99, 0xBA, 0x9B, 0x6A, 0x9D, 0x48, 0x1F, 0x73, 0xF7, |
|
+ 0xAC, 0x09, 0x13, 0xA1, 0x16, 0x2C, 0x60, 0xFB, 0xBC, 0x25, 0xF7, 0x53, |
|
+ 0xD1, 0x04, 0x5A, 0x3F, 0x95, 0x09, 0x5E, 0xE5, 0xA2, 0x7D, 0xFC, 0x2A, |
|
+ 0x51, 0x1D, 0x21, 0xCE, 0x2B, 0x4E, 0x1B, 0xB8, 0xCB, 0xDD, 0x24, 0xEE, |
|
+ 0x99, 0x1D, 0x37, 0xDC, 0xED, 0x5F, 0x2F, 0x48, 0x5E, 0x33, 0x94, 0x06, |
|
+ 0x19, 0xCD, 0x5A, 0x26, 0x85, 0x77, 0x9D, 0xAF, 0x86, 0x97, 0xC9, 0x08, |
|
+ 0xD5, 0x81, 0x0E, 0xB8, 0x9F, 0xB6, 0xAF, 0x20, 0x72, 0xDC, 0x13, 0x4D, |
|
+ 0x7A, 0xE4, 0x5C, 0x81, 0xDE, 0xC0, 0x3D, 0x19, 0x9C, 0x33, 0x11, 0x07, |
|
+ 0xD5, 0xA9, 0x51, 0x67, 0xCD, 0xFD, 0x37, 0x61, 0x14, 0x9F, 0xE7, 0x70, |
|
+ 0x18, 0x32, 0xC3, 0x34, 0x54, 0x0D, 0x4F, 0xB4, 0xAE, 0x9F, 0xEC, 0x64, |
|
+ 0xD8, 0xB2, 0x16, 0xA4, 0xB2, 0x99, 0x92, 0xCB, 0x7F, 0x1F, 0x06, 0x17, |
|
+ 0x5F, 0xA1, 0x07, 0x68, 0xAE, 0xA7, 0x2D, 0x03, 0x91, 0x2A, 0x9D, 0x69, |
|
+ 0xC2, 0x9D, 0x90, 0xF7, 0xF9, 0x66, 0x5D, 0x13, 0xB7, 0x7F, 0xD3, 0x97, |
|
+ 0x45, 0x97, 0x43, 0xD8, 0xCE, 0x3C, 0xF2, 0x98, 0x98, 0xDD, 0xE2, 0x2D, |
|
+ 0xCF, 0xA1, 0xC4, 0x25, 0x46, 0x2E, 0xD2, 0xE5, 0x5F, 0xC6, 0x01, 0xC5, |
|
+ 0x4F, 0x42, 0x2B, 0xDE, 0x0F, 0xEA, 0x4A, 0x4F, 0xC3, 0x5B, 0xDF, 0x9B, |
|
+ 0x5D, 0x30, 0x18, 0x93, 0xD0, 0xDE, 0xC5, 0x09, 0xAA, 0x57, 0x57, 0xBD, |
|
+ 0x2D, 0x84, 0x03, 0xB7 |
|
}; |
|
|
|
static const unsigned char kat_RSA_PSS_SHA256[] = { |
|
- 0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0, 0x31, 0xE3, 0x89, |
|
- 0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25, 0x9A, 0xF3, 0x8F, |
|
- 0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D, 0x7D, 0x73, 0x28, |
|
- 0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3, 0x96, 0x73, 0x4E, |
|
- 0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D, 0x49, 0x47, 0x05, |
|
- 0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D, 0x6D, 0x26, 0xBA, |
|
- 0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A, 0xF3, 0xDA, 0xB6, |
|
- 0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F, 0x56, 0xCD, 0x9F, |
|
- 0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47, 0x12, 0xE4, 0x6D, |
|
- 0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E, 0x49, 0xB9, 0xF6, |
|
- 0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C |
|
+ 0x38, 0xDA, 0x99, 0x51, 0x26, 0x38, 0xC6, 0x7F, 0xC4, 0x81, 0x57, 0x19, |
|
+ 0x35, 0xC6, 0xF6, 0x1E, 0x90, 0x47, 0x20, 0x55, 0x47, 0x56, 0x26, 0xE9, |
|
+ 0xF2, 0xA8, 0x39, 0x6C, 0xD5, 0xCD, 0xCB, 0x55, 0xFC, 0x0C, 0xC5, 0xCB, |
|
+ 0xF7, 0x40, 0x17, 0x3B, 0xCF, 0xE4, 0x05, 0x03, 0x3B, 0xA0, 0xB2, 0xC9, |
|
+ 0x0D, 0x5E, 0x48, 0x3A, 0xE9, 0xAD, 0x28, 0x71, 0x7D, 0x8F, 0x89, 0x16, |
|
+ 0x59, 0x93, 0x35, 0xDC, 0x4D, 0x7B, 0xDF, 0x84, 0xE4, 0x68, 0xAA, 0x33, |
|
+ 0xAA, 0xDC, 0x66, 0x50, 0xC8, 0xA9, 0x32, 0x12, 0xDC, 0xC6, 0x90, 0x49, |
|
+ 0x0B, 0x75, 0xFF, 0x9B, 0x95, 0x00, 0x9A, 0x90, 0xE0, 0xD4, 0x0E, 0x67, |
|
+ 0xAB, 0x3C, 0x47, 0x36, 0xC5, 0x2E, 0x1C, 0x46, 0xF0, 0x2D, 0xD3, 0x8B, |
|
+ 0x42, 0x08, 0xDE, 0x0D, 0xB6, 0x2C, 0x86, 0xB0, 0x35, 0x71, 0x18, 0x6B, |
|
+ 0x89, 0x67, 0xC0, 0x05, 0xAD, 0xF4, 0x1D, 0x62, 0x4E, 0x75, 0xEC, 0xD6, |
|
+ 0xC2, 0xDB, 0x07, 0xB0, 0xB6, 0x8D, 0x15, 0xAD, 0xCD, 0xBF, 0xF5, 0x60, |
|
+ 0x76, 0xAE, 0x48, 0xB8, 0x77, 0x7F, 0xC5, 0x01, 0xD9, 0x29, 0xBB, 0xD6, |
|
+ 0x17, 0xA2, 0x20, 0x5A, 0xC0, 0x4A, 0x3B, 0x34, 0xC8, 0xB9, 0x39, 0xCF, |
|
+ 0x06, 0x89, 0x95, 0x6F, 0xC7, 0xCA, 0xC4, 0xE4, 0x43, 0xDF, 0x5A, 0x23, |
|
+ 0xE2, 0x89, 0xA3, 0x38, 0x78, 0x31, 0x38, 0xC6, 0xA4, 0x6F, 0x5F, 0x73, |
|
+ 0x5A, 0xE5, 0x9E, 0x09, 0xE7, 0x6F, 0xD4, 0xF8, 0x3E, 0xB7, 0xB0, 0x56, |
|
+ 0x9A, 0xF3, 0x65, 0xF0, 0xC2, 0xA6, 0x8A, 0x08, 0xBA, 0x44, 0xAC, 0x97, |
|
+ 0xDE, 0xB4, 0x16, 0x83, 0xDF, 0xE3, 0xEE, 0x71, 0xFA, 0xF9, 0x51, 0x50, |
|
+ 0x14, 0xDC, 0xFD, 0x6A, 0x82, 0x20, 0x68, 0x64, 0x7D, 0x4E, 0x82, 0x68, |
|
+ 0xD7, 0x45, 0xFA, 0x6A, 0xE4, 0xE5, 0x29, 0x3A, 0x70, 0xFB, 0xE4, 0x62, |
|
+ 0x2B, 0x31, 0xB9, 0x7D |
|
}; |
|
|
|
static const unsigned char kat_RSA_PSS_SHA384[] = { |
|
- 0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4, 0x31, 0xA8, 0xF2, |
|
- 0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57, 0x45, 0xCD, 0x5E, |
|
- 0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71, 0x44, 0x9A, 0xCD, |
|
- 0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F, 0x78, 0x23, 0x7F, |
|
- 0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31, 0xDC, 0x42, 0x6C, |
|
- 0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3, 0xAC, 0x4F, 0xFB, |
|
- 0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF, 0xD9, 0x3D, 0x2F, |
|
- 0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32, 0xAD, 0x42, 0x89, |
|
- 0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87, 0x1F, 0xCA, 0x6F, |
|
- 0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E, 0x60, 0xF4, 0x55, |
|
- 0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1 |
|
+ 0x99, 0x02, 0xC9, 0x1E, 0x31, 0x82, 0xB4, 0xE6, 0x1B, 0x32, 0xCE, 0x5D, |
|
+ 0x41, 0x1D, 0x00, 0x2F, 0x04, 0x8B, 0xBD, 0x37, 0x79, 0xCF, 0x77, 0x03, |
|
+ 0x05, 0x6A, 0x21, 0xC7, 0x8D, 0x24, 0x60, 0x49, 0x39, 0x58, 0xC5, 0x27, |
|
+ 0x8F, 0xC5, 0x97, 0x4A, 0xB2, 0xE1, 0xD4, 0x36, 0x57, 0xBD, 0x43, 0xCC, |
|
+ 0x7B, 0xCE, 0xF2, 0xA5, 0x30, 0xF8, 0x72, 0x14, 0xBB, 0xD0, 0x9F, 0xC1, |
|
+ 0x49, 0xC8, 0x1C, 0xAF, 0xCD, 0x95, 0x78, 0x72, 0x25, 0xF9, 0x45, 0xC6, |
|
+ 0x5B, 0x62, 0x5E, 0x01, 0xD7, 0x40, 0x5E, 0xC8, 0xCA, 0x0A, 0xF3, 0xBA, |
|
+ 0x08, 0x07, 0x88, 0xCA, 0x49, 0x36, 0x84, 0x7D, 0xF6, 0xFC, 0x5A, 0xDB, |
|
+ 0xFC, 0x50, 0xD3, 0xEB, 0x3D, 0x83, 0xB0, 0xF5, 0x94, 0x5E, 0x88, 0xC3, |
|
+ 0x82, 0xCD, 0x53, 0x40, 0x96, 0x18, 0x6B, 0x4A, 0x6C, 0x9C, 0xFE, 0xE5, |
|
+ 0x3B, 0x75, 0xF9, 0xEB, 0xA5, 0x77, 0x11, 0xEF, 0x88, 0x1C, 0x25, 0x70, |
|
+ 0x7D, 0x88, 0x5D, 0xC3, 0xCA, 0xE1, 0x49, 0x14, 0x90, 0xAD, 0xF2, 0x5E, |
|
+ 0x49, 0xD7, 0x99, 0xA5, 0x7B, 0x77, 0x3B, 0x8E, 0xB8, 0xDB, 0xF1, 0x4C, |
|
+ 0xD6, 0x9A, 0xDC, 0xE5, 0x7A, 0x1C, 0xE1, 0xCE, 0x9D, 0xF1, 0xF3, 0xA0, |
|
+ 0x0A, 0x35, 0x52, 0x9D, 0xB9, 0x46, 0x94, 0x82, 0x0F, 0xF7, 0xB2, 0x62, |
|
+ 0x51, 0x70, 0x75, 0xD2, 0x37, 0x96, 0x67, 0x2F, 0xD0, 0x22, 0xD8, 0x07, |
|
+ 0x8D, 0x69, 0x9E, 0x6D, 0x0B, 0x40, 0x4F, 0x70, 0xEC, 0x0B, 0xCA, 0x88, |
|
+ 0x80, 0x8D, 0x9A, 0xF4, 0xF9, 0x18, 0x50, 0x27, 0x08, 0xFA, 0xCC, 0xC7, |
|
+ 0x3F, 0xE4, 0x84, 0x83, 0xA1, 0xB6, 0x1D, 0x23, 0x34, 0xFE, 0x48, 0xE5, |
|
+ 0xE3, 0xAE, 0x4D, 0x98, 0xBC, 0xA6, 0x8A, 0x9F, 0xFD, 0x4D, 0xDB, 0x9D, |
|
+ 0xF7, 0xEB, 0x4E, 0xB6, 0x6F, 0x25, 0xEA, 0x7A, 0xE9, 0x85, 0xB2, 0xEF, |
|
+ 0x90, 0xD2, 0xA6, 0x2B |
|
}; |
|
|
|
static const unsigned char kat_RSA_PSS_SHA512[] = { |
|
- 0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57, 0xAE, 0x63, 0x8C, |
|
- 0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F, 0x12, 0x53, 0x9A, |
|
- 0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51, 0xED, 0x9E, 0xDD, |
|
- 0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60, 0x79, 0x23, 0x39, |
|
- 0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67, 0x5F, 0xFE, 0xD7, |
|
- 0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D, 0x78, 0x55, 0x61, |
|
- 0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20, 0xB0, 0x85, 0x13, |
|
- 0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A, 0x6A, 0x39, 0x63, |
|
- 0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF, 0xF4, 0xA8, 0xFE, |
|
- 0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F, 0x80, 0xC2, 0x88, |
|
- 0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B |
|
+ 0x3F, 0x83, 0x43, 0x78, 0x25, 0xBE, 0x81, 0xB2, 0x6E, 0x78, 0x11, 0x32, |
|
+ 0xD0, 0x88, 0x05, 0x53, 0x95, 0xED, 0x81, 0x12, 0xCE, 0x50, 0xD9, 0x06, |
|
+ 0x42, 0x89, 0xA0, 0x55, 0x7A, 0x05, 0x13, 0x94, 0x35, 0x9B, 0xCA, 0x5D, |
|
+ 0xCB, 0xB2, 0x32, 0xE1, 0x04, 0x99, 0xEC, 0xE7, 0xA6, 0x69, 0x4D, 0x2B, |
|
+ 0xC1, 0x57, 0x13, 0x48, 0x0D, 0x6B, 0x4D, 0x83, 0x28, 0x06, 0x79, 0x9D, |
|
+ 0xB4, 0x70, 0xCE, 0xC0, 0xFC, 0x3B, 0x69, 0xB3, 0x91, 0x54, 0xA9, 0x44, |
|
+ 0x2E, 0xDA, 0x4A, 0xC5, 0xC2, 0x99, 0xF0, 0xDE, 0xCA, 0x77, 0x99, 0x6B, |
|
+ 0x0C, 0x79, 0xE5, 0x29, 0x74, 0x83, 0x69, 0xEA, 0xB8, 0x72, 0x30, 0x3D, |
|
+ 0x7A, 0x30, 0xE1, 0x03, 0x7B, 0x09, 0xE6, 0x11, 0xC0, 0xDC, 0xFF, 0xFD, |
|
+ 0xBD, 0xEC, 0x9C, 0xCC, 0x46, 0x7B, 0x4C, 0x4C, 0x59, 0xBE, 0x82, 0x7C, |
|
+ 0xF5, 0x60, 0x5A, 0xC3, 0xE8, 0xA8, 0x8A, 0x38, 0x9E, 0x01, 0x57, 0xF1, |
|
+ 0x79, 0x3A, 0x7C, 0xA3, 0x9F, 0x12, 0x1A, 0x4F, 0x2E, 0xA2, 0xE5, 0x0A, |
|
+ 0xAB, 0xC0, 0xF4, 0xA5, 0xE3, 0x5F, 0x89, 0x1C, 0x8F, 0xA4, 0x5E, 0xCE, |
|
+ 0x0D, 0x91, 0x05, 0x1B, 0x17, 0x62, 0x48, 0xFE, 0xA5, 0x4C, 0xEF, 0x2D, |
|
+ 0x28, 0xF1, 0x5E, 0xE6, 0xD1, 0x30, 0x89, 0x0A, 0xAD, 0x18, 0xAF, 0x6F, |
|
+ 0x04, 0x09, 0x36, 0x9A, 0xFF, 0xCA, 0xA1, 0xA7, 0x05, 0x7F, 0xD4, 0xBF, |
|
+ 0x3A, 0xB5, 0x42, 0x6D, 0xE9, 0x07, 0x29, 0x65, 0x8B, 0xAD, 0x4D, 0x0F, |
|
+ 0x22, 0xE1, 0x59, 0x43, 0x68, 0x87, 0xA8, 0x8B, 0xBC, 0x69, 0xA1, 0x94, |
|
+ 0x22, 0x3E, 0x8A, 0x49, 0xE8, 0xA3, 0x6F, 0xC2, 0x93, 0x58, 0xE7, 0xAE, |
|
+ 0xC9, 0x1F, 0xCF, 0x61, 0x93, 0xFC, 0xC1, 0xF6, 0xF3, 0x27, 0x7F, 0x0A, |
|
+ 0x90, 0xE0, 0x65, 0x32, 0x57, 0x47, 0xE2, 0xED, 0x08, 0x59, 0xA6, 0xF0, |
|
+ 0x17, 0x2C, 0x13, 0xE0 |
|
}; |
|
|
|
static const unsigned char kat_RSA_SHA1[] = { |
|
- 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C, |
|
- 0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B, |
|
- 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55, 0x77, 0x90, 0xCF, |
|
- 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8, |
|
- 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1, |
|
- 0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA, |
|
- 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E, 0xCA, 0x2E, 0x4E, |
|
- 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F, |
|
- 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F, |
|
- 0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95, |
|
- 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4 |
|
+ 0x3B, 0x60, 0x4B, 0xFC, 0x54, 0x28, 0x23, 0xE6, 0x2F, 0x05, 0x04, 0xBA, |
|
+ 0x9D, 0xE4, 0x3C, 0xB8, 0x5B, 0x60, 0x5C, 0xCD, 0x9D, 0xEA, 0xC3, 0x4C, |
|
+ 0xC2, 0x33, 0xE6, 0xC6, 0x21, 0x48, 0x76, 0xEC, 0xB2, 0xF5, 0x11, 0xDE, |
|
+ 0x44, 0xB4, 0xAF, 0x16, 0x11, 0xC3, 0x18, 0x16, 0xB3, 0x69, 0xBB, 0x94, |
|
+ 0xED, 0xE8, 0xB3, 0x9E, 0xB1, 0x43, 0x8E, 0xCE, 0xB4, 0x34, 0x9B, 0x08, |
|
+ 0x22, 0xAF, 0x31, 0x73, 0xB5, 0xFA, 0x11, 0x7E, 0x8F, 0x13, 0x52, 0xEC, |
|
+ 0xC9, 0x03, 0xEE, 0x0D, 0x2B, 0x91, 0x32, 0xF2, 0x8E, 0xDF, 0x02, 0xE0, |
|
+ 0x0A, 0x47, 0xD2, 0x0A, 0x51, 0x00, 0x1A, 0x30, 0x6F, 0x0C, 0xB3, 0x54, |
|
+ 0x64, 0x20, 0x90, 0x0C, 0x01, 0xBE, 0xC0, 0x42, 0x8C, 0x5D, 0x18, 0x6F, |
|
+ 0x32, 0x75, 0x45, 0x7B, 0x1C, 0x04, 0xA2, 0x9F, 0x84, 0xD7, 0xF5, 0x3A, |
|
+ 0x95, 0xD4, 0xE8, 0x8D, 0xEC, 0x99, 0xEF, 0x18, 0x5E, 0x64, 0xD3, 0xAF, |
|
+ 0xF8, 0xD4, 0xFF, 0x3C, 0x87, 0xA0, 0x3F, 0xC7, 0x22, 0x05, 0xFD, 0xFD, |
|
+ 0x29, 0x8A, 0x28, 0xDA, 0xA9, 0x8A, 0x8B, 0x23, 0x62, 0x9D, 0x42, 0xB8, |
|
+ 0x4A, 0x76, 0x0D, 0x9F, 0x9A, 0xE0, 0xE6, 0xDD, 0xAD, 0x5E, 0x5F, 0xD5, |
|
+ 0x32, 0xE9, 0x4B, 0x97, 0x7D, 0x62, 0x0A, 0xB3, 0xBE, 0xF2, 0x8C, 0x1F, |
|
+ 0x2B, 0x22, 0x06, 0x15, 0x33, 0x71, 0xED, 0x9B, 0xA0, 0x82, 0xCE, 0xBF, |
|
+ 0x3B, 0x08, 0x5F, 0xA7, 0x20, 0x94, 0x09, 0xEB, 0x82, 0xA5, 0x41, 0x60, |
|
+ 0xF1, 0x08, 0xEB, 0x8D, 0xCC, 0x8D, 0xC9, 0x52, 0x0A, 0xAF, 0xF4, 0xF9, |
|
+ 0x9F, 0x82, 0xD8, 0x0B, 0x75, 0x5E, 0xE4, 0xAF, 0x65, 0x96, 0xAF, 0xFC, |
|
+ 0x33, 0xBF, 0x9F, 0x3E, 0xA4, 0x7B, 0x86, 0xC7, 0xF7, 0x47, 0xAB, 0x37, |
|
+ 0x05, 0xD6, 0x0D, 0x31, 0x72, 0x8C, 0x80, 0x1E, 0xA9, 0x54, 0xFC, 0xDF, |
|
+ 0x27, 0x90, 0xE2, 0x01 |
|
}; |
|
|
|
static const unsigned char kat_RSA_SHA224[] = { |
|
- 0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB, 0xB7, 0x15, 0xF9, |
|
- 0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0, 0xA9, 0x18, 0x8D, |
|
- 0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5, 0x1A, 0xC5, 0x89, |
|
- 0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30, 0x2C, 0x9E, 0xCD, |
|
- 0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6, 0x45, 0x41, 0xE5, |
|
- 0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E, 0x0B, 0xA9, 0xCC, |
|
- 0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84, 0x02, 0xC6, 0x3B, |
|
- 0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91, 0x28, 0x3E, 0xB2, |
|
- 0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0, 0x66, 0xE6, 0x35, |
|
- 0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77, 0x82, 0xE6, 0xDC, |
|
- 0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D |
|
+ 0xA2, 0xD8, 0x42, 0x53, 0xDD, 0xBF, 0x1F, 0x6B, 0x07, 0xE0, 0x60, 0x86, |
|
+ 0x5A, 0x60, 0x06, 0x8F, 0x44, 0xD9, 0xB0, 0x4A, 0xAA, 0x90, 0x71, 0xB8, |
|
+ 0xB2, 0xBC, 0x30, 0x41, 0x50, 0xBB, 0xFD, 0x46, 0x98, 0x4D, 0xC0, 0x89, |
|
+ 0x57, 0x85, 0x8A, 0x97, 0x49, 0x25, 0xA8, 0x0C, 0x69, 0x70, 0x19, 0x39, |
|
+ 0x66, 0x24, 0xB4, 0x69, 0x47, 0xD2, 0x7C, 0xDE, 0x2D, 0x37, 0x59, 0xB3, |
|
+ 0xE3, 0xC7, 0x6B, 0xDD, 0xBE, 0xE1, 0xE6, 0x28, 0x9A, 0x8D, 0x42, 0x3E, |
|
+ 0x28, 0x01, 0xD7, 0x03, 0xC9, 0x73, 0xC3, 0x6B, 0x03, 0xEC, 0x1E, 0xF8, |
|
+ 0x53, 0x8B, 0x52, 0x42, 0x89, 0x55, 0xB7, 0x87, 0xA9, 0x94, 0xC2, 0xB4, |
|
+ 0x4B, 0x76, 0xF5, 0x61, 0x47, 0xE1, 0x44, 0x7B, 0xEC, 0xB4, 0x25, 0x66, |
|
+ 0xC0, 0xFF, 0xEB, 0x86, 0x24, 0xAA, 0xA8, 0x72, 0xC7, 0xFB, 0xFB, 0xF6, |
|
+ 0x84, 0xA7, 0x5B, 0xD4, 0x87, 0xE5, 0x84, 0x56, 0x1E, 0x4C, 0xE5, 0xBC, |
|
+ 0x87, 0x94, 0xAC, 0x9C, 0x1B, 0x3D, 0xF7, 0xD4, 0x36, 0x85, 0x9F, 0xC9, |
|
+ 0xF6, 0x43, 0x3F, 0xB6, 0x25, 0x33, 0x48, 0x0F, 0xE5, 0x7C, 0xCD, 0x53, |
|
+ 0x48, 0xEB, 0x02, 0x11, 0xB9, 0x9E, 0xC3, 0xB4, 0xE1, 0x54, 0xD6, 0xAA, |
|
+ 0x1A, 0x9E, 0x10, 0xE1, 0x27, 0x25, 0xF2, 0xE1, 0xAB, 0xAB, 0x6C, 0x45, |
|
+ 0x61, 0xD5, 0xA3, 0x6C, 0xB6, 0x33, 0x52, 0xAE, 0x3D, 0xFD, 0x22, 0xFC, |
|
+ 0x3A, 0xAB, 0x63, 0x94, 0xB5, 0x3A, 0x69, 0x11, 0xAC, 0x99, 0x4F, 0x33, |
|
+ 0x67, 0x0A, 0x1A, 0x70, 0x1E, 0xB9, 0xE2, 0x26, 0x27, 0x68, 0xEA, 0xF5, |
|
+ 0x97, 0x55, 0xAC, 0x83, 0x6A, 0x40, 0x3B, 0x56, 0xAE, 0x13, 0x88, 0xE8, |
|
+ 0x98, 0x72, 0x52, 0x91, 0x7F, 0x78, 0x0A, 0x18, 0xD4, 0x44, 0x78, 0x83, |
|
+ 0x0D, 0x44, 0x77, 0xA6, 0xF3, 0x04, 0xF1, 0x8C, 0xBC, 0x2F, 0xF9, 0x5B, |
|
+ 0xDB, 0x70, 0x00, 0xF6 |
|
}; |
|
|
|
static const unsigned char kat_RSA_SHA256[] = { |
|
- 0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05, 0x17, 0xA5, 0x23, |
|
- 0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20, 0x7B, 0xAA, 0x23, |
|
- 0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE, 0xAD, 0x6F, 0x35, |
|
- 0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17, 0x58, 0xB2, 0x6E, |
|
- 0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A, 0x90, 0x2D, 0x18, |
|
- 0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58, 0x7A, 0x91, 0x30, |
|
- 0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF, 0xE2, 0x80, 0x3A, |
|
- 0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE, 0x81, 0xA6, 0x38, |
|
- 0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C, 0xEE, 0xD1, 0xDA, |
|
- 0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1, 0x90, 0x27, 0x90, |
|
- 0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A |
|
+ 0xC2, 0xB1, 0x97, 0x00, 0x9A, 0xE5, 0x80, 0x6A, 0xE2, 0x51, 0x68, 0xB9, |
|
+ 0x7A, 0x0C, 0xF2, 0xB4, 0x77, 0xED, 0x15, 0x0C, 0x4E, 0xE1, 0xDC, 0xFF, |
|
+ 0x8E, 0xBC, 0xDE, 0xC7, 0x9A, 0x96, 0xF1, 0x47, 0x45, 0x24, 0x9D, 0x6F, |
|
+ 0xA6, 0xF3, 0x1D, 0x0D, 0x35, 0x4C, 0x1A, 0xF3, 0x58, 0x2C, 0x6C, 0x06, |
|
+ 0xD6, 0x22, 0x37, 0x77, 0x8C, 0x33, 0xE5, 0x07, 0x53, 0x93, 0x28, 0xCF, |
|
+ 0x67, 0xFA, 0xC4, 0x1F, 0x1B, 0x24, 0xDB, 0x4C, 0xC5, 0x2A, 0x51, 0xA2, |
|
+ 0x60, 0x15, 0x8C, 0x54, 0xB4, 0x30, 0xE2, 0x24, 0x47, 0x86, 0xF2, 0xF8, |
|
+ 0x6C, 0xD6, 0x12, 0x59, 0x2C, 0x74, 0x9A, 0x37, 0xF3, 0xC4, 0xA2, 0xD5, |
|
+ 0x4E, 0x1F, 0x77, 0xF0, 0x27, 0xCE, 0x77, 0xF8, 0x4A, 0x79, 0x03, 0xBE, |
|
+ 0xC8, 0x06, 0x2D, 0xA7, 0xA6, 0x46, 0xF5, 0x55, 0x79, 0xD7, 0x5C, 0xC6, |
|
+ 0x5B, 0xB1, 0x00, 0x4E, 0x7C, 0xD9, 0x11, 0x85, 0xE0, 0xB1, 0x4D, 0x2D, |
|
+ 0x13, 0xD7, 0xAC, 0xEA, 0x64, 0xD1, 0xAC, 0x8F, 0x8D, 0x8F, 0xEA, 0x42, |
|
+ 0x7F, 0xF9, 0xB7, 0x7D, 0x2C, 0x68, 0x49, 0x07, 0x7A, 0x74, 0xEF, 0xB4, |
|
+ 0xC9, 0x97, 0x16, 0x5C, 0x6C, 0x6E, 0x5C, 0x09, 0x2E, 0x8E, 0x13, 0x2E, |
|
+ 0x1A, 0x8D, 0xA6, 0x0C, 0x6E, 0x0C, 0x1C, 0x0F, 0xCC, 0xB2, 0x78, 0x8A, |
|
+ 0x07, 0xFC, 0x5C, 0xC2, 0xF5, 0x65, 0xEC, 0xAB, 0x8B, 0x3C, 0xCA, 0x91, |
|
+ 0x6F, 0x84, 0x7C, 0x21, 0x0E, 0xB8, 0xDA, 0x7B, 0x6C, 0xF7, 0xDF, 0xAB, |
|
+ 0x7E, 0x15, 0xFD, 0x85, 0x0B, 0x33, 0x9B, 0x6A, 0x3A, 0xC3, 0xEF, 0x65, |
|
+ 0x04, 0x6E, 0xB2, 0xAC, 0x98, 0xFD, 0xEB, 0x02, 0xF5, 0xC0, 0x0B, 0x5E, |
|
+ 0xCB, 0xD4, 0x83, 0x82, 0x18, 0x1B, 0xDA, 0xB4, 0xCD, 0xE8, 0x71, 0x6B, |
|
+ 0x1D, 0xB5, 0x4F, 0xE9, 0xD6, 0x43, 0xA0, 0x0A, 0x14, 0xA0, 0xE7, 0x5D, |
|
+ 0x47, 0x9D, 0x18, 0xD7 |
|
}; |
|
|
|
static const unsigned char kat_RSA_SHA384[] = { |
|
- 0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27, 0xEF, 0xE6, 0x1F, |
|
- 0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63, 0x56, 0x47, 0xC7, |
|
- 0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA, 0xFA, 0x5D, 0x5C, |
|
- 0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D, 0xA9, 0xA6, 0x55, |
|
- 0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28, 0x7F, 0xB6, 0xCF, |
|
- 0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19, 0x2B, 0x30, 0xC2, |
|
- 0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2, 0x7D, 0xEB, 0x8C, |
|
- 0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F, 0x8B, 0x9C, 0xCD, |
|
- 0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0, 0x8F, 0x99, 0xF1, |
|
- 0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E, 0x37, 0xDC, 0x04, |
|
- 0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF |
|
+ 0x11, 0x5E, 0x63, 0xFE, 0x47, 0xAA, 0x6A, 0x84, 0xEB, 0x44, 0x9A, 0x00, |
|
+ 0x96, 0x4A, 0xED, 0xD2, 0xA7, 0x67, 0x3A, 0x64, 0x82, 0x30, 0x61, 0x2D, |
|
+ 0xE3, 0xF5, 0x49, 0x68, 0x5E, 0x60, 0xD2, 0x4D, 0xEF, 0xF2, 0xA4, 0xB2, |
|
+ 0x9A, 0x81, 0x1D, 0x41, 0xA5, 0x73, 0x59, 0xEB, 0xBB, 0xC4, 0x9E, 0x2B, |
|
+ 0xEB, 0xC3, 0xDE, 0x3A, 0xEA, 0xF5, 0xAD, 0xDA, 0x87, 0x08, 0x68, 0xCF, |
|
+ 0x12, 0x9B, 0xC1, 0xE4, 0xA7, 0x71, 0xF8, 0xBD, 0x6B, 0x6F, 0x50, 0xF1, |
|
+ 0xD1, 0xFF, 0xCE, 0x6C, 0xD9, 0xBE, 0xDA, 0x76, 0xF3, 0xEB, 0xAB, 0x9C, |
|
+ 0x41, 0x6E, 0x4F, 0x35, 0x7A, 0x61, 0x27, 0xBC, 0x03, 0x3E, 0xAE, 0x3E, |
|
+ 0x1B, 0xDD, 0xAC, 0xD9, 0x1A, 0xFF, 0xD3, 0xF5, 0x66, 0x43, 0x07, 0x76, |
|
+ 0x8A, 0x69, 0x2D, 0x14, 0xB1, 0xBE, 0x55, 0x49, 0x90, 0x89, 0x4B, 0xC4, |
|
+ 0x11, 0x67, 0xD5, 0x9D, 0xB0, 0xB2, 0xEE, 0x8D, 0x0A, 0x47, 0x4A, 0xD9, |
|
+ 0x0E, 0xD1, 0x24, 0xF0, 0x30, 0x2B, 0xF2, 0x79, 0x47, 0xDB, 0x70, 0xB4, |
|
+ 0x46, 0xF2, 0xF8, 0xB7, 0xB4, 0xF6, 0x34, 0x79, 0xA8, 0x2D, 0x3D, 0x56, |
|
+ 0xD5, 0x9A, 0x60, 0x7A, 0x04, 0xC7, 0x66, 0x1D, 0xCD, 0x3C, 0xD5, 0x39, |
|
+ 0x37, 0x12, 0x51, 0x5E, 0x9F, 0xF8, 0x1A, 0xAF, 0x13, 0xC1, 0x13, 0x00, |
|
+ 0x35, 0xD5, 0x8D, 0x17, 0xE3, 0x02, 0x28, 0xD9, 0xEC, 0xDE, 0xD1, 0x2F, |
|
+ 0x93, 0x49, 0x03, 0x11, 0x3E, 0x56, 0x9D, 0xC2, 0x31, 0xF8, 0xAF, 0x2D, |
|
+ 0xD9, 0x99, 0xB7, 0x8A, 0xAC, 0x5A, 0x86, 0x20, 0x3A, 0x83, 0x29, 0x26, |
|
+ 0x9D, 0x03, 0x52, 0x2B, 0x34, 0x56, 0x40, 0x16, 0x53, 0x50, 0x82, 0xC9, |
|
+ 0xC7, 0xD5, 0x51, 0x4C, 0xED, 0xB3, 0xE2, 0xE1, 0xCF, 0xA8, 0xCE, 0xBD, |
|
+ 0xB1, 0x48, 0xA6, 0x8A, 0x79, 0x17, 0x55, 0x11, 0xEF, 0xE8, 0x14, 0xF4, |
|
+ 0x7E, 0x37, 0x1D, 0x96 |
|
}; |
|
|
|
static const unsigned char kat_RSA_SHA512[] = { |
|
- 0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16, 0x51, 0x5D, 0xCF, |
|
- 0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40, 0xF8, 0xB2, 0x9A, |
|
- 0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82, 0x6B, 0x32, 0xF1, |
|
- 0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C, 0x54, 0x9F, 0xD8, |
|
- 0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6, 0x53, 0x62, 0xB5, |
|
- 0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4, 0x75, 0x92, 0x6B, |
|
- 0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B, 0x1D, 0x47, 0xE6, |
|
- 0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16, 0x63, 0x84, 0x05, |
|
- 0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64, 0x71, 0xE0, 0x2D, |
|
- 0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB, 0x98, 0x65, 0x91, |
|
- 0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84 |
|
+ 0x35, 0x6D, 0xF1, 0x9E, 0xCF, 0xB1, 0xF6, 0x0C, 0x04, 0x21, 0x17, 0xB3, |
|
+ 0xC4, 0x9D, 0xFE, 0x62, 0x1C, 0x1A, 0x45, 0x00, 0x2E, 0x6B, 0xB6, 0x9F, |
|
+ 0x5C, 0xB1, 0xCB, 0xCF, 0xF9, 0x67, 0xEA, 0x62, 0x8A, 0xEB, 0x77, 0x02, |
|
+ 0x42, 0x30, 0x88, 0xB1, 0x48, 0xDF, 0x12, 0x60, 0x6E, 0x92, 0xBB, 0x4B, |
|
+ 0x09, 0x68, 0xD1, 0x70, 0x2B, 0x59, 0xEE, 0x57, 0x96, 0xF9, 0xEA, 0xA3, |
|
+ 0x4C, 0xE9, 0xC9, 0xBD, 0x25, 0x34, 0x66, 0x15, 0x6C, 0xC9, 0x81, 0xD1, |
|
+ 0x48, 0x0F, 0x33, 0x5F, 0x05, 0x4F, 0xC2, 0xC4, 0xDD, 0x09, 0x54, 0x79, |
|
+ 0xA1, 0x57, 0x07, 0x70, 0xA0, 0x33, 0x02, 0x4D, 0x5D, 0xE9, 0x24, 0xD1, |
|
+ 0xEF, 0xF0, 0x61, 0xD0, 0x1D, 0x41, 0xE2, 0x9B, 0x2B, 0x7C, 0xD0, 0x4E, |
|
+ 0x55, 0xD9, 0x6D, 0xA1, 0x16, 0x9F, 0xDA, 0xC3, 0x3B, 0xF1, 0x74, 0xD1, |
|
+ 0x99, 0xF1, 0x63, 0x57, 0xAD, 0xC7, 0x55, 0xF4, 0x97, 0x43, 0x1C, 0xED, |
|
+ 0x1B, 0x7A, 0x32, 0xCB, 0x24, 0xA6, 0x3D, 0x93, 0x37, 0x90, 0x74, 0xEE, |
|
+ 0xD2, 0x8D, 0x4B, 0xBC, 0x72, 0xDA, 0x25, 0x2B, 0x64, 0xE9, 0xCA, 0x69, |
|
+ 0x36, 0xB6, 0xEC, 0x6E, 0x8F, 0x33, 0x0E, 0x74, 0x40, 0x48, 0x51, 0xE2, |
|
+ 0x54, 0x6F, 0xAF, 0x6E, 0x36, 0x54, 0x3A, 0xEC, 0x78, 0x37, 0xE6, 0x1F, |
|
+ 0x76, 0xA5, 0x4D, 0xA6, 0xD9, 0xB3, 0x6B, 0x17, 0x6D, 0x61, 0xFC, 0xA3, |
|
+ 0x85, 0x4A, 0xCC, 0xDA, 0x52, 0xAC, 0x5B, 0xDA, 0x51, 0xE5, 0x7F, 0x5B, |
|
+ 0x52, 0x8B, 0x74, 0x75, 0x99, 0x5C, 0x01, 0xFD, 0x25, 0x3E, 0xCD, 0x86, |
|
+ 0x6F, 0x7A, 0xC0, 0xD8, 0x17, 0x6F, 0xD1, 0xD2, 0x6B, 0xAB, 0x14, 0x1F, |
|
+ 0x3B, 0xB8, 0x15, 0x05, 0x86, 0x40, 0x36, 0xCF, 0xDA, 0x59, 0x2B, 0x9A, |
|
+ 0xE9, 0x1E, 0x6E, 0xD3, 0x6B, 0xA1, 0x19, 0xC5, 0xE6, 0x3F, 0xE9, 0x2E, |
|
+ 0x43, 0xA8, 0x34, 0x0A |
|
}; |
|
|
|
-static const unsigned char kat_RSA_X931_SHA1[] = { |
|
- 0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42, 0x45, 0x4D, 0xDF, |
|
- 0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD, 0xC4, 0xB2, 0x75, |
|
- 0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E, 0x14, 0xB8, 0xAC, |
|
- 0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04, 0xEE, 0xA9, 0x97, |
|
- 0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B, 0x38, 0xBE, 0xD6, |
|
- 0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1, 0x1A, 0x11, 0x19, |
|
- 0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63, 0x0C, 0x59, 0xD7, |
|
- 0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D, 0x24, 0x1C, 0x99, |
|
- 0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB, 0xEA, 0xED, 0x76, |
|
- 0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84, 0x1C, 0xB3, 0x67, |
|
- 0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49 |
|
-}; |
|
+static int fips_rsa_encrypt_test(RSA *rsa, const unsigned char *plaintext, int ptlen) |
|
+ { |
|
+ unsigned char *ctbuf = NULL, *ptbuf = NULL; |
|
+ int ret = 0; |
|
+ int len; |
|
|
|
-static const unsigned char kat_RSA_X931_SHA256[] = { |
|
- 0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F, 0x64, 0x54, 0x89, |
|
- 0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58, 0x92, 0x1C, 0xDD, |
|
- 0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05, 0x95, 0x73, 0xCF, |
|
- 0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8, 0x7B, 0xC8, 0x9B, |
|
- 0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13, 0xB8, 0xF0, 0x4B, |
|
- 0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4, 0x38, 0x0E, 0x98, |
|
- 0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E, 0x59, 0x01, 0xEC, |
|
- 0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46, 0x8D, 0xA0, 0x8C, |
|
- 0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35, 0xA1, 0x42, 0xBD, |
|
- 0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86, 0xF0, 0x5B, 0xDC, |
|
- 0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80 |
|
-}; |
|
+ ctbuf = OPENSSL_malloc(RSA_size(rsa)); |
|
+ if (!ctbuf) |
|
+ goto err; |
|
|
|
-static const unsigned char kat_RSA_X931_SHA384[] = { |
|
- 0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB, 0x7B, 0xEC, 0x7B, |
|
- 0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7, 0x39, 0x37, 0xCB, |
|
- 0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9, 0xBE, 0x2E, 0xE3, |
|
- 0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7, 0x4A, 0x63, 0xF6, |
|
- 0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99, 0x66, 0xEE, 0x31, |
|
- 0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E, 0x6D, 0x8D, 0xF1, |
|
- 0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0, 0x60, 0x41, 0x79, |
|
- 0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34, 0xD5, 0x7C, 0xFF, |
|
- 0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5, 0x12, 0x44, 0x35, |
|
- 0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5, 0xDC, 0xC6, 0x6D, |
|
- 0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28 |
|
-}; |
|
+ len = RSA_public_encrypt(ptlen, plaintext, ctbuf, rsa, RSA_PKCS1_PADDING); |
|
+ if (len <= 0) |
|
+ goto err; |
|
+ /* Check ciphertext doesn't match plaintext */ |
|
+ if (len >= ptlen && !memcmp(plaintext, ctbuf, ptlen)) |
|
+ goto err; |
|
|
|
-static const unsigned char kat_RSA_X931_SHA512[] = { |
|
- 0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64, 0x3A, 0xC1, 0x63, |
|
- 0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1, 0xD9, 0xDA, 0xAC, |
|
- 0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05, 0x9E, 0x77, 0xD7, |
|
- 0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E, 0xF9, 0x14, 0x28, |
|
- 0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA, 0xC7, 0xF8, 0xC5, |
|
- 0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34, 0x53, 0xD2, 0xAF, |
|
- 0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10, 0xE0, 0xF6, 0xD0, |
|
- 0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F, 0x46, 0x5F, 0x09, |
|
- 0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04, 0x2D, 0xFB, 0x7C, |
|
- 0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11, 0x30, 0x71, 0x1B, |
|
- 0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3 |
|
-}; |
|
+ ptbuf = OPENSSL_malloc(RSA_size(rsa)); |
|
+ if (!ptbuf) |
|
+ goto err; |
|
+ |
|
+ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING); |
|
+ if (len != ptlen) |
|
+ goto err; |
|
+ if (memcmp(ptbuf, plaintext, len)) |
|
+ goto err; |
|
+ |
|
+ ret = 1; |
|
|
|
+ err: |
|
+ if (ctbuf) |
|
+ OPENSSL_free(ctbuf); |
|
+ if (ptbuf) |
|
+ OPENSSL_free(ptbuf); |
|
+ return ret; |
|
+ } |
|
|
|
int FIPS_selftest_rsa() |
|
{ |
|
@@ -353,7 +487,7 @@ int FIPS_selftest_rsa() |
|
if ((pk=EVP_PKEY_new()) == NULL) |
|
goto err; |
|
|
|
- EVP_PKEY_assign_RSA(pk, key); |
|
+ EVP_PKEY_set1_RSA(pk, key); |
|
|
|
if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, |
|
kat_RSA_SHA1, sizeof(kat_RSA_SHA1), |
|
@@ -407,36 +541,15 @@ int FIPS_selftest_rsa() |
|
"RSA SHA512 PSS")) |
|
goto err; |
|
|
|
- |
|
- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, |
|
- kat_RSA_X931_SHA1, sizeof(kat_RSA_X931_SHA1), |
|
- EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, |
|
- "RSA SHA1 X931")) |
|
- goto err; |
|
- /* NB: SHA224 not supported in X9.31 */ |
|
- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, |
|
- kat_RSA_X931_SHA256, sizeof(kat_RSA_X931_SHA256), |
|
- EVP_sha256(), EVP_MD_CTX_FLAG_PAD_X931, |
|
- "RSA SHA256 X931")) |
|
- goto err; |
|
- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, |
|
- kat_RSA_X931_SHA384, sizeof(kat_RSA_X931_SHA384), |
|
- EVP_sha384(), EVP_MD_CTX_FLAG_PAD_X931, |
|
- "RSA SHA384 X931")) |
|
- goto err; |
|
- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, |
|
- kat_RSA_X931_SHA512, sizeof(kat_RSA_X931_SHA512), |
|
- EVP_sha512(), EVP_MD_CTX_FLAG_PAD_X931, |
|
- "RSA SHA512 X931")) |
|
+ if (!fips_rsa_encrypt_test(key, kat_tbs, sizeof(kat_tbs) - 1)) |
|
goto err; |
|
|
|
- |
|
ret = 1; |
|
|
|
err: |
|
if (pk) |
|
EVP_PKEY_free(pk); |
|
- else if (key) |
|
+ if (key) |
|
RSA_free(key); |
|
return ret; |
|
} |
|
diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-reqs openssl-1.0.1e/crypto/fips/Makefile |
|
--- openssl-1.0.1e/crypto/fips/Makefile.fips-reqs 2013-12-18 12:17:20.000000000 +0100 |
|
+++ openssl-1.0.1e/crypto/fips/Makefile 2013-12-18 17:14:20.348337362 +0100 |
|
@@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self |
|
fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ |
|
fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ |
|
fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \ |
|
- fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c |
|
+ fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c \ |
|
+ fips_dh_selftest.c |
|
|
|
LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \ |
|
fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \ |
|
fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \ |
|
fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \ |
|
- fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o |
|
+ fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o \ |
|
+ fips_dh_selftest.o |
|
|
|
LIBCRYPTO=-L.. -lcrypto |
|
|
|
diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/rand/md_rand.c |
|
--- openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs 2013-12-18 12:17:09.763636936 +0100 |
|
+++ openssl-1.0.1e/crypto/rand/md_rand.c 2013-12-18 12:17:09.800637730 +0100 |
|
@@ -143,12 +143,6 @@ static long md_count[2]={0,0}; |
|
static double entropy=0; |
|
static int initialized=0; |
|
|
|
-static unsigned int crypto_lock_rand = 0; /* may be set only when a thread |
|
- * holds CRYPTO_LOCK_RAND |
|
- * (to prevent double locking) */ |
|
-/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ |
|
-static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */ |
|
- |
|
|
|
#ifdef PREDICT |
|
int rand_predictable=0; |
|
@@ -196,7 +190,7 @@ static void ssleay_rand_add(const void * |
|
long md_c[2]; |
|
unsigned char local_md[MD_DIGEST_LENGTH]; |
|
EVP_MD_CTX m; |
|
- int do_not_lock; |
|
+ int locked; |
|
|
|
/* |
|
* (Based on the rand(3) manpage) |
|
@@ -213,19 +207,8 @@ static void ssleay_rand_add(const void * |
|
* hash function. |
|
*/ |
|
|
|
- /* check if we already have the lock */ |
|
- if (crypto_lock_rand) |
|
- { |
|
- CRYPTO_THREADID cur; |
|
- CRYPTO_THREADID_current(&cur); |
|
- CRYPTO_r_lock(CRYPTO_LOCK_RAND2); |
|
- do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); |
|
- CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); |
|
- } |
|
- else |
|
- do_not_lock = 0; |
|
+ locked = private_RAND_lock(1); |
|
|
|
- if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); |
|
st_idx=state_index; |
|
|
|
/* use our own copies of the counters so that even |
|
@@ -257,7 +240,8 @@ static void ssleay_rand_add(const void * |
|
|
|
md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); |
|
|
|
- if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); |
|
+ if (locked) |
|
+ private_RAND_lock(0); |
|
|
|
EVP_MD_CTX_init(&m); |
|
for (i=0; i<num; i+=MD_DIGEST_LENGTH) |
|
@@ -308,7 +292,7 @@ static void ssleay_rand_add(const void * |
|
} |
|
EVP_MD_CTX_cleanup(&m); |
|
|
|
- if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); |
|
+ locked = private_RAND_lock(1); |
|
/* Don't just copy back local_md into md -- this could mean that |
|
* other thread's seeding remains without effect (except for |
|
* the incremented counter). By XORing it we keep at least as |
|
@@ -319,7 +303,8 @@ static void ssleay_rand_add(const void * |
|
} |
|
if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ |
|
entropy += add; |
|
- if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); |
|
+ if (locked) |
|
+ private_RAND_lock(0); |
|
|
|
#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) |
|
assert(md_c[1] == md_count[1]); |
|
@@ -344,6 +329,7 @@ static int ssleay_rand_bytes(unsigned ch |
|
pid_t curr_pid = getpid(); |
|
#endif |
|
int do_stir_pool = 0; |
|
+ int locked; |
|
|
|
#ifdef PREDICT |
|
if (rand_predictable) |
|
@@ -381,13 +367,7 @@ static int ssleay_rand_bytes(unsigned ch |
|
* global 'md'. |
|
*/ |
|
|
|
- CRYPTO_w_lock(CRYPTO_LOCK_RAND); |
|
- |
|
- /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ |
|
- CRYPTO_w_lock(CRYPTO_LOCK_RAND2); |
|
- CRYPTO_THREADID_current(&locking_threadid); |
|
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); |
|
- crypto_lock_rand = 1; |
|
+ locked = private_RAND_lock(1); |
|
|
|
/* always poll for external entropy in FIPS mode, drbg provides the |
|
* expansion |
|
@@ -461,9 +441,8 @@ static int ssleay_rand_bytes(unsigned ch |
|
|
|
md_count[0] += 1; |
|
|
|
- /* before unlocking, we must clear 'crypto_lock_rand' */ |
|
- crypto_lock_rand = 0; |
|
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); |
|
+ if (locked) |
|
+ private_RAND_lock(0); |
|
|
|
while (num > 0) |
|
{ |
|
@@ -515,10 +494,11 @@ static int ssleay_rand_bytes(unsigned ch |
|
MD_Init(&m); |
|
MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); |
|
MD_Update(&m,local_md,MD_DIGEST_LENGTH); |
|
- CRYPTO_w_lock(CRYPTO_LOCK_RAND); |
|
+ locked = private_RAND_lock(1); |
|
MD_Update(&m,md,MD_DIGEST_LENGTH); |
|
MD_Final(&m,md); |
|
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); |
|
+ if (locked) |
|
+ private_RAND_lock(0); |
|
|
|
EVP_MD_CTX_cleanup(&m); |
|
if (ok) |
|
@@ -548,32 +528,10 @@ static int ssleay_rand_pseudo_bytes(unsi |
|
|
|
static int ssleay_rand_status(void) |
|
{ |
|
- CRYPTO_THREADID cur; |
|
int ret; |
|
- int do_not_lock; |
|
+ int locked; |
|
|
|
- CRYPTO_THREADID_current(&cur); |
|
- /* check if we already have the lock |
|
- * (could happen if a RAND_poll() implementation calls RAND_status()) */ |
|
- if (crypto_lock_rand) |
|
- { |
|
- CRYPTO_r_lock(CRYPTO_LOCK_RAND2); |
|
- do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); |
|
- CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); |
|
- } |
|
- else |
|
- do_not_lock = 0; |
|
- |
|
- if (!do_not_lock) |
|
- { |
|
- CRYPTO_w_lock(CRYPTO_LOCK_RAND); |
|
- |
|
- /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ |
|
- CRYPTO_w_lock(CRYPTO_LOCK_RAND2); |
|
- CRYPTO_THREADID_cpy(&locking_threadid, &cur); |
|
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); |
|
- crypto_lock_rand = 1; |
|
- } |
|
+ locked = private_RAND_lock(1); |
|
|
|
if (!initialized) |
|
{ |
|
@@ -583,13 +541,8 @@ static int ssleay_rand_status(void) |
|
|
|
ret = entropy >= ENTROPY_NEEDED; |
|
|
|
- if (!do_not_lock) |
|
- { |
|
- /* before unlocking, we must clear 'crypto_lock_rand' */ |
|
- crypto_lock_rand = 0; |
|
- |
|
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); |
|
- } |
|
+ if (locked) |
|
+ private_RAND_lock(0); |
|
|
|
return ret; |
|
} |
|
diff -up openssl-1.0.1e/crypto/rand/rand.h.fips-reqs openssl-1.0.1e/crypto/rand/rand.h |
|
--- openssl-1.0.1e/crypto/rand/rand.h.fips-reqs 2013-12-18 12:17:09.764636958 +0100 |
|
+++ openssl-1.0.1e/crypto/rand/rand.h 2013-12-18 12:17:09.800637730 +0100 |
|
@@ -124,6 +124,8 @@ void RAND_set_fips_drbg_type(int type, i |
|
int RAND_init_fips(void); |
|
#endif |
|
|
|
+int private_RAND_lock(int lock); |
|
+ |
|
/* BEGIN ERROR CODES */ |
|
/* The following lines are auto generated by the script mkerr.pl. Any changes |
|
* made after this point may be overwritten when the script is next run. |
|
diff -up openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1e/crypto/rand/rand_lcl.h |
|
--- openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs 2013-12-18 12:17:09.507631447 +0100 |
|
+++ openssl-1.0.1e/crypto/rand/rand_lcl.h 2013-12-18 12:17:09.800637730 +0100 |
|
@@ -112,7 +112,7 @@ |
|
#ifndef HEADER_RAND_LCL_H |
|
#define HEADER_RAND_LCL_H |
|
|
|
-#define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ |
|
+#define ENTROPY_NEEDED 48 /* require 384 bits = 48 bytes of randomness */ |
|
|
|
|
|
#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) |
|
diff -up openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1e/crypto/rand/rand_lib.c |
|
--- openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100 |
|
+++ openssl-1.0.1e/crypto/rand/rand_lib.c 2013-12-18 18:16:45.625850730 +0100 |
|
@@ -181,6 +181,41 @@ int RAND_status(void) |
|
return 0; |
|
} |
|
|
|
+int private_RAND_lock(int lock) |
|
+ { |
|
+ static int crypto_lock_rand; |
|
+ static CRYPTO_THREADID locking_threadid; |
|
+ int do_lock; |
|
+ |
|
+ if (!lock) |
|
+ { |
|
+ crypto_lock_rand = 0; |
|
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); |
|
+ return 0; |
|
+ } |
|
+ |
|
+ /* check if we already have the lock */ |
|
+ if (crypto_lock_rand) |
|
+ { |
|
+ CRYPTO_THREADID cur; |
|
+ CRYPTO_THREADID_current(&cur); |
|
+ CRYPTO_r_lock(CRYPTO_LOCK_RAND2); |
|
+ do_lock = !!CRYPTO_THREADID_cmp(&locking_threadid, &cur); |
|
+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); |
|
+ } |
|
+ else |
|
+ do_lock = 1; |
|
+ if (do_lock) |
|
+ { |
|
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); |
|
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); |
|
+ CRYPTO_THREADID_current(&locking_threadid); |
|
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); |
|
+ crypto_lock_rand = 1; |
|
+ } |
|
+ return do_lock; |
|
+ } |
|
+ |
|
#ifdef OPENSSL_FIPS |
|
|
|
/* FIPS DRBG initialisation code. This sets up the DRBG for use by the |
|
@@ -239,12 +274,16 @@ static int drbg_rand_add(DRBG_CTX *ctx, |
|
double entropy) |
|
{ |
|
RAND_SSLeay()->add(in, inlen, entropy); |
|
+ if (FIPS_rand_status()) |
|
+ FIPS_drbg_reseed(ctx, NULL, 0); |
|
return 1; |
|
} |
|
|
|
static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen) |
|
{ |
|
RAND_SSLeay()->seed(in, inlen); |
|
+ if (FIPS_rand_status()) |
|
+ FIPS_drbg_reseed(ctx, NULL, 0); |
|
return 1; |
|
} |
|
|
|
diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1e/crypto/rsa/rsa_gen.c |
|
--- openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs 2013-12-18 12:17:09.764636958 +0100 |
|
+++ openssl-1.0.1e/crypto/rsa/rsa_gen.c 2013-12-19 17:40:58.483154314 +0100 |
|
@@ -1,5 +1,6 @@ |
|
/* crypto/rsa/rsa_gen.c */ |
|
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
|
+ * Copyright (C) 2013 Red Hat, Inc. |
|
* All rights reserved. |
|
* |
|
* This package is an SSL implementation written |
|
@@ -165,6 +166,236 @@ int RSA_generate_key_ex(RSA *rsa, int bi |
|
return rsa_builtin_keygen(rsa, bits, e_value, cb); |
|
} |
|
|
|
+#ifdef OPENSSL_FIPS |
|
+static int FIPS_rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) |
|
+ { |
|
+ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; |
|
+ BIGNUM local_r0, local_d, local_p; |
|
+ BIGNUM *pr0, *d, *p; |
|
+ BN_CTX *ctx = NULL; |
|
+ int ok = -1; |
|
+ int i; |
|
+ int n = 0; |
|
+ int test = 0; |
|
+ int pbits = bits/2; |
|
+ |
|
+ if(FIPS_selftest_failed()) |
|
+ { |
|
+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED); |
|
+ return 0; |
|
+ } |
|
+ |
|
+ if ((pbits & 0xFF) || (getenv("OPENSSL_ENFORCE_MODULUS_BITS") && bits != 2048 && bits != 3072)) |
|
+ { |
|
+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_INVALID_KEY_LENGTH); |
|
+ return 0; |
|
+ } |
|
+ |
|
+ ctx = BN_CTX_new(); |
|
+ if (ctx == NULL) goto err; |
|
+ BN_CTX_start(ctx); |
|
+ r0 = BN_CTX_get(ctx); |
|
+ r1 = BN_CTX_get(ctx); |
|
+ r2 = BN_CTX_get(ctx); |
|
+ r3 = BN_CTX_get(ctx); |
|
+ |
|
+ if (r3 == NULL) goto err; |
|
+ |
|
+ /* We need the RSA components non-NULL */ |
|
+ if (!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; |
|
+ if (!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; |
|
+ if (!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err; |
|
+ if (!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err; |
|
+ if (!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err; |
|
+ if (!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err; |
|
+ if (!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err; |
|
+ if (!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err; |
|
+ |
|
+ if (!BN_set_word(r0, RSA_F4)) goto err; |
|
+ if (BN_cmp(e_value, r0) < 0 || BN_num_bits(e_value) > 256) |
|
+ { |
|
+ ok = 0; /* we set our own err */ |
|
+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_BAD_E_VALUE); |
|
+ goto err; |
|
+ } |
|
+ |
|
+ /* prepare approximate minimum p and q */ |
|
+ if (!BN_set_word(r0, 0xB504F334)) goto err; |
|
+ if (!BN_lshift(r0, r0, pbits - 32)) goto err; |
|
+ |
|
+ /* prepare minimum p and q difference */ |
|
+ if (!BN_one(r3)) goto err; |
|
+ if (!BN_lshift(r3, r3, pbits - 100)) goto err; |
|
+ |
|
+ BN_copy(rsa->e, e_value); |
|
+ |
|
+ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q)) |
|
+ test = 1; |
|
+ |
|
+retry: |
|
+ /* generate p and q */ |
|
+ for (i = 0; i < 5 * pbits; i++) |
|
+ { |
|
+ ploop: |
|
+ if (!test) |
|
+ if (!BN_rand(rsa->p, pbits, 0, 1)) goto err; |
|
+ if (BN_cmp(rsa->p, r0) < 0) |
|
+ { |
|
+ if (test) goto err; |
|
+ goto ploop; |
|
+ } |
|
+ |
|
+ if (!BN_sub(r2, rsa->p, BN_value_one())) goto err; |
|
+ if (!BN_gcd(r1, r2, rsa->e, ctx)) goto err; |
|
+ if (BN_is_one(r1)) |
|
+ { |
|
+ int r; |
|
+ r = BN_is_prime_fasttest_ex(rsa->p, pbits>1024?4:5, ctx, 0, cb); |
|
+ if (r == -1 || (test && r <= 0)) goto err; |
|
+ if (r > 0) break; |
|
+ } |
|
+ |
|
+ if(!BN_GENCB_call(cb, 2, n++)) |
|
+ goto err; |
|
+ } |
|
+ |
|
+ if(!BN_GENCB_call(cb, 3, 0)) |
|
+ goto err; |
|
+ |
|
+ if(i >= 5*pbits) |
|
+ /* prime not found */ |
|
+ goto err; |
|
+ |
|
+ for (i = 0; i < 5 * pbits; i++) |
|
+ { |
|
+ qloop: |
|
+ if (!test) |
|
+ if (!BN_rand(rsa->q, pbits, 0, 1)) goto err; |
|
+ if (BN_cmp(rsa->q, r0) < 0) |
|
+ { |
|
+ if (test) goto err; |
|
+ goto qloop; |
|
+ } |
|
+ if (!BN_sub(r2, rsa->q, rsa->p)) goto err; |
|
+ if (BN_ucmp(r2, r3) <= 0) |
|
+ { |
|
+ if (test) goto err; |
|
+ goto qloop; |
|
+ } |
|
+ |
|
+ if (!BN_sub(r2, rsa->q, BN_value_one())) goto err; |
|
+ if (!BN_gcd(r1, r2, rsa->e, ctx)) goto err; |
|
+ if (BN_is_one(r1)) |
|
+ { |
|
+ int r; |
|
+ r = BN_is_prime_fasttest_ex(rsa->q, pbits>1024?4:5, ctx, 0, cb); |
|
+ if (r == -1 || (test && r <= 0)) goto err; |
|
+ if (r > 0) break; |
|
+ } |
|
+ |
|
+ if(!BN_GENCB_call(cb, 2, n++)) |
|
+ goto err; |
|
+ } |
|
+ |
|
+ if(!BN_GENCB_call(cb, 3, 1)) |
|
+ goto err; |
|
+ |
|
+ if(i >= 5*pbits) |
|
+ /* prime not found */ |
|
+ goto err; |
|
+ |
|
+ if (test) |
|
+ { |
|
+ /* do not try to calculate the remaining key values */ |
|
+ BN_clear(rsa->n); |
|
+ ok = 1; |
|
+ goto err; |
|
+ } |
|
+ |
|
+ if (BN_cmp(rsa->p,rsa->q) < 0) |
|
+ { |
|
+ tmp=rsa->p; |
|
+ rsa->p=rsa->q; |
|
+ rsa->q=tmp; |
|
+ } |
|
+ |
|
+ /* calculate n */ |
|
+ if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err; |
|
+ |
|
+ /* calculate d */ |
|
+ if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */ |
|
+ if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */ |
|
+ |
|
+ if (!BN_gcd(r0, r1, r2, ctx)) goto err; |
|
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) |
|
+ { |
|
+ pr0 = &local_r0; |
|
+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); |
|
+ } |
|
+ else |
|
+ pr0 = r0; |
|
+ if (!BN_div(r0, NULL, r1, pr0, ctx)) goto err; |
|
+ if (!BN_mul(r0,r0,r2,ctx)) goto err; /* lcm(p-1, q-1) */ |
|
+ |
|
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) |
|
+ { |
|
+ pr0 = &local_r0; |
|
+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); |
|
+ } |
|
+ else |
|
+ pr0 = r0; |
|
+ if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */ |
|
+ |
|
+ if (BN_num_bits(rsa->d) < pbits) goto retry; /* d is too small */ |
|
+ |
|
+ /* set up d for correct BN_FLG_CONSTTIME flag */ |
|
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) |
|
+ { |
|
+ d = &local_d; |
|
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); |
|
+ } |
|
+ else |
|
+ d = rsa->d; |
|
+ |
|
+ /* calculate d mod (p-1) */ |
|
+ if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err; |
|
+ |
|
+ /* calculate d mod (q-1) */ |
|
+ if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err; |
|
+ |
|
+ /* calculate inverse of q mod p */ |
|
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) |
|
+ { |
|
+ p = &local_p; |
|
+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); |
|
+ } |
|
+ else |
|
+ p = rsa->p; |
|
+ if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err; |
|
+ |
|
+ if (fips_rsa_pairwise_fail) |
|
+ BN_add_word(rsa->n, 1); |
|
+ |
|
+ if(!fips_check_rsa(rsa)) |
|
+ goto err; |
|
+ |
|
+ ok=1; |
|
+err: |
|
+ if (ok == -1) |
|
+ { |
|
+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN); |
|
+ ok = 0; |
|
+ } |
|
+ if (ctx != NULL) |
|
+ { |
|
+ BN_CTX_end(ctx); |
|
+ BN_CTX_free(ctx); |
|
+ } |
|
+ |
|
+ return ok; |
|
+ } |
|
+#endif |
|
+ |
|
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) |
|
{ |
|
BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; |
|
@@ -176,17 +407,12 @@ static int rsa_builtin_keygen(RSA *rsa, |
|
#ifdef OPENSSL_FIPS |
|
if (FIPS_module_mode()) |
|
{ |
|
- if(FIPS_selftest_failed()) |
|
- { |
|
- FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED); |
|
- return 0; |
|
- } |
|
- |
|
if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) |
|
{ |
|
FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT); |
|
return 0; |
|
} |
|
+ return FIPS_rsa_builtin_keygen(rsa, bits, e_value, cb); |
|
} |
|
#endif |
|
|
|
@@ -301,17 +527,6 @@ static int rsa_builtin_keygen(RSA *rsa, |
|
p = rsa->p; |
|
if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err; |
|
|
|
-#ifdef OPENSSL_FIPS |
|
- if (FIPS_module_mode()) |
|
- { |
|
- if (fips_rsa_pairwise_fail) |
|
- BN_add_word(rsa->n, 1); |
|
- |
|
- if(!fips_check_rsa(rsa)) |
|
- goto err; |
|
- } |
|
-#endif |
|
- |
|
ok=1; |
|
err: |
|
if (ok == -1) |
|
diff -up openssl-1.0.1e/ssl/t1_enc.c.fips-reqs openssl-1.0.1e/ssl/t1_enc.c |
|
--- openssl-1.0.1e/ssl/t1_enc.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100 |
|
+++ openssl-1.0.1e/ssl/t1_enc.c 2013-12-18 12:17:09.801637751 +0100 |
|
@@ -291,6 +291,27 @@ static int tls1_PRF(long digest_mask, |
|
err: |
|
return ret; |
|
} |
|
+ |
|
+int private_tls1_PRF(long digest_mask, |
|
+ const void *seed1, int seed1_len, |
|
+ const void *seed2, int seed2_len, |
|
+ const void *seed3, int seed3_len, |
|
+ const void *seed4, int seed4_len, |
|
+ const void *seed5, int seed5_len, |
|
+ const unsigned char *sec, int slen, |
|
+ unsigned char *out1, |
|
+ unsigned char *out2, int olen) |
|
+ { |
|
+ return tls1_PRF(digest_mask, |
|
+ seed1, seed1_len, |
|
+ seed2, seed2_len, |
|
+ seed3, seed3_len, |
|
+ seed4, seed4_len, |
|
+ seed5, seed5_len, |
|
+ sec, slen, |
|
+ out1, out2, olen); |
|
+ } |
|
+ |
|
static int tls1_generate_key_block(SSL *s, unsigned char *km, |
|
unsigned char *tmp, int num) |
|
{
|
|
|