Blame SOURCES/openssl-1.0.2a-fips-ec.patch

cfec1a
diff -up openssl-1.0.2a/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.2a/crypto/ecdh/ecdhtest.c
cfec1a
--- openssl-1.0.2a/crypto/ecdh/ecdhtest.c.fips-ec	2015-03-19 14:30:36.000000000 +0100
cfec1a
+++ openssl-1.0.2a/crypto/ecdh/ecdhtest.c	2015-04-22 19:00:19.721884512 +0200
cfec1a
@@ -501,11 +501,13 @@ int main(int argc, char *argv[])
cfec1a
         goto err;
cfec1a
 
cfec1a
     /* NIST PRIME CURVES TESTS */
cfec1a
+# if 0
cfec1a
     if (!test_ecdh_curve
cfec1a
         (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out))
cfec1a
         goto err;
cfec1a
     if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out))
cfec1a
         goto err;
cfec1a
+# endif
cfec1a
     if (!test_ecdh_curve
cfec1a
         (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out))
cfec1a
         goto err;
cfec1a
@@ -536,13 +538,14 @@ int main(int argc, char *argv[])
cfec1a
     if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out))
cfec1a
         goto err;
cfec1a
 # endif
cfec1a
+# if 0
cfec1a
     if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
cfec1a
         goto err;
cfec1a
     if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
cfec1a
         goto err;
cfec1a
     if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
cfec1a
         goto err;
cfec1a
-
cfec1a
+# endif
cfec1a
     ret = 0;
cfec1a
 
cfec1a
  err:
cfec1a
diff -up openssl-1.0.2a/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.2a/crypto/ecdh/ech_lib.c
cfec1a
--- openssl-1.0.2a/crypto/ecdh/ech_lib.c.fips-ec	2015-03-19 14:19:00.000000000 +0100
cfec1a
+++ openssl-1.0.2a/crypto/ecdh/ech_lib.c	2015-04-22 19:00:19.721884512 +0200
cfec1a
@@ -93,14 +93,7 @@ void ECDH_set_default_method(const ECDH_
cfec1a
 const ECDH_METHOD *ECDH_get_default_method(void)
cfec1a
 {
cfec1a
     if (!default_ECDH_method) {
cfec1a
-#ifdef OPENSSL_FIPS
cfec1a
-        if (FIPS_mode())
cfec1a
-            return FIPS_ecdh_openssl();
cfec1a
-        else
cfec1a
-            return ECDH_OpenSSL();
cfec1a
-#else
cfec1a
         default_ECDH_method = ECDH_OpenSSL();
cfec1a
-#endif
cfec1a
     }
cfec1a
     return default_ECDH_method;
cfec1a
 }
cfec1a
diff -up openssl-1.0.2a/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.2a/crypto/ecdh/ech_ossl.c
cfec1a
--- openssl-1.0.2a/crypto/ecdh/ech_ossl.c.fips-ec	2015-03-19 14:30:36.000000000 +0100
cfec1a
+++ openssl-1.0.2a/crypto/ecdh/ech_ossl.c	2015-04-22 19:00:19.722884536 +0200
cfec1a
@@ -78,6 +78,10 @@
cfec1a
 #include <openssl/obj_mac.h>
cfec1a
 #include <openssl/bn.h>
cfec1a
 
cfec1a
+#ifdef OPENSSL_FIPS
cfec1a
+# include <openssl/fips.h>
cfec1a
+#endif
cfec1a
+
cfec1a
 static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
cfec1a
                             EC_KEY *ecdh,
cfec1a
                             void *(*KDF) (const void *in, size_t inlen,
cfec1a
@@ -90,7 +94,7 @@ static ECDH_METHOD openssl_ecdh_meth = {
cfec1a
     NULL,                       /* init */
cfec1a
     NULL,                       /* finish */
cfec1a
 #endif
cfec1a
-    0,                          /* flags */
cfec1a
+    ECDH_FLAG_FIPS_METHOD,      /* flags */
cfec1a
     NULL                        /* app_data */
cfec1a
 };
cfec1a
 
cfec1a
@@ -119,6 +123,13 @@ static int ecdh_compute_key(void *out, s
cfec1a
     size_t buflen, len;
cfec1a
     unsigned char *buf = NULL;
cfec1a
 
cfec1a
+#ifdef OPENSSL_FIPS
cfec1a
+    if (FIPS_selftest_failed()) {
cfec1a
+        FIPSerr(FIPS_F_ECDH_COMPUTE_KEY, FIPS_R_FIPS_SELFTEST_FAILED);
cfec1a
+        return -1;
cfec1a
+    }
cfec1a
+#endif
cfec1a
+
cfec1a
     if (outlen > INT_MAX) {
cfec1a
         ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); /* sort of,
cfec1a
                                                                  * anyway */
cfec1a
diff -up openssl-1.0.2a/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.2a/crypto/ecdsa/ecdsatest.c
cfec1a
--- openssl-1.0.2a/crypto/ecdsa/ecdsatest.c.fips-ec	2015-03-19 14:19:00.000000000 +0100
cfec1a
+++ openssl-1.0.2a/crypto/ecdsa/ecdsatest.c	2015-04-22 19:00:19.722884536 +0200
cfec1a
@@ -138,11 +138,14 @@ int restore_rand(void)
cfec1a
 }
cfec1a
 
cfec1a
 static int fbytes_counter = 0;
cfec1a
-static const char *numbers[8] = {
cfec1a
+static const char *numbers[10] = {
cfec1a
+    "651056770906015076056810763456358567190100156695615665659",
cfec1a
     "651056770906015076056810763456358567190100156695615665659",
cfec1a
     "6140507067065001063065065565667405560006161556565665656654",
cfec1a
     "8763001015071075675010661307616710783570106710677817767166"
cfec1a
         "71676178726717",
cfec1a
+    "8763001015071075675010661307616710783570106710677817767166"
cfec1a
+        "71676178726717",
cfec1a
     "7000000175690566466555057817571571075705015757757057795755"
cfec1a
         "55657156756655",
cfec1a
     "1275552191113212300012030439187146164646146646466749494799",
cfec1a
@@ -158,7 +161,7 @@ int fbytes(unsigned char *buf, int num)
cfec1a
     int ret;
cfec1a
     BIGNUM *tmp = NULL;
cfec1a
 
cfec1a
-    if (fbytes_counter >= 8)
cfec1a
+    if (fbytes_counter >= 10)
cfec1a
         return 0;
cfec1a
     tmp = BN_new();
cfec1a
     if (!tmp)
cfec1a
@@ -532,8 +535,10 @@ int main(void)
cfec1a
     RAND_seed(rnd_seed, sizeof(rnd_seed));
cfec1a
 
cfec1a
     /* the tests */
cfec1a
+# if 0
cfec1a
     if (!x9_62_tests(out))
cfec1a
         goto err;
cfec1a
+# endif
cfec1a
     if (!test_builtin(out))
cfec1a
         goto err;
cfec1a
 
cfec1a
diff -up openssl-1.0.2a/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.2a/crypto/ecdsa/ecs_lib.c
cfec1a
--- openssl-1.0.2a/crypto/ecdsa/ecs_lib.c.fips-ec	2015-03-19 14:30:36.000000000 +0100
cfec1a
+++ openssl-1.0.2a/crypto/ecdsa/ecs_lib.c	2015-04-22 19:00:19.722884536 +0200
cfec1a
@@ -80,14 +80,7 @@ void ECDSA_set_default_method(const ECDS
cfec1a
 const ECDSA_METHOD *ECDSA_get_default_method(void)
cfec1a
 {
cfec1a
     if (!default_ECDSA_method) {
cfec1a
-#ifdef OPENSSL_FIPS
cfec1a
-        if (FIPS_mode())
cfec1a
-            return FIPS_ecdsa_openssl();
cfec1a
-        else
cfec1a
-            return ECDSA_OpenSSL();
cfec1a
-#else
cfec1a
         default_ECDSA_method = ECDSA_OpenSSL();
cfec1a
-#endif
cfec1a
     }
cfec1a
     return default_ECDSA_method;
cfec1a
 }
cfec1a
diff -up openssl-1.0.2a/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.2a/crypto/ecdsa/ecs_ossl.c
cfec1a
--- openssl-1.0.2a/crypto/ecdsa/ecs_ossl.c.fips-ec	2015-03-19 14:30:36.000000000 +0100
cfec1a
+++ openssl-1.0.2a/crypto/ecdsa/ecs_ossl.c	2015-04-22 19:00:19.722884536 +0200
cfec1a
@@ -60,6 +60,9 @@
cfec1a
 #include <openssl/err.h>
cfec1a
 #include <openssl/obj_mac.h>
cfec1a
 #include <openssl/bn.h>
cfec1a
+#ifdef OPENSSL_FIPS
cfec1a
+# include <openssl/fips.h>
cfec1a
+#endif
cfec1a
 
cfec1a
 static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
cfec1a
                                 const BIGNUM *, const BIGNUM *,
cfec1a
@@ -78,7 +81,7 @@ static ECDSA_METHOD openssl_ecdsa_meth =
cfec1a
     NULL,                       /* init */
cfec1a
     NULL,                       /* finish */
cfec1a
 #endif
cfec1a
-    0,                          /* flags */
cfec1a
+    ECDSA_FLAG_FIPS_METHOD,     /* flags */
cfec1a
     NULL                        /* app_data */
cfec1a
 };
cfec1a
 
cfec1a
@@ -245,6 +248,13 @@ static ECDSA_SIG *ecdsa_do_sign(const un
cfec1a
     ECDSA_DATA *ecdsa;
cfec1a
     const BIGNUM *priv_key;
cfec1a
 
cfec1a
+#ifdef OPENSSL_FIPS
cfec1a
+    if (FIPS_selftest_failed()) {
cfec1a
+        FIPSerr(FIPS_F_ECDSA_DO_SIGN, FIPS_R_FIPS_SELFTEST_FAILED);
cfec1a
+        return NULL;
cfec1a
+    }
cfec1a
+#endif
cfec1a
+
cfec1a
     ecdsa = ecdsa_check(eckey);
cfec1a
     group = EC_KEY_get0_group(eckey);
cfec1a
     priv_key = EC_KEY_get0_private_key(eckey);
cfec1a
@@ -358,6 +368,13 @@ static int ecdsa_do_verify(const unsigne
cfec1a
     const EC_GROUP *group;
cfec1a
     const EC_POINT *pub_key;
cfec1a
 
cfec1a
+#ifdef OPENSSL_FIPS
cfec1a
+    if (FIPS_selftest_failed()) {
cfec1a
+        FIPSerr(FIPS_F_ECDSA_DO_VERIFY, FIPS_R_FIPS_SELFTEST_FAILED);
cfec1a
+        return -1;
cfec1a
+    }
cfec1a
+#endif
cfec1a
+
cfec1a
     /* check input values */
cfec1a
     if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
cfec1a
         (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
cfec1a
diff -up openssl-1.0.2a/crypto/ec/ec_cvt.c.fips-ec openssl-1.0.2a/crypto/ec/ec_cvt.c
cfec1a
--- openssl-1.0.2a/crypto/ec/ec_cvt.c.fips-ec	2015-03-19 14:30:36.000000000 +0100
cfec1a
+++ openssl-1.0.2a/crypto/ec/ec_cvt.c	2015-04-22 19:01:08.703040756 +0200
cfec1a
@@ -82,10 +82,6 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const B
cfec1a
     const EC_METHOD *meth;
cfec1a
     EC_GROUP *ret;
cfec1a
 
cfec1a
-#ifdef OPENSSL_FIPS
cfec1a
-    if (FIPS_mode())
cfec1a
-        return FIPS_ec_group_new_curve_gfp(p, a, b, ctx);
cfec1a
-#endif
cfec1a
 #if defined(OPENSSL_BN_ASM_MONT)
cfec1a
     /*
cfec1a
      * This might appear controversial, but the fact is that generic
cfec1a
@@ -160,10 +156,6 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const
cfec1a
     const EC_METHOD *meth;
cfec1a
     EC_GROUP *ret;
cfec1a
 
cfec1a
-# ifdef OPENSSL_FIPS
cfec1a
-    if (FIPS_mode())
cfec1a
-        return FIPS_ec_group_new_curve_gf2m(p, a, b, ctx);
cfec1a
-# endif
cfec1a
     meth = EC_GF2m_simple_method();
cfec1a
 
cfec1a
     ret = EC_GROUP_new(meth);
cfec1a
diff -up openssl-1.0.2a/crypto/ec/ec_key.c.fips-ec openssl-1.0.2a/crypto/ec/ec_key.c
cfec1a
--- openssl-1.0.2a/crypto/ec/ec_key.c.fips-ec	2015-03-19 14:19:00.000000000 +0100
cfec1a
+++ openssl-1.0.2a/crypto/ec/ec_key.c	2015-04-22 19:00:19.722884536 +0200
cfec1a
@@ -64,9 +64,6 @@
cfec1a
 #include <string.h>
cfec1a
 #include "ec_lcl.h"
cfec1a
 #include <openssl/err.h>
cfec1a
-#ifdef OPENSSL_FIPS
cfec1a
-# include <openssl/fips.h>
cfec1a
-#endif
cfec1a
 
cfec1a
 EC_KEY *EC_KEY_new(void)
cfec1a
 {
cfec1a
@@ -227,6 +224,38 @@ int EC_KEY_up_ref(EC_KEY *r)
cfec1a
     return ((i > 1) ? 1 : 0);
cfec1a
 }
cfec1a
 
cfec1a
+#ifdef OPENSSL_FIPS
cfec1a
+
cfec1a
+# include <openssl/evp.h>
cfec1a
+# include <openssl/fips.h>
cfec1a
+# include <openssl/fips_rand.h>
cfec1a
+
cfec1a
+static int fips_check_ec(EC_KEY *key)
cfec1a
+{
cfec1a
+    EVP_PKEY *pk;
cfec1a
+    unsigned char tbs[] = "ECDSA Pairwise Check Data";
cfec1a
+    int ret = 0;
cfec1a
+
cfec1a
+    if ((pk = EVP_PKEY_new()) == NULL)
cfec1a
+        goto err;
cfec1a
+
cfec1a
+    EVP_PKEY_set1_EC_KEY(pk, key);
cfec1a
+
cfec1a
+    if (fips_pkey_signature_test(pk, tbs, -1, NULL, 0, NULL, 0, NULL))
cfec1a
+        ret = 1;
cfec1a
+
cfec1a
+ err:
cfec1a
+    if (ret == 0) {
cfec1a
+        FIPSerr(FIPS_F_FIPS_CHECK_EC, FIPS_R_PAIRWISE_TEST_FAILED);
cfec1a
+        fips_set_selftest_fail();
cfec1a
+    }
cfec1a
+    if (pk)
cfec1a
+        EVP_PKEY_free(pk);
cfec1a
+    return ret;
cfec1a
+}
cfec1a
+
cfec1a
+#endif
cfec1a
+
cfec1a
 int EC_KEY_generate_key(EC_KEY *eckey)
cfec1a
 {
cfec1a
     int ok = 0;
cfec1a
@@ -235,8 +264,10 @@ int EC_KEY_generate_key(EC_KEY *eckey)
cfec1a
     EC_POINT *pub_key = NULL;
cfec1a
 
cfec1a
 #ifdef OPENSSL_FIPS
cfec1a
-    if (FIPS_mode())
cfec1a
-        return FIPS_ec_key_generate_key(eckey);
cfec1a
+    if (FIPS_selftest_failed()) {
cfec1a
+        FIPSerr(FIPS_F_EC_KEY_GENERATE_KEY, FIPS_R_FIPS_SELFTEST_FAILED);
cfec1a
+        return 0;
cfec1a
+    }
cfec1a
 #endif
cfec1a
 
cfec1a
     if (!eckey || !eckey->group) {
cfec1a
@@ -277,6 +308,14 @@ int EC_KEY_generate_key(EC_KEY *eckey)
cfec1a
     eckey->priv_key = priv_key;
cfec1a
     eckey->pub_key = pub_key;
cfec1a
 
cfec1a
+#ifdef OPENSSL_FIPS
cfec1a
+    if (!fips_check_ec(eckey)) {
cfec1a
+        eckey->priv_key = NULL;
cfec1a
+        eckey->pub_key = NULL;
cfec1a
+        goto err;
cfec1a
+    }
cfec1a
+#endif
cfec1a
+
cfec1a
     ok = 1;
cfec1a
 
cfec1a
  err:
cfec1a
@@ -408,10 +447,12 @@ int EC_KEY_set_public_key_affine_coordin
cfec1a
             goto err;
cfec1a
     }
cfec1a
     /*
cfec1a
-     * Check if retrieved coordinates match originals: if not values are out
cfec1a
-     * of range.
cfec1a
+     * Check if retrieved coordinates match originals and are less
cfec1a
+     * than field order: if not values are out of range.
cfec1a
      */
cfec1a
-    if (BN_cmp(x, tx) || BN_cmp(y, ty)) {
cfec1a
+    if (BN_cmp(x, tx) || BN_cmp(y, ty)
cfec1a
+        || (BN_cmp(x, &key->group->field) >= 0)
cfec1a
+        || (BN_cmp(y, &key->group->field) >= 0)) {
cfec1a
         ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
cfec1a
               EC_R_COORDINATES_OUT_OF_RANGE);
cfec1a
         goto err;
cfec1a
diff -up openssl-1.0.2a/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.2a/crypto/ec/ecp_mont.c
cfec1a
--- openssl-1.0.2a/crypto/ec/ecp_mont.c.fips-ec	2015-03-19 14:19:00.000000000 +0100
cfec1a
+++ openssl-1.0.2a/crypto/ec/ecp_mont.c	2015-04-22 19:00:19.722884536 +0200
cfec1a
@@ -63,10 +63,6 @@
cfec1a
 
cfec1a
 #include <openssl/err.h>
cfec1a
 
cfec1a
-#ifdef OPENSSL_FIPS
cfec1a
-# include <openssl/fips.h>
cfec1a
-#endif
cfec1a
-
cfec1a
 #include "ec_lcl.h"
cfec1a
 
cfec1a
 const EC_METHOD *EC_GFp_mont_method(void)
cfec1a
@@ -111,11 +107,6 @@ const EC_METHOD *EC_GFp_mont_method(void
cfec1a
         ec_GFp_mont_field_set_to_one
cfec1a
     };
cfec1a
 
cfec1a
-#ifdef OPENSSL_FIPS
cfec1a
-    if (FIPS_mode())
cfec1a
-        return fips_ec_gfp_mont_method();
cfec1a
-#endif
cfec1a
-
cfec1a
     return &ret;
cfec1a
 }
cfec1a
 
cfec1a
diff -up openssl-1.0.2a/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.2a/crypto/ec/ecp_nist.c
cfec1a
--- openssl-1.0.2a/crypto/ec/ecp_nist.c.fips-ec	2015-03-19 14:19:00.000000000 +0100
cfec1a
+++ openssl-1.0.2a/crypto/ec/ecp_nist.c	2015-04-22 19:00:19.723884560 +0200
cfec1a
@@ -67,10 +67,6 @@
cfec1a
 #include <openssl/obj_mac.h>
cfec1a
 #include "ec_lcl.h"
cfec1a
 
cfec1a
-#ifdef OPENSSL_FIPS
cfec1a
-# include <openssl/fips.h>
cfec1a
-#endif
cfec1a
-
cfec1a
 const EC_METHOD *EC_GFp_nist_method(void)
cfec1a
 {
cfec1a
     static const EC_METHOD ret = {
cfec1a
@@ -113,11 +109,6 @@ const EC_METHOD *EC_GFp_nist_method(void
cfec1a
         0                       /* field_set_to_one */
cfec1a
     };
cfec1a
 
cfec1a
-#ifdef OPENSSL_FIPS
cfec1a
-    if (FIPS_mode())
cfec1a
-        return fips_ec_gfp_nist_method();
cfec1a
-#endif
cfec1a
-
cfec1a
     return &ret;
cfec1a
 }
cfec1a
 
cfec1a
diff -up openssl-1.0.2a/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.2a/crypto/ec/ecp_smpl.c
cfec1a
--- openssl-1.0.2a/crypto/ec/ecp_smpl.c.fips-ec	2015-03-19 14:19:00.000000000 +0100
cfec1a
+++ openssl-1.0.2a/crypto/ec/ecp_smpl.c	2015-04-22 19:00:19.723884560 +0200
cfec1a
@@ -66,10 +66,6 @@
cfec1a
 #include <openssl/err.h>
cfec1a
 #include <openssl/symhacks.h>
cfec1a
 
cfec1a
-#ifdef OPENSSL_FIPS
cfec1a
-# include <openssl/fips.h>
cfec1a
-#endif
cfec1a
-
cfec1a
 #include "ec_lcl.h"
cfec1a
 
cfec1a
 const EC_METHOD *EC_GFp_simple_method(void)
cfec1a
@@ -114,11 +110,6 @@ const EC_METHOD *EC_GFp_simple_method(vo
cfec1a
         0                       /* field_set_to_one */
cfec1a
     };
cfec1a
 
cfec1a
-#ifdef OPENSSL_FIPS
cfec1a
-    if (FIPS_mode())
cfec1a
-        return fips_ec_gfp_simple_method();
cfec1a
-#endif
cfec1a
-
cfec1a
     return &ret;
cfec1a
 }
cfec1a
 
cfec1a
@@ -187,6 +178,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
cfec1a
         return 0;
cfec1a
     }
cfec1a
 
cfec1a
+    if (BN_num_bits(p) < 256) {
cfec1a
+        ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
cfec1a
+        return 0;
cfec1a
+    }
cfec1a
+
cfec1a
     if (ctx == NULL) {
cfec1a
         ctx = new_ctx = BN_CTX_new();
cfec1a
         if (ctx == NULL)
cfec1a
diff -up openssl-1.0.2a/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.2a/crypto/evp/m_ecdsa.c
cfec1a
--- openssl-1.0.2a/crypto/evp/m_ecdsa.c.fips-ec	2015-03-19 14:30:36.000000000 +0100
cfec1a
+++ openssl-1.0.2a/crypto/evp/m_ecdsa.c	2015-04-22 19:00:19.723884560 +0200
cfec1a
@@ -136,7 +136,7 @@ static const EVP_MD ecdsa_md = {
cfec1a
     NID_ecdsa_with_SHA1,
cfec1a
     NID_ecdsa_with_SHA1,
cfec1a
     SHA_DIGEST_LENGTH,
cfec1a
-    EVP_MD_FLAG_PKEY_DIGEST,
cfec1a
+    EVP_MD_FLAG_PKEY_DIGEST | EVP_MD_FLAG_FIPS,
cfec1a
     init,
cfec1a
     update,
cfec1a
     final,
cfec1a
diff -up openssl-1.0.2a/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.2a/crypto/fips/cavs/fips_ecdhvs.c
cfec1a
--- openssl-1.0.2a/crypto/fips/cavs/fips_ecdhvs.c.fips-ec	2015-04-22 19:00:19.723884560 +0200
cfec1a
+++ openssl-1.0.2a/crypto/fips/cavs/fips_ecdhvs.c	2015-04-22 19:00:19.723884560 +0200
cfec1a
@@ -0,0 +1,456 @@
cfec1a
+/* fips/ecdh/fips_ecdhvs.c */
cfec1a
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
cfec1a
+ * project.
cfec1a
+ */
cfec1a
+/* ====================================================================
cfec1a
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
cfec1a
+ *
cfec1a
+ * Redistribution and use in source and binary forms, with or without
cfec1a
+ * modification, are permitted provided that the following conditions
cfec1a
+ * are met:
cfec1a
+ *
cfec1a
+ * 1. Redistributions of source code must retain the above copyright
cfec1a
+ *    notice, this list of conditions and the following disclaimer. 
cfec1a
+ *
cfec1a
+ * 2. Redistributions in binary form must reproduce the above copyright
cfec1a
+ *    notice, this list of conditions and the following disclaimer in
cfec1a
+ *    the documentation and/or other materials provided with the
cfec1a
+ *    distribution.
cfec1a
+ *
cfec1a
+ * 3. All advertising materials mentioning features or use of this
cfec1a
+ *    software must display the following acknowledgment:
cfec1a
+ *    "This product includes software developed by the OpenSSL Project
cfec1a
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
cfec1a
+ *
cfec1a
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
cfec1a
+ *    endorse or promote products derived from this software without
cfec1a
+ *    prior written permission. For written permission, please contact
cfec1a
+ *    licensing@OpenSSL.org.
cfec1a
+ *
cfec1a
+ * 5. Products derived from this software may not be called "OpenSSL"
cfec1a
+ *    nor may "OpenSSL" appear in their names without prior written
cfec1a
+ *    permission of the OpenSSL Project.
cfec1a
+ *
cfec1a
+ * 6. Redistributions of any form whatsoever must retain the following
cfec1a
+ *    acknowledgment:
cfec1a
+ *    "This product includes software developed by the OpenSSL Project
cfec1a
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
cfec1a
+ *
cfec1a
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
cfec1a
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
cfec1a
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
cfec1a
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
cfec1a
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
cfec1a
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
cfec1a
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
cfec1a
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
cfec1a
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
cfec1a
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
cfec1a
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
cfec1a
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
cfec1a
+ * ====================================================================
cfec1a
+ */
cfec1a
+
cfec1a
+#define OPENSSL_FIPSAPI
cfec1a
+#include <openssl/opensslconf.h>
cfec1a
+
cfec1a
+#ifndef OPENSSL_FIPS
cfec1a
+# include <stdio.h>
cfec1a
+
cfec1a
+int main(int argc, char **argv)
cfec1a
+{
cfec1a
+    printf("No FIPS ECDH support\n");
cfec1a
+    return (0);
cfec1a
+}
cfec1a
+#else
cfec1a
+
cfec1a
+# include <openssl/crypto.h>
cfec1a
+# include <openssl/bn.h>
cfec1a
+# include <openssl/ecdh.h>
cfec1a
+# include <openssl/fips.h>
cfec1a
+# include <openssl/err.h>
cfec1a
+# include <openssl/evp.h>
cfec1a
+# include <string.h>
cfec1a
+# include <ctype.h>
cfec1a
+
cfec1a
+# include "fips_utl.h"
cfec1a
+
cfec1a
+static const EVP_MD *eparse_md(char *line)
cfec1a
+{
cfec1a
+    char *p;
cfec1a
+    if (line[0] != '[' || line[1] != 'E')
cfec1a
+        return NULL;
cfec1a
+    p = strchr(line, '-');
cfec1a
+    if (!p)
cfec1a
+        return NULL;
cfec1a
+    line = p + 1;
cfec1a
+    p = strchr(line, ']');
cfec1a
+    if (!p)
cfec1a
+        return NULL;
cfec1a
+    *p = 0;
cfec1a
+    p = line;
cfec1a
+    while (isspace(*p))
cfec1a
+        p++;
cfec1a
+    if (!strcmp(p, "SHA1"))
cfec1a
+        return EVP_sha1();
cfec1a
+    else if (!strcmp(p, "SHA224"))
cfec1a
+        return EVP_sha224();
cfec1a
+    else if (!strcmp(p, "SHA256"))
cfec1a
+        return EVP_sha256();
cfec1a
+    else if (!strcmp(p, "SHA384"))
cfec1a
+        return EVP_sha384();
cfec1a
+    else if (!strcmp(p, "SHA512"))
cfec1a
+        return EVP_sha512();
cfec1a
+    else
cfec1a
+        return NULL;
cfec1a
+}
cfec1a
+
cfec1a
+static int lookup_curve2(char *cname)
cfec1a
+{
cfec1a
+    char *p;
cfec1a
+    p = strchr(cname, ']');
cfec1a
+    if (!p) {
cfec1a
+        fprintf(stderr, "Parse error: missing ]\n");
cfec1a
+        return NID_undef;
cfec1a
+    }
cfec1a
+    *p = 0;
cfec1a
+
cfec1a
+    if (!strcmp(cname, "B-163"))
cfec1a
+        return NID_sect163r2;
cfec1a
+    if (!strcmp(cname, "B-233"))
cfec1a
+        return NID_sect233r1;
cfec1a
+    if (!strcmp(cname, "B-283"))
cfec1a
+        return NID_sect283r1;
cfec1a
+    if (!strcmp(cname, "B-409"))
cfec1a
+        return NID_sect409r1;
cfec1a
+    if (!strcmp(cname, "B-571"))
cfec1a
+        return NID_sect571r1;
cfec1a
+    if (!strcmp(cname, "K-163"))
cfec1a
+        return NID_sect163k1;
cfec1a
+    if (!strcmp(cname, "K-233"))
cfec1a
+        return NID_sect233k1;
cfec1a
+    if (!strcmp(cname, "K-283"))
cfec1a
+        return NID_sect283k1;
cfec1a
+    if (!strcmp(cname, "K-409"))
cfec1a
+        return NID_sect409k1;
cfec1a
+    if (!strcmp(cname, "K-571"))
cfec1a
+        return NID_sect571k1;
cfec1a
+    if (!strcmp(cname, "P-192"))
cfec1a
+        return NID_X9_62_prime192v1;
cfec1a
+    if (!strcmp(cname, "P-224"))
cfec1a
+        return NID_secp224r1;
cfec1a
+    if (!strcmp(cname, "P-256"))
cfec1a
+        return NID_X9_62_prime256v1;
cfec1a
+    if (!strcmp(cname, "P-384"))
cfec1a
+        return NID_secp384r1;
cfec1a
+    if (!strcmp(cname, "P-521"))
cfec1a
+        return NID_secp521r1;
cfec1a
+
cfec1a
+    fprintf(stderr, "Unknown Curve name %s\n", cname);
cfec1a
+    return NID_undef;
cfec1a
+}
cfec1a
+
cfec1a
+static int lookup_curve(char *cname)
cfec1a
+{
cfec1a
+    char *p;
cfec1a
+    p = strchr(cname, ':');
cfec1a
+    if (!p) {
cfec1a
+        fprintf(stderr, "Parse error: missing :\n");
cfec1a
+        return NID_undef;
cfec1a
+    }
cfec1a
+    cname = p + 1;
cfec1a
+    while (isspace(*cname))
cfec1a
+        cname++;
cfec1a
+    return lookup_curve2(cname);
cfec1a
+}
cfec1a
+
cfec1a
+static EC_POINT *make_peer(EC_GROUP *group, BIGNUM *x, BIGNUM *y)
cfec1a
+{
cfec1a
+    EC_POINT *peer;
cfec1a
+    int rv;
cfec1a
+    BN_CTX *c;
cfec1a
+    peer = EC_POINT_new(group);
cfec1a
+    if (!peer)
cfec1a
+        return NULL;
cfec1a
+    c = BN_CTX_new();
cfec1a
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
cfec1a
+        == NID_X9_62_prime_field)
cfec1a
+        rv = EC_POINT_set_affine_coordinates_GFp(group, peer, x, y, c);
cfec1a
+    else
cfec1a
+# ifdef OPENSSL_NO_EC2M
cfec1a
+    {
cfec1a
+        fprintf(stderr, "ERROR: GF2m not supported\n");
cfec1a
+        exit(1);
cfec1a
+    }
cfec1a
+# else
cfec1a
+        rv = EC_POINT_set_affine_coordinates_GF2m(group, peer, x, y, c);
cfec1a
+# endif
cfec1a
+
cfec1a
+    BN_CTX_free(c);
cfec1a
+    if (rv)
cfec1a
+        return peer;
cfec1a
+    EC_POINT_free(peer);
cfec1a
+    return NULL;
cfec1a
+}
cfec1a
+
cfec1a
+static int ec_print_key(FILE *out, EC_KEY *key, int add_e, int exout)
cfec1a
+{
cfec1a
+    const EC_POINT *pt;
cfec1a
+    const EC_GROUP *grp;
cfec1a
+    const EC_METHOD *meth;
cfec1a
+    int rv;
cfec1a
+    BIGNUM *tx, *ty;
cfec1a
+    const BIGNUM *d = NULL;
cfec1a
+    BN_CTX *ctx;
cfec1a
+    ctx = BN_CTX_new();
cfec1a
+    if (!ctx)
cfec1a
+        return 0;
cfec1a
+    tx = BN_CTX_get(ctx);
cfec1a
+    ty = BN_CTX_get(ctx);
cfec1a
+    if (!tx || !ty)
cfec1a
+        return 0;
cfec1a
+    grp = EC_KEY_get0_group(key);
cfec1a
+    pt = EC_KEY_get0_public_key(key);
cfec1a
+    if (exout)
cfec1a
+        d = EC_KEY_get0_private_key(key);
cfec1a
+    meth = EC_GROUP_method_of(grp);
cfec1a
+    if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
cfec1a
+        rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, tx, ty, ctx);
cfec1a
+    else
cfec1a
+# ifdef OPENSSL_NO_EC2M
cfec1a
+    {
cfec1a
+        fprintf(stderr, "ERROR: GF2m not supported\n");
cfec1a
+        exit(1);
cfec1a
+    }
cfec1a
+# else
cfec1a
+        rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, tx, ty, ctx);
cfec1a
+# endif
cfec1a
+
cfec1a
+    if (add_e) {
cfec1a
+        do_bn_print_name(out, "QeIUTx", tx);
cfec1a
+        do_bn_print_name(out, "QeIUTy", ty);
cfec1a
+        if (d)
cfec1a
+            do_bn_print_name(out, "QeIUTd", d);
cfec1a
+    } else {
cfec1a
+        do_bn_print_name(out, "QIUTx", tx);
cfec1a
+        do_bn_print_name(out, "QIUTy", ty);
cfec1a
+        if (d)
cfec1a
+            do_bn_print_name(out, "QIUTd", d);
cfec1a
+    }
cfec1a
+
cfec1a
+    BN_CTX_free(ctx);
cfec1a
+
cfec1a
+    return rv;
cfec1a
+
cfec1a
+}
cfec1a
+
cfec1a
+static void ec_output_Zhash(FILE *out, int exout, EC_GROUP *group,
cfec1a
+                            BIGNUM *ix, BIGNUM *iy, BIGNUM *id, BIGNUM *cx,
cfec1a
+                            BIGNUM *cy, const EVP_MD *md,
cfec1a
+                            unsigned char *rhash, size_t rhashlen)
cfec1a
+{
cfec1a
+    EC_KEY *ec = NULL;
cfec1a
+    EC_POINT *peerkey = NULL;
cfec1a
+    unsigned char *Z;
cfec1a
+    unsigned char chash[EVP_MAX_MD_SIZE];
cfec1a
+    int Zlen;
cfec1a
+    ec = EC_KEY_new();
cfec1a
+    EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH);
cfec1a
+    EC_KEY_set_group(ec, group);
cfec1a
+    peerkey = make_peer(group, cx, cy);
cfec1a
+    if (rhash == NULL) {
cfec1a
+        if (md)
cfec1a
+            rhashlen = M_EVP_MD_size(md);
cfec1a
+        EC_KEY_generate_key(ec);
cfec1a
+        ec_print_key(out, ec, md ? 1 : 0, exout);
cfec1a
+    } else {
cfec1a
+        EC_KEY_set_public_key_affine_coordinates(ec, ix, iy);
cfec1a
+        EC_KEY_set_private_key(ec, id);
cfec1a
+    }
cfec1a
+    Zlen = (EC_GROUP_get_degree(group) + 7) / 8;
cfec1a
+    Z = OPENSSL_malloc(Zlen);
cfec1a
+    if (!Z)
cfec1a
+        exit(1);
cfec1a
+    ECDH_compute_key(Z, Zlen, peerkey, ec, 0);
cfec1a
+    if (md) {
cfec1a
+        if (exout)
cfec1a
+            OutputValue("Z", Z, Zlen, out, 0);
cfec1a
+        FIPS_digest(Z, Zlen, chash, NULL, md);
cfec1a
+        OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0);
cfec1a
+        if (rhash) {
cfec1a
+            fprintf(out, "Result = %s\n",
cfec1a
+                    memcmp(chash, rhash, rhashlen) ? "F" : "P");
cfec1a
+        }
cfec1a
+    } else
cfec1a
+        OutputValue("ZIUT", Z, Zlen, out, 0);
cfec1a
+    OPENSSL_cleanse(Z, Zlen);
cfec1a
+    OPENSSL_free(Z);
cfec1a
+    EC_KEY_free(ec);
cfec1a
+    EC_POINT_free(peerkey);
cfec1a
+}
cfec1a
+
cfec1a
+# ifdef FIPS_ALGVS
cfec1a
+int fips_ecdhvs_main(int argc, char **argv)
cfec1a
+# else
cfec1a
+int main(int argc, char **argv)
cfec1a
+# endif
cfec1a
+{
cfec1a
+    char **args = argv + 1;
cfec1a
+    int argn = argc - 1;
cfec1a
+    FILE *in, *out;
cfec1a
+    char buf[2048], lbuf[2048];
cfec1a
+    unsigned char *rhash = NULL;
cfec1a
+    long rhashlen;
cfec1a
+    BIGNUM *cx = NULL, *cy = NULL;
cfec1a
+    BIGNUM *id = NULL, *ix = NULL, *iy = NULL;
cfec1a
+    const EVP_MD *md = NULL;
cfec1a
+    EC_GROUP *group = NULL;
cfec1a
+    char *keyword = NULL, *value = NULL;
cfec1a
+    int do_verify = -1, exout = 0;
cfec1a
+    int rv = 1;
cfec1a
+
cfec1a
+    int curve_nids[5] = { 0, 0, 0, 0, 0 };
cfec1a
+    int param_set = -1;
cfec1a
+
cfec1a
+    fips_algtest_init();
cfec1a
+
cfec1a
+    if (argn && !strcmp(*args, "ecdhver")) {
cfec1a
+        do_verify = 1;
cfec1a
+        args++;
cfec1a
+        argn--;
cfec1a
+    } else if (argn && !strcmp(*args, "ecdhgen")) {
cfec1a
+        do_verify = 0;
cfec1a
+        args++;
cfec1a
+        argn--;
cfec1a
+    }
cfec1a
+
cfec1a
+    if (argn && !strcmp(*args, "-exout")) {
cfec1a
+        exout = 1;
cfec1a
+        args++;
cfec1a
+        argn--;
cfec1a
+    }
cfec1a
+
cfec1a
+    if (do_verify == -1) {
cfec1a
+        fprintf(stderr, "%s [ecdhver|ecdhgen|] [-exout] (infile outfile)\n",
cfec1a
+                argv[0]);
cfec1a
+        exit(1);
cfec1a
+    }
cfec1a
+
cfec1a
+    if (argn == 2) {
cfec1a
+        in = fopen(*args, "r");
cfec1a
+        if (!in) {
cfec1a
+            fprintf(stderr, "Error opening input file\n");
cfec1a
+            exit(1);
cfec1a
+        }
cfec1a
+        out = fopen(args[1], "w");
cfec1a
+        if (!out) {
cfec1a
+            fprintf(stderr, "Error opening output file\n");
cfec1a
+            exit(1);
cfec1a
+        }
cfec1a
+    } else if (argn == 0) {
cfec1a
+        in = stdin;
cfec1a
+        out = stdout;
cfec1a
+    } else {
cfec1a
+        fprintf(stderr, "%s [dhver|dhgen|] [-exout] (infile outfile)\n",
cfec1a
+                argv[0]);
cfec1a
+        exit(1);
cfec1a
+    }
cfec1a
+
cfec1a
+    while (fgets(buf, sizeof(buf), in) != NULL) {
cfec1a
+        fputs(buf, out);
cfec1a
+        if (buf[0] == '[' && buf[1] == 'E') {
cfec1a
+            int c = buf[2];
cfec1a
+            if (c < 'A' || c > 'E')
cfec1a
+                goto parse_error;
cfec1a
+            param_set = c - 'A';
cfec1a
+            /* If just [E?] then initial paramset */
cfec1a
+            if (buf[3] == ']')
cfec1a
+                continue;
cfec1a
+            if (group)
cfec1a
+                EC_GROUP_free(group);
cfec1a
+            group = EC_GROUP_new_by_curve_name(curve_nids[c - 'A']);
cfec1a
+        }
cfec1a
+        if (strlen(buf) > 10 && !strncmp(buf, "[Curve", 6)) {
cfec1a
+            int nid;
cfec1a
+            if (param_set == -1)
cfec1a
+                goto parse_error;
cfec1a
+            nid = lookup_curve(buf);
cfec1a
+            if (nid == NID_undef)
cfec1a
+                goto parse_error;
cfec1a
+            curve_nids[param_set] = nid;
cfec1a
+        }
cfec1a
+
cfec1a
+        if (strlen(buf) > 4 && buf[0] == '[' && buf[2] == '-') {
cfec1a
+            int nid = lookup_curve2(buf + 1);
cfec1a
+            if (nid == NID_undef)
cfec1a
+                goto parse_error;
cfec1a
+            if (group)
cfec1a
+                EC_GROUP_free(group);
cfec1a
+            group = EC_GROUP_new_by_curve_name(nid);
cfec1a
+            if (!group) {
cfec1a
+                fprintf(stderr, "ERROR: unsupported curve %s\n", buf + 1);
cfec1a
+                return 1;
cfec1a
+            }
cfec1a
+        }
cfec1a
+
cfec1a
+        if (strlen(buf) > 6 && !strncmp(buf, "[E", 2)) {
cfec1a
+            md = eparse_md(buf);
cfec1a
+            if (md == NULL)
cfec1a
+                goto parse_error;
cfec1a
+            continue;
cfec1a
+        }
cfec1a
+        if (!parse_line(&keyword, &value, lbuf, buf))
cfec1a
+            continue;
cfec1a
+        if (!strcmp(keyword, "QeCAVSx") || !strcmp(keyword, "QCAVSx")) {
cfec1a
+            if (!do_hex2bn(&cx, value))
cfec1a
+                goto parse_error;
cfec1a
+        } else if (!strcmp(keyword, "QeCAVSy") || !strcmp(keyword, "QCAVSy")) {
cfec1a
+            if (!do_hex2bn(&cy, value))
cfec1a
+                goto parse_error;
cfec1a
+            if (do_verify == 0)
cfec1a
+                ec_output_Zhash(out, exout, group,
cfec1a
+                                NULL, NULL, NULL,
cfec1a
+                                cx, cy, md, rhash, rhashlen);
cfec1a
+        } else if (!strcmp(keyword, "deIUT")) {
cfec1a
+            if (!do_hex2bn(&id, value))
cfec1a
+                goto parse_error;
cfec1a
+        } else if (!strcmp(keyword, "QeIUTx")) {
cfec1a
+            if (!do_hex2bn(&ix, value))
cfec1a
+                goto parse_error;
cfec1a
+        } else if (!strcmp(keyword, "QeIUTy")) {
cfec1a
+            if (!do_hex2bn(&iy, value))
cfec1a
+                goto parse_error;
cfec1a
+        } else if (!strcmp(keyword, "CAVSHashZZ")) {
cfec1a
+            if (!md)
cfec1a
+                goto parse_error;
cfec1a
+            rhash = hex2bin_m(value, &rhashlen);
cfec1a
+            if (!rhash || rhashlen != M_EVP_MD_size(md))
cfec1a
+                goto parse_error;
cfec1a
+            ec_output_Zhash(out, exout, group, ix, iy, id, cx, cy,
cfec1a
+                            md, rhash, rhashlen);
cfec1a
+        }
cfec1a
+    }
cfec1a
+    rv = 0;
cfec1a
+ parse_error:
cfec1a
+    if (id)
cfec1a
+        BN_free(id);
cfec1a
+    if (ix)
cfec1a
+        BN_free(ix);
cfec1a
+    if (iy)
cfec1a
+        BN_free(iy);
cfec1a
+    if (cx)
cfec1a
+        BN_free(cx);
cfec1a
+    if (cy)
cfec1a
+        BN_free(cy);
cfec1a
+    if (group)
cfec1a
+        EC_GROUP_free(group);
cfec1a
+    if (in && in != stdin)
cfec1a
+        fclose(in);
cfec1a
+    if (out && out != stdout)
cfec1a
+        fclose(out);
cfec1a
+    if (rv)
cfec1a
+        fprintf(stderr, "Error Parsing request file\n");
cfec1a
+    return rv;
cfec1a
+}
cfec1a
+
cfec1a
+#endif
cfec1a
diff -up openssl-1.0.2a/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.2a/crypto/fips/cavs/fips_ecdsavs.c
cfec1a
--- openssl-1.0.2a/crypto/fips/cavs/fips_ecdsavs.c.fips-ec	2015-04-22 19:00:19.723884560 +0200
cfec1a
+++ openssl-1.0.2a/crypto/fips/cavs/fips_ecdsavs.c	2015-04-22 19:00:19.723884560 +0200
cfec1a
@@ -0,0 +1,486 @@
cfec1a
+/* fips/ecdsa/fips_ecdsavs.c */
cfec1a
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
cfec1a
+ * project.
cfec1a
+ */
cfec1a
+/* ====================================================================
cfec1a
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
cfec1a
+ *
cfec1a
+ * Redistribution and use in source and binary forms, with or without
cfec1a
+ * modification, are permitted provided that the following conditions
cfec1a
+ * are met:
cfec1a
+ *
cfec1a
+ * 1. Redistributions of source code must retain the above copyright
cfec1a
+ *    notice, this list of conditions and the following disclaimer. 
cfec1a
+ *
cfec1a
+ * 2. Redistributions in binary form must reproduce the above copyright
cfec1a
+ *    notice, this list of conditions and the following disclaimer in
cfec1a
+ *    the documentation and/or other materials provided with the
cfec1a
+ *    distribution.
cfec1a
+ *
cfec1a
+ * 3. All advertising materials mentioning features or use of this
cfec1a
+ *    software must display the following acknowledgment:
cfec1a
+ *    "This product includes software developed by the OpenSSL Project
cfec1a
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
cfec1a
+ *
cfec1a
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
cfec1a
+ *    endorse or promote products derived from this software without
cfec1a
+ *    prior written permission. For written permission, please contact
cfec1a
+ *    licensing@OpenSSL.org.
cfec1a
+ *
cfec1a
+ * 5. Products derived from this software may not be called "OpenSSL"
cfec1a
+ *    nor may "OpenSSL" appear in their names without prior written
cfec1a
+ *    permission of the OpenSSL Project.
cfec1a
+ *
cfec1a
+ * 6. Redistributions of any form whatsoever must retain the following
cfec1a
+ *    acknowledgment:
cfec1a
+ *    "This product includes software developed by the OpenSSL Project
cfec1a
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
cfec1a
+ *
cfec1a
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
cfec1a
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
cfec1a
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
cfec1a
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
cfec1a
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
cfec1a
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
cfec1a
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
cfec1a
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
cfec1a
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
cfec1a
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
cfec1a
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
cfec1a
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
cfec1a
+ * ====================================================================
cfec1a
+ */
cfec1a
+
cfec1a
+#define OPENSSL_FIPSAPI
cfec1a
+#include <openssl/opensslconf.h>
cfec1a
+#include <stdio.h>
cfec1a
+
cfec1a
+#ifndef OPENSSL_FIPS
cfec1a
+
cfec1a
+int main(int argc, char **argv)
cfec1a
+{
cfec1a
+    printf("No FIPS ECDSA support\n");
cfec1a
+    return (0);
cfec1a
+}
cfec1a
+#else
cfec1a
+
cfec1a
+# include <string.h>
cfec1a
+# include <ctype.h>
cfec1a
+# include <openssl/err.h>
cfec1a
+# include <openssl/bn.h>
cfec1a
+# include <openssl/ecdsa.h>
cfec1a
+# include <openssl/evp.h>
cfec1a
+# include "fips_utl.h"
cfec1a
+
cfec1a
+# include <openssl/objects.h>
cfec1a
+
cfec1a
+static int elookup_curve(char *in, char *curve_name, const EVP_MD **pmd)
cfec1a
+{
cfec1a
+    char *cname, *p;
cfec1a
+    /* Copy buffer as we will change it */
cfec1a
+    strcpy(curve_name, in);
cfec1a
+    cname = curve_name + 1;
cfec1a
+    p = strchr(cname, ']');
cfec1a
+    if (!p) {
cfec1a
+        fprintf(stderr, "Parse error: missing ]\n");
cfec1a
+        return NID_undef;
cfec1a
+    }
cfec1a
+    *p = 0;
cfec1a
+    p = strchr(cname, ',');
cfec1a
+    if (p) {
cfec1a
+        if (!pmd) {
cfec1a
+            fprintf(stderr, "Parse error: unexpected digest\n");
cfec1a
+            return NID_undef;
cfec1a
+        }
cfec1a
+        *p = 0;
cfec1a
+        p++;
cfec1a
+
cfec1a
+        if (!strcmp(p, "SHA-1"))
cfec1a
+            *pmd = EVP_sha1();
cfec1a
+        else if (!strcmp(p, "SHA-224"))
cfec1a
+            *pmd = EVP_sha224();
cfec1a
+        else if (!strcmp(p, "SHA-256"))
cfec1a
+            *pmd = EVP_sha256();
cfec1a
+        else if (!strcmp(p, "SHA-384"))
cfec1a
+            *pmd = EVP_sha384();
cfec1a
+        else if (!strcmp(p, "SHA-512"))
cfec1a
+            *pmd = EVP_sha512();
cfec1a
+        else {
cfec1a
+            fprintf(stderr, "Unknown digest %s\n", p);
cfec1a
+            return NID_undef;
cfec1a
+        }
cfec1a
+    } else if (pmd)
cfec1a
+        *pmd = EVP_sha1();
cfec1a
+
cfec1a
+    if (!strcmp(cname, "B-163"))
cfec1a
+        return NID_sect163r2;
cfec1a
+    if (!strcmp(cname, "B-233"))
cfec1a
+        return NID_sect233r1;
cfec1a
+    if (!strcmp(cname, "B-283"))
cfec1a
+        return NID_sect283r1;
cfec1a
+    if (!strcmp(cname, "B-409"))
cfec1a
+        return NID_sect409r1;
cfec1a
+    if (!strcmp(cname, "B-571"))
cfec1a
+        return NID_sect571r1;
cfec1a
+    if (!strcmp(cname, "K-163"))
cfec1a
+        return NID_sect163k1;
cfec1a
+    if (!strcmp(cname, "K-233"))
cfec1a
+        return NID_sect233k1;
cfec1a
+    if (!strcmp(cname, "K-283"))
cfec1a
+        return NID_sect283k1;
cfec1a
+    if (!strcmp(cname, "K-409"))
cfec1a
+        return NID_sect409k1;
cfec1a
+    if (!strcmp(cname, "K-571"))
cfec1a
+        return NID_sect571k1;
cfec1a
+    if (!strcmp(cname, "P-192"))
cfec1a
+        return NID_X9_62_prime192v1;
cfec1a
+    if (!strcmp(cname, "P-224"))
cfec1a
+        return NID_secp224r1;
cfec1a
+    if (!strcmp(cname, "P-256"))
cfec1a
+        return NID_X9_62_prime256v1;
cfec1a
+    if (!strcmp(cname, "P-384"))
cfec1a
+        return NID_secp384r1;
cfec1a
+    if (!strcmp(cname, "P-521"))
cfec1a
+        return NID_secp521r1;
cfec1a
+
cfec1a
+    fprintf(stderr, "Unknown Curve name %s\n", cname);
cfec1a
+    return NID_undef;
cfec1a
+}
cfec1a
+
cfec1a
+static int ec_get_pubkey(EC_KEY *key, BIGNUM *x, BIGNUM *y)
cfec1a
+{
cfec1a
+    const EC_POINT *pt;
cfec1a
+    const EC_GROUP *grp;
cfec1a
+    const EC_METHOD *meth;
cfec1a
+    int rv;
cfec1a
+    BN_CTX *ctx;
cfec1a
+    ctx = BN_CTX_new();
cfec1a
+    if (!ctx)
cfec1a
+        return 0;
cfec1a
+    grp = EC_KEY_get0_group(key);
cfec1a
+    pt = EC_KEY_get0_public_key(key);
cfec1a
+    meth = EC_GROUP_method_of(grp);
cfec1a
+    if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
cfec1a
+        rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, x, y, ctx);
cfec1a
+    else
cfec1a
+# ifdef OPENSSL_NO_EC2M
cfec1a
+    {
cfec1a
+        fprintf(stderr, "ERROR: GF2m not supported\n");
cfec1a
+        exit(1);
cfec1a
+    }
cfec1a
+# else
cfec1a
+        rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, x, y, ctx);
cfec1a
+# endif
cfec1a
+
cfec1a
+    BN_CTX_free(ctx);
cfec1a
+
cfec1a
+    return rv;
cfec1a
+
cfec1a
+}
cfec1a
+
cfec1a
+static int KeyPair(FILE *in, FILE *out)
cfec1a
+{
cfec1a
+    char buf[2048], lbuf[2048];
cfec1a
+    char *keyword, *value;
cfec1a
+    int curve_nid = NID_undef;
cfec1a
+    int i, count;
cfec1a
+    BIGNUM *Qx = NULL, *Qy = NULL;
cfec1a
+    const BIGNUM *d = NULL;
cfec1a
+    EC_KEY *key = NULL;
cfec1a
+    Qx = BN_new();
cfec1a
+    Qy = BN_new();
cfec1a
+    while (fgets(buf, sizeof buf, in) != NULL) {
cfec1a
+        if (*buf == '[' && buf[2] == '-') {
cfec1a
+            if (buf[2] == '-')
cfec1a
+                curve_nid = elookup_curve(buf, lbuf, NULL);
cfec1a
+            fputs(buf, out);
cfec1a
+            continue;
cfec1a
+        }
cfec1a
+        if (!parse_line(&keyword, &value, lbuf, buf)) {
cfec1a
+            fputs(buf, out);
cfec1a
+            continue;
cfec1a
+        }
cfec1a
+        if (!strcmp(keyword, "N")) {
cfec1a
+            count = atoi(value);
cfec1a
+
cfec1a
+            for (i = 0; i < count; i++) {
cfec1a
+
cfec1a
+                key = EC_KEY_new_by_curve_name(curve_nid);
cfec1a
+                if (!EC_KEY_generate_key(key)) {
cfec1a
+                    fprintf(stderr, "Error generating key\n");
cfec1a
+                    return 0;
cfec1a
+                }
cfec1a
+
cfec1a
+                if (!ec_get_pubkey(key, Qx, Qy)) {
cfec1a
+                    fprintf(stderr, "Error getting public key\n");
cfec1a
+                    return 0;
cfec1a
+                }
cfec1a
+
cfec1a
+                d = EC_KEY_get0_private_key(key);
cfec1a
+
cfec1a
+                do_bn_print_name(out, "d", d);
cfec1a
+                do_bn_print_name(out, "Qx", Qx);
cfec1a
+                do_bn_print_name(out, "Qy", Qy);
cfec1a
+                fputs(RESP_EOL, out);
cfec1a
+                EC_KEY_free(key);
cfec1a
+
cfec1a
+            }
cfec1a
+
cfec1a
+        }
cfec1a
+
cfec1a
+    }
cfec1a
+    BN_free(Qx);
cfec1a
+    BN_free(Qy);
cfec1a
+    return 1;
cfec1a
+}
cfec1a
+
cfec1a
+static int PKV(FILE *in, FILE *out)
cfec1a
+{
cfec1a
+
cfec1a
+    char buf[2048], lbuf[2048];
cfec1a
+    char *keyword, *value;
cfec1a
+    int curve_nid = NID_undef;
cfec1a
+    BIGNUM *Qx = NULL, *Qy = NULL;
cfec1a
+    EC_KEY *key = NULL;
cfec1a
+    while (fgets(buf, sizeof buf, in) != NULL) {
cfec1a
+        fputs(buf, out);
cfec1a
+        if (*buf == '[' && buf[2] == '-') {
cfec1a
+            curve_nid = elookup_curve(buf, lbuf, NULL);
cfec1a
+            if (curve_nid == NID_undef)
cfec1a
+                return 0;
cfec1a
+
cfec1a
+        }
cfec1a
+        if (!parse_line(&keyword, &value, lbuf, buf))
cfec1a
+            continue;
cfec1a
+        if (!strcmp(keyword, "Qx")) {
cfec1a
+            if (!do_hex2bn(&Qx, value)) {
cfec1a
+                fprintf(stderr, "Invalid Qx value\n");
cfec1a
+                return 0;
cfec1a
+            }
cfec1a
+        }
cfec1a
+        if (!strcmp(keyword, "Qy")) {
cfec1a
+            int rv;
cfec1a
+            if (!do_hex2bn(&Qy, value)) {
cfec1a
+                fprintf(stderr, "Invalid Qy value\n");
cfec1a
+                return 0;
cfec1a
+            }
cfec1a
+            key = EC_KEY_new_by_curve_name(curve_nid);
cfec1a
+            no_err = 1;
cfec1a
+            rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
cfec1a
+            no_err = 0;
cfec1a
+            EC_KEY_free(key);
cfec1a
+            fprintf(out, "Result = %s" RESP_EOL, rv ? "P" : "F");
cfec1a
+        }
cfec1a
+
cfec1a
+    }
cfec1a
+    BN_free(Qx);
cfec1a
+    BN_free(Qy);
cfec1a
+    return 1;
cfec1a
+}
cfec1a
+
cfec1a
+static int SigGen(FILE *in, FILE *out)
cfec1a
+{
cfec1a
+    char buf[2048], lbuf[2048];
cfec1a
+    char *keyword, *value;
cfec1a
+    unsigned char *msg;
cfec1a
+    int curve_nid = NID_undef;
cfec1a
+    long mlen;
cfec1a
+    BIGNUM *Qx = NULL, *Qy = NULL;
cfec1a
+    EC_KEY *key = NULL;
cfec1a
+    ECDSA_SIG *sig = NULL;
cfec1a
+    const EVP_MD *digest = NULL;
cfec1a
+    Qx = BN_new();
cfec1a
+    Qy = BN_new();
cfec1a
+    while (fgets(buf, sizeof buf, in) != NULL) {
cfec1a
+        fputs(buf, out);
cfec1a
+        if (*buf == '[') {
cfec1a
+            curve_nid = elookup_curve(buf, lbuf, &digest);
cfec1a
+            if (curve_nid == NID_undef)
cfec1a
+                return 0;
cfec1a
+        }
cfec1a
+        if (!parse_line(&keyword, &value, lbuf, buf))
cfec1a
+            continue;
cfec1a
+        if (!strcmp(keyword, "Msg")) {
cfec1a
+            msg = hex2bin_m(value, &mlen);
cfec1a
+            if (!msg) {
cfec1a
+                fprintf(stderr, "Invalid Message\n");
cfec1a
+                return 0;
cfec1a
+            }
cfec1a
+
cfec1a
+            key = EC_KEY_new_by_curve_name(curve_nid);
cfec1a
+            if (!EC_KEY_generate_key(key)) {
cfec1a
+                fprintf(stderr, "Error generating key\n");
cfec1a
+                return 0;
cfec1a
+            }
cfec1a
+
cfec1a
+            if (!ec_get_pubkey(key, Qx, Qy)) {
cfec1a
+                fprintf(stderr, "Error getting public key\n");
cfec1a
+                return 0;
cfec1a
+            }
cfec1a
+
cfec1a
+            sig = FIPS_ecdsa_sign(key, msg, mlen, digest);
cfec1a
+
cfec1a
+            if (!sig) {
cfec1a
+                fprintf(stderr, "Error signing message\n");
cfec1a
+                return 0;
cfec1a
+            }
cfec1a
+
cfec1a
+            do_bn_print_name(out, "Qx", Qx);
cfec1a
+            do_bn_print_name(out, "Qy", Qy);
cfec1a
+            do_bn_print_name(out, "R", sig->r);
cfec1a
+            do_bn_print_name(out, "S", sig->s);
cfec1a
+
cfec1a
+            EC_KEY_free(key);
cfec1a
+            OPENSSL_free(msg);
cfec1a
+            FIPS_ecdsa_sig_free(sig);
cfec1a
+
cfec1a
+        }
cfec1a
+
cfec1a
+    }
cfec1a
+    BN_free(Qx);
cfec1a
+    BN_free(Qy);
cfec1a
+    return 1;
cfec1a
+}
cfec1a
+
cfec1a
+static int SigVer(FILE *in, FILE *out)
cfec1a
+{
cfec1a
+    char buf[2048], lbuf[2048];
cfec1a
+    char *keyword, *value;
cfec1a
+    unsigned char *msg = NULL;
cfec1a
+    int curve_nid = NID_undef;
cfec1a
+    long mlen;
cfec1a
+    BIGNUM *Qx = NULL, *Qy = NULL;
cfec1a
+    EC_KEY *key = NULL;
cfec1a
+    ECDSA_SIG sg, *sig = &sg;
cfec1a
+    const EVP_MD *digest = NULL;
cfec1a
+    sig->r = NULL;
cfec1a
+    sig->s = NULL;
cfec1a
+    while (fgets(buf, sizeof buf, in) != NULL) {
cfec1a
+        fputs(buf, out);
cfec1a
+        if (*buf == '[') {
cfec1a
+            curve_nid = elookup_curve(buf, lbuf, &digest);
cfec1a
+            if (curve_nid == NID_undef)
cfec1a
+                return 0;
cfec1a
+        }
cfec1a
+        if (!parse_line(&keyword, &value, lbuf, buf))
cfec1a
+            continue;
cfec1a
+        if (!strcmp(keyword, "Msg")) {
cfec1a
+            msg = hex2bin_m(value, &mlen);
cfec1a
+            if (!msg) {
cfec1a
+                fprintf(stderr, "Invalid Message\n");
cfec1a
+                return 0;
cfec1a
+            }
cfec1a
+        }
cfec1a
+
cfec1a
+        if (!strcmp(keyword, "Qx")) {
cfec1a
+            if (!do_hex2bn(&Qx, value)) {
cfec1a
+                fprintf(stderr, "Invalid Qx value\n");
cfec1a
+                return 0;
cfec1a
+            }
cfec1a
+        }
cfec1a
+        if (!strcmp(keyword, "Qy")) {
cfec1a
+            if (!do_hex2bn(&Qy, value)) {
cfec1a
+                fprintf(stderr, "Invalid Qy value\n");
cfec1a
+                return 0;
cfec1a
+            }
cfec1a
+        }
cfec1a
+        if (!strcmp(keyword, "R")) {
cfec1a
+            if (!do_hex2bn(&sig->r, value)) {
cfec1a
+                fprintf(stderr, "Invalid R value\n");
cfec1a
+                return 0;
cfec1a
+            }
cfec1a
+        }
cfec1a
+        if (!strcmp(keyword, "S")) {
cfec1a
+            int rv;
cfec1a
+            if (!do_hex2bn(&sig->s, value)) {
cfec1a
+                fprintf(stderr, "Invalid S value\n");
cfec1a
+                return 0;
cfec1a
+            }
cfec1a
+            key = EC_KEY_new_by_curve_name(curve_nid);
cfec1a
+            rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
cfec1a
+
cfec1a
+            if (rv != 1) {
cfec1a
+                fprintf(stderr, "Error setting public key\n");
cfec1a
+                return 0;
cfec1a
+            }
cfec1a
+
cfec1a
+            no_err = 1;
cfec1a
+            rv = FIPS_ecdsa_verify(key, msg, mlen, digest, sig);
cfec1a
+            EC_KEY_free(key);
cfec1a
+            if (msg)
cfec1a
+                OPENSSL_free(msg);
cfec1a
+            no_err = 0;
cfec1a
+
cfec1a
+            fprintf(out, "Result = %s" RESP_EOL, rv ? "P" : "F");
cfec1a
+        }
cfec1a
+
cfec1a
+    }
cfec1a
+    if (sig->r)
cfec1a
+        BN_free(sig->r);
cfec1a
+    if (sig->s)
cfec1a
+        BN_free(sig->s);
cfec1a
+    if (Qx)
cfec1a
+        BN_free(Qx);
cfec1a
+    if (Qy)
cfec1a
+        BN_free(Qy);
cfec1a
+    return 1;
cfec1a
+}
cfec1a
+
cfec1a
+# ifdef FIPS_ALGVS
cfec1a
+int fips_ecdsavs_main(int argc, char **argv)
cfec1a
+# else
cfec1a
+int main(int argc, char **argv)
cfec1a
+# endif
cfec1a
+{
cfec1a
+    FILE *in = NULL, *out = NULL;
cfec1a
+    const char *cmd = argv[1];
cfec1a
+    int rv = 0;
cfec1a
+    fips_algtest_init();
cfec1a
+
cfec1a
+    if (argc == 4) {
cfec1a
+        in = fopen(argv[2], "r");
cfec1a
+        if (!in) {
cfec1a
+            fprintf(stderr, "Error opening input file\n");
cfec1a
+            exit(1);
cfec1a
+        }
cfec1a
+        out = fopen(argv[3], "w");
cfec1a
+        if (!out) {
cfec1a
+            fprintf(stderr, "Error opening output file\n");
cfec1a
+            exit(1);
cfec1a
+        }
cfec1a
+    } else if (argc == 2) {
cfec1a
+        in = stdin;
cfec1a
+        out = stdout;
cfec1a
+    }
cfec1a
+
cfec1a
+    if (!cmd) {
cfec1a
+        fprintf(stderr, "fips_ecdsavs [KeyPair|PKV|SigGen|SigVer]\n");
cfec1a
+        return 1;
cfec1a
+    }
cfec1a
+    if (!strcmp(cmd, "KeyPair"))
cfec1a
+        rv = KeyPair(in, out);
cfec1a
+    else if (!strcmp(cmd, "PKV"))
cfec1a
+        rv = PKV(in, out);
cfec1a
+    else if (!strcmp(cmd, "SigVer"))
cfec1a
+        rv = SigVer(in, out);
cfec1a
+    else if (!strcmp(cmd, "SigGen"))
cfec1a
+        rv = SigGen(in, out);
cfec1a
+    else {
cfec1a
+        fprintf(stderr, "Unknown command %s\n", cmd);
cfec1a
+        return 1;
cfec1a
+    }
cfec1a
+
cfec1a
+    if (argc == 4) {
cfec1a
+        fclose(in);
cfec1a
+        fclose(out);
cfec1a
+    }
cfec1a
+
cfec1a
+    if (rv <= 0) {
cfec1a
+        fprintf(stderr, "Error running %s\n", cmd);
cfec1a
+        return 1;
cfec1a
+    }
cfec1a
+
cfec1a
+    return 0;
cfec1a
+}
cfec1a
+
cfec1a
+#endif
cfec1a
diff -up openssl-1.0.2a/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.2a/crypto/fips/fips_ecdh_selftest.c
cfec1a
--- openssl-1.0.2a/crypto/fips/fips_ecdh_selftest.c.fips-ec	2015-04-22 19:00:19.724884583 +0200
cfec1a
+++ openssl-1.0.2a/crypto/fips/fips_ecdh_selftest.c	2015-04-22 19:00:19.724884583 +0200
cfec1a
@@ -0,0 +1,242 @@
cfec1a
+/* fips/ecdh/fips_ecdh_selftest.c */
cfec1a
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
cfec1a
+ * project 2011.
cfec1a
+ */
cfec1a
+/* ====================================================================
cfec1a
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
cfec1a
+ *
cfec1a
+ * Redistribution and use in source and binary forms, with or without
cfec1a
+ * modification, are permitted provided that the following conditions
cfec1a
+ * are met:
cfec1a
+ *
cfec1a
+ * 1. Redistributions of source code must retain the above copyright
cfec1a
+ *    notice, this list of conditions and the following disclaimer. 
cfec1a
+ *
cfec1a
+ * 2. Redistributions in binary form must reproduce the above copyright
cfec1a
+ *    notice, this list of conditions and the following disclaimer in
cfec1a
+ *    the documentation and/or other materials provided with the
cfec1a
+ *    distribution.
cfec1a
+ *
cfec1a
+ * 3. All advertising materials mentioning features or use of this
cfec1a
+ *    software must display the following acknowledgment:
cfec1a
+ *    "This product includes software developed by the OpenSSL Project
cfec1a
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
cfec1a
+ *
cfec1a
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
cfec1a
+ *    endorse or promote products derived from this software without
cfec1a
+ *    prior written permission. For written permission, please contact
cfec1a
+ *    licensing@OpenSSL.org.
cfec1a
+ *
cfec1a
+ * 5. Products derived from this software may not be called "OpenSSL"
cfec1a
+ *    nor may "OpenSSL" appear in their names without prior written
cfec1a
+ *    permission of the OpenSSL Project.
cfec1a
+ *
cfec1a
+ * 6. Redistributions of any form whatsoever must retain the following
cfec1a
+ *    acknowledgment:
cfec1a
+ *    "This product includes software developed by the OpenSSL Project
cfec1a
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
cfec1a
+ *
cfec1a
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
cfec1a
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
cfec1a
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
cfec1a
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
cfec1a
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
cfec1a
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
cfec1a
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
cfec1a
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
cfec1a
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
cfec1a
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
cfec1a
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
cfec1a
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
cfec1a
+ * ====================================================================
cfec1a
+ *
cfec1a
+ */
cfec1a
+
cfec1a
+#define OPENSSL_FIPSAPI
cfec1a
+
cfec1a
+#include <string.h>
cfec1a
+#include <openssl/crypto.h>
cfec1a
+#include <openssl/ec.h>
cfec1a
+#include <openssl/ecdh.h>
cfec1a
+#include <openssl/fips.h>
cfec1a
+#include <openssl/err.h>
cfec1a
+#include <openssl/evp.h>
cfec1a
+#include <openssl/bn.h>
cfec1a
+
cfec1a
+#ifdef OPENSSL_FIPS
cfec1a
+
cfec1a
+# include "fips_locl.h"
cfec1a
+
cfec1a
+static const unsigned char p256_qcavsx[] = {
cfec1a
+    0x52, 0xc6, 0xa5, 0x75, 0xf3, 0x04, 0x98, 0xb3, 0x29, 0x66, 0x0c, 0x62,
cfec1a
+    0x18, 0x60, 0x55, 0x41, 0x59, 0xd4, 0x60, 0x85, 0x99, 0xc1, 0x51, 0x13,
cfec1a
+    0x6f, 0x97, 0x85, 0x93, 0x33, 0x34, 0x07, 0x50
cfec1a
+};
cfec1a
+
cfec1a
+static const unsigned char p256_qcavsy[] = {
cfec1a
+    0x6f, 0x69, 0x24, 0xeb, 0xe9, 0x3b, 0xa7, 0xcc, 0x47, 0x17, 0xaa, 0x3f,
cfec1a
+    0x70, 0xfc, 0x10, 0x73, 0x0a, 0xcd, 0x21, 0xee, 0x29, 0x19, 0x1f, 0xaf,
cfec1a
+    0xb4, 0x1c, 0x1e, 0xc2, 0x8e, 0x97, 0x81, 0x6e
cfec1a
+};
cfec1a
+
cfec1a
+static const unsigned char p256_qiutx[] = {
cfec1a
+    0x71, 0x46, 0x88, 0x08, 0x92, 0x21, 0x1b, 0x10, 0x21, 0x74, 0xff, 0x0c,
cfec1a
+    0x94, 0xde, 0x34, 0x7c, 0x86, 0x74, 0xbe, 0x67, 0x41, 0x68, 0xd4, 0xc1,
cfec1a
+    0xe5, 0x75, 0x63, 0x9c, 0xa7, 0x46, 0x93, 0x6f
cfec1a
+};
cfec1a
+
cfec1a
+static const unsigned char p256_qiuty[] = {
cfec1a
+    0x33, 0x40, 0xa9, 0x6a, 0xf5, 0x20, 0xb5, 0x9e, 0xfc, 0x60, 0x1a, 0xae,
cfec1a
+    0x3d, 0xf8, 0x21, 0xd2, 0xa7, 0xca, 0x52, 0x34, 0xb9, 0x5f, 0x27, 0x75,
cfec1a
+    0x6c, 0x81, 0xbe, 0x32, 0x4d, 0xba, 0xbb, 0xf8
cfec1a
+};
cfec1a
+
cfec1a
+static const unsigned char p256_qiutd[] = {
cfec1a
+    0x1a, 0x48, 0x55, 0x6b, 0x11, 0xbe, 0x92, 0xd4, 0x1c, 0xd7, 0x45, 0xc3,
cfec1a
+    0x82, 0x81, 0x51, 0xf1, 0x23, 0x40, 0xb7, 0x83, 0xfd, 0x01, 0x6d, 0xbc,
cfec1a
+    0xa1, 0x66, 0xaf, 0x0a, 0x03, 0x23, 0xcd, 0xc8
cfec1a
+};
cfec1a
+
cfec1a
+static const unsigned char p256_ziut[] = {
cfec1a
+    0x77, 0x2a, 0x1e, 0x37, 0xee, 0xe6, 0x51, 0x02, 0x71, 0x40, 0xf8, 0x6a,
cfec1a
+    0x36, 0xf8, 0x65, 0x61, 0x2b, 0x18, 0x71, 0x82, 0x23, 0xe6, 0xf2, 0x77,
cfec1a
+    0xce, 0xec, 0xb8, 0x49, 0xc7, 0xbf, 0x36, 0x4f
cfec1a
+};
cfec1a
+
cfec1a
+typedef struct {
cfec1a
+    int curve;
cfec1a
+    const unsigned char *x1;
cfec1a
+    size_t x1len;
cfec1a
+    const unsigned char *y1;
cfec1a
+    size_t y1len;
cfec1a
+    const unsigned char *d1;
cfec1a
+    size_t d1len;
cfec1a
+    const unsigned char *x2;
cfec1a
+    size_t x2len;
cfec1a
+    const unsigned char *y2;
cfec1a
+    size_t y2len;
cfec1a
+    const unsigned char *z;
cfec1a
+    size_t zlen;
cfec1a
+} ECDH_SELFTEST_DATA;
cfec1a
+
cfec1a
+# define make_ecdh_test(nid, pr) { nid, \
cfec1a
+                                pr##_qiutx, sizeof(pr##_qiutx), \
cfec1a
+                                pr##_qiuty, sizeof(pr##_qiuty), \
cfec1a
+                                pr##_qiutd, sizeof(pr##_qiutd), \
cfec1a
+                                pr##_qcavsx, sizeof(pr##_qcavsx), \
cfec1a
+                                pr##_qcavsy, sizeof(pr##_qcavsy), \
cfec1a
+                                pr##_ziut, sizeof(pr##_ziut) }
cfec1a
+
cfec1a
+static ECDH_SELFTEST_DATA test_ecdh_data[] = {
cfec1a
+    make_ecdh_test(NID_X9_62_prime256v1, p256),
cfec1a
+};
cfec1a
+
cfec1a
+int FIPS_selftest_ecdh(void)
cfec1a
+{
cfec1a
+    EC_KEY *ec1 = NULL, *ec2 = NULL;
cfec1a
+    const EC_POINT *ecp = NULL;
cfec1a
+    BIGNUM *x = NULL, *y = NULL, *d = NULL;
cfec1a
+    unsigned char *ztmp = NULL;
cfec1a
+    int rv = 1;
cfec1a
+    size_t i;
cfec1a
+
cfec1a
+    for (i = 0; i < sizeof(test_ecdh_data) / sizeof(ECDH_SELFTEST_DATA); i++) {
cfec1a
+        ECDH_SELFTEST_DATA *ecd = test_ecdh_data + i;
cfec1a
+        if (!fips_post_started(FIPS_TEST_ECDH, ecd->curve, 0))
cfec1a
+            continue;
cfec1a
+        ztmp = OPENSSL_malloc(ecd->zlen);
cfec1a
+
cfec1a
+        x = BN_bin2bn(ecd->x1, ecd->x1len, x);
cfec1a
+        y = BN_bin2bn(ecd->y1, ecd->y1len, y);
cfec1a
+        d = BN_bin2bn(ecd->d1, ecd->d1len, d);
cfec1a
+
cfec1a
+        if (!x || !y || !d || !ztmp) {
cfec1a
+            rv = -1;
cfec1a
+            goto err;
cfec1a
+        }
cfec1a
+
cfec1a
+        ec1 = EC_KEY_new_by_curve_name(ecd->curve);
cfec1a
+        if (!ec1) {
cfec1a
+            rv = -1;
cfec1a
+            goto err;
cfec1a
+        }
cfec1a
+        EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
cfec1a
+
cfec1a
+        if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y)) {
cfec1a
+            rv = -1;
cfec1a
+            goto err;
cfec1a
+        }
cfec1a
+
cfec1a
+        if (!EC_KEY_set_private_key(ec1, d)) {
cfec1a
+            rv = -1;
cfec1a
+            goto err;
cfec1a
+        }
cfec1a
+
cfec1a
+        x = BN_bin2bn(ecd->x2, ecd->x2len, x);
cfec1a
+        y = BN_bin2bn(ecd->y2, ecd->y2len, y);
cfec1a
+
cfec1a
+        if (!x || !y) {
cfec1a
+            rv = -1;
cfec1a
+            goto err;
cfec1a
+        }
cfec1a
+
cfec1a
+        ec2 = EC_KEY_new_by_curve_name(ecd->curve);
cfec1a
+        if (!ec2) {
cfec1a
+            rv = -1;
cfec1a
+            goto err;
cfec1a
+        }
cfec1a
+        EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
cfec1a
+
cfec1a
+        if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y)) {
cfec1a
+            rv = -1;
cfec1a
+            goto err;
cfec1a
+        }
cfec1a
+
cfec1a
+        ecp = EC_KEY_get0_public_key(ec2);
cfec1a
+        if (!ecp) {
cfec1a
+            rv = -1;
cfec1a
+            goto err;
cfec1a
+        }
cfec1a
+
cfec1a
+        if (!ECDH_compute_key(ztmp, ecd->zlen, ecp, ec1, 0)) {
cfec1a
+            rv = -1;
cfec1a
+            goto err;
cfec1a
+        }
cfec1a
+
cfec1a
+        if (!fips_post_corrupt(FIPS_TEST_ECDH, ecd->curve, NULL))
cfec1a
+            ztmp[0] ^= 0x1;
cfec1a
+
cfec1a
+        if (memcmp(ztmp, ecd->z, ecd->zlen)) {
cfec1a
+            fips_post_failed(FIPS_TEST_ECDH, ecd->curve, 0);
cfec1a
+            rv = 0;
cfec1a
+        } else if (!fips_post_success(FIPS_TEST_ECDH, ecd->curve, 0))
cfec1a
+            goto err;
cfec1a
+
cfec1a
+        EC_KEY_free(ec1);
cfec1a
+        ec1 = NULL;
cfec1a
+        EC_KEY_free(ec2);
cfec1a
+        ec2 = NULL;
cfec1a
+        OPENSSL_free(ztmp);
cfec1a
+        ztmp = NULL;
cfec1a
+    }
cfec1a
+
cfec1a
+ err:
cfec1a
+
cfec1a
+    if (x)
cfec1a
+        BN_clear_free(x);
cfec1a
+    if (y)
cfec1a
+        BN_clear_free(y);
cfec1a
+    if (d)
cfec1a
+        BN_clear_free(d);
cfec1a
+    if (ec1)
cfec1a
+        EC_KEY_free(ec1);
cfec1a
+    if (ec2)
cfec1a
+        EC_KEY_free(ec2);
cfec1a
+    if (ztmp)
cfec1a
+        OPENSSL_free(ztmp);
cfec1a
+
cfec1a
+    return rv;
cfec1a
+
cfec1a
+}
cfec1a
+
cfec1a
+#endif
cfec1a
diff -up openssl-1.0.2a/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.2a/crypto/fips/fips_ecdsa_selftest.c
cfec1a
--- openssl-1.0.2a/crypto/fips/fips_ecdsa_selftest.c.fips-ec	2015-04-22 19:00:19.724884583 +0200
cfec1a
+++ openssl-1.0.2a/crypto/fips/fips_ecdsa_selftest.c	2015-04-22 19:00:19.724884583 +0200
cfec1a
@@ -0,0 +1,165 @@
cfec1a
+/* fips/ecdsa/fips_ecdsa_selftest.c */
cfec1a
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
cfec1a
+ * project 2011.
cfec1a
+ */
cfec1a
+/* ====================================================================
cfec1a
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
cfec1a
+ *
cfec1a
+ * Redistribution and use in source and binary forms, with or without
cfec1a
+ * modification, are permitted provided that the following conditions
cfec1a
+ * are met:
cfec1a
+ *
cfec1a
+ * 1. Redistributions of source code must retain the above copyright
cfec1a
+ *    notice, this list of conditions and the following disclaimer. 
cfec1a
+ *
cfec1a
+ * 2. Redistributions in binary form must reproduce the above copyright
cfec1a
+ *    notice, this list of conditions and the following disclaimer in
cfec1a
+ *    the documentation and/or other materials provided with the
cfec1a
+ *    distribution.
cfec1a
+ *
cfec1a
+ * 3. All advertising materials mentioning features or use of this
cfec1a
+ *    software must display the following acknowledgment:
cfec1a
+ *    "This product includes software developed by the OpenSSL Project
cfec1a
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
cfec1a
+ *
cfec1a
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
cfec1a
+ *    endorse or promote products derived from this software without
cfec1a
+ *    prior written permission. For written permission, please contact
cfec1a
+ *    licensing@OpenSSL.org.
cfec1a
+ *
cfec1a
+ * 5. Products derived from this software may not be called "OpenSSL"
cfec1a
+ *    nor may "OpenSSL" appear in their names without prior written
cfec1a
+ *    permission of the OpenSSL Project.
cfec1a
+ *
cfec1a
+ * 6. Redistributions of any form whatsoever must retain the following
cfec1a
+ *    acknowledgment:
cfec1a
+ *    "This product includes software developed by the OpenSSL Project
cfec1a
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
cfec1a
+ *
cfec1a
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
cfec1a
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
cfec1a
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
cfec1a
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
cfec1a
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
cfec1a
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
cfec1a
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
cfec1a
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
cfec1a
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
cfec1a
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
cfec1a
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
cfec1a
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
cfec1a
+ * ====================================================================
cfec1a
+ *
cfec1a
+ */
cfec1a
+
cfec1a
+#define OPENSSL_FIPSAPI
cfec1a
+
cfec1a
+#include <string.h>
cfec1a
+#include <openssl/crypto.h>
cfec1a
+#include <openssl/ec.h>
cfec1a
+#include <openssl/ecdsa.h>
cfec1a
+#include <openssl/fips.h>
cfec1a
+#include <openssl/err.h>
cfec1a
+#include <openssl/evp.h>
cfec1a
+#include <openssl/bn.h>
cfec1a
+
cfec1a
+#ifdef OPENSSL_FIPS
cfec1a
+
cfec1a
+static const char P_256_name[] = "ECDSA P-256";
cfec1a
+
cfec1a
+static const unsigned char P_256_d[] = {
cfec1a
+    0x51, 0xbd, 0x06, 0xa1, 0x1c, 0xda, 0xe2, 0x12, 0x99, 0xc9, 0x52, 0x3f,
cfec1a
+    0xea, 0xa4, 0xd2, 0xd1, 0xf4, 0x7f, 0xd4, 0x3e, 0xbd, 0xf8, 0xfc, 0x87,
cfec1a
+    0xdc, 0x82, 0x53, 0x21, 0xee, 0xa0, 0xdc, 0x64
cfec1a
+};
cfec1a
+
cfec1a
+static const unsigned char P_256_qx[] = {
cfec1a
+    0x23, 0x89, 0xe0, 0xf4, 0x69, 0xe0, 0x49, 0xe5, 0xc7, 0xe5, 0x40, 0x6e,
cfec1a
+    0x8f, 0x25, 0xdd, 0xad, 0x11, 0x16, 0x14, 0x9b, 0xab, 0x44, 0x06, 0x31,
cfec1a
+    0xbf, 0x5e, 0xa6, 0x44, 0xac, 0x86, 0x00, 0x07
cfec1a
+};
cfec1a
+
cfec1a
+static const unsigned char P_256_qy[] = {
cfec1a
+    0xb3, 0x05, 0x0d, 0xd0, 0xdc, 0xf7, 0x40, 0xe6, 0xf9, 0xd8, 0x6d, 0x7b,
cfec1a
+    0x63, 0xca, 0x97, 0xe6, 0x12, 0xf9, 0xd4, 0x18, 0x59, 0xbe, 0xb2, 0x5e,
cfec1a
+    0x4a, 0x6a, 0x77, 0x23, 0xf4, 0x11, 0x9d, 0xeb
cfec1a
+};
cfec1a
+
cfec1a
+typedef struct {
cfec1a
+    int curve;
cfec1a
+    const char *name;
cfec1a
+    const unsigned char *x;
cfec1a
+    size_t xlen;
cfec1a
+    const unsigned char *y;
cfec1a
+    size_t ylen;
cfec1a
+    const unsigned char *d;
cfec1a
+    size_t dlen;
cfec1a
+} EC_SELFTEST_DATA;
cfec1a
+
cfec1a
+# define make_ecdsa_test(nid, pr) { nid, pr##_name, \
cfec1a
+                                pr##_qx, sizeof(pr##_qx), \
cfec1a
+                                pr##_qy, sizeof(pr##_qy), \
cfec1a
+                                pr##_d, sizeof(pr##_d)}
cfec1a
+
cfec1a
+static EC_SELFTEST_DATA test_ec_data[] = {
cfec1a
+    make_ecdsa_test(NID_X9_62_prime256v1, P_256),
cfec1a
+};
cfec1a
+
cfec1a
+int FIPS_selftest_ecdsa()
cfec1a
+{
cfec1a
+    EC_KEY *ec = NULL;
cfec1a
+    BIGNUM *x = NULL, *y = NULL, *d = NULL;
cfec1a
+    EVP_PKEY *pk = NULL;
cfec1a
+    int rv = 0;
cfec1a
+    size_t i;
cfec1a
+
cfec1a
+    for (i = 0; i < sizeof(test_ec_data) / sizeof(EC_SELFTEST_DATA); i++) {
cfec1a
+        EC_SELFTEST_DATA *ecd = test_ec_data + i;
cfec1a
+
cfec1a
+        x = BN_bin2bn(ecd->x, ecd->xlen, x);
cfec1a
+        y = BN_bin2bn(ecd->y, ecd->ylen, y);
cfec1a
+        d = BN_bin2bn(ecd->d, ecd->dlen, d);
cfec1a
+
cfec1a
+        if (!x || !y || !d)
cfec1a
+            goto err;
cfec1a
+
cfec1a
+        ec = EC_KEY_new_by_curve_name(ecd->curve);
cfec1a
+        if (!ec)
cfec1a
+            goto err;
cfec1a
+
cfec1a
+        if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y))
cfec1a
+            goto err;
cfec1a
+
cfec1a
+        if (!EC_KEY_set_private_key(ec, d))
cfec1a
+            goto err;
cfec1a
+
cfec1a
+        if ((pk = EVP_PKEY_new()) == NULL)
cfec1a
+            goto err;
cfec1a
+
cfec1a
+        EVP_PKEY_assign_EC_KEY(pk, ec);
cfec1a
+
cfec1a
+        if (!fips_pkey_signature_test(pk, NULL, 0,
cfec1a
+                                      NULL, 0, EVP_sha256(), 0, ecd->name))
cfec1a
+            goto err;
cfec1a
+    }
cfec1a
+
cfec1a
+    rv = 1;
cfec1a
+
cfec1a
+ err:
cfec1a
+
cfec1a
+    if (x)
cfec1a
+        BN_clear_free(x);
cfec1a
+    if (y)
cfec1a
+        BN_clear_free(y);
cfec1a
+    if (d)
cfec1a
+        BN_clear_free(d);
cfec1a
+    if (pk)
cfec1a
+        EVP_PKEY_free(pk);
cfec1a
+    else if (ec)
cfec1a
+        EC_KEY_free(ec);
cfec1a
+
cfec1a
+    return rv;
cfec1a
+
cfec1a
+}
cfec1a
+
cfec1a
+#endif
cfec1a
diff -up openssl-1.0.2a/crypto/fips/fips.h.fips-ec openssl-1.0.2a/crypto/fips/fips.h
cfec1a
--- openssl-1.0.2a/crypto/fips/fips.h.fips-ec	2015-04-22 19:00:19.688883733 +0200
cfec1a
+++ openssl-1.0.2a/crypto/fips/fips.h	2015-04-22 19:00:19.724884583 +0200
cfec1a
@@ -93,6 +93,8 @@ extern "C" {
cfec1a
     void FIPS_corrupt_dsa(void);
cfec1a
     void FIPS_corrupt_dsa_keygen(void);
cfec1a
     int FIPS_selftest_dsa(void);
cfec1a
+    int FIPS_selftest_ecdsa(void);
cfec1a
+    int FIPS_selftest_ecdh(void);
cfec1a
     void FIPS_corrupt_rng(void);
cfec1a
     void FIPS_rng_stick(void);
cfec1a
     void FIPS_x931_stick(int onoff);
cfec1a
diff -up openssl-1.0.2a/crypto/fips/fips_post.c.fips-ec openssl-1.0.2a/crypto/fips/fips_post.c
cfec1a
--- openssl-1.0.2a/crypto/fips/fips_post.c.fips-ec	2015-04-22 19:00:19.688883733 +0200
cfec1a
+++ openssl-1.0.2a/crypto/fips/fips_post.c	2015-04-22 19:00:19.724884583 +0200
cfec1a
@@ -95,8 +95,12 @@ int FIPS_selftest(void)
cfec1a
         rv = 0;
cfec1a
     if (!FIPS_selftest_rsa())
cfec1a
         rv = 0;
cfec1a
+    if (!FIPS_selftest_ecdsa())
cfec1a
+        rv = 0;
cfec1a
     if (!FIPS_selftest_dsa())
cfec1a
         rv = 0;
cfec1a
+    if (!FIPS_selftest_ecdh())
cfec1a
+        rv = 0;
cfec1a
     return rv;
cfec1a
 }
cfec1a
 
cfec1a
diff -up openssl-1.0.2a/crypto/fips/Makefile.fips-ec openssl-1.0.2a/crypto/fips/Makefile
cfec1a
--- openssl-1.0.2a/crypto/fips/Makefile.fips-ec	2015-04-22 19:00:19.691883805 +0200
cfec1a
+++ openssl-1.0.2a/crypto/fips/Makefile	2015-04-22 19:00:19.724884583 +0200
cfec1a
@@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self
cfec1a
     fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c  fips_rand.c \
cfec1a
     fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
cfec1a
     fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
cfec1a
-    fips_cmac_selftest.c fips_enc.c fips_md.c
cfec1a
+    fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c
cfec1a
 
cfec1a
 LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \
cfec1a
     fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o  fips_rand.o \
cfec1a
     fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
cfec1a
     fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
cfec1a
-    fips_cmac_selftest.o fips_enc.o fips_md.o
cfec1a
+    fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o
cfec1a
 
cfec1a
 LIBCRYPTO=-L.. -lcrypto
cfec1a
 
cfec1a
@@ -119,6 +119,21 @@ fips_aes_selftest.o: ../../include/opens
cfec1a
 fips_aes_selftest.o: ../../include/openssl/safestack.h
cfec1a
 fips_aes_selftest.o: ../../include/openssl/stack.h
cfec1a
 fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c
cfec1a
+fips_cmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
cfec1a
+fips_cmac_selftest.o: ../../include/openssl/cmac.h
cfec1a
+fips_cmac_selftest.o: ../../include/openssl/crypto.h
cfec1a
+fips_cmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
cfec1a
+fips_cmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
cfec1a
+fips_cmac_selftest.o: ../../include/openssl/lhash.h
cfec1a
+fips_cmac_selftest.o: ../../include/openssl/obj_mac.h
cfec1a
+fips_cmac_selftest.o: ../../include/openssl/objects.h
cfec1a
+fips_cmac_selftest.o: ../../include/openssl/opensslconf.h
cfec1a
+fips_cmac_selftest.o: ../../include/openssl/opensslv.h
cfec1a
+fips_cmac_selftest.o: ../../include/openssl/ossl_typ.h
cfec1a
+fips_cmac_selftest.o: ../../include/openssl/safestack.h
cfec1a
+fips_cmac_selftest.o: ../../include/openssl/stack.h
cfec1a
+fips_cmac_selftest.o: ../../include/openssl/symhacks.h fips_cmac_selftest.c
cfec1a
+fips_cmac_selftest.o: fips_locl.h
cfec1a
 fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
cfec1a
 fips_des_selftest.o: ../../include/openssl/crypto.h
cfec1a
 fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
cfec1a
@@ -232,6 +247,46 @@ fips_dsa_selftest.o: ../../include/opens
cfec1a
 fips_dsa_selftest.o: ../../include/openssl/stack.h
cfec1a
 fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
cfec1a
 fips_dsa_selftest.o: fips_locl.h
cfec1a
+fips_ecdh_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
cfec1a
+fips_ecdh_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
cfec1a
+fips_ecdh_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cfec1a
+fips_ecdh_selftest.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h
cfec1a
+fips_ecdh_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
cfec1a
+fips_ecdh_selftest.o: ../../include/openssl/lhash.h
cfec1a
+fips_ecdh_selftest.o: ../../include/openssl/obj_mac.h
cfec1a
+fips_ecdh_selftest.o: ../../include/openssl/objects.h
cfec1a
+fips_ecdh_selftest.o: ../../include/openssl/opensslconf.h
cfec1a
+fips_ecdh_selftest.o: ../../include/openssl/opensslv.h
cfec1a
+fips_ecdh_selftest.o: ../../include/openssl/ossl_typ.h
cfec1a
+fips_ecdh_selftest.o: ../../include/openssl/safestack.h
cfec1a
+fips_ecdh_selftest.o: ../../include/openssl/stack.h
cfec1a
+fips_ecdh_selftest.o: ../../include/openssl/symhacks.h fips_ecdh_selftest.c
cfec1a
+fips_ecdh_selftest.o: fips_locl.h
cfec1a
+fips_ecdsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
cfec1a
+fips_ecdsa_selftest.o: ../../include/openssl/bn.h
cfec1a
+fips_ecdsa_selftest.o: ../../include/openssl/crypto.h
cfec1a
+fips_ecdsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cfec1a
+fips_ecdsa_selftest.o: ../../include/openssl/ecdsa.h
cfec1a
+fips_ecdsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cfec1a
+fips_ecdsa_selftest.o: ../../include/openssl/fips.h
cfec1a
+fips_ecdsa_selftest.o: ../../include/openssl/lhash.h
cfec1a
+fips_ecdsa_selftest.o: ../../include/openssl/obj_mac.h
cfec1a
+fips_ecdsa_selftest.o: ../../include/openssl/objects.h
cfec1a
+fips_ecdsa_selftest.o: ../../include/openssl/opensslconf.h
cfec1a
+fips_ecdsa_selftest.o: ../../include/openssl/opensslv.h
cfec1a
+fips_ecdsa_selftest.o: ../../include/openssl/ossl_typ.h
cfec1a
+fips_ecdsa_selftest.o: ../../include/openssl/safestack.h
cfec1a
+fips_ecdsa_selftest.o: ../../include/openssl/stack.h
cfec1a
+fips_ecdsa_selftest.o: ../../include/openssl/symhacks.h fips_ecdsa_selftest.c
cfec1a
+fips_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
cfec1a
+fips_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
cfec1a
+fips_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cfec1a
+fips_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
cfec1a
+fips_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cfec1a
+fips_enc.o: ../../include/openssl/opensslconf.h
cfec1a
+fips_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cfec1a
+fips_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
cfec1a
+fips_enc.o: ../../include/openssl/symhacks.h fips_enc.c
cfec1a
 fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
cfec1a
 fips_hmac_selftest.o: ../../include/openssl/crypto.h
cfec1a
 fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
cfec1a
@@ -246,6 +301,15 @@ fips_hmac_selftest.o: ../../include/open
cfec1a
 fips_hmac_selftest.o: ../../include/openssl/safestack.h
cfec1a
 fips_hmac_selftest.o: ../../include/openssl/stack.h
cfec1a
 fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c
cfec1a
+fips_md.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
cfec1a
+fips_md.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
cfec1a
+fips_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cfec1a
+fips_md.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
cfec1a
+fips_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cfec1a
+fips_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
cfec1a
+fips_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
cfec1a
+fips_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cfec1a
+fips_md.o: fips_md.c
cfec1a
 fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
cfec1a
 fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
cfec1a
 fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
cfec1a
diff -up openssl-1.0.2a/version.map.fips-ec openssl-1.0.2a/version.map
cfec1a
--- openssl-1.0.2a/version.map.fips-ec	2015-04-22 19:00:19.704884111 +0200
cfec1a
+++ openssl-1.0.2a/version.map	2015-04-22 19:00:19.724884583 +0200
cfec1a
@@ -6,6 +6,10 @@ OPENSSL_1.0.1 {
cfec1a
 	    _original*;
cfec1a
 	    _current*;
cfec1a
 };
cfec1a
+OPENSSL_1.0.1_EC {
cfec1a
+    global:
cfec1a
+            EC*;
cfec1a
+};
cfec1a
 OPENSSL_1.0.2 {
cfec1a
     global:
cfec1a
 	    SSLeay;