File openssl-fips_cavs_aes_keywrap.patch of Package openssl-1_0_0

Index: openssl-1.0.2j/crypto/fips/fips_kwvs.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_kwvs.c	2017-05-12 14:14:26.561672018 +0200
@@ -0,0 +1,137 @@
+/*
+ * Crude test driver for processing the VST and MCT testvector files
+ * generated by the CMVP RNGVS product.
+ *
+ * Note the input files are assumed to have a _very_ specific format
+ * as described in the NIST document "The Random Number Generator
+ * Validation System (RNGVS)", May 25, 2004.
+ *
+ */
+#include <openssl/opensslconf.h>
+
+#include <openssl/bn.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/modes.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "fips_utl.h"
+
+void die(char *mes)
+{
+    fprintf(stderr, mes);
+    exit(1);
+}
+
+void process(char *req, char *rsp)
+{
+    char buf[2048], lbuf[2048];
+    unsigned char result[2048];
+    unsigned char *K = NULL;
+    unsigned char *P = NULL;
+    unsigned char *C = NULL;
+    unsigned plaintext_len, ciphertext_len;
+    unsigned key_len;
+    char *end;
+    AES_KEY aes_key;
+    char *keyword, *value;
+    long l;
+    int length;
+    int inverse = 0;
+    block128_f f;
+
+    FILE *in = fopen(req, "r");
+    FILE *out = fopen(rsp, "w");
+
+    if (!in || !out) {
+        die("Can't open input or output file\n");
+    }
+
+    while(fgets(buf, sizeof(buf), in) != NULL)
+    {
+	fputs(buf,out);
+
+	if (!parse_line(&keyword, &value, lbuf, buf)) {
+            /* might be a header, check if inverse cipher function is requested */
+	    if(strstr(buf, "inverse")) {
+                inverse = 1;
+            }
+            continue;
+        }
+
+	if(!strcmp(keyword, "[PLAINTEXT LENGTH"))
+        {
+            end = value + strlen(value) - 1;
+            /* remove trailing ] */
+            if (*end == ']')
+                *end = 0;
+	    plaintext_len = atoi(value) / 8;
+            ciphertext_len = plaintext_len + 8;
+        }
+        /* key */
+	else if(!strcmp(keyword, "K"))
+        {
+	    K = hex2bin_m(value, &l);
+            key_len = strlen(value) / 2;
+        }
+        /* plaintext */
+	else if(!strcmp(keyword, "P"))
+        {
+            /* Wrap, we have a key and a plaintext */
+	    P = hex2bin_m(value, &l);
+            if (inverse) {
+                if (AES_set_decrypt_key(K, key_len*8, &aes_key))
+                    die("Can't set AES decrypt key.\n");
+                f = (block128_f)AES_decrypt;
+            } else {
+                if (AES_set_encrypt_key(K, key_len*8, &aes_key))
+                    die("Can't set AES encrypt key.\n");
+                f = (block128_f)AES_encrypt;
+            }
+            length = CRYPTO_128_wrap(&aes_key, NULL, result, P, plaintext_len, f);
+            if (!length)
+                die("Wrapping failed.\n");
+            OutputValue("C", result, length, out, 0);
+        }
+        /* ciphertext */
+	else if(!strcmp(keyword, "C"))
+	{
+            /* Unwrap, we have a key and a ciphertext */
+	    C = hex2bin_m(value, &l);
+            if (inverse) {
+                if (AES_set_encrypt_key(K, key_len*8, &aes_key))
+                    die("Can't set AES encrypt key.\n");
+                f = (block128_f)AES_encrypt;
+            } else {
+                if (AES_set_decrypt_key(K, key_len*8, &aes_key))
+                    die("Can't set AES decrypt key.\n");
+                f = (block128_f)AES_decrypt;
+            }
+            length = CRYPTO_128_unwrap(&aes_key, NULL, result, C, ciphertext_len, f);
+            if (!length) {
+                fprintf(out, "FAIL" RESP_EOL);
+            } else {
+                OutputValue("P", result, length, out, 0);
+            }
+        }
+    }
+}
+
+int main(int argc,char **argv)
+{
+    if(argc != 3)
+    {
+	fprintf(stderr,"%s Req Rsp\n",argv[0]);
+	exit(1);
+    }
+    if(!FIPS_mode_set(1))
+    {
+	do_print_errors();
+	exit(1);
+    }
+
+    process(argv[1], argv[2]);
+
+    return 0;
+}
Index: openssl-1.0.2j/crypto/fips/Makefile
===================================================================
--- openssl-1.0.2j.orig/crypto/fips/Makefile	2017-05-11 16:56:02.495668727 +0200
+++ openssl-1.0.2j/crypto/fips/Makefile	2017-05-11 16:56:02.531669302 +0200
@@ -19,15 +19,15 @@ APPS=
 PROGRAM= fips_standalone_hmac
 EXE= $(PROGRAM)$(EXE_EXT)
 
-CAVS_PROGRAMS= fips_aesavs fips_cmactest fips_desmovs fips_dhvs fips_drbgvs \
+CAVS_PROGRAMS= fips_kwvs fips_aesavs fips_cmactest fips_desmovs fips_dhvs fips_drbgvs \
 fips_ecdhvs fips_ecdsavs fips_rngvs fips_rsagtest fips_rsastest \
 fips_rsavtest fips_shatest fips_gcmtest fips_dssvs fips_tlsvs fips_hmactest
 
-CAVS_SRC= fips_aesavs.c fips_cmactest.c fips_desmovs.c fips_dhvs.c fips_drbgvs.c fips_dssvs.c \
+CAVS_SRC= fips_kwvs.c fips_aesavs.c fips_cmactest.c fips_desmovs.c fips_dhvs.c fips_drbgvs.c fips_dssvs.c \
 fips_ecdhvs.c fips_ecdsavs.c fips_gcmtest.c fips_rngvs.c fips_rsagtest.c fips_rsastest.c \
 fips_rsavtest.c fips_shatest.c fips_tlsvs.c fips_hmactest.c
 
-CAVS_OBJ= fips_aesavs.o fips_cmactest.o fips_desmovs.o fips_dhvs.o fips_drbgvs.o \
+CAVS_OBJ= fips_kwvs.o fips_aesavs.o fips_cmactest.o fips_desmovs.o fips_dhvs.o fips_drbgvs.o \
 fips_ecdhvs.o fips_ecdsavs.o fips_gcmtest.o fips_rngvs.o fips_rsagtest.o fips_rsastest.o \
 fips_rsavtest.o fips_shatest.o fips_dssvs.o fips_tlsvs.o fips_hmactest.o
 
@@ -454,6 +454,19 @@ fips_aesavs.o: ../../include/openssl/ope
 fips_aesavs.o: ../../include/openssl/ossl_typ.h
 fips_aesavs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 fips_aesavs.o: ../../include/openssl/symhacks.h fips_utl.h fips_aesavs.c
+fips_kwvs.o: ../../e_os.h ../../include/openssl/aes.h
+fips_kwvs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_kwvs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_kwvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_kwvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_kwvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_kwvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+fips_kwvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_kwvs.o: ../../include/openssl/opensslconf.h
+fips_kwvs.o: ../../include/openssl/opensslv.h
+fips_kwvs.o: ../../include/openssl/ossl_typ.h
+fips_kwvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_kwvs.o: ../../include/openssl/symhacks.h fips_utl.h fips_kwvs.c
 fips_gcmtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
 fips_gcmtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 fips_gcmtest.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h