[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-cvs
Subject: [CVS] OpenSSL: OpenSSL-fips-0_9_8-stable: openssl/ CHANGES openssl/cry...
From: "Dr. Stephen Henson" <steve () openssl ! org>
Date: 2007-12-26 19:04:58
Message-ID: 20071226190458.8C18B1EAE806 () master ! openssl ! org
[Download RAW message or body]
OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________________________
Server: cvs.openssl.org Name: Dr. Stephen Henson
Root: /v/openssl/cvs Email: steve@openssl.org
Module: openssl Date: 26-Dec-2007 20:04:58
Branch: OpenSSL-fips-0_9_8-stable Handle: 2007122619045701
Modified files: (Branch: OpenSSL-fips-0_9_8-stable)
openssl CHANGES
openssl/crypto/evp evp.h evp_locl.h
openssl/fips/aes fips_aesavs.c
Log:
Fixes to make CFB1 Monte Carlo test work.
Summary:
Revision Changes Path
1.1238.2.65.2.27+4 -0 openssl/CHANGES
1.112.2.4.2.9+3 -0 openssl/crypto/evp/evp.h
1.10.2.1.2.4+1 -1 openssl/crypto/evp/evp_locl.h
1.1.4.4 +4 -0 openssl/fips/aes/fips_aesavs.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openssl/CHANGES
============================================================================
$ cvs diff -u -r1.1238.2.65.2.26 -r1.1238.2.65.2.27 CHANGES
--- openssl/CHANGES 14 Dec 2007 01:15:26 -0000 1.1238.2.65.2.26
+++ openssl/CHANGES 26 Dec 2007 19:04:57 -0000 1.1238.2.65.2.27
@@ -4,6 +4,10 @@
Changes between 0.9.8g and 0.9.8h-fips [xx XXX xxxx]
+ *) Add flag EVP_CIPH_FLAG_LENGTH_BITS to indicate that input buffer length
+ is in bits not bytes. The Monte Carlo FIPS140-2 CFB1 tests require this.
+ [Steve Henson]
+
*) Add option --with-fipslibdir to specify location of fipscanister.lib
and friends. When combined with fips build option fipscanister.lib is
not built but linked from the supplied directory. Always link fips
@@ .
patch -p0 <<'@@ .'
Index: openssl/crypto/evp/evp.h
============================================================================
$ cvs diff -u -r1.112.2.4.2.8 -r1.112.2.4.2.9 evp.h
--- openssl/crypto/evp/evp.h 14 Dec 2007 01:15:44 -0000 1.112.2.4.2.8
+++ openssl/crypto/evp/evp.h 26 Dec 2007 19:04:57 -0000 1.112.2.4.2.9
@@ -378,6 +378,8 @@
#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
/* Allow use default ASN1 get/set iv */
#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
+/* Buffer length in bits not bytes: CFB1 mode only */
+#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
/* ctrl() values */
@@ -470,6 +472,7 @@
#define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e))
#define M_EVP_MD_CTX_md(e) ((e)->digest)
+#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
int EVP_MD_type(const EVP_MD *md);
#define EVP_MD_nid(e) EVP_MD_type(e)
@@ .
patch -p0 <<'@@ .'
Index: openssl/crypto/evp/evp_locl.h
============================================================================
$ cvs diff -u -r1.10.2.1.2.3 -r1.10.2.1.2.4 evp_locl.h
--- openssl/crypto/evp/evp_locl.h 8 Jul 2007 19:20:48 -0000 1.10.2.1.2.3
+++ openssl/crypto/evp/evp_locl.h 26 Dec 2007 19:04:57 -0000 1.10.2.1.2.4
@@ -92,7 +92,7 @@
#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, \
const unsigned char *in, unsigned int inl) \ {\
- cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct \
*)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ \
+ cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & \
EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, \
ctx->iv, &ctx->num, ctx->encrypt);\ return 1;\
}
@@ .
patch -p0 <<'@@ .'
Index: openssl/fips/aes/fips_aesavs.c
============================================================================
$ cvs diff -u -r1.1.4.3 -r1.1.4.4 fips_aesavs.c
--- openssl/fips/aes/fips_aesavs.c 21 Sep 2007 18:00:23 -0000 1.1.4.3
+++ openssl/fips/aes/fips_aesavs.c 26 Dec 2007 19:04:58 -0000 1.1.4.4
@@ -212,6 +212,8 @@
}
if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
return 0;
+ if(!strcasecmp(amode,"CFB1"))
+ M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
if (dir)
EVP_Cipher(ctx, ciphertext, plaintext, len);
else
@@ -377,9 +379,11 @@
case CFB1:
if(j == 0)
{
+#if 0
/* compensate for wrong endianness of input file */
if(i == 0)
ptext[0][0]<<=7;
+#endif
ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
ptext[j], ctext[j], len);
}
@@ .
______________________________________________________________________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List openssl-cvs@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic