'[CVS] OpenSSL: OpenSSL-fips-0_9_8-stable: openssl/ CHANGES openssl/cry...'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-cvs
Subject:    [CVS] OpenSSL: OpenSSL-fips-0_9_8-stable: openssl/ CHANGES openssl/cry...
From:       "Dr. Stephen Henson" <steve () openssl ! org>
Date:       2007-12-26 19:04:58
Message-ID: 20071226190458.8C18B1EAE806 () master ! openssl ! org
[Download RAW message or body]

  OpenSSL CVS Repository
  http://cvs.openssl.org/
  ____________________________________________________________________________

  Server: cvs.openssl.org                  Name:   Dr. Stephen Henson
  Root:   /v/openssl/cvs                   Email:  steve@openssl.org
  Module: openssl                          Date:   26-Dec-2007 20:04:58
  Branch: OpenSSL-fips-0_9_8-stable        Handle: 2007122619045701

  Modified files:           (Branch: OpenSSL-fips-0_9_8-stable)
    openssl                 CHANGES
    openssl/crypto/evp      evp.h evp_locl.h
    openssl/fips/aes        fips_aesavs.c

  Log:
    Fixes to make CFB1 Monte Carlo test work.

  Summary:
    Revision    Changes     Path
    1.1238.2.65.2.27+4  -0      openssl/CHANGES
    1.112.2.4.2.9+3  -0      openssl/crypto/evp/evp.h
    1.10.2.1.2.4+1  -1      openssl/crypto/evp/evp_locl.h
    1.1.4.4     +4  -0      openssl/fips/aes/fips_aesavs.c
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openssl/CHANGES
  ============================================================================
  $ cvs diff -u -r1.1238.2.65.2.26 -r1.1238.2.65.2.27 CHANGES
  --- openssl/CHANGES	14 Dec 2007 01:15:26 -0000	1.1238.2.65.2.26
  +++ openssl/CHANGES	26 Dec 2007 19:04:57 -0000	1.1238.2.65.2.27
  @@ -4,6 +4,10 @@
   
    Changes between 0.9.8g and 0.9.8h-fips  [xx XXX xxxx]
   
  +  *) Add flag EVP_CIPH_FLAG_LENGTH_BITS to indicate that input buffer length
  +     is in bits not bytes. The Monte Carlo FIPS140-2 CFB1 tests require this.
  +     [Steve Henson]
  +
     *) Add option --with-fipslibdir to specify location of fipscanister.lib
        and friends. When combined with fips build option fipscanister.lib is
        not built but linked from the supplied directory. Always link fips
  @@ .
  patch -p0 <<'@@ .'
  Index: openssl/crypto/evp/evp.h
  ============================================================================
  $ cvs diff -u -r1.112.2.4.2.8 -r1.112.2.4.2.9 evp.h
  --- openssl/crypto/evp/evp.h	14 Dec 2007 01:15:44 -0000	1.112.2.4.2.8
  +++ openssl/crypto/evp/evp.h	26 Dec 2007 19:04:57 -0000	1.112.2.4.2.9
  @@ -378,6 +378,8 @@
   #define		EVP_CIPH_FLAG_NON_FIPS_ALLOW	0x800
   /* Allow use default ASN1 get/set iv */
   #define		EVP_CIPH_FLAG_DEFAULT_ASN1	0x1000
  +/* Buffer length in bits not bytes: CFB1 mode only */
  +#define		EVP_CIPH_FLAG_LENGTH_BITS	0x2000
   
   /* ctrl() values */
   
  @@ -470,6 +472,7 @@
   #define M_EVP_MD_CTX_type(e)		M_EVP_MD_type(M_EVP_MD_CTX_md(e))
   #define M_EVP_MD_CTX_md(e)			((e)->digest)
   
  +#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
   
   int EVP_MD_type(const EVP_MD *md);
   #define EVP_MD_nid(e)			EVP_MD_type(e)
  @@ .
  patch -p0 <<'@@ .'
  Index: openssl/crypto/evp/evp_locl.h
  ============================================================================
  $ cvs diff -u -r1.10.2.1.2.3 -r1.10.2.1.2.4 evp_locl.h
  --- openssl/crypto/evp/evp_locl.h	8 Jul 2007 19:20:48 -0000	1.10.2.1.2.3
  +++ openssl/crypto/evp/evp_locl.h	26 Dec 2007 19:04:57 -0000	1.10.2.1.2.4
  @@ -92,7 +92,7 @@
   #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
   static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, \
const unsigned char *in, unsigned int inl) \  {\
  -	cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct \
*)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\  \
+	cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & \
EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, \
ctx->iv, &ctx->num, ctx->encrypt);\  return 1;\
   }
   
  @@ .
  patch -p0 <<'@@ .'
  Index: openssl/fips/aes/fips_aesavs.c
  ============================================================================
  $ cvs diff -u -r1.1.4.3 -r1.1.4.4 fips_aesavs.c
  --- openssl/fips/aes/fips_aesavs.c	21 Sep 2007 18:00:23 -0000	1.1.4.3
  +++ openssl/fips/aes/fips_aesavs.c	26 Dec 2007 19:04:58 -0000	1.1.4.4
  @@ -212,6 +212,8 @@
   	}
       if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
   	return 0;
  +    if(!strcasecmp(amode,"CFB1"))
  +	M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
       if (dir)
   		EVP_Cipher(ctx, ciphertext, plaintext, len);
   	else
  @@ -377,9 +379,11 @@
   	    case CFB1:
   		if(j == 0)
   		    {
  +#if 0
   		    /* compensate for wrong endianness of input file */
   		    if(i == 0)
   			ptext[0][0]<<=7;
  +#endif
   		    ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
   				ptext[j], ctext[j], len);
   		    }
  @@ .
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                     openssl-cvs@openssl.org
Automated List Manager                           majordomo@openssl.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic