diff --git a/CHANGES b/CHANGES index 37af6c570e..157dfc23cb 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.8e and 0.9.8f-fips [xx XXX xxxx] + *) Use standard implementations of SHAx, DES, AES under crypto/ in FIPS + mode to avoid having to maintain two versions. This will also make use + of appropriate assembly language optimizations. + [Steve Henson] + *) Check for selftest status in all crypto operations and exit with a fatal error if selftest failed. [Steve Henson] diff --git a/Configure b/Configure index bb35763882..aca0995563 100755 --- a/Configure +++ b/Configure @@ -1223,24 +1223,8 @@ $bn_obj = $bn_asm unless $bn_obj ne ""; $cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/); $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/); -my $fips_des_obj; -my $fips_aes_obj; -my $fips_sha1_obj; if ($fips) { - if ($des_obj =~ /\-elf\.o$/) - { - $fips_des_obj='asm/fips-dx86-elf.o'; - $openssl_other_defines.="#define OPENSSL_FIPS_DES_ASM\n"; - $fips_aes_obj='asm/fips-ax86-elf.o'; - $openssl_other_defines.="#define OPENSSL_FIPS_AES_ASM\n"; - } - else { - $fips_des_obj=$fips_des_enc; - $fips_aes_obj='fips_aes_core.o'; - } - $fips_sha1_obj='asm/fips-sx86-elf.o' if ($sha1_obj =~ /\-elf\.o$/); - $des_obj=$sha1_obj=$aes_obj=""; $openssl_other_defines.="#define OPENSSL_FIPS\n"; } @@ -1354,8 +1338,6 @@ while () s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/; s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/; s/^BN_ASM=.*$/BN_ASM= $bn_obj/; - s/^FIPS_DES_ENC=.*$/FIPS_DES_ENC= $fips_des_obj/; - s/^FIPS_AES_ENC=.*$/FIPS_AES_ENC= $fips_aes_obj/; s/^DES_ENC=.*$/DES_ENC= $des_obj/; s/^AES_ASM_OBJ=.*$/AES_ASM_OBJ= $aes_obj/; s/^BF_ENC=.*$/BF_ENC= $bf_obj/; @@ -1364,7 +1346,6 @@ while () s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/; s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/; s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/; - s/^FIPS_SHA1_ASM_OBJ=.*$/FIPS_SHA1_ASM_OBJ= $fips_sha1_obj/; s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; s/^PROCESSOR=.*/PROCESSOR= $processor/; s/^RANLIB=.*/RANLIB= $ranlib/; diff --git a/Makefile.org b/Makefile.org index f7c8aa9eb3..9074e83f22 100644 --- a/Makefile.org +++ b/Makefile.org @@ -87,8 +87,6 @@ PROCESSOR= # CPUID module collects small commonly used assembler snippets CPUID_OBJ= BN_ASM= bn_asm.o -FIPS_DES_ENC= des_enc.o fcrypt_b.o -FIPS_AES_ENC= fips_aes_core.o DES_ENC= des_enc.o fcrypt_b.o AES_ASM_OBJ=aes_core.o aes_cbc.o BF_ENC= bf_enc.o @@ -96,7 +94,6 @@ CAST_ENC= c_enc.o RC4_ENC= rc4_enc.o RC5_ENC= rc5_enc.o MD5_ASM_OBJ= -FIPS_SHA1_ASM_OBJ= SHA1_ASM_OBJ= RMD160_ASM_OBJ= @@ -222,9 +219,6 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \ SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \ MD5_ASM_OBJ='${MD5_ASM_OBJ}' \ RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \ - FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' \ - FIPS_DES_ENC='${FIPS_DES_ENC}' \ - FIPS_AES_ENC='${FIPS_AES_ENC}' \ FIPSLIBDIR='${FIPSLIBDIR}' FIPSCANLIB='${FIPSCANLIB}' \ FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \ FIPS_EX_OBJ='${FIPS_EX_OBJ}' \ @@ -259,8 +253,7 @@ BUILD_ONE_CMD=\ reflect: @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) -FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ - ../crypto/aes/aes_cfb.o \ +FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \ ../crypto/aes/aes_ecb.o \ ../crypto/aes/aes_ofb.o \ ../crypto/bn/bn_add.o \ @@ -286,13 +279,12 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ ../crypto/des/cfb64ede.o \ ../crypto/des/cfb64enc.o \ ../crypto/des/cfb_enc.o \ - ../crypto/des/des_enc.o \ ../crypto/des/ecb3_enc.o \ ../crypto/des/ecb_enc.o \ ../crypto/des/ofb64ede.o \ ../crypto/des/ofb64enc.o \ - ../crypto/des/fcrypt_b.o \ ../crypto/des/fcrypt.o \ + ../crypto/des/set_key.o \ ../crypto/dsa/dsa_utl.o \ ../crypto/dsa/dsa_sign.o \ ../crypto/dsa/dsa_vrf.o \ @@ -319,6 +311,9 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \ ../crypto/rsa/rsa_pss.o \ ../crypto/rsa/rsa_ssl.o \ ../crypto/rsa/rsa_x931.o \ + ../crypto/sha/sha1dgst.o \ + ../crypto/sha/sha256.o \ + ../crypto/sha/sha512.o \ ../crypto/uid.o sub_all: build_all @@ -328,7 +323,7 @@ build_libs: build_crypto build_fips build_ssl build_engines build_crypto: if [ -n "$(FIPSCANLIB)" ]; then \ - EXCL_OBJ='$(BN_ASM) $(CPUID_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \ + EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \ ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \ else \ ARX='${AR}' ; \ diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index 0e8003193e..b6f8a7dd97 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -39,8 +39,6 @@ #include #include "aes_locl.h" -#ifndef OPENSSL_FIPS - /* Te0[x] = S [x].[02, 01, 01, 03]; Te1[x] = S [x].[03, 02, 01, 01]; @@ -633,6 +631,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, int i = 0; u32 temp; +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif + if (!userKey || !key) return -1; if (bits != 128 && bits != 192 && bits != 256) @@ -1159,5 +1161,3 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, } #endif /* AES_ASM */ - -#endif diff --git a/crypto/des/des_enc.c b/crypto/des/des_enc.c index 975a09b973..cf71965aca 100644 --- a/crypto/des/des_enc.c +++ b/crypto/des/des_enc.c @@ -58,8 +58,6 @@ #include "des_locl.h" -#ifndef OPENSSL_FIPS - void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) { register DES_LONG l,r,t,u; @@ -289,8 +287,6 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, data[1]=r; } -#endif - #ifndef DES_DEFAULT_OPTIONS #if !defined(OPENSSL_FIPS_DES_ASM) diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c index a169f8b78e..46bb4cc945 100644 --- a/crypto/des/set_key.c +++ b/crypto/des/set_key.c @@ -65,8 +65,6 @@ */ #include "des_locl.h" -#ifndef OPENSSL_FIPS - OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */ static const unsigned char odd_parity[256]={ @@ -351,6 +349,10 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) k = &schedule->ks->deslong[0]; in = &(*key)[0]; +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif + c2l(in,c); c2l(in,d); @@ -408,4 +410,3 @@ void des_fixup_key_parity(des_cblock *key) } */ -#endif diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c index f10d0b2af1..4831174198 100644 --- a/crypto/sha/sha1_one.c +++ b/crypto/sha/sha1_one.c @@ -61,7 +61,7 @@ #include #include -#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_FIPS) +#if !defined(OPENSSL_NO_SHA1) unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) { SHA_CTX c; diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c index 1cb812cbdd..50d1925cde 100644 --- a/crypto/sha/sha1dgst.c +++ b/crypto/sha/sha1dgst.c @@ -64,18 +64,11 @@ #include -#ifndef OPENSSL_FIPS const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; /* The implementation is in ../md32_common.h */ #include "sha_locl.h" -#else - -static void *dummy=&dummy; - -#endif - #endif diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c index 3e8d1d673d..c1cdf089e1 100644 --- a/crypto/sha/sha256.c +++ b/crypto/sha/sha256.c @@ -15,12 +15,13 @@ #include #include -#ifndef OPENSSL_FIPS - const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT; int SHA224_Init (SHA256_CTX *c) { +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL; c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL; @@ -32,6 +33,9 @@ int SHA224_Init (SHA256_CTX *c) int SHA256_Init (SHA256_CTX *c) { +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL; @@ -320,5 +324,3 @@ void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num) { sha256_block (ctx,in,num,0); } #endif /* OPENSSL_NO_SHA256 */ - -#endif diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index e05f6fd961..45edbd2d2d 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -6,7 +6,7 @@ */ #include #include -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) && !defined(OPENSSL_FIPS) +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) /* * IMPLEMENTATION NOTES. * @@ -59,6 +59,9 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; int SHA384_Init (SHA512_CTX *c) { +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif c->h[0]=U64(0xcbbb9d5dc1059ed8); c->h[1]=U64(0x629a292a367cd507); c->h[2]=U64(0x9159015a3070dd17); @@ -74,6 +77,9 @@ int SHA384_Init (SHA512_CTX *c) int SHA512_Init (SHA512_CTX *c) { +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif c->h[0]=U64(0x6a09e667f3bcc908); c->h[1]=U64(0xbb67ae8584caa73b); c->h[2]=U64(0x3c6ef372fe94f82b); diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h index d65de44af0..3b1cea84e4 100644 --- a/crypto/sha/sha_locl.h +++ b/crypto/sha/sha_locl.h @@ -151,6 +151,9 @@ FIPS_NON_FIPS_MD_Init(SHA) int HASH_INIT (SHA_CTX *c) #endif { +#if defined(SHA_1) && defined(OPENSSL_FIPS) + FIPS_selftest_check(); +#endif c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; c->h2=INIT_DATA_h2; diff --git a/fips-1.0/Makefile b/fips-1.0/Makefile index 8aa2732840..f929e93d46 100644 --- a/fips-1.0/Makefile +++ b/fips-1.0/Makefile @@ -81,13 +81,16 @@ all: # vendor compiler drivers... fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o - @FIPS_BN_ASM=""; for i in $(BN_ASM) ; do FIPS_BN_ASM="$$FIPS_BN_ASM ../crypto/bn/$$i" ; done; \ + FIPS_ASM=""; for i in $(BN_ASM) ; do FIPS_ASM="$$FIPS_ASM ../crypto/bn/$$i" ; done; \ + for i in $(AES_ASM_OBJ) ; do FIPS_ASM="$$FIPS_ASM ../crypto/aes/$$i" ; done; \ + for i in $(DES_ENC) ; do FIPS_ASM="$$FIPS_ASM ../crypto/des/$$i" ; done; \ + for i in $(SHA1_ASM_OBJ) ; do FIPS_ASM="$$FIPS_ASM ../crypto/sha/$$i" ; done; \ if [ -n "$(CPUID_OBJ)" ]; then \ CPUID=../crypto/$(CPUID_OBJ) ; \ else \ CPUID="" ; \ fi ; \ - objs="fips_start.o $(LIBOBJ) $(FIPS_EX_OBJ) $$CPUID $$FIPS_BN_ASM"; \ + objs="fips_start.o $(LIBOBJ) $(FIPS_EX_OBJ) $$CPUID $$FIPS_ASM"; \ for i in $(FIPS_OBJ_LISTS); do \ dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \ objs="$$objs `sed "$$script" $$i`"; \ diff --git a/fips-1.0/aes/Makefile b/fips-1.0/aes/Makefile index 7c86c21f79..46eb9fa9da 100644 --- a/fips-1.0/aes/Makefile +++ b/fips-1.0/aes/Makefile @@ -15,8 +15,6 @@ MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r -FIPS_AES_ENC=fips_aes_core.o - ASFLAGS= $(INCLUDES) $(ASFLAG) AFLAGS= $(ASFLAGS) @@ -28,8 +26,8 @@ TESTDATA=fips_aes_data APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=fips_aes_core.c asm/fips-ax86-elf.s fips_aes_selftest.c -LIBOBJ=$(FIPS_AES_ENC) fips_aes_selftest.o +LIBSRC=fips_aes_selftest.c +LIBOBJ=fips_aes_selftest.o SRC= $(LIBSRC) @@ -44,7 +42,6 @@ top: all: lib lib: $(LIBOBJ) - echo FIPS_AES_ENC: $(FIPS_AES_ENC) @echo $(LIBOBJ) > lib files: diff --git a/fips-1.0/des/Makefile b/fips-1.0/des/Makefile index 97ce708903..ae24e33fb2 100644 --- a/fips-1.0/des/Makefile +++ b/fips-1.0/des/Makefile @@ -18,8 +18,6 @@ AR= ar r ASFLAGS= $(INCLUDES) $(ASFLAG) AFLAGS= $(ASFLAGS) -FIPS_DES_ENC=fips_des_enc.o - CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile @@ -27,8 +25,8 @@ TEST= fips_desmovs.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=fips_des_enc.c asm/fips-dx86-elf.s fips_des_selftest.c fips_set_key.c -LIBOBJ=$(FIPS_DES_ENC) fips_des_selftest.o fips_set_key.o +LIBSRC=fips_des_selftest.c +LIBOBJ=fips_des_selftest.o SRC= $(LIBSRC) diff --git a/fips-1.0/dsa/fips_dssvs.c b/fips-1.0/dsa/fips_dssvs.c index 2a0da15f64..e1fb00ffbc 100644 --- a/fips-1.0/dsa/fips_dssvs.c +++ b/fips-1.0/dsa/fips_dssvs.c @@ -230,7 +230,6 @@ void sigver() int n; char *keyword, *value; int nmod=0; - unsigned char hash[20]; DSA_SIG sg, *sig = &sg; sig->r = NULL; @@ -266,10 +265,8 @@ void sigver() } else if(!strcmp(keyword,"Msg")) { - n=hex2bin(value,msg); pv("Msg",msg,n); - SHA1(msg,n,hash); } else if(!strcmp(keyword,"Y")) dsa->pub_key=hex2bn(value); diff --git a/fips-1.0/fips_test_suite.c b/fips-1.0/fips_test_suite.c index 856599aa32..7ec5931295 100644 --- a/fips-1.0/fips_test_suite.c +++ b/fips-1.0/fips_test_suite.c @@ -190,7 +190,7 @@ static int FIPS_sha1_test() unsigned char md[SHA_DIGEST_LENGTH]; ERR_clear_error(); - if (!SHA1(str,sizeof(str) - 1,md)) return 0; + if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0; if (memcmp(md,digest,sizeof(md))) return 0; return 1; diff --git a/fips-1.0/sha/Makefile b/fips-1.0/sha/Makefile index 67a929b810..5e836ea6f7 100644 --- a/fips-1.0/sha/Makefile +++ b/fips-1.0/sha/Makefile @@ -28,10 +28,8 @@ APPS= EXE= fips_standalone_sha1$(EXE_EXT) LIB=$(TOP)/libcrypto.a -LIBSRC=fips_sha1dgst.c fips_sha1_selftest.c asm/fips-sx86-elf.s \ - fips_sha256.c fips_sha512.c -LIBOBJ=fips_sha1dgst.o fips_sha1_selftest.o $(FIPS_SHA1_ASM_OBJ) \ - fips_sha256.o fips_sha512.o +LIBSRC=fips_sha1_selftest.c +LIBOBJ=fips_sha1_selftest.o SRC= $(LIBSRC) fips_standalone_sha1.c @@ -48,9 +46,10 @@ all: fips_standalone_sha1$(EXE_EXT) lib lib: $(LIBOBJ) @echo $(LIBOBJ) > lib -fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o fips_sha1dgst.o $(FIPS_SHA1_ASM_OBJ) +fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o + FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \ $(CC) -o fips_standalone_sha1$(EXE_EXT) $(CFLAGS) \ - fips_standalone_sha1.o fips_sha1dgst.o $(FIPS_SHA1_ASM_OBJ) + fips_standalone_sha1.o ../crypto/sha/sha1dgst.o $$FIPS_SHA_ASM files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/fips-1.0/sha/fips_sha1_selftest.c b/fips-1.0/sha/fips_sha1_selftest.c index 73a65cdc06..efae7470aa 100644 --- a/fips-1.0/sha/fips_sha1_selftest.c +++ b/fips-1.0/sha/fips_sha1_selftest.c @@ -50,7 +50,8 @@ #include #include #include -#include +#include +#include #ifdef OPENSSL_FIPS static char test[][60]= @@ -83,7 +84,7 @@ int FIPS_selftest_sha1() { unsigned char md[SHA_DIGEST_LENGTH]; - SHA1((unsigned char*)test[n],strlen(test[n]),md); + EVP_Digest(test[n],strlen(test[n]),md, NULL, EVP_sha1(), NULL); if(memcmp(md,ret[n],sizeof md)) { FIPSerr(FIPS_F_FIPS_SELFTEST_SHA,FIPS_R_SELFTEST_FAILED);