OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
03-Jan-2008 14:37:23
Branch: OpenSSL_0_9_7-stable Handle:
2008010313372201
Modified files: (Branch: OpenSSL_0_9_7-stable)
openssl/fips-1.0/aes fips_aesavs.c
openssl/fips-1.0/des fips_desmovs.c
openssl/fips-1.0/dsa fips_dssvs.c
Log:
Backport fixes/updates from 0.9.8-fips to algorithm
tests.
Summary:
Revision Changes Path
1.1.2.6 +31 -16
openssl/fips-1.0/aes/fips_aesavs.c
1.1.2.5 +28 -14
openssl/fips-1.0/des/fips_desmovs.c
1.1.2.5 +118 -0
openssl/fips-1.0/dsa/fips_dssvs.c
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/fips-1.0/aes/fips_aesavs.c
============================================================
================
$ cvs diff -u -r1.1.2.5 -r1.1.2.6 fips_aesavs.c
--- openssl/fips-1.0/aes/fips_aesavs.c 23 Jan 2007
01:40:27 -0000 1.1.2.5
+++ openssl/fips-1.0/aes/fips_aesavs.c 3 Jan 2008 13:37:22
-0000 1.1.2.6
-82,7 +82,7
#define AES_BLOCK_SIZE 16
-#define VERBOSE 1
+#define VERBOSE 0
/*-----------------------------------------------*/
-476,8 +476,10
if(j == 0)
{
/* compensate for wrong endianness of input file
*/
+#if 0
if(i == 0)
ptext[0][0]<<=7;
+#endif
ret=AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
ptext[j], ctext[j], len);
}
-694,7 +696,7
# Fri Aug 30 04:07:22 PM
----------------------------*/
-int proc_file(char *rqfile)
+int proc_file(char *rqfile, char *rspfile)
{
char afn[256], rfn[256];
FILE *afp = NULL, *rfp = NULL;
-725,13 +727,21
afn, strerror(errno));
return -1;
}
- strcpy(rfn,afn);
- rp=strstr(rfn,"req/");
- assert(rp);
- memcpy(rp,"rsp",3);
- rp = strstr(rfn, ".req");
- memcpy(rp, ".rsp", 4);
- if ((rfp = fopen(rfn, "w")) == NULL)
+ if (!rspfile)
+ {
+ strcpy(rfn,afn);
+ rp=strstr(rfn,"req/");
+#ifdef OPENSSL_SYS_WIN32
+ if (!rp)
+ rp=strstr(rfn,"req\");
+#endif
+ assert(rp);
+ memcpy(rp,"rsp",3);
+ rp = strstr(rfn, ".req");
+ memcpy(rp, ".rsp", 4);
+ rspfile = rfn;
+ }
+ if ((rfp = fopen(rspfile, "w")) == NULL)
{
printf("Cannot open file: %s, %sn",
rfn, strerror(errno));
-795,7 +805,8
strncpy(amode, xp+1, n);
amode[n] = '�';
/* amode[3] = '�'; */
- printf("Test = %s, Mode = %sn", atest,
amode);
+ if (VERBOSE)
+ printf("Test = %s, Mode = %sn", atest,
amode);
}
else if (strncasecmp(pp, "Key Length : ",
13) == 0)
{
-947,7 +958,6
err =1;
break;
}
-
PrintValue("CIPHERTEXT", ciphertext, len);
if (strcmp(atest, "MCT") == 0) /* Monte
Carlo Test */
{
-998,7 +1008,7
--------------------------------------------------*/
int main(int argc, char **argv)
{
- char *rqlist = "req.txt";
+ char *rqlist = "req.txt", *rspfile = NULL;
FILE *fp = NULL;
char fn[250] = "", rfn[256] =
"";
int f_opt = 0, d_opt = 1;
-1034,7 +1044,10
if (d_opt)
rqlist = argv[2];
else
+ {
strcpy(fn, argv[2]);
+ rspfile = argv[3];
+ }
}
if (d_opt)
{ /* list of files (directory) */
-1047,8 +1060,9
{
strtok(fn, "rn");
strcpy(rfn, fn);
- printf("Processing: %sn", rfn);
- if (proc_file(rfn))
+ if (VERBOSE)
+ printf("Processing: %sn", rfn);
+ if (proc_file(rfn, rspfile))
{
printf(">>> Processing failed for: %s
<<<n", rfn);
EXIT(1);
-1058,8 +1072,9
}
else /* single file */
{
- printf("Processing: %sn", fn);
- if (proc_file(fn))
+ if (VERBOSE)
+ printf("Processing: %sn", fn);
+ if (proc_file(fn, rspfile))
{
printf(">>> Processing failed for: %s
<<<n", fn);
}
.
patch -p0 <<' .'
Index: openssl/fips-1.0/des/fips_desmovs.c
============================================================
================
$ cvs diff -u -r1.1.2.4 -r1.1.2.5 fips_desmovs.c
--- openssl/fips-1.0/des/fips_desmovs.c 23 Jan 2007
01:40:28 -0000 1.1.2.4
+++ openssl/fips-1.0/des/fips_desmovs.c 3 Jan 2008
13:37:22 -0000 1.1.2.5
-558,7 +558,7
}
}
-int proc_file(char *rqfile)
+int proc_file(char *rqfile, char *rspfile)
{
char afn[256], rfn[256];
FILE *afp = NULL, *rfp = NULL;
-588,13 +588,21
afn, strerror(errno));
return -1;
}
- strcpy(rfn,afn);
- rp=strstr(rfn,"req/");
- assert(rp);
- memcpy(rp,"rsp",3);
- rp = strstr(rfn, ".req");
- memcpy(rp, ".rsp", 4);
- if ((rfp = fopen(rfn, "w")) == NULL)
+ if (!rspfile)
+ {
+ strcpy(rfn,afn);
+ rp=strstr(rfn,"req/");
+#ifdef OPENSSL_SYS_WIN32
+ if (!rp)
+ rp=strstr(rfn,"req\");
+#endif
+ assert(rp);
+ memcpy(rp,"rsp",3);
+ rp = strstr(rfn, ".req");
+ memcpy(rp, ".rsp", 4);
+ rspfile = rfn;
+ }
+ if ((rfp = fopen(rspfile, "w")) == NULL)
{
printf("Cannot open file: %s, %sn",
rfn, strerror(errno));
-666,7 +674,8
strncpy(amode, xp+1, n);
amode[n] = '�';
/* amode[3] = '�'; */
- printf("Test=%s, Mode=%sn",atest,amode);
+ if (VERBOSE)
+ printf("Test=%s, Mode=%sn",atest,amode);
}
}
}
-909,7 +918,7
--------------------------------------------------*/
int main(int argc, char **argv)
{
- char *rqlist = "req.txt";
+ char *rqlist = "req.txt", *rspfile = NULL;
FILE *fp = NULL;
char fn[250] = "", rfn[256] =
"";
int f_opt = 0, d_opt = 1;
-945,7 +954,10
if (d_opt)
rqlist = argv[2];
else
+ {
strcpy(fn, argv[2]);
+ rspfile = argv[3];
+ }
}
if (d_opt)
{ /* list of files (directory) */
-958,8 +970,9
{
strtok(fn, "rn");
strcpy(rfn, fn);
- printf("Processing: %sn", rfn);
- if (proc_file(rfn))
+ if (VERBOSE)
+ printf("Processing: %sn", rfn);
+ if (proc_file(rfn, rspfile))
{
printf(">>> Processing failed for: %s
<<<n", rfn);
EXIT(1);
-969,8 +982,9
}
else /* single file */
{
- printf("Processing: %sn", fn);
- if (proc_file(fn))
+ if (VERBOSE)
+ printf("Processing: %sn", fn);
+ if (proc_file(fn, rspfile))
{
printf(">>> Processing failed for: %s
<<<n", fn);
}
.
patch -p0 <<' .'
Index: openssl/fips-1.0/dsa/fips_dssvs.c
============================================================
================
$ cvs diff -u -r1.1.2.4 -r1.1.2.5 fips_dssvs.c
--- openssl/fips-1.0/dsa/fips_dssvs.c 5 Oct 2007 17:09:10
-0000 1.1.2.4
+++ openssl/fips-1.0/dsa/fips_dssvs.c 3 Jan 2008 13:37:23
-0000 1.1.2.5
-274,6 +274,122
}
}
+/* Keypair verification routine. NB: this isn't part of
the stndard FIPS140-2
+ * algorithm tests. It is an additional test to perform
sanity checks on the
+ * output of the KeyPair test.
+ */
+
+static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q,
BIGNUM *g,
+ BN_CTX *ctx)
+ {
+ BIGNUM *rem = NULL;
+ if (BN_num_bits(p) != nmod)
+ return 0;
+ if (BN_num_bits(q) != 160)
+ return 0;
+ if (BN_is_prime(p, BN_prime_checks, NULL, NULL, NULL)
!= 1)
+ return 0;
+ if (BN_is_prime(q, BN_prime_checks, NULL, NULL, NULL)
!= 1)
+ return 0;
+ rem = BN_new();
+ if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
+ || (BN_cmp(g, BN_value_one()) <= 0)
+ || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
+ {
+ BN_free(rem);
+ return 0;
+ }
+ BN_free(rem);
+ return 1;
+ }
+
+void keyver()
+ {
+ char buf[1024];
+ char lbuf[1024];
+ char *keyword, *value;
+ BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y
= NULL;
+ BIGNUM *Y2;
+ BN_CTX *ctx = NULL;
+ int nmod=0, paramcheck = 0;
+
+ ctx = BN_CTX_new();
+ Y2 = BN_new();
+
+ while(fgets(buf,sizeof buf,stdin) != NULL)
+ {
+ if (!parse_line(&keyword, &value, lbuf, buf))
+ {
+ fputs(buf,stdout);
+ continue;
+ }
+ if(!strcmp(keyword,"[mod"))
+ {
+ if (p)
+ BN_free(p);
+ p = NULL;
+ if (q)
+ BN_free(q);
+ q = NULL;
+ if (g)
+ BN_free(g);
+ g = NULL;
+ paramcheck = 0;
+ nmod=atoi(value);
+ }
+ else if(!strcmp(keyword,"P"))
+ p=hex2bn(value);
+ else if(!strcmp(keyword,"Q"))
+ q=hex2bn(value);
+ else if(!strcmp(keyword,"G"))
+ g=hex2bn(value);
+ else if(!strcmp(keyword,"X"))
+ X=hex2bn(value);
+ else if(!strcmp(keyword,"Y"))
+ {
+ Y=hex2bn(value);
+ if (!p || !q || !g || !X || !Y)
+ {
+ fprintf(stderr, "Parse Errorn");
+ exit (1);
+ }
+ pbn("P",p);
+ pbn("Q",q);
+ pbn("G",g);
+ pbn("X",X);
+ pbn("Y",Y);
+ if (!paramcheck)
+ {
+ if (dss_paramcheck(nmod, p, q, g, ctx))
+ paramcheck = 1;
+ else
+ paramcheck = -1;
+ }
+ if (paramcheck != 1)
+ printf("Result = Fn");
+ else
+ {
+ if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
+ printf("Result = Fn");
+ else
+ printf("Result = Tn");
+ }
+ BN_free(X);
+ BN_free(Y);
+ X = NULL;
+ Y = NULL;
+ }
+ }
+ if (p)
+ BN_free(p);
+ if (q)
+ BN_free(q);
+ if (g)
+ BN_free(g);
+ if (Y2)
+ BN_free(Y2);
+ }
+
void keypair()
{
char buf[1024];
-451,6 +567,8
pqgver();
else if(!strcmp(argv[1],"keypair"))
keypair();
+ else if(!strcmp(argv[1],"keyver"))
+ keyver();
else if(!strcmp(argv[1],"siggen"))
siggen();
else if(!strcmp(argv[1],"sigver"))
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|
