Compare commits
4 Commits
FIPS_098_T
...
OpenSSL-fi
| Author | SHA1 | Date | |
|---|---|---|---|
|
d1321464f6 | ||
|
|
a0055fbef4 | ||
|
|
2f9048b8a1 | ||
|
|
d73ed541db |
15
Configure
15
Configure
@@ -566,7 +566,8 @@ my $idx_arflags = $idx++;
|
||||
my $prefix="";
|
||||
my $openssldir="";
|
||||
my $exe_ext="";
|
||||
my $install_prefix="";
|
||||
my $install_prefix="$ENV{'INSTALL_PREFIX'}";
|
||||
my $cross_compile_prefix="$ENV{'CROSS_COMPILE'}";
|
||||
my $fipslibdir="/usr/local/ssl/lib/fips-1.0/";
|
||||
my $nofipscanistercheck=0;
|
||||
my $fipsdso=0;
|
||||
@@ -1397,7 +1398,16 @@ while (<IN>)
|
||||
s/^PLATFORM=.*$/PLATFORM=$target/;
|
||||
s/^OPTIONS=.*$/OPTIONS=$options/;
|
||||
s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
|
||||
s/^CC=.*$/CC= $cc/;
|
||||
if ($cross_compile_prefix)
|
||||
{
|
||||
s/^CC=.*$/CROSS_COMPILE= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE\)$cc/;
|
||||
s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
|
||||
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
|
||||
}
|
||||
else {
|
||||
s/^CC=.*$/CC= $cc/;
|
||||
s/^RANLIB=.*/RANLIB= $ranlib/;
|
||||
}
|
||||
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
|
||||
s/^CFLAG=.*$/CFLAG= $cflags/;
|
||||
s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
|
||||
@@ -1416,7 +1426,6 @@ while (<IN>)
|
||||
s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
|
||||
s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
|
||||
s/^PROCESSOR=.*/PROCESSOR= $processor/;
|
||||
s/^RANLIB=.*/RANLIB= $ranlib/;
|
||||
s/^ARFLAGS=.*/ARFLAGS= $arflags/;
|
||||
s/^PERL=.*/PERL= $perl/;
|
||||
s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
|
||||
|
||||
14
Makefile.org
14
Makefile.org
@@ -512,12 +512,14 @@ dclean:
|
||||
@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
rehash: rehash.time
|
||||
rehash.time: certs
|
||||
@(OPENSSL="`pwd`/util/opensslwrap.sh"; \
|
||||
OPENSSL_DEBUG_MEMORY=on; \
|
||||
export OPENSSL OPENSSL_DEBUG_MEMORY; \
|
||||
$(PERL) tools/c_rehash certs)
|
||||
touch rehash.time
|
||||
rehash.time: certs apps
|
||||
@if [ -z "$(CROSS_COMPILE)" ]; then \
|
||||
(OPENSSL="`pwd`/util/opensslwrap.sh"; \
|
||||
OPENSSL_DEBUG_MEMORY=on; \
|
||||
export OPENSSL OPENSSL_DEBUG_MEMORY; \
|
||||
$(PERL) tools/c_rehash certs) && \
|
||||
touch rehash.time; \
|
||||
else :; fi
|
||||
|
||||
test: tests
|
||||
|
||||
|
||||
@@ -153,17 +153,14 @@ $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
|
||||
shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
|
||||
shlib_target="$(SHLIB_TARGET)"; \
|
||||
elif [ -n "$(FIPSCANLIB)" ]; then \
|
||||
FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
|
||||
FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
|
||||
fi; \
|
||||
LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
|
||||
[ "x$(FIPSCANLIB)" = "xlibfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
|
||||
$(MAKE) -f $(TOP)/Makefile.shared -e \
|
||||
CC=$${CC} APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
|
||||
CC="$${CC}" APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
|
||||
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
|
||||
link_app.$${shlib_target}
|
||||
-(cd ..; \
|
||||
OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
|
||||
$(PERL) tools/c_rehash certs)
|
||||
|
||||
progs.h: progs.pl
|
||||
$(PERL) progs.pl $(E_EXE) >progs.h
|
||||
|
||||
8
config
8
config
@@ -48,10 +48,10 @@ done
|
||||
|
||||
# First get uname entries that we use below
|
||||
|
||||
MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
|
||||
RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
|
||||
SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown"
|
||||
VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
|
||||
[ "$MACHINE" ] || MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
|
||||
[ "$RELEASE" ] || RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
|
||||
[ "$SYSTEM" ] || SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown"
|
||||
[ "$BUILD" ] || VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
|
||||
|
||||
|
||||
# Now test for ISC and SCO, since it is has a braindamaged uname.
|
||||
|
||||
@@ -119,13 +119,20 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
|
||||
if (bits < 512) bits=512;
|
||||
bits=(bits+63)/64*64;
|
||||
|
||||
if (seed_len < 20)
|
||||
/* NB: seed_len == 0 is special case: copy generated seed to
|
||||
* seed_in if it is not NULL.
|
||||
*/
|
||||
if (seed_len && (seed_len < 20))
|
||||
seed_in = NULL; /* seed buffer too small -- ignore */
|
||||
if (seed_len > 20)
|
||||
seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
|
||||
* but our internal buffers are restricted to 160 bits*/
|
||||
if ((seed_in != NULL) && (seed_len == 20))
|
||||
{
|
||||
memcpy(seed,seed_in,seed_len);
|
||||
/* set seed_in to NULL to avoid it being copied back */
|
||||
seed_in = NULL;
|
||||
}
|
||||
|
||||
if ((ctx=BN_CTX_new()) == NULL) goto err;
|
||||
|
||||
@@ -302,7 +309,7 @@ err:
|
||||
ok=0;
|
||||
goto err;
|
||||
}
|
||||
if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
|
||||
if (seed_in != NULL) memcpy(seed_in,seed,20);
|
||||
if (counter_ret != NULL) *counter_ret=counter;
|
||||
if (h_ret != NULL) *h_ret=h;
|
||||
}
|
||||
|
||||
@@ -133,13 +133,20 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
|
||||
if (bits < 512) bits=512;
|
||||
bits=(bits+63)/64*64;
|
||||
|
||||
if (seed_len < 20)
|
||||
/* NB: seed_len == 0 is special case: copy generated seed to
|
||||
* seed_in if it is not NULL.
|
||||
*/
|
||||
if (seed_len && (seed_len < 20))
|
||||
seed_in = NULL; /* seed buffer too small -- ignore */
|
||||
if (seed_len > 20)
|
||||
seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
|
||||
* but our internal buffers are restricted to 160 bits*/
|
||||
if ((seed_in != NULL) && (seed_len == 20))
|
||||
{
|
||||
memcpy(seed,seed_in,seed_len);
|
||||
/* set seed_in to NULL to avoid it being copied back */
|
||||
seed_in = NULL;
|
||||
}
|
||||
|
||||
if ((ctx=BN_CTX_new()) == NULL) goto err;
|
||||
|
||||
@@ -316,7 +323,7 @@ err:
|
||||
ok=0;
|
||||
goto err;
|
||||
}
|
||||
if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
|
||||
if (seed_in != NULL) memcpy(seed_in,seed,20);
|
||||
if (counter_ret != NULL) *counter_ret=counter;
|
||||
if (h_ret != NULL) *h_ret=h;
|
||||
}
|
||||
|
||||
@@ -112,6 +112,83 @@ void pqg()
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void pqgver()
|
||||
{
|
||||
char buf[1024];
|
||||
char lbuf[1024];
|
||||
char *keyword, *value;
|
||||
BIGNUM *p = NULL, *q = NULL, *g = NULL;
|
||||
int counter, counter2;
|
||||
unsigned long h, h2;
|
||||
DSA *dsa=NULL;
|
||||
int nmod=0;
|
||||
unsigned char seed[1024];
|
||||
|
||||
while(fgets(buf,sizeof buf,stdin) != NULL)
|
||||
{
|
||||
if (!parse_line(&keyword, &value, lbuf, buf))
|
||||
{
|
||||
fputs(buf,stdout);
|
||||
continue;
|
||||
}
|
||||
if(!strcmp(keyword,"[mod"))
|
||||
nmod=atoi(value);
|
||||
else if(!strcmp(keyword,"P"))
|
||||
p=hex2bn(value);
|
||||
else if(!strcmp(keyword,"Q"))
|
||||
q=hex2bn(value);
|
||||
else if(!strcmp(keyword,"G"))
|
||||
g=hex2bn(value);
|
||||
else if(!strcmp(keyword,"Seed"))
|
||||
{
|
||||
int slen = hex2bin(value, seed);
|
||||
if (slen != 20)
|
||||
{
|
||||
fprintf(stderr, "Seed parse length error\n");
|
||||
exit (1);
|
||||
}
|
||||
}
|
||||
else if(!strcmp(keyword,"c"))
|
||||
counter =atoi(buf+4);
|
||||
else if(!strcmp(keyword,"H"))
|
||||
{
|
||||
h = atoi(value);
|
||||
if (!p || !q || !g)
|
||||
{
|
||||
fprintf(stderr, "Parse Error\n");
|
||||
exit (1);
|
||||
}
|
||||
pbn("P",p);
|
||||
pbn("Q",q);
|
||||
pbn("G",g);
|
||||
pv("Seed",seed,20);
|
||||
printf("c = %d\n",counter);
|
||||
printf("H = %lx\n",h);
|
||||
dsa = FIPS_dsa_new();
|
||||
if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
|
||||
{
|
||||
do_print_errors();
|
||||
exit(1);
|
||||
}
|
||||
if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
|
||||
|| (counter != counter2) || (h != h2))
|
||||
printf("Result = F\n");
|
||||
else
|
||||
printf("Result = T\n");
|
||||
BN_free(p);
|
||||
BN_free(q);
|
||||
BN_free(g);
|
||||
p = NULL;
|
||||
q = NULL;
|
||||
g = NULL;
|
||||
FIPS_dsa_free(dsa);
|
||||
dsa = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void keypair()
|
||||
{
|
||||
char buf[1024];
|
||||
@@ -329,6 +406,8 @@ int main(int argc,char **argv)
|
||||
primes();
|
||||
else if(!strcmp(argv[1],"pqg"))
|
||||
pqg();
|
||||
else if(!strcmp(argv[1],"pqgver"))
|
||||
pqgver();
|
||||
else if(!strcmp(argv[1],"keypair"))
|
||||
keypair();
|
||||
else if(!strcmp(argv[1],"siggen"))
|
||||
|
||||
12
fips/fipsld
12
fips/fipsld
@@ -117,7 +117,11 @@ lib*|*.dll) # must be linking a shared lib...
|
||||
${_WL_PREMAIN} "$@"
|
||||
|
||||
# generate signature...
|
||||
SIG=`"${THERE}/fips/fips_premain_dso" "${TARGET}"`
|
||||
if [ -z "${FIPS_SIG}" ]; then
|
||||
SIG=`"${THERE}/fips/fips_premain_dso" "${TARGET}"`
|
||||
else
|
||||
SIG=`"${FIPS_SIG}" -dso "${TARGET}"`
|
||||
fi
|
||||
/bin/rm -f "${TARGET}"
|
||||
if [ -z "${SIG}" ]; then
|
||||
echo "unable to collect signature"; exit 1
|
||||
@@ -156,7 +160,11 @@ lib*|*.dll) # must be linking a shared lib...
|
||||
${_WL_PREMAIN} "$@"
|
||||
|
||||
# generate signature...
|
||||
SIG=`"${TARGET}"`
|
||||
if [ -z "${FIPS_SIG}" ]; then
|
||||
SIG=`"${TARGET}"`
|
||||
else
|
||||
SIG=`"${FIPS_SIG}" -exe "${TARGET}"`
|
||||
fi
|
||||
/bin/rm -f "${TARGET}"
|
||||
if [ -z "${SIG}" ]; then
|
||||
echo "unable to collect signature"; exit 1
|
||||
|
||||
@@ -108,24 +108,24 @@ my %fips_tests = (
|
||||
"CFB8VarTxt128" => "fips_aesavs -f",
|
||||
"CFB8VarTxt192" => "fips_aesavs -f",
|
||||
"CFB8VarTxt256" => "fips_aesavs -f",
|
||||
"CFB1GFSbox128" => "fips_aesavs -f",
|
||||
"CFB1GFSbox192" => "fips_aesavs -f",
|
||||
"CFB1GFSbox256" => "fips_aesavs -f",
|
||||
"CFB1KeySbox128" => "fips_aesavs -f",
|
||||
"CFB1KeySbox192" => "fips_aesavs -f",
|
||||
"CFB1KeySbox256" => "fips_aesavs -f",
|
||||
"CFB1MCT128" => "fips_aesavs -f",
|
||||
"CFB1MCT192" => "fips_aesavs -f",
|
||||
"CFB1MCT256" => "fips_aesavs -f",
|
||||
"CFB1MMT128" => "fips_aesavs -f",
|
||||
"CFB1MMT192" => "fips_aesavs -f",
|
||||
"CFB1MMT256" => "fips_aesavs -f",
|
||||
"CFB1VarKey128" => "fips_aesavs -f",
|
||||
"CFB1VarKey192" => "fips_aesavs -f",
|
||||
"CFB1VarKey256" => "fips_aesavs -f",
|
||||
"CFB1VarTxt128" => "fips_aesavs -f",
|
||||
"CFB1VarTxt192" => "fips_aesavs -f",
|
||||
"CFB1VarTxt256" => "fips_aesavs -f",
|
||||
#"CFB1GFSbox128" => "fips_aesavs -f",
|
||||
#"CFB1GFSbox192" => "fips_aesavs -f",
|
||||
#"CFB1GFSbox256" => "fips_aesavs -f",
|
||||
#"CFB1KeySbox128" => "fips_aesavs -f",
|
||||
#"CFB1KeySbox192" => "fips_aesavs -f",
|
||||
#"CFB1KeySbox256" => "fips_aesavs -f",
|
||||
#"CFB1MCT128" => "fips_aesavs -f",
|
||||
#"CFB1MCT192" => "fips_aesavs -f",
|
||||
#"CFB1MCT256" => "fips_aesavs -f",
|
||||
#"CFB1MMT128" => "fips_aesavs -f",
|
||||
#"CFB1MMT192" => "fips_aesavs -f",
|
||||
#"CFB1MMT256" => "fips_aesavs -f",
|
||||
#"CFB1VarKey128" => "fips_aesavs -f",
|
||||
#"CFB1VarKey192" => "fips_aesavs -f",
|
||||
#"CFB1VarKey256" => "fips_aesavs -f",
|
||||
#"CFB1VarTxt128" => "fips_aesavs -f",
|
||||
#"CFB1VarTxt192" => "fips_aesavs -f",
|
||||
#"CFB1VarTxt256" => "fips_aesavs -f",
|
||||
"ECBGFSbox128" => "fips_aesavs -f",
|
||||
"ECBGFSbox192" => "fips_aesavs -f",
|
||||
"ECBGFSbox256" => "fips_aesavs -f",
|
||||
|
||||
@@ -47,8 +47,12 @@ lib: $(LIBOBJ)
|
||||
@echo $(LIBOBJ) > lib
|
||||
|
||||
../fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o
|
||||
if [ -z "$(HOSTCC)" ] ; then \
|
||||
FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha1dgst.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
|
||||
$(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM
|
||||
$(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM ; \
|
||||
else \
|
||||
$(HOSTCC) $(HOSTCFLAGS) -o $ $@ -I../../include -I../../crypto fips_standalone_sha1.c ../../crypto/sha/sha1dgst.c ; \
|
||||
fi
|
||||
|
||||
files:
|
||||
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
|
||||
|
||||
Reference in New Issue
Block a user