#define OPENSSL_FIPSAPI
+#include <openssl/fips_rand.h>
+#include <openssl/objects.h>
+
int hex2bin(const char *in, unsigned char *out);
unsigned char *hex2bin_m(const char *in, long *plen);
int do_hex2bn(BIGNUM **pr, const char *in);
int do_bn_print_name(FILE *out, const char *name, const BIGNUM *bn);
int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf);
BIGNUM *hex2bn(const char *in);
-int bin2hex(const unsigned char *in,int len,char *out);
-void pv(const char *tag,const unsigned char *val,int len);
int tidy_line(char *linebuf, char *olinebuf);
int bint2bin(const char *in, int len, unsigned char *out);
int bin2bint(const unsigned char *in,int len,char *out);
void PrintValue(char *tag, unsigned char *val, int len);
void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode);
void fips_algtest_init(void);
+void do_entropy_stick(void);
static int no_err;
fputs("\n", stderr);
}
-static void fips_set_error_print(void)
+/* Dummy Entropy to keep DRBG happy. WARNING: THIS IS TOTALLY BOGUS
+ * HAS ZERO SECURITY AND MUST NOT BE USED IN REAL APPLICATIONS.
+ */
+
+static unsigned char dummy_entropy[1024];
+
+static size_t dummy_cb(DRBG_CTX *ctx, unsigned char **pout,
+ int entropy, size_t min_len, size_t max_len)
{
+ *pout = dummy_entropy;
+ return min_len;
+ }
+
+static int entropy_stick = 0;
+
+static void fips_algtest_init_nofips(void)
+ {
+ DRBG_CTX *ctx;
+ size_t i;
FIPS_set_error_callbacks(put_err_cb, add_err_cb);
+ for (i = 0; i < sizeof(dummy_entropy); i++)
+ dummy_entropy[i] = i & 0xff;
+ if (entropy_stick)
+ memcpy(dummy_entropy + 32, dummy_entropy + 16, 16);
+ ctx = FIPS_get_default_drbg();
+ FIPS_drbg_init(ctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF);
+ FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, 16, dummy_cb, 0);
+ FIPS_drbg_instantiate(ctx, dummy_entropy, 10);
+ FIPS_rand_set_method(FIPS_drbg_method());
+ }
+
+void do_entropy_stick(void)
+ {
+ entropy_stick = 1;
}
void fips_algtest_init(void)
{
- fips_set_error_print();
+ fips_algtest_init_nofips();
if (!FIPS_mode_set(1))
{
fprintf(stderr, "Error entering FIPS mode\n");
/* Remove trailing space from value */
p = value + strlen(value) - 1;
+ if (*p != '\n')
+ fprintf(stderr, "Warning: missing EOL\n");
+
while (*p == '\n' || isspace((unsigned char)*p))
*p-- = 0;
return p;
}
-int bin2hex(const unsigned char *in,int len,char *out)
- {
- int n1, n2;
- unsigned char ch;
-
- for (n1=0,n2=0 ; n1 < len ; ++n1)
- {
- ch=in[n1] >> 4;
- if (ch <= 0x09)
- out[n2++]=ch+'0';
- else
- out[n2++]=ch-10+'a';
- ch=in[n1] & 0x0f;
- if(ch <= 0x09)
- out[n2++]=ch+'0';
- else
- out[n2++]=ch-10+'a';
- }
- out[n2]='\0';
- return n2;
- }
-
-void pv(const char *tag,const unsigned char *val,int len)
- {
- char obuf[2048];
-
- bin2hex(val,len,obuf);
- printf("%s = %s\n",tag,obuf);
- }
-
/* To avoid extensive changes to test program at this stage just convert
* the input line into an acceptable form. Keyword lines converted to form
* "keyword = value\n" no matter what white space present, all other lines
void PrintValue(char *tag, unsigned char *val, int len)
{
-#if VERBOSE
- char obuf[2048];
- int olen;
- olen = bin2hex(val, len, obuf);
- printf("%s = %.*s\n", tag, olen, obuf);
+#ifdef VERBOSE
+ OutputValue(tag, val, len, stdout, 0);
#endif
}
int olen;
if(bitmode)
+ {
olen=bin2bint(val,len,obuf);
+ fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
+ }
else
- olen=bin2hex(val,len,obuf);
+ {
+ int i;
+ fprintf(rfp, "%s = ", tag);
+ for (i = 0; i < len; i++)
+ fprintf(rfp, "%02x", val[i]);
+ fputs("\n", rfp);
+ }
- fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
#if VERBOSE
printf("%s = %.*s\n", tag, olen, obuf);
#endif