[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-cvs
Subject: [CVS] OpenSSL: OpenSSL-fips-0_9_7-stable: openssl/crypto/rand/ rand.h ...
From: "Ben Laurie" <ben () openssl ! org>
Date: 2004-02-17 11:51:55
Message-ID: 20040217115155.25CE9203EB8 () master ! openssl ! org
[Download RAW message or body]
OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________________________
Server: cvs.openssl.org Name: Ben Laurie
Root: /e/openssl/cvs Email: ben@openssl.org
Module: openssl Date: 17-Feb-2004 12:51:54
Branch: OpenSSL-fips-0_9_7-stable Handle: 2004021711515103
Modified files: (Branch: OpenSSL-fips-0_9_7-stable)
openssl/crypto/rand rand.h rand_err.c
openssl/fips/aes fingerprint.sha1 fips_aes_selftest.c
openssl/fips/des fingerprint.sha1 fips_des_selftest.c
openssl/fips/rand fingerprint.sha1 fips_rand.c fips_randtest.c
openssl/fips/rsa fingerprint.sha1 fips_rsa_selftest.c
Log:
Improve selftests, check for stuck PRNG(!).
Summary:
Revision Changes Path
1.26.2.5.2.1+1 -0 openssl/crypto/rand/rand.h
1.6.2.1.2.1 +2 -1 openssl/crypto/rand/rand_err.c
1.1.2.1.2.6 +1 -1 openssl/fips/aes/fingerprint.sha1
1.1.2.5 +15 -0 openssl/fips/aes/fips_aes_selftest.c
1.1.2.1.2.9 +1 -1 openssl/fips/des/fingerprint.sha1
1.1.2.6 +56 -0 openssl/fips/des/fips_des_selftest.c
1.1.2.1.2.5 +1 -1 openssl/fips/rand/fingerprint.sha1
1.1.2.1.2.5 +14 -3 openssl/fips/rand/fips_rand.c
1.1.2.1.2.5 +18 -8 openssl/fips/rand/fips_randtest.c
1.1.2.6 +1 -1 openssl/fips/rsa/fingerprint.sha1
1.1.2.4 +13 -0 openssl/fips/rsa/fips_rsa_selftest.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openssl/crypto/rand/rand.h
============================================================================
$ cvs diff -u -r1.26.2.5 -r1.26.2.5.2.1 rand.h
--- openssl/crypto/rand/rand.h 27 Jul 2003 17:00:24 -0000 1.26.2.5
+++ openssl/crypto/rand/rand.h 17 Feb 2004 11:51:51 -0000 1.26.2.5.2.1
@@ -128,6 +128,7 @@
/* Reason codes. */
#define RAND_R_NON_FIPS_METHOD 101
#define RAND_R_PRNG_NOT_SEEDED 100
+#define RAND_R_PRNG_STUCK 102
#ifdef __cplusplus
}
@@ .
patch -p0 <<'@@ .'
Index: openssl/crypto/rand/rand_err.c
============================================================================
$ cvs diff -u -r1.6.2.1 -r1.6.2.1.2.1 rand_err.c
--- openssl/crypto/rand/rand_err.c 27 Jul 2003 17:00:24 -0000 1.6.2.1
+++ openssl/crypto/rand/rand_err.c 17 Feb 2004 11:51:51 -0000 1.6.2.1.2.1
@@ -1,6 +1,6 @@
/* crypto/rand/rand_err.c */
/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -76,6 +76,7 @@
{
{RAND_R_NON_FIPS_METHOD ,"non fips method"},
{RAND_R_PRNG_NOT_SEEDED ,"PRNG not seeded"},
+{RAND_R_PRNG_STUCK ,"prng stuck"},
{0,NULL}
};
@@ .
patch -p0 <<'@@ .'
Index: openssl/fips/aes/fingerprint.sha1
============================================================================
$ cvs diff -u -r1.1.2.1.2.5 -r1.1.2.1.2.6 fingerprint.sha1
--- openssl/fips/aes/fingerprint.sha1 30 Jan 2004 19:22:18 -0000 1.1.2.1.2.5
+++ openssl/fips/aes/fingerprint.sha1 17 Feb 2004 11:51:52 -0000 1.1.2.1.2.6
@@ -1,3 +1,3 @@
SHA1(fips_aes_core.c)= 4cad001926dce3593181541ea19207256593171a
-SHA1(fips_aes_selftest.c)= b41f520aa90f813de815ee77ade4e7c73ef147b0
+SHA1(fips_aes_selftest.c)= 8f270e559d34a18b3771d7f0098b77dd7bf168c5
SHA1(fips_aes_locl.h)= a3c01d9a4f9d5211e9e785852f6f1a2febfd73b6
@@ .
patch -p0 <<'@@ .'
Index: openssl/fips/aes/fips_aes_selftest.c
============================================================================
$ cvs diff -u -r1.1.2.4 -r1.1.2.5 fips_aes_selftest.c
--- openssl/fips/aes/fips_aes_selftest.c 25 Sep 2003 12:24:49 -0000 1.1.2.4
+++ openssl/fips/aes/fips_aes_selftest.c 17 Feb 2004 11:51:52 -0000 1.1.2.5
@@ -74,6 +74,7 @@
{
int n;
+ /* Encrypt and check against known ciphertext */
for(n=0 ; n < 1 ; ++n)
{
AES_KEY key;
@@ -82,6 +83,20 @@
AES_set_encrypt_key(tests[n].key,128,&key);
AES_encrypt(tests[n].plaintext,buf,&key);
if(memcmp(buf,tests[n].ciphertext,sizeof buf))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ }
+ /* Decrypt and check against known plaintext */
+ for(n=0 ; n < 1 ; ++n)
+ {
+ AES_KEY key;
+ unsigned char buf[16];
+
+ AES_set_decrypt_key(tests[n].key,128,&key);
+ AES_decrypt(tests[n].ciphertext,buf,&key);
+ if(memcmp(buf,tests[n].plaintext,sizeof buf))
{
FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
return 0;
@@ .
patch -p0 <<'@@ .'
Index: openssl/fips/des/fingerprint.sha1
============================================================================
$ cvs diff -u -r1.1.2.1.2.8 -r1.1.2.1.2.9 fingerprint.sha1
--- openssl/fips/des/fingerprint.sha1 30 Jan 2004 19:22:19 -0000 1.1.2.1.2.8
+++ openssl/fips/des/fingerprint.sha1 17 Feb 2004 11:51:52 -0000 1.1.2.1.2.9
@@ -1,4 +1,4 @@
SHA1(fips_des_enc.c)= 41388beadcafe125a8025968ff91b7dc60b96c49
-SHA1(fips_des_selftest.c)= d81ee4db762d89cca749138a99100d342f195665
+SHA1(fips_des_selftest.c)= 1236ecc25bcbd5ad6af8c396426d6c7783cfe941
SHA1(fips_set_key.c)= 1e3dc1e0d02f0ab4d8fdd5e1f4db284cad1510f4
SHA1(fips_des_locl.h)= a4cf60ca32476a2483b3e4460ec9a19c0444fd20
@@ .
patch -p0 <<'@@ .'
Index: openssl/fips/des/fips_des_selftest.c
============================================================================
$ cvs diff -u -r1.1.2.5 -r1.1.2.6 fips_des_selftest.c
--- openssl/fips/des/fips_des_selftest.c 27 Sep 2003 15:54:41 -0000 1.1.2.5
+++ openssl/fips/des/fips_des_selftest.c 17 Feb 2004 11:51:52 -0000 1.1.2.6
@@ -73,10 +73,36 @@
},
};
+static struct
+ {
+ DES_cblock key1;
+ DES_cblock key2;
+ DES_cblock key3;
+ unsigned char plaintext[8];
+ unsigned char ciphertext[8];
+ } tests3[]=
+ {
+ {
+ { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
+ { 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10 },
+ { 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 },
+ { 0x8f,0x8f,0xbf,0x9b,0x5d,0x48,0xb4,0x1c},
+ { 0x59,0x8c,0xe5,0xd3,0x6c,0xa2,0xea,0x1b},
+ },
+ {
+ { 0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE },
+ { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
+ { 0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
+ { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
+ { 0x11,0x25,0xb0,0x35,0xbe,0xa0,0x82,0x86 },
+ },
+ };
+
int FIPS_selftest_des()
{
int n;
+ /* Encrypt/decrypt with DES and compare to known answers */
for(n=0 ; n < 2 ; ++n)
{
DES_key_schedule key;
@@ -89,7 +115,37 @@
FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
return 0;
}
+ DES_ecb_encrypt(&tests[n].ciphertext,&buf,&key,0);
+ if(memcmp(buf,tests[n].plaintext,sizeof buf))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
}
+
+ /* Encrypt/decrypt with 3DES and compare to known answers */
+ for(n=0 ; n < 2 ; ++n)
+ {
+ DES_key_schedule key1, key2, key3;
+ unsigned char buf[8];
+
+ DES_set_key(&tests3[n].key1,&key1);
+ DES_set_key(&tests3[n].key2,&key2);
+ DES_set_key(&tests3[n].key3,&key3);
+ DES_ecb3_encrypt(tests3[n].plaintext,buf,&key1,&key2,&key3,1);
+ if(memcmp(buf,tests3[n].ciphertext,sizeof buf))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ DES_ecb3_encrypt(tests3[n].ciphertext,buf,&key1,&key2,&key3,0);
+ if(memcmp(buf,tests3[n].plaintext,sizeof buf))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ }
+
return 1;
}
#endif
@@ .
patch -p0 <<'@@ .'
Index: openssl/fips/rand/fingerprint.sha1
============================================================================
$ cvs diff -u -r1.1.2.1.2.4 -r1.1.2.1.2.5 fingerprint.sha1
--- openssl/fips/rand/fingerprint.sha1 30 Jan 2004 19:22:20 -0000 1.1.2.1.2.4
+++ openssl/fips/rand/fingerprint.sha1 17 Feb 2004 11:51:53 -0000 1.1.2.1.2.5
@@ -1,2 +1,2 @@
-SHA1(fips_rand.c)= 2c86af552515bd1f58b3011d1958ea975afaa816
+SHA1(fips_rand.c)= af88aebd4897e9d2ef593969b50f80c2cdf120d9
SHA1(fips_rand.h)= da5ee76588070c97d47c939d069d250a1476a080
@@ .
patch -p0 <<'@@ .'
Index: openssl/fips/rand/fips_rand.c
============================================================================
$ cvs diff -u -r1.1.2.1.2.4 -r1.1.2.1.2.5 fips_rand.c
--- openssl/fips/rand/fips_rand.c 24 Jan 2004 15:04:38 -0000 1.1.2.1.2.4
+++ openssl/fips/rand/fips_rand.c 17 Feb 2004 11:51:53 -0000 1.1.2.1.2.5
@@ -93,11 +93,14 @@
fips_rand_status
};
+static int second;
+
void FIPS_set_prng_key(const unsigned char k1[8],const unsigned char k2[8])
{
memcpy(&key1,k1,sizeof key1);
memcpy(&key2,k2,sizeof key2);
key_set=1;
+ second=0;
}
void FIPS_test_mode(int test,const unsigned char faketime[8])
@@ -115,9 +118,6 @@
static void fips_gettime(unsigned char buf[8])
{
struct timeval tv;
-#ifndef GETPID_IS_MEANINGLESS
- long pid;
-#endif
if(test_mode)
{
@@ -130,6 +130,7 @@
memcpy (&buf[0],&tv.tv_sec,4);
memcpy (&buf[4],&tv.tv_usec,4);
+#if 0 /* This eminently sensible strategy is not acceptable to NIST. Sigh. */
#ifndef GETPID_IS_MEANINGLESS
/* we mix in the PID to ensure that after a fork the children don't give
* the same results as each other
@@ -140,6 +141,7 @@
pid<<=16;
*(long *)&buf[0]^=pid;
#endif
+#endif
}
static void fips_rand_encrypt(unsigned char *out,const unsigned char *in)
@@ -204,6 +206,7 @@
unsigned char timeseed[8];
unsigned char intermediate[SEED_SIZE];
unsigned char output[SEED_SIZE];
+ static unsigned char previous[SEED_SIZE];
if(n_seed < sizeof seed)
{
@@ -228,6 +231,14 @@
for(l=0 ; l < sizeof t ; ++l)
t[l]=output[l]^seed[l];
fips_rand_encrypt(seed,t);
+
+ if(second && !memcmp(output,previous,sizeof previous))
+ {
+ RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_STUCK);
+ return 0;
+ }
+ memcpy(previous,output,sizeof previous);
+ second=1;
l=SEED_SIZE < num-n ? SEED_SIZE : num-n;
memcpy(buf+n,output,l);
@@ .
patch -p0 <<'@@ .'
Index: openssl/fips/rand/fips_randtest.c
============================================================================
$ cvs diff -u -r1.1.2.1.2.4 -r1.1.2.1.2.5 fips_randtest.c
--- openssl/fips/rand/fips_randtest.c 25 Sep 2003 12:24:51 -0000 1.1.2.1.2.4
+++ openssl/fips/rand/fips_randtest.c 17 Feb 2004 11:51:53 -0000 1.1.2.1.2.5
@@ -107,6 +107,7 @@
#include <stdlib.h>
#include <openssl/rand.h>
#include <openssl/fips_rand.h>
+#include <openssl/err.h>
#include "e_os.h"
@@ -138,13 +139,13 @@
/* FIXME: these test vectors are made up! */
static PRNGtest t1=
{
- { { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
- { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
+ { { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 },
+ { 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f },
},
{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
- { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
- { 0x8c,0xa6,0x4d,0xe9,0xc1,0xb1,0x23,0xa7 }
+ { 0x33,0xc3,0xdf,0xfe,0x60,0x60,0x49,0x9e },
+ { 0x40,0x08,0x95,0x4d,0xb1,0x82,0x98,0x86 }
};
static PRNGtest t2=
{
@@ -152,8 +153,8 @@
{ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff } },
{ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff },
{ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff },
- { 0xcd,0x57,0xcb,0xfa,0x08,0xd8,0xdb,0x3a },
- { 0x05,0xad,0x17,0xbd,0xd8,0x32,0x96,0x79 }
+ { 0x65,0xf1,0xa4,0x07,0x42,0x38,0xd5,0x25 },
+ { 0x99,0xba,0x8f,0xd2,0x88,0xad,0xf8,0x34 }
};
static void dump(const unsigned char *b,int n)
@@ -190,10 +191,18 @@
FIPS_test_mode(1,t->time);
RAND_seed(t->seed,sizeof t->seed);
- RAND_bytes(buf,8);
+ if(RAND_bytes(buf,8) != 8)
+ {
+ ERR_print_errors_fp(stderr);
+ exit(2);
+ }
compare(buf,t->block1,8);
for(n=0 ; n < 99 ; ++n)
- RAND_bytes(buf,8);
+ if(RAND_bytes(buf,8) != 8)
+ {
+ ERR_print_errors_fp(stderr);
+ exit(2);
+ }
compare(buf,t->block100,8);
FIPS_test_mode(0,NULL);
}
@@ -208,6 +217,7 @@
/*double d; */
long d;
+ ERR_load_crypto_strings();
RAND_set_rand_method(&rand_fips_meth);
run_test(&t1);
@@ .
patch -p0 <<'@@ .'
Index: openssl/fips/rsa/fingerprint.sha1
============================================================================
$ cvs diff -u -r1.1.2.5 -r1.1.2.6 fingerprint.sha1
--- openssl/fips/rsa/fingerprint.sha1 30 Jan 2004 19:22:21 -0000 1.1.2.5
+++ openssl/fips/rsa/fingerprint.sha1 17 Feb 2004 11:51:54 -0000 1.1.2.6
@@ -1,3 +1,3 @@
SHA1(fips_rsa_eay.c)= eacbcc656f1f046509abb9cc0207880b58ae8b90
SHA1(fips_rsa_gen.c)= bfc4d7204f714a354a2e652318c5e82518441427
-SHA1(fips_rsa_selftest.c)= f0a9683b29b3e231067f840424727413e811cbfc
+SHA1(fips_rsa_selftest.c)= 0106c4c565833ad2c8975b7d38765038a58f037c
@@ .
patch -p0 <<'@@ .'
Index: openssl/fips/rsa/fips_rsa_selftest.c
============================================================================
$ cvs diff -u -r1.1.2.3 -r1.1.2.4 fips_rsa_selftest.c
--- openssl/fips/rsa/fips_rsa_selftest.c 30 Sep 2003 16:15:49 -0000 1.1.2.3
+++ openssl/fips/rsa/fips_rsa_selftest.c 17 Feb 2004 11:51:54 -0000 1.1.2.4
@@ -156,8 +156,13 @@
"\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56\x78\x9a\xbc\xde";
int n;
+ /* Perform pairwise consistency test by: ... */
+
key=RSA_new();
clen=setrsakey(key,expected_ctext);
+ /* ...1) apply public key to plaintext, resulting ciphertext must be
+ * different
+ */
n=RSA_public_encrypt(sizeof(original_ptext)-1,original_ptext,ctext,key,
RSA_NO_PADDING);
if(n < 0)
@@ -170,6 +175,14 @@
FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
return 0;
}
+ if(!memcmp(ctext,original_ptext,n))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ /* ...2) apply private key to ciphertext and compare result to
+ * original plaintext; results must be equal
+ */
n=RSA_private_decrypt(n,ctext,ptext,key,RSA_NO_PADDING);
if(n < 0)
{
@@ .
______________________________________________________________________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List openssl-cvs@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic