Remove fipscanister from Configure, delete fips directory
authorDr. Stephen Henson <steve@openssl.org>
Sat, 18 Oct 2014 22:46:00 +0000 (23:46 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 8 Dec 2014 13:18:43 +0000 (13:18 +0000)
Reviewed-by: Tim Hudson <tjh@openssl.org>
87 files changed:
Configure
Makefile.fips [deleted file]
fips/Makefile [deleted file]
fips/aes/Makefile [deleted file]
fips/aes/fips_aes_selftest.c [deleted file]
fips/aes/fips_aesavs.c [deleted file]
fips/aes/fips_gcmtest.c [deleted file]
fips/cmac/Makefile [deleted file]
fips/cmac/fips_cmac_selftest.c [deleted file]
fips/cmac/fips_cmactest.c [deleted file]
fips/des/Makefile [deleted file]
fips/des/fips_des_selftest.c [deleted file]
fips/des/fips_desmovs.c [deleted file]
fips/dh/Makefile [deleted file]
fips/dh/fips_dh_lib.c [deleted file]
fips/dh/fips_dhvs.c [deleted file]
fips/dsa/Makefile [deleted file]
fips/dsa/fips_dsa_lib.c [deleted file]
fips/dsa/fips_dsa_selftest.c [deleted file]
fips/dsa/fips_dsa_sign.c [deleted file]
fips/dsa/fips_dsatest.c [deleted file]
fips/dsa/fips_dssvs.c [deleted file]
fips/ecdh/Makefile [deleted file]
fips/ecdh/fips_ecdh_selftest.c [deleted file]
fips/ecdh/fips_ecdhvs.c [deleted file]
fips/ecdsa/Makefile [deleted file]
fips/ecdsa/fips_ecdsa_lib.c [deleted file]
fips/ecdsa/fips_ecdsa_selftest.c [deleted file]
fips/ecdsa/fips_ecdsa_sign.c [deleted file]
fips/ecdsa/fips_ecdsavs.c [deleted file]
fips/fips.c [deleted file]
fips/fips.h [deleted file]
fips/fips_auth.in [deleted file]
fips/fips_canister.c [deleted file]
fips/fips_locl.h [deleted file]
fips/fips_post.c [deleted file]
fips/fips_premain.c [deleted file]
fips/fips_premain.c.sha1 [deleted file]
fips/fips_test_suite.c [deleted file]
fips/fips_utl.h [deleted file]
fips/fipsalgtest.pl [deleted file]
fips/fipsld [deleted file]
fips/fipssyms.h [deleted file]
fips/hmac/Makefile [deleted file]
fips/hmac/fips_hmac_selftest.c [deleted file]
fips/hmac/fips_hmactest.c [deleted file]
fips/mkfipsscr.pl [deleted file]
fips/rand/Makefile [deleted file]
fips/rand/fips_drbg_ctr.c [deleted file]
fips/rand/fips_drbg_ec.c [deleted file]
fips/rand/fips_drbg_hash.c [deleted file]
fips/rand/fips_drbg_hmac.c [deleted file]
fips/rand/fips_drbg_lib.c [deleted file]
fips/rand/fips_drbg_rand.c [deleted file]
fips/rand/fips_drbg_selftest.c [deleted file]
fips/rand/fips_drbg_selftest.h [deleted file]
fips/rand/fips_drbgvs.c [deleted file]
fips/rand/fips_rand.c [deleted file]
fips/rand/fips_rand.h [deleted file]
fips/rand/fips_rand_lcl.h [deleted file]
fips/rand/fips_rand_lib.c [deleted file]
fips/rand/fips_rand_selftest.c [deleted file]
fips/rand/fips_randtest.c [deleted file]
fips/rand/fips_rngvs.c [deleted file]
fips/rsa/Makefile [deleted file]
fips/rsa/fips_rsa_lib.c [deleted file]
fips/rsa/fips_rsa_selftest.c [deleted file]
fips/rsa/fips_rsa_sign.c [deleted file]
fips/rsa/fips_rsagtest.c [deleted file]
fips/rsa/fips_rsastest.c [deleted file]
fips/rsa/fips_rsavtest.c [deleted file]
fips/sha/Makefile [deleted file]
fips/sha/fips_sha1_selftest.c [deleted file]
fips/sha/fips_shatest.c [deleted file]
fips/sha/fips_standalone_sha1.c [deleted file]
fips/tools/README [deleted file]
fips/tools/api_fns.pm [deleted file]
fips/tools/api_list.pl [deleted file]
fips/tools/declarations.dat [deleted file]
fips/utl/Makefile [deleted file]
fips/utl/fips_enc.c [deleted file]
fips/utl/fips_err.c [deleted file]
fips/utl/fips_lck.c [deleted file]
fips/utl/fips_md.c [deleted file]
fips/utl/fips_mem.c [deleted file]
util/arx.pl [deleted file]
util/fipsas.pl [deleted file]

index 5e9337c..b59f807 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -703,8 +703,6 @@ my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
 my $cross_compile_prefix="";
 my $fipslibdir="/usr/local/ssl/fips-2.0/lib/";
 my $nofipscanistercheck=0;
-my $fipscanisterinternal="n";
-my $fipscanisteronly = 0;
 my $baseaddr="0xFB00000";
 my $no_threads=0;
 my $threads=0;
@@ -761,21 +759,6 @@ my %disabled = ( # "what"         => "comment" [or special keyword "experimental
               );
 my @experimental = ();
 
-# If ssl directory missing assume truncated FIPS tarball
-if (!-d "ssl")
-       {
-       print STDERR "Auto Configuring fipsonly\n";
-       $fips = 1;
-       $nofipscanistercheck = 1;
-       $fipslibdir="";
-       $fipscanisterinternal="y";
-       $fipscanisteronly = 2;
-       if (! -f "crypto/bn/bn_gf2m.c" )
-               {
-               $disabled{ec2m} = "forced";
-               }
-       }
-
 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
 my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
@@ -925,32 +908,6 @@ PROCESS_ARGS:
                        $fips = 1;
                        $nofipscanistercheck = 1;
                        }
-               elsif (/^fipscheck$/)
-                       {
-                       if ($fipscanisteronly != 2)
-                               {
-                               print STDERR <<"EOF";
-ERROR: FIPS not autodetected. Not running from restricted tarball??
-EOF
-                               exit(1);
-                               }
-                       }
-               elsif (/^fipscanisteronly$/)
-                       {
-                       $fips = 1;
-                       $nofipscanistercheck = 1;
-                       $fipslibdir="";
-                       $fipscanisterinternal="y";
-                       $fipscanisteronly = 1;
-                       }
-               elsif (/^fipscanisterbuild$/)
-                       {
-                       $fips = 1;
-                       $nofipscanistercheck = 1;
-                       $fipslibdir="";
-                       $fipscanisterinternal="y";
-                       $fipscanisteronly = 1;
-                       }
                elsif (/^[-+]/)
                        {
                        if (/^--prefix=(.*)$/)
@@ -1574,11 +1531,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($bn_obj =~ /-gf2m/);
 if ($fips)
        {
        $openssl_other_defines.="#define OPENSSL_FIPS\n";
-       if ($fipscanisterinternal eq "y")
-               {
-               $openssl_other_defines.="#define OPENSSL_FIPSCANISTER\n";
-               $cflags = "-DOPENSSL_FIPSCANISTER $cflags";
-               }
        }
 
 $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
@@ -1619,7 +1571,6 @@ if ($aes_obj =~ /\.o$/)
        # aes-xts.o indicates presence of AES_xts_[en|de]crypt...
        $cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//);
        $aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2);
-       $aes_obj =~ s/\s*(vp|bs)aes-\w*\.o//g if ($fipscanisterinternal eq "y");
        $cflags.=" -DVPAES_ASM" if ($aes_obj =~ m/vpaes/);
        $cflags.=" -DBSAES_ASM" if ($aes_obj =~ m/bsaes/);
        }
@@ -1690,35 +1641,12 @@ if ($strict_warnings)
                }
        }
 
-if ($fipscanisterinternal eq "y")
-       {
-       open(IN,"<fips/fips_auth.in") || die "can't open fips_auth.in";
-       open(OUT,">fips/fips_auth.h") || die "can't open fips_auth.h";
-       while(<IN>)
-               {
-               s/FIPS_AUTH_KEY.*$/FIPS_AUTH_KEY $fips_auth_key/ if defined $fips_auth_key;
-               s/FIPS_AUTH_CRYPTO_OFFICER.*$/FIPS_AUTH_CRYPTO_OFFICER $fips_auth_officer/ if defined $fips_auth_officer;
-               s/FIPS_AUTH_CRYPTO_USER.*$/FIPS_AUTH_CRYPTO_USER $fips_auth_user/ if defined $fips_auth_user;
-               print OUT $_;
-               }
-       close IN;
-       close OUT;
-       }
-
-my $mforg = $fipscanisteronly ? "Makefile.fips" : "Makefile.org";
-
-open(IN,"<$mforg") || die "unable to read $mforg:$!\n";
+open(IN,"<Makefile.org") || die "unable to read Makefile.org:$!\n";
 unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
 open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-print OUT "### Generated automatically from $mforg by Configure.\n\n";
+print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
 my $sdirs=0;
 
-if ($fipscanisteronly)
-       {
-       $aes_obj =~ s/aesni-sha1-x86_64.o//;
-       $bn_obj =~ s/modexp512-x86_64.o//;
-       }
-
 while (<IN>)
        {
        chomp;
@@ -1797,7 +1725,6 @@ while (<IN>)
        s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
        s/^SHARED_FIPS=.*/SHARED_FIPS=/;
        s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/;
-       s/^FIPSCANISTERINTERNAL=.*/FIPSCANISTERINTERNAL=$fipscanisterinternal/;
        s/^BASEADDR=.*/BASEADDR=$baseaddr/;
        s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
        s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
@@ -1821,10 +1748,6 @@ while (<IN>)
                s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
                }
        s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
-       if ($fipscanisteronly && exists $disabled{"ec2m"})
-               {
-               next if (/ec2_/ || /bn_gf2m/);
-               }
        print OUT $_."\n";
        }
 close(IN);
@@ -2070,9 +1993,7 @@ EOF
        $make_targets .= " gentests" if $symlink;
        (system $make_command.$make_targets) == 0 or die "make $make_targets failed"
                if $make_targets ne "";
-       if ( $fipscanisteronly )
-               {}
-       elsif ( $perl =~ m@^/@) {
+       if ( $perl =~ m@^/@) {
            &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
            &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
        } else {
@@ -2080,7 +2001,7 @@ EOF
            &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";',  '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
            &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
        }
-       if ($depflags ne $default_depflags && !$make_depend && !$fipscanisteronly) {
+       if ($depflags ne $default_depflags && !$make_depend) {
                print <<EOF;
 
 Since you've disabled or enabled at least one algorithm, you need to do
@@ -2185,21 +2106,6 @@ libraries on this platform, they will at least look at it and try their best
 (but please first make sure you have tried with a current version of OpenSSL).
 EOF
 
-print <<\EOF if ($fipscanisterinternal eq "y");
-
-WARNING: OpenSSL has been configured using unsupported option(s) to internally
-generate a fipscanister.o object module for TESTING PURPOSES ONLY; that
-compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the
-OpenSSL FIPS Object Module as identified by the CMVP
-(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS
-140-2 validated software.
-
-This is a test OpenSSL 2.0 FIPS module.
-
-See the file README.FIPS for details of how to build a test library.
-
-EOF
-
 exit(0);
 
 sub usage
diff --git a/Makefile.fips b/Makefile.fips
deleted file mode 100644 (file)
index b3811df..0000000
+++ /dev/null
@@ -1,638 +0,0 @@
-##
-## Makefile for OpenSSL: fipscanister.o only
-##
-
-VERSION=fips-2.0-test
-MAJOR=
-MINOR=
-SHLIB_VERSION_NUMBER=
-SHLIB_VERSION_HISTORY=
-SHLIB_MAJOR=
-SHLIB_MINOR=
-SHLIB_EXT=
-PLATFORM=dist
-OPTIONS=
-CONFIGURE_ARGS=
-SHLIB_TARGET=
-
-# HERE indicates where this Makefile lives.  This can be used to indicate
-# where sub-Makefiles are expected to be.  Currently has very limited usage,
-# and should probably not be bothered with at all.
-HERE=.
-
-# INSTALL_PREFIX is for package builders so that they can configure
-# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
-# Normally it is left empty.
-INSTALL_PREFIX=
-INSTALLTOP=/usr/local/ssl
-
-# Do not edit this manually. Use Configure --openssldir=DIR do change this!
-OPENSSLDIR=/usr/local/ssl
-
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4  - Define to build without the RC4 algorithm
-# NO_RC2  - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-#           one.  32 bytes will be read from this when the random
-#           number generator is initalised.
-# SSL_FORBID_ENULL - define if you want the server to be not able to use the
-#           NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# REF_PRINT - prints some stuff on structure free.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-#       call application defined callbacks via CRYPTO_set_mem_functions()
-# MD5_ASM needs to be defined to use the x86 assembler for MD5
-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
-# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
-# equal 4.
-# PKCS1_CHECK - pkcs1 tests.
-
-CC= cc
-CFLAG= -O
-DEPFLAG= 
-PEX_LIBS= 
-EX_LIBS= 
-EXE_EXT= 
-ARFLAGS=
-AR=ar $(ARFLAGS) r
-RANLIB= ranlib
-NM= nm
-PERL= perl
-TAR= tar
-TARFLAGS= --no-recursion
-MAKEDEPPROG=makedepend
-LIBDIR=lib
-
-# We let the C compiler driver to take care of .s files. This is done in
-# order to be excused from maintaining a separate set of architecture
-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
-# gcc, then the driver will automatically translate it to -xarch=v8plus
-# and pass it down to assembler.
-#AS=$(CC) -c
-ASFLAG=$(CFLAG)
-
-# For x86 assembler: Set PROCESSOR to 386 if you want to support
-# the 80386.
-PROCESSOR=
-
-# CPUID module collects small commonly used assembler snippets
-CPUID_OBJ= 
-BN_ASM= bn_asm.o
-DES_ENC= des_enc.o fcrypt_b.o
-AES_ENC= aes_core.o aes_cbc.o
-BF_ENC= bf_enc.o
-CAST_ENC= c_enc.o
-RC4_ENC= rc4_enc.o
-RC5_ENC= rc5_enc.o
-MD5_ASM_OBJ= 
-SHA1_ASM_OBJ= 
-RMD160_ASM_OBJ= 
-WP_ASM_OBJ=
-CMLL_ENC=
-MODES_ASM_OBJ=
-PERLASM_SCHEME=
-
-# KRB5 stuff
-KRB5_INCLUDES=
-LIBKRB5=
-
-# Zlib stuff
-ZLIB_INCLUDE=
-LIBZLIB=
-
-# This is the location of fipscanister.o and friends.
-# The FIPS module build will place it $(INSTALLTOP)/lib
-# but since $(INSTALLTOP) can only take the default value
-# when the module is built it will be in /usr/local/ssl/lib
-# $(INSTALLTOP) for this build may be different so hard
-# code the path.
-
-FIPSLIBDIR=/usr/local/ssl/$(LIBDIR)/
-
-# This is set to "y" if fipscanister.o is compiled internally as
-# opposed to coming from an external validated location.
-
-FIPSCANISTERINTERNAL=n
-
-# This is set if we only build fipscanister.o
-
-FIPSCANISTERONLY=y
-
-# The location of the library which contains fipscanister.o
-# normally it will be libcrypto unless fipsdso is set in which
-# case it will be libfips. If not compiling in FIPS mode at all
-# this is empty making it a useful test for a FIPS compile.
-
-FIPSCANLIB=
-
-# Shared library base address. Currently only used on Windows.
-#
-
-BASEADDR=
-
-DIRS=   crypto fips test 
-ENGDIRS= ccgost
-SHLIBDIRS= crypto 
-
-# dirs in crypto to build
-SDIRS=  \
-       sha hmac des aes modes \
-       bn ec rsa dsa ecdsa dh \
-       buffer evp ecdh cmac
-# keep in mind that the above list is adjusted by ./Configure
-# according to no-xxx arguments...
-
-LINKDIRS=  \
-       objects sha hmac des aes modes \
-       bn ec rsa dsa ecdh cmac ecdsa dh engine \
-       buffer bio stack lhash rand err \
-       evp asn1 ui
-
-# tests to perform.  "alltests" is a special word indicating that all tests
-# should be performed.
-TESTS = alltests
-
-MAKEFILE= Makefile
-
-MANDIR=$(OPENSSLDIR)/man
-MAN1=1
-MAN3=3
-MANSUFFIX=
-HTMLSUFFIX=html
-HTMLDIR=$(OPENSSLDIR)/html
-SHELL=/bin/sh
-
-TOP=    .
-ONEDIRS=out tmp
-EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
-WDIRS=  windows
-LIBS=   
-SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=
-SHARED_LDFLAGS=
-
-GENERAL=        Makefile
-BASENAME=       openssl
-NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        openssl-fips-2.0-test.tar
-WTARFILE=       $(NAME)-win.tar
-EXHEADER=       e_os2.h
-HEADER=         e_os.h
-
-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
-
-# as we stick to -e, CLEARENV ensures that local variables in lower
-# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-# shell, which [annoyingly enough] terminates unset with error if VAR
-# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
-# which terminates unset with error if no variable was present:-(
-CLEARENV=      TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}     \
-               $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES}       \
-               $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC}           \
-               $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
-               $${EXHEADER+EXHEADER} $${HEADER+HEADER}         \
-               $${GENERAL+GENERAL} $${CFLAGS+CFLAGS}           \
-               $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS}           \
-               $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS}             \
-               $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS}     \
-               $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
-
-BUILDENV=      PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
-               CC='$(CC)' CFLAG='$(CFLAG)'                     \
-               ASFLAG='$(CFLAG) -c'                    \
-               AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)'        \
-               CROSS_COMPILE='$(CROSS_COMPILE)'        \
-               PERL='$(PERL)' ENGDIRS='$(ENGDIRS)'             \
-               SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)'     \
-               INSTALL_PREFIX='$(INSTALL_PREFIX)'              \
-               INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)'   \
-               LIBDIR='$(LIBDIR)'                              \
-               MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
-               DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)'    \
-               MAKEDEPPROG='$(MAKEDEPPROG)'                    \
-               SHARED_LDFLAGS='$(SHARED_LDFLAGS)'              \
-               KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)'   \
-               ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)'     \
-               EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)'       \
-               SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
-               PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)'     \
-               CPUID_OBJ='$(CPUID_OBJ)'                        \
-               BN_ASM='$(BN_ASM)' DES_ENC='$(DES_ENC)'         \
-               AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)'     \
-               BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)'       \
-               RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)'       \
-               SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)'                  \
-               MD5_ASM_OBJ='$(MD5_ASM_OBJ)'                    \
-               RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)'              \
-               WP_ASM_OBJ='$(WP_ASM_OBJ)'                      \
-               MODES_ASM_OBJ='$(MODES_ASM_OBJ)'                \
-               PERLASM_SCHEME='$(PERLASM_SCHEME)'              \
-               FIPSLIBDIR='${FIPSLIBDIR}'                      \
-               FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"      \
-               FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}'  \
-               FIPSCANISTERONLY='${FIPSCANISTERONLY}'  \
-               FIPS_EX_OBJ='${FIPS_EX_OBJ}'    \
-               THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
-# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
-# which in turn eliminates ambiguities in variable treatment with -e.
-
-# BUILD_CMD is a generic macro to build a given target in a given
-# subdirectory.  The target must be given through the shell variable
-# `target' and the subdirectory to build in must be given through `dir'.
-# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
-# BUILD_ONE_CMD instead.
-#
-# BUILD_ONE_CMD is a macro to build a given target in a given
-# subdirectory if that subdirectory is part of $(DIRS).  It requires
-# exactly the same shell variables as BUILD_CMD.
-#
-# RECURSIVE_BUILD_CMD is a macro to build a given target in all
-# subdirectories defined in $(DIRS).  It requires that the target
-# is given through the shell variable `target'.
-BUILD_CMD=  if [ -d "$$dir" ]; then \
-           (   cd $$dir && echo "making $$target in $$dir..." && \
-               $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
-           ) || exit 1; \
-           fi
-RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
-BUILD_ONE_CMD=\
-       if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
-               $(BUILD_CMD); \
-       fi
-
-reflect:
-       @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-
-FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
-       ../crypto/aes/aes_ecb.o \
-       ../crypto/aes/aes_ofb.o \
-       ../crypto/bn/bn_add.o \
-       ../crypto/bn/bn_blind.o \
-       ../crypto/bn/bn_ctx.o \
-       ../crypto/bn/bn_div.o \
-       ../crypto/bn/bn_exp2.o \
-       ../crypto/bn/bn_exp.o \
-       ../crypto/bn/bn_gcd.o \
-       ../crypto/bn/bn_gf2m.o \
-       ../crypto/bn/bn_lib.o \
-       ../crypto/bn/bn_mod.o \
-       ../crypto/bn/bn_mont.o \
-       ../crypto/bn/bn_mul.o \
-       ../crypto/bn/bn_nist.o \
-       ../crypto/bn/bn_prime.o \
-       ../crypto/bn/bn_rand.o \
-       ../crypto/bn/bn_recp.o \
-       ../crypto/bn/bn_shift.o \
-       ../crypto/bn/bn_sqr.o \
-       ../crypto/bn/bn_word.o \
-       ../crypto/bn/bn_x931p.o \
-       ../crypto/buffer/buf_str.o \
-       ../crypto/cmac/cmac.o \
-       ../crypto/cryptlib.o \
-       ../crypto/des/cfb64ede.o \
-       ../crypto/des/cfb64enc.o \
-       ../crypto/des/cfb_enc.o \
-       ../crypto/des/ecb3_enc.o \
-       ../crypto/des/ofb64ede.o \
-       ../crypto/des/fcrypt.o \
-       ../crypto/des/set_key.o \
-       ../crypto/dh/dh_check.o \
-       ../crypto/dh/dh_gen.o \
-       ../crypto/dh/dh_key.o \
-       ../crypto/dsa/dsa_gen.o \
-       ../crypto/dsa/dsa_key.o \
-       ../crypto/dsa/dsa_ossl.o \
-       ../crypto/ec/ec_curve.o \
-       ../crypto/ec/ec_cvt.o \
-       ../crypto/ec/ec_key.o \
-       ../crypto/ec/ec_lib.o \
-       ../crypto/ec/ecp_mont.o \
-       ../crypto/ec/ec_mult.o \
-       ../crypto/ec/ecp_nist.o \
-       ../crypto/ec/ecp_smpl.o \
-       ../crypto/ec/ec2_mult.o \
-       ../crypto/ec/ec2_smpl.o \
-       ../crypto/ecdh/ech_key.o \
-       ../crypto/ecdh/ech_ossl.o \
-       ../crypto/ecdsa/ecs_ossl.o \
-       ../crypto/evp/e_aes.o \
-       ../crypto/evp/e_des3.o \
-       ../crypto/evp/e_null.o \
-       ../crypto/evp/m_sha1.o \
-       ../crypto/evp/m_dss1.o \
-       ../crypto/evp/m_dss.o \
-       ../crypto/evp/m_ecdsa.o \
-       ../crypto/hmac/hmac.o \
-       ../crypto/modes/cbc128.o \
-       ../crypto/modes/ccm128.o \
-       ../crypto/modes/cfb128.o \
-       ../crypto/modes/ctr128.o \
-       ../crypto/modes/gcm128.o \
-       ../crypto/modes/ofb128.o \
-       ../crypto/modes/xts128.o \
-       ../crypto/rsa/rsa_eay.o \
-       ../crypto/rsa/rsa_gen.o \
-       ../crypto/rsa/rsa_crpt.o \
-       ../crypto/rsa/rsa_none.o \
-       ../crypto/rsa/rsa_oaep.o \
-       ../crypto/rsa/rsa_pk1.o \
-       ../crypto/rsa/rsa_pss.o \
-       ../crypto/rsa/rsa_ssl.o \
-       ../crypto/rsa/rsa_x931.o \
-       ../crypto/rsa/rsa_x931g.o \
-       ../crypto/sha/sha1dgst.o \
-       ../crypto/sha/sha256.o \
-       ../crypto/sha/sha512.o \
-       ../crypto/thr_id.o \
-       ../crypto/uid.o
-
-sub_all: build_all
-build_all: build_libs
-
-build_libs: build_crypto build_fips
-
-build_fips:
-       @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
-
-build_crypto:
-       if [ -n "$(FIPSCANLIB)" ]; then \
-               EXCL_OBJ='$(AES_ENC) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(MODES_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
-               ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
-       else \
-               ARX='${AR}' ; \
-       fi ; export ARX ; \
-       if [ $(FIPSCANISTERINTERNAL) = "y" ]; then \
-               AS='$(PERL) $${TOP}/util/fipsas.pl $${TOP} $${<} $(CC)' ; \
-       else \
-               AS='$(CC) -c' ; \
-       fi ; export AS ; \
-               dir=crypto; target=fips; $(BUILD_ONE_CMD)
-build_ssl:
-       @dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines:
-       @dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps:
-       @dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests:
-       @dir=test; target=fipsexe; $(BUILD_ONE_CMD)
-build_algvs:
-       @dir=test; target=fipsalgvs; $(BUILD_ONE_CMD)
-build_tools:
-       @dir=tools; target=all; $(BUILD_ONE_CMD)
-
-all_testapps: build_libs build_testapps
-build_testapps:
-       @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-
-libcrypto$(SHLIB_EXT): libcrypto.a build_fips
-       @if [ "$(SHLIB_TARGET)" != "" ]; then \
-               if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
-                       FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
-                       export CC FIPSLD_CC; \
-               fi; \
-               $(MAKE) SHLIBDIRS=crypto build-shared; \
-       else \
-               echo "There's no support for shared libraries on this platform" >&2; \
-               exit 1; \
-       fi
-
-libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
-       @if [ "$(SHLIB_TARGET)" != "" ]; then \
-               $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
-       else \
-               echo "There's no support for shared libraries on this platform" >&2; \
-               exit 1; \
-       fi
-
-clean-shared:
-       @set -e; for i in $(SHLIBDIRS); do \
-               if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
-                       tmp="$(SHARED_LIBS_LINK_EXTS)"; \
-                       for j in $${tmp:-x}; do \
-                               ( set -x; rm -f lib$$i$$j ); \
-                       done; \
-               fi; \
-               ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
-               if [ "$(PLATFORM)" = "Cygwin" ]; then \
-                       ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
-               fi; \
-       done
-
-link-shared:
-       @ set -e; for i in $(SHLIBDIRS); do \
-               $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
-                       LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-                       LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
-                       symlink.$(SHLIB_TARGET); \
-               libs="$$libs -l$$i"; \
-       done
-
-build-shared: do_$(SHLIB_TARGET) link-shared
-
-do_$(SHLIB_TARGET):
-       @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
-               if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-                       libs="$(LIBKRB5) $$libs"; \
-               fi; \
-               $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
-                       LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-                       LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
-                       LIBDEPS="$$libs $(EX_LIBS)" \
-                       link_a.$(SHLIB_TARGET); \
-               libs="-l$$i $$libs"; \
-       done
-
-libcrypto.pc: Makefile
-       @ ( echo 'prefix=$(INSTALLTOP)'; \
-           echo 'exec_prefix=$${prefix}'; \
-           echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-           echo 'includedir=$${prefix}/include'; \
-           echo ''; \
-           echo 'Name: OpenSSL-libcrypto'; \
-           echo 'Description: OpenSSL cryptography library'; \
-           echo 'Version: '$(VERSION); \
-           echo 'Requires: '; \
-           echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
-           echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
-
-libssl.pc: Makefile
-       @ ( echo 'prefix=$(INSTALLTOP)'; \
-           echo 'exec_prefix=$${prefix}'; \
-           echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-           echo 'includedir=$${prefix}/include'; \
-           echo ''; \
-           echo 'Name: OpenSSL'; \
-           echo 'Description: Secure Sockets Layer and cryptography libraries'; \
-           echo 'Version: '$(VERSION); \
-           echo 'Requires: '; \
-           echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
-           echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
-
-openssl.pc: Makefile
-       @ ( echo 'prefix=$(INSTALLTOP)'; \
-           echo 'exec_prefix=$${prefix}'; \
-           echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-           echo 'includedir=$${prefix}/include'; \
-           echo ''; \
-           echo 'Name: OpenSSL'; \
-           echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
-           echo 'Version: '$(VERSION); \
-           echo 'Requires: '; \
-           echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
-           echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
-
-Makefile: Makefile.fips Configure config
-       @echo "Makefile is older than Makefile.org, Configure or config."
-       @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
-       @false
-
-libclean:
-       rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
-
-clean: libclean
-       rm -f shlib/*.o *.o core a.out fluff testlog make.log cctest cctest.c
-       @set -e; target=clean; $(RECURSIVE_BUILD_CMD)
-       rm -f $(LIBS)
-       rm -f openssl.pc libssl.pc libcrypto.pc
-       rm -f speed.* .pure
-       rm -f $(TARFILE)
-       @set -e; for i in $(ONEDIRS) ;\
-       do \
-       rm -fr $$i/*; \
-       done
-
-makefile.one: files
-       $(PERL) util/mk1mf.pl >makefile.one; \
-       sh util/do_ms.sh
-
-files:
-       $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
-       @set -e; target=files; $(RECURSIVE_BUILD_CMD)
-
-links:
-       @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
-       @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
-       @set -e; dir=fips target=links; $(RECURSIVE_BUILD_CMD)
-       @(cd crypto ; SDIRS='$(LINKDIRS)' $(MAKE) -e links)
-
-gentests:
-       @(cd test && echo "generating dummy tests (if needed)..." && \
-       $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
-
-dclean:
-       rm -rf *.bak include/openssl certs/.0
-       @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
-
-test:   tests
-
-tests:
-       @echo "Not implemented in FIPS build" ; false
-
-report:
-       @$(PERL) util/selftest.pl
-
-depend:
-       @echo make depend not supported ; false
-
-lint:
-       @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-
-tags:
-       rm -f TAGS
-       find . -name '[^.]*.[ch]' | xargs etags -a
-
-errors:
-       $(PERL) util/mkerr.pl -recurse -write
-       (cd engines; $(MAKE) PERL=$(PERL) errors)
-       $(PERL) util/ck_errf.pl -strict */*.c */*/*.c
-
-stacks:
-       $(PERL) util/mkstack.pl -write
-
-util/libeay.num::
-       $(PERL) util/mkdef.pl crypto update
-
-util/ssleay.num::
-       $(PERL) util/mkdef.pl ssl update
-
-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
-       $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
-       $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
-crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
-       $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
-
-apps/openssl-vms.cnf: apps/openssl.cnf
-       $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
-
-crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
-       $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
-
-
-TABLE: Configure
-       (echo 'Output of `Configure TABLE'"':"; \
-       $(PERL) Configure TABLE) > TABLE
-
-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
-
-# Build distribution tar-file. As the list of files returned by "find" is
-# pretty long, on several platforms a "too many arguments" error or similar
-# would occur. Therefore the list of files is temporarily stored into a file
-# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
-# tar does not support the --files-from option.
-tar:
-       find . -type d -print | xargs chmod 755
-       find . -type f -print | xargs chmod a+r
-       find . -type f -perm -0100 -print | xargs chmod a+x
-       find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | $(BUILDENV) LINKDIRS='$(LINKDIRS)' $(PERL) util/fipsdist.pl | sort > ../$(TARFILE).list; \
-       $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
-       tardy --user_number=0  --user_name=openssl \
-             --group_number=0 --group_name=openssl \
-             --prefix=openssl-$(VERSION) - |\
-       gzip --best >../$(TARFILE).gz; \
-       rm -f ../$(TARFILE).list; \
-       ls -l ../$(TARFILE).gz
-
-tar-snap:
-       @$(TAR) $(TARFLAGS) -cvf - \
-               `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
-       tardy --user_number=0  --user_name=openssl \
-             --group_number=0 --group_name=openssl \
-             --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
-       ls -l ../$(TARFILE)
-
-dist:   
-       $(PERL) Configure dist fipscanisteronly
-       @$(MAKE) dist_pem_h
-       @$(MAKE) SDIRS='$(SDIRS)' clean
-       @$(MAKE) -f Makefile.fips TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
-
-dist_pem_h:
-       (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-
-install: all install_sw
-
-install_sw:
-       @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-               $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
-               $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl
-       @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
-       do \
-       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done;
-       @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/fips/Makefile b/fips/Makefile
deleted file mode 100644 (file)
index fb50838..0000000
+++ /dev/null
@@ -1,247 +0,0 @@
-#
-# OpenSSL/crypto/Makefile
-#
-
-DIR=           fips
-TOP=           ..
-CC=            cc
-INCLUDE=       -I. -I$(TOP) -I../include
-# INCLUDES targets sudbirs!
-INCLUDES=      -I.. -I../.. -I../../include
-CFLAG=         -g
-MAKEDEPPROG=   makedepend
-MAKEDEPEND=    $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=       Makefile
-RM=             rm -f
-AR=            ar r
-ARD=           ar d
-TEST=          fips_test_suite.c
-FIPS_TVDIR=    testvectors
-FIPS_TVOK=     $$HOME/fips/tv.ok
-
-FIPSCANLOC=    $(FIPSLIBDIR)fipscanister.o
-
-RECURSIVE_MAKE=        [ -n "$(FDIRS)" ] && for i in $(FDIRS) ; do \
-                   (cd $$i && echo "making $$target in $(DIR)/$$i..." && \
-                   $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \
-               done;
-
-PEX_LIBS=
-EX_LIBS=
-CFLAGS= $(INCLUDE) $(CFLAG) -DHMAC_EXT=\"$${HMAC_EXT:-sha1}\"
-ASFLAGS= $(INCLUDE) $(ASFLAG)
-AFLAGS=$(ASFLAGS)
-
-LIBS=
-
-FDIRS=sha rand des aes dsa ecdh ecdsa rsa dh cmac hmac utl
-
-GENERAL=Makefile README fips-lib.com install.com
-
-LIB= $(TOP)/libcrypto.a
-SHARED_LIB= $(FIPSCANLIB)$(SHLIB_EXT)
-LIBSRC=fips.c fips_post.c
-LIBOBJ=fips.o fips_post.o
-
-FIPS_OBJ_LISTS=sha/lib hmac/lib rand/lib des/lib aes/lib dsa/lib rsa/lib \
-               dh/lib utl/lib ecdsa/lib ecdh/lib cmac/lib
-
-SRC= $(LIBSRC)
-
-EXHEADER=fips.h fipssyms.h
-HEADER=$(EXHEADER) fips_utl.h fips_locl.h fips_auth.h
-EXE=fipsld fips_standalone_sha1
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-       @(cd ..; $(MAKE) DIRS=$(DIR) all)
-
-testapps:
-       @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
-all:
-       @if [ -n "$(FIPSCANISTERONLY)" ]; then \
-               $(MAKE) -e subdirs lib ; \
-       elif [ -z "$(FIPSLIBDIR)" ]; then \
-               $(MAKE) -e subdirs lib fips_premain_dso$(EXE_EXT); \
-       else  \
-               $(MAKE) -e lib fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT); \
-       fi
-
-# Idea behind fipscanister.o is to "seize" the sequestered code between
-# known symbols for fingerprinting purposes, which would be commonly
-# done with ld -r start.o ... end.o. The latter however presents a minor
-# challenge on multi-ABI platforms. As just implied, we'd rather use ld,
-# but the trouble is that we don't generally know how ABI-selection
-# compiler flag is translated to corresponding linker flag. All compiler
-# drivers seem to recognize -r flag and pass it down to linker, but some
-# of them, including gcc, erroneously add -lc, as well as run-time
-# components, such as crt1.o and alike. Fortunately among those vendor
-# compilers which were observed to misinterpret -r flag multi-ABI ones
-# are equipped with smart linkers, which don't require any ABI-selection
-# flag and simply assume that all objects are of the same type as first
-# one in command line. So the idea is to identify gcc and deficient
-# vendor compiler drivers...
-
-fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o
-       FIPS_ASM=""; \
-       list="$(BN_ASM)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/bn/$$i" ; done; \
-       list="$(AES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/aes/$$i" ; done; \
-       list="$(DES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/des/$$i" ; done; \
-       list="$(SHA1_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/sha/$$i" ; done; \
-       list="$(MODES_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/modes/$$i" ; done; \
-       CPUID=""; \
-       list="$(CPUID_OBJ)"; for i in $$list; do CPUID="$$CPUID ../crypto/$$i" ; done; \
-       objs="fips_start.o $(LIBOBJ) $(FIPS_EX_OBJ) $$CPUID $$FIPS_ASM"; \
-       for i in $(FIPS_OBJ_LISTS); do \
-               dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \
-               objs="$$objs `sed "$$script" $$i`"; \
-       done; \
-       objs="$$objs fips_end.o" ; \
-       os="`(uname -s) 2>/dev/null`"; cflags="$(CFLAGS)"; \
-       case "$$os" in \
-               AIX)    cflags="$$cflags -Wl,-bnoobjreorder" ;; \
-               HP-UX)  cflags="$$cflags -Wl,+sectionmerge"  ;; \
-       esac; \
-       if [ -n "${FIPS_SITE_LD}" ]; then \
-               set -x; ${FIPS_SITE_LD} -r -o $@ $$objs; \
-       elif $(CC) -dumpversion >/dev/null 2>&1; then \
-               set -x; $(CC) $$cflags -r -nostdlib -o $@ $$objs ; \
-       else case "$$os" in \
-               OSF1|SunOS) set -x; /usr/ccs/bin/ld -r -o $@ $$objs ;; \
-               *) set -x; $(CC) $$cflags -r -o $@ $$objs ;; \
-       esac fi
-       ./fips_standalone_sha1$(EXE_EXT) fipscanister.o > fipscanister.o.sha1
-
-# If another exception is immediately required, assign approprite
-# site-specific ld command to FIPS_SITE_LD environment variable.
-
-fips_start.o: fips_canister.c
-       $(CC) $(CFLAGS) -DFIPS_START -c -o $@ fips_canister.c
-fips_end.o: fips_canister.c
-       $(CC) $(CFLAGS) -DFIPS_END -c -o $@ fips_canister.c
-fips_premain_dso$(EXE_EXT): fips_premain.c
-       $(CC) $(CFLAGS) -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ fips_premain.c \
-               $(FIPSLIBDIR)fipscanister.o ../libcrypto.a $(EX_LIBS)
-# this is executed only when linking with external fipscanister.o
-fips_standalone_sha1$(EXE_EXT):        sha/fips_standalone_sha1.c
-       if [ -z "$(HOSTCC)" ] ; then \
-               $(CC) $(CFLAGS) -DFIPSCANISTER_O -o $@ sha/fips_standalone_sha1.c $(FIPSLIBDIR)fipscanister.o $(EX_LIBS) ; \
-       else \
-               $(HOSTCC) $(HOSTCFLAGS) -o $ $@ -I../include -I../crypto sha/fips_standalone_sha1.c ../crypto/sha/sha1dgst.c ; \
-       fi
-
-subdirs:
-       @target=all; $(RECURSIVE_MAKE)
-
-files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-       @target=files; $(RECURSIVE_MAKE)
-
-links:
-       @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-       @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
-       @target=links; $(RECURSIVE_MAKE)
-
-# lib: and $(LIB): are splitted to avoid end-less loop
-lib:   $(LIB)
-       if [ "$(FIPSCANISTERINTERNAL)" = "n" -a -n "$(FIPSCANLOC)" ]; then $(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC); fi
-       @touch lib
-
-$(LIB):        $(FIPSLIBDIR)fipscanister.o
-       $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
-       $(RANLIB) $(LIB) || echo Never mind.
-
-$(FIPSCANLIB): $(FIPSCANLOC)
-       $(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC)
-       if [ "$(FIPSCANLIB)" = "libfips" ]; then \
-               $(AR) $(LIB) $(FIPSCANLOC) ; \
-               $(RANLIB) $(LIB) || echo Never Mind. ; \
-       fi
-       $(RANLIB) ../$(FIPSCANLIB).a || echo Never mind.
-       @touch lib
-
-shared:        lib subdirs fips_premain_dso$(EXE_EXT)
-
-libs:
-       @target=lib; $(RECURSIVE_MAKE)
-
-fips_test: top
-       @target=fips_test; $(RECURSIVE_MAKE)
-
-fips_test_diff:
-       @if diff -b -B -I '^\#' -cr -X fips-nodiff.txt $(FIPS_TVDIR) $(FIPS_TVOK) ; then \
-               echo "FIPS diff OK" ; \
-       else \
-               echo "***FIPS DIFF ERROR***" ; exit 1 ; \
-       fi
-
-
-install:
-       @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-       @headerlist="$(EXHEADER)"; for i in $$headerlist ;\
-       do \
-       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done;
-       @target=install; $(RECURSIVE_MAKE)
-       for i in $(EXE) ; \
-       do \
-               echo "installing $$i"; \
-               cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-               chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-               mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
-       done
-       cp -p -f $(FIPSLIBDIR)fipscanister.o $(FIPSLIBDIR)fipscanister.o.sha1 \
-               $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fips_premain.c.sha1 \
-               $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/; \
-       chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/fips*
-
-lint:
-       @target=lint; $(RECURSIVE_MAKE)
-
-depend:
-       @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
-       @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
-       @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
-clean:
-       rm -f fipscanister.o.sha1 fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT) \
-               *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-       @target=clean; $(RECURSIVE_MAKE)
-
-dclean:
-       $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-       mv -f Makefile.new $(MAKEFILE)
-       @target=dclean; $(RECURSIVE_MAKE)
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips.o: ../include/openssl/aes.h ../include/openssl/asn1.h
-fips.o: ../include/openssl/bio.h ../include/openssl/crypto.h
-fips.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-fips.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
-fips.o: ../include/openssl/err.h ../include/openssl/evp.h
-fips.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
-fips.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-fips.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
-fips.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h fips.c
-fips.o: fips_locl.h
-fips_post.o: ../include/openssl/aes.h ../include/openssl/asn1.h
-fips_post.o: ../include/openssl/bio.h ../include/openssl/crypto.h
-fips_post.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-fips_post.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
-fips_post.o: ../include/openssl/err.h ../include/openssl/evp.h
-fips_post.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
-fips_post.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-fips_post.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips_post.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_post.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
-fips_post.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-fips_post.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-fips_post.o: fips_locl.h fips_post.c
diff --git a/fips/aes/Makefile b/fips/aes/Makefile
deleted file mode 100644 (file)
index b9702c5..0000000
+++ /dev/null
@@ -1,126 +0,0 @@
-#
-# OpenSSL/fips/aes/Makefile
-#
-
-DIR=   aes
-TOP=   ../..
-CC=    cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR=     /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG=   makedepend
-MAKEDEPEND=    $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=      Makefile
-AR=            ar r
-
-ASFLAGS= $(INCLUDES) $(ASFLAG)
-AFLAGS= $(ASFLAGS)
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=fips_aesavs.c fips_gcmtest.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_aes_selftest.c
-LIBOBJ=fips_aes_selftest.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER=
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-       (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all:   lib
-
-lib:   $(LIBOBJ)
-       @echo $(LIBOBJ) > lib
-
-files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
-       @headerlist="$(EXHEADER)"; for i in $$headerlist; \
-       do  \
-         (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-         chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done
-
-tags:
-       ctags $(SRC)
-
-tests:
-
-fips_test:
-       -find ../testvectors/aes/req -name '*.req' > testlist
-       -rm -rf ../testvectors/aes/rsp
-       mkdir ../testvectors/aes/rsp
-       if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_aesavs -d testlist; fi
-
-lint:
-       lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-       $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) \
-               $(SRC) $(TEST)
-
-dclean:
-       $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-       mv -f Makefile.new $(MAKEFILE)
-
-clean:
-       rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff testlist
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_aes_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_aes_selftest.o: ../../include/openssl/crypto.h
-fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_aes_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_aes_selftest.o: ../../include/openssl/lhash.h
-fips_aes_selftest.o: ../../include/openssl/obj_mac.h
-fips_aes_selftest.o: ../../include/openssl/objects.h
-fips_aes_selftest.o: ../../include/openssl/opensslconf.h
-fips_aes_selftest.o: ../../include/openssl/opensslv.h
-fips_aes_selftest.o: ../../include/openssl/ossl_typ.h
-fips_aes_selftest.o: ../../include/openssl/safestack.h
-fips_aes_selftest.o: ../../include/openssl/stack.h
-fips_aes_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
-fips_aes_selftest.o: fips_aes_selftest.c
-fips_aesavs.o: ../../e_os.h ../../include/openssl/aes.h
-fips_aesavs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_aesavs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_aesavs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_aesavs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_aesavs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_aesavs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_aesavs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_aesavs.o: ../../include/openssl/opensslconf.h
-fips_aesavs.o: ../../include/openssl/opensslv.h
-fips_aesavs.o: ../../include/openssl/ossl_typ.h
-fips_aesavs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_aesavs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_aesavs.c
-fips_gcmtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_gcmtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_gcmtest.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-fips_gcmtest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_gcmtest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_gcmtest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_gcmtest.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_gcmtest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_gcmtest.o: ../../include/openssl/opensslconf.h
-fips_gcmtest.o: ../../include/openssl/opensslv.h
-fips_gcmtest.o: ../../include/openssl/ossl_typ.h
-fips_gcmtest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_gcmtest.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_gcmtest.c
diff --git a/fips/aes/fips_aes_selftest.c b/fips/aes/fips_aes_selftest.c
deleted file mode 100644 (file)
index c31a266..0000000
+++ /dev/null
@@ -1,387 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/evp.h>
-#include "fips_locl.h"
-
-#ifdef OPENSSL_FIPS
-__fips_constseg
-static const struct
-    {
-    const unsigned char key[16];
-    const unsigned char plaintext[16];
-    const unsigned char ciphertext[16];
-    } tests[]=
-       {
-       {
-       { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
-         0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
-       { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
-         0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF },
-       { 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30,
-         0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A },
-       },
-       };
-
-int FIPS_selftest_aes()
-    {
-    int n;
-    int ret = 0;
-    EVP_CIPHER_CTX ctx;
-    FIPS_cipher_ctx_init(&ctx);
-
-    for(n=0 ; n < 1 ; ++n)
-       {
-       if (fips_cipher_test(FIPS_TEST_CIPHER, &ctx, EVP_aes_128_ecb(),
-                               tests[n].key, NULL,
-                               tests[n].plaintext,
-                               tests[n].ciphertext,
-                               16) <= 0)
-               goto err;
-       }
-    ret = 1;
-    err:
-    FIPS_cipher_ctx_cleanup(&ctx);
-    if (ret == 0)
-           FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
-    return ret;
-    }
-
-/* AES-CCM test data from NIST public test vectors */
-
-__fips_constseg
-static const unsigned char ccm_key[] = {
-       0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6,
-       0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe8
-};
-__fips_constseg
-static const unsigned char ccm_nonce[] = {
-       0x76,0x40,0x43,0xc4,0x94,0x60,0xb7
-};
-__fips_constseg
-static const unsigned char ccm_adata[] = {
-       0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7,
-       0x5f,0x10,0xbd,0xe7,0x8c,0x23,0xfa,0x0e,0xb8,0xf9,0xaa,0xa5,
-       0x3a,0xde,0xfb,0xf4,0xcb,0xf7,0x8f,0xe4
-};
-__fips_constseg
-static const unsigned char ccm_pt[] = {
-       0xc8,0xd2,0x75,0xf9,0x19,0xe1,0x7d,0x7f,0xe6,0x9c,0x2a,0x1f,
-       0x58,0x93,0x9d,0xfe,0x4d,0x40,0x37,0x91,0xb5,0xdf,0x13,0x10
-};
-__fips_constseg
-static const unsigned char ccm_ct[] = {
-       0x8a,0x0f,0x3d,0x82,0x29,0xe4,0x8e,0x74,0x87,0xfd,0x95,0xa2,
-       0x8a,0xd3,0x92,0xc8,0x0b,0x36,0x81,0xd4,0xfb,0xc7,0xbb,0xfd
-};
-__fips_constseg
-static const unsigned char ccm_tag[] = {
-       0x2d,0xd6,0xef,0x1c,0x45,0xd4,0xcc,0xb7,0x23,0xdc,0x07,0x44,
-       0x14,0xdb,0x50,0x6d
-};
-
-int FIPS_selftest_aes_ccm(void)
-       {
-       int ret = 0, do_corrupt = 0;
-       unsigned char out[128], tag[16];
-       EVP_CIPHER_CTX ctx;
-       FIPS_cipher_ctx_init(&ctx);
-       memset(out, 0, sizeof(out));
-       if (!fips_post_started(FIPS_TEST_CCM, 0, 0))
-               return 1;
-       if (!fips_post_corrupt(FIPS_TEST_CCM, 0, NULL))
-               do_corrupt = 1;
-       if (!FIPS_cipherinit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 1))
-               goto err;
-       if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
-                                       sizeof(ccm_nonce), NULL))
-               goto err;
-       if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
-                                       sizeof(ccm_tag), NULL))
-               goto err;
-       if (!FIPS_cipherinit(&ctx, NULL, ccm_key, ccm_nonce, 1))
-               goto err;
-       if (FIPS_cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt))
-               goto err;
-       if (FIPS_cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
-               goto err;
-       if (FIPS_cipher(&ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct))
-               goto err;
-
-       if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, 16, tag))
-               goto err;
-       if (memcmp(tag, ccm_tag, sizeof(ccm_tag))
-               || memcmp(out, ccm_ct, sizeof(ccm_ct)))
-               goto err;
-
-       memset(out, 0, sizeof(out));
-
-       /* Modify expected tag value */
-       if (do_corrupt)
-               tag[0]++;
-
-       if (!FIPS_cipherinit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 0))
-               goto err;
-       if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
-                                       sizeof(ccm_nonce), NULL))
-               goto err;
-       if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag))
-               goto err;
-       if (!FIPS_cipherinit(&ctx, NULL, ccm_key, ccm_nonce, 0))
-               goto err;
-       if (FIPS_cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct))
-               goto err;
-       if (FIPS_cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
-               goto err;
-       if (FIPS_cipher(&ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt))
-               goto err;
-
-       if (memcmp(out, ccm_pt, sizeof(ccm_pt)))
-               goto err;
-
-       ret = 1;
-
-       err:
-       FIPS_cipher_ctx_cleanup(&ctx);
-
-       if (ret == 0)
-               {
-               fips_post_failed(FIPS_TEST_CCM, 0, NULL);
-               FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM,FIPS_R_SELFTEST_FAILED);
-               return 0;
-               }
-       else
-               return fips_post_success(FIPS_TEST_CCM, 0, NULL);
-
-       }
-
-/* AES-GCM test data from NIST public test vectors */
-
-__fips_constseg
-static const unsigned char gcm_key[] = {
-       0xee,0xbc,0x1f,0x57,0x48,0x7f,0x51,0x92,0x1c,0x04,0x65,0x66,
-       0x5f,0x8a,0xe6,0xd1,0x65,0x8b,0xb2,0x6d,0xe6,0xf8,0xa0,0x69,
-       0xa3,0x52,0x02,0x93,0xa5,0x72,0x07,0x8f
-};
-__fips_constseg
-static const unsigned char gcm_iv[] = {
-       0x99,0xaa,0x3e,0x68,0xed,0x81,0x73,0xa0,0xee,0xd0,0x66,0x84
-};
-__fips_constseg
-static const unsigned char gcm_pt[] = {
-       0xf5,0x6e,0x87,0x05,0x5b,0xc3,0x2d,0x0e,0xeb,0x31,0xb2,0xea,
-       0xcc,0x2b,0xf2,0xa5
-};
-__fips_constseg
-static const unsigned char gcm_aad[] = {
-       0x4d,0x23,0xc3,0xce,0xc3,0x34,0xb4,0x9b,0xdb,0x37,0x0c,0x43,
-       0x7f,0xec,0x78,0xde
-};
-__fips_constseg
-static const unsigned char gcm_ct[] = {
-       0xf7,0x26,0x44,0x13,0xa8,0x4c,0x0e,0x7c,0xd5,0x36,0x86,0x7e,
-       0xb9,0xf2,0x17,0x36
-};
-__fips_constseg
-static const unsigned char gcm_tag[] = {
-       0x67,0xba,0x05,0x10,0x26,0x2a,0xe4,0x87,0xd7,0x37,0xee,0x62,
-       0x98,0xf7,0x7e,0x0c
-};
-
-int FIPS_selftest_aes_gcm(void)
-       {
-       int ret = 0, do_corrupt = 0;
-       unsigned char out[128], tag[16];
-       EVP_CIPHER_CTX ctx;
-       FIPS_cipher_ctx_init(&ctx);
-       memset(out, 0, sizeof(out));
-       memset(tag, 0, sizeof(tag));
-       if (!fips_post_started(FIPS_TEST_GCM, 0, 0))
-               return 1;
-       if (!fips_post_corrupt(FIPS_TEST_GCM, 0, NULL))
-               do_corrupt = 1;
-       if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
-               goto err;
-       if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
-                                       sizeof(gcm_iv), NULL))
-               goto err;
-       if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 1))
-               goto err;
-       if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
-               goto err;
-       if (FIPS_cipher(&ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct))
-               goto err;
-       if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
-               goto err;
-
-       if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
-               goto err;
-
-       if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
-               goto err;
-
-       memset(out, 0, sizeof(out));
-
-       /* Modify expected tag value */
-       if (do_corrupt)
-               tag[0]++;
-
-       if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0))
-               goto err;
-       if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
-                                       sizeof(gcm_iv), NULL))
-               goto err;
-       if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
-               goto err;
-       if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 0))
-               goto err;
-       if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
-               goto err;
-       if (FIPS_cipher(&ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt))
-               goto err;
-       if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
-               goto err;
-
-       if (memcmp(out, gcm_pt, 16))
-               goto err;
-
-       ret = 1;
-
-       err:
-       FIPS_cipher_ctx_cleanup(&ctx);
-
-       if (ret == 0)
-               {
-               fips_post_failed(FIPS_TEST_GCM, 0, NULL);
-               FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED);
-               return 0;
-               }
-       else
-               return fips_post_success(FIPS_TEST_GCM, 0, NULL);
-
-       }
-
-
-__fips_constseg
-static const unsigned char XTS_128_key[] = {
-       0xa1,0xb9,0x0c,0xba,0x3f,0x06,0xac,0x35,0x3b,0x2c,0x34,0x38,
-       0x76,0x08,0x17,0x62,0x09,0x09,0x23,0x02,0x6e,0x91,0x77,0x18,
-       0x15,0xf2,0x9d,0xab,0x01,0x93,0x2f,0x2f
-};
-__fips_constseg
-static const unsigned char XTS_128_i[] = {
-       0x4f,0xae,0xf7,0x11,0x7c,0xda,0x59,0xc6,0x6e,0x4b,0x92,0x01,
-       0x3e,0x76,0x8a,0xd5
-};
-__fips_constseg
-static const unsigned char XTS_128_pt[] = {
-       0xeb,0xab,0xce,0x95,0xb1,0x4d,0x3c,0x8d,0x6f,0xb3,0x50,0x39,
-       0x07,0x90,0x31,0x1c
-};
-__fips_constseg
-static const unsigned char XTS_128_ct[] = {
-       0x77,0x8a,0xe8,0xb4,0x3c,0xb9,0x8d,0x5a,0x82,0x50,0x81,0xd5,
-       0xbe,0x47,0x1c,0x63
-};
-
-__fips_constseg
-static const unsigned char XTS_256_key[] = {
-       0x1e,0xa6,0x61,0xc5,0x8d,0x94,0x3a,0x0e,0x48,0x01,0xe4,0x2f,
-       0x4b,0x09,0x47,0x14,0x9e,0x7f,0x9f,0x8e,0x3e,0x68,0xd0,0xc7,
-       0x50,0x52,0x10,0xbd,0x31,0x1a,0x0e,0x7c,0xd6,0xe1,0x3f,0xfd,
-       0xf2,0x41,0x8d,0x8d,0x19,0x11,0xc0,0x04,0xcd,0xa5,0x8d,0xa3,
-       0xd6,0x19,0xb7,0xe2,0xb9,0x14,0x1e,0x58,0x31,0x8e,0xea,0x39,
-       0x2c,0xf4,0x1b,0x08
-};
-__fips_constseg
-static const unsigned char XTS_256_i[] = {
-       0xad,0xf8,0xd9,0x26,0x27,0x46,0x4a,0xd2,0xf0,0x42,0x8e,0x84,
-       0xa9,0xf8,0x75,0x64
-};
-__fips_constseg
-static const unsigned char XTS_256_pt[] = {
-       0x2e,0xed,0xea,0x52,0xcd,0x82,0x15,0xe1,0xac,0xc6,0x47,0xe8,
-       0x10,0xbb,0xc3,0x64,0x2e,0x87,0x28,0x7f,0x8d,0x2e,0x57,0xe3,
-       0x6c,0x0a,0x24,0xfb,0xc1,0x2a,0x20,0x2e
-};
-__fips_constseg
-static const unsigned char XTS_256_ct[] = {
-       0xcb,0xaa,0xd0,0xe2,0xf6,0xce,0xa3,0xf5,0x0b,0x37,0xf9,0x34,
-       0xd4,0x6a,0x9b,0x13,0x0b,0x9d,0x54,0xf0,0x7e,0x34,0xf3,0x6a,
-       0xf7,0x93,0xe8,0x6f,0x73,0xc6,0xd7,0xdb
-};
-
-int FIPS_selftest_aes_xts()
-       {
-       int ret = 1;
-       EVP_CIPHER_CTX ctx;
-       FIPS_cipher_ctx_init(&ctx);
-
-       if (fips_cipher_test(FIPS_TEST_XTS, &ctx, EVP_aes_128_xts(),
-                               XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct,
-                               sizeof(XTS_128_pt)) <= 0)
-               ret = 0;
-
-       if (fips_cipher_test(FIPS_TEST_XTS, &ctx, EVP_aes_256_xts(),
-                               XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct,
-                               sizeof(XTS_256_pt)) <= 0)
-               ret = 0;
-
-       FIPS_cipher_ctx_cleanup(&ctx);
-       if (ret == 0)
-               FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS,FIPS_R_SELFTEST_FAILED);
-       return ret;
-       }
-
-#endif
diff --git a/fips/aes/fips_aesavs.c b/fips/aes/fips_aesavs.c
deleted file mode 100644 (file)
index fecaf99..0000000
+++ /dev/null
@@ -1,938 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-/*---------------------------------------------
-  NIST AES Algorithm Validation Suite
-  Test Program
-
-  Donated to OpenSSL by:
-  V-ONE Corporation
-  20250 Century Blvd, Suite 300
-  Germantown, MD 20874
-  U.S.A.
-  ----------------------------------------------*/
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <assert.h>
-#include <ctype.h>
-#include <openssl/aes.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-
-#include <openssl/err.h>
-#include "e_os.h"
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
-    printf("No FIPS AES support\n");
-    return(0);
-}
-
-#else
-
-#include <openssl/fips.h>
-#include "fips_utl.h"
-
-#define AES_BLOCK_SIZE 16
-
-#define VERBOSE 0
-
-/*-----------------------------------------------*/
-
-static int AESTest(EVP_CIPHER_CTX *ctx,
-           char *amode, int akeysz, unsigned char *aKey, 
-           unsigned char *iVec, 
-           int dir,  /* 0 = decrypt, 1 = encrypt */
-           unsigned char *plaintext, unsigned char *ciphertext, int len)
-    {
-    const EVP_CIPHER *cipher = NULL;
-
-    if (strcasecmp(amode, "CBC") == 0)
-       {
-       switch (akeysz)
-               {
-               case 128:
-               cipher = EVP_aes_128_cbc();
-               break;
-
-               case 192:
-               cipher = EVP_aes_192_cbc();
-               break;
-
-               case 256:
-               cipher = EVP_aes_256_cbc();
-               break;
-               }
-
-       }
-    else if (strcasecmp(amode, "ECB") == 0)
-       {
-       switch (akeysz)
-               {
-               case 128:
-               cipher = EVP_aes_128_ecb();
-               break;
-
-               case 192:
-               cipher = EVP_aes_192_ecb();
-               break;
-
-               case 256:
-               cipher = EVP_aes_256_ecb();
-               break;
-               }
-       }
-    else if (strcasecmp(amode, "CFB128") == 0)
-       {
-       switch (akeysz)
-               {
-               case 128:
-               cipher = EVP_aes_128_cfb128();
-               break;
-
-               case 192:
-               cipher = EVP_aes_192_cfb128();
-               break;
-
-               case 256:
-               cipher = EVP_aes_256_cfb128();
-               break;
-               }
-
-       }
-    else if (fips_strncasecmp(amode, "OFB", 3) == 0)
-       {
-       switch (akeysz)
-               {
-               case 128:
-               cipher = EVP_aes_128_ofb();
-               break;
-
-               case 192:
-               cipher = EVP_aes_192_ofb();
-               break;
-
-               case 256:
-               cipher = EVP_aes_256_ofb();
-               break;
-               }
-       }
-    else if(!strcasecmp(amode,"CFB1"))
-       {
-       switch (akeysz)
-               {
-               case 128:
-               cipher = EVP_aes_128_cfb1();
-               break;
-
-               case 192:
-               cipher = EVP_aes_192_cfb1();
-               break;
-
-               case 256:
-               cipher = EVP_aes_256_cfb1();
-               break;
-               }
-       }
-    else if(!strcasecmp(amode,"CFB8"))
-       {
-       switch (akeysz)
-               {
-               case 128:
-               cipher = EVP_aes_128_cfb8();
-               break;
-
-               case 192:
-               cipher = EVP_aes_192_cfb8();
-               break;
-
-               case 256:
-               cipher = EVP_aes_256_cfb8();
-               break;
-               }
-       }
-    else
-       {
-       printf("Unknown mode: %s\n", amode);
-       return 0;
-       }
-    if (!cipher)
-       {
-       printf("Invalid key size: %d\n", akeysz);
-       return 0; 
-       }
-    if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0)
-       return 0;
-    if(!strcasecmp(amode,"CFB1"))
-       M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
-    if (dir)
-               FIPS_cipher(ctx, ciphertext, plaintext, len);
-       else
-               FIPS_cipher(ctx, plaintext, ciphertext, len);
-    return 1;
-    }
-
-/*-----------------------------------------------*/
-char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
-char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"};
-enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128};
-enum XCrypt {XDECRYPT, XENCRYPT};
-
-/*=============================*/
-/*  Monte Carlo Tests          */
-/*-----------------------------*/
-
-/*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/
-/*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/
-
-#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
-#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
-
-static int do_mct(char *amode, 
-          int akeysz, unsigned char *aKey,unsigned char *iVec,
-          int dir, unsigned char *text, int len,
-          FILE *rfp)
-    {
-    int ret = 0;
-    unsigned char key[101][32];
-    unsigned char iv[101][AES_BLOCK_SIZE];
-    unsigned char ptext[1001][32];
-    unsigned char ctext[1001][32];
-    unsigned char ciphertext[64+4];
-    int i, j, n, n1, n2;
-    int imode = 0, nkeysz = akeysz/8;
-    EVP_CIPHER_CTX ctx;
-    FIPS_cipher_ctx_init(&ctx);
-
-    if (len > 32)
-       {
-       printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n", 
-              amode, akeysz);
-       return -1;
-       }
-    for (imode = 0; imode < 6; ++imode)
-       if (strcmp(amode, t_mode[imode]) == 0)
-           break;
-    if (imode == 6)
-       { 
-       printf("Unrecognized mode: %s\n", amode);
-       return -1;
-       }
-
-    memcpy(key[0], aKey, nkeysz);
-    if (iVec)
-       memcpy(iv[0], iVec, AES_BLOCK_SIZE);
-    if (dir == XENCRYPT)
-       memcpy(ptext[0], text, len);
-    else
-       memcpy(ctext[0], text, len);
-    for (i = 0; i < 100; ++i)
-       {
-       /* printf("Iteration %d\n", i); */
-       if (i > 0)
-           {
-           fprintf(rfp,"COUNT = %d" RESP_EOL ,i);
-           OutputValue("KEY",key[i],nkeysz,rfp,0);
-           if (imode != ECB)  /* ECB */
-               OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0);
-           /* Output Ciphertext | Plaintext */
-           OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp,
-                       imode == CFB1);
-           }
-       for (j = 0; j < 1000; ++j)
-           {
-           switch (imode)
-               {
-           case ECB:
-               if (j == 0)
-                   { /* set up encryption */
-                   ret = AESTest(&ctx, amode, akeysz, key[i], NULL, 
-                                 dir,  /* 0 = decrypt, 1 = encrypt */
-                                 ptext[j], ctext[j], len);
-                   if (dir == XENCRYPT)
-                       memcpy(ptext[j+1], ctext[j], len);
-                   else
-                       memcpy(ctext[j+1], ptext[j], len);
-                   }
-               else
-                   {
-                   if (dir == XENCRYPT)
-                       {
-                       FIPS_cipher(&ctx, ctext[j], ptext[j], len);
-                       memcpy(ptext[j+1], ctext[j], len);
-                       }
-                   else
-                       {
-                       FIPS_cipher(&ctx, ptext[j], ctext[j], len);
-                       memcpy(ctext[j+1], ptext[j], len);
-                       }
-                   }
-               break;
-
-           case CBC:
-           case OFB:  
-           case CFB128:
-               if (j == 0)
-                   {
-                   ret = AESTest(&ctx, amode, akeysz, key[i], iv[i], 
-                                 dir,  /* 0 = decrypt, 1 = encrypt */
-                                 ptext[j], ctext[j], len);
-                   if (dir == XENCRYPT)
-                       memcpy(ptext[j+1], iv[i], len);
-                   else
-                       memcpy(ctext[j+1], iv[i], len);
-                   }
-               else
-                   {
-                   if (dir == XENCRYPT)
-                       {
-                       FIPS_cipher(&ctx, ctext[j], ptext[j], len);
-                       memcpy(ptext[j+1], ctext[j-1], len);
-                       }
-                   else
-                       {
-                       FIPS_cipher(&ctx, ptext[j], ctext[j], len);
-                       memcpy(ctext[j+1], ptext[j-1], len);
-                       }
-                   }
-               break;
-
-           case CFB8:
-               if (j == 0)
-                   {
-                   ret = AESTest(&ctx, amode, akeysz, key[i], iv[i], 
-                                 dir,  /* 0 = decrypt, 1 = encrypt */
-                                 ptext[j], ctext[j], len);
-                   }
-               else
-                   {
-                   if (dir == XENCRYPT)
-                       FIPS_cipher(&ctx, ctext[j], ptext[j], len);
-                   else
-                       FIPS_cipher(&ctx, ptext[j], ctext[j], len);
-                   }
-               if (dir == XENCRYPT)
-                   {
-                   if (j < 16)
-                       memcpy(ptext[j+1], &iv[i][j], len);
-                   else
-                       memcpy(ptext[j+1], ctext[j-16], len);
-                   }
-               else
-                   {
-                   if (j < 16)
-                       memcpy(ctext[j+1], &iv[i][j], len);
-                   else
-                       memcpy(ctext[j+1], ptext[j-16], len);
-                   }
-               break;
-
-           case CFB1:
-               if(j == 0)
-                   {
-#if 0
-                   /* compensate for wrong endianness of input file */
-                   if(i == 0)
-                       ptext[0][0]<<=7;
-#endif
-                   ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
-                               ptext[j], ctext[j], len);
-                   }
-               else
-                   {
-                   if (dir == XENCRYPT)
-                       FIPS_cipher(&ctx, ctext[j], ptext[j], len);
-                   else
-                       FIPS_cipher(&ctx, ptext[j], ctext[j], len);
-
-                   }
-               if(dir == XENCRYPT)
-                   {
-                   if(j < 128)
-                       sb(ptext[j+1],0,gb(iv[i],j));
-                   else
-                       sb(ptext[j+1],0,gb(ctext[j-128],0));
-                   }
-               else
-                   {
-                   if(j < 128)
-                       sb(ctext[j+1],0,gb(iv[i],j));
-                   else
-                       sb(ctext[j+1],0,gb(ptext[j-128],0));
-                   }
-               break;
-               }
-           }
-       --j; /* reset to last of range */
-       /* Output Ciphertext | Plaintext */
-       OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp,
-                   imode == CFB1);
-       fprintf(rfp, RESP_EOL);  /* add separator */
-
-       /* Compute next KEY */
-       if (dir == XENCRYPT)
-           {
-           if (imode == CFB8)
-               { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
-               for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
-                   ciphertext[n1] = ctext[j-n2][0];
-               }
-           else if(imode == CFB1)
-               {
-               for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
-                   sb(ciphertext,n1,gb(ctext[j-n2],0));
-               }
-           else
-               switch (akeysz)
-                   {
-               case 128:
-                   memcpy(ciphertext, ctext[j], 16);
-                   break;
-               case 192:
-                   memcpy(ciphertext, ctext[j-1]+8, 8);
-                   memcpy(ciphertext+8, ctext[j], 16);
-                   break;
-               case 256:
-                   memcpy(ciphertext, ctext[j-1], 16);
-                   memcpy(ciphertext+16, ctext[j], 16);
-                   break;
-                   }
-           }
-       else
-           {
-           if (imode == CFB8)
-               { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
-               for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
-                   ciphertext[n1] = ptext[j-n2][0];
-               }
-           else if(imode == CFB1)
-               {
-               for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
-                   sb(ciphertext,n1,gb(ptext[j-n2],0));
-               }
-           else
-               switch (akeysz)
-                   {
-               case 128:
-                   memcpy(ciphertext, ptext[j], 16);
-                   break;
-               case 192:
-                   memcpy(ciphertext, ptext[j-1]+8, 8);
-                   memcpy(ciphertext+8, ptext[j], 16);
-                   break;
-               case 256:
-                   memcpy(ciphertext, ptext[j-1], 16);
-                   memcpy(ciphertext+16, ptext[j], 16);
-                   break;
-                   }
-           }
-       /* Compute next key: Key[i+1] = Key[i] xor ct */
-       for (n = 0; n < nkeysz; ++n)
-           key[i+1][n] = key[i][n] ^ ciphertext[n];
-       
-       /* Compute next IV and text */
-       if (dir == XENCRYPT)
-           {
-           switch (imode)
-               {
-           case ECB:
-               memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE);
-               break;
-           case CBC:
-           case OFB:
-           case CFB128:
-               memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE);
-               memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE);
-               break;
-           case CFB8:
-               /* IV[i+1] = ct */
-               for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
-                   iv[i+1][n1] = ctext[j-n2][0];
-               ptext[0][0] = ctext[j-16][0];
-               break;
-           case CFB1:
-               for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
-                   sb(iv[i+1],n1,gb(ctext[j-n2],0));
-               ptext[0][0]=ctext[j-128][0]&0x80;
-               break;
-               }
-           }
-       else
-           {
-           switch (imode)
-               {
-           case ECB:
-               memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE);
-               break;
-           case CBC:
-           case OFB:
-           case CFB128:
-               memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE);
-               memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE);
-               break;
-           case CFB8:
-               for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
-                   iv[i+1][n1] = ptext[j-n2][0];
-               ctext[0][0] = ptext[j-16][0];
-               break;
-           case CFB1:
-               for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
-                   sb(iv[i+1],n1,gb(ptext[j-n2],0));
-               ctext[0][0]=ptext[j-128][0]&0x80;
-               break;
-               }
-           }
-       }
-    FIPS_cipher_ctx_cleanup(&ctx);
-    return ret;
-    }
-
-/*================================================*/
-/*----------------------------
-  # Config info for v-one
-  # AESVS MMT test data for ECB
-  # State : Encrypt and Decrypt
-  # Key Length : 256
-  # Fri Aug 30 04:07:22 PM
-  ----------------------------*/
-
-static int proc_file(char *rqfile, char *rspfile)
-    {
-    char afn[256], rfn[256];
-    FILE *afp = NULL, *rfp = NULL;
-    char ibuf[2048];
-    char tbuf[2048];
-    int len;
-    char algo[8] = "";
-    char amode[8] = "";
-    char atest[8] = "";
-    int akeysz = 0;
-    unsigned char iVec[20], aKey[40];
-    int dir = -1, err = 0, step = 0;
-    unsigned char plaintext[2048];
-    unsigned char ciphertext[2048];
-    char *rp;
-    EVP_CIPHER_CTX ctx;
-    FIPS_cipher_ctx_init(&ctx);
-
-    if (!rqfile || !(*rqfile))
-       {
-       printf("No req file\n");
-       return -1;
-       }
-    strcpy(afn, rqfile);
-
-    if ((afp = fopen(afn, "r")) == NULL)
-       {
-       printf("Cannot open file: %s, %s\n", 
-              afn, strerror(errno));
-       return -1;
-       }
-    if (!rspfile)
-       {
-       strcpy(rfn,afn);
-       rp=strstr(rfn,"req/");
-#ifdef OPENSSL_SYS_WIN32
-       if (!rp)
-           rp=strstr(rfn,"req\\");
-#endif
-       assert(rp);
-       memcpy(rp,"rsp",3);
-       rp = strstr(rfn, ".req");
-       memcpy(rp, ".rsp", 4);
-       rspfile = rfn;
-       }
-    if ((rfp = fopen(rspfile, "w")) == NULL)
-       {
-       printf("Cannot open file: %s, %s\n", 
-              rfn, strerror(errno));
-       fclose(afp);
-       afp = NULL;
-       return -1;
-       }
-    while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
-       {
-       tidy_line(tbuf, ibuf);
-       /*      printf("step=%d ibuf=%s",step,ibuf); */
-       switch (step)
-           {
-       case 0:  /* read preamble */
-           if (ibuf[0] == '\n')
-               { /* end of preamble */
-               if ((*algo == '\0') ||
-                   (*amode == '\0') ||
-                   (akeysz == 0))
-                   {
-                   printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n",
-                          algo,amode,akeysz);
-                   err = 1;
-                   }
-               else
-                   {
-                   copy_line(ibuf, rfp);
-                   ++ step;
-                   }
-               }
-           else if (ibuf[0] != '#')
-               {
-               printf("Invalid preamble item: %s\n", ibuf);
-               err = 1;
-               }
-           else
-               { /* process preamble */
-               char *xp, *pp = ibuf+2;
-               int n;
-               if (akeysz)
-                   { /* insert current time & date */
-                   time_t rtim = time(0);
-                   fputs("# ", rfp);
-                   copy_line(ctime(&rtim), rfp);
-                   }
-               else
-                   {
-                   copy_line(ibuf, rfp);
-                   if (strncmp(pp, "AESVS ", 6) == 0)
-                       {
-                       strcpy(algo, "AES");
-                       /* get test type */
-                       pp += 6;
-                       xp = strchr(pp, ' ');
-                       n = xp-pp;
-                       strncpy(atest, pp, n);
-                       atest[n] = '\0';
-                       /* get mode */
-                       xp = strrchr(pp, ' '); /* get mode" */
-                       n = strlen(xp+1)-1;
-                       strncpy(amode, xp+1, n);
-                       amode[n] = '\0';
-                       /* amode[3] = '\0'; */
-                       if (VERBOSE)
-                               printf("Test = %s, Mode = %s\n", atest, amode);
-                       }
-                   else if (fips_strncasecmp(pp, "Key Length : ", 13) == 0)
-                       {
-                       akeysz = atoi(pp+13);
-                       if (VERBOSE)
-                               printf("Key size = %d\n", akeysz);
-                       }
-                   }
-               }
-           break;
-
-       case 1:  /* [ENCRYPT] | [DECRYPT] */
-           if (ibuf[0] == '[')
-               {
-               copy_line(ibuf, rfp);
-               ++step;
-               if (fips_strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
-                   dir = 1;
-               else if (fips_strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
-                   dir = 0;
-               else
-                   {
-                   printf("Invalid keyword: %s\n", ibuf);
-                   err = 1;
-                   }
-               break;
-               }
-           else if (dir == -1)
-               {
-               err = 1;
-               printf("Missing ENCRYPT/DECRYPT keyword\n");
-               break;
-               }
-           else 
-               step = 2;
-
-       case 2: /* KEY = xxxx */
-           copy_line(ibuf, rfp);
-           if(*ibuf == '\n')
-               break;
-           if(!fips_strncasecmp(ibuf,"COUNT = ",8))
-               break;
-
-           if (fips_strncasecmp(ibuf, "KEY = ", 6) != 0)
-               {
-               printf("Missing KEY\n");
-               err = 1;
-               }
-           else
-               {
-               len = hex2bin((char*)ibuf+6, aKey);
-               if (len < 0)
-                   {
-                   printf("Invalid KEY\n");
-                   err =1;
-                   break;
-                   }
-               PrintValue("KEY", aKey, len);
-               if (strcmp(amode, "ECB") == 0)
-                   {
-                   memset(iVec, 0, sizeof(iVec));
-                   step = (dir)? 4: 5;  /* no ivec for ECB */
-                   }
-               else
-                   ++step;
-               }
-           break;
-
-       case 3: /* IV = xxxx */
-           copy_line(ibuf, rfp);
-           if (fips_strncasecmp(ibuf, "IV = ", 5) != 0)
-               {
-               printf("Missing IV\n");
-               err = 1;
-               }
-           else
-               {
-               len = hex2bin((char*)ibuf+5, iVec);
-               if (len < 0)
-                   {
-                   printf("Invalid IV\n");
-                   err =1;
-                   break;
-                   }
-               PrintValue("IV", iVec, len);
-               step = (dir)? 4: 5;
-               }
-           break;
-
-       case 4: /* PLAINTEXT = xxxx */
-           copy_line(ibuf, rfp);
-           if (fips_strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
-               {
-               printf("Missing PLAINTEXT\n");
-               err = 1;
-               }
-           else
-               {
-               int nn = strlen(ibuf+12);
-               if(!strcmp(amode,"CFB1"))
-                   len=bint2bin(ibuf+12,nn-1,plaintext);
-               else
-                   len=hex2bin(ibuf+12, plaintext);
-               if (len < 0)
-                   {
-                   printf("Invalid PLAINTEXT: %s", ibuf+12);
-                   err =1;
-                   break;
-                   }
-               if (len >= (int)sizeof(plaintext))
-                   {
-                   printf("Buffer overflow\n");
-                   }
-               PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
-               if (strcmp(atest, "MCT") == 0)  /* Monte Carlo Test */
-                   {
-                   if(do_mct(amode, akeysz, aKey, iVec, 
-                             dir, (unsigned char*)plaintext, len, 
-                             rfp) < 0)
-                       err = 1;
-                   }
-               else
-                   {
-                   AESTest(&ctx, amode, akeysz, aKey, iVec, 
-                                 dir,  /* 0 = decrypt, 1 = encrypt */
-                                 plaintext, ciphertext, len);
-                   OutputValue("CIPHERTEXT",ciphertext,len,rfp,
-                               !strcmp(amode,"CFB1"));
-                   }
-               step = 6;
-               }
-           break;
-
-       case 5: /* CIPHERTEXT = xxxx */
-           copy_line(ibuf, rfp);
-           if (fips_strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
-               {
-               printf("Missing KEY\n");
-               err = 1;
-               }
-           else
-               {
-               if(!strcmp(amode,"CFB1"))
-                   len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
-               else
-                   len = hex2bin(ibuf+13,ciphertext);
-               if (len < 0)
-                   {
-                   printf("Invalid CIPHERTEXT\n");
-                   err =1;
-                   break;
-                   }
-
-               PrintValue("CIPHERTEXT", ciphertext, len);
-               if (strcmp(atest, "MCT") == 0)  /* Monte Carlo Test */
-                   {
-                   do_mct(amode, akeysz, aKey, iVec, 
-                          dir, ciphertext, len, rfp);
-                   }
-               else
-                   {
-                   AESTest(&ctx, amode, akeysz, aKey, iVec, 
-                                 dir,  /* 0 = decrypt, 1 = encrypt */
-                                 plaintext, ciphertext, len);
-                   OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
-                               !strcmp(amode,"CFB1"));
-                   }
-               step = 6;
-               }
-           break;
-
-       case 6:
-           if (ibuf[0] != '\n')
-               {
-               err = 1;
-               printf("Missing terminator\n");
-               }
-           else if (strcmp(atest, "MCT") != 0)
-               { /* MCT already added terminating nl */
-               copy_line(ibuf, rfp);
-               }
-           step = 1;
-           break;
-           }
-       }
-    if (rfp)
-       fclose(rfp);
-    if (afp)
-       fclose(afp);
-    FIPS_cipher_ctx_cleanup(&ctx);
-    return err;
-    }
-
-/*--------------------------------------------------
-  Processes either a single file or 
-  a set of files whose names are passed in a file.
-  A single file is specified as:
-    aes_test -f xxx.req
-  A set of files is specified as:
-    aes_test -d xxxxx.xxx
-  The default is: -d req.txt
---------------------------------------------------*/
-#ifdef FIPS_ALGVS
-int fips_aesavs_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
-    {
-    char *rqlist = "req.txt", *rspfile = NULL;
-    FILE *fp = NULL;
-    char fn[250] = "", rfn[256] = "";
-    int d_opt = 1;
-    fips_algtest_init();
-
-    if (argc > 1)
-       {
-       if (strcasecmp(argv[1], "-d") == 0)
-           {
-           d_opt = 1;
-           }
-       else if (strcasecmp(argv[1], "-f") == 0)
-           {
-           d_opt = 0;
-           }
-       else
-           {
-           printf("Invalid parameter: %s\n", argv[1]);
-           return 0;
-           }
-       if (argc < 3)
-           {
-           printf("Missing parameter\n");
-           return 0;
-           }
-       if (d_opt)
-           rqlist = argv[2];
-       else
-           {
-           strcpy(fn, argv[2]);
-           rspfile = argv[3];
-           }
-       }
-    if (d_opt)
-       { /* list of files (directory) */
-       if (!(fp = fopen(rqlist, "r")))
-           {
-           printf("Cannot open req list file\n");
-           return -1;
-           }
-       while (fgets(fn, sizeof(fn), fp))
-           {
-           strtok(fn, "\r\n");
-           strcpy(rfn, fn);
-           if (VERBOSE)
-               printf("Processing: %s\n", rfn);
-           if (proc_file(rfn, rspfile))
-               {
-               printf(">>> Processing failed for: %s <<<\n", rfn);
-               return 1;
-               }
-           }
-       fclose(fp);
-       }
-    else /* single file */
-       {
-       if (VERBOSE)
-           printf("Processing: %s\n", fn);
-       if (proc_file(fn, rspfile))
-           {
-           printf(">>> Processing failed for: %s <<<\n", fn);
-           }
-       }
-    return 0;
-    }
-
-#endif
diff --git a/fips/aes/fips_gcmtest.c b/fips/aes/fips_gcmtest.c
deleted file mode 100644 (file)
index 9f50857..0000000
+++ /dev/null
@@ -1,571 +0,0 @@
-/* fips/aes/fips_gcmtest.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#define OPENSSL_FIPSAPI
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-#include <stdio.h>
-
-int main(int argc, char **argv)
-{
-    printf("No FIPS GCM support\n");
-    return(0);
-}
-#else
-
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <string.h>
-#include <ctype.h>
-
-#include "fips_utl.h"
-
-static void gcmtest(FILE *in, FILE *out, int encrypt)
-       {
-       char buf[2048];
-       char lbuf[2048];
-       char *keyword, *value;
-       int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1;
-       int rv;
-       long l;
-       unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL;
-       unsigned char *ct = NULL, *pt = NULL;
-       EVP_CIPHER_CTX ctx;
-       const EVP_CIPHER *gcm = NULL;
-       FIPS_cipher_ctx_init(&ctx);
-
-       while(fgets(buf,sizeof buf,in) != NULL)
-               {
-               fputs(buf,out);
-               if (!parse_line(&keyword, &value, lbuf, buf))
-                       continue;
-               if(!strcmp(keyword,"[Keylen"))
-                       {
-                       keylen = atoi(value);
-                       if (keylen == 128)
-                               gcm = EVP_aes_128_gcm();
-                       else if (keylen == 192)
-                               gcm = EVP_aes_192_gcm();
-                       else if (keylen == 256)
-                               gcm = EVP_aes_256_gcm();
-                       else 
-                               {
-                               fprintf(stderr, "Unsupported keylen %d\n",
-                                                       keylen);
-                               }
-                       keylen >>= 3;
-                       }
-               else if (!strcmp(keyword, "[IVlen"))
-                       ivlen = atoi(value) >> 3;
-               else if (!strcmp(keyword, "[AADlen"))
-                       aadlen = atoi(value) >> 3;
-               else if (!strcmp(keyword, "[Taglen"))
-                       taglen = atoi(value) >> 3;
-               else if (!strcmp(keyword, "[PTlen"))
-                       ptlen = atoi(value) >> 3;
-               else if(!strcmp(keyword,"Key"))
-                       {
-                       key = hex2bin_m(value, &l);
-                       if (l != keylen)
-                               {
-                               fprintf(stderr, "Inconsistent Key length\n");
-                               exit(1);
-                               }
-                       }
-               else if(!strcmp(keyword,"IV"))
-                       {
-                       iv = hex2bin_m(value, &l);
-                       if (l != ivlen)
-                               {
-                               fprintf(stderr, "Inconsistent IV length\n");
-                               exit(1);
-                               }
-                       }
-               else if(!strcmp(keyword,"PT"))
-                       {
-                       pt = hex2bin_m(value, &l);
-                       if (l != ptlen)
-                               {
-                               fprintf(stderr, "Inconsistent PT length\n");
-                               exit(1);
-                               }
-                       }
-               else if(!strcmp(keyword,"CT"))
-                       {
-                       ct = hex2bin_m(value, &l);
-                       if (l != ptlen)
-                               {
-                               fprintf(stderr, "Inconsistent CT length\n");
-                               exit(1);
-                               }
-                       }
-               else if(!strcmp(keyword,"AAD"))
-                       {
-                       aad = hex2bin_m(value, &l);
-                       if (l != aadlen)
-                               {
-                               fprintf(stderr, "Inconsistent AAD length\n");
-                               exit(1);
-                               }
-                       }
-               else if(!strcmp(keyword,"Tag"))
-                       {
-                       tag = hex2bin_m(value, &l);
-                       if (l != taglen)
-                               {
-                               fprintf(stderr, "Inconsistent Tag length\n");
-                               exit(1);
-                               }
-                       }
-               if (encrypt && pt && aad && (iv || encrypt==1))
-                       {
-                       tag = OPENSSL_malloc(taglen);
-                       FIPS_cipherinit(&ctx, gcm, NULL, NULL, 1);
-                       /* Relax FIPS constraints for testing */
-                       M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
-                       FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
-                       if (encrypt == 1)
-                               {
-                               static unsigned char iv_fixed[4] = {1,2,3,4};
-                               if (!iv)
-                                       iv = OPENSSL_malloc(ivlen);
-                               FIPS_cipherinit(&ctx, NULL, key, NULL, 1);
-                               FIPS_cipher_ctx_ctrl(&ctx,
-                                               EVP_CTRL_GCM_SET_IV_FIXED,
-                                               4, iv_fixed);
-                               if (!FIPS_cipher_ctx_ctrl(&ctx,
-                                       EVP_CTRL_GCM_IV_GEN, 0, iv))
-                                       {
-                                       fprintf(stderr, "IV gen error\n");
-                                       exit(1);
-                                       }
-                               OutputValue("IV", iv, ivlen, out, 0);
-                               }
-                       else
-                               FIPS_cipherinit(&ctx, NULL, key, iv, 1);
-
-
-                       if (aadlen)
-                               FIPS_cipher(&ctx, NULL, aad, aadlen);
-                       if (ptlen)
-                               {
-                               ct = OPENSSL_malloc(ptlen);
-                               rv = FIPS_cipher(&ctx, ct, pt, ptlen);
-                               }
-                       FIPS_cipher(&ctx, NULL, NULL, 0);
-                       FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG,
-                                                               taglen, tag);   
-                       OutputValue("CT", ct, ptlen, out, 0);
-                       OutputValue("Tag", tag, taglen, out, 0);
-                       if (iv)
-                               OPENSSL_free(iv);
-                       if (aad)
-                               OPENSSL_free(aad);
-                       if (ct)
-                               OPENSSL_free(ct);
-                       if (pt)
-                               OPENSSL_free(pt);
-                       if (key)
-                               OPENSSL_free(key);
-                       if (tag)
-                               OPENSSL_free(tag);
-                       iv = aad = ct = pt = key = tag = NULL;
-                       }       
-               if (!encrypt && tag)
-                       {
-                       FIPS_cipherinit(&ctx, gcm, NULL, NULL, 0);
-                       /* Relax FIPS constraints for testing */
-                       M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
-                       FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
-                       FIPS_cipherinit(&ctx, NULL, key, iv, 0);
-                       FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag);
-                       if (aadlen)
-                               FIPS_cipher(&ctx, NULL, aad, aadlen);
-                       if (ptlen)
-                               {
-                               pt = OPENSSL_malloc(ptlen);
-                               rv = FIPS_cipher(&ctx, pt, ct, ptlen);
-                               }
-                       rv = FIPS_cipher(&ctx, NULL, NULL, 0);
-                       if (rv < 0)
-                               fprintf(out, "FAIL" RESP_EOL);
-                       else
-                               OutputValue("PT", pt, ptlen, out, 0);
-                       if (iv)
-                               OPENSSL_free(iv);
-                       if (aad)
-                               OPENSSL_free(aad);
-                       if (ct)
-                               OPENSSL_free(ct);
-                       if (pt)
-                               OPENSSL_free(pt);
-                       if (key)
-                               OPENSSL_free(key);
-                       if (tag)
-                               OPENSSL_free(tag);
-                       iv = aad = ct = pt = key = tag = NULL;
-                       }
-               }
-       FIPS_cipher_ctx_cleanup(&ctx);  
-       }
-
-static void xtstest(FILE *in, FILE *out)
-       {
-       char buf[204800];
-       char lbuf[204800];
-       char *keyword, *value;
-       int inlen = 0;
-       int encrypt = 0;
-       long l;
-       unsigned char *key = NULL, *iv = NULL;
-       unsigned char *inbuf = NULL, *outbuf = NULL;
-       EVP_CIPHER_CTX ctx;
-       const EVP_CIPHER *xts = NULL;
-       FIPS_cipher_ctx_init(&ctx);
-
-       while(fgets(buf,sizeof buf,in) != NULL)
-               {
-               fputs(buf,out);
-               if (buf[0] == '[' && strlen(buf) >= 9)
-                       {
-                       if(!strncmp(buf,"[ENCRYPT]", 9))
-                               encrypt = 1;
-                       else if(!strncmp(buf,"[DECRYPT]", 9))
-                               encrypt = 0;
-                       }
-               if  (!parse_line(&keyword, &value, lbuf, buf))
-                       continue;
-               else if(!strcmp(keyword,"Key"))
-                       {
-                       key = hex2bin_m(value, &l);
-                       if (l == 32)
-                               xts = EVP_aes_128_xts();
-                       else if (l == 64)
-                               xts = EVP_aes_256_xts();
-                       else
-                               {
-                               fprintf(stderr, "Inconsistent Key length\n");
-                               exit(1);
-                               }
-                       }
-               else if(!strcmp(keyword,"i"))
-                       {
-                       iv = hex2bin_m(value, &l);
-                       if (l != 16)
-                               {
-                               fprintf(stderr, "Inconsistent i length\n");
-                               exit(1);
-                               }
-                       }
-               else if(encrypt && !strcmp(keyword,"PT"))
-                       {
-                       inbuf = hex2bin_m(value, &l);
-                       inlen = l;
-                       }
-               else if(!encrypt && !strcmp(keyword,"CT"))
-                       {
-                       inbuf = hex2bin_m(value, &l);
-                       inlen = l;
-                       }
-               if (inbuf)
-                       {
-                       FIPS_cipherinit(&ctx, xts, key, iv, encrypt);
-                       outbuf = OPENSSL_malloc(inlen);
-                       FIPS_cipher(&ctx, outbuf, inbuf, inlen);
-                       OutputValue(encrypt ? "CT":"PT", outbuf, inlen, out, 0);
-                       OPENSSL_free(inbuf);
-                       OPENSSL_free(outbuf);
-                       OPENSSL_free(key);
-                       OPENSSL_free(iv);
-                       iv = key = inbuf = outbuf = NULL;
-                       }       
-               }
-       FIPS_cipher_ctx_cleanup(&ctx);  
-       }
-
-static void ccmtest(FILE *in, FILE *out)
-       {
-       char buf[200048];
-       char lbuf[200048];
-       char *keyword, *value;
-       long l;
-       unsigned char *Key = NULL, *Nonce = NULL;
-       unsigned char *Adata = NULL, *Payload = NULL;
-       unsigned char *CT = NULL;
-       int Plen = -1, Nlen = -1, Tlen = -1, Alen = -1;
-       int decr = 0;
-       EVP_CIPHER_CTX ctx;
-       const EVP_CIPHER *ccm = NULL;
-       FIPS_cipher_ctx_init(&ctx);
-
-       while(fgets(buf,sizeof buf,in) != NULL)
-               {
-               char *p;
-               fputs(buf,out);
-               redo:
-               if (!parse_line(&keyword, &value, lbuf, buf))
-                       continue;
-
-               /* If surrounded by square brackets zap them */
-               if (keyword[0] == '[')
-                       {
-                       keyword++;
-                       p = strchr(value, ']');
-                       if (p)
-                               *p = 0;
-                       }
-               /* See if we have a comma separated list of parameters
-                * if so copy rest of line back to buffer and redo later.
-                */
-               p = strchr(value, ',');
-               if (p)
-                       {
-                       *p = 0;
-                       strcpy(buf, p + 1);
-                       strcat(buf, "\n");
-                       decr = 1;
-                       }
-               if (!strcmp(keyword,"Plen"))
-                       Plen = atoi(value);
-               else if (!strcmp(keyword,"Nlen"))
-                       Nlen = atoi(value);
-               else if (!strcmp(keyword,"Tlen"))
-                       Tlen = atoi(value);
-               else if (!strcmp(keyword,"Alen"))
-                       Alen = atoi(value);
-               if (p)
-                       goto redo;
-               if (!strcmp(keyword,"Key"))
-                       {
-                       if (Key)
-                               OPENSSL_free(Key);
-                       Key = hex2bin_m(value, &l);
-                       if (l == 16)
-                               ccm = EVP_aes_128_ccm();
-                       else if (l == 24)
-                               ccm = EVP_aes_192_ccm();
-                       else if (l == 32)
-                               ccm = EVP_aes_256_ccm();
-                       else
-                               {
-                               fprintf(stderr, "Inconsistent Key length\n");
-                               exit(1);
-                               }
-                       }
-               else if (!strcmp(keyword,"Nonce"))
-                       {
-                       if (Nonce)
-                               OPENSSL_free(Nonce);
-                       Nonce = hex2bin_m(value, &l);
-                       if (l != Nlen)
-                               {
-                               fprintf(stderr, "Inconsistent nonce length\n");
-                               exit(1);
-                               }
-                       }
-               else if (!strcmp(keyword,"Payload") && !decr)
-                       {
-                       Payload = hex2bin_m(value, &l);
-                       if (Plen && l != Plen)
-                               {
-                               fprintf(stderr, "Inconsistent Payload length\n");
-                               exit(1);
-                               }
-                       }
-               else if (!strcmp(keyword,"Adata"))
-                       {
-                       if (Adata)
-                               OPENSSL_free(Adata);
-                       Adata = hex2bin_m(value, &l);
-                       if (Alen && l != Alen)
-                               {
-                               fprintf(stderr, "Inconsistent Payload length\n");
-                               exit(1);
-                               }
-                       }
-               else if (!strcmp(keyword,"CT") && decr)
-                       {
-                       CT = hex2bin_m(value, &l);
-                       if (l != (Plen + Tlen))
-                               {
-                               fprintf(stderr, "Inconsistent CT length\n");
-                               exit(1);
-                               }
-                       }
-               if (Payload)
-                       {
-                       FIPS_cipherinit(&ctx, ccm, NULL, NULL, 1);
-                       FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
-                       FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, Tlen, 0);
-                       FIPS_cipherinit(&ctx, NULL, Key, Nonce, 1);
-
-                       FIPS_cipher(&ctx, NULL, NULL, Plen);
-                       FIPS_cipher(&ctx, NULL, Adata, Alen);
-                       CT = OPENSSL_malloc(Plen + Tlen);
-                       FIPS_cipher(&ctx, CT, Payload, Plen);
-                       FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, Tlen,
-                                               CT + Plen);
-                       OutputValue("CT", CT, Plen + Tlen, out, 0);
-                       OPENSSL_free(CT);
-                       OPENSSL_free(Payload);
-                       CT = Payload = NULL;
-                       }
-               if (CT)
-                       {
-                       int rv;
-                       int len = Plen == 0 ? 1: Plen;
-                       FIPS_cipherinit(&ctx, ccm, NULL, NULL, 0);
-                       FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
-                       FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
-                                               Tlen, CT + Plen);
-                       FIPS_cipherinit(&ctx, NULL, Key, Nonce, 0);
-                       FIPS_cipher(&ctx, NULL, NULL, Plen);
-                       FIPS_cipher(&ctx, NULL, Adata, Alen);
-                       Payload = OPENSSL_malloc(len);
-                       rv = FIPS_cipher(&ctx, Payload, CT, Plen);
-                       if (rv >= 0)
-                               {
-                               if (rv == 0)
-                                       Payload[0] = 0;
-                               fputs("Result = Pass" RESP_EOL, out);
-                               OutputValue("Payload", Payload, len, out, 0);
-                               }
-                       else
-                               fputs("Result = Fail" RESP_EOL, out);
-                       OPENSSL_free(CT);
-                       OPENSSL_free(Payload);
-                       CT = Payload = NULL;
-                       }
-               }
-       if (Key)
-               OPENSSL_free(Key);
-       if (Nonce)
-               OPENSSL_free(Nonce);
-       if (Adata)
-               OPENSSL_free(Adata);
-       FIPS_cipher_ctx_cleanup(&ctx);
-       }
-
-#ifdef FIPS_ALGVS
-int fips_gcmtest_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
-       {
-       int encrypt;
-       int xts = 0, ccm = 0;
-       FILE *in, *out;
-       if (argc == 4)
-               {
-               in = fopen(argv[2], "r");
-               if (!in)
-                       {
-                       fprintf(stderr, "Error opening input file\n");
-                       exit(1);
-                       }
-               out = fopen(argv[3], "w");
-               if (!out)
-                       {
-                       fprintf(stderr, "Error opening output file\n");
-                       exit(1);
-                       }
-               }
-       else if (argc == 2)
-               {
-               in = stdin;
-               out = stdout;
-               }
-       else
-               {
-               fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]);
-               exit(1);
-               }
-       fips_algtest_init();
-       if(!strcmp(argv[1],"-encrypt"))
-               encrypt = 1;
-       else if(!strcmp(argv[1],"-encryptIVext"))
-               encrypt = 2;
-       else if(!strcmp(argv[1],"-decrypt"))
-               encrypt = 0;
-       else if(!strcmp(argv[1],"-ccm"))
-               ccm = 1;
-       else if(!strcmp(argv[1],"-xts"))
-               xts = 1;
-       else
-               {
-               fprintf(stderr,"Don't know how to %s.\n",argv[1]);
-               exit(1);
-               }
-
-       if (ccm)
-               ccmtest(in, out);
-       else if (xts)
-               xtstest(in, out);
-       else
-               gcmtest(in, out, encrypt);
-
-       if (argc == 4)
-               {
-               fclose(in);
-               fclose(out);
-               }
-
-       return 0;
-}
-
-#endif
diff --git a/fips/cmac/Makefile b/fips/cmac/Makefile
deleted file mode 100644 (file)
index fcbb8d2..0000000
+++ /dev/null
@@ -1,115 +0,0 @@
-#
-# OpenSSL/fips/cmac/Makefile
-#
-
-DIR=   cmac
-TOP=   ../..
-CC=    cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR=     /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG=   makedepend
-MAKEDEPEND=    $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=      Makefile
-AR=            ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=fips_cmactest.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_cmac_selftest.c
-LIBOBJ= fips_cmac_selftest.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER=        $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-       (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all:   lib
-
-lib:   $(LIBOBJ)
-       @echo $(LIBOBJ) > lib
-
-files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
-       @headerlist="$(EXHEADER)"; for i in $$headerlist; \
-       do \
-         (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-         chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done
-
-tags:
-       ctags $(SRC)
-
-tests:
-
-Q=../testvectors/cmac/req
-A=../testvectors/cmac/rsp
-
-fips_test:
-       -rm -rf $(A)
-       mkdir $(A)
-       if [ -f $(Q)/CMACGenAES256.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_cmactest -g < $(Q)/CMACGenAES256.req > $(A)/CMACGenAES256.rsp; fi
-       if [ -f $(Q)/CMACVerAES256.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_cmactest -v < $(Q)/CMACVerAES256.req > $(A)/CMACVerAES256.rsp; fi
-
-lint:
-       lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-       $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
-
-dclean:
-       $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-       mv -f Makefile.new $(MAKEFILE)
-
-clean:
-       rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_cmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_cmac_selftest.o: ../../include/openssl/cmac.h
-fips_cmac_selftest.o: ../../include/openssl/crypto.h
-fips_cmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_cmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_cmac_selftest.o: ../../include/openssl/lhash.h
-fips_cmac_selftest.o: ../../include/openssl/obj_mac.h
-fips_cmac_selftest.o: ../../include/openssl/objects.h
-fips_cmac_selftest.o: ../../include/openssl/opensslconf.h
-fips_cmac_selftest.o: ../../include/openssl/opensslv.h
-fips_cmac_selftest.o: ../../include/openssl/ossl_typ.h
-fips_cmac_selftest.o: ../../include/openssl/safestack.h
-fips_cmac_selftest.o: ../../include/openssl/stack.h
-fips_cmac_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
-fips_cmac_selftest.o: fips_cmac_selftest.c
-fips_cmactest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_cmactest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_cmactest.o: ../../include/openssl/cmac.h ../../include/openssl/crypto.h
-fips_cmactest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_cmactest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_cmactest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_cmactest.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_cmactest.o: ../../include/openssl/obj_mac.h
-fips_cmactest.o: ../../include/openssl/objects.h
-fips_cmactest.o: ../../include/openssl/opensslconf.h
-fips_cmactest.o: ../../include/openssl/opensslv.h
-fips_cmactest.o: ../../include/openssl/ossl_typ.h
-fips_cmactest.o: ../../include/openssl/safestack.h
-fips_cmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_cmactest.o: ../fips_utl.h fips_cmactest.c
diff --git a/fips/cmac/fips_cmac_selftest.c b/fips/cmac/fips_cmac_selftest.c
deleted file mode 100644 (file)
index 70764dd..0000000
+++ /dev/null
@@ -1,182 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/cmac.h>
-#include "fips_locl.h"
-
-#ifdef OPENSSL_FIPS
-typedef struct {
-       int nid;
-       const unsigned char key[EVP_MAX_KEY_LENGTH]; size_t keysize;
-       const unsigned char msg[64]; size_t msgsize;
-       const unsigned char mac[32]; size_t macsize;
-} CMAC_KAT;
-
-/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */
-__fips_constseg
-static const CMAC_KAT vector[] = {
-    {  NID_aes_128_cbc,        /* Count = 32 from CMACGenAES128.txt */
-       { 0x77,0xa7,0x7f,0xaf, 0x29,0x0c,0x1f,0xa3,
-         0x0c,0x68,0x3d,0xf1, 0x6b,0xa7,0xa7,0x7b, }, 128,
-       { 0x02,0x06,0x83,0xe1, 0xf0,0x39,0x2f,0x4c,
-         0xac,0x54,0x31,0x8b, 0x60,0x29,0x25,0x9e,
-         0x9c,0x55,0x3d,0xbc, 0x4b,0x6a,0xd9,0x98,
-         0xe6,0x4d,0x58,0xe4, 0xe7,0xdc,0x2e,0x13, }, 256,
-       { 0xfb,0xfe,0xa4,0x1b, }, 32
-    },
-    {  NID_aes_192_cbc,        /* Count = 23 from CMACGenAES192.txt */
-       { 0x7b,0x32,0x39,0x13, 0x69,0xaa,0x4c,0xa9,
-         0x75,0x58,0x09,0x5b, 0xe3,0xc3,0xec,0x86,
-         0x2b,0xd0,0x57,0xce, 0xf1,0xe3,0x2d,0x62, }, 192,
-       { 0x0 }, 0,
-       { 0xe4,0xd9,0x34,0x0b, 0x03,0xe6,0x7d,0xef,
-         0xd4,0x96,0x9c,0xc1, 0xed,0x37,0x35,0xe6, }, 128,
-    },
-    {  NID_aes_256_cbc,        /* Count = 33 from CMACGenAES256.txt */
-       { 0x0b,0x12,0x2a,0xc8, 0xf3,0x4e,0xd1,0xfe,
-         0x08,0x2a,0x36,0x25, 0xd1,0x57,0x56,0x14,
-         0x54,0x16,0x7a,0xc1, 0x45,0xa1,0x0b,0xbf,
-         0x77,0xc6,0xa7,0x05, 0x96,0xd5,0x74,0xf1, }, 256,
-       { 0x49,0x8b,0x53,0xfd, 0xec,0x87,0xed,0xcb,
-         0xf0,0x70,0x97,0xdc, 0xcd,0xe9,0x3a,0x08,
-         0x4b,0xad,0x75,0x01, 0xa2,0x24,0xe3,0x88,
-         0xdf,0x34,0x9c,0xe1, 0x89,0x59,0xfe,0x84,
-         0x85,0xf8,0xad,0x15, 0x37,0xf0,0xd8,0x96,
-         0xea,0x73,0xbe,0xdc, 0x72,0x14,0x71,0x3f, }, 384,
-       { 0xf6,0x2c,0x46,0x32, 0x9b, }, 40,
-    },
-    {  NID_des_ede3_cbc,       /* Count = 41 from CMACGenTDES3.req */
-       { 0x89,0xbc,0xd9,0x52, 0xa8,0xc8,0xab,0x37,
-         0x1a,0xf4,0x8a,0xc7, 0xd0,0x70,0x85,0xd5,
-         0xef,0xf7,0x02,0xe6, 0xd6,0x2c,0xdc,0x23, }, 192,
-       { 0xfa,0x62,0x0c,0x1b, 0xbe,0x97,0x31,0x9e,
-         0x9a,0x0c,0xf0,0x49, 0x21,0x21,0xf7,0xa2,
-         0x0e,0xb0,0x8a,0x6a, 0x70,0x9d,0xcb,0xd0,
-         0x0a,0xaf,0x38,0xe4, 0xf9,0x9e,0x75,0x4e, }, 256,
-       { 0x8f,0x49,0xa1,0xb7, 0xd6,0xaa,0x22,0x58, }, 64,
-    },
-};
-
-int FIPS_selftest_cmac()
-       {
-       size_t n, outlen;
-       unsigned char    out[32];
-       const EVP_CIPHER *cipher;
-       CMAC_CTX *ctx = CMAC_CTX_new();
-       const CMAC_KAT *t;
-       int subid = -1, rv = 1;
-
-       for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
-               {
-               cipher = FIPS_get_cipherbynid(t->nid);
-               if (!cipher)
-                       {
-                       rv = -1;
-                       goto err;
-                       }
-               subid = M_EVP_CIPHER_nid(cipher);
-               if (!fips_post_started(FIPS_TEST_CMAC, subid, 0))
-                       continue;
-               if (!CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0))
-                       {
-                       rv = -1;
-                       goto err;
-                       }
-               if (!CMAC_Update(ctx, t->msg, t->msgsize/8))
-                       {
-                       rv = -1;
-                       goto err;
-                       }
-                       
-               if (!fips_post_corrupt(FIPS_TEST_CMAC, subid, NULL))
-                       {
-                       if (!CMAC_Update(ctx, t->msg, 1))
-                               {
-                               rv = -1;
-                               goto err;
-                               }
-                       }
-               if (!CMAC_Final(ctx, out, &outlen))
-                       {
-                       rv = -1;
-                       goto err;
-                       }
-               CMAC_CTX_cleanup(ctx);
-
-               if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))
-                       {
-                       fips_post_failed(FIPS_TEST_CMAC, subid, NULL);
-                       rv = 0;
-                       }
-               else if (!fips_post_success(FIPS_TEST_CMAC, subid, NULL))
-                       {
-                       rv = 0;
-                       goto err;
-                       }
-               }
-
-       err:
-       CMAC_CTX_free(ctx);
-
-       if (rv == -1)
-               {
-               fips_post_failed(FIPS_TEST_CMAC, subid, NULL);
-               rv = 0;
-               }
-       if (!rv)
-                  FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
-
-       return rv;
-       }
-#endif
diff --git a/fips/cmac/fips_cmactest.c b/fips/cmac/fips_cmactest.c
deleted file mode 100644 (file)
index 2c8c766..0000000
+++ /dev/null
@@ -1,517 +0,0 @@
-/* fips_cmactest.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/cmac.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
-    printf("No FIPS CMAC support\n");
-    return(0);
-}
-
-#else
-
-#include <openssl/fips.h>
-#include "fips_utl.h"
-
-static int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
-       int mode, int Klen_counts_keys, int known_keylen);
-static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
-               unsigned char *Key, int Klen,
-               unsigned char *Msg, int Msglen,
-               int Tlen);
-static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
-               unsigned char *Key, int Klen,
-               unsigned char *Msg, int Msglen,
-               unsigned char *Mac, int Maclen,
-               int Tlen);
-
-#ifdef FIPS_ALGVS
-int fips_cmactest_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
-       {
-       FILE *in = NULL, *out = NULL;
-       int mode = 0;           /* 0 => Generate, 1 => Verify */
-       int Klen_counts_keys = 0; /* 0 => Klen is size of one key
-                                    1 => Klen is amount of keys
-                                 */
-       int known_keylen = 0;   /* Only set when Klen_counts_keys = 1 */
-       const EVP_CIPHER *cipher = 0;
-       int ret = 1;
-       fips_algtest_init();
-
-       while (argc > 1 && argv[1][0] == '-')
-               {
-               switch (argv[1][1])
-                       {
-               case 'a':
-                       {
-                       char *p = &argv[1][2];
-                       if (*p == '\0')
-                               {
-                               if (argc <= 2)
-                                       {
-                                       fprintf(stderr, "Option %s needs a value\n", argv[1]);
-                                       goto end;
-                                       }
-                               argv++;
-                               argc--;
-                               p = &argv[1][0];
-                               }
-                       if (!strcmp(p, "aes128"))
-                               cipher = EVP_aes_128_cbc();
-                       else if (!strcmp(p, "aes192"))
-                               cipher = EVP_aes_192_cbc();
-                       else if (!strcmp(p, "aes256"))
-                               cipher = EVP_aes_256_cbc();
-                       else if (!strcmp(p, "tdea3") || !strcmp(p, "tdes3"))
-                               {
-                               cipher = EVP_des_ede3_cbc();
-                               Klen_counts_keys = 1;
-                               known_keylen = 8;
-                               }
-                       else
-                               {
-                               fprintf(stderr, "Unknown algorithm %s\n", p);
-                               goto end;
-                               }
-                       }
-                       break;
-               case 'g':
-                       mode = 0;
-                       break;
-               case 'v':
-                       mode = 1;
-                       break;
-               default:
-                       fprintf(stderr, "Unknown option %s\n", argv[1]);
-                       goto end;
-                       }
-               argv++;
-               argc--;
-               }
-       if (argc == 1)
-               in = stdin;
-       else
-               in = fopen(argv[1], "r");
-
-       if (argc < 2)
-               out = stdout;
-       else
-               out = fopen(argv[2], "w");
-
-       if (!in)
-               {
-               fprintf(stderr, "FATAL input initialization error\n");
-               goto end;
-               }
-
-       if (!out)
-               {
-               fprintf(stderr, "FATAL output initialization error\n");
-               goto end;
-               }
-
-       if (!cmac_test(cipher, out, in, mode,
-                       Klen_counts_keys, known_keylen))
-               {
-               fprintf(stderr, "FATAL cmac file processing error\n");
-               goto end;
-               }
-       else
-               ret = 0;
-
-       end:
-
-       if (in && (in != stdin))
-               fclose(in);
-       if (out && (out != stdout))
-               fclose(out);
-
-       return ret;
-
-       }
-
-#define CMAC_TEST_MAXLINELEN   150000
-
-int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
-       int mode, int Klen_counts_keys, int known_keylen)
-       {
-       char *linebuf, *olinebuf, *p, *q;
-       char *keyword, *value;
-       unsigned char **Keys = NULL, *Msg = NULL, *Mac = NULL;
-       unsigned char *Key = NULL;
-       int Count, Klen, Mlen, Tlen;
-       long Keylen, Msglen, Maclen;
-       int ret = 0;
-       int lnum = 0;
-
-       olinebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
-       linebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
-
-       if (!linebuf || !olinebuf)
-               goto error;
-
-       Count = -1;
-       Klen = -1;
-       Mlen = -1;
-       Tlen = -1;
-
-       while (fgets(olinebuf, CMAC_TEST_MAXLINELEN, in))
-               {
-               lnum++;
-               strcpy(linebuf, olinebuf);
-               keyword = linebuf;
-               /* Skip leading space */
-               while (isspace((unsigned char)*keyword))
-                       keyword++;
-
-               /* Skip comments */
-               if (keyword[0] == '#')
-                       {
-                       if (fputs(olinebuf, out) < 0)
-                               goto error;
-                       continue;
-                       }
-
-               /* Look for = sign */
-               p = strchr(linebuf, '=');
-
-               /* If no = or starts with [ (for [L=20] line) just copy */
-               if (!p)
-                       {
-                       if (fputs(olinebuf, out) < 0)
-                               goto error;
-                       continue;
-                       }
-
-               q = p - 1;
-
-               /* Remove trailing space */
-               while (isspace((unsigned char)*q))
-                       *q-- = 0;
-
-               *p = 0;
-               value = p + 1;
-
-               /* Remove leading space from value */
-               while (isspace((unsigned char)*value))
-                       value++;
-
-               /* Remove trailing space from value */
-               p = value + strlen(value) - 1;
-
-               while (*p == '\n' || isspace((unsigned char)*p))
-                       *p-- = 0;
-
-               if (!strcmp(keyword, "Count"))
-                       {
-                       if (Count != -1)
-                               goto parse_error;
-                       Count = atoi(value);
-                       if (Count < 0)
-                               goto parse_error;
-                       }
-               else if (!strcmp(keyword, "Klen"))
-                       {
-                       if (Klen != -1)
-                               goto parse_error;
-                       Klen = atoi(value);
-                       if (Klen < 0)
-                               goto parse_error;
-                       if (Klen_counts_keys)
-                               {
-                               Keys = OPENSSL_malloc(sizeof(*Keys) * Klen);
-                               memset(Keys, '\0', sizeof(*Keys) * Klen);
-                               }
-                       else
-                               {
-                               Keys = OPENSSL_malloc(sizeof(*Keys));
-                               memset(Keys, '\0', sizeof(*Keys));
-                               }
-                       }
-               else if (!strcmp(keyword, "Mlen"))
-                       {
-                       if (Mlen != -1)
-                               goto parse_error;
-                       Mlen = atoi(value);
-                       if (Mlen < 0)
-                               goto parse_error;
-                       }
-               else if (!strcmp(keyword, "Tlen"))
-                       {
-                       if (Tlen != -1)
-                               goto parse_error;
-                       Tlen = atoi(value);
-                       if (Tlen < 0)
-                               goto parse_error;
-                       }
-               else if (!strcmp(keyword, "Key") && !Klen_counts_keys)
-                       {
-                       if (Keys[0])
-                               goto parse_error;
-                       Keys[0] = hex2bin_m(value, &Keylen);
-                       if (!Keys[0])
-                               goto parse_error;
-                       }
-               else if (!strncmp(keyword, "Key", 3) && Klen_counts_keys)
-                       {
-                       int keynum = atoi(keyword + 3);
-                       if (!keynum || keynum > Klen || Keys[keynum-1])
-                               goto parse_error;
-                       Keys[keynum-1] = hex2bin_m(value, &Keylen);
-                       if (!Keys[keynum-1])
-                               goto parse_error;
-                       }
-               else if (!strcmp(keyword, "Msg"))
-                       {
-                       if (Msg)
-                               goto parse_error;
-                       Msg = hex2bin_m(value, &Msglen);
-                       if (!Msg)
-                               goto parse_error;
-                       }
-               else if (!strcmp(keyword, "Mac"))
-                       {
-                       if (mode == 0)
-                               continue;
-                       if (Mac)
-                               goto parse_error;
-                       Mac = hex2bin_m(value, &Maclen);
-                       if (!Mac)
-                               goto parse_error;
-                       }
-               else if (!strcmp(keyword, "Result"))
-                       {
-                       if (mode == 1)
-                               continue;
-                       goto parse_error;
-                       }
-               else
-                       goto parse_error;
-
-               fputs(olinebuf, out);
-
-               if (Keys && Msg && (!mode || Mac) && (Tlen > 0) && (Klen > 0))
-                       {
-                       if (Klen_counts_keys)
-                               {
-                               int x;
-                               Key = OPENSSL_malloc(Klen * known_keylen);
-                               for (x = 0; x < Klen; x++)
-                                       {
-                                       memcpy(Key + x * known_keylen,
-                                               Keys[x], known_keylen);
-                                       OPENSSL_free(Keys[x]);
-                                       }
-                               Klen *= known_keylen;
-                               }
-                       else
-                               {
-                               Key = OPENSSL_malloc(Klen);
-                               memcpy(Key, Keys[0], Klen);
-                               OPENSSL_free(Keys[0]);
-                               }
-                       OPENSSL_free(Keys);
-
-                       switch(mode)
-                               {
-                       case 0:
-                               if (!print_cmac_gen(cipher, out,
-                                               Key, Klen,
-                                               Msg, Mlen,
-                                               Tlen))
-                                       goto error;
-                               break;
-                       case 1:
-                               if (!print_cmac_ver(cipher, out,
-                                               Key, Klen,
-                                               Msg, Mlen,
-                                               Mac, Maclen,
-                                               Tlen))
-                                       goto error;
-                               break;
-                               }
-
-                       OPENSSL_free(Key);
-                       Key = NULL;
-                       OPENSSL_free(Msg);
-                       Msg = NULL;
-                       OPENSSL_free(Mac);
-                       Mac = NULL;
-                       Klen = -1;
-                       Mlen = -1;
-                       Tlen = -1;
-                       Count = -1;
-                       }
-               }
-
-
-       ret = 1;
-
-
-       error:
-
-       if (olinebuf)
-               OPENSSL_free(olinebuf);
-       if (linebuf)
-               OPENSSL_free(linebuf);
-       if (Key)
-               OPENSSL_free(Key);
-       if (Msg)
-               OPENSSL_free(Msg);
-       if (Mac)
-               OPENSSL_free(Mac);
-
-       return ret;
-
-       parse_error:
-
-       fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
-
-       goto error;
-
-       }
-
-static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
-               unsigned char *Key, int Klen,
-               unsigned char *Msg, int Mlen,
-               int Tlen)
-       {
-       int rc, i;
-       size_t reslen;
-       unsigned char res[128];
-       CMAC_CTX *cmac_ctx = CMAC_CTX_new();
-
-       CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
-       CMAC_Update(cmac_ctx, Msg, Mlen);
-       if (!CMAC_Final(cmac_ctx, res, &reslen))
-               {
-               fputs("Error calculating CMAC\n", stderr);
-               rc = 0;
-               }
-       else if (Tlen > (int)reslen)
-               {
-               fputs("Parameter error, Tlen > CMAC length\n", stderr);
-               rc = 0;
-               }
-       else
-               {
-               fputs("Mac = ", out);
-               for (i = 0; i < Tlen; i++)
-                       fprintf(out, "%02x", res[i]);
-               fputs(RESP_EOL, out);
-               rc = 1;
-               }
-       CMAC_CTX_free(cmac_ctx);
-       return rc;
-       }
-
-static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
-               unsigned char *Key, int Klen,
-               unsigned char *Msg, int Mlen,
-               unsigned char *Mac, int Maclen,
-               int Tlen)
-       {
-       int rc = 1;
-       size_t reslen;
-       unsigned char res[128];
-       CMAC_CTX *cmac_ctx = CMAC_CTX_new();
-
-       CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
-       CMAC_Update(cmac_ctx, Msg, Mlen);
-       if (!CMAC_Final(cmac_ctx, res, &reslen))
-               {
-               fputs("Error calculating CMAC\n", stderr);
-               rc = 0;
-               }
-       else if (Tlen > (int)reslen)
-               {
-               fputs("Parameter error, Tlen > CMAC length\n", stderr);
-               rc = 0;
-               }
-       else if (Tlen != Maclen)
-               {
-               fputs("Parameter error, Tlen != resulting Mac length\n", stderr);
-               rc = 0;
-               }
-       else
-               {
-               if (!memcmp(Mac, res, Maclen))
-                       fputs("Result = P" RESP_EOL, out);
-               else
-                       fputs("Result = F" RESP_EOL, out);
-               }
-       CMAC_CTX_free(cmac_ctx);
-       return rc;
-       }
-
-#endif
diff --git a/fips/des/Makefile b/fips/des/Makefile
deleted file mode 100644 (file)
index 4ea4e64..0000000
+++ /dev/null
@@ -1,113 +0,0 @@
-#
-# OpenSSL/fips/des/Makefile
-#
-
-DIR=   des
-TOP=   ../..
-CC=    cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR=     /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG=   makedepend
-MAKEDEPEND=    $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=      Makefile
-AR=            ar r
-
-ASFLAGS= $(INCLUDES) $(ASFLAG)
-AFLAGS= $(ASFLAGS)
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST= fips_desmovs.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_des_selftest.c
-LIBOBJ=fips_des_selftest.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER=
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-       (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all:   lib
-
-lib:   $(LIBOBJ)
-       @echo $(LIBOBJ) > lib
-
-files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
-       @headerlist="$(EXHEADER)"; for i in $$headerlist; \
-       do  \
-         (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-         chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done
-
-tags:
-       ctags $(SRC)
-
-tests:
-
-fips_test:
-       -find ../testvectors/tdes/req -name '*.req' > testlist
-       -rm -rf ../testvectors/tdes/rsp
-       mkdir ../testvectors/tdes/rsp
-       if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_desmovs -d testlist; fi
-
-lint:
-       lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-       $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) \
-               $(SRC) $(TEST)
-dclean:
-       $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-       mv -f Makefile.new $(MAKEFILE)
-
-clean:
-       rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff testlist
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_des_selftest.o: ../../include/openssl/crypto.h
-fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_des_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_des_selftest.o: ../../include/openssl/lhash.h
-fips_des_selftest.o: ../../include/openssl/obj_mac.h
-fips_des_selftest.o: ../../include/openssl/objects.h
-fips_des_selftest.o: ../../include/openssl/opensslconf.h
-fips_des_selftest.o: ../../include/openssl/opensslv.h
-fips_des_selftest.o: ../../include/openssl/ossl_typ.h
-fips_des_selftest.o: ../../include/openssl/safestack.h
-fips_des_selftest.o: ../../include/openssl/stack.h
-fips_des_selftest.o: ../../include/openssl/symhacks.h fips_des_selftest.c
-fips_desmovs.o: ../../e_os.h ../../include/openssl/aes.h
-fips_desmovs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_desmovs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_desmovs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-fips_desmovs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_desmovs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_desmovs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_desmovs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_desmovs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_desmovs.o: ../../include/openssl/opensslconf.h
-fips_desmovs.o: ../../include/openssl/opensslv.h
-fips_desmovs.o: ../../include/openssl/ossl_typ.h
-fips_desmovs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_desmovs.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-fips_desmovs.o: ../../include/openssl/ui_compat.h ../fips_utl.h fips_desmovs.c
diff --git a/fips/des/fips_des_selftest.c b/fips/des/fips_des_selftest.c
deleted file mode 100644 (file)
index a014f6f..0000000
+++ /dev/null
@@ -1,106 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/evp.h>
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_FIPS
-
-__fips_constseg
-static const struct
-    {
-    const unsigned char key[24];
-    const unsigned char plaintext[8];
-    const unsigned char ciphertext[8];
-    } tests3[]=
-       {
-       {
-       { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-         0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
-         0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 },
-       { 0x8f,0x8f,0xbf,0x9b,0x5d,0x48,0xb4,0x1c },
-       { 0x59,0x8c,0xe5,0xd3,0x6c,0xa2,0xea,0x1b },
-       },
-       {
-       { 0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE,
-         0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
-         0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
-       { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
-       { 0x11,0x25,0xb0,0x35,0xbe,0xa0,0x82,0x86 },
-       },
-       };
-
-int FIPS_selftest_des()
-    {
-    int n, ret = 0;
-    EVP_CIPHER_CTX ctx;
-    FIPS_cipher_ctx_init(&ctx);
-
-    /* Encrypt/decrypt with 3DES and compare to known answers */
-    for(n=0 ; n < 2 ; ++n)
-       {
-       if (!fips_cipher_test(FIPS_TEST_CIPHER, &ctx, EVP_des_ede3_ecb(),
-                               tests3[n].key, NULL,
-                               tests3[n].plaintext, tests3[n].ciphertext, 8))
-               goto err;
-       }
-    ret = 1;
-    err:
-    FIPS_cipher_ctx_cleanup(&ctx);
-    if (ret == 0)
-           FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
-
-    return ret;
-    }
-#endif
diff --git a/fips/des/fips_desmovs.c b/fips/des/fips_desmovs.c
deleted file mode 100644 (file)
index 2bbeb53..0000000
+++ /dev/null
@@ -1,710 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-/*---------------------------------------------
-  NIST DES Modes of Operation Validation System
-  Test Program
-
-  Based on the AES Validation Suite, which was:
-  Donated to OpenSSL by:
-  V-ONE Corporation
-  20250 Century Blvd, Suite 300
-  Germantown, MD 20874
-  U.S.A.
-  ----------------------------------------------*/
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <assert.h>
-#include <ctype.h>
-#include <openssl/crypto.h>
-#include <openssl/des.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-
-#include <openssl/err.h>
-#include "e_os.h"
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
-    printf("No FIPS DES support\n");
-    return(0);
-}
-
-#else
-
-#include "fips_utl.h"
-#include <openssl/fips.h>
-
-#define DES_BLOCK_SIZE 8
-
-#define VERBOSE 0
-
-static int DESTest(EVP_CIPHER_CTX *ctx,
-           char *amode, int akeysz, unsigned char *aKey, 
-           unsigned char *iVec, 
-           int dir,  /* 0 = decrypt, 1 = encrypt */
-           unsigned char *out, unsigned char *in, int len)
-    {
-    const EVP_CIPHER *cipher = NULL;
-
-    if (akeysz != 192)
-       {
-       printf("Invalid key size: %d\n", akeysz);
-       return 0;
-       }
-
-    if (fips_strcasecmp(amode, "CBC") == 0)
-       cipher = EVP_des_ede3_cbc();
-    else if (fips_strcasecmp(amode, "ECB") == 0)
-       cipher = EVP_des_ede3_ecb();
-    else if (fips_strcasecmp(amode, "CFB64") == 0)
-       cipher = EVP_des_ede3_cfb64();
-    else if (fips_strncasecmp(amode, "OFB", 3) == 0)
-       cipher = EVP_des_ede3_ofb();
-    else if(!fips_strcasecmp(amode,"CFB8"))
-       cipher = EVP_des_ede3_cfb8();
-    else if(!fips_strcasecmp(amode,"CFB1"))
-       cipher = EVP_des_ede3_cfb1();
-    else
-       {
-       printf("Unknown mode: %s\n", amode);
-       return 0;
-       }
-
-    if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0)
-       return 0;
-    if(!fips_strcasecmp(amode,"CFB1"))
-       M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
-    FIPS_cipher(ctx, out, in, len);
-
-    return 1;
-    }
-#if 0
-static void DebugValue(char *tag, unsigned char *val, int len)
-    {
-    char obuf[2048];
-    int olen;
-    olen = bin2hex(val, len, obuf);
-    printf("%s = %.*s\n", tag, olen, obuf);
-    }
-#endif
-static void shiftin(unsigned char *dst,unsigned char *src,int nbits)
-    {
-    int n;
-
-    /* move the bytes... */
-    memmove(dst,dst+nbits/8,3*8-nbits/8);
-    /* append new data */
-    memcpy(dst+3*8-nbits/8,src,(nbits+7)/8);
-    /* left shift the bits */
-    if(nbits%8)
-       for(n=0 ; n < 3*8 ; ++n)
-           dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8));
-    }  
-
-/*-----------------------------------------------*/
-char *tdes_t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
-char *tdes_t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
-enum tdes_Mode {TCBC, TECB, TOFB, TCFB1, TCFB8, TCFB64};
-int Sizes[6]={64,64,64,1,8,64};
-
-static int do_tmct(char *amode, 
-           int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec,
-           int dir, unsigned char *text, int len,
-           FILE *rfp)
-    {
-    int i,imode;
-    unsigned char nk[4*8]; /* longest key+8 */
-    unsigned char text0[8];
-
-    for (imode=0 ; imode < 6 ; ++imode)
-       if(!strcmp(amode,tdes_t_mode[imode]))
-           break;
-    if (imode == 6)
-       { 
-       printf("Unrecognized mode: %s\n", amode);
-       return 0;
-       }
-    for(i=0 ; i < 400 ; ++i)
-       {
-       int j;
-       int n;
-       int kp=akeysz/64;
-       unsigned char old_iv[8];
-       EVP_CIPHER_CTX ctx;
-       FIPS_cipher_ctx_init(&ctx);
-
-       fprintf(rfp,RESP_EOL "COUNT = %d" RESP_EOL,i);
-       if(kp == 1)
-           OutputValue("KEY",akey,8,rfp,0);
-       else
-           for(n=0 ; n < kp ; ++n)
-               {
-               fprintf(rfp,"KEY%d",n+1);
-               OutputValue("",akey+n*8,8,rfp,0);
-               }
-
-       if(imode != TECB)
-           OutputValue("IV",ivec,8,rfp,0);
-       OutputValue(tdes_t_tag[dir^1],text,len,rfp,imode == TCFB1);
-#if 0
-       /* compensate for endianness */
-       if(imode == TCFB1)
-           text[0]<<=7;
-#endif
-       memcpy(text0,text,8);
-
-       for(j=0 ; j < 10000 ; ++j)
-           {
-           unsigned char old_text[8];
-
-           memcpy(old_text,text,8);
-           if(j == 0)
-               {
-               memcpy(old_iv,ivec,8);
-               DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len);
-               }
-           else
-               {
-               memcpy(old_iv,ctx.iv,8);
-               FIPS_cipher(&ctx,text,text,len);
-               }
-           if(j == 9999)
-               {
-               OutputValue(tdes_t_tag[dir],text,len,rfp,imode == TCFB1);
-               /*              memcpy(ivec,text,8); */
-               }
-           /*      DebugValue("iv",ctx.iv,8); */
-           /* accumulate material for the next key */
-           shiftin(nk,text,Sizes[imode]);
-           /*      DebugValue("nk",nk,24);*/
-           if((dir && (imode == TCFB1 || imode == TCFB8
-                       || imode == TCFB64 || imode == TCBC)) || imode == TOFB)
-               memcpy(text,old_iv,8);
-
-           if(!dir && (imode == TCFB1 || imode == TCFB8 || imode == TCFB64))
-               {
-               /* the test specifies using the output of the raw DES operation
-                  which we don't have, so reconstruct it... */
-               for(n=0 ; n < 8 ; ++n)
-                   text[n]^=old_text[n];
-               }
-           }
-       for(n=0 ; n < 8 ; ++n)
-           akey[n]^=nk[16+n];
-       for(n=0 ; n < 8 ; ++n)
-           akey[8+n]^=nk[8+n];
-       for(n=0 ; n < 8 ; ++n)
-           akey[16+n]^=nk[n];
-       if(numkeys < 3)
-           memcpy(&akey[2*8],akey,8);
-       if(numkeys < 2)
-           memcpy(&akey[8],akey,8);
-       DES_set_odd_parity((DES_cblock *)akey);
-       DES_set_odd_parity((DES_cblock *)(akey+8));
-       DES_set_odd_parity((DES_cblock *)(akey+16));
-       memcpy(ivec,ctx.iv,8);
-
-       /* pointless exercise - the final text doesn't depend on the
-          initial text in OFB mode, so who cares what it is? (Who
-          designed these tests?) */
-       if(imode == TOFB)
-           for(n=0 ; n < 8 ; ++n)
-               text[n]=text0[n]^old_iv[n];
-       FIPS_cipher_ctx_cleanup(&ctx);
-       }
-    return 1;
-    }
-    
-static int tproc_file(char *rqfile, char *rspfile)
-    {
-    char afn[256], rfn[256];
-    FILE *afp = NULL, *rfp = NULL;
-    char ibuf[2048], tbuf[2048];
-    int len;
-    char amode[8] = "";
-    char atest[100] = "";
-    int akeysz=0;
-    unsigned char iVec[20], aKey[40];
-    int dir = -1, err = 0, step = 0, echo = 1;
-    unsigned char plaintext[2048];
-    unsigned char ciphertext[2048];
-    char *rp;
-    EVP_CIPHER_CTX ctx;
-    int numkeys=1;
-    FIPS_cipher_ctx_init(&ctx);
-
-    if (!rqfile || !(*rqfile))
-       {
-       printf("No req file\n");
-       return -1;
-       }
-    strcpy(afn, rqfile);
-
-    if ((afp = fopen(afn, "r")) == NULL)
-       {
-       printf("Cannot open file: %s, %s\n", 
-              afn, strerror(errno));
-       return -1;
-       }
-    if (!rspfile)
-       {
-       strcpy(rfn,afn);
-       rp=strstr(rfn,"req/");
-#ifdef OPENSSL_SYS_WIN32
-       if (!rp)
-           rp=strstr(rfn,"req\\");
-#endif
-       assert(rp);
-       memcpy(rp,"rsp",3);
-       rp = strstr(rfn, ".req");
-       memcpy(rp, ".rsp", 4);
-       rspfile = rfn;
-       }
-    if ((rfp = fopen(rspfile, "w")) == NULL)
-       {
-       printf("Cannot open file: %s, %s\n", 
-              rfn, strerror(errno));
-       fclose(afp);
-       afp = NULL;
-       return -1;
-       }
-    while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
-       {
-       tidy_line(tbuf, ibuf);
-       /*      printf("step=%d ibuf=%s",step,ibuf);*/
-       if(step == 3 && !strcmp(amode,"ECB"))
-           {
-           memset(iVec, 0, sizeof(iVec));
-           step = (dir)? 4: 5;  /* no ivec for ECB */
-           }
-       switch (step)
-           {
-       case 0:  /* read preamble */
-           if (ibuf[0] == '\n')
-               { /* end of preamble */
-               if (*amode == '\0')
-                   {
-                   printf("Missing Mode\n");
-                   err = 1;
-                   }
-               else
-                   {
-                   copy_line(ibuf, rfp);
-                   ++ step;
-                   }
-               }
-           else if (ibuf[0] != '#')
-               {
-               printf("Invalid preamble item: %s\n", ibuf);
-               err = 1;
-               }
-           else
-               { /* process preamble */
-               char *xp, *pp = ibuf+2;
-               int n;
-               if(*amode)
-                   { /* insert current time & date */
-                   time_t rtim = time(0);
-                   fputs("# ", rfp);
-                   copy_line(ctime(&rtim), rfp);
-                   }
-               else
-                   {
-                   copy_line(ibuf, rfp);
-                   if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4)
-                      || !strncmp(pp,"TDES ",5)
-                      || !strncmp(pp,"PERMUTATION ",12)
-                      || !strncmp(pp,"SUBSTITUTION ",13)
-                      || !strncmp(pp,"VARIABLE ",9))
-                       {
-                       /* get test type */
-                       if(!strncmp(pp,"DES ",4))
-                           pp+=4;
-                       else if(!strncmp(pp,"TDES ",5))
-                           pp+=5;
-                       xp = strchr(pp, ' ');
-                       n = xp-pp;
-                       strncpy(atest, pp, n);
-                       atest[n] = '\0';
-                       /* get mode */
-                       xp = strrchr(pp, ' '); /* get mode" */
-                       n = strlen(xp+1)-1;
-                       strncpy(amode, xp+1, n);
-                       amode[n] = '\0';
-                       if (!strcmp(atest, "Monte"))
-                               echo = 0;
-                       /* amode[3] = '\0'; */
-                       if (VERBOSE)
-                               printf("Test=%s, Mode=%s\n",atest,amode);
-                       }
-                   }
-               }
-           break;
-
-       case 1:  /* [ENCRYPT] | [DECRYPT] */
-           if(ibuf[0] == '\n')
-               break;
-           if (ibuf[0] == '[')
-               {
-               copy_line(ibuf, rfp);
-               ++step;
-               if (fips_strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
-                   dir = 1;
-               else if (fips_strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
-                   dir = 0;
-               else
-                   {
-                   printf("Invalid keyword: %s\n", ibuf);
-                   err = 1;
-                   }
-               break;
-               }
-           else if (dir == -1)
-               {
-               err = 1;
-               printf("Missing ENCRYPT/DECRYPT keyword\n");
-               break;
-               }
-           else 
-               step = 2;
-
-       case 2: /* KEY = xxxx */
-           if(*ibuf == '\n')
-               {
-               copy_line(ibuf, rfp);
-               break;
-                }
-           if(!fips_strncasecmp(ibuf,"COUNT = ",8))
-               {
-               copy_line(ibuf, rfp);
-               break;
-                }
-           if(!fips_strncasecmp(ibuf,"COUNT=",6))
-               {
-               copy_line(ibuf, rfp);
-               break;
-                }
-           if(!fips_strncasecmp(ibuf,"NumKeys = ",10))
-               {
-               numkeys=atoi(ibuf+10);
-               break;
-               }
-           if (echo) 
-               copy_line(ibuf, rfp);
-           if(!fips_strncasecmp(ibuf,"KEY = ",6))
-               {
-               akeysz=64;
-               len = hex2bin((char*)ibuf+6, aKey);
-               if (len < 0)
-                   {
-                   printf("Invalid KEY\n");
-                   err=1;
-                   break;
-                   }
-               PrintValue("KEY", aKey, len);
-               ++step;
-               }
-           else if(!fips_strncasecmp(ibuf,"KEYs = ",7))
-               {
-               akeysz=64*3;
-               len=hex2bin(ibuf+7,aKey);
-               if(len != 8)
-                   {
-                   printf("Invalid KEY\n");
-                   err=1;
-                   break;
-                   }
-               memcpy(aKey+8,aKey,8);
-               memcpy(aKey+16,aKey,8);
-               ibuf[4]='\0';
-               PrintValue("KEYs",aKey,len);
-               ++step;
-               }
-           else if(!fips_strncasecmp(ibuf,"KEY",3))
-               {
-               int n=ibuf[3]-'1';
-
-               akeysz=64*3;
-               len=hex2bin(ibuf+7,aKey+n*8);
-               if(len != 8)
-                   {
-                   printf("Invalid KEY\n");
-                   err=1;
-                   break;
-                   }
-               ibuf[4]='\0';
-               PrintValue(ibuf,aKey,len);
-               if(n == 2)
-                   ++step;
-               }
-           else
-               {
-               printf("Missing KEY\n");
-               err = 1;
-               }
-           break;
-
-       case 3: /* IV = xxxx */
-           if (echo)
-               copy_line(ibuf, rfp);
-           if (fips_strncasecmp(ibuf, "IV = ", 5) != 0)
-               {
-               printf("Missing IV\n");
-               err = 1;
-               }
-           else
-               {
-               len = hex2bin((char*)ibuf+5, iVec);
-               if (len < 0)
-                   {
-                   printf("Invalid IV\n");
-                   err =1;
-                   break;
-                   }
-               PrintValue("IV", iVec, len);
-               step = (dir)? 4: 5;
-               }
-           break;
-
-       case 4: /* PLAINTEXT = xxxx */
-           if (echo)
-               copy_line(ibuf, rfp);
-           if (fips_strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
-               {
-               printf("Missing PLAINTEXT\n");
-               err = 1;
-               }
-           else
-               {
-               int nn = strlen(ibuf+12);
-               if(!strcmp(amode,"CFB1"))
-                   len=bint2bin(ibuf+12,nn-1,plaintext);
-               else
-                   len=hex2bin(ibuf+12, plaintext);
-               if (len < 0)
-                   {
-                   printf("Invalid PLAINTEXT: %s", ibuf+12);
-                   err =1;
-                   break;
-                   }
-               if (len >= (int)sizeof(plaintext))
-                   {
-                   printf("Buffer overflow\n");
-                   }
-               PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
-               if (strcmp(atest, "Monte") == 0)  /* Monte Carlo Test */
-                   {
-                   if (!do_tmct(amode,akeysz,numkeys,aKey,iVec,
-                                       dir,plaintext,len,rfp))
-                       return -1;
-                   }
-               else
-                   {
-                   assert(dir == 1);
-                   DESTest(&ctx, amode, akeysz, aKey, iVec, 
-                                 dir,  /* 0 = decrypt, 1 = encrypt */
-                                 ciphertext, plaintext, len);
-                   OutputValue("CIPHERTEXT",ciphertext,len,rfp,
-                               !strcmp(amode,"CFB1"));
-                   }
-               step = 6;
-               }
-           break;
-
-       case 5: /* CIPHERTEXT = xxxx */
-           if (echo)
-               copy_line(ibuf, rfp);
-           if (fips_strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
-               {
-               printf("Missing KEY\n");
-               err = 1;
-               }
-           else
-               {
-               if(!strcmp(amode,"CFB1"))
-                   len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
-               else
-                   len = hex2bin(ibuf+13,ciphertext);
-               if (len < 0)
-                   {
-                   printf("Invalid CIPHERTEXT\n");
-                   err =1;
-                   break;
-                   }
-               
-               PrintValue("CIPHERTEXT", ciphertext, len);
-               if (strcmp(atest, "Monte") == 0)  /* Monte Carlo Test */
-                   {
-                   do_tmct(amode, akeysz, numkeys, aKey, iVec, 
-                          dir, ciphertext, len, rfp);
-                   }
-               else
-                   {
-                   assert(dir == 0);
-                   DESTest(&ctx, amode, akeysz, aKey, iVec, 
-                                 dir,  /* 0 = decrypt, 1 = encrypt */
-                                 plaintext, ciphertext, len);
-                   OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
-                               !strcmp(amode,"CFB1"));
-                   }
-               step = 6;
-               }
-           break;
-
-       case 6:
-           if (ibuf[0] != '\n')
-               {
-               err = 1;
-               printf("Missing terminator\n");
-               }
-           else if (strcmp(atest, "MCT") != 0)
-               { /* MCT already added terminating nl */
-               copy_line(ibuf, rfp);
-               }
-           step = 1;
-           break;
-           }
-       }
-    if (rfp)
-       fclose(rfp);
-    if (afp)
-       fclose(afp);
-    FIPS_cipher_ctx_cleanup(&ctx);
-    return err;
-    }
-
-/*--------------------------------------------------
-  Processes either a single file or 
-  a set of files whose names are passed in a file.
-  A single file is specified as:
-    aes_test -f xxx.req
-  A set of files is specified as:
-    aes_test -d xxxxx.xxx
-  The default is: -d req.txt
---------------------------------------------------*/
-#ifdef FIPS_ALGVS
-int fips_desmovs_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
-    {
-    char *rqlist = "req.txt", *rspfile = NULL;
-    FILE *fp = NULL;
-    char fn[250] = "", rfn[256] = "";
-    int d_opt = 1;
-
-    fips_algtest_init();
-    if (argc > 1)
-       {
-       if (fips_strcasecmp(argv[1], "-d") == 0)
-           {
-           d_opt = 1;
-           }
-       else if (fips_strcasecmp(argv[1], "-f") == 0)
-           {
-           d_opt = 0;
-           }
-       else
-           {
-           printf("Invalid parameter: %s\n", argv[1]);
-           return 0;
-           }
-       if (argc < 3)
-           {
-           printf("Missing parameter\n");
-           return 0;
-           }
-       if (d_opt)
-           rqlist = argv[2];
-       else
-           {
-           strcpy(fn, argv[2]);
-           rspfile = argv[3];
-           }
-       }
-    if (d_opt)
-       { /* list of files (directory) */
-       if (!(fp = fopen(rqlist, "r")))
-           {
-           printf("Cannot open req list file\n");
-           return -1;
-           }
-       while (fgets(fn, sizeof(fn), fp))
-           {
-           strtok(fn, "\r\n");
-           strcpy(rfn, fn);
-           printf("Processing: %s\n", rfn);
-           if (tproc_file(rfn, rspfile))
-               {
-               printf(">>> Processing failed for: %s <<<\n", rfn);
-               return -1;
-               }
-           }
-       fclose(fp);
-       }
-    else /* single file */
-       {
-       if (VERBOSE)
-               printf("Processing: %s\n", fn);
-       if (tproc_file(fn, rspfile))
-           {
-           printf(">>> Processing failed for: %s <<<\n", fn);
-           }
-       }
-    return 0;
-    }
-
-#endif
diff --git a/fips/dh/Makefile b/fips/dh/Makefile
deleted file mode 100644 (file)
index 5707621..0000000
+++ /dev/null
@@ -1,99 +0,0 @@
-#
-# OpenSSL/fips/dh/Makefile
-#
-
-DIR=   dh
-TOP=   ../..
-CC=    cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR=     /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG=   makedepend
-MAKEDEPEND=    $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=      Makefile
-AR=            ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST= fips_dhvs.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_dh_lib.c
-LIBOBJ= fips_dh_lib.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER=        $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-       (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all:   lib
-
-lib:   $(LIBOBJ)
-       @echo $(LIBOBJ) > lib
-
-files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
-       @headerlist="$(EXHEADER)"; for i in $$headerlist; \
-       do  \
-         (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-         chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done
-
-tags:
-       ctags $(SRC)
-
-tests:
-
-fips_test:
-
-lint:
-       lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-       $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
-
-dclean:
-       $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-       mv -f Makefile.new $(MAKEFILE)
-
-clean:
-       rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-fips_dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
-fips_dh_lib.o: ../../include/openssl/opensslconf.h
-fips_dh_lib.o: ../../include/openssl/opensslv.h
-fips_dh_lib.o: ../../include/openssl/ossl_typ.h
-fips_dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_dh_lib.o: ../../include/openssl/symhacks.h fips_dh_lib.c
-fips_dhvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_dhvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_dhvs.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-fips_dhvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_dhvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_dhvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_dhvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_dhvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_dhvs.o: ../../include/openssl/opensslconf.h
-fips_dhvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-fips_dhvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_dhvs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_dhvs.c
diff --git a/fips/dh/fips_dh_lib.c b/fips/dh/fips_dh_lib.c
deleted file mode 100644 (file)
index 747d949..0000000
+++ /dev/null
@@ -1,98 +0,0 @@
-/* fips_dh_lib.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/fips.h>
-
-/* Minimal FIPS versions of FIPS_dh_new() and FIPS_dh_free(): to
- * reduce external dependencies. 
- */
-
-DH *FIPS_dh_new(void)
-       {
-       DH *ret;
-       ret = OPENSSL_malloc(sizeof(DH));
-       if (!ret)
-               return NULL;
-       memset(ret, 0, sizeof(DH));
-       ret->meth = DH_OpenSSL();
-       if (ret->meth->init)
-               ret->meth->init(ret);
-       return ret;
-       }
-
-void FIPS_dh_free(DH *r)
-       {
-       if (!r)
-               return;
-       if (r->meth->finish)
-               r->meth->finish(r);
-       if (r->p != NULL) BN_clear_free(r->p);
-       if (r->g != NULL) BN_clear_free(r->g);
-       if (r->q != NULL) BN_clear_free(r->q);
-       if (r->j != NULL) BN_clear_free(r->j);
-       if (r->seed) OPENSSL_free(r->seed);
-       if (r->counter != NULL) BN_clear_free(r->counter);
-       if (r->pub_key != NULL) BN_clear_free(r->pub_key);
-       if (r->priv_key != NULL) BN_clear_free(r->priv_key);
-       OPENSSL_free(r);
-       }
diff --git a/fips/dh/fips_dhvs.c b/fips/dh/fips_dhvs.c
deleted file mode 100644 (file)
index 0fb52f7..0000000
+++ /dev/null
@@ -1,292 +0,0 @@
-/* fips/dh/fips_dhvs.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#define OPENSSL_FIPSAPI
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-#include <stdio.h>
-
-int main(int argc, char **argv)
-{
-    printf("No FIPS DH support\n");
-    return(0);
-}
-#else
-
-#include <openssl/crypto.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <string.h>
-#include <ctype.h>
-
-#include "fips_utl.h"
-
-static const EVP_MD *parse_md(char *line)
-       {
-       char *p;
-       if (line[0] != '[' || line[1] != 'F')
-               return NULL;
-       p = strchr(line, '-');
-       if (!p)
-               return NULL;
-       line = p + 1;
-       p = strchr(line, ']');
-       if (!p)
-               return NULL;
-       *p = 0;
-       p = line;
-       while(isspace(*p))
-               p++;
-       if (!strcmp(p, "SHA1"))
-               return EVP_sha1();
-       else if (!strcmp(p, "SHA224"))
-               return EVP_sha224();
-       else if (!strcmp(p, "SHA256"))
-               return EVP_sha256();
-       else if (!strcmp(p, "SHA384"))
-               return EVP_sha384();
-       else if (!strcmp(p, "SHA512"))
-               return EVP_sha512();
-       else
-               return NULL;
-       }
-
-static void output_Zhash(FILE *out, int exout,
-                               DH *dh, BIGNUM *peerkey, const EVP_MD *md,
-                               unsigned char *rhash, size_t rhashlen)
-       {
-       unsigned char *Z;
-       unsigned char chash[EVP_MAX_MD_SIZE];
-       int Zlen;
-       if (rhash == NULL)
-               {
-               rhashlen = M_EVP_MD_size(md);
-               if (!DH_generate_key(dh))
-                       exit (1);
-               do_bn_print_name(out, "YephemIUT", dh->pub_key);
-               if (exout)
-                       do_bn_print_name(out, "XephemIUT", dh->priv_key);
-               }
-       Z = OPENSSL_malloc(BN_num_bytes(dh->p));
-       if (!Z)
-               exit(1);
-       Zlen = DH_compute_key_padded(Z, peerkey, dh);
-       if (exout)
-               OutputValue("Z", Z, Zlen, out, 0);
-       FIPS_digest(Z, Zlen, chash, NULL, md);
-       OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0);
-       if (rhash)
-               {
-               fprintf(out, "Result = %s\n",
-                               memcmp(chash, rhash, rhashlen) ? "F" : "P");
-               }
-       else
-               {
-               BN_clear_free(dh->priv_key);
-               BN_clear_free(dh->pub_key);
-               dh->priv_key = NULL;
-               dh->pub_key = NULL;
-               }
-       OPENSSL_cleanse(Z, Zlen);
-       OPENSSL_free(Z);
-       }
-
-#ifdef FIPS_ALGVS
-int fips_dhvs_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
-       {
-       char **args = argv + 1;
-       int argn = argc - 1;
-       FILE *in, *out;
-       char buf[2048], lbuf[2048];
-       unsigned char *rhash;
-       long rhashlen;
-       DH *dh = NULL;
-       const EVP_MD *md = NULL;
-       BIGNUM *peerkey = NULL;
-       char *keyword = NULL, *value = NULL;
-       int do_verify = -1, exout = 0;
-
-       fips_algtest_init();
-
-       if (argn && !strcmp(*args, "dhver"))
-               {
-               do_verify = 1;
-               args++;
-               argn--;
-               }
-       else if (argn && !strcmp(*args, "dhgen"))
-               {
-               do_verify = 0;
-               args++;
-               argn--;
-               }
-
-       if (argn && !strcmp(*args, "-exout"))
-               {
-               exout = 1;
-               args++;
-               argn--;
-               }
-
-       if (do_verify == -1)
-               {
-               fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
-               exit(1);
-               }
-
-       if (argn == 2)
-               {
-               in = fopen(*args, "r");
-               if (!in)
-                       {
-                       fprintf(stderr, "Error opening input file\n");
-                       exit(1);
-                       }
-               out = fopen(args[1], "w");
-               if (!out)
-                       {
-                       fprintf(stderr, "Error opening output file\n");
-                       exit(1);
-                       }
-               }
-       else if (argn == 0)
-               {
-               in = stdin;
-               out = stdout;
-               }
-       else
-               {
-               fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
-               exit(1);
-               }
-
-       dh = FIPS_dh_new();
-
-       while (fgets(buf, sizeof(buf), in) != NULL)
-               {
-               fputs(buf, out);
-               if (strlen(buf) > 6 && !strncmp(buf, "[F", 2))
-                       {
-                       md = parse_md(buf);
-                       if (md == NULL)
-                               goto parse_error;
-                       if (dh)
-                               FIPS_dh_free(dh);
-                       dh = FIPS_dh_new();
-                       continue;
-                       }
-               if (!parse_line(&keyword, &value, lbuf, buf))
-                       continue;
-               if (!strcmp(keyword, "P"))
-                       {
-                       if (!do_hex2bn(&dh->p, value))
-                               goto parse_error;
-                       }
-               else if (!strcmp(keyword, "Q"))
-                       {
-                       if (!do_hex2bn(&dh->q, value))
-                               goto parse_error;
-                       }
-               else if (!strcmp(keyword, "G"))
-                       {
-                       if (!do_hex2bn(&dh->g, value))
-                               goto parse_error;
-                       }
-               else if (!strcmp(keyword, "XephemIUT"))
-                       {
-                       if (!do_hex2bn(&dh->priv_key, value))
-                               goto parse_error;
-                       }
-               else if (!strcmp(keyword, "YephemIUT"))
-                       {
-                       if (!do_hex2bn(&dh->pub_key, value))
-                               goto parse_error;
-                       }
-               else if (!strcmp(keyword, "YephemCAVS"))
-                       {
-                       if (!do_hex2bn(&peerkey, value))
-                               goto parse_error;
-                       if (do_verify == 0)
-                               output_Zhash(out, exout, dh, peerkey, md,
-                                                       NULL, 0);
-                       }
-               else if (!strcmp(keyword, "CAVSHashZZ"))
-                       {
-                       if (!md)
-                               goto parse_error;
-                       rhash = hex2bin_m(value, &rhashlen);
-                       if (!rhash || rhashlen != M_EVP_MD_size(md))
-                               goto parse_error;
-                       output_Zhash(out, exout, dh, peerkey, md,
-                                                       rhash, rhashlen);
-                       }
-               }
-       if (in && in != stdin)
-               fclose(in);
-       if (out && out != stdout)
-               fclose(out);
-       return 0;
-       parse_error:
-       fprintf(stderr, "Error Parsing request file\n");
-       exit(1);
-       }
-
-#endif
diff --git a/fips/dsa/Makefile b/fips/dsa/Makefile
deleted file mode 100644 (file)
index 03245ca..0000000
+++ /dev/null
@@ -1,149 +0,0 @@
-#
-# OpenSSL/fips/dsa/Makefile
-#
-
-DIR=   dsa
-TOP=   ../..
-CC=    cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR=     /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG=   makedepend
-MAKEDEPEND=    $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=      Makefile
-AR=            ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=fips_dsatest.c fips_dssvs.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_dsa_selftest.c \
-       fips_dsa_lib.c fips_dsa_sign.c
-LIBOBJ= fips_dsa_selftest.o \
-       fips_dsa_lib.o fips_dsa_sign.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER=        $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-       (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all:   lib
-
-lib:   $(LIBOBJ)
-       @echo $(LIBOBJ) > lib
-
-files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
-       @headerlist="$(EXHEADER)"; for i in $$headerlist; \
-       do  \
-         (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-         chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done
-
-tags:
-       ctags $(SRC)
-
-tests:
-
-Q=../testvectors/dsa/req
-A=../testvectors/dsa/rsp
-
-fips_test:
-       -rm -rf $A
-       mkdir $A
-       if [ -f $(Q)/PQGGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs pqg < $(Q)/PQGGen.req > $(A)/PQGGen.rsp; fi
-       if [ -f $(Q)/KeyPair.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs keypair < $(Q)/KeyPair.req > $(A)/KeyPair.rsp; fi
-       if [ -f $(Q)/SigGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs siggen < $(Q)/SigGen.req > $(A)/SigGen.rsp; fi
-       if [ -f $(Q)/SigVer.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp; fi
-
-lint:
-       lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-       $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
-
-dclean:
-       $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-       mv -f Makefile.new $(MAKEFILE)
-
-clean:
-       rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-fips_dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
-fips_dsa_lib.o: ../../include/openssl/opensslconf.h
-fips_dsa_lib.o: ../../include/openssl/opensslv.h
-fips_dsa_lib.o: ../../include/openssl/ossl_typ.h
-fips_dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_dsa_lib.o: ../../include/openssl/symhacks.h fips_dsa_lib.c
-fips_dsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_dsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_dsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-fips_dsa_selftest.o: ../../include/openssl/obj_mac.h
-fips_dsa_selftest.o: ../../include/openssl/objects.h
-fips_dsa_selftest.o: ../../include/openssl/opensslconf.h
-fips_dsa_selftest.o: ../../include/openssl/opensslv.h
-fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h
-fips_dsa_selftest.o: ../../include/openssl/safestack.h
-fips_dsa_selftest.o: ../../include/openssl/stack.h
-fips_dsa_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
-fips_dsa_selftest.o: fips_dsa_selftest.c
-fips_dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-fips_dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-fips_dsa_sign.o: ../../include/openssl/objects.h
-fips_dsa_sign.o: ../../include/openssl/opensslconf.h
-fips_dsa_sign.o: ../../include/openssl/opensslv.h
-fips_dsa_sign.o: ../../include/openssl/ossl_typ.h
-fips_dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-fips_dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_dsa_sign.o: fips_dsa_sign.c
-fips_dsatest.o: ../../e_os.h ../../include/openssl/aes.h
-fips_dsatest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_dsatest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_dsatest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-fips_dsatest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-fips_dsatest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_dsatest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
-fips_dsatest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-fips_dsatest.o: ../../include/openssl/objects.h
-fips_dsatest.o: ../../include/openssl/opensslconf.h
-fips_dsatest.o: ../../include/openssl/opensslv.h
-fips_dsatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-fips_dsatest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_dsatest.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_dsatest.c
-fips_dssvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_dssvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_dssvs.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-fips_dssvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_dssvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_dssvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_dssvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_dssvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_dssvs.o: ../../include/openssl/opensslconf.h
-fips_dssvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-fips_dssvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_dssvs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_dssvs.c
diff --git a/fips/dsa/fips_dsa_lib.c b/fips/dsa/fips_dsa_lib.c
deleted file mode 100644 (file)
index 2e2f192..0000000
+++ /dev/null
@@ -1,121 +0,0 @@
-/* fips_dsa_lib.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/dsa.h>
-#include <openssl/bn.h>
-#include <openssl/fips.h>
-
-/* Minimal FIPS versions of FIPS_dsa_new() and FIPS_dsa_free: to
- * reduce external dependencies. 
- */
-
-DSA *FIPS_dsa_new(void)
-       {
-       DSA *ret;
-       ret = OPENSSL_malloc(sizeof(DSA));
-       if (!ret)
-               return NULL;
-       memset(ret, 0, sizeof(DSA));
-       ret->meth = DSA_OpenSSL();
-       if (ret->meth->init)
-               ret->meth->init(ret);
-       return ret;
-       }
-
-void FIPS_dsa_free(DSA *r)
-       {
-       if (!r)
-               return;
-       if (r->meth->finish)
-               r->meth->finish(r);
-       if (r->p != NULL) BN_clear_free(r->p);
-       if (r->q != NULL) BN_clear_free(r->q);
-       if (r->g != NULL) BN_clear_free(r->g);
-       if (r->pub_key != NULL) BN_clear_free(r->pub_key);
-       if (r->priv_key != NULL) BN_clear_free(r->priv_key);
-       if (r->kinv != NULL) BN_clear_free(r->kinv);
-       if (r->r != NULL) BN_clear_free(r->r);
-       OPENSSL_free(r);
-       }
-
-DSA_SIG *FIPS_dsa_sig_new(void)
-       {
-       DSA_SIG *sig;
-       sig = OPENSSL_malloc(sizeof(DSA_SIG));
-       if (!sig)
-               return NULL;
-       sig->r = NULL;
-       sig->s = NULL;
-       return sig;
-       }
-
-void FIPS_dsa_sig_free(DSA_SIG *sig)
-       {
-       if (sig)
-               {
-               if (sig->r)
-                       BN_free(sig->r);
-               if (sig->s)
-                       BN_free(sig->s);
-               OPENSSL_free(sig);
-               }
-       }
-
diff --git a/fips/dsa/fips_dsa_selftest.c b/fips/dsa/fips_dsa_selftest.c
deleted file mode 100644 (file)
index 131f304..0000000
+++ /dev/null
@@ -1,183 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include "fips_locl.h"
-
-#ifdef OPENSSL_FIPS
-
-__fips_constseg
-static const unsigned char dsa_test_2048_p[] = {
-       0xa8,0x53,0x78,0xd8,0xfd,0x3f,0x8d,0x72,0xec,0x74,0x18,0x08,
-       0x0d,0xa2,0x13,0x17,0xe4,0x3e,0xc4,0xb6,0x2b,0xa8,0xc8,0x62,
-       0x3b,0x7e,0x4d,0x04,0x44,0x1d,0xd1,0xa0,0x65,0x86,0x62,0x59,
-       0x64,0x93,0xca,0x8e,0x9e,0x8f,0xbb,0x7e,0x34,0xaa,0xdd,0xb6,
-       0x2e,0x5d,0x67,0xb6,0xd0,0x9a,0x6e,0x61,0xb7,0x69,0xe7,0xc3,
-       0x52,0xaa,0x2b,0x10,0xe2,0x0c,0xa0,0x63,0x69,0x63,0xb5,0x52,
-       0x3e,0x86,0x47,0x0d,0xec,0xbb,0xed,0xa0,0x27,0xe7,0x97,0xe7,
-       0xb6,0x76,0x35,0xd4,0xd4,0x9c,0x30,0x70,0x0e,0x74,0xaf,0x8a,
-       0x0f,0xf1,0x56,0xa8,0x01,0xaf,0x57,0xa2,0x6e,0x70,0x78,0xf1,
-       0xd8,0x2f,0x74,0x90,0x8e,0xcb,0x6d,0x07,0xe7,0x0b,0x35,0x03,
-       0xee,0xd9,0x4f,0xa3,0x2c,0xf1,0x7a,0x7f,0xc3,0xd6,0xcf,0x40,
-       0xdc,0x7b,0x00,0x83,0x0e,0x6a,0x25,0x66,0xdc,0x07,0x3e,0x34,
-       0x33,0x12,0x51,0x7c,0x6a,0xa5,0x15,0x2b,0x4b,0xfe,0xcd,0x2e,
-       0x55,0x1f,0xee,0x34,0x63,0x18,0xa1,0x53,0x42,0x3c,0x99,0x6b,
-       0x0d,0x5d,0xcb,0x91,0x02,0xae,0xdd,0x38,0x79,0x86,0x16,0xf1,
-       0xf1,0xe0,0xd6,0xc4,0x03,0x52,0x5b,0x1f,0x9b,0x3d,0x4d,0xc7,
-       0x66,0xde,0x2d,0xfc,0x4a,0x56,0xd7,0xb8,0xba,0x59,0x63,0xd6,
-       0x0f,0x3e,0x16,0x31,0x88,0x70,0xad,0x43,0x69,0x52,0xe5,0x57,
-       0x65,0x37,0x4e,0xab,0x85,0xe8,0xec,0x17,0xd6,0xb9,0xa4,0x54,
-       0x7b,0x9b,0x5f,0x27,0x52,0xf3,0x10,0x5b,0xe8,0x09,0xb2,0x3a,
-       0x2c,0x8d,0x74,0x69,0xdb,0x02,0xe2,0x4d,0x59,0x23,0x94,0xa7,
-       0xdb,0xa0,0x69,0xe9
-};
-__fips_constseg
-static const unsigned char dsa_test_2048_q[] = {
-       0xd2,0x77,0x04,0x4e,0x50,0xf5,0xa4,0xe3,0xf5,0x10,0xa5,0x0a,
-       0x0b,0x84,0xfd,0xff,0xbc,0xa0,0x47,0xed,0x27,0x60,0x20,0x56,
-       0x74,0x41,0xa0,0xa5
-};
-__fips_constseg
-static const unsigned char dsa_test_2048_g[] = {
-       0x13,0xd7,0x54,0xe2,0x1f,0xd2,0x41,0x65,0x5d,0xa8,0x91,0xc5,
-       0x22,0xa6,0x5a,0x72,0xa8,0x9b,0xdc,0x64,0xec,0x9b,0x54,0xa8,
-       0x21,0xed,0x4a,0x89,0x8b,0x49,0x0e,0x0c,0x4f,0xcb,0x72,0x19,
-       0x2a,0x4a,0x20,0xf5,0x41,0xf3,0xf2,0x92,0x53,0x99,0xf0,0xba,
-       0xec,0xf9,0x29,0xaa,0xfb,0xf7,0x9d,0xfe,0x43,0x32,0x39,0x3b,
-       0x32,0xcd,0x2e,0x2f,0xcf,0x27,0x2f,0x32,0xa6,0x27,0x43,0x4a,
-       0x0d,0xf2,0x42,0xb7,0x5b,0x41,0x4d,0xf3,0x72,0x12,0x1e,0x53,
-       0xa5,0x53,0xf2,0x22,0xf8,0x36,0xb0,0x00,0xf0,0x16,0x48,0x5b,
-       0x6b,0xd0,0x89,0x84,0x51,0x80,0x1d,0xcd,0x8d,0xe6,0x4c,0xd5,
-       0x36,0x56,0x96,0xff,0xc5,0x32,0xd5,0x28,0xc5,0x06,0x62,0x0a,
-       0x94,0x2a,0x03,0x05,0x04,0x6d,0x8f,0x18,0x76,0x34,0x1f,0x1e,
-       0x57,0x0b,0xc3,0x97,0x4b,0xa6,0xb9,0xa4,0x38,0xe9,0x70,0x23,
-       0x02,0xa2,0xe6,0xe6,0x7b,0xfd,0x06,0xd3,0x2b,0xc6,0x79,0x96,
-       0x22,0x71,0xd7,0xb4,0x0c,0xd7,0x2f,0x38,0x6e,0x64,0xe0,0xd7,
-       0xef,0x86,0xca,0x8c,0xa5,0xd1,0x42,0x28,0xdc,0x2a,0x4f,0x16,
-       0xe3,0x18,0x98,0x86,0xb5,0x99,0x06,0x74,0xf4,0x20,0x0f,0x3a,
-       0x4c,0xf6,0x5a,0x3f,0x0d,0xdb,0xa1,0xfa,0x67,0x2d,0xff,0x2f,
-       0x5e,0x14,0x3d,0x10,0xe4,0xe9,0x7a,0xe8,0x4f,0x6d,0xa0,0x95,
-       0x35,0xd5,0xb9,0xdf,0x25,0x91,0x81,0xa7,0x9b,0x63,0xb0,0x69,
-       0xe9,0x49,0x97,0x2b,0x02,0xba,0x36,0xb3,0x58,0x6a,0xab,0x7e,
-       0x45,0xf3,0x22,0xf8,0x2e,0x4e,0x85,0xca,0x3a,0xb8,0x55,0x91,
-       0xb3,0xc2,0xa9,0x66
-};
-
-__fips_constseg
-static const unsigned char dsa_test_2048_pub_key[] = {
-       0x24,0x52,0xf3,0xcc,0xbe,0x9e,0xd5,0xca,0x7d,0xc7,0x4c,0x60,
-       0x2b,0x99,0x22,0x6e,0x8f,0x2f,0xab,0x38,0xe7,0xd7,0xdd,0xfb,
-       0x75,0x53,0x9b,0x17,0x15,0x5e,0x9f,0xcf,0xd1,0xab,0xa5,0x64,
-       0xeb,0x85,0x35,0xd8,0x12,0xc9,0xc2,0xdc,0xf9,0x72,0x84,0x44,
-       0x1b,0xc4,0x82,0x24,0x36,0x24,0xc7,0xf4,0x57,0x58,0x0c,0x1c,
-       0x38,0xa5,0x7c,0x46,0xc4,0x57,0x39,0x24,0x70,0xed,0xb5,0x2c,
-       0xb5,0xa6,0xe0,0x3f,0xe6,0x28,0x7b,0xb6,0xf4,0x9a,0x42,0xa2,
-       0x06,0x5a,0x05,0x4f,0x03,0x08,0x39,0xdf,0x1f,0xd3,0x14,0x9c,
-       0x4c,0xa0,0x53,0x1d,0xd8,0xca,0x8a,0xaa,0x9c,0xc7,0x33,0x71,
-       0x93,0x38,0x73,0x48,0x33,0x61,0x18,0x22,0x45,0x45,0xe8,0x8c,
-       0x80,0xff,0xd8,0x76,0x5d,0x74,0x36,0x03,0x33,0xcc,0xab,0x99,
-       0x72,0x77,0x9b,0x65,0x25,0xa6,0x5b,0xdd,0x0d,0x10,0xc6,0x75,
-       0xc1,0x09,0xbb,0xd3,0xe5,0xbe,0x4d,0x72,0xef,0x6e,0xba,0x6e,
-       0x43,0x8d,0x52,0x26,0x23,0x7d,0xb8,0x88,0x37,0x9c,0x5f,0xcc,
-       0x47,0xa3,0x84,0x7f,0xf6,0x37,0x11,0xba,0xed,0x6d,0x03,0xaf,
-       0xe8,0x1e,0x69,0x4a,0x41,0x3b,0x68,0x0b,0xd3,0x8a,0xb4,0x90,
-       0x3f,0x83,0x70,0xa7,0x07,0xef,0x55,0x1d,0x49,0x41,0x02,0x6d,
-       0x95,0x79,0xd6,0x91,0xde,0x8e,0xda,0xa1,0x61,0x05,0xeb,0x9d,
-       0xba,0x3c,0x2f,0x4c,0x1b,0xec,0x50,0x82,0x75,0xaa,0x02,0x07,
-       0xe2,0x51,0xb5,0xec,0xcb,0x28,0x6a,0x4b,0x01,0xd4,0x49,0xd3,
-       0x0a,0xcb,0x67,0x37,0x17,0xa0,0xd2,0xfb,0x3b,0x50,0xc8,0x93,
-       0xf7,0xda,0xb1,0x4f
-};
-__fips_constseg
-static const unsigned char dsa_test_2048_priv_key[] = {
-       0x0c,0x4b,0x30,0x89,0xd1,0xb8,0x62,0xcb,0x3c,0x43,0x64,0x91,
-       0xf0,0x91,0x54,0x70,0xc5,0x27,0x96,0xe3,0xac,0xbe,0xe8,0x00,
-       0xec,0x55,0xf6,0xcc
-};
-
-int FIPS_selftest_dsa()
-       {
-       DSA *dsa=NULL;
-       EVP_PKEY pk;
-       int ret = 0;
-
-       dsa = FIPS_dsa_new();
-
-       if(dsa == NULL)
-               goto err;
-
-       fips_load_key_component(dsa, p, dsa_test_2048);
-       fips_load_key_component(dsa, q, dsa_test_2048);
-       fips_load_key_component(dsa, g, dsa_test_2048);
-       fips_load_key_component(dsa, pub_key, dsa_test_2048);
-       fips_load_key_component(dsa, priv_key, dsa_test_2048);
-
-       pk.type = EVP_PKEY_DSA;
-       pk.pkey.dsa = dsa;
-
-       if (!fips_pkey_signature_test(FIPS_TEST_SIGNATURE, &pk, NULL, 0,
-                                       NULL, 0, EVP_sha384(), 0,
-                                       "DSA SHA384"))
-               goto err;
-       ret = 1;
-
-       err:
-       if (dsa)
-               FIPS_dsa_free(dsa);
-       return ret;
-       }
-#endif
diff --git a/fips/dsa/fips_dsa_sign.c b/fips/dsa/fips_dsa_sign.c
deleted file mode 100644 (file)
index 274bcd9..0000000
+++ /dev/null
@@ -1,141 +0,0 @@
-/* fips_dsa_sign.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/evp.h>
-#include <openssl/dsa.h>
-#include <openssl/err.h>
-#include <openssl/sha.h>
-#include <openssl/bn.h>
-
-#ifdef OPENSSL_FIPS
-
-/* FIPS versions of DSA_sign() and DSA_verify().
- * Handle DSA_SIG structures to avoid need to handle ASN1.
- */
-
-DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx)
-       {
-       DSA_SIG *s;
-       unsigned char dig[EVP_MAX_MD_SIZE];
-       unsigned int dlen;
-        FIPS_digestfinal(ctx, dig, &dlen);
-       s = dsa->meth->dsa_do_sign(dig,dlen,dsa);
-       OPENSSL_cleanse(dig, dlen);
-       return s;
-       }
-
-DSA_SIG * FIPS_dsa_sign_digest(DSA *dsa, const unsigned char *dig, int dlen)
-       {
-       if (FIPS_selftest_failed())
-               {
-               FIPSerr(FIPS_F_FIPS_DSA_SIGN_DIGEST, FIPS_R_SELFTEST_FAILED);
-               return NULL;
-               }
-       return dsa->meth->dsa_do_sign(dig, dlen, dsa);
-       }
-
-int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s)
-       {
-       int ret=-1;
-       unsigned char dig[EVP_MAX_MD_SIZE];
-       unsigned int dlen;
-        FIPS_digestfinal(ctx, dig, &dlen);
-       ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
-       OPENSSL_cleanse(dig, dlen);
-       return ret;
-       }
-
-int FIPS_dsa_verify_digest(DSA *dsa,
-                               const unsigned char *dig, int dlen, DSA_SIG *s)
-       {
-       if (FIPS_selftest_failed())
-               {
-               FIPSerr(FIPS_F_FIPS_DSA_VERIFY_DIGEST, FIPS_R_SELFTEST_FAILED);
-               return -1;
-               }
-       return dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
-       }
-
-int FIPS_dsa_verify(DSA *dsa, const unsigned char *msg, size_t msglen,
-                       const EVP_MD *mhash, DSA_SIG *s)
-       {
-       int ret=-1;
-       unsigned char dig[EVP_MAX_MD_SIZE];
-       unsigned int dlen;
-        FIPS_digest(msg, msglen, dig, &dlen, mhash);
-       ret=FIPS_dsa_verify_digest(dsa, dig, dlen, s);
-       OPENSSL_cleanse(dig, dlen);
-       return ret;
-       }
-
-DSA_SIG * FIPS_dsa_sign(DSA *dsa, const unsigned char *msg, size_t msglen,
-                       const EVP_MD *mhash)
-       {
-       DSA_SIG *s;
-       unsigned char dig[EVP_MAX_MD_SIZE];
-       unsigned int dlen;
-        FIPS_digest(msg, msglen, dig, &dlen, mhash);
-       s = FIPS_dsa_sign_digest(dsa, dig, dlen);
-       OPENSSL_cleanse(dig, dlen);
-       return s;
-       }
-
-#endif
diff --git a/fips/dsa/fips_dsatest.c b/fips/dsa/fips_dsatest.c
deleted file mode 100644 (file)
index 3c95d17..0000000
+++ /dev/null
@@ -1,256 +0,0 @@
-/* crypto/dsa/dsatest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include "e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-
-
-#if defined(OPENSSL_NO_DSA) || !defined(OPENSSL_FIPS)
-int main(int argc, char *argv[])
-{
-    printf("No FIPS DSA support\n");
-    return(0);
-}
-#else
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include <openssl/dsa.h>
-
-#ifdef OPENSSL_SYS_WIN16
-#define MS_CALLBACK     _far _loadds
-#else
-#define MS_CALLBACK
-#endif
-
-#include "fips_utl.h"
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
-
-/* seed, out_p, out_q, out_g are taken from the earlier validation test
- * vectors.
- */
-
-static unsigned char seed[20] = {
-       0x1c, 0xfb, 0xa9, 0x6c, 0xf7, 0x95, 0xb3, 0x2e, 0x01, 0x01, 0x3c, 0x8d,
-       0x7f, 0x6e, 0xf4, 0x59, 0xcc, 0x2f, 0x19, 0x59
-       };
-
-static unsigned char out_p[] = {
-       0xc2, 0x3c, 0x48, 0x31, 0x7e, 0x3b, 0x4e, 0x5d, 0x3c, 0x93, 0x78, 0x60,
-       0x5c, 0xf2, 0x60, 0xbb, 0x5a, 0xfa, 0x7f, 0x17, 0xf9, 0x26, 0x69, 0x46,
-       0xe7, 0x07, 0xbb, 0x3b, 0x2e, 0xc4, 0xb5, 0x66, 0xf7, 0x4d, 0xae, 0x9b,
-       0x8f, 0xf0, 0x42, 0xea, 0xb3, 0xa0, 0x7e, 0x81, 0x85, 0x89, 0xe6, 0xb0,
-       0x29, 0x03, 0x6b, 0xcc, 0xfb, 0x8e, 0x46, 0x15, 0x4d, 0xc1, 0x69, 0xd8,
-       0x2f, 0xef, 0x5c, 0x8b, 0x29, 0x32, 0x41, 0xbd, 0x13, 0x72, 0x3d, 0xac,
-       0x81, 0xcc, 0x86, 0x6c, 0x06, 0x5d, 0x51, 0xa1, 0xa5, 0x07, 0x0c, 0x3e,
-       0xbe, 0xdd, 0xf4, 0x6e, 0xa8, 0xed, 0xb4, 0x2f, 0xbd, 0x3e, 0x64, 0xea,
-       0xee, 0x92, 0xec, 0x51, 0xe1, 0x0d, 0xab, 0x25, 0x45, 0xae, 0x55, 0x21,
-       0x4d, 0xd6, 0x96, 0x6f, 0xe6, 0xaa, 0xd3, 0xca, 0x87, 0x92, 0xb1, 0x1c,
-       0x3c, 0xaf, 0x29, 0x09, 0x8b, 0xc6, 0xed, 0xe1
-       };
-
-static unsigned char out_q[] = {
-       0xae, 0x0a, 0x8c, 0xfb, 0x80, 0xe1, 0xc6, 0xd1, 0x09, 0x0f, 0x26, 0xde,
-       0x91, 0x53, 0xc2, 0x8b, 0x2b, 0x0f, 0xde, 0x7f
-       };
-
-static unsigned char out_g[] = {
-       0x0d, 0x7d, 0x92, 0x74, 0x10, 0xf6, 0xa4, 0x43, 0x86, 0x9a, 0xd1, 0xd9,
-       0x56, 0x00, 0xbc, 0x18, 0x97, 0x99, 0x4e, 0x9a, 0x93, 0xfb, 0x00, 0x3d,
-       0x6c, 0xa0, 0x1b, 0x95, 0x6b, 0xbd, 0xf7, 0x7a, 0xbc, 0x36, 0x3f, 0x3d,
-       0xb9, 0xbf, 0xf9, 0x91, 0x37, 0x68, 0xd1, 0xb9, 0x1e, 0xfe, 0x7f, 0x10,
-       0xc0, 0x6a, 0xcd, 0x5f, 0xc1, 0x65, 0x1a, 0xb8, 0xe7, 0xab, 0xb5, 0xc6,
-       0x8d, 0xb7, 0x86, 0xad, 0x3a, 0xbf, 0x6b, 0x7b, 0x0a, 0x66, 0xbe, 0xd5,
-       0x58, 0x23, 0x16, 0x48, 0x83, 0x29, 0xb6, 0xa7, 0x64, 0xc7, 0x08, 0xbe,
-       0x55, 0x4c, 0x6f, 0xcb, 0x34, 0xc1, 0x73, 0xb0, 0x39, 0x68, 0x52, 0xdf,
-       0x27, 0x7f, 0x32, 0xbc, 0x2b, 0x0d, 0x63, 0xed, 0x75, 0x3e, 0xb5, 0x54,
-       0xac, 0xc8, 0x20, 0x2a, 0x73, 0xe8, 0x29, 0x51, 0x03, 0x77, 0xe8, 0xc9,
-       0x61, 0x32, 0x25, 0xaf, 0x21, 0x5b, 0x6e, 0xda
-       };
-
-
-__fips_constseg
-static const unsigned char str1[]="12345678901234567890";
-
-__fips_constseg
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-int main(int argc, char **argv)
-       {
-       DSA *dsa=NULL;
-       DSA_SIG *sig = NULL;
-       int counter,ret=0,i,j;
-       unsigned char buf[256];
-       unsigned long h;
-       BN_GENCB cb;
-       BN_GENCB_set(&cb, dsa_cb, stderr);
-
-       fips_algtest_init();
-
-       fprintf(stderr,"test generation of DSA parameters\n");
-
-       dsa = FIPS_dsa_new();
-       DSA_generate_parameters_ex(dsa, 1024,seed,20,&counter,&h,&cb);
-
-       fprintf(stderr,"seed\n");
-       for (i=0; i<20; i+=4)
-               {
-               fprintf(stderr,"%02X%02X%02X%02X ",
-                       seed[i],seed[i+1],seed[i+2],seed[i+3]);
-               }
-       fprintf(stderr,"\ncounter=%d h=%ld\n",counter,h);
-
-       if (dsa == NULL) goto end;
-       if (counter != 16) 
-               {
-               fprintf(stderr,"counter should be 105\n");
-               goto end;
-               }
-       if (h != 2)
-               {
-               fprintf(stderr,"h should be 2\n");
-               goto end;
-               }
-
-       i=BN_bn2bin(dsa->q,buf);
-       j=sizeof(out_q);
-       if ((i != j) || (memcmp(buf,out_q,i) != 0))
-               {
-               fprintf(stderr,"q value is wrong\n");
-               goto end;
-               }
-
-       i=BN_bn2bin(dsa->p,buf);
-       j=sizeof(out_p);
-       if ((i != j) || (memcmp(buf,out_p,i) != 0))
-               {
-               fprintf(stderr,"p value is wrong\n");
-               goto end;
-               }
-
-       i=BN_bn2bin(dsa->g,buf);
-       j=sizeof(out_g);
-       if ((i != j) || (memcmp(buf,out_g,i) != 0))
-               {
-               fprintf(stderr,"g value is wrong\n");
-               goto end;
-               }
-       DSA_generate_key(dsa);
-
-       sig = FIPS_dsa_sign(dsa, str1, 20, EVP_sha1());
-       if (!sig)
-               goto end;
-
-       if (FIPS_dsa_verify(dsa, str1, 20, EVP_sha1(), sig) != 1)
-               goto end;
-
-       ret = 1;
-
-end:
-       if (sig)
-               FIPS_dsa_sig_free(sig);
-       if (dsa != NULL) FIPS_dsa_free(dsa);
-#if 0
-       CRYPTO_mem_leaks(bio_err);
-#endif
-       EXIT(!ret);
-       return(!ret);
-       }
-
-static int cb_exit(int ec)
-       {
-       EXIT(ec);
-       return(0);              /* To keep some compilers quiet */
-       }
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
-       {
-       char c='*';
-       static int ok=0,num=0;
-
-       if (p == 0) { c='.'; num++; };
-       if (p == 1) c='+';
-       if (p == 2) { c='*'; ok++; }
-       if (p == 3) c='\n';
-       fwrite(&c,1, 1, cb->arg);
-       fflush(cb->arg);
-
-       if (!ok && (p == 0) && (num > 1))
-               {
-               fprintf(cb->arg,"error in dsatest\n");
-               cb_exit(1);
-               }
-       return 1;
-       }
-#endif
diff --git a/fips/dsa/fips_dssvs.c b/fips/dsa/fips_dssvs.c
deleted file mode 100644 (file)
index 6a0b40f..0000000
+++ /dev/null
@@ -1,793 +0,0 @@
-
-#define OPENSSL_FIPSAPI
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-#include <stdio.h>
-
-int main(int argc, char **argv)
-{
-    printf("No FIPS DSA support\n");
-    return(0);
-}
-#else
-
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <string.h>
-#include <ctype.h>
-
-#include "fips_utl.h"
-
-static int parse_mod(char *line, int *pdsa2, int *pL, int *pN,
-                               const EVP_MD **pmd)
-       {
-       char lbuf[10240];
-       char *keyword, *value;
-
-       char *p;
-       p = strchr(line, ',');
-       if (!p)
-               {
-               *pL = atoi(line);
-               *pdsa2 = 0;
-               *pN = 160;
-               if (pmd)
-                       *pmd = EVP_sha1();
-               return 1;
-               }
-       *pdsa2 = 1;
-       *p = 0;
-       if (!parse_line2(&keyword, &value, lbuf, line, 0))
-               return 0;
-       if (strcmp(keyword, "L"))
-               return 0;
-       *pL = atoi(value);
-       strcpy(line, p + 1);
-       if (pmd)
-               p = strchr(line, ',');
-       else
-               p = strchr(line, ']');
-       if (!p)
-               return 0;
-       *p = 0;
-       if (!parse_line2(&keyword, &value, lbuf, line, 0))
-               return 0;
-       if (strcmp(keyword, "N"))
-               return 0;
-       *pN = atoi(value);
-       if (!pmd)
-               return 1;
-       strcpy(line, p + 1);
-       p = strchr(line, ']');
-       if (!p)
-               return 0;
-       *p = 0;
-       p = line;
-       while(isspace(*p))
-               p++;
-       if (!strcmp(p, "SHA-1"))
-               *pmd = EVP_sha1();
-       else if (!strcmp(p, "SHA-224"))
-               *pmd = EVP_sha224();
-       else if (!strcmp(p, "SHA-256"))
-               *pmd = EVP_sha256();
-       else if (!strcmp(p, "SHA-384"))
-               *pmd = EVP_sha384();
-       else if (!strcmp(p, "SHA-512"))
-               *pmd = EVP_sha512();
-       else
-               return 0;
-       return 1;
-       }
-
-static void primes(FILE *in, FILE *out)
-    {
-    char buf[10240];
-    char lbuf[10240];
-    char *keyword, *value;
-
-    while(fgets(buf,sizeof buf,in) != NULL)
-       {
-       fputs(buf,out);
-       if (!parse_line(&keyword, &value, lbuf, buf))
-               continue;
-       if(!strcmp(keyword,"Prime"))
-           {
-           BIGNUM *pp;
-
-           pp=BN_new();
-           do_hex2bn(&pp,value);
-           fprintf(out, "result= %c" RESP_EOL,
-                  BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
-           }       
-       }
-    }
-
-int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
-       const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
-       unsigned char *seed_out,
-       int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
-       const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
-       int idx, unsigned char *seed_out,
-       int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-
-int dsa_paramgen_check_g(DSA *dsa);
-
-static void pqg(FILE *in, FILE *out)
-    {
-    char buf[1024];
-    char lbuf[1024];
-    char *keyword, *value;
-    int dsa2, L, N;
-    const EVP_MD *md = NULL;
-    BIGNUM *p = NULL, *q = NULL;
-    enum pqtype { PQG_NONE, PQG_PQ, PQG_G, PQG_GCANON}
-               pqg_type = PQG_NONE;
-    int seedlen=-1, idxlen, idx = -1;
-    unsigned char seed[1024], idtmp[1024];
-
-    while(fgets(buf,sizeof buf,in) != NULL)
-       {
-       if (buf[0] == '[')
-               {
-               if (strstr(buf, "Probable"))
-                       pqg_type = PQG_PQ;
-               else if (strstr(buf, "Unverifiable"))
-                       pqg_type = PQG_G;
-               else if (strstr(buf, "Canonical"))
-                       pqg_type = PQG_GCANON;
-               }
-       if (!parse_line(&keyword, &value, lbuf, buf))
-               {
-               fputs(buf,out);
-               continue;
-               }
-       if (strcmp(keyword, "Num"))
-               fputs(buf,out);
-       if(!strcmp(keyword,"[mod"))
-           {
-           if (!parse_mod(value, &dsa2, &L, &N, &md))
-               {
-               fprintf(stderr, "Mod Parse Error\n");
-               exit (1);
-               }
-           }
-       else if(!strcmp(keyword,"N") 
-               || (!strcmp(keyword, "Num") && pqg_type == PQG_PQ))
-           {
-           int n=atoi(value);
-
-           while(n--)
-               {
-               DSA *dsa;
-               int counter;
-               unsigned long h;
-               dsa = FIPS_dsa_new();
-
-               if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
-                                               NULL, 0, seed,
-                                               &counter, &h, NULL))
-                       {
-                       fprintf(stderr, "Parameter Generation error\n");
-                       exit(1);
-                       }
-               if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
-                                               NULL, 0, -1, seed,
-                                               &counter, &h, NULL) <= 0)
-                       {
-                       fprintf(stderr, "Parameter Generation error\n");
-                       exit(1);
-                       }
-               do_bn_print_name(out, "P",dsa->p);
-               do_bn_print_name(out, "Q",dsa->q);
-               if (!dsa2)
-                       do_bn_print_name(out, "G",dsa->g);
-               OutputValue(dsa2 ? "domain_parameter_seed" : "Seed",
-                               seed, M_EVP_MD_size(md), out, 0);
-               if (!dsa2)
-                       {
-                       fprintf(out, "c = %d" RESP_EOL, counter);
-                       fprintf(out, "H = %lx" RESP_EOL RESP_EOL,h);
-                       }
-               else
-                       {
-                       fprintf(out, "counter = %d" RESP_EOL RESP_EOL, counter);
-                       }
-               FIPS_dsa_free(dsa);
-               }
-           }
-       else if(!strcmp(keyword,"P"))
-           p=hex2bn(value);
-       else if(!strcmp(keyword,"Q"))
-           q=hex2bn(value);
-       else if(!strcmp(keyword,"domain_parameter_seed"))
-           seedlen = hex2bin(value, seed);
-       else if(!strcmp(keyword,"firstseed"))
-           seedlen = hex2bin(value, seed);
-       else if(!strcmp(keyword,"pseed"))
-           seedlen += hex2bin(value, seed + seedlen);
-       else if(!strcmp(keyword,"qseed"))
-           seedlen += hex2bin(value, seed + seedlen);
-       else if(!strcmp(keyword,"index"))
-           {
-           idxlen = hex2bin(value, idtmp);
-            if (idxlen != 1)
-               {
-               fprintf(stderr, "Index value error\n");
-               exit (1);
-               }
-           idx = idtmp[0];
-           }
-       if ((idx >= 0 && pqg_type == PQG_GCANON) || (q && pqg_type == PQG_G))
-               {
-               DSA *dsa;
-               dsa = FIPS_dsa_new();
-               dsa->p = p;
-               dsa->q = q;
-               p = q = NULL;
-               if (dsa_builtin_paramgen2(dsa, L, N, md,
-                                               seed, seedlen, idx, NULL,
-                                               NULL, NULL, NULL) <= 0)
-                       {
-                       fprintf(stderr, "Parameter Generation error\n");
-                       exit(1);
-                       }
-               do_bn_print_name(out, "G",dsa->g);
-               FIPS_dsa_free(dsa);
-               idx = -1;
-               }
-       }
-    }
-
-static void pqgver(FILE *in, FILE *out)
-    {
-    char buf[1024];
-    char lbuf[1024];
-    char *keyword, *value;
-    BIGNUM *p = NULL, *q = NULL, *g = NULL;
-    int counter=-1, counter2;
-    unsigned long h=0, h2;
-    DSA *dsa=NULL;
-    int dsa2, L, N, part_test = 0;
-    const EVP_MD *md = NULL;
-    int seedlen=-1, idxlen, idx = -1;
-    unsigned char seed[1024], idtmp[1024];
-
-    while(fgets(buf,sizeof buf,in) != NULL)
-       {
-       if (!parse_line(&keyword, &value, lbuf, buf))
-               {
-               if (p && q)
-                       {
-                       part_test = 1;
-                       goto partial;
-                       }
-               fputs(buf,out);
-               continue;
-               }
-       fputs(buf, out);
-       if(!strcmp(keyword,"[mod"))
-           {
-           if (!parse_mod(value, &dsa2, &L, &N, &md))
-               {
-               fprintf(stderr, "Mod Parse Error\n");
-               exit (1);
-               }
-           }
-       else if(!strcmp(keyword,"P"))
-           p=hex2bn(value);
-       else if(!strcmp(keyword,"Q"))
-           q=hex2bn(value);
-       else if(!strcmp(keyword,"G"))
-           g=hex2bn(value);
-       else if(!strcmp(keyword,"firstseed"))
-           seedlen = hex2bin(value, seed);
-       else if(!strcmp(keyword,"pseed"))
-           seedlen += hex2bin(value, seed + seedlen);
-       else if(!strcmp(keyword,"qseed"))
-           seedlen += hex2bin(value, seed + seedlen);
-       else if(!strcmp(keyword,"Seed")
-               || !strcmp(keyword,"domain_parameter_seed"))
-           {
-           seedlen = hex2bin(value, seed);
-           if (!dsa2 && seedlen != 20)
-               {
-               fprintf(stderr, "Seed parse length error\n");
-               exit (1);
-               }
-           if (idx > 0)
-               part_test = 1;
-           }
-       else if(!strcmp(keyword,"index"))
-           {
-           idxlen = hex2bin(value, idtmp);
-            if (idxlen != 1)
-               {
-               fprintf(stderr, "Index value error\n");
-               exit (1);
-               }
-           idx = idtmp[0];
-           }
-       else if(!strcmp(keyword,"c"))
-           counter = atoi(buf+4);
-       partial:
-       if (part_test && idx < 0 && h == 0 && g)
-           {
-           dsa = FIPS_dsa_new();
-           dsa->p = BN_dup(p);
-           dsa->q = BN_dup(q);
-           dsa->g = BN_dup(g);
-           if (dsa_paramgen_check_g(dsa))
-               fprintf(out, "Result = P" RESP_EOL);
-           else
-               fprintf(out, "Result = F" RESP_EOL);
-           BN_free(p);
-           BN_free(q);
-           BN_free(g);
-           p = NULL;
-           q = NULL;
-           g = NULL;
-           FIPS_dsa_free(dsa);
-           dsa = NULL;
-           part_test = 0;
-           }
-       else if(!strcmp(keyword,"H") || part_test)
-           {
-           if (!part_test)
-               h = atoi(value);
-           if (!p || !q || (!g && !part_test))
-               {
-               fprintf(stderr, "Parse Error\n");
-               exit (1);
-               }
-           dsa = FIPS_dsa_new();
-           if (idx >= 0)
-               {
-               dsa->p = BN_dup(p);
-               dsa->q = BN_dup(q);
-               }
-           no_err = 1;
-           if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
-                                       seed, seedlen, NULL,
-                                       &counter2, &h2, NULL))
-                       {
-                       fprintf(stderr, "Parameter Generation error\n");
-                       exit(1);
-                       }
-           if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
-                                       seed, seedlen, idx, NULL,
-                                       &counter2, &h2, NULL) < 0)
-                       {
-                       fprintf(stderr, "Parameter Generation error\n");
-                       exit(1);
-                       }
-           no_err = 0;
-           if (idx >= 0)
-               {
-               if (BN_cmp(dsa->g, g))
-                       fprintf(out, "Result = F" RESP_EOL);
-               else
-                       fprintf(out, "Result = P" RESP_EOL);
-               }
-            else if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || 
-               (!part_test &&
-               ((BN_cmp(dsa->g, g) || (counter != counter2) || (h != h2)))))
-               fprintf(out, "Result = F" RESP_EOL);
-           else
-               fprintf(out, "Result = P" RESP_EOL);
-           BN_free(p);
-           BN_free(q);
-           BN_free(g);
-           p = NULL;
-           q = NULL;
-           g = NULL;
-           FIPS_dsa_free(dsa);
-           dsa = NULL;
-           if (part_test)
-               {
-               if (idx == -1)
-                       fputs(buf,out);
-               part_test = 0;
-               }
-           idx = -1;
-           }
-       }
-    }
-
-/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
- * algorithm tests. It is an additional test to perform sanity checks on the
- * output of the KeyPair test.
- */
-
-static int dss_paramcheck(int L, int N, BIGNUM *p, BIGNUM *q, BIGNUM *g,
-                                                       BN_CTX *ctx)
-    {
-    BIGNUM *rem = NULL;
-    if (BN_num_bits(p) != L)
-       return 0;
-    if (BN_num_bits(q) != N)
-       return 0;
-    if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
-       return 0;
-    if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
-       return 0;
-    rem = BN_new();
-    if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
-       || (BN_cmp(g, BN_value_one()) <= 0)
-       || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
-       {
-       BN_free(rem);
-       return 0;
-       }
-    /* Todo: check g */
-    BN_free(rem);
-    return 1;
-    }
-
-static void keyver(FILE *in, FILE *out)
-    {
-    char buf[1024];
-    char lbuf[1024];
-    char *keyword, *value;
-    BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
-    BIGNUM *Y2;
-    BN_CTX *ctx = NULL;
-    int dsa2, L, N;
-    int paramcheck = 0;
-
-    ctx = BN_CTX_new();
-    Y2 = BN_new();
-
-    while(fgets(buf,sizeof buf,in) != NULL)
-       {
-       if (!parse_line(&keyword, &value, lbuf, buf))
-               {
-               fputs(buf,out);
-               continue;
-               }
-       if(!strcmp(keyword,"[mod"))
-           {
-           if (p)
-               BN_free(p);
-           p = NULL;
-           if (q)
-               BN_free(q);
-           q = NULL;
-           if (g)
-               BN_free(g);
-           g = NULL;
-           paramcheck = 0;
-           if (!parse_mod(value, &dsa2, &L, &N, NULL))
-               {
-               fprintf(stderr, "Mod Parse Error\n");
-               exit (1);
-               }
-           }
-       else if(!strcmp(keyword,"P"))
-           p=hex2bn(value);
-       else if(!strcmp(keyword,"Q"))
-           q=hex2bn(value);
-       else if(!strcmp(keyword,"G"))
-           g=hex2bn(value);
-       else if(!strcmp(keyword,"X"))
-           X=hex2bn(value);
-       else if(!strcmp(keyword,"Y"))
-           {
-           Y=hex2bn(value);
-           if (!p || !q || !g || !X || !Y)
-               {
-               fprintf(stderr, "Parse Error\n");
-               exit (1);
-               }
-           do_bn_print_name(out, "P",p);
-           do_bn_print_name(out, "Q",q);
-           do_bn_print_name(out, "G",g);
-           do_bn_print_name(out, "X",X);
-           do_bn_print_name(out, "Y",Y);
-           if (!paramcheck)
-               {
-               if (dss_paramcheck(L, N, p, q, g, ctx))
-                       paramcheck = 1;
-               else
-                       paramcheck = -1;
-               }
-           if (paramcheck != 1)
-               fprintf(out, "Result = F" RESP_EOL);
-           else
-               {
-               if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
-                       fprintf(out, "Result = F" RESP_EOL);
-               else
-                       fprintf(out, "Result = P" RESP_EOL);
-               }
-           BN_free(X);
-           BN_free(Y);
-           X = NULL;
-           Y = NULL;
-           }
-       }
-       if (p)
-           BN_free(p);
-       if (q)
-           BN_free(q);
-       if (g)
-           BN_free(g);
-       if (Y2)
-           BN_free(Y2);
-       if (ctx)
-           BN_CTX_free(ctx);
-    }
-
-static void keypair(FILE *in, FILE *out)
-    {
-    char buf[1024];
-    char lbuf[1024];
-    char *keyword, *value;
-    int dsa2, L, N;
-
-    while(fgets(buf,sizeof buf,in) != NULL)
-       {
-       if (!parse_line(&keyword, &value, lbuf, buf))
-               {
-               continue;
-               }
-       if(!strcmp(keyword,"[mod"))
-           {
-           if (!parse_mod(value, &dsa2, &L, &N, NULL))
-               {
-               fprintf(stderr, "Mod Parse Error\n");
-               exit (1);
-               }
-           fputs(buf,out);
-           }
-       else if(!strcmp(keyword,"N"))
-           {
-           DSA *dsa;
-           int n=atoi(value);
-
-           dsa = FIPS_dsa_new();
-           if (!dsa)
-               {
-               fprintf(stderr, "DSA allocation error\n");
-               exit(1);
-               }
-           if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, NULL, NULL, 0,
-                                               NULL, NULL, NULL, NULL))
-                       {
-                       fprintf(stderr, "Parameter Generation error\n");
-                       exit(1);
-                       }
-           if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, NULL, NULL, 0, -1,
-                                               NULL, NULL, NULL, NULL) <= 0)
-                       {
-                       fprintf(stderr, "Parameter Generation error\n");
-                       exit(1);
-                       }
-           do_bn_print_name(out, "P",dsa->p);
-           do_bn_print_name(out, "Q",dsa->q);
-           do_bn_print_name(out, "G",dsa->g);
-           fputs(RESP_EOL, out);
-
-           while(n--)
-               {
-               if (!DSA_generate_key(dsa))
-                       exit(1);
-
-               do_bn_print_name(out, "X",dsa->priv_key);
-               do_bn_print_name(out, "Y",dsa->pub_key);
-               fputs(RESP_EOL, out);
-               }
-           FIPS_dsa_free(dsa);
-           }
-       }
-    }
-
-static void siggen(FILE *in, FILE *out)
-    {
-    char buf[1024];
-    char lbuf[1024];
-    char *keyword, *value;
-    int dsa2, L, N;
-    const EVP_MD *md = NULL;
-    DSA *dsa=NULL;
-
-    while(fgets(buf,sizeof buf,in) != NULL)
-       {
-       if (!parse_line(&keyword, &value, lbuf, buf))
-               {
-               fputs(buf,out);
-               continue;
-               }
-       fputs(buf,out);
-       if(!strcmp(keyword,"[mod"))
-           {
-           if (!parse_mod(value, &dsa2, &L, &N, &md))
-               {
-               fprintf(stderr, "Mod Parse Error\n");
-               exit (1);
-               }
-           if (dsa)
-               FIPS_dsa_free(dsa);
-           dsa = FIPS_dsa_new();
-           if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md, NULL, 0,
-                                               NULL, NULL, NULL, NULL))
-                       {
-                       fprintf(stderr, "Parameter Generation error\n");
-                       exit(1);
-                       }
-           if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, NULL, 0, -1,
-                                               NULL, NULL, NULL, NULL) <= 0)
-                       {
-                       fprintf(stderr, "Parameter Generation error\n");
-                       exit(1);
-                       }
-           do_bn_print_name(out, "P",dsa->p);
-           do_bn_print_name(out, "Q",dsa->q);
-           do_bn_print_name(out, "G",dsa->g);
-           fputs(RESP_EOL, out);
-           }
-       else if(!strcmp(keyword,"Msg"))
-           {
-           unsigned char msg[1024];
-           int n;
-           DSA_SIG *sig;
-
-           n=hex2bin(value,msg);
-
-           if (!DSA_generate_key(dsa))
-               exit(1);
-           do_bn_print_name(out, "Y",dsa->pub_key);
-
-           sig = FIPS_dsa_sign(dsa, msg, n, md);
-
-           do_bn_print_name(out, "R",sig->r);
-           do_bn_print_name(out, "S",sig->s);
-           fputs(RESP_EOL, out);
-           FIPS_dsa_sig_free(sig);
-           }
-       }
-    if (dsa)
-       FIPS_dsa_free(dsa);
-    }
-
-static void sigver(FILE *in, FILE *out)
-    {
-    DSA *dsa=NULL;
-    char buf[1024];
-    char lbuf[1024];
-    unsigned char msg[1024];
-    char *keyword, *value;
-    int n=0;
-    int dsa2, L, N;
-    const EVP_MD *md = NULL;
-    DSA_SIG sg, *sig = &sg;
-
-    sig->r = NULL;
-    sig->s = NULL;
-
-    while(fgets(buf,sizeof buf,in) != NULL)
-       {
-       if (!parse_line(&keyword, &value, lbuf, buf))
-               {
-               fputs(buf,out);
-               continue;
-               }
-       fputs(buf,out);
-       if(!strcmp(keyword,"[mod"))
-           {
-           if (!parse_mod(value, &dsa2, &L, &N, &md))
-               {
-               fprintf(stderr, "Mod Parse Error\n");
-               exit (1);
-               }
-           if (dsa)
-               FIPS_dsa_free(dsa);
-           dsa = FIPS_dsa_new();
-           }
-       else if(!strcmp(keyword,"P"))
-           do_hex2bn(&dsa->p, value);
-       else if(!strcmp(keyword,"Q"))
-           do_hex2bn(&dsa->q, value);
-       else if(!strcmp(keyword,"G"))
-           do_hex2bn(&dsa->g, value);
-       else if(!strcmp(keyword,"Msg"))
-           n=hex2bin(value,msg);
-       else if(!strcmp(keyword,"Y"))
-           do_hex2bn(&dsa->pub_key, value);
-       else if(!strcmp(keyword,"R"))
-           sig->r=hex2bn(value);
-       else if(!strcmp(keyword,"S"))
-           {
-           int r;
-           sig->s=hex2bn(value);
-
-           no_err = 1;
-           r = FIPS_dsa_verify(dsa, msg, n, md, sig);
-           no_err = 0;
-           if (sig->s)
-               {
-               BN_free(sig->s);
-               sig->s = NULL;
-               }
-           if (sig->r)
-               {
-               BN_free(sig->r);
-               sig->r = NULL;
-               }
-       
-           fprintf(out, "Result = %c" RESP_EOL RESP_EOL, r == 1 ? 'P' : 'F');
-           }
-       }
-       if (dsa)
-           FIPS_dsa_free(dsa);
-    }
-
-#ifdef FIPS_ALGVS
-int fips_dssvs_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
-    {
-    FILE *in, *out;
-    if (argc == 4)
-       {
-       in = fopen(argv[2], "r");
-       if (!in)
-               {
-               fprintf(stderr, "Error opening input file\n");
-               exit(1);
-               }
-       out = fopen(argv[3], "w");
-       if (!out)
-               {
-               fprintf(stderr, "Error opening output file\n");
-               exit(1);
-               }
-       }
-    else if (argc == 2)
-       {
-       in = stdin;
-       out = stdout;
-       }
-    else
-       {
-       fprintf(stderr,"%s [prime|pqg|pqgver|keypair|keyver|siggen|sigver]\n",argv[0]);
-       exit(1);
-       }
-    fips_algtest_init();
-    if(!strcmp(argv[1],"prime"))
-       primes(in, out);
-    else if(!strcmp(argv[1],"pqg"))
-       pqg(in, out);
-    else if(!strcmp(argv[1],"pqgver"))
-       pqgver(in, out);
-    else if(!strcmp(argv[1],"keypair"))
-       keypair(in, out);
-    else if(!strcmp(argv[1],"keyver"))
-       keyver(in, out);
-    else if(!strcmp(argv[1],"siggen"))
-       siggen(in, out);
-    else if(!strcmp(argv[1],"sigver"))
-       sigver(in, out);
-    else
-       {
-       fprintf(stderr,"Don't know how to %s.\n",argv[1]);
-       exit(1);
-       }
-
-    if (argc == 4)
-       {
-       fclose(in);
-       fclose(out);
-       }
-
-    return 0;
-    }
-
-#endif
diff --git a/fips/ecdh/Makefile b/fips/ecdh/Makefile
deleted file mode 100644 (file)
index 9debc25..0000000
+++ /dev/null
@@ -1,106 +0,0 @@
-#
-# OpenSSL/fips/ecdh/Makefile
-#
-
-DIR=   ecdh
-TOP=   ../..
-CC=    cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR=     /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKEDEPPROG=   makedepend
-MAKEDEPEND=    $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=      Makefile
-AR=            ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST= fips_ecdhvs.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_ecdh_selftest.c
-LIBOBJ= fips_ecdh_selftest.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER=        $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-       (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all:   lib
-
-lib:   $(LIBOBJ)
-       @echo $(LIBOBJ) > lib
-
-files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
-       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
-       @headerlist="$(EXHEADER)"; for i in $$headerlist; \
-       do  \
-         (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-         chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done
-
-tags:
-       ctags $(SRC)
-
-tests:
-
-fips_test:
-
-lint:
-       lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-       $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
-
-dclean:
-       $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-       mv -f Makefile.new $(MAKEFILE)
-
-clean:
-       rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_ecdh_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_ecdh_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_ecdh_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-fips_ecdh_selftest.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h
-fips_ecdh_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_ecdh_selftest.o: ../../include/openssl/lhash.h
-fips_ecdh_selftest.o: ../../include/openssl/obj_mac.h
-fips_ecdh_selftest.o: ../../include/openssl/objects.h
-fips_ecdh_selftest.o: ../../include/openssl/opensslconf.h
-fips_ecdh_selftest.o: ../../include/openssl/opensslv.h
-fips_ecdh_selftest.o: ../../include/openssl/ossl_typ.h
-fips_ecdh_selftest.o: ../../include/openssl/safestack.h
-fips_ecdh_selftest.o: ../../include/openssl/stack.h
-fips_ecdh_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
-fips_ecdh_selftest.o: fips_ecdh_selftest.c
-fips_ecdhvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_ecdhvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_ecdhvs.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_ecdhvs.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-fips_ecdhvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_ecdhvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_ecdhvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-fips_ecdhvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_ecdhvs.o: ../../include/openssl/opensslconf.h
-fips_ecdhvs.o: ../../include/openssl/opensslv.h
-fips_ecdhvs.o: ../../include/openssl/ossl_typ.h
-fips_ecdhvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_ecdhvs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_ecdhvs.c
diff --git a/fips/ecdh/fips_ecdh_selftest.c b/fips/ecdh/fips_ecdh_selftest.c
deleted file mode 100644 (file)
index 0b16c57..0000000
+++ /dev/null
@@ -1,257 +0,0 @@
-/* fips/ecdh/fips_ecdh_selftest.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2011.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/ec.h>
-#include <openssl/ecdh.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-
-#ifdef OPENSSL_FIPS
-
-#include "fips_locl.h"
-
-__fips_constseg
-static const unsigned char p224_qcavsx[] = {
-       0x3c,0x81,0x15,0x16,0xab,0xa6,0xad,0xd7,0xe5,0xf3,0xea,0x1f,
-       0x88,0x57,0x43,0x29,0x35,0x6f,0x0a,0xd2,0x38,0xc7,0x11,0x8a,
-       0x90,0xd1,0x46,0x63
-};
-__fips_constseg
-static const unsigned char p224_qcavsy[] = {
-       0x4a,0x87,0x54,0x7b,0x7d,0x69,0xdd,0xb8,0x48,0x73,0xb2,0x1e,
-       0x33,0xfa,0xf6,0x32,0xb4,0x25,0x73,0x55,0x87,0x08,0x16,0xd2,
-       0xdd,0xa6,0x77,0xcf
-};
-__fips_constseg
-static const unsigned char p224_qiutx[] = {
-       0x23,0xff,0x15,0x91,0x83,0xd6,0xad,0x98,0x93,0x98,0xbd,0x2e,
-       0x01,0xeb,0x5a,0x45,0xe2,0x2a,0xf9,0xc5,0x3b,0x37,0xe1,0x87,
-       0x32,0xa5,0x16,0x5f
-};
-__fips_constseg
-static const unsigned char p224_qiuty[] = {
-       0x5e,0x70,0xb7,0x9d,0x9e,0x55,0x2d,0x67,0x4e,0x29,0xa4,0x9d,
-       0x06,0x81,0x11,0xb4,0xb4,0xab,0xe2,0xdf,0xdc,0xe4,0xf1,0x69,
-       0x55,0x54,0xe3,0x37
-};
-__fips_constseg
-static const unsigned char p224_qiutd[] = {
-       0xd7,0xdc,0x9c,0x53,0x04,0x72,0x67,0x59,0x92,0x80,0x9e,0x6f,
-       0xdd,0xe6,0x0b,0x35,0x09,0xe0,0x95,0x45,0xe6,0x13,0x0e,0x22,
-       0x43,0x6a,0x63,0xef
-};
-__fips_constseg
-static const unsigned char p224_ziut[] = {
-       0x84,0x37,0xcf,0x6d,0xfa,0x58,0xbd,0x1f,0x47,0x15,0x45,0x1f,
-       0x2c,0x20,0x53,0x7a,0xf4,0xb0,0xe6,0x19,0xcc,0xa9,0x30,0xc6,
-       0x5c,0x1a,0xf2,0xdd
-};
-
-typedef struct 
-       {
-       int curve;
-       const unsigned char *x1;
-       size_t x1len;
-       const unsigned char *y1;
-       size_t y1len;
-       const unsigned char *d1;
-       size_t d1len;
-       const unsigned char *x2;
-       size_t x2len;
-       const unsigned char *y2;
-       size_t y2len;
-       const unsigned char *z;
-       size_t zlen;
-       } ECDH_SELFTEST_DATA;
-
-#define make_ecdh_test(nid, pr) { nid, \
-                               pr##_qiutx, sizeof(pr##_qiutx), \
-                               pr##_qiuty, sizeof(pr##_qiuty), \
-                               pr##_qiutd, sizeof(pr##_qiutd), \
-                               pr##_qcavsx, sizeof(pr##_qcavsx), \
-                               pr##_qcavsy, sizeof(pr##_qcavsy), \
-                               pr##_ziut, sizeof(pr##_ziut) }
-
-static ECDH_SELFTEST_DATA test_ecdh_data[] = 
-       {
-       make_ecdh_test(NID_secp224r1, p224),
-       };
-
-int FIPS_selftest_ecdh(void)
-       {
-       EC_KEY *ec1 = NULL, *ec2 = NULL;
-       const EC_POINT *ecp = NULL;
-       BIGNUM *x = NULL, *y = NULL, *d = NULL;
-       unsigned char *ztmp = NULL;
-       int rv = 1;
-       size_t i;
-
-       for (i = 0; i < sizeof(test_ecdh_data)/sizeof(ECDH_SELFTEST_DATA); i++)
-               {
-               ECDH_SELFTEST_DATA *ecd = test_ecdh_data + i;
-               if (!fips_post_started(FIPS_TEST_ECDH, ecd->curve, 0))
-                       continue;
-               ztmp = OPENSSL_malloc(ecd->zlen);
-
-               x = BN_bin2bn(ecd->x1, ecd->x1len, x);
-               y = BN_bin2bn(ecd->y1, ecd->y1len, y);
-               d = BN_bin2bn(ecd->d1, ecd->d1len, d);
-
-               if (!x || !y || !d || !ztmp)
-                       {
-                       rv = -1;
-                       goto err;
-                       }
-
-               ec1 = EC_KEY_new_by_curve_name(ecd->curve);
-               if (!ec1)
-                       {
-                       rv = -1;
-                       goto err;
-                       }
-               EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
-
-               if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y))
-                       {
-                       rv = -1;
-                       goto err;
-                       }
-
-               if (!EC_KEY_set_private_key(ec1, d))
-                       {
-                       rv = -1;
-                       goto err;
-                       }
-
-               x = BN_bin2bn(ecd->x2, ecd->x2len, x);
-               y = BN_bin2bn(ecd->y2, ecd->y2len, y);
-
-               if (!x || !y)
-                       {
-                       rv = -1;
-                       goto err;
-                       }
-
-               ec2 = EC_KEY_new_by_curve_name(ecd->curve);
-               if (!ec2)
-                       {
-                       rv = -1;
-                       goto err;
-                       }
-               EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
-
-               if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y))
-                       {
-                       rv = -1;
-                       goto err;
-                       }
-
-               ecp = EC_KEY_get0_public_key(ec2);
-               if (!ecp)
-                       {
-                       rv = -1;
-                       goto err;
-                       }
-
-               if (!ECDH_compute_key(ztmp, ecd->zlen, ecp, ec1, 0))
-                       {
-                       rv = -1;
-                       goto err;
-                       }
-
-               if (!fips_post_corrupt(FIPS_TEST_ECDH, ecd->curve, NULL))
-                       ztmp[0] ^= 0x1;
-
-               if (memcmp(ztmp, ecd->z, ecd->zlen))
-                       {
-                       fips_post_failed(FIPS_TEST_ECDH, ecd->curve, 0);
-                       rv = 0;
-                       }
-               else if (!fips_post_success(FIPS_TEST_ECDH, ecd->curve, 0))
-                       goto err;
-
-               EC_KEY_free(ec1);
-               ec1 = NULL;
-               EC_KEY_free(ec2);
-               ec2 = NULL;
-               OPENSSL_free(ztmp);
-               ztmp = NULL;
-               }
-
-       err:
-
-       if (x)
-               BN_clear_free(x);
-       if (y)
-               BN_clear_free(y);
-       if (d)
-               BN_clear_free(d);
-       if (ec1)
-               EC_KEY_free(ec1);
-       if (ec2)
-               EC_KEY_free(ec2);
-       if (ztmp)
-               OPENSSL_free(ztmp);
-
-       return rv;
-
-       }
-
-#endif
diff --git a/fips/ecdh/fips_ecdhvs.c b/fips/ecdh/fips_ecdhvs.c
deleted file mode 100644 (file)
index a142286..0000000
+++ /dev/null
@@ -1,496 +0,0 @@
-/* fips/ecdh/fips_ecdhvs.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#define OPENSSL_FIPSAPI
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-#include <stdio.h>
-
-int main(int argc, char **argv)
-{
-    printf("No FIPS ECDH support\n");
-    return(0);
-}
-#else
-
-#include <openssl/crypto.h>
-#include <openssl/bn.h>
-#include <openssl/ecdh.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <string.h>
-#include <ctype.h>
-
-#include "fips_utl.h"
-
-static const EVP_MD *eparse_md(char *line)
-       {
-       char *p;
-       if (line[0] != '[' || line[1] != 'E')
-               return NULL;
-       p = strchr(line, '-');
-       if (!p)
-               return NULL;
-       line = p + 1;
-       p = strchr(line, ']');
-       if (!p)
-               return NULL;
-       *p = 0;
-       p = line;
-       while(isspace(*p))
-               p++;
-       if (!strcmp(p, "SHA1"))
-               return EVP_sha1();
-       else if (!strcmp(p, "SHA224"))
-               return EVP_sha224();
-       else if (!strcmp(p, "SHA256"))
-               return EVP_sha256();
-       else if (!strcmp(p, "SHA384"))
-               return EVP_sha384();
-       else if (!strcmp(p, "SHA512"))
-               return EVP_sha512();
-       else
-               return NULL;
-       }
-
-static int lookup_curve2(char *cname)
-       {
-       char *p;
-       p = strchr(cname, ']');
-       if (!p)
-               {
-               fprintf(stderr, "Parse error: missing ]\n");
-               return NID_undef;
-               }
-       *p = 0;
-
-       if (!strcmp(cname, "B-163"))
-               return NID_sect163r2;
-       if (!strcmp(cname, "B-233"))
-               return NID_sect233r1;
-       if (!strcmp(cname, "B-283"))
-               return NID_sect283r1;
-       if (!strcmp(cname, "B-409"))
-               return NID_sect409r1;
-       if (!strcmp(cname, "B-571"))
-               return NID_sect571r1;
-       if (!strcmp(cname, "K-163"))
-               return NID_sect163k1;
-       if (!strcmp(cname, "K-233"))
-               return NID_sect233k1;
-       if (!strcmp(cname, "K-283"))
-               return NID_sect283k1;
-       if (!strcmp(cname, "K-409"))
-               return NID_sect409k1;
-       if (!strcmp(cname, "K-571"))
-               return NID_sect571k1;
-       if (!strcmp(cname, "P-192"))
-               return NID_X9_62_prime192v1;
-       if (!strcmp(cname, "P-224"))
-               return NID_secp224r1;
-       if (!strcmp(cname, "P-256"))
-               return NID_X9_62_prime256v1;
-       if (!strcmp(cname, "P-384"))
-               return NID_secp384r1;
-       if (!strcmp(cname, "P-521"))
-               return NID_secp521r1;
-
-       fprintf(stderr, "Unknown Curve name %s\n", cname);
-       return NID_undef;
-       }
-
-static int lookup_curve(char *cname)
-       {
-       char *p;
-       p = strchr(cname, ':');
-       if (!p)
-               {
-               fprintf(stderr, "Parse error: missing :\n");
-               return NID_undef;
-               }
-       cname = p + 1;
-       while(isspace(*cname))
-               cname++;
-       return lookup_curve2(cname);
-       }
-
-static EC_POINT *make_peer(EC_GROUP *group, BIGNUM *x, BIGNUM *y)
-       {
-       EC_POINT *peer;
-       int rv;
-       BN_CTX *c;
-       peer = EC_POINT_new(group);
-       if (!peer)
-               return NULL;
-       c = BN_CTX_new();
-       if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
-               == NID_X9_62_prime_field)
-               rv = EC_POINT_set_affine_coordinates_GFp(group, peer, x, y, c);
-       else
-#ifdef OPENSSL_NO_EC2M
-               {
-               fprintf(stderr, "ERROR: GF2m not supported\n");
-               exit(1);
-               }
-#else
-               rv = EC_POINT_set_affine_coordinates_GF2m(group, peer, x, y, c);
-#endif
-
-       BN_CTX_free(c);
-       if (rv)
-               return peer;
-       EC_POINT_free(peer);
-       return NULL;
-       }
-
-static int ec_print_key(FILE *out, EC_KEY *key, int add_e, int exout)
-       {
-       const EC_POINT *pt;
-       const EC_GROUP *grp;
-       const EC_METHOD *meth;
-       int rv;
-       BIGNUM *tx, *ty;
-       const BIGNUM *d = NULL;
-       BN_CTX *ctx;
-       ctx = BN_CTX_new();
-       if (!ctx)
-               return 0;
-       tx = BN_CTX_get(ctx);
-       ty = BN_CTX_get(ctx);
-       if (!tx || !ty)
-               return 0;
-       grp = EC_KEY_get0_group(key);
-       pt = EC_KEY_get0_public_key(key);
-       if (exout)
-               d = EC_KEY_get0_private_key(key);
-       meth = EC_GROUP_method_of(grp);
-       if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
-               rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, tx, ty, ctx);
-       else
-#ifdef OPENSSL_NO_EC2M
-               {
-               fprintf(stderr, "ERROR: GF2m not supported\n");
-               exit(1);
-               }
-#else
-               rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, tx, ty, ctx);
-#endif
-
-       if (add_e)
-               {
-               do_bn_print_name(out, "QeIUTx", tx);
-               do_bn_print_name(out, "QeIUTy", ty);
-               if (d)
-                       do_bn_print_name(out, "QeIUTd", d);
-               }
-       else
-               {
-               do_bn_print_name(out, "QIUTx", tx);
-               do_bn_print_name(out, "QIUTy", ty);
-               if (d)
-                       do_bn_print_name(out, "QIUTd", d);
-               }
-
-       BN_CTX_free(ctx);
-
-       return rv;
-
-       }
-
-static void ec_output_Zhash(FILE *out, int exout, EC_GROUP *group,
-                       BIGNUM *ix, BIGNUM *iy, BIGNUM *id, BIGNUM *cx,
-                       BIGNUM *cy, const EVP_MD *md,
-                               unsigned char *rhash, size_t rhashlen)
-       {
-       EC_KEY *ec = NULL;
-       EC_POINT *peerkey = NULL;
-       unsigned char *Z;
-       unsigned char chash[EVP_MAX_MD_SIZE];
-       int Zlen;
-       ec = EC_KEY_new();
-       EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH);
-       EC_KEY_set_group(ec, group);
-       peerkey = make_peer(group, cx, cy);
-       if (rhash == NULL)
-               {
-               if (md)
-                       rhashlen = M_EVP_MD_size(md);
-               EC_KEY_generate_key(ec);
-               ec_print_key(out, ec, md ? 1 : 0, exout);
-               }
-       else
-               {
-               EC_KEY_set_public_key_affine_coordinates(ec, ix, iy);
-               EC_KEY_set_private_key(ec, id);
-               }
-       Zlen = (EC_GROUP_get_degree(group) + 7)/8;
-       Z = OPENSSL_malloc(Zlen);
-       if (!Z)
-               exit(1);
-       ECDH_compute_key(Z, Zlen, peerkey, ec, 0);
-       if (md)
-               {
-               if (exout)
-                       OutputValue("Z", Z, Zlen, out, 0);
-               FIPS_digest(Z, Zlen, chash, NULL, md);
-               OutputValue(rhash ? "IUTHashZZ" : "HashZZ",
-                                               chash, rhashlen, out, 0);
-               if (rhash)
-                       {
-                       fprintf(out, "Result = %s\n",
-                               memcmp(chash, rhash, rhashlen) ? "F" : "P");
-                       }
-               }
-       else
-               OutputValue("ZIUT", Z, Zlen, out, 0);
-       OPENSSL_cleanse(Z, Zlen);
-       OPENSSL_free(Z);
-       EC_KEY_free(ec);
-       EC_POINT_free(peerkey);
-       }
-               
-#ifdef FIPS_ALGVS
-int fips_ecdhvs_main(int argc, char **argv)
-#else
-int main(int argc, char **argv)
-#endif
-       {
-       char **args = argv + 1;
-       int argn = argc - 1;
-       FILE *in, *out;
-       char buf[2048], lbuf[2048];
-       unsigned char *rhash = NULL;
-       long rhashlen;
-       BIGNUM *cx = NULL, *cy = NULL;
-       BIGNUM *id = NULL, *ix = NULL, *iy = NULL;
-       const EVP_MD *md = NULL;
-       EC_GROUP *group = NULL;
-       char *keyword = NULL, *value = NULL;
-       int do_verify = -1, exout = 0;
-       int rv = 1;
-
-       int curve_nids[5] = {0,0,0,0,0};
-       int param_set = -1;
-
-       fips_algtest_init();
-
-       if (argn && !strcmp(*args, "ecdhver"))
-               {
-               do_verify = 1;
-               args++;
-               argn--;
-               }
-       else if (argn && !strcmp(*args, "ecdhgen"))
-               {
-               do_verify = 0;
-               args++;
-               argn--;
-               }
-
-       if (argn && !strcmp(*args, "-exout"))
-               {
-               exout = 1;
-               args++;
-               argn--;
-               }
-
-       if (do_verify == -1)
-               {
-               fprintf(stderr,"%s [ecdhver|ecdhgen|] [-exout] (infile outfile)\n",argv[0]);
-               exit(1);
-               }
-
-       if (argn == 2)
-               {
-               in = fopen(*args, "r");
-               if (!in)
-                       {
-                       fprintf(stderr, "Error opening input file\n");
-                       exit(1);
-                       }
-               out = fopen(args[1], "w");
-               if (!out)
-                       {
-                       fprintf(stderr, "Error opening output file\n");
-                       exit(1);
-                       }
-               }
-       else if (argn == 0)
-               {
-               in = stdin;
-               out = stdout;
-               }
-       else
-               {
-               fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
-               exit(1);
-               }
-
-       while (fgets(buf, sizeof(buf), in) != NULL)
-               {
-               fputs(buf, out);
-               if (buf[0] == '[' && buf[1] == 'E')
-                       {
-                       int c = buf[2];
-                       if (c < 'A' || c > 'E')
-                               goto parse_error;
-                       param_set = c - 'A';
-                       /* If just [E?] then initial paramset */
-                       if (buf[3] == ']')
-                               continue;
-                       if (group)
-                               EC_GROUP_free(group);
-                       group = EC_GROUP_new_by_curve_name(curve_nids[c - 'A']);
-                       }
-               if (strlen(buf) > 10 && !strncmp(buf, "[Curve", 6))
-                       {
-                       int nid;
-                       if (param_set == -1)
-                               goto parse_error;
-                       nid = lookup_curve(buf);
-                       if (nid == NID_undef)
-                               goto parse_error;
-                       curve_nids[param_set] = nid;
-                       }
-
-               if (strlen(buf) > 4 && buf[0] == '[' && buf[2] == '-')
-                       {
-                       int nid = lookup_curve2(buf + 1);
-                       if (nid == NID_undef)
-                               goto parse_error;
-                       if (group)
-                               EC_GROUP_free(group);
-                       group = EC_GROUP_new_by_curve_name(nid);
-                       if (!group)
-                               {
-                               fprintf(stderr, "ERROR: unsupported curve %s\n", buf + 1);
-                               return 1;
-                               }
-                       }
-
-               if (strlen(buf) > 6 && !strncmp(buf, "[E", 2))
-                       {
-                       md = eparse_md(buf);
-                       if (md == NULL)
-                               goto parse_error;
-                       continue;
-                       }
-               if (!parse_line(&keyword, &value, lbuf, buf))
-                       continue;
-               if (!strcmp(keyword, "QeCAVSx") || !strcmp(keyword, "QCAVSx"))
-                       {
-                       if (!do_hex2bn(&cx, value))
-                               goto parse_error;
-                       }
-               else if (!strcmp(keyword, "QeCAVSy") || !strcmp(keyword, "QCAVSy"))
-                       {
-                       if (!do_hex2bn(&cy, value))
-                               goto parse_error;
-                       if (do_verify == 0)
-                               ec_output_Zhash(out, exout, group,
-                                               NULL, NULL, NULL,
-                                               cx, cy, md, rhash, rhashlen);
-                       }
-               else if (!strcmp(keyword, "deIUT"))
-                       {
-                       if (!do_hex2bn(&id, value))
-                               goto parse_error;
-                       }
-               else if (!strcmp(keyword, "QeIUTx"))
-                       {
-                       if (!do_hex2bn(&ix, value))
-                               goto parse_error;
-                       }
-               else if (!strcmp(keyword, "QeIUTy"))
-                       {
-                       if (!do_hex2bn(&iy, value))
-                               goto parse_error;
-                       }
-               else if (!strcmp(keyword, "CAVSHashZZ"))
-                       {
-                       if (!md)
-                               goto parse_error;
-                       rhash = hex2bin_m(value, &rhashlen);
-                       if (!rhash || rhashlen != M_EVP_MD_size(md))
-                               goto parse_error;
-                       ec_output_Zhash(out, exout, group, ix, iy, id, cx, cy,
-                                       md, rhash, rhashlen);
-                       }
-               }
-       rv = 0;
-       parse_error:
-       if (id)
-               BN_free(id);
-       if (ix)
-               BN_free(ix);
-       if (iy)
-               BN_free(iy);
-       if (cx)
-               BN_free(cx);
-       if (cy)
-               BN_free(cy);
-       if (group)
-               EC_GROUP_free(group);
-       if (in && in != stdin)
-               fclose(in);
-       if (out && out != stdout)
-               fclose(out);
-       if (rv)
-               fprintf(stderr, "Error Parsing request file\n");
-       return rv;
-       }
-
-#endif
diff --git a/fips/ecdsa/Makefile b/fips/ecdsa/Makefile
deleted file mode 100644 (file)
index b8a02c9..0000000
--- a/