132 lines
4.8 KiB
Diff
132 lines
4.8 KiB
Diff
Index: openssl-1.1.1m/crypto/fips/build.info
|
|
===================================================================
|
|
--- openssl-1.1.1m.orig/crypto/fips/build.info
|
|
+++ openssl-1.1.1m/crypto/fips/build.info
|
|
@@ -5,7 +5,7 @@ SOURCE[../../libcrypto]=\
|
|
fips_post.c drbgtest.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
|
|
fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
|
|
fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
|
|
- fips_dh_selftest.c fips_ers.c
|
|
+ fips_dh_selftest.c fips_kdf_selftest.c fips_ers.c
|
|
|
|
PROGRAMS=\
|
|
fips_standalone_hmac
|
|
Index: openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
|
|
@@ -0,0 +1,64 @@
|
|
+/*
|
|
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
+ * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
|
|
+ *
|
|
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
+ * this file except in compliance with the License. You can obtain a copy
|
|
+ * in the file LICENSE in the source distribution or at
|
|
+ * https://www.openssl.org/source/license.html
|
|
+ */
|
|
+
|
|
+#include <string.h>
|
|
+#include <openssl/err.h>
|
|
+#include <openssl/fips.h>
|
|
+
|
|
+#include <openssl/evp.h>
|
|
+#include <openssl/kdf.h>
|
|
+
|
|
+#ifdef OPENSSL_FIPS
|
|
+int FIPS_selftest_pbkdf2(void)
|
|
+{
|
|
+ int ret = 0;
|
|
+ EVP_KDF_CTX *kctx;
|
|
+ unsigned char out[32];
|
|
+
|
|
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) {
|
|
+ goto err;
|
|
+ }
|
|
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
|
|
+ goto err;
|
|
+ }
|
|
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
|
|
+ goto err;
|
|
+ }
|
|
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) {
|
|
+ goto err;
|
|
+ }
|
|
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
|
|
+ goto err;
|
|
+ }
|
|
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
|
|
+ goto err;
|
|
+ }
|
|
+
|
|
+ {
|
|
+ const unsigned char expected[sizeof(out)] = {
|
|
+ 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
|
|
+ 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
|
|
+ 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
|
|
+ 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
|
|
+ };
|
|
+ if (memcmp(out, expected, sizeof(expected))) {
|
|
+ goto err;
|
|
+ }
|
|
+ }
|
|
+ ret = 1;
|
|
+
|
|
+err:
|
|
+ if (!ret)
|
|
+ FIPSerr(FIPS_F_FIPS_SELFTEST_PBKDF2, FIPS_R_SELFTEST_FAILED);
|
|
+ EVP_KDF_CTX_free(kctx);
|
|
+ return ret;
|
|
+}
|
|
+
|
|
+#endif
|
|
Index: openssl-1.1.1m/crypto/fips/fips_post.c
|
|
===================================================================
|
|
--- openssl-1.1.1m.orig/crypto/fips/fips_post.c
|
|
+++ openssl-1.1.1m/crypto/fips/fips_post.c
|
|
@@ -104,6 +104,8 @@ int FIPS_selftest(void)
|
|
rv = 0;
|
|
if (!FIPS_selftest_ecdh())
|
|
rv = 0;
|
|
+ if (!FIPS_selftest_pbkdf2())
|
|
+ rv = 0;
|
|
return rv;
|
|
}
|
|
|
|
Index: openssl-1.1.1m/include/crypto/fips_int.h
|
|
===================================================================
|
|
--- openssl-1.1.1m.orig/include/crypto/fips_int.h
|
|
+++ openssl-1.1.1m/include/crypto/fips_int.h
|
|
@@ -76,6 +76,7 @@ void FIPS_drbg_stick(int onoff);
|
|
int FIPS_selftest_hmac(void);
|
|
int FIPS_selftest_drbg(void);
|
|
int FIPS_selftest_cmac(void);
|
|
+int FIPS_selftest_pbkdf2(void);
|
|
|
|
int fips_in_post(void);
|
|
|
|
Index: openssl-1.1.1m/include/openssl/fips.h
|
|
===================================================================
|
|
--- openssl-1.1.1m.orig/include/openssl/fips.h
|
|
+++ openssl-1.1.1m/include/openssl/fips.h
|
|
@@ -124,6 +124,7 @@ extern "C" {
|
|
# define FIPS_F_FIPS_SELFTEST_DSA 112
|
|
# define FIPS_F_FIPS_SELFTEST_ECDSA 133
|
|
# define FIPS_F_FIPS_SELFTEST_HMAC 113
|
|
+# define FIPS_F_FIPS_SELFTEST_PBKDF2 152
|
|
# define FIPS_F_FIPS_SELFTEST_SHA1 115
|
|
# define FIPS_F_FIPS_SELFTEST_SHA2 105
|
|
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143
|
|
Index: openssl-1.1.1m/crypto/fips/fips_err.h
|
|
===================================================================
|
|
--- openssl-1.1.1m.orig/crypto/fips/fips_err.h
|
|
+++ openssl-1.1.1m/crypto/fips/fips_err.h
|
|
@@ -111,6 +111,7 @@ static ERR_STRING_DATA FIPS_str_functs[]
|
|
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"},
|
|
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA), "FIPS_selftest_ecdsa"},
|
|
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
|
|
+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_PBKDF2), "FIPS_selftest_pbkdf2"},
|
|
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
|
|
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA2), "FIPS_selftest_sha2"},
|
|
{ERR_FUNC(FIPS_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"},
|