author | Misaki Miyashita <Misaki.Miyashita@Oracle.COM> |
Thu, 13 Oct 2016 14:47:30 -0700 | |
changeset 7103 | 398c9d0ab0f3 |
permissions | -rw-r--r-- |
7103
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
1 |
# Developed in house: Solaris specific |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
2 |
# This patch is necessary to get a new FIPS validation: |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
3 |
# - Use modern compile options |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
4 |
# - Conform to FIPS 186-4: RSA key generation |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
5 |
# - Enable FIPS by default: ignore a call to FIPS_mode_set(1) |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
6 |
--- a/Configure.orig 2016-07-15 01:47:46.399055235 -0700 |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
7 |
+++ b/Configure 2016-07-15 01:59:36.376433305 -0700 |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
8 |
@@ -221,8 +221,8 @@ |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
9 |
"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
10 |
|
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
11 |
#### Solaris x86 with Sun C setups |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
12 |
-"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
13 |
-"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
14 |
+"solaris-x86-cc","cc:-fast -m32 -O -xstrconst -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
15 |
+"solaris64-x86_64-cc","cc:-fast -m64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
16 |
|
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
17 |
#### SPARC Solaris with GNU C setups |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
18 |
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
19 |
@@ -239,12 +239,12 @@ |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
20 |
# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
21 |
# SC5.0 note: Compiler common patch 107357-01 or later is required! |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
22 |
"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
23 |
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
24 |
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
25 |
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
26 |
+"solaris-sparcv8-cc","cc:-m32 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
27 |
+"solaris-sparcv9-cc","cc:-m32 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
28 |
+"solaris64-sparcv9-cc","cc:-m64 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
29 |
#### |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
30 |
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
31 |
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
32 |
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -m32 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
33 |
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -m64 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
34 |
|
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
35 |
#### SunOS configs, assuming sparc for the gcc one. |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
36 |
#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
37 |
--- a/crypto/bn/bn_x931p.c.new 2016-07-15 02:15:47.056871670 -0700 |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
38 |
+++ b/crypto/bn/bn_x931p.c 2015-11-16 13:45:17.000000000 -0800 |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
39 |
@@ -78,8 +78,8 @@ |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
40 |
{ |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
41 |
i++; |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
42 |
BN_GENCB_call(cb, 0, i); |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
43 |
- /* NB 27 MR is specificed in X9.31 */ |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
44 |
- if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb)) |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
45 |
+ /* NB 32 MR is specificed in X9.31 */ |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
46 |
+ if (BN_is_prime_fasttest_ex(pi, 32, ctx, 1, cb)) |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
47 |
break; |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
48 |
if (!BN_add_word(pi, 2)) |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
49 |
return 0; |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
50 |
@@ -254,9 +254,9 @@ |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
51 |
if (!Xp2) |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
52 |
Xp2 = BN_CTX_get(ctx); |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
53 |
|
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
54 |
- if (!BN_rand(Xp1, 101, 0, 0)) |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
55 |
+ if (!BN_rand(Xp1, 171, 0, 0)) |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
56 |
goto error; |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
57 |
- if (!BN_rand(Xp2, 101, 0, 0)) |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
58 |
+ if (!BN_rand(Xp2, 171, 0, 0)) |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
59 |
goto error; |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
60 |
if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb)) |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
61 |
goto error; |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
62 |
--- a/fips/fips.c 2016-06-20 12:49:46.000000000 -0700 |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
63 |
+++ b/fips/fips.c 2016-09-08 07:53:52.169922810 -0700 |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
64 |
@@ -288,6 +291,12 @@ |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
65 |
{ |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
66 |
int ret = 0; |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
67 |
|
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
68 |
+ /* FIPS mode is enabled by default : this is noop */ |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
69 |
+ if (onoff && FIPS_module_mode()) |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
70 |
+ { |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
71 |
+ return 1; |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
72 |
+ } |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
73 |
+ |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
74 |
fips_w_lock(); |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
75 |
fips_started = 1; |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
76 |
fips_set_owning_thread(); |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
77 |
@@ -301,15 +310,6 @@ |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
78 |
fips_auth_fail = 1; |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
79 |
fips_selftest_fail = 1; |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
80 |
FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_AUTHENTICATION_FAILURE); |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
81 |
- return 0; |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
82 |
- } |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
83 |
- |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
84 |
- /* Don't go into FIPS mode twice, just so we can do automagic |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
85 |
- seeding */ |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
86 |
- if(FIPS_module_mode()) |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
87 |
- { |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
88 |
- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET); |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
89 |
- fips_selftest_fail = 1; |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
90 |
ret = 0; |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
91 |
goto end; |
398c9d0ab0f3
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
92 |
} |