Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for

[openssl.git] / fips / fips.c

diff --git a/fips/fips.c b/fips/fips.c
index 6a88661a0ca5c0961bd181b05d0ec4269a4fbd82..2b66160bb51de24d234de3c9b4d9402ce6680e75 100644 (file)
--- a/fips/fips.c
+++ b/fips/fips.c
@@ -49,6 +49,7 @@
 
 #define OPENSSL_FIPSAPI
 
+#include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/fips_rand.h>
 #include <openssl/err.h>
@@ -56,6 +57,7 @@
 #include <openssl/hmac.h>
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
+#include <openssl/ecdsa.h>
 #include <string.h>
 #include <limits.h>
 #include "fips_locl.h"
@@ -172,9 +174,12 @@ int FIPS_selftest(void)
 
     return FIPS_selftest_sha1()
        && FIPS_selftest_hmac()
+       && FIPS_selftest_cmac()
        && FIPS_selftest_aes()
+       && FIPS_selftest_aes_gcm()
        && FIPS_selftest_des()
        && FIPS_selftest_rsa()
+       && FIPS_selftest_ecdsa()
        && FIPS_selftest_dsa();
     }
 
@@ -272,7 +277,6 @@ int FIPS_mode_set(int onoff)
 
     if(onoff)
        {
-       unsigned char buf[48];
 
        fips_selftest_fail = 0;
 
@@ -311,6 +315,13 @@ int FIPS_mode_set(int onoff)
            goto end;
            }
 
+       if (!FIPS_selftest_drbg())
+           {
+           fips_selftest_fail = 1;
+           ret = 0;
+           goto end;
+           }
+
        /* Perform RNG KAT before seeding */
        if (!FIPS_selftest_rng())
            {
@@ -318,10 +329,11 @@ int FIPS_mode_set(int onoff)
            ret = 0;
            goto end;
            }
-
+#if 0
        /* automagically seed PRNG if not already seeded */
        if(!FIPS_rand_status())
            {
+           unsigned char buf[48];
            if(RAND_bytes(buf,sizeof buf) <= 0)
                {
                fips_selftest_fail = 1;
@@ -335,6 +347,10 @@ int FIPS_mode_set(int onoff)
        /* now switch into FIPS mode */
        fips_set_rand_check(FIPS_rand_method());
        RAND_set_rand_method(FIPS_rand_method());
+#else
+       fips_set_rand_check(FIPS_drbg_method());
+       RAND_set_rand_method(FIPS_drbg_method());
+#endif
        if(FIPS_selftest())
            fips_set_mode(1);
        else
@@ -437,8 +453,9 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
        unsigned char sigtmp[256], *sig = sigtmp;
        unsigned int siglen;
        DSA_SIG *dsig = NULL;
+       ECDSA_SIG *esig = NULL;
        EVP_MD_CTX mctx;
-       EVP_MD_CTX_init(&mctx);
+       FIPS_md_ctx_init(&mctx);
 
        if ((pkey->type == EVP_PKEY_RSA)
                && ((size_t)RSA_size(pkey->pkey.rsa) > sizeof(sigtmp)))
@@ -454,9 +471,12 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
        if (tbslen == -1)
                tbslen = strlen((char *)tbs);
 
-       if (!EVP_DigestInit_ex(&mctx, digest, NULL))
+       if (digest == NULL)
+               digest = EVP_sha256();
+
+       if (!FIPS_digestinit(&mctx, digest))
                goto error;
-       if (!EVP_DigestUpdate(&mctx, tbs, tbslen))
+       if (!FIPS_digestupdate(&mctx, tbs, tbslen))
                goto error;
        if (pkey->type == EVP_PKEY_RSA)
                {
@@ -470,6 +490,12 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
                if (!dsig)
                        goto error;
                }
+       else if (pkey->type == EVP_PKEY_EC)
+               {
+               esig = FIPS_ecdsa_sign_ctx(pkey->pkey.ec, &mctx);
+               if (!esig)
+                       goto error;
+               }
 #if 0
        else if (!EVP_SignFinal(&mctx, sig, &siglen, pkey))
                goto error;
@@ -478,9 +504,9 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
        if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen)))
                goto error;
 
-       if (!EVP_DigestInit_ex(&mctx, digest, NULL))
+       if (!FIPS_digestinit(&mctx, digest))
                goto error;
-       if (!EVP_DigestUpdate(&mctx, tbs, tbslen))
+       if (!FIPS_digestupdate(&mctx, tbs, tbslen))
                goto error;
        if (pkey->type == EVP_PKEY_RSA)
                {
@@ -491,6 +517,10 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
                {
                ret = FIPS_dsa_verify_ctx(pkey->pkey.dsa, &mctx, dsig);
                }
+       else if (pkey->type == EVP_PKEY_EC)
+               {
+               ret = FIPS_ecdsa_verify_ctx(pkey->pkey.ec, &mctx, esig);
+               }
 #if 0
        else
                ret = EVP_VerifyFinal(&mctx, sig, siglen, pkey);
@@ -498,15 +528,17 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
 
        error:
        if (dsig != NULL)
-               DSA_SIG_free(dsig);
+               FIPS_dsa_sig_free(dsig);
+       if (esig != NULL)
+               FIPS_ecdsa_sig_free(esig);
        if (sig != sigtmp)
                OPENSSL_free(sig);
-       EVP_MD_CTX_cleanup(&mctx);
+       FIPS_md_ctx_cleanup(&mctx);
        if (ret != 1)
                {
                FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,FIPS_R_TEST_FAILURE);
                if (fail_str)
-                       ERR_add_error_data(2, "Type=", fail_str);
+                       FIPS_add_error_data(2, "Type=", fail_str);
                return 0;
                }
        return 1;
@@ -526,14 +558,14 @@ int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
        unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
        unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
        OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
-       if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0)
+       if (FIPS_cipherinit(ctx, cipher, key, iv, 1) <= 0)
                return 0;
-       EVP_Cipher(ctx, citmp, plaintext, len);
+       FIPS_cipher(ctx, citmp, plaintext, len);
        if (memcmp(citmp, ciphertext, len))
                return 0;
-       if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0)
+       if (FIPS_cipherinit(ctx, cipher, key, iv, 0) <= 0)
                return 0;
-       EVP_Cipher(ctx, pltmp, citmp, len);
+       FIPS_cipher(ctx, pltmp, citmp, len);
        if (memcmp(pltmp, plaintext, len))
                return 0;
        return 1;