613f66
diff -up openssl-1.0.1j/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1j/crypto/ecdh/ecdh.h
613f66
--- openssl-1.0.1j/crypto/ecdh/ecdh.h.fips-ec	2014-10-16 13:25:20.248098308 +0200
613f66
+++ openssl-1.0.1j/crypto/ecdh/ecdh.h	2014-10-16 13:25:20.730109190 +0200
b35514
@@ -85,6 +85,8 @@
b35514
 extern "C" {
b35514
 #endif
b35514
 
b35514
+#define EC_FLAG_COFACTOR_ECDH	0x1000
b35514
+
b35514
 const ECDH_METHOD *ECDH_OpenSSL(void);
b35514
 
b35514
 void	  ECDH_set_default_method(const ECDH_METHOD *);
613f66
diff -up openssl-1.0.1j/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1j/crypto/ecdh/ecdhtest.c
613f66
--- openssl-1.0.1j/crypto/ecdh/ecdhtest.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
613f66
+++ openssl-1.0.1j/crypto/ecdh/ecdhtest.c	2014-10-16 13:25:20.730109190 +0200
83d99a
@@ -323,8 +323,10 @@ int main(int argc, char *argv[])
b35514
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
1f19ac
 
b35514
 	/* NIST PRIME CURVES TESTS */
b35514
+#if 0
b35514
 	if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err;
b35514
 	if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err;
b35514
+#endif
b35514
 	if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
b35514
 	if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
b35514
 	if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
613f66
diff -up openssl-1.0.1j/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1j/crypto/ecdh/ech_lib.c
613f66
--- openssl-1.0.1j/crypto/ecdh/ech_lib.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
613f66
+++ openssl-1.0.1j/crypto/ecdh/ech_lib.c	2014-10-16 13:25:20.730109190 +0200
b35514
@@ -94,14 +94,7 @@ const ECDH_METHOD *ECDH_get_default_meth
1f19ac
 	{
b35514
 	if(!default_ECDH_method) 
b35514
 		{
1f19ac
-#ifdef OPENSSL_FIPS
b35514
-		if (FIPS_mode())
b35514
-			return FIPS_ecdh_openssl();
b35514
-		else
b35514
-			return ECDH_OpenSSL();
1f19ac
-#else
b35514
 		default_ECDH_method = ECDH_OpenSSL();
1f19ac
-#endif
b35514
 		}
b35514
 	return default_ECDH_method;
1f19ac
 	}
613f66
diff -up openssl-1.0.1j/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1j/crypto/ecdh/ech_ossl.c
613f66
--- openssl-1.0.1j/crypto/ecdh/ech_ossl.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
613f66
+++ openssl-1.0.1j/crypto/ecdh/ech_ossl.c	2014-10-16 13:25:20.730109190 +0200
b35514
@@ -79,6 +79,10 @@
b35514
 #include <openssl obj_mac.h="">
b35514
 #include <openssl bn.h="">
b35514
 
b35514
+#ifdef OPENSSL_FIPS
b35514
+#include <openssl fips.h="">
b35514
+#endif
b35514
+
b35514
 static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
b35514
 	EC_KEY *ecdh, 
b35514
 	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
b35514
@@ -90,7 +94,7 @@ static ECDH_METHOD openssl_ecdh_meth = {
b35514
 	NULL, /* init     */
b35514
 	NULL, /* finish   */
b35514
 #endif
b35514
-	0,    /* flags    */
b35514
+	ECDH_FLAG_FIPS_METHOD,    /* flags    */
b35514
 	NULL  /* app_data */
b35514
 };
1f19ac
 
b35514
@@ -118,6 +122,14 @@ static int ecdh_compute_key(void *out, s
b35514
 	size_t buflen, len;
b35514
 	unsigned char *buf=NULL;
1f19ac
 
b35514
+#ifdef OPENSSL_FIPS
b35514
+	if(FIPS_selftest_failed())
b35514
+		{
b35514
+		FIPSerr(FIPS_F_ECDH_COMPUTE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);
b35514
+		return -1;
b35514
+		}
b35514
+#endif
b35514
+
b35514
 	if (outlen > INT_MAX)
b35514
 		{
b35514
 		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */
b35514
@@ -137,6 +149,18 @@ static int ecdh_compute_key(void *out, s
b35514
 		}
b35514
 
b35514
 	group = EC_KEY_get0_group(ecdh);
b35514
+
b35514
+	if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH)
b35514
+		{
b35514
+		if (!EC_GROUP_get_cofactor(group, x, ctx) ||
b35514
+			!BN_mul(x, x, priv_key, ctx))
b35514
+			{
b35514
+			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
b35514
+			goto err;
b35514
+			}
b35514
+		priv_key = x;
b35514
+		}
b35514
+
b35514
 	if ((tmp=EC_POINT_new(group)) == NULL)
b35514
 		{
b35514
 		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
613f66
diff -up openssl-1.0.1j/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1j/crypto/ecdsa/ecdsatest.c
613f66
--- openssl-1.0.1j/crypto/ecdsa/ecdsatest.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
613f66
+++ openssl-1.0.1j/crypto/ecdsa/ecdsatest.c	2014-10-16 13:25:20.731109212 +0200
b35514
@@ -138,11 +138,14 @@ int restore_rand(void)
b35514
 	}
b35514
 
b35514
 static int fbytes_counter = 0;
b35514
-static const char *numbers[8] = {
b35514
+static const char *numbers[10] = {
b35514
+	"651056770906015076056810763456358567190100156695615665659",
b35514
 	"651056770906015076056810763456358567190100156695615665659",
b35514
 	"6140507067065001063065065565667405560006161556565665656654",
b35514
 	"8763001015071075675010661307616710783570106710677817767166"
b35514
 	"71676178726717",
b35514
+	"8763001015071075675010661307616710783570106710677817767166"
b35514
+	"71676178726717",
b35514
 	"7000000175690566466555057817571571075705015757757057795755"
b35514
 	"55657156756655",
b35514
 	"1275552191113212300012030439187146164646146646466749494799",
b35514
@@ -157,7 +160,7 @@ int fbytes(unsigned char *buf, int num)
b35514
 	int	ret;
b35514
 	BIGNUM	*tmp = NULL;
b35514
 
b35514
-	if (fbytes_counter >= 8)
b35514
+	if (fbytes_counter >= 10)
b35514
 		return 0;
b35514
 	tmp = BN_new();
b35514
 	if (!tmp)
b35514
@@ -550,7 +553,9 @@ int main(void)
b35514
 	RAND_seed(rnd_seed, sizeof(rnd_seed));
b35514
 
b35514
 	/* the tests */
b35514
+#if 0
b35514
 	if (!x9_62_tests(out))  goto err;
b35514
+#endif
b35514
 	if (!test_builtin(out)) goto err;
b35514
 	
b35514
 	ret = 0;
613f66
diff -up openssl-1.0.1j/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1j/crypto/ecdsa/ecs_lib.c
613f66
--- openssl-1.0.1j/crypto/ecdsa/ecs_lib.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
613f66
+++ openssl-1.0.1j/crypto/ecdsa/ecs_lib.c	2014-10-16 13:25:20.731109212 +0200
b35514
@@ -81,14 +81,7 @@ const ECDSA_METHOD *ECDSA_get_default_me
b35514
 {
b35514
 	if(!default_ECDSA_method) 
b35514
 		{
b35514
-#ifdef OPENSSL_FIPS
b35514
-		if (FIPS_mode())
b35514
-			return FIPS_ecdsa_openssl();
b35514
-		else
b35514
-			return ECDSA_OpenSSL();
b35514
-#else
b35514
 		default_ECDSA_method = ECDSA_OpenSSL();
b35514
-#endif
b35514
 		}
b35514
 	return default_ECDSA_method;
b35514
 }
613f66
diff -up openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c
613f66
--- openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
613f66
+++ openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c	2014-10-16 13:25:20.731109212 +0200
b35514
@@ -60,6 +60,9 @@
b35514
 #include <openssl err.h="">
b35514
 #include <openssl obj_mac.h="">
b35514
 #include <openssl bn.h="">
b35514
+#ifdef OPENSSL_FIPS
b35514
+#include <openssl fips.h="">
b35514
+#endif
b35514
 
b35514
 static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, 
b35514
 		const BIGNUM *, const BIGNUM *, EC_KEY *eckey);
b35514
@@ -77,7 +80,7 @@ static ECDSA_METHOD openssl_ecdsa_meth =
b35514
 	NULL, /* init     */
b35514
 	NULL, /* finish   */
b35514
 #endif
b35514
-	0,    /* flags    */
b35514
+	ECDSA_FLAG_FIPS_METHOD,    /* flags    */
b35514
 	NULL  /* app_data */
b35514
 };
b35514
 
b35514
@@ -231,6 +234,14 @@ static ECDSA_SIG *ecdsa_do_sign(const un
b35514
 	ECDSA_DATA *ecdsa;
b35514
 	const BIGNUM *priv_key;
b35514
 
b35514
+#ifdef OPENSSL_FIPS
b35514
+	if(FIPS_selftest_failed())
b35514
+		{
b35514
+		FIPSerr(FIPS_F_ECDSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
b35514
+		return NULL;
b35514
+		}
b35514
+#endif
b35514
+
b35514
 	ecdsa    = ecdsa_check(eckey);
b35514
 	group    = EC_KEY_get0_group(eckey);
b35514
 	priv_key = EC_KEY_get0_private_key(eckey);
b35514
@@ -360,6 +371,14 @@ static int ecdsa_do_verify(const unsigne
b35514
 	const EC_GROUP *group;
b35514
 	const EC_POINT *pub_key;
b35514
 
b35514
+#ifdef OPENSSL_FIPS
b35514
+	if(FIPS_selftest_failed())
b35514
+		{
b35514
+		FIPSerr(FIPS_F_ECDSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
b35514
+		return -1;
b35514
+		}
b35514
+#endif
b35514
+
b35514
 	/* check input values */
b35514
 	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
b35514
 	    (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
613f66
diff -up openssl-1.0.1j/crypto/ec/ec_key.c.fips-ec openssl-1.0.1j/crypto/ec/ec_key.c
613f66
--- openssl-1.0.1j/crypto/ec/ec_key.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
613f66
+++ openssl-1.0.1j/crypto/ec/ec_key.c	2014-10-16 13:25:20.731109212 +0200
1f19ac
@@ -64,9 +64,6 @@
1f19ac
 #include <string.h>
1f19ac
 #include "ec_lcl.h"
1f19ac
 #include <openssl err.h="">
1f19ac
-#ifdef OPENSSL_FIPS
1f19ac
-#include <openssl fips.h="">
1f19ac
-#endif
1f19ac
 
1f19ac
 EC_KEY *EC_KEY_new(void)
1f19ac
 	{
1f19ac
@@ -234,6 +231,39 @@ int EC_KEY_up_ref(EC_KEY *r)
1f19ac
 	return ((i > 1) ? 1 : 0);
1f19ac
 	}
1f19ac
 
1f19ac
+#ifdef OPENSSL_FIPS
1f19ac
+
1f19ac
+#include <openssl evp.h="">
1f19ac
+#include <openssl fips.h="">
1f19ac
+#include <openssl fips_rand.h="">
1f19ac
+
1f19ac
+static int fips_check_ec(EC_KEY *key)
1f19ac
+	{
1f19ac
+	EVP_PKEY *pk;
1f19ac
+	unsigned char tbs[] = "ECDSA Pairwise Check Data";
1f19ac
+	int ret = 0;
1f19ac
+
1f19ac
+	if ((pk=EVP_PKEY_new()) == NULL)
1f19ac
+		goto err;
1f19ac
+
1f19ac
+	EVP_PKEY_set1_EC_KEY(pk, key);
1f19ac
+
c66230
+	if (fips_pkey_signature_test(pk, tbs, -1, NULL, 0, NULL, 0, NULL))
1f19ac
+		ret = 1;
1f19ac
+
1f19ac
+	err:
1f19ac
+	if (ret == 0)
1f19ac
+		{
1f19ac
+		FIPSerr(FIPS_F_FIPS_CHECK_EC,FIPS_R_PAIRWISE_TEST_FAILED);
1f19ac
+		fips_set_selftest_fail();
1f19ac
+		}
1f19ac
+	if (pk)
1f19ac
+		EVP_PKEY_free(pk);
1f19ac
+	return ret;
1f19ac
+	}
1f19ac
+
1f19ac
+#endif
1f19ac
+
1f19ac
 int EC_KEY_generate_key(EC_KEY *eckey)
1f19ac
 	{	
1f19ac
 	int	ok = 0;
1f19ac
@@ -242,8 +272,11 @@ int EC_KEY_generate_key(EC_KEY *eckey)
1f19ac
 	EC_POINT *pub_key = NULL;
1f19ac
 
1f19ac
 #ifdef OPENSSL_FIPS
1f19ac
-	if (FIPS_mode())
1f19ac
-		return FIPS_ec_key_generate_key(eckey);
1f19ac
+	if(FIPS_selftest_failed())
1f19ac
+		{
1f19ac
+		FIPSerr(FIPS_F_EC_KEY_GENERATE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);
1f19ac
+		return 0;
1f19ac
+		}
1f19ac
 #endif
1f19ac
 
1f19ac
 	if (!eckey || !eckey->group)
1f19ac
@@ -287,6 +320,15 @@ int EC_KEY_generate_key(EC_KEY *eckey)
1f19ac
 	eckey->priv_key = priv_key;
1f19ac
 	eckey->pub_key  = pub_key;
1f19ac
 
1f19ac
+#ifdef OPENSSL_FIPS
1f19ac
+	if(!fips_check_ec(eckey))
1f19ac
+		{
1f19ac
+		eckey->priv_key = NULL;
1f19ac
+		eckey->pub_key  = NULL;
1f19ac
+	    	goto err;
1f19ac
+		}
1f19ac
+#endif
1f19ac
+
1f19ac
 	ok=1;
1f19ac
 
1f19ac
 err:	
1f19ac
@@ -429,10 +471,12 @@ int EC_KEY_set_public_key_affine_coordin
1f19ac
 								tx, ty, ctx))
1f19ac
 			goto err;
1f19ac
 		}
1f19ac
-	/* Check if retrieved coordinates match originals: if not values
1f19ac
-	 * are out of range.
1f19ac
+	/* Check if retrieved coordinates match originals and are less than
1f19ac
+	 * field order: if not values are out of range.
1f19ac
 	 */
1f19ac
-	if (BN_cmp(x, tx) || BN_cmp(y, ty))
1f19ac
+	if (BN_cmp(x, tx) || BN_cmp(y, ty)
1f19ac
+		|| (BN_cmp(x, &key->group->field) >= 0)
1f19ac
+		|| (BN_cmp(y, &key->group->field) >= 0))
1f19ac
 		{
1f19ac
 		ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
1f19ac
 			EC_R_COORDINATES_OUT_OF_RANGE);
613f66
diff -up openssl-1.0.1j/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1j/crypto/ec/ecp_mont.c
613f66
--- openssl-1.0.1j/crypto/ec/ecp_mont.c.fips-ec	2014-10-16 13:25:20.731109212 +0200
613f66
+++ openssl-1.0.1j/crypto/ec/ecp_mont.c	2014-10-16 13:27:34.156121340 +0200
613f66
@@ -63,10 +63,6 @@
1f19ac
 
1f19ac
 #include <openssl err.h="">
1f19ac
 
1f19ac
-#ifdef OPENSSL_FIPS
1f19ac
-#include <openssl fips.h="">
1f19ac
-#endif
1f19ac
-
1f19ac
 #include "ec_lcl.h"
1f19ac
 
1f19ac
 
613f66
@@ -111,11 +107,6 @@ const EC_METHOD *EC_GFp_mont_method(void
613f66
 		ec_GFp_mont_field_decode,
1f19ac
 		ec_GFp_mont_field_set_to_one };
1f19ac
 
613f66
-#ifdef OPENSSL_FIPS
613f66
-	if (FIPS_mode())
613f66
-		return fips_ec_gfp_mont_method();
1f19ac
-#endif
613f66
-
613f66
 	return &ret;
1f19ac
 	}
1f19ac
 
613f66
diff -up openssl-1.0.1j/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1j/crypto/ec/ecp_nist.c
613f66
--- openssl-1.0.1j/crypto/ec/ecp_nist.c.fips-ec	2014-10-16 13:25:20.732109235 +0200
613f66
+++ openssl-1.0.1j/crypto/ec/ecp_nist.c	2014-10-16 13:27:53.163550441 +0200
613f66
@@ -67,10 +67,6 @@
1f19ac
 #include <openssl obj_mac.h="">
1f19ac
 #include "ec_lcl.h"
1f19ac
 
1f19ac
-#ifdef OPENSSL_FIPS
1f19ac
-#include <openssl fips.h="">
1f19ac
-#endif
1f19ac
-
1f19ac
 const EC_METHOD *EC_GFp_nist_method(void)
1f19ac
 	{
1f19ac
 	static const EC_METHOD ret = {
613f66
@@ -112,11 +108,6 @@ const EC_METHOD *EC_GFp_nist_method(void
613f66
 		0 /* field_decode */,
1f19ac
 		0 /* field_set_to_one */ };
1f19ac
 
613f66
-#ifdef OPENSSL_FIPS
613f66
-	if (FIPS_mode())
613f66
-		return fips_ec_gfp_nist_method();
1f19ac
-#endif
613f66
-
613f66
 	return &ret;
1f19ac
 	}
1f19ac
 
613f66
diff -up openssl-1.0.1j/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1j/crypto/ec/ecp_smpl.c
613f66
--- openssl-1.0.1j/crypto/ec/ecp_smpl.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
613f66
+++ openssl-1.0.1j/crypto/ec/ecp_smpl.c	2014-10-16 13:28:39.386593946 +0200
613f66
@@ -65,10 +65,6 @@
1f19ac
 #include <openssl err.h="">
1f19ac
 #include <openssl symhacks.h="">
1f19ac
 
1f19ac
-#ifdef OPENSSL_FIPS
1f19ac
-#include <openssl fips.h="">
1f19ac
-#endif
1f19ac
-
1f19ac
 #include "ec_lcl.h"
1f19ac
 
1f19ac
 const EC_METHOD *EC_GFp_simple_method(void)
613f66
@@ -112,11 +108,6 @@ const EC_METHOD *EC_GFp_simple_method(vo
613f66
 		0 /* field_decode */,
b35514
 		0 /* field_set_to_one */ };
1f19ac
 
613f66
-#ifdef OPENSSL_FIPS
613f66
-	if (FIPS_mode())
613f66
-		return fips_ec_gfp_simple_method();
b35514
-#endif
613f66
-
613f66
 	return &ret;
b35514
 	}
1f19ac
 
613f66
@@ -187,6 +178,12 @@ int ec_GFp_simple_group_set_curve(EC_GRO
b35514
 		return 0;
b35514
 		}
b35514
 
b35514
+	if (BN_num_bits(p) < 256)
1f19ac
+		{
b35514
+		ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
b35514
+		return 0;
1f19ac
+		}
1f19ac
+
b35514
 	if (ctx == NULL)
b35514
 		{
b35514
 		ctx = new_ctx = BN_CTX_new();
613f66
diff -up openssl-1.0.1j/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1j/crypto/evp/m_ecdsa.c
613f66
--- openssl-1.0.1j/crypto/evp/m_ecdsa.c.fips-ec	2014-10-15 14:53:39.000000000 +0200
613f66
+++ openssl-1.0.1j/crypto/evp/m_ecdsa.c	2014-10-16 13:25:20.732109235 +0200
1f19ac
@@ -116,7 +116,6 @@
1f19ac
 #include <openssl x509.h="">
1f19ac
 
1f19ac
 #ifndef OPENSSL_NO_SHA
1f19ac
-#ifndef OPENSSL_FIPS
1f19ac
 
1f19ac
 static int init(EVP_MD_CTX *ctx)
1f19ac
 	{ return SHA1_Init(ctx->md_data); }
1f19ac
@@ -132,7 +131,7 @@ static const EVP_MD ecdsa_md=
1f19ac
 	NID_ecdsa_with_SHA1,
1f19ac
 	NID_ecdsa_with_SHA1,
1f19ac
 	SHA_DIGEST_LENGTH,
1f19ac
-	EVP_MD_FLAG_PKEY_DIGEST,
1f19ac
+	EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
1f19ac
 	init,
1f19ac
 	update,
1f19ac
 	final,
1f19ac
@@ -148,4 +147,3 @@ const EVP_MD *EVP_ecdsa(void)
1f19ac
 	return(&ecdsa_md);
1f19ac
 	}
1f19ac
 #endif
1f19ac
-#endif
613f66
diff -up openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c
613f66
--- openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c.fips-ec	2014-10-16 13:25:20.732109235 +0200
613f66
+++ openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c	2014-10-16 13:25:20.732109235 +0200
1f19ac
@@ -0,0 +1,496 @@
1f19ac
+/* fips/ecdh/fips_ecdhvs.c */
1f19ac
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
1f19ac
+ * project.
1f19ac
+ */
1f19ac
+/* ====================================================================
1f19ac
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
1f19ac
+ *
1f19ac
+ * Redistribution and use in source and binary forms, with or without
1f19ac
+ * modification, are permitted provided that the following conditions
1f19ac
+ * are met:
1f19ac
+ *
1f19ac
+ * 1. Redistributions of source code must retain the above copyright
1f19ac
+ *    notice, this list of conditions and the following disclaimer. 
1f19ac
+ *
1f19ac
+ * 2. Redistributions in binary form must reproduce the above copyright
1f19ac
+ *    notice, this list of conditions and the following disclaimer in
1f19ac
+ *    the documentation and/or other materials provided with the
1f19ac
+ *    distribution.
1f19ac
+ *
1f19ac
+ * 3. All advertising materials mentioning features or use of this
1f19ac
+ *    software must display the following acknowledgment:
1f19ac
+ *    "This product includes software developed by the OpenSSL Project
1f19ac
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
1f19ac
+ *
1f19ac
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1f19ac
+ *    endorse or promote products derived from this software without
1f19ac
+ *    prior written permission. For written permission, please contact
1f19ac
+ *    licensing@OpenSSL.org.
1f19ac
+ *
1f19ac
+ * 5. Products derived from this software may not be called "OpenSSL"
1f19ac
+ *    nor may "OpenSSL" appear in their names without prior written
1f19ac
+ *    permission of the OpenSSL Project.
1f19ac
+ *
1f19ac
+ * 6. Redistributions of any form whatsoever must retain the following
1f19ac
+ *    acknowledgment:
1f19ac
+ *    "This product includes software developed by the OpenSSL Project
1f19ac
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
1f19ac
+ *
1f19ac
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1f19ac
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1f19ac
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1f19ac
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
1f19ac
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1f19ac
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1f19ac
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1f19ac
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1f19ac
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1f19ac
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1f19ac
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1f19ac
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
1f19ac
+ * ====================================================================
1f19ac
+ */
1f19ac
+
1f19ac
+
1f19ac
+#define OPENSSL_FIPSAPI
1f19ac
+#include <openssl opensslconf.h="">
1f19ac
+
1f19ac
+#ifndef OPENSSL_FIPS
1f19ac
+#include <stdio.h>
1f19ac
+
1f19ac
+int main(int argc, char **argv)
1f19ac
+{
1f19ac
+    printf("No FIPS ECDH support\n");
1f19ac
+    return(0);
1f19ac
+}
1f19ac
+#else
1f19ac
+
1f19ac
+#include <openssl crypto.h="">
1f19ac
+#include <openssl bn.h="">
1f19ac
+#include <openssl ecdh.h="">
1f19ac
+#include <openssl fips.h="">
1f19ac
+#include <openssl err.h="">
1f19ac
+#include <openssl evp.h="">
1f19ac
+#include <string.h>
1f19ac
+#include <ctype.h>
1f19ac
+
1f19ac
+#include "fips_utl.h"
1f19ac
+
1f19ac
+static const EVP_MD *eparse_md(char *line)
1f19ac
+	{
1f19ac
+	char *p;
1f19ac
+	if (line[0] != '[' || line[1] != 'E')
1f19ac
+		return NULL;
1f19ac
+	p = strchr(line, '-');
1f19ac
+	if (!p)
1f19ac
+		return NULL;
1f19ac
+	line = p + 1;
1f19ac
+	p = strchr(line, ']');
1f19ac
+	if (!p)
1f19ac
+		return NULL;
1f19ac
+	*p = 0;
1f19ac
+	p = line;
1f19ac
+	while(isspace(*p))
1f19ac
+		p++;
1f19ac
+	if (!strcmp(p, "SHA1"))
1f19ac
+		return EVP_sha1();
1f19ac
+	else if (!strcmp(p, "SHA224"))
1f19ac
+		return EVP_sha224();
1f19ac
+	else if (!strcmp(p, "SHA256"))
1f19ac
+		return EVP_sha256();
1f19ac
+	else if (!strcmp(p, "SHA384"))
1f19ac
+		return EVP_sha384();
1f19ac
+	else if (!strcmp(p, "SHA512"))
1f19ac
+		return EVP_sha512();
1f19ac
+	else
1f19ac
+		return NULL;
1f19ac
+	}
1f19ac
+
1f19ac
+static int lookup_curve2(char *cname)
1f19ac
+	{
1f19ac
+	char *p;
1f19ac
+	p = strchr(cname, ']');
1f19ac
+	if (!p)
1f19ac
+		{
1f19ac
+		fprintf(stderr, "Parse error: missing ]\n");
1f19ac
+		return NID_undef;
1f19ac
+		}
1f19ac
+	*p = 0;
1f19ac
+
1f19ac
+	if (!strcmp(cname, "B-163"))
1f19ac
+		return NID_sect163r2;
1f19ac
+	if (!strcmp(cname, "B-233"))
1f19ac
+		return NID_sect233r1;
1f19ac
+	if (!strcmp(cname, "B-283"))
1f19ac
+		return NID_sect283r1;
1f19ac
+	if (!strcmp(cname, "B-409"))
1f19ac
+		return NID_sect409r1;
1f19ac
+	if (!strcmp(cname, "B-571"))
1f19ac
+		return NID_sect571r1;
1f19ac
+	if (!strcmp(cname, "K-163"))
1f19ac
+		return NID_sect163k1;
1f19ac
+	if (!strcmp(cname, "K-233"))
1f19ac
+		return NID_sect233k1;
1f19ac
+	if (!strcmp(cname, "K-283"))
1f19ac
+		return NID_sect283k1;
1f19ac
+	if (!strcmp(cname, "K-409"))
1f19ac
+		return NID_sect409k1;
1f19ac
+	if (!strcmp(cname, "K-571"))
1f19ac
+		return NID_sect571k1;
1f19ac
+	if (!strcmp(cname, "P-192"))
1f19ac
+		return NID_X9_62_prime192v1;
1f19ac
+	if (!strcmp(cname, "P-224"))
1f19ac
+		return NID_secp224r1;
1f19ac
+	if (!strcmp(cname, "P-256"))
1f19ac
+		return NID_X9_62_prime256v1;
1f19ac
+	if (!strcmp(cname, "P-384"))
1f19ac
+		return NID_secp384r1;
1f19ac
+	if (!strcmp(cname, "P-521"))
1f19ac
+		return NID_secp521r1;
1f19ac
+
1f19ac
+	fprintf(stderr, "Unknown Curve name %s\n", cname);
1f19ac
+	return NID_undef;
1f19ac
+	}
1f19ac
+
1f19ac
+static int lookup_curve(char *cname)
1f19ac
+	{
1f19ac
+	char *p;
1f19ac
+	p = strchr(cname, ':');
1f19ac
+	if (!p)
1f19ac
+		{
1f19ac
+		fprintf(stderr, "Parse error: missing :\n");
1f19ac
+		return NID_undef;
1f19ac
+		}
1f19ac
+	cname = p + 1;
1f19ac
+	while(isspace(*cname))
1f19ac
+		cname++;
1f19ac
+	return lookup_curve2(cname);
1f19ac
+	}
1f19ac
+
1f19ac
+static EC_POINT *make_peer(EC_GROUP *group, BIGNUM *x, BIGNUM *y)
1f19ac
+	{
1f19ac
+	EC_POINT *peer;
1f19ac
+	int rv;
1f19ac
+	BN_CTX *c;
1f19ac
+	peer = EC_POINT_new(group);
1f19ac
+	if (!peer)
1f19ac
+		return NULL;
1f19ac
+	c = BN_CTX_new();
1f19ac
+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
1f19ac
+		== NID_X9_62_prime_field)
1f19ac
+		rv = EC_POINT_set_affine_coordinates_GFp(group, peer, x, y, c);
1f19ac
+	else
1f19ac
+#ifdef OPENSSL_NO_EC2M
1f19ac
+		{
1f19ac
+		fprintf(stderr, "ERROR: GF2m not supported\n");
1f19ac
+		exit(1);
1f19ac
+		}
1f19ac
+#else
1f19ac
+		rv = EC_POINT_set_affine_coordinates_GF2m(group, peer, x, y, c);
1f19ac
+#endif
1f19ac
+
1f19ac
+	BN_CTX_free(c);
1f19ac
+	if (rv)
1f19ac
+		return peer;
1f19ac
+	EC_POINT_free(peer);
1f19ac
+	return NULL;
1f19ac
+	}
1f19ac
+
1f19ac
+static int ec_print_key(FILE *out, EC_KEY *key, int add_e, int exout)
1f19ac
+	{
1f19ac
+	const EC_POINT *pt;
1f19ac
+	const EC_GROUP *grp;
1f19ac
+	const EC_METHOD *meth;
1f19ac
+	int rv;
1f19ac
+	BIGNUM *tx, *ty;
1f19ac
+	const BIGNUM *d = NULL;
1f19ac
+	BN_CTX *ctx;
1f19ac
+	ctx = BN_CTX_new();
1f19ac
+	if (!ctx)
1f19ac
+		return 0;
1f19ac
+	tx = BN_CTX_get(ctx);
1f19ac
+	ty = BN_CTX_get(ctx);
1f19ac
+	if (!tx || !ty)
1f19ac
+		return 0;
1f19ac
+	grp = EC_KEY_get0_group(key);
1f19ac
+	pt = EC_KEY_get0_public_key(key);
1f19ac
+	if (exout)
1f19ac
+		d = EC_KEY_get0_private_key(key);
1f19ac
+	meth = EC_GROUP_method_of(grp);
1f19ac
+	if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
1f19ac
+		rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, tx, ty, ctx);
1f19ac
+	else
1f19ac
+#ifdef OPENSSL_NO_EC2M
1f19ac
+		{
1f19ac
+		fprintf(stderr, "ERROR: GF2m not supported\n");
1f19ac
+		exit(1);
1f19ac
+		}
1f19ac
+#else
1f19ac
+		rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, tx, ty, ctx);
1f19ac
+#endif
1f19ac
+
1f19ac
+	if (add_e)
1f19ac
+		{
1f19ac
+		do_bn_print_name(out, "QeIUTx", tx);
1f19ac
+		do_bn_print_name(out, "QeIUTy", ty);
1f19ac
+		if (d)
1f19ac
+			do_bn_print_name(out, "QeIUTd", d);
1f19ac
+		}
1f19ac
+	else
1f19ac
+		{
1f19ac
+		do_bn_print_name(out, "QIUTx", tx);
1f19ac
+		do_bn_print_name(out, "QIUTy", ty);
1f19ac
+		if (d)
1f19ac
+			do_bn_print_name(out, "QIUTd", d);
1f19ac
+		}
1f19ac
+
1f19ac
+	BN_CTX_free(ctx);
1f19ac
+
1f19ac
+	return rv;
1f19ac
+
1f19ac
+	}
1f19ac
+
1f19ac
+static void ec_output_Zhash(FILE *out, int exout, EC_GROUP *group,
1f19ac
+			BIGNUM *ix, BIGNUM *iy, BIGNUM *id, BIGNUM *cx,
1f19ac
+			BIGNUM *cy, const EVP_MD *md,
1f19ac
+				unsigned char *rhash, size_t rhashlen)
1f19ac
+	{
1f19ac
+	EC_KEY *ec = NULL;
1f19ac
+	EC_POINT *peerkey = NULL;
1f19ac
+	unsigned char *Z;
1f19ac
+	unsigned char chash[EVP_MAX_MD_SIZE];
1f19ac
+	int Zlen;
1f19ac
+	ec = EC_KEY_new();
1f19ac
+	EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH);
1f19ac
+	EC_KEY_set_group(ec, group);
1f19ac
+	peerkey = make_peer(group, cx, cy);
1f19ac
+	if (rhash == NULL)
1f19ac
+		{
1f19ac
+		if (md)
1f19ac
+			rhashlen = M_EVP_MD_size(md);
1f19ac
+		EC_KEY_generate_key(ec);
1f19ac
+		ec_print_key(out, ec, md ? 1 : 0, exout);
1f19ac
+		}
1f19ac
+	else
1f19ac
+		{
1f19ac
+		EC_KEY_set_public_key_affine_coordinates(ec, ix, iy);
1f19ac
+		EC_KEY_set_private_key(ec, id);
1f19ac
+		}
1f19ac
+	Zlen = (EC_GROUP_get_degree(group) + 7)/8;
1f19ac
+	Z = OPENSSL_malloc(Zlen);
1f19ac
+	if (!Z)
1f19ac
+		exit(1);
1f19ac
+	ECDH_compute_key(Z, Zlen, peerkey, ec, 0);
1f19ac
+	if (md)
1f19ac
+		{
1f19ac
+		if (exout)
1f19ac
+			OutputValue("Z", Z, Zlen, out, 0);
1f19ac
+		FIPS_digest(Z, Zlen, chash, NULL, md);
1f19ac
+		OutputValue(rhash ? "IUTHashZZ" : "HashZZ",
1f19ac
+						chash, rhashlen, out, 0);
1f19ac
+		if (rhash)
1f19ac
+			{
1f19ac
+			fprintf(out, "Result = %s\n",
1f19ac
+				memcmp(chash, rhash, rhashlen) ? "F" : "P");
1f19ac
+			}
1f19ac
+		}
1f19ac
+	else
1f19ac
+		OutputValue("ZIUT", Z, Zlen, out, 0);
1f19ac
+	OPENSSL_cleanse(Z, Zlen);
1f19ac
+	OPENSSL_free(Z);
1f19ac
+	EC_KEY_free(ec);
1f19ac
+	EC_POINT_free(peerkey);
1f19ac
+	}
1f19ac
+		
1f19ac
+#ifdef FIPS_ALGVS
1f19ac
+int fips_ecdhvs_main(int argc, char **argv)
1f19ac
+#else
1f19ac
+int main(int argc, char **argv)
1f19ac
+#endif
1f19ac
+	{
1f19ac
+	char **args = argv + 1;
1f19ac
+	int argn = argc - 1;
1f19ac
+	FILE *in, *out;
1f19ac
+	char buf[2048], lbuf[2048];
1f19ac
+	unsigned char *rhash = NULL;
1f19ac
+	long rhashlen;
1f19ac
+	BIGNUM *cx = NULL, *cy = NULL;
1f19ac
+	BIGNUM *id = NULL, *ix = NULL, *iy = NULL;
1f19ac
+	const EVP_MD *md = NULL;
1f19ac
+	EC_GROUP *group = NULL;
1f19ac
+	char *keyword = NULL, *value = NULL;
1f19ac
+	int do_verify = -1, exout = 0;
1f19ac
+	int rv = 1;
1f19ac
+
1f19ac
+	int curve_nids[5] = {0,0,0,0,0};
1f19ac
+	int param_set = -1;
1f19ac
+
1f19ac
+	fips_algtest_init();
1f19ac
+
1f19ac
+	if (argn && !strcmp(*args, "ecdhver"))
1f19ac
+		{
1f19ac
+		do_verify = 1;
1f19ac
+		args++;
1f19ac
+		argn--;
1f19ac
+		}
1f19ac
+	else if (argn && !strcmp(*args, "ecdhgen"))
1f19ac
+		{
1f19ac
+		do_verify = 0;
1f19ac
+		args++;
1f19ac
+		argn--;
1f19ac
+		}
1f19ac
+
1f19ac
+	if (argn && !strcmp(*args, "-exout"))
1f19ac
+		{
1f19ac
+		exout = 1;
1f19ac
+		args++;
1f19ac
+		argn--;
1f19ac
+		}
1f19ac
+
1f19ac
+	if (do_verify == -1)
1f19ac
+		{
1f19ac
+		fprintf(stderr,"%s [ecdhver|ecdhgen|] [-exout] (infile outfile)\n",argv[0]);
1f19ac
+		exit(1);
1f19ac
+		}
1f19ac
+
1f19ac
+	if (argn == 2)
1f19ac
+		{
1f19ac
+		in = fopen(*args, "r");
1f19ac
+		if (!in)
1f19ac
+			{
1f19ac
+			fprintf(stderr, "Error opening input file\n");
1f19ac
+			exit(1);
1f19ac
+			}
1f19ac
+		out = fopen(args[1], "w");
1f19ac
+		if (!out)
1f19ac
+			{
1f19ac
+			fprintf(stderr, "Error opening output file\n");
1f19ac
+			exit(1);
1f19ac
+			}
1f19ac
+		}
1f19ac
+	else if (argn == 0)
1f19ac
+		{
1f19ac
+		in = stdin;
1f19ac
+		out = stdout;
1f19ac
+		}
1f19ac
+	else
1f19ac
+		{
1f19ac
+		fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
1f19ac
+		exit(1);
1f19ac
+		}
1f19ac
+
1f19ac
+	while (fgets(buf, sizeof(buf), in) != NULL)
1f19ac
+		{
1f19ac
+		fputs(buf, out);
1f19ac
+		if (buf[0] == '[' && buf[1] == 'E')
1f19ac
+			{
1f19ac
+			int c = buf[2];
1f19ac
+			if (c < 'A' || c > 'E')
1f19ac
+				goto parse_error;
1f19ac
+			param_set = c - 'A';
1f19ac
+			/* If just [E?] then initial paramset */
1f19ac
+			if (buf[3] == ']')
1f19ac
+				continue;
1f19ac
+			if (group)
1f19ac
+				EC_GROUP_free(group);
1f19ac
+			group = EC_GROUP_new_by_curve_name(curve_nids[c - 'A']);
1f19ac
+			}
1f19ac
+		if (strlen(buf) > 10 && !strncmp(buf, "[Curve", 6))
1f19ac
+			{
1f19ac
+			int nid;
1f19ac
+			if (param_set == -1)
1f19ac
+				goto parse_error;
1f19ac
+			nid = lookup_curve(buf);
1f19ac
+			if (nid == NID_undef)
1f19ac
+				goto parse_error;
1f19ac
+			curve_nids[param_set] = nid;
1f19ac
+			}
1f19ac
+
1f19ac
+		if (strlen(buf) > 4 && buf[0] == '[' && buf[2] == '-')
1f19ac
+			{
1f19ac
+			int nid = lookup_curve2(buf + 1);
1f19ac
+			if (nid == NID_undef)
1f19ac
+				goto parse_error;
1f19ac
+			if (group)
1f19ac
+				EC_GROUP_free(group);
1f19ac
+			group = EC_GROUP_new_by_curve_name(nid);
1f19ac
+			if (!group)
1f19ac
+				{
1f19ac
+				fprintf(stderr, "ERROR: unsupported curve %s\n", buf + 1);
1f19ac
+				return 1;
1f19ac
+				}
1f19ac
+			}
1f19ac
+
1f19ac
+		if (strlen(buf) > 6 && !strncmp(buf, "[E", 2))
1f19ac
+			{
1f19ac
+			md = eparse_md(buf);
1f19ac
+			if (md == NULL)
1f19ac
+				goto parse_error;
1f19ac
+			continue;
1f19ac
+			}
1f19ac
+		if (!parse_line(&keyword, &value, lbuf, buf))
1f19ac
+			continue;
1f19ac
+		if (!strcmp(keyword, "QeCAVSx") || !strcmp(keyword, "QCAVSx"))
1f19ac
+			{
1f19ac
+			if (!do_hex2bn(&cx, value))
1f19ac
+				goto parse_error;
1f19ac
+			}
1f19ac
+		else if (!strcmp(keyword, "QeCAVSy") || !strcmp(keyword, "QCAVSy"))
1f19ac
+			{
1f19ac
+			if (!do_hex2bn(&cy, value))
1f19ac
+				goto parse_error;
1f19ac
+			if (do_verify == 0)
1f19ac
+				ec_output_Zhash(out, exout, group,
1f19ac
+						NULL, NULL, NULL,
1f19ac
+						cx, cy, md, rhash, rhashlen);
1f19ac
+			}
1f19ac
+		else if (!strcmp(keyword, "deIUT"))
1f19ac
+			{
1f19ac
+			if (!do_hex2bn(&id, value))
1f19ac
+				goto parse_error;
1f19ac
+			}
1f19ac
+		else if (!strcmp(keyword, "QeIUTx"))
1f19ac
+			{
1f19ac
+			if (!do_hex2bn(&ix, value))
1f19ac
+				goto parse_error;
1f19ac
+			}
1f19ac
+		else if (!strcmp(keyword, "QeIUTy"))
1f19ac
+			{
1f19ac
+			if (!do_hex2bn(&iy, value))
1f19ac
+				goto parse_error;
1f19ac
+			}
1f19ac
+		else if (!strcmp(keyword, "CAVSHashZZ"))
1f19ac
+			{
1f19ac
+			if (!md)
1f19ac
+				goto parse_error;
1f19ac
+			rhash = hex2bin_m(value, &rhashlen);
1f19ac
+			if (!rhash || rhashlen != M_EVP_MD_size(md))
1f19ac
+				goto parse_error;
1f19ac
+			ec_output_Zhash(out, exout, group, ix, iy, id, cx, cy,
1f19ac
+					md, rhash, rhashlen);
1f19ac
+			}
1f19ac
+		}
1f19ac
+	rv = 0;
1f19ac
+	parse_error:
1f19ac
+	if (id)
1f19ac
+		BN_free(id);
1f19ac
+	if (ix)
1f19ac
+		BN_free(ix);
1f19ac
+	if (iy)
1f19ac
+		BN_free(iy);
1f19ac
+	if (cx)
1f19ac
+		BN_free(cx);
1f19ac
+	if (cy)
1f19ac
+		BN_free(cy);
1f19ac
+	if (group)
1f19ac
+		EC_GROUP_free(group);
1f19ac
+	if (in && in != stdin)
1f19ac
+		fclose(in);
1f19ac
+	if (out && out != stdout)
1f19ac
+		fclose(out);
1f19ac
+	if (rv)
1f19ac
+		fprintf(stderr, "Error Parsing request file\n");
1f19ac
+	return rv;
1f19ac
+	}
1f19ac
+
1f19ac
+#endif
613f66
diff -up openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c
613f66
--- openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c.fips-ec	2014-10-16 13:25:20.733109257 +0200
613f66
+++ openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c	2014-10-16 13:25:20.733109257 +0200
1f19ac
@@ -0,0 +1,533 @@
1f19ac
+/* fips/ecdsa/fips_ecdsavs.c */
1f19ac
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
1f19ac
+ * project.
1f19ac
+ */
1f19ac
+/* ====================================================================
1f19ac
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
1f19ac
+ *
1f19ac
+ * Redistribution and use in source and binary forms, with or without
1f19ac
+ * modification, are permitted provided that the following conditions
1f19ac
+ * are met:
1f19ac
+ *
1f19ac
+ * 1. Redistributions of source code must retain the above copyright
1f19ac
+ *    notice, this list of conditions and the following disclaimer. 
1f19ac
+ *
1f19ac
+ * 2. Redistributions in binary form must reproduce the above copyright
1f19ac
+ *    notice, this list of conditions and the following disclaimer in
1f19ac
+ *    the documentation and/or other materials provided with the
1f19ac
+ *    distribution.
1f19ac
+ *
1f19ac
+ * 3. All advertising materials mentioning features or use of this
1f19ac
+ *    software must display the following acknowledgment:
1f19ac
+ *    "This product includes software developed by the OpenSSL Project
1f19ac
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
1f19ac
+ *
1f19ac
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1f19ac
+ *    endorse or promote products derived from this software without
1f19ac
+ *    prior written permission. For written permission, please contact
1f19ac
+ *    licensing@OpenSSL.org.
1f19ac
+ *
1f19ac
+ * 5. Products derived from this software may not be called "OpenSSL"
1f19ac
+ *    nor may "OpenSSL" appear in their names without prior written
1f19ac
+ *    permission of the OpenSSL Project.
1f19ac
+ *
1f19ac
+ * 6. Redistributions of any form whatsoever must retain the following
1f19ac
+ *    acknowledgment:
1f19ac
+ *    "This product includes software developed by the OpenSSL Project
1f19ac
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
1f19ac
+ *
1f19ac
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1f19ac
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1f19ac
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1f19ac
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
1f19ac
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1f19ac
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1f19ac
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1f19ac
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1f19ac
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1f19ac
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1f19ac
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1f19ac
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
1f19ac
+ * ====================================================================
1f19ac
+ */
1f19ac
+
1f19ac
+#define OPENSSL_FIPSAPI
1f19ac
+#include <openssl opensslconf.h="">
1f19ac
+#include <stdio.h>
1f19ac
+
1f19ac
+#ifndef OPENSSL_FIPS
1f19ac
+
1f19ac
+int main(int argc, char **argv)
1f19ac
+{
1f19ac
+    printf("No FIPS ECDSA support\n");
1f19ac
+    return(0);
1f19ac
+}
1f19ac
+#else
1f19ac
+
1f19ac
+#include <string.h>
1f19ac
+#include <ctype.h>
1f19ac
+#include <openssl err.h="">
1f19ac
+#include <openssl bn.h="">
1f19ac
+#include <openssl ecdsa.h="">
1f19ac
+#include <openssl evp.h="">
1f19ac
+#include "fips_utl.h"
1f19ac
+
1f19ac
+#include <openssl objects.h="">
1f19ac
+
1f19ac
+
1f19ac
+static int elookup_curve(char *in, char *curve_name, const EVP_MD **pmd)
1f19ac
+	{
1f19ac
+	char *cname, *p;
1f19ac
+	/* Copy buffer as we will change it */
1f19ac
+	strcpy(curve_name, in);
1f19ac
+	cname = curve_name + 1;
1f19ac
+	p = strchr(cname, ']');
1f19ac
+	if (!p)
1f19ac
+		{
1f19ac
+		fprintf(stderr, "Parse error: missing ]\n");
1f19ac
+		return NID_undef;
1f19ac
+		}
1f19ac
+	*p = 0;
1f19ac
+	p = strchr(cname, ',');
1f19ac
+	if (p)
1f19ac
+		{
1f19ac
+		if (!pmd)
1f19ac
+			{
1f19ac
+			fprintf(stderr, "Parse error: unexpected digest\n");
1f19ac
+			return NID_undef;
1f19ac
+			}
1f19ac
+		*p = 0;
1f19ac
+		p++;
1f19ac
+
1f19ac
+		if (!strcmp(p, "SHA-1"))
1f19ac
+			*pmd = EVP_sha1();
1f19ac
+		else if (!strcmp(p, "SHA-224"))
1f19ac
+			*pmd = EVP_sha224();
1f19ac
+		else if (!strcmp(p, "SHA-256"))
1f19ac
+			*pmd = EVP_sha256();
1f19ac
+		else if (!strcmp(p, "SHA-384"))
1f19ac
+			*pmd = EVP_sha384();
1f19ac
+		else if (!strcmp(p, "SHA-512"))
1f19ac
+			*pmd = EVP_sha512();
1f19ac
+		else
1f19ac
+			{
1f19ac
+			fprintf(stderr, "Unknown digest %s\n", p);
1f19ac
+			return NID_undef;
1f19ac
+			}
1f19ac
+		}
1f19ac
+	else if(pmd)
1f19ac
+		*pmd = EVP_sha1();
1f19ac
+
1f19ac
+	if (!strcmp(cname, "B-163"))
1f19ac
+		return NID_sect163r2;
1f19ac
+	if (!strcmp(cname, "B-233"))
1f19ac
+		return NID_sect233r1;
1f19ac
+	if (!strcmp(cname, "B-283"))
1f19ac
+		return NID_sect283r1;
1f19ac
+	if (!strcmp(cname, "B-409"))
1f19ac
+		return NID_sect409r1;
1f19ac
+	if (!strcmp(cname, "B-571"))
1f19ac
+		return NID_sect571r1;
1f19ac
+	if (!strcmp(cname, "K-163"))
1f19ac
+		return NID_sect163k1;
1f19ac
+	if (!strcmp(cname, "K-233"))
1f19ac
+		return NID_sect233k1;
1f19ac
+	if (!strcmp(cname, "K-283"))
1f19ac
+		return NID_sect283k1;
1f19ac
+	if (!strcmp(cname, "K-409"))
1f19ac
+		return NID_sect409k1;
1f19ac
+	if (!strcmp(cname, "K-571"))
1f19ac
+		return NID_sect571k1;
1f19ac
+	if (!strcmp(cname, "P-192"))
1f19ac
+		return NID_X9_62_prime192v1;
1f19ac
+	if (!strcmp(cname, "P-224"))
1f19ac
+		return NID_secp224r1;
1f19ac
+	if (!strcmp(cname, "P-256"))
1f19ac
+		return NID_X9_62_prime256v1;
1f19ac
+	if (!strcmp(cname, "P-384"))
1f19ac
+		return NID_secp384r1;
1f19ac
+	if (!strcmp(cname, "P-521"))
1f19ac
+		return NID_secp521r1;
1f19ac
+
1f19ac
+	fprintf(stderr, "Unknown Curve name %s\n", cname);
1f19ac
+	return NID_undef;
1f19ac
+	}
1f19ac
+
1f19ac
+static int ec_get_pubkey(EC_KEY *key, BIGNUM *x, BIGNUM *y)
1f19ac
+	{
1f19ac
+	const EC_POINT *pt;
1f19ac
+	const EC_GROUP *grp;
1f19ac
+	const EC_METHOD *meth;
1f19ac
+	int rv;
1f19ac
+	BN_CTX *ctx;
1f19ac
+	ctx = BN_CTX_new();
1f19ac
+	if (!ctx)
1f19ac
+		return 0;
1f19ac
+	grp = EC_KEY_get0_group(key);
1f19ac
+	pt = EC_KEY_get0_public_key(key);
1f19ac
+	meth = EC_GROUP_method_of(grp);
1f19ac
+	if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
1f19ac
+		rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, x, y, ctx);
1f19ac
+	else
1f19ac
+#ifdef OPENSSL_NO_EC2M
1f19ac
+		{
1f19ac
+		fprintf(stderr, "ERROR: GF2m not supported\n");
1f19ac
+		exit(1);
1f19ac
+		}
1f19ac
+#else
1f19ac
+		rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, x, y, ctx);
1f19ac
+#endif
1f19ac
+
1f19ac
+	BN_CTX_free(ctx);
1f19ac
+
1f19ac
+	return rv;
1f19ac
+
1f19ac
+	}
1f19ac
+
1f19ac
+static int KeyPair(FILE *in, FILE *out)
1f19ac
+	{
1f19ac
+	char buf[2048], lbuf[2048];
1f19ac
+	char *keyword, *value;
1f19ac
+	int curve_nid = NID_undef;
1f19ac
+	int i, count;
1f19ac
+	BIGNUM *Qx = NULL, *Qy = NULL;
1f19ac
+	const BIGNUM *d = NULL;
1f19ac
+	EC_KEY *key = NULL;
1f19ac
+	Qx = BN_new();
1f19ac
+	Qy = BN_new();
1f19ac
+	while(fgets(buf, sizeof buf, in) != NULL)
1f19ac
+		{
1f19ac
+		if (*buf == '[' && buf[2] == '-')
1f19ac
+			{
1f19ac
+			if (buf[2] == '-')
1f19ac
+			curve_nid = elookup_curve(buf, lbuf, NULL);
1f19ac
+			fputs(buf, out);
1f19ac
+			continue;
1f19ac
+			}
1f19ac
+		if (!parse_line(&keyword, &value, lbuf, buf))
1f19ac
+			{
1f19ac
+			fputs(buf, out);
1f19ac
+			continue;
1f19ac
+			}
1f19ac
+		if (!strcmp(keyword, "N"))
1f19ac
+			{
1f19ac
+			count = atoi(value);
1f19ac
+
1f19ac
+			for (i = 0; i < count; i++)
1f19ac
+				{
1f19ac
+
1f19ac
+				key = EC_KEY_new_by_curve_name(curve_nid);
1f19ac
+				if (!EC_KEY_generate_key(key))
1f19ac
+					{
1f19ac
+					fprintf(stderr, "Error generating key\n");
1f19ac
+					return 0;
1f19ac
+					}
1f19ac
+
1f19ac
+				if (!ec_get_pubkey(key, Qx, Qy))
1f19ac
+					{
1f19ac
+					fprintf(stderr, "Error getting public key\n");
1f19ac
+					return 0;
1f19ac
+					}
1f19ac
+
1f19ac
+				d = EC_KEY_get0_private_key(key);
1f19ac
+
1f19ac
+				do_bn_print_name(out, "d", d);
1f19ac
+				do_bn_print_name(out, "Qx", Qx);
1f19ac
+				do_bn_print_name(out, "Qy", Qy);
1f19ac
+				fputs(RESP_EOL, out);
1f19ac
+				EC_KEY_free(key);
1f19ac
+
1f19ac
+				}
1f19ac
+
1f19ac
+			}
1f19ac
+
1f19ac
+		}
1f19ac
+	BN_free(Qx);
1f19ac
+	BN_free(Qy);
1f19ac
+	return 1;
1f19ac
+	}
1f19ac
+
1f19ac
+static int PKV(FILE *in, FILE *out)
1f19ac
+	{
1f19ac
+
1f19ac
+	char buf[2048], lbuf[2048];
1f19ac
+	char *keyword, *value;
1f19ac
+	int curve_nid = NID_undef;
1f19ac
+	BIGNUM *Qx = NULL, *Qy = NULL;
1f19ac
+	EC_KEY *key = NULL;
1f19ac
+	while(fgets(buf, sizeof buf, in) != NULL)
1f19ac
+		{
1f19ac
+		fputs(buf, out);
1f19ac
+		if (*buf == '[' && buf[2] == '-')
1f19ac
+			{
1f19ac
+			curve_nid = elookup_curve(buf, lbuf, NULL);
1f19ac
+			if (curve_nid == NID_undef)
1f19ac
+				return 0;
1f19ac
+				
1f19ac
+			}
1f19ac
+		if (!parse_line(&keyword, &value, lbuf, buf))
1f19ac
+			continue;
1f19ac
+		if (!strcmp(keyword, "Qx"))
1f19ac
+			{
1f19ac
+			if (!do_hex2bn(&Qx, value))
1f19ac
+				{
1f19ac
+				fprintf(stderr, "Invalid Qx value\n");
1f19ac
+				return 0;
1f19ac
+				}
1f19ac
+			}
1f19ac
+		if (!strcmp(keyword, "Qy"))
1f19ac
+			{
1f19ac
+			int rv;
1f19ac
+			if (!do_hex2bn(&Qy, value))
1f19ac
+				{
1f19ac
+				fprintf(stderr, "Invalid Qy value\n");
1f19ac
+				return 0;
1f19ac
+				}
1f19ac
+			key = EC_KEY_new_by_curve_name(curve_nid);
1f19ac
+			no_err = 1;
1f19ac
+			rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
1f19ac
+			no_err = 0;
1f19ac
+			EC_KEY_free(key);
1f19ac
+			fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F");
1f19ac
+			}
1f19ac
+
1f19ac
+		}
1f19ac
+	BN_free(Qx);
1f19ac
+	BN_free(Qy);
1f19ac
+	return 1;
1f19ac
+	}
1f19ac
+
1f19ac
+static int SigGen(FILE *in, FILE *out)
1f19ac
+	{
1f19ac
+	char buf[2048], lbuf[2048];
1f19ac
+	char *keyword, *value;
1f19ac
+	unsigned char *msg;
1f19ac
+	int curve_nid = NID_undef;
1f19ac
+	long mlen;
1f19ac
+	BIGNUM *Qx = NULL, *Qy = NULL;
1f19ac
+	EC_KEY *key = NULL;
1f19ac
+	ECDSA_SIG *sig = NULL;
1f19ac
+	const EVP_MD *digest = NULL;
1f19ac
+	Qx = BN_new();
1f19ac
+	Qy = BN_new();
1f19ac
+	while(fgets(buf, sizeof buf, in) != NULL)
1f19ac
+		{
1f19ac
+		fputs(buf, out);
1f19ac
+		if (*buf == '[')
1f19ac
+			{
1f19ac
+			curve_nid = elookup_curve(buf, lbuf, &digest);
1f19ac
+			if (curve_nid == NID_undef)
1f19ac
+				return 0;
1f19ac
+			}
1f19ac
+		if (!parse_line(&keyword, &value, lbuf, buf))
1f19ac
+			continue;
1f19ac
+		if (!strcmp(keyword, "Msg"))
1f19ac
+			{
1f19ac
+			msg = hex2bin_m(value, &mlen);
1f19ac
+			if (!msg)
1f19ac
+				{
1f19ac
+				fprintf(stderr, "Invalid Message\n");
1f19ac
+				return 0;
1f19ac
+				}
1f19ac
+
1f19ac
+			key = EC_KEY_new_by_curve_name(curve_nid);
1f19ac
+			if (!EC_KEY_generate_key(key))
1f19ac
+				{
1f19ac
+				fprintf(stderr, "Error generating key\n");
1f19ac
+				return 0;
1f19ac
+				}
1f19ac
+
1f19ac
+			if (!ec_get_pubkey(key, Qx, Qy))
1f19ac
+				{
1f19ac
+				fprintf(stderr, "Error getting public key\n");
1f19ac
+				return 0;
1f19ac
+				}
1f19ac
+
1f19ac
+	    		sig = FIPS_ecdsa_sign(key, msg, mlen, digest);
1f19ac
+
1f19ac
+			if (!sig)
1f19ac
+				{
1f19ac
+				fprintf(stderr, "Error signing message\n");
1f19ac
+				return 0;
1f19ac
+				}
1f19ac
+
1f19ac
+			do_bn_print_name(out, "Qx", Qx);
1f19ac
+			do_bn_print_name(out, "Qy", Qy);
1f19ac
+			do_bn_print_name(out, "R", sig->r);
1f19ac
+			do_bn_print_name(out, "S", sig->s);
1f19ac
+
1f19ac
+			EC_KEY_free(key);
1f19ac
+			OPENSSL_free(msg);
1f19ac
+			FIPS_ecdsa_sig_free(sig);
1f19ac
+
1f19ac
+			}
1f19ac
+
1f19ac
+		}
1f19ac
+	BN_free(Qx);
1f19ac
+	BN_free(Qy);
1f19ac
+	return 1;
1f19ac
+	}
1f19ac
+
1f19ac
+static int SigVer(FILE *in, FILE *out)
1f19ac
+	{
1f19ac
+	char buf[2048], lbuf[2048];
1f19ac
+	char *keyword, *value;
1f19ac
+	unsigned char *msg = NULL;
1f19ac
+	int curve_nid = NID_undef;
1f19ac
+	long mlen;
1f19ac
+	BIGNUM *Qx = NULL, *Qy = NULL;
1f19ac
+	EC_KEY *key = NULL;
1f19ac
+	ECDSA_SIG sg, *sig = &sg;
1f19ac
+	const EVP_MD *digest = NULL;
1f19ac
+	sig->r = NULL;
1f19ac
+	sig->s = NULL;
1f19ac
+	while(fgets(buf, sizeof buf, in) != NULL)
1f19ac
+		{
1f19ac
+		fputs(buf, out);
1f19ac
+		if (*buf == '[')
1f19ac
+			{
1f19ac
+			curve_nid = elookup_curve(buf, lbuf, &digest);
1f19ac
+			if (curve_nid == NID_undef)
1f19ac
+				return 0;
1f19ac
+			}
1f19ac
+		if (!parse_line(&keyword, &value, lbuf, buf))
1f19ac
+			continue;
1f19ac
+		if (!strcmp(keyword, "Msg"))
1f19ac
+			{
1f19ac
+			msg = hex2bin_m(value, &mlen);
1f19ac
+			if (!msg)
1f19ac
+				{
1f19ac
+				fprintf(stderr, "Invalid Message\n");
1f19ac
+				return 0;
1f19ac
+				}
1f19ac
+			}
1f19ac
+			
1f19ac
+		if (!strcmp(keyword, "Qx"))
1f19ac
+			{
1f19ac
+			if (!do_hex2bn(&Qx, value))
1f19ac
+				{
1f19ac
+				fprintf(stderr, "Invalid Qx value\n");
1f19ac
+				return 0;
1f19ac
+				}
1f19ac
+			}
1f19ac
+		if (!strcmp(keyword, "Qy"))
1f19ac
+			{
1f19ac
+			if (!do_hex2bn(&Qy, value))
1f19ac
+				{
1f19ac
+				fprintf(stderr, "Invalid Qy value\n");
1f19ac
+				return 0;
1f19ac
+				}
1f19ac
+			}
1f19ac
+		if (!strcmp(keyword, "R"))
1f19ac
+			{
1f19ac
+			if (!do_hex2bn(&sig->r, value))
1f19ac
+				{
1f19ac
+				fprintf(stderr, "Invalid R value\n");
1f19ac
+				return 0;
1f19ac
+				}
1f19ac
+			}
1f19ac
+		if (!strcmp(keyword, "S"))
1f19ac
+			{
1f19ac
+			int rv;
1f19ac
+			if (!do_hex2bn(&sig->s, value))
1f19ac
+				{
1f19ac
+				fprintf(stderr, "Invalid S value\n");
1f19ac
+				return 0;
1f19ac
+				}
1f19ac
+			key = EC_KEY_new_by_curve_name(curve_nid);
1f19ac
+			rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
1f19ac
+
1f19ac
+			if (rv != 1)
1f19ac
+				{
1f19ac
+				fprintf(stderr, "Error setting public key\n");
1f19ac
+				return 0;
1f19ac
+				}
1f19ac
+
1f19ac
+			no_err = 1;
1f19ac
+	    		rv = FIPS_ecdsa_verify(key, msg, mlen, digest, sig);
1f19ac
+			EC_KEY_free(key);
1f19ac
+			if (msg)
1f19ac
+				OPENSSL_free(msg);
1f19ac
+			no_err = 0;
1f19ac
+
1f19ac
+			fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F");
1f19ac
+			}
1f19ac
+
1f19ac
+		}
1f19ac
+	if (sig->r)
1f19ac
+		BN_free(sig->r);
1f19ac
+	if (sig->s)
1f19ac
+		BN_free(sig->s);
1f19ac
+	if (Qx)
1f19ac
+		BN_free(Qx);
1f19ac
+	if (Qy)
1f19ac
+		BN_free(Qy);
1f19ac
+	return 1;
1f19ac
+	}
1f19ac
+#ifdef FIPS_ALGVS
1f19ac
+int fips_ecdsavs_main(int argc, char **argv)
1f19ac
+#else
1f19ac
+int main(int argc, char **argv)
1f19ac
+#endif
1f19ac
+	{
1f19ac
+	FILE *in = NULL, *out = NULL;
1f19ac
+	const char *cmd = argv[1];
1f19ac
+	int rv = 0;
1f19ac
+	fips_algtest_init();
1f19ac
+
1f19ac
+	if (argc == 4)
1f19ac
+		{
1f19ac
+		in = fopen(argv[2], "r");
1f19ac
+		if (!in)
1f19ac
+			{
1f19ac
+			fprintf(stderr, "Error opening input file\n");
1f19ac
+			exit(1);
1f19ac
+			}
1f19ac
+		out = fopen(argv[3], "w");
1f19ac
+		if (!out)
1f19ac
+			{
1f19ac
+			fprintf(stderr, "Error opening output file\n");
1f19ac
+			exit(1);
1f19ac
+			}
1f19ac
+		}
1f19ac
+	else if (argc == 2)
1f19ac
+		{
1f19ac
+		in = stdin;
1f19ac
+		out = stdout;
1f19ac
+		}
1f19ac
+
1f19ac
+	if (!cmd)
1f19ac
+		{
1f19ac
+		fprintf(stderr, "fips_ecdsavs [KeyPair|PKV|SigGen|SigVer]\n");
1f19ac
+		return 1;
1f19ac
+		}
1f19ac
+	if (!strcmp(cmd, "KeyPair"))
1f19ac
+		rv = KeyPair(in, out);
1f19ac
+	else if (!strcmp(cmd, "PKV"))
1f19ac
+		rv = PKV(in, out);
1f19ac
+	else if (!strcmp(cmd, "SigVer"))
1f19ac
+		rv = SigVer(in, out);
1f19ac
+	else if (!strcmp(cmd, "SigGen"))
1f19ac
+		rv = SigGen(in, out);
1f19ac
+	else
1f19ac
+		{
1f19ac
+		fprintf(stderr, "Unknown command %s\n", cmd);
1f19ac
+		return 1;
1f19ac
+		}
1f19ac
+
1f19ac
+	if (argc == 4)
1f19ac
+		{
1f19ac
+		fclose(in);
1f19ac
+		fclose(out);
1f19ac
+		}
1f19ac
+
1f19ac
+	if (rv <= 0)
1f19ac
+		{
1f19ac
+		fprintf(stderr, "Error running %s\n", cmd);
1f19ac
+		return 1;
1f19ac
+		}
1f19ac
+
1f19ac
+	return 0;
1f19ac
+	}
1f19ac
+
1f19ac
+#endif
613f66
diff -up openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c
613f66
--- openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c.fips-ec	2014-10-16 13:25:20.733109257 +0200
613f66
+++ openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c	2014-10-16 13:25:20.733109257 +0200
1f19ac
@@ -0,0 +1,252 @@
1f19ac
+/* fips/ecdh/fips_ecdh_selftest.c */
1f19ac
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
1f19ac
+ * project 2011.
1f19ac
+ */
1f19ac
+/* ====================================================================
1f19ac
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
1f19ac
+ *
1f19ac
+ * Redistribution and use in source and binary forms, with or without
1f19ac
+ * modification, are permitted provided that the following conditions
1f19ac
+ * are met:
1f19ac
+ *
1f19ac
+ * 1. Redistributions of source code must retain the above copyright
1f19ac
+ *    notice, this list of conditions and the following disclaimer. 
1f19ac
+ *
1f19ac
+ * 2. Redistributions in binary form must reproduce the above copyright
1f19ac
+ *    notice, this list of conditions and the following disclaimer in
1f19ac
+ *    the documentation and/or other materials provided with the
1f19ac
+ *    distribution.
1f19ac
+ *
1f19ac
+ * 3. All advertising materials mentioning features or use of this
1f19ac
+ *    software must display the following acknowledgment:
1f19ac
+ *    "This product includes software developed by the OpenSSL Project
1f19ac
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
1f19ac
+ *
1f19ac
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1f19ac
+ *    endorse or promote products derived from this software without
1f19ac
+ *    prior written permission. For written permission, please contact
1f19ac
+ *    licensing@OpenSSL.org.
1f19ac
+ *
1f19ac
+ * 5. Products derived from this software may not be called "OpenSSL"
1f19ac
+ *    nor may "OpenSSL" appear in their names without prior written
1f19ac
+ *    permission of the OpenSSL Project.
1f19ac
+ *
1f19ac
+ * 6. Redistributions of any form whatsoever must retain the following
1f19ac
+ *    acknowledgment:
1f19ac
+ *    "This product includes software developed by the OpenSSL Project
1f19ac
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
1f19ac
+ *
1f19ac
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1f19ac
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1f19ac
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1f19ac
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
1f19ac
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1f19ac
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1f19ac
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1f19ac
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1f19ac
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1f19ac
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1f19ac
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1f19ac
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
1f19ac
+ * ====================================================================
1f19ac
+ *
1f19ac
+ */
1f19ac
+
1f19ac
+#define OPENSSL_FIPSAPI
1f19ac
+
1f19ac
+#include <string.h>
1f19ac
+#include <openssl crypto.h="">
1f19ac
+#include <openssl ec.h="">
1f19ac
+#include <openssl ecdh.h="">
1f19ac
+#include <openssl fips.h="">
1f19ac
+#include <openssl err.h="">
1f19ac
+#include <openssl evp.h="">
1f19ac
+#include <openssl bn.h="">
1f19ac
+
1f19ac
+#ifdef OPENSSL_FIPS
1f19ac
+
1f19ac
+#include "fips_locl.h"
1f19ac
+
1f19ac
+static const unsigned char p256_qcavsx[] = {
1f19ac
+	0x52,0xc6,0xa5,0x75,0xf3,0x04,0x98,0xb3,0x29,0x66,0x0c,0x62,
1f19ac
+	0x18,0x60,0x55,0x41,0x59,0xd4,0x60,0x85,0x99,0xc1,0x51,0x13,
1f19ac
+	0x6f,0x97,0x85,0x93,0x33,0x34,0x07,0x50
1f19ac
+};
1f19ac
+static const unsigned char p256_qcavsy[] = {
1f19ac
+	0x6f,0x69,0x24,0xeb,0xe9,0x3b,0xa7,0xcc,0x47,0x17,0xaa,0x3f,
1f19ac
+	0x70,0xfc,0x10,0x73,0x0a,0xcd,0x21,0xee,0x29,0x19,0x1f,0xaf,
1f19ac
+	0xb4,0x1c,0x1e,0xc2,0x8e,0x97,0x81,0x6e
1f19ac
+};
1f19ac
+static const unsigned char p256_qiutx[] = {
1f19ac
+	0x71,0x46,0x88,0x08,0x92,0x21,0x1b,0x10,0x21,0x74,0xff,0x0c,
1f19ac
+	0x94,0xde,0x34,0x7c,0x86,0x74,0xbe,0x67,0x41,0x68,0xd4,0xc1,
1f19ac
+	0xe5,0x75,0x63,0x9c,0xa7,0x46,0x93,0x6f
1f19ac
+};
1f19ac
+static const unsigned char p256_qiuty[] = {
1f19ac
+	0x33,0x40,0xa9,0x6a,0xf5,0x20,0xb5,0x9e,0xfc,0x60,0x1a,0xae,
1f19ac
+	0x3d,0xf8,0x21,0xd2,0xa7,0xca,0x52,0x34,0xb9,0x5f,0x27,0x75,
1f19ac
+	0x6c,0x81,0xbe,0x32,0x4d,0xba,0xbb,0xf8
1f19ac
+};
1f19ac
+static const unsigned char p256_qiutd[] = {
1f19ac
+	0x1a,0x48,0x55,0x6b,0x11,0xbe,0x92,0xd4,0x1c,0xd7,0x45,0xc3,
1f19ac
+	0x82,0x81,0x51,0xf1,0x23,0x40,0xb7,0x83,0xfd,0x01,0x6d,0xbc,
1f19ac
+	0xa1,0x66,0xaf,0x0a,0x03,0x23,0xcd,0xc8
1f19ac
+};
1f19ac
+static const unsigned char p256_ziut[] = {
1f19ac
+	0x77,0x2a,0x1e,0x37,0xee,0xe6,0x51,0x02,0x71,0x40,0xf8,0x6a,
1f19ac
+	0x36,0xf8,0x65,0x61,0x2b,0x18,0x71,0x82,0x23,0xe6,0xf2,0x77,
1f19ac
+	0xce,0xec,0xb8,0x49,0xc7,0xbf,0x36,0x4f
1f19ac
+};
1f19ac
+
1f19ac
+
1f19ac
+typedef struct 
1f19ac
+	{
1f19ac
+	int curve;
1f19ac
+	const unsigned char *x1;
1f19ac
+	size_t x1len;
1f19ac
+	const unsigned char *y1;
1f19ac
+	size_t y1len;
1f19ac
+	const unsigned char *d1;
1f19ac
+	size_t d1len;
1f19ac
+	const unsigned char *x2;
1f19ac
+	size_t x2len;
1f19ac
+	const unsigned char *y2;
1f19ac
+	size_t y2len;
1f19ac
+	const unsigned char *z;
1f19ac
+	size_t zlen;
1f19ac
+	} ECDH_SELFTEST_DATA;
1f19ac
+
1f19ac
+#define make_ecdh_test(nid, pr) { nid, \
1f19ac
+				pr##_qiutx, sizeof(pr##_qiutx), \
1f19ac
+				pr##_qiuty, sizeof(pr##_qiuty), \
1f19ac
+				pr##_qiutd, sizeof(pr##_qiutd), \
1f19ac
+				pr##_qcavsx, sizeof(pr##_qcavsx), \
1f19ac
+				pr##_qcavsy, sizeof(pr##_qcavsy), \
1f19ac
+				pr##_ziut, sizeof(pr##_ziut) }
1f19ac
+
1f19ac
+static ECDH_SELFTEST_DATA test_ecdh_data[] = 
1f19ac
+	{
1f19ac
+	make_ecdh_test(NID_X9_62_prime256v1, p256),
1f19ac
+	};
1f19ac
+
1f19ac
+int FIPS_selftest_ecdh(void)
1f19ac
+	{
1f19ac
+	EC_KEY *ec1 = NULL, *ec2 = NULL;
1f19ac
+	const EC_POINT *ecp = NULL;
1f19ac
+	BIGNUM *x = NULL, *y = NULL, *d = NULL;
1f19ac
+	unsigned char *ztmp = NULL;
1f19ac
+	int rv = 1;
1f19ac
+	size_t i;
1f19ac
+
1f19ac
+	for (i = 0; i < sizeof(test_ecdh_data)/sizeof(ECDH_SELFTEST_DATA); i++)
1f19ac
+		{
1f19ac
+		ECDH_SELFTEST_DATA *ecd = test_ecdh_data + i;
1f19ac
+		if (!fips_post_started(FIPS_TEST_ECDH, ecd->curve, 0))
1f19ac
+			continue;
1f19ac
+		ztmp = OPENSSL_malloc(ecd->zlen);
1f19ac
+
1f19ac
+		x = BN_bin2bn(ecd->x1, ecd->x1len, x);
1f19ac
+		y = BN_bin2bn(ecd->y1, ecd->y1len, y);
1f19ac
+		d = BN_bin2bn(ecd->d1, ecd->d1len, d);
1f19ac
+
1f19ac
+		if (!x || !y || !d || !ztmp)
1f19ac
+			{
1f19ac
+			rv = -1;
1f19ac
+			goto err;
1f19ac
+			}
1f19ac
+
1f19ac
+		ec1 = EC_KEY_new_by_curve_name(ecd->curve);
1f19ac
+		if (!ec1)
1f19ac
+			{
1f19ac
+			rv = -1;
1f19ac
+			goto err;
1f19ac
+			}
1f19ac
+		EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
1f19ac
+
1f19ac
+		if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y))
1f19ac
+			{
1f19ac
+			rv = -1;
1f19ac
+			goto err;
1f19ac
+			}
1f19ac
+
1f19ac
+		if (!EC_KEY_set_private_key(ec1, d))
1f19ac
+			{
1f19ac
+			rv = -1;
1f19ac
+			goto err;
1f19ac
+			}
1f19ac
+
1f19ac
+		x = BN_bin2bn(ecd->x2, ecd->x2len, x);
1f19ac
+		y = BN_bin2bn(ecd->y2, ecd->y2len, y);
1f19ac
+
1f19ac
+		if (!x || !y)
1f19ac
+			{
1f19ac
+			rv = -1;
1f19ac
+			goto err;
1f19ac
+			}
1f19ac
+
1f19ac
+		ec2 = EC_KEY_new_by_curve_name(ecd->curve);
1f19ac
+		if (!ec2)
1f19ac
+			{
1f19ac
+			rv = -1;
1f19ac
+			goto err;
1f19ac
+			}
1f19ac
+		EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
1f19ac
+
1f19ac
+		if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y))
1f19ac
+			{
1f19ac
+			rv = -1;
1f19ac
+			goto err;
1f19ac
+			}
1f19ac
+
1f19ac
+		ecp = EC_KEY_get0_public_key(ec2);
1f19ac
+		if (!ecp)
1f19ac
+			{
1f19ac
+			rv = -1;
1f19ac
+			goto err;
1f19ac
+			}
1f19ac
+
1f19ac
+		if (!ECDH_compute_key(ztmp, ecd->zlen, ecp, ec1, 0))
1f19ac
+			{
1f19ac
+			rv = -1;
1f19ac
+			goto err;
1f19ac
+			}
1f19ac
+
1f19ac
+		if (!fips_post_corrupt(FIPS_TEST_ECDH, ecd->curve, NULL))
1f19ac
+			ztmp[0] ^= 0x1;
1f19ac
+
1f19ac
+		if (memcmp(ztmp, ecd->z, ecd->zlen))
1f19ac
+			{
1f19ac
+			fips_post_failed(FIPS_TEST_ECDH, ecd->curve, 0);
1f19ac
+			rv = 0;
1f19ac
+			}
1f19ac
+		else if (!fips_post_success(FIPS_TEST_ECDH, ecd->curve, 0))
1f19ac
+			goto err;
1f19ac
+
1f19ac
+		EC_KEY_free(ec1);
1f19ac
+		ec1 = NULL;
1f19ac
+		EC_KEY_free(ec2);
1f19ac
+		ec2 = NULL;
1f19ac
+		OPENSSL_free(ztmp);
1f19ac
+		ztmp = NULL;
1f19ac
+		}
1f19ac
+
1f19ac
+	err:
1f19ac
+
1f19ac
+	if (x)
1f19ac
+		BN_clear_free(x);
1f19ac
+	if (y)
1f19ac
+		BN_clear_free(y);
1f19ac
+	if (d)
1f19ac
+		BN_clear_free(d);
1f19ac
+	if (ec1)
1f19ac
+		EC_KEY_free(ec1);
1f19ac
+	if (ec2)
1f19ac
+		EC_KEY_free(ec2);
1f19ac
+	if (ztmp)
1f19ac
+		OPENSSL_free(ztmp);
1f19ac
+
1f19ac
+	return rv;
1f19ac
+
1f19ac
+	}
1f19ac
+
1f19ac
+#endif
613f66
diff -up openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c
613f66
--- openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c.fips-ec	2014-10-16 13:25:20.733109257 +0200
613f66
+++ openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c	2014-10-16 13:25:20.733109257 +0200
1f19ac
@@ -0,0 +1,167 @@
1f19ac
+/* fips/ecdsa/fips_ecdsa_selftest.c */
1f19ac
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
1f19ac
+ * project 2011.
1f19ac
+ */
1f19ac
+/* ====================================================================
1f19ac
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
1f19ac
+ *
1f19ac
+ * Redistribution and use in source and binary forms, with or without
1f19ac
+ * modification, are permitted provided that the following conditions
1f19ac
+ * are met:
1f19ac
+ *
1f19ac
+ * 1. Redistributions of source code must retain the above copyright
1f19ac
+ *    notice, this list of conditions and the following disclaimer. 
1f19ac
+ *
1f19ac
+ * 2. Redistributions in binary form must reproduce the above copyright
1f19ac
+ *    notice, this list of conditions and the following disclaimer in
1f19ac
+ *    the documentation and/or other materials provided with the
1f19ac
+ *    distribution.
1f19ac
+ *
1f19ac
+ * 3. All advertising materials mentioning features or use of this
1f19ac
+ *    software must display the following acknowledgment:
1f19ac
+ *    "This product includes software developed by the OpenSSL Project
1f19ac
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
1f19ac
+ *
1f19ac
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1f19ac
+ *    endorse or promote products derived from this software without
1f19ac
+ *    prior written permission. For written permission, please contact
1f19ac
+ *    licensing@OpenSSL.org.
1f19ac
+ *
1f19ac
+ * 5. Products derived from this software may not be called "OpenSSL"
1f19ac
+ *    nor may "OpenSSL" appear in their names without prior written
1f19ac
+ *    permission of the OpenSSL Project.
1f19ac
+ *
1f19ac
+ * 6. Redistributions of any form whatsoever must retain the following
1f19ac
+ *    acknowledgment:
1f19ac
+ *    "This product includes software developed by the OpenSSL Project
1f19ac
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
1f19ac
+ *
1f19ac
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1f19ac
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1f19ac
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1f19ac
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
1f19ac
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1f19ac
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1f19ac
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1f19ac
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1f19ac
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1f19ac
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1f19ac
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1f19ac
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
1f19ac
+ * ====================================================================
1f19ac
+ *
1f19ac
+ */
1f19ac
+
1f19ac
+#define OPENSSL_FIPSAPI
1f19ac
+
1f19ac
+#include <string.h>
1f19ac
+#include <openssl crypto.h="">
1f19ac
+#include <openssl ec.h="">
1f19ac
+#include <openssl ecdsa.h="">
1f19ac
+#include <openssl fips.h="">
1f19ac
+#include <openssl err.h="">
1f19ac
+#include <openssl evp.h="">
1f19ac
+#include <openssl bn.h="">
1f19ac
+
1f19ac
+#ifdef OPENSSL_FIPS
1f19ac
+
1f19ac
+static const char P_256_name[] = "ECDSA P-256";
1f19ac
+
1f19ac
+static const unsigned char P_256_d[] = {
1f19ac
+	0x51,0xbd,0x06,0xa1,0x1c,0xda,0xe2,0x12,0x99,0xc9,0x52,0x3f,
1f19ac
+	0xea,0xa4,0xd2,0xd1,0xf4,0x7f,0xd4,0x3e,0xbd,0xf8,0xfc,0x87,
1f19ac
+	0xdc,0x82,0x53,0x21,0xee,0xa0,0xdc,0x64
1f19ac
+};
1f19ac
+static const unsigned char P_256_qx[] = {
1f19ac
+	0x23,0x89,0xe0,0xf4,0x69,0xe0,0x49,0xe5,0xc7,0xe5,0x40,0x6e,
1f19ac
+	0x8f,0x25,0xdd,0xad,0x11,0x16,0x14,0x9b,0xab,0x44,0x06,0x31,
1f19ac
+	0xbf,0x5e,0xa6,0x44,0xac,0x86,0x00,0x07
1f19ac
+};
1f19ac
+static const unsigned char P_256_qy[] = {
1f19ac
+	0xb3,0x05,0x0d,0xd0,0xdc,0xf7,0x40,0xe6,0xf9,0xd8,0x6d,0x7b,
1f19ac
+	0x63,0xca,0x97,0xe6,0x12,0xf9,0xd4,0x18,0x59,0xbe,0xb2,0x5e,
1f19ac
+	0x4a,0x6a,0x77,0x23,0xf4,0x11,0x9d,0xeb
1f19ac
+};
1f19ac
+
1f19ac
+typedef struct 
1f19ac
+	{
1f19ac
+	int curve;
1f19ac
+	const char *name;
1f19ac
+	const unsigned char *x;
1f19ac
+	size_t xlen;
1f19ac
+	const unsigned char *y;
1f19ac
+	size_t ylen;
1f19ac
+	const unsigned char *d;
1f19ac
+	size_t dlen;
1f19ac
+	} EC_SELFTEST_DATA;
1f19ac
+
1f19ac
+#define make_ecdsa_test(nid, pr) { nid, pr##_name, \
1f19ac
+				pr##_qx, sizeof(pr##_qx), \
1f19ac
+				pr##_qy, sizeof(pr##_qy), \
1f19ac
+				pr##_d, sizeof(pr##_d)}
1f19ac
+
1f19ac
+static EC_SELFTEST_DATA test_ec_data[] = 
1f19ac
+	{
1f19ac
+	make_ecdsa_test(NID_X9_62_prime256v1, P_256),
1f19ac
+	};
1f19ac
+
1f19ac
+int FIPS_selftest_ecdsa()
1f19ac
+	{
1f19ac
+	EC_KEY *ec = NULL;
1f19ac
+	BIGNUM *x = NULL, *y = NULL, *d = NULL;
1f19ac
+	EVP_PKEY *pk = NULL;
1f19ac
+	int rv = 0;
1f19ac
+	size_t i;
1f19ac
+
1f19ac
+	for (i = 0; i < sizeof(test_ec_data)/sizeof(EC_SELFTEST_DATA); i++)
1f19ac
+		{
1f19ac
+		EC_SELFTEST_DATA *ecd = test_ec_data + i;
1f19ac
+
1f19ac
+		x = BN_bin2bn(ecd->x, ecd->xlen, x);
1f19ac
+		y = BN_bin2bn(ecd->y, ecd->ylen, y);
1f19ac
+		d = BN_bin2bn(ecd->d, ecd->dlen, d);
1f19ac
+
1f19ac
+		if (!x || !y || !d)
1f19ac
+			goto err;
1f19ac
+
1f19ac
+		ec = EC_KEY_new_by_curve_name(ecd->curve);
1f19ac
+		if (!ec)
1f19ac
+			goto err;
1f19ac
+
1f19ac
+		if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y))
1f19ac
+			goto err;
1f19ac
+
1f19ac
+		if (!EC_KEY_set_private_key(ec, d))
1f19ac
+			goto err;
1f19ac
+
1f19ac
+		if ((pk=EVP_PKEY_new()) == NULL)
1f19ac
+			goto err;
1f19ac
+
1f19ac
+		EVP_PKEY_assign_EC_KEY(pk, ec);
1f19ac
+
1f19ac
+		if (!fips_pkey_signature_test(pk, NULL, 0,
1f19ac
+						NULL, 0, EVP_sha256(), 0,
1f19ac
+						ecd->name))
1f19ac
+			goto err;
1f19ac
+		}
1f19ac
+
1f19ac
+	rv = 1;
1f19ac
+
1f19ac
+	err:
1f19ac
+
1f19ac
+	if (x)
1f19ac
+		BN_clear_free(x);
1f19ac
+	if (y)
1f19ac
+		BN_clear_free(y);
1f19ac
+	if (d)
1f19ac
+		BN_clear_free(d);
1f19ac
+	if (pk)
1f19ac
+		EVP_PKEY_free(pk);
1f19ac
+	else if (ec)
1f19ac
+		EC_KEY_free(ec);
1f19ac
+
1f19ac
+	return rv;
1f19ac
+
1f19ac
+	}
1f19ac
+
1f19ac
+#endif
613f66
diff -up openssl-1.0.1j/crypto/fips/fips.h.fips-ec openssl-1.0.1j/crypto/fips/fips.h
613f66
--- openssl-1.0.1j/crypto/fips/fips.h.fips-ec	2014-10-16 13:25:20.701108535 +0200
613f66
+++ openssl-1.0.1j/crypto/fips/fips.h	2014-10-16 13:25:20.733109257 +0200
b35514
@@ -93,6 +93,8 @@ int FIPS_selftest_rsa(void);
b35514
 void FIPS_corrupt_dsa(void);
b35514
 void FIPS_corrupt_dsa_keygen(void);
b35514
 int FIPS_selftest_dsa(void);
b35514
+int FIPS_selftest_ecdsa(void);
b35514
+int FIPS_selftest_ecdh(void);
b35514
 void FIPS_corrupt_rng(void);
b35514
 void FIPS_rng_stick(void);
b35514
 void FIPS_x931_stick(int onoff);
613f66
diff -up openssl-1.0.1j/crypto/fips/fips_post.c.fips-ec openssl-1.0.1j/crypto/fips/fips_post.c
613f66
--- openssl-1.0.1j/crypto/fips/fips_post.c.fips-ec	2014-10-16 13:25:20.702108557 +0200
613f66
+++ openssl-1.0.1j/crypto/fips/fips_post.c	2014-10-16 13:25:20.733109257 +0200
1f19ac
@@ -95,8 +95,12 @@ int FIPS_selftest(void)
1f19ac
 		rv = 0;
1f19ac
 	if (!FIPS_selftest_rsa())
1f19ac
 		rv = 0;
1f19ac
+	if (!FIPS_selftest_ecdsa())
1f19ac
+		rv = 0;
1f19ac
 	if (!FIPS_selftest_dsa())
1f19ac
 		rv = 0;
1f19ac
+	if (!FIPS_selftest_ecdh())
1f19ac
+		rv = 0;
1f19ac
 	return rv;
1f19ac
 	}
1f19ac
 
613f66
diff -up openssl-1.0.1j/crypto/fips/Makefile.fips-ec openssl-1.0.1j/crypto/fips/Makefile
613f66
--- openssl-1.0.1j/crypto/fips/Makefile.fips-ec	2014-10-16 13:25:20.704108603 +0200
613f66
+++ openssl-1.0.1j/crypto/fips/Makefile	2014-10-16 13:25:20.734109280 +0200
b35514
@@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self
b35514
     fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c  fips_rand.c \
b35514
     fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
b35514
     fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
b35514
-    fips_cmac_selftest.c fips_enc.c fips_md.c
b35514
+    fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c
b35514
 
b35514
 LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \
b35514
     fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o  fips_rand.o \
b35514
     fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
b35514
     fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
b35514
-    fips_cmac_selftest.o fips_enc.o fips_md.o
b35514
+    fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o
b35514
 
b35514
 LIBCRYPTO=-L.. -lcrypto
b35514
 
613f66
@@ -119,6 +119,21 @@ fips_aes_selftest.o: ../../include/opens
b35514
 fips_aes_selftest.o: ../../include/openssl/safestack.h
b35514
 fips_aes_selftest.o: ../../include/openssl/stack.h
b35514
 fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c
b35514
+fips_cmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
b35514
+fips_cmac_selftest.o: ../../include/openssl/cmac.h
b35514
+fips_cmac_selftest.o: ../../include/openssl/crypto.h
b35514
+fips_cmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
b35514
+fips_cmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
b35514
+fips_cmac_selftest.o: ../../include/openssl/lhash.h
b35514
+fips_cmac_selftest.o: ../../include/openssl/obj_mac.h
b35514
+fips_cmac_selftest.o: ../../include/openssl/objects.h
b35514
+fips_cmac_selftest.o: ../../include/openssl/opensslconf.h
b35514
+fips_cmac_selftest.o: ../../include/openssl/opensslv.h
b35514
+fips_cmac_selftest.o: ../../include/openssl/ossl_typ.h
b35514
+fips_cmac_selftest.o: ../../include/openssl/safestack.h
b35514
+fips_cmac_selftest.o: ../../include/openssl/stack.h
b35514
+fips_cmac_selftest.o: ../../include/openssl/symhacks.h fips_cmac_selftest.c
b35514
+fips_cmac_selftest.o: fips_locl.h
b35514
 fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
b35514
 fips_des_selftest.o: ../../include/openssl/crypto.h
b35514
 fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
613f66
@@ -232,6 +247,46 @@ fips_dsa_selftest.o: ../../include/opens
b35514
 fips_dsa_selftest.o: ../../include/openssl/stack.h
b35514
 fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
b35514
 fips_dsa_selftest.o: fips_locl.h
b35514
+fips_ecdh_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
b35514
+fips_ecdh_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
b35514
+fips_ecdh_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
b35514
+fips_ecdh_selftest.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h
b35514
+fips_ecdh_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
b35514
+fips_ecdh_selftest.o: ../../include/openssl/lhash.h
b35514
+fips_ecdh_selftest.o: ../../include/openssl/obj_mac.h
b35514
+fips_ecdh_selftest.o: ../../include/openssl/objects.h
b35514
+fips_ecdh_selftest.o: ../../include/openssl/opensslconf.h
b35514
+fips_ecdh_selftest.o: ../../include/openssl/opensslv.h
b35514
+fips_ecdh_selftest.o: ../../include/openssl/ossl_typ.h
b35514
+fips_ecdh_selftest.o: ../../include/openssl/safestack.h
b35514
+fips_ecdh_selftest.o: ../../include/openssl/stack.h
b35514
+fips_ecdh_selftest.o: ../../include/openssl/symhacks.h fips_ecdh_selftest.c
b35514
+fips_ecdh_selftest.o: fips_locl.h
b35514
+fips_ecdsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
b35514
+fips_ecdsa_selftest.o: ../../include/openssl/bn.h
b35514
+fips_ecdsa_selftest.o: ../../include/openssl/crypto.h
b35514
+fips_ecdsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
b35514
+fips_ecdsa_selftest.o: ../../include/openssl/ecdsa.h
b35514
+fips_ecdsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
b35514
+fips_ecdsa_selftest.o: ../../include/openssl/fips.h
b35514
+fips_ecdsa_selftest.o: ../../include/openssl/lhash.h
b35514
+fips_ecdsa_selftest.o: ../../include/openssl/obj_mac.h
b35514
+fips_ecdsa_selftest.o: ../../include/openssl/objects.h
b35514
+fips_ecdsa_selftest.o: ../../include/openssl/opensslconf.h
b35514
+fips_ecdsa_selftest.o: ../../include/openssl/opensslv.h
b35514
+fips_ecdsa_selftest.o: ../../include/openssl/ossl_typ.h
b35514
+fips_ecdsa_selftest.o: ../../include/openssl/safestack.h
b35514
+fips_ecdsa_selftest.o: ../../include/openssl/stack.h
b35514
+fips_ecdsa_selftest.o: ../../include/openssl/symhacks.h fips_ecdsa_selftest.c
b35514
+fips_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
b35514
+fips_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
b35514
+fips_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
b35514
+fips_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
b35514
+fips_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
b35514
+fips_enc.o: ../../include/openssl/opensslconf.h
b35514
+fips_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
b35514
+fips_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
b35514
+fips_enc.o: ../../include/openssl/symhacks.h fips_enc.c
b35514
 fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
b35514
 fips_hmac_selftest.o: ../../include/openssl/crypto.h
b35514
 fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
613f66
@@ -246,6 +301,15 @@ fips_hmac_selftest.o: ../../include/open
b35514
 fips_hmac_selftest.o: ../../include/openssl/safestack.h
b35514
 fips_hmac_selftest.o: ../../include/openssl/stack.h
b35514
 fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c
b35514
+fips_md.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
b35514
+fips_md.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
b35514
+fips_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h
b35514
+fips_md.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
b35514
+fips_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
b35514
+fips_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
b35514
+fips_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
b35514
+fips_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
b35514
+fips_md.o: fips_md.c
b35514
 fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
b35514
 fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
b35514
 fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
613f66
diff -up openssl-1.0.1j/version.map.fips-ec openssl-1.0.1j/version.map
613f66
--- openssl-1.0.1j/version.map.fips-ec	2014-10-16 13:25:20.716108873 +0200
613f66
+++ openssl-1.0.1j/version.map	2014-10-16 13:25:20.734109280 +0200
83d99a
@@ -6,3 +6,7 @@ OPENSSL_1.0.1 {
1f19ac
 	    _original*;
1f19ac
 	    _current*;
1f19ac
 };
1f19ac
+OPENSSL_1.0.1_EC {
1f19ac
+    global:
1f19ac
+	    EC*;
1f19ac
+};