X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=fips%2Ffips_utl.h;h=491bc2ace9ab3897982a3c043f4ebd7b699ff2de;hp=91cbea25c57048c19d935db03ff63b3da77952f3;hb=3a98f9cf20c6af604799ee079bec496b296bb5cc;hpb=05e24c87dd1428809d6eaebf754b472a6cb4bb50

diff --git a/fips/fips_utl.h b/fips/fips_utl.h
index 91cbea25c5..491bc2ace9 100644
--- a/fips/fips_utl.h
+++ b/fips/fips_utl.h
@@ -1,5 +1,5 @@
 /* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -47,34 +47,55 @@
  *
  */
 
+#ifndef FIPS_UTL_H
+#define FIPS_UTL_H
+
 #define OPENSSL_FIPSAPI
 
 #include <openssl/fips_rand.h>
 #include <openssl/objects.h>
 
+#ifdef OPENSSL_SYS_WIN32
+#define RESP_EOL	"\n"
+#else
+#define RESP_EOL	"\r\n"
+#endif
+
+#ifndef FIPS_AUTH_OFFICER_PASS
+#define FIPS_AUTH_OFFICER_PASS	"Default FIPS Crypto Officer Password"
+#endif
+
+#ifndef FIPS_AUTH_USER_PASS
+#define FIPS_AUTH_USER_PASS	"Default FIPS Crypto User Password"
+#endif
+
+
 int hex2bin(const char *in, unsigned char *out);
 unsigned char *hex2bin_m(const char *in, long *plen);
 int do_hex2bn(BIGNUM **pr, const char *in);
 int do_bn_print(FILE *out, const BIGNUM *bn);
 int do_bn_print_name(FILE *out, const char *name, const BIGNUM *bn);
 int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf);
+int parse_line2(char **pkw, char **pval, char *linebuf, char *olinebuf, int eol);
 BIGNUM *hex2bn(const char *in);
-int bin2hex(const unsigned char *in,int len,char *out);
-void pv(const char *tag,const unsigned char *val,int len);
 int tidy_line(char *linebuf, char *olinebuf);
+int copy_line(const char *in, FILE *ofp);
 int bint2bin(const char *in, int len, unsigned char *out);
 int bin2bint(const unsigned char *in,int len,char *out);
 void PrintValue(char *tag, unsigned char *val, int len);
 void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode);
 void fips_algtest_init(void);
+void do_entropy_stick(void);
+int fips_strncasecmp(const char *str1, const char *str2, size_t n);
+int fips_strcasecmp(const char *str1, const char *str2);
 
 static int no_err;
 
 static void put_err_cb(int lib, int func,int reason,const char *file,int line)
 	{
-		if (no_err)
-			return;
-		fprintf(stderr, "ERROR:%08lX:lib=%d,func=%d,reason=%d"
+	if (no_err)
+		return;
+	fprintf(stderr, "ERROR:%08lX:lib=%d,func=%d,reason=%d"
 				":file=%s:line=%d\n",
 			ERR_PACK(lib, func, reason),
 			lib, func, reason, file, line);
@@ -109,22 +130,33 @@ static size_t dummy_cb(DRBG_CTX *ctx, unsigned char **pout,
 	return min_len;
 	}
 
+static int entropy_stick = 0;
+
 static void fips_algtest_init_nofips(void)
 	{
 	DRBG_CTX *ctx;
+	size_t i;
 	FIPS_set_error_callbacks(put_err_cb, add_err_cb);
-	OPENSSL_cleanse(dummy_entropy, 1024);
+	for (i = 0; i < sizeof(dummy_entropy); i++)
+		dummy_entropy[i] = i & 0xff;
+	if (entropy_stick)
+		memcpy(dummy_entropy + 32, dummy_entropy + 16, 16);
 	ctx = FIPS_get_default_drbg();
 	FIPS_drbg_init(ctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF);
-	FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, dummy_cb, 0);
+	FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, 16, dummy_cb, 0);
 	FIPS_drbg_instantiate(ctx, dummy_entropy, 10);
 	FIPS_rand_set_method(FIPS_drbg_method());
 	}
 
+void do_entropy_stick(void)
+	{
+	entropy_stick = 1;
+	}
+
 void fips_algtest_init(void)
 	{
 	fips_algtest_init_nofips();
-	if (!FIPS_mode_set(1))
+	if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
 		{
 		fprintf(stderr, "Error entering FIPS mode\n");
 		exit(1);
@@ -244,11 +276,16 @@ int do_bn_print_name(FILE *out, const char *name, const BIGNUM *bn)
 	r = do_bn_print(out, bn);
 	if (!r)
 		return 0;
-	fputs("\n", out);
+	fputs(RESP_EOL, out);
 	return 1;
 	}
 
 int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf)
+	{
+	return parse_line2(pkw, pval, linebuf, olinebuf, 1);
+	}
+
+int parse_line2(char **pkw, char **pval, char *linebuf, char *olinebuf, int eol)
 	{
 	char *keyword, *value, *p, *q;
 	strcpy(linebuf, olinebuf);
@@ -280,6 +317,9 @@ int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf)
 	/* Remove trailing space from value */
 	p = value + strlen(value) - 1;
 
+	if (eol && *p != '\n')
+		fprintf(stderr, "Warning: missing EOL\n");
+
 	while (*p == '\n' || isspace((unsigned char)*p))
 		*p-- = 0;
 
@@ -298,36 +338,6 @@ BIGNUM *hex2bn(const char *in)
     return p;
     }
 
-int bin2hex(const unsigned char *in,int len,char *out)
-    {
-    int n1, n2;
-    unsigned char ch;
-
-    for (n1=0,n2=0 ; n1 < len ; ++n1)
-	{
-	ch=in[n1] >> 4;
-	if (ch <= 0x09)
-	    out[n2++]=ch+'0';
-	else
-	    out[n2++]=ch-10+'a';
-	ch=in[n1] & 0x0f;
-	if(ch <= 0x09)
-	    out[n2++]=ch+'0';
-	else
-	    out[n2++]=ch-10+'a';
-	}
-    out[n2]='\0';
-    return n2;
-    }
-
-void pv(const char *tag,const unsigned char *val,int len)
-    {
-    char obuf[2048];
-
-    bin2hex(val,len,obuf);
-    printf("%s = %s\n",tag,obuf);
-    }
-
 /* To avoid extensive changes to test program at this stage just convert
  * the input line into an acceptable form. Keyword lines converted to form
  * "keyword = value\n" no matter what white space present, all other lines
@@ -382,6 +392,20 @@ int tidy_line(char *linebuf, char *olinebuf)
 
 	return 1;
 	}
+/* Copy supplied line to ofp replacing \n with \r\n */
+int copy_line(const char *in, FILE *ofp)
+	{
+	const char *p;
+	p = strchr(in, '\n');
+	if (p)
+		{
+		fwrite(in, 1, (size_t)(p - in), ofp);
+		fputs(RESP_EOL, ofp);
+		}
+	else
+		fputs(in, ofp);
+	return 1;
+	}
 
 /* NB: this return the number of _bits_ read */
 int bint2bin(const char *in, int len, unsigned char *out)
@@ -408,11 +432,8 @@ int bin2bint(const unsigned char *in,int len,char *out)
 
 void PrintValue(char *tag, unsigned char *val, int len)
 {
-#if VERBOSE
-  char obuf[2048];
-  int olen;
-  olen = bin2hex(val, len, obuf);
-  printf("%s = %.*s\n", tag, olen, obuf);
+#ifdef VERBOSE
+	OutputValue(tag, val, len, stdout, 0);
 #endif
 }
 
@@ -422,13 +443,52 @@ void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
     int olen;
 
     if(bitmode)
+	{
 	olen=bin2bint(val,len,obuf);
+    	fprintf(rfp, "%s = %.*s" RESP_EOL, tag, olen, obuf);
+	}
     else
-	olen=bin2hex(val,len,obuf);
+	{
+	int i;
+    	fprintf(rfp, "%s = ", tag);
+	for (i = 0; i < len; i++)
+		fprintf(rfp, "%02x", val[i]);
+	fputs(RESP_EOL, rfp);
+	}
 
-    fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
 #if VERBOSE
     printf("%s = %.*s\n", tag, olen, obuf);
 #endif
     }
 
+/* Not all platforms support strcasecmp and strncasecmp: implement versions
+ * in here to avoid need to include them in the validated module. Taken
+ * from crypto/o_str.c written by Richard Levitte (richard@levitte.org)
+ */
+
+int fips_strncasecmp(const char *str1, const char *str2, size_t n)
+	{
+	while (*str1 && *str2 && n)
+		{
+		int res = toupper(*str1) - toupper(*str2);
+		if (res) return res < 0 ? -1 : 1;
+		str1++;
+		str2++;
+		n--;
+		}
+	if (n == 0)
+		return 0;
+	if (*str1)
+		return 1;
+	if (*str2)
+		return -1;
+	return 0;
+	}
+
+int fips_strcasecmp(const char *str1, const char *str2)
+	{
+	return fips_strncasecmp(str1, str2, (size_t)-1);
+	}
+
+
+#endif