Prepare for RC7.

Retry rename operation with a slight delay to workaround problems on
some versions of Windows.
2011-12-12 13:44:05 +00:00 · 2011-12-10 18:06:55 +00:00 · 2011-12-10 13:29:23 +00:00 · 2011-12-08 15:14:38 +00:00 · 2011-12-04 21:29:08 +00:00 · 2011-12-04 15:26:26 +00:00
12 changed files with 111 additions and 19 deletions
--- a/Makefile.fips
+++ b/Makefile.fips
@@ -524,8 +524,8 @@ files:
 links:
 	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
 	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
-	@set -e; dir=fips target=links; $(RECURSIVE_BUILD_CMD)
-	@(cd crypto ; SDIRS='$(LINKDIRS)' $(MAKE) -e links)
+	@set -e; dir=fips target=links; $(BUILD_ONE_CMD)
+	@(cd crypto ; TEST='' SDIRS='$(LINKDIRS)' $(MAKE) -e links)

 gentests:
 	@(cd test && echo "generating dummy tests (if needed)..." && \
--- a/crypto/bn/asm/mips.pl
+++ b/crypto/bn/asm/mips.pl
@@ -267,7 +267,7 @@ ___
 $code.=<<___;
 	jr	$ra
 	move	$a0,$v0
-.end	bn_mul_add_words
+.end	bn_mul_add_words_internal

 .align	5
 .globl	bn_mul_words
@@ -778,7 +778,7 @@ ___
 $code.=<<___;
 	jr	$ra
 	move	$a0,$v0
-.end	bn_sub_words
+.end	bn_sub_words_internal

 .align 5
 .globl	bn_div_3_words
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -359,7 +359,15 @@ void OPENSSL_showfatal (const char *fmta,...)
 { va_list ap;

    va_start (ap,fmta);
+#if defined(OPENSSL_SYS_VXWORKS)
+    {
+	char buf[256];
+	vsnprintf(buf,sizeof(buf),fmta,ap);
+	printf("%s",buf);
+    }
+#else 
    vfprintf (stderr,fmta,ap);
+#endif
    va_end (ap);
 }
 int OPENSSL_isservice (void) { return 0; }
--- a/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_locl.h
@@ -75,7 +75,7 @@ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
 	return 1;\
 }

-#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2))
+#define EVP_MAXCHUNK ((size_t)1<<(sizeof(int)*8-2))

 #define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
 static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
--- a/crypto/x86cpuid.pl
+++ b/crypto/x86cpuid.pl
@@ -119,8 +119,6 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
 	&mov	("esi","edx");
 	&or	("ebp","ecx");		# merge AMD XOP flag

-	&bt	("ecx",26);		# check XSAVE bit
-	&jnc	(&label("done"));
 	&bt	("ecx",27);		# check OSXSAVE bit
 	&jnc	(&label("clear_avx"));
 	&xor	("ecx","ecx");
--- a/fips/dh/fips_dhvs.c
+++ b/fips/dh/fips_dhvs.c
@@ -279,6 +279,10 @@ int main(int argc, char **argv)
 							rhash, rhashlen);
 			}
 		}
+	if (in && in != stdin)
+		fclose(in);
+	if (out && out != stdout)
+		fclose(out);
 	return 0;
 	parse_error:
 	fprintf(stderr, "Error Parsing request file\n");
--- a/fips/ecdh/fips_ecdhvs.c
+++ b/fips/ecdh/fips_ecdhvs.c
@@ -484,6 +484,10 @@ int main(int argc, char **argv)
 		BN_free(cy);
 	if (group)
 		EC_GROUP_free(group);
+	if (in && in != stdin)
+		fclose(in);
+	if (out && out != stdout)
+		fclose(out);
 	if (rv)
 		fprintf(stderr, "Error Parsing request file\n");
 	return rv;
--- a/fips/fips_locl.h
+++ b/fips/fips_locl.h
@@ -67,8 +67,8 @@ int fips_post_failed(int id, int subid, void *ex);
 int fips_post_corrupt(int id, int subid, void *ex);
 int fips_post_status(void);

-#define FIPS_MODULE_VERSION_NUMBER	0x20000005L
-#define FIPS_MODULE_VERSION_TEXT	"FIPS 2.0-rc5 unvalidated test module xx XXX xxxx"
+#define FIPS_MODULE_VERSION_NUMBER	0x20000007L
+#define FIPS_MODULE_VERSION_TEXT	"FIPS 2.0-rc7 unvalidated test module xx XXX xxxx"

 #ifdef  __cplusplus
 }
--- a/fips/fips_test_suite.c
+++ b/fips/fips_test_suite.c
@@ -650,6 +650,13 @@ static size_t drbg_test_cb(DRBG_CTX *ctx, unsigned char **pout,
 	return (min_len + 0xf) & ~0xf;
 	}

+/* Callback which returns 0 to indicate entropy source failure */
+static size_t drbg_fail_cb(DRBG_CTX *ctx, unsigned char **pout,
+                                int entropy, size_t min_len, size_t max_len)
+	{
+	return 0;
+	}
+
 /* DRBG test: just generate lots of data and trigger health checks */

 static int do_drbg_test(int type, int flags)
@@ -1036,7 +1043,7 @@ static int do_fail_all(int fullpost, int fullerr)
 	size_t i;
 	RSA *rsa = NULL;
 	DSA *dsa = NULL;
-	DRBG_CTX *dctx = NULL;
+	DRBG_CTX *dctx = NULL, *defctx = NULL;
 	EC_KEY *ec = NULL;
 	BIGNUM *bn = NULL;
 	unsigned char out[10];
@@ -1133,6 +1140,9 @@ static int do_fail_all(int fullpost, int fullerr)
 	else
 		printf("\tECDSA key generation failed as expected.\n");

+	FIPS_ec_key_free(ec);
+	ec = NULL;
+
 	fail_id = -1;
 	fail_sub = -1;
 	fail_key = -1;
@@ -1241,6 +1251,63 @@ static int do_fail_all(int fullpost, int fullerr)
 		printf("\tX9.31 continuous PRNG failed as expected\n");
 	FIPS_x931_stick(0);

+	/* Leave FIPS mode to clear error */
+	FIPS_module_mode_set(0, NULL);
+	/* Enter FIPS mode successfully */
+	if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
+		{
+		printf("\tError entering FIPS mode\n");
+		st_err++;
+		}
+
+	printf("    Testing operation failure with DRBG entropy failure\n");
+
+	/* Generate DSA key for later use */
+    	if (DSA_generate_key(dsa))
+		printf("\tDSA key generated OK as expected.\n");
+	else
+		{
+		printf("\tDSA key generation FAILED!!\n");
+		st_err++;
+		}
+
+	/* Initialise default DRBG context */
+	defctx = FIPS_get_default_drbg();
+	if (!defctx)
+		return 0;
+	if (!FIPS_drbg_init(defctx, NID_sha512, 0))
+		return 0;
+	/* Set entropy failure callback */
+	FIPS_drbg_set_callbacks(defctx, drbg_fail_cb, 0, 0x10, drbg_test_cb, 0);
+	if (FIPS_drbg_instantiate(defctx, dummy_drbg_entropy, 10))
+		{
+		printf("\tDRBG entropy fail OK incorrectly!!\n");
+		st_err++;
+		}
+	else
+		printf("\tDRBG entropy fail failed as expected\n");
+
+	if (FIPS_dsa_sign(dsa, dummy_drbg_entropy, 5, EVP_sha256()))
+		{
+		printf("\tDSA signing OK incorrectly!!\n");
+		st_err++;
+		}
+	else
+		printf("\tDSA signing failed as expected\n");
+
+	ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+
+	if (!ec)
+		return 0;
+
+    	if (EC_KEY_generate_key(ec))
+		{
+		printf("\tECDSA key generated OK incorrectly!!\n");
+		st_err++;
+		}
+	else
+		printf("\tECDSA key generation failed as expected.\n");
+
 	printf("  Induced failure test completed with %d errors\n", st_err);
 	post_quiet = 0; 
 	no_err = 0;
--- a/util/fipsas.pl
+++ b/util/fipsas.pl
@@ -8,6 +8,9 @@ my @ARGS = @ARGV;

 my $top = shift @ARGS;
 my $target = shift @ARGS;
+my $tmptarg = $target;
+
+$tmptarg =~ s/\.[^\\\/\.]+$/.tmp/;

 my $runasm = 1;

@@ -48,11 +51,22 @@ while (<IN>)

 my ($from, $to);

+#delete any temp file lying around
+
+unlink $tmptarg;
+
 #rename target temporarily
-rename($target, "tmptarg.s") || die "Can't rename $target";
+my $rencnt = 0;
+# On windows the previous file doesn't always close straight away
+# so retry the rename operation a few times if it fails.
+while (!rename($target, $tmptarg))
+        {
+        sleep 2;
+        die "Can't rename $target" if ($rencnt++ > 10);
+        }

 #edit target
-open(IN,"tmptarg.s") || die "Can't open temporary file";
+open(IN,$tmptarg) || die "Can't open temporary file";
 open(OUT, ">$target") || die "Can't open output file $target";

 while (<IN>)
@@ -75,16 +89,12 @@ if ($runasm)

 	# restore target
 	unlink $target;
-	rename "tmptarg.s", $target;
+	rename $tmptarg, $target;

 	die "Error executing assembler!" if $rv != 0;
 	}
 else
 	{
 	# Don't care about target
-	unlink "tmptarg.s";
+	unlink $tmptarg;
 	}
-
-
-
-
--- a/util/mklink.pl
+++ b/util/mklink.pl
@@ -52,6 +52,7 @@ my $to = join('/', @to_path);
 my $file;
 $symlink_exists=eval {symlink("",""); 1};
 if ($^O eq "msys") { $symlink_exists=0 };
+if ($^O eq "MSWin32") { $symlink_exists=0 };
 foreach $file (@files) {
    my $err = "";
    if ($symlink_exists) {
--- a/util/point.sh
+++ b/util/point.sh
@@ -1,7 +1,7 @@
 #!/bin/sh

 rm -f "$2"
-if test "$OSTYPE" = msdosdjgpp || test "x$PLATFORM" = xmingw ; then
+if test "$OSTYPE" = msdosdjgpp || test "x$PLATFORM" = xmingw || test "x$OS" = xWindows_NT ; then
    cp "$1" "$2"
 else
    ln -s "$1" "$2"
Author	SHA1	Message	Date
Dr. Stephen Henson	49dbcbaa4b	Prepare for RC7.	2011-12-12 13:44:05 +00:00
Dr. Stephen Henson	df0884ffb7	Retry rename operation with a slight delay to workaround problems on some versions of Windows.	2011-12-10 18:06:55 +00:00
Dr. Stephen Henson	0e480d5553	use different names for asm temp files to avoid problems on some platforms	2011-12-10 13:29:23 +00:00
Dr. Stephen Henson	7c0d30038f	Close file streams in FIPS algorithm test utilities.	2011-12-08 15:14:38 +00:00
Dr. Stephen Henson	81fc8cd029	prepare for RC6	2011-12-04 21:29:08 +00:00
Dr. Stephen Henson	1d235039d6	For FIPS builds we don't use the normal test files (and in the restricted tarball some don't exist) so set TEST='' to avoid linking to them. This also avoids problems on platforms that copy instead of symlink.	2011-12-04 15:26:26 +00:00
Dr. Stephen Henson	58886fdefc	use BUILD_ONE_CMD for fips specific links otherwise we effectively do 'make links' twice	2011-12-04 15:14:13 +00:00
Dr. Stephen Henson	61c3085d47	Workaround for VxWorks	2011-12-04 15:11:44 +00:00
Dr. Stephen Henson	32b56fe4d2	avoid use of symlinks on Windows: it causes problems on some build environments	2011-12-04 15:04:20 +00:00
Dr. Stephen Henson	efd031abca	Fix x86cpuid so it doesn't fail for some (currently theoretical) virtual machines.	2011-12-03 21:47:48 +00:00
Dr. Stephen Henson	dd4eefdb7b	Change EVP_MAXCHUNK so it doesn't wraparound to 0 on some platforms (IP32L64).	2011-12-03 21:44:01 +00:00
Dr. Stephen Henson	fcd3e8e97b	Prepare for RC6.	2011-12-03 19:51:52 +00:00
Dr. Stephen Henson	476e7e4972	Add tests to ensure ECDSA key gen and DSA signing fails if DRBG entropy source fails.	2011-12-03 19:41:28 +00:00
Dr. Stephen Henson	5e900f3cef	functions aren't unused: revert	2011-12-03 19:19:34 +00:00
Dr. Stephen Henson	75b250a4ed	remove unused functions from module	2011-12-03 18:27:31 +00:00
Dr. Stephen Henson	44cb365eaf	bn/asm/mips.pl: fix typos [from HEAD], original by Andy	2011-12-03 18:26:26 +00:00